[ 44.588109] audit: type=1800 audit(1584963746.894:30): pid=7837 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 44.619475] audit: type=1800 audit(1584963746.904:31): pid=7837 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 61.150901] kauditd_printk_skb: 4 callbacks suppressed [ 61.150914] audit: type=1400 audit(1584963763.494:36): avc: denied { map } for pid=8024 comm="syz-executor606" path="/root/syz-executor606388818" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 61.169459] IPVS: ftp: loaded support on port[0] = 21 [ 61.224941] ------------[ cut here ]------------ [ 61.230701] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 61.239890] WARNING: CPU: 0 PID: 8026 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 61.248631] Kernel panic - not syncing: panic_on_warn set ... [ 61.248631] [ 61.255978] CPU: 0 PID: 8026 Comm: syz-executor606 Not tainted 4.19.112-syzkaller #0 [ 61.263854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.273217] Call Trace: [ 61.275802] dump_stack+0x188/0x20d [ 61.279436] panic+0x26a/0x50e [ 61.282616] ? __warn_printk+0xf3/0xf3 [ 61.286489] ? debug_print_object+0x160/0x250 [ 61.290975] ? __probe_kernel_read+0x16c/0x1b0 [ 61.295546] ? __warn.cold+0x5/0x46 [ 61.299159] ? __warn+0xe4/0x1c0 [ 61.302511] ? debug_print_object+0x160/0x250 [ 61.306986] __warn.cold+0x20/0x46 [ 61.310510] ? debug_print_object+0x160/0x250 [ 61.315001] report_bug+0x262/0x2a0 [ 61.318611] do_error_trap+0x1d7/0x310 [ 61.322488] ? math_error+0x310/0x310 [ 61.326276] ? irq_work_claim+0xa6/0xc0 [ 61.330236] ? irq_work_queue+0x2b/0x80 [ 61.334198] ? wake_up_klogd+0x8c/0xc0 [ 61.338074] ? trace_hardirqs_off_caller+0x55/0x210 [ 61.343074] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 61.347908] invalid_op+0x14/0x20 [ 61.351360] RIP: 0010:debug_print_object+0x160/0x250 [ 61.357084] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 9b f6 e6 fd <0f> 0b 83 05 23 a5 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 61.375991] RSP: 0018:ffff88808cfcf268 EFLAGS: 00010086 [ 61.381340] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 61.388600] RDX: 0000000000000000 RSI: ffffffff8152d3a1 RDI: ffffed10119f9e3f [ 61.396115] RBP: 0000000000000001 R08: ffff888093d1c140 R09: ffffed1015cc3ee3 [ 61.403381] R10: ffffed1015cc3ee2 R11: ffff8880ae61f717 R12: ffffffff88b928c0 [ 61.410633] R13: 0000000000000000 R14: ffff888083b5da58 R15: 1ffff110119f9e5a [ 61.417994] ? vprintk_func+0x81/0x17e [ 61.421869] ? debug_print_object+0x160/0x250 [ 61.426346] debug_object_activate+0x357/0x4e0 [ 61.430907] ? debug_object_free+0x3e0/0x3e0 [ 61.435301] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 61.439884] ? route4_change+0xbab/0x2210 [ 61.444014] ? delayed_work_timer_fn+0x90/0x90 [ 61.448576] __call_rcu.constprop.0+0x31/0x7e0 [ 61.453141] ? mark_held_locks+0xa6/0xf0 [ 61.457185] queue_rcu_work+0x75/0x90 [ 61.460969] route4_change+0xe6a/0x2210 [ 61.464942] ? route4_init+0xa0/0xa0 [ 61.468637] ? route4_init+0xa0/0xa0 [ 61.472331] tc_new_tfilter+0xa6b/0x1450 [ 61.476385] ? tc_del_tfilter+0xd40/0xd40 [ 61.480533] ? __mutex_lock+0x3cd/0x1300 [ 61.484577] ? selinux_ipv4_output+0x50/0x50 [ 61.488968] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 61.493363] ? tc_del_tfilter+0xd40/0xd40 [ 61.497490] rtnetlink_rcv_msg+0x453/0xaf0 [ 61.501722] ? rtnetlink_put_metrics+0x520/0x520 [ 61.506488] ? find_held_lock+0x2d/0x110 [ 61.510546] netlink_rcv_skb+0x160/0x410 [ 61.514599] ? rtnetlink_put_metrics+0x520/0x520 [ 61.519342] ? netlink_ack+0xa60/0xa60 [ 61.523223] netlink_unicast+0x4d7/0x6a0 [ 61.527281] ? netlink_attachskb+0x710/0x710 [ 61.531677] netlink_sendmsg+0x80b/0xcd0 [ 61.535720] ? netlink_unicast+0x6a0/0x6a0 [ 61.539934] ? move_addr_to_kernel.part.0+0x110/0x110 [ 61.545139] ? netlink_unicast+0x6a0/0x6a0 [ 61.549354] sock_sendmsg+0xcf/0x120 [ 61.553066] ___sys_sendmsg+0x803/0x920 [ 61.557080] ? copy_msghdr_from_user+0x410/0x410 [ 61.561891] ? __fget+0x319/0x510 [ 61.565335] ? lock_downgrade+0x740/0x740 [ 61.569481] ? check_preemption_disabled+0x41/0x280 [ 61.574493] ? __fget+0x340/0x510 [ 61.577930] ? iterate_fd+0x350/0x350 [ 61.581712] ? find_held_lock+0x2d/0x110 [ 61.585763] ? __fd_install+0x1b4/0x610 [ 61.589730] ? __fget_light+0x1d1/0x230 [ 61.593709] __sys_sendmsg+0xec/0x1b0 [ 61.597493] ? __ia32_sys_shutdown+0x70/0x70 [ 61.601883] ? __x64_sys_futex+0x386/0x4f0 [ 61.606104] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 61.610842] ? trace_hardirqs_off_caller+0x55/0x210 [ 61.615852] ? do_syscall_64+0x21/0x620 [ 61.619812] do_syscall_64+0xf9/0x620 [ 61.623600] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.628784] RIP: 0033:0x446f59 [ 61.631961] Code: e8 4c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.650853] RSP: 002b:00007f605d6c2d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 61.659419] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 0000000000446f59 [ 61.666669] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 61.673930] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 61.681183] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc6c [ 61.688432] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 61.695702] [ 61.695705] ====================================================== [ 61.695708] WARNING: possible circular locking dependency detected [ 61.695710] 4.19.112-syzkaller #0 Not tainted [ 61.695713] ------------------------------------------------------ [ 61.695716] syz-executor606/8026 is trying to acquire lock: [ 61.695718] 00000000dcf39457 ((console_sem).lock){-.-.}, at: down_trylock+0xe/0x60 [ 61.695725] [ 61.695727] but task is already holding lock: [ 61.695729] 00000000ed6c372a (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 61.695736] [ 61.695739] which lock already depends on the new lock. [ 61.695740] [ 61.695741] [ 61.695744] the existing dependency chain (in reverse order) is: [ 61.695745] [ 61.695746] -> #5 (&obj_hash[i].lock){-.-.}: [ 61.695753] debug_object_activate+0x131/0x4e0 [ 61.695755] enqueue_hrtimer+0x27/0x3f0 [ 61.695758] hrtimer_start_range_ns+0x580/0xbe0 [ 61.695760] schedule_hrtimeout_range_clock+0x17a/0x360 [ 61.695762] wait_task_inactive+0x443/0x550 [ 61.695764] __kthread_bind_mask+0x1f/0xb0 [ 61.695767] init_rescuer.part.0+0xf2/0x190 [ 61.695770] workqueue_init+0x504/0x7e9 [ 61.695772] kernel_init_freeable+0x2bd/0x5bb [ 61.695774] kernel_init+0xd/0x1c2 [ 61.695776] ret_from_fork+0x24/0x30 [ 61.695777] [ 61.695778] -> #4 (hrtimer_bases.lock){-.-.}: [ 61.695786] lock_hrtimer_base.isra.0+0x6d/0x120 [ 61.695788] hrtimer_start_range_ns+0xf5/0xbe0 [ 61.695790] enqueue_task_rt+0x97f/0xdf0 [ 61.695793] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 61.695795] _sched_setscheduler+0xee/0x180 [ 61.695797] watchdog_dev_init+0xdd/0x1ae [ 61.695799] watchdog_init+0x14/0x17e [ 61.695801] do_one_initcall+0xf1/0x734 [ 61.695803] kernel_init_freeable+0x4c9/0x5bb [ 61.695805] kernel_init+0xd/0x1c2 [ 61.695807] ret_from_fork+0x24/0x30 [ 61.695808] [ 61.695809] -> #3 (&rt_b->rt_runtime_lock){-...}: [ 61.695816] rq_online_rt+0xaf/0x390 [ 61.695818] set_rq_online.part.0+0xe3/0x140 [ 61.695821] sched_cpu_activate+0x17f/0x270 [ 61.695823] cpuhp_invoke_callback+0x213/0x1bb0 [ 61.695825] cpuhp_thread_fun+0x440/0x840 [ 61.695827] smpboot_thread_fn+0x653/0x9d0 [ 61.695829] kthread+0x34a/0x420 [ 61.695831] ret_from_fork+0x24/0x30 [ 61.695832] [ 61.695833] -> #2 (&rq->lock){-.-.}: [ 61.695840] task_fork_fair+0x6a/0x520 [ 61.695842] sched_fork+0x3a7/0x8b0 [ 61.695844] copy_process.part.0+0x187d/0x7a60 [ 61.695846] _do_fork+0x22f/0xf40 [ 61.695848] kernel_thread+0x2f/0x40 [ 61.695850] rest_init+0x1f/0x212 [ 61.695852] start_kernel+0x7e4/0x81c [ 61.695854] secondary_startup_64+0xa4/0xb0 [ 61.695855] [ 61.695856] -> #1 (&p->pi_lock){-.-.}: [ 61.695863] try_to_wake_up+0x80/0xe90 [ 61.695864] up+0x92/0xe0 [ 61.695867] __up_console_sem+0xb3/0x1c0 [ 61.695869] console_unlock+0x64d/0xfe0 [ 61.695871] vprintk_emit+0x282/0x6e0 [ 61.695872] vprintk_func+0x79/0x17e [ 61.695874] printk+0xba/0xed [ 61.695876] kauditd_hold_skb.cold+0x41/0x50 [ 61.695879] kauditd_send_queue+0x12d/0x170 [ 61.695881] kauditd_thread+0x6f4/0xa20 [ 61.695882] kthread+0x34a/0x420 [ 61.695884] ret_from_fork+0x24/0x30 [ 61.695886] [ 61.695887] -> #0 ((console_sem).lock){-.-.}: [ 61.695894] _raw_spin_lock_irqsave+0x8c/0xbf [ 61.695896] down_trylock+0xe/0x60 [ 61.695898] __down_trylock_console_sem+0xa3/0x210 [ 61.695900] console_trylock+0x12/0x90 [ 61.695902] vprintk_emit+0x269/0x6e0 [ 61.695904] vprintk_func+0x79/0x17e [ 61.695906] printk+0xba/0xed [ 61.695908] __warn_printk+0x9b/0xf3 [ 61.695910] debug_print_object+0x160/0x250 [ 61.695912] debug_object_activate+0x357/0x4e0 [ 61.695914] __call_rcu.constprop.0+0x31/0x7e0 [ 61.695916] queue_rcu_work+0x75/0x90 [ 61.695918] route4_change+0xe6a/0x2210 [ 61.695920] tc_new_tfilter+0xa6b/0x1450 [ 61.695923] rtnetlink_rcv_msg+0x453/0xaf0 [ 61.695925] netlink_rcv_skb+0x160/0x410 [ 61.695927] netlink_unicast+0x4d7/0x6a0 [ 61.695929] netlink_sendmsg+0x80b/0xcd0 [ 61.695931] sock_sendmsg+0xcf/0x120 [ 61.695933] ___sys_sendmsg+0x803/0x920 [ 61.695935] __sys_sendmsg+0xec/0x1b0 [ 61.695937] do_syscall_64+0xf9/0x620 [ 61.695939] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.695941] [ 61.695943] other info that might help us debug this: [ 61.695944] [ 61.695946] Chain exists of: [ 61.695947] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 61.695956] [ 61.695958] Possible unsafe locking scenario: [ 61.695959] [ 61.695961] CPU0 CPU1 [ 61.695963] ---- ---- [ 61.695964] lock(&obj_hash[i].lock); [ 61.695969] lock(hrtimer_bases.lock); [ 61.695974] lock(&obj_hash[i].lock); [ 61.695978] lock((console_sem).lock); [ 61.695982] [ 61.695983] *** DEADLOCK *** [ 61.695984] [ 61.695987] 2 locks held by syz-executor606/8026: [ 61.695988] #0: 00000000ba8f8c4b (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 61.695996] #1: 00000000ed6c372a (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 61.696005] [ 61.696006] stack backtrace: [ 61.696010] CPU: 0 PID: 8026 Comm: syz-executor606 Not tainted 4.19.112-syzkaller #0 [ 61.696013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.696015] Call Trace: [ 61.696017] dump_stack+0x188/0x20d [ 61.696019] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 61.696021] __lock_acquire+0x2e19/0x49c0 [ 61.696024] ? add_lock_to_list.isra.0+0x179/0x330 [ 61.696026] ? save_trace+0xd6/0x290 [ 61.696028] ? mark_held_locks+0xf0/0xf0 [ 61.696030] ? format_decode+0x230/0xad0 [ 61.696032] ? kvm_clock_read+0x14/0x30 [ 61.696034] lock_acquire+0x170/0x400 [ 61.696036] ? down_trylock+0xe/0x60 [ 61.696038] _raw_spin_lock_irqsave+0x8c/0xbf [ 61.696040] ? down_trylock+0xe/0x60 [ 61.696042] down_trylock+0xe/0x60 [ 61.696044] ? vprintk_emit+0x269/0x6e0 [ 61.696046] __down_trylock_console_sem+0xa3/0x210 [ 61.696048] console_trylock+0x12/0x90 [ 61.696050] vprintk_emit+0x269/0x6e0 [ 61.696052] vprintk_func+0x79/0x17e [ 61.696053] printk+0xba/0xed [ 61.696056] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 61.696058] ? __warn_printk+0x8f/0xf3 [ 61.696060] __warn_printk+0x9b/0xf3 [ 61.696062] ? add_taint.cold+0x16/0x16 [ 61.696064] ? do_syscall_64+0xf9/0x620 [ 61.696066] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.696068] debug_print_object+0x160/0x250 [ 61.696070] debug_object_activate+0x357/0x4e0 [ 61.696073] ? debug_object_free+0x3e0/0x3e0 [ 61.696075] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 61.696077] ? route4_change+0xbab/0x2210 [ 61.696079] ? delayed_work_timer_fn+0x90/0x90 [ 61.696081] __call_rcu.constprop.0+0x31/0x7e0 [ 61.696083] ? mark_held_locks+0xa6/0xf0 [ 61.696085] queue_rcu_work+0x75/0x90 [ 61.696087] route4_change+0xe6a/0x2210 [ 61.696089] ? route4_init+0xa0/0xa0 [ 61.696091] ? route4_init+0xa0/0xa0 [ 61.696093] tc_new_tfilter+0xa6b/0x1450 [ 61.696095] ? tc_del_tfilter+0xd40/0xd40 [ 61.696097] ? __mutex_lock+0x3cd/0x1300 [ 61.696099] ? selinux_ipv4_output+0x50/0x50 [ 61.696101] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 61.696104] ? tc_del_tfilter+0xd40/0xd40 [ 61.696106] rtnetlink_rcv_msg+0x453/0xaf0 [ 61.696108] ? rtnetlink_put_metrics+0x520/0x520 [ 61.696110] ? find_held_lock+0x2d/0x110 [ 61.696112] netlink_rcv_skb+0x160/0x410 [ 61.696114] ? rtnetlink_put_metrics+0x520/0x520 [ 61.696116] ? netlink_ack+0xa60/0xa60 [ 61.696118] netlink_unicast+0x4d7/0x6a0 [ 61.696120] ? netlink_attachskb+0x710/0x710 [ 61.696122] netlink_sendmsg+0x80b/0xcd0 [ 61.696124] ? netlink_unicast+0x6a0/0x6a0 [ 61.696127] ? move_addr_to_kernel.part.0+0x110/0x110 [ 61.696129] ? netlink_unicast+0x6a0/0x6a0 [ 61.696131] sock_sendmsg+0xcf/0x120 [ 61.696133] ___sys_sendmsg+0x803/0x920 [ 61.696135] ? copy_msghdr_from_user+0x410/0x410 [ 61.696137] ? __fget+0x319/0x510 [ 61.696139] ? lock_downgrade+0x740/0x740 [ 61.696141] ? check_preemption_disabled+0x41/0x280 [ 61.696143] ? __fget+0x340/0x510 [ 61.696145] ? iterate_fd+0x350/0x350 [ 61.696147] ? find_held_lock+0x2d/0x110 [ 61.696149] ? __fd_install+0x1b4/0x610 [ 61.696151] ? __fget_light+0x1d1/0x230 [ 61.696153] __sys_sendmsg+0xec/0x1b0 [ 61.696155] ? __ia32_sys_shutdown+0x70/0x70 [ 61.696157] ? __x64_sys_futex+0x386/0x4f0 [ 61.696160] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 61.696162] ? trace_hardirqs_off_caller+0x55/0x210 [ 61.696164] ? do_syscall_64+0x21/0x620 [ 61.696166] do_syscall_64+0xf9/0x620 [ 61.696168] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.696170] RIP: 0033:0x446f59 [ 61.696177] Code: e8 4c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.696180] RSP: 002b:00007f605d6c2d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 61.696185] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 0000000000446f59 [ 61.696188] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 61.696191] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 61.696194] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc6c [ 61.696197] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 61.697757] Kernel Offset: disabled [ 62.623206] Rebooting in 86400 seconds..