Warning: Permanently added '10.128.0.156' (ECDSA) to the list of known hosts. [ 34.529103] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.623174] audit: type=1400 audit(1552755207.409:7): avc: denied { map } for pid=1784 comm="syz-executor375" path="/root/syz-executor375141864" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 34.625994] [ 34.651217] ====================================================== [ 34.657579] WARNING: possible circular locking dependency detected [ 34.663942] 4.14.106+ #30 Not tainted [ 34.667728] ------------------------------------------------------ [ 34.674113] syz-executor375/1784 is trying to acquire lock: [ 34.679811] (&pipe->mutex/1){+.+.}, at: [] fifo_open+0x156/0x9b0 [ 34.687598] [ 34.687598] but task is already holding lock: [ 34.693545] (&sig->cred_guard_mutex){+.+.}, at: [] prepare_bprm_creds+0x51/0x110 [ 34.702736] [ 34.702736] which lock already depends on the new lock. [ 34.702736] [ 34.711149] [ 34.711149] the existing dependency chain (in reverse order) is: [ 34.718819] [ 34.718819] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 34.725175] [ 34.725175] -> #0 (&pipe->mutex/1){+.+.}: [ 34.730789] [ 34.730789] other info that might help us debug this: [ 34.730789] [ 34.738910] Possible unsafe locking scenario: [ 34.738910] [ 34.744951] CPU0 CPU1 [ 34.749600] ---- ---- [ 34.754254] lock(&sig->cred_guard_mutex); [ 34.758565] lock(&pipe->mutex/1); [ 34.764698] lock(&sig->cred_guard_mutex); [ 34.771519] lock(&pipe->mutex/1); [ 34.775129] [ 34.775129] *** DEADLOCK *** [ 34.775129] [ 34.781189] 1 lock held by syz-executor375/1784: [ 34.785957] #0: (&sig->cred_guard_mutex){+.+.}, at: [] prepare_bprm_creds+0x51/0x110 [ 34.795593] [ 34.795593] stack backtrace: [ 34.800087] CPU: 0 PID: 1784 Comm: syz-executor375 Not tainted 4.14.106+ #30 [ 34.807271] Call Trace: [ 34.809854] dump_stack+0xb9/0x10e [ 34.813377] print_circular_bug.isra.0.cold+0x2dc/0x425 [ 34.818726] ? __lock_acquire+0x2d83/0x3fa0 [ 34.823028] ? trace_hardirqs_on+0x10/0x10 [ 34.827352] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 34.832494] ? __lock_acquire+0x56a/0x3fa0 [ 34.836719] ? do_filp_open+0x1a1/0x280 [ 34.840678] ? lock_acquire+0x10f/0x380 [ 34.844704] ? fifo_open+0x156/0x9b0 [ 34.848408] ? fifo_open+0x156/0x9b0 [ 34.852121] ? __mutex_lock+0xf7/0x1430 [ 34.856127] ? fifo_open+0x156/0x9b0 [ 34.859852] ? fifo_open+0x156/0x9b0 [ 34.863546] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 34.869053] ? fifo_open+0x284/0x9b0 [ 34.872797] ? lock_downgrade+0x5d0/0x5d0 [ 34.876929] ? lock_acquire+0x10f/0x380 [ 34.880993] ? fifo_open+0x243/0x9b0 [ 34.884684] ? debug_mutex_init+0x28/0x53 [ 34.888809] ? fifo_open+0x156/0x9b0 [ 34.892506] ? fifo_open+0x156/0x9b0 [ 34.896213] ? do_dentry_open+0x41b/0xd60 [ 34.900353] ? pipe_release+0x240/0x240 [ 34.904321] ? vfs_open+0x105/0x230 [ 34.907936] ? path_openat+0xb6b/0x2b70 [ 34.911897] ? path_mountpoint+0x9a0/0x9a0 [ 34.916113] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 34.920611] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 34.925080] ? kmemdup+0x23/0x50 [ 34.928427] ? selinux_cred_prepare+0x3e/0x90 [ 34.932906] ? do_filp_open+0x1a1/0x280 [ 34.936857] ? prepare_bprm_creds+0x66/0x110 [ 34.941247] ? may_open_dev+0xe0/0xe0 [ 34.945049] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 34.950499] ? rcu_read_lock_sched_held+0x10a/0x130 [ 34.955515] ? do_open_execat+0xf7/0x5c0 [ 34.959562] ? setup_arg_pages+0x710/0x710 [ 34.963781] ? do_execveat_common.isra.0+0x674/0x1c30 [ 34.968958] ? lock_acquire+0x10f/0x380 [ 34.972914] ? do_execveat_common.isra.0+0x422/0x1c30 [ 34.978236] ? check_preemption_disabled+0x35/0x1f0 [ 34.983421] ? do_execveat_common.isra.0+0x6b3/0x1c30 [ 34.988704] ? prepare_bprm_creds+0x110/0x110 [ 34.993203] ? getname_flags+0x22e/0x550 [ 34.997268] ? SyS_execve+0x34/0x40 [ 35.000880] ? setup_new_exec+0x770/0x770 [ 35.005015] ? do_syscall_64+0x19b/0x4b0 [ 35.009060] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7