======================================================
[ INFO: possible circular locking dependency detected ]
4.9.141+ #1 Not tainted
-------------------------------------------------------
syz-executor.1/21728 is trying to acquire lock:
(&sig->cred_guard_mutex){+.+.+.}, at: [<ffffffff810d2941>] mm_access+0x51/0x140 kernel/fork.c:1028
but task is already holding lock:
(&sb->s_type->i_mutex_key){++++++}, at: [<ffffffff8152a634>] inode_lock_shared include/linux/fs.h:776 [inline]
(&sb->s_type->i_mutex_key){++++++}, at: [<ffffffff8152a634>] lookup_slow+0x154/0x470 fs/namei.c:1645
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
down_read+0x44/0xb0 kernel/locking/rwsem.c:22
inode_lock_shared include/linux/fs.h:776 [inline]
do_last fs/namei.c:3314 [inline]
path_openat+0x1309/0x2790 fs/namei.c:3534
do_filp_open+0x197/0x270 fs/namei.c:3568
do_open_execat+0x10f/0x640 fs/exec.c:844
open_exec+0x43/0x60 fs/exec.c:876
load_script+0x5a4/0x740 fs/binfmt_script.c:100
search_binary_handler+0x14f/0x6f0 fs/exec.c:1621
exec_binprm fs/exec.c:1663 [inline]
do_execveat_common.isra.14+0x1139/0x1ed0 fs/exec.c:1785
do_execveat fs/exec.c:1840 [inline]
SYSC_execveat fs/exec.c:1921 [inline]
SyS_execveat+0x55/0x70 fs/exec.c:1913
do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
check_prev_add kernel/locking/lockdep.c:1828 [inline]
check_prevs_add kernel/locking/lockdep.c:1938 [inline]
validate_chain kernel/locking/lockdep.c:2265 [inline]
__lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345
lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
__mutex_lock_common kernel/locking/mutex.c:521 [inline]
mutex_lock_killable_nested+0xcc/0x9f0 kernel/locking/mutex.c:641
mm_access+0x51/0x140 kernel/fork.c:1028
map_files_d_revalidate+0xf6/0x6e0 fs/proc/base.c:1933
d_revalidate fs/namei.c:789 [inline]
lookup_slow+0x361/0x470 fs/namei.c:1656
walk_component+0x822/0xcf0 fs/namei.c:1784
lookup_last fs/namei.c:2266 [inline]
path_lookupat.isra.10+0x186/0x410 fs/namei.c:2283
filename_lookup.part.18+0x177/0x370 fs/namei.c:2317
filename_lookup fs/namei.c:2310 [inline]
user_path_at_empty+0x53/0x70 fs/namei.c:2578
user_path_at include/linux/namei.h:55 [inline]
SYSC_quotactl fs/quota/quota.c:862 [inline]
SyS_quotactl+0x7c4/0x1250 fs/quota/quota.c:834
do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&sb->s_type->i_mutex_key);
lock(&sig->cred_guard_mutex);
lock(&sb->s_type->i_mutex_key);
lock(&sig->cred_guard_mutex);
*** DEADLOCK ***
1 lock held by syz-executor.1/21728:
#0: (&sb->s_type->i_mutex_key){++++++}, at: [<ffffffff8152a634>] inode_lock_shared include/linux/fs.h:776 [inline]
#0: (&sb->s_type->i_mutex_key){++++++}, at: [<ffffffff8152a634>] lookup_slow+0x154/0x470 fs/namei.c:1645
stack backtrace:
CPU: 1 PID: 21728 Comm: syz-executor.1 Not tainted 4.9.141+ #1
ffff8801a0b87388 ffffffff81b42e79 ffffffff83ca2fd0 ffffffff83c73360
ffffffff83ca2fd0 ffff8801cb9ab850 ffff8801cb9aaf80 ffff8801a0b873d0
ffffffff813fee40 0000000000000001 00000000cb9ab830 0000000000000001
Call Trace:
[<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff813fee40>] print_circular_bug.cold.36+0x2f7/0x432 kernel/locking/lockdep.c:1202
[<ffffffff8120a539>] check_prev_add kernel/locking/lockdep.c:1828 [inline]
[<ffffffff8120a539>] check_prevs_add kernel/locking/lockdep.c:1938 [inline]
[<ffffffff8120a539>] validate_chain kernel/locking/lockdep.c:2265 [inline]
[<ffffffff8120a539>] __lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345
[<ffffffff8120c8d0>] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
[<ffffffff8280c45c>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
[<ffffffff8280c45c>] mutex_lock_killable_nested+0xcc/0x9f0 kernel/locking/mutex.c:641
[<ffffffff810d2941>] mm_access+0x51/0x140 kernel/fork.c:1028
[<ffffffff81666cb6>] map_files_d_revalidate+0xf6/0x6e0 fs/proc/base.c:1933
[<ffffffff8152a841>] d_revalidate fs/namei.c:789 [inline]
[<ffffffff8152a841>] lookup_slow+0x361/0x470 fs/namei.c:1656
[<ffffffff81539cf2>] walk_component+0x822/0xcf0 fs/namei.c:1784
[<ffffffff8153b6b6>] lookup_last fs/namei.c:2266 [inline]
[<ffffffff8153b6b6>] path_lookupat.isra.10+0x186/0x410 fs/namei.c:2283
[<ffffffff8153f697>] filename_lookup.part.18+0x177/0x370 fs/namei.c:2317
[<ffffffff8153fa53>] filename_lookup fs/namei.c:2310 [inline]
[<ffffffff8153fa53>] user_path_at_empty+0x53/0x70 fs/namei.c:2578
[<ffffffff81654594>] user_path_at include/linux/namei.h:55 [inline]
[<ffffffff81654594>] SYSC_quotactl fs/quota/quota.c:862 [inline]
[<ffffffff81654594>] SyS_quotactl+0x7c4/0x1250 fs/quota/quota.c:834
[<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
[<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21690 comm=syz-executor.2
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21729 comm=syz-executor.4
audit_printk_skb: 1365 callbacks suppressed
audit: type=1400 audit(1574400938.087:28084): avc: denied { sys_admin } for pid=2099 comm="syz-executor.2" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574400938.127:28085): avc: denied { net_admin } for pid=21777 comm="syz-executor.5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574400938.137:28086): avc: denied { sys_admin } for pid=2098 comm="syz-executor.5" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574400938.137:28087): avc: denied { sys_admin } for pid=2098 comm="syz-executor.5" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574400938.137:28088): avc: denied { sys_admin } for pid=2098 comm="syz-executor.5" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574400938.137:28089): avc: denied { sys_admin } for pid=2098 comm="syz-executor.5" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574400938.167:28090): avc: denied { net_admin } for pid=2098 comm="syz-executor.5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574400938.167:28091): avc: denied { net_admin } for pid=2098 comm="syz-executor.5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574400938.167:28092): avc: denied { net_admin } for pid=2098 comm="syz-executor.5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574400938.187:28093): avc: denied { net_admin } for pid=21776 comm="syz-executor.3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21794 comm=syz-executor.3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21794 comm=syz-executor.3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21794 comm=syz-executor.3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21794 comm=syz-executor.3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21794 comm=syz-executor.3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21794 comm=syz-executor.3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21794 comm=syz-executor.3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21794 comm=syz-executor.3
input: syz1 as /devices/virtual/input/input85
input: syz1 as /devices/virtual/input/input86
netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'.
ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl3 xmit: Local address not yet configured!
netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'.
ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'.
ip6_tunnel: ip6tnl3 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl3 xmit: Local address not yet configured!
audit_printk_skb: 1965 callbacks suppressed
audit: type=1400 audit(1574400944.217:28749): avc: denied { sys_admin } for pid=2100 comm="syz-executor.3" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574400944.237:28751): avc: denied { net_admin } for pid=21944 comm="syz-executor.5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574400944.237:28750): avc: denied { create } for pid=21942 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
audit: type=1400 audit(1574400944.247:28752): avc: denied { lock } for pid=21942 comm="syz-executor.1" path="socket:[76318]" dev="sockfs" ino=76318 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
audit: type=1400 audit(1574400944.247:28753): avc: denied { write } for pid=21942 comm="syz-executor.1" path="socket:[76318]" dev="sockfs" ino=76318 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
audit: type=1400 audit(1574400944.257:28754): avc: denied { sys_admin } for pid=2098 comm="syz-executor.5" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574400944.257:28755): avc: denied { sys_admin } for pid=2098 comm="syz-executor.5" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574400944.267:28757): avc: denied { sys_admin } for pid=2102 comm="syz-executor.1" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574400944.267:28758): avc: denied { sys_admin } for pid=2102 comm="syz-executor.1" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1574400944.267:28759): avc: denied { sys_admin } for pid=2102 comm="syz-executor.1" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
nla_parse: 2 callbacks suppressed