[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[   18.031448] audit: type=1400 audit(1517414185.613:6): avc:  denied  { map } for  pid=4171 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
syzkaller login: [   31.152716] audit: type=1400 audit(1517414198.734:7): avc:  denied  { map } for  pid=4187 comm="syzkaller700929" path="/root/syzkaller700929173" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
[   31.408405] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   31.714732] 
[   31.716382] ======================================================
[   31.717825] audit: type=1400 audit(1517414199.296:8): avc:  denied  { map } for  pid=4187 comm="syzkaller700929" path="/dev/ashmem" dev="devtmpfs" ino=9102 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
[   31.747349] WARNING: possible circular locking dependency detected
[   31.753636] 4.15.0+ #198 Not tainted
[   31.757315] ------------------------------------------------------
[   31.763599] syzkaller700929/4187 is trying to acquire lock:
[   31.769275]  (&sb->s_type->i_mutex_key#11){++++}, at: [<00000000bd66241c>] shmem_file_llseek+0xef/0x240
[   31.778781] 
[   31.778781] but task is already holding lock:
[   31.784716]  (ashmem_mutex){+.+.}, at: [<00000000c7d33b53>] ashmem_llseek+0x56/0x1f0
[   31.792570] 
[   31.792570] which lock already depends on the new lock.
[   31.792570] 
[   31.800854] 
[   31.800854] the existing dependency chain (in reverse order) is:
[   31.808440] 
[   31.808440] -> #2 (ashmem_mutex){+.+.}:
[   31.813871]        __mutex_lock+0x16f/0x1a80
[   31.818246]        mutex_lock_nested+0x16/0x20
[   31.822793]        ashmem_mmap+0x53/0x410
[   31.826907]        mmap_region+0xa99/0x15a0
[   31.831193]        do_mmap+0x6c0/0xe00
[   31.835050]        vm_mmap_pgoff+0x1de/0x280
[   31.839423]        SyS_mmap_pgoff+0x462/0x5f0
[   31.843888]        do_fast_syscall_32+0x3ee/0xf9d
[   31.848696]        entry_SYSENTER_compat+0x54/0x63
[   31.853588] 
[   31.853588] -> #1 (&mm->mmap_sem){++++}:
[   31.859098]        __might_fault+0x13a/0x1d0
[   31.863484]        _copy_to_user+0x2c/0xc0
[   31.867684]        filldir+0x1a7/0x320
[   31.871545]        dcache_readdir+0x12d/0x5e0
[   31.876004]        iterate_dir+0x1ca/0x530
[   31.880202]        SyS_getdents+0x225/0x450
[   31.884492]        entry_SYSCALL_64_fastpath+0x29/0xa0
[   31.889732] 
[   31.889732] -> #0 (&sb->s_type->i_mutex_key#11){++++}:
[   31.896457]        lock_acquire+0x1d5/0x580
[   31.900748]        down_write+0x87/0x120
[   31.905038]        shmem_file_llseek+0xef/0x240
[   31.909673]        vfs_llseek+0xa2/0xd0
[   31.913614]        ashmem_llseek+0xe7/0x1f0
[   31.917902]        compat_SyS_lseek+0xeb/0x170
[   31.922453]        do_fast_syscall_32+0x3ee/0xf9d
[   31.927265]        entry_SYSENTER_compat+0x54/0x63
[   31.932159] 
[   31.932159] other info that might help us debug this:
[   31.932159] 
[   31.940266] Chain exists of:
[   31.940266]   &sb->s_type->i_mutex_key#11 --> &mm->mmap_sem --> ashmem_mutex
[   31.940266] 
[   31.951765]  Possible unsafe locking scenario:
[   31.951765] 
[   31.957786]        CPU0                    CPU1
[   31.962417]        ----                    ----
[   31.967049]   lock(ashmem_mutex);
[   31.970467]                                lock(&mm->mmap_sem);
[   31.976488]                                lock(ashmem_mutex);
[   31.982423]   lock(&sb->s_type->i_mutex_key#11);
[   31.987143] 
[   31.987143]  *** DEADLOCK ***
[   31.987143] 
[   31.993171] 1 lock held by syzkaller700929/4187:
[   31.997888]  #0:  (ashmem_mutex){+.+.}, at: [<00000000c7d33b53>] ashmem_llseek+0x56/0x1f0
[   32.006180] 
[   32.006180] stack backtrace:
[   32.010643] CPU: 1 PID: 4187 Comm: syzkaller700929 Not tainted 4.15.0+ #198
[   32.017704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.027024] Call Trace:
[   32.029582]  dump_stack+0x194/0x257
[   32.033179]  ? arch_local_irq_restore+0x53/0x53
[   32.037820]  print_circular_bug.isra.38+0x2cd/0x2dc
[   32.042802]  ? save_trace+0xe0/0x2b0
[   32.046484]  __lock_acquire+0x30a8/0x3e00
[   32.050600]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   32.055758]  ? ashmem_llseek+0x56/0x1f0
[   32.059699]  ? lock_release+0xa40/0xa40
[   32.063640]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   32.069493]  ? rcu_note_context_switch+0x710/0x710
[   32.074391]  ? vma_set_page_prot+0x16b/0x230
[   32.078763]  ? __might_sleep+0x95/0x190
[   32.082703]  ? ashmem_llseek+0x56/0x1f0
[   32.086642]  ? __mutex_lock+0x16f/0x1a80
[   32.090668]  ? ashmem_llseek+0x56/0x1f0
[   32.094608]  ? ashmem_llseek+0x56/0x1f0
[   32.098550]  ? mutex_lock_io_nested+0x1900/0x1900
[   32.103357]  ? find_held_lock+0x35/0x1d0
[   32.107387]  ? lock_downgrade+0x980/0x980
[   32.111504]  lock_acquire+0x1d5/0x580
[   32.115273]  ? lock_acquire+0x1d5/0x580
[   32.119225]  ? shmem_file_llseek+0xef/0x240
[   32.123521]  ? lock_release+0xa40/0xa40
[   32.127460]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   32.133313]  ? security_mmap_file+0x143/0x180
[   32.137778]  ? rcu_note_context_switch+0x710/0x710
[   32.142677]  ? __fget_light+0x297/0x380
[   32.146617]  ? __might_sleep+0x95/0x190
[   32.150560]  down_write+0x87/0x120
[   32.154065]  ? shmem_file_llseek+0xef/0x240
[   32.158351]  ? down_read+0x150/0x150
[   32.162031]  ? kmem_cache_free+0x267/0x2a0
[   32.166234]  shmem_file_llseek+0xef/0x240
[   32.170349]  ? shmem_free_swap+0x80/0x80
[   32.174375]  vfs_llseek+0xa2/0xd0
[   32.177795]  ashmem_llseek+0xe7/0x1f0
[   32.181564]  ? ashmem_read_iter+0x230/0x230
[   32.185850]  compat_SyS_lseek+0xeb/0x170
[   32.189876]  ? SyS_lseek+0x170/0x170
[   32.193557]  do_fast_syscall_32+0x3ee/0xf9d
[   32.197849]  ? do_int80_syscall_32+0x9d0/0x9d0
[   32.202397]  ? kasan_check_read+0x11/0x20
[   32.206512]  ? syscall_return_slowpath+0x550/0x550
[   32.211411]  ? SyS_rt_sigaction+0x94/0x1b0
[   32.215612]  ? SyS_sigprocmask+0x4b0/0x4b0
[   32.219811]  ? SyS_read+0x184/0x220
[   32.223405]  ? sysret32_from_system_call+0x5/0x3b
[   32.228214]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.233022]  entry_SYSENTER_compat+0x54/0x63
[   32.237394] RIP: 0023:0xf7fe9c79
[   32.240723] RSP: 002b:00000000ffa06c6c EFLAGS: 00000286 ORIG_RAX: 0000000000000013
[   32.248393] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000001e
[   32.255629] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 00000000080bfee2
[   32.262863] RBP: 00000000080bff53 R08: 0000000