[   43.230470][   T26] audit: type=1800 audit(1553304751.608:29): pid=8030 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[....] Starting periodic command scheduler: cron[   43.355720][   T26] audit: type=1800 audit(1553304751.728:30): pid=8030 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.168' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   52.369947][   T26] kauditd_printk_skb: 5 callbacks suppressed
[   52.369963][   T26] audit: type=1400 audit(1553304760.748:36): avc:  denied  { map } for  pid=8218 comm="syz-executor468" path="/root/syz-executor468353289" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   52.377180][ T8218] 
[   52.405227][ T8218] ======================================================
[   52.412225][ T8218] WARNING: possible circular locking dependency detected
[   52.419225][ T8218] 5.1.0-rc1+ #33 Not tainted
[   52.423789][ T8218] ------------------------------------------------------
[   52.430791][ T8218] syz-executor468/8218 is trying to acquire lock:
[   52.437185][ T8218] 00000000db14c975 (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00
[   52.445282][ T8218] 
[   52.445282][ T8218] but task is already holding lock:
[   52.452638][ T8218] 0000000003e93ac4 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x376/0x23f0
[   52.463682][ T8218] 
[   52.463682][ T8218] which lock already depends on the new lock.
[   52.463682][ T8218] 
[   52.474091][ T8218] 
[   52.474091][ T8218] the existing dependency chain (in reverse order) is:
[   52.483094][ T8218] 
[   52.483094][ T8218] -> #1 (&sig->cred_guard_mutex){+.+.}:
[   52.490810][ T8218]        lock_acquire+0x16f/0x3f0
[   52.495842][ T8218]        __mutex_lock+0xf7/0x1310
[   52.500854][ T8218]        mutex_lock_interruptible_nested+0x16/0x20
[   52.507340][ T8218]        proc_pid_attr_write+0x200/0x580
[   52.512986][ T8218]        __vfs_write+0x8d/0x110
[   52.517855][ T8218]        __kernel_write+0x110/0x3b0
[   52.523071][ T8218]        write_pipe_buf+0x15d/0x1f0
[   52.528256][ T8218]        __splice_from_pipe+0x395/0x7d0
[   52.533808][ T8218]        splice_from_pipe+0x108/0x170
[   52.539194][ T8218]        default_file_splice_write+0x3c/0x90
[   52.545158][ T8218]        do_splice+0x70a/0x13c0
[   52.550017][ T8218]        __x64_sys_splice+0x2c6/0x330
[   52.555386][ T8218]        do_syscall_64+0x103/0x610
[   52.560482][ T8218]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.566894][ T8218] 
[   52.566894][ T8218] -> #0 (&pipe->mutex/1){+.+.}:
[   52.573911][ T8218]        __lock_acquire+0x239c/0x3fb0
[   52.579278][ T8218]        lock_acquire+0x16f/0x3f0
[   52.584280][ T8218]        __mutex_lock+0xf7/0x1310
[   52.589298][ T8218]        mutex_lock_nested+0x16/0x20
[   52.594563][ T8218]        fifo_open+0x159/0xb00
[   52.599328][ T8218]        do_dentry_open+0x488/0x1160
[   52.604590][ T8218]        vfs_open+0xa0/0xd0
[   52.609068][ T8218]        path_openat+0x10e9/0x46e0
[   52.614159][ T8218]        do_filp_open+0x1a1/0x280
[   52.619178][ T8218]        do_open_execat+0x137/0x690
[   52.624370][ T8218]        __do_execve_file.isra.0+0x178d/0x23f0
[   52.630531][ T8218]        __x64_sys_execve+0x8f/0xc0
[   52.635729][ T8218]        do_syscall_64+0x103/0x610
[   52.640823][ T8218]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.647226][ T8218] 
[   52.647226][ T8218] other info that might help us debug this:
[   52.647226][ T8218] 
[   52.657441][ T8218]  Possible unsafe locking scenario:
[   52.657441][ T8218] 
[   52.664887][ T8218]        CPU0                    CPU1
[   52.670235][ T8218]        ----                    ----
[   52.675602][ T8218]   lock(&sig->cred_guard_mutex);
[   52.680610][ T8218]                                lock(&pipe->mutex/1);
[   52.687449][ T8218]                                lock(&sig->cred_guard_mutex);
[   52.694998][ T8218]   lock(&pipe->mutex/1);
[   52.699336][ T8218] 
[   52.699336][ T8218]  *** DEADLOCK ***
[   52.699336][ T8218] 
[   52.707470][ T8218] 1 lock held by syz-executor468/8218:
[   52.712903][ T8218]  #0: 0000000003e93ac4 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x376/0x23f0
[   52.723399][ T8218] 
[   52.723399][ T8218] stack backtrace:
[   52.729911][ T8218] CPU: 0 PID: 8218 Comm: syz-executor468 Not tainted 5.1.0-rc1+ #33
[   52.739387][ T8218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.749977][ T8218] Call Trace:
[   52.753286][ T8218]  dump_stack+0x172/0x1f0
[   52.757604][ T8218]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   52.763687][ T8218]  check_prev_add.constprop.0+0xf11/0x23c0
[   52.769487][ T8218]  ? depot_save_stack+0x1de/0x460
[   52.774504][ T8218]  ? check_usage+0x570/0x570
[   52.779087][ T8218]  ? mark_held_locks+0xa4/0xf0
[   52.783864][ T8218]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   52.789657][ T8218]  ? graph_lock+0x7b/0x200
[   52.794078][ T8218]  ? __lockdep_reset_lock+0x450/0x450
[   52.799454][ T8218]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   52.805963][ T8218]  __lock_acquire+0x239c/0x3fb0
[   52.810804][ T8218]  ? save_stack+0xa9/0xd0
[   52.815123][ T8218]  ? mark_held_locks+0xf0/0xf0
[   52.819873][ T8218]  lock_acquire+0x16f/0x3f0
[   52.824362][ T8218]  ? fifo_open+0x159/0xb00
[   52.828798][ T8218]  ? fifo_open+0x159/0xb00
[   52.833223][ T8218]  __mutex_lock+0xf7/0x1310
[   52.837713][ T8218]  ? fifo_open+0x159/0xb00
[   52.842140][ T8218]  ? fifo_open+0x159/0xb00
[   52.846568][ T8218]  ? fifo_open+0x2b5/0xb00
[   52.850975][ T8218]  ? mutex_trylock+0x1e0/0x1e0
[   52.855741][ T8218]  ? fifo_open+0x2b5/0xb00
[   52.860151][ T8218]  ? kasan_check_write+0x14/0x20
[   52.865103][ T8218]  ? lock_downgrade+0x880/0x880
[   52.869944][ T8218]  mutex_lock_nested+0x16/0x20
[   52.874695][ T8218]  ? mutex_lock_nested+0x16/0x20
[   52.879654][ T8218]  fifo_open+0x159/0xb00
[   52.883904][ T8218]  do_dentry_open+0x488/0x1160
[   52.888675][ T8218]  ? pipe_release+0x280/0x280
[   52.893353][ T8218]  ? chown_common+0x5c0/0x5c0
[   52.898030][ T8218]  ? inode_permission+0xb4/0x570
[   52.902960][ T8218]  vfs_open+0xa0/0xd0
[   52.906933][ T8218]  path_openat+0x10e9/0x46e0
[   52.911518][ T8218]  ? path_lookupat.isra.0+0x8d0/0x8d0
[   52.916899][ T8218]  ? __kmalloc+0x15c/0x740
[   52.921359][ T8218]  ? prepare_creds+0x2f5/0x3f0
[   52.926109][ T8218]  ? prepare_exec_creds+0x12/0xf0
[   52.931155][ T8218]  ? __do_execve_file.isra.0+0x393/0x23f0
[   52.936898][ T8218]  ? do_syscall_64+0x103/0x610
[   52.941652][ T8218]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.947723][ T8218]  ? __lock_acquire+0x548/0x3fb0
[   52.952671][ T8218]  ? prepare_exec_creds+0x12/0xf0
[   52.957706][ T8218]  ? __do_execve_file.isra.0+0x393/0x23f0
[   52.963437][ T8218]  ? __x64_sys_execve+0x8f/0xc0
[   52.968294][ T8218]  do_filp_open+0x1a1/0x280
[   52.972779][ T8218]  ? may_open_dev+0x100/0x100
[   52.977448][ T8218]  ? __lock_acquire+0x548/0x3fb0
[   52.982396][ T8218]  do_open_execat+0x137/0x690
[   52.987091][ T8218]  ? unregister_binfmt+0x170/0x170
[   52.992212][ T8218]  ? lock_downgrade+0x880/0x880
[   52.997064][ T8218]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.003320][ T8218]  ? kasan_check_read+0x11/0x20
[   53.008163][ T8218]  ? do_raw_spin_unlock+0x57/0x270
[   53.013268][ T8218]  __do_execve_file.isra.0+0x178d/0x23f0
[   53.018883][ T8218]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   53.024619][ T8218]  ? __check_object_size+0x3d/0x42f
[   53.029810][ T8218]  ? copy_strings_kernel+0x110/0x110
[   53.035082][ T8218]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.041338][ T8218]  ? getname_flags+0x277/0x5b0
[   53.046090][ T8218]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.052147][ T8218]  __x64_sys_execve+0x8f/0xc0
[   53.057161][ T8218]  do_syscall_64+0x103/0x610
[   53.061754][ T8218]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.067631][ T8218] RIP: 0033:0x4402a9
[   53.071554][ T8218] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   53.091144][ T8218] RSP: 002b:00007ffdd2803008 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[   53.099548][ T8218] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402a9
[   53.107508][ T8218] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000480
[   53.115473][ T8218] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   53.123464][ T8218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b30
[   53.131427][ T8218] R13: 0000000000401bc0 R14: 0000000000000000 R15: 0000000000000000