[ 38.532887] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts. [ 44.098899] random: sshd: uninitialized urandom read (32 bytes read) [ 44.223885] audit: type=1400 audit(1585129292.906:36): avc: denied { map } for pid=7458 comm="syz-executor285" path="/root/syz-executor285149234" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 44.461121] IPVS: ftp: loaded support on port[0] = 21 executing program [ 45.238468] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 45.248283] ------------[ cut here ]------------ [ 45.253029] WARNING: CPU: 1 PID: 7461 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb [ 45.262229] Kernel panic - not syncing: panic_on_warn set ... [ 45.262229] [ 45.269693] CPU: 1 PID: 7461 Comm: syz-executor285 Not tainted 4.14.174-syzkaller #0 [ 45.277567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.287314] Call Trace: [ 45.289899] dump_stack+0x13e/0x194 [ 45.293554] panic+0x1f9/0x42d [ 45.296792] ? add_taint.cold+0x16/0x16 [ 45.300758] ? debug_print_object.cold+0xa7/0xdb [ 45.305500] ? debug_print_object.cold+0xa7/0xdb [ 45.310296] __warn.cold+0x2f/0x30 [ 45.313951] ? ist_end_non_atomic+0x10/0x10 [ 45.318265] ? debug_print_object.cold+0xa7/0xdb [ 45.323014] report_bug+0x20a/0x248 [ 45.326640] do_error_trap+0x195/0x2d0 [ 45.330519] ? math_error+0x2d0/0x2d0 [ 45.334311] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.339137] invalid_op+0x1b/0x40 [ 45.342580] RIP: 0010:debug_print_object.cold+0xa7/0xdb [ 45.347927] RSP: 0018:ffff88808b48f430 EFLAGS: 00010082 [ 45.353288] RAX: 0000000000000055 RBX: 0000000000000003 RCX: 0000000000000000 [ 45.360559] RDX: 0000000000000000 RSI: ffffffff86ac07e0 RDI: ffffed1011691e7c [ 45.367881] RBP: ffffffff86ab5ee0 R08: 0000000000000055 R09: 0000000000000000 [ 45.375173] R10: fffffbfff14a8cd8 R11: ffff88808e0764c0 R12: 0000000000000000 [ 45.382435] R13: 0000000000000001 R14: 1ffff11011691e90 R15: ffffffff87d84240 [ 45.389772] debug_object_activate+0x307/0x450 [ 45.394363] ? debug_object_free+0x390/0x390 [ 45.398791] ? find_held_lock+0x2d/0x110 [ 45.403182] ? route4_walk+0x450/0x450 [ 45.407110] __call_rcu.constprop.0+0x31/0x7e0 [ 45.411684] route4_change+0xb27/0x1c4d [ 45.415706] ? route4_delete+0x760/0x760 [ 45.419752] ? route4_delete+0x760/0x760 [ 45.423807] tc_ctl_tfilter+0xf13/0x18e6 [ 45.428436] ? tfilter_notify+0x240/0x240 [ 45.432600] ? mutex_trylock+0x1a0/0x1a0 [ 45.436664] ? rtnetlink_rcv_msg+0x2e8/0xb10 [ 45.441064] ? tfilter_notify+0x240/0x240 [ 45.445304] rtnetlink_rcv_msg+0x3be/0xb10 [ 45.449611] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 45.454195] ? save_trace+0x290/0x290 [ 45.458004] ? save_trace+0x290/0x290 [ 45.462171] netlink_rcv_skb+0x127/0x370 [ 45.466229] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 45.470849] ? netlink_ack+0x980/0x980 [ 45.474779] netlink_unicast+0x437/0x620 [ 45.478856] ? netlink_attachskb+0x600/0x600 [ 45.483278] netlink_sendmsg+0x733/0xbe0 [ 45.487342] ? netlink_unicast+0x620/0x620 [ 45.491562] ? SYSC_sendto+0x2b0/0x2b0 [ 45.495661] ? security_socket_sendmsg+0x83/0xb0 [ 45.500414] ? netlink_unicast+0x620/0x620 [ 45.504678] sock_sendmsg+0xc5/0x100 [ 45.508420] ___sys_sendmsg+0x70a/0x840 [ 45.512500] ? trace_hardirqs_on+0x10/0x10 [ 45.516736] ? copy_msghdr_from_user+0x380/0x380 [ 45.521480] ? find_held_lock+0x2d/0x110 [ 45.525526] ? lock_downgrade+0x6e0/0x6e0 [ 45.529658] ? __fget+0x228/0x360 [ 45.533111] ? __fget_light+0x199/0x1f0 [ 45.537082] ? sockfd_lookup_light+0xb2/0x160 [ 45.541558] __sys_sendmsg+0xa3/0x120 [ 45.545357] ? SyS_shutdown+0x160/0x160 [ 45.549327] ? move_addr_to_kernel+0x60/0x60 [ 45.553762] SyS_sendmsg+0x27/0x40 [ 45.557284] ? __sys_sendmsg+0x120/0x120 [ 45.561334] do_syscall_64+0x1d5/0x640 [ 45.565207] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.570397] RIP: 0033:0x4484d9 [ 45.573577] RSP: 002b:00007f6746ba3ce8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 45.581351] RAX: ffffffffffffffda RBX: 00000000006dec78 RCX: 00000000004484d9 [ 45.588617] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 45.595937] RBP: 00000000006dec70 R08: 0000000000000000 R09: 0000000000000000 [ 45.603252] R10: 0000000000000010 R11: 0000000000000246 R12: 00000000006dec7c [ 45.610508] R13: 00007fff7fb02fcf R14: 00007f6746ba49c0 R15: 00000000006dec7c [ 45.617877] [ 45.617879] ====================================================== [ 45.617881] WARNING: possible circular locking dependency detected [ 45.617882] 4.14.174-syzkaller #0 Not tainted [ 45.617884] ------------------------------------------------------ [ 45.617885] syz-executor285/7461 is trying to acquire lock: [ 45.617886] ((console_sem).lock){-...}, at: [] down_trylock+0xe/0x60 [ 45.617890] [ 45.617892] but task is already holding lock: [ 45.617893] (&obj_hash[i].lock){-.-.}, at: [] debug_object_activate+0x10b/0x450 [ 45.617897] [ 45.617898] which lock already depends on the new lock. [ 45.617899] [ 45.617899] [ 45.617901] the existing dependency chain (in reverse order) is: [ 45.617902] [ 45.617902] -> #5 (&obj_hash[i].lock){-.-.}: [ 45.617907] _raw_spin_lock_irqsave+0x8c/0xbf [ 45.617908] debug_object_activate+0x10b/0x450 [ 45.617909] enqueue_hrtimer+0x22/0x3b0 [ 45.617911] hrtimer_start_range_ns+0x4e6/0x1060 [ 45.617912] schedule_hrtimeout_range_clock+0x13c/0x2f0 [ 45.617914] wait_task_inactive+0x478/0x530 [ 45.617915] __kthread_bind_mask+0x1f/0xb0 [ 45.617916] create_worker+0x313/0x530 [ 45.617917] workqueue_init+0x55f/0x66e [ 45.617919] kernel_init_freeable+0x2ab/0x526 [ 45.617920] kernel_init+0xd/0x15b [ 45.617921] ret_from_fork+0x24/0x30 [ 45.617922] [ 45.617922] -> #4 (hrtimer_bases.lock){-.-.}: [ 45.617927] _raw_spin_lock_irqsave+0x8c/0xbf [ 45.617928] lock_hrtimer_base.isra.0+0x6d/0x120 [ 45.617929] hrtimer_start_range_ns+0x7b/0x1060 [ 45.617931] enqueue_task_rt+0x94d/0xdb0 [ 45.617932] __sched_setscheduler.constprop.0+0xc11/0x1f70 [ 45.617934] _sched_setscheduler+0xf9/0x150 [ 45.617935] watchdog_enable+0xff/0x150 [ 45.617936] smpboot_thread_fn+0x40d/0x920 [ 45.617937] kthread+0x30d/0x420 [ 45.617938] ret_from_fork+0x24/0x30 [ 45.617939] [ 45.617940] -> #3 (&rt_b->rt_runtime_lock){-.-.}: [ 45.617944] _raw_spin_lock+0x2a/0x40 [ 45.617945] enqueue_task_rt+0x508/0xdb0 [ 45.617947] __sched_setscheduler.constprop.0+0xc11/0x1f70 [ 45.617948] _sched_setscheduler+0xf9/0x150 [ 45.617949] watchdog_enable+0xff/0x150 [ 45.617951] smpboot_thread_fn+0x40d/0x920 [ 45.617952] kthread+0x30d/0x420 [ 45.617953] ret_from_fork+0x24/0x30 [ 45.617954] [ 45.617954] -> #2 (&rq->lock){-.-.}: [ 45.617958] _raw_spin_lock+0x2a/0x40 [ 45.617959] task_fork_fair+0x63/0x5b0 [ 45.617960] sched_fork+0x39a/0xbd0 [ 45.617962] copy_process.part.0+0x15b7/0x6a70 [ 45.617963] _do_fork+0x180/0xc80 [ 45.617964] kernel_thread+0x2f/0x40 [ 45.617965] rest_init+0x1f/0x1d2 [ 45.617966] start_kernel+0x659/0x676 [ 45.617968] secondary_startup_64+0xa5/0xb0 [ 45.617968] [ 45.617969] -> #1 (&p->pi_lock){-.-.}: [ 45.617973] _raw_spin_lock_irqsave+0x8c/0xbf [ 45.617974] try_to_wake_up+0x6a/0xef0 [ 45.617975] up+0x92/0xe0 [ 45.617977] __up_console_sem+0xa9/0x1b0 [ 45.617978] console_unlock+0x596/0xec0 [ 45.617979] vprintk_emit+0x1f8/0x600 [ 45.617980] vprintk_func+0x58/0x152 [ 45.617981] printk+0x9e/0xbc [ 45.617983] kauditd_hold_skb.cold+0x3e/0x4d [ 45.617984] kauditd_send_queue+0xfb/0x140 [ 45.617985] kauditd_thread+0x625/0x840 [ 45.617986] kthread+0x30d/0x420 [ 45.617987] ret_from_fork+0x24/0x30 [ 45.617988] [ 45.617989] -> #0 ((console_sem).lock){-...}: [ 45.617993] lock_acquire+0x170/0x3f0 [ 45.617994] _raw_spin_lock_irqsave+0x8c/0xbf [ 45.617995] down_trylock+0xe/0x60 [ 45.617997] __down_trylock_console_sem+0x97/0x1f0 [ 45.617998] console_trylock+0x14/0x70 [ 45.617999] vprintk_emit+0x1ea/0x600 [ 45.618000] vprintk_func+0x58/0x152 [ 45.618001] printk+0x9e/0xbc [ 45.618003] debug_print_object.cold+0xa7/0xdb [ 45.618004] debug_object_activate+0x307/0x450 [ 45.618005] __call_rcu.constprop.0+0x31/0x7e0 [ 45.618007] route4_change+0xb27/0x1c4d [ 45.618008] tc_ctl_tfilter+0xf13/0x18e6 [ 45.618009] rtnetlink_rcv_msg+0x3be/0xb10 [ 45.618010] netlink_rcv_skb+0x127/0x370 [ 45.618012] netlink_unicast+0x437/0x620 [ 45.618013] netlink_sendmsg+0x733/0xbe0 [ 45.618014] sock_sendmsg+0xc5/0x100 [ 45.618015] ___sys_sendmsg+0x70a/0x840 [ 45.618017] __sys_sendmsg+0xa3/0x120 [ 45.618018] SyS_sendmsg+0x27/0x40 [ 45.618019] do_syscall_64+0x1d5/0x640 [ 45.618021] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.618021] [ 45.618023] other info that might help us debug this: [ 45.618023] [ 45.618024] Chain exists of: [ 45.618025] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 45.618030] [ 45.618031] Possible unsafe locking scenario: [ 45.618032] [ 45.618033] CPU0 CPU1 [ 45.618035] ---- ---- [ 45.618035] lock(&obj_hash[i].lock); [ 45.618038] lock(hrtimer_bases.lock); [ 45.618041] lock(&obj_hash[i].lock); [ 45.618043] lock((console_sem).lock); [ 45.618045] [ 45.618046] *** DEADLOCK *** [ 45.618047] [ 45.618048] 2 locks held by syz-executor285/7461: [ 45.618049] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 [ 45.618053] #1: (&obj_hash[i].lock){-.-.}, at: [] debug_object_activate+0x10b/0x450 [ 45.618058] [ 45.618059] stack backtrace: [ 45.618061] CPU: 1 PID: 7461 Comm: syz-executor285 Not tainted 4.14.174-syzkaller #0 [ 45.618063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.618064] Call Trace: [ 45.618065] dump_stack+0x13e/0x194 [ 45.618067] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 45.618068] __lock_acquire+0x2cb3/0x4620 [ 45.618069] ? string+0x17e/0x1d0 [ 45.618070] ? trace_hardirqs_on+0x10/0x10 [ 45.618072] ? netdev_bits+0xa0/0xa0 [ 45.618073] ? kvm_clock_read+0x1f/0x30 [ 45.618074] ? kvm_sched_clock_read+0x5/0x10 [ 45.618075] lock_acquire+0x170/0x3f0 [ 45.618076] ? down_trylock+0xe/0x60 [ 45.618077] _raw_spin_lock_irqsave+0x8c/0xbf [ 45.618079] ? down_trylock+0xe/0x60 [ 45.618080] down_trylock+0xe/0x60 [ 45.618081] ? vprintk_emit+0x1ea/0x600 [ 45.618082] __down_trylock_console_sem+0x97/0x1f0 [ 45.618083] console_trylock+0x14/0x70 [ 45.618084] vprintk_emit+0x1ea/0x600 [ 45.618086] vprintk_func+0x58/0x152 [ 45.618087] printk+0x9e/0xbc [ 45.618088] ? show_regs_print_info+0x5b/0x5b [ 45.618089] ? lock_acquire+0x170/0x3f0 [ 45.618090] ? debug_object_activate+0x10b/0x450 [ 45.618092] debug_print_object.cold+0xa7/0xdb [ 45.618093] debug_object_activate+0x307/0x450 [ 45.618094] ? debug_object_free+0x390/0x390 [ 45.618096] ? find_held_lock+0x2d/0x110 [ 45.618097] ? route4_walk+0x450/0x450 [ 45.618098] __call_rcu.constprop.0+0x31/0x7e0 [ 45.618099] route4_change+0xb27/0x1c4d [ 45.618100] ? route4_delete+0x760/0x760 [ 45.618101] ? route4_delete+0x760/0x760 [ 45.618103] tc_ctl_tfilter+0xf13/0x18e6 [ 45.618104] ? tfilter_notify+0x240/0x240 [ 45.618105] ? mutex_trylock+0x1a0/0x1a0 [ 45.618106] ? rtnetlink_rcv_msg+0x2e8/0xb10 [ 45.618107] ? tfilter_notify+0x240/0x240 [ 45.618109] rtnetlink_rcv_msg+0x3be/0xb10 [ 45.618110] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 45.618111] ? save_trace+0x290/0x290 [ 45.618112] ? save_trace+0x290/0x290 [ 45.618113] netlink_rcv_skb+0x127/0x370 [ 45.618115] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 45.618116] ? netlink_ack+0x980/0x980 [ 45.618117] netlink_unicast+0x437/0x620 [ 45.618118] ? netlink_attachskb+0x600/0x600 [ 45.618119] netlink_sendmsg+0x733/0xbe0 [ 45.618121] ? netlink_unicast+0x620/0x620 [ 45.618122] ? SYSC_sendto+0x2b0/0x2b0 [ 45.618123] ? security_socket_sendmsg+0x83/0xb0 [ 45.618124] ? netlink_unicast+0x620/0x620 [ 45.618125] sock_sendmsg+0xc5/0x100 [ 45.618127] ___sys_sendmsg+0x70a/0x840 [ 45.618128] ? trace_hardirqs_on+0x10/0x10 [ 45.618129] ? copy_msghdr_from_user+0x380/0x380 [ 45.618130] ? find_held_lock+0x2d/0x110 [ 45.618132] ? lock_downgrade+0x6e0/0x6e0 [ 45.618133] ? __fget+0x228/0x360 [ 45.618134] ? __fget_light+0x199/0x1f0 [ 45.618135] ? sockfd_lookup_light+0xb2/0x160 [ 45.618136] __sys_sendmsg+0xa3/0x120 [ 45.618137] ? SyS_shutdown+0x160/0x160 [ 45.618139] ? move_addr_to_kernel+0x60/0x60 [ 45.618140] SyS_sendmsg+0x27/0x40 [ 45.618141] ? __sys_sendmsg+0x120/0x120 [ 45.618142] do_syscall_64+0x1d5/0x640 [ 45.618143] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.618144] RIP: 0033:0x4484d9 [ 45.618146] RSP: 002b:00007f6746ba3ce8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 45.618149] RAX: ffffffffffffffda RBX: 00000000006dec78 RCX: 00000000004484d9 [ 45.618151] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 45.618153] RBP: 00000000006dec70 R08: 0000000000000000 R09: 0000000000000000 [ 45.618155] R10: 0000000000000010 R11: 0000000000000246 R12: 00000000006dec7c [ 45.618156] R13: 00007fff7fb02fcf R14: 00007f6746ba49c0 R15: 00000000006dec7c [ 45.619438] Kernel Offset: disabled [ 46.509053] Rebooting in 86400 seconds..