[....] Starting enhanced syslogd: rsyslogd[   12.852648] audit: type=1400 audit(1519637511.041:4): avc:  denied  { syslog } for  pid=3652 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   26.829044] 
[   26.830705] ======================================================
[   26.836992] [ INFO: possible circular locking dependency detected ]
[   26.843370] 4.9.84-ga9d0273 #44 Not tainted
[   26.847663] -------------------------------------------------------
[   26.854049] syzkaller022277/3808 is trying to acquire lock:
[   26.859729]  (&mm->mmap_sem){++++++}, at: [<ffffffff814c2714>] __might_fault+0xe4/0x1d0

[   26.868221] but task is already holding lock:
[   26.872861]  (ashmem_mutex){+.+.+.}, at: [<ffffffff82d4aef1>] ashmem_ioctl+0x371/0xfe0

[   26.881258] which lock already depends on the new lock.
[   26.881258] 
[   26.888250] 
[   26.888250] the existing dependency chain (in reverse order) is:
[   26.895839] 
-> #1 (ashmem_mutex){+.+.+.}:
[   26.900606]        lock_acquire+0x12e/0x410
[   26.904899]        mutex_lock_nested+0xbb/0x870
[   26.909538]        ashmem_mmap+0x53/0x400
[   26.913657]        mmap_region+0x7dd/0xfd0
[   26.917860]        do_mmap+0x57b/0xbe0
[   26.921722]        vm_mmap_pgoff+0x16b/0x1b0
[   26.926099]        SyS_mmap_pgoff+0x33f/0x560
[   26.930566]        SyS_mmap+0x16/0x20
[   26.934333]        do_syscall_64+0x1a4/0x490
[   26.938710]        entry_SYSCALL_64_after_swapgs+0x47/0xc5
[   26.944298] 
-> #0 (&mm->mmap_sem){++++++}:
[   26.949147]        __lock_acquire+0x2bf9/0x3640
[   26.953785]        lock_acquire+0x12e/0x410
[   26.958077]        __might_fault+0x14a/0x1d0
[   26.962453]        ashmem_ioctl+0x3c0/0xfe0
[   26.966764]        do_vfs_ioctl+0x1aa/0x1140
[   26.971141]        SyS_ioctl+0x8f/0xc0
[   26.974995]        do_syscall_64+0x1a4/0x490
[   26.979374]        entry_SYSCALL_64_after_swapgs+0x47/0xc5
[   26.984965] 
[   26.984965] other info that might help us debug this:
[   26.984965] 
[   26.993074]  Possible unsafe locking scenario:
[   26.993074] 
[   26.999101]        CPU0                    CPU1
[   27.003736]        ----                    ----
[   27.008372]   lock(ashmem_mutex);
[   27.012034]                                lock(&mm->mmap_sem);
[   27.018299]                                lock(ashmem_mutex);
[   27.024476]   lock(&mm->mmap_sem);
[   27.028222] 
[   27.028222]  *** DEADLOCK ***
[   27.028222] 
[   27.034254] 1 lock held by syzkaller022277/3808:
[   27.038979]  #0:  (ashmem_mutex){+.+.+.}, at: [<ffffffff82d4aef1>] ashmem_ioctl+0x371/0xfe0
[   27.047922] 
[   27.047922] stack backtrace:
[   27.052393] CPU: 0 PID: 3808 Comm: syzkaller022277 Not tainted 4.9.84-ga9d0273 #44
[   27.060069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.069397]  ffff8801d8d2f908 ffffffff81d956b9 ffffffff853a2cd0 ffffffff853a2cd0
[   27.077387]  ffffffff853c2f80 ffff8801d97908d8 ffff8801d9790000 ffff8801d8d2f950
[   27.085372]  ffffffff812387f1 ffff8801d97908d8 00000000d97908b0 ffff8801d97908d8
[   27.093356] Call Trace:
[   27.095919]  [<ffffffff81d956b9>] dump_stack+0xc1/0x128
[   27.101258]  [<ffffffff812387f1>] print_circular_bug+0x271/0x310
[   27.107376]  [<ffffffff8123ec29>] __lock_acquire+0x2bf9/0x3640
[   27.113319]  [<ffffffff8123c030>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   27.120304]  [<ffffffff8123c030>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   27.127297]  [<ffffffff8123b41f>] ? mark_held_locks+0xaf/0x100
[   27.133239]  [<ffffffff838abb93>] ? mutex_lock_nested+0x5e3/0x870
[   27.139443]  [<ffffffff81234d01>] ? __lock_is_held+0xa1/0xf0
[   27.145212]  [<ffffffff812400ae>] lock_acquire+0x12e/0x410
[   27.150807]  [<ffffffff814c2714>] ? __might_fault+0xe4/0x1d0
[   27.156577]  [<ffffffff814c277a>] __might_fault+0x14a/0x1d0
[   27.162259]  [<ffffffff814c2714>] ? __might_fault+0xe4/0x1d0
[   27.168032]  [<ffffffff82d4af40>] ashmem_ioctl+0x3c0/0xfe0
[   27.173627]  [<ffffffff814e27a1>] ? vma_wants_writenotify+0x51/0x380
[   27.180092]  [<ffffffff814e2bdf>] ? vma_set_page_prot+0x10f/0x180
[   27.186296]  [<ffffffff82d4ab80>] ? get_name+0x250/0x250
[   27.191718]  [<ffffffff814e6e41>] ? mmap_region+0x161/0xfd0
[   27.197401]  [<ffffffff82d4ab80>] ? get_name+0x250/0x250
[   27.202823]  [<ffffffff815ae88a>] do_vfs_ioctl+0x1aa/0x1140
[   27.208506]  [<ffffffff815ae6e0>] ? ioctl_preallocate+0x220/0x220
[   27.214708]  [<ffffffff81beb235>] ? selinux_file_ioctl+0x355/0x530
[   27.220997]  [<ffffffff81beaee0>] ? selinux_capable+0x40/0x40
[   27.226858]  [<ffffffff815754a2>] ? fput+0xd