[....] Starting enhanced syslogd: rsyslogd[ 15.713224] audit: type=1400 audit(1551377711.696:4): avc: denied { syslog } for pid=1920 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.128' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.699467] [ 41.701133] ====================================================== [ 41.707426] [ INFO: possible circular locking dependency detected ] [ 41.713806] 4.4.174+ #4 Not tainted [ 41.717411] ------------------------------------------------------- [ 41.723799] syz-executor530/2081 is trying to acquire lock: [ 41.729483] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 [ 41.738079] [ 41.738079] but task is already holding lock: [ 41.744039] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 41.753860] [ 41.753860] which lock already depends on the new lock. [ 41.753860] [ 41.762150] [ 41.762150] the existing dependency chain (in reverse order) is: [ 41.769743] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 41.775422] [] lock_acquire+0x15e/0x450 [ 41.781667] [] mutex_lock_interruptible_nested+0xd2/0xce0 [ 41.789474] [] proc_pid_attr_write+0x1a8/0x2a0 [ 41.796323] [] __vfs_write+0x116/0x3d0 [ 41.802482] [] __kernel_write+0x112/0x370 [ 41.808901] [] write_pipe_buf+0x15d/0x1f0 [ 41.815330] [] __splice_from_pipe+0x37e/0x7a0 [ 41.822104] [] splice_from_pipe+0x108/0x170 [ 41.828691] [] default_file_splice_write+0x3c/0x80 [ 41.835883] [] SyS_splice+0xd71/0x13a0 [ 41.842040] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 41.849235] -> #0 (&pipe->mutex/1){+.+.+.}: [ 41.854327] [] __lock_acquire+0x37d6/0x4f50 [ 41.860925] [] lock_acquire+0x15e/0x450 [ 41.867162] [] mutex_lock_nested+0xc1/0xb80 [ 41.873753] [] fifo_open+0x15d/0xa00 [ 41.879732] [] do_dentry_open+0x38f/0xbd0 [ 41.886144] [] vfs_open+0x10b/0x210 [ 41.892066] [] path_openat+0x136f/0x4470 [ 41.898393] [] do_filp_open+0x1a1/0x270 [ 41.904642] [] do_open_execat+0x10c/0x6e0 [ 41.911059] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 41.918518] [] SyS_execve+0x42/0x50 [ 41.924429] [] return_from_execve+0x0/0x23 [ 41.930931] [ 41.930931] other info that might help us debug this: [ 41.930931] [ 41.939047] Possible unsafe locking scenario: [ 41.939047] [ 41.945078] CPU0 CPU1 [ 41.949746] ---- ---- [ 41.954385] lock(&sig->cred_guard_mutex); [ 41.958951] lock(&pipe->mutex/1); [ 41.965455] lock(&sig->cred_guard_mutex); [ 41.972514] lock(&pipe->mutex/1); [ 41.976478] [ 41.976478] *** DEADLOCK *** [ 41.976478] [ 41.982525] 1 lock held by syz-executor530/2081: [ 41.987250] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 41.997655] [ 41.997655] stack backtrace: [ 42.002125] CPU: 1 PID: 2081 Comm: syz-executor530 Not tainted 4.4.174+ #4 [ 42.009111] 0000000000000000 140e3fb03fe56a33 ffff8800b7cf7530 ffffffff81aad1a1 [ 42.017105] ffffffff84057a80 ffff8800b7c397c0 ffffffff83abd7c0 ffffffff83ab6a10 [ 42.025092] ffffffff83abd7c0 ffff8800b7cf7580 ffffffff813abcda ffff8800b7cf7660 [ 42.033079] Call Trace: [ 42.035642] [] dump_stack+0xc1/0x120 [ 42.040994] [] print_circular_bug.cold+0x2f7/0x44e [ 42.047564] [] __lock_acquire+0x37d6/0x4f50 [ 42.053512] [] ? trace_hardirqs_on+0x10/0x10 [ 42.059559] [] ? do_filp_open+0x1a1/0x270 [ 42.065361] [] ? do_execveat_common.isra.0+0x6f6/0x1e90 [ 42.072459] [] ? SyS_execve+0x42/0x50 [ 42.077885] [] ? stub_execve+0x5/0x5 [ 42.083225] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 42.089952] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 42.096696] [] lock_acquire+0x15e/0x450 [ 42.102294] [] ? fifo_open+0x15d/0xa00 [ 42.107825] [] ? fifo_open+0x15d/0xa00 [ 42.113339] [] mutex_lock_nested+0xc1/0xb80 [ 42.119290] [] ? fifo_open+0x15d/0xa00 [ 42.124804] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 42.131531] [] ? mutex_trylock+0x500/0x500 [ 42.137389] [] ? fifo_open+0x24d/0xa00 [ 42.142932] [] ? fifo_open+0x28c/0xa00 [ 42.148456] [] fifo_open+0x15d/0xa00 [ 42.153796] [] do_dentry_open+0x38f/0xbd0 [ 42.159579] [] ? __inode_permission2+0x9e/0x250 [ 42.165874] [] ? pipe_release+0x250/0x250 [ 42.171644] [] vfs_open+0x10b/0x210 [ 42.176954] [] ? may_open.isra.0+0xe7/0x210 [ 42.182921] [] path_openat+0x136f/0x4470 [ 42.188608] [] ? depot_save_stack+0x1c3/0x5f0 [ 42.194742] [] ? may_open.isra.0+0x210/0x210 [ 42.200813] [] ? kmemdup+0x27/0x60 [ 42.205980] [] ? selinux_cred_prepare+0x43/0xa0 [ 42.212275] [] ? security_prepare_creds+0x83/0xc0 [ 42.218743] [] ? prepare_creds+0x228/0x2b0 [ 42.224604] [] ? prepare_exec_creds+0x12/0xf0 [ 42.230726] [] ? do_execveat_common.isra.0+0x2d6/0x1e90 [ 42.237729] [] ? stub_execve+0x5/0x5 [ 42.243068] [] ? kasan_kmalloc+0xb7/0xd0 [ 42.248770] [] ? kasan_slab_alloc+0xf/0x20 [ 42.254630] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 42.260676] [] ? prepare_creds+0x28/0x2b0 [ 42.266448] [] ? prepare_exec_creds+0x12/0xf0 [ 42.272569] [] do_filp_open+0x1a1/0x270 [ 42.278184] [] ? save_stack_trace+0x26/0x50 [ 42.284130] [] ? user_path_mountpoint_at+0x50/0x50 [ 42.290682] [] ? SyS_execve+0x42/0x50 [ 42.296108] [] ? stub_execve+0x5/0x5 [ 42.301447] [] ? __lock_acquire+0xa4f/0x4f50 [ 42.307482] [] ? trace_hardirqs_on+0x10/0x10 [ 42.313520] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 42.320345] [] do_open_execat+0x10c/0x6e0 [ 42.326120] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 42.332846] [] ? setup_arg_pages+0x7b0/0x7b0 [ 42.338880] [] ? do_execveat_common.isra.0+0x6b8/0x1e90 [ 42.345887] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 42.352704] [] ? do_execveat_common.isra.0+0x422/0x1e90 [ 42.359694] [] ? __check_object_size+0x222/0x332 [ 42.366090] [] ? strncpy_from_user+0xd0/0x230 [ 42.372212] [] ? prepare_bprm_creds+0x120/0x120 [ 42.378507] [] ? getname_flags+0x232/0x550 [ 42.384367] [] SyS_execve+0x42/0x50 [ 42.389621] [] stub_execve+0x5/0x5 [ 42.394784] [] ? tracesys+0x88/0x8d