[?25l[?1c7[ ok 8[?25h[?0c. [ 11.060260] random: crng init done [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.19' (ECDSA) to the list of known hosts. 2018/11/05 18:07:32 parsed 1 programs 2018/11/05 18:07:33 executed programs: 0 syzkaller login: [ 45.525805] audit: type=1400 audit(1541441259.337:5): avc: denied { associate } for pid=2086 comm="syz-executor5" name="syz5" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2018/11/05 18:07:39 executed programs: 6 2018/11/05 18:07:44 executed programs: 673 [ 51.343829] [ 51.345505] ====================================================== [ 51.351811] [ INFO: possible circular locking dependency detected ] [ 51.358205] 4.9.135+ #62 Not tainted [ 51.361909] ------------------------------------------------------- [ 51.368340] syz-executor0/7571 is trying to acquire lock: [ 51.373881] (&mm->mmap_sem){++++++}, at: [] __do_page_fault+0x7db/0xa60 [ 51.382715] but task is already holding lock: [ 51.387370] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] generic_file_write_iter+0x9d/0x620 [ 51.398685] which lock already depends on the new lock. [ 51.398685] [ 51.405690] [ 51.405690] the existing dependency chain (in reverse order) is: [ 51.413304] -> #2 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 51.419613] lock_acquire+0x130/0x3e0 [ 51.423939] down_write+0x41/0xa0 [ 51.427924] shmem_fallocate+0x13c/0xb10 [ 51.432515] ashmem_shrink_scan+0x1b9/0x4c0 [ 51.437351] ashmem_ioctl+0x2c3/0xf00 [ 51.441667] do_vfs_ioctl+0x1ac/0x11a0 [ 51.446071] SyS_ioctl+0x8f/0xc0 [ 51.449957] do_syscall_64+0x19f/0x550 [ 51.454366] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 51.459982] -> #1 (ashmem_mutex){+.+.+.}: [ 51.464838] lock_acquire+0x130/0x3e0 [ 51.469152] mutex_lock_nested+0xc0/0x900 [ 51.473807] ashmem_mmap+0x55/0x480 [ 51.477935] mmap_region+0x80c/0xf90 [ 51.482156] do_mmap+0x53d/0xbb0 [ 51.486022] vm_mmap_pgoff+0x168/0x1b0 [ 51.490408] SyS_mmap_pgoff+0xfe/0x1b0 [ 51.494792] SyS_mmap+0x16/0x20 [ 51.498568] do_syscall_64+0x19f/0x550 [ 51.502952] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 51.508555] -> #0 (&mm->mmap_sem){++++++}: [ 51.513467] __lock_acquire+0x3189/0x4a10 [ 51.518113] lock_acquire+0x130/0x3e0 [ 51.522410] down_read+0x44/0xb0 [ 51.526275] __do_page_fault+0x7db/0xa60 [ 51.530853] do_page_fault+0x27/0x30 [ 51.535066] page_fault+0x25/0x30 [ 51.539018] generic_perform_write+0x1c7/0x500 [ 51.544099] __generic_file_write_iter+0x352/0x540 [ 51.549525] generic_file_write_iter+0x37a/0x620 [ 51.554776] __vfs_write+0x3d7/0x580 [ 51.559057] vfs_write+0x187/0x520 [ 51.563096] SyS_write+0xd9/0x1c0 [ 51.567044] do_syscall_64+0x19f/0x550 [ 51.571431] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 51.577025] [ 51.577025] other info that might help us debug this: [ 51.577025] [ 51.585142] Chain exists of: &mm->mmap_sem --> ashmem_mutex --> &sb->s_type->i_mutex_key#10 [ 51.594983] Possible unsafe locking scenario: [ 51.594983] [ 51.601015] CPU0 CPU1 [ 51.605656] ---- ---- [ 51.610293] lock(&sb->s_type->i_mutex_key#10); [ 51.615402] lock(ashmem_mutex); [ 51.621599] lock(&sb->s_type->i_mutex_key#10); [ 51.629227] lock(&mm->mmap_sem); [ 51.632980] [ 51.632980] *** DEADLOCK *** [ 51.632980] [ 51.639031] 2 locks held by syz-executor0/7571: [ 51.643671] #0: (sb_writers#6){.+.+.+}, at: [] vfs_write+0x3eb/0x520 [ 51.652485] #1: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] generic_file_write_iter+0x9d/0x620 [ 51.663737] [ 51.663737] stack backtrace: [ 51.668212] CPU: 0 PID: 7571 Comm: syz-executor0 Not tainted 4.9.135+ #62 [ 51.675113] ffff8801cd16f548 ffffffff81b42a19 ffffffff83cc75f0 ffffffff83cae960 [ 51.683153] ffffffff83ca4fd0 ffff8801cd1b08f8 ffff8801cd1b0000 ffff8801cd16f590 [ 51.691155] ffffffff813feb15 0000000000000002 00000000cd1b08d8 0000000000000002 [ 51.699150] Call Trace: [ 51.701715] [] dump_stack+0xc1/0x128 [ 51.707075] [] print_circular_bug.cold.36+0x2f7/0x432 [ 51.713900] [] __lock_acquire+0x3189/0x4a10 [ 51.719863] [] ? get_page_from_freelist+0xda3/0x1d80 [ 51.726597] [] ? trace_hardirqs_on+0x10/0x10 [ 51.732634] [] ? copy_user_handle_tail+0x2e/0xd0 [ 51.739025] [] ? ex_handler_default+0x18/0x90 [ 51.745158] [] ? unxlate_dev_mem_ptr+0xa0/0xa0 [ 51.751388] [] lock_acquire+0x130/0x3e0 [ 51.756992] [] ? __do_page_fault+0x7db/0xa60 [ 51.763035] [] down_read+0x44/0xb0 [ 51.768201] [] ? __do_page_fault+0x7db/0xa60 [ 51.774237] [] __do_page_fault+0x7db/0xa60 [ 51.780098] [] ? bad_area_access_error+0x3a0/0x3a0 [ 51.786655] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.793300] [] do_page_fault+0x27/0x30 [ 51.798834] [] page_fault+0x25/0x30 [ 51.804090] [] ? iov_iter_fault_in_readable+0x1aa/0x400 [ 51.811091] [] ? iov_iter_fault_in_readable+0x1b0/0x400 [ 51.818089] [] ? iov_iter_fault_in_readable+0x1aa/0x400 [ 51.825081] [] ? flex_array_free_parts+0xe0/0xe0 [ 51.831465] [] ? __set_page_dirty_no_writeback+0x6b/0xf0 [ 51.838542] [] ? do_writepages+0x1d0/0x1d0 [ 51.844405] [] ? iov_iter_advance+0x216/0xd40 [ 51.850565] [] generic_perform_write+0x1c7/0x500 [ 51.856956] [] ? filemap_page_mkwrite+0x280/0x280 [ 51.863453] [] ? file_update_time+0xbc/0x390 [ 51.869491] [] ? current_time+0xd0/0xd0 [ 51.875092] [] __generic_file_write_iter+0x352/0x540 [ 51.881823] [] generic_file_write_iter+0x37a/0x620 [ 51.888377] [] __vfs_write+0x3d7/0x580 [ 51.893895] [] ? __vfs_read+0x560/0x560 [ 51.899594] [] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 51.906157] [] ? __sb_start_write+0x161/0x300 [ 51.912290] [] vfs_write+0x187/0x520 [ 51.917631] [] SyS_write+0xd9/0x1c0 [ 51.922892] [] ? SyS_read+0x1c0/0x1c0 [ 51.928320] [] ? do_syscall_64+0x48/0x550 [ 51.934096] [] ? SyS_read+0x1c0/0x1c0 [ 51.939522] [] do_syscall_64+0x19f/0x550 [ 51.945213] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb 2018/11/05 18:07:49 executed programs: 1511 2018/11/05 18:07:54 executed programs: 2525