====================================================== audit: type=1400 audit(1575389816.373:883): avc: denied { create } for pid=11093 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=0 [ INFO: possible circular locking dependency detected ] 4.4.174+ #17 Not tainted ------------------------------------------------------- syz-executor.4/11113 is trying to acquire lock: (sel_mutex){+.+.+.}, at: [] sel_commit_bools_write+0x89/0x260 security/selinux/selinuxfs.c:1142 but task is already holding lock: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock_nested fs/pipe.c:65 [inline] (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x63/0x80 fs/pipe.c:73 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] __pipe_lock fs/pipe.c:86 [inline] [] fifo_open+0x15d/0xa00 fs/pipe.c:896 [] do_dentry_open+0x38f/0xbd0 fs/open.c:749 [] vfs_open+0x10b/0x210 fs/open.c:862 [] do_last fs/namei.c:3269 [inline] [] path_openat+0x136f/0x4470 fs/namei.c:3406 [] do_filp_open+0x1a1/0x270 fs/namei.c:3440 [] do_open_execat+0x10c/0x6e0 fs/exec.c:805 [] do_execveat_common.isra.0+0x6f6/0x1e90 fs/exec.c:1577 [] compat_do_execve fs/exec.c:1710 [inline] [] C_SYSC_execve fs/exec.c:1785 [inline] [] compat_SyS_execve+0x48/0x60 fs/exec.c:1781 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_killable_nested+0xd2/0xd00 kernel/locking/mutex.c:641 [] do_io_accounting+0x1f2/0x7f0 fs/proc/base.c:2666 [] proc_tid_io_accounting+0x20/0x30 fs/proc/base.c:2709 [] proc_single_show+0xf6/0x160 fs/proc/base.c:805 [] seq_read+0x4cd/0x1240 fs/seq_file.c:240 [] __vfs_read+0x116/0x3c0 fs/read_write.c:434 [] vfs_read+0x134/0x360 fs/read_write.c:456 [] SYSC_read fs/read_write.c:571 [inline] [] SyS_read+0xdc/0x1c0 fs/read_write.c:564 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] seq_read+0xd6/0x1240 fs/seq_file.c:178 [] do_loop_readv_writev+0x148/0x1e0 fs/read_write.c:682 [] do_readv_writev+0x573/0x6e0 fs/read_write.c:812 [] vfs_readv+0x7a/0xb0 fs/read_write.c:836 [] kernel_readv fs/splice.c:586 [inline] [] default_file_splice_read+0x3ac/0x8b0 fs/splice.c:662 [] do_splice_to+0xff/0x160 fs/splice.c:1154 [] splice_direct_to_actor+0x249/0x850 fs/splice.c:1226 [] do_splice_direct+0x1a5/0x260 fs/splice.c:1337 [] do_sendfile+0x4ed/0xba0 fs/read_write.c:1229 [] C_SYSC_sendfile fs/read_write.c:1305 [inline] [] compat_SyS_sendfile+0xd1/0x160 fs/read_write.c:1294 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] percpu_down_read include/linux/percpu-rwsem.h:26 [inline] [] __sb_start_write+0x1af/0x310 fs/super.c:1239 [] sb_start_write include/linux/fs.h:1517 [inline] [] ext4_run_li_request fs/ext4/super.c:2685 [inline] [] ext4_lazyinit_thread fs/ext4/super.c:2784 [inline] [] ext4_lazyinit_thread+0x1e4/0x7b0 fs/ext4/super.c:2760 [] kthread+0x273/0x310 kernel/kthread.c:211 [] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:537 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] ext4_register_li_request+0x2fd/0x7d0 fs/ext4/super.c:2972 [] ext4_remount+0x1366/0x1b90 fs/ext4/super.c:4922 [] do_remount_sb2+0x41b/0x7a0 fs/super.c:781 [] do_remount fs/namespace.c:2347 [inline] [] do_mount+0xfdb/0x2a40 fs/namespace.c:2860 [] SYSC_mount fs/namespace.c:3063 [inline] [] SyS_mount+0x130/0x1d0 fs/namespace.c:3041 [] entry_SYSCALL_64_fastpath+0x1e/0x9a [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] ext4_register_li_request+0x89/0x7d0 fs/ext4/super.c:2945 [] ext4_remount+0x1366/0x1b90 fs/ext4/super.c:4922 [] do_remount_sb2+0x41b/0x7a0 fs/super.c:781 [] do_remount fs/namespace.c:2347 [inline] [] do_mount+0xfdb/0x2a40 fs/namespace.c:2860 [] SYSC_mount fs/namespace.c:3063 [inline] [] SyS_mount+0x130/0x1d0 fs/namespace.c:3041 [] entry_SYSCALL_64_fastpath+0x1e/0x9a [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] down_read+0x42/0x60 kernel/locking/rwsem.c:22 [] iterate_supers+0xe1/0x250 fs/super.c:547 [] selinux_complete_init+0x2f/0x31 security/selinux/hooks.c:6154 [] security_load_policy+0x69d/0x9c0 security/selinux/ss/services.c:2060 [] sel_write_load+0x175/0xf90 security/selinux/selinuxfs.c:535 [] __vfs_write+0x116/0x3d0 fs/read_write.c:491 [] vfs_write+0x182/0x4e0 fs/read_write.c:540 [] SYSC_write fs/read_write.c:587 [inline] [] SyS_write+0xdc/0x1c0 fs/read_write.c:579 [] entry_SYSCALL_64_fastpath+0x1e/0x9a [] check_prev_add kernel/locking/lockdep.c:1853 [inline] [] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [] validate_chain kernel/locking/lockdep.c:2144 [inline] [] __lock_acquire+0x37d6/0x4f50 kernel/locking/lockdep.c:3213 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] sel_commit_bools_write+0x89/0x260 security/selinux/selinuxfs.c:1142 [] __vfs_write+0x116/0x3d0 fs/read_write.c:491 [] __kernel_write+0x112/0x370 fs/read_write.c:513 [] write_pipe_buf+0x15d/0x1f0 fs/splice.c:1074 [] splice_from_pipe_feed fs/splice.c:776 [inline] [] __splice_from_pipe+0x37e/0x7a0 fs/splice.c:901 [] splice_from_pipe+0x108/0x170 fs/splice.c:936 [] default_file_splice_write+0x3c/0x80 fs/splice.c:1086 [] do_splice_from fs/splice.c:1128 [inline] [] do_splice fs/splice.c:1404 [inline] [] SYSC_splice fs/splice.c:1707 [inline] [] SyS_splice+0xd71/0x13a0 fs/splice.c:1690 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a other info that might help us debug this: Chain exists of: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&pipe->mutex/1); lock(&sig->cred_guard_mutex); lock(&pipe->mutex/1); lock(sel_mutex); *** DEADLOCK *** 2 locks held by syz-executor.4/11113: #0: (sb_writers#3){.+.+.+}, at: [] file_start_write include/linux/fs.h:2543 [inline] #0: (sb_writers#3){.+.+.+}, at: [] do_splice fs/splice.c:1403 [inline] #0: (sb_writers#3){.+.+.+}, at: [] SYSC_splice fs/splice.c:1707 [inline] #0: (sb_writers#3){.+.+.+}, at: [] SyS_splice+0xf2d/0x13a0 fs/splice.c:1690 #1: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock_nested fs/pipe.c:65 [inline] #1: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x63/0x80 fs/pipe.c:73 stack backtrace: CPU: 0 PID: 11113 Comm: syz-executor.4 Not tainted 4.4.174+ #17 0000000000000000 a95b0c2aae383105 ffff88006b7c7540 ffffffff81aad1a1 ffffffff84057a80 ffff880077b14740 ffffffff83ab8bd0 ffffffff83abd7c0 ffffffff83ab6a10 ffff88006b7c7590 ffffffff813abcda ffffffff83e5d500 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] print_circular_bug.cold+0x2f7/0x44e kernel/locking/lockdep.c:1226 [] check_prev_add kernel/locking/lockdep.c:1853 [inline] [] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [] validate_chain kernel/locking/lockdep.c:2144 [inline] [] __lock_acquire+0x37d6/0x4f50 kernel/locking/lockdep.c:3213 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] sel_commit_bools_write+0x89/0x260 security/selinux/selinuxfs.c:1142 [] __vfs_write+0x116/0x3d0 fs/read_write.c:491 [] __kernel_write+0x112/0x370 fs/read_write.c:513 [] write_pipe_buf+0x15d/0x1f0 fs/splice.c:1074 [] splice_from_pipe_feed fs/splice.c:776 [inline] [] __splice_from_pipe+0x37e/0x7a0 fs/splice.c:901 [] splice_from_pipe+0x108/0x170 fs/splice.c:936 [] default_file_splice_write+0x3c/0x80 fs/splice.c:1086 [] do_splice_from fs/splice.c:1128 [inline] [] do_splice fs/splice.c:1404 [inline] [] SYSC_splice fs/splice.c:1707 [inline] [] SyS_splice+0xd71/0x13a0 fs/splice.c:1690 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a audit: type=1400 audit(1575389817.683:884): avc: denied { create } for pid=11129 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575389817.743:885): avc: denied { create } for pid=11134 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 audit: type=1400 audit(1575389817.913:886): avc: denied { create } for pid=11134 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 audit: type=1400 audit(1575389817.963:887): avc: denied { create } for pid=11151 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575389818.013:888): avc: denied { set_context_mgr } for pid=11151 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: 11151:11156 ioctl 40046207 0 returned -13 binder: 11151:11156 ioctl 40046207 0 returned -13 binder: 11177:11185 ioctl 40046207 0 returned -13 binder: 11177:11185 transaction failed 29189/-22, size 104-24 line 3014 SELinux: policydb version 67043346 does not match my version range 15-30 binder: undelivered TRANSACTION_ERROR: 29189 binder: 11206:11211 ioctl 40046207 0 returned -13 binder: 11206:11211 transaction failed 29189/-22, size 104-24 line 3014 audit_printk_skb: 27 callbacks suppressed SELinux: policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c audit: type=1400 audit(1575389819.403:898): avc: denied { create } for pid=11209 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 binder: undelivered TRANSACTION_ERROR: 29189 audit: type=1400 audit(1575389819.763:899): avc: denied { create } for pid=11220 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 SELinux: policydb version 67043346 does not match my version range 15-30 audit: type=1400 audit(1575389819.933:900): avc: denied { create } for pid=11235 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575389820.113:901): avc: denied { set_context_mgr } for pid=11235 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: 11235:11247 ioctl 40046207 0 returned -13 audit: type=1400 audit(1575389820.633:902): avc: denied { create } for pid=11252 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 audit: type=1400 audit(1575389820.683:903): avc: denied { create } for pid=11256 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575389821.033:904): avc: denied { create } for pid=11272 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 SELinux: policydb version 67043346 does not match my version range 15-30 audit: type=1400 audit(1575389821.093:905): avc: denied { set_context_mgr } for pid=11272 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: 11272:11291 ioctl 40046207 0 returned -13 audit: type=1400 audit(1575389821.223:906): avc: denied { create } for pid=11287 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 audit: type=1400 audit(1575389821.603:907): avc: denied { create } for pid=11302 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 binder: 11302:11312 ioctl 40046207 0 returned -13 binder: 11328:11334 ioctl 40046207 0 returned -13 binder: 11328:11334 transaction failed 29189/-22, size 104-24 line 3014 binder: undelivered TRANSACTION_ERROR: 29189 SELinux: policydb version 67043346 does not match my version range 15-30 binder: 11345:11355 ioctl 40046207 0 returned -13 binder: 11375:11381 ioctl 40046207 0 returned -13 SELinux: policydb version 67043346 does not match my version range 15-30 binder: 11396:11406 ioctl 40046207 0 returned -13 binder: 11396:11406 transaction failed 29189/-22, size 104-24 line 3014 binder: undelivered TRANSACTION_ERROR: 29189 binder: 11428:11435 ioctl 40046207 0 returned -13 SELinux: policydb version 67043346 does not match my version range 15-30 binder: 11447:11461 ioctl 40046207 0 returned -13 audit_printk_skb: 69 callbacks suppressed audit: type=1400 audit(1575389824.863:931): avc: denied { create } for pid=11470 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 audit: type=1400 audit(1575389824.943:932): avc: denied { create } for pid=11474 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575389825.043:933): avc: denied { set_context_mgr } for pid=11474 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: 11474:11482 ioctl 40046207 0 returned -13 audit: type=1400 audit(1575389825.323:934): avc: denied { create } for pid=11487 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575389825.363:935): avc: denied { create } for pid=11485 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 SELinux: policydb version 67043346 does not match my version range 15-30 audit: type=1400 audit(1575389825.533:936): avc: denied { create } for pid=11507 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575389825.813:937): avc: denied { create } for pid=11523 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 audit: type=1400 audit(1575389825.903:938): avc: denied { create } for pid=11526 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575389826.003:939): avc: denied { create } for pid=11534 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0