[....] Starting enhanced syslogd: rsyslogd[ 14.463446] audit: type=1400 audit(1546948037.365:4): avc: denied { syslog } for pid=1918 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.10.55' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 30.681900]
[ 30.683594] ======================================================
[ 30.689910] [ INFO: possible circular locking dependency detected ]
[ 30.696320] 4.4.169+ #2 Not tainted
[ 30.699918] -------------------------------------------------------
[ 30.706313] syz-executor051/2072 is trying to acquire lock:
[ 30.711998] (&pipe->mutex/1){+.+.+.}, at: [<ffffffff814b226d>] fifo_open+0x15d/0xa00
[ 30.720590]
[ 30.720590] but task is already holding lock:
[ 30.726555] (&sig->cred_guard_mutex){+.+.+.}, at: [<ffffffff814ac4b5>] prepare_bprm_creds+0x55/0x120
[ 30.736413]
[ 30.736413] which lock already depends on the new lock.
[ 30.736413]
[ 30.744702]
[ 30.744702] the existing dependency chain (in reverse order) is:
[ 30.752303]
-> #1 (&sig->cred_guard_mutex){+.+.+.}:
[ 30.758050] [<ffffffff81205d7e>] lock_acquire+0x15e/0x450
[ 30.764315] [<ffffffff8270b012>] mutex_lock_interruptible_nested+0xd2/0xce0
[ 30.772133] [<ffffffff815e78e8>] proc_pid_attr_write+0x1a8/0x2a0
[ 30.779107] [<ffffffff814962e6>] __vfs_write+0x116/0x3d0
[ 30.785272] [<ffffffff814966b2>] __kernel_write+0x112/0x370
[ 30.791702] [<ffffffff815327dd>] write_pipe_buf+0x15d/0x1f0
[ 30.798127] [<ffffffff815334de>] __splice_from_pipe+0x37e/0x7a0
[ 30.805025] [<ffffffff81536558>] splice_from_pipe+0x108/0x170
[ 30.811632] [<ffffffff8153664c>] default_file_splice_write+0x3c/0x80
[ 30.818832] [<ffffffff815376a1>] SyS_splice+0xd71/0x13a0
[ 30.825109] [<ffffffff8100603d>] do_fast_syscall_32+0x32d/0xa90
[ 30.832021] [<ffffffff82716b50>] sysenter_flags_fixed+0xd/0x1a
[ 30.838833]
-> #0 (&pipe->mutex/1){+.+.+.}:
[ 30.843943] [<ffffffff81202b96>] __lock_acquire+0x37d6/0x4f50
[ 30.850669] [<ffffffff81205d7e>] lock_acquire+0x15e/0x450
[ 30.856914] [<ffffffff82708c01>] mutex_lock_nested+0xc1/0xb80
[ 30.863602] [<ffffffff814b226d>] fifo_open+0x15d/0xa00
[ 30.869704] [<ffffffff8149103f>] do_dentry_open+0x38f/0xbd0
[ 30.876224] [<ffffffff8149482b>] vfs_open+0x10b/0x210
[ 30.882238] [<ffffffff814c574f>] path_openat+0x136f/0x4470
[ 30.888561] [<ffffffff814cc421>] do_filp_open+0x1a1/0x270
[ 30.894840] [<ffffffff814a75fc>] do_open_execat+0x10c/0x6e0
[ 30.901269] [<ffffffff814acc76>] do_execveat_common.isra.0+0x6f6/0x1e90
[ 30.908728] [<ffffffff814aee58>] compat_SyS_execve+0x48/0x60
[ 30.915229] [<ffffffff8100603d>] do_fast_syscall_32+0x32d/0xa90
[ 30.921999] [<ffffffff82716b50>] sysenter_flags_fixed+0xd/0x1a
[ 30.928756]
[ 30.928756] other info that might help us debug this:
[ 30.928756]
[ 30.936874] Possible unsafe locking scenario:
[ 30.936874]
[ 30.942900] CPU0 CPU1
[ 30.947533] ---- ----
[ 30.952167] lock(&sig->cred_guard_mutex);
[ 30.956713] lock(&pipe->mutex/1);
[ 30.963194] lock(&sig->cred_guard_mutex);
[ 30.970399] lock(&pipe->mutex/1);
[ 30.974375]
[ 30.974375] *** DEADLOCK ***
[ 30.974375]
[ 30.980408] 1 lock held by syz-executor051/2072:
[ 30.985134] #0: (&sig->cred_guard_mutex){+.+.+.}, at: [<ffffffff814ac4b5>] prepare_bprm_creds+0x55/0x120
[ 30.995653]
[ 30.995653] stack backtrace:
[ 31.000142] CPU: 0 PID: 2072 Comm: syz-executor051 Not tainted 4.4.169+ #2
[ 31.007126] 0000000000000000 936fa879a4a4cf30 ffff8801cf25f4c0 ffffffff81aab9c1
[ 31.015294] ffffffff84055ac0 ffff8800b70f4740 ffffffff83abb460 ffffffff83ab4500
[ 31.023307] ffffffff83abb460 ffff8801cf25f510 ffffffff813abaf4 ffff8801cf25f5f0
[ 31.031344] Call Trace:
[ 31.033904] [<ffffffff81aab9c1>] dump_stack+0xc1/0x120
[ 31.039241] [<ffffffff813abaf4>] print_circular_bug.cold+0x2f7/0x44e
[ 31.045813] [<ffffffff81202b96>] __lock_acquire+0x37d6/0x4f50
[ 31.051905] [<ffffffff811ff3c0>] ? trace_hardirqs_on+0x10/0x10
[ 31.058014] [<ffffffff814cc421>] ? do_filp_open+0x1a1/0x270
[ 31.063808] [<ffffffff814acc76>] ? do_execveat_common.isra.0+0x6f6/0x1e90
[ 31.070794] [<ffffffff814aee58>] ? compat_SyS_execve+0x48/0x60
[ 31.076909] [<ffffffff8100603d>] ? do_fast_syscall_32+0x32d/0xa90
[ 31.083309] [<ffffffff82716b50>] ? sysenter_flags_fixed+0xd/0x1a
[ 31.089646] [<ffffffff8123a571>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[ 31.096613] [<ffffffff8123a571>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[ 31.103343] [<ffffffff81205d7e>] lock_acquire+0x15e/0x450
[ 31.108943] [<ffffffff814b226d>] ? fifo_open+0x15d/0xa00
[ 31.114757] [<ffffffff814b226d>] ? fifo_open+0x15d/0xa00
[ 31.120292] [<ffffffff82708c01>] mutex_lock_nested+0xc1/0xb80
[ 31.126266] [<ffffffff814b226d>] ? fifo_open+0x15d/0xa00
[ 31.131780] [<ffffffff8123a571>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[ 31.138510] [<ffffffff82708b40>] ? mutex_trylock+0x500/0x500
[ 31.144376] [<ffffffff814b235d>] ? fifo_open+0x24d/0xa00
[ 31.149891] [<ffffffff814b239c>] ? fifo_open+0x28c/0xa00
[ 31.155471] [<ffffffff814b226d>] fifo_open+0x15d/0xa00
[ 31.160834] [<ffffffff8149103f>] do_dentry_open+0x38f/0xbd0
[ 31.166606] [<ffffffff814b66fe>] ? __inode_permission2+0x9e/0x250
[ 31.172898] [<ffffffff814b2110>] ? pipe_release+0x250/0x250
[ 31.178671] [<ffffffff8149482b>] vfs_open+0x10b/0x210
[ 31.183920] [<ffffffff814c42b7>] ? may_open.isra.0+0xe7/0x210
[ 31.189933] [<ffffffff814c574f>] path_openat+0x136f/0x4470
[ 31.195632] [<ffffffff81b45553>] ? depot_save_stack+0x1c3/0x5f0
[ 31.201762] [<ffffffff814c43e0>] ? may_open.isra.0+0x210/0x210
[ 31.207799] [<ffffffff814090b7>] ? kmemdup+0x27/0x60
[ 31.212985] [<ffffffff81963e23>] ? selinux_cred_prepare+0x43/0xa0
[ 31.219315] [<ffffffff8194d903>] ? security_prepare_creds+0x83/0xc0
[ 31.225791] [<ffffffff81139ea8>] ? prepare_creds+0x228/0x2b0
[ 31.231650] [<ffffffff8113b1c2>] ? prepare_exec_creds+0x12/0xf0
[ 31.237869] [<ffffffff814ac856>] ? do_execveat_common.isra.0+0x2d6/0x1e90
[ 31.244871] [<ffffffff8100603d>] ? do_fast_syscall_32+0x32d/0xa90
[ 31.251212] [<ffffffff81483cb7>] ? kasan_kmalloc+0xb7/0xd0
[ 31.256942] [<ffffffff8148427f>] ? kasan_slab_alloc+0xf/0x20
[ 31.262940] [<ffffffff8147f9bc>] ? kmem_cache_alloc+0xdc/0x2c0
[ 31.268976] [<ffffffff81139ca8>] ? prepare_creds+0x28/0x2b0
[ 31.274820] [<ffffffff8113b1c2>] ? prepare_exec_creds+0x12/0xf0
[ 31.280948] [<ffffffff814cc421>] do_filp_open+0x1a1/0x270
[ 31.286654] [<ffffffff8102e3c6>] ? save_stack_trace+0x26/0x50
[ 31.292609] [<ffffffff814cc280>] ? user_path_mountpoint_at+0x50/0x50
[ 31.299168] [<ffffffff814aee58>] ? compat_SyS_execve+0x48/0x60
[ 31.305274] [<ffffffff8100603d>] ? do_fast_syscall_32+0x32d/0xa90
[ 31.311575] [<ffffffff82716b50>] ? sysenter_flags_fixed+0xd/0x1a
[ 31.317796] [<ffffffff811ffe0f>] ? __lock_acquire+0xa4f/0x4f50
[ 31.323834] [<ffffffff811ff3c0>] ? trace_hardirqs_on+0x10/0x10
[ 31.329880] [<ffffffff8123a79b>] ? rcu_read_lock_sched_held+0x10b/0x130
[ 31.336823] [<ffffffff814a75fc>] do_open_execat+0x10c/0x6e0
[ 31.342603] [<ffffffff8123a571>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[ 31.349360] [<ffffffff814a74f0>] ? setup_arg_pages+0x7b0/0x7b0
[ 31.355394] [<ffffffff814acc38>] ? do_execveat_common.isra.0+0x6b8/0x1e90
[ 31.362447] [<ffffffff814acc76>] do_execveat_common.isra.0+0x6f6/0x1e90
[ 31.369435] [<ffffffff814ac9a2>] ? do_execveat_common.isra.0+0x422/0x1e90
[ 31.376502] [<ffffffff8148a832>] ? __check_object_size+0x222/0x332
[ 31.382959] [<ffffffff