Warning: Permanently added '10.128.0.177' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 58.519426] kauditd_printk_skb: 3 callbacks suppressed [ 58.519441] audit: type=1400 audit(1584887570.318:36): avc: denied { map } for pid=8172 comm="syz-executor697" path="/root/syz-executor697395061" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 58.536431] IPVS: ftp: loaded support on port[0] = 21 [ 58.584874] ------------[ cut here ]------------ [ 58.590629] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 58.599813] WARNING: CPU: 0 PID: 8175 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 58.608584] Kernel panic - not syncing: panic_on_warn set ... [ 58.608584] [ 58.615934] CPU: 0 PID: 8175 Comm: syz-executor697 Not tainted 4.19.112-syzkaller #0 [ 58.623800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.633139] Call Trace: [ 58.635715] dump_stack+0x188/0x20d [ 58.639341] panic+0x26a/0x50e [ 58.642524] ? __warn_printk+0xf3/0xf3 [ 58.646398] ? debug_print_object+0x160/0x250 [ 58.650879] ? __probe_kernel_read+0x16c/0x1b0 [ 58.655445] ? __warn.cold+0x5/0x46 [ 58.659057] ? __warn+0xe4/0x1c0 [ 58.662425] ? debug_print_object+0x160/0x250 [ 58.666917] __warn.cold+0x20/0x46 [ 58.670458] ? debug_print_object+0x160/0x250 [ 58.674948] report_bug+0x262/0x2a0 [ 58.678577] do_error_trap+0x1d7/0x310 [ 58.682723] ? math_error+0x310/0x310 [ 58.686517] ? irq_work_claim+0xa6/0xc0 [ 58.690484] ? irq_work_queue+0x2b/0x80 [ 58.694740] ? wake_up_klogd+0x8c/0xc0 [ 58.698720] ? trace_hardirqs_off_caller+0x55/0x210 [ 58.703727] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 58.708561] invalid_op+0x14/0x20 [ 58.712288] RIP: 0010:debug_print_object+0x160/0x250 [ 58.717403] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 9b f6 e6 fd <0f> 0b 83 05 23 a5 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 58.736386] RSP: 0018:ffff888091fb7268 EFLAGS: 00010086 [ 58.741745] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 58.749020] RDX: 0000000000000000 RSI: ffffffff8152d3a1 RDI: ffffed10123f6e3f [ 58.756287] RBP: 0000000000000001 R08: ffff888082e90640 R09: ffffed1015cc3ee3 [ 58.763550] R10: ffffed1015cc3ee2 R11: ffff8880ae61f717 R12: ffffffff88b928c0 [ 58.770814] R13: 0000000000000000 R14: ffff88808eb62208 R15: 1ffff110123f6e5a [ 58.778124] ? vprintk_func+0x81/0x17e [ 58.782027] ? debug_print_object+0x160/0x250 [ 58.787486] debug_object_activate+0x357/0x4e0 [ 58.792206] ? debug_object_free+0x3e0/0x3e0 [ 58.796612] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 58.801369] ? route4_change+0xbab/0x2210 [ 58.805516] ? delayed_work_timer_fn+0x90/0x90 [ 58.810615] __call_rcu.constprop.0+0x31/0x7e0 [ 58.815197] ? mark_held_locks+0xa6/0xf0 [ 58.819257] queue_rcu_work+0x75/0x90 [ 58.823049] route4_change+0xe6a/0x2210 [ 58.827018] ? route4_init+0xa0/0xa0 [ 58.830734] ? route4_init+0xa0/0xa0 [ 58.834482] tc_new_tfilter+0xa6b/0x1450 [ 58.838643] ? tc_del_tfilter+0xd40/0xd40 [ 58.842784] ? __mutex_lock+0x3cd/0x1300 [ 58.846884] ? selinux_ipv4_output+0x50/0x50 [ 58.851322] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 58.855735] ? tc_del_tfilter+0xd40/0xd40 [ 58.859920] rtnetlink_rcv_msg+0x453/0xaf0 [ 58.864154] ? rtnetlink_put_metrics+0x520/0x520 [ 58.868907] ? find_held_lock+0x2d/0x110 [ 58.873077] netlink_rcv_skb+0x160/0x410 [ 58.877138] ? rtnetlink_put_metrics+0x520/0x520 [ 58.881883] ? netlink_ack+0xa60/0xa60 [ 58.885775] netlink_unicast+0x4d7/0x6a0 [ 58.890015] ? netlink_attachskb+0x710/0x710 [ 58.894478] netlink_sendmsg+0x80b/0xcd0 [ 58.898645] ? netlink_unicast+0x6a0/0x6a0 [ 58.902871] ? move_addr_to_kernel.part.0+0x110/0x110 [ 58.908060] ? netlink_unicast+0x6a0/0x6a0 [ 58.912291] sock_sendmsg+0xcf/0x120 [ 58.915993] ___sys_sendmsg+0x803/0x920 [ 58.919973] ? copy_msghdr_from_user+0x410/0x410 [ 58.924731] ? __fget+0x319/0x510 [ 58.928298] ? lock_downgrade+0x740/0x740 [ 58.932556] ? check_preemption_disabled+0x41/0x280 [ 58.937569] ? __fget+0x340/0x510 [ 58.941130] ? iterate_fd+0x350/0x350 [ 58.944918] ? find_held_lock+0x2d/0x110 [ 58.948975] ? __fd_install+0x1b4/0x610 [ 58.952937] ? __fget_light+0x1d1/0x230 [ 58.956910] __sys_sendmsg+0xec/0x1b0 [ 58.960704] ? __ia32_sys_shutdown+0x70/0x70 [ 58.965547] ? __x64_sys_futex+0x386/0x4f0 [ 58.969790] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 58.974535] ? trace_hardirqs_off_caller+0x55/0x210 [ 58.979572] ? do_syscall_64+0x21/0x620 [ 58.983536] do_syscall_64+0xf9/0x620 [ 58.987327] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.992610] RIP: 0033:0x446649 [ 58.995789] Code: e8 1c ba 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.014763] RSP: 002b:00007f00779c8d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.022461] RAX: ffffffffffffffda RBX: 00000000006dbc78 RCX: 0000000000446649 [ 59.029715] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 59.037111] RBP: 00000000006dbc70 R08: 0000000000000000 R09: 0000000000000000 [ 59.044386] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc7c [ 59.051639] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 59.058986] [ 59.058989] ====================================================== [ 59.058992] WARNING: possible circular locking dependency detected [ 59.058994] 4.19.112-syzkaller #0 Not tainted [ 59.058999] ------------------------------------------------------ [ 59.059001] syz-executor697/8175 is trying to acquire lock: [ 59.059003] 00000000ea2592dc ((console_sem).lock){-...}, at: down_trylock+0xe/0x60 [ 59.059010] [ 59.059013] but task is already holding lock: [ 59.059014] 00000000dc1321d3 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 59.059022] [ 59.059024] which lock already depends on the new lock. [ 59.059025] [ 59.059026] [ 59.059030] the existing dependency chain (in reverse order) is: [ 59.059032] [ 59.059033] -> #5 (&obj_hash[i].lock){-.-.}: [ 59.059040] debug_object_activate+0x131/0x4e0 [ 59.059042] enqueue_hrtimer+0x27/0x3f0 [ 59.059045] hrtimer_start_range_ns+0x580/0xbe0 [ 59.059047] schedule_hrtimeout_range_clock+0x17a/0x360 [ 59.059049] wait_task_inactive+0x443/0x550 [ 59.059051] __kthread_bind_mask+0x1f/0xb0 [ 59.059054] init_rescuer.part.0+0xf2/0x190 [ 59.059056] workqueue_init+0x504/0x7e9 [ 59.059058] kernel_init_freeable+0x2bd/0x5bb [ 59.059060] kernel_init+0xd/0x1c2 [ 59.059062] ret_from_fork+0x24/0x30 [ 59.059063] [ 59.059064] -> #4 (hrtimer_bases.lock){-.-.}: [ 59.059071] lock_hrtimer_base.isra.0+0x6d/0x120 [ 59.059074] hrtimer_start_range_ns+0xf5/0xbe0 [ 59.059076] enqueue_task_rt+0x97f/0xdf0 [ 59.059078] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 59.059080] _sched_setscheduler+0xee/0x180 [ 59.059082] watchdog_dev_init+0xdd/0x1ae [ 59.059084] watchdog_init+0x14/0x17e [ 59.059086] do_one_initcall+0xf1/0x734 [ 59.059089] kernel_init_freeable+0x4c9/0x5bb [ 59.059091] kernel_init+0xd/0x1c2 [ 59.059093] ret_from_fork+0x24/0x30 [ 59.059094] [ 59.059095] -> #3 (&rt_b->rt_runtime_lock){-.-.}: [ 59.059102] rq_online_rt+0xaf/0x390 [ 59.059104] set_rq_online.part.0+0xe3/0x140 [ 59.059106] sched_cpu_activate+0x17f/0x270 [ 59.059108] cpuhp_invoke_callback+0x213/0x1bb0 [ 59.059111] cpuhp_thread_fun+0x440/0x840 [ 59.059113] smpboot_thread_fn+0x653/0x9d0 [ 59.059114] kthread+0x34a/0x420 [ 59.059116] ret_from_fork+0x24/0x30 [ 59.059118] [ 59.059119] -> #2 (&rq->lock){-.-.}: [ 59.059125] task_fork_fair+0x6a/0x520 [ 59.059127] sched_fork+0x3a7/0x8b0 [ 59.059130] copy_process.part.0+0x187d/0x7a60 [ 59.059131] _do_fork+0x22f/0xf40 [ 59.059133] kernel_thread+0x2f/0x40 [ 59.059135] rest_init+0x1f/0x212 [ 59.059137] start_kernel+0x7e4/0x81c [ 59.059139] secondary_startup_64+0xa4/0xb0 [ 59.059140] [ 59.059142] -> #1 (&p->pi_lock){-.-.}: [ 59.059148] try_to_wake_up+0x80/0xe90 [ 59.059150] up+0x92/0xe0 [ 59.059152] __up_console_sem+0xb3/0x1c0 [ 59.059154] console_unlock+0x64d/0xfe0 [ 59.059156] vprintk_emit+0x282/0x6e0 [ 59.059158] vprintk_func+0x79/0x17e [ 59.059160] printk+0xba/0xed [ 59.059162] regdb_fw_cb.cold+0x18/0x9c [ 59.059164] request_firmware_work_func+0x126/0x250 [ 59.059166] process_one_work+0x91f/0x1640 [ 59.059169] worker_thread+0x96/0xe20 [ 59.059170] kthread+0x34a/0x420 [ 59.059172] ret_from_fork+0x24/0x30 [ 59.059173] [ 59.059175] -> #0 ((console_sem).lock){-...}: [ 59.059182] _raw_spin_lock_irqsave+0x8c/0xbf [ 59.059184] down_trylock+0xe/0x60 [ 59.059186] __down_trylock_console_sem+0xa3/0x210 [ 59.059188] console_trylock+0x12/0x90 [ 59.059190] vprintk_emit+0x269/0x6e0 [ 59.059192] vprintk_func+0x79/0x17e [ 59.059194] printk+0xba/0xed [ 59.059196] __warn_printk+0x9b/0xf3 [ 59.059198] debug_print_object+0x160/0x250 [ 59.059200] debug_object_activate+0x357/0x4e0 [ 59.059203] __call_rcu.constprop.0+0x31/0x7e0 [ 59.059205] queue_rcu_work+0x75/0x90 [ 59.059207] route4_change+0xe6a/0x2210 [ 59.059209] tc_new_tfilter+0xa6b/0x1450 [ 59.059211] rtnetlink_rcv_msg+0x453/0xaf0 [ 59.059213] netlink_rcv_skb+0x160/0x410 [ 59.059215] netlink_unicast+0x4d7/0x6a0 [ 59.059217] netlink_sendmsg+0x80b/0xcd0 [ 59.059219] sock_sendmsg+0xcf/0x120 [ 59.059221] ___sys_sendmsg+0x803/0x920 [ 59.059223] __sys_sendmsg+0xec/0x1b0 [ 59.059225] do_syscall_64+0xf9/0x620 [ 59.059227] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.059229] [ 59.059231] other info that might help us debug this: [ 59.059232] [ 59.059233] Chain exists of: [ 59.059235] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 59.059244] [ 59.059246] Possible unsafe locking scenario: [ 59.059247] [ 59.059249] CPU0 CPU1 [ 59.059251] ---- ---- [ 59.059252] lock(&obj_hash[i].lock); [ 59.059257] lock(hrtimer_bases.lock); [ 59.059262] lock(&obj_hash[i].lock); [ 59.059266] lock((console_sem).lock); [ 59.059270] [ 59.059271] *** DEADLOCK *** [ 59.059272] [ 59.059275] 2 locks held by syz-executor697/8175: [ 59.059276] #0: 000000004875dfc9 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 59.059284] #1: 00000000dc1321d3 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 59.059293] [ 59.059294] stack backtrace: [ 59.059298] CPU: 0 PID: 8175 Comm: syz-executor697 Not tainted 4.19.112-syzkaller #0 [ 59.059302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.059303] Call Trace: [ 59.059305] dump_stack+0x188/0x20d [ 59.059307] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 59.059310] __lock_acquire+0x2e19/0x49c0 [ 59.059312] ? add_lock_to_list.isra.0+0x179/0x330 [ 59.059314] ? save_trace+0xd6/0x290 [ 59.059316] ? mark_held_locks+0xf0/0xf0 [ 59.059318] ? format_decode+0x230/0xad0 [ 59.059320] ? kvm_clock_read+0x14/0x30 [ 59.059322] lock_acquire+0x170/0x400 [ 59.059324] ? down_trylock+0xe/0x60 [ 59.059326] _raw_spin_lock_irqsave+0x8c/0xbf [ 59.059328] ? down_trylock+0xe/0x60 [ 59.059330] down_trylock+0xe/0x60 [ 59.059332] ? vprintk_emit+0x269/0x6e0 [ 59.059334] __down_trylock_console_sem+0xa3/0x210 [ 59.059336] console_trylock+0x12/0x90 [ 59.059338] vprintk_emit+0x269/0x6e0 [ 59.059340] vprintk_func+0x79/0x17e [ 59.059342] printk+0xba/0xed [ 59.059344] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 59.059346] ? __warn_printk+0x8f/0xf3 [ 59.059348] __warn_printk+0x9b/0xf3 [ 59.059350] ? add_taint.cold+0x16/0x16 [ 59.059352] ? do_syscall_64+0xf9/0x620 [ 59.059354] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.059356] debug_print_object+0x160/0x250 [ 59.059359] debug_object_activate+0x357/0x4e0 [ 59.059361] ? debug_object_free+0x3e0/0x3e0 [ 59.059363] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 59.059365] ? route4_change+0xbab/0x2210 [ 59.059367] ? delayed_work_timer_fn+0x90/0x90 [ 59.059369] __call_rcu.constprop.0+0x31/0x7e0 [ 59.059371] ? mark_held_locks+0xa6/0xf0 [ 59.059373] queue_rcu_work+0x75/0x90 [ 59.059375] route4_change+0xe6a/0x2210 [ 59.059377] ? route4_init+0xa0/0xa0 [ 59.059379] ? route4_init+0xa0/0xa0 [ 59.059381] tc_new_tfilter+0xa6b/0x1450 [ 59.059383] ? tc_del_tfilter+0xd40/0xd40 [ 59.059385] ? __mutex_lock+0x3cd/0x1300 [ 59.059387] ? selinux_ipv4_output+0x50/0x50 [ 59.059390] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 59.059392] ? tc_del_tfilter+0xd40/0xd40 [ 59.059394] rtnetlink_rcv_msg+0x453/0xaf0 [ 59.059396] ? rtnetlink_put_metrics+0x520/0x520 [ 59.059398] ? find_held_lock+0x2d/0x110 [ 59.059400] netlink_rcv_skb+0x160/0x410 [ 59.059402] ? rtnetlink_put_metrics+0x520/0x520 [ 59.059404] ? netlink_ack+0xa60/0xa60 [ 59.059406] netlink_unicast+0x4d7/0x6a0 [ 59.059409] ? netlink_attachskb+0x710/0x710 [ 59.059411] netlink_sendmsg+0x80b/0xcd0 [ 59.059413] ? netlink_unicast+0x6a0/0x6a0 [ 59.059415] ? move_addr_to_kernel.part.0+0x110/0x110 [ 59.059417] ? netlink_unicast+0x6a0/0x6a0 [ 59.059419] sock_sendmsg+0xcf/0x120 [ 59.059421] ___sys_sendmsg+0x803/0x920 [ 59.059423] ? copy_msghdr_from_user+0x410/0x410 [ 59.059425] ? __fget+0x319/0x510 [ 59.059427] ? lock_downgrade+0x740/0x740 [ 59.059430] ? check_preemption_disabled+0x41/0x280 [ 59.059431] ? __fget+0x340/0x510 [ 59.059433] ? iterate_fd+0x350/0x350 [ 59.059435] ? find_held_lock+0x2d/0x110 [ 59.059437] ? __fd_install+0x1b4/0x610 [ 59.059439] ? __fget_light+0x1d1/0x230 [ 59.059441] __sys_sendmsg+0xec/0x1b0 [ 59.059444] ? __ia32_sys_shutdown+0x70/0x70 [ 59.059446] ? __x64_sys_futex+0x386/0x4f0 [ 59.059448] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 59.059450] ? trace_hardirqs_off_caller+0x55/0x210 [ 59.059452] ? do_syscall_64+0x21/0x620 [ 59.059454] do_syscall_64+0xf9/0x620 [ 59.059457] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.059458] RIP: 0033:0x446649 [ 59.059466] Code: e8 1c ba 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.059468] RSP: 002b:00007f00779c8d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.059473] RAX: ffffffffffffffda RBX: 00000000006dbc78 RCX: 0000000000446649 [ 59.059476] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 59.059479] RBP: 00000000006dbc70 R08: 0000000000000000 R09: 0000000000000000 [ 59.059482] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc7c [ 59.059486] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 59.060950] Kernel Offset: disabled [ 60.015890] Rebooting in 86400 seconds..