[....] Starting enhanced syslogd: rsyslogd[   16.122797] audit: type=1400 audit(1519944717.354:5): avc:  denied  { syslog } for  pid=4036 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.603207] audit: type=1400 audit(1519944720.834:6): avc:  denied  { map } for  pid=4176 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts.
executing program
[   25.924182] audit: type=1400 audit(1519944727.155:7): avc:  denied  { map } for  pid=4190 comm="syzkaller239149" path="/root/syzkaller239149024" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   25.927504] 
[   25.950140] audit: type=1400 audit(1519944727.156:8): avc:  denied  { map } for  pid=4190 comm="syzkaller239149" path="/dev/ashmem" dev="devtmpfs" ino=9469 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
[   25.951698] ======================================================
[   25.951700] WARNING: possible circular locking dependency detected
[   25.951704] 4.16.0-rc3+ #335 Not tainted
[   25.951705] ------------------------------------------------------
[   25.951708] syzkaller239149/4190 is trying to acquire lock:
[   25.951710]  (&mm->mmap_sem){++++}, at: [<00000000e8a247c3>] __might_fault+0xe0/0x1d0
[   25.951731] 
[   25.951731] but task is already holding lock:
[   26.018855]  (ashmem_mutex){+.+.}, at: [<000000001d326b34>] ashmem_ioctl+0x3db/0x11b0
[   26.026806] 
[   26.026806] which lock already depends on the new lock.
[   26.026806] 
[   26.035091] 
[   26.035091] the existing dependency chain (in reverse order) is:
[   26.042679] 
[   26.042679] -> #1 (ashmem_mutex){+.+.}:
[   26.048121]        __mutex_lock+0x16f/0x1a80
[   26.052500]        mutex_lock_nested+0x16/0x20
[   26.057068]        ashmem_mmap+0x53/0x410
[   26.061188]        mmap_region+0xa99/0x15a0
[   26.065477]        do_mmap+0x6c0/0xe00
[   26.069333]        vm_mmap_pgoff+0x1de/0x280
[   26.073712]        SyS_mmap_pgoff+0x462/0x5f0
[   26.078177]        SyS_mmap+0x16/0x20
[   26.081947]        do_syscall_64+0x281/0x940
[   26.086325]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   26.092026] 
[   26.092026] -> #0 (&mm->mmap_sem){++++}:
[   26.097559]        lock_acquire+0x1d5/0x580
[   26.101853]        __might_fault+0x13a/0x1d0
[   26.106231]        _copy_from_user+0x2c/0x110
[   26.110695]        ashmem_ioctl+0x438/0x11b0
[   26.115076]        do_vfs_ioctl+0x1b1/0x1520
[   26.119452]        SyS_ioctl+0x8f/0xc0
[   26.123310]        do_syscall_64+0x281/0x940
[   26.127688]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   26.133365] 
[   26.133365] other info that might help us debug this:
[   26.133365] 
[   26.141477]  Possible unsafe locking scenario:
[   26.141477] 
[   26.147504]        CPU0                    CPU1
[   26.152139]        ----                    ----
[   26.156774]   lock(ashmem_mutex);
[   26.160206]                                lock(&mm->mmap_sem);
[   26.166232]                                lock(ashmem_mutex);
[   26.172174]   lock(&mm->mmap_sem);
[   26.175682] 
[   26.175682]  *** DEADLOCK ***
[   26.175682] 
[   26.181708] 1 lock held by syzkaller239149/4190:
[   26.186429]  #0:  (ashmem_mutex){+.+.}, at: [<000000001d326b34>] ashmem_ioctl+0x3db/0x11b0
[   26.194815] 
[   26.194815] stack backtrace:
[   26.199287] CPU: 0 PID: 4190 Comm: syzkaller239149 Not tainted 4.16.0-rc3+ #335
[   26.206712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.216041] Call Trace:
[   26.218606]  dump_stack+0x194/0x24d
[   26.222205]  ? arch_local_irq_restore+0x53/0x53
[   26.226849]  print_circular_bug.isra.38+0x2cd/0x2dc
[   26.231836]  ? save_trace+0xe0/0x2b0
[   26.235521]  __lock_acquire+0x30a8/0x3e00
[   26.239641]  ? ashmem_ioctl+0x3db/0x11b0
[   26.243677]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.248840]  ? __might_sleep+0x95/0x190
[   26.252788]  ? ashmem_ioctl+0x3db/0x11b0
[   26.256821]  ? __mutex_lock+0x16f/0x1a80
[   26.260851]  ? ashmem_ioctl+0x3db/0x11b0
[   26.264883]  ? proc_nr_files+0x60/0x60
[   26.268746]  ? ashmem_ioctl+0x3db/0x11b0
[   26.272785]  ? find_held_lock+0x35/0x1d0
[   26.276818]  ? mutex_lock_io_nested+0x1900/0x1900
[   26.281634]  ? uprobe_mmap+0x15a/0xc90
[   26.285497]  ? lock_downgrade+0x980/0x980
[   26.289618]  ? __mutex_unlock_slowpath+0xe9/0xac0
[   26.294432]  ? find_held_lock+0x35/0x1d0
[   26.298465]  ? lock_downgrade+0x980/0x980
[   26.302585]  ? vma_set_page_prot+0x16b/0x230
[   26.306965]  lock_acquire+0x1d5/0x580
[   26.310736]  ? lock_acquire+0x1d5/0x580
[   26.314681]  ? __might_fault+0xe0/0x1d0
[   26.318630]  ? lock_release+0xa40/0xa40
[   26.322585]  ? check_same_owner+0x320/0x320
[   26.326879]  ? __might_sleep+0x95/0x190
[   26.330823]  __might_fault+0x13a/0x1d0
[   26.334683]  ? __might_fault+0xe0/0x1d0
[   26.338631]  _copy_from_user+0x2c/0x110
[   26.342579]  ashmem_ioctl+0x438/0x11b0
[   26.346439]  ? ashmem_release+0x190/0x190
[   26.350559]  ? check_same_owner+0x320/0x320
[   26.354852]  ? down_read_killable+0x180/0x180
[   26.359317]  ? rcu_note_context_switch+0x710/0x710
[   26.364220]  ? ashmem_release+0x190/0x190
[   26.368337]  do_vfs_ioctl+0x1b1/0x1520
[   26.372609]  ? ioctl_preallocate+0x2b0/0x2b0
[   26.376996]  ? selinux_capable+0x40/0x40
[   26.381030]  ? putname+0xf3/0x130
[   26.384455]  ? fput+0xd2/0x140
[   26.387616]  ? SyS_mmap_pgoff+0x243/0x5f0
[   26.391735]  ? security_file_ioctl+0x7d/0xb0
[   26.396114]  ? security_file_ioctl+0x89/0xb0
[   26.400495]  SyS_ioctl+0x8f/0xc0
[   26.403832]  ? do_vfs_ioctl+0x1520/0x1520
[   26.407951]  do_syscall_64+0x281/0x940
[   26.411812]  ? __do_page_fault+0xc90/0xc90
[   26.416020]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.420754]  ? syscall_return_slowpath+0x550/0x550
[   26.425652]  ? syscall_return_slowpath+0x2ac/0x550
[   26.430551]  ? prepare_exit_to_usermode+0x350/0x350
[   26.435539]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   26.440872]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.445686]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   26.450845] RIP: 0033:0x43fd19
[   26.454005] RSP: 002b:00007ffd91a14648 EFLAGS: 00000217 ORIG_RAX: 0000000000000010
[   26.461683] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd19
[   26.468922] RDX: 0000000000000000 RSI: 0000000000007709 RDI: 0000000000000003
[   26