Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. [ 24.404795] urandom_read: 1 callbacks suppressed [ 24.404799] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 24.486701] [ 24.488359] ====================================================== [ 24.494650] [ INFO: possible circular locking dependency detected ] [ 24.501031] 4.9.119-g9dc978d #23 Not tainted [ 24.505412] ------------------------------------------------------- [ 24.511793] syz-executor052/3784 is trying to acquire lock: [ 24.517500] (&sb->s_type->i_mutex_key#10){++++++}, at: [] shmem_fallocate+0x13c/0xb40 [ 24.527637] but task is already holding lock: [ 24.532291] (ashmem_mutex){+.+.+.}, at: [] ashmem_shrink_scan+0x55/0x3a0 [ 24.541116] which lock already depends on the new lock. [ 24.541116] [ 24.548100] [ 24.548100] the existing dependency chain (in reverse order) is: [ 24.555692] -> #2 (ashmem_mutex){+.+.+.}: [ 24.560468] lock_acquire+0x130/0x3e0 [ 24.564773] mutex_lock_nested+0xc0/0x870 [ 24.569421] ashmem_mmap+0x53/0x3f0 [ 24.573545] mmap_region+0x893/0x1040 [ 24.577842] do_mmap+0x59c/0xcc0 [ 24.581726] vm_mmap_pgoff+0x168/0x1b0 [ 24.586117] SyS_mmap_pgoff+0x342/0x550 [ 24.590600] SyS_mmap+0x16/0x20 [ 24.594374] do_syscall_64+0x1a6/0x490 [ 24.598757] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 24.604350] -> #1 (&mm->mmap_sem){++++++}: [ 24.609236] lock_acquire+0x130/0x3e0 [ 24.613535] __might_fault+0x14a/0x1d0 [ 24.617922] filldir+0x1a4/0x370 [ 24.621782] dcache_readdir+0x130/0x5d0 [ 24.626250] iterate_dir+0x1ac/0x600 [ 24.630465] SyS_getdents+0x13c/0x2a0 [ 24.634761] do_syscall_64+0x1a6/0x490 [ 24.639162] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 24.644765] -> #0 (&sb->s_type->i_mutex_key#10){++++++}: [ 24.651034] __lock_acquire+0x3019/0x4070 [ 24.655692] lock_acquire+0x130/0x3e0 [ 24.659988] down_write+0x41/0xa0 [ 24.663995] shmem_fallocate+0x13c/0xb40 [ 24.668561] ashmem_shrink_scan+0x1bd/0x3a0 [ 24.673390] ashmem_ioctl+0x2c1/0xf20 [ 24.677684] do_vfs_ioctl+0x1ac/0x11a0 [ 24.682069] SyS_ioctl+0x8f/0xc0 [ 24.685933] do_syscall_64+0x1a6/0x490 [ 24.690316] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 24.695925] [ 24.695925] other info that might help us debug this: [ 24.695925] [ 24.704038] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 24.713892] Possible unsafe locking scenario: [ 24.713892] [ 24.719924] CPU0 CPU1 [ 24.724562] ---- ---- [ 24.729215] lock(ashmem_mutex); [ 24.732885] lock(&mm->mmap_sem); [ 24.739168] lock(ashmem_mutex); [ 24.745343] lock(&sb->s_type->i_mutex_key#10); [ 24.750433] [ 24.750433] *** DEADLOCK *** [ 24.750433] [ 24.756469] 1 lock held by syz-executor052/3784: [ 24.761197] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_shrink_scan+0x55/0x3a0 [ 24.770571] [ 24.770571] stack backtrace: [ 24.775065] CPU: 0 PID: 3784 Comm: syz-executor052 Not tainted 4.9.119-g9dc978d #23 [ 24.782834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.792189] ffff8801ba607638 ffffffff81eb4be9 ffffffff855d09d0 ffffffff855eeac0 [ 24.800265] ffffffff855d7e40 ffff8801bb19d0e8 ffff8801bb19c800 ffff8801ba607680 [ 24.808372] ffffffff81426644 0000000000000001 00000000bb19c800 0000000000000001 [ 24.816394] Call Trace: [ 24.818959] [] dump_stack+0xc1/0x128 [ 24.824304] [] print_circular_bug.cold.51+0x1bd/0x27d [ 24.831123] [] __lock_acquire+0x3019/0x4070 [ 24.837070] [] ? debug_check_no_locks_freed+0x210/0x210 [ 24.844058] [] ? __lock_is_held+0xa2/0xf0 [ 24.849959] [] lock_acquire+0x130/0x3e0 [ 24.855560] [] ? shmem_fallocate+0x13c/0xb40 [ 24.861596] [] down_write+0x41/0xa0 [ 24.866871] [] ? shmem_fallocate+0x13c/0xb40 [ 24.872915] [] shmem_fallocate+0x13c/0xb40 [ 24.878778] [] ? avc_has_perm_noaudit+0x2ad/0x450 [ 24.885248] [] ? avc_has_perm_noaudit+0xa3/0x450 [ 24.891627] [] ? shmem_setattr+0x9a0/0x9a0 [ 24.897487] [] ? debug_check_no_locks_freed+0x210/0x210 [ 24.904475] [] ? new_slab+0x303/0x3d0 [ 24.909901] [] ? range_alloc+0x36/0x240 [ 24.915500] [] ? cred_has_capability+0x14e/0x2e0 [ 24.921942] [] ? selinux_ipv4_output+0x40/0x40 [ 24.928156] [] ? mark_held_locks+0xc7/0x130 [ 24.934104] [] ? mutex_trylock+0x25a/0x3e0 [ 24.939971] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 24.946790] [] ? trace_hardirqs_on+0xd/0x10 [ 24.952739] [] ? ashmem_shrink_scan+0x55/0x3a0 [ 24.959021] [] ashmem_shrink_scan+0x1bd/0x3a0 [ 24.965154] [] ashmem_ioctl+0x2c1/0xf20 [ 24.970770] [] ? get_name+0x230/0x230 [ 24.976202] [] ? __might_sleep+0x95/0x1a0 [ 24.981977] [] ? get_name+0x230/0x230 [ 24.987401] [] do_vfs_ioctl+0x1ac/0x11a0 [ 24.993098] [] ? ioctl_preallocate+0x220/0x220 [ 24.999353] [] ? selinux_capable+0x40/0x40 [ 25.005212] [] ? __kmalloc+0x7a/0x300 [ 25.010646] [] ? __do_page_fault+0x5dd/0xd50 [ 25.016683] [] ? security_file_ioctl+0x8f/0xc0 [ 25.022952] [] SyS_ioctl+0x8f/0xc0 [ 25.028149] [] ? do_vfs_ioctl+0x11a0/0x11a0 [ 25.034112] [] do_syscall_64+0x1a6/