[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   28.029625] 
[   28.031288] ======================================================
[   28.037578] WARNING: possible circular locking dependency detected
[   28.043869] 4.14.246-syzkaller #0 Not tainted
[   28.048336] ------------------------------------------------------
[   28.054713] syz-executor709/7976 is trying to acquire lock:
[   28.060396]  (&sig->cred_guard_mutex){+.+.}, at: [<ffffffff81a0ad98>] proc_pid_personality+0x48/0x160
[   28.069739] 
[   28.069739] but task is already holding lock:
[   28.075683]  (&p->lock){+.+.}, at: [<ffffffff818ed94a>] seq_read+0xba/0x1180
[   28.082860] 
[   28.082860] which lock already depends on the new lock.
[   28.082860] 
[   28.091144] 
[   28.091144] the existing dependency chain (in reverse order) is:
[   28.098821] 
[   28.098821] -> #3 (&p->lock){+.+.}:
[   28.103905]        __mutex_lock+0xc4/0x1310
[   28.108201]        seq_read+0xba/0x1180
[   28.112148]        proc_reg_read+0xee/0x1a0
[   28.116442]        do_iter_read+0x3eb/0x5b0
[   28.120737]        vfs_readv+0xc8/0x120
[   28.124683]        default_file_splice_read+0x418/0x910
[   28.130019]        do_splice_to+0xfb/0x140
[   28.134224]        splice_direct_to_actor+0x207/0x730
[   28.139387]        do_splice_direct+0x164/0x210
[   28.144028]        do_sendfile+0x47f/0xb30
[   28.148232]        SyS_sendfile64+0xff/0x110
[   28.152610]        do_syscall_64+0x1d5/0x640
[   28.156993]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   28.162672] 
[   28.162672] -> #2 (sb_writers#3){.+.+}:
[   28.168189]        __sb_start_write+0x64/0x260
[   28.172763]        mnt_want_write+0x3a/0xb0
[   28.177138]        ovl_create_object+0x75/0x1d0
[   28.181784]        lookup_open+0x77a/0x1750
[   28.186077]        path_openat+0xe08/0x2970
[   28.190373]        do_filp_open+0x179/0x3c0
[   28.194671]        do_sys_open+0x296/0x410
[   28.198892]        do_syscall_64+0x1d5/0x640
[   28.203275]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   28.208958] 
[   28.208958] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}:
[   28.215694]        down_read+0x36/0x80
[   28.219560]        path_openat+0x149b/0x2970
[   28.223946]        do_filp_open+0x179/0x3c0
[   28.228241]        do_open_execat+0xd3/0x450
[   28.232663]        do_execveat_common+0x711/0x1f30
[   28.237653]        SyS_execve+0x3b/0x50
[   28.241609]        do_syscall_64+0x1d5/0x640
[   28.245997]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   28.251678] 
[   28.251678] -> #0 (&sig->cred_guard_mutex){+.+.}:
[   28.257991]        lock_acquire+0x170/0x3f0
[   28.262291]        __mutex_lock+0xc4/0x1310
[   28.266590]        proc_pid_personality+0x48/0x160
[   28.271496]        proc_single_show+0xe7/0x150
[   28.276061]        seq_read+0x4e4/0x1180
[   28.280097]        __vfs_read+0xe4/0x620
[   28.284232]        vfs_read+0x139/0x340
[   28.288177]        SyS_read+0xf2/0x210
[   28.292127]        do_syscall_64+0x1d5/0x640
[   28.296520]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   28.302213] 
[   28.302213] other info that might help us debug this:
[   28.302213] 
[   28.310324] Chain exists of:
[   28.310324]   &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock
[   28.310324] 
[   28.320969]  Possible unsafe locking scenario:
[   28.320969] 
[   28.327014]        CPU0                    CPU1
[   28.331657]        ----                    ----
[   28.336304]   lock(&p->lock);
[   28.339383]                                lock(sb_writers#3);
[   28.345326]                                lock(&p->lock);
[   28.350922]   lock(&sig->cred_guard_mutex);
[   28.355231] 
[   28.355231]  *** DEADLOCK ***
[   28.355231] 
[   28.361266] 1 lock held by syz-executor709/7976:
[   28.365993]  #0:  (&p->lock){+.+.}, at: [<ffffffff818ed94a>] seq_read+0xba/0x1180
[   28.373771] 
[   28.373771] stack backtrace:
[   28.378242] CPU: 1 PID: 7976 Comm: syz-executor709 Not tainted 4.14.246-syzkaller #0
[   28.386093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.395433] Call Trace:
[   28.397998]  dump_stack+0x1b2/0x281
[   28.401702]  print_circular_bug.constprop.0.cold+0x2d7/0x41e
[   28.407475]  __lock_acquire+0x2e0e/0x3f20
[   28.411597]  ? unwind_get_return_address+0x51/0x90
[   28.416507]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   28.421934]  ? trace_hardirqs_on+0x10/0x10
[   28.426145]  ? __lock_acquire+0x5fc/0x3f20
[   28.430361]  lock_acquire+0x170/0x3f0
[   28.434142]  ? proc_pid_personality+0x48/0x160
[   28.438706]  ? proc_pid_personality+0x48/0x160
[   28.443268]  __mutex_lock+0xc4/0x1310
[   28.447042]  ? proc_pid_personality+0x48/0x160
[   28.451598]  ? proc_pid_personality+0x48/0x160
[   28.456159]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[   28.461772]  ? get_pid_task+0x91/0x130
[   28.465635]  ? lock_downgrade+0x740/0x740
[   28.469756]  proc_pid_personality+0x48/0x160
[   28.474141]  proc_single_show+0xe7/0x150
[   28.478178]  seq_read+0x4e4/0x1180
[   28.481695]  ? seq_lseek+0x3d0/0x3d0
[   28.485381]  ? aa_path_link+0x3a0/0x3a0
[   28.489326]  ? fsnotify+0x974/0x11b0
[   28.493026]  ? lock_downgrade+0x740/0x740
[   28.497148]  __vfs_read+0xe4/0x620
[   28.500675]  ? seq_lseek+0x3d0/0x3d0
[   28.504360]  ? vfs_copy_file_range+0x9b0/0x9b0
[   28.508915]  ? common_file_perm+0x3ee/0x580
[   28.513212]  ? security_file_permission+0x82/0x1e0
[   28.518114]  ? rw_verify_area+0xe1/0x2a0
[   28.522147]  vfs_read+0x139/0x340
[   28.525571]  SyS_read+0xf2/0x210
[   28.528908]  ? kernel_write+0x110/0x110
[   28.532945]  ? SyS_sendfile+0x130/0x130
[   28.536978]  ? do_syscall_64+0x4c/0x640
[   28.540923]  ? kernel_write+0x110/0x110
[   28.544868]  do_syscall_64+0x1d5/0x640
[   28.548744]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   28.553905] RIP: 0033:0x43f299
[   28.557067] RSP: 002b:00007ffda5734c08 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   28.564764] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f299
[   28.572015] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[   28.579260] RBP: 00007ffda5734c