======================================================
WARNING: possible circular locking dependency detected
4.19.172-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.0/4390 is trying to acquire lock:
000000006756dfdb (&sig->cred_guard_mutex){+.+.}, at: lock_trace syzkaller/managers/linux-4-19/kernel/fs/proc/base.c:402 [inline]
000000006756dfdb (&sig->cred_guard_mutex){+.+.}, at: proc_pid_personality+0x4a/0x170 syzkaller/managers/linux-4-19/kernel/fs/proc/base.c:2925
but task is already holding lock:
00000000b3cabca6 (&p->lock){+.+.}, at: seq_read+0x6b/0x1160 syzkaller/managers/linux-4-19/kernel/fs/seq_file.c:161
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&p->lock){+.+.}:
seq_read+0x6b/0x1160 syzkaller/managers/linux-4-19/kernel/fs/seq_file.c:161
proc_reg_read+0x1bd/0x2d0 syzkaller/managers/linux-4-19/kernel/fs/proc/inode.c:231
do_loop_readv_writev syzkaller/managers/linux-4-19/kernel/fs/read_write.c:701 [inline]
do_loop_readv_writev syzkaller/managers/linux-4-19/kernel/fs/read_write.c:688 [inline]
do_iter_read+0x471/0x630 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:925
vfs_readv+0xe5/0x150 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:987
kernel_readv syzkaller/managers/linux-4-19/kernel/fs/splice.c:362 [inline]
default_file_splice_read+0x457/0xa00 syzkaller/managers/linux-4-19/kernel/fs/splice.c:417
do_splice_to+0x10e/0x160 syzkaller/managers/linux-4-19/kernel/fs/splice.c:881
splice_direct_to_actor+0x2b9/0x8d0 syzkaller/managers/linux-4-19/kernel/fs/splice.c:959
do_splice_direct+0x1a7/0x270 syzkaller/managers/linux-4-19/kernel/fs/splice.c:1068
do_sendfile+0x550/0xc30 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1447
__do_sys_sendfile64 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1508 [inline]
__se_sys_sendfile64+0x147/0x160 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1494
do_syscall_64+0xf9/0x620 syzkaller/managers/linux-4-19/kernel/arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #2 (sb_writers#3){.+.+}:
sb_start_write syzkaller/managers/linux-4-19/kernel/./include/linux/fs.h:1579 [inline]
mnt_want_write+0x3a/0xb0 syzkaller/managers/linux-4-19/kernel/fs/namespace.c:360
ovl_do_remove+0xf0/0xdb0 syzkaller/managers/linux-4-19/kernel/fs/overlayfs/dir.c:843
vfs_rmdir.part.0+0x10f/0x3d0 syzkaller/managers/linux-4-19/kernel/fs/namei.c:3882
vfs_rmdir syzkaller/managers/linux-4-19/kernel/fs/namei.c:3868 [inline]
do_rmdir+0x3fd/0x490 syzkaller/managers/linux-4-19/kernel/fs/namei.c:3943
do_syscall_64+0xf9/0x620 syzkaller/managers/linux-4-19/kernel/arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #1 (&ovl_i_mutex_dir_key[depth]){++++}:
inode_lock_shared syzkaller/managers/linux-4-19/kernel/./include/linux/fs.h:758 [inline]
do_last syzkaller/managers/linux-4-19/kernel/fs/namei.c:3326 [inline]
path_openat+0x17ec/0x2df0 syzkaller/managers/linux-4-19/kernel/fs/namei.c:3537
do_filp_open+0x18c/0x3f0 syzkaller/managers/linux-4-19/kernel/fs/namei.c:3567
do_open_execat+0x11d/0x5b0 syzkaller/managers/linux-4-19/kernel/fs/exec.c:853
__do_execve_file+0x1a8b/0x2360 syzkaller/managers/linux-4-19/kernel/fs/exec.c:1770
do_execveat_common syzkaller/managers/linux-4-19/kernel/fs/exec.c:1879 [inline]
do_execve+0x35/0x50 syzkaller/managers/linux-4-19/kernel/fs/exec.c:1896
__do_sys_execve syzkaller/managers/linux-4-19/kernel/fs/exec.c:1977 [inline]
__se_sys_execve syzkaller/managers/linux-4-19/kernel/fs/exec.c:1972 [inline]
__x64_sys_execve+0x7c/0xa0 syzkaller/managers/linux-4-19/kernel/fs/exec.c:1972
do_syscall_64+0xf9/0x620 syzkaller/managers/linux-4-19/kernel/arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #0 (&sig->cred_guard_mutex){+.+.}:
__mutex_lock_common syzkaller/managers/linux-4-19/kernel/kernel/locking/mutex.c:925 [inline]
__mutex_lock+0xd7/0x1260 syzkaller/managers/linux-4-19/kernel/kernel/locking/mutex.c:1072
lock_trace syzkaller/managers/linux-4-19/kernel/fs/proc/base.c:402 [inline]
proc_pid_personality+0x4a/0x170 syzkaller/managers/linux-4-19/kernel/fs/proc/base.c:2925
proc_single_show+0xeb/0x170 syzkaller/managers/linux-4-19/kernel/fs/proc/base.c:755
seq_read+0x4be/0x1160 syzkaller/managers/linux-4-19/kernel/fs/seq_file.c:229
do_loop_readv_writev syzkaller/managers/linux-4-19/kernel/fs/read_write.c:701 [inline]
do_loop_readv_writev syzkaller/managers/linux-4-19/kernel/fs/read_write.c:688 [inline]
do_iter_read+0x471/0x630 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:925
vfs_readv+0xe5/0x150 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:987
kernel_readv syzkaller/managers/linux-4-19/kernel/fs/splice.c:362 [inline]
default_file_splice_read+0x457/0xa00 syzkaller/managers/linux-4-19/kernel/fs/splice.c:417
do_splice_to+0x10e/0x160 syzkaller/managers/linux-4-19/kernel/fs/splice.c:881
splice_direct_to_actor+0x2b9/0x8d0 syzkaller/managers/linux-4-19/kernel/fs/splice.c:959
do_splice_direct+0x1a7/0x270 syzkaller/managers/linux-4-19/kernel/fs/splice.c:1068
vfs_copy_file_range+0x830/0xb00 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1614
__do_sys_copy_file_range syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1667 [inline]
__se_sys_copy_file_range+0x18d/0x410 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1634
do_syscall_64+0xf9/0x620 syzkaller/managers/linux-4-19/kernel/arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
other info that might help us debug this:
Chain exists of:
&sig->cred_guard_mutex --> sb_writers#3 --> &p->lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&p->lock);
lock(sb_writers#3);
lock(&p->lock);
lock(&sig->cred_guard_mutex);
*** DEADLOCK ***
2 locks held by syz-executor.0/4390:
#0: 00000000cac6b49d (sb_writers#4){.+.+}, at: file_start_write syzkaller/managers/linux-4-19/kernel/./include/linux/fs.h:2779 [inline]
#0: 00000000cac6b49d (sb_writers#4){.+.+}, at: vfs_copy_file_range+0x94e/0xb00 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1592
#1: 00000000b3cabca6 (&p->lock){+.+.}, at: seq_read+0x6b/0x1160 syzkaller/managers/linux-4-19/kernel/fs/seq_file.c:161
stack backtrace:
CPU: 0 PID: 4390 Comm: syz-executor.0 Not tainted 4.19.172-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack syzkaller/managers/linux-4-19/kernel/lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef syzkaller/managers/linux-4-19/kernel/lib/dump_stack.c:118
print_circular_bug.constprop.0.cold+0x2d7/0x41e syzkaller/managers/linux-4-19/kernel/kernel/locking/lockdep.c:1221
check_prev_add syzkaller/managers/linux-4-19/kernel/kernel/locking/lockdep.c:1865 [inline]
check_prevs_add syzkaller/managers/linux-4-19/kernel/kernel/locking/lockdep.c:1978 [inline]
validate_chain syzkaller/managers/linux-4-19/kernel/kernel/locking/lockdep.c:2419 [inline]
__lock_acquire+0x30c9/0x3ff0 syzkaller/managers/linux-4-19/kernel/kernel/locking/lockdep.c:3415
lock_acquire+0x170/0x3c0 syzkaller/managers/linux-4-19/kernel/kernel/locking/lockdep.c:3907
__mutex_lock_common syzkaller/managers/linux-4-19/kernel/kernel/locking/mutex.c:925 [inline]
__mutex_lock+0xd7/0x1260 syzkaller/managers/linux-4-19/kernel/kernel/locking/mutex.c:1072
lock_trace syzkaller/managers/linux-4-19/kernel/fs/proc/base.c:402 [inline]
proc_pid_personality+0x4a/0x170 syzkaller/managers/linux-4-19/kernel/fs/proc/base.c:2925
proc_single_show+0xeb/0x170 syzkaller/managers/linux-4-19/kernel/fs/proc/base.c:755
seq_read+0x4be/0x1160 syzkaller/managers/linux-4-19/kernel/fs/seq_file.c:229
do_loop_readv_writev syzkaller/managers/linux-4-19/kernel/fs/read_write.c:701 [inline]
do_loop_readv_writev syzkaller/managers/linux-4-19/kernel/fs/read_write.c:688 [inline]
do_iter_read+0x471/0x630 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:925
vfs_readv+0xe5/0x150 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:987
kernel_readv syzkaller/managers/linux-4-19/kernel/fs/splice.c:362 [inline]
default_file_splice_read+0x457/0xa00 syzkaller/managers/linux-4-19/kernel/fs/splice.c:417
do_splice_to+0x10e/0x160 syzkaller/managers/linux-4-19/kernel/fs/splice.c:881
splice_direct_to_actor+0x2b9/0x8d0 syzkaller/managers/linux-4-19/kernel/fs/splice.c:959
do_splice_direct+0x1a7/0x270 syzkaller/managers/linux-4-19/kernel/fs/splice.c:1068
vfs_copy_file_range+0x830/0xb00 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1614
__do_sys_copy_file_range syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1667 [inline]
__se_sys_copy_file_range+0x18d/0x410 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1634
do_syscall_64+0xf9/0x620 syzkaller/managers/linux-4-19/kernel/arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x465b09
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f522a78c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465b09
RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00000000004b069f R08: 0000000000000077 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007ffd6734212f R14: 00007f522a78c300 R15: 0000000000022000
UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 1024 failed
UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 4096 failed
UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 1024 failed
UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 4096 failed
UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 1024 failed
UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 4096 failed
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 1024 failed
UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 4096 failed
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready