[ 39.207785][ T26] audit: type=1800 audit(1553304869.408:28): pid=7584 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 39.922208][ T26] audit: type=1800 audit(1553304870.198:29): pid=7584 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 39.942312][ T26] audit: type=1800 audit(1553304870.198:30): pid=7584 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.33' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 51.416083][ T7757] [ 51.418435][ T7757] ====================================================== [ 51.425432][ T7757] WARNING: possible circular locking dependency detected [ 51.432428][ T7757] 5.1.0-rc1+ #33 Not tainted [ 51.436990][ T7757] ------------------------------------------------------ [ 51.444199][ T7757] syz-executor178/7757 is trying to acquire lock: [ 51.450669][ T7757] 000000008e5de3b4 (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00 [ 51.458733][ T7757] [ 51.458733][ T7757] but task is already holding lock: [ 51.466082][ T7757] 00000000eeb19ccc (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x376/0x23f0 [ 51.476132][ T7757] [ 51.476132][ T7757] which lock already depends on the new lock. [ 51.476132][ T7757] [ 51.491721][ T7757] [ 51.491721][ T7757] the existing dependency chain (in reverse order) is: [ 51.500714][ T7757] [ 51.500714][ T7757] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 51.508463][ T7757] lock_acquire+0x16f/0x3f0 [ 51.513479][ T7757] __mutex_lock+0xf7/0x1310 [ 51.518478][ T7757] mutex_lock_interruptible_nested+0x16/0x20 [ 51.524961][ T7757] proc_pid_attr_write+0x200/0x580 [ 51.530665][ T7757] __vfs_write+0x8d/0x110 [ 51.535489][ T7757] __kernel_write+0x110/0x3b0 [ 51.540674][ T7757] write_pipe_buf+0x15d/0x1f0 [ 51.545855][ T7757] __splice_from_pipe+0x395/0x7d0 [ 51.551382][ T7757] splice_from_pipe+0x108/0x170 [ 51.556766][ T7757] default_file_splice_write+0x3c/0x90 [ 51.562726][ T7757] do_splice+0x70a/0x13c0 [ 51.567558][ T7757] __ia32_sys_splice+0x2c4/0x330 [ 51.573002][ T7757] do_fast_syscall_32+0x281/0xc98 [ 51.578531][ T7757] entry_SYSENTER_compat+0x70/0x7f [ 51.584140][ T7757] [ 51.584140][ T7757] -> #0 (&pipe->mutex/1){+.+.}: [ 51.591188][ T7757] __lock_acquire+0x239c/0x3fb0 [ 51.596551][ T7757] lock_acquire+0x16f/0x3f0 [ 51.601558][ T7757] __mutex_lock+0xf7/0x1310 [ 51.606568][ T7757] mutex_lock_nested+0x16/0x20 [ 51.611833][ T7757] fifo_open+0x159/0xb00 [ 51.616705][ T7757] do_dentry_open+0x488/0x1160 [ 51.621967][ T7757] vfs_open+0xa0/0xd0 [ 51.626453][ T7757] path_openat+0x10e9/0x46e0 [ 51.631545][ T7757] do_filp_open+0x1a1/0x280 [ 51.636725][ T7757] do_open_execat+0x137/0x690 [ 51.642150][ T7757] __do_execve_file.isra.0+0x178d/0x23f0 [ 51.648289][ T7757] __ia32_compat_sys_execve+0x94/0xc0 [ 51.654161][ T7757] do_fast_syscall_32+0x281/0xc98 [ 51.659701][ T7757] entry_SYSENTER_compat+0x70/0x7f [ 51.665315][ T7757] [ 51.665315][ T7757] other info that might help us debug this: [ 51.665315][ T7757] [ 51.675519][ T7757] Possible unsafe locking scenario: [ 51.675519][ T7757] [ 51.682945][ T7757] CPU0 CPU1 [ 51.688287][ T7757] ---- ---- [ 51.693630][ T7757] lock(&sig->cred_guard_mutex); [ 51.698631][ T7757] lock(&pipe->mutex/1); [ 51.705488][ T7757] lock(&sig->cred_guard_mutex); [ 51.713009][ T7757] lock(&pipe->mutex/1); [ 51.717318][ T7757] [ 51.717318][ T7757] *** DEADLOCK *** [ 51.717318][ T7757] [ 51.725445][ T7757] 1 lock held by syz-executor178/7757: [ 51.730877][ T7757] #0: 00000000eeb19ccc (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x376/0x23f0 [ 51.741364][ T7757] [ 51.741364][ T7757] stack backtrace: [ 51.747230][ T7757] CPU: 0 PID: 7757 Comm: syz-executor178 Not tainted 5.1.0-rc1+ #33 [ 51.755180][ T7757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.765214][ T7757] Call Trace: [ 51.768489][ T7757] dump_stack+0x172/0x1f0 [ 51.772799][ T7757] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 51.778839][ T7757] check_prev_add.constprop.0+0xf11/0x23c0 [ 51.784627][ T7757] ? depot_save_stack+0x1de/0x460 [ 51.789629][ T7757] ? check_usage+0x570/0x570 [ 51.794193][ T7757] ? mark_held_locks+0xa4/0xf0 [ 51.798939][ T7757] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 51.804733][ T7757] ? graph_lock+0x7b/0x200 [ 51.809218][ T7757] ? __lockdep_reset_lock+0x450/0x450 [ 51.814605][ T7757] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 51.820830][ T7757] __lock_acquire+0x239c/0x3fb0 [ 51.825658][ T7757] ? save_stack+0xa9/0xd0 [ 51.829965][ T7757] ? mark_held_locks+0xf0/0xf0 [ 51.834703][ T7757] ? __lock_acquire+0x548/0x3fb0 [ 51.839655][ T7757] lock_acquire+0x16f/0x3f0 [ 51.844147][ T7757] ? fifo_open+0x159/0xb00 [ 51.848553][ T7757] ? fifo_open+0x159/0xb00 [ 51.852946][ T7757] __mutex_lock+0xf7/0x1310 [ 51.857423][ T7757] ? fifo_open+0x159/0xb00 [ 51.861818][ T7757] ? fifo_open+0x159/0xb00 [ 51.866216][ T7757] ? fifo_open+0x2b5/0xb00 [ 51.870610][ T7757] ? mutex_trylock+0x1e0/0x1e0 [ 51.875353][ T7757] ? fifo_open+0x2b5/0xb00 [ 51.879747][ T7757] ? kasan_check_write+0x14/0x20 [ 51.884727][ T7757] ? lock_downgrade+0x880/0x880 [ 51.889565][ T7757] mutex_lock_nested+0x16/0x20 [ 51.894325][ T7757] ? mutex_lock_nested+0x16/0x20 [ 51.899251][ T7757] fifo_open+0x159/0xb00 [ 51.903488][ T7757] do_dentry_open+0x488/0x1160 [ 51.908259][ T7757] ? pipe_release+0x280/0x280 [ 51.912919][ T7757] ? chown_common+0x5c0/0x5c0 [ 51.917570][ T7757] ? inode_permission+0xb4/0x570 [ 51.922489][ T7757] vfs_open+0xa0/0xd0 [ 51.926451][ T7757] path_openat+0x10e9/0x46e0 [ 51.931028][ T7757] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 51.936392][ T7757] ? __kmalloc+0x15c/0x740 [ 51.940793][ T7757] ? prepare_creds+0x2f5/0x3f0 [ 51.945531][ T7757] ? prepare_exec_creds+0x12/0xf0 [ 51.950537][ T7757] ? __do_execve_file.isra.0+0x393/0x23f0 [ 51.956237][ T7757] ? do_fast_syscall_32+0x281/0xc98 [ 51.961416][ T7757] ? entry_SYSENTER_compat+0x70/0x7f [ 51.966686][ T7757] ? __lock_acquire+0x548/0x3fb0 [ 51.971604][ T7757] ? prepare_exec_creds+0x12/0xf0 [ 51.976603][ T7757] ? __do_execve_file.isra.0+0x393/0x23f0 [ 51.982296][ T7757] ? __ia32_compat_sys_execve+0x94/0xc0 [ 51.987814][ T7757] do_filp_open+0x1a1/0x280 [ 51.992333][ T7757] ? may_open_dev+0x100/0x100 [ 51.996998][ T7757] ? __lock_acquire+0x548/0x3fb0 [ 52.001920][ T7757] do_open_execat+0x137/0x690 [ 52.006576][ T7757] ? unregister_binfmt+0x170/0x170 [ 52.011673][ T7757] ? lock_downgrade+0x880/0x880 [ 52.016508][ T7757] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.022813][ T7757] ? kasan_check_read+0x11/0x20 [ 52.027636][ T7757] ? do_raw_spin_unlock+0x57/0x270 [ 52.032923][ T7757] __do_execve_file.isra.0+0x178d/0x23f0 [ 52.038538][ T7757] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 52.044237][ T7757] ? __check_object_size+0x3d/0x42f [ 52.049419][ T7757] ? copy_strings_kernel+0x110/0x110 [ 52.054718][ T7757] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.060945][ T7757] ? getname_flags+0x277/0x5b0 [ 52.065770][ T7757] ? entry_SYSENTER_compat+0x70/0x7f [ 52.071033][ T7757] __ia32_compat_sys_execve+0x94/0xc0 [ 52.076397][ T7757] do_fast_syscall_32+0x281/0xc98 [ 52.081404][ T7757] entry_SYSENTER_compat+0x70/0x7f [ 52.086680][ T7757] RIP: 0023:0xf7f66869 [ 52.090738][ T7757] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 52.111572][ T7757] RSP: 002b:00000000ff8f62ec EFLAGS: 00000217 ORIG_RAX: 000000000000000b [ 52.120094][ T7757] RAX: ffffffffffffffda RBX: 0000000020000480 RCX: 0000000000000000 [ 52.128055][ T7757] RDX: 0000000000000000 RSI: 000000000000000e RDI: 0000000020000200 [ 52.136142][ T7757] RBP: 0000000000001041 R08: 0000000000000000 R09: 0000000000000000 [ 52.144150][ T7757] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 52.152180][ T7757] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000