[ 38.296736][ T26] audit: type=1800 audit(1553570557.291:32): pid=7653 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[ 39.052057][ T26] audit: type=1800 audit(1553570558.131:33): pid=7653 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.190' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 48.841435][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 48.841450][ T26] audit: type=1400 audit(1553570567.921:36): avc: denied { map } for pid=7839 comm="syz-executor665" path="/root/syz-executor665915157" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 48.971921][ T7843] [ 48.974283][ T7843] ====================================================== [ 48.981274][ T7843] WARNING: possible circular locking dependency detected [ 48.988276][ T7843] 5.1.0-rc2 #36 Not tainted [ 48.992749][ T7843] ------------------------------------------------------ [ 48.999748][ T7843] syz-executor665/7843 is trying to acquire lock: [ 49.006130][ T7843] 000000000759a02e (&p->lock){+.+.}, at: seq_read+0x71/0x1130 [ 49.013568][ T7843] [ 49.013568][ T7843] but task is already holding lock: [ 49.020905][ T7843] 000000000eb0b07b (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 [ 49.028811][ T7843] [ 49.028811][ T7843] which lock already depends on the new lock. [ 49.028811][ T7843] [ 49.039188][ T7843] [ 49.039188][ T7843] the existing dependency chain (in reverse order) is: [ 49.051176][ T7843] [ 49.051176][ T7843] -> #2 (&pipe->mutex/1){+.+.}: [ 49.064912][ T7843] lock_acquire+0x16f/0x3f0 [ 49.069931][ T7843] __mutex_lock+0xf7/0x1310 [ 49.074932][ T7843] mutex_lock_nested+0x16/0x20 [ 49.080195][ T7843] fifo_open+0x159/0xb00 [ 49.084942][ T7843] do_dentry_open+0x488/0x1160 [ 49.090197][ T7843] vfs_open+0xa0/0xd0 [ 49.094676][ T7843] path_openat+0x10e9/0x46e0 [ 49.099759][ T7843] do_filp_open+0x1a1/0x280 [ 49.104768][ T7843] do_open_execat+0x137/0x690 [ 49.109947][ T7843] __do_execve_file.isra.0+0x178d/0x23f0 [ 49.116074][ T7843] __x64_sys_execve+0x8f/0xc0 [ 49.121250][ T7843] do_syscall_64+0x103/0x610 [ 49.126337][ T7843] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.132742][ T7843] [ 49.132742][ T7843] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 49.141967][ T7843] lock_acquire+0x16f/0x3f0 [ 49.146970][ T7843] __mutex_lock+0xf7/0x1310 [ 49.151973][ T7843] mutex_lock_killable_nested+0x16/0x20 [ 49.158016][ T7843] lock_trace+0x4a/0xe0 [ 49.162668][ T7843] proc_pid_syscall+0x98/0x250 [ 49.167935][ T7843] proc_single_show+0xf6/0x170 [ 49.173195][ T7843] seq_read+0x4db/0x1130 [ 49.177932][ T7843] do_iter_read+0x4a9/0x660 [ 49.182937][ T7843] vfs_readv+0xf0/0x160 [ 49.187589][ T7843] default_file_splice_read+0x475/0x890 [ 49.193629][ T7843] do_splice_to+0x12a/0x190 [ 49.198723][ T7843] splice_direct_to_actor+0x2d2/0x970 [ 49.204599][ T7843] do_splice_direct+0x1da/0x2a0 [ 49.209956][ T7843] do_sendfile+0x597/0xd00 [ 49.214876][ T7843] __x64_sys_sendfile64+0x1dd/0x220 [ 49.220572][ T7843] do_syscall_64+0x103/0x610 [ 49.225659][ T7843] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.232053][ T7843] [ 49.232053][ T7843] -> #0 (&p->lock){+.+.}: [ 49.238725][ T7843] __lock_acquire+0x239c/0x3fb0 [ 49.244079][ T7843] lock_acquire+0x16f/0x3f0 [ 49.249176][ T7843] __mutex_lock+0xf7/0x1310 [ 49.254179][ T7843] mutex_lock_nested+0x16/0x20 [ 49.259443][ T7843] seq_read+0x71/0x1130 [ 49.264108][ T7843] proc_reg_read+0x1fe/0x2c0 [ 49.269194][ T7843] do_iter_read+0x4a9/0x660 [ 49.274280][ T7843] vfs_readv+0xf0/0x160 [ 49.278934][ T7843] default_file_splice_read+0x475/0x890 [ 49.284985][ T7843] do_splice_to+0x12a/0x190 [ 49.289994][ T7843] do_splice+0x10a9/0x13c0 [ 49.294916][ T7843] __x64_sys_splice+0x2c6/0x330 [ 49.300264][ T7843] do_syscall_64+0x103/0x610 [ 49.305353][ T7843] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.311742][ T7843] [ 49.311742][ T7843] other info that might help us debug this: [ 49.311742][ T7843] [ 49.321945][ T7843] Chain exists of: [ 49.321945][ T7843] &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1 [ 49.321945][ T7843] [ 49.334856][ T7843] Possible unsafe locking scenario: [ 49.334856][ T7843] [ 49.342280][ T7843] CPU0 CPU1 [ 49.347620][ T7843] ---- ---- [ 49.352956][ T7843] lock(&pipe->mutex/1); [ 49.357257][ T7843] lock(&sig->cred_guard_mutex); [ 49.364807][ T7843] lock(&pipe->mutex/1); [ 49.371624][ T7843] lock(&p->lock); [ 49.375488][ T7843] [ 49.375488][ T7843] *** DEADLOCK *** [ 49.375488][ T7843] [ 49.383607][ T7843] 1 lock held by syz-executor665/7843: [ 49.389037][ T7843] #0: 000000000eb0b07b (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 [ 49.397351][ T7843] [ 49.397351][ T7843] stack backtrace: [ 49.403229][ T7843] CPU: 0 PID: 7843 Comm: syz-executor665 Not tainted 5.1.0-rc2 #36 [ 49.411091][ T7843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.421131][ T7843] Call Trace: [ 49.424402][ T7843] dump_stack+0x172/0x1f0 [ 49.428718][ T7843] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 49.434761][ T7843] check_prev_add.constprop.0+0xf11/0x23c0 [ 49.440554][ T7843] ? check_usage+0x570/0x570 [ 49.445119][ T7843] ? graph_lock+0x7b/0x200 [ 49.449510][ T7843] ? __lockdep_reset_lock+0x450/0x450 [ 49.454857][ T7843] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 49.461074][ T7843] __lock_acquire+0x239c/0x3fb0 [ 49.465899][ T7843] ? is_bpf_text_address+0xac/0x170 [ 49.471078][ T7843] ? mark_held_locks+0xf0/0xf0 [ 49.475829][ T7843] lock_acquire+0x16f/0x3f0 [ 49.480330][ T7843] ? seq_read+0x71/0x1130 [ 49.484639][ T7843] ? seq_read+0x71/0x1130 [ 49.489640][ T7843] __mutex_lock+0xf7/0x1310 [ 49.494116][ T7843] ? seq_read+0x71/0x1130 [ 49.498432][ T7843] ? find_held_lock+0x35/0x130 [ 49.503171][ T7843] ? seq_read+0x71/0x1130 [ 49.507486][ T7843] ? kernel_poison_pages+0x178/0x2b0 [ 49.512808][ T7843] ? mutex_trylock+0x1e0/0x1e0 [ 49.517549][ T7843] ? prep_new_page+0x122/0x300 [ 49.522288][ T7843] ? trace_hardirqs_on+0x67/0x230 [ 49.527288][ T7843] ? __inc_numa_state+0x49/0xe0 [ 49.532114][ T7843] ? get_page_from_freelist+0x129c/0x4170 [ 49.537810][ T7843] ? seq_dentry+0x2d0/0x2d0 [ 49.542289][ T7843] mutex_lock_nested+0x16/0x20 [ 49.547039][ T7843] ? fsnotify+0x811/0xbc0 [ 49.551346][ T7843] ? mutex_lock_nested+0x16/0x20 [ 49.556262][ T7843] seq_read+0x71/0x1130 [ 49.560575][ T7843] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 49.566792][ T7843] ? seq_dentry+0x2d0/0x2d0 [ 49.571272][ T7843] proc_reg_read+0x1fe/0x2c0 [ 49.575855][ T7843] ? proc_reg_compat_ioctl+0x2a0/0x2a0 [ 49.581403][ T7843] ? rw_verify_area+0x118/0x360 [ 49.586333][ T7843] do_iter_read+0x4a9/0x660 [ 49.590991][ T7843] ? dup_iter+0x260/0x260 [ 49.595304][ T7843] vfs_readv+0xf0/0x160 [ 49.599439][ T7843] ? alloc_pages_current+0x10f/0x210 [ 49.604706][ T7843] ? compat_rw_copy_check_uvector+0x3f0/0x3f0 [ 49.610750][ T7843] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 49.616971][ T7843] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 49.623202][ T7843] ? iov_iter_revert+0xaa0/0xaa0 [ 49.628115][ T7843] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 49.633825][ T7843] ? iov_iter_pipe+0xba/0x2f0 [ 49.638917][ T7843] default_file_splice_read+0x475/0x890 [ 49.644444][ T7843] ? iter_file_splice_write+0xbe0/0xbe0 [ 49.649972][ T7843] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.656187][ T7843] ? fsnotify+0x811/0xbc0 [ 49.660495][ T7843] ? fsnotify+0xbc0/0xbc0 [ 49.664807][ T7843] ? fsnotify_first_mark+0x210/0x210 [ 49.670082][ T7843] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 49.676303][ T7843] ? avc_policy_seqno+0xd/0x70 [ 49.681484][ T7843] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 49.687185][ T7843] ? selinux_file_permission+0x9b/0x570 [ 49.692712][ T7843] ? security_file_permission+0x94/0x380 [ 49.698327][ T7843] ? rw_verify_area+0x118/0x360 [ 49.703171][ T7843] ? iter_file_splice_write+0xbe0/0xbe0 [ 49.708697][ T7843] do_splice_to+0x12a/0x190 [ 49.713178][ T7843] do_splice+0x10a9/0x13c0 [ 49.717573][ T7843] ? opipe_prep.part.0+0x2d0/0x2d0 [ 49.722667][ T7843] ? __fget_light+0x1a9/0x230 [ 49.727324][ T7843] __x64_sys_splice+0x2c6/0x330 [ 49.732158][ T7843] do_syscall_64+0x103/0x610 [ 49.736821][ T7843] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.742700][ T7843] RIP: 0033:0x4459c9 [ 49.746581][ T7843] Code: e8 3c ba 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 49.766162][ T7843] RSP: 002b:00007f9510f60d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 49.774567][ T7843] RAX: ffffffffffffffda RBX: 00000000006dac68 RCX: 00000000004459c9 [ 49.782516][ T7843] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000007 [ 49.790478][ T7843] RBP: 00000000006dac60 R08: 0000000000000002 R09: 0000000000000000 [ 49.798439][ T7843] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac6c [ 49.806388][ T7843] R13: 00000000004ae050 R14: 0000000000000027 R15: 0000000000000872