[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.178' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.734494] [ 34.736154] ====================================================== [ 34.742460] WARNING: possible circular locking dependency detected [ 34.748762] 4.14.175-syzkaller #0 Not tainted [ 34.753249] ------------------------------------------------------ [ 34.759552] syz-executor993/6341 is trying to acquire lock: [ 34.765234] (&sig->cred_guard_mutex){+.+.}, at: [] lock_trace+0x3f/0xc0 [ 34.773660] [ 34.773660] but task is already holding lock: [ 34.779644] (&p->lock){+.+.}, at: [] seq_read+0xba/0x1160 [ 34.786813] [ 34.786813] which lock already depends on the new lock. [ 34.786813] [ 34.795473] [ 34.795473] the existing dependency chain (in reverse order) is: [ 34.803080] [ 34.803080] -> #3 (&p->lock){+.+.}: [ 34.808168] __mutex_lock+0xe8/0x1470 [ 34.812490] seq_read+0xba/0x1160 [ 34.816441] do_iter_read+0x3e3/0x5a0 [ 34.820754] vfs_readv+0xd3/0x130 [ 34.824714] default_file_splice_read+0x41d/0x870 [ 34.830056] do_splice_to+0xfb/0x150 [ 34.834264] splice_direct_to_actor+0x20a/0x730 [ 34.839454] do_splice_direct+0x164/0x210 [ 34.844098] do_sendfile+0x469/0xaf0 [ 34.848306] SyS_sendfile64+0xff/0x110 [ 34.852689] do_syscall_64+0x1d5/0x640 [ 34.857074] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 34.862756] [ 34.862756] -> #2 (sb_writers#3){.+.+}: [ 34.868188] __sb_start_write+0x1a1/0x2e0 [ 34.872834] mnt_want_write+0x3a/0xb0 [ 34.877134] ovl_create_object+0x75/0x1d0 [ 34.881792] lookup_open+0x10e8/0x1750 [ 34.886184] path_openat+0xfc1/0x3c50 [ 34.890487] do_filp_open+0x18e/0x250 [ 34.894850] do_sys_open+0x29d/0x3f0 [ 34.899073] do_syscall_64+0x1d5/0x640 [ 34.903473] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 34.909160] [ 34.909160] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}: [ 34.915904] down_read+0x37/0xa0 [ 34.919808] path_openat+0x185a/0x3c50 [ 34.924196] do_filp_open+0x18e/0x250 [ 34.928545] do_open_execat+0xda/0x430 [ 34.932940] do_execveat_common.isra.0+0x694/0x1c70 [ 34.938455] SyS_execve+0x34/0x40 [ 34.942417] do_syscall_64+0x1d5/0x640 [ 34.946826] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 34.952552] [ 34.952552] -> #0 (&sig->cred_guard_mutex){+.+.}: [ 34.958863] lock_acquire+0x170/0x3f0 [ 34.963173] __mutex_lock+0xe8/0x1470 [ 34.967476] lock_trace+0x3f/0xc0 [ 34.971425] proc_pid_syscall+0x81/0x1f0 [ 34.975991] proc_single_show+0xe7/0x150 [ 34.980559] seq_read+0x4d2/0x1160 [ 34.984602] do_iter_read+0x3e3/0x5a0 [ 34.988946] vfs_readv+0xd3/0x130 [ 34.992901] default_file_splice_read+0x41d/0x870 [ 34.998243] do_splice_to+0xfb/0x150 [ 35.002454] splice_direct_to_actor+0x20a/0x730 [ 35.007645] do_splice_direct+0x164/0x210 [ 35.012351] do_sendfile+0x469/0xaf0 [ 35.016564] SyS_sendfile64+0xff/0x110 [ 35.020992] do_syscall_64+0x1d5/0x640 [ 35.025491] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.031223] [ 35.031223] other info that might help us debug this: [ 35.031223] [ 35.039346] Chain exists of: [ 35.039346] &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock [ 35.039346] [ 35.050034] Possible unsafe locking scenario: [ 35.050034] [ 35.056069] CPU0 CPU1 [ 35.060774] ---- ---- [ 35.065417] lock(&p->lock); [ 35.068553] lock(sb_writers#3); [ 35.074600] lock(&p->lock); [ 35.080205] lock(&sig->cred_guard_mutex); [ 35.084512] [ 35.084512] *** DEADLOCK *** [ 35.084512] [ 35.090574] 2 locks held by syz-executor993/6341: [ 35.095395] #0: (sb_writers#3){.+.+}, at: [] do_sendfile+0x865/0xaf0 [ 35.103628] #1: (&p->lock){+.+.}, at: [] seq_read+0xba/0x1160 [ 35.111236] [ 35.111236] stack backtrace: [ 35.115727] CPU: 0 PID: 6341 Comm: syz-executor993 Not tainted 4.14.175-syzkaller #0 [ 35.123594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.132934] Call Trace: [ 35.135507] dump_stack+0x13e/0x194 [ 35.139122] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 35.144518] __lock_acquire+0x2cb3/0x4620 [ 35.148660] ? trace_hardirqs_on+0x10/0x10 [ 35.152922] ? deref_stack_reg+0x8a/0xc0 [ 35.156968] ? trace_hardirqs_on+0x10/0x10 [ 35.161192] ? save_trace+0x290/0x290 [ 35.164983] lock_acquire+0x170/0x3f0 [ 35.168768] ? lock_trace+0x3f/0xc0 [ 35.172385] ? lock_trace+0x3f/0xc0 [ 35.176044] __mutex_lock+0xe8/0x1470 [ 35.179892] ? lock_trace+0x3f/0xc0 [ 35.183504] ? save_stack+0x89/0xa0 [ 35.187122] ? lock_trace+0x3f/0xc0 [ 35.190777] ? mutex_trylock+0x1a0/0x1a0 [ 35.194827] ? do_splice_to+0xfb/0x150 [ 35.198701] ? splice_direct_to_actor+0x20a/0x730 [ 35.203567] ? do_splice_direct+0x164/0x210 [ 35.207868] ? do_sendfile+0x469/0xaf0 [ 35.211734] ? SyS_sendfile64+0xff/0x110 [ 35.215779] ? do_syscall_64+0x1d5/0x640 [ 35.219818] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.225166] ? save_trace+0x290/0x290 [ 35.228948] ? trace_hardirqs_on+0x10/0x10 [ 35.233166] ? save_trace+0x290/0x290 [ 35.236949] ? lock_trace+0x3f/0xc0 [ 35.240592] lock_trace+0x3f/0xc0 [ 35.244023] proc_pid_syscall+0x81/0x1f0 [ 35.248074] ? mem_read+0x60/0x60 [ 35.251551] ? find_held_lock+0x2d/0x110 [ 35.255639] ? get_pid_task+0x91/0x130 [ 35.259516] ? check_preemption_disabled+0x35/0x240 [ 35.264512] ? lock_downgrade+0x6e0/0x6e0 [ 35.268701] proc_single_show+0xe7/0x150 [ 35.272784] seq_read+0x4d2/0x1160 [ 35.276342] ? selinux_file_permission+0x7a/0x440 [ 35.281163] ? seq_lseek+0x3d0/0x3d0 [ 35.284856] ? security_file_permission+0x82/0x1e0 [ 35.289766] ? rw_verify_area+0xe1/0x2a0 [ 35.293826] do_iter_read+0x3e3/0x5a0 [ 35.297651] vfs_readv+0xd3/0x130 [ 35.301106] ? compat_rw_copy_check_uvector+0x320/0x320 [ 35.306444] ? alloc_pages_current+0xef/0x1e0 [ 35.310917] ? iov_iter_get_pages_alloc+0x2b7/0xe90 [ 35.315913] ? iov_iter_revert+0x980/0x980 [ 35.320122] ? iov_iter_pipe+0x93/0x2b0 [ 35.324073] default_file_splice_read+0x41d/0x870 [ 35.328893] ? save_stack+0x32/0xa0 [ 35.332506] ? kasan_kmalloc+0xbf/0xe0 [ 35.336370] ? __kmalloc+0x15b/0x7c0 [ 35.340061] ? alloc_pipe_info+0x156/0x380 [ 35.344272] ? page_cache_pipe_buf_release+0x210/0x210 [ 35.349543] ? trace_hardirqs_on+0x10/0x10 [ 35.353754] ? fsnotify+0x897/0x1110 [ 35.357445] ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0 [ 35.364127] ? fsnotify+0x1110/0x1110 [ 35.367907] ? __inode_security_revalidate+0xcf/0x120 [ 35.373094] ? avc_policy_seqno+0x5/0x10 [ 35.377145] ? selinux_file_permission+0x7a/0x440 [ 35.382147] ? security_file_permission+0x82/0x1e0 [ 35.387250] ? rw_verify_area+0xe1/0x2a0 [ 35.391294] ? page_cache_pipe_buf_release+0x210/0x210 [ 35.396649] do_splice_to+0xfb/0x150 [ 35.400381] ? alloc_pipe_info+0x2dc/0x380 [ 35.404597] splice_direct_to_actor+0x20a/0x730 [ 35.409287] ? generic_pipe_buf_nosteal+0x10/0x10 [ 35.414125] ? do_splice_to+0x150/0x150 [ 35.418094] ? rw_verify_area+0xe1/0x2a0 [ 35.422138] do_splice_direct+0x164/0x210 [ 35.426264] ? splice_direct_to_actor+0x730/0x730 [ 35.431218] ? rcu_read_lock_sched_held+0x10a/0x130 [ 35.436216] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 35.440963] do_sendfile+0x469/0xaf0 [ 35.444670] ? do_compat_pwritev64+0x140/0x140 [ 35.449234] ? putname+0xcd/0x110 [ 35.452668] ? do_sys_open+0x1fe/0x3f0 [ 35.456548] SyS_sendfile64+0xff/0x110 [ 35.460411] ? SyS_sendfile+0x130/0x130 [ 35.464621] ? do_syscall_64+0x4c/0x640 [ 35.468571] ? SyS_sendfile+0x130/0x130 [ 35.472521] do_syscall_64+0x1d5/0x640 [ 35.476488] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.481656] RIP: 0033:0x440389 [ 35.484824] RSP: 002b:00007fffe