audit: type=1400 audit(1575433635.800:802): avc: denied { create } for pid=14217 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 ====================================================== input: syz1 as /devices/virtual/input/input27 [ INFO: possible circular locking dependency detected ] 4.4.174+ #4 Not tainted ------------------------------------------------------- syz-executor.5/14213 is trying to acquire lock: (&pipe->mutex/1){+.+.+.}, at: [] __pipe_lock fs/pipe.c:86 [inline] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 fs/pipe.c:896 but task is already holding lock: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 fs/exec.c:1225 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_interruptible_nested+0xd2/0xce0 kernel/locking/mutex.c:650 [] proc_pid_attr_write+0x1a8/0x2a0 fs/proc/base.c:2524 [] __vfs_write+0x116/0x3d0 fs/read_write.c:491 [] __kernel_write+0x112/0x370 fs/read_write.c:513 [] write_pipe_buf+0x15d/0x1f0 fs/splice.c:1074 [] splice_from_pipe_feed fs/splice.c:776 [inline] [] __splice_from_pipe+0x37e/0x7a0 fs/splice.c:901 [] splice_from_pipe+0x108/0x170 fs/splice.c:936 [] default_file_splice_write+0x3c/0x80 fs/splice.c:1086 [] do_splice_from fs/splice.c:1128 [inline] [] do_splice fs/splice.c:1404 [inline] [] SYSC_splice fs/splice.c:1707 [inline] [] SyS_splice+0xd71/0x13a0 fs/splice.c:1690 [] entry_SYSCALL_64_fastpath+0x1e/0x9a [] check_prev_add kernel/locking/lockdep.c:1853 [inline] [] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [] validate_chain kernel/locking/lockdep.c:2144 [inline] [] __lock_acquire+0x37d6/0x4f50 kernel/locking/lockdep.c:3213 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] __pipe_lock fs/pipe.c:86 [inline] [] fifo_open+0x15d/0xa00 fs/pipe.c:896 [] do_dentry_open+0x38f/0xbd0 fs/open.c:749 [] vfs_open+0x10b/0x210 fs/open.c:862 [] do_last fs/namei.c:3269 [inline] [] path_openat+0x136f/0x4470 fs/namei.c:3406 [] do_filp_open+0x1a1/0x270 fs/namei.c:3440 [] do_open_execat+0x10c/0x6e0 fs/exec.c:805 [] do_execveat_common.isra.0+0x6f6/0x1e90 fs/exec.c:1577 [] do_execve fs/exec.c:1683 [inline] [] SYSC_execve fs/exec.c:1764 [inline] [] SyS_execve+0x42/0x50 fs/exec.c:1759 [] return_from_execve+0x0/0x23 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sig->cred_guard_mutex); lock(&pipe->mutex/1); lock(&sig->cred_guard_mutex); lock(&pipe->mutex/1); *** DEADLOCK *** 1 lock held by syz-executor.5/14213: #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 fs/exec.c:1225 stack backtrace: CPU: 1 PID: 14213 Comm: syz-executor.5 Not tainted 4.4.174+ #4 0000000000000000 112bfd80a351311a ffff88008d18f530 ffffffff81aad1a1 ffffffff84057a80 ffff8800b3094740 ffffffff83abd2b0 ffffffff83ab6860 ffffffff83abd2b0 ffff88008d18f580 ffffffff813abcda ffff88008d18f660 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] print_circular_bug.cold+0x2f7/0x44e kernel/locking/lockdep.c:1226 [] check_prev_add kernel/locking/lockdep.c:1853 [inline] [] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [] validate_chain kernel/locking/lockdep.c:2144 [inline] [] __lock_acquire+0x37d6/0x4f50 kernel/locking/lockdep.c:3213 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] __pipe_lock fs/pipe.c:86 [inline] [] fifo_open+0x15d/0xa00 fs/pipe.c:896 [] do_dentry_open+0x38f/0xbd0 fs/open.c:749 [] vfs_open+0x10b/0x210 fs/open.c:862 [] do_last fs/namei.c:3269 [inline] [] path_openat+0x136f/0x4470 fs/namei.c:3406 [] do_filp_open+0x1a1/0x270 fs/namei.c:3440 [] do_open_execat+0x10c/0x6e0 fs/exec.c:805 [] do_execveat_common.isra.0+0x6f6/0x1e90 fs/exec.c:1577 [] do_execve fs/exec.c:1683 [inline] [] SYSC_execve fs/exec.c:1764 [inline] [] SyS_execve+0x42/0x50 fs/exec.c:1759 [] stub_execve+0x5/0x5 arch/x86/entry/entry_64.S:440 audit: type=1400 audit(1575433636.560:803): avc: denied { create } for pid=14206 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent audit_printk_skb: 60 callbacks suppressed audit: type=1400 audit(1575433638.240:824): avc: denied { create } for pid=14263 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=0 keychord: using input dev AT Translated Set 2 keyboard for fevent audit: type=1400 audit(1575433638.420:825): avc: denied { create } for pid=14263 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=0 audit: type=1400 audit(1575433638.590:826): avc: denied { create } for pid=14252 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575433638.770:827): avc: denied { create } for pid=14282 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 keychord: using input dev AT Translated Set 2 keyboard for fevent audit: type=1400 audit(1575433638.890:828): avc: denied { create } for pid=14282 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=0 keychord: using input dev AT Translated Set 2 keyboard for fevent audit: type=1400 audit(1575433639.020:829): avc: denied { create } for pid=14282 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=0 audit: type=1400 audit(1575433639.020:830): avc: denied { create } for pid=14288 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 keychord: using input dev AT Translated Set 2 keyboard for fevent audit: type=1400 audit(1575433639.180:831): avc: denied { create } for pid=14288 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=0 keychord: using input dev AT Translated Set 2 keyboard for fevent audit: type=1400 audit(1575433639.360:832): avc: denied { create } for pid=14288 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=0 audit: type=1400 audit(1575433639.460:833): avc: denied { create } for pid=14302 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent audit_printk_skb: 75 callbacks suppressed audit: type=1400 audit(1575433643.560:859): avc: denied { create } for pid=14407 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 keychord: using input dev AT Translated Set 2 keyboard for fevent audit: type=1400 audit(1575433643.790:860): avc: denied { create } for pid=14407 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=0 keychord: using input dev AT Translated Set 2 keyboard for fevent audit: type=1400 audit(1575433644.370:861): avc: denied { create } for pid=14428 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575433644.470:862): avc: denied { create } for pid=14431 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 keychord: using input dev AT Translated Set 2 keyboard for fevent audit: type=1400 audit(1575433644.550:863): avc: denied { create } for pid=14428 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=0 keychord: using input dev AT Translated Set 2 keyboard for fevent audit: type=1400 audit(1575433644.590:864): avc: denied { create } for pid=14431 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=0 keychord: using input dev AT Translated Set 2 keyboard for fevent audit: type=1400 audit(1575433644.690:865): avc: denied { create } for pid=14428 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=0 keychord: using input dev AT Translated Set 2 keyboard for fevent Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently!