Warning: Permanently added '10.128.0.132' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 56.106726] kauditd_printk_skb: 3 callbacks suppressed [ 56.106741] audit: type=1400 audit(1585064477.348:36): avc: denied { map } for pid=8108 comm="syz-executor515" path="/root/syz-executor515903356" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 56.129719] IPVS: ftp: loaded support on port[0] = 21 [ 56.174544] ------------[ cut here ]------------ [ 56.181071] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 56.190347] WARNING: CPU: 1 PID: 8110 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 56.199209] Kernel panic - not syncing: panic_on_warn set ... [ 56.199209] [ 56.206573] CPU: 1 PID: 8110 Comm: syz-executor515 Not tainted 4.19.112-syzkaller #0 [ 56.214448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.223802] Call Trace: [ 56.226418] dump_stack+0x188/0x20d [ 56.230150] panic+0x26a/0x50e [ 56.233334] ? __warn_printk+0xf3/0xf3 [ 56.237222] ? debug_print_object+0x160/0x250 [ 56.241721] ? __probe_kernel_read+0x16c/0x1b0 [ 56.246309] ? __warn.cold+0x5/0x46 [ 56.249942] ? __warn+0xe4/0x1c0 [ 56.253314] ? debug_print_object+0x160/0x250 [ 56.257805] __warn.cold+0x20/0x46 [ 56.261350] ? debug_print_object+0x160/0x250 [ 56.265849] report_bug+0x262/0x2a0 [ 56.269482] do_error_trap+0x1d7/0x310 [ 56.273420] ? math_error+0x310/0x310 [ 56.277245] ? irq_work_claim+0xa6/0xc0 [ 56.281336] ? irq_work_queue+0x2b/0x80 [ 56.285666] ? wake_up_klogd+0x8c/0xc0 [ 56.289557] ? trace_hardirqs_off_caller+0x55/0x210 [ 56.294580] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.299436] invalid_op+0x14/0x20 [ 56.302877] RIP: 0010:debug_print_object+0x160/0x250 [ 56.307973] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 9b f6 e6 fd <0f> 0b 83 05 23 a5 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 56.327007] RSP: 0018:ffff8880974a7268 EFLAGS: 00010086 [ 56.332357] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 56.339748] RDX: 0000000000000000 RSI: ffffffff8152d3a1 RDI: ffffed1012e94e3f [ 56.347793] RBP: 0000000000000001 R08: ffff8880972c0680 R09: ffffed1015ce3ee3 [ 56.355202] R10: ffffed1015ce3ee2 R11: ffff8880ae71f717 R12: ffffffff88b928c0 [ 56.362479] R13: 0000000000000000 R14: ffff888091fe5cf8 R15: 1ffff11012e94e5a [ 56.369749] ? vprintk_func+0x81/0x17e [ 56.373647] ? debug_print_object+0x160/0x250 [ 56.378146] debug_object_activate+0x357/0x4e0 [ 56.382943] ? debug_object_free+0x3e0/0x3e0 [ 56.387471] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 56.392340] ? route4_change+0xbab/0x2210 [ 56.396519] ? delayed_work_timer_fn+0x90/0x90 [ 56.401704] __call_rcu.constprop.0+0x31/0x7e0 [ 56.406520] ? mark_held_locks+0xa6/0xf0 [ 56.410647] queue_rcu_work+0x75/0x90 [ 56.415443] route4_change+0xe6a/0x2210 [ 56.420171] ? route4_init+0xa0/0xa0 [ 56.424524] ? route4_init+0xa0/0xa0 [ 56.428302] tc_new_tfilter+0xa6b/0x1450 [ 56.432502] ? tc_del_tfilter+0xd40/0xd40 [ 56.436656] ? __mutex_lock+0x3cd/0x1300 [ 56.440795] ? selinux_ipv4_output+0x50/0x50 [ 56.445378] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 56.449801] ? tc_del_tfilter+0xd40/0xd40 [ 56.454162] rtnetlink_rcv_msg+0x453/0xaf0 [ 56.458405] ? rtnetlink_put_metrics+0x520/0x520 [ 56.463226] ? find_held_lock+0x2d/0x110 [ 56.467280] netlink_rcv_skb+0x160/0x410 [ 56.471356] ? rtnetlink_put_metrics+0x520/0x520 [ 56.476096] ? netlink_ack+0xa60/0xa60 [ 56.479981] netlink_unicast+0x4d7/0x6a0 [ 56.484025] ? netlink_attachskb+0x710/0x710 [ 56.488427] netlink_sendmsg+0x80b/0xcd0 [ 56.492501] ? netlink_unicast+0x6a0/0x6a0 [ 56.496721] ? move_addr_to_kernel.part.0+0x110/0x110 [ 56.501902] ? netlink_unicast+0x6a0/0x6a0 [ 56.506120] sock_sendmsg+0xcf/0x120 [ 56.509839] ___sys_sendmsg+0x803/0x920 [ 56.513826] ? copy_msghdr_from_user+0x410/0x410 [ 56.518581] ? __fget+0x319/0x510 [ 56.522038] ? lock_downgrade+0x740/0x740 [ 56.526298] ? check_preemption_disabled+0x41/0x280 [ 56.531676] ? __fget+0x340/0x510 [ 56.535152] ? iterate_fd+0x350/0x350 [ 56.540167] ? find_held_lock+0x2d/0x110 [ 56.544328] ? __fd_install+0x1b4/0x610 [ 56.548303] ? __fget_light+0x1d1/0x230 [ 56.552268] __sys_sendmsg+0xec/0x1b0 [ 56.556067] ? __ia32_sys_shutdown+0x70/0x70 [ 56.560486] ? __x64_sys_futex+0x386/0x4f0 [ 56.564733] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 56.569572] ? trace_hardirqs_off_caller+0x55/0x210 [ 56.574586] ? do_syscall_64+0x21/0x620 [ 56.578567] do_syscall_64+0xf9/0x620 [ 56.582389] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.587568] RIP: 0033:0x4466c9 [ 56.590761] Code: e8 1c ba 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.609665] RSP: 002b:00007f18e8e8ad98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.617355] RAX: ffffffffffffffda RBX: 00000000006dbc68 RCX: 00000000004466c9 [ 56.624661] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 56.631923] RBP: 00000000006dbc60 R08: 0000000000000000 R09: 0000000000000000 [ 56.639194] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc6c [ 56.646561] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 56.653830] [ 56.653833] ====================================================== [ 56.653836] WARNING: possible circular locking dependency detected [ 56.653838] 4.19.112-syzkaller #0 Not tainted [ 56.653841] ------------------------------------------------------ [ 56.653844] syz-executor515/8110 is trying to acquire lock: [ 56.653846] 0000000034014f3c ((console_sem).lock){-.-.}, at: down_trylock+0xe/0x60 [ 56.653853] [ 56.653855] but task is already holding lock: [ 56.653857] 00000000ce4aa022 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 56.653864] [ 56.653867] which lock already depends on the new lock. [ 56.653868] [ 56.653869] [ 56.653872] the existing dependency chain (in reverse order) is: [ 56.653873] [ 56.653874] -> #5 (&obj_hash[i].lock){-.-.}: [ 56.653881] debug_object_activate+0x131/0x4e0 [ 56.653883] enqueue_hrtimer+0x27/0x3f0 [ 56.653886] hrtimer_start_range_ns+0x580/0xbe0 [ 56.653888] schedule_hrtimeout_range_clock+0x17a/0x360 [ 56.653890] wait_task_inactive+0x443/0x550 [ 56.653893] __kthread_bind_mask+0x1f/0xb0 [ 56.653895] init_rescuer.part.0+0xf2/0x190 [ 56.653897] workqueue_init+0x504/0x7e9 [ 56.653899] kernel_init_freeable+0x2bd/0x5bb [ 56.653901] kernel_init+0xd/0x1c2 [ 56.653903] ret_from_fork+0x24/0x30 [ 56.653904] [ 56.653905] -> #4 (hrtimer_bases.lock){-.-.}: [ 56.653912] lock_hrtimer_base.isra.0+0x6d/0x120 [ 56.653915] hrtimer_start_range_ns+0xf5/0xbe0 [ 56.653917] enqueue_task_rt+0x97f/0xdf0 [ 56.653919] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 56.653921] _sched_setscheduler+0xee/0x180 [ 56.653924] watchdog_dev_init+0xdd/0x1ae [ 56.653926] watchdog_init+0x14/0x17e [ 56.653928] do_one_initcall+0xf1/0x734 [ 56.653930] kernel_init_freeable+0x4c9/0x5bb [ 56.653932] kernel_init+0xd/0x1c2 [ 56.653934] ret_from_fork+0x24/0x30 [ 56.653935] [ 56.653936] -> #3 (&rt_b->rt_runtime_lock){-.-.}: [ 56.653943] rq_online_rt+0xaf/0x390 [ 56.653945] set_rq_online.part.0+0xe3/0x140 [ 56.653947] sched_cpu_activate+0x17f/0x270 [ 56.653950] cpuhp_invoke_callback+0x213/0x1bb0 [ 56.653952] cpuhp_thread_fun+0x440/0x840 [ 56.653954] smpboot_thread_fn+0x653/0x9d0 [ 56.653956] kthread+0x34a/0x420 [ 56.653958] ret_from_fork+0x24/0x30 [ 56.653959] [ 56.653960] -> #2 (&rq->lock){-.-.}: [ 56.653967] task_fork_fair+0x6a/0x520 [ 56.653969] sched_fork+0x3a7/0x8b0 [ 56.653971] copy_process.part.0+0x187d/0x7a60 [ 56.653973] _do_fork+0x22f/0xf40 [ 56.653975] kernel_thread+0x2f/0x40 [ 56.653977] rest_init+0x1f/0x212 [ 56.653979] start_kernel+0x7e4/0x81c [ 56.653981] secondary_startup_64+0xa4/0xb0 [ 56.653982] [ 56.653983] -> #1 (&p->pi_lock){-.-.}: [ 56.653990] try_to_wake_up+0x80/0xe90 [ 56.653992] up+0x92/0xe0 [ 56.653994] __up_console_sem+0xb3/0x1c0 [ 56.653996] console_unlock+0x64d/0xfe0 [ 56.653998] vprintk_emit+0x282/0x6e0 [ 56.654000] vprintk_func+0x79/0x17e [ 56.654002] printk+0xba/0xed [ 56.654004] kauditd_hold_skb.cold+0x41/0x50 [ 56.654006] kauditd_send_queue+0x12d/0x170 [ 56.654008] kauditd_thread+0x6f4/0xa20 [ 56.654010] kthread+0x34a/0x420 [ 56.654012] ret_from_fork+0x24/0x30 [ 56.654013] [ 56.654014] -> #0 ((console_sem).lock){-.-.}: [ 56.654021] _raw_spin_lock_irqsave+0x8c/0xbf [ 56.654023] down_trylock+0xe/0x60 [ 56.654026] __down_trylock_console_sem+0xa3/0x210 [ 56.654028] console_trylock+0x12/0x90 [ 56.654030] vprintk_emit+0x269/0x6e0 [ 56.654032] vprintk_func+0x79/0x17e [ 56.654033] printk+0xba/0xed [ 56.654035] __warn_printk+0x9b/0xf3 [ 56.654038] debug_print_object+0x160/0x250 [ 56.654040] debug_object_activate+0x357/0x4e0 [ 56.654042] __call_rcu.constprop.0+0x31/0x7e0 [ 56.654044] queue_rcu_work+0x75/0x90 [ 56.654046] route4_change+0xe6a/0x2210 [ 56.654048] tc_new_tfilter+0xa6b/0x1450 [ 56.654050] rtnetlink_rcv_msg+0x453/0xaf0 [ 56.654052] netlink_rcv_skb+0x160/0x410 [ 56.654054] netlink_unicast+0x4d7/0x6a0 [ 56.654056] netlink_sendmsg+0x80b/0xcd0 [ 56.654058] sock_sendmsg+0xcf/0x120 [ 56.654061] ___sys_sendmsg+0x803/0x920 [ 56.654062] __sys_sendmsg+0xec/0x1b0 [ 56.654064] do_syscall_64+0xf9/0x620 [ 56.654067] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.654068] [ 56.654070] other info that might help us debug this: [ 56.654071] [ 56.654073] Chain exists of: [ 56.654074] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 56.654083] [ 56.654085] Possible unsafe locking scenario: [ 56.654086] [ 56.654088] CPU0 CPU1 [ 56.654090] ---- ---- [ 56.654092] lock(&obj_hash[i].lock); [ 56.654096] lock(hrtimer_bases.lock); [ 56.654101] lock(&obj_hash[i].lock); [ 56.654105] lock((console_sem).lock); [ 56.654109] [ 56.654111] *** DEADLOCK *** [ 56.654112] [ 56.654114] 2 locks held by syz-executor515/8110: [ 56.654115] #0: 0000000070446a49 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 56.654123] #1: 00000000ce4aa022 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 56.654132] [ 56.654134] stack backtrace: [ 56.654137] CPU: 1 PID: 8110 Comm: syz-executor515 Not tainted 4.19.112-syzkaller #0 [ 56.654141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.654143] Call Trace: [ 56.654144] dump_stack+0x188/0x20d [ 56.654147] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 56.654149] __lock_acquire+0x2e19/0x49c0 [ 56.654151] ? add_lock_to_list.isra.0+0x179/0x330 [ 56.654153] ? save_trace+0xd6/0x290 [ 56.654155] ? mark_held_locks+0xf0/0xf0 [ 56.654157] ? format_decode+0x230/0xad0 [ 56.654159] ? kvm_clock_read+0x14/0x30 [ 56.654161] lock_acquire+0x170/0x400 [ 56.654163] ? down_trylock+0xe/0x60 [ 56.654165] _raw_spin_lock_irqsave+0x8c/0xbf [ 56.654167] ? down_trylock+0xe/0x60 [ 56.654169] down_trylock+0xe/0x60 [ 56.654171] ? vprintk_emit+0x269/0x6e0 [ 56.654173] __down_trylock_console_sem+0xa3/0x210 [ 56.654175] console_trylock+0x12/0x90 [ 56.654177] vprintk_emit+0x269/0x6e0 [ 56.654179] vprintk_func+0x79/0x17e [ 56.654181] printk+0xba/0xed [ 56.654183] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 56.654185] ? __warn_printk+0x8f/0xf3 [ 56.654187] __warn_printk+0x9b/0xf3 [ 56.654189] ? add_taint.cold+0x16/0x16 [ 56.654191] ? do_syscall_64+0xf9/0x620 [ 56.654193] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.654195] debug_print_object+0x160/0x250 [ 56.654198] debug_object_activate+0x357/0x4e0 [ 56.654200] ? debug_object_free+0x3e0/0x3e0 [ 56.654202] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 56.654204] ? route4_change+0xbab/0x2210 [ 56.654206] ? delayed_work_timer_fn+0x90/0x90 [ 56.654208] __call_rcu.constprop.0+0x31/0x7e0 [ 56.654210] ? mark_held_locks+0xa6/0xf0 [ 56.654212] queue_rcu_work+0x75/0x90 [ 56.654214] route4_change+0xe6a/0x2210 [ 56.654216] ? route4_init+0xa0/0xa0 [ 56.654218] ? route4_init+0xa0/0xa0 [ 56.654220] tc_new_tfilter+0xa6b/0x1450 [ 56.654222] ? tc_del_tfilter+0xd40/0xd40 [ 56.654224] ? __mutex_lock+0x3cd/0x1300 [ 56.654226] ? selinux_ipv4_output+0x50/0x50 [ 56.654228] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 56.654230] ? tc_del_tfilter+0xd40/0xd40 [ 56.654233] rtnetlink_rcv_msg+0x453/0xaf0 [ 56.654235] ? rtnetlink_put_metrics+0x520/0x520 [ 56.654237] ? find_held_lock+0x2d/0x110 [ 56.654239] netlink_rcv_skb+0x160/0x410 [ 56.654241] ? rtnetlink_put_metrics+0x520/0x520 [ 56.654243] ? netlink_ack+0xa60/0xa60 [ 56.654245] netlink_unicast+0x4d7/0x6a0 [ 56.654247] ? netlink_attachskb+0x710/0x710 [ 56.654249] netlink_sendmsg+0x80b/0xcd0 [ 56.654251] ? netlink_unicast+0x6a0/0x6a0 [ 56.654254] ? move_addr_to_kernel.part.0+0x110/0x110 [ 56.654256] ? netlink_unicast+0x6a0/0x6a0 [ 56.654258] sock_sendmsg+0xcf/0x120 [ 56.654260] ___sys_sendmsg+0x803/0x920 [ 56.654262] ? copy_msghdr_from_user+0x410/0x410 [ 56.654264] ? __fget+0x319/0x510 [ 56.654266] ? lock_downgrade+0x740/0x740 [ 56.654268] ? check_preemption_disabled+0x41/0x280 [ 56.654270] ? __fget+0x340/0x510 [ 56.654272] ? iterate_fd+0x350/0x350 [ 56.654274] ? find_held_lock+0x2d/0x110 [ 56.654276] ? __fd_install+0x1b4/0x610 [ 56.654278] ? __fget_light+0x1d1/0x230 [ 56.654280] __sys_sendmsg+0xec/0x1b0 [ 56.654282] ? __ia32_sys_shutdown+0x70/0x70 [ 56.654284] ? __x64_sys_futex+0x386/0x4f0 [ 56.654286] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 56.654292] ? trace_hardirqs_off_caller+0x55/0x210 [ 56.654295] ? do_syscall_64+0x21/0x620 [ 56.654297] do_syscall_64+0xf9/0x620 [ 56.654299] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.654301] RIP: 0033:0x4466c9 [ 56.654308] Code: e8 1c ba 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.654310] RSP: 002b:00007f18e8e8ad98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.654315] RAX: ffffffffffffffda RBX: 00000000006dbc68 RCX: 00000000004466c9 [ 56.654318] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 56.654321] RBP: 00000000006dbc60 R08: 0000000000000000 R09: 0000000000000000 [ 56.654325] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc6c [ 56.654328] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 56.655740] Kernel Offset: disabled [ 57.593031] Rebooting in 86400 seconds..