
Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   34.421050] audit: type=1400 audit(1593753365.355:8): avc:  denied  { execmem } for  pid=6345 comm="syz-executor529" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   34.447742] 
[   34.449373] ======================================================
[   34.455698] WARNING: possible circular locking dependency detected
[   34.462003] 4.14.184-syzkaller #0 Not tainted
[   34.466465] ------------------------------------------------------
[   34.472751] syz-executor529/6345 is trying to acquire lock:
[   34.478427]  (&sig->cred_guard_mutex){+.+.}, at: [<ffffffff81a44af7>] do_io_accounting+0x1c7/0x760
[   34.487502] 
[   34.487502] but task is already holding lock:
[   34.493443]  (&p->lock){+.+.}, at: [<ffffffff8193189a>] seq_read+0xba/0x1130
[   34.500609] 
[   34.500609] which lock already depends on the new lock.
[   34.500609] 
[   34.508894] 
[   34.508894] the existing dependency chain (in reverse order) is:
[   34.516484] 
[   34.516484] -> #3 (&p->lock){+.+.}:
[   34.521581]        __mutex_lock+0xe8/0x1430
[   34.525885]        seq_read+0xba/0x1130
[   34.529831]        proc_reg_read+0xf2/0x160
[   34.534122]        do_iter_read+0x3e3/0x5a0
[   34.538423]        vfs_readv+0xd3/0x130
[   34.542388]        default_file_splice_read+0x41d/0x870
[   34.547724]        do_splice_to+0xfb/0x150
[   34.551936]        splice_direct_to_actor+0x20a/0x730
[   34.557112]        do_splice_direct+0x164/0x210
[   34.561750]        do_sendfile+0x469/0xaf0
[   34.565962]        SyS_sendfile64+0xff/0x110
[   34.570349]        do_syscall_64+0x1d5/0x640
[   34.574729]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.580424] 
[   34.580424] -> #2 (sb_writers#3){.+.+}:
[   34.585863]        __sb_start_write+0x1a1/0x2e0
[   34.590502]        mnt_want_write+0x3a/0xb0
[   34.594792]        ovl_create_object+0x75/0x1d0
[   34.599441]        lookup_open+0x756/0x1700
[   34.603743]        path_openat+0xddf/0x2aa0
[   34.608045]        do_filp_open+0x18e/0x250
[   34.612344]        do_sys_open+0x292/0x3e0
[   34.616553]        do_syscall_64+0x1d5/0x640
[   34.620933]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.626622] 
[   34.626622] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}:
[   34.633353]        down_read+0x37/0xa0
[   34.637227]        path_openat+0x148c/0x2aa0
[   34.641618]        do_filp_open+0x18e/0x250
[   34.645910]        do_open_execat+0xda/0x440
[   34.650299]        do_execveat_common.isra.0+0x680/0x1c50
[   34.655805]        SyS_execve+0x34/0x40
[   34.659754]        do_syscall_64+0x1d5/0x640
[   34.664133]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.669826] 
[   34.669826] -> #0 (&sig->cred_guard_mutex){+.+.}:
[   34.676138]        lock_acquire+0x170/0x3f0
[   34.680440]        __mutex_lock+0xe8/0x1430
[   34.684734]        do_io_accounting+0x1c7/0x760
[   34.689372]        proc_single_show+0xe7/0x150
[   34.693938]        seq_read+0x4d2/0x1130
[   34.697979]        do_iter_read+0x3e3/0x5a0
[   34.702278]        vfs_readv+0xd3/0x130
[   34.706223]        do_preadv+0x161/0x200
[   34.710264]        do_syscall_64+0x1d5/0x640
[   34.714646]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.720333] 
[   34.720333] other info that might help us debug this:
[   34.720333] 
[   34.728443] Chain exists of:
[   34.728443]   &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock
[   34.728443] 
[   34.739081]  Possible unsafe locking scenario:
[   34.739081] 
[   34.745108]        CPU0                    CPU1
[   34.749788]        ----                    ----
[   34.754425]   lock(&p->lock);
[   34.757500]                                lock(sb_writers#3);
[   34.763441]                                lock(&p->lock);
[   34.769047]   lock(&sig->cred_guard_mutex);
[   34.773348] 
[   34.773348]  *** DEADLOCK ***
[   34.773348] 
[   34.779378] 1 lock held by syz-executor529/6345:
[   34.784113]  #0:  (&p->lock){+.+.}, at: [<ffffffff8193189a>] seq_read+0xba/0x1130
[   34.791718] 
[   34.791718] stack backtrace:
[   34.796195] CPU: 0 PID: 6345 Comm: syz-executor529 Not tainted 4.14.184-syzkaller #0
[   34.804161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.813487] Call Trace:
[   34.816053]  dump_stack+0x1b2/0x283
[   34.819664]  print_circular_bug.isra.0.cold+0x2dc/0x425
[   34.825002]  __lock_acquire+0x3057/0x42a0
[   34.829124]  ? trace_hardirqs_on+0x10/0x10
[   34.833330]  ? lock_downgrade+0x6e0/0x6e0
[   34.837462]  ? depot_save_stack+0x1dd/0x401
[   34.841760]  ? _raw_spin_unlock_irqrestore+0x79/0xe0
[   34.846836]  lock_acquire+0x170/0x3f0
[   34.850621]  ? do_io_accounting+0x1c7/0x760
[   34.854930]  ? do_io_accounting+0x1c7/0x760
[   34.859221]  __mutex_lock+0xe8/0x1430
[   34.863005]  ? do_io_accounting+0x1c7/0x760
[   34.867308]  ? kasan_kmalloc.part.0+0x4f/0xd0
[   34.871785]  ? __kmalloc_node+0x4c/0x70
[   34.875729]  ? do_io_accounting+0x1c7/0x760
[   34.880024]  ? do_iter_read+0x3e3/0x5a0
[   34.883971]  ? vfs_readv+0xd3/0x130
[   34.887564]  ? do_preadv+0x161/0x200
[   34.891251]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.896595]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[   34.902019]  ? trace_hardirqs_on+0x10/0x10
[   34.906228]  ? seq_read+0xba/0x1130
[   34.909857]  ? __mutex_lock+0x2cb/0x1430
[   34.913890]  ? do_syscall_64+0x1d5/0x640
[   34.917969]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.923310]  ? fs_reclaim_acquire+0x10/0x10
[   34.927607]  ? do_io_accounting+0x1c7/0x760
[   34.931915]  do_io_accounting+0x1c7/0x760
[   34.936051]  ? lock_downgrade+0x6e0/0x6e0
[   34.940169]  ? proc_uid_map_open+0x30/0x30
[   34.945072]  proc_single_show+0xe7/0x150
[   34.949143]  seq_read+0x4d2/0x1130
[   34.952671]  ? seq_lseek+0x3d0/0x3d0
[   34.956407]  ? security_file_permission+0x82/0x1e0
[   34.961319]  ? rw_verify_area+0xe1/0x290
[   34.965369]  do_iter_read+0x3e3/0x5a0
[   34.969147]  ? lock_downgrade+0x6e0/0x6e0
[   34.973275]  vfs_readv+0xd3/0x130
[   34.976710]  ? compat_rw_copy_check_uvector+0x320/0x320
[   34.982043]  ? debug_check_no_obj_freed+0x27c/0x5fd
[   34.987032]  ? __fd_install+0x227/0x5c0
[   34.990976]  ? putname+0xcd/0x110
[   34.994402]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   34.999917]  ? putname+0xcd/0x110
[   35.003342]  ? rcu_read_lock_sched_held+0x10a/0x130
[   35.008339]  ? kmem_cache_free+0x23a/0x2b0
[   35.012544]  ? putname+0xcd/0x110
[   35.015993]  do_preadv+0x161/0x200
[   35.019941]  ? do_readv+0x2c0/0x2c0
[   35.023539]  ? SyS_sendfile+0x130/0x130
[   35.027495]  ? do_syscall_64+0x4c/0x640
[   35.031450]  ? SyS_writev+0x30/0x30
[   35.035050]  do_syscall_64+0x1d5/0x640
[   35.038912]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   35.044076] RIP: 0033:0x440539
[   35.047235] RSP: 002b:00007fffc15cd428 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[   35.054920] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440539
[   35.062248] RDX: 00000000000003da RSI: 00000000200017c0 RDI: 0000000000000006
[   35.069489] RBP: 00000000006cb018 R08: 0000000000