[ 34.483052][ T26] audit: type=1800 audit(1552765033.194:27): pid=7472 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 34.505745][ T26] audit: type=1800 audit(1552765033.214:28): pid=7472 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 35.238739][ T26] audit: type=1800 audit(1552765034.014:29): pid=7472 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 35.263877][ T26] audit: type=1800 audit(1552765034.014:30): pid=7472 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 42.298332][ T7624] [ 42.300673][ T7624] ====================================================== [ 42.307688][ T7624] WARNING: possible circular locking dependency detected [ 42.314704][ T7624] 5.0.0-next-20190306 #4 Not tainted [ 42.319954][ T7624] ------------------------------------------------------ [ 42.326943][ T7624] syz-executor904/7624 is trying to acquire lock: [ 42.333322][ T7624] 000000004f9e4d56 (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00 [ 42.341367][ T7624] [ 42.341367][ T7624] but task is already holding lock: [ 42.348705][ T7624] 00000000a4a07b1b (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x376/0x23f0 [ 42.358743][ T7624] [ 42.358743][ T7624] which lock already depends on the new lock. [ 42.358743][ T7624] [ 42.369116][ T7624] [ 42.369116][ T7624] the existing dependency chain (in reverse order) is: [ 42.378102][ T7624] [ 42.378102][ T7624] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 42.385806][ T7624] lock_acquire+0x16f/0x3f0 [ 42.390803][ T7624] __mutex_lock+0xf7/0x1310 [ 42.395810][ T7624] mutex_lock_interruptible_nested+0x16/0x20 [ 42.402282][ T7624] proc_pid_attr_write+0x200/0x580 [ 42.407884][ T7624] __vfs_write+0x8d/0x110 [ 42.412703][ T7624] __kernel_write+0x110/0x3b0 [ 42.417869][ T7624] write_pipe_buf+0x15d/0x1f0 [ 42.423053][ T7624] __splice_from_pipe+0x395/0x7d0 [ 42.428565][ T7624] splice_from_pipe+0x108/0x170 [ 42.433898][ T7624] default_file_splice_write+0x3c/0x90 [ 42.439853][ T7624] do_splice+0x70a/0x13c0 [ 42.444684][ T7624] __x64_sys_splice+0x2c6/0x330 [ 42.450038][ T7624] do_syscall_64+0x103/0x610 [ 42.455116][ T7624] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.461492][ T7624] [ 42.461492][ T7624] -> #0 (&pipe->mutex/1){+.+.}: [ 42.468489][ T7624] __lock_acquire+0x239c/0x3fb0 [ 42.473827][ T7624] lock_acquire+0x16f/0x3f0 [ 42.478844][ T7624] __mutex_lock+0xf7/0x1310 [ 42.483900][ T7624] mutex_lock_nested+0x16/0x20 [ 42.489157][ T7624] fifo_open+0x159/0xb00 [ 42.493886][ T7624] do_dentry_open+0x488/0x1160 [ 42.499138][ T7624] vfs_open+0xa0/0xd0 [ 42.503619][ T7624] path_openat+0x10e9/0x46e0 [ 42.508698][ T7624] do_filp_open+0x1a1/0x280 [ 42.513688][ T7624] do_open_execat+0x137/0x690 [ 42.518853][ T7624] __do_execve_file.isra.0+0x178d/0x23f0 [ 42.524970][ T7624] __x64_sys_execve+0x8f/0xc0 [ 42.530136][ T7624] do_syscall_64+0x103/0x610 [ 42.535211][ T7624] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.541588][ T7624] [ 42.541588][ T7624] other info that might help us debug this: [ 42.541588][ T7624] [ 42.551781][ T7624] Possible unsafe locking scenario: [ 42.551781][ T7624] [ 42.559200][ T7624] CPU0 CPU1 [ 42.564530][ T7624] ---- ---- [ 42.570123][ T7624] lock(&sig->cred_guard_mutex); [ 42.575113][ T7624] lock(&pipe->mutex/1); [ 42.581960][ T7624] lock(&sig->cred_guard_mutex); [ 42.589480][ T7624] lock(&pipe->mutex/1); [ 42.593772][ T7624] [ 42.593772][ T7624] *** DEADLOCK *** [ 42.593772][ T7624] [ 42.601972][ T7624] 1 lock held by syz-executor904/7624: [ 42.607395][ T7624] #0: 00000000a4a07b1b (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x376/0x23f0 [ 42.617874][ T7624] [ 42.617874][ T7624] stack backtrace: [ 42.623736][ T7624] CPU: 0 PID: 7624 Comm: syz-executor904 Not tainted 5.0.0-next-20190306 #4 [ 42.632387][ T7624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.642411][ T7624] Call Trace: [ 42.645692][ T7624] dump_stack+0x172/0x1f0 [ 42.649999][ T7624] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 42.656038][ T7624] check_prev_add.constprop.0+0xf11/0x23c0 [ 42.661829][ T7624] ? depot_save_stack+0x1de/0x460 [ 42.666847][ T7624] ? check_usage+0x570/0x570 [ 42.671406][ T7624] ? mark_held_locks+0xa4/0xf0 [ 42.676137][ T7624] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 42.681921][ T7624] ? graph_lock+0x7b/0x200 [ 42.686319][ T7624] ? __lockdep_reset_lock+0x450/0x450 [ 42.691660][ T7624] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.697871][ T7624] __lock_acquire+0x239c/0x3fb0 [ 42.702692][ T7624] ? save_stack+0xa9/0xd0 [ 42.707016][ T7624] ? mark_held_locks+0xf0/0xf0 [ 42.711749][ T7624] lock_acquire+0x16f/0x3f0 [ 42.716244][ T7624] ? fifo_open+0x159/0xb00 [ 42.720651][ T7624] ? fifo_open+0x159/0xb00 [ 42.725037][ T7624] __mutex_lock+0xf7/0x1310 [ 42.729518][ T7624] ? fifo_open+0x159/0xb00 [ 42.733921][ T7624] ? fifo_open+0x159/0xb00 [ 42.738333][ T7624] ? fifo_open+0x2b5/0xb00 [ 42.742717][ T7624] ? mutex_trylock+0x1e0/0x1e0 [ 42.747462][ T7624] ? fifo_open+0x2b5/0xb00 [ 42.751849][ T7624] ? kasan_check_write+0x14/0x20 [ 42.756754][ T7624] ? lock_downgrade+0x880/0x880 [ 42.761587][ T7624] mutex_lock_nested+0x16/0x20 [ 42.766323][ T7624] ? mutex_lock_nested+0x16/0x20 [ 42.771228][ T7624] fifo_open+0x159/0xb00 [ 42.775454][ T7624] do_dentry_open+0x488/0x1160 [ 42.780190][ T7624] ? pipe_release+0x280/0x280 [ 42.784838][ T7624] ? chown_common+0x5c0/0x5c0 [ 42.789485][ T7624] ? inode_permission+0xb4/0x570 [ 42.794390][ T7624] vfs_open+0xa0/0xd0 [ 42.798352][ T7624] path_openat+0x10e9/0x46e0 [ 42.802912][ T7624] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 42.808255][ T7624] ? __kmalloc+0x15c/0x740 [ 42.812648][ T7624] ? prepare_creds+0x2f5/0x3f0 [ 42.817392][ T7624] ? prepare_exec_creds+0x12/0xf0 [ 42.822398][ T7624] ? __do_execve_file.isra.0+0x393/0x23f0 [ 42.828088][ T7624] ? do_syscall_64+0x103/0x610 [ 42.832823][ T7624] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.838863][ T7624] ? __lock_acquire+0x548/0x3fb0 [ 42.843770][ T7624] ? prepare_exec_creds+0x12/0xf0 [ 42.848764][ T7624] ? __do_execve_file.isra.0+0x393/0x23f0 [ 42.854455][ T7624] ? __x64_sys_execve+0x8f/0xc0 [ 42.859279][ T7624] do_filp_open+0x1a1/0x280 [ 42.863750][ T7624] ? may_open_dev+0x100/0x100 [ 42.868400][ T7624] ? __lock_acquire+0x548/0x3fb0 [ 42.873313][ T7624] do_open_execat+0x137/0x690 [ 42.877963][ T7624] ? unregister_binfmt+0x170/0x170 [ 42.883045][ T7624] ? lock_downgrade+0x880/0x880 [ 42.887869][ T7624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.894077][ T7624] ? kasan_check_read+0x11/0x20 [ 42.898896][ T7624] ? do_raw_spin_unlock+0x57/0x270 [ 42.903976][ T7624] __do_execve_file.isra.0+0x178d/0x23f0 [ 42.909580][ T7624] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 42.915277][ T7624] ? __check_object_size+0x3d/0x42f [ 42.920447][ T7624] ? copy_strings_kernel+0x110/0x110 [ 42.925718][ T7624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.931927][ T7624] ? getname_flags+0x277/0x5b0 [ 42.936662][ T7624] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.942700][ T7624] __x64_sys_execve+0x8f/0xc0 [ 42.947367][ T7624] do_syscall_64+0x103/0x610 [ 42.951954][ T7624] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.957842][ T7624] RIP: 0033:0x440289 [ 42.961709][ T7624] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 42.981302][ T7624] RSP: 002b:00007ffe42f96318 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 42.989734][ T7624] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440289 [ 42.997685][ T7624] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 43.005622][ T7624] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 43.013584][ T7624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b10 [ 43.021525][ T7624] R13: 0000000000401ba0 R14: 0000000000000000 R15: 0000000000000000