[....] Starting enhanced syslogd: rsyslogd[ 14.557513] audit: type=1400 audit(1544843580.420:4): avc: denied { syslog } for pid=1920 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.128' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 36.521175] [ 36.522998] ====================================================== [ 36.529431] [ INFO: possible circular locking dependency detected ] [ 36.535811] 4.4.167+ #4 Not tainted [ 36.539443] ------------------------------------------------------- [ 36.545828] syz-executor483/2079 is trying to acquire lock: [ 36.551714] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15c/0x9e0 [ 36.560297] [ 36.560297] but task is already holding lock: [ 36.566244] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 [ 36.576387] [ 36.576387] which lock already depends on the new lock. [ 36.576387] [ 36.584795] [ 36.584795] the existing dependency chain (in reverse order) is: [ 36.592529] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 36.598187] [] lock_acquire+0x15e/0x450 [ 36.604480] [] mutex_lock_interruptible_nested+0xd2/0xcc0 [ 36.612299] [] proc_pid_attr_write+0x19e/0x290 [ 36.619229] [] __vfs_write+0x11c/0x3e0 [ 36.625395] [] __kernel_write+0x10a/0x350 [ 36.632048] [] write_pipe_buf+0x15d/0x1f0 [ 36.638474] [] __splice_from_pipe+0x364/0x790 [ 36.645257] [] splice_from_pipe+0xf9/0x170 [ 36.651905] [] default_file_splice_write+0x3c/0x80 [ 36.659113] [] SyS_splice+0xde1/0x1430 [ 36.665316] [] do_fast_syscall_32+0x31e/0xa80 [ 36.672088] [] sysenter_flags_fixed+0xd/0x1a [ 36.678766] -> #0 (&pipe->mutex/1){+.+.+.}: [ 36.683843] [] __lock_acquire+0x3cd4/0x5530 [ 36.690444] [] lock_acquire+0x15e/0x450 [ 36.696685] [] mutex_lock_nested+0xc2/0xb60 [ 36.703516] [] fifo_open+0x15c/0x9e0 [ 36.709516] [] do_dentry_open+0x38d/0xbd0 [ 36.715931] [] vfs_open+0x12a/0x210 [ 36.721936] [] path_openat+0xc10/0x3f10 [ 36.728202] [] do_filp_open+0x197/0x270 [ 36.734556] [] do_open_execat+0x10f/0x6f0 [ 36.740988] [] do_execveat_common.isra.14+0x6a1/0x1f00 [ 36.748548] [] compat_SyS_execve+0x48/0x60 [ 36.755065] [] do_fast_syscall_32+0x31e/0xa80 [ 36.761865] [] sysenter_flags_fixed+0xd/0x1a [ 36.768573] [ 36.768573] other info that might help us debug this: [ 36.768573] [ 36.776691] Possible unsafe locking scenario: [ 36.776691] [ 36.782721] CPU0 CPU1 [ 36.787359] ---- ---- [ 36.791998] lock(&sig->cred_guard_mutex); [ 36.796531] lock(&pipe->mutex/1); [ 36.803034] lock(&sig->cred_guard_mutex); [ 36.810086] lock(&pipe->mutex/1); [ 36.814153] [ 36.814153] *** DEADLOCK *** [ 36.814153] [ 36.820260] 1 lock held by syz-executor483/2079: [ 36.825002] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 [ 36.835380] [ 36.835380] stack backtrace: [ 36.839854] CPU: 1 PID: 2079 Comm: syz-executor483 Not tainted 4.4.167+ #4 [ 36.846840] 0000000000000000 770191eb14e301d2 ffff8801d418f460 ffffffff81aa62cd [ 36.854867] ffffffff83ab72b0 ffffffff83ab72b0 ffff8800b7b18000 ffffffff83ab0860 [ 36.863024] ffff8800b7b188e8 ffff8801d418f4b0 ffffffff813a9559 ffff8800b7b18000 [ 36.871181] Call Trace: [ 36.873778] [] dump_stack+0xc1/0x124 [ 36.879117] [] print_circular_bug.cold.31+0x2f6/0x435 [ 36.885947] [] __lock_acquire+0x3cd4/0x5530 [ 36.892035] [] ? trace_hardirqs_on+0x10/0x10 [ 36.898070] [] ? path_openat+0xc10/0x3f10 [ 36.903844] [] ? do_open_execat+0x10f/0x6f0 [ 36.909805] [] ? do_execveat_common.isra.14+0x6a1/0x1f00 [ 36.916912] [] lock_acquire+0x15e/0x450 [ 36.922514] [] ? fifo_open+0x15c/0x9e0 [ 36.928224] [] mutex_lock_nested+0xc2/0xb60 [ 36.934176] [] ? fifo_open+0x15c/0x9e0 [ 36.939689] [] ? check_preemption_disabled+0x3b/0x200 [ 36.946503] [] ? lockdep_init_map+0x110/0x1630 [ 36.952713] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 36.959576] [] ? mutex_trylock+0x4f0/0x4f0 [ 36.965441] [] ? fifo_open+0x24e/0x9e0 [ 36.970955] [] ? fifo_open+0x28d/0x9e0 [ 36.976469] [] fifo_open+0x15c/0x9e0 [ 36.981808] [] do_dentry_open+0x38d/0xbd0 [ 36.987583] [] ? __inode_permission2+0x9b/0x240 [ 36.993878] [] ? pipe_release+0x250/0x250 [ 36.999651] [] vfs_open+0x12a/0x210 [ 37.004903] [] ? may_open.isra.19+0x156/0x240 [ 37.011023] [] path_openat+0xc10/0x3f10 [ 37.016631] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 37.023472] [] ? may_open.isra.19+0x240/0x240 [ 37.029602] [] ? kasan_kmalloc.part.1+0xc9/0xf0 [ 37.035895] [] ? save_stack_trace+0x26/0x50 [ 37.041842] [] ? kasan_kmalloc.part.1+0x62/0xf0 [ 37.048134] [] ? kasan_kmalloc+0xaf/0xc0 [ 37.053820] [] ? __kmalloc_track_caller+0xf1/0x2e0 [ 37.060391] [] ? kmemdup+0x24/0x50 [ 37.065559] [] ? selinux_cred_prepare+0x43/0xa0 [ 37.071856] [] ? security_prepare_creds+0x83/0xc0 [ 37.078354] [] ? prepare_creds+0x222/0x2a0 [ 37.084374] [] ? prepare_exec_creds+0x11/0xf0 [ 37.090594] [] ? prepare_bprm_creds+0x67/0x110 [ 37.096814] [] ? compat_SyS_execve+0x48/0x60 [ 37.102858] [] ? do_fast_syscall_32+0x31e/0xa80 [ 37.109168] [] ? sysenter_flags_fixed+0xd/0x1a [ 37.115396] [] ? save_stack_trace+0x26/0x50 [ 37.121347] [] ? kasan_kmalloc+0xaf/0xc0 [ 37.127029] [] ? kasan_slab_alloc+0x12/0x20 [ 37.132977] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 37.139015] [] ? prepare_creds+0x28/0x2a0 [ 37.144786] [] ? prepare_exec_creds+0x11/0xf0 [ 37.151027] [] ? prepare_bprm_creds+0x67/0x110 [ 37.157255] [] ? do_execveat_common.isra.14+0x2d8/0x1f00 [ 37.164354] [] ? sysenter_flags_fixed+0xd/0x1a [ 37.170574] [] ? save_stack_trace+0x26/0x50 [ 37.176622] [] do_filp_open+0x197/0x270 [ 37.182323] [] ? user_path_mountpoint_at+0x70/0x70 [ 37.188884] [] ? trace_hardirqs_on+0x10/0x10 [ 37.194921] [] ? rcu_read_lock_sched_held+0x103/0x120 [ 37.201741] [] do_open_execat+0x10f/0x6f0 [ 37.207516] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 37.214245] [] ? setup_arg_pages+0x7a0/0x7a0 [ 37.220294] [] do_execveat_common.isra.14+0x6a1/0x1f00 [ 37.227201] [] ? do_execveat_common.isra.14+0x3db/0x1f00 [ 37.234281] [] ? prepare_bprm_creds+0x110/0x110 [ 37.240589] [] ? getname_flags+0x229/0x550 [ 37.246567] [] compat_SyS_execve+0x48/0x60 [ 37.252432] [] ? SyS_execveat+0x70/0x70 [ 37.258033] [] do_fast_syscall_32+0x31e/0xa80 [ 37.264155] [] sysenter_flags_fixed+0xd/0x1a