[....] Starting enhanced syslogd: rsyslogd[ 14.233650] audit: type=1400 audit(1546907742.358:4): avc: denied { syslog } for pid=1918 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.53' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.506012] [ 34.507667] ====================================================== [ 34.513957] [ INFO: possible circular locking dependency detected ] [ 34.520337] 4.4.169+ #2 Not tainted [ 34.523931] ------------------------------------------------------- [ 34.530304] syz-executor511/2074 is trying to acquire lock: [ 34.535981] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 [ 34.544518] [ 34.544518] but task is already holding lock: [ 34.550458] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 34.560280] [ 34.560280] which lock already depends on the new lock. [ 34.560280] [ 34.568575] [ 34.568575] the existing dependency chain (in reverse order) is: [ 34.576166] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 34.581842] [] lock_acquire+0x15e/0x450 [ 34.588094] [] mutex_lock_interruptible_nested+0xd2/0xce0 [ 34.595892] [] proc_pid_attr_write+0x1a8/0x2a0 [ 34.602737] [] __vfs_write+0x116/0x3d0 [ 34.608894] [] __kernel_write+0x112/0x370 [ 34.615304] [] write_pipe_buf+0x15d/0x1f0 [ 34.621719] [] __splice_from_pipe+0x37e/0x7a0 [ 34.628553] [] splice_from_pipe+0x108/0x170 [ 34.636231] [] default_file_splice_write+0x3c/0x80 [ 34.643575] [] SyS_splice+0xd71/0x13a0 [ 34.649726] [] do_fast_syscall_32+0x32d/0xa90 [ 34.656488] [] sysenter_flags_fixed+0xd/0x1a [ 34.663176] -> #0 (&pipe->mutex/1){+.+.+.}: [ 34.668235] [] __lock_acquire+0x37d6/0x4f50 [ 34.674826] [] lock_acquire+0x15e/0x450 [ 34.681060] [] mutex_lock_nested+0xc1/0xb80 [ 34.687710] [] fifo_open+0x15d/0xa00 [ 34.693696] [] do_dentry_open+0x38f/0xbd0 [ 34.700206] [] vfs_open+0x10b/0x210 [ 34.706100] [] path_openat+0x136f/0x4470 [ 34.712424] [] do_filp_open+0x1a1/0x270 [ 34.718662] [] do_open_execat+0x10c/0x6e0 [ 34.725075] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 34.732537] [] compat_SyS_execve+0x48/0x60 [ 34.739129] [] do_fast_syscall_32+0x32d/0xa90 [ 34.745894] [] sysenter_flags_fixed+0xd/0x1a [ 34.752678] [ 34.752678] other info that might help us debug this: [ 34.752678] [ 34.762729] Possible unsafe locking scenario: [ 34.762729] [ 34.768765] CPU0 CPU1 [ 34.773511] ---- ---- [ 34.778151] lock(&sig->cred_guard_mutex); [ 34.782692] lock(&pipe->mutex/1); [ 34.789169] lock(&sig->cred_guard_mutex); [ 34.796231] lock(&pipe->mutex/1); [ 34.800310] [ 34.800310] *** DEADLOCK *** [ 34.800310] [ 34.806351] 1 lock held by syz-executor511/2074: [ 34.811199] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 34.822080] [ 34.822080] stack backtrace: [ 34.826561] CPU: 1 PID: 2074 Comm: syz-executor511 Not tainted 4.4.169+ #2 [ 34.833554] 0000000000000000 e9889c1e16182c0b ffff8801d4de74c0 ffffffff81aab9c1 [ 34.841561] ffffffff84055ac0 ffff8800b70e5f00 ffffffff83abb2b0 ffffffff83ab4500 [ 34.849561] ffffffff83abb2b0 ffff8801d4de7510 ffffffff813abaf4 ffff8801d4de75f0 [ 34.857836] Call Trace: [ 34.860404] [] dump_stack+0xc1/0x120 [ 34.865755] [] print_circular_bug.cold+0x2f7/0x44e [ 34.872327] [] __lock_acquire+0x37d6/0x4f50 [ 34.878291] [] ? trace_hardirqs_on+0x10/0x10 [ 34.884584] [] ? do_filp_open+0x1a1/0x270 [ 34.890378] [] ? do_execveat_common.isra.0+0x6f6/0x1e90 [ 34.897691] [] ? compat_SyS_execve+0x48/0x60 [ 34.903894] [] ? do_fast_syscall_32+0x32d/0xa90 [ 34.910203] [] ? sysenter_flags_fixed+0xd/0x1a [ 34.916700] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 34.923448] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 34.930462] [] lock_acquire+0x15e/0x450 [ 34.936074] [] ? fifo_open+0x15d/0xa00 [ 34.941741] [] ? fifo_open+0x15d/0xa00 [ 34.947269] [] mutex_lock_nested+0xc1/0xb80 [ 34.953367] [] ? fifo_open+0x15d/0xa00 [ 34.958993] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 34.965840] [] ? mutex_trylock+0x500/0x500 [ 34.971714] [] ? fifo_open+0x24d/0xa00 [ 34.977235] [] ? fifo_open+0x28c/0xa00 [ 34.982755] [] fifo_open+0x15d/0xa00 [ 34.988102] [] do_dentry_open+0x38f/0xbd0 [ 34.993885] [] ? __inode_permission2+0x9e/0x250 [ 35.000296] [] ? pipe_release+0x250/0x250 [ 35.006228] [] vfs_open+0x10b/0x210 [ 35.011604] [] ? may_open.isra.0+0xe7/0x210 [ 35.017565] [] path_openat+0x136f/0x4470 [ 35.023360] [] ? depot_save_stack+0x1c3/0x5f0 [ 35.029491] [] ? may_open.isra.0+0x210/0x210 [ 35.035548] [] ? kmemdup+0x27/0x60 [ 35.040780] [] ? selinux_cred_prepare+0x43/0xa0 [ 35.047102] [] ? security_prepare_creds+0x83/0xc0 [ 35.053588] [] ? prepare_creds+0x228/0x2b0 [ 35.059464] [] ? prepare_exec_creds+0x12/0xf0 [ 35.065602] [] ? do_execveat_common.isra.0+0x2d6/0x1e90 [ 35.072613] [] ? do_fast_syscall_32+0x32d/0xa90 [ 35.078924] [] ? kasan_kmalloc+0xb7/0xd0 [ 35.084626] [] ? kasan_slab_alloc+0xf/0x20 [ 35.090505] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 35.096553] [] ? prepare_creds+0x28/0x2b0 [ 35.102352] [] ? prepare_exec_creds+0x12/0xf0 [ 35.108506] [] do_filp_open+0x1a1/0x270 [ 35.114124] [] ? save_stack_trace+0x26/0x50 [ 35.120188] [] ? user_path_mountpoint_at+0x50/0x50 [ 35.126765] [] ? compat_SyS_execve+0x48/0x60 [ 35.132818] [] ? do_fast_syscall_32+0x32d/0xa90 [ 35.139196] [] ? sysenter_flags_fixed+0xd/0x1a [ 35.145523] [] ? __lock_acquire+0xa4f/0x4f50 [ 35.151574] [] ? trace_hardirqs_on+0x10/0x10 [ 35.157620] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 35.164569] [] do_open_execat+0x10c/0x6e0 [ 35.170353] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 35.177092] [] ? setup_arg_pages+0x7b0/0x7b0 [ 35.183139] [] ? do_execveat_common.isra.0+0x6b8/0x1e90 [ 35.190139] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 35.196969] [] ? do_execveat_common.isra.0+0x422/0x1e90 [ 35.203972] [] ? __check_object_size+0x222/0x332 [ 35.210477] [] ? strncpy_from_user+0xe1/0x230 [ 35.216619] [] ? prepare_bprm_creds+0x120/0x120 [ 35.222925] [] ? getname_flags+0x232/0x550 [ 35.229023] [] compat_SyS_execve+0x48/0x60 [ 35.234898] [] ? SyS_execveat+0x70/0x70 [ 35.240510] [] do_fast_syscall_32+0x32d/0xa90 [ 35.246742] [] sysenter_flags_fixed+0xd/0x1a