binder: BINDER_SET_CONTEXT_MGR already set
binder: 27140:27159 ioctl 40046207 0 returned -16
======================================================
binder: 27140:27170 unknown command 262144
WARNING: possible circular locking dependency detected
4.14.95+ #14 Not tainted
------------------------------------------------------
syz-executor0/27167 is trying to acquire lock:
 (&sig->cred_guard_mutex){+.+.}, at: [<ffffffff8a8a071f>] lock_trace+0x3f/0xc0 fs/proc/base.c:408

but task is already holding lock:
 (&p->lock){+.+.}, at: [<ffffffff8a7cc9cd>] seq_read+0xcd/0x1180 fs/seq_file.c:165

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2
binder: 27140:27170 ioctl c0306201 200002c0 returned -22
 (&p->lock){+.+.}:

-> #1 (&pipe->mutex/1){+.+.}:

-> #0 (&sig->cred_guard_mutex){+.+.}:
binder: 27140:27159 Release 1 refcount change on invalid ref 1 ret -22

other info that might help us debug this:

Chain exists of:
  &sig->cred_guard_mutex --> &pipe->mutex/1 --> &p->lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&p->lock);
                               lock(&pipe->mutex/1);
                               lock(&p->lock);
  lock(&sig->cred_guard_mutex);

 *** DEADLOCK ***

1 lock held by syz-executor0/27167:
 #0:  (&p->lock){+.+.}, at: [<ffffffff8a7cc9cd>] seq_read+0xcd/0x1180 fs/seq_file.c:165

stack backtrace:
CPU: 0 PID: 27167 Comm: syz-executor0 Not tainted 4.14.95+ #14
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xb9/0x10e lib/dump_stack.c:53
 print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1258
binder: release 27140:27170 transaction 49 out, still active
binder: BINDER_SET_CONTEXT_MGR already set
binder: 27194:27213 ioctl 40046207 0 returned -16
binder: 27194:27220 unknown command 262144
binder: 27194:27220 ioctl c0306201 200002c0 returned -22
binder: 27194:27213 Release 1 refcount change on invalid ref 1 ret -22
binder: release 27194:27220 transaction 52 out, still active
binder: BINDER_SET_CONTEXT_MGR already set
binder: 27246:27276 ioctl 40046207 0 returned -16
binder: 27246:27276 unknown command 262144
binder: 27246:27276 ioctl c0306201 200002c0 returned -22
binder: 27246:27292 Release 1 refcount change on invalid ref 1 ret -22
binder: release 27246:27276 transaction 55 out, still active
binder: BINDER_SET_CONTEXT_MGR already set
binder: 27310:27333 ioctl 40046207 0 returned -16
binder: 27310:27340 unknown command 262144
binder: 27310:27340 ioctl c0306201 200002c0 returned -22
binder: 27310:27333 Release 1 refcount change on invalid ref 1 ret -22
binder: release 27310:27340 transaction 58 out, still active
binder: BINDER_SET_CONTEXT_MGR already set
binder: 27354:27380 ioctl 40046207 0 returned -16
binder: 27354:27380 unknown command 262144
binder: 27354:27380 ioctl c0306201 200002c0 returned -22
binder: 27354:27380 Release 1 refcount change on invalid ref 1 ret -22
binder: release 27354:27380 transaction 61 out, still active
binder: BINDER_SET_CONTEXT_MGR already set
binder: 27411:27438 ioctl 40046207 0 returned -16
binder: 27411:27438 unknown command 262144
binder: 27411:27438 ioctl c0306201 200002c0 returned -22
binder: 27411:27438 Release 1 refcount change on invalid ref 1 ret -22
binder: release 27411:27438 transaction 64 out, still active
binder: BINDER_SET_CONTEXT_MGR already set
binder: 27455:27476 ioctl 40046207 0 returned -16
binder: 27455:27476 unknown command 262144
binder: 27455:27476 ioctl c0306201 200002c0 returned -22
binder: 27455:27476 Release 1 refcount change on invalid ref 1 ret -22
binder: release 27455:27476 transaction 67 out, still active
binder: BINDER_SET_CONTEXT_MGR already set
binder: 27512:27537 ioctl 40046207 0 returned -16
binder: 27512:27537 unknown command 262144
binder: 27512:27537 ioctl c0306201 200002c0 returned -22
binder: 27512:27537 Release 1 refcount change on invalid ref 1 ret -22
binder: release 27512:27537 transaction 70 out, still active
binder: BINDER_SET_CONTEXT_MGR already set
binder: 27571:27600 ioctl 40046207 0 returned -16
binder: 27571:27600 unknown command 262144
binder: 27571:27600 ioctl c0306201 200002c0 returned -22
binder: 27571:27600 Release 1 refcount change on invalid ref 1 ret -22
binder: release 27571:27600 transaction 73 out, still active
binder: BINDER_SET_CONTEXT_MGR already set
binder: 27607:27633 ioctl 40046207 0 returned -16
binder: 27607:27633 unknown command 262144
binder: 27607:27633 ioctl c0306201 200002c0 returned -22
binder: 27607:27633 Release 1 refcount change on invalid ref 1 ret -22
binder: release 27607:27633 transaction 76 out, still active
binder: BINDER_SET_CONTEXT_MGR already set
binder: 27657:27685 ioctl 40046207 0 returned -16
binder: 27657:27701 unknown command 262144
binder: 27657:27701 ioctl c0306201 200002c0 returned -22
PF_BRIDGE: RTM_SETLINK with unknown ifindex
binder: 27657:27685 Release 1 refcount change on invalid ref 1 ret -22
PF_BRIDGE: RTM_SETLINK with unknown ifindex
binder: release 27657:27701 transaction 79 out, still active
binder: BINDER_SET_CONTEXT_MGR already set
binder: 27729:27753 ioctl 40046207 0 returned -16
binder: 27729:27768 unknown command 262144
binder: 27729:27768 ioctl c0306201 200002c0 returned -22
binder: 27729:27753 Release 1 refcount change on invalid ref 1 ret -22
binder: release 27729:27768 transaction 82 out, still active
binder: BINDER_SET_CONTEXT_MGR already set
binder: 27795:27821 ioctl 40046207 0 returned -16
binder: 27795:27821 unknown command 262144