[....] Starting enhanced syslogd: rsyslogd[   12.985732] audit: type=1400 audit(1514186296.647:4): avc:  denied  { syslog } for  pid=3172 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-android-49-kasan-gce-7,10.128.0.8' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   24.813299] 
[   24.814925] ======================================================
[   24.821207] [ INFO: possible circular locking dependency detected ]
[   24.827573] 4.9.71-g2506378 #113 Not tainted
[   24.831939] -------------------------------------------------------
[   24.838306] syzkaller943582/3336 is trying to acquire lock:
[   24.843985]  (&p->lock){+.+.+.}, at: [<ffffffff815e651d>] seq_read+0xdd/0x1290

[   24.851665] but task is already holding lock:
[   24.856301]  (&pipe->mutex/1){+.+.+.}, at: [<ffffffff815866a6>] pipe_lock+0x56/0x70

[   24.864502] which lock already depends on the new lock.
[   24.864502] 
[   24.871477] 
[   24.871477] the existing dependency chain (in reverse order) is:
[   24.879055] 
-> #2 (&pipe->mutex/1){+.+.+.}:
[   24.884072]        lock_acquire+0x12e/0x410
[   24.888356]        mutex_lock_nested+0xbb/0x870
[   24.892986]        fifo_open+0x15c/0xa30
[   24.897008]        do_dentry_open+0x607/0xc60
[   24.901466]        vfs_open+0x105/0x220
[   24.905402]        path_openat+0x5ac/0x2910
[   24.909684]        do_filp_open+0x197/0x290
[   24.913969]        do_open_execat+0xfa/0x4d0
[   24.918339]        do_execveat_common.isra.37+0x6d6/0x1f10
[   24.923924]        SyS_execve+0x42/0x50
[   24.927860]        do_syscall_64+0x197/0x490
[   24.932228]        return_from_SYSCALL_64+0x0/0x7a
[   24.937117] 
-> #1 (&sig->cred_guard_mutex){+.+.+.}:
[   24.942718]        lock_acquire+0x12e/0x410
[   24.947001]        mutex_lock_killable_nested+0xcc/0x960
[   24.952415]        lock_trace+0x44/0xc0
[   24.956360]        proc_pid_syscall+0xa6/0x260
[   24.960902]        proc_single_show+0xf8/0x170
[   24.965449]        seq_read+0x32f/0x1290
[   24.969473]        do_loop_readv_writev.part.17+0x141/0x1e0
[   24.975144]        do_readv_writev+0x520/0x750
[   24.979685]        vfs_readv+0x84/0xc0
[   24.983535]        do_readv+0xe6/0x250
[   24.987385]        SyS_readv+0x27/0x30
[   24.991237]        entry_SYSCALL_64_fastpath+0x23/0xc6
[   24.996474] 
-> #0 (&p->lock){+.+.+.}:
[   25.000856]        __lock_acquire+0x2bf9/0x3640
[   25.005495]        lock_acquire+0x12e/0x410
[   25.009778]        mutex_lock_nested+0xbb/0x870
[   25.014406]        seq_read+0xdd/0x1290
[   25.018340]        proc_reg_read+0xef/0x170
[   25.022624]        do_loop_readv_writev.part.17+0x141/0x1e0
[   25.028295]        do_readv_writev+0x520/0x750
[   25.032838]        vfs_readv+0x84/0xc0
[   25.036686]        default_file_splice_read+0x43f/0x7a0
[   25.042010]        do_splice_to+0x10a/0x160
[   25.046293]        SyS_splice+0xf5f/0x1520
[   25.050488]        entry_SYSCALL_64_fastpath+0x23/0xc6
[   25.055722] 
[   25.055722] other info that might help us debug this:
[   25.055722] 
[   25.063826] Chain exists of:
  &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1

[   25.072786]  Possible unsafe locking scenario:
[   25.072786] 
[   25.078801]        CPU0                    CPU1
[   25.083431]        ----                    ----
[   25.088060]   lock(&pipe->mutex/1);
[   25.091988]                                lock(&sig->cred_guard_mutex);
[   25.099011]                                lock(&pipe->mutex/1);
[   25.105446]   lock(&p->lock);
[   25.108730] 
[   25.108730]  *** DEADLOCK ***
[   25.108730] 
[   25.114750] 1 lock held by syzkaller943582/3336:
[   25.119463]  #0:  (&pipe->mutex/1){+.+.+.}, at: [<ffffffff815866a6>] pipe_lock+0x56/0x70
[   25.128208] 
[   25.128208] stack backtrace:
[   25.132666] CPU: 0 PID: 3336 Comm: syzkaller943582 Not tainted 4.9.71-g2506378 #113
[   25.140419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.149737]  ffff8801c80972b8 ffffffff81d922b9 ffffffff85363ea0 ffffffff853983a0
[   25.157679]  ffffffff8539e3d0 ffff8801ca9cb8d8 ffff8801ca9cb000 ffff8801c8097300
[   25.165615]  ffffffff812367e1 ffff8801ca9cb8d8 00000000ca9cb8b0 ffff8801ca9cb8d8
[   25.173556] Call Trace:
[   25.176106]  [<ffffffff81d922b9>] dump_stack+0xc1/0x128
[   25.181437]  [<ffffffff812367e1>] print_circular_bug+0x271/0x310
[   25.187545]  [<ffffffff8123cc19>] __lock_acquire+0x2bf9/0x3640
[   25.193490]  [<ffffffff8123a020>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   25.200467]  [<ffffffff81232cf1>] ? __lock_is_held+0xa1/0xf0
[   25.206227]  [<ffffffff8123e09e>] lock_acquire+0x12e/0x410
[   25.211812]  [<ffffffff815e651d>] ? seq_read+0xdd/0x1290
[   25.217225]  [<ffffffff815e651d>] ? seq_read+0xdd/0x1290
[   25.222637]  [<ffffffff838a52eb>] mutex_lock_nested+0xbb/0x870
[   25.228574]  [<ffffffff815e651d>] ? seq_read+0xdd/0x1290
[   25.233987]  [<ffffffff838a5230>] ? mutex_lock_killable_nested+0x960/0x960
[   25.240960]  [<ffffffff8123940f>] ? mark_held_locks+0xaf/0x100
[   25.246897]  [<ffffffff81e44625>] ? depot_save_stack+0x1c5/0x4a0
[   25.253005]  [<ffffffff838ae7fa>] ? _raw_spin_unlock_irqrestore+0x5a/0x70
[   25.259893]  [<ffffffff815e6440>] ? seq_escape+0x200/0x200
[   25.265479]  [<ffffffff815e651d>] seq_read+0xdd/0x1290
[   25.270718]  [<ffffffff838ae7e5>] ? _raw_spin_unlock_irqrestore+0x45/0x70
[   25.277605]  [<ffffffff81e44811>] ? depot_save_stack+0x3b1/0x4a0
[   25.283712]  [<ffffffff81232cf1>] ? __lock_is_held+0xa1/0xf0
[   25.289478]  [<ffffffff815e6440>] ? seq_escape+0x200/0x200
[   25.295067]  [<ffffffff81641dbc>] ? __fsnotify_parent+0xbc/0x340
[   25.301173]  [<ffffffff81640e56>] ? fsnotify+0x86/0xf30
[   25.306506]  [<ffffffff81641d00>] ? fsnotify+0xf30/0xf30
[   25.311917]  [<ffffffff815e6440>] ? seq_escape+0x200/0x200
[   25.317503]  [<ffffffff816bfbbf>] proc_reg_read+0xef/0x170
[   25.323093]  [<ffffffff8156a4e1>] do_loop_readv_writev.part.17+0x141/0x1e0
[   25.330069]  [<ffffffff81bd08b9>] ? security_file_permission+0x89/0x1e0
[   25.336783]  [<ffffffff816bfad0>] ? proc_reg_write+0x170/0x170
[   25.342717]  [<ffffffff816bfad0>] ? proc_reg_write+0x170/0x170
[   25.348648]  [<ffffffff8156e350>] do_readv_writev+0x520/0x750
[   25.354494]  [<ffffffff8156de30>] ? vfs_write+0x530/0x530
[   25.359991]  [<ffffffff8153ac55>] ? kasan_unpoison_shadow+0x35/0x50
[   25.366358]  [<ffffffff81dd1612>] ? push_pipe+0x372/0x770
[   25.371857]  [<ffffffff81dcfe3f>] ? sanity+0x1ff/0x610
[   25.377094]  [<ffffffff81dd2b17>] ? iov_iter_get_pages_alloc+0x2c7/0xf10
[   25.383907]  [<ffffffff8156e604>] vfs_readv+0x84/0xc0
[   25.389058]  [<ffffffff8160d6bf>] default_file_splice_read+0x43f/0x7a0
[   25.395684]  [<ffffffff8160d280>] ? do_splice_direct+0x270/0x270
[   25.401794]  [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.408336]  [<ffffffff81641dbc>] ? __fsnotify_parent+0xbc/0x340
[   25.414444]  [<ffffffff81640e56>] ? fsnotify+0x86/0xf30
[   25.419768]  [<ffffffff81641d00>] ? fsnotify+0xf30/0xf30
[   25.425184]  [<ffffffff81bd97f9>] ? avc_policy_seqno+0x9/0x20
[   25.431030]  [<ffffffff81bea142>] ? selinux_file_permission+0x82/0x460
[   25.437657]  [<ffffffff81bd08b9>] ? security_file_permission+0x89/0x1e0
[   25.444373]  [<ffffffff8160d280>] ? do_splice_direct+0x270/0x270
[   25.450491]  [<ffffffff8160c7ba>] do_splice_to+0x10a/0x160
[   25.456094]  [<ffffffff8161252f>] SyS_splice+0xf5f/0x1520
executing program
[   25.461598]  [<ffffffff812e37fe>] ? SyS_futex+0x22e/0x2d0
[   25.467099]  [<ffffffff816115d0>] ? compat_SyS_vmsplice+0x240/0x240
[   25.473468]  [<ffffffff812397eb>] ? trace_hardirqs_on_caller+0x38b/0x590
[   25.480270]  [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.486815]  [<ffffffff838aef85>] entry_SYSCALL_64_fastpath+0x23/0xc6
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program