[ 44.386409] audit: type=1800 audit(1584825405.321:31): pid=7819 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 44.425944] audit: type=1800 audit(1584825405.321:32): pid=7819 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.148' (ECDSA) to the list of known hosts. syzkaller login: [ 53.316705] kauditd_printk_skb: 3 callbacks suppressed [ 53.316719] audit: type=1400 audit(1584825414.311:36): avc: denied { map } for pid=8010 comm="syz-executor625" path="/root/syz-executor625638077" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 53.332494] IPVS: ftp: loaded support on port[0] = 21 executing program [ 53.379113] audit: type=1400 audit(1584825414.371:37): avc: denied { create } for pid=8011 comm="syz-executor625" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 53.398103] ------------[ cut here ]------------ [ 53.403295] audit: type=1400 audit(1584825414.371:38): avc: denied { write } for pid=8011 comm="syz-executor625" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 53.407963] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 53.432269] audit: type=1400 audit(1584825414.371:39): avc: denied { read } for pid=8011 comm="syz-executor625" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 53.441104] WARNING: CPU: 0 PID: 8012 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 53.473287] Kernel panic - not syncing: panic_on_warn set ... [ 53.473287] [ 53.480634] CPU: 0 PID: 8012 Comm: syz-executor625 Not tainted 4.19.112-syzkaller #0 [ 53.488521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.497867] Call Trace: [ 53.500456] dump_stack+0x188/0x20d [ 53.504068] panic+0x26a/0x50e [ 53.507244] ? __warn_printk+0xf3/0xf3 [ 53.511120] ? debug_print_object+0x160/0x250 [ 53.515609] ? __probe_kernel_read+0x16c/0x1b0 [ 53.520172] ? __warn.cold+0x5/0x46 [ 53.523778] ? __warn+0xe4/0x1c0 [ 53.527125] ? debug_print_object+0x160/0x250 [ 53.531614] __warn.cold+0x20/0x46 [ 53.535137] ? debug_print_object+0x160/0x250 [ 53.539612] report_bug+0x262/0x2a0 [ 53.543225] do_error_trap+0x1d7/0x310 [ 53.547094] ? math_error+0x310/0x310 [ 53.551317] ? irq_work_claim+0xa6/0xc0 [ 53.555287] ? irq_work_queue+0x2b/0x80 [ 53.559285] ? wake_up_klogd+0x8c/0xc0 [ 53.563188] ? trace_hardirqs_off_caller+0x55/0x210 [ 53.568207] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.573058] invalid_op+0x14/0x20 [ 53.576533] RIP: 0010:debug_print_object+0x160/0x250 [ 53.581648] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 9b f6 e6 fd <0f> 0b 83 05 23 a5 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 53.600639] RSP: 0018:ffff888092e6f268 EFLAGS: 00010086 [ 53.605987] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 53.613290] RDX: 0000000000000000 RSI: ffffffff8152d3a1 RDI: ffffed10125cde3f [ 53.620545] RBP: 0000000000000001 R08: ffff88808ce9e5c0 R09: ffffed1015cc3ee3 [ 53.627823] R10: ffffed1015cc3ee2 R11: ffff8880ae61f717 R12: ffffffff88b928c0 [ 53.635073] R13: 0000000000000000 R14: ffff888091482160 R15: 1ffff110125cde5a [ 53.642352] ? vprintk_func+0x81/0x17e [ 53.646222] ? debug_print_object+0x160/0x250 [ 53.650715] debug_object_activate+0x357/0x4e0 [ 53.655308] ? debug_object_free+0x3e0/0x3e0 [ 53.659701] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 53.664279] ? route4_change+0xbab/0x2210 [ 53.668409] ? delayed_work_timer_fn+0x90/0x90 [ 53.672975] __call_rcu.constprop.0+0x31/0x7e0 [ 53.677540] ? mark_held_locks+0xa6/0xf0 [ 53.681595] queue_rcu_work+0x75/0x90 [ 53.685376] route4_change+0xe6a/0x2210 [ 53.689335] ? route4_init+0xa0/0xa0 [ 53.693044] ? route4_init+0xa0/0xa0 [ 53.696740] tc_new_tfilter+0xa6b/0x1450 [ 53.700805] ? tc_del_tfilter+0xd40/0xd40 [ 53.704939] ? __mutex_lock+0x3cd/0x1300 [ 53.708980] ? selinux_ipv4_output+0x50/0x50 [ 53.713382] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 53.717776] ? tc_del_tfilter+0xd40/0xd40 [ 53.721913] rtnetlink_rcv_msg+0x453/0xaf0 [ 53.726152] ? rtnetlink_put_metrics+0x520/0x520 [ 53.730900] ? find_held_lock+0x2d/0x110 [ 53.734951] netlink_rcv_skb+0x160/0x410 [ 53.739003] ? rtnetlink_put_metrics+0x520/0x520 [ 53.744019] ? netlink_ack+0xa60/0xa60 [ 53.747988] netlink_unicast+0x4d7/0x6a0 [ 53.752035] ? netlink_attachskb+0x710/0x710 [ 53.756427] netlink_sendmsg+0x80b/0xcd0 [ 53.760569] ? netlink_unicast+0x6a0/0x6a0 [ 53.764789] ? move_addr_to_kernel.part.0+0x110/0x110 [ 53.769968] ? netlink_unicast+0x6a0/0x6a0 [ 53.774183] sock_sendmsg+0xcf/0x120 [ 53.777892] ___sys_sendmsg+0x803/0x920 [ 53.781848] ? copy_msghdr_from_user+0x410/0x410 [ 53.786584] ? __fget+0x319/0x510 [ 53.790041] ? lock_downgrade+0x740/0x740 [ 53.794189] ? check_preemption_disabled+0x41/0x280 [ 53.799202] ? __fget+0x340/0x510 [ 53.802780] ? iterate_fd+0x350/0x350 [ 53.806577] ? find_held_lock+0x2d/0x110 [ 53.810623] ? __fd_install+0x1b4/0x610 [ 53.814601] ? __fget_light+0x1d1/0x230 [ 53.819086] __sys_sendmsg+0xec/0x1b0 [ 53.823310] ? __ia32_sys_shutdown+0x70/0x70 [ 53.827706] ? __x64_sys_futex+0x386/0x4f0 [ 53.831932] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 53.836682] ? trace_hardirqs_off_caller+0x55/0x210 [ 53.841787] ? do_syscall_64+0x21/0x620 [ 53.845758] do_syscall_64+0xf9/0x620 [ 53.849549] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.854742] RIP: 0033:0x446da9 [ 53.857937] Code: e8 ec 0f 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.876823] RSP: 002b:00007efd4c4c4d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.884511] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 0000000000446da9 [ 53.891772] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 53.899029] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 53.906630] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc6c [ 53.913943] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 53.921217] [ 53.921221] ====================================================== [ 53.921223] WARNING: possible circular locking dependency detected [ 53.921225] 4.19.112-syzkaller #0 Not tainted [ 53.921228] ------------------------------------------------------ [ 53.921231] syz-executor625/8012 is trying to acquire lock: [ 53.921233] 000000003299d592 ((console_sem).lock){-...}, at: down_trylock+0xe/0x60 [ 53.921240] [ 53.921242] but task is already holding lock: [ 53.921244] 000000009d2864ee (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 53.921251] [ 53.921254] which lock already depends on the new lock. [ 53.921255] [ 53.921256] [ 53.921259] the existing dependency chain (in reverse order) is: [ 53.921260] [ 53.921261] -> #5 (&obj_hash[i].lock){-.-.}: [ 53.921268] debug_object_activate+0x131/0x4e0 [ 53.921270] enqueue_hrtimer+0x27/0x3f0 [ 53.921273] hrtimer_start_range_ns+0x580/0xbe0 [ 53.921275] schedule_hrtimeout_range_clock+0x17a/0x360 [ 53.921277] wait_task_inactive+0x443/0x550 [ 53.921280] __kthread_bind_mask+0x1f/0xb0 [ 53.921282] init_rescuer.part.0+0xf2/0x190 [ 53.921284] workqueue_init+0x504/0x7e9 [ 53.921286] kernel_init_freeable+0x2bd/0x5bb [ 53.921288] kernel_init+0xd/0x1c2 [ 53.921290] ret_from_fork+0x24/0x30 [ 53.921291] [ 53.921292] -> #4 (hrtimer_bases.lock){-.-.}: [ 53.921299] lock_hrtimer_base.isra.0+0x6d/0x120 [ 53.921302] hrtimer_start_range_ns+0xf5/0xbe0 [ 53.921304] enqueue_task_rt+0x97f/0xdf0 [ 53.921306] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 53.921309] _sched_setscheduler+0xee/0x180 [ 53.921311] watchdog_dev_init+0xdd/0x1ae [ 53.921313] watchdog_init+0x14/0x17e [ 53.921315] do_one_initcall+0xf1/0x734 [ 53.921317] kernel_init_freeable+0x4c9/0x5bb [ 53.921319] kernel_init+0xd/0x1c2 [ 53.921321] ret_from_fork+0x24/0x30 [ 53.921322] [ 53.921323] -> #3 (&rt_b->rt_runtime_lock){-...}: [ 53.921330] rq_online_rt+0xaf/0x390 [ 53.921332] set_rq_online.part.0+0xe3/0x140 [ 53.921334] sched_cpu_activate+0x17f/0x270 [ 53.921336] cpuhp_invoke_callback+0x213/0x1bb0 [ 53.921339] cpuhp_thread_fun+0x440/0x840 [ 53.921341] smpboot_thread_fn+0x653/0x9d0 [ 53.921343] kthread+0x34a/0x420 [ 53.921345] ret_from_fork+0x24/0x30 [ 53.921346] [ 53.921347] -> #2 (&rq->lock){-.-.}: [ 53.921354] task_fork_fair+0x6a/0x520 [ 53.921355] sched_fork+0x3a7/0x8b0 [ 53.921358] copy_process.part.0+0x187d/0x7a60 [ 53.921360] _do_fork+0x22f/0xf40 [ 53.921362] kernel_thread+0x2f/0x40 [ 53.921363] rest_init+0x1f/0x212 [ 53.921365] start_kernel+0x7e4/0x81c [ 53.921368] secondary_startup_64+0xa4/0xb0 [ 53.921369] [ 53.921370] -> #1 (&p->pi_lock){-.-.}: [ 53.921376] try_to_wake_up+0x80/0xe90 [ 53.921378] up+0x92/0xe0 [ 53.921380] __up_console_sem+0xb3/0x1c0 [ 53.921382] console_unlock+0x64d/0xfe0 [ 53.921384] vprintk_emit+0x282/0x6e0 [ 53.921386] vprintk_func+0x79/0x17e [ 53.921388] printk+0xba/0xed [ 53.921390] regdb_fw_cb.cold+0x18/0x9c [ 53.921392] request_firmware_work_func+0x126/0x250 [ 53.921395] process_one_work+0x91f/0x1640 [ 53.921397] worker_thread+0x96/0xe20 [ 53.921399] kthread+0x34a/0x420 [ 53.921400] ret_from_fork+0x24/0x30 [ 53.921402] [ 53.921403] -> #0 ((console_sem).lock){-...}: [ 53.921410] _raw_spin_lock_irqsave+0x8c/0xbf [ 53.921412] down_trylock+0xe/0x60 [ 53.921414] __down_trylock_console_sem+0xa3/0x210 [ 53.921416] console_trylock+0x12/0x90 [ 53.921418] vprintk_emit+0x269/0x6e0 [ 53.921420] vprintk_func+0x79/0x17e [ 53.921422] printk+0xba/0xed [ 53.921424] __warn_printk+0x9b/0xf3 [ 53.921426] debug_print_object+0x160/0x250 [ 53.921428] debug_object_activate+0x357/0x4e0 [ 53.921431] __call_rcu.constprop.0+0x31/0x7e0 [ 53.921433] queue_rcu_work+0x75/0x90 [ 53.921435] route4_change+0xe6a/0x2210 [ 53.921437] tc_new_tfilter+0xa6b/0x1450 [ 53.921439] rtnetlink_rcv_msg+0x453/0xaf0 [ 53.921441] netlink_rcv_skb+0x160/0x410 [ 53.921443] netlink_unicast+0x4d7/0x6a0 [ 53.921445] netlink_sendmsg+0x80b/0xcd0 [ 53.921447] sock_sendmsg+0xcf/0x120 [ 53.921449] ___sys_sendmsg+0x803/0x920 [ 53.921451] __sys_sendmsg+0xec/0x1b0 [ 53.921453] do_syscall_64+0xf9/0x620 [ 53.921456] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.921457] [ 53.921459] other info that might help us debug this: [ 53.921460] [ 53.921462] Chain exists of: [ 53.921463] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 53.921472] [ 53.921474] Possible unsafe locking scenario: [ 53.921475] [ 53.921477] CPU0 CPU1 [ 53.921479] ---- ---- [ 53.921480] lock(&obj_hash[i].lock); [ 53.921485] lock(hrtimer_bases.lock); [ 53.921490] lock(&obj_hash[i].lock); [ 53.921494] lock((console_sem).lock); [ 53.921498] [ 53.921499] *** DEADLOCK *** [ 53.921501] [ 53.921503] 2 locks held by syz-executor625/8012: [ 53.921504] #0: 0000000083c5bf1e (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 53.921512] #1: 000000009d2864ee (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 53.921521] [ 53.921522] stack backtrace: [ 53.921526] CPU: 0 PID: 8012 Comm: syz-executor625 Not tainted 4.19.112-syzkaller #0 [ 53.921530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.921531] Call Trace: [ 53.921533] dump_stack+0x188/0x20d [ 53.921535] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 53.921537] __lock_acquire+0x2e19/0x49c0 [ 53.921540] ? add_lock_to_list.isra.0+0x179/0x330 [ 53.921542] ? save_trace+0xd6/0x290 [ 53.921544] ? mark_held_locks+0xf0/0xf0 [ 53.921546] ? format_decode+0x230/0xad0 [ 53.921548] ? kvm_clock_read+0x14/0x30 [ 53.921550] lock_acquire+0x170/0x400 [ 53.921552] ? down_trylock+0xe/0x60 [ 53.921554] _raw_spin_lock_irqsave+0x8c/0xbf [ 53.921556] ? down_trylock+0xe/0x60 [ 53.921557] down_trylock+0xe/0x60 [ 53.921559] ? vprintk_emit+0x269/0x6e0 [ 53.921562] __down_trylock_console_sem+0xa3/0x210 [ 53.921564] console_trylock+0x12/0x90 [ 53.921566] vprintk_emit+0x269/0x6e0 [ 53.921567] vprintk_func+0x79/0x17e [ 53.921569] printk+0xba/0xed [ 53.921571] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 53.921573] ? __warn_printk+0x8f/0xf3 [ 53.921575] __warn_printk+0x9b/0xf3 [ 53.921577] ? add_taint.cold+0x16/0x16 [ 53.921579] ? do_syscall_64+0xf9/0x620 [ 53.921582] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.921584] debug_print_object+0x160/0x250 [ 53.921586] debug_object_activate+0x357/0x4e0 [ 53.921588] ? debug_object_free+0x3e0/0x3e0 [ 53.921590] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 53.921592] ? route4_change+0xbab/0x2210 [ 53.921595] ? delayed_work_timer_fn+0x90/0x90 [ 53.921597] __call_rcu.constprop.0+0x31/0x7e0 [ 53.921599] ? mark_held_locks+0xa6/0xf0 [ 53.921601] queue_rcu_work+0x75/0x90 [ 53.921603] route4_change+0xe6a/0x2210 [ 53.921604] ? route4_init+0xa0/0xa0 [ 53.921606] ? route4_init+0xa0/0xa0 [ 53.921608] tc_new_tfilter+0xa6b/0x1450 [ 53.921610] ? tc_del_tfilter+0xd40/0xd40 [ 53.921612] ? __mutex_lock+0x3cd/0x1300 [ 53.921615] ? selinux_ipv4_output+0x50/0x50 [ 53.921617] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 53.921619] ? tc_del_tfilter+0xd40/0xd40 [ 53.921621] rtnetlink_rcv_msg+0x453/0xaf0 [ 53.921623] ? rtnetlink_put_metrics+0x520/0x520 [ 53.921625] ? find_held_lock+0x2d/0x110 [ 53.921627] netlink_rcv_skb+0x160/0x410 [ 53.921629] ? rtnetlink_put_metrics+0x520/0x520 [ 53.921631] ? netlink_ack+0xa60/0xa60 [ 53.921633] netlink_unicast+0x4d7/0x6a0 [ 53.921636] ? netlink_attachskb+0x710/0x710 [ 53.921638] netlink_sendmsg+0x80b/0xcd0 [ 53.921640] ? netlink_unicast+0x6a0/0x6a0 [ 53.921642] ? move_addr_to_kernel.part.0+0x110/0x110 [ 53.921644] ? netlink_unicast+0x6a0/0x6a0 [ 53.921646] sock_sendmsg+0xcf/0x120 [ 53.921648] ___sys_sendmsg+0x803/0x920 [ 53.921650] ? copy_msghdr_from_user+0x410/0x410 [ 53.921652] ? __fget+0x319/0x510 [ 53.921654] ? lock_downgrade+0x740/0x740 [ 53.921657] ? check_preemption_disabled+0x41/0x280 [ 53.921658] ? __fget+0x340/0x510 [ 53.921660] ? iterate_fd+0x350/0x350 [ 53.921662] ? find_held_lock+0x2d/0x110 [ 53.921664] ? __fd_install+0x1b4/0x610 [ 53.921666] ? __fget_light+0x1d1/0x230 [ 53.921668] __sys_sendmsg+0xec/0x1b0 [ 53.921671] ? __ia32_sys_shutdown+0x70/0x70 [ 53.921673] ? __x64_sys_futex+0x386/0x4f0 [ 53.921675] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 53.921677] ? trace_hardirqs_off_caller+0x55/0x210 [ 53.921679] ? do_syscall_64+0x21/0x620 [ 53.921681] do_syscall_64+0xf9/0x620 [ 53.921684] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.921686] RIP: 0033:0x446da9 [ 53.921693] Code: e8 ec 0f 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.921695] RSP: 002b:00007efd4c4c4d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.921700] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 0000000000446da9 [ 53.921703] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 53.921706] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 53.921709] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc6c [ 53.921713] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 53.923219] Kernel Offset: disabled [ 54.864932] Rebooting in 86400 seconds..