[ 43.804520] audit: type=1800 audit(1584425115.665:31): pid=7920 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 43.843645] audit: type=1800 audit(1584425115.665:32): pid=7920 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.215' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 53.522555] kauditd_printk_skb: 3 callbacks suppressed [ 53.522569] audit: type=1400 audit(1584425125.435:36): avc: denied { map } for pid=8104 comm="syz-executor797" path="/root/syz-executor797838789" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 53.537638] IPVS: ftp: loaded support on port[0] = 21 [ 53.591692] ------------[ cut here ]------------ [ 53.597519] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 53.607869] WARNING: CPU: 1 PID: 8108 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 53.616829] Kernel panic - not syncing: panic_on_warn set ... [ 53.616829] [ 53.624447] CPU: 1 PID: 8108 Comm: syz-executor797 Not tainted 4.19.110-syzkaller #0 [ 53.632520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.644385] Call Trace: [ 53.646979] dump_stack+0x188/0x20d [ 53.650614] panic+0x26a/0x50e [ 53.653810] ? __warn_printk+0xf3/0xf3 [ 53.657784] ? debug_print_object+0x160/0x250 [ 53.662327] ? __probe_kernel_read+0x16c/0x1b0 [ 53.666920] ? __warn.cold+0x5/0x46 [ 53.670787] ? __warn+0xe4/0x1c0 [ 53.674163] ? debug_print_object+0x160/0x250 [ 53.679060] __warn.cold+0x20/0x46 [ 53.682818] ? debug_print_object+0x160/0x250 [ 53.687473] report_bug+0x262/0x2a0 [ 53.691452] do_error_trap+0x1d7/0x310 [ 53.695478] ? math_error+0x310/0x310 [ 53.699272] ? irq_work_claim+0xa6/0xc0 [ 53.703250] ? irq_work_queue+0x2b/0x80 [ 53.709401] ? wake_up_klogd+0x8c/0xc0 [ 53.713497] ? trace_hardirqs_off_caller+0x55/0x210 [ 53.718752] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.723596] invalid_op+0x14/0x20 [ 53.727055] RIP: 0010:debug_print_object+0x160/0x250 [ 53.732437] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 9b f8 e6 fd <0f> 0b 83 05 a3 a5 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 53.751422] RSP: 0018:ffff88808c99f268 EFLAGS: 00010086 [ 53.756873] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 53.764693] RDX: 0000000000000000 RSI: ffffffff8152d2f1 RDI: ffffed1011933e3f [ 53.772301] RBP: 0000000000000001 R08: ffff8880a5538200 R09: ffffed1015ce3ee3 [ 53.780036] R10: ffffed1015ce3ee2 R11: ffff8880ae71f717 R12: ffffffff88b928c0 [ 53.787595] R13: 0000000000000000 R14: ffff8880a820f588 R15: 1ffff11011933e5a [ 53.795925] ? vprintk_func+0x81/0x17e [ 53.799833] ? debug_print_object+0x160/0x250 [ 53.804547] debug_object_activate+0x357/0x4e0 [ 53.809395] ? debug_object_free+0x3e0/0x3e0 [ 53.813803] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 53.818532] ? route4_change+0xbab/0x2210 [ 53.822680] ? delayed_work_timer_fn+0x90/0x90 [ 53.827460] __call_rcu.constprop.0+0x31/0x7e0 [ 53.832073] ? mark_held_locks+0xa6/0xf0 [ 53.836333] queue_rcu_work+0x75/0x90 [ 53.840245] route4_change+0xe6a/0x2210 [ 53.844436] ? route4_init+0xa0/0xa0 [ 53.848423] ? route4_init+0xa0/0xa0 [ 53.852260] tc_new_tfilter+0xa6b/0x1450 [ 53.856641] ? tc_del_tfilter+0xd40/0xd40 [ 53.861039] ? __mutex_lock+0x3cd/0x1300 [ 53.865190] ? selinux_ipv4_output+0x50/0x50 [ 53.869613] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 53.874448] ? tc_del_tfilter+0xd40/0xd40 [ 53.879083] rtnetlink_rcv_msg+0x453/0xaf0 [ 53.883840] ? rtnetlink_put_metrics+0x520/0x520 [ 53.888888] ? find_held_lock+0x2d/0x110 [ 53.892971] netlink_rcv_skb+0x160/0x410 [ 53.897940] ? rtnetlink_put_metrics+0x520/0x520 [ 53.902951] ? netlink_ack+0xa60/0xa60 [ 53.907151] netlink_unicast+0x4d7/0x6a0 [ 53.911423] ? netlink_attachskb+0x710/0x710 [ 53.915834] netlink_sendmsg+0x80b/0xcd0 [ 53.919944] ? netlink_unicast+0x6a0/0x6a0 [ 53.924315] ? move_addr_to_kernel.part.0+0x110/0x110 [ 53.929590] ? netlink_unicast+0x6a0/0x6a0 [ 53.934531] sock_sendmsg+0xcf/0x120 [ 53.938399] ___sys_sendmsg+0x803/0x920 [ 53.942458] ? copy_msghdr_from_user+0x410/0x410 [ 53.947340] ? __fget+0x319/0x510 [ 53.950802] ? lock_downgrade+0x740/0x740 [ 53.955204] ? check_preemption_disabled+0x41/0x280 [ 53.960635] ? __fget+0x340/0x510 [ 53.964440] ? iterate_fd+0x350/0x350 [ 53.968238] ? find_held_lock+0x2d/0x110 [ 53.973013] ? __fd_install+0x1b4/0x610 [ 53.976990] ? __fget_light+0x1d1/0x230 [ 53.980961] __sys_sendmsg+0xec/0x1b0 [ 53.985036] ? __ia32_sys_shutdown+0x70/0x70 [ 53.989676] ? __x64_sys_futex+0x386/0x4f0 [ 53.994060] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 53.998814] ? trace_hardirqs_off_caller+0x55/0x210 [ 54.003999] ? do_syscall_64+0x21/0x620 [ 54.008230] do_syscall_64+0xf9/0x620 [ 54.012155] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.018383] RIP: 0033:0x446e09 [ 54.021623] Code: e8 bc b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.041496] RSP: 002b:00007fae6111ad98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 54.049708] RAX: ffffffffffffffda RBX: 00000000006dbc78 RCX: 0000000000446e09 [ 54.057311] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 54.064876] RBP: 00000000006dbc70 R08: 0000000000000000 R09: 0000000000000000 [ 54.072534] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc7c [ 54.080074] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 54.087346] [ 54.087349] ====================================================== [ 54.087352] WARNING: possible circular locking dependency detected [ 54.087354] 4.19.110-syzkaller #0 Not tainted [ 54.087357] ------------------------------------------------------ [ 54.087360] syz-executor797/8108 is trying to acquire lock: [ 54.087361] 00000000be0375e1 ((console_sem).lock){-...}, at: down_trylock+0xe/0x60 [ 54.087369] [ 54.087371] but task is already holding lock: [ 54.087373] 00000000eb17c35b (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 54.087381] [ 54.087383] which lock already depends on the new lock. [ 54.087384] [ 54.087386] [ 54.087388] the existing dependency chain (in reverse order) is: [ 54.087389] [ 54.087391] -> #5 (&obj_hash[i].lock){-.-.}: [ 54.087398] debug_object_activate+0x131/0x4e0 [ 54.087400] enqueue_hrtimer+0x27/0x3f0 [ 54.087402] hrtimer_start_range_ns+0x580/0xbe0 [ 54.087405] schedule_hrtimeout_range_clock+0x17a/0x360 [ 54.087407] wait_task_inactive+0x443/0x550 [ 54.087409] __kthread_bind_mask+0x1f/0xb0 [ 54.087412] init_rescuer.part.0+0xf2/0x190 [ 54.087414] workqueue_init+0x504/0x7e9 [ 54.087416] kernel_init_freeable+0x2bd/0x5bb [ 54.087418] kernel_init+0xd/0x1c0 [ 54.087420] ret_from_fork+0x24/0x30 [ 54.087421] [ 54.087422] -> #4 (hrtimer_bases.lock){-.-.}: [ 54.087430] lock_hrtimer_base.isra.0+0x6d/0x120 [ 54.087432] hrtimer_start_range_ns+0xf5/0xbe0 [ 54.087434] enqueue_task_rt+0x97f/0xdf0 [ 54.087437] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 54.087439] _sched_setscheduler+0xee/0x180 [ 54.087441] watchdog_dev_init+0xdd/0x1ae [ 54.087443] watchdog_init+0x14/0x17e [ 54.087445] do_one_initcall+0xf1/0x734 [ 54.087448] kernel_init_freeable+0x4c9/0x5bb [ 54.087450] kernel_init+0xd/0x1c0 [ 54.087452] ret_from_fork+0x24/0x30 [ 54.087453] [ 54.087454] -> #3 (&rt_b->rt_runtime_lock){-...}: [ 54.087461] rq_online_rt+0xaf/0x390 [ 54.087463] set_rq_online.part.0+0xe3/0x140 [ 54.087465] sched_cpu_activate+0x17f/0x270 [ 54.087468] cpuhp_invoke_callback+0x213/0x1bb0 [ 54.087470] cpuhp_thread_fun+0x440/0x840 [ 54.087472] smpboot_thread_fn+0x653/0x9d0 [ 54.087474] kthread+0x34a/0x420 [ 54.087476] ret_from_fork+0x24/0x30 [ 54.087477] [ 54.087478] -> #2 (&rq->lock){-.-.}: [ 54.087485] task_fork_fair+0x6a/0x520 [ 54.087487] sched_fork+0x3a7/0x8b0 [ 54.087489] copy_process.part.0+0x187d/0x7a60 [ 54.087491] _do_fork+0x22f/0xf40 [ 54.087493] kernel_thread+0x2f/0x40 [ 54.087495] rest_init+0x1f/0x212 [ 54.087497] start_kernel+0x7e4/0x81c [ 54.087499] secondary_startup_64+0xa4/0xb0 [ 54.087500] [ 54.087502] -> #1 (&p->pi_lock){-.-.}: [ 54.087508] try_to_wake_up+0x80/0xe90 [ 54.087510] up+0x92/0xe0 [ 54.087512] __up_console_sem+0xb3/0x1c0 [ 54.087514] console_unlock+0x64d/0xfe0 [ 54.087516] vprintk_emit+0x282/0x6e0 [ 54.087518] vprintk_func+0x79/0x17e [ 54.087520] printk+0xba/0xed [ 54.087526] regdb_fw_cb.cold+0x18/0x9c [ 54.087529] request_firmware_work_func+0x126/0x250 [ 54.087531] process_one_work+0x91f/0x1640 [ 54.087533] worker_thread+0x96/0xe20 [ 54.087535] kthread+0x34a/0x420 [ 54.087537] ret_from_fork+0x24/0x30 [ 54.087538] [ 54.087539] -> #0 ((console_sem).lock){-...}: [ 54.087546] _raw_spin_lock_irqsave+0x8c/0xbf [ 54.087548] down_trylock+0xe/0x60 [ 54.087551] __down_trylock_console_sem+0xa3/0x210 [ 54.087553] console_trylock+0x12/0x90 [ 54.087555] vprintk_emit+0x269/0x6e0 [ 54.087557] vprintk_func+0x79/0x17e [ 54.087559] printk+0xba/0xed [ 54.087561] __warn_printk+0x9b/0xf3 [ 54.087563] debug_print_object+0x160/0x250 [ 54.087565] debug_object_activate+0x357/0x4e0 [ 54.087567] __call_rcu.constprop.0+0x31/0x7e0 [ 54.087570] queue_rcu_work+0x75/0x90 [ 54.087572] route4_change+0xe6a/0x2210 [ 54.087574] tc_new_tfilter+0xa6b/0x1450 [ 54.087576] rtnetlink_rcv_msg+0x453/0xaf0 [ 54.087578] netlink_rcv_skb+0x160/0x410 [ 54.087580] netlink_unicast+0x4d7/0x6a0 [ 54.087583] netlink_sendmsg+0x80b/0xcd0 [ 54.087585] sock_sendmsg+0xcf/0x120 [ 54.087587] ___sys_sendmsg+0x803/0x920 [ 54.087589] __sys_sendmsg+0xec/0x1b0 [ 54.087591] do_syscall_64+0xf9/0x620 [ 54.087593] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.087594] [ 54.087597] other info that might help us debug this: [ 54.087598] [ 54.087599] Chain exists of: [ 54.087600] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 54.087610] [ 54.087612] Possible unsafe locking scenario: [ 54.087613] [ 54.087615] CPU0 CPU1 [ 54.087617] ---- ---- [ 54.087618] lock(&obj_hash[i].lock); [ 54.087625] lock(hrtimer_bases.lock); [ 54.087633] lock(&obj_hash[i].lock); [ 54.087640] lock((console_sem).lock); [ 54.087647] [ 54.087650] *** DEADLOCK *** [ 54.087651] [ 54.087655] 2 locks held by syz-executor797/8108: [ 54.087657] #0: 0000000048a8b94d (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 54.087671] #1: 00000000eb17c35b (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 54.087686] [ 54.087689] stack backtrace: [ 54.087694] CPU: 1 PID: 8108 Comm: syz-executor797 Not tainted 4.19.110-syzkaller #0 [ 54.087701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.087703] Call Trace: [ 54.087707] dump_stack+0x188/0x20d [ 54.087711] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 54.087715] __lock_acquire+0x2e19/0x49c0 [ 54.087719] ? add_lock_to_list.isra.0+0x179/0x330 [ 54.087723] ? save_trace+0xd6/0x290 [ 54.087726] ? mark_held_locks+0xf0/0xf0 [ 54.087730] ? format_decode+0x230/0xad0 [ 54.087733] ? kvm_clock_read+0x14/0x30 [ 54.087736] lock_acquire+0x170/0x400 [ 54.087740] ? down_trylock+0xe/0x60 [ 54.087743] _raw_spin_lock_irqsave+0x8c/0xbf [ 54.087747] ? down_trylock+0xe/0x60 [ 54.087750] down_trylock+0xe/0x60 [ 54.087753] ? vprintk_emit+0x269/0x6e0 [ 54.087757] __down_trylock_console_sem+0xa3/0x210 [ 54.087761] console_trylock+0x12/0x90 [ 54.087764] vprintk_emit+0x269/0x6e0 [ 54.087767] vprintk_func+0x79/0x17e [ 54.087770] printk+0xba/0xed [ 54.087773] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 54.087775] ? __warn_printk+0x8f/0xf3 [ 54.087777] __warn_printk+0x9b/0xf3 [ 54.087779] ? add_taint.cold+0x16/0x16 [ 54.087781] ? do_syscall_64+0xf9/0x620 [ 54.087783] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.087786] debug_print_object+0x160/0x250 [ 54.087788] debug_object_activate+0x357/0x4e0 [ 54.087790] ? debug_object_free+0x3e0/0x3e0 [ 54.087792] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 54.087794] ? route4_change+0xbab/0x2210 [ 54.087797] ? delayed_work_timer_fn+0x90/0x90 [ 54.087799] __call_rcu.constprop.0+0x31/0x7e0 [ 54.087801] ? mark_held_locks+0xa6/0xf0 [ 54.087803] queue_rcu_work+0x75/0x90 [ 54.087805] route4_change+0xe6a/0x2210 [ 54.087807] ? route4_init+0xa0/0xa0 [ 54.087809] ? route4_init+0xa0/0xa0 [ 54.087811] tc_new_tfilter+0xa6b/0x1450 [ 54.087813] ? tc_del_tfilter+0xd40/0xd40 [ 54.087815] ? __mutex_lock+0x3cd/0x1300 [ 54.087817] ? selinux_ipv4_output+0x50/0x50 [ 54.087820] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 54.087822] ? tc_del_tfilter+0xd40/0xd40 [ 54.087824] rtnetlink_rcv_msg+0x453/0xaf0 [ 54.087826] ? rtnetlink_put_metrics+0x520/0x520 [ 54.087828] ? find_held_lock+0x2d/0x110 [ 54.087830] netlink_rcv_skb+0x160/0x410 [ 54.087833] ? rtnetlink_put_metrics+0x520/0x520 [ 54.087835] ? netlink_ack+0xa60/0xa60 [ 54.087837] netlink_unicast+0x4d7/0x6a0 [ 54.087839] ? netlink_attachskb+0x710/0x710 [ 54.087841] netlink_sendmsg+0x80b/0xcd0 [ 54.087843] ? netlink_unicast+0x6a0/0x6a0 [ 54.087845] ? move_addr_to_kernel.part.0+0x110/0x110 [ 54.087847] ? netlink_unicast+0x6a0/0x6a0 [ 54.087849] sock_sendmsg+0xcf/0x120 [ 54.087851] ___sys_sendmsg+0x803/0x920 [ 54.087854] ? copy_msghdr_from_user+0x410/0x410 [ 54.087856] ? __fget+0x319/0x510 [ 54.087858] ? lock_downgrade+0x740/0x740 [ 54.087860] ? check_preemption_disabled+0x41/0x280 [ 54.087862] ? __fget+0x340/0x510 [ 54.087864] ? iterate_fd+0x350/0x350 [ 54.087866] ? find_held_lock+0x2d/0x110 [ 54.087868] ? __fd_install+0x1b4/0x610 [ 54.087870] ? __fget_light+0x1d1/0x230 [ 54.087872] __sys_sendmsg+0xec/0x1b0 [ 54.087874] ? __ia32_sys_shutdown+0x70/0x70 [ 54.087876] ? __x64_sys_futex+0x386/0x4f0 [ 54.087879] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 54.087881] ? trace_hardirqs_off_caller+0x55/0x210 [ 54.087883] ? do_syscall_64+0x21/0x620 [ 54.087885] do_syscall_64+0xf9/0x620 [ 54.087888] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.087889] RIP: 0033:0x446e09 [ 54.087896] Code: e8 bc b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.087899] RSP: 002b:00007fae6111ad98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 54.087905] RAX: ffffffffffffffda RBX: 00000000006dbc78 RCX: 0000000000446e09 [ 54.087908] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 54.087911] RBP: 00000000006dbc70 R08: 0000000000000000 R09: 0000000000000000 [ 54.087914] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc7c [ 54.087917] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 54.089749] Kernel Offset: disabled [ 55.067425] Rebooting in 86400 seconds..