[   42.901548] audit: type=1800 audit(1546276132.459:30): pid=8189 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   48.999850] kauditd_printk_skb: 4 callbacks suppressed
[   48.999865] audit: type=1400 audit(1546276138.599:35): avc:  denied  { map } for  pid=8363 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts.
executing program
[   63.230628] audit: type=1400 audit(1546276152.829:36): avc:  denied  { map } for  pid=8375 comm="syz-executor044" path="/root/syz-executor044095278" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   63.306858] 
[   63.308520] ======================================================
[   63.314812] WARNING: possible circular locking dependency detected
[   63.321110] 4.20.0+ #1 Not tainted
[   63.324647] ------------------------------------------------------
[   63.330959] syz-executor044/8377 is trying to acquire lock:
[   63.336650] 00000000bf8306c4 (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00
[   63.344003] 
[   63.344003] but task is already holding lock:
[   63.349971] 00000000f1fb9bb6 (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x55/0x120
[   63.358939] 
[   63.358939] which lock already depends on the new lock.
[   63.358939] 
[   63.367234] 
[   63.367234] the existing dependency chain (in reverse order) is:
[   63.374943] 
[   63.374943] -> #1 (&sig->cred_guard_mutex){+.+.}:
[   63.381304]        __mutex_lock+0x12f/0x1670
[   63.385703]        mutex_lock_interruptible_nested+0x16/0x20
[   63.391492]        proc_pid_attr_write+0x1fa/0x530
[   63.396622]        __vfs_write+0x116/0xb40
[   63.400853]        __kernel_write+0x110/0x3b0
[   63.405332]        write_pipe_buf+0x180/0x240
[   63.409810]        __splice_from_pipe+0x39a/0x7e0
[   63.414658]        splice_from_pipe+0x1ea/0x310
[   63.419382]        default_file_splice_write+0x3c/0x90
[   63.424763]        do_splice+0x64b/0x1410
[   63.428968]        __x64_sys_splice+0x2c6/0x330
[   63.433698]        do_syscall_64+0x1a3/0x800
[   63.438224]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   63.443910] 
[   63.443910] -> #0 (&pipe->mutex/1){+.+.}:
[   63.449526]        lock_acquire+0x1db/0x570
[   63.453879]        __mutex_lock+0x12f/0x1670
[   63.458288]        mutex_lock_nested+0x16/0x20
[   63.462953]        fifo_open+0x159/0xb00
[   63.467038]        do_dentry_open+0x48a/0x1210
[   63.471623]        vfs_open+0xa0/0xd0
[   63.475453]        path_openat+0x144f/0x5650
[   63.479914]        do_filp_open+0x26f/0x370
[   63.484223]        do_open_execat+0x20e/0x930
[   63.488702]        __do_execve_file.isra.0+0x181e/0x2510
[   63.494203]        __x64_sys_execve+0x8f/0xc0
[   63.498685]        do_syscall_64+0x1a3/0x800
[   63.503075]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   63.508758] 
[   63.508758] other info that might help us debug this:
[   63.508758] 
[   63.516872]  Possible unsafe locking scenario:
[   63.516872] 
[   63.522971]        CPU0                    CPU1
[   63.527694]        ----                    ----
[   63.532343]   lock(&sig->cred_guard_mutex);
[   63.536769]                                lock(&pipe->mutex/1);
[   63.542896]                                lock(&sig->cred_guard_mutex);
[   63.549780]   lock(&pipe->mutex/1);
[   63.553398] 
[   63.553398]  *** DEADLOCK ***
[   63.553398] 
[   63.559436] 1 lock held by syz-executor044/8377:
[   63.564168]  #0: 00000000f1fb9bb6 (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x55/0x120
[   63.573404] 
[   63.573404] stack backtrace:
[   63.577906] CPU: 1 PID: 8377 Comm: syz-executor044 Not tainted 4.20.0+ #1
[   63.584813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   63.594155] Call Trace:
[   63.596727]  dump_stack+0x1db/0x2d0
[   63.600335]  ? dump_stack_print_info.cold+0x20/0x20
[   63.605333]  ? print_stack_trace+0x77/0xb0
[   63.609624]  ? vprintk_func+0x86/0x189
[   63.613736]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   63.619153]  __lock_acquire+0x3014/0x4a30
[   63.623288]  ? add_lock_to_list.isra.0+0x450/0x450
[   63.628204]  ? is_bpf_text_address+0xac/0x170
[   63.632693]  ? mark_held_locks+0x100/0x100
[   63.636927]  ? mark_held_locks+0xb1/0x100
[   63.641061]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   63.646149]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   63.651277]  ? lockdep_hardirqs_on+0x415/0x5d0
[   63.655951]  ? trace_hardirqs_off_caller+0x300/0x300
[   63.661109]  ? do_raw_spin_trylock+0x270/0x270
[   63.665679]  ? add_lock_to_list.isra.0+0x450/0x450
[   63.670596]  ? print_usage_bug+0xd0/0xd0
[   63.674647]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   63.679731]  ? __lock_is_held+0xb6/0x140
[   63.683774]  lock_acquire+0x1db/0x570
[   63.687622]  ? fifo_open+0x159/0xb00
[   63.691333]  ? ___might_sleep+0x1e7/0x310
[   63.695479]  ? lock_release+0xc40/0xc40
[   63.699435]  ? fifo_open+0x159/0xb00
[   63.703132]  ? fifo_open+0x159/0xb00
[   63.706830]  __mutex_lock+0x12f/0x1670
[   63.710710]  ? fifo_open+0x159/0xb00
[   63.714424]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   63.719945]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   63.725536]  ? fifo_open+0x159/0xb00
[   63.729237]  ? lockdep_init_map+0x10c/0x5b0
[   63.733540]  ? mutex_trylock+0x2d0/0x2d0
[   63.737581]  ? add_lock_to_list.isra.0+0x450/0x450
[   63.742496]  ? __mutex_init+0x1f6/0x2a0
[   63.746661]  ? psi_task_change.cold+0x1ec/0x1ec
[   63.751314]  ? fifo_open+0x2b5/0xb00
[   63.755008]  ? find_held_lock+0x35/0x120
[   63.759093]  ? fifo_open+0x2b5/0xb00
[   63.762838]  ? lock_acquire+0x1db/0x570
[   63.766869]  ? kasan_check_read+0x11/0x20
[   63.771008]  ? do_raw_spin_unlock+0xa0/0x330
[   63.775475]  ? do_raw_spin_trylock+0x270/0x270
[   63.780048]  mutex_lock_nested+0x16/0x20
[   63.784131]  ? _raw_spin_unlock+0x2d/0x50
[   63.788262]  ? mutex_lock_nested+0x16/0x20
[   63.792481]  fifo_open+0x159/0xb00
[   63.796004]  do_dentry_open+0x48a/0x1210
[   63.800249]  ? pipe_release+0x280/0x280
[   63.804357]  ? chown_common+0x740/0x740
[   63.808399]  ? security_inode_permission+0xd5/0x110
[   63.813500]  ? inode_permission+0xb4/0x570
[   63.817850]  vfs_open+0xa0/0xd0
[   63.821111]  path_openat+0x144f/0x5650
[   63.825050]  ? path_lookupat.isra.0+0xba0/0xba0
[   63.829702]  ? prepare_bprm_creds+0x74/0x120
[   63.834094]  ? __do_execve_file.isra.0+0x42f/0x2510
[   63.839233]  ? __x64_sys_execve+0x8f/0xc0
[   63.843460]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   63.848850]  ? save_stack+0xa9/0xd0
[   63.852465]  ? __lock_acquire+0x572/0x4a30
[   63.856688]  ? __lock_is_held+0xb6/0x140
[   63.860890]  ? add_lock_to_list.isra.0+0x450/0x450
[   63.865804]  do_filp_open+0x26f/0x370
[   63.869590]  ? may_open_dev+0x100/0x100
[   63.873555]  ? rcu_read_lock_sched_held+0x110/0x130
[   63.878551]  ? __kmalloc_track_caller+0x5d1/0x740
[   63.883447]  ? add_lock_to_list.isra.0+0x450/0x450
[   63.888598]  ? add_lock_to_list.isra.0+0x450/0x450
[   63.893511]  ? memcpy+0x46/0x50
[   63.896785]  ? __do_execve_file.isra.0+0x908/0x2510
[   63.901866]  do_open_execat+0x20e/0x930
[   63.905828]  ? unregister_binfmt+0x2b0/0x2b0
[   63.910215]  ? kasan_check_read+0x11/0x20
[   63.914364]  ? do_raw_spin_trylock+0x270/0x270
[   63.919177]  ? key_put+0x36/0x90
[   63.922558]  __do_execve_file.isra.0+0x181e/0x2510
[   63.927469]  ? prepare_bprm_creds+0x120/0x120
[   63.931952]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   63.937476]  ? strncpy_from_user+0x317/0x440
[   63.941931]  ? digsig_verify.cold+0x32/0x32
[   63.946240]  ? kmem_cache_alloc+0x341/0x710
[   63.950757]  ? do_syscall_64+0x8c/0x800
[   63.954770]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   63.960293]  ? getname_flags+0x277/0x5b0
[   63.964336]  ? trace_hardirqs_off_caller+0x300/0x300
[   63.969426]  __x64_sys_execve+0x8f/0xc0
[   63.973401]  do_syscall_64+0x1a3/0x800
[   63.977271]  ? syscall_return_slowpath+0x5f0/0x5f0
[   63.982179]  ? prepare_exit_to_usermode+0x232/0x3b0
[   63.987191]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   63.992162]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   63.997440] RIP: 0033:0x445719
[   64.000615] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   64.019660] RSP: 002b:00007fd841155da8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[   64.027348] RAX: ffffffffffffffda RBX: 00000000006dac58 RCX: 0000000000445719
[   64.034611] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000340
[   64.041884] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000
[   64.049289] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c
[   64.056539] R13: 0030656c69662f2e R14: 68742f636f72702f R15: 00000000006dad4c