[....] Starting enhanced syslogd: rsyslogd[   11.647348] audit: type=1400 audit(1521303619.894:4): avc:  denied  { syslog } for  pid=3631 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   29.250282] 
[   29.251916] ======================================================
[   29.258198] [ INFO: possible circular locking dependency detected ]
[   29.264568] 4.9.87-gfc8bd0f #58 Not tainted
[   29.268851] -------------------------------------------------------
[   29.275217] syzkaller028250/3790 is trying to acquire lock:
[   29.280888]  (&mm->mmap_sem){++++++}, at: [<ffffffff814c2984>] __might_fault+0xe4/0x1d0

[   29.289344] but task is already holding lock:
[   29.293974]  (ashmem_mutex){+.+.+.}, at: [<ffffffff82d4b891>] ashmem_ioctl+0x371/0xfe0

[   29.302342] which lock already depends on the new lock.
[   29.302342] 
[   29.309318] 
[   29.309318] the existing dependency chain (in reverse order) is:
[   29.316901] 
-> #1 (ashmem_mutex){+.+.+.}:
[   29.321649]        lock_acquire+0x12e/0x410
[   29.325935]        mutex_lock_nested+0xbb/0x870
[   29.330568]        ashmem_mmap+0x53/0x400
[   29.334681]        mmap_region+0x7dd/0xfd0
[   29.338880]        do_mmap+0x57b/0xbe0
[   29.342736]        vm_mmap_pgoff+0x16b/0x1b0
[   29.347111]        SyS_mmap_pgoff+0x33f/0x560
[   29.351570]        SyS_mmap+0x16/0x20
[   29.355338]        do_syscall_64+0x1a4/0x490
[   29.359710]        entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   29.365298] 
-> #0 (&mm->mmap_sem){++++++}:
[   29.370128]        __lock_acquire+0x2bf9/0x3640
[   29.374762]        lock_acquire+0x12e/0x410
[   29.379047]        __might_fault+0x14a/0x1d0
[   29.383419]        ashmem_ioctl+0x3c0/0xfe0
[   29.387707]        do_vfs_ioctl+0x1aa/0x1140
[   29.392081]        SyS_ioctl+0x8f/0xc0
[   29.395933]        do_syscall_64+0x1a4/0x490
[   29.400304]        entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   29.405892] 
[   29.405892] other info that might help us debug this:
[   29.405892] 
[   29.413996]  Possible unsafe locking scenario:
[   29.413996] 
[   29.420020]        CPU0                    CPU1
[   29.424653]        ----                    ----
[   29.429282]   lock(ashmem_mutex);
[   29.432934]                                lock(&mm->mmap_sem);
[   29.439187]                                lock(ashmem_mutex);
[   29.445352]   lock(&mm->mmap_sem);
[   29.449083] 
[   29.449083]  *** DEADLOCK ***
[   29.449083] 
[   29.455105] 1 lock held by syzkaller028250/3790:
[   29.459822]  #0:  (ashmem_mutex){+.+.+.}, at: [<ffffffff82d4b891>] ashmem_ioctl+0x371/0xfe0
[   29.468736] 
[   29.468736] stack backtrace:
[   29.473201] CPU: 1 PID: 3790 Comm: syzkaller028250 Not tainted 4.9.87-gfc8bd0f #58
[   29.480873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.490192]  ffff8801d875f908 ffffffff81d95bd9 ffffffff853a4b20 ffffffff853a4b20
[   29.498146]  ffffffff853c4710 ffff8801b98fe8d8 ffff8801b98fe000 ffff8801d875f950
[   29.506103]  ffffffff81238961 ffff8801b98fe8d8 00000000b98fe8b0 ffff8801b98fe8d8
[   29.514061] Call Trace:
[   29.516617]  [<ffffffff81d95bd9>] dump_stack+0xc1/0x128
[   29.521950]  [<ffffffff81238961>] print_circular_bug+0x271/0x310
[   29.528060]  [<ffffffff8123ed99>] __lock_acquire+0x2bf9/0x3640
[   29.533995]  [<ffffffff8123c1a0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   29.540972]  [<ffffffff8123c1a0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   29.547952]  [<ffffffff8123b58f>] ? mark_held_locks+0xaf/0x100
[   29.553889]  [<ffffffff838ad2e3>] ? mutex_lock_nested+0x5e3/0x870
[   29.560085]  [<ffffffff81234e71>] ? __lock_is_held+0xa1/0xf0
[   29.565846]  [<ffffffff8124021e>] lock_acquire+0x12e/0x410
[   29.571435]  [<ffffffff814c2984>] ? __might_fault+0xe4/0x1d0
[   29.577198]  [<ffffffff814c29ea>] __might_fault+0x14a/0x1d0
[   29.582872]  [<ffffffff814c2984>] ? __might_fault+0xe4/0x1d0
[   29.588636]  [<ffffffff82d4b8e0>] ashmem_ioctl+0x3c0/0xfe0
[   29.594225]  [<ffffffff814e2931>] ? vma_wants_writenotify+0x51/0x380
[   29.600680]  [<ffffffff814e2d6f>] ? vma_set_page_prot+0x10f/0x180
[   29.606876]  [<ffffffff82d4b520>] ? get_name+0x250/0x250
[   29.612293]  [<ffffffff814e6fd1>] ? mmap_region+0x161/0xfd0
[   29.617971]  [<ffffffff82d4b520>] ? get_name+0x250/0x250
[   29.623390]  [<ffffffff815aed4a>] do_vfs_ioctl+0x1aa/0x1140
[   29.629068]  [<ffffffff815aeba0>] ? ioctl_preallocate+0x220/0x220
[   29.635278]  [<ffffffff81beb765>] ? selinux_file_ioctl+0x355/0x530
[   29.641563]  [<ffffffff81beb410>] ? selinux_capable+0x40/0x40
[   29.647413]  [<ffffffff81575952>] ? fput+0xd2/0x140