====================================================== WARNING: possible circular locking dependency detected 5.0.0-rc6-next-20190213 #34 Not tainted ------------------------------------------------------ syz-executor.3/14302 is trying to acquire lock: 000000001bf83f1f (&sb->s_type->i_mutex_key#12){+.+.}, at: inode_lock include/linux/fs.h:763 [inline] 000000001bf83f1f (&sb->s_type->i_mutex_key#12){+.+.}, at: shmem_fallocate+0x15a/0xc60 mm/shmem.c:2717 but task is already holding lock: 000000002eddaedd (ashmem_mutex){+.+.}, at: ashmem_shrink_scan+0x66/0x4f0 drivers/staging/android/ashmem.c:449 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (ashmem_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:925 [inline] __mutex_lock+0xf7/0x1310 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 ashmem_mmap+0x55/0x520 drivers/staging/android/ashmem.c:362 call_mmap include/linux/fs.h:1862 [inline] mmap_region+0xc3a/0x1770 mm/mmap.c:1786 do_mmap+0x8e2/0x1080 mm/mmap.c:1559 do_mmap_pgoff include/linux/mm.h:2374 [inline] vm_mmap_pgoff+0x1c5/0x230 mm/util.c:362 ksys_mmap_pgoff+0x4aa/0x630 mm/mmap.c:1609 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline] __x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (&mm->mmap_sem){++++}: down_read+0x3b/0x90 kernel/locking/rwsem.c:24 do_user_addr_fault arch/x86/mm/fault.c:1426 [inline] __do_page_fault+0x9e9/0xda0 arch/x86/mm/fault.c:1541 do_page_fault+0x71/0x581 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 fault_in_pages_readable include/linux/pagemap.h:591 [inline] iov_iter_fault_in_readable+0x1ba/0x450 lib/iov_iter.c:425 generic_perform_write+0x195/0x530 mm/filemap.c:3284 __generic_file_write_iter+0x25e/0x630 mm/filemap.c:3423 generic_file_write_iter+0x360/0x610 mm/filemap.c:3455 call_write_iter include/linux/fs.h:1857 [inline] new_sync_write+0x4c7/0x760 fs/read_write.c:474 __vfs_write+0xe4/0x110 fs/read_write.c:487 vfs_write+0x20c/0x580 fs/read_write.c:549 ksys_write+0xea/0x1f0 fs/read_write.c:598 __do_sys_write fs/read_write.c:610 [inline] __se_sys_write fs/read_write.c:607 [inline] __x64_sys_write+0x73/0xb0 fs/read_write.c:607 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&sb->s_type->i_mutex_key#12){+.+.}: lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3829 down_write+0x38/0x90 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:763 [inline] shmem_fallocate+0x15a/0xc60 mm/shmem.c:2717 ashmem_shrink_scan drivers/staging/android/ashmem.c:456 [inline] ashmem_shrink_scan+0x1d7/0x4f0 drivers/staging/android/ashmem.c:440 ashmem_ioctl+0x2f0/0x11a0 drivers/staging/android/ashmem.c:798 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:509 [inline] do_vfs_ioctl+0xd6e/0x1390 fs/ioctl.c:696 ksys_ioctl+0xab/0xd0 fs/ioctl.c:713 __do_sys_ioctl fs/ioctl.c:720 [inline] __se_sys_ioctl fs/ioctl.c:718 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: &sb->s_type->i_mutex_key#12 --> &mm->mmap_sem --> ashmem_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(ashmem_mutex); lock(&mm->mmap_sem); lock(ashmem_mutex); lock(&sb->s_type->i_mutex_key#12); *** DEADLOCK *** 1 lock held by syz-executor.3/14302: #0: 000000002eddaedd (ashmem_mutex){+.+.}, at: ashmem_shrink_scan+0x66/0x4f0 drivers/staging/android/ashmem.c:449 stack backtrace: CPU: 1 PID: 14302 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190213 #34 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1224 check_prev_add kernel/locking/lockdep.c:1855 [inline] check_prevs_add kernel/locking/lockdep.c:1968 [inline] validate_chain kernel/locking/lockdep.c:2339 [inline] __lock_acquire+0x2e7a/0x4790 kernel/locking/lockdep.c:3320 lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3829 down_write+0x38/0x90 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:763 [inline] shmem_fallocate+0x15a/0xc60 mm/shmem.c:2717 ashmem_shrink_scan drivers/staging/android/ashmem.c:456 [inline] ashmem_shrink_scan+0x1d7/0x4f0 drivers/staging/android/ashmem.c:440 ashmem_ioctl+0x2f0/0x11a0 drivers/staging/android/ashmem.c:798 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:509 [inline] do_vfs_ioctl+0xd6e/0x1390 fs/ioctl.c:696 ksys_ioctl+0xab/0xd0 fs/ioctl.c:713 __do_sys_ioctl fs/ioctl.c:720 [inline] __se_sys_ioctl fs/ioctl.c:718 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457e29 Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fbe05355c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 RDX: 0000000000000000 RSI: 000000000000770a RDI: 0000000000000003 RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbe053566d4 R13: 00000000004bf0a3 R14: 00000000004d09a0 R15: 00000000ffffffff