[....] Starting enhanced syslogd: rsyslogd[ 13.537229] audit: type=1400 audit(1519647824.987:4): avc: denied { syslog } for pid=3652 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. syzkaller login: [ 25.077755] [ 25.079402] ====================================================== [ 25.085690] [ INFO: possible circular locking dependency detected ] [ 25.092064] 4.9.84-ga9d0273 #52 Not tainted [ 25.096352] ------------------------------------------------------- [ 25.102725] syzkaller487967/3808 is trying to acquire lock: [ 25.108401] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 25.116958] but task is already holding lock: [ 25.121598] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x371/0xfe0 [ 25.129983] which lock already depends on the new lock. [ 25.129983] [ 25.136978] [ 25.136978] the existing dependency chain (in reverse order) is: [ 25.144569] -> #1 (ashmem_mutex){+.+.+.}: [ 25.149347] lock_acquire+0x12e/0x410 [ 25.153643] mutex_lock_nested+0xbb/0x870 [ 25.158281] ashmem_mmap+0x53/0x400 [ 25.162398] mmap_region+0x7dd/0xfd0 [ 25.166599] do_mmap+0x57b/0xbe0 [ 25.170454] vm_mmap_pgoff+0x16b/0x1b0 [ 25.174834] SyS_mmap_pgoff+0x33f/0x560 [ 25.179303] do_fast_syscall_32+0x2f5/0x870 [ 25.184117] entry_SYSENTER_compat+0x90/0xa2 [ 25.189014] -> #0 (&mm->mmap_sem){++++++}: [ 25.193879] __lock_acquire+0x2bf9/0x3640 [ 25.198517] lock_acquire+0x12e/0x410 [ 25.202811] __might_fault+0x14a/0x1d0 [ 25.207192] ashmem_ioctl+0x3c0/0xfe0 [ 25.211481] compat_ashmem_ioctl+0x3e/0x50 [ 25.216206] compat_SyS_ioctl+0x15f/0x2050 [ 25.220928] do_fast_syscall_32+0x2f5/0x870 [ 25.225741] entry_SYSENTER_compat+0x90/0xa2 [ 25.230638] [ 25.230638] other info that might help us debug this: [ 25.230638] [ 25.238750] Possible unsafe locking scenario: [ 25.238750] [ 25.244781] CPU0 CPU1 [ 25.249419] ---- ---- [ 25.254061] lock(ashmem_mutex); [ 25.257732] lock(&mm->mmap_sem); [ 25.264009] lock(ashmem_mutex); [ 25.270202] lock(&mm->mmap_sem); [ 25.273959] [ 25.273959] *** DEADLOCK *** [ 25.273959] [ 25.279995] 1 lock held by syzkaller487967/3808: [ 25.284729] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x371/0xfe0 [ 25.293684] [ 25.293684] stack backtrace: [ 25.298156] CPU: 1 PID: 3808 Comm: syzkaller487967 Not tainted 4.9.84-ga9d0273 #52 [ 25.305845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.315174] ffff8801d98d7a38 ffffffff81d956b9 ffffffff853a2cd0 ffffffff853a2cd0 [ 25.323146] ffffffff853c2f80 ffff8801d84d88d8 ffff8801d84d8000 ffff8801d98d7a80 [ 25.331129] ffffffff812387f1 ffff8801d84d88d8 00000000d84d88b0 ffff8801d84d88d8 [ 25.339112] Call Trace: [ 25.341673] [] dump_stack+0xc1/0x128 [ 25.347021] [] print_circular_bug+0x271/0x310 [ 25.353136] [] __lock_acquire+0x2bf9/0x3640 [ 25.359079] [] ? avc_has_extended_perms+0x3fc/0xf10 [ 25.365714] [] ? avc_has_extended_perms+0xe2/0xf10 [ 25.372264] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 25.379248] [] ? mark_held_locks+0xaf/0x100 [ 25.385196] [] ? mutex_lock_nested+0x5e3/0x870 [ 25.391399] [] ? __lock_is_held+0xa1/0xf0 [ 25.397168] [] lock_acquire+0x12e/0x410 [ 25.402767] [] ? __might_fault+0xe4/0x1d0 [ 25.408537] [] __might_fault+0x14a/0x1d0 [ 25.414219] [] ? __might_fault+0xe4/0x1d0 [ 25.419987] [] ashmem_ioctl+0x3c0/0xfe0 [ 25.425583] [] ? selinux_file_ioctl+0x355/0x530 [ 25.431876] [] ? selinux_capable+0x40/0x40 [ 25.438299] [] ? get_name+0x250/0x250 [ 25.443734] [] compat_ashmem_ioctl+0x3e/0x50 [ 25.449769] [] compat_SyS_ioctl+0x15f/0x2050 [ 25.455815] [] ? ashmem_ioctl+0xfe0/0xfe0 [ 25.461586] [] ? do_ioctl+0x60/0x60 [ 25.466837] [] do_fast_syscall_32+0x2f5/0x870 [ 25.472952] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [