[ INFO: possible circular locking dependency detected ]
4.9.141+ #1 Not tainted
-------------------------------------------------------
syz-executor.0/15017 is trying to acquire lock:
 (&sig->cred_guard_mutex){+.+.+.}, at: [<ffffffff810d2941>] mm_access+0x51/0x140 kernel/fork.c:1028
but task is already holding lock:
 (&sb->s_type->i_mutex_key){++++++}, at: [<ffffffff8152a634>] inode_lock_shared include/linux/fs.h:776 [inline]
 (&sb->s_type->i_mutex_key){++++++}, at: [<ffffffff8152a634>] lookup_slow+0x154/0x470 fs/namei.c:1645
which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&sb->s_type->i_mutex_key){++++++}:
       lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
       down_read+0x44/0xb0 kernel/locking/rwsem.c:22
       inode_lock_shared include/linux/fs.h:776 [inline]
       do_last fs/namei.c:3314 [inline]
       path_openat+0x1309/0x2790 fs/namei.c:3534
       do_filp_open+0x197/0x270 fs/namei.c:3568
       do_open_execat+0x10f/0x640 fs/exec.c:844
       open_exec+0x43/0x60 fs/exec.c:876
       load_script+0x5a4/0x740 fs/binfmt_script.c:100
       search_binary_handler+0x14f/0x6f0 fs/exec.c:1621
       exec_binprm fs/exec.c:1663 [inline]
       do_execveat_common.isra.14+0x1139/0x1ed0 fs/exec.c:1785
       do_execveat fs/exec.c:1840 [inline]
       SYSC_execveat fs/exec.c:1921 [inline]
       SyS_execveat+0x55/0x70 fs/exec.c:1913
       do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
       entry_SYSCALL_64_after_swapgs+0x5d/0xdb

-> #0 (&sig->cred_guard_mutex){+.+.+.}:
       check_prev_add kernel/locking/lockdep.c:1828 [inline]
       check_prevs_add kernel/locking/lockdep.c:1938 [inline]
       validate_chain kernel/locking/lockdep.c:2265 [inline]
       __lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345
       lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
       __mutex_lock_common kernel/locking/mutex.c:521 [inline]
       mutex_lock_killable_nested+0xcc/0x9f0 kernel/locking/mutex.c:641
       mm_access+0x51/0x140 kernel/fork.c:1028
       map_files_d_revalidate+0xf6/0x6e0 fs/proc/base.c:1933
       d_revalidate fs/namei.c:789 [inline]
       lookup_slow+0x361/0x470 fs/namei.c:1656
       walk_component+0x822/0xcf0 fs/namei.c:1784
       lookup_last fs/namei.c:2266 [inline]
       path_lookupat.isra.10+0x186/0x410 fs/namei.c:2283
       filename_lookup.part.18+0x177/0x370 fs/namei.c:2317
       filename_lookup fs/namei.c:2310 [inline]
       user_path_at_empty+0x53/0x70 fs/namei.c:2578
       user_path_at include/linux/namei.h:55 [inline]
       SYSC_quotactl fs/quota/quota.c:862 [inline]
       SyS_quotactl+0x7c4/0x1250 fs/quota/quota.c:834
       do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
       entry_SYSCALL_64_after_swapgs+0x5d/0xdb

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sb->s_type->i_mutex_key);
                               lock(&sig->cred_guard_mutex);
                               lock(&sb->s_type->i_mutex_key);
  lock(&sig->cred_guard_mutex);

 *** DEADLOCK ***

1 lock held by syz-executor.0/15017:
 #0:  (&sb->s_type->i_mutex_key){++++++}, at: [<ffffffff8152a634>] inode_lock_shared include/linux/fs.h:776 [inline]
 #0:  (&sb->s_type->i_mutex_key){++++++}, at: [<ffffffff8152a634>] lookup_slow+0x154/0x470 fs/namei.c:1645

stack backtrace:
CPU: 1 PID: 15017 Comm: syz-executor.0 Not tainted 4.9.141+ #1
 ffff8801d2637388 ffffffff81b42e79 ffffffff83ca2fd0 ffffffff83c73360
 ffffffff83ca2fd0 ffff8801cc63d010 ffff8801cc63c740 ffff8801d26373d0
 ffffffff813fee40 0000000000000001 00000000cc63cff0 0000000000000001
Call Trace:
 [<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff813fee40>] print_circular_bug.cold.36+0x2f7/0x432 kernel/locking/lockdep.c:1202
 [<ffffffff8120a539>] check_prev_add kernel/locking/lockdep.c:1828 [inline]
 [<ffffffff8120a539>] check_prevs_add kernel/locking/lockdep.c:1938 [inline]
 [<ffffffff8120a539>] validate_chain kernel/locking/lockdep.c:2265 [inline]
 [<ffffffff8120a539>] __lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345
 [<ffffffff8120c8d0>] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
 [<ffffffff8280c45c>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
 [<ffffffff8280c45c>] mutex_lock_killable_nested+0xcc/0x9f0 kernel/locking/mutex.c:641
 [<ffffffff810d2941>] mm_access+0x51/0x140 kernel/fork.c:1028
 [<ffffffff81666cb6>] map_files_d_revalidate+0xf6/0x6e0 fs/proc/base.c:1933
 [<ffffffff8152a841>] d_revalidate fs/namei.c:789 [inline]
 [<ffffffff8152a841>] lookup_slow+0x361/0x470 fs/namei.c:1656
 [<ffffffff81539cf2>] walk_component+0x822/0xcf0 fs/namei.c:1784
 [<ffffffff8153b6b6>] lookup_last fs/namei.c:2266 [inline]
 [<ffffffff8153b6b6>] path_lookupat.isra.10+0x186/0x410 fs/namei.c:2283
 [<ffffffff8153f697>] filename_lookup.part.18+0x177/0x370 fs/namei.c:2317
 [<ffffffff8153fa53>] filename_lookup fs/namei.c:2310 [inline]
 [<ffffffff8153fa53>] user_path_at_empty+0x53/0x70 fs/namei.c:2578
 [<ffffffff81654594>] user_path_at include/linux/namei.h:55 [inline]
 [<ffffffff81654594>] SYSC_quotactl fs/quota/quota.c:862 [inline]
 [<ffffffff81654594>] SyS_quotactl+0x7c4/0x1250 fs/quota/quota.c:834
 [<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
 [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15035 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=16563 sclass=netlink_route_socket pig=15035 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15035 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15035 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15035 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15035 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15035 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15035 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15035 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15035 comm=syz-executor.1
tc_dump_action: action bad kind
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
audit_printk_skb: 2103 callbacks suppressed
audit: type=1400 audit(1574318424.743:23220): avc:  denied  { net_admin } for  pid=15190 comm="syz-executor.4" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318424.783:23221): avc:  denied  { net_admin } for  pid=15191 comm="syz-executor.3" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318424.783:23222): avc:  denied  { net_admin } for  pid=15190 comm="syz-executor.4" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318424.783:23223): avc:  denied  { net_admin } for  pid=15190 comm="syz-executor.4" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318424.843:23224): avc:  denied  { net_admin } for  pid=15190 comm="syz-executor.4" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318424.843:23225): avc:  denied  { sys_admin } for  pid=2090 comm="syz-executor.4" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318424.843:23226): avc:  denied  { sys_admin } for  pid=2090 comm="syz-executor.4" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318424.843:23227): avc:  denied  { sys_admin } for  pid=2090 comm="syz-executor.4" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318424.843:23228): avc:  denied  { sys_admin } for  pid=2090 comm="syz-executor.4" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318424.843:23229): avc:  denied  { net_admin } for  pid=2090 comm="syz-executor.4" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
selinux_nlmsg_perm: 310 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15255 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=16563 sclass=netlink_route_socket pig=15255 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15255 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15255 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15255 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15255 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15255 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15255 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15255 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15255 comm=syz-executor.1
audit_printk_skb: 4152 callbacks suppressed
audit: type=1400 audit(1574318429.753:24616): avc:  denied  { net_admin } for  pid=2090 comm="syz-executor.4" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318429.743:24614): avc:  denied  { net_admin } for  pid=2087 comm="syz-executor.2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318429.743:24615): avc:  denied  { net_admin } for  pid=2089 comm="syz-executor.0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318429.753:24617): avc:  denied  { net_admin } for  pid=2087 comm="syz-executor.2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318429.753:24618): avc:  denied  { net_admin } for  pid=2089 comm="syz-executor.0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318429.763:24619): avc:  denied  { net_admin } for  pid=2087 comm="syz-executor.2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318429.763:24620): avc:  denied  { net_admin } for  pid=2089 comm="syz-executor.0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318429.763:24621): avc:  denied  { net_admin } for  pid=2087 comm="syz-executor.2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318429.763:24623): avc:  denied  { net_admin } for  pid=2087 comm="syz-executor.2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574318429.763:24622): avc:  denied  { net_admin } for  pid=2089 comm="syz-executor.0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1