[....] Starting enhanced syslogd: rsyslogd[ 13.952995] audit: type=1400 audit(1546208592.881:4): avc: denied { syslog } for pid=1925 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.072931] [ 32.074699] ====================================================== [ 32.080993] [ INFO: possible circular locking dependency detected ] [ 32.087384] 4.4.169+ #7 Not tainted [ 32.090989] ------------------------------------------------------- [ 32.097521] syz-executor271/2080 is trying to acquire lock: [ 32.103215] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15c/0x9e0 [ 32.112142] [ 32.112142] but task is already holding lock: [ 32.118093] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 [ 32.128016] [ 32.128016] which lock already depends on the new lock. [ 32.128016] [ 32.136305] [ 32.136305] the existing dependency chain (in reverse order) is: [ 32.143906] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 32.149558] [] lock_acquire+0x15e/0x450 [ 32.155814] [] mutex_lock_interruptible_nested+0xd2/0xcc0 [ 32.163631] [] proc_pid_attr_write+0x19e/0x290 [ 32.170484] [] __vfs_write+0x11c/0x3e0 [ 32.176640] [] __kernel_write+0x10a/0x350 [ 32.183059] [] write_pipe_buf+0x15d/0x1f0 [ 32.189650] [] __splice_from_pipe+0x364/0x790 [ 32.196415] [] splice_from_pipe+0xf9/0x170 [ 32.202926] [] default_file_splice_write+0x3c/0x80 [ 32.210176] [] SyS_splice+0xde1/0x1430 [ 32.216334] [] do_fast_syscall_32+0x321/0xa80 [ 32.223103] [] sysenter_flags_fixed+0xd/0x1a [ 32.229783] -> #0 (&pipe->mutex/1){+.+.+.}: [ 32.234896] [] __lock_acquire+0x3cd4/0x5530 [ 32.241494] [] lock_acquire+0x15e/0x450 [ 32.247743] [] mutex_lock_nested+0xc2/0xb60 [ 32.254344] [] fifo_open+0x15c/0x9e0 [ 32.260326] [] do_dentry_open+0x38d/0xbd0 [ 32.266780] [] vfs_open+0x12a/0x210 [ 32.272685] [] path_openat+0xc10/0x3f10 [ 32.278931] [] do_filp_open+0x197/0x270 [ 32.285187] [] do_open_execat+0x10f/0x6f0 [ 32.291611] [] do_execveat_common.isra.14+0x6a1/0x1f00 [ 32.299160] [] compat_SyS_execve+0x48/0x60 [ 32.305668] [] do_fast_syscall_32+0x321/0xa80 [ 32.312438] [] sysenter_flags_fixed+0xd/0x1a [ 32.319296] [ 32.319296] other info that might help us debug this: [ 32.319296] [ 32.327524] Possible unsafe locking scenario: [ 32.327524] [ 32.333559] CPU0 CPU1 [ 32.338198] ---- ---- [ 32.342887] lock(&sig->cred_guard_mutex); [ 32.347437] lock(&pipe->mutex/1); [ 32.353924] lock(&sig->cred_guard_mutex); [ 32.360977] lock(&pipe->mutex/1); [ 32.364940] [ 32.364940] *** DEADLOCK *** [ 32.364940] [ 32.370976] 1 lock held by syz-executor271/2080: [ 32.375703] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x53/0x110 [ 32.386083] [ 32.386083] stack backtrace: [ 32.390554] CPU: 1 PID: 2080 Comm: syz-executor271 Not tainted 4.4.169+ #7 [ 32.397546] 0000000000000000 33818f5bce0613aa ffff8801d410f460 ffffffff81aa635d [ 32.405613] ffffffff83ab92b0 ffffffff83ab92b0 ffff8800b79c2f80 ffffffff83ab2500 [ 32.413672] ffff8800b79c3868 ffff8801d410f4b0 ffffffff813a9589 ffff8800b79c2f80 [ 32.421725] Call Trace: [ 32.424303] [] dump_stack+0xc1/0x124 [ 32.429644] [] print_circular_bug.cold.31+0x2f6/0x435 [ 32.436458] [] __lock_acquire+0x3cd4/0x5530 [ 32.442401] [] ? trace_hardirqs_on+0x10/0x10 [ 32.448432] [] ? path_openat+0xc10/0x3f10 [ 32.454206] [] ? do_open_execat+0x10f/0x6f0 [ 32.460155] [] ? do_execveat_common.isra.14+0x6a1/0x1f00 [ 32.467229] [] lock_acquire+0x15e/0x450 [ 32.472839] [] ? fifo_open+0x15c/0x9e0 [ 32.478361] [] mutex_lock_nested+0xc2/0xb60 [ 32.484305] [] ? fifo_open+0x15c/0x9e0 [ 32.489821] [] ? check_preemption_disabled+0x3b/0x200 [ 32.496637] [] ? lockdep_init_map+0x110/0x1630 [ 32.502844] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 32.509585] [] ? mutex_trylock+0x4f0/0x4f0 [ 32.515526] [] ? fifo_open+0x24e/0x9e0 [ 32.521043] [] ? fifo_open+0x28d/0x9e0 [ 32.526557] [] fifo_open+0x15c/0x9e0 [ 32.531904] [] do_dentry_open+0x38d/0xbd0 [ 32.537678] [] ? __inode_permission2+0x9b/0x240 [ 32.543972] [] ? pipe_release+0x250/0x250 [ 32.549752] [] vfs_open+0x12a/0x210 [ 32.555006] [] ? may_open.isra.19+0x156/0x240 [ 32.561125] [] path_openat+0xc10/0x3f10 [ 32.566722] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 32.573594] [] ? may_open.isra.19+0x240/0x240 [ 32.579729] [] ? kasan_kmalloc.part.1+0xc9/0xf0 [ 32.586026] [] ? save_stack_trace+0x26/0x50 [ 32.591978] [] ? kasan_kmalloc.part.1+0x62/0xf0 [ 32.598287] [] ? kasan_kmalloc+0xaf/0xc0 [ 32.603978] [] ? __kmalloc_track_caller+0xf1/0x2e0 [ 32.610544] [] ? kmemdup+0x24/0x50 [ 32.615738] [] ? selinux_cred_prepare+0x43/0xa0 [ 32.622042] [] ? security_prepare_creds+0x83/0xc0 [ 32.628528] [] ? prepare_creds+0x222/0x2a0 [ 32.634395] [] ? prepare_exec_creds+0x11/0xf0 [ 32.640518] [] ? prepare_bprm_creds+0x67/0x110 [ 32.646728] [] ? compat_SyS_execve+0x48/0x60 [ 32.654179] [] ? do_fast_syscall_32+0x321/0xa80 [ 32.660484] [] ? sysenter_flags_fixed+0xd/0x1a [ 32.666704] [] ? save_stack_trace+0x26/0x50 [ 32.672674] [] ? kasan_kmalloc+0xaf/0xc0 [ 32.678378] [] ? kasan_slab_alloc+0x12/0x20 [ 32.684332] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 32.690375] [] ? prepare_creds+0x28/0x2a0 [ 32.696287] [] ? prepare_exec_creds+0x11/0xf0 [ 32.702415] [] ? prepare_bprm_creds+0x67/0x110 [ 32.708632] [] ? do_execveat_common.isra.14+0x2d8/0x1f00 [ 32.716010] [] ? sysenter_flags_fixed+0xd/0x1a [ 32.722226] [] ? save_stack_trace+0x26/0x50 [ 32.728184] [] do_filp_open+0x197/0x270 [ 32.733791] [] ? user_path_mountpoint_at+0x70/0x70 [ 32.740356] [] ? trace_hardirqs_on+0x10/0x10 [ 32.746441] [] ? rcu_read_lock_sched_held+0x103/0x120 [ 32.753268] [] do_open_execat+0x10f/0x6f0 [ 32.759127] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 32.765929] [] ? setup_arg_pages+0x7a0/0x7a0 [ 32.771980] [] do_execv