[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 10.385195] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [ 11.393315] random: crng init done Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.682201] [ 29.682576] ====================================================== [ 29.683428] [ INFO: possible circular locking dependency detected ] [ 29.684301] 4.9.148+ #3 Not tainted [ 29.684808] ------------------------------------------------------- [ 29.685674] syz-executor634/2047 is trying to acquire lock: [ 29.686585] (&mm->mmap_sem){++++++}, at: [] __do_page_fault+0x7bd/0xa60 [ 29.687865] but task is already holding lock: [ 29.688544] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] generic_file_write_iter+0x9a/0x630 [ 29.690277] which lock already depends on the new lock. [ 29.690277] [ 29.691855] [ 29.691855] the existing dependency chain (in reverse order) is: [ 29.693799] -> #2 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 29.695347] lock_acquire+0x133/0x3d0 [ 29.696438] down_write+0x41/0xa0 [ 29.697400] shmem_fallocate+0x143/0xab0 [ 29.698470] ashmem_shrink_scan+0x1c3/0x4c0 [ 29.699630] ashmem_ioctl+0x29b/0xdd0 [ 29.700652] do_vfs_ioctl+0xb87/0x11d0 [ 29.701707] SyS_ioctl+0x8f/0xc0 [ 29.703682] do_syscall_64+0x1ad/0x570 [ 29.708085] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 29.713697] -> #1 (ashmem_mutex){+.+.+.}: [ 29.718564] lock_acquire+0x133/0x3d0 [ 29.722881] mutex_lock_nested+0xc7/0x920 [ 29.727535] ashmem_mmap+0x53/0x470 [ 29.731672] mmap_region+0x7e7/0xfa0 [ 29.735880] do_mmap+0x539/0xbc0 [ 29.739744] vm_mmap_pgoff+0x179/0x1c0 [ 29.744126] SyS_mmap_pgoff+0xfa/0x1b0 [ 29.748504] SyS_mmap+0x16/0x20 [ 29.752313] do_syscall_64+0x1ad/0x570 [ 29.756695] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 29.762326] -> #0 (&mm->mmap_sem){++++++}: [ 29.767200] __lock_acquire+0x2d10/0x4350 [ 29.771844] lock_acquire+0x133/0x3d0 [ 29.776140] down_read+0x44/0xb0 [ 29.779999] __do_page_fault+0x7bd/0xa60 [ 29.784558] do_page_fault+0x28/0x30 [ 29.788768] page_fault+0x25/0x30 [ 29.792717] generic_perform_write+0x1b6/0x500 [ 29.797792] __generic_file_write_iter+0x340/0x530 [ 29.803216] generic_file_write_iter+0x38a/0x630 [ 29.808465] __vfs_write+0x3c1/0x560 [ 29.812675] vfs_write+0x185/0x520 [ 29.816709] SyS_write+0xdc/0x1c0 [ 29.820657] do_syscall_64+0x1ad/0x570 [ 29.825039] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 29.830632] [ 29.830632] other info that might help us debug this: [ 29.830632] [ 29.838745] Chain exists of: &mm->mmap_sem --> ashmem_mutex --> &sb->s_type->i_mutex_key#10 [ 29.848467] Possible unsafe locking scenario: [ 29.848467] [ 29.854495] CPU0 CPU1 [ 29.859131] ---- ---- [ 29.863767] lock(&sb->s_type->i_mutex_key#10); [ 29.868848] lock(ashmem_mutex); [ 29.875028] lock(&sb->s_type->i_mutex_key#10); [ 29.882626] lock(&mm->mmap_sem); [ 29.886366] [ 29.886366] *** DEADLOCK *** [ 29.886366] [ 29.892401] 2 locks held by syz-executor634/2047: [ 29.897214] #0: (sb_writers#6){.+.+.+}, at: [] vfs_write+0x3e9/0x520 [ 29.906017] #1: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] generic_file_write_iter+0x9a/0x630 [ 29.917244] [ 29.917244] stack backtrace: [ 29.921718] CPU: 0 PID: 2047 Comm: syz-executor634 Not tainted 4.9.148+ #3 [ 29.928701] ffff8801cf7775d8 ffffffff81b456e1 ffffffff83cab180 ffffffff83cb4960 [ 29.936740] ffffffff83cc86a0 ffffffff8424cd80 ffff8801d058c740 ffff8801cf777630 [ 29.944721] ffffffff813ff0a8 ffffffff83c72750 ffffffff84024a80 ffff8801d058d040 [ 29.952704] Call Trace: [ 29.955268] [] dump_stack+0xc1/0x120 [ 29.960617] [] print_circular_bug.cold+0x2f6/0x454 [ 29.967169] [] __lock_acquire+0x2d10/0x4350 [ 29.973113] [] ? trace_hardirqs_on+0x10/0x10 [ 29.979148] [] ? trace_hardirqs_on+0x10/0x10 [ 29.985194] [] ? mark_held_locks+0xb1/0x100 [ 29.991142] [] lock_acquire+0x133/0x3d0 [ 29.996741] [] ? __do_page_fault+0x7bd/0xa60 [ 30.002777] [] down_read+0x44/0xb0 [ 30.007938] [] ? __do_page_fault+0x7bd/0xa60 [ 30.013971] [] __do_page_fault+0x7bd/0xa60 [ 30.019830] [] ? bad_area_access_error+0x3d0/0x3d0 [ 30.026398] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.033036] [] do_page_fault+0x28/0x30 [ 30.038552] [] page_fault+0x25/0x30 [ 30.043808] [] ? iov_iter_fault_in_readable+0x300/0x3d0 [ 30.050839] [] ? iov_iter_fault_in_readable+0x30d/0x3d0 [ 30.057830] [] ? iov_iter_fault_in_readable+0x300/0x3d0 [ 30.064816] [] ? iov_iter_init+0x1d0/0x1d0 [ 30.070674] [] generic_perform_write+0x1b6/0x500 [ 30.077055] [] ? filemap_page_mkwrite+0x280/0x280 [ 30.083521] [] ? current_time+0xd0/0xd0 [ 30.089119] [] __generic_file_write_iter+0x340/0x530 [ 30.095844] [] generic_file_write_iter+0x38a/0x630 [ 30.102399] [] __vfs_write+0x3c1/0x560 [ 30.107910] [] ? bpf_fd_pass+0x270/0x270 [ 30.113596] [] ? __vfs_read+0x550/0x550 [ 30.119191] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 30.126000] [] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 30.132557] [] ? __sb_start_write+0x161/0x310 [ 30.138674] [] vfs_write+0x185/0x520 [ 30.144009] [] SyS_write+0xdc/0x1c0 [ 30.149274] [] ? SyS_read+0x1c0/0x1c0 [ 30.154705] [] ? do_syscall_64+0x4a/0x570 [ 30.160476] [] ? SyS_read+0x1c0/0x1c0 [ 30.165898] [] do_syscall_64+0x1ad/0x570 [ 30.171592] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb