[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 9.321550] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.437811] random: crng init done Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts. executing program [ 31.591608] [ 31.593418] ====================================================== [ 31.599881] [ INFO: possible circular locking dependency detected ] [ 31.606521] 4.9.128+ #45 Not tainted [ 31.610345] ------------------------------------------------------- [ 31.616926] syz-executor957/2060 is trying to acquire lock: [ 31.622621] (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x12d0 [ 31.630379] but task is already holding lock: [ 31.635171] (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 [ 31.643524] which lock already depends on the new lock. [ 31.643524] [ 31.650679] [ 31.650679] the existing dependency chain (in reverse order) is: [ 31.658598] -> #2 (&pipe->mutex/1){+.+.+.}: [ 31.663786] lock_acquire+0x130/0x3e0 [ 31.668252] mutex_lock_nested+0xc0/0x870 [ 31.673074] fifo_open+0x15c/0x9e0 [ 31.677132] do_dentry_open+0x3ef/0xc90 [ 31.681615] vfs_open+0x11c/0x210 [ 31.685586] path_openat+0x542/0x2790 [ 31.689899] do_filp_open+0x197/0x270 [ 31.694678] do_open_execat+0x10f/0x640 [ 31.699185] do_execveat_common.isra.15+0x687/0x1f80 [ 31.704815] compat_SyS_execve+0x48/0x60 [ 31.709522] do_fast_syscall_32+0x2f1/0x860 [ 31.714355] entry_SYSENTER_compat+0x90/0xa2 [ 31.719268] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 31.725251] lock_acquire+0x130/0x3e0 [ 31.729568] mutex_lock_killable_nested+0xcc/0x960 [ 31.735007] lock_trace+0x44/0xc0 [ 31.738965] proc_pid_stack+0xdc/0x220 [ 31.743359] proc_single_show+0xfd/0x170 [ 31.748013] traverse+0x363/0x920 [ 31.751970] seq_read+0xd1b/0x12d0 [ 31.756032] do_loop_readv_writev.part.1+0xd5/0x280 [ 31.761820] do_readv_writev+0x56e/0x7b0 [ 31.766393] vfs_readv+0x84/0xc0 [ 31.770270] default_file_splice_read+0x44b/0x7e0 [ 31.775617] do_splice_to+0x10c/0x170 [ 31.780063] splice_direct_to_actor+0x23f/0x7e0 [ 31.785371] do_splice_direct+0x1a3/0x270 [ 31.790028] do_sendfile+0x4f0/0xc30 [ 31.794400] compat_SyS_sendfile+0xd1/0x160 [ 31.799252] do_fast_syscall_32+0x2f1/0x860 [ 31.804081] entry_SYSENTER_compat+0x90/0xa2 [ 31.808991] -> #0 (&p->lock){+.+.+.}: [ 31.813672] __lock_acquire+0x3189/0x4a10 [ 31.818327] lock_acquire+0x130/0x3e0 [ 31.822636] mutex_lock_nested+0xc0/0x870 [ 31.827523] seq_read+0xdd/0x12d0 [ 31.831620] proc_reg_read+0xfd/0x180 [ 31.835933] do_loop_readv_writev.part.1+0xd5/0x280 [ 31.841454] do_readv_writev+0x56e/0x7b0 [ 31.846021] vfs_readv+0x84/0xc0 [ 31.850121] default_file_splice_read+0x44b/0x7e0 [ 31.855469] do_splice_to+0x10c/0x170 [ 31.859781] SyS_splice+0x10d2/0x14d0 [ 31.864091] do_fast_syscall_32+0x2f1/0x860 [ 31.868922] entry_SYSENTER_compat+0x90/0xa2 [ 31.873832] [ 31.873832] other info that might help us debug this: [ 31.873832] [ 31.881955] Chain exists of: &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1 [ 31.891471] Possible unsafe locking scenario: [ 31.891471] [ 31.897511] CPU0 CPU1 [ 31.902163] ---- ---- [ 31.906816] lock(&pipe->mutex/1); [ 31.910937] lock(&sig->cred_guard_mutex); [ 31.918283] lock(&pipe->mutex/1); [ 31.924900] lock(&p->lock); [ 31.928263] [ 31.928263] *** DEADLOCK *** [ 31.928263] [ 31.934305] 1 lock held by syz-executor957/2060: [ 31.939041] #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 [ 31.948017] [ 31.948017] stack backtrace: [ 31.952505] CPU: 0 PID: 2060 Comm: syz-executor957 Not tainted 4.9.128+ #45 [ 31.959676] ffff8801ce017268 ffffffff81af2469 ffffffff83aa1330 ffffffff83aa7d80 [ 31.967717] ffffffff83aa2ad0 ffff8801d2445010 ffff8801d2444740 ffff8801ce0172b0 [ 31.975950] ffffffff813e79ed 0000000000000001 00000000d2444ff0 0000000000000001 [ 31.984124] Call Trace: [ 31.986701] [] dump_stack+0xc1/0x128 [ 31.992055] [] print_circular_bug.cold.36+0x2f7/0x432 [ 31.998879] [] __lock_acquire+0x3189/0x4a10 [ 32.004838] [] ? unwind_next_frame+0x7d/0xd0 [ 32.010974] [] ? trace_hardirqs_on+0x10/0x10 [ 32.017027] [] lock_acquire+0x130/0x3e0 [ 32.022636] [] ? seq_read+0xdd/0x12d0 [ 32.028068] [] ? seq_read+0xdd/0x12d0 [ 32.033610] [] mutex_lock_nested+0xc0/0x870 [ 32.039576] [] ? seq_read+0xdd/0x12d0 [ 32.045101] [] ? mutex_trylock+0x3e0/0x3e0 [ 32.050972] [] ? mark_held_locks+0xc7/0x130 [ 32.056931] [] ? get_page_from_freelist+0xae0/0x18e0 [ 32.063670] [] seq_read+0xdd/0x12d0 [ 32.068931] [] ? fsnotify+0x114/0x1100 [ 32.074734] [] ? seq_lseek+0x3c0/0x3c0 [ 32.080378] [] ? __fsnotify_inode_delete+0x30/0x30 [ 32.086953] [] proc_reg_read+0xfd/0x180 [ 32.092561] [] ? seq_lseek+0x3c0/0x3c0 [ 32.098083] [] do_loop_readv_writev.part.1+0xd5/0x280 [ 32.104906] [] do_readv_writev+0x56e/0x7b0 [ 32.110788] [] ? vfs_write+0x520/0x520 [ 32.116337] [] ? kasan_unpoison_shadow+0x35/0x50 [ 32.122729] [] ? push_pipe+0x3e2/0x770 [ 32.128273] [] ? iov_iter_get_pages_alloc+0x2be/0xee0 [ 32.135097] [] vfs_readv+0x84/0xc0 [ 32.140372] [] default_file_splice_read+0x44b/0x7e0 [ 32.147032] [] ? do_splice_direct+0x270/0x270 [ 32.153168] [] ? trace_hardirqs_on+0x10/0x10 [ 32.159299] [] ? trace_hardirqs_on+0x10/0x10 [ 32.165474] [] ? __fsnotify_inode_delete+0x30/0x30 [ 32.172042] [] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 32.180627] [] ? avc_policy_seqno+0x9/0x20 [ 32.186670] [] ? selinux_file_permission+0x82/0x470 [ 32.193325] [] ? security_file_permission+0x8f/0x1e0 [ 32.200062] [] ? rw_verify_area+0xe5/0x2a0 [ 32.205933] [] ? do_splice_direct+0x270/0x270 [ 32.212168] [] do_splice_to+0x10c/0x170 [ 32.217794] [] SyS_splice+0x10d2/0x14d0 [ 32.223409] [] ? compat_SyS_futex+0x1e1/0x2f0 [ 32.229538] [] ? compat_SyS_vmsplice+0x160/0x160 [ 32.236006] [] ? do_fast_syscall_32+0xcf/0x860 [ 32.242230] [