[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 17.099633] rc.local (4100) used greatest stack depth: 16496 bytes left Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.418518] audit: type=1400 audit(1519332043.213:6): avc: denied { map } for pid=4116 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.198' (ECDSA) to the list of known hosts. [ 25.722716] audit: type=1400 audit(1519332049.517:7): avc: denied { map } for pid=4130 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/02/22 20:40:49 parsed 1 programs 2018/02/22 20:40:49 executed programs: 0 [ 25.988094] audit: type=1400 audit(1519332049.780:8): avc: denied { map } for pid=4130 comm="syz-execprog" path="/root/syzkaller-shm377381161" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 26.035284] IPVS: ftp: loaded support on port[0] = 21 [ 26.076197] IPVS: ftp: loaded support on port[0] = 21 [ 26.096033] hrtimer: interrupt took 28454 ns [ 26.107757] IPVS: ftp: loaded support on port[0] = 21 [ 26.170417] IPVS: ftp: loaded support on port[0] = 21 [ 26.246229] IPVS: ftp: loaded support on port[0] = 21 [ 26.337837] IPVS: ftp: loaded support on port[0] = 21 [ 26.447998] IPVS: ftp: loaded support on port[0] = 21 [ 26.538112] IPVS: ftp: loaded support on port[0] = 21 [ 27.428922] ------------[ cut here ]------------ [ 27.434847] ODEBUG: free active (active state 0) object type: work_struct hint: process_one_req+0x0/0x6c0 [ 27.444630] WARNING: CPU: 1 PID: 21 at lib/debugobjects.c:291 debug_print_object+0x166/0x220 [ 27.453202] Kernel panic - not syncing: panic_on_warn set ... [ 27.453202] [ 27.460560] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 4.16.0-rc1+ #15 [ 27.467484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.476844] Workqueue: ib_addr process_one_req [ 27.481417] Call Trace: [ 27.483989] dump_stack+0x194/0x24d [ 27.487607] ? arch_local_irq_restore+0x53/0x53 [ 27.492267] ? vsnprintf+0x1ed/0x1900 [ 27.496063] panic+0x1e4/0x41c [ 27.499250] ? refcount_error_report+0x214/0x214 [ 27.503992] ? show_regs_print_info+0x18/0x18 [ 27.508488] ? __warn+0x1c1/0x200 [ 27.511929] ? debug_print_object+0x166/0x220 [ 27.516411] __warn+0x1dc/0x200 [ 27.519676] ? debug_print_object+0x166/0x220 [ 27.524161] report_bug+0x211/0x2d0 [ 27.527777] fixup_bug.part.11+0x37/0x80 [ 27.531826] do_error_trap+0x2d7/0x3e0 [ 27.535704] ? vprintk_default+0x28/0x30 [ 27.539754] ? math_error+0x400/0x400 [ 27.544225] ? printk+0xaa/0xca [ 27.547494] ? show_regs_print_info+0x18/0x18 [ 27.551980] ? __usermodehelper_disable+0x2f0/0x2f0 [ 27.556987] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.561826] ? __usermodehelper_disable+0x2f0/0x2f0 [ 27.566838] do_invalid_op+0x1b/0x20 [ 27.570542] invalid_op+0x22/0x40 [ 27.573970] RIP: 0010:debug_print_object+0x166/0x220 [ 27.579041] RSP: 0018:ffff8801d9447250 EFLAGS: 00010086 [ 27.584375] RAX: dffffc0000000008 RBX: 0000000000000003 RCX: ffffffff815aaf3e [ 27.591621] RDX: 0000000000000000 RSI: 1ffff1003b288dfa RDI: 1ffff1003b288dcf [ 27.598878] RBP: ffff8801d9447290 R08: 0000000000000000 R09: 1ffff1003b288da1 [ 27.606126] R10: ffffed003b288e79 R11: ffffffff86f39478 R12: 0000000000000001 [ 27.613372] R13: ffffffff86f14d40 R14: ffffffff86407c60 R15: ffffffff81479bc0 [ 27.620632] ? __usermodehelper_disable+0x2f0/0x2f0 [ 27.625637] ? vprintk_func+0x5e/0xc0 [ 27.629423] debug_check_no_obj_freed+0x662/0xf1f [ 27.634242] ? __lock_is_held+0xb6/0x140 [ 27.638291] ? free_obj_work+0x690/0x690 [ 27.642346] ? trace_hardirqs_on+0xd/0x10 [ 27.646489] ? cma_deref_id+0x2c/0x30 [ 27.650274] ? __lock_is_held+0xb6/0x140 [ 27.654315] ? debug_check_no_locks_freed+0x264/0x3c0 [ 27.659489] ? cma_work_handler+0x1d0/0x1d0 [ 27.663792] kfree+0xc7/0x260 [ 27.666877] process_one_req+0x2e7/0x6c0 [ 27.670914] ? addr_resolve+0xc90/0xc90 [ 27.674863] ? __lock_is_held+0xb6/0x140 [ 27.678905] process_one_work+0xbbf/0x1af0 [ 27.683119] ? pwq_dec_nr_in_flight+0x450/0x450 [ 27.687769] ? __schedule+0x8ea/0x2040 [ 27.691634] ? __lock_acquire+0x664/0x3e00 [ 27.695845] ? check_noncircular+0x20/0x20 [ 27.700060] ? check_noncircular+0x20/0x20 [ 27.704283] ? lock_acquire+0x1d5/0x580 [ 27.708243] ? lock_acquire+0x1d5/0x580 [ 27.712196] ? worker_thread+0x4a3/0x1990 [ 27.716319] ? lock_downgrade+0x980/0x980 [ 27.720460] ? lock_release+0xa40/0xa40 [ 27.724406] ? check_noncircular+0x20/0x20 [ 27.728613] ? do_raw_spin_trylock+0x190/0x190 [ 27.733186] worker_thread+0x223/0x1990 [ 27.737136] ? finish_task_switch+0x1e2/0x890 [ 27.741614] ? process_one_work+0x1af0/0x1af0 [ 27.746083] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.751086] ? trace_hardirqs_on+0xd/0x10 [ 27.755209] ? mmdrop+0x18/0x30 [ 27.758462] ? finish_task_switch+0x29b/0x890 [ 27.762932] ? copy_overflow+0x20/0x20 [ 27.766802] ? __schedule+0x8ea/0x2040 [ 27.770665] ? check_noncircular+0x20/0x20 [ 27.774870] ? find_held_lock+0x35/0x1d0 [ 27.778905] ? find_held_lock+0x35/0x1d0 [ 27.782943] ? find_held_lock+0x35/0x1d0 [ 27.787000] ? complete+0x62/0x80 [ 27.790448] ? __schedule+0x2040/0x2040 [ 27.794400] ? do_wait_intr_irq+0x3e0/0x3e0 [ 27.798698] ? __lockdep_init_map+0xe4/0x650 [ 27.803078] ? do_raw_spin_trylock+0x190/0x190 [ 27.807634] ? lockdep_init_map+0x9/0x10 [ 27.811677] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 27.816762] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.821756] ? trace_hardirqs_on+0xd/0x10 [ 27.825888] ? __kthread_parkme+0x175/0x240 [ 27.830183] kthread+0x33c/0x400 [ 27.833523] ? process_one_work+0x1af0/0x1af0 [ 27.837987] ? kthread_stop+0x7a0/0x7a0 [ 27.841938] ret_from_fork+0x3a/0x50 [ 27.845629] [ 27.845631] ====================================================== [ 27.845633] WARNING: possible circular locking dependency detected [ 27.845634] 4.16.0-rc1+ #15 Not tainted [ 27.845636] ------------------------------------------------------ [ 27.845637] kworker/u4:1/21 is trying to acquire lock: [ 27.845638] ((console_sem).lock){-.-.}, at: [<000000001dc83566>] down_trylock+0x13/0x70 [ 27.845642] [ 27.845643] but task is already holding lock: [ 27.845644] (&obj_hash[i].lock){-.-.}, at: [<00000000929e6229>] debug_check_no_obj_freed+0x1e9/0xf1f [ 27.845648] [ 27.845649] which lock already depends on the new lock. [ 27.845650] [ 27.845651] [ 27.845652] the existing dependency chain (in reverse order) is: [ 27.845653] [ 27.845654] -> #3 (&obj_hash[i].lock){-.-.}: [ 27.845658] _raw_spin_lock_irqsave+0x96/0xc0 [ 27.845659] __debug_object_init+0x109/0x1040 [ 27.845660] debug_object_init+0x17/0x20 [ 27.845661] hrtimer_init+0x8c/0x410 [ 27.845663] init_dl_task_timer+0x1b/0x50 [ 27.845664] __sched_fork+0x2bb/0xb60 [ 27.845665] init_idle+0x75/0x820 [ 27.845666] sched_init+0xb19/0xc43 [ 27.845667] start_kernel+0x452/0x819 [ 27.845668] x86_64_start_reservations+0x2a/0x2c [ 27.845670] x86_64_start_kernel+0x77/0x7a [ 27.845671] secondary_startup_64+0xa5/0xb0 [ 27.845672] [ 27.845672] -> #2 (&rq->lock){-.-.}: [ 27.845676] _raw_spin_lock+0x2a/0x40 [ 27.845677] task_fork_fair+0x7a/0x690 [ 27.845678] sched_fork+0x450/0xc10 [ 27.845680] copy_process.part.37+0x1758/0x4b60 [ 27.845681] _do_fork+0x1f7/0xf70 [ 27.845682] kernel_thread+0x34/0x40 [ 27.845683] rest_init+0x22/0xf0 [ 27.845684] start_kernel+0x7f1/0x819 [ 27.845685] x86_64_start_reservations+0x2a/0x2c [ 27.845687] x86_64_start_kernel+0x77/0x7a [ 27.845688] secondary_startup_64+0xa5/0xb0 [ 27.845689] [ 27.845689] -> #1 (&p->pi_lock){-.-.}: [ 27.845693] _raw_spin_lock_irqsave+0x96/0xc0 [ 27.845695] try_to_wake_up+0xbc/0x15f0 [ 27.845696] wake_up_process+0x10/0x20 [ 27.845697] __up.isra.0+0x1cc/0x2c0 [ 27.845698] up+0x13b/0x1d0 [ 27.845699] __up_console_sem+0xb2/0x1a0 [ 27.845700] console_unlock+0x5af/0xfb0 [ 27.845701] vprintk_emit+0x5c3/0xb90 [ 27.845702] vprintk_default+0x28/0x30 [ 27.845704] vprintk_func+0x57/0xc0 [ 27.845705] printk+0xaa/0xca [ 27.845706] kauditd_hold_skb+0x163/0x180 [ 27.845707] kauditd_send_queue+0xfa/0x140 [ 27.845708] kauditd_thread+0x660/0x940 [ 27.845709] kthread+0x33c/0x400 [ 27.845710] ret_from_fork+0x3a/0x50 [ 27.845711] [ 27.845712] -> #0 ((console_sem).lock){-.-.}: [ 27.845716] lock_acquire+0x1d5/0x580 [ 27.845717] _raw_spin_lock_irqsave+0x96/0xc0 [ 27.845718] down_trylock+0x13/0x70 [ 27.845719] __down_trylock_console_sem+0xa2/0x1e0 [ 27.845720] console_trylock+0x15/0x70 [ 27.845722] vprintk_emit+0x5b5/0xb90 [ 27.845723] vprintk_default+0x28/0x30 [ 27.845724] vprintk_func+0x57/0xc0 [ 27.845725] printk+0xaa/0xca [ 27.845726] __warn_printk+0x90/0xf0 [ 27.845727] debug_print_object+0x166/0x220 [ 27.845729] debug_check_no_obj_freed+0x662/0xf1f [ 27.845730] kfree+0xc7/0x260 [ 27.845731] process_one_req+0x2e7/0x6c0 [ 27.845732] process_one_work+0xbbf/0x1af0 [ 27.845733] worker_thread+0x223/0x1990 [ 27.845734] kthread+0x33c/0x400 [ 27.845736] ret_from_fork+0x3a/0x50 [ 27.845736] [ 27.845738] other info that might help us debug this: [ 27.845738] [ 27.845739] Chain exists of: [ 27.845740] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 27.845745] [ 27.845746] Possible unsafe locking scenario: [ 27.845747] [ 27.845748] CPU0 CPU1 [ 27.845749] ---- ---- [ 27.845750] lock(&obj_hash[i].lock); [ 27.845753] lock(&rq->lock); [ 27.845755] lock(&obj_hash[i].lock); [ 27.845758] lock((console_sem).lock); [ 27.845760] [ 27.845761] *** DEADLOCK *** [ 27.845761] [ 27.845763] 3 locks held by kworker/u4:1/21: [ 27.845763] #0: ((wq_completion)"ib_addr"){+.+.}, at: [<0000000021c4ad10>] process_one_work+0xaaf/0x1af0 [ 27.845768] #1: ((work_completion)(&(&req->work)->work)){+.+.}, at: [<000000005b5930d2>] process_one_work+0xb01/0x1af0 [ 27.845773] #2: (&obj_hash[i].lock){-.-.}, at: [<00000000929e6229>] debug_check_no_obj_freed+0x1e9/0xf1f [ 27.845777] [ 27.845778] stack backtrace: [ 27.845780] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 4.16.0-rc1+ #15 [ 27.845782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.845783] Workqueue: ib_addr process_one_req [ 27.845785] Call Trace: [ 27.845786] dump_stack+0x194/0x24d [ 27.845787] ? arch_local_irq_restore+0x53/0x53 [ 27.845789] print_circular_bug.isra.38+0x2cd/0x2dc [ 27.845790] ? save_trace+0xe0/0x2b0 [ 27.845791] __lock_acquire+0x30a8/0x3e00 [ 27.845792] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.845794] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.845795] ? __lock_acquire+0x664/0x3e00 [ 27.845796] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.845798] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.845799] ? __lock_acquire+0x664/0x3e00 [ 27.845800] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 27.845801] ? check_noncircular+0x20/0x20 [ 27.845803] ? print_irqtrace_events+0x270/0x270 [ 27.845804] ? lock_downgrade+0x980/0x980 [ 27.845805] lock_acquire+0x1d5/0x580 [ 27.845806] ? lock_acquire+0x1d5/0x580 [ 27.845807] ? down_trylock+0x13/0x70 [ 27.845808] ? lock_release+0xa40/0xa40 [ 27.845809] ? vprintk_emit+0x43b/0xb90 [ 27.845810] ? lock_downgrade+0x980/0x980 [ 27.845812] ? kvm_sched_clock_read+0x25/0x40 [ 27.845813] ? sched_clock+0x31/0x40 [ 27.845814] ? sched_clock_cpu+0x1b/0x180 [ 27.845815] ? vprintk_emit+0x5b5/0xb90 [ 27.845816] _raw_spin_lock_irqsave+0x96/0xc0 [ 27.845817] ? down_trylock+0x13/0x70 [ 27.845818] down_trylock+0x13/0x70 [ 27.845820] ? vprintk_emit+0x5b5/0xb90 [ 27.845821] __down_trylock_console_sem+0xa2/0x1e0 [ 27.845822] console_trylock+0x15/0x70 [ 27.845823] vprintk_emit+0x5b5/0xb90 [ 27.845824] ? console_unlock+0xfb0/0xfb0 [ 27.845825] ? __might_sleep+0x95/0x190 [ 27.845827] ? addr_handler+0xa3/0x380 [ 27.845828] ? __mutex_lock+0x16f/0x1a80 [ 27.845829] ? addr_handler+0xa3/0x380 [ 27.845830] ? check_noncircular+0x20/0x20 [ 27.845831] ? rcu_note_context_switch+0x710/0x710 [ 27.845833] ? mutex_lock_io_nested+0x1900/0x1900 [ 27.845834] ? __usermodehelper_disable+0x2f0/0x2f0 [ 27.845835] vprintk_default+0x28/0x30 [ 27.845836] vprintk_func+0x57/0xc0 [ 27.845837] printk+0xaa/0xca [ 27.845839] ? show_regs_print_info+0x18/0x18 [ 27.845840] ? __warn_printk+0x84/0xf0 [ 27.845841] ? addr_resolve+0xc90/0xc90 [ 27.845842] __warn_printk+0x90/0xf0 [ 27.845843] ? test_taint+0x20/0x20 [ 27.845844] ? lock_release+0xa40/0xa40 [ 27.845845] ? print_irqtrace_events+0x270/0x270 [ 27.845847] ? addr_resolve+0xc90/0xc90 [ 27.845848] debug_print_object+0x166/0x220 [ 27.845849] debug_check_no_obj_freed+0x662/0xf1f [ 27.845850] ? __lock_is_held+0xb6/0x140 [ 27.845851] ? free_obj_work+0x690/0x690 [ 27.845853] ? trace_hardirqs_on+0xd/0x10 [ 27.845854] ? cma_deref_id+0x2c/0x30 [ 27.845855] ? __lock_is_held+0xb6/0x140 [ 27.845856] ? debug_check_no_locks_freed+0x264/0x3c0 [ 27.845857] ? cma_work_handler+0x1d0/0x1d0 [ 27.845858] kfree+0xc7/0x260 [ 27.845860] process_one_req+0x2e7/0x6c0 [ 27.845861] ? addr_resolve+0xc90/0xc90 [ 27.845862] ? __lock_is_held+0xb6/0x140 [ 27.845863] process_one_work+0xbbf/0x1af0 [ 27.845864] ? pwq_dec_nr_in_flight+0x450/0x450 [ 27.845865] ? __schedule+0x8ea/0x2040 [ 27.845866] ? __lock_acquire+0x664/0x3e00 [ 27.845868] ? check_noncircular+0x20/0x20 [ 27.845869] ? check_noncircular+0x20/0x20 [ 27.845870] ? lock_acquire+0x1d5/0x580 [ 27.845871] ? lock_acquire+0x1d5/0x580 [ 27.845872] ? worker_thread+0x4a3/0x1990 [ 27.845873] ? lock_downgrade+0x980/0x980 [ 27.845874] ? lock_release+0xa40/0xa40 [ 27.845876] ? check_noncircular+0x20/0x20 [ 27.845877] ? do_raw_spin_trylock+0x190/0x190 [ 27.845878] worker_thread+0x223/0x1990 [ 27.845879] ? finish_task_switch+0x1e2/0x890 [ 27.845881] ? process_one_work+0x1af0/0x1af0 [ 27.845882] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.845883] ? trace_hardirqs_on+0xd/0x10 [ 27.845884] ? mmdrop+0x18/0x30 [ 27.845885] ? finish_task_switch+0x29b/0x890 [ 27.845887] ? copy_overflow+0x20/0x20 [ 27.845888] ? __schedule+0x8ea/0x2040 [ 27.845889] ? check_noncircular+0x20/0x20 [ 27.845890] ? find_held_lock+0x35/0x1d0 [ 27.845891] ? find_held_lock+0x35/0x1d0 [ 27.845892] ? find_held_lock+0x35/0x1d0 [ 27.845894] ? complete+0x62/0x80 [ 27.845895] ? __schedule+0x2040/0x2040 [ 27.845896] ? do_wait_intr_irq+0x3e0/0x3e0 [ 27.845898] ? __lockdep_init_map+0xe4/0x650 [ 27.845899] ? do_raw_spin_trylock+0x190/0x190 [ 27.845900] ? lockdep_init_map+0x9/0x10 [ 27.845901] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 27.845903] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.845904] ? trace_hardirqs_on+0xd/0x10 [ 27.845905] ? __kthread_parkme+0x175/0x240 [ 27.845906] kthread+0x33c/0x400 [ 27.845907] ? process_one_work+0x1af0/0x1af0 [ 27.845908] ? kthread_stop+0x7a0/0x7a0 [ 27.845909] ret_from_fork+0x3a/0x50 [ 27.846348] Dumping ftrace buffer: [ 28.754165] (ftrace buffer empty) [ 28.757854] Kernel Offset: disabled [ 28.761453] Rebooting in 86400 seconds..