[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[    9.990768] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.106212] random: sshd: uninitialized urandom read (32 bytes read)
[   21.132057] random: crng init done
Warning: Permanently added '10.128.15.209' (ECDSA) to the list of known hosts.
executing program
[   27.887893] 
[   27.889541] ======================================================
[   27.895969] [ INFO: possible circular locking dependency detected ]
[   27.902352] 4.9.141+ #69 Not tainted
[   27.906056] -------------------------------------------------------
[   27.912434] syz-executor637/2049 is trying to acquire lock:
[   27.918112]  (&p->lock){+.+.+.}, at: [<ffffffff8158080d>] seq_read+0xdd/0x12d0

[   27.925836] but task is already holding lock:
[   27.930478]  (&pipe->mutex/1){+.+.+.}, at: [<ffffffff81523c1e>] pipe_lock+0x5e/0x70

[   27.938753] which lock already depends on the new lock.
[   27.938753] 
[   27.945742] 
[   27.945742] the existing dependency chain (in reverse order) is:
[   27.953335] 
-> #2 (&pipe->mutex/1){+.+.+.}:
[   27.958520]        lock_acquire+0x130/0x3e0
[   27.962821]        mutex_lock_nested+0xc0/0x900
[   27.967465]        fifo_open+0x15c/0x9e0
[   27.971505]        do_dentry_open+0x3ef/0xc90
[   27.975984]        vfs_open+0x11c/0x210
[   27.979946]        path_openat+0x542/0x2790
[   27.984250]        do_filp_open+0x197/0x270
[   27.988568]        do_open_execat+0x10f/0x640
[   27.993048]        do_execveat_common.isra.14+0x687/0x1ed0
[   27.998666]        SyS_execve+0x42/0x50
[   28.002636]        do_syscall_64+0x19f/0x550
[   28.007022]        entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   28.012619] 
-> #1 (&sig->cred_guard_mutex){+.+.+.}:
[   28.018289]        lock_acquire+0x130/0x3e0
[   28.022586]        mutex_lock_killable_nested+0xcc/0x9f0
[   28.028011]        lock_trace+0x44/0xc0
[   28.031961]        proc_pid_stack+0x123/0x290
[   28.036430]        proc_single_show+0xfd/0x170
[   28.040993]        seq_read+0x4b6/0x12d0
[   28.045036]        do_loop_readv_writev.part.1+0xd5/0x280
[   28.050546]        do_readv_writev+0x56e/0x7b0
[   28.055100]        vfs_readv+0x84/0xc0
[   28.058967]        default_file_splice_read+0x451/0x7f0
[   28.064306]        do_splice_to+0x10c/0x170
[   28.068598]        splice_direct_to_actor+0x23f/0x7e0
[   28.073766]        do_splice_direct+0x1a3/0x270
[   28.078415]        do_sendfile+0x4f0/0xc30
[   28.082626]        SyS_sendfile64+0x144/0x160
[   28.087111]        do_syscall_64+0x19f/0x550
[   28.091542]        entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   28.097171] 
-> #0 (&p->lock){+.+.+.}:
[   28.101723]        __lock_acquire+0x3189/0x4a10
[   28.106377]        lock_acquire+0x130/0x3e0
[   28.110754]        mutex_lock_nested+0xc0/0x900
[   28.115408]        seq_read+0xdd/0x12d0
[   28.119359]        proc_reg_read+0xfd/0x180
[   28.123660]        do_loop_readv_writev.part.1+0xd5/0x280
[   28.129176]        do_readv_writev+0x56e/0x7b0
[   28.133773]        vfs_readv+0x84/0xc0
[   28.137643]        default_file_splice_read+0x451/0x7f0
[   28.142987]        do_splice_to+0x10c/0x170
[   28.147290]        SyS_splice+0x10d2/0x14d0
[   28.151589]        do_syscall_64+0x19f/0x550
[   28.155978]        entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   28.161571] 
[   28.161571] other info that might help us debug this:
[   28.161571] 
[   28.169749] Chain exists of:
  &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1

[   28.178902]  Possible unsafe locking scenario:
[   28.178902] 
[   28.184944]        CPU0                    CPU1
[   28.189586]        ----                    ----
[   28.194229]   lock(&pipe->mutex/1);
[   28.198217]                                lock(&sig->cred_guard_mutex);
[   28.205271]                                lock(&pipe->mutex/1);
[   28.211767]   lock(&p->lock);
[   28.215191] 
[   28.215191]  *** DEADLOCK ***
[   28.215191] 
[   28.221354] 1 lock held by syz-executor637/2049:
[   28.226172]  #0:  (&pipe->mutex/1){+.+.+.}, at: [<ffffffff81523c1e>] pipe_lock+0x5e/0x70
[   28.235033] 
[   28.235033] stack backtrace:
[   28.239513] CPU: 1 PID: 2049 Comm: syz-executor637 Not tainted 4.9.141+ #69
[   28.246589]  ffff8801ce6bf278 ffffffff81b42e79 ffffffff83ca2fd0 ffffffff83caa290
[   28.254639]  ffffffff83ca4920 ffff8801cf2f88d0 ffff8801cf2f8000 ffff8801ce6bf2c0
[   28.262774]  ffffffff813fee40 0000000000000001 00000000cf2f88b0 0000000000000001
[   28.270770] Call Trace:
[   28.273338]  [<ffffffff81b42e79>] dump_stack+0xc1/0x128
[   28.278751]  [<ffffffff813fee40>] print_circular_bug.cold.36+0x2f7/0x432
[   28.285573]  [<ffffffff8120a539>] __lock_acquire+0x3189/0x4a10
[   28.291517]  [<ffffffff812073b0>] ? trace_hardirqs_on+0x10/0x10
[   28.297549]  [<ffffffff8120c8d0>] lock_acquire+0x130/0x3e0
[   28.303152]  [<ffffffff8158080d>] ? seq_read+0xdd/0x12d0
[   28.308579]  [<ffffffff8158080d>] ? seq_read+0xdd/0x12d0
[   28.314012]  [<ffffffff8280b250>] mutex_lock_nested+0xc0/0x900
[   28.319966]  [<ffffffff8158080d>] ? seq_read+0xdd/0x12d0
[   28.325393]  [<ffffffff8280b190>] ? mutex_trylock+0x3e0/0x3e0
[   28.331251]  [<ffffffff81206da7>] ? mark_held_locks+0xc7/0x130
[   28.337200]  [<ffffffff81426353>] ? get_page_from_freelist+0xda3/0x1d80
[   28.343928]  [<ffffffff814f2095>] ? kasan_unpoison_shadow+0x35/0x50
[   28.350379]  [<ffffffff8158080d>] seq_read+0xdd/0x12d0
[   28.355707]  [<ffffffff815e1174>] ? fsnotify+0x114/0x1100
[   28.361225]  [<ffffffff81580730>] ? seq_lseek+0x3c0/0x3c0
[   28.366869]  [<ffffffff815e1060>] ? __fsnotify_inode_delete+0x30/0x30
[   28.373432]  [<ffffffff8165c00d>] proc_reg_read+0xfd/0x180
[   28.379035]  [<ffffffff81580730>] ? seq_lseek+0x3c0/0x3c0
[   28.384550]  [<ffffffff81509df5>] do_loop_readv_writev.part.1+0xd5/0x280
[   28.391363]  [<ffffffff8150b49e>] do_readv_writev+0x56e/0x7b0
[   28.397224]  [<ffffffff8150af30>] ? vfs_write+0x520/0x520
[   28.402737]  [<ffffffff814f2095>] ? kasan_unpoison_shadow+0x35/0x50
[   28.409119]  [<ffffffff81b80ae2>] ? push_pipe+0x3e2/0x770
[   28.414730]  [<ffffffff81b8824e>] ? iov_iter_get_pages_alloc+0x2be/0xee0
[   28.421548]  [<ffffffff8150b764>] vfs_readv+0x84/0xc0
[   28.426743]  [<ffffffff815ac2a1>] default_file_splice_read+0x451/0x7f0
[   28.433403]  [<ffffffff815abe50>] ? do_splice_direct+0x270/0x270
[   28.439523]  [<ffffffff812073b0>] ? trace_hardirqs_on+0x10/0x10
[   28.445558]  [<ffffffff814f298c>] ? kasan_slab_free+0xac/0x190
[   28.451520]  [<ffffffff814ef2be>] ? kmem_cache_free+0xbe/0x310
[   28.457471]  [<ffffffff812073b0>] ? trace_hardirqs_on+0x10/0x10
[   28.463611]  [<ffffffff815e1060>] ? __fsnotify_inode_delete+0x30/0x30
[   28.470170]  [<ffffffff815e2460>] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300
[   28.478640]  [<ffffffff819ee119>] ? avc_policy_seqno+0x9/0x20
[   28.484513]  [<ffffffff81a03422>] ? selinux_file_permission+0x82/0x470
[   28.491166]  [<ffffffff819e545f>] ? security_file_permission+0x8f/0x1e0
[   28.497904]  [<ffffffff8150a4c5>] ? rw_verify_area+0xe5/0x2a0
[   28.503763]  [<ffffffff815abe50>] ? do_splice_direct+0x270/0x270
[   28.509888]  [<ffffffff815ab39c>] do_splice_to+0x10c/0x170
[   28.515490]  [<ffffffff815b08f2>] SyS_splice+0x10d2/0x14d0
[   28.521089]  [<ffffffff815af820>] ? compat_SyS_vmsplice+0x160/0x160
[   28.527469]  [<ffffffff81005598>] ? do_syscall_64+0x48/0x550
[   28.533357]  [<ffffffff815af820>] ? compat_SyS_vmsplice+0x160/0x160
[   28.539847]  [<ffffffff810056ef>] do_syscall_64+0x19f/0x550
[   28.545560]  [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb