audit: type=1804 audit(1655706007.614:260): pid=31893 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir3769426167/syzkaller.U9PC5z/224/bus" dev="sda1" ino=15438 res=1 audit: type=1804 audit(1655706007.654:261): pid=31899 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3769426167/syzkaller.U9PC5z/224/bus" dev="sda1" ino=15438 res=1 Process accounting resumed ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/31918 is trying to acquire lock: 000000009b3644c8 (&sig->cred_guard_mutex){+.+.}, at: do_io_accounting fs/proc/base.c:2750 [inline] 000000009b3644c8 (&sig->cred_guard_mutex){+.+.}, at: proc_tgid_io_accounting+0x1cf/0x7f0 fs/proc/base.c:2799 but task is already holding lock: 000000004035c0ca (&p->lock){+.+.}, at: seq_read+0x6b/0x11c0 fs/seq_file.c:164 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&p->lock){+.+.}: seq_read+0x6b/0x11c0 fs/seq_file.c:164 proc_reg_read+0x1bd/0x2d0 fs/proc/inode.c:231 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x471/0x630 fs/read_write.c:925 vfs_readv+0xe5/0x150 fs/read_write.c:987 kernel_readv fs/splice.c:362 [inline] default_file_splice_read+0x457/0xa00 fs/splice.c:417 do_splice_to+0x10e/0x160 fs/splice.c:881 splice_direct_to_actor+0x2b9/0x8d0 fs/splice.c:959 do_splice_direct+0x1a7/0x270 fs/splice.c:1068 do_sendfile+0x550/0xc30 fs/read_write.c:1447 __do_sys_sendfile64 fs/read_write.c:1508 [inline] __se_sys_sendfile64+0x147/0x160 fs/read_write.c:1494 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #2 (sb_writers#3){.+.+}: sb_start_write include/linux/fs.h:1579 [inline] mnt_want_write+0x3a/0xb0 fs/namespace.c:360 ovl_create_object+0x96/0x290 fs/overlayfs/dir.c:602 lookup_open+0x893/0x1a20 fs/namei.c:3235 do_last fs/namei.c:3327 [inline] path_openat+0x1094/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (&ovl_i_mutex_dir_key[depth]){++++}: inode_lock_shared include/linux/fs.h:758 [inline] do_last fs/namei.c:3326 [inline] path_openat+0x17ec/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_open_execat+0x11d/0x5b0 fs/exec.c:853 __do_execve_file+0x1a8b/0x2360 fs/exec.c:1770 do_execveat_common fs/exec.c:1879 [inline] do_execve+0x35/0x50 fs/exec.c:1896 __do_sys_execve fs/exec.c:1977 [inline] __se_sys_execve fs/exec.c:1972 [inline] __x64_sys_execve+0x7c/0xa0 fs/exec.c:1972 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&sig->cred_guard_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 do_io_accounting fs/proc/base.c:2750 [inline] proc_tgid_io_accounting+0x1cf/0x7f0 fs/proc/base.c:2799 proc_single_show+0xeb/0x170 fs/proc/base.c:755 seq_read+0x4e0/0x11c0 fs/seq_file.c:232 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x471/0x630 fs/read_write.c:925 vfs_readv+0xe5/0x150 fs/read_write.c:987 do_preadv fs/read_write.c:1071 [inline] __do_sys_preadv fs/read_write.c:1121 [inline] __se_sys_preadv fs/read_write.c:1116 [inline] __x64_sys_preadv+0x22b/0x310 fs/read_write.c:1116 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&p->lock); lock(sb_writers#3); lock(&p->lock); lock(&sig->cred_guard_mutex); *** DEADLOCK *** 1 lock held by syz-executor.0/31918: #0: 000000004035c0ca (&p->lock){+.+.}, at: seq_read+0x6b/0x11c0 fs/seq_file.c:164 stack backtrace: CPU: 0 PID: 31918 Comm: syz-executor.0 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 do_io_accounting fs/proc/base.c:2750 [inline] proc_tgid_io_accounting+0x1cf/0x7f0 fs/proc/base.c:2799 proc_single_show+0xeb/0x170 fs/proc/base.c:755 seq_read+0x4e0/0x11c0 fs/seq_file.c:232 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x471/0x630 fs/read_write.c:925 vfs_readv+0xe5/0x150 fs/read_write.c:987 do_preadv fs/read_write.c:1071 [inline] __do_sys_preadv fs/read_write.c:1121 [inline] __se_sys_preadv fs/read_write.c:1116 [inline] __x64_sys_preadv+0x22b/0x310 fs/read_write.c:1116 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f373db48109 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f373c4bd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 RAX: ffffffffffffffda RBX: 00007f373dc5af60 RCX: 00007f373db48109 RDX: 0000000000000332 RSI: 00000000200017c0 RDI: 0000000000000003 RBP: 00007f373dba205d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffef4ebc1f R14: 00007f373c4bd300 R15: 0000000000022000 overlayfs: unrecognized mount option "workdirþþ!åèÿ)Y9./fi…[1" or missing value ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. SQUASHFS error: squashfs_read_data failed to read block 0x0 squashfs: SQUASHFS error: unable to read squashfs_super_block netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. SQUASHFS error: squashfs_read_data failed to read block 0x0 SQUASHFS error: squashfs_read_data failed to read block 0x0 squashfs: SQUASHFS error: unable to read squashfs_super_block squashfs: SQUASHFS error: unable to read squashfs_super_block netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. SQUASHFS error: squashfs_read_data failed to read block 0x0 SQUASHFS error: squashfs_read_data failed to read block 0x0 squashfs: SQUASHFS error: unable to read squashfs_super_block squashfs: SQUASHFS error: unable to read squashfs_super_block netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. SQUASHFS error: squashfs_read_data failed to read block 0x0 squashfs: SQUASHFS error: unable to read squashfs_super_block netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. SQUASHFS error: squashfs_read_data failed to read block 0x0 squashfs: SQUASHFS error: unable to read squashfs_super_block new mount options do not match the existing superblock, will be ignored SQUASHFS error: squashfs_read_data failed to read block 0x0 squashfs: SQUASHFS error: unable to read squashfs_super_block new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1 new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1 SQUASHFS error: squashfs_read_data failed to read block 0x0 new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: unable to read squashfs_super_block new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1 new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop3 new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1 new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop3 new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1 squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop3 squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1 new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop3 new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1 squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop3 new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1 new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop3 new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1 squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop3 new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: unable to read xattr id index table new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: unable to read xattr id index table new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop3 squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: unable to read xattr id index table new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop3 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: unable to read xattr id index table new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 squashfs: SQUASHFS error: unable to read xattr id index table squashfs: SQUASHFS error: unable to read xattr id index table new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: unable to read xattr id index table squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: unable to read xattr id index table new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: unable to read xattr id index table new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 squashfs: SQUASHFS error: unable to read xattr id index table squashfs: SQUASHFS error: unable to read xattr id index table new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 squashfs: SQUASHFS error: unable to read xattr id index table squashfs: SQUASHFS error: unable to read xattr id index table new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 squashfs: SQUASHFS error: unable to read xattr id index table squashfs: SQUASHFS error: unable to read xattr id index table squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 squashfs: SQUASHFS error: unable to read xattr id index table squashfs: SQUASHFS error: unable to read xattr id index table squashfs: SQUASHFS error: unable to read xattr id index table squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 squashfs: SQUASHFS error: unable to read xattr id index table squashfs: SQUASHFS error: unable to read xattr id index table squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: unable to read xattr id index table new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: unable to read xattr id index table squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: unable to read xattr id index table squashfs: SQUASHFS error: unable to read xattr id index table squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: unable to read xattr id index table new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: unable to read xattr id index table squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: unable to read xattr id index table new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored squashfs: SQUASHFS error: unable to read xattr id index table