[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [ 9.368430] random: sshd: uninitialized urandom read (32 bytes read) [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.704601] random: crng init done Warning: Permanently added '10.128.0.122' (ECDSA) to the list of known hosts. 2018/09/22 22:08:18 parsed 1 programs 2018/09/22 22:08:19 executed programs: 0 [ 30.769414] audit: type=1400 audit(1537654099.699:5): avc: denied { sys_admin } for pid=2067 comm="syz-executor3" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 30.785542] audit: type=1400 audit(1537654099.719:6): avc: denied { net_admin } for pid=2071 comm="syz-executor2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 33.153553] audit: type=1400 audit(1537654102.089:7): avc: denied { sys_chroot } for pid=2071 comm="syz-executor2" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 33.195280] audit: type=1400 audit(1537654102.129:8): avc: denied { associate } for pid=2071 comm="syz-executor2" name="syz2" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 33.297986] audit: type=1400 audit(1537654102.229:9): avc: denied { dac_override } for pid=3648 comm="syz-executor2" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/09/22 22:08:24 executed programs: 251 2018/09/22 22:08:29 executed programs: 763 2018/09/22 22:08:34 executed programs: 1264 2018/09/22 22:08:39 executed programs: 1764 2018/09/22 22:08:44 executed programs: 2272 2018/09/22 22:08:49 executed programs: 2765 2018/09/22 22:08:54 executed programs: 3283 2018/09/22 22:08:59 executed programs: 3794 2018/09/22 22:09:04 executed programs: 4316 [ 76.555632] [ 76.557287] ====================================================== [ 76.563591] [ INFO: possible circular locking dependency detected ] [ 76.569989] 4.9.128+ #93 Not tainted [ 76.573696] ------------------------------------------------------- [ 76.580088] syz-executor4/16868 is trying to acquire lock: [ 76.585697] (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x12d0 [ 76.593447] but task is already holding lock: [ 76.598101] (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 [ 76.606412] which lock already depends on the new lock. [ 76.606412] [ 76.613415] [ 76.613415] the existing dependency chain (in reverse order) is: [ 76.621033] -> #2 (&pipe->mutex/1){+.+.+.}: [ 76.626152] lock_acquire+0x130/0x3e0 [ 76.630449] mutex_lock_nested+0xc0/0x870 [ 76.635092] fifo_open+0x15c/0x9e0 [ 76.639138] do_dentry_open+0x3ef/0xc90 [ 76.643617] vfs_open+0x11c/0x210 [ 76.647568] path_openat+0x542/0x2790 [ 76.651882] do_filp_open+0x197/0x270 [ 76.656196] do_open_execat+0x10f/0x640 [ 76.660689] do_execveat_common.isra.15+0x687/0x1f80 [ 76.666310] SyS_execve+0x42/0x50 [ 76.670274] do_syscall_64+0x19f/0x480 [ 76.674677] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 76.680294] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 76.686013] lock_acquire+0x130/0x3e0 [ 76.690343] mutex_lock_killable_nested+0xcc/0x960 [ 76.695792] do_io_accounting+0x1fb/0x7e0 [ 76.700450] proc_tgid_io_accounting+0x22/0x30 [ 76.705535] proc_single_show+0xfd/0x170 [ 76.710113] seq_read+0x4b6/0x12d0 [ 76.714164] __vfs_read+0x115/0x560 [ 76.718297] vfs_read+0x124/0x390 [ 76.722270] SyS_pread64+0x145/0x170 [ 76.726488] do_syscall_64+0x19f/0x480 [ 76.730880] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 76.736491] -> #0 (&p->lock){+.+.+.}: [ 76.741005] __lock_acquire+0x3189/0x4a10 [ 76.745680] lock_acquire+0x130/0x3e0 [ 76.749996] mutex_lock_nested+0xc0/0x870 [ 76.754667] seq_read+0xdd/0x12d0 [ 76.758629] proc_reg_read+0xfd/0x180 [ 76.762933] do_loop_readv_writev.part.1+0xd5/0x280 [ 76.768461] do_readv_writev+0x56e/0x7b0 [ 76.773038] vfs_readv+0x84/0xc0 [ 76.776901] default_file_splice_read+0x44b/0x7e0 [ 76.782236] do_splice_to+0x10c/0x170 [ 76.786567] SyS_splice+0x10d2/0x14d0 [ 76.790890] do_syscall_64+0x19f/0x480 [ 76.795305] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 76.800901] [ 76.800901] other info that might help us debug this: [ 76.800901] [ 76.809021] Chain exists of: &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1 [ 76.818068] Possible unsafe locking scenario: [ 76.818068] [ 76.824096] CPU0 CPU1 [ 76.828738] ---- ---- [ 76.833377] lock(&pipe->mutex/1); [ 76.837343] lock(&sig->cred_guard_mutex); [ 76.844391] lock(&pipe->mutex/1); [ 76.850874] lock(&p->lock); [ 76.854199] [ 76.854199] *** DEADLOCK *** [ 76.854199] [ 76.860230] 1 lock held by syz-executor4/16868: [ 76.864867] #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 [ 76.873689] [ 76.873689] stack backtrace: [ 76.878159] CPU: 1 PID: 16868 Comm: syz-executor4 Not tainted 4.9.128+ #93 [ 76.885142] ffff8801d2c57278 ffffffff81af2469 ffffffff83aa1330 ffffffff83aa85f0 [ 76.893125] ffffffff83aa2c80 ffff8801d68467d0 ffff8801d6845f00 ffff8801d2c572c0 [ 76.901123] ffffffff813e79ed 0000000000000001 00000000d68467b0 0000000000000001 [ 76.909131] Call Trace: [ 76.911696] [] dump_stack+0xc1/0x128 [ 76.917042] [] print_circular_bug.cold.36+0x2f7/0x432 [ 76.923859] [] __lock_acquire+0x3189/0x4a10 [ 76.929804] [] ? unwind_next_frame+0x7d/0xd0 [ 76.935836] [] ? trace_hardirqs_on+0x10/0x10 [ 76.941869] [] lock_acquire+0x130/0x3e0 [ 76.947466] [] ? seq_read+0xdd/0x12d0 [ 76.952890] [] ? seq_read+0xdd/0x12d0 [ 76.958858] [] mutex_lock_nested+0xc0/0x870 [ 76.964801] [] ? seq_read+0xdd/0x12d0 [ 76.970225] [] ? mutex_trylock+0x3e0/0x3e0 [ 76.976083] [] ? mark_held_locks+0xc7/0x130 [ 76.982038] [] ? get_page_from_freelist+0xae0/0x18e0 [ 76.988780] [] seq_read+0xdd/0x12d0 [ 76.994039] [] ? fsnotify+0x114/0x1100 [ 76.999570] [] ? seq_lseek+0x3c0/0x3c0 [ 77.005081] [] ? __fsnotify_inode_delete+0x30/0x30 [ 77.011636] [] proc_reg_read+0xfd/0x180 [ 77.017235] [] ? seq_lseek+0x3c0/0x3c0 [ 77.022766] [] do_loop_readv_writev.part.1+0xd5/0x280 [ 77.029582] [] do_readv_writev+0x56e/0x7b0 [ 77.035442] [] ? vfs_write+0x520/0x520 [ 77.040954] [] ? kasan_unpoison_shadow+0x35/0x50 [ 77.047334] [] ? push_pipe+0x3e2/0x770 [ 77.052844] [] ? iov_iter_get_pages_alloc+0x2be/0xee0 [ 77.059657] [] vfs_readv+0x84/0xc0 [ 77.064821] [] default_file_splice_read+0x44b/0x7e0 [ 77.071465] [] ? do_splice_direct+0x270/0x270 [ 77.077582] [] ? trace_hardirqs_on+0x10/0x10 [ 77.083617] [] ? trace_hardirqs_on+0x10/0x10 [ 77.089650] [] ? __fsnotify_inode_delete+0x30/0x30 [ 77.096204] [] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 77.104666] [] ? avc_policy_seqno+0x9/0x20 [ 77.110525] [] ? selinux_file_permission+0x82/0x470 [ 77.117169] [] ? security_file_permission+0x8f/0x1e0 [ 77.123910] [] ? rw_verify_area+0xe5/0x2a0 [ 77.129767] [] ? do_splice_direct+0x270/0x270 [ 77.135904] [] do_splice_to+0x10c/0x170 [ 77.141502] [] SyS_splice+0x10d2/0x14d0 [ 77.147102] [] ? SyS_futex+0x26c/0x370 [ 77.152613] [] ? compat_SyS_vmsplice+0x160/0x160 [ 77.158989] [] ? do_syscall_64+0x48/0x480 [ 77.164763] [] ? compat_SyS_vmsplice+0x160/0x160 [ 77.171161] [] do_syscall_64+0x19f/0x480 [ 77.176850] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb 2018/09/22 22:09:09 executed programs: 4815 2018/09/22 22:09:14 executed programs: 5369