[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.203' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.783767] [ 29.785408] ====================================================== [ 29.791735] WARNING: possible circular locking dependency detected [ 29.798026] 4.14.231-syzkaller #0 Not tainted [ 29.802522] ------------------------------------------------------ [ 29.808810] syz-executor319/7958 is trying to acquire lock: [ 29.814486] (sb_writers#6){.+.+}, at: [] vfs_fallocate+0x5c1/0x790 [ 29.822449] [ 29.822449] but task is already holding lock: [ 29.828392] (ashmem_mutex){+.+.}, at: [] ashmem_ioctl+0x27e/0xd00 [ 29.836266] [ 29.836266] which lock already depends on the new lock. [ 29.836266] [ 29.844560] [ 29.844560] the existing dependency chain (in reverse order) is: [ 29.852190] [ 29.852190] -> #3 (ashmem_mutex){+.+.}: [ 29.857630] __mutex_lock+0xc4/0x1310 [ 29.861925] ashmem_mmap+0x50/0x5c0 [ 29.866072] mmap_region+0xa1a/0x1220 [ 29.870365] do_mmap+0x5b3/0xcb0 [ 29.874246] vm_mmap_pgoff+0x14e/0x1a0 [ 29.878628] SyS_mmap_pgoff+0x249/0x510 [ 29.883093] do_syscall_64+0x1d5/0x640 [ 29.887472] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.893159] [ 29.893159] -> #2 (&mm->mmap_sem){++++}: [ 29.898672] __might_fault+0x137/0x1b0 [ 29.903052] _copy_to_user+0x27/0xd0 [ 29.907258] filldir+0x1d5/0x390 [ 29.911126] dcache_readdir+0x180/0x860 [ 29.915592] iterate_dir+0x1a0/0x5e0 [ 29.919796] SyS_getdents+0x125/0x240 [ 29.924091] do_syscall_64+0x1d5/0x640 [ 29.928481] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.934157] [ 29.934157] -> #1 (&type->i_mutex_dir_key#5){++++}: [ 29.940642] down_write+0x34/0x90 [ 29.944603] path_openat+0xde2/0x2970 [ 29.948895] do_filp_open+0x179/0x3c0 [ 29.953200] do_sys_open+0x296/0x410 [ 29.957419] do_syscall_64+0x1d5/0x640 [ 29.961799] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.967482] [ 29.967482] -> #0 (sb_writers#6){.+.+}: [ 29.973093] lock_acquire+0x170/0x3f0 [ 29.977398] __sb_start_write+0x64/0x260 [ 29.981950] vfs_fallocate+0x5c1/0x790 [ 29.986330] ashmem_shrink_scan.part.0+0x135/0x3d0 [ 29.991748] ashmem_ioctl+0x294/0xd00 [ 29.996041] do_vfs_ioctl+0x75a/0xff0 [ 30.000336] SyS_ioctl+0x7f/0xb0 [ 30.004198] do_syscall_64+0x1d5/0x640 [ 30.008591] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.014284] [ 30.014284] other info that might help us debug this: [ 30.014284] [ 30.022394] Chain exists of: [ 30.022394] sb_writers#6 --> &mm->mmap_sem --> ashmem_mutex [ 30.022394] [ 30.032608] Possible unsafe locking scenario: [ 30.032608] [ 30.038670] CPU0 CPU1 [ 30.043310] ---- ---- [ 30.047984] lock(ashmem_mutex); [ 30.051415] lock(&mm->mmap_sem); [ 30.057450] lock(ashmem_mutex); [ 30.063398] lock(sb_writers#6); [ 30.066824] [ 30.066824] *** DEADLOCK *** [ 30.066824] [ 30.072941] 1 lock held by syz-executor319/7958: [ 30.077699] #0: (ashmem_mutex){+.+.}, at: [] ashmem_ioctl+0x27e/0xd00 [ 30.085997] [ 30.085997] stack backtrace: [ 30.090504] CPU: 1 PID: 7958 Comm: syz-executor319 Not tainted 4.14.231-syzkaller #0 [ 30.098362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.107708] Call Trace: [ 30.110281] dump_stack+0x1b2/0x281 [ 30.113891] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 30.119706] __lock_acquire+0x2e0e/0x3f20 [ 30.123836] ? aa_file_perm+0x304/0xab0 [ 30.127785] ? __lock_acquire+0x5fc/0x3f20 [ 30.131992] ? trace_hardirqs_on+0x10/0x10 [ 30.136213] ? aa_path_link+0x3a0/0x3a0 [ 30.140172] ? trace_hardirqs_on+0x10/0x10 [ 30.144385] ? cache_alloc_refill+0x2fa/0x350 [ 30.148855] lock_acquire+0x170/0x3f0 [ 30.152636] ? vfs_fallocate+0x5c1/0x790 [ 30.156713] __sb_start_write+0x64/0x260 [ 30.160751] ? vfs_fallocate+0x5c1/0x790 [ 30.164787] ? shmem_evict_inode+0x8b0/0x8b0 [ 30.169169] vfs_fallocate+0x5c1/0x790 [ 30.173048] ashmem_shrink_scan.part.0+0x135/0x3d0 [ 30.177963] ? mutex_trylock+0x152/0x1a0 [ 30.182010] ? ashmem_ioctl+0x27e/0xd00 [ 30.185960] ashmem_ioctl+0x294/0xd00 [ 30.189756] ? userfaultfd_unmap_prep+0x450/0x450 [ 30.194573] ? ashmem_shrink_scan+0x80/0x80 [ 30.198879] ? lock_downgrade+0x740/0x740 [ 30.203011] ? ashmem_shrink_scan+0x80/0x80 [ 30.207335] do_vfs_ioctl+0x75a/0xff0 [ 30.211113] ? ioctl_preallocate+0x1a0/0x1a0 [ 30.215494] ? __fget+0x225/0x360 [ 30.218920] ? fput+0xb/0x140 [ 30.221997] ? SyS_mmap_pgoff+0x25e/0x510 [ 30.226121] ? security_file_ioctl+0x83/0xb0 [ 30.230501] SyS_ioctl+0x7f/0xb0 [ 30.233840] ? do_v