Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.421050] audit: type=1400 audit(1593753365.355:8): avc: denied { execmem } for pid=6345 comm="syz-executor529" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 34.447742] [ 34.449373] ====================================================== [ 34.455698] WARNING: possible circular locking dependency detected [ 34.462003] 4.14.184-syzkaller #0 Not tainted [ 34.466465] ------------------------------------------------------ [ 34.472751] syz-executor529/6345 is trying to acquire lock: [ 34.478427] (&sig->cred_guard_mutex){+.+.}, at: [] do_io_accounting+0x1c7/0x760 [ 34.487502] [ 34.487502] but task is already holding lock: [ 34.493443] (&p->lock){+.+.}, at: [] seq_read+0xba/0x1130 [ 34.500609] [ 34.500609] which lock already depends on the new lock. [ 34.500609] [ 34.508894] [ 34.508894] the existing dependency chain (in reverse order) is: [ 34.516484] [ 34.516484] -> #3 (&p->lock){+.+.}: [ 34.521581] __mutex_lock+0xe8/0x1430 [ 34.525885] seq_read+0xba/0x1130 [ 34.529831] proc_reg_read+0xf2/0x160 [ 34.534122] do_iter_read+0x3e3/0x5a0 [ 34.538423] vfs_readv+0xd3/0x130 [ 34.542388] default_file_splice_read+0x41d/0x870 [ 34.547724] do_splice_to+0xfb/0x150 [ 34.551936] splice_direct_to_actor+0x20a/0x730 [ 34.557112] do_splice_direct+0x164/0x210 [ 34.561750] do_sendfile+0x469/0xaf0 [ 34.565962] SyS_sendfile64+0xff/0x110 [ 34.570349] do_syscall_64+0x1d5/0x640 [ 34.574729] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.580424] [ 34.580424] -> #2 (sb_writers#3){.+.+}: [ 34.585863] __sb_start_write+0x1a1/0x2e0 [ 34.590502] mnt_want_write+0x3a/0xb0 [ 34.594792] ovl_create_object+0x75/0x1d0 [ 34.599441] lookup_open+0x756/0x1700 [ 34.603743] path_openat+0xddf/0x2aa0 [ 34.608045] do_filp_open+0x18e/0x250 [ 34.612344] do_sys_open+0x292/0x3e0 [ 34.616553] do_syscall_64+0x1d5/0x640 [ 34.620933] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.626622] [ 34.626622] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}: [ 34.633353] down_read+0x37/0xa0 [ 34.637227] path_openat+0x148c/0x2aa0 [ 34.641618] do_filp_open+0x18e/0x250 [ 34.645910] do_open_execat+0xda/0x440 [ 34.650299] do_execveat_common.isra.0+0x680/0x1c50 [ 34.655805] SyS_execve+0x34/0x40 [ 34.659754] do_syscall_64+0x1d5/0x640 [ 34.664133] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.669826] [ 34.669826] -> #0 (&sig->cred_guard_mutex){+.+.}: [ 34.676138] lock_acquire+0x170/0x3f0 [ 34.680440] __mutex_lock+0xe8/0x1430 [ 34.684734] do_io_accounting+0x1c7/0x760 [ 34.689372] proc_single_show+0xe7/0x150 [ 34.693938] seq_read+0x4d2/0x1130 [ 34.697979] do_iter_read+0x3e3/0x5a0 [ 34.702278] vfs_readv+0xd3/0x130 [ 34.706223] do_preadv+0x161/0x200 [ 34.710264] do_syscall_64+0x1d5/0x640 [ 34.714646] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.720333] [ 34.720333] other info that might help us debug this: [ 34.720333] [ 34.728443] Chain exists of: [ 34.728443] &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock [ 34.728443] [ 34.739081] Possible unsafe locking scenario: [ 34.739081] [ 34.745108] CPU0 CPU1 [ 34.749788] ---- ---- [ 34.754425] lock(&p->lock); [ 34.757500] lock(sb_writers#3); [ 34.763441] lock(&p->lock); [ 34.769047] lock(&sig->cred_guard_mutex); [ 34.773348] [ 34.773348] *** DEADLOCK *** [ 34.773348] [ 34.779378] 1 lock held by syz-executor529/6345: [ 34.784113] #0: (&p->lock){+.+.}, at: [] seq_read+0xba/0x1130 [ 34.791718] [ 34.791718] stack backtrace: [ 34.796195] CPU: 0 PID: 6345 Comm: syz-executor529 Not tainted 4.14.184-syzkaller #0 [ 34.804161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.813487] Call Trace: [ 34.816053] dump_stack+0x1b2/0x283 [ 34.819664] print_circular_bug.isra.0.cold+0x2dc/0x425 [ 34.825002] __lock_acquire+0x3057/0x42a0 [ 34.829124] ? trace_hardirqs_on+0x10/0x10 [ 34.833330] ? lock_downgrade+0x6e0/0x6e0 [ 34.837462] ? depot_save_stack+0x1dd/0x401 [ 34.841760] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 34.846836] lock_acquire+0x170/0x3f0 [ 34.850621] ? do_io_accounting+0x1c7/0x760 [ 34.854930] ? do_io_accounting+0x1c7/0x760 [ 34.859221] __mutex_lock+0xe8/0x1430 [ 34.863005] ? do_io_accounting+0x1c7/0x760 [ 34.867308] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 34.871785] ? __kmalloc_node+0x4c/0x70 [ 34.875729] ? do_io_accounting+0x1c7/0x760 [ 34.880024] ? do_iter_read+0x3e3/0x5a0 [ 34.883971] ? vfs_readv+0xd3/0x130 [ 34.887564] ? do_preadv+0x161/0x200 [ 34.891251] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.896595] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 34.902019] ? trace_hardirqs_on+0x10/0x10 [ 34.906228] ? seq_read+0xba/0x1130 [ 34.909857] ? __mutex_lock+0x2cb/0x1430 [ 34.913890] ? do_syscall_64+0x1d5/0x640 [ 34.917969] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.923310] ? fs_reclaim_acquire+0x10/0x10 [ 34.927607] ? do_io_accounting+0x1c7/0x760 [ 34.931915] do_io_accounting+0x1c7/0x760 [ 34.936051] ? lock_downgrade+0x6e0/0x6e0 [ 34.940169] ? proc_uid_map_open+0x30/0x30 [ 34.945072] proc_single_show+0xe7/0x150 [ 34.949143] seq_read+0x4d2/0x1130 [ 34.952671] ? seq_lseek+0x3d0/0x3d0 [ 34.956407] ? security_file_permission+0x82/0x1e0 [ 34.961319] ? rw_verify_area+0xe1/0x290 [ 34.965369] do_iter_read+0x3e3/0x5a0 [ 34.969147] ? lock_downgrade+0x6e0/0x6e0 [ 34.973275] vfs_readv+0xd3/0x130 [ 34.976710] ? compat_rw_copy_check_uvector+0x320/0x320 [ 34.982043] ? debug_check_no_obj_freed+0x27c/0x5fd [ 34.987032] ? __fd_install+0x227/0x5c0 [ 34.990976] ? putname+0xcd/0x110 [ 34.994402] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 34.999917] ? putname+0xcd/0x110 [ 35.003342] ? rcu_read_lock_sched_held+0x10a/0x130 [ 35.008339] ? kmem_cache_free+0x23a/0x2b0 [ 35.012544] ? putname+0xcd/0x110 [ 35.015993] do_preadv+0x161/0x200 [ 35.019941] ? do_readv+0x2c0/0x2c0 [ 35.023539] ? SyS_sendfile+0x130/0x130 [ 35.027495] ? do_syscall_64+0x4c/0x640 [ 35.031450] ? SyS_writev+0x30/0x30 [ 35.035050] do_syscall_64+0x1d5/0x640 [ 35.038912] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 35.044076] RIP: 0033:0x440539 [ 35.047235] RSP: 002b:00007fffc15cd428 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 35.054920] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440539 [ 35.062248] RDX: 00000000000003da RSI: 00000000200017c0 RDI: 0000000000000006 [ 35.069489] RBP: 00000000006cb018 R08: 0000000000