Warning: Permanently added '10.128.0.184' (ECDSA) to the list of known hosts. [ 37.022609] urandom_read: 1 callbacks suppressed [ 37.022613] random: sshd: uninitialized urandom read (32 bytes read) [ 37.142963] audit: type=1400 audit(1569798755.443:36): avc: denied { map } for pid=6835 comm="syz-executor165" path="/root/syz-executor165292514" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 37.146219] executing program [ 37.169780] audit: type=1400 audit(1569798755.443:37): avc: denied { map } for pid=6835 comm="syz-executor165" path="/dev/ashmem" dev="devtmpfs" ino=14795 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 [ 37.171011] ====================================================== [ 37.171013] WARNING: possible circular locking dependency detected [ 37.171017] 4.14.146 #0 Not tainted [ 37.171019] ------------------------------------------------------ [ 37.171022] syz-executor165/6835 is trying to acquire lock: [ 37.171024] (sb_writers#6){.+.+}, at: [] vfs_fallocate+0x5d1/0x7a0 [ 37.171046] [ 37.171046] but task is already holding lock: [ 37.239284] (ashmem_mutex){+.+.}, at: [] ashmem_shrink_scan+0x56/0x420 [ 37.247679] [ 37.247679] which lock already depends on the new lock. [ 37.247679] [ 37.256119] [ 37.256119] the existing dependency chain (in reverse order) is: [ 37.263739] [ 37.263739] -> #2 (ashmem_mutex){+.+.}: [ 37.269201] lock_acquire+0x16f/0x430 [ 37.273514] __mutex_lock+0xe8/0x1470 [ 37.277815] mutex_lock_nested+0x16/0x20 [ 37.282377] ashmem_mmap+0x55/0x490 [ 37.286503] mmap_region+0x852/0x1030 [ 37.290813] do_mmap+0x5b8/0xcd0 [ 37.294678] vm_mmap_pgoff+0x17a/0x1d0 [ 37.299074] SyS_mmap_pgoff+0x3ca/0x520 [ 37.303557] SyS_mmap+0x16/0x20 [ 37.307341] do_syscall_64+0x1e8/0x640 [ 37.311731] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 37.317430] [ 37.317430] -> #1 (&mm->mmap_sem){++++}: [ 37.323060] lock_acquire+0x16f/0x430 [ 37.327375] __might_fault+0x143/0x1d0 [ 37.332287] _copy_from_user+0x2c/0x110 [ 37.336775] setxattr+0x153/0x350 [ 37.340727] path_setxattr+0x11f/0x140 [ 37.345215] SyS_lsetxattr+0x38/0x50 [ 37.349883] do_syscall_64+0x1e8/0x640 [ 37.354290] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 37.360070] [ 37.360070] -> #0 (sb_writers#6){.+.+}: [ 37.365515] __lock_acquire+0x2cb3/0x4620 [ 37.370348] lock_acquire+0x16f/0x430 [ 37.374649] __sb_start_write+0x1ae/0x2f0 [ 37.379430] vfs_fallocate+0x5d1/0x7a0 [ 37.383833] ashmem_shrink_scan+0x181/0x420 [ 37.388672] ashmem_ioctl+0x28f/0xf10 [ 37.392971] do_vfs_ioctl+0x7ae/0x1060 [ 37.397355] SyS_ioctl+0x8f/0xc0 [ 37.401231] do_syscall_64+0x1e8/0x640 [ 37.405617] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 37.411306] [ 37.411306] other info that might help us debug this: [ 37.411306] [ 37.419556] Chain exists of: [ 37.419556] sb_writers#6 --> &mm->mmap_sem --> ashmem_mutex [ 37.419556] [ 37.429855] Possible unsafe locking scenario: [ 37.429855] [ 37.435927] CPU0 CPU1 [ 37.440569] ---- ---- [ 37.445227] lock(ashmem_mutex); [ 37.448666] lock(&mm->mmap_sem); [ 37.454700] lock(ashmem_mutex); [ 37.460653] lock(sb_writers#6); [ 37.464139] [ 37.464139] *** DEADLOCK *** [ 37.464139] [ 37.470182] 1 lock held by syz-executor165/6835: [ 37.475133] #0: (ashmem_mutex){+.+.}, at: [] ashmem_shrink_scan+0x56/0x420 [ 37.483905] [ 37.483905] stack backtrace: [ 37.488409] CPU: 1 PID: 6835 Comm: syz-executor165 Not tainted 4.14.146 #0 [ 37.495434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.504965] Call Trace: [ 37.507538] dump_stack+0x138/0x197 [ 37.511164] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 37.516508] __lock_acquire+0x2cb3/0x4620 [ 37.520664] ? trace_hardirqs_on+0x10/0x10 [ 37.524977] ? inode_has_perm.isra.0+0x15c/0x1e0 [ 37.530080] lock_acquire+0x16f/0x430 [ 37.533926] ? vfs_fallocate+0x5d1/0x7a0 [ 37.537965] __sb_start_write+0x1ae/0x2f0 [ 37.542091] ? vfs_fallocate+0x5d1/0x7a0 [ 37.546174] ? shmem_setattr+0xb80/0xb80 [ 37.550414] vfs_fallocate+0x5d1/0x7a0 [ 37.554403] ashmem_shrink_scan+0x181/0x420 [ 37.558720] ashmem_ioctl+0x28f/0xf10 [ 37.562521] ? ashmem_shrink_scan+0x420/0x420 [ 37.566999] ? __might_sleep+0x93/0xb0 [ 37.570876] ? ashmem_shrink_scan+0x420/0x420 [ 37.575370] do_vfs_ioctl+0x7ae/0x1060 [ 37.579239] ? selinux_file_mprotect+0x5d0/0x5d0 [ 37.583974] ? ioctl_preallocate+0x1c0/0x1c0 [ 37.588383] ? fput+0xd4/0x150 [ 37.591559] ? security_file_ioctl+0x7d/0xb0 [ 37.595946] ? security_file_ioctl+0x89/0xb0 [ 37.600435] SyS_ioctl+0x8f/0xc0 [ 37.603796] ? do_vfs_ioctl+0x1060/0x1060 [ 37.608013] do_syscall_64+0x1e8/0x640 [ 37.611967] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.616792] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 37.621985] RIP: 0033:0x4401d9 [ 37.625376] RSP: 002b:00007ffd3a633e48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 37.633069] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401d9 [ 37.640475] RDX: 0000000000000000 RSI: 0000000000007