[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   17.368772] audit: type=1400 audit(1521531857.311:6): avc:  denied  { map } for  pid=4217 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   23.792139] audit: type=1400 audit(1521531863.734:7): avc:  denied  { map } for  pid=4231 comm="syzkaller566871" path="/root/syzkaller566871814" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   23.818628] ------------[ cut here ]------------
[   23.824273] ODEBUG: free active (active state 0) object type: work_struct hint: process_one_req+0x0/0x6c0
[   23.834038] WARNING: CPU: 1 PID: 5 at lib/debugobjects.c:291 debug_print_object+0x166/0x220
[   23.842497] Kernel panic - not syncing: panic_on_warn set ...
[   23.842497] 
[   23.849831] CPU: 1 PID: 5 Comm: kworker/u4:0 Not tainted 4.16.0-rc6+ #360
[   23.856725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.866064] Workqueue: ib_addr process_one_req
[   23.870618] Call Trace:
[   23.873179]  dump_stack+0x194/0x24d
[   23.876783]  ? arch_local_irq_restore+0x53/0x53
[   23.881428]  ? vsnprintf+0x1ed/0x1900
[   23.885205]  panic+0x1e4/0x41c
[   23.888388]  ? refcount_error_report+0x214/0x214
[   23.893116]  ? show_regs_print_info+0x18/0x18
[   23.897593]  ? __warn+0x1c1/0x200
[   23.901022]  ? debug_print_object+0x166/0x220
[   23.905486]  __warn+0x1dc/0x200
[   23.908741]  ? debug_print_object+0x166/0x220
[   23.913212]  report_bug+0x1f4/0x2b0
[   23.916816]  fixup_bug.part.11+0x37/0x80
[   23.920848]  do_error_trap+0x2d7/0x3e0
[   23.924705]  ? vprintk_default+0x28/0x30
[   23.928738]  ? math_error+0x400/0x400
[   23.932509]  ? printk+0xaa/0xca
[   23.935762]  ? show_regs_print_info+0x18/0x18
[   23.940234]  ? __usermodehelper_disable+0x2f0/0x2f0
[   23.945226]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   23.950043]  do_invalid_op+0x1b/0x20
[   23.953729]  invalid_op+0x1b/0x40
[   23.957155] RIP: 0010:debug_print_object+0x166/0x220
[   23.962228] RSP: 0018:ffff8801d9acf210 EFLAGS: 00010086
[   23.967565] RAX: dffffc0000000008 RBX: 0000000000000003 RCX: ffffffff815acd6e
[   23.974807] RDX: 0000000000000000 RSI: 1ffff1003b359df2 RDI: 1ffff1003b359dc7
[   23.982049] RBP: ffff8801d9acf250 R08: 0000000000000000 R09: 1ffff1003b359d99
[   23.989290] R10: ffffed003b359e71 R11: ffffffff86f39c78 R12: 0000000000000001
[   23.996532] R13: ffffffff86f15540 R14: ffffffff86408700 R15: ffffffff8147c0a0
[   24.003776]  ? __usermodehelper_disable+0x2f0/0x2f0
[   24.008769]  ? vprintk_func+0x5e/0xc0
[   24.012552]  debug_check_no_obj_freed+0x662/0xf1f
[   24.017366]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.022535]  ? free_obj_work+0x690/0x690
[   24.026567]  ? trace_hardirqs_on+0xd/0x10
[   24.030692]  ? cma_deref_id+0x2c/0x30
[   24.034465]  ? __lock_is_held+0xb6/0x140
[   24.038503]  ? debug_check_no_locks_freed+0x264/0x3c0
[   24.043669]  ? cma_work_handler+0x1d0/0x1d0
[   24.047964]  kfree+0xc7/0x260
[   24.051049]  process_one_req+0x2e7/0x6c0
[   24.055096]  ? addr_resolve+0xbc0/0xbc0
[   24.059055]  ? __lock_is_held+0xb6/0x140
[   24.063099]  process_one_work+0xc47/0x1bb0
[   24.067311]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.072473]  ? trace_hardirqs_on+0xd/0x10
[   24.076600]  ? pwq_dec_nr_in_flight+0x450/0x450
[   24.081256]  ? __schedule+0x903/0x1ec0
[   24.085129]  ? trace_hardirqs_off+0x10/0x10
[   24.089424]  ? lock_downgrade+0x980/0x980
[   24.093548]  ? do_wait_intr_irq+0x3e0/0x3e0
[   24.097866]  ? lock_acquire+0x1d5/0x580
[   24.101813]  ? lock_acquire+0x1d5/0x580
[   24.105759]  ? worker_thread+0x4a3/0x1990
[   24.109878]  ? lock_downgrade+0x980/0x980
[   24.113999]  ? lock_release+0xa40/0xa40
[   24.117946]  ? pr_cont_work+0x130/0x130
[   24.121894]  ? do_raw_spin_trylock+0x190/0x190
[   24.126457]  worker_thread+0x223/0x1990
[   24.130439]  ? finish_task_switch+0x1c1/0x7e0
[   24.134919]  ? process_one_work+0x1bb0/0x1bb0
[   24.139387]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   24.144374]  ? trace_hardirqs_on+0xd/0x10
[   24.148494]  ? _raw_spin_unlock_irq+0x27/0x70
[   24.152961]  ? finish_task_switch+0x1c1/0x7e0
[   24.157429]  ? finish_task_switch+0x182/0x7e0
[   24.161897]  ? copy_overflow+0x20/0x20
[   24.165771]  ? __schedule+0x903/0x1ec0
[   24.169642]  ? trace_hardirqs_off+0x10/0x10
[   24.173941]  ? find_held_lock+0x35/0x1d0
[   24.177978]  ? find_held_lock+0x35/0x1d0
[   24.182015]  ? complete+0x62/0x80
[   24.185445]  ? __schedule+0x1ec0/0x1ec0
[   24.189389]  ? do_wait_intr_irq+0x3e0/0x3e0
[   24.193687]  ? __lockdep_init_map+0xe4/0x650
[   24.198068]  ? do_raw_spin_trylock+0x190/0x190
[   24.202622]  ? lockdep_init_map+0x9/0x10
[   24.206655]  ? _raw_spin_unlock_irqrestore+0x31/0xc0
[   24.211732]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   24.216728]  ? trace_hardirqs_on+0xd/0x10
[   24.220847]  ? __kthread_parkme+0x176/0x240
[   24.225143]  kthread+0x33c/0x400
[   24.228481]  ? process_one_work+0x1bb0/0x1bb0
[   24.232946]  ? kthread_stop+0x7a0/0x7a0
[   24.236893]  ret_from_fork+0x3a/0x50
[   24.240590] 
[   24.240593] ======================================================
[   24.240595] WARNING: possible circular locking dependency detected
[   24.240597] 4.16.0-rc6+ #360 Not tainted
[   24.240599] ------------------------------------------------------
[   24.240601] kworker/u4:0/5 is trying to acquire lock:
[   24.240602]  ((console_sem).lock){..-.}, at: [<0000000000e89d0e>] down_trylock+0x13/0x70
[   24.240609] 
[   24.240611] but task is already holding lock:
[   24.240612]  (&obj_hash[i].lock){-.-.}, at: [<0000000060e0e7a5>] debug_check_no_obj_freed+0x1e9/0xf1f
[   24.240617] 
[   24.240619] which lock already depends on the new lock.
[   24.240620] 
[   24.240621] 
[   24.240623] the existing dependency chain (in reverse order) is:
[   24.240624] 
[   24.240625] -> #3 (&obj_hash[i].lock){-.-.}:
[   24.240631]        _raw_spin_lock_irqsave+0x96/0xc0
[   24.240633]        __debug_object_init+0x109/0x1040
[   24.240634]        debug_object_init+0x17/0x20
[   24.240636]        hrtimer_init+0x8c/0x410
[   24.240638]        init_dl_task_timer+0x1b/0x50
[   24.240639]        __sched_fork+0x2bb/0xb60
[   24.240641]        init_idle+0x75/0x820
[   24.240642]        sched_init+0xb19/0xc43
[   24.240644]        start_kernel+0x452/0x819
[   24.240646]        x86_64_start_reservations+0x2a/0x2c
[   24.240648]        x86_64_start_kernel+0x77/0x7a
[   24.240650]        secondary_startup_64+0xa5/0xb0
[   24.240650] 
[   24.240651] -> #2 (&rq->lock){-.-.}:
[   24.240657]        _raw_spin_lock+0x2a/0x40
[   24.240658]        task_fork_fair+0x7a/0x690
[   24.240660]        sched_fork+0x450/0xc10
[   24.240662]        copy_process.part.38+0x1758/0x4b60
[   24.240663]        _do_fork+0x1f7/0xf70
[   24.240665]        kernel_thread+0x34/0x40
[   24.240667]        rest_init+0x22/0xf0
[   24.240668]        start_kernel+0x7f1/0x819
[   24.240670]        x86_64_start_reservations+0x2a/0x2c
[   24.240672]        x86_64_start_kernel+0x77/0x7a
[   24.240674]        secondary_startup_64+0xa5/0xb0
[   24.240674] 
[   24.240675] -> #1 (&p->pi_lock){-.-.}:
[   24.240681]        _raw_spin_lock_irqsave+0x96/0xc0
[   24.240683]        try_to_wake_up+0xbc/0x15f0
[   24.240684]        wake_up_process+0x10/0x20
[   24.240686]        __up.isra.0+0x1cc/0x2c0
[   24.240687]        up+0x13b/0x1d0
[   24.240689]        __up_console_sem+0xb2/0x1a0
[   24.240690]        console_unlock+0x5af/0xfb0
[   24.240692]        vprintk_emit+0x5c3/0xb90
[   24.240694]        vprintk_default+0x28/0x30
[   24.240695]        vprintk_func+0x57/0xc0
[   24.240697]        printk+0xaa/0xca
[   24.240698]        kauditd_hold_skb+0x163/0x180
[   24.240700]        kauditd_send_queue+0xfa/0x140
[   24.240702]        kauditd_thread+0x660/0x940
[   24.240703]        kthread+0x33c/0x400
[   24.240705]        ret_from_fork+0x3a/0x50
[   24.240706] 
[   24.240707] -> #0 ((console_sem).lock){..-.}:
[   24.240712]        lock_acquire+0x1d5/0x580
[   24.240714]        _raw_spin_lock_irqsave+0x96/0xc0
[   24.240715]        down_trylock+0x13/0x70
[   24.240717]        __down_trylock_console_sem+0xa2/0x1e0
[   24.240719]        console_trylock+0x15/0x70
[   24.240721]        vprintk_emit+0x5b5/0xb90
[   24.240722]        vprintk_default+0x28/0x30
[   24.240724]        vprintk_func+0x57/0xc0
[   24.240725]        printk+0xaa/0xca
[   24.240727]        __warn_printk+0x90/0xf0
[   24.240729]        debug_print_object+0x166/0x220
[   24.240731]        debug_check_no_obj_freed+0x662/0xf1f
[   24.240732]        kfree+0xc7/0x260
[   24.240734]        process_one_req+0x2e7/0x6c0
[   24.240735]        process_one_work+0xc47/0x1bb0
[   24.240737]        worker_thread+0x223/0x1990
[   24.240739]        kthread+0x33c/0x400
[   24.240740]        ret_from_fork+0x3a/0x50
[   24.240741] 
[   24.240743] other info that might help us debug this:
[   24.240744] 
[   24.240745] Chain exists of:
[   24.240746]   (console_sem).lock --> &rq->lock --> &obj_hash[i].lock
[   24.240753] 
[   24.240755]  Possible unsafe locking scenario:
[   24.240756] 
[   24.240757]        CPU0                    CPU1
[   24.240759]        ----                    ----
[   24.240760]   lock(&obj_hash[i].lock);
[   24.240764]                                lock(&rq->lock);
[   24.240767]                                lock(&obj_hash[i].lock);
[   24.240770]   lock((console_sem).lock);
[   24.240773] 
[   24.240775]  *** DEADLOCK ***
[   24.240776] 
[   24.240777] 3 locks held by kworker/u4:0/5:
[   24.240778]  #0:  ((wq_completion)"ib_addr"){+.+.}, at: [<000000007232c560>] process_one_work+0xb12/0x1bb0
[   24.240784]  #1:  ((work_completion)(&(&req->work)->work)){+.+.}, at: [<00000000f5438ba5>] process_one_work+0xb89/0x1bb0
[   24.240791]  #2:  (&obj_hash[i].lock){-.-.}, at: [<0000000060e0e7a5>] debug_check_no_obj_freed+0x1e9/0xf1f
[   24.240797] 
[   24.240798] stack backtrace:
[   24.240801] CPU: 1 PID: 5 Comm: kworker/u4:0 Not tainted 4.16.0-rc6+ #360
[   24.240804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.240806] Workqueue: ib_addr process_one_req
[   24.240808] Call Trace:
[   24.240809]  dump_stack+0x194/0x24d
[   24.240811]  ? arch_local_irq_restore+0x53/0x53
[   24.240813]  print_circular_bug.isra.38+0x2cd/0x2dc
[   24.240815]  ? save_trace+0xe0/0x2b0
[   24.240817]  __lock_acquire+0x30a8/0x3e00
[   24.240819]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.240821]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.240822]  ? __lock_acquire+0x664/0x3e00
[   24.240824]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.240826]  ? trace_hardirqs_off+0x10/0x10
[   24.240827]  ? __bfs+0x387/0x830
[   24.240829]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.240831]  ? __lock_acquire+0x664/0x3e00
[   24.240833]  ? trace_hardirqs_off+0x10/0x10
[   24.240835]  ? find_held_lock+0x35/0x1d0
[   24.240837]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.240838]  ? trace_hardirqs_off+0x10/0x10
[   24.240840]  ? print_irqtrace_events+0x270/0x270
[   24.240842]  lock_acquire+0x1d5/0x580
[   24.240843]  ? lock_acquire+0x1d5/0x580
[   24.240845]  ? down_trylock+0x13/0x70
[   24.240846]  ? lock_release+0xa40/0xa40
[   24.240848]  ? vprintk_emit+0x43b/0xb90
[   24.240850]  ? lock_downgrade+0x980/0x980
[   24.240851]  ? kvm_sched_clock_read+0x25/0x40
[   24.240853]  ? sched_clock+0x31/0x40
[   24.240854]  ? sched_clock_cpu+0x1b/0x180
[   24.240856]  ? vprintk_emit+0x5b5/0xb90
[   24.240858]  _raw_spin_lock_irqsave+0x96/0xc0
[   24.240859]  ? down_trylock+0x13/0x70
[   24.240861]  down_trylock+0x13/0x70
[   24.240862]  ? vprintk_emit+0x5b5/0xb90
[   24.240864]  __down_trylock_console_sem+0xa2/0x1e0
[   24.240866]  console_trylock+0x15/0x70
[   24.240867]  vprintk_emit+0x5b5/0xb90
[   24.240869]  ? console_unlock+0xfb0/0xfb0
[   24.240870]  ? __might_sleep+0x95/0x190
[   24.240872]  ? addr_handler+0xa3/0x380
[   24.240874]  ? __mutex_lock+0x16f/0x1a80
[   24.240875]  ? addr_handler+0xa3/0x380
[   24.240877]  ? trace_hardirqs_off+0x10/0x10
[   24.240879]  ? rcu_note_context_switch+0x710/0x710
[   24.240881]  ? mutex_lock_io_nested+0x1900/0x1900
[   24.240883]  ? __usermodehelper_disable+0x2f0/0x2f0
[   24.240884]  vprintk_default+0x28/0x30
[   24.240886]  vprintk_func+0x57/0xc0
[   24.240887]  printk+0xaa/0xca
[   24.240889]  ? show_regs_print_info+0x18/0x18
[   24.240890]  ? __warn_printk+0x84/0xf0
[   24.240892]  ? addr_resolve+0xbc0/0xbc0
[   24.240894]  __warn_printk+0x90/0xf0
[   24.240895]  ? test_taint+0x20/0x20
[   24.240897]  ? lock_release+0xa40/0xa40
[   24.240899]  ? print_irqtrace_events+0x270/0x270
[   24.240900]  ? addr_resolve+0xbc0/0xbc0
[   24.240902]  debug_print_object+0x166/0x220
[   24.240904]  debug_check_no_obj_freed+0x662/0xf1f
[   24.240906]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.240907]  ? free_obj_work+0x690/0x690
[   24.240909]  ? trace_hardirqs_on+0xd/0x10
[   24.240910]  ? cma_deref_id+0x2c/0x30
[   24.240912]  ? __lock_is_held+0xb6/0x140
[   24.240914]  ? debug_check_no_locks_freed+0x264/0x3c0
[   24.240916]  ? cma_work_handler+0x1d0/0x1d0
[   24.240917]  kfree+0xc7/0x260
[   24.240919]  process_one_req+0x2e7/0x6c0
[   24.240920]  ? addr_resolve+0xbc0/0xbc0
[   24.240922]  ? __lock_is_held+0xb6/0x140
[   24.240924]  process_one_work+0xc47/0x1bb0
[   24.240925]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.240927]  ? trace_hardirqs_on+0xd/0x10
[   24.240929]  ? pwq_dec_nr_in_flight+0x450/0x450
[   24.240930]  ? __schedule+0x903/0x1ec0
[   24.240932]  ? trace_hardirqs_off+0x10/0x10
[   24.240934]  ? lock_downgrade+0x980/0x980
[   24.240935]  ? do_wait_intr_irq+0x3e0/0x3e0
[   24.240937]  ? lock_acquire+0x1d5/0x580
[   24.240939]  ? lock_acquire+0x1d5/0x580
[   24.240940]  ? worker_thread+0x4a3/0x1990
[   24.240942]  ? lock_downgrade+0x980/0x980
[   24.240943]  ? lock_release+0xa40/0xa40
[   24.240945]  ? pr_cont_work+0x130/0x130
[   24.240947]  ? do_raw_spin_trylock+0x190/0x190
[   24.240948]  worker_thread+0x223/0x1990
[   24.240950]  ? finish_task_switch+0x1c1/0x7e0
[   24.240952]  ? process_one_work+0x1bb0/0x1bb0
[   24.240954]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   24.240955]  ? trace_hardirqs_on+0xd/0x10
[   24.240957]  ? _raw_spin_unlock_irq+0x27/0x70
[   24.240959]  ? finish_task_switch+0x1c1/0x7e0
[   24.240961]  ? finish_task_switch+0x182/0x7e0
[   24.240962]  ? copy_overflow+0x20/0x20
[   24.240964]  ? __schedule+0x903/0x1ec0
[   24.240966]  ? trace_hardirqs_off+0x10/0x10
[   24.240967]  ? find_held_lock+0x35/0x1d0
[   24.240969]  ? find_held_lock+0x35/0x1d0
[   24.240970]  ? complete+0x62/0x80
[   24.240972]  ? __schedule+0x1ec0/0x1ec0
[   24.240974]  ? do_wait_intr_irq+0x3e0/0x3e0
[   24.240975]  ? __lockdep_init_map+0xe4/0x650
[   24.240977]  ? do_raw_spin_trylock+0x190/0x190
[   24.240979]  ? lockdep_init_map+0x9/0x10
[   24.240981]  ? _raw_spin_unlock_irqrestore+0x31/0xc0
[   24.240983]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   24.240984]  ? trace_hardirqs_on+0xd/0x10
[   24.240986]  ? __kthread_parkme+0x176/0x240
[   24.240987]  kthread+0x33c/0x400
[   24.240989]  ? process_one_work+0x1bb0/0x1bb0
[   24.240991]  ? kthread_stop+0x7a0/0x7a0
[   24.240992]  ret_from_fork+0x3a/0x50
[   25.288160] Shutting down cpus with NMI
[   26.221292] Dumping ftrace buffer:
[   26.224805]    (ftrace buffer empty)
[   26.228487] Kernel Offset: disabled
[   26.232088] Rebooting in 86400 seconds..