[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   37.158824] audit: type=1800 audit(1549656267.369:25): pid=7610 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   37.194255] audit: type=1800 audit(1549656267.369:26): pid=7610 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   37.228523] audit: type=1800 audit(1549656267.369:27): pid=7610 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.192' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   46.422276] overlayfs: filesystem on './file0' not supported as upperdir
[   46.424227] 
[   46.430918] ======================================================
[   46.437212] WARNING: possible circular locking dependency detected
[   46.443513] 5.0.0-rc5+ #63 Not tainted
[   46.447387] ------------------------------------------------------
[   46.453686] syz-executor129/7766 is trying to acquire lock:
[   46.459383] 00000000e96d3732 (&ovl_i_mutex_key[depth]){+.+.}, at: ovl_write_iter+0x148/0xc20
[   46.467951] 
[   46.467951] but task is already holding lock:
[   46.473923] 00000000360f871f (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80
[   46.481104] 
[   46.481104] which lock already depends on the new lock.
[   46.481104] 
[   46.489407] 
[   46.489407] the existing dependency chain (in reverse order) is:
[   46.497021] 
[   46.497021] -> #2 (&pipe->mutex/1){+.+.}:
[   46.502637]        __mutex_lock+0xf7/0x1310
[   46.506977]        mutex_lock_nested+0x16/0x20
[   46.511573]        pipe_lock+0x6e/0x80
[   46.515453]        iter_file_splice_write+0x18b/0xbe0
[   46.520635]        do_splice+0x644/0x1330
[   46.524772]        __x64_sys_splice+0x2c6/0x330
[   46.529465]        do_syscall_64+0x103/0x610
[   46.533871]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   46.539560] 
[   46.539560] -> #1 (sb_writers#3){.+.+}:
[   46.545015]        __sb_start_write+0x20b/0x360
[   46.549664]        mnt_want_write+0x3f/0xc0
[   46.553979]        ovl_want_write+0x76/0xa0
[   46.558276]        ovl_setattr+0xdd/0x950
[   46.562401]        notify_change+0xad9/0xfb0
[   46.566806]        do_truncate+0x158/0x220
[   46.571017]        path_openat+0x2cc6/0x4690
[   46.575406]        do_filp_open+0x1a1/0x280
[   46.579735]        do_sys_open+0x3fe/0x5d0
[   46.583962]        __x64_sys_openat+0x9d/0x100
[   46.588522]        do_syscall_64+0x103/0x610
[   46.592907]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   46.598594] 
[   46.598594] -> #0 (&ovl_i_mutex_key[depth]){+.+.}:
[   46.604985]        lock_acquire+0x16f/0x3f0
[   46.609289]        down_write+0x38/0x90
[   46.613242]        ovl_write_iter+0x148/0xc20
[   46.617716]        __vfs_write+0x613/0x8e0
[   46.621929]        __kernel_write+0x110/0x3b0
[   46.626407]        write_pipe_buf+0x15d/0x1f0
[   46.630885]        __splice_from_pipe+0x39a/0x7e0
[   46.635725]        splice_from_pipe+0x108/0x170
[   46.640387]        default_file_splice_write+0x3c/0x90
[   46.645647]        do_splice+0x644/0x1330
[   46.649773]        __x64_sys_splice+0x2c6/0x330
[   46.654449]        do_syscall_64+0x103/0x610
[   46.658863]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   46.664565] 
[   46.664565] other info that might help us debug this:
[   46.664565] 
[   46.672694] Chain exists of:
[   46.672694]   &ovl_i_mutex_key[depth] --> sb_writers#3 --> &pipe->mutex/1
[   46.672694] 
[   46.683966]  Possible unsafe locking scenario:
[   46.683966] 
[   46.690009]        CPU0                    CPU1
[   46.694652]        ----                    ----
[   46.699311]   lock(&pipe->mutex/1);
[   46.702930]                                lock(sb_writers#3);
[   46.708878]                                lock(&pipe->mutex/1);
[   46.714999]   lock(&ovl_i_mutex_key[depth]);
[   46.719384] 
[   46.719384]  *** DEADLOCK ***
[   46.719384] 
[   46.725417] 2 locks held by syz-executor129/7766:
[   46.730239]  #0: 000000006cf9b9ed (sb_writers#8){.+.+}, at: do_splice+0xceb/0x1330
[   46.737940]  #1: 00000000360f871f (&pipe->mutex/1){+.+.}, at: pipe_lock+0x6e/0x80
[   46.745569] 
[   46.745569] stack backtrace:
[   46.750044] CPU: 0 PID: 7766 Comm: syz-executor129 Not tainted 5.0.0-rc5+ #63
[   46.757306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.766634] Call Trace:
[   46.769240]  dump_stack+0x172/0x1f0
[   46.772859]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   46.778214]  __lock_acquire+0x2f00/0x4700
[   46.782341]  ? noop_count+0x40/0x40
[   46.785950]  ? mark_held_locks+0x100/0x100
[   46.790174]  lock_acquire+0x16f/0x3f0
[   46.793956]  ? ovl_write_iter+0x148/0xc20
[   46.798084]  down_write+0x38/0x90
[   46.801515]  ? ovl_write_iter+0x148/0xc20
[   46.805662]  ovl_write_iter+0x148/0xc20
[   46.809636]  ? ovl_compat_ioctl+0x80/0x80
[   46.813768]  ? mark_held_locks+0x100/0x100
[   46.817987]  ? preempt_schedule_common+0x4f/0xe0
[   46.822725]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   46.828265]  ? iov_iter_init+0xea/0x220
[   46.832238]  __vfs_write+0x613/0x8e0
[   46.835932]  ? kernel_read+0x120/0x120
[   46.839803]  ? __lock_is_held+0xb6/0x140
[   46.843862]  ? lock_acquire+0x16f/0x3f0
[   46.847820]  __kernel_write+0x110/0x3b0
[   46.851780]  write_pipe_buf+0x15d/0x1f0
[   46.855738]  ? do_splice_direct+0x2a0/0x2a0
[   46.860039]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   46.865555]  ? splice_from_pipe_next.part.0+0x255/0x2f0
[   46.870900]  __splice_from_pipe+0x39a/0x7e0
[   46.875211]  ? do_splice_direct+0x2a0/0x2a0
[   46.879529]  ? do_splice_direct+0x2a0/0x2a0
[   46.883838]  splice_from_pipe+0x108/0x170
[   46.887981]  ? splice_shrink_spd+0xd0/0xd0
[   46.892198]  ? __lock_is_held+0xb6/0x140
[   46.896240]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[   46.901673]  default_file_splice_write+0x3c/0x90
[   46.906413]  ? generic_splice_sendpage+0x50/0x50
[   46.911165]  do_splice+0x644/0x1330
[   46.914784]  ? iterate_fd+0x360/0x360
[   46.918575]  ? opipe_prep.part.0+0x2d0/0x2d0
[   46.922979]  ? __fget_light+0x1a9/0x230
[   46.926950]  __x64_sys_splice+0x2c6/0x330
[   46.931083]  do_syscall_64+0x103/0x610
[   46.934958]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   46.940127] RIP: 0033:0x445919
[   46.943303] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   46.962184] RSP: 002b:00007f674419fda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   46.969873] RAX: ffffffffffffffda RBX: 00000000006dac88 RCX: 0000000000445919
[   46.977120] RDX: 000000000000000b RSI: 0000000000000000 RDI: 0000000000000009
[   46.984376] RBP: 00000000006dac80 R08: 000100000000ffe0 R09: 0000000000000000
[   46.991636] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac8c
[   46.998885] R13: 00007ffe9f29100f R14: 00007f67441a09c0 R15: 20c49ba5e353f7cf