[....] Starting enhanced syslogd: rsyslogd[ 11.456266] audit: type=1400 audit(1514232945.238:5): avc: denied { syslog } for pid=2992 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 15.876802] audit: type=1400 audit(1514232949.658:6): avc: denied { map } for pid=3131 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-next-kasan-gce-8,10.128.15.236' (ECDSA) to the list of known hosts. executing program [ 22.065923] audit: type=1400 audit(1514232955.847:7): avc: denied { map } for pid=3145 comm="syzkaller158163" path="/root/syzkaller158163048" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 22.139796] [ 22.141438] ====================================================== [ 22.147722] WARNING: possible circular locking dependency detected [ 22.154005] 4.15.0-rc4-next-20171221+ #78 Not tainted [ 22.159163] ------------------------------------------------------ [ 22.165450] syzkaller158163/3149 is trying to acquire lock: [ 22.171142] (&p->lock){+.+.}, at: [<0000000052deebbf>] seq_read+0xd5/0x13d0 [ 22.178310] [ 22.178310] but task is already holding lock: [ 22.184245] (&pipe->mutex/1){+.+.}, at: [<000000007417d31e>] pipe_lock+0x56/0x70 [ 22.191843] [ 22.191843] which lock already depends on the new lock. [ 22.191843] [ 22.200135] [ 22.200135] the existing dependency chain (in reverse order) is: [ 22.207722] [ 22.207722] -> #2 (&pipe->mutex/1){+.+.}: [ 22.213425] __mutex_lock+0x16f/0x1a80 [ 22.217816] mutex_lock_nested+0x16/0x20 [ 22.222376] fifo_open+0x15c/0xa30 [ 22.226411] do_dentry_open+0x667/0xd40 [ 22.230871] vfs_open+0x107/0x220 [ 22.234813] path_openat+0x1151/0x3530 [ 22.239192] do_filp_open+0x25b/0x3b0 [ 22.243492] do_open_execat+0x1b9/0x5c0 [ 22.247952] do_execveat_common.isra.30+0x90c/0x22a0 [ 22.253539] SyS_execve+0x39/0x50 [ 22.257480] do_syscall_64+0x26c/0x920 [ 22.261858] return_from_SYSCALL_64+0x0/0x75 [ 22.266762] [ 22.266762] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 22.273060] __mutex_lock+0x16f/0x1a80 [ 22.277432] mutex_lock_killable_nested+0x16/0x20 [ 22.282773] lock_trace+0x44/0xc0 [ 22.286710] proc_pid_syscall+0xa3/0x550 [ 22.291254] proc_single_show+0xf8/0x170 [ 22.295802] seq_read+0x385/0x13d0 [ 22.299827] do_iter_read+0x3d2/0x5a0 [ 22.304111] vfs_readv+0x121/0x1c0 [ 22.308137] do_readv+0xfc/0x2a0 [ 22.311998] SyS_readv+0x27/0x30 [ 22.315864] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 22.321117] [ 22.321117] -> #0 (&p->lock){+.+.}: [ 22.326214] lock_acquire+0x1d5/0x580 [ 22.330501] __mutex_lock+0x16f/0x1a80 [ 22.334874] mutex_lock_nested+0x16/0x20 [ 22.339418] seq_read+0xd5/0x13d0 [ 22.343357] proc_reg_read+0xef/0x170 [ 22.347640] do_iter_read+0x3d2/0x5a0 [ 22.351925] vfs_readv+0x121/0x1c0 [ 22.355951] default_file_splice_read+0x508/0xae0 [ 22.361276] do_splice_to+0x10a/0x160 [ 22.365564] SyS_splice+0x1187/0x1610 [ 22.369863] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 22.375101] [ 22.375101] other info that might help us debug this: [ 22.375101] [ 22.383210] Chain exists of: [ 22.383210] &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1 [ 22.383210] [ 22.394026] Possible unsafe locking scenario: [ 22.394026] [ 22.400047] CPU0 CPU1 [ 22.404686] ---- ---- [ 22.409319] lock(&pipe->mutex/1); [ 22.412915] lock(&sig->cred_guard_mutex); [ 22.419723] lock(&pipe->mutex/1); [ 22.425833] lock(&p->lock); [ 22.428905] [ 22.428905] *** DEADLOCK *** [ 22.428905] [ 22.434929] 1 lock held by syzkaller158163/3149: [ 22.439645] #0: (&pipe->mutex/1){+.+.}, at: [<000000007417d31e>] pipe_lock+0x56/0x70 [ 22.447674] [ 22.447674] stack backtrace: [ 22.452147] CPU: 1 PID: 3149 Comm: syzkaller158163 Not tainted 4.15.0-rc4-next-20171221+ #78 [ 22.460686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.470007] Call Trace: [ 22.472565] dump_stack+0x194/0x257 [ 22.476159] ? arch_local_irq_restore+0x53/0x53 [ 22.480798] print_circular_bug.isra.37+0x2cd/0x2dc [ 22.485801] ? save_trace+0xe0/0x2b0 [ 22.489484] __lock_acquire+0x30a8/0x3e00 [ 22.493597] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 22.498752] ? lockdep_on+0x50/0x50 [ 22.502342] ? print_irqtrace_events+0x270/0x270 [ 22.507074] ? __lock_acquire+0x664/0x3e00 [ 22.511273] ? __lock_acquire+0x664/0x3e00 [ 22.515475] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 22.520632] ? __lock_acquire+0x664/0x3e00 [ 22.524830] ? print_irqtrace_events+0x270/0x270 [ 22.529549] ? check_noncircular+0x20/0x20 [ 22.533747] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 22.538905] ? check_noncircular+0x20/0x20 [ 22.543109] ? __update_idle_core+0x305/0x600 [ 22.547568] ? __lock_acquire+0x664/0x3e00 [ 22.551768] lock_acquire+0x1d5/0x580 [ 22.555533] ? lock_acquire+0x1d5/0x580 [ 22.559481] ? seq_read+0xd5/0x13d0 [ 22.563080] ? lock_release+0xa40/0xa40 [ 22.567017] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 22.572866] ? rcu_note_context_switch+0x710/0x710 [ 22.578228] ? __might_sleep+0x95/0x190 [ 22.582167] ? seq_read+0xd5/0x13d0 [ 22.585761] __mutex_lock+0x16f/0x1a80 [ 22.589616] ? seq_read+0xd5/0x13d0 [ 22.593224] ? __is_insn_slot_addr+0x1fc/0x330 [ 22.597783] ? seq_read+0xd5/0x13d0 [ 22.601383] ? check_noncircular+0x20/0x20 [ 22.606108] ? mutex_lock_io_nested+0x1900/0x1900 [ 22.610919] ? find_held_lock+0x35/0x1d0 [ 22.614953] ? check_noncircular+0x20/0x20 [ 22.619164] ? is_bpf_text_address+0x7b/0x120 [ 22.623627] ? check_noncircular+0x20/0x20 [ 22.627827] ? print_irqtrace_events+0x270/0x270 [ 22.632548] ? check_noncircular+0x20/0x20 [ 22.636745] ? find_held_lock+0x35/0x1d0 [ 22.640776] ? __lock_is_held+0xb6/0x140 [ 22.644804] ? check_noncircular+0x20/0x20 [ 22.649011] ? __lock_is_held+0xb6/0x140 [ 22.653038] ? rcu_read_lock_sched_held+0x108/0x120 [ 22.658020] ? __lock_is_held+0xb6/0x140 [ 22.662048] ? seq_lseek+0x3c0/0x3c0 [ 22.665726] mutex_lock_nested+0x16/0x20 [ 22.669749] ? mutex_lock_nested+0x16/0x20 [ 22.673950] seq_read+0xd5/0x13d0 [ 22.677379] ? fsnotify+0x7b3/0x1140 [ 22.681058] ? seq_lseek+0x3c0/0x3c0 [ 22.684736] ? fsnotify_first_mark+0x2b0/0x2b0 [ 22.689285] ? avc_policy_seqno+0x9/0x20 [ 22.693309] ? selinux_file_permission+0x82/0x460 [ 22.698117] ? seq_lseek+0x3c0/0x3c0 [ 22.701796] proc_reg_read+0xef/0x170 [ 22.705565] do_iter_read+0x3d2/0x5a0 [ 22.709344] ? dup_iter+0x260/0x260 [ 22.712938] vfs_readv+0x121/0x1c0 [ 22.716444] ? compat_rw_copy_check_uvector+0x2e0/0x2e0 [ 22.721780] ? lock_acquire+0x1d5/0x580 [ 22.725725] ? lock_acquire+0x1d5/0x580 [ 22.729669] ? pipe_lock+0x56/0x70 [ 22.733176] ? lock_release+0xa40/0xa40 [ 22.737200] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 22.743051] ? rcu_note_context_switch+0x710/0x710 [ 22.747956] ? __might_sleep+0x95/0x190 [ 22.751897] ? pipe_lock+0x56/0x70 [ 22.755404] ? __mutex_lock+0x16f/0x1a80 [ 22.759426] ? pipe_lock+0x56/0x70 [ 22.762933] default_file_splice_read+0x508/0xae0 [ 22.767748] ? default_file_splice_read+0x508/0xae0 [ 22.772734] ? do_splice_direct+0x3c0/0x3c0 [ 22.777022] ? __lock_is_held+0xb6/0x140 [ 22.781049] ? __lock_is_held+0xb6/0x140 [ 22.785077] ? fsnotify+0x7b3/0x1140 [ 22.788761] ? fsnotify_first_mark+0x2b0/0x2b0 [ 22.793311] ? avc_policy_seqno+0x9/0x20 [ 22.797337] ? selinux_file_permission+0x82/0x460 [ 22.802151] ? security_file_permission+0x89/0x1e0 [ 22.807053] ? do_splice_direct+0x3c0/0x3c0 [ 22.811341] do_splice_to+0x10a/0x160 [ 22.815104] ? do_splice_to+0x10a/0x160 [ 22.819043] SyS_splice+0x1187/0x1610 [ 22.822810] ? SyS_futex+0x269/0x390 [ 22.826504] ? compat_SyS_vmsplice+0x250/0x250 [ 22.831062] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 22.836057] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 22.840795] entry_SYSC