[info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 10.213896] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.729336] random: crng init done Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts. executing program [ 36.686445] [ 36.688090] ====================================================== [ 36.694376] [ INFO: possible circular locking dependency detected ] [ 36.700752] 4.9.124+ #32 Not tainted [ 36.704434] ------------------------------------------------------- [ 36.710878] syz-executor750/2247 is trying to acquire lock: [ 36.716567] (&sb->s_type->i_mutex_key#11){++++++}, at: [] shmem_fallocate+0x13c/0xb10 [ 36.726650] but task is already holding lock: [ 36.731291] (ashmem_mutex){+.+.+.}, at: [] ashmem_shrink_scan+0x55/0x3a0 [ 36.740315] which lock already depends on the new lock. [ 36.740315] [ 36.747303] [ 36.747303] the existing dependency chain (in reverse order) is: [ 36.754894] -> #2 (ashmem_mutex){+.+.+.}: [ 36.759745] lock_acquire+0x130/0x3e0 [ 36.764080] mutex_lock_nested+0xc0/0x870 [ 36.768734] ashmem_mmap+0x53/0x3f0 [ 36.772856] mmap_region+0x80c/0xf90 [ 36.777067] do_mmap+0x53d/0xbb0 [ 36.780927] vm_mmap_pgoff+0x168/0x1b0 [ 36.785313] SyS_mmap_pgoff+0xfe/0x1b0 [ 36.789697] SyS_mmap+0x16/0x20 [ 36.793476] do_syscall_64+0x19f/0x480 [ 36.797861] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 36.803452] -> #1 (&mm->mmap_sem){++++++}: [ 36.808315] lock_acquire+0x130/0x3e0 [ 36.812611] __might_fault+0x14a/0x1d0 [ 36.816993] filldir+0x192/0x350 [ 36.820858] dcache_readdir+0x130/0x5a0 [ 36.825332] iterate_dir+0x1ac/0x600 [ 36.829603] SyS_getdents+0x146/0x2a0 [ 36.833901] do_syscall_64+0x19f/0x480 [ 36.838281] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 36.843914] -> #0 (&sb->s_type->i_mutex_key#11){++++++}: [ 36.850131] __lock_acquire+0x3189/0x4a10 [ 36.854784] lock_acquire+0x130/0x3e0 [ 36.859081] down_write+0x41/0xa0 [ 36.863071] shmem_fallocate+0x13c/0xb10 [ 36.867633] ashmem_shrink_scan+0x1bd/0x3a0 [ 36.872495] ashmem_ioctl+0x2c3/0xf00 [ 36.876799] do_vfs_ioctl+0x1ac/0x11a0 [ 36.881223] SyS_ioctl+0x8f/0xc0 [ 36.885088] do_syscall_64+0x19f/0x480 [ 36.889474] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 36.895068] [ 36.895068] other info that might help us debug this: [ 36.895068] [ 36.903181] Chain exists of: &sb->s_type->i_mutex_key#11 --> &mm->mmap_sem --> ashmem_mutex [ 36.912911] Possible unsafe locking scenario: [ 36.912911] [ 36.918942] CPU0 CPU1 [ 36.923577] ---- ---- [ 36.928219] lock(ashmem_mutex); [ 36.931882] lock(&mm->mmap_sem); [ 36.938213] lock(ashmem_mutex); [ 36.944411] lock(&sb->s_type->i_mutex_key#11); [ 36.949499] [ 36.949499] *** DEADLOCK *** [ 36.949499] [ 36.955533] 1 lock held by syz-executor750/2247: [ 36.960262] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_shrink_scan+0x55/0x3a0 [ 36.969655] [ 36.969655] stack backtrace: [ 36.974124] CPU: 1 PID: 2247 Comm: syz-executor750 Not tainted 4.9.124+ #32 [ 36.981334] ffff8801bc0d7638 ffffffff81af4529 ffffffff83aa02e0 ffffffff83abd9b0 [ 36.989316] ffffffff83aa6ee0 ffff8801bce867d0 ffff8801bce85f00 ffff8801bc0d7680 [ 36.997291] ffffffff813f9baa 0000000000000001 00000000bce867b0 0000000000000001 [ 37.005282] Call Trace: [ 37.007851] [] dump_stack+0xc1/0x128 [ 37.013195] [] print_circular_bug.cold.36+0x2f7/0x432 [ 37.020013] [] __lock_acquire+0x3189/0x4a10 [ 37.025965] [] ? trace_hardirqs_on+0x10/0x10 [ 37.031999] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 37.038900] [] lock_acquire+0x130/0x3e0 [ 37.044502] [] ? shmem_fallocate+0x13c/0xb10 [ 37.050533] [] down_write+0x41/0xa0 [ 37.056457] [] ? shmem_fallocate+0x13c/0xb10 [ 37.062496] [] shmem_fallocate+0x13c/0xb10 [ 37.068364] [] ? avc_has_perm_noaudit+0x197/0x2f0 [ 37.075110] [] ? avc_has_perm_noaudit+0x90/0x2f0 [ 37.081499] [] ? shmem_setattr+0x790/0x790 [ 37.087366] [] ? trace_hardirqs_on+0x10/0x10 [ 37.093410] [] ? cred_has_capability+0x14e/0x2e0 [ 37.099795] [] ? selinux_cred_prepare+0xa0/0xa0 [ 37.106089] [] ? mark_held_locks+0xc7/0x130 [ 37.112042] [] ? mutex_trylock+0x258/0x3e0 [ 37.117906] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 37.124722] [] ? trace_hardirqs_on+0xd/0x10 [ 37.130671] [] ? ashmem_shrink_scan+0x55/0x3a0 [ 37.136890] [] ashmem_shrink_scan+0x1bd/0x3a0 [ 37.143025] [] ashmem_ioctl+0x2c3/0xf00 [ 37.148630] [] ? check_preemption_disabled+0x3b/0x170 [ 37.155455] [] ? ashmem_shrink_scan+0x3a0/0x3a0 [ 37.161755] [] ? __might_sleep+0x95/0x1a0 [ 37.167530] [] ? ashmem_shrink_scan+0x3a0/0x3a0 [ 37.173828] [] do_vfs_ioctl+0x1ac/0x11a0 [ 37.179514] [] ? ioctl_preallocate+0x220/0x220 [ 37.185727] [] ? selinux_parse_skb.constprop.42+0x1a90/0x1a90 [ 37.193237] [] ? memset+0x31/0x40 [ 37.198318] [] ? __do_page_fault+0x4c1/0xc00 [ 37.204361] [] ? up_read+0x1a/0x40 [ 37.209529] [] ? security_file_ioctl+0x8f/0xc0 [ 37.215736] [] SyS_ioctl+0x8f/0xc0 [ 37.220899] [] ? do_vfs_ioctl+0x11a0/0x11a0 [ 37.226850] [] do_syscall_64+0x19f/0x480 [ 37.232546] [] entry_SYSCALL_64_after_swapgs+0x5d/0xd