binder: 31400:31410 ioctl 40046207 0 returned -16 binder: 31400:31414 unknown command 536872064 binder: 31400:31414 ioctl c0306201 20000440 returned -22 binder: 31400:31410 BC_ACQUIRE_DONE u0000000000000000 no match ====================================================== WARNING: possible circular locking dependency detected 4.14.94+ #12 Not tainted ------------------------------------------------------ syz-executor3/31408 is trying to acquire lock: (&sig->cred_guard_mutex){+.+.}, at: [] do_io_accounting+0x1da/0x790 fs/proc/base.c:2731 but task is already holding lock: (&p->lock){+.+.}, at: [] seq_read+0xcd/0x1180 fs/seq_file.c:165 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&p->lock){+.+.}: -> #1 (&pipe->mutex/1){+.+.}: -> #0 (&sig->cred_guard_mutex){+.+.}: other info that might help us debug this: Chain exists of: &sig->cred_guard_mutex --> &pipe->mutex/1 --> &p->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&p->lock); lock(&pipe->mutex/1); lock(&p->lock); lock(&sig->cred_guard_mutex); *** DEADLOCK *** 2 locks held by syz-executor3/31408: #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0xa6/0xc0 fs/file.c:768 #1: (&p->lock){+.+.}, at: [] seq_read+0xcd/0x1180 fs/seq_file.c:165 stack backtrace: CPU: 1 PID: 31408 Comm: syz-executor3 Not tainted 4.14.94+ #12 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xb9/0x10e lib/dump_stack.c:53 print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1258 binder: BINDER_SET_CONTEXT_MGR already set binder: 31430:31434 ioctl 40046207 0 returned -16 binder: 31430:31434 unknown command 536871488 binder: 31430:31434 ioctl c0306201 20000440 returned -22 binder: 31430:31441 BC_ACQUIRE_DONE u0000000000000000 no match binder: BINDER_SET_CONTEXT_MGR already set binder: 31430:31441 ioctl 40046207 0 returned -16 binder: 31430:31442 unknown command 536871488 binder: 31430:31442 ioctl c0306201 20000440 returned -22 binder: 31430:31441 BC_ACQUIRE_DONE u0000000000000000 no match SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=31456 comm=syz-executor3 binder: 31457:31461 unknown command 536871488 binder: 31457:31461 ioctl c0306201 20000440 returned -22 binder: 31457:31462 BC_ACQUIRE_DONE u0000000000000000 no match SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=31464 comm=syz-executor3 binder: 31457:31461 unknown command 536871488 binder: 31457:31462 BC_ACQUIRE_DONE u0000000000000000 no match binder: 31457:31461 ioctl c0306201 20000440 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 31471:31475 ioctl 40046207 0 returned -16 binder: 31471:31475 unknown command 536871488 binder: 31471:31475 ioctl c0306201 20000440 returned -22 binder: 31471:31475 BC_ACQUIRE_DONE u0000000000000000 no match binder: 31473:31476 unknown command 536871488 binder: 31473:31476 ioctl c0306201 20000440 returned -22 binder: 31473:31476 BC_ACQUIRE_DONE u0000000000000000 no match kauditd_printk_skb: 273 callbacks suppressed audit: type=1400 audit(1548101990.760:31398): avc: denied { map } for pid=31481 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1548101990.770:31399): avc: denied { map } for pid=31478 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1548101990.780:31400): avc: denied { map } for pid=31478 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1548101990.780:31401): avc: denied { map } for pid=31478 comm="blkid" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1548101990.780:31402): avc: denied { map } for pid=31478 comm="blkid" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1548101990.800:31403): avc: denied { map } for pid=31481 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1548101990.810:31404): avc: denied { map } for pid=31481 comm="blkid" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 31471:31495 ioctl 40046207 0 returned -16 binder: 31471:31495 unknown command 536871488 binder: 31471:31495 ioctl c0306201 20000440 returned -22 binder: 31471:31495 BC_ACQUIRE_DONE u0000000000000000 no match audit: type=1400 audit(1548101990.820:31405): avc: denied { map } for pid=31481 comm="blkid" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1548101990.820:31406): avc: denied { map } for pid=31478 comm="blkid" path="/etc/ld.so.cache" dev="sda1" ino=2503 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1548101990.830:31407): avc: denied { map } for pid=31481 comm="blkid" path="/etc/ld.so.cache" dev="sda1" ino=2503 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 31503:31508 unknown command 536871488 binder: 31503:31508 ioctl c0306201 20000440 returned -22 binder: 31500:31507 ioctl 40046207 0 returned -16 binder: 31503:31508 BC_ACQUIRE_DONE u0000000000000000 no match binder: 31500:31507 unknown command 536871488 binder: 31500:31507 ioctl c0306201 20000440 returned -22 binder: 31500:31510 unknown command 0 binder: 31500:31510 ioctl c0306201 200003c0 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 31500:31510 ioctl 40046207 0 returned -16 binder: 31500:31507 unknown command 536871488 binder: 31500:31507 ioctl c0306201 20000440 returned -22 binder: 31524:31527 ioctl c018620b 0 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 31524:31527 ioctl 40046207 0 returned -16 binder: 31524:31527 unknown command 536871488 binder: 31524:31527 ioctl c0306201 20000440 returned -22 binder: 31524:31527 BC_ACQUIRE_DONE u0000000000000000 no match binder: 31536:31542 unknown command 536871488 binder: 31536:31542 ioctl c0306201 20000440 returned -22 binder: 31536:31542 BC_ACQUIRE_DONE u0000000000000000 no match binder: 31524:31532 ioctl c018620b 0 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 31524:31554 BC_ACQUIRE_DONE u0000000000000000 no match binder: 31524:31532 unknown command 536871488 binder: 31524:31530 ioctl 40046207 0 returned -16 binder: 31524:31532 ioctl c0306201 20000440 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 31564:31566 ioctl 40046207 0 returned -16 binder: 31564:31566 unknown command 536871488 binder: 31564:31566 ioctl c0306201 20000440 returned -22 binder: 31564:31566 BC_ACQUIRE_DONE u0000000000000000 no match binder: BINDER_SET_CONTEXT_MGR already set binder: 31564:31592 unknown command 536871488 binder: 31564:31590 ioctl 40046207 0 returned -16 binder: 31564:31592 ioctl c0306201 20000440 returned -22 binder: 31610:31613 unknown command 536871488 binder: 31610:31613 ioctl c0306201 20000440 returned -22 binder: 31610:31618 BC_ACQUIRE_DONE u0000000000000000 no match binder: BINDER_SET_CONTEXT_MGR already set binder: 31610:31618 ioctl 40046207 0 returned -16 binder: 31610:31619 unknown command 536871488 binder: 31610:31619 ioctl c0306201 20000440 returned -22 binder: 31610:31618 BC_ACQUIRE_DONE u0000000000000000 no match binder: BINDER_SET_CONTEXT_MGR already set binder: 31635:31638 ioctl 40046207 0 returned -16 binder: 31635:31639 unknown command 536871488 binder: 31635:31639 ioctl c0306201 20000440 returned -22 binder: 31635:31638 BC_ACQUIRE_DONE u0000000000000000 no match binder: BINDER_SET_CONTEXT_MGR already set binder: 31635:31642 ioctl 40046207 0 returned -16 kauditd_printk_skb: 382 callbacks suppressed audit: type=1400 audit(1548101995.780:31790): avc: denied { map } for pid=31641 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: 31635:31639 unknown command 536871488 binder: 31635:31645 BC_ACQUIRE_DONE u0000000000000000 no match binder: 31635:31639 ioctl c0306201 20000440 returned -22 audit: type=1400 audit(1548101995.830:31792): avc: denied { map } for pid=31641 comm="blkid" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1548101995.830:31793): avc: denied { map } for pid=31641 comm="blkid" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1548101995.860:31794): avc: denied { map } for pid=31641 comm="blkid" path="/etc/ld.so.cache" dev="sda1" ino=2503 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1548101995.890:31795): avc: denied { map } for pid=31641 comm="blkid" path="/lib/x86_64-linux-gnu/libblkid.so.1.1.0" dev="sda1" ino=2825 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1548101995.900:31796): avc: denied { map } for pid=31641 comm="blkid" path="/lib/x86_64-linux-gnu/libblkid.so.1.1.0" dev="sda1" ino=2825 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1548101995.900:31797): avc: denied { map } for pid=31641 comm="blkid" path="/lib/x86_64-linux-gnu/libc-2.13.so" dev="sda1" ino=2784 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1548101995.900:31798): avc: denied { map } for pid=31641 comm="blkid" path="/lib/x86_64-linux-gnu/libc-2.13.so" dev="sda1" ino=2784 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1548101995.970:31799): avc: denied { map } for pid=31641 comm="blkid" path="/lib/x86_64-linux-gnu/libuuid.so.1.3.0" dev="sda1" ino=2819 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 31658:31666 unknown command 536871488 binder: 31658:31665 ioctl 40046207 0 returned -16 binder: 31658:31666 ioctl c0306201 20000440 returned -22 binder: 31658:31667 BC_ACQUIRE_DONE u0000000000000000 no match binder: BINDER_SET_CONTEXT_MGR already set binder: 31658:31666 ioctl 40046207 0 returned -16 binder: 31658:31665 unknown command 536871488 binder: 31658:31665 ioctl c0306201 20000440 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 31679:31682 ioctl 40046207 0 returned -16 binder: 31679:31682 unknown command 536871488 binder: 31679:31682 ioctl c0306201 20000440 returned -22 binder: 31679:31682 unknown command 533251445 binder: 31679:31682 ioctl c0306201 200003c0 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 31679:31686 ioctl 40046207 0 returned -16 binder: 31679:31686 unknown command 536871488 binder: 31679:31686 ioctl c0306201 20000440 returned -22 binder: 31679:31686 unknown command 533251445 binder: 31679:31686 ioctl c0306201 200003c0 returned -22 binder: 31697:31698 unknown command 536871488 binder: 31697:31698 ioctl c0306201 20000440 returned -22 binder: 31697:31698 BC_ACQUIRE_DONE u0000000000000000 no match binder: 31719:31722 unknown command 536871488 binder: 31719:31722 ioctl c0306201 20000440 returned -22 binder: 31719:31722 BC_ACQUIRE_DONE u0000000000000000 no match