====================================================== WARNING: possible circular locking dependency detected 4.14.94+ #12 Not tainted ------------------------------------------------------ syz-executor3/7623 is trying to acquire lock: (&sig->cred_guard_mutex){+.+.}, at: [] lock_trace+0x3f/0xc0 fs/proc/base.c:408 but task is already holding lock: (&p->lock){+.+.}, at: [] seq_read+0xcd/0x1180 fs/seq_file.c:165 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&p->lock){+.+.}: -> #1 (&pipe->mutex/1){+.+.}: -> #0 (&sig->cred_guard_mutex){+.+.}: other info that might help us debug this: Chain exists of: &sig->cred_guard_mutex --> &pipe->mutex/1 --> &p->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&p->lock); lock(&pipe->mutex/1); lock(&p->lock); lock(&sig->cred_guard_mutex); *** DEADLOCK *** 1 lock held by syz-executor3/7623: #0: (&p->lock){+.+.}, at: [] seq_read+0xcd/0x1180 fs/seq_file.c:165 stack backtrace: CPU: 0 PID: 7623 Comm: syz-executor3 Not tainted 4.14.94+ #12 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xb9/0x10e lib/dump_stack.c:53 print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1258 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7631 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7633 comm=syz-executor4 netlink: 104 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 104 bytes leftover after parsing attributes in process `syz-executor4'. input: syz1 as /devices/virtual/input/input10 uinput: write device info first mmap: syz-executor0 (7741) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. audit: type=1400 audit(1548133042.090:80): avc: denied { wake_alarm } for pid=7763 comm="syz-executor0" capability=35 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 7763:7768 ioctl 40046207 0 returned -16 ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! netlink: 48 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 48 bytes leftover after parsing attributes in process `syz-executor4'. hid (null): bogus close delimiter hid (null): unknown global tag 0xc hid (null): unknown global tag 0xe hid-generic 0000:0000:0000.0001: unknown main item tag 0x7 hid-generic 0000:0000:0000.0001: bogus close delimiter hid-generic 0000:0000:0000.0001: item 0 0 2 10 parsing failed hid-generic: probe of 0000:0000:0000.0001 failed with error -22 netlink: 48 bytes leftover after parsing attributes in process `syz-executor4'. audit: type=1400 audit(1548133043.080:81): avc: denied { call } for pid=7832 comm="/group.stat" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 7832:7843 got transaction with invalid offset (0, min 0 max 0) or object. binder: 7832:7843 transaction failed 29201/-22, size 0-8 line 3197 EXT4-fs warning (device sda1): verify_group_input:123: Last group not full EXT4-fs warning (device sda1): verify_group_input:123: Last group not full binder: BINDER_SET_CONTEXT_MGR already set binder: 7832:7878 ioctl 40046207 0 returned -16 binder_alloc: 7832: binder_alloc_buf, no vma binder: undelivered TRANSACTION_ERROR: 29201 binder: 7832:7843 transaction failed 29189/-3, size 0-8 line 3135 binder: undelivered TRANSACTION_ERROR: 29189 binder: 7889:7891 got transaction with invalid offset (0, min 0 max 0) or object. binder: 7889:7891 transaction failed 29201/-22, size 0-8 line 3197 binder: undelivered TRANSACTION_ERROR: 29201 binder: 7924:7931 got transaction with invalid offset (0, min 0 max 0) or object. binder: 7924:7931 transaction failed 29201/-22, size 0-8 line 3197 binder: undelivered TRANSACTION_ERROR: 29201 binder: 7952:7953 got transaction with invalid offset (0, min 0 max 0) or object. binder: 7952:7953 transaction failed 29201/-22, size 0-8 line 3197 binder: undelivered TRANSACTION_ERROR: 29201 binder: 7995:8003 got transaction with invalid offset (0, min 0 max 0) or object. binder: 7995:8003 transaction failed 29201/-22, size 0-8 line 3197 binder: undelivered TRANSACTION_ERROR: 29201 binder: 8042:8047 got transaction with invalid offset (0, min 0 max 0) or object. binder: 8042:8047 transaction failed 29201/-22, size 0-8 line 3197 binder: undelivered TRANSACTION_ERROR: 29201 binder: 8071:8075 got transaction with invalid offset (0, min 0 max 0) or object. binder: 8071:8075 transaction failed 29201/-22, size 0-8 line 3197 binder: undelivered TRANSACTION_ERROR: 29201 binder: 8096:8099 got transaction with invalid offset (0, min 0 max 0) or object. binder: 8096:8099 transaction failed 29201/-22, size 0-8 line 3197 binder: undelivered TRANSACTION_ERROR: 29201 audit: type=1400 audit(1548133045.610:82): avc: denied { map } for pid=8126 comm="syz-executor1" path="/dev/null" dev="devtmpfs" ino=1028 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:null_device_t:s0 tclass=chr_file permissive=1 binder: 8128:8137 got transaction with invalid offset (0, min 0 max 0) or object. binder: 8128:8137 transaction failed 29201/-22, size 0-8 line 3197 binder: undelivered TRANSACTION_ERROR: 29201 binder: 8170:8175 got transaction with invalid offset (0, min 0 max 0) or object. binder: 8170:8175 transaction failed 29201/-22, size 0-8 line 3197 binder: undelivered TRANSACTION_ERROR: 29201 binder: 8207:8213 transaction failed 29189/-22, size 0-8 line 3012 binder: undelivered TRANSACTION_ERROR: 29189 binder: 8237:8243 transaction failed 29189/-22, size 0-8 line 3012 binder: undelivered TRANSACTION_ERROR: 29189 binder: 8267:8276 transaction failed 29189/-22, size 0-8 line 3012 binder: undelivered TRANSACTION_ERROR: 29189