[   37.395492][   T27] audit: type=1800 audit(1553304804.213:27): pid=7582 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   37.425302][   T27] audit: type=1800 audit(1553304804.213:28): pid=7582 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   38.174754][   T27] audit: type=1800 audit(1553304805.053:29): pid=7582 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   38.200789][   T27] audit: type=1800 audit(1553304805.063:30): pid=7582 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.82' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   50.314276][ T7733] 
[   50.316872][ T7733] ======================================================
[   50.323869][ T7733] WARNING: possible circular locking dependency detected
[   50.330866][ T7733] 5.1.0-rc1+ #33 Not tainted
[   50.335429][ T7733] ------------------------------------------------------
[   50.342421][ T7733] syz-executor307/7733 is trying to acquire lock:
[   50.348941][ T7733] 0000000035796447 (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00
[   50.357084][ T7733] 
[   50.357084][ T7733] but task is already holding lock:
[   50.364424][ T7733] 00000000276fab29 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x376/0x23f0
[   50.374479][ T7733] 
[   50.374479][ T7733] which lock already depends on the new lock.
[   50.374479][ T7733] 
[   50.385035][ T7733] 
[   50.385035][ T7733] the existing dependency chain (in reverse order) is:
[   50.394158][ T7733] 
[   50.394158][ T7733] -> #1 (&sig->cred_guard_mutex){+.+.}:
[   50.401955][ T7733]        lock_acquire+0x16f/0x3f0
[   50.406969][ T7733]        __mutex_lock+0xf7/0x1310
[   50.411980][ T7733]        mutex_lock_interruptible_nested+0x16/0x20
[   50.418788][ T7733]        proc_pid_attr_write+0x200/0x580
[   50.424405][ T7733]        __vfs_write+0x8d/0x110
[   50.429340][ T7733]        __kernel_write+0x110/0x3b0
[   50.434525][ T7733]        write_pipe_buf+0x15d/0x1f0
[   50.440053][ T7733]        __splice_from_pipe+0x395/0x7d0
[   50.445674][ T7733]        splice_from_pipe+0x108/0x170
[   50.451032][ T7733]        default_file_splice_write+0x3c/0x90
[   50.457226][ T7733]        do_splice+0x70a/0x13c0
[   50.462056][ T7733]        __x64_sys_splice+0x2c6/0x330
[   50.467618][ T7733]        do_syscall_64+0x103/0x610
[   50.472859][ T7733]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   50.479371][ T7733] 
[   50.479371][ T7733] -> #0 (&pipe->mutex/1){+.+.}:
[   50.486677][ T7733]        __lock_acquire+0x239c/0x3fb0
[   50.492167][ T7733]        lock_acquire+0x16f/0x3f0
[   50.497211][ T7733]        __mutex_lock+0xf7/0x1310
[   50.502213][ T7733]        mutex_lock_nested+0x16/0x20
[   50.507601][ T7733]        fifo_open+0x159/0xb00
[   50.512344][ T7733]        do_dentry_open+0x488/0x1160
[   50.517782][ T7733]        vfs_open+0xa0/0xd0
[   50.522401][ T7733]        path_openat+0x10e9/0x46e0
[   50.527574][ T7733]        do_filp_open+0x1a1/0x280
[   50.532731][ T7733]        do_open_execat+0x137/0x690
[   50.537929][ T7733]        __do_execve_file.isra.0+0x178d/0x23f0
[   50.544067][ T7733]        __x64_sys_execve+0x8f/0xc0
[   50.549258][ T7733]        do_syscall_64+0x103/0x610
[   50.554479][ T7733]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   50.560957][ T7733] 
[   50.560957][ T7733] other info that might help us debug this:
[   50.560957][ T7733] 
[   50.571278][ T7733]  Possible unsafe locking scenario:
[   50.571278][ T7733] 
[   50.578805][ T7733]        CPU0                    CPU1
[   50.584146][ T7733]        ----                    ----
[   50.589482][ T7733]   lock(&sig->cred_guard_mutex);
[   50.594474][ T7733]                                lock(&pipe->mutex/1);
[   50.601654][ T7733]                                lock(&sig->cred_guard_mutex);
[   50.609180][ T7733]   lock(&pipe->mutex/1);
[   50.613490][ T7733] 
[   50.613490][ T7733]  *** DEADLOCK ***
[   50.613490][ T7733] 
[   50.621616][ T7733] 1 lock held by syz-executor307/7733:
[   50.627050][ T7733]  #0: 00000000276fab29 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x376/0x23f0
[   50.637734][ T7733] 
[   50.637734][ T7733] stack backtrace:
[   50.643710][ T7733] CPU: 1 PID: 7733 Comm: syz-executor307 Not tainted 5.1.0-rc1+ #33
[   50.651668][ T7733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.661839][ T7733] Call Trace:
[   50.665374][ T7733]  dump_stack+0x172/0x1f0
[   50.669684][ T7733]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   50.675838][ T7733]  check_prev_add.constprop.0+0xf11/0x23c0
[   50.681931][ T7733]  ? depot_save_stack+0x1de/0x460
[   50.687079][ T7733]  ? check_usage+0x570/0x570
[   50.691647][ T7733]  ? mark_held_locks+0xa4/0xf0
[   50.696548][ T7733]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   50.721812][ T7733]  ? graph_lock+0x7b/0x200
[   50.726216][ T7733]  ? __lockdep_reset_lock+0x450/0x450
[   50.731652][ T7733]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   50.737879][ T7733]  __lock_acquire+0x239c/0x3fb0
[   50.742816][ T7733]  ? save_stack+0xa9/0xd0
[   50.747174][ T7733]  ? mark_held_locks+0xf0/0xf0
[   50.751931][ T7733]  lock_acquire+0x16f/0x3f0
[   50.756418][ T7733]  ? fifo_open+0x159/0xb00
[   50.760925][ T7733]  ? fifo_open+0x159/0xb00
[   50.765327][ T7733]  __mutex_lock+0xf7/0x1310
[   50.769812][ T7733]  ? fifo_open+0x159/0xb00
[   50.774218][ T7733]  ? fifo_open+0x159/0xb00
[   50.778626][ T7733]  ? fifo_open+0x2b5/0xb00
[   50.783205][ T7733]  ? mutex_trylock+0x1e0/0x1e0
[   50.788170][ T7733]  ? fifo_open+0x2b5/0xb00
[   50.792608][ T7733]  ? kasan_check_write+0x14/0x20
[   50.797530][ T7733]  ? lock_downgrade+0x880/0x880
[   50.802368][ T7733]  mutex_lock_nested+0x16/0x20
[   50.807224][ T7733]  ? mutex_lock_nested+0x16/0x20
[   50.812257][ T7733]  fifo_open+0x159/0xb00
[   50.816674][ T7733]  do_dentry_open+0x488/0x1160
[   50.821631][ T7733]  ? pipe_release+0x280/0x280
[   50.826296][ T7733]  ? chown_common+0x5c0/0x5c0
[   50.831350][ T7733]  ? inode_permission+0xb4/0x570
[   50.836292][ T7733]  vfs_open+0xa0/0xd0
[   50.840410][ T7733]  path_openat+0x10e9/0x46e0
[   50.845018][ T7733]  ? path_lookupat.isra.0+0x8d0/0x8d0
[   50.850394][ T7733]  ? __kmalloc+0x15c/0x740
[   50.854811][ T7733]  ? security_prepare_creds+0x123/0x190
[   50.860628][ T7733]  ? prepare_creds+0x2f5/0x3f0
[   50.865385][ T7733]  ? prepare_exec_creds+0x12/0xf0
[   50.870448][ T7733]  ? __do_execve_file.isra.0+0x393/0x23f0
[   50.876347][ T7733]  ? do_syscall_64+0x103/0x610
[   50.881162][ T7733]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   50.887360][ T7733]  ? __lock_acquire+0x548/0x3fb0
[   50.892291][ T7733]  ? prepare_exec_creds+0x12/0xf0
[   50.897310][ T7733]  ? __do_execve_file.isra.0+0x393/0x23f0
[   50.903260][ T7733]  ? __x64_sys_execve+0x8f/0xc0
[   50.908438][ T7733]  do_filp_open+0x1a1/0x280
[   50.912936][ T7733]  ? may_open_dev+0x100/0x100
[   50.917714][ T7733]  ? __lock_acquire+0x548/0x3fb0
[   50.922876][ T7733]  ? lockdep_init_map+0x1be/0x6d0
[   50.927891][ T7733]  do_open_execat+0x137/0x690
[   50.932652][ T7733]  ? unregister_binfmt+0x170/0x170
[   50.937842][ T7733]  ? lock_downgrade+0x880/0x880
[   50.942681][ T7733]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   50.949018][ T7733]  ? kasan_check_read+0x11/0x20
[   50.953854][ T7733]  ? do_raw_spin_unlock+0x57/0x270
[   50.959229][ T7733]  __do_execve_file.isra.0+0x178d/0x23f0
[   50.964893][ T7733]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   50.970612][ T7733]  ? __check_object_size+0x3d/0x42f
[   50.975810][ T7733]  ? copy_strings_kernel+0x110/0x110
[   50.981244][ T7733]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   50.987616][ T7733]  ? getname_flags+0x277/0x5b0
[   50.992409][ T7733]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   50.998480][ T7733]  __x64_sys_execve+0x8f/0xc0
[   51.003301][ T7733]  do_syscall_64+0x103/0x610
[   51.007880][ T7733]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.014031][ T7733] RIP: 0033:0x4402a9
[   51.017915][ T7733] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   51.037901][ T7733] RSP: 002b:00007fffb3d27a98 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[   51.046591][ T7733] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402a9
[   51.054558][ T7733] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000480
[   51.062655][ T7733] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   51.071013][ T7733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b30
[   51.079219][ T7733] R13: 0000000000401bc0 R14: 0000000000000000 R15: 0000000000000000