Warning: Permanently added '10.128.0.203' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   28.918128] 
[   28.919813] ======================================================
[   28.926212] WARNING: possible circular locking dependency detected
[   28.932506] 4.14.226-syzkaller #0 Not tainted
[   28.936973] ------------------------------------------------------
[   28.943277] syz-executor803/7980 is trying to acquire lock:
[   28.948994]  (sb_writers#6){.+.+}, at: [<ffffffff8185d841>] vfs_fallocate+0x5c1/0x790
[   28.956943] 
[   28.956943] but task is already holding lock:
[   28.962883]  (ashmem_mutex){+.+.}, at: [<ffffffff858bc34e>] ashmem_ioctl+0x27e/0xd00
[   28.970741] 
[   28.970741] which lock already depends on the new lock.
[   28.970741] 
[   28.979025] 
[   28.979025] the existing dependency chain (in reverse order) is:
[   28.986651] 
[   28.986651] -> #3 (ashmem_mutex){+.+.}:
[   28.992118]        __mutex_lock+0xc4/0x1310
[   28.996413]        ashmem_mmap+0x50/0x5c0
[   29.000534]        mmap_region+0xa1a/0x1220
[   29.004867]        do_mmap+0x5b3/0xcb0
[   29.008727]        vm_mmap_pgoff+0x14e/0x1a0
[   29.013123]        SyS_mmap_pgoff+0x249/0x510
[   29.017589]        do_syscall_64+0x1d5/0x640
[   29.021968]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.027648] 
[   29.027648] -> #2 (&mm->mmap_sem){++++}:
[   29.033160]        __might_fault+0x137/0x1b0
[   29.037555]        _copy_to_user+0x27/0xd0
[   29.041760]        filldir+0x1d5/0x390
[   29.045617]        dcache_readdir+0x180/0x860
[   29.050122]        iterate_dir+0x1a0/0x5e0
[   29.054328]        SyS_getdents+0x125/0x240
[   29.058618]        do_syscall_64+0x1d5/0x640
[   29.062997]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.068690] 
[   29.068690] -> #1 (&type->i_mutex_dir_key#5){++++}:
[   29.075159]        down_write+0x34/0x90
[   29.079119]        path_openat+0xde2/0x2970
[   29.083412]        do_filp_open+0x179/0x3c0
[   29.087705]        do_sys_open+0x296/0x410
[   29.091922]        do_syscall_64+0x1d5/0x640
[   29.096300]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.101979] 
[   29.101979] -> #0 (sb_writers#6){.+.+}:
[   29.107406]        lock_acquire+0x170/0x3f0
[   29.111700]        __sb_start_write+0x64/0x260
[   29.116270]        vfs_fallocate+0x5c1/0x790
[   29.120649]        ashmem_shrink_scan.part.0+0x135/0x3d0
[   29.126083]        ashmem_ioctl+0x294/0xd00
[   29.130378]        do_vfs_ioctl+0x75a/0xff0
[   29.134670]        SyS_ioctl+0x7f/0xb0
[   29.138527]        do_syscall_64+0x1d5/0x640
[   29.142921]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.148599] 
[   29.148599] other info that might help us debug this:
[   29.148599] 
[   29.156708] Chain exists of:
[   29.156708]   sb_writers#6 --> &mm->mmap_sem --> ashmem_mutex
[   29.156708] 
[   29.166910]  Possible unsafe locking scenario:
[   29.166910] 
[   29.172937]        CPU0                    CPU1
[   29.177576]        ----                    ----
[   29.182224]   lock(ashmem_mutex);
[   29.185647]                                lock(&mm->mmap_sem);
[   29.191673]                                lock(ashmem_mutex);
[   29.197611]   lock(sb_writers#6);
[   29.201037] 
[   29.201037]  *** DEADLOCK ***
[   29.201037] 
[   29.207079] 1 lock held by syz-executor803/7980:
[   29.211802]  #0:  (ashmem_mutex){+.+.}, at: [<ffffffff858bc34e>] ashmem_ioctl+0x27e/0xd00
[   29.220093] 
[   29.220093] stack backtrace:
[   29.224563] CPU: 0 PID: 7980 Comm: syz-executor803 Not tainted 4.14.226-syzkaller #0
[   29.232412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.241737] Call Trace:
[   29.244337]  dump_stack+0x1b2/0x281
[   29.247937]  print_circular_bug.constprop.0.cold+0x2d7/0x41e
[   29.253707]  __lock_acquire+0x2e0e/0x3f20
[   29.257829]  ? aa_file_perm+0x304/0xab0
[   29.261776]  ? __lock_acquire+0x5fc/0x3f20
[   29.265979]  ? trace_hardirqs_on+0x10/0x10
[   29.270184]  ? aa_path_link+0x3a0/0x3a0
[   29.274130]  ? trace_hardirqs_on+0x10/0x10
[   29.278337]  ? cache_alloc_refill+0x2fa/0x350
[   29.282814]  lock_acquire+0x170/0x3f0
[   29.286599]  ? vfs_fallocate+0x5c1/0x790
[   29.290635]  __sb_start_write+0x64/0x260
[   29.294665]  ? vfs_fallocate+0x5c1/0x790
[   29.298697]  ? shmem_evict_inode+0x8b0/0x8b0
[   29.303075]  vfs_fallocate+0x5c1/0x790
[   29.306935]  ashmem_shrink_scan.part.0+0x135/0x3d0
[   29.311838]  ? mutex_trylock+0x152/0x1a0
[   29.315867]  ? ashmem_ioctl+0x27e/0xd00
[   29.319813]  ashmem_ioctl+0x294/0xd00
[   29.323585]  ? userfaultfd_unmap_prep+0x450/0x450
[   29.328412]  ? ashmem_shrink_scan+0x80/0x80
[   29.332709]  ? lock_downgrade+0x740/0x740
[   29.336827]  ? ashmem_shrink_scan+0x80/0x80
[   29.341118]  do_vfs_ioctl+0x75a/0xff0
[   29.344890]  ? ioctl_preallocate+0x1a0/0x1a0
[   29.349267]  ? __fget+0x225/0x360
[   29.352698]  ? fput+0xb/0x140
[   29.355782]  ? SyS_mmap_pgoff+0x25e/0x510
[   29.359901]  ? security_file_ioctl+0x83/0xb0
[   29.364283]  SyS_ioctl+0x7f/0xb0
[   29.367621]  ? do_vfs_ioctl+0xff0/0xff0
[   29.371570]  do_syscall_64+0x1d5/0x640
[   29.375431]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.380593] RIP: 0033:0x43eec9
[   29.383753] RSP: 002b:00007ffcec14f548 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   29.391448] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043eec9
[   29.398689] RDX: 0000000000000000 RSI: 000000000000770a RDI: 0000000000000003
[   29.405931] RBP: 0000000000402eb0 R08: 00000000cec98000 R09: 00000000cec98000
[   29.413174] R10: 00000000cec98000 R11: 0000000000000246 R12: 0000000000402f40