[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.153' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.898583] [ 28.900331] ====================================================== [ 28.906825] WARNING: possible circular locking dependency detected [ 28.913113] 4.14.241-syzkaller #0 Not tainted [ 28.917575] ------------------------------------------------------ [ 28.923863] syz-executor968/8011 is trying to acquire lock: [ 28.929548] (sb_writers#6){.+.+}, at: [] vfs_fallocate+0x5c1/0x790 [ 28.937832] [ 28.937832] but task is already holding lock: [ 28.943783] (ashmem_mutex){+.+.}, at: [] ashmem_ioctl+0x27e/0xd00 [ 28.951663] [ 28.951663] which lock already depends on the new lock. [ 28.951663] [ 28.959949] [ 28.959949] the existing dependency chain (in reverse order) is: [ 28.967625] [ 28.967625] -> #3 (ashmem_mutex){+.+.}: [ 28.973151] __mutex_lock+0xc4/0x1310 [ 28.977617] ashmem_mmap+0x50/0x5c0 [ 28.982016] mmap_region+0xa1a/0x1220 [ 28.986411] do_mmap+0x5b3/0xcb0 [ 28.990361] vm_mmap_pgoff+0x14e/0x1a0 [ 28.994762] SyS_mmap_pgoff+0x249/0x510 [ 28.999414] do_syscall_64+0x1d5/0x640 [ 29.003796] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.009490] [ 29.009490] -> #2 (&mm->mmap_sem){++++}: [ 29.015008] __might_fault+0x137/0x1b0 [ 29.019520] _copy_to_user+0x27/0xd0 [ 29.023737] filldir+0x1d5/0x390 [ 29.027606] dcache_readdir+0x180/0x860 [ 29.032071] iterate_dir+0x1a0/0x5e0 [ 29.036377] SyS_getdents+0x125/0x240 [ 29.040894] do_syscall_64+0x1d5/0x640 [ 29.045292] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.050984] [ 29.050984] -> #1 (&type->i_mutex_dir_key#5){++++}: [ 29.057822] down_write+0x34/0x90 [ 29.061869] path_openat+0xde2/0x2970 [ 29.066260] do_filp_open+0x179/0x3c0 [ 29.070641] do_sys_open+0x296/0x410 [ 29.074884] do_syscall_64+0x1d5/0x640 [ 29.079272] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.084976] [ 29.084976] -> #0 (sb_writers#6){.+.+}: [ 29.090430] lock_acquire+0x170/0x3f0 [ 29.094727] __sb_start_write+0x64/0x260 [ 29.099282] vfs_fallocate+0x5c1/0x790 [ 29.103756] ashmem_shrink_scan.part.0+0x135/0x3d0 [ 29.109370] ashmem_ioctl+0x294/0xd00 [ 29.113838] do_vfs_ioctl+0x75a/0xff0 [ 29.118224] SyS_ioctl+0x7f/0xb0 [ 29.122085] do_syscall_64+0x1d5/0x640 [ 29.126594] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.132302] [ 29.132302] other info that might help us debug this: [ 29.132302] [ 29.140425] Chain exists of: [ 29.140425] sb_writers#6 --> &mm->mmap_sem --> ashmem_mutex [ 29.140425] [ 29.150646] Possible unsafe locking scenario: [ 29.150646] [ 29.156857] CPU0 CPU1 [ 29.161504] ---- ---- [ 29.166160] lock(ashmem_mutex); [ 29.169602] lock(&mm->mmap_sem); [ 29.175751] lock(ashmem_mutex); [ 29.181807] lock(sb_writers#6); [ 29.185954] [ 29.185954] *** DEADLOCK *** [ 29.185954] [ 29.191989] 1 lock held by syz-executor968/8011: [ 29.196827] #0: (ashmem_mutex){+.+.}, at: [] ashmem_ioctl+0x27e/0xd00 [ 29.205140] [ 29.205140] stack backtrace: [ 29.209631] CPU: 1 PID: 8011 Comm: syz-executor968 Not tainted 4.14.241-syzkaller #0 [ 29.217675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.227015] Call Trace: [ 29.229580] dump_stack+0x1b2/0x281 [ 29.233197] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.239433] __lock_acquire+0x2e0e/0x3f20 [ 29.243821] ? aa_file_perm+0x304/0xab0 [ 29.247855] ? __lock_acquire+0x5fc/0x3f20 [ 29.252096] ? trace_hardirqs_on+0x10/0x10 [ 29.256402] ? aa_path_link+0x3a0/0x3a0 [ 29.260368] ? lock_downgrade+0x740/0x740 [ 29.264674] ? trace_hardirqs_on+0x10/0x10 [ 29.268985] ? kernel_text_address+0xbd/0xf0 [ 29.273391] lock_acquire+0x170/0x3f0 [ 29.277448] ? vfs_fallocate+0x5c1/0x790 [ 29.281498] __sb_start_write+0x64/0x260 [ 29.285648] ? vfs_fallocate+0x5c1/0x790 [ 29.292491] ? shmem_evict_inode+0x8b0/0x8b0 [ 29.296995] vfs_fallocate+0x5c1/0x790 [ 29.300971] ashmem_shrink_scan.part.0+0x135/0x3d0 [ 29.305995] ? mutex_trylock+0x152/0x1a0 [ 29.310139] ? ashmem_ioctl+0x27e/0xd00 [ 29.314174] ashmem_ioctl+0x294/0xd00 [ 29.318243] ? lock_acquire+0x170/0x3f0 [ 29.322402] ? lock_downgrade+0x740/0x740 [ 29.326636] ? ashmem_shrink_scan+0x80/0x80 [ 29.331033] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 29.336130] ? debug_check_no_obj_freed+0x2c0/0x680 [ 29.341330] ? ashmem_shrink_scan+0x80/0x80 [ 29.345724] do_vfs_ioctl+0x75a/0xff0 [ 29.349781] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 29.355462] ? ioctl_preallocate+0x1a0/0x1a0 [ 29.360194] ? kmem_cache_free+0x23a/0x2b0 [ 29.364652] ? putname+0xcd/0x110 [ 29.368091] ? do_sys_open+0x208/0x410 [ 29.372210] ? filp_open+0x60/0x60 [ 29.375937] ? security_file_ioctl+0x83/0xb0 [ 29.380412] SyS_ioctl+0x7f/0xb0 [ 29.383768] ? do_vfs_ioctl+0xff0/0xff0 [ 29.387731] do_syscall_64+0x1d5/0x640 [ 29.391684] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.397387] RIP: 0033:0x43ef09 [