[ 34.767820][ T26] audit: type=1800 audit(1552230875.678:27): pid=7391 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 34.788967][ T26] audit: type=1800 audit(1552230875.678:28): pid=7391 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 35.399249][ T26] audit: type=1800 audit(1552230876.358:29): pid=7391 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 35.419666][ T26] audit: type=1800 audit(1552230876.358:30): pid=7391 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.65' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 45.844329][ T7546] [ 45.846773][ T7546] ====================================================== [ 45.853869][ T7546] WARNING: possible circular locking dependency detected [ 45.860878][ T7546] 5.0.0+ #15 Not tainted [ 45.865094][ T7546] ------------------------------------------------------ [ 45.872099][ T7546] syz-executor618/7546 is trying to acquire lock: [ 45.878494][ T7546] 0000000045f218a9 (&rp->fetch_lock){+.+.}, at: mon_bin_vma_fault+0x73/0x2d0 [ 45.887809][ T7546] [ 45.887809][ T7546] but task is already holding lock: [ 45.895159][ T7546] 00000000e52354c2 (&mm->mmap_sem){++++}, at: __mm_populate+0x270/0x380 [ 45.903486][ T7546] [ 45.903486][ T7546] which lock already depends on the new lock. [ 45.903486][ T7546] [ 45.913862][ T7546] [ 45.913862][ T7546] the existing dependency chain (in reverse order) is: [ 45.922859][ T7546] [ 45.922859][ T7546] -> #1 (&mm->mmap_sem){++++}: [ 45.929793][ T7546] lock_acquire+0x16f/0x3f0 [ 45.934792][ T7546] __might_fault+0x15e/0x1e0 [ 45.939928][ T7546] _copy_to_user+0x30/0x120 [ 45.944953][ T7546] mon_bin_read+0x329/0x640 [ 45.949960][ T7546] do_iter_read+0x4a9/0x660 [ 45.954958][ T7546] compat_readv+0x18e/0x200 [ 45.959956][ T7546] do_compat_preadv64+0x190/0x1c0 [ 45.965475][ T7546] __ia32_compat_sys_preadv+0xc7/0x140 [ 45.971428][ T7546] do_fast_syscall_32+0x281/0xc98 [ 45.976968][ T7546] entry_SYSENTER_compat+0x70/0x7f [ 45.982569][ T7546] [ 45.982569][ T7546] -> #0 (&rp->fetch_lock){+.+.}: [ 45.989664][ T7546] __lock_acquire+0x239c/0x3fb0 [ 45.995009][ T7546] lock_acquire+0x16f/0x3f0 [ 46.000008][ T7546] __mutex_lock+0xf7/0x1310 [ 46.005004][ T7546] mutex_lock_nested+0x16/0x20 [ 46.010260][ T7546] mon_bin_vma_fault+0x73/0x2d0 [ 46.015828][ T7546] __do_fault+0x116/0x4e0 [ 46.020655][ T7546] __handle_mm_fault+0xf6c/0x3ec0 [ 46.026173][ T7546] handle_mm_fault+0x43f/0xb30 [ 46.031430][ T7546] __get_user_pages+0x7b6/0x1a40 [ 46.036881][ T7546] populate_vma_page_range+0x20d/0x2a0 [ 46.042837][ T7546] __mm_populate+0x204/0x380 [ 46.047923][ T7546] vm_mmap_pgoff+0x213/0x230 [ 46.053012][ T7546] ksys_mmap_pgoff+0x4aa/0x630 [ 46.058290][ T7546] __ia32_sys_mmap_pgoff+0xdd/0x1a0 [ 46.063997][ T7546] do_fast_syscall_32+0x281/0xc98 [ 46.069517][ T7546] entry_SYSENTER_compat+0x70/0x7f [ 46.075117][ T7546] [ 46.075117][ T7546] other info that might help us debug this: [ 46.075117][ T7546] [ 46.085315][ T7546] Possible unsafe locking scenario: [ 46.085315][ T7546] [ 46.092737][ T7546] CPU0 CPU1 [ 46.098072][ T7546] ---- ---- [ 46.103407][ T7546] lock(&mm->mmap_sem); [ 46.107622][ T7546] lock(&rp->fetch_lock); [ 46.114527][ T7546] lock(&mm->mmap_sem); [ 46.121885][ T7546] lock(&rp->fetch_lock); [ 46.126275][ T7546] [ 46.126275][ T7546] *** DEADLOCK *** [ 46.126275][ T7546] [ 46.134404][ T7546] 1 lock held by syz-executor618/7546: [ 46.139841][ T7546] #0: 00000000e52354c2 (&mm->mmap_sem){++++}, at: __mm_populate+0x270/0x380 [ 46.148622][ T7546] [ 46.148622][ T7546] stack backtrace: [ 46.154504][ T7546] CPU: 0 PID: 7546 Comm: syz-executor618 Not tainted 5.0.0+ #15 [ 46.162103][ T7546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.172145][ T7546] Call Trace: [ 46.175438][ T7546] dump_stack+0x172/0x1f0 [ 46.179752][ T7546] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 46.185801][ T7546] check_prev_add.constprop.0+0xf11/0x23c0 [ 46.191588][ T7546] ? check_usage+0x570/0x570 [ 46.196159][ T7546] ? depot_save_stack+0x1de/0x460 [ 46.201155][ T7546] ? graph_lock+0x7b/0x200 [ 46.206440][ T7546] ? __lockdep_reset_lock+0x450/0x450 [ 46.211789][ T7546] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 46.218003][ T7546] __lock_acquire+0x239c/0x3fb0 [ 46.222828][ T7546] ? depot_save_stack+0x1de/0x460 [ 46.227829][ T7546] ? mark_held_locks+0xf0/0xf0 [ 46.232567][ T7546] ? __do_fault+0x2b9/0x4e0 [ 46.237054][ T7546] lock_acquire+0x16f/0x3f0 [ 46.241543][ T7546] ? mon_bin_vma_fault+0x73/0x2d0 [ 46.246551][ T7546] ? mon_bin_vma_fault+0x73/0x2d0 [ 46.251564][ T7546] __mutex_lock+0xf7/0x1310 [ 46.256051][ T7546] ? mon_bin_vma_fault+0x73/0x2d0 [ 46.261050][ T7546] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 46.266665][ T7546] ? mon_bin_vma_fault+0x73/0x2d0 [ 46.271668][ T7546] ? mutex_trylock+0x1e0/0x1e0 [ 46.276404][ T7546] ? ptlock_alloc+0x20/0x70 [ 46.280880][ T7546] ? rcu_read_lock_sched_held+0x110/0x130 [ 46.286571][ T7546] ? kmem_cache_alloc+0x32e/0x6f0 [ 46.291584][ T7546] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.297810][ T7546] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 46.304031][ T7546] mutex_lock_nested+0x16/0x20 [ 46.308785][ T7546] ? mutex_lock_nested+0x16/0x20 [ 46.313711][ T7546] mon_bin_vma_fault+0x73/0x2d0 [ 46.318550][ T7546] __do_fault+0x116/0x4e0 [ 46.322853][ T7546] ? mem_cgroup_try_charge_delay+0x6c/0xa0 [ 46.328636][ T7546] __handle_mm_fault+0xf6c/0x3ec0 [ 46.333636][ T7546] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 46.339156][ T7546] ? find_held_lock+0x35/0x130 [ 46.343912][ T7546] ? handle_mm_fault+0x322/0xb30 [ 46.348824][ T7546] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.355038][ T7546] ? kasan_check_read+0x11/0x20 [ 46.359869][ T7546] handle_mm_fault+0x43f/0xb30 [ 46.364616][ T7546] __get_user_pages+0x7b6/0x1a40 [ 46.369530][ T7546] ? follow_page_mask+0x19a0/0x19a0 [ 46.374711][ T7546] ? vma_set_page_prot+0x18c/0x240 [ 46.379798][ T7546] ? memset+0x32/0x40 [ 46.383757][ T7546] populate_vma_page_range+0x20d/0x2a0 [ 46.389207][ T7546] __mm_populate+0x204/0x380 [ 46.393790][ T7546] ? populate_vma_page_range+0x2a0/0x2a0 [ 46.399406][ T7546] vm_mmap_pgoff+0x213/0x230 [ 46.403988][ T7546] ? vma_is_stack_for_current+0xd0/0xd0 [ 46.409540][ T7546] ? ksys_dup3+0x3e0/0x3e0 [ 46.413948][ T7546] ksys_mmap_pgoff+0x4aa/0x630 [ 46.419039][ T7546] ? find_mergeable_anon_vma+0x2e0/0x2e0 [ 46.424664][ T7546] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 46.430099][ T7546] ? do_fast_syscall_32+0xd1/0xc98 [ 46.435192][ T7546] ? entry_SYSENTER_compat+0x70/0x7f [ 46.440461][ T7546] __ia32_sys_mmap_pgoff+0xdd/0x1a0 [ 46.445638][ T7546] do_fast_syscall_32+0x281/0xc98 [ 46.450655][ T7546] entry_SYSENTER_compat+0x70/0x7f [ 46.455755][ T7546] RIP: 0023:0xf7f45869 [ 46.459803][ T7546] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 46.479510][ T7546] RSP: 002b:00000000f7f2011c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0 [ 46.487917][ T7546] RAX: ffffffffffffffda RBX: 0000000020a05000 RCX: 0000000000400000 [ 46.495867][ T7546] RDX: 0000000000000013 RSI: 0000000000008012 RDI: 0000000000000005 [ 46.503823][ T7546] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 46.511779][ T7546] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 46.519741][ T7546] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000