[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 10.623199] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 11.736224] random: crng init done Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.89' (ECDSA) to the list of known hosts. 2018/10/15 20:14:47 parsed 1 programs 2018/10/15 20:14:49 executed programs: 0 syzkaller login: [ 40.614137] audit: type=1400 audit(1539634489.490:5): avc: denied { sys_admin } for pid=2062 comm="syz-executor2" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 40.636801] audit: type=1400 audit(1539634489.520:6): avc: denied { net_admin } for pid=2070 comm="syz-executor4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 42.867287] audit: type=1400 audit(1539634491.750:7): avc: denied { sys_chroot } for pid=2071 comm="syz-executor3" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 42.901120] audit: type=1400 audit(1539634491.780:8): avc: denied { associate } for pid=2071 comm="syz-executor3" name="syz3" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2018/10/15 20:14:54 executed programs: 238 2018/10/15 20:14:59 executed programs: 682 [ 52.634540] audit: type=1400 audit(1539634501.510:9): avc: denied { dac_override } for pid=6238 comm="syz-executor1" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 52.660224] [ 52.661893] ====================================================== [ 52.668211] [ INFO: possible circular locking dependency detected ] [ 52.674600] 4.9.133+ #6 Not tainted [ 52.678200] ------------------------------------------------------- [ 52.684624] syz-executor1/6242 is trying to acquire lock: [ 52.690137] (&sig->cred_guard_mutex){+.+.+.}, at: [] lock_trace+0x44/0xc0 [ 52.699094] but task is already holding lock: [ 52.703751] (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x12d0 [ 52.711511] which lock already depends on the new lock. [ 52.711511] [ 52.718518] [ 52.718518] the existing dependency chain (in reverse order) is: [ 52.726127] -> #2 (&p->lock){+.+.+.}: [ 52.730680] lock_acquire+0x130/0x3e0 [ 52.734997] mutex_lock_nested+0xc0/0x900 [ 52.739691] seq_read+0xdd/0x12d0 [ 52.744161] proc_reg_read+0xfd/0x180 [ 52.748479] do_loop_readv_writev.part.1+0xd5/0x280 [ 52.754007] do_readv_writev+0x56e/0x7b0 [ 52.758607] vfs_readv+0x84/0xc0 [ 52.762492] default_file_splice_read+0x451/0x7f0 [ 52.767856] do_splice_to+0x10c/0x170 [ 52.772168] SyS_splice+0x10d2/0x14d0 [ 52.776473] do_fast_syscall_32+0x2f1/0xa10 [ 52.781320] entry_SYSENTER_compat+0x90/0xa2 [ 52.786242] -> #1 (&pipe->mutex/1){+.+.+.}: [ 52.791419] lock_acquire+0x130/0x3e0 [ 52.795736] mutex_lock_nested+0xc0/0x900 [ 52.800402] fifo_open+0x15c/0x9e0 [ 52.804463] do_dentry_open+0x3ef/0xc90 [ 52.808959] vfs_open+0x11c/0x210 [ 52.812947] path_openat+0x542/0x2790 [ 52.817263] do_filp_open+0x197/0x270 [ 52.821563] do_open_execat+0x10f/0x640 [ 52.826033] do_execveat_common.isra.14+0x687/0x1ed0 [ 52.831633] compat_SyS_execve+0x48/0x60 [ 52.836191] do_fast_syscall_32+0x2f1/0xa10 [ 52.841029] entry_SYSENTER_compat+0x90/0xa2 [ 52.845931] -> #0 (&sig->cred_guard_mutex){+.+.+.}: [ 52.851616] __lock_acquire+0x3189/0x4a10 [ 52.856258] lock_acquire+0x130/0x3e0 [ 52.860556] mutex_lock_killable_nested+0xcc/0x9f0 [ 52.865982] lock_trace+0x44/0xc0 [ 52.869934] proc_pid_syscall+0xa9/0x260 [ 52.874492] proc_single_show+0xfd/0x170 [ 52.879049] seq_read+0x4b6/0x12d0 [ 52.883131] do_loop_readv_writev.part.1+0xd5/0x280 [ 52.888642] do_readv_writev+0x56e/0x7b0 [ 52.893198] vfs_readv+0x84/0xc0 [ 52.897061] default_file_splice_read+0x451/0x7f0 [ 52.902397] do_splice_to+0x10c/0x170 [ 52.906697] splice_direct_to_actor+0x23f/0x7e0 [ 52.911861] do_splice_direct+0x1a3/0x270 [ 52.916506] do_sendfile+0x4f0/0xc30 [ 52.920723] compat_SyS_sendfile+0xd1/0x160 [ 52.925548] do_fast_syscall_32+0x2f1/0xa10 [ 52.930365] entry_SYSENTER_compat+0x90/0xa2 [ 52.935264] [ 52.935264] other info that might help us debug this: [ 52.935264] [ 52.943380] Chain exists of: &sig->cred_guard_mutex --> &pipe->mutex/1 --> &p->lock [ 52.952446] Possible unsafe locking scenario: [ 52.952446] [ 52.958478] CPU0 CPU1 [ 52.963119] ---- ---- [ 52.967757] lock(&p->lock); [ 52.971075] lock(&pipe->mutex/1); [ 52.977566] lock(&p->lock); [ 52.983404] lock(&sig->cred_guard_mutex); [ 52.987944] [ 52.987944] *** DEADLOCK *** [ 52.987944] [ 52.993979] 2 locks held by syz-executor1/6242: [ 52.998651] #0: (sb_writers#7){.+.+.+}, at: [] do_sendfile+0xa80/0xc30 [ 53.007664] #1: (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x12d0 [ 53.015945] [ 53.015945] stack backtrace: [ 53.020419] CPU: 1 PID: 6242 Comm: syz-executor1 Not tainted 4.9.133+ #6 [ 53.027234] ffff8801c9ec6e28 ffffffff81b37069 ffffffff83caa7a0 ffffffff83ca4e30 [ 53.035229]