Warning: Permanently added '10.128.1.35' (ECDSA) to the list of known hosts.
[   38.021812] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   38.140672] audit: type=1400 audit(1555912755.438:36): avc:  denied  { map } for  pid=6859 comm="syz-executor226" path="/root/syz-executor226717989" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   38.168101] audit: type=1400 audit(1555912755.458:37): avc:  denied  { map } for  pid=6859 comm="syz-executor226" path="/dev/usbmon0" dev="devtmpfs" ino=13490 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usbmon_device_t:s0 tclass=chr_file permissive=1
[   38.172708] 
[   38.195326] ======================================================
[   38.201615] WARNING: possible circular locking dependency detected
[   38.207900] 4.14.113 #3 Not tainted
[   38.211518] ------------------------------------------------------
[   38.217819] syz-executor226/6860 is trying to acquire lock:
[   38.223497]  (&mm->mmap_sem){++++}, at: [<ffffffff817be5c0>] __might_fault+0xe0/0x1d0
[   38.231450] 
[   38.231450] but task is already holding lock:
[   38.237390]  (&rp->fetch_lock){+.+.}, at: [<ffffffff83f8325d>] mon_bin_read+0x5d/0x5e0
[   38.245420] 
[   38.245420] which lock already depends on the new lock.
[   38.245420] 
[   38.253707] 
[   38.253707] the existing dependency chain (in reverse order) is:
[   38.261296] 
[   38.261296] -> #1 (&rp->fetch_lock){+.+.}:
[   38.266984]        lock_acquire+0x16f/0x430
[   38.271279]        __mutex_lock+0xe8/0x1470
[   38.275567]        mutex_lock_nested+0x16/0x20
[   38.280121]        mon_bin_vma_fault+0x6f/0x280
[   38.284760]        __do_fault+0x109/0x390
[   38.288880]        __handle_mm_fault+0xde6/0x3470
[   38.293692]        handle_mm_fault+0x293/0x7c0
[   38.298245]        __get_user_pages+0x465/0x1250
[   38.302975]        populate_vma_page_range+0x18e/0x230
[   38.308223]        __mm_populate+0x198/0x2c0
[   38.312607]        vm_mmap_pgoff+0x1be/0x1d0
[   38.316990]        SyS_mmap_pgoff+0x3ca/0x520
[   38.321458]        SyS_mmap+0x16/0x20
[   38.325230]        do_syscall_64+0x1eb/0x630
[   38.329605]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   38.335292] 
[   38.335292] -> #0 (&mm->mmap_sem){++++}:
[   38.340810]        __lock_acquire+0x2c89/0x45e0
[   38.345448]        lock_acquire+0x16f/0x430
[   38.349739]        __might_fault+0x143/0x1d0
[   38.354124]        _copy_to_user+0x2c/0xd0
[   38.358326]        mon_bin_read+0x2fb/0x5e0
[   38.362618]        do_iter_read+0x3e7/0x5b0
[   38.366910]        vfs_readv+0xd3/0x130
[   38.370852]        do_preadv+0x15d/0x200
[   38.374881]        SyS_preadv+0x31/0x40
[   38.378821]        do_syscall_64+0x1eb/0x630
[   38.383200]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   38.388879] 
[   38.388879] other info that might help us debug this:
[   38.388879] 
[   38.396987]  Possible unsafe locking scenario:
[   38.396987] 
[   38.403011]        CPU0                    CPU1
[   38.407648]        ----                    ----
[   38.412297]   lock(&rp->fetch_lock);
[   38.415988]                                lock(&mm->mmap_sem);
[   38.422014]                                lock(&rp->fetch_lock);
[   38.428212]   lock(&mm->mmap_sem);
[   38.431718] 
[   38.431718]  *** DEADLOCK ***
[   38.431718] 
[   38.437746] 1 lock held by syz-executor226/6860:
[   38.442469]  #0:  (&rp->fetch_lock){+.+.}, at: [<ffffffff83f8325d>] mon_bin_read+0x5d/0x5e0
[   38.450932] 
[   38.450932] stack backtrace:
[   38.455414] CPU: 0 PID: 6860 Comm: syz-executor226 Not tainted 4.14.113 #3
[   38.462394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   38.471723] Call Trace:
[   38.474295]  dump_stack+0x138/0x19c
[   38.477890]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   38.483223]  __lock_acquire+0x2c89/0x45e0
[   38.487373]  ? remove_wait_queue+0x10f/0x190
[   38.491769]  ? trace_hardirqs_on+0x10/0x10
[   38.496002]  lock_acquire+0x16f/0x430
[   38.499782]  ? __might_fault+0xe0/0x1d0
[   38.503729]  __might_fault+0x143/0x1d0
[   38.507599]  ? __might_fault+0xe0/0x1d0
[   38.511545]  _copy_to_user+0x2c/0xd0
[   38.515229]  mon_bin_read+0x2fb/0x5e0
[   38.519012]  do_iter_read+0x3e7/0x5b0
[   38.522796]  vfs_readv+0xd3/0x130
[   38.526219]  ? compat_rw_copy_check_uvector+0x310/0x310
[   38.531567]  ? __fget+0x237/0x370
[   38.534991]  ? __fget_light+0x172/0x1f0
[   38.538934]  do_preadv+0x15d/0x200
[   38.542462]  ? do_readv+0x220/0x220
[   38.546088]  ? SyS_writev+0x30/0x30
[   38.549686]  SyS_preadv+0x31/0x40
[   38.553111]  do_syscall_64+0x1eb/0x630
[   38.556971]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   38.561786]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   38.566947] RIP: 0033:0x4497c9
[   38.570114] RSP: 002b:00007f0330a1bce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[   38.577795] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 00000000004497c9
[   38.585033] RDX: 0000000000000341 RSI: 0000000020000400 RDI: 0000000000000004
[   38