====================================================== [ INFO: possible circular locking dependency detected ] 4.4.174+ #17 Not tainted ------------------------------------------------------- syz-executor.0/29086 is trying to acquire lock: (sel_mutex){+.+.+.}, at: [] sel_commit_bools_write+0x89/0x260 security/selinux/selinuxfs.c:1142 but task is already holding lock: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock_nested fs/pipe.c:65 [inline] (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x63/0x80 fs/pipe.c:73 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] __pipe_lock fs/pipe.c:86 [inline] [] fifo_open+0x15d/0xa00 fs/pipe.c:896 [] do_dentry_open+0x38f/0xbd0 fs/open.c:749 [] vfs_open+0x10b/0x210 fs/open.c:862 [] do_last fs/namei.c:3269 [inline] [] path_openat+0x136f/0x4470 fs/namei.c:3406 [] do_filp_open+0x1a1/0x270 fs/namei.c:3440 [] do_open_execat+0x10c/0x6e0 fs/exec.c:805 [] do_execveat_common.isra.0+0x6f6/0x1e90 fs/exec.c:1577 [] compat_do_execve fs/exec.c:1710 [inline] [] C_SYSC_execve fs/exec.c:1785 [inline] [] compat_SyS_execve+0x48/0x60 fs/exec.c:1781 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_killable_nested+0xd2/0xd00 kernel/locking/mutex.c:641 [] lock_trace+0x44/0xc0 fs/proc/base.c:448 [] proc_pid_personality+0x1c/0xc0 fs/proc/base.c:2854 [] proc_single_show+0xf6/0x160 fs/proc/base.c:805 [] seq_read+0x4cd/0x1240 fs/seq_file.c:240 [] __vfs_read+0x116/0x3c0 fs/read_write.c:434 [] vfs_read+0x134/0x360 fs/read_write.c:456 [] SYSC_pread64 fs/read_write.c:609 [inline] [] SyS_pread64+0x13f/0x170 fs/read_write.c:596 [] sys32_pread+0x39/0x50 arch/x86/ia32/sys_ia32.c:179 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] seq_read+0xd6/0x1240 fs/seq_file.c:178 [] proc_reg_read+0xfd/0x180 fs/proc/inode.c:202 [] do_loop_readv_writev+0x148/0x1e0 fs/read_write.c:682 [] do_readv_writev+0x573/0x6e0 fs/read_write.c:812 [] vfs_readv+0x7a/0xb0 fs/read_write.c:836 [] kernel_readv fs/splice.c:586 [inline] [] default_file_splice_read+0x3ac/0x8b0 fs/splice.c:662 [] do_splice_to+0xff/0x160 fs/splice.c:1154 [] splice_direct_to_actor+0x249/0x850 fs/splice.c:1226 [] do_splice_direct+0x1a5/0x260 fs/splice.c:1337 [] do_sendfile+0x4ed/0xba0 fs/read_write.c:1229 [] C_SYSC_sendfile fs/read_write.c:1311 [inline] [] compat_SyS_sendfile+0x144/0x160 fs/read_write.c:1294 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] percpu_down_read include/linux/percpu-rwsem.h:26 [inline] [] __sb_start_write+0x1af/0x310 fs/super.c:1239 [] sb_start_write include/linux/fs.h:1517 [inline] [] ext4_run_li_request fs/ext4/super.c:2685 [inline] [] ext4_lazyinit_thread fs/ext4/super.c:2784 [inline] [] ext4_lazyinit_thread+0x1e4/0x7b0 fs/ext4/super.c:2760 [] kthread+0x273/0x310 kernel/kthread.c:211 [] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:537 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] ext4_register_li_request+0x2fd/0x7d0 fs/ext4/super.c:2972 [] ext4_remount+0x1366/0x1b90 fs/ext4/super.c:4922 [] do_remount_sb2+0x41b/0x7a0 fs/super.c:781 [] do_remount fs/namespace.c:2347 [inline] [] do_mount+0xfdb/0x2a40 fs/namespace.c:2860 [] SYSC_mount fs/namespace.c:3063 [inline] [] SyS_mount+0x130/0x1d0 fs/namespace.c:3041 [] entry_SYSCALL_64_fastpath+0x1e/0x9a [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] ext4_register_li_request+0x89/0x7d0 fs/ext4/super.c:2945 [] ext4_remount+0x1366/0x1b90 fs/ext4/super.c:4922 [] do_remount_sb2+0x41b/0x7a0 fs/super.c:781 [] do_remount fs/namespace.c:2347 [inline] [] do_mount+0xfdb/0x2a40 fs/namespace.c:2860 [] SYSC_mount fs/namespace.c:3063 [inline] [] SyS_mount+0x130/0x1d0 fs/namespace.c:3041 [] entry_SYSCALL_64_fastpath+0x1e/0x9a [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] down_read+0x42/0x60 kernel/locking/rwsem.c:22 [] iterate_supers+0xe1/0x250 fs/super.c:547 [] selinux_complete_init+0x2f/0x31 security/selinux/hooks.c:6154 [] security_load_policy+0x69d/0x9c0 security/selinux/ss/services.c:2060 [] sel_write_load+0x175/0xf90 security/selinux/selinuxfs.c:535 [] __vfs_write+0x116/0x3d0 fs/read_write.c:491 [] vfs_write+0x182/0x4e0 fs/read_write.c:540 [] SYSC_write fs/read_write.c:587 [inline] [] SyS_write+0xdc/0x1c0 fs/read_write.c:579 [] entry_SYSCALL_64_fastpath+0x1e/0x9a [] check_prev_add kernel/locking/lockdep.c:1853 [inline] [] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [] validate_chain kernel/locking/lockdep.c:2144 [inline] [] __lock_acquire+0x37d6/0x4f50 kernel/locking/lockdep.c:3213 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] sel_commit_bools_write+0x89/0x260 security/selinux/selinuxfs.c:1142 [] __vfs_write+0x116/0x3d0 fs/read_write.c:491 [] __kernel_write+0x112/0x370 fs/read_write.c:513 [] write_pipe_buf+0x15d/0x1f0 fs/splice.c:1074 [] splice_from_pipe_feed fs/splice.c:776 [inline] [] __splice_from_pipe+0x37e/0x7a0 fs/splice.c:901 [] splice_from_pipe+0x108/0x170 fs/splice.c:936 [] default_file_splice_write+0x3c/0x80 fs/splice.c:1086 [] do_splice_from fs/splice.c:1128 [inline] [] do_splice fs/splice.c:1404 [inline] [] SYSC_splice fs/splice.c:1707 [inline] [] SyS_splice+0xd71/0x13a0 fs/splice.c:1690 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a other info that might help us debug this: Chain exists of: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&pipe->mutex/1); lock(&sig->cred_guard_mutex); lock(&pipe->mutex/1); lock(sel_mutex); *** DEADLOCK *** 2 locks held by syz-executor.0/29086: #0: (sb_writers#3){.+.+.+}, at: [] file_start_write include/linux/fs.h:2543 [inline] #0: (sb_writers#3){.+.+.+}, at: [] do_splice fs/splice.c:1403 [inline] #0: (sb_writers#3){.+.+.+}, at: [] SYSC_splice fs/splice.c:1707 [inline] #0: (sb_writers#3){.+.+.+}, at: [] SyS_splice+0xf2d/0x13a0 fs/splice.c:1690 #1: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock_nested fs/pipe.c:65 [inline] #1: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x63/0x80 fs/pipe.c:73 stack backtrace: CPU: 0 PID: 29086 Comm: syz-executor.0 Not tainted 4.4.174+ #17 0000000000000000 ed35b6b938db4b38 ffff8800b6707540 ffffffff81aad1a1 ffffffff84057a80 ffff880192924740 ffffffff83ab8870 ffffffff83abd610 ffffffff83ab66b0 ffff8800b6707590 ffffffff813abcda ffffffff83e5f900 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] print_circular_bug.cold+0x2f7/0x44e kernel/locking/lockdep.c:1226 [] check_prev_add kernel/locking/lockdep.c:1853 [inline] [] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [] validate_chain kernel/locking/lockdep.c:2144 [inline] [] __lock_acquire+0x37d6/0x4f50 kernel/locking/lockdep.c:3213 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] sel_commit_bools_write+0x89/0x260 security/selinux/selinuxfs.c:1142 [] __vfs_write+0x116/0x3d0 fs/read_write.c:491 [] __kernel_write+0x112/0x370 fs/read_write.c:513 [] write_pipe_buf+0x15d/0x1f0 fs/splice.c:1074 [] splice_from_pipe_feed fs/splice.c:776 [inline] [] __splice_from_pipe+0x37e/0x7a0 fs/splice.c:901 [] splice_from_pipe+0x108/0x170 fs/splice.c:936 [] default_file_splice_write+0x3c/0x80 fs/splice.c:1086 [] do_splice_from fs/splice.c:1128 [inline] [] do_splice fs/splice.c:1404 [inline] [] SYSC_splice fs/splice.c:1707 [inline] [] SyS_splice+0xd71/0x13a0 fs/splice.c:1690 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a Dead loop on virtual device ip6tnl0, fix it urgently! Dead loop on virtual device ip6tnl0, fix it urgently! Dead loop on virtual device ip6tnl0, fix it urgently! Dead loop on virtual device ip6tnl0, fix it urgently! Dead loop on virtual device ip6tnl0, fix it urgently! Dead loop on virtual device ip6tnl0, fix it urgently! Dead loop on virtual device ip6tnl0, fix it urgently! Dead loop on virtual device ip6tnl0, fix it urgently! Dead loop on virtual device ip6tnl0, fix it urgently!