INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes [ 149.896704] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts. [ 155.442327] random: sshd: uninitialized urandom read (32 bytes read) [ 155.534230] audit: type=1400 audit(1540227638.926:7): avc: denied { map } for pid=1829 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/10/22 17:00:39 parsed 1 programs [ 156.070861] audit: type=1400 audit(1540227639.466:8): avc: denied { map } for pid=1829 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=4999 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 156.887633] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/22 17:00:41 executed programs: 0 [ 158.182934] audit: type=1400 audit(1540227641.576:9): avc: denied { map } for pid=1829 comm="syz-execprog" path="/root/syzkaller-shm582795361" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2018/10/22 17:00:47 executed programs: 6 2018/10/22 17:00:52 executed programs: 193 [ 171.539069] [ 171.540733] ====================================================== [ 171.547475] WARNING: possible circular locking dependency detected [ 171.553780] 4.14.78+ #22 Not tainted [ 171.557482] ------------------------------------------------------ [ 171.563793] syz-executor3/5557 is trying to acquire lock: [ 171.569315] (&sig->cred_guard_mutex){+.+.}, at: [] proc_pid_attr_write+0x16b/0x280 [ 171.578682] [ 171.578682] but task is already holding lock: [ 171.584642] (&pipe->mutex/1){+.+.}, at: [] pipe_lock+0x58/0x70 [ 171.592346] [ 171.592346] which lock already depends on the new lock. [ 171.592346] [ 171.601038] [ 171.601038] the existing dependency chain (in reverse order) is: [ 171.608641] [ 171.608641] -> #1 (&pipe->mutex/1){+.+.}: [ 171.614250] __mutex_lock+0xf5/0x1480 [ 171.618570] fifo_open+0x156/0x9d0 [ 171.622638] do_dentry_open+0x426/0xda0 [ 171.627136] vfs_open+0x11c/0x210 [ 171.631114] path_openat+0x4eb/0x23a0 [ 171.635431] do_filp_open+0x197/0x270 [ 171.639749] do_open_execat+0x10d/0x5b0 [ 171.644243] do_execveat_common.isra.14+0x6cb/0x1d60 [ 171.649855] SyS_execve+0x34/0x40 [ 171.653820] do_syscall_64+0x19b/0x4b0 [ 171.658223] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 171.663923] [ 171.663923] -> #0 (&sig->cred_guard_mutex){+.+.}: [ 171.670246] lock_acquire+0x10f/0x380 [ 171.674560] __mutex_lock+0xf5/0x1480 [ 171.678899] proc_pid_attr_write+0x16b/0x280 [ 171.683814] __vfs_write+0xf4/0x5c0 [ 171.687936] __kernel_write+0xf3/0x330 [ 171.692324] write_pipe_buf+0x192/0x250 [ 171.696795] __splice_from_pipe+0x324/0x740 [ 171.701636] splice_from_pipe+0xcf/0x130 [ 171.706210] default_file_splice_write+0x37/0x80 [ 171.711483] SyS_splice+0xd06/0x12a0 [ 171.715710] do_syscall_64+0x19b/0x4b0 [ 171.720110] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 171.725819] [ 171.725819] other info that might help us debug this: [ 171.725819] [ 171.733953] Possible unsafe locking scenario: [ 171.733953] [ 171.739987] CPU0 CPU1 [ 171.744634] ---- ---- [ 171.749274] lock(&pipe->mutex/1); [ 171.752874] lock(&sig->cred_guard_mutex); [ 171.759706] lock(&pipe->mutex/1); [ 171.765836] lock(&sig->cred_guard_mutex); [ 171.770133] [ 171.770133] *** DEADLOCK *** [ 171.770133] [ 171.776163] 2 locks held by syz-executor3/5557: [ 171.780800] #0: (sb_writers#7){.+.+}, at: [] SyS_splice+0xeac/0x12a0 [ 171.789023] #1: (&pipe->mutex/1){+.+.}, at: [] pipe_lock+0x58/0x70 [ 171.797099] [ 171.797099] stack backtrace: [ 171.801571] CPU: 0 PID: 5557 Comm: syz-executor3 Not tainted 4.14.78+ #22 [ 171.808477] Call Trace: [ 171.811047] dump_stack+0xb9/0x11b [ 171.814571] print_circular_bug.isra.18.cold.43+0x2d3/0x40c [ 171.820260] ? save_trace+0xd6/0x250 [ 171.823997] __lock_acquire+0x2ff9/0x4320 [ 171.828121] ? __free_insn_slot+0x490/0x490 [ 171.832423] ? check_preemption_disabled+0x34/0x160 [ 171.837417] ? trace_hardirqs_on+0x10/0x10 [ 171.841634] ? trace_hardirqs_on_caller+0x381/0x520 [ 171.846640] ? depot_save_stack+0x20a/0x428 [ 171.850941] ? kasan_kmalloc.part.1+0xa9/0xd0 [ 171.855411] ? kasan_kmalloc.part.1+0x4f/0xd0 [ 171.859889] ? __kmalloc_track_caller+0x104/0x300 [ 171.864707] ? memdup_user+0x28/0x90 [ 171.868396] ? proc_pid_attr_write+0xfc/0x280 [ 171.872863] ? __vfs_write+0xf4/0x5c0 [ 171.876649] lock_acquire+0x10f/0x380 [ 171.880431] ? proc_pid_attr_write+0x16b/0x280 [ 171.884995] ? proc_pid_attr_write+0x16b/0x280 [ 171.889551] __mutex_lock+0xf5/0x1480 [ 171.893326] ? proc_pid_attr_write+0x16b/0x280 [ 171.897884] ? __bfs+0x1ab/0x540 [ 171.901237] ? proc_pid_attr_write+0x16b/0x280 [ 171.905802] ? __ww_mutex_wakeup_for_backoff+0x240/0x240 [ 171.911236] ? fs_reclaim_acquire+0x10/0x10 [ 171.915537] ? check_stack_object+0x80/0xa0 [ 171.919834] ? __might_fault+0xf/0x1b0 [ 171.923695] ? _copy_from_user+0x94/0x100 [ 171.927862] ? proc_pid_attr_write+0x16b/0x280 [ 171.932419] proc_pid_attr_write+0x16b/0x280 [ 171.936808] __vfs_write+0xf4/0x5c0 [ 171.940422] ? proc_pid_wchan+0x120/0x120 [ 171.944570] ? kernel_read+0x110/0x110 [ 171.948431] ? futex_wake+0x141/0x420 [ 171.952212] ? lock_acquire+0x10f/0x380 [ 171.956157] ? pipe_lock+0x58/0x70 [ 171.959671] __kernel_write+0xf3/0x330 [ 171.963538] write_pipe_buf+0x192/0x250 [ 171.967488] ? default_file_splice_read+0x860/0x860 [ 171.972491] ? splice_from_pipe_next.part.2+0x21d/0x2e0 [ 171.977830] __splice_from_pipe+0x324/0x740 [ 171.982145] ? default_file_splice_read+0x860/0x860 [ 171.987146] splice_from_pipe+0xcf/0x130 [ 171.991185] ? default_file_splice_read+0x860/0x860 [ 171.996172] ? splice_shrink_spd+0xb0/0xb0 [ 172.000383] default_file_splice_write+0x37/0x80 [ 172.005113] ? generic_splice_sendpage+0x40/0x40 [ 172.009846] SyS_splice+0xd06/0x12a0 [ 172.013539] ? do_clock_gettime+0x30/0xb0 [ 172.017664] ? compat_SyS_vmsplice+0x150/0x150 [ 172.022223] ? do_clock_gettime+0xb0/0xb0 [ 172.026345] ? do_syscall_64+0x43/0x4b0 [ 172.030293] ? compat_SyS_vmsplice+0x150/0x150 [ 172.034852] do_syscall_64+0x19b/0x4b0 [ 172.038718] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 172.043883] RIP: 0033:0x457569 [ 172.047049] RSP: 002b:00007fe9f4040c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 172.054729] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 172.061974] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 172.069216] RBP: 000000000072bf00 R08: 00003fffffffffff R09: 0000000000000000 [ 172.076477] R10: 00000000200002c0 R11: 0000000000000246 R12: 00007fe9f40416d4 [ 172.083731] R13: 00000000004c4f4f R14: 00000000004d7a40 R15: 00000000ffffffff 2018/10/22 17:00:57 executed programs: 560 2018/10/22 17:01:02 executed programs: 1035