[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 73.841993][ T27] audit: type=1800 audit(1563608814.127:33): pid=9685 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 73.864324][ T27] audit: type=1800 audit(1563608814.127:34): pid=9685 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 75.584549][ T27] audit: type=1400 audit(1563608815.867:35): avc: denied { map } for pid=9861 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts. executing program [ 82.120920][ T27] audit: type=1400 audit(1563608822.407:36): avc: denied { map } for pid=9873 comm="syz-executor679" path="/root/syz-executor679486479" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 82.156973][ T9874] IPVS: ftp: loaded support on port[0] = 21 [ 82.349788][ T9877] ------------[ cut here ]------------ [ 82.356530][ T9877] WARNING: CPU: 1 PID: 9877 at kernel/sched/deadline.c:627 enqueue_task_dl.cold+0x103/0x4c2 [ 82.366610][ T9877] Kernel panic - not syncing: panic_on_warn set ... [ 82.373209][ T9877] CPU: 1 PID: 9877 Comm: syz-executor679 Not tainted 5.2.0+ #63 [ 82.380842][ T9877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.390997][ T9877] Call Trace: [ 82.394303][ T9877] dump_stack+0x172/0x1f0 [ 82.398644][ T9877] ? enqueue_task_dl.cold+0x9d/0x4c2 [ 82.403941][ T9877] panic+0x2dc/0x755 [ 82.407858][ T9877] ? add_taint.cold+0x16/0x16 [ 82.412544][ T9877] ? __kasan_check_write+0x14/0x20 [ 82.417666][ T9877] ? __warn.cold+0x5/0x4c [ 82.422099][ T9877] ? __warn+0xe7/0x1e0 [ 82.426208][ T9877] ? enqueue_task_dl.cold+0x103/0x4c2 [ 82.431677][ T9877] __warn.cold+0x20/0x4c [ 82.435934][ T9877] ? enqueue_task_dl.cold+0x103/0x4c2 [ 82.441310][ T9877] report_bug+0x263/0x2b0 [ 82.445678][ T9877] do_error_trap+0x11b/0x200 [ 82.450278][ T9877] do_invalid_op+0x37/0x50 [ 82.456159][ T9877] ? enqueue_task_dl.cold+0x103/0x4c2 [ 82.461543][ T9877] invalid_op+0x14/0x20 [ 82.465718][ T9877] RIP: 0010:enqueue_task_dl.cold+0x103/0x4c2 [ 82.471704][ T9877] Code: d0 48 8b 55 c8 4c 8b 4d b8 e9 64 7a ff ff 48 c7 c7 e0 a5 8b 87 4c 89 4d b0 48 89 55 b8 4c 89 45 c8 4c 89 55 d0 e8 6e 76 06 00 <0f> 0b 4c 8b 55 d0 b8 ff ff 37 00 48 c1 e0 2a 4c 8b 45 c8 48 8b 55 [ 82.491324][ T9877] RSP: 0018:ffff8880a0da7c88 EFLAGS: 00010082 [ 82.497399][ T9877] RAX: 0000000000000024 RBX: ffffffff89a529b4 RCX: 0000000000000000 [ 82.505384][ T9877] RDX: 0000000000000000 RSI: ffffffff815c3a26 RDI: ffffed10141b4f83 [ 82.513366][ T9877] RBP: ffff8880a0da7d00 R08: 0000000000000024 R09: ffffed1015d260b1 [ 82.521355][ T9877] R10: ffffed1015d260b0 R11: ffff8880ae930587 R12: ffff8880972402c0 [ 82.529350][ T9877] R13: ffff8880ae935540 R14: ffff8880ae935540 R15: 0000000000000001 [ 82.537354][ T9877] ? vprintk_func+0x86/0x189 [ 82.541959][ T9877] ? enqueue_task_dl.cold+0x103/0x4c2 [ 82.547353][ T9877] enqueue_task+0xb3/0x370 [ 82.551780][ T9877] __sched_setscheduler+0xc58/0x2030 [ 82.557068][ T9877] ? cpu_cgroup_fork+0xd0/0xd0 [ 82.561834][ T9877] ? __kasan_check_read+0x11/0x20 [ 82.566876][ T9877] __x64_sys_sched_setattr+0x1a1/0x280 [ 82.572391][ T9877] ? __ia32_sys_sched_setparam+0x80/0x80 [ 82.578026][ T9877] ? do_syscall_64+0x26/0x6a0 [ 82.582705][ T9877] ? lockdep_hardirqs_on+0x418/0x5d0 [ 82.588001][ T9877] ? trace_hardirqs_on+0x67/0x240 [ 82.593122][ T9877] do_syscall_64+0xfd/0x6a0 [ 82.597625][ T9877] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.603517][ T9877] RIP: 0033:0x446769 [ 82.607435][ T9877] Code: e8 bc b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 82.628095][ T9877] RSP: 002b:00007f0beebf4db8 EFLAGS: 00000246 ORIG_RAX: 000000000000013a [ 82.637132][ T9877] RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 0000000000446769 [ 82.645134][ T9877] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000000 [ 82.653116][ T9877] RBP: 00000000006dbc30 R08: 0000000000000000 R09: 0000000000000000 [ 82.661095][ T9877] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc3c [ 82.669081][ T9877] R13: 00007fff5677601f R14: 00007f0beebf59c0 R15: 0000000000000002 [ 82.677065][ T9877] [ 82.677071][ T9877] ====================================================== [ 82.677077][ T9877] WARNING: possible circular locking dependency detected [ 82.677081][ T9877] 5.2.0+ #63 Not tainted [ 82.677086][ T9877] ------------------------------------------------------ [ 82.677091][ T9877] syz-executor679/9877 is trying to acquire lock: [ 82.677095][ T9877] 000000007e142b93 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70 [ 82.677110][ T9877] [ 82.677115][ T9877] but task is already holding lock: [ 82.677118][ T9877] 00000000661b0386 (&rq->lock){-.-.}, at: task_rq_lock+0xc5/0x2c0 [ 82.677132][ T9877] [ 82.677137][ T9877] which lock already depends on the new lock. [ 82.677139][ T9877] [ 82.677142][ T9877] [ 82.677147][ T9877] the existing dependency chain (in reverse order) is: [ 82.677150][ T9877] [ 82.677152][ T9877] -> #2 (&rq->lock){-.-.}: [ 82.677167][ T9877] _raw_spin_lock+0x2f/0x40 [ 82.677171][ T9877] task_fork_fair+0x6a/0x520 [ 82.677175][ T9877] sched_fork+0x3af/0x900 [ 82.677179][ T9877] copy_process+0x1b04/0x6b00 [ 82.677183][ T9877] _do_fork+0x146/0xfa0 [ 82.677187][ T9877] kernel_thread+0xbb/0xf0 [ 82.677191][ T9877] rest_init+0x28/0x37b [ 82.677195][ T9877] arch_call_rest_init+0xe/0x1b [ 82.677199][ T9877] start_kernel+0x912/0x951 [ 82.677204][ T9877] x86_64_start_reservations+0x29/0x2b [ 82.677208][ T9877] x86_64_start_kernel+0x77/0x7b [ 82.677212][ T9877] secondary_startup_64+0xa4/0xb0 [ 82.677215][ T9877] [ 82.677218][ T9877] -> #1 (&p->pi_lock){-.-.}: [ 82.677232][ T9877] _raw_spin_lock_irqsave+0x95/0xcd [ 82.677236][ T9877] try_to_wake_up+0xb0/0x1aa0 [ 82.677241][ T9877] wake_up_process+0x10/0x20 [ 82.677245][ T9877] __up.isra.0+0x136/0x1a0 [ 82.677248][ T9877] up+0x9c/0xe0 [ 82.677252][ T9877] __up_console_sem+0xb7/0x1c0 [ 82.677256][ T9877] console_unlock+0x695/0xf10 [ 82.677260][ T9877] vprintk_emit+0x2a0/0x700 [ 82.677265][ T9877] vprintk_default+0x28/0x30 [ 82.677269][ T9877] vprintk_func+0x7e/0x189 [ 82.677272][ T9877] printk+0xba/0xed [ 82.677276][ T9877] regdb_fw_cb.cold+0x6c/0xa7 [ 82.677281][ T9877] request_firmware_work_func+0x137/0x275 [ 82.677285][ T9877] process_one_work+0x9af/0x1740 [ 82.677289][ T9877] worker_thread+0x98/0xe40 [ 82.677293][ T9877] kthread+0x361/0x430 [ 82.677297][ T9877] ret_from_fork+0x24/0x30 [ 82.677300][ T9877] [ 82.677302][ T9877] -> #0 ((console_sem).lock){-.-.}: [ 82.677317][ T9877] __lock_acquire+0x25a9/0x4c30 [ 82.677321][ T9877] lock_acquire+0x190/0x410 [ 82.677325][ T9877] _raw_spin_lock_irqsave+0x95/0xcd [ 82.677330][ T9877] down_trylock+0x13/0x70 [ 82.677334][ T9877] __down_trylock_console_sem+0xa8/0x210 [ 82.677338][ T9877] console_trylock+0x15/0xa0 [ 82.677342][ T9877] vprintk_emit+0x283/0x700 [ 82.677346][ T9877] vprintk_default+0x28/0x30 [ 82.677350][ T9877] vprintk_func+0x7e/0x189 [ 82.677354][ T9877] printk+0xba/0xed [ 82.677359][ T9877] enqueue_task_dl.cold+0x103/0x4c2 [ 82.677363][ T9877] enqueue_task+0xb3/0x370 [ 82.677367][ T9877] __sched_setscheduler+0xc58/0x2030 [ 82.677372][ T9877] __x64_sys_sched_setattr+0x1a1/0x280 [ 82.677376][ T9877] do_syscall_64+0xfd/0x6a0 [ 82.677381][ T9877] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.677383][ T9877] [ 82.677388][ T9877] other info that might help us debug this: [ 82.677390][ T9877] [ 82.677393][ T9877] Chain exists of: [ 82.677396][ T9877] (console_sem).lock --> &p->pi_lock --> &rq->lock [ 82.677414][ T9877] [ 82.677419][ T9877] Possible unsafe locking scenario: [ 82.677421][ T9877] [ 82.677425][ T9877] CPU0 CPU1 [ 82.677429][ T9877] ---- ---- [ 82.677432][ T9877] lock(&rq->lock); [ 82.677442][ T9877] lock(&p->pi_lock); [ 82.677451][ T9877] lock(&rq->lock); [ 82.677459][ T9877] lock((console_sem).lock); [ 82.677468][ T9877] [ 82.677471][ T9877] *** DEADLOCK *** [ 82.677474][ T9877] [ 82.677478][ T9877] 2 locks held by syz-executor679/9877: [ 82.677481][ T9877] #0: 00000000d2da2709 (&p->pi_lock){-.-.}, at: task_rq_lock+0x6a/0x2c0 [ 82.677503][ T9877] #1: 00000000661b0386 (&rq->lock){-.-.}, at: task_rq_lock+0xc5/0x2c0 [ 82.677520][ T9877] [ 82.677523][ T9877] stack backtrace: [ 82.677529][ T9877] CPU: 1 PID: 9877 Comm: syz-executor679 Not tainted 5.2.0+ #63 [ 82.677537][ T9877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.677540][ T9877] Call Trace: [ 82.677544][ T9877] dump_stack+0x172/0x1f0 [ 82.677548][ T9877] print_circular_bug.cold+0x163/0x172 [ 82.677552][ T9877] check_noncircular+0x345/0x3e0 [ 82.677556][ T9877] ? print_circular_bug+0x200/0x200 [ 82.677560][ T9877] ? __lockdep_reset_lock+0x450/0x450 [ 82.677565][ T9877] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 82.677569][ T9877] ? find_first_zero_bit+0x9a/0xc0 [ 82.677573][ T9877] __lock_acquire+0x25a9/0x4c30 [ 82.677577][ T9877] ? format_decode+0x25f/0xbc0 [ 82.677581][ T9877] ? mark_held_locks+0xf0/0xf0 [ 82.677585][ T9877] ? kvm_clock_read+0x18/0x30 [ 82.677589][ T9877] ? vprintk_emit+0x14b/0x700 [ 82.677593][ T9877] lock_acquire+0x190/0x410 [ 82.677597][ T9877] ? down_trylock+0x13/0x70 [ 82.677601][ T9877] _raw_spin_lock_irqsave+0x95/0xcd [ 82.677605][ T9877] ? down_trylock+0x13/0x70 [ 82.677608][ T9877] ? vprintk_emit+0x283/0x700 [ 82.677612][ T9877] down_trylock+0x13/0x70 [ 82.677616][ T9877] ? vprintk_emit+0x283/0x700 [ 82.677620][ T9877] __down_trylock_console_sem+0xa8/0x210 [ 82.677624][ T9877] console_trylock+0x15/0xa0 [ 82.677628][ T9877] vprintk_emit+0x283/0x700 [ 82.677632][ T9877] vprintk_default+0x28/0x30 [ 82.677635][ T9877] vprintk_func+0x7e/0x189 [ 82.677639][ T9877] printk+0xba/0xed [ 82.677643][ T9877] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 82.677647][ T9877] enqueue_task_dl.cold+0x103/0x4c2 [ 82.677651][ T9877] enqueue_task+0xb3/0x370 [ 82.677655][ T9877] __sched_setscheduler+0xc58/0x2030 [ 82.677659][ T9877] ? cpu_cgroup_fork+0xd0/0xd0 [ 82.677663][ T9877] ? __kasan_check_read+0x11/0x20 [ 82.677668][ T9877] __x64_sys_sched_setattr+0x1a1/0x280 [ 82.677672][ T9877] ? __ia32_sys_sched_setparam+0x80/0x80 [ 82.677676][ T9877] ? do_syscall_64+0x26/0x6a0 [ 82.677680][ T9877] ? lockdep_hardirqs_on+0x418/0x5d0 [ 82.677684][ T9877] ? trace_hardirqs_on+0x67/0x240 [ 82.677688][ T9877] do_syscall_64+0xfd/0x6a0 [ 82.677692][ T9877] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.677696][ T9877] RIP: 0033:0x446769 [ 82.677708][ T9877] Code: e8 bc b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 82.677713][ T9877] RSP: 002b:00007f0beebf4db8 EFLAGS: 00000246 ORIG_RAX: 000000000000013a [ 82.677723][ T9877] RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 0000000000446769 [ 82.677728][ T9877] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000000 [ 82.677734][ T9877] RBP: 00000000006dbc30 R08: 0000000000000000 R09: 0000000000000000 [ 82.677740][ T9877] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc3c [ 82.677745][ T9877] R13: 00007fff5677601f R14: 00007f0beebf59c0 R15: 0000000000000002 [ 83.814565][ T9877] Shutting down cpus with NMI [ 84.537660][ T9877] Kernel Offset: disabled [ 84.542026][ T9877] Rebooting in 86400 seconds..