[ 70.186681][ T26] audit: type=1800 audit(1571486700.883:33): pid=9130 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 75.250330][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 75.250343][ T26] audit: type=1400 audit(1571486705.943:41): avc: denied { map } for pid=9307 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.225' (ECDSA) to the list of known hosts. executing program [ 81.757416][ T26] audit: type=1400 audit(1571486712.453:42): avc: denied { map } for pid=9319 comm="syz-executor562" path="/root/syz-executor562456434" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 81.793735][ T9320] IPVS: ftp: loaded support on port[0] = 21 [ 81.837425][ T26] audit: type=1400 audit(1571486712.533:43): avc: denied { map } for pid=9320 comm="syz-executor562" path="/dev/usbmon0" dev="devtmpfs" ino=18172 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usbmon_device_t:s0 tclass=chr_file permissive=1 [ 81.888396][ T9322] [ 81.890791][ T9322] ====================================================== [ 81.897787][ T9322] WARNING: possible circular locking dependency detected [ 81.904822][ T9322] 5.4.0-rc3+ #0 Not tainted [ 81.909306][ T9322] ------------------------------------------------------ [ 81.916303][ T9322] syz-executor562/9322 is trying to acquire lock: [ 81.922689][ T9322] ffff888093e00d18 (&mm->mmap_sem#2){++++}, at: __might_fault+0xfb/0x1e0 [ 81.931111][ T9322] [ 81.931111][ T9322] but task is already holding lock: [ 81.940622][ T9322] ffff8880a9011900 (&rp->fetch_lock){+.+.}, at: mon_bin_fetch+0x37/0x340 [ 81.949020][ T9322] [ 81.949020][ T9322] which lock already depends on the new lock. [ 81.949020][ T9322] [ 81.959401][ T9322] [ 81.959401][ T9322] the existing dependency chain (in reverse order) is: [ 81.968484][ T9322] [ 81.968484][ T9322] -> #1 (&rp->fetch_lock){+.+.}: [ 81.975580][ T9322] __mutex_lock+0x156/0x13c0 [ 81.980669][ T9322] mutex_lock_nested+0x16/0x20 [ 81.985932][ T9322] mon_bin_vma_fault+0x73/0x2d0 [ 81.991282][ T9322] __do_fault+0x111/0x540 [ 81.996110][ T9322] __handle_mm_fault+0xce8/0x4040 [ 82.001632][ T9322] handle_mm_fault+0x3b7/0xaa0 [ 82.006895][ T9322] __do_page_fault+0x536/0xdd0 [ 82.012155][ T9322] do_page_fault+0x38/0x590 [ 82.017155][ T9322] page_fault+0x39/0x40 [ 82.021803][ T9322] [ 82.021803][ T9322] -> #0 (&mm->mmap_sem#2){++++}: [ 82.028898][ T9322] __lock_acquire+0x2596/0x4a00 [ 82.034247][ T9322] lock_acquire+0x190/0x410 [ 82.039252][ T9322] __might_fault+0x15e/0x1e0 [ 82.044344][ T9322] mon_bin_fetch+0x26f/0x340 [ 82.049431][ T9322] mon_bin_ioctl+0x21e/0xc80 [ 82.054521][ T9322] do_vfs_ioctl+0xdb6/0x13e0 [ 82.059611][ T9322] ksys_ioctl+0xab/0xd0 [ 82.064266][ T9322] __x64_sys_ioctl+0x73/0xb0 [ 82.069358][ T9322] do_syscall_64+0xfa/0x760 [ 82.074362][ T9322] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.080746][ T9322] [ 82.080746][ T9322] other info that might help us debug this: [ 82.080746][ T9322] [ 82.090951][ T9322] Possible unsafe locking scenario: [ 82.090951][ T9322] [ 82.098377][ T9322] CPU0 CPU1 [ 82.103719][ T9322] ---- ---- [ 82.109073][ T9322] lock(&rp->fetch_lock); [ 82.113462][ T9322] lock(&mm->mmap_sem#2); [ 82.120476][ T9322] lock(&rp->fetch_lock); [ 82.127383][ T9322] lock(&mm->mmap_sem#2); [ 82.131775][ T9322] [ 82.131775][ T9322] *** DEADLOCK *** [ 82.131775][ T9322] [ 82.139899][ T9322] 1 lock held by syz-executor562/9322: [ 82.145331][ T9322] #0: ffff8880a9011900 (&rp->fetch_lock){+.+.}, at: mon_bin_fetch+0x37/0x340 [ 82.154171][ T9322] [ 82.154171][ T9322] stack backtrace: [ 82.160042][ T9322] CPU: 0 PID: 9322 Comm: syz-executor562 Not tainted 5.4.0-rc3+ #0 [ 82.167905][ T9322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.177938][ T9322] Call Trace: [ 82.181215][ T9322] dump_stack+0x172/0x1f0 [ 82.185529][ T9322] print_circular_bug.isra.0.cold+0x163/0x172 [ 82.191574][ T9322] check_noncircular+0x32e/0x3e0 [ 82.196489][ T9322] ? print_circular_bug.isra.0+0x230/0x230 [ 82.202275][ T9322] ? mark_held_locks+0xa4/0xf0 [ 82.207031][ T9322] ? alloc_list_entry+0xc0/0xc0 [ 82.211865][ T9322] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 82.218085][ T9322] ? find_first_zero_bit+0x9a/0xc0 [ 82.223176][ T9322] __lock_acquire+0x2596/0x4a00 [ 82.228003][ T9322] ? __lock_acquire+0x16f2/0x4a00 [ 82.233014][ T9322] ? mark_held_locks+0xf0/0xf0 [ 82.237758][ T9322] lock_acquire+0x190/0x410 [ 82.242251][ T9322] ? __might_fault+0xfb/0x1e0 [ 82.246910][ T9322] __might_fault+0x15e/0x1e0 [ 82.251479][ T9322] ? __might_fault+0xfb/0x1e0 [ 82.256143][ T9322] mon_bin_fetch+0x26f/0x340 [ 82.260717][ T9322] mon_bin_ioctl+0x21e/0xc80 [ 82.265290][ T9322] ? mon_bin_get_event+0x450/0x450 [ 82.270384][ T9322] ? ___might_sleep+0x163/0x2c0 [ 82.275224][ T9322] ? mon_bin_get_event+0x450/0x450 [ 82.282143][ T9322] do_vfs_ioctl+0xdb6/0x13e0 [ 82.286715][ T9322] ? ioctl_preallocate+0x210/0x210 [ 82.291806][ T9322] ? selinux_file_mprotect+0x620/0x620 [ 82.297240][ T9322] ? __fget+0x384/0x560 [ 82.301400][ T9322] ? ksys_dup3+0x3e0/0x3e0 [ 82.305810][ T9322] ? tomoyo_file_ioctl+0x23/0x30 [ 82.310759][ T9322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.316997][ T9322] ? security_file_ioctl+0x8d/0xc0 [ 82.322093][ T9322] ksys_ioctl+0xab/0xd0 [ 82.326231][ T9322] __x64_sys_ioctl+0x73/0xb0 [ 82.330801][ T9322] do_syscall_64+0xfa/0x760 [ 82.335297][ T9322] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.341171][ T9322] RIP: 0033:0x44a8f9 [ 82.345051][ T9322] Code: e8 6c d9 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb d0 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 82.364645][ T9322] RSP: 002b:00007f5a7c205ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 82.373053][ T9322] RAX: ffffffffffffffda RBX: 00000000006dcc58 RCX: 000000000044a8f9 [ 82.381008][ T9322] RDX: 0000000020000140 RSI: 00000000c0109207 RDI: 0000000000000003 [ 82.388960][ T9322] RBP: 00000000006dcc50 R08: 00007f5a7c206700 R09: 0000000000000000 [ 82.396917][ T9322] R10: 00007f5a7c206700 R11: 0000000000000246 R12: 00000000006dcc5c [ 82.404884][ T9322] R13: 00007fff409d459f R14: 00007f5a7c2069c0 R15: 000000000000002d [ 82.463002][ T9322] kobject: 'batman_adv' (00000000b8600027): kobject_uevent_env [ 82.470631][ T9322] kobject: 'batman_adv' (00000000b8600027): kobject_uevent_env: filter function caused the event to drop! [ 82.482056][ T9322] kobject: 'batman_adv' (00000000b8600027): kobject_cleanup, parent 000000001e201580 [ 82.491568][ T9322] kobject: 'batman_adv' (00000000b8600027): calling ktype release [ 82.499387][ T9322] kobject: (00000000b8600027): dynamic_kobj_release [ 82.506065][ T9322] kobject: 'batman_adv': free name [ 82.511712][ T9322] kobject: 'rx-0' (000000001ae95ce0): kobject_cleanup, parent 0000000018ef65f1 [ 82.520655][ T9322] kobject: 'rx-0' (000000001ae95ce0): auto cleanup 'remove' event [ 82.528521][ T9322] kobject: 'rx-0' (000000001ae95ce0): kobject_uevent_env [ 82.535595][ T9322] kobject: 'rx-0' (000000001ae95ce0): fill_kobj_path: path = '/devices/virtual/net/syz_tun/queues/rx-0' [ 82.547115][ T9322] kobject: 'rx-0' (000000001ae95ce0): auto cleanup kobject_del [ 82.554709][ T9322] kobject: 'rx-0' (000000001ae95ce0): calling ktype release [ 82.562081][ T9322] kobject: 'rx-0': free name [ 82.566692][ T9322] kobject: 'tx-0' (00000000ad462c1e): kobject_cleanup, parent 0000000018ef65f1 [ 82.575650][ T9322] kobject: 'tx-0' (00000000ad462c1e): auto cleanup 'remove' event [ 82.583462][ T9322] kobject: 'tx-0' (00000000ad462c1e): kobject_uevent_env [ 82.590495][ T9322] kobject: 'tx-0' (00000000ad462c1e): fill_kobj_path: path = '/devices/virtual/net/syz_tun/queues/tx-0' [ 82.601675][ T9322] kobject: 'tx-0' (00000000ad462c1e): auto cleanup kobject_del [ 82.609246][ T9322] kobject: 'tx-0' (00000000ad462c1e): calling ktype release [ 82.616534][ T9322] kobject: 'tx-0': free name [ 82.621143][ T9322] kobject: 'queues' (0000000018ef65f1): kobject_cleanup, parent 000000001e201580 [ 82.630220][ T9322] kobject: 'queues' (0000000018ef65f1): calling ktype release [ 82.637684][ T9322] kobject: 'queues' (0000000018ef65f1): kset_release [ 82.644364][ T9322] kobject: 'queues': free name [ 82.649320][ T9322] kobject: 'syz_tun' (000000006faf92bc): kobject_uevent_env [ 82.656956][ T9322] kobject: 'syz_tun' (000000006faf92bc): fill_kobj_path: path = '/devices/virtual/net/syz_tun' [