Warning: Permanently added '10.128.0.184' (ECDSA) to the list of known hosts.
[   37.022609] urandom_read: 1 callbacks suppressed
[   37.022613] random: sshd: uninitialized urandom read (32 bytes read)
[   37.142963] audit: type=1400 audit(1569798755.443:36): avc:  denied  { map } for  pid=6835 comm="syz-executor165" path="/root/syz-executor165292514" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   37.146219] 
executing program
[   37.169780] audit: type=1400 audit(1569798755.443:37): avc:  denied  { map } for  pid=6835 comm="syz-executor165" path="/dev/ashmem" dev="devtmpfs" ino=14795 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
[   37.171011] ======================================================
[   37.171013] WARNING: possible circular locking dependency detected
[   37.171017] 4.14.146 #0 Not tainted
[   37.171019] ------------------------------------------------------
[   37.171022] syz-executor165/6835 is trying to acquire lock:
[   37.171024]  (sb_writers#6){.+.+}, at: [<ffffffff818cc571>] vfs_fallocate+0x5d1/0x7a0
[   37.171046] 
[   37.171046] but task is already holding lock:
[   37.239284]  (ashmem_mutex){+.+.}, at: [<ffffffff84aa34b6>] ashmem_shrink_scan+0x56/0x420
[   37.247679] 
[   37.247679] which lock already depends on the new lock.
[   37.247679] 
[   37.256119] 
[   37.256119] the existing dependency chain (in reverse order) is:
[   37.263739] 
[   37.263739] -> #2 (ashmem_mutex){+.+.}:
[   37.269201]        lock_acquire+0x16f/0x430
[   37.273514]        __mutex_lock+0xe8/0x1470
[   37.277815]        mutex_lock_nested+0x16/0x20
[   37.282377]        ashmem_mmap+0x55/0x490
[   37.286503]        mmap_region+0x852/0x1030
[   37.290813]        do_mmap+0x5b8/0xcd0
[   37.294678]        vm_mmap_pgoff+0x17a/0x1d0
[   37.299074]        SyS_mmap_pgoff+0x3ca/0x520
[   37.303557]        SyS_mmap+0x16/0x20
[   37.307341]        do_syscall_64+0x1e8/0x640
[   37.311731]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   37.317430] 
[   37.317430] -> #1 (&mm->mmap_sem){++++}:
[   37.323060]        lock_acquire+0x16f/0x430
[   37.327375]        __might_fault+0x143/0x1d0
[   37.332287]        _copy_from_user+0x2c/0x110
[   37.336775]        setxattr+0x153/0x350
[   37.340727]        path_setxattr+0x11f/0x140
[   37.345215]        SyS_lsetxattr+0x38/0x50
[   37.349883]        do_syscall_64+0x1e8/0x640
[   37.354290]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   37.360070] 
[   37.360070] -> #0 (sb_writers#6){.+.+}:
[   37.365515]        __lock_acquire+0x2cb3/0x4620
[   37.370348]        lock_acquire+0x16f/0x430
[   37.374649]        __sb_start_write+0x1ae/0x2f0
[   37.379430]        vfs_fallocate+0x5d1/0x7a0
[   37.383833]        ashmem_shrink_scan+0x181/0x420
[   37.388672]        ashmem_ioctl+0x28f/0xf10
[   37.392971]        do_vfs_ioctl+0x7ae/0x1060
[   37.397355]        SyS_ioctl+0x8f/0xc0
[   37.401231]        do_syscall_64+0x1e8/0x640
[   37.405617]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   37.411306] 
[   37.411306] other info that might help us debug this:
[   37.411306] 
[   37.419556] Chain exists of:
[   37.419556]   sb_writers#6 --> &mm->mmap_sem --> ashmem_mutex
[   37.419556] 
[   37.429855]  Possible unsafe locking scenario:
[   37.429855] 
[   37.435927]        CPU0                    CPU1
[   37.440569]        ----                    ----
[   37.445227]   lock(ashmem_mutex);
[   37.448666]                                lock(&mm->mmap_sem);
[   37.454700]                                lock(ashmem_mutex);
[   37.460653]   lock(sb_writers#6);
[   37.464139] 
[   37.464139]  *** DEADLOCK ***
[   37.464139] 
[   37.470182] 1 lock held by syz-executor165/6835:
[   37.475133]  #0:  (ashmem_mutex){+.+.}, at: [<ffffffff84aa34b6>] ashmem_shrink_scan+0x56/0x420
[   37.483905] 
[   37.483905] stack backtrace:
[   37.488409] CPU: 1 PID: 6835 Comm: syz-executor165 Not tainted 4.14.146 #0
[   37.495434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.504965] Call Trace:
[   37.507538]  dump_stack+0x138/0x197
[   37.511164]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   37.516508]  __lock_acquire+0x2cb3/0x4620
[   37.520664]  ? trace_hardirqs_on+0x10/0x10
[   37.524977]  ? inode_has_perm.isra.0+0x15c/0x1e0
[   37.530080]  lock_acquire+0x16f/0x430
[   37.533926]  ? vfs_fallocate+0x5d1/0x7a0
[   37.537965]  __sb_start_write+0x1ae/0x2f0
[   37.542091]  ? vfs_fallocate+0x5d1/0x7a0
[   37.546174]  ? shmem_setattr+0xb80/0xb80
[   37.550414]  vfs_fallocate+0x5d1/0x7a0
[   37.554403]  ashmem_shrink_scan+0x181/0x420
[   37.558720]  ashmem_ioctl+0x28f/0xf10
[   37.562521]  ? ashmem_shrink_scan+0x420/0x420
[   37.566999]  ? __might_sleep+0x93/0xb0
[   37.570876]  ? ashmem_shrink_scan+0x420/0x420
[   37.575370]  do_vfs_ioctl+0x7ae/0x1060
[   37.579239]  ? selinux_file_mprotect+0x5d0/0x5d0
[   37.583974]  ? ioctl_preallocate+0x1c0/0x1c0
[   37.588383]  ? fput+0xd4/0x150
[   37.591559]  ? security_file_ioctl+0x7d/0xb0
[   37.595946]  ? security_file_ioctl+0x89/0xb0
[   37.600435]  SyS_ioctl+0x8f/0xc0
[   37.603796]  ? do_vfs_ioctl+0x1060/0x1060
[   37.608013]  do_syscall_64+0x1e8/0x640
[   37.611967]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.616792]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   37.621985] RIP: 0033:0x4401d9
[   37.625376] RSP: 002b:00007ffd3a633e48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   37.633069] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401d9
[   37.640475] RDX: 0000000000000000 RSI: 0000000000007