Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 9.813811] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. D[ 10.939823] random: crng init done ebian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.93' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 38.148940] [ 38.149451] ====================================================== [ 38.150531] [ INFO: possible circular locking dependency detected ] [ 38.151657] 4.9.128+ #93 Not tainted [ 38.152345] ------------------------------------------------------- [ 38.153567] syz-executor311/2060 is trying to acquire lock: [ 38.154443] (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x12d0 [ 38.155726] but task is already holding lock: [ 38.156549] (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 [ 38.158055] which lock already depends on the new lock. [ 38.158055] [ 38.159110] [ 38.159110] the existing dependency chain (in reverse order) is: [ 38.160378] -> #2 (&pipe->mutex/1){+.+.+.}: [ 38.161252] lock_acquire+0x130/0x3e0 [ 38.161883] mutex_lock_nested+0xc0/0x870 [ 38.162611] fifo_open+0x15c/0x9e0 [ 38.163208] do_dentry_open+0x3ef/0xc90 [ 38.163990] vfs_open+0x11c/0x210 [ 38.164609] path_openat+0x542/0x2790 [ 38.165352] do_filp_open+0x197/0x270 [ 38.165994] do_open_execat+0x10f/0x640 [ 38.166619] do_execveat_common.isra.15+0x687/0x1f80 [ 38.167433] SyS_execve+0x42/0x50 [ 38.168016] do_syscall_64+0x19f/0x480 [ 38.168628] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 38.171548] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 38.177188] lock_acquire+0x130/0x3e0 [ 38.181480] mutex_lock_killable_nested+0xcc/0x960 [ 38.186909] lock_trace+0x44/0xc0 [ 38.190861] proc_pid_stack+0xdc/0x220 [ 38.195247] proc_single_show+0xfd/0x170 [ 38.199815] traverse+0x363/0x920 [ 38.203805] seq_read+0xd1b/0x12d0 [ 38.207848] do_loop_readv_writev.part.1+0xd5/0x280 [ 38.213364] do_readv_writev+0x56e/0x7b0 [ 38.217930] vfs_readv+0x84/0xc0 [ 38.221793] default_file_splice_read+0x44b/0x7e0 [ 38.227133] do_splice_to+0x10c/0x170 [ 38.231427] splice_direct_to_actor+0x23f/0x7e0 [ 38.236595] do_splice_direct+0x1a3/0x270 [ 38.241242] do_sendfile+0x4f0/0xc30 [ 38.245515] SyS_sendfile64+0xd1/0x160 [ 38.249905] do_syscall_64+0x19f/0x480 [ 38.254290] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 38.259882] -> #0 (&p->lock){+.+.+.}: [ 38.264309] __lock_acquire+0x3189/0x4a10 [ 38.268950] lock_acquire+0x130/0x3e0 [ 38.273246] mutex_lock_nested+0xc0/0x870 [ 38.277994] seq_read+0xdd/0x12d0 [ 38.281954] proc_reg_read+0xfd/0x180 [ 38.286311] do_loop_readv_writev.part.1+0xd5/0x280 [ 38.291827] do_readv_writev+0x56e/0x7b0 [ 38.296383] vfs_readv+0x84/0xc0 [ 38.300242] default_file_splice_read+0x44b/0x7e0 [ 38.305581] do_splice_to+0x10c/0x170 [ 38.309877] SyS_splice+0x10d2/0x14d0 [ 38.314175] do_syscall_64+0x19f/0x480 [ 38.318560] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 38.324152] [ 38.324152] other info that might help us debug this: [ 38.324152] [ 38.332270] Chain exists of: &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1 [ 38.341387] Possible unsafe locking scenario: [ 38.341387] [ 38.347417] CPU0 CPU1 [ 38.352055] ---- ---- [ 38.356692] lock(&pipe->mutex/1); [ 38.360645] lock(&sig->cred_guard_mutex); [ 38.367752] lock(&pipe->mutex/1); [ 38.374281] lock(&p->lock); [ 38.377598] [ 38.377598] *** DEADLOCK *** [ 38.377598] [ 38.383633] 1 lock held by syz-executor311/2060: [ 38.388361] #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 [ 38.397241] [ 38.397241] stack backtrace: [ 38.401720] CPU: 1 PID: 2060 Comm: syz-executor311 Not tainted 4.9.128+ #93 [ 38.408861] ffff8801cd8a7278 ffffffff81af2469 ffffffff83aa1330 ffffffff83aa7d80 [ 38.416861] ffffffff83aa2c80 ffff8801ce9cd010 ffff8801ce9cc740 ffff8801cd8a72c0 [ 38.424862] ffffffff813e79ed 0000000000000001 00000000ce9ccff0 0000000000000001 [ 38.432875] Call Trace: [ 38.435448] [] dump_stack+0xc1/0x128 [ 38.440838] [] print_circular_bug.cold.36+0x2f7/0x432 [ 38.447760] [] __lock_acquire+0x3189/0x4a10 [ 38.453712] [] ? unwind_next_frame+0x7d/0xd0 [ 38.459747] [] ? trace_hardirqs_on+0x10/0x10 [ 38.465781] [] lock_acquire+0x130/0x3e0 [ 38.471423] [] ? seq_read+0xdd/0x12d0 [ 38.476901] [] ? seq_read+0xdd/0x12d0 [ 38.482335] [] mutex_lock_nested+0xc0/0x870 [ 38.488284] [] ? seq_read+0xdd/0x12d0 [ 38.493709] [] ? mutex_trylock+0x3e0/0x3e0 [ 38.499577] [] ? mark_held_locks+0xc7/0x130 [ 38.505537] [] ? get_page_from_freelist+0xae0/0x18e0 [ 38.512269] [] seq_read+0xdd/0x12d0 [ 38.517528] [] ? fsnotify+0x114/0x1100 [ 38.523051] [] ? seq_lseek+0x3c0/0x3c0 [ 38.528580] [] ? __fsnotify_inode_delete+0x30/0x30 [ 38.535208] [] proc_reg_read+0xfd/0x180 [ 38.540820] [] ? seq_lseek+0x3c0/0x3c0 [ 38.546335] [] do_loop_readv_writev.part.1+0xd5/0x280 [ 38.553195] [] do_readv_writev+0x56e/0x7b0 [ 38.559061] [] ? vfs_write+0x520/0x520 [ 38.564576] [] ? kasan_unpoison_shadow+0x35/0x50 [ 38.570956] [] ? push_pipe+0x3e2/0x770 [ 38.576473] [] ? iov_iter_get_pages_alloc+0x2be/0xee0 [ 38.583290] [] vfs_readv+0x84/0xc0 [ 38.588463] [] default_file_splice_read+0x44b/0x7e0 [ 38.595104] [] ? do_splice_direct+0x270/0x270 [ 38.601228] [] ? trace_hardirqs_on+0x10/0x10 [ 38.607265] [] ? trace_hardirqs_on+0x10/0x10 [ 38.613303] [] ? __fsnotify_inode_delete+0x30/0x30 [ 38.619857] [] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 38.628326] [] ? avc_policy_seqno+0x9/0x20 [ 38.634186] [] ? selinux_file_permission+0x82/0x470 [ 38.640889] [] ? security_file_permission+0x8f/0x1e0 [ 38.647674] [] ? rw_verify_area+0xe5/0x2a0 [ 38.653578] [] ? do_splice_direct+0x270/0x270 [ 38.659702] [] do_splice_to+0x10c/0x170 [ 38.665304] [] SyS_splice+0x10d2/0x14d0 [ 38.670909] [] ? SyS_futex+0x26c/0x370 [ 38.676437] [] ? compat_SyS_vmsplice+0x160/0x160 [ 38.682955] [] ? do_syscall_64+0x48/0x480 [ 38.688732] [] ? compat_SyS_vmsplice+0x160/0x160 [ 38.695117] [] do_syscall_64+0x19f/0x480 [ 38