INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.24' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.901386] [ 33.903056] ====================================================== [ 33.909366] WARNING: possible circular locking dependency detected [ 33.915664] 4.19.0-rc4-next-20180921+ #77 Not tainted [ 33.920835] ------------------------------------------------------ [ 33.927149] syz-executor390/5561 is trying to acquire lock: [ 33.932838] 00000000de8070d8 (&p->lock){+.+.}, at: seq_read+0x71/0x1150 [ 33.939632] [ 33.939632] but task is already holding lock: [ 33.945591] 00000000895d6bf0 (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 [ 33.952784] [ 33.952784] which lock already depends on the new lock. [ 33.952784] [ 33.961084] [ 33.961084] the existing dependency chain (in reverse order) is: [ 33.968689] [ 33.968689] -> #2 (&pipe->mutex/1){+.+.}: [ 33.974322] __mutex_lock+0x166/0x1700 [ 33.978714] mutex_lock_nested+0x16/0x20 [ 33.983283] fifo_open+0x15c/0xad0 [ 33.987338] do_dentry_open+0x499/0x1250 [ 33.991921] vfs_open+0xa0/0xd0 [ 33.995708] path_openat+0x12bc/0x5160 [ 34.000099] do_filp_open+0x255/0x380 [ 34.004403] do_open_execat+0x221/0x8e0 [ 34.008909] __do_execve_file.isra.33+0x176f/0x25d0 [ 34.014435] __x64_sys_execve+0x8f/0xc0 [ 34.018919] do_syscall_64+0x1b9/0x820 [ 34.023313] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.029224] [ 34.029224] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 34.035661] __mutex_lock+0x166/0x1700 [ 34.040052] mutex_lock_killable_nested+0x16/0x20 [ 34.045402] lock_trace+0x4c/0xe0 [ 34.049364] proc_pid_stack+0x196/0x3b0 [ 34.053845] proc_single_show+0x101/0x190 [ 34.058497] traverse+0x344/0x7b0 [ 34.062493] seq_read+0xc76/0x1150 [ 34.066534] do_iter_read+0x4a3/0x650 [ 34.070835] vfs_readv+0x175/0x1c0 [ 34.074881] default_file_splice_read+0x53c/0xb20 [ 34.080227] do_splice_to+0x12e/0x190 [ 34.084531] splice_direct_to_actor+0x270/0x8f0 [ 34.089701] do_splice_direct+0x2d4/0x420 [ 34.094351] do_sendfile+0x62a/0xe20 [ 34.098566] __x64_sys_sendfile64+0x15d/0x250 [ 34.103568] do_syscall_64+0x1b9/0x820 [ 34.107958] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.113646] [ 34.113646] -> #0 (&p->lock){+.+.}: [ 34.118750] lock_acquire+0x1ed/0x520 [ 34.123058] __mutex_lock+0x166/0x1700 [ 34.127447] mutex_lock_nested+0x16/0x20 [ 34.132013] seq_read+0x71/0x1150 [ 34.135972] proc_reg_read+0x2a3/0x3d0 [ 34.140466] do_iter_read+0x4a3/0x650 [ 34.144771] vfs_readv+0x175/0x1c0 [ 34.148816] default_file_splice_read+0x53c/0xb20 [ 34.154165] do_splice_to+0x12e/0x190 [ 34.158468] do_splice+0x1014/0x1430 [ 34.162689] __x64_sys_splice+0x2c1/0x330 [ 34.167345] do_syscall_64+0x1b9/0x820 [ 34.171741] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.177428] [ 34.177428] other info that might help us debug this: [ 34.177428] [ 34.185552] Chain exists of: [ 34.185552] &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1 [ 34.185552] [ 34.196385] Possible unsafe locking scenario: [ 34.196385] [ 34.202428] CPU0 CPU1 [ 34.207070] ---- ---- [ 34.211712] lock(&pipe->mutex/1); [ 34.215323] lock(&sig->cred_guard_mutex); [ 34.222147] lock(&pipe->mutex/1); [ 34.228274] lock(&p->lock); [ 34.231361] [ 34.231361] *** DEADLOCK *** [ 34.231361] [ 34.237405] 1 lock held by syz-executor390/5561: [ 34.242149] #0: 00000000895d6bf0 (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 [ 34.249781] [ 34.249781] stack backtrace: [ 34.254273] CPU: 0 PID: 5561 Comm: syz-executor390 Not tainted 4.19.0-rc4-next-20180921+ #77 [ 34.262837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.272189] Call Trace: [ 34.274793] dump_stack+0x1d3/0x2c4 [ 34.278406] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.283593] ? vprintk_func+0x85/0x181 [ 34.287466] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 34.293164] ? save_trace+0xe0/0x290 [ 34.296886] __lock_acquire+0x33e4/0x4ec0 [ 34.301029] ? mark_held_locks+0x130/0x130 [ 34.305251] ? print_usage_bug+0xc0/0xc0 [ 34.309310] ? print_usage_bug+0xc0/0xc0 [ 34.313363] ? print_usage_bug+0xc0/0xc0 [ 34.317410] ? __lock_acquire+0x7ec/0x4ec0 [ 34.321638] ? __lock_acquire+0x7ec/0x4ec0 [ 34.325861] ? __lock_acquire+0x7ec/0x4ec0 [ 34.330082] ? graph_lock+0x170/0x170 [ 34.333869] ? mark_held_locks+0x130/0x130 [ 34.338094] ? check_preemption_disabled+0x48/0x200 [ 34.343105] ? __lock_acquire+0x7ec/0x4ec0 [ 34.347338] lock_acquire+0x1ed/0x520 [ 34.351140] ? seq_read+0x71/0x1150 [ 34.354765] ? lock_release+0x970/0x970 [ 34.358736] ? ttwu_stat+0x5c0/0x5c0 [ 34.362443] ? graph_lock+0x170/0x170 [ 34.366237] ? seq_read+0x71/0x1150 [ 34.369851] __mutex_lock+0x166/0x1700 [ 34.373729] ? seq_read+0x71/0x1150 [ 34.377345] ? seq_read+0x71/0x1150 [ 34.380961] ? graph_lock+0x170/0x170 [ 34.384748] ? mutex_trylock+0x2b0/0x2b0 [ 34.388798] ? find_held_lock+0x36/0x1c0 [ 34.392852] ? aa_file_perm+0x469/0x1060 [ 34.396900] ? lock_downgrade+0x900/0x900 [ 34.401036] ? check_preemption_disabled+0x48/0x200 [ 34.406039] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 34.410965] ? kasan_check_read+0x11/0x20 [ 34.415110] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 34.420383] ? rcu_softirq_qs+0x20/0x20 [ 34.424354] ? aa_file_perm+0x490/0x1060 [ 34.428403] ? check_preemption_disabled+0x48/0x200 [ 34.433412] ? aa_path_link+0x5e0/0x5e0 [ 34.437379] ? __lock_is_held+0xb5/0x140 [ 34.441437] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.446446] ? __alloc_pages_nodemask+0xbf1/0xdd0 [ 34.451281] ? default_file_splice_read+0x1de/0xb20 [ 34.456280] ? do_splice_to+0x12e/0x190 [ 34.460244] ? do_splice+0x1014/0x1430 [ 34.464123] mutex_lock_nested+0x16/0x20 [ 34.468180] ? mutex_lock_nested+0x16/0x20 [ 34.472406] seq_read+0x71/0x1150 [ 34.475850] ? fsnotify_first_mark+0x350/0x350 [ 34.480423] ? __fsnotify_parent+0xcc/0x420 [ 34.484734] ? seq_dentry+0x2e0/0x2e0 [ 34.488520] proc_reg_read+0x2a3/0x3d0 [ 34.492399] ? proc_reg_unlocked_ioctl+0x3c0/0x3c0 [ 34.497328] ? security_file_permission+0x1c2/0x230 [ 34.502340] ? rw_verify_area+0x118/0x360 [ 34.506473] do_iter_read+0x4a3/0x650 [ 34.510260] vfs_readv+0x175/0x1c0 [ 34.513786] ? compat_rw_copy_check_uvector+0x440/0x440 [ 34.519144] ? drop_futex_key_refs.isra.15+0x6d/0xe0 [ 34.524240] ? aa_file_perm+0x469/0x1060 [ 34.528291] ? lock_downgrade+0x900/0x900 [ 34.532428] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 34.537345] ? kasan_check_read+0x11/0x20 [ 34.541488] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 34.546506] ? iov_iter_pipe+0xbf/0x2f0 [ 34.550474] default_file_splice_read+0x53c/0xb20 [ 34.555314] ? iter_file_splice_write+0x1050/0x1050 [ 34.560319] ? aa_path_link+0x5e0/0x5e0 [ 34.564285] ? __fget+0x4aa/0x740 [ 34.567727] ? lock_downgrade+0x900/0x900 [ 34.571880] ? check_preemption_disabled+0x48/0x200 [ 34.576882] ? graph_lock+0x170/0x170 [ 34.580672] ? rcu_softirq_qs+0x20/0x20 [ 34.584640] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.590166] ? fsnotify+0x4e5/0xf50 [ 34.593797] ? fsnotify_first_mark+0x350/0x350 [ 34.598378] ? __fsnotify_parent+0xcc/0x420 [ 34.602688] ? __might_fault+0x12b/0x1e0 [ 34.606731] ? fsnotify+0xf50/0xf50 [ 34.610341] ? lock_release+0x970/0x970 [ 34.614301] ? ttwu_stat+0x5c0/0x5c0 [ 34.618003] ? security_file_permission+0x1c2/0x230 [ 34.623026] ? iter_file_splice_write+0x1050/0x1050 [ 34.628028] do_splice_to+0x12e/0x190 [ 34.631817] do_splice+0x1014/0x1430 [ 34.635516] ? kmem_cache_free+0x24f/0x290 [ 34.639734] ? opipe_prep.part.13+0x3b0/0x3b0 [ 34.644218] __x64_sys_splice+0x2c1/0x330 [ 34.648357] do_syscall_64+0x1b9/0x820 [ 34.652233] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.657581] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.662496] ? trace_hardirqs_off+0x310/0x310 [ 34.666973] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.671975] ? recalc_sigpending_tsk+0x180/0x180 [ 34.676714] ? kasan_check_write+0x14/0x20 [ 34.680940] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.685776] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.690949] RIP: 0033:0x4457a9 [ 34.694128] Code: e8 ec b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 34.713043] RSP: 002b:00007fa74a9a4d08 EFLAGS: 00000216 ORIG_RAX: 0000000000000113 [ 34.720758] RAX: ffffffffffffffda RBX: 00000000006dac68 RCX: 00000000004457a9 [ 34.728019] RDX: 0000000000000005 RSI: 0000000020000240 RDI: 0000000000000006 [ 34.735274] RBP: 00000000006dac60 R08: 00000000000001ff R09: 0000000000000000 [ 34.742527] R10: 0000000000000000 R11: 0000000000000216 R12: 00000000006dac6c [ 34.749775] R13: 00007fa74a9a4d20 R14: 65732f636f72702f R15: