[....] Starting enhanced syslogd: rsyslogd[ 13.728655] audit: type=1400 audit(1546907705.577:4): avc: denied { syslog } for pid=1922 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 43.749866] [ 43.751505] ====================================================== [ 43.757799] [ INFO: possible circular locking dependency detected ] [ 43.764176] 4.4.169+ #2 Not tainted [ 43.767814] ------------------------------------------------------- [ 43.774196] syz-executor984/2082 is trying to acquire lock: [ 43.779875] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 [ 43.788574] [ 43.788574] but task is already holding lock: [ 43.794785] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 43.804622] [ 43.804622] which lock already depends on the new lock. [ 43.804622] [ 43.812912] [ 43.812912] the existing dependency chain (in reverse order) is: [ 43.820503] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 43.826140] [] lock_acquire+0x15e/0x450 [ 43.832380] [] mutex_lock_interruptible_nested+0xd2/0xce0 [ 43.840188] [] proc_pid_attr_write+0x1a8/0x2a0 [ 43.847031] [] __vfs_write+0x116/0x3d0 [ 43.853183] [] __kernel_write+0x112/0x370 [ 43.859602] [] write_pipe_buf+0x15d/0x1f0 [ 43.866064] [] __splice_from_pipe+0x37e/0x7a0 [ 43.872829] [] splice_from_pipe+0x108/0x170 [ 43.879409] [] default_file_splice_write+0x3c/0x80 [ 43.886598] [] SyS_splice+0xd71/0x13a0 [ 43.892750] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 43.899950] -> #0 (&pipe->mutex/1){+.+.+.}: [ 43.905029] [] __lock_acquire+0x37d6/0x4f50 [ 43.911617] [] lock_acquire+0x15e/0x450 [ 43.917864] [] mutex_lock_nested+0xc1/0xb80 [ 43.924449] [] fifo_open+0x15d/0xa00 [ 43.930464] [] do_dentry_open+0x38f/0xbd0 [ 43.936890] [] vfs_open+0x10b/0x210 [ 43.942779] [] path_openat+0x136f/0x4470 [ 43.949111] [] do_filp_open+0x1a1/0x270 [ 43.955349] [] do_open_execat+0x10c/0x6e0 [ 43.961758] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 43.969216] [] SyS_execve+0x42/0x50 [ 43.975143] [] return_from_execve+0x0/0x23 [ 43.981657] [ 43.981657] other info that might help us debug this: [ 43.981657] [ 43.989947] Possible unsafe locking scenario: [ 43.989947] [ 43.995983] CPU0 CPU1 [ 44.000622] ---- ---- [ 44.005316] lock(&sig->cred_guard_mutex); [ 44.009965] lock(&pipe->mutex/1); [ 44.016436] lock(&sig->cred_guard_mutex); [ 44.023480] lock(&pipe->mutex/1); [ 44.027438] [ 44.027438] *** DEADLOCK *** [ 44.027438] [ 44.033472] 1 lock held by syz-executor984/2082: [ 44.038235] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 44.048707] [ 44.048707] stack backtrace: [ 44.053180] CPU: 0 PID: 2082 Comm: syz-executor984 Not tainted 4.4.169+ #2 [ 44.060162] 0000000000000000 ee1add33058f7d4d ffff8800b6eef530 ffffffff81aab9c1 [ 44.068140] ffffffff84055ac0 ffff8801d4f78000 ffffffff83abb2b0 ffffffff83ab4860 [ 44.076123] ffffffff83abb2b0 ffff8800b6eef580 ffffffff813abaf4 ffff8800b6eef660 [ 44.084099] Call Trace: [ 44.086659] [] dump_stack+0xc1/0x120 [ 44.091997] [] print_circular_bug.cold+0x2f7/0x44e [ 44.098548] [] __lock_acquire+0x37d6/0x4f50 [ 44.104491] [] ? trace_hardirqs_on+0x10/0x10 [ 44.110521] [] ? do_filp_open+0x1a1/0x270 [ 44.116334] [] ? do_execveat_common.isra.0+0x6f6/0x1e90 [ 44.123329] [] ? SyS_execve+0x42/0x50 [ 44.128750] [] ? stub_execve+0x5/0x5 [ 44.134088] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 44.140901] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 44.147634] [] lock_acquire+0x15e/0x450 [ 44.153234] [] ? fifo_open+0x15d/0xa00 [ 44.158744] [] ? fifo_open+0x15d/0xa00 [ 44.164258] [] mutex_lock_nested+0xc1/0xb80 [ 44.170201] [] ? fifo_open+0x15d/0xa00 [ 44.175708] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 44.182440] [] ? mutex_trylock+0x500/0x500 [ 44.188299] [] ? fifo_open+0x24d/0xa00 [ 44.193819] [] ? fifo_open+0x28c/0xa00 [ 44.199331] [] fifo_open+0x15d/0xa00 [ 44.204779] [] do_dentry_open+0x38f/0xbd0 [ 44.210560] [] ? __inode_permission2+0x9e/0x250 [ 44.216851] [] ? pipe_release+0x250/0x250 [ 44.222622] [] vfs_open+0x10b/0x210 [ 44.227874] [] ? may_open.isra.0+0xe7/0x210 [ 44.233823] [] path_openat+0x136f/0x4470 [ 44.239516] [] ? depot_save_stack+0x1c3/0x5f0 [ 44.245633] [] ? may_open.isra.0+0x210/0x210 [ 44.251666] [] ? kmemdup+0x27/0x60 [ 44.256833] [] ? selinux_cred_prepare+0x43/0xa0 [ 44.263172] [] ? security_prepare_creds+0x83/0xc0 [ 44.269645] [] ? prepare_creds+0x228/0x2b0 [ 44.275684] [] ? prepare_exec_creds+0x12/0xf0 [ 44.281816] [] ? do_execveat_common.isra.0+0x2d6/0x1e90 [ 44.288813] [] ? stub_execve+0x5/0x5 [ 44.294158] [] ? kasan_kmalloc+0xb7/0xd0 [ 44.299847] [] ? kasan_slab_alloc+0xf/0x20 [ 44.305838] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 44.311881] [] ? prepare_creds+0x28/0x2b0 [ 44.317740] [] ? prepare_exec_creds+0x12/0xf0 [ 44.323870] [] do_filp_open+0x1a1/0x270 [ 44.329477] [] ? save_stack_trace+0x26/0x50 [ 44.335423] [] ? user_path_mountpoint_at+0x50/0x50 [ 44.341981] [] ? SyS_execve+0x42/0x50 [ 44.347421] [] ? stub_execve+0x5/0x5 [ 44.352781] [] ? __lock_acquire+0xa4f/0x4f50 [ 44.358835] [] ? trace_hardirqs_on+0x10/0x10 [ 44.364868] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 44.371683] [] do_open_execat+0x10c/0x6e0 [ 44.377459] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 44.384252] [] ? setup_arg_pages+0x7b0/0x7b0 [ 44.390312] [] ? do_execveat_common.isra.0+0x6b8/0x1e90 [ 44.397349] [] do_execveat_common.isra.