====================================================== [ INFO: possible circular locking dependency detected ] 4.9.202+ #0 Not tainted ------------------------------------------------------- syz-executor.3/9816 is trying to acquire lock: (&sb->s_type->i_mutex_key){++++++}, at: [<00000000e3557141>] inode_lock_shared include/linux/fs.h:781 [inline] (&sb->s_type->i_mutex_key){++++++}, at: [<00000000e3557141>] do_last fs/namei.c:3355 [inline] (&sb->s_type->i_mutex_key){++++++}, at: [<00000000e3557141>] path_openat+0x16a8/0x2f60 fs/namei.c:3581 but task is already holding lock: (&sig->cred_guard_mutex){+.+.+.}, at: [<000000001cebc55d>] prepare_bprm_creds+0x55/0x120 fs/exec.c:1369 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3759 __mutex_lock_common kernel/locking/mutex.c:521 [inline] mutex_lock_killable_nested+0xcd/0xa10 kernel/locking/mutex.c:641 mm_access+0x4f/0x140 kernel/fork.c:1030 map_files_d_revalidate+0xfa/0x6d0 fs/proc/base.c:1929 d_revalidate fs/namei.c:789 [inline] lookup_slow+0x373/0x480 fs/namei.c:1697 walk_component+0x71e/0xce0 fs/namei.c:1825 lookup_last fs/namei.c:2307 [inline] path_lookupat.isra.0+0x18f/0x3f0 fs/namei.c:2324 filename_lookup+0x1a1/0x3b0 fs/namei.c:2358 user_path_at_empty+0x43/0x50 fs/namei.c:2619 user_path_at include/linux/namei.h:55 [inline] SYSC_quotactl fs/quota/quota.c:862 [inline] SyS_quotactl+0x623/0x1170 fs/quota/quota.c:834 do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 entry_SYSCALL_64_after_swapgs+0x5d/0xdb check_prev_add kernel/locking/lockdep.c:1828 [inline] check_prevs_add kernel/locking/lockdep.c:1938 [inline] validate_chain kernel/locking/lockdep.c:2265 [inline] __lock_acquire+0x2d22/0x4390 kernel/locking/lockdep.c:3345 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3759 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 inode_lock_shared include/linux/fs.h:781 [inline] do_last fs/namei.c:3355 [inline] path_openat+0x16a8/0x2f60 fs/namei.c:3581 do_filp_open+0x1a1/0x280 fs/namei.c:3615 do_open_execat+0x10c/0x6a0 fs/exec.c:844 do_execveat_common.isra.0+0x698/0x1db0 fs/exec.c:1723 do_execveat fs/exec.c:1840 [inline] SYSC_execveat fs/exec.c:1921 [inline] SyS_execveat+0x55/0x70 fs/exec.c:1913 do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 entry_SYSCALL_64_after_swapgs+0x5d/0xdb other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sig->cred_guard_mutex); lock(&sb->s_type->i_mutex_key); lock(&sig->cred_guard_mutex); lock(&sb->s_type->i_mutex_key); *** DEADLOCK *** 1 lock held by syz-executor.3/9816: #0: (&sig->cred_guard_mutex){+.+.+.}, at: [<000000001cebc55d>] prepare_bprm_creds+0x55/0x120 fs/exec.c:1369 stack backtrace: CPU: 1 PID: 9816 Comm: syz-executor.3 Not tainted 4.9.202+ #0 ffff8801d442f728 ffffffff81b55d2b ffffffff83c7ef10 ffffffff83cae9d0 ffffffff83c7ef10 ffffffff8424ff40 ffff8801d49697c0 ffff8801d442f780 ffffffff81406d6a ffff8801d442f748 ffff8801d442f870 ffff8801d496a098 Call Trace: [<00000000d0fc34f0>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000d0fc34f0>] dump_stack+0xcb/0x130 lib/dump_stack.c:56 [<000000005a6c4e5c>] print_circular_bug.cold+0x2f6/0x454 kernel/locking/lockdep.c:1202 [<00000000916f0b54>] check_prev_add kernel/locking/lockdep.c:1828 [inline] [<00000000916f0b54>] check_prevs_add kernel/locking/lockdep.c:1938 [inline] [<00000000916f0b54>] validate_chain kernel/locking/lockdep.c:2265 [inline] [<00000000916f0b54>] __lock_acquire+0x2d22/0x4390 kernel/locking/lockdep.c:3345 [<00000000665c7baa>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3759 [<0000000013561747>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22 [<00000000e3557141>] inode_lock_shared include/linux/fs.h:781 [inline] [<00000000e3557141>] do_last fs/namei.c:3355 [inline] [<00000000e3557141>] path_openat+0x16a8/0x2f60 fs/namei.c:3581 [<00000000cec9a5c6>] do_filp_open+0x1a1/0x280 fs/namei.c:3615 [<00000000e094eca1>] do_open_execat+0x10c/0x6a0 fs/exec.c:844 [<00000000442ba990>] do_execveat_common.isra.0+0x698/0x1db0 fs/exec.c:1723 [<00000000978b31ad>] do_execveat fs/exec.c:1840 [inline] [<00000000978b31ad>] SYSC_execveat fs/exec.c:1921 [inline] [<00000000978b31ad>] SyS_execveat+0x55/0x70 fs/exec.c:1913 [<00000000f9f3c6cb>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000c1ac9e6c>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb selinux_nlmsg_perm: 1253 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pig=9854 comm=syz-executor.4 audit: type=1400 audit(1574209050.294:45): avc: denied { write } for pid=9831 comm="syz-executor.4" path="socket:[20958]" dev="sockfs" ino=20958 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pig=9854 comm=syz-executor.4 EXT4-fs (loop1): VFS: Can't find ext4 filesystem EXT4-fs (loop1): VFS: Can't find ext4 filesystem IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready