[ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.492425] [ 27.494287] ====================================================== [ 27.500674] WARNING: possible circular locking dependency detected [ 27.506970] 4.14.232-syzkaller #0 Not tainted [ 27.511438] ------------------------------------------------------ [ 27.517736] syz-executor612/7953 is trying to acquire lock: [ 27.523504] (&sig->cred_guard_mutex){+.+.}, at: [] proc_tgid_io_accounting+0x1b9/0x7a0 [ 27.533287] [ 27.533287] but task is already holding lock: [ 27.539327] (&p->lock){+.+.}, at: [] seq_read+0xba/0x1120 [ 27.546496] [ 27.546496] which lock already depends on the new lock. [ 27.546496] [ 27.554783] [ 27.554783] the existing dependency chain (in reverse order) is: [ 27.562377] [ 27.562377] -> #3 (&p->lock){+.+.}: [ 27.567576] __mutex_lock+0xc4/0x1310 [ 27.571872] seq_read+0xba/0x1120 [ 27.575821] do_iter_read+0x3eb/0x5b0 [ 27.580135] vfs_readv+0xc8/0x120 [ 27.584088] default_file_splice_read+0x418/0x910 [ 27.589429] do_splice_to+0xfb/0x140 [ 27.593637] splice_direct_to_actor+0x207/0x730 [ 27.598819] do_splice_direct+0x164/0x210 [ 27.603466] do_sendfile+0x47f/0xb30 [ 27.607676] SyS_sendfile64+0xff/0x110 [ 27.612065] do_syscall_64+0x1d5/0x640 [ 27.616466] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.622169] [ 27.622169] -> #2 (sb_writers#3){.+.+}: [ 27.627602] __sb_start_write+0x64/0x260 [ 27.632185] mnt_want_write+0x3a/0xb0 [ 27.636482] ovl_create_object+0x75/0x1d0 [ 27.641140] lookup_open+0x77a/0x1750 [ 27.645436] path_openat+0xe08/0x2970 [ 27.649753] do_filp_open+0x179/0x3c0 [ 27.654050] do_sys_open+0x296/0x410 [ 27.658259] do_syscall_64+0x1d5/0x640 [ 27.662645] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.668415] [ 27.668415] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}: [ 27.675165] down_read+0x36/0x80 [ 27.679742] path_openat+0x149b/0x2970 [ 27.684126] do_filp_open+0x179/0x3c0 [ 27.688420] do_open_execat+0xd3/0x450 [ 27.692801] do_execveat_common+0x711/0x1f30 [ 27.697700] SyS_execve+0x3b/0x50 [ 27.701648] do_syscall_64+0x1d5/0x640 [ 27.706067] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.711855] [ 27.711855] -> #0 (&sig->cred_guard_mutex){+.+.}: [ 27.718172] lock_acquire+0x170/0x3f0 [ 27.722519] __mutex_lock+0xc4/0x1310 [ 27.726814] proc_tgid_io_accounting+0x1b9/0x7a0 [ 27.732106] proc_single_show+0xe7/0x150 [ 27.736665] seq_read+0x4cf/0x1120 [ 27.740698] do_iter_read+0x3eb/0x5b0 [ 27.744997] vfs_readv+0xc8/0x120 [ 27.748950] default_file_splice_read+0x418/0x910 [ 27.754308] do_splice_to+0xfb/0x140 [ 27.758531] splice_direct_to_actor+0x207/0x730 [ 27.763698] do_splice_direct+0x164/0x210 [ 27.768356] do_sendfile+0x47f/0xb30 [ 27.772578] SyS_sendfile64+0xff/0x110 [ 27.776961] do_syscall_64+0x1d5/0x640 [ 27.781346] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.787040] [ 27.787040] other info that might help us debug this: [ 27.787040] [ 27.795156] Chain exists of: [ 27.795156] &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock [ 27.795156] [ 27.805806] Possible unsafe locking scenario: [ 27.805806] [ 27.811853] CPU0 CPU1 [ 27.816498] ---- ---- [ 27.821136] lock(&p->lock); [ 27.824214] lock(sb_writers#3); [ 27.830169] lock(&p->lock); [ 27.835774] lock(&sig->cred_guard_mutex); [ 27.840191] [ 27.840191] *** DEADLOCK *** [ 27.840191] [ 27.846268] 2 locks held by syz-executor612/7953: [ 27.851082] #0: (sb_writers#3){.+.+}, at: [] do_sendfile+0x84f/0xb30 [ 27.859381] #1: (&p->lock){+.+.}, at: [] seq_read+0xba/0x1120 [ 27.866985] [ 27.866985] stack backtrace: [ 27.871459] CPU: 1 PID: 7953 Comm: syz-executor612 Not tainted 4.14.232-syzkaller #0 [ 27.879325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.888670] Call Trace: [ 27.891239] dump_stack+0x1b2/0x281 [ 27.894840] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 27.900611] __lock_acquire+0x2e0e/0x3f20 [ 27.904739] ? trace_hardirqs_on+0x10/0x10 [ 27.908972] ? mark_held_locks+0xa6/0xf0 [ 27.913032] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 27.918119] ? depot_save_stack+0x1d3/0x3f0 [ 27.922429] lock_acquire+0x170/0x3f0 [ 27.926219] ? proc_tgid_io_accounting+0x1b9/0x7a0 [ 27.931121] ? proc_tgid_io_accounting+0x1b9/0x7a0 [ 27.936059] __mutex_lock+0xc4/0x1310 [ 27.939858] ? proc_tgid_io_accounting+0x1b9/0x7a0 [ 27.944778] ? do_splice_direct+0x164/0x210 [ 27.949095] ? SyS_sendfile64+0xff/0x110 [ 27.953134] ? do_syscall_64+0x1d5/0x640 [ 27.957186] ? proc_tgid_io_accounting+0x1b9/0x7a0 [ 27.962096] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 27.967520] ? trace_hardirqs_on+0x10/0x10 [ 27.971735] ? seq_read+0xba/0x1120 [ 27.975340] ? fs_reclaim_release+0xd0/0x110 [ 27.979722] proc_tgid_io_accounting+0x1b9/0x7a0 [ 27.984455] ? proc_uid_map_open+0x30/0x30 [ 27.988662] proc_single_show+0xe7/0x150 [ 27.992784] seq_read+0x4cf/0x1120 [ 27.996298] ? seq_lseek+0x3d0/0x3d0 [ 27.999986] ? security_file_permission+0x82/0x1e0 [ 28.004902] ? rw_verify_area+0xe1/0x2a0 [ 28.008936] do_iter_read+0x3eb/0x5b0 [ 28.012726] vfs_readv+0xc8/0x120 [ 28.016153] ? compat_rw_copy_check_uvector+0x320/0x320 [ 28.021508] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 28.026768] ? push_pipe+0x3cb/0x750 [ 28.030474] ? iov_iter_get_pages_alloc+0x2ae/0xf00 [ 28.035570] ? iov_iter_bvec+0x110/0x110 [ 28.039615] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 28.044793] ? depot_save_stack+0x1d3/0x3f0 [ 28.049089] ? iov_iter_pipe+0x93/0x2b0 [ 28.053041] default_file_splice_read+0x418/0x910 [ 28.057866] ? lock_downgrade+0x740/0x740 [ 28.061990] ? do_splice_direct+0x210/0x210 [ 28.066290] ? trace_hardirqs_on+0x10/0x10 [ 28.070502] ? trace_hardirqs_on+0x10/0x10 [ 28.074714] ? fsnotify+0x974/0x11b0 [ 28.078407] ? security_file_permission+0x82/0x1e0 [ 28.083454] ? rw_verify_area+0xe1/0x2a0 [ 28.087497] ? do_splice_direct+0x210/0x210 [ 28.091856] do_splice_to+0xfb/0x140 [ 28.095547] splice_direct_to_actor+0x207/0x730 [ 28.100229] ? common_file_perm+0x3ee/0x580 [ 28.104531] ? generic_pipe_buf_nosteal+0x10/0x10 [ 28.109348] ? do_splice_to+0x140/0x140 [ 28.113299] ? rw_verify_area+0xe1/0x2a0 [ 28.117333] do_splice_direct+0x164/0x210 [ 28.121455] ? splice_direct_to_actor+0x730/0x730 [ 28.126347] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 28.131384] do_sendfile+0x47f/0xb30 [ 28.135074] ? do_compat_writev+0x180/0x180 [ 28.139372] ? putname+0xcd/0x110 [ 28.142804] ? do_sys_open+0x208/0x410 [ 28.146668] SyS_sendfile64+0xff/0x110 [ 28.150531] ? SyS_sendfile+0x130/0x130 [ 28.154481] ? do_syscall_64+0x4c/0x640 [ 28.158443] ? SyS_sendfile+0x130/0x130 [ 28.162566] do_syscall_64+0x1d5/0x640 [ 28.166484] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.171739] RIP: 0033:0x43f239 [ 28.174902] RSP: 002b:00007fff55c1dd68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 28.182716] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f239 [ 28.189976] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0