[....] Starting enhanced syslogd: rsyslogd[ 17.415042] audit: type=1400 audit(1519335554.189:5): avc: denied { syslog } for pid=4071 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.859525] audit: type=1400 audit(1519335559.634:6): avc: denied { map } for pid=4212 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts. [ 29.378854] audit: type=1400 audit(1519335566.153:7): avc: denied { map } for pid=4226 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/02/22 21:39:26 parsed 1 programs 2018/02/22 21:39:26 executed programs: 0 [ 29.645095] audit: type=1400 audit(1519335566.417:8): avc: denied { map } for pid=4226 comm="syz-execprog" path="/root/syzkaller-shm146766204" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 29.679555] IPVS: ftp: loaded support on port[0] = 21 [ 29.722225] IPVS: ftp: loaded support on port[0] = 21 [ 29.763358] IPVS: ftp: loaded support on port[0] = 21 [ 29.808133] IPVS: ftp: loaded support on port[0] = 21 [ 29.872634] IPVS: ftp: loaded support on port[0] = 21 [ 29.960782] IPVS: ftp: loaded support on port[0] = 21 [ 29.998550] IPVS: ftp: loaded support on port[0] = 21 [ 30.031769] IPVS: ftp: loaded support on port[0] = 21 2018/02/22 21:39:31 executed programs: 447 [ 35.469539] ------------[ cut here ]------------ [ 35.475168] ODEBUG: free active (active state 0) object type: work_struct hint: process_one_req+0x0/0x6c0 [ 35.484928] WARNING: CPU: 1 PID: 28 at lib/debugobjects.c:291 debug_print_object+0x166/0x220 [ 35.493473] Kernel panic - not syncing: panic_on_warn set ... [ 35.493473] [ 35.500806] CPU: 1 PID: 28 Comm: kworker/u4:2 Not tainted 4.16.0-rc1+ #15 [ 35.507701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.517030] Workqueue: ib_addr process_one_req [ 35.521581] Call Trace: [ 35.524140] dump_stack+0x194/0x24d [ 35.527740] ? arch_local_irq_restore+0x53/0x53 [ 35.532383] ? vsnprintf+0x1ed/0x1900 [ 35.536159] panic+0x1e4/0x41c [ 35.539323] ? refcount_error_report+0x214/0x214 [ 35.544048] ? show_regs_print_info+0x18/0x18 [ 35.548518] ? __warn+0x1c1/0x200 [ 35.551943] ? debug_print_object+0x166/0x220 [ 35.556406] __warn+0x1dc/0x200 [ 35.559658] ? debug_print_object+0x166/0x220 [ 35.564124] report_bug+0x211/0x2d0 [ 35.567725] fixup_bug.part.11+0x37/0x80 [ 35.571759] do_error_trap+0x2d7/0x3e0 [ 35.575616] ? vprintk_default+0x28/0x30 [ 35.579651] ? math_error+0x400/0x400 [ 35.583422] ? printk+0xaa/0xca [ 35.586672] ? show_regs_print_info+0x18/0x18 [ 35.591142] ? __usermodehelper_disable+0x2f0/0x2f0 [ 35.596133] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.600949] ? __usermodehelper_disable+0x2f0/0x2f0 [ 35.605936] do_invalid_op+0x1b/0x20 [ 35.609619] invalid_op+0x22/0x40 [ 35.613043] RIP: 0010:debug_print_object+0x166/0x220 [ 35.618115] RSP: 0018:ffff8801d953f250 EFLAGS: 00010086 [ 35.623451] RAX: dffffc0000000008 RBX: 0000000000000003 RCX: ffffffff815aaf3e [ 35.630691] RDX: 0000000000000000 RSI: 1ffff1003b2a7dfa RDI: 1ffff1003b2a7dcf [ 35.637929] RBP: ffff8801d953f290 R08: 0000000000000000 R09: 1ffff1003b2a7da1 [ 35.645168] R10: ffffed003b2a7e79 R11: ffffffff86f39478 R12: 0000000000000001 [ 35.652410] R13: ffffffff86f14d40 R14: ffffffff86407c60 R15: ffffffff81479bc0 [ 35.659656] ? __usermodehelper_disable+0x2f0/0x2f0 [ 35.664646] ? vprintk_func+0x5e/0xc0 [ 35.668429] debug_check_no_obj_freed+0x662/0xf1f [ 35.673242] ? __lock_is_held+0xb6/0x140 [ 35.677279] ? free_obj_work+0x690/0x690 [ 35.681314] ? trace_hardirqs_on+0xd/0x10 [ 35.685436] ? cma_deref_id+0x2c/0x30 [ 35.689211] ? __lock_is_held+0xb6/0x140 [ 35.693248] ? debug_check_no_locks_freed+0x264/0x3c0 [ 35.698416] ? cma_work_handler+0x1d0/0x1d0 [ 35.702707] kfree+0xc7/0x260 [ 35.705784] process_one_req+0x2e7/0x6c0 [ 35.709817] ? addr_resolve+0xc90/0xc90 [ 35.713764] ? __lock_is_held+0xb6/0x140 [ 35.717812] process_one_work+0xbbf/0x1af0 [ 35.722027] ? pwq_dec_nr_in_flight+0x450/0x450 [ 35.726675] ? __schedule+0x8ea/0x2040 [ 35.730540] ? __lock_acquire+0x664/0x3e00 [ 35.734745] ? retint_kernel+0x10/0x10 [ 35.738604] ? check_noncircular+0x20/0x20 [ 35.742812] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 35.747552] ? lock_acquire+0x1d5/0x580 [ 35.751497] ? lock_acquire+0x1d5/0x580 [ 35.755441] ? worker_thread+0x4a3/0x1990 [ 35.759560] ? lock_downgrade+0x980/0x980 [ 35.763680] ? lock_release+0xa40/0xa40 [ 35.767624] ? retint_kernel+0x10/0x10 [ 35.771483] ? do_raw_spin_trylock+0x190/0x190 [ 35.776045] worker_thread+0x223/0x1990 [ 35.779989] ? lock_release+0xa40/0xa40 [ 35.783948] ? process_one_work+0x1af0/0x1af0 [ 35.788420] ? put_task_stack+0x116/0x270 [ 35.792541] ? finish_task_switch+0x5af/0x890 [ 35.797008] ? copy_overflow+0x20/0x20 [ 35.800877] ? __schedule+0x8ea/0x2040 [ 35.804743] ? check_noncircular+0x20/0x20 [ 35.808948] ? find_held_lock+0x35/0x1d0 [ 35.812986] ? find_held_lock+0x35/0x1d0 [ 35.817023] ? find_held_lock+0x35/0x1d0 [ 35.821061] ? complete+0x62/0x80 [ 35.824491] ? __schedule+0x2040/0x2040 [ 35.828433] ? do_wait_intr_irq+0x3e0/0x3e0 [ 35.832725] ? __lockdep_init_map+0xe4/0x650 [ 35.837103] ? do_raw_spin_trylock+0x190/0x190 [ 35.841657] ? lockdep_init_map+0x9/0x10 [ 35.845689] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 35.850763] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 35.855752] ? trace_hardirqs_on+0xd/0x10 [ 35.859870] ? __kthread_parkme+0x175/0x240 [ 35.864166] kthread+0x33c/0x400 [ 35.867502] ? process_one_work+0x1af0/0x1af0 [ 35.871964] ? kthread_stop+0x7a0/0x7a0 [ 35.875909] ret_from_fork+0x3a/0x50 [ 35.879606] [ 35.879609] ====================================================== [ 35.879611] WARNING: possible circular locking dependency detected [ 35.879613] 4.16.0-rc1+ #15 Not tainted [ 35.879615] ------------------------------------------------------ [ 35.879617] kworker/u4:2/28 is trying to acquire lock: [ 35.879618] ((console_sem).lock){..-.}, at: [<00000000cd4886d0>] down_trylock+0x13/0x70 [ 35.879624] [ 35.879625] but task is already holding lock: [ 35.879626] (&obj_hash[i].lock){-.-.}, at: [<0000000030e1c30e>] debug_check_no_obj_freed+0x1e9/0xf1f [ 35.879632] [ 35.879634] which lock already depends on the new lock. [ 35.879635] [ 35.879636] [ 35.879638] the existing dependency chain (in reverse order) is: [ 35.879639] [ 35.879640] -> #3 (&obj_hash[i].lock){-.-.}: [ 35.879646] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.879647] __debug_object_init+0x109/0x1040 [ 35.879649] debug_object_init+0x17/0x20 [ 35.879651] hrtimer_init+0x8c/0x410 [ 35.879653] init_dl_task_timer+0x1b/0x50 [ 35.879654] __sched_fork+0x2bb/0xb60 [ 35.879656] init_idle+0x75/0x820 [ 35.879658] sched_init+0xb19/0xc43 [ 35.879659] start_kernel+0x452/0x819 [ 35.879661] x86_64_start_reservations+0x2a/0x2c [ 35.879663] x86_64_start_kernel+0x77/0x7a [ 35.879665] secondary_startup_64+0xa5/0xb0 [ 35.879666] [ 35.879667] -> #2 (&rq->lock){-.-.}: [ 35.879672] _raw_spin_lock+0x2a/0x40 [ 35.879673] task_fork_fair+0x7a/0x690 [ 35.879675] sched_fork+0x450/0xc10 [ 35.879677] copy_process.part.37+0x1758/0x4b60 [ 35.879679] _do_fork+0x1f7/0xf70 [ 35.879680] kernel_thread+0x34/0x40 [ 35.879682] rest_init+0x22/0xf0 [ 35.879683] start_kernel+0x7f1/0x819 [ 35.879685] x86_64_start_reservations+0x2a/0x2c [ 35.879687] x86_64_start_kernel+0x77/0x7a [ 35.879689] secondary_startup_64+0xa5/0xb0 [ 35.879690] [ 35.879690] -> #1 (&p->pi_lock){-.-.}: [ 35.879696] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.879698] try_to_wake_up+0xbc/0x15f0 [ 35.879699] wake_up_process+0x10/0x20 [ 35.879701] __up.isra.0+0x1cc/0x2c0 [ 35.879702] up+0x13b/0x1d0 [ 35.879704] __up_console_sem+0xb2/0x1a0 [ 35.879706] console_unlock+0x5af/0xfb0 [ 35.879707] vprintk_emit+0x5c3/0xb90 [ 35.879709] vprintk_default+0x28/0x30 [ 35.879710] vprintk_func+0x57/0xc0 [ 35.879712] printk+0xaa/0xca [ 35.879714] kauditd_hold_skb+0x163/0x180 [ 35.879715] kauditd_send_queue+0xfa/0x140 [ 35.879717] kauditd_thread+0x660/0x940 [ 35.879718] kthread+0x33c/0x400 [ 35.879720] ret_from_fork+0x3a/0x50 [ 35.879721] [ 35.879722] -> #0 ((console_sem).lock){..-.}: [ 35.879727] lock_acquire+0x1d5/0x580 [ 35.879729] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.879731] down_trylock+0x13/0x70 [ 35.879733] __down_trylock_console_sem+0xa2/0x1e0 [ 35.879734] console_trylock+0x15/0x70 [ 35.879736] vprintk_emit+0x5b5/0xb90 [ 35.879738] vprintk_default+0x28/0x30 [ 35.879739] vprintk_func+0x57/0xc0 [ 35.879741] printk+0xaa/0xca [ 35.879742] __warn_printk+0x90/0xf0 [ 35.879744] debug_print_object+0x166/0x220 [ 35.879746] debug_check_no_obj_freed+0x662/0xf1f [ 35.879748] kfree+0xc7/0x260 [ 35.879749] process_one_req+0x2e7/0x6c0 [ 35.879751] process_one_work+0xbbf/0x1af0 [ 35.879753] worker_thread+0x223/0x1990 [ 35.879754] kthread+0x33c/0x400 [ 35.879756] ret_from_fork+0x3a/0x50 [ 35.879757] [ 35.879759] other info that might help us debug this: [ 35.879759] [ 35.879761] Chain exists of: [ 35.879762] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 35.879768] [ 35.879770] Possible unsafe locking scenario: [ 35.879771] [ 35.879773] CPU0 CPU1 [ 35.879774] ---- ---- [ 35.879775] lock(&obj_hash[i].lock); [ 35.879779] lock(&rq->lock); [ 35.879783] lock(&obj_hash[i].lock); [ 35.879786] lock((console_sem).lock); [ 35.879789] [ 35.879790] *** DEADLOCK *** [ 35.879791] [ 35.879793] 3 locks held by kworker/u4:2/28: [ 35.879794] #0: ((wq_completion)"ib_addr"){+.+.}, at: [<00000000ad1e1e66>] process_one_work+0xaaf/0x1af0 [ 35.879800] #1: ((work_completion)(&(&req->work)->work)){+.+.}, at: [<000000004ef4064e>] process_one_work+0xb01/0x1af0 [ 35.879807] #2: (&obj_hash[i].lock){-.-.}, at: [<0000000030e1c30e>] debug_check_no_obj_freed+0x1e9/0xf1f [ 35.879813] [ 35.879814] stack backtrace: [ 35.879817] CPU: 1 PID: 28 Comm: kworker/u4:2 Not tainted 4.16.0-rc1+ #15 [ 35.879820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.879822] Workqueue: ib_addr process_one_req [ 35.879824] Call Trace: [ 35.879826] dump_stack+0x194/0x24d [ 35.879827] ? arch_local_irq_restore+0x53/0x53 [ 35.879829] print_circular_bug.isra.38+0x2cd/0x2dc [ 35.879831] ? save_trace+0xe0/0x2b0 [ 35.879833] __lock_acquire+0x30a8/0x3e00 [ 35.879835] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 35.879836] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 35.879838] ? __lock_acquire+0x664/0x3e00 [ 35.879840] ? __lock_acquire+0x664/0x3e00 [ 35.879842] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 35.879843] ? check_noncircular+0x20/0x20 [ 35.879845] ? print_irqtrace_events+0x270/0x270 [ 35.879847] ? lock_downgrade+0x980/0x980 [ 35.879848] lock_acquire+0x1d5/0x580 [ 35.879850] ? lock_acquire+0x1d5/0x580 [ 35.879851] ? down_trylock+0x13/0x70 [ 35.879853] ? lock_release+0xa40/0xa40 [ 35.879855] ? vprintk_emit+0x43b/0xb90 [ 35.879856] ? lock_downgrade+0x980/0x980 [ 35.879858] ? kvm_sched_clock_read+0x25/0x40 [ 35.879860] ? sched_clock+0x31/0x40 [ 35.879861] ? sched_clock_cpu+0x1b/0x180 [ 35.879863] ? vprintk_emit+0x5b5/0xb90 [ 35.879865] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.879866] ? down_trylock+0x13/0x70 [ 35.879868] down_trylock+0x13/0x70 [ 35.879869] ? vprintk_emit+0x5b5/0xb90 [ 35.879871] __down_trylock_console_sem+0xa2/0x1e0 [ 35.879873] console_trylock+0x15/0x70 [ 35.879874] vprintk_emit+0x5b5/0xb90 [ 35.879876] ? console_unlock+0xfb0/0xfb0 [ 35.879877] ? __might_sleep+0x95/0x190 [ 35.879879] ? addr_handler+0xa3/0x380 [ 35.879880] ? __mutex_lock+0x16f/0x1a80 [ 35.879882] ? addr_handler+0xa3/0x380 [ 35.879884] ? check_noncircular+0x20/0x20 [ 35.879886] ? rcu_note_context_switch+0x710/0x710 [ 35.879887] ? mutex_lock_io_nested+0x1900/0x1900 [ 35.879889] ? __usermodehelper_disable+0x2f0/0x2f0 [ 35.879891] vprintk_default+0x28/0x30 [ 35.879892] vprintk_func+0x57/0xc0 [ 35.879894] printk+0xaa/0xca [ 35.879895] ? show_regs_print_info+0x18/0x18 [ 35.879897] ? __warn_printk+0x84/0xf0 [ 35.879899] ? addr_resolve+0xc90/0xc90 [ 35.879900] __warn_printk+0x90/0xf0 [ 35.879902] ? test_taint+0x20/0x20 [ 35.879903] ? lock_release+0xa40/0xa40 [ 35.879905] ? print_irqtrace_events+0x270/0x270 [ 35.879907] ? addr_resolve+0xc90/0xc90 [ 35.879908] debug_print_object+0x166/0x220 [ 35.879910] debug_check_no_obj_freed+0x662/0xf1f [ 35.879912] ? __lock_is_held+0xb6/0x140 [ 35.879913] ? free_obj_work+0x690/0x690 [ 35.879915] ? trace_hardirqs_on+0xd/0x10 [ 35.879916] ? cma_deref_id+0x2c/0x30 [ 35.879918] ? __lock_is_held+0xb6/0x140 [ 35.879920] ? debug_check_no_locks_freed+0x264/0x3c0 [ 35.879922] ? cma_work_handler+0x1d0/0x1d0 [ 35.879923] kfree+0xc7/0x260 [ 35.879925] process_one_req+0x2e7/0x6c0 [ 35.879926] ? addr_resolve+0xc90/0xc90 [ 35.879928] ? __lock_is_held+0xb6/0x140 [ 35.879930] process_one_work+0xbbf/0x1af0 [ 35.879931] ? pwq_dec_nr_in_flight+0x450/0x450 [ 35.879933] ? __schedule+0x8ea/0x2040 [ 35.879935] ? __lock_acquire+0x664/0x3e00 [ 35.879936] ? retint_kernel+0x10/0x10 [ 35.879938] ? check_noncircular+0x20/0x20 [ 35.879940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 35.879941] ? lock_acquire+0x1d5/0x580 [ 35.879943] ? lock_acquire+0x1d5/0x580 [ 35.879948] ? worker_thread+0x4a3/0x1990 [ 35.879950] ? lock_downgrade+0x980/0x980 [ 35.879952] ? lock_release+0xa40/0xa40 [ 35.879953] ? retint_kernel+0x10/0x10 [ 35.879955] ? do_raw_spin_trylock+0x190/0x190 [ 35.879956] worker_thread+0x223/0x1990 [ 35.879958] ? lock_release+0xa40/0xa40 [ 35.879960] ? process_one_work+0x1af0/0x1af0 [ 35.879961] ? put_task_stack+0x116/0x270 [ 35.879963] ? finish_task_switch+0x5af/0x890 [ 35.879965] ? copy_overflow+0x20/0x20 [ 35.879966] ? __schedule+0x8ea/0x2040 [ 35.879968] ? check_noncircular+0x20/0x20 [ 35.879970] ? find_held_lock+0x35/0x1d0 [ 35.879972] ? find_held_lock+0x35/0x1d0 [ 35.879973] ? find_held_lock+0x35/0x1d0 [ 35.879975] ? complete+0x62/0x80 [ 35.879976] ? __schedule+0x2040/0x2040 [ 35.879978] ? do_wait_intr_irq+0x3e0/0x3e0 [ 35.879980] ? __lockdep_init_map+0xe4/0x650 [ 35.879982] ? do_raw_spin_trylock+0x190/0x190 [ 35.879984] ? lockdep_init_map+0x9/0x10 [ 35.879986] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 35.879988] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 35.879989] ? trace_hardirqs_on+0xd/0x10 [ 35.879991] ? __kthread_parkme+0x175/0x240 [ 35.879992] kthread+0x33c/0x400 [ 35.879994] ? process_one_work+0x1af0/0x1af0 [ 35.879996] ? kthread_stop+0x7a0/0x7a0 [ 35.879997] ret_from_fork+0x3a/0x50 [ 36.926652] Shutting down cpus with NMI [ 37.820541] Dumping ftrace buffer: [ 37.824053] (ftrace buffer empty) [ 37.827732] Kernel Offset: disabled [ 37.831327] Rebooting in 86400 seconds..