[ 42.901548] audit: type=1800 audit(1546276132.459:30): pid=8189 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 48.999850] kauditd_printk_skb: 4 callbacks suppressed [ 48.999865] audit: type=1400 audit(1546276138.599:35): avc: denied { map } for pid=8363 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts. executing program [ 63.230628] audit: type=1400 audit(1546276152.829:36): avc: denied { map } for pid=8375 comm="syz-executor044" path="/root/syz-executor044095278" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 63.306858] [ 63.308520] ====================================================== [ 63.314812] WARNING: possible circular locking dependency detected [ 63.321110] 4.20.0+ #1 Not tainted [ 63.324647] ------------------------------------------------------ [ 63.330959] syz-executor044/8377 is trying to acquire lock: [ 63.336650] 00000000bf8306c4 (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00 [ 63.344003] [ 63.344003] but task is already holding lock: [ 63.349971] 00000000f1fb9bb6 (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x55/0x120 [ 63.358939] [ 63.358939] which lock already depends on the new lock. [ 63.358939] [ 63.367234] [ 63.367234] the existing dependency chain (in reverse order) is: [ 63.374943] [ 63.374943] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 63.381304] __mutex_lock+0x12f/0x1670 [ 63.385703] mutex_lock_interruptible_nested+0x16/0x20 [ 63.391492] proc_pid_attr_write+0x1fa/0x530 [ 63.396622] __vfs_write+0x116/0xb40 [ 63.400853] __kernel_write+0x110/0x3b0 [ 63.405332] write_pipe_buf+0x180/0x240 [ 63.409810] __splice_from_pipe+0x39a/0x7e0 [ 63.414658] splice_from_pipe+0x1ea/0x310 [ 63.419382] default_file_splice_write+0x3c/0x90 [ 63.424763] do_splice+0x64b/0x1410 [ 63.428968] __x64_sys_splice+0x2c6/0x330 [ 63.433698] do_syscall_64+0x1a3/0x800 [ 63.438224] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.443910] [ 63.443910] -> #0 (&pipe->mutex/1){+.+.}: [ 63.449526] lock_acquire+0x1db/0x570 [ 63.453879] __mutex_lock+0x12f/0x1670 [ 63.458288] mutex_lock_nested+0x16/0x20 [ 63.462953] fifo_open+0x159/0xb00 [ 63.467038] do_dentry_open+0x48a/0x1210 [ 63.471623] vfs_open+0xa0/0xd0 [ 63.475453] path_openat+0x144f/0x5650 [ 63.479914] do_filp_open+0x26f/0x370 [ 63.484223] do_open_execat+0x20e/0x930 [ 63.488702] __do_execve_file.isra.0+0x181e/0x2510 [ 63.494203] __x64_sys_execve+0x8f/0xc0 [ 63.498685] do_syscall_64+0x1a3/0x800 [ 63.503075] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.508758] [ 63.508758] other info that might help us debug this: [ 63.508758] [ 63.516872] Possible unsafe locking scenario: [ 63.516872] [ 63.522971] CPU0 CPU1 [ 63.527694] ---- ---- [ 63.532343] lock(&sig->cred_guard_mutex); [ 63.536769] lock(&pipe->mutex/1); [ 63.542896] lock(&sig->cred_guard_mutex); [ 63.549780] lock(&pipe->mutex/1); [ 63.553398] [ 63.553398] *** DEADLOCK *** [ 63.553398] [ 63.559436] 1 lock held by syz-executor044/8377: [ 63.564168] #0: 00000000f1fb9bb6 (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x55/0x120 [ 63.573404] [ 63.573404] stack backtrace: [ 63.577906] CPU: 1 PID: 8377 Comm: syz-executor044 Not tainted 4.20.0+ #1 [ 63.584813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.594155] Call Trace: [ 63.596727] dump_stack+0x1db/0x2d0 [ 63.600335] ? dump_stack_print_info.cold+0x20/0x20 [ 63.605333] ? print_stack_trace+0x77/0xb0 [ 63.609624] ? vprintk_func+0x86/0x189 [ 63.613736] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 63.619153] __lock_acquire+0x3014/0x4a30 [ 63.623288] ? add_lock_to_list.isra.0+0x450/0x450 [ 63.628204] ? is_bpf_text_address+0xac/0x170 [ 63.632693] ? mark_held_locks+0x100/0x100 [ 63.636927] ? mark_held_locks+0xb1/0x100 [ 63.641061] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 63.646149] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 63.651277] ? lockdep_hardirqs_on+0x415/0x5d0 [ 63.655951] ? trace_hardirqs_off_caller+0x300/0x300 [ 63.661109] ? do_raw_spin_trylock+0x270/0x270 [ 63.665679] ? add_lock_to_list.isra.0+0x450/0x450 [ 63.670596] ? print_usage_bug+0xd0/0xd0 [ 63.674647] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 63.679731] ? __lock_is_held+0xb6/0x140 [ 63.683774] lock_acquire+0x1db/0x570 [ 63.687622] ? fifo_open+0x159/0xb00 [ 63.691333] ? ___might_sleep+0x1e7/0x310 [ 63.695479] ? lock_release+0xc40/0xc40 [ 63.699435] ? fifo_open+0x159/0xb00 [ 63.703132] ? fifo_open+0x159/0xb00 [ 63.706830] __mutex_lock+0x12f/0x1670 [ 63.710710] ? fifo_open+0x159/0xb00 [ 63.714424] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 63.719945] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 63.725536] ? fifo_open+0x159/0xb00 [ 63.729237] ? lockdep_init_map+0x10c/0x5b0 [ 63.733540] ? mutex_trylock+0x2d0/0x2d0 [ 63.737581] ? add_lock_to_list.isra.0+0x450/0x450 [ 63.742496] ? __mutex_init+0x1f6/0x2a0 [ 63.746661] ? psi_task_change.cold+0x1ec/0x1ec [ 63.751314] ? fifo_open+0x2b5/0xb00 [ 63.755008] ? find_held_lock+0x35/0x120 [ 63.759093] ? fifo_open+0x2b5/0xb00 [ 63.762838] ? lock_acquire+0x1db/0x570 [ 63.766869] ? kasan_check_read+0x11/0x20 [ 63.771008] ? do_raw_spin_unlock+0xa0/0x330 [ 63.775475] ? do_raw_spin_trylock+0x270/0x270 [ 63.780048] mutex_lock_nested+0x16/0x20 [ 63.784131] ? _raw_spin_unlock+0x2d/0x50 [ 63.788262] ? mutex_lock_nested+0x16/0x20 [ 63.792481] fifo_open+0x159/0xb00 [ 63.796004] do_dentry_open+0x48a/0x1210 [ 63.800249] ? pipe_release+0x280/0x280 [ 63.804357] ? chown_common+0x740/0x740 [ 63.808399] ? security_inode_permission+0xd5/0x110 [ 63.813500] ? inode_permission+0xb4/0x570 [ 63.817850] vfs_open+0xa0/0xd0 [ 63.821111] path_openat+0x144f/0x5650 [ 63.825050] ? path_lookupat.isra.0+0xba0/0xba0 [ 63.829702] ? prepare_bprm_creds+0x74/0x120 [ 63.834094] ? __do_execve_file.isra.0+0x42f/0x2510 [ 63.839233] ? __x64_sys_execve+0x8f/0xc0 [ 63.843460] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.848850] ? save_stack+0xa9/0xd0 [ 63.852465] ? __lock_acquire+0x572/0x4a30 [ 63.856688] ? __lock_is_held+0xb6/0x140 [ 63.860890] ? add_lock_to_list.isra.0+0x450/0x450 [ 63.865804] do_filp_open+0x26f/0x370 [ 63.869590] ? may_open_dev+0x100/0x100 [ 63.873555] ? rcu_read_lock_sched_held+0x110/0x130 [ 63.878551] ? __kmalloc_track_caller+0x5d1/0x740 [ 63.883447] ? add_lock_to_list.isra.0+0x450/0x450 [ 63.888598] ? add_lock_to_list.isra.0+0x450/0x450 [ 63.893511] ? memcpy+0x46/0x50 [ 63.896785] ? __do_execve_file.isra.0+0x908/0x2510 [ 63.901866] do_open_execat+0x20e/0x930 [ 63.905828] ? unregister_binfmt+0x2b0/0x2b0 [ 63.910215] ? kasan_check_read+0x11/0x20 [ 63.914364] ? do_raw_spin_trylock+0x270/0x270 [ 63.919177] ? key_put+0x36/0x90 [ 63.922558] __do_execve_file.isra.0+0x181e/0x2510 [ 63.927469] ? prepare_bprm_creds+0x120/0x120 [ 63.931952] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 63.937476] ? strncpy_from_user+0x317/0x440 [ 63.941931] ? digsig_verify.cold+0x32/0x32 [ 63.946240] ? kmem_cache_alloc+0x341/0x710 [ 63.950757] ? do_syscall_64+0x8c/0x800 [ 63.954770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 63.960293] ? getname_flags+0x277/0x5b0 [ 63.964336] ? trace_hardirqs_off_caller+0x300/0x300 [ 63.969426] __x64_sys_execve+0x8f/0xc0 [ 63.973401] do_syscall_64+0x1a3/0x800 [ 63.977271] ? syscall_return_slowpath+0x5f0/0x5f0 [ 63.982179] ? prepare_exit_to_usermode+0x232/0x3b0 [ 63.987191] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 63.992162] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.997440] RIP: 0033:0x445719 [ 64.000615] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.019660] RSP: 002b:00007fd841155da8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 64.027348] RAX: ffffffffffffffda RBX: 00000000006dac58 RCX: 0000000000445719 [ 64.034611] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000340 [ 64.041884] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000 [ 64.049289] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c [ 64.056539] R13: 0030656c69662f2e R14: 68742f636f72702f R15: 00000000006dad4c