[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[   18.318820] audit: type=1400 audit(1517813328.244:6): avc:  denied  { map } for  pid=4162 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   51.873580] audit: type=1400 audit(1517813361.799:7): avc:  denied  { map } for  pid=4180 comm="syzkaller733831" path="/root/syzkaller733831133" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   51.877673] 
[   51.899590] audit: type=1400 audit(1517813361.799:8): avc:  denied  { map } for  pid=4180 comm="syzkaller733831" path="/dev/ashmem" dev="devtmpfs" ino=1088 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
[   51.901162] ======================================================
[   51.901165] WARNING: possible circular locking dependency detected
[   51.901170] 4.15.0+ #208 Not tainted
[   51.901175] ------------------------------------------------------
[   51.948456] syzkaller733831/4180 is trying to acquire lock:
[   51.954134]  (&sb->s_type->i_mutex_key#11){++++}, at: [<00000000ba2c6d63>] shmem_file_llseek+0xef/0x240
[   51.963652] 
[   51.963652] but task is already holding lock:
[   51.969601]  (ashmem_mutex){+.+.}, at: [<00000000abe98b16>] ashmem_llseek+0x56/0x1f0
[   51.977459] 
[   51.977459] which lock already depends on the new lock.
[   51.977459] 
[   51.985743] 
[   51.985743] the existing dependency chain (in reverse order) is:
[   51.993333] 
[   51.993333] -> #2 (ashmem_mutex){+.+.}:
[   51.998769]        __mutex_lock+0x16f/0x1a80
[   52.003151]        mutex_lock_nested+0x16/0x20
[   52.007706]        ashmem_mmap+0x53/0x410
[   52.011826]        mmap_region+0xa99/0x15a0
[   52.016117]        do_mmap+0x6c0/0xe00
[   52.019975]        vm_mmap_pgoff+0x1de/0x280
[   52.024355]        SyS_mmap_pgoff+0x462/0x5f0
[   52.028829]        do_fast_syscall_32+0x3ee/0xfa1
[   52.033644]        entry_SYSENTER_compat+0x54/0x63
[   52.038540] 
[   52.038540] -> #1 (&mm->mmap_sem){++++}:
[   52.044058]        __might_fault+0x13a/0x1d0
[   52.048443]        _copy_to_user+0x2c/0xc0
[   52.052649]        filldir+0x1a7/0x320
[   52.056510]        dcache_readdir+0x12d/0x5e0
[   52.060975]        iterate_dir+0x1ca/0x530
[   52.065179]        SyS_getdents+0x225/0x450
[   52.069472]        do_syscall_64+0x282/0x940
[   52.073848]        entry_SYSCALL_64_after_hwframe+0x26/0x9b
[   52.079538] 
[   52.079538] -> #0 (&sb->s_type->i_mutex_key#11){++++}:
[   52.086273]        lock_acquire+0x1d5/0x580
[   52.090566]        down_write+0x87/0x120
[   52.094599]        shmem_file_llseek+0xef/0x240
[   52.099242]        vfs_llseek+0xa2/0xd0
[   52.103191]        ashmem_llseek+0xe7/0x1f0
[   52.107484]        compat_SyS_lseek+0xeb/0x170
[   52.112041]        do_fast_syscall_32+0x3ee/0xfa1
[   52.116858]        entry_SYSENTER_compat+0x54/0x63
[   52.121756] 
[   52.121756] other info that might help us debug this:
[   52.121756] 
[   52.129866] Chain exists of:
[   52.129866]   &sb->s_type->i_mutex_key#11 --> &mm->mmap_sem --> ashmem_mutex
[   52.129866] 
[   52.141375]  Possible unsafe locking scenario:
[   52.141375] 
[   52.147402]        CPU0                    CPU1
[   52.152039]        ----                    ----
[   52.156690]   lock(ashmem_mutex);
[   52.160116]                                lock(&mm->mmap_sem);
[   52.166337]                                lock(ashmem_mutex);
[   52.172285]   lock(&sb->s_type->i_mutex_key#11);
[   52.177012] 
[   52.177012]  *** DEADLOCK ***
[   52.177012] 
[   52.183038] 1 lock held by syzkaller733831/4180:
[   52.187764]  #0:  (ashmem_mutex){+.+.}, at: [<00000000abe98b16>] ashmem_llseek+0x56/0x1f0
[   52.196068] 
[   52.196068] stack backtrace:
[   52.200540] CPU: 1 PID: 4180 Comm: syzkaller733831 Not tainted 4.15.0+ #208
[   52.207608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.216934] Call Trace:
[   52.219500]  dump_stack+0x194/0x257
[   52.223099]  ? arch_local_irq_restore+0x53/0x53
[   52.227745]  print_circular_bug.isra.38+0x2cd/0x2dc
[   52.232741]  ? save_trace+0xe0/0x2b0
[   52.236429]  __lock_acquire+0x30a8/0x3e00
[   52.240552]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   52.245716]  ? ashmem_llseek+0x56/0x1f0
[   52.249661]  ? lock_release+0xa40/0xa40
[   52.253618]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   52.259477]  ? rcu_note_context_switch+0x710/0x710
[   52.264380]  ? vma_set_page_prot+0x16b/0x230
[   52.268758]  ? __might_sleep+0x95/0x190
[   52.272704]  ? ashmem_llseek+0x56/0x1f0
[   52.276651]  ? __mutex_lock+0x16f/0x1a80
[   52.280684]  ? ashmem_llseek+0x56/0x1f0
[   52.284632]  ? mmap_region+0x52e/0x15a0
[   52.288577]  ? ashmem_llseek+0x56/0x1f0
[   52.292526]  ? mutex_lock_io_nested+0x1900/0x1900
[   52.297342]  ? find_held_lock+0x35/0x1d0
[   52.301378]  ? lock_downgrade+0x980/0x980
[   52.305499]  lock_acquire+0x1d5/0x580
[   52.309280]  ? lock_acquire+0x1d5/0x580
[   52.313240]  ? shmem_file_llseek+0xef/0x240
[   52.317533]  ? lock_release+0xa40/0xa40
[   52.321478]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   52.327336]  ? security_mmap_file+0x143/0x180
[   52.331824]  ? rcu_note_context_switch+0x710/0x710
[   52.336730]  ? __fget_light+0x2b2/0x3c0
[   52.340680]  ? __might_sleep+0x95/0x190
[   52.344627]  down_write+0x87/0x120
[   52.348142]  ? shmem_file_llseek+0xef/0x240
[   52.352436]  ? down_read+0x150/0x150
[   52.356136]  ? kmem_cache_free+0x267/0x2a0
[   52.360345]  shmem_file_llseek+0xef/0x240
[   52.364467]  ? shmem_free_swap+0x80/0x80
[   52.368516]  vfs_llseek+0xa2/0xd0
[   52.371945]  ashmem_llseek+0xe7/0x1f0
[   52.375720]  ? ashmem_read_iter+0x230/0x230
[   52.380015]  compat_SyS_lseek+0xeb/0x170
[   52.384048]  ? SyS_lseek+0x170/0x170
[   52.387735]  do_fast_syscall_32+0x3ee/0xfa1
[   52.392030]  ? do_int80_syscall_32+0x9d0/0x9d0
[   52.396586]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   52.401313]  ? syscall_return_slowpath+0x550/0x550
[   52.406215]  ? syscall_return_slowpath+0x2ac/0x550
[   52.411126]  ? prepare_exit_to_usermode+0x350/0x350
[   52.416119]  ? sysret32_from_system_call+0x5/0x3b
[   52.420939]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   52.425753]  entry_SYSENTER_compat+0x54/0x63
[   52.430135] RIP: 0023:0xf7f35c79
[   52.433469] RSP: 002b:00000000ffa1b16c EFLAGS: 00000286 ORIG_RAX: 0000000000000013
[   52.441149] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[   52.448392] RDX: 0000000000000003 RSI: 00000000080ea00c RDI: 000000000000003f
[   52.455635] RBP: 0000000000001000 R08: 0000000000000000 R09: 0000000000000000
[   52.462875] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   52.470117] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000