[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 18.405831] audit: type=1400 audit(1519330755.605:6): avc: denied { map } for pid=4200 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.201' (ECDSA) to the list of known hosts. syzkaller login: [ 42.119656] audit: type=1400 audit(1519330779.319:7): avc: denied { map } for pid=4218 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/02/22 20:19:39 parsed 1 programs 2018/02/22 20:19:39 executed programs: 0 [ 42.365522] audit: type=1400 audit(1519330779.565:8): avc: denied { map } for pid=4218 comm="syz-execprog" path="/root/syzkaller-shm616615567" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 42.394298] IPVS: ftp: loaded support on port[0] = 21 [ 42.422197] IPVS: ftp: loaded support on port[0] = 21 [ 42.447498] IPVS: ftp: loaded support on port[0] = 21 [ 42.477545] IPVS: ftp: loaded support on port[0] = 21 [ 42.528886] IPVS: ftp: loaded support on port[0] = 21 [ 42.582674] IPVS: ftp: loaded support on port[0] = 21 [ 42.608160] IPVS: ftp: loaded support on port[0] = 21 [ 42.633618] IPVS: ftp: loaded support on port[0] = 21 2018/02/22 20:19:44 executed programs: 606 [ 51.778059] ------------[ cut here ]------------ [ 51.783705] ODEBUG: free active (active state 0) object type: work_struct hint: process_one_req+0x0/0x6c0 [ 51.793473] WARNING: CPU: 0 PID: 5 at lib/debugobjects.c:291 debug_print_object+0x166/0x220 [ 51.801931] Kernel panic - not syncing: panic_on_warn set ... [ 51.801931] [ 51.809264] CPU: 0 PID: 5 Comm: kworker/u4:0 Not tainted 4.16.0-rc1+ #15 [ 51.816071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.825398] Workqueue: ib_addr process_one_req [ 51.829952] Call Trace: [ 51.832515] dump_stack+0x194/0x24d [ 51.836118] ? arch_local_irq_restore+0x53/0x53 [ 51.840759] ? vsnprintf+0x1ed/0x1900 [ 51.844533] panic+0x1e4/0x41c [ 51.847696] ? refcount_error_report+0x214/0x214 [ 51.852424] ? show_regs_print_info+0x18/0x18 [ 51.856897] ? __warn+0x1c1/0x200 [ 51.860326] ? debug_print_object+0x166/0x220 [ 51.864792] __warn+0x1dc/0x200 [ 51.868045] ? debug_print_object+0x166/0x220 [ 51.872514] report_bug+0x211/0x2d0 [ 51.876115] fixup_bug.part.11+0x37/0x80 [ 51.880149] do_error_trap+0x2d7/0x3e0 [ 51.884006] ? vprintk_default+0x28/0x30 [ 51.888041] ? math_error+0x400/0x400 [ 51.891811] ? printk+0xaa/0xca [ 51.895061] ? show_regs_print_info+0x18/0x18 [ 51.899531] ? __usermodehelper_disable+0x2f0/0x2f0 [ 51.904522] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.909342] ? __usermodehelper_disable+0x2f0/0x2f0 [ 51.914327] do_invalid_op+0x1b/0x20 [ 51.918011] invalid_op+0x22/0x40 [ 51.921435] RIP: 0010:debug_print_object+0x166/0x220 [ 51.926505] RSP: 0018:ffff8801d9acf250 EFLAGS: 00010086 [ 51.931838] RAX: dffffc0000000008 RBX: 0000000000000003 RCX: ffffffff815aaf3e [ 51.939080] RDX: 0000000000000000 RSI: 1ffff1003b359dfa RDI: 1ffff1003b359dcf [ 51.946320] RBP: ffff8801d9acf290 R08: 0000000000000000 R09: 1ffff1003b359da1 [ 51.953563] R10: ffffed003b359e79 R11: ffffffff86f39478 R12: 0000000000000001 [ 51.960805] R13: ffffffff86f14d40 R14: ffffffff86407c60 R15: ffffffff81479bc0 [ 51.968050] ? __usermodehelper_disable+0x2f0/0x2f0 [ 51.973041] ? vprintk_func+0x5e/0xc0 [ 51.976820] debug_check_no_obj_freed+0x662/0xf1f [ 51.981633] ? __lock_is_held+0xb6/0x140 [ 51.985675] ? free_obj_work+0x690/0x690 [ 51.989709] ? trace_hardirqs_on+0xd/0x10 [ 51.993834] ? cma_deref_id+0x2c/0x30 [ 51.997607] ? __lock_is_held+0xb6/0x140 [ 52.001642] ? debug_check_no_locks_freed+0x264/0x3c0 [ 52.006808] ? cma_work_handler+0x1d0/0x1d0 [ 52.011102] kfree+0xc7/0x260 [ 52.014184] process_one_req+0x2e7/0x6c0 [ 52.018221] ? addr_resolve+0xc90/0xc90 [ 52.022170] ? __lock_is_held+0xb6/0x140 [ 52.026212] process_one_work+0xbbf/0x1af0 [ 52.030437] ? pwq_dec_nr_in_flight+0x450/0x450 [ 52.035085] ? __schedule+0x8ea/0x2040 [ 52.038958] ? retint_kernel+0x10/0x10 [ 52.042824] ? check_noncircular+0x20/0x20 [ 52.047033] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 52.051775] ? lock_acquire+0x1d5/0x580 [ 52.055720] ? lock_acquire+0x1d5/0x580 [ 52.059667] ? worker_thread+0x4a3/0x1990 [ 52.063787] ? lock_downgrade+0x980/0x980 [ 52.067909] ? lock_release+0xa40/0xa40 [ 52.071858] ? retint_kernel+0x10/0x10 [ 52.075717] ? do_raw_spin_trylock+0x190/0x190 [ 52.080280] worker_thread+0x223/0x1990 [ 52.084223] ? finish_task_switch+0x1e2/0x890 [ 52.088705] ? process_one_work+0x1af0/0x1af0 [ 52.093175] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 52.098164] ? trace_hardirqs_on+0xd/0x10 [ 52.102283] ? mmdrop+0x18/0x30 [ 52.105533] ? finish_task_switch+0x29b/0x890 [ 52.110009] ? copy_overflow+0x20/0x20 [ 52.113878] ? __schedule+0x8ea/0x2040 [ 52.117745] ? check_noncircular+0x20/0x20 [ 52.121952] ? find_held_lock+0x35/0x1d0 [ 52.125991] ? find_held_lock+0x35/0x1d0 [ 52.130030] ? find_held_lock+0x35/0x1d0 [ 52.134065] ? complete+0x62/0x80 [ 52.137495] ? __schedule+0x2040/0x2040 [ 52.141442] ? do_wait_intr_irq+0x3e0/0x3e0 [ 52.145732] ? __lockdep_init_map+0xe4/0x650 [ 52.150111] ? do_raw_spin_trylock+0x190/0x190 [ 52.154662] ? lockdep_init_map+0x9/0x10 [ 52.158692] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 52.163765] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 52.168760] ? trace_hardirqs_on+0xd/0x10 [ 52.172881] ? __kthread_parkme+0x175/0x240 [ 52.177175] kthread+0x33c/0x400 [ 52.180511] ? process_one_work+0x1af0/0x1af0 [ 52.184976] ? kthread_stop+0x7a0/0x7a0 [ 52.188923] ret_from_fork+0x3a/0x50 [ 52.192617] [ 52.192619] ====================================================== [ 52.192622] WARNING: possible circular locking dependency detected [ 52.192623] 4.16.0-rc1+ #15 Not tainted [ 52.192626] ------------------------------------------------------ [ 52.192628] kworker/u4:0/5 is trying to acquire lock: [ 52.192629] ((console_sem).lock){..-.}, at: [<00000000c1f8d5b7>] down_trylock+0x13/0x70 [ 52.192634] [ 52.192636] but task is already holding lock: [ 52.192637] (&obj_hash[i].lock){-.-.}, at: [<00000000d55c466e>] debug_check_no_obj_freed+0x1e9/0xf1f [ 52.192643] [ 52.192644] which lock already depends on the new lock. [ 52.192645] [ 52.192646] [ 52.192649] the existing dependency chain (in reverse order) is: [ 52.192649] [ 52.192650] -> #3 (&obj_hash[i].lock){-.-.}: [ 52.192656] _raw_spin_lock_irqsave+0x96/0xc0 [ 52.192658] __debug_object_init+0x109/0x1040 [ 52.192660] debug_object_init+0x17/0x20 [ 52.192661] hrtimer_init+0x8c/0x410 [ 52.192663] init_dl_task_timer+0x1b/0x50 [ 52.192665] __sched_fork+0x2bb/0xb60 [ 52.192666] init_idle+0x75/0x820 [ 52.192668] sched_init+0xb19/0xc43 [ 52.192669] start_kernel+0x452/0x819 [ 52.192671] x86_64_start_reservations+0x2a/0x2c [ 52.192673] x86_64_start_kernel+0x77/0x7a [ 52.192675] secondary_startup_64+0xa5/0xb0 [ 52.192676] [ 52.192677] -> #2 (&rq->lock){-.-.}: [ 52.192682] _raw_spin_lock+0x2a/0x40 [ 52.192684] task_fork_fair+0x7a/0x690 [ 52.192685] sched_fork+0x450/0xc10 [ 52.192687] copy_process.part.37+0x1758/0x4b60 [ 52.192689] _do_fork+0x1f7/0xf70 [ 52.192690] kernel_thread+0x34/0x40 [ 52.192692] rest_init+0x22/0xf0 [ 52.192693] start_kernel+0x7f1/0x819 [ 52.192695] x86_64_start_reservations+0x2a/0x2c [ 52.192697] x86_64_start_kernel+0x77/0x7a [ 52.192699] secondary_startup_64+0xa5/0xb0 [ 52.192700] [ 52.192700] -> #1 (&p->pi_lock){-.-.}: [ 52.192706] _raw_spin_lock_irqsave+0x96/0xc0 [ 52.192708] try_to_wake_up+0xbc/0x15f0 [ 52.192709] wake_up_process+0x10/0x20 [ 52.192711] __up.isra.0+0x1cc/0x2c0 [ 52.192712] up+0x13b/0x1d0 [ 52.192714] __up_console_sem+0xb2/0x1a0 [ 52.192716] console_unlock+0x5af/0xfb0 [ 52.192717] vprintk_emit+0x5c3/0xb90 [ 52.192719] vprintk_default+0x28/0x30 [ 52.192721] vprintk_func+0x57/0xc0 [ 52.192722] printk+0xaa/0xca [ 52.192724] kauditd_hold_skb+0x163/0x180 [ 52.192726] kauditd_send_queue+0xfa/0x140 [ 52.192727] kauditd_thread+0x660/0x940 [ 52.192729] kthread+0x33c/0x400 [ 52.192730] ret_from_fork+0x3a/0x50 [ 52.192731] [ 52.192732] -> #0 ((console_sem).lock){..-.}: [ 52.192738] lock_acquire+0x1d5/0x580 [ 52.192739] _raw_spin_lock_irqsave+0x96/0xc0 [ 52.192741] down_trylock+0x13/0x70 [ 52.192743] __down_trylock_console_sem+0xa2/0x1e0 [ 52.192745] console_trylock+0x15/0x70 [ 52.192746] vprintk_emit+0x5b5/0xb90 [ 52.192748] vprintk_default+0x28/0x30 [ 52.192750] vprintk_func+0x57/0xc0 [ 52.192751] printk+0xaa/0xca [ 52.192753] __warn_printk+0x90/0xf0 [ 52.192754] debug_print_object+0x166/0x220 [ 52.192756] debug_check_no_obj_freed+0x662/0xf1f [ 52.192758] kfree+0xc7/0x260 [ 52.192759] process_one_req+0x2e7/0x6c0 [ 52.192761] process_one_work+0xbbf/0x1af0 [ 52.192763] worker_thread+0x223/0x1990 [ 52.192764] kthread+0x33c/0x400 [ 52.192766] ret_from_fork+0x3a/0x50 [ 52.192767] [ 52.192769] other info that might help us debug this: [ 52.192770] [ 52.192771] Chain exists of: [ 52.192772] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 52.192779] [ 52.192780] Possible unsafe locking scenario: [ 52.192781] [ 52.192783] CPU0 CPU1 [ 52.192785] ---- ---- [ 52.192786] lock(&obj_hash[i].lock); [ 52.192789] lock(&rq->lock); [ 52.192793] lock(&obj_hash[i].lock); [ 52.192796] lock((console_sem).lock); [ 52.192799] [ 52.192801] *** DEADLOCK *** [ 52.192801] [ 52.192803] 3 locks held by kworker/u4:0/5: [ 52.192804] #0: ((wq_completion)"ib_addr"){+.+.}, at: [<0000000036c76e14>] process_one_work+0xaaf/0x1af0 [ 52.192810] #1: ((work_completion)(&(&req->work)->work)){+.+.}, at: [<00000000da4c2ddf>] process_one_work+0xb01/0x1af0 [ 52.192817] #2: (&obj_hash[i].lock){-.-.}, at: [<00000000d55c466e>] debug_check_no_obj_freed+0x1e9/0xf1f [ 52.192823] [ 52.192825] stack backtrace: [ 52.192827] CPU: 0 PID: 5 Comm: kworker/u4:0 Not tainted 4.16.0-rc1+ #15 [ 52.192830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.192832] Workqueue: ib_addr process_one_req [ 52.192834] Call Trace: [ 52.192836] dump_stack+0x194/0x24d [ 52.192841] ? arch_local_irq_restore+0x53/0x53 [ 52.192843] print_circular_bug.isra.38+0x2cd/0x2dc [ 52.192844] ? save_trace+0xe0/0x2b0 [ 52.192846] __lock_acquire+0x30a8/0x3e00 [ 52.192848] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 52.192850] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 52.192852] ? __lock_acquire+0x664/0x3e00 [ 52.192854] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 52.192855] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 52.192857] ? __lock_acquire+0x664/0x3e00 [ 52.192859] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 52.192861] ? check_noncircular+0x20/0x20 [ 52.192863] ? print_irqtrace_events+0x270/0x270 [ 52.192864] ? lock_downgrade+0x980/0x980 [ 52.192866] lock_acquire+0x1d5/0x580 [ 52.192867] ? lock_acquire+0x1d5/0x580 [ 52.192869] ? down_trylock+0x13/0x70 [ 52.192871] ? lock_release+0xa40/0xa40 [ 52.192872] ? vprintk_emit+0x43b/0xb90 [ 52.192874] ? lock_downgrade+0x980/0x980 [ 52.192875] ? kvm_sched_clock_read+0x25/0x40 [ 52.192877] ? sched_clock+0x31/0x40 [ 52.192879] ? sched_clock_cpu+0x1b/0x180 [ 52.192880] ? vprintk_emit+0x5b5/0xb90 [ 52.192882] _raw_spin_lock_irqsave+0x96/0xc0 [ 52.192884] ? down_trylock+0x13/0x70 [ 52.192885] down_trylock+0x13/0x70 [ 52.192887] ? vprintk_emit+0x5b5/0xb90 [ 52.192889] __down_trylock_console_sem+0xa2/0x1e0 [ 52.192890] console_trylock+0x15/0x70 [ 52.192892] vprintk_emit+0x5b5/0xb90 [ 52.192893] ? console_unlock+0xfb0/0xfb0 [ 52.192895] ? __might_sleep+0x95/0x190 [ 52.192896] ? addr_handler+0xa3/0x380 [ 52.192898] ? __mutex_lock+0x16f/0x1a80 [ 52.192900] ? addr_handler+0xa3/0x380 [ 52.192901] ? check_noncircular+0x20/0x20 [ 52.192903] ? rcu_note_context_switch+0x710/0x710 [ 52.192905] ? mutex_lock_io_nested+0x1900/0x1900 [ 52.192907] ? __usermodehelper_disable+0x2f0/0x2f0 [ 52.192908] vprintk_default+0x28/0x30 [ 52.192910] vprintk_func+0x57/0xc0 [ 52.192911] printk+0xaa/0xca [ 52.192913] ? show_regs_print_info+0x18/0x18 [ 52.192915] ? __warn_printk+0x84/0xf0 [ 52.192916] ? addr_resolve+0xc90/0xc90 [ 52.192918] __warn_printk+0x90/0xf0 [ 52.192919] ? test_taint+0x20/0x20 [ 52.192921] ? lock_release+0xa40/0xa40 [ 52.192923] ? print_irqtrace_events+0x270/0x270 [ 52.192924] ? addr_resolve+0xc90/0xc90 [ 52.192926] debug_print_object+0x166/0x220 [ 52.192928] debug_check_no_obj_freed+0x662/0xf1f [ 52.192929] ? __lock_is_held+0xb6/0x140 [ 52.192931] ? free_obj_work+0x690/0x690 [ 52.192933] ? trace_hardirqs_on+0xd/0x10 [ 52.192934] ? cma_deref_id+0x2c/0x30 [ 52.192936] ? __lock_is_held+0xb6/0x140 [ 52.192938] ? debug_check_no_locks_freed+0x264/0x3c0 [ 52.192940] ? cma_work_handler+0x1d0/0x1d0 [ 52.192941] kfree+0xc7/0x260 [ 52.192943] process_one_req+0x2e7/0x6c0 [ 52.192944] ? addr_resolve+0xc90/0xc90 [ 52.192946] ? __lock_is_held+0xb6/0x140 [ 52.192947] process_one_work+0xbbf/0x1af0 [ 52.192949] ? pwq_dec_nr_in_flight+0x450/0x450 [ 52.192951] ? __schedule+0x8ea/0x2040 [ 52.192952] ? retint_kernel+0x10/0x10 [ 52.192954] ? check_noncircular+0x20/0x20 [ 52.192956] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 52.192957] ? lock_acquire+0x1d5/0x580 [ 52.192959] ? lock_acquire+0x1d5/0x580 [ 52.192961] ? worker_thread+0x4a3/0x1990 [ 52.192962] ? lock_downgrade+0x980/0x980 [ 52.192964] ? lock_release+0xa40/0xa40 [ 52.192965] ? retint_kernel+0x10/0x10 [ 52.192967] ? do_raw_spin_trylock+0x190/0x190 [ 52.192969] worker_thread+0x223/0x1990 [ 52.192971] ? finish_task_switch+0x1e2/0x890 [ 52.192972] ? process_one_work+0x1af0/0x1af0 [ 52.192974] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 52.192976] ? trace_hardirqs_on+0xd/0x10 [ 52.192977] ? mmdrop+0x18/0x30 [ 52.192979] ? finish_task_switch+0x29b/0x890 [ 52.192981] ? copy_overflow+0x20/0x20 [ 52.192982] ? __schedule+0x8ea/0x2040 [ 52.192984] ? check_noncircular+0x20/0x20 [ 52.192986] ? find_held_lock+0x35/0x1d0 [ 52.192987] ? find_held_lock+0x35/0x1d0 [ 52.192989] ? find_held_lock+0x35/0x1d0 [ 52.192990] ? complete+0x62/0x80 [ 52.192992] ? __schedule+0x2040/0x2040 [ 52.192993] ? do_wait_intr_irq+0x3e0/0x3e0 [ 52.192995] ? __lockdep_init_map+0xe4/0x650 [ 52.192997] ? do_raw_spin_trylock+0x190/0x190 [ 52.192999] ? lockdep_init_map+0x9/0x10 [ 52.193001] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 52.193002] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 52.193004] ? trace_hardirqs_on+0xd/0x10 [ 52.193006] ? __kthread_parkme+0x175/0x240 [ 52.193007] kthread+0x33c/0x400 [ 52.193009] ? process_one_work+0x1af0/0x1af0 [ 52.193011] ? kthread_stop+0x7a0/0x7a0 [ 52.193012] ret_from_fork+0x3a/0x50 [ 53.239202] Shutting down cpus with NMI [ 54.148779] Dumping ftrace buffer: [ 54.152296] (ftrace buffer empty) [ 54.155978] Kernel Offset: disabled [ 54.159574] Rebooting in 86400 seconds..