[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 9.990768] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.106212] random: sshd: uninitialized urandom read (32 bytes read) [ 21.132057] random: crng init done Warning: Permanently added '10.128.15.209' (ECDSA) to the list of known hosts. executing program [ 27.887893] [ 27.889541] ====================================================== [ 27.895969] [ INFO: possible circular locking dependency detected ] [ 27.902352] 4.9.141+ #69 Not tainted [ 27.906056] ------------------------------------------------------- [ 27.912434] syz-executor637/2049 is trying to acquire lock: [ 27.918112] (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x12d0 [ 27.925836] but task is already holding lock: [ 27.930478] (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 [ 27.938753] which lock already depends on the new lock. [ 27.938753] [ 27.945742] [ 27.945742] the existing dependency chain (in reverse order) is: [ 27.953335] -> #2 (&pipe->mutex/1){+.+.+.}: [ 27.958520] lock_acquire+0x130/0x3e0 [ 27.962821] mutex_lock_nested+0xc0/0x900 [ 27.967465] fifo_open+0x15c/0x9e0 [ 27.971505] do_dentry_open+0x3ef/0xc90 [ 27.975984] vfs_open+0x11c/0x210 [ 27.979946] path_openat+0x542/0x2790 [ 27.984250] do_filp_open+0x197/0x270 [ 27.988568] do_open_execat+0x10f/0x640 [ 27.993048] do_execveat_common.isra.14+0x687/0x1ed0 [ 27.998666] SyS_execve+0x42/0x50 [ 28.002636] do_syscall_64+0x19f/0x550 [ 28.007022] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 28.012619] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 28.018289] lock_acquire+0x130/0x3e0 [ 28.022586] mutex_lock_killable_nested+0xcc/0x9f0 [ 28.028011] lock_trace+0x44/0xc0 [ 28.031961] proc_pid_stack+0x123/0x290 [ 28.036430] proc_single_show+0xfd/0x170 [ 28.040993] seq_read+0x4b6/0x12d0 [ 28.045036] do_loop_readv_writev.part.1+0xd5/0x280 [ 28.050546] do_readv_writev+0x56e/0x7b0 [ 28.055100] vfs_readv+0x84/0xc0 [ 28.058967] default_file_splice_read+0x451/0x7f0 [ 28.064306] do_splice_to+0x10c/0x170 [ 28.068598] splice_direct_to_actor+0x23f/0x7e0 [ 28.073766] do_splice_direct+0x1a3/0x270 [ 28.078415] do_sendfile+0x4f0/0xc30 [ 28.082626] SyS_sendfile64+0x144/0x160 [ 28.087111] do_syscall_64+0x19f/0x550 [ 28.091542] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 28.097171] -> #0 (&p->lock){+.+.+.}: [ 28.101723] __lock_acquire+0x3189/0x4a10 [ 28.106377] lock_acquire+0x130/0x3e0 [ 28.110754] mutex_lock_nested+0xc0/0x900 [ 28.115408] seq_read+0xdd/0x12d0 [ 28.119359] proc_reg_read+0xfd/0x180 [ 28.123660] do_loop_readv_writev.part.1+0xd5/0x280 [ 28.129176] do_readv_writev+0x56e/0x7b0 [ 28.133773] vfs_readv+0x84/0xc0 [ 28.137643] default_file_splice_read+0x451/0x7f0 [ 28.142987] do_splice_to+0x10c/0x170 [ 28.147290] SyS_splice+0x10d2/0x14d0 [ 28.151589] do_syscall_64+0x19f/0x550 [ 28.155978] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 28.161571] [ 28.161571] other info that might help us debug this: [ 28.161571] [ 28.169749] Chain exists of: &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1 [ 28.178902] Possible unsafe locking scenario: [ 28.178902] [ 28.184944] CPU0 CPU1 [ 28.189586] ---- ---- [ 28.194229] lock(&pipe->mutex/1); [ 28.198217] lock(&sig->cred_guard_mutex); [ 28.205271] lock(&pipe->mutex/1); [ 28.211767] lock(&p->lock); [ 28.215191] [ 28.215191] *** DEADLOCK *** [ 28.215191] [ 28.221354] 1 lock held by syz-executor637/2049: [ 28.226172] #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 [ 28.235033] [ 28.235033] stack backtrace: [ 28.239513] CPU: 1 PID: 2049 Comm: syz-executor637 Not tainted 4.9.141+ #69 [ 28.246589] ffff8801ce6bf278 ffffffff81b42e79 ffffffff83ca2fd0 ffffffff83caa290 [ 28.254639] ffffffff83ca4920 ffff8801cf2f88d0 ffff8801cf2f8000 ffff8801ce6bf2c0 [ 28.262774] ffffffff813fee40 0000000000000001 00000000cf2f88b0 0000000000000001 [ 28.270770] Call Trace: [ 28.273338] [] dump_stack+0xc1/0x128 [ 28.278751] [] print_circular_bug.cold.36+0x2f7/0x432 [ 28.285573] [] __lock_acquire+0x3189/0x4a10 [ 28.291517] [] ? trace_hardirqs_on+0x10/0x10 [ 28.297549] [] lock_acquire+0x130/0x3e0 [ 28.303152] [] ? seq_read+0xdd/0x12d0 [ 28.308579] [] ? seq_read+0xdd/0x12d0 [ 28.314012] [] mutex_lock_nested+0xc0/0x900 [ 28.319966] [] ? seq_read+0xdd/0x12d0 [ 28.325393] [] ? mutex_trylock+0x3e0/0x3e0 [ 28.331251] [] ? mark_held_locks+0xc7/0x130 [ 28.337200] [] ? get_page_from_freelist+0xda3/0x1d80 [ 28.343928] [] ? kasan_unpoison_shadow+0x35/0x50 [ 28.350379] [] seq_read+0xdd/0x12d0 [ 28.355707] [] ? fsnotify+0x114/0x1100 [ 28.361225] [] ? seq_lseek+0x3c0/0x3c0 [ 28.366869] [] ? __fsnotify_inode_delete+0x30/0x30 [ 28.373432] [] proc_reg_read+0xfd/0x180 [ 28.379035] [] ? seq_lseek+0x3c0/0x3c0 [ 28.384550] [] do_loop_readv_writev.part.1+0xd5/0x280 [ 28.391363] [] do_readv_writev+0x56e/0x7b0 [ 28.397224] [] ? vfs_write+0x520/0x520 [ 28.402737] [] ? kasan_unpoison_shadow+0x35/0x50 [ 28.409119] [] ? push_pipe+0x3e2/0x770 [ 28.414730] [] ? iov_iter_get_pages_alloc+0x2be/0xee0 [ 28.421548] [] vfs_readv+0x84/0xc0 [ 28.426743] [] default_file_splice_read+0x451/0x7f0 [ 28.433403] [] ? do_splice_direct+0x270/0x270 [ 28.439523] [] ? trace_hardirqs_on+0x10/0x10 [ 28.445558] [] ? kasan_slab_free+0xac/0x190 [ 28.451520] [] ? kmem_cache_free+0xbe/0x310 [ 28.457471] [] ? trace_hardirqs_on+0x10/0x10 [ 28.463611] [] ? __fsnotify_inode_delete+0x30/0x30 [ 28.470170] [] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 28.478640] [] ? avc_policy_seqno+0x9/0x20 [ 28.484513] [] ? selinux_file_permission+0x82/0x470 [ 28.491166] [] ? security_file_permission+0x8f/0x1e0 [ 28.497904] [] ? rw_verify_area+0xe5/0x2a0 [ 28.503763] [] ? do_splice_direct+0x270/0x270 [ 28.509888] [] do_splice_to+0x10c/0x170 [ 28.515490] [] SyS_splice+0x10d2/0x14d0 [ 28.521089] [] ? compat_SyS_vmsplice+0x160/0x160 [ 28.527469] [] ? do_syscall_64+0x48/0x550 [ 28.533357] [] ? compat_SyS_vmsplice+0x160/0x160 [ 28.539847] [] do_syscall_64+0x19f/0x550 [ 28.545560] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb