[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 11.056827] random: crng init done [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.61' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.182405] audit: type=1400 audit(1549047200.056:5): avc: denied { associate } for pid=2049 comm="syz-executor138" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 41.534502] [ 41.536180] ====================================================== [ 41.542482] [ INFO: possible circular locking dependency detected ] [ 41.548864] 4.9.154+ #20 Not tainted [ 41.552555] ------------------------------------------------------- [ 41.558943] syz-executor138/2687 is trying to acquire lock: [ 41.564624] (&mm->mmap_sem){++++++}, at: [] __do_page_fault+0x7bd/0xa60 [ 41.573376] but task is already holding lock: [ 41.578020] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] generic_file_write_iter+0x9a/0x630 [ 41.588834] which lock already depends on the new lock. [ 41.588834] [ 41.595818] [ 41.595818] the existing dependency chain (in reverse order) is: [ 41.603412] -> #2 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 41.609633] lock_acquire+0x133/0x3d0 [ 41.613932] down_write+0x41/0xa0 [ 41.617883] shmem_fallocate+0x143/0xab0 [ 41.622441] ashmem_shrink_scan+0x1c3/0x4c0 [ 41.627274] ashmem_ioctl+0x29b/0xdd0 [ 41.631573] do_vfs_ioctl+0xb87/0x11d0 [ 41.635956] SyS_ioctl+0x8f/0xc0 [ 41.639820] do_syscall_64+0x1ad/0x570 [ 41.644205] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 41.649798] -> #1 (ashmem_mutex){+.+.+.}: [ 41.654575] lock_acquire+0x133/0x3d0 [ 41.658872] mutex_lock_nested+0xc7/0x920 [ 41.663514] ashmem_mmap+0x53/0x470 [ 41.667640] mmap_region+0x7e7/0xfa0 [ 41.671862] do_mmap+0x539/0xbc0 [ 41.675728] vm_mmap_pgoff+0x179/0x1c0 [ 41.680110] SyS_mmap_pgoff+0xfa/0x1b0 [ 41.684495] SyS_mmap+0x16/0x20 [ 41.688272] do_syscall_64+0x1ad/0x570 [ 41.692660] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 41.698263] -> #0 (&mm->mmap_sem){++++++}: [ 41.703145] __lock_acquire+0x2d10/0x4350 [ 41.707790] lock_acquire+0x133/0x3d0 [ 41.712090] down_read+0x44/0xb0 [ 41.715954] __do_page_fault+0x7bd/0xa60 [ 41.720513] do_page_fault+0x28/0x30 [ 41.724723] page_fault+0x25/0x30 [ 41.728675] generic_perform_write+0x1b6/0x500 [ 41.733752] __generic_file_write_iter+0x340/0x530 [ 41.739184] generic_file_write_iter+0x38a/0x630 [ 41.744436] __vfs_write+0x3c1/0x560 [ 41.748644] vfs_write+0x185/0x520 [ 41.752681] SyS_write+0xdc/0x1c0 [ 41.756627] do_syscall_64+0x1ad/0x570 [ 41.761025] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 41.766620] [ 41.766620] other info that might help us debug this: [ 41.766620] [ 41.774733] Chain exists of: &mm->mmap_sem --> ashmem_mutex --> &sb->s_type->i_mutex_key#10 [ 41.784482] Possible unsafe locking scenario: [ 41.784482] [ 41.790519] CPU0 CPU1 [ 41.795158] ---- ---- [ 41.799796] lock(&sb->s_type->i_mutex_key#10); [ 41.804884] lock(ashmem_mutex); [ 41.811068] lock(&sb->s_type->i_mutex_key#10); [ 41.818680] lock(&mm->mmap_sem); [ 41.822437] [ 41.822437] *** DEADLOCK *** [ 41.822437] [ 41.828470] 2 locks held by syz-executor138/2687: [ 41.833287] #0: (sb_writers#6){.+.+.+}, at: [] vfs_write+0x3e9/0x520 [ 41.842089] #1: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] generic_file_write_iter+0x9a/0x630 [ 41.853384] [ 41.853384] stack backtrace: [ 41.857888] CPU: 1 PID: 2687 Comm: syz-executor138 Not tainted 4.9.154+ #20 [ 41.864963] ffff8801c6c975d8 ffffffff81b47411 ffffffff83cab180 ffffffff83cb4b10 [ 41.872955] ffffffff83ccb790 ffffffff8424cd40 ffff8801c79e17c0 ffff8801c6c97630 [ 41.880974] ffffffff813ff088 dffffc0000000000 ffffffff8402a780 ffff8801c79e20c0 [ 41.888971] Call Trace: [ 41.891533] [] dump_stack+0xc1/0x120 [ 41.896876] [] print_circular_bug.cold+0x2f6/0x454 [ 41.903431] [] __lock_acquire+0x2d10/0x4350 [ 41.909389] [] ? kasan_unpoison_shadow+0x35/0x50 [ 41.915775] [] ? kasan_alloc_pages+0x38/0x40 [ 41.921807] [] ? trace_hardirqs_on+0x10/0x10 [ 41.927842] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 41.934656] [] lock_acquire+0x133/0x3d0 [ 41.940263] [] ? __do_page_fault+0x7bd/0xa60 [ 41.946297] [] down_read+0x44/0xb0 [ 41.951463] [] ? __do_page_fault+0x7bd/0xa60 [ 41.957504] [] __do_page_fault+0x7bd/0xa60 [ 41.963369] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 41.970099] [] ? bad_area_access_error+0x3d0/0x3d0 [ 41.976651] [] ? mark_held_locks+0xb1/0x100 [ 41.982600] [] ? shmem_getpage_gfp+0x9dd/0x1b00 [ 41.988895] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.995536] [] do_page_fault+0x28/0x30 [ 42.001047] [] page_fault+0x25/0x30 [ 42.006301] [] ? iov_iter_fault_in_readable+0x300/0x3d0 [ 42.013296] [] ? iov_iter_fault_in_readable+0x30d/0x3d0 [ 42.020287] [] ? iov_iter_fault_in_readable+0x300/0x3d0 [ 42.027276] [] ? iov_iter_init+0x1d0/0x1d0 [ 42.033138] [] generic_perform_write+0x1b6/0x500 [ 42.039518] [] ? filemap_page_mkwrite+0x280/0x280 [ 42.046003] [] ? current_time+0xd0/0xd0 [ 42.051615] [] __generic_file_write_iter+0x340/0x530 [ 42.058354] [] generic_file_write_iter+0x38a/0x630 [ 42.064916] [] __vfs_write+0x3c1/0x560 [ 42.070466] [] ? bpf_fd_pass+0x270/0x270 [ 42.076152] [] ? __vfs_read+0x550/0x550 [ 42.081751] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 42.088569] [] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 42.095122] [] ? __sb_start_write+0x161/0x310 [ 42.101242] [] vfs_write+0x185/0x520 [ 42.106588] [] SyS_write+0xdc/0x1c0 [ 42.111839] [] ? SyS_read+0x1c0/0x1c0 [ 42.117280] [] ? do_syscall_64+0x4a/0x570 [ 42.123052] [] ? SyS_read+0x1c0/0x1c0 [ 42.128477] [] do_syscall_64+0x1ad/0x570 executing program [ 42.134171] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program