[ INFO: possible circular locking dependency detected ]
4.9.141+ #23 Not tainted
-------------------------------------------------------
syz-executor.0/16260 is trying to acquire lock:
 (&sig->cred_guard_mutex){+.+.+.}, at: [<ffffffff810d2941>] mm_access+0x51/0x140 kernel/fork.c:1028
but task is already holding lock:
 (&sb->s_type->i_mutex_key){++++++}, at: [<ffffffff8153cf13>] inode_lock include/linux/fs.h:766 [inline]
 (&sb->s_type->i_mutex_key){++++++}, at: [<ffffffff8153cf13>] do_last fs/namei.c:3312 [inline]
 (&sb->s_type->i_mutex_key){++++++}, at: [<ffffffff8153cf13>] path_openat+0xf13/0x2790 fs/namei.c:3534
which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&sb->s_type->i_mutex_key){++++++}:
       lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
       down_read+0x44/0xb0 kernel/locking/rwsem.c:22
       inode_lock_shared include/linux/fs.h:776 [inline]
       do_last fs/namei.c:3314 [inline]
       path_openat+0x1309/0x2790 fs/namei.c:3534
       do_filp_open+0x197/0x270 fs/namei.c:3568
       do_open_execat+0x10f/0x640 fs/exec.c:844
       open_exec+0x43/0x60 fs/exec.c:876
       load_script+0x5a4/0x740 fs/binfmt_script.c:100
       search_binary_handler+0x14f/0x6f0 fs/exec.c:1621
       exec_binprm fs/exec.c:1663 [inline]
       do_execveat_common.isra.14+0x1139/0x1ed0 fs/exec.c:1785
       compat_do_execveat fs/exec.c:1872 [inline]
       C_SYSC_execveat fs/exec.c:1942 [inline]
       compat_SyS_execveat+0x5b/0x70 fs/exec.c:1934
       do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline]
       do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390
       entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137

-> #0 (&sig->cred_guard_mutex){+.+.+.}:
       check_prev_add kernel/locking/lockdep.c:1828 [inline]
       check_prevs_add kernel/locking/lockdep.c:1938 [inline]
       validate_chain kernel/locking/lockdep.c:2265 [inline]
       __lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345
       lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
       __mutex_lock_common kernel/locking/mutex.c:521 [inline]
       mutex_lock_killable_nested+0xcc/0x9f0 kernel/locking/mutex.c:641
       mm_access+0x51/0x140 kernel/fork.c:1028
       map_files_d_revalidate+0xf6/0x6e0 fs/proc/base.c:1933
       d_revalidate fs/namei.c:789 [inline]
       lookup_open+0x468/0x18b0 fs/namei.c:3144
       do_last fs/namei.c:3315 [inline]
       path_openat+0xf3d/0x2790 fs/namei.c:3534
       do_filp_open+0x197/0x270 fs/namei.c:3568
       do_sys_open+0x30d/0x5c0 fs/open.c:1072
       SYSC_open fs/open.c:1090 [inline]
       SyS_open fs/open.c:1085 [inline]
       SYSC_creat fs/open.c:1110 [inline]
       SyS_creat+0x27/0x30 fs/open.c:1108
       do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline]
       do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390
       entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sb->s_type->i_mutex_key);
                               lock(&sig->cred_guard_mutex);
                               lock(&sb->s_type->i_mutex_key);
  lock(&sig->cred_guard_mutex);

 *** DEADLOCK ***

2 locks held by syz-executor.0/16260:
 #0:  (sb_writers#7){.+.+.+}, at: [<ffffffff815755ef>] sb_start_write include/linux/fs.h:1573 [inline]
 #0:  (sb_writers#7){.+.+.+}, at: [<ffffffff815755ef>] mnt_want_write+0x3f/0xb0 fs/namespace.c:391
 #1:  (&sb->s_type->i_mutex_key){++++++}, at: [<ffffffff8153cf13>] inode_lock include/linux/fs.h:766 [inline]
 #1:  (&sb->s_type->i_mutex_key){++++++}, at: [<ffffffff8153cf13>] do_last fs/namei.c:3312 [inline]
 #1:  (&sb->s_type->i_mutex_key){++++++}, at: [<ffffffff8153cf13>] path_openat+0xf13/0x2790 fs/namei.c:3534

stack backtrace:
CPU: 0 PID: 16260 Comm: syz-executor.0 Not tainted 4.9.141+ #23
 ffff88018469f428 ffffffff81b42e79 ffffffff83ca2fd0 ffffffff83c73360
 ffffffff83ca2fd0 ffff8800b1c0d038 ffff8800b1c0c740 ffff88018469f470
 ffffffff813fee40 0000000000000002 00000000b1c0d018 0000000000000002
Call Trace:
 [<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff813fee40>] print_circular_bug.cold.36+0x2f7/0x432 kernel/locking/lockdep.c:1202
 [<ffffffff8120a539>] check_prev_add kernel/locking/lockdep.c:1828 [inline]
 [<ffffffff8120a539>] check_prevs_add kernel/locking/lockdep.c:1938 [inline]
 [<ffffffff8120a539>] validate_chain kernel/locking/lockdep.c:2265 [inline]
 [<ffffffff8120a539>] __lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345
 [<ffffffff8120c8d0>] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
 [<ffffffff8280c45c>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
 [<ffffffff8280c45c>] mutex_lock_killable_nested+0xcc/0x9f0 kernel/locking/mutex.c:641
 [<ffffffff810d2941>] mm_access+0x51/0x140 kernel/fork.c:1028
 [<ffffffff81666cb6>] map_files_d_revalidate+0xf6/0x6e0 fs/proc/base.c:1933
 [<ffffffff815378a8>] d_revalidate fs/namei.c:789 [inline]
 [<ffffffff815378a8>] lookup_open+0x468/0x18b0 fs/namei.c:3144
 [<ffffffff8153cf3d>] do_last fs/namei.c:3315 [inline]
 [<ffffffff8153cf3d>] path_openat+0xf3d/0x2790 fs/namei.c:3534
 [<ffffffff81541617>] do_filp_open+0x197/0x270 fs/namei.c:3568
 [<ffffffff8150617d>] do_sys_open+0x30d/0x5c0 fs/open.c:1072
 [<ffffffff815064d7>] SYSC_open fs/open.c:1090 [inline]
 [<ffffffff815064d7>] SyS_open fs/open.c:1085 [inline]
 [<ffffffff815064d7>] SYSC_creat fs/open.c:1110 [inline]
 [<ffffffff815064d7>] SyS_creat+0x27/0x30 fs/open.c:1108
 [<ffffffff81006311>] do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline]
 [<ffffffff81006311>] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390
 [<ffffffff82818de0>] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137
audit_printk_skb: 2364 callbacks suppressed
audit: type=1400 audit(1574752719.073:368356): avc:  denied  { net_admin } for  pid=2079 comm="syz-executor.4" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752719.113:368357): avc:  denied  { sys_admin } for  pid=2076 comm="syz-executor.1" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752719.113:368358): avc:  denied  { sys_admin } for  pid=2076 comm="syz-executor.1" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752719.113:368359): avc:  denied  { sys_admin } for  pid=2076 comm="syz-executor.1" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752719.113:368360): avc:  denied  { sys_admin } for  pid=2076 comm="syz-executor.1" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752719.153:368361): avc:  denied  { net_admin } for  pid=2076 comm="syz-executor.1" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752719.163:368362): avc:  denied  { net_admin } for  pid=2076 comm="syz-executor.1" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752719.173:368363): avc:  denied  { net_admin } for  pid=2076 comm="syz-executor.1" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752719.173:368364): avc:  denied  { net_admin } for  pid=2076 comm="syz-executor.1" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752719.203:368365): avc:  denied  { net_admin } for  pid=2076 comm="syz-executor.1" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
ip6_tunnel: ß xmit: Local address not yet configured!
audit_printk_skb: 3312 callbacks suppressed
audit: type=1400 audit(1574752724.083:369471): avc:  denied  { dac_override } for  pid=2079 comm="syz-executor.4" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752724.113:369472): avc:  denied  { sys_admin } for  pid=2077 comm="syz-executor.0" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752724.123:369473): avc:  denied  { sys_admin } for  pid=2077 comm="syz-executor.0" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752724.123:369474): avc:  denied  { sys_admin } for  pid=2077 comm="syz-executor.0" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752724.123:369475): avc:  denied  { sys_admin } for  pid=2077 comm="syz-executor.0" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752724.123:369476): avc:  denied  { dac_override } for  pid=16551 comm="syz-executor.3" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752724.133:369477): avc:  denied  { sys_admin } for  pid=2074 comm="syz-executor.5" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752724.133:369478): avc:  denied  { sys_admin } for  pid=2074 comm="syz-executor.5" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752724.153:369479): avc:  denied  { sys_admin } for  pid=2085 comm="syz-executor.2" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574752724.153:369480): avc:  denied  { dac_override } for  pid=2077 comm="syz-executor.0" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
lowmemorykiller: Killing 'syz-executor.5' (16540) (tgid 16540), adj 1000,
   to free 52184kB on behalf of 'kswapd0' (33) because
   cache 49120kB is below limit 65536kB for oom_score_adj 12
   Free memory is -6708kB above reserved
lowmemorykiller: Killing 'syz-executor.0' (20706) (tgid 20706), adj 1000,
   to free 52180kB on behalf of 'kswapd0' (33) because
   cache 48996kB is below limit 65536kB for oom_score_adj 12
   Free memory is -6716kB above reserved
lowmemorykiller: Killing 'syz-executor.0' (20723) (tgid 20723), adj 1000,
   to free 52180kB on behalf of 'kswapd0' (33) because
   cache 48896kB is below limit 65536kB for oom_score_adj 12
   Free memory is -9872kB above reserved
lowmemorykiller: Killing 'syz-executor.0' (14928) (tgid 14928), adj 1000,
   to free 52180kB on behalf of 'kswapd0' (33) because
   cache 48796kB is below limit 65536kB for oom_score_adj 12
   Free memory is -9648kB above reserved