[....] Starting enhanced syslogd: rsyslogd[ 13.314875] audit: type=1400 audit(1545094197.275:4): avc: denied { syslog } for pid=1915 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.126' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 45.148081] [ 45.149876] ====================================================== [ 45.156173] [ INFO: possible circular locking dependency detected ] [ 45.162611] 4.4.167+ #4 Not tainted [ 45.166213] ------------------------------------------------------- [ 45.172590] syz-executor104/2081 is trying to acquire lock: [ 45.178316] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15c/0x9e0 [ 45.186915] [ 45.186915] but task is already holding lock: [ 45.192858] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 [ 45.202785] [ 45.202785] which lock already depends on the new lock. [ 45.202785] [ 45.211085] [ 45.211085] the existing dependency chain (in reverse order) is: [ 45.218679] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 45.224390] [] lock_acquire+0x15e/0x450 [ 45.230638] [] mutex_lock_interruptible_nested+0xd2/0xcc0 [ 45.238583] [] proc_pid_attr_write+0x19e/0x290 [ 45.245435] [] __vfs_write+0x11c/0x3e0 [ 45.251605] [] __kernel_write+0x10a/0x350 [ 45.258022] [] write_pipe_buf+0x15d/0x1f0 [ 45.264446] [] __splice_from_pipe+0x364/0x790 [ 45.271302] [] splice_from_pipe+0xf9/0x170 [ 45.277815] [] default_file_splice_write+0x3c/0x80 [ 45.285012] [] SyS_splice+0xde1/0x1430 [ 45.291245] [] do_fast_syscall_32+0x31e/0xa80 [ 45.298023] [] sysenter_flags_fixed+0xd/0x1a [ 45.304699] -> #0 (&pipe->mutex/1){+.+.+.}: [ 45.309898] [] __lock_acquire+0x3cd4/0x5530 [ 45.316583] [] lock_acquire+0x15e/0x450 [ 45.322830] [] mutex_lock_nested+0xc2/0xb60 [ 45.329417] [] fifo_open+0x15c/0x9e0 [ 45.335393] [] do_dentry_open+0x38d/0xbd0 [ 45.341863] [] vfs_open+0x12a/0x210 [ 45.347783] [] path_openat+0xc10/0x3f10 [ 45.354182] [] do_filp_open+0x197/0x270 [ 45.360635] [] do_open_execat+0x10f/0x6f0 [ 45.367057] [] do_execveat_common.isra.14+0x6a1/0x1f00 [ 45.374604] [] compat_SyS_execve+0x48/0x60 [ 45.381120] [] do_fast_syscall_32+0x31e/0xa80 [ 45.387882] [] sysenter_flags_fixed+0xd/0x1a [ 45.394570] [ 45.394570] other info that might help us debug this: [ 45.394570] [ 45.402819] Possible unsafe locking scenario: [ 45.402819] [ 45.408849] CPU0 CPU1 [ 45.413487] ---- ---- [ 45.418124] lock(&sig->cred_guard_mutex); [ 45.422780] lock(&pipe->mutex/1); [ 45.429365] lock(&sig->cred_guard_mutex); [ 45.436421] lock(&pipe->mutex/1); [ 45.440393] [ 45.440393] *** DEADLOCK *** [ 45.440393] [ 45.446429] 1 lock held by syz-executor104/2081: [ 45.451159] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 [ 45.461557] [ 45.461557] stack backtrace: [ 45.466028] CPU: 1 PID: 2081 Comm: syz-executor104 Not tainted 4.4.167+ #4 [ 45.473011] 0000000000000000 9110d9ded75e878b ffff8800b6977460 ffffffff81aa62cd [ 45.481070] ffffffff83ab7610 ffffffff83ab7610 ffff8801d44bc740 ffffffff83ab0860 [ 45.489294] ffff8801d44bd028 ffff8800b69774b0 ffffffff813a9559 ffff8801d44bc740 [ 45.497296] Call Trace: [ 45.499871] [] dump_stack+0xc1/0x124 [ 45.505233] [] print_circular_bug.cold.31+0x2f6/0x435 [ 45.512177] [] __lock_acquire+0x3cd4/0x5530 [ 45.518131] [] ? trace_hardirqs_on+0x10/0x10 [ 45.524188] [] ? path_openat+0xc10/0x3f10 [ 45.529960] [] ? do_open_execat+0x10f/0x6f0 [ 45.535913] [] ? do_execveat_common.isra.14+0x6a1/0x1f00 [ 45.542991] [] lock_acquire+0x15e/0x450 [ 45.548590] [] ? fifo_open+0x15c/0x9e0 [ 45.554101] [] mutex_lock_nested+0xc2/0xb60 [ 45.560043] [] ? fifo_open+0x15c/0x9e0 [ 45.565556] [] ? check_preemption_disabled+0x3b/0x200 [ 45.572369] [] ? lockdep_init_map+0x110/0x1630 [ 45.578575] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 45.585312] [] ? mutex_trylock+0x4f0/0x4f0 [ 45.591192] [] ? fifo_open+0x24e/0x9e0 [ 45.596705] [] ? fifo_open+0x28d/0x9e0 [ 45.602214] [] fifo_open+0x15c/0x9e0 [ 45.607551] [] do_dentry_open+0x38d/0xbd0 [ 45.613318] [] ? __inode_permission2+0x9b/0x240 [ 45.619605] [] ? pipe_release+0x250/0x250 [ 45.625382] [] vfs_open+0x12a/0x210 [ 45.630634] [] ? may_open.isra.19+0x156/0x240 [ 45.636756] [] path_openat+0xc10/0x3f10 [ 45.642363] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 45.649193] [] ? may_open.isra.19+0x240/0x240 [ 45.655318] [] ? kasan_kmalloc.part.1+0xc9/0xf0 [ 45.661611] [] ? save_stack_trace+0x26/0x50 [ 45.667554] [] ? kasan_kmalloc.part.1+0x62/0xf0 [ 45.673852] [] ? kasan_kmalloc+0xaf/0xc0 [ 45.679544] [] ? __kmalloc_track_caller+0xf1/0x2e0 [ 45.686116] [] ? kmemdup+0x24/0x50 [ 45.691285] [] ? selinux_cred_prepare+0x43/0xa0 [ 45.697583] [] ? security_prepare_creds+0x83/0xc0 [ 45.704268] [] ? prepare_creds+0x222/0x2a0 [ 45.710128] [] ? prepare_exec_creds+0x11/0xf0 [ 45.716253] [] ? prepare_bprm_creds+0x67/0x110 [ 45.722461] [] ? compat_SyS_execve+0x48/0x60 [ 45.728495] [] ? do_fast_syscall_32+0x31e/0xa80 [ 45.734789] [] ? sysenter_flags_fixed+0xd/0x1a [ 45.741017] [] ? save_stack_trace+0x26/0x50 [ 45.746969] [] ? kasan_kmalloc+0xaf/0xc0 [ 45.752777] [] ? kasan_slab_alloc+0x12/0x20 [ 45.758727] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 45.764773] [] ? prepare_creds+0x28/0x2a0 [ 45.770579] [] ? prepare_exec_creds+0x11/0xf0 [ 45.776698] [] ? prepare_bprm_creds+0x67/0x110 [ 45.782907] [] ? do_execveat_common.isra.14+0x2d8/0x1f00 [ 45.790046] [] ? sysenter_flags_fixed+0xd/0x1a [ 45.796258] [] ? save_stack_trace+0x26/0x50 [ 45.802208] [] do_filp_open+0x197/0x270 [ 45.807807] [] ? user_path_mountpoint_at+0x70/0x70 [ 45.814359] [] ? trace_hardirqs_on+0x10/0x10 [ 45.820496] [] ? rcu_read_lock_sched_held+0x103/0x120 [ 45.827399] [] do_open_execat+0x10f/0x6f0 [ 45.833192] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 45.839921] [] ? setup_arg_pages+0x7a0/0x7a0 [ 45.845956] [] do_execveat_common.isra.14+0x6a1/0x1f00 [ 45.852857] [] ? do_execveat_common.isra.14+0x3db/0x1f00 [ 45.859930] [] ? prepare_bprm_creds+0x110/0x110 [ 45.866333] [] ? getname_flags+0x229/0x550 [ 45.872194] [] compat_SyS_execve+0x48/0x60 [ 45.878055] [] ? SyS_execveat+0x70/0x70 [ 45.883719] [] do_fast_syscall_32+0x31e/0xa80 [ 45.889844] [] sysenter_flags_fixed+0xd/0x1a