[   35.137413] audit: type=1800 audit(1546377351.196:27): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   35.183141] audit: type=1800 audit(1546377351.196:28): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   35.702201] audit: type=1800 audit(1546377351.826:29): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   35.721786] audit: type=1800 audit(1546377351.826:30): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.116' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   46.923341] 
[   46.925106] ======================================================
[   46.931411] WARNING: possible circular locking dependency detected
[   46.937705] 4.20.0+ #3 Not tainted
[   46.941253] ------------------------------------------------------
[   46.947594] syz-executor242/7714 is trying to acquire lock:
[   46.953285] 00000000d375f441 (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00
[   46.960664] 
[   46.960664] but task is already holding lock:
[   46.966609] 0000000087896e5c (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x55/0x120
[   46.975435] 
[   46.975435] which lock already depends on the new lock.
[   46.975435] 
[   46.983746] 
[   46.983746] the existing dependency chain (in reverse order) is:
[   46.991343] 
[   46.991343] -> #1 (&sig->cred_guard_mutex){+.+.}:
[   46.997654]        __mutex_lock+0x12f/0x1670
[   47.002041]        mutex_lock_interruptible_nested+0x16/0x20
[   47.007823]        proc_pid_attr_write+0x1fa/0x530
[   47.012734]        __vfs_write+0x116/0xb40
[   47.016960]        __kernel_write+0x110/0x3b0
[   47.021440]        write_pipe_buf+0x180/0x240
[   47.025920]        __splice_from_pipe+0x39a/0x7e0
[   47.030743]        splice_from_pipe+0x1ea/0x310
[   47.035423]        default_file_splice_write+0x3c/0x90
[   47.040682]        do_splice+0x64b/0x1410
[   47.044808]        __ia32_sys_splice+0x2c4/0x330
[   47.049544]        do_fast_syscall_32+0x333/0xf98
[   47.054385]        entry_SYSENTER_compat+0x70/0x7f
[   47.059293] 
[   47.059293] -> #0 (&pipe->mutex/1){+.+.}:
[   47.064918]        lock_acquire+0x1db/0x570
[   47.069222]        __mutex_lock+0x12f/0x1670
[   47.073611]        mutex_lock_nested+0x16/0x20
[   47.078177]        fifo_open+0x159/0xb00
[   47.082252]        do_dentry_open+0x48a/0x1210
[   47.086821]        vfs_open+0xa0/0xd0
[   47.090785]        path_openat+0x144f/0x5650
[   47.095182]        do_filp_open+0x26f/0x370
[   47.099484]        do_open_execat+0x20e/0x930
[   47.103959]        __do_execve_file.isra.0+0x181e/0x2510
[   47.109410]        __ia32_compat_sys_execve+0x94/0xc0
[   47.114582]        do_fast_syscall_32+0x333/0xf98
[   47.119402]        entry_SYSENTER_compat+0x70/0x7f
[   47.124317] 
[   47.124317] other info that might help us debug this:
[   47.124317] 
[   47.132529]  Possible unsafe locking scenario:
[   47.132529] 
[   47.138561]        CPU0                    CPU1
[   47.143216]        ----                    ----
[   47.147854]   lock(&sig->cred_guard_mutex);
[   47.152152]                                lock(&pipe->mutex/1);
[   47.158270]                                lock(&sig->cred_guard_mutex);
[   47.165083]   lock(&pipe->mutex/1);
[   47.168685] 
[   47.168685]  *** DEADLOCK ***
[   47.168685] 
[   47.174721] 1 lock held by syz-executor242/7714:
[   47.179450]  #0: 0000000087896e5c (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x55/0x120
[   47.188620] 
[   47.188620] stack backtrace:
[   47.193099] CPU: 0 PID: 7714 Comm: syz-executor242 Not tainted 4.20.0+ #3
[   47.200295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.209628] Call Trace:
[   47.212224]  dump_stack+0x1db/0x2d0
[   47.215856]  ? dump_stack_print_info.cold+0x20/0x20
[   47.220860]  ? print_stack_trace+0x77/0xb0
[   47.225083]  ? vprintk_func+0x86/0x189
[   47.228974]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   47.234352]  __lock_acquire+0x3014/0x4a30
[   47.238477]  ? add_lock_to_list.isra.0+0x450/0x450
[   47.243389]  ? is_bpf_text_address+0xac/0x170
[   47.247864]  ? mark_held_locks+0x100/0x100
[   47.252079]  ? mark_held_locks+0xb1/0x100
[   47.256213]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   47.261296]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   47.266378]  ? lockdep_hardirqs_on+0x415/0x5d0
[   47.271045]  ? trace_hardirqs_off_caller+0x300/0x300
[   47.276253]  ? do_raw_spin_trylock+0x270/0x270
[   47.280816]  ? add_lock_to_list.isra.0+0x450/0x450
[   47.285728]  ? print_usage_bug+0xd0/0xd0
[   47.289772]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   47.294939]  ? __lock_is_held+0xb6/0x140
[   47.298986]  lock_acquire+0x1db/0x570
[   47.302770]  ? fifo_open+0x159/0xb00
[   47.306460]  ? ___might_sleep+0x1e7/0x310
[   47.310586]  ? lock_release+0xc40/0xc40
[   47.314552]  ? fifo_open+0x159/0xb00
[   47.318250]  ? fifo_open+0x159/0xb00
[   47.321945]  __mutex_lock+0x12f/0x1670
[   47.325812]  ? fifo_open+0x159/0xb00
[   47.329507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.335026]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.340555]  ? fifo_open+0x159/0xb00
[   47.344256]  ? lockdep_init_map+0x10c/0x5b0
[   47.348559]  ? mutex_trylock+0x2d0/0x2d0
[   47.352602]  ? add_lock_to_list.isra.0+0x450/0x450
[   47.357531]  ? __mutex_init+0x1f6/0x2a0
[   47.361488]  ? psi_task_change.cold+0x1ec/0x1ec
[   47.366243]  ? fifo_open+0x2b5/0xb00
[   47.369938]  ? find_held_lock+0x35/0x120
[   47.373986]  ? fifo_open+0x2b5/0xb00
[   47.377691]  ? lock_acquire+0x1db/0x570
[   47.381646]  ? kasan_check_read+0x11/0x20
[   47.385946]  ? do_raw_spin_unlock+0xa0/0x330
[   47.390335]  ? do_raw_spin_trylock+0x270/0x270
[   47.394902]  mutex_lock_nested+0x16/0x20
[   47.398961]  ? _raw_spin_unlock+0x2d/0x50
[   47.403093]  ? mutex_lock_nested+0x16/0x20
[   47.407307]  fifo_open+0x159/0xb00
[   47.410832]  do_dentry_open+0x48a/0x1210
[   47.414879]  ? pipe_release+0x280/0x280
[   47.418836]  ? chown_common+0x740/0x740
[   47.422803]  ? security_inode_permission+0xd5/0x110
[   47.427799]  ? inode_permission+0xb4/0x570
[   47.432025]  vfs_open+0xa0/0xd0
[   47.435301]  path_openat+0x144f/0x5650
[   47.439169]  ? trace_hardirqs_on+0xbd/0x310
[   47.443556]  ? kasan_check_read+0x11/0x20
[   47.447682]  ? depot_save_stack+0x1de/0x460
[   47.451991]  ? path_lookupat.isra.0+0xba0/0xba0
[   47.456639]  ? save_stack+0xa9/0xd0
[   47.460260]  ? __lock_acquire+0x572/0x4a30
[   47.464566]  ? __ia32_compat_sys_execve+0x94/0xc0
[   47.469391]  ? add_lock_to_list.isra.0+0x450/0x450
[   47.474318]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   47.479404]  do_filp_open+0x26f/0x370
[   47.483194]  ? refcount_add_not_zero_checked+0x330/0x330
[   47.488623]  ? may_open_dev+0x100/0x100
[   47.492582]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   47.498098]  ? refcount_inc_checked+0x2b/0x70
[   47.502588]  ? add_lock_to_list.isra.0+0x450/0x450
[   47.507496]  ? add_lock_to_list.isra.0+0x450/0x450
[   47.512422]  ? apparmor_cred_transfer+0x5b0/0x5b0
[   47.517242]  ? prepare_creds+0xa4/0x4e0
[   47.521197]  ? prepare_creds+0xa4/0x4e0
[   47.525156]  ? __do_execve_file.isra.0+0x908/0x2510
[   47.530152]  do_open_execat+0x20e/0x930
[   47.534124]  ? unregister_binfmt+0x2b0/0x2b0
[   47.538510]  ? kasan_check_read+0x11/0x20
[   47.542652]  ? do_raw_spin_trylock+0x270/0x270
[   47.547212]  ? key_put+0x36/0x90
[   47.550564]  __do_execve_file.isra.0+0x181e/0x2510
[   47.555483]  ? prepare_bprm_creds+0x120/0x120
[   47.559966]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   47.565484]  ? strncpy_from_user+0x317/0x440
[   47.569887]  ? digsig_verify.cold+0x32/0x32
[   47.574189]  ? kmem_cache_alloc+0x341/0x710
[   47.578503]  ? do_fast_syscall_32+0x13b/0xf98
[   47.582988]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.588614]  ? getname_flags+0x277/0x5b0
[   47.592655]  ? trace_hardirqs_off_caller+0x300/0x300
[   47.597738]  __ia32_compat_sys_execve+0x94/0xc0
[   47.602387]  do_fast_syscall_32+0x333/0xf98
[   47.606689]  ? do_int80_syscall_32+0x880/0x880
[   47.611250]  ? trace_hardirqs_off+0x310/0x310
[   47.615738]  ? syscall_return_slowpath+0x3b0/0x5f0
[   47.620647]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   47.625644]  ? __switch_to_asm+0x34/0x70
[   47.629712]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   47.634556]  entry_SYSENTER_compat+0x70/0x7f
[   47.638941] RIP: 0023:0xf7f7d869
[   47.642296] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   47.661182] RSP: 002b:00000000f7f581fc EFLAGS: 00000246 ORIG_RAX: 000000000000000b
[   47.668881] RAX: ffffffffffffffda RBX: 0000000020000340 RCX: 0000000000000000
[   47.