[....] Starting enhanced syslogd: rsyslogd[ 14.589044] audit: type=1400 audit(1537643341.597:4): avc: denied { syslog } for pid=1925 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.6' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program syzkaller login: [ 35.861430] [ 35.863073] ====================================================== [ 35.869433] [ INFO: possible circular locking dependency detected ] [ 35.875817] 4.4.157+ #101 Not tainted [ 35.879586] ------------------------------------------------------- [ 35.885966] syz-executor405/2092 is trying to acquire lock: [ 35.891658] (&sig->cred_guard_mutex){+.+.+.}, at: [] do_io_accounting+0x1fb/0x7e0 [ 35.901399] [ 35.901399] but task is already holding lock: [ 35.907395] (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x12b0 [ 35.915275] [ 35.915275] which lock already depends on the new lock. [ 35.915275] [ 35.923709] [ 35.923709] the existing dependency chain (in reverse order) is: [ 35.931328] -> #7 (&p->lock){+.+.+.}: [ 35.935772] [] lock_acquire+0x15e/0x450 [ 35.942037] [] mutex_lock_nested+0xbb/0x840 [ 35.948758] [] seq_read+0xdd/0x12b0 [ 35.954661] [] proc_reg_read+0xfd/0x180 [ 35.960906] [] do_loop_readv_writev+0x148/0x1e0 [ 35.967860] [] do_readv_writev+0x581/0x6f0 [ 35.974368] [] vfs_readv+0x78/0xb0 [ 35.980266] [] default_file_splice_read+0x4fb/0x8d0 [ 35.987554] [] do_splice_to+0xf7/0x140 [ 35.993709] [] splice_direct_to_actor+0x242/0x830 [ 36.000817] [] do_splice_direct+0x1a3/0x270 [ 36.007425] [] do_sendfile+0x4e4/0xb80 [ 36.013580] [] SyS_sendfile64+0xc3/0x150 [ 36.019909] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 36.027114] -> #6 (sb_writers#4){.+.+.+}: [ 36.032018] [] lock_acquire+0x15e/0x450 [ 36.038263] [] __sb_start_write+0x1ae/0x310 [ 36.044854] [] ext4_lazyinit_thread+0x1a7/0x750 [ 36.051798] [] kthread+0x268/0x300 executing program executing program [ 36.057619] [] ret_from_fork+0x55/0x80 [ 36.059690] [ 36.059690] -> #5 (&eli->li_list_mtx){+.+...}: [ 36.059696] [] lock_acquire+0x15e/0x450 [ 36.059701] [] mutex_lock_nested+0xbb/0x840 [ 36.059713] [] ext4_register_li_request+0x304/0x6c0 [ 36.059717] [] ext4_remount+0x1368/0x1bb0 [ 36.059722] [] do_remount_sb2+0x428/0x7d0 executing program executing program [ 36.059727] [] do_mount+0x101e/0x28f0 [ 36.059731] [] SyS_mount+0x191/0x1c0 [ 36.059736] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 36.059740] [ 36.059740] -> #4 (&ext4_li_mtx){+.+.+.}: [ 36.059744] [] lock_acquire+0x15e/0x450 [ 36.059748] [] mutex_lock_nested+0xbb/0x840 [ 36.059753] [] ext4_register_li_request+0x87/0x6c0 executing program executing program [ 36.059757] [] ext4_remount+0x1368/0x1bb0 [ 36.059762] [] do_remount_sb2+0x428/0x7d0 [ 36.059766] [] do_mount+0x101e/0x28f0 [ 36.059769] [] SyS_mount+0x191/0x1c0 [ 36.059774] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 36.059779] [ 36.059779] -> #3 (&type->s_umount_key#34){++++++}: [ 36.059784] [] lock_acquire+0x15e/0x450 [ 36.059788] [] down_read+0x42/0x60 executing program [ 36.059792] [] iterate_supers+0xe1/0x260 [ 36.059799] [] selinux_complete_init+0x2f/0x31 [ 36.059804] [] security_load_policy+0x886/0x9b0 [ 36.059808] [] sel_write_load+0x191/0xfc0 [ 36.059812] [] __vfs_write+0x11c/0x3e0 [ 36.059816] [] vfs_write+0x17e/0x4e0 [ 36.059820] [] SyS_write+0xd9/0x1c0 [ 36.059825] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 36.059829] executing program [ 36.059829] -> #2 (sel_mutex){+.+.+.}: [ 36.059833] [] lock_acquire+0x15e/0x450 [ 36.059837] [] mutex_lock_nested+0xbb/0x840 [ 36.059853] [] sel_commit_bools_write+0x87/0x250 [ 36.059857] [] __vfs_write+0x11c/0x3e0 [ 36.059861] [] __kernel_write+0xf0/0x320 [ 36.059865] [] write_pipe_buf+0x15d/0x1f0 [ 36.059870] [] __splice_from_pipe+0x364/0x790 executing program executing program [ 36.059874] [] splice_from_pipe+0xf9/0x170 [ 36.059878] [] default_file_splice_write+0x3c/0x80 [ 36.059882] [] SyS_splice+0xde1/0x1430 [ 36.059887] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 36.059892] [ 36.059892] -> #1 (&pipe->mutex/1){+.+.+.}: [ 36.059896] [] lock_acquire+0x15e/0x450 [ 36.059900] [] mutex_lock_nested+0xbb/0x840 [ 36.059904] [] fifo_open+0x15c/0x9e0 executing program [ 36.059910] [] do_dentry_open+0x38d/0xbd0 [ 36.059914] [] vfs_open+0x12a/0x210 [ 36.059919] [] path_openat+0x50c/0x39a0 [ 36.059923] [] do_filp_open+0x197/0x270 [ 36.059928] [] do_open_execat+0x10f/0x6f0 [ 36.059933] [] do_execveat_common.isra.15+0x6a1/0x1f00 [ 36.059937] [] SyS_execve+0x42/0x50 [ 36.059941] [] return_from_execve+0x0/0x23 [ 36.059945] executing program [ 36.059945] -> #0 (&sig->cred_guard_mutex){+.+.+.}: [ 36.059949] [] __lock_acquire+0x3b6e/0x5ba0 [ 36.059953] [] lock_acquire+0x15e/0x450 [ 36.059958] [] mutex_lock_killable_nested+0xcc/0x980 [ 36.059963] [] do_io_accounting+0x1fb/0x7e0 [ 36.059968] [] proc_tgid_io_accounting+0x22/0x30 [ 36.059973] [] proc_single_show+0xfd/0x170 [ 36.059976] [] seq_read+0x4b6/0x12b0 executing program [ 36.059980] [] __vfs_read+0x11c/0x3d0 [ 36.059984] [] vfs_read+0x130/0x360 [ 36.059988] [] SyS_pread64+0x145/0x170 [ 36.060005] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 36.060006] [ 36.060006] other info that might help us debug this: [ 36.060006] [ 36.060012] Chain exists of: [ 36.060012] &sig->cred_guard_mutex --> sb_writers#4 --> &p->lock [ 36.060012] [ 36.060013] Possible unsafe locking scenario: [ 36.060013] executing program executing program [ 36.060014] CPU0 CPU1 [ 36.060015] ---- ---- [ 36.060017] lock(&p->lock); [ 36.060020] lock(sb_writers#4); [ 36.060022] lock(&p->lock); [ 36.060024] lock(&sig->cred_guard_mutex); [ 36.060025] [ 36.060025] *** DEADLOCK *** [ 36.060025] [ 36.060027] 1 lock held by syz-executor405/2092: [ 36.060034] #0: (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x12b0 [ 36.060035] executing program [ 36.060035] stack backtrace: [ 36.060040] CPU: 1 PID: 2092 Comm: syz-executor405 Not tainted 4.4.157+ #101 [ 36.060046] 0000000000000000 412908aa696cbf82 ffff8800b9c576b8 ffffffff81a559fd [ 36.060051] ffffffff83ab26a0 ffffffff83aae320 ffffffff83aac9d0 ffff8800b7ecb868 [ 36.060055] ffff8800b7ecaf80 ffff8800b9c57700 ffffffff813924cf 0000000000000001 [ 36.060056] Call Trace: [ 36.060063] [] dump_stack+0xc1/0x124 [ 36.060068] [] print_circular_bug.cold.34+0x2f7/0x432 executing program [ 36.060072] [] __lock_acquire+0x3b6e/0x5ba0 [ 36.060077] [] ? trace_hardirqs_on+0x10/0x10 [ 36.060081] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 36.060085] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 36.060091] [] ? depot_save_stack+0x1c3/0x5eb [ 36.060095] [] lock_acquire+0x15e/0x450 [ 36.060099] [] ? do_io_accounting+0x1fb/0x7e0 [ 36.060104] [] mutex_lock_killable_nested+0xcc/0x980 executing program [ 36.060108] [] ? do_io_accounting+0x1fb/0x7e0 [ 36.060112] [] ? do_io_accounting+0x1fb/0x7e0 [ 36.060116] [] ? _mutex_lock_nest_lock+0x840/0x840 [ 36.060119] [] ? trace_hardirqs_on+0x10/0x10 [ 36.060124] [] do_io_accounting+0x1fb/0x7e0 [ 36.060129] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 36.060133] [] ? proc_uid_map_open+0x30/0x30 [ 36.060137] [] ? get_pid_task+0x9b/0x140 executing program executing program [ 36.060142] [] proc_tgid_io_accounting+0x22/0x30 [ 36.060146] [] proc_single_show+0xfd/0x170 [ 36.060149] [] seq_read+0x4b6/0x12b0 [ 36.060153] [] ? seq_lseek+0x3c0/0x3c0 [ 36.060157] [] ? trace_hardirqs_on+0x10/0x10 [ 36.060163] [] ? exit_robust_list+0x220/0x220 [ 36.060168] [] ? fsnotify+0x866/0x10c0 [ 36.060172] [] ? _raw_spin_unlock_irqrestore+0x45/0x70 [ 36.060176] [] __vfs_read+0x11c/0x3d0 executing program [ 36.060179] [] ? seq_lseek+0x3c0/0x3c0 [ 36.060183] [] ? vfs_iter_write+0x2c0/0x2c0 [ 36.060187] [] ? __fsnotify_inode_delete+0x30/0x30 [ 36.060192] [] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 36.060197] [] ? check_preemption_disabled+0x3b/0x170 [ 36.060201] [] ? avc_policy_seqno+0x9/0x20 [ 36.060205] [] ? selinux_file_permission+0x2f2/0x450 executing program executing program [ 36.060210] [] ? security_file_permission+0x8f/0x1e0 [ 36.060214] [] ? rw_verify_area+0x100/0x2f0 [ 36.060218] [] vfs_read+0x130/0x360 [ 36.060222] [] SyS_pread64+0x145/0x170 [ 36.060225] [] ? SyS_write+0x1c0/0x1c0 [ 36.060231] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 36.060235] [] entry_SYSCALL_64_fastpath+0x1e/0x9a executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program