[....] Starting enhanced syslogd: rsyslogd[ 12.723795] audit: type=1400 audit(1520340213.740:4): avc: denied { syslog } for pid=3495 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts. 2018/03/06 12:43:46 parsed 1 programs 2018/03/06 12:43:46 executed programs: 0 syzkaller login: [ 25.055840] IPVS: Creating netns size=2536 id=1 [ 25.073784] [ 25.075427] ====================================================== [ 25.081712] [ INFO: possible circular locking dependency detected ] [ 25.088086] 4.9.86-gb324a70 #58 Not tainted [ 25.092374] ------------------------------------------------------- [ 25.098746] syz-executor0/3664 is trying to acquire lock: [ 25.104247] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 25.112726] but task is already holding lock: [ 25.117360] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x371/0xfe0 [ 25.125744] which lock already depends on the new lock. [ 25.125744] [ 25.132724] [ 25.132724] the existing dependency chain (in reverse order) is: [ 25.140310] -> #1 (ashmem_mutex){+.+.+.}: [ 25.145070] lock_acquire+0x12e/0x410 [ 25.149363] mutex_lock_nested+0xbb/0x870 [ 25.153999] ashmem_mmap+0x53/0x400 [ 25.158116] mmap_region+0x7dd/0xfd0 [ 25.162320] do_mmap+0x57b/0xbe0 [ 25.166175] vm_mmap_pgoff+0x16b/0x1b0 [ 25.170550] SyS_mmap_pgoff+0x33f/0x560 [ 25.175013] do_fast_syscall_32+0x2f5/0x870 [ 25.179826] entry_SYSENTER_compat+0x90/0xa2 [ 25.184719] -> #0 (&mm->mmap_sem){++++++}: [ 25.189567] __lock_acquire+0x2bf9/0x3640 [ 25.194205] lock_acquire+0x12e/0x410 [ 25.198494] __might_fault+0x14a/0x1d0 [ 25.202878] ashmem_ioctl+0x3c0/0xfe0 [ 25.207181] compat_ashmem_ioctl+0x3e/0x50 [ 25.211913] compat_SyS_ioctl+0x15f/0x2050 [ 25.216644] do_fast_syscall_32+0x2f5/0x870 [ 25.221456] entry_SYSENTER_compat+0x90/0xa2 [ 25.226348] [ 25.226348] other info that might help us debug this: [ 25.226348] [ 25.234457] Possible unsafe locking scenario: [ 25.234457] [ 25.240481] CPU0 CPU1 [ 25.245120] ---- ---- [ 25.249756] lock(ashmem_mutex); [ 25.253409] lock(&mm->mmap_sem); [ 25.259672] lock(ashmem_mutex); [ 25.265839] lock(&mm->mmap_sem); [ 25.269587] [ 25.269587] *** DEADLOCK *** [ 25.269587] [ 25.275612] 1 lock held by syz-executor0/3664: [ 25.280158] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x371/0xfe0 [ 25.289098] [ 25.289098] stack backtrace: [ 25.293565] CPU: 1 PID: 3664 Comm: syz-executor0 Not tainted 4.9.86-gb324a70 #58 [ 25.301067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.310392] ffff8801bfe77a38 ffffffff81d956f9 ffffffff853a4cd0 ffffffff853a4cd0 [ 25.318359] ffffffff853c57f0 ffff8801c2a8e8d8 ffff8801c2a8e000 ffff8801bfe77a80 [ 25.326331] ffffffff812387f1 ffff8801c2a8e8d8 00000000c2a8e8b0 ffff8801c2a8e8d8 [ 25.334302] Call Trace: [ 25.336860] [] dump_stack+0xc1/0x128 [ 25.342193] [] print_circular_bug+0x271/0x310 [ 25.348308] [] __lock_acquire+0x2bf9/0x3640 [ 25.354250] [] ? avc_has_extended_perms+0x3fc/0xf10 [ 25.360883] [] ? avc_has_extended_perms+0xe2/0xf10 [ 25.367431] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 25.374413] [] ? mark_held_locks+0xaf/0x100 [ 25.380352] [] ? mutex_lock_nested+0x5e3/0x870 [ 25.386560] [] ? __lock_is_held+0xa1/0xf0 [ 25.392327] [] lock_acquire+0x12e/0x410 [ 25.397919] [] ? __might_fault+0xe4/0x1d0 [ 25.403686] [] __might_fault+0x14a/0x1d0 [ 25.409366] [] ? __might_fault+0xe4/0x1d0 [ 25.415137] [] ashmem_ioctl+0x3c0/0xfe0 [ 25.420730] [] ? selinux_file_ioctl+0x355/0x530 [ 25.427018] [] ? selinux_capable+0x40/0x40 [ 25.432870] [] ? get_name+0x250/0x250 [ 25.438291] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 25.444405] [] compat_ashmem_ioctl+0x3e/0x50 [ 25.450444] [] compat_SyS_ioctl+0x15f/0x2050 [ 25.456474