[....] Starting enhanced syslogd: rsyslogd[ 14.570350] audit: type=1400 audit(1519337024.936:5): avc: denied { syslog } for pid=4011 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.984545] audit: type=1400 audit(1519337029.350:6): avc: denied { map } for pid=4149 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. [ 25.219583] audit: type=1400 audit(1519337035.585:7): avc: denied { map } for pid=4163 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/02/22 22:03:55 parsed 1 programs 2018/02/22 22:03:55 executed programs: 0 [ 25.491628] audit: type=1400 audit(1519337035.853:8): avc: denied { map } for pid=4163 comm="syz-execprog" path="/root/syzkaller-shm828953457" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 25.528565] IPVS: ftp: loaded support on port[0] = 21 [ 25.567073] IPVS: ftp: loaded support on port[0] = 21 [ 25.600519] IPVS: ftp: loaded support on port[0] = 21 [ 25.648677] IPVS: ftp: loaded support on port[0] = 21 [ 25.713362] IPVS: ftp: loaded support on port[0] = 21 [ 25.801427] IPVS: ftp: loaded support on port[0] = 21 [ 25.912372] IPVS: ftp: loaded support on port[0] = 21 [ 25.956399] IPVS: ftp: loaded support on port[0] = 21 2018/02/22 22:04:00 executed programs: 361 2018/02/22 22:04:05 executed programs: 736 [ 37.784987] ------------[ cut here ]------------ [ 37.790677] ODEBUG: free active (active state 0) object type: work_struct hint: process_one_req+0x0/0x6c0 [ 37.800444] WARNING: CPU: 0 PID: 37 at lib/debugobjects.c:291 debug_print_object+0x166/0x220 [ 37.808989] Kernel panic - not syncing: panic_on_warn set ... [ 37.808989] [ 37.816321] CPU: 0 PID: 37 Comm: kworker/u4:2 Not tainted 4.16.0-rc1+ #15 [ 37.823217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.832551] Workqueue: ib_addr process_one_req [ 37.837105] Call Trace: [ 37.839668] dump_stack+0x194/0x24d [ 37.843273] ? arch_local_irq_restore+0x53/0x53 [ 37.847926] ? vsnprintf+0x1ed/0x1900 [ 37.851705] panic+0x1e4/0x41c [ 37.854870] ? refcount_error_report+0x214/0x214 [ 37.859599] ? show_regs_print_info+0x18/0x18 [ 37.864072] ? __warn+0x1c1/0x200 [ 37.867502] ? debug_print_object+0x166/0x220 [ 37.871968] __warn+0x1dc/0x200 [ 37.875220] ? debug_print_object+0x166/0x220 [ 37.879690] report_bug+0x211/0x2d0 [ 37.883294] fixup_bug.part.11+0x37/0x80 [ 37.887327] do_error_trap+0x2d7/0x3e0 [ 37.892231] ? vprintk_default+0x28/0x30 [ 37.896270] ? math_error+0x400/0x400 [ 37.900041] ? printk+0xaa/0xca [ 37.903296] ? show_regs_print_info+0x18/0x18 [ 37.907771] ? __usermodehelper_disable+0x2f0/0x2f0 [ 37.912763] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.917581] ? __usermodehelper_disable+0x2f0/0x2f0 [ 37.922569] do_invalid_op+0x1b/0x20 [ 37.926258] invalid_op+0x22/0x40 [ 37.929687] RIP: 0010:debug_print_object+0x166/0x220 [ 37.934758] RSP: 0000:ffff8801d959f250 EFLAGS: 00010086 [ 37.940095] RAX: dffffc0000000008 RBX: 0000000000000003 RCX: ffffffff815aaf3e [ 37.947339] RDX: 0000000000000000 RSI: 1ffff1003b2b3dfa RDI: 1ffff1003b2b3dcf [ 37.954581] RBP: ffff8801d959f290 R08: ffffffff86f39478 R09: 1ffff1003b2b3da1 [ 37.961823] R10: ffffed003b2b3e79 R11: ffffffff86f39478 R12: 0000000000000001 [ 37.969065] R13: ffffffff86f14d40 R14: ffffffff86407c60 R15: ffffffff81479bc0 [ 37.976313] ? __usermodehelper_disable+0x2f0/0x2f0 [ 37.981308] ? vprintk_func+0x5e/0xc0 [ 37.985095] debug_check_no_obj_freed+0x662/0xf1f [ 37.989928] ? free_obj_work+0x690/0x690 [ 37.993970] ? trace_hardirqs_on+0xd/0x10 [ 37.998098] ? cma_deref_id+0x2c/0x30 [ 38.001875] ? __lock_is_held+0xb6/0x140 [ 38.005924] ? debug_check_no_locks_freed+0x264/0x3c0 [ 38.011095] ? cma_work_handler+0x1d0/0x1d0 [ 38.015389] kfree+0xc7/0x260 [ 38.018474] process_one_req+0x2e7/0x6c0 [ 38.022511] ? addr_resolve+0xc90/0xc90 [ 38.026460] ? __lock_is_held+0xb6/0x140 [ 38.030508] process_one_work+0xbbf/0x1af0 [ 38.034729] ? pwq_dec_nr_in_flight+0x450/0x450 [ 38.039379] ? __schedule+0x8ea/0x2040 [ 38.043248] ? __lock_acquire+0x664/0x3e00 [ 38.047462] ? check_noncircular+0x20/0x20 [ 38.051678] ? check_noncircular+0x20/0x20 [ 38.055897] ? lock_acquire+0x1d5/0x580 [ 38.059844] ? lock_acquire+0x1d5/0x580 [ 38.063793] ? worker_thread+0x4a3/0x1990 [ 38.067920] ? lock_downgrade+0x980/0x980 [ 38.072054] ? lock_release+0xa40/0xa40 [ 38.076000] ? retint_kernel+0x10/0x10 [ 38.079865] ? do_raw_spin_trylock+0x190/0x190 [ 38.084435] worker_thread+0x223/0x1990 [ 38.088383] ? finish_task_switch+0x1e2/0x890 [ 38.092871] ? process_one_work+0x1af0/0x1af0 [ 38.097341] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.102333] ? trace_hardirqs_on+0xd/0x10 [ 38.106455] ? mmdrop+0x18/0x30 [ 38.109710] ? finish_task_switch+0x29b/0x890 [ 38.114182] ? copy_overflow+0x20/0x20 [ 38.118059] ? __schedule+0x8ea/0x2040 [ 38.121947] ? check_noncircular+0x20/0x20 [ 38.126158] ? remove_entity_load_avg+0x1be/0x260 [ 38.130977] ? find_held_lock+0x35/0x1d0 [ 38.135020] ? find_held_lock+0x35/0x1d0 [ 38.139062] ? complete+0x62/0x80 [ 38.142496] ? __schedule+0x2040/0x2040 [ 38.146442] ? do_wait_intr_irq+0x3e0/0x3e0 [ 38.150736] ? __lockdep_init_map+0xe4/0x650 [ 38.155119] ? do_raw_spin_trylock+0x190/0x190 [ 38.159675] ? lockdep_init_map+0x9/0x10 [ 38.163710] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 38.168787] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.173776] ? trace_hardirqs_on+0xd/0x10 [ 38.177898] ? __kthread_parkme+0x175/0x240 [ 38.182199] kthread+0x33c/0x400 [ 38.185538] ? process_one_work+0x1af0/0x1af0 [ 38.190006] ? kthread_stop+0x7a0/0x7a0 [ 38.193955] ret_from_fork+0x3a/0x50 [ 38.197658] [ 38.197660] ====================================================== [ 38.197663] WARNING: possible circular locking dependency detected [ 38.197664] 4.16.0-rc1+ #15 Not tainted [ 38.197667] ------------------------------------------------------ [ 38.197669] kworker/u4:2/37 is trying to acquire lock: [ 38.197670] ((console_sem).lock){..-.}, at: [<0000000052538d8c>] down_trylock+0x13/0x70 [ 38.197676] [ 38.197678] but task is already holding lock: [ 38.197679] (&obj_hash[i].lock){-.-.}, at: [<00000000375c2bab>] debug_check_no_obj_freed+0x1e9/0xf1f [ 38.197685] [ 38.197687] which lock already depends on the new lock. [ 38.197688] [ 38.197689] [ 38.197691] the existing dependency chain (in reverse order) is: [ 38.197692] [ 38.197693] -> #3 (&obj_hash[i].lock){-.-.}: [ 38.197699] _raw_spin_lock_irqsave+0x96/0xc0 [ 38.197701] __debug_object_init+0x109/0x1040 [ 38.197703] debug_object_init+0x17/0x20 [ 38.197704] hrtimer_init+0x8c/0x410 [ 38.197706] init_dl_task_timer+0x1b/0x50 [ 38.197708] __sched_fork+0x2bb/0xb60 [ 38.197709] init_idle+0x75/0x820 [ 38.197711] sched_init+0xb19/0xc43 [ 38.197713] start_kernel+0x452/0x819 [ 38.197715] x86_64_start_reservations+0x2a/0x2c [ 38.197716] x86_64_start_kernel+0x77/0x7a [ 38.197718] secondary_startup_64+0xa5/0xb0 [ 38.197719] [ 38.197720] -> #2 (&rq->lock){-.-.}: [ 38.197726] _raw_spin_lock+0x2a/0x40 [ 38.197728] task_fork_fair+0x7a/0x690 [ 38.197729] sched_fork+0x450/0xc10 [ 38.197731] copy_process.part.37+0x1758/0x4b60 [ 38.197733] _do_fork+0x1f7/0xf70 [ 38.197735] kernel_thread+0x34/0x40 [ 38.197736] rest_init+0x22/0xf0 [ 38.197738] start_kernel+0x7f1/0x819 [ 38.197740] x86_64_start_reservations+0x2a/0x2c [ 38.197742] x86_64_start_kernel+0x77/0x7a [ 38.197743] secondary_startup_64+0xa5/0xb0 [ 38.197744] [ 38.197745] -> #1 (&p->pi_lock){-.-.}: [ 38.197751] _raw_spin_lock_irqsave+0x96/0xc0 [ 38.197753] try_to_wake_up+0xbc/0x15f0 [ 38.197755] wake_up_process+0x10/0x20 [ 38.197756] __up.isra.0+0x1cc/0x2c0 [ 38.197758] up+0x13b/0x1d0 [ 38.197760] __up_console_sem+0xb2/0x1a0 [ 38.197761] console_unlock+0x5af/0xfb0 [ 38.197763] vprintk_emit+0x5c3/0xb90 [ 38.197765] vprintk_default+0x28/0x30 [ 38.197767] vprintk_func+0x57/0xc0 [ 38.197768] printk+0xaa/0xca [ 38.197770] kauditd_hold_skb+0x163/0x180 [ 38.197772] kauditd_send_queue+0xfa/0x140 [ 38.197773] kauditd_thread+0x660/0x940 [ 38.197775] kthread+0x33c/0x400 [ 38.197777] ret_from_fork+0x3a/0x50 [ 38.197778] [ 38.197779] -> #0 ((console_sem).lock){..-.}: [ 38.197784] lock_acquire+0x1d5/0x580 [ 38.197786] _raw_spin_lock_irqsave+0x96/0xc0 [ 38.197788] down_trylock+0x13/0x70 [ 38.197790] __down_trylock_console_sem+0xa2/0x1e0 [ 38.197792] console_trylock+0x15/0x70 [ 38.197794] vprintk_emit+0x5b5/0xb90 [ 38.197795] vprintk_default+0x28/0x30 [ 38.197797] vprintk_func+0x57/0xc0 [ 38.197798] printk+0xaa/0xca [ 38.197800] __warn_printk+0x90/0xf0 [ 38.197802] debug_print_object+0x166/0x220 [ 38.197804] debug_check_no_obj_freed+0x662/0xf1f [ 38.197805] kfree+0xc7/0x260 [ 38.197807] process_one_req+0x2e7/0x6c0 [ 38.197809] process_one_work+0xbbf/0x1af0 [ 38.197811] worker_thread+0x223/0x1990 [ 38.197812] kthread+0x33c/0x400 [ 38.197814] ret_from_fork+0x3a/0x50 [ 38.197815] [ 38.197817] other info that might help us debug this: [ 38.197818] [ 38.197819] Chain exists of: [ 38.197820] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 38.197828] [ 38.197829] Possible unsafe locking scenario: [ 38.197830] [ 38.197832] CPU0 CPU1 [ 38.197834] ---- ---- [ 38.197835] lock(&obj_hash[i].lock); [ 38.197839] lock(&rq->lock); [ 38.197843] lock(&obj_hash[i].lock); [ 38.197846] lock((console_sem).lock); [ 38.197849] [ 38.197851] *** DEADLOCK *** [ 38.197852] [ 38.197854] 3 locks held by kworker/u4:2/37: [ 38.197854] #0: ((wq_completion)"ib_addr"){+.+.}, at: [<00000000c954819d>] process_one_work+0xaaf/0x1af0 [ 38.197861] #1: ((work_completion)(&(&req->work)->work)){+.+.}, at: [<000000001beddd43>] process_one_work+0xb01/0x1af0 [ 38.197868] #2: (&obj_hash[i].lock){-.-.}, at: [<00000000375c2bab>] debug_check_no_obj_freed+0x1e9/0xf1f [ 38.197875] [ 38.197876] stack backtrace: [ 38.197879] CPU: 0 PID: 37 Comm: kworker/u4:2 Not tainted 4.16.0-rc1+ #15 [ 38.197882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.197884] Workqueue: ib_addr process_one_req [ 38.197886] Call Trace: [ 38.197888] dump_stack+0x194/0x24d [ 38.197890] ? arch_local_irq_restore+0x53/0x53 [ 38.197892] print_circular_bug.isra.38+0x2cd/0x2dc [ 38.197893] ? save_trace+0xe0/0x2b0 [ 38.197895] __lock_acquire+0x30a8/0x3e00 [ 38.197897] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 38.197899] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 38.197901] ? __lock_acquire+0x664/0x3e00 [ 38.197903] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 38.197905] ? trace_event_raw_event_lock+0x340/0x340 [ 38.197910] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 38.197912] ? perf_trace_lock+0xd6/0x900 [ 38.197913] ? perf_trace_lock+0xd6/0x900 [ 38.197915] ? trace_event_raw_event_lock+0x340/0x340 [ 38.197917] ? check_noncircular+0x20/0x20 [ 38.197919] ? print_irqtrace_events+0x270/0x270 [ 38.197921] ? lock_downgrade+0x980/0x980 [ 38.197922] lock_acquire+0x1d5/0x580 [ 38.197924] ? lock_acquire+0x1d5/0x580 [ 38.197926] ? down_trylock+0x13/0x70 [ 38.197927] ? lock_release+0xa40/0xa40 [ 38.197929] ? vprintk_emit+0x43b/0xb90 [ 38.197931] ? lock_downgrade+0x980/0x980 [ 38.197932] ? kvm_sched_clock_read+0x25/0x40 [ 38.197934] ? sched_clock+0x31/0x40 [ 38.197936] ? sched_clock_cpu+0x1b/0x180 [ 38.197937] ? vprintk_emit+0x5b5/0xb90 [ 38.197939] _raw_spin_lock_irqsave+0x96/0xc0 [ 38.197941] ? down_trylock+0x13/0x70 [ 38.197942] down_trylock+0x13/0x70 [ 38.197944] ? vprintk_emit+0x5b5/0xb90 [ 38.197946] __down_trylock_console_sem+0xa2/0x1e0 [ 38.197948] console_trylock+0x15/0x70 [ 38.197949] vprintk_emit+0x5b5/0xb90 [ 38.197951] ? console_unlock+0xfb0/0xfb0 [ 38.197953] ? trace_event_raw_event_lock+0x340/0x340 [ 38.197955] ? __might_sleep+0x95/0x190 [ 38.197956] ? addr_handler+0xa3/0x380 [ 38.197958] ? __mutex_lock+0x16f/0x1a80 [ 38.197960] ? addr_handler+0xa3/0x380 [ 38.197961] ? check_noncircular+0x20/0x20 [ 38.197963] ? perf_trace_lock+0xd6/0x900 [ 38.197965] ? rcu_note_context_switch+0x710/0x710 [ 38.197967] ? perf_trace_lock+0xd6/0x900 [ 38.197969] ? __usermodehelper_disable+0x2f0/0x2f0 [ 38.197970] vprintk_default+0x28/0x30 [ 38.197972] vprintk_func+0x57/0xc0 [ 38.197973] printk+0xaa/0xca [ 38.197975] ? show_regs_print_info+0x18/0x18 [ 38.197977] ? __warn_printk+0x84/0xf0 [ 38.197979] ? addr_resolve+0xc90/0xc90 [ 38.197980] __warn_printk+0x90/0xf0 [ 38.197982] ? test_taint+0x20/0x20 [ 38.197983] ? lock_release+0xa40/0xa40 [ 38.197985] ? print_irqtrace_events+0x270/0x270 [ 38.197987] ? addr_resolve+0xc90/0xc90 [ 38.197989] debug_print_object+0x166/0x220 [ 38.197991] debug_check_no_obj_freed+0x662/0xf1f [ 38.197992] ? free_obj_work+0x690/0x690 [ 38.197994] ? trace_hardirqs_on+0xd/0x10 [ 38.197996] ? cma_deref_id+0x2c/0x30 [ 38.197997] ? __lock_is_held+0xb6/0x140 [ 38.197999] ? debug_check_no_locks_freed+0x264/0x3c0 [ 38.198001] ? cma_work_handler+0x1d0/0x1d0 [ 38.198003] kfree+0xc7/0x260 [ 38.198004] process_one_req+0x2e7/0x6c0 [ 38.198006] ? addr_resolve+0xc90/0xc90 [ 38.198008] ? __lock_is_held+0xb6/0x140 [ 38.198009] process_one_work+0xbbf/0x1af0 [ 38.198011] ? pwq_dec_nr_in_flight+0x450/0x450 [ 38.198013] ? __schedule+0x8ea/0x2040 [ 38.198015] ? __lock_acquire+0x664/0x3e00 [ 38.198016] ? check_noncircular+0x20/0x20 [ 38.198018] ? check_noncircular+0x20/0x20 [ 38.198020] ? lock_acquire+0x1d5/0x580 [ 38.198021] ? lock_acquire+0x1d5/0x580 [ 38.198023] ? worker_thread+0x4a3/0x1990 [ 38.198025] ? lock_downgrade+0x980/0x980 [ 38.198026] ? lock_release+0xa40/0xa40 [ 38.198028] ? retint_kernel+0x10/0x10 [ 38.198030] ? do_raw_spin_trylock+0x190/0x190 [ 38.198032] worker_thread+0x223/0x1990 [ 38.198034] ? finish_task_switch+0x1e2/0x890 [ 38.198036] ? process_one_work+0x1af0/0x1af0 [ 38.198038] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.198039] ? trace_hardirqs_on+0xd/0x10 [ 38.198041] ? mmdrop+0x18/0x30 [ 38.198043] ? finish_task_switch+0x29b/0x890 [ 38.198044] ? copy_overflow+0x20/0x20 [ 38.198046] ? __schedule+0x8ea/0x2040 [ 38.198048] ? check_noncircular+0x20/0x20 [ 38.198050] ? remove_entity_load_avg+0x1be/0x260 [ 3