[....] Starting enhanced syslogd: rsyslogd[ 12.778178] audit: type=1400 audit(1546208647.950:4): avc: denied { syslog } for pid=1913 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.262751] [ 33.264392] ====================================================== [ 33.270681] [ INFO: possible circular locking dependency detected ] [ 33.277052] 4.4.169+ #7 Not tainted [ 33.280645] ------------------------------------------------------- [ 33.287015] syz-executor278/2067 is trying to acquire lock: [ 33.292689] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15c/0x9e0 [ 33.301368] [ 33.301368] but task is already holding lock: [ 33.307303] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 [ 33.317132] [ 33.317132] which lock already depends on the new lock. [ 33.317132] [ 33.325424] [ 33.325424] the existing dependency chain (in reverse order) is: [ 33.333014] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 33.338731] [] lock_acquire+0x15e/0x450 [ 33.344967] [] mutex_lock_interruptible_nested+0xd2/0xcc0 [ 33.352772] [] proc_pid_attr_write+0x19e/0x290 [ 33.359615] [] __vfs_write+0x11c/0x3e0 [ 33.365768] [] __kernel_write+0x10a/0x350 [ 33.372176] [] write_pipe_buf+0x15d/0x1f0 [ 33.378584] [] __splice_from_pipe+0x364/0x790 [ 33.385354] [] splice_from_pipe+0xf9/0x170 [ 33.391845] [] default_file_splice_write+0x3c/0x80 [ 33.399029] [] SyS_splice+0xde1/0x1430 [ 33.405170] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 33.412353] -> #0 (&pipe->mutex/1){+.+.+.}: [ 33.417442] [] __lock_acquire+0x3cd4/0x5530 [ 33.424020] [] lock_acquire+0x15e/0x450 [ 33.430248] [] mutex_lock_nested+0xc2/0xb60 [ 33.436838] [] fifo_open+0x15c/0x9e0 [ 33.442802] [] do_dentry_open+0x38d/0xbd0 [ 33.449233] [] vfs_open+0x12a/0x210 [ 33.455126] [] path_openat+0xc10/0x3f10 [ 33.461357] [] do_filp_open+0x197/0x270 [ 33.467601] [] do_open_execat+0x10f/0x6f0 [ 33.474006] [] do_execveat_common.isra.14+0x6a1/0x1f00 [ 33.481534] [] SyS_execve+0x42/0x50 [ 33.487419] [] return_from_execve+0x0/0x23 [ 33.493915] [ 33.493915] other info that might help us debug this: [ 33.493915] [ 33.502026] Possible unsafe locking scenario: [ 33.502026] [ 33.508051] CPU0 CPU1 [ 33.512688] ---- ---- [ 33.517323] lock(&sig->cred_guard_mutex); [ 33.521855] lock(&pipe->mutex/1); [ 33.528325] lock(&sig->cred_guard_mutex); [ 33.535400] lock(&pipe->mutex/1); [ 33.539350] [ 33.539350] *** DEADLOCK *** [ 33.539350] [ 33.545380] 1 lock held by syz-executor278/2067: [ 33.550111] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 [ 33.560542] [ 33.560542] stack backtrace: [ 33.565042] CPU: 1 PID: 2067 Comm: syz-executor278 Not tainted 4.4.169+ #7 [ 33.572034] 0000000000000000 ae1b562e92a6cdf1 ffff8800b6e474d0 ffffffff81aa635d [ 33.580019] ffffffff83ab9460 ffffffff83ab9460 ffff8801d5fe8000 ffffffff83ab2350 [ 33.587990] ffff8801d5fe88e8 ffff8800b6e47520 ffffffff813a9589 ffff8801d5fe8000 [ 33.596166] Call Trace: [ 33.598724] [] dump_stack+0xc1/0x124 [ 33.604066] [] print_circular_bug.cold.31+0x2f6/0x435 [ 33.610878] [] __lock_acquire+0x3cd4/0x5530 [ 33.616824] [] ? trace_hardirqs_on+0x10/0x10 [ 33.622852] [] ? path_openat+0xc10/0x3f10 [ 33.628623] [] ? do_open_execat+0x10f/0x6f0 [ 33.634565] [] ? do_execveat_common.isra.14+0x6a1/0x1f00 [ 33.641643] [] lock_acquire+0x15e/0x450 [ 33.647235] [] ? fifo_open+0x15c/0x9e0 [ 33.652757] [] mutex_lock_nested+0xc2/0xb60 [ 33.658696] [] ? fifo_open+0x15c/0x9e0 [ 33.664218] [] ? check_preemption_disabled+0x3b/0x200 [ 33.671030] [] ? lockdep_init_map+0x110/0x1630 [ 33.677234] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 33.683963] [] ? mutex_trylock+0x4f0/0x4f0 [ 33.689830] [] ? fifo_open+0x24e/0x9e0 [ 33.695358] [] ? fifo_open+0x28d/0x9e0 [ 33.695363] [] fifo_open+0x15c/0x9e0 [ 33.695371] [] do_dentry_open+0x38d/0xbd0 [ 33.695391] [] ? __inode_permission2+0x9b/0x240 [ 33.695396] [] ? pipe_release+0x250/0x250 [ 33.695400] [] vfs_open+0x12a/0x210 [ 33.695406] [] ? may_open.isra.19+0x156/0x240 [ 33.695411] [] path_openat+0xc10/0x3f10 [ 33.695419] [] ? dump_trace+0x184/0x360 [ 33.695425] [] ? may_open.isra.19+0x240/0x240 [ 33.695431] [] ? kasan_kmalloc.part.1+0xc9/0xf0 [ 33.695437] [] ? save_stack_