Warning: Permanently added '10.128.0.212' (ECDSA) to the list of known hosts.
[   19.888236] urandom_read: 1 callbacks suppressed
[   19.888240] random: sshd: uninitialized urandom read (32 bytes read)
[   20.004085] audit: type=1400 audit(1566895845.282:7): avc:  denied  { map } for  pid=1773 comm="syz-executor844" path="/root/syz-executor844852289" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   20.034225] audit: type=1400 audit(1566895845.312:8): avc:  denied  { map } for  pid=1774 comm="syz-executor844" path="/dev/ashmem" dev="devtmpfs" ino=5095 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
[   20.150033] hrtimer: interrupt took 26638 ns
[   20.442885] 
[   20.444537] ======================================================
[   20.451343] WARNING: possible circular locking dependency detected
[   20.457736] 4.14.140+ #38 Not tainted
[   20.461604] ------------------------------------------------------
[   20.467906] syz-executor844/1779 is trying to acquire lock:
[   20.473602]  (&mm->mmap_sem){++++}, at: [<        (ptrval)>] __do_page_fault+0x8a4/0xbb0
[   20.481921] 
[   20.481921] but task is already holding lock:
[   20.487971]  (&sb->s_type->i_mutex_key#10){+.+.}, at: [<        (ptrval)>] generic_file_write_iter+0x99/0x650
[   20.498111] 
[   20.498111] which lock already depends on the new lock.
[   20.498111] 
[   20.506418] 
[   20.506418] the existing dependency chain (in reverse order) is:
[   20.514032] 
[   20.514032] -> #2 (&sb->s_type->i_mutex_key#10){+.+.}:
[   20.520793]        down_write+0x34/0x90
[   20.524782]        shmem_fallocate+0x150/0xae0
[   20.529457]        ashmem_shrink_scan+0x1ca/0x4f0
[   20.534469]        ashmem_ioctl+0x2b4/0xd20
[   20.538781]        do_vfs_ioctl+0xabe/0x1040
[   20.543183]        SyS_ioctl+0x7f/0xb0
[   20.547144]        do_syscall_64+0x19b/0x520
[   20.551539]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   20.557343] 
[   20.557343] -> #1 (ashmem_mutex){+.+.}:
[   20.562798]        __mutex_lock+0xf7/0x13e0
[   20.567110]        ashmem_mmap+0x4c/0x450
[   20.571245]        mmap_region+0x7d9/0xfb0
[   20.575468]        do_mmap+0x548/0xb80
[   20.579371]        vm_mmap_pgoff+0x177/0x1c0
[   20.583940]        SyS_mmap_pgoff+0xf4/0x1b0
[   20.588335]        do_syscall_64+0x19b/0x520
[   20.592879]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   20.598572] 
[   20.598572] -> #0 (&mm->mmap_sem){++++}:
[   20.604364]        lock_acquire+0x12b/0x360
[   20.608677]        down_read+0x37/0xa0
[   20.612548]        __do_page_fault+0x8a4/0xbb0
[   20.617108]        page_fault+0x22/0x50
[   20.621059]        iov_iter_fault_in_readable+0x29c/0x350
[   20.626689]        generic_perform_write+0x158/0x460
[   20.631834]        __generic_file_write_iter+0x32e/0x550
[   20.637270]        generic_file_write_iter+0x36f/0x650
[   20.642685]        __vfs_write+0x401/0x5a0
[   20.646921]        vfs_write+0x17f/0x4d0
[   20.651142]        SyS_write+0x102/0x250
[   20.655196]        do_syscall_64+0x19b/0x520
[   20.659606]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   20.665294] 
[   20.665294] other info that might help us debug this:
[   20.665294] 
[   20.673519] Chain exists of:
[   20.673519]   &mm->mmap_sem --> ashmem_mutex --> &sb->s_type->i_mutex_key#10
[   20.673519] 
[   20.685055]  Possible unsafe locking scenario:
[   20.685055] 
[   20.691096]        CPU0                    CPU1
[   20.695738]        ----                    ----
[   20.700394]   lock(&sb->s_type->i_mutex_key#10);
[   20.705126]                                lock(ashmem_mutex);
[   20.711071]                                lock(&sb->s_type->i_mutex_key#10);
[   20.718407]   lock(&mm->mmap_sem);
[   20.721931] 
[   20.721931]  *** DEADLOCK ***
[   20.721931] 
[   20.728164] 2 locks held by syz-executor844/1779:
[   20.732986]  #0:  (sb_writers#6){.+.+}, at: [<        (ptrval)>] vfs_write+0x3d8/0x4d0
[   20.741121]  #1:  (&sb->s_type->i_mutex_key#10){+.+.}, at: [<        (ptrval)>] generic_file_write_iter+0x99/0x650
[   20.751711] 
[   20.751711] stack backtrace:
[   20.756196] CPU: 0 PID: 1779 Comm: syz-executor844 Not tainted 4.14.140+ #38
[   20.763552] Call Trace:
[   20.766137]  dump_stack+0xca/0x134
[   20.769665]  print_circular_bug.isra.0.cold+0x2dc/0x425
[   20.775102]  __lock_acquire+0x2f5f/0x4320
[   20.779235]  ? trace_hardirqs_on+0x10/0x10
[   20.783457]  ? trace_hardirqs_on+0x10/0x10
[   20.787691]  ? cmp_ex_search+0x71/0x90
[   20.791651]  ? bsearch+0x87/0xa0
[   20.795014]  lock_acquire+0x12b/0x360
[   20.798796]  ? __do_page_fault+0x8a4/0xbb0
[   20.803169]  down_read+0x37/0xa0
[   20.806530]  ? __do_page_fault+0x8a4/0xbb0
[   20.810853]  __do_page_fault+0x8a4/0xbb0
[   20.814903]  ? retint_kernel+0x2d/0x2d
[   20.818769]  ? bad_area_access_error+0x340/0x340
[   20.823501]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   20.828343]  page_fault+0x22/0x50
[   20.831795] RIP: 0010:iov_iter_fault_in_readable+0x29c/0x350
[   20.837566] RSP: 0018:ffff8881d0b7fa88 EFLAGS: 00010297
[   20.842903] RAX: 0000000000000000 RBX: 000000000000007f RCX: 0000000000001000
[   20.850203] RDX: 0000000000000000 RSI: 0000000000001000 RDI: ffff8881d0b7fd18
[   20.857545] RBP: 1ffff1103a16ff52 R08: 0000000000001000 R09: fffff94000e7afbc
[   20.864821] R10: fffff94000e7afbb R11: ffffea00073d7ddf R12: 0000000000001000
[   20.872071] R13: 0000000000000000 R14: 000000002060f53f R15: ffff8881d0b7fd10
[   20.879512]  ? iov_iter_fault_in_readable+0x296/0x350
[   20.884684]  ? iov_iter_init+0x1c0/0x1c0
[   20.888808]  generic_perform_write+0x158/0x460
[   20.893392]  ? filemap_page_mkwrite+0x2d0/0x2d0
[   20.898309]  ? current_time+0xb0/0xb0
[   20.902092]  ? lock_acquire+0x12b/0x360
[   20.906058]  __generic_file_write_iter+0x32e/0x550
[   20.910985]  generic_file_write_iter+0x36f/0x650
[   20.915731]  ? iov_iter_init+0xa6/0x1c0
[   20.919698]  __vfs_write+0x401/0x5a0
[   20.923390]  ? kernel_read+0x110/0x110
[   20.927277]  ? check_preemption_disabled+0x35/0x1f0
[   20.932282]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   20.937723]  ? rcu_read_lock_sched_held+0x10a/0x130
[   20.942812]  vfs_write+0x17f/0x4d0
[   20.946336]  SyS_write+0x102/0x250
[   20.949872]  ? SyS_read+0x250/0x250
[   20.953485]  ? kfree+0xfa/0x320
[   20.956745]  ? do_syscall_64+0x43/0x520
[   20.960713]  ? SyS_read+0x250/0x250
[   20.964372]  do_syscall_64+0x19b/0x520
[   20.968245]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   20.973428] RIP: 0033:0x447509
[   20.976698] RSP: 002b:00007f0b1287bce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   20.984415] RAX: ffffffffffffffda RBX: 00000000006dcc28 RCX: 0000000000447509
[   20.991668] RDX: 00000000fffffda2 RSI: 0000000020000540 RDI: 0000000000000005
[   20.998917] RBP: 00000000006dcc20 R08: 0000000000000000 R09: 0000000000000000
[   21.006256] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc2c
[   21.013529] R13: 00007ffd7bc00f0f R14: 00007f0b1287c9c0 R15: 20c49ba5e353f7cf