[....] Starting enhanced syslogd: rsyslogd[ 16.070593] audit: type=1400 audit(1552755280.773:4): avc: denied { syslog } for pid=1930 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 50.260881] [ 50.262668] ====================================================== [ 50.268973] [ INFO: possible circular locking dependency detected ] [ 50.275374] 4.4.174+ #17 Not tainted [ 50.279120] ------------------------------------------------------- [ 50.285968] syz-executor975/2094 is trying to acquire lock: [ 50.291663] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 [ 50.300230] [ 50.300230] but task is already holding lock: [ 50.306413] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 50.316517] [ 50.316517] which lock already depends on the new lock. [ 50.316517] [ 50.324832] [ 50.324832] the existing dependency chain (in reverse order) is: [ 50.332452] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 50.338144] [] lock_acquire+0x15e/0x450 [ 50.344516] [] mutex_lock_interruptible_nested+0xd2/0xce0 [ 50.352429] [] proc_pid_attr_write+0x1a8/0x2a0 [ 50.359530] [] __vfs_write+0x116/0x3d0 [ 50.365911] [] __kernel_write+0x112/0x370 [ 50.372742] [] write_pipe_buf+0x15d/0x1f0 [ 50.379250] [] __splice_from_pipe+0x37e/0x7a0 [ 50.386115] [] splice_from_pipe+0x108/0x170 [ 50.392936] [] default_file_splice_write+0x3c/0x80 [ 50.400179] [] SyS_splice+0xd71/0x13a0 [ 50.406368] [] do_fast_syscall_32+0x32d/0xa90 [ 50.413218] [] sysenter_flags_fixed+0xd/0x1a [ 50.420066] -> #0 (&pipe->mutex/1){+.+.+.}: [ 50.425252] [] __lock_acquire+0x37d6/0x4f50 [ 50.431871] [] lock_acquire+0x15e/0x450 [ 50.438207] [] mutex_lock_nested+0xc1/0xb80 [ 50.444853] [] fifo_open+0x15d/0xa00 [ 50.450863] [] do_dentry_open+0x38f/0xbd0 [ 50.457311] [] vfs_open+0x10b/0x210 [ 50.463319] [] path_openat+0x136f/0x4470 [ 50.469769] [] do_filp_open+0x1a1/0x270 [ 50.476140] [] do_open_execat+0x10c/0x6e0 [ 50.482656] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 50.490320] [] compat_SyS_execve+0x48/0x60 [ 50.496853] [] do_fast_syscall_32+0x32d/0xa90 [ 50.503884] [] sysenter_flags_fixed+0xd/0x1a [ 50.510586] [ 50.510586] other info that might help us debug this: [ 50.510586] [ 50.518841] Possible unsafe locking scenario: [ 50.518841] [ 50.525186] CPU0 CPU1 [ 50.529847] ---- ---- [ 50.534506] lock(&sig->cred_guard_mutex); [ 50.539273] lock(&pipe->mutex/1); [ 50.546059] lock(&sig->cred_guard_mutex); [ 50.553216] lock(&pipe->mutex/1); [ 50.557409] [ 50.557409] *** DEADLOCK *** [ 50.557409] [ 50.563471] 1 lock held by syz-executor975/2094: [ 50.568212] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 50.578789] [ 50.578789] stack backtrace: [ 50.583296] CPU: 0 PID: 2094 Comm: syz-executor975 Not tainted 4.4.174+ #17 [ 50.590442] 0000000000000000 8f55d3bfa0355621 ffff8800b6a1f4c0 ffffffff81aad1a1 [ 50.598500] ffffffff84057a80 ffff8801d5828000 ffffffff83abd2b0 ffffffff83ab66b0 [ 50.606521] ffffffff83abd2b0 ffff8800b6a1f510 ffffffff813abcda ffff8800b6a1f5f0 [ 50.614722] Call Trace: [ 50.617300] [] dump_stack+0xc1/0x120 [ 50.622724] [] print_circular_bug.cold+0x2f7/0x44e [ 50.630205] [] __lock_acquire+0x37d6/0x4f50 [ 50.636192] [] ? trace_hardirqs_on+0x10/0x10 [ 50.642356] [] ? do_filp_open+0x1a1/0x270 [ 50.648166] [] ? do_execveat_common.isra.0+0x6f6/0x1e90 [ 50.655193] [] ? compat_SyS_execve+0x48/0x60 [ 50.661258] [] ? do_fast_syscall_32+0x32d/0xa90 [ 50.667648] [] ? sysenter_flags_fixed+0xd/0x1a [ 50.674057] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 50.680832] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 50.687590] [] lock_acquire+0x15e/0x450 [ 50.693295] [] ? fifo_open+0x15d/0xa00 [ 50.698854] [] ? fifo_open+0x15d/0xa00 [ 50.704392] [] mutex_lock_nested+0xc1/0xb80 [ 50.710426] [] ? fifo_open+0x15d/0xa00 [ 50.715984] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 50.722773] [] ? mutex_trylock+0x500/0x500 [ 50.728774] [] ? fifo_open+0x24d/0xa00 [ 50.734336] [] ? fifo_open+0x28c/0xa00 [ 50.739874] [] fifo_open+0x15d/0xa00 [ 50.745347] [] do_dentry_open+0x38f/0xbd0 [ 50.751157] [] ? __inode_permission2+0x9e/0x250 [ 50.757486] [] ? pipe_release+0x250/0x250 [ 50.763300] [] vfs_open+0x10b/0x210 [ 50.768582] [] ? may_open.isra.0+0xe7/0x210 [ 50.774565] [] path_openat+0x136f/0x4470 [ 50.780301] [] ? depot_save_stack+0x1c3/0x5f0 [ 50.786549] [] ? may_open.isra.0+0x210/0x210 [ 50.792670] [] ? kmemdup+0x27/0x60 [ 50.797991] [] ? selinux_cred_prepare+0x43/0xa0 [ 50.804481] [] ? security_prepare_creds+0x83/0xc0 [ 50.811081] [] ? prepare_creds+0x228/0x2b0 [ 50.817042] [] ? prepare_exec_creds+0x12/0xf0 [ 50.823211] [] ? do_execveat_common.isra.0+0x2d6/0x1e90 [ 50.830247] [] ? do_fast_syscall_32+0x32d/0xa90 [ 50.836571] [] ? kasan_kmalloc+0xb7/0xd0 [ 50.842301] [] ? kasan_slab_alloc+0xf/0x20 [ 50.848186] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 50.854241] [] ? prepare_creds+0x28/0x2b0 [ 50.860209] [] ? prepare_exec_creds+0x12/0xf0 [ 50.866366] [] do_filp_open+0x1a1/0x270 [ 50.871992] [] ? save_stack_trace+0x26/0x50 [ 50.878086] [] ? user_path_mountpoint_at+0x50/0x50 [ 50.884671] [] ? compat_SyS_execve+0x48/0x60 [ 50.890744] [] ? do_fast_syscall_32+0x32d/0xa90 [ 50.897327] [] ? sysenter_flags_fixed+0xd/0x1a [ 50.903558] [] ? __lock_acquire+0xa4f/0x4f50 [ 50.909703] [] ? trace_hardirqs_on+0x10/0x10 [ 50.915790] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 50.922684] [] do_open_execat+0x10c/0x6e0 [ 50.928498] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 50.935263] [] ? setup_arg_pages+0x7b0/0x7b0 [ 50.941332] [] ? do_execveat_common.isra.0+0x6b8/0x1e90 [ 50.948369] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 50.955214] [] ? do_execveat_common.isra.0+0x422/0x1e90 [ 50.962249] [] ? __check_object_size+0x222/0x332 [ 50.968753] [] ? strncpy_from_user+0xd1/0x230 [ 50.975287] [] ? prepare_bprm_creds+0x120/0x120 [ 50.981617] [] ? getname_flags+0x232/0x550 [ 50.987516] [] compat_SyS_execve+0x48/0x60 [ 50.993405] [] ? SyS_execveat+0x70/0x70 [ 50.999089] [] do_fast_syscall_32+0x32d/0xa90 [ 51.006572] [] sysenter_flags_fixed+0xd/0x1a