[ INFO: possible circular locking dependency detected ] 4.9.141+ #23 Not tainted ------------------------------------------------------- syz-executor.0/16260 is trying to acquire lock: (&sig->cred_guard_mutex){+.+.+.}, at: [] mm_access+0x51/0x140 kernel/fork.c:1028 but task is already holding lock: (&sb->s_type->i_mutex_key){++++++}, at: [] inode_lock include/linux/fs.h:766 [inline] (&sb->s_type->i_mutex_key){++++++}, at: [] do_last fs/namei.c:3312 [inline] (&sb->s_type->i_mutex_key){++++++}, at: [] path_openat+0xf13/0x2790 fs/namei.c:3534 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&sb->s_type->i_mutex_key){++++++}: lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 inode_lock_shared include/linux/fs.h:776 [inline] do_last fs/namei.c:3314 [inline] path_openat+0x1309/0x2790 fs/namei.c:3534 do_filp_open+0x197/0x270 fs/namei.c:3568 do_open_execat+0x10f/0x640 fs/exec.c:844 open_exec+0x43/0x60 fs/exec.c:876 load_script+0x5a4/0x740 fs/binfmt_script.c:100 search_binary_handler+0x14f/0x6f0 fs/exec.c:1621 exec_binprm fs/exec.c:1663 [inline] do_execveat_common.isra.14+0x1139/0x1ed0 fs/exec.c:1785 compat_do_execveat fs/exec.c:1872 [inline] C_SYSC_execveat fs/exec.c:1942 [inline] compat_SyS_execveat+0x5b/0x70 fs/exec.c:1934 do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 -> #0 (&sig->cred_guard_mutex){+.+.+.}: check_prev_add kernel/locking/lockdep.c:1828 [inline] check_prevs_add kernel/locking/lockdep.c:1938 [inline] validate_chain kernel/locking/lockdep.c:2265 [inline] __lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 __mutex_lock_common kernel/locking/mutex.c:521 [inline] mutex_lock_killable_nested+0xcc/0x9f0 kernel/locking/mutex.c:641 mm_access+0x51/0x140 kernel/fork.c:1028 map_files_d_revalidate+0xf6/0x6e0 fs/proc/base.c:1933 d_revalidate fs/namei.c:789 [inline] lookup_open+0x468/0x18b0 fs/namei.c:3144 do_last fs/namei.c:3315 [inline] path_openat+0xf3d/0x2790 fs/namei.c:3534 do_filp_open+0x197/0x270 fs/namei.c:3568 do_sys_open+0x30d/0x5c0 fs/open.c:1072 SYSC_open fs/open.c:1090 [inline] SyS_open fs/open.c:1085 [inline] SYSC_creat fs/open.c:1110 [inline] SyS_creat+0x27/0x30 fs/open.c:1108 do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sb->s_type->i_mutex_key); lock(&sig->cred_guard_mutex); lock(&sb->s_type->i_mutex_key); lock(&sig->cred_guard_mutex); *** DEADLOCK *** 2 locks held by syz-executor.0/16260: #0: (sb_writers#7){.+.+.+}, at: [] sb_start_write include/linux/fs.h:1573 [inline] #0: (sb_writers#7){.+.+.+}, at: [] mnt_want_write+0x3f/0xb0 fs/namespace.c:391 #1: (&sb->s_type->i_mutex_key){++++++}, at: [] inode_lock include/linux/fs.h:766 [inline] #1: (&sb->s_type->i_mutex_key){++++++}, at: [] do_last fs/namei.c:3312 [inline] #1: (&sb->s_type->i_mutex_key){++++++}, at: [] path_openat+0xf13/0x2790 fs/namei.c:3534 stack backtrace: CPU: 0 PID: 16260 Comm: syz-executor.0 Not tainted 4.9.141+ #23 ffff88018469f428 ffffffff81b42e79 ffffffff83ca2fd0 ffffffff83c73360 ffffffff83ca2fd0 ffff8800b1c0d038 ffff8800b1c0c740 ffff88018469f470 ffffffff813fee40 0000000000000002 00000000b1c0d018 0000000000000002 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_circular_bug.cold.36+0x2f7/0x432 kernel/locking/lockdep.c:1202 [] check_prev_add kernel/locking/lockdep.c:1828 [inline] [] check_prevs_add kernel/locking/lockdep.c:1938 [inline] [] validate_chain kernel/locking/lockdep.c:2265 [inline] [] __lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345 [] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_killable_nested+0xcc/0x9f0 kernel/locking/mutex.c:641 [] mm_access+0x51/0x140 kernel/fork.c:1028 [] map_files_d_revalidate+0xf6/0x6e0 fs/proc/base.c:1933 [] d_revalidate fs/namei.c:789 [inline] [] lookup_open+0x468/0x18b0 fs/namei.c:3144 [] do_last fs/namei.c:3315 [inline] [] path_openat+0xf3d/0x2790 fs/namei.c:3534 [] do_filp_open+0x197/0x270 fs/namei.c:3568 [] do_sys_open+0x30d/0x5c0 fs/open.c:1072 [] SYSC_open fs/open.c:1090 [inline] [] SyS_open fs/open.c:1085 [inline] [] SYSC_creat fs/open.c:1110 [inline] [] SyS_creat+0x27/0x30 fs/open.c:1108 [] do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] [] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 [] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 audit_printk_skb: 2364 callbacks suppressed audit: type=1400 audit(1574752719.073:368356): avc: denied { net_admin } for pid=2079 comm="syz-executor.4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752719.113:368357): avc: denied { sys_admin } for pid=2076 comm="syz-executor.1" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752719.113:368358): avc: denied { sys_admin } for pid=2076 comm="syz-executor.1" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752719.113:368359): avc: denied { sys_admin } for pid=2076 comm="syz-executor.1" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752719.113:368360): avc: denied { sys_admin } for pid=2076 comm="syz-executor.1" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752719.153:368361): avc: denied { net_admin } for pid=2076 comm="syz-executor.1" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752719.163:368362): avc: denied { net_admin } for pid=2076 comm="syz-executor.1" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752719.173:368363): avc: denied { net_admin } for pid=2076 comm="syz-executor.1" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752719.173:368364): avc: denied { net_admin } for pid=2076 comm="syz-executor.1" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752719.203:368365): avc: denied { net_admin } for pid=2076 comm="syz-executor.1" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 ip6_tunnel: ß xmit: Local address not yet configured! audit_printk_skb: 3312 callbacks suppressed audit: type=1400 audit(1574752724.083:369471): avc: denied { dac_override } for pid=2079 comm="syz-executor.4" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752724.113:369472): avc: denied { sys_admin } for pid=2077 comm="syz-executor.0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752724.123:369473): avc: denied { sys_admin } for pid=2077 comm="syz-executor.0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752724.123:369474): avc: denied { sys_admin } for pid=2077 comm="syz-executor.0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752724.123:369475): avc: denied { sys_admin } for pid=2077 comm="syz-executor.0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752724.123:369476): avc: denied { dac_override } for pid=16551 comm="syz-executor.3" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752724.133:369477): avc: denied { sys_admin } for pid=2074 comm="syz-executor.5" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752724.133:369478): avc: denied { sys_admin } for pid=2074 comm="syz-executor.5" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752724.153:369479): avc: denied { sys_admin } for pid=2085 comm="syz-executor.2" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1574752724.153:369480): avc: denied { dac_override } for pid=2077 comm="syz-executor.0" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 lowmemorykiller: Killing 'syz-executor.5' (16540) (tgid 16540), adj 1000, to free 52184kB on behalf of 'kswapd0' (33) because cache 49120kB is below limit 65536kB for oom_score_adj 12 Free memory is -6708kB above reserved lowmemorykiller: Killing 'syz-executor.0' (20706) (tgid 20706), adj 1000, to free 52180kB on behalf of 'kswapd0' (33) because cache 48996kB is below limit 65536kB for oom_score_adj 12 Free memory is -6716kB above reserved lowmemorykiller: Killing 'syz-executor.0' (20723) (tgid 20723), adj 1000, to free 52180kB on behalf of 'kswapd0' (33) because cache 48896kB is below limit 65536kB for oom_score_adj 12 Free memory is -9872kB above reserved lowmemorykiller: Killing 'syz-executor.0' (14928) (tgid 14928), adj 1000, to free 52180kB on behalf of 'kswapd0' (33) because cache 48796kB is below limit 65536kB for oom_score_adj 12 Free memory is -9648kB above reserved