[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.90' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.296582] [ 29.298204] ====================================================== [ 29.304497] WARNING: possible circular locking dependency detected [ 29.310787] 4.14.249-syzkaller #0 Not tainted [ 29.315249] ------------------------------------------------------ [ 29.321580] syz-executor862/7986 is trying to acquire lock: [ 29.327257] (&sig->cred_guard_mutex){+.+.}, at: [] proc_pid_personality+0x48/0x160 [ 29.336594] [ 29.336594] but task is already holding lock: [ 29.342578] (&p->lock){+.+.}, at: [] seq_read+0xba/0x1180 [ 29.349741] [ 29.349741] which lock already depends on the new lock. [ 29.349741] [ 29.358023] [ 29.358023] the existing dependency chain (in reverse order) is: [ 29.365613] [ 29.365613] -> #3 (&p->lock){+.+.}: [ 29.370698] __mutex_lock+0xc4/0x1310 [ 29.374989] seq_read+0xba/0x1180 [ 29.378933] proc_reg_read+0xee/0x1a0 [ 29.383228] do_iter_read+0x3eb/0x5b0 [ 29.387519] vfs_readv+0xc8/0x120 [ 29.391477] default_file_splice_read+0x418/0x910 [ 29.396811] do_splice_to+0xfb/0x140 [ 29.401016] splice_direct_to_actor+0x207/0x730 [ 29.406178] do_splice_direct+0x164/0x210 [ 29.410816] do_sendfile+0x47f/0xb30 [ 29.415020] SyS_sendfile64+0xff/0x110 [ 29.419400] do_syscall_64+0x1d5/0x640 [ 29.423779] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.429454] [ 29.429454] -> #2 (sb_writers#3){.+.+}: [ 29.434883] __sb_start_write+0x64/0x260 [ 29.439450] mnt_want_write+0x3a/0xb0 [ 29.443743] ovl_create_object+0x75/0x1d0 [ 29.448391] lookup_open+0x77a/0x1750 [ 29.452682] path_openat+0xe08/0x2970 [ 29.456972] do_filp_open+0x179/0x3c0 [ 29.461261] do_sys_open+0x296/0x410 [ 29.465465] do_syscall_64+0x1d5/0x640 [ 29.469843] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.475521] [ 29.475521] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}: [ 29.482248] down_read+0x36/0x80 [ 29.486105] path_openat+0x149b/0x2970 [ 29.490497] do_filp_open+0x179/0x3c0 [ 29.494788] do_open_execat+0xd3/0x450 [ 29.499166] do_execveat_common+0x711/0x1f30 [ 29.504065] SyS_execve+0x3b/0x50 [ 29.508011] do_syscall_64+0x1d5/0x640 [ 29.512394] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.518071] [ 29.518071] -> #0 (&sig->cred_guard_mutex){+.+.}: [ 29.524366] lock_acquire+0x170/0x3f0 [ 29.528657] __mutex_lock+0xc4/0x1310 [ 29.532949] proc_pid_personality+0x48/0x160 [ 29.537852] proc_single_show+0xe7/0x150 [ 29.542417] seq_read+0x4e4/0x1180 [ 29.546446] do_iter_read+0x3eb/0x5b0 [ 29.550750] vfs_readv+0xc8/0x120 [ 29.554695] SyS_preadv+0x15a/0x200 [ 29.558813] do_syscall_64+0x1d5/0x640 [ 29.563192] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.568867] [ 29.568867] other info that might help us debug this: [ 29.568867] [ 29.576980] Chain exists of: [ 29.576980] &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock [ 29.576980] [ 29.587615] Possible unsafe locking scenario: [ 29.587615] [ 29.593640] CPU0 CPU1 [ 29.598275] ---- ---- [ 29.602911] lock(&p->lock); [ 29.605985] lock(sb_writers#3); [ 29.611928] lock(&p->lock); [ 29.617518] lock(&sig->cred_guard_mutex); [ 29.621810] [ 29.621810] *** DEADLOCK *** [ 29.621810] [ 29.627842] 1 lock held by syz-executor862/7986: [ 29.632562] #0: (&p->lock){+.+.}, at: [] seq_read+0xba/0x1180 [ 29.640162] [ 29.640162] stack backtrace: [ 29.644647] CPU: 1 PID: 7986 Comm: syz-executor862 Not tainted 4.14.249-syzkaller #0 [ 29.652495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.661816] Call Trace: [ 29.664390] dump_stack+0x1b2/0x281 [ 29.667990] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.673762] __lock_acquire+0x2e0e/0x3f20 [ 29.677880] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 29.682954] ? trace_hardirqs_on+0x10/0x10 [ 29.687156] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 29.692229] ? __lock_acquire+0x5fc/0x3f20 [ 29.696436] lock_acquire+0x170/0x3f0 [ 29.700210] ? proc_pid_personality+0x48/0x160 [ 29.704762] ? proc_pid_personality+0x48/0x160 [ 29.709316] __mutex_lock+0xc4/0x1310 [ 29.713087] ? proc_pid_personality+0x48/0x160 [ 29.717638] ? proc_pid_personality+0x48/0x160 [ 29.722204] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 29.727629] ? get_pid_task+0x91/0x130 [ 29.731500] ? lock_downgrade+0x740/0x740 [ 29.735619] proc_pid_personality+0x48/0x160 [ 29.739998] proc_single_show+0xe7/0x150 [ 29.744043] seq_read+0x4e4/0x1180 [ 29.747556] ? seq_lseek+0x3d0/0x3d0 [ 29.751241] ? security_file_permission+0x82/0x1e0 [ 29.756145] ? rw_verify_area+0xe1/0x2a0 [ 29.760175] do_iter_read+0x3eb/0x5b0 [ 29.763947] vfs_readv+0xc8/0x120 [ 29.767371] ? compat_rw_copy_check_uvector+0x320/0x320 [ 29.772706] ? putname+0xcd/0x110 [ 29.776134] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 29.781552] ? putname+0xcd/0x110 [ 29.784977] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 29.789965] ? kmem_cache_free+0x23a/0x2b0 [ 29.794182] ? putname+0xcd/0x110 [ 29.797616] SyS_preadv+0x15a/0x200 [ 29.801213] ? SyS_writev+0x30/0x30 [ 29.804809] ? SyS_sendfile+0x130/0x130 [ 29.808751] ? do_syscall_64+0x4c/0x640 [ 29.812697] ? SyS_writev+0x30/0x30 [ 29.816293] do_syscall_64+0x1d5/0x640 [ 29.820150] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.825321] RIP: 0033:0x7fb72844a459 [ 29.829004] RSP: 002b:00007ffd8d24e368 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 29.836693] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fb72844a459 [ 29.843934] RDX: 0000000000000001 RSI: 0000000020000280