[....] Starting enhanced syslogd: rsyslogd[ 13.657289] audit: type=1400 audit(1521400657.632:4): avc: denied { syslog } for pid=3505 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts. 2018/03/18 19:17:51 parsed 1 programs 2018/03/18 19:17:51 executed programs: 0 syzkaller login: [ 27.207319] IPVS: Creating netns size=2536 id=1 [ 27.238807] IPVS: Creating netns size=2536 id=2 [ 27.255868] IPVS: Creating netns size=2536 id=3 [ 27.294724] IPVS: Creating netns size=2536 id=4 [ 27.327834] IPVS: Creating netns size=2536 id=5 [ 27.350724] IPVS: Creating netns size=2536 id=6 [ 27.386477] IPVS: Creating netns size=2536 id=7 [ 27.401956] IPVS: Creating netns size=2536 id=8 2018/03/18 19:17:56 executed programs: 1515 2018/03/18 19:18:01 executed programs: 3086 [ 41.071953] [ 41.073617] ====================================================== [ 41.079918] [ INFO: possible circular locking dependency detected ] [ 41.086310] 4.9.88-gbb52bba #7 Not tainted [ 41.090513] ------------------------------------------------------- [ 41.096890] syz-executor3/16666 is trying to acquire lock: [ 41.102487] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 41.110978] but task is already holding lock: [ 41.115613] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x371/0xfe0 [ 41.124015] which lock already depends on the new lock. [ 41.124015] [ 41.131010] [ 41.131010] the existing dependency chain (in reverse order) is: [ 41.138606] -> #1 (ashmem_mutex){+.+.+.}: [ 41.143396] lock_acquire+0x12e/0x410 [ 41.147698] mutex_lock_nested+0xbb/0x870 [ 41.152340] ashmem_mmap+0x53/0x400 [ 41.156462] mmap_region+0x7dd/0xfd0 [ 41.160667] do_mmap+0x57b/0xbe0 [ 41.164531] vm_mmap_pgoff+0x16b/0x1b0 [ 41.168910] SyS_mmap_pgoff+0x33f/0x560 [ 41.173383] do_fast_syscall_32+0x2f5/0x870 [ 41.178204] entry_SYSENTER_compat+0x90/0xa2 [ 41.183457] -> #0 (&mm->mmap_sem){++++++}: [ 41.188318] __lock_acquire+0x2bf9/0x3640 [ 41.192959] lock_acquire+0x12e/0x410 [ 41.197257] __might_fault+0x14a/0x1d0 [ 41.201642] ashmem_ioctl+0x3c0/0xfe0 [ 41.205943] compat_ashmem_ioctl+0x3e/0x50 [ 41.210671] compat_SyS_ioctl+0x15f/0x2050 [ 41.215398] do_fast_syscall_32+0x2f5/0x870 [ 41.220322] entry_SYSENTER_compat+0x90/0xa2 [ 41.225217] [ 41.225217] other info that might help us debug this: [ 41.225217] [ 41.233327] Possible unsafe locking scenario: [ 41.233327] [ 41.239353] CPU0 CPU1 [ 41.243990] ---- ---- [ 41.248626] lock(ashmem_mutex); [ 41.252281] lock(&mm->mmap_sem); [ 41.258544] lock(ashmem_mutex); [ 41.264713] lock(&mm->mmap_sem); [ 41.268456] [ 41.268456] *** DEADLOCK *** [ 41.268456] [ 41.274483] 1 lock held by syz-executor3/16666: [ 41.279123] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x371/0xfe0 [ 41.288059] [ 41.288059] stack backtrace: [ 41.292526] CPU: 1 PID: 16666 Comm: syz-executor3 Not tainted 4.9.88-gbb52bba #7 [ 41.300026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.309350] ffff8801d978fa38 ffffffff81d95f19 ffffffff853a5db0 ffffffff853a5db0 [ 41.317329] ffffffff853c52e0 ffff8801c44b08d8 ffff8801c44b0000 ffff8801d978fa80 [ 41.325305] ffffffff81238bd1 ffff8801c44b08d8 00000000c44b08b0 ffff8801c44b08d8 [ 41.333284] Call Trace: [ 41.335846] [] dump_stack+0xc1/0x128 [ 41.341182] [] print_circular_bug+0x271/0x310 [ 41.347299] [] __lock_acquire+0x2bf9/0x3640 [ 41.353244] [] ? avc_has_extended_perms+0x3fc/0xf10 [ 41.359885] [] ? avc_has_extended_perms+0xe2/0xf10 [ 41.366441] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 41.373425] [] ? mark_held_locks+0xaf/0x100 [ 41.379378] [] ? mutex_lock_nested+0x5e3/0x870 [ 41.385581] [] ? __lock_is_held+0xa1/0xf0 [ 41.391352] [] lock_acquire+0x12e/0x410 [ 41.396947] [] ? __might_fault+0xe4/0x1d0 [ 41.402714] [] __might_fault+0x14a/0x1d0 [ 41.408399] [] ? __might_fault+0xe4/0x1d0 [ 41.414167] [] ashmem_ioctl+0x3c0/0xfe0 [ 41.419761] [] ? selinux_file_ioctl+0x355/0x530 [ 41.426055] [] ? selinux_capable+0x40/0x40 [ 41.431912] [] ? get_name+0x250/0x250 [ 41.437331] [] ? get_mountpoint+0x1c9/0x320 [ 41.443274] [] ? __fget+0x231/0x3b0 [ 41.448525] [] ? __fget+0x47/0x3b0 [ 41.453684] [] compat_ashmem_ioctl+0x3e/0x50 [ 41.459714] [] compat_SyS_ioctl+0x15f/0x2050 [ 41.465743] [] ? ashmem_ioctl+0xfe0/0xfe0 [ 41.471515] [] ? do_ioctl+0x60/0x60 [ 41.476763] [] do_fast_syscall_32+0x2f5/0x870 [ 41.482880] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.489527] [] entry_SYSENTER_compat+0x90/0xa2