[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 11.239957] random: crng init done Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.205' (ECDSA) to the list of known hosts. executing program executing program executing program executing program syzkaller login: [ 45.307345] hrtimer: interrupt took 23059 ns [ 45.425020] [ 45.426781] ====================================================== [ 45.433072] [ INFO: possible circular locking dependency detected ] [ 45.439453] 4.9.155+ #27 Not tainted [ 45.443145] ------------------------------------------------------- [ 45.449542] syz-executor730/2080 is trying to acquire lock: [ 45.455240] (&mm->mmap_sem){++++++}, at: [] __do_page_fault+0x7bd/0xa60 [ 45.464047] but task is already holding lock: [ 45.468692] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] generic_file_write_iter+0x9a/0x630 [ 45.479393] which lock already depends on the new lock. [ 45.479393] [ 45.486398] [ 45.486398] the existing dependency chain (in reverse order) is: [ 45.494005] -> #2 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 45.500210] lock_acquire+0x133/0x3d0 [ 45.504520] down_write+0x41/0xa0 [ 45.508573] shmem_fallocate+0x143/0xab0 [ 45.513136] ashmem_shrink_scan+0x1c3/0x4c0 [ 45.517950] ashmem_ioctl+0x29b/0xdd0 [ 45.522567] do_vfs_ioctl+0xb87/0x11d0 [ 45.526947] SyS_ioctl+0x8f/0xc0 [ 45.530818] do_syscall_64+0x1ad/0x570 [ 45.535204] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 45.540803] -> #1 (ashmem_mutex){+.+.+.}: [ 45.545690] lock_acquire+0x133/0x3d0 [ 45.549990] mutex_lock_nested+0xc7/0x920 [ 45.554636] ashmem_mmap+0x53/0x470 [ 45.558762] mmap_region+0x7e7/0xfa0 [ 45.562983] do_mmap+0x539/0xbc0 [ 45.566853] vm_mmap_pgoff+0x179/0x1c0 [ 45.571264] SyS_mmap_pgoff+0xfa/0x1b0 [ 45.575646] SyS_mmap+0x16/0x20 [ 45.579423] do_syscall_64+0x1ad/0x570 [ 45.583821] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 45.589415] -> #0 (&mm->mmap_sem){++++++}: [ 45.594481] __lock_acquire+0x2d10/0x4350 [ 45.599139] lock_acquire+0x133/0x3d0 [ 45.603439] down_read+0x44/0xb0 [ 45.607318] __do_page_fault+0x7bd/0xa60 [ 45.611879] do_page_fault+0x28/0x30 [ 45.616096] page_fault+0x25/0x30 [ 45.620049] generic_perform_write+0x1b6/0x500 [ 45.625129] __generic_file_write_iter+0x340/0x530 [ 45.630555] generic_file_write_iter+0x38a/0x630 [ 45.635808] __vfs_write+0x3c1/0x560 [ 45.640018] vfs_write+0x185/0x520 [ 45.644053] SyS_write+0xdc/0x1c0 [ 45.648007] do_syscall_64+0x1ad/0x570 [ 45.652400] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 45.657997] [ 45.657997] other info that might help us debug this: [ 45.657997] [ 45.666114] Chain exists of: &mm->mmap_sem --> ashmem_mutex --> &sb->s_type->i_mutex_key#10 [ 45.675867] Possible unsafe locking scenario: [ 45.675867] [ 45.682011] CPU0 CPU1 [ 45.686652] ---- ---- [ 45.691291] lock(&sb->s_type->i_mutex_key#10); [ 45.696437] lock(ashmem_mutex); [ 45.702817] lock(&sb->s_type->i_mutex_key#10); [ 45.710595] lock(&mm->mmap_sem); [ 45.714422] [ 45.714422] *** DEADLOCK *** [ 45.714422] [ 45.720475] 2 locks held by syz-executor730/2080: [ 45.725286] #0: (sb_writers#6){.+.+.+}, at: [] vfs_write+0x3e9/0x520 [ 45.734123] #1: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] generic_file_write_iter+0x9a/0x630 [ 45.745355] [ 45.745355] stack backtrace: [ 45.749827] CPU: 0 PID: 2080 Comm: syz-executor730 Not tainted 4.9.155+ #27 [ 45.756903] ffff8801ce60f5d8 ffffffff81b47871 ffffffff83cab180 ffffffff83cb47b0 [ 45.764912] ffffffff83cc95d0 ffffffff8424cd40 ffff8801cf3197c0 ffff8801ce60f630 [ 45.772919] ffffffff813ff29c ffff8801ce60f760 ffffffff84027500 ffff8801cf31a0c0 [ 45.781001] Call Trace: [ 45.783563] [] dump_stack+0xc1/0x120 [ 45.788908] [] print_circular_bug.cold+0x2f6/0x454 [ 45.795464] [] __lock_acquire+0x2d10/0x4350 [ 45.801411] [] ? kasan_unpoison_shadow+0x35/0x50 [ 45.807789] [] ? kasan_alloc_pages+0x38/0x40 [ 45.813829] [] ? trace_hardirqs_on+0x10/0x10 [ 45.819862] [] ? trace_hardirqs_on_caller+0x385/0x5a0 [ 45.826691] [] ? check_preemption_disabled+0x3c/0x200 [ 45.833510] [] ? retint_kernel+0x2d/0x2d [ 45.839198] [] lock_acquire+0x133/0x3d0 [ 45.844810] [] ? __do_page_fault+0x7bd/0xa60 [ 45.850845] [] down_read+0x44/0xb0 [ 45.856013] [] ? __do_page_fault+0x7bd/0xa60 [ 45.862047] [] __do_page_fault+0x7bd/0xa60 [ 45.867912] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 45.874643] [] ? bad_area_access_error+0x3d0/0x3d0 [ 45.881198] [] ? mark_held_locks+0xb1/0x100 [ 45.887152] [] ? shmem_getpage_gfp+0x9dd/0x1b00 [ 45.893452] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.900208] [] do_page_fault+0x28/0x30 [ 45.905722] [] page_fault+0x25/0x30 [ 45.910987] [] ? iov_iter_fault_in_readable+0x300/0x3d0 [ 45.918122] [] ? iov_iter_fault_in_readable+0x30d/0x3d0 [ 45.925109] [] ? iov_iter_fault_in_readable+0x300/0x3d0 [ 45.932100] [] ? iov_iter_init+0x1d0/0x1d0 [ 45.938247] [] generic_perform_write+0x1b6/0x500 [ 45.944676] [] ? filemap_page_mkwrite+0x280/0x280 [ 45.951262] [] ? current_time+0xd0/0xd0 [ 45.956866] [] __generic_file_write_iter+0x340/0x530 [ 45.963592] [] generic_file_write_iter+0x38a/0x630 [ 45.970146] [] __vfs_write+0x3c1/0x560 [ 45.975660] [] ? __vfs_read+0x550/0x550 [ 45.981264] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 45.988082] [] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 45.994751] [] ? __sb_start_write+0x161/0x310 [ 46.000887] [] vfs_write+0x185/0x520 [ 46.006227] [] SyS_write+0xdc/0x1c0 [ 46.011488] [] ? SyS_read+0x1c0/0x1c0 [ 46.016925] [] ? do_syscall_64+0x4a/0x570 executing program [ 46.022711] [] ? SyS_read+0x1c0/0x1c0 [ 46.028141] [] do_syscall_64+0x1ad/0x570 [ 46.033825] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program