====================================================== WARNING: possible circular locking dependency detected 4.19.172-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/4390 is trying to acquire lock: 000000006756dfdb (&sig->cred_guard_mutex){+.+.}, at: lock_trace syzkaller/managers/linux-4-19/kernel/fs/proc/base.c:402 [inline] 000000006756dfdb (&sig->cred_guard_mutex){+.+.}, at: proc_pid_personality+0x4a/0x170 syzkaller/managers/linux-4-19/kernel/fs/proc/base.c:2925 but task is already holding lock: 00000000b3cabca6 (&p->lock){+.+.}, at: seq_read+0x6b/0x1160 syzkaller/managers/linux-4-19/kernel/fs/seq_file.c:161 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&p->lock){+.+.}: seq_read+0x6b/0x1160 syzkaller/managers/linux-4-19/kernel/fs/seq_file.c:161 proc_reg_read+0x1bd/0x2d0 syzkaller/managers/linux-4-19/kernel/fs/proc/inode.c:231 do_loop_readv_writev syzkaller/managers/linux-4-19/kernel/fs/read_write.c:701 [inline] do_loop_readv_writev syzkaller/managers/linux-4-19/kernel/fs/read_write.c:688 [inline] do_iter_read+0x471/0x630 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:925 vfs_readv+0xe5/0x150 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:987 kernel_readv syzkaller/managers/linux-4-19/kernel/fs/splice.c:362 [inline] default_file_splice_read+0x457/0xa00 syzkaller/managers/linux-4-19/kernel/fs/splice.c:417 do_splice_to+0x10e/0x160 syzkaller/managers/linux-4-19/kernel/fs/splice.c:881 splice_direct_to_actor+0x2b9/0x8d0 syzkaller/managers/linux-4-19/kernel/fs/splice.c:959 do_splice_direct+0x1a7/0x270 syzkaller/managers/linux-4-19/kernel/fs/splice.c:1068 do_sendfile+0x550/0xc30 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1447 __do_sys_sendfile64 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1508 [inline] __se_sys_sendfile64+0x147/0x160 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1494 do_syscall_64+0xf9/0x620 syzkaller/managers/linux-4-19/kernel/arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #2 (sb_writers#3){.+.+}: sb_start_write syzkaller/managers/linux-4-19/kernel/./include/linux/fs.h:1579 [inline] mnt_want_write+0x3a/0xb0 syzkaller/managers/linux-4-19/kernel/fs/namespace.c:360 ovl_do_remove+0xf0/0xdb0 syzkaller/managers/linux-4-19/kernel/fs/overlayfs/dir.c:843 vfs_rmdir.part.0+0x10f/0x3d0 syzkaller/managers/linux-4-19/kernel/fs/namei.c:3882 vfs_rmdir syzkaller/managers/linux-4-19/kernel/fs/namei.c:3868 [inline] do_rmdir+0x3fd/0x490 syzkaller/managers/linux-4-19/kernel/fs/namei.c:3943 do_syscall_64+0xf9/0x620 syzkaller/managers/linux-4-19/kernel/arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (&ovl_i_mutex_dir_key[depth]){++++}: inode_lock_shared syzkaller/managers/linux-4-19/kernel/./include/linux/fs.h:758 [inline] do_last syzkaller/managers/linux-4-19/kernel/fs/namei.c:3326 [inline] path_openat+0x17ec/0x2df0 syzkaller/managers/linux-4-19/kernel/fs/namei.c:3537 do_filp_open+0x18c/0x3f0 syzkaller/managers/linux-4-19/kernel/fs/namei.c:3567 do_open_execat+0x11d/0x5b0 syzkaller/managers/linux-4-19/kernel/fs/exec.c:853 __do_execve_file+0x1a8b/0x2360 syzkaller/managers/linux-4-19/kernel/fs/exec.c:1770 do_execveat_common syzkaller/managers/linux-4-19/kernel/fs/exec.c:1879 [inline] do_execve+0x35/0x50 syzkaller/managers/linux-4-19/kernel/fs/exec.c:1896 __do_sys_execve syzkaller/managers/linux-4-19/kernel/fs/exec.c:1977 [inline] __se_sys_execve syzkaller/managers/linux-4-19/kernel/fs/exec.c:1972 [inline] __x64_sys_execve+0x7c/0xa0 syzkaller/managers/linux-4-19/kernel/fs/exec.c:1972 do_syscall_64+0xf9/0x620 syzkaller/managers/linux-4-19/kernel/arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&sig->cred_guard_mutex){+.+.}: __mutex_lock_common syzkaller/managers/linux-4-19/kernel/kernel/locking/mutex.c:925 [inline] __mutex_lock+0xd7/0x1260 syzkaller/managers/linux-4-19/kernel/kernel/locking/mutex.c:1072 lock_trace syzkaller/managers/linux-4-19/kernel/fs/proc/base.c:402 [inline] proc_pid_personality+0x4a/0x170 syzkaller/managers/linux-4-19/kernel/fs/proc/base.c:2925 proc_single_show+0xeb/0x170 syzkaller/managers/linux-4-19/kernel/fs/proc/base.c:755 seq_read+0x4be/0x1160 syzkaller/managers/linux-4-19/kernel/fs/seq_file.c:229 do_loop_readv_writev syzkaller/managers/linux-4-19/kernel/fs/read_write.c:701 [inline] do_loop_readv_writev syzkaller/managers/linux-4-19/kernel/fs/read_write.c:688 [inline] do_iter_read+0x471/0x630 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:925 vfs_readv+0xe5/0x150 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:987 kernel_readv syzkaller/managers/linux-4-19/kernel/fs/splice.c:362 [inline] default_file_splice_read+0x457/0xa00 syzkaller/managers/linux-4-19/kernel/fs/splice.c:417 do_splice_to+0x10e/0x160 syzkaller/managers/linux-4-19/kernel/fs/splice.c:881 splice_direct_to_actor+0x2b9/0x8d0 syzkaller/managers/linux-4-19/kernel/fs/splice.c:959 do_splice_direct+0x1a7/0x270 syzkaller/managers/linux-4-19/kernel/fs/splice.c:1068 vfs_copy_file_range+0x830/0xb00 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1614 __do_sys_copy_file_range syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1667 [inline] __se_sys_copy_file_range+0x18d/0x410 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1634 do_syscall_64+0xf9/0x620 syzkaller/managers/linux-4-19/kernel/arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&p->lock); lock(sb_writers#3); lock(&p->lock); lock(&sig->cred_guard_mutex); *** DEADLOCK *** 2 locks held by syz-executor.0/4390: #0: 00000000cac6b49d (sb_writers#4){.+.+}, at: file_start_write syzkaller/managers/linux-4-19/kernel/./include/linux/fs.h:2779 [inline] #0: 00000000cac6b49d (sb_writers#4){.+.+}, at: vfs_copy_file_range+0x94e/0xb00 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1592 #1: 00000000b3cabca6 (&p->lock){+.+.}, at: seq_read+0x6b/0x1160 syzkaller/managers/linux-4-19/kernel/fs/seq_file.c:161 stack backtrace: CPU: 0 PID: 4390 Comm: syz-executor.0 Not tainted 4.19.172-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack syzkaller/managers/linux-4-19/kernel/lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef syzkaller/managers/linux-4-19/kernel/lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e syzkaller/managers/linux-4-19/kernel/kernel/locking/lockdep.c:1221 check_prev_add syzkaller/managers/linux-4-19/kernel/kernel/locking/lockdep.c:1865 [inline] check_prevs_add syzkaller/managers/linux-4-19/kernel/kernel/locking/lockdep.c:1978 [inline] validate_chain syzkaller/managers/linux-4-19/kernel/kernel/locking/lockdep.c:2419 [inline] __lock_acquire+0x30c9/0x3ff0 syzkaller/managers/linux-4-19/kernel/kernel/locking/lockdep.c:3415 lock_acquire+0x170/0x3c0 syzkaller/managers/linux-4-19/kernel/kernel/locking/lockdep.c:3907 __mutex_lock_common syzkaller/managers/linux-4-19/kernel/kernel/locking/mutex.c:925 [inline] __mutex_lock+0xd7/0x1260 syzkaller/managers/linux-4-19/kernel/kernel/locking/mutex.c:1072 lock_trace syzkaller/managers/linux-4-19/kernel/fs/proc/base.c:402 [inline] proc_pid_personality+0x4a/0x170 syzkaller/managers/linux-4-19/kernel/fs/proc/base.c:2925 proc_single_show+0xeb/0x170 syzkaller/managers/linux-4-19/kernel/fs/proc/base.c:755 seq_read+0x4be/0x1160 syzkaller/managers/linux-4-19/kernel/fs/seq_file.c:229 do_loop_readv_writev syzkaller/managers/linux-4-19/kernel/fs/read_write.c:701 [inline] do_loop_readv_writev syzkaller/managers/linux-4-19/kernel/fs/read_write.c:688 [inline] do_iter_read+0x471/0x630 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:925 vfs_readv+0xe5/0x150 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:987 kernel_readv syzkaller/managers/linux-4-19/kernel/fs/splice.c:362 [inline] default_file_splice_read+0x457/0xa00 syzkaller/managers/linux-4-19/kernel/fs/splice.c:417 do_splice_to+0x10e/0x160 syzkaller/managers/linux-4-19/kernel/fs/splice.c:881 splice_direct_to_actor+0x2b9/0x8d0 syzkaller/managers/linux-4-19/kernel/fs/splice.c:959 do_splice_direct+0x1a7/0x270 syzkaller/managers/linux-4-19/kernel/fs/splice.c:1068 vfs_copy_file_range+0x830/0xb00 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1614 __do_sys_copy_file_range syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1667 [inline] __se_sys_copy_file_range+0x18d/0x410 syzkaller/managers/linux-4-19/kernel/fs/read_write.c:1634 do_syscall_64+0xf9/0x620 syzkaller/managers/linux-4-19/kernel/arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465b09 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f522a78c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465b09 RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00000000004b069f R08: 0000000000000077 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffd6734212f R14: 00007f522a78c300 R15: 0000000000022000 UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 512 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 1024 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 2048 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 4096 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 512 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 1024 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 2048 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 4096 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 512 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 1024 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 2048 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 4096 failed new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 512 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 1024 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 2048 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 4096 failed new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready