[....] Starting enhanced syslogd: rsyslogd[ 14.454679] audit: type=1400 audit(1537644752.616:4): avc: denied { syslog } for pid=1921 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.419006] [ 35.420649] ====================================================== [ 35.426943] [ INFO: possible circular locking dependency detected ] [ 35.433324] 4.4.157+ #37 Not tainted [ 35.437011] ------------------------------------------------------- [ 35.443391] syz-executor289/2075 is trying to acquire lock: [ 35.449079] (&sig->cred_guard_mutex){+.+.+.}, at: [] do_io_accounting+0x1fb/0x7e0 [ 35.458928] [ 35.458928] but task is already holding lock: [ 35.464877] (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x12b0 [ 35.472730] [ 35.472730] which lock already depends on the new lock. [ 35.472730] [ 35.481052] [ 35.481052] the existing dependency chain (in reverse order) is: [ 35.488899] -> #7 (&p->lock){+.+.+.}: [ 35.493341] [] lock_acquire+0x15e/0x450 [ 35.499588] [] mutex_lock_nested+0xbb/0x840 [ 35.506183] [] seq_read+0xdd/0x12b0 [ 35.512084] [] proc_reg_read+0xfd/0x180 [ 35.518430] [] do_loop_readv_writev+0x148/0x1e0 [ 35.525383] [] do_readv_writev+0x581/0x6f0 [ 35.531896] [] vfs_readv+0x78/0xb0 [ 35.537810] [] default_file_splice_read+0x4fb/0x8d0 [ 35.545107] [] do_splice_to+0xf7/0x140 [ 35.551269] [] splice_direct_to_actor+0x242/0x830 [ 35.558406] [] do_splice_direct+0x1a3/0x270 executing program [ 35.565108] [] do_sendfile+0x4e4/0xb80 [ 35.565118] [] compat_SyS_sendfile+0xd1/0x160 [ 35.565129] [] do_fast_syscall_32+0x31e/0x8b0 [ 35.565144] [] sysenter_flags_fixed+0xd/0x1a [ 35.565154] [ 35.565154] -> #6 (sb_writers#4){.+.+.+}: [ 35.565163] [] lock_acquire+0x15e/0x450 [ 35.565175] [] __sb_start_write+0x1ae/0x310 [ 35.565185] [] ext4_lazyinit_thread+0x1a7/0x750 [ 35.565194] [] kthread+0x268/0x300 [ 35.565205] [] ret_from_fork+0x55/0x80 [ 35.565212] [ 35.565212] -> #5 (&eli->li_list_mtx){+.+...}: [ 35.565220] [] lock_acquire+0x15e/0x450 [ 35.565229] [] mutex_lock_nested+0xbb/0x840 [ 35.565238] [] ext4_register_li_request+0x304/0x6c0 [ 35.565245] [] ext4_remount+0x1368/0x1bb0 executing program [ 35.565254] [] do_remount_sb2+0x428/0x7d0 [ 35.565263] [] do_mount+0x101e/0x28f0 [ 35.565270] [] SyS_mount+0x191/0x1c0 [ 35.565279] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 35.565286] [ 35.565286] -> #4 (&ext4_li_mtx){+.+.+.}: [ 35.565294] [] lock_acquire+0x15e/0x450 [ 35.565301] [] mutex_lock_nested+0xbb/0x840 [ 35.565309] [] ext4_register_li_request+0x87/0x6c0 [ 35.565317] [] ext4_remount+0x1368/0x1bb0 [ 35.565325] [] do_remount_sb2+0x428/0x7d0 [ 35.565332] [] do_mount+0x101e/0x28f0 [ 35.565339] [] SyS_mount+0x191/0x1c0 [ 35.565348] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 35.565357] [ 35.565357] -> #3 (&type->s_umount_key#34){++++++}: [ 35.565364] [] lock_acquire+0x15e/0x450 executing program [ 35.565372] [] down_read+0x42/0x60 [ 35.565380] [] iterate_supers+0xe1/0x260 [ 35.565391] [] selinux_complete_init+0x2f/0x31 [ 35.565400] [] security_load_policy+0x886/0x9b0 [ 35.565408] [] sel_write_load+0x191/0xfc0 [ 35.565415] [] __vfs_write+0x11c/0x3e0 [ 35.565422] [] vfs_write+0x17e/0x4e0 [ 35.565430] [] SyS_write+0xd9/0x1c0 executing program [ 35.565438] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 35.565445] [ 35.565445] -> #2 (sel_mutex){+.+.+.}: [ 35.565454] [] lock_acquire+0x15e/0x450 [ 35.565461] [] mutex_lock_nested+0xbb/0x840 [ 35.565472] [] sel_commit_bools_write+0x87/0x250 [ 35.565479] [] __vfs_write+0x11c/0x3e0 [ 35.565486] [] __kernel_write+0xf0/0x320 [ 35.565494] [] write_pipe_buf+0x15d/0x1f0 [ 35.565501] [] __splice_from_pipe+0x364/0x790 [ 35.565509] [] splice_from_pipe+0xf9/0x170 [ 35.565517] [] default_file_splice_write+0x3c/0x80 [ 35.565524] [] SyS_splice+0xde1/0x1430 [ 35.565533] [] do_fast_syscall_32+0x31e/0x8b0 [ 35.565541] [] sysenter_flags_fixed+0xd/0x1a [ 35.565549] [ 35.565549] -> #1 (&pipe->mutex/1){+.+.+.}: [ 35.565557] [] lock_acquire+0x15e/0x450 executing program [ 35.565565] [] mutex_lock_nested+0xbb/0x840 [ 35.565572] [] fifo_open+0x15c/0x9e0 [ 35.565582] [] do_dentry_open+0x38d/0xbd0 [ 35.565590] [] vfs_open+0x12a/0x210 [ 35.565598] [] path_openat+0x50c/0x39a0 [ 35.565607] [] do_filp_open+0x197/0x270 [ 35.565615] [] do_open_execat+0x10f/0x6f0 [ 35.565623] [] do_execveat_common.isra.15+0x6a1/0x1f00 executing program [ 35.565630] [] compat_SyS_execve+0x48/0x60 [ 35.565639] [] do_fast_syscall_32+0x31e/0x8b0 [ 35.565646] [] sysenter_flags_fixed+0xd/0x1a [ 35.565653] [ 35.565653] -> #0 (&sig->cred_guard_mutex){+.+.+.}: [ 35.565661] [] __lock_acquire+0x3b6e/0x5ba0 [ 35.565668] [] lock_acquire+0x15e/0x450 [ 35.565676] [] mutex_lock_killable_nested+0xcc/0x980 [ 35.565686] [] do_io_accounting+0x1fb/0x7e0 [ 35.565695] [] proc_tgid_io_accounting+0x22/0x30 [ 35.565703] [] proc_single_show+0xfd/0x170 [ 35.565710] [] traverse+0x363/0x920 [ 35.565717] [] seq_read+0xd05/0x12b0 [ 35.565724] [] __vfs_read+0x11c/0x3d0 [ 35.565731] [] vfs_read+0x130/0x360 [ 35.565739] [] SyS_pread64+0x145/0x170 [ 35.565748] [] sys32_pread+0x39/0x50 executing program [ 35.565768] [] do_fast_syscall_32+0x31e/0x8b0 [ 35.565776] [] sysenter_flags_fixed+0xd/0x1a [ 35.565778] [ 35.565778] other info that might help us debug this: [ 35.565778] [ 35.565789] Chain exists of: [ 35.565789] &sig->cred_guard_mutex --> sb_writers#4 --> &p->lock [ 35.565789] [ 35.565791] Possible unsafe locking scenario: [ 35.565791] [ 35.565793] CPU0 CPU1 [ 35.565794] ---- ---- [ 35.565798] lock(&p->lock); [ 35.565804] lock(sb_writers#4); [ 35.565807] lock(&p->lock); [ 35.565811] lock(&sig->cred_guard_mutex); [ 35.565813] [ 35.565813] *** DEADLOCK *** [ 35.565813] [ 35.565818] 1 lock held by syz-executor289/2075: [ 35.565830] #0: (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x12b0 [ 35.565831] [ 35.565831] stack backtrace: [ 35.565839] CPU: 1 PID: 2075 Comm: syz-executor289 Not tainted 4.4.157+ #37 executing program [ 35.565849] 0000000000000000 c1d1ded082eed36b ffff8800b6bdf528 ffffffff81a559fd [ 35.565858] ffffffff83ab24f0 ffffffff83aae170 ffffffff83aac820 ffff8801d576d028 [ 35.565866] ffff8801d576c740 ffff8800b6bdf570 ffffffff813924cf 0000000000000001 [ 35.565868] Call Trace: [ 35.565878] [] dump_stack+0xc1/0x124 [ 35.565888] [] print_circular_bug.cold.34+0x2f7/0x432 [ 35.565895] [] __lock_acquire+0x3b6e/0x5ba0 [ 35.565902] [] ? trace_hardirqs_on+0x10/0x10 [ 35.565910] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 35.565917] [] lock_acquire+0x15e/0x450 [ 35.565924] [] ? do_io_accounting+0x1fb/0x7e0 [ 35.565941] [] mutex_lock_killable_nested+0xcc/0x980 [ 35.565949] [] ? do_io_accounting+0x1fb/0x7e0 [ 35.565956] [] ? do_io_accounting+0x1fb/0x7e0 [ 35.565964] [] ? _mutex_lock_nest_lock+0x840/0x840 [ 35.565971] [] ? trace_hardirqs_on+0x10/0x10 [ 35.565979] [] do_io_accounting+0x1fb/0x7e0 executing program [ 35.565987] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 35.565995] [] ? proc_uid_map_open+0x30/0x30 [ 35.566003] [] ? get_pid_task+0x9b/0x140 [ 35.566011] [] proc_tgid_io_accounting+0x22/0x30 [ 35.566018] [] proc_single_show+0xfd/0x170 [ 35.566025] [] traverse+0x363/0x920 [ 35.566031] [] ? seq_buf_alloc+0x80/0x80 [ 35.566042] [] ? futex_wait_restart+0x230/0x230 [ 35.566048] [] seq_read+0xd05/0x12b0 [ 35.566055] [] ? __lock_acquire+0xa86/0x5ba0 [ 35.566063] [] ? do_futex+0x12d/0x1840 [ 35.566069] [] ? seq_lseek+0x3c0/0x3c0 [ 35.566076] [] ? trace_hardirqs_on+0x10/0x10 [ 35.566084] [] ? fsnotify+0x866/0x10c0 [ 35.566090] [] __vfs_read+0x11c/0x3d0 [ 35.566096] [] ? seq_lseek+0x3c0/0x3c0 [ 35.566103] [] ? vfs_iter_write+0x2c0/0x2c0 executing program [ 35.566110] [] ? __fsnotify_inode_delete+0x30/0x30 [ 35.566118] [] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 35.566127] [] ? check_preemption_disabled+0x3b/0x170 [ 35.566135] [] ? avc_policy_seqno+0x9/0x20 [ 35.566143] [] ? selinux_file_permission+0x2f2/0x450 [ 35.566152] [] ? security_file_permission+0x8f/0x1e0 [ 35.566159] [] ? rw_verify_area+0x100/0x2f0 executing program [ 35.566165] [] vfs_read+0x130/0x360 [ 35.566172] [] SyS_pread64+0x145/0x170 [ 35.566178] [] ? SyS_write+0x1c0/0x1c0 [ 35.566185] [] ? compat_SyS_vmsplice+0x160/0x160 [ 35.566192] [] sys32_pread+0x39/0x50 [ 35.566199] [] ? sys32_waitpid+0x30/0x30 [ 35.566207] [] do_fast_syscall_32+0x31e/0x8b0 [ 35.566214] [] sysenter_flags_fixed+0xd/0x1a executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program