[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.203' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   29.783767] 
[   29.785408] ======================================================
[   29.791735] WARNING: possible circular locking dependency detected
[   29.798026] 4.14.231-syzkaller #0 Not tainted
[   29.802522] ------------------------------------------------------
[   29.808810] syz-executor319/7958 is trying to acquire lock:
[   29.814486]  (sb_writers#6){.+.+}, at: [<ffffffff818600d1>] vfs_fallocate+0x5c1/0x790
[   29.822449] 
[   29.822449] but task is already holding lock:
[   29.828392]  (ashmem_mutex){+.+.}, at: [<ffffffff858cf50e>] ashmem_ioctl+0x27e/0xd00
[   29.836266] 
[   29.836266] which lock already depends on the new lock.
[   29.836266] 
[   29.844560] 
[   29.844560] the existing dependency chain (in reverse order) is:
[   29.852190] 
[   29.852190] -> #3 (ashmem_mutex){+.+.}:
[   29.857630]        __mutex_lock+0xc4/0x1310
[   29.861925]        ashmem_mmap+0x50/0x5c0
[   29.866072]        mmap_region+0xa1a/0x1220
[   29.870365]        do_mmap+0x5b3/0xcb0
[   29.874246]        vm_mmap_pgoff+0x14e/0x1a0
[   29.878628]        SyS_mmap_pgoff+0x249/0x510
[   29.883093]        do_syscall_64+0x1d5/0x640
[   29.887472]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.893159] 
[   29.893159] -> #2 (&mm->mmap_sem){++++}:
[   29.898672]        __might_fault+0x137/0x1b0
[   29.903052]        _copy_to_user+0x27/0xd0
[   29.907258]        filldir+0x1d5/0x390
[   29.911126]        dcache_readdir+0x180/0x860
[   29.915592]        iterate_dir+0x1a0/0x5e0
[   29.919796]        SyS_getdents+0x125/0x240
[   29.924091]        do_syscall_64+0x1d5/0x640
[   29.928481]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.934157] 
[   29.934157] -> #1 (&type->i_mutex_dir_key#5){++++}:
[   29.940642]        down_write+0x34/0x90
[   29.944603]        path_openat+0xde2/0x2970
[   29.948895]        do_filp_open+0x179/0x3c0
[   29.953200]        do_sys_open+0x296/0x410
[   29.957419]        do_syscall_64+0x1d5/0x640
[   29.961799]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.967482] 
[   29.967482] -> #0 (sb_writers#6){.+.+}:
[   29.973093]        lock_acquire+0x170/0x3f0
[   29.977398]        __sb_start_write+0x64/0x260
[   29.981950]        vfs_fallocate+0x5c1/0x790
[   29.986330]        ashmem_shrink_scan.part.0+0x135/0x3d0
[   29.991748]        ashmem_ioctl+0x294/0xd00
[   29.996041]        do_vfs_ioctl+0x75a/0xff0
[   30.000336]        SyS_ioctl+0x7f/0xb0
[   30.004198]        do_syscall_64+0x1d5/0x640
[   30.008591]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   30.014284] 
[   30.014284] other info that might help us debug this:
[   30.014284] 
[   30.022394] Chain exists of:
[   30.022394]   sb_writers#6 --> &mm->mmap_sem --> ashmem_mutex
[   30.022394] 
[   30.032608]  Possible unsafe locking scenario:
[   30.032608] 
[   30.038670]        CPU0                    CPU1
[   30.043310]        ----                    ----
[   30.047984]   lock(ashmem_mutex);
[   30.051415]                                lock(&mm->mmap_sem);
[   30.057450]                                lock(ashmem_mutex);
[   30.063398]   lock(sb_writers#6);
[   30.066824] 
[   30.066824]  *** DEADLOCK ***
[   30.066824] 
[   30.072941] 1 lock held by syz-executor319/7958:
[   30.077699]  #0:  (ashmem_mutex){+.+.}, at: [<ffffffff858cf50e>] ashmem_ioctl+0x27e/0xd00
[   30.085997] 
[   30.085997] stack backtrace:
[   30.090504] CPU: 1 PID: 7958 Comm: syz-executor319 Not tainted 4.14.231-syzkaller #0
[   30.098362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.107708] Call Trace:
[   30.110281]  dump_stack+0x1b2/0x281
[   30.113891]  print_circular_bug.constprop.0.cold+0x2d7/0x41e
[   30.119706]  __lock_acquire+0x2e0e/0x3f20
[   30.123836]  ? aa_file_perm+0x304/0xab0
[   30.127785]  ? __lock_acquire+0x5fc/0x3f20
[   30.131992]  ? trace_hardirqs_on+0x10/0x10
[   30.136213]  ? aa_path_link+0x3a0/0x3a0
[   30.140172]  ? trace_hardirqs_on+0x10/0x10
[   30.144385]  ? cache_alloc_refill+0x2fa/0x350
[   30.148855]  lock_acquire+0x170/0x3f0
[   30.152636]  ? vfs_fallocate+0x5c1/0x790
[   30.156713]  __sb_start_write+0x64/0x260
[   30.160751]  ? vfs_fallocate+0x5c1/0x790
[   30.164787]  ? shmem_evict_inode+0x8b0/0x8b0
[   30.169169]  vfs_fallocate+0x5c1/0x790
[   30.173048]  ashmem_shrink_scan.part.0+0x135/0x3d0
[   30.177963]  ? mutex_trylock+0x152/0x1a0
[   30.182010]  ? ashmem_ioctl+0x27e/0xd00
[   30.185960]  ashmem_ioctl+0x294/0xd00
[   30.189756]  ? userfaultfd_unmap_prep+0x450/0x450
[   30.194573]  ? ashmem_shrink_scan+0x80/0x80
[   30.198879]  ? lock_downgrade+0x740/0x740
[   30.203011]  ? ashmem_shrink_scan+0x80/0x80
[   30.207335]  do_vfs_ioctl+0x75a/0xff0
[   30.211113]  ? ioctl_preallocate+0x1a0/0x1a0
[   30.215494]  ? __fget+0x225/0x360
[   30.218920]  ? fput+0xb/0x140
[   30.221997]  ? SyS_mmap_pgoff+0x25e/0x510
[   30.226121]  ? security_file_ioctl+0x83/0xb0
[   30.230501]  SyS_ioctl+0x7f/0xb0
[   30.233840]  ? do_v