Warning: Permanently added '10.128.1.9' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.164793] audit: type=1400 audit(1598709280.760:8): avc: denied { execmem } for pid=6340 comm="syz-executor057" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 34.203571] [ 34.205247] ====================================================== [ 34.211537] WARNING: possible circular locking dependency detected [ 34.217826] 4.14.195-syzkaller #0 Not tainted [ 34.222288] ------------------------------------------------------ [ 34.228578] syz-executor057/6340 is trying to acquire lock: [ 34.234268] (&sig->cred_guard_mutex){+.+.}, at: [] proc_pid_personality+0x48/0x160 [ 34.243611] [ 34.243611] but task is already holding lock: [ 34.249556] (&p->lock){+.+.}, at: [] seq_read+0xba/0x1120 [ 34.256740] [ 34.256740] which lock already depends on the new lock. [ 34.256740] [ 34.265025] [ 34.265025] the existing dependency chain (in reverse order) is: [ 34.272628] [ 34.272628] -> #3 (&p->lock){+.+.}: [ 34.277729] __mutex_lock+0xc4/0x1310 [ 34.282027] seq_read+0xba/0x1120 [ 34.285974] proc_reg_read+0xee/0x1a0 [ 34.290267] do_iter_read+0x3eb/0x5b0 [ 34.294558] vfs_readv+0xc8/0x120 [ 34.298507] default_file_splice_read+0x418/0x910 [ 34.303839] do_splice_to+0xfb/0x140 [ 34.308057] splice_direct_to_actor+0x207/0x730 [ 34.313216] do_splice_direct+0x164/0x210 [ 34.317856] do_sendfile+0x47f/0xb30 [ 34.322062] SyS_sendfile64+0xff/0x110 [ 34.326441] do_syscall_64+0x1d5/0x640 [ 34.330825] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.336502] [ 34.336502] -> #2 (sb_writers#3){.+.+}: [ 34.341930] __sb_start_write+0x19a/0x2e0 [ 34.346570] mnt_want_write+0x3a/0xb0 [ 34.350877] ovl_create_object+0x75/0x1d0 [ 34.355529] lookup_open+0x77a/0x1750 [ 34.359823] path_openat+0xe08/0x2970 [ 34.364115] do_filp_open+0x179/0x3c0 [ 34.368409] do_sys_open+0x296/0x410 [ 34.372614] do_syscall_64+0x1d5/0x640 [ 34.376992] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.382679] [ 34.382679] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}: [ 34.389412] down_read+0x36/0x80 [ 34.393281] path_openat+0x149b/0x2970 [ 34.397661] do_filp_open+0x179/0x3c0 [ 34.401953] do_open_execat+0xd3/0x450 [ 34.406331] do_execveat_common+0x711/0x1f30 [ 34.411239] SyS_execve+0x3b/0x50 [ 34.415186] do_syscall_64+0x1d5/0x640 [ 34.419568] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.425261] [ 34.425261] -> #0 (&sig->cred_guard_mutex){+.+.}: [ 34.431584] lock_acquire+0x170/0x3f0 [ 34.435892] __mutex_lock+0xc4/0x1310 [ 34.440634] proc_pid_personality+0x48/0x160 [ 34.445536] proc_single_show+0xe7/0x150 [ 34.450088] seq_read+0x4cf/0x1120 [ 34.454123] do_iter_read+0x3eb/0x5b0 [ 34.458434] vfs_readv+0xc8/0x120 [ 34.462394] default_file_splice_read+0x418/0x910 [ 34.467773] do_splice_to+0xfb/0x140 [ 34.472007] splice_direct_to_actor+0x207/0x730 [ 34.477166] do_splice_direct+0x164/0x210 [ 34.481815] do_sendfile+0x47f/0xb30 [ 34.486025] SyS_sendfile64+0xff/0x110 [ 34.490406] do_syscall_64+0x1d5/0x640 [ 34.494806] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.500489] [ 34.500489] other info that might help us debug this: [ 34.500489] [ 34.508613] Chain exists of: [ 34.508613] &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock [ 34.508613] [ 34.519266] Possible unsafe locking scenario: [ 34.519266] [ 34.525296] CPU0 CPU1 [ 34.529933] ---- ---- [ 34.534579] lock(&p->lock); [ 34.537670] lock(sb_writers#3); [ 34.543611] lock(&p->lock); [ 34.549208] lock(&sig->cred_guard_mutex); [ 34.553610] [ 34.553610] *** DEADLOCK *** [ 34.553610] [ 34.559664] 1 lock held by syz-executor057/6340: [ 34.564390] #0: (&p->lock){+.+.}, at: [] seq_read+0xba/0x1120 [ 34.571992] [ 34.571992] stack backtrace: [ 34.576473] CPU: 0 PID: 6340 Comm: syz-executor057 Not tainted 4.14.195-syzkaller #0 [ 34.584333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.593673] Call Trace: [ 34.596240] dump_stack+0x1b2/0x283 [ 34.599845] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 34.605617] __lock_acquire+0x2e0e/0x3f20 [ 34.609748] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 34.614825] ? trace_hardirqs_on+0x10/0x10 [ 34.619033] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 34.624109] ? __lock_acquire+0x5fc/0x3f20 [ 34.628327] lock_acquire+0x170/0x3f0 [ 34.632101] ? proc_pid_personality+0x48/0x160 [ 34.636655] ? proc_pid_personality+0x48/0x160 [ 34.641208] __mutex_lock+0xc4/0x1310 [ 34.644991] ? proc_pid_personality+0x48/0x160 [ 34.649546] ? proc_pid_personality+0x48/0x160 [ 34.654115] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 34.659538] ? get_pid_task+0x91/0x130 [ 34.663399] ? lock_downgrade+0x740/0x740 [ 34.667526] proc_pid_personality+0x48/0x160 [ 34.671922] proc_single_show+0xe7/0x150 [ 34.675956] seq_read+0x4cf/0x1120 [ 34.680254] ? seq_lseek+0x3d0/0x3d0 [ 34.683943] ? security_file_permission+0x82/0x1e0 [ 34.688847] ? rw_verify_area+0xe1/0x2a0 [ 34.693010] do_iter_read+0x3eb/0x5b0 [ 34.696826] vfs_readv+0xc8/0x120 [ 34.700274] ? compat_rw_copy_check_uvector+0x320/0x320 [ 34.705610] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 34.710956] ? push_pipe+0x3cb/0x750 [ 34.714642] ? iov_iter_get_pages_alloc+0x2ae/0xe40 [ 34.719644] ? iov_iter_bvec+0x110/0x110 [ 34.723682] ? iov_iter_pipe+0x93/0x2b0 [ 34.727631] default_file_splice_read+0x418/0x910 [ 34.732450] ? trace_hardirqs_on+0x10/0x10 [ 34.736659] ? do_splice_direct+0x210/0x210 [ 34.740962] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 34.746824] ? trace_hardirqs_on+0x10/0x10 [ 34.751036] ? ima_rdwr_violation_check+0x3a0/0x3a0 [ 34.756025] ? unwind_next_frame+0xe54/0x17d0 [ 34.760494] ? is_bpf_text_address+0x91/0x150 [ 34.764968] ? security_file_permission+0x82/0x1e0 [ 34.769869] ? rw_verify_area+0xe1/0x2a0 [ 34.773913] ? do_splice_direct+0x210/0x210 [ 34.778383] do_splice_to+0xfb/0x140 [ 34.782070] splice_direct_to_actor+0x207/0x730 [ 34.786723] ? generic_pipe_buf_nosteal+0x10/0x10 [ 34.791538] ? do_splice_to+0x140/0x140 [ 34.795508] ? rw_verify_area+0xe1/0x2a0 [ 34.799553] do_splice_direct+0x164/0x210 [ 34.803673] ? splice_direct_to_actor+0x730/0x730 [ 34.808488] ? rw_verify_area+0xe1/0x2a0 [ 34.812521] do_sendfile+0x47f/0xb30 [ 34.816220] ? do_compat_writev+0x180/0x180 [ 34.820516] ? putname+0xcd/0x110 [ 34.823940] ? do_sys_open+0x208/0x410 [ 34.827799] SyS_sendfile64+0xff/0x110 [ 34.831668] ? SyS_sendfile+0x130/0x130 [ 34.835618] ? do_syscall_64+0x4c/0x640 [ 34.839585] ? SyS_sendfile+0x130/0x130 [ 34.843531] do_syscall_64+0x1d5/0x640 [ 34.847408] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.852591] RIP: 0033:0x440579 [ 34.855754] RSP: 002b:00007ffd1cac3ad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 34.863436] RAX: ffffffffffffffda RBX: 0000000000