[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1[   33.552463] kauditd_printk_skb: 9 callbacks suppressed
G[[32m ok [39;[   33.552476] audit: type=1800 audit(1542444419.450:33): pid=5985 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
49m8[?25h[?0c[   33.581675] audit: type=1800 audit(1542444419.460:34): pid=5985 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   38.930277] audit: type=1400 audit(1542444424.830:35): avc:  denied  { map } for  pid=6164 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   38.966682] sshd (6162) used greatest stack depth: 15744 bytes left
Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts.
executing program
[   45.642822] audit: type=1400 audit(1542444431.540:36): avc:  denied  { map } for  pid=6177 comm="syz-executor105" path="/root/syz-executor105348405" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   45.695679] 
[   45.697344] ======================================================
[   45.703652] WARNING: possible circular locking dependency detected
[   45.710076] 4.20.0-rc2+ #117 Not tainted
[   45.714117] ------------------------------------------------------
[   45.720416] kworker/1:1/22 is trying to acquire lock:
[   45.725588] 00000000abeb5a68 (&mdev->req_queue_mutex){+.+.}, at: v4l2_release+0x1d7/0x3a0
[   45.733914] 
[   45.733914] but task is already holding lock:
[   45.739867] 000000008c71eda2 ((delayed_fput_work).work){+.+.}, at: process_one_work+0xb9a/0x1c40
[   45.748784] 
[   45.748784] which lock already depends on the new lock.
[   45.748784] 
[   45.757082] 
[   45.757082] the existing dependency chain (in reverse order) is:
[   45.764687] 
[   45.764687] -> #3 ((delayed_fput_work).work){+.+.}:
[   45.771176]        process_one_work+0xc0a/0x1c40
[   45.775936]        worker_thread+0x17f/0x1390
[   45.780419]        kthread+0x35a/0x440
[   45.784288]        ret_from_fork+0x3a/0x50
[   45.788500] 
[   45.788500] -> #2 ((wq_completion)"events"){+.+.}:
[   45.794895]        flush_workqueue+0x30a/0x1e10
[   45.799551]        vim2m_stop_streaming+0x7c/0x2c0
[   45.804468]        __vb2_queue_cancel+0x171/0xd20
[   45.809297]        vb2_core_queue_release+0x26/0x80
[   45.814301]        vb2_queue_release+0x15/0x20
[   45.818877]        v4l2_m2m_ctx_release+0x1e/0x35
[   45.823709]        vim2m_release+0xe6/0x150
[   45.828014]        v4l2_release+0x224/0x3a0
[   45.832321]        __fput+0x385/0xa30
[   45.836114]        ____fput+0x15/0x20
[   45.839898]        task_work_run+0x1e8/0x2a0
[   45.844293]        exit_to_usermode_loop+0x318/0x380
[   45.849380]        do_syscall_64+0x6be/0x820
[   45.853774]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.859459] 
[   45.859459] -> #1 (&dev->dev_mutex){+.+.}:
[   45.865164]        __mutex_lock+0x166/0x16f0
[   45.869554]        mutex_lock_nested+0x16/0x20
[   45.874119]        vim2m_release+0xbc/0x150
[   45.878548]        v4l2_release+0x224/0x3a0
[   45.882852]        __fput+0x385/0xa30
[   45.886636]        ____fput+0x15/0x20
[   45.890420]        task_work_run+0x1e8/0x2a0
[   45.894810]        exit_to_usermode_loop+0x318/0x380
[   45.899893]        do_syscall_64+0x6be/0x820
[   45.904286]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.909973] 
[   45.909973] -> #0 (&mdev->req_queue_mutex){+.+.}:
[   45.916281]        lock_acquire+0x1ed/0x520
[   45.920585]        __mutex_lock+0x166/0x16f0
[   45.924974]        mutex_lock_nested+0x16/0x20
[   45.929538]        v4l2_release+0x1d7/0x3a0
[   45.933842]        __fput+0x385/0xa30
[   45.937633]        delayed_fput+0x55/0x80
[   45.941765]        process_one_work+0xc90/0x1c40
[   45.946501]        worker_thread+0x17f/0x1390
[   45.950980]        kthread+0x35a/0x440
[   45.954854]        ret_from_fork+0x3a/0x50
[   45.959063] 
[   45.959063] other info that might help us debug this:
[   45.959063] 
[   45.967183] Chain exists of:
[   45.967183]   &mdev->req_queue_mutex --> (wq_completion)"events" --> (delayed_fput_work).work
[   45.967183] 
[   45.980178]  Possible unsafe locking scenario:
[   45.980178] 
[   45.986223]        CPU0                    CPU1
[   45.990868]        ----                    ----
[   45.995513]   lock((delayed_fput_work).work);
[   45.999987]                                lock((wq_completion)"events");
[   46.006891]                                lock((delayed_fput_work).work);
[   46.013884]   lock(&mdev->req_queue_mutex);
[   46.018296] 
[   46.018296]  *** DEADLOCK ***
[   46.018296] 
[   46.024344] 2 locks held by kworker/1:1/22:
[   46.028719]  #0: 000000000996fc86 ((wq_completion)"events"){+.+.}, at: process_one_work+0xb43/0x1c40
[   46.037985]  #1: 000000008c71eda2 ((delayed_fput_work).work){+.+.}, at: process_one_work+0xb9a/0x1c40
[   46.047326] 
[   46.047326] stack backtrace:
[   46.051807] CPU: 1 PID: 22 Comm: kworker/1:1 Not tainted 4.20.0-rc2+ #117
[   46.058716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.068061] Workqueue: events delayed_fput
[   46.072273] Call Trace:
[   46.074847]  dump_stack+0x244/0x39d
[   46.078472]  ? dump_stack_print_info.cold.1+0x20/0x20
[   46.083648]  ? vprintk_func+0x85/0x181
[   46.087520]  print_circular_bug.isra.35.cold.54+0x1bd/0x27d
[   46.093212]  ? save_trace+0xe0/0x290
[   46.096922]  __lock_acquire+0x3399/0x4c20
[   46.101079]  ? mark_held_locks+0x130/0x130
[   46.105316]  ? print_usage_bug+0xc0/0xc0
[   46.109366]  ? lock_unpin_lock+0x4a0/0x4a0
[   46.113589]  ? __lock_acquire+0x62f/0x4c20
[   46.117818]  ? trace_hardirqs_on+0x310/0x310
[   46.122215]  ? lock_pin_lock+0x350/0x350
[   46.126258]  ? zap_class+0x640/0x640
[   46.129959]  ? mark_held_locks+0x130/0x130
[   46.134176]  ? load_balance+0x687/0x39a0
[   46.138236]  lock_acquire+0x1ed/0x520
[   46.142021]  ? v4l2_release+0x1d7/0x3a0
[   46.145982]  ? lock_release+0xa00/0xa00
[   46.149941]  ? perf_trace_sched_process_exec+0x860/0x860
[   46.155372]  ? find_busiest_group+0x2060/0x2060
[   46.160034]  ? print_usage_bug+0xc0/0xc0
[   46.164088]  ? v4l2_release+0x1d7/0x3a0
[   46.168055]  __mutex_lock+0x166/0x16f0
[   46.171926]  ? v4l2_release+0x1d7/0x3a0
[   46.175883]  ? v4l2_release+0x1d7/0x3a0
[   46.179848]  ? mutex_trylock+0x2b0/0x2b0
[   46.183903]  ? __lock_acquire+0x62f/0x4c20
[   46.188146]  ? mark_held_locks+0x130/0x130
[   46.192381]  ? mark_held_locks+0x130/0x130
[   46.196600]  ? mark_held_locks+0x130/0x130
[   46.200827]  ? lock_downgrade+0x900/0x900
[   46.204960]  ? zap_class+0x640/0x640
[   46.208656]  ? trace_event_raw_event_lock+0x340/0x340
[   46.213835]  ? kvm_sched_clock_read+0x9/0x20
[   46.218236]  ? zap_class+0x640/0x640
[   46.221935]  ? zap_class+0x640/0x640
[   46.225645]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   46.231165]  ? fsnotify+0x4e5/0xf20
[   46.234784]  ? __lock_is_held+0xb5/0x140
[   46.238832]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   46.244379]  ? locks_remove_file+0x3c6/0x5c0
[   46.248790]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   46.254308]  ? ima_file_free+0x132/0x650
[   46.258353]  ? fsnotify_first_mark+0x350/0x350
[   46.262921]  ? ima_file_check+0x130/0x130
[   46.267056]  ? vivid_remove+0x460/0x460
[   46.271029]  mutex_lock_nested+0x16/0x20
[   46.275089]  ? mutex_lock_nested+0x16/0x20
[   46.279440]  v4l2_release+0x1d7/0x3a0
[   46.283230]  ? dev_debug_store+0x140/0x140
[   46.287452]  __fput+0x385/0xa30
[   46.290721]  ? get_max_files+0x20/0x20
[   46.294598]  delayed_fput+0x55/0x80
[   46.298369]  process_one_work+0xc90/0x1c40
[   46.302705]  ? mark_held_locks+0x130/0x130
[   46.307049]  ? pwq_dec_nr_in_flight+0x4a0/0x4a0
[   46.311716]  ? __switch_to_asm+0x40/0x70
[   46.315803]  ? __switch_to_asm+0x34/0x70
[   46.319853]  ? __switch_to_asm+0x34/0x70
[   46.323895]  ? __switch_to_asm+0x40/0x70
[   46.327939]  ? __switch_to_asm+0x34/0x70
[   46.331987]  ? __switch_to_asm+0x40/0x70
[   46.336029]  ? __switch_to_asm+0x34/0x70
[   46.340196]  ? __switch_to_asm+0x40/0x70
[   46.344276]  ? __schedule+0x8d7/0x21d0
[   46.348177]  ? lock_downgrade+0x900/0x900
[   46.352303]  ? zap_class+0x640/0x640
[   46.356011]  ? find_held_lock+0x36/0x1c0
[   46.360057]  ? lock_acquire+0x1ed/0x520
[   46.364021]  ? worker_thread+0x3e0/0x1390
[   46.368147]  ? kasan_check_read+0x11/0x20
[   46.372277]  ? do_raw_spin_lock+0x14f/0x350
[   46.376727]  ? kasan_check_read+0x11/0x20
[   46.380883]  ? rwlock_bug.part.2+0x90/0x90
[   46.385116]  ? trace_hardirqs_on+0x310/0x310
[   46.389524]  worker_thread+0x17f/0x1390
[   46.393582]  ? __switch_to_asm+0x34/0x70
[   46.397824]  ? process_one_work+0x1c40/0x1c40
[   46.402308]  ? zap_class+0x640/0x640
[   46.406115]  ? find_held_lock+0x36/0x1c0
[   46.410170]  ? __kthread_parkme+0xce/0x1a0
[   46.414387]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[   46.419488]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[   46.424579]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   46.429145]  ? trace_hardirqs_on+0xbd/0x310
[   46.433462]  ? kasan_check_read+0x11/0x20
[   46.437594]  ? __kthread_parkme+0xce/0x1a0
[   46.441844]  ? trace_hardirqs_off_caller+0x310/0x310
executing program
[   46.446948]  ? trace_hardirqs_off_caller+0x310/0x310
[   46.452038]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[   46.457153]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   46.462696]  ? __kthread_parkme+0xfb/0x1a0
[   46.466925]  ? process_one_work+0x1c40/0x1c40
[   46.471412]  kthread+0x35a/0x440
[   46.474781]  ? kthread_stop+0x900/0x900
[   46.478798]  ret_from_fork+0x3a/0x50
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program