[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 17.767664] audit: type=1400 audit(1520851698.713:6): avc: denied { map } for pid=4145 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.16' (ECDSA) to the list of known hosts. syzkaller login: [ 25.554323] audit: type=1400 audit(1520851706.500:7): avc: denied { map } for pid=4160 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/03/12 10:48:26 parsed 1 programs 2018/03/12 10:48:26 executed programs: 0 [ 25.811264] audit: type=1400 audit(1520851706.757:8): avc: denied { map } for pid=4160 comm="syz-execprog" path="/root/syzkaller-shm255994841" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 25.826177] IPVS: ftp: loaded support on port[0] = 21 [ 26.097994] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 26.469485] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 26.475576] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.515255] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 26.555951] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.570011] ------------[ cut here ]------------ [ 26.575628] ODEBUG: free active (active state 0) object type: work_struct hint: process_one_req+0x0/0x6c0 [ 26.585392] WARNING: CPU: 1 PID: 87 at lib/debugobjects.c:291 debug_print_object+0x166/0x220 [ 26.593936] Kernel panic - not syncing: panic_on_warn set ... [ 26.593936] [ 26.601267] CPU: 1 PID: 87 Comm: kworker/u4:3 Not tainted 4.16.0-rc5+ #261 [ 26.608246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.617575] Workqueue: ib_addr process_one_req [ 26.622128] Call Trace: [ 26.624690] dump_stack+0x194/0x24d [ 26.628291] ? arch_local_irq_restore+0x53/0x53 [ 26.632933] ? vsnprintf+0x1ed/0x1900 [ 26.636713] panic+0x1e4/0x41c [ 26.639876] ? refcount_error_report+0x214/0x214 [ 26.644601] ? show_regs_print_info+0x18/0x18 [ 26.649070] ? __warn+0x1c1/0x200 [ 26.652496] ? debug_print_object+0x166/0x220 [ 26.656961] __warn+0x1dc/0x200 [ 26.660214] ? debug_print_object+0x166/0x220 [ 26.664679] report_bug+0x1f4/0x2b0 [ 26.668282] fixup_bug.part.11+0x37/0x80 [ 26.672315] do_error_trap+0x2d7/0x3e0 [ 26.676174] ? vprintk_default+0x28/0x30 [ 26.680205] ? math_error+0x400/0x400 [ 26.683978] ? printk+0xaa/0xca [ 26.687229] ? show_regs_print_info+0x18/0x18 [ 26.691698] ? __usermodehelper_disable+0x2f0/0x2f0 [ 26.696686] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.701501] do_invalid_op+0x1b/0x20 [ 26.705186] invalid_op+0x1b/0x40 [ 26.708615] RIP: 0010:debug_print_object+0x166/0x220 [ 26.713687] RSP: 0018:ffff8801d9037210 EFLAGS: 00010086 [ 26.719020] RAX: dffffc0000000008 RBX: 0000000000000003 RCX: ffffffff815acd3e [ 26.726259] RDX: 0000000000000000 RSI: 1ffff1003b206df2 RDI: 1ffff1003b206dc7 [ 26.733497] RBP: ffff8801d9037250 R08: 0000000000000000 R09: 1ffff1003b206d99 [ 26.740737] R10: ffffed003b206e71 R11: ffffffff86f39b78 R12: 0000000000000001 [ 26.747979] R13: ffffffff86f15440 R14: ffffffff86408680 R15: ffffffff8147c020 [ 26.755221] ? __usermodehelper_disable+0x2f0/0x2f0 [ 26.760211] ? vprintk_func+0x5e/0xc0 [ 26.763994] debug_check_no_obj_freed+0x662/0xf1f [ 26.768809] ? do_wait_intr_irq+0x3e0/0x3e0 [ 26.773113] ? free_obj_work+0x690/0x690 [ 26.777145] ? trace_hardirqs_on+0xd/0x10 [ 26.781266] ? complete+0x62/0x80 [ 26.784692] ? cma_deref_id+0x2c/0x30 [ 26.788466] ? __lock_is_held+0xb6/0x140 [ 26.795210] ? debug_check_no_locks_freed+0x264/0x3c0 [ 26.800372] ? cma_work_handler+0x1d0/0x1d0 [ 26.804663] kfree+0xc7/0x260 [ 26.807744] process_one_req+0x2e7/0x6c0 [ 26.811779] ? addr_resolve+0xbc0/0xbc0 [ 26.815725] ? __lock_is_held+0xb6/0x140 [ 26.819765] process_one_work+0xc47/0x1bb0 [ 26.823970] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.829131] ? trace_hardirqs_on+0xd/0x10 [ 26.833260] ? pwq_dec_nr_in_flight+0x450/0x450 [ 26.837911] ? __schedule+0x903/0x1ec0 [ 26.841777] ? __lock_acquire+0x664/0x3e00 [ 26.845982] ? retint_kernel+0x10/0x10 [ 26.849844] ? trace_hardirqs_off+0x10/0x10 [ 26.854140] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.858882] ? lock_acquire+0x1d5/0x580 [ 26.862827] ? lock_acquire+0x1d5/0x580 [ 26.866774] ? worker_thread+0x4a3/0x1990 [ 26.870893] ? lock_downgrade+0x980/0x980 [ 26.875016] ? lock_release+0xa40/0xa40 [ 26.878966] ? do_raw_spin_trylock+0x190/0x190 [ 26.883531] worker_thread+0x223/0x1990 [ 26.887478] ? lock_release+0xa40/0xa40 [ 26.891423] ? lock_downgrade+0x980/0x980 [ 26.895552] ? process_one_work+0x1bb0/0x1bb0 [ 26.900021] ? put_task_stack+0x116/0x270 [ 26.904145] ? finish_task_switch+0x539/0x7e0 [ 26.908616] ? copy_overflow+0x20/0x20 [ 26.912486] ? __schedule+0x903/0x1ec0 [ 26.916355] ? trace_hardirqs_off+0x10/0x10 [ 26.920654] ? find_held_lock+0x35/0x1d0 [ 26.924691] ? find_held_lock+0x35/0x1d0 [ 26.928726] ? complete+0x62/0x80 [ 26.932155] ? __schedule+0x1ec0/0x1ec0 [ 26.936101] ? do_wait_intr_irq+0x3e0/0x3e0 [ 26.940396] ? __lockdep_init_map+0xe4/0x650 [ 26.944777] ? do_raw_spin_trylock+0x190/0x190 [ 26.949328] ? lockdep_init_map+0x9/0x10 [ 26.953360] ? _raw_spin_unlock_irqrestore+0x31/0xc0 [ 26.958434] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.963420] ? trace_hardirqs_on+0xd/0x10 [ 26.967538] ? __kthread_parkme+0x176/0x240 [ 26.971833] kthread+0x33c/0x400 [ 26.975172] ? process_one_work+0x1bb0/0x1bb0 [ 26.979637] ? kthread_stop+0x7a0/0x7a0 [ 26.983584] ret_from_fork+0x3a/0x50 [ 26.987279] [ 26.987282] ====================================================== [ 26.987284] WARNING: possible circular locking dependency detected [ 26.987286] 4.16.0-rc5+ #261 Not tainted [ 26.987288] ------------------------------------------------------ [ 26.987290] kworker/u4:3/87 is trying to acquire lock: [ 26.987291] ((console_sem).lock){..-.}, at: [<000000001596ba4a>] down_trylock+0x13/0x70 [ 26.987297] [ 26.987299] but task is already holding lock: [ 26.987300] (&obj_hash[i].lock){-.-.}, at: [<00000000ad823115>] debug_check_no_obj_freed+0x1e9/0xf1f [ 26.987306] [ 26.987308] which lock already depends on the new lock. [ 26.987308] [ 26.987309] [ 26.987312] the existing dependency chain (in reverse order) is: [ 26.987313] [ 26.987313] -> #3 (&obj_hash[i].lock){-.-.}: [ 26.987319] _raw_spin_lock_irqsave+0x96/0xc0 [ 26.987321] __debug_object_init+0x109/0x1040 [ 26.987323] debug_object_init+0x17/0x20 [ 26.987325] hrtimer_init+0x8c/0x410 [ 26.987326] init_dl_task_timer+0x1b/0x50 [ 26.987328] __sched_fork+0x2bb/0xb60 [ 26.987329] init_idle+0x75/0x820 [ 26.987331] sched_init+0xb19/0xc43 [ 26.987333] start_kernel+0x452/0x819 [ 26.987335] x86_64_start_reservations+0x2a/0x2c [ 26.987336] x86_64_start_kernel+0x77/0x7a [ 26.987338] secondary_startup_64+0xa5/0xb0 [ 26.987339] [ 26.987340] -> #2 (&rq->lock){-.-.}: [ 26.987345] _raw_spin_lock+0x2a/0x40 [ 26.987347] task_fork_fair+0x7a/0x690 [ 26.987349] sched_fork+0x450/0xc10 [ 26.987351] copy_process.part.38+0x1758/0x4b60 [ 26.987352] _do_fork+0x1f7/0xf70 [ 26.987354] kernel_thread+0x34/0x40 [ 26.987355] rest_init+0x22/0xf0 [ 26.987357] start_kernel+0x7f1/0x819 [ 26.987359] x86_64_start_reservations+0x2a/0x2c [ 26.987361] x86_64_start_kernel+0x77/0x7a [ 26.987362] secondary_startup_64+0xa5/0xb0 [ 26.987363] [ 26.987364] -> #1 (&p->pi_lock){-.-.}: [ 26.987370] _raw_spin_lock_irqsave+0x96/0xc0 [ 26.987371] try_to_wake_up+0xbc/0x15f0 [ 26.987373] wake_up_process+0x10/0x20 [ 26.987375] __up.isra.0+0x1cc/0x2c0 [ 26.987376] up+0x13b/0x1d0 [ 26.987378] __up_console_sem+0xb2/0x1a0 [ 26.987379] console_unlock+0x5af/0xfb0 [ 26.987381] vprintk_emit+0x5c3/0xb90 [ 26.987383] vprintk_default+0x28/0x30 [ 26.987384] vprintk_func+0x57/0xc0 [ 26.987386] printk+0xaa/0xca [ 26.987388] kauditd_hold_skb+0x163/0x180 [ 26.987389] kauditd_send_queue+0xfa/0x140 [ 26.987391] kauditd_thread+0x660/0x940 [ 26.987392] kthread+0x33c/0x400 [ 26.987394] ret_from_fork+0x3a/0x50 [ 26.987395] [ 26.987396] -> #0 ((console_sem).lock){..-.}: [ 26.987402] lock_acquire+0x1d5/0x580 [ 26.987403] _raw_spin_lock_irqsave+0x96/0xc0 [ 26.987405] down_trylock+0x13/0x70 [ 26.987407] __down_trylock_console_sem+0xa2/0x1e0 [ 26.987409] console_trylock+0x15/0x70 [ 26.987410] vprintk_emit+0x5b5/0xb90 [ 26.987412] vprintk_default+0x28/0x30 [ 26.987414] vprintk_func+0x57/0xc0 [ 26.987415] printk+0xaa/0xca [ 26.987417] __warn_printk+0x90/0xf0 [ 26.987418] debug_print_object+0x166/0x220 [ 26.987420] debug_check_no_obj_freed+0x662/0xf1f [ 26.987422] kfree+0xc7/0x260 [ 26.987424] process_one_req+0x2e7/0x6c0 [ 26.987425] process_one_work+0xc47/0x1bb0 [ 26.987427] worker_thread+0x223/0x1990 [ 26.987428] kthread+0x33c/0x400 [ 26.987430] ret_from_fork+0x3a/0x50 [ 26.987431] [ 26.987433] other info that might help us debug this: [ 26.987434] [ 26.987435] Chain exists of: [ 26.987436] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 26.987443] [ 26.987445] Possible unsafe locking scenario: [ 26.987445] [ 26.987447] CPU0 CPU1 [ 26.987449] ---- ---- [ 26.987450] lock(&obj_hash[i].lock); [ 26.987454] lock(&rq->lock); [ 26.987457] lock(&obj_hash[i].lock); [ 26.987461] lock((console_sem).lock); [ 26.987464] [ 26.987465] *** DEADLOCK *** [ 26.987466] [ 26.987467] 3 locks held by kworker/u4:3/87: [ 26.987468] #0: ((wq_completion)"ib_addr"){+.+.}, at: [<00000000b91c3ad4>] process_one_work+0xb12/0x1bb0 [ 26.987475] #1: ((work_completion)(&(&req->work)->work)){+.+.}, at: [<00000000c1cb2cb7>] process_one_work+0xb89/0x1bb0 [ 26.987481] #2: (&obj_hash[i].lock){-.-.}, at: [<00000000ad823115>] debug_check_no_obj_freed+0x1e9/0xf1f [ 26.987488] [ 26.987489] stack backtrace: [ 26.987492] CPU: 1 PID: 87 Comm: kworker/u4:3 Not tainted 4.16.0-rc5+ #261 [ 26.987495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.987497] Workqueue: ib_addr process_one_req [ 26.987499] Call Trace: [ 26.987500] dump_stack+0x194/0x24d [ 26.987502] ? arch_local_irq_restore+0x53/0x53 [ 26.987504] print_circular_bug.isra.38+0x2cd/0x2dc [ 26.987506] ? save_trace+0xe0/0x2b0 [ 26.987507] __lock_acquire+0x30a8/0x3e00 [ 26.987509] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.987511] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.987513] ? lock_pin_lock+0x360/0x360 [ 26.987514] ? noop_count+0x40/0x40 [ 26.987516] ? check_usage+0x22f/0xb60 [ 26.987517] ? __bfs+0x387/0x830 [ 26.987519] ? trace_hardirqs_off+0x10/0x10 [ 26.987521] lock_acquire+0x1d5/0x580 [ 26.987522] ? lock_acquire+0x1d5/0x580 [ 26.987524] ? down_trylock+0x13/0x70 [ 26.987525] ? lock_release+0xa40/0xa40 [ 26.987527] ? vprintk_emit+0x43b/0xb90 [ 26.987529] ? lock_downgrade+0x980/0x980 [ 26.987530] ? kvm_sched_clock_read+0x25/0x40 [ 26.987532] ? sched_clock+0x31/0x40 [ 26.987534] ? sched_clock_cpu+0x1b/0x180 [ 26.987535] ? vprintk_emit+0x5b5/0xb90 [ 26.987537] _raw_spin_lock_irqsave+0x96/0xc0 [ 26.987539] ? down_trylock+0x13/0x70 [ 26.987540] down_trylock+0x13/0x70 [ 26.987542] ? vprintk_emit+0x5b5/0xb90 [ 26.987544] __down_trylock_console_sem+0xa2/0x1e0 [ 26.987545] console_trylock+0x15/0x70 [ 26.987547] vprintk_emit+0x5b5/0xb90 [ 26.987548] ? console_unlock+0xfb0/0xfb0 [ 26.987550] ? __might_sleep+0x95/0x190 [ 26.987551] ? addr_handler+0xa3/0x380 [ 26.987553] ? __mutex_lock+0x16f/0x1a80 [ 26.987555] ? addr_handler+0xa3/0x380 [ 26.987556] ? trace_hardirqs_off+0x10/0x10 [ 26.987558] ? mutex_lock_io_nested+0x1900/0x1900 [ 26.987560] ? __usermodehelper_disable+0x2f0/0x2f0 [ 26.987562] vprintk_default+0x28/0x30 [ 26.987563] vprintk_func+0x57/0xc0 [ 26.987565] printk+0xaa/0xca [ 26.987566] ? show_regs_print_info+0x18/0x18 [ 26.987568] ? __warn_printk+0x84/0xf0 [ 26.987569] ? addr_resolve+0xbc0/0xbc0 [ 26.987571] __warn_printk+0x90/0xf0 [ 26.987573] ? test_taint+0x20/0x20 [ 26.987575] ? lock_release+0xa40/0xa40 [ 26.987577] ? print_irqtrace_events+0x270/0x270 [ 26.987578] ? addr_resolve+0xbc0/0xbc0 [ 26.987580] debug_print_object+0x166/0x220 [ 26.987582] debug_check_no_obj_freed+0x662/0xf1f [ 26.987583] ? do_wait_intr_irq+0x3e0/0x3e0 [ 26.987585] ? free_obj_work+0x690/0x690 [ 26.987587] ? trace_hardirqs_on+0xd/0x10 [ 26.987588] ? complete+0x62/0x80 [ 26.987590] ? cma_deref_id+0x2c/0x30 [ 26.987591] ? __lock_is_held+0xb6/0x140 [ 26.987593] ? debug_check_no_locks_freed+0x264/0x3c0 [ 26.987595] ? cma_work_handler+0x1d0/0x1d0 [ 26.987597] kfree+0xc7/0x260 [ 26.987598] process_one_req+0x2e7/0x6c0 [ 26.987600] ? addr_resolve+0xbc0/0xbc0 [ 26.987601] ? __lock_is_held+0xb6/0x140 [ 26.987603] process_one_work+0xc47/0x1bb0 [ 26.987605] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.987607] ? trace_hardirqs_on+0xd/0x10 [ 26.987608] ? pwq_dec_nr_in_flight+0x450/0x450 [ 26.987610] ? __schedule+0x903/0x1ec0 [ 26.987612] ? __lock_acquire+0x664/0x3e00 [ 26.987613] ? retint_kernel+0x10/0x10 [ 26.987615] ? trace_hardirqs_off+0x10/0x10 [ 26.987617] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.987618] ? lock_acquire+0x1d5/0x580 [ 26.987620] ? lock_acquire+0x1d5/0x580 [ 26.987622] ? worker_thread+0x4a3/0x1990 [ 26.987623] ? lock_downgrade+0x980/0x980 [ 26.987625] ? lock_release+0xa40/0xa40 [ 26.987627] ? do_raw_spin_trylock+0x190/0x190 [ 26.987628] worker_thread+0x223/0x1990 [ 26.987630] ? lock_release+0xa40/0xa40 [ 26.987632] ? lock_downgrade+0x980/0x980 [ 26.987633] ? process_one_work+0x1bb0/0x1bb0 [ 26.987635] ? put_task_stack+0x116/0x270 [ 26.987637] ? finish_task_switch+0x539/0x7e0 [ 26.987638] ? copy_overflow+0x20/0x20 [ 26.987640] ? __schedule+0x903/0x1ec0 [ 26.987642] ? trace_hardirqs_off+0x10/0x10 [ 26.987643] ? find_held_lock+0x35/0x1d0 [ 26.987645] ? find_held_lock+0x35/0x1d0 [ 26.987646] ? complete+0x62/0x80 [ 26.987648] ? __schedule+0x1ec0/0x1ec0 [ 26.987650] ? do_wait_intr_irq+0x3e0/0x3e0 [ 26.987651] ? __lockdep_init_map+0xe4/0x650 [ 26.987653] ? do_raw_spin_trylock+0x190/0x190 [ 26.987655] ? lockdep_init_map+0x9/0x10 [ 26.987657] ? _raw_spin_unlock_irqrestore+0x31/0xc0 [ 26.987659] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.987660] ? trace_hardirqs_on+0xd/0x10 [ 26.987662] ? __kthread_parkme+0x176/0x240 [ 26.987664] kthread+0x33c/0x400 [ 26.987665] ? process_one_work+0x1bb0/0x1bb0 [ 26.987667] ? kthread_stop+0x7a0/0x7a0 [ 26.987668] ret_from_fork+0x3a/0x50 [ 28.034064] Shutting down cpus with NMI [ 28.925454] Dumping ftrace buffer: [ 28.928976] (ftrace buffer empty) [ 28.932662] Kernel Offset: disabled [ 28.936258] Rebooting in 86400 seconds..