[ 44.042124] audit: type=1800 audit(1584394985.875:32): pid=7836 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 49.401803] kauditd_printk_skb: 2 callbacks suppressed [ 49.401816] audit: type=1400 audit(1584394991.335:35): avc: denied { map } for pid=8013 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.107' (ECDSA) to the list of known hosts. executing program [ 56.189891] audit: type=1400 audit(1584394998.125:36): avc: denied { map } for pid=8025 comm="syz-executor891" path="/root/syz-executor891946390" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 56.207333] IPVS: ftp: loaded support on port[0] = 21 [ 56.260721] ------------[ cut here ]------------ [ 56.266486] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 56.275683] WARNING: CPU: 0 PID: 8028 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 56.284439] Kernel panic - not syncing: panic_on_warn set ... [ 56.284439] [ 56.291781] CPU: 0 PID: 8028 Comm: syz-executor891 Not tainted 4.19.110-syzkaller #0 [ 56.299641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.308979] Call Trace: [ 56.311555] dump_stack+0x188/0x20d [ 56.315168] panic+0x26a/0x50e [ 56.318351] ? __warn_printk+0xf3/0xf3 [ 56.322246] ? debug_print_object+0x160/0x250 [ 56.326812] ? __probe_kernel_read+0x16c/0x1b0 [ 56.331390] ? __warn.cold+0x5/0x46 [ 56.335010] ? __warn+0xe4/0x1c0 [ 56.338364] ? debug_print_object+0x160/0x250 [ 56.342910] __warn.cold+0x20/0x46 [ 56.346443] ? debug_print_object+0x160/0x250 [ 56.350930] report_bug+0x262/0x2a0 [ 56.354551] do_error_trap+0x1d7/0x310 [ 56.358419] ? math_error+0x310/0x310 [ 56.362202] ? irq_work_claim+0xa6/0xc0 [ 56.366155] ? irq_work_queue+0x2b/0x80 [ 56.370112] ? wake_up_klogd+0x8c/0xc0 [ 56.373981] ? trace_hardirqs_off_caller+0x55/0x210 [ 56.378984] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.383809] invalid_op+0x14/0x20 [ 56.387246] RIP: 0010:debug_print_object+0x160/0x250 [ 56.392441] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 9b f8 e6 fd <0f> 0b 83 05 a3 a5 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 56.411350] RSP: 0018:ffff88808e807268 EFLAGS: 00010086 [ 56.416705] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 56.424055] RDX: 0000000000000000 RSI: ffffffff8152d2f1 RDI: ffffed1011d00e3f [ 56.431311] RBP: 0000000000000001 R08: ffff88808d7fe6c0 R09: ffffed1015cc3ee3 [ 56.438565] R10: ffffed1015cc3ee2 R11: ffff8880ae61f717 R12: ffffffff88b928c0 [ 56.445815] R13: 0000000000000000 R14: ffff88809e050400 R15: 1ffff11011d00e5a [ 56.453129] ? vprintk_func+0x81/0x17e [ 56.457012] ? debug_print_object+0x160/0x250 [ 56.461500] debug_object_activate+0x357/0x4e0 [ 56.466070] ? debug_object_free+0x3e0/0x3e0 [ 56.470479] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 56.475083] ? route4_change+0xbab/0x2210 [ 56.479215] ? delayed_work_timer_fn+0x90/0x90 [ 56.483781] __call_rcu.constprop.0+0x31/0x7e0 [ 56.488347] ? mark_held_locks+0xa6/0xf0 [ 56.492388] queue_rcu_work+0x75/0x90 [ 56.496178] route4_change+0xe6a/0x2210 [ 56.500180] ? route4_init+0xa0/0xa0 [ 56.503880] ? route4_init+0xa0/0xa0 [ 56.507587] tc_new_tfilter+0xa6b/0x1450 [ 56.511631] ? tc_del_tfilter+0xd40/0xd40 [ 56.515759] ? __mutex_lock+0x3cd/0x1300 [ 56.519817] ? selinux_ipv4_output+0x50/0x50 [ 56.524486] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 56.528908] ? tc_del_tfilter+0xd40/0xd40 [ 56.533063] rtnetlink_rcv_msg+0x453/0xaf0 [ 56.537293] ? rtnetlink_put_metrics+0x520/0x520 [ 56.542039] ? find_held_lock+0x2d/0x110 [ 56.546088] netlink_rcv_skb+0x160/0x410 [ 56.550136] ? rtnetlink_put_metrics+0x520/0x520 [ 56.554873] ? netlink_ack+0xa60/0xa60 [ 56.558747] netlink_unicast+0x4d7/0x6a0 [ 56.562789] ? netlink_attachskb+0x710/0x710 [ 56.567268] netlink_sendmsg+0x80b/0xcd0 [ 56.571324] ? netlink_unicast+0x6a0/0x6a0 [ 56.575540] ? move_addr_to_kernel.part.0+0x110/0x110 [ 56.580712] ? netlink_unicast+0x6a0/0x6a0 [ 56.584935] sock_sendmsg+0xcf/0x120 [ 56.588627] ___sys_sendmsg+0x803/0x920 [ 56.592594] ? copy_msghdr_from_user+0x410/0x410 [ 56.597329] ? __fget+0x319/0x510 [ 56.600764] ? lock_downgrade+0x740/0x740 [ 56.604894] ? check_preemption_disabled+0x41/0x280 [ 56.609889] ? __fget+0x340/0x510 [ 56.613323] ? iterate_fd+0x350/0x350 [ 56.617113] ? find_held_lock+0x2d/0x110 [ 56.621162] ? __fd_install+0x1b4/0x610 [ 56.625126] ? __fget_light+0x1d1/0x230 [ 56.629086] __sys_sendmsg+0xec/0x1b0 [ 56.633571] ? __ia32_sys_shutdown+0x70/0x70 [ 56.637960] ? __x64_sys_futex+0x386/0x4f0 [ 56.642178] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 56.646924] ? trace_hardirqs_off_caller+0x55/0x210 [ 56.651920] ? do_syscall_64+0x21/0x620 [ 56.655961] do_syscall_64+0xf9/0x620 [ 56.659753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.664922] RIP: 0033:0x446ec9 [ 56.668104] Code: e8 4c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.687516] RSP: 002b:00007f317896fd98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.695200] RAX: ffffffffffffffda RBX: 00000000006dcc78 RCX: 0000000000446ec9 [ 56.702447] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 56.709706] RBP: 00000000006dcc70 R08: 0000000000000000 R09: 0000000000000000 [ 56.717137] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc7c [ 56.724402] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 56.731671] [ 56.731674] ====================================================== [ 56.731677] WARNING: possible circular locking dependency detected [ 56.731679] 4.19.110-syzkaller #0 Not tainted [ 56.731682] ------------------------------------------------------ [ 56.731685] syz-executor891/8028 is trying to acquire lock: [ 56.731687] 0000000064ab8ca2 ((console_sem).lock){-...}, at: down_trylock+0xe/0x60 [ 56.731694] [ 56.731696] but task is already holding lock: [ 56.731698] 00000000d7556210 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 56.731706] [ 56.731708] which lock already depends on the new lock. [ 56.731709] [ 56.731711] [ 56.731713] the existing dependency chain (in reverse order) is: [ 56.731714] [ 56.731716] -> #5 (&obj_hash[i].lock){-.-.}: [ 56.731723] debug_object_activate+0x131/0x4e0 [ 56.731725] enqueue_hrtimer+0x27/0x3f0 [ 56.731728] hrtimer_start_range_ns+0x580/0xbe0 [ 56.731730] schedule_hrtimeout_range_clock+0x17a/0x360 [ 56.731732] wait_task_inactive+0x443/0x550 [ 56.731735] __kthread_bind_mask+0x1f/0xb0 [ 56.731737] init_rescuer.part.0+0xf2/0x190 [ 56.731739] workqueue_init+0x504/0x7e9 [ 56.731741] kernel_init_freeable+0x2bd/0x5bb [ 56.731743] kernel_init+0xd/0x1c0 [ 56.731745] ret_from_fork+0x24/0x30 [ 56.731746] [ 56.731747] -> #4 (hrtimer_bases.lock){-.-.}: [ 56.731755] lock_hrtimer_base.isra.0+0x6d/0x120 [ 56.731757] hrtimer_start_range_ns+0xf5/0xbe0 [ 56.731759] enqueue_task_rt+0x97f/0xdf0 [ 56.731762] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 56.731764] _sched_setscheduler+0xee/0x180 [ 56.731766] watchdog_dev_init+0xdd/0x1ae [ 56.731768] watchdog_init+0x14/0x17e [ 56.731771] do_one_initcall+0xf1/0x734 [ 56.731773] kernel_init_freeable+0x4c9/0x5bb [ 56.731775] kernel_init+0xd/0x1c0 [ 56.731777] ret_from_fork+0x24/0x30 [ 56.731778] [ 56.731779] -> #3 (&rt_b->rt_runtime_lock){-...}: [ 56.731786] rq_online_rt+0xaf/0x390 [ 56.731788] set_rq_online.part.0+0xe3/0x140 [ 56.731791] sched_cpu_activate+0x17f/0x270 [ 56.731793] cpuhp_invoke_callback+0x213/0x1bb0 [ 56.731795] cpuhp_thread_fun+0x440/0x840 [ 56.731797] smpboot_thread_fn+0x653/0x9d0 [ 56.731799] kthread+0x34a/0x420 [ 56.731801] ret_from_fork+0x24/0x30 [ 56.731802] [ 56.731803] -> #2 (&rq->lock){-.-.}: [ 56.731810] task_fork_fair+0x6a/0x520 [ 56.731812] sched_fork+0x3a7/0x8b0 [ 56.731814] copy_process.part.0+0x187d/0x7a60 [ 56.731816] _do_fork+0x22f/0xf40 [ 56.731818] kernel_thread+0x2f/0x40 [ 56.731820] rest_init+0x1f/0x212 [ 56.731822] start_kernel+0x7e4/0x81c [ 56.731825] secondary_startup_64+0xa4/0xb0 [ 56.731826] [ 56.731827] -> #1 (&p->pi_lock){-.-.}: [ 56.731834] try_to_wake_up+0x80/0xe90 [ 56.731835] up+0x92/0xe0 [ 56.731838] __up_console_sem+0xb3/0x1c0 [ 56.731840] console_unlock+0x64d/0xfe0 [ 56.731842] vprintk_emit+0x282/0x6e0 [ 56.731844] vprintk_func+0x79/0x17e [ 56.731845] printk+0xba/0xed [ 56.731848] kauditd_hold_skb.cold+0x41/0x50 [ 56.731850] kauditd_send_queue+0x12d/0x170 [ 56.731852] kauditd_thread+0x6f4/0xa20 [ 56.731854] kthread+0x34a/0x420 [ 56.731856] ret_from_fork+0x24/0x30 [ 56.731857] [ 56.731858] -> #0 ((console_sem).lock){-...}: [ 56.731866] _raw_spin_lock_irqsave+0x8c/0xbf [ 56.731868] down_trylock+0xe/0x60 [ 56.731870] __down_trylock_console_sem+0xa3/0x210 [ 56.731872] console_trylock+0x12/0x90 [ 56.731874] vprintk_emit+0x269/0x6e0 [ 56.731876] vprintk_func+0x79/0x17e [ 56.731878] printk+0xba/0xed [ 56.731880] __warn_printk+0x9b/0xf3 [ 56.731882] debug_print_object+0x160/0x250 [ 56.731885] debug_object_activate+0x357/0x4e0 [ 56.731887] __call_rcu.constprop.0+0x31/0x7e0 [ 56.731889] queue_rcu_work+0x75/0x90 [ 56.731891] route4_change+0xe6a/0x2210 [ 56.731893] tc_new_tfilter+0xa6b/0x1450 [ 56.731895] rtnetlink_rcv_msg+0x453/0xaf0 [ 56.731898] netlink_rcv_skb+0x160/0x410 [ 56.731900] netlink_unicast+0x4d7/0x6a0 [ 56.731902] netlink_sendmsg+0x80b/0xcd0 [ 56.731904] sock_sendmsg+0xcf/0x120 [ 56.731906] ___sys_sendmsg+0x803/0x920 [ 56.731908] __sys_sendmsg+0xec/0x1b0 [ 56.731910] do_syscall_64+0xf9/0x620 [ 56.731913] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.731914] [ 56.731916] other info that might help us debug this: [ 56.731917] [ 56.731919] Chain exists of: [ 56.731920] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 56.731929] [ 56.731931] Possible unsafe locking scenario: [ 56.731933] [ 56.731935] CPU0 CPU1 [ 56.731937] ---- ---- [ 56.731938] lock(&obj_hash[i].lock); [ 56.731943] lock(hrtimer_bases.lock); [ 56.731948] lock(&obj_hash[i].lock); [ 56.731952] lock((console_sem).lock); [ 56.731956] [ 56.731958] *** DEADLOCK *** [ 56.731959] [ 56.731961] 2 locks held by syz-executor891/8028: [ 56.731962] #0: 000000005cda8b4e (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 56.731975] #1: 00000000d7556210 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 56.731984] [ 56.731985] stack backtrace: [ 56.731989] CPU: 0 PID: 8028 Comm: syz-executor891 Not tainted 4.19.110-syzkaller #0 [ 56.731993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.731995] Call Trace: [ 56.731996] dump_stack+0x188/0x20d [ 56.731999] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 56.732001] __lock_acquire+0x2e19/0x49c0 [ 56.732003] ? add_lock_to_list.isra.0+0x179/0x330 [ 56.732005] ? save_trace+0xd6/0x290 [ 56.732007] ? mark_held_locks+0xf0/0xf0 [ 56.732010] ? format_decode+0x230/0xad0 [ 56.732012] ? kvm_clock_read+0x14/0x30 [ 56.732014] lock_acquire+0x170/0x400 [ 56.732015] ? down_trylock+0xe/0x60 [ 56.732018] _raw_spin_lock_irqsave+0x8c/0xbf [ 56.732020] ? down_trylock+0xe/0x60 [ 56.732022] down_trylock+0xe/0x60 [ 56.732024] ? vprintk_emit+0x269/0x6e0 [ 56.732026] __down_trylock_console_sem+0xa3/0x210 [ 56.732028] console_trylock+0x12/0x90 [ 56.732030] vprintk_emit+0x269/0x6e0 [ 56.732032] vprintk_func+0x79/0x17e [ 56.732034] printk+0xba/0xed [ 56.732036] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 56.732038] ? __warn_printk+0x8f/0xf3 [ 56.732040] __warn_printk+0x9b/0xf3 [ 56.732042] ? add_taint.cold+0x16/0x16 [ 56.732044] ? do_syscall_64+0xf9/0x620 [ 56.732047] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.732049] debug_print_object+0x160/0x250 [ 56.732051] debug_object_activate+0x357/0x4e0 [ 56.732053] ? debug_object_free+0x3e0/0x3e0 [ 56.732055] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 56.732058] ? route4_change+0xbab/0x2210 [ 56.732060] ? delayed_work_timer_fn+0x90/0x90 [ 56.732062] __call_rcu.constprop.0+0x31/0x7e0 [ 56.732064] ? mark_held_locks+0xa6/0xf0 [ 56.732066] queue_rcu_work+0x75/0x90 [ 56.732068] route4_change+0xe6a/0x2210 [ 56.732070] ? route4_init+0xa0/0xa0 [ 56.732072] ? route4_init+0xa0/0xa0 [ 56.732074] tc_new_tfilter+0xa6b/0x1450 [ 56.732076] ? tc_del_tfilter+0xd40/0xd40 [ 56.732078] ? __mutex_lock+0x3cd/0x1300 [ 56.732081] ? selinux_ipv4_output+0x50/0x50 [ 56.732083] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 56.732085] ? tc_del_tfilter+0xd40/0xd40 [ 56.732087] rtnetlink_rcv_msg+0x453/0xaf0 [ 56.732089] ? rtnetlink_put_metrics+0x520/0x520 [ 56.732091] ? find_held_lock+0x2d/0x110 [ 56.732093] netlink_rcv_skb+0x160/0x410 [ 56.732096] ? rtnetlink_put_metrics+0x520/0x520 [ 56.732098] ? netlink_ack+0xa60/0xa60 [ 56.732100] netlink_unicast+0x4d7/0x6a0 [ 56.732102] ? netlink_attachskb+0x710/0x710 [ 56.732104] netlink_sendmsg+0x80b/0xcd0 [ 56.732106] ? netlink_unicast+0x6a0/0x6a0 [ 56.732109] ? move_addr_to_kernel.part.0+0x110/0x110 [ 56.732111] ? netlink_unicast+0x6a0/0x6a0 [ 56.732113] sock_sendmsg+0xcf/0x120 [ 56.732115] ___sys_sendmsg+0x803/0x920 [ 56.732117] ? copy_msghdr_from_user+0x410/0x410 [ 56.732119] ? __fget+0x319/0x510 [ 56.732121] ? lock_downgrade+0x740/0x740 [ 56.732124] ? check_preemption_disabled+0x41/0x280 [ 56.732125] ? __fget+0x340/0x510 [ 56.732127] ? iterate_fd+0x350/0x350 [ 56.732129] ? find_held_lock+0x2d/0x110 [ 56.732131] ? __fd_install+0x1b4/0x610 [ 56.732134] ? __fget_light+0x1d1/0x230 [ 56.732136] __sys_sendmsg+0xec/0x1b0 [ 56.732138] ? __ia32_sys_shutdown+0x70/0x70 [ 56.732140] ? __x64_sys_futex+0x386/0x4f0 [ 56.732142] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 56.732145] ? trace_hardirqs_off_caller+0x55/0x210 [ 56.732147] ? do_syscall_64+0x21/0x620 [ 56.732149] do_syscall_64+0xf9/0x620 [ 56.732151] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.732153] RIP: 0033:0x446ec9 [ 56.732161] Code: e8 4c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.732163] RSP: 002b:00007f317896fd98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.732169] RAX: ffffffffffffffda RBX: 00000000006dcc78 RCX: 0000000000446ec9 [ 56.732172] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 56.732175] RBP: 00000000006dcc70 R08: 0000000000000000 R09: 0000000000000000 [ 56.732178] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc7c [ 56.732181] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 56.733592] Kernel Offset: disabled [ 57.689778] Rebooting in 86400 seconds..