Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts. [ 28.037061] urandom_read: 1 callbacks suppressed [ 28.037064] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 28.126249] audit: type=1400 audit(1546377286.080:7): avc: denied { map } for pid=1776 comm="syz-executor966" path="/root/syz-executor966642242" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 28.175772] [ 28.177431] ====================================================== [ 28.183722] WARNING: possible circular locking dependency detected [ 28.190024] 4.14.91+ #1 Not tainted [ 28.193633] ------------------------------------------------------ [ 28.199922] syz-executor966/1778 is trying to acquire lock: [ 28.205606] (&pipe->mutex/1){+.+.}, at: [] fifo_open+0x156/0x9b0 [ 28.213387] [ 28.213387] but task is already holding lock: [ 28.219332] (&sig->cred_guard_mutex){+.+.}, at: [] prepare_bprm_creds+0x51/0x110 [ 28.228499] [ 28.228499] which lock already depends on the new lock. [ 28.228499] [ 28.236787] [ 28.236787] the existing dependency chain (in reverse order) is: [ 28.244378] [ 28.244378] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 28.250692] [ 28.250692] -> #0 (&pipe->mutex/1){+.+.}: [ 28.256401] [ 28.256401] other info that might help us debug this: [ 28.256401] [ 28.264517] Possible unsafe locking scenario: [ 28.264517] [ 28.270548] CPU0 CPU1 [ 28.275182] ---- ---- [ 28.279818] lock(&sig->cred_guard_mutex); [ 28.284121] lock(&pipe->mutex/1); [ 28.290236] lock(&sig->cred_guard_mutex); [ 28.297045] lock(&pipe->mutex/1); [ 28.300644] [ 28.300644] *** DEADLOCK *** [ 28.300644] [ 28.306683] 1 lock held by syz-executor966/1778: [ 28.311409] #0: (&sig->cred_guard_mutex){+.+.}, at: [] prepare_bprm_creds+0x51/0x110 [ 28.321005] [ 28.321005] stack backtrace: [ 28.325472] CPU: 1 PID: 1778 Comm: syz-executor966 Not tainted 4.14.91+ #1 [ 28.332451] Call Trace: [ 28.335013] dump_stack+0xb9/0x10e [ 28.338529] print_circular_bug.isra.0.cold+0x2dc/0x425 [ 28.343864] ? __lock_acquire+0x2d83/0x3fa0 [ 28.348159] ? trace_hardirqs_on+0x10/0x10 [ 28.352366] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 28.357488] ? __lock_acquire+0x56a/0x3fa0 [ 28.361703] ? do_filp_open+0x1a1/0x280 [ 28.365649] ? lock_acquire+0x10f/0x380 [ 28.369592] ? fifo_open+0x156/0x9b0 [ 28.373276] ? fifo_open+0x156/0x9b0 [ 28.377158] ? __mutex_lock+0xf7/0x1430 [ 28.381119] ? fifo_open+0x156/0x9b0 [ 28.384810] ? fifo_open+0x156/0x9b0 [ 28.388505] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 28.393930] ? fifo_open+0x284/0x9b0 [ 28.397614] ? lock_downgrade+0x5d0/0x5d0 [ 28.401733] ? lock_acquire+0x10f/0x380 [ 28.405682] ? fifo_open+0x243/0x9b0 [ 28.409373] ? debug_mutex_init+0x28/0x53 [ 28.413498] ? fifo_open+0x156/0x9b0 [ 28.417184] ? fifo_open+0x156/0x9b0 [ 28.420870] ? do_dentry_open+0x41b/0xd60 [ 28.424989] ? pipe_release+0x240/0x240 [ 28.428938] ? vfs_open+0x105/0x230 [ 28.432540] ? path_openat+0xb6b/0x2b70 [ 28.436487] ? path_mountpoint+0x9a0/0x9a0 [ 28.440691] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 28.445156] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 28.449622] ? kmemdup+0x23/0x50 [ 28.452974] ? selinux_cred_prepare+0x3e/0x90 [ 28.457447] ? do_filp_open+0x1a1/0x280 [ 28.461395] ? prepare_bprm_creds+0x66/0x110 [ 28.465789] ? may_open_dev+0xe0/0xe0 [ 28.469567] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.475066] ? rcu_read_lock_sched_held+0x10a/0x130 [ 28.480091] ? do_open_execat+0xf7/0x5c0 [ 28.484286] ? setup_arg_pages+0x710/0x710 [ 28.488521] ? do_execveat_common.isra.0+0x674/0x1c30 [ 28.493697] ? lock_acquire+0x10f/0x380 [ 28.497643] ? do_execveat_common.isra.0+0x422/0x1c30 [ 28.502808] ? check_preemption_disabled+0x35/0x1f0 [ 28.507804] ? do_execveat_common.isra.0+0x6b3/0x1c30 [ 28.512975] ? prepare_bprm_creds+0x110/0x110 [ 28.517440] ? getname_flags+0x22e/0x550 [ 28.521493] ? SyS_execve+0x34/0x40 [ 28.525097] ? setup_new_exec+