Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts. [ 44.443894] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 44.541240] audit: type=1400 audit(1543370890.931:7): avc: denied { map } for pid=1794 comm="syz-executor827" path="/root/syz-executor827014768" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 44.554313] [ 44.554315] ====================================================== [ 44.554316] WARNING: possible circular locking dependency detected [ 44.554319] 4.14.84+ #10 Not tainted [ 44.554320] ------------------------------------------------------ [ 44.554336] syz-executor827/1795 is trying to acquire lock: [ 44.554338] (&p->lock){+.+.}, at: [] seq_read+0xd4/0x11d0 [ 44.554367] [ 44.554367] but task is already holding lock: [ 44.554367] (&pipe->mutex/1){+.+.}, at: [] pipe_lock+0x58/0x70 [ 44.554374] [ 44.554374] which lock already depends on the new lock. [ 44.554374] [ 44.554375] [ 44.554375] the existing dependency chain (in reverse order) is: [ 44.554376] [ 44.554376] -> #2 (&pipe->mutex/1){+.+.}: [ 44.554382] __mutex_lock+0xf5/0x1480 [ 44.554385] fifo_open+0x156/0x9d0 [ 44.554388] do_dentry_open+0x426/0xda0 [ 44.554391] vfs_open+0x11c/0x210 [ 44.554395] path_openat+0x4eb/0x23a0 [ 44.554397] do_filp_open+0x197/0x270 [ 44.554401] do_open_execat+0x10d/0x5b0 [ 44.554404] do_execveat_common.isra.14+0x6cb/0x1d60 [ 44.554407] SyS_execve+0x34/0x40 [ 44.554409] do_syscall_64+0x19b/0x4b0 [ 44.554412] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.554413] [ 44.554413] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 44.554418] __mutex_lock+0xf5/0x1480 [ 44.554421] lock_trace+0x3f/0xc0 [ 44.554424] proc_pid_stack+0x117/0x260 [ 44.554427] proc_single_show+0xf1/0x160 [ 44.554429] seq_read+0x4e0/0x11d0 [ 44.554432] do_iter_read+0x3cc/0x580 [ 44.554435] vfs_readv+0xe6/0x150 [ 44.554438] default_file_splice_read+0x495/0x860 [ 44.554440] do_splice_to+0x102/0x150 [ 44.554443] splice_direct_to_actor+0x21d/0x750 [ 44.554445] do_splice_direct+0x17b/0x220 [ 44.554462] do_sendfile+0x4a1/0xb50 [ 44.554465] SyS_sendfile64+0x11f/0x140 [ 44.554467] do_syscall_64+0x19b/0x4b0 [ 44.554470] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.554471] [ 44.554471] -> #0 (&p->lock){+.+.}: [ 44.554477] lock_acquire+0x10f/0x380 [ 44.554479] __mutex_lock+0xf5/0x1480 [ 44.554496] seq_read+0xd4/0x11d0 [ 44.554499] proc_reg_read+0xef/0x170 [ 44.554502] do_iter_read+0x3cc/0x580 [ 44.554504] vfs_readv+0xe6/0x150 [ 44.554523] default_file_splice_read+0x495/0x860 [ 44.554526] do_splice_to+0x102/0x150 [ 44.554528] SyS_splice+0xf4d/0x12a0 [ 44.554530] do_syscall_64+0x19b/0x4b0 [ 44.554533] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.554534] [ 44.554534] other info that might help us debug this: [ 44.554534] [ 44.554535] Chain exists of: [ 44.554535] &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1 [ 44.554535] [ 44.554540] Possible unsafe locking scenario: [ 44.554540] [ 44.554540] CPU0 CPU1 [ 44.554541] ---- ---- [ 44.554542] lock(&pipe->mutex/1); [ 44.554544] lock(&sig->cred_guard_mutex); [ 44.554546] lock(&pipe->mutex/1); [ 44.554548] lock(&p->lock); [ 44.554550] [ 44.554550] *** DEADLOCK *** [ 44.554550] [ 44.554552] 1 lock held by syz-executor827/1795: [ 44.554553] #0: (&pipe->mutex/1){+.+.}, at: [] pipe_lock+0x58/0x70 [ 44.554558] [ 44.554558] stack backtrace: [ 44.554562] CPU: 0 PID: 1795 Comm: syz-executor827 Not tainted 4.14.84+ #10 [ 44.554563] Call Trace: [ 44.554568] dump_stack+0xb9/0x11b [ 44.554572] print_circular_bug.isra.18.cold.43+0x2d3/0x40c [ 44.554575] ? save_trace+0xd6/0x250 [ 44.554579] __lock_acquire+0x2ff9/0x4320 [ 44.554582] ? unwind_next_frame+0xea9/0x1930 [ 44.554587] ? trace_hardirqs_on+0x10/0x10 [ 44.554591] ? __read_once_size_nocheck.constprop.4+0x10/0x10 [ 44.554595] ? __lock_acquire+0x619/0x4320 [ 44.554597] ? __bfs+0x1ab/0x540 [ 44.554602] ? __lock_acquire+0x619/0x4320 [ 44.554605] lock_acquire+0x10f/0x380 [ 44.554608] ? seq_read+0xd4/0x11d0 [ 44.554612] ? seq_read+0xd4/0x11d0 [ 44.554614] __mutex_lock+0xf5/0x1480 [ 44.554617] ? seq_read+0xd4/0x11d0 [ 44.554620] ? seq_read+0xd4/0x11d0 [ 44.554623] ? trace_hardirqs_on+0x10/0x10 [ 44.554626] ? __ww_mutex_wakeup_for_backoff+0x240/0x240 [ 44.554646] ? __is_insn_slot_addr+0x112/0x1f0 [ 44.554649] ? lock_downgrade+0x560/0x560 [ 44.554668] ? mark_held_locks+0xc2/0x130 [ 44.554673] ? get_page_from_freelist+0x756/0x1ea0 [ 44.554691] ? kasan_unpoison_shadow+0x30/0x40 [ 44.554695] ? get_page_from_freelist+0x113c/0x1ea0 [ 44.554698] ? seq_read+0xd4/0x11d0 [ 44.554700] seq_read+0xd4/0x11d0 [ 44.554705] ? __fsnotify_parent+0xb1/0x300 [ 44.554708] ? seq_lseek+0x3d0/0x3d0 [ 44.554713] ? __inode_security_revalidate+0xd5/0x120 [ 44.554718] ? avc_policy_seqno+0x5/0x10 [ 44.554721] ? seq_lseek+0x3d0/0x3d0 [ 44.554724] proc_reg_read+0xef/0x170 [ 44.554727] ? rw_verify_area+0xdd/0x280 [ 44.554732] do_iter_read+0x3cc/0x580 [ 44.554736] vfs_readv+0xe6/0x150 [ 44.554739] ? compat_rw_copy_check_uvector+0x320/0x320 [ 44.554742] ? kasan_unpoison_shadow+0x30/0x40 [ 44.554745] ? kasan_kmalloc+0x76/0xc0 [ 44.554751] ? iov_iter_get_pages_alloc+0x2c8/0xe40 [ 44.554754] ? iov_iter_get_pages+0xc80/0xc80 [ 44.554757] ? lock_downgrade+0x560/0x560 [ 44.554760] ? __free_insn_slot+0x490/0x490 [ 44.554763] ? check_preemption_disabled+0x34/0x1e0 [ 44.554767] default_file_splice_read+0x495/0x860 [ 44.554769] ? trace_hardirqs_on+0x10/0x10 [ 44.554773] ? do_splice_direct+0x220/0x220 [ 44.554776] ? trace_hardirqs_on_caller+0x381/0x520 [ 44.554781] ? fsnotify+0x773/0x1200 [ 44.554783] ? lock_acquire+0x10f/0x380 [ 44.554788] ? __fsnotify_parent+0xb1/0x300 [ 44.554791] ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0 [ 44.554795] ? __inode_security_revalidate+0xd5/0x120 [ 44.554798] ? avc_policy_seqno+0x5/0x10 [ 44.554802] ? security_file_permission+0x88/0x1e0 [ 44.554805] ? do_splice_direct+0x220/0x220 [ 44.554808] do_splice_to+0x102/0x150 [ 44.554811] SyS_splice+0xf4d/0x12a0 [ 44.554829] ? do_pipe_flags+0x150/0x150 [ 44.554832] ? compat_SyS_vmsplice+0x150/0x150 [ 44.554835] ? _raw_spin_unlock_irq+0x24/0x50 [ 44.554838] ? do_syscall_64+0x43/0x4b0 [ 44.554841] ? compat_SyS_vmsplice+0x150/0x150 [ 44.554844] do_syscall_64+0x19b/0x4b0 [ 44.554862] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.554864] RIP: 0033:0x440209 [ 44.554866] RSP: 002b:00007ffff511d538 EFLAGS: 00000216 ORIG_RAX: 0000000000000113 [ 44.554869] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440209 [ 44.554871] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000008 [ 44.554872] RBP: 00000000006ca018 R08: 0000000000000002 R09: 0000000000000000 [ 44.554874] R10: 0000000000000000 R11: 0000000000000216 R12: 0000000000401af0 [ 44.554876] R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000