Warning: Permanently added '10.128.0.196' (ECDSA) to the list of known hosts. executing program [ 55.329580] audit: type=1400 audit(1549315067.408:36): avc: denied { map } for pid=8170 comm="syz-executor437" path="/root/syz-executor437834805" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 55.357985] audit: type=1400 audit(1549315067.438:37): avc: denied { map } for pid=8171 comm="syz-executor437" path="/dev/ashmem" dev="devtmpfs" ino=17136 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 executing program [ 55.495106] [ 55.496775] ====================================================== [ 55.503082] WARNING: possible circular locking dependency detected [ 55.509379] 5.0.0-rc5 #60 Not tainted [ 55.513156] ------------------------------------------------------ [ 55.519452] syz-executor437/8175 is trying to acquire lock: [ 55.525141] 00000000f769c9f4 (&mm->mmap_sem){++++}, at: __do_page_fault+0x9c2/0xd60 [ 55.532930] [ 55.532930] but task is already holding lock: [ 55.538879] 000000003c7b06de (&sb->s_type->i_mutex_key#12){+.+.}, at: generic_file_write_iter+0xdf/0x610 [ 55.548489] [ 55.548489] which lock already depends on the new lock. [ 55.548489] [ 55.556803] [ 55.556803] the existing dependency chain (in reverse order) is: [ 55.564398] [ 55.564398] -> #2 (&sb->s_type->i_mutex_key#12){+.+.}: [ 55.571148] down_write+0x38/0x90 [ 55.575107] shmem_fallocate+0x15a/0xc60 [ 55.579674] ashmem_shrink_scan+0x1d7/0x4f0 [ 55.584497] ashmem_ioctl+0x2f0/0x11a0 [ 55.588899] do_vfs_ioctl+0xd6e/0x1390 [ 55.593287] ksys_ioctl+0xab/0xd0 [ 55.597242] __x64_sys_ioctl+0x73/0xb0 [ 55.601632] do_syscall_64+0x103/0x610 [ 55.606031] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.611733] [ 55.611733] -> #1 (ashmem_mutex){+.+.}: [ 55.617172] __mutex_lock+0xf7/0x1310 [ 55.621477] mutex_lock_nested+0x16/0x20 [ 55.626057] ashmem_mmap+0x55/0x520 [ 55.630188] mmap_region+0xc37/0x1760 [ 55.634492] do_mmap+0x8e2/0x1080 [ 55.638455] vm_mmap_pgoff+0x1c5/0x230 [ 55.642843] ksys_mmap_pgoff+0x4aa/0x630 [ 55.647406] __x64_sys_mmap+0xe9/0x1b0 [ 55.651800] do_syscall_64+0x103/0x610 [ 55.656191] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.661884] [ 55.661884] -> #0 (&mm->mmap_sem){++++}: [ 55.667412] lock_acquire+0x16f/0x3f0 [ 55.671729] down_read+0x3b/0x90 [ 55.675599] __do_page_fault+0x9c2/0xd60 [ 55.680168] do_page_fault+0x71/0x581 [ 55.684470] page_fault+0x1e/0x30 [ 55.688429] iov_iter_fault_in_readable+0x1ba/0x450 [ 55.693949] generic_perform_write+0x195/0x530 [ 55.699036] __generic_file_write_iter+0x25e/0x630 [ 55.704480] generic_file_write_iter+0x360/0x610 [ 55.709745] __vfs_write+0x613/0x8e0 [ 55.713977] vfs_write+0x20c/0x580 [ 55.718019] ksys_write+0xea/0x1f0 [ 55.722068] __x64_sys_write+0x73/0xb0 [ 55.726460] do_syscall_64+0x103/0x610 [ 55.730853] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.736543] [ 55.736543] other info that might help us debug this: [ 55.736543] [ 55.744660] Chain exists of: [ 55.744660] &mm->mmap_sem --> ashmem_mutex --> &sb->s_type->i_mutex_key#12 [ 55.744660] [ 55.756180] Possible unsafe locking scenario: [ 55.756180] [ 55.762238] CPU0 CPU1 [ 55.766895] ---- ---- [ 55.771541] lock(&sb->s_type->i_mutex_key#12); [ 55.776277] lock(ashmem_mutex); [ 55.782225] lock(&sb->s_type->i_mutex_key#12); [ 55.789573] lock(&mm->mmap_sem); [ 55.793094] [ 55.793094] *** DEADLOCK *** [ 55.793094] [ 55.799129] 2 locks held by syz-executor437/8175: [ 55.803943] #0: 0000000032cd89ae (sb_writers#6){.+.+}, at: vfs_write+0x429/0x580 [ 55.811559] #1: 000000003c7b06de (&sb->s_type->i_mutex_key#12){+.+.}, at: generic_file_write_iter+0xdf/0x610 [ 55.821606] [ 55.821606] stack backtrace: [ 55.826084] CPU: 1 PID: 8175 Comm: syz-executor437 Not tainted 5.0.0-rc5 #60 [ 55.833262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.842595] Call Trace: [ 55.845182] dump_stack+0x172/0x1f0 [ 55.848798] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 55.854144] __lock_acquire+0x2f00/0x4700 [ 55.858302] ? mark_held_locks+0x100/0x100 [ 55.862546] ? mark_held_locks+0x100/0x100 [ 55.866763] ? __lock_is_held+0xb6/0x140 [ 55.870807] lock_acquire+0x16f/0x3f0 [ 55.874598] ? __do_page_fault+0x9c2/0xd60 [ 55.878821] down_read+0x3b/0x90 [ 55.882171] ? __do_page_fault+0x9c2/0xd60 [ 55.886387] __do_page_fault+0x9c2/0xd60 [ 55.890434] do_page_fault+0x71/0x581 [ 55.894218] page_fault+0x1e/0x30 [ 55.897673] RIP: 0010:iov_iter_fault_in_readable+0x1ba/0x450 [ 55.903451] Code: 4c 39 f3 76 17 eb 3b e8 e4 29 47 fe 48 81 c3 00 10 00 00 48 39 9d 68 ff ff ff 72 2d e8 cf 29 47 fe 0f 1f 00 0f ae e8 45 31 f6 <8a> 13 0f 1f 00 31 ff 44 89 f6 41 88 57 d0 e8 33 2b 47 fe 45 85 f6 [ 55.922337] RSP: 0018:ffff88808045f9b8 EFLAGS: 00010246 [ 55.927683] RAX: ffff888094fd0140 RBX: 0000000020f5d000 RCX: ffffffff8328b126 [ 55.934931] RDX: 0000000000000000 RSI: ffffffff8328b151 RDI: 0000000000000005 [ 55.942183] RBP: ffff88808045fa58 R08: ffff888094fd0140 R09: fffff940004459af [ 55.949433] R10: fffff940004459ae R11: ffffea000222cd77 R12: 0000000000001000 [ 55.956683] R13: 0000000000001000 R14: 0000000000000000 R15: ffff88808045fa30 [ 55.963967] ? iov_iter_fault_in_readable+0x186/0x450 [ 55.969146] ? iov_iter_fault_in_readable+0x1b1/0x450 [ 55.974318] ? iov_iter_fault_in_readable+0x1b1/0x450 [ 55.979488] ? copy_page_from_iter+0x750/0x750 [ 55.984061] generic_perform_write+0x195/0x530 [ 55.988627] ? page_endio+0x780/0x780 [ 55.992412] ? current_time+0x140/0x140 [ 55.996372] ? lock_acquire+0x16f/0x3f0 [ 56.000330] __generic_file_write_iter+0x25e/0x630 [ 56.005240] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 56.010239] generic_file_write_iter+0x360/0x610 [ 56.014980] ? __generic_file_write_iter+0x630/0x630 [ 56.020069] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 56.025606] ? iov_iter_init+0xea/0x220 [ 56.029578] __vfs_write+0x613/0x8e0 [ 56.033282] ? kernel_read+0x120/0x120 [ 56.037226] ? rcu_read_lock_sched_held+0x110/0x130 [ 56.042241] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 56.046983] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.052513] ? __sb_start_write+0x1ac/0x360 [ 56.056822] vfs_write+0x20c/0x580 [ 56.060413] ksys_write+0xea/0x1f0 [ 56.063942] ? __ia32_sys_read+0xb0/0xb0 [ 56.068006] ? do_syscall_64+0x26/0x610 [ 56.071973] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.077318] ? do_syscall_64+0x26/0x610 [ 56.081292] __x64_sys_write+0x73/0xb0 [ 56.085164] do_syscall_64+0x103/0x610 [ 56.089111] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.094295] RIP: 0033:0x446479 [ 56.097482] Code: e8 2c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.116383] RSP: 002b:00007f004f115da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 56.124078] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446479 [ 56.131353] RDX: 00000000ffffff76 RSI: 0000000020000000 RDI: 0000000000000004 [ 56.138607] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 executing program [ 56.145859] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 56.153110] R13: 0000000000000000 R14: 0080000080000000 R15: 20c49ba5e353f7cf executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program