QAT: Invalid ioctl
overlayfs: fs on 'file0' does not support file handles, falling back to index=off.
======================================================
WARNING: possible circular locking dependency detected
4.14.169-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/22473 is trying to acquire lock:
 (&ovl_i_mutex_key[depth]#2){+.+.}, at: [<ffffffff8190a30c>] inode_lock include/linux/fs.h:718 [inline]
 (&ovl_i_mutex_key[depth]#2){+.+.}, at: [<ffffffff8190a30c>] bprm_fill_uid fs/exec.c:1522 [inline]
 (&ovl_i_mutex_key[depth]#2){+.+.}, at: [<ffffffff8190a30c>] prepare_binprm+0x31c/0x7f0 fs/exec.c:1557

but task is already holding lock:
 (&sig->cred_guard_mutex){+.+.}, at: [<ffffffff8190efc5>] prepare_bprm_creds+0x55/0x120 fs/exec.c:1389

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (&sig->cred_guard_mutex){+.+.}:
       lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
       mutex_lock_killable_nested+0x16/0x20 kernel/locking/mutex.c:923
       lock_trace+0x44/0xc0 fs/proc/base.c:407
       proc_pid_syscall+0x8c/0x200 fs/proc/base.c:639
       proc_single_show+0xf0/0x160 fs/proc/base.c:761
       seq_read+0x51a/0x1280 fs/seq_file.c:237
       do_loop_readv_writev fs/read_write.c:695 [inline]
       do_loop_readv_writev fs/read_write.c:682 [inline]
       do_iter_read+0x3e2/0x5b0 fs/read_write.c:919
       vfs_readv+0xd3/0x130 fs/read_write.c:981
       do_preadv+0x15d/0x200 fs/read_write.c:1065
       SYSC_preadv fs/read_write.c:1115 [inline]
       SyS_preadv+0x31/0x40 fs/read_write.c:1110
       do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x42/0xb7

-> #2 (&p->lock){+.+.}:
       lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
       seq_read+0xc1/0x1280 fs/seq_file.c:165
       proc_reg_read+0xfa/0x170 fs/proc/inode.c:217
       do_loop_readv_writev fs/read_write.c:695 [inline]
       do_loop_readv_writev fs/read_write.c:682 [inline]
       do_iter_read+0x3e2/0x5b0 fs/read_write.c:919
       vfs_readv+0xd3/0x130 fs/read_write.c:981
       kernel_readv fs/splice.c:361 [inline]
       default_file_splice_read+0x421/0x870 fs/splice.c:416
       do_splice_to+0x105/0x170 fs/splice.c:880
       splice_direct_to_actor+0x222/0x7b0 fs/splice.c:952
       do_splice_direct+0x18d/0x230 fs/splice.c:1061
       do_sendfile+0x4db/0xbd0 fs/read_write.c:1441
       SYSC_sendfile64 fs/read_write.c:1502 [inline]
       SyS_sendfile64+0x102/0x110 fs/read_write.c:1488
       do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x42/0xb7

-> #1 (sb_writers#4){.+.+}:
       lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
       percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
       percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
       __sb_start_write+0x1ae/0x2f0 fs/super.c:1363
       sb_start_write include/linux/fs.h:1548 [inline]
       mnt_want_write+0x3f/0xb0 fs/namespace.c:386
       ovl_want_write+0x76/0xa0 fs/overlayfs/util.c:25
       ovl_link+0x63/0x1a1 fs/overlayfs/dir.c:594
       vfs_link+0x6bd/0xa50 fs/namei.c:4264
       SYSC_linkat fs/namei.c:4332 [inline]
       SyS_linkat fs/namei.c:4288 [inline]
       SYSC_link fs/namei.c:4355 [inline]
       SyS_link+0x329/0x500 fs/namei.c:4353
       do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x42/0xb7

-> #0 (&ovl_i_mutex_key[depth]#2){+.+.}:
       check_prev_add kernel/locking/lockdep.c:1901 [inline]
       check_prevs_add kernel/locking/lockdep.c:2018 [inline]
       validate_chain kernel/locking/lockdep.c:2460 [inline]
       __lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
       lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
       down_write+0x38/0x90 kernel/locking/rwsem.c:54
       inode_lock include/linux/fs.h:718 [inline]
       bprm_fill_uid fs/exec.c:1522 [inline]
       prepare_binprm+0x31c/0x7f0 fs/exec.c:1557
       do_execveat_common.isra.0+0xd81/0x1dd0 fs/exec.c:1783
       do_execve fs/exec.c:1847 [inline]
       SYSC_execve fs/exec.c:1928 [inline]
       SyS_execve+0x39/0x50 fs/exec.c:1923
       do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x42/0xb7

other info that might help us debug this:

Chain exists of:
  &ovl_i_mutex_key[depth]#2 --> &p->lock --> &sig->cred_guard_mutex

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sig->cred_guard_mutex);
                               lock(&p->lock);
                               lock(&sig->cred_guard_mutex);
  lock(&ovl_i_mutex_key[depth]#2);

 *** DEADLOCK ***

1 lock held by syz-executor.1/22473:
 #0:  (&sig->cred_guard_mutex){+.+.}, at: [<ffffffff8190efc5>] prepare_bprm_creds+0x55/0x120 fs/exec.c:1389

stack backtrace:
CPU: 0 PID: 22473 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1901 [inline]
 check_prevs_add kernel/locking/lockdep.c:2018 [inline]
 validate_chain kernel/locking/lockdep.c:2460 [inline]
 __lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
 lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
 down_write+0x38/0x90 kernel/locking/rwsem.c:54
 inode_lock include/linux/fs.h:718 [inline]
 bprm_fill_uid fs/exec.c:1522 [inline]
 prepare_binprm+0x31c/0x7f0 fs/exec.c:1557
 do_execveat_common.isra.0+0xd81/0x1dd0 fs/exec.c:1783
 do_execve fs/exec.c:1847 [inline]
 SYSC_execve fs/exec.c:1928 [inline]
 SyS_execve+0x39/0x50 fs/exec.c:1923
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45b399
RSP: 002b:00007fc80590ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00007fc80590b6d4 RCX: 000000000045b399
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000000a2 R14: 00000000004c1eb2 R15: 000000000075bf2c
Invalid argument reading file caps for ./bus
overlayfs: fs on '.' does not support file handles, falling back to index=off.
QAT: Invalid ioctl
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.