[....] Starting enhanced syslogd: rsyslogd[ 15.198063] audit: type=1400 audit(1565991399.265:4): avc: denied { syslog } for pid=1926 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.35' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x00000000000000000x0000000000000000executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x00000000000000000x0000000000000000executing program executing program executing program executing program executing program 0x0000000000000000executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program syzkaller login: [ 43.374168] [ 43.375842] ====================================================== [ 43.382156] [ INFO: possible circular locking dependency detected ] [ 43.388538] 4.4.174+ #4 Not tainted [ 43.392139] ------------------------------------------------------- [ 43.398530] syz-executor150/5022 is trying to acquire lock: [ 43.404218] (sel_mutex){+.+.+.}, at: [] sel_write_load+0x9e/0xf90 [ 43.412589] [ 43.412589] but task is already holding lock: executing program [ 43.418542] (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x63/0x80 [ 43.426910] [ 43.426910] which lock already depends on the new lock. [ 43.426910] [ 43.435191] [ 43.435191] the existing dependency chain (in reverse order) is: [ 43.442778] -> #5 (&pipe->mutex/1){+.+.+.}: [ 43.447866] [] lock_acquire+0x15e/0x450 [ 43.454179] [] mutex_lock_nested+0xc1/0xb80 [ 43.460794] [] pipe_lock+0x63/0x80 [ 43.466625] [] iter_file_splice_write+0x179/0xb30 executing program [ 43.473772] [] SyS_splice+0xd71/0x13a0 [ 43.479943] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 43.487145] -> #4 (sb_writers#4){.+.+.+}: [ 43.492063] [] lock_acquire+0x15e/0x450 [ 43.498303] [] __sb_start_write+0x1af/0x310 [ 43.504903] [] ext4_lazyinit_thread+0x1e4/0x7b0 [ 43.511831] [] kthread+0x273/0x310 [ 43.517712] [] ret_from_fork+0x55/0x80 [ 43.523883] -> #3 (&eli->li_list_mtx){+.+...}: [ 43.529104] [] lock_acquire+0x15e/0x450 [ 43.535369] [] mutex_lock_nested+0xc1/0xb80 [ 43.541958] [] ext4_register_li_request+0x2fd/0x7d0 [ 43.549247] [] ext4_remount+0x1366/0x1b90 [ 43.555691] [] do_remount_sb2+0x41b/0x7a0 [ 43.562116] [] do_mount+0xfdb/0x2a40 [ 43.568111] [] SyS_mount+0x130/0x1d0 [ 43.574159] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 43.581370] -> #2 (&ext4_li_mtx){+.+.+.}: [ 43.586160] [] lock_acquire+0x15e/0x450 [ 43.592445] [] mutex_lock_nested+0xc1/0xb80 [ 43.599060] [] ext4_register_li_request+0x89/0x7d0 [ 43.606286] [] ext4_remount+0x1366/0x1b90 [ 43.612708] [] do_remount_sb2+0x41b/0x7a0 [ 43.619117] [] do_mount+0xfdb/0x2a40 [ 43.625097] [] SyS_mount+0x130/0x1d0 [ 43.631140] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 43.638410] -> #1 (&type->s_umount_key#34){++++++}: [ 43.644186] [] lock_acquire+0x15e/0x450 [ 43.650428] [] down_read+0x42/0x60 [ 43.656252] [] iterate_supers+0xe1/0x250 [ 43.662571] [] selinux_complete_init+0x2f/0x31 [ 43.669435] [] security_load_policy+0x69d/0x9c0 [ 43.676379] [] sel_write_load+0x175/0xf90 [ 43.682804] [] __vfs_write+0x116/0x3d0 [ 43.688975] [] vfs_write+0x182/0x4e0 [ 43.694991] [] SyS_write+0xdc/0x1c0 [ 43.700918] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 43.708757] -> #0 (sel_mutex){+.+.+.}: [ 43.713311] [] __lock_acquire+0x37d6/0x4f50 [ 43.720229] [] lock_acquire+0x15e/0x450 [ 43.726484] [] mutex_lock_nested+0xc1/0xb80 [ 43.733114] [] sel_write_load+0x9e/0xf90 [ 43.739455] [] __vfs_write+0x116/0x3d0 [ 43.745628] [] __kernel_write+0x112/0x370 [ 43.752082] [] write_pipe_buf+0x15d/0x1f0 [ 43.758507] [] __splice_from_pipe+0x37e/0x7a0 [ 43.765278] [] splice_from_pipe+0x108/0x170 [ 43.771882] [] default_file_splice_write+0x3c/0x80 [ 43.779121] [] SyS_splice+0xd71/0x13a0 [ 43.785285] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 43.792493] [ 43.792493] other info that might help us debug this: [ 43.792493] [ 43.800608] Chain exists of: sel_mutex --> sb_writers#4 --> &pipe->mutex/1 [ 43.809024] Possible unsafe locking scenario: [ 43.809024] [ 43.815063] CPU0 CPU1 [ 43.819701] ---- ---- executing program executing program [ 43.824337] lock(&pipe->mutex/1); [ 43.828304] lock(sb_writers#4); [ 43.834604] lock(&pipe->mutex/1); [ 43.841091] lock(sel_mutex); [ 43.844502] [ 43.844502] *** DEADLOCK *** [ 43.844502] [ 43.850551] 2 locks held by syz-executor150/5022: [ 43.855374] #0: (sb_writers#3){.+.+.+}, at: [] SyS_splice+0xf2d/0x13a0 [ 43.864478] #1: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x63/0x80 [ 43.873440] [ 43.873440] stack backtrace: [ 43.877924] CPU: 0 PID: 5022 Comm: syz-executor150 Not tainted 4.4.174+ #4 [ 43.884914] 0000000000000000 68e9cd1d25b51a27 ffff8800b8307530 ffffffff81aad1a1 [ 43.892891] ffffffff84057a80 ffff8800b0c997c0 ffffffff83ab8a20 ffffffff83abd610 [ 43.900902] ffffffff83abc380 ffff8800b8307580 ffffffff813abcda ffffffff83e26380 [ 43.908901] Call Trace: [ 43.911468] [] dump_stack+0xc1/0x120 [ 43.916804] [] print_circular_bug.cold+0x2f7/0x44e [ 43.923384] [] __lock_acquire+0x37d6/0x4f50 [ 43.929334] [] ? trace_hardirqs_on+0x10/0x10 [ 43.935365] [] lock_acquire+0x15e/0x450 [ 43.940973] [] ? sel_write_load+0x9e/0xf90 [ 43.946836] [] ? sel_write_load+0x9e/0xf90 [ 43.952710] [] mutex_lock_nested+0xc1/0xb80 [ 43.958654] [] ? sel_write_load+0x9e/0xf90 [ 43.964520] [] ? check_usage_backwards+0x280/0x280 [ 43.971086] [] ? mutex_trylock+0x500/0x500 [ 43.976957] [] ? is_module_text_address+0x2c/0x50 [ 43.983441] [] ? __kernel_text_address+0x68/0xa0 [ 43.989823] [] ? print_context_stack+0x59/0xd0 [ 43.996028] [] sel_write_load+0x9e/0xf90 [ 44.001723] [] ? __schedule+0x7a3/0x1ee0 [ 44.007404] [] ? sel_read_bool+0x240/0x240 [ 44.013262] [] ? save_stack_trace+0x26/0x50 [ 44.019214] [] ? add_lock_to_list.isra.0.constprop.0+0x138/0x2f0 [ 44.027004] [] __vfs_write+0x116/0x3d0 [ 44.032558] [] ? sel_read_bool+0x240/0x240 [ 44.038432] [] ? __vfs_read+0x3c0/0x3c0 [ 44.044053] [] ? trace_hardirqs_on_thunk+0x17/0x19 [ 44.050606] [] ? retint_kernel+0x2d/0x2d [ 44.056298] [] __kernel_write+0x112/0x370 [ 44.062081] [] write_pipe_buf+0x15d/0x1f0 [ 44.067892] [] ? do_splice_direct+0x260/0x260 [ 44.074046] [] ? splice_from_pipe_next.part.0+0x20d/0x2c0 [ 44.081245] [] __splice_from_pipe+0x37e/0x7a0 [ 44.087385] [] ? do_splice_direct+0x260/0x260 [ 44.093524] [] ? do_splice_direct+0x260/0x260 [ 44.099655] [] splice_from_pipe+0x108/0x170 [ 44.105602] [] ? splice_shrink_spd+0x60/0x60 [ 44.111643] [] default_file_splice_write+0x3c/0x80 [ 44.118191] [] ? generic_splice_sendpage+0x50/0x50 executing program executing program executing program [ 44.124740] [] SyS_splice+0xd71/0x13a0 [ 44.130253] [] ? compat_SyS_vmsplice+0x160/0x160 [ 44.136638] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 44.143104] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 44.157450] SELinux: policydb magic number 0x30307830 does not match expected magic number 0xf97cff8c executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program 0x0000000000000000executing program executing program executing program executing program executing program executing program executing program executing program