[....] Starting enhanced syslogd: rsyslogd[ 15.519617] audit: type=1400 audit(1520496910.983:4): avc: denied { syslog } for pid=3633 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts. 2018/03/08 08:15:22 parsed 1 programs 2018/03/08 08:15:22 executed programs: 0 syzkaller login: [ 27.437478] IPVS: Creating netns size=2536 id=1 [ 27.455449] [ 27.457089] ====================================================== [ 27.463377] [ INFO: possible circular locking dependency detected ] [ 27.469754] 4.9.86-gd3a2afb #59 Not tainted [ 27.474044] ------------------------------------------------------- [ 27.480419] syz-executor0/3801 is trying to acquire lock: [ 27.485938] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 27.494435] but task is already holding lock: [ 27.499075] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x371/0xfe0 [ 27.507474] which lock already depends on the new lock. [ 27.507474] [ 27.514466] [ 27.514466] the existing dependency chain (in reverse order) is: [ 27.522065] -> #1 (ashmem_mutex){+.+.+.}: [ 27.526848] lock_acquire+0x12e/0x410 [ 27.531162] mutex_lock_nested+0xbb/0x870 [ 27.535801] ashmem_mmap+0x53/0x400 [ 27.539918] mmap_region+0x7dd/0xfd0 [ 27.544131] do_mmap+0x57b/0xbe0 [ 27.547989] vm_mmap_pgoff+0x16b/0x1b0 [ 27.552369] SyS_mmap_pgoff+0x33f/0x560 [ 27.556846] do_fast_syscall_32+0x2f5/0x870 [ 27.561660] entry_SYSENTER_compat+0x90/0xa2 [ 27.566558] -> #0 (&mm->mmap_sem){++++++}: [ 27.571414] __lock_acquire+0x2bf9/0x3640 [ 27.576051] lock_acquire+0x12e/0x410 [ 27.580345] __might_fault+0x14a/0x1d0 [ 27.584725] ashmem_ioctl+0x3c0/0xfe0 [ 27.589016] compat_ashmem_ioctl+0x3e/0x50 [ 27.593744] compat_SyS_ioctl+0x15f/0x2050 [ 27.598471] do_fast_syscall_32+0x2f5/0x870 [ 27.603286] entry_SYSENTER_compat+0x90/0xa2 [ 27.608191] [ 27.608191] other info that might help us debug this: [ 27.608191] [ 27.616313] Possible unsafe locking scenario: [ 27.616313] [ 27.622341] CPU0 CPU1 [ 27.626977] ---- ---- [ 27.631612] lock(ashmem_mutex); [ 27.635268] lock(&mm->mmap_sem); [ 27.641525] lock(ashmem_mutex); [ 27.647702] lock(&mm->mmap_sem); [ 27.651446] [ 27.651446] *** DEADLOCK *** [ 27.651446] [ 27.657473] 1 lock held by syz-executor0/3801: [ 27.662021] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x371/0xfe0 [ 27.670966] [ 27.670966] stack backtrace: [ 27.675436] CPU: 1 PID: 3801 Comm: syz-executor0 Not tainted 4.9.86-gd3a2afb #59 [ 27.682938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.692269] ffff8801bc56fa38 ffffffff81d956f9 ffffffff853a5db0 ffffffff853a5db0 [ 27.700255] ffffffff853c5640 ffff8801d7b0e8d8 ffff8801d7b0e000 ffff8801bc56fa80 [ 27.708235] ffffffff812387f1 ffff8801d7b0e8d8 00000000d7b0e8b0 ffff8801d7b0e8d8 [ 27.716235] Call Trace: [ 27.718797] [] dump_stack+0xc1/0x128 [ 27.724143] [] print_circular_bug+0x271/0x310 [ 27.730258] [] __lock_acquire+0x2bf9/0x3640 [ 27.736202] [] ? avc_has_extended_perms+0x3fc/0xf10 [ 27.742838] [] ? avc_has_extended_perms+0xe2/0xf10 [ 27.749406] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.756389] [] ? mark_held_locks+0xaf/0x100 [ 27.762333] [] ? mutex_lock_nested+0x5e3/0x870 [ 27.768536] [] ? __lock_is_held+0xa1/0xf0 [ 27.774313] [] lock_acquire+0x12e/0x410 [ 27.779919] [] ? __might_fault+0xe4/0x1d0 [ 27.785685] [] __might_fault+0x14a/0x1d0 [ 27.791367] [] ? __might_fault+0xe4/0x1d0 [ 27.797146] [] ashmem_ioctl+0x3c0/0xfe0 [ 27.802739] [] ? selinux_file_ioctl+0x355/0x530 [ 27.809032] [] ? selinux_capable+0x40/0x40 [ 27.814886] [] ? get_name+0x250/0x250 [ 27.820307] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 27.826423] [] compat_ashmem_ioctl+0x3e/0x50 [ 27.832473] [] compat_SyS_ioctl+0x15f/0x2050 [ 27.83