[ 41.216302] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.53' (ECDSA) to the list of known hosts. [ 46.758363] random: sshd: uninitialized urandom read (32 bytes read) [ 46.873635] audit: type=1400 audit(1585132851.898:36): avc: denied { map } for pid=7416 comm="syz-executor855" path="/root/syz-executor855646972" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.141100] IPVS: ftp: loaded support on port[0] = 21 executing program [ 47.991018] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 48.001010] ------------[ cut here ]------------ [ 48.005849] WARNING: CPU: 0 PID: 7419 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb [ 48.014863] Kernel panic - not syncing: panic_on_warn set ... [ 48.014863] [ 48.022418] CPU: 0 PID: 7419 Comm: syz-executor855 Not tainted 4.14.174-syzkaller #0 [ 48.031089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.040837] Call Trace: [ 48.043417] dump_stack+0x13e/0x194 [ 48.047054] panic+0x1f9/0x42d [ 48.050246] ? add_taint.cold+0x16/0x16 [ 48.054312] ? debug_print_object.cold+0xa7/0xdb [ 48.059060] ? debug_print_object.cold+0xa7/0xdb [ 48.063935] __warn.cold+0x2f/0x30 [ 48.067472] ? ist_end_non_atomic+0x10/0x10 [ 48.071895] ? debug_print_object.cold+0xa7/0xdb [ 48.076751] report_bug+0x20a/0x248 [ 48.080392] do_error_trap+0x195/0x2d0 [ 48.084370] ? math_error+0x2d0/0x2d0 [ 48.088243] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.093165] invalid_op+0x1b/0x40 [ 48.096693] RIP: 0010:debug_print_object.cold+0xa7/0xdb [ 48.102050] RSP: 0018:ffff888096687430 EFLAGS: 00010082 [ 48.107542] RAX: 0000000000000055 RBX: 0000000000000003 RCX: 0000000000000000 [ 48.114826] RDX: 0000000000000000 RSI: ffffffff86ac07e0 RDI: ffffed1012cd0e7c [ 48.122383] RBP: ffffffff86ab5ee0 R08: 0000000000000055 R09: 0000000000000000 [ 48.129858] R10: fffffbfff14a8cd8 R11: ffff8880a5218340 R12: 0000000000000000 [ 48.137465] R13: 0000000000000001 R14: 1ffff11012cd0e90 R15: ffffffff87d84240 [ 48.144778] debug_object_activate+0x307/0x450 [ 48.149471] ? debug_object_free+0x390/0x390 [ 48.153867] ? find_held_lock+0x2d/0x110 [ 48.157926] ? route4_walk+0x450/0x450 [ 48.161994] __call_rcu.constprop.0+0x31/0x7e0 [ 48.166587] route4_change+0xb27/0x1c4d [ 48.170668] ? route4_delete+0x760/0x760 [ 48.174729] ? route4_delete+0x760/0x760 [ 48.178775] tc_ctl_tfilter+0xf13/0x18e6 [ 48.182830] ? tfilter_notify+0x240/0x240 [ 48.186962] ? mutex_trylock+0x1a0/0x1a0 [ 48.191103] ? rtnetlink_rcv_msg+0x2e8/0xb10 [ 48.195523] ? tfilter_notify+0x240/0x240 [ 48.199662] rtnetlink_rcv_msg+0x3be/0xb10 [ 48.204034] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 48.209500] ? save_trace+0x290/0x290 [ 48.213333] ? save_trace+0x290/0x290 [ 48.217133] netlink_rcv_skb+0x127/0x370 [ 48.221196] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 48.225769] ? netlink_ack+0x980/0x980 [ 48.229659] netlink_unicast+0x437/0x620 [ 48.233708] ? netlink_attachskb+0x600/0x600 [ 48.238208] netlink_sendmsg+0x733/0xbe0 [ 48.242263] ? netlink_unicast+0x620/0x620 [ 48.246599] ? SYSC_sendto+0x2b0/0x2b0 [ 48.250552] ? security_socket_sendmsg+0x83/0xb0 [ 48.255287] ? netlink_unicast+0x620/0x620 [ 48.259500] sock_sendmsg+0xc5/0x100 [ 48.263210] ___sys_sendmsg+0x70a/0x840 [ 48.267164] ? trace_hardirqs_on+0x10/0x10 [ 48.271394] ? copy_msghdr_from_user+0x380/0x380 [ 48.276131] ? find_held_lock+0x2d/0x110 [ 48.280537] ? lock_downgrade+0x6e0/0x6e0 [ 48.284688] ? __fget+0x228/0x360 [ 48.288335] ? __fget_light+0x199/0x1f0 [ 48.292290] ? sockfd_lookup_light+0xb2/0x160 [ 48.296885] __sys_sendmsg+0xa3/0x120 [ 48.300931] ? SyS_shutdown+0x160/0x160 [ 48.304898] ? move_addr_to_kernel+0x60/0x60 [ 48.309294] SyS_sendmsg+0x27/0x40 [ 48.312836] ? __sys_sendmsg+0x120/0x120 [ 48.316987] do_syscall_64+0x1d5/0x640 [ 48.320867] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 48.326048] RIP: 0033:0x4484d9 [ 48.329233] RSP: 002b:00007f161eb4ace8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 48.336937] RAX: ffffffffffffffda RBX: 00000000006dec78 RCX: 00000000004484d9 [ 48.344184] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 48.351459] RBP: 00000000006dec70 R08: 0000000000000000 R09: 0000000000000000 [ 48.358708] R10: 0000000000000010 R11: 0000000000000246 R12: 00000000006dec7c [ 48.365954] R13: 00007ffdd61ac31f R14: 00007f161eb4b9c0 R15: 00000000006dec7c [ 48.373237] [ 48.373239] ====================================================== [ 48.373241] WARNING: possible circular locking dependency detected [ 48.373242] 4.14.174-syzkaller #0 Not tainted [ 48.373244] ------------------------------------------------------ [ 48.373246] syz-executor855/7419 is trying to acquire lock: [ 48.373247] ((console_sem).lock){-...}, at: [] down_trylock+0xe/0x60 [ 48.373251] [ 48.373252] but task is already holding lock: [ 48.373253] (&obj_hash[i].lock){-.-.}, at: [] debug_object_activate+0x10b/0x450 [ 48.373257] [ 48.373259] which lock already depends on the new lock. [ 48.373259] [ 48.373260] [ 48.373262] the existing dependency chain (in reverse order) is: [ 48.373262] [ 48.373263] -> #5 (&obj_hash[i].lock){-.-.}: [ 48.373267] _raw_spin_lock_irqsave+0x8c/0xbf [ 48.373268] debug_object_activate+0x10b/0x450 [ 48.373270] enqueue_hrtimer+0x22/0x3b0 [ 48.373271] hrtimer_start_range_ns+0x4e6/0x1060 [ 48.373272] schedule_hrtimeout_range_clock+0x13c/0x2f0 [ 48.373274] wait_task_inactive+0x478/0x530 [ 48.373275] __kthread_bind_mask+0x1f/0xb0 [ 48.373276] create_worker+0x313/0x530 [ 48.373278] workqueue_init+0x55f/0x66e [ 48.373279] kernel_init_freeable+0x2ab/0x526 [ 48.373280] kernel_init+0xd/0x15b [ 48.373281] ret_from_fork+0x24/0x30 [ 48.373282] [ 48.373282] -> #4 (hrtimer_bases.lock){-.-.}: [ 48.373287] _raw_spin_lock_irqsave+0x8c/0xbf [ 48.373288] lock_hrtimer_base.isra.0+0x6d/0x120 [ 48.373290] hrtimer_start_range_ns+0x7b/0x1060 [ 48.373291] enqueue_task_rt+0x94d/0xdb0 [ 48.373292] __sched_setscheduler.constprop.0+0xc11/0x1f70 [ 48.373294] _sched_setscheduler+0xf9/0x150 [ 48.373295] watchdog_enable+0xff/0x150 [ 48.373296] smpboot_thread_fn+0x40d/0x920 [ 48.373297] kthread+0x30d/0x420 [ 48.373298] ret_from_fork+0x24/0x30 [ 48.373299] [ 48.373300] -> #3 (&rt_b->rt_runtime_lock){-...}: [ 48.373304] _raw_spin_lock+0x2a/0x40 [ 48.373305] enqueue_task_rt+0x508/0xdb0 [ 48.373307] __sched_setscheduler.constprop.0+0xc11/0x1f70 [ 48.373308] _sched_setscheduler+0xf9/0x150 [ 48.373309] watchdog_enable+0xff/0x150 [ 48.373310] smpboot_thread_fn+0x40d/0x920 [ 48.373311] kthread+0x30d/0x420 [ 48.373313] ret_from_fork+0x24/0x30 [ 48.373313] [ 48.373314] -> #2 (&rq->lock){-.-.}: [ 48.373318] _raw_spin_lock+0x2a/0x40 [ 48.373319] task_fork_fair+0x63/0x5b0 [ 48.373320] sched_fork+0x39a/0xbd0 [ 48.373321] copy_process.part.0+0x15b7/0x6a70 [ 48.373323] _do_fork+0x180/0xc80 [ 48.373324] kernel_thread+0x2f/0x40 [ 48.373325] rest_init+0x1f/0x1d2 [ 48.373326] start_kernel+0x659/0x676 [ 48.373327] secondary_startup_64+0xa5/0xb0 [ 48.373328] [ 48.373329] -> #1 (&p->pi_lock){-.-.}: [ 48.373333] _raw_spin_lock_irqsave+0x8c/0xbf [ 48.373334] try_to_wake_up+0x6a/0xef0 [ 48.373335] up+0x92/0xe0 [ 48.373336] __up_console_sem+0xa9/0x1b0 [ 48.373337] console_unlock+0x596/0xec0 [ 48.373339] vprintk_emit+0x1f8/0x600 [ 48.373340] vprintk_func+0x58/0x152 [ 48.373341] printk+0x9e/0xbc [ 48.373342] kauditd_hold_skb.cold+0x3e/0x4d [ 48.373344] kauditd_send_queue+0xfb/0x140 [ 48.373345] kauditd_thread+0x625/0x840 [ 48.373346] kthread+0x30d/0x420 [ 48.373347] ret_from_fork+0x24/0x30 [ 48.373348] [ 48.373348] -> #0 ((console_sem).lock){-...}: [ 48.373352] lock_acquire+0x170/0x3f0 [ 48.373354] _raw_spin_lock_irqsave+0x8c/0xbf [ 48.373355] down_trylock+0xe/0x60 [ 48.373357] __down_trylock_console_sem+0x97/0x1f0 [ 48.373358] console_trylock+0x14/0x70 [ 48.373359] vprintk_emit+0x1ea/0x600 [ 48.373360] vprintk_func+0x58/0x152 [ 48.373361] printk+0x9e/0xbc [ 48.373362] debug_print_object.cold+0xa7/0xdb [ 48.373364] debug_object_activate+0x307/0x450 [ 48.373365] __call_rcu.constprop.0+0x31/0x7e0 [ 48.373366] route4_change+0xb27/0x1c4d [ 48.373368] tc_ctl_tfilter+0xf13/0x18e6 [ 48.373369] rtnetlink_rcv_msg+0x3be/0xb10 [ 48.373370] netlink_rcv_skb+0x127/0x370 [ 48.373371] netlink_unicast+0x437/0x620 [ 48.373372] netlink_sendmsg+0x733/0xbe0 [ 48.373374] sock_sendmsg+0xc5/0x100 [ 48.373375] ___sys_sendmsg+0x70a/0x840 [ 48.373376] __sys_sendmsg+0xa3/0x120 [ 48.373377] SyS_sendmsg+0x27/0x40 [ 48.373379] do_syscall_64+0x1d5/0x640 [ 48.373380] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 48.373381] [ 48.373382] other info that might help us debug this: [ 48.373383] [ 48.373384] Chain exists of: [ 48.373384] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 48.373390] [ 48.373391] Possible unsafe locking scenario: [ 48.373392] [ 48.373393] CPU0 CPU1 [ 48.373394] ---- ---- [ 48.373395] lock(&obj_hash[i].lock); [ 48.373398] lock(hrtimer_bases.lock); [ 48.373400] lock(&obj_hash[i].lock); [ 48.373403] lock((console_sem).lock); [ 48.373405] [ 48.373406] *** DEADLOCK *** [ 48.373406] [ 48.373408] 2 locks held by syz-executor855/7419: [ 48.373408] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 [ 48.373413] #1: (&obj_hash[i].lock){-.-.}, at: [] debug_object_activate+0x10b/0x450 [ 48.373417] [ 48.373418] stack backtrace: [ 48.373420] CPU: 0 PID: 7419 Comm: syz-executor855 Not tainted 4.14.174-syzkaller #0 [ 48.373423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.373424] Call Trace: [ 48.373425] dump_stack+0x13e/0x194 [ 48.373426] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 48.373427] __lock_acquire+0x2cb3/0x4620 [ 48.373428] ? string+0x17e/0x1d0 [ 48.373430] ? trace_hardirqs_on+0x10/0x10 [ 48.373431] ? netdev_bits+0xa0/0xa0 [ 48.373432] ? kvm_clock_read+0x1f/0x30 [ 48.373433] ? kvm_sched_clock_read+0x5/0x10 [ 48.373434] lock_acquire+0x170/0x3f0 [ 48.373435] ? down_trylock+0xe/0x60 [ 48.373437] _raw_spin_lock_irqsave+0x8c/0xbf [ 48.373438] ? down_trylock+0xe/0x60 [ 48.373439] down_trylock+0xe/0x60 [ 48.373440] ? vprintk_emit+0x1ea/0x600 [ 48.373441] __down_trylock_console_sem+0x97/0x1f0 [ 48.373443] console_trylock+0x14/0x70 [ 48.373444] vprintk_emit+0x1ea/0x600 [ 48.373445] vprintk_func+0x58/0x152 [ 48.373446] printk+0x9e/0xbc [ 48.373447] ? show_regs_print_info+0x5b/0x5b [ 48.373448] ? lock_acquire+0x170/0x3f0 [ 48.373450] ? debug_object_activate+0x10b/0x450 [ 48.373451] debug_print_object.cold+0xa7/0xdb [ 48.373452] debug_object_activate+0x307/0x450 [ 48.373453] ? debug_object_free+0x390/0x390 [ 48.373455] ? find_held_lock+0x2d/0x110 [ 48.373456] ? route4_walk+0x450/0x450 [ 48.373457] __call_rcu.constprop.0+0x31/0x7e0 [ 48.373458] route4_change+0xb27/0x1c4d [ 48.373459] ? route4_delete+0x760/0x760 [ 48.373461] ? route4_delete+0x760/0x760 [ 48.373462] tc_ctl_tfilter+0xf13/0x18e6 [ 48.373463] ? tfilter_notify+0x240/0x240 [ 48.373464] ? mutex_trylock+0x1a0/0x1a0 [ 48.373465] ? rtnetlink_rcv_msg+0x2e8/0xb10 [ 48.373467] ? tfilter_notify+0x240/0x240 [ 48.373468] rtnetlink_rcv_msg+0x3be/0xb10 [ 48.373469] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 48.373470] ? save_trace+0x290/0x290 [ 48.373471] ? save_trace+0x290/0x290 [ 48.373473] netlink_rcv_skb+0x127/0x370 [ 48.373474] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 48.373475] ? netlink_ack+0x980/0x980 [ 48.373476] netlink_unicast+0x437/0x620 [ 48.373477] ? netlink_attachskb+0x600/0x600 [ 48.373479] netlink_sendmsg+0x733/0xbe0 [ 48.373480] ? netlink_unicast+0x620/0x620 [ 48.373481] ? SYSC_sendto+0x2b0/0x2b0 [ 48.373482] ? security_socket_sendmsg+0x83/0xb0 [ 48.373484] ? netlink_unicast+0x620/0x620 [ 48.373485] sock_sendmsg+0xc5/0x100 [ 48.373486] ___sys_sendmsg+0x70a/0x840 [ 48.373487] ? trace_hardirqs_on+0x10/0x10 [ 48.373488] ? copy_msghdr_from_user+0x380/0x380 [ 48.373490] ? find_held_lock+0x2d/0x110 [ 48.373491] ? lock_downgrade+0x6e0/0x6e0 [ 48.373492] ? __fget+0x228/0x360 [ 48.373493] ? __fget_light+0x199/0x1f0 [ 48.373494] ? sockfd_lookup_light+0xb2/0x160 [ 48.373495] __sys_sendmsg+0xa3/0x120 [ 48.373497] ? SyS_shutdown+0x160/0x160 [ 48.373498] ? move_addr_to_kernel+0x60/0x60 [ 48.373499] SyS_sendmsg+0x27/0x40 [ 48.373500] ? __sys_sendmsg+0x120/0x120 [ 48.373501] do_syscall_64+0x1d5/0x640 [ 48.373503] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 48.373504] RIP: 0033:0x4484d9 [ 48.373505] RSP: 002b:00007f161eb4ace8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 48.373508] RAX: ffffffffffffffda RBX: 00000000006dec78 RCX: 00000000004484d9 [ 48.373510] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 48.373512] RBP: 00000000006dec70 R08: 0000000000000000 R09: 0000000000000000 [ 48.373514] R10: 0000000000000010 R11: 0000000000000246 R12: 00000000006dec7c [ 48.373516] R13: 00007ffdd61ac31f R14: 00007f161eb4b9c0 R15: 00000000006dec7c [ 48.375166] Kernel Offset: disabled [ 49.276466] Rebooting in 86400 seconds..