[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   42.159084] audit: type=1800 audit(1547203657.769:25): pid=7889 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   42.196469] audit: type=1800 audit(1547203657.779:26): pid=7889 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   42.223596] audit: type=1800 audit(1547203657.779:27): pid=7889 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   54.338380] 
[   54.340018] ======================================================
[   54.346310] WARNING: possible circular locking dependency detected
[   54.352621] 5.0.0-rc1+ #19 Not tainted
[   54.356481] ------------------------------------------------------
[   54.362775] syz-executor260/8040 is trying to acquire lock:
[   54.368461] 0000000031882608 (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00
[   54.375813] 
[   54.375813] but task is already holding lock:
[   54.381767] 000000002b263825 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x45d/0x2700
[   54.391126] 
[   54.391126] which lock already depends on the new lock.
[   54.391126] 
[   54.399445] 
[   54.399445] the existing dependency chain (in reverse order) is:
[   54.407038] 
[   54.407038] -> #1 (&sig->cred_guard_mutex){+.+.}:
[   54.413340]        __mutex_lock+0x12f/0x1670
[   54.417727]        mutex_lock_interruptible_nested+0x16/0x20
[   54.423501]        proc_pid_attr_write+0x1fa/0x530
[   54.428405]        __vfs_write+0x116/0xb40
[   54.432634]        __kernel_write+0x110/0x3b0
[   54.437108]        write_pipe_buf+0x180/0x240
[   54.441595]        __splice_from_pipe+0x39a/0x7e0
[   54.446415]        splice_from_pipe+0x1ea/0x310
[   54.451060]        default_file_splice_write+0x3c/0x90
[   54.456327]        do_splice+0x64b/0x1410
[   54.460449]        __ia32_sys_splice+0x2c4/0x330
[   54.465186]        do_fast_syscall_32+0x333/0xf98
[   54.470004]        entry_SYSENTER_compat+0x70/0x7f
[   54.474905] 
[   54.474905] -> #0 (&pipe->mutex/1){+.+.}:
[   54.480515]        lock_acquire+0x1db/0x570
[   54.484813]        __mutex_lock+0x12f/0x1670
[   54.489197]        mutex_lock_nested+0x16/0x20
[   54.493797]        fifo_open+0x159/0xb00
[   54.497836]        do_dentry_open+0x48a/0x1210
[   54.502400]        vfs_open+0xa0/0xd0
[   54.506193]        path_openat+0x144f/0x5650
[   54.510581]        do_filp_open+0x26f/0x370
[   54.514883]        do_open_execat+0x20e/0x930
[   54.519356]        __do_execve_file.isra.0+0x1966/0x2700
[   54.524790]        __ia32_compat_sys_execve+0x94/0xc0
[   54.529960]        do_fast_syscall_32+0x333/0xf98
[   54.534786]        entry_SYSENTER_compat+0x70/0x7f
[   54.539686] 
[   54.539686] other info that might help us debug this:
[   54.539686] 
[   54.547802]  Possible unsafe locking scenario:
[   54.547802] 
[   54.553835]        CPU0                    CPU1
[   54.558474]        ----                    ----
[   54.563114]   lock(&sig->cred_guard_mutex);
[   54.567413]                                lock(&pipe->mutex/1);
[   54.573533]                                lock(&sig->cred_guard_mutex);
[   54.580348]   lock(&pipe->mutex/1);
[   54.583951] 
[   54.583951]  *** DEADLOCK ***
[   54.583951] 
[   54.589982] 1 lock held by syz-executor260/8040:
[   54.594709]  #0: 000000002b263825 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x45d/0x2700
[   54.604515] 
[   54.604515] stack backtrace:
[   54.609019] CPU: 0 PID: 8040 Comm: syz-executor260 Not tainted 5.0.0-rc1+ #19
[   54.616266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.625597] Call Trace:
[   54.628162]  dump_stack+0x1db/0x2d0
[   54.631780]  ? dump_stack_print_info.cold+0x20/0x20
[   54.636780]  ? print_stack_trace+0x77/0xb0
[   54.640994]  ? vprintk_func+0x86/0x189
[   54.644865]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   54.650208]  __lock_acquire+0x3014/0x4a30
[   54.654341]  ? mark_held_locks+0x100/0x100
[   54.658554]  ? mark_held_locks+0xb1/0x100
[   54.662686]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   54.667776]  ? lockdep_hardirqs_on+0x415/0x5d0
[   54.672341]  ? trace_hardirqs_off_caller+0x300/0x300
[   54.677442]  ? do_raw_spin_trylock+0x270/0x270
[   54.682009]  ? add_lock_to_list.isra.0+0x450/0x450
[   54.686921]  ? print_usage_bug+0xd0/0xd0
[   54.690964]  ? __lock_is_held+0xb6/0x140
[   54.695007]  lock_acquire+0x1db/0x570
[   54.698790]  ? fifo_open+0x159/0xb00
[   54.702485]  ? ___might_sleep+0x1e7/0x310
[   54.706630]  ? lock_release+0xc40/0xc40
[   54.710583]  ? fifo_open+0x159/0xb00
[   54.714294]  ? fifo_open+0x159/0xb00
[   54.717990]  __mutex_lock+0x12f/0x1670
[   54.721863]  ? fifo_open+0x159/0xb00
[   54.725581]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.731093]  ? fifo_open+0x159/0xb00
[   54.734806]  ? check_preemption_disabled+0x48/0x290
[   54.739803]  ? lockdep_init_map+0x10c/0x5b0
[   54.744121]  ? mutex_trylock+0x2d0/0x2d0
[   54.748180]  ? add_lock_to_list.isra.0+0x450/0x450
[   54.753089]  ? __mutex_init+0x1f6/0x2a0
[   54.757046]  ? psi_task_change.cold+0x1ec/0x1ec
[   54.761696]  ? fifo_open+0x2b5/0xb00
[   54.765389]  ? find_held_lock+0x35/0x120
[   54.769427]  ? fifo_open+0x2b5/0xb00
[   54.773121]  ? lock_acquire+0x1db/0x570
[   54.777079]  ? kasan_check_read+0x11/0x20
[   54.781207]  ? do_raw_spin_unlock+0xa0/0x330
[   54.785595]  ? do_raw_spin_trylock+0x270/0x270
[   54.790175]  mutex_lock_nested+0x16/0x20
[   54.794230]  ? _raw_spin_unlock+0x2d/0x50
[   54.798355]  ? mutex_lock_nested+0x16/0x20
[   54.802569]  fifo_open+0x159/0xb00
[   54.806087]  do_dentry_open+0x48a/0x1210
[   54.810148]  ? pipe_release+0x280/0x280
[   54.814101]  ? chown_common+0x740/0x740
[   54.818057]  ? security_inode_permission+0xd5/0x110
[   54.823058]  ? inode_permission+0xb4/0x570
[   54.827292]  vfs_open+0xa0/0xd0
[   54.830556]  path_openat+0x144f/0x5650
[   54.834424]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   54.839509]  ? lockdep_hardirqs_on+0x415/0x5d0
[   54.844074]  ? trace_hardirqs_on+0xbd/0x310
[   54.848379]  ? path_lookupat.isra.0+0xba0/0xba0
[   54.853043]  ? depot_save_stack+0x1de/0x460
[   54.857361]  ? __lock_acquire+0x572/0x4a30
[   54.861577]  ? kmem_cache_alloc+0x12d/0x710
[   54.865881]  ? __do_execve_file.isra.0+0x47a/0x2700
[   54.870880]  ? __ia32_compat_sys_execve+0x94/0xc0
[   54.875703]  ? do_fast_syscall_32+0x333/0xf98
[   54.880196]  ? entry_SYSENTER_compat+0x70/0x7f
[   54.884820]  ? add_lock_to_list.isra.0+0x450/0x450
[   54.889734]  do_filp_open+0x26f/0x370
[   54.893540]  ? may_open_dev+0x100/0x100
[   54.897509]  ? refcount_add_not_zero_checked+0x330/0x330
[   54.902941]  ? prepare_creds+0xa4/0x4e0
[   54.906912]  ? add_lock_to_list.isra.0+0x450/0x450
[   54.911841]  ? add_lock_to_list.isra.0+0x450/0x450
[   54.916757]  ? __do_execve_file.isra.0+0x901/0x2700
[   54.921772]  do_open_execat+0x20e/0x930
[   54.925733]  ? unregister_binfmt+0x2b0/0x2b0
[   54.930125]  ? kasan_check_read+0x11/0x20
[   54.934255]  ? do_raw_spin_trylock+0x270/0x270
[   54.938820]  ? __phys_addr_symbol+0x30/0x70
[   54.943124]  __do_execve_file.isra.0+0x1966/0x2700
[   54.948034]  ? rcu_pm_notify+0xd0/0xd0
[   54.951927]  ? copy_strings_kernel+0x110/0x110
[   54.956501]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   54.962019]  ? strncpy_from_user+0x3aa/0x4e0
[   54.966408]  ? digsig_verify.cold+0x32/0x32
[   54.970708]  ? kmem_cache_alloc+0x341/0x710
[   54.975011]  ? do_fast_syscall_32+0x13b/0xf98
[   54.979486]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.985006]  ? getname_flags+0x277/0x5b0
[   54.989048]  ? trace_hardirqs_off_caller+0x300/0x300
[   54.994133]  __ia32_compat_sys_execve+0x94/0xc0
[   54.998818]  do_fast_syscall_32+0x333/0xf98
[   55.003122]  ? do_int80_syscall_32+0x880/0x880
[   55.007681]  ? trace_hardirqs_off+0x310/0x310
[   55.012168]  ? syscall_return_slowpath+0x5f0/0x5f0
[   55.017075]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   55.022592]  ? prepare_exit_to_usermode+0x232/0x3b0
[   55.027590]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   55.032415]  entry_SYSENTER_compat+0x70/0x7f
[   55.036802] RIP: 0023:0xf7fb6869
[   55.040158] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   55.059040] RSP: 002b:00000000ffbb2fdc EFLAGS: 00000217 ORIG_RAX: 000000000000000b
[   55.066725] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 0000000000000000
[   55.073972] RDX: 0000000000000000 RSI: 000000000000000e RDI: 00000000200000c0
[   55.081219] RBP: 0000000000001048 R08: 0000000000000000 R09: 0000000000000000
[   55.088479] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   55.095729] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000