[....] Starting enhanced syslogd: rsyslogd[ 14.087936] audit: type=1400 audit(1553333024.183:4): avc: denied { syslog } for pid=1918 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.112' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 48.598775] [ 48.600442] ====================================================== [ 48.606894] [ INFO: possible circular locking dependency detected ] [ 48.613280] 4.4.174+ #4 Not tainted [ 48.616884] ------------------------------------------------------- [ 48.623275] syz-executor057/2085 is trying to acquire lock: [ 48.628971] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 [ 48.637627] [ 48.637627] but task is already holding lock: [ 48.643619] (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 48.653515] [ 48.653515] which lock already depends on the new lock. [ 48.653515] [ 48.661814] [ 48.661814] the existing dependency chain (in reverse order) is: [ 48.669430] -> #1 (&sig->cred_guard_mutex){+.+.+.}: [ 48.675089] [] lock_acquire+0x15e/0x450 [ 48.681471] [] mutex_lock_interruptible_nested+0xd2/0xce0 [ 48.689291] [] proc_pid_attr_write+0x1a8/0x2a0 [ 48.696604] [] __vfs_write+0x116/0x3d0 [ 48.702776] [] __kernel_write+0x112/0x370 [ 48.709218] [] write_pipe_buf+0x15d/0x1f0 [ 48.715645] [] __splice_from_pipe+0x37e/0x7a0 [ 48.722414] [] splice_from_pipe+0x108/0x170 [ 48.729118] [] default_file_splice_write+0x3c/0x80 [ 48.736375] [] SyS_splice+0xd71/0x13a0 [ 48.742546] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 48.749759] -> #0 (&pipe->mutex/1){+.+.+.}: [ 48.754879] [] __lock_acquire+0x37d6/0x4f50 [ 48.761529] [] lock_acquire+0x15e/0x450 [ 48.767888] [] mutex_lock_nested+0xc1/0xb80 [ 48.774504] [] fifo_open+0x15d/0xa00 [ 48.780668] [] do_dentry_open+0x38f/0xbd0 [ 48.787402] [] vfs_open+0x10b/0x210 [ 48.793649] [] path_openat+0x136f/0x4470 [ 48.800044] [] do_filp_open+0x1a1/0x270 [ 48.806325] [] do_open_execat+0x10c/0x6e0 [ 48.812765] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 48.820234] [] SyS_execve+0x42/0x50 [ 48.826359] [] return_from_execve+0x0/0x23 [ 48.832921] [ 48.832921] other info that might help us debug this: [ 48.832921] [ 48.841046] Possible unsafe locking scenario: [ 48.841046] [ 48.847100] CPU0 CPU1 [ 48.851753] ---- ---- [ 48.856452] lock(&sig->cred_guard_mutex); [ 48.861081] lock(&pipe->mutex/1); [ 48.867742] lock(&sig->cred_guard_mutex); [ 48.874799] lock(&pipe->mutex/1); [ 48.878753] [ 48.878753] *** DEADLOCK *** [ 48.878753] [ 48.884830] 1 lock held by syz-executor057/2085: [ 48.889567] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 [ 48.900194] [ 48.900194] stack backtrace: [ 48.904760] CPU: 0 PID: 2085 Comm: syz-executor057 Not tainted 4.4.174+ #4 [ 48.911753] 0000000000000000 f4ad12c1bed6f2ea ffff8800b663f530 ffffffff81aad1a1 [ 48.919759] ffffffff84057a80 ffff8800b7178000 ffffffff83abd460 ffffffff83ab6500 [ 48.928114] ffffffff83abd460 ffff8800b663f580 ffffffff813abcda ffff8800b663f660 [ 48.936161] Call Trace: [ 48.938747] [] dump_stack+0xc1/0x120 [ 48.944091] [] print_circular_bug.cold+0x2f7/0x44e [ 48.950902] [] __lock_acquire+0x37d6/0x4f50 [ 48.956868] [] ? trace_hardirqs_on+0x10/0x10 [ 48.962928] [] ? do_filp_open+0x1a1/0x270 [ 48.968713] [] ? do_execveat_common.isra.0+0x6f6/0x1e90 [ 48.975710] [] ? SyS_execve+0x42/0x50 [ 48.981145] [] ? stub_execve+0x5/0x5 [ 48.986597] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 48.993583] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 49.000351] [] lock_acquire+0x15e/0x450 [ 49.006075] [] ? fifo_open+0x15d/0xa00 [ 49.011599] [] ? fifo_open+0x15d/0xa00 [ 49.017164] [] mutex_lock_nested+0xc1/0xb80 [ 49.023123] [] ? fifo_open+0x15d/0xa00 [ 49.028643] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 49.035504] [] ? mutex_trylock+0x500/0x500 [ 49.041642] [] ? fifo_open+0x24d/0xa00 [ 49.047168] [] ? fifo_open+0x28c/0xa00 [ 49.052723] [] fifo_open+0x15d/0xa00 [ 49.058073] [] do_dentry_open+0x38f/0xbd0 [ 49.063913] [] ? __inode_permission2+0x9e/0x250 [ 49.070497] [] ? pipe_release+0x250/0x250 [ 49.076501] [] vfs_open+0x10b/0x210 [ 49.081991] [] ? may_open.isra.0+0xe7/0x210 [ 49.088035] [] path_openat+0x136f/0x4470 [ 49.093840] [] ? depot_save_stack+0x1c3/0x5f0 [ 49.100012] [] ? may_open.isra.0+0x210/0x210 [ 49.106070] [] ? kmemdup+0x27/0x60 [ 49.111246] [] ? selinux_cred_prepare+0x43/0xa0 [ 49.117653] [] ? security_prepare_creds+0x83/0xc0 [ 49.124292] [] ? prepare_creds+0x228/0x2b0 [ 49.130163] [] ? prepare_exec_creds+0x12/0xf0 [ 49.136360] [] ? do_execveat_common.isra.0+0x2d6/0x1e90 [ 49.143412] [] ? stub_execve+0x5/0x5 [ 49.148810] [] ? kasan_kmalloc+0xb7/0xd0 [ 49.154512] [] ? kasan_slab_alloc+0xf/0x20 [ 49.160382] [] ? kmem_cache_alloc+0xdc/0x2c0 [ 49.166423] [] ? prepare_creds+0x28/0x2b0 [ 49.172212] [] ? prepare_exec_creds+0x12/0xf0 [ 49.178434] [] do_filp_open+0x1a1/0x270 [ 49.184167] [] ? save_stack_trace+0x26/0x50 [ 49.190123] [] ? user_path_mountpoint_at+0x50/0x50 [ 49.196690] [] ? SyS_execve+0x42/0x50 [ 49.202125] [] ? stub_execve+0x5/0x5 [ 49.207564] [] ? __lock_acquire+0xa4f/0x4f50 [ 49.213799] [] ? trace_hardirqs_on+0x10/0x10 [ 49.219842] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 49.226769] [] do_open_execat+0x10c/0x6e0 [ 49.232640] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 49.239385] [] ? setup_arg_pages+0x7b0/0x7b0 [ 49.245555] [] ? do_execveat_common.isra.0+0x6b8/0x1e90 [ 49.252566] [] do_execveat_common.isra.0+0x6f6/0x1e90 [ 49.259396] [] ? do_execveat_common.isra.0+0x422/0x1e90 [ 49.266399] [] ? __check_object_size+0x222/0x332 [ 49.272796] [] ? strncpy_from_user+0xd0/0x230 [ 49.278929] [] ? prepare_bprm_creds+0x120/0x120 [ 49.285272] [] ? getname_flags+0x232/0x550 [ 49.291139] [] SyS_execve+0x42/0x50 [ 49.296442] [] stub_execve+0x5/0x5 [ 49.301628] [] ? tracesys+0x88/0x8d