[....] Starting enhanced syslogd: rsyslogd[ 17.392911] audit: type=1400 audit(1520340156.658:5): avc: denied { syslog } for pid=4088 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 23.633207] audit: type=1400 audit(1520340162.899:6): avc: denied { map } for pid=4229 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts.
executing program
[ 29.933796] audit: type=1400 audit(1520340169.199:7): avc: denied { map } for pid=4243 comm="syzkaller026705" path="/root/syzkaller026705524" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 29.936421]
[ 29.959764] audit: type=1400 audit(1520340169.202:8): avc: denied { map } for pid=4243 comm="syzkaller026705" path="/dev/ashmem" dev="devtmpfs" ino=194 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
[ 29.961368] ======================================================
[ 29.961370] WARNING: possible circular locking dependency detected
[ 29.961374] 4.16.0-rc4+ #342 Not tainted
[ 29.961375] ------------------------------------------------------
[ 29.961378] syzkaller026705/4243 is trying to acquire lock:
[ 29.961379] (&mm->mmap_sem){++++}, at: [<00000000308e7744>] __might_fault+0xe0/0x1d0
[ 29.961397]
[ 29.961397] but task is already holding lock:
[ 30.028509] (ashmem_mutex){+.+.}, at: [<00000000398b74e3>] ashmem_ioctl+0x3db/0x11b0
[ 30.036466]
[ 30.036466] which lock already depends on the new lock.
[ 30.036466]
[ 30.044756]
[ 30.044756] the existing dependency chain (in reverse order) is:
[ 30.052348]
[ 30.052348] -> #1 (ashmem_mutex){+.+.}:
[ 30.057864] __mutex_lock+0x16f/0x1a80
[ 30.062249] mutex_lock_nested+0x16/0x20
[ 30.066806] ashmem_mmap+0x53/0x410
[ 30.070930] mmap_region+0xa99/0x15a0
[ 30.075228] do_mmap+0x6c0/0xe00
[ 30.079091] vm_mmap_pgoff+0x1de/0x280
[ 30.083475] SyS_mmap_pgoff+0x462/0x5f0
[ 30.087946] SyS_mmap+0x16/0x20
[ 30.091722] do_syscall_64+0x281/0x940
[ 30.096104] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 30.101790]
[ 30.101790] -> #0 (&mm->mmap_sem){++++}:
[ 30.107314] lock_acquire+0x1d5/0x580
[ 30.111611] __might_fault+0x13a/0x1d0
[ 30.115997] _copy_from_user+0x2c/0x110
[ 30.120465] ashmem_ioctl+0x438/0x11b0
[ 30.124851] do_vfs_ioctl+0x1b1/0x1520
[ 30.129235] SyS_ioctl+0x8f/0xc0
[ 30.133101] do_syscall_64+0x281/0x940
[ 30.137488] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 30.143168]
[ 30.143168] other info that might help us debug this:
[ 30.143168]
[ 30.151369] Possible unsafe locking scenario:
[ 30.151369]
[ 30.157398] CPU0 CPU1
[ 30.162038] ---- ----
[ 30.166681] lock(ashmem_mutex);
[ 30.170112] lock(&mm->mmap_sem);
[ 30.176147] lock(ashmem_mutex);
[ 30.182094] lock(&mm->mmap_sem);
[ 30.185608]
[ 30.185608] *** DEADLOCK ***
[ 30.185608]
[ 30.191646] 1 lock held by syzkaller026705/4243:
[ 30.196374] #0: (ashmem_mutex){+.+.}, at: [<00000000398b74e3>] ashmem_ioctl+0x3db/0x11b0
[ 30.204768]
[ 30.204768] stack backtrace:
[ 30.209242] CPU: 1 PID: 4243 Comm: syzkaller026705 Not tainted 4.16.0-rc4+ #342
[ 30.216661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 30.225993] Call Trace:
[ 30.228560] dump_stack+0x194/0x24d
[ 30.232161] ? arch_local_irq_restore+0x53/0x53
[ 30.236811] print_circular_bug.isra.38+0x2cd/0x2dc
[ 30.241805] ? save_trace+0xe0/0x2b0
[ 30.245497] __lock_acquire+0x30a8/0x3e00
[ 30.249620] ? ashmem_ioctl+0x3db/0x11b0
[ 30.253671] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 30.258839] ? __might_sleep+0x95/0x190
[ 30.262790] ? ashmem_ioctl+0x3db/0x11b0
[ 30.266839] ? __mutex_lock+0x16f/0x1a80
[ 30.270876] ? ashmem_ioctl+0x3db/0x11b0
[ 30.274913] ? proc_nr_files+0x60/0x60
[ 30.278774] ? ashmem_ioctl+0x3db/0x11b0
[ 30.282810] ? find_held_lock+0x35/0x1d0
[ 30.286849] ? mutex_lock_io_nested+0x1900/0x1900
[ 30.291672] ? uprobe_mmap+0x15a/0xc90
[ 30.295538] ? lock_downgrade+0x980/0x980
[ 30.299664] ? __mutex_unlock_slowpath+0xe9/0xac0
[ 30.304484] ? find_held_lock+0x35/0x1d0
[ 30.308534] ? lock_downgrade+0x980/0x980
[ 30.312669] ? vma_set_page_prot+0x16b/0x230
[ 30.317055] lock_acquire+0x1d5/0x580
[ 30.320831] ? lock_acquire+0x1d5/0x580
[ 30.324782] ? __might_fault+0xe0/0x1d0
[ 30.328736] ? lock_release+0xa40/0xa40
[ 30.332685] ? check_same_owner+0x320/0x320
[ 30.336983] ? __might_sleep+0x95/0x190
[ 30.340933] __might_fault+0x13a/0x1d0
[ 30.344797] ? __might_fault+0xe0/0x1d0
[ 30.348749] _copy_from_user+0x2c/0x110
[ 30.352704] ashmem_ioctl+0x438/0x11b0
[ 30.356570] ? ashmem_release+0x190/0x190
[ 30.360695] ? check_same_owner+0x320/0x320
[ 30.364995] ? down_read_killable+0x180/0x180
[ 30.369466] ? rcu_note_context_switch+0x710/0x710
[ 30.374371] ? ashmem_release+0x190/0x190
[ 30.378495] do_vfs_ioctl+0x1b1/0x1520
[ 30.382359] ? ioctl_preallocate+0x2b0/0x2b0
[ 30.386745] ? selinux_capable+0x40/0x40
[ 30.390784] ? putname+0xf3/0x130
[ 30.394214] ? fput+0xd2/0x140
[ 30.397382] ? SyS_mmap_pgoff+0x243/0x5f0
[ 30.401507] ? security_file_ioctl+0x7d/0xb0
[ 30.405892] ? security_file_ioctl+0x89/0xb0
[ 30.410277] SyS_ioctl+0x8f/0xc0
[ 30.413619] ? do_vfs_ioctl+0x1520/0x1520
[ 30.417747] do_syscall_64+0x281/0x940
[ 30.421611] ? __do_page_fault+0xc90/0xc90
[ 30.425826] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 30.430555] ? syscall_return_slowpath+0x550/0x550
[ 30.435460] ? syscall_return_slowpath+0x2ac/0x550
[ 30.440376] ? prepare_exit_to_usermode+0x350/0x350
[ 30.445379] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[ 30.450718] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 30.455536] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 30.460701] RIP: 0033:0x43fd19
[ 30.463865] RSP: 002b:00007ffdd081adc8 EFLAGS: 00000217 ORIG_RAX: 0000000000000010
[ 30.471545] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd19
[ 30.478879] RDX: 0000000000000000 RSI: 0000000000007709 RDI: 0000000000000003
[