[....] Starting enhanced syslogd: rsyslogd[ 13.474689] audit: type=1400 audit(1552637559.502:4): avc: denied { syslog } for pid=1921 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.220' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.758123] [ 41.759786] ====================================================== [ 41.766073] [ INFO: possible circular locking dependency detected ] [ 41.772450] 4.4.174+ #17 Not tainted [ 41.776133] ------------------------------------------------------- [ 41.782513] syz-executor599/2081 is trying to acquire lock: [ 41.788194] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 [ 41.796734] [ 41.796734] but task is already holding lock: [ 41.802677] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 41.812523] [ 41.812523] which lock already depends on the new lock. [ 41.812523] [ 41.820818] [ 41.820818] the existing dependency chain (in reverse order) is: [ 41.828410] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 41.834053] [] lock_acquire+0x15e/0x450 [ 41.840399] [] mutex_lock_interruptible_nested+0xd2/0xce0 [ 41.848201] [] proc_pid_attr_write+0x1a8/0x2a0 [ 41.855056] [] __vfs_write+0x116/0x3d0 [ 41.861296] [] __kernel_write+0x112/0x370 [ 41.867705] [] write_pipe_buf+0x15d/0x1f0 [ 41.874113] [] __splice_from_pipe+0x37e/0x7a0 [ 41.880873] [] splice_from_pipe+0x108/0x170 [ 41.887480] [] default_file_splice_write+0x3c/0x80 [ 41.894736] [] SyS_splice+0xd71/0x13a0 [ 41.900920] [] do_fast_syscall_32+0x32d/0xa90 [ 41.907688] [] sysenter_flags_fixed+0xd/0x1a [ 41.914370] -> #0 (&pipe->mutex/1){+.+.+.}: [ 41.919475] [] __lock_acquire+0x37d6/0x4f50 [ 41.926059] [] lock_acquire+0x15e/0x450 [ 41.932305] [] mutex_lock_nested+0xc1/0xb80 [ 41.938918] [] fifo_open+0x15d/0xa00 [ 41.944912] [] do_dentry_open+0x38f/0xbd0 [ 41.951327] [] vfs_open+0x10b/0x210 [ 41.957221] [] path_openat+0x136f/0x4470 [ 41.963555] [] do_filp_open+0x1a1/0x270 [ 41.969793] [] do_open_execat+0x10c/0x6e0 [ 41.976246] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 41.983699] [] compat_SyS_execve+0x48/0x60 [ 41.990207] [] do_fast_syscall_32+0x32d/0xa90 [ 41.996963] [] sysenter_flags_fixed+0xd/0x1a [ 42.003639] [ 42.003639] other info that might help us debug this: [ 42.003639] [ 42.011753] Possible unsafe locking scenario: [ 42.011753] [ 42.017781] CPU0 CPU1 [ 42.022419] ---- ---- [ 42.027056] lock(&sig->cred_guard_mutex); [ 42.031697] lock(&pipe->mutex/1); [ 42.038185] lock(&sig->cred_guard_mutex); [ 42.045242] lock(&pipe->mutex/1); [ 42.049192] [ 42.049192] *** DEADLOCK *** [ 42.049192] [ 42.055229] 1 lock held by syz-executor599/2081: [ 42.059958] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 42.070497] [ 42.070497] stack backtrace: [ 42.075022] CPU: 0 PID: 2081 Comm: syz-executor599 Not tainted 4.4.174+ #17 [ 42.082278] 0000000000000000 931fe89177b4ea9b ffff8800b64474c0 ffffffff81aad1a1 [ 42.090287] ffffffff84057a80 ffff8801d47f0000 ffffffff83abd2b0 ffffffff83ab6500 [ 42.098272] ffffffff83abd2b0 ffff8800b6447510 ffffffff813abcda ffff8800b64475f0 [ 42.106263] Call Trace: [ 42.108833] [] dump_stack+0xc1/0x120 [ 42.114175] [] print_circular_bug.cold+0x2f7/0x44e [ 42.120729] [] __lock_acquire+0x37d6/0x4f50 [ 42.126672] [] ? trace_hardirqs_on+0x10/0x10 [ 42.132709] [] ? do_filp_open+0x1a1/0x270 [ 42.138530] [] ? do_execveat_common.isra.0+0x6f6/0x1e90 [ 42.145534] [] ? compat_SyS_execve+0x48/0x60 [ 42.151731] [] ? do_fast_syscall_32+0x32d/0xa90 [ 42.158031] [] ? sysenter_flags_fixed+0xd/0x1a [ 42.164253] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 42.170981] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 42.177810] [] lock_acquire+0x15e/0x450 [ 42.183415] [] ? fifo_open+0x15d/0xa00 [ 42.189020] [] ? fifo_open+0x15d/0xa00 [ 42.194543] [] mutex_lock_nested+0xc1/0xb80 [ 42.200499] [] ? fifo_open+0x15d/0xa00 [ 42.206020] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 42.212763] [] ? mutex_trylock+0x500/0x500 [ 42.218623] [] ? fifo_open+0x24d/0xa00 [ 42.224139] [] ? fifo_open+0x28c/0xa00 [ 42.229655] [] fifo_open+0x15d/0xa00 [ 42.234999] [] do_dentry_open+0x38f/0xbd0 [ 42.240852] [] ? __inode_permission2+0x9e/0x250 [ 42.247270] [] ? pipe_release+0x250/0x250 [ 42.253043] [] vfs_open+0x10b/0x210 [ 42.258295] [] ? may_open.isra.0+0xe7/0x210 [ 42.264304] [] path_openat+0x136f/0x4470 [ 42.269998] [] ? depot_save_stack+0x1c3/0x5f0 [ 42.276123] [] ? may_open.isra.0+0x210/0x210 [ 42.282207] [] ? kmemdup+0x27/0x60 [ 42.287378] [] ? selinux_cred_prepare+0x43/0xa0 [ 42.293675] [] ? security_prepare_creds+0x83/0xc0 [ 42.300143] [] ? prepare_creds+0x228/0x2b0 [ 42.306017] [] ? prepare_exec_creds+0x12/0xf0 [ 42.312156] [] ? do_execveat_common.isra.0+0x2d6/0x1e90 [ 42.319154] [] ? do_fast_syscall_32+0x32d/0xa90 [ 42.325446] [] ? kasan_kmalloc+0xb7/0xd0 [ 42.331134] [] ? kasan_slab_alloc+0xf/0x20 [ 42.336997] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 42.343033] [] ? prepare_creds+0x28/0x2b0 [ 42.348815] [] ? prepare_exec_creds+0x12/0xf0 [ 42.354957] [] do_filp_open+0x1a1/0x270 [ 42.360558] [] ? save_stack_trace+0x26/0x50 [ 42.366503] [] ? user_path_mountpoint_at+0x50/0x50 [ 42.373056] [] ? compat_SyS_execve+0x48/0x60 [ 42.379210] [] ? do_fast_syscall_32+0x32d/0xa90 [ 42.385511] [] ? sysenter_flags_fixed+0xd/0x1a [ 42.391722] [] ? __lock_acquire+0xa4f/0x4f50 [ 42.397762] [] ? trace_hardirqs_on+0x10/0x10 [ 42.403800] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 42.410840] [] do_open_execat+0x10c/0x6e0 [ 42.416638] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 42.423372] [] ? setup_arg_pages+0x7b0/0x7b0 [ 42.429462] [] ? do_execveat_common.isra.0+0x6b8/0x1e90 [ 42.436462] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 42.443280] [] ? do_execveat_common.isra.0+0x422/0x1e90 [ 42.450275] [] ? __check_object_size+0x222/0x332 [ 42.456664] [] ? strncpy_from_user+0xd1/0x230 [ 42.462875] [] ? prepare_bprm_creds+0x120/0x120 [ 42.469178] [] ? getname_flags+0x232/0x550 [ 42.479519] [] compat_SyS_execve+0x48/0x60 [ 42.485377] [] ? SyS_execveat+0x70/0x70 [ 42.490995] [] do_fast_syscall_32+0x32d/0xa90 [ 42.497116] [] sysenter_flags_fixed+0xd/0x1a