[....] Starting enhanced syslogd: rsyslogd[ 14.333759] audit: type=1400 audit(1546948035.335:4): avc: denied { syslog } for pid=1921 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.53' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.062114] [ 33.063857] ====================================================== [ 33.070143] [ INFO: possible circular locking dependency detected ] [ 33.076520] 4.4.169+ #2 Not tainted [ 33.080115] ------------------------------------------------------- [ 33.086491] syz-executor204/2075 is trying to acquire lock: [ 33.092174] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 [ 33.100734] [ 33.100734] but task is already holding lock: [ 33.106677] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 33.116519] [ 33.116519] which lock already depends on the new lock. [ 33.116519] [ 33.124807] [ 33.124807] the existing dependency chain (in reverse order) is: [ 33.132416] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 33.138073] [] lock_acquire+0x15e/0x450 [ 33.144314] [] mutex_lock_interruptible_nested+0xd2/0xce0 [ 33.152118] [] proc_pid_attr_write+0x1a8/0x2a0 [ 33.158970] [] __vfs_write+0x116/0x3d0 [ 33.165124] [] __kernel_write+0x112/0x370 [ 33.171538] [] write_pipe_buf+0x15d/0x1f0 [ 33.177953] [] __splice_from_pipe+0x37e/0x7a0 [ 33.184712] [] splice_from_pipe+0x108/0x170 [ 33.191321] [] default_file_splice_write+0x3c/0x80 [ 33.198519] [] SyS_splice+0xd71/0x13a0 [ 33.204672] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 33.211870] -> #0 (&pipe->mutex/1){+.+.+.}: [ 33.216945] [] __lock_acquire+0x37d6/0x4f50 [ 33.223530] [] lock_acquire+0x15e/0x450 [ 33.229771] [] mutex_lock_nested+0xc1/0xb80 [ 33.236357] [] fifo_open+0x15d/0xa00 [ 33.242344] [] do_dentry_open+0x38f/0xbd0 [ 33.248756] [] vfs_open+0x10b/0x210 [ 33.254654] [] path_openat+0x136f/0x4470 [ 33.260998] [] do_filp_open+0x1a1/0x270 [ 33.267239] [] do_open_execat+0x10c/0x6e0 [ 33.273652] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 33.281107] [] SyS_execve+0x42/0x50 [ 33.287001] [] return_from_execve+0x0/0x23 [ 33.293505] [ 33.293505] other info that might help us debug this: [ 33.293505] [ 33.301622] Possible unsafe locking scenario: [ 33.301622] [ 33.307650] CPU0 CPU1 [ 33.312288] ---- ---- [ 33.316926] lock(&sig->cred_guard_mutex); [ 33.321461] lock(&pipe->mutex/1); [ 33.327939] lock(&sig->cred_guard_mutex); [ 33.334991] lock(&pipe->mutex/1); [ 33.338944] [ 33.338944] *** DEADLOCK *** [ 33.338944] [ 33.344979] 1 lock held by syz-executor204/2075: [ 33.349704] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 33.360073] [ 33.360073] stack backtrace: [ 33.364542] CPU: 0 PID: 2075 Comm: syz-executor204 Not tainted 4.4.169+ #2 [ 33.371524] 0000000000000000 e5de6132897a38b7 ffff8800b6b2f530 ffffffff81aab9c1 [ 33.379517] ffffffff84055ac0 ffff8801d48597c0 ffffffff83abb2b0 ffffffff83ab4860 [ 33.387514] ffffffff83abb2b0 ffff8800b6b2f580 ffffffff813abaf4 ffff8800b6b2f660 [ 33.395505] Call Trace: [ 33.398070] [] dump_stack+0xc1/0x120 [ 33.403411] [] print_circular_bug.cold+0x2f7/0x44e [ 33.409964] [] __lock_acquire+0x37d6/0x4f50 [ 33.415910] [] ? trace_hardirqs_on+0x10/0x10 [ 33.421941] [] ? do_filp_open+0x1a1/0x270 [ 33.427716] [] ? do_execveat_common.isra.0+0x6f6/0x1e90 [ 33.434702] [] ? SyS_execve+0x42/0x50 [ 33.440126] [] ? stub_execve+0x5/0x5 [ 33.445465] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 33.452192] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 33.458937] [] lock_acquire+0x15e/0x450 [ 33.464536] [] ? fifo_open+0x15d/0xa00 [ 33.470045] [] ? fifo_open+0x15d/0xa00 [ 33.475558] [] mutex_lock_nested+0xc1/0xb80 [ 33.481508] [] ? fifo_open+0x15d/0xa00 [ 33.487021] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 33.493748] [] ? mutex_trylock+0x500/0x500 [ 33.499612] [] ? fifo_open+0x24d/0xa00 [ 33.505121] [] ? fifo_open+0x28c/0xa00 [ 33.510635] [] fifo_open+0x15d/0xa00 [ 33.515975] [] do_dentry_open+0x38f/0xbd0 [ 33.521749] [] ? __inode_permission2+0x9e/0x250 [ 33.528045] [] ? pipe_release+0x250/0x250 [ 33.533815] [] vfs_open+0x10b/0x210 [ 33.539068] [] ? may_open.isra.0+0xe7/0x210 [ 33.545012] [] path_openat+0x136f/0x4470 [ 33.550699] [] ? depot_save_stack+0x1c3/0x5f0 [ 33.556818] [] ? may_open.isra.0+0x210/0x210 [ 33.562851] [] ? kmemdup+0x27/0x60 [ 33.568016] [] ? selinux_cred_prepare+0x43/0xa0 [ 33.574307] [] ? security_prepare_creds+0x83/0xc0 [ 33.580778] [] ? prepare_creds+0x228/0x2b0 [ 33.586634] [] ? prepare_exec_creds+0x12/0xf0 [ 33.592752] [] ? do_execveat_common.isra.0+0x2d6/0x1e90 [ 33.599743] [] ? stub_execve+0x5/0x5 [ 33.605084] [] ? kasan_kmalloc+0xb7/0xd0 [ 33.610772] [] ? kasan_slab_alloc+0xf/0x20 [ 33.616630] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 33.622662] [] ? prepare_creds+0x28/0x2b0 [ 33.628434] [] ? prepare_exec_creds+0x12/0xf0 [ 33.634553] [] do_filp_open+0x1a1/0x270 [ 33.640151] [] ? save_stack_trace+0x26/0x50 [ 33.646094] [] ? user_path_mountpoint_at+0x50/0x50 [ 33.652648] [] ? SyS_execve+0x42/0x50 [ 33.658074] [] ? stub_execve+0x5/0x5 [ 33.663409] [] ? __lock_acquire+0xa4f/0x4f50 [ 33.669444] [] ? trace_hardirqs_on+0x10/0x10 [ 33.675476] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 33.682400] [] do_open_execat+0x10c/0x6e0 [ 33.688173] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 33.694997] [] ? setup_arg_pages+0x7b0/0x7b0 [ 33.701030] [] ? do_execveat_common.isra.0+0x6b8/0x1e90 [ 33.708022] [] do_execveat_common.isra.0+0x6f6/0x1e90 [