[....] Starting enhanced syslogd: rsyslogd[ 13.273904] audit: type=1400 audit(1547200632.326:4): avc: denied { syslog } for pid=1919 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.87' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 31.442200] [ 31.443862] ====================================================== [ 31.450150] [ INFO: possible circular locking dependency detected ] [ 31.456543] 4.4.169+ #3 Not tainted [ 31.460153] ------------------------------------------------------- [ 31.466541] syz-executor007/2071 is trying to acquire lock: [ 31.472222] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 [ 31.480771] [ 31.480771] but task is already holding lock: [ 31.486711] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 31.496523] [ 31.496523] which lock already depends on the new lock. [ 31.496523] [ 31.504810] [ 31.504810] the existing dependency chain (in reverse order) is: [ 31.512404] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 31.518050] [] lock_acquire+0x15e/0x450 [ 31.524298] [] mutex_lock_interruptible_nested+0xd2/0xce0 [ 31.532102] [] proc_pid_attr_write+0x1a8/0x2a0 [ 31.538949] [] __vfs_write+0x116/0x3d0 [ 31.545100] [] __kernel_write+0x112/0x370 [ 31.551513] [] write_pipe_buf+0x15d/0x1f0 [ 31.557923] [] __splice_from_pipe+0x37e/0x7a0 [ 31.564687] [] splice_from_pipe+0x108/0x170 [ 31.571347] [] default_file_splice_write+0x3c/0x80 [ 31.578543] [] SyS_splice+0xd71/0x13a0 [ 31.584716] [] do_fast_syscall_32+0x32d/0xa90 [ 31.591510] [] sysenter_flags_fixed+0xd/0x1a [ 31.598220] -> #0 (&pipe->mutex/1){+.+.+.}: [ 31.603323] [] __lock_acquire+0x37d6/0x4f50 [ 31.609911] [] lock_acquire+0x15e/0x450 [ 31.616152] [] mutex_lock_nested+0xc1/0xb80 [ 31.622738] [] fifo_open+0x15d/0xa00 [ 31.628711] [] do_dentry_open+0x38f/0xbd0 [ 31.635137] [] vfs_open+0x10b/0x210 [ 31.641027] [] path_openat+0x136f/0x4470 [ 31.647361] [] do_filp_open+0x1a1/0x270 [ 31.653597] [] do_open_execat+0x10c/0x6e0 [ 31.660282] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 31.667737] [] compat_SyS_execve+0x48/0x60 [ 31.674237] [] do_fast_syscall_32+0x32d/0xa90 [ 31.681018] [] sysenter_flags_fixed+0xd/0x1a [ 31.687720] [ 31.687720] other info that might help us debug this: [ 31.687720] [ 31.695836] Possible unsafe locking scenario: [ 31.695836] [ 31.701868] CPU0 CPU1 [ 31.706520] ---- ---- [ 31.711156] lock(&sig->cred_guard_mutex); [ 31.715690] lock(&pipe->mutex/1); [ 31.722181] lock(&sig->cred_guard_mutex); [ 31.729225] lock(&pipe->mutex/1); [ 31.733212] [ 31.733212] *** DEADLOCK *** [ 31.733212] [ 31.739243] 1 lock held by syz-executor007/2071: [ 31.743967] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 31.754386] [ 31.754386] stack backtrace: [ 31.758868] CPU: 1 PID: 2071 Comm: syz-executor007 Not tainted 4.4.169+ #3 [ 31.765850] 0000000000000000 b55806068ba0c85e ffff8800b6a474c0 ffffffff81aad191 [ 31.773842] ffffffff84055a80 ffff8800b713df00 ffffffff83abb2b0 ffffffff83ab4860 [ 31.781817] ffffffff83abb2b0 ffff8800b6a47510 ffffffff813abaf4 ffff8800b6a475f0 [ 31.789801] Call Trace: [ 31.792377] [] dump_stack+0xc1/0x120 [ 31.797718] [] print_circular_bug.cold+0x2f7/0x44e [ 31.804270] [] __lock_acquire+0x37d6/0x4f50 [ 31.810215] [] ? trace_hardirqs_on+0x10/0x10 [ 31.816244] [] ? do_filp_open+0x1a1/0x270 [ 31.822014] [] ? do_execveat_common.isra.0+0x6f6/0x1e90 [ 31.829000] [] ? compat_SyS_execve+0x48/0x60 [ 31.835034] [] ? do_fast_syscall_32+0x32d/0xa90 [ 31.841330] [] ? sysenter_flags_fixed+0xd/0x1a [ 31.847547] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 31.854270] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 31.860998] [] lock_acquire+0x15e/0x450 [ 31.866600] [] ? fifo_open+0x15d/0xa00 [ 31.872137] [] ? fifo_open+0x15d/0xa00 [ 31.877910] [] mutex_lock_nested+0xc1/0xb80 [ 31.883855] [] ? fifo_open+0x15d/0xa00 [ 31.889381] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 31.896110] [] ? mutex_trylock+0x500/0x500 [ 31.901970] [] ? fifo_open+0x24d/0xa00 [ 31.907492] [] ? fifo_open+0x28c/0xa00 [ 31.913002] [] fifo_open+0x15d/0xa00 [ 31.918339] [] do_dentry_open+0x38f/0xbd0 [ 31.924110] [] ? __inode_permission2+0x9e/0x250 [ 31.930399] [] ? pipe_release+0x250/0x250 [ 31.936170] [] vfs_open+0x10b/0x210 [ 31.941421] [] ? may_open.isra.0+0xe7/0x210 [ 31.947364] [] path_openat+0x136f/0x4470 [ 31.953051] [] ? depot_save_stack+0x1c3/0x5f0 [ 31.959174] [] ? may_open.isra.0+0x210/0x210 [ 31.965222] [] ? kmemdup+0x27/0x60 [ 31.970390] [] ? selinux_cred_prepare+0x43/0xa0 [ 31.976682] [] ? security_prepare_creds+0x83/0xc0 [ 31.983164] [] ? prepare_creds+0x228/0x2b0 [ 31.989021] [] ? prepare_exec_creds+0x12/0xf0 [ 31.995139] [] ? do_execveat_common.isra.0+0x2d6/0x1e90 [ 32.002130] [] ? do_fast_syscall_32+0x32d/0xa90 [ 32.008427] [] ? kasan_kmalloc+0xb7/0xd0 [ 32.014114] [] ? kasan_slab_alloc+0xf/0x20 [ 32.019970] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 32.026000] [] ? prepare_creds+0x28/0x2b0 [ 32.031771] [] ? prepare_exec_creds+0x12/0xf0 [ 32.037888] [] do_filp_open+0x1a1/0x270 [ 32.043502] [] ? save_stack_trace+0x26/0x50 [ 32.049444] [] ? user_path_mountpoint_at+0x50/0x50 [ 32.055994] [] ? compat_SyS_execve+0x48/0x60 [ 32.062026] [] ? do_fast_syscall_32+0x32d/0xa90 [ 32.068318] [] ? sysenter_flags_fixed+0xd/0x1a [ 32.074522] [] ? __lock_acquire+0xa4f/0x4f50 [ 32.080553] [] ? trace_hardirqs_on+0x10/0x10 [ 32.086587] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 32.093414] [] do_open_execat+0x10c/0x6e0 [ 32.099200] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 32.105941] [] ? setup_arg_pages+0x7b0/0x7b0 [ 32.112030] [] ? do_execveat_common.isra.0+0x6b8/0x1e90 [ 32.119015] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 32.125830] [] ? do_execveat_common.isra.0+0x422/0x1e90 [ 32.132833] [] ? __check_object_size+0x222/0x332 [ 32.139229] [] ? strncpy_from_user+0x111/0x230 [ 32.145434] [] ? prepare_bprm_creds+0x120/0x120 [ 32.151724] [] ? getname_flags+0x232/0x550 [ 32.157585] [] compat_SyS_execve+0x48/0x60 [ 32.163442] [] ? SyS_execveat+0x70/0x70 [ 32.169038] [] do_fast_syscall_32+0x32d/0xa90 [ 32.175156] [] sysenter_flags_fixed+0xd/0x1a