[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.000150] audit: type=1800 audit(1546275969.907:25): pid=7763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 38.020811] audit: type=1800 audit(1546275969.907:26): pid=7763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 38.041382] audit: type=1800 audit(1546275969.917:27): pid=7763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 44.667620] sshd (7900) used greatest stack depth: 19848 bytes left Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts. executing program [ 51.472531] [ 51.474196] ====================================================== [ 51.480491] WARNING: possible circular locking dependency detected [ 51.486785] 4.20.0+ #1 Not tainted [ 51.490312] ------------------------------------------------------ [ 51.496605] syz-executor874/7916 is trying to acquire lock: [ 51.502295] 00000000059bbf2c (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00 [ 51.509649] [ 51.509649] but task is already holding lock: [ 51.515603] 00000000faeefdac (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x55/0x120 [ 51.524358] [ 51.524358] which lock already depends on the new lock. [ 51.524358] [ 51.532648] [ 51.532648] the existing dependency chain (in reverse order) is: [ 51.540255] [ 51.540255] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 51.546603] __mutex_lock+0x12f/0x1670 [ 51.551011] mutex_lock_interruptible_nested+0x16/0x20 [ 51.556794] proc_pid_attr_write+0x1fa/0x530 [ 51.561709] __vfs_write+0x116/0xb40 [ 51.565925] __kernel_write+0x110/0x3b0 [ 51.570402] write_pipe_buf+0x180/0x240 [ 51.574878] __splice_from_pipe+0x39a/0x7e0 [ 51.579703] splice_from_pipe+0x1ea/0x310 [ 51.584355] default_file_splice_write+0x3c/0x90 [ 51.589620] do_splice+0x64b/0x1410 [ 51.593748] __ia32_sys_splice+0x2c4/0x330 [ 51.598487] do_fast_syscall_32+0x333/0xf98 [ 51.603335] entry_SYSENTER_compat+0x70/0x7f [ 51.608240] [ 51.608240] -> #0 (&pipe->mutex/1){+.+.}: [ 51.613853] lock_acquire+0x1db/0x570 [ 51.618180] __mutex_lock+0x12f/0x1670 [ 51.622572] mutex_lock_nested+0x16/0x20 [ 51.627159] fifo_open+0x159/0xb00 [ 51.631213] do_dentry_open+0x48a/0x1210 [ 51.635774] vfs_open+0xa0/0xd0 [ 51.639552] path_openat+0x144f/0x5650 [ 51.643937] do_filp_open+0x26f/0x370 [ 51.648233] do_open_execat+0x20e/0x930 [ 51.652733] __do_execve_file.isra.0+0x181e/0x2510 [ 51.658164] __ia32_compat_sys_execve+0x94/0xc0 [ 51.663334] do_fast_syscall_32+0x333/0xf98 [ 51.668157] entry_SYSENTER_compat+0x70/0x7f [ 51.673059] [ 51.673059] other info that might help us debug this: [ 51.673059] [ 51.681174] Possible unsafe locking scenario: [ 51.681174] [ 51.687206] CPU0 CPU1 [ 51.691849] ---- ---- [ 51.696489] lock(&sig->cred_guard_mutex); [ 51.700806] lock(&pipe->mutex/1); [ 51.706944] lock(&sig->cred_guard_mutex); [ 51.713845] lock(&pipe->mutex/1); [ 51.717464] [ 51.717464] *** DEADLOCK *** [ 51.717464] [ 51.723498] 1 lock held by syz-executor874/7916: [ 51.728240] #0: 00000000faeefdac (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x55/0x120 [ 51.737436] [ 51.737436] stack backtrace: [ 51.741947] CPU: 0 PID: 7916 Comm: syz-executor874 Not tainted 4.20.0+ #1 [ 51.748849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.758178] Call Trace: [ 51.760748] dump_stack+0x1db/0x2d0 [ 51.764358] ? dump_stack_print_info.cold+0x20/0x20 [ 51.769444] ? print_stack_trace+0x77/0xb0 [ 51.773676] ? vprintk_func+0x86/0x189 [ 51.777560] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 51.782917] __lock_acquire+0x3014/0x4a30 [ 51.787053] ? add_lock_to_list.isra.0+0x450/0x450 [ 51.791969] ? mark_held_locks+0x100/0x100 [ 51.796186] ? mark_held_locks+0xb1/0x100 [ 51.800336] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 51.805423] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 51.810509] ? lockdep_hardirqs_on+0x415/0x5d0 [ 51.815075] ? trace_hardirqs_off_caller+0x300/0x300 [ 51.820159] ? do_raw_spin_trylock+0x270/0x270 [ 51.824724] ? add_lock_to_list.isra.0+0x450/0x450 [ 51.829637] ? print_usage_bug+0xd0/0xd0 [ 51.833675] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 51.838761] ? __lock_is_held+0xb6/0x140 [ 51.842803] lock_acquire+0x1db/0x570 [ 51.846591] ? fifo_open+0x159/0xb00 [ 51.850291] ? ___might_sleep+0x1e7/0x310 [ 51.854431] ? lock_release+0xc40/0xc40 [ 51.858388] ? fifo_open+0x159/0xb00 [ 51.862099] ? fifo_open+0x159/0xb00 [ 51.865796] __mutex_lock+0x12f/0x1670 [ 51.869665] ? fifo_open+0x159/0xb00 [ 51.873371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.878890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.884406] ? fifo_open+0x159/0xb00 [ 51.888099] ? lockdep_init_map+0x10c/0x5b0 [ 51.892406] ? mutex_trylock+0x2d0/0x2d0 [ 51.896450] ? add_lock_to_list.isra.0+0x450/0x450 [ 51.901361] ? __mutex_init+0x1f6/0x2a0 [ 51.905322] ? psi_task_change.cold+0x1ec/0x1ec [ 51.909976] ? fifo_open+0x2b5/0xb00 [ 51.913667] ? find_held_lock+0x35/0x120 [ 51.917709] ? fifo_open+0x2b5/0xb00 [ 51.921402] ? lock_acquire+0x1db/0x570 [ 51.925370] ? kasan_check_read+0x11/0x20 [ 51.929515] ? do_raw_spin_unlock+0xa0/0x330 [ 51.933905] ? do_raw_spin_trylock+0x270/0x270 [ 51.938474] mutex_lock_nested+0x16/0x20 [ 51.942515] ? _raw_spin_unlock+0x2d/0x50 [ 51.946644] ? mutex_lock_nested+0x16/0x20 [ 51.950858] fifo_open+0x159/0xb00 [ 51.954383] do_dentry_open+0x48a/0x1210 [ 51.958426] ? pipe_release+0x280/0x280 [ 51.962382] ? chown_common+0x740/0x740 [ 51.966355] ? security_inode_permission+0xd5/0x110 [ 51.971353] ? inode_permission+0xb4/0x570 [ 51.975570] vfs_open+0xa0/0xd0 [ 51.978832] path_openat+0x144f/0x5650 [ 51.982700] ? trace_hardirqs_on+0xbd/0x310 [ 51.987001] ? kasan_check_read+0x11/0x20 [ 51.991132] ? depot_save_stack+0x1de/0x460 [ 51.995441] ? path_lookupat.isra.0+0xba0/0xba0 [ 52.000094] ? save_stack+0xa9/0xd0 [ 52.003704] ? __lock_acquire+0x572/0x4a30 [ 52.007934] ? __ia32_compat_sys_execve+0x94/0xc0 [ 52.012760] ? add_lock_to_list.isra.0+0x450/0x450 [ 52.017699] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 52.022800] do_filp_open+0x26f/0x370 [ 52.026583] ? refcount_add_not_zero_checked+0x330/0x330 [ 52.032015] ? may_open_dev+0x100/0x100 [ 52.035995] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.041516] ? refcount_inc_checked+0x2b/0x70 [ 52.045993] ? add_lock_to_list.isra.0+0x450/0x450 [ 52.050902] ? add_lock_to_list.isra.0+0x450/0x450 [ 52.055814] ? apparmor_cred_transfer+0x5b0/0x5b0 [ 52.060638] ? prepare_creds+0xa4/0x4e0 [ 52.064606] ? prepare_creds+0xa4/0x4e0 [ 52.068561] ? __do_execve_file.isra.0+0x908/0x2510 [ 52.073558] do_open_execat+0x20e/0x930 [ 52.077526] ? unregister_binfmt+0x2b0/0x2b0 [ 52.081915] ? kasan_check_read+0x11/0x20 [ 52.086046] ? do_raw_spin_trylock+0x270/0x270 [ 52.090609] ? key_put+0x36/0x90 [ 52.093960] __do_execve_file.isra.0+0x181e/0x2510 [ 52.098875] ? prepare_bprm_creds+0x120/0x120 [ 52.103353] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 52.108873] ? strncpy_from_user+0x317/0x440 [ 52.113261] ? digsig_verify.cold+0x32/0x32 [ 52.117581] ? kmem_cache_alloc+0x341/0x710 [ 52.121915] ? do_fast_syscall_32+0x13b/0xf98 [ 52.126395] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.131911] ? getname_flags+0x277/0x5b0 [ 52.135954] ? trace_hardirqs_off_caller+0x300/0x300 [ 52.141039] __ia32_compat_sys_execve+0x94/0xc0 [ 52.145691] do_fast_syscall_32+0x333/0xf98 [ 52.149993] ? do_int80_syscall_32+0x880/0x880 [ 52.154555] ? trace_hardirqs_off+0x310/0x310 [ 52.159031] ? syscall_return_slowpath+0x3b0/0x5f0 [ 52.163965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.169591] ? prepare_exit_to_usermode+0x232/0x3b0 [ 52.174606] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.179434] entry_SYSENTER_compat+0x70/0x7f [ 52.183882] RIP: 0023:0xf7f09869 [ 52.187231] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 52.206113] RSP: 002b:00000000f7ee41fc EFLAGS: 00000246 ORIG_RAX: 000000000000000b [ 52.213798] RAX: ffffffffffffffda RBX: 0000000020000340 RCX: 0000000000000000 [ 52.221050] RDX: 0000000000000000 RSI: 000000000000