[....] Starting enhanced syslogd: rsyslogd[ 14.779310] audit: type=1400 audit(1574566384.137:4): avc: denied { syslog } for pid=1920 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.213' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.580775] [ 27.582501] ====================================================== [ 27.588802] [ INFO: possible circular locking dependency detected ] [ 27.595230] 4.4.174+ #17 Not tainted [ 27.599264] ------------------------------------------------------- [ 27.605649] syz-executor620/2074 is trying to acquire lock: [ 27.611335] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 [ 27.620027] [ 27.620027] but task is already holding lock: [ 27.626059] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 27.635928] [ 27.635928] which lock already depends on the new lock. [ 27.635928] [ 27.644221] [ 27.644221] the existing dependency chain (in reverse order) is: [ 27.651838] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 27.657557] [] lock_acquire+0x15e/0x450 [ 27.663803] [] mutex_lock_interruptible_nested+0xd2/0xce0 [ 27.671611] [] proc_pid_attr_write+0x1a8/0x2a0 [ 27.678477] [] __vfs_write+0x116/0x3d0 [ 27.684638] [] __kernel_write+0x112/0x370 [ 27.691056] [] write_pipe_buf+0x15d/0x1f0 [ 27.697476] [] __splice_from_pipe+0x37e/0x7a0 [ 27.704239] [] splice_from_pipe+0x108/0x170 [ 27.710844] [] default_file_splice_write+0x3c/0x80 [ 27.718063] [] SyS_splice+0xd71/0x13a0 [ 27.724220] [] do_fast_syscall_32+0x32d/0xa90 [ 27.731018] [] sysenter_flags_fixed+0xd/0x1a [ 27.737704] -> #0 (&pipe->mutex/1){+.+.+.}: [ 27.742797] [] __lock_acquire+0x37d6/0x4f50 [ 27.749411] [] lock_acquire+0x15e/0x450 [ 27.755683] [] mutex_lock_nested+0xc1/0xb80 [ 27.762289] [] fifo_open+0x15d/0xa00 [ 27.768284] [] do_dentry_open+0x38f/0xbd0 [ 27.774793] [] vfs_open+0x10b/0x210 [ 27.780694] [] path_openat+0x136f/0x4470 [ 27.787035] [] do_filp_open+0x1a1/0x270 [ 27.793296] [] do_open_execat+0x10c/0x6e0 [ 27.799741] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 27.807204] [] compat_SyS_execve+0x48/0x60 [ 27.813713] [] do_fast_syscall_32+0x32d/0xa90 [ 27.820482] [] sysenter_flags_fixed+0xd/0x1a [ 27.827178] [ 27.827178] other info that might help us debug this: [ 27.827178] [ 27.835328] Possible unsafe locking scenario: [ 27.835328] [ 27.841382] CPU0 CPU1 [ 27.846022] ---- ---- [ 27.850663] lock(&sig->cred_guard_mutex); [ 27.855240] lock(&pipe->mutex/1); [ 27.861750] lock(&sig->cred_guard_mutex); [ 27.868843] lock(&pipe->mutex/1); [ 27.872813] [ 27.872813] *** DEADLOCK *** [ 27.872813] [ 27.878849] 1 lock held by syz-executor620/2074: [ 27.883599] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 27.894027] [ 27.894027] stack backtrace: [ 27.898501] CPU: 1 PID: 2074 Comm: syz-executor620 Not tainted 4.4.174+ #17 [ 27.905590] 0000000000000000 64eaad8c5285007b ffff8800b690f4c0 ffffffff81aad1a1 [ 27.913615] ffffffff84057a80 ffff8800b73717c0 ffffffff83abd610 ffffffff83ab6860 [ 27.921613] ffffffff83abd610 ffff8800b690f510 ffffffff813abcda ffff8800b690f5f0 [ 27.929721] Call Trace: [ 27.932295] [] dump_stack+0xc1/0x120 [ 27.937643] [] print_circular_bug.cold+0x2f7/0x44e [ 27.944202] [] __lock_acquire+0x37d6/0x4f50 [ 27.950153] [] ? trace_hardirqs_on+0x10/0x10 [ 27.956187] [] ? do_filp_open+0x1a1/0x270 [ 27.961983] [] ? do_execveat_common.isra.0+0x6f6/0x1e90 [ 27.968971] [] ? compat_SyS_execve+0x48/0x60 [ 27.975008] [] ? do_fast_syscall_32+0x32d/0xa90 [ 27.981318] [] ? sysenter_flags_fixed+0xd/0x1a [ 27.987527] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 27.994256] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 28.000998] [] lock_acquire+0x15e/0x450 [ 28.006599] [] ? fifo_open+0x15d/0xa00 [ 28.012122] [] ? fifo_open+0x15d/0xa00 [ 28.017725] [] mutex_lock_nested+0xc1/0xb80 [ 28.023685] [] ? fifo_open+0x15d/0xa00 [ 28.029222] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 28.035964] [] ? mutex_trylock+0x500/0x500 [ 28.041838] [] ? fifo_open+0x24d/0xa00 [ 28.047363] [] ? fifo_open+0x28c/0xa00 [ 28.052878] [] fifo_open+0x15d/0xa00 [ 28.058222] [] do_dentry_open+0x38f/0xbd0 [ 28.063995] [] ? __inode_permission2+0x9e/0x250 [ 28.070290] [] ? pipe_release+0x250/0x250 [ 28.076062] [] vfs_open+0x10b/0x210 [ 28.081328] [] ? may_open.isra.0+0xe7/0x210 [ 28.087313] [] path_openat+0x136f/0x4470 [ 28.093155] [] ? depot_save_stack+0x1c3/0x5f0 [ 28.099295] [] ? may_open.isra.0+0x210/0x210 [ 28.105339] [] ? kmemdup+0x27/0x60 [ 28.110514] [] ? selinux_cred_prepare+0x43/0xa0 [ 28.116813] [] ? security_prepare_creds+0x83/0xc0 [ 28.123285] [] ? prepare_creds+0x228/0x2b0 [ 28.129164] [] ? prepare_exec_creds+0x12/0xf0 [ 28.135419] [] ? do_execveat_common.isra.0+0x2d6/0x1e90 [ 28.142475] [] ? do_fast_syscall_32+0x32d/0xa90 [ 28.148793] [] ? kasan_kmalloc+0xb7/0xd0 [ 28.154484] [] ? kasan_slab_alloc+0xf/0x20 [ 28.160347] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 28.166385] [] ? prepare_creds+0x28/0x2b0 [ 28.172160] [] ? prepare_exec_creds+0x12/0xf0 [ 28.178282] [] do_filp_open+0x1a1/0x270 [ 28.183883] [] ? save_stack_trace+0x26/0x50 [ 28.189846] [] ? user_path_mountpoint_at+0x50/0x50 [ 28.196422] [] ? compat_SyS_execve+0x48/0x60 [ 28.202544] [] ? do_fast_syscall_32+0x32d/0xa90 [ 28.208854] [] ? sysenter_flags_fixed+0xd/0x1a [ 28.215062] [] ? __lock_acquire+0xa4f/0x4f50 [ 28.221094] [] ? trace_hardirqs_on+0x10/0x10 [ 28.227131] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 28.233947] [] do_open_execat+0x10c/0x6e0 [ 28.239730] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 28.246472] [] ? setup_arg_pages+0x7b0/0x7b0 [ 28.252519] [] ? do_execveat_common.isra.0+0x6b8/0x1e90 [ 28.259524] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 28.266353] [] ? do_execveat_common.isra.0+0x422/0x1e90 [ 28.273362] [] ? __check_object_size+0x222/0x332 [ 28.279744] [] ? strncpy_from_user+0xd1/0x230 [ 28.285866] [] ? prepare_bprm_creds+0x120/0x120 [ 28.292174] [] ? getname_flags+0x232/0x550 [ 28.298036] [] compat_SyS_execve+0x48/0x60 [ 28.304158] [] ? SyS_execveat+0x70/0x70 [ 28.309759] [] do_fast_syscall_32+0x32d/0xa90 [ 28.315896] [] sysenter_flags_fixed+0xd/0x1a