INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-3,10.128.0.53' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   40.032888] 
[   40.033187] ======================================================
[   40.034014] WARNING: possible circular locking dependency detected
[   40.034842] 4.15.0-rc2+ #206 Not tainted
[   40.035381] ------------------------------------------------------
[   40.036209] syzkaller022699/3086 is trying to acquire lock:
[   40.036970]  (&pipe->mutex/1){+.+.}, at: [<00000000698950dd>] fifo_open+0x15c/0xa40
[   40.038070] 
[   40.038070] but task is already holding lock:
[   40.038856]  (&sig->cred_guard_mutex){+.+.}, at: [<0000000082fd15e8>] prepare_bprm_creds+0x53/0x110
[   40.040060] 
[   40.040060] which lock already depends on the new lock.
[   40.040060] 
[   40.041145] 
[   40.041145] the existing dependency chain (in reverse order) is:
[   40.042148] 
[   40.042148] -> #2 (&sig->cred_guard_mutex){+.+.}:
[   40.042985]        lock_acquire+0x1d5/0x580
[   40.043564]        __mutex_lock+0x16f/0x1a80
[   40.044167]        mutex_lock_killable_nested+0x16/0x20
[   40.044875]        do_io_accounting+0x1c2/0xf50
[   40.045496]        proc_tgid_io_accounting+0x22/0x30
[   40.046169]        proc_single_show+0xf8/0x170
[   40.046778]        seq_read+0x385/0x13d0
[   40.047319]        __vfs_read+0xef/0xa00
[   40.047859]        vfs_read+0x124/0x360
[   40.048387]        SyS_read+0xef/0x220
[   40.048906]        entry_SYSCALL_64_fastpath+0x1f/0x96
[   40.049602] 
[   40.049602] -> #1 (&p->lock){+.+.}:
[   40.050281]        lock_acquire+0x1d5/0x580
[   40.050854]        __mutex_lock+0x16f/0x1a80
[   40.051439]        mutex_lock_nested+0x16/0x20
[   40.052056]        seq_read+0xd5/0x13d0
[   40.052587]        do_iter_read+0x3db/0x5b0
[   40.054249]        vfs_readv+0x121/0x1c0
[   40.058274]        default_file_splice_read+0x508/0xae0
[   40.063600]        do_splice_to+0x110/0x170
[   40.067886]        SyS_splice+0x11a8/0x1630
[   40.072170]        entry_SYSCALL_64_fastpath+0x1f/0x96
[   40.077407] 
[   40.077407] -> #0 (&pipe->mutex/1){+.+.}:
[   40.083010]        __lock_acquire+0x3498/0x47f0
[   40.087641]        lock_acquire+0x1d5/0x580
[   40.091927]        __mutex_lock+0x16f/0x1a80
[   40.096300]        mutex_lock_nested+0x16/0x20
[   40.100847]        fifo_open+0x15c/0xa40
[   40.104883]        do_dentry_open+0x682/0xd70
[   40.109348]        vfs_open+0x107/0x230
[   40.113284]        path_openat+0x1157/0x3530
[   40.117654]        do_filp_open+0x25b/0x3b0
[   40.121939]        do_open_execat+0x1b9/0x5c0
[   40.126398]        do_execveat_common.isra.30+0x90c/0x23c0
[   40.131983]        SyS_execve+0x39/0x50
[   40.135924]        do_syscall_64+0x26c/0x920
[   40.140295]        return_from_SYSCALL_64+0x0/0x75
[   40.145184] 
[   40.145184] other info that might help us debug this:
[   40.145184] 
[   40.153288] Chain exists of:
[   40.153288]   &pipe->mutex/1 --> &p->lock --> &sig->cred_guard_mutex
[   40.153288] 
[   40.164092]  Possible unsafe locking scenario:
[   40.164092] 
[   40.170118]        CPU0                    CPU1
[   40.174762]        ----                    ----
[   40.179392]   lock(&sig->cred_guard_mutex);
[   40.183676]                                lock(&p->lock);
[   40.189264]                                lock(&sig->cred_guard_mutex);
[   40.196068]   lock(&pipe->mutex/1);
[   40.199659] 
[   40.199659]  *** DEADLOCK ***
[   40.199659] 
[   40.205688] 1 lock held by syzkaller022699/3086:
[   40.210405]  #0:  (&sig->cred_guard_mutex){+.+.}, at: [<0000000082fd15e8>] prepare_bprm_creds+0x53/0x110
[   40.220000] 
[   40.220000] stack backtrace:
[   40.224461] CPU: 0 PID: 3086 Comm: syzkaller022699 Not tainted 4.15.0-rc2+ #206
[   40.231877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.241203] Call Trace:
[   40.243757]  dump_stack+0x194/0x257
[   40.247352]  ? arch_local_irq_restore+0x53/0x53
[   40.251996]  print_circular_bug+0x42d/0x610
[   40.256283]  ? save_stack_trace+0x1a/0x20
[   40.260404]  check_prev_add+0x666/0x15f0
[   40.264429]  ? print_usage_bug+0x3f0/0x3f0
[   40.268627]  ? copy_trace+0x150/0x150
[   40.272393]  ? __lock_acquire+0x6e9/0x47f0
[   40.276593]  ? check_usage+0xb60/0xb60
[   40.280443]  ? __lock_acquire+0x6e9/0x47f0
[   40.284641]  ? print_usage_bug+0x3f0/0x3f0
[   40.288845]  __lock_acquire+0x3498/0x47f0
[   40.292957]  ? __lock_acquire+0x3498/0x47f0
[   40.297246]  ? get_page_from_freelist+0x19a0/0x52f0
[   40.302231]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.307392]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.312547]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.317702]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.322866]  ? check_noncircular+0x20/0x20
[   40.327067]  ? check_noncircular+0x20/0x20
[   40.331267]  ? check_noncircular+0x20/0x20
[   40.335467]  ? __free_insn_slot+0x5c0/0x5c0
[   40.339754]  ? find_held_lock+0x39/0x1d0
[   40.343797]  ? print_usage_bug+0x3f0/0x3f0
[   40.347999]  lock_acquire+0x1d5/0x580
[   40.351765]  ? fifo_open+0x15c/0xa40
[   40.355444]  ? lock_release+0xda0/0xda0
[   40.359383]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   40.365234]  ? rcu_note_context_switch+0x710/0x710
[   40.370127]  ? lock_release+0xda0/0xda0
[   40.374075]  ? __might_sleep+0x95/0x190
[   40.378022]  ? fifo_open+0x15c/0xa40
[   40.381704]  __mutex_lock+0x16f/0x1a80
[   40.385556]  ? fifo_open+0x15c/0xa40
[   40.389233]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.394213]  ? fifo_open+0x15c/0xa40
[   40.397892]  ? trace_hardirqs_on+0xd/0x10
[   40.402009]  ? mutex_lock_io_nested+0x1900/0x1900
[   40.406817]  ? print_usage_bug+0x3f0/0x3f0
[   40.411015]  ? save_stack+0xa3/0xd0
[   40.414606]  ? save_stack+0x43/0xd0
[   40.418196]  ? kasan_kmalloc+0xad/0xe0
[   40.422047]  ? __kmalloc+0x162/0x760
[   40.425734]  ? alloc_pipe_info+0x135/0x350
[   40.429937]  ? do_dentry_open+0x682/0xd70
[   40.434050]  ? check_noncircular+0x20/0x20
[   40.438258]  ? print_usage_bug+0x3f0/0x3f0
[   40.442458]  ? entry_SYSCALL64_slow_path+0x25/0x25
[   40.447354]  ? mark_held_locks+0xb2/0x100
[   40.451475]  ? print_usage_bug+0x3f0/0x3f0
[   40.455674]  ? debug_mutex_init+0x1c/0x60
[   40.459800]  ? find_held_lock+0x39/0x1d0
[   40.463829]  ? lock_downgrade+0x980/0x980
[   40.467941]  ? fifo_open+0x378/0xa40
[   40.471621]  ? lock_release+0xda0/0xda0
[   40.475560]  ? __init_waitqueue_head+0x97/0x140
[   40.480192]  ? init_wait_entry+0x1b0/0x1b0
[   40.484391]  ? do_raw_spin_trylock+0x190/0x190
[   40.488940]  ? alloc_pipe_info+0x135/0x350
[   40.493140]  mutex_lock_nested+0x16/0x20
[   40.497164]  ? mutex_lock_nested+0x16/0x20
[   40.501363]  fifo_open+0x15c/0xa40
[   40.504867]  do_dentry_open+0x682/0xd70
[   40.508809]  ? pipe_release+0x250/0x250
[   40.512750]  vfs_open+0x107/0x230
[   40.516168]  path_openat+0x1157/0x3530
[   40.520019]  ? save_stack+0xa3/0xd0
[   40.523615]  ? path_lookupat+0xba0/0xba0
[   40.527649]  ? check_noncircular+0x20/0x20
[   40.531850]  ? check_noncircular+0x20/0x20
[   40.536054]  ? check_noncircular+0x20/0x20
[   40.540252]  ? __lock_is_held+0xbc/0x140
[   40.544280]  do_filp_open+0x25b/0x3b0
[   40.548045]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.553036]  ? may_open_dev+0xe0/0xe0
[   40.556814]  ? lock_downgrade+0x980/0x980
[   40.560927]  ? lock_downgrade+0x980/0x980
[   40.565042]  ? do_execveat_common.isra.30+0x550/0x23c0
[   40.570284]  do_open_execat+0x1b9/0x5c0
[   40.574221]  ? do_open_execat+0x1b9/0x5c0
[   40.578334]  ? unregister_binfmt+0x280/0x280
[   40.582710]  do_execveat_common.isra.30+0x90c/0x23c0
[   40.587783]  ? do_syscall_64+0x26c/0x920
[   40.591811]  ? entry_SYSCALL64_slow_path+0x25/0x25
[   40.596705]  ? prepare_bprm_creds+0x110/0x110
[   40.601165]  ? check_stack_object+0x68/0x140
[   40.605537]  ? __check_object_size+0x25d/0x4f0
[   40.610088]  ? do_raw_spin_trylock+0x190/0x190
[   40.614634]  ? rcu_pm_notify+0xc0/0xc0
[   40.618491]  ? mpi_resize+0x200/0x200
[   40.622257]  ? getname_flags+0x256/0x580
[   40.626284]  ? ptregs_sys_vfork+0x10/0x10
[   40.630397]  SyS_execve+0x39/0x50
[   40.633816]  do_syscall_64+0x26c/0x920
[   40.637669]  ? __do_page_fault+0xc90/0xc90
[   40.641870]  ? syscall_return_slowpath+0x550/0x550
[   40.646762]  ? done_path_create+0xcc/0x110
[   40.650961]  ? SyS_mknod+0xb0/0x480
[   40.654552]  ? lockdep_sys_exit+0x47/0xf0
[   40.658663]  ? entry_SYSCALL_64_fastpath+0x5/0x96
[   40.663481]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.668291]  ? setup_new_exec+0x740/0x740
[   40.672404]  entry_SYSCALL64_slow_path+0x25/0x25
[   40.677123] RIP: 0033:0x440219
[   40.680277] RSP: 002b:00007ffd9e4890b8 EFLAGS: 00000217 ORIG_RAX: 000000000000003b
[   40.687948] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440219
[   40.695183] RDX: 0000000020324ff0 RSI: 0000000020a7bfc8 RDI: 0000000020f8aff8
[   40.702418] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
[   40.709653] R10: 0000000000000001 R11: 0000000000000217 R12: 0000000000401ae0
[   40.716888] R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000