[ 37.445275] audit: type=1800 audit(1547468478.480:27): pid=7615 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 37.476614] audit: type=1800 audit(1547468478.490:28): pid=7615 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.304499] audit: type=1800 audit(1547468479.400:29): pid=7615 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 38.323949] audit: type=1800 audit(1547468479.400:30): pid=7615 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 48.128109] [ 48.129750] ====================================================== [ 48.136044] WARNING: possible circular locking dependency detected [ 48.142340] 5.0.0-rc2 #25 Not tainted [ 48.146240] ------------------------------------------------------ [ 48.152544] syz-executor274/7768 is trying to acquire lock: [ 48.158253] 000000003eb71104 (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00 [ 48.165615] [ 48.165615] but task is already holding lock: [ 48.171563] 00000000ae482559 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x45d/0x2700 [ 48.180907] [ 48.180907] which lock already depends on the new lock. [ 48.180907] [ 48.189207] [ 48.189207] the existing dependency chain (in reverse order) is: [ 48.196801] [ 48.196801] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 48.203112] __mutex_lock+0x12f/0x1670 [ 48.207512] mutex_lock_interruptible_nested+0x16/0x20 [ 48.213290] proc_pid_attr_write+0x1fa/0x530 [ 48.218202] __vfs_write+0x116/0xb40 [ 48.222415] __kernel_write+0x110/0x3b0 [ 48.226896] write_pipe_buf+0x180/0x240 [ 48.231381] __splice_from_pipe+0x39a/0x7e0 [ 48.236206] splice_from_pipe+0x1ea/0x310 [ 48.240856] default_file_splice_write+0x3c/0x90 [ 48.246119] do_splice+0x64b/0x1410 [ 48.250244] __x64_sys_splice+0x2c6/0x330 [ 48.254903] do_syscall_64+0x1a3/0x800 [ 48.259294] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.264979] [ 48.264979] -> #0 (&pipe->mutex/1){+.+.}: [ 48.270706] lock_acquire+0x1db/0x570 [ 48.275007] __mutex_lock+0x12f/0x1670 [ 48.279405] mutex_lock_nested+0x16/0x20 [ 48.283986] fifo_open+0x159/0xb00 [ 48.288141] do_dentry_open+0x48a/0x1210 [ 48.292699] vfs_open+0xa0/0xd0 [ 48.296479] path_openat+0x144f/0x5650 [ 48.300863] do_filp_open+0x26f/0x370 [ 48.305162] do_open_execat+0x20e/0x930 [ 48.309641] __do_execve_file.isra.0+0x1966/0x2700 [ 48.315065] __x64_sys_execve+0x8f/0xc0 [ 48.319538] do_syscall_64+0x1a3/0x800 [ 48.323924] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.329606] [ 48.329606] other info that might help us debug this: [ 48.329606] [ 48.337718] Possible unsafe locking scenario: [ 48.337718] [ 48.343764] CPU0 CPU1 [ 48.348513] ---- ---- [ 48.353256] lock(&sig->cred_guard_mutex); [ 48.357559] lock(&pipe->mutex/1); [ 48.363680] lock(&sig->cred_guard_mutex); [ 48.370523] lock(&pipe->mutex/1); [ 48.374125] [ 48.374125] *** DEADLOCK *** [ 48.374125] [ 48.380155] 1 lock held by syz-executor274/7768: [ 48.384892] #0: 00000000ae482559 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x45d/0x2700 [ 48.394686] [ 48.394686] stack backtrace: [ 48.399157] CPU: 1 PID: 7768 Comm: syz-executor274 Not tainted 5.0.0-rc2 #25 [ 48.406317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.415644] Call Trace: [ 48.418210] dump_stack+0x1db/0x2d0 [ 48.421814] ? dump_stack_print_info.cold+0x20/0x20 [ 48.426813] ? print_stack_trace+0x77/0xb0 [ 48.431028] ? vprintk_func+0x86/0x189 [ 48.434907] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 48.440255] __lock_acquire+0x3014/0x4a30 [ 48.444380] ? is_bpf_text_address+0xac/0x170 [ 48.448857] ? mark_held_locks+0x100/0x100 [ 48.453072] ? mark_held_locks+0xb1/0x100 [ 48.457202] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 48.462283] ? lockdep_hardirqs_on+0x415/0x5d0 [ 48.466847] ? trace_hardirqs_off_caller+0x300/0x300 [ 48.471934] ? do_raw_spin_trylock+0x270/0x270 [ 48.476514] ? add_lock_to_list.isra.0+0x450/0x450 [ 48.481424] ? print_usage_bug+0xd0/0xd0 [ 48.485476] ? __lock_is_held+0xb6/0x140 [ 48.489517] lock_acquire+0x1db/0x570 [ 48.493296] ? fifo_open+0x159/0xb00 [ 48.496992] ? ___might_sleep+0x1e7/0x310 [ 48.501117] ? lock_release+0xc40/0xc40 [ 48.505071] ? fifo_open+0x159/0xb00 [ 48.508761] ? fifo_open+0x159/0xb00 [ 48.512456] __mutex_lock+0x12f/0x1670 [ 48.516333] ? fifo_open+0x159/0xb00 [ 48.520050] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.525563] ? fifo_open+0x159/0xb00 [ 48.529258] ? check_preemption_disabled+0x48/0x290 [ 48.534268] ? lockdep_init_map+0x10c/0x5b0 [ 48.538571] ? mutex_trylock+0x2d0/0x2d0 [ 48.542608] ? add_lock_to_list.isra.0+0x450/0x450 [ 48.547518] ? __mutex_init+0x1f6/0x2a0 [ 48.551471] ? psi_task_change.cold+0x1ec/0x1ec [ 48.556127] ? fifo_open+0x2b5/0xb00 [ 48.559844] ? find_held_lock+0x35/0x120 [ 48.563893] ? fifo_open+0x2b5/0xb00 [ 48.567586] ? lock_acquire+0x1db/0x570 [ 48.571540] ? kasan_check_read+0x11/0x20 [ 48.575756] ? do_raw_spin_unlock+0xa0/0x330 [ 48.580146] ? do_raw_spin_trylock+0x270/0x270 [ 48.584710] mutex_lock_nested+0x16/0x20 [ 48.588759] ? _raw_spin_unlock+0x2d/0x50 [ 48.592885] ? mutex_lock_nested+0x16/0x20 [ 48.597103] fifo_open+0x159/0xb00 [ 48.600627] do_dentry_open+0x48a/0x1210 [ 48.604670] ? pipe_release+0x280/0x280 [ 48.608636] ? chown_common+0x740/0x740 [ 48.612609] ? security_inode_permission+0xd5/0x110 [ 48.617603] ? inode_permission+0xb4/0x570 [ 48.621932] vfs_open+0xa0/0xd0 [ 48.625189] path_openat+0x144f/0x5650 [ 48.629065] ? is_bpf_text_address+0xd3/0x170 [ 48.633538] ? path_lookupat.isra.0+0xba0/0xba0 [ 48.638187] ? __lock_acquire+0x572/0x4a30 [ 48.642421] ? kmem_cache_alloc+0x12d/0x710 [ 48.646847] ? __do_execve_file.isra.0+0x47a/0x2700 [ 48.651855] ? __x64_sys_execve+0x8f/0xc0 [ 48.656165] ? do_syscall_64+0x1a3/0x800 [ 48.660208] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.665550] ? add_lock_to_list.isra.0+0x450/0x450 [ 48.670625] do_filp_open+0x26f/0x370 [ 48.674587] ? may_open_dev+0x100/0x100 [ 48.678555] ? refcount_add_not_zero_checked+0x330/0x330 [ 48.684031] ? prepare_creds+0xa4/0x4e0 [ 48.687987] ? add_lock_to_list.isra.0+0x450/0x450 [ 48.692898] ? add_lock_to_list.isra.0+0x450/0x450 [ 48.697964] ? __do_execve_file.isra.0+0x901/0x2700 [ 48.702977] do_open_execat+0x20e/0x930 [ 48.706930] ? unregister_binfmt+0x2b0/0x2b0 [ 48.711408] ? kasan_check_read+0x11/0x20 [ 48.715620] ? do_raw_spin_trylock+0x270/0x270 [ 48.720180] ? __phys_addr_symbol+0x30/0x70 [ 48.724478] __do_execve_file.isra.0+0x1966/0x2700 [ 48.729507] ? copy_strings_kernel+0x110/0x110 [ 48.734065] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 48.739728] ? strncpy_from_user+0x3aa/0x4e0 [ 48.744133] ? digsig_verify.cold+0x32/0x32 [ 48.748430] ? kmem_cache_alloc+0x341/0x710 [ 48.752729] ? do_syscall_64+0x8c/0x800 [ 48.756685] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.762204] ? getname_flags+0x277/0x5b0 [ 48.766249] ? trace_hardirqs_off_caller+0x300/0x300 [ 48.771352] __x64_sys_execve+0x8f/0xc0 [ 48.775312] do_syscall_64+0x1a3/0x800 [ 48.779190] ? syscall_return_slowpath+0x5f0/0x5f0 [ 48.784122] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 48.789123] ? __switch_to_asm+0x34/0x70 [ 48.793165] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.797986] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.803152] RIP: 0033:0x445719 [ 48.806335] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.825217] RSP: 002b:00007fb9ded31da8 EFLAGS: 00000246 ORIG_RAX: