[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   38.000150] audit: type=1800 audit(1546275969.907:25): pid=7763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   38.020811] audit: type=1800 audit(1546275969.907:26): pid=7763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   38.041382] audit: type=1800 audit(1546275969.917:27): pid=7763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   44.667620] sshd (7900) used greatest stack depth: 19848 bytes left
Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts.
executing program
[   51.472531] 
[   51.474196] ======================================================
[   51.480491] WARNING: possible circular locking dependency detected
[   51.486785] 4.20.0+ #1 Not tainted
[   51.490312] ------------------------------------------------------
[   51.496605] syz-executor874/7916 is trying to acquire lock:
[   51.502295] 00000000059bbf2c (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00
[   51.509649] 
[   51.509649] but task is already holding lock:
[   51.515603] 00000000faeefdac (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x55/0x120
[   51.524358] 
[   51.524358] which lock already depends on the new lock.
[   51.524358] 
[   51.532648] 
[   51.532648] the existing dependency chain (in reverse order) is:
[   51.540255] 
[   51.540255] -> #1 (&sig->cred_guard_mutex){+.+.}:
[   51.546603]        __mutex_lock+0x12f/0x1670
[   51.551011]        mutex_lock_interruptible_nested+0x16/0x20
[   51.556794]        proc_pid_attr_write+0x1fa/0x530
[   51.561709]        __vfs_write+0x116/0xb40
[   51.565925]        __kernel_write+0x110/0x3b0
[   51.570402]        write_pipe_buf+0x180/0x240
[   51.574878]        __splice_from_pipe+0x39a/0x7e0
[   51.579703]        splice_from_pipe+0x1ea/0x310
[   51.584355]        default_file_splice_write+0x3c/0x90
[   51.589620]        do_splice+0x64b/0x1410
[   51.593748]        __ia32_sys_splice+0x2c4/0x330
[   51.598487]        do_fast_syscall_32+0x333/0xf98
[   51.603335]        entry_SYSENTER_compat+0x70/0x7f
[   51.608240] 
[   51.608240] -> #0 (&pipe->mutex/1){+.+.}:
[   51.613853]        lock_acquire+0x1db/0x570
[   51.618180]        __mutex_lock+0x12f/0x1670
[   51.622572]        mutex_lock_nested+0x16/0x20
[   51.627159]        fifo_open+0x159/0xb00
[   51.631213]        do_dentry_open+0x48a/0x1210
[   51.635774]        vfs_open+0xa0/0xd0
[   51.639552]        path_openat+0x144f/0x5650
[   51.643937]        do_filp_open+0x26f/0x370
[   51.648233]        do_open_execat+0x20e/0x930
[   51.652733]        __do_execve_file.isra.0+0x181e/0x2510
[   51.658164]        __ia32_compat_sys_execve+0x94/0xc0
[   51.663334]        do_fast_syscall_32+0x333/0xf98
[   51.668157]        entry_SYSENTER_compat+0x70/0x7f
[   51.673059] 
[   51.673059] other info that might help us debug this:
[   51.673059] 
[   51.681174]  Possible unsafe locking scenario:
[   51.681174] 
[   51.687206]        CPU0                    CPU1
[   51.691849]        ----                    ----
[   51.696489]   lock(&sig->cred_guard_mutex);
[   51.700806]                                lock(&pipe->mutex/1);
[   51.706944]                                lock(&sig->cred_guard_mutex);
[   51.713845]   lock(&pipe->mutex/1);
[   51.717464] 
[   51.717464]  *** DEADLOCK ***
[   51.717464] 
[   51.723498] 1 lock held by syz-executor874/7916:
[   51.728240]  #0: 00000000faeefdac (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x55/0x120
[   51.737436] 
[   51.737436] stack backtrace:
[   51.741947] CPU: 0 PID: 7916 Comm: syz-executor874 Not tainted 4.20.0+ #1
[   51.748849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.758178] Call Trace:
[   51.760748]  dump_stack+0x1db/0x2d0
[   51.764358]  ? dump_stack_print_info.cold+0x20/0x20
[   51.769444]  ? print_stack_trace+0x77/0xb0
[   51.773676]  ? vprintk_func+0x86/0x189
[   51.777560]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   51.782917]  __lock_acquire+0x3014/0x4a30
[   51.787053]  ? add_lock_to_list.isra.0+0x450/0x450
[   51.791969]  ? mark_held_locks+0x100/0x100
[   51.796186]  ? mark_held_locks+0xb1/0x100
[   51.800336]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   51.805423]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   51.810509]  ? lockdep_hardirqs_on+0x415/0x5d0
[   51.815075]  ? trace_hardirqs_off_caller+0x300/0x300
[   51.820159]  ? do_raw_spin_trylock+0x270/0x270
[   51.824724]  ? add_lock_to_list.isra.0+0x450/0x450
[   51.829637]  ? print_usage_bug+0xd0/0xd0
[   51.833675]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   51.838761]  ? __lock_is_held+0xb6/0x140
[   51.842803]  lock_acquire+0x1db/0x570
[   51.846591]  ? fifo_open+0x159/0xb00
[   51.850291]  ? ___might_sleep+0x1e7/0x310
[   51.854431]  ? lock_release+0xc40/0xc40
[   51.858388]  ? fifo_open+0x159/0xb00
[   51.862099]  ? fifo_open+0x159/0xb00
[   51.865796]  __mutex_lock+0x12f/0x1670
[   51.869665]  ? fifo_open+0x159/0xb00
[   51.873371]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.878890]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.884406]  ? fifo_open+0x159/0xb00
[   51.888099]  ? lockdep_init_map+0x10c/0x5b0
[   51.892406]  ? mutex_trylock+0x2d0/0x2d0
[   51.896450]  ? add_lock_to_list.isra.0+0x450/0x450
[   51.901361]  ? __mutex_init+0x1f6/0x2a0
[   51.905322]  ? psi_task_change.cold+0x1ec/0x1ec
[   51.909976]  ? fifo_open+0x2b5/0xb00
[   51.913667]  ? find_held_lock+0x35/0x120
[   51.917709]  ? fifo_open+0x2b5/0xb00
[   51.921402]  ? lock_acquire+0x1db/0x570
[   51.925370]  ? kasan_check_read+0x11/0x20
[   51.929515]  ? do_raw_spin_unlock+0xa0/0x330
[   51.933905]  ? do_raw_spin_trylock+0x270/0x270
[   51.938474]  mutex_lock_nested+0x16/0x20
[   51.942515]  ? _raw_spin_unlock+0x2d/0x50
[   51.946644]  ? mutex_lock_nested+0x16/0x20
[   51.950858]  fifo_open+0x159/0xb00
[   51.954383]  do_dentry_open+0x48a/0x1210
[   51.958426]  ? pipe_release+0x280/0x280
[   51.962382]  ? chown_common+0x740/0x740
[   51.966355]  ? security_inode_permission+0xd5/0x110
[   51.971353]  ? inode_permission+0xb4/0x570
[   51.975570]  vfs_open+0xa0/0xd0
[   51.978832]  path_openat+0x144f/0x5650
[   51.982700]  ? trace_hardirqs_on+0xbd/0x310
[   51.987001]  ? kasan_check_read+0x11/0x20
[   51.991132]  ? depot_save_stack+0x1de/0x460
[   51.995441]  ? path_lookupat.isra.0+0xba0/0xba0
[   52.000094]  ? save_stack+0xa9/0xd0
[   52.003704]  ? __lock_acquire+0x572/0x4a30
[   52.007934]  ? __ia32_compat_sys_execve+0x94/0xc0
[   52.012760]  ? add_lock_to_list.isra.0+0x450/0x450
[   52.017699]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   52.022800]  do_filp_open+0x26f/0x370
[   52.026583]  ? refcount_add_not_zero_checked+0x330/0x330
[   52.032015]  ? may_open_dev+0x100/0x100
[   52.035995]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   52.041516]  ? refcount_inc_checked+0x2b/0x70
[   52.045993]  ? add_lock_to_list.isra.0+0x450/0x450
[   52.050902]  ? add_lock_to_list.isra.0+0x450/0x450
[   52.055814]  ? apparmor_cred_transfer+0x5b0/0x5b0
[   52.060638]  ? prepare_creds+0xa4/0x4e0
[   52.064606]  ? prepare_creds+0xa4/0x4e0
[   52.068561]  ? __do_execve_file.isra.0+0x908/0x2510
[   52.073558]  do_open_execat+0x20e/0x930
[   52.077526]  ? unregister_binfmt+0x2b0/0x2b0
[   52.081915]  ? kasan_check_read+0x11/0x20
[   52.086046]  ? do_raw_spin_trylock+0x270/0x270
[   52.090609]  ? key_put+0x36/0x90
[   52.093960]  __do_execve_file.isra.0+0x181e/0x2510
[   52.098875]  ? prepare_bprm_creds+0x120/0x120
[   52.103353]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   52.108873]  ? strncpy_from_user+0x317/0x440
[   52.113261]  ? digsig_verify.cold+0x32/0x32
[   52.117581]  ? kmem_cache_alloc+0x341/0x710
[   52.121915]  ? do_fast_syscall_32+0x13b/0xf98
[   52.126395]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.131911]  ? getname_flags+0x277/0x5b0
[   52.135954]  ? trace_hardirqs_off_caller+0x300/0x300
[   52.141039]  __ia32_compat_sys_execve+0x94/0xc0
[   52.145691]  do_fast_syscall_32+0x333/0xf98
[   52.149993]  ? do_int80_syscall_32+0x880/0x880
[   52.154555]  ? trace_hardirqs_off+0x310/0x310
[   52.159031]  ? syscall_return_slowpath+0x3b0/0x5f0
[   52.163965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.169591]  ? prepare_exit_to_usermode+0x232/0x3b0
[   52.174606]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   52.179434]  entry_SYSENTER_compat+0x70/0x7f
[   52.183882] RIP: 0023:0xf7f09869
[   52.187231] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   52.206113] RSP: 002b:00000000f7ee41fc EFLAGS: 00000246 ORIG_RAX: 000000000000000b
[   52.213798] RAX: ffffffffffffffda RBX: 0000000020000340 RCX: 0000000000000000
[   52.221050] RDX: 0000000000000000 RSI: 000000000000