Warning: Permanently added '10.128.0.203' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.918128] [ 28.919813] ====================================================== [ 28.926212] WARNING: possible circular locking dependency detected [ 28.932506] 4.14.226-syzkaller #0 Not tainted [ 28.936973] ------------------------------------------------------ [ 28.943277] syz-executor803/7980 is trying to acquire lock: [ 28.948994] (sb_writers#6){.+.+}, at: [] vfs_fallocate+0x5c1/0x790 [ 28.956943] [ 28.956943] but task is already holding lock: [ 28.962883] (ashmem_mutex){+.+.}, at: [] ashmem_ioctl+0x27e/0xd00 [ 28.970741] [ 28.970741] which lock already depends on the new lock. [ 28.970741] [ 28.979025] [ 28.979025] the existing dependency chain (in reverse order) is: [ 28.986651] [ 28.986651] -> #3 (ashmem_mutex){+.+.}: [ 28.992118] __mutex_lock+0xc4/0x1310 [ 28.996413] ashmem_mmap+0x50/0x5c0 [ 29.000534] mmap_region+0xa1a/0x1220 [ 29.004867] do_mmap+0x5b3/0xcb0 [ 29.008727] vm_mmap_pgoff+0x14e/0x1a0 [ 29.013123] SyS_mmap_pgoff+0x249/0x510 [ 29.017589] do_syscall_64+0x1d5/0x640 [ 29.021968] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.027648] [ 29.027648] -> #2 (&mm->mmap_sem){++++}: [ 29.033160] __might_fault+0x137/0x1b0 [ 29.037555] _copy_to_user+0x27/0xd0 [ 29.041760] filldir+0x1d5/0x390 [ 29.045617] dcache_readdir+0x180/0x860 [ 29.050122] iterate_dir+0x1a0/0x5e0 [ 29.054328] SyS_getdents+0x125/0x240 [ 29.058618] do_syscall_64+0x1d5/0x640 [ 29.062997] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.068690] [ 29.068690] -> #1 (&type->i_mutex_dir_key#5){++++}: [ 29.075159] down_write+0x34/0x90 [ 29.079119] path_openat+0xde2/0x2970 [ 29.083412] do_filp_open+0x179/0x3c0 [ 29.087705] do_sys_open+0x296/0x410 [ 29.091922] do_syscall_64+0x1d5/0x640 [ 29.096300] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.101979] [ 29.101979] -> #0 (sb_writers#6){.+.+}: [ 29.107406] lock_acquire+0x170/0x3f0 [ 29.111700] __sb_start_write+0x64/0x260 [ 29.116270] vfs_fallocate+0x5c1/0x790 [ 29.120649] ashmem_shrink_scan.part.0+0x135/0x3d0 [ 29.126083] ashmem_ioctl+0x294/0xd00 [ 29.130378] do_vfs_ioctl+0x75a/0xff0 [ 29.134670] SyS_ioctl+0x7f/0xb0 [ 29.138527] do_syscall_64+0x1d5/0x640 [ 29.142921] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.148599] [ 29.148599] other info that might help us debug this: [ 29.148599] [ 29.156708] Chain exists of: [ 29.156708] sb_writers#6 --> &mm->mmap_sem --> ashmem_mutex [ 29.156708] [ 29.166910] Possible unsafe locking scenario: [ 29.166910] [ 29.172937] CPU0 CPU1 [ 29.177576] ---- ---- [ 29.182224] lock(ashmem_mutex); [ 29.185647] lock(&mm->mmap_sem); [ 29.191673] lock(ashmem_mutex); [ 29.197611] lock(sb_writers#6); [ 29.201037] [ 29.201037] *** DEADLOCK *** [ 29.201037] [ 29.207079] 1 lock held by syz-executor803/7980: [ 29.211802] #0: (ashmem_mutex){+.+.}, at: [] ashmem_ioctl+0x27e/0xd00 [ 29.220093] [ 29.220093] stack backtrace: [ 29.224563] CPU: 0 PID: 7980 Comm: syz-executor803 Not tainted 4.14.226-syzkaller #0 [ 29.232412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.241737] Call Trace: [ 29.244337] dump_stack+0x1b2/0x281 [ 29.247937] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.253707] __lock_acquire+0x2e0e/0x3f20 [ 29.257829] ? aa_file_perm+0x304/0xab0 [ 29.261776] ? __lock_acquire+0x5fc/0x3f20 [ 29.265979] ? trace_hardirqs_on+0x10/0x10 [ 29.270184] ? aa_path_link+0x3a0/0x3a0 [ 29.274130] ? trace_hardirqs_on+0x10/0x10 [ 29.278337] ? cache_alloc_refill+0x2fa/0x350 [ 29.282814] lock_acquire+0x170/0x3f0 [ 29.286599] ? vfs_fallocate+0x5c1/0x790 [ 29.290635] __sb_start_write+0x64/0x260 [ 29.294665] ? vfs_fallocate+0x5c1/0x790 [ 29.298697] ? shmem_evict_inode+0x8b0/0x8b0 [ 29.303075] vfs_fallocate+0x5c1/0x790 [ 29.306935] ashmem_shrink_scan.part.0+0x135/0x3d0 [ 29.311838] ? mutex_trylock+0x152/0x1a0 [ 29.315867] ? ashmem_ioctl+0x27e/0xd00 [ 29.319813] ashmem_ioctl+0x294/0xd00 [ 29.323585] ? userfaultfd_unmap_prep+0x450/0x450 [ 29.328412] ? ashmem_shrink_scan+0x80/0x80 [ 29.332709] ? lock_downgrade+0x740/0x740 [ 29.336827] ? ashmem_shrink_scan+0x80/0x80 [ 29.341118] do_vfs_ioctl+0x75a/0xff0 [ 29.344890] ? ioctl_preallocate+0x1a0/0x1a0 [ 29.349267] ? __fget+0x225/0x360 [ 29.352698] ? fput+0xb/0x140 [ 29.355782] ? SyS_mmap_pgoff+0x25e/0x510 [ 29.359901] ? security_file_ioctl+0x83/0xb0 [ 29.364283] SyS_ioctl+0x7f/0xb0 [ 29.367621] ? do_vfs_ioctl+0xff0/0xff0 [ 29.371570] do_syscall_64+0x1d5/0x640 [ 29.375431] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.380593] RIP: 0033:0x43eec9 [ 29.383753] RSP: 002b:00007ffcec14f548 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 29.391448] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043eec9 [ 29.398689] RDX: 0000000000000000 RSI: 000000000000770a RDI: 0000000000000003 [ 29.405931] RBP: 0000000000402eb0 R08: 00000000cec98000 R09: 00000000cec98000 [ 29.413174] R10: 00000000cec98000 R11: 0000000000000246 R12: 0000000000402f40