[....] Starting enhanced syslogd: rsyslogd[ 13.914561] audit: type=1400 audit(1565986140.095:4): avc: denied { syslog } for pid=1918 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. 2019/08/16 20:09:09 parsed 1 programs 2019/08/16 20:09:12 executed programs: 0 syzkaller login: [ 30.758550] [ 30.760265] ====================================================== [ 30.766608] [ INFO: possible circular locking dependency detected ] [ 30.773042] 4.4.174+ #17 Not tainted [ 30.776773] ------------------------------------------------------- [ 30.783271] syz-executor.1/3030 is trying to acquire lock: [ 30.788921] (sel_mutex){+.+.+.}, at: [] sel_write_load+0x9e/0xf90 [ 30.797638] [ 30.797638] but task is already holding lock: [ 30.803615] (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x63/0x80 [ 30.812230] [ 30.812230] which lock already depends on the new lock. [ 30.812230] [ 30.820564] [ 30.820564] the existing dependency chain (in reverse order) is: [ 30.828216] -> #5 (&pipe->mutex/1){+.+.+.}[ 30.832706] SELinux: policydb magic number 0x30307830 does not match expected magic number 0xf97cff8c [ 30.842508] : [ 30.844592] [] lock_acquire+0x15e/0x450 [ 30.851025] [] mutex_lock_nested+0xc1/0xb80 [ 30.857697] [] pipe_lock+0x63/0x80 [ 30.863618] [] iter_file_splice_write+0x179/0xb30 [ 30.870809] [] SyS_splice+0xd71/0x13a0 [ 30.877116] [] do_fast_syscall_32+0x32d/0xa90 [ 30.883993] [] sysenter_flags_fixed+0xd/0x1a [ 30.890757] -> #4 (sb_writers#4){.+.+.+}: [ 30.895909] [] lock_acquire+0x15e/0x450 [ 30.902301] [] __sb_start_write+0x1af/0x310 [ 30.908984] [] ext4_lazyinit_thread+0x1e4/0x7b0 [ 30.916131] [] kthread+0x273/0x310 [ 30.922089] [] ret_from_fork+0x55/0x80 [ 30.928329] -> #3 (&eli->li_list_mtx){+.+...}: [ 30.933652] [] lock_acquire+0x15e/0x450 [ 30.939950] [] mutex_lock_nested+0xc1/0xb80 [ 30.946666] [] ext4_register_li_request+0x2fd/0x7d0 [ 30.954034] [] ext4_remount+0x1366/0x1b90 [ 30.960530] [] do_remount_sb2+0x41b/0x7a0 [ 30.967009] [] do_mount+0xfdb/0x2a40 [ 30.973072] [] SyS_mount+0x130/0x1d0 [ 30.979151] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 30.986483] -> #2 (&ext4_li_mtx){+.+.+.}: [ 30.991509] [] lock_acquire+0x15e/0x450 [ 30.997913] [] mutex_lock_nested+0xc1/0xb80 [ 31.004646] [] ext4_register_li_request+0x89/0x7d0 [ 31.011960] [] ext4_remount+0x1366/0x1b90 [ 31.018521] [] do_remount_sb2+0x41b/0x7a0 [ 31.025023] [] do_mount+0xfdb/0x2a40 [ 31.031125] [] SyS_mount+0x130/0x1d0 [ 31.037236] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 31.044591] -> #1 (&type->s_umount_key#34){++++++}: [ 31.050565] [] lock_acquire+0x15e/0x450 [ 31.056903] [] down_read+0x42/0x60 [ 31.062845] [] iterate_supers+0xe1/0x250 [ 31.069281] [] selinux_complete_init+0x2f/0x31 [ 31.076211] [] security_load_policy+0x69d/0x9c0 [ 31.083232] [] sel_write_load+0x175/0xf90 [ 31.089702] [] __vfs_write+0x116/0x3d0 [ 31.095909] [] vfs_write+0x182/0x4e0 [ 31.102008] [] SyS_write+0xdc/0x1c0 [ 31.107970] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 31.110697] SELinux: policydb magic number 0x30307830 does not match expected magic number 0xf97cff8c [ 31.124709] -> #0 (sel_mutex){+.+.+.}: [ 31.129430] [] __lock_acquire+0x37d6/0x4f50 [ 31.136103] [] lock_acquire+0x15e/0x450 [ 31.142393] [] mutex_lock_nested+0xc1/0xb80 [ 31.149058] [] sel_write_load+0x9e/0xf90 [ 31.155438] [] __vfs_write+0x116/0x3d0 [ 31.161657] [] __kernel_write+0x112/0x370 [ 31.168157] [] write_pipe_buf+0x15d/0x1f0 [ 31.174662] [] __splice_from_pipe+0x37e/0x7a0 [ 31.181518] [] splice_from_pipe+0x108/0x170 [ 31.188217] [] default_file_splice_write+0x3c/0x80 [ 31.195442] [] SyS_splice+0xd71/0x13a0 [ 31.201687] [] do_fast_syscall_32+0x32d/0xa90 [ 31.208546] [] sysenter_flags_fixed+0xd/0x1a [ 31.215309] [ 31.215309] other info that might help us debug this: [ 31.215309] [ 31.223461] Chain exists of: sel_mutex --> sb_writers#4 --> &pipe->mutex/1 [ 31.232155] Possible unsafe locking scenario: [ 31.232155] [ 31.238241] CPU0 CPU1 [ 31.242908] ---- ---- [ 31.247552] lock(&pipe->mutex/1); [ 31.251565] lock(sb_writers#4); [ 31.257964] lock(&pipe->mutex/1); [ 31.264549] lock(sel_mutex); [ 31.268062] [ 31.268062] *** DEADLOCK *** [ 31.268062] [ 31.274157] 2 locks held by syz-executor.1/3030: [ 31.278900] #0: (sb_writers#3){.+.+.+}, at: [] SyS_splice+0xf2d/0x13a0 [ 31.288136] #1: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x63/0x80 [ 31.297283] [ 31.297283] stack backtrace: [ 31.301772] CPU: 0 PID: 3030 Comm: syz-executor.1 Not tainted 4.4.174+ #17 [ 31.308770] 0000000000000000 1d6736d521569112 ffff8801d8c574b0 ffffffff81aad1a1 [ 31.316906] ffffffff84057a80 ffff8801d8c5c740 ffffffff83ab8a20 ffffffff83abd2b0 [ 31.324970] ffffffff83abc380 ffff8801d8c57500 ffffffff813abcda ffffffff83e24300 [ 31.333054] Call Trace: [ 31.335696] [] dump_stack+0xc1/0x120 [ 31.341108] [] print_circular_bug.cold+0x2f7/0x44e [ 31.347705] [] __lock_acquire+0x37d6/0x4f50 [ 31.353692] [] ? trace_hardirqs_on+0x10/0x10 [ 31.359779] [] ? check_preemption_disabled+0x3c/0x200 [ 31.366667] [] lock_acquire+0x15e/0x450 [ 31.372317] [] ? sel_write_load+0x9e/0xf90 [ 31.378231] [] ? sel_write_load+0x9e/0xf90 [ 31.384172] [] mutex_lock_nested+0xc1/0xb80 [ 31.390218] [] ? sel_write_load+0x9e/0xf90 [ 31.396179] [] ? pick_next_task_fair+0x649/0x1fa0 [ 31.402739] [] ? check_usage_backwards+0x280/0x280 [ 31.409495] [] ? mutex_trylock+0x500/0x500 [ 31.415447] [] ? is_module_text_address+0x2c/0x50 [ 31.422032] [] ? __kernel_text_address+0x68/0xa0 [ 31.428531] [] ? print_context_stack+0x59/0xd0 [ 31.434808] [] sel_write_load+0x9e/0xf90 [ 31.440575] [] ? __schedule+0x7af/0x1ee0 [ 31.446349] [] ? __schedule+0x7a3/0x1ee0 [ 31.452118] [] ? sel_read_bool+0x240/0x240 [ 31.458026] [] ? save_stack_trace+0x26/0x50 [ 31.464025] [] ? add_lock_to_list.isra.0.constprop.0+0x138/0x2f0 [ 31.471900] [] ? __lock_acquire+0x2c79/0x4f50 [ 31.478102] [] __vfs_write+0x116/0x3d0 [ 31.483695] [] ? sel_read_bool+0x240/0x240 [ 31.489630] [] ? __vfs_read+0x3c0/0x3c0 [ 31.495315] [] ? trace_hardirqs_on+0x10/0x10 [ 31.501395] [] ? try_to_wake_up+0x701/0x1110 [ 31.507523] [] ? futex_wait_setup+0x350/0x350 [ 31.513754] [] __kernel_write+0x112/0x370 [ 31.519605] [] write_pipe_buf+0x15d/0x1f0 [ 31.525454] [] ? mutex_lock_nested+0x645/0xb80 [ 31.531756] [] ? do_splice_direct+0x260/0x260 [ 31.537973] [] ? splice_from_pipe_next.part.0+0x20d/0x2c0 [ 31.545187] [] __splice_from_pipe+0x37e/0x7a0 [ 31.551354] [] ? do_splice_direct+0x260/0x260 [ 31.557549] [] ? do_splice_direct+0x260/0x260 [ 31.563702] [] splice_from_pipe+0x108/0x170 [ 31.569697] [] ? splice_shrink_spd+0x60/0x60 [ 31.576031] [] default_file_splice_write+0x3c/0x80 [ 31.582729] [] ? generic_splice_sendpage+0x50/0x50 [ 31.589367] [] SyS_splice+0xd71/0x13a0 [ 31.594917] [] ? __compat_put_timespec.isra.0+0xce/0x140 [ 31.602009] [] ? compat_SyS_vmsplice+0x160/0x160 [ 31.608416] [] ? do_fast_syscall_32+0xd6/0xa90 [ 31.614643] [] ? compat_SyS_vmsplice+0x160/0x160 [ 31.621077] [] do_fast_syscall_32+0x32d/0xa90 [ 31.627282] [] sysenter_flags_fixed+0xd/0x1a 2019/08/16 20:09:17 executed programs: 11 [ 31.652863] SELinux: policydb magic number 0x30307830 does not match expected magic number 0xf97cff8c [ 31.685822] SELinux: policydb magic number 0x30307830 does not match expected magic number 0xf97cff8c 2019/08/16 20:09:23 executed programs: 60 [ 38.528444] SELinux: policydb magic number 0x30307830 does not match expected magic number 0xf97cff8c