====================================================== WARNING: possible circular locking dependency detected 4.19.128-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.4/3850 is trying to acquire lock: 00000000f42d6eb0 (&sig->cred_guard_mutex){+.+.}, at: lock_trace+0x45/0xe0 fs/proc/base.c:402 new mount options do not match the existing superblock, will be ignored but task is already holding lock: 00000000a9be68d0 (&p->lock){+.+.}, at: seq_read+0x6b/0x10c0 fs/seq_file.c:161 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&p->lock){+.+.}: seq_read+0x6b/0x10c0 fs/seq_file.c:161 proc_reg_read+0x1bd/0x280 fs/proc/inode.c:231 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x46b/0x640 fs/read_write.c:925 vfs_readv+0xf0/0x160 fs/read_write.c:987 kernel_readv fs/splice.c:362 [inline] default_file_splice_read+0x477/0x970 fs/splice.c:417 do_splice_to+0x10e/0x160 fs/splice.c:881 splice_direct_to_actor+0x2b9/0x8d0 fs/splice.c:959 do_splice_direct+0x1a8/0x270 fs/splice.c:1068 do_sendfile+0x549/0xc10 fs/read_write.c:1447 __do_sys_sendfile64 fs/read_write.c:1508 [inline] __se_sys_sendfile64+0x147/0x160 fs/read_write.c:1494 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #2 (sb_writers#3){.+.+}: sb_start_write include/linux/fs.h:1579 [inline] mnt_want_write+0x3a/0xb0 fs/namespace.c:360 ovl_do_remove+0xf8/0xd70 fs/overlayfs/dir.c:843 vfs_rmdir fs/namei.c:3882 [inline] vfs_rmdir+0x18b/0x450 fs/namei.c:3861 do_rmdir+0x371/0x3e0 fs/namei.c:3943 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (&ovl_i_mutex_dir_key[depth]){++++}: inode_lock_shared include/linux/fs.h:758 [inline] do_last fs/namei.c:3326 [inline] path_openat+0x1a04/0x2eb0 fs/namei.c:3537 do_filp_open+0x1a1/0x280 fs/namei.c:3567 do_open_execat+0x124/0x5b0 fs/exec.c:853 __do_execve_file.isra.0+0x18d6/0x20c0 fs/exec.c:1757 do_execveat_common fs/exec.c:1866 [inline] do_execve+0x2e/0x40 fs/exec.c:1883 __do_sys_execve fs/exec.c:1964 [inline] __se_sys_execve fs/exec.c:1959 [inline] __x64_sys_execve+0x7c/0xa0 fs/exec.c:1959 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&sig->cred_guard_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:925 [inline] __mutex_lock+0xf7/0x1300 kernel/locking/mutex.c:1072 lock_trace+0x45/0xe0 fs/proc/base.c:402 proc_pid_syscall+0x94/0x240 fs/proc/base.c:635 proc_single_show+0xeb/0x170 fs/proc/base.c:755 seq_read+0x4b9/0x10c0 fs/seq_file.c:229 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x46b/0x640 fs/read_write.c:925 vfs_readv+0xf0/0x160 fs/read_write.c:987 do_preadv+0x1b6/0x270 fs/read_write.c:1071 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&p->lock); lock(sb_writers#3); lock(&p->lock); lock(&sig->cred_guard_mutex); *** DEADLOCK *** 1 lock held by syz-executor.4/3850: #0: 00000000a9be68d0 (&p->lock){+.+.}, at: seq_read+0x6b/0x10c0 fs/seq_file.c:161 stack backtrace: CPU: 1 PID: 3850 Comm: syz-executor.4 Not tainted 4.19.128-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2fe lib/dump_stack.c:118 print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1221 check_prev_add kernel/locking/lockdep.c:1865 [inline] check_prevs_add kernel/locking/lockdep.c:1978 [inline] validate_chain kernel/locking/lockdep.c:2419 [inline] __lock_acquire+0x3145/0x4380 kernel/locking/lockdep.c:3415 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3907 __mutex_lock_common kernel/locking/mutex.c:925 [inline] __mutex_lock+0xf7/0x1300 kernel/locking/mutex.c:1072 lock_trace+0x45/0xe0 fs/proc/base.c:402 proc_pid_syscall+0x94/0x240 fs/proc/base.c:635 proc_single_show+0xeb/0x170 fs/proc/base.c:755 seq_read+0x4b9/0x10c0 fs/seq_file.c:229 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x46b/0x640 fs/read_write.c:925 vfs_readv+0xf0/0x160 fs/read_write.c:987 do_preadv+0x1b6/0x270 fs/read_write.c:1071 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45ca59 Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f5757d29c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 RAX: ffffffffffffffda RBX: 00000000004fb020 RCX: 000000000045ca59 RDX: 000000000000037d RSI: 0000000020000500 RDI: 0000000000000004 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000879 R14: 00000000004cb652 R15: 00007f5757d2a6d4 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored netlink: 56 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 56 bytes leftover after parsing attributes in process `syz-executor.5'. new mount options do not match the existing superblock, will be ignored netlink: 56 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 56 bytes leftover after parsing attributes in process `syz-executor.4'. new mount options do not match the existing superblock, will be ignored netlink: 56 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 56 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 56 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 56 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 56 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 56 bytes leftover after parsing attributes in process `syz-executor.3'. sctp: [Deprecated]: syz-executor.4 (pid 3995) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor.4 (pid 4010) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor.1 (pid 4019) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor.3 (pid 4028) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor.4 (pid 4029) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor.1 (pid 4038) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor.4 (pid 4045) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor.3 (pid 4047) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor.4 (pid 4058) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor.1 (pid 4057) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead nla_parse: 4 callbacks suppressed netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 'syz-executor.3': attribute type 7 has an invalid length. capability: warning: `syz-executor.2' uses 32-bit capabilities (legacy support in use) netlink: 'syz-executor.3': attribute type 39 has an invalid length. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 'syz-executor.3': attribute type 7 has an invalid length. netlink: 'syz-executor.3': attribute type 39 has an invalid length. netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 'syz-executor.3': attribute type 7 has an invalid length. netlink: 'syz-executor.3': attribute type 39 has an invalid length. netlink: 'syz-executor.1': attribute type 7 has an invalid length. netlink: 'syz-executor.1': attribute type 39 has an invalid length. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 'syz-executor.1': attribute type 7 has an invalid length. netlink: 'syz-executor.1': attribute type 39 has an invalid length. input: syz1 as /devices/virtual/input/input36 input: syz1 as /devices/virtual/input/input37 ieee80211 : Selected rate control algorithm 'minstrel_ht' input: syz1 as /devices/virtual/input/input38 input: syz1 as /devices/virtual/input/input39 ieee80211 phy26: Selected rate control algorithm 'minstrel_ht' input: syz1 as /devices/virtual/input/input40