Warning: Permanently added '10.128.1.10' (ECDSA) to the list of known hosts. executing program [ 111.760476][ T27] audit: type=1400 audit(1582988878.527:42): avc: denied { map } for pid=10776 comm="syz-executor368" path="/root/syz-executor368910273" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 111.790166][T10776] [ 111.792507][T10776] ====================================================== [ 111.799526][T10776] WARNING: possible circular locking dependency detected [ 111.806619][T10776] 5.6.0-rc3-syzkaller #0 Not tainted [ 111.811893][T10776] ------------------------------------------------------ [ 111.818904][T10776] syz-executor368/10776 is trying to acquire lock: [ 111.825404][T10776] ffff8880974d72a0 (&tty->termios_rwsem){++++}, at: n_tty_receive_buf_common+0x8a/0x2b70 [ 111.835351][T10776] [ 111.835351][T10776] but task is already holding lock: [ 111.842734][T10776] ffffffff8a13cc40 (sel_lock){+.+.}, at: paste_selection+0x15a/0x4d0 [ 111.850797][T10776] [ 111.850797][T10776] which lock already depends on the new lock. [ 111.850797][T10776] [ 111.861198][T10776] [ 111.861198][T10776] the existing dependency chain (in reverse order) is: [ 111.870362][T10776] [ 111.870362][T10776] -> #2 (sel_lock){+.+.}: [ 111.876877][T10776] __mutex_lock+0x156/0x13c0 [ 111.881979][T10776] mutex_lock_nested+0x16/0x20 [ 111.887263][T10776] set_selection_kernel+0x39d/0x13d0 [ 111.893063][T10776] set_selection_user+0x95/0xd9 [ 111.898470][T10776] tioclinux+0x11c/0x480 [ 111.903380][T10776] vt_ioctl+0x1a41/0x26c0 [ 111.908250][T10776] tty_ioctl+0xa37/0x14f0 [ 111.913097][T10776] ksys_ioctl+0x123/0x180 [ 111.917933][T10776] __x64_sys_ioctl+0x73/0xb0 [ 111.923040][T10776] do_syscall_64+0xfa/0x790 [ 111.928202][T10776] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 111.934618][T10776] [ 111.934618][T10776] -> #1 (console_lock){+.+.}: [ 111.941503][T10776] console_lock+0x47/0x80 [ 111.946355][T10776] con_flush_chars+0x3d/0xa0 [ 111.951457][T10776] n_tty_write+0xc85/0x1080 [ 111.956463][T10776] tty_write+0x496/0x7f0 [ 111.961239][T10776] __vfs_write+0x8a/0x110 [ 111.966245][T10776] vfs_write+0x268/0x5d0 [ 111.971013][T10776] ksys_write+0x14f/0x290 [ 111.975856][T10776] __x64_sys_write+0x73/0xb0 [ 111.981201][T10776] do_syscall_64+0xfa/0x790 [ 111.986210][T10776] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 111.992914][T10776] [ 111.992914][T10776] -> #0 (&tty->termios_rwsem){++++}: [ 112.000825][T10776] __lock_acquire+0x2596/0x4a00 [ 112.006278][T10776] lock_acquire+0x190/0x410 [ 112.011289][T10776] down_read+0x95/0x430 [ 112.016094][T10776] n_tty_receive_buf_common+0x8a/0x2b70 [ 112.022146][T10776] n_tty_receive_buf2+0x34/0x40 [ 112.027505][T10776] tty_ldisc_receive_buf+0xad/0x1c0 [ 112.033739][T10776] paste_selection+0x1ff/0x4d0 [ 112.039628][T10776] tioclinux+0x133/0x480 [ 112.044395][T10776] vt_ioctl+0x1a41/0x26c0 [ 112.049257][T10776] tty_ioctl+0xa37/0x14f0 [ 112.054099][T10776] ksys_ioctl+0x123/0x180 [ 112.059041][T10776] __x64_sys_ioctl+0x73/0xb0 [ 112.064149][T10776] do_syscall_64+0xfa/0x790 [ 112.069170][T10776] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 112.075796][T10776] [ 112.075796][T10776] other info that might help us debug this: [ 112.075796][T10776] [ 112.086103][T10776] Chain exists of: [ 112.086103][T10776] &tty->termios_rwsem --> console_lock --> sel_lock [ 112.086103][T10776] [ 112.101612][T10776] Possible unsafe locking scenario: [ 112.101612][T10776] [ 112.109482][T10776] CPU0 CPU1 [ 112.114839][T10776] ---- ---- [ 112.120187][T10776] lock(sel_lock); [ 112.123980][T10776] lock(console_lock); [ 112.130760][T10776] lock(sel_lock); [ 112.137235][T10776] lock(&tty->termios_rwsem); [ 112.142010][T10776] [ 112.142010][T10776] *** DEADLOCK *** [ 112.142010][T10776] [ 112.150144][T10776] 3 locks held by syz-executor368/10776: [ 112.155782][T10776] #0: ffff8880974d7090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 112.164992][T10776] #1: ffff8880aa5be0a8 (&buf->lock){+.+.}, at: tty_buffer_lock_exclusive+0x30/0x40 [ 112.175280][T10776] #2: ffffffff8a13cc40 (sel_lock){+.+.}, at: paste_selection+0x15a/0x4d0 [ 112.183803][T10776] [ 112.183803][T10776] stack backtrace: [ 112.189913][T10776] CPU: 0 PID: 10776 Comm: syz-executor368 Not tainted 5.6.0-rc3-syzkaller #0 [ 112.198655][T10776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 112.208700][T10776] Call Trace: [ 112.212008][T10776] dump_stack+0x197/0x210 [ 112.216337][T10776] print_circular_bug.isra.0.cold+0x163/0x172 [ 112.222418][T10776] check_noncircular+0x32e/0x3e0 [ 112.227354][T10776] ? print_circular_bug.isra.0+0x230/0x230 [ 112.233160][T10776] ? alloc_list_entry+0xc0/0xc0 [ 112.237999][T10776] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 112.244265][T10776] ? find_first_zero_bit+0x9a/0xc0 [ 112.249490][T10776] __lock_acquire+0x2596/0x4a00 [ 112.254332][T10776] ? save_trace+0x49/0x830 [ 112.258742][T10776] ? mark_held_locks+0xf0/0xf0 [ 112.263510][T10776] lock_acquire+0x190/0x410 [ 112.268177][T10776] ? n_tty_receive_buf_common+0x8a/0x2b70 [ 112.273905][T10776] down_read+0x95/0x430 [ 112.278561][T10776] ? n_tty_receive_buf_common+0x8a/0x2b70 [ 112.284290][T10776] ? down_read_killable+0x490/0x490 [ 112.289597][T10776] n_tty_receive_buf_common+0x8a/0x2b70 [ 112.295432][T10776] ? paste_selection+0x15a/0x4d0 [ 112.300368][T10776] ? mark_lock+0xc2/0x1220 [ 112.304766][T10776] ? mutex_trylock+0x2d0/0x2d0 [ 112.309617][T10776] ? mark_held_locks+0xa4/0xf0 [ 112.314374][T10776] ? lockdep_hardirqs_on+0x421/0x5e0 [ 112.319653][T10776] n_tty_receive_buf2+0x34/0x40 [ 112.324484][T10776] tty_ldisc_receive_buf+0xad/0x1c0 [ 112.329671][T10776] ? n_tty_receive_buf_common+0x2b70/0x2b70 [ 112.336456][T10776] paste_selection+0x1ff/0x4d0 [ 112.341224][T10776] ? sel_pos+0x90/0x90 [ 112.345338][T10776] ? lock_downgrade+0x920/0x920 [ 112.350273][T10776] ? wake_up_q+0x140/0x140 [ 112.354742][T10776] tioclinux+0x133/0x480 [ 112.359064][T10776] vt_ioctl+0x1a41/0x26c0 [ 112.363440][T10776] ? complete_change_console+0x3a0/0x3a0 [ 112.370000][T10776] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 112.376021][T10776] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 112.381934][T10776] ? tty_jobctrl_ioctl+0x50/0xd40 [ 112.387051][T10776] ? complete_change_console+0x3a0/0x3a0 [ 112.392718][T10776] tty_ioctl+0xa37/0x14f0 [ 112.397034][T10776] ? tty_vhangup+0x30/0x30 [ 112.401551][T10776] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 112.407775][T10776] ? do_vfs_ioctl+0x568/0x13b0 [ 112.412542][T10776] ? ioctl_file_clone+0x180/0x180 [ 112.418281][T10776] ? selinux_file_mprotect+0x620/0x620 [ 112.423749][T10776] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 112.429901][T10776] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 112.435594][T10776] ? tomoyo_file_ioctl+0x23/0x30 [ 112.440533][T10776] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 112.446860][T10776] ? security_file_ioctl+0x8d/0xc0 [ 112.451962][T10776] ? tty_vhangup+0x30/0x30 [ 112.456654][T10776] ksys_ioctl+0x123/0x180 [ 112.461067][T10776] __x64_sys_ioctl+0x73/0xb0 [ 112.465660][T10776] do_syscall_64+0xfa/0x790 [ 112.470162][T10776] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 112.476148][T10776] RIP: 0033:0x440239 [ 112.480028][T10776] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 112.499822][T10776] RSP: 002b:00007fff0aba0a98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 112.508545][T10776] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: