[�[0;32m OK �[0m] Started Getty on tty6.
[�[0;32m OK �[0m] Started Getty on tty5.
[�[0;32m OK �[0m] Started Getty on tty4.
[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 27.492425]
[ 27.494287] ======================================================
[ 27.500674] WARNING: possible circular locking dependency detected
[ 27.506970] 4.14.232-syzkaller #0 Not tainted
[ 27.511438] ------------------------------------------------------
[ 27.517736] syz-executor612/7953 is trying to acquire lock:
[ 27.523504] (&sig->cred_guard_mutex){+.+.}, at: [<ffffffff81a03109>] proc_tgid_io_accounting+0x1b9/0x7a0
[ 27.533287]
[ 27.533287] but task is already holding lock:
[ 27.539327] (&p->lock){+.+.}, at: [<ffffffff818e979a>] seq_read+0xba/0x1120
[ 27.546496]
[ 27.546496] which lock already depends on the new lock.
[ 27.546496]
[ 27.554783]
[ 27.554783] the existing dependency chain (in reverse order) is:
[ 27.562377]
[ 27.562377] -> #3 (&p->lock){+.+.}:
[ 27.567576] __mutex_lock+0xc4/0x1310
[ 27.571872] seq_read+0xba/0x1120
[ 27.575821] do_iter_read+0x3eb/0x5b0
[ 27.580135] vfs_readv+0xc8/0x120
[ 27.584088] default_file_splice_read+0x418/0x910
[ 27.589429] do_splice_to+0xfb/0x140
[ 27.593637] splice_direct_to_actor+0x207/0x730
[ 27.598819] do_splice_direct+0x164/0x210
[ 27.603466] do_sendfile+0x47f/0xb30
[ 27.607676] SyS_sendfile64+0xff/0x110
[ 27.612065] do_syscall_64+0x1d5/0x640
[ 27.616466] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 27.622169]
[ 27.622169] -> #2 (sb_writers#3){.+.+}:
[ 27.627602] __sb_start_write+0x64/0x260
[ 27.632185] mnt_want_write+0x3a/0xb0
[ 27.636482] ovl_create_object+0x75/0x1d0
[ 27.641140] lookup_open+0x77a/0x1750
[ 27.645436] path_openat+0xe08/0x2970
[ 27.649753] do_filp_open+0x179/0x3c0
[ 27.654050] do_sys_open+0x296/0x410
[ 27.658259] do_syscall_64+0x1d5/0x640
[ 27.662645] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 27.668415]
[ 27.668415] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}:
[ 27.675165] down_read+0x36/0x80
[ 27.679742] path_openat+0x149b/0x2970
[ 27.684126] do_filp_open+0x179/0x3c0
[ 27.688420] do_open_execat+0xd3/0x450
[ 27.692801] do_execveat_common+0x711/0x1f30
[ 27.697700] SyS_execve+0x3b/0x50
[ 27.701648] do_syscall_64+0x1d5/0x640
[ 27.706067] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 27.711855]
[ 27.711855] -> #0 (&sig->cred_guard_mutex){+.+.}:
[ 27.718172] lock_acquire+0x170/0x3f0
[ 27.722519] __mutex_lock+0xc4/0x1310
[ 27.726814] proc_tgid_io_accounting+0x1b9/0x7a0
[ 27.732106] proc_single_show+0xe7/0x150
[ 27.736665] seq_read+0x4cf/0x1120
[ 27.740698] do_iter_read+0x3eb/0x5b0
[ 27.744997] vfs_readv+0xc8/0x120
[ 27.748950] default_file_splice_read+0x418/0x910
[ 27.754308] do_splice_to+0xfb/0x140
[ 27.758531] splice_direct_to_actor+0x207/0x730
[ 27.763698] do_splice_direct+0x164/0x210
[ 27.768356] do_sendfile+0x47f/0xb30
[ 27.772578] SyS_sendfile64+0xff/0x110
[ 27.776961] do_syscall_64+0x1d5/0x640
[ 27.781346] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 27.787040]
[ 27.787040] other info that might help us debug this:
[ 27.787040]
[ 27.795156] Chain exists of:
[ 27.795156] &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock
[ 27.795156]
[ 27.805806] Possible unsafe locking scenario:
[ 27.805806]
[ 27.811853] CPU0 CPU1
[ 27.816498] ---- ----
[ 27.821136] lock(&p->lock);
[ 27.824214] lock(sb_writers#3);
[ 27.830169] lock(&p->lock);
[ 27.835774] lock(&sig->cred_guard_mutex);
[ 27.840191]
[ 27.840191] *** DEADLOCK ***
[ 27.840191]
[ 27.846268] 2 locks held by syz-executor612/7953:
[ 27.851082] #0: (sb_writers#3){.+.+}, at: [<ffffffff8186b31f>] do_sendfile+0x84f/0xb30
[ 27.859381] #1: (&p->lock){+.+.}, at: [<ffffffff818e979a>] seq_read+0xba/0x1120
[ 27.866985]
[ 27.866985] stack backtrace:
[ 27.871459] CPU: 1 PID: 7953 Comm: syz-executor612 Not tainted 4.14.232-syzkaller #0
[ 27.879325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 27.888670] Call Trace:
[ 27.891239] dump_stack+0x1b2/0x281
[ 27.894840] print_circular_bug.constprop.0.cold+0x2d7/0x41e
[ 27.900611] __lock_acquire+0x2e0e/0x3f20
[ 27.904739] ? trace_hardirqs_on+0x10/0x10
[ 27.908972] ? mark_held_locks+0xa6/0xf0
[ 27.913032] ? _raw_spin_unlock_irqrestore+0x79/0xe0
[ 27.918119] ? depot_save_stack+0x1d3/0x3f0
[ 27.922429] lock_acquire+0x170/0x3f0
[ 27.926219] ? proc_tgid_io_accounting+0x1b9/0x7a0
[ 27.931121] ? proc_tgid_io_accounting+0x1b9/0x7a0
[ 27.936059] __mutex_lock+0xc4/0x1310
[ 27.939858] ? proc_tgid_io_accounting+0x1b9/0x7a0
[ 27.944778] ? do_splice_direct+0x164/0x210
[ 27.949095] ? SyS_sendfile64+0xff/0x110
[ 27.953134] ? do_syscall_64+0x1d5/0x640
[ 27.957186] ? proc_tgid_io_accounting+0x1b9/0x7a0
[ 27.962096] ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[ 27.967520] ? trace_hardirqs_on+0x10/0x10
[ 27.971735] ? seq_read+0xba/0x1120
[ 27.975340] ? fs_reclaim_release+0xd0/0x110
[ 27.979722] proc_tgid_io_accounting+0x1b9/0x7a0
[ 27.984455] ? proc_uid_map_open+0x30/0x30
[ 27.988662] proc_single_show+0xe7/0x150
[ 27.992784] seq_read+0x4cf/0x1120
[ 27.996298] ? seq_lseek+0x3d0/0x3d0
[ 27.999986] ? security_file_permission+0x82/0x1e0
[ 28.004902] ? rw_verify_area+0xe1/0x2a0
[ 28.008936] do_iter_read+0x3eb/0x5b0
[ 28.012726] vfs_readv+0xc8/0x120
[ 28.016153] ? compat_rw_copy_check_uvector+0x320/0x320
[ 28.021508] ? kmem_cache_alloc_node_trace+0x383/0x400
[ 28.026768] ? push_pipe+0x3cb/0x750
[ 28.030474] ? iov_iter_get_pages_alloc+0x2ae/0xf00
[ 28.035570] ? iov_iter_bvec+0x110/0x110
[ 28.039615] ? _raw_spin_unlock_irqrestore+0x66/0xe0
[ 28.044793] ? depot_save_stack+0x1d3/0x3f0
[ 28.049089] ? iov_iter_pipe+0x93/0x2b0
[ 28.053041] default_file_splice_read+0x418/0x910
[ 28.057866] ? lock_downgrade+0x740/0x740
[ 28.061990] ? do_splice_direct+0x210/0x210
[ 28.066290] ? trace_hardirqs_on+0x10/0x10
[ 28.070502] ? trace_hardirqs_on+0x10/0x10
[ 28.074714] ? fsnotify+0x974/0x11b0
[ 28.078407] ? security_file_permission+0x82/0x1e0
[ 28.083454] ? rw_verify_area+0xe1/0x2a0
[ 28.087497] ? do_splice_direct+0x210/0x210
[ 28.091856] do_splice_to+0xfb/0x140
[ 28.095547] splice_direct_to_actor+0x207/0x730
[ 28.100229] ? common_file_perm+0x3ee/0x580
[ 28.104531] ? generic_pipe_buf_nosteal+0x10/0x10
[ 28.109348] ? do_splice_to+0x140/0x140
[ 28.113299] ? rw_verify_area+0xe1/0x2a0
[ 28.117333] do_splice_direct+0x164/0x210
[ 28.121455] ? splice_direct_to_actor+0x730/0x730
[ 28.126347] ? rcu_read_lock_sched_held+0x16c/0x1d0
[ 28.131384] do_sendfile+0x47f/0xb30
[ 28.135074] ? do_compat_writev+0x180/0x180
[ 28.139372] ? putname+0xcd/0x110
[ 28.142804] ? do_sys_open+0x208/0x410
[ 28.146668] SyS_sendfile64+0xff/0x110
[ 28.150531] ? SyS_sendfile+0x130/0x130
[ 28.154481] ? do_syscall_64+0x4c/0x640
[ 28.158443] ? SyS_sendfile+0x130/0x130
[ 28.162566] do_syscall_64+0x1d5/0x640
[ 28.166484] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 28.171739] RIP: 0033:0x43f239
[ 28.174902] RSP: 002b:00007fff55c1dd68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 28.182716] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f239
[ 28.189976] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0