======================================================
[ INFO: possible circular locking dependency detected ]
4.9.141+ #1 Not tainted
-------------------------------------------------------
syz-executor.2/7504 is trying to acquire lock:
 (&sig->cred_guard_mutex){+.+.+.}, at: [<ffffffff8166030b>] do_io_accounting+0x1fb/0x7e0 fs/proc/base.c:2690
but task is already holding lock:
ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
 (&p->lock){+.+.+.}, at: [<ffffffff8158080d>] seq_read+0xdd/0x12d0 fs/seq_file.c:178
which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

       lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
       __mutex_lock_common kernel/locking/mutex.c:521 [inline]
       mutex_lock_nested+0xc0/0x900 kernel/locking/mutex.c:621
       seq_read+0xdd/0x12d0 fs/seq_file.c:178
       proc_reg_read+0xfd/0x180 fs/proc/inode.c:203
       do_loop_readv_writev.part.1+0xd5/0x280 fs/read_write.c:718
       do_loop_readv_writev fs/read_write.c:707 [inline]
       do_readv_writev+0x56e/0x7b0 fs/read_write.c:873
       vfs_readv+0x84/0xc0 fs/read_write.c:897
       kernel_readv fs/splice.c:363 [inline]
       default_file_splice_read+0x451/0x7f0 fs/splice.c:435
       do_splice_to+0x10c/0x170 fs/splice.c:899
       do_splice fs/splice.c:1192 [inline]
       SYSC_splice fs/splice.c:1416 [inline]
       SyS_splice+0x10d2/0x14d0 fs/splice.c:1399
       do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
       entry_SYSCALL_64_after_swapgs+0x5d/0xdb

       lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
       __mutex_lock_common kernel/locking/mutex.c:521 [inline]
       mutex_lock_nested+0xc0/0x900 kernel/locking/mutex.c:621
       __pipe_lock fs/pipe.c:87 [inline]
       fifo_open+0x15c/0x9e0 fs/pipe.c:921
       do_dentry_open+0x3ef/0xc90 fs/open.c:766
       vfs_open+0x11c/0x210 fs/open.c:879
       do_last fs/namei.c:3410 [inline]
       path_openat+0x542/0x2790 fs/namei.c:3534
       do_filp_open+0x197/0x270 fs/namei.c:3568
       do_open_execat+0x10f/0x640 fs/exec.c:844
       do_execveat_common.isra.14+0x687/0x1ed0 fs/exec.c:1723
       do_execve fs/exec.c:1829 [inline]
       SYSC_execve fs/exec.c:1910 [inline]
       SyS_execve+0x42/0x50 fs/exec.c:1905
       do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
       entry_SYSCALL_64_after_swapgs+0x5d/0xdb

       check_prev_add kernel/locking/lockdep.c:1828 [inline]
       check_prevs_add kernel/locking/lockdep.c:1938 [inline]
       validate_chain kernel/locking/lockdep.c:2265 [inline]
       __lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345
       lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
       __mutex_lock_common kernel/locking/mutex.c:521 [inline]
       mutex_lock_killable_nested+0xcc/0x9f0 kernel/locking/mutex.c:641
       do_io_accounting+0x1fb/0x7e0 fs/proc/base.c:2690
       proc_tgid_io_accounting+0x22/0x30 fs/proc/base.c:2739
       proc_single_show+0xfd/0x170 fs/proc/base.c:785
       seq_read+0x4b6/0x12d0 fs/seq_file.c:240
       do_loop_readv_writev.part.1+0xd5/0x280 fs/read_write.c:718
       do_loop_readv_writev fs/read_write.c:707 [inline]
       do_readv_writev+0x56e/0x7b0 fs/read_write.c:873
       vfs_readv+0x84/0xc0 fs/read_write.c:897
       do_preadv+0x197/0x240 fs/read_write.c:974
       SYSC_preadv fs/read_write.c:1024 [inline]
       SyS_preadv+0x30/0x40 fs/read_write.c:1019
       do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
       entry_SYSCALL_64_after_swapgs+0x5d/0xdb

other info that might help us debug this:

Chain exists of:
 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&p->lock);
                               lock(&pipe->mutex/1);
                               lock(&p->lock);
  lock(&sig->cred_guard_mutex);

 *** DEADLOCK ***

1 lock held by syz-executor.2/7504:
 #0:  (&p->lock){+.+.+.}, at: [<ffffffff8158080d>] seq_read+0xdd/0x12d0 fs/seq_file.c:178

stack backtrace:
CPU: 1 PID: 7504 Comm: syz-executor.2 Not tainted 4.9.141+ #1
 ffff8801a32b7528 ffffffff81b42e79 ffffffff83ca9f30 ffffffff83ca4920
 ffffffff83ca2fd0 ffff8801a3bb67d0 ffff8801a3bb5f00 ffff8801a32b7570
 ffffffff813fee40 0000000000000001 00000000a3bb67b0 0000000000000001
Call Trace:
 [<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff813fee40>] print_circular_bug.cold.36+0x2f7/0x432 kernel/locking/lockdep.c:1202
 [<ffffffff8120a539>] check_prev_add kernel/locking/lockdep.c:1828 [inline]
 [<ffffffff8120a539>] check_prevs_add kernel/locking/lockdep.c:1938 [inline]
 [<ffffffff8120a539>] validate_chain kernel/locking/lockdep.c:2265 [inline]
 [<ffffffff8120a539>] __lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345
 [<ffffffff8120c8d0>] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
 [<ffffffff8280c45c>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
 [<ffffffff8280c45c>] mutex_lock_killable_nested+0xcc/0x9f0 kernel/locking/mutex.c:641
 [<ffffffff8166030b>] do_io_accounting+0x1fb/0x7e0 fs/proc/base.c:2690
 [<ffffffff81660912>] proc_tgid_io_accounting+0x22/0x30 fs/proc/base.c:2739
 [<ffffffff8165e66d>] proc_single_show+0xfd/0x170 fs/proc/base.c:785
 [<ffffffff81580be6>] seq_read+0x4b6/0x12d0 fs/seq_file.c:240
 [<ffffffff81509df5>] do_loop_readv_writev.part.1+0xd5/0x280 fs/read_write.c:718
 [<ffffffff8150b49e>] do_loop_readv_writev fs/read_write.c:707 [inline]
 [<ffffffff8150b49e>] do_readv_writev+0x56e/0x7b0 fs/read_write.c:873
 [<ffffffff8150b764>] vfs_readv+0x84/0xc0 fs/read_write.c:897
 [<ffffffff8150bb97>] do_preadv+0x197/0x240 fs/read_write.c:974
 [<ffffffff8150f150>] SYSC_preadv fs/read_write.c:1024 [inline]
 [<ffffffff8150f150>] SyS_preadv+0x30/0x40 fs/read_write.c:1019
 [<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
 [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
selinux_nlmsg_perm: 4090 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9497 sclass=netlink_route_socket pig=7527 comm=syz-executor.3
ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
audit: type=1400 audit(1573590383.708:97): avc:  denied  { create } for  pid=7549 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_scsitransport_socket permissive=1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7555 comm=syz-executor.3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7574 comm=syz-executor.3
audit: type=1400 audit(1573590383.838:98): avc:  denied  { getopt } for  pid=7547 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
netlink: 188 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 188 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 188 bytes leftover after parsing attributes in process `syz-executor.1'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39157 sclass=netlink_route_socket pig=7751 comm=syz-executor.0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39157 sclass=netlink_route_socket pig=7763 comm=syz-executor.0
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
audit: type=1400 audit(1573590384.838:99): avc:  denied  { validate_trans } for  pid=7780 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=security permissive=1
input: syz1 as /devices/virtual/input/input27
uinput: write device info first
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7810 comm=syz-executor.0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7820 comm=syz-executor.0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7833 comm=syz-executor.5
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7833 comm=syz-executor.5
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7830 comm=syz-executor.1
SELinux:  policydb magic number 0x5d877f23 does not match expected magic number 0xf97cff8c
tc_dump_action: action bad kind
tc_dump_action: action bad kind
binder: 8022:8025 got transaction to invalid handle
binder: 8022:8025 transaction failed 29201/-22, size 0-0 line 3013
binder: undelivered TRANSACTION_ERROR: 29201
device lo entered promiscuous mode
netlink: 104 bytes leftover after parsing attributes in process `syz-executor.5'.
device lo left promiscuous mode
device lo entered promiscuous mode
netlink: 72 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'.
audit: type=1400 audit(1573590390.938:100): avc:  denied  { setopt } for  pid=8192 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
audit: type=1400 audit(1573590390.968:101): avc:  denied  { net_broadcast } for  pid=8192 comm="syz-executor.1" capability=11  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.