[....] Starting enhanced syslogd: rsyslogd[ 13.842172] audit: type=1400 audit(1544278272.716:4): avc: denied { syslog } for pid=1919 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.506012] [ 34.507657] ====================================================== [ 34.513948] [ INFO: possible circular locking dependency detected ] [ 34.520323] 4.4.166+ #1 Not tainted [ 34.523918] ------------------------------------------------------- [ 34.530292] syz-executor995/2071 is trying to acquire lock: [ 34.535967] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15c/0x9e0 [ 34.544515] [ 34.544515] but task is already holding lock: [ 34.550459] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 [ 34.560281] [ 34.560281] which lock already depends on the new lock. [ 34.560281] [ 34.568566] [ 34.568566] the existing dependency chain (in reverse order) is: [ 34.576153] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 34.581827] [] lock_acquire+0x15e/0x450 [ 34.588089] [] mutex_lock_interruptible_nested+0xd2/0xcc0 [ 34.595893] [] proc_pid_attr_write+0x19e/0x290 [ 34.602810] [] __vfs_write+0x11c/0x3e0 [ 34.608972] [] __kernel_write+0x10a/0x350 [ 34.615408] [] write_pipe_buf+0x15d/0x1f0 [ 34.621814] [] __splice_from_pipe+0x364/0x790 [ 34.628580] [] splice_from_pipe+0xf9/0x170 [ 34.635080] [] default_file_splice_write+0x3c/0x80 [ 34.642271] [] SyS_splice+0xde1/0x1430 [ 34.648436] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 34.655745] -> #0 (&pipe->mutex/1){+.+.+.}: [ 34.660851] [] __lock_acquire+0x3cd4/0x5530 [ 34.667434] [] lock_acquire+0x15e/0x450 [ 34.673663] [] mutex_lock_nested+0xc2/0xb60 [ 34.680239] [] fifo_open+0x15c/0x9e0 [ 34.686234] [] do_dentry_open+0x38d/0xbd0 [ 34.692684] [] vfs_open+0x12a/0x210 [ 34.698570] [] path_openat+0xc10/0x3f10 [ 34.704816] [] do_filp_open+0x197/0x270 [ 34.711053] [] do_open_execat+0x10f/0x6f0 [ 34.717461] [] do_execveat_common.isra.14+0x6a1/0x1f00 [ 34.725002] [] SyS_execve+0x42/0x50 [ 34.730906] [] return_from_execve+0x0/0x23 [ 34.737404] [ 34.737404] other info that might help us debug this: [ 34.737404] [ 34.745513] Possible unsafe locking scenario: [ 34.745513] [ 34.751536] CPU0 CPU1 [ 34.756191] ---- ---- [ 34.760830] lock(&sig->cred_guard_mutex); [ 34.765364] lock(&pipe->mutex/1); [ 34.771829] lock(&sig->cred_guard_mutex); [ 34.778872] lock(&pipe->mutex/1); [ 34.782822] [ 34.782822] *** DEADLOCK *** [ 34.782822] [ 34.788854] 1 lock held by syz-executor995/2071: [ 34.793595] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 [ 34.803958] [ 34.803958] stack backtrace: [ 34.808427] CPU: 1 PID: 2071 Comm: syz-executor995 Not tainted 4.4.166+ #1 [ 34.815406] 0000000000000000 b758b28b139da398 ffff8801d413f4d0 ffffffff81aa62ad [ 34.823408] ffffffff83ab7610 ffffffff83ab7610 ffff8801d4f92f80 ffffffff83ab0860 [ 34.831413] ffff8801d4f93868 ffff8801d413f520 ffffffff813a9549 ffff8801d4f92f80 [ 34.839403] Call Trace: [ 34.841969] [] dump_stack+0xc1/0x124 [ 34.847307] [] print_circular_bug.cold.31+0x2f6/0x435 [ 34.854123] [] __lock_acquire+0x3cd4/0x5530 [ 34.860066] [] ? trace_hardirqs_on+0x10/0x10 [ 34.866190] [] ? path_openat+0xc10/0x3f10 [ 34.871969] [] ? do_open_execat+0x10f/0x6f0 [ 34.877914] [] ? do_execveat_common.isra.14+0x6a1/0x1f00 [ 34.885012] [] lock_acquire+0x15e/0x450 [ 34.885015] [] ? fifo_open+0x15c/0x9e0 [ 34.885021] [] mutex_lock_nested+0xc2/0xb60 [ 34.885025] [] ? fifo_open+0x15c/0x9e0 [ 34.885031] [] ? check_preemption_disabled+0x3b/0x200 [ 34.885035] [] ? lockdep_init_map+0x110/0x1630 [ 34.885040] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 34.885044] [] ? mutex_trylock+0x4f0/0x4f0 [ 34.885047] [] ? fifo_open+0x24e/0x9e0 [ 34.885050] [] ? fifo_open+0x28d/0x9e0 [ 34.885059] [] fifo_open+0x15c/0x9e0 [ 34.885065] [] do_dentry_open+0x38d/0xbd0 [ 34.885069] [] ? __inode_permission2+0x9b/0x240 [ 34.885072] [] ? pipe_release+0x250/0x250 [ 34.885076] [] vfs_open+0x12a/0x210 [ 34.885079] [] ? may_open.isra.19+0x156/0x240 [ 34.885083] [] path_openat+0xc10/0x3f10 [ 34.885095] [] ? dump_trace+0x184/0x360 [ 34.885099] [] ? may_open.isra.19+0x240/0x240 [ 34.885103] [] ? kasan_kmalloc.part.1+0xc9/0xf0 [ 34.885108] [] ? save_stack_trace+0x26/0x50 [ 34.885111] [] ? kasan_kmalloc.part.1+0x62/0xf0 [ 34.885115] [] ? kasan_kmalloc+0xaf/0xc0 [ 34.885119] [] ? __kmalloc_track_caller+0xf1/0x2e0 [ 34.885124] [] ? kmemdup+0x24/0x50 [ 34.885145] [] ? selinux_cred_prepare+0x43/0xa0 [ 34.885151] [] ? security_prepare_creds+0x83/0xc0 [ 34.885157] [] ? prepare_creds+0x222/0x2a0 [ 34.885161] [] ? prepare_exec_creds+0x11/0xf0 [ 34.885165] [] ? prepare_bprm_creds+0x67/0x110 [ 34.885169] [] ? SyS_execve+0x42/0x50 [ 34.885173] [] ? stub_execve+0x5/0x5 [ 34.885176] [] ? save_stack_trace+0x26/0x50 [ 34.885180] [] ? kasan_kmalloc+0xaf/0xc0 [ 34.885183] [] ? kasan_slab_alloc+0x12/0x20 [ 34.885187] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 34.885190] [] ? prepare_creds+0x28/0x2a0 [ 34.885193] [] ? prepare_exec_creds+0x11/0xf0 [ 34.885197] [] ? prepare_bprm_creds+0x67/0x110 [ 34.885201] [] ? do_execveat_common.isra.14+0x2d8/0x1f00 [ 34.885205] [] ? save_stack_trace+0x26/0x50 [ 34.885208] [] do_filp_open+0x197/0x270 [ 34.885212] [] ? user_path_mountpoint_at+0x70/0x70 [ 34.885216] [] ? trace_hardirqs_on+0x10/0x10 [ 34.885219] [] ? rcu_read_lock_sched_held+0x103/0x120 [ 34.885223] [] do_open_execat+0x10f/0x6f0 [ 34.885226] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 34.885230] [] ? setup_arg_pages+0x7a0/0x7a0 [ 34.885235] [] do_execveat_common.isra.14+0x6a1/0x1f00 [ 34.885239] [] ? do_execveat_common.isra.14+0x3db/0x1f00 [ 34.885243] [] ? prepare_bprm_creds+0x110/0x110 [ 34.885246] [] ? getname_flags+0x229/0x550 [ 34.885250] [] SyS_execve+0x42/0x50 [ 34.885253] [] stub_execve+0x5/0x5 [ 34.885258] [] ? tracesys+0x88/0x8d