[....] Starting enhanced syslogd: rsyslogd[ 13.566913] audit: type=1400 audit(1546390143.452:4): avc: denied { syslog } for pid=1920 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.877113] [ 32.878877] ====================================================== [ 32.885167] [ INFO: possible circular locking dependency detected ] [ 32.891548] 4.4.169+ #1 Not tainted [ 32.895154] ------------------------------------------------------- [ 32.901540] syz-executor474/2072 is trying to acquire lock: [ 32.907224] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 [ 32.915775] [ 32.915775] but task is already holding lock: [ 32.921722] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 32.931567] [ 32.931567] which lock already depends on the new lock. [ 32.931567] [ 32.939863] [ 32.939863] the existing dependency chain (in reverse order) is: [ 32.947469] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 32.953117] [] lock_acquire+0x15e/0x450 [ 32.959377] [] mutex_lock_interruptible_nested+0xd2/0xce0 [ 32.967186] [] proc_pid_attr_write+0x1a8/0x2a0 [ 32.974045] [] __vfs_write+0x116/0x3d0 [ 32.980330] [] __kernel_write+0x112/0x370 [ 32.986756] [] write_pipe_buf+0x15d/0x1f0 [ 32.993178] [] __splice_from_pipe+0x37e/0x7a0 [ 32.999951] [] splice_from_pipe+0x108/0x170 [ 33.006547] [] default_file_splice_write+0x3c/0x80 [ 33.013755] [] SyS_splice+0xd71/0x13a0 [ 33.019926] [] do_fast_syscall_32+0x32d/0xa90 [ 33.026701] [] sysenter_flags_fixed+0xd/0x1a [ 33.033381] -> #0 (&pipe->mutex/1){+.+.+.}: [ 33.038463] [] __lock_acquire+0x37d6/0x4f50 [ 33.045066] [] lock_acquire+0x15e/0x450 [ 33.051309] [] mutex_lock_nested+0xc1/0xb80 [ 33.057898] [] fifo_open+0x15d/0xa00 [ 33.063884] [] do_dentry_open+0x38f/0xbd0 [ 33.070440] [] vfs_open+0x10b/0x210 [ 33.076336] [] path_openat+0x136f/0x4470 [ 33.082686] [] do_filp_open+0x1a1/0x270 [ 33.088940] [] do_open_execat+0x10c/0x6e0 [ 33.095364] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 33.102841] [] compat_SyS_execve+0x48/0x60 [ 33.109462] [] do_fast_syscall_32+0x32d/0xa90 [ 33.116230] [] sysenter_flags_fixed+0xd/0x1a [ 33.122941] [ 33.122941] other info that might help us debug this: [ 33.122941] [ 33.131065] Possible unsafe locking scenario: [ 33.131065] [ 33.137105] CPU0 CPU1 [ 33.141749] ---- ---- [ 33.146385] lock(&sig->cred_guard_mutex); [ 33.150922] lock(&pipe->mutex/1); [ 33.157420] lock(&sig->cred_guard_mutex); [ 33.164472] lock(&pipe->mutex/1); [ 33.168440] [ 33.168440] *** DEADLOCK *** [ 33.168440] [ 33.174476] 1 lock held by syz-executor474/2072: [ 33.179205] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 33.189599] [ 33.189599] stack backtrace: [ 33.194077] CPU: 0 PID: 2072 Comm: syz-executor474 Not tainted 4.4.169+ #1 [ 33.201074] 0000000000000000 2aeeab8f14fa14a2 ffff8800b688f4c0 ffffffff81aab9c1 [ 33.209076] ffffffff84055ac0 ffff8800b7bb97c0 ffffffff83abb2b0 ffffffff83ab4860 [ 33.217075] ffffffff83abb2b0 ffff8800b688f510 ffffffff813abaf4 ffff8800b688f5f0 [ 33.225106] Call Trace: [ 33.227681] [] dump_stack+0xc1/0x120 [ 33.233026] [] print_circular_bug.cold+0x2f7/0x44e [ 33.239580] [] __lock_acquire+0x37d6/0x4f50 [ 33.245549] [] ? trace_hardirqs_on+0x10/0x10 [ 33.251588] [] ? do_filp_open+0x1a1/0x270 [ 33.257380] [] ? do_execveat_common.isra.0+0x6f6/0x1e90 [ 33.264364] [] ? compat_SyS_execve+0x48/0x60 [ 33.270395] [] ? do_fast_syscall_32+0x32d/0xa90 [ 33.276689] [] ? sysenter_flags_fixed+0xd/0x1a [ 33.282893] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 33.289624] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 33.296358] [] lock_acquire+0x15e/0x450 [ 33.301966] [] ? fifo_open+0x15d/0xa00 [ 33.307493] [] ? fifo_open+0x15d/0xa00 [ 33.313012] [] mutex_lock_nested+0xc1/0xb80 [ 33.318964] [] ? fifo_open+0x15d/0xa00 [ 33.324481] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 33.331328] [] ? mutex_trylock+0x500/0x500 [ 33.337197] [] ? fifo_open+0x24d/0xa00 [ 33.342715] [] ? fifo_open+0x28c/0xa00 [ 33.348233] [] fifo_open+0x15d/0xa00 [ 33.353580] [] do_dentry_open+0x38f/0xbd0 [ 33.359449] [] ? __inode_permission2+0x9e/0x250 [ 33.365754] [] ? pipe_release+0x250/0x250 [ 33.371531] [] vfs_open+0x10b/0x210 [ 33.376785] [] ? may_open.isra.0+0xe7/0x210 [ 33.382739] [] path_openat+0x136f/0x4470 [ 33.388434] [] ? depot_save_stack+0x1c3/0x5f0 [ 33.394567] [] ? may_open.isra.0+0x210/0x210 [ 33.400658] [] ? kmemdup+0x27/0x60 [ 33.405836] [] ? selinux_cred_prepare+0x43/0xa0 [ 33.412137] [] ? security_prepare_creds+0x83/0xc0 [ 33.418626] [] ? prepare_creds+0x228/0x2b0 [ 33.424521] [] ? prepare_exec_creds+0x12/0xf0 [ 33.430652] [] ? do_execveat_common.isra.0+0x2d6/0x1e90 [ 33.437672] [] ? do_fast_syscall_32+0x32d/0xa90 [ 33.443978] [] ? kasan_kmalloc+0xb7/0xd0 [ 33.449672] [] ? kasan_slab_alloc+0xf/0x20 [ 33.455628] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 33.461680] [] ? prepare_creds+0x28/0x2b0 [ 33.467462] [] ? prepare_exec_creds+0x12/0xf0 [ 33.473716] [] do_filp_open+0x1a1/0x270 [ 33.479325] [] ? save_stack_trace+0x26/0x50 [ 33.485279] [] ? user_path_mountpoint_at+0x50/0x50 [ 33.491841] [] ? compat_SyS_execve+0x48/0x60 [ 33.497885] [] ? do_fast_syscall_32+0x32d/0xa90 [ 33.504187] [] ? sysenter_flags_fixed+0xd/0x1a [ 33.510403] [] ? __lock_acquire+0xa4f/0x4f50 [ 33.516458] [] ? trace_hardirqs_on+0x10/0x10 [ 33.522542] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 33.529379] [] do_open_execat+0x10c/0x6e0 [ 33.535170] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 33.541909] [] ? setup_arg_pages+0x7b0/0x7b0 [ 33.547960] [] ? do_execveat_common.isra.0+0x6b8/0x1e90 [ 33.554967] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 33.561789] [] ? do_execveat_common.isra.0+0x422/0x1e90 [ 33.568916] [] ? __check_object_size+0x222/0x332 [ 33.575395] [] ? strncpy_from_user+0xe1/0x230 [ 33.581530] [] ? prepare_bprm_creds+0x120/0x120 [ 33.587829] [] ? getname_flags+0x232/0x550 [ 33.593689] [] compat_SyS_execve+0x48/0x60 [ 33.599551] [] ? SyS_execveat+0x70/0x70 [ 33.605155] [] do_fast_syscall_32+0x32d/0xa90 [ 33.611281] [] sysenter_flags_fixed+0xd/0x1a