[   39.207785][   T26] audit: type=1800 audit(1553304869.408:28): pid=7584 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   39.922208][   T26] audit: type=1800 audit(1553304870.198:29): pid=7584 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   39.942312][   T26] audit: type=1800 audit(1553304870.198:30): pid=7584 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
[....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[1G[[31mFAIL[39;49m8[?25h[?0c [31mfailed![39;49m

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.33' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   51.416083][ T7757] 
[   51.418435][ T7757] ======================================================
[   51.425432][ T7757] WARNING: possible circular locking dependency detected
[   51.432428][ T7757] 5.1.0-rc1+ #33 Not tainted
[   51.436990][ T7757] ------------------------------------------------------
[   51.444199][ T7757] syz-executor178/7757 is trying to acquire lock:
[   51.450669][ T7757] 000000008e5de3b4 (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00
[   51.458733][ T7757] 
[   51.458733][ T7757] but task is already holding lock:
[   51.466082][ T7757] 00000000eeb19ccc (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x376/0x23f0
[   51.476132][ T7757] 
[   51.476132][ T7757] which lock already depends on the new lock.
[   51.476132][ T7757] 
[   51.491721][ T7757] 
[   51.491721][ T7757] the existing dependency chain (in reverse order) is:
[   51.500714][ T7757] 
[   51.500714][ T7757] -> #1 (&sig->cred_guard_mutex){+.+.}:
[   51.508463][ T7757]        lock_acquire+0x16f/0x3f0
[   51.513479][ T7757]        __mutex_lock+0xf7/0x1310
[   51.518478][ T7757]        mutex_lock_interruptible_nested+0x16/0x20
[   51.524961][ T7757]        proc_pid_attr_write+0x200/0x580
[   51.530665][ T7757]        __vfs_write+0x8d/0x110
[   51.535489][ T7757]        __kernel_write+0x110/0x3b0
[   51.540674][ T7757]        write_pipe_buf+0x15d/0x1f0
[   51.545855][ T7757]        __splice_from_pipe+0x395/0x7d0
[   51.551382][ T7757]        splice_from_pipe+0x108/0x170
[   51.556766][ T7757]        default_file_splice_write+0x3c/0x90
[   51.562726][ T7757]        do_splice+0x70a/0x13c0
[   51.567558][ T7757]        __ia32_sys_splice+0x2c4/0x330
[   51.573002][ T7757]        do_fast_syscall_32+0x281/0xc98
[   51.578531][ T7757]        entry_SYSENTER_compat+0x70/0x7f
[   51.584140][ T7757] 
[   51.584140][ T7757] -> #0 (&pipe->mutex/1){+.+.}:
[   51.591188][ T7757]        __lock_acquire+0x239c/0x3fb0
[   51.596551][ T7757]        lock_acquire+0x16f/0x3f0
[   51.601558][ T7757]        __mutex_lock+0xf7/0x1310
[   51.606568][ T7757]        mutex_lock_nested+0x16/0x20
[   51.611833][ T7757]        fifo_open+0x159/0xb00
[   51.616705][ T7757]        do_dentry_open+0x488/0x1160
[   51.621967][ T7757]        vfs_open+0xa0/0xd0
[   51.626453][ T7757]        path_openat+0x10e9/0x46e0
[   51.631545][ T7757]        do_filp_open+0x1a1/0x280
[   51.636725][ T7757]        do_open_execat+0x137/0x690
[   51.642150][ T7757]        __do_execve_file.isra.0+0x178d/0x23f0
[   51.648289][ T7757]        __ia32_compat_sys_execve+0x94/0xc0
[   51.654161][ T7757]        do_fast_syscall_32+0x281/0xc98
[   51.659701][ T7757]        entry_SYSENTER_compat+0x70/0x7f
[   51.665315][ T7757] 
[   51.665315][ T7757] other info that might help us debug this:
[   51.665315][ T7757] 
[   51.675519][ T7757]  Possible unsafe locking scenario:
[   51.675519][ T7757] 
[   51.682945][ T7757]        CPU0                    CPU1
[   51.688287][ T7757]        ----                    ----
[   51.693630][ T7757]   lock(&sig->cred_guard_mutex);
[   51.698631][ T7757]                                lock(&pipe->mutex/1);
[   51.705488][ T7757]                                lock(&sig->cred_guard_mutex);
[   51.713009][ T7757]   lock(&pipe->mutex/1);
[   51.717318][ T7757] 
[   51.717318][ T7757]  *** DEADLOCK ***
[   51.717318][ T7757] 
[   51.725445][ T7757] 1 lock held by syz-executor178/7757:
[   51.730877][ T7757]  #0: 00000000eeb19ccc (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x376/0x23f0
[   51.741364][ T7757] 
[   51.741364][ T7757] stack backtrace:
[   51.747230][ T7757] CPU: 0 PID: 7757 Comm: syz-executor178 Not tainted 5.1.0-rc1+ #33
[   51.755180][ T7757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.765214][ T7757] Call Trace:
[   51.768489][ T7757]  dump_stack+0x172/0x1f0
[   51.772799][ T7757]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   51.778839][ T7757]  check_prev_add.constprop.0+0xf11/0x23c0
[   51.784627][ T7757]  ? depot_save_stack+0x1de/0x460
[   51.789629][ T7757]  ? check_usage+0x570/0x570
[   51.794193][ T7757]  ? mark_held_locks+0xa4/0xf0
[   51.798939][ T7757]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   51.804733][ T7757]  ? graph_lock+0x7b/0x200
[   51.809218][ T7757]  ? __lockdep_reset_lock+0x450/0x450
[   51.814605][ T7757]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   51.820830][ T7757]  __lock_acquire+0x239c/0x3fb0
[   51.825658][ T7757]  ? save_stack+0xa9/0xd0
[   51.829965][ T7757]  ? mark_held_locks+0xf0/0xf0
[   51.834703][ T7757]  ? __lock_acquire+0x548/0x3fb0
[   51.839655][ T7757]  lock_acquire+0x16f/0x3f0
[   51.844147][ T7757]  ? fifo_open+0x159/0xb00
[   51.848553][ T7757]  ? fifo_open+0x159/0xb00
[   51.852946][ T7757]  __mutex_lock+0xf7/0x1310
[   51.857423][ T7757]  ? fifo_open+0x159/0xb00
[   51.861818][ T7757]  ? fifo_open+0x159/0xb00
[   51.866216][ T7757]  ? fifo_open+0x2b5/0xb00
[   51.870610][ T7757]  ? mutex_trylock+0x1e0/0x1e0
[   51.875353][ T7757]  ? fifo_open+0x2b5/0xb00
[   51.879747][ T7757]  ? kasan_check_write+0x14/0x20
[   51.884727][ T7757]  ? lock_downgrade+0x880/0x880
[   51.889565][ T7757]  mutex_lock_nested+0x16/0x20
[   51.894325][ T7757]  ? mutex_lock_nested+0x16/0x20
[   51.899251][ T7757]  fifo_open+0x159/0xb00
[   51.903488][ T7757]  do_dentry_open+0x488/0x1160
[   51.908259][ T7757]  ? pipe_release+0x280/0x280
[   51.912919][ T7757]  ? chown_common+0x5c0/0x5c0
[   51.917570][ T7757]  ? inode_permission+0xb4/0x570
[   51.922489][ T7757]  vfs_open+0xa0/0xd0
[   51.926451][ T7757]  path_openat+0x10e9/0x46e0
[   51.931028][ T7757]  ? path_lookupat.isra.0+0x8d0/0x8d0
[   51.936392][ T7757]  ? __kmalloc+0x15c/0x740
[   51.940793][ T7757]  ? prepare_creds+0x2f5/0x3f0
[   51.945531][ T7757]  ? prepare_exec_creds+0x12/0xf0
[   51.950537][ T7757]  ? __do_execve_file.isra.0+0x393/0x23f0
[   51.956237][ T7757]  ? do_fast_syscall_32+0x281/0xc98
[   51.961416][ T7757]  ? entry_SYSENTER_compat+0x70/0x7f
[   51.966686][ T7757]  ? __lock_acquire+0x548/0x3fb0
[   51.971604][ T7757]  ? prepare_exec_creds+0x12/0xf0
[   51.976603][ T7757]  ? __do_execve_file.isra.0+0x393/0x23f0
[   51.982296][ T7757]  ? __ia32_compat_sys_execve+0x94/0xc0
[   51.987814][ T7757]  do_filp_open+0x1a1/0x280
[   51.992333][ T7757]  ? may_open_dev+0x100/0x100
[   51.996998][ T7757]  ? __lock_acquire+0x548/0x3fb0
[   52.001920][ T7757]  do_open_execat+0x137/0x690
[   52.006576][ T7757]  ? unregister_binfmt+0x170/0x170
[   52.011673][ T7757]  ? lock_downgrade+0x880/0x880
[   52.016508][ T7757]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.022813][ T7757]  ? kasan_check_read+0x11/0x20
[   52.027636][ T7757]  ? do_raw_spin_unlock+0x57/0x270
[   52.032923][ T7757]  __do_execve_file.isra.0+0x178d/0x23f0
[   52.038538][ T7757]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   52.044237][ T7757]  ? __check_object_size+0x3d/0x42f
[   52.049419][ T7757]  ? copy_strings_kernel+0x110/0x110
[   52.054718][ T7757]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.060945][ T7757]  ? getname_flags+0x277/0x5b0
[   52.065770][ T7757]  ? entry_SYSENTER_compat+0x70/0x7f
[   52.071033][ T7757]  __ia32_compat_sys_execve+0x94/0xc0
[   52.076397][ T7757]  do_fast_syscall_32+0x281/0xc98
[   52.081404][ T7757]  entry_SYSENTER_compat+0x70/0x7f
[   52.086680][ T7757] RIP: 0023:0xf7f66869
[   52.090738][ T7757] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   52.111572][ T7757] RSP: 002b:00000000ff8f62ec EFLAGS: 00000217 ORIG_RAX: 000000000000000b
[   52.120094][ T7757] RAX: ffffffffffffffda RBX: 0000000020000480 RCX: 0000000000000000
[   52.128055][ T7757] RDX: 0000000000000000 RSI: 000000000000000e RDI: 0000000020000200
[   52.136142][ T7757] RBP: 0000000000001041 R08: 0000000000000000 R09: 0000000000000000
[   52.144150][ T7757] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   52.152180][ T7757] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000