[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 60.608264][ T26] audit: type=1800 audit(1562164741.240:25): pid=8701 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 60.634435][ T26] audit: type=1800 audit(1562164741.250:26): pid=8701 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 60.660440][ T26] audit: type=1800 audit(1562164741.250:27): pid=8701 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.28' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 72.779312][ T8856] [ 72.781677][ T8856] ====================================================== [ 72.788690][ T8856] WARNING: possible circular locking dependency detected [ 72.795698][ T8856] 5.2.0-rc7+ #66 Not tainted [ 72.800255][ T8856] ------------------------------------------------------ [ 72.807262][ T8856] syz-executor196/8856 is trying to acquire lock: [ 72.813646][ T8856] 0000000080766857 (&rp->fetch_lock){+.+.}, at: mon_bin_vma_fault+0x73/0x2d0 [ 72.822413][ T8856] [ 72.822413][ T8856] but task is already holding lock: [ 72.829765][ T8856] 0000000098b3092d (&mm->mmap_sem#2){++++}, at: __mm_populate+0x270/0x380 [ 72.838267][ T8856] [ 72.838267][ T8856] which lock already depends on the new lock. [ 72.838267][ T8856] [ 72.848661][ T8856] [ 72.848661][ T8856] the existing dependency chain (in reverse order) is: [ 72.857662][ T8856] [ 72.857662][ T8856] -> #1 (&mm->mmap_sem#2){++++}: [ 72.864770][ T8856] __might_fault+0x15e/0x1e0 [ 72.869857][ T8856] _copy_to_user+0x30/0x120 [ 72.874882][ T8856] mon_bin_read+0x329/0x640 [ 72.879896][ T8856] do_iter_read+0x4a4/0x660 [ 72.884906][ T8856] vfs_readv+0xf0/0x160 [ 72.889556][ T8856] do_preadv+0x1c4/0x280 [ 72.894296][ T8856] __x64_sys_preadv+0x9a/0xf0 [ 72.899496][ T8856] do_syscall_64+0xfd/0x680 [ 72.904507][ T8856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.910890][ T8856] [ 72.910890][ T8856] -> #0 (&rp->fetch_lock){+.+.}: [ 72.918014][ T8856] lock_acquire+0x16f/0x3f0 [ 72.923021][ T8856] __mutex_lock+0xf7/0x1310 [ 72.928021][ T8856] mutex_lock_nested+0x16/0x20 [ 72.933292][ T8856] mon_bin_vma_fault+0x73/0x2d0 [ 72.938650][ T8856] __do_fault+0x111/0x4d0 [ 72.943479][ T8856] __handle_mm_fault+0xf67/0x3eb0 [ 72.949033][ T8856] handle_mm_fault+0x3b7/0xa90 [ 72.954298][ T8856] __get_user_pages+0x7b6/0x1a40 [ 72.959755][ T8856] populate_vma_page_range+0x20d/0x2a0 [ 72.965716][ T8856] __mm_populate+0x204/0x380 [ 72.970817][ T8856] vm_mmap_pgoff+0x213/0x230 [ 72.975991][ T8856] ksys_mmap_pgoff+0x4aa/0x630 [ 72.981253][ T8856] __x64_sys_mmap+0xe9/0x1b0 [ 72.986356][ T8856] do_syscall_64+0xfd/0x680 [ 72.991357][ T8856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.997744][ T8856] [ 72.997744][ T8856] other info that might help us debug this: [ 72.997744][ T8856] [ 73.007971][ T8856] Possible unsafe locking scenario: [ 73.007971][ T8856] [ 73.015455][ T8856] CPU0 CPU1 [ 73.020818][ T8856] ---- ---- [ 73.026199][ T8856] lock(&mm->mmap_sem#2); [ 73.030613][ T8856] lock(&rp->fetch_lock); [ 73.037525][ T8856] lock(&mm->mmap_sem#2); [ 73.044439][ T8856] lock(&rp->fetch_lock); [ 73.048831][ T8856] [ 73.048831][ T8856] *** DEADLOCK *** [ 73.048831][ T8856] [ 73.056962][ T8856] 1 lock held by syz-executor196/8856: [ 73.062423][ T8856] #0: 0000000098b3092d (&mm->mmap_sem#2){++++}, at: __mm_populate+0x270/0x380 [ 73.071371][ T8856] [ 73.071371][ T8856] stack backtrace: [ 73.077248][ T8856] CPU: 0 PID: 8856 Comm: syz-executor196 Not tainted 5.2.0-rc7+ #66 [ 73.085202][ T8856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.095240][ T8856] Call Trace: [ 73.098517][ T8856] dump_stack+0x172/0x1f0 [ 73.102830][ T8856] print_circular_bug.cold+0x1cc/0x28f [ 73.108300][ T8856] __lock_acquire+0x3755/0x5490 [ 73.113129][ T8856] ? lockdep_hardirqs_on+0x418/0x5d0 [ 73.118405][ T8856] ? mark_held_locks+0xf0/0xf0 [ 73.123147][ T8856] ? save_stack+0x5c/0x90 [ 73.127456][ T8856] ? save_stack+0x23/0x90 [ 73.131766][ T8856] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 73.137551][ T8856] ? kasan_slab_alloc+0xf/0x20 [ 73.142292][ T8856] ? kmem_cache_alloc+0x11a/0x6f0 [ 73.147299][ T8856] ? pte_alloc_one+0x6d/0x1a0 [ 73.151950][ T8856] ? __handle_mm_fault+0xf67/0x3eb0 [ 73.157133][ T8856] lock_acquire+0x16f/0x3f0 [ 73.161622][ T8856] ? mon_bin_vma_fault+0x73/0x2d0 [ 73.166645][ T8856] ? mon_bin_vma_fault+0x73/0x2d0 [ 73.171650][ T8856] __mutex_lock+0xf7/0x1310 [ 73.176150][ T8856] ? mon_bin_vma_fault+0x73/0x2d0 [ 73.181195][ T8856] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 73.186831][ T8856] ? mon_bin_vma_fault+0x73/0x2d0 [ 73.191840][ T8856] ? mutex_trylock+0x1e0/0x1e0 [ 73.196592][ T8856] ? ptlock_alloc+0x20/0x70 [ 73.201082][ T8856] ? rcu_read_lock_sched_held+0x110/0x130 [ 73.206792][ T8856] ? kmem_cache_alloc+0x32b/0x6f0 [ 73.211796][ T8856] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 73.218035][ T8856] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 73.224258][ T8856] mutex_lock_nested+0x16/0x20 [ 73.229001][ T8856] ? mutex_lock_nested+0x16/0x20 [ 73.233934][ T8856] mon_bin_vma_fault+0x73/0x2d0 [ 73.238787][ T8856] __do_fault+0x111/0x4d0 [ 73.243095][ T8856] ? mem_cgroup_try_charge_delay+0x6c/0xa0 [ 73.248896][ T8856] __handle_mm_fault+0xf67/0x3eb0 [ 73.253902][ T8856] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 73.259428][ T8856] ? find_held_lock+0x35/0x130 [ 73.264201][ T8856] ? handle_mm_fault+0x292/0xa90 [ 73.269122][ T8856] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 73.275341][ T8856] ? kasan_check_read+0x11/0x20 [ 73.280177][ T8856] handle_mm_fault+0x3b7/0xa90 [ 73.285938][ T8856] __get_user_pages+0x7b6/0x1a40 [ 73.290864][ T8856] ? follow_page_mask+0x19a0/0x19a0 [ 73.296039][ T8856] ? vma_set_page_prot+0x18c/0x240 [ 73.301129][ T8856] ? memset+0x32/0x40 [ 73.305096][ T8856] populate_vma_page_range+0x20d/0x2a0 [ 73.310535][ T8856] __mm_populate+0x204/0x380 [ 73.315123][ T8856] ? populate_vma_page_range+0x2a0/0x2a0 [ 73.321014][ T8856] ? kasan_check_write+0x14/0x20 [ 73.325940][ T8856] vm_mmap_pgoff+0x213/0x230 [ 73.330528][ T8856] ? vma_is_stack_for_current+0xd0/0xd0 [ 73.336083][ T8856] ? ksys_dup3+0x3e0/0x3e0 [ 73.340496][ T8856] ksys_mmap_pgoff+0x4aa/0x630 [ 73.345241][ T8856] ? find_mergeable_anon_vma+0x2e0/0x2e0 [ 73.350849][ T8856] ? rcu_read_lock_sched_held+0x110/0x130 [ 73.356546][ T8856] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 73.361999][ T8856] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 73.367448][ T8856] ? do_syscall_64+0x26/0x680 [ 73.372101][ T8856] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 73.378142][ T8856] __x64_sys_mmap+0xe9/0x1b0 [ 73.382712][ T8856] do_syscall_64+0xfd/0x680 [ 73.387206][ T8856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 73.393073][ T8856] RIP: 0033:0x4497f9 [ 73.396956][ T8856] Code: e8 ec b9 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab d6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 73.416558][ T8856] RSP: 002b:00007fa5d3d12cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 73.424962][ T8856] RAX: ffffffffffffffda RBX: 00000000006dac38 RCX: 00000000004497f9 [ 73.432929][ T8856] RDX: 0000000000000002 RSI: 0000000000400000 RDI: 0000000020a05000 [ 73.440877][ T8856] RBP: 00000000006dac30 R08: 0000000000000005 R09: 0000000000000000 [ 73.448837][ T8856] R10: 0000000000008012 R11: 0000000000000246 R12: 00000000006dac3c [ 73.456789][ T8856] R13: 00007fffe0d6dedf R14: 00007fa5d3d139c0 R15: 20c49ba5e353f7cf