[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   18.831229] audit: type=1400 audit(1520632069.740:6): avc:  denied  { map } for  pid=4222 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.27' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   25.131447] audit: type=1400 audit(1520632076.040:7): avc:  denied  { map } for  pid=4236 comm="syzkaller664298" path="/root/syzkaller664298859" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   25.165246] ------------[ cut here ]------------
[   25.170889] ODEBUG: free active (active state 0) object type: work_struct hint: process_one_req+0x0/0x6c0
[   25.180655] WARNING: CPU: 0 PID: 765 at lib/debugobjects.c:291 debug_print_object+0x166/0x220
[   25.189292] Kernel panic - not syncing: panic_on_warn set ...
[   25.189292] 
[   25.196629] CPU: 0 PID: 765 Comm: kworker/u4:4 Not tainted 4.16.0-rc4+ #347
[   25.203704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.213041] Workqueue: ib_addr process_one_req
[   25.217599] Call Trace:
[   25.220162]  dump_stack+0x194/0x24d
[   25.223769]  ? arch_local_irq_restore+0x53/0x53
[   25.228417]  ? vsnprintf+0x1ed/0x1900
[   25.232203]  panic+0x1e4/0x41c
[   25.235373]  ? refcount_error_report+0x214/0x214
[   25.240109]  ? show_regs_print_info+0x18/0x18
[   25.244596]  ? __warn+0x1c1/0x200
[   25.248039]  ? debug_print_object+0x166/0x220
[   25.252511]  __warn+0x1dc/0x200
[   25.255768]  ? debug_print_object+0x166/0x220
[   25.260244]  report_bug+0x211/0x2d0
[   25.263853]  fixup_bug.part.11+0x37/0x80
[   25.267894]  do_error_trap+0x2d7/0x3e0
[   25.271760]  ? vprintk_default+0x28/0x30
[   25.275801]  ? math_error+0x400/0x400
[   25.279580]  ? printk+0xaa/0xca
[   25.282838]  ? show_regs_print_info+0x18/0x18
[   25.287317]  ? __usermodehelper_disable+0x2f0/0x2f0
[   25.292326]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   25.297152]  do_invalid_op+0x1b/0x20
[   25.300842]  invalid_op+0x1b/0x40
[   25.304271] RIP: 0010:debug_print_object+0x166/0x220
[   25.309353] RSP: 0018:ffff8801d825f210 EFLAGS: 00010086
[   25.314693] RAX: dffffc0000000008 RBX: 0000000000000003 RCX: ffffffff815abbee
[   25.321942] RDX: 0000000000000000 RSI: 1ffff1003b04bdf2 RDI: 1ffff1003b04bdc7
[   25.329190] RBP: ffff8801d825f250 R08: 0000000000000000 R09: 1ffff1003b04bd99
[   25.336441] R10: ffffed003b04be71 R11: ffffffff86f398b8 R12: 0000000000000001
[   25.343687] R13: ffffffff86f15180 R14: ffffffff86408500 R15: ffffffff8147aed0
[   25.350939]  ? __usermodehelper_disable+0x2f0/0x2f0
[   25.355942]  ? vprintk_func+0x5e/0xc0
[   25.359733]  debug_check_no_obj_freed+0x662/0xf1f
[   25.364555]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.369739]  ? free_obj_work+0x690/0x690
[   25.373781]  ? trace_hardirqs_on+0xd/0x10
[   25.377916]  ? cma_deref_id+0x2c/0x30
[   25.381702]  ? __lock_is_held+0xb6/0x140
[   25.385751]  ? debug_check_no_locks_freed+0x264/0x3c0
[   25.390922]  ? cma_work_handler+0x1d0/0x1d0
[   25.395237]  kfree+0xc7/0x260
[   25.398323]  process_one_req+0x2e7/0x6c0
[   25.402363]  ? addr_resolve+0xc90/0xc90
[   25.406316]  ? __lock_is_held+0xb6/0x140
[   25.410371]  process_one_work+0xc47/0x1bb0
[   25.414584]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.419750]  ? trace_hardirqs_on+0xd/0x10
[   25.423884]  ? pwq_dec_nr_in_flight+0x450/0x450
[   25.428548]  ? perf_trace_lock_acquire+0xe3/0x980
[   25.433367]  ? __schedule+0x903/0x1ec0
[   25.437238]  ? perf_trace_lock+0x900/0x900
[   25.441452]  ? retint_kernel+0x10/0x10
[   25.445321]  ? trace_hardirqs_off+0x10/0x10
[   25.449619]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.454376]  ? lock_acquire+0x1d5/0x580
[   25.458328]  ? lock_acquire+0x1d5/0x580
[   25.462281]  ? worker_thread+0x4a3/0x1990
[   25.466415]  ? lock_release+0xa40/0xa40
[   25.470369]  ? pr_cont_work+0x130/0x130
[   25.474319]  ? trace_hardirqs_off+0x10/0x10
[   25.478620]  ? do_raw_spin_trylock+0x190/0x190
[   25.483195]  worker_thread+0x223/0x1990
[   25.487150]  ? finish_task_switch+0x1c1/0x7e0
[   25.491622]  ? lock_downgrade+0x980/0x980
[   25.495762]  ? process_one_work+0x1bb0/0x1bb0
[   25.500237]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   25.505230]  ? trace_hardirqs_on+0xd/0x10
[   25.509354]  ? _raw_spin_unlock_irq+0x27/0x70
[   25.513827]  ? finish_task_switch+0x1c1/0x7e0
[   25.518299]  ? finish_task_switch+0x182/0x7e0
[   25.522773]  ? copy_overflow+0x20/0x20
[   25.526654]  ? __schedule+0x903/0x1ec0
[   25.530534]  ? trace_hardirqs_off+0x10/0x10
[   25.534839]  ? find_held_lock+0x35/0x1d0
[   25.538885]  ? find_held_lock+0x35/0x1d0
[   25.542932]  ? complete+0x62/0x80
[   25.546375]  ? __schedule+0x1ec0/0x1ec0
[   25.550328]  ? do_wait_intr_irq+0x3e0/0x3e0
[   25.554627]  ? __lockdep_init_map+0xe4/0x650
[   25.559017]  ? do_raw_spin_trylock+0x190/0x190
[   25.563574]  ? lockdep_init_map+0x9/0x10
[   25.567613]  ? _raw_spin_unlock_irqrestore+0x31/0xc0
[   25.572699]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   25.577700]  ? trace_hardirqs_on+0xd/0x10
[   25.581826]  ? __kthread_parkme+0x176/0x240
[   25.586129]  kthread+0x33c/0x400
[   25.589474]  ? process_one_work+0x1bb0/0x1bb0
[   25.593943]  ? kthread_stop+0x7a0/0x7a0
[   25.597895]  ret_from_fork+0x3a/0x50
[   25.601601] 
[   25.601603] ======================================================
[   25.601606] WARNING: possible circular locking dependency detected
[   25.601607] 4.16.0-rc4+ #347 Not tainted
[   25.601610] ------------------------------------------------------
[   25.601612] kworker/u4:4/765 is trying to acquire lock:
[   25.601613]  ((console_sem).lock){..-.}, at: [<000000008b211578>] down_trylock+0x13/0x70
[   25.601620] 
[   25.601621] but task is already holding lock:
[   25.601622]  (&obj_hash[i].lock){-.-.}, at: [<0000000059c5ba11>] debug_check_no_obj_freed+0x1e9/0xf1f
[   25.601628] 
[   25.601630] which lock already depends on the new lock.
[   25.601631] 
[   25.601632] 
[   25.601635] the existing dependency chain (in reverse order) is:
[   25.601636] 
[   25.601637] -> #3 (&obj_hash[i].lock){-.-.}:
[   25.601643]        _raw_spin_lock_irqsave+0x96/0xc0
[   25.601645]        __debug_object_init+0x109/0x1040
[   25.601646]        debug_object_init+0x17/0x20
[   25.601648]        hrtimer_init+0x8c/0x410
[   25.601650]        init_dl_task_timer+0x1b/0x50
[   25.601651]        __sched_fork+0x2bb/0xb60
[   25.601653]        init_idle+0x75/0x820
[   25.601655]        sched_init+0xb19/0xc43
[   25.601656]        start_kernel+0x452/0x819
[   25.601658]        x86_64_start_reservations+0x2a/0x2c
[   25.601660]        x86_64_start_kernel+0x77/0x7a
[   25.601662]        secondary_startup_64+0xa5/0xb0
[   25.601663] 
[   25.601664] -> #2 (&rq->lock){-.-.}:
[   25.601670]        _raw_spin_lock+0x2a/0x40
[   25.601671]        task_fork_fair+0x7a/0x690
[   25.601673]        sched_fork+0x450/0xc10
[   25.601675]        copy_process.part.38+0x1758/0x4b60
[   25.601677]        _do_fork+0x1f7/0xf70
[   25.601678]        kernel_thread+0x34/0x40
[   25.601685]        rest_init+0x22/0xf0
[   25.601686]        start_kernel+0x7f1/0x819
[   25.601688]        x86_64_start_reservations+0x2a/0x2c
[   25.601690]        x86_64_start_kernel+0x77/0x7a
[   25.601692]        secondary_startup_64+0xa5/0xb0
[   25.601693] 
[   25.601694] -> #1 (&p->pi_lock){-.-.}:
[   25.601700]        _raw_spin_lock_irqsave+0x96/0xc0
[   25.601702]        try_to_wake_up+0xbc/0x15f0
[   25.601703]        wake_up_process+0x10/0x20
[   25.601705]        __up.isra.0+0x1cc/0x2c0
[   25.601706]        up+0x13b/0x1d0
[   25.601708]        __up_console_sem+0xb2/0x1a0
[   25.601710]        console_unlock+0x5af/0xfb0
[   25.601712]        vprintk_emit+0x5c3/0xb90
[   25.601713]        vprintk_default+0x28/0x30
[   25.601715]        vprintk_func+0x57/0xc0
[   25.601717]        printk+0xaa/0xca
[   25.601718]        kauditd_hold_skb+0x163/0x180
[   25.601720]        kauditd_send_queue+0xfa/0x140
[   25.601722]        kauditd_thread+0x660/0x940
[   25.601723]        kthread+0x33c/0x400
[   25.601725]        ret_from_fork+0x3a/0x50
[   25.601726] 
[   25.601727] -> #0 ((console_sem).lock){..-.}:
[   25.601733]        lock_acquire+0x1d5/0x580
[   25.601735]        _raw_spin_lock_irqsave+0x96/0xc0
[   25.601737]        down_trylock+0x13/0x70
[   25.601739]        __down_trylock_console_sem+0xa2/0x1e0
[   25.601740]        console_trylock+0x15/0x70
[   25.601742]        vprintk_emit+0x5b5/0xb90
[   25.601744]        vprintk_default+0x28/0x30
[   25.601745]        vprintk_func+0x57/0xc0
[   25.601747]        printk+0xaa/0xca
[   25.601748]        __warn_printk+0x90/0xf0
[   25.601750]        debug_print_object+0x166/0x220
[   25.601752]        debug_check_no_obj_freed+0x662/0xf1f
[   25.601754]        kfree+0xc7/0x260
[   25.601756]        process_one_req+0x2e7/0x6c0
[   25.601757]        process_one_work+0xc47/0x1bb0
[   25.601759]        worker_thread+0x223/0x1990
[   25.601761]        kthread+0x33c/0x400
[   25.601762]        ret_from_fork+0x3a/0x50
[   25.601763] 
[   25.601765] other info that might help us debug this:
[   25.601766] 
[   25.601767] Chain exists of:
[   25.601768]   (console_sem).lock --> &rq->lock --> &obj_hash[i].lock
[   25.601776] 
[   25.601778]  Possible unsafe locking scenario:
[   25.601779] 
[   25.601780]        CPU0                    CPU1
[   25.601782]        ----                    ----
[   25.601783]   lock(&obj_hash[i].lock);
[   25.601787]                                lock(&rq->lock);
[   25.601791]                                lock(&obj_hash[i].lock);
[   25.601794]   lock((console_sem).lock);
[   25.601798] 
[   25.601799]  *** DEADLOCK ***
[   25.601800] 
[   25.601802] 3 locks held by kworker/u4:4/765:
[   25.601803]  #0:  ((wq_completion)"ib_addr"){+.+.}, at: [<0000000039a39fab>] process_one_work+0xb12/0x1bb0
[   25.601809]  #1:  ((work_completion)(&(&req->work)->work)){+.+.}, at: [<0000000078cc8e82>] process_one_work+0xb89/0x1bb0
[   25.601816]  #2:  (&obj_hash[i].lock){-.-.}, at: [<0000000059c5ba11>] debug_check_no_obj_freed+0x1e9/0xf1f
[   25.601823] 
[   25.601824] stack backtrace:
[   25.601827] CPU: 0 PID: 765 Comm: kworker/u4:4 Not tainted 4.16.0-rc4+ #347
[   25.601830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.601832] Workqueue: ib_addr process_one_req
[   25.601834] Call Trace:
[   25.601836]  dump_stack+0x194/0x24d
[   25.601838]  ? arch_local_irq_restore+0x53/0x53
[   25.601840]  print_circular_bug.isra.38+0x2cd/0x2dc
[   25.601841]  ? save_trace+0xe0/0x2b0
[   25.601843]  __lock_acquire+0x30a8/0x3e00
[   25.601845]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.601847]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.601849]  ? perf_trace_lock_acquire+0xe3/0x980
[   25.601851]  ? check_usage+0x22f/0xb60
[   25.601852]  ? perf_trace_lock+0x900/0x900
[   25.601854]  ? perf_trace_lock_acquire+0xe3/0x980
[   25.601856]  ? perf_trace_lock+0x900/0x900
[   25.601858]  lock_acquire+0x1d5/0x580
[   25.601860]  ? lock_acquire+0x1d5/0x580
[   25.601861]  ? down_trylock+0x13/0x70
[   25.601863]  ? lock_release+0xa40/0xa40
[   25.601864]  ? vprintk_emit+0x43b/0xb90
[   25.601866]  ? lock_downgrade+0x980/0x980
[   25.601868]  ? kvm_sched_clock_read+0x25/0x40
[   25.601870]  ? sched_clock+0x31/0x40
[   25.601871]  ? sched_clock_cpu+0x1b/0x180
[   25.601873]  ? vprintk_emit+0x5b5/0xb90
[   25.601875]  _raw_spin_lock_irqsave+0x96/0xc0
[   25.601876]  ? down_trylock+0x13/0x70
[   25.601878]  down_trylock+0x13/0x70
[   25.601880]  ? vprintk_emit+0x5b5/0xb90
[   25.601882]  __down_trylock_console_sem+0xa2/0x1e0
[   25.601883]  console_trylock+0x15/0x70
[   25.601885]  vprintk_emit+0x5b5/0xb90
[   25.601886]  ? console_unlock+0xfb0/0xfb0
[   25.601888]  ? perf_trace_lock_acquire+0xe3/0x980
[   25.601890]  ? __might_sleep+0x95/0x190
[   25.601892]  ? addr_handler+0xa3/0x380
[   25.601893]  ? perf_trace_lock+0x900/0x900
[   25.601895]  ? trace_hardirqs_off+0x10/0x10
[   25.601897]  ? __usermodehelper_disable+0x2f0/0x2f0
[   25.601899]  vprintk_default+0x28/0x30
[   25.601900]  vprintk_func+0x57/0xc0
[   25.601902]  printk+0xaa/0xca
[   25.601904]  ? show_regs_print_info+0x18/0x18
[   25.601905]  ? __warn_printk+0x84/0xf0
[   25.601907]  ? addr_resolve+0xc90/0xc90
[   25.601909]  __warn_printk+0x90/0xf0
[   25.601910]  ? test_taint+0x20/0x20
[   25.601912]  ? lock_release+0xa40/0xa40
[   25.601914]  ? print_irqtrace_events+0x270/0x270
[   25.601915]  ? addr_resolve+0xc90/0xc90
[   25.601917]  debug_print_object+0x166/0x220
[   25.601919]  debug_check_no_obj_freed+0x662/0xf1f
[   25.601921]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.601923]  ? free_obj_work+0x690/0x690
[   25.601925]  ? trace_hardirqs_on+0xd/0x10
[   25.601926]  ? cma_deref_id+0x2c/0x30
[   25.601928]  ? __lock_is_held+0xb6/0x140
[   25.601930]  ? debug_check_no_locks_freed+0x264/0x3c0
[   25.601932]  ? cma_work_handler+0x1d0/0x1d0
[   25.601933]  kfree+0xc7/0x260
[   25.601935]  process_one_req+0x2e7/0x6c0
[   25.601936]  ? addr_resolve+0xc90/0xc90
[   25.601938]  ? __lock_is_held+0xb6/0x140
[   25.601940]  process_one_work+0xc47/0x1bb0
[   25.601942]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.601944]  ? trace_hardirqs_on+0xd/0x10
[   25.601946]  ? pwq_dec_nr_in_flight+0x450/0x450
[   25.601947]  ? perf_trace_lock_acquire+0xe3/0x980
[   25.601949]  ? __schedule+0x903/0x1ec0
[   25.601951]  ? perf_trace_lock+0x900/0x900
[   25.601952]  ? retint_kernel+0x10/0x10
[   25.601954]  ? trace_hardirqs_off+0x10/0x10
[   25.601956]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.601958]  ? lock_acquire+0x1d5/0x580
[   25.601959]  ? lock_acquire+0x1d5/0x580
[   25.601961]  ? worker_thread+0x4a3/0x1990
[   25.601963]  ? lock_release+0xa40/0xa40
[   25.601964]  ? pr_cont_work+0x130/0x130
[   25.601966]  ? trace_hardirqs_off+0x10/0x10
[   25.601968]  ? do_raw_spin_trylock+0x190/0x190
[   25.601970]  worker_thread+0x223/0x1990
[   25.601972]  ? finish_task_switch+0x1c1/0x7e0
[   25.601973]  ? lock_downgrade+0x980/0x980
[   25.601975]  ? process_one_work+0x1bb0/0x1bb0
[   25.601977]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   25.601979]  ? trace_hardirqs_on+0xd/0x10
[   25.601981]  ? _raw_spin_unlock_irq+0x27/0x70
[   25.601982]  ? finish_task_switch+0x1c1/0x7e0
[   25.601984]  ? finish_task_switch+0x182/0x7e0
[   25.601986]  ? copy_overflow+0x20/0x20
[   25.601987]  ? __schedule+0x903/0x1ec0
[   25.601989]  ? trace_hardirqs_off+0x10/0x10
[   25.601991]  ? find_held_lock+0x35/0x1d0
[   25.601993]  ? find_held_lock+0x35/0x1d0
[   25.601994]  ? complete+0x62/0x80
[   25.601996]  ? __schedule+0x1ec0/0x1ec0
[   25.601998]  ? do_wait_intr_irq+0x3e0/0x3e0
[   25.601999]  ? __lockdep_init_map+0xe4/0x650
[   25.602001]  ? do_raw_spin_trylock+0x190/0x190
[   25.602003]  ? lockdep_init_map+0x9/0x10
[   25.602005]  ? _raw_spin_unlock_irqrestore+0x31/0xc0
[   25.602007]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   25.602009]  ? trace_hardirqs_on+0xd/0x10
[   25.602011]  ? __kthread_parkme+0x176/0x240
[   25.602012]  kthread+0x33c/0x400
[   25.602014]  ? process_one_work+0x1bb0/0x1bb0
[   25.602015]  ? kthread_stop+0x7a0/0x7a0
[   25.602017]  ret_from_fork+0x3a/0x50
[   26.652738] Shutting down cpus with NMI
[   27.565206] Dumping ftrace buffer:
[   27.568726]    (ftrace buffer empty)
[   27.572412] Kernel Offset: disabled
[   27.576015] Rebooting in 86400 seconds..