[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.158824] audit: type=1800 audit(1549656267.369:25): pid=7610 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 37.194255] audit: type=1800 audit(1549656267.369:26): pid=7610 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 37.228523] audit: type=1800 audit(1549656267.369:27): pid=7610 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.192' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 46.422276] overlayfs: filesystem on './file0' not supported as upperdir [ 46.424227] [ 46.430918] ====================================================== [ 46.437212] WARNING: possible circular locking dependency detected [ 46.443513] 5.0.0-rc5+ #63 Not tainted [ 46.447387] ------------------------------------------------------ [ 46.453686] syz-executor129/7766 is trying to acquire lock: [ 46.459383] 00000000e96d3732 (&ovl_i_mutex_key[depth]){+.+.}, at: ovl_write_iter+0x148/0xc20 [ 46.467951] [ 46.467951] but task is already holding lock: [ 46.473923] 00000000360f871f (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 [ 46.481104] [ 46.481104] which lock already depends on the new lock. [ 46.481104] [ 46.489407] [ 46.489407] the existing dependency chain (in reverse order) is: [ 46.497021] [ 46.497021] -> #2 (&pipe->mutex/1){+.+.}: [ 46.502637] __mutex_lock+0xf7/0x1310 [ 46.506977] mutex_lock_nested+0x16/0x20 [ 46.511573] pipe_lock+0x6e/0x80 [ 46.515453] iter_file_splice_write+0x18b/0xbe0 [ 46.520635] do_splice+0x644/0x1330 [ 46.524772] __x64_sys_splice+0x2c6/0x330 [ 46.529465] do_syscall_64+0x103/0x610 [ 46.533871] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.539560] [ 46.539560] -> #1 (sb_writers#3){.+.+}: [ 46.545015] __sb_start_write+0x20b/0x360 [ 46.549664] mnt_want_write+0x3f/0xc0 [ 46.553979] ovl_want_write+0x76/0xa0 [ 46.558276] ovl_setattr+0xdd/0x950 [ 46.562401] notify_change+0xad9/0xfb0 [ 46.566806] do_truncate+0x158/0x220 [ 46.571017] path_openat+0x2cc6/0x4690 [ 46.575406] do_filp_open+0x1a1/0x280 [ 46.579735] do_sys_open+0x3fe/0x5d0 [ 46.583962] __x64_sys_openat+0x9d/0x100 [ 46.588522] do_syscall_64+0x103/0x610 [ 46.592907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.598594] [ 46.598594] -> #0 (&ovl_i_mutex_key[depth]){+.+.}: [ 46.604985] lock_acquire+0x16f/0x3f0 [ 46.609289] down_write+0x38/0x90 [ 46.613242] ovl_write_iter+0x148/0xc20 [ 46.617716] __vfs_write+0x613/0x8e0 [ 46.621929] __kernel_write+0x110/0x3b0 [ 46.626407] write_pipe_buf+0x15d/0x1f0 [ 46.630885] __splice_from_pipe+0x39a/0x7e0 [ 46.635725] splice_from_pipe+0x108/0x170 [ 46.640387] default_file_splice_write+0x3c/0x90 [ 46.645647] do_splice+0x644/0x1330 [ 46.649773] __x64_sys_splice+0x2c6/0x330 [ 46.654449] do_syscall_64+0x103/0x610 [ 46.658863] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.664565] [ 46.664565] other info that might help us debug this: [ 46.664565] [ 46.672694] Chain exists of: [ 46.672694] &ovl_i_mutex_key[depth] --> sb_writers#3 --> &pipe->mutex/1 [ 46.672694] [ 46.683966] Possible unsafe locking scenario: [ 46.683966] [ 46.690009] CPU0 CPU1 [ 46.694652] ---- ---- [ 46.699311] lock(&pipe->mutex/1); [ 46.702930] lock(sb_writers#3); [ 46.708878] lock(&pipe->mutex/1); [ 46.714999] lock(&ovl_i_mutex_key[depth]); [ 46.719384] [ 46.719384] *** DEADLOCK *** [ 46.719384] [ 46.725417] 2 locks held by syz-executor129/7766: [ 46.730239] #0: 000000006cf9b9ed (sb_writers#8){.+.+}, at: do_splice+0xceb/0x1330 [ 46.737940] #1: 00000000360f871f (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80 [ 46.745569] [ 46.745569] stack backtrace: [ 46.750044] CPU: 0 PID: 7766 Comm: syz-executor129 Not tainted 5.0.0-rc5+ #63 [ 46.757306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.766634] Call Trace: [ 46.769240] dump_stack+0x172/0x1f0 [ 46.772859] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 46.778214] __lock_acquire+0x2f00/0x4700 [ 46.782341] ? noop_count+0x40/0x40 [ 46.785950] ? mark_held_locks+0x100/0x100 [ 46.790174] lock_acquire+0x16f/0x3f0 [ 46.793956] ? ovl_write_iter+0x148/0xc20 [ 46.798084] down_write+0x38/0x90 [ 46.801515] ? ovl_write_iter+0x148/0xc20 [ 46.805662] ovl_write_iter+0x148/0xc20 [ 46.809636] ? ovl_compat_ioctl+0x80/0x80 [ 46.813768] ? mark_held_locks+0x100/0x100 [ 46.817987] ? preempt_schedule_common+0x4f/0xe0 [ 46.822725] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 46.828265] ? iov_iter_init+0xea/0x220 [ 46.832238] __vfs_write+0x613/0x8e0 [ 46.835932] ? kernel_read+0x120/0x120 [ 46.839803] ? __lock_is_held+0xb6/0x140 [ 46.843862] ? lock_acquire+0x16f/0x3f0 [ 46.847820] __kernel_write+0x110/0x3b0 [ 46.851780] write_pipe_buf+0x15d/0x1f0 [ 46.855738] ? do_splice_direct+0x2a0/0x2a0 [ 46.860039] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.865555] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 46.870900] __splice_from_pipe+0x39a/0x7e0 [ 46.875211] ? do_splice_direct+0x2a0/0x2a0 [ 46.879529] ? do_splice_direct+0x2a0/0x2a0 [ 46.883838] splice_from_pipe+0x108/0x170 [ 46.887981] ? splice_shrink_spd+0xd0/0xd0 [ 46.892198] ? __lock_is_held+0xb6/0x140 [ 46.896240] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 46.901673] default_file_splice_write+0x3c/0x90 [ 46.906413] ? generic_splice_sendpage+0x50/0x50 [ 46.911165] do_splice+0x644/0x1330 [ 46.914784] ? iterate_fd+0x360/0x360 [ 46.918575] ? opipe_prep.part.0+0x2d0/0x2d0 [ 46.922979] ? __fget_light+0x1a9/0x230 [ 46.926950] __x64_sys_splice+0x2c6/0x330 [ 46.931083] do_syscall_64+0x103/0x610 [ 46.934958] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.940127] RIP: 0033:0x445919 [ 46.943303] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 46.962184] RSP: 002b:00007f674419fda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 46.969873] RAX: ffffffffffffffda RBX: 00000000006dac88 RCX: 0000000000445919 [ 46.977120] RDX: 000000000000000b RSI: 0000000000000000 RDI: 0000000000000009 [ 46.984376] RBP: 00000000006dac80 R08: 000100000000ffe0 R09: 0000000000000000 [ 46.991636] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac8c [ 46.998885] R13: 00007ffe9f29100f R14: 00007f67441a09c0 R15: 20c49ba5e353f7cf