Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts.
executing program
[   53.517997] audit: type=1400 audit(1560431785.190:36): avc:  denied  { map } for  pid=7516 comm="syz-executor499" path="/root/syz-executor499006658" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   53.529014] 
[   53.545922] ======================================================
[   53.552244] WARNING: possible circular locking dependency detected
[   53.558653] 4.19.50 #22 Not tainted
[   53.562273] ------------------------------------------------------
[   53.568591] syz-executor499/7516 is trying to acquire lock:
[   53.574295] 0000000022e241f1 (&sig->cred_guard_mutex){+.+.}, at: do_io_accounting+0x1f4/0x830
[   53.582956] 
[   53.582956] but task is already holding lock:
[   53.588925] 000000001d704e75 (&p->lock){+.+.}, at: seq_read+0x71/0x1110
[   53.595694] 
[   53.595694] which lock already depends on the new lock.
[   53.595694] 
[   53.603996] 
[   53.603996] the existing dependency chain (in reverse order) is:
[   53.611597] 
[   53.611597] -> #3 (&p->lock){+.+.}:
[   53.616719]        __mutex_lock+0xf7/0x1300
[   53.621022]        mutex_lock_nested+0x16/0x20
[   53.625600]        seq_read+0x71/0x1110
[   53.629554]        do_iter_read+0x490/0x640
[   53.633854]        vfs_readv+0xf0/0x160
[   53.637808]        default_file_splice_read+0x478/0x890
[   53.643263]        do_splice_to+0x127/0x180
[   53.647601]        splice_direct_to_actor+0x256/0x890
[   53.652806]        do_splice_direct+0x1da/0x2a0
[   53.657454]        do_sendfile+0x597/0xce0
[   53.661670]        __x64_sys_sendfile64+0x1dd/0x220
[   53.666690]        do_syscall_64+0xfd/0x620
[   53.670994]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.676679] 
[   53.676679] -> #2 (sb_writers#4){.+.+}:
[   53.682146]        __sb_start_write+0x20b/0x360
[   53.686801]        mnt_want_write+0x3f/0xc0
[   53.691122]        ovl_want_write+0x76/0xa0
[   53.695429]        ovl_xattr_set+0x53/0x5b0
[   53.699729]        ovl_posix_acl_xattr_set+0x33a/0x9a0
[   53.704985]        __vfs_setxattr+0x11f/0x180
[   53.709460]        __vfs_setxattr_noperm+0x11c/0x410
[   53.714629]        vfs_setxattr+0xda/0x100
[   53.718852]        setxattr+0x26f/0x380
[   53.722807]        path_setxattr+0x197/0x1b0
[   53.727196]        __x64_sys_setxattr+0xc4/0x150
[   53.731933]        do_syscall_64+0xfd/0x620
[   53.736235]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.741923] 
[   53.741923] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}:
[   53.748683]        down_read+0x3b/0xb0
[   53.752554]        path_openat+0x1e77/0x4690
[   53.756940]        do_filp_open+0x1a1/0x280
[   53.761259]        do_open_execat+0x140/0x660
[   53.765752]        __do_execve_file.isra.0+0x15a4/0x2150
[   53.771182]        __x64_sys_execveat+0xed/0x130
[   53.775937]        do_syscall_64+0xfd/0x620
[   53.780242]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.786149] 
[   53.786149] -> #0 (&sig->cred_guard_mutex){+.+.}:
[   53.792473]        lock_acquire+0x16f/0x3f0
[   53.796783]        __mutex_lock+0xf7/0x1300
[   53.801084]        mutex_lock_killable_nested+0x16/0x20
[   53.806441]        do_io_accounting+0x1f4/0x830
[   53.811091]        proc_tid_io_accounting+0x20/0x30
[   53.816086]        proc_single_show+0xf0/0x180
[   53.820649]        seq_read+0x4ca/0x1110
[   53.824696]        do_iter_read+0x490/0x640
[   53.829015]        vfs_readv+0xf0/0x160
[   53.832991]        default_file_splice_read+0x478/0x890
[   53.838353]        do_splice_to+0x127/0x180
[   53.842660]        splice_direct_to_actor+0x256/0x890
[   53.847828]        do_splice_direct+0x1da/0x2a0
[   53.852477]        do_sendfile+0x597/0xce0
[   53.856691]        __x64_sys_sendfile64+0x1dd/0x220
[   53.861690]        do_syscall_64+0xfd/0x620
[   53.865991]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.871676] 
[   53.871676] other info that might help us debug this:
[   53.871676] 
[   53.879816] Chain exists of:
[   53.879816]   &sig->cred_guard_mutex --> sb_writers#4 --> &p->lock
[   53.879816] 
[   53.890475]  Possible unsafe locking scenario:
[   53.890475] 
[   53.896511]        CPU0                    CPU1
[   53.901153]        ----                    ----
[   53.905796]   lock(&p->lock);
[   53.908896]                                lock(sb_writers#4);
[   53.914880]                                lock(&p->lock);
[   53.920489]   lock(&sig->cred_guard_mutex);
[   53.924788] 
[   53.924788]  *** DEADLOCK ***
[   53.924788] 
[   53.930845] 2 locks held by syz-executor499/7516:
[   53.935662]  #0: 000000009e00f5b3 (sb_writers#4){.+.+}, at: do_sendfile+0x9b9/0xce0
[   53.943473]  #1: 000000001d704e75 (&p->lock){+.+.}, at: seq_read+0x71/0x1110
[   53.950650] 
[   53.950650] stack backtrace:
[   53.955130] CPU: 0 PID: 7516 Comm: syz-executor499 Not tainted 4.19.50 #22
[   53.962121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.971456] Call Trace:
[   53.974037]  dump_stack+0x172/0x1f0
[   53.977651]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   53.983094]  __lock_acquire+0x2e6d/0x48f0
[   53.987229]  ? mark_held_locks+0x100/0x100
[   53.991450]  ? depot_save_stack+0x1de/0x460
[   53.995752]  ? find_held_lock+0x35/0x130
[   53.999797]  ? depot_save_stack+0x1de/0x460
[   54.004102]  ? __lock_is_held+0xb6/0x140
[   54.008148]  ? do_io_accounting+0x1f4/0x830
[   54.012467]  lock_acquire+0x16f/0x3f0
[   54.016248]  ? do_io_accounting+0x1f4/0x830
[   54.020554]  ? do_io_accounting+0x1f4/0x830
[   54.024872]  __mutex_lock+0xf7/0x1300
[   54.028672]  ? do_io_accounting+0x1f4/0x830
[   54.032974]  ? __lock_acquire+0x6eb/0x48f0
[   54.037189]  ? do_io_accounting+0x1f4/0x830
[   54.041495]  ? kasan_kmalloc+0xce/0xf0
[   54.045359]  ? __kmalloc_node+0x51/0x80
[   54.049328]  ? seq_read+0x817/0x1110
[   54.053020]  ? vfs_readv+0xf0/0x160
[   54.056627]  ? mutex_trylock+0x1e0/0x1e0
[   54.060670]  ? do_splice_direct+0x1da/0x2a0
[   54.064977]  ? mark_held_locks+0x100/0x100
[   54.069193]  ? __lock_is_held+0xb6/0x140
[   54.073241]  mutex_lock_killable_nested+0x16/0x20
[   54.078067]  ? mutex_lock_killable_nested+0x16/0x20
[   54.083074]  do_io_accounting+0x1f4/0x830
[   54.087208]  ? proc_pid_stack+0x2c0/0x2c0
[   54.091339]  ? kasan_check_read+0x11/0x20
[   54.095466]  proc_tid_io_accounting+0x20/0x30
[   54.099944]  proc_single_show+0xf0/0x180
[   54.103985]  seq_read+0x4ca/0x1110
[   54.107509]  do_iter_read+0x490/0x640
[   54.111292]  ? dup_iter+0x280/0x280
[   54.114902]  vfs_readv+0xf0/0x160
[   54.118339]  ? compat_rw_copy_check_uvector+0x3f0/0x3f0
[   54.123689]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   54.129208]  ? push_pipe+0x417/0x7a0
[   54.132905]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   54.138427]  ? iov_iter_revert+0xa50/0xa50
[   54.142696]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   54.147784]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   54.152797]  ? iov_iter_pipe+0xbe/0x2f0
[   54.156759]  default_file_splice_read+0x478/0x890
[   54.161584]  ? save_stack+0x45/0xd0
[   54.165289]  ? kasan_kmalloc+0xce/0xf0
[   54.169159]  ? __kmalloc+0x15d/0x750
[   54.172857]  ? iter_file_splice_write+0xbd0/0xbd0
[   54.177693]  ? mark_held_locks+0x100/0x100
[   54.181940]  ? __lock_is_held+0xb6/0x140
[   54.186003]  ? fsnotify+0x8ba/0xf00
[   54.189632]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.195166]  ? fsnotify_first_mark+0x210/0x210
[   54.199735]  ? __inode_security_revalidate+0xda/0x120
[   54.204904]  ? avc_policy_seqno+0xd/0x70
[   54.208944]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   54.213948]  ? security_file_permission+0x89/0x230
[   54.218860]  ? iter_file_splice_write+0xbd0/0xbd0
[   54.223687]  do_splice_to+0x127/0x180
[   54.227470]  splice_direct_to_actor+0x256/0x890
[   54.232120]  ? generic_pipe_buf_nosteal+0x10/0x10
[   54.236947]  ? do_splice_to+0x180/0x180
[   54.240906]  ? security_file_permission+0x89/0x230
[   54.245833]  ? rw_verify_area+0x118/0x360
[   54.249979]  do_splice_direct+0x1da/0x2a0
[   54.254108]  ? splice_direct_to_actor+0x890/0x890
[   54.258950]  ? rcu_read_lock_sched_held+0x110/0x130
[   54.263949]  ? rcu_sync_lockdep_assert+0x6d/0xb0
[   54.268686]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.274204]  ? __sb_start_write+0x1ac/0x360
[   54.278505]  do_sendfile+0x597/0xce0
[   54.282209]  ? do_compat_pwritev64+0x1c0/0x1c0
[   54.286770]  ? do_sys_open+0x31d/0x550
[   54.290640]  __x64_sys_sendfile64+0x1dd/0x220
[   54.295116]  ? __ia32_sys_sendfile+0x230/0x230
[   54.299678]  ? do_syscall_64+0x26/0x620
[   54.303647]  ? lockdep_hardirqs_on+0x415/0x5d0
[   54.308232]  ? trace_hardirqs_on+0x67/0x220
[   54.312548]  do_syscall_64+0xfd/0x620
[   54.316331]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.321503] RIP: 0033:0x440489
[   54.324678] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   54.343577] RSP: 002b:00007ffe57ac8268 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   54.351271] RAX: ffffffffffffffda RBX: 0000000000006f69 RCX: 0000000000440489
[   54.358535] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005
[   54.365789] RBP: 00000000006cb018 R08: 68742f636f72702f R09: 68742f