Warning: Permanently added '10.128.0.200' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 37.294137] [ 37.295801] ====================================================== [ 37.302100] WARNING: possible circular locking dependency detected [ 37.308409] 4.14.175-syzkaller #0 Not tainted [ 37.312925] ------------------------------------------------------ [ 37.319286] syz-executor401/6353 is trying to acquire lock: [ 37.324980] (sb_writers#8){.+.+}, at: [] vfs_fallocate+0x5c1/0x790 [ 37.332957] [ 37.332957] but task is already holding lock: [ 37.338924] (ashmem_mutex){+.+.}, at: [] ashmem_shrink_scan+0x53/0x430 [ 37.347261] [ 37.347261] which lock already depends on the new lock. [ 37.347261] [ 37.355563] [ 37.355563] the existing dependency chain (in reverse order) is: [ 37.363172] [ 37.363172] -> #2 (ashmem_mutex){+.+.}: [ 37.368625] __mutex_lock+0xe8/0x1470 [ 37.372939] ashmem_mmap+0x50/0x570 [ 37.377082] mmap_region+0x869/0x1030 [ 37.381394] do_mmap+0x5c1/0xcf0 [ 37.385267] vm_mmap_pgoff+0x14e/0x1a0 [ 37.389661] SyS_mmap_pgoff+0x3d2/0x520 [ 37.394163] do_syscall_64+0x1d5/0x640 [ 37.398560] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 37.404253] [ 37.404253] -> #1 (&mm->mmap_sem){++++}: [ 37.409790] __might_fault+0x137/0x1b0 [ 37.414184] _copy_from_user+0x27/0x100 [ 37.418663] setxattr+0x136/0x300 [ 37.422630] path_setxattr+0x118/0x130 [ 37.427024] SyS_lsetxattr+0x33/0x40 [ 37.431280] do_syscall_64+0x1d5/0x640 [ 37.435690] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 37.441388] [ 37.441388] -> #0 (sb_writers#8){.+.+}: [ 37.446837] lock_acquire+0x170/0x3f0 [ 37.451147] __sb_start_write+0x1a1/0x2e0 [ 37.455805] vfs_fallocate+0x5c1/0x790 [ 37.460202] ashmem_shrink_scan+0x181/0x430 [ 37.465065] ashmem_ioctl+0x28a/0xe50 [ 37.469375] do_vfs_ioctl+0x75a/0xfe0 [ 37.474011] SyS_ioctl+0x7f/0xb0 [ 37.478247] do_syscall_64+0x1d5/0x640 [ 37.482648] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 37.488460] [ 37.488460] other info that might help us debug this: [ 37.488460] [ 37.496694] Chain exists of: [ 37.496694] sb_writers#8 --> &mm->mmap_sem --> ashmem_mutex [ 37.496694] [ 37.506992] Possible unsafe locking scenario: [ 37.506992] [ 37.513152] CPU0 CPU1 [ 37.517800] ---- ---- [ 37.522449] lock(ashmem_mutex); [ 37.525882] lock(&mm->mmap_sem); [ 37.531964] lock(ashmem_mutex); [ 37.537931] lock(sb_writers#8); [ 37.541369] [ 37.541369] *** DEADLOCK *** [ 37.541369] [ 37.547429] 1 lock held by syz-executor401/6353: [ 37.552171] #0: (ashmem_mutex){+.+.}, at: [] ashmem_shrink_scan+0x53/0x430 [ 37.560943] [ 37.560943] stack backtrace: [ 37.565429] CPU: 0 PID: 6353 Comm: syz-executor401 Not tainted 4.14.175-syzkaller #0 [ 37.573308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.582651] Call Trace: [ 37.585241] dump_stack+0x13e/0x194 [ 37.588863] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 37.594243] __lock_acquire+0x2cb3/0x4620 [ 37.598393] ? avc_has_perm+0x2bb/0x480 [ 37.602514] ? trace_hardirqs_on+0x10/0x10 [ 37.606752] ? save_trace+0x290/0x290 [ 37.610870] lock_acquire+0x170/0x3f0 [ 37.614722] ? vfs_fallocate+0x5c1/0x790 [ 37.618806] __sb_start_write+0x1a1/0x2e0 [ 37.622976] ? vfs_fallocate+0x5c1/0x790 [ 37.627055] ? shmem_setattr+0xb80/0xb80 [ 37.631135] vfs_fallocate+0x5c1/0x790 [ 37.635027] ashmem_shrink_scan+0x181/0x430 [ 37.639334] ashmem_ioctl+0x28a/0xe50 [ 37.643131] ? ashmem_shrink_scan+0x430/0x430 [ 37.647625] ? ashmem_shrink_scan+0x430/0x430 [ 37.652111] do_vfs_ioctl+0x75a/0xfe0 [ 37.655925] ? selinux_file_mprotect+0x5c0/0x5c0 [ 37.660682] ? ioctl_preallocate+0x1a0/0x1a0 [ 37.665087] ? security_file_ioctl+0x76/0xb0 [ 37.669502] ? security_file_ioctl+0x83/0xb0 [ 37.673902] SyS_ioctl+0x7f/0xb0 [ 37.677254] ? do_vfs_ioctl+0xfe0/0xfe0 [ 37.681221] do_syscall_64+0x1d5/0x640 [ 37.685101] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 37.690278] RIP: 0033:0x4401c9 [ 37.693469] RSP: 002b:000