Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 39.161624] [ 39.163387] ====================================================== [ 39.169681] [ INFO: possible circular locking dependency detected ] [ 39.176063] 4.4.162+ #117 Not tainted [ 39.179836] ------------------------------------------------------- [ 39.186216] syz-executor023/2087 is trying to acquire lock: [ 39.191902] (sel_mutex){+.+.+.}, at: [] sel_commit_bools_write+0x87/0x250 [ 39.200949] [ 39.200949] but task is already holding lock: [ 39.206894] (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 [ 39.215302] [ 39.215302] which lock already depends on the new lock. [ 39.215302] [ 39.223594] [ 39.223594] the existing dependency chain (in reverse order) is: [ 39.231263] -> #7 (&pipe->mutex/1){+.+.+.}: [ 39.236454] [] lock_acquire+0x15e/0x450 [ 39.242775] [] mutex_lock_nested+0xbb/0x8d0 [ 39.249423] [] fifo_open+0x15c/0x9e0 [ 39.255407] [] do_dentry_open+0x38d/0xbd0 [ 39.261900] [] vfs_open+0x12a/0x210 [ 39.267808] [] path_openat+0x50c/0x39a0 [ 39.274052] [] do_filp_open+0x197/0x270 [ 39.280316] [] do_open_execat+0x10f/0x6f0 [ 39.286739] [] do_execveat_common.isra.14+0x6a1/0x1f00 [ 39.294290] [] SyS_execve+0x42/0x50 [ 39.300206] [] return_from_execve+0x0/0x23 [ 39.306720] -> #6 (&sig->cred_guard_mutex){+.+.+.}: [ 39.312387] [] lock_acquire+0x15e/0x450 [ 39.318763] [] mutex_lock_killable_nested+0xcc/0xa10 [ 39.326140] [] lock_trace+0x44/0xc0 [ 39.332050] [] proc_pid_syscall+0xa9/0x260 [ 39.338616] [] proc_single_show+0xfd/0x170 [ 39.345114] [] seq_read+0x4b6/0x12b0 [ 39.351095] [] __vfs_read+0x11c/0x3d0 [ 39.357162] [] vfs_read+0x130/0x360 [ 39.363056] [] SyS_read+0xd9/0x1c0 [ 39.368863] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 39.376067] -> #5 (&p->lock){+.+.+.}: [ 39.380490] [] lock_acquire+0x15e/0x450 [ 39.386736] [] mutex_lock_nested+0xbb/0x8d0 [ 39.393330] [] seq_read+0xdd/0x12b0 [ 39.399279] [] do_loop_readv_writev+0x148/0x1e0 [ 39.406215] [] do_readv_writev+0x581/0x6f0 [ 39.412715] [] vfs_readv+0x78/0xb0 [ 39.418526] [] default_file_splice_read+0x50f/0x8f0 [ 39.425816] [] do_splice_to+0xf7/0x140 [ 39.431974] [] splice_direct_to_actor+0x242/0x830 [ 39.439183] [] do_splice_direct+0x1a3/0x270 [ 39.445781] [] do_sendfile+0x4e4/0xb80 [ 39.452010] [] SyS_sendfile64+0xc3/0x150 [ 39.458343] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 39.465558] -> #4 (sb_writers#4){.+.+.+}: [ 39.470506] [] lock_acquire+0x15e/0x450 [ 39.476747] [] __sb_start_write+0x1ae/0x310 [ 39.483340] [] ext4_lazyinit_thread+0x1a7/0x750 [ 39.490276] [] kthread+0x268/0x300 [ 39.496083] [] ret_from_fork+0x55/0x80 [ 39.502238] -> #3 (&eli->li_list_mtx){+.+...}: [ 39.507449] [] lock_acquire+0x15e/0x450 [ 39.513790] [] mutex_lock_nested+0xbb/0x8d0 [ 39.520381] [] ext4_register_li_request+0x304/0x7a0 [ 39.527782] [] ext4_remount+0x1368/0x1bb0 [ 39.534198] [] do_remount_sb2+0x428/0x7d0 [ 39.540668] [] do_mount+0x101e/0x2a10 [ 39.546804] [] SyS_mount+0x191/0x1c0 [ 39.552778] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 39.559978] -> #2 (&ext4_li_mtx){+.+.+.}: [ 39.564745] [] lock_acquire+0x15e/0x450 [ 39.570983] [] mutex_lock_nested+0xbb/0x8d0 [ 39.577575] [] ext4_register_li_request+0x87/0x7a0 [ 39.584766] [] ext4_remount+0x1368/0x1bb0 [ 39.591229] [] do_remount_sb2+0x428/0x7d0 [ 39.597659] [] do_mount+0x101e/0x2a10 [ 39.603730] [] SyS_mount+0x191/0x1c0 [ 39.609718] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 39.616920] -> #1 (&type->s_umount_key#34){++++++}: [ 39.622684] [] lock_acquire+0x15e/0x450 [ 39.628961] [] down_read+0x42/0x60 [ 39.634775] [] iterate_supers+0xe1/0x260 [ 39.641149] [] selinux_complete_init+0x2f/0x31 [ 39.647997] [] security_load_policy+0x886/0x9b0 [ 39.654932] [] sel_write_load+0x191/0xfc0 [ 39.661406] [] __vfs_write+0x11c/0x3e0 [ 39.667566] [] vfs_write+0x17e/0x4e0 [ 39.673545] [] SyS_write+0xd9/0x1c0 [ 39.679430] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 39.686628] -> #0 (sel_mutex){+.+.+.}: [ 39.691140] [] __lock_acquire+0x3e6c/0x5f10 [ 39.697725] [] lock_acquire+0x15e/0x450 [ 39.703964] [] mutex_lock_nested+0xbb/0x8d0 [ 39.710550] [] sel_commit_bools_write+0x87/0x250 [ 39.717565] [] __vfs_write+0x11c/0x3e0 [ 39.723717] [] __kernel_write+0x10a/0x350 [ 39.730155] [] write_pipe_buf+0x15d/0x1f0 [ 39.736573] [] __splice_from_pipe+0x364/0x790 [ 39.743338] [] splice_from_pipe+0xf9/0x170 [ 39.749909] [] default_file_splice_write+0x3c/0x80 [ 39.757111] [] SyS_splice+0xde1/0x1430 [ 39.763259] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 39.770462] [ 39.770462] other info that might help us debug this: [ 39.770462] [ 39.778580] Chain exists of: sel_mutex --> &sig->cred_guard_mutex --> &pipe->mutex/1 [ 39.787706] Possible unsafe locking scenario: [ 39.787706] [ 39.793839] CPU0 CPU1 [ 39.798477] ---- ---- [ 39.803112] lock(&pipe->mutex/1); [ 39.807064] lock(&sig->cred_guard_mutex); [ 39.814106] lock(&pipe->mutex/1); [ 39.820571] lock(sel_mutex); [ 39.823969] [ 39.823969] *** DEADLOCK *** [ 39.823969] [ 39.830001] 2 locks held by syz-executor023/2087: [ 39.834812] #0: (sb_writers#3){.+.+.+}, at: [] SyS_splice+0xfaa/0x1430 [ 39.844077] #1: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 [ 39.853044] [ 39.853044] stack backtrace: [ 39.857515] CPU: 0 PID: 2087 Comm: syz-executor023 Not tainted 4.4.162+ #117 [ 39.864671] 0000000000000000 3f5b8160f0f4f9e9 ffff8801d3f4f5f8 ffffffff81a994bd [ 39.872654] ffffffff83aae4c0 ffffffff83ab50c0 ffffffff83ab0680 ffff8801d5d4e810 [ 39.880730] ffff8801d5d4df00 ffff8801d3f4f640 ffffffff813a834a 0000000000000002 [ 39.888800] Call Trace: [ 39.891366] [] dump_stack+0xc1/0x124 [ 39.896705] [] print_circular_bug.cold.34+0x2f7/0x432 [ 39.903517] [] __lock_acquire+0x3e6c/0x5f10 [ 39.909470] [] ? trace_hardirqs_on+0x10/0x10 [ 39.915503] [] lock_acquire+0x15e/0x450 [ 39.921103] [] ? sel_commit_bools_write+0x87/0x250 [ 39.927657] [] ? sel_commit_bools_write+0x87/0x250 [ 39.934212] [] mutex_lock_nested+0xbb/0x8d0 [ 39.940157] [] ? sel_commit_bools_write+0x87/0x250 [ 39.946713] [] ? is_module_text_address+0x2a/0x50 [ 39.953234] [] ? __kernel_text_address+0x6b/0xa0 [ 39.959643] [] ? mutex_trylock+0x3e0/0x3e0 [ 39.965508] [] ? dump_trace+0x184/0x360 [ 39.971108] [] sel_commit_bools_write+0x87/0x250 [ 39.977490] [] ? sel_read_mls+0xc0/0xc0 [ 39.983090] [] ? add_lock_to_list.isra.8.constprop.24+0x149/0x280 [ 39.990946] [] __vfs_write+0x11c/0x3e0 [ 39.996454] [] ? sel_read_mls+0xc0/0xc0 [ 40.002050] [] ? __vfs_read+0x3d0/0x3d0 [ 40.007651] [] ? trace_hardirqs_on+0x10/0x10 [ 40.013684] [] __kernel_write+0x10a/0x350 [ 40.019458] [] write_pipe_buf+0x15d/0x1f0 [ 40.025237] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 40.032056] [] ? do_splice_direct+0x270/0x270 [ 40.038181] [] ? splice_from_pipe_next.part.3+0x248/0x310 [ 40.045343] [] __splice_from_pipe+0x364/0x790 [ 40.051463] [] ? do_splice_direct+0x270/0x270 [ 40.057581] [] splice_from_pipe+0xf9/0x170 [ 40.063439] [] ? do_splice_direct+0x270/0x270 [ 40.069558] [] ? splice_shrink_spd+0x60/0x60 [ 40.075587] [] default_file_splice_write+0x3c/0x80 [ 40.082138] [] ? generic_splice_sendpage+0x50/0x50 [ 40.088736] [] SyS_splice+0xde1/0x1430 [ 40.094257] [] ? SyS_futex+0x24e/0x360 [ 40.099770] [] ? vfs_write+0x2e6/0x4e0 [ 40.105663] [] ? compat_SyS_vmsplice+0x160/0x160 [ 40.112045] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 40.118513] [] entry_SYSCALL_64_fastpath+0x1e/0x9a executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program