Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts. [ 35.117905] urandom_read: 1 callbacks suppressed [ 35.117909] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 35.211368] audit: type=1400 audit(1539459070.671:7): avc: denied { map } for pid=1786 comm="syz-executor788" path="/root/syz-executor788181045" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 35.215703] [ 35.215706] ====================================================== [ 35.215707] WARNING: possible circular locking dependency detected [ 35.215712] 4.14.76+ #19 Not tainted [ 35.215713] ------------------------------------------------------ [ 35.215717] syz-executor788/1786 is trying to acquire lock: [ 35.215719] (&pipe->mutex/1){+.+.}, at: [] fifo_open+0x156/0x9d0 [ 35.215737] [ 35.215737] but task is already holding lock: [ 35.215738] (&sig->cred_guard_mutex){+.+.}, at: [] prepare_bprm_creds+0x4e/0x110 [ 35.215752] [ 35.215752] which lock already depends on the new lock. [ 35.215752] [ 35.215753] [ 35.215753] the existing dependency chain (in reverse order) is: [ 35.215755] [ 35.215755] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 35.215769] __mutex_lock+0xf5/0x1480 [ 35.215777] proc_pid_attr_write+0x16b/0x280 [ 35.215782] __vfs_write+0xf4/0x5c0 [ 35.215787] __kernel_write+0xf3/0x330 [ 35.215793] write_pipe_buf+0x192/0x250 [ 35.215797] __splice_from_pipe+0x324/0x740 [ 35.215802] splice_from_pipe+0xcf/0x130 [ 35.215808] default_file_splice_write+0x37/0x80 [ 35.215813] SyS_splice+0xd06/0x12a0 [ 35.215819] do_syscall_64+0x19b/0x4b0 [ 35.215825] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.215826] [ 35.215826] -> #0 (&pipe->mutex/1){+.+.}: [ 35.215839] lock_acquire+0x10f/0x380 [ 35.215844] __mutex_lock+0xf5/0x1480 [ 35.215849] fifo_open+0x156/0x9d0 [ 35.215856] do_dentry_open+0x426/0xda0 [ 35.215861] vfs_open+0x11c/0x210 [ 35.215867] path_openat+0x4eb/0x23a0 [ 35.215882] do_filp_open+0x197/0x270 [ 35.215889] do_open_execat+0x10d/0x5b0 [ 35.215895] do_execveat_common.isra.14+0x6cb/0x1d60 [ 35.215899] SyS_execve+0x34/0x40 [ 35.215904] do_syscall_64+0x19b/0x4b0 [ 35.215910] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.215911] [ 35.215911] other info that might help us debug this: [ 35.215911] [ 35.215913] Possible unsafe locking scenario: [ 35.215913] [ 35.215914] CPU0 CPU1 [ 35.215916] ---- ---- [ 35.215917] lock(&sig->cred_guard_mutex); [ 35.215921] lock(&pipe->mutex/1); [ 35.215926] lock(&sig->cred_guard_mutex); [ 35.215929] lock(&pipe->mutex/1); [ 35.215934] [ 35.215934] *** DEADLOCK *** [ 35.215934] [ 35.215938] 1 lock held by syz-executor788/1786: [ 35.215939] #0: (&sig->cred_guard_mutex){+.+.}, at: [] prepare_bprm_creds+0x4e/0x110 [ 35.215951] [ 35.215951] stack backtrace: [ 35.215957] CPU: 0 PID: 1786 Comm: syz-executor788 Not tainted 4.14.76+ #19 [ 35.215960] Call Trace: [ 35.215968] dump_stack+0xb9/0x11b [ 35.215977] print_circular_bug.isra.18.cold.43+0x2d3/0x40c [ 35.215983] ? save_trace+0xd6/0x250 [ 35.215990] __lock_acquire+0x2ff9/0x4320 [ 35.215998] ? check_preemption_disabled+0x34/0x160 [ 35.216009] ? trace_hardirqs_on+0x10/0x10 [ 35.216015] ? trace_hardirqs_on_caller+0x381/0x520 [ 35.216021] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 35.216031] ? __lock_acquire+0x619/0x4320 [ 35.216037] ? alloc_pipe_info+0x15b/0x370 [ 35.216041] ? fifo_open+0x1ef/0x9d0 [ 35.216047] ? do_dentry_open+0x426/0xda0 [ 35.216052] ? vfs_open+0x11c/0x210 [ 35.216058] ? path_openat+0x4eb/0x23a0 [ 35.216065] lock_acquire+0x10f/0x380 [ 35.216070] ? fifo_open+0x156/0x9d0 [ 35.216077] ? fifo_open+0x156/0x9d0 [ 35.216083] __mutex_lock+0xf5/0x1480 [ 35.216088] ? fifo_open+0x156/0x9d0 [ 35.216093] ? fifo_open+0x156/0x9d0 [ 35.216099] ? dput.part.6+0x3b3/0x710 [ 35.216108] ? __ww_mutex_wakeup_for_backoff+0x240/0x240 [ 35.216117] ? fs_reclaim_acquire+0x10/0x10 [ 35.216124] ? fifo_open+0x284/0x9d0 [ 35.216130] ? lock_downgrade+0x560/0x560 [ 35.216136] ? lock_acquire+0x10f/0x380 [ 35.216141] ? fifo_open+0x243/0x9d0 [ 35.216147] ? debug_mutex_init+0x28/0x53 [ 35.216153] ? fifo_open+0x156/0x9d0 [ 35.216158] fifo_open+0x156/0x9d0 [ 35.216166] do_dentry_open+0x426/0xda0 [ 35.216171] ? pipe_release+0x240/0x240 [ 35.216180] vfs_open+0x11c/0x210 [ 35.216187] path_openat+0x4eb/0x23a0 [ 35.216196] ? path_mountpoint+0x9a0/0x9a0 [ 35.216205] ? kasan_kmalloc.part.1+0xa9/0xd0 [ 35.216212] ? kasan_kmalloc.part.1+0x4f/0xd0 [ 35.216218] ? __kmalloc_track_caller+0x104/0x300 [ 35.216226] ? kmemdup+0x20/0x50 [ 35.216233] ? security_prepare_creds+0x7c/0xb0 [ 35.216241] ? prepare_creds+0x225/0x2a0 [ 35.216251] ? prepare_exec_creds+0xc/0xe0 [ 35.216257] ? prepare_bprm_creds+0x62/0x110 [ 35.216263] ? do_execveat_common.isra.14+0x2cd/0x1d60 [ 35.216268] ? SyS_execve+0x34/0x40 [ 35.216273] ? do_syscall_64+0x19b/0x4b0 [ 35.216282] do_filp_open+0x197/0x270 [ 35.216289] ? may_open_dev+0xd0/0xd0 [ 35.216304] ? trace_hardirqs_on+0x10/0x10 [ 35.216310] ? fs_reclaim_acquire+0x10/0x10 [ 35.216323] ? rcu_read_lock_sched_held+0x102/0x120 [ 35.216330] do_open_execat+0x10d/0x5b0 [ 35.216337] ? setup_arg_pages+0x720/0x720 [ 35.216344] ? do_execveat_common.isra.14+0x68d/0x1d60 [ 35.216350] ? lock_downgrade+0x560/0x560 [ 35.216356] ? lock_acquire+0x10f/0x380 [ 35.216363] ? check_preemption_disabled+0x34/0x160 [ 35.216373] do_execveat_common.isra.14+0x6cb/0x1d60 [ 35.216383] ? prepare_bprm_creds+0x110/0x110 [ 35.216390] ? getname_flags+0x222/0x540 [ 35.216396] SyS_execve+0x34/0x40 [ 35.216402] ? setup_new_exec+0x770/0x770 [ 35.216407] do_syscall_64+0x19b/0x4b0 [ 35.216416] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.216420] RIP: 0033:0x440119 [ 35.216423] RSP: 002b:00007ffdc7784628 EFLAGS: 00000217 ORIG_RAX: 000000000000003b [ 35.216430] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440119 [ 35.216434] RDX: 0000000020000200 RSI: 0000000020000300 RDI: 0000000020000340 [ 35.216438] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 35.216441] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004019a0 [ 35.216445] R13: 0000000000401a30 R14: 0000000000000000 R15: 0000000000000000