[....] Starting enhanced syslogd: rsyslogd[ 16.626752] audit: type=1400 audit(1519338613.565:5): avc: denied { syslog } for pid=4082 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.505460] audit: type=1400 audit(1519338619.444:6): avc: denied { map } for pid=4221 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts. [ 150.225092] audit: type=1400 audit(1519338747.163:7): avc: denied { map } for pid=4237 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/02/22 22:32:27 parsed 1 programs 2018/02/22 22:32:27 executed programs: 0 [ 150.470561] audit: type=1400 audit(1519338747.409:8): avc: denied { map } for pid=4237 comm="syz-execprog" path="/root/syzkaller-shm941754643" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 150.500356] IPVS: ftp: loaded support on port[0] = 21 [ 150.528515] IPVS: ftp: loaded support on port[0] = 21 [ 150.553845] IPVS: ftp: loaded support on port[0] = 21 [ 150.580523] IPVS: ftp: loaded support on port[0] = 21 [ 150.612530] IPVS: ftp: loaded support on port[0] = 21 [ 150.655661] IPVS: ftp: loaded support on port[0] = 21 [ 150.683740] IPVS: ftp: loaded support on port[0] = 21 [ 150.731484] IPVS: ftp: loaded support on port[0] = 21 2018/02/22 22:32:32 executed programs: 517 2018/02/22 22:32:37 executed programs: 981 [ 163.036015] ------------[ cut here ]------------ [ 163.041649] ODEBUG: free active (active state 0) object type: work_struct hint: process_one_req+0x0/0x6c0 [ 163.051416] WARNING: CPU: 1 PID: 29 at lib/debugobjects.c:291 debug_print_object+0x166/0x220 [ 163.059960] Kernel panic - not syncing: panic_on_warn set ... [ 163.059960] [ 163.067294] CPU: 1 PID: 29 Comm: kworker/u4:2 Not tainted 4.16.0-rc1+ #15 [ 163.074188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 163.083517] Workqueue: ib_addr process_one_req [ 163.088071] Call Trace: [ 163.090629] dump_stack+0x194/0x24d [ 163.094230] ? arch_local_irq_restore+0x53/0x53 [ 163.098875] ? vsnprintf+0x1ed/0x1900 [ 163.102652] panic+0x1e4/0x41c [ 163.105820] ? refcount_error_report+0x214/0x214 [ 163.110545] ? show_regs_print_info+0x18/0x18 [ 163.115017] ? __warn+0x1c1/0x200 [ 163.118446] ? debug_print_object+0x166/0x220 [ 163.122912] __warn+0x1dc/0x200 [ 163.126164] ? debug_print_object+0x166/0x220 [ 163.130634] report_bug+0x211/0x2d0 [ 163.134239] fixup_bug.part.11+0x37/0x80 [ 163.138273] do_error_trap+0x2d7/0x3e0 [ 163.142131] ? vprintk_default+0x28/0x30 [ 163.146164] ? math_error+0x400/0x400 [ 163.149934] ? printk+0xaa/0xca [ 163.153184] ? show_regs_print_info+0x18/0x18 [ 163.157656] ? __usermodehelper_disable+0x2f0/0x2f0 [ 163.162655] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 163.167472] ? __usermodehelper_disable+0x2f0/0x2f0 [ 163.172458] do_invalid_op+0x1b/0x20 [ 163.176143] invalid_op+0x22/0x40 [ 163.179573] RIP: 0010:debug_print_object+0x166/0x220 [ 163.184644] RSP: 0018:ffff8801d9547250 EFLAGS: 00010086 [ 163.189978] RAX: dffffc0000000008 RBX: 0000000000000003 RCX: ffffffff815aaf3e [ 163.197222] RDX: 0000000000000000 RSI: 1ffff1003b2a8dfa RDI: 1ffff1003b2a8dcf [ 163.204465] RBP: ffff8801d9547290 R08: 0000000000000000 R09: 1ffff1003b2a8da1 [ 163.211705] R10: ffffed003b2a8e79 R11: ffffffff86f39478 R12: 0000000000000001 [ 163.218947] R13: ffffffff86f14d40 R14: ffffffff86407c60 R15: ffffffff81479bc0 [ 163.226195] ? __usermodehelper_disable+0x2f0/0x2f0 [ 163.231185] ? vprintk_func+0x5e/0xc0 [ 163.234966] debug_check_no_obj_freed+0x662/0xf1f [ 163.239783] ? __lock_is_held+0xb6/0x140 [ 163.243824] ? free_obj_work+0x690/0x690 [ 163.247859] ? trace_hardirqs_on+0xd/0x10 [ 163.251986] ? cma_deref_id+0x2c/0x30 [ 163.255760] ? __lock_is_held+0xb6/0x140 [ 163.259800] ? debug_check_no_locks_freed+0x264/0x3c0 [ 163.264967] ? cma_work_handler+0x1d0/0x1d0 [ 163.269263] kfree+0xc7/0x260 [ 163.272353] process_one_req+0x2e7/0x6c0 [ 163.276387] ? addr_resolve+0xc90/0xc90 [ 163.280339] ? __lock_is_held+0xb6/0x140 [ 163.284386] process_one_work+0xbbf/0x1af0 [ 163.288604] ? pwq_dec_nr_in_flight+0x450/0x450 [ 163.293254] ? __schedule+0x8ea/0x2040 [ 163.297125] ? check_noncircular+0x20/0x20 [ 163.301334] ? lock_downgrade+0x980/0x980 [ 163.305458] ? do_wait_intr_irq+0x3e0/0x3e0 [ 163.309764] ? lock_acquire+0x1d5/0x580 [ 163.313713] ? lock_acquire+0x1d5/0x580 [ 163.317660] ? worker_thread+0x4a3/0x1990 [ 163.321781] ? lock_downgrade+0x980/0x980 [ 163.325907] ? lock_release+0xa40/0xa40 [ 163.329855] ? retint_kernel+0x10/0x10 [ 163.333714] ? do_raw_spin_trylock+0x190/0x190 [ 163.338278] worker_thread+0x223/0x1990 [ 163.342244] ? process_one_work+0x1af0/0x1af0 [ 163.346714] ? put_task_stack+0x116/0x270 [ 163.350834] ? finish_task_switch+0x5af/0x890 [ 163.355306] ? copy_overflow+0x20/0x20 [ 163.359176] ? __schedule+0x8ea/0x2040 [ 163.363046] ? check_noncircular+0x20/0x20 [ 163.367253] ? remove_entity_load_avg+0x1be/0x260 [ 163.372068] ? find_held_lock+0x35/0x1d0 [ 163.376108] ? find_held_lock+0x35/0x1d0 [ 163.380148] ? complete+0x62/0x80 [ 163.383579] ? __schedule+0x2040/0x2040 [ 163.387523] ? do_wait_intr_irq+0x3e0/0x3e0 [ 163.391817] ? __lockdep_init_map+0xe4/0x650 [ 163.396200] ? do_raw_spin_trylock+0x190/0x190 [ 163.400754] ? lockdep_init_map+0x9/0x10 [ 163.404792] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 163.409868] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 163.414858] ? trace_hardirqs_on+0xd/0x10 [ 163.418977] ? __kthread_parkme+0x175/0x240 [ 163.423275] kthread+0x33c/0x400 [ 163.426615] ? process_one_work+0x1af0/0x1af0 [ 163.431081] ? kthread_stop+0x7a0/0x7a0 [ 163.435027] ret_from_fork+0x3a/0x50 [ 163.438724] [ 163.438727] ====================================================== [ 163.438729] WARNING: possible circular locking dependency detected [ 163.438731] 4.16.0-rc1+ #15 Not tainted [ 163.438733] ------------------------------------------------------ [ 163.438735] kworker/u4:2/29 is trying to acquire lock: [ 163.438736] ((console_sem).lock){..-.}, at: [<0000000011a6957c>] down_trylock+0x13/0x70 [ 163.438742] [ 163.438744] but task is already holding lock: [ 163.438745] (&obj_hash[i].lock){-.-.}, at: [<000000009ab44a95>] debug_check_no_obj_freed+0x1e9/0xf1f [ 163.438750] [ 163.438752] which lock already depends on the new lock. [ 163.438753] [ 163.438754] [ 163.438756] the existing dependency chain (in reverse order) is: [ 163.438757] [ 163.438758] -> #3 (&obj_hash[i].lock){-.-.}: [ 163.438764] _raw_spin_lock_irqsave+0x96/0xc0 [ 163.438766] __debug_object_init+0x109/0x1040 [ 163.438767] debug_object_init+0x17/0x20 [ 163.438769] hrtimer_init+0x8c/0x410 [ 163.438771] init_dl_task_timer+0x1b/0x50 [ 163.438772] __sched_fork+0x2bb/0xb60 [ 163.438774] init_idle+0x75/0x820 [ 163.438775] sched_init+0xb19/0xc43 [ 163.438777] start_kernel+0x452/0x819 [ 163.438779] x86_64_start_reservations+0x2a/0x2c [ 163.438781] x86_64_start_kernel+0x77/0x7a [ 163.438786] secondary_startup_64+0xa5/0xb0 [ 163.438787] [ 163.438788] -> #2 (&rq->lock){-.-.}: [ 163.438793] _raw_spin_lock+0x2a/0x40 [ 163.438795] task_fork_fair+0x7a/0x690 [ 163.438797] sched_fork+0x450/0xc10 [ 163.438798] copy_process.part.37+0x1758/0x4b60 [ 163.438800] _do_fork+0x1f7/0xf70 [ 163.438802] kernel_thread+0x34/0x40 [ 163.438803] rest_init+0x22/0xf0 [ 163.438805] start_kernel+0x7f1/0x819 [ 163.438807] x86_64_start_reservations+0x2a/0x2c [ 163.438808] x86_64_start_kernel+0x77/0x7a [ 163.438810] secondary_startup_64+0xa5/0xb0 [ 163.438811] [ 163.438812] -> #1 (&p->pi_lock){-.-.}: [ 163.438817] _raw_spin_lock_irqsave+0x96/0xc0 [ 163.438819] try_to_wake_up+0xbc/0x15f0 [ 163.438821] wake_up_process+0x10/0x20 [ 163.438822] __up.isra.0+0x1cc/0x2c0 [ 163.438824] up+0x13b/0x1d0 [ 163.438825] __up_console_sem+0xb2/0x1a0 [ 163.438827] console_unlock+0x5af/0xfb0 [ 163.438829] vprintk_emit+0x5c3/0xb90 [ 163.438830] vprintk_default+0x28/0x30 [ 163.438832] vprintk_func+0x57/0xc0 [ 163.438833] printk+0xaa/0xca [ 163.438835] kauditd_hold_skb+0x163/0x180 [ 163.438837] kauditd_send_queue+0xfa/0x140 [ 163.438838] kauditd_thread+0x660/0x940 [ 163.438840] kthread+0x33c/0x400 [ 163.438842] ret_from_fork+0x3a/0x50 [ 163.438842] [ 163.438843] -> #0 ((console_sem).lock){..-.}: [ 163.438849] lock_acquire+0x1d5/0x580 [ 163.438851] _raw_spin_lock_irqsave+0x96/0xc0 [ 163.438852] down_trylock+0x13/0x70 [ 163.438854] __down_trylock_console_sem+0xa2/0x1e0 [ 163.438856] console_trylock+0x15/0x70 [ 163.438858] vprintk_emit+0x5b5/0xb90 [ 163.438859] vprintk_default+0x28/0x30 [ 163.438861] vprintk_func+0x57/0xc0 [ 163.438862] printk+0xaa/0xca [ 163.438864] __warn_printk+0x90/0xf0 [ 163.438866] debug_print_object+0x166/0x220 [ 163.438867] debug_check_no_obj_freed+0x662/0xf1f [ 163.438869] kfree+0xc7/0x260 [ 163.438871] process_one_req+0x2e7/0x6c0 [ 163.438872] process_one_work+0xbbf/0x1af0 [ 163.438874] worker_thread+0x223/0x1990 [ 163.438876] kthread+0x33c/0x400 [ 163.438877] ret_from_fork+0x3a/0x50 [ 163.438878] [ 163.438880] other info that might help us debug this: [ 163.438881] [ 163.438882] Chain exists of: [ 163.438883] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 163.438890] [ 163.438891] Possible unsafe locking scenario: [ 163.438892] [ 163.438894] CPU0 CPU1 [ 163.438896] ---- ---- [ 163.438897] lock(&obj_hash[i].lock); [ 163.438900] lock(&rq->lock); [ 163.438904] lock(&obj_hash[i].lock); [ 163.438907] lock((console_sem).lock); [ 163.438910] [ 163.438912] *** DEADLOCK *** [ 163.438913] [ 163.438914] 3 locks held by kworker/u4:2/29: [ 163.438915] #0: ((wq_completion)"ib_addr"){+.+.}, at: [<000000001e2cc707>] process_one_work+0xaaf/0x1af0 [ 163.438922] #1: ((work_completion)(&(&req->work)->work)){+.+.}, at: [<00000000a92e7f2a>] process_one_work+0xb01/0x1af0 [ 163.438928] #2: (&obj_hash[i].lock){-.-.}, at: [<000000009ab44a95>] debug_check_no_obj_freed+0x1e9/0xf1f [ 163.438934] [ 163.438936] stack backtrace: [ 163.438938] CPU: 1 PID: 29 Comm: kworker/u4:2 Not tainted 4.16.0-rc1+ #15 [ 163.438945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 163.438946] Workqueue: ib_addr process_one_req [ 163.438948] Call Trace: [ 163.438950] dump_stack+0x194/0x24d [ 163.438952] ? arch_local_irq_restore+0x53/0x53 [ 163.438954] print_circular_bug.isra.38+0x2cd/0x2dc [ 163.438955] ? save_trace+0xe0/0x2b0 [ 163.438957] __lock_acquire+0x30a8/0x3e00 [ 163.438959] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 163.438961] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 163.438963] ? __lock_acquire+0x664/0x3e00 [ 163.438965] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 163.438967] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 163.438969] ? __lock_acquire+0x664/0x3e00 [ 163.438971] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 163.438973] ? check_noncircular+0x20/0x20 [ 163.438974] ? print_irqtrace_events+0x270/0x270 [ 163.438976] ? lock_downgrade+0x980/0x980 [ 163.438978] lock_acquire+0x1d5/0x580 [ 163.438979] ? lock_acquire+0x1d5/0x580 [ 163.438981] ? down_trylock+0x13/0x70 [ 163.438982] ? lock_release+0xa40/0xa40 [ 163.438984] ? vprintk_emit+0x43b/0xb90 [ 163.438986] ? lock_downgrade+0x980/0x980 [ 163.438987] ? kvm_sched_clock_read+0x25/0x40 [ 163.438989] ? sched_clock+0x31/0x40 [ 163.438990] ? sched_clock_cpu+0x1b/0x180 [ 163.438992] ? vprintk_emit+0x5b5/0xb90 [ 163.438994] _raw_spin_lock_irqsave+0x96/0xc0 [ 163.438995] ? down_trylock+0x13/0x70 [ 163.438997] down_trylock+0x13/0x70 [ 163.438998] ? vprintk_emit+0x5b5/0xb90 [ 163.439000] __down_trylock_console_sem+0xa2/0x1e0 [ 163.439002] console_trylock+0x15/0x70 [ 163.439003] vprintk_emit+0x5b5/0xb90 [ 163.439005] ? console_unlock+0xfb0/0xfb0 [ 163.439007] ? __might_sleep+0x95/0x190 [ 163.439008] ? addr_handler+0xa3/0x380 [ 163.439010] ? __mutex_lock+0x16f/0x1a80 [ 163.439011] ? addr_handler+0xa3/0x380 [ 163.439013] ? check_noncircular+0x20/0x20 [ 163.439015] ? rcu_note_context_switch+0x710/0x710 [ 163.439017] ? mutex_lock_io_nested+0x1900/0x1900 [ 163.439019] ? __usermodehelper_disable+0x2f0/0x2f0 [ 163.439020] vprintk_default+0x28/0x30 [ 163.439022] vprintk_func+0x57/0xc0 [ 163.439023] printk+0xaa/0xca [ 163.439025] ? show_regs_print_info+0x18/0x18 [ 163.439026] ? __warn_printk+0x84/0xf0 [ 163.439028] ? addr_resolve+0xc90/0xc90 [ 163.439029] __warn_printk+0x90/0xf0 [ 163.439031] ? test_taint+0x20/0x20 [ 163.439033] ? lock_release+0xa40/0xa40 [ 163.439034] ? print_irqtrace_events+0x270/0x270 [ 163.439036] ? addr_resolve+0xc90/0xc90 [ 163.439038] debug_print_object+0x166/0x220 [ 163.439039] debug_check_no_obj_freed+0x662/0xf1f [ 163.439041] ? __lock_is_held+0xb6/0x140 [ 163.439043] ? free_obj_work+0x690/0x690 [ 163.439044] ? trace_hardirqs_on+0xd/0x10 [ 163.439046] ? cma_deref_id+0x2c/0x30 [ 163.439047] ? __lock_is_held+0xb6/0x140 [ 163.439049] ? debug_check_no_locks_freed+0x264/0x3c0 [ 163.439051] ? cma_work_handler+0x1d0/0x1d0 [ 163.439052] kfree+0xc7/0x260 [ 163.439054] process_one_req+0x2e7/0x6c0 [ 163.439056] ? addr_resolve+0xc90/0xc90 [ 163.439057] ? __lock_is_held+0xb6/0x140 [ 163.439059] process_one_work+0xbbf/0x1af0 [ 163.439061] ? pwq_dec_nr_in_flight+0x450/0x450 [ 163.439062] ? __schedule+0x8ea/0x2040 [ 163.439064] ? check_noncircular+0x20/0x20 [ 163.439066] ? lock_downgrade+0x980/0x980 [ 163.439067] ? do_wait_intr_irq+0x3e0/0x3e0 [ 163.439069] ? lock_acquire+0x1d5/0x580 [ 163.439071] ? lock_acquire+0x1d5/0x580 [ 163.439072] ? worker_thread+0x4a3/0x1990 [ 163.439074] ? lock_downgrade+0x980/0x980 [ 163.439075] ? lock_release+0xa40/0xa40 [ 163.439077] ? retint_kernel+0x10/0x10 [ 163.439079] ? do_raw_spin_trylock+0x190/0x190 [ 163.439080] worker_thread+0x223/0x1990 [ 163.439082] ? process_one_work+0x1af0/0x1af0 [ 163.439084] ? put_task_stack+0x116/0x270 [ 163.439085] ? finish_task_switch+0x5af/0x890 [ 163.439087] ? copy_overflow+0x20/0x20 [ 163.439089] ? __schedule+0x8ea/0x2040 [ 163.439090] ? check_noncircular+0x20/0x20 [ 163.439092] ? remove_entity_load_avg+0x1be/0x260 [ 163.439094] ? find_held_lock+0x35/0x1d0 [ 163.439095] ? find_held_lock+0x35/0x1d0 [ 163.439097] ? complete+0x62/0x80 [ 163.439099] ? __schedule+0x2040/0x2040 [ 163.439100] ? do_wait_intr_irq+0x3e0/0x3e0 [ 163.439102] ? __lockdep_init_map+0xe4/0x650 [ 163.439104] ? do_raw_spin_trylock+0x190/0x190 [ 163.439106] ? lockdep_init_map+0x9/0x10 [ 163.439108] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 163.439110] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 163.439111] ? trace_hardirqs_on+0xd/0x10 [ 163.439113] ? __kthread_parkme+0x175/0x240 [ 163.439115] kthread+0x33c/0x400 [ 163.439117] ? process_one_work+0x1af0/0x1af0 [ 163.439118] ? kthread_stop+0x7a0/0x7a0 [ 163.439120] ret_from_fork+0x3a/0x50 [ 164.486705] Shutting down cpus with NMI [ 165.383503] Dumping ftrace buffer: [ 165.387020] (ftrace buffer empty) [ 165.390699] Kernel Offset: disabled [ 165.394296] Rebooting in 86400 seconds..