Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 10.031773] random: sshd: uninitialized urandom read (32 bytes read) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 10.933777] random: crng init done Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.16' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.432907] [ 35.433397] ====================================================== [ 35.434341] [ INFO: possible circular locking dependency detected ] [ 35.435349] 4.9.128+ #41 Not tainted [ 35.435978] ------------------------------------------------------- [ 35.436829] syz-executor385/2055 is trying to acquire lock: [ 35.437592] (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x12d0 [ 35.438940] but task is already holding lock: [ 35.439564] (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 [ 35.440931] which lock already depends on the new lock. [ 35.440931] [ 35.442260] [ 35.442260] the existing dependency chain (in reverse order) is: [ 35.443438] -> #2 (&pipe->mutex/1){+.+.+.}: [ 35.444412] lock_acquire+0x130/0x3e0 [ 35.445063] mutex_lock_nested+0xc0/0x870 [ 35.445876] fifo_open+0x15c/0x9e0 [ 35.446521] do_dentry_open+0x3ef/0xc90 [ 35.447252] vfs_open+0x11c/0x210 [ 35.447915] path_openat+0x542/0x2790 [ 35.448500] do_filp_open+0x197/0x270 [ 35.449178] do_open_execat+0x10f/0x640 [ 35.449971] do_execveat_common.isra.15+0x687/0x1f80 [ 35.450898] SyS_execve+0x42/0x50 [ 35.451485] do_syscall_64+0x19f/0x480 [ 35.452274] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 35.453984] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 35.459694] lock_acquire+0x130/0x3e0 [ 35.463987] mutex_lock_killable_nested+0xcc/0x960 [ 35.469410] lock_trace+0x44/0xc0 [ 35.473355] proc_pid_personality+0x1c/0xc0 [ 35.478172] proc_single_show+0xfd/0x170 [ 35.482731] traverse+0x363/0x920 [ 35.486744] seq_read+0xd1b/0x12d0 [ 35.490785] do_loop_readv_writev.part.1+0xd5/0x280 [ 35.496296] do_readv_writev+0x56e/0x7b0 [ 35.500853] vfs_readv+0x84/0xc0 [ 35.504718] default_file_splice_read+0x44b/0x7e0 [ 35.510054] do_splice_to+0x10c/0x170 [ 35.514352] splice_direct_to_actor+0x23f/0x7e0 [ 35.519515] do_splice_direct+0x1a3/0x270 [ 35.524160] do_sendfile+0x4f0/0xc30 [ 35.528377] SyS_sendfile64+0xd1/0x160 [ 35.532765] do_syscall_64+0x19f/0x480 [ 35.537152] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 35.542745] -> #0 (&p->lock){+.+.+.}: [ 35.547217] __lock_acquire+0x3189/0x4a10 [ 35.551925] lock_acquire+0x130/0x3e0 [ 35.556226] mutex_lock_nested+0xc0/0x870 [ 35.560872] seq_read+0xdd/0x12d0 [ 35.564822] proc_reg_read+0xfd/0x180 [ 35.569118] do_loop_readv_writev.part.1+0xd5/0x280 [ 35.574628] do_readv_writev+0x56e/0x7b0 [ 35.579185] vfs_readv+0x84/0xc0 [ 35.583149] default_file_splice_read+0x44b/0x7e0 [ 35.588610] do_splice_to+0x10c/0x170 [ 35.592936] SyS_splice+0x10d2/0x14d0 [ 35.597232] do_syscall_64+0x19f/0x480 [ 35.601617] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 35.607214] [ 35.607214] other info that might help us debug this: [ 35.607214] [ 35.615330] Chain exists of: &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1 [ 35.624378] Possible unsafe locking scenario: [ 35.624378] [ 35.630408] CPU0 CPU1 [ 35.635048] ---- ---- [ 35.639684] lock(&pipe->mutex/1); [ 35.643643] lock(&sig->cred_guard_mutex); [ 35.650705] lock(&pipe->mutex/1); [ 35.657187] lock(&p->lock); [ 35.660511] [ 35.660511] *** DEADLOCK *** [ 35.660511] [ 35.666543] 1 lock held by syz-executor385/2055: [ 35.671268] #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 [ 35.680350] [ 35.680350] stack backtrace: [ 35.684831] CPU: 1 PID: 2055 Comm: syz-executor385 Not tainted 4.9.128+ #41 [ 35.691902] ffff8801ce70f278 ffffffff81af2469 ffffffff83aa1330 ffffffff83aa80e0 [ 35.699897] ffffffff83aa2c80 ffff8801cfa52090 ffff8801cfa517c0 ffff8801ce70f2c0 [ 35.707996] ffffffff813e79ed 0000000000000001 00000000cfa52070 0000000000000001 [ 35.715988] Call Trace: [ 35.718553] [] dump_stack+0xc1/0x128 [ 35.723896] [] print_circular_bug.cold.36+0x2f7/0x432 [ 35.730716] [] __lock_acquire+0x3189/0x4a10 [ 35.736667] [] ? unwind_next_frame+0x7d/0xd0 [ 35.742701] [] ? trace_hardirqs_on+0x10/0x10 [ 35.748732] [] lock_acquire+0x130/0x3e0 [ 35.754553] [] ? seq_read+0xdd/0x12d0 [ 35.759978] [] ? seq_read+0xdd/0x12d0 [ 35.765450] [] mutex_lock_nested+0xc0/0x870 [ 35.771482] [] ? seq_read+0xdd/0x12d0 [ 35.776922] [] ? mutex_trylock+0x3e0/0x3e0 [ 35.782782] [] ? mark_held_locks+0xc7/0x130 [ 35.788748] [] ? get_page_from_freelist+0xae0/0x18e0 [ 35.795475] [] seq_read+0xdd/0x12d0 [ 35.800733] [] ? fsnotify+0x114/0x1100 [ 35.806246] [] ? seq_lseek+0x3c0/0x3c0 [ 35.811812] [] ? __fsnotify_inode_delete+0x30/0x30 [ 35.818376] [] proc_reg_read+0xfd/0x180 [ 35.824053] [] ? seq_lseek+0x3c0/0x3c0 [ 35.829639] [] do_loop_readv_writev.part.1+0xd5/0x280 [ 35.836461] [] do_readv_writev+0x56e/0x7b0 [ 35.842320] [] ? vfs_write+0x520/0x520 [ 35.847832] [] ? kasan_unpoison_shadow+0x35/0x50 [ 35.854212] [] ? push_pipe+0x3e2/0x770 [ 35.859722] [] ? iov_iter_get_pages_alloc+0x2be/0xee0 [ 35.866551] [] vfs_readv+0x84/0xc0 [ 35.871716] [] default_file_splice_read+0x44b/0x7e0 [ 35.878353] [] ? do_splice_direct+0x270/0x270 [ 35.884542] [] ? trace_hardirqs_on+0x10/0x10 [ 35.890591] [] ? trace_hardirqs_on+0x10/0x10 [ 35.896628] [] ? __fsnotify_inode_delete+0x30/0x30 [ 35.903185] [] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 35.911657] [] ? avc_policy_seqno+0x9/0x20 [ 35.917828] [] ? selinux_file_permission+0x82/0x470 [ 35.924472] [] ? security_file_permission+0x8f/0x1e0 [ 35.931201] [] ? rw_verify_area+0xe5/0x2a0 [ 35.937059] [] ? do_splice_direct+0x270/0x270 [ 35.943180] [] do_splice_to+0x10c/0x170 [ 35.948784] [] SyS_splice+0x10d2/0x14d0 [ 35.954386] [] ? SyS_futex+0x26c/0x370 [ 35.959903] [] ? compat_SyS_vmsplice+0x160/0x160 [ 35.966287] [] ? __close_fd+0x15d/0x230 [ 35.971885] [] ? do_syscall_64+0x48/0x480 [ 35.977662] [] ? compat_SyS_vmsplice+0x160/0x160 [ 35.984044