�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 17.650768] audit: type=1400 audit(1520766747.861:6): avc: denied { map } for pid=4143 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 23.967586] audit: type=1400 audit(1520766754.178:7): avc: denied { map } for pid=4157 comm="syzkaller698278" path="/root/syzkaller698278051" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 24.002569] ------------[ cut here ]------------
[ 24.008109] ODEBUG: free active (active state 0) object type: work_struct hint: process_one_req+0x0/0x6c0
[ 24.017876] WARNING: CPU: 1 PID: 21 at lib/debugobjects.c:291 debug_print_object+0x166/0x220
[ 24.026420] Kernel panic - not syncing: panic_on_warn set ...
[ 24.026420]
[ 24.033755] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 4.16.0-rc4+ #349
[ 24.040734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.050064] Workqueue: ib_addr process_one_req
[ 24.054616] Call Trace:
[ 24.057175] dump_stack+0x194/0x24d
[ 24.060780] ? arch_local_irq_restore+0x53/0x53
[ 24.065425] ? vsnprintf+0x1ed/0x1900
[ 24.069201] panic+0x1e4/0x41c
[ 24.072368] ? refcount_error_report+0x214/0x214
[ 24.077096] ? show_regs_print_info+0x18/0x18
[ 24.081570] ? __warn+0x1c1/0x200
[ 24.084997] ? debug_print_object+0x166/0x220
[ 24.089462] __warn+0x1dc/0x200
[ 24.092721] ? debug_print_object+0x166/0x220
[ 24.097187] report_bug+0x1f4/0x2b0
[ 24.100792] fixup_bug.part.11+0x37/0x80
[ 24.104827] do_error_trap+0x2d7/0x3e0
[ 24.108687] ? vprintk_default+0x28/0x30
[ 24.112722] ? math_error+0x400/0x400
[ 24.116494] ? printk+0xaa/0xca
[ 24.119745] ? show_regs_print_info+0x18/0x18
[ 24.124221] ? __usermodehelper_disable+0x2f0/0x2f0
[ 24.129214] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 24.134033] do_invalid_op+0x1b/0x20
[ 24.137719] invalid_op+0x1b/0x40
[ 24.141145] RIP: 0010:debug_print_object+0x166/0x220
[ 24.146216] RSP: 0018:ffff8801d9447210 EFLAGS: 00010086
[ 24.151550] RAX: dffffc0000000008 RBX: 0000000000000003 RCX: ffffffff815abbee
[ 24.158799] RDX: 0000000000000000 RSI: 1ffff1003b288df2 RDI: 1ffff1003b288dc7
[ 24.166039] RBP: ffff8801d9447250 R08: 0000000000000000 R09: 1ffff1003b288d99
[ 24.173281] R10: ffffed003b288e71 R11: ffffffff86f398b8 R12: 0000000000000001
[ 24.180522] R13: ffffffff86f15180 R14: ffffffff86408500 R15: ffffffff8147aed0
[ 24.187771] ? __usermodehelper_disable+0x2f0/0x2f0
[ 24.192765] ? vprintk_func+0x5e/0xc0
[ 24.196551] debug_check_no_obj_freed+0x662/0xf1f
[ 24.201364] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 24.206539] ? free_obj_work+0x690/0x690
[ 24.210575] ? trace_hardirqs_on+0xd/0x10
[ 24.214705] ? cma_deref_id+0x2c/0x30
[ 24.218479] ? __lock_is_held+0xb6/0x140
[ 24.222516] ? debug_check_no_locks_freed+0x264/0x3c0
[ 24.227685] ? cma_work_handler+0x1d0/0x1d0
[ 24.231977] kfree+0xc7/0x260
[ 24.235058] process_one_req+0x2e7/0x6c0
[ 24.239093] ? addr_resolve+0xbc0/0xbc0
[ 24.243039] ? __lock_is_held+0xb6/0x140
[ 24.247084] process_one_work+0xc47/0x1bb0
[ 24.251292] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 24.256455] ? trace_hardirqs_on+0xd/0x10
[ 24.260584] ? pwq_dec_nr_in_flight+0x450/0x450
[ 24.265243] ? perf_trace_lock_acquire+0xe3/0x980
[ 24.270057] ? __schedule+0x903/0x1ec0
[ 24.273922] ? perf_trace_lock+0x900/0x900
[ 24.278135] ? trace_hardirqs_off+0x10/0x10
[ 24.282426] ? lock_downgrade+0x980/0x980
[ 24.286585] ? lock_acquire+0x1d5/0x580
[ 24.290529] ? lock_acquire+0x1d5/0x580
[ 24.294475] ? worker_thread+0x4a3/0x1990
[ 24.298602] ? lock_release+0xa40/0xa40
[ 24.302551] ? pr_cont_work+0x130/0x130
[ 24.306506] ? do_raw_spin_trylock+0x190/0x190
[ 24.311079] worker_thread+0x223/0x1990
[ 24.315028] ? finish_task_switch+0x1c1/0x7e0
[ 24.319515] ? process_one_work+0x1bb0/0x1bb0
[ 24.324072] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 24.329070] ? trace_hardirqs_on+0xd/0x10
[ 24.333188] ? _raw_spin_unlock_irq+0x27/0x70
[ 24.337657] ? finish_task_switch+0x1c1/0x7e0
[ 24.342126] ? finish_task_switch+0x182/0x7e0
[ 24.346601] ? copy_overflow+0x20/0x20
[ 24.350479] ? __schedule+0x903/0x1ec0
[ 24.354350] ? trace_hardirqs_off+0x10/0x10
[ 24.358650] ? find_held_lock+0x35/0x1d0
[ 24.362689] ? find_held_lock+0x35/0x1d0
[ 24.366730] ? complete+0x62/0x80
[ 24.370166] ? __schedule+0x1ec0/0x1ec0
[ 24.374109] ? do_wait_intr_irq+0x3e0/0x3e0
[ 24.378402] ? __lockdep_init_map+0xe4/0x650
[ 24.382785] ? do_raw_spin_trylock+0x190/0x190
[ 24.387347] ? lockdep_init_map+0x9/0x10
[ 24.391379] ? _raw_spin_unlock_irqrestore+0x31/0xc0
[ 24.396457] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 24.401447] ? trace_hardirqs_on+0xd/0x10
[ 24.405566] ? __kthread_parkme+0x176/0x240
[ 24.409865] kthread+0x33c/0x400
[ 24.413203] ? process_one_work+0x1bb0/0x1bb0
[ 24.417667] ? kthread_stop+0x7a0/0x7a0
[ 24.421615] ret_from_fork+0x3a/0x50
[ 24.425316]
[ 24.425319] ======================================================
[ 24.425321] WARNING: possible circular locking dependency detected
[ 24.425323] 4.16.0-rc4+ #349 Not tainted
[ 24.425325] ------------------------------------------------------
[ 24.425327] kworker/u4:1/21 is trying to acquire lock:
[ 24.425328] ((console_sem).lock){..-.}, at: [<000000007e2fd468>] down_trylock+0x13/0x70
[ 24.425335]
[ 24.425336] but task is already holding lock:
[ 24.425337] (&obj_hash[i].lock){-.-.}, at: [<00000000969ee97a>] debug_check_no_obj_freed+0x1e9/0xf1f
[ 24.425343]
[ 24.425345] which lock already depends on the new lock.
[ 24.425346]
[ 24.425347]
[ 24.425350] the existing dependency chain (in reverse order) is:
[ 24.425350]
[ 24.425351] -> #3 (&obj_hash[i].lock){-.-.}:
[ 24.425358] _raw_spin_lock_irqsave+0x96/0xc0
[ 24.425360] __debug_object_init+0x109/0x1040
[ 24.425361] debug_object_init+0x17/0x20
[ 24.425363] hrtimer_init+0x8c/0x410
[ 24.425365] init_dl_task_timer+0x1b/0x50
[ 24.425367] __sched_fork+0x2bb/0xb60
[ 24.425368] init_idle+0x75/0x820
[ 24.425370] sched_init+0xb19/0xc43
[ 24.425371] start_kernel+0x452/0x819
[ 24.425373] x86_64_start_reservations+0x2a/0x2c
[ 24.425375] x86_64_start_kernel+0x77/0x7a
[ 24.425377] secondary_startup_64+0xa5/0xb0
[ 24.425378]
[ 24.425379] -> #2 (&rq->lock){-.-.}:
[ 24.425385] _raw_spin_lock+0x2a/0x40
[ 24.425386] task_fork_fair+0x7a/0x690
[ 24.425388] sched_fork+0x450/0xc10
[ 24.425390] copy_process.part.38+0x1758/0x4b60
[ 24.425392] _do_fork+0x1f7/0xf70
[ 24.425393] kernel_thread+0x34/0x40
[ 24.425395] rest_init+0x22/0xf0
[ 24.425397] start_kernel+0x7f1/0x819
[ 24.425399] x86_64_start_reservations+0x2a/0x2c
[ 24.425400] x86_64_start_kernel+0x77/0x7a
[ 24.425403] secondary_startup_64+0xa5/0xb0
[ 24.425404]
[ 24.425405] -> #1 (&p->pi_lock){-.-.}:
[ 24.425411] _raw_spin_lock_irqsave+0x96/0xc0
[ 24.425412] try_to_wake_up+0xbc/0x15f0
[ 24.425414] wake_up_process+0x10/0x20
[ 24.425416] __up.isra.0+0x1cc/0x2c0
[ 24.425417] up+0x13b/0x1d0
[ 24.425419] __up_console_sem+0xb2/0x1a0
[ 24.425421] console_unlock+0x5af/0xfb0
[ 24.425423] vprintk_emit+0x5c3/0xb90
[ 24.425424] vprintk_default+0x28/0x30
[ 24.425426] vprintk_func+0x57/0xc0
[ 24.425427] printk+0xaa/0xca
[ 24.425429] kauditd_hold_skb+0x163/0x180
[ 24.425431] kauditd_send_queue+0xfa/0x140
[ 24.425433] kauditd_thread+0x660/0x940
[ 24.425434] kthread+0x33c/0x400
[ 24.425436] ret_from_fork+0x3a/0x50
[ 24.425437]
[ 24.425438] -> #0 ((console_sem).lock){..-.}:
[ 24.425444] lock_acquire+0x1d5/0x580
[ 24.425446] _raw_spin_lock_irqsave+0x96/0xc0
[ 24.425447] down_trylock+0x13/0x70
[ 24.425449] __down_trylock_console_sem+0xa2/0x1e0
[ 24.425451] console_trylock+0x15/0x70
[ 24.425453] vprintk_emit+0x5b5/0xb90
[ 24.425454] vprintk_default+0x28/0x30
[ 24.425456] vprintk_func+0x57/0xc0
[ 24.425458] printk+0xaa/0xca
[ 24.425459] __warn_printk+0x90/0xf0
[ 24.425461] debug_print_object+0x166/0x220
[ 24.425463] debug_check_no_obj_freed+0x662/0xf1f
[ 24.425465] kfree+0xc7/0x260
[ 24.425466] process_one_req+0x2e7/0x6c0
[ 24.425468] process_one_work+0xc47/0x1bb0
[ 24.425470] worker_thread+0x223/0x1990
[ 24.425472] kthread+0x33c/0x400
[ 24.425473] ret_from_fork+0x3a/0x50
[ 24.425474]
[ 24.425476] other info that might help us debug this:
[ 24.425477]
[ 24.425478] Chain exists of:
[ 24.425479] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock
[ 24.425487]
[ 24.425489] Possible unsafe locking scenario:
[ 24.425490]
[ 24.425491] CPU0 CPU1
[ 24.425493] ---- ----
[ 24.425494] lock(&obj_hash[i].lock);
[ 24.425498] lock(&rq->lock);
[ 24.425505] lock(&obj_hash[i].lock);
[ 24.425509] lock((console_sem).lock);
[ 24.425512]
[ 24.425513] *** DEADLOCK ***
[ 24.425514]
[ 24.425516] 3 locks held by kworker/u4:1/21:
[ 24.425517] #0: ((wq_completion)"ib_addr"){+.+.}, at: [<00000000226671fe>] process_one_work+0xb12/0x1bb0
[ 24.425524] #1: ((work_completion)(&(&req->work)->work)){+.+.}, at: [<00000000a2dca1c8>] process_one_work+0xb89/0x1bb0
[ 24.425531] #2: (&obj_hash[i].lock){-.-.}, at: [<00000000969ee97a>] debug_check_no_obj_freed+0x1e9/0xf1f
[ 24.425537]
[ 24.425539] stack backtrace:
[ 24.425541] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 4.16.0-rc4+ #349
[ 24.425545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.425546] Workqueue: ib_addr process_one_req
[ 24.425549] Call Trace:
[ 24.425550] dump_stack+0x194/0x24d
[ 24.425552] ? arch_local_irq_restore+0x53/0x53
[ 24.425554] print_circular_bug.isra.38+0x2cd/0x2dc
[ 24.425556] ? save_trace+0xe0/0x2b0
[ 24.425557] __lock_acquire+0x30a8/0x3e00
[ 24.425559] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 24.425561] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 24.425563] ? __save_stack_trace+0x6e/0xd0
[ 24.425565] ? perf_trace_lock_acquire+0xe3/0x980
[ 24.425567] ? check_usage+0x22f/0xb60
[ 24.425569] ? perf_trace_lock+0x900/0x900
[ 24.425571] ? perf_trace_lock_acquire+0xe3/0x980
[ 24.425572] ? perf_trace_lock+0x900/0x900
[ 24.425574] lock_acquire+0x1d5/0x580
[ 24.425576] ? lock_acquire+0x1d5/0x580
[ 24.425577] ? down_trylock+0x13/0x70
[ 24.425579] ? lock_release+0xa40/0xa40
[ 24.425580] ? vprintk_emit+0x43b/0xb90
[ 24.425582] ? lock_downgrade+0x980/0x980
[ 24.425584] ? kvm_sched_clock_read+0x25/0x40
[ 24.425586] ? sched_clock+0x31/0x40
[ 24.425587] ? sched_clock_cpu+0x1b/0x180
[ 24.425589] ? vprintk_emit+0x5b5/0xb90
[ 24.425591] _raw_spin_lock_irqsave+0x96/0xc0
[ 24.425592] ? down_trylock+0x13/0x70
[ 24.425594] down_trylock+0x13/0x70
[ 24.425596] ? vprintk_emit+0x5b5/0xb90
[ 24.425598] __down_trylock_console_sem+0xa2/0x1e0
[ 24.425599] console_trylock+0x15/0x70
[ 24.425601] vprintk_emit+0x5b5/0xb90
[ 24.425603] ? console_unlock+0xfb0/0xfb0
[ 24.425605] ? perf_trace_lock_acquire+0xe3/0x980
[ 24.425606] ? __might_sleep+0x95/0x190
[ 24.425608] ? addr_handler+0xa3/0x380
[ 24.425610] ? perf_trace_lock+0x900/0x900
[ 24.425611] ? trace_hardirqs_off+0x10/0x10
[ 24.425613] ? __usermodehelper_disable+0x2f0/0x2f0
[ 24.425615] vprintk_default+0x28/0x30
[ 24.425617] vprintk_func+0x57/0xc0
[ 24.425618] printk+0xaa/0xca
[ 24.425620] ? show_regs_print_info+0x18/0x18
[ 24.425621] ? __warn_printk+0x84/0xf0
[ 24.425623] ? addr_resolve+0xbc0/0xbc0
[ 24.425625] __warn_printk+0x90/0xf0
[ 24.425626] ? test_taint+0x20/0x20
[ 24.425628] ? lock_release+0xa40/0xa40
[ 24.425630] ? print_irqtrace_events+0x270/0x270
[ 24.425631] ? addr_resolve+0xbc0/0xbc0
[ 24.425633] debug_print_object+0x166/0x220
[ 24.425635] debug_check_no_obj_freed+0x662/0xf1f
[ 24.425637] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 24.425639] ? free_obj_work+0x690/0x690
[ 24.425641] ? trace_hardirqs_on+0xd/0x10
[ 24.425642] ? cma_deref_id+0x2c/0x30
[ 24.425644] ? __lock_is_held+0xb6/0x140
[ 24.425646] ? debug_check_no_locks_freed+0x264/0x3c0
[ 24.425648] ? cma_work_handler+0x1d0/0x1d0
[ 24.425649] kfree+0xc7/0x260
[ 24.425651] process_one_req+0x2e7/0x6c0
[ 24.425652] ? addr_resolve+0xbc0/0xbc0
[ 24.425654] ? __lock_is_held+0xb6/0x140
[ 24.425656] process_one_work+0xc47/0x1bb0
[ 24.425658] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 24.425660] ? trace_hardirqs_on+0xd/0x10
[ 24.425661] ? pwq_dec_nr_in_flight+0x450/0x450
[ 24.425663] ? perf_trace_lock_acquire+0xe3/0x980
[ 24.425665] ? __schedule+0x903/0x1ec0
[ 24.425667] ? perf_trace_lock+0x900/0x900
[ 24.425669] ? trace_hardirqs_off+0x10/0x10
[ 24.425670] ? lock_downgrade+0x980/0x980
[ 24.425672] ? lock_acquire+0x1d5/0x580
[ 24.425674] ? lock_acquire+0x1d5/0x580
[ 24.425675] ? worker_thread+0x4a3/0x1990
[ 24.425677] ? lock_release+0xa40/0xa40
[ 24.425679] ? pr_cont_work+0x130/0x130
[ 24.425680] ? do_raw_spin_trylock+0x190/0x190
[ 24.425682] worker_thread+0x223/0x1990
[ 24.425684] ? finish_task_switch+0x1c1/0x7e0
[ 24.425686] ? process_one_work+0x1bb0/0x1bb0
[ 24.425688] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 24.425689] ? trace_hardirqs_on+0xd/0x10
[ 24.425691] ? _raw_spin_unlock_irq+0x27/0x70
[ 24.425693] ? finish_task_switch+0x1c1/0x7e0
[ 24.425695] ? finish_task_switch+0x182/0x7e0
[ 24.425697] ? copy_overflow+0x20/0x20
[ 24.425698] ? __schedule+0x903/0x1ec0
[ 24.425700] ? trace_hardirqs_off+0x10/0x10
[ 24.425702] ? find_held_lock+0x35/0x1d0
[ 24.425703] ? find_held_lock+0x35/0x1d0
[ 24.425705] ? complete+0x62/0x80
[ 24.425707] ? __schedule+0x1ec0/0x1ec0
[ 24.425708] ? do_wait_intr_irq+0x3e0/0x3e0
[ 24.425710] ? __lockdep_init_map+0xe4/0x650
[ 24.425712] ? do_raw_spin_trylock+0x190/0x190
[ 24.425714] ? lockdep_init_map+0x9/0x10
[ 24.425716] ? _raw_spin_unlock_irqrestore+0x31/0xc0
[ 24.425718] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 24.425719] ? trace_hardirqs_on+0xd/0x10
[ 24.425721] ? __kthread_parkme+0x176/0x240
[ 24.425723] kthread+0x33c/0x400
[ 24.425724] ? process_one_work+0x1bb0/0x1bb0
[ 24.425726] ? kthread_stop+0x7a0/0x7a0
[ 24.425728] ret_from_fork+0x3a/0x50
[ 25.481834] Shutting down cpus with NMI
[ 26.384507] Dumping ftrace buffer:
[ 26.388021] (ftrace buffer empty)
[ 26.391701] Kernel Offset: disabled
[ 26.395301] Rebooting in 86400 seconds..