[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.153' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   28.898583] 
[   28.900331] ======================================================
[   28.906825] WARNING: possible circular locking dependency detected
[   28.913113] 4.14.241-syzkaller #0 Not tainted
[   28.917575] ------------------------------------------------------
[   28.923863] syz-executor968/8011 is trying to acquire lock:
[   28.929548]  (sb_writers#6){.+.+}, at: [<ffffffff81860611>] vfs_fallocate+0x5c1/0x790
[   28.937832] 
[   28.937832] but task is already holding lock:
[   28.943783]  (ashmem_mutex){+.+.}, at: [<ffffffff858d334e>] ashmem_ioctl+0x27e/0xd00
[   28.951663] 
[   28.951663] which lock already depends on the new lock.
[   28.951663] 
[   28.959949] 
[   28.959949] the existing dependency chain (in reverse order) is:
[   28.967625] 
[   28.967625] -> #3 (ashmem_mutex){+.+.}:
[   28.973151]        __mutex_lock+0xc4/0x1310
[   28.977617]        ashmem_mmap+0x50/0x5c0
[   28.982016]        mmap_region+0xa1a/0x1220
[   28.986411]        do_mmap+0x5b3/0xcb0
[   28.990361]        vm_mmap_pgoff+0x14e/0x1a0
[   28.994762]        SyS_mmap_pgoff+0x249/0x510
[   28.999414]        do_syscall_64+0x1d5/0x640
[   29.003796]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.009490] 
[   29.009490] -> #2 (&mm->mmap_sem){++++}:
[   29.015008]        __might_fault+0x137/0x1b0
[   29.019520]        _copy_to_user+0x27/0xd0
[   29.023737]        filldir+0x1d5/0x390
[   29.027606]        dcache_readdir+0x180/0x860
[   29.032071]        iterate_dir+0x1a0/0x5e0
[   29.036377]        SyS_getdents+0x125/0x240
[   29.040894]        do_syscall_64+0x1d5/0x640
[   29.045292]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.050984] 
[   29.050984] -> #1 (&type->i_mutex_dir_key#5){++++}:
[   29.057822]        down_write+0x34/0x90
[   29.061869]        path_openat+0xde2/0x2970
[   29.066260]        do_filp_open+0x179/0x3c0
[   29.070641]        do_sys_open+0x296/0x410
[   29.074884]        do_syscall_64+0x1d5/0x640
[   29.079272]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.084976] 
[   29.084976] -> #0 (sb_writers#6){.+.+}:
[   29.090430]        lock_acquire+0x170/0x3f0
[   29.094727]        __sb_start_write+0x64/0x260
[   29.099282]        vfs_fallocate+0x5c1/0x790
[   29.103756]        ashmem_shrink_scan.part.0+0x135/0x3d0
[   29.109370]        ashmem_ioctl+0x294/0xd00
[   29.113838]        do_vfs_ioctl+0x75a/0xff0
[   29.118224]        SyS_ioctl+0x7f/0xb0
[   29.122085]        do_syscall_64+0x1d5/0x640
[   29.126594]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.132302] 
[   29.132302] other info that might help us debug this:
[   29.132302] 
[   29.140425] Chain exists of:
[   29.140425]   sb_writers#6 --> &mm->mmap_sem --> ashmem_mutex
[   29.140425] 
[   29.150646]  Possible unsafe locking scenario:
[   29.150646] 
[   29.156857]        CPU0                    CPU1
[   29.161504]        ----                    ----
[   29.166160]   lock(ashmem_mutex);
[   29.169602]                                lock(&mm->mmap_sem);
[   29.175751]                                lock(ashmem_mutex);
[   29.181807]   lock(sb_writers#6);
[   29.185954] 
[   29.185954]  *** DEADLOCK ***
[   29.185954] 
[   29.191989] 1 lock held by syz-executor968/8011:
[   29.196827]  #0:  (ashmem_mutex){+.+.}, at: [<ffffffff858d334e>] ashmem_ioctl+0x27e/0xd00
[   29.205140] 
[   29.205140] stack backtrace:
[   29.209631] CPU: 1 PID: 8011 Comm: syz-executor968 Not tainted 4.14.241-syzkaller #0
[   29.217675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.227015] Call Trace:
[   29.229580]  dump_stack+0x1b2/0x281
[   29.233197]  print_circular_bug.constprop.0.cold+0x2d7/0x41e
[   29.239433]  __lock_acquire+0x2e0e/0x3f20
[   29.243821]  ? aa_file_perm+0x304/0xab0
[   29.247855]  ? __lock_acquire+0x5fc/0x3f20
[   29.252096]  ? trace_hardirqs_on+0x10/0x10
[   29.256402]  ? aa_path_link+0x3a0/0x3a0
[   29.260368]  ? lock_downgrade+0x740/0x740
[   29.264674]  ? trace_hardirqs_on+0x10/0x10
[   29.268985]  ? kernel_text_address+0xbd/0xf0
[   29.273391]  lock_acquire+0x170/0x3f0
[   29.277448]  ? vfs_fallocate+0x5c1/0x790
[   29.281498]  __sb_start_write+0x64/0x260
[   29.285648]  ? vfs_fallocate+0x5c1/0x790
[   29.292491]  ? shmem_evict_inode+0x8b0/0x8b0
[   29.296995]  vfs_fallocate+0x5c1/0x790
[   29.300971]  ashmem_shrink_scan.part.0+0x135/0x3d0
[   29.305995]  ? mutex_trylock+0x152/0x1a0
[   29.310139]  ? ashmem_ioctl+0x27e/0xd00
[   29.314174]  ashmem_ioctl+0x294/0xd00
[   29.318243]  ? lock_acquire+0x170/0x3f0
[   29.322402]  ? lock_downgrade+0x740/0x740
[   29.326636]  ? ashmem_shrink_scan+0x80/0x80
[   29.331033]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[   29.336130]  ? debug_check_no_obj_freed+0x2c0/0x680
[   29.341330]  ? ashmem_shrink_scan+0x80/0x80
[   29.345724]  do_vfs_ioctl+0x75a/0xff0
[   29.349781]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   29.355462]  ? ioctl_preallocate+0x1a0/0x1a0
[   29.360194]  ? kmem_cache_free+0x23a/0x2b0
[   29.364652]  ? putname+0xcd/0x110
[   29.368091]  ? do_sys_open+0x208/0x410
[   29.372210]  ? filp_open+0x60/0x60
[   29.375937]  ? security_file_ioctl+0x83/0xb0
[   29.380412]  SyS_ioctl+0x7f/0xb0
[   29.383768]  ? do_vfs_ioctl+0xff0/0xff0
[   29.387731]  do_syscall_64+0x1d5/0x640
[   29.391684]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.397387] RIP: 0033:0x43ef09
[