Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. syzkaller login: [ 50.093846] kauditd_printk_skb: 2 callbacks suppressed [ 50.093861] audit: type=1400 audit(1563597101.128:36): avc: denied { map } for pid=7594 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/07/20 04:31:42 parsed 1 programs [ 50.989302] audit: type=1400 audit(1563597102.028:37): avc: denied { map } for pid=7594 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14210 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/07/20 04:31:43 executed programs: 0 [ 52.811302] IPVS: ftp: loaded support on port[0] = 21 [ 52.871267] chnl_net:caif_netlink_parms(): no params data found [ 52.903146] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.910124] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.917440] device bridge_slave_0 entered promiscuous mode [ 52.925103] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.931481] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.938613] device bridge_slave_1 entered promiscuous mode [ 52.953235] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.962617] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.979344] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.987031] team0: Port device team_slave_0 added [ 52.992533] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.999921] team0: Port device team_slave_1 added [ 53.005373] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.013664] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.075955] device hsr_slave_0 entered promiscuous mode [ 53.114394] device hsr_slave_1 entered promiscuous mode [ 53.154526] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 53.161432] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 53.175523] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.181947] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.188889] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.195299] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.226829] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 53.232968] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.241528] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.250558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.271105] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.278496] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.286779] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 53.298370] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 53.305187] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.314301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.322088] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.328467] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.338413] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.346372] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.352697] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.371422] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 53.381481] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 53.393189] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.400481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.408256] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.416407] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.424298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.431929] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.438863] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.449805] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 53.460655] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.470948] audit: type=1400 audit(1563597104.508:38): avc: denied { associate } for pid=7611 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 54.317111] WARNING: CPU: 1 PID: 7620 at kernel/sched/deadline.c:627 enqueue_task_dl+0x1c53/0x2d70 [ 54.327169] Kernel panic - not syncing: panic_on_warn set ... [ 54.327169] [ 54.334519] CPU: 1 PID: 7620 Comm: syz-executor.0 Not tainted 4.19.59 #32 [ 54.341438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.350773] Call Trace: [ 54.353343] dump_stack+0x172/0x1f0 [ 54.356953] panic+0x263/0x507 [ 54.360245] ? __warn_printk+0xf3/0xf3 [ 54.364132] ? enqueue_task_dl+0x1c53/0x2d70 [ 54.368527] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.374050] ? __warn.cold+0x5/0x4a [ 54.377663] ? __warn+0xe8/0x1d0 [ 54.381015] ? enqueue_task_dl+0x1c53/0x2d70 [ 54.385408] __warn.cold+0x20/0x4a [ 54.388933] ? enqueue_task_dl+0x1c53/0x2d70 [ 54.393357] report_bug+0x263/0x2b0 [ 54.396972] do_error_trap+0x204/0x360 [ 54.400844] ? math_error+0x340/0x340 [ 54.404630] ? update_curr+0x3c4/0x8a0 [ 54.408506] ? find_held_lock+0x35/0x130 [ 54.412554] ? error_entry+0x76/0xd0 [ 54.416256] ? trace_hardirqs_off_caller+0x65/0x220 [ 54.421263] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 54.426089] do_invalid_op+0x1b/0x20 [ 54.429789] invalid_op+0x14/0x20 [ 54.433236] RIP: 0010:enqueue_task_dl+0x1c53/0x2d70 [ 54.438245] Code: 37 00 48 c1 ea 03 48 c1 e0 2a 80 3c 02 00 0f 85 bc 0a 00 00 49 8b 85 50 0a 00 00 e9 e1 f5 ff ff e8 82 eb 51 00 e9 e9 e3 ff ff <0f> 0b e9 23 f5 ff ff 0f 0b e9 88 f5 ff ff 4c 89 4d b0 4c 89 45 b8 [ 54.457128] RSP: 0018:ffff88809fb47c90 EFLAGS: 00010002 [ 54.462475] RAX: 0000000000000000 RBX: ffffffff88b09b00 RCX: 0000000000000002 [ 54.469725] RDX: 0000000c78d28814 RSI: 1ffffffff10965dd RDI: ffffffff884b2ee8 [ 54.476979] RBP: ffff88809fb47d08 R08: ffff88807f20e2f8 R09: ffff88807f20e340 [ 54.484230] R10: ffff88807f20e0bc R11: ffff8880ae923993 R12: ffff88807f20e080 [ 54.491479] R13: ffff8880ae92d240 R14: ffff8880ae92d240 R15: ffff88807f20e34c [ 54.498746] ? do_raw_spin_unlock+0x57/0x270 [ 54.503141] enqueue_task+0xa0/0x1d0 [ 54.506840] __sched_setscheduler+0xd35/0x1d90 [ 54.511411] ? cpu_cgroup_fork+0xd0/0xd0 [ 54.515459] ? kasan_check_read+0x11/0x20 [ 54.519594] __x64_sys_sched_setattr+0x184/0x2b0 [ 54.524333] ? __ia32_sys_sched_setparam+0x80/0x80 [ 54.529246] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 54.533986] ? lockdep_hardirqs_on+0x415/0x5d0 [ 54.538554] ? trace_hardirqs_on+0x67/0x220 [ 54.542950] do_syscall_64+0xfd/0x620 [ 54.546741] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.551913] RIP: 0033:0x459819 [ 54.555092] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.573974] RSP: 002b:00007f125bf71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000013a [ 54.581668] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 54.588922] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000000 [ 54.596186] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 54.603438] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f125bf726d4 [ 54.610692] R13: 00000000004c6d52 R14: 00000000004dc010 R15: 00000000ffffffff [ 54.617954] [ 54.617958] ====================================================== [ 54.617962] WARNING: possible circular locking dependency detected [ 54.617965] 4.19.59 #32 Not tainted [ 54.617969] ------------------------------------------------------ [ 54.617973] syz-executor.0/7620 is trying to acquire lock: [ 54.617975] 00000000d677f8a7 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 54.617986] [ 54.617989] but task is already holding lock: [ 54.617991] 000000006c395295 (&rq->lock){-.-.}, at: task_rq_lock+0xc5/0x2c0 [ 54.618001] [ 54.618005] which lock already depends on the new lock. [ 54.618007] [ 54.618008] [ 54.618012] the existing dependency chain (in reverse order) is: [ 54.618014] [ 54.618015] -> #2 (&rq->lock){-.-.}: [ 54.618026] _raw_spin_lock+0x2f/0x40 [ 54.618029] task_fork_fair+0x6a/0x520 [ 54.618031] sched_fork+0x3af/0x900 [ 54.618035] copy_process.part.0+0x1859/0x7a30 [ 54.618038] _do_fork+0x257/0xfd0 [ 54.618041] kernel_thread+0x34/0x40 [ 54.618043] rest_init+0x24/0xf6 [ 54.618046] start_kernel+0x88c/0x8c5 [ 54.618050] x86_64_start_reservations+0x29/0x2b [ 54.618053] x86_64_start_kernel+0x77/0x7b [ 54.618056] secondary_startup_64+0xa4/0xb0 [ 54.618058] [ 54.618059] -> #1 (&p->pi_lock){-.-.}: [ 54.618070] _raw_spin_lock_irqsave+0x95/0xcd [ 54.618073] try_to_wake_up+0x94/0xf50 [ 54.618076] wake_up_process+0x10/0x20 [ 54.618078] __up.isra.0+0x136/0x1a0 [ 54.618081] up+0x9c/0xe0 [ 54.618084] __up_console_sem+0xb7/0x1c0 [ 54.618087] console_unlock+0x6c7/0x10b0 [ 54.618090] do_con_write.part.0+0xeec/0x1eb0 [ 54.618093] con_write+0x46/0xd0 [ 54.618096] n_tty_write+0x3f9/0x10f0 [ 54.618099] tty_write+0x458/0x7a0 [ 54.618102] __vfs_write+0x114/0x810 [ 54.618104] vfs_write+0x20c/0x560 [ 54.618107] ksys_write+0x14f/0x2d0 [ 54.618110] __x64_sys_write+0x73/0xb0 [ 54.618113] do_syscall_64+0xfd/0x620 [ 54.618117] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.618118] [ 54.618120] -> #0 ((console_sem).lock){-...}: [ 54.618130] lock_acquire+0x16f/0x3f0 [ 54.618134] _raw_spin_lock_irqsave+0x95/0xcd [ 54.618136] down_trylock+0x13/0x70 [ 54.618140] __down_trylock_console_sem+0xa8/0x210 [ 54.618143] console_trylock+0x15/0xa0 [ 54.618146] vprintk_emit+0x21d/0x690 [ 54.618149] vprintk_default+0x28/0x30 [ 54.618152] vprintk_func+0x7e/0x189 [ 54.618154] printk+0xba/0xed [ 54.618157] __warn+0x9e/0x1d0 [ 54.618160] report_bug+0x263/0x2b0 [ 54.618163] do_error_trap+0x204/0x360 [ 54.618166] do_invalid_op+0x1b/0x20 [ 54.618168] invalid_op+0x14/0x20 [ 54.618171] enqueue_task_dl+0x1c53/0x2d70 [ 54.618174] enqueue_task+0xa0/0x1d0 [ 54.618178] __sched_setscheduler+0xd35/0x1d90 [ 54.618181] __x64_sys_sched_setattr+0x184/0x2b0 [ 54.618184] do_syscall_64+0xfd/0x620 [ 54.618188] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.618189] [ 54.618192] other info that might help us debug this: [ 54.618194] [ 54.618196] Chain exists of: [ 54.618198] (console_sem).lock --> &p->pi_lock --> &rq->lock [ 54.618211] [ 54.618214] Possible unsafe locking scenario: [ 54.618215] [ 54.618218] CPU0 CPU1 [ 54.618222] ---- ---- [ 54.618223] lock(&rq->lock); [ 54.618230] lock(&p->pi_lock); [ 54.618237] lock(&rq->lock); [ 54.618242] lock((console_sem).lock); [ 54.618248] [ 54.618251] *** DEADLOCK *** [ 54.618252] [ 54.618255] 3 locks held by syz-executor.0/7620: [ 54.618257] #0: 0000000067d3b5ab (rcu_read_lock){....}, at: __x64_sys_sched_setattr+0x119/0x2b0 [ 54.618270] #1: 000000002f0c24bb (&p->pi_lock){-.-.}, at: task_rq_lock+0x6a/0x2c0 [ 54.618282] #2: 000000006c395295 (&rq->lock){-.-.}, at: task_rq_lock+0xc5/0x2c0 [ 54.618294] [ 54.618296] stack backtrace: [ 54.618301] CPU: 1 PID: 7620 Comm: syz-executor.0 Not tainted 4.19.59 #32 [ 54.618306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.618309] Call Trace: [ 54.618311] dump_stack+0x172/0x1f0 [ 54.618315] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 54.618318] __lock_acquire+0x2e6d/0x48f0 [ 54.618321] ? put_dec+0x3b/0xd0 [ 54.618324] ? mark_held_locks+0x100/0x100 [ 54.618327] ? format_decode+0x25f/0xbc0 [ 54.618330] ? enable_ptr_key_workfn+0x30/0x30 [ 54.618333] ? kvm_clock_read+0x18/0x30 [ 54.618336] lock_acquire+0x16f/0x3f0 [ 54.618338] ? down_trylock+0x13/0x70 [ 54.618342] _raw_spin_lock_irqsave+0x95/0xcd [ 54.618345] ? down_trylock+0x13/0x70 [ 54.618348] ? vprintk_emit+0x21d/0x690 [ 54.618351] down_trylock+0x13/0x70 [ 54.618355] ? vprintk_emit+0x21d/0x690 [ 54.618358] __down_trylock_console_sem+0xa8/0x210 [ 54.618361] console_trylock+0x15/0xa0 [ 54.618364] vprintk_emit+0x21d/0x690 [ 54.618367] ? enqueue_task_dl+0x1c53/0x2d70 [ 54.618370] vprintk_default+0x28/0x30 [ 54.618373] vprintk_func+0x7e/0x189 [ 54.618375] printk+0xba/0xed [ 54.618379] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 54.618382] ? enqueue_task_dl+0x1c53/0x2d70 [ 54.618386] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.618389] ? __probe_kernel_read+0x171/0x1c0 [ 54.618392] ? enqueue_task_dl+0x1c53/0x2d70 [ 54.618395] ? enqueue_task_dl+0x1c53/0x2d70 [ 54.618398] __warn+0x9e/0x1d0 [ 54.618401] ? enqueue_task_dl+0x1c53/0x2d70 [ 54.618404] report_bug+0x263/0x2b0 [ 54.618406] do_error_trap+0x204/0x360 [ 54.618409] ? math_error+0x340/0x340 [ 54.618412] ? update_curr+0x3c4/0x8a0 [ 54.618415] ? find_held_lock+0x35/0x130 [ 54.618418] ? error_entry+0x76/0xd0 [ 54.618421] ? trace_hardirqs_off_caller+0x65/0x220 [ 54.618425] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 54.618428] do_invalid_op+0x1b/0x20 [ 54.618430] invalid_op+0x14/0x20 [ 54.618434] RIP: 0010:enqueue_task_dl+0x1c53/0x2d70 [ 54.618444] Code: 37 00 48 c1 ea 03 48 c1 e0 2a 80 3c 02 00 0f 85 bc 0a 00 00 49 8b 85 50 0a 00 00 e9 e1 f5 ff ff e8 82 eb 51 00 e9 e9 e3 ff ff <0f> 0b e9 23 f5 ff ff 0f 0b e9 88 f5 ff ff 4c 89 4d b0 4c 89 45 b8 [ 54.618447] RSP: 0018:ffff88809fb47c90 EFLAGS: 00010002 [ 54.618454] RAX: 0000000000000000 RBX: ffffffff88b09b00 RCX: 0000000000000002 [ 54.618458] RDX: 0000000c78d28814 RSI: 1ffffffff10965dd RDI: ffffffff884b2ee8 [ 54.618463] RBP: ffff88809fb47d08 R08: ffff88807f20e2f8 R09: ffff88807f20e340 [ 54.618467] R10: ffff88807f20e0bc R11: ffff8880ae923993 R12: ffff88807f20e080 [ 54.618472] R13: ffff8880ae92d240 R14: ffff8880ae92d240 R15: ffff88807f20e34c [ 54.618475] ? do_raw_spin_unlock+0x57/0x270 [ 54.618478] enqueue_task+0xa0/0x1d0 [ 54.618481] __sched_setscheduler+0xd35/0x1d90 [ 54.618484] ? cpu_cgroup_fork+0xd0/0xd0 [ 54.618487] ? kasan_check_read+0x11/0x20 [ 54.618490] __x64_sys_sched_setattr+0x184/0x2b0 [ 54.618494] ? __ia32_sys_sched_setparam+0x80/0x80 [ 54.618497] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 54.618500] ? lockdep_hardirqs_on+0x415/0x5d0 [ 54.618503] ? trace_hardirqs_on+0x67/0x220 [ 54.618506] do_syscall_64+0xfd/0x620 [ 54.618510] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.618512] RIP: 0033:0x459819 [ 54.618522] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.618526] RSP: 002b:00007f125bf71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000013a [ 54.618533] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 54.618538] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000000 [ 54.618542] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 54.618547] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f125bf726d4 [ 54.618551] R13: 00000000004c6d52 R14: 00000000004dc010 R15: 00000000ffffffff [ 55.719762] Shutting down cpus with NMI [ 56.481990] Kernel Offset: disabled [ 56.485619] Rebooting in 86400 seconds..