[ 29.242807] audit: type=1800 audit(1545653050.129:27): pid=5898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 29.265696] audit: type=1800 audit(1545653050.129:28): pid=5898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 30.053433] audit: type=1800 audit(1545653050.979:29): pid=5898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 30.073222] audit: type=1800 audit(1545653050.979:30): pid=5898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.210' (ECDSA) to the list of known hosts. 2018/12/24 12:06:39 parsed 1 programs 2018/12/24 12:06:41 executed programs: 0 syzkaller login: [ 180.897016] IPVS: ftp: loaded support on port[0] = 21 [ 180.897640] IPVS: ftp: loaded support on port[0] = 21 [ 180.910739] IPVS: ftp: loaded support on port[0] = 21 [ 180.911624] IPVS: ftp: loaded support on port[0] = 21 [ 180.921058] IPVS: ftp: loaded support on port[0] = 21 [ 180.926004] IPVS: ftp: loaded support on port[0] = 21 [ 181.747244] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.756999] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.764937] device bridge_slave_0 entered promiscuous mode [ 181.791730] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.798911] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.808279] device bridge_slave_1 entered promiscuous mode [ 181.829587] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.835974] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.845527] device bridge_slave_0 entered promiscuous mode [ 181.853482] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.861804] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.869839] device bridge_slave_0 entered promiscuous mode [ 181.877705] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.884711] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.891750] device bridge_slave_0 entered promiscuous mode [ 181.903640] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.912980] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.921058] device bridge_slave_0 entered promiscuous mode [ 181.929303] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.935626] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.946217] device bridge_slave_1 entered promiscuous mode [ 181.953181] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.962076] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.969556] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.976544] device bridge_slave_0 entered promiscuous mode [ 181.984503] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.990909] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.997728] device bridge_slave_1 entered promiscuous mode [ 182.006333] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.013034] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.020345] device bridge_slave_1 entered promiscuous mode [ 182.029913] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.037640] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.045236] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.055921] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.068433] device bridge_slave_1 entered promiscuous mode [ 182.079307] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.085865] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.097638] device bridge_slave_1 entered promiscuous mode [ 182.114424] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.127911] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.142703] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.158123] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.166803] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.217556] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.229999] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.240114] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.268170] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.313394] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.326311] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.379684] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.444318] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.460270] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.491505] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.527333] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.555738] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.577358] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.595665] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.615834] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 182.631092] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.640487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.665771] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.677326] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 182.691933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.702374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.718907] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 182.726989] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.755266] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.768553] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.788826] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.804756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.814048] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.827013] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 182.860686] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.868441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.876275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.917278] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.929593] team0: Port device team_slave_0 added [ 182.937145] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.955874] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.972575] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.986328] team0: Port device team_slave_0 added [ 183.014168] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.032857] team0: Port device team_slave_0 added [ 183.048922] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.056316] team0: Port device team_slave_1 added [ 183.071083] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.088241] team0: Port device team_slave_1 added [ 183.106982] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.117891] team0: Port device team_slave_0 added [ 183.127102] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.139207] team0: Port device team_slave_1 added [ 183.151238] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.172028] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.180117] team0: Port device team_slave_0 added [ 183.191937] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.201220] team0: Port device team_slave_1 added [ 183.212926] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.224343] team0: Port device team_slave_0 added [ 183.234592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.253212] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.271753] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.280037] team0: Port device team_slave_1 added [ 183.291611] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.301211] team0: Port device team_slave_1 added [ 183.307399] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.328152] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.342835] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.359592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.378755] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.387518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.396637] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.410444] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.422963] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.438643] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.446355] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.458699] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.466373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.482384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.490672] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.498708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.506363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.514206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.525828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.539720] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.553771] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.565955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.593393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.603310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.614237] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.624129] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.632127] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.643430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.654229] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.663378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.678924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.686748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.694992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.705187] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.717448] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.731707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.742613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.761015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.777664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.787136] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.800597] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.818605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.829733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.837588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.855389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.437247] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.443769] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.450768] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.457146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.466922] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.476170] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.482578] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.489345] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.495709] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.504208] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.514001] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.520400] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.527060] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.533458] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.542649] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.610975] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.617360] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.624069] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.630465] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.647704] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.654429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.667419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.675349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.683834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.695997] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.702426] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.709108] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.715467] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.724583] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.734097] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.740524] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.747171] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.753571] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.762380] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.710669] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.717896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.301180] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.312565] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.433587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.467461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.495126] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.542519] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.557798] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.638901] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.676546] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.744838] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.760839] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.809511] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.824921] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.846987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.854829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.915425] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.929328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.937392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.011779] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 188.018057] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.026191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.062759] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 188.072037] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 188.081359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.098661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.107280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.115239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.127000] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 188.144497] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.158641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.170191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.280403] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.328776] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.346702] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.360926] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.449519] 8021q: adding VLAN 0 to HW filter on device team0 2018/12/24 12:06:50 executed programs: 6 2018/12/24 12:06:55 executed programs: 304 2018/12/24 12:07:00 executed programs: 614 2018/12/24 12:07:05 executed programs: 895 2018/12/24 12:07:10 executed programs: 1189 2018/12/24 12:07:15 executed programs: 1465 2018/12/24 12:07:20 executed programs: 1713 2018/12/24 12:07:25 executed programs: 1955 2018/12/24 12:07:30 executed programs: 2213 2018/12/24 12:07:35 executed programs: 2470 2018/12/24 12:07:40 executed programs: 2735 2018/12/24 12:07:45 executed programs: 2978 2018/12/24 12:07:50 executed programs: 3172 2018/12/24 12:07:55 executed programs: 3405 2018/12/24 12:08:01 executed programs: 3585 2018/12/24 12:08:06 executed programs: 3805 [ 266.922983] [ 266.924774] ====================================================== [ 266.931101] WARNING: possible circular locking dependency detected [ 266.937420] 4.20.0 #386 Not tainted [ 266.941052] ------------------------------------------------------ [ 266.947369] syz-executor2/18784 is trying to acquire lock: [ 266.952998] 000000006d5de0f1 (&sig->cred_guard_mutex){+.+.}, at: proc_pid_attr_write+0x28a/0x540 [ 266.962044] [ 266.962044] but task is already holding lock: [ 266.968008] 00000000fcc89938 (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 [ 266.975291] [ 266.975291] which lock already depends on the new lock. [ 266.975291] [ 266.983625] [ 266.983625] the existing dependency chain (in reverse order) is: [ 266.987334] kobject: 'loop1' (0000000008e948da): kobject_uevent_env [ 266.991249] [ 266.991249] -> #1 (&pipe->mutex/1){+.+.}: [ 266.991314] __mutex_lock+0x166/0x1700 [ 266.991335] mutex_lock_nested+0x16/0x20 [ 267.005590] kobject: 'loop1' (0000000008e948da): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 267.007775] fifo_open+0x15c/0xad0 [ 267.025935] do_dentry_open+0x499/0x1250 [ 267.027743] kobject: 'loop5' (00000000128da561): kobject_uevent_env [ 267.030523] vfs_open+0xa0/0xd0 [ 267.030536] path_openat+0x12bc/0x5160 [ 267.030546] do_filp_open+0x255/0x380 [ 267.030560] do_open_execat+0x221/0x8e0 [ 267.030571] __do_execve_file.isra.33+0x176f/0x25d0 [ 267.030587] __x64_sys_execve+0x8f/0xc0 [ 267.040641] kobject: 'loop5' (00000000128da561): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 267.040846] do_syscall_64+0x1b9/0x820 [ 267.077914] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 267.083614] [ 267.083614] -> #0 (&sig->cred_guard_mutex){+.+.}: [ 267.090023] lock_acquire+0x1ed/0x520 [ 267.093029] kobject: 'loop5' (00000000128da561): kobject_uevent_env [ 267.094365] __mutex_lock+0x166/0x1700 [ 267.105175] mutex_lock_interruptible_nested+0x16/0x20 [ 267.107826] kobject: 'loop5' (00000000128da561): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 267.110998] proc_pid_attr_write+0x28a/0x540 [ 267.111008] __vfs_write+0x119/0x9f0 [ 267.111025] __kernel_write+0x10c/0x370 [ 267.111130] write_pipe_buf+0x180/0x240 [ 267.111149] __splice_from_pipe+0x38b/0x7c0 [ 267.142584] kobject: 'loop3' (00000000f8a52b9f): kobject_uevent_env [ 267.143556] splice_from_pipe+0x1ec/0x340 [ 267.143570] default_file_splice_write+0x3c/0x90 [ 267.143588] do_splice+0x64a/0x1430 [ 267.158057] kobject: 'loop3' (00000000f8a52b9f): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 267.159934] __x64_sys_splice+0x2c1/0x330 [ 267.159949] do_syscall_64+0x1b9/0x820 [ 267.159970] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 267.188288] [ 267.188288] other info that might help us debug this: [ 267.188288] [ 267.196441] Possible unsafe locking scenario: [ 267.196441] [ 267.202498] CPU0 CPU1 [ 267.207148] ---- ---- [ 267.209929] kobject: 'loop3' (00000000f8a52b9f): kobject_uevent_env [ 267.211831] lock(&pipe->mutex/1); [ 267.220107] kobject: 'loop3' (00000000f8a52b9f): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 267.221859] lock(&sig->cred_guard_mutex); [ 267.221868] lock(&pipe->mutex/1); [ 267.221877] lock(&sig->cred_guard_mutex); [ 267.221885] [ 267.221885] *** DEADLOCK *** [ 267.221885] [ 267.221894] 2 locks held by syz-executor2/18784: [ 267.221903] #0: 00000000ed4c5f66 (sb_writers#6){.+.+}, at: do_splice+0xd2e/0x1430 [ 267.267072] #1: 00000000fcc89938 (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 [ 267.274693] [ 267.274693] stack backtrace: [ 267.279193] CPU: 1 PID: 18784 Comm: syz-executor2 Not tainted 4.20.0 #386 [ 267.286102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 267.295461] Call Trace: [ 267.298124] dump_stack+0x1d3/0x2c6 [ 267.301755] ? dump_stack_print_info.cold.1+0x20/0x20 [ 267.306977] ? vprintk_func+0x85/0x181 [ 267.310856] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 267.316594] ? save_trace+0xe0/0x290 [ 267.320298] __lock_acquire+0x3360/0x4c20 [ 267.324437] ? mark_held_locks+0x130/0x130 [ 267.328656] ? mark_held_locks+0x130/0x130 [ 267.332882] ? check_usage_forwards+0x3d0/0x3d0 [ 267.337549] ? __bfs+0x385/0x7a0 [ 267.340905] ? __switch_to_asm+0x34/0x70 [ 267.344956] ? __switch_to_asm+0x40/0x70 [ 267.349007] ? lockdep_on+0x50/0x50 [ 267.352618] ? graph_lock+0x270/0x270 [ 267.356454] ? kasan_check_read+0x11/0x20 [ 267.360608] ? graph_lock+0x9c/0x270 [ 267.364345] ? add_lock_to_list.isra.26+0x4b0/0x4b0 [ 267.369360] ? graph_lock+0x270/0x270 [ 267.373148] ? find_held_lock+0x36/0x1c0 [ 267.377199] ? print_usage_bug+0xc0/0xc0 [ 267.381316] ? is_bpf_text_address+0xac/0x170 [ 267.385814] lock_acquire+0x1ed/0x520 [ 267.389606] ? proc_pid_attr_write+0x28a/0x540 [ 267.394176] ? lock_release+0xa00/0xa00 [ 267.398192] ? arch_local_save_flags+0x40/0x40 [ 267.402772] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 267.407883] ? lockdep_hardirqs_on+0x421/0x5c0 [ 267.412499] ? trace_hardirqs_on+0xbd/0x310 [ 267.416823] ? proc_pid_attr_write+0x28a/0x540 [ 267.421392] __mutex_lock+0x166/0x1700 [ 267.425266] ? proc_pid_attr_write+0x28a/0x540 [ 267.429839] ? proc_pid_attr_write+0x28a/0x540 [ 267.434408] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 267.439501] ? mutex_trylock+0x2b0/0x2b0 [ 267.443636] ? save_stack+0xa9/0xd0 [ 267.447246] ? save_stack+0x43/0xd0 [ 267.450855] ? kasan_kmalloc+0xc7/0xe0 [ 267.454725] ? __kmalloc_track_caller+0x157/0x760 [ 267.459598] ? memdup_user+0x2c/0xa0 [ 267.463301] ? proc_pid_attr_write+0x198/0x540 [ 267.467868] ? __vfs_write+0x119/0x9f0 [ 267.471741] ? __kernel_write+0x10c/0x370 [ 267.475878] ? write_pipe_buf+0x180/0x240 [ 267.480008] ? __splice_from_pipe+0x38b/0x7c0 [ 267.484491] ? splice_from_pipe+0x1ec/0x340 [ 267.488804] ? default_file_splice_write+0x3c/0x90 [ 267.493731] ? do_splice+0x64a/0x1430 [ 267.497528] ? __x64_sys_splice+0x2c1/0x330 [ 267.501842] ? do_syscall_64+0x1b9/0x820 [ 267.505892] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 267.511292] ? cache_grow_end+0xa8/0x190 [ 267.515357] ? graph_lock+0x270/0x270 [ 267.519220] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 267.524833] ? check_preemption_disabled+0x48/0x280 [ 267.529858] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 267.535034] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 267.540562] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 267.545564] ? __check_object_size+0xb1/0x782 [ 267.550043] ? usercopy_warn+0x110/0x110 [ 267.554136] ? rcu_read_lock_sched_held+0x108/0x120 [ 267.559148] ? __kmalloc_track_caller+0x5eb/0x760 [ 267.563989] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 267.569516] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 267.575043] ? _copy_from_user+0xdf/0x150 [ 267.579183] mutex_lock_interruptible_nested+0x16/0x20 [ 267.584446] ? mutex_lock_interruptible_nested+0x16/0x20 [ 267.589910] proc_pid_attr_write+0x28a/0x540 [ 267.594308] __vfs_write+0x119/0x9f0 [ 267.598063] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 267.603345] ? proc_loginuid_write+0x4f0/0x4f0 [ 267.607912] ? kernel_read+0x120/0x120 [ 267.611791] ? __lock_is_held+0xb5/0x140 [ 267.615867] ? find_held_lock+0x36/0x1c0 [ 267.619913] ? ___might_sleep+0x1ed/0x300 [ 267.624046] ? arch_local_save_flags+0x40/0x40 [ 267.628618] __kernel_write+0x10c/0x370 [ 267.632576] write_pipe_buf+0x180/0x240 [ 267.636534] ? ___might_sleep+0x1ed/0x300 [ 267.640667] ? do_splice_direct+0x420/0x420 [ 267.644972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 267.650497] ? splice_from_pipe_next.part.11+0x296/0x340 [ 267.655937] __splice_from_pipe+0x38b/0x7c0 [ 267.660254] ? do_splice_direct+0x420/0x420 [ 267.664571] splice_from_pipe+0x1ec/0x340 [ 267.668708] ? do_splice_direct+0x420/0x420 [ 267.673027] ? splice_shrink_spd+0xd0/0xd0 [ 267.677252] ? rcu_read_lock_sched_held+0x108/0x120 [ 267.682257] default_file_splice_write+0x3c/0x90 [ 267.687008] ? generic_splice_sendpage+0x50/0x50 [ 267.691748] do_splice+0x64a/0x1430 [ 267.695364] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 267.700888] ? put_timespec64+0x10f/0x1b0 [ 267.705023] ? opipe_prep.part.14+0x3b0/0x3b0 [ 267.709507] __x64_sys_splice+0x2c1/0x330 [ 267.713644] do_syscall_64+0x1b9/0x820 [ 267.717521] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 267.722894] ? syscall_return_slowpath+0x5e0/0x5e0 [ 267.727821] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 267.732652] ? trace_hardirqs_on_caller+0x310/0x310 [ 267.737657] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 267.742660] ? prepare_exit_to_usermode+0x291/0x3b0 [ 267.747665] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 267.752507] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 267.757687] RIP: 0033:0x457669 [ 267.760864] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 267.779756] RSP: 002b:00007f33f8dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 267.787562] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457669 [ 267.794825] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 267.802084] RBP: 000000000072bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 267.809354] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f33f8dc56d4 [ 267.816611] R13: 00000000004c5ae3 R14: 00000000004d97b0 R15: 00000000ffffffff [