INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes [ 139.547977] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts. [ 145.157409] random: sshd: uninitialized urandom read (32 bytes read) [ 145.250241] audit: type=1400 audit(1541155692.654:7): avc: denied { map } for pid=1823 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/11/02 10:48:13 parsed 1 programs [ 145.792388] audit: type=1400 audit(1541155693.194:8): avc: denied { map } for pid=1823 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=4999 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 146.426258] random: cc1: uninitialized urandom read (8 bytes read) 2018/11/02 10:48:14 executed programs: 0 [ 147.484382] audit: type=1400 audit(1541155694.884:9): avc: denied { map } for pid=1823 comm="syz-execprog" path="/root/syzkaller-shm499196057" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2018/11/02 10:48:21 executed programs: 6 2018/11/02 10:48:26 executed programs: 342 [ 162.611278] [ 162.612950] ====================================================== [ 162.619254] WARNING: possible circular locking dependency detected [ 162.625555] 4.14.78+ #26 Not tainted [ 162.629254] ------------------------------------------------------ [ 162.635542] syz-executor0/6306 is trying to acquire lock: [ 162.641051] (&sig->cred_guard_mutex){+.+.}, at: [] proc_pid_attr_write+0x16b/0x280 [ 162.650391] [ 162.650391] but task is already holding lock: [ 162.656330] (&pipe->mutex/1){+.+.}, at: [] pipe_lock+0x58/0x70 [ 162.663932] [ 162.663932] which lock already depends on the new lock. [ 162.663932] [ 162.672217] [ 162.672217] the existing dependency chain (in reverse order) is: [ 162.679809] [ 162.679809] -> #1 (&pipe->mutex/1){+.+.}: [ 162.685416] __mutex_lock+0xf5/0x1480 [ 162.689730] fifo_open+0x156/0x9d0 [ 162.693786] do_dentry_open+0x426/0xda0 [ 162.698252] vfs_open+0x11c/0x210 [ 162.702200] path_openat+0x4eb/0x23a0 [ 162.706493] do_filp_open+0x197/0x270 [ 162.710804] do_open_execat+0x10d/0x5b0 [ 162.715270] do_execveat_common.isra.14+0x6cb/0x1d60 [ 162.720864] SyS_execve+0x34/0x40 [ 162.724827] do_syscall_64+0x19b/0x4b0 [ 162.729207] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 162.734890] [ 162.734890] -> #0 (&sig->cred_guard_mutex){+.+.}: [ 162.741202] lock_acquire+0x10f/0x380 [ 162.745525] __mutex_lock+0xf5/0x1480 [ 162.749820] proc_pid_attr_write+0x16b/0x280 [ 162.754722] __vfs_write+0xf4/0x5c0 [ 162.758857] __kernel_write+0xf3/0x330 [ 162.763238] write_pipe_buf+0x192/0x250 [ 162.767702] __splice_from_pipe+0x324/0x740 [ 162.772534] splice_from_pipe+0xcf/0x130 [ 162.777087] default_file_splice_write+0x37/0x80 [ 162.782338] SyS_splice+0xd06/0x12a0 [ 162.786541] do_syscall_64+0x19b/0x4b0 [ 162.790924] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 162.796632] [ 162.796632] other info that might help us debug this: [ 162.796632] [ 162.804795] Possible unsafe locking scenario: [ 162.804795] [ 162.810825] CPU0 CPU1 [ 162.815462] ---- ---- [ 162.820113] lock(&pipe->mutex/1); [ 162.823710] lock(&sig->cred_guard_mutex); [ 162.830535] lock(&pipe->mutex/1); [ 162.836649] lock(&sig->cred_guard_mutex); [ 162.840941] [ 162.840941] *** DEADLOCK *** [ 162.840941] [ 162.846972] 2 locks held by syz-executor0/6306: [ 162.851627] #0: (sb_writers#7){.+.+}, at: [] SyS_splice+0xeac/0x12a0 [ 162.859851] #1: (&pipe->mutex/1){+.+.}, at: [] pipe_lock+0x58/0x70 [ 162.867883] [ 162.867883] stack backtrace: [ 162.872351] CPU: 1 PID: 6306 Comm: syz-executor0 Not tainted 4.14.78+ #26 [ 162.879246] Call Trace: [ 162.881823] dump_stack+0xb9/0x11b [ 162.885339] print_circular_bug.isra.18.cold.43+0x2d3/0x40c [ 162.891028] ? save_trace+0xd6/0x250 [ 162.894715] __lock_acquire+0x2ff9/0x4320 [ 162.898836] ? __free_insn_slot+0x490/0x490 [ 162.903135] ? check_preemption_disabled+0x34/0x160 [ 162.908124] ? trace_hardirqs_on+0x10/0x10 [ 162.912348] ? trace_hardirqs_on_caller+0x381/0x520 [ 162.917339] ? depot_save_stack+0x20a/0x428 [ 162.921635] ? kasan_kmalloc.part.1+0xa9/0xd0 [ 162.926106] ? kasan_kmalloc.part.1+0x4f/0xd0 [ 162.930572] ? __kmalloc_track_caller+0x104/0x300 [ 162.935389] ? memdup_user+0x28/0x90 [ 162.939074] ? proc_pid_attr_write+0xfc/0x280 [ 162.943541] ? __vfs_write+0xf4/0x5c0 [ 162.947315] lock_acquire+0x10f/0x380 [ 162.951093] ? proc_pid_attr_write+0x16b/0x280 [ 162.955666] ? proc_pid_attr_write+0x16b/0x280 [ 162.960225] __mutex_lock+0xf5/0x1480 [ 162.964000] ? proc_pid_attr_write+0x16b/0x280 [ 162.968557] ? __bfs+0x1ab/0x540 [ 162.971899] ? proc_pid_attr_write+0x16b/0x280 [ 162.976455] ? __ww_mutex_wakeup_for_backoff+0x240/0x240 [ 162.981880] ? fs_reclaim_acquire+0x10/0x10 [ 162.986174] ? check_stack_object+0x80/0xa0 [ 162.990472] ? __might_fault+0xf/0x1b0 [ 162.994333] ? _copy_from_user+0x94/0x100 [ 162.998459] ? proc_pid_attr_write+0x16b/0x280 [ 163.003015] proc_pid_attr_write+0x16b/0x280 [ 163.007428] __vfs_write+0xf4/0x5c0 [ 163.011031] ? proc_pid_wchan+0x120/0x120 [ 163.015183] ? kernel_read+0x110/0x110 [ 163.019045] ? futex_wake+0x141/0x420 [ 163.022822] ? lock_acquire+0x10f/0x380 [ 163.026785] ? pipe_lock+0x58/0x70 [ 163.030301] __kernel_write+0xf3/0x330 [ 163.034161] write_pipe_buf+0x192/0x250 [ 163.038108] ? default_file_splice_read+0x860/0x860 [ 163.043098] ? splice_from_pipe_next.part.2+0x21d/0x2e0 [ 163.048434] __splice_from_pipe+0x324/0x740 [ 163.052731] ? default_file_splice_read+0x860/0x860 [ 163.057719] splice_from_pipe+0xcf/0x130 [ 163.061760] ? default_file_splice_read+0x860/0x860 [ 163.066750] ? splice_shrink_spd+0xb0/0xb0 [ 163.070987] default_file_splice_write+0x37/0x80 [ 163.075715] ? generic_splice_sendpage+0x40/0x40 [ 163.080447] SyS_splice+0xd06/0x12a0 [ 163.084154] ? do_clock_gettime+0x30/0xb0 [ 163.088274] ? compat_SyS_vmsplice+0x150/0x150 [ 163.092832] ? do_clock_gettime+0xb0/0xb0 [ 163.096951] ? do_syscall_64+0x43/0x4b0 [ 163.100915] ? compat_SyS_vmsplice+0x150/0x150 [ 163.105478] do_syscall_64+0x19b/0x4b0 [ 163.109341] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 163.114503] RIP: 0033:0x457569 [ 163.117701] RSP: 002b:00007f1201b9cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 163.125411] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 163.132673] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 163.139945] RBP: 000000000072bfa0 R08: 0000400000400003 R09: 0000000000000000 [ 163.147203] R10: 00000000200002c0 R11: 0000000000000246 R12: 00007f1201b9d6d4 [ 163.154449] R13: 00000000004c51d3 R14: 00000000004d7f48 R15: 00000000ffffffff 2018/11/02 10:48:31 executed programs: 701 2018/11/02 10:48:36 executed programs: 1162