[   35.897313][   T26] audit: type=1800 audit(1552758381.603:26): pid=7504 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   35.933686][   T26] audit: type=1800 audit(1552758381.603:27): pid=7504 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   35.960695][   T26] audit: type=1800 audit(1552758381.603:28): pid=7504 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   36.666982][   T26] audit: type=1800 audit(1552758382.413:29): pid=7504 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.230' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   46.508956][ T7656] 
[   46.511506][ T7656] ======================================================
[   46.518623][ T7656] WARNING: possible circular locking dependency detected
[   46.525627][ T7656] 5.0.0+ #25 Not tainted
[   46.529841][ T7656] ------------------------------------------------------
[   46.536845][ T7656] syz-executor872/7656 is trying to acquire lock:
[   46.543272][ T7656] 000000004043a2c2 (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00
[   46.551346][ T7656] 
[   46.551346][ T7656] but task is already holding lock:
[   46.558698][ T7656] 000000008cd1441a (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x376/0x23f0
[   46.568843][ T7656] 
[   46.568843][ T7656] which lock already depends on the new lock.
[   46.568843][ T7656] 
[   46.579237][ T7656] 
[   46.579237][ T7656] the existing dependency chain (in reverse order) is:
[   46.588337][ T7656] 
[   46.588337][ T7656] -> #1 (&sig->cred_guard_mutex){+.+.}:
[   46.596047][ T7656]        lock_acquire+0x16f/0x3f0
[   46.601053][ T7656]        __mutex_lock+0xf7/0x1310
[   46.606065][ T7656]        mutex_lock_interruptible_nested+0x16/0x20
[   46.612640][ T7656]        proc_pid_attr_write+0x200/0x580
[   46.618288][ T7656]        __vfs_write+0x8d/0x110
[   46.623119][ T7656]        __kernel_write+0x110/0x3b0
[   46.628713][ T7656]        write_pipe_buf+0x15d/0x1f0
[   46.633893][ T7656]        __splice_from_pipe+0x395/0x7d0
[   46.639451][ T7656]        splice_from_pipe+0x108/0x170
[   46.644805][ T7656]        default_file_splice_write+0x3c/0x90
[   46.650882][ T7656]        do_splice+0x70a/0x13c0
[   46.655736][ T7656]        __ia32_sys_splice+0x2c4/0x330
[   46.661195][ T7656]        do_fast_syscall_32+0x281/0xc98
[   46.666727][ T7656]        entry_SYSENTER_compat+0x70/0x7f
[   46.672422][ T7656] 
[   46.672422][ T7656] -> #0 (&pipe->mutex/1){+.+.}:
[   46.679613][ T7656]        __lock_acquire+0x239c/0x3fb0
[   46.684990][ T7656]        lock_acquire+0x16f/0x3f0
[   46.689999][ T7656]        __mutex_lock+0xf7/0x1310
[   46.695005][ T7656]        mutex_lock_nested+0x16/0x20
[   46.700269][ T7656]        fifo_open+0x159/0xb00
[   46.705009][ T7656]        do_dentry_open+0x488/0x1160
[   46.710298][ T7656]        vfs_open+0xa0/0xd0
[   46.714804][ T7656]        path_openat+0x10e9/0x46e0
[   46.719915][ T7656]        do_filp_open+0x1a1/0x280
[   46.724922][ T7656]        do_open_execat+0x137/0x690
[   46.730125][ T7656]        __do_execve_file.isra.0+0x178d/0x23f0
[   46.736272][ T7656]        __ia32_compat_sys_execve+0x94/0xc0
[   46.742151][ T7656]        do_fast_syscall_32+0x281/0xc98
[   46.747677][ T7656]        entry_SYSENTER_compat+0x70/0x7f
[   46.753311][ T7656] 
[   46.753311][ T7656] other info that might help us debug this:
[   46.753311][ T7656] 
[   46.763526][ T7656]  Possible unsafe locking scenario:
[   46.763526][ T7656] 
[   46.770963][ T7656]        CPU0                    CPU1
[   46.776308][ T7656]        ----                    ----
[   46.781680][ T7656]   lock(&sig->cred_guard_mutex);
[   46.786691][ T7656]                                lock(&pipe->mutex/1);
[   46.793532][ T7656]                                lock(&sig->cred_guard_mutex);
[   46.801140][ T7656]   lock(&pipe->mutex/1);
[   46.805452][ T7656] 
[   46.805452][ T7656]  *** DEADLOCK ***
[   46.805452][ T7656] 
[   46.813580][ T7656] 1 lock held by syz-executor872/7656:
[   46.819123][ T7656]  #0: 000000008cd1441a (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x376/0x23f0
[   46.829705][ T7656] 
[   46.829705][ T7656] stack backtrace:
[   46.835606][ T7656] CPU: 0 PID: 7656 Comm: syz-executor872 Not tainted 5.0.0+ #25
[   46.843211][ T7656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.853354][ T7656] Call Trace:
[   46.856660][ T7656]  dump_stack+0x172/0x1f0
[   46.861160][ T7656]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   46.867216][ T7656]  check_prev_add.constprop.0+0xf11/0x23c0
[   46.873032][ T7656]  ? depot_save_stack+0x1de/0x460
[   46.878155][ T7656]  ? check_usage+0x570/0x570
[   46.882734][ T7656]  ? mark_held_locks+0xa4/0xf0
[   46.887589][ T7656]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   46.893378][ T7656]  ? graph_lock+0x7b/0x200
[   46.897938][ T7656]  ? __lockdep_reset_lock+0x450/0x450
[   46.903291][ T7656]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   46.909514][ T7656]  __lock_acquire+0x239c/0x3fb0
[   46.914347][ T7656]  ? save_stack+0xa9/0xd0
[   46.918662][ T7656]  ? mark_held_locks+0xf0/0xf0
[   46.923494][ T7656]  lock_acquire+0x16f/0x3f0
[   46.927983][ T7656]  ? fifo_open+0x159/0xb00
[   46.932382][ T7656]  ? fifo_open+0x159/0xb00
[   46.936781][ T7656]  __mutex_lock+0xf7/0x1310
[   46.941265][ T7656]  ? fifo_open+0x159/0xb00
[   46.946354][ T7656]  ? fifo_open+0x159/0xb00
[   46.950782][ T7656]  ? fifo_open+0x2b5/0xb00
[   46.955186][ T7656]  ? mutex_trylock+0x1e0/0x1e0
[   46.959928][ T7656]  ? fifo_open+0x2b5/0xb00
[   46.964327][ T7656]  ? kasan_check_write+0x14/0x20
[   46.969248][ T7656]  ? lock_downgrade+0x880/0x880
[   46.974081][ T7656]  mutex_lock_nested+0x16/0x20
[   46.978866][ T7656]  ? mutex_lock_nested+0x16/0x20
[   46.983820][ T7656]  fifo_open+0x159/0xb00
[   46.988060][ T7656]  do_dentry_open+0x488/0x1160
[   46.992918][ T7656]  ? pipe_release+0x280/0x280
[   46.997671][ T7656]  ? chown_common+0x5c0/0x5c0
[   47.002322][ T7656]  ? inode_permission+0xb4/0x570
[   47.007675][ T7656]  vfs_open+0xa0/0xd0
[   47.011634][ T7656]  path_openat+0x10e9/0x46e0
[   47.016304][ T7656]  ? path_lookupat.isra.0+0x8d0/0x8d0
[   47.022088][ T7656]  ? __kmalloc+0x15c/0x740
[   47.026500][ T7656]  ? prepare_creds+0x2f5/0x3f0
[   47.031251][ T7656]  ? prepare_exec_creds+0x12/0xf0
[   47.036262][ T7656]  ? __do_execve_file.isra.0+0x393/0x23f0
[   47.041971][ T7656]  ? do_fast_syscall_32+0x281/0xc98
[   47.047259][ T7656]  ? entry_SYSENTER_compat+0x70/0x7f
[   47.052534][ T7656]  ? __lock_acquire+0x548/0x3fb0
[   47.057585][ T7656]  ? prepare_exec_creds+0x12/0xf0
[   47.062608][ T7656]  ? __do_execve_file.isra.0+0x393/0x23f0
[   47.068307][ T7656]  ? __ia32_compat_sys_execve+0x94/0xc0
[   47.073841][ T7656]  do_filp_open+0x1a1/0x280
[   47.078364][ T7656]  ? may_open_dev+0x100/0x100
[   47.083051][ T7656]  ? __lock_acquire+0x548/0x3fb0
[   47.087976][ T7656]  do_open_execat+0x137/0x690
[   47.092641][ T7656]  ? unregister_binfmt+0x170/0x170
[   47.097736][ T7656]  ? lock_downgrade+0x880/0x880
[   47.102571][ T7656]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.108823][ T7656]  ? kasan_check_read+0x11/0x20
[   47.113658][ T7656]  ? do_raw_spin_unlock+0x57/0x270
[   47.118785][ T7656]  __do_execve_file.isra.0+0x178d/0x23f0
[   47.124409][ T7656]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   47.130299][ T7656]  ? __check_object_size+0x3d/0x42f
[   47.135496][ T7656]  ? copy_strings_kernel+0x110/0x110
[   47.140762][ T7656]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.147012][ T7656]  ? getname_flags+0x277/0x5b0
[   47.151776][ T7656]  ? entry_SYSENTER_compat+0x70/0x7f
[   47.157153][ T7656]  __ia32_compat_sys_execve+0x94/0xc0
[   47.162776][ T7656]  do_fast_syscall_32+0x281/0xc98
[   47.167815][ T7656]  entry_SYSENTER_compat+0x70/0x7f
[   47.172932][ T7656] RIP: 0023:0xf7f8f869
[   47.178017][ T7656] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   47.198268][ T7656] RSP: 002b:00000000ffa9abcc EFLAGS: 00000217 ORIG_RAX: 000000000000000b
[   47.206671][ T7656] RAX: ffffffffffffffda RBX: 0000000020000180 RCX: 0000000000000000
[   47.214631][ T7656] RDX: 0000000000000000 RSI: 000000000000000e RDI: 0000000020000200
[   47.222592][ T7656] RBP: 000000000000103f R08: 0000000000000000 R09: 0000000000000000
[   47.230650][ T7656] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   47.238784][ T7656] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000