Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 31.015637] [ 31.017425] ====================================================== [ 31.023757] WARNING: possible circular locking dependency detected [ 31.030053] 4.14.234-syzkaller #0 Not tainted [ 31.034523] ------------------------------------------------------ [ 31.040822] syz-executor218/7975 is trying to acquire lock: [ 31.046602] (&sig->cred_guard_mutex){+.+.}, at: [] proc_pid_syscall+0xa7/0x2a0 [ 31.055602] [ 31.055602] but task is already holding lock: [ 31.061593] (&p->lock){+.+.}, at: [] seq_read+0xba/0x1120 [ 31.068766] [ 31.068766] which lock already depends on the new lock. [ 31.068766] [ 31.077055] [ 31.077055] the existing dependency chain (in reverse order) is: [ 31.084766] [ 31.084766] -> #3 (&p->lock){+.+.}: [ 31.089882] __mutex_lock+0xc4/0x1310 [ 31.094182] seq_read+0xba/0x1120 [ 31.098151] do_iter_read+0x3eb/0x5b0 [ 31.102447] vfs_readv+0xc8/0x120 [ 31.106397] default_file_splice_read+0x418/0x910 [ 31.111736] do_splice_to+0xfb/0x140 [ 31.115945] splice_direct_to_actor+0x207/0x730 [ 31.121128] do_splice_direct+0x164/0x210 [ 31.125812] do_sendfile+0x47f/0xb30 [ 31.130049] SyS_sendfile64+0xff/0x110 [ 31.134455] do_syscall_64+0x1d5/0x640 [ 31.138842] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.144555] [ 31.144555] -> #2 (sb_writers#3){.+.+}: [ 31.150013] __sb_start_write+0x64/0x260 [ 31.154568] mnt_want_write+0x3a/0xb0 [ 31.159060] ovl_create_object+0x75/0x1d0 [ 31.163707] lookup_open+0x77a/0x1750 [ 31.168002] path_openat+0xe08/0x2970 [ 31.172317] do_filp_open+0x179/0x3c0 [ 31.176612] do_sys_open+0x296/0x410 [ 31.180823] do_syscall_64+0x1d5/0x640 [ 31.185206] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.190904] [ 31.190904] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}: [ 31.197643] down_read+0x36/0x80 [ 31.201510] path_openat+0x149b/0x2970 [ 31.205891] do_filp_open+0x179/0x3c0 [ 31.210220] do_open_execat+0xd3/0x450 [ 31.214604] do_execveat_common+0x711/0x1f30 [ 31.219508] SyS_execve+0x3b/0x50 [ 31.223475] do_syscall_64+0x1d5/0x640 [ 31.227877] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.233559] [ 31.233559] -> #0 (&sig->cred_guard_mutex){+.+.}: [ 31.239882] lock_acquire+0x170/0x3f0 [ 31.244175] __mutex_lock+0xc4/0x1310 [ 31.248472] proc_pid_syscall+0xa7/0x2a0 [ 31.253034] proc_single_show+0xe7/0x150 [ 31.257587] seq_read+0x4cf/0x1120 [ 31.261619] do_iter_read+0x3eb/0x5b0 [ 31.265917] vfs_readv+0xc8/0x120 [ 31.269877] default_file_splice_read+0x418/0x910 [ 31.275234] do_splice_to+0xfb/0x140 [ 31.279443] splice_direct_to_actor+0x207/0x730 [ 31.284606] do_splice_direct+0x164/0x210 [ 31.289252] do_sendfile+0x47f/0xb30 [ 31.293461] SyS_sendfile64+0xff/0x110 [ 31.297856] do_syscall_64+0x1d5/0x640 [ 31.302249] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.307996] [ 31.307996] other info that might help us debug this: [ 31.307996] [ 31.316175] Chain exists of: [ 31.316175] &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock [ 31.316175] [ 31.326826] Possible unsafe locking scenario: [ 31.326826] [ 31.332866] CPU0 CPU1 [ 31.337508] ---- ---- [ 31.342184] lock(&p->lock); [ 31.345267] lock(sb_writers#3); [ 31.351217] lock(&p->lock); [ 31.356815] lock(&sig->cred_guard_mutex); [ 31.361109] [ 31.361109] *** DEADLOCK *** [ 31.361109] [ 31.367142] 2 locks held by syz-executor218/7975: [ 31.371960] #0: (sb_writers#3){.+.+}, at: [] do_sendfile+0x84f/0xb30 [ 31.380177] #1: (&p->lock){+.+.}, at: [] seq_read+0xba/0x1120 [ 31.387780] [ 31.387780] stack backtrace: [ 31.392252] CPU: 1 PID: 7975 Comm: syz-executor218 Not tainted 4.14.234-syzkaller #0 [ 31.400105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.409450] Call Trace: [ 31.412019] dump_stack+0x1b2/0x281 [ 31.415655] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 31.421434] __lock_acquire+0x2e0e/0x3f20 [ 31.425561] ? is_bpf_text_address+0x91/0x150 [ 31.430126] ? trace_hardirqs_on+0x10/0x10 [ 31.434347] ? lock_acquire+0x170/0x3f0 [ 31.438312] ? depot_save_stack+0x1d3/0x3f0 [ 31.442622] ? mark_held_locks+0xa6/0xf0 [ 31.446662] lock_acquire+0x170/0x3f0 [ 31.450442] ? proc_pid_syscall+0xa7/0x2a0 [ 31.454651] ? proc_pid_syscall+0xa7/0x2a0 [ 31.458877] __mutex_lock+0xc4/0x1310 [ 31.462652] ? proc_pid_syscall+0xa7/0x2a0 [ 31.466871] ? __lock_acquire+0x5fc/0x3f20 [ 31.471081] ? proc_pid_syscall+0xa7/0x2a0 [ 31.475292] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 31.480726] ? do_sendfile+0x47f/0xb30 [ 31.484600] ? SyS_sendfile64+0xff/0x110 [ 31.488642] ? do_syscall_64+0x1d5/0x640 [ 31.492686] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.498032] ? trace_hardirqs_on+0x10/0x10 [ 31.502432] proc_pid_syscall+0xa7/0x2a0 [ 31.506744] ? fs_reclaim_release+0xd0/0x110 [ 31.511299] ? proc_pid_get_link+0xf0/0xf0 [ 31.515504] ? get_pid_task+0x91/0x130 [ 31.519365] ? lock_downgrade+0x740/0x740 [ 31.523511] proc_single_show+0xe7/0x150 [ 31.527578] seq_read+0x4cf/0x1120 [ 31.531096] ? seq_lseek+0x3d0/0x3d0 [ 31.534793] ? security_file_permission+0x82/0x1e0 [ 31.539713] ? rw_verify_area+0xe1/0x2a0 [ 31.543835] do_iter_read+0x3eb/0x5b0 [ 31.547610] vfs_readv+0xc8/0x120 [ 31.551035] ? compat_rw_copy_check_uvector+0x320/0x320 [ 31.556371] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 31.561682] ? push_pipe+0x3cb/0x750 [ 31.565377] ? iov_iter_get_pages_alloc+0x2ae/0xf00 [ 31.570369] ? iov_iter_bvec+0x110/0x110 [ 31.574452] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 31.579529] ? depot_save_stack+0x1d3/0x3f0 [ 31.583825] ? iov_iter_pipe+0x93/0x2b0 [ 31.587818] default_file_splice_read+0x418/0x910 [ 31.592636] ? lock_downgrade+0x740/0x740 [ 31.596846] ? do_splice_direct+0x210/0x210 [ 31.601318] ? trace_hardirqs_on+0x10/0x10 [ 31.605523] ? trace_hardirqs_on+0x10/0x10 [ 31.609730] ? fsnotify+0x974/0x11b0 [ 31.613417] ? __fsnotify_inode_delete+0x20/0x20 [ 31.618236] ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0 [ 31.624877] ? common_file_perm+0x3ee/0x580 [ 31.629177] ? security_file_permission+0x82/0x1e0 [ 31.634079] ? rw_verify_area+0xe1/0x2a0 [ 31.638112] ? do_splice_direct+0x210/0x210 [ 31.642408] do_splice_to+0xfb/0x140 [ 31.646103] splice_direct_to_actor+0x207/0x730 [ 31.650752] ? common_file_perm+0x3ee/0x580 [ 31.655056] ? generic_pipe_buf_nosteal+0x10/0x10 [ 31.659872] ? do_splice_to+0x140/0x140 [ 31.663818] ? rw_verify_area+0xe1/0x2a0 [ 31.667851] do_splice_direct+0x164/0x210 [ 31.671997] ? splice_direct_to_actor+0x730/0x730 [ 31.676828] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 31.681918] do_sendfile+0x47f/0xb30 [ 31.685822] ? do_compat_writev+0x180/0x180 [ 31.690183] ? putname+0xcd/0x110 [ 31.693700] ? do_sys_open+0x208/0x410 [ 31.697965] SyS_sendfile64+0xff/0x110 [ 31.702018] ? SyS_sendfile+0x130/0x130 [ 31.706161] ? do_syscall_64+0x4c/0x640 [ 31.710118] ? SyS_sendfile+0x130/0x130 [ 31.714080] do_syscall_64+0x1d5/0x640 [ 31.717945] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.723127] RIP: 0033:0x43f239 [ 31.726293] RSP: 002b:00007ffcd4493098 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 31.734075] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f239 [ 31.741335] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 31.748588] RBP: 00007ffcd44930a0 R08: 68742f636f72702f R09: 68742f636f72702f [ 31.755851] R10: 0000000000000007 R11: 0000000000000246 R12: 00000000004031c0 [ 31.763102] R13: 0000000000000000 R14: 00000000004ad018 R15: 0000