[ 42.784067] audit: type=1800 audit(1556167937.700:29): pid=7712 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [....] Starting periodic command scheduler: cron[ 42.913745] audit: type=1800 audit(1556167937.830:30): pid=7712 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 52.027754] kauditd_printk_skb: 5 callbacks suppressed [ 52.027770] audit: type=1400 audit(1556167946.940:36): avc: denied { map } for pid=7897 comm="syz-executor083" path="/root/syz-executor083734061" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 52.061270] audit: type=1400 audit(1556167946.970:37): avc: denied { map } for pid=7897 comm="syz-executor083" path="/dev/usbmon0" dev="devtmpfs" ino=15279 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usbmon_device_t:s0 tclass=chr_file permissive=1 [ 52.065960] [ 52.088531] ====================================================== [ 52.094935] WARNING: possible circular locking dependency detected [ 52.101319] 4.19.36 #4 Not tainted [ 52.104866] ------------------------------------------------------ [ 52.111179] syz-executor083/7898 is trying to acquire lock: [ 52.116868] 000000006b804d79 (&mm->mmap_sem){++++}, at: __might_fault+0xfb/0x1e0 [ 52.124394] [ 52.124394] but task is already holding lock: [ 52.130339] 0000000035869e19 (&rp->fetch_lock){+.+.}, at: mon_bin_read+0x60/0x640 [ 52.137952] [ 52.137952] which lock already depends on the new lock. [ 52.137952] [ 52.146249] [ 52.146249] the existing dependency chain (in reverse order) is: [ 52.153867] [ 52.153867] -> #1 (&rp->fetch_lock){+.+.}: [ 52.159663] __mutex_lock+0xf7/0x1300 [ 52.163966] mutex_lock_nested+0x16/0x20 [ 52.168529] mon_bin_vma_fault+0x73/0x2d0 [ 52.173193] __do_fault+0x116/0x480 [ 52.177341] __handle_mm_fault+0xf72/0x3f80 [ 52.182171] handle_mm_fault+0x43f/0xb30 [ 52.186736] __get_user_pages+0x609/0x1770 [ 52.191467] populate_vma_page_range+0x20d/0x2a0 [ 52.196722] __mm_populate+0x204/0x380 [ 52.201125] vm_mmap_pgoff+0x213/0x230 [ 52.205515] ksys_mmap_pgoff+0x4aa/0x630 [ 52.210080] __x64_sys_mmap+0xe9/0x1b0 [ 52.214482] do_syscall_64+0x103/0x610 [ 52.218872] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.224556] [ 52.224556] -> #0 (&mm->mmap_sem){++++}: [ 52.230087] lock_acquire+0x16f/0x3f0 [ 52.234388] __might_fault+0x15e/0x1e0 [ 52.238775] _copy_to_user+0x30/0x120 [ 52.243095] mon_bin_read+0x329/0x640 [ 52.247551] __vfs_read+0x116/0x800 [ 52.251676] vfs_read+0x194/0x3d0 [ 52.255640] ksys_read+0xea/0x1f0 [ 52.259591] __x64_sys_read+0x73/0xb0 [ 52.263896] do_syscall_64+0x103/0x610 [ 52.268284] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.273966] [ 52.273966] other info that might help us debug this: [ 52.273966] [ 52.282085] Possible unsafe locking scenario: [ 52.282085] [ 52.288116] CPU0 CPU1 [ 52.292771] ---- ---- [ 52.297411] lock(&rp->fetch_lock); [ 52.301120] lock(&mm->mmap_sem); [ 52.307188] lock(&rp->fetch_lock); [ 52.313407] lock(&mm->mmap_sem); [ 52.316936] [ 52.316936] *** DEADLOCK *** [ 52.316936] [ 52.322988] 1 lock held by syz-executor083/7898: [ 52.327747] #0: 0000000035869e19 (&rp->fetch_lock){+.+.}, at: mon_bin_read+0x60/0x640 [ 52.335801] [ 52.335801] stack backtrace: [ 52.340282] CPU: 0 PID: 7898 Comm: syz-executor083 Not tainted 4.19.36 #4 [ 52.347190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.356524] Call Trace: [ 52.359099] dump_stack+0x172/0x1f0 [ 52.362705] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 52.368056] __lock_acquire+0x2e6d/0x48f0 [ 52.372297] ? mark_held_locks+0xb1/0x100 [ 52.376432] ? mark_held_locks+0x100/0x100 [ 52.380666] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 52.385761] lock_acquire+0x16f/0x3f0 [ 52.389542] ? __might_fault+0xfb/0x1e0 [ 52.393497] __might_fault+0x15e/0x1e0 [ 52.397364] ? __might_fault+0xfb/0x1e0 [ 52.401320] _copy_to_user+0x30/0x120 [ 52.405104] mon_bin_read+0x329/0x640 [ 52.408890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.414412] __vfs_read+0x116/0x800 [ 52.418035] ? copy_from_buf.isra.0+0x1c0/0x1c0 [ 52.422709] ? vfs_copy_file_range+0xba0/0xba0 [ 52.427276] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.432799] ? __inode_security_revalidate+0xda/0x120 [ 52.437975] ? avc_policy_seqno+0xd/0x70 [ 52.442018] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 52.447019] ? security_file_permission+0x1ce/0x230 [ 52.452023] ? security_file_permission+0x8f/0x230 [ 52.456937] ? rw_verify_area+0x118/0x360 [ 52.461072] vfs_read+0x194/0x3d0 [ 52.464506] ksys_read+0xea/0x1f0 [ 52.467946] ? kernel_write+0x120/0x120 [ 52.472108] ? do_syscall_64+0x26/0x610 [ 52.476081] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.481451] ? do_syscall_64+0x26/0x610 [ 52.485410] __x64_sys_read+0x73/0xb0 [ 52.489199] do_syscall_64+0x103/0x610 [ 52.493069] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.498251] RIP: 0033:0x449739 [ 52.501426] Code: e8 ec b9 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab d6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 52.520336] RSP: 002b:00007fc2af9b1ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 52.528047] RAX: ffff