Warning: Permanently added '10.128.0.236' (ECDSA) to the list of known hosts. [ 73.542335] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 73.671177] audit: type=1400 audit(1565803269.575:36): avc: denied { map } for pid=6861 comm="syz-executor295" path="/root/syz-executor295763420" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 executing program executing program [ 78.681196] ODEBUG: free active (active state 0) object type: timer_list hint: rfcomm_dlc_timeout+0x0/0x60 [ 78.691615] ------------[ cut here ]------------ [ 78.696352] WARNING: CPU: 0 PID: 6864 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb [ 78.705335] Kernel panic - not syncing: panic_on_warn set ... [ 78.705335] [ 78.712672] CPU: 0 PID: 6864 Comm: syz-executor295 Not tainted 4.14.138 #34 [ 78.719755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.729184] Call Trace: [ 78.731847] dump_stack+0x138/0x19c [ 78.735455] panic+0x1f2/0x426 [ 78.738671] ? add_taint.cold+0x16/0x16 [ 78.742637] ? debug_print_object.cold+0xa7/0xdb [ 78.747371] ? debug_print_object.cold+0xa7/0xdb [ 78.752103] __warn.cold+0x2f/0x36 [ 78.755772] ? ist_end_non_atomic+0x10/0x10 [ 78.760069] ? debug_print_object.cold+0xa7/0xdb [ 78.764803] report_bug+0x216/0x254 [ 78.768407] do_error_trap+0x1bb/0x310 [ 78.772271] ? math_error+0x360/0x360 [ 78.776050] ? vprintk_emit+0x171/0x600 [ 78.780003] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 78.784835] do_invalid_op+0x1b/0x20 [ 78.788571] invalid_op+0x1b/0x40 [ 78.792007] RIP: 0010:debug_print_object.cold+0xa7/0xdb [ 78.797342] RSP: 0018:ffff8880a6077aa8 EFLAGS: 00010086 [ 78.803065] RAX: 000000000000005e RBX: 0000000000000003 RCX: 0000000000000000 [ 78.810318] RDX: 0000000000000000 RSI: ffffffff866d0ee0 RDI: ffffed1014c0ef4b [ 78.817566] RBP: ffff8880a6077ad0 R08: 000000000000005e R09: 0000000000000000 [ 78.824814] R10: 0000000000000000 R11: ffff888090f0c000 R12: ffffffff866cc0e0 [ 78.832061] R13: ffffffff85828a20 R14: 0000000000000000 R15: ffff8880a8b592e8 [ 78.839319] ? rfcomm_session_add+0x340/0x340 [ 78.843805] ? debug_print_object.cold+0xa7/0xdb [ 78.848601] debug_check_no_obj_freed+0x3f5/0x7b7 [ 78.853434] ? free_obj_work+0x6d0/0x6d0 [ 78.857506] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 78.862942] kfree+0xbd/0x270 [ 78.866026] rfcomm_dlc_free+0x20/0x30 [ 78.869889] rfcomm_dev_ioctl+0x1590/0x18b0 [ 78.874186] ? mark_held_locks+0xb1/0x100 [ 78.878330] ? __local_bh_enable_ip+0x99/0x1a0 [ 78.882896] ? rfcomm_dev_state_change+0x130/0x130 [ 78.887800] ? __local_bh_enable_ip+0x99/0x1a0 [ 78.892359] rfcomm_sock_ioctl+0x82/0xa0 [ 78.896537] sock_do_ioctl+0x64/0xb0 [ 78.900240] sock_ioctl+0x2a6/0x470 [ 78.903851] ? dlci_ioctl_set+0x40/0x40 [ 78.907806] do_vfs_ioctl+0x7ae/0x1060 [ 78.911768] ? selinux_file_mprotect+0x5d0/0x5d0 [ 78.916501] ? ioctl_preallocate+0x1c0/0x1c0 [ 78.920886] ? fd_install+0x4d/0x60 [ 78.924491] ? security_file_ioctl+0x7d/0xb0 [ 78.928872] ? security_file_ioctl+0x89/0xb0 [ 78.933261] SyS_ioctl+0x8f/0xc0 [ 78.936608] ? do_vfs_ioctl+0x1060/0x1060 [ 78.940845] do_syscall_64+0x1e8/0x640 [ 78.944810] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 78.949663] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 78.954827] RIP: 0033:0x441229 [ 78.958012] RSP: 002b:00007ffc66343cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 78.965706] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441229 [ 78.972954] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000004 [ 78.980197] RBP: 0000000000013353 R08: 00000000004002c8 R09: 00000000004002c8 [ 78.987455] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402050 [ 78.994704] R13: 00000000004020e0 R14: 0000000000000000 R15: 0000000000000000 [ 79.001963] [ 79.001965] ====================================================== [ 79.001966] WARNING: possible circular locking dependency detected [ 79.001967] 4.14.138 #34 Not tainted [ 79.001969] ------------------------------------------------------ [ 79.001971] syz-executor295/6864 is trying to acquire lock: [ 79.001971] ((console_sem).lock){-...}, at: [] down_trylock+0x13/0x70 [ 79.001976] [ 79.001977] but task is already holding lock: [ 79.001978] (&obj_hash[i].lock){-.-.}, at: [] debug_check_no_obj_freed+0x12d/0x7b7 [ 79.001982] [ 79.001984] which lock already depends on the new lock. [ 79.001985] [ 79.001985] [ 79.001987] the existing dependency chain (in reverse order) is: [ 79.001988] [ 79.001989] -> #3 (&obj_hash[i].lock){-.-.}: [ 79.001993] lock_acquire+0x16f/0x430 [ 79.001994] _raw_spin_lock_irqsave+0x95/0xcd [ 79.001996] __debug_object_init+0xa9/0x8e0 [ 79.001997] debug_object_init+0x16/0x20 [ 79.001998] hrtimer_init+0x2a/0x2e0 [ 79.001999] init_dl_task_timer+0x1b/0x50 [ 79.002000] __sched_fork+0x222/0xab0 [ 79.002001] init_idle+0x75/0x800 [ 79.002002] sched_init+0xaa1/0xbb3 [ 79.002003] start_kernel+0x339/0x6fd [ 79.002005] x86_64_start_reservations+0x29/0x2b [ 79.002006] x86_64_start_kernel+0x77/0x7b [ 79.002007] secondary_startup_64+0xa5/0xb0 [ 79.002008] [ 79.002009] -> #2 (&rq->lock){-.-.}: [ 79.002012] lock_acquire+0x16f/0x430 [ 79.002014] _raw_spin_lock+0x2f/0x40 [ 79.002015] task_fork_fair+0x63/0x5b0 [ 79.002016] sched_fork+0x3a6/0xc10 [ 79.002017] copy_process.part.0+0x15b7/0x6a00 [ 79.002018] _do_fork+0x19e/0xce0 [ 79.002020] kernel_thread+0x34/0x40 [ 79.002021] rest_init+0x24/0x1e2 [ 79.002022] start_kernel+0x6df/0x6fd [ 79.002023] x86_64_start_reservations+0x29/0x2b [ 79.002024] x86_64_start_kernel+0x77/0x7b [ 79.002025] secondary_startup_64+0xa5/0xb0 [ 79.002026] [ 79.002027] -> #1 (&p->pi_lock){-.-.}: [ 79.002031] lock_acquire+0x16f/0x430 [ 79.002032] _raw_spin_lock_irqsave+0x95/0xcd [ 79.002033] try_to_wake_up+0x79/0xf90 [ 79.002034] wake_up_process+0x10/0x20 [ 79.002035] __up.isra.0+0x136/0x1a0 [ 79.002036] up+0x9c/0xe0 [ 79.002038] __up_console_sem+0xad/0x1b0 [ 79.002039] console_unlock+0x59d/0xed0 [ 79.002040] con_install+0x31f/0x400 [ 79.002041] tty_init_dev+0xea/0x3a0 [ 79.002042] tty_open+0x406/0x9a0 [ 79.002043] chrdev_open+0x207/0x590 [ 79.002044] do_dentry_open+0x73b/0xeb0 [ 79.002045] vfs_open+0x105/0x220 [ 79.002046] path_openat+0x8bd/0x3f70 [ 79.002048] do_filp_open+0x18e/0x250 [ 79.002049] do_sys_open+0x2c5/0x430 [ 79.002050] SyS_open+0x2d/0x40 [ 79.002051] do_syscall_64+0x1e8/0x640 [ 79.002052] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 79.002053] [ 79.002054] -> #0 ((console_sem).lock){-...}: [ 79.002058] __lock_acquire+0x2cb3/0x4620 [ 79.002059] lock_acquire+0x16f/0x430 [ 79.002060] _raw_spin_lock_irqsave+0x95/0xcd [ 79.002061] down_trylock+0x13/0x70 [ 79.002063] __down_trylock_console_sem+0x9c/0x200 [ 79.002064] console_trylock+0x17/0x80 [ 79.002065] vprintk_emit+0x1eb/0x600 [ 79.002066] vprintk_default+0x28/0x30 [ 79.002068] vprintk_func+0x5d/0x159 [ 79.002069] printk+0x9e/0xbc [ 79.002070] debug_print_object.cold+0xa7/0xdb [ 79.002071] debug_check_no_obj_freed+0x3f5/0x7b7 [ 79.002072] kfree+0xbd/0x270 [ 79.002074] rfcomm_dlc_free+0x20/0x30 [ 79.002075] rfcomm_dev_ioctl+0x1590/0x18b0 [ 79.002076] rfcomm_sock_ioctl+0x82/0xa0 [ 79.002078] sock_do_ioctl+0x64/0xb0 [ 79.002079] sock_ioctl+0x2a6/0x470 [ 79.002080] do_vfs_ioctl+0x7ae/0x1060 [ 79.002081] SyS_ioctl+0x8f/0xc0 [ 79.002083] do_syscall_64+0x1e8/0x640 [ 79.002084] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 79.002085] [ 79.002086] other info that might help us debug this: [ 79.002087] [ 79.002088] Chain exists of: [ 79.002089] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 79.002094] [ 79.002095] Possible unsafe locking scenario: [ 79.002096] [ 79.002097] CPU0 CPU1 [ 79.002098] ---- ---- [ 79.002099] lock(&obj_hash[i].lock); [ 79.002102] lock(&rq->lock); [ 79.002105] lock(&obj_hash[i].lock); [ 79.002107] lock((console_sem).lock); [ 79.002109] [ 79.002110] *** DEADLOCK *** [ 79.002111] [ 79.002112] 3 locks held by syz-executor295/6864: [ 79.002113] #0: (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}, at: [] rfcomm_sock_ioctl+0x74/0xa0 [ 79.002117] #1: (rfcomm_ioctl_mutex){+.+.}, at: [] rfcomm_dev_ioctl+0x442/0x18b0 [ 79.002122] #2: (&obj_hash[i].lock){-.-.}, at: [] debug_check_no_obj_freed+0x12d/0x7b7 [ 79.002126] [ 79.002127] stack backtrace: [ 79.002129] CPU: 0 PID: 6864 Comm: syz-executor295 Not tainted 4.14.138 #34 [ 79.002131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.002132] Call Trace: [ 79.002133] dump_stack+0x138/0x19c [ 79.002134] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 79.002135] __lock_acquire+0x2cb3/0x4620 [ 79.002137] ? add_lock_to_list.isra.0+0x17c/0x330 [ 79.002138] ? trace_hardirqs_on+0x10/0x10 [ 79.002139] ? netdev_bits+0xb0/0xb0 [ 79.002140] ? save_trace+0x290/0x290 [ 79.002141] ? kvm_clock_read+0x23/0x40 [ 79.002142] ? kvm_sched_clock_read+0x9/0x20 [ 79.002144] lock_acquire+0x16f/0x430 [ 79.002145] ? down_trylock+0x13/0x70 [ 79.002146] ? vprintk_emit+0x109/0x600 [ 79.002147] _raw_spin_lock_irqsave+0x95/0xcd [ 79.002149] ? down_trylock+0x13/0x70 [ 79.002150] ? vprintk_emit+0x1eb/0x600 [ 79.002151] down_trylock+0x13/0x70 [ 79.002152] ? vprintk_emit+0x1eb/0x600 [ 79.002153] __down_trylock_console_sem+0x9c/0x200 [ 79.002154] console_trylock+0x17/0x80 [ 79.002155] vprintk_emit+0x1eb/0x600 [ 79.002156] vprintk_default+0x28/0x30 [ 79.002157] vprintk_func+0x5d/0x159 [ 79.002159] ? rfcomm_session_add+0x340/0x340 [ 79.002160] printk+0x9e/0xbc [ 79.002161] ? show_regs_print_info+0x63/0x63 [ 79.002162] ? lock_acquire+0x16f/0x430 [ 79.002163] ? debug_check_no_obj_freed+0x12d/0x7b7 [ 79.002165] ? rfcomm_session_add+0x340/0x340 [ 79.002166] debug_print_object.cold+0xa7/0xdb [ 79.002167] debug_check_no_obj_freed+0x3f5/0x7b7 [ 79.002168] ? free_obj_work+0x6d0/0x6d0 [ 79.002170] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 79.002171] kfree+0xbd/0x270 [ 79.002172] rfcomm_dlc_free+0x20/0x30 [ 79.002173] rfcomm_dev_ioctl+0x1590/0x18b0 [ 79.002174] ? mark_held_locks+0xb1/0x100 [ 79.002175] ? __local_bh_enable_ip+0x99/0x1a0 [ 79.002176] ? rfcomm_dev_state_change+0x130/0x130 [ 79.002178] ? __local_bh_enable_ip+0x99/0x1a0 [ 79.002179] rfcomm_sock_ioctl+0x82/0xa0 [ 79.002180] sock_do_ioctl+0x64/0xb0 [ 79.002181] sock_ioctl+0x2a6/0x470 [ 79.002182] ? dlci_ioctl_set+0x40/0x40 [ 79.002183] do_vfs_ioctl+0x7ae/0x1060 [ 79.002184] ? selinux_file_mprotect+0x5d0/0x5d0 [ 79.002186] ? ioctl_preallocate+0x1c0/0x1c0 [ 79.002187] ? fd_install+0x4d/0x60 [ 79.002188] ? security_file_ioctl+0x7d/0xb0 [ 79.002189] ? security_file_ioctl+0x89/0xb0 [ 79.002190] SyS_ioctl+0x8f/0xc0 [ 79.002191] ? do_vfs_ioctl+0x1060/0x1060 [ 79.002192] do_syscall_64+0x1e8/0x640 [ 79.002194] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 79.002195] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 79.002196] RIP: 0033:0x441229 [ 79.002197] RSP: 002b:00007ffc66343cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 79.002201] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441229 [ 79.002202] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000004 [ 79.002204] RBP: 0000000000013353 R08: 00000000004002c8 R09: 00000000004002c8 [ 79.002206] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402050 [ 79.002207] R13: 00000000004020e0 R14: 0000000000000000 R15: 0000000000000000 [ 79.003282] Kernel Offset: disabled [ 79.794273] Rebooting in 86400 seconds..