====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.5/23611 is trying to acquire lock: 00000000aa584eb4 (&ovl_i_mutex_key[depth]#2){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] 00000000aa584eb4 (&ovl_i_mutex_key[depth]#2){+.+.}, at: process_measurement+0x926/0x1440 security/integrity/ima/ima_main.c:205 but task is already holding lock: 000000001caf8cc6 (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds fs/exec.c:1419 [inline] 000000001caf8cc6 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file+0x38c/0x2360 fs/exec.c:1762 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #4 (&sig->cred_guard_mutex){+.+.}: do_io_accounting fs/proc/base.c:2750 [inline] proc_tgid_io_accounting+0x1cf/0x7f0 fs/proc/base.c:2799 proc_single_show+0xeb/0x170 fs/proc/base.c:755 seq_read+0x4e0/0x11c0 fs/seq_file.c:232 __vfs_read+0xf7/0x750 fs/read_write.c:416 vfs_read+0x194/0x3c0 fs/read_write.c:452 ksys_read+0x12b/0x2a0 fs/read_write.c:579 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #3 (&p->lock){+.+.}: seq_read+0x6b/0x11c0 fs/seq_file.c:164 proc_reg_read+0x1bd/0x2d0 fs/proc/inode.c:231 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x471/0x630 fs/read_write.c:925 vfs_readv+0xe5/0x150 fs/read_write.c:987 kernel_readv fs/splice.c:362 [inline] default_file_splice_read+0x457/0xa00 fs/splice.c:417 do_splice_to+0x10e/0x160 fs/splice.c:881 splice_direct_to_actor+0x2b9/0x8d0 fs/splice.c:959 do_splice_direct+0x1a7/0x270 fs/splice.c:1068 do_sendfile+0x550/0xc30 fs/read_write.c:1447 __do_sys_sendfile64 fs/read_write.c:1508 [inline] __se_sys_sendfile64+0x147/0x160 fs/read_write.c:1494 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #2 (sb_writers#3){.+.+}: sb_start_write include/linux/fs.h:1579 [inline] mnt_want_write+0x3a/0xb0 fs/namespace.c:360 ovl_rename+0x22b/0x1a50 fs/overlayfs/dir.c:1084 vfs_rename+0x67e/0x1bc0 fs/namei.c:4479 do_renameat2+0xb59/0xc70 fs/namei.c:4629 __do_sys_rename fs/namei.c:4675 [inline] __se_sys_rename fs/namei.c:4673 [inline] __x64_sys_rename+0x5d/0x80 fs/namei.c:4673 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (&ovl_i_mutex_key[depth]#2/4){+.+.}: inode_lock_nested include/linux/fs.h:783 [inline] lock_two_nondirectories+0xd1/0x110 fs/inode.c:1017 vfs_rename+0x3cb/0x1bc0 fs/namei.c:4453 do_renameat2+0xb59/0xc70 fs/namei.c:4629 __do_sys_rename fs/namei.c:4675 [inline] __se_sys_rename fs/namei.c:4673 [inline] __x64_sys_rename+0x5d/0x80 fs/namei.c:4673 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&ovl_i_mutex_key[depth]#2){+.+.}: down_write+0x34/0x90 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:748 [inline] process_measurement+0x926/0x1440 security/integrity/ima/ima_main.c:205 ima_file_check+0xb9/0x100 security/integrity/ima/ima_main.c:391 do_last fs/namei.c:3425 [inline] path_openat+0x7e4/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_open_execat+0x11d/0x5b0 fs/exec.c:853 __do_execve_file+0x1a8b/0x2360 fs/exec.c:1770 do_execveat_common fs/exec.c:1879 [inline] do_execve+0x35/0x50 fs/exec.c:1896 __do_sys_execve fs/exec.c:1977 [inline] __se_sys_execve fs/exec.c:1972 [inline] __x64_sys_execve+0x7c/0xa0 fs/exec.c:1972 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: &ovl_i_mutex_key[depth]#2 --> &p->lock --> &sig->cred_guard_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sig->cred_guard_mutex); lock(&p->lock); lock(&sig->cred_guard_mutex); lock(&ovl_i_mutex_key[depth]#2); *** DEADLOCK *** 1 lock held by syz-executor.5/23611: #0: 000000001caf8cc6 (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds fs/exec.c:1419 [inline] #0: 000000001caf8cc6 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file+0x38c/0x2360 fs/exec.c:1762 stack backtrace: CPU: 1 PID: 23611 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 down_write+0x34/0x90 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:748 [inline] process_measurement+0x926/0x1440 security/integrity/ima/ima_main.c:205 ima_file_check+0xb9/0x100 security/integrity/ima/ima_main.c:391 do_last fs/namei.c:3425 [inline] path_openat+0x7e4/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_open_execat+0x11d/0x5b0 fs/exec.c:853 __do_execve_file+0x1a8b/0x2360 fs/exec.c:1770 do_execveat_common fs/exec.c:1879 [inline] do_execve+0x35/0x50 fs/exec.c:1896 __do_sys_execve fs/exec.c:1977 [inline] __se_sys_execve fs/exec.c:1972 [inline] __x64_sys_execve+0x7c/0xa0 fs/exec.c:1972 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f0096f5e0e9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f0095891168 EFLAGS: 00000246 ORIG_RAX: 000000000000003b RAX: ffffffffffffffda RBX: 00007f0097071100 RCX: 00007f0096f5e0e9 RDX: 0000000020000880 RSI: 00000000200005c0 RDI: 0000000020000140 RBP: 00007f0096fb808d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd45515c1f R14: 00007f0095891300 R15: 0000000000022000 IPVS: ftp: loaded support on port[0] = 21 overlayfs: failed to resolve './file0': -2 overlayfs: failed to resolve './file0': -2 overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. tmpfs: Bad mount option Nr_s overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. tmpfs: Bad mount option Nr_s tmpfs: Bad mount option Nr_s tmpfs: Bad mount option Nr_s overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. IPVS: ftp: loaded support on port[0] = 21 tmpfs: Bad mount option Nr_s tmpfs: Bad mount option Nr_s tmpfs: Bad mount option Nr_s tmpfs: Bad mount option Nr_s overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. hfsplus: unable to find HFS+ superblock tmpfs: Bad mount option Nr_s hfsplus: unable to find HFS+ superblock Process accounting resumed hfsplus: unable to find HFS+ superblock overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. tmpfs: Bad mount option Nr_s tmpfs: Bad mount option Nr_s Process accounting resumed hfsplus: unable to find HFS+ superblock Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. Process accounting resumed overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. Process accounting resumed Process accounting resumed overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. Process accounting resumed overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. Process accounting resumed overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. Process accounting resumed overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: failed to resolve './file0': -2 overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. tmpfs: No value for mount option '' overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: failed to resolve './file0': -2 overlayfs: failed to resolve './file0': -2 tmpfs: No value for mount option 'nKC3\H/' overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. tmpfs: Bad value 's1%69' for mount option 'size' overlayfs: failed to resolve './file0': -2 tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: Bad value 's1%69' for mount option 'size' tmpfs: No value for mount option 'nKC3\H/' overlayfs: failed to resolve './file1': -2 tmpfs: No value for mount option 'nKC3\H/' overlayfs: failed to resolve './file0': -2 tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' tmpfs: No value for mount option 'nKC3\H/' overlayfs: failed to resolve './file1': -2 overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. tmpfs: Bad value 's1%69' for mount option 'size' overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: failed to resolve './file1': -2 overlayfs: failed to resolve './file0': -2 FAT-fs (loop2): Unrecognized mount option "seclabel" or missing value overlayfs: failed to resolve './file0': -2 Process accounting resumed overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: failed to resolve './file0': -2 Process accounting resumed overlayfs: failed to resolve './file0': -2 FAT-fs (loop2): Unrecognized mount option "seclabel" or missing value Process accounting resumed overlayfs: failed to resolve './file0': -2 FAT-fs (loop2): Unrecognized mount option "seclabel" or missing value overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. FAT-fs (loop2): Unrecognized mount option "seclabel" or missing value FAT-fs (loop2): Unrecognized mount option "seclabel" or missing value FAT-fs (loop2): Unrecognized mount option "seclabel" or missing value overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: failed to resolve './file1': -2 FAT-fs (loop2): Unrecognized mount option "seclabel" or missing value FAT-fs (loop2): Unrecognized mount option "seclabel" or missing value FAT-fs (loop2): Unrecognized mount option "seclabel" or missing value FAT-fs (loop2): Unrecognized mount option "seclabel" or missing value FAT-fs (loop2): Unrecognized mount option "seclabel" or missing value FAT-fs (loop2): Unrecognized mount option "seclabel" or missing value FAT-fs (loop2): Unrecognized mount option "seclabel" or missing value FAT-fs (loop2): Unrecognized mount option "seclabel" or missing value tmpfs: Bad mount option nrinodjs overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. Process accounting resumed tmpfs: Bad mount option nrinodjs tmpfs: Bad mount option nrinodjs overlayfs: failed to resolve './file0': -2 tmpfs: No value for mount option 'nr_inodes]1' overlayfs: failed to resolve './file0': -2 tmpfs: No value for mount option 'nr_inodes]1' overlayfs: failed to resolve './file0': -2 tmpfs: No value for mount option 'nr_inodes]1' overlayfs: failed to resolve './file1': -2 tmpfs: No value for mount option 'nr_inoe R Be' overlayfs: failed to resolve './file0': -2 tmpfs: No value for mount option 'nr_inoe R Be' overlayfs: failed to resolve './file1': -2 tmpfs: No value for mount option 'nr_inoe R Be' ISOFS: Unable to identify CD-ROM format. tmpfs: No value for mount option 'nr_inoe R Be' SQUASHFS error: squashfs_read_data failed to read block 0x0 squashfs: SQUASHFS error: unable to read squashfs_super_block overlayfs: failed to resolve './file0': -2 overlayfs: failed to resolve './file1': -2 overlayfs: failed to resolve './file0': -2 SQUASHFS error: squashfs_read_data failed to read block 0x0 squashfs: SQUASHFS error: unable to read squashfs_super_block overlayfs: failed to resolve './file0': -2 overlayfs: failed to resolve './file0': -2 overlayfs: failed to resolve './file0': -2 overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. SQUASHFS error: squashfs_read_data failed to read block 0x0 squashfs: SQUASHFS error: unable to read squashfs_super_block SQUASHFS error: squashfs_read_data failed to read block 0x0 squashfs: SQUASHFS error: unable to read squashfs_super_block overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.