[....] Starting enhanced syslogd: rsyslogd[ 12.808529] audit: type=1400 audit(1546275467.883:4): avc: denied { syslog } for pid=1918 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.429864] [ 27.431497] ====================================================== [ 27.437784] [ INFO: possible circular locking dependency detected ] [ 27.444189] 4.4.169+ #1 Not tainted [ 27.447785] ------------------------------------------------------- [ 27.454160] syz-executor000/2072 is trying to acquire lock: [ 27.459840] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 [ 27.468379] [ 27.468379] but task is already holding lock: [ 27.474320] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 27.484138] [ 27.484138] which lock already depends on the new lock. [ 27.484138] [ 27.492431] [ 27.492431] the existing dependency chain (in reverse order) is: [ 27.500052] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 27.505712] [] lock_acquire+0x15e/0x450 [ 27.511953] [] mutex_lock_interruptible_nested+0xd2/0xce0 [ 27.519761] [] proc_pid_attr_write+0x1a8/0x2a0 [ 27.526610] [] __vfs_write+0x116/0x3d0 [ 27.532760] [] __kernel_write+0x112/0x370 [ 27.539187] [] write_pipe_buf+0x15d/0x1f0 [ 27.545602] [] __splice_from_pipe+0x37e/0x7a0 [ 27.552378] [] splice_from_pipe+0x108/0x170 [ 27.558965] [] default_file_splice_write+0x3c/0x80 [ 27.566159] [] SyS_splice+0xd71/0x13a0 [ 27.572327] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 27.579517] -> #0 (&pipe->mutex/1){+.+.+.}: [ 27.584602] [] __lock_acquire+0x37d6/0x4f50 [ 27.591199] [] lock_acquire+0x15e/0x450 [ 27.597634] [] mutex_lock_nested+0xc1/0xb80 [ 27.604218] [] fifo_open+0x15d/0xa00 [ 27.610191] [] do_dentry_open+0x38f/0xbd0 [ 27.616604] [] vfs_open+0x10b/0x210 [ 27.622491] [] path_openat+0x136f/0x4470 [ 27.628808] [] do_filp_open+0x1a1/0x270 [ 27.635040] [] do_open_execat+0x10c/0x6e0 [ 27.641453] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 27.648906] [] SyS_execve+0x42/0x50 [ 27.654812] [] return_from_execve+0x0/0x23 [ 27.661325] [ 27.661325] other info that might help us debug this: [ 27.661325] [ 27.669436] Possible unsafe locking scenario: [ 27.669436] [ 27.675464] CPU0 CPU1 [ 27.680098] ---- ---- [ 27.684734] lock(&sig->cred_guard_mutex); [ 27.689263] lock(&pipe->mutex/1); [ 27.695735] lock(&sig->cred_guard_mutex); [ 27.702779] lock(&pipe->mutex/1); [ 27.706731] [ 27.706731] *** DEADLOCK *** [ 27.706731] [ 27.712759] 1 lock held by syz-executor000/2072: [ 27.717483] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 27.727849] [ 27.727849] stack backtrace: [ 27.732316] CPU: 1 PID: 2072 Comm: syz-executor000 Not tainted 4.4.169+ #1 [ 27.739296] 0000000000000000 7ca5238fff84e210 ffff8801d426f530 ffffffff81aab9c1 [ 27.747288] ffffffff84055ac0 ffff8801d59b97c0 ffffffff83abb100 ffffffff83ab46b0 [ 27.755269] ffffffff83abb100 ffff8801d426f580 ffffffff813abaf4 ffff8801d426f660 [ 27.763259] Call Trace: [ 27.765818] [] dump_stack+0xc1/0x120 [ 27.771154] [] print_circular_bug.cold+0x2f7/0x44e [ 27.777705] [] __lock_acquire+0x37d6/0x4f50 [ 27.783649] [] ? trace_hardirqs_on+0x10/0x10 [ 27.789680] [] ? do_filp_open+0x1a1/0x270 [ 27.795450] [] ? do_execveat_common.isra.0+0x6f6/0x1e90 [ 27.802435] [] ? SyS_execve+0x42/0x50 [ 27.807854] [] ? stub_execve+0x5/0x5 [ 27.813193] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 27.819917] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 27.826647] [] lock_acquire+0x15e/0x450 [ 27.832256] [] ? fifo_open+0x15d/0xa00 [ 27.837782] [] ? fifo_open+0x15d/0xa00 [ 27.843289] [] mutex_lock_nested+0xc1/0xb80 [ 27.849230] [] ? fifo_open+0x15d/0xa00 [ 27.854737] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 27.861460] [] ? mutex_trylock+0x500/0x500 [ 27.867317] [] ? fifo_open+0x24d/0xa00 [ 27.872823] [] ? fifo_open+0x28c/0xa00 [ 27.878333] [] fifo_open+0x15d/0xa00 [ 27.883684] [] do_dentry_open+0x38f/0xbd0 [ 27.889454] [] ? __inode_permission2+0x9e/0x250 [ 27.895744] [] ? pipe_release+0x250/0x250 [ 27.901514] [] vfs_open+0x10b/0x210 [ 27.906759] [] ? may_open.isra.0+0xe7/0x210 [ 27.912704] [] path_openat+0x136f/0x4470 [ 27.918390] [] ? depot_save_stack+0x1c3/0x5f0 [ 27.924505] [] ? may_open.isra.0+0x210/0x210 [ 27.930547] [] ? kmemdup+0x27/0x60 [ 27.935713] [] ? selinux_cred_prepare+0x43/0xa0 [ 27.942008] [] ? security_prepare_creds+0x83/0xc0 [ 27.948475] [] ? prepare_creds+0x228/0x2b0 [ 27.954358] [] ? prepare_exec_creds+0x12/0xf0 [ 27.960489] [] ? do_execveat_common.isra.0+0x2d6/0x1e90 [ 27.967474] [] ? stub_execve+0x5/0x5 [ 27.972824] [] ? kasan_kmalloc+0xb7/0xd0 [ 27.978505] [] ? kasan_slab_alloc+0xf/0x20 [ 27.984363] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 27.990395] [] ? prepare_creds+0x28/0x2b0 [ 27.996163] [] ? prepare_exec_creds+0x12/0xf0 [ 28.002280] [] do_filp_open+0x1a1/0x270 [ 28.007877] [] ? save_stack_trace+0x26/0x50 [ 28.013819] [] ? user_path_mountpoint_at+0x50/0x50 [ 28.020372] [] ? SyS_execve+0x42/0x50 [ 28.025807] [] ? stub_execve+0x5/0x5 [ 28.031148] [] ? __lock_acquire+0xa4f/0x4f50 [ 28.037179] [] ? trace_hardirqs_on+0x10/0x10 [ 28.043241] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 28.050071] [] do_open_execat+0x10c/0x6e0 [ 28.055841] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 28.062567] [] ? setup_arg_pages+0x7b0/0x7b0 [ 28.068601] [] ? do_execveat_common.isra.0+0x6b8/0x1e90 [ 28.075585] [] do_execveat_common.isra.0+0x6f6/0x1e90 [