[....] Starting enhanced syslogd: rsyslogd[ 14.691286] audit: type=1400 audit(1574566360.381:4): avc: denied { syslog } for pid=1926 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.62' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.403664] [ 26.405337] ====================================================== [ 26.411633] [ INFO: possible circular locking dependency detected ] [ 26.418026] 4.4.174+ #4 Not tainted [ 26.421652] ------------------------------------------------------- [ 26.428127] syz-executor355/2082 is trying to acquire lock: [ 26.433821] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 [ 26.443056] [ 26.443056] but task is already holding lock: [ 26.449008] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 26.458875] [ 26.458875] which lock already depends on the new lock. [ 26.458875] [ 26.467173] [ 26.467173] the existing dependency chain (in reverse order) is: [ 26.475479] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 26.481171] [] lock_acquire+0x15e/0x450 [ 26.487448] [] mutex_lock_interruptible_nested+0xd2/0xce0 [ 26.495288] [] proc_pid_attr_write+0x1a8/0x2a0 [ 26.502148] [] __vfs_write+0x116/0x3d0 [ 26.508318] [] __kernel_write+0x112/0x370 [ 26.514751] [] write_pipe_buf+0x15d/0x1f0 [ 26.521165] [] __splice_from_pipe+0x37e/0x7a0 [ 26.527945] [] splice_from_pipe+0x108/0x170 [ 26.534536] [] default_file_splice_write+0x3c/0x80 [ 26.541736] [] SyS_splice+0xd71/0x13a0 [ 26.547889] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 26.555094] -> #0 (&pipe->mutex/1){+.+.+.}: [ 26.560196] [] __lock_acquire+0x37d6/0x4f50 [ 26.566889] [] lock_acquire+0x15e/0x450 [ 26.573400] [] mutex_lock_nested+0xc1/0xb80 [ 26.580004] [] fifo_open+0x15d/0xa00 [ 26.585990] [] do_dentry_open+0x38f/0xbd0 [ 26.592801] [] vfs_open+0x10b/0x210 [ 26.598702] [] path_openat+0x136f/0x4470 [ 26.605061] [] do_filp_open+0x1a1/0x270 [ 26.611314] [] do_open_execat+0x10c/0x6e0 [ 26.617757] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 26.625216] [] SyS_execve+0x42/0x50 [ 26.631121] [] return_from_execve+0x0/0x23 [ 26.637628] [ 26.637628] other info that might help us debug this: [ 26.637628] [ 26.645758] Possible unsafe locking scenario: [ 26.645758] [ 26.651853] CPU0 CPU1 [ 26.656493] ---- ---- [ 26.661147] lock(&sig->cred_guard_mutex); [ 26.665704] lock(&pipe->mutex/1); [ 26.672258] lock(&sig->cred_guard_mutex); [ 26.679363] lock(&pipe->mutex/1); [ 26.683331] [ 26.683331] *** DEADLOCK *** [ 26.683331] [ 26.689463] 1 lock held by syz-executor355/2082: [ 26.694193] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 26.704619] [ 26.704619] stack backtrace: [ 26.709102] CPU: 1 PID: 2082 Comm: syz-executor355 Not tainted 4.4.174+ #4 [ 26.716099] 0000000000000000 1e864f5760f95112 ffff8801d5937530 ffffffff81aad1a1 [ 26.724203] ffffffff84057a80 ffff8801d5134740 ffffffff83abd2b0 ffffffff83ab6860 [ 26.732235] ffffffff83abd2b0 ffff8801d5937580 ffffffff813abcda ffff8801d5937660 [ 26.740232] Call Trace: [ 26.742812] [] dump_stack+0xc1/0x120 [ 26.748161] [] print_circular_bug.cold+0x2f7/0x44e [ 26.754727] [] __lock_acquire+0x37d6/0x4f50 [ 26.760698] [] ? trace_hardirqs_on+0x10/0x10 [ 26.766736] [] ? do_filp_open+0x1a1/0x270 [ 26.772510] [] ? do_execveat_common.isra.0+0x6f6/0x1e90 [ 26.779498] [] ? SyS_execve+0x42/0x50 [ 26.784939] [] ? stub_execve+0x5/0x5 [ 26.790280] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.797028] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.803775] [] lock_acquire+0x15e/0x450 [ 26.809453] [] ? fifo_open+0x15d/0xa00 [ 26.814982] [] ? fifo_open+0x15d/0xa00 [ 26.820526] [] mutex_lock_nested+0xc1/0xb80 [ 26.826477] [] ? fifo_open+0x15d/0xa00 [ 26.832001] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 26.838739] [] ? mutex_trylock+0x500/0x500 [ 26.844698] [] ? fifo_open+0x24d/0xa00 [ 26.850239] [] ? fifo_open+0x28c/0xa00 [ 26.855777] [] fifo_open+0x15d/0xa00 [ 26.861123] [] do_dentry_open+0x38f/0xbd0 [ 26.866898] [] ? __inode_permission2+0x9e/0x250 [ 26.873371] [] ? pipe_release+0x250/0x250 [ 26.879204] [] vfs_open+0x10b/0x210 [ 26.884473] [] ? may_open.isra.0+0xe7/0x210 [ 26.890421] [] path_openat+0x136f/0x4470 [ 26.896128] [] ? depot_save_stack+0x1c3/0x5f0 [ 26.902247] [] ? may_open.isra.0+0x210/0x210 [ 26.908368] [] ? kmemdup+0x27/0x60 [ 26.913602] [] ? selinux_cred_prepare+0x43/0xa0 [ 26.919907] [] ? security_prepare_creds+0x83/0xc0 [ 26.926380] [] ? prepare_creds+0x228/0x2b0 [ 26.932239] [] ? prepare_exec_creds+0x12/0xf0 [ 26.938362] [] ? do_execveat_common.isra.0+0x2d6/0x1e90 [ 26.945632] [] ? stub_execve+0x5/0x5 [ 26.950979] [] ? kasan_kmalloc+0xb7/0xd0 [ 26.956667] [] ? kasan_slab_alloc+0xf/0x20 [ 26.962529] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 26.968571] [] ? prepare_creds+0x28/0x2b0 [ 26.974342] [] ? prepare_exec_creds+0x12/0xf0 [ 26.980466] [] do_filp_open+0x1a1/0x270 [ 26.986703] [] ? save_stack_trace+0x26/0x50 [ 26.992660] [] ? user_path_mountpoint_at+0x50/0x50 [ 26.999217] [] ? SyS_execve+0x42/0x50 [ 27.004708] [] ? stub_execve+0x5/0x5 [ 27.010114] [] ? __lock_acquire+0xa4f/0x4f50 [ 27.016156] [] ? trace_hardirqs_on+0x10/0x10 [ 27.022279] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 27.029102] [] do_open_execat+0x10c/0x6e0 [ 27.034884] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 27.041890] [] ? setup_arg_pages+0x7b0/0x7b0 [ 27.047925] [] ? do_execveat_common.isra.0+0x6b8/0x1e90 [ 27.055090] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 27.061907] [] ? do_execveat_common.isra.0+0x422/0x1e90 [ 27.068897] [] ? __check_object_size+0x222/0x332 [ 27.075281] [] ? strncpy_from_user+0xd0/0x230 [ 27.081404] [] ? prepare_bprm_creds+0x120/0x120 [ 27.087699] [] ? getname_flags+0x232/0x550 [ 27.093576] [] SyS_execve+0x42/0x50 [ 27.098844] [] stub_execve+0x5/0x5 [ 27.104007] [] ? tracesys+0x88/0x8d