Warning: Permanently added '10.128.1.23' (ECDSA) to the list of known hosts. [ 40.046029] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 40.161768] audit: type=1400 audit(1555896297.427:36): avc: denied { map } for pid=6865 comm="syz-executor890" path="/root/syz-executor890542252" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.174477] [ 40.188540] audit: type=1400 audit(1555896297.427:37): avc: denied { map } for pid=6865 comm="syz-executor890" path="/dev/usbmon0" dev="devtmpfs" ino=14951 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usbmon_device_t:s0 tclass=chr_file permissive=1 [ 40.189794] ====================================================== [ 40.221654] WARNING: possible circular locking dependency detected [ 40.227986] 4.14.113 #3 Not tainted [ 40.231594] ------------------------------------------------------ [ 40.237882] syz-executor890/6866 is trying to acquire lock: [ 40.243563] (&mm->mmap_sem){++++}, at: [] __might_fault+0xe0/0x1d0 [ 40.251515] [ 40.251515] but task is already holding lock: [ 40.257462] (&rp->fetch_lock){+.+.}, at: [] mon_bin_read+0x5d/0x5e0 [ 40.265533] [ 40.265533] which lock already depends on the new lock. [ 40.265533] [ 40.273824] [ 40.273824] the existing dependency chain (in reverse order) is: [ 40.281435] [ 40.281435] -> #1 (&rp->fetch_lock){+.+.}: [ 40.287132] lock_acquire+0x16f/0x430 [ 40.291438] __mutex_lock+0xe8/0x1470 [ 40.295740] mutex_lock_nested+0x16/0x20 [ 40.300303] mon_bin_vma_fault+0x6f/0x280 [ 40.304943] __do_fault+0x109/0x390 [ 40.309071] __handle_mm_fault+0xde6/0x3470 [ 40.313883] handle_mm_fault+0x293/0x7c0 [ 40.318437] __get_user_pages+0x465/0x1250 [ 40.323164] populate_vma_page_range+0x18e/0x230 [ 40.328417] __mm_populate+0x198/0x2c0 [ 40.332799] vm_mmap_pgoff+0x1be/0x1d0 [ 40.337179] SyS_mmap_pgoff+0x3ca/0x520 [ 40.341645] SyS_mmap+0x16/0x20 [ 40.345435] do_syscall_64+0x1eb/0x630 [ 40.349821] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 40.355502] [ 40.355502] -> #0 (&mm->mmap_sem){++++}: [ 40.361018] __lock_acquire+0x2c89/0x45e0 [ 40.365675] lock_acquire+0x16f/0x430 [ 40.369971] __might_fault+0x143/0x1d0 [ 40.374353] _copy_to_user+0x2c/0xd0 [ 40.378559] mon_bin_read+0x2fb/0x5e0 [ 40.382854] __vfs_read+0x107/0x6b0 [ 40.386972] vfs_read+0x137/0x350 [ 40.390919] SyS_read+0xb8/0x180 [ 40.394783] do_syscall_64+0x1eb/0x630 [ 40.399167] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 40.404867] [ 40.404867] other info that might help us debug this: [ 40.404867] [ 40.412983] Possible unsafe locking scenario: [ 40.412983] [ 40.419010] CPU0 CPU1 [ 40.423650] ---- ---- [ 40.428310] lock(&rp->fetch_lock); [ 40.431999] lock(&mm->mmap_sem); [ 40.438036] lock(&rp->fetch_lock); [ 40.444238] lock(&mm->mmap_sem); [ 40.447764] [ 40.447764] *** DEADLOCK *** [ 40.447764] [ 40.453796] 1 lock held by syz-executor890/6866: [ 40.458518] #0: (&rp->fetch_lock){+.+.}, at: [] mon_bin_read+0x5d/0x5e0 [ 40.466986] [ 40.466986] stack backtrace: [ 40.471459] CPU: 0 PID: 6866 Comm: syz-executor890 Not tainted 4.14.113 #3 [ 40.478440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.487779] Call Trace: [ 40.490351] dump_stack+0x138/0x19c [ 40.493953] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 40.499292] __lock_acquire+0x2c89/0x45e0 [ 40.503413] ? remove_wait_queue+0x10f/0x190 [ 40.507798] ? trace_hardirqs_on+0x10/0x10 [ 40.512004] ? save_trace+0x290/0x290 [ 40.515781] lock_acquire+0x16f/0x430 [ 40.519557] ? __might_fault+0xe0/0x1d0 [ 40.523520] __might_fault+0x143/0x1d0 [ 40.527386] ? __might_fault+0xe0/0x1d0 [ 40.531339] _copy_to_user+0x2c/0xd0 [ 40.535028] mon_bin_read+0x2fb/0x5e0 [ 40.538808] __vfs_read+0x107/0x6b0 [ 40.542408] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 40.549060] ? mon_bin_fetch+0x2e0/0x2e0 [ 40.553097] ? vfs_copy_file_range+0xa40/0xa40 [ 40.557655] ? __inode_security_revalidate+0xd6/0x130 [ 40.562818] ? avc_policy_seqno+0x9/0x20 [ 40.566850] ? selinux_file_permission+0x85/0x480 [ 40.571684] ? security_file_permission+0x8f/0x1f0 [ 40.576604] ? rw_verify_area+0xea/0x2b0 [ 40.580641] vfs_read+0x137/0x350 [ 40.584072] SyS_read+0xb8/0x180 [ 40.587419] ? kernel_write+0x120/0x120 [ 40.591371] ? do_syscall_64+0x53/0x630 [ 40.595317] ? kernel_write+0x120/0x120 [ 40.599269] do_syscall_64+0x1eb/0x630 [ 40.603152] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.607987] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 40.6