[ 45.381548] audit: type=1800 audit(1584506679.098:31): pid=7865 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 45.428373] audit: type=1800 audit(1584506679.098:32): pid=7865 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.180' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 58.482803] kauditd_printk_skb: 3 callbacks suppressed [ 58.482818] audit: type=1400 audit(1584506692.248:36): avc: denied { map } for pid=8049 comm="syz-executor595" path="/root/syz-executor595368413" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 58.498361] IPVS: ftp: loaded support on port[0] = 21 [ 58.557631] ------------[ cut here ]------------ [ 58.563454] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 58.573601] WARNING: CPU: 1 PID: 8052 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 58.582415] Kernel panic - not syncing: panic_on_warn set ... [ 58.582415] [ 58.589769] CPU: 1 PID: 8052 Comm: syz-executor595 Not tainted 4.19.110-syzkaller #0 [ 58.597642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.606977] Call Trace: [ 58.609565] dump_stack+0x188/0x20d [ 58.613187] panic+0x26a/0x50e [ 58.616362] ? __warn_printk+0xf3/0xf3 [ 58.620246] ? debug_print_object+0x160/0x250 [ 58.624726] ? __probe_kernel_read+0x16c/0x1b0 [ 58.629313] ? __warn.cold+0x5/0x46 [ 58.632929] ? __warn+0xe4/0x1c0 [ 58.636278] ? debug_print_object+0x160/0x250 [ 58.640769] __warn.cold+0x20/0x46 [ 58.644298] ? debug_print_object+0x160/0x250 [ 58.648792] report_bug+0x262/0x2a0 [ 58.653044] do_error_trap+0x1d7/0x310 [ 58.656926] ? math_error+0x310/0x310 [ 58.661675] ? irq_work_claim+0xa6/0xc0 [ 58.665645] ? irq_work_queue+0x2b/0x80 [ 58.669607] ? wake_up_klogd+0x8c/0xc0 [ 58.673484] ? trace_hardirqs_off_caller+0x55/0x210 [ 58.678488] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 58.683320] invalid_op+0x14/0x20 [ 58.686767] RIP: 0010:debug_print_object+0x160/0x250 [ 58.691853] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 9b f8 e6 fd <0f> 0b 83 05 a3 a5 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 58.710751] RSP: 0018:ffff88808fea7268 EFLAGS: 00010086 [ 58.716109] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 58.723370] RDX: 0000000000000000 RSI: ffffffff8152d2f1 RDI: ffffed1011fd4e3f [ 58.730634] RBP: 0000000000000001 R08: ffff88807e2006c0 R09: ffffed1015ce3ee3 [ 58.737891] R10: ffffed1015ce3ee2 R11: ffff8880ae71f717 R12: ffffffff88b928c0 [ 58.745146] R13: 0000000000000000 R14: ffff8880a07d5d68 R15: 1ffff11011fd4e5a [ 58.752437] ? vprintk_func+0x81/0x17e [ 58.756313] ? debug_print_object+0x160/0x250 [ 58.761147] debug_object_activate+0x357/0x4e0 [ 58.765725] ? debug_object_free+0x3e0/0x3e0 [ 58.770126] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 58.774691] ? route4_change+0xbab/0x2210 [ 58.778822] ? delayed_work_timer_fn+0x90/0x90 [ 58.783383] __call_rcu.constprop.0+0x31/0x7e0 [ 58.787945] ? mark_held_locks+0xa6/0xf0 [ 58.792003] queue_rcu_work+0x75/0x90 [ 58.795786] route4_change+0xe6a/0x2210 [ 58.799745] ? route4_init+0xa0/0xa0 [ 58.803451] ? route4_init+0xa0/0xa0 [ 58.807144] tc_new_tfilter+0xa6b/0x1450 [ 58.811197] ? tc_del_tfilter+0xd40/0xd40 [ 58.815331] ? __mutex_lock+0x3cd/0x1300 [ 58.819373] ? selinux_ipv4_output+0x50/0x50 [ 58.823783] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 58.828190] ? tc_del_tfilter+0xd40/0xd40 [ 58.832343] rtnetlink_rcv_msg+0x453/0xaf0 [ 58.836590] ? rtnetlink_put_metrics+0x520/0x520 [ 58.841337] ? find_held_lock+0x2d/0x110 [ 58.845385] netlink_rcv_skb+0x160/0x410 [ 58.849442] ? rtnetlink_put_metrics+0x520/0x520 [ 58.854185] ? netlink_ack+0xa60/0xa60 [ 58.858113] netlink_unicast+0x4d7/0x6a0 [ 58.862162] ? netlink_attachskb+0x710/0x710 [ 58.866561] netlink_sendmsg+0x80b/0xcd0 [ 58.870609] ? netlink_unicast+0x6a0/0x6a0 [ 58.874825] ? move_addr_to_kernel.part.0+0x110/0x110 [ 58.880001] ? netlink_unicast+0x6a0/0x6a0 [ 58.884217] sock_sendmsg+0xcf/0x120 [ 58.887919] ___sys_sendmsg+0x803/0x920 [ 58.892443] ? copy_msghdr_from_user+0x410/0x410 [ 58.897185] ? __fget+0x319/0x510 [ 58.900636] ? lock_downgrade+0x740/0x740 [ 58.904770] ? check_preemption_disabled+0x41/0x280 [ 58.909779] ? __fget+0x340/0x510 [ 58.913219] ? iterate_fd+0x350/0x350 [ 58.917004] ? find_held_lock+0x2d/0x110 [ 58.921073] ? __fd_install+0x1b4/0x610 [ 58.925031] ? __fget_light+0x1d1/0x230 [ 58.928993] __sys_sendmsg+0xec/0x1b0 [ 58.932873] ? __ia32_sys_shutdown+0x70/0x70 [ 58.937307] ? __x64_sys_futex+0x386/0x4f0 [ 58.941531] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 58.946280] ? trace_hardirqs_off_caller+0x55/0x210 [ 58.951292] ? do_syscall_64+0x21/0x620 [ 58.955255] do_syscall_64+0xf9/0x620 [ 58.959043] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.964223] RIP: 0033:0x446ec9 [ 58.967398] Code: e8 4c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.986297] RSP: 002b:00007f5154f42d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.993986] RAX: ffffffffffffffda RBX: 00000000006dcc78 RCX: 0000000000446ec9 [ 59.001239] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 59.008596] RBP: 00000000006dcc70 R08: 0000000000000000 R09: 0000000000000000 [ 59.015974] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc7c [ 59.023940] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 59.031205] [ 59.031208] ====================================================== [ 59.031211] WARNING: possible circular locking dependency detected [ 59.031214] 4.19.110-syzkaller #0 Not tainted [ 59.031216] ------------------------------------------------------ [ 59.031219] syz-executor595/8052 is trying to acquire lock: [ 59.031221] 00000000358137eb ((console_sem).lock){-.-.}, at: down_trylock+0xe/0x60 [ 59.031228] [ 59.031231] but task is already holding lock: [ 59.031232] 000000002d376c65 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 59.031240] [ 59.031242] which lock already depends on the new lock. [ 59.031243] [ 59.031245] [ 59.031247] the existing dependency chain (in reverse order) is: [ 59.031248] [ 59.031250] -> #5 (&obj_hash[i].lock){-.-.}: [ 59.031257] debug_object_activate+0x131/0x4e0 [ 59.031259] enqueue_hrtimer+0x27/0x3f0 [ 59.031262] hrtimer_start_range_ns+0x580/0xbe0 [ 59.031264] schedule_hrtimeout_range_clock+0x17a/0x360 [ 59.031266] wait_task_inactive+0x443/0x550 [ 59.031269] __kthread_bind_mask+0x1f/0xb0 [ 59.031271] init_rescuer.part.0+0xf2/0x190 [ 59.031273] workqueue_init+0x504/0x7e9 [ 59.031275] kernel_init_freeable+0x2bd/0x5bb [ 59.031277] kernel_init+0xd/0x1c0 [ 59.031279] ret_from_fork+0x24/0x30 [ 59.031280] [ 59.031281] -> #4 (hrtimer_bases.lock){-.-.}: [ 59.031289] lock_hrtimer_base.isra.0+0x6d/0x120 [ 59.031291] hrtimer_start_range_ns+0xf5/0xbe0 [ 59.031293] enqueue_task_rt+0x97f/0xdf0 [ 59.031296] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 59.031298] _sched_setscheduler+0xee/0x180 [ 59.031300] watchdog_dev_init+0xdd/0x1ae [ 59.031302] watchdog_init+0x14/0x17e [ 59.031304] do_one_initcall+0xf1/0x734 [ 59.031307] kernel_init_freeable+0x4c9/0x5bb [ 59.031309] kernel_init+0xd/0x1c0 [ 59.031311] ret_from_fork+0x24/0x30 [ 59.031312] [ 59.031313] -> #3 (&rt_b->rt_runtime_lock){-...}: [ 59.031320] rq_online_rt+0xaf/0x390 [ 59.031322] set_rq_online.part.0+0xe3/0x140 [ 59.031325] sched_cpu_activate+0x17f/0x270 [ 59.031327] cpuhp_invoke_callback+0x213/0x1bb0 [ 59.031329] cpuhp_thread_fun+0x440/0x840 [ 59.031331] smpboot_thread_fn+0x653/0x9d0 [ 59.031333] kthread+0x34a/0x420 [ 59.031335] ret_from_fork+0x24/0x30 [ 59.031336] [ 59.031338] -> #2 (&rq->lock){-.-.}: [ 59.031344] task_fork_fair+0x6a/0x520 [ 59.031346] sched_fork+0x3a7/0x8b0 [ 59.031349] copy_process.part.0+0x187d/0x7a60 [ 59.031351] _do_fork+0x22f/0xf40 [ 59.031353] kernel_thread+0x2f/0x40 [ 59.031355] rest_init+0x1f/0x212 [ 59.031357] start_kernel+0x7e4/0x81c [ 59.031359] secondary_startup_64+0xa4/0xb0 [ 59.031360] [ 59.031361] -> #1 (&p->pi_lock){-.-.}: [ 59.031368] try_to_wake_up+0x80/0xe90 [ 59.031370] up+0x92/0xe0 [ 59.031372] __up_console_sem+0xb3/0x1c0 [ 59.031374] console_unlock+0x64d/0xfe0 [ 59.031376] vprintk_emit+0x282/0x6e0 [ 59.031378] vprintk_func+0x79/0x17e [ 59.031380] printk+0xba/0xed [ 59.031382] kauditd_hold_skb.cold+0x41/0x50 [ 59.031384] kauditd_send_queue+0x12d/0x170 [ 59.031386] kauditd_thread+0x6f4/0xa20 [ 59.031388] kthread+0x34a/0x420 [ 59.031390] ret_from_fork+0x24/0x30 [ 59.031392] [ 59.031393] -> #0 ((console_sem).lock){-.-.}: [ 59.031400] _raw_spin_lock_irqsave+0x8c/0xbf [ 59.031402] down_trylock+0xe/0x60 [ 59.031404] __down_trylock_console_sem+0xa3/0x210 [ 59.031407] console_trylock+0x12/0x90 [ 59.031409] vprintk_emit+0x269/0x6e0 [ 59.031411] vprintk_func+0x79/0x17e [ 59.031412] printk+0xba/0xed [ 59.031414] __warn_printk+0x9b/0xf3 [ 59.031417] debug_print_object+0x160/0x250 [ 59.031419] debug_object_activate+0x357/0x4e0 [ 59.031421] __call_rcu.constprop.0+0x31/0x7e0 [ 59.031423] queue_rcu_work+0x75/0x90 [ 59.031425] route4_change+0xe6a/0x2210 [ 59.031428] tc_new_tfilter+0xa6b/0x1450 [ 59.031430] rtnetlink_rcv_msg+0x453/0xaf0 [ 59.031432] netlink_rcv_skb+0x160/0x410 [ 59.031434] netlink_unicast+0x4d7/0x6a0 [ 59.031436] netlink_sendmsg+0x80b/0xcd0 [ 59.031438] sock_sendmsg+0xcf/0x120 [ 59.031440] ___sys_sendmsg+0x803/0x920 [ 59.031442] __sys_sendmsg+0xec/0x1b0 [ 59.031444] do_syscall_64+0xf9/0x620 [ 59.031447] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.031448] [ 59.031450] other info that might help us debug this: [ 59.031451] [ 59.031453] Chain exists of: [ 59.031454] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 59.031463] [ 59.031465] Possible unsafe locking scenario: [ 59.031466] [ 59.031469] CPU0 CPU1 [ 59.031471] ---- ---- [ 59.031472] lock(&obj_hash[i].lock); [ 59.031477] lock(hrtimer_bases.lock); [ 59.031482] lock(&obj_hash[i].lock); [ 59.031486] lock((console_sem).lock); [ 59.031490] [ 59.031491] *** DEADLOCK *** [ 59.031492] [ 59.031495] 2 locks held by syz-executor595/8052: [ 59.031496] #0: 00000000f4b4c20c (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 59.031504] #1: 000000002d376c65 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 59.031513] [ 59.031514] stack backtrace: [ 59.031518] CPU: 1 PID: 8052 Comm: syz-executor595 Not tainted 4.19.110-syzkaller #0 [ 59.031522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.031524] Call Trace: [ 59.031526] dump_stack+0x188/0x20d [ 59.031528] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 59.031530] __lock_acquire+0x2e19/0x49c0 [ 59.031533] ? add_lock_to_list.isra.0+0x179/0x330 [ 59.031535] ? save_trace+0xd6/0x290 [ 59.031537] ? mark_held_locks+0xf0/0xf0 [ 59.031539] ? format_decode+0x230/0xad0 [ 59.031541] ? kvm_clock_read+0x14/0x30 [ 59.031543] lock_acquire+0x170/0x400 [ 59.031545] ? down_trylock+0xe/0x60 [ 59.031547] _raw_spin_lock_irqsave+0x8c/0xbf [ 59.031549] ? down_trylock+0xe/0x60 [ 59.031551] down_trylock+0xe/0x60 [ 59.031553] ? vprintk_emit+0x269/0x6e0 [ 59.031555] __down_trylock_console_sem+0xa3/0x210 [ 59.031557] console_trylock+0x12/0x90 [ 59.031559] vprintk_emit+0x269/0x6e0 [ 59.031561] vprintk_func+0x79/0x17e [ 59.031563] printk+0xba/0xed [ 59.031565] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 59.031567] ? __warn_printk+0x8f/0xf3 [ 59.031569] __warn_printk+0x9b/0xf3 [ 59.031571] ? add_taint.cold+0x16/0x16 [ 59.031573] ? do_syscall_64+0xf9/0x620 [ 59.031576] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.031579] debug_print_object+0x160/0x250 [ 59.031582] debug_object_activate+0x357/0x4e0 [ 59.031585] ? debug_object_free+0x3e0/0x3e0 [ 59.031587] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 59.031589] ? route4_change+0xbab/0x2210 [ 59.031591] ? delayed_work_timer_fn+0x90/0x90 [ 59.031594] __call_rcu.constprop.0+0x31/0x7e0 [ 59.031596] ? mark_held_locks+0xa6/0xf0 [ 59.031598] queue_rcu_work+0x75/0x90 [ 59.031600] route4_change+0xe6a/0x2210 [ 59.031602] ? route4_init+0xa0/0xa0 [ 59.031604] ? route4_init+0xa0/0xa0 [ 59.031606] tc_new_tfilter+0xa6b/0x1450 [ 59.031608] ? tc_del_tfilter+0xd40/0xd40 [ 59.031610] ? __mutex_lock+0x3cd/0x1300 [ 59.031612] ? selinux_ipv4_output+0x50/0x50 [ 59.031614] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 59.031616] ? tc_del_tfilter+0xd40/0xd40 [ 59.031618] rtnetlink_rcv_msg+0x453/0xaf0 [ 59.031621] ? rtnetlink_put_metrics+0x520/0x520 [ 59.031623] ? find_held_lock+0x2d/0x110 [ 59.031625] netlink_rcv_skb+0x160/0x410 [ 59.031627] ? rtnetlink_put_metrics+0x520/0x520 [ 59.031629] ? netlink_ack+0xa60/0xa60 [ 59.031631] netlink_unicast+0x4d7/0x6a0 [ 59.031633] ? netlink_attachskb+0x710/0x710 [ 59.031635] netlink_sendmsg+0x80b/0xcd0 [ 59.031638] ? netlink_unicast+0x6a0/0x6a0 [ 59.031640] ? move_addr_to_kernel.part.0+0x110/0x110 [ 59.031642] ? netlink_unicast+0x6a0/0x6a0 [ 59.031644] sock_sendmsg+0xcf/0x120 [ 59.031646] ___sys_sendmsg+0x803/0x920 [ 59.031649] ? copy_msghdr_from_user+0x410/0x410 [ 59.031650] ? __fget+0x319/0x510 [ 59.031652] ? lock_downgrade+0x740/0x740 [ 59.031655] ? check_preemption_disabled+0x41/0x280 [ 59.031657] ? __fget+0x340/0x510 [ 59.031659] ? iterate_fd+0x350/0x350 [ 59.031661] ? find_held_lock+0x2d/0x110 [ 59.031663] ? __fd_install+0x1b4/0x610 [ 59.031665] ? __fget_light+0x1d1/0x230 [ 59.031667] __sys_sendmsg+0xec/0x1b0 [ 59.031669] ? __ia32_sys_shutdown+0x70/0x70 [ 59.031671] ? __x64_sys_futex+0x386/0x4f0 [ 59.031674] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 59.031676] ? trace_hardirqs_off_caller+0x55/0x210 [ 59.031678] ? do_syscall_64+0x21/0x620 [ 59.031680] do_syscall_64+0xf9/0x620 [ 59.031682] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.031684] RIP: 0033:0x446ec9 [ 59.031692] Code: e8 4c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.031694] RSP: 002b:00007f5154f42d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.031700] RAX: ffffffffffffffda RBX: 00000000006dcc78 RCX: 0000000000446ec9 [ 59.031703] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 59.031706] RBP: 00000000006dcc70 R08: 0000000000000000 R09: 0000000000000000 [ 59.031709] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc7c [ 59.031712] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 59.033138] Kernel Offset: disabled [ 59.967375] Rebooting in 86400 seconds..