[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 42.159084] audit: type=1800 audit(1547203657.769:25): pid=7889 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 42.196469] audit: type=1800 audit(1547203657.779:26): pid=7889 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 42.223596] audit: type=1800 audit(1547203657.779:27): pid=7889 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 54.338380] [ 54.340018] ====================================================== [ 54.346310] WARNING: possible circular locking dependency detected [ 54.352621] 5.0.0-rc1+ #19 Not tainted [ 54.356481] ------------------------------------------------------ [ 54.362775] syz-executor260/8040 is trying to acquire lock: [ 54.368461] 0000000031882608 (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00 [ 54.375813] [ 54.375813] but task is already holding lock: [ 54.381767] 000000002b263825 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x45d/0x2700 [ 54.391126] [ 54.391126] which lock already depends on the new lock. [ 54.391126] [ 54.399445] [ 54.399445] the existing dependency chain (in reverse order) is: [ 54.407038] [ 54.407038] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 54.413340] __mutex_lock+0x12f/0x1670 [ 54.417727] mutex_lock_interruptible_nested+0x16/0x20 [ 54.423501] proc_pid_attr_write+0x1fa/0x530 [ 54.428405] __vfs_write+0x116/0xb40 [ 54.432634] __kernel_write+0x110/0x3b0 [ 54.437108] write_pipe_buf+0x180/0x240 [ 54.441595] __splice_from_pipe+0x39a/0x7e0 [ 54.446415] splice_from_pipe+0x1ea/0x310 [ 54.451060] default_file_splice_write+0x3c/0x90 [ 54.456327] do_splice+0x64b/0x1410 [ 54.460449] __ia32_sys_splice+0x2c4/0x330 [ 54.465186] do_fast_syscall_32+0x333/0xf98 [ 54.470004] entry_SYSENTER_compat+0x70/0x7f [ 54.474905] [ 54.474905] -> #0 (&pipe->mutex/1){+.+.}: [ 54.480515] lock_acquire+0x1db/0x570 [ 54.484813] __mutex_lock+0x12f/0x1670 [ 54.489197] mutex_lock_nested+0x16/0x20 [ 54.493797] fifo_open+0x159/0xb00 [ 54.497836] do_dentry_open+0x48a/0x1210 [ 54.502400] vfs_open+0xa0/0xd0 [ 54.506193] path_openat+0x144f/0x5650 [ 54.510581] do_filp_open+0x26f/0x370 [ 54.514883] do_open_execat+0x20e/0x930 [ 54.519356] __do_execve_file.isra.0+0x1966/0x2700 [ 54.524790] __ia32_compat_sys_execve+0x94/0xc0 [ 54.529960] do_fast_syscall_32+0x333/0xf98 [ 54.534786] entry_SYSENTER_compat+0x70/0x7f [ 54.539686] [ 54.539686] other info that might help us debug this: [ 54.539686] [ 54.547802] Possible unsafe locking scenario: [ 54.547802] [ 54.553835] CPU0 CPU1 [ 54.558474] ---- ---- [ 54.563114] lock(&sig->cred_guard_mutex); [ 54.567413] lock(&pipe->mutex/1); [ 54.573533] lock(&sig->cred_guard_mutex); [ 54.580348] lock(&pipe->mutex/1); [ 54.583951] [ 54.583951] *** DEADLOCK *** [ 54.583951] [ 54.589982] 1 lock held by syz-executor260/8040: [ 54.594709] #0: 000000002b263825 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x45d/0x2700 [ 54.604515] [ 54.604515] stack backtrace: [ 54.609019] CPU: 0 PID: 8040 Comm: syz-executor260 Not tainted 5.0.0-rc1+ #19 [ 54.616266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.625597] Call Trace: [ 54.628162] dump_stack+0x1db/0x2d0 [ 54.631780] ? dump_stack_print_info.cold+0x20/0x20 [ 54.636780] ? print_stack_trace+0x77/0xb0 [ 54.640994] ? vprintk_func+0x86/0x189 [ 54.644865] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 54.650208] __lock_acquire+0x3014/0x4a30 [ 54.654341] ? mark_held_locks+0x100/0x100 [ 54.658554] ? mark_held_locks+0xb1/0x100 [ 54.662686] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 54.667776] ? lockdep_hardirqs_on+0x415/0x5d0 [ 54.672341] ? trace_hardirqs_off_caller+0x300/0x300 [ 54.677442] ? do_raw_spin_trylock+0x270/0x270 [ 54.682009] ? add_lock_to_list.isra.0+0x450/0x450 [ 54.686921] ? print_usage_bug+0xd0/0xd0 [ 54.690964] ? __lock_is_held+0xb6/0x140 [ 54.695007] lock_acquire+0x1db/0x570 [ 54.698790] ? fifo_open+0x159/0xb00 [ 54.702485] ? ___might_sleep+0x1e7/0x310 [ 54.706630] ? lock_release+0xc40/0xc40 [ 54.710583] ? fifo_open+0x159/0xb00 [ 54.714294] ? fifo_open+0x159/0xb00 [ 54.717990] __mutex_lock+0x12f/0x1670 [ 54.721863] ? fifo_open+0x159/0xb00 [ 54.725581] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.731093] ? fifo_open+0x159/0xb00 [ 54.734806] ? check_preemption_disabled+0x48/0x290 [ 54.739803] ? lockdep_init_map+0x10c/0x5b0 [ 54.744121] ? mutex_trylock+0x2d0/0x2d0 [ 54.748180] ? add_lock_to_list.isra.0+0x450/0x450 [ 54.753089] ? __mutex_init+0x1f6/0x2a0 [ 54.757046] ? psi_task_change.cold+0x1ec/0x1ec [ 54.761696] ? fifo_open+0x2b5/0xb00 [ 54.765389] ? find_held_lock+0x35/0x120 [ 54.769427] ? fifo_open+0x2b5/0xb00 [ 54.773121] ? lock_acquire+0x1db/0x570 [ 54.777079] ? kasan_check_read+0x11/0x20 [ 54.781207] ? do_raw_spin_unlock+0xa0/0x330 [ 54.785595] ? do_raw_spin_trylock+0x270/0x270 [ 54.790175] mutex_lock_nested+0x16/0x20 [ 54.794230] ? _raw_spin_unlock+0x2d/0x50 [ 54.798355] ? mutex_lock_nested+0x16/0x20 [ 54.802569] fifo_open+0x159/0xb00 [ 54.806087] do_dentry_open+0x48a/0x1210 [ 54.810148] ? pipe_release+0x280/0x280 [ 54.814101] ? chown_common+0x740/0x740 [ 54.818057] ? security_inode_permission+0xd5/0x110 [ 54.823058] ? inode_permission+0xb4/0x570 [ 54.827292] vfs_open+0xa0/0xd0 [ 54.830556] path_openat+0x144f/0x5650 [ 54.834424] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 54.839509] ? lockdep_hardirqs_on+0x415/0x5d0 [ 54.844074] ? trace_hardirqs_on+0xbd/0x310 [ 54.848379] ? path_lookupat.isra.0+0xba0/0xba0 [ 54.853043] ? depot_save_stack+0x1de/0x460 [ 54.857361] ? __lock_acquire+0x572/0x4a30 [ 54.861577] ? kmem_cache_alloc+0x12d/0x710 [ 54.865881] ? __do_execve_file.isra.0+0x47a/0x2700 [ 54.870880] ? __ia32_compat_sys_execve+0x94/0xc0 [ 54.875703] ? do_fast_syscall_32+0x333/0xf98 [ 54.880196] ? entry_SYSENTER_compat+0x70/0x7f [ 54.884820] ? add_lock_to_list.isra.0+0x450/0x450 [ 54.889734] do_filp_open+0x26f/0x370 [ 54.893540] ? may_open_dev+0x100/0x100 [ 54.897509] ? refcount_add_not_zero_checked+0x330/0x330 [ 54.902941] ? prepare_creds+0xa4/0x4e0 [ 54.906912] ? add_lock_to_list.isra.0+0x450/0x450 [ 54.911841] ? add_lock_to_list.isra.0+0x450/0x450 [ 54.916757] ? __do_execve_file.isra.0+0x901/0x2700 [ 54.921772] do_open_execat+0x20e/0x930 [ 54.925733] ? unregister_binfmt+0x2b0/0x2b0 [ 54.930125] ? kasan_check_read+0x11/0x20 [ 54.934255] ? do_raw_spin_trylock+0x270/0x270 [ 54.938820] ? __phys_addr_symbol+0x30/0x70 [ 54.943124] __do_execve_file.isra.0+0x1966/0x2700 [ 54.948034] ? rcu_pm_notify+0xd0/0xd0 [ 54.951927] ? copy_strings_kernel+0x110/0x110 [ 54.956501] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.962019] ? strncpy_from_user+0x3aa/0x4e0 [ 54.966408] ? digsig_verify.cold+0x32/0x32 [ 54.970708] ? kmem_cache_alloc+0x341/0x710 [ 54.975011] ? do_fast_syscall_32+0x13b/0xf98 [ 54.979486] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.985006] ? getname_flags+0x277/0x5b0 [ 54.989048] ? trace_hardirqs_off_caller+0x300/0x300 [ 54.994133] __ia32_compat_sys_execve+0x94/0xc0 [ 54.998818] do_fast_syscall_32+0x333/0xf98 [ 55.003122] ? do_int80_syscall_32+0x880/0x880 [ 55.007681] ? trace_hardirqs_off+0x310/0x310 [ 55.012168] ? syscall_return_slowpath+0x5f0/0x5f0 [ 55.017075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.022592] ? prepare_exit_to_usermode+0x232/0x3b0 [ 55.027590] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.032415] entry_SYSENTER_compat+0x70/0x7f [ 55.036802] RIP: 0023:0xf7fb6869 [ 55.040158] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 55.059040] RSP: 002b:00000000ffbb2fdc EFLAGS: 00000217 ORIG_RAX: 000000000000000b [ 55.066725] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 0000000000000000 [ 55.073972] RDX: 0000000000000000 RSI: 000000000000000e RDI: 00000000200000c0 [ 55.081219] RBP: 0000000000001048 R08: 0000000000000000 R09: 0000000000000000 [ 55.088479] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 55.095729] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000