[   70.186681][   T26] audit: type=1800 audit(1571486700.883:33): pid=9130 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   75.250330][   T26] kauditd_printk_skb: 7 callbacks suppressed
[   75.250343][   T26] audit: type=1400 audit(1571486705.943:41): avc:  denied  { map } for  pid=9307 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.225' (ECDSA) to the list of known hosts.
executing program
[   81.757416][   T26] audit: type=1400 audit(1571486712.453:42): avc:  denied  { map } for  pid=9319 comm="syz-executor562" path="/root/syz-executor562456434" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   81.793735][ T9320] IPVS: ftp: loaded support on port[0] = 21
[   81.837425][   T26] audit: type=1400 audit(1571486712.533:43): avc:  denied  { map } for  pid=9320 comm="syz-executor562" path="/dev/usbmon0" dev="devtmpfs" ino=18172 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usbmon_device_t:s0 tclass=chr_file permissive=1
[   81.888396][ T9322] 
[   81.890791][ T9322] ======================================================
[   81.897787][ T9322] WARNING: possible circular locking dependency detected
[   81.904822][ T9322] 5.4.0-rc3+ #0 Not tainted
[   81.909306][ T9322] ------------------------------------------------------
[   81.916303][ T9322] syz-executor562/9322 is trying to acquire lock:
[   81.922689][ T9322] ffff888093e00d18 (&mm->mmap_sem#2){++++}, at: __might_fault+0xfb/0x1e0
[   81.931111][ T9322] 
[   81.931111][ T9322] but task is already holding lock:
[   81.940622][ T9322] ffff8880a9011900 (&rp->fetch_lock){+.+.}, at: mon_bin_fetch+0x37/0x340
[   81.949020][ T9322] 
[   81.949020][ T9322] which lock already depends on the new lock.
[   81.949020][ T9322] 
[   81.959401][ T9322] 
[   81.959401][ T9322] the existing dependency chain (in reverse order) is:
[   81.968484][ T9322] 
[   81.968484][ T9322] -> #1 (&rp->fetch_lock){+.+.}:
[   81.975580][ T9322]        __mutex_lock+0x156/0x13c0
[   81.980669][ T9322]        mutex_lock_nested+0x16/0x20
[   81.985932][ T9322]        mon_bin_vma_fault+0x73/0x2d0
[   81.991282][ T9322]        __do_fault+0x111/0x540
[   81.996110][ T9322]        __handle_mm_fault+0xce8/0x4040
[   82.001632][ T9322]        handle_mm_fault+0x3b7/0xaa0
[   82.006895][ T9322]        __do_page_fault+0x536/0xdd0
[   82.012155][ T9322]        do_page_fault+0x38/0x590
[   82.017155][ T9322]        page_fault+0x39/0x40
[   82.021803][ T9322] 
[   82.021803][ T9322] -> #0 (&mm->mmap_sem#2){++++}:
[   82.028898][ T9322]        __lock_acquire+0x2596/0x4a00
[   82.034247][ T9322]        lock_acquire+0x190/0x410
[   82.039252][ T9322]        __might_fault+0x15e/0x1e0
[   82.044344][ T9322]        mon_bin_fetch+0x26f/0x340
[   82.049431][ T9322]        mon_bin_ioctl+0x21e/0xc80
[   82.054521][ T9322]        do_vfs_ioctl+0xdb6/0x13e0
[   82.059611][ T9322]        ksys_ioctl+0xab/0xd0
[   82.064266][ T9322]        __x64_sys_ioctl+0x73/0xb0
[   82.069358][ T9322]        do_syscall_64+0xfa/0x760
[   82.074362][ T9322]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.080746][ T9322] 
[   82.080746][ T9322] other info that might help us debug this:
[   82.080746][ T9322] 
[   82.090951][ T9322]  Possible unsafe locking scenario:
[   82.090951][ T9322] 
[   82.098377][ T9322]        CPU0                    CPU1
[   82.103719][ T9322]        ----                    ----
[   82.109073][ T9322]   lock(&rp->fetch_lock);
[   82.113462][ T9322]                                lock(&mm->mmap_sem#2);
[   82.120476][ T9322]                                lock(&rp->fetch_lock);
[   82.127383][ T9322]   lock(&mm->mmap_sem#2);
[   82.131775][ T9322] 
[   82.131775][ T9322]  *** DEADLOCK ***
[   82.131775][ T9322] 
[   82.139899][ T9322] 1 lock held by syz-executor562/9322:
[   82.145331][ T9322]  #0: ffff8880a9011900 (&rp->fetch_lock){+.+.}, at: mon_bin_fetch+0x37/0x340
[   82.154171][ T9322] 
[   82.154171][ T9322] stack backtrace:
[   82.160042][ T9322] CPU: 0 PID: 9322 Comm: syz-executor562 Not tainted 5.4.0-rc3+ #0
[   82.167905][ T9322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.177938][ T9322] Call Trace:
[   82.181215][ T9322]  dump_stack+0x172/0x1f0
[   82.185529][ T9322]  print_circular_bug.isra.0.cold+0x163/0x172
[   82.191574][ T9322]  check_noncircular+0x32e/0x3e0
[   82.196489][ T9322]  ? print_circular_bug.isra.0+0x230/0x230
[   82.202275][ T9322]  ? mark_held_locks+0xa4/0xf0
[   82.207031][ T9322]  ? alloc_list_entry+0xc0/0xc0
[   82.211865][ T9322]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   82.218085][ T9322]  ? find_first_zero_bit+0x9a/0xc0
[   82.223176][ T9322]  __lock_acquire+0x2596/0x4a00
[   82.228003][ T9322]  ? __lock_acquire+0x16f2/0x4a00
[   82.233014][ T9322]  ? mark_held_locks+0xf0/0xf0
[   82.237758][ T9322]  lock_acquire+0x190/0x410
[   82.242251][ T9322]  ? __might_fault+0xfb/0x1e0
[   82.246910][ T9322]  __might_fault+0x15e/0x1e0
[   82.251479][ T9322]  ? __might_fault+0xfb/0x1e0
[   82.256143][ T9322]  mon_bin_fetch+0x26f/0x340
[   82.260717][ T9322]  mon_bin_ioctl+0x21e/0xc80
[   82.265290][ T9322]  ? mon_bin_get_event+0x450/0x450
[   82.270384][ T9322]  ? ___might_sleep+0x163/0x2c0
[   82.275224][ T9322]  ? mon_bin_get_event+0x450/0x450
[   82.282143][ T9322]  do_vfs_ioctl+0xdb6/0x13e0
[   82.286715][ T9322]  ? ioctl_preallocate+0x210/0x210
[   82.291806][ T9322]  ? selinux_file_mprotect+0x620/0x620
[   82.297240][ T9322]  ? __fget+0x384/0x560
[   82.301400][ T9322]  ? ksys_dup3+0x3e0/0x3e0
[   82.305810][ T9322]  ? tomoyo_file_ioctl+0x23/0x30
[   82.310759][ T9322]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.316997][ T9322]  ? security_file_ioctl+0x8d/0xc0
[   82.322093][ T9322]  ksys_ioctl+0xab/0xd0
[   82.326231][ T9322]  __x64_sys_ioctl+0x73/0xb0
[   82.330801][ T9322]  do_syscall_64+0xfa/0x760
[   82.335297][ T9322]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.341171][ T9322] RIP: 0033:0x44a8f9
[   82.345051][ T9322] Code: e8 6c d9 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb d0 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   82.364645][ T9322] RSP: 002b:00007f5a7c205ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   82.373053][ T9322] RAX: ffffffffffffffda RBX: 00000000006dcc58 RCX: 000000000044a8f9
[   82.381008][ T9322] RDX: 0000000020000140 RSI: 00000000c0109207 RDI: 0000000000000003
[   82.388960][ T9322] RBP: 00000000006dcc50 R08: 00007f5a7c206700 R09: 0000000000000000
[   82.396917][ T9322] R10: 00007f5a7c206700 R11: 0000000000000246 R12: 00000000006dcc5c
[   82.404884][ T9322] R13: 00007fff409d459f R14: 00007f5a7c2069c0 R15: 000000000000002d
[   82.463002][ T9322] kobject: 'batman_adv' (00000000b8600027): kobject_uevent_env
[   82.470631][ T9322] kobject: 'batman_adv' (00000000b8600027): kobject_uevent_env: filter function caused the event to drop!
[   82.482056][ T9322] kobject: 'batman_adv' (00000000b8600027): kobject_cleanup, parent 000000001e201580
[   82.491568][ T9322] kobject: 'batman_adv' (00000000b8600027): calling ktype release
[   82.499387][ T9322] kobject: (00000000b8600027): dynamic_kobj_release
[   82.506065][ T9322] kobject: 'batman_adv': free name
[   82.511712][ T9322] kobject: 'rx-0' (000000001ae95ce0): kobject_cleanup, parent 0000000018ef65f1
[   82.520655][ T9322] kobject: 'rx-0' (000000001ae95ce0): auto cleanup 'remove' event
[   82.528521][ T9322] kobject: 'rx-0' (000000001ae95ce0): kobject_uevent_env
[   82.535595][ T9322] kobject: 'rx-0' (000000001ae95ce0): fill_kobj_path: path = '/devices/virtual/net/syz_tun/queues/rx-0'
[   82.547115][ T9322] kobject: 'rx-0' (000000001ae95ce0): auto cleanup kobject_del
[   82.554709][ T9322] kobject: 'rx-0' (000000001ae95ce0): calling ktype release
[   82.562081][ T9322] kobject: 'rx-0': free name
[   82.566692][ T9322] kobject: 'tx-0' (00000000ad462c1e): kobject_cleanup, parent 0000000018ef65f1
[   82.575650][ T9322] kobject: 'tx-0' (00000000ad462c1e): auto cleanup 'remove' event
[   82.583462][ T9322] kobject: 'tx-0' (00000000ad462c1e): kobject_uevent_env
[   82.590495][ T9322] kobject: 'tx-0' (00000000ad462c1e): fill_kobj_path: path = '/devices/virtual/net/syz_tun/queues/tx-0'
[   82.601675][ T9322] kobject: 'tx-0' (00000000ad462c1e): auto cleanup kobject_del
[   82.609246][ T9322] kobject: 'tx-0' (00000000ad462c1e): calling ktype release
[   82.616534][ T9322] kobject: 'tx-0': free name
[   82.621143][ T9322] kobject: 'queues' (0000000018ef65f1): kobject_cleanup, parent 000000001e201580
[   82.630220][ T9322] kobject: 'queues' (0000000018ef65f1): calling ktype release
[   82.637684][ T9322] kobject: 'queues' (0000000018ef65f1): kset_release
[   82.644364][ T9322] kobject: 'queues': free name
[   82.649320][ T9322] kobject: 'syz_tun' (000000006faf92bc): kobject_uevent_env
[   82.656956][ T9322] kobject: 'syz_tun' (000000006faf92bc): fill_kobj_path: path = '/devices/virtual/net/syz_tun'
[