[....] Starting enhanced syslogd: rsyslogd[ 12.985732] audit: type=1400 audit(1514186296.647:4): avc: denied { syslog } for pid=3172 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-7,10.128.0.8' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 24.813299] [ 24.814925] ====================================================== [ 24.821207] [ INFO: possible circular locking dependency detected ] [ 24.827573] 4.9.71-g2506378 #113 Not tainted [ 24.831939] ------------------------------------------------------- [ 24.838306] syzkaller943582/3336 is trying to acquire lock: [ 24.843985] (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x1290 [ 24.851665] but task is already holding lock: [ 24.856301] (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x56/0x70 [ 24.864502] which lock already depends on the new lock. [ 24.864502] [ 24.871477] [ 24.871477] the existing dependency chain (in reverse order) is: [ 24.879055] -> #2 (&pipe->mutex/1){+.+.+.}: [ 24.884072] lock_acquire+0x12e/0x410 [ 24.888356] mutex_lock_nested+0xbb/0x870 [ 24.892986] fifo_open+0x15c/0xa30 [ 24.897008] do_dentry_open+0x607/0xc60 [ 24.901466] vfs_open+0x105/0x220 [ 24.905402] path_openat+0x5ac/0x2910 [ 24.909684] do_filp_open+0x197/0x290 [ 24.913969] do_open_execat+0xfa/0x4d0 [ 24.918339] do_execveat_common.isra.37+0x6d6/0x1f10 [ 24.923924] SyS_execve+0x42/0x50 [ 24.927860] do_syscall_64+0x197/0x490 [ 24.932228] return_from_SYSCALL_64+0x0/0x7a [ 24.937117] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 24.942718] lock_acquire+0x12e/0x410 [ 24.947001] mutex_lock_killable_nested+0xcc/0x960 [ 24.952415] lock_trace+0x44/0xc0 [ 24.956360] proc_pid_syscall+0xa6/0x260 [ 24.960902] proc_single_show+0xf8/0x170 [ 24.965449] seq_read+0x32f/0x1290 [ 24.969473] do_loop_readv_writev.part.17+0x141/0x1e0 [ 24.975144] do_readv_writev+0x520/0x750 [ 24.979685] vfs_readv+0x84/0xc0 [ 24.983535] do_readv+0xe6/0x250 [ 24.987385] SyS_readv+0x27/0x30 [ 24.991237] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 24.996474] -> #0 (&p->lock){+.+.+.}: [ 25.000856] __lock_acquire+0x2bf9/0x3640 [ 25.005495] lock_acquire+0x12e/0x410 [ 25.009778] mutex_lock_nested+0xbb/0x870 [ 25.014406] seq_read+0xdd/0x1290 [ 25.018340] proc_reg_read+0xef/0x170 [ 25.022624] do_loop_readv_writev.part.17+0x141/0x1e0 [ 25.028295] do_readv_writev+0x520/0x750 [ 25.032838] vfs_readv+0x84/0xc0 [ 25.036686] default_file_splice_read+0x43f/0x7a0 [ 25.042010] do_splice_to+0x10a/0x160 [ 25.046293] SyS_splice+0xf5f/0x1520 [ 25.050488] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 25.055722] [ 25.055722] other info that might help us debug this: [ 25.055722] [ 25.063826] Chain exists of: &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1 [ 25.072786] Possible unsafe locking scenario: [ 25.072786] [ 25.078801] CPU0 CPU1 [ 25.083431] ---- ---- [ 25.088060] lock(&pipe->mutex/1); [ 25.091988] lock(&sig->cred_guard_mutex); [ 25.099011] lock(&pipe->mutex/1); [ 25.105446] lock(&p->lock); [ 25.108730] [ 25.108730] *** DEADLOCK *** [ 25.108730] [ 25.114750] 1 lock held by syzkaller943582/3336: [ 25.119463] #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x56/0x70 [ 25.128208] [ 25.128208] stack backtrace: [ 25.132666] CPU: 0 PID: 3336 Comm: syzkaller943582 Not tainted 4.9.71-g2506378 #113 [ 25.140419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.149737] ffff8801c80972b8 ffffffff81d922b9 ffffffff85363ea0 ffffffff853983a0 [ 25.157679] ffffffff8539e3d0 ffff8801ca9cb8d8 ffff8801ca9cb000 ffff8801c8097300 [ 25.165615] ffffffff812367e1 ffff8801ca9cb8d8 00000000ca9cb8b0 ffff8801ca9cb8d8 [ 25.173556] Call Trace: [ 25.176106] [] dump_stack+0xc1/0x128 [ 25.181437] [] print_circular_bug+0x271/0x310 [ 25.187545] [] __lock_acquire+0x2bf9/0x3640 [ 25.193490] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 25.200467] [] ? __lock_is_held+0xa1/0xf0 [ 25.206227] [] lock_acquire+0x12e/0x410 [ 25.211812] [] ? seq_read+0xdd/0x1290 [ 25.217225] [] ? seq_read+0xdd/0x1290 [ 25.222637] [] mutex_lock_nested+0xbb/0x870 [ 25.228574] [] ? seq_read+0xdd/0x1290 [ 25.233987] [] ? mutex_lock_killable_nested+0x960/0x960 [ 25.240960] [] ? mark_held_locks+0xaf/0x100 [ 25.246897] [] ? depot_save_stack+0x1c5/0x4a0 [ 25.253005] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 25.259893] [] ? seq_escape+0x200/0x200 [ 25.265479] [] seq_read+0xdd/0x1290 [ 25.270718] [] ? _raw_spin_unlock_irqrestore+0x45/0x70 [ 25.277605] [] ? depot_save_stack+0x3b1/0x4a0 [ 25.283712] [] ? __lock_is_held+0xa1/0xf0 [ 25.289478] [] ? seq_escape+0x200/0x200 [ 25.295067] [] ? __fsnotify_parent+0xbc/0x340 [ 25.301173] [] ? fsnotify+0x86/0xf30 [ 25.306506] [] ? fsnotify+0xf30/0xf30 [ 25.311917] [] ? seq_escape+0x200/0x200 [ 25.317503] [] proc_reg_read+0xef/0x170 [ 25.323093] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 25.330069] [] ? security_file_permission+0x89/0x1e0 [ 25.336783] [] ? proc_reg_write+0x170/0x170 [ 25.342717] [] ? proc_reg_write+0x170/0x170 [ 25.348648] [] do_readv_writev+0x520/0x750 [ 25.354494] [] ? vfs_write+0x530/0x530 [ 25.359991] [] ? kasan_unpoison_shadow+0x35/0x50 [ 25.366358] [] ? push_pipe+0x372/0x770 [ 25.371857] [] ? sanity+0x1ff/0x610 [ 25.377094] [] ? iov_iter_get_pages_alloc+0x2c7/0xf10 [ 25.383907] [] vfs_readv+0x84/0xc0 [ 25.389058] [] default_file_splice_read+0x43f/0x7a0 [ 25.395684] [] ? do_splice_direct+0x270/0x270 [ 25.401794] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.408336] [] ? __fsnotify_parent+0xbc/0x340 [ 25.414444] [] ? fsnotify+0x86/0xf30 [ 25.419768] [] ? fsnotify+0xf30/0xf30 [ 25.425184] [] ? avc_policy_seqno+0x9/0x20 [ 25.431030] [] ? selinux_file_permission+0x82/0x460 [ 25.437657] [] ? security_file_permission+0x89/0x1e0 [ 25.444373] [] ? do_splice_direct+0x270/0x270 [ 25.450491] [] do_splice_to+0x10a/0x160 [ 25.456094] [] SyS_splice+0xf5f/0x1520 executing program [ 25.461598] [] ? SyS_futex+0x22e/0x2d0 [ 25.467099] [] ? compat_SyS_vmsplice+0x240/0x240 [ 25.473468] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 25.480270] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.486815] [] entry_SYSCALL_64_fastpath+0x23/0xc6 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program