Warning: Permanently added '10.128.0.136' (ECDSA) to the list of known hosts. executing program [ 56.221048] audit: type=1400 audit(1584599147.903:36): avc: denied { map } for pid=8128 comm="syz-executor461" path="/root/syz-executor461736254" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 56.243930] IPVS: ftp: loaded support on port[0] = 21 [ 56.292265] ------------[ cut here ]------------ [ 56.298109] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 56.307307] WARNING: CPU: 0 PID: 8131 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 56.316037] Kernel panic - not syncing: panic_on_warn set ... [ 56.316037] [ 56.323387] CPU: 0 PID: 8131 Comm: syz-executor461 Not tainted 4.19.111-syzkaller #0 [ 56.331295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.340631] Call Trace: [ 56.343232] dump_stack+0x188/0x20d [ 56.346859] panic+0x26a/0x50e [ 56.350217] ? __warn_printk+0xf3/0xf3 [ 56.354638] ? debug_print_object+0x160/0x250 [ 56.359125] ? __probe_kernel_read+0x16c/0x1b0 [ 56.363787] ? __warn.cold+0x5/0x46 [ 56.367433] ? __warn+0xe4/0x1c0 [ 56.370791] ? debug_print_object+0x160/0x250 [ 56.375348] __warn.cold+0x20/0x46 [ 56.378893] ? debug_print_object+0x160/0x250 [ 56.383379] report_bug+0x262/0x2a0 [ 56.387002] do_error_trap+0x1d7/0x310 [ 56.390897] ? math_error+0x310/0x310 [ 56.394685] ? irq_work_claim+0xa6/0xc0 [ 56.398663] ? irq_work_queue+0x2b/0x80 [ 56.402632] ? wake_up_klogd+0x8c/0xc0 [ 56.406621] ? trace_hardirqs_off_caller+0x55/0x210 [ 56.411673] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.416510] invalid_op+0x14/0x20 [ 56.419960] RIP: 0010:debug_print_object+0x160/0x250 [ 56.425063] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 1b f7 e6 fd <0f> 0b 83 05 63 a5 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 56.443965] RSP: 0018:ffff888083a6f268 EFLAGS: 00010086 [ 56.449333] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 56.456588] RDX: 0000000000000000 RSI: ffffffff8152d381 RDI: ffffed101074de3f [ 56.463841] RBP: 0000000000000001 R08: ffff8880989ac040 R09: ffffed1015cc3ee3 [ 56.472163] R10: ffffed1015cc3ee2 R11: ffff8880ae61f717 R12: ffffffff88b928c0 [ 56.479417] R13: 0000000000000000 R14: ffff88809f892be0 R15: 1ffff1101074de5a [ 56.486688] ? vprintk_func+0x81/0x17e [ 56.490564] ? debug_print_object+0x160/0x250 [ 56.495056] debug_object_activate+0x357/0x4e0 [ 56.499722] ? debug_object_free+0x3e0/0x3e0 [ 56.504133] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 56.508711] ? route4_change+0xbab/0x2210 [ 56.512860] ? delayed_work_timer_fn+0x90/0x90 [ 56.517434] __call_rcu.constprop.0+0x31/0x7e0 [ 56.522000] ? mark_held_locks+0xa6/0xf0 [ 56.526043] queue_rcu_work+0x75/0x90 [ 56.529842] route4_change+0xe6a/0x2210 [ 56.533838] ? route4_init+0xa0/0xa0 [ 56.537560] ? route4_init+0xa0/0xa0 [ 56.541260] tc_new_tfilter+0xa6b/0x1450 [ 56.545307] ? tc_del_tfilter+0xd40/0xd40 [ 56.549458] ? __mutex_lock+0x3cd/0x1300 [ 56.553546] ? selinux_ipv4_output+0x50/0x50 [ 56.557961] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 56.562380] ? tc_del_tfilter+0xd40/0xd40 [ 56.566518] rtnetlink_rcv_msg+0x453/0xaf0 [ 56.570742] ? rtnetlink_put_metrics+0x520/0x520 [ 56.575484] ? find_held_lock+0x2d/0x110 [ 56.579541] netlink_rcv_skb+0x160/0x410 [ 56.583609] ? rtnetlink_put_metrics+0x520/0x520 [ 56.588359] ? netlink_ack+0xa60/0xa60 [ 56.592231] netlink_unicast+0x4d7/0x6a0 [ 56.596280] ? netlink_attachskb+0x710/0x710 [ 56.600696] netlink_sendmsg+0x80b/0xcd0 [ 56.604751] ? netlink_unicast+0x6a0/0x6a0 [ 56.608972] ? move_addr_to_kernel.part.0+0x110/0x110 [ 56.614985] ? netlink_unicast+0x6a0/0x6a0 [ 56.619211] sock_sendmsg+0xcf/0x120 [ 56.622918] ___sys_sendmsg+0x803/0x920 [ 56.627225] ? copy_msghdr_from_user+0x410/0x410 [ 56.632007] ? __fget+0x319/0x510 [ 56.635453] ? lock_downgrade+0x740/0x740 [ 56.639602] ? check_preemption_disabled+0x41/0x280 [ 56.644618] ? __fget+0x340/0x510 [ 56.649109] ? iterate_fd+0x350/0x350 [ 56.652890] ? find_held_lock+0x2d/0x110 [ 56.656959] ? __fd_install+0x1b4/0x610 [ 56.661285] ? __fget_light+0x1d1/0x230 [ 56.665249] __sys_sendmsg+0xec/0x1b0 [ 56.669115] ? __ia32_sys_shutdown+0x70/0x70 [ 56.673542] ? __x64_sys_futex+0x386/0x4f0 [ 56.679592] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 56.684347] ? trace_hardirqs_off_caller+0x55/0x210 [ 56.689379] ? do_syscall_64+0x21/0x620 [ 56.693353] do_syscall_64+0xf9/0x620 [ 56.697168] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.702388] RIP: 0033:0x446ec9 [ 56.705680] Code: e8 4c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.724784] RSP: 002b:00007f1399ed8d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.732487] RAX: ffffffffffffffda RBX: 00000000006dcc78 RCX: 0000000000446ec9 [ 56.739757] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 56.747017] RBP: 00000000006dcc70 R08: 0000000000000000 R09: 0000000000000000 [ 56.754463] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc7c [ 56.761733] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 56.769703] [ 56.769706] ====================================================== [ 56.769709] WARNING: possible circular locking dependency detected [ 56.769712] 4.19.111-syzkaller #0 Not tainted [ 56.769715] ------------------------------------------------------ [ 56.769717] syz-executor461/8131 is trying to acquire lock: [ 56.769720] 00000000e636c3f5 ((console_sem).lock){-...}, at: down_trylock+0xe/0x60 [ 56.769727] [ 56.769730] but task is already holding lock: [ 56.769731] 0000000047a6a480 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 56.769739] [ 56.769742] which lock already depends on the new lock. [ 56.769743] [ 56.769744] [ 56.769747] the existing dependency chain (in reverse order) is: [ 56.769748] [ 56.769749] -> #5 (&obj_hash[i].lock){-.-.}: [ 56.769757] debug_object_activate+0x131/0x4e0 [ 56.769759] enqueue_hrtimer+0x27/0x3f0 [ 56.769761] hrtimer_start_range_ns+0x580/0xbe0 [ 56.769764] schedule_hrtimeout_range_clock+0x17a/0x360 [ 56.769766] wait_task_inactive+0x443/0x550 [ 56.769768] __kthread_bind_mask+0x1f/0xb0 [ 56.769770] init_rescuer.part.0+0xf2/0x190 [ 56.769773] workqueue_init+0x504/0x7e9 [ 56.769775] kernel_init_freeable+0x2bd/0x5bb [ 56.769777] kernel_init+0xd/0x1c0 [ 56.769779] ret_from_fork+0x24/0x30 [ 56.769780] [ 56.769781] -> #4 (hrtimer_bases.lock){-.-.}: [ 56.769789] lock_hrtimer_base.isra.0+0x6d/0x120 [ 56.769791] hrtimer_start_range_ns+0xf5/0xbe0 [ 56.769793] enqueue_task_rt+0x97f/0xdf0 [ 56.769808] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 56.769810] _sched_setscheduler+0xee/0x180 [ 56.769812] watchdog_dev_init+0xdd/0x1ae [ 56.769814] watchdog_init+0x14/0x17e [ 56.769816] do_one_initcall+0xf1/0x734 [ 56.769819] kernel_init_freeable+0x4c9/0x5bb [ 56.769821] kernel_init+0xd/0x1c0 [ 56.769823] ret_from_fork+0x24/0x30 [ 56.769824] [ 56.769825] -> #3 (&rt_b->rt_runtime_lock){-...}: [ 56.769832] rq_online_rt+0xaf/0x390 [ 56.769835] set_rq_online.part.0+0xe3/0x140 [ 56.769837] sched_cpu_activate+0x17f/0x270 [ 56.769839] cpuhp_invoke_callback+0x213/0x1bb0 [ 56.769841] cpuhp_thread_fun+0x440/0x840 [ 56.769844] smpboot_thread_fn+0x653/0x9d0 [ 56.769846] kthread+0x34a/0x420 [ 56.769848] ret_from_fork+0x24/0x30 [ 56.769849] [ 56.769850] -> #2 (&rq->lock){-.-.}: [ 56.769857] task_fork_fair+0x6a/0x520 [ 56.769859] sched_fork+0x3a7/0x8b0 [ 56.769861] copy_process.part.0+0x187d/0x7a60 [ 56.769863] _do_fork+0x22f/0xf40 [ 56.769865] kernel_thread+0x2f/0x40 [ 56.769867] rest_init+0x1f/0x212 [ 56.769869] start_kernel+0x7e4/0x81c [ 56.769872] secondary_startup_64+0xa4/0xb0 [ 56.769873] [ 56.769874] -> #1 (&p->pi_lock){-.-.}: [ 56.769881] try_to_wake_up+0x80/0xe90 [ 56.769883] up+0x92/0xe0 [ 56.769885] __up_console_sem+0xb3/0x1c0 [ 56.769887] console_unlock+0x64d/0xfe0 [ 56.769889] vprintk_emit+0x282/0x6e0 [ 56.769891] vprintk_func+0x79/0x17e [ 56.769893] printk+0xba/0xed [ 56.769895] kauditd_hold_skb.cold+0x41/0x50 [ 56.769897] kauditd_send_queue+0x12d/0x170 [ 56.769900] kauditd_thread+0x6f4/0xa20 [ 56.769901] kthread+0x34a/0x420 [ 56.769904] ret_from_fork+0x24/0x30 [ 56.769905] [ 56.769906] -> #0 ((console_sem).lock){-...}: [ 56.769913] _raw_spin_lock_irqsave+0x8c/0xbf [ 56.769915] down_trylock+0xe/0x60 [ 56.769918] __down_trylock_console_sem+0xa3/0x210 [ 56.769920] console_trylock+0x12/0x90 [ 56.769922] vprintk_emit+0x269/0x6e0 [ 56.769924] vprintk_func+0x79/0x17e [ 56.769926] printk+0xba/0xed [ 56.769928] __warn_printk+0x9b/0xf3 [ 56.769930] debug_print_object+0x160/0x250 [ 56.769932] debug_object_activate+0x357/0x4e0 [ 56.769935] __call_rcu.constprop.0+0x31/0x7e0 [ 56.769937] queue_rcu_work+0x75/0x90 [ 56.769939] route4_change+0xe6a/0x2210 [ 56.769941] tc_new_tfilter+0xa6b/0x1450 [ 56.769943] rtnetlink_rcv_msg+0x453/0xaf0 [ 56.769946] netlink_rcv_skb+0x160/0x410 [ 56.769948] netlink_unicast+0x4d7/0x6a0 [ 56.769950] netlink_sendmsg+0x80b/0xcd0 [ 56.769952] sock_sendmsg+0xcf/0x120 [ 56.769954] ___sys_sendmsg+0x803/0x920 [ 56.769956] __sys_sendmsg+0xec/0x1b0 [ 56.769958] do_syscall_64+0xf9/0x620 [ 56.769961] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.769962] [ 56.769964] other info that might help us debug this: [ 56.769965] [ 56.769967] Chain exists of: [ 56.769968] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 56.769978] [ 56.769980] Possible unsafe locking scenario: [ 56.769981] [ 56.769983] CPU0 CPU1 [ 56.769985] ---- ---- [ 56.769986] lock(&obj_hash[i].lock); [ 56.769991] lock(hrtimer_bases.lock); [ 56.769997] lock(&obj_hash[i].lock); [ 56.770001] lock((console_sem).lock); [ 56.770005] [ 56.770006] *** DEADLOCK *** [ 56.770007] [ 56.770010] 2 locks held by syz-executor461/8131: [ 56.770011] #0: 0000000069319f1d (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 56.770019] #1: 0000000047a6a480 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 56.770028] [ 56.770030] stack backtrace: [ 56.770034] CPU: 0 PID: 8131 Comm: syz-executor461 Not tainted 4.19.111-syzkaller #0 [ 56.770038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.770039] Call Trace: [ 56.770041] dump_stack+0x188/0x20d [ 56.770044] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 56.770046] __lock_acquire+0x2e19/0x49c0 [ 56.770048] ? add_lock_to_list.isra.0+0x179/0x330 [ 56.770050] ? save_trace+0xd6/0x290 [ 56.770053] ? mark_held_locks+0xf0/0xf0 [ 56.770055] ? format_decode+0x230/0xad0 [ 56.770057] ? kvm_clock_read+0x14/0x30 [ 56.770059] lock_acquire+0x170/0x400 [ 56.770061] ? down_trylock+0xe/0x60 [ 56.770063] _raw_spin_lock_irqsave+0x8c/0xbf [ 56.770065] ? down_trylock+0xe/0x60 [ 56.770067] down_trylock+0xe/0x60 [ 56.770069] ? vprintk_emit+0x269/0x6e0 [ 56.770071] __down_trylock_console_sem+0xa3/0x210 [ 56.770074] console_trylock+0x12/0x90 [ 56.770076] vprintk_emit+0x269/0x6e0 [ 56.770078] vprintk_func+0x79/0x17e [ 56.770079] printk+0xba/0xed [ 56.770082] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 56.770084] ? __warn_printk+0x8f/0xf3 [ 56.770086] __warn_printk+0x9b/0xf3 [ 56.770088] ? add_taint.cold+0x16/0x16 [ 56.770090] ? do_syscall_64+0xf9/0x620 [ 56.770093] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.770095] debug_print_object+0x160/0x250 [ 56.770097] debug_object_activate+0x357/0x4e0 [ 56.770099] ? debug_object_free+0x3e0/0x3e0 [ 56.770102] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 56.770104] ? route4_change+0xbab/0x2210 [ 56.770106] ? delayed_work_timer_fn+0x90/0x90 [ 56.770108] __call_rcu.constprop.0+0x31/0x7e0 [ 56.770111] ? mark_held_locks+0xa6/0xf0 [ 56.770113] queue_rcu_work+0x75/0x90 [ 56.770115] route4_change+0xe6a/0x2210 [ 56.770117] ? route4_init+0xa0/0xa0 [ 56.770119] ? route4_init+0xa0/0xa0 [ 56.770121] tc_new_tfilter+0xa6b/0x1450 [ 56.770123] ? tc_del_tfilter+0xd40/0xd40 [ 56.770125] ? __mutex_lock+0x3cd/0x1300 [ 56.770128] ? selinux_ipv4_output+0x50/0x50 [ 56.770130] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 56.770132] ? tc_del_tfilter+0xd40/0xd40 [ 56.770134] rtnetlink_rcv_msg+0x453/0xaf0 [ 56.770136] ? rtnetlink_put_metrics+0x520/0x520 [ 56.770139] ? find_held_lock+0x2d/0x110 [ 56.770141] netlink_rcv_skb+0x160/0x410 [ 56.770143] ? rtnetlink_put_metrics+0x520/0x520 [ 56.770145] ? netlink_ack+0xa60/0xa60 [ 56.770147] netlink_unicast+0x4d7/0x6a0 [ 56.770150] ? netlink_attachskb+0x710/0x710 [ 56.770152] netlink_sendmsg+0x80b/0xcd0 [ 56.770154] ? netlink_unicast+0x6a0/0x6a0 [ 56.770156] ? move_addr_to_kernel.part.0+0x110/0x110 [ 56.770159] ? netlink_unicast+0x6a0/0x6a0 [ 56.770161] sock_sendmsg+0xcf/0x120 [ 56.770163] ___sys_sendmsg+0x803/0x920 [ 56.770165] ? copy_msghdr_from_user+0x410/0x410 [ 56.770167] ? __fget+0x319/0x510 [ 56.770169] ? lock_downgrade+0x740/0x740 [ 56.770172] ? check_preemption_disabled+0x41/0x280 [ 56.770173] ? __fget+0x340/0x510 [ 56.770175] ? iterate_fd+0x350/0x350 [ 56.770178] ? find_held_lock+0x2d/0x110 [ 56.770180] ? __fd_install+0x1b4/0x610 [ 56.770182] ? __fget_light+0x1d1/0x230 [ 56.770184] __sys_sendmsg+0xec/0x1b0 [ 56.770186] ? __ia32_sys_shutdown+0x70/0x70 [ 56.770188] ? __x64_sys_futex+0x386/0x4f0 [ 56.770191] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 56.770193] ? trace_hardirqs_off_caller+0x55/0x210 [ 56.770195] ? do_syscall_64+0x21/0x620 [ 56.770197] do_syscall_64+0xf9/0x620 [ 56.770200] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.770202] RIP: 0033:0x446ec9 [ 56.770209] Code: e8 4c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.770211] RSP: 002b:00007f1399ed8d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.770217] RAX: ffffffffffffffda RBX: 00000000006dcc78 RCX: 0000000000446ec9 [ 56.770220] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 56.770223] RBP: 00000000006dcc70 R08: 0000000000000000 R09: 0000000000000000 [ 56.770227] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc7c [ 56.770230] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 56.771613] Kernel Offset: disabled [ 57.709544] Rebooting in 86400 seconds..