Warning: Permanently added '10.128.0.59' (ECDSA) to the list of known hosts. [ 34.180215] random: sshd: uninitialized urandom read (32 bytes read) [ 34.299189] kauditd_printk_skb: 10 callbacks suppressed [ 34.299197] audit: type=1400 audit(1571642642.979:36): avc: denied { map } for pid=6759 comm="syz-executor291" path="/root/syz-executor291677706" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 34.540836] IPVS: ftp: loaded support on port[0] = 21 executing program [ 35.346404] audit: type=1400 audit(1571642644.029:37): avc: denied { map } for pid=6760 comm="syz-executor291" path="/dev/usbmon0" dev="devtmpfs" ino=15282 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usbmon_device_t:s0 tclass=chr_file permissive=1 [ 35.397615] [ 35.399264] ====================================================== [ 35.405558] WARNING: possible circular locking dependency detected [ 35.411855] 4.14.150 #0 Not tainted [ 35.415456] ------------------------------------------------------ [ 35.421749] syz-executor291/6763 is trying to acquire lock: [ 35.427431] (&mm->mmap_sem){++++}, at: [] __might_fault+0xe0/0x1d0 [ 35.435387] [ 35.435387] but task is already holding lock: [ 35.441334] (&rp->fetch_lock){+.+.}, at: [] mon_bin_read+0x5d/0x5e0 [ 35.449461] [ 35.449461] which lock already depends on the new lock. [ 35.449461] [ 35.457753] [ 35.457753] the existing dependency chain (in reverse order) is: [ 35.465350] [ 35.465350] -> #1 (&rp->fetch_lock){+.+.}: [ 35.471053] lock_acquire+0x16f/0x430 [ 35.475353] __mutex_lock+0xe8/0x1470 [ 35.479653] mutex_lock_nested+0x16/0x20 [ 35.484213] mon_bin_vma_fault+0x6f/0x280 [ 35.488862] __do_fault+0x104/0x390 [ 35.492985] __handle_mm_fault+0x2460/0x3470 [ 35.497891] handle_mm_fault+0x293/0x7c0 [ 35.502538] __get_user_pages+0x465/0x1220 [ 35.507388] populate_vma_page_range+0x18e/0x230 [ 35.512765] __mm_populate+0x198/0x2c0 [ 35.517187] vm_mmap_pgoff+0x1be/0x1d0 [ 35.521592] SyS_mmap_pgoff+0x3ca/0x520 [ 35.526070] SyS_mmap+0x16/0x20 [ 35.529849] do_syscall_64+0x1e8/0x640 [ 35.534326] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.540015] [ 35.540015] -> #0 (&mm->mmap_sem){++++}: [ 35.545633] __lock_acquire+0x2cb3/0x4620 [ 35.550279] lock_acquire+0x16f/0x430 [ 35.554576] __might_fault+0x143/0x1d0 [ 35.558963] _copy_to_user+0x2c/0xd0 [ 35.563179] mon_bin_read+0x2fb/0x5e0 [ 35.567474] __vfs_read+0x105/0x6a0 [ 35.571598] vfs_read+0x137/0x350 [ 35.575548] SyS_read+0xfd/0x230 [ 35.579428] do_syscall_64+0x1e8/0x640 [ 35.583820] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.589525] [ 35.589525] other info that might help us debug this: [ 35.589525] [ 35.597658] Possible unsafe locking scenario: [ 35.597658] [ 35.603696] CPU0 CPU1 [ 35.608339] ---- ---- [ 35.612983] lock(&rp->fetch_lock); [ 35.616684] lock(&mm->mmap_sem); [ 35.622718] lock(&rp->fetch_lock); [ 35.628923] lock(&mm->mmap_sem); [ 35.632438] [ 35.632438] *** DEADLOCK *** [ 35.632438] [ 35.638472] 1 lock held by syz-executor291/6763: [ 35.643213] #0: (&rp->fetch_lock){+.+.}, at: [] mon_bin_read+0x5d/0x5e0 [ 35.651701] [ 35.651701] stack backtrace: [ 35.656176] CPU: 1 PID: 6763 Comm: syz-executor291 Not tainted 4.14.150 #0 [ 35.663163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.672507] Call Trace: [ 35.675077] dump_stack+0x138/0x197 [ 35.678773] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 35.684115] __lock_acquire+0x2cb3/0x4620 [ 35.688692] ? remove_wait_queue+0x10f/0x190 [ 35.693090] ? trace_hardirqs_on+0x10/0x10 [ 35.697306] ? save_trace+0x290/0x290 [ 35.701104] lock_acquire+0x16f/0x430 [ 35.704907] ? __might_fault+0xe0/0x1d0 [ 35.708863] __might_fault+0x143/0x1d0 [ 35.712731] ? __might_fault+0xe0/0x1d0 [ 35.716686] _copy_to_user+0x2c/0xd0 [ 35.720389] mon_bin_read+0x2fb/0x5e0 [ 35.724173] __vfs_read+0x105/0x6a0 [ 35.727780] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 35.734598] ? mon_bin_fetch+0x2e0/0x2e0 [ 35.738636] ? vfs_copy_file_range+0xa40/0xa40 [ 35.743196] ? __inode_security_revalidate+0xd6/0x130 [ 35.748371] ? avc_policy_seqno+0x9/0x20 [ 35.752498] ? selinux_file_permission+0x85/0x480 [ 35.757334] ? security_file_permission+0x89/0x1f0 [ 35.762243] ? rw_verify_area+0xea/0x2b0 [ 35.766305] vfs_read+0x137/0x350 [ 35.769739] SyS_read+0xfd/0x230 [ 35.773093] ? kernel_write+0x120/0x120 [ 35.777048] ? do_syscall_64+0x53/0x640 [ 35.781004] ? kernel_write+0x120/0x120 [ 35.784973] do_syscall_64+0x1e8/0x640 [ 35.788852] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.793676] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.798845] RIP: 0033:0x449fc9 [ 35.802013] RSP: 002b:00007fb219c05ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 35.809711] RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 0000000000449fc9 [ 35.816966] RDX: 0000000000000016 RSI: 0000000020000100 RDI: 0000000000000003 [ 35.824212] RBP: 00000000006dbc30 R08: 00007fb219c06700 R09: 0000000000000000 [ 35.831472] R10: 00007fb219c06700 R11: 0000000000000246 R12: 00000000006dbc3c [ 35.838726] R13: 00007ffc0e8703ff R14: 00007fb219c069c0 R15: 000000000000002d