[info] Using makefile-style concurrent boot in runlevel 2. [ 26.973938] audit: type=1800 audit(1543378438.853:21): pid=5826 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.115' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 38.769796] IPVS: ftp: loaded support on port[0] = 21 [ 38.994295] overlayfs: filesystem on './file0' not supported as upperdir [ 38.998554] [ 39.002853] ====================================================== [ 39.009148] WARNING: possible circular locking dependency detected [ 39.015461] 4.20.0-rc1-next-20181109+ #110 Not tainted [ 39.020717] ------------------------------------------------------ [ 39.027016] syz-executor894/5985 is trying to acquire lock: [ 39.032706] 00000000d0e18e23 (&ovl_i_mutex_key[depth]){+.+.}, at: ovl_write_iter+0x151/0xd10 [ 39.041270] [ 39.041270] but task is already holding lock: [ 39.047224] 00000000f2c0c3fd (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 [ 39.054407] [ 39.054407] which lock already depends on the new lock. [ 39.054407] [ 39.062715] [ 39.062715] the existing dependency chain (in reverse order) is: [ 39.070312] [ 39.070312] -> #2 (&pipe->mutex/1){+.+.}: [ 39.075931] __mutex_lock+0x166/0x16f0 [ 39.080322] mutex_lock_nested+0x16/0x20 [ 39.084888] pipe_lock+0x6e/0x80 [ 39.088758] iter_file_splice_write+0x27d/0x1050 [ 39.094015] do_splice+0x64a/0x1430 [ 39.098156] __x64_sys_splice+0x2c1/0x330 [ 39.102807] do_syscall_64+0x1b9/0x820 [ 39.107224] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.112911] [ 39.112911] -> #1 (sb_writers#3){.+.+}: [ 39.118354] __sb_start_write+0x214/0x370 [ 39.123007] mnt_want_write+0x3f/0xc0 [ 39.127310] ovl_want_write+0x76/0xa0 [ 39.131609] ovl_setattr+0x10b/0xaf0 [ 39.135821] notify_change+0xbde/0x1110 [ 39.140294] do_truncate+0x1bd/0x2d0 [ 39.144527] path_openat+0x375f/0x5150 [ 39.148913] do_filp_open+0x255/0x380 [ 39.153212] do_sys_open+0x568/0x700 [ 39.157428] __x64_sys_openat+0x9d/0x100 [ 39.161989] do_syscall_64+0x1b9/0x820 [ 39.166380] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.172071] [ 39.172071] -> #0 (&ovl_i_mutex_key[depth]){+.+.}: [ 39.178466] lock_acquire+0x1ed/0x520 [ 39.182769] down_write+0x8a/0x130 [ 39.186825] ovl_write_iter+0x151/0xd10 [ 39.191302] __vfs_write+0x6b8/0x9f0 [ 39.195521] __kernel_write+0x10c/0x370 [ 39.199994] write_pipe_buf+0x180/0x240 [ 39.204473] __splice_from_pipe+0x38b/0x7c0 [ 39.209294] splice_from_pipe+0x1ec/0x340 [ 39.213942] default_file_splice_write+0x3c/0x90 [ 39.219201] do_splice+0x64a/0x1430 [ 39.223343] __x64_sys_splice+0x2c1/0x330 [ 39.227992] do_syscall_64+0x1b9/0x820 [ 39.232476] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.238166] [ 39.238166] other info that might help us debug this: [ 39.238166] [ 39.246290] Chain exists of: [ 39.246290] &ovl_i_mutex_key[depth] --> sb_writers#3 --> &pipe->mutex/1 [ 39.246290] [ 39.257557] Possible unsafe locking scenario: [ 39.257557] [ 39.263592] CPU0 CPU1 [ 39.268234] ---- ---- [ 39.272873] lock(&pipe->mutex/1); [ 39.276477] lock(sb_writers#3); [ 39.282431] lock(&pipe->mutex/1); [ 39.288551] lock(&ovl_i_mutex_key[depth]); [ 39.292937] [ 39.292937] *** DEADLOCK *** [ 39.292937] [ 39.298976] 2 locks held by syz-executor894/5985: [ 39.303793] #0: 00000000e8fcf50e (sb_writers#8){.+.+}, at: do_splice+0xd2e/0x1430 [ 39.311492] #1: 00000000f2c0c3fd (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 [ 39.319109] [ 39.319109] stack backtrace: [ 39.323587] CPU: 0 PID: 5985 Comm: syz-executor894 Not tainted 4.20.0-rc1-next-20181109+ #110 [ 39.332228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.341559] Call Trace: [ 39.344131] dump_stack+0x244/0x39d [ 39.347741] ? dump_stack_print_info.cold.1+0x20/0x20 [ 39.352911] ? vprintk_func+0x85/0x181 [ 39.356801] print_circular_bug.isra.35.cold.56+0x1bd/0x27d [ 39.362498] ? save_trace+0xe0/0x290 [ 39.366197] __lock_acquire+0x3399/0x4c20 [ 39.370337] ? mark_held_locks+0x130/0x130 [ 39.374552] ? __lock_acquire+0x2aff/0x4c20 [ 39.378859] ? mark_held_locks+0x130/0x130 [ 39.383077] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.388164] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 39.392725] ? preempt_schedule+0x4d/0x60 [ 39.396854] ? preempt_schedule_common+0x1f/0xe0 [ 39.401593] ? _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.406679] ? mark_held_locks+0x130/0x130 [ 39.410893] ? migrate_swap_stop+0x8a0/0x8a0 [ 39.415280] ? __lock_is_held+0xb5/0x140 [ 39.419321] lock_acquire+0x1ed/0x520 [ 39.423102] ? ovl_write_iter+0x151/0xd10 [ 39.427233] ? lock_release+0xa10/0xa10 [ 39.431201] ? perf_trace_sched_process_exec+0x860/0x860 [ 39.436642] down_write+0x8a/0x130 [ 39.440162] ? ovl_write_iter+0x151/0xd10 [ 39.444303] ? down_read+0x120/0x120 [ 39.447997] ? futex_wake+0x304/0x760 [ 39.451780] ovl_write_iter+0x151/0xd10 [ 39.455754] ? __mutex_lock+0x85e/0x16f0 [ 39.459802] ? pipe_lock+0x6e/0x80 [ 39.463324] ? ovl_compat_ioctl+0x70/0x70 [ 39.467456] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.472978] ? iov_iter_init+0xe5/0x210 [ 39.476936] __vfs_write+0x6b8/0x9f0 [ 39.480629] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 39.485883] ? kernel_read+0x120/0x120 [ 39.489751] ? __lock_is_held+0xb5/0x140 [ 39.493790] ? find_held_lock+0x36/0x1c0 [ 39.497834] __kernel_write+0x10c/0x370 [ 39.501791] write_pipe_buf+0x180/0x240 [ 39.505744] ? do_splice_direct+0x420/0x420 [ 39.510044] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.515560] ? splice_from_pipe_next.part.11+0x296/0x340 [ 39.520992] __splice_from_pipe+0x38b/0x7c0 [ 39.525295] ? do_splice_direct+0x420/0x420 [ 39.529597] splice_from_pipe+0x1ec/0x340 [ 39.533724] ? do_splice_direct+0x420/0x420 [ 39.538027] ? splice_shrink_spd+0xd0/0xd0 [ 39.542387] ? rcu_read_lock_sched_held+0x14f/0x180 [ 39.547412] default_file_splice_write+0x3c/0x90 [ 39.552153] ? generic_splice_sendpage+0x50/0x50 [ 39.556890] do_splice+0x64a/0x1430 [ 39.560503] ? kmem_cache_free+0x24f/0x290 [ 39.564722] ? opipe_prep.part.14+0x3b0/0x3b0 [ 39.569204] __x64_sys_splice+0x2c1/0x330 [ 39.573338] do_syscall_64+0x1b9/0x820 [ 39.577214] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.582561] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.587595] ? trace_hardirqs_on_caller+0x310/0x310 [ 39.592596] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.597599] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 39.604245] ? __switch_to_asm+0x40/0x70 [ 39.608286] ? __switch_to_asm+0x34/0x70 [ 39.612332] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.617157] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.622328] RIP: 0033:0x445e09 [ 39.625501] Code: e8 cc b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 39.644383] RSP: 002b:00007f5188a99d98 EFLAGS: 00000212 ORIG_RAX: 0000000000000113 [ 39.652081] RAX: ffffffffffffffda RBX: 00000000006dac78 RCX: 0000000000445e09 [ 39.659333] RDX: 000000000000000a RSI: 0000000000000000 RDI: 0000000000000007 [ 39.666584] RBP: 00000000006dac70 R08: 000100000000000a R09: 0000000000000007 [ 39.673831] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dac7c [ 39.681189] R13: 0030656c69662f2e R14: 652e79726f6d656d R15: 0000000000000005 [ 39.977008] kobject: 'rx-0' (00000000aa8a347f): kobject_cleanup, parent 00000000b06b5ab1 [ 39.985312] kobject: 'rx-0' (00000000aa8a347f): auto cleanup 'remove' event [ 39.992600] kobject: 'rx-0' (00000000aa8a347f): kobject_uevent_env [ 39.998965] kobject: 'rx-0' (00000000aa8a347f): kobject_uevent_env: uevent_suppress caused the event to drop! [ 40.009081] kobject: 'rx-0' (00000000aa8a347f): auto cleanup kobject_del [ 40.015939] kobject: 'rx-0' (00000000aa8a347f): calling ktype release [ 40.022537] kobject: 'rx-0': free name [ 40.026