[ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.462592] [ 29.464280] ====================================================== [ 29.470569] WARNING: possible circular locking dependency detected [ 29.476859] 4.14.232-syzkaller #0 Not tainted [ 29.481323] ------------------------------------------------------ [ 29.487612] syz-executor674/7965 is trying to acquire lock: [ 29.493292] (&sig->cred_guard_mutex){+.+.}, at: [] proc_pid_stack+0x13f/0x2f0 [ 29.502193] [ 29.502193] but task is already holding lock: [ 29.508133] (&p->lock){+.+.}, at: [] seq_read+0xba/0x1120 [ 29.515296] [ 29.515296] which lock already depends on the new lock. [ 29.515296] [ 29.523584] [ 29.523584] the existing dependency chain (in reverse order) is: [ 29.531213] [ 29.531213] -> #3 (&p->lock){+.+.}: [ 29.536298] __mutex_lock+0xc4/0x1310 [ 29.540593] seq_read+0xba/0x1120 [ 29.544539] proc_reg_read+0xee/0x1a0 [ 29.548833] do_iter_read+0x3eb/0x5b0 [ 29.553128] vfs_readv+0xc8/0x120 [ 29.557090] default_file_splice_read+0x418/0x910 [ 29.562424] do_splice_to+0xfb/0x140 [ 29.566631] splice_direct_to_actor+0x207/0x730 [ 29.571791] do_splice_direct+0x164/0x210 [ 29.576431] do_sendfile+0x47f/0xb30 [ 29.580638] SyS_sendfile64+0xff/0x110 [ 29.585017] do_syscall_64+0x1d5/0x640 [ 29.589396] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.595077] [ 29.595077] -> #2 (sb_writers#3){.+.+}: [ 29.600506] __sb_start_write+0x64/0x260 [ 29.605059] mnt_want_write+0x3a/0xb0 [ 29.609353] ovl_create_object+0x75/0x1d0 [ 29.614006] lookup_open+0x77a/0x1750 [ 29.618296] path_openat+0xe08/0x2970 [ 29.622593] do_filp_open+0x179/0x3c0 [ 29.626886] do_sys_open+0x296/0x410 [ 29.631093] do_syscall_64+0x1d5/0x640 [ 29.635474] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.641177] [ 29.641177] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}: [ 29.647910] down_read+0x36/0x80 [ 29.651784] path_openat+0x149b/0x2970 [ 29.656180] do_filp_open+0x179/0x3c0 [ 29.660471] do_open_execat+0xd3/0x450 [ 29.664851] do_execveat_common+0x711/0x1f30 [ 29.669750] SyS_execve+0x3b/0x50 [ 29.673707] do_syscall_64+0x1d5/0x640 [ 29.678101] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.683785] [ 29.683785] -> #0 (&sig->cred_guard_mutex){+.+.}: [ 29.690087] lock_acquire+0x170/0x3f0 [ 29.694416] __mutex_lock+0xc4/0x1310 [ 29.698712] proc_pid_stack+0x13f/0x2f0 [ 29.703180] proc_single_show+0xe7/0x150 [ 29.707754] seq_read+0x4cf/0x1120 [ 29.711785] do_iter_read+0x3eb/0x5b0 [ 29.716075] vfs_readv+0xc8/0x120 [ 29.720018] SyS_preadv+0x15a/0x200 [ 29.724136] do_syscall_64+0x1d5/0x640 [ 29.728533] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.734212] [ 29.734212] other info that might help us debug this: [ 29.734212] [ 29.742321] Chain exists of: [ 29.742321] &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock [ 29.742321] [ 29.752966] Possible unsafe locking scenario: [ 29.752966] [ 29.759061] CPU0 CPU1 [ 29.763741] ---- ---- [ 29.768403] lock(&p->lock); [ 29.771483] lock(sb_writers#3); [ 29.777550] lock(&p->lock); [ 29.783145] lock(&sig->cred_guard_mutex); [ 29.787437] [ 29.787437] *** DEADLOCK *** [ 29.787437] [ 29.793468] 1 lock held by syz-executor674/7965: [ 29.798209] #0: (&p->lock){+.+.}, at: [] seq_read+0xba/0x1120 [ 29.805811] [ 29.805811] stack backtrace: [ 29.810291] CPU: 0 PID: 7965 Comm: syz-executor674 Not tainted 4.14.232-syzkaller #0 [ 29.818146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.827474] Call Trace: [ 29.830042] dump_stack+0x1b2/0x281 [ 29.833657] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.839433] __lock_acquire+0x2e0e/0x3f20 [ 29.843570] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 29.848654] ? depot_save_stack+0x1d3/0x3f0 [ 29.852993] ? trace_hardirqs_on+0x10/0x10 [ 29.857212] ? kasan_kmalloc+0xeb/0x160 [ 29.861162] ? kmem_cache_alloc_trace+0x131/0x3d0 [ 29.865979] ? proc_pid_stack+0xd6/0x2f0 [ 29.870014] ? proc_single_show+0xe7/0x150 [ 29.874222] ? do_syscall_64+0x1d5/0x640 [ 29.878256] ? depot_save_stack+0x1d3/0x3f0 [ 29.882552] lock_acquire+0x170/0x3f0 [ 29.886338] ? proc_pid_stack+0x13f/0x2f0 [ 29.890458] ? proc_pid_stack+0x13f/0x2f0 [ 29.894612] __mutex_lock+0xc4/0x1310 [ 29.898398] ? proc_pid_stack+0x13f/0x2f0 [ 29.902578] ? proc_pid_stack+0x13f/0x2f0 [ 29.906744] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 29.912276] ? proc_pid_stack+0xd6/0x2f0 [ 29.916316] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 29.921743] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 29.926737] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 29.931555] proc_pid_stack+0x13f/0x2f0 [ 29.935506] ? proc_map_files_get_link+0x110/0x110 [ 29.940409] ? lock_downgrade+0x740/0x740 [ 29.944532] proc_single_show+0xe7/0x150 [ 29.948568] seq_read+0x4cf/0x1120 [ 29.952103] ? seq_lseek+0x3d0/0x3d0 [ 29.955791] ? security_file_permission+0x82/0x1e0 [ 29.960690] ? rw_verify_area+0xe1/0x2a0 [ 29.964741] do_iter_read+0x3eb/0x5b0 [ 29.968563] vfs_readv+0xc8/0x120 [ 29.971988] ? compat_rw_copy_check_uvector+0x320/0x320 [ 29.977325] ? putname+0xcd/0x110 [ 29.980766] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 29.986202] ? putname+0xcd/0x110 [ 29.989625] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 29.994613] ? kmem_cache_free+0x23a/0x2b0 [ 29.998818] ? putname+0xcd/0x110 [ 30.002239] SyS_preadv+0x15a/0x200 [ 30.005846] ? SyS_writev+0x30/0x30 [ 30.009546] ? SyS_sendfile+0x130/0x130 [ 30.013535] ? do_syscall_64+0x4c/0x640 [ 30.017484] ? SyS_writev+0x30/0x30 [ 30.021084] do_syscall_64+0x1d5/0x640 [ 30.024948] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.030117] RIP: 0033:0x43f2d9 [ 30.033280] RSP: 002b:00007ffe39a93218 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 30.040979] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f2d9 [ 30.048226] RDX: 0000000000000375 RSI: 00000000200017c0 RDI: 0000000000000005 [ 30.055516] RBP: 00007ffe39a93220 R08: 0000000000000000 R09: 65732f636f72702f [ 30.062799] R10: 000000000