[....] Starting enhanced syslogd: rsyslogd[ 14.968111] audit: type=1400 audit(1571536273.221:4): avc: denied { syslog } for pid=1919 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.204' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.170499] [ 27.172358] ====================================================== [ 27.178677] [ INFO: possible circular locking dependency detected ] [ 27.185076] 4.4.174+ #17 Not tainted [ 27.188786] ------------------------------------------------------- [ 27.195184] syz-executor239/2073 is trying to acquire lock: [ 27.200904] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 [ 27.209667] [ 27.209667] but task is already holding lock: [ 27.216512] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 27.226371] [ 27.226371] which lock already depends on the new lock. [ 27.226371] [ 27.234668] [ 27.234668] the existing dependency chain (in reverse order) is: [ 27.242267] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 27.248071] [] lock_acquire+0x15e/0x450 [ 27.254339] [] mutex_lock_interruptible_nested+0xd2/0xce0 [ 27.262167] [] proc_pid_attr_write+0x1a8/0x2a0 [ 27.269104] [] __vfs_write+0x116/0x3d0 [ 27.275284] [] __kernel_write+0x112/0x370 [ 27.281727] [] write_pipe_buf+0x15d/0x1f0 [ 27.288152] [] __splice_from_pipe+0x37e/0x7a0 [ 27.296149] [] splice_from_pipe+0x108/0x170 [ 27.303087] [] default_file_splice_write+0x3c/0x80 [ 27.310535] [] SyS_splice+0xd71/0x13a0 [ 27.316722] [] do_fast_syscall_32+0x32d/0xa90 [ 27.323508] [] sysenter_flags_fixed+0xd/0x1a [ 27.330223] -> #0 (&pipe->mutex/1){+.+.+.}: [ 27.335495] [] __lock_acquire+0x37d6/0x4f50 [ 27.342126] [] lock_acquire+0x15e/0x450 [ 27.348407] [] mutex_lock_nested+0xc1/0xb80 [ 27.355791] [] fifo_open+0x15d/0xa00 [ 27.361809] [] do_dentry_open+0x38f/0xbd0 [ 27.368372] [] vfs_open+0x10b/0x210 [ 27.374279] [] path_openat+0x136f/0x4470 [ 27.380749] [] do_filp_open+0x1a1/0x270 [ 27.387039] [] do_open_execat+0x10c/0x6e0 [ 27.393585] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 27.401076] [] compat_SyS_execve+0x48/0x60 [ 27.407587] [] do_fast_syscall_32+0x32d/0xa90 [ 27.414356] [] sysenter_flags_fixed+0xd/0x1a [ 27.421054] [ 27.421054] other info that might help us debug this: [ 27.421054] [ 27.429176] Possible unsafe locking scenario: [ 27.429176] [ 27.435224] CPU0 CPU1 [ 27.439892] ---- ---- [ 27.444636] lock(&sig->cred_guard_mutex); [ 27.449178] lock(&pipe->mutex/1); [ 27.455870] lock(&sig->cred_guard_mutex); [ 27.462933] lock(&pipe->mutex/1); [ 27.466941] [ 27.466941] *** DEADLOCK *** [ 27.466941] [ 27.472979] 1 lock held by syz-executor239/2073: [ 27.477725] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 27.488202] [ 27.488202] stack backtrace: [ 27.492699] CPU: 1 PID: 2073 Comm: syz-executor239 Not tainted 4.4.174+ #17 [ 27.499789] 0000000000000000 6f2e6ac5e45570d7 ffff8801d47574c0 ffffffff81aad1a1 [ 27.507952] ffffffff84057a80 ffff8801d4c14740 ffffffff83abd100 ffffffff83ab66b0 [ 27.515971] ffffffff83abd100 ffff8801d4757510 ffffffff813abcda ffff8801d47575f0 [ 27.523994] Call Trace: [ 27.526579] [] dump_stack+0xc1/0x120 [ 27.531925] [] print_circular_bug.cold+0x2f7/0x44e [ 27.538486] [] __lock_acquire+0x37d6/0x4f50 [ 27.544451] [] ? trace_hardirqs_on+0x10/0x10 [ 27.550505] [] ? do_filp_open+0x1a1/0x270 [ 27.556283] [] ? do_execveat_common.isra.0+0x6f6/0x1e90 [ 27.563290] [] ? compat_SyS_execve+0x48/0x60 [ 27.569336] [] ? do_fast_syscall_32+0x32d/0xa90 [ 27.575798] [] ? sysenter_flags_fixed+0xd/0x1a [ 27.582033] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 27.588890] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 27.595633] [] lock_acquire+0x15e/0x450 [ 27.601452] [] ? fifo_open+0x15d/0xa00 [ 27.606993] [] ? fifo_open+0x15d/0xa00 [ 27.612533] [] mutex_lock_nested+0xc1/0xb80 [ 27.618490] [] ? fifo_open+0x15d/0xa00 [ 27.624008] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 27.630743] [] ? mutex_trylock+0x500/0x500 [ 27.636781] [] ? fifo_open+0x24d/0xa00 [ 27.642295] [] ? fifo_open+0x28c/0xa00 [ 27.647818] [] fifo_open+0x15d/0xa00 [ 27.653161] [] do_dentry_open+0x38f/0xbd0 [ 27.658940] [] ? __inode_permission2+0x9e/0x250 [ 27.665238] [] ? pipe_release+0x250/0x250 [ 27.671192] [] vfs_open+0x10b/0x210 [ 27.676459] [] ? may_open.isra.0+0xe7/0x210 [ 27.682430] [] path_openat+0x136f/0x4470 [ 27.688122] [] ? depot_save_stack+0x1c3/0x5f0 [ 27.694250] [] ? may_open.isra.0+0x210/0x210 [ 27.700307] [] ? kmemdup+0x27/0x60 [ 27.705479] [] ? selinux_cred_prepare+0x43/0xa0 [ 27.711792] [] ? security_prepare_creds+0x83/0xc0 [ 27.718265] [] ? prepare_creds+0x228/0x2b0 [ 27.724129] [] ? prepare_exec_creds+0x12/0xf0 [ 27.730255] [] ? do_execveat_common.isra.0+0x2d6/0x1e90 [ 27.737262] [] ? do_fast_syscall_32+0x32d/0xa90 [ 27.743561] [] ? kasan_kmalloc+0xb7/0xd0 [ 27.749254] [] ? kasan_slab_alloc+0xf/0x20 [ 27.755117] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 27.761157] [] ? prepare_creds+0x28/0x2b0 [ 27.766948] [] ? prepare_exec_creds+0x12/0xf0 [ 27.773072] [] do_filp_open+0x1a1/0x270 [ 27.778677] [] ? save_stack_trace+0x26/0x50 [ 27.784653] [] ? user_path_mountpoint_at+0x50/0x50 [ 27.791234] [] ? compat_SyS_execve+0x48/0x60 [ 27.797273] [] ? do_fast_syscall_32+0x32d/0xa90 [ 27.803574] [] ? sysenter_flags_fixed+0xd/0x1a [ 27.809805] [] ? __lock_acquire+0xa4f/0x4f50 [ 27.815862] [] ? trace_hardirqs_on+0x10/0x10 [ 27.821917] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 27.828741] [] do_open_execat+0x10c/0x6e0 [ 27.834521] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 27.841253] [] ? setup_arg_pages+0x7b0/0x7b0 [ 27.847293] [] ? do_execveat_common.isra.0+0x6b8/0x1e90 [ 27.854290] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 27.861132] [] ? do_execveat_common.isra.0+0x422/0x1e90 [ 27.868345] [] ? __check_object_size+0x222/0x332 [ 27.874740] [] ? strncpy_from_user+0xd1/0x230 [ 27.880868] [] ? prepare_bprm_creds+0x120/0x120 [ 27.887186] [] ? getname_flags+0x232/0x550 [ 27.893049] [] compat_SyS_execve+0x48/0x60 [ 27.898916] [] ? SyS_execveat+0x70/0x70 [ 27.904542] [] do_fast_syscall_32+0x32d/0xa90 [ 27.910703] [] sysenter_flags_fixed+0xd/0x1a