[....] Starting enhanced syslogd: rsyslogd[ 12.969290] audit: type=1400 audit(1548401367.108:4): avc: denied { syslog } for pid=1920 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. 2019/01/25 07:30:12 parsed 1 programs 2019/01/25 07:30:14 executed programs: 0 2019/01/25 07:30:19 executed programs: 158 syzkaller login: [ 70.069450] [ 70.071134] ====================================================== [ 70.077443] [ INFO: possible circular locking dependency detected ] [ 70.083838] 4.4.171+ #12 Not tainted [ 70.087540] ------------------------------------------------------- [ 70.093931] syz-executor3/4921 is trying to acquire lock: [ 70.099481] (sel_mutex){+.+.+.}, at: [] sel_commit_bools_write+0x89/0x260 [ 70.108634] [ 70.108634] but task is already holding lock: [ 70.114596] (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x63/0x80 [ 70.123086] [ 70.123086] which lock already depends on the new lock. [ 70.123086] [ 70.131398] [ 70.131398] the existing dependency chain (in reverse order) is: [ 70.139005] -> #5 (&pipe->mutex/1){+.+.+.}: [ 70.144175] [] lock_acquire+0x15e/0x450 [ 70.150447] [] mutex_lock_nested+0xc1/0xb80 [ 70.157100] [] pipe_lock+0x63/0x80 [ 70.162949] [] iter_file_splice_write+0x179/0xb30 [ 70.170111] [] SyS_splice+0xd71/0x13a0 [ 70.176296] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 70.183542] -> #4 (sb_writers#4){.+.+.+}: [ 70.188519] [] lock_acquire+0x15e/0x450 [ 70.194802] [] __sb_start_write+0x1af/0x310 [ 70.201407] [] ext4_lazyinit_thread+0x1e4/0x7b0 [ 70.208344] [] kthread+0x273/0x310 [ 70.214182] [] ret_from_fork+0x55/0x80 [ 70.220339] -> #3 (&eli->li_list_mtx){+.+...}: [ 70.225612] [] lock_acquire+0x15e/0x450 [ 70.231862] [] mutex_lock_nested+0xc1/0xb80 [ 70.238470] [] ext4_register_li_request+0x2fd/0x7d0 [ 70.245759] [] ext4_remount+0x1366/0x1b90 [ 70.252189] [] do_remount_sb2+0x41b/0x7a0 [ 70.258629] [] do_mount+0xfdb/0x2a40 [ 70.264646] [] SyS_mount+0x130/0x1d0 [ 70.270639] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 70.277836] -> #2 (&ext4_li_mtx){+.+.+.}: [ 70.282616] [] lock_acquire+0x15e/0x450 [ 70.288854] [] mutex_lock_nested+0xc1/0xb80 [ 70.295449] [] ext4_register_li_request+0x89/0x7d0 [ 70.302673] [] ext4_remount+0x1366/0x1b90 [ 70.309118] [] do_remount_sb2+0x41b/0x7a0 [ 70.315531] [] do_mount+0xfdb/0x2a40 [ 70.321527] [] SyS_mount+0x130/0x1d0 [ 70.327524] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 70.334716] -> #1 (&type->s_umount_key#34){++++++}: [ 70.340510] [] lock_acquire+0x15e/0x450 [ 70.346756] [] down_read+0x42/0x60 [ 70.352562] [] iterate_supers+0xe1/0x250 [ 70.358902] [] selinux_complete_init+0x2f/0x31 [ 70.365753] [] security_load_policy+0x69d/0x9c0 [ 70.372710] [] sel_write_load+0x175/0xf90 [ 70.379120] [] __vfs_write+0x116/0x3d0 [ 70.385317] [] vfs_write+0x182/0x4e0 [ 70.391325] [] SyS_write+0xdc/0x1c0 [ 70.397233] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 70.404456] -> #0 (sel_mutex){+.+.+.}: [ 70.408962] [] __lock_acquire+0x37d6/0x4f50 [ 70.415601] [] lock_acquire+0x15e/0x450 [ 70.421841] [] mutex_lock_nested+0xc1/0xb80 [ 70.428442] [] sel_commit_bools_write+0x89/0x260 [ 70.435482] [] __vfs_write+0x116/0x3d0 [ 70.441634] [] __kernel_write+0x112/0x370 [ 70.448091] [] write_pipe_buf+0x15d/0x1f0 [ 70.454534] [] __splice_from_pipe+0x37e/0x7a0 [ 70.461310] [] splice_from_pipe+0x108/0x170 [ 70.467908] [] default_file_splice_write+0x3c/0x80 [ 70.475116] [] SyS_splice+0xd71/0x13a0 [ 70.481284] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 70.488530] [ 70.488530] other info that might help us debug this: [ 70.488530] [ 70.496648] Chain exists of: sel_mutex --> sb_writers#4 --> &pipe->mutex/1 [ 70.505152] Possible unsafe locking scenario: [ 70.505152] [ 70.511184] CPU0 CPU1 [ 70.515826] ---- ---- [ 70.520464] lock(&pipe->mutex/1); [ 70.524430] lock(sb_writers#4); [ 70.530737] lock(&pipe->mutex/1); [ 70.537220] lock(sel_mutex); [ 70.540634] [ 70.540634] *** DEADLOCK *** [ 70.540634] [ 70.546667] 2 locks held by syz-executor3/4921: [ 70.551330] #0: (sb_writers#3){.+.+.+}, at: [] SyS_splice+0xf2d/0x13a0 [ 70.560453] #1: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x63/0x80 [ 70.569414] [ 70.569414] stack backtrace: [ 70.573901] CPU: 0 PID: 4921 Comm: syz-executor3 Not tainted 4.4.171+ #12 [ 70.580798] 0000000000000000 5fb9a5d086bbc00e ffff8801d87a75c0 ffffffff81aacd31 [ 70.588820] ffffffff84057a80 ffff8800ba1e8000 ffffffff83ab8870 ffffffff83abd460 [ 70.596813] ffffffff83abc1d0 ffff8801d87a7610 ffffffff813abad4 ffffffff83e26880 [ 70.604822] Call Trace: [ 70.607387] [] dump_stack+0xc1/0x120 [ 70.612726] [] print_circular_bug.cold+0x2f7/0x44e [ 70.619297] [] __lock_acquire+0x37d6/0x4f50 [ 70.625249] [] ? check_preemption_disabled+0x3c/0x200 [ 70.632069] [] ? trace_hardirqs_on+0x10/0x10 [ 70.638118] [] ? __bfs+0x28/0x5e0 [ 70.643198] [] lock_acquire+0x15e/0x450 [ 70.648800] [] ? sel_commit_bools_write+0x89/0x260 [ 70.655372] [] ? sel_commit_bools_write+0x89/0x260 [ 70.661929] [] mutex_lock_nested+0xc1/0xb80 [ 70.667896] [] ? sel_commit_bools_write+0x89/0x260 [ 70.674455] [] ? is_module_text_address+0x2c/0x50 [ 70.680922] [] ? __kernel_text_address+0x68/0xa0 [ 70.687335] [] ? print_context_stack+0x59/0xd0 [ 70.693555] [] ? mutex_trylock+0x500/0x500 [ 70.699418] [] ? dump_trace+0x183/0x390 [ 70.705017] [] ? __schedule+0x7a3/0x1ee0 [ 70.710704] [] sel_commit_bools_write+0x89/0x260 [ 70.717116] [] ? sel_read_mls+0xc0/0xc0 [ 70.722728] [] ? __lock_acquire+0x2c79/0x4f50 [ 70.728850] [] __vfs_write+0x116/0x3d0 [ 70.734644] [] ? sel_read_mls+0xc0/0xc0 [ 70.740242] [] ? __vfs_read+0x3c0/0x3c0 [ 70.745842] [] ? trace_hardirqs_on+0x10/0x10 [ 70.751883] [] ? futex_wait_setup+0x350/0x350 [ 70.758015] [] ? security_file_alloc+0x73/0xb0 [ 70.764224] [] ? alloc_file+0x20/0x350 [ 70.769739] [] __kernel_write+0x112/0x370 [ 70.775511] [] write_pipe_buf+0x15d/0x1f0 [ 70.781284] [] ? do_splice_direct+0x260/0x260 [ 70.787423] [] ? splice_from_pipe_next.part.0+0x20d/0x2c0 [ 70.794605] [] __splice_from_pipe+0x37e/0x7a0 [ 70.800727] [] ? do_splice_direct+0x260/0x260 [ 70.806853] [] ? do_splice_direct+0x260/0x260 [ 70.812984] [] splice_from_pipe+0x108/0x170 [ 70.818932] [] ? splice_shrink_spd+0x60/0x60 [ 70.824973] [] default_file_splice_write+0x3c/0x80 [ 70.831522] [] ? generic_splice_sendpage+0x50/0x50 [ 70.838100] [] SyS_splice+0xd71/0x13a0 [ 70.843625] [] ? __might_fault+0x117/0x1d0 [ 70.849485] [] ? compat_SyS_vmsplice+0x160/0x160 [ 70.855868] [] ? do_sys_ftruncate.constprop.0+0x387/0x470 [ 70.863057] [] ? lockdep_sys_exit_thunk+0x12/0x14 2019/01/25 07:30:25 executed programs: 400 [ 70.869524] [] entry_SYSCALL_64_fastpath+0x1e/0x9a