[....] Starting enhanced syslogd: rsyslogd[ 13.363416] audit: type=1400 audit(1547466321.347:4): avc: denied { syslog } for pid=1921 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.23' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 36.827455] [ 36.829096] ====================================================== [ 36.835400] [ INFO: possible circular locking dependency detected ] [ 36.841777] 4.4.170+ #4 Not tainted [ 36.845387] ------------------------------------------------------- [ 36.851762] syz-executor281/2081 is trying to acquire lock: [ 36.857442] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 [ 36.866016] [ 36.866016] but task is already holding lock: [ 36.871961] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 36.881803] [ 36.881803] which lock already depends on the new lock. [ 36.881803] [ 36.890090] [ 36.890090] the existing dependency chain (in reverse order) is: [ 36.897710] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 36.903397] [] lock_acquire+0x15e/0x450 [ 36.909652] [] mutex_lock_interruptible_nested+0xd2/0xce0 [ 36.917469] [] proc_pid_attr_write+0x1a8/0x2a0 [ 36.924315] [] __vfs_write+0x116/0x3d0 [ 36.930465] [] __kernel_write+0x112/0x370 [ 36.936930] [] write_pipe_buf+0x15d/0x1f0 [ 36.943348] [] __splice_from_pipe+0x37e/0x7a0 [ 36.950104] [] splice_from_pipe+0x108/0x170 [ 36.956691] [] default_file_splice_write+0x3c/0x80 [ 36.963882] [] SyS_splice+0xd71/0x13a0 [ 36.970164] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 36.977369] -> #0 (&pipe->mutex/1){+.+.+.}: [ 36.982462] [] __lock_acquire+0x37d6/0x4f50 [ 36.989080] [] lock_acquire+0x15e/0x450 [ 36.995408] [] mutex_lock_nested+0xc1/0xb80 [ 37.001993] [] fifo_open+0x15d/0xa00 [ 37.007973] [] do_dentry_open+0x38f/0xbd0 [ 37.014380] [] vfs_open+0x10b/0x210 [ 37.020297] [] path_openat+0x136f/0x4470 [ 37.026617] [] do_filp_open+0x1a1/0x270 [ 37.032868] [] do_open_execat+0x10c/0x6e0 [ 37.039303] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 37.046762] [] SyS_execve+0x42/0x50 [ 37.052664] [] return_from_execve+0x0/0x23 [ 37.059175] [ 37.059175] other info that might help us debug this: [ 37.059175] [ 37.067300] Possible unsafe locking scenario: [ 37.067300] [ 37.073327] CPU0 CPU1 [ 37.077959] ---- ---- [ 37.082599] lock(&sig->cred_guard_mutex); [ 37.087142] lock(&pipe->mutex/1); [ 37.093617] lock(&sig->cred_guard_mutex); [ 37.100659] lock(&pipe->mutex/1); [ 37.104627] [ 37.104627] *** DEADLOCK *** [ 37.104627] [ 37.110668] 1 lock held by syz-executor281/2081: [ 37.115392] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 37.125765] [ 37.125765] stack backtrace: [ 37.130232] CPU: 1 PID: 2081 Comm: syz-executor281 Not tainted 4.4.170+ #4 [ 37.137215] 0000000000000000 21fd25c7d1e52f19 ffff8801d42c7530 ffffffff81aaddc1 [ 37.145231] ffffffff84055a80 ffff8800b700df00 ffffffff83abb100 ffffffff83ab46b0 [ 37.153239] ffffffff83abb100 ffff8801d42c7580 ffffffff813abad4 ffff8801d42c7660 [ 37.161214] Call Trace: [ 37.163776] [] dump_stack+0xc1/0x120 [ 37.169128] [] print_circular_bug.cold+0x2f7/0x44e [ 37.175683] [] __lock_acquire+0x37d6/0x4f50 [ 37.181627] [] ? trace_hardirqs_on+0x10/0x10 [ 37.187689] [] ? do_filp_open+0x1a1/0x270 [ 37.193577] [] ? do_execveat_common.isra.0+0x6f6/0x1e90 [ 37.200573] [] ? SyS_execve+0x42/0x50 [ 37.206004] [] ? stub_execve+0x5/0x5 [ 37.211348] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 37.218073] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 37.224799] [] lock_acquire+0x15e/0x450 [ 37.230399] [] ? fifo_open+0x15d/0xa00 [ 37.235921] [] ? fifo_open+0x15d/0xa00 [ 37.241571] [] mutex_lock_nested+0xc1/0xb80 [ 37.247526] [] ? fifo_open+0x15d/0xa00 [ 37.253078] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 37.259828] [] ? mutex_trylock+0x500/0x500 [ 37.265683] [] ? fifo_open+0x24d/0xa00 [ 37.271197] [] ? fifo_open+0x28c/0xa00 [ 37.276715] [] fifo_open+0x15d/0xa00 [ 37.282053] [] do_dentry_open+0x38f/0xbd0 [ 37.287840] [] ? __inode_permission2+0x9e/0x250 [ 37.294129] [] ? pipe_release+0x250/0x250 [ 37.299898] [] vfs_open+0x10b/0x210 [ 37.305174] [] ? may_open.isra.0+0xe7/0x210 [ 37.311132] [] path_openat+0x136f/0x4470 [ 37.316819] [] ? depot_save_stack+0x1c3/0x5f0 [ 37.322967] [] ? may_open.isra.0+0x210/0x210 [ 37.329029] [] ? kmemdup+0x27/0x60 [ 37.334194] [] ? selinux_cred_prepare+0x43/0xa0 [ 37.340483] [] ? security_prepare_creds+0x83/0xc0 [ 37.346950] [] ? prepare_creds+0x228/0x2b0 [ 37.352808] [] ? prepare_exec_creds+0x12/0xf0 [ 37.358957] [] ? do_execveat_common.isra.0+0x2d6/0x1e90 [ 37.365942] [] ? stub_execve+0x5/0x5 [ 37.371300] [] ? kasan_kmalloc+0xb7/0xd0 [ 37.376985] [] ? kasan_slab_alloc+0xf/0x20 [ 37.382856] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 37.388895] [] ? prepare_creds+0x28/0x2b0 [ 37.394667] [] ? prepare_exec_creds+0x12/0xf0 [ 37.400784] [] do_filp_open+0x1a1/0x270 [ 37.406381] [] ? save_stack_trace+0x26/0x50 [ 37.412324] [] ? user_path_mountpoint_at+0x50/0x50 [ 37.418888] [] ? SyS_execve+0x42/0x50 [ 37.424331] [] ? stub_execve+0x5/0x5 [ 37.429667] [] ? __lock_acquire+0xa4f/0x4f50 [ 37.435699] [] ? trace_hardirqs_on+0x10/0x10 [ 37.441755] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 37.448574] [] do_open_execat+0x10c/0x6e0 [ 37.454344] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 37.461067] [] ? setup_arg_pages+0x7b0/0x7b0 [ 37.467099] [] ? do_execveat_common.isra.0+0x6b8/0x1e90 [ 37.474088] [] do_execveat_common.isra.0+0x6f6/0x1e