[ 34.877969] audit: type=1800 audit(1555663597.139:33): pid=6912 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 34.904573] audit: type=1800 audit(1555663597.139:34): pid=6912 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 40.554078] random: sshd: uninitialized urandom read (32 bytes read) [ 40.766785] audit: type=1400 audit(1555663603.029:35): avc: denied { map } for pid=7085 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 40.812662] random: sshd: uninitialized urandom read (32 bytes read) [ 41.357872] random: sshd: uninitialized urandom read (32 bytes read) [ 44.897286] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.170' (ECDSA) to the list of known hosts. [ 50.473281] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 50.596506] audit: type=1400 audit(1555663612.859:36): avc: denied { map } for pid=7097 comm="syz-executor066" path="/root/syz-executor066649710" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 50.615258] [ 50.623469] audit: type=1400 audit(1555663612.879:37): avc: denied { map } for pid=7097 comm="syz-executor066" path="/dev/usbmon0" dev="devtmpfs" ino=436 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usbmon_device_t:s0 tclass=chr_file permissive=1 [ 50.624591] ====================================================== [ 50.656344] WARNING: possible circular locking dependency detected [ 50.662646] 4.14.112 #2 Not tainted [ 50.666249] ------------------------------------------------------ [ 50.672632] syz-executor066/7098 is trying to acquire lock: [ 50.678358] (&mm->mmap_sem){++++}, at: [] __might_fault+0xe0/0x1d0 [ 50.686325] [ 50.686325] but task is already holding lock: [ 50.692274] (&rp->fetch_lock){+.+.}, at: [] mon_bin_read+0x5d/0x5e0 [ 50.700318] [ 50.700318] which lock already depends on the new lock. [ 50.700318] [ 50.708621] [ 50.708621] the existing dependency chain (in reverse order) is: [ 50.716221] [ 50.716221] -> #1 (&rp->fetch_lock){+.+.}: [ 50.721924] lock_acquire+0x16f/0x430 [ 50.726235] __mutex_lock+0xe8/0x1470 [ 50.730541] mutex_lock_nested+0x16/0x20 [ 50.735110] mon_bin_vma_fault+0x6f/0x280 [ 50.739764] __do_fault+0x109/0x390 [ 50.743892] __handle_mm_fault+0xde6/0x3470 [ 50.748718] handle_mm_fault+0x293/0x7c0 [ 50.753317] __get_user_pages+0x465/0x1250 [ 50.758187] populate_vma_page_range+0x18e/0x230 [ 50.763444] __mm_populate+0x198/0x2c0 [ 50.767903] vm_mmap_pgoff+0x1be/0x1d0 [ 50.772296] SyS_mmap_pgoff+0x3ca/0x520 [ 50.776896] SyS_mmap+0x16/0x20 [ 50.780681] do_syscall_64+0x1eb/0x630 [ 50.785114] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 50.790800] [ 50.790800] -> #0 (&mm->mmap_sem){++++}: [ 50.796331] __lock_acquire+0x2c89/0x45e0 [ 50.800982] lock_acquire+0x16f/0x430 [ 50.805286] __might_fault+0x143/0x1d0 [ 50.809674] _copy_to_user+0x2c/0xd0 [ 50.813889] mon_bin_read+0x2fb/0x5e0 [ 50.818235] __vfs_read+0x107/0x6b0 [ 50.822366] vfs_read+0x137/0x350 [ 50.826319] SyS_read+0xb8/0x180 [ 50.830199] do_syscall_64+0x1eb/0x630 [ 50.834650] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 50.840341] [ 50.840341] other info that might help us debug this: [ 50.840341] [ 50.848738] Possible unsafe locking scenario: [ 50.848738] [ 50.855172] CPU0 CPU1 [ 50.859811] ---- ---- [ 50.864497] lock(&rp->fetch_lock); [ 50.868199] lock(&mm->mmap_sem); [ 50.874271] lock(&rp->fetch_lock); [ 50.880486] lock(&mm->mmap_sem); [ 50.884045] [ 50.884045] *** DEADLOCK *** [ 50.884045] [ 50.890107] 1 lock held by syz-executor066/7098: [ 50.894839] #0: (&rp->fetch_lock){+.+.}, at: [] mon_bin_read+0x5d/0x5e0 [ 50.903318] [ 50.903318] stack backtrace: [ 50.907799] CPU: 1 PID: 7098 Comm: syz-executor066 Not tainted 4.14.112 #2 [ 50.914800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.924139] Call Trace: [ 50.926713] dump_stack+0x138/0x19c [ 50.930359] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 50.935727] __lock_acquire+0x2c89/0x45e0 [ 50.939859] ? remove_wait_queue+0x10f/0x190 [ 50.944353] ? trace_hardirqs_on+0x10/0x10 [ 50.948566] ? save_trace+0x290/0x290 [ 50.952389] lock_acquire+0x16f/0x430 [ 50.956265] ? __might_fault+0xe0/0x1d0 [ 50.960227] __might_fault+0x143/0x1d0 [ 50.964096] ? __might_fault+0xe0/0x1d0 [ 50.968168] _copy_to_user+0x2c/0xd0 [ 50.971867] mon_bin_read+0x2fb/0x5e0 [ 50.975719] __vfs_read+0x107/0x6b0 [ 50.979384] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 50.986162] ? mon_bin_fetch+0x2e0/0x2e0 [ 50.990302] ? vfs_copy_file_range+0xa40/0xa40 [ 50.994869] ? __inode_security_revalidate+0xd6/0x130 [ 51.000042] ? avc_policy_seqno+0x9/0x20 [ 51.004089] ? selinux_file_permission+0x85/0x480 [ 51.008955] ? security_file_permission+0x8f/0x1f0 [ 51.013873] ? rw_verify_area+0xea/0x2b0 [ 51.017919] vfs_read+0x137/0x350 [ 51.021359] SyS_read+0xb8/0x180 [ 51.024868] ? kernel_write+0x120/0x120 [ 51.028827] ? do_syscall_64+0x53/0x630 [ 51.032788] ? kernel_write+0x120/0x120 [ 51.036747] do_syscall_64+0x1eb/0x630 [ 51.040777] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.045645] entry_SYSCALL_64_