[ 35.147358] audit: type=1800 audit(1585788767.224:33): pid=7207 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 35.174791] audit: type=1800 audit(1585788767.234:34): pid=7207 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 [ 35.696247] random: sshd: uninitialized urandom read (32 bytes read) [ 35.890701] audit: type=1400 audit(1585788767.974:35): avc: denied { map } for pid=7382 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 35.942344] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.648772] random: sshd: uninitialized urandom read (32 bytes read) [ 36.831192] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.201' (ECDSA) to the list of known hosts. [ 42.643645] random: sshd: uninitialized urandom read (32 bytes read) [ 42.763981] audit: type=1400 audit(1585788774.844:36): avc: denied { map } for pid=7394 comm="syz-executor376" path="/root/syz-executor376419935" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 43.001155] IPVS: ftp: loaded support on port[0] = 21 executing program [ 43.756266] audit: type=1400 audit(1585788775.834:37): avc: denied { create } for pid=7395 comm="syz-executor376" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 43.780436] audit: type=1400 audit(1585788775.834:38): avc: denied { write } for pid=7395 comm="syz-executor376" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 43.785469] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 43.804552] audit: type=1400 audit(1585788775.834:39): avc: denied { read } for pid=7395 comm="syz-executor376" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 43.813477] ------------[ cut here ]------------ [ 43.841806] WARNING: CPU: 1 PID: 7397 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb [ 43.850803] Kernel panic - not syncing: panic_on_warn set ... [ 43.850803] [ 43.858143] CPU: 1 PID: 7397 Comm: syz-executor376 Not tainted 4.14.174-syzkaller #0 [ 43.865998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.875350] Call Trace: [ 43.877924] dump_stack+0x13e/0x194 [ 43.881533] panic+0x1f9/0x42d [ 43.884700] ? add_taint.cold+0x16/0x16 [ 43.888668] ? debug_print_object.cold+0xa7/0xdb [ 43.893446] ? debug_print_object.cold+0xa7/0xdb [ 43.898265] __warn.cold+0x2f/0x30 [ 43.901791] ? ist_end_non_atomic+0x10/0x10 [ 43.906091] ? debug_print_object.cold+0xa7/0xdb [ 43.910823] report_bug+0x20a/0x248 [ 43.914429] do_error_trap+0x195/0x2d0 [ 43.918333] ? math_error+0x2d0/0x2d0 [ 43.922117] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.926936] invalid_op+0x1b/0x40 [ 43.930365] RIP: 0010:debug_print_object.cold+0xa7/0xdb [ 43.935700] RSP: 0018:ffff88809e287430 EFLAGS: 00010082 [ 43.941035] RAX: 0000000000000055 RBX: 0000000000000003 RCX: 0000000000000000 [ 43.948278] RDX: 0000000000000000 RSI: ffffffff86ac07e0 RDI: ffffed1013c50e7c [ 43.955523] RBP: ffffffff86ab5ee0 R08: 0000000000000055 R09: 0000000000000000 [ 43.962768] R10: fffffbfff14a8cd8 R11: ffff88808da44240 R12: 0000000000000000 [ 43.970058] R13: 0000000000000001 R14: 1ffff11013c50e90 R15: ffffffff87d84240 [ 43.977325] debug_object_activate+0x307/0x450 [ 43.981886] ? debug_object_free+0x390/0x390 [ 43.986273] ? find_held_lock+0x2d/0x110 [ 43.990309] ? route4_walk+0x450/0x450 [ 43.994207] __call_rcu.constprop.0+0x31/0x7e0 [ 43.998892] route4_change+0xb27/0x1c4d [ 44.002861] ? route4_delete+0x760/0x760 [ 44.006923] ? route4_delete+0x760/0x760 [ 44.010976] tc_ctl_tfilter+0xf13/0x18e6 [ 44.015063] ? tfilter_notify+0x240/0x240 [ 44.019192] ? mutex_trylock+0x1a0/0x1a0 [ 44.023238] ? rtnetlink_rcv_msg+0x2e8/0xb10 [ 44.027627] ? tfilter_notify+0x240/0x240 [ 44.031761] rtnetlink_rcv_msg+0x3be/0xb10 [ 44.035983] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 44.040558] ? save_trace+0x290/0x290 [ 44.044345] ? save_trace+0x290/0x290 [ 44.048121] netlink_rcv_skb+0x127/0x370 [ 44.052158] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 44.056715] ? netlink_ack+0x980/0x980 [ 44.060590] netlink_unicast+0x437/0x620 [ 44.064714] ? netlink_attachskb+0x600/0x600 [ 44.069128] netlink_sendmsg+0x733/0xbe0 [ 44.073181] ? netlink_unicast+0x620/0x620 [ 44.077407] ? SYSC_sendto+0x2b0/0x2b0 [ 44.081280] ? security_socket_sendmsg+0x83/0xb0 [ 44.086011] ? netlink_unicast+0x620/0x620 [ 44.090262] sock_sendmsg+0xc5/0x100 [ 44.093973] ___sys_sendmsg+0x70a/0x840 [ 44.097931] ? trace_hardirqs_on+0x10/0x10 [ 44.102146] ? copy_msghdr_from_user+0x380/0x380 [ 44.106882] ? find_held_lock+0x2d/0x110 [ 44.110924] ? lock_downgrade+0x6e0/0x6e0 [ 44.115052] ? __fget+0x228/0x360 [ 44.118485] ? __fget_light+0x199/0x1f0 [ 44.122439] ? sockfd_lookup_light+0xb2/0x160 [ 44.126908] __sys_sendmsg+0xa3/0x120 [ 44.130688] ? SyS_shutdown+0x160/0x160 [ 44.134639] ? move_addr_to_kernel+0x60/0x60 [ 44.139042] SyS_sendmsg+0x27/0x40 [ 44.142560] ? __sys_sendmsg+0x120/0x120 [ 44.146599] do_syscall_64+0x1d5/0x640 [ 44.150464] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.155631] RIP: 0033:0x446d29 [ 44.158797] RSP: 002b:00007f4f2080fd98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 44.166493] RAX: ffffffffffffffda RBX: 00000000006dcc78 RCX: 0000000000446d29 [ 44.173737] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 44.180996] RBP: 00000000006dcc70 R08: 0000000000000000 R09: 0000000000000000 [ 44.188240] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc7c [ 44.195499] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 44.202763] [ 44.202766] ====================================================== [ 44.202768] WARNING: possible circular locking dependency detected [ 44.202769] 4.14.174-syzkaller #0 Not tainted [ 44.202771] ------------------------------------------------------ [ 44.202772] syz-executor376/7397 is trying to acquire lock: [ 44.202773] ((console_sem).lock){-...}, at: [] down_trylock+0xe/0x60 [ 44.202777] [ 44.202778] but task is already holding lock: [ 44.202779] (&obj_hash[i].lock){-.-.}, at: [] debug_object_activate+0x10b/0x450 [ 44.202783] [ 44.202785] which lock already depends on the new lock. [ 44.202785] [ 44.202786] [ 44.202788] the existing dependency chain (in reverse order) is: [ 44.202788] [ 44.202789] -> #5 (&obj_hash[i].lock){-.-.}: [ 44.202793] _raw_spin_lock_irqsave+0x8c/0xbf [ 44.202795] debug_object_activate+0x10b/0x450 [ 44.202796] enqueue_hrtimer+0x22/0x3b0 [ 44.202797] hrtimer_start_range_ns+0x4e6/0x1060 [ 44.202799] schedule_hrtimeout_range_clock+0x13c/0x2f0 [ 44.202800] wait_task_inactive+0x478/0x530 [ 44.202802] __kthread_bind_mask+0x1f/0xb0 [ 44.202803] create_worker+0x313/0x530 [ 44.202804] workqueue_init+0x55f/0x66e [ 44.202805] kernel_init_freeable+0x2ab/0x526 [ 44.202806] kernel_init+0xd/0x15b [ 44.202808] ret_from_fork+0x24/0x30 [ 44.202808] [ 44.202809] -> #4 (hrtimer_bases.lock){-.-.}: [ 44.202813] _raw_spin_lock_irqsave+0x8c/0xbf [ 44.202815] lock_hrtimer_base.isra.0+0x6d/0x120 [ 44.202816] hrtimer_start_range_ns+0x7b/0x1060 [ 44.202817] enqueue_task_rt+0x94d/0xdb0 [ 44.202819] __sched_setscheduler.constprop.0+0xc11/0x1f70 [ 44.202820] _sched_setscheduler+0xf9/0x150 [ 44.202821] watchdog_enable+0xff/0x150 [ 44.202823] smpboot_thread_fn+0x40d/0x920 [ 44.202824] kthread+0x30d/0x420 [ 44.202825] ret_from_fork+0x24/0x30 [ 44.202825] [ 44.202826] -> #3 (&rt_b->rt_runtime_lock){-.-.}: [ 44.202830] _raw_spin_lock+0x2a/0x40 [ 44.202832] enqueue_task_rt+0x508/0xdb0 [ 44.202833] __sched_setscheduler.constprop.0+0xc11/0x1f70 [ 44.202834] _sched_setscheduler+0xf9/0x150 [ 44.202836] watchdog_enable+0xff/0x150 [ 44.202837] smpboot_thread_fn+0x40d/0x920 [ 44.202838] kthread+0x30d/0x420 [ 44.202840] ret_from_fork+0x24/0x30 [ 44.202840] [ 44.202841] -> #2 (&rq->lock){-.-.}: [ 44.202845] _raw_spin_lock+0x2a/0x40 [ 44.202846] task_fork_fair+0x63/0x5b0 [ 44.202847] sched_fork+0x39a/0xbd0 [ 44.202849] copy_process.part.0+0x15b7/0x6a70 [ 44.202850] _do_fork+0x180/0xc80 [ 44.202851] kernel_thread+0x2f/0x40 [ 44.202852] rest_init+0x1f/0x1d2 [ 44.202853] start_kernel+0x659/0x676 [ 44.202854] secondary_startup_64+0xa5/0xb0 [ 44.202855] [ 44.202856] -> #1 (&p->pi_lock){-.-.}: [ 44.202860] _raw_spin_lock_irqsave+0x8c/0xbf [ 44.202861] try_to_wake_up+0x6a/0xef0 [ 44.202862] up+0x92/0xe0 [ 44.202863] __up_console_sem+0xa9/0x1b0 [ 44.202865] console_unlock+0x596/0xec0 [ 44.202866] vprintk_emit+0x1f8/0x600 [ 44.202867] vprintk_func+0x58/0x152 [ 44.202868] printk+0x9e/0xbc [ 44.202869] kauditd_hold_skb.cold+0x3e/0x4d [ 44.202871] kauditd_send_queue+0xfb/0x140 [ 44.202872] kauditd_thread+0x625/0x840 [ 44.202873] kthread+0x30d/0x420 [ 44.202874] ret_from_fork+0x24/0x30 [ 44.202875] [ 44.202875] -> #0 ((console_sem).lock){-...}: [ 44.202880] lock_acquire+0x170/0x3f0 [ 44.202881] _raw_spin_lock_irqsave+0x8c/0xbf [ 44.202882] down_trylock+0xe/0x60 [ 44.202884] __down_trylock_console_sem+0x97/0x1f0 [ 44.202885] console_trylock+0x14/0x70 [ 44.202886] vprintk_emit+0x1ea/0x600 [ 44.202887] vprintk_func+0x58/0x152 [ 44.202888] printk+0x9e/0xbc [ 44.202890] debug_print_object.cold+0xa7/0xdb [ 44.202891] debug_object_activate+0x307/0x450 [ 44.202892] __call_rcu.constprop.0+0x31/0x7e0 [ 44.202893] route4_change+0xb27/0x1c4d [ 44.202895] tc_ctl_tfilter+0xf13/0x18e6 [ 44.202896] rtnetlink_rcv_msg+0x3be/0xb10 [ 44.202897] netlink_rcv_skb+0x127/0x370 [ 44.202898] netlink_unicast+0x437/0x620 [ 44.202900] netlink_sendmsg+0x733/0xbe0 [ 44.202901] sock_sendmsg+0xc5/0x100 [ 44.202902] ___sys_sendmsg+0x70a/0x840 [ 44.202903] __sys_sendmsg+0xa3/0x120 [ 44.202904] SyS_sendmsg+0x27/0x40 [ 44.202906] do_syscall_64+0x1d5/0x640 [ 44.202907] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.202908] [ 44.202909] other info that might help us debug this: [ 44.202910] [ 44.202911] Chain exists of: [ 44.202911] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 44.202917] [ 44.202918] Possible unsafe locking scenario: [ 44.202918] [ 44.202920] CPU0 CPU1 [ 44.202921] ---- ---- [ 44.202922] lock(&obj_hash[i].lock); [ 44.202924] lock(hrtimer_bases.lock); [ 44.202927] lock(&obj_hash[i].lock); [ 44.202930] lock((console_sem).lock); [ 44.202932] [ 44.202933] *** DEADLOCK *** [ 44.202933] [ 44.202935] 2 locks held by syz-executor376/7397: [ 44.202935] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 [ 44.202940] #1: (&obj_hash[i].lock){-.-.}, at: [] debug_object_activate+0x10b/0x450 [ 44.202944] [ 44.202945] stack backtrace: [ 44.202947] CPU: 1 PID: 7397 Comm: syz-executor376 Not tainted 4.14.174-syzkaller #0 [ 44.202950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.202950] Call Trace: [ 44.202952] dump_stack+0x13e/0x194 [ 44.202953] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 44.202954] __lock_acquire+0x2cb3/0x4620 [ 44.202955] ? string+0x17e/0x1d0 [ 44.202957] ? trace_hardirqs_on+0x10/0x10 [ 44.202958] ? netdev_bits+0xa0/0xa0 [ 44.202959] ? kvm_clock_read+0x1f/0x30 [ 44.202960] ? kvm_sched_clock_read+0x5/0x10 [ 44.202961] lock_acquire+0x170/0x3f0 [ 44.202962] ? down_trylock+0xe/0x60 [ 44.202964] _raw_spin_lock_irqsave+0x8c/0xbf [ 44.202965] ? down_trylock+0xe/0x60 [ 44.202966] down_trylock+0xe/0x60 [ 44.202967] ? vprintk_emit+0x1ea/0x600 [ 44.202969] __down_trylock_console_sem+0x97/0x1f0 [ 44.202970] console_trylock+0x14/0x70 [ 44.202971] vprintk_emit+0x1ea/0x600 [ 44.202972] vprintk_func+0x58/0x152 [ 44.202973] printk+0x9e/0xbc [ 44.202974] ? show_regs_print_info+0x5b/0x5b [ 44.202975] ? lock_acquire+0x170/0x3f0 [ 44.202977] ? debug_object_activate+0x10b/0x450 [ 44.202978] debug_print_object.cold+0xa7/0xdb [ 44.202979] debug_object_activate+0x307/0x450 [ 44.202980] ? debug_object_free+0x390/0x390 [ 44.202982] ? find_held_lock+0x2d/0x110 [ 44.202983] ? route4_walk+0x450/0x450 [ 44.202984] __call_rcu.constprop.0+0x31/0x7e0 [ 44.202985] route4_change+0xb27/0x1c4d [ 44.202986] ? route4_delete+0x760/0x760 [ 44.202988] ? route4_delete+0x760/0x760 [ 44.202989] tc_ctl_tfilter+0xf13/0x18e6 [ 44.202990] ? tfilter_notify+0x240/0x240 [ 44.202991] ? mutex_trylock+0x1a0/0x1a0 [ 44.202993] ? rtnetlink_rcv_msg+0x2e8/0xb10 [ 44.202994] ? tfilter_notify+0x240/0x240 [ 44.202995] rtnetlink_rcv_msg+0x3be/0xb10 [ 44.202996] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 44.202998] ? save_trace+0x290/0x290 [ 44.202999] ? save_trace+0x290/0x290 [ 44.203000] netlink_rcv_skb+0x127/0x370 [ 44.203001] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 44.203002] ? netlink_ack+0x980/0x980 [ 44.203003] netlink_unicast+0x437/0x620 [ 44.203005] ? netlink_attachskb+0x600/0x600 [ 44.203006] netlink_sendmsg+0x733/0xbe0 [ 44.203007] ? netlink_unicast+0x620/0x620 [ 44.203008] ? SYSC_sendto+0x2b0/0x2b0 [ 44.203010] ? security_socket_sendmsg+0x83/0xb0 [ 44.203011] ? netlink_unicast+0x620/0x620 [ 44.203012] sock_sendmsg+0xc5/0x100 [ 44.203013] ___sys_sendmsg+0x70a/0x840 [ 44.203014] ? trace_hardirqs_on+0x10/0x10 [ 44.203015] ? copy_msghdr_from_user+0x380/0x380 [ 44.203017] ? find_held_lock+0x2d/0x110 [ 44.203018] ? lock_downgrade+0x6e0/0x6e0 [ 44.203019] ? __fget+0x228/0x360 [ 44.203020] ? __fget_light+0x199/0x1f0 [ 44.203021] ? sockfd_lookup_light+0xb2/0x160 [ 44.203022] __sys_sendmsg+0xa3/0x120 [ 44.203024] ? SyS_shutdown+0x160/0x160 [ 44.203025] ? move_addr_to_kernel+0x60/0x60 [ 44.203026] SyS_sendmsg+0x27/0x40 [ 44.203027] ? __sys_sendmsg+0x120/0x120 [ 44.203028] do_syscall_64+0x1d5/0x640 [ 44.203030] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.203031] RIP: 0033:0x446d29 [ 44.203032] RSP: 002b:00007f4f2080fd98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 44.203035] RAX: ffffffffffffffda RBX: 00000000006dcc78 RCX: 0000000000446d29 [ 44.203037] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 44.203039] RBP: 00000000006dcc70 R08: 0000000000000000 R09: 0000000000000000 [ 44.203041] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc7c [ 44.203042] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 44.204346] Kernel Offset: disabled [ 45.086342] Rebooting in 86400 seconds..