[ 38.244261][ T26] audit: type=1800 audit(1552357594.579:25): pid=7763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 38.266393][ T26] audit: type=1800 audit(1552357594.579:26): pid=7763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 38.296651][ T26] audit: type=1800 audit(1552357594.579:27): pid=7763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 38.326620][ T26] audit: type=1800 audit(1552357594.579:28): pid=7763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.161' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 64.240630][ T7918] [ 64.243030][ T7918] ====================================================== [ 64.250028][ T7918] WARNING: possible circular locking dependency detected [ 64.257033][ T7918] 5.0.0-next-20190306 #4 Not tainted [ 64.262310][ T7918] ------------------------------------------------------ [ 64.269323][ T7918] syz-executor629/7918 is trying to acquire lock: [ 64.275717][ T7918] 000000002417d4ab (&rp->fetch_lock){+.+.}, at: mon_bin_vma_fault+0x73/0x2d0 [ 64.284485][ T7918] [ 64.284485][ T7918] but task is already holding lock: [ 64.291843][ T7918] 00000000d5099c6a (&mm->mmap_sem){++++}, at: __mm_populate+0x270/0x380 [ 64.300162][ T7918] [ 64.300162][ T7918] which lock already depends on the new lock. [ 64.300162][ T7918] [ 64.310565][ T7918] [ 64.310565][ T7918] the existing dependency chain (in reverse order) is: [ 64.319593][ T7918] [ 64.319593][ T7918] -> #1 (&mm->mmap_sem){++++}: [ 64.326530][ T7918] lock_acquire+0x16f/0x3f0 [ 64.331558][ T7918] __might_fault+0x15e/0x1e0 [ 64.336666][ T7918] _copy_to_user+0x30/0x120 [ 64.341674][ T7918] mon_bin_read+0x329/0x640 [ 64.346704][ T7918] do_iter_read+0x4a9/0x660 [ 64.351734][ T7918] vfs_readv+0xf0/0x160 [ 64.356396][ T7918] do_preadv+0x1c4/0x280 [ 64.361148][ T7918] __x64_sys_preadv+0x9a/0xf0 [ 64.366349][ T7918] do_syscall_64+0x103/0x610 [ 64.371535][ T7918] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.378281][ T7918] [ 64.378281][ T7918] -> #0 (&rp->fetch_lock){+.+.}: [ 64.385396][ T7918] __lock_acquire+0x239c/0x3fb0 [ 64.390860][ T7918] lock_acquire+0x16f/0x3f0 [ 64.395890][ T7918] __mutex_lock+0xf7/0x1310 [ 64.400905][ T7918] mutex_lock_nested+0x16/0x20 [ 64.406195][ T7918] mon_bin_vma_fault+0x73/0x2d0 [ 64.411574][ T7918] __do_fault+0x116/0x4e0 [ 64.416412][ T7918] __handle_mm_fault+0xf6c/0x3ec0 [ 64.421968][ T7918] handle_mm_fault+0x43f/0xb30 [ 64.427263][ T7918] __get_user_pages+0x7b6/0x1a40 [ 64.432722][ T7918] populate_vma_page_range+0x20d/0x2a0 [ 64.438713][ T7918] __mm_populate+0x204/0x380 [ 64.443817][ T7918] vm_mmap_pgoff+0x213/0x230 [ 64.448917][ T7918] ksys_mmap_pgoff+0x4aa/0x630 [ 64.454211][ T7918] __x64_sys_mmap+0xe9/0x1b0 [ 64.459311][ T7918] do_syscall_64+0x103/0x610 [ 64.464409][ T7918] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.470801][ T7918] [ 64.470801][ T7918] other info that might help us debug this: [ 64.470801][ T7918] [ 64.481124][ T7918] Possible unsafe locking scenario: [ 64.481124][ T7918] [ 64.488583][ T7918] CPU0 CPU1 [ 64.493933][ T7918] ---- ---- [ 64.499300][ T7918] lock(&mm->mmap_sem); [ 64.503523][ T7918] lock(&rp->fetch_lock); [ 64.510847][ T7918] lock(&mm->mmap_sem); [ 64.517584][ T7918] lock(&rp->fetch_lock); [ 64.522004][ T7918] [ 64.522004][ T7918] *** DEADLOCK *** [ 64.522004][ T7918] [ 64.530147][ T7918] 1 lock held by syz-executor629/7918: [ 64.535604][ T7918] #0: 00000000d5099c6a (&mm->mmap_sem){++++}, at: __mm_populate+0x270/0x380 [ 64.544359][ T7918] [ 64.544359][ T7918] stack backtrace: [ 64.550242][ T7918] CPU: 1 PID: 7918 Comm: syz-executor629 Not tainted 5.0.0-next-20190306 #4 [ 64.558914][ T7918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.568981][ T7918] Call Trace: [ 64.572294][ T7918] dump_stack+0x172/0x1f0 [ 64.576648][ T7918] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 64.582718][ T7918] check_prev_add.constprop.0+0xf11/0x23c0 [ 64.588541][ T7918] ? check_usage+0x570/0x570 [ 64.593149][ T7918] ? depot_save_stack+0x1de/0x460 [ 64.598363][ T7918] ? graph_lock+0x7b/0x200 [ 64.602769][ T7918] ? __lockdep_reset_lock+0x450/0x450 [ 64.608153][ T7918] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 64.614391][ T7918] __lock_acquire+0x239c/0x3fb0 [ 64.619253][ T7918] ? depot_save_stack+0x1de/0x460 [ 64.624293][ T7918] ? mark_held_locks+0xf0/0xf0 [ 64.629078][ T7918] ? __do_fault+0x2b9/0x4e0 [ 64.633586][ T7918] lock_acquire+0x16f/0x3f0 [ 64.638095][ T7918] ? mon_bin_vma_fault+0x73/0x2d0 [ 64.643117][ T7918] ? mon_bin_vma_fault+0x73/0x2d0 [ 64.648139][ T7918] __mutex_lock+0xf7/0x1310 [ 64.652654][ T7918] ? mon_bin_vma_fault+0x73/0x2d0 [ 64.657678][ T7918] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 64.663307][ T7918] ? mon_bin_vma_fault+0x73/0x2d0 [ 64.668356][ T7918] ? mutex_trylock+0x1e0/0x1e0 [ 64.673122][ T7918] ? ptlock_alloc+0x20/0x70 [ 64.677624][ T7918] ? rcu_read_lock_sched_held+0x110/0x130 [ 64.683347][ T7918] ? kmem_cache_alloc+0x32e/0x6f0 [ 64.688358][ T7918] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.694589][ T7918] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 64.700842][ T7918] mutex_lock_nested+0x16/0x20 [ 64.705595][ T7918] ? mutex_lock_nested+0x16/0x20 [ 64.710553][ T7918] mon_bin_vma_fault+0x73/0x2d0 [ 64.715401][ T7918] __do_fault+0x116/0x4e0 [ 64.719764][ T7918] ? mem_cgroup_try_charge_delay+0x6c/0xa0 [ 64.725569][ T7918] __handle_mm_fault+0xf6c/0x3ec0 [ 64.730620][ T7918] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 64.736178][ T7918] ? find_held_lock+0x35/0x130 [ 64.740933][ T7918] ? handle_mm_fault+0x322/0xb30 [ 64.745874][ T7918] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.752106][ T7918] ? kasan_check_read+0x11/0x20 [ 64.756942][ T7918] handle_mm_fault+0x43f/0xb30 [ 64.761714][ T7918] __get_user_pages+0x7b6/0x1a40 [ 64.766656][ T7918] ? follow_page_mask+0x19a0/0x19a0 [ 64.771846][ T7918] ? vma_set_page_prot+0x18c/0x240 [ 64.777398][ T7918] ? memset+0x32/0x40 [ 64.781410][ T7918] populate_vma_page_range+0x20d/0x2a0 [ 64.786868][ T7918] __mm_populate+0x204/0x380 [ 64.791455][ T7918] ? populate_vma_page_range+0x2a0/0x2a0 [ 64.797079][ T7918] vm_mmap_pgoff+0x213/0x230 [ 64.801664][ T7918] ? vma_is_stack_for_current+0xd0/0xd0 [ 64.807205][ T7918] ? ksys_dup3+0x3e0/0x3e0 [ 64.811617][ T7918] ksys_mmap_pgoff+0x4aa/0x630 [ 64.816378][ T7918] ? find_mergeable_anon_vma+0x2e0/0x2e0 [ 64.822009][ T7918] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 64.827465][ T7918] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 64.832942][ T7918] ? do_syscall_64+0x26/0x610 [ 64.837654][ T7918] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.843711][ T7918] __x64_sys_mmap+0xe9/0x1b0 [ 64.848289][ T7918] do_syscall_64+0x103/0x610 [ 64.852872][ T7918] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.858763][ T7918] RIP: 0033:0x449669 [ 64.862646][ T7918] Code: e8 9c b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab d6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.882254][ T7918] RSP: 002b:00007f46d5104cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 64.890846][ T7918] RAX: ffffffffffffffda RBX: 00000000006dac38 RCX: 0000000000449669 [ 64.898803][ T7918] RDX: 0000000000000013 RSI: 0000000000400000 RDI: 0000000020a05000 [ 64.906763][ T7918] RBP: 00000000006dac30 R08: 0000000000000005 R09: 0000000000000000 [ 64.914725][ T7918] R10: 0000000000008012 R11: 0000000000000246 R12: 00000000006dac3c [ 64.922685][ T7918] R13: 00007fffbe74f71f R14: 00007f46d51059c0 R15: 20c49ba5e353f7cf