[ 46.160173] audit: type=1800 audit(1547470589.245:30): pid=8223 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 55.935061] kauditd_printk_skb: 5 callbacks suppressed [ 55.935077] audit: type=1400 audit(1547470599.035:36): avc: denied { map } for pid=8430 comm="syz-executor895" path="/root/syz-executor895668800" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 55.995099] [ 55.996721] ====================================================== [ 56.003014] WARNING: possible circular locking dependency detected [ 56.009307] 5.0.0-rc2 #25 Not tainted [ 56.013082] ------------------------------------------------------ [ 56.019371] syz-executor895/8432 is trying to acquire lock: [ 56.025066] 00000000003a0c05 (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00 [ 56.032416] [ 56.032416] but task is already holding lock: [ 56.038359] 000000003ff2caf7 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x45d/0x2700 [ 56.047716] [ 56.047716] which lock already depends on the new lock. [ 56.047716] [ 56.056005] [ 56.056005] the existing dependency chain (in reverse order) is: [ 56.063606] [ 56.063606] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 56.069918] __mutex_lock+0x12f/0x1670 [ 56.074304] mutex_lock_interruptible_nested+0x16/0x20 [ 56.080084] proc_pid_attr_write+0x1fa/0x530 [ 56.084994] __vfs_write+0x116/0xb40 [ 56.089223] __kernel_write+0x110/0x3b0 [ 56.093716] write_pipe_buf+0x180/0x240 [ 56.098202] __splice_from_pipe+0x39a/0x7e0 [ 56.103022] splice_from_pipe+0x1ea/0x310 [ 56.107683] default_file_splice_write+0x3c/0x90 [ 56.112937] do_splice+0x64b/0x1410 [ 56.117064] __x64_sys_splice+0x2c6/0x330 [ 56.121762] do_syscall_64+0x1a3/0x800 [ 56.126170] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.131854] [ 56.131854] -> #0 (&pipe->mutex/1){+.+.}: [ 56.137468] lock_acquire+0x1db/0x570 [ 56.141765] __mutex_lock+0x12f/0x1670 [ 56.146150] mutex_lock_nested+0x16/0x20 [ 56.150731] fifo_open+0x159/0xb00 [ 56.154770] do_dentry_open+0x48a/0x1210 [ 56.159333] vfs_open+0xa0/0xd0 [ 56.163113] path_openat+0x144f/0x5650 [ 56.167509] do_filp_open+0x26f/0x370 [ 56.171805] do_open_execat+0x20e/0x930 [ 56.176283] __do_execve_file.isra.0+0x1966/0x2700 [ 56.181741] __x64_sys_execve+0x8f/0xc0 [ 56.186213] do_syscall_64+0x1a3/0x800 [ 56.190604] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.196299] [ 56.196299] other info that might help us debug this: [ 56.196299] [ 56.204441] Possible unsafe locking scenario: [ 56.204441] [ 56.210471] CPU0 CPU1 [ 56.215109] ---- ---- [ 56.219749] lock(&sig->cred_guard_mutex); [ 56.224068] lock(&pipe->mutex/1); [ 56.230217] lock(&sig->cred_guard_mutex); [ 56.237032] lock(&pipe->mutex/1); [ 56.240647] [ 56.240647] *** DEADLOCK *** [ 56.240647] [ 56.246695] 1 lock held by syz-executor895/8432: [ 56.251421] #0: 000000003ff2caf7 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x45d/0x2700 [ 56.261199] [ 56.261199] stack backtrace: [ 56.265673] CPU: 1 PID: 8432 Comm: syz-executor895 Not tainted 5.0.0-rc2 #25 [ 56.272834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.282162] Call Trace: [ 56.284732] dump_stack+0x1db/0x2d0 [ 56.288340] ? dump_stack_print_info.cold+0x20/0x20 [ 56.293339] ? print_stack_trace+0x77/0xb0 [ 56.297556] ? vprintk_func+0x86/0x189 [ 56.301422] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 56.306763] __lock_acquire+0x3014/0x4a30 [ 56.310893] ? is_bpf_text_address+0xac/0x170 [ 56.315377] ? mark_held_locks+0x100/0x100 [ 56.319590] ? mark_held_locks+0xb1/0x100 [ 56.323716] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 56.328798] ? lockdep_hardirqs_on+0x415/0x5d0 [ 56.333365] ? trace_hardirqs_off_caller+0x300/0x300 [ 56.338447] ? do_raw_spin_trylock+0x270/0x270 [ 56.343007] ? add_lock_to_list.isra.0+0x450/0x450 [ 56.347918] ? print_usage_bug+0xd0/0xd0 [ 56.351961] ? __lock_is_held+0xb6/0x140 [ 56.356002] lock_acquire+0x1db/0x570 [ 56.359781] ? fifo_open+0x159/0xb00 [ 56.363496] ? ___might_sleep+0x1e7/0x310 [ 56.367625] ? lock_release+0xc40/0xc40 [ 56.371737] ? fifo_open+0x159/0xb00 [ 56.375430] ? fifo_open+0x159/0xb00 [ 56.379123] __mutex_lock+0x12f/0x1670 [ 56.382990] ? fifo_open+0x159/0xb00 [ 56.386683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.392198] ? fifo_open+0x159/0xb00 [ 56.395892] ? check_preemption_disabled+0x48/0x290 [ 56.400885] ? lockdep_init_map+0x10c/0x5b0 [ 56.405187] ? mutex_trylock+0x2d0/0x2d0 [ 56.409224] ? add_lock_to_list.isra.0+0x450/0x450 [ 56.414132] ? __mutex_init+0x1f6/0x2a0 [ 56.418089] ? psi_task_change.cold+0x1ec/0x1ec [ 56.422738] ? fifo_open+0x2b5/0xb00 [ 56.426427] ? find_held_lock+0x35/0x120 [ 56.430467] ? fifo_open+0x2b5/0xb00 [ 56.434160] ? lock_acquire+0x1db/0x570 [ 56.438121] ? kasan_check_read+0x11/0x20 [ 56.442247] ? do_raw_spin_unlock+0xa0/0x330 [ 56.446633] ? do_raw_spin_trylock+0x270/0x270 [ 56.451221] mutex_lock_nested+0x16/0x20 [ 56.455270] ? _raw_spin_unlock+0x2d/0x50 [ 56.459395] ? mutex_lock_nested+0x16/0x20 [ 56.463602] fifo_open+0x159/0xb00 [ 56.467127] do_dentry_open+0x48a/0x1210 [ 56.471170] ? pipe_release+0x280/0x280 [ 56.475130] ? chown_common+0x740/0x740 [ 56.479089] ? security_inode_permission+0xd5/0x110 [ 56.484083] ? inode_permission+0xb4/0x570 [ 56.488295] vfs_open+0xa0/0xd0 [ 56.491561] path_openat+0x144f/0x5650 [ 56.495425] ? __save_stack_trace+0x8a/0xf0 [ 56.499729] ? path_lookupat.isra.0+0xba0/0xba0 [ 56.504380] ? selinux_cred_prepare+0x49/0xb0 [ 56.508852] ? security_prepare_creds+0x7d/0xc0 [ 56.513500] ? prepare_creds+0x3c4/0x4e0 [ 56.517545] ? __do_execve_file.isra.0+0x47a/0x2700 [ 56.522535] ? __x64_sys_execve+0x8f/0xc0 [ 56.526661] ? do_syscall_64+0x1a3/0x800 [ 56.530700] ? __lock_acquire+0x572/0x4a30 [ 56.534911] ? __lock_is_held+0xb6/0x140 [ 56.538956] do_filp_open+0x26f/0x370 [ 56.542736] ? may_open_dev+0x100/0x100 [ 56.546691] ? add_lock_to_list.isra.0+0x450/0x450 [ 56.551598] ? add_lock_to_list.isra.0+0x450/0x450 [ 56.556508] ? __do_execve_file.isra.0+0x901/0x2700 [ 56.561502] do_open_execat+0x20e/0x930 [ 56.565457] ? unregister_binfmt+0x2b0/0x2b0 [ 56.569848] ? kasan_check_read+0x11/0x20 [ 56.573975] ? do_raw_spin_trylock+0x270/0x270 [ 56.578538] ? __phys_addr_symbol+0x30/0x70 [ 56.582841] __do_execve_file.isra.0+0x1966/0x2700 [ 56.587756] ? copy_strings_kernel+0x110/0x110 [ 56.592315] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 56.597839] ? strncpy_from_user+0x3aa/0x4e0 [ 56.602230] ? digsig_verify.cold+0x32/0x32 [ 56.606529] ? kmem_cache_alloc+0x341/0x710 [ 56.610834] ? do_syscall_64+0x8c/0x800 [ 56.614786] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.620301] ? getname_flags+0x277/0x5b0 [ 56.624346] ? trace_hardirqs_off_caller+0x300/0x300 [ 56.629425] __x64_sys_execve+0x8f/0xc0 [ 56.633380] do_syscall_64+0x1a3/0x800 [ 56.637247] ? syscall_return_slowpath+0x5f0/0x5f0 [ 56.642154] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 56.647149] ? __switch_to_asm+0x34/0x70 [ 56.651186] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.656009] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.661175] RIP: 0033:0x445719 [ 56.664348] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.683241] RSP: 002b:00007f3e69b0dda8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 56.690948] RAX: ffffffffffffffda RBX: 00000000006dac58 RCX: 0000000000445719 [