[....] Starting enhanced syslogd: rsyslogd[ 13.837740] audit: type=1400 audit(1513126466.475:5): avc: denied { syslog } for pid=3001 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.030905] audit: type=1400 audit(1513126471.668:6): avc: denied { map } for pid=3141 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-kasan-gce-386-2,10.128.0.8' (ECDSA) to the list of known hosts. [ 39.506272] audit: type=1400 audit(1513126492.143:7): avc: denied { map } for pid=3158 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2017/12/13 00:54:52 parsed 1 programs 2017/12/13 00:54:52 executed programs: 0 [ 39.977894] audit: type=1400 audit(1513126492.615:8): avc: denied { map } for pid=3158 comm="syz-execprog" path="/root/syzkaller-shm541408610" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 40.173455] [ 40.175116] ====================================================== [ 40.181398] WARNING: possible circular locking dependency detected [ 40.187681] 4.15.0-rc3+ #128 Not tainted [ 40.191704] ------------------------------------------------------ [ 40.197986] syz-executor0/3172 is trying to acquire lock: [ 40.203486] (event_mutex){+.+.}, at: [<00000000b65de128>] perf_trace_destroy+0x28/0x100 [ 40.211693] [ 40.211693] but task is already holding lock: [ 40.217629] (&mm->mmap_sem){++++}, at: [<000000006c0d3e29>] vm_mmap_pgoff+0x198/0x280 [ 40.225651] [ 40.225651] which lock already depends on the new lock. [ 40.225651] [ 40.234017] [ 40.234017] the existing dependency chain (in reverse order) is: [ 40.241599] [ 40.241599] -> #7 (&mm->mmap_sem){++++}: [ 40.247110] lock_acquire+0x1d5/0x580 [ 40.251394] __might_fault+0x13a/0x1d0 [ 40.255770] _copy_to_user+0x2c/0xc0 [ 40.259985] filldir+0x1a7/0x320 [ 40.263844] dcache_readdir+0x12d/0x5e0 [ 40.268301] iterate_dir+0x1ca/0x540 [ 40.272497] SyS_getdents+0x225/0x450 [ 40.276782] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 40.282022] [ 40.282022] -> #6 (&sb->s_type->i_mutex_key#5){++++}: [ 40.288663] dput.part.23+0x492/0x830 [ 40.292945] dput+0x1f/0x30 [ 40.296376] done_path_create+0xad/0x110 [ 40.300923] handle_create+0x196/0x760 [ 40.305294] devtmpfsd+0x3b4/0x4b0 [ 40.309315] [ 40.309315] -> #5 ((completion)&req.done){+.+.}: [ 40.315518] lock_acquire+0x1d5/0x580 [ 40.319805] wait_for_completion+0xcb/0x7b0 [ 40.324615] devtmpfs_create_node+0x32b/0x4a0 [ 40.329604] device_add+0x120f/0x1640 [ 40.333887] device_create_groups_vargs+0x1f3/0x250 [ 40.339393] device_create+0xda/0x110 [ 40.343681] msr_device_create+0x26/0x40 [ 40.348229] cpuhp_invoke_callback+0x2ea/0x1d20 [ 40.353381] cpuhp_thread_fun+0x48e/0x7e0 [ 40.358014] smpboot_thread_fn+0x450/0x7c0 [ 40.362731] kthread+0x37a/0x440 [ 40.366585] ret_from_fork+0x24/0x30 [ 40.370784] [ 40.370784] -> #4 (cpuhp_state-up){+.+.}: [ 40.376381] lock_acquire+0x1d5/0x580 [ 40.380666] cpuhp_issue_call+0x1e5/0x520 [ 40.385298] __cpuhp_setup_state_cpuslocked+0x282/0x600 [ 40.391146] __cpuhp_setup_state+0xb0/0x140 [ 40.395953] page_writeback_init+0x4d/0x71 [ 40.400673] pagecache_init+0x48/0x4f [ 40.404959] start_kernel+0x6bc/0x74f [ 40.409243] x86_64_start_reservations+0x2a/0x2c [ 40.414483] x86_64_start_kernel+0x77/0x7a [ 40.419214] secondary_startup_64+0xa5/0xb0 [ 40.424016] [ 40.424016] -> #3 (cpuhp_state_mutex){+.+.}: [ 40.429868] lock_acquire+0x1d5/0x580 [ 40.434156] __mutex_lock+0x16f/0x1a80 [ 40.438527] mutex_lock_nested+0x16/0x20 [ 40.443072] __cpuhp_setup_state_cpuslocked+0x5b/0x600 [ 40.448831] __cpuhp_setup_state+0xb0/0x140 [ 40.453636] kvm_guest_init+0x1f3/0x20f [ 40.458095] setup_arch+0x17e8/0x1a02 [ 40.462379] start_kernel+0xa5/0x74f [ 40.466577] x86_64_start_reservations+0x2a/0x2c [ 40.471816] x86_64_start_kernel+0x77/0x7a [ 40.476537] secondary_startup_64+0xa5/0xb0 [ 40.481340] [ 40.481340] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 40.487715] lock_acquire+0x1d5/0x580 [ 40.491998] cpus_read_lock+0x42/0x90 [ 40.496282] static_key_slow_inc+0x9d/0x3c0 [ 40.501089] tracepoint_probe_register_prio+0x80d/0x9a0 [ 40.506934] tracepoint_probe_register+0x2a/0x40 [ 40.512175] trace_event_reg+0x167/0x320 [ 40.516720] perf_trace_init+0x4ef/0xab0 [ 40.521265] perf_tp_event_init+0x7d/0xf0 [ 40.525894] perf_try_init_event+0xc9/0x1f0 [ 40.530701] perf_event_alloc+0x1cc6/0x2b00 [ 40.535506] SYSC_perf_event_open+0x842/0x2f10 [ 40.540570] SyS_perf_event_open+0x39/0x50 [ 40.545293] do_fast_syscall_32+0x3ee/0xf9d [ 40.550097] entry_SYSENTER_compat+0x51/0x60 [ 40.554987] [ 40.554987] -> #1 (tracepoints_mutex){+.+.}: [ 40.560864] lock_acquire+0x1d5/0x580 [ 40.565162] __mutex_lock+0x16f/0x1a80 [ 40.569534] mutex_lock_nested+0x16/0x20 [ 40.574082] tracepoint_probe_register_prio+0xa0/0x9a0 [ 40.579842] tracepoint_probe_register+0x2a/0x40 [ 40.585094] trace_event_reg+0x167/0x320 [ 40.589645] perf_trace_init+0x4ef/0xab0 [ 40.594197] perf_tp_event_init+0x7d/0xf0 [ 40.598838] perf_try_init_event+0xc9/0x1f0 [ 40.603643] perf_event_alloc+0x1cc6/0x2b00 [ 40.608448] SYSC_perf_event_open+0x842/0x2f10 [ 40.613512] SyS_perf_event_open+0x39/0x50 [ 40.618234] do_fast_syscall_32+0x3ee/0xf9d [ 40.623040] entry_SYSENTER_compat+0x51/0x60 [ 40.627930] [ 40.627930] -> #0 (event_mutex){+.+.}: [ 40.633265] __lock_acquire+0x3498/0x47f0 [ 40.637902] lock_acquire+0x1d5/0x580 [ 40.642188] __mutex_lock+0x16f/0x1a80 [ 40.646559] mutex_lock_nested+0x16/0x20 [ 40.651101] perf_trace_destroy+0x28/0x100 [ 40.655817] tp_perf_event_destroy+0x15/0x20 [ 40.660707] _free_event+0x3bd/0x10f0 [ 40.664990] put_event+0x24/0x30 [ 40.668840] perf_mmap_close+0x60d/0x1010 [ 40.673484] remove_vma+0xb4/0x1b0 [ 40.677507] do_munmap+0x82a/0xdf0 [ 40.681530] mmap_region+0x59e/0x15a0 [ 40.685814] do_mmap+0x6c6/0xe10 [ 40.689664] vm_mmap_pgoff+0x1de/0x280 [ 40.694033] SyS_mmap_pgoff+0x23b/0x5f0 [ 40.698489] do_fast_syscall_32+0x3ee/0xf9d [ 40.703292] entry_SYSENTER_compat+0x51/0x60 [ 40.708180] [ 40.708180] other info that might help us debug this: [ 40.708180] [ 40.716283] Chain exists of: [ 40.716283] event_mutex --> &sb->s_type->i_mutex_key#5 --> &mm->mmap_sem [ 40.716283] [ 40.727610] Possible unsafe locking scenario: [ 40.727610] [ 40.733630] CPU0 CPU1 [ 40.738259] ---- ---- [ 40.742988] lock(&mm->mmap_sem); [ 40.746495] lock(&sb->s_type->i_mutex_key#5); [ 40.753644] lock(&mm->mmap_sem); [ 40.759665] lock(event_mutex); [ 40.762994] [ 40.762994] *** DEADLOCK *** [ 40.762994] [ 40.769018] 1 lock held by syz-executor0/3172: [ 40.773560] #0: (&mm->mmap_sem){++++}, at: [<000000006c0d3e29>] vm_mmap_pgoff+0x198/0x280 [ 40.782026] [ 40.782026] stack backtrace: [ 40.786487] CPU: 1 PID: 3172 Comm: syz-executor0 Not tainted 4.15.0-rc3+ #128 [ 40.793722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.803037] Call Trace: [ 40.805591] dump_stack+0x194/0x257 [ 40.809179] ? arch_local_irq_restore+0x53/0x53 [ 40.813818] print_circular_bug+0x42d/0x610 [ 40.818112] ? save_stack_trace+0x1a/0x20 [ 40.822231] check_prev_add+0x666/0x15f0 [ 40.826257] ? __save_stack_trace+0x61/0xd0 [ 40.830541] ? copy_trace+0x150/0x150 [ 40.834304] ? check_usage+0xb60/0xb60 [ 40.838152] ? save_stack_trace+0x1a/0x20 [ 40.842265] ? __lock_acquire+0x324e/0x47f0 [ 40.846552] ? __read_once_size_nocheck.constprop.8+0x10/0x10 [ 40.852401] __lock_acquire+0x3498/0x47f0 [ 40.856515] ? __lock_acquire+0x3498/0x47f0 [ 40.860812] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 40.865968] ? do_munmap+0x82a/0xdf0 [ 40.869648] ? __unwind_start+0x169/0x330 [ 40.873763] ? __kernel_text_address+0xd/0x40 [ 40.878222] ? unwind_next_frame.part.6+0x1a6/0xb40 [ 40.883209] ? unwind_next_frame.part.6+0x1a6/0xb40 [ 40.888191] ? unwind_dump+0x4d0/0x4d0 [ 40.892905] ? check_noncircular+0x20/0x20 [ 40.897104] ? unwind_dump+0x4d0/0x4d0 [ 40.900954] ? __read_once_size_nocheck.constprop.8+0x10/0x10 [ 40.906800] ? do_mmap+0x6c6/0xe10 [ 40.910303] ? __unwind_start+0x169/0x330 [ 40.914413] ? check_noncircular+0x20/0x20 [ 40.918613] ? unwind_get_return_address+0x61/0xa0 [ 40.923505] ? perf_event_detach_bpf_prog+0x92/0x3d0 [ 40.928577] lock_acquire+0x1d5/0x580 [ 40.932341] ? perf_trace_destroy+0x28/0x100 [ 40.936713] ? check_noncircular+0x20/0x20 [ 40.940909] ? lock_release+0xda0/0xda0 [ 40.944846] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 40.950694] ? perf_event_detach_bpf_prog+0x92/0x3d0 [ 40.955758] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 40.960909] ? do_mmap+0x6c6/0xe10 [ 40.964412] ? rcu_note_context_switch+0x710/0x710 [ 40.969306] ? __might_sleep+0x95/0x190 [ 40.973243] ? perf_trace_destroy+0x28/0x100 [ 40.977617] __mutex_lock+0x16f/0x1a80 [ 40.981465] ? perf_trace_destroy+0x28/0x100 [ 40.985833] ? find_held_lock+0x39/0x1d0 [ 40.989856] ? perf_trace_destroy+0x28/0x100 [ 40.994228] ? mutex_lock_io_nested+0x1900/0x1900 [ 40.999034] ? lock_acquire+0x1d5/0x580 [ 41.002973] ? perf_mmap_close+0x5cb/0x1010 [ 41.007257] ? lock_release+0xda0/0xda0 [ 41.011193] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 41.017038] ? perf_mmap_close+0x33f/0x1010 [ 41.021323] ? find_held_lock+0x39/0x1d0 [ 41.025345] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 41.030147] ? print_usage_bug+0x3f0/0x3f0 [ 41.034343] ? wait_for_completion+0x7b0/0x7b0 [ 41.038891] ? __wake_up_common_lock+0x190/0x310 [ 41.043609] ? check_noncircular+0x20/0x20 [ 41.047804] ? find_held_lock+0x39/0x1d0 [ 41.051827] ? perf_addr_filters_splice+0x18f/0x810 [ 41.056810] ? free_filters_list+0x2f0/0x2f0 [ 41.061185] ? mutex_unlock+0xd/0x10 [ 41.064864] ? __lock_is_held+0xbc/0x140 [ 41.068888] mutex_lock_nested+0x16/0x20 [ 41.072910] ? mutex_lock_nested+0x16/0x20 [ 41.077107] perf_trace_destroy+0x28/0x100 [ 41.081303] ? perf_tp_event_init+0xf0/0xf0 [ 41.085585] tp_perf_event_destroy+0x15/0x20 [ 41.089956] _free_event+0x3bd/0x10f0 [ 41.093720] ? ring_buffer_attach+0x830/0x830 [ 41.098179] ? wait_for_completion+0x7b0/0x7b0 [ 41.102726] ? ring_buffer_put+0x140/0x140 [ 41.106924] ? lock_release+0xda0/0xda0 [ 41.110859] ? atomic_dec_and_mutex_lock+0x112/0x150 [ 41.115926] put_event+0x24/0x30 [ 41.119253] perf_mmap_close+0x60d/0x1010 [ 41.123374] ? perf_compat_ioctl+0x70/0x70 [ 41.127571] ? save_stack+0x43/0xd0 [ 41.131161] ? check_noncircular+0x20/0x20 [ 41.135356] ? do_munmap+0x82a/0xdf0 [ 41.139034] ? mmap_region+0x59e/0x15a0 [ 41.142971] ? do_mmap+0x6c6/0xe10 [ 41.146475] ? SyS_mmap_pgoff+0x23b/0x5f0 [ 41.150585] ? do_fast_syscall_32+0x3ee/0xf9d [ 41.155042] ? entry_SYSENTER_compat+0x51/0x60 [ 41.159587] ? unmap_region+0x35c/0x4f0 [ 41.163522] ? up_read+0x40/0x40 [ 41.166849] ? check_noncircular+0x20/0x20 [ 41.171045] ? print_usage_bug+0x3f0/0x3f0 [ 41.175241] ? reusable_anon_vma+0x560/0x560 [ 41.179612] ? __lock_is_held+0xbc/0x140 [ 41.183639] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 41.189486] ? rcu_note_context_switch+0x710/0x710 [ 41.194384] ? __might_sleep+0x95/0x190 [ 41.198321] ? perf_compat_ioctl+0x70/0x70 [ 41.202517] remove_vma+0xb4/0x1b0 [ 41.206019] do_munmap+0x82a/0xdf0 [ 41.209522] mmap_region+0x59e/0x15a0 [ 41.213285] ? SyS_brk+0x6f0/0x6f0 [ 41.216787] ? arch_get_unmapped_area_topdown+0xba/0x7d0 [ 41.222200] ? arch_get_unmapped_area+0x750/0x750 [ 41.227005] ? lock_acquire+0x1d5/0x580 [ 41.230943] ? vm_mmap_pgoff+0x198/0x280 [ 41.234967] ? selinux_mmap_addr+0x1f/0xf0 [ 41.239165] ? security_mmap_addr+0x79/0xa0 [ 41.243449] ? get_unmapped_area+0x265/0x300 [ 41.247819] do_mmap+0x6c6/0xe10 [ 41.251148] ? mmap_region+0x15a0/0x15a0 [ 41.255169] ? vm_mmap_pgoff+0x198/0x280 [ 41.259193] ? down_read_killable+0x180/0x180 [ 41.263651] ? security_mmap_file+0x143/0x180 [ 41.268107] vm_mmap_pgoff+0x1de/0x280 [ 41.271960] ? vma_is_stack_for_current+0xa0/0xa0 [ 41.276767] ? compat_SyS_futex+0x288/0x380 [ 41.281052] SyS_mmap_pgoff+0x23b/0x5f0 [ 41.284987] ? find_mergeable_anon_vma+0xd0/0xd0 [ 41.289706] ? lock_acquire+0x1d5/0x580 [ 41.293645] ? finish_task_switch+0x1aa/0x740 [ 41.298101] ? do_fast_syscall_32+0x156/0xf9d [ 41.302559] ? find_mergeable_anon_vma+0xd0/0xd0 [ 41.307276] do_fast_syscall_32+0x3ee/0xf9d [ 41.311559] ? do_raw_spin_trylock+0x190/0x190 [ 41.316102] ? do_int80_syscall_32+0x9d0/0x9d0 [ 41.320647] ? lockdep_sys_exit+0x47/0xf0 [ 41.324759] ? syscall_return_slowpath+0x2ad/0x550 [ 41.329651] ? prepare_exit_to_usermode+0x340/0x340 [ 41.334629] ? sysret32_from_system_call+0x5/0x3b [ 41.339437] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.344243] entry_SYSENTER_compat+0x51/0x60 [ 41.348612] RIP: 0023:0xf7fcfc79 [ 41.351939] RSP: 002b:00000000f7faa08c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0 [ 41.359608] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000292000 [ 41.366840] RDX: 0000000000000003 RSI: 0000000000000032 RDI: 00000000ffffffff [ 41.374073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 41.381307] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 41.388543] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2017/12/13 00:54:57 executed programs: 77 2017/12/13 00:55:02 executed programs: 181