[....] Starting enhanced syslogd: rsyslogd[   15.852864] audit: type=1400 audit(1518689822.140:5): avc:  denied  { syslog } for  pid=4027 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.379011] audit: type=1400 audit(1518689825.666:6): avc:  denied  { map } for  pid=4167 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.52' (ECDSA) to the list of known hosts.
executing program
[   30.547405] audit: type=1400 audit(1518689836.835:7): avc:  denied  { map } for  pid=4182 comm="syzkaller444138" path="/root/syzkaller444138938" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   30.550264] 
[   30.573397] audit: type=1400 audit(1518689836.835:8): avc:  denied  { map } for  pid=4182 comm="syzkaller444138" path="/dev/ashmem" dev="devtmpfs" ino=8127 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
[   30.574965] ======================================================
[   30.574967] WARNING: possible circular locking dependency detected
[   30.574971] 4.16.0-rc1+ #223 Not tainted
[   30.574972] ------------------------------------------------------
[   30.574975] syzkaller444138/4182 is trying to acquire lock:
[   30.574979]  (&sb->s_type->i_mutex_key#11){++++}, at: [<00000000c32f8a28>] shmem_file_llseek+0xef/0x240
[   30.637793] 
[   30.637793] but task is already holding lock:
[   30.643737]  (ashmem_mutex){+.+.}, at: [<00000000071126f8>] ashmem_llseek+0x56/0x1f0
[   30.651603] 
[   30.651603] which lock already depends on the new lock.
[   30.651603] 
[   30.659890] 
[   30.659890] the existing dependency chain (in reverse order) is:
[   30.667480] 
[   30.667480] -> #2 (ashmem_mutex){+.+.}:
[   30.672917]        __mutex_lock+0x16f/0x1a80
[   30.677297]        mutex_lock_nested+0x16/0x20
[   30.681849]        ashmem_mmap+0x53/0x410
[   30.685968]        mmap_region+0xa99/0x15a0
[   30.690256]        do_mmap+0x6c0/0xe00
[   30.694117]        vm_mmap_pgoff+0x1de/0x280
[   30.698494]        SyS_mmap_pgoff+0x462/0x5f0
[   30.702970]        do_fast_syscall_32+0x3ec/0xf9f
[   30.707784]        entry_SYSENTER_compat+0x70/0x7f
[   30.712680] 
[   30.712680] -> #1 (&mm->mmap_sem){++++}:
[   30.718198]        __might_fault+0x13a/0x1d0
[   30.722578]        _copy_to_user+0x2c/0xc0
[   30.726794]        filldir+0x1a7/0x320
[   30.730660]        dcache_readdir+0x12d/0x5e0
[   30.735125]        iterate_dir+0x1ca/0x530
[   30.739340]        SyS_getdents+0x225/0x450
[   30.743635]        do_syscall_64+0x280/0x940
[   30.748016]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   30.753695] 
[   30.753695] -> #0 (&sb->s_type->i_mutex_key#11){++++}:
[   30.760432]        lock_acquire+0x1d5/0x580
[   30.764728]        down_write+0x87/0x120
[   30.768765]        shmem_file_llseek+0xef/0x240
[   30.773405]        vfs_llseek+0xa2/0xd0
[   30.777351]        ashmem_llseek+0xe7/0x1f0
[   30.781639]        compat_SyS_lseek+0xeb/0x170
[   30.786189]        do_fast_syscall_32+0x3ec/0xf9f
[   30.791005]        entry_SYSENTER_compat+0x70/0x7f
[   30.795901] 
[   30.795901] other info that might help us debug this:
[   30.795901] 
[   30.804012] Chain exists of:
[   30.804012]   &sb->s_type->i_mutex_key#11 --> &mm->mmap_sem --> ashmem_mutex
[   30.804012] 
[   30.815519]  Possible unsafe locking scenario:
[   30.815519] 
[   30.821552]        CPU0                    CPU1
[   30.826190]        ----                    ----
[   30.830827]   lock(ashmem_mutex);
[   30.834250]                                lock(&mm->mmap_sem);
[   30.840278]                                lock(ashmem_mutex);
[   30.846225]   lock(&sb->s_type->i_mutex_key#11);
[   30.850963] 
[   30.850963]  *** DEADLOCK ***
[   30.850963] 
[   30.856990] 1 lock held by syzkaller444138/4182:
[   30.861711]  #0:  (ashmem_mutex){+.+.}, at: [<00000000071126f8>] ashmem_llseek+0x56/0x1f0
[   30.870009] 
[   30.870009] stack backtrace:
[   30.874482] CPU: 1 PID: 4182 Comm: syzkaller444138 Not tainted 4.16.0-rc1+ #223
[   30.881904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.891226] Call Trace:
[   30.893790]  dump_stack+0x194/0x257
[   30.897385]  ? arch_local_irq_restore+0x53/0x53
[   30.902029]  print_circular_bug.isra.38+0x2cd/0x2dc
[   30.907015]  ? save_trace+0xe0/0x2b0
[   30.910698]  __lock_acquire+0x30a8/0x3e00
[   30.914820]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   30.919979]  ? ashmem_llseek+0x56/0x1f0
[   30.923922]  ? lock_release+0xa40/0xa40
[   30.927865]  ? trace_event_raw_event_sched_switch+0x810/0x810
[   30.933719]  ? rcu_note_context_switch+0x710/0x710
[   30.938619]  ? vma_set_page_prot+0x16b/0x230
[   30.942997]  ? __might_sleep+0x95/0x190
[   30.946939]  ? ashmem_llseek+0x56/0x1f0
[   30.950883]  ? __mutex_lock+0x16f/0x1a80
[   30.954914]  ? ashmem_llseek+0x56/0x1f0
[   30.958857]  ? mmap_region+0x52e/0x15a0
[   30.962800]  ? ashmem_llseek+0x56/0x1f0
[   30.966742]  ? mutex_lock_io_nested+0x1900/0x1900
[   30.971551]  ? find_held_lock+0x35/0x1d0
[   30.975582]  ? lock_downgrade+0x980/0x980
[   30.979702]  lock_acquire+0x1d5/0x580
[   30.983472]  ? lock_acquire+0x1d5/0x580
[   30.987417]  ? shmem_file_llseek+0xef/0x240
[   30.991708]  ? lock_release+0xa40/0xa40
[   30.995651]  ? trace_event_raw_event_sched_switch+0x810/0x810
[   31.001507]  ? security_mmap_file+0x143/0x180
[   31.005976]  ? rcu_note_context_switch+0x710/0x710
[   31.010880]  ? __fget_light+0x2b2/0x3c0
[   31.014823]  ? __might_sleep+0x95/0x190
[   31.018767]  down_write+0x87/0x120
[   31.022275]  ? shmem_file_llseek+0xef/0x240
[   31.026567]  ? down_read+0x150/0x150
[   31.030251]  ? kmem_cache_free+0x258/0x2a0
[   31.034454]  shmem_file_llseek+0xef/0x240
[   31.038571]  ? shmem_free_swap+0x80/0x80
[   31.042600]  vfs_llseek+0xa2/0xd0
[   31.046026]  ashmem_llseek+0xe7/0x1f0
[   31.049796]  ? ashmem_read_iter+0x230/0x230
[   31.054086]  compat_SyS_lseek+0xeb/0x170
[   31.058114]  ? SyS_lseek+0x170/0x170
[   31.061803]  do_fast_syscall_32+0x3ec/0xf9f
[   31.066094]  ? do_int80_syscall_32+0x9c0/0x9c0
[   31.070645]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.075368]  ? syscall_return_slowpath+0x550/0x550
[   31.080266]  ? syscall_return_slowpath+0x2ac/0x550
[   31.085163]  ? prepare_exit_to_usermode+0x350/0x350
[   31.090152]  ? sysret32_from_system_call+0x5/0x3c
[   31.094965]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.099779]  entry_SYSENTER_compat+0x70/0x7f
[   31.104157] RIP: 0023:0xf7f8dc79
[   31.107492] RSP: 002b:00000000ffbcde3c EFLAGS: 00000282 ORIG_RAX: 0000000000000013
[   31.115168] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[   31.122408] RDX: 0000000000000003 RSI: 00000000080ea00c RDI: 000000000000003f
[   31.129652] RBP: 0000000000001000 R08: 0000000000000000 R09: 0000000000000000
[   31.136893] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   31.144133] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000