Warning: Permanently added '10.128.1.46' (ECDSA) to the list of known hosts.
[   47.302598] random: sshd: uninitialized urandom read (32 bytes read)
[   47.427420] audit: type=1400 audit(1585362443.194:36): avc:  denied  { map } for  pid=7506 comm="syz-executor587" path="/root/syz-executor587877169" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   47.661091] IPVS: ftp: loaded support on port[0] = 21
executing program
[   48.403166] ODEBUG: activate active (active state 1) object type: rcu_head hint:           (null)
[   48.412865] ------------[ cut here ]------------
[   48.417718] WARNING: CPU: 1 PID: 7510 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb
[   48.426857] Kernel panic - not syncing: panic_on_warn set ...
[   48.426857] 
[   48.434220] CPU: 1 PID: 7510 Comm: syz-executor587 Not tainted 4.14.174-syzkaller #0
[   48.442082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   48.451420] Call Trace:
[   48.453996]  dump_stack+0x13e/0x194
[   48.457607]  panic+0x1f9/0x42d
[   48.460825]  ? add_taint.cold+0x16/0x16
[   48.464779]  ? debug_print_object.cold+0xa7/0xdb
[   48.469513]  ? debug_print_object.cold+0xa7/0xdb
[   48.474272]  __warn.cold+0x2f/0x30
[   48.477799]  ? ist_end_non_atomic+0x10/0x10
[   48.482100]  ? debug_print_object.cold+0xa7/0xdb
[   48.486841]  report_bug+0x20a/0x248
[   48.490451]  do_error_trap+0x195/0x2d0
[   48.494318]  ? math_error+0x2d0/0x2d0
[   48.498104]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   48.502933]  invalid_op+0x1b/0x40
[   48.506399] RIP: 0010:debug_print_object.cold+0xa7/0xdb
[   48.511748] RSP: 0018:ffff88808ef2f430 EFLAGS: 00010082
[   48.517093] RAX: 0000000000000055 RBX: 0000000000000003 RCX: 0000000000000000
[   48.524346] RDX: 0000000000000000 RSI: ffffffff86ac07e0 RDI: ffffed1011de5e7c
[   48.531601] RBP: ffffffff86ab5ee0 R08: 0000000000000055 R09: 0000000000000000
[   48.538853] R10: fffffbfff14a8cd8 R11: ffff88809b318100 R12: 0000000000000000
[   48.546106] R13: 0000000000000001 R14: 1ffff11011de5e90 R15: ffffffff87d84240
[   48.553394]  debug_object_activate+0x307/0x450
[   48.558007]  ? debug_object_free+0x390/0x390
[   48.562400]  ? find_held_lock+0x2d/0x110
[   48.566447]  ? route4_walk+0x450/0x450
[   48.570326]  __call_rcu.constprop.0+0x31/0x7e0
[   48.574897]  route4_change+0xb27/0x1c4d
[   48.578857]  ? route4_delete+0x760/0x760
[   48.582912]  ? route4_delete+0x760/0x760
[   48.587006]  tc_ctl_tfilter+0xf13/0x18e6
[   48.591052]  ? tfilter_notify+0x240/0x240
[   48.595233]  ? mutex_trylock+0x1a0/0x1a0
[   48.599287]  ? rtnetlink_rcv_msg+0x2e8/0xb10
[   48.603726]  ? tfilter_notify+0x240/0x240
[   48.608698]  rtnetlink_rcv_msg+0x3be/0xb10
[   48.612930]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[   48.617507]  ? save_trace+0x290/0x290
[   48.621330]  ? save_trace+0x290/0x290
[   48.625148]  netlink_rcv_skb+0x127/0x370
[   48.629212]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[   48.633836]  ? netlink_ack+0x980/0x980
[   48.637722]  netlink_unicast+0x437/0x620
[   48.641777]  ? netlink_attachskb+0x600/0x600
[   48.646208]  netlink_sendmsg+0x733/0xbe0
[   48.650262]  ? netlink_unicast+0x620/0x620
[   48.654481]  ? SYSC_sendto+0x2b0/0x2b0
[   48.658361]  ? security_socket_sendmsg+0x83/0xb0
[   48.663122]  ? netlink_unicast+0x620/0x620
[   48.667346]  sock_sendmsg+0xc5/0x100
[   48.671052]  ___sys_sendmsg+0x70a/0x840
[   48.675008]  ? trace_hardirqs_on+0x10/0x10
[   48.679244]  ? copy_msghdr_from_user+0x380/0x380
[   48.684001]  ? find_held_lock+0x2d/0x110
[   48.688044]  ? lock_downgrade+0x6e0/0x6e0
[   48.692175]  ? __fget+0x228/0x360
[   48.695609]  ? __fget_light+0x199/0x1f0
[   48.699569]  ? sockfd_lookup_light+0xb2/0x160
[   48.704058]  __sys_sendmsg+0xa3/0x120
[   48.707838]  ? SyS_shutdown+0x160/0x160
[   48.711793]  ? move_addr_to_kernel+0x60/0x60
[   48.716182]  SyS_sendmsg+0x27/0x40
[   48.719718]  ? __sys_sendmsg+0x120/0x120
[   48.723778]  do_syscall_64+0x1d5/0x640
[   48.727663]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   48.732834] RIP: 0033:0x446e09
[   48.736009] RSP: 002b:00007fe5d00ced98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   48.743709] RAX: ffffffffffffffda RBX: 00000000006dbc78 RCX: 0000000000446e09
[   48.751054] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006
[   48.758311] RBP: 00000000006dbc70 R08: 0000000000000000 R09: 0000000000000000
[   48.765569] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc7c
[   48.772865] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038
[   48.780160] 
[   48.780162] ======================================================
[   48.780164] WARNING: possible circular locking dependency detected
[   48.780165] 4.14.174-syzkaller #0 Not tainted
[   48.780166] ------------------------------------------------------
[   48.780168] syz-executor587/7510 is trying to acquire lock:
[   48.780169]  ((console_sem).lock){-...}, at: [<ffffffff81452fde>] down_trylock+0xe/0x60
[   48.780173] 
[   48.780174] but task is already holding lock:
[   48.780175]  (&obj_hash[i].lock){-.-.}, at: [<ffffffff82fe481b>] debug_object_activate+0x10b/0x450
[   48.780179] 
[   48.780180] which lock already depends on the new lock.
[   48.780181] 
[   48.780182] 
[   48.780183] the existing dependency chain (in reverse order) is:
[   48.780184] 
[   48.780185] -> #5 (&obj_hash[i].lock){-.-.}:
[   48.780189]        _raw_spin_lock_irqsave+0x8c/0xbf
[   48.780190]        debug_object_activate+0x10b/0x450
[   48.780192]        enqueue_hrtimer+0x22/0x3b0
[   48.780193]        hrtimer_start_range_ns+0x4e6/0x1060
[   48.780194]        schedule_hrtimeout_range_clock+0x13c/0x2f0
[   48.780195]        wait_task_inactive+0x478/0x530
[   48.780197]        __kthread_bind_mask+0x1f/0xb0
[   48.780198]        create_worker+0x313/0x530
[   48.780199]        workqueue_init+0x55f/0x66e
[   48.780200]        kernel_init_freeable+0x2ab/0x526
[   48.780201]        kernel_init+0xd/0x15b
[   48.780202]        ret_from_fork+0x24/0x30
[   48.780203] 
[   48.780204] -> #4 (hrtimer_bases.lock){-.-.}:
[   48.780208]        _raw_spin_lock_irqsave+0x8c/0xbf
[   48.780209]        lock_hrtimer_base.isra.0+0x6d/0x120
[   48.780210]        hrtimer_start_range_ns+0x7b/0x1060
[   48.780212]        enqueue_task_rt+0x94d/0xdb0
[   48.780213]        __sched_setscheduler.constprop.0+0xc11/0x1f70
[   48.780214]        _sched_setscheduler+0xf9/0x150
[   48.780215]        watchdog_enable+0xff/0x150
[   48.780216]        smpboot_thread_fn+0x40d/0x920
[   48.780218]        kthread+0x30d/0x420
[   48.780219]        ret_from_fork+0x24/0x30
[   48.780219] 
[   48.780220] -> #3 (&rt_b->rt_runtime_lock){-.-.}:
[   48.780224]        _raw_spin_lock+0x2a/0x40
[   48.780225]        enqueue_task_rt+0x508/0xdb0
[   48.780227]        __sched_setscheduler.constprop.0+0xc11/0x1f70
[   48.780228]        _sched_setscheduler+0xf9/0x150
[   48.780229]        watchdog_enable+0xff/0x150
[   48.780230]        smpboot_thread_fn+0x40d/0x920
[   48.780231]        kthread+0x30d/0x420
[   48.780232]        ret_from_fork+0x24/0x30
[   48.780233] 
[   48.780234] -> #2 (&rq->lock){-.-.}:
[   48.780238]        _raw_spin_lock+0x2a/0x40
[   48.780239]        task_fork_fair+0x63/0x5b0
[   48.780240]        sched_fork+0x39a/0xbd0
[   48.780241]        copy_process.part.0+0x15b7/0x6a70
[   48.780242]        _do_fork+0x180/0xc80
[   48.780243]        kernel_thread+0x2f/0x40
[   48.780244]        rest_init+0x1f/0x1d2
[   48.780246]        start_kernel+0x659/0x676
[   48.780247]        secondary_startup_64+0xa5/0xb0
[   48.780247] 
[   48.780248] -> #1 (&p->pi_lock){-.-.}:
[   48.780252]        _raw_spin_lock_irqsave+0x8c/0xbf
[   48.780253]        try_to_wake_up+0x6a/0xef0
[   48.780254]        up+0x92/0xe0
[   48.780256]        __up_console_sem+0xa9/0x1b0
[   48.780257]        console_unlock+0x596/0xec0
[   48.780258]        do_con_write.part.0+0xb7f/0x1a20
[   48.780259]        con_write+0x33/0xc0
[   48.780260]        n_tty_write+0x375/0xe30
[   48.780261]        tty_write+0x3f0/0x700
[   48.780263]        __vfs_write+0xe4/0x630
[   48.780264]        vfs_write+0x192/0x4e0
[   48.780265]        SyS_write+0xf2/0x210
[   48.780266]        do_syscall_64+0x1d5/0x640
[   48.780267]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   48.780268] 
[   48.780268] -> #0 ((console_sem).lock){-...}:
[   48.780273]        lock_acquire+0x170/0x3f0
[   48.780274]        _raw_spin_lock_irqsave+0x8c/0xbf
[   48.780275]        down_trylock+0xe/0x60
[   48.780276]        __down_trylock_console_sem+0x97/0x1f0
[   48.780277]        console_trylock+0x14/0x70
[   48.780278]        vprintk_emit+0x1ea/0x600
[   48.780280]        vprintk_func+0x58/0x152
[   48.780281]        printk+0x9e/0xbc
[   48.780282]        debug_print_object.cold+0xa7/0xdb
[   48.780283]        debug_object_activate+0x307/0x450
[   48.780284]        __call_rcu.constprop.0+0x31/0x7e0
[   48.780285]        route4_change+0xb27/0x1c4d
[   48.780287]        tc_ctl_tfilter+0xf13/0x18e6
[   48.780288]        rtnetlink_rcv_msg+0x3be/0xb10
[   48.780289]        netlink_rcv_skb+0x127/0x370
[   48.780290]        netlink_unicast+0x437/0x620
[   48.780291]        netlink_sendmsg+0x733/0xbe0
[   48.780292]        sock_sendmsg+0xc5/0x100
[   48.780293]        ___sys_sendmsg+0x70a/0x840
[   48.780295]        __sys_sendmsg+0xa3/0x120
[   48.780296]        SyS_sendmsg+0x27/0x40
[   48.780297]        do_syscall_64+0x1d5/0x640
[   48.780298]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   48.780299] 
[   48.780300] other info that might help us debug this:
[   48.780301] 
[   48.780302] Chain exists of:
[   48.780302]   (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock
[   48.780308] 
[   48.780309]  Possible unsafe locking scenario:
[   48.780309] 
[   48.780311]        CPU0                    CPU1
[   48.780312]        ----                    ----
[   48.780312]   lock(&obj_hash[i].lock);
[   48.780315]                                lock(hrtimer_bases.lock);
[   48.780318]                                lock(&obj_hash[i].lock);
[   48.780320]   lock((console_sem).lock);
[   48.780323] 
[   48.780323]  *** DEADLOCK ***
[   48.780324] 
[   48.780325] 2 locks held by syz-executor587/7510:
[   48.780326]  #0:  (rtnl_mutex){+.+.}, at: [<ffffffff8502970d>] rtnetlink_rcv_msg+0x31d/0xb10
[   48.780330]  #1:  (&obj_hash[i].lock){-.-.}, at: [<ffffffff82fe481b>] debug_object_activate+0x10b/0x450
[   48.780335] 
[   48.780336] stack backtrace:
[   48.780337] CPU: 1 PID: 7510 Comm: syz-executor587 Not tainted 4.14.174-syzkaller #0
[   48.780340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   48.780341] Call Trace:
[   48.780342]  dump_stack+0x13e/0x194
[   48.780343]  print_circular_bug.isra.0.cold+0x1c4/0x282
[   48.780344]  __lock_acquire+0x2cb3/0x4620
[   48.780345]  ? string+0x17e/0x1d0
[   48.780346]  ? trace_hardirqs_on+0x10/0x10
[   48.780347]  ? netdev_bits+0xa0/0xa0
[   48.780348]  ? kvm_clock_read+0x1f/0x30
[   48.780350]  ? kvm_sched_clock_read+0x5/0x10
[   48.780351]  lock_acquire+0x170/0x3f0
[   48.780352]  ? down_trylock+0xe/0x60
[   48.780353]  _raw_spin_lock_irqsave+0x8c/0xbf
[   48.780354]  ? down_trylock+0xe/0x60
[   48.780355]  down_trylock+0xe/0x60
[   48.780356]  ? vprintk_emit+0x1ea/0x600
[   48.780358]  __down_trylock_console_sem+0x97/0x1f0
[   48.780359]  console_trylock+0x14/0x70
[   48.780360]  vprintk_emit+0x1ea/0x600
[   48.780361]  vprintk_func+0x58/0x152
[   48.780362]  printk+0x9e/0xbc
[   48.780363]  ? show_regs_print_info+0x5b/0x5b
[   48.780364]  ? lock_acquire+0x170/0x3f0
[   48.780365]  ? debug_object_activate+0x10b/0x450
[   48.780367]  debug_print_object.cold+0xa7/0xdb
[   48.780368]  debug_object_activate+0x307/0x450
[   48.780369]  ? debug_object_free+0x390/0x390
[   48.780370]  ? find_held_lock+0x2d/0x110
[   48.780372]  ? route4_walk+0x450/0x450
[   48.780373]  __call_rcu.constprop.0+0x31/0x7e0
[   48.780374]  route4_change+0xb27/0x1c4d
[   48.780375]  ? route4_delete+0x760/0x760
[   48.780376]  ? route4_delete+0x760/0x760
[   48.780377]  tc_ctl_tfilter+0xf13/0x18e6
[   48.780379]  ? tfilter_notify+0x240/0x240
[   48.780380]  ? mutex_trylock+0x1a0/0x1a0
[   48.780381]  ? rtnetlink_rcv_msg+0x2e8/0xb10
[   48.780382]  ? tfilter_notify+0x240/0x240
[   48.780383]  rtnetlink_rcv_msg+0x3be/0xb10
[   48.780384]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[   48.780385]  ? save_trace+0x290/0x290
[   48.780386]  ? save_trace+0x290/0x290
[   48.780387]  netlink_rcv_skb+0x127/0x370
[   48.780389]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[   48.780390]  ? netlink_ack+0x980/0x980
[   48.780391]  netlink_unicast+0x437/0x620
[   48.780392]  ? netlink_attachskb+0x600/0x600
[   48.780393]  netlink_sendmsg+0x733/0xbe0
[   48.780394]  ? netlink_unicast+0x620/0x620
[   48.780395]  ? SYSC_sendto+0x2b0/0x2b0
[   48.780397]  ? security_socket_sendmsg+0x83/0xb0
[   48.780398]  ? netlink_unicast+0x620/0x620
[   48.780399]  sock_sendmsg+0xc5/0x100
[   48.780400]  ___sys_sendmsg+0x70a/0x840
[   48.780401]  ? trace_hardirqs_on+0x10/0x10
[   48.780402]  ? copy_msghdr_from_user+0x380/0x380
[   48.780403]  ? find_held_lock+0x2d/0x110
[   48.780405]  ? lock_downgrade+0x6e0/0x6e0
[   48.780406]  ? __fget+0x228/0x360
[   48.780407]  ? __fget_light+0x199/0x1f0
[   48.780408]  ? sockfd_lookup_light+0xb2/0x160
[   48.780409]  __sys_sendmsg+0xa3/0x120
[   48.780410]  ? SyS_shutdown+0x160/0x160
[   48.780411]  ? move_addr_to_kernel+0x60/0x60
[   48.780412]  SyS_sendmsg+0x27/0x40
[   48.780413]  ? __sys_sendmsg+0x120/0x120
[   48.780415]  do_syscall_64+0x1d5/0x640
[   48.780416]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   48.780417] RIP: 0033:0x446e09
[   48.780418] RSP: 002b:00007fe5d00ced98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   48.780421] RAX: ffffffffffffffda RBX: 00000000006dbc78 RCX: 0000000000446e09
[   48.780423] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006
[   48.780424] RBP: 00000000006dbc70 R08: 0000000000000000 R09: 0000000000000000
[   48.780426] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc7c
[   48.780428] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038
[   48.781500] Kernel Offset: disabled
[   49.669117] Rebooting in 86400 seconds..