Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts.
executing program
[ 53.517997] audit: type=1400 audit(1560431785.190:36): avc: denied { map } for pid=7516 comm="syz-executor499" path="/root/syz-executor499006658" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 53.529014]
[ 53.545922] ======================================================
[ 53.552244] WARNING: possible circular locking dependency detected
[ 53.558653] 4.19.50 #22 Not tainted
[ 53.562273] ------------------------------------------------------
[ 53.568591] syz-executor499/7516 is trying to acquire lock:
[ 53.574295] 0000000022e241f1 (&sig->cred_guard_mutex){+.+.}, at: do_io_accounting+0x1f4/0x830
[ 53.582956]
[ 53.582956] but task is already holding lock:
[ 53.588925] 000000001d704e75 (&p->lock){+.+.}, at: seq_read+0x71/0x1110
[ 53.595694]
[ 53.595694] which lock already depends on the new lock.
[ 53.595694]
[ 53.603996]
[ 53.603996] the existing dependency chain (in reverse order) is:
[ 53.611597]
[ 53.611597] -> #3 (&p->lock){+.+.}:
[ 53.616719] __mutex_lock+0xf7/0x1300
[ 53.621022] mutex_lock_nested+0x16/0x20
[ 53.625600] seq_read+0x71/0x1110
[ 53.629554] do_iter_read+0x490/0x640
[ 53.633854] vfs_readv+0xf0/0x160
[ 53.637808] default_file_splice_read+0x478/0x890
[ 53.643263] do_splice_to+0x127/0x180
[ 53.647601] splice_direct_to_actor+0x256/0x890
[ 53.652806] do_splice_direct+0x1da/0x2a0
[ 53.657454] do_sendfile+0x597/0xce0
[ 53.661670] __x64_sys_sendfile64+0x1dd/0x220
[ 53.666690] do_syscall_64+0xfd/0x620
[ 53.670994] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 53.676679]
[ 53.676679] -> #2 (sb_writers#4){.+.+}:
[ 53.682146] __sb_start_write+0x20b/0x360
[ 53.686801] mnt_want_write+0x3f/0xc0
[ 53.691122] ovl_want_write+0x76/0xa0
[ 53.695429] ovl_xattr_set+0x53/0x5b0
[ 53.699729] ovl_posix_acl_xattr_set+0x33a/0x9a0
[ 53.704985] __vfs_setxattr+0x11f/0x180
[ 53.709460] __vfs_setxattr_noperm+0x11c/0x410
[ 53.714629] vfs_setxattr+0xda/0x100
[ 53.718852] setxattr+0x26f/0x380
[ 53.722807] path_setxattr+0x197/0x1b0
[ 53.727196] __x64_sys_setxattr+0xc4/0x150
[ 53.731933] do_syscall_64+0xfd/0x620
[ 53.736235] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 53.741923]
[ 53.741923] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}:
[ 53.748683] down_read+0x3b/0xb0
[ 53.752554] path_openat+0x1e77/0x4690
[ 53.756940] do_filp_open+0x1a1/0x280
[ 53.761259] do_open_execat+0x140/0x660
[ 53.765752] __do_execve_file.isra.0+0x15a4/0x2150
[ 53.771182] __x64_sys_execveat+0xed/0x130
[ 53.775937] do_syscall_64+0xfd/0x620
[ 53.780242] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 53.786149]
[ 53.786149] -> #0 (&sig->cred_guard_mutex){+.+.}:
[ 53.792473] lock_acquire+0x16f/0x3f0
[ 53.796783] __mutex_lock+0xf7/0x1300
[ 53.801084] mutex_lock_killable_nested+0x16/0x20
[ 53.806441] do_io_accounting+0x1f4/0x830
[ 53.811091] proc_tid_io_accounting+0x20/0x30
[ 53.816086] proc_single_show+0xf0/0x180
[ 53.820649] seq_read+0x4ca/0x1110
[ 53.824696] do_iter_read+0x490/0x640
[ 53.829015] vfs_readv+0xf0/0x160
[ 53.832991] default_file_splice_read+0x478/0x890
[ 53.838353] do_splice_to+0x127/0x180
[ 53.842660] splice_direct_to_actor+0x256/0x890
[ 53.847828] do_splice_direct+0x1da/0x2a0
[ 53.852477] do_sendfile+0x597/0xce0
[ 53.856691] __x64_sys_sendfile64+0x1dd/0x220
[ 53.861690] do_syscall_64+0xfd/0x620
[ 53.865991] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 53.871676]
[ 53.871676] other info that might help us debug this:
[ 53.871676]
[ 53.879816] Chain exists of:
[ 53.879816] &sig->cred_guard_mutex --> sb_writers#4 --> &p->lock
[ 53.879816]
[ 53.890475] Possible unsafe locking scenario:
[ 53.890475]
[ 53.896511] CPU0 CPU1
[ 53.901153] ---- ----
[ 53.905796] lock(&p->lock);
[ 53.908896] lock(sb_writers#4);
[ 53.914880] lock(&p->lock);
[ 53.920489] lock(&sig->cred_guard_mutex);
[ 53.924788]
[ 53.924788] *** DEADLOCK ***
[ 53.924788]
[ 53.930845] 2 locks held by syz-executor499/7516:
[ 53.935662] #0: 000000009e00f5b3 (sb_writers#4){.+.+}, at: do_sendfile+0x9b9/0xce0
[ 53.943473] #1: 000000001d704e75 (&p->lock){+.+.}, at: seq_read+0x71/0x1110
[ 53.950650]
[ 53.950650] stack backtrace:
[ 53.955130] CPU: 0 PID: 7516 Comm: syz-executor499 Not tainted 4.19.50 #22
[ 53.962121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 53.971456] Call Trace:
[ 53.974037] dump_stack+0x172/0x1f0
[ 53.977651] print_circular_bug.isra.0.cold+0x1cc/0x28f
[ 53.983094] __lock_acquire+0x2e6d/0x48f0
[ 53.987229] ? mark_held_locks+0x100/0x100
[ 53.991450] ? depot_save_stack+0x1de/0x460
[ 53.995752] ? find_held_lock+0x35/0x130
[ 53.999797] ? depot_save_stack+0x1de/0x460
[ 54.004102] ? __lock_is_held+0xb6/0x140
[ 54.008148] ? do_io_accounting+0x1f4/0x830
[ 54.012467] lock_acquire+0x16f/0x3f0
[ 54.016248] ? do_io_accounting+0x1f4/0x830
[ 54.020554] ? do_io_accounting+0x1f4/0x830
[ 54.024872] __mutex_lock+0xf7/0x1300
[ 54.028672] ? do_io_accounting+0x1f4/0x830
[ 54.032974] ? __lock_acquire+0x6eb/0x48f0
[ 54.037189] ? do_io_accounting+0x1f4/0x830
[ 54.041495] ? kasan_kmalloc+0xce/0xf0
[ 54.045359] ? __kmalloc_node+0x51/0x80
[ 54.049328] ? seq_read+0x817/0x1110
[ 54.053020] ? vfs_readv+0xf0/0x160
[ 54.056627] ? mutex_trylock+0x1e0/0x1e0
[ 54.060670] ? do_splice_direct+0x1da/0x2a0
[ 54.064977] ? mark_held_locks+0x100/0x100
[ 54.069193] ? __lock_is_held+0xb6/0x140
[ 54.073241] mutex_lock_killable_nested+0x16/0x20
[ 54.078067] ? mutex_lock_killable_nested+0x16/0x20
[ 54.083074] do_io_accounting+0x1f4/0x830
[ 54.087208] ? proc_pid_stack+0x2c0/0x2c0
[ 54.091339] ? kasan_check_read+0x11/0x20
[ 54.095466] proc_tid_io_accounting+0x20/0x30
[ 54.099944] proc_single_show+0xf0/0x180
[ 54.103985] seq_read+0x4ca/0x1110
[ 54.107509] do_iter_read+0x490/0x640
[ 54.111292] ? dup_iter+0x280/0x280
[ 54.114902] vfs_readv+0xf0/0x160
[ 54.118339] ? compat_rw_copy_check_uvector+0x3f0/0x3f0
[ 54.123689] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 54.129208] ? push_pipe+0x417/0x7a0
[ 54.132905] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 54.138427] ? iov_iter_revert+0xa50/0xa50
[ 54.142696] ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 54.147784] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 54.152797] ? iov_iter_pipe+0xbe/0x2f0
[ 54.156759] default_file_splice_read+0x478/0x890
[ 54.161584] ? save_stack+0x45/0xd0
[ 54.165289] ? kasan_kmalloc+0xce/0xf0
[ 54.169159] ? __kmalloc+0x15d/0x750
[ 54.172857] ? iter_file_splice_write+0xbd0/0xbd0
[ 54.177693] ? mark_held_locks+0x100/0x100
[ 54.181940] ? __lock_is_held+0xb6/0x140
[ 54.186003] ? fsnotify+0x8ba/0xf00
[ 54.189632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 54.195166] ? fsnotify_first_mark+0x210/0x210
[ 54.199735] ? __inode_security_revalidate+0xda/0x120
[ 54.204904] ? avc_policy_seqno+0xd/0x70
[ 54.208944] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 54.213948] ? security_file_permission+0x89/0x230
[ 54.218860] ? iter_file_splice_write+0xbd0/0xbd0
[ 54.223687] do_splice_to+0x127/0x180
[ 54.227470] splice_direct_to_actor+0x256/0x890
[ 54.232120] ? generic_pipe_buf_nosteal+0x10/0x10
[ 54.236947] ? do_splice_to+0x180/0x180
[ 54.240906] ? security_file_permission+0x89/0x230
[ 54.245833] ? rw_verify_area+0x118/0x360
[ 54.249979] do_splice_direct+0x1da/0x2a0
[ 54.254108] ? splice_direct_to_actor+0x890/0x890
[ 54.258950] ? rcu_read_lock_sched_held+0x110/0x130
[ 54.263949] ? rcu_sync_lockdep_assert+0x6d/0xb0
[ 54.268686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 54.274204] ? __sb_start_write+0x1ac/0x360
[ 54.278505] do_sendfile+0x597/0xce0
[ 54.282209] ? do_compat_pwritev64+0x1c0/0x1c0
[ 54.286770] ? do_sys_open+0x31d/0x550
[ 54.290640] __x64_sys_sendfile64+0x1dd/0x220
[ 54.295116] ? __ia32_sys_sendfile+0x230/0x230
[ 54.299678] ? do_syscall_64+0x26/0x620
[ 54.303647] ? lockdep_hardirqs_on+0x415/0x5d0
[ 54.308232] ? trace_hardirqs_on+0x67/0x220
[ 54.312548] do_syscall_64+0xfd/0x620
[ 54.316331] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 54.321503] RIP: 0033:0x440489
[ 54.324678] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 54.343577] RSP: 002b:00007ffe57ac8268 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 54.351271] RAX: ffffffffffffffda RBX: 0000000000006f69 RCX: 0000000000440489
[ 54.358535] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005
[ 54.365789] RBP: 00000000006cb018 R08: 68742f636f72702f R09: 68742f