======================================================
[ INFO: possible circular locking dependency detected ]
4.9.84-ga9d0273 #44 Not tainted
-------------------------------------------------------
syz-executor7/11835 is trying to acquire lock:
(&mm->mmap_sem){++++++}, at: [<ffffffff814c2714>] __might_fault+0xe4/0x1d0 mm/memory.c:3993
but task is already holding lock:
(ashmem_mutex){+.+.+.}, at: [<ffffffff82d4aef1>] ashmem_pin_unpin drivers/staging/android/ashmem.c:714 [inline]
(ashmem_mutex){+.+.+.}, at: [<ffffffff82d4aef1>] ashmem_ioctl+0x371/0xfe0 drivers/staging/android/ashmem.c:791
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
lock_acquire+0x12e/0x410 kernel/locking/lockdep.c:3756
__mutex_lock_common kernel/locking/mutex.c:521 [inline]
mutex_lock_nested+0xbb/0x870 kernel/locking/mutex.c:621
ashmem_mmap+0x53/0x400 drivers/staging/android/ashmem.c:379
mmap_region+0x7dd/0xfd0 mm/mmap.c:1694
do_mmap+0x57b/0xbe0 mm/mmap.c:1473
do_mmap_pgoff include/linux/mm.h:2019 [inline]
vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:329
SYSC_mmap_pgoff mm/mmap.c:1523 [inline]
SyS_mmap_pgoff+0x33f/0x560 mm/mmap.c:1481
SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline]
SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86
do_syscall_64+0x1a4/0x490 arch/x86/entry/common.c:282
entry_SYSCALL_64_after_swapgs+0x47/0xc5
check_prev_add kernel/locking/lockdep.c:1828 [inline]
check_prevs_add kernel/locking/lockdep.c:1938 [inline]
validate_chain kernel/locking/lockdep.c:2265 [inline]
__lock_acquire+0x2bf9/0x3640 kernel/locking/lockdep.c:3345
lock_acquire+0x12e/0x410 kernel/locking/lockdep.c:3756
__might_fault+0x14a/0x1d0 mm/memory.c:3994
copy_from_user arch/x86/include/asm/uaccess.h:705 [inline]
ashmem_pin_unpin drivers/staging/android/ashmem.c:719 [inline]
ashmem_ioctl+0x3c0/0xfe0 drivers/staging/android/ashmem.c:791
vfs_ioctl fs/ioctl.c:43 [inline]
do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679
SYSC_ioctl fs/ioctl.c:694 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
do_syscall_64+0x1a4/0x490 arch/x86/entry/common.c:282
entry_SYSCALL_64_after_swapgs+0x47/0xc5
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(ashmem_mutex);
lock(&mm->mmap_sem);
lock(ashmem_mutex);
lock(&mm->mmap_sem);
*** DEADLOCK ***
1 lock held by syz-executor7/11835:
#0: (ashmem_mutex){+.+.+.}, at: [<ffffffff82d4aef1>] ashmem_pin_unpin drivers/staging/android/ashmem.c:714 [inline]
#0: (ashmem_mutex){+.+.+.}, at: [<ffffffff82d4aef1>] ashmem_ioctl+0x371/0xfe0 drivers/staging/android/ashmem.c:791
stack backtrace:
CPU: 1 PID: 11835 Comm: syz-executor7 Not tainted 4.9.84-ga9d0273 #44
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801b431f908 ffffffff81d956b9 ffffffff853a3db0 ffffffff853a3db0
ffffffff853c2f80 ffff8801b40cd0d8 ffff8801b40cc800 ffff8801b431f950
ffffffff812387f1 ffff8801b40cd0d8 00000000b40cd0b0 ffff8801b40cd0d8
Call Trace:
[<ffffffff81d956b9>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d956b9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff812387f1>] print_circular_bug+0x271/0x310 kernel/locking/lockdep.c:1202
[<ffffffff8123ec29>] check_prev_add kernel/locking/lockdep.c:1828 [inline]
[<ffffffff8123ec29>] check_prevs_add kernel/locking/lockdep.c:1938 [inline]
[<ffffffff8123ec29>] validate_chain kernel/locking/lockdep.c:2265 [inline]
[<ffffffff8123ec29>] __lock_acquire+0x2bf9/0x3640 kernel/locking/lockdep.c:3345
[<ffffffff812400ae>] lock_acquire+0x12e/0x410 kernel/locking/lockdep.c:3756
[<ffffffff814c277a>] __might_fault+0x14a/0x1d0 mm/memory.c:3994
[<ffffffff82d4af40>] copy_from_user arch/x86/include/asm/uaccess.h:705 [inline]
[<ffffffff82d4af40>] ashmem_pin_unpin drivers/staging/android/ashmem.c:719 [inline]
[<ffffffff82d4af40>] ashmem_ioctl+0x3c0/0xfe0 drivers/staging/android/ashmem.c:791
[<ffffffff815ae88a>] vfs_ioctl fs/ioctl.c:43 [inline]
[<ffffffff815ae88a>] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679
[<ffffffff815af8af>] SYSC_ioctl fs/ioctl.c:694 [inline]
[<ffffffff815af8af>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
[<ffffffff81006504>] do_syscall_64+0x1a4/0x490 arch/x86/entry/common.c:282
[<ffffffff838b53fd>] entry_SYSCALL_64_after_swapgs+0x47/0xc5
TCP: request_sock_TCPv6: Possible SYN flooding on port 20010. Sending cookies. Check SNMP counters.
audit: type=1400 audit(1519640258.941:37): avc: denied { setpcap } for pid=11885 comm="syz-executor1" capability=8 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
TCP: request_sock_TCPv6: Possible SYN flooding on port 20010. Sending cookies. Check SNMP counters.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20010. Sending cookies. Check SNMP counters.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20010. Sending cookies. Check SNMP counters.
IPVS: Creating netns size=2536 id=15
IPVS: Creating netns size=2536 id=16
TCP: request_sock_TCP: Possible SYN flooding on port 20010. Sending cookies. Check SNMP counters.
TCP: request_sock_TCP: Possible SYN flooding on port 20010. Sending cookies. Check SNMP counters.
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
IPVS: Creating netns size=2536 id=17
IPVS: Creating netns size=2536 id=18
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
TCP: request_sock_TCP: Possible SYN flooding on port 20006. Sending cookies. Check SNMP counters.
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
audit: type=1400 audit(1519640262.291:38): avc: denied { net_admin } for pid=5659 comm="syz-executor4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1519640262.291:39): avc: denied { dac_override } for pid=12510 comm="syz-executor1" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1519640262.371:40): avc: denied { dac_override } for pid=12510 comm="syz-executor1" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1519640262.481:41): avc: denied { net_admin } for pid=3882 comm="syz-executor1" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1519640262.561:42): avc: denied { dac_override } for pid=12562 comm="syz-executor3" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1519640262.561:43): avc: denied { net_admin } for pid=7528 comm="syz-executor3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1519640262.691:44): avc: denied { net_admin } for pid=6075 comm="syz-executor2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1519640262.691:45): avc: denied { dac_override } for pid=12611 comm="syz-executor4" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1519640263.131:46): avc: denied { create } for pid=12796 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50543 sclass=netlink_route_socket pig=12876 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50543 sclass=netlink_route_socket pig=12876 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12965 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12965 comm=syz-executor2
capability: warning: `syz-executor5' uses deprecated v2 capabilities in a way that may be insecure
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
audit_printk_skb: 9 callbacks suppressed
audit: type=1400 audit(1519640264.221:50): avc: denied { write } for pid=13226 comm="syz-executor2" name="net" dev="proc" ino=30824 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
audit: type=1400 audit(1519640264.281:51): avc: denied { add_name } for pid=13226 comm="syz-executor2" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1
audit: type=1400 audit(1519640264.301:52): avc: denied { create } for pid=13226 comm="syz-executor2" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:insmod_t:s0 tclass=file permissive=1
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
audit: type=1400 audit(1519640265.861:53): avc: denied { setattr } for pid=13973 comm="syz-executor1" name="smaps" dev="proc" ino=32501 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=file permissive=1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7243 sclass=netlink_route_socket pig=14216 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26982 sclass=netlink_route_socket pig=14216 comm=syz-executor2
audit: type=1400 audit(1519640266.521:54): avc: denied { sys_chroot } for pid=14333 comm="syz-executor5" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1519640266.571:55): avc: denied { setgid } for pid=14367 comm="syz-executor2" capability=6 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
�: renamed from gre0
�: renamed from gre0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17686 sclass=netlink_route_socket pig=14887 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17686 sclass=netlink_route_socket pig=14887 comm=syz-executor2
TCP: request_sock_TCP: Possible SYN flooding on port 20010. Sending cookies. Check SNMP counters.
TCP: request_sock_TCP: Possible SYN flooding on port 20010. Sending cookies. Check SNMP counters.
audit: type=1400 audit(1519640268.121:56): avc: denied { create } for pid=15145 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
device eql entered promiscuous mode
TCP: request_sock_TCP: Possible SYN flooding on port 20010. Sending cookies. Check SNMP counters.
TCP: request_sock_TCP: Possible SYN flooding on port 20010. Sending cookies. Check SNMP counters.
audit: type=1400 audit(1519640268.341:57): avc: denied { write } for pid=15224 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
audit: type=1400 audit(1519640268.371:58): avc: denied { getopt } for pid=15224 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1