[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 17.385098] audit: type=1400 audit(1520846236.537:6): avc: denied { map } for pid=4186 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 23.738777] audit: type=1400 audit(1520846242.891:7): avc: denied { map } for pid=4200 comm="syzkaller089769" path="/root/syzkaller089769165" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 23.766351] ------------[ cut here ]------------ [ 23.771817] ODEBUG: free active (active state 0) object type: work_struct hint: process_one_req+0x0/0x6c0 [ 23.781562] WARNING: CPU: 1 PID: 65 at lib/debugobjects.c:291 debug_print_object+0x166/0x220 [ 23.790109] Kernel panic - not syncing: panic_on_warn set ... [ 23.790109] [ 23.797440] CPU: 1 PID: 65 Comm: kworker/u4:3 Not tainted 4.16.0-rc4+ #350 [ 23.804421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.813757] Workqueue: ib_addr process_one_req [ 23.818308] Call Trace: [ 23.820869] dump_stack+0x194/0x24d [ 23.824470] ? arch_local_irq_restore+0x53/0x53 [ 23.829119] ? vsnprintf+0x1ed/0x1900 [ 23.832892] panic+0x1e4/0x41c [ 23.836057] ? refcount_error_report+0x214/0x214 [ 23.840784] ? show_regs_print_info+0x18/0x18 [ 23.845252] ? __warn+0x1c1/0x200 [ 23.848679] ? debug_print_object+0x166/0x220 [ 23.853141] __warn+0x1dc/0x200 [ 23.856392] ? debug_print_object+0x166/0x220 [ 23.860858] report_bug+0x1f4/0x2b0 [ 23.864459] fixup_bug.part.11+0x37/0x80 [ 23.868492] do_error_trap+0x2d7/0x3e0 [ 23.872360] ? vprintk_default+0x28/0x30 [ 23.876404] ? math_error+0x400/0x400 [ 23.880173] ? printk+0xaa/0xca [ 23.883424] ? show_regs_print_info+0x18/0x18 [ 23.887894] ? __usermodehelper_disable+0x2f0/0x2f0 [ 23.892888] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 23.897702] do_invalid_op+0x1b/0x20 [ 23.901388] invalid_op+0x1b/0x40 [ 23.904812] RIP: 0010:debug_print_object+0x166/0x220 [ 23.909887] RSP: 0018:ffff8801d96f7210 EFLAGS: 00010086 [ 23.915228] RAX: dffffc0000000008 RBX: 0000000000000003 RCX: ffffffff815abbee [ 23.922480] RDX: 0000000000000000 RSI: 1ffff1003b2dedf2 RDI: 1ffff1003b2dedc7 [ 23.929722] RBP: ffff8801d96f7250 R08: 0000000000000000 R09: 1ffff1003b2ded99 [ 23.936964] R10: ffffed003b2dee71 R11: ffffffff86f398b8 R12: 0000000000000001 [ 23.944203] R13: ffffffff86f15180 R14: ffffffff86408500 R15: ffffffff8147aed0 [ 23.951455] ? __usermodehelper_disable+0x2f0/0x2f0 [ 23.956444] ? vprintk_func+0x5e/0xc0 [ 23.960223] debug_check_no_obj_freed+0x662/0xf1f [ 23.965035] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 23.970199] ? free_obj_work+0x690/0x690 [ 23.974229] ? trace_hardirqs_on+0xd/0x10 [ 23.978349] ? cma_deref_id+0x2c/0x30 [ 23.982125] ? __lock_is_held+0xb6/0x140 [ 23.986161] ? debug_check_no_locks_freed+0x264/0x3c0 [ 23.991321] ? cma_work_handler+0x1d0/0x1d0 [ 23.995614] kfree+0xc7/0x260 [ 23.998692] process_one_req+0x2e7/0x6c0 [ 24.002724] ? addr_resolve+0xbc0/0xbc0 [ 24.006670] ? __lock_is_held+0xb6/0x140 [ 24.010706] process_one_work+0xc47/0x1bb0 [ 24.014916] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.020077] ? trace_hardirqs_on+0xd/0x10 [ 24.024207] ? pwq_dec_nr_in_flight+0x450/0x450 [ 24.028853] ? __schedule+0x903/0x1ec0 [ 24.032718] ? trace_hardirqs_off+0x10/0x10 [ 24.037010] ? lock_downgrade+0x980/0x980 [ 24.041136] ? do_wait_intr_irq+0x3e0/0x3e0 [ 24.045433] ? lock_acquire+0x1d5/0x580 [ 24.049376] ? lock_acquire+0x1d5/0x580 [ 24.053319] ? worker_thread+0x4a3/0x1990 [ 24.057435] ? lock_downgrade+0x980/0x980 [ 24.061553] ? lock_release+0xa40/0xa40 [ 24.065500] ? pr_cont_work+0x130/0x130 [ 24.069444] ? do_raw_spin_trylock+0x190/0x190 [ 24.074002] worker_thread+0x223/0x1990 [ 24.077955] ? finish_task_switch+0x1c1/0x7e0 [ 24.082428] ? process_one_work+0x1bb0/0x1bb0 [ 24.086908] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.091892] ? trace_hardirqs_on+0xd/0x10 [ 24.096017] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.100494] ? finish_task_switch+0x1c1/0x7e0 [ 24.104961] ? finish_task_switch+0x182/0x7e0 [ 24.109429] ? copy_overflow+0x20/0x20 [ 24.113294] ? __schedule+0x903/0x1ec0 [ 24.117159] ? trace_hardirqs_off+0x10/0x10 [ 24.121453] ? find_held_lock+0x35/0x1d0 [ 24.125488] ? find_held_lock+0x35/0x1d0 [ 24.129521] ? complete+0x62/0x80 [ 24.132950] ? __schedule+0x1ec0/0x1ec0 [ 24.136896] ? do_wait_intr_irq+0x3e0/0x3e0 [ 24.141188] ? __lockdep_init_map+0xe4/0x650 [ 24.145569] ? do_raw_spin_trylock+0x190/0x190 [ 24.150121] ? lockdep_init_map+0x9/0x10 [ 24.154154] ? _raw_spin_unlock_irqrestore+0x31/0xc0 [ 24.159230] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.164219] ? trace_hardirqs_on+0xd/0x10 [ 24.168336] ? __kthread_parkme+0x176/0x240 [ 24.172631] kthread+0x33c/0x400 [ 24.175967] ? process_one_work+0x1bb0/0x1bb0 [ 24.180434] ? kthread_stop+0x7a0/0x7a0 [ 24.184382] ret_from_fork+0x3a/0x50 [ 24.188072] [ 24.188074] ====================================================== [ 24.188076] WARNING: possible circular locking dependency detected [ 24.188077] 4.16.0-rc4+ #350 Not tainted [ 24.188079] ------------------------------------------------------ [ 24.188080] kworker/u4:3/65 is trying to acquire lock: [ 24.188081] ((console_sem).lock){..-.}, at: [<00000000deb14553>] down_trylock+0x13/0x70 [ 24.188086] [ 24.188087] but task is already holding lock: [ 24.188088] (&obj_hash[i].lock){-.-.}, at: [<00000000b3f1e351>] debug_check_no_obj_freed+0x1e9/0xf1f [ 24.188092] [ 24.188094] which lock already depends on the new lock. [ 24.188094] [ 24.188095] [ 24.188097] the existing dependency chain (in reverse order) is: [ 24.188097] [ 24.188098] -> #3 (&obj_hash[i].lock){-.-.}: [ 24.188102] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.188104] __debug_object_init+0x109/0x1040 [ 24.188105] debug_object_init+0x17/0x20 [ 24.188106] hrtimer_init+0x8c/0x410 [ 24.188107] init_dl_task_timer+0x1b/0x50 [ 24.188108] __sched_fork+0x2bb/0xb60 [ 24.188110] init_idle+0x75/0x820 [ 24.188111] sched_init+0xb19/0xc43 [ 24.188112] start_kernel+0x452/0x819 [ 24.188113] x86_64_start_reservations+0x2a/0x2c [ 24.188115] x86_64_start_kernel+0x77/0x7a [ 24.188116] secondary_startup_64+0xa5/0xb0 [ 24.188117] [ 24.188117] -> #2 (&rq->lock){-.-.}: [ 24.188121] _raw_spin_lock+0x2a/0x40 [ 24.188122] task_fork_fair+0x7a/0x690 [ 24.188124] sched_fork+0x450/0xc10 [ 24.188125] copy_process.part.38+0x1758/0x4b60 [ 24.188126] _do_fork+0x1f7/0xf70 [ 24.188127] kernel_thread+0x34/0x40 [ 24.188128] rest_init+0x22/0xf0 [ 24.188130] start_kernel+0x7f1/0x819 [ 24.188131] x86_64_start_reservations+0x2a/0x2c [ 24.188132] x86_64_start_kernel+0x77/0x7a [ 24.188133] secondary_startup_64+0xa5/0xb0 [ 24.188134] [ 24.188135] -> #1 (&p->pi_lock){-.-.}: [ 24.188139] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.188140] try_to_wake_up+0xbc/0x15f0 [ 24.188141] wake_up_process+0x10/0x20 [ 24.188143] __up.isra.0+0x1cc/0x2c0 [ 24.188144] up+0x13b/0x1d0 [ 24.188145] __up_console_sem+0xb2/0x1a0 [ 24.188146] console_unlock+0x5af/0xfb0 [ 24.188147] vprintk_emit+0x5c3/0xb90 [ 24.188149] vprintk_default+0x28/0x30 [ 24.188150] vprintk_func+0x57/0xc0 [ 24.188151] printk+0xaa/0xca [ 24.188152] kauditd_hold_skb+0x163/0x180 [ 24.188153] kauditd_send_queue+0xfa/0x140 [ 24.188155] kauditd_thread+0x660/0x940 [ 24.188156] kthread+0x33c/0x400 [ 24.188157] ret_from_fork+0x3a/0x50 [ 24.188158] [ 24.188158] -> #0 ((console_sem).lock){..-.}: [ 24.188162] lock_acquire+0x1d5/0x580 [ 24.188164] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.188165] down_trylock+0x13/0x70 [ 24.188166] __down_trylock_console_sem+0xa2/0x1e0 [ 24.188167] console_trylock+0x15/0x70 [ 24.188169] vprintk_emit+0x5b5/0xb90 [ 24.188170] vprintk_default+0x28/0x30 [ 24.188171] vprintk_func+0x57/0xc0 [ 24.188172] printk+0xaa/0xca [ 24.188173] __warn_printk+0x90/0xf0 [ 24.188174] debug_print_object+0x166/0x220 [ 24.188176] debug_check_no_obj_freed+0x662/0xf1f [ 24.188177] kfree+0xc7/0x260 [ 24.188178] process_one_req+0x2e7/0x6c0 [ 24.188180] process_one_work+0xc47/0x1bb0 [ 24.188181] worker_thread+0x223/0x1990 [ 24.188182] kthread+0x33c/0x400 [ 24.188183] ret_from_fork+0x3a/0x50 [ 24.188184] [ 24.188185] other info that might help us debug this: [ 24.188186] [ 24.188187] Chain exists of: [ 24.188187] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 24.188192] [ 24.188194] Possible unsafe locking scenario: [ 24.188194] [ 24.188196] CPU0 CPU1 [ 24.188197] ---- ---- [ 24.188197] lock(&obj_hash[i].lock); [ 24.188200] lock(&rq->lock); [ 24.188203] lock(&obj_hash[i].lock); [ 24.188205] lock((console_sem).lock); [ 24.188208] [ 24.188209] *** DEADLOCK *** [ 24.188209] [ 24.188211] 3 locks held by kworker/u4:3/65: [ 24.188211] #0: ((wq_completion)"ib_addr"){+.+.}, at: [<00000000c5df77b8>] process_one_work+0xb12/0x1bb0 [ 24.188216] #1: ((work_completion)(&(&req->work)->work)){+.+.}, at: [<0000000000795c4d>] process_one_work+0xb89/0x1bb0 [ 24.188221] #2: (&obj_hash[i].lock){-.-.}, at: [<00000000b3f1e351>] debug_check_no_obj_freed+0x1e9/0xf1f [ 24.188226] [ 24.188227] stack backtrace: [ 24.188228] CPU: 1 PID: 65 Comm: kworker/u4:3 Not tainted 4.16.0-rc4+ #350 [ 24.188231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.188232] Workqueue: ib_addr process_one_req [ 24.188234] Call Trace: [ 24.188235] dump_stack+0x194/0x24d [ 24.188236] ? arch_local_irq_restore+0x53/0x53 [ 24.188238] print_circular_bug.isra.38+0x2cd/0x2dc [ 24.188239] ? save_trace+0xe0/0x2b0 [ 24.188240] __lock_acquire+0x30a8/0x3e00 [ 24.188241] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.188243] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.188244] ? noop_count+0x40/0x40 [ 24.188245] ? check_usage+0x22f/0xb60 [ 24.188246] ? __bfs+0x387/0x830 [ 24.188247] ? trace_hardirqs_off+0x10/0x10 [ 24.188249] lock_acquire+0x1d5/0x580 [ 24.188250] ? lock_acquire+0x1d5/0x580 [ 24.188251] ? down_trylock+0x13/0x70 [ 24.188252] ? lock_release+0xa40/0xa40 [ 24.188253] ? vprintk_emit+0x43b/0xb90 [ 24.188254] ? lock_downgrade+0x980/0x980 [ 24.188256] ? kvm_sched_clock_read+0x25/0x40 [ 24.188257] ? sched_clock+0x31/0x40 [ 24.188258] ? sched_clock_cpu+0x1b/0x180 [ 24.188259] ? vprintk_emit+0x5b5/0xb90 [ 24.188260] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.188262] ? down_trylock+0x13/0x70 [ 24.188263] down_trylock+0x13/0x70 [ 24.188264] ? vprintk_emit+0x5b5/0xb90 [ 24.188265] __down_trylock_console_sem+0xa2/0x1e0 [ 24.188266] console_trylock+0x15/0x70 [ 24.188267] vprintk_emit+0x5b5/0xb90 [ 24.188269] ? console_unlock+0xfb0/0xfb0 [ 24.188270] ? __might_sleep+0x95/0x190 [ 24.188271] ? addr_handler+0xa3/0x380 [ 24.188272] ? __mutex_lock+0x16f/0x1a80 [ 24.188273] ? addr_handler+0xa3/0x380 [ 24.188275] ? trace_hardirqs_off+0x10/0x10 [ 24.188276] ? rcu_note_context_switch+0x710/0x710 [ 24.188277] ? mutex_lock_io_nested+0x1900/0x1900 [ 24.188279] ? __usermodehelper_disable+0x2f0/0x2f0 [ 24.188280] vprintk_default+0x28/0x30 [ 24.188281] vprintk_func+0x57/0xc0 [ 24.188282] printk+0xaa/0xca [ 24.188283] ? show_regs_print_info+0x18/0x18 [ 24.188284] ? __warn_printk+0x84/0xf0 [ 24.188286] ? addr_resolve+0xbc0/0xbc0 [ 24.188287] __warn_printk+0x90/0xf0 [ 24.188288] ? test_taint+0x20/0x20 [ 24.188289] ? lock_release+0xa40/0xa40 [ 24.188290] ? print_irqtrace_events+0x270/0x270 [ 24.188291] ? addr_resolve+0xbc0/0xbc0 [ 24.188293] debug_print_object+0x166/0x220 [ 24.188294] debug_check_no_obj_freed+0x662/0xf1f [ 24.188295] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.188297] ? free_obj_work+0x690/0x690 [ 24.188298] ? trace_hardirqs_on+0xd/0x10 [ 24.188299] ? cma_deref_id+0x2c/0x30 [ 24.188300] ? __lock_is_held+0xb6/0x140 [ 24.188302] ? debug_check_no_locks_freed+0x264/0x3c0 [ 24.188303] ? cma_work_handler+0x1d0/0x1d0 [ 24.188304] kfree+0xc7/0x260 [ 24.188305] process_one_req+0x2e7/0x6c0 [ 24.188306] ? addr_resolve+0xbc0/0xbc0 [ 24.188307] ? __lock_is_held+0xb6/0x140 [ 24.188309] process_one_work+0xc47/0x1bb0 [ 24.188310] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.188311] ? trace_hardirqs_on+0xd/0x10 [ 24.188312] ? pwq_dec_nr_in_flight+0x450/0x450 [ 24.188314] ? __schedule+0x903/0x1ec0 [ 24.188315] ? trace_hardirqs_off+0x10/0x10 [ 24.188316] ? lock_downgrade+0x980/0x980 [ 24.188317] ? do_wait_intr_irq+0x3e0/0x3e0 [ 24.188318] ? lock_acquire+0x1d5/0x580 [ 24.188320] ? lock_acquire+0x1d5/0x580 [ 24.188321] ? worker_thread+0x4a3/0x1990 [ 24.188322] ? lock_downgrade+0x980/0x980 [ 24.188323] ? lock_release+0xa40/0xa40 [ 24.188324] ? pr_cont_work+0x130/0x130 [ 24.188326] ? do_raw_spin_trylock+0x190/0x190 [ 24.188327] worker_thread+0x223/0x1990 [ 24.188328] ? finish_task_switch+0x1c1/0x7e0 [ 24.188329] ? process_one_work+0x1bb0/0x1bb0 [ 24.188331] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.188332] ? trace_hardirqs_on+0xd/0x10 [ 24.188333] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.188335] ? finish_task_switch+0x1c1/0x7e0 [ 24.188336] ? finish_task_switch+0x182/0x7e0 [ 24.188337] ? copy_overflow+0x20/0x20 [ 24.188338] ? __schedule+0x903/0x1ec0 [ 24.188340] ? trace_hardirqs_off+0x10/0x10 [ 24.188341] ? find_held_lock+0x35/0x1d0 [ 24.188342] ? find_held_lock+0x35/0x1d0 [ 24.188346] ? complete+0x62/0x80 [ 24.188348] ? __schedule+0x1ec0/0x1ec0 [ 24.188349] ? do_wait_intr_irq+0x3e0/0x3e0 [ 24.188350] ? __lockdep_init_map+0xe4/0x650 [ 24.188351] ? do_raw_spin_trylock+0x190/0x190 [ 24.188353] ? lockdep_init_map+0x9/0x10 [ 24.188354] ? _raw_spin_unlock_irqrestore+0x31/0xc0 [ 24.188355] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.188357] ? trace_hardirqs_on+0xd/0x10 [ 24.188358] ? __kthread_parkme+0x176/0x240 [ 24.188359] kthread+0x33c/0x400 [ 24.188361] ? process_one_work+0x1bb0/0x1bb0 [ 24.188362] ? kthread_stop+0x7a0/0x7a0 [ 24.188363] ret_from_fork+0x3a/0x50 [ 24.188748] Dumping ftrace buffer: [ 25.088030] (ftrace buffer empty) [ 25.091724] Kernel Offset: disabled [ 25.095326] Rebooting in 86400 seconds..