[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 40.700691][ T26] audit: type=1800 audit(1562164441.666:25): pid=7800 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 40.739109][ T26] audit: type=1800 audit(1562164441.666:26): pid=7800 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 40.770603][ T26] audit: type=1800 audit(1562164441.666:27): pid=7800 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.161' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 49.554455][ T7953] [ 49.556968][ T7953] ====================================================== [ 49.563965][ T7953] WARNING: possible circular locking dependency detected [ 49.570967][ T7953] 5.2.0-rc7+ #13 Not tainted [ 49.575530][ T7953] ------------------------------------------------------ [ 49.582524][ T7953] syz-executor083/7953 is trying to acquire lock: [ 49.588913][ T7953] 000000002d006398 (&rp->fetch_lock){+.+.}, at: mon_bin_vma_fault+0x6d/0x260 [ 49.597668][ T7953] [ 49.597668][ T7953] but task is already holding lock: [ 49.605596][ T7953] 00000000d7d74bbf (&mm->mmap_sem#2){++++}, at: __mm_populate+0x1a9/0x470 [ 49.614099][ T7953] [ 49.614099][ T7953] which lock already depends on the new lock. [ 49.614099][ T7953] [ 49.624877][ T7953] [ 49.624877][ T7953] the existing dependency chain (in reverse order) is: [ 49.634073][ T7953] [ 49.634073][ T7953] -> #1 (&mm->mmap_sem#2){++++}: [ 49.641441][ T7953] __might_fault+0xf5/0x160 [ 49.646451][ T7953] _copy_to_user+0x2c/0xf0 [ 49.651370][ T7953] mon_bin_read+0x1ac/0x7b0 [ 49.656458][ T7953] do_iter_read+0x4b1/0x5b0 [ 49.661456][ T7953] do_preadv+0x200/0x350 [ 49.666196][ T7953] __x64_sys_preadv+0x9e/0xb0 [ 49.671472][ T7953] do_syscall_64+0xfe/0x140 [ 49.676534][ T7953] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.682919][ T7953] [ 49.682919][ T7953] -> #0 (&rp->fetch_lock){+.+.}: [ 49.690005][ T7953] lock_acquire+0x158/0x250 [ 49.695007][ T7953] __mutex_lock_common+0x17c/0x2fc0 [ 49.700706][ T7953] mutex_lock_nested+0x1b/0x30 [ 49.705965][ T7953] mon_bin_vma_fault+0x6d/0x260 [ 49.712008][ T7953] __do_fault+0x154/0x390 [ 49.716843][ T7953] handle_mm_fault+0x37c9/0x6130 [ 49.722299][ T7953] __get_user_pages+0x1096/0x1710 [ 49.727837][ T7953] populate_vma_page_range+0x1fd/0x250 [ 49.733879][ T7953] __mm_populate+0x2ea/0x470 [ 49.738976][ T7953] vm_mmap_pgoff+0x1f0/0x240 [ 49.744061][ T7953] ksys_mmap_pgoff+0x4ed/0x5f0 [ 49.749318][ T7953] __x64_sys_mmap+0x103/0x120 [ 49.754486][ T7953] do_syscall_64+0xfe/0x140 [ 49.759482][ T7953] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.765863][ T7953] [ 49.765863][ T7953] other info that might help us debug this: [ 49.765863][ T7953] [ 49.776064][ T7953] Possible unsafe locking scenario: [ 49.776064][ T7953] [ 49.784171][ T7953] CPU0 CPU1 [ 49.789519][ T7953] ---- ---- [ 49.794855][ T7953] lock(&mm->mmap_sem#2); [ 49.799244][ T7953] lock(&rp->fetch_lock); [ 49.806146][ T7953] lock(&mm->mmap_sem#2); [ 49.813066][ T7953] lock(&rp->fetch_lock); [ 49.817453][ T7953] [ 49.817453][ T7953] *** DEADLOCK *** [ 49.817453][ T7953] [ 49.825572][ T7953] 1 lock held by syz-executor083/7953: [ 49.831187][ T7953] #0: 00000000d7d74bbf (&mm->mmap_sem#2){++++}, at: __mm_populate+0x1a9/0x470 [ 49.840130][ T7953] [ 49.840130][ T7953] stack backtrace: [ 49.846012][ T7953] CPU: 0 PID: 7953 Comm: syz-executor083 Not tainted 5.2.0-rc7+ #13 [ 49.853973][ T7953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.864018][ T7953] Call Trace: [ 49.867287][ T7953] dump_stack+0x1d8/0x2f8 [ 49.871590][ T7953] print_circular_bug+0xd34/0xf20 [ 49.876588][ T7953] ? check_noncircular+0x4d0/0x4d0 [ 49.881687][ T7953] ? stack_trace_save+0x111/0x1e0 [ 49.886700][ T7953] ? stack_trace_snprint+0x150/0x150 [ 49.891963][ T7953] ? graph_lock+0x9a/0x280 [ 49.896368][ T7953] ? find_first_zero_bit+0xd8/0x100 [ 49.901561][ T7953] validate_chain+0x59d0/0x84f0 [ 49.906382][ T7953] ? match_held_lock+0x280/0x280 [ 49.911293][ T7953] ? match_held_lock+0x280/0x280 [ 49.916221][ T7953] ? match_held_lock+0x280/0x280 [ 49.921131][ T7953] ? match_held_lock+0x280/0x280 [ 49.926039][ T7953] ? match_held_lock+0x280/0x280 [ 49.930974][ T7953] ? cpumask_next_and+0x52/0x70 [ 49.935807][ T7953] ? match_held_lock+0x280/0x280 [ 49.940807][ T7953] ? match_held_lock+0x280/0x280 [ 49.945720][ T7953] ? match_held_lock+0x280/0x280 [ 49.950631][ T7953] ? __bfs+0x550/0x550 [ 49.954672][ T7953] ? match_held_lock+0x280/0x280 [ 49.959577][ T7953] ? __bfs+0x550/0x550 [ 49.963617][ T7953] ? __bfs+0x550/0x550 [ 49.967652][ T7953] ? match_held_lock+0x280/0x280 [ 49.972574][ T7953] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 49.977829][ T7953] ? rmqueue_pcplist+0x2ec5/0x3140 [ 49.982929][ T7953] ? __lock_acquire+0xcf7/0x1a40 [ 49.987840][ T7953] ? __bfs+0x550/0x550 [ 49.991882][ T7953] ? trace_lock_acquire+0x190/0x190 [ 49.997067][ T7953] ? __read_once_size_nocheck+0x10/0x10 [ 50.002601][ T7953] ? unwind_next_frame+0x415/0x870 [ 50.007862][ T7953] ? __bfs+0x550/0x550 [ 50.011903][ T7953] ? register_lock_class+0xde/0x1110 [ 50.017171][ T7953] ? is_dynamic_key+0x1c0/0x1c0 [ 50.021994][ T7953] ? __bfs+0x550/0x550 [ 50.026053][ T7953] ? stack_trace_save+0x1e0/0x1e0 [ 50.031050][ T7953] __lock_acquire+0xcf7/0x1a40 [ 50.035787][ T7953] ? trace_lock_acquire+0x190/0x190 [ 50.040975][ T7953] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 50.046237][ T7953] ? _raw_spin_unlock_irqrestore+0x77/0xe0 [ 50.052032][ T7953] ? _raw_spin_unlock_irqrestore+0xbc/0xe0 [ 50.057839][ T7953] ? trace_lock_acquire+0x11c/0x190 [ 50.063026][ T7953] lock_acquire+0x158/0x250 [ 50.067502][ T7953] ? mon_bin_vma_fault+0x6d/0x260 [ 50.072498][ T7953] __mutex_lock_common+0x17c/0x2fc0 [ 50.077665][ T7953] ? mon_bin_vma_fault+0x6d/0x260 [ 50.082664][ T7953] ? trace_mm_page_alloc+0x153/0x1b0 [ 50.087931][ T7953] ? mon_bin_vma_fault+0x6d/0x260 [ 50.092936][ T7953] ? mutex_lock_io_nested+0x60/0x60 [ 50.098205][ T7953] ? rcu_read_lock_sched_held+0x127/0x1c0 [ 50.103899][ T7953] ? memset+0x31/0x40 [ 50.107856][ T7953] ? lockdep_init_map+0x2a/0x680 [ 50.112764][ T7953] mutex_lock_nested+0x1b/0x30 [ 50.117521][ T7953] mon_bin_vma_fault+0x6d/0x260 [ 50.122347][ T7953] __do_fault+0x154/0x390 [ 50.126657][ T7953] ? mem_cgroup_try_charge_delay+0x78/0xa0 [ 50.132453][ T7953] handle_mm_fault+0x37c9/0x6130 [ 50.137377][ T7953] ? finish_fault+0x220/0x220 [ 50.142034][ T7953] __get_user_pages+0x1096/0x1710 [ 50.147429][ T7953] ? populate_vma_page_range+0x250/0x250 [ 50.153048][ T7953] ? mmap_region+0x11ff/0x1d80 [ 50.157787][ T7953] ? trace_lock_acquire+0x11c/0x190 [ 50.162961][ T7953] ? memset+0x31/0x40 [ 50.166917][ T7953] populate_vma_page_range+0x1fd/0x250 [ 50.172355][ T7953] __mm_populate+0x2ea/0x470 [ 50.176919][ T7953] ? __get_user_pages+0x1710/0x1710 [ 50.182087][ T7953] ? kasan_check_write+0x14/0x20 [ 50.187005][ T7953] ? up_write+0xb0/0x1b0 [ 50.191222][ T7953] vm_mmap_pgoff+0x1f0/0x240 [ 50.195784][ T7953] ? vma_is_stack_for_current+0x100/0x100 [ 50.201474][ T7953] ? trace_x86_fpu_regs_activated+0x213/0x250 [ 50.207528][ T7953] ? switch_fpu_return+0x1ca/0x290 [ 50.212617][ T7953] ksys_mmap_pgoff+0x4ed/0x5f0 [ 50.217368][ T7953] ? mmap_region+0x1d80/0x1d80 [ 50.222129][ T7953] ? prepare_exit_to_usermode+0x1e1/0x4f0 [ 50.227833][ T7953] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 50.233282][ T7953] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 50.238975][ T7953] __x64_sys_mmap+0x103/0x120 [ 50.243629][ T7953] do_syscall_64+0xfe/0x140 [ 50.248115][ T7953] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.254001][ T7953] RIP: 0033:0x4497f9 [ 50.257877][ T7953] Code: e8 ec b9 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab d6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 50.277469][ T7953] RSP: 002b:00007f685ff15cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 50.285854][ T7953] RAX: ffffffffffffffda RBX: 00000000006dac38 RCX: 00000000004497f9 [ 50.293823][ T7953] RDX: 0000000000000002 RSI: 0000000000400000 RDI: 0000000020a05000 [ 50.301787][ T7953] RBP: 00000000006dac30 R08: 0000000000000005 R09: 0000000000000000 [ 50.309734][ T7953] R10: 0000000000008012 R11: 0000000000000246 R12: 00000000006dac3c [ 50.317681][ T7953] R13: 00007ffdc9b055ef R14: 00007f685ff169c0 R15: 20c49ba5e353f7cf