[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian G[ 18.958417] audit: type=1400 audit(1519333878.794:6): avc: denied { map } for pid=4209 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 NU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. syzkaller login: [ 25.286011] audit: type=1400 audit(1519333885.121:7): avc: denied { map } for pid=4223 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/02/22 21:11:25 parsed 1 programs 2018/02/22 21:11:25 executed programs: 0 [ 25.559012] audit: type=1400 audit(1519333885.392:8): avc: denied { map } for pid=4223 comm="syz-execprog" path="/root/syzkaller-shm335771177" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 25.592899] IPVS: ftp: loaded support on port[0] = 21 [ 25.630592] IPVS: ftp: loaded support on port[0] = 21 [ 25.676388] IPVS: ftp: loaded support on port[0] = 21 [ 25.721426] IPVS: ftp: loaded support on port[0] = 21 [ 25.777154] IPVS: ftp: loaded support on port[0] = 21 [ 25.862933] IPVS: ftp: loaded support on port[0] = 21 [ 25.906894] IPVS: ftp: loaded support on port[0] = 21 [ 25.941212] IPVS: ftp: loaded support on port[0] = 21 2018/02/22 21:11:30 executed programs: 444 [ 32.172200] ------------[ cut here ]------------ [ 32.178182] ODEBUG: free active (active state 0) object type: work_struct hint: process_one_req+0x0/0x6c0 [ 32.187991] WARNING: CPU: 1 PID: 21 at lib/debugobjects.c:291 debug_print_object+0x166/0x220 [ 32.196547] Kernel panic - not syncing: panic_on_warn set ... [ 32.196547] [ 32.203885] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 4.16.0-rc2+ #324 [ 32.210880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.220229] Workqueue: ib_addr process_one_req [ 32.224786] Call Trace: [ 32.227350] dump_stack+0x194/0x24d [ 32.230952] ? arch_local_irq_restore+0x53/0x53 [ 32.235604] ? vsnprintf+0x1ed/0x1900 [ 32.239392] panic+0x1e4/0x41c [ 32.242560] ? refcount_error_report+0x214/0x214 [ 32.247295] ? show_regs_print_info+0x18/0x18 [ 32.251779] ? __warn+0x1c1/0x200 [ 32.255219] ? debug_print_object+0x166/0x220 [ 32.259704] __warn+0x1dc/0x200 [ 32.262963] ? debug_print_object+0x166/0x220 [ 32.267446] report_bug+0x211/0x2d0 [ 32.271062] fixup_bug.part.11+0x37/0x80 [ 32.275104] do_error_trap+0x2d7/0x3e0 [ 32.278972] ? vprintk_default+0x28/0x30 [ 32.283018] ? math_error+0x400/0x400 [ 32.286796] ? printk+0xaa/0xca [ 32.290058] ? show_regs_print_info+0x18/0x18 [ 32.294541] ? __usermodehelper_disable+0x2f0/0x2f0 [ 32.299541] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.304369] do_invalid_op+0x1b/0x20 [ 32.308064] invalid_op+0x58/0x80 [ 32.311500] RIP: 0010:debug_print_object+0x166/0x220 [ 32.316583] RSP: 0018:ffff8801d9447250 EFLAGS: 00010086 [ 32.321927] RAX: dffffc0000000008 RBX: 0000000000000003 RCX: ffffffff815abdbe [ 32.329179] RDX: 0000000000000000 RSI: 1ffff1003b288dfa RDI: 1ffff1003b288dcf [ 32.336428] RBP: ffff8801d9447290 R08: 0000000000000000 R09: 1ffff1003b288da1 [ 32.343680] R10: ffffed003b288e79 R11: ffffffff86f394b8 R12: 0000000000000001 [ 32.350930] R13: ffffffff86f14d80 R14: ffffffff86407de0 R15: ffffffff8147ac00 [ 32.358185] ? __usermodehelper_disable+0x2f0/0x2f0 [ 32.363186] ? vprintk_func+0x5e/0xc0 [ 32.366979] debug_check_no_obj_freed+0x662/0xf1f [ 32.371804] ? __lock_is_held+0xb6/0x140 [ 32.375860] ? free_obj_work+0x690/0x690 [ 32.379904] ? trace_hardirqs_on+0xd/0x10 [ 32.384044] ? cma_deref_id+0x2c/0x30 [ 32.387829] ? __lock_is_held+0xb6/0x140 [ 32.391874] ? debug_check_no_locks_freed+0x264/0x3c0 [ 32.397050] ? cma_work_handler+0x1d0/0x1d0 [ 32.401354] kfree+0xc7/0x260 [ 32.404447] process_one_req+0x2e7/0x6c0 [ 32.408491] ? addr_resolve+0xc90/0xc90 [ 32.412448] ? __lock_is_held+0xb6/0x140 [ 32.416502] process_one_work+0xbbf/0x1af0 [ 32.420726] ? pwq_dec_nr_in_flight+0x450/0x450 [ 32.425387] ? __schedule+0x90d/0x2070 [ 32.429267] ? check_noncircular+0x20/0x20 [ 32.433482] ? lock_downgrade+0x980/0x980 [ 32.437618] ? do_wait_intr_irq+0x3e0/0x3e0 [ 32.441928] ? lock_acquire+0x1d5/0x580 [ 32.445881] ? lock_acquire+0x1d5/0x580 [ 32.449837] ? worker_thread+0x4a3/0x1990 [ 32.453967] ? lock_downgrade+0x980/0x980 [ 32.458097] ? lock_release+0xa40/0xa40 [ 32.462054] ? retint_kernel+0x10/0x10 [ 32.465922] ? do_raw_spin_trylock+0x190/0x190 [ 32.470496] worker_thread+0x223/0x1990 [ 32.474453] ? finish_task_switch+0x1c0/0x860 [ 32.478947] ? process_one_work+0x1af0/0x1af0 [ 32.483425] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 32.488423] ? trace_hardirqs_on+0xd/0x10 [ 32.492550] ? mmdrop+0x18/0x30 [ 32.495821] ? finish_task_switch+0x279/0x860 [ 32.500304] ? copy_overflow+0x20/0x20 [ 32.504189] ? __schedule+0x90d/0x2070 [ 32.508069] ? check_noncircular+0x20/0x20 [ 32.512283] ? find_held_lock+0x35/0x1d0 [ 32.516330] ? find_held_lock+0x35/0x1d0 [ 32.520378] ? find_held_lock+0x35/0x1d0 [ 32.524425] ? complete+0x62/0x80 [ 32.527865] ? __schedule+0x2070/0x2070 [ 32.531823] ? do_wait_intr_irq+0x3e0/0x3e0 [ 32.536124] ? __lockdep_init_map+0xe4/0x650 [ 32.540513] ? do_raw_spin_trylock+0x190/0x190 [ 32.545079] ? lockdep_init_map+0x9/0x10 [ 32.549120] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 32.554204] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 32.559202] ? trace_hardirqs_on+0xd/0x10 [ 32.563330] ? __kthread_parkme+0x175/0x240 [ 32.567636] kthread+0x33c/0x400 [ 32.570984] ? process_one_work+0x1af0/0x1af0 [ 32.575458] ? kthread_stop+0x7a0/0x7a0 [ 32.579416] ret_from_fork+0x3a/0x50 [ 32.583122] [ 32.583125] ====================================================== [ 32.583128] WARNING: possible circular locking dependency detected [ 32.583130] 4.16.0-rc2+ #324 Not tainted [ 32.583133] ------------------------------------------------------ [ 32.583136] kworker/u4:1/21 is trying to acquire lock: [ 32.583137] ((console_sem).lock){..-.}, at: [<00000000a2c9bbe6>] down_trylock+0x13/0x70 [ 32.583145] [ 32.583147] but task is already holding lock: [ 32.583148] (&obj_hash[i].lock){-.-.}, at: [<00000000142d2d32>] debug_check_no_obj_freed+0x1e9/0xf1f [ 32.583156] [ 32.583158] which lock already depends on the new lock. [ 32.583160] [ 32.583161] [ 32.583164] the existing dependency chain (in reverse order) is: [ 32.583165] [ 32.583166] -> #3 (&obj_hash[i].lock){-.-.}: [ 32.583174] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.583176] __debug_object_init+0x109/0x1040 [ 32.583178] debug_object_init+0x17/0x20 [ 32.583180] hrtimer_init+0x8c/0x410 [ 32.583183] init_dl_task_timer+0x1b/0x50 [ 32.583185] __sched_fork+0x2bb/0xb60 [ 32.583187] init_idle+0x75/0x820 [ 32.583189] sched_init+0xb19/0xc43 [ 32.583191] start_kernel+0x452/0x819 [ 32.583194] x86_64_start_reservations+0x2a/0x2c [ 32.583196] x86_64_start_kernel+0x77/0x7a [ 32.583198] secondary_startup_64+0xa5/0xb0 [ 32.583200] [ 32.583201] -> #2 (&rq->lock){-.-.}: [ 32.583208] _raw_spin_lock+0x2a/0x40 [ 32.583210] task_fork_fair+0x7a/0x690 [ 32.583212] sched_fork+0x450/0xc10 [ 32.583214] copy_process.part.37+0x1758/0x4b60 [ 32.583216] _do_fork+0x1f7/0xf70 [ 32.583218] kernel_thread+0x34/0x40 [ 32.583220] rest_init+0x22/0xf0 [ 32.583222] start_kernel+0x7f1/0x819 [ 32.583225] x86_64_start_reservations+0x2a/0x2c [ 32.583227] x86_64_start_kernel+0x77/0x7a [ 32.583229] secondary_startup_64+0xa5/0xb0 [ 32.583230] [ 32.583232] -> #1 (&p->pi_lock){-.-.}: [ 32.583239] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.583241] try_to_wake_up+0xbc/0x15f0 [ 32.583243] wake_up_process+0x10/0x20 [ 32.583245] __up.isra.0+0x1cc/0x2c0 [ 32.583247] up+0x13b/0x1d0 [ 32.583250] __up_console_sem+0xb2/0x1a0 [ 32.583252] console_unlock+0x5af/0xfb0 [ 32.583254] vprintk_emit+0x5c3/0xb90 [ 32.583256] vprintk_default+0x28/0x30 [ 32.583258] vprintk_func+0x57/0xc0 [ 32.583260] printk+0xaa/0xca [ 32.583262] kauditd_hold_skb+0x163/0x180 [ 32.583264] kauditd_send_queue+0xfa/0x140 [ 32.583266] kauditd_thread+0x660/0x940 [ 32.583268] kthread+0x33c/0x400 [ 32.583271] ret_from_fork+0x3a/0x50 [ 32.583272] [ 32.583273] -> #0 ((console_sem).lock){..-.}: [ 32.583281] lock_acquire+0x1d5/0x580 [ 32.583283] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.583285] down_trylock+0x13/0x70 [ 32.583288] __down_trylock_console_sem+0xa2/0x1e0 [ 32.583290] console_trylock+0x15/0x70 [ 32.583292] vprintk_emit+0x5b5/0xb90 [ 32.583294] vprintk_default+0x28/0x30 [ 32.583296] vprintk_func+0x57/0xc0 [ 32.583298] printk+0xaa/0xca [ 32.583300] __warn_printk+0x90/0xf0 [ 32.583302] debug_print_object+0x166/0x220 [ 32.583304] debug_check_no_obj_freed+0x662/0xf1f [ 32.583306] kfree+0xc7/0x260 [ 32.583308] process_one_req+0x2e7/0x6c0 [ 32.583311] process_one_work+0xbbf/0x1af0 [ 32.583313] worker_thread+0x223/0x1990 [ 32.583315] kthread+0x33c/0x400 [ 32.583317] ret_from_fork+0x3a/0x50 [ 32.583318] [ 32.583321] other info that might help us debug this: [ 32.583322] [ 32.583324] Chain exists of: [ 32.583325] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 32.583334] [ 32.583337] Possible unsafe locking scenario: [ 32.583338] [ 32.583340] CPU0 CPU1 [ 32.583343] ---- ---- [ 32.583344] lock(&obj_hash[i].lock); [ 32.583349] lock(&rq->lock); [ 32.583354] lock(&obj_hash[i].lock); [ 32.583358] lock((console_sem).lock); [ 32.583362] [ 32.583364] *** DEADLOCK *** [ 32.583365] [ 32.583367] 3 locks held by kworker/u4:1/21: [ 32.583369] #0: ((wq_completion)"ib_addr"){+.+.}, at: [<0000000040356143>] process_one_work+0xaaf/0x1af0 [ 32.583377] #1: ((work_completion)(&(&req->work)->work)){+.+.}, at: [<000000006da290df>] process_one_work+0xb01/0x1af0 [ 32.583386] #2: (&obj_hash[i].lock){-.-.}, at: [<00000000142d2d32>] debug_check_no_obj_freed+0x1e9/0xf1f [ 32.583395] [ 32.583396] stack backtrace: [ 32.583399] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 4.16.0-rc2+ #324 [ 32.583403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.583405] Workqueue: ib_addr process_one_req [ 32.583408] Call Trace: [ 32.583411] dump_stack+0x194/0x24d [ 32.583413] ? arch_local_irq_restore+0x53/0x53 [ 32.583415] print_circular_bug.isra.38+0x2cd/0x2dc [ 32.583417] ? save_trace+0xe0/0x2b0 [ 32.583420] __lock_acquire+0x30a8/0x3e00 [ 32.583422] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 32.583425] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 32.583427] ? __lock_acquire+0x664/0x3e00 [ 32.583429] ? __lock_acquire+0x664/0x3e00 [ 32.583431] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 32.583434] ? check_noncircular+0x20/0x20 [ 32.583436] ? print_irqtrace_events+0x270/0x270 [ 32.583438] ? lock_downgrade+0x980/0x980 [ 32.583440] lock_acquire+0x1d5/0x580 [ 32.583442] ? lock_acquire+0x1d5/0x580 [ 32.583444] ? down_trylock+0x13/0x70 [ 32.583447] ? lock_release+0xa40/0xa40 [ 32.583449] ? vprintk_emit+0x43b/0xb90 [ 32.583451] ? lock_downgrade+0x980/0x980 [ 32.583453] ? kvm_sched_clock_read+0x25/0x40 [ 32.583455] ? sched_clock+0x31/0x40 [ 32.583458] ? sched_clock_cpu+0x1b/0x180 [ 32.583460] ? vprintk_emit+0x5b5/0xb90 [ 32.583462] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.583464] ? down_trylock+0x13/0x70 [ 32.583466] down_trylock+0x13/0x70 [ 32.583468] ? vprintk_emit+0x5b5/0xb90 [ 32.583471] __down_trylock_console_sem+0xa2/0x1e0 [ 32.583473] console_trylock+0x15/0x70 [ 32.583475] vprintk_emit+0x5b5/0xb90 [ 32.583477] ? console_unlock+0xfb0/0xfb0 [ 32.583479] ? __might_sleep+0x95/0x190 [ 32.583481] ? addr_handler+0xa3/0x380 [ 32.583484] ? __mutex_lock+0x16f/0x1a80 [ 32.583486] ? addr_handler+0xa3/0x380 [ 32.583488] ? check_noncircular+0x20/0x20 [ 32.583490] ? rcu_note_context_switch+0x710/0x710 [ 32.583493] ? mutex_lock_io_nested+0x1900/0x1900 [ 32.583495] ? __usermodehelper_disable+0x2f0/0x2f0 [ 32.583497] vprintk_default+0x28/0x30 [ 32.583499] vprintk_func+0x57/0xc0 [ 32.583501] printk+0xaa/0xca [ 32.583503] ? show_regs_print_info+0x18/0x18 [ 32.583506] ? __warn_printk+0x84/0xf0 [ 32.583508] ? addr_resolve+0xc90/0xc90 [ 32.583510] __warn_printk+0x90/0xf0 [ 32.583512] ? test_taint+0x20/0x20 [ 32.583514] ? lock_release+0xa40/0xa40 [ 32.583516] ? print_irqtrace_events+0x270/0x270 [ 32.583519] ? addr_resolve+0xc90/0xc90 [ 32.583521] debug_print_object+0x166/0x220 [ 32.583523] debug_check_no_obj_freed+0x662/0xf1f [ 32.583525] ? __lock_is_held+0xb6/0x140 [ 32.583528] ? free_obj_work+0x690/0x690 [ 32.583530] ? trace_hardirqs_on+0xd/0x10 [ 32.583532] ? cma_deref_id+0x2c/0x30 [ 32.583534] ? __lock_is_held+0xb6/0x140 [ 32.583536] ? debug_check_no_locks_freed+0x264/0x3c0 [ 32.583539] ? cma_work_handler+0x1d0/0x1d0 [ 32.583540] kfree+0xc7/0x260 [ 32.583543] process_one_req+0x2e7/0x6c0 [ 32.583545] ? addr_resolve+0xc90/0xc90 [ 32.583547] ? __lock_is_held+0xb6/0x140 [ 32.583549] process_one_work+0xbbf/0x1af0 [ 32.583552] ? pwq_dec_nr_in_flight+0x450/0x450 [ 32.583554] ? __schedule+0x90d/0x2070 [ 32.583556] ? check_noncircular+0x20/0x20 [ 32.583558] ? lock_downgrade+0x980/0x980 [ 32.583560] ? do_wait_intr_irq+0x3e0/0x3e0 [ 32.583563] ? lock_acquire+0x1d5/0x580 [ 32.583565] ? lock_acquire+0x1d5/0x580 [ 32.583567] ? worker_thread+0x4a3/0x1990 [ 32.583569] ? lock_downgrade+0x980/0x980 [ 32.583571] ? lock_release+0xa40/0xa40 [ 32.583573] ? retint_kernel+0x10/0x10 [ 32.583576] ? do_raw_spin_trylock+0x190/0x190 [ 32.583578] worker_thread+0x223/0x1990 [ 32.583580] ? finish_task_switch+0x1c0/0x860 [ 32.583582] ? process_one_work+0x1af0/0x1af0 [ 32.583585] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 32.583587] ? trace_hardirqs_on+0xd/0x10 [ 32.583589] ? mmdrop+0x18/0x30 [ 32.583591] ? finish_task_switch+0x279/0x860 [ 32.583593] ? copy_overflow+0x20/0x20 [ 32.583595] ? __schedule+0x90d/0x2070 [ 32.583598] ? check_noncircular+0x20/0x20 [ 32.583600] ? find_held_lock+0x35/0x1d0 [ 32.583602] ? find_held_lock+0x35/0x1d0 [ 32.583604] ? find_held_lock+0x35/0x1d0 [ 32.583607] ? complete+0x62/0x80 [ 32.583609] ? __schedule+0x2070/0x2070 [ 32.583611] ? do_wait_intr_irq+0x3e0/0x3e0 [ 32.583613] ? __lockdep_init_map+0xe4/0x650 [ 32.583615] ? do_raw_spin_trylock+0x190/0x190 [ 32.583618] ? lockdep_init_map+0x9/0x10 [ 32.583620] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 32.583623] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 32.583625] ? trace_hardirqs_on+0xd/0x10 [ 32.583627] ? __kthread_parkme+0x175/0x240 [ 32.583629] kthread+0x33c/0x400 [ 32.583631] ? process_one_work+0x1af0/0x1af0 [ 32.583634] ? kthread_stop+0x7a0/0x7a0 [ 32.583636] ret_from_fork+0x3a/0x50 [ 32.584096] Dumping ftrace buffer: [ 33.481015] (ftrace buffer empty) [ 33.484695] Kernel Offset: disabled [ 33.488292] Rebooting in 86400 seconds..