[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.029625] [ 28.031288] ====================================================== [ 28.037578] WARNING: possible circular locking dependency detected [ 28.043869] 4.14.246-syzkaller #0 Not tainted [ 28.048336] ------------------------------------------------------ [ 28.054713] syz-executor709/7976 is trying to acquire lock: [ 28.060396] (&sig->cred_guard_mutex){+.+.}, at: [] proc_pid_personality+0x48/0x160 [ 28.069739] [ 28.069739] but task is already holding lock: [ 28.075683] (&p->lock){+.+.}, at: [] seq_read+0xba/0x1180 [ 28.082860] [ 28.082860] which lock already depends on the new lock. [ 28.082860] [ 28.091144] [ 28.091144] the existing dependency chain (in reverse order) is: [ 28.098821] [ 28.098821] -> #3 (&p->lock){+.+.}: [ 28.103905] __mutex_lock+0xc4/0x1310 [ 28.108201] seq_read+0xba/0x1180 [ 28.112148] proc_reg_read+0xee/0x1a0 [ 28.116442] do_iter_read+0x3eb/0x5b0 [ 28.120737] vfs_readv+0xc8/0x120 [ 28.124683] default_file_splice_read+0x418/0x910 [ 28.130019] do_splice_to+0xfb/0x140 [ 28.134224] splice_direct_to_actor+0x207/0x730 [ 28.139387] do_splice_direct+0x164/0x210 [ 28.144028] do_sendfile+0x47f/0xb30 [ 28.148232] SyS_sendfile64+0xff/0x110 [ 28.152610] do_syscall_64+0x1d5/0x640 [ 28.156993] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.162672] [ 28.162672] -> #2 (sb_writers#3){.+.+}: [ 28.168189] __sb_start_write+0x64/0x260 [ 28.172763] mnt_want_write+0x3a/0xb0 [ 28.177138] ovl_create_object+0x75/0x1d0 [ 28.181784] lookup_open+0x77a/0x1750 [ 28.186077] path_openat+0xe08/0x2970 [ 28.190373] do_filp_open+0x179/0x3c0 [ 28.194671] do_sys_open+0x296/0x410 [ 28.198892] do_syscall_64+0x1d5/0x640 [ 28.203275] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.208958] [ 28.208958] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}: [ 28.215694] down_read+0x36/0x80 [ 28.219560] path_openat+0x149b/0x2970 [ 28.223946] do_filp_open+0x179/0x3c0 [ 28.228241] do_open_execat+0xd3/0x450 [ 28.232663] do_execveat_common+0x711/0x1f30 [ 28.237653] SyS_execve+0x3b/0x50 [ 28.241609] do_syscall_64+0x1d5/0x640 [ 28.245997] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.251678] [ 28.251678] -> #0 (&sig->cred_guard_mutex){+.+.}: [ 28.257991] lock_acquire+0x170/0x3f0 [ 28.262291] __mutex_lock+0xc4/0x1310 [ 28.266590] proc_pid_personality+0x48/0x160 [ 28.271496] proc_single_show+0xe7/0x150 [ 28.276061] seq_read+0x4e4/0x1180 [ 28.280097] __vfs_read+0xe4/0x620 [ 28.284232] vfs_read+0x139/0x340 [ 28.288177] SyS_read+0xf2/0x210 [ 28.292127] do_syscall_64+0x1d5/0x640 [ 28.296520] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.302213] [ 28.302213] other info that might help us debug this: [ 28.302213] [ 28.310324] Chain exists of: [ 28.310324] &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock [ 28.310324] [ 28.320969] Possible unsafe locking scenario: [ 28.320969] [ 28.327014] CPU0 CPU1 [ 28.331657] ---- ---- [ 28.336304] lock(&p->lock); [ 28.339383] lock(sb_writers#3); [ 28.345326] lock(&p->lock); [ 28.350922] lock(&sig->cred_guard_mutex); [ 28.355231] [ 28.355231] *** DEADLOCK *** [ 28.355231] [ 28.361266] 1 lock held by syz-executor709/7976: [ 28.365993] #0: (&p->lock){+.+.}, at: [] seq_read+0xba/0x1180 [ 28.373771] [ 28.373771] stack backtrace: [ 28.378242] CPU: 1 PID: 7976 Comm: syz-executor709 Not tainted 4.14.246-syzkaller #0 [ 28.386093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.395433] Call Trace: [ 28.397998] dump_stack+0x1b2/0x281 [ 28.401702] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.407475] __lock_acquire+0x2e0e/0x3f20 [ 28.411597] ? unwind_get_return_address+0x51/0x90 [ 28.416507] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.421934] ? trace_hardirqs_on+0x10/0x10 [ 28.426145] ? __lock_acquire+0x5fc/0x3f20 [ 28.430361] lock_acquire+0x170/0x3f0 [ 28.434142] ? proc_pid_personality+0x48/0x160 [ 28.438706] ? proc_pid_personality+0x48/0x160 [ 28.443268] __mutex_lock+0xc4/0x1310 [ 28.447042] ? proc_pid_personality+0x48/0x160 [ 28.451598] ? proc_pid_personality+0x48/0x160 [ 28.456159] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 28.461772] ? get_pid_task+0x91/0x130 [ 28.465635] ? lock_downgrade+0x740/0x740 [ 28.469756] proc_pid_personality+0x48/0x160 [ 28.474141] proc_single_show+0xe7/0x150 [ 28.478178] seq_read+0x4e4/0x1180 [ 28.481695] ? seq_lseek+0x3d0/0x3d0 [ 28.485381] ? aa_path_link+0x3a0/0x3a0 [ 28.489326] ? fsnotify+0x974/0x11b0 [ 28.493026] ? lock_downgrade+0x740/0x740 [ 28.497148] __vfs_read+0xe4/0x620 [ 28.500675] ? seq_lseek+0x3d0/0x3d0 [ 28.504360] ? vfs_copy_file_range+0x9b0/0x9b0 [ 28.508915] ? common_file_perm+0x3ee/0x580 [ 28.513212] ? security_file_permission+0x82/0x1e0 [ 28.518114] ? rw_verify_area+0xe1/0x2a0 [ 28.522147] vfs_read+0x139/0x340 [ 28.525571] SyS_read+0xf2/0x210 [ 28.528908] ? kernel_write+0x110/0x110 [ 28.532945] ? SyS_sendfile+0x130/0x130 [ 28.536978] ? do_syscall_64+0x4c/0x640 [ 28.540923] ? kernel_write+0x110/0x110 [ 28.544868] do_syscall_64+0x1d5/0x640 [ 28.548744] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.553905] RIP: 0033:0x43f299 [ 28.557067] RSP: 002b:00007ffda5734c08 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 28.564764] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f299 [ 28.572015] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 28.579260] RBP: 00007ffda5734c