[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 10.833617] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.225864] random: crng init done Warning: Permanently added '10.128.0.254' (ECDSA) to the list of known hosts. executing program [ 33.923752] [ 33.925744] ====================================================== [ 33.932962] [ INFO: possible circular locking dependency detected ] [ 33.940446] 4.9.165+ #27 Not tainted [ 33.944767] ------------------------------------------------------- [ 33.951649] syz-executor198/2057 is trying to acquire lock: [ 33.957720] (&p->lock){+.+.+.}, at: [] seq_read+0xd6/0x1250 [ 33.966678] but task is already holding lock: [ 33.971342] (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x63/0x80 [ 33.980412] which lock already depends on the new lock. [ 33.980412] [ 33.987921] [ 33.987921] the existing dependency chain (in reverse order) is: [ 33.996215] -> #2 (&pipe->mutex/1){+.+.+.}: [ 34.001978] lock_acquire+0x133/0x3d0 [ 34.006588] mutex_lock_nested+0xc7/0x920 [ 34.011973] fifo_open+0x15d/0xa00 [ 34.016183] do_dentry_open+0x3ef/0xc80 [ 34.021255] vfs_open+0x105/0x230 [ 34.026261] path_openat+0xbf5/0x2f60 [ 34.030870] do_filp_open+0x1a1/0x280 [ 34.035511] do_open_execat+0x10c/0x6a0 [ 34.040661] do_execveat_common.isra.0+0x698/0x1db0 [ 34.046829] SyS_execve+0x42/0x50 [ 34.051434] do_syscall_64+0x1ad/0x570 [ 34.056319] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 34.062670] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 34.069768] lock_acquire+0x133/0x3d0 [ 34.074499] mutex_lock_killable_nested+0xcd/0xa10 [ 34.081000] lock_trace+0x44/0xc0 [ 34.085306] proc_pid_syscall+0x9b/0x250 [ 34.090307] proc_single_show+0xf6/0x160 [ 34.095014] seq_read+0x4cd/0x1250 [ 34.099262] do_loop_readv_writev.part.0+0xcc/0x2c0 [ 34.104896] do_readv_writev+0x556/0x7a0 [ 34.109640] vfs_readv+0x86/0xc0 [ 34.113993] default_file_splice_read+0x44b/0x7e0 [ 34.119878] do_splice_to+0x108/0x170 [ 34.124446] splice_direct_to_actor+0x246/0x820 [ 34.129989] do_splice_direct+0x1a5/0x260 [ 34.134936] do_sendfile+0x503/0xc00 [ 34.139264] SyS_sendfile64+0x145/0x160 [ 34.143777] do_syscall_64+0x1ad/0x570 [ 34.148276] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 34.153987] -> #0 (&p->lock){+.+.+.}: [ 34.158667] __lock_acquire+0x2d10/0x4350 [ 34.163340] lock_acquire+0x133/0x3d0 [ 34.167840] mutex_lock_nested+0xc7/0x920 [ 34.172721] seq_read+0xd6/0x1250 [ 34.176703] proc_reg_read+0xfd/0x180 [ 34.181269] do_loop_readv_writev.part.0+0xcc/0x2c0 [ 34.186825] do_readv_writev+0x556/0x7a0 [ 34.191413] vfs_readv+0x86/0xc0 [ 34.195393] default_file_splice_read+0x44b/0x7e0 [ 34.201123] do_splice_to+0x108/0x170 [ 34.205534] SyS_splice+0x1061/0x1480 [ 34.209946] do_syscall_64+0x1ad/0x570 [ 34.214356] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 34.220326] [ 34.220326] other info that might help us debug this: [ 34.220326] [ 34.228928] Chain exists of: &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1 [ 34.238331] Possible unsafe locking scenario: [ 34.238331] [ 34.244478] CPU0 CPU1 [ 34.249265] ---- ---- [ 34.254111] lock(&pipe->mutex/1); [ 34.258374] lock(&sig->cred_guard_mutex); [ 34.265842] lock(&pipe->mutex/1); [ 34.273077] lock(&p->lock); [ 34.276676] [ 34.276676] *** DEADLOCK *** [ 34.276676] [ 34.282831] 1 lock held by syz-executor198/2057: [ 34.288025] #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x63/0x80 [ 34.297533] [ 34.297533] stack backtrace: [ 34.302542] CPU: 1 PID: 2057 Comm: syz-executor198 Not tainted 4.9.165+ #27 [ 34.310111] ffff8801ce4a72f8 ffffffff81b4ba01 ffffffff83caa9a0 ffffffff83cb0310 [ 34.319562] ffffffff83ca9050 ffffffff8424ac80 ffff8801d1ed97c0 ffff8801ce4a7350 [ 34.328565] ffffffff81400f3c ffffffff810aba10 ffffffff84022d00 ffff8801d1eda098 [ 34.338099] Call Trace: [ 34.340792] [] dump_stack+0xc1/0x120 [ 34.346439] [] print_circular_bug.cold+0x2f6/0x454 [ 34.353696] [] ? __unwind_start+0x150/0x370 [ 34.360030] [] __lock_acquire+0x2d10/0x4350 [ 34.366656] [] ? __save_stack_trace+0x7a/0xf0 [ 34.372817] [] ? trace_hardirqs_on+0x10/0x10 [ 34.379073] [] lock_acquire+0x133/0x3d0 [ 34.384822] [] ? seq_read+0xd6/0x1250 [ 34.402446] [] ? seq_read+0xd6/0x1250 [ 34.408405] [] mutex_lock_nested+0xc7/0x920 [ 34.415115] [] ? seq_read+0xd6/0x1250 [ 34.420748] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 34.428080] [] ? mutex_trylock+0x3f0/0x3f0 [ 34.434415] [] ? mark_held_locks+0xb1/0x100 [ 34.441095] [] ? get_page_from_freelist+0x1067/0x1c50 [ 34.448504] [] seq_read+0xd6/0x1250 [ 34.454624] [] ? check_preemption_disabled+0x3c/0x200 [ 34.461675] [] ? fsnotify+0x129/0x11d0 [ 34.467478] [] ? seq_lseek+0x3c0/0x3c0 [ 34.473040] [] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 34.482233] [] proc_reg_read+0xfd/0x180 [ 34.488294] [] ? seq_lseek+0x3c0/0x3c0 [ 34.493923] [] do_loop_readv_writev.part.0+0xcc/0x2c0 [ 34.500935] [] do_readv_writev+0x556/0x7a0 [ 34.506981] [] ? vfs_write+0x520/0x520 [ 34.512653] [] ? kasan_unpoison_shadow+0x35/0x50 [ 34.519303] [] ? push_pipe+0x3dd/0x770 [ 34.524909] [] ? __kmalloc+0x133/0x320 [ 34.530657] [] ? iov_iter_get_pages_alloc+0x2c8/0xfa0 [ 34.537853] [] vfs_readv+0x86/0xc0 [ 34.543054] [] default_file_splice_read+0x44b/0x7e0 [ 34.549906] [] ? do_splice_direct+0x260/0x260 [ 34.556377] [] ? SyS_openat+0x30/0x40 [ 34.562320] [] ? entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 34.570268] [] ? fsnotify+0x129/0x11d0 [ 34.575991] [] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 34.584670] [] ? __fsnotify_inode_delete+0x30/0x30 [ 34.591571] [] ? avc_policy_seqno+0x9/0x20 [ 34.597718] [] ? selinux_file_permission+0x85/0x470 [ 34.604691] [] ? security_file_permission+0x8f/0x1f0 [ 34.611650] [] ? rw_verify_area+0xea/0x2b0 [ 34.618144] [] ? do_splice_direct+0x260/0x260 [ 34.624558] [] do_splice_to+0x108/0x170 [ 34.630403] [] SyS_splice+0x1061/0x1480 [ 34.637442] [] ? compat_SyS_vmsplice+0x160/0x160 [ 34.644303] [] ? do_syscall_64+0x4a/0x570 [ 34.650420] [] ? compat_SyS_vmsplice+0x160/0x160 [ 34.657513] [] do_syscall_64+0x1ad/0x570 [ 34.663527] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb