[....] Starting enhanced syslogd: rsyslogd[ 13.774439] audit: type=1400 audit(1547466362.910:4): avc: denied { syslog } for pid=1922 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 38.474508] [ 38.476237] ====================================================== [ 38.482523] [ INFO: possible circular locking dependency detected ] [ 38.488912] 4.4.170+ #4 Not tainted [ 38.492524] ------------------------------------------------------- [ 38.498901] syz-executor174/2083 is trying to acquire lock: [ 38.504598] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 [ 38.513154] [ 38.513154] but task is already holding lock: [ 38.519093] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 38.528959] [ 38.528959] which lock already depends on the new lock. [ 38.528959] [ 38.537278] [ 38.537278] the existing dependency chain (in reverse order) is: [ 38.544966] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 38.550631] [] lock_acquire+0x15e/0x450 [ 38.556870] [] mutex_lock_interruptible_nested+0xd2/0xce0 [ 38.564696] [] proc_pid_attr_write+0x1a8/0x2a0 [ 38.571546] [] __vfs_write+0x116/0x3d0 [ 38.577755] [] __kernel_write+0x112/0x370 [ 38.584168] [] write_pipe_buf+0x15d/0x1f0 [ 38.590604] [] __splice_from_pipe+0x37e/0x7a0 [ 38.597358] [] splice_from_pipe+0x108/0x170 [ 38.603942] [] default_file_splice_write+0x3c/0x80 [ 38.611138] [] SyS_splice+0xd71/0x13a0 [ 38.617290] [] do_fast_syscall_32+0x32d/0xa90 [ 38.624066] [] sysenter_flags_fixed+0xd/0x1a [ 38.630754] -> #0 (&pipe->mutex/1){+.+.+.}: [ 38.635814] [] __lock_acquire+0x37d6/0x4f50 [ 38.642400] [] lock_acquire+0x15e/0x450 [ 38.648654] [] mutex_lock_nested+0xc1/0xb80 [ 38.655253] [] fifo_open+0x15d/0xa00 [ 38.661238] [] do_dentry_open+0x38f/0xbd0 [ 38.667647] [] vfs_open+0x10b/0x210 [ 38.673544] [] path_openat+0x136f/0x4470 [ 38.679878] [] do_filp_open+0x1a1/0x270 [ 38.686114] [] do_open_execat+0x10c/0x6e0 [ 38.692519] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 38.699974] [] compat_SyS_execve+0x48/0x60 [ 38.706469] [] do_fast_syscall_32+0x32d/0xa90 [ 38.713228] [] sysenter_flags_fixed+0xd/0x1a [ 38.719904] [ 38.719904] other info that might help us debug this: [ 38.719904] [ 38.728026] Possible unsafe locking scenario: [ 38.728026] [ 38.734056] CPU0 CPU1 [ 38.738698] ---- ---- [ 38.743334] lock(&sig->cred_guard_mutex); [ 38.747888] lock(&pipe->mutex/1); [ 38.754380] lock(&sig->cred_guard_mutex); [ 38.761447] lock(&pipe->mutex/1); [ 38.765459] [ 38.765459] *** DEADLOCK *** [ 38.765459] [ 38.771490] 1 lock held by syz-executor174/2083: [ 38.776221] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 38.786592] [ 38.786592] stack backtrace: [ 38.791058] CPU: 0 PID: 2083 Comm: syz-executor174 Not tainted 4.4.170+ #4 [ 38.798054] 0000000000000000 a387b8da4ee3c28a ffff8801d47d74c0 ffffffff81aaddc1 [ 38.806034] ffffffff84055a80 ffff8800b7144740 ffffffff83abb100 ffffffff83ab4500 [ 38.814012] ffffffff83abb100 ffff8801d47d7510 ffffffff813abad4 ffff8801d47d75f0 [ 38.822025] Call Trace: [ 38.824618] [] dump_stack+0xc1/0x120 [ 38.829958] [] print_circular_bug.cold+0x2f7/0x44e [ 38.836530] [] __lock_acquire+0x37d6/0x4f50 [ 38.842527] [] ? trace_hardirqs_on+0x10/0x10 [ 38.848581] [] ? do_filp_open+0x1a1/0x270 [ 38.854371] [] ? do_execveat_common.isra.0+0x6f6/0x1e90 [ 38.861370] [] ? compat_SyS_execve+0x48/0x60 [ 38.867403] [] ? do_fast_syscall_32+0x32d/0xa90 [ 38.873696] [] ? sysenter_flags_fixed+0xd/0x1a [ 38.879903] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 38.886665] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 38.893394] [] lock_acquire+0x15e/0x450 [ 38.899005] [] ? fifo_open+0x15d/0xa00 [ 38.904521] [] ? fifo_open+0x15d/0xa00 [ 38.910052] [] mutex_lock_nested+0xc1/0xb80 [ 38.916000] [] ? fifo_open+0x15d/0xa00 [ 38.921513] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 38.928241] [] ? mutex_trylock+0x500/0x500 [ 38.934099] [] ? fifo_open+0x24d/0xa00 [ 38.939622] [] ? fifo_open+0x28c/0xa00 [ 38.945132] [] fifo_open+0x15d/0xa00 [ 38.950483] [] do_dentry_open+0x38f/0xbd0 [ 38.956253] [] ? __inode_permission2+0x9e/0x250 [ 38.962548] [] ? pipe_release+0x250/0x250 [ 38.968315] [] vfs_open+0x10b/0x210 [ 38.973561] [] ? may_open.isra.0+0xe7/0x210 [ 38.979506] [] path_openat+0x136f/0x4470 [ 38.985195] [] ? depot_save_stack+0x1c3/0x5f0 [ 38.991314] [] ? may_open.isra.0+0x210/0x210 [ 38.997346] [] ? kmemdup+0x27/0x60 [ 39.002508] [] ? selinux_cred_prepare+0x43/0xa0 [ 39.008798] [] ? security_prepare_creds+0x83/0xc0 [ 39.015437] [] ? prepare_creds+0x228/0x2b0 [ 39.021292] [] ? prepare_exec_creds+0x12/0xf0 [ 39.027409] [] ? do_execveat_common.isra.0+0x2d6/0x1e90 [ 39.034400] [] ? do_fast_syscall_32+0x32d/0xa90 [ 39.040700] [] ? kasan_kmalloc+0xb7/0xd0 [ 39.046381] [] ? kasan_slab_alloc+0xf/0x20 [ 39.052234] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 39.058260] [] ? prepare_creds+0x28/0x2b0 [ 39.064022] [] ? prepare_exec_creds+0x12/0xf0 [ 39.070135] [] do_filp_open+0x1a1/0x270 [ 39.075730] [] ? save_stack_trace+0x26/0x50 [ 39.081671] [] ? user_path_mountpoint_at+0x50/0x50 [ 39.088220] [] ? compat_SyS_execve+0x48/0x60 [ 39.094270] [] ? do_fast_syscall_32+0x32d/0xa90 [ 39.100568] [] ? sysenter_flags_fixed+0xd/0x1a [ 39.106767] [] ? __lock_acquire+0xa4f/0x4f50 [ 39.112795] [] ? trace_hardirqs_on+0x10/0x10 [ 39.118822] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 39.125627] [] do_open_execat+0x10c/0x6e0 [ 39.131402] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 39.138136] [] ? setup_arg_pages+0x7b0/0x7b0 [ 39.144178] [] ? do_execveat_common.isra.0+0x6b8/0x1e90 [ 39.151282] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 39.158093] [] ? do_execveat_common.isra.0+0x422/0x1e90 [ 39.165077] [] ? __check_object_size+0x222/0x332 [ 39.171484] [] ? strncpy_from_user+0xe1/0x230 [ 39.177629] [] ? prepare_bprm_creds+0x120/0x120 [ 39.183913] [] ? getname_flags+0x232/0x550 [ 39.189770] [] compat_SyS_execve+0x48/0x60 [ 39.195627] [] ? SyS_execveat+0x70/0x70 [ 39.201242] [] do_fast_syscall_32+0x32d/0xa90 [ 39.207362] [] sysenter_flags_fixed+0xd/0x1a