====================================================== WARNING: possible circular locking dependency detected 4.14.85+ #15 Not tainted ------------------------------------------------------ syz-executor4/7999 is trying to acquire lock: (&sig->cred_guard_mutex){+.+.}, at: [] do_io_accounting+0x1d7/0x770 fs/proc/base.c:2731 but task is already holding lock: loop1: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21 loop1: p1 start 1 is beyond EOD, truncated loop1: p2 size 2 extends beyond EOD, truncated loop1: p3 start 201 is beyond EOD, truncated loop1: p4 start 301 is beyond EOD, truncated loop1: p5 start 1 is beyond EOD, truncated loop1: p6 start 1 is beyond EOD, truncated loop1: p7 start 1 is beyond EOD, truncated loop1: p8 start 1 is beyond EOD, truncated loop1: p9 start 1 is beyond EOD, truncated loop1: p10 start 1 is beyond EOD, truncated loop1: p11 start 1 is beyond EOD, truncated loop1: p12 start 1 is beyond EOD, truncated loop1: p13 start 1 is beyond EOD, truncated loop1: p14 start 1 is beyond EOD, truncated loop1: p15 start 1 is beyond EOD, truncated loop1: p16 start 1 is beyond EOD, truncated loop1: p17 start 1 is beyond EOD, truncated loop1: p18 start 1 is beyond EOD, truncated loop1: p19 start 1 is beyond EOD, truncated loop1: p20 start 1 is beyond EOD, truncated loop1: p21 start 1 is beyond EOD, truncated loop1: p22 start 1 is beyond EOD, truncated loop1: p23 start 1 is beyond EOD, truncated loop1: p24 start 1 is beyond EOD, truncated loop1: p25 start 1 is beyond EOD, truncated loop1: p26 start 1 is beyond EOD, truncated loop1: p27 start 1 is beyond EOD, truncated loop1: p28 start 1 is beyond EOD, truncated loop1: p29 start 1 is beyond EOD, truncated loop1: p30 start 1 is beyond EOD, truncated loop1: p31 start 1 is beyond EOD, truncated loop1: p32 start 1 is beyond EOD, truncated loop1: p33 start 1 is beyond EOD, truncated loop1: p34 start 1 is beyond EOD, truncated loop1: p35 start 1 is beyond EOD, truncated loop1: p36 start 1 is beyond EOD, truncated loop1: p37 start 1 is beyond EOD, truncated loop1: p38 start 1 is beyond EOD, truncated loop1: p39 start 1 is beyond EOD, truncated loop1: p40 start 1 is beyond EOD, truncated loop1: p41 start 1 is beyond EOD, truncated loop1: p42 start 1 is beyond EOD, truncated loop1: p43 start 1 is beyond EOD, truncated loop1: p44 start 1 is beyond EOD, truncated loop1: p45 start 1 is beyond EOD, truncated loop1: p46 start 1 is beyond EOD, truncated loop1: p47 start 1 is beyond EOD, truncated loop1: p48 start 1 is beyond EOD, truncated loop1: p49 start 1 is beyond EOD, truncated loop1: p50 start 1 is beyond EOD, truncated loop1: p51 start 1 is beyond EOD, truncated loop1: p52 start 1 is beyond EOD, truncated loop1: p53 start 1 is beyond EOD, truncated loop1: p54 start 1 is beyond EOD, truncated loop1: p55 start 1 is beyond EOD, truncated loop1: p56 start 1 is beyond EOD, truncated loop1: p57 start 1 is beyond EOD, truncated loop1: p58 start 1 is beyond EOD, truncated loop1: p59 start 1 is beyond EOD, truncated loop1: p60 start 1 is beyond EOD, truncated loop1: p61 start 1 is beyond EOD, truncated loop1: p62 start 1 is beyond EOD, truncated loop1: p63 start 1 is beyond EOD, truncated loop1: p64 start 1 is beyond EOD, truncated loop1: p65 start 1 is beyond EOD, truncated loop1: p66 start 1 is beyond EOD, truncated loop1: p67 start 1 is beyond EOD, truncated loop1: p68 start 1 is beyond EOD, truncated loop1: p69 start 1 is beyond EOD, truncated loop1: p70 start 1 is beyond EOD, truncated loop1: p71 start 1 is beyond EOD, truncated loop1: p72 start 1 is beyond EOD, truncated loop1: p73 start 1 is beyond EOD, truncated loop1: p74 start 1 is beyond EOD, truncated loop1: p75 start 1 is beyond EOD, truncated loop1: p76 start 1 is beyond EOD, truncated loop1: p77 start 1 is beyond EOD, truncated loop1: p78 start 1 is beyond EOD, truncated loop1: p79 start 1 is beyond EOD, truncated loop1: p80 start 1 is beyond EOD, truncated loop1: p81 start 1 is beyond EOD, truncated loop1: p82 start 1 is beyond EOD, truncated loop1: p83 start 1 is beyond EOD, truncated loop1: p84 start 1 is beyond EOD, truncated loop1: p85 start 1 is beyond EOD, truncated loop1: p86 start 1 is beyond EOD, truncated loop1: p87 start 1 is beyond EOD, truncated loop1: p88 start 1 is beyond EOD, truncated loop1: p89 start 1 is beyond EOD, truncated loop1: p90 start 1 is beyond EOD, truncated loop1: p91 start 1 is beyond EOD, truncated loop1: p92 start 1 is beyond EOD, truncated loop1: p93 start 1 is beyond EOD, truncated loop1: p94 start 1 is beyond EOD, truncated loop1: p95 start 1 is beyond EOD, truncated loop1: p96 start 1 is beyond EOD, truncated loop1: p97 start 1 is beyond EOD, truncated loop1: p98 start 1 is beyond EOD, truncated loop1: p99 start 1 is beyond EOD, truncated loop1: p100 start 1 is beyond EOD, truncated loop1: p101 start 1 is beyond EOD, truncated loop1: p102 start 1 is beyond EOD, truncated loop1: p103 start 1 is beyond EOD, truncated loop1: p104 start 1 is beyond EOD, truncated loop1: p105 start 1 is beyond EOD, truncated loop1: p106 start 1 is beyond EOD, truncated loop1: p107 start 1 is beyond EOD, truncated loop1: p108 start 1 is beyond EOD, truncated loop1: p109 start 1 is beyond EOD, truncated loop1: p110 start 1 is beyond EOD, truncated loop1: p111 start 1 is beyond EOD, truncated loop1: p112 start 1 is beyond EOD, truncated loop1: p113 start 1 is beyond EOD, truncated loop1: p114 start 1 is beyond EOD, truncated loop1: p115 start 1 is beyond EOD, truncated loop1: p116 start 1 is beyond EOD, truncated loop1: p117 start 1 is beyond EOD, truncated loop1: p118 start 1 is beyond EOD, truncated loop1: p119 start 1 is beyond EOD, truncated loop1: p120 start 1 is beyond EOD, truncated loop1: p121 start 1 is beyond EOD, truncated loop1: p122 start 1 is beyond EOD, truncated loop1: p123 start 1 is beyond EOD, truncated loop1: p124 start 1 is beyond EOD, truncated loop1: p125 start 1 is beyond EOD, truncated loop1: p126 start 1 is beyond EOD, truncated loop1: p127 start 1 is beyond EOD, truncated loop1: p128 start 1 is beyond EOD, truncated loop1: p129 start 1 is beyond EOD, truncated loop1: p130 start 1 is beyond EOD, truncated loop1: p131 start 1 is beyond EOD, truncated loop1: p132 start 1 is beyond EOD, truncated loop1: p133 start 1 is beyond EOD, truncated loop1: p134 start 1 is beyond EOD, truncated loop1: p135 start 1 is beyond EOD, truncated loop1: p136 start 1 is beyond EOD, truncated loop1: p137 start 1 is beyond EOD, truncated loop1: p138 start 1 is beyond EOD, truncated loop1: p139 start 1 is beyond EOD, truncated loop1: p140 start 1 is beyond EOD, truncated loop1: p141 start 1 is beyond EOD, truncated loop1: p142 start 1 is beyond EOD, truncated loop1: p143 start 1 is beyond EOD, truncated loop1: p144 start 1 is beyond EOD, truncated loop1: p145 start 1 is beyond EOD, truncated loop1: p146 start 1 is beyond EOD, truncated loop1: p147 start 1 is beyond EOD, truncated loop1: p148 start 1 is beyond EOD, truncated loop1: p149 start 1 is beyond EOD, truncated loop1: p150 start 1 is beyond EOD, truncated loop1: p151 start 1 is beyond EOD, truncated loop1: p152 start 1 is beyond EOD, truncated loop1: p153 start 1 is beyond EOD, truncated loop1: p154 start 1 is beyond EOD, truncated loop1: p155 start 1 is beyond EOD, truncated loop1: p156 start 1 is beyond EOD, truncated loop1: p157 start 1 is beyond EOD, truncated loop1: p158 start 1 is beyond EOD, truncated loop1: p159 start 1 is beyond EOD, truncated loop1: p160 start 1 is beyond EOD, truncated loop1: p161 start 1 is beyond EOD, truncated loop1: p162 start 1 is beyond EOD, truncated loop1: p163 start 1 is beyond EOD, truncated loop1: p164 start 1 is beyond EOD, truncated loop1: p165 start 1 is beyond EOD, truncated loop1: p166 start 1 is beyond EOD, truncated loop1: p167 start 1 is beyond EOD, truncated loop1: p168 start 1 is beyond EOD, truncated loop1: p169 start 1 is beyond EOD, truncated loop1: p170 start 1 is beyond EOD, truncated loop1: p171 start 1 is beyond EOD, truncated loop1: p172 start 1 is beyond EOD, truncated loop1: p173 start 1 is beyond EOD, truncated loop1: p174 start 1 is beyond EOD, truncated loop1: p175 start 1 is beyond EOD, truncated loop1: p176 start 1 is beyond EOD, truncated loop1: p177 start 1 is beyond EOD, truncated loop1: p178 start 1 is beyond EOD, truncated loop1: p179 start 1 is beyond EOD, truncated loop1: p180 start 1 is beyond EOD, truncated loop1: p181 start 1 is beyond EOD, truncated loop1: p182 start 1 is beyond EOD, truncated loop1: p183 start 1 is beyond EOD, truncated loop1: p184 start 1 is beyond EOD, truncated loop1: p185 start 1 is beyond EOD, truncated loop1: p186 start 1 is beyond EOD, truncated loop1: p187 start 1 is beyond EOD, truncated loop1: p188 start 1 is beyond EOD, truncated loop1: p189 start 1 is beyond EOD, truncated loop1: p190 start 1 is beyond EOD, truncated loop1: p191 start 1 is beyond EOD, truncated loop1: p192 start 1 is beyond EOD, truncated loop1: p193 start 1 is beyond EOD, truncated loop1: p194 start 1 is beyond EOD, truncated loop1: p195 start 1 is beyond EOD, truncated loop1: p196 start 1 is beyond EOD, truncated loop1: p197 start 1 is beyond EOD, truncated loop1: p198 start 1 is beyond EOD, truncated loop1: p199 start 1 is beyond EOD, truncated loop1: p200 start 1 is beyond EOD, truncated loop1: p201 start 1 is beyond EOD, truncated loop1: p202 start 1 is beyond EOD, truncated loop1: p203 start 1 is beyond EOD, truncated loop1: p204 start 1 is beyond EOD, truncated loop1: p205 start 1 is beyond EOD, truncated loop1: p206 start 1 is beyond EOD, truncated loop1: p207 start 1 is beyond EOD, truncated loop1: p208 start 1 is beyond EOD, truncated loop1: p209 start 1 is beyond EOD, truncated loop1: p210 start 1 is beyond EOD, truncated loop1: p211 start 1 is beyond EOD, truncated loop1: p212 start 1 is beyond EOD, truncated loop1: p213 start 1 is beyond EOD, truncated loop1: p214 start 1 is beyond EOD, truncated loop1: p215 start 1 is beyond EOD, truncated loop1: p216 start 1 is beyond EOD, truncated loop1: p217 start 1 is beyond EOD, truncated loop1: p218 start 1 is beyond EOD, truncated loop1: p219 start 1 is beyond EOD, truncated loop1: p220 start 1 is beyond EOD, truncated loop1: p221 start 1 is beyond EOD, truncated loop1: p222 start 1 is beyond EOD, truncated loop1: p223 start 1 is beyond EOD, truncated loop1: p224 start 1 is beyond EOD, truncated loop1: p225 start 1 is beyond EOD, truncated loop1: p226 start 1 is beyond EOD, truncated loop1: p227 start 1 is beyond EOD, truncated loop1: p228 start 1 is beyond EOD, truncated loop1: p229 start 1 is beyond EOD, truncated loop1: p230 start 1 is beyond EOD, truncated loop1: p231 start 1 is beyond EOD, truncated loop1: p232 start 1 is beyond EOD, truncated loop1: p233 start 1 is beyond EOD, truncated loop1: p234 start 1 is beyond EOD, truncated loop1: p235 start 1 is beyond EOD, truncated loop1: p236 start 1 is beyond EOD, truncated loop1: p237 start 1 is beyond EOD, truncated loop1: p238 start 1 is beyond EOD, truncated loop1: p239 start 1 is beyond EOD, truncated loop1: p240 start 1 is beyond EOD, truncated loop1: p241 start 1 is beyond EOD, truncated loop1: p242 start 1 is beyond EOD, truncated loop1: p243 start 1 is beyond EOD, truncated loop1: p244 start 1 is beyond EOD, truncated loop1: p245 start 1 is beyond EOD, truncated loop1: p246 start 1 is beyond EOD, truncated loop1: p247 start 1 is beyond EOD, truncated loop1: p248 start 1 is beyond EOD, truncated loop1: p249 start 1 is beyond EOD, truncated loop1: p250 start 1 is beyond EOD, truncated loop1: p251 start 1 is beyond EOD, truncated loop1: p252 start 1 is beyond EOD, truncated loop1: p253 start 1 is beyond EOD, truncated loop1: p254 start 1 is beyond EOD, truncated loop1: p255 start 1 is beyond EOD, truncated (&p->lock){+.+.}, at: [] seq_read+0xd4/0x11d0 fs/seq_file.c:165 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&p->lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xf5/0x1480 kernel/locking/mutex.c:893 seq_read+0xd4/0x11d0 fs/seq_file.c:165 proc_reg_read+0xef/0x170 fs/proc/inode.c:217 do_loop_readv_writev fs/read_write.c:698 [inline] do_iter_read+0x3cc/0x580 fs/read_write.c:922 vfs_readv+0xe6/0x150 fs/read_write.c:984 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x495/0x860 fs/splice.c:416 do_splice_to+0x102/0x150 fs/splice.c:880 do_splice fs/splice.c:1173 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0xf4d/0x12a0 fs/splice.c:1382 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 -> #1 (&pipe->mutex/1){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xf5/0x1480 kernel/locking/mutex.c:893 __pipe_lock fs/pipe.c:88 [inline] fifo_open+0x156/0x9d0 fs/pipe.c:921 do_dentry_open+0x426/0xda0 fs/open.c:764 vfs_open+0x11c/0x210 fs/open.c:878 do_last fs/namei.c:3455 [inline] path_openat+0x5f9/0x2930 fs/namei.c:3597 do_filp_open+0x197/0x270 fs/namei.c:3631 do_open_execat+0x10d/0x5b0 fs/exec.c:849 do_execveat_common.isra.14+0x6cb/0x1d60 fs/exec.c:1740 do_execve fs/exec.c:1847 [inline] SYSC_execve fs/exec.c:1928 [inline] SyS_execve+0x34/0x40 fs/exec.c:1923 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 -> #0 (&sig->cred_guard_mutex){+.+.}: lock_acquire+0x10f/0x380 kernel/locking/lockdep.c:3991 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xf5/0x1480 kernel/locking/mutex.c:893 do_io_accounting+0x1d7/0x770 fs/proc/base.c:2731 proc_single_show+0xf1/0x160 fs/proc/base.c:762 seq_read+0x4e0/0x11d0 fs/seq_file.c:237 do_loop_readv_writev fs/read_write.c:698 [inline] do_iter_read+0x3cc/0x580 fs/read_write.c:922 vfs_readv+0xe6/0x150 fs/read_write.c:984 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x495/0x860 fs/splice.c:416 do_splice_to+0x102/0x150 fs/splice.c:880 splice_direct_to_actor+0x21d/0x750 fs/splice.c:952 do_splice_direct+0x17b/0x220 fs/splice.c:1061 do_sendfile+0x4a1/0xb50 fs/read_write.c:1438 SYSC_sendfile64 fs/read_write.c:1499 [inline] SyS_sendfile64+0x11f/0x140 fs/read_write.c:1485 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 other info that might help us debug this: Chain exists of: &sig->cred_guard_mutex --> &pipe->mutex/1 --> &p->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&p->lock); lock(&pipe->mutex/1); lock(&p->lock); lock(&sig->cred_guard_mutex); *** DEADLOCK *** 1 lock held by syz-executor4/7999: #0: (&p->lock){+.+.}, at: [] seq_read+0xd4/0x11d0 fs/seq_file.c:165 stack backtrace: CPU: 1 PID: 7999 Comm: syz-executor4 Not tainted 4.14.85+ #15 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xb9/0x11b lib/dump_stack.c:53 print_circular_bug.isra.18.cold.43+0x2d3/0x40c kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1901 [inline] check_prevs_add kernel/locking/lockdep.c:2018 [inline] validate_chain kernel/locking/lockdep.c:2460 [inline] __lock_acquire+0x2ff9/0x4320 kernel/locking/lockdep.c:3487 lock_acquire+0x10f/0x380 kernel/locking/lockdep.c:3991 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xf5/0x1480 kernel/locking/mutex.c:893 do_io_accounting+0x1d7/0x770 fs/proc/base.c:2731 proc_single_show+0xf1/0x160 fs/proc/base.c:762 seq_read+0x4e0/0x11d0 fs/seq_file.c:237 do_loop_readv_writev fs/read_write.c:698 [inline] do_iter_read+0x3cc/0x580 fs/read_write.c:922 vfs_readv+0xe6/0x150 fs/read_write.c:984 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x495/0x860 fs/splice.c:416 do_splice_to+0x102/0x150 fs/splice.c:880 splice_direct_to_actor+0x21d/0x750 fs/splice.c:952 do_splice_direct+0x17b/0x220 fs/splice.c:1061 do_sendfile+0x4a1/0xb50 fs/read_write.c:1438 SYSC_sendfile64 fs/read_write.c:1499 [inline] SyS_sendfile64+0x11f/0x140 fs/read_write.c:1485 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x457569 RSP: 002b:00007f8cf2a0ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0020000000001000 R11: 0000000000000246 R12: 00007f8cf2a0f6d4 R13: 00000000004c3c2a R14: 00000000004d6230 R15: 00000000ffffffff audit: type=1400 audit(2000000040.000:44): avc: denied { write } for pid=8358 comm="syz-executor3" name="net" dev="proc" ino=21622 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 audit: type=1400 audit(2000000040.030:45): avc: denied { add_name } for pid=8358 comm="syz-executor3" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 audit: type=1400 audit(2000000040.040:46): avc: denied { create } for pid=8358 comm="syz-executor3" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:insmod_t:s0 tclass=file permissive=1