audit: type=1400 audit(1575092264.431:4016): avc: denied { create } for pid=22866 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 ====================================================== [ INFO: possible circular locking dependency detected ] 4.4.174+ #17 Not tainted ------------------------------------------------------- syz-executor.1/22873 is trying to acquire lock: (&bdev->bd_mutex[ 1861.171219] audit: type=1400 audit(1575092264.481:4017): avc: denied { create } for pid=22866 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 ){+.+.+.}, at: [] blkdev_reread_part+0x1f/0x40 block/ioctl.c:189 but task is already holding lock: (loop_ctl_mutex#2){+.+.+.}, at: [] lo_compat_ioctl+0x105/0x140 drivers/block/loop.c:1599 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] __lo_release drivers/block/loop.c:1653 [inline] [] lo_release+0x84/0x1b0 drivers/block/loop.c:1676 [] __blkdev_put+0x461/0x840 fs/block_dev.c:1535 [] blkdev_put+0x88/0x560 fs/block_dev.c:1600 [] blkdev_close+0x8b/0xb0 fs/block_dev.c:1607 [] __fput+0x246/0x710 fs/file_table.c:208 [] ____fput+0x16/0x20 fs/file_table.c:244 [] task_work_run+0x202/0x2b0 kernel/task_work.c:115 [] tracehook_notify_resume include/linux/tracehook.h:191 [inline] [] exit_to_usermode_loop+0x14a/0x170 arch/x86/entry/common.c:188 [] prepare_exit_to_usermode arch/x86/entry/common.c:221 [inline] [] syscall_return_slowpath+0x25b/0x2e0 arch/x86/entry/common.c:286 [] int_ret_from_sys_call+0x25/0xa3 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] lo_open+0x1d/0xb0 drivers/block/loop.c:1633 [] __blkdev_get+0x2ae/0xdf0 fs/block_dev.c:1213 [] blkdev_get+0x2e8/0x920 fs/block_dev.c:1353 [] blkdev_open+0x1aa/0x250 fs/block_dev.c:1508 [] do_dentry_open+0x38f/0xbd0 fs/open.c:749 [] vfs_open+0x10b/0x210 fs/open.c:862 [] do_last fs/namei.c:3269 [inline] [] path_openat+0x136f/0x4470 fs/namei.c:3406 [] do_filp_open+0x1a1/0x270 fs/namei.c:3440 [] do_sys_open+0x2f8/0x600 fs/open.c:1038 [] SYSC_open fs/open.c:1056 [inline] [] SyS_open+0x2d/0x40 fs/open.c:1051 [] entry_SYSCALL_64_fastpath+0x1e/0x9a [] check_prev_add kernel/locking/lockdep.c:1853 [inline] [] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [] validate_chain kernel/locking/lockdep.c:2144 [inline] [] __lock_acquire+0x37d6/0x4f50 kernel/locking/lockdep.c:3213 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] blkdev_reread_part+0x1f/0x40 block/ioctl.c:189 [] loop_reread_partitions+0x7c/0x90 drivers/block/loop.c:649 [] loop_set_status+0xc02/0x1260 drivers/block/loop.c:1208 [] loop_set_status_compat+0xb2/0x110 drivers/block/loop.c:1572 [] lo_compat_ioctl+0x110/0x140 drivers/block/loop.c:1600 [] compat_blkdev_ioctl+0xca0/0x344f block/compat_ioctl.c:751 [] C_SYSC_ioctl fs/compat_ioctl.c:1592 [inline] [] compat_SyS_ioctl+0x403/0x2210 fs/compat_ioctl.c:1544 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a other info that might help us debug this: Chain exists of: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(loop_ctl_mutex#2); lock(loop_index_mutex); lock(loop_ctl_mutex#2); lock(&bdev->bd_mutex); *** DEADLOCK *** 1 lock held by syz-executor.1/22873: #0: (loop_ctl_mutex#2){+.+.+.}, at: [] lo_compat_ioctl+0x105/0x140 drivers/block/loop.c:1599 stack backtrace: CPU: 0 PID: 22873 Comm: syz-executor.1 Not tainted 4.4.174+ #17 0000000000000000 c902a4ecbdc25325 ffff88018af175e0 ffffffff81aad1a1 ffffffff84057a80 ffff88005d29c740 ffffffff83aa0cc0 ffffffff83ac6220 ffffffff83aa1890 ffff88018af17630 ffffffff813abcda ffffffff83e1a900 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] print_circular_bug.cold+0x2f7/0x44e kernel/locking/lockdep.c:1226 [] check_prev_add kernel/locking/lockdep.c:1853 [inline] [] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [] validate_chain kernel/locking/lockdep.c:2144 [inline] [] __lock_acquire+0x37d6/0x4f50 kernel/locking/lockdep.c:3213 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] blkdev_reread_part+0x1f/0x40 block/ioctl.c:189 [] loop_reread_partitions+0x7c/0x90 drivers/block/loop.c:649 [] loop_set_status+0xc02/0x1260 drivers/block/loop.c:1208 [] loop_set_status_compat+0xb2/0x110 drivers/block/loop.c:1572 [] lo_compat_ioctl+0x110/0x140 drivers/block/loop.c:1600 [] compat_blkdev_ioctl+0xca0/0x344f block/compat_ioctl.c:751 [] C_SYSC_ioctl fs/compat_ioctl.c:1592 [inline] [] compat_SyS_ioctl+0x403/0x2210 fs/compat_ioctl.c:1544 [] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] [] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397 [] sysenter_flags_fixed+0xd/0x1a loop_reread_partitions: partition scan of loop0 (}á \¨°yN1‡¶À‰û6Å‚)dlyq¤³9þØ¢ÊqˆÊÜÆ[Øi úa)]^Ù¢p^p¿ããø<”ÖzAˆ) failed (rc=-13) audit: type=1400 audit(1575092265.521:4018): avc: denied { create } for pid=22897 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575092265.521:4019): avc: denied { create } for pid=22881 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1575092265.551:4020): avc: denied { shutdown } for pid=22881 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1575092265.551:4021): avc: denied { write } for pid=22881 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1575092265.631:4022): avc: denied { write } for pid=22897 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28509 sclass=netlink_route_socket Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! audit_printk_skb: 24 callbacks suppressed audit: type=1400 audit(1575092266.301:4031): avc: denied { create } for pid=22939 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575092266.471:4032): avc: denied { write } for pid=22939 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575092266.571:4033): avc: denied { read } for pid=22939 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575092266.611:4034): avc: denied { create } for pid=22942 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1575092266.671:4035): avc: denied { create } for pid=22950 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575092266.711:4036): avc: denied { shutdown } for pid=22942 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1575092266.741:4037): avc: denied { write } for pid=22950 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 Dead loop on virtual device ip6_vti0, fix it urgently! audit: type=1400 audit(1575092266.831:4038): avc: denied { write } for pid=22942 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1575092266.871:4039): avc: denied { read } for pid=22950 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28509 sclass=netlink_route_socket audit: type=1400 audit(1575092267.511:4040): avc: denied { create } for pid=22963 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 Dead loop on virtual device ip6_vti0, fix it urgently! SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28509 sclass=netlink_route_socket Dead loop on virtual device ip6_vti0, fix it urgently! SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28509 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28509 sclass=netlink_route_socket Dead loop on virtual device ip6_vti0, fix it urgently! SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28509 sclass=netlink_route_socket Dead loop on virtual device ip6_vti0, fix it urgently! SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28509 sclass=netlink_route_socket audit_printk_skb: 129 callbacks suppressed audit: type=1400 audit(1575092271.581:4084): avc: denied { create } for pid=23167 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575092271.621:4085): avc: denied { write } for pid=23167 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575092271.651:4086): avc: denied { read write } for pid=23162 comm="syz-executor.2" path="socket:[181719]" dev="sockfs" ino=181719 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575092271.681:4087): avc: denied { read } for pid=23167 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575092271.711:4088): avc: denied { create } for pid=23150 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575092271.781:4089): avc: denied { write } for pid=23150 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575092272.161:4090): avc: denied { read } for pid=23150 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28509 sclass=netlink_route_socket audit: type=1400 audit(1575092272.241:4091): avc: denied { create } for pid=23189 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575092272.271:4092): avc: denied { write } for pid=23189 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575092272.301:4093): avc: denied { read write } for pid=23182 comm="syz-executor.2" path="socket:[180827]" dev="sockfs" ino=180827 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 Dead loop on virtual device ip6_vti0, fix it urgently! SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28509 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28509 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28509 sclass=netlink_route_socket Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently!