[....] Starting enhanced syslogd: rsyslogd[ 15.028429] audit: type=1400 audit(1545380687.992:4): avc: denied { syslog } for pid=1926 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.139' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 51.284806] [ 51.286550] ====================================================== [ 51.292838] [ INFO: possible circular locking dependency detected ] [ 51.299214] 4.4.168+ #6 Not tainted [ 51.302810] ------------------------------------------------------- [ 51.309187] syz-executor419/2092 is trying to acquire lock: [ 51.314868] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15c/0x9e0 [ 51.323441] [ 51.323441] but task is already holding lock: [ 51.329384] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 [ 51.339259] [ 51.339259] which lock already depends on the new lock. [ 51.339259] [ 51.347548] [ 51.347548] the existing dependency chain (in reverse order) is: [ 51.355144] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 51.360790] [] lock_acquire+0x15e/0x450 [ 51.367029] [] mutex_lock_interruptible_nested+0xd2/0xcc0 [ 51.374849] [] proc_pid_attr_write+0x19e/0x290 [ 51.381698] [] __vfs_write+0x11c/0x3e0 [ 51.387847] [] __kernel_write+0x10a/0x350 [ 51.394262] [] write_pipe_buf+0x15d/0x1f0 [ 51.400676] [] __splice_from_pipe+0x364/0x790 [ 51.407435] [] splice_from_pipe+0xf9/0x170 [ 51.413948] [] default_file_splice_write+0x3c/0x80 [ 51.421173] [] SyS_splice+0xde1/0x1430 [ 51.427328] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 51.434540] -> #0 (&pipe->mutex/1){+.+.+.}: [ 51.439622] [] __lock_acquire+0x3cd4/0x5530 [ 51.446208] [] lock_acquire+0x15e/0x450 [ 51.452458] [] mutex_lock_nested+0xc2/0xb60 [ 51.459071] [] fifo_open+0x15c/0x9e0 [ 51.465050] [] do_dentry_open+0x38d/0xbd0 [ 51.471456] [] vfs_open+0x12a/0x210 [ 51.477339] [] path_openat+0xc10/0x3f10 [ 51.483574] [] do_filp_open+0x197/0x270 [ 51.489928] [] do_open_execat+0x10f/0x6f0 [ 51.496373] [] do_execveat_common.isra.14+0x6a1/0x1f00 [ 51.504099] [] SyS_execve+0x42/0x50 [ 51.509994] [] return_from_execve+0x0/0x23 [ 51.516493] [ 51.516493] other info that might help us debug this: [ 51.516493] [ 51.524606] Possible unsafe locking scenario: [ 51.524606] [ 51.530633] CPU0 CPU1 [ 51.535269] ---- ---- [ 51.539906] lock(&sig->cred_guard_mutex); [ 51.544444] lock(&pipe->mutex/1); [ 51.550942] lock(&sig->cred_guard_mutex); [ 51.558004] lock(&pipe->mutex/1); [ 51.561977] [ 51.561977] *** DEADLOCK *** [ 51.561977] [ 51.568072] 1 lock held by syz-executor419/2092: [ 51.572817] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 [ 51.583207] [ 51.583207] stack backtrace: [ 51.587681] CPU: 0 PID: 2092 Comm: syz-executor419 Not tainted 4.4.168+ #6 [ 51.594674] 0000000000000000 f826c5ec953c17f3 ffff8800b651f4d0 ffffffff81aa636d [ 51.602664] ffffffff83ab92b0 ffffffff83ab92b0 ffff8800b6ee5f00 ffffffff83ab2860 [ 51.610646] ffff8800b6ee67e8 ffff8800b651f520 ffffffff813a9599 ffff8800b6ee5f00 [ 51.618696] Call Trace: [ 51.621266] [] dump_stack+0xc1/0x124 [ 51.626609] [] print_circular_bug.cold.31+0x2f6/0x435 [ 51.633425] [] __lock_acquire+0x3cd4/0x5530 [ 51.639370] [] ? trace_hardirqs_on+0x10/0x10 [ 51.645402] [] ? path_openat+0xc10/0x3f10 [ 51.651176] [] ? do_open_execat+0x10f/0x6f0 [ 51.657124] [] ? do_execveat_common.isra.14+0x6a1/0x1f00 [ 51.664215] [] lock_acquire+0x15e/0x450 [ 51.669814] [] ? fifo_open+0x15c/0x9e0 [ 51.675322] [] mutex_lock_nested+0xc2/0xb60 [ 51.681266] [] ? fifo_open+0x15c/0x9e0 [ 51.686776] [] ? check_preemption_disabled+0x3b/0x200 [ 51.693587] [] ? lockdep_init_map+0x110/0x1630 [ 51.699798] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 51.706523] [] ? mutex_trylock+0x4f0/0x4f0 [ 51.712381] [] ? fifo_open+0x24e/0x9e0 [ 51.717892] [] ? fifo_open+0x28d/0x9e0 [ 51.723522] [] fifo_open+0x15c/0x9e0 [ 51.728860] [] do_dentry_open+0x38d/0xbd0 [ 51.734631] [] ? __inode_permission2+0x9b/0x240 [ 51.740922] [] ? pipe_release+0x250/0x250 [ 51.746693] [] vfs_open+0x12a/0x210 [ 51.751943] [] ? may_open.isra.19+0x156/0x240 [ 51.758063] [] path_openat+0xc10/0x3f10 [ 51.763745] [] ? dump_trace+0x184/0x360 [ 51.769348] [] ? may_open.isra.19+0x240/0x240 [ 51.775464] [] ? kasan_kmalloc.part.1+0xc9/0xf0 [ 51.781755] [] ? save_stack_trace+0x26/0x50 [ 51.787708] [] ? kasan_kmalloc.part.1+0x62/0xf0 [ 51.794006] [] ? kasan_kmalloc+0xaf/0xc0 [ 51.799690] [] ? __kmalloc_track_caller+0xf1/0x2e0 [ 51.806241] [] ? kmemdup+0x24/0x50 [ 51.811406] [] ? selinux_cred_prepare+0x43/0xa0 [ 51.817704] [] ? security_prepare_creds+0x83/0xc0 [ 51.824194] [] ? prepare_creds+0x222/0x2a0 [ 51.830070] [] ? prepare_exec_creds+0x11/0xf0 [ 51.836290] [] ? prepare_bprm_creds+0x67/0x110 [ 51.842497] [] ? SyS_execve+0x42/0x50 [ 51.847922] [] ? stub_execve+0x5/0x5 [ 51.853259] [] ? save_stack_trace+0x26/0x50 [ 51.859222] [] ? kasan_kmalloc+0xaf/0xc0 [ 51.864906] [] ? kasan_slab_alloc+0x12/0x20 [ 51.870848] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 51.876894] [] ? prepare_creds+0x28/0x2a0 [ 51.882674] [] ? prepare_exec_creds+0x11/0xf0 [ 51.888794] [] ? prepare_bprm_creds+0x67/0x110 [ 51.894998] [] ? do_execveat_common.isra.14+0x2d8/0x1f00 [ 51.902073] [] ? save_stack_trace+0x26/0x50 [ 51.908017] [] do_filp_open+0x197/0x270 [ 51.913613] [] ? user_path_mountpoint_at+0x70/0x70 [ 51.920164] [] ? trace_hardirqs_on+0x10/0x10 [ 51.926296] [] ? rcu_read_lock_sched_held+0x103/0x120 [ 51.933121] [] do_open_execat+0x10f/0x6f0 [ 51.938894] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 51.945619] [] ? setup_arg_pages+0x7a0/0x7a0 [ 51.951659] [] do_execveat_common.isra.14+0x6a1/0x1f00 [ 51.958566] [] ? do_execveat_common.isra.14+0x3db/0x1f00 [ 51.965637] [] ? prepare_bprm_creds+0x110/0x110 [ 51.971925] [] ? getname_flags+0x229/0x550 [ 51.977783] [] SyS_execve+0x42/0x50 [ 51.983031] [] stub_execve+0x5/0x5