Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts. [ 45.005391] random: sshd: uninitialized urandom read (32 bytes read) [ 45.125104] audit: type=1400 audit(1583876812.821:36): avc: denied { map } for pid=7360 comm="syz-executor818" path="/root/syz-executor818421331" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 45.391040] IPVS: ftp: loaded support on port[0] = 21 executing program [ 46.203120] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 46.212784] ------------[ cut here ]------------ [ 46.217518] WARNING: CPU: 0 PID: 7365 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb [ 46.226500] Kernel panic - not syncing: panic_on_warn set ... [ 46.226500] [ 46.233910] CPU: 0 PID: 7365 Comm: syz-executor818 Not tainted 4.14.172-syzkaller #0 [ 46.241775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.251109] Call Trace: [ 46.253680] dump_stack+0x13e/0x194 [ 46.257285] panic+0x1f9/0x42d [ 46.260454] ? add_taint.cold+0x16/0x16 [ 46.264406] ? debug_print_object.cold+0xa7/0xdb [ 46.269136] ? debug_print_object.cold+0xa7/0xdb [ 46.273868] __warn.cold+0x2f/0x30 [ 46.277385] ? ist_end_non_atomic+0x10/0x10 [ 46.281683] ? debug_print_object.cold+0xa7/0xdb [ 46.286423] report_bug+0x20a/0x248 [ 46.290030] do_error_trap+0x195/0x2d0 [ 46.293895] ? math_error+0x2d0/0x2d0 [ 46.297673] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.302493] invalid_op+0x1b/0x40 [ 46.305936] RIP: 0010:debug_print_object.cold+0xa7/0xdb [ 46.311283] RSP: 0018:ffff8880a56bf430 EFLAGS: 00010082 [ 46.316631] RAX: 0000000000000055 RBX: 0000000000000003 RCX: 0000000000000000 [ 46.323876] RDX: 0000000000000000 RSI: ffffffff86ac0860 RDI: ffffed1014ad7e7c [ 46.331132] RBP: ffffffff86ab5f60 R08: 0000000000000055 R09: 0000000000000000 [ 46.338384] R10: fffffbfff14a8ce0 R11: ffff88808ab68500 R12: 0000000000000000 [ 46.345630] R13: 0000000000000001 R14: 1ffff11014ad7e90 R15: ffffffff87d842c0 [ 46.352891] debug_object_activate+0x307/0x450 [ 46.357450] ? debug_object_free+0x390/0x390 [ 46.361834] ? find_held_lock+0x2d/0x110 [ 46.365872] ? route4_walk+0x450/0x450 [ 46.369736] __call_rcu.constprop.0+0x31/0x7e0 [ 46.374389] route4_change+0xb27/0x1c4d [ 46.378341] ? route4_delete+0x760/0x760 [ 46.382391] ? route4_delete+0x760/0x760 [ 46.386427] tc_ctl_tfilter+0xf13/0x18e6 [ 46.390464] ? tfilter_notify+0x240/0x240 [ 46.394586] ? mutex_trylock+0x1a0/0x1a0 [ 46.398676] ? rtnetlink_rcv_msg+0x2e8/0xb10 [ 46.403079] ? tfilter_notify+0x240/0x240 [ 46.407205] rtnetlink_rcv_msg+0x3be/0xb10 [ 46.411421] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 46.415984] ? save_trace+0x290/0x290 [ 46.419762] ? save_trace+0x290/0x290 [ 46.423540] netlink_rcv_skb+0x127/0x370 [ 46.427580] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 46.432137] ? netlink_ack+0x960/0x960 [ 46.436004] netlink_unicast+0x437/0x620 [ 46.440044] ? netlink_attachskb+0x600/0x600 [ 46.444430] netlink_sendmsg+0x733/0xbe0 [ 46.448483] ? netlink_unicast+0x620/0x620 [ 46.452704] ? SYSC_sendto+0x2b0/0x2b0 [ 46.456571] ? security_socket_sendmsg+0x83/0xb0 [ 46.461347] ? netlink_unicast+0x620/0x620 [ 46.465565] sock_sendmsg+0xc5/0x100 [ 46.469259] ___sys_sendmsg+0x70a/0x840 [ 46.473254] ? trace_hardirqs_on+0x10/0x10 [ 46.477465] ? copy_msghdr_from_user+0x380/0x380 [ 46.482203] ? find_held_lock+0x2d/0x110 [ 46.486279] ? lock_downgrade+0x6e0/0x6e0 [ 46.490402] ? __fget+0x228/0x360 [ 46.493829] ? __fget_light+0x199/0x1f0 [ 46.497827] ? sockfd_lookup_light+0xb2/0x160 [ 46.502334] __sys_sendmsg+0xa3/0x120 [ 46.506110] ? SyS_shutdown+0x160/0x160 [ 46.510091] ? _raw_spin_unlock_irq+0x24/0x80 [ 46.514562] SyS_sendmsg+0x27/0x40 [ 46.518117] ? __sys_sendmsg+0x120/0x120 [ 46.522153] do_syscall_64+0x1d5/0x640 [ 46.526049] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 46.531217] RIP: 0033:0x446ed9 [ 46.534384] RSP: 002b:00007f999d398d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 46.542068] RAX: ffffffffffffffda RBX: 00000000006dbc88 RCX: 0000000000446ed9 [ 46.549325] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 46.556581] RBP: 00000000006dbc80 R08: 0000000000000000 R09: 0000000000000000 [ 46.563829] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc8c [ 46.571078] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 46.578333] [ 46.578334] ====================================================== [ 46.578336] WARNING: possible circular locking dependency detected [ 46.578337] 4.14.172-syzkaller #0 Not tainted [ 46.578339] ------------------------------------------------------ [ 46.578340] syz-executor818/7365 is trying to acquire lock: [ 46.578341] ((console_sem).lock){-...}, at: [] down_trylock+0xe/0x60 [ 46.578345] [ 46.578347] but task is already holding lock: [ 46.578347] (&obj_hash[i].lock){-.-.}, at: [] debug_object_activate+0x10b/0x450 [ 46.578351] [ 46.578353] which lock already depends on the new lock. [ 46.578354] [ 46.578354] [ 46.578356] the existing dependency chain (in reverse order) is: [ 46.578357] [ 46.578357] -> #5 (&obj_hash[i].lock){-.-.}: [ 46.578361] _raw_spin_lock_irqsave+0x8c/0xbf [ 46.578363] debug_object_activate+0x10b/0x450 [ 46.578364] enqueue_hrtimer+0x22/0x3b0 [ 46.578365] hrtimer_start_range_ns+0x4e6/0x1060 [ 46.578366] schedule_hrtimeout_range_clock+0x13c/0x2f0 [ 46.578368] wait_task_inactive+0x478/0x530 [ 46.578369] __kthread_bind_mask+0x1f/0xb0 [ 46.578370] create_worker+0x313/0x530 [ 46.578371] workqueue_init+0x55f/0x66e [ 46.578372] kernel_init_freeable+0x2ab/0x526 [ 46.578374] kernel_init+0xd/0x15b [ 46.578375] ret_from_fork+0x24/0x30 [ 46.578375] [ 46.578376] -> #4 (hrtimer_bases.lock){-.-.}: [ 46.578380] _raw_spin_lock_irqsave+0x8c/0xbf [ 46.578381] lock_hrtimer_base.isra.0+0x6d/0x120 [ 46.578383] hrtimer_start_range_ns+0x7b/0x1060 [ 46.578384] enqueue_task_rt+0x94d/0xdb0 [ 46.578385] __sched_setscheduler.constprop.0+0xc11/0x1f70 [ 46.578386] _sched_setscheduler+0xf9/0x150 [ 46.578388] watchdog_enable+0xff/0x150 [ 46.578389] smpboot_thread_fn+0x40d/0x920 [ 46.578390] kthread+0x30d/0x420 [ 46.578391] ret_from_fork+0x24/0x30 [ 46.578392] [ 46.578392] -> #3 (&rt_b->rt_runtime_lock){-.-.}: [ 46.578396] _raw_spin_lock+0x2a/0x40 [ 46.578397] enqueue_task_rt+0x508/0xdb0 [ 46.578399] __sched_setscheduler.constprop.0+0xc11/0x1f70 [ 46.578400] _sched_setscheduler+0xf9/0x150 [ 46.578401] watchdog_enable+0xff/0x150 [ 46.578402] smpboot_thread_fn+0x40d/0x920 [ 46.578403] kthread+0x30d/0x420 [ 46.578404] ret_from_fork+0x24/0x30 [ 46.578405] [ 46.578406] -> #2 (&rq->lock){-.-.}: [ 46.578410] _raw_spin_lock+0x2a/0x40 [ 46.578411] task_fork_fair+0x63/0x5b0 [ 46.578412] sched_fork+0x39a/0xbd0 [ 46.578413] copy_process.part.0+0x15b7/0x6a70 [ 46.578414] _do_fork+0x180/0xc80 [ 46.578415] kernel_thread+0x2f/0x40 [ 46.578416] rest_init+0x1f/0x1d2 [ 46.578417] start_kernel+0x659/0x676 [ 46.578418] secondary_startup_64+0xa5/0xb0 [ 46.578419] [ 46.578420] -> #1 (&p->pi_lock){-.-.}: [ 46.578424] _raw_spin_lock_irqsave+0x8c/0xbf [ 46.578425] try_to_wake_up+0x6a/0xef0 [ 46.578426] up+0x92/0xe0 [ 46.578427] __up_console_sem+0xa9/0x1b0 [ 46.578428] console_unlock+0x596/0xec0 [ 46.578430] vprintk_emit+0x1f8/0x600 [ 46.578431] vprintk_func+0x58/0x152 [ 46.578432] printk+0x9e/0xbc [ 46.578433] kauditd_hold_skb.cold+0x3e/0x4d [ 46.578434] kauditd_send_queue+0xfb/0x140 [ 46.578435] kauditd_thread+0x625/0x840 [ 46.578436] kthread+0x30d/0x420 [ 46.578437] ret_from_fork+0x24/0x30 [ 46.578438] [ 46.578439] -> #0 ((console_sem).lock){-...}: [ 46.578443] lock_acquire+0x170/0x3f0 [ 46.578444] _raw_spin_lock_irqsave+0x8c/0xbf [ 46.578445] down_trylock+0xe/0x60 [ 46.578446] __down_trylock_console_sem+0x97/0x1f0 [ 46.578447] console_trylock+0x14/0x70 [ 46.578449] vprintk_emit+0x1ea/0x600 [ 46.578450] vprintk_func+0x58/0x152 [ 46.578451] printk+0x9e/0xbc [ 46.578452] debug_print_object.cold+0xa7/0xdb [ 46.578453] debug_object_activate+0x307/0x450 [ 46.578454] __call_rcu.constprop.0+0x31/0x7e0 [ 46.578456] route4_change+0xb27/0x1c4d [ 46.578457] tc_ctl_tfilter+0xf13/0x18e6 [ 46.578458] rtnetlink_rcv_msg+0x3be/0xb10 [ 46.578459] netlink_rcv_skb+0x127/0x370 [ 46.578460] netlink_unicast+0x437/0x620 [ 46.578461] netlink_sendmsg+0x733/0xbe0 [ 46.578463] sock_sendmsg+0xc5/0x100 [ 46.578464] ___sys_sendmsg+0x70a/0x840 [ 46.578465] __sys_sendmsg+0xa3/0x120 [ 46.578466] SyS_sendmsg+0x27/0x40 [ 46.578467] do_syscall_64+0x1d5/0x640 [ 46.578468] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 46.578469] [ 46.578470] other info that might help us debug this: [ 46.578471] [ 46.578472] Chain exists of: [ 46.578473] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 46.578478] [ 46.578479] Possible unsafe locking scenario: [ 46.578480] [ 46.578481] CPU0 CPU1 [ 46.578482] ---- ---- [ 46.578483] lock(&obj_hash[i].lock); [ 46.578485] lock(hrtimer_bases.lock); [ 46.578488] lock(&obj_hash[i].lock); [ 46.578490] lock((console_sem).lock); [ 46.578493] [ 46.578493] *** DEADLOCK *** [ 46.578494] [ 46.578495] 2 locks held by syz-executor818/7365: [ 46.578496] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 [ 46.578500] #1: (&obj_hash[i].lock){-.-.}, at: [] debug_object_activate+0x10b/0x450 [ 46.578505] [ 46.578506] stack backtrace: [ 46.578508] CPU: 0 PID: 7365 Comm: syz-executor818 Not tainted 4.14.172-syzkaller #0 [ 46.578510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.578511] Call Trace: [ 46.578512] dump_stack+0x13e/0x194 [ 46.578513] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 46.578514] __lock_acquire+0x2cb3/0x4620 [ 46.578515] ? string+0x17e/0x1d0 [ 46.578516] ? trace_hardirqs_on+0x10/0x10 [ 46.578517] ? netdev_bits+0xa0/0xa0 [ 46.578518] ? kvm_clock_read+0x1f/0x30 [ 46.578520] ? kvm_sched_clock_read+0x5/0x10 [ 46.578521] lock_acquire+0x170/0x3f0 [ 46.578522] ? down_trylock+0xe/0x60 [ 46.578523] _raw_spin_lock_irqsave+0x8c/0xbf [ 46.578524] ? down_trylock+0xe/0x60 [ 46.578525] down_trylock+0xe/0x60 [ 46.578526] ? vprintk_emit+0x1ea/0x600 [ 46.578527] __down_trylock_console_sem+0x97/0x1f0 [ 46.578529] console_trylock+0x14/0x70 [ 46.578530] vprintk_emit+0x1ea/0x600 [ 46.578531] vprintk_func+0x58/0x152 [ 46.578532] printk+0x9e/0xbc [ 46.578533] ? show_regs_print_info+0x5b/0x5b [ 46.578534] ? lock_acquire+0x170/0x3f0 [ 46.578535] ? debug_object_activate+0x10b/0x450 [ 46.578536] debug_print_object.cold+0xa7/0xdb [ 46.578538] debug_object_activate+0x307/0x450 [ 46.578539] ? debug_object_free+0x390/0x390 [ 46.578540] ? find_held_lock+0x2d/0x110 [ 46.578541] ? route4_walk+0x450/0x450 [ 46.578542] __call_rcu.constprop.0+0x31/0x7e0 [ 46.578543] route4_change+0xb27/0x1c4d [ 46.578544] ? route4_delete+0x760/0x760 [ 46.578546] ? route4_delete+0x760/0x760 [ 46.578547] tc_ctl_tfilter+0xf13/0x18e6 [ 46.578548] ? tfilter_notify+0x240/0x240 [ 46.578549] ? mutex_trylock+0x1a0/0x1a0 [ 46.578550] ? rtnetlink_rcv_msg+0x2e8/0xb10 [ 46.578551] ? tfilter_notify+0x240/0x240 [ 46.578552] rtnetlink_rcv_msg+0x3be/0xb10 [ 46.578554] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 46.578555] ? save_trace+0x290/0x290 [ 46.578556] ? save_trace+0x290/0x290 [ 46.578557] netlink_rcv_skb+0x127/0x370 [ 46.578558] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 46.578559] ? netlink_ack+0x960/0x960 [ 46.578560] netlink_unicast+0x437/0x620 [ 46.578561] ? netlink_attachskb+0x600/0x600 [ 46.578563] netlink_sendmsg+0x733/0xbe0 [ 46.578564] ? netlink_unicast+0x620/0x620 [ 46.578565] ? SYSC_sendto+0x2b0/0x2b0 [ 46.578566] ? security_socket_sendmsg+0x83/0xb0 [ 46.578567] ? netlink_unicast+0x620/0x620 [ 46.578568] sock_sendmsg+0xc5/0x100 [ 46.578569] ___sys_sendmsg+0x70a/0x840 [ 46.578571] ? trace_hardirqs_on+0x10/0x10 [ 46.578572] ? copy_msghdr_from_user+0x380/0x380 [ 46.578573] ? find_held_lock+0x2d/0x110 [ 46.578574] ? lock_downgrade+0x6e0/0x6e0 [ 46.578575] ? __fget+0x228/0x360 [ 46.578576] ? __fget_light+0x199/0x1f0 [ 46.578577] ? sockfd_lookup_light+0xb2/0x160 [ 46.578578] __sys_sendmsg+0xa3/0x120 [ 46.578579] ? SyS_shutdown+0x160/0x160 [ 46.578581] ? _raw_spin_unlock_irq+0x24/0x80 [ 46.578582] SyS_sendmsg+0x27/0x40 [ 46.578583] ? __sys_sendmsg+0x120/0x120 [ 46.578584] do_syscall_64+0x1d5/0x640 [ 46.578585] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 46.578586] RIP: 0033:0x446ed9 [ 46.578588] RSP: 002b:00007f999d398d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 46.578590] RAX: ffffffffffffffda RBX: 00000000006dbc88 RCX: 0000000000446ed9 [ 46.578592] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 46.578594] RBP: 00000000006dbc80 R08: 0000000000000000 R09: 0000000000000000 [ 46.578595] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc8c [ 46.578597] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 46.579906] Kernel Offset: disabled [ 47.459280] Rebooting in 86400 seconds..