[ 44.109777] audit: type=1800 audit(1546386250.704:30): pid=8124 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] startpar: service(s) returned failure: rsyslog ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.83' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 53.075035] kauditd_printk_skb: 5 callbacks suppressed [ 53.075052] audit: type=1400 audit(1546386259.704:36): avc: denied { map } for pid=8333 comm="syz-executor802" path="/root/syz-executor802882184" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 53.157274] [ 53.158916] ====================================================== [ 53.165208] WARNING: possible circular locking dependency detected [ 53.171506] 4.20.0+ #3 Not tainted [ 53.175033] ------------------------------------------------------ [ 53.181326] syz-executor802/8335 is trying to acquire lock: [ 53.187010] 00000000843dd9b0 (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00 [ 53.194363] [ 53.194363] but task is already holding lock: [ 53.200312] 0000000096f4a13c (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x55/0x120 [ 53.209056] [ 53.209056] which lock already depends on the new lock. [ 53.209056] [ 53.217352] [ 53.217352] the existing dependency chain (in reverse order) is: [ 53.224951] [ 53.224951] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 53.231266] __mutex_lock+0x12f/0x1670 [ 53.235663] mutex_lock_interruptible_nested+0x16/0x20 [ 53.241454] proc_pid_attr_write+0x1fa/0x530 [ 53.246370] __vfs_write+0x116/0xb40 [ 53.250596] __kernel_write+0x110/0x3b0 [ 53.255085] write_pipe_buf+0x180/0x240 [ 53.259566] __splice_from_pipe+0x39a/0x7e0 [ 53.264394] splice_from_pipe+0x1ea/0x310 [ 53.269041] default_file_splice_write+0x3c/0x90 [ 53.274305] do_splice+0x64b/0x1410 [ 53.278444] __x64_sys_splice+0x2c6/0x330 [ 53.283097] do_syscall_64+0x1a3/0x800 [ 53.287490] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.293175] [ 53.293175] -> #0 (&pipe->mutex/1){+.+.}: [ 53.298817] lock_acquire+0x1db/0x570 [ 53.303122] __mutex_lock+0x12f/0x1670 [ 53.307512] mutex_lock_nested+0x16/0x20 [ 53.312086] fifo_open+0x159/0xb00 [ 53.316175] do_dentry_open+0x48a/0x1210 [ 53.320751] vfs_open+0xa0/0xd0 [ 53.324529] path_openat+0x144f/0x5650 [ 53.328933] do_filp_open+0x26f/0x370 [ 53.333241] do_open_execat+0x20e/0x930 [ 53.337719] __do_execve_file.isra.0+0x181e/0x2510 [ 53.343150] __x64_sys_execve+0x8f/0xc0 [ 53.347635] do_syscall_64+0x1a3/0x800 [ 53.352030] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.357729] [ 53.357729] other info that might help us debug this: [ 53.357729] [ 53.365861] Possible unsafe locking scenario: [ 53.365861] [ 53.371914] CPU0 CPU1 [ 53.376556] ---- ---- [ 53.381196] lock(&sig->cred_guard_mutex); [ 53.385499] lock(&pipe->mutex/1); [ 53.391622] lock(&sig->cred_guard_mutex); [ 53.398448] lock(&pipe->mutex/1); [ 53.402051] [ 53.402051] *** DEADLOCK *** [ 53.402051] [ 53.408103] 1 lock held by syz-executor802/8335: [ 53.412852] #0: 0000000096f4a13c (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x55/0x120 [ 53.422030] [ 53.422030] stack backtrace: [ 53.426510] CPU: 1 PID: 8335 Comm: syz-executor802 Not tainted 4.20.0+ #3 [ 53.433416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.442758] Call Trace: [ 53.445333] dump_stack+0x1db/0x2d0 [ 53.448944] ? dump_stack_print_info.cold+0x20/0x20 [ 53.453943] ? print_stack_trace+0x77/0xb0 [ 53.458161] ? vprintk_func+0x86/0x189 [ 53.462031] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 53.467379] __lock_acquire+0x3014/0x4a30 [ 53.471508] ? add_lock_to_list.isra.0+0x450/0x450 [ 53.476420] ? is_bpf_text_address+0xac/0x170 [ 53.480906] ? mark_held_locks+0x100/0x100 [ 53.485139] ? mark_held_locks+0xb1/0x100 [ 53.489269] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 53.494350] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 53.499444] ? lockdep_hardirqs_on+0x415/0x5d0 [ 53.504017] ? trace_hardirqs_off_caller+0x300/0x300 [ 53.509098] ? do_raw_spin_trylock+0x270/0x270 [ 53.513660] ? add_lock_to_list.isra.0+0x450/0x450 [ 53.518568] ? print_usage_bug+0xd0/0xd0 [ 53.522608] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 53.527689] ? __lock_is_held+0xb6/0x140 [ 53.531753] lock_acquire+0x1db/0x570 [ 53.535536] ? fifo_open+0x159/0xb00 [ 53.539232] ? ___might_sleep+0x1e7/0x310 [ 53.543359] ? lock_release+0xc40/0xc40 [ 53.547316] ? fifo_open+0x159/0xb00 [ 53.551007] ? fifo_open+0x159/0xb00 [ 53.554715] __mutex_lock+0x12f/0x1670 [ 53.558599] ? fifo_open+0x159/0xb00 [ 53.562294] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.567811] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.573332] ? fifo_open+0x159/0xb00 [ 53.577025] ? lockdep_init_map+0x10c/0x5b0 [ 53.581329] ? mutex_trylock+0x2d0/0x2d0 [ 53.585384] ? add_lock_to_list.isra.0+0x450/0x450 [ 53.590346] ? __mutex_init+0x1f6/0x2a0 [ 53.594312] ? psi_task_change.cold+0x1ec/0x1ec [ 53.598961] ? fifo_open+0x2b5/0xb00 [ 53.602657] ? find_held_lock+0x35/0x120 [ 53.606698] ? fifo_open+0x2b5/0xb00 [ 53.610405] ? lock_acquire+0x1db/0x570 [ 53.614366] ? kasan_check_read+0x11/0x20 [ 53.618493] ? do_raw_spin_unlock+0xa0/0x330 [ 53.622879] ? do_raw_spin_trylock+0x270/0x270 [ 53.627448] mutex_lock_nested+0x16/0x20 [ 53.631517] ? _raw_spin_unlock+0x2d/0x50 [ 53.635652] ? mutex_lock_nested+0x16/0x20 [ 53.639884] fifo_open+0x159/0xb00 [ 53.643408] do_dentry_open+0x48a/0x1210 [ 53.647455] ? pipe_release+0x280/0x280 [ 53.651427] ? chown_common+0x740/0x740 [ 53.655390] ? security_inode_permission+0xd5/0x110 [ 53.660391] ? inode_permission+0xb4/0x570 [ 53.664606] vfs_open+0xa0/0xd0 [ 53.667868] path_openat+0x144f/0x5650 [ 53.671765] ? path_lookupat.isra.0+0xba0/0xba0 [ 53.676414] ? prepare_bprm_creds+0x74/0x120 [ 53.680807] ? __do_execve_file.isra.0+0x42f/0x2510 [ 53.685799] ? __x64_sys_execve+0x8f/0xc0 [ 53.689929] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.695275] ? save_stack+0xa9/0xd0 [ 53.698882] ? __lock_acquire+0x572/0x4a30 [ 53.703097] ? __lock_is_held+0xb6/0x140 [ 53.707136] ? add_lock_to_list.isra.0+0x450/0x450 [ 53.712068] do_filp_open+0x26f/0x370 [ 53.715865] ? may_open_dev+0x100/0x100 [ 53.719837] ? rcu_read_lock_sched_held+0x110/0x130 [ 53.724834] ? __kmalloc_track_caller+0x5d1/0x740 [ 53.729657] ? add_lock_to_list.isra.0+0x450/0x450 [ 53.734565] ? add_lock_to_list.isra.0+0x450/0x450 [ 53.739482] ? memcpy+0x46/0x50 [ 53.742750] ? __do_execve_file.isra.0+0x908/0x2510 [ 53.747744] do_open_execat+0x20e/0x930 [ 53.751697] ? unregister_binfmt+0x2b0/0x2b0 [ 53.756084] ? kasan_check_read+0x11/0x20 [ 53.760211] ? do_raw_spin_trylock+0x270/0x270 [ 53.764777] ? key_put+0x36/0x90 [ 53.768125] __do_execve_file.isra.0+0x181e/0x2510 [ 53.773038] ? prepare_bprm_creds+0x120/0x120 [ 53.777515] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 53.783037] ? strncpy_from_user+0x317/0x440 [ 53.787427] ? digsig_verify.cold+0x32/0x32 [ 53.791864] ? kmem_cache_alloc+0x341/0x710 [ 53.796165] ? do_syscall_64+0x8c/0x800 [ 53.800129] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.805644] ? getname_flags+0x277/0x5b0 [ 53.809685] ? trace_hardirqs_off_caller+0x300/0x300 [ 53.814768] __x64_sys_execve+0x8f/0xc0 [ 53.818726] do_syscall_64+0x1a3/0x800 [ 53.822598] ? syscall_return_slowpath+0x5f0/0x5f0 [ 53.827508] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 53.832506] ? __switch_to_asm+0x34/0x70 [ 53.836549] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.841389] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.846568] RIP: 0033:0x445729 [ 53.849746] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.868643] RSP: 002b:00007f3e16c3dda8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 53.876333] RAX: ffffffffffffffda RBX: 00000000006dac58 RCX: 0000000000445729 [ 53.883584] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000340 [ 53.890836] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000 [ 53.898084] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c [ 53.905350] R13: 0030656c69662f2e R14: 68742f636f72702f R1