[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [ 10.649396] random: sshd: uninitialized urandom read (32 bytes read) Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [ 10.898452] random: crng init done Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 36.276492] [ 36.276879] ====================================================== [ 36.277761] [ INFO: possible circular locking dependency detected ] [ 36.278613] 4.9.141+ #23 Not tainted [ 36.279115] ------------------------------------------------------- [ 36.279996] syz-executor435/2058 is trying to acquire lock: [ 36.280769] (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x12d0 [ 36.281966] but task is already holding lock: [ 36.282736] (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 [ 36.283972] which lock already depends on the new lock. [ 36.283972] [ 36.285008] [ 36.285008] the existing dependency chain (in reverse order) is: [ 36.286150] -> #2 (&pipe->mutex/1){+.+.+.}: [ 36.287053] lock_acquire+0x130/0x3e0 [ 36.287668] mutex_lock_nested+0xc0/0x900 [ 36.288294] fifo_open+0x15c/0x9e0 [ 36.288940] do_dentry_open+0x3ef/0xc90 [ 36.289664] vfs_open+0x11c/0x210 [ 36.290209] path_openat+0x542/0x2790 [ 36.290932] do_filp_open+0x197/0x270 [ 36.291536] do_open_execat+0x10f/0x640 [ 36.292159] do_execveat_common.isra.14+0x687/0x1ed0 [ 36.292910] compat_SyS_execve+0x48/0x60 [ 36.293526] do_fast_syscall_32+0x2f1/0xa10 [ 36.294352] entry_SYSENTER_compat+0x90/0xa2 [ 36.295085] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 36.296186] lock_acquire+0x130/0x3e0 [ 36.298520] mutex_lock_killable_nested+0xcc/0x9f0 [ 36.303951] lock_trace+0x44/0xc0 [ 36.307904] proc_pid_syscall+0xa9/0x260 [ 36.312501] proc_single_show+0xfd/0x170 [ 36.317069] seq_read+0x4b6/0x12d0 [ 36.321107] do_loop_readv_writev.part.1+0xd5/0x280 [ 36.326627] do_readv_writev+0x56e/0x7b0 [ 36.331189] vfs_readv+0x84/0xc0 [ 36.335054] default_file_splice_read+0x451/0x7f0 [ 36.340397] do_splice_to+0x10c/0x170 [ 36.344700] splice_direct_to_actor+0x23f/0x7e0 [ 36.349965] do_splice_direct+0x1a3/0x270 [ 36.354622] do_sendfile+0x4f0/0xc30 [ 36.358935] compat_SyS_sendfile+0x143/0x160 [ 36.363844] do_fast_syscall_32+0x2f1/0xa10 [ 36.368786] entry_SYSENTER_compat+0x90/0xa2 [ 36.373690] -> #0 (&p->lock){+.+.+.}: [ 36.378185] __lock_acquire+0x3189/0x4a10 [ 36.382950] lock_acquire+0x130/0x3e0 [ 36.387259] mutex_lock_nested+0xc0/0x900 [ 36.392049] seq_read+0xdd/0x12d0 [ 36.396098] proc_reg_read+0xfd/0x180 [ 36.400436] do_loop_readv_writev.part.1+0xd5/0x280 [ 36.405954] do_readv_writev+0x56e/0x7b0 [ 36.410516] vfs_readv+0x84/0xc0 [ 36.414377] default_file_splice_read+0x451/0x7f0 [ 36.419713] do_splice_to+0x10c/0x170 [ 36.424011] SyS_splice+0x10d2/0x14d0 [ 36.428309] do_fast_syscall_32+0x2f1/0xa10 [ 36.433126] entry_SYSENTER_compat+0x90/0xa2 [ 36.438088] [ 36.438088] other info that might help us debug this: [ 36.438088] [ 36.446215] Chain exists of: &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1 [ 36.455366] Possible unsafe locking scenario: [ 36.455366] [ 36.461394] CPU0 CPU1 [ 36.466035] ---- ---- [ 36.470674] lock(&pipe->mutex/1); [ 36.474656] lock(&sig->cred_guard_mutex); [ 36.481703] lock(&pipe->mutex/1); [ 36.488175] lock(&p->lock); [ 36.491490] [ 36.491490] *** DEADLOCK *** [ 36.491490] [ 36.497577] 1 lock held by syz-executor435/2058: [ 36.502311] #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 [ 36.511114] [ 36.511114] stack backtrace: [ 36.515587] CPU: 1 PID: 2058 Comm: syz-executor435 Not tainted 4.9.141+ #23 [ 36.522667] ffff8801ce98f268 ffffffff81b42e79 ffffffff83ca2e20 ffffffff83caa0e0 [ 36.530776] ffffffff83ca4770 ffff8801ced5a090 ffff8801ced597c0 ffff8801ce98f2b0 [ 36.538803] ffffffff813fee40 0000000000000001 00000000ced5a070 0000000000000001 [ 36.546927] Call Trace: [ 36.549507] [] dump_stack+0xc1/0x128 [ 36.554949] [] print_circular_bug.cold.36+0x2f7/0x432 [ 36.561771] [] __lock_acquire+0x3189/0x4a10 [ 36.567719] [] ? unwind_next_frame+0x7d/0xd0 [ 36.573754] [] ? trace_hardirqs_on+0x10/0x10 [ 36.579793] [] ? add_lock_to_list.isra.9.constprop.25+0x149/0x280 [ 36.587649] [] lock_acquire+0x130/0x3e0 [ 36.593250] [] ? seq_read+0xdd/0x12d0 [ 36.598679] [] ? seq_read+0xdd/0x12d0 [ 36.604114] [] mutex_lock_nested+0xc0/0x900 [ 36.610108] [] ? seq_read+0xdd/0x12d0 [ 36.615546] [] ? mutex_trylock+0x3e0/0x3e0 [ 36.621412] [] ? mark_held_locks+0xc7/0x130 [ 36.627372] [] ? get_page_from_freelist+0xda3/0x1d80 [ 36.634105] [] ? kasan_unpoison_shadow+0x35/0x50 [ 36.640486] [] seq_read+0xdd/0x12d0 [ 36.645745] [] ? fsnotify+0x114/0x1100 [ 36.651260] [] ? seq_lseek+0x3c0/0x3c0 [ 36.656771] [] ? __fsnotify_inode_delete+0x30/0x30 [ 36.663324] [] proc_reg_read+0xfd/0x180 [ 36.668929] [] ? seq_lseek+0x3c0/0x3c0 [ 36.674448] [] do_loop_readv_writev.part.1+0xd5/0x280 [ 36.681275] [] do_readv_writev+0x56e/0x7b0 [ 36.687144] [] ? vfs_write+0x520/0x520 [ 36.692661] [] ? kasan_unpoison_shadow+0x35/0x50 [ 36.699048] [] ? push_pipe+0x3e2/0x770 [ 36.704604] [] ? futex_wait+0x305/0x5d0 [ 36.710249] [] ? iov_iter_get_pages_alloc+0x2be/0xee0 [ 36.717066] [] vfs_readv+0x84/0xc0 [ 36.722235] [] default_file_splice_read+0x451/0x7f0 [ 36.728883] [] ? do_splice_direct+0x270/0x270 [ 36.735004] [] ? trace_hardirqs_on+0x10/0x10 [ 36.741102] [] ? do_futex+0x181/0x1a30 [ 36.746622] [] ? kasan_slab_free+0xac/0x190 [ 36.752572] [] ? kmem_cache_free+0xbe/0x310 [ 36.758590] [] ? trace_hardirqs_on+0x10/0x10 [ 36.764649] [] ? __fsnotify_inode_delete+0x30/0x30 [ 36.771213] [] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 36.779683] [] ? avc_policy_seqno+0x9/0x20 [ 36.785594] [] ? selinux_file_permission+0x82/0x470 [ 36.792261] [] ? security_file_permission+0x8f/0x1e0 [ 36.798987] [] ? rw_verify_area+0xe5/0x2a0 [ 36.804852] [] ? do_splice_direct+0x270/0x270 [ 36.810973] [] do_splice_to+0x10c/0x170 [ 36.816572] [] SyS_splice+0x10d2/0x14d0 [ 36.822237] [] ? compat_SyS_futex+0x1e1/0x2f0 [ 36.828475] [] ? compat_SyS_vmsplice+0x160/0x160 [ 36.834954] [] ? do_fast_syscall_32+0xcf/0xa10 [ 36.841166] [] ? compat_SyS_vmsplice+0x160/0x160 [ 36.847547] [] do_fast_syscall_32+0x2f1/0xa10 [ 36.853674] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.860317] [] entry_SYSENTER_compat+0x90/0xa2