[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 34.523790] audit: type=1800 audit(1543347178.128:33): pid=6049 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 34.555249] audit: type=1800 audit(1543347178.128:34): pid=6049 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 39.247166] audit: type=1400 audit(1543347182.848:35): avc: denied { map } for pid=6224 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts. executing program [ 45.970030] audit: type=1400 audit(1543347189.568:36): avc: denied { map } for pid=6237 comm="syz-executor012" path="/root/syz-executor012673434" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 46.206349] audit: type=1400 audit(1543347189.808:37): avc: denied { associate } for pid=6238 comm="syz-executor012" name="file1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 46.231450] overlayfs: filesystem on './file0' not supported as upperdir [ 46.241173] [ 46.242795] ====================================================== [ 46.249088] WARNING: possible circular locking dependency detected [ 46.255379] 4.20.0-rc4+ #132 Not tainted [ 46.259413] ------------------------------------------------------ [ 46.265708] syz-executor012/6241 is trying to acquire lock: [ 46.271394] 000000005055ab0a (&ovl_i_mutex_key[depth]){+.+.}, at: ovl_write_iter+0x151/0xd10 [ 46.279959] [ 46.279959] but task is already holding lock: [ 46.285910] 0000000078031a8f (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 [ 46.293088] [ 46.293088] which lock already depends on the new lock. [ 46.293088] [ 46.301380] [ 46.301380] the existing dependency chain (in reverse order) is: [ 46.308977] [ 46.308977] -> #2 (&pipe->mutex/1){+.+.}: [ 46.314593] __mutex_lock+0x166/0x16f0 [ 46.318982] mutex_lock_nested+0x16/0x20 [ 46.323548] pipe_lock+0x6e/0x80 [ 46.327432] iter_file_splice_write+0x27d/0x1050 [ 46.332703] do_splice+0x64a/0x1430 [ 46.336831] __x64_sys_splice+0x2c1/0x330 [ 46.341491] do_syscall_64+0x1b9/0x820 [ 46.345881] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.351567] [ 46.351567] -> #1 (sb_writers#4){.+.+}: [ 46.357005] __sb_start_write+0x214/0x370 [ 46.361657] mnt_want_write+0x3f/0xc0 [ 46.365969] ovl_want_write+0x76/0xa0 [ 46.370297] ovl_setattr+0x10b/0xaf0 [ 46.374517] notify_change+0xbde/0x1110 [ 46.378992] do_truncate+0x1bd/0x2d0 [ 46.383222] path_openat+0x375f/0x5150 [ 46.387610] do_filp_open+0x255/0x380 [ 46.391910] do_sys_open+0x568/0x700 [ 46.396139] __x64_sys_openat+0x9d/0x100 [ 46.400700] do_syscall_64+0x1b9/0x820 [ 46.405088] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.410775] [ 46.410775] -> #0 (&ovl_i_mutex_key[depth]){+.+.}: [ 46.417173] lock_acquire+0x1ed/0x520 [ 46.421475] down_write+0x8a/0x130 [ 46.425528] ovl_write_iter+0x151/0xd10 [ 46.430002] __vfs_write+0x6b8/0x9f0 [ 46.434248] __kernel_write+0x10c/0x370 [ 46.438736] write_pipe_buf+0x180/0x240 [ 46.443212] __splice_from_pipe+0x38b/0x7c0 [ 46.448034] splice_from_pipe+0x1ec/0x340 [ 46.452697] default_file_splice_write+0x3c/0x90 [ 46.457952] do_splice+0x64a/0x1430 [ 46.462080] __x64_sys_splice+0x2c1/0x330 [ 46.466731] do_syscall_64+0x1b9/0x820 [ 46.471117] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.476800] [ 46.476800] other info that might help us debug this: [ 46.476800] [ 46.484919] Chain exists of: [ 46.484919] &ovl_i_mutex_key[depth] --> sb_writers#4 --> &pipe->mutex/1 [ 46.484919] [ 46.496191] Possible unsafe locking scenario: [ 46.496191] [ 46.502238] CPU0 CPU1 [ 46.506879] ---- ---- [ 46.511521] lock(&pipe->mutex/1); [ 46.515129] lock(sb_writers#4); [ 46.521078] lock(&pipe->mutex/1); [ 46.527215] lock(&ovl_i_mutex_key[depth]); [ 46.531605] [ 46.531605] *** DEADLOCK *** [ 46.531605] [ 46.537650] 2 locks held by syz-executor012/6241: [ 46.542463] #0: 0000000005bd0d38 (sb_writers#9){.+.+}, at: do_splice+0xd2e/0x1430 [ 46.550203] #1: 0000000078031a8f (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 [ 46.557811] [ 46.557811] stack backtrace: [ 46.562293] CPU: 0 PID: 6241 Comm: syz-executor012 Not tainted 4.20.0-rc4+ #132 [ 46.569714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.579047] Call Trace: [ 46.581616] dump_stack+0x244/0x39d [ 46.585228] ? dump_stack_print_info.cold.1+0x20/0x20 [ 46.590402] ? vprintk_func+0x85/0x181 [ 46.594293] print_circular_bug.isra.35.cold.54+0x1bd/0x27d [ 46.600003] ? save_trace+0xe0/0x290 [ 46.603702] __lock_acquire+0x3399/0x4c20 [ 46.607851] ? mark_held_locks+0x130/0x130 [ 46.612067] ? __lock_acquire+0x62f/0x4c20 [ 46.616291] ? mark_held_locks+0x130/0x130 [ 46.620530] ? perf_trace_sched_process_exec+0x860/0x860 [ 46.625976] ? do_raw_spin_unlock+0xa7/0x330 [ 46.630363] ? zap_class+0x640/0x640 [ 46.634060] ? __might_sleep+0x95/0x190 [ 46.638019] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.643546] ? futex_wait_queue_me+0x55d/0x840 [ 46.648115] ? find_held_lock+0x36/0x1c0 [ 46.652165] ? mutex_spin_on_owner+0x2e3/0x540 [ 46.656727] ? __lock_is_held+0xb5/0x140 [ 46.660772] lock_acquire+0x1ed/0x520 [ 46.664566] ? ovl_write_iter+0x151/0xd10 [ 46.668699] ? lock_release+0xa00/0xa00 [ 46.672654] ? perf_trace_sched_process_exec+0x860/0x860 [ 46.678087] ? kasan_check_write+0x14/0x20 [ 46.682307] down_write+0x8a/0x130 [ 46.685841] ? ovl_write_iter+0x151/0xd10 [ 46.689972] ? down_read+0x120/0x120 [ 46.693667] ? rcu_softirq_qs+0x20/0x20 [ 46.697622] ? futex_wake+0x304/0x760 [ 46.701408] ovl_write_iter+0x151/0xd10 [ 46.705366] ? __mutex_lock+0x85e/0x16f0 [ 46.709410] ? pipe_lock+0x6e/0x80 [ 46.712936] ? ovl_compat_ioctl+0x70/0x70 [ 46.717066] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 46.722584] ? iov_iter_init+0xe5/0x210 [ 46.726549] __vfs_write+0x6b8/0x9f0 [ 46.730257] ? zap_class+0x640/0x640 [ 46.733953] ? kernel_read+0x120/0x120 [ 46.737822] ? __lock_is_held+0xb5/0x140 [ 46.741880] ? find_held_lock+0x36/0x1c0 [ 46.745926] __kernel_write+0x10c/0x370 [ 46.749883] write_pipe_buf+0x180/0x240 [ 46.753840] ? do_splice_direct+0x420/0x420 [ 46.758145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.763665] ? splice_from_pipe_next.part.11+0x296/0x340 [ 46.769114] __splice_from_pipe+0x38b/0x7c0 [ 46.773418] ? do_splice_direct+0x420/0x420 [ 46.777725] splice_from_pipe+0x1ec/0x340 [ 46.781853] ? do_splice_direct+0x420/0x420 [ 46.786158] ? splice_shrink_spd+0xd0/0xd0 [ 46.790377] ? rcu_read_lock_sched_held+0x14f/0x180 [ 46.795376] default_file_splice_write+0x3c/0x90 [ 46.800127] ? generic_splice_sendpage+0x50/0x50 [ 46.804863] do_splice+0x64a/0x1430 [ 46.808470] ? kmem_cache_free+0x24f/0x290 [ 46.812696] ? opipe_prep.part.14+0x3b0/0x3b0 [ 46.817172] __x64_sys_splice+0x2c1/0x330 [ 46.821313] do_syscall_64+0x1b9/0x820 [ 46.825180] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 46.830531] ? syscall_return_slowpath+0x5e0/0x5e0 [ 46.835442] ? trace_hardirqs_on_caller+0x310/0x310 [ 46.840438] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 46.845440] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 46.852085] ? __switch_to_asm+0x40/0x70 [ 46.856135] ? __switch_to_asm+0x34/0x70 [ 46.860176] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.865000] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.870169] RIP: 0033:0x446449 [ 46.873347] Code: e8 2c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 46.892243] RSP: 002b:00007fb6f1a57d98 EFLAGS: 00000212 ORIG_RAX: 0000000000000113 [ 46.899930] RAX: ffffffffffffffda RBX: 00000000006dbc68 RCX: 0000000000446449 [ 46.907180] RDX: 000000000000000a RSI: 0000000000000000 RDI: 0000000000000007 [ 46.914430] RBP: 00000000006dbc60 R08: 000100000000000a R09: 0000000000000007 [ 46.921676] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc6c [ 46.928925] R13: 0030656c69662f2e R14: 652e79726f6d656d R15: 00000000006dbd4c executing program [ 47.053127] overlayfs: filesystem on './file0' not supported as upperdir [ 47.222812] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 47.345211] overlayfs: filesystem on './file0' not supported as upperdir [ 47.521175] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 47.642952] overlayfs: filesystem on './file0' not supported as upperdir [ 47.816267] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 47.932147] overlayfs: filesystem on './file0' not supported as upperdir [ 48.102315] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 48.217274] overlayfs: filesystem on './file0' not supported as upperdir [ 48.386565] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 48.508405] overlayfs: filesystem on './file0' not supported as upperdir [ 48.678001] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 48.799075] overlayfs: filesystem on './file0' not supported as upperdir [ 48.971463] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 49.084885] overlayfs: filesystem on './file0' not supported as upperdir [ 49.257061] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 49.372871] overlayfs: filesystem on './file0' not supported as upperdir [ 49.547369] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 49.662758] overlayfs: filesystem on './file0' not supported as upperdir [ 49.836374] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 49.958590] overlayfs: filesystem on './file0' not supported as upperdir [ 50.130716] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 50.247067] overlayfs: filesystem on './file0' not supported as upperdir [ 50.419648] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 50.535283] overlayfs: filesystem on './file0' not supported as upperdir [ 50.706276] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 50.820729] overlayfs: filesystem on './file0' not supported as upperdir [ 50.990286] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 51.106200] overlayfs: filesystem on './file0' not supported as upperdir [ 51.279446] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 51.401426] overlayfs: filesystem on './file0' not supported as upperdir [ 51.575567] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 51.691542] overlayfs: filesystem on './file0' not supported as upperdir [ 51.867404] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 51.983724] overlayfs: filesystem on './file0' not supported as upperdir [ 52.155974] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 52.278989] overlayfs: filesystem on './file0' not supported as upperdir [ 52.451391] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 52.566865] overlayfs: filesystem on './file0' not supported as upperdir [ 52.740398] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 52.861582] overlayfs: filesystem on './file0' not supported as upperdir [ 53.040366] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 53.163360] overlayfs: filesystem on './file0' not supported as upperdir [ 53.339319] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 53.463550] overlayfs: filesystem on './file0' not supported as upperdir [ 53.640608] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 53.764337] overlayfs: filesystem on './file0' not supported as upperdir [ 53.937937] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 54.060307] overlayfs: filesystem on './file0' not supported as upperdir [ 54.231864] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 54.354999] overlayfs: filesystem on './file0' not supported as upperdir [ 54.526605] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 54.644302] overlayfs: filesystem on './file0' not supported as upperdir [ 54.821309] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 54.944083] overlayfs: filesystem on './file0' not supported as upperdir [ 55.117654] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 55.233990] overlayfs: filesystem on './file0' not supported as upperdir [ 55.407010] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 55.530424] overlayfs: filesystem on './file0' not supported as upperdir [ 55.701466] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 55.825327] overlayfs: filesystem on './file0' not supported as upperdir [ 56.001741] overlayfs: filesystem on './file0' not supported as upperdir executing program [ 56.125260] overlayfs: filesystem on './file0' not supported as upperdir