[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.193' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.626013] [ 27.627645] ====================================================== [ 27.633933] WARNING: possible circular locking dependency detected [ 27.640224] 4.14.243-syzkaller #0 Not tainted [ 27.644692] ------------------------------------------------------ [ 27.651098] syz-executor017/7973 is trying to acquire lock: [ 27.656781] (sb_writers#6){.+.+}, at: [] vfs_fallocate+0x5c1/0x790 [ 27.664776] [ 27.664776] but task is already holding lock: [ 27.670766] (ashmem_mutex){+.+.}, at: [] ashmem_ioctl+0x27e/0xd00 [ 27.678627] [ 27.678627] which lock already depends on the new lock. [ 27.678627] [ 27.686913] [ 27.686913] the existing dependency chain (in reverse order) is: [ 27.694524] [ 27.694524] -> #3 (ashmem_mutex){+.+.}: [ 27.699955] __mutex_lock+0xc4/0x1310 [ 27.704274] ashmem_mmap+0x50/0x5c0 [ 27.708396] mmap_region+0xa1a/0x1220 [ 27.712693] do_mmap+0x5b3/0xcb0 [ 27.716554] vm_mmap_pgoff+0x14e/0x1a0 [ 27.720936] SyS_mmap_pgoff+0x249/0x510 [ 27.725408] do_syscall_64+0x1d5/0x640 [ 27.729791] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.735492] [ 27.735492] -> #2 (&mm->mmap_sem){++++}: [ 27.741009] __might_fault+0x137/0x1b0 [ 27.745389] _copy_to_user+0x27/0xd0 [ 27.749606] filldir+0x1d5/0x390 [ 27.753470] dcache_readdir+0x180/0x860 [ 27.757938] iterate_dir+0x1a0/0x5e0 [ 27.762146] SyS_getdents+0x125/0x240 [ 27.766469] do_syscall_64+0x1d5/0x640 [ 27.770851] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.776532] [ 27.776532] -> #1 (&type->i_mutex_dir_key#5){++++}: [ 27.783022] down_write+0x34/0x90 [ 27.786971] path_openat+0xde2/0x2970 [ 27.791353] do_filp_open+0x179/0x3c0 [ 27.795648] do_sys_open+0x296/0x410 [ 27.799855] do_syscall_64+0x1d5/0x640 [ 27.804238] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.809919] [ 27.809919] -> #0 (sb_writers#6){.+.+}: [ 27.815368] lock_acquire+0x170/0x3f0 [ 27.819664] __sb_start_write+0x64/0x260 [ 27.824244] vfs_fallocate+0x5c1/0x790 [ 27.828627] ashmem_shrink_scan.part.0+0x135/0x3d0 [ 27.834051] ashmem_ioctl+0x294/0xd00 [ 27.838351] do_vfs_ioctl+0x75a/0xff0 [ 27.842648] SyS_ioctl+0x7f/0xb0 [ 27.846507] do_syscall_64+0x1d5/0x640 [ 27.850901] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.856580] [ 27.856580] other info that might help us debug this: [ 27.856580] [ 27.864757] Chain exists of: [ 27.864757] sb_writers#6 --> &mm->mmap_sem --> ashmem_mutex [ 27.864757] [ 27.874973] Possible unsafe locking scenario: [ 27.874973] [ 27.881007] CPU0 CPU1 [ 27.885652] ---- ---- [ 27.890294] lock(ashmem_mutex); [ 27.893721] lock(&mm->mmap_sem); [ 27.899754] lock(ashmem_mutex); [ 27.905846] lock(sb_writers#6); [ 27.909413] [ 27.909413] *** DEADLOCK *** [ 27.909413] [ 27.915456] 1 lock held by syz-executor017/7973: [ 27.920183] #0: (ashmem_mutex){+.+.}, at: [] ashmem_ioctl+0x27e/0xd00 [ 27.928480] [ 27.928480] stack backtrace: [ 27.932959] CPU: 1 PID: 7973 Comm: syz-executor017 Not tainted 4.14.243-syzkaller #0 [ 27.940907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.950239] Call Trace: [ 27.952847] dump_stack+0x1b2/0x281 [ 27.956487] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 27.962264] __lock_acquire+0x2e0e/0x3f20 [ 27.966393] ? aa_file_perm+0x304/0xab0 [ 27.970346] ? __lock_acquire+0x5fc/0x3f20 [ 27.974556] ? trace_hardirqs_on+0x10/0x10 [ 27.978767] ? aa_path_link+0x3a0/0x3a0 [ 27.982756] ? trace_hardirqs_on+0x10/0x10 [ 27.986969] ? cache_alloc_refill+0x2fa/0x350 [ 27.991436] lock_acquire+0x170/0x3f0 [ 27.995213] ? vfs_fallocate+0x5c1/0x790 [ 27.999250] __sb_start_write+0x64/0x260 [ 28.003320] ? vfs_fallocate+0x5c1/0x790 [ 28.007356] ? shmem_evict_inode+0x8b0/0x8b0 [ 28.012173] vfs_fallocate+0x5c1/0x790 [ 28.016038] ashmem_shrink_scan.part.0+0x135/0x3d0 [ 28.020948] ? mutex_trylock+0x152/0x1a0 [ 28.025004] ? ashmem_ioctl+0x27e/0xd00 [ 28.028953] ashmem_ioctl+0x294/0xd00 [ 28.032745] ? userfaultfd_unmap_prep+0x450/0x450 [ 28.037561] ? ashmem_shrink_scan+0x80/0x80 [ 28.041867] ? lock_downgrade+0x740/0x740 [ 28.045987] ? ashmem_shrink_scan+0x80/0x80 [ 28.050287] do_vfs_ioctl+0x75a/0xff0 [ 28.054061] ? ioctl_preallocate+0x1a0/0x1a0 [ 28.058451] ? __fget+0x225/0x360 [ 28.061902] ? fput+0xb/0x140 [ 28.064983] ? SyS_mmap_pgoff+0x25e/0x510 [ 28.069109] ? security_file_ioctl+0x83/0xb0 [ 28.073493] SyS_ioctl+0x7f/0xb0 [ 28.076832] ? do_vfs_ioctl+0xff0/0xff0 [ 28.080781] do_syscall_64+0x1d5/0x640 [ 28.084643] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.089806] RIP: 0033:0x43eec9 [ 28.092987] RSP: 002b:00007ffe68de8d68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 28.100669] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043eec9 [ 28.107916] RDX: 0000000000000000 RSI: 000000000000770a RDI: 0000000000000003 [ 28.115264] RBP: 0000000000402eb0 R08: 0000000000000000 R09: 0000000000000000 [ 28.122511] R10: 0000000000000000 R11: 0000000000000246 R12: 0