====================================================== [ INFO: possible circular locking dependency detected ] 4.4.174+ #4 Not tainted ------------------------------------------------------- syz-executor.3/20878 is trying to acquire lock: (&pipe->mutex/1){+.+.+.}, at: [] __pipe_lock fs/pipe.c:86 [inline] (&pipe->mutex/1){+.+.+.}, at: [] fifo_open+0x15d/0xa00 fs/pipe.c:896 but task is already holding lock: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 fs/exec.c:1225 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_interruptible_nested+0xd2/0xce0 kernel/locking/mutex.c:650 [] proc_pid_attr_write+0x1a8/0x2a0 fs/proc/base.c:2524 binder: BINDER_SET_CONTEXT_MGR already set binder: 20862:20880 ioctl 40046207 0 returned -16 [] __vfs_write+0x116/0x3d0 fs/read_write.c:491 [] __kernel_write+0x112/0x370 fs/read_write.c:513 [] write_pipe_buf+0x15d/0x1f0 fs/splice.c:1074 [] splice_from_pipe_feed fs/splice.c:776 [inline] [] __splice_from_pipe+0x37e/0x7a0 fs/splice.c:901 [] splice_from_pipe+0x108/0x170 fs/splice.c:936 [] default_file_splice_write+0x3c/0x80 fs/splice.c:1086 [] do_splice_from fs/splice.c:1128 [inline] [] do_splice fs/splice.c:1404 [inline] [] SYSC_splice fs/splice.c:1707 [inline] [] SyS_splice+0xd71/0x13a0 fs/splice.c:1690 [] entry_SYSCALL_64_fastpath+0x1e/0x9a [] check_prev_add kernel/locking/lockdep.c:1853 [inline] [] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [] validate_chain kernel/locking/lockdep.c:2144 [inline] [] __lock_acquire+0x37d6/0x4f50 kernel/locking/lockdep.c:3213 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] __pipe_lock fs/pipe.c:86 [inline] [] fifo_open+0x15d/0xa00 fs/pipe.c:896 [] do_dentry_open+0x38f/0xbd0 fs/open.c:749 [] vfs_open+0x10b/0x210 fs/open.c:862 [] do_last fs/namei.c:3269 [inline] [] path_openat+0x136f/0x4470 fs/namei.c:3406 [] do_filp_open+0x1a1/0x270 fs/namei.c:3440 [] do_open_execat+0x10c/0x6e0 fs/exec.c:805 [] do_execveat_common.isra.0+0x6f6/0x1e90 fs/exec.c:1577 [] do_execve fs/exec.c:1683 [inline] [] SYSC_execve fs/exec.c:1764 [inline] [] SyS_execve+0x42/0x50 fs/exec.c:1759 [] return_from_execve+0x0/0x23 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sig->cred_guard_mutex); lock(&pipe->mutex/1); lock(&sig->cred_guard_mutex); lock(&pipe->mutex/1); *** DEADLOCK *** 1 lock held by syz-executor.3/20878: #0: (&sig->cred_guard_mutex){+.+.+.}, at: [] prepare_bprm_creds+0x55/0x120 fs/exec.c:1225 stack backtrace: CPU: 0 PID: 20878 Comm: syz-executor.3 Not tainted 4.4.174+ #4 0000000000000000 5ce90cf8b69aa2c7 ffff8800b8857530 ffffffff81aad1a1 ffffffff84057a80 ffff8800b77e97c0 ffffffff83abd610 ffffffff83ab6860 ffffffff83abd610 ffff8800b8857580 ffffffff813abcda ffff8800b8857660 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] print_circular_bug.cold+0x2f7/0x44e kernel/locking/lockdep.c:1226 [] check_prev_add kernel/locking/lockdep.c:1853 [inline] [] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [] validate_chain kernel/locking/lockdep.c:2144 [inline] [] __lock_acquire+0x37d6/0x4f50 kernel/locking/lockdep.c:3213 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] __pipe_lock fs/pipe.c:86 [inline] [] fifo_open+0x15d/0xa00 fs/pipe.c:896 [] do_dentry_open+0x38f/0xbd0 fs/open.c:749 [] vfs_open+0x10b/0x210 fs/open.c:862 [] do_last fs/namei.c:3269 [inline] [] path_openat+0x136f/0x4470 fs/namei.c:3406 [] do_filp_open+0x1a1/0x270 fs/namei.c:3440 [] do_open_execat+0x10c/0x6e0 fs/exec.c:805 [] do_execveat_common.isra.0+0x6f6/0x1e90 fs/exec.c:1577 [] do_execve fs/exec.c:1683 [inline] [] SYSC_execve fs/exec.c:1764 [inline] [] SyS_execve+0x42/0x50 fs/exec.c:1759 [] stub_execve+0x5/0x5 arch/x86/entry/entry_64.S:440 audit_printk_skb: 6 callbacks suppressed audit: type=1400 audit(1575422650.183:940): avc: denied { set_context_mgr } for pid=20888 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: 20888:20908 ioctl 40046207 0 returned -13 audit: type=1400 audit(1575422650.233:941): avc: denied { create } for pid=20910 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 binder: BINDER_SET_CONTEXT_MGR already set binder: 20933:20954 ioctl 40046207 0 returned -16 audit: type=1400 audit(1575422650.543:942): avc: denied { call } for pid=20933 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: BINDER_SET_CONTEXT_MGR already set binder: 20933:20954 transaction failed 29201/-1, size 402653184--7885431403142184960 line 3022 binder: 20933:20963 ioctl 40046207 0 returned -16 audit: type=1400 audit(1575422651.063:943): avc: denied { create } for pid=21012 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 binder: undelivered TRANSACTION_ERROR: 29201 binder: BINDER_SET_CONTEXT_MGR already set binder: 20933:21095 ioctl 40046207 0 returned -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 21147:21164 ioctl 40046207 0 returned -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 21147:21152 ioctl 40046207 0 returned -16 audit: type=1400 audit(1575422652.033:944): avc: denied { create } for pid=21182 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 audit: type=1400 audit(1575422652.563:945): avc: denied { set_context_mgr } for pid=21293 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: 21293:21293 ioctl 40046207 0 returned -13 binder: BINDER_SET_CONTEXT_MGR already set binder: 21280:21302 ioctl 40046207 0 returned -16 audit: type=1400 audit(1575422652.683:946): avc: denied { call } for pid=21280 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: BINDER_SET_CONTEXT_MGR already set binder: 21280:21302 transaction failed 29201/-1, size 402653184--7885431403142184960 line 3022 binder: 21280:21311 ioctl 40046207 0 returned -16 audit: type=1400 audit(1575422652.933:947): avc: denied { create } for pid=21310 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 binder: undelivered TRANSACTION_ERROR: 29201 binder: BINDER_SET_CONTEXT_MGR already set binder: 21418:21441 ioctl 40046207 0 returned -16 audit: type=1400 audit(1575422653.583:948): avc: denied { call } for pid=21418 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: BINDER_SET_CONTEXT_MGR already set binder: 21418:21460 ioctl 40046207 0 returned -16 binder: 21418:21441 transaction failed 29201/-1, size 402653184--7885431403142184960 line 3022 audit: type=1400 audit(1575422653.833:949): avc: denied { create } for pid=21452 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 binder: undelivered TRANSACTION_ERROR: 29201 binder: BINDER_SET_CONTEXT_MGR already set binder: 21558:21571 ioctl 40046207 0 returned -16 binder: 21558:21571 transaction failed 29201/-1, size 402653184--7885431403142184960 line 3022 binder: BINDER_SET_CONTEXT_MGR already set binder: 21558:21571 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29201 binder: BINDER_SET_CONTEXT_MGR already set binder: 21690:21706 ioctl 40046207 0 returned -16 audit_printk_skb: 6 callbacks suppressed audit: type=1400 audit(1575422655.283:952): avc: denied { call } for pid=21690 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: 21690:21706 transaction failed 29201/-1, size 402653184--7885431403142184960 line 3022 binder: BINDER_SET_CONTEXT_MGR already set binder: 21690:21706 ioctl 40046207 0 returned -16 audit: type=1400 audit(1575422655.513:953): avc: denied { create } for pid=21722 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 binder: undelivered TRANSACTION_ERROR: 29201 binder: BINDER_SET_CONTEXT_MGR already set binder: 21770:21786 ioctl 40046207 0 returned -16 audit: type=1400 audit(1575422656.133:954): avc: denied { call } for pid=21770 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: 21770:21786 transaction failed 29201/-1, size 402653184--7885431403142184960 line 3022 binder: BINDER_SET_CONTEXT_MGR already set binder: 21770:21786 ioctl 40046207 0 returned -16 audit: type=1400 audit(1575422656.403:955): avc: denied { create } for pid=21794 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 binder: undelivered TRANSACTION_ERROR: 29201 binder: BINDER_SET_CONTEXT_MGR already set binder: 21823:21845 ioctl 40046207 0 returned -16 audit: type=1400 audit(1575422657.013:956): avc: denied { call } for pid=21823 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: 21823:21845 transaction failed 29201/-1, size 402653184--7885431403142184960 line 3022 binder: BINDER_SET_CONTEXT_MGR already set binder: 21823:21845 ioctl 40046207 0 returned -16 audit: type=1400 audit(1575422657.253:957): avc: denied { create } for pid=21862 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 binder: undelivered TRANSACTION_ERROR: 29201 audit: type=1400 audit(1575422657.783:958): avc: denied { create } for pid=21899 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 binder: BINDER_SET_CONTEXT_MGR already set binder: 21904:21916 ioctl 40046207 0 returned -16 audit: type=1400 audit(1575422657.873:959): avc: denied { call } for pid=21904 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=0 binder: 21904:21916 transaction failed 29201/-1, size 402653184--7885431403142184960 line 3022 binder: BINDER_SET_CONTEXT_MGR already set binder: 21904:21916 ioctl 40046207 0 returned -16 audit: type=1400 audit(1575422658.133:960): avc: denied { create } for pid=21927 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 binder: undelivered TRANSACTION_ERROR: 29201 audit: type=1400 audit(1575422658.703:961): avc: denied { create } for pid=21945 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=0 binder: BINDER_SET_CONTEXT_MGR already set binder: 21948:21974 ioctl 40046207 0 returned -16 binder: 21948:21974 transaction failed 29201/-1, size 402653184--7885431403142184960 line 3022 binder: BINDER_SET_CONTEXT_MGR already set binder: 21948:21974 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29201 binder: BINDER_SET_CONTEXT_MGR already set binder: 22004:22030 ioctl 40046207 0 returned -16 binder: 22004:22030 transaction failed 29201/-1, size 402653184--7885431403142184960 line 3022 binder: BINDER_SET_CONTEXT_MGR already set binder: 22004:22030 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29201