Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. executing program [ 53.517997] audit: type=1400 audit(1560431785.190:36): avc: denied { map } for pid=7516 comm="syz-executor499" path="/root/syz-executor499006658" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 53.529014] [ 53.545922] ====================================================== [ 53.552244] WARNING: possible circular locking dependency detected [ 53.558653] 4.19.50 #22 Not tainted [ 53.562273] ------------------------------------------------------ [ 53.568591] syz-executor499/7516 is trying to acquire lock: [ 53.574295] 0000000022e241f1 (&sig->cred_guard_mutex){+.+.}, at: do_io_accounting+0x1f4/0x830 [ 53.582956] [ 53.582956] but task is already holding lock: [ 53.588925] 000000001d704e75 (&p->lock){+.+.}, at: seq_read+0x71/0x1110 [ 53.595694] [ 53.595694] which lock already depends on the new lock. [ 53.595694] [ 53.603996] [ 53.603996] the existing dependency chain (in reverse order) is: [ 53.611597] [ 53.611597] -> #3 (&p->lock){+.+.}: [ 53.616719] __mutex_lock+0xf7/0x1300 [ 53.621022] mutex_lock_nested+0x16/0x20 [ 53.625600] seq_read+0x71/0x1110 [ 53.629554] do_iter_read+0x490/0x640 [ 53.633854] vfs_readv+0xf0/0x160 [ 53.637808] default_file_splice_read+0x478/0x890 [ 53.643263] do_splice_to+0x127/0x180 [ 53.647601] splice_direct_to_actor+0x256/0x890 [ 53.652806] do_splice_direct+0x1da/0x2a0 [ 53.657454] do_sendfile+0x597/0xce0 [ 53.661670] __x64_sys_sendfile64+0x1dd/0x220 [ 53.666690] do_syscall_64+0xfd/0x620 [ 53.670994] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.676679] [ 53.676679] -> #2 (sb_writers#4){.+.+}: [ 53.682146] __sb_start_write+0x20b/0x360 [ 53.686801] mnt_want_write+0x3f/0xc0 [ 53.691122] ovl_want_write+0x76/0xa0 [ 53.695429] ovl_xattr_set+0x53/0x5b0 [ 53.699729] ovl_posix_acl_xattr_set+0x33a/0x9a0 [ 53.704985] __vfs_setxattr+0x11f/0x180 [ 53.709460] __vfs_setxattr_noperm+0x11c/0x410 [ 53.714629] vfs_setxattr+0xda/0x100 [ 53.718852] setxattr+0x26f/0x380 [ 53.722807] path_setxattr+0x197/0x1b0 [ 53.727196] __x64_sys_setxattr+0xc4/0x150 [ 53.731933] do_syscall_64+0xfd/0x620 [ 53.736235] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.741923] [ 53.741923] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}: [ 53.748683] down_read+0x3b/0xb0 [ 53.752554] path_openat+0x1e77/0x4690 [ 53.756940] do_filp_open+0x1a1/0x280 [ 53.761259] do_open_execat+0x140/0x660 [ 53.765752] __do_execve_file.isra.0+0x15a4/0x2150 [ 53.771182] __x64_sys_execveat+0xed/0x130 [ 53.775937] do_syscall_64+0xfd/0x620 [ 53.780242] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.786149] [ 53.786149] -> #0 (&sig->cred_guard_mutex){+.+.}: [ 53.792473] lock_acquire+0x16f/0x3f0 [ 53.796783] __mutex_lock+0xf7/0x1300 [ 53.801084] mutex_lock_killable_nested+0x16/0x20 [ 53.806441] do_io_accounting+0x1f4/0x830 [ 53.811091] proc_tid_io_accounting+0x20/0x30 [ 53.816086] proc_single_show+0xf0/0x180 [ 53.820649] seq_read+0x4ca/0x1110 [ 53.824696] do_iter_read+0x490/0x640 [ 53.829015] vfs_readv+0xf0/0x160 [ 53.832991] default_file_splice_read+0x478/0x890 [ 53.838353] do_splice_to+0x127/0x180 [ 53.842660] splice_direct_to_actor+0x256/0x890 [ 53.847828] do_splice_direct+0x1da/0x2a0 [ 53.852477] do_sendfile+0x597/0xce0 [ 53.856691] __x64_sys_sendfile64+0x1dd/0x220 [ 53.861690] do_syscall_64+0xfd/0x620 [ 53.865991] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.871676] [ 53.871676] other info that might help us debug this: [ 53.871676] [ 53.879816] Chain exists of: [ 53.879816] &sig->cred_guard_mutex --> sb_writers#4 --> &p->lock [ 53.879816] [ 53.890475] Possible unsafe locking scenario: [ 53.890475] [ 53.896511] CPU0 CPU1 [ 53.901153] ---- ---- [ 53.905796] lock(&p->lock); [ 53.908896] lock(sb_writers#4); [ 53.914880] lock(&p->lock); [ 53.920489] lock(&sig->cred_guard_mutex); [ 53.924788] [ 53.924788] *** DEADLOCK *** [ 53.924788] [ 53.930845] 2 locks held by syz-executor499/7516: [ 53.935662] #0: 000000009e00f5b3 (sb_writers#4){.+.+}, at: do_sendfile+0x9b9/0xce0 [ 53.943473] #1: 000000001d704e75 (&p->lock){+.+.}, at: seq_read+0x71/0x1110 [ 53.950650] [ 53.950650] stack backtrace: [ 53.955130] CPU: 0 PID: 7516 Comm: syz-executor499 Not tainted 4.19.50 #22 [ 53.962121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.971456] Call Trace: [ 53.974037] dump_stack+0x172/0x1f0 [ 53.977651] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 53.983094] __lock_acquire+0x2e6d/0x48f0 [ 53.987229] ? mark_held_locks+0x100/0x100 [ 53.991450] ? depot_save_stack+0x1de/0x460 [ 53.995752] ? find_held_lock+0x35/0x130 [ 53.999797] ? depot_save_stack+0x1de/0x460 [ 54.004102] ? __lock_is_held+0xb6/0x140 [ 54.008148] ? do_io_accounting+0x1f4/0x830 [ 54.012467] lock_acquire+0x16f/0x3f0 [ 54.016248] ? do_io_accounting+0x1f4/0x830 [ 54.020554] ? do_io_accounting+0x1f4/0x830 [ 54.024872] __mutex_lock+0xf7/0x1300 [ 54.028672] ? do_io_accounting+0x1f4/0x830 [ 54.032974] ? __lock_acquire+0x6eb/0x48f0 [ 54.037189] ? do_io_accounting+0x1f4/0x830 [ 54.041495] ? kasan_kmalloc+0xce/0xf0 [ 54.045359] ? __kmalloc_node+0x51/0x80 [ 54.049328] ? seq_read+0x817/0x1110 [ 54.053020] ? vfs_readv+0xf0/0x160 [ 54.056627] ? mutex_trylock+0x1e0/0x1e0 [ 54.060670] ? do_splice_direct+0x1da/0x2a0 [ 54.064977] ? mark_held_locks+0x100/0x100 [ 54.069193] ? __lock_is_held+0xb6/0x140 [ 54.073241] mutex_lock_killable_nested+0x16/0x20 [ 54.078067] ? mutex_lock_killable_nested+0x16/0x20 [ 54.083074] do_io_accounting+0x1f4/0x830 [ 54.087208] ? proc_pid_stack+0x2c0/0x2c0 [ 54.091339] ? kasan_check_read+0x11/0x20 [ 54.095466] proc_tid_io_accounting+0x20/0x30 [ 54.099944] proc_single_show+0xf0/0x180 [ 54.103985] seq_read+0x4ca/0x1110 [ 54.107509] do_iter_read+0x490/0x640 [ 54.111292] ? dup_iter+0x280/0x280 [ 54.114902] vfs_readv+0xf0/0x160 [ 54.118339] ? compat_rw_copy_check_uvector+0x3f0/0x3f0 [ 54.123689] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.129208] ? push_pipe+0x417/0x7a0 [ 54.132905] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.138427] ? iov_iter_revert+0xa50/0xa50 [ 54.142696] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 54.147784] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 54.152797] ? iov_iter_pipe+0xbe/0x2f0 [ 54.156759] default_file_splice_read+0x478/0x890 [ 54.161584] ? save_stack+0x45/0xd0 [ 54.165289] ? kasan_kmalloc+0xce/0xf0 [ 54.169159] ? __kmalloc+0x15d/0x750 [ 54.172857] ? iter_file_splice_write+0xbd0/0xbd0 [ 54.177693] ? mark_held_locks+0x100/0x100 [ 54.181940] ? __lock_is_held+0xb6/0x140 [ 54.186003] ? fsnotify+0x8ba/0xf00 [ 54.189632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.195166] ? fsnotify_first_mark+0x210/0x210 [ 54.199735] ? __inode_security_revalidate+0xda/0x120 [ 54.204904] ? avc_policy_seqno+0xd/0x70 [ 54.208944] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 54.213948] ? security_file_permission+0x89/0x230 [ 54.218860] ? iter_file_splice_write+0xbd0/0xbd0 [ 54.223687] do_splice_to+0x127/0x180 [ 54.227470] splice_direct_to_actor+0x256/0x890 [ 54.232120] ? generic_pipe_buf_nosteal+0x10/0x10 [ 54.236947] ? do_splice_to+0x180/0x180 [ 54.240906] ? security_file_permission+0x89/0x230 [ 54.245833] ? rw_verify_area+0x118/0x360 [ 54.249979] do_splice_direct+0x1da/0x2a0 [ 54.254108] ? splice_direct_to_actor+0x890/0x890 [ 54.258950] ? rcu_read_lock_sched_held+0x110/0x130 [ 54.263949] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 54.268686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.274204] ? __sb_start_write+0x1ac/0x360 [ 54.278505] do_sendfile+0x597/0xce0 [ 54.282209] ? do_compat_pwritev64+0x1c0/0x1c0 [ 54.286770] ? do_sys_open+0x31d/0x550 [ 54.290640] __x64_sys_sendfile64+0x1dd/0x220 [ 54.295116] ? __ia32_sys_sendfile+0x230/0x230 [ 54.299678] ? do_syscall_64+0x26/0x620 [ 54.303647] ? lockdep_hardirqs_on+0x415/0x5d0 [ 54.308232] ? trace_hardirqs_on+0x67/0x220 [ 54.312548] do_syscall_64+0xfd/0x620 [ 54.316331] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.321503] RIP: 0033:0x440489 [ 54.324678] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.343577] RSP: 002b:00007ffe57ac8268 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 54.351271] RAX: ffffffffffffffda RBX: 0000000000006f69 RCX: 0000000000440489 [ 54.358535] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 54.365789] RBP: 00000000006cb018 R08: 68742f636f72702f R09: 68742f