[info] Using makefile-style concurrent boot in runlevel 2. [ 25.922640] audit: type=1800 audit(1543302084.748:21): pid=5838 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [ 25.948317] audit: type=1800 audit(1543302084.748:22): pid=5838 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.63' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.803471] overlayfs: filesystem on './file0' not supported as upperdir [ 34.805311] [ 34.812070] ====================================================== [ 34.818365] WARNING: possible circular locking dependency detected [ 34.824669] 4.20.0-rc4+ #351 Not tainted [ 34.828711] ------------------------------------------------------ [ 34.835007] syz-executor338/5996 is trying to acquire lock: [ 34.840695] 00000000b59bb66d (&ovl_i_mutex_key[depth]){+.+.}, at: ovl_write_iter+0x151/0xd10 [ 34.849267] [ 34.849267] but task is already holding lock: [ 34.855213] 00000000e0274330 (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 [ 34.862389] [ 34.862389] which lock already depends on the new lock. [ 34.862389] [ 34.870683] [ 34.870683] the existing dependency chain (in reverse order) is: [ 34.878285] [ 34.878285] -> #2 (&pipe->mutex/1){+.+.}: [ 34.883916] __mutex_lock+0x166/0x16f0 [ 34.888305] mutex_lock_nested+0x16/0x20 [ 34.892885] pipe_lock+0x6e/0x80 [ 34.896784] iter_file_splice_write+0x27d/0x1050 [ 34.902040] do_splice+0x64a/0x1430 [ 34.906164] __x64_sys_splice+0x2c1/0x330 [ 34.910815] do_syscall_64+0x1b9/0x820 [ 34.915203] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.920890] [ 34.920890] -> #1 (sb_writers#3){.+.+}: [ 34.926338] __sb_start_write+0x214/0x370 [ 34.930993] mnt_want_write+0x3f/0xc0 [ 34.935292] ovl_want_write+0x76/0xa0 [ 34.939594] ovl_setattr+0x10b/0xaf0 [ 34.943808] notify_change+0xbde/0x1110 [ 34.948280] do_truncate+0x1bd/0x2d0 [ 34.952496] path_openat+0x375f/0x5150 [ 34.956894] do_filp_open+0x255/0x380 [ 34.961197] do_sys_open+0x568/0x700 [ 34.965413] __x64_sys_openat+0x9d/0x100 [ 34.969979] do_syscall_64+0x1b9/0x820 [ 34.974369] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.980054] [ 34.980054] -> #0 (&ovl_i_mutex_key[depth]){+.+.}: [ 34.986447] lock_acquire+0x1ed/0x520 [ 34.990750] down_write+0x8a/0x130 [ 34.994792] ovl_write_iter+0x151/0xd10 [ 34.999265] __vfs_write+0x6b8/0x9f0 [ 35.003478] __kernel_write+0x10c/0x370 [ 35.007948] write_pipe_buf+0x180/0x240 [ 35.012431] __splice_from_pipe+0x38b/0x7c0 [ 35.017252] splice_from_pipe+0x1ec/0x340 [ 35.021909] default_file_splice_write+0x3c/0x90 [ 35.027166] do_splice+0x64a/0x1430 [ 35.031292] __x64_sys_splice+0x2c1/0x330 [ 35.035941] do_syscall_64+0x1b9/0x820 [ 35.040331] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.046013] [ 35.046013] other info that might help us debug this: [ 35.046013] [ 35.054155] Chain exists of: [ 35.054155] &ovl_i_mutex_key[depth] --> sb_writers#3 --> &pipe->mutex/1 [ 35.054155] [ 35.065416] Possible unsafe locking scenario: [ 35.065416] [ 35.071452] CPU0 CPU1 [ 35.076094] ---- ---- [ 35.080734] lock(&pipe->mutex/1); [ 35.084340] lock(sb_writers#3); [ 35.090286] lock(&pipe->mutex/1); [ 35.096412] lock(&ovl_i_mutex_key[depth]); [ 35.100800] [ 35.100800] *** DEADLOCK *** [ 35.100800] [ 35.106841] 2 locks held by syz-executor338/5996: [ 35.111658] #0: 00000000024e7b73 (sb_writers#8){.+.+}, at: do_splice+0xd2e/0x1430 [ 35.119359] #1: 00000000e0274330 (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 [ 35.126966] [ 35.126966] stack backtrace: [ 35.131445] CPU: 0 PID: 5996 Comm: syz-executor338 Not tainted 4.20.0-rc4+ #351 [ 35.138869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.148200] Call Trace: [ 35.150776] dump_stack+0x244/0x39d [ 35.154387] ? dump_stack_print_info.cold.1+0x20/0x20 [ 35.159570] ? vprintk_func+0x85/0x181 [ 35.163441] print_circular_bug.isra.35.cold.54+0x1bd/0x27d [ 35.169145] ? save_trace+0xe0/0x290 [ 35.172841] __lock_acquire+0x3399/0x4c20 [ 35.176972] ? mark_held_locks+0x130/0x130 [ 35.181193] ? __lock_acquire+0x2aff/0x4c20 [ 35.185504] ? mark_held_locks+0x130/0x130 [ 35.189729] ? perf_trace_sched_process_exec+0x860/0x860 [ 35.195156] ? do_raw_spin_unlock+0xa7/0x330 [ 35.199546] ? lock_acquire+0x1ed/0x520 [ 35.203518] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.209043] ? futex_wait_queue_me+0x55d/0x840 [ 35.213625] ? mark_held_locks+0x130/0x130 [ 35.217840] ? get_futex_value_locked+0xcb/0xf0 [ 35.222505] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 35.227503] ? __lock_is_held+0xb5/0x140 [ 35.231547] lock_acquire+0x1ed/0x520 [ 35.235332] ? ovl_write_iter+0x151/0xd10 [ 35.239461] ? lock_release+0xa00/0xa00 [ 35.243417] ? perf_trace_sched_process_exec+0x860/0x860 [ 35.248852] down_write+0x8a/0x130 [ 35.252370] ? ovl_write_iter+0x151/0xd10 [ 35.256494] ? down_read+0x120/0x120 [ 35.260188] ? futex_wake+0x304/0x760 [ 35.263966] ovl_write_iter+0x151/0xd10 [ 35.267931] ? __mutex_lock+0x85e/0x16f0 [ 35.271973] ? pipe_lock+0x6e/0x80 [ 35.275501] ? ovl_compat_ioctl+0x70/0x70 [ 35.279638] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.285156] ? iov_iter_init+0xe5/0x210 [ 35.289114] __vfs_write+0x6b8/0x9f0 [ 35.292809] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 35.298088] ? kernel_read+0x120/0x120 [ 35.301961] ? __lock_is_held+0xb5/0x140 [ 35.306004] ? find_held_lock+0x36/0x1c0 [ 35.310060] __kernel_write+0x10c/0x370 [ 35.314028] write_pipe_buf+0x180/0x240 [ 35.317982] ? do_splice_direct+0x420/0x420 [ 35.322294] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.327810] ? splice_from_pipe_next.part.11+0x296/0x340 [ 35.333241] __splice_from_pipe+0x38b/0x7c0 [ 35.337542] ? do_splice_direct+0x420/0x420 [ 35.341843] splice_from_pipe+0x1ec/0x340 [ 35.345985] ? do_splice_direct+0x420/0x420 [ 35.350294] ? splice_shrink_spd+0xd0/0xd0 [ 35.354510] ? rcu_read_lock_sched_held+0x14f/0x180 [ 35.359504] default_file_splice_write+0x3c/0x90 [ 35.364238] ? generic_splice_sendpage+0x50/0x50 [ 35.368973] do_splice+0x64a/0x1430 [ 35.372581] ? kmem_cache_free+0x24f/0x290 [ 35.376801] ? opipe_prep.part.14+0x3b0/0x3b0 [ 35.381279] __x64_sys_splice+0x2c1/0x330 [ 35.385410] do_syscall_64+0x1b9/0x820 [ 35.389280] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.394624] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.399538] ? trace_hardirqs_on_caller+0x310/0x310 [ 35.404535] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.409536] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 35.416183] ? __switch_to_asm+0x40/0x70 [ 35.420235] ? __switch_to_asm+0x34/0x70 [ 35.424280] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.429102] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.434268] RIP: 0033:0x445ad9 [ 35.437442] Code: e8 5c b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 35.456323] RSP: 002b:00007f18e3f71cd8 EFLAGS: 00000216 ORIG_RAX: 0000000000000113 [ 35.464011] RAX: ffffffffffffffda RBX: 00000000006dac78 RCX: 0000000000445ad9 [ 35.471271] RDX: 000000000000000a RSI: 0000000000000000 RDI: 0000000000000007 [ 35.478521] RBP: 00000000006dac70 R08: 000100000000000a R09: 0000000000000007 [ 35.485770] R10: 0000000000000000 R11: 0000000000000216 R12: 00000000006dac7c [ 35.493018] R13: 00007ffde0706e9f R14: 00007f18e3f729c0 R15: 00000000006dad4c