Warning: Permanently added '10.128.1.14' (ECDSA) to the list of known hosts. [ 53.263537] random: sshd: uninitialized urandom read (32 bytes read) [ 53.391035] audit: type=1400 audit(1555153503.677:36): avc: denied { map } for pid=7072 comm="syz-executor258" path="/root/syz-executor258664817" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 54.120287] IPVS: ftp: loaded support on port[0] = 21 executing program [ 54.403115] audit: type=1400 audit(1555153504.687:37): avc: denied { map } for pid=7073 comm="syz-executor258" path="/dev/usbmon0" dev="devtmpfs" ino=15377 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usbmon_device_t:s0 tclass=chr_file permissive=1 [ 54.406693] [ 54.430579] ====================================================== [ 54.436902] WARNING: possible circular locking dependency detected [ 54.443226] 4.14.111 #1 Not tainted [ 54.446842] ------------------------------------------------------ [ 54.453152] syz-executor258/7074 is trying to acquire lock: [ 54.458846] (&mm->mmap_sem){++++}, at: [] __might_fault+0xe0/0x1d0 [ 54.466919] [ 54.466919] but task is already holding lock: [ 54.472888] (&rp->fetch_lock){+.+.}, at: [] mon_bin_read+0x5d/0x5e0 [ 54.480994] [ 54.480994] which lock already depends on the new lock. [ 54.480994] [ 54.489322] [ 54.489322] the existing dependency chain (in reverse order) is: [ 54.497116] [ 54.497116] -> #1 (&rp->fetch_lock){+.+.}: [ 54.502867] lock_acquire+0x16f/0x430 [ 54.507210] __mutex_lock+0xe8/0x1470 [ 54.511546] mutex_lock_nested+0x16/0x20 [ 54.516120] mon_bin_vma_fault+0x6f/0x280 [ 54.520784] __do_fault+0x109/0x390 [ 54.524919] __handle_mm_fault+0x2465/0x3470 [ 54.530006] handle_mm_fault+0x293/0x7c0 [ 54.534581] __get_user_pages+0x465/0x1250 [ 54.539322] populate_vma_page_range+0x18e/0x230 [ 54.544587] __mm_populate+0x198/0x2c0 [ 54.548997] vm_mmap_pgoff+0x1be/0x1d0 [ 54.553427] SyS_mmap_pgoff+0x3ca/0x520 [ 54.557933] SyS_mmap+0x16/0x20 [ 54.561738] do_syscall_64+0x1eb/0x630 [ 54.566156] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 54.571853] [ 54.571853] -> #0 (&mm->mmap_sem){++++}: [ 54.577396] __lock_acquire+0x2c89/0x45e0 [ 54.582079] lock_acquire+0x16f/0x430 [ 54.586389] __might_fault+0x143/0x1d0 [ 54.590810] _copy_to_user+0x2c/0xd0 [ 54.595037] mon_bin_read+0x2fb/0x5e0 [ 54.599363] __vfs_read+0x107/0x6b0 [ 54.603516] vfs_read+0x137/0x350 [ 54.607479] SyS_read+0xb8/0x180 [ 54.611357] do_syscall_64+0x1eb/0x630 [ 54.615762] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 54.621462] [ 54.621462] other info that might help us debug this: [ 54.621462] [ 54.629597] Possible unsafe locking scenario: [ 54.629597] [ 54.635646] CPU0 CPU1 [ 54.640303] ---- ---- [ 54.644956] lock(&rp->fetch_lock); [ 54.648669] lock(&mm->mmap_sem); [ 54.654717] lock(&rp->fetch_lock); [ 54.661021] lock(&mm->mmap_sem); [ 54.664570] [ 54.664570] *** DEADLOCK *** [ 54.664570] [ 54.670625] 1 lock held by syz-executor258/7074: [ 54.675372] #0: (&rp->fetch_lock){+.+.}, at: [] mon_bin_read+0x5d/0x5e0 [ 54.683873] [ 54.683873] stack backtrace: [ 54.688393] CPU: 1 PID: 7074 Comm: syz-executor258 Not tainted 4.14.111 #1 [ 54.695396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.704757] Call Trace: [ 54.707364] dump_stack+0x138/0x19c [ 54.710995] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 54.716361] __lock_acquire+0x2c89/0x45e0 [ 54.720501] ? remove_wait_queue+0x10f/0x190 [ 54.724904] ? trace_hardirqs_on+0x10/0x10 [ 54.729148] ? save_trace+0x290/0x290 [ 54.732945] lock_acquire+0x16f/0x430 [ 54.736738] ? __might_fault+0xe0/0x1d0 [ 54.740702] __might_fault+0x143/0x1d0 [ 54.744582] ? __might_fault+0xe0/0x1d0 [ 54.748543] _copy_to_user+0x2c/0xd0 [ 54.752251] mon_bin_read+0x2fb/0x5e0 [ 54.756043] __vfs_read+0x107/0x6b0 [ 54.759687] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 54.766354] ? mon_bin_fetch+0x2e0/0x2e0 [ 54.770427] ? vfs_copy_file_range+0xa40/0xa40 [ 54.775011] ? __inode_security_revalidate+0xd6/0x130 [ 54.780455] ? avc_policy_seqno+0x9/0x20 [ 54.784505] ? selinux_file_permission+0x85/0x480 [ 54.789342] ? security_file_permission+0x8f/0x1f0 [ 54.794270] ? rw_verify_area+0xea/0x2b0 [ 54.798347] vfs_read+0x137/0x350 [ 54.801795] SyS_read+0xb8/0x180 [ 54.805152] ? kernel_write+0x120/0x120 [ 54.809124] ? do_syscall_64+0x53/0x630 [ 54.813098] ? kernel_write+0x120/0x120 [ 54.817153] do_syscall_64+0x1eb/0x630 [ 54.821036] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 54.825884] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 54.831085] RIP: 0033:0x449f19 [ 54.834263] RSP: 002b:00007f1a6f744ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 54.841964] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000449f19 [ 54.849227] RDX: 000000000000002f RSI: 0000000000000000 RDI: 0000000000000003 [ 54.856586] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 54.863867] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 54.871222] R13: 00007fff9c54b37f R14: 00007f1a6f7459c0 R15: 000000000000002d