Starting mcstransd: [....] Starting [ 42.224631] audit: type=1800 audit(1584900776.567:32): pid=7753 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok [39;[ 42.714928] audit: type=1800 audit(1584900777.057:33): pid=7753 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 52.660240] kauditd_printk_skb: 2 callbacks suppressed [ 52.660254] audit: type=1400 audit(1584900787.007:36): avc: denied { map } for pid=7942 comm="syz-executor451" path="/root/syz-executor451503122" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 52.679658] IPVS: ftp: loaded support on port[0] = 21 [ 52.732571] ------------[ cut here ]------------ [ 52.738288] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 52.747470] WARNING: CPU: 1 PID: 7945 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 52.756203] Kernel panic - not syncing: panic_on_warn set ... [ 52.756203] [ 52.763550] CPU: 1 PID: 7945 Comm: syz-executor451 Not tainted 4.19.112-syzkaller #0 [ 52.771408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.780760] Call Trace: [ 52.783348] dump_stack+0x188/0x20d [ 52.787077] panic+0x26a/0x50e [ 52.790259] ? __warn_printk+0xf3/0xf3 [ 52.794132] ? debug_print_object+0x160/0x250 [ 52.798675] ? __probe_kernel_read+0x16c/0x1b0 [ 52.803241] ? __warn.cold+0x5/0x46 [ 52.806854] ? __warn+0xe4/0x1c0 [ 52.810203] ? debug_print_object+0x160/0x250 [ 52.814682] __warn.cold+0x20/0x46 [ 52.818206] ? debug_print_object+0x160/0x250 [ 52.822681] report_bug+0x262/0x2a0 [ 52.826330] do_error_trap+0x1d7/0x310 [ 52.830203] ? math_error+0x310/0x310 [ 52.834025] ? irq_work_claim+0xa6/0xc0 [ 52.838016] ? irq_work_queue+0x2b/0x80 [ 52.842008] ? wake_up_klogd+0x8c/0xc0 [ 52.845923] ? trace_hardirqs_off_caller+0x55/0x210 [ 52.850932] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.855760] invalid_op+0x14/0x20 [ 52.859246] RIP: 0010:debug_print_object+0x160/0x250 [ 52.864381] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 9b f6 e6 fd <0f> 0b 83 05 23 a5 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 52.883308] RSP: 0018:ffff888095d1f268 EFLAGS: 00010086 [ 52.888655] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 52.896034] RDX: 0000000000000000 RSI: ffffffff8152d3a1 RDI: ffffed1012ba3e3f [ 52.903285] RBP: 0000000000000001 R08: ffff88808fd74640 R09: ffffed1015ce3ee3 [ 52.910739] R10: ffffed1015ce3ee2 R11: ffff8880ae71f717 R12: ffffffff88b928c0 [ 52.917988] R13: 0000000000000000 R14: ffff88808e3e1390 R15: 1ffff11012ba3e5a [ 52.925247] ? vprintk_func+0x81/0x17e [ 52.929120] ? debug_print_object+0x160/0x250 [ 52.933599] debug_object_activate+0x357/0x4e0 [ 52.938163] ? debug_object_free+0x3e0/0x3e0 [ 52.942556] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 52.947137] ? route4_change+0xbab/0x2210 [ 52.951272] ? delayed_work_timer_fn+0x90/0x90 [ 52.955871] __call_rcu.constprop.0+0x31/0x7e0 [ 52.960495] ? mark_held_locks+0xa6/0xf0 [ 52.964540] queue_rcu_work+0x75/0x90 [ 52.968320] route4_change+0xe6a/0x2210 [ 52.972291] ? route4_init+0xa0/0xa0 [ 52.975987] ? route4_init+0xa0/0xa0 [ 52.979690] tc_new_tfilter+0xa6b/0x1450 [ 52.983790] ? tc_del_tfilter+0xd40/0xd40 [ 52.987921] ? __mutex_lock+0x3cd/0x1300 [ 52.992011] ? selinux_ipv4_output+0x50/0x50 [ 52.996447] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 53.000843] ? tc_del_tfilter+0xd40/0xd40 [ 53.004972] rtnetlink_rcv_msg+0x453/0xaf0 [ 53.009187] ? rtnetlink_put_metrics+0x520/0x520 [ 53.013925] ? find_held_lock+0x2d/0x110 [ 53.017969] netlink_rcv_skb+0x160/0x410 [ 53.022009] ? rtnetlink_put_metrics+0x520/0x520 [ 53.026787] ? netlink_ack+0xa60/0xa60 [ 53.030709] netlink_unicast+0x4d7/0x6a0 [ 53.034758] ? netlink_attachskb+0x710/0x710 [ 53.039163] netlink_sendmsg+0x80b/0xcd0 [ 53.043419] ? netlink_unicast+0x6a0/0x6a0 [ 53.047638] ? move_addr_to_kernel.part.0+0x110/0x110 [ 53.052858] ? netlink_unicast+0x6a0/0x6a0 [ 53.057072] sock_sendmsg+0xcf/0x120 [ 53.060765] ___sys_sendmsg+0x803/0x920 [ 53.064761] ? copy_msghdr_from_user+0x410/0x410 [ 53.069504] ? __fget+0x319/0x510 [ 53.072944] ? lock_downgrade+0x740/0x740 [ 53.077173] ? check_preemption_disabled+0x41/0x280 [ 53.082237] ? __fget+0x340/0x510 [ 53.085678] ? iterate_fd+0x350/0x350 [ 53.089455] ? find_held_lock+0x2d/0x110 [ 53.093508] ? __fd_install+0x1b4/0x610 [ 53.097461] ? __fget_light+0x1d1/0x230 [ 53.101425] __sys_sendmsg+0xec/0x1b0 [ 53.105219] ? __ia32_sys_shutdown+0x70/0x70 [ 53.109615] ? __x64_sys_futex+0x386/0x4f0 [ 53.113840] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 53.118575] ? trace_hardirqs_off_caller+0x55/0x210 [ 53.123575] ? do_syscall_64+0x21/0x620 [ 53.127544] do_syscall_64+0xf9/0x620 [ 53.131328] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.136511] RIP: 0033:0x446ec9 [ 53.139683] Code: e8 4c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.158563] RSP: 002b:00007f34e18bfd98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.166306] RAX: ffffffffffffffda RBX: 00000000006dcc78 RCX: 0000000000446ec9 [ 53.173563] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 53.180822] RBP: 00000000006dcc70 R08: 0000000000000000 R09: 0000000000000000 [ 53.188078] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc7c [ 53.195329] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 53.202625] [ 53.202628] ====================================================== [ 53.202631] WARNING: possible circular locking dependency detected [ 53.202633] 4.19.112-syzkaller #0 Not tainted [ 53.202636] ------------------------------------------------------ [ 53.202639] syz-executor451/7945 is trying to acquire lock: [ 53.202640] 000000008c2acc45 ((console_sem).lock){-...}, at: down_trylock+0xe/0x60 [ 53.202648] [ 53.202650] but task is already holding lock: [ 53.202651] 00000000fa797b17 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 53.202659] [ 53.202661] which lock already depends on the new lock. [ 53.202662] [ 53.202664] [ 53.202666] the existing dependency chain (in reverse order) is: [ 53.202667] [ 53.202669] -> #5 (&obj_hash[i].lock){-.-.}: [ 53.202676] debug_object_activate+0x131/0x4e0 [ 53.202678] enqueue_hrtimer+0x27/0x3f0 [ 53.202680] hrtimer_start_range_ns+0x580/0xbe0 [ 53.202683] schedule_hrtimeout_range_clock+0x17a/0x360 [ 53.202685] wait_task_inactive+0x443/0x550 [ 53.202687] __kthread_bind_mask+0x1f/0xb0 [ 53.202689] init_rescuer.part.0+0xf2/0x190 [ 53.202691] workqueue_init+0x504/0x7e9 [ 53.202693] kernel_init_freeable+0x2bd/0x5bb [ 53.202695] kernel_init+0xd/0x1c2 [ 53.202697] ret_from_fork+0x24/0x30 [ 53.202698] [ 53.202700] -> #4 (hrtimer_bases.lock){-.-.}: [ 53.202707] lock_hrtimer_base.isra.0+0x6d/0x120 [ 53.202709] hrtimer_start_range_ns+0xf5/0xbe0 [ 53.202711] enqueue_task_rt+0x97f/0xdf0 [ 53.202714] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 53.202716] _sched_setscheduler+0xee/0x180 [ 53.202718] watchdog_dev_init+0xdd/0x1ae [ 53.202720] watchdog_init+0x14/0x17e [ 53.202722] do_one_initcall+0xf1/0x734 [ 53.202724] kernel_init_freeable+0x4c9/0x5bb [ 53.202726] kernel_init+0xd/0x1c2 [ 53.202728] ret_from_fork+0x24/0x30 [ 53.202729] [ 53.202731] -> #3 (&rt_b->rt_runtime_lock){-.-.}: [ 53.202738] rq_online_rt+0xaf/0x390 [ 53.202740] set_rq_online.part.0+0xe3/0x140 [ 53.202742] sched_cpu_activate+0x17f/0x270 [ 53.202744] cpuhp_invoke_callback+0x213/0x1bb0 [ 53.202746] cpuhp_thread_fun+0x440/0x840 [ 53.202748] smpboot_thread_fn+0x653/0x9d0 [ 53.202750] kthread+0x34a/0x420 [ 53.202752] ret_from_fork+0x24/0x30 [ 53.202753] [ 53.202754] -> #2 (&rq->lock){-.-.}: [ 53.202761] task_fork_fair+0x6a/0x520 [ 53.202763] sched_fork+0x3a7/0x8b0 [ 53.202765] copy_process.part.0+0x187d/0x7a60 [ 53.202767] _do_fork+0x22f/0xf40 [ 53.202769] kernel_thread+0x2f/0x40 [ 53.202771] rest_init+0x1f/0x212 [ 53.202773] start_kernel+0x7e4/0x81c [ 53.202775] secondary_startup_64+0xa4/0xb0 [ 53.202776] [ 53.202777] -> #1 (&p->pi_lock){-.-.}: [ 53.202784] try_to_wake_up+0x80/0xe90 [ 53.202786] up+0x92/0xe0 [ 53.202788] __up_console_sem+0xb3/0x1c0 [ 53.202790] console_unlock+0x64d/0xfe0 [ 53.202792] vprintk_emit+0x282/0x6e0 [ 53.202794] vprintk_func+0x79/0x17e [ 53.202796] printk+0xba/0xed [ 53.202798] kauditd_hold_skb.cold+0x41/0x50 [ 53.202805] kauditd_send_queue+0x12d/0x170 [ 53.202807] kauditd_thread+0x6f4/0xa20 [ 53.202809] kthread+0x34a/0x420 [ 53.202811] ret_from_fork+0x24/0x30 [ 53.202812] [ 53.202813] -> #0 ((console_sem).lock){-...}: [ 53.202820] _raw_spin_lock_irqsave+0x8c/0xbf [ 53.202822] down_trylock+0xe/0x60 [ 53.202825] __down_trylock_console_sem+0xa3/0x210 [ 53.202827] console_trylock+0x12/0x90 [ 53.202829] vprintk_emit+0x269/0x6e0 [ 53.202831] vprintk_func+0x79/0x17e [ 53.202832] printk+0xba/0xed [ 53.202834] __warn_printk+0x9b/0xf3 [ 53.202837] debug_print_object+0x160/0x250 [ 53.202839] debug_object_activate+0x357/0x4e0 [ 53.202841] __call_rcu.constprop.0+0x31/0x7e0 [ 53.202843] queue_rcu_work+0x75/0x90 [ 53.202845] route4_change+0xe6a/0x2210 [ 53.202847] tc_new_tfilter+0xa6b/0x1450 [ 53.202849] rtnetlink_rcv_msg+0x453/0xaf0 [ 53.202851] netlink_rcv_skb+0x160/0x410 [ 53.202853] netlink_unicast+0x4d7/0x6a0 [ 53.202856] netlink_sendmsg+0x80b/0xcd0 [ 53.202858] sock_sendmsg+0xcf/0x120 [ 53.202860] ___sys_sendmsg+0x803/0x920 [ 53.202862] __sys_sendmsg+0xec/0x1b0 [ 53.202864] do_syscall_64+0xf9/0x620 [ 53.202866] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.202867] [ 53.202869] other info that might help us debug this: [ 53.202870] [ 53.202872] Chain exists of: [ 53.202873] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 53.202882] [ 53.202884] Possible unsafe locking scenario: [ 53.202885] [ 53.202888] CPU0 CPU1 [ 53.202890] ---- ---- [ 53.202891] lock(&obj_hash[i].lock); [ 53.202896] lock(hrtimer_bases.lock); [ 53.202900] lock(&obj_hash[i].lock); [ 53.202904] lock((console_sem).lock); [ 53.202908] [ 53.202910] *** DEADLOCK *** [ 53.202911] [ 53.202913] 2 locks held by syz-executor451/7945: [ 53.202914] #0: 000000008b8a9061 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 53.202923] #1: 00000000fa797b17 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 53.202931] [ 53.202933] stack backtrace: [ 53.202936] CPU: 1 PID: 7945 Comm: syz-executor451 Not tainted 4.19.112-syzkaller #0 [ 53.202940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.202942] Call Trace: [ 53.202943] dump_stack+0x188/0x20d [ 53.202946] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 53.202948] __lock_acquire+0x2e19/0x49c0 [ 53.202950] ? add_lock_to_list.isra.0+0x179/0x330 [ 53.202952] ? save_trace+0xd6/0x290 [ 53.202954] ? mark_held_locks+0xf0/0xf0 [ 53.202956] ? format_decode+0x230/0xad0 [ 53.202958] ? kvm_clock_read+0x14/0x30 [ 53.202960] lock_acquire+0x170/0x400 [ 53.202962] ? down_trylock+0xe/0x60 [ 53.202964] _raw_spin_lock_irqsave+0x8c/0xbf [ 53.202966] ? down_trylock+0xe/0x60 [ 53.202968] down_trylock+0xe/0x60 [ 53.202970] ? vprintk_emit+0x269/0x6e0 [ 53.202972] __down_trylock_console_sem+0xa3/0x210 [ 53.202974] console_trylock+0x12/0x90 [ 53.202976] vprintk_emit+0x269/0x6e0 [ 53.202978] vprintk_func+0x79/0x17e [ 53.202980] printk+0xba/0xed [ 53.202982] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 53.202984] ? __warn_printk+0x8f/0xf3 [ 53.202986] __warn_printk+0x9b/0xf3 [ 53.202988] ? add_taint.cold+0x16/0x16 [ 53.202990] ? do_syscall_64+0xf9/0x620 [ 53.202992] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.202995] debug_print_object+0x160/0x250 [ 53.202997] debug_object_activate+0x357/0x4e0 [ 53.202999] ? debug_object_free+0x3e0/0x3e0 [ 53.203001] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 53.203003] ? route4_change+0xbab/0x2210 [ 53.203005] ? delayed_work_timer_fn+0x90/0x90 [ 53.203008] __call_rcu.constprop.0+0x31/0x7e0 [ 53.203010] ? mark_held_locks+0xa6/0xf0 [ 53.203012] queue_rcu_work+0x75/0x90 [ 53.203014] route4_change+0xe6a/0x2210 [ 53.203016] ? route4_init+0xa0/0xa0 [ 53.203017] ? route4_init+0xa0/0xa0 [ 53.203019] tc_new_tfilter+0xa6b/0x1450 [ 53.203022] ? tc_del_tfilter+0xd40/0xd40 [ 53.203024] ? __mutex_lock+0x3cd/0x1300 [ 53.203026] ? selinux_ipv4_output+0x50/0x50 [ 53.203028] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 53.203030] ? tc_del_tfilter+0xd40/0xd40 [ 53.203032] rtnetlink_rcv_msg+0x453/0xaf0 [ 53.203034] ? rtnetlink_put_metrics+0x520/0x520 [ 53.203036] ? find_held_lock+0x2d/0x110 [ 53.203038] netlink_rcv_skb+0x160/0x410 [ 53.203041] ? rtnetlink_put_metrics+0x520/0x520 [ 53.203042] ? netlink_ack+0xa60/0xa60 [ 53.203045] netlink_unicast+0x4d7/0x6a0 [ 53.203047] ? netlink_attachskb+0x710/0x710 [ 53.203049] netlink_sendmsg+0x80b/0xcd0 [ 53.203051] ? netlink_unicast+0x6a0/0x6a0 [ 53.203053] ? move_addr_to_kernel.part.0+0x110/0x110 [ 53.203055] ? netlink_unicast+0x6a0/0x6a0 [ 53.203057] sock_sendmsg+0xcf/0x120 [ 53.203059] ___sys_sendmsg+0x803/0x920 [ 53.203061] ? copy_msghdr_from_user+0x410/0x410 [ 53.203063] ? __fget+0x319/0x510 [ 53.203065] ? lock_downgrade+0x740/0x740 [ 53.203068] ? check_preemption_disabled+0x41/0x280 [ 53.203069] ? __fget+0x340/0x510 [ 53.203071] ? iterate_fd+0x350/0x350 [ 53.203073] ? find_held_lock+0x2d/0x110 [ 53.203075] ? __fd_install+0x1b4/0x610 [ 53.203077] ? __fget_light+0x1d1/0x230 [ 53.203079] __sys_sendmsg+0xec/0x1b0 [ 53.203081] ? __ia32_sys_shutdown+0x70/0x70 [ 53.203083] ? __x64_sys_futex+0x386/0x4f0 [ 53.203086] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 53.203088] ? trace_hardirqs_off_caller+0x55/0x210 [ 53.203090] ? do_syscall_64+0x21/0x620 [ 53.203092] do_syscall_64+0xf9/0x620 [ 53.203095] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.203096] RIP: 0033:0x446ec9 [ 53.203104] Code: e8 4c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.203106] RSP: 002b:00007f34e18bfd98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.203111] RAX: ffffffffffffffda RBX: 00000000006dcc78 RCX: 0000000000446ec9 [ 53.203114] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 53.203118] RBP: 00000000006dcc70 R08: 0000000000000000 R09: 0000000000000000 [ 53.203121] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc7c [ 53.203124] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 53.204293] Kernel Offset: disabled [ 54.132812] Rebooting in 86400 seconds..