[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.178' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 34.734494]
[ 34.736154] ======================================================
[ 34.742460] WARNING: possible circular locking dependency detected
[ 34.748762] 4.14.175-syzkaller #0 Not tainted
[ 34.753249] ------------------------------------------------------
[ 34.759552] syz-executor993/6341 is trying to acquire lock:
[ 34.765234] (&sig->cred_guard_mutex){+.+.}, at: [<ffffffff81a45d4f>] lock_trace+0x3f/0xc0
[ 34.773660]
[ 34.773660] but task is already holding lock:
[ 34.779644] (&p->lock){+.+.}, at: [<ffffffff8192f06a>] seq_read+0xba/0x1160
[ 34.786813]
[ 34.786813] which lock already depends on the new lock.
[ 34.786813]
[ 34.795473]
[ 34.795473] the existing dependency chain (in reverse order) is:
[ 34.803080]
[ 34.803080] -> #3 (&p->lock){+.+.}:
[ 34.808168] __mutex_lock+0xe8/0x1470
[ 34.812490] seq_read+0xba/0x1160
[ 34.816441] do_iter_read+0x3e3/0x5a0
[ 34.820754] vfs_readv+0xd3/0x130
[ 34.824714] default_file_splice_read+0x41d/0x870
[ 34.830056] do_splice_to+0xfb/0x150
[ 34.834264] splice_direct_to_actor+0x20a/0x730
[ 34.839454] do_splice_direct+0x164/0x210
[ 34.844098] do_sendfile+0x469/0xaf0
[ 34.848306] SyS_sendfile64+0xff/0x110
[ 34.852689] do_syscall_64+0x1d5/0x640
[ 34.857074] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 34.862756]
[ 34.862756] -> #2 (sb_writers#3){.+.+}:
[ 34.868188] __sb_start_write+0x1a1/0x2e0
[ 34.872834] mnt_want_write+0x3a/0xb0
[ 34.877134] ovl_create_object+0x75/0x1d0
[ 34.881792] lookup_open+0x10e8/0x1750
[ 34.886184] path_openat+0xfc1/0x3c50
[ 34.890487] do_filp_open+0x18e/0x250
[ 34.894850] do_sys_open+0x29d/0x3f0
[ 34.899073] do_syscall_64+0x1d5/0x640
[ 34.903473] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 34.909160]
[ 34.909160] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}:
[ 34.915904] down_read+0x37/0xa0
[ 34.919808] path_openat+0x185a/0x3c50
[ 34.924196] do_filp_open+0x18e/0x250
[ 34.928545] do_open_execat+0xda/0x430
[ 34.932940] do_execveat_common.isra.0+0x694/0x1c70
[ 34.938455] SyS_execve+0x34/0x40
[ 34.942417] do_syscall_64+0x1d5/0x640
[ 34.946826] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 34.952552]
[ 34.952552] -> #0 (&sig->cred_guard_mutex){+.+.}:
[ 34.958863] lock_acquire+0x170/0x3f0
[ 34.963173] __mutex_lock+0xe8/0x1470
[ 34.967476] lock_trace+0x3f/0xc0
[ 34.971425] proc_pid_syscall+0x81/0x1f0
[ 34.975991] proc_single_show+0xe7/0x150
[ 34.980559] seq_read+0x4d2/0x1160
[ 34.984602] do_iter_read+0x3e3/0x5a0
[ 34.988946] vfs_readv+0xd3/0x130
[ 34.992901] default_file_splice_read+0x41d/0x870
[ 34.998243] do_splice_to+0xfb/0x150
[ 35.002454] splice_direct_to_actor+0x20a/0x730
[ 35.007645] do_splice_direct+0x164/0x210
[ 35.012351] do_sendfile+0x469/0xaf0
[ 35.016564] SyS_sendfile64+0xff/0x110
[ 35.020992] do_syscall_64+0x1d5/0x640
[ 35.025491] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 35.031223]
[ 35.031223] other info that might help us debug this:
[ 35.031223]
[ 35.039346] Chain exists of:
[ 35.039346] &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock
[ 35.039346]
[ 35.050034] Possible unsafe locking scenario:
[ 35.050034]
[ 35.056069] CPU0 CPU1
[ 35.060774] ---- ----
[ 35.065417] lock(&p->lock);
[ 35.068553] lock(sb_writers#3);
[ 35.074600] lock(&p->lock);
[ 35.080205] lock(&sig->cred_guard_mutex);
[ 35.084512]
[ 35.084512] *** DEADLOCK ***
[ 35.084512]
[ 35.090574] 2 locks held by syz-executor993/6341:
[ 35.095395] #0: (sb_writers#3){.+.+}, at: [<ffffffff818b2945>] do_sendfile+0x865/0xaf0
[ 35.103628] #1: (&p->lock){+.+.}, at: [<ffffffff8192f06a>] seq_read+0xba/0x1160
[ 35.111236]
[ 35.111236] stack backtrace:
[ 35.115727] CPU: 0 PID: 6341 Comm: syz-executor993 Not tainted 4.14.175-syzkaller #0
[ 35.123594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 35.132934] Call Trace:
[ 35.135507] dump_stack+0x13e/0x194
[ 35.139122] print_circular_bug.isra.0.cold+0x1c4/0x282
[ 35.144518] __lock_acquire+0x2cb3/0x4620
[ 35.148660] ? trace_hardirqs_on+0x10/0x10
[ 35.152922] ? deref_stack_reg+0x8a/0xc0
[ 35.156968] ? trace_hardirqs_on+0x10/0x10
[ 35.161192] ? save_trace+0x290/0x290
[ 35.164983] lock_acquire+0x170/0x3f0
[ 35.168768] ? lock_trace+0x3f/0xc0
[ 35.172385] ? lock_trace+0x3f/0xc0
[ 35.176044] __mutex_lock+0xe8/0x1470
[ 35.179892] ? lock_trace+0x3f/0xc0
[ 35.183504] ? save_stack+0x89/0xa0
[ 35.187122] ? lock_trace+0x3f/0xc0
[ 35.190777] ? mutex_trylock+0x1a0/0x1a0
[ 35.194827] ? do_splice_to+0xfb/0x150
[ 35.198701] ? splice_direct_to_actor+0x20a/0x730
[ 35.203567] ? do_splice_direct+0x164/0x210
[ 35.207868] ? do_sendfile+0x469/0xaf0
[ 35.211734] ? SyS_sendfile64+0xff/0x110
[ 35.215779] ? do_syscall_64+0x1d5/0x640
[ 35.219818] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 35.225166] ? save_trace+0x290/0x290
[ 35.228948] ? trace_hardirqs_on+0x10/0x10
[ 35.233166] ? save_trace+0x290/0x290
[ 35.236949] ? lock_trace+0x3f/0xc0
[ 35.240592] lock_trace+0x3f/0xc0
[ 35.244023] proc_pid_syscall+0x81/0x1f0
[ 35.248074] ? mem_read+0x60/0x60
[ 35.251551] ? find_held_lock+0x2d/0x110
[ 35.255639] ? get_pid_task+0x91/0x130
[ 35.259516] ? check_preemption_disabled+0x35/0x240
[ 35.264512] ? lock_downgrade+0x6e0/0x6e0
[ 35.268701] proc_single_show+0xe7/0x150
[ 35.272784] seq_read+0x4d2/0x1160
[ 35.276342] ? selinux_file_permission+0x7a/0x440
[ 35.281163] ? seq_lseek+0x3d0/0x3d0
[ 35.284856] ? security_file_permission+0x82/0x1e0
[ 35.289766] ? rw_verify_area+0xe1/0x2a0
[ 35.293826] do_iter_read+0x3e3/0x5a0
[ 35.297651] vfs_readv+0xd3/0x130
[ 35.301106] ? compat_rw_copy_check_uvector+0x320/0x320
[ 35.306444] ? alloc_pages_current+0xef/0x1e0
[ 35.310917] ? iov_iter_get_pages_alloc+0x2b7/0xe90
[ 35.315913] ? iov_iter_revert+0x980/0x980
[ 35.320122] ? iov_iter_pipe+0x93/0x2b0
[ 35.324073] default_file_splice_read+0x41d/0x870
[ 35.328893] ? save_stack+0x32/0xa0
[ 35.332506] ? kasan_kmalloc+0xbf/0xe0
[ 35.336370] ? __kmalloc+0x15b/0x7c0
[ 35.340061] ? alloc_pipe_info+0x156/0x380
[ 35.344272] ? page_cache_pipe_buf_release+0x210/0x210
[ 35.349543] ? trace_hardirqs_on+0x10/0x10
[ 35.353754] ? fsnotify+0x897/0x1110
[ 35.357445] ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0
[ 35.364127] ? fsnotify+0x1110/0x1110
[ 35.367907] ? __inode_security_revalidate+0xcf/0x120
[ 35.373094] ? avc_policy_seqno+0x5/0x10
[ 35.377145] ? selinux_file_permission+0x7a/0x440
[ 35.382147] ? security_file_permission+0x82/0x1e0
[ 35.387250] ? rw_verify_area+0xe1/0x2a0
[ 35.391294] ? page_cache_pipe_buf_release+0x210/0x210
[ 35.396649] do_splice_to+0xfb/0x150
[ 35.400381] ? alloc_pipe_info+0x2dc/0x380
[ 35.404597] splice_direct_to_actor+0x20a/0x730
[ 35.409287] ? generic_pipe_buf_nosteal+0x10/0x10
[ 35.414125] ? do_splice_to+0x150/0x150
[ 35.418094] ? rw_verify_area+0xe1/0x2a0
[ 35.422138] do_splice_direct+0x164/0x210
[ 35.426264] ? splice_direct_to_actor+0x730/0x730
[ 35.431218] ? rcu_read_lock_sched_held+0x10a/0x130
[ 35.436216] ? rcu_sync_lockdep_assert+0x69/0xa0
[ 35.440963] do_sendfile+0x469/0xaf0
[ 35.444670] ? do_compat_pwritev64+0x140/0x140
[ 35.449234] ? putname+0xcd/0x110
[ 35.452668] ? do_sys_open+0x1fe/0x3f0
[ 35.456548] SyS_sendfile64+0xff/0x110
[ 35.460411] ? SyS_sendfile+0x130/0x130
[ 35.464621] ? do_syscall_64+0x4c/0x640
[ 35.468571] ? SyS_sendfile+0x130/0x130
[ 35.472521] do_syscall_64+0x1d5/0x640
[ 35.476488] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 35.481656] RIP: 0033:0x440389
[ 35.484824] RSP: 002b:00007fffe