Warning: Permanently added '10.128.0.214' (ECDSA) to the list of known hosts.
[   44.077340] random: sshd: uninitialized urandom read (32 bytes read)
[   44.194244] audit: type=1400 audit(1585520825.783:36): avc:  denied  { map } for  pid=7403 comm="syz-executor278" path="/root/syz-executor278880379" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   44.431147] IPVS: ftp: loaded support on port[0] = 21
executing program
[   45.261616] ODEBUG: activate active (active state 1) object type: rcu_head hint:           (null)
[   45.271343] ------------[ cut here ]------------
[   45.276091] WARNING: CPU: 0 PID: 7407 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb
[   45.285078] Kernel panic - not syncing: panic_on_warn set ...
[   45.285078] 
[   45.292433] CPU: 0 PID: 7407 Comm: syz-executor278 Not tainted 4.14.174-syzkaller #0
[   45.300772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.310197] Call Trace:
[   45.312779]  dump_stack+0x13e/0x194
[   45.316484]  panic+0x1f9/0x42d
[   45.319676]  ? add_taint.cold+0x16/0x16
[   45.323645]  ? debug_print_object.cold+0xa7/0xdb
[   45.328770]  ? debug_print_object.cold+0xa7/0xdb
[   45.333534]  __warn.cold+0x2f/0x30
[   45.337067]  ? ist_end_non_atomic+0x10/0x10
[   45.341386]  ? debug_print_object.cold+0xa7/0xdb
[   45.346125]  report_bug+0x20a/0x248
[   45.349740]  do_error_trap+0x195/0x2d0
[   45.353609]  ? math_error+0x2d0/0x2d0
[   45.357392]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   45.362214]  invalid_op+0x1b/0x40
[   45.365671] RIP: 0010:debug_print_object.cold+0xa7/0xdb
[   45.371008] RSP: 0018:ffff8880a107f430 EFLAGS: 00010082
[   45.376350] RAX: 0000000000000055 RBX: 0000000000000003 RCX: 0000000000000000
[   45.383611] RDX: 0000000000000000 RSI: ffffffff86ac07e0 RDI: ffffed101420fe7c
[   45.391471] RBP: ffffffff86ab5ee0 R08: 0000000000000055 R09: 0000000000000000
[   45.398893] R10: fffffbfff14a8cd8 R11: ffff8880a6698100 R12: 0000000000000000
[   45.406673] R13: 0000000000000001 R14: 1ffff1101420fe90 R15: ffffffff87d84240
[   45.414135]  debug_object_activate+0x307/0x450
[   45.418710]  ? debug_object_free+0x390/0x390
[   45.423102]  ? find_held_lock+0x2d/0x110
[   45.427152]  ? route4_walk+0x450/0x450
[   45.431033]  __call_rcu.constprop.0+0x31/0x7e0
[   45.435850]  route4_change+0xb27/0x1c4d
[   45.439819]  ? route4_delete+0x760/0x760
[   45.443867]  ? route4_delete+0x760/0x760
[   45.447913]  tc_ctl_tfilter+0xf13/0x18e6
[   45.451966]  ? tfilter_notify+0x240/0x240
[   45.456095]  ? mutex_trylock+0x1a0/0x1a0
[   45.460150]  ? rtnetlink_rcv_msg+0x2e8/0xb10
[   45.464540]  ? tfilter_notify+0x240/0x240
[   45.468679]  rtnetlink_rcv_msg+0x3be/0xb10
[   45.472916]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[   45.477479]  ? save_trace+0x290/0x290
[   45.481278]  ? save_trace+0x290/0x290
[   45.485492]  netlink_rcv_skb+0x127/0x370
[   45.489532]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[   45.494104]  ? netlink_ack+0x980/0x980
[   45.497982]  netlink_unicast+0x437/0x620
[   45.502022]  ? netlink_attachskb+0x600/0x600
[   45.506481]  netlink_sendmsg+0x733/0xbe0
[   45.510531]  ? netlink_unicast+0x620/0x620
[   45.514757]  ? SYSC_sendto+0x2b0/0x2b0
[   45.518686]  ? security_socket_sendmsg+0x83/0xb0
[   45.523611]  ? netlink_unicast+0x620/0x620
[   45.527984]  sock_sendmsg+0xc5/0x100
[   45.531797]  ___sys_sendmsg+0x70a/0x840
[   45.535771]  ? trace_hardirqs_on+0x10/0x10
[   45.540111]  ? copy_msghdr_from_user+0x380/0x380
[   45.544865]  ? find_held_lock+0x2d/0x110
[   45.548968]  ? lock_downgrade+0x6e0/0x6e0
[   45.553108]  ? __fget+0x228/0x360
[   45.556674]  ? __fget_light+0x199/0x1f0
[   45.560851]  ? sockfd_lookup_light+0xb2/0x160
[   45.565880]  __sys_sendmsg+0xa3/0x120
[   45.569755]  ? SyS_shutdown+0x160/0x160
[   45.573923]  ? move_addr_to_kernel+0x60/0x60
[   45.578463]  SyS_sendmsg+0x27/0x40
[   45.582107]  ? __sys_sendmsg+0x120/0x120
[   45.586558]  do_syscall_64+0x1d5/0x640
[   45.590498]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   45.595674] RIP: 0033:0x446e09
[   45.598894] RSP: 002b:00007f2a46942d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   45.607142] RAX: ffffffffffffffda RBX: 00000000006dbc78 RCX: 0000000000446e09
[   45.614504] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006
[   45.622190] RBP: 00000000006dbc70 R08: 0000000000000000 R09: 0000000000000000
[   45.629465] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc7c
[   45.636718] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038
[   45.643972] 
[   45.643974] ======================================================
[   45.643976] WARNING: possible circular locking dependency detected
[   45.643977] 4.14.174-syzkaller #0 Not tainted
[   45.643979] ------------------------------------------------------
[   45.643981] syz-executor278/7407 is trying to acquire lock:
[   45.643981]  ((console_sem).lock){-...}, at: [<ffffffff81452fde>] down_trylock+0xe/0x60
[   45.643986] 
[   45.643987] but task is already holding lock:
[   45.643988]  (&obj_hash[i].lock){-.-.}, at: [<ffffffff82fe481b>] debug_object_activate+0x10b/0x450
[   45.643992] 
[   45.643993] which lock already depends on the new lock.
[   45.643994] 
[   45.643995] 
[   45.643996] the existing dependency chain (in reverse order) is:
[   45.643997] 
[   45.643998] -> #5 (&obj_hash[i].lock){-.-.}:
[   45.644002]        _raw_spin_lock_irqsave+0x8c/0xbf
[   45.644003]        debug_object_activate+0x10b/0x450
[   45.644004]        enqueue_hrtimer+0x22/0x3b0
[   45.644006]        hrtimer_start_range_ns+0x4e6/0x1060
[   45.644007]        schedule_hrtimeout_range_clock+0x13c/0x2f0
[   45.644009]        wait_task_inactive+0x478/0x530
[   45.644010]        __kthread_bind_mask+0x1f/0xb0
[   45.644011]        create_worker+0x313/0x530
[   45.644012]        workqueue_init+0x55f/0x66e
[   45.644014]        kernel_init_freeable+0x2ab/0x526
[   45.644015]        kernel_init+0xd/0x15b
[   45.644016]        ret_from_fork+0x24/0x30
[   45.644017] 
[   45.644017] -> #4 (hrtimer_bases.lock){-.-.}:
[   45.644021]        _raw_spin_lock_irqsave+0x8c/0xbf
[   45.644023]        lock_hrtimer_base.isra.0+0x6d/0x120
[   45.644024]        hrtimer_start_range_ns+0x7b/0x1060
[   45.644025]        enqueue_task_rt+0x94d/0xdb0
[   45.644027]        __sched_setscheduler.constprop.0+0xc11/0x1f70
[   45.644028]        _sched_setscheduler+0xf9/0x150
[   45.644029]        watchdog_enable+0xff/0x150
[   45.644031]        smpboot_thread_fn+0x40d/0x920
[   45.644032]        kthread+0x30d/0x420
[   45.644033]        ret_from_fork+0x24/0x30
[   45.644034] 
[   45.644034] -> #3 (&rt_b->rt_runtime_lock){-.-.}:
[   45.644038]        _raw_spin_lock+0x2a/0x40
[   45.644040]        enqueue_task_rt+0x508/0xdb0
[   45.644041]        __sched_setscheduler.constprop.0+0xc11/0x1f70
[   45.644042]        _sched_setscheduler+0xf9/0x150
[   45.644044]        watchdog_enable+0xff/0x150
[   45.644045]        smpboot_thread_fn+0x40d/0x920
[   45.644046]        kthread+0x30d/0x420
[   45.644047]        ret_from_fork+0x24/0x30
[   45.644048] 
[   45.644049] -> #2 (&rq->lock){-.-.}:
[   45.644053]        _raw_spin_lock+0x2a/0x40
[   45.644054]        task_fork_fair+0x63/0x5b0
[   45.644055]        sched_fork+0x39a/0xbd0
[   45.644056]        copy_process.part.0+0x15b7/0x6a70
[   45.644057]        _do_fork+0x180/0xc80
[   45.644059]        kernel_thread+0x2f/0x40
[   45.644060]        rest_init+0x1f/0x1d2
[   45.644061]        start_kernel+0x659/0x676
[   45.644062]        secondary_startup_64+0xa5/0xb0
[   45.644063] 
[   45.644064] -> #1 (&p->pi_lock){-.-.}:
[   45.644068]        _raw_spin_lock_irqsave+0x8c/0xbf
[   45.644069]        try_to_wake_up+0x6a/0xef0
[   45.644070]        up+0x92/0xe0
[   45.644071]        __up_console_sem+0xa9/0x1b0
[   45.644072]        console_unlock+0x596/0xec0
[   45.644074]        vprintk_emit+0x1f8/0x600
[   45.644075]        vprintk_func+0x58/0x152
[   45.644076]        printk+0x9e/0xbc
[   45.644077]        kauditd_hold_skb.cold+0x3e/0x4d
[   45.644078]        kauditd_send_queue+0xfb/0x140
[   45.644080]        kauditd_thread+0x625/0x840
[   45.644081]        kthread+0x30d/0x420
[   45.644082]        ret_from_fork+0x24/0x30
[   45.644083] 
[   45.644083] -> #0 ((console_sem).lock){-...}:
[   45.644087]        lock_acquire+0x170/0x3f0
[   45.644089]        _raw_spin_lock_irqsave+0x8c/0xbf
[   45.644090]        down_trylock+0xe/0x60
[   45.644092]        __down_trylock_console_sem+0x97/0x1f0
[   45.644093]        console_trylock+0x14/0x70
[   45.644094]        vprintk_emit+0x1ea/0x600
[   45.644095]        vprintk_func+0x58/0x152
[   45.644096]        printk+0x9e/0xbc
[   45.644098]        debug_print_object.cold+0xa7/0xdb
[   45.644099]        debug_object_activate+0x307/0x450
[   45.644100]        __call_rcu.constprop.0+0x31/0x7e0
[   45.644101]        route4_change+0xb27/0x1c4d
[   45.644103]        tc_ctl_tfilter+0xf13/0x18e6
[   45.644104]        rtnetlink_rcv_msg+0x3be/0xb10
[   45.644105]        netlink_rcv_skb+0x127/0x370
[   45.644106]        netlink_unicast+0x437/0x620
[   45.644108]        netlink_sendmsg+0x733/0xbe0
[   45.644109]        sock_sendmsg+0xc5/0x100
[   45.644110]        ___sys_sendmsg+0x70a/0x840
[   45.644111]        __sys_sendmsg+0xa3/0x120
[   45.644112]        SyS_sendmsg+0x27/0x40
[   45.644114]        do_syscall_64+0x1d5/0x640
[   45.644115]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   45.644116] 
[   45.644117] other info that might help us debug this:
[   45.644118] 
[   45.644119] Chain exists of:
[   45.644119]   (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock
[   45.644124] 
[   45.644126]  Possible unsafe locking scenario:
[   45.644126] 
[   45.644128]        CPU0                    CPU1
[   45.644129]        ----                    ----
[   45.644130]   lock(&obj_hash[i].lock);
[   45.644132]                                lock(hrtimer_bases.lock);
[   45.644135]                                lock(&obj_hash[i].lock);
[   45.644137]   lock((console_sem).lock);
[   45.644140] 
[   45.644141]  *** DEADLOCK ***
[   45.644141] 
[   45.644143] 2 locks held by syz-executor278/7407:
[   45.644143]  #0:  (rtnl_mutex){+.+.}, at: [<ffffffff8502970d>] rtnetlink_rcv_msg+0x31d/0xb10
[   45.644148]  #1:  (&obj_hash[i].lock){-.-.}, at: [<ffffffff82fe481b>] debug_object_activate+0x10b/0x450
[   45.644152] 
[   45.644153] stack backtrace:
[   45.644155] CPU: 0 PID: 7407 Comm: syz-executor278 Not tainted 4.14.174-syzkaller #0
[   45.644158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.644158] Call Trace:
[   45.644160]  dump_stack+0x13e/0x194
[   45.644161]  print_circular_bug.isra.0.cold+0x1c4/0x282
[   45.644162]  __lock_acquire+0x2cb3/0x4620
[   45.644163]  ? string+0x17e/0x1d0
[   45.644168]  ? trace_hardirqs_on+0x10/0x10
[   45.644169]  ? netdev_bits+0xa0/0xa0
[   45.644170]  ? kvm_clock_read+0x1f/0x30
[   45.644172]  ? kvm_sched_clock_read+0x5/0x10
[   45.644173]  lock_acquire+0x170/0x3f0
[   45.644174]  ? down_trylock+0xe/0x60
[   45.644175]  _raw_spin_lock_irqsave+0x8c/0xbf
[   45.644176]  ? down_trylock+0xe/0x60
[   45.644177]  down_trylock+0xe/0x60
[   45.644178]  ? vprintk_emit+0x1ea/0x600
[   45.644180]  __down_trylock_console_sem+0x97/0x1f0
[   45.644181]  console_trylock+0x14/0x70
[   45.644182]  vprintk_emit+0x1ea/0x600
[   45.644183]  vprintk_func+0x58/0x152
[   45.644184]  printk+0x9e/0xbc
[   45.644186]  ? show_regs_print_info+0x5b/0x5b
[   45.644187]  ? lock_acquire+0x170/0x3f0
[   45.644188]  ? debug_object_activate+0x10b/0x450
[   45.644189]  debug_print_object.cold+0xa7/0xdb
[   45.644191]  debug_object_activate+0x307/0x450
[   45.644192]  ? debug_object_free+0x390/0x390
[   45.644193]  ? find_held_lock+0x2d/0x110
[   45.644194]  ? route4_walk+0x450/0x450
[   45.644196]  __call_rcu.constprop.0+0x31/0x7e0
[   45.644197]  route4_change+0xb27/0x1c4d
[   45.644198]  ? route4_delete+0x760/0x760
[   45.644199]  ? route4_delete+0x760/0x760
[   45.644200]  tc_ctl_tfilter+0xf13/0x18e6
[   45.644202]  ? tfilter_notify+0x240/0x240
[   45.644203]  ? mutex_trylock+0x1a0/0x1a0
[   45.644204]  ? rtnetlink_rcv_msg+0x2e8/0xb10
[   45.644205]  ? tfilter_notify+0x240/0x240
[   45.644206]  rtnetlink_rcv_msg+0x3be/0xb10
[   45.644208]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[   45.644209]  ? save_trace+0x290/0x290
[   45.644210]  ? save_trace+0x290/0x290
[   45.644211]  netlink_rcv_skb+0x127/0x370
[   45.644213]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[   45.644214]  ? netlink_ack+0x980/0x980
[   45.644215]  netlink_unicast+0x437/0x620
[   45.644216]  ? netlink_attachskb+0x600/0x600
[   45.644217]  netlink_sendmsg+0x733/0xbe0
[   45.644219]  ? netlink_unicast+0x620/0x620
[   45.644220]  ? SYSC_sendto+0x2b0/0x2b0
[   45.644221]  ? security_socket_sendmsg+0x83/0xb0
[   45.644222]  ? netlink_unicast+0x620/0x620
[   45.644223]  sock_sendmsg+0xc5/0x100
[   45.644225]  ___sys_sendmsg+0x70a/0x840
[   45.644226]  ? trace_hardirqs_on+0x10/0x10
[   45.644228]  ? copy_msghdr_from_user+0x380/0x380
[   45.644230]  ? find_held_lock+0x2d/0x110
[   45.644232]  ? lock_downgrade+0x6e0/0x6e0
[   45.644234]  ? __fget+0x228/0x360
[   45.644236]  ? __fget_light+0x199/0x1f0
[   45.644238]  ? sockfd_lookup_light+0xb2/0x160
[   45.644240]  __sys_sendmsg+0xa3/0x120
[   45.644242]  ? SyS_shutdown+0x160/0x160
[   45.644244]  ? move_addr_to_kernel+0x60/0x60
[   45.644246]  SyS_sendmsg+0x27/0x40
[   45.644248]  ? __sys_sendmsg+0x120/0x120
[   45.644250]  do_syscall_64+0x1d5/0x640
[   45.644253]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   45.644255] RIP: 0033:0x446e09
[   45.644257] RSP: 002b:00007f2a46942d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   45.644263] RAX: ffffffffffffffda RBX: 00000000006dbc78 RCX: 0000000000446e09
[   45.644266] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006
[   45.644269] RBP: 00000000006dbc70 R08: 0000000000000000 R09: 0000000000000000
[   45.644272] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc7c
[   45.644275] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038
[   45.645663] Kernel Offset: disabled
[   46.557412] Rebooting in 86400 seconds..