[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 18.707887] audit: type=1400 audit(1520853255.212:6): avc: denied { map } for pid=4211 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.016278] audit: type=1400 audit(1520853261.521:7): avc: denied { map } for pid=4225 comm="syzkaller196503" path="/root/syzkaller196503999" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 25.051631] audit: type=1400 audit(1520853261.556:8): avc: denied { create } for pid=4225 comm="syzkaller196503" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 25.077658] ------------[ cut here ]------------ [ 25.083327] ODEBUG: free active (active state 0) object type: work_struct hint: process_one_req+0x0/0x6c0 [ 25.093091] WARNING: CPU: 0 PID: 1704 at lib/debugobjects.c:291 debug_print_object+0x166/0x220 [ 25.101809] Kernel panic - not syncing: panic_on_warn set ... [ 25.101809] [ 25.109144] CPU: 0 PID: 1704 Comm: kworker/u4:4 Not tainted 4.16.0-rc5+ #351 [ 25.116301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.125629] Workqueue: ib_addr process_one_req [ 25.130181] Call Trace: [ 25.132740] dump_stack+0x194/0x24d [ 25.136346] ? arch_local_irq_restore+0x53/0x53 [ 25.140993] ? vsnprintf+0x1ed/0x1900 [ 25.144777] panic+0x1e4/0x41c [ 25.147945] ? refcount_error_report+0x214/0x214 [ 25.152673] ? show_regs_print_info+0x18/0x18 [ 25.157151] ? __warn+0x1c1/0x200 [ 25.160583] ? debug_print_object+0x166/0x220 [ 25.165051] __warn+0x1dc/0x200 [ 25.168305] ? debug_print_object+0x166/0x220 [ 25.172779] report_bug+0x1f4/0x2b0 [ 25.176386] fixup_bug.part.11+0x37/0x80 [ 25.180422] do_error_trap+0x2d7/0x3e0 [ 25.184281] ? vprintk_default+0x28/0x30 [ 25.188319] ? math_error+0x400/0x400 [ 25.192090] ? printk+0xaa/0xca [ 25.195344] ? show_regs_print_info+0x18/0x18 [ 25.199816] ? __usermodehelper_disable+0x2f0/0x2f0 [ 25.204808] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.209630] do_invalid_op+0x1b/0x20 [ 25.213320] invalid_op+0x1b/0x40 [ 25.216747] RIP: 0010:debug_print_object+0x166/0x220 [ 25.221822] RSP: 0018:ffff8801d2477210 EFLAGS: 00010086 [ 25.227159] RAX: dffffc0000000008 RBX: 0000000000000003 RCX: ffffffff815acd3e [ 25.234402] RDX: 0000000000000000 RSI: 1ffff1003a48edf2 RDI: 1ffff1003a48edc7 [ 25.241644] RBP: ffff8801d2477250 R08: ffffffff86f39b78 R09: 1ffff1003a48ed99 [ 25.248886] R10: ffffed003a48ee71 R11: ffffffff86f39b78 R12: 0000000000000001 [ 25.256128] R13: ffffffff86f15440 R14: ffffffff86408680 R15: ffffffff8147c020 [ 25.263384] ? __usermodehelper_disable+0x2f0/0x2f0 [ 25.268386] ? vprintk_func+0x5e/0xc0 [ 25.272181] debug_check_no_obj_freed+0x662/0xf1f [ 25.277012] ? free_obj_work+0x690/0x690 [ 25.281049] ? trace_hardirqs_on+0xd/0x10 [ 25.285180] ? cma_deref_id+0x2c/0x30 [ 25.288961] ? __lock_is_held+0xb6/0x140 [ 25.293005] ? debug_check_no_locks_freed+0x264/0x3c0 [ 25.298174] ? cma_work_handler+0x1d0/0x1d0 [ 25.302471] kfree+0xc7/0x260 [ 25.305554] process_one_req+0x2e7/0x6c0 [ 25.309592] ? addr_resolve+0xbc0/0xbc0 [ 25.313540] ? __lock_is_held+0xb6/0x140 [ 25.317590] process_one_work+0xc47/0x1bb0 [ 25.321798] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.326961] ? trace_hardirqs_on+0xd/0x10 [ 25.331093] ? pwq_dec_nr_in_flight+0x450/0x450 [ 25.335759] ? perf_trace_lock_acquire+0xe3/0x980 [ 25.340575] ? __schedule+0x903/0x1ec0 [ 25.344443] ? perf_trace_lock+0x900/0x900 [ 25.348655] ? __lock_is_held+0xb6/0x140 [ 25.352697] ? trace_hardirqs_off+0x10/0x10 [ 25.357004] ? trace_hardirqs_off+0x10/0x10 [ 25.361318] ? lock_acquire+0x1d5/0x580 [ 25.365265] ? lock_acquire+0x1d5/0x580 [ 25.369647] ? worker_thread+0x4a3/0x1990 [ 25.373780] ? lock_release+0xa40/0xa40 [ 25.377731] ? retint_kernel+0x10/0x10 [ 25.381596] ? do_raw_spin_trylock+0x190/0x190 [ 25.386168] worker_thread+0x223/0x1990 [ 25.390118] ? trace_hardirqs_on+0xd/0x10 [ 25.394260] ? process_one_work+0x1bb0/0x1bb0 [ 25.398735] ? put_task_stack+0x116/0x270 [ 25.402865] ? finish_task_switch+0x539/0x7e0 [ 25.407337] ? copy_overflow+0x20/0x20 [ 25.411221] ? __schedule+0x903/0x1ec0 [ 25.415096] ? lock_release+0xa40/0xa40 [ 25.419048] ? trace_hardirqs_off+0x10/0x10 [ 25.423344] ? do_raw_spin_trylock+0x190/0x190 [ 25.427904] ? find_held_lock+0x35/0x1d0 [ 25.432685] ? find_held_lock+0x35/0x1d0 [ 25.436730] ? complete+0x62/0x80 [ 25.440175] ? __schedule+0x1ec0/0x1ec0 [ 25.444118] ? do_wait_intr_irq+0x3e0/0x3e0 [ 25.448414] ? __lockdep_init_map+0xe4/0x650 [ 25.452801] ? do_raw_spin_trylock+0x190/0x190 [ 25.457356] ? lockdep_init_map+0x9/0x10 [ 25.461390] ? _raw_spin_unlock_irqrestore+0x31/0xc0 [ 25.466471] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.471461] ? trace_hardirqs_on+0xd/0x10 [ 25.475583] ? __kthread_parkme+0x176/0x240 [ 25.479883] kthread+0x33c/0x400 [ 25.483227] ? process_one_work+0x1bb0/0x1bb0 [ 25.487694] ? kthread_stop+0x7a0/0x7a0 [ 25.491647] ret_from_fork+0x3a/0x50 [ 25.495353] [ 25.495356] ====================================================== [ 25.495359] WARNING: possible circular locking dependency detected [ 25.495360] 4.16.0-rc5+ #351 Not tainted [ 25.495363] ------------------------------------------------------ [ 25.495365] kworker/u4:4/1704 is trying to acquire lock: [ 25.495367] ((console_sem).lock){..-.}, at: [<000000009d5eccbf>] down_trylock+0x13/0x70 [ 25.495373] [ 25.495375] but task is already holding lock: [ 25.495376] (&obj_hash[i].lock){-.-.}, at: [<00000000a6cec281>] debug_check_no_obj_freed+0x1e9/0xf1f [ 25.495382] [ 25.495384] which lock already depends on the new lock. [ 25.495385] [ 25.495386] [ 25.495389] the existing dependency chain (in reverse order) is: [ 25.495390] [ 25.495391] -> #3 (&obj_hash[i].lock){-.-.}: [ 25.495397] _raw_spin_lock_irqsave+0x96/0xc0 [ 25.495399] __debug_object_init+0x109/0x1040 [ 25.495401] debug_object_init+0x17/0x20 [ 25.495403] hrtimer_init+0x8c/0x410 [ 25.495405] init_dl_task_timer+0x1b/0x50 [ 25.495407] __sched_fork+0x2bb/0xb60 [ 25.495408] init_idle+0x75/0x820 [ 25.495410] sched_init+0xb19/0xc43 [ 25.495412] start_kernel+0x452/0x819 [ 25.495414] x86_64_start_reservations+0x2a/0x2c [ 25.495416] x86_64_start_kernel+0x77/0x7a [ 25.495418] secondary_startup_64+0xa5/0xb0 [ 25.495419] [ 25.495420] -> #2 (&rq->lock){-.-.}: [ 25.495426] _raw_spin_lock+0x2a/0x40 [ 25.495428] task_fork_fair+0x7a/0x690 [ 25.495430] sched_fork+0x450/0xc10 [ 25.495432] copy_process.part.38+0x1758/0x4b60 [ 25.495433] _do_fork+0x1f7/0xf70 [ 25.495435] kernel_thread+0x34/0x40 [ 25.495437] rest_init+0x22/0xf0 [ 25.495438] start_kernel+0x7f1/0x819 [ 25.495441] x86_64_start_reservations+0x2a/0x2c [ 25.495442] x86_64_start_kernel+0x77/0x7a [ 25.495444] secondary_startup_64+0xa5/0xb0 [ 25.495445] [ 25.495446] -> #1 (&p->pi_lock){-.-.}: [ 25.495453] _raw_spin_lock_irqsave+0x96/0xc0 [ 25.495455] try_to_wake_up+0xbc/0x15f0 [ 25.495456] wake_up_process+0x10/0x20 [ 25.495458] __up.isra.0+0x1cc/0x2c0 [ 25.495460] up+0x13b/0x1d0 [ 25.495462] __up_console_sem+0xb2/0x1a0 [ 25.495463] console_unlock+0x5af/0xfb0 [ 25.495465] vprintk_emit+0x5c3/0xb90 [ 25.495467] vprintk_default+0x28/0x30 [ 25.495469] vprintk_func+0x57/0xc0 [ 25.495470] printk+0xaa/0xca [ 25.495472] kauditd_hold_skb+0x163/0x180 [ 25.495474] kauditd_send_queue+0xfa/0x140 [ 25.495476] kauditd_thread+0x660/0x940 [ 25.495478] kthread+0x33c/0x400 [ 25.495479] ret_from_fork+0x3a/0x50 [ 25.495480] [ 25.495481] -> #0 ((console_sem).lock){..-.}: [ 25.495488] lock_acquire+0x1d5/0x580 [ 25.495490] _raw_spin_lock_irqsave+0x96/0xc0 [ 25.495492] down_trylock+0x13/0x70 [ 25.495494] __down_trylock_console_sem+0xa2/0x1e0 [ 25.495495] console_trylock+0x15/0x70 [ 25.495497] vprintk_emit+0x5b5/0xb90 [ 25.495499] vprintk_default+0x28/0x30 [ 25.495501] vprintk_func+0x57/0xc0 [ 25.495502] printk+0xaa/0xca [ 25.495504] __warn_printk+0x90/0xf0 [ 25.495506] debug_print_object+0x166/0x220 [ 25.495508] debug_check_no_obj_freed+0x662/0xf1f [ 25.495510] kfree+0xc7/0x260 [ 25.495512] process_one_req+0x2e7/0x6c0 [ 25.495514] process_one_work+0xc47/0x1bb0 [ 25.495515] worker_thread+0x223/0x1990 [ 25.495517] kthread+0x33c/0x400 [ 25.495519] ret_from_fork+0x3a/0x50 [ 25.495520] [ 25.495522] other info that might help us debug this: [ 25.495523] [ 25.495524] Chain exists of: [ 25.495525] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 25.495533] [ 25.495535] Possible unsafe locking scenario: [ 25.495536] [ 25.495538] CPU0 CPU1 [ 25.495540] ---- ---- [ 25.495541] lock(&obj_hash[i].lock); [ 25.495545] lock(&rq->lock); [ 25.495549] lock(&obj_hash[i].lock); [ 25.495553] lock((console_sem).lock); [ 25.495557] [ 25.495558] *** DEADLOCK *** [ 25.495559] [ 25.495561] 3 locks held by kworker/u4:4/1704: [ 25.495562] #0: ((wq_completion)"ib_addr"){+.+.}, at: [<0000000003965833>] process_one_work+0xb12/0x1bb0 [ 25.495569] #1: ((work_completion)(&(&req->work)->work)){+.+.}, at: [<00000000554ae228>] process_one_work+0xb89/0x1bb0 [ 25.495577] #2: (&obj_hash[i].lock){-.-.}, at: [<00000000a6cec281>] debug_check_no_obj_freed+0x1e9/0xf1f [ 25.495584] [ 25.495585] stack backtrace: [ 25.495588] CPU: 0 PID: 1704 Comm: kworker/u4:4 Not tainted 4.16.0-rc5+ #351 [ 25.495591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.495593] Workqueue: ib_addr process_one_req [ 25.495596] Call Trace: [ 25.495597] dump_stack+0x194/0x24d [ 25.495599] ? arch_local_irq_restore+0x53/0x53 [ 25.495601] print_circular_bug.isra.38+0x2cd/0x2dc [ 25.495603] ? save_trace+0xe0/0x2b0 [ 25.495605] __lock_acquire+0x30a8/0x3e00 [ 25.495607] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.495609] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.495611] ? __save_stack_trace+0x6e/0xd0 [ 25.495613] ? perf_trace_lock_acquire+0xe3/0x980 [ 25.495615] ? check_usage+0x22f/0xb60 [ 25.495616] ? perf_trace_lock+0x900/0x900 [ 25.495618] ? perf_trace_lock_acquire+0xe3/0x980 [ 25.495620] ? perf_trace_lock+0x900/0x900 [ 25.495622] lock_acquire+0x1d5/0x580 [ 25.495624] ? lock_acquire+0x1d5/0x580 [ 25.495625] ? down_trylock+0x13/0x70 [ 25.495627] ? lock_release+0xa40/0xa40 [ 25.495629] ? vprintk_emit+0x43b/0xb90 [ 25.495631] ? lock_downgrade+0x980/0x980 [ 25.495633] ? kvm_sched_clock_read+0x25/0x40 [ 25.495634] ? sched_clock+0x31/0x40 [ 25.495636] ? sched_clock_cpu+0x1b/0x180 [ 25.495638] ? vprintk_emit+0x5b5/0xb90 [ 25.495640] _raw_spin_lock_irqsave+0x96/0xc0 [ 25.495641] ? down_trylock+0x13/0x70 [ 25.495643] down_trylock+0x13/0x70 [ 25.495645] ? vprintk_emit+0x5b5/0xb90 [ 25.495647] __down_trylock_console_sem+0xa2/0x1e0 [ 25.495649] console_trylock+0x15/0x70 [ 25.495650] vprintk_emit+0x5b5/0xb90 [ 25.495652] ? console_unlock+0xfb0/0xfb0 [ 25.495654] ? perf_trace_lock_acquire+0xe3/0x980 [ 25.495656] ? __might_sleep+0x95/0x190 [ 25.495658] ? addr_handler+0xa3/0x380 [ 25.495659] ? perf_trace_lock+0x900/0x900 [ 25.495661] ? trace_hardirqs_off+0x10/0x10 [ 25.495663] ? perf_trace_lock+0xd6/0x900 [ 25.495665] ? rcu_note_context_switch+0x710/0x710 [ 25.495667] ? perf_trace_lock+0xd6/0x900 [ 25.495669] ? __usermodehelper_disable+0x2f0/0x2f0 [ 25.495671] vprintk_default+0x28/0x30 [ 25.495672] vprintk_func+0x57/0xc0 [ 25.495674] printk+0xaa/0xca [ 25.495676] ? show_regs_print_info+0x18/0x18 [ 25.495677] ? __warn_printk+0x84/0xf0 [ 25.495679] ? addr_resolve+0xbc0/0xbc0 [ 25.495681] __warn_printk+0x90/0xf0 [ 25.495683] ? test_taint+0x20/0x20 [ 25.495684] ? lock_release+0xa40/0xa40 [ 25.495686] ? print_irqtrace_events+0x270/0x270 [ 25.495688] ? addr_resolve+0xbc0/0xbc0 [ 25.495690] debug_print_object+0x166/0x220 [ 25.495692] debug_check_no_obj_freed+0x662/0xf1f [ 25.495694] ? free_obj_work+0x690/0x690 [ 25.495695] ? trace_hardirqs_on+0xd/0x10 [ 25.495697] ? cma_deref_id+0x2c/0x30 [ 25.495699] ? __lock_is_held+0xb6/0x140 [ 25.495701] ? debug_check_no_locks_freed+0x264/0x3c0 [ 25.495703] ? cma_work_handler+0x1d0/0x1d0 [ 25.495704] kfree+0xc7/0x260 [ 25.495706] process_one_req+0x2e7/0x6c0 [ 25.495708] ? addr_resolve+0xbc0/0xbc0 [ 25.495710] ? __lock_is_held+0xb6/0x140 [ 25.495712] process_one_work+0xc47/0x1bb0 [ 25.495714] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.495715] ? trace_hardirqs_on+0xd/0x10 [ 25.495717] ? pwq_dec_nr_in_flight+0x450/0x450 [ 25.495719] ? perf_trace_lock_acquire+0xe3/0x980 [ 25.495721] ? __schedule+0x903/0x1ec0 [ 25.495723] ? perf_trace_lock+0x900/0x900 [ 25.495725] ? __lock_is_held+0xb6/0x140 [ 25.495727] ? trace_hardirqs_off+0x10/0x10 [ 25.495728] ? trace_hardirqs_off+0x10/0x10 [ 25.495734] ? lock_acquire+0x1d5/0x580 [ 25.495736] ? lock_acquire+0x1d5/0x580 [ 25.495738] ? worker_thread+0x4a3/0x1990 [ 25.495739] ? lock_release+0xa40/0xa40 [ 25.495741] ? retint_kernel+0x10/0x10 [ 25.495743] ? do_raw_spin_trylock+0x190/0x190 [ 25.495745] worker_thread+0x223/0x1990 [ 25.495746] ? trace_hardirqs_on+0xd/0x10 [ 25.495748] ? process_one_work+0x1bb0/0x1bb0 [ 25.495750] ? put_task_stack+0x116/0x270 [ 25.495752] ? finish_task_switch+0x539/0x7e0 [ 25.495754] ? copy_overflow+0x20/0x20 [ 25.495756] ? __schedule+0x903/0x1ec0 [ 25.495757] ? lock_release+0xa40/0xa40 [ 25.495759] ? trace_hardirqs_off+0x10/0x10 [ 25.495761] ? do_raw_spin_trylock+0x190/0x190 [ 25.495763] ? find_held_lock+0x35/0x1d0 [ 25.495765] ? find_held_lock+0x35/0x1d0 [ 25.495766] ? complete+0x62/0x80 [ 25.495768] ? __schedule+0x1ec0/0x1ec0 [ 25.495770] ? do_wait_intr_irq+0x3e0/0x3e0 [ 25.495772] ? __lockdep_init_map+0xe4/0x650 [ 25.495774] ? do_raw_spin_trylock+0x190/0x190 [ 25.495775] ? lockdep_init_map+0x9/0x10 [ 25.495778] ? _raw_spin_unlock_irqrestore+0x31/0xc0 [ 25.495780] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.495781] ? trace_hardirqs_on+0xd/0x10 [ 25.495783] ? __kthread_parkme+0x176/0x240 [ 25.495785] kthread+0x33c/0x400 [ 25.495787] ? process_one_work+0x1bb0/0x1bb0 [ 25.495789] ? kthread_stop+0x7a0/0x7a0 [ 25.495790] ret_from_fork+0x3a/0x50 [ 26.543337] Shutting down cpus with NMI [ 27.453178] Dumping ftrace buffer: [ 27.456691] (ftrace buffer empty) [ 27.460376] Kernel Offset: disabled [ 27.463976] Rebooting in 86400 seconds..