audit: type=1400 audit(1546721914.327:12332): avc: denied { map } for pid=7625 comm="blkid" path="/lib/x86_64-linux-gnu/libc-2.13.so" dev="sda1" ino=2784 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 ====================================================== WARNING: possible circular locking dependency detected 4.14.91+ #3 Not tainted ------------------------------------------------------ audit: type=1400 audit(1546721914.357:12333): avc: denied { map } for pid=7625 comm="blkid" path="/lib/x86_64-linux-gnu/libuuid.so.1.3.0" dev="sda1" ino=2819 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 syz-executor3/7653 is trying to acquire lock: (cpu_hotplug_lock.rw_sem){++++}, at: [] get_online_cpus include/linux/cpu.h:138 [inline] (cpu_hotplug_lock.rw_sem){++++}, at: [] lru_add_drain_all+0xa/0x20 mm/swap.c:729 but task is already holding lock: (&sb->s_type->i_mutex_key#10){+.+.}, at: [] inode_lock include/linux/fs.h:715 [inline] (&sb->s_type->i_mutex_key#10){+.+.}, at: [] shmem_add_seals+0x12b/0x1150 mm/shmem.c:2829 which lock already depends on the new lock. audit: type=1400 audit(1546721914.357:12334): avc: denied { map } for pid=7625 comm="blkid" path="/lib/x86_64-linux-gnu/libuuid.so.1.3.0" dev="sda1" ino=2819 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 the existing dependency chain (in reverse order) is: -> #5 (&sb->s_type->i_mutex_key#10){+.+.}: -> #4 (ashmem_mutex){+.+.}: -> #3 (&mm->mmap_sem){++++}: -> #2 (&cpuctx_mutex){+.+.}: -> #1 (pmus_lock){+.+.}: -> #0 (cpu_hotplug_lock.rw_sem){++++}: other info that might help us debug this: Chain exists of: cpu_hotplug_lock.rw_sem --> ashmem_mutex --> &sb->s_type->i_mutex_key#10 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sb->s_type->i_mutex_key#10); lock(ashmem_mutex); lock(&sb->s_type->i_mutex_key#10); lock(cpu_hotplug_lock.rw_sem); *** DEADLOCK *** 1 lock held by syz-executor3/7653: #0: (&sb->s_type->i_mutex_key#10){+.+.}, at: [] inode_lock include/linux/fs.h:715 [inline] #0: (&sb->s_type->i_mutex_key#10){+.+.}, at: [] shmem_add_seals+0x12b/0x1150 mm/shmem.c:2829 stack backtrace: CPU: 0 PID: 7653 Comm: syz-executor3 Not tainted 4.14.91+ #3 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xb9/0x10e lib/dump_stack.c:53 print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1258 binder: 7691:7693 ioctl c018620b 0 returned -14 binder: 7691:7693 unknown command 0 binder: 7691:7693 ioctl c0306201 20000100 returned -22 SELinux: ebitmap: map size 1758852527 does not match my size 64 (high bit was 367132672) SELinux: failed to load policy SELinux: ebitmap: map size 1758852527 does not match my size 64 (high bit was 367132672) SELinux: failed to load policy binder_alloc: binder_alloc_mmap_handler: 7691 20001000-20004000 already mapped failed -16 binder: 7691:7701 ioctl c018620b 0 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 7691:7741 ioctl 40046207 0 returned -16 binder_alloc: 7691: binder_alloc_buf, no vma binder: 7691:7742 transaction failed 29189/-3, size 24-8 line 3135 binder: 7691:7701 BC_INCREFS_DONE u0000000000000000 no match binder: 7691:7693 unknown command 0 binder: 7691:7693 ioctl c0306201 20000100 returned -22 binder: 7691:7693 BC_ACQUIRE_DONE u0000000000000000 no match binder: release 7691:7701 transaction 22 out, still active binder: send failed reply for transaction 22, target dead binder: 7750:7755 ioctl c018620b 0 returned -14 binder: 7750:7755 unknown command 0 binder: 7750:7755 ioctl c0306201 20000100 returned -22 binder: release 7750:7761 transaction 27 out, still active binder: send failed reply for transaction 27, target dead binder: 7788:7794 ioctl c018620b 0 returned -14 binder: 7788:7794 unknown command 0 binder: 7788:7794 ioctl c0306201 20000100 returned -22 binder: send failed reply for transaction 31 to 7788:7799 binder: undelivered TRANSACTION_ERROR: 29189 binder: 7828:7834 ioctl c018620b 0 returned -14 kauditd_printk_skb: 298 callbacks suppressed audit: type=1400 audit(1546721919.247:12633): avc: denied { map } for pid=7846 comm="blkid" path="/lib/x86_64-linux-gnu/libc-2.13.so" dev="sda1" ino=2784 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: 7853:7855 ioctl c018620b 0 returned -14 audit: type=1400 audit(1546721919.247:12634): avc: denied { map } for pid=7846 comm="blkid" path="/lib/x86_64-linux-gnu/libuuid.so.1.3.0" dev="sda1" ino=2819 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 7853:7874 BC_INCREFS_DONE u0000000000000000 no match binder: 7853:7872 unknown command 0 binder: 7853:7861 ioctl 40046207 0 returned -16 binder: 7853:7872 ioctl c0306201 20000100 returned -22 audit: type=1400 audit(1546721919.297:12635): avc: denied { map } for pid=7853 comm="syz-executor4" path="/dev/binder0" dev="devtmpfs" ino=5417 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 audit: type=1400 audit(1546721919.357:12636): avc: denied { map } for pid=7856 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1546721919.357:12637): avc: denied { map } for pid=7856 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1546721919.367:12638): avc: denied { map } for pid=7856 comm="modprobe" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: 7888:7892 ioctl c018620b 0 returned -14 audit: type=1400 audit(1546721919.367:12639): avc: denied { map } for pid=7856 comm="modprobe" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 7888:7898 ioctl 40046207 0 returned -16 audit: type=1400 audit(1546721919.377:12640): avc: denied { map } for pid=7856 comm="modprobe" path="/etc/ld.so.cache" dev="sda1" ino=2503 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: 7888:7904 BC_INCREFS_DONE node 42 has no pending increfs request binder: 7888:7898 unknown command 0 binder: 7888:7898 ioctl c0306201 20000100 returned -22 binder: 7888:7904 BC_ACQUIRE_DONE node 42 has no pending acquire request binder: release 7888:7892 transaction 41 out, still active audit: type=1400 audit(1546721919.397:12641): avc: denied { map } for pid=7856 comm="modprobe" path="/lib/x86_64-linux-gnu/libkmod.so.2.1.3" dev="sda1" ino=2811 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1546721919.397:12642): avc: denied { map } for pid=7856 comm="modprobe" path="/lib/x86_64-linux-gnu/libkmod.so.2.1.3" dev="sda1" ino=2811 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: 7917:7918 ioctl c018620b 0 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 7917:7925 ioctl 40046207 0 returned -16 binder: 7917:7918 unknown command 0 binder: 7917:7918 ioctl c0306201 20000100 returned -22 binder: release 7917:7925 transaction 44 out, still active binder: 7971:7974 ioctl c018620b 0 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 7971:7981 ioctl 40046207 0 returned -16 binder: 7971:7974 unknown command 0 binder: 7971:7974 ioctl c0306201 20000100 returned -22 binder: release 7971:7985 transaction 47 out, still active binder: 8009:8014 ioctl c018620b 0 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 8009:8021 ioctl 40046207 0 returned -16 binder: 8009:8014 unknown command 0 binder: 8009:8014 ioctl c0306201 20000100 returned -22 binder: release 8009:8025 transaction 50 out, still active binder: 8053:8058 ioctl c018620b 0 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 8053:8064 ioctl 40046207 0 returned -16 binder: 8053:8058 unknown command 0 binder: 8053:8058 ioctl c0306201 20000100 returned -22 binder: release 8053:8058 transaction 53 out, still active binder: 8090:8095 ioctl c018620b 0 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 8090:8102 ioctl 40046207 0 returned -16 kauditd_printk_skb: 376 callbacks suppressed audit: type=1400 audit(1546721924.287:13019): avc: denied { map } for pid=8118 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1546721924.307:13020): avc: denied { map } for pid=8120 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1546721924.307:13021): avc: denied { map } for pid=8120 comm="blkid" path="/lib/x86_64-linux-gnu/libblkid.so.1.1.0" dev="sda1" ino=2825 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 binder: release 8090:8104 transaction 56 out, still active audit: type=1400 audit(1546721924.687:13022): avc: denied { map_create } for pid=8123 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 binder: 8126:8132 ioctl c018620b 0 returned -14 audit: type=1400 audit(1546721924.707:13023): avc: denied { map } for pid=8126 comm="syz-executor4" path="/dev/binder0" dev="devtmpfs" ino=5417 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 8126:8136 ioctl 40046207 0 returned -16 audit: type=1400 audit(1546721924.717:13024): avc: denied { map_read map_write } for pid=8123 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1546721924.797:13025): avc: denied { map } for pid=8135 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1546721924.807:13026): avc: denied { map } for pid=8135 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1546721924.807:13027): avc: denied { map } for pid=8135 comm="blkid" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1546721924.807:13028): avc: denied { map } for pid=8135 comm="blkid" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1