[ 43.230470][ T26] audit: type=1800 audit(1553304751.608:29): pid=8030 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [....] Starting periodic command scheduler: cron[ 43.355720][ T26] audit: type=1800 audit(1553304751.728:30): pid=8030 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.168' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 52.369947][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 52.369963][ T26] audit: type=1400 audit(1553304760.748:36): avc: denied { map } for pid=8218 comm="syz-executor468" path="/root/syz-executor468353289" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 52.377180][ T8218] [ 52.405227][ T8218] ====================================================== [ 52.412225][ T8218] WARNING: possible circular locking dependency detected [ 52.419225][ T8218] 5.1.0-rc1+ #33 Not tainted [ 52.423789][ T8218] ------------------------------------------------------ [ 52.430791][ T8218] syz-executor468/8218 is trying to acquire lock: [ 52.437185][ T8218] 00000000db14c975 (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00 [ 52.445282][ T8218] [ 52.445282][ T8218] but task is already holding lock: [ 52.452638][ T8218] 0000000003e93ac4 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x376/0x23f0 [ 52.463682][ T8218] [ 52.463682][ T8218] which lock already depends on the new lock. [ 52.463682][ T8218] [ 52.474091][ T8218] [ 52.474091][ T8218] the existing dependency chain (in reverse order) is: [ 52.483094][ T8218] [ 52.483094][ T8218] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 52.490810][ T8218] lock_acquire+0x16f/0x3f0 [ 52.495842][ T8218] __mutex_lock+0xf7/0x1310 [ 52.500854][ T8218] mutex_lock_interruptible_nested+0x16/0x20 [ 52.507340][ T8218] proc_pid_attr_write+0x200/0x580 [ 52.512986][ T8218] __vfs_write+0x8d/0x110 [ 52.517855][ T8218] __kernel_write+0x110/0x3b0 [ 52.523071][ T8218] write_pipe_buf+0x15d/0x1f0 [ 52.528256][ T8218] __splice_from_pipe+0x395/0x7d0 [ 52.533808][ T8218] splice_from_pipe+0x108/0x170 [ 52.539194][ T8218] default_file_splice_write+0x3c/0x90 [ 52.545158][ T8218] do_splice+0x70a/0x13c0 [ 52.550017][ T8218] __x64_sys_splice+0x2c6/0x330 [ 52.555386][ T8218] do_syscall_64+0x103/0x610 [ 52.560482][ T8218] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.566894][ T8218] [ 52.566894][ T8218] -> #0 (&pipe->mutex/1){+.+.}: [ 52.573911][ T8218] __lock_acquire+0x239c/0x3fb0 [ 52.579278][ T8218] lock_acquire+0x16f/0x3f0 [ 52.584280][ T8218] __mutex_lock+0xf7/0x1310 [ 52.589298][ T8218] mutex_lock_nested+0x16/0x20 [ 52.594563][ T8218] fifo_open+0x159/0xb00 [ 52.599328][ T8218] do_dentry_open+0x488/0x1160 [ 52.604590][ T8218] vfs_open+0xa0/0xd0 [ 52.609068][ T8218] path_openat+0x10e9/0x46e0 [ 52.614159][ T8218] do_filp_open+0x1a1/0x280 [ 52.619178][ T8218] do_open_execat+0x137/0x690 [ 52.624370][ T8218] __do_execve_file.isra.0+0x178d/0x23f0 [ 52.630531][ T8218] __x64_sys_execve+0x8f/0xc0 [ 52.635729][ T8218] do_syscall_64+0x103/0x610 [ 52.640823][ T8218] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.647226][ T8218] [ 52.647226][ T8218] other info that might help us debug this: [ 52.647226][ T8218] [ 52.657441][ T8218] Possible unsafe locking scenario: [ 52.657441][ T8218] [ 52.664887][ T8218] CPU0 CPU1 [ 52.670235][ T8218] ---- ---- [ 52.675602][ T8218] lock(&sig->cred_guard_mutex); [ 52.680610][ T8218] lock(&pipe->mutex/1); [ 52.687449][ T8218] lock(&sig->cred_guard_mutex); [ 52.694998][ T8218] lock(&pipe->mutex/1); [ 52.699336][ T8218] [ 52.699336][ T8218] *** DEADLOCK *** [ 52.699336][ T8218] [ 52.707470][ T8218] 1 lock held by syz-executor468/8218: [ 52.712903][ T8218] #0: 0000000003e93ac4 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x376/0x23f0 [ 52.723399][ T8218] [ 52.723399][ T8218] stack backtrace: [ 52.729911][ T8218] CPU: 0 PID: 8218 Comm: syz-executor468 Not tainted 5.1.0-rc1+ #33 [ 52.739387][ T8218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.749977][ T8218] Call Trace: [ 52.753286][ T8218] dump_stack+0x172/0x1f0 [ 52.757604][ T8218] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 52.763687][ T8218] check_prev_add.constprop.0+0xf11/0x23c0 [ 52.769487][ T8218] ? depot_save_stack+0x1de/0x460 [ 52.774504][ T8218] ? check_usage+0x570/0x570 [ 52.779087][ T8218] ? mark_held_locks+0xa4/0xf0 [ 52.783864][ T8218] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 52.789657][ T8218] ? graph_lock+0x7b/0x200 [ 52.794078][ T8218] ? __lockdep_reset_lock+0x450/0x450 [ 52.799454][ T8218] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 52.805963][ T8218] __lock_acquire+0x239c/0x3fb0 [ 52.810804][ T8218] ? save_stack+0xa9/0xd0 [ 52.815123][ T8218] ? mark_held_locks+0xf0/0xf0 [ 52.819873][ T8218] lock_acquire+0x16f/0x3f0 [ 52.824362][ T8218] ? fifo_open+0x159/0xb00 [ 52.828798][ T8218] ? fifo_open+0x159/0xb00 [ 52.833223][ T8218] __mutex_lock+0xf7/0x1310 [ 52.837713][ T8218] ? fifo_open+0x159/0xb00 [ 52.842140][ T8218] ? fifo_open+0x159/0xb00 [ 52.846568][ T8218] ? fifo_open+0x2b5/0xb00 [ 52.850975][ T8218] ? mutex_trylock+0x1e0/0x1e0 [ 52.855741][ T8218] ? fifo_open+0x2b5/0xb00 [ 52.860151][ T8218] ? kasan_check_write+0x14/0x20 [ 52.865103][ T8218] ? lock_downgrade+0x880/0x880 [ 52.869944][ T8218] mutex_lock_nested+0x16/0x20 [ 52.874695][ T8218] ? mutex_lock_nested+0x16/0x20 [ 52.879654][ T8218] fifo_open+0x159/0xb00 [ 52.883904][ T8218] do_dentry_open+0x488/0x1160 [ 52.888675][ T8218] ? pipe_release+0x280/0x280 [ 52.893353][ T8218] ? chown_common+0x5c0/0x5c0 [ 52.898030][ T8218] ? inode_permission+0xb4/0x570 [ 52.902960][ T8218] vfs_open+0xa0/0xd0 [ 52.906933][ T8218] path_openat+0x10e9/0x46e0 [ 52.911518][ T8218] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 52.916899][ T8218] ? __kmalloc+0x15c/0x740 [ 52.921359][ T8218] ? prepare_creds+0x2f5/0x3f0 [ 52.926109][ T8218] ? prepare_exec_creds+0x12/0xf0 [ 52.931155][ T8218] ? __do_execve_file.isra.0+0x393/0x23f0 [ 52.936898][ T8218] ? do_syscall_64+0x103/0x610 [ 52.941652][ T8218] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.947723][ T8218] ? __lock_acquire+0x548/0x3fb0 [ 52.952671][ T8218] ? prepare_exec_creds+0x12/0xf0 [ 52.957706][ T8218] ? __do_execve_file.isra.0+0x393/0x23f0 [ 52.963437][ T8218] ? __x64_sys_execve+0x8f/0xc0 [ 52.968294][ T8218] do_filp_open+0x1a1/0x280 [ 52.972779][ T8218] ? may_open_dev+0x100/0x100 [ 52.977448][ T8218] ? __lock_acquire+0x548/0x3fb0 [ 52.982396][ T8218] do_open_execat+0x137/0x690 [ 52.987091][ T8218] ? unregister_binfmt+0x170/0x170 [ 52.992212][ T8218] ? lock_downgrade+0x880/0x880 [ 52.997064][ T8218] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.003320][ T8218] ? kasan_check_read+0x11/0x20 [ 53.008163][ T8218] ? do_raw_spin_unlock+0x57/0x270 [ 53.013268][ T8218] __do_execve_file.isra.0+0x178d/0x23f0 [ 53.018883][ T8218] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 53.024619][ T8218] ? __check_object_size+0x3d/0x42f [ 53.029810][ T8218] ? copy_strings_kernel+0x110/0x110 [ 53.035082][ T8218] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.041338][ T8218] ? getname_flags+0x277/0x5b0 [ 53.046090][ T8218] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.052147][ T8218] __x64_sys_execve+0x8f/0xc0 [ 53.057161][ T8218] do_syscall_64+0x103/0x610 [ 53.061754][ T8218] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.067631][ T8218] RIP: 0033:0x4402a9 [ 53.071554][ T8218] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.091144][ T8218] RSP: 002b:00007ffdd2803008 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 53.099548][ T8218] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402a9 [ 53.107508][ T8218] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000480 [ 53.115473][ T8218] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 53.123464][ T8218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b30 [ 53.131427][ T8218] R13: 0000000000401bc0 R14: 0000000000000000 R15: 0000000000000000