======================================================
WARNING: possible circular locking dependency detected
5.0.0-rc1+ #14 Not tainted
------------------------------------------------------
syz-executor490/7982 is trying to acquire lock:
000000001d466ab6 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
000000001d466ab6 (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00 fs/pipe.c:905

but task is already holding lock:
0000000000d1e274 (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds fs/exec.c:1407 [inline]
0000000000d1e274 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x45d/0x2700 fs/exec.c:1750

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&sig->cred_guard_mutex){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:925 [inline]
       __mutex_lock+0x12f/0x1670 kernel/locking/mutex.c:1072
       mutex_lock_interruptible_nested+0x16/0x20 kernel/locking/mutex.c:1109
       proc_pid_attr_write+0x1fa/0x530 fs/proc/base.c:2573
       __vfs_write+0x116/0xb40 fs/read_write.c:485
       __kernel_write+0x110/0x3b0 fs/read_write.c:506
       write_pipe_buf+0x180/0x240 fs/splice.c:797
       splice_from_pipe_feed fs/splice.c:503 [inline]
       __splice_from_pipe+0x39a/0x7e0 fs/splice.c:627
       splice_from_pipe+0x1ea/0x310 fs/splice.c:662
       default_file_splice_write+0x3c/0x90 fs/splice.c:809
       do_splice_from fs/splice.c:851 [inline]
       do_splice+0x64b/0x1410 fs/splice.c:1152
       __do_sys_splice fs/splice.c:1419 [inline]
       __se_sys_splice fs/splice.c:1399 [inline]
       __ia32_sys_splice+0x2c4/0x330 fs/splice.c:1399
       do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline]
       do_fast_syscall_32+0x333/0xf98 arch/x86/entry/common.c:397
       entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139

-> #0 (&pipe->mutex/1){+.+.}:
       lock_acquire+0x1db/0x570 kernel/locking/lockdep.c:3841
       __mutex_lock_common kernel/locking/mutex.c:925 [inline]
       __mutex_lock+0x12f/0x1670 kernel/locking/mutex.c:1072
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
       __pipe_lock fs/pipe.c:83 [inline]
       fifo_open+0x159/0xb00 fs/pipe.c:905
       do_dentry_open+0x48a/0x1210 fs/open.c:771
       vfs_open+0xa0/0xd0 fs/open.c:880
       do_last fs/namei.c:3418 [inline]
       path_openat+0x144f/0x5650 fs/namei.c:3534
       do_filp_open+0x26f/0x370 fs/namei.c:3564
       do_open_execat+0x20e/0x930 fs/exec.c:856
       __do_execve_file.isra.0+0x1966/0x2700 fs/exec.c:1758
       do_execveat_common fs/exec.c:1865 [inline]
       compat_do_execve fs/exec.c:1909 [inline]
       __do_compat_sys_execve fs/exec.c:1984 [inline]
       __se_compat_sys_execve fs/exec.c:1980 [inline]
       __ia32_compat_sys_execve+0x94/0xc0 fs/exec.c:1980
       do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline]
       do_fast_syscall_32+0x333/0xf98 arch/x86/entry/common.c:397
       entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sig->cred_guard_mutex);
                               lock(&pipe->mutex/1);
                               lock(&sig->cred_guard_mutex);
  lock(&pipe->mutex/1);

 *** DEADLOCK ***

1 lock held by syz-executor490/7982:
 #0: 0000000000d1e274 (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds fs/exec.c:1407 [inline]
 #0: 0000000000d1e274 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x45d/0x2700 fs/exec.c:1750

stack backtrace:
CPU: 0 PID: 7982 Comm: syz-executor490 Not tainted 5.0.0-rc1+ #14
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1db/0x2d0 lib/dump_stack.c:113
 print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1224
 check_prev_add kernel/locking/lockdep.c:1866 [inline]
 check_prevs_add kernel/locking/lockdep.c:1979 [inline]
 validate_chain kernel/locking/lockdep.c:2350 [inline]
 __lock_acquire+0x3014/0x4a30 kernel/locking/lockdep.c:3338
 lock_acquire+0x1db/0x570 kernel/locking/lockdep.c:3841
 __mutex_lock_common kernel/locking/mutex.c:925 [inline]
 __mutex_lock+0x12f/0x1670 kernel/locking/mutex.c:1072
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
 __pipe_lock fs/pipe.c:83 [inline]
 fifo_open+0x159/0xb00 fs/pipe.c:905
 do_dentry_open+0x48a/0x1210 fs/open.c:771
 vfs_open+0xa0/0xd0 fs/open.c:880
 do_last fs/namei.c:3418 [inline]
 path_openat+0x144f/0x5650 fs/namei.c:3534
 do_filp_open+0x26f/0x370 fs/namei.c:3564
 do_open_execat+0x20e/0x930 fs/exec.c:856
 __do_execve_file.isra.0+0x1966/0x2700 fs/exec.c:1758
 do_execveat_common fs/exec.c:1865 [inline]
 compat_do_execve fs/exec.c:1909 [inline]
 __do_compat_sys_execve fs/exec.c:1984 [inline]
 __se_compat_sys_execve fs/exec.c:1980 [inline]
 __ia32_compat_sys_execve+0x94/0xc0 fs/exec.c:1980
 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline]
 do_fast_syscall_32+0x333/0xf98 arch/x86/entry/common.c:397
 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7fdf869
Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f7fba15c EFLAGS: 00000246 ORIG_RAX: 000000000000000b
RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000000000
RDX: