[....] Starting enhanced syslogd: rsyslogd[ 12.760896] audit: type=1400 audit(1546377301.834:4): avc: denied { syslog } for pid=1918 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 31.949915] [ 31.951553] ====================================================== [ 31.957842] [ INFO: possible circular locking dependency detected ] [ 31.964217] 4.4.169+ #1 Not tainted [ 31.967812] ------------------------------------------------------- [ 31.974186] syz-executor239/2072 is trying to acquire lock: [ 31.979895] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 [ 31.988435] [ 31.988435] but task is already holding lock: [ 31.994375] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 32.004222] [ 32.004222] which lock already depends on the new lock. [ 32.004222] [ 32.012511] [ 32.012511] the existing dependency chain (in reverse order) is: [ 32.020116] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 32.025792] [] lock_acquire+0x15e/0x450 [ 32.032037] [] mutex_lock_interruptible_nested+0xd2/0xce0 [ 32.039846] [] proc_pid_attr_write+0x1a8/0x2a0 [ 32.046870] [] __vfs_write+0x116/0x3d0 [ 32.053040] [] __kernel_write+0x112/0x370 [ 32.059452] [] write_pipe_buf+0x15d/0x1f0 [ 32.065891] [] __splice_from_pipe+0x37e/0x7a0 [ 32.072654] [] splice_from_pipe+0x108/0x170 [ 32.079236] [] default_file_splice_write+0x3c/0x80 [ 32.086433] [] SyS_splice+0xd71/0x13a0 [ 32.092582] [] do_fast_syscall_32+0x32d/0xa90 [ 32.099343] [] sysenter_flags_fixed+0xd/0x1a [ 32.106024] -> #0 (&pipe->mutex/1){+.+.+.}: [ 32.111083] [] __lock_acquire+0x37d6/0x4f50 [ 32.117665] [] lock_acquire+0x15e/0x450 [ 32.123899] [] mutex_lock_nested+0xc1/0xb80 [ 32.130487] [] fifo_open+0x15d/0xa00 [ 32.136462] [] do_dentry_open+0x38f/0xbd0 [ 32.142886] [] vfs_open+0x10b/0x210 [ 32.148792] [] path_openat+0x136f/0x4470 [ 32.155113] [] do_filp_open+0x1a1/0x270 [ 32.161351] [] do_open_execat+0x10c/0x6e0 [ 32.167764] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 32.175218] [] compat_SyS_execve+0x48/0x60 [ 32.181715] [] do_fast_syscall_32+0x32d/0xa90 [ 32.188479] [] sysenter_flags_fixed+0xd/0x1a [ 32.195154] [ 32.195154] other info that might help us debug this: [ 32.195154] [ 32.203265] Possible unsafe locking scenario: [ 32.203265] [ 32.209293] CPU0 CPU1 [ 32.213933] ---- ---- [ 32.218571] lock(&sig->cred_guard_mutex); [ 32.223098] lock(&pipe->mutex/1); [ 32.229568] lock(&sig->cred_guard_mutex); [ 32.236614] lock(&pipe->mutex/1); [ 32.240570] [ 32.240570] *** DEADLOCK *** [ 32.240570] [ 32.246603] 1 lock held by syz-executor239/2072: [ 32.251326] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 32.261692] [ 32.261692] stack backtrace: [ 32.266160] CPU: 0 PID: 2072 Comm: syz-executor239 Not tainted 4.4.169+ #1 [ 32.273141] 0000000000000000 062557b242678646 ffff8800b68b74c0 ffffffff81aab9c1 [ 32.281117] ffffffff84055ac0 ffff8800b6da0000 ffffffff83abb610 ffffffff83ab4500 [ 32.289113] ffffffff83abb610 ffff8800b68b7510 ffffffff813abaf4 ffff8800b68b75f0 [ 32.297107] Call Trace: [ 32.299671] [] dump_stack+0xc1/0x120 [ 32.305010] [] print_circular_bug.cold+0x2f7/0x44e [ 32.311562] [] __lock_acquire+0x37d6/0x4f50 [ 32.317508] [] ? trace_hardirqs_on+0x10/0x10 [ 32.323539] [] ? do_filp_open+0x1a1/0x270 [ 32.329310] [] ? do_execveat_common.isra.0+0x6f6/0x1e90 [ 32.336303] [] ? compat_SyS_execve+0x48/0x60 [ 32.342350] [] ? do_fast_syscall_32+0x32d/0xa90 [ 32.348642] [] ? sysenter_flags_fixed+0xd/0x1a [ 32.354849] [] lock_acquire+0x15e/0x450 [ 32.360447] [] ? fifo_open+0x15d/0xa00 [ 32.365956] [] ? fifo_open+0x15d/0xa00 [ 32.371466] [] mutex_lock_nested+0xc1/0xb80 [ 32.377442] [] ? fifo_open+0x15d/0xa00 [ 32.382955] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 32.389679] [] ? mutex_trylock+0x500/0x500 [ 32.395535] [] ? fifo_open+0x24d/0xa00 [ 32.401044] [] ? fifo_open+0x28c/0xa00 [ 32.406551] [] fifo_open+0x15d/0xa00 [ 32.411886] [] do_dentry_open+0x38f/0xbd0 [ 32.417656] [] ? __inode_permission2+0x9e/0x250 [ 32.423946] [] ? pipe_release+0x250/0x250 [ 32.429713] [] vfs_open+0x10b/0x210 [ 32.434972] [] ? may_open.isra.0+0xe7/0x210 [ 32.440915] [] path_openat+0x136f/0x4470 [ 32.446614] [] ? depot_save_stack+0x1c3/0x5f0 [ 32.452731] [] ? may_open.isra.0+0x210/0x210 [ 32.458781] [] ? kmemdup+0x27/0x60 [ 32.463962] [] ? selinux_cred_prepare+0x43/0xa0 [ 32.470269] [] ? security_prepare_creds+0x83/0xc0 [ 32.476747] [] ? prepare_creds+0x228/0x2b0 [ 32.482604] [] ? prepare_exec_creds+0x12/0xf0 [ 32.488722] [] ? do_execveat_common.isra.0+0x2d6/0x1e90 [ 32.495713] [] ? do_fast_syscall_32+0x32d/0xa90 [ 32.502006] [] ? kasan_kmalloc+0xb7/0xd0 [ 32.507691] [] ? kasan_slab_alloc+0xf/0x20 [ 32.513610] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 32.519641] [] ? prepare_creds+0x28/0x2b0 [ 32.525430] [] ? prepare_exec_creds+0x12/0xf0 [ 32.531551] [] do_filp_open+0x1a1/0x270 [ 32.537148] [] ? save_stack_trace+0x26/0x50 [ 32.543102] [] ? user_path_mountpoint_at+0x50/0x50 [ 32.549656] [] ? compat_SyS_execve+0x48/0x60 [ 32.555690] [] ? do_fast_syscall_32+0x32d/0xa90 [ 32.561981] [] ? sysenter_flags_fixed+0xd/0x1a [ 32.568200] [] ? __lock_acquire+0xa4f/0x4f50 [ 32.574250] [] ? trace_hardirqs_on+0x10/0x10 [ 32.580281] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 32.587095] [] do_open_execat+0x10c/0x6e0 [ 32.592862] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 32.599588] [] ? setup_arg_pages+0x7b0/0x7b0 [ 32.605620] [] ? do_execveat_common.isra.0+0x6b8/0x1e90 [ 32.612608] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 32.619425] [] ? do_execveat_common.isra.0+0x422/0x1e90 [ 32.626421] [] ? __check_object_size+0x222/0x332 [ 32.632821] [] ? strncpy_from_user+0xe1/0x230 [ 32.638956] [] ? prepare_bprm_creds+0x120/0x120 [ 32.645249] [] ? getname_flags+0x232/0x550 [ 32.651107] [