[....] Starting enhanced syslogd: rsyslogd[ 13.678155] audit: type=1400 audit(1521119121.745:4): avc: denied { syslog } for pid=3648 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts. 2018/03/15 13:05:33 parsed 1 programs 2018/03/15 13:05:33 executed programs: 0 syzkaller login: [ 25.409120] IPVS: Creating netns size=2536 id=1 [ 25.427750] [ 25.429388] ====================================================== [ 25.435671] [ INFO: possible circular locking dependency detected ] [ 25.442045] 4.9.87-g3a3a084 #4 Not tainted [ 25.446244] ------------------------------------------------------- [ 25.452616] syz-executor0/3817 is trying to acquire lock: [ 25.458118] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 25.466589] but task is already holding lock: [ 25.471237] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x371/0xfe0 [ 25.479619] which lock already depends on the new lock. [ 25.479619] [ 25.486596] [ 25.486596] the existing dependency chain (in reverse order) is: [ 25.494181] -> #1 (ashmem_mutex){+.+.+.}: [ 25.498935] lock_acquire+0x12e/0x410 [ 25.503223] mutex_lock_nested+0xbb/0x870 [ 25.507859] ashmem_mmap+0x53/0x400 [ 25.511974] mmap_region+0x7dd/0xfd0 [ 25.516182] do_mmap+0x57b/0xbe0 [ 25.520039] vm_mmap_pgoff+0x16b/0x1b0 [ 25.524423] SyS_mmap_pgoff+0x33f/0x560 [ 25.528885] do_fast_syscall_32+0x2f5/0x870 [ 25.533696] entry_SYSENTER_compat+0x90/0xa2 [ 25.538593] -> #0 (&mm->mmap_sem){++++++}: [ 25.543432] __lock_acquire+0x2bf9/0x3640 [ 25.548068] lock_acquire+0x12e/0x410 [ 25.552358] __might_fault+0x14a/0x1d0 [ 25.556736] ashmem_ioctl+0x3c0/0xfe0 [ 25.561024] compat_ashmem_ioctl+0x3e/0x50 [ 25.565751] compat_SyS_ioctl+0x15f/0x2050 [ 25.570560] do_fast_syscall_32+0x2f5/0x870 [ 25.575368] entry_SYSENTER_compat+0x90/0xa2 [ 25.580264] [ 25.580264] other info that might help us debug this: [ 25.580264] [ 25.588370] Possible unsafe locking scenario: [ 25.588370] [ 25.594402] CPU0 CPU1 [ 25.599034] ---- ---- [ 25.603668] lock(ashmem_mutex); [ 25.607314] lock(&mm->mmap_sem); [ 25.613565] lock(ashmem_mutex); [ 25.619730] lock(&mm->mmap_sem); [ 25.623464] [ 25.623464] *** DEADLOCK *** [ 25.623464] [ 25.629490] 1 lock held by syz-executor0/3817: [ 25.634038] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x371/0xfe0 [ 25.642964] [ 25.642964] stack backtrace: [ 25.647435] CPU: 0 PID: 3817 Comm: syz-executor0 Not tainted 4.9.87-g3a3a084 #4 [ 25.654849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.664173] ffff8801d89cfa38 ffffffff81d95a19 ffffffff853a4cd0 ffffffff853a4cd0 [ 25.672140] ffffffff853c57f0 ffff8801b18368d8 ffff8801b1836000 ffff8801d89cfa80 [ 25.680103] ffffffff81238961 ffff8801b18368d8 00000000b18368b0 ffff8801b18368d8 [ 25.688063] Call Trace: [ 25.690622] [] dump_stack+0xc1/0x128 [ 25.695966] [] print_circular_bug+0x271/0x310 [ 25.702079] [] __lock_acquire+0x2bf9/0x3640 [ 25.708018] [] ? avc_has_extended_perms+0x3fc/0xf10 [ 25.714650] [] ? avc_has_extended_perms+0xe2/0xf10 [ 25.721195] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 25.728175] [] ? mark_held_locks+0xaf/0x100 [ 25.734117] [] ? mutex_lock_nested+0x5e3/0x870 [ 25.740315] [] ? __lock_is_held+0xa1/0xf0 [ 25.746078] [] lock_acquire+0x12e/0x410 [ 25.751670] [] ? __might_fault+0xe4/0x1d0 [ 25.757446] [] __might_fault+0x14a/0x1d0 [ 25.763122] [] ? __might_fault+0xe4/0x1d0 [ 25.768895] [] ashmem_ioctl+0x3c0/0xfe0 [ 25.774491] [] ? selinux_file_ioctl+0x355/0x530 [ 25.780779] [] ? selinux_capable+0x40/0x40 [ 25.786631] [] ? get_name+0x250/0x250 [ 25.792047] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 25.798158] [] compat_ashmem_ioctl+0x3e/0x50 [ 25.804187] [] compat_SyS_ioctl+0x15f/0x2050 [ 25.8