Warning: Permanently added '10.128.15.208' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 53.245507] kauditd_printk_skb: 2 callbacks suppressed [ 53.245523] audit: type=1400 audit(1571299658.231:36): avc: denied { map } for pid=7566 comm="syz-executor315" path="/root/syz-executor315644285" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 53.262763] IPVS: ftp: loaded support on port[0] = 21 [ 53.311003] audit: type=1400 audit(1571299658.291:37): avc: denied { map } for pid=7567 comm="syz-executor315" path="/dev/usbmon0" dev="devtmpfs" ino=16250 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usbmon_device_t:s0 tclass=chr_file permissive=1 [ 53.362416] [ 53.364092] ====================================================== [ 53.370846] WARNING: possible circular locking dependency detected [ 53.377154] 4.19.79 #0 Not tainted [ 53.380673] ------------------------------------------------------ [ 53.386985] syz-executor315/7569 is trying to acquire lock: [ 53.392677] 00000000c3312543 (&mm->mmap_sem){++++}, at: __might_fault+0xfb/0x1e0 [ 53.400303] [ 53.400303] but task is already holding lock: [ 53.406263] 000000008040199b (&rp->fetch_lock){+.+.}, at: mon_bin_read+0x60/0x640 [ 53.413886] [ 53.413886] which lock already depends on the new lock. [ 53.413886] [ 53.422296] [ 53.422296] the existing dependency chain (in reverse order) is: [ 53.429927] [ 53.429927] -> #1 (&rp->fetch_lock){+.+.}: [ 53.436275] __mutex_lock+0xf7/0x1300 [ 53.440589] mutex_lock_nested+0x16/0x20 [ 53.445161] mon_bin_vma_fault+0x73/0x2d0 [ 53.450007] __do_fault+0x111/0x480 [ 53.454158] __handle_mm_fault+0x2d78/0x3f80 [ 53.463862] handle_mm_fault+0x1b5/0x690 [ 53.468439] __get_user_pages+0x609/0x17a0 [ 53.473179] populate_vma_page_range+0x20d/0x2a0 [ 53.478445] __mm_populate+0x204/0x380 [ 53.482927] vm_mmap_pgoff+0x213/0x230 [ 53.487343] ksys_mmap_pgoff+0x4aa/0x630 [ 53.491913] __x64_sys_mmap+0xe9/0x1b0 [ 53.496753] do_syscall_64+0xfd/0x620 [ 53.501107] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.506800] [ 53.506800] -> #0 (&mm->mmap_sem){++++}: [ 53.512550] lock_acquire+0x16f/0x3f0 [ 53.516857] __might_fault+0x15e/0x1e0 [ 53.521255] _copy_to_user+0x30/0x120 [ 53.525597] mon_bin_read+0x329/0x640 [ 53.529906] __vfs_read+0x114/0x800 [ 53.534228] vfs_read+0x194/0x3d0 [ 53.538194] ksys_read+0x14f/0x2d0 [ 53.542503] __x64_sys_read+0x73/0xb0 [ 53.546813] do_syscall_64+0xfd/0x620 [ 53.551125] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.556901] [ 53.556901] other info that might help us debug this: [ 53.556901] [ 53.565026] Possible unsafe locking scenario: [ 53.565026] [ 53.571064] CPU0 CPU1 [ 53.575712] ---- ---- [ 53.580362] lock(&rp->fetch_lock); [ 53.584060] lock(&mm->mmap_sem); [ 53.590288] lock(&rp->fetch_lock); [ 53.596506] lock(&mm->mmap_sem); [ 53.600041] [ 53.600041] *** DEADLOCK *** [ 53.600041] [ 53.606089] 1 lock held by syz-executor315/7569: [ 53.610823] #0: 000000008040199b (&rp->fetch_lock){+.+.}, at: mon_bin_read+0x60/0x640 [ 53.618887] [ 53.618887] stack backtrace: [ 53.623373] CPU: 0 PID: 7569 Comm: syz-executor315 Not tainted 4.19.79 #0 [ 53.630280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.639620] Call Trace: [ 53.642304] dump_stack+0x172/0x1f0 [ 53.645929] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 53.651282] __lock_acquire+0x2e19/0x49c0 [ 53.655417] ? mark_held_locks+0xb1/0x100 [ 53.659556] ? mark_held_locks+0x100/0x100 [ 53.663794] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 53.668884] ? __lock_is_held+0xb6/0x140 [ 53.672931] ? __lock_acquire+0x6ee/0x49c0 [ 53.677244] lock_acquire+0x16f/0x3f0 [ 53.681045] ? __might_fault+0xfb/0x1e0 [ 53.685007] __might_fault+0x15e/0x1e0 [ 53.688877] ? __might_fault+0xfb/0x1e0 [ 53.692840] _copy_to_user+0x30/0x120 [ 53.696632] mon_bin_read+0x329/0x640 [ 53.700419] __vfs_read+0x114/0x800 [ 53.704031] ? copy_from_buf.isra.0+0x1c0/0x1c0 [ 53.708685] ? vfs_copy_file_range+0xba0/0xba0 [ 53.713412] ? __inode_security_revalidate+0xda/0x120 [ 53.718600] ? avc_policy_seqno+0xd/0x70 [ 53.722649] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 53.727653] ? security_file_permission+0x89/0x230 [ 53.732567] ? rw_verify_area+0x118/0x360 [ 53.736710] vfs_read+0x194/0x3d0 [ 53.740154] ksys_read+0x14f/0x2d0 [ 53.743683] ? kernel_write+0x120/0x120 [ 53.747652] ? do_syscall_64+0x26/0x620 [ 53.751615] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.756967] ? do_syscall_64+0x26/0x620 [ 53.760933] __x64_sys_read+0x73/0xb0 [ 53.764725] do_syscall_64+0xfd/0x620 [ 53.768511] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.773703] RIP: 0033:0x449ff9 [ 53.776884] Code: e8 4c bc 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb d2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.795912] RSP: 002b:00007fdb75f85ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 53.803648] RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 0000000000449ff9 [ 53.811696] RDX: 0000000000000031 RSI: 0000000020000000 RDI: 0000000000000003 [ 53.818951] RBP: 00000000006dbc30 R08: 00007fdb75f86700 R09: 0000000000000000 [ 53.826291] R10: 00007fdb75f86700 R11: 0000000000000246 R12: 00000000006dbc3c [ 53.833551] R13: 00007fffa4071e9f R14: 00007fdb75f869c0 R15: 000000000000002d