[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [ 9.277697] random: sshd: uninitialized urandom read (32 bytes read) Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.517534] random: crng init done Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts. executing program [ 30.737789] [ 30.739442] ====================================================== [ 30.745729] [ INFO: possible circular locking dependency detected ] [ 30.752124] 4.9.128+ #93 Not tainted [ 30.755813] ------------------------------------------------------- [ 30.762194] syz-executor252/2056 is trying to acquire lock: [ 30.767881] (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x12d0 [ 30.775605] but task is already holding lock: [ 30.780850] (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 [ 30.789139] which lock already depends on the new lock. [ 30.789139] [ 30.796131] [ 30.796131] the existing dependency chain (in reverse order) is: [ 30.803729] -> #2 (&pipe->mutex/1){+.+.+.}: [ 30.808835] lock_acquire+0x130/0x3e0 [ 30.813206] mutex_lock_nested+0xc0/0x870 [ 30.817881] fifo_open+0x15c/0x9e0 [ 30.822009] do_dentry_open+0x3ef/0xc90 [ 30.826574] vfs_open+0x11c/0x210 [ 30.830549] path_openat+0x542/0x2790 [ 30.834853] do_filp_open+0x197/0x270 [ 30.839157] do_open_execat+0x10f/0x640 [ 30.843719] do_execveat_common.isra.15+0x687/0x1f80 [ 30.849336] SyS_execve+0x42/0x50 [ 30.853297] do_syscall_64+0x19f/0x480 [ 30.857704] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 30.863310] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 30.868996] lock_acquire+0x130/0x3e0 [ 30.873305] mutex_lock_killable_nested+0xcc/0x960 [ 30.878738] lock_trace+0x44/0xc0 [ 30.882695] proc_pid_personality+0x1c/0xc0 [ 30.887574] proc_single_show+0xfd/0x170 [ 30.892143] traverse+0x363/0x920 [ 30.896341] seq_read+0xd1b/0x12d0 [ 30.900386] do_loop_readv_writev.part.1+0xd5/0x280 [ 30.905910] do_readv_writev+0x56e/0x7b0 [ 30.910484] vfs_readv+0x84/0xc0 [ 30.914358] default_file_splice_read+0x44b/0x7e0 [ 30.919700] do_splice_to+0x10c/0x170 [ 30.924012] splice_direct_to_actor+0x23f/0x7e0 [ 30.929182] do_splice_direct+0x1a3/0x270 [ 30.933839] do_sendfile+0x4f0/0xc30 [ 30.938048] SyS_sendfile64+0xd1/0x160 [ 30.942434] do_syscall_64+0x19f/0x480 [ 30.946827] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 30.952585] -> #0 (&p->lock){+.+.+.}: [ 30.957043] __lock_acquire+0x3189/0x4a10 [ 30.961702] lock_acquire+0x130/0x3e0 [ 30.966018] mutex_lock_nested+0xc0/0x870 [ 30.970670] seq_read+0xdd/0x12d0 [ 30.974627] proc_reg_read+0xfd/0x180 [ 30.978937] do_loop_readv_writev.part.1+0xd5/0x280 [ 30.984573] do_readv_writev+0x56e/0x7b0 [ 30.989135] vfs_readv+0x84/0xc0 [ 30.993009] default_file_splice_read+0x44b/0x7e0 [ 30.998352] do_splice_to+0x10c/0x170 [ 31.002650] SyS_splice+0x10d2/0x14d0 [ 31.006951] do_syscall_64+0x19f/0x480 [ 31.011349] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 31.016944] [ 31.016944] other info that might help us debug this: [ 31.016944] [ 31.025061] Chain exists of: &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1 [ 31.034119] Possible unsafe locking scenario: [ 31.034119] [ 31.040152] CPU0 CPU1 [ 31.044801] ---- ---- [ 31.049444] lock(&pipe->mutex/1); [ 31.053419] lock(&sig->cred_guard_mutex); [ 31.060490] lock(&pipe->mutex/1); [ 31.066970] lock(&p->lock); [ 31.070398] [ 31.070398] *** DEADLOCK *** [ 31.070398] [ 31.076433] 1 lock held by syz-executor252/2056: [ 31.081162] #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 [ 31.090001] [ 31.090001] stack backtrace: [ 31.094481] CPU: 1 PID: 2056 Comm: syz-executor252 Not tainted 4.9.128+ #93 [ 31.101562] ffff8801ceb8f278 ffffffff81af2469 ffffffff83aa0fd0 ffffffff83aa7d80 [ 31.109586] ffffffff83aa2c80 ffff8801cef808d0 ffff8801cef80000 ffff8801ceb8f2c0 [ 31.117738] ffffffff813e79ed 0000000000000001 00000000cef808b0 0000000000000001 [ 31.125842] Call Trace: [ 31.128425] [] dump_stack+0xc1/0x128 [ 31.133884] [] print_circular_bug.cold.36+0x2f7/0x432 [ 31.140713] [] __lock_acquire+0x3189/0x4a10 [ 31.146775] [] ? unwind_next_frame+0x7d/0xd0 [ 31.152901] [] ? trace_hardirqs_on+0x10/0x10 [ 31.158953] [] lock_acquire+0x130/0x3e0 [ 31.164568] [] ? seq_read+0xdd/0x12d0 [ 31.170006] [] ? seq_read+0xdd/0x12d0 [ 31.175439] [] mutex_lock_nested+0xc0/0x870 [ 31.181391] [] ? seq_read+0xdd/0x12d0 [ 31.186826] [] ? mutex_trylock+0x3e0/0x3e0 [ 31.192823] [] ? mark_held_locks+0xc7/0x130 [ 31.198788] [] ? get_page_from_freelist+0xae0/0x18e0 [ 31.205678] [] seq_read+0xdd/0x12d0 [ 31.210945] [] ? fsnotify+0x114/0x1100 [ 31.216469] [] ? seq_lseek+0x3c0/0x3c0 [ 31.222118] [] ? __fsnotify_inode_delete+0x30/0x30 [ 31.228681] [] proc_reg_read+0xfd/0x180 [ 31.234358] [] ? seq_lseek+0x3c0/0x3c0 [ 31.239896] [] do_loop_readv_writev.part.1+0xd5/0x280 [ 31.246724] [] do_readv_writev+0x56e/0x7b0 [ 31.252586] [] ? vfs_write+0x520/0x520 [ 31.258107] [] ? kasan_unpoison_shadow+0x35/0x50 [ 31.264516] [] ? push_pipe+0x3e2/0x770 [ 31.270036] [] ? iov_iter_get_pages_alloc+0x2be/0xee0 [ 31.276860] [] vfs_readv+0x84/0xc0 [ 31.282144] [] default_file_splice_read+0x44b/0x7e0 [ 31.288794] [] ? do_splice_direct+0x270/0x270 [ 31.294929] [] ? trace_hardirqs_on+0x10/0x10 [ 31.300978] [] ? trace_hardirqs_on+0x10/0x10 [ 31.307139] [] ? __fsnotify_inode_delete+0x30/0x30 [ 31.313727] [] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 31.322212] [] ? avc_policy_seqno+0x9/0x20 [ 31.328098] [] ? selinux_file_permission+0x82/0x470 [ 31.334758] [] ? security_file_permission+0x8f/0x1e0 [ 31.341595] [] ? rw_verify_area+0xe5/0x2a0 [ 31.347473] [] ? do_splice_direct+0x270/0x270 [ 31.353608] [] do_splice_to+0x10c/0x170 [ 31.359230] [] SyS_splice+0x10d2/0x14d0 [ 31.364844] [] ? SyS_futex+0x26c/0x370 [ 31.370366] [] ? compat_SyS_vmsplice+0x160/0x160 [ 31.376758] [] ? __close_fd+0x15d/0x230 [ 31.382369] [] ? do_syscall_64+0x48/0x480 [ 31.388156] [