Warning: Permanently added '10.128.15.204' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.382233] audit: type=1400 audit(1601883377.069:8): avc: denied { execmem } for pid=6365 comm="syz-executor932" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 33.412344] [ 33.413968] ====================================================== [ 33.420253] WARNING: possible circular locking dependency detected [ 33.426541] 4.14.198-syzkaller #0 Not tainted [ 33.431005] ------------------------------------------------------ [ 33.437299] syz-executor932/6365 is trying to acquire lock: [ 33.442979] (&sig->cred_guard_mutex){+.+.}, at: [] proc_pid_syscall+0xa7/0x2a0 [ 33.451990] [ 33.451990] but task is already holding lock: [ 33.457949] (&p->lock){+.+.}, at: [] seq_read+0xba/0x1120 [ 33.465119] [ 33.465119] which lock already depends on the new lock. [ 33.465119] [ 33.473428] [ 33.473428] the existing dependency chain (in reverse order) is: [ 33.481021] [ 33.481021] -> #3 (&p->lock){+.+.}: [ 33.486110] __mutex_lock+0xc4/0x1310 [ 33.490407] seq_read+0xba/0x1120 [ 33.494351] proc_reg_read+0xee/0x1a0 [ 33.498666] do_iter_read+0x3eb/0x5b0 [ 33.502962] vfs_readv+0xc8/0x120 [ 33.506910] default_file_splice_read+0x418/0x910 [ 33.512245] do_splice_to+0xfb/0x140 [ 33.516461] splice_direct_to_actor+0x207/0x730 [ 33.521630] do_splice_direct+0x164/0x210 [ 33.526272] do_sendfile+0x47f/0xb30 [ 33.530481] SyS_sendfile64+0xff/0x110 [ 33.534863] do_syscall_64+0x1d5/0x640 [ 33.539244] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.544935] [ 33.544935] -> #2 (sb_writers#3){.+.+}: [ 33.550367] __sb_start_write+0x19a/0x2e0 [ 33.555010] mnt_want_write+0x3a/0xb0 [ 33.559316] ovl_create_object+0x75/0x1d0 [ 33.563958] lookup_open+0x77a/0x1750 [ 33.568265] path_openat+0xe08/0x2970 [ 33.572569] do_filp_open+0x179/0x3c0 [ 33.576923] do_sys_open+0x296/0x410 [ 33.581132] do_syscall_64+0x1d5/0x640 [ 33.585548] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.591684] [ 33.591684] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}: [ 33.598427] down_read+0x36/0x80 [ 33.602286] path_openat+0x149b/0x2970 [ 33.606680] do_filp_open+0x179/0x3c0 [ 33.611006] do_open_execat+0xd3/0x450 [ 33.615394] do_execveat_common+0x711/0x1f30 [ 33.620295] SyS_execve+0x3b/0x50 [ 33.624261] do_syscall_64+0x1d5/0x640 [ 33.628640] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.634332] [ 33.634332] -> #0 (&sig->cred_guard_mutex){+.+.}: [ 33.640647] lock_acquire+0x170/0x3f0 [ 33.644954] __mutex_lock+0xc4/0x1310 [ 33.649256] proc_pid_syscall+0xa7/0x2a0 [ 33.653811] proc_single_show+0xe7/0x150 [ 33.658362] seq_read+0x4cf/0x1120 [ 33.662395] do_iter_read+0x3eb/0x5b0 [ 33.666686] vfs_readv+0xc8/0x120 [ 33.670655] SyS_preadv+0x15a/0x200 [ 33.674779] do_syscall_64+0x1d5/0x640 [ 33.679174] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.684852] [ 33.684852] other info that might help us debug this: [ 33.684852] [ 33.692968] Chain exists of: [ 33.692968] &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock [ 33.692968] [ 33.703614] Possible unsafe locking scenario: [ 33.703614] [ 33.709652] CPU0 CPU1 [ 33.714289] ---- ---- [ 33.718924] lock(&p->lock); [ 33.722001] lock(sb_writers#3); [ 33.727943] lock(&p->lock); [ 33.733539] lock(&sig->cred_guard_mutex); [ 33.737830] [ 33.737830] *** DEADLOCK *** [ 33.737830] [ 33.743866] 1 lock held by syz-executor932/6365: [ 33.748620] #0: (&p->lock){+.+.}, at: [] seq_read+0xba/0x1120 [ 33.756222] [ 33.756222] stack backtrace: [ 33.760693] CPU: 0 PID: 6365 Comm: syz-executor932 Not tainted 4.14.198-syzkaller #0 [ 33.768542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.777880] Call Trace: [ 33.780464] dump_stack+0x1b2/0x283 [ 33.784082] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 33.789875] __lock_acquire+0x2e0e/0x3f20 [ 33.794012] ? is_bpf_text_address+0x91/0x150 [ 33.798489] ? trace_hardirqs_on+0x10/0x10 [ 33.802707] ? lock_acquire+0x170/0x3f0 [ 33.807002] ? depot_save_stack+0x1d3/0x3e3 [ 33.811296] ? mark_held_locks+0xa6/0xf0 [ 33.815328] lock_acquire+0x170/0x3f0 [ 33.819106] ? proc_pid_syscall+0xa7/0x2a0 [ 33.823329] ? proc_pid_syscall+0xa7/0x2a0 [ 33.827536] __mutex_lock+0xc4/0x1310 [ 33.831320] ? proc_pid_syscall+0xa7/0x2a0 [ 33.835527] ? __lock_acquire+0x5fc/0x3f20 [ 33.839744] ? proc_pid_syscall+0xa7/0x2a0 [ 33.843962] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 33.849407] ? trace_hardirqs_on+0x10/0x10 [ 33.853616] ? trace_hardirqs_on+0x10/0x10 [ 33.857827] proc_pid_syscall+0xa7/0x2a0 [ 33.861875] ? fs_reclaim_release+0xd0/0x110 [ 33.866282] ? proc_pid_get_link+0xf0/0xf0 [ 33.870488] ? get_pid_task+0x91/0x130 [ 33.874348] ? lock_downgrade+0x740/0x740 [ 33.878484] proc_single_show+0xe7/0x150 [ 33.882528] seq_read+0x4cf/0x1120 [ 33.886049] ? seq_lseek+0x3d0/0x3d0 [ 33.889771] ? security_file_permission+0x82/0x1e0 [ 33.894673] ? rw_verify_area+0xe1/0x2a0 [ 33.898718] do_iter_read+0x3eb/0x5b0 [ 33.902493] vfs_readv+0xc8/0x120 [ 33.905931] ? compat_rw_copy_check_uvector+0x320/0x320 [ 33.911297] ? putname+0xcd/0x110 [ 33.914727] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 33.920151] ? putname+0xcd/0x110 [ 33.923579] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 33.928568] ? kmem_cache_free+0x23a/0x2b0 [ 33.932775] ? putname+0xcd/0x110 [ 33.936199] SyS_preadv+0x15a/0x200 [ 33.939796] ? SyS_writev+0x30/0x30 [ 33.943392] ? SyS_sendfile+0x130/0x130 [ 33.947352] ? do_syscall_64+0x4c/0x640 [ 33.951311] ? SyS_writev+0x30/0x30 [ 33.954929] do_syscall_64+0x1d5/0x640 [ 33.958805] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.963971] RIP: 0033:0x4405b9 [ 33.967134] RSP: 002b:00007fff1d43f9f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 33.974827] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004405b9 [ 33.982104] RDX: 0000000000000