Warning: Permanently added '10.128.0.79' (ECDSA) to the list of known hosts. executing program [ 51.684624] audit: type=1400 audit(1559955068.183:36): avc: denied { map } for pid=7758 comm="syz-executor196" path="/root/syz-executor196500642" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 51.704643] IPVS: ftp: loaded support on port[0] = 21 [ 51.742325] audit: type=1400 audit(1559955068.243:37): avc: denied { map } for pid=7759 comm="syz-executor196" path="/dev/usbmon0" dev="devtmpfs" ino=16435 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usbmon_device_t:s0 tclass=chr_file permissive=1 [ 51.747763] [ 51.769606] ====================================================== [ 51.775935] WARNING: possible circular locking dependency detected [ 51.782288] 4.19.48 #20 Not tainted [ 51.785920] ------------------------------------------------------ [ 51.792221] syz-executor196/7760 is trying to acquire lock: [ 51.797914] 00000000c1e577a4 (&mm->mmap_sem){++++}, at: __might_fault+0xfb/0x1e0 [ 51.805478] [ 51.805478] but task is already holding lock: [ 51.811439] 0000000035d87dbb (&rp->fetch_lock){+.+.}, at: mon_bin_read+0x60/0x640 [ 51.819072] [ 51.819072] which lock already depends on the new lock. [ 51.819072] [ 51.827382] [ 51.827382] the existing dependency chain (in reverse order) is: [ 51.834988] [ 51.834988] -> #1 (&rp->fetch_lock){+.+.}: [ 51.840721] __mutex_lock+0xf7/0x1300 [ 51.845043] mutex_lock_nested+0x16/0x20 [ 51.849617] mon_bin_vma_fault+0x73/0x2d0 [ 51.854279] __do_fault+0x111/0x480 [ 51.858422] __handle_mm_fault+0xf6d/0x3f80 [ 51.863260] handle_mm_fault+0x43f/0xb30 [ 51.867838] __get_user_pages+0x609/0x17a0 [ 51.872595] populate_vma_page_range+0x20d/0x2a0 [ 51.877869] __mm_populate+0x204/0x380 [ 51.882279] vm_mmap_pgoff+0x213/0x230 [ 51.886680] ksys_mmap_pgoff+0x4aa/0x630 [ 51.891277] __x64_sys_mmap+0xe9/0x1b0 [ 51.895685] do_syscall_64+0xfd/0x620 [ 51.900012] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.905709] [ 51.905709] -> #0 (&mm->mmap_sem){++++}: [ 51.911258] lock_acquire+0x16f/0x3f0 [ 51.915571] __might_fault+0x15e/0x1e0 [ 51.919983] _copy_to_user+0x30/0x120 [ 51.924295] mon_bin_read+0x329/0x640 [ 51.928614] __vfs_read+0x114/0x800 [ 51.932767] vfs_read+0x194/0x3d0 [ 51.936759] ksys_read+0x14f/0x2d0 [ 51.940814] __x64_sys_read+0x73/0xb0 [ 51.945128] do_syscall_64+0xfd/0x620 [ 51.949448] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.955161] [ 51.955161] other info that might help us debug this: [ 51.955161] [ 51.963294] Possible unsafe locking scenario: [ 51.963294] [ 51.969340] CPU0 CPU1 [ 51.973991] ---- ---- [ 51.978645] lock(&rp->fetch_lock); [ 51.982361] lock(&mm->mmap_sem); [ 51.988423] lock(&rp->fetch_lock); [ 51.994646] lock(&mm->mmap_sem); [ 51.998184] [ 51.998184] *** DEADLOCK *** [ 51.998184] [ 52.004238] 1 lock held by syz-executor196/7760: [ 52.008981] #0: 0000000035d87dbb (&rp->fetch_lock){+.+.}, at: mon_bin_read+0x60/0x640 [ 52.017053] [ 52.017053] stack backtrace: [ 52.021554] CPU: 1 PID: 7760 Comm: syz-executor196 Not tainted 4.19.48 #20 [ 52.028558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.037901] Call Trace: [ 52.040493] dump_stack+0x172/0x1f0 [ 52.044130] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 52.049497] __lock_acquire+0x2e6d/0x48f0 [ 52.053647] ? mark_held_locks+0x100/0x100 [ 52.057883] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 52.062992] ? __lock_is_held+0xb6/0x140 [ 52.067049] ? __lock_acquire+0x6eb/0x48f0 [ 52.071286] lock_acquire+0x16f/0x3f0 [ 52.075089] ? __might_fault+0xfb/0x1e0 [ 52.079070] __might_fault+0x15e/0x1e0 [ 52.082973] ? __might_fault+0xfb/0x1e0 [ 52.086944] _copy_to_user+0x30/0x120 [ 52.090754] mon_bin_read+0x329/0x640 [ 52.094554] __vfs_read+0x114/0x800 [ 52.098217] ? copy_from_buf.isra.0+0x1c0/0x1c0 [ 52.102879] ? vfs_copy_file_range+0xba0/0xba0 [ 52.107455] ? __inode_security_revalidate+0xda/0x120 [ 52.112661] ? avc_policy_seqno+0xd/0x70 [ 52.116717] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 52.121728] ? security_file_permission+0x89/0x230 [ 52.126655] ? rw_verify_area+0x118/0x360 [ 52.130801] vfs_read+0x194/0x3d0 [ 52.134253] ksys_read+0x14f/0x2d0 [ 52.137786] ? kernel_write+0x120/0x120 [ 52.141795] ? do_syscall_64+0x26/0x620 [ 52.145766] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.151125] ? do_syscall_64+0x26/0x620 [ 52.155097] __x64_sys_read+0x73/0xb0 [ 52.158894] do_syscall_64+0xfd/0x620 [ 52.162695] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.167878] RIP: 0033:0x449f19 [ 52.171066] Code: e8 4c bc 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b d3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 52.189962] RSP: 002b:00007f2827677ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 52.197693] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000449f19 [ 52.204976] RDX: 000000000000ffab RSI: 0000000000000000 RDI: 0000000000000003 [ 52.212236] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 52.219544] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 52.226846] R13: 00007fff1ee551af R14: 00007f28276789c0 R15: 000000000000002d