[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.206128] audit: type=1800 audit(1569684337.848:33): pid=7338 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 37.229569] audit: type=1800 audit(1569684337.848:34): pid=7338 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 39.738904] audit: type=1400 audit(1569684340.378:35): avc: denied { map } for pid=7511 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts. [ 46.193087] audit: type=1400 audit(1569684346.828:36): avc: denied { map } for pid=7524 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/09/28 15:25:46 parsed 1 programs [ 46.261922] audit: type=1400 audit(1569684346.898:37): avc: denied { map } for pid=7524 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14947 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/09/28 15:25:48 executed programs: 0 [ 48.078481] IPVS: ftp: loaded support on port[0] = 21 [ 48.138211] chnl_net:caif_netlink_parms(): no params data found [ 48.167633] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.174221] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.181844] device bridge_slave_0 entered promiscuous mode [ 48.189181] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.195565] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.202626] device bridge_slave_1 entered promiscuous mode [ 48.217529] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.226380] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.242808] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.250569] team0: Port device team_slave_0 added [ 48.256269] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.263453] team0: Port device team_slave_1 added [ 48.268779] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.276103] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.338321] device hsr_slave_0 entered promiscuous mode [ 48.406267] device hsr_slave_1 entered promiscuous mode [ 48.466459] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 48.473401] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 48.487228] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.493654] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.500610] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.506978] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.538937] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 48.545030] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.553152] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 48.562064] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.581517] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.588900] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.597164] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 48.608564] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 48.614647] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.625469] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.633349] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.639716] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.649414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.657606] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.663942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.682963] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 48.692845] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 48.703653] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 48.711228] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.719734] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.727699] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.735344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.743310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 48.750233] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.761753] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 48.772203] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.782280] audit: type=1400 audit(1569684349.418:38): avc: denied { associate } for pid=7541 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 52.298733] ------------[ cut here ]------------ [ 52.304431] ODEBUG: free active (active state 1) object type: rcu_head hint: (null) [ 52.313317] WARNING: CPU: 1 PID: 0 at lib/debugobjects.c:325 debug_print_object+0x168/0x250 [ 52.321793] Kernel panic - not syncing: panic_on_warn set ... [ 52.321793] [ 52.329243] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.75 #0 [ 52.335391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.344759] Call Trace: [ 52.347348] dump_stack+0x172/0x1f0 [ 52.350966] panic+0x263/0x507 [ 52.354149] ? __warn_printk+0xf3/0xf3 [ 52.358041] ? debug_print_object+0x168/0x250 [ 52.362958] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.368504] ? __warn.cold+0x5/0x4a [ 52.372128] ? __warn+0xe8/0x1d0 [ 52.375503] ? debug_print_object+0x168/0x250 [ 52.379990] __warn.cold+0x20/0x4a [ 52.383550] ? debug_print_object+0x168/0x250 [ 52.388076] report_bug+0x263/0x2b0 [ 52.391730] do_error_trap+0x204/0x360 [ 52.395608] ? math_error+0x340/0x340 [ 52.399399] ? vprintk_emit+0x1ab/0x690 [ 52.403364] ? error_entry+0x7c/0xe0 [ 52.407068] ? trace_hardirqs_off_caller+0x65/0x220 [ 52.412072] ? vprintk_default+0x28/0x30 [ 52.416125] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.420962] do_invalid_op+0x1b/0x20 [ 52.424675] invalid_op+0x14/0x20 [ 52.428138] RIP: 0010:debug_print_object+0x168/0x250 [ 52.433244] Code: dd 20 56 82 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 b5 00 00 00 48 8b 14 dd 20 56 82 87 48 c7 c7 60 4b 82 87 e8 d6 04 19 fe <0f> 0b 83 05 cb 83 17 06 01 48 83 c4 20 5b 41 5c 41 5d 41 5e 5d c3 [ 52.452144] RSP: 0018:ffff8880aa27fab0 EFLAGS: 00010086 [ 52.457590] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 52.464866] RDX: 0000000000000000 RSI: ffffffff8155dbd6 RDI: ffffed101544ff48 [ 52.472134] RBP: ffff8880aa27faf0 R08: ffff8880aa2703c0 R09: ffffed1015d23ee3 [ 52.479761] R10: ffffed1015d23ee2 R11: ffff8880ae91f717 R12: 0000000000000001 [ 52.487025] R13: ffffffff8879f200 R14: 0000000000000000 R15: ffff88808ffc5720 [ 52.494305] ? vprintk_func+0x86/0x189 [ 52.498191] debug_check_no_obj_freed+0x29f/0x464 [ 52.503025] kmem_cache_free+0x18f/0x260 [ 52.507073] free_task+0xdd/0x120 [ 52.510532] __put_task_struct+0x20f/0x4c0 [ 52.514757] finish_task_switch+0x52b/0x780 [ 52.519069] ? switch_mm_irqs_off+0x2de/0x1360 [ 52.523660] __schedule+0x86e/0x1dc0 [ 52.527367] ? pci_mmcfg_check_reserved+0x170/0x170 [ 52.532371] ? sched_set_stop_task+0x250/0x250 [ 52.536955] schedule_idle+0x58/0x80 [ 52.540655] do_idle+0x192/0x560 [ 52.544008] ? arch_cpu_idle_exit+0x80/0x80 [ 52.548320] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 52.553421] ? complete+0x61/0x80 [ 52.556876] cpu_startup_entry+0xc8/0xe0 [ 52.560935] ? cpu_in_idle+0x20/0x20 [ 52.564640] ? setup_APIC_timer+0x1aa/0x200 [ 52.568952] start_secondary+0x3e8/0x5b0 [ 52.573014] ? set_cpu_sibling_map+0x1860/0x1860 [ 52.577774] secondary_startup_64+0xa4/0xb0 [ 52.582117] [ 52.582121] ====================================================== [ 52.582125] WARNING: possible circular locking dependency detected [ 52.582128] 4.19.75 #0 Not tainted [ 52.582132] ------------------------------------------------------ [ 52.582136] swapper/1/0 is trying to acquire lock: [ 52.582138] 00000000f63d45a6 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 52.582149] [ 52.582151] but task is already holding lock: [ 52.582154] 00000000009fb53d (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xbe/0x464 [ 52.582164] [ 52.582167] which lock already depends on the new lock. [ 52.582169] [ 52.582171] [ 52.582174] the existing dependency chain (in reverse order) is: [ 52.582176] [ 52.582177] -> #3 (&obj_hash[i].lock){-.-.}: [ 52.582188] _raw_spin_lock_irqsave+0x95/0xcd [ 52.582191] __debug_object_init+0xc6/0xc30 [ 52.582194] debug_object_init+0x16/0x20 [ 52.582196] hrtimer_init+0x2a/0x300 [ 52.582199] init_dl_task_timer+0x1b/0x50 [ 52.582202] __sched_fork+0x22a/0x4b0 [ 52.582204] init_idle+0x75/0x800 [ 52.582208] sched_init+0x952/0x9f0 [ 52.582210] start_kernel+0x402/0x8c5 [ 52.582213] x86_64_start_reservations+0x29/0x2b [ 52.582216] x86_64_start_kernel+0x77/0x7b [ 52.582219] secondary_startup_64+0xa4/0xb0 [ 52.582221] [ 52.582222] -> #2 (&rq->lock){-.-.}: [ 52.582232] _raw_spin_lock+0x2f/0x40 [ 52.582235] task_fork_fair+0x6a/0x520 [ 52.582238] sched_fork+0x3af/0x900 [ 52.582241] copy_process.part.0+0x1859/0x7a30 [ 52.582244] _do_fork+0x257/0xfd0 [ 52.582246] kernel_thread+0x34/0x40 [ 52.582249] rest_init+0x24/0x222 [ 52.582251] start_kernel+0x88c/0x8c5 [ 52.582255] x86_64_start_reservations+0x29/0x2b [ 52.582257] x86_64_start_kernel+0x77/0x7b [ 52.582260] secondary_startup_64+0xa4/0xb0 [ 52.582262] [ 52.582263] -> #1 (&p->pi_lock){-.-.}: [ 52.582274] _raw_spin_lock_irqsave+0x95/0xcd [ 52.582277] try_to_wake_up+0x94/0xf50 [ 52.582279] wake_up_process+0x10/0x20 [ 52.582282] __up.isra.0+0x136/0x1a0 [ 52.582284] up+0x9c/0xe0 [ 52.582287] __up_console_sem+0xb7/0x1c0 [ 52.582290] console_unlock+0x6c7/0x10b0 [ 52.582293] vprintk_emit+0x238/0x690 [ 52.582295] vprintk_default+0x28/0x30 [ 52.582298] vprintk_func+0x7e/0x189 [ 52.582301] printk+0xba/0xed [ 52.582303] kobject_get_path.cold+0x38/0x47 [ 52.582306] kobject_uevent_env+0x3ab/0x101d [ 52.582309] reg_query_database+0x232/0x340 [ 52.582312] reg_todo+0xda3/0x16d0 [ 52.582315] process_one_work+0x989/0x1750 [ 52.582317] worker_thread+0x98/0xe40 [ 52.582320] kthread+0x354/0x420 [ 52.582323] ret_from_fork+0x24/0x30 [ 52.582324] [ 52.582326] -> #0 ((console_sem).lock){-...}: [ 52.582336] lock_acquire+0x16f/0x3f0 [ 52.582339] _raw_spin_lock_irqsave+0x95/0xcd [ 52.582342] down_trylock+0x13/0x70 [ 52.582345] __down_trylock_console_sem+0xa8/0x210 [ 52.582348] console_trylock+0x15/0xa0 [ 52.582351] vprintk_emit+0x21d/0x690 [ 52.582353] vprintk_default+0x28/0x30 [ 52.582356] vprintk_func+0x7e/0x189 [ 52.582358] printk+0xba/0xed [ 52.582361] __warn_printk+0x9b/0xf3 [ 52.582364] debug_print_object+0x168/0x250 [ 52.582368] debug_check_no_obj_freed+0x29f/0x464 [ 52.582371] kmem_cache_free+0x18f/0x260 [ 52.582373] free_task+0xdd/0x120 [ 52.582376] __put_task_struct+0x20f/0x4c0 [ 52.582379] finish_task_switch+0x52b/0x780 [ 52.582382] __schedule+0x86e/0x1dc0 [ 52.582385] schedule_idle+0x58/0x80 [ 52.582387] do_idle+0x192/0x560 [ 52.582390] cpu_startup_entry+0xc8/0xe0 [ 52.582393] start_secondary+0x3e8/0x5b0 [ 52.582396] secondary_startup_64+0xa4/0xb0 [ 52.582398] [ 52.582401] other info that might help us debug this: [ 52.582402] [ 52.582405] Chain exists of: [ 52.582406] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 52.582419] [ 52.582422] Possible unsafe locking scenario: [ 52.582424] [ 52.582427] CPU0 CPU1 [ 52.582430] ---- ---- [ 52.582432] lock(&obj_hash[i].lock); [ 52.582438] lock(&rq->lock); [ 52.582445] lock(&obj_hash[i].lock); [ 52.582451] lock((console_sem).lock); [ 52.582456] [ 52.582458] *** DEADLOCK *** [ 52.582460] [ 52.582462] 1 lock held by swapper/1/0: [ 52.582464] #0: 00000000009fb53d (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xbe/0x464 [ 52.582476] [ 52.582478] stack backtrace: [ 52.582482] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.75 #0 [ 52.582487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.582489] Call Trace: [ 52.582492] dump_stack+0x172/0x1f0 [ 52.582495] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 52.582498] __lock_acquire+0x2e19/0x49c0 [ 52.582501] ? mark_held_locks+0x100/0x100 [ 52.582504] ? format_decode+0x25f/0xbc0 [ 52.582507] ? enable_ptr_key_workfn+0x30/0x30 [ 52.582509] ? kvm_clock_read+0x18/0x30 [ 52.582512] lock_acquire+0x16f/0x3f0 [ 52.582515] ? down_trylock+0x13/0x70 [ 52.582518] _raw_spin_lock_irqsave+0x95/0xcd [ 52.582520] ? down_trylock+0x13/0x70 [ 52.582523] ? vprintk_emit+0x21d/0x690 [ 52.582526] down_trylock+0x13/0x70 [ 52.582528] ? vprintk_emit+0x21d/0x690 [ 52.582531] __down_trylock_console_sem+0xa8/0x210 [ 52.582534] console_trylock+0x15/0xa0 [ 52.582537] vprintk_emit+0x21d/0x690 [ 52.582539] vprintk_default+0x28/0x30 [ 52.582542] vprintk_func+0x7e/0x189 [ 52.582544] printk+0xba/0xed [ 52.582547] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 52.582550] ? __warn_printk+0x8f/0xf3 [ 52.582553] __warn_printk+0x9b/0xf3 [ 52.582555] ? add_taint.cold+0x16/0x16 [ 52.582558] debug_print_object+0x168/0x250 [ 52.582561] debug_check_no_obj_freed+0x29f/0x464 [ 52.582564] kmem_cache_free+0x18f/0x260 [ 52.582566] free_task+0xdd/0x120 [ 52.582569] __put_task_struct+0x20f/0x4c0 [ 52.582572] finish_task_switch+0x52b/0x780 [ 52.582575] ? switch_mm_irqs_off+0x2de/0x1360 [ 52.582578] __schedule+0x86e/0x1dc0 [ 52.582581] ? pci_mmcfg_check_reserved+0x170/0x170 [ 52.582584] ? sched_set_stop_task+0x250/0x250 [ 52.582587] schedule_idle+0x58/0x80 [ 52.582590] do_idle+0x192/0x560 [ 52.582593] ? arch_cpu_idle_exit+0x80/0x80 [ 52.582597] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 52.582599] ? complete+0x61/0x80 [ 52.582602] cpu_startup_entry+0xc8/0xe0 [ 52.582605] ? cpu_in_idle+0x20/0x20 [ 52.582608] ? setup_APIC_timer+0x1aa/0x200 [ 52.582612] start_secondary+0x3e8/0x5b0 [ 52.582615] ? set_cpu_sibling_map+0x1860/0x1860 [ 52.582618] secondary_startup_64+0xa4/0xb0 [ 52.583873] Kernel Offset: disabled [ 53.246703] Rebooting in 86400 seconds..