[ 35.791010][ T26] audit: type=1800 audit(1553570572.912:27): pid=7527 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 35.820048][ T26] audit: type=1800 audit(1553570572.912:28): pid=7527 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.606202][ T26] audit: type=1800 audit(1553570573.782:29): pid=7527 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 36.626569][ T26] audit: type=1800 audit(1553570573.782:30): pid=7527 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.196' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 51.353572][ T7683] [ 51.356020][ T7683] ====================================================== [ 51.363190][ T7683] WARNING: possible circular locking dependency detected [ 51.370228][ T7683] 5.1.0-rc2 #36 Not tainted [ 51.374719][ T7683] ------------------------------------------------------ [ 51.381885][ T7683] syz-executor980/7683 is trying to acquire lock: [ 51.388378][ T7683] 00000000a0df6ea2 (&p->lock){+.+.}, at: seq_read+0x71/0x1130 [ 51.395866][ T7683] [ 51.395866][ T7683] but task is already holding lock: [ 51.403268][ T7683] 00000000982fe6fa (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 [ 51.411868][ T7683] [ 51.411868][ T7683] which lock already depends on the new lock. [ 51.411868][ T7683] [ 51.426107][ T7683] [ 51.426107][ T7683] the existing dependency chain (in reverse order) is: [ 51.435107][ T7683] [ 51.435107][ T7683] -> #2 (&pipe->mutex/1){+.+.}: [ 51.442134][ T7683] lock_acquire+0x16f/0x3f0 [ 51.447270][ T7683] __mutex_lock+0xf7/0x1310 [ 51.452278][ T7683] mutex_lock_nested+0x16/0x20 [ 51.457553][ T7683] fifo_open+0x159/0xb00 [ 51.462294][ T7683] do_dentry_open+0x488/0x1160 [ 51.467560][ T7683] vfs_open+0xa0/0xd0 [ 51.472108][ T7683] path_openat+0x10e9/0x46e0 [ 51.477294][ T7683] do_filp_open+0x1a1/0x280 [ 51.482476][ T7683] do_open_execat+0x137/0x690 [ 51.487849][ T7683] __do_execve_file.isra.0+0x178d/0x23f0 [ 51.493986][ T7683] __x64_sys_execve+0x8f/0xc0 [ 51.499247][ T7683] do_syscall_64+0x103/0x610 [ 51.504347][ T7683] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.510846][ T7683] [ 51.510846][ T7683] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 51.518580][ T7683] lock_acquire+0x16f/0x3f0 [ 51.523684][ T7683] __mutex_lock+0xf7/0x1310 [ 51.528791][ T7683] mutex_lock_killable_nested+0x16/0x20 [ 51.535195][ T7683] lock_trace+0x4a/0xe0 [ 51.539870][ T7683] proc_pid_syscall+0x98/0x250 [ 51.545236][ T7683] proc_single_show+0xf6/0x170 [ 51.550514][ T7683] seq_read+0x4db/0x1130 [ 51.555276][ T7683] do_iter_read+0x4a9/0x660 [ 51.560292][ T7683] vfs_readv+0xf0/0x160 [ 51.564958][ T7683] default_file_splice_read+0x475/0x890 [ 51.571013][ T7683] do_splice_to+0x12a/0x190 [ 51.576027][ T7683] splice_direct_to_actor+0x2d2/0x970 [ 51.581927][ T7683] do_splice_direct+0x1da/0x2a0 [ 51.587291][ T7683] do_sendfile+0x597/0xd00 [ 51.592225][ T7683] __x64_sys_sendfile64+0x1dd/0x220 [ 51.597956][ T7683] do_syscall_64+0x103/0x610 [ 51.603090][ T7683] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.609501][ T7683] [ 51.609501][ T7683] -> #0 (&p->lock){+.+.}: [ 51.616006][ T7683] __lock_acquire+0x239c/0x3fb0 [ 51.621417][ T7683] lock_acquire+0x16f/0x3f0 [ 51.626433][ T7683] __mutex_lock+0xf7/0x1310 [ 51.631464][ T7683] mutex_lock_nested+0x16/0x20 [ 51.636836][ T7683] seq_read+0x71/0x1130 [ 51.641516][ T7683] proc_reg_read+0x1fe/0x2c0 [ 51.646643][ T7683] do_iter_read+0x4a9/0x660 [ 51.651658][ T7683] vfs_readv+0xf0/0x160 [ 51.656324][ T7683] default_file_splice_read+0x475/0x890 [ 51.662378][ T7683] do_splice_to+0x12a/0x190 [ 51.667393][ T7683] do_splice+0x10a9/0x13c0 [ 51.672337][ T7683] __x64_sys_splice+0x2c6/0x330 [ 51.677699][ T7683] do_syscall_64+0x103/0x610 [ 51.682799][ T7683] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.689192][ T7683] [ 51.689192][ T7683] other info that might help us debug this: [ 51.689192][ T7683] [ 51.699410][ T7683] Chain exists of: [ 51.699410][ T7683] &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1 [ 51.699410][ T7683] [ 51.712349][ T7683] Possible unsafe locking scenario: [ 51.712349][ T7683] [ 51.719786][ T7683] CPU0 CPU1 [ 51.725136][ T7683] ---- ---- [ 51.730485][ T7683] lock(&pipe->mutex/1); [ 51.735095][ T7683] lock(&sig->cred_guard_mutex); [ 51.742637][ T7683] lock(&pipe->mutex/1); [ 51.749495][ T7683] lock(&p->lock); [ 51.753289][ T7683] [ 51.753289][ T7683] *** DEADLOCK *** [ 51.753289][ T7683] [ 51.761422][ T7683] 1 lock held by syz-executor980/7683: [ 51.766858][ T7683] #0: 00000000982fe6fa (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 [ 51.775197][ T7683] [ 51.775197][ T7683] stack backtrace: [ 51.781110][ T7683] CPU: 0 PID: 7683 Comm: syz-executor980 Not tainted 5.1.0-rc2 #36 [ 51.788980][ T7683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.799041][ T7683] Call Trace: [ 51.802331][ T7683] dump_stack+0x172/0x1f0 [ 51.806658][ T7683] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 51.812716][ T7683] check_prev_add.constprop.0+0xf11/0x23c0 [ 51.818515][ T7683] ? check_usage+0x570/0x570 [ 51.823104][ T7683] ? graph_lock+0x7b/0x200 [ 51.827508][ T7683] ? __lockdep_reset_lock+0x450/0x450 [ 51.832870][ T7683] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 51.839101][ T7683] __lock_acquire+0x239c/0x3fb0 [ 51.843942][ T7683] ? is_bpf_text_address+0xac/0x170 [ 51.849134][ T7683] ? mark_held_locks+0xf0/0xf0 [ 51.853892][ T7683] lock_acquire+0x16f/0x3f0 [ 51.858405][ T7683] ? seq_read+0x71/0x1130 [ 51.862724][ T7683] ? seq_read+0x71/0x1130 [ 51.867063][ T7683] __mutex_lock+0xf7/0x1310 [ 51.871562][ T7683] ? seq_read+0x71/0x1130 [ 51.875880][ T7683] ? seq_read+0x71/0x1130 [ 51.880207][ T7683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.886446][ T7683] ? mutex_trylock+0x1e0/0x1e0 [ 51.891207][ T7683] ? aa_file_perm+0x432/0xeb0 [ 51.895901][ T7683] ? get_page_from_freelist+0x129c/0x4170 [ 51.901629][ T7683] ? aa_path_link+0x460/0x460 [ 51.906296][ T7683] ? seq_dentry+0x2d0/0x2d0 [ 51.910794][ T7683] mutex_lock_nested+0x16/0x20 [ 51.915561][ T7683] ? fsnotify+0x811/0xbc0 [ 51.919903][ T7683] ? mutex_lock_nested+0x16/0x20 [ 51.924834][ T7683] seq_read+0x71/0x1130 [ 51.929003][ T7683] ? seq_dentry+0x2d0/0x2d0 [ 51.933499][ T7683] proc_reg_read+0x1fe/0x2c0 [ 51.938081][ T7683] ? proc_reg_compat_ioctl+0x2a0/0x2a0 [ 51.943532][ T7683] ? rw_verify_area+0x118/0x360 [ 51.948382][ T7683] do_iter_read+0x4a9/0x660 [ 51.952897][ T7683] ? dup_iter+0x260/0x260 [ 51.957228][ T7683] vfs_readv+0xf0/0x160 [ 51.961373][ T7683] ? alloc_pages_current+0x10f/0x210 [ 51.966650][ T7683] ? compat_rw_copy_check_uvector+0x3f0/0x3f0 [ 51.972726][ T7683] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 51.978963][ T7683] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 51.985199][ T7683] ? iov_iter_revert+0xaa0/0xaa0 [ 51.990412][ T7683] ? aa_file_perm+0x40b/0xeb0 [ 51.995082][ T7683] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 52.000794][ T7683] ? iov_iter_pipe+0xba/0x2f0 [ 52.005469][ T7683] default_file_splice_read+0x475/0x890 [ 52.011010][ T7683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.017259][ T7683] ? iter_file_splice_write+0xbe0/0xbe0 [ 52.022816][ T7683] ? lock_acquire+0x16f/0x3f0 [ 52.027576][ T7683] ? pipe_lock+0x6e/0x80 [ 52.031816][ T7683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.038047][ T7683] ? fsnotify+0x811/0xbc0 [ 52.042368][ T7683] ? fsnotify+0xbc0/0xbc0 [ 52.046695][ T7683] ? fsnotify_first_mark+0x210/0x210 [ 52.051971][ T7683] ? find_held_lock+0x35/0x130 [ 52.056730][ T7683] ? security_file_permission+0x94/0x380 [ 52.062356][ T7683] ? rw_verify_area+0x118/0x360 [ 52.067199][ T7683] ? iter_file_splice_write+0xbe0/0xbe0 [ 52.072744][ T7683] do_splice_to+0x12a/0x190 [ 52.077250][ T7683] do_splice+0x10a9/0x13c0 [ 52.081670][ T7683] ? opipe_prep.part.0+0x2d0/0x2d0 [ 52.086982][ T7683] ? __fget_light+0x1a9/0x230 [ 52.091670][ T7683] __x64_sys_splice+0x2c6/0x330 [ 52.096517][ T7683] do_syscall_64+0x103/0x610 [ 52.101110][ T7683] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.106988][ T7683] RIP: 0033:0x4459c9 [ 52.110874][ T7683] Code: e8 3c ba 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 52.130465][ T7683] RSP: 002b:00007fb47669bd88 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 52.138891][ T7683] RAX: ffffffffffffffda RBX: 00000000006dac68 RCX: 00000000004459c9 [ 52.146857][ T7683] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000007 [ 52.154816][ T7683] RBP: 00000000006dac60 R08: 0000000000000002 R09: 0000000000000000 [ 52.162789][ T7683] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac6c [ 52.170766][ T7683] R13: 00000000004ae050 R14: 0000000000000027 R15: 0000000000000872