[ 50.359696] audit: type=1800 audit(1584533089.630:30): pid=7989 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 55.598173] kauditd_printk_skb: 4 callbacks suppressed [ 55.598187] audit: type=1400 audit(1584533094.890:35): avc: denied { map } for pid=8163 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.210' (ECDSA) to the list of known hosts. executing program [ 62.487713] audit: type=1400 audit(1584533101.780:36): avc: denied { map } for pid=8175 comm="syz-executor709" path="/root/syz-executor709150730" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 62.511569] IPVS: ftp: loaded support on port[0] = 21 [ 62.552552] ------------[ cut here ]------------ [ 62.558388] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 62.567617] WARNING: CPU: 1 PID: 8179 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 62.576352] Kernel panic - not syncing: panic_on_warn set ... [ 62.576352] [ 62.583804] CPU: 1 PID: 8179 Comm: syz-executor709 Not tainted 4.19.111-syzkaller #0 [ 62.591686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.601071] Call Trace: [ 62.603655] dump_stack+0x188/0x20d [ 62.607304] panic+0x26a/0x50e [ 62.610487] ? __warn_printk+0xf3/0xf3 [ 62.614364] ? debug_print_object+0x160/0x250 [ 62.618950] ? __probe_kernel_read+0x16c/0x1b0 [ 62.623536] ? __warn.cold+0x5/0x46 [ 62.627166] ? __warn+0xe4/0x1c0 [ 62.630525] ? debug_print_object+0x160/0x250 [ 62.635811] __warn.cold+0x20/0x46 [ 62.639341] ? debug_print_object+0x160/0x250 [ 62.643849] report_bug+0x262/0x2a0 [ 62.647506] do_error_trap+0x1d7/0x310 [ 62.651390] ? math_error+0x310/0x310 [ 62.655187] ? irq_work_claim+0xa6/0xc0 [ 62.659172] ? irq_work_queue+0x2b/0x80 [ 62.663139] ? wake_up_klogd+0x8c/0xc0 [ 62.667020] ? trace_hardirqs_off_caller+0x55/0x210 [ 62.672031] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 62.677824] invalid_op+0x14/0x20 [ 62.681305] RIP: 0010:debug_print_object+0x160/0x250 [ 62.686395] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 1b f7 e6 fd <0f> 0b 83 05 63 a5 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 62.706589] RSP: 0018:ffff888073bdf268 EFLAGS: 00010086 [ 62.711951] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 62.719207] RDX: 0000000000000000 RSI: ffffffff8152d381 RDI: ffffed100e77be3f [ 62.726817] RBP: 0000000000000001 R08: ffff888092cfa500 R09: ffffed1015ce3ee3 [ 62.734072] R10: ffffed1015ce3ee2 R11: ffff8880ae71f717 R12: ffffffff88b928c0 [ 62.741326] R13: 0000000000000000 R14: ffff8880791216a0 R15: 1ffff1100e77be5a [ 62.748609] ? vprintk_func+0x81/0x17e [ 62.752491] ? debug_print_object+0x160/0x250 [ 62.756976] debug_object_activate+0x357/0x4e0 [ 62.762440] ? debug_object_free+0x3e0/0x3e0 [ 62.766839] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 62.771409] ? route4_change+0xbab/0x2210 [ 62.775553] ? delayed_work_timer_fn+0x90/0x90 [ 62.784913] __call_rcu.constprop.0+0x31/0x7e0 [ 62.789482] ? mark_held_locks+0xa6/0xf0 [ 62.793705] queue_rcu_work+0x75/0x90 [ 62.797496] route4_change+0xe6a/0x2210 [ 62.801466] ? route4_init+0xa0/0xa0 [ 62.805177] ? route4_init+0xa0/0xa0 [ 62.808880] tc_new_tfilter+0xa6b/0x1450 [ 62.812931] ? tc_del_tfilter+0xd40/0xd40 [ 62.817867] ? __mutex_lock+0x3cd/0x1300 [ 62.821919] ? selinux_ipv4_output+0x50/0x50 [ 62.826329] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 62.830732] ? tc_del_tfilter+0xd40/0xd40 [ 62.834868] rtnetlink_rcv_msg+0x453/0xaf0 [ 62.839109] ? rtnetlink_put_metrics+0x520/0x520 [ 62.844136] ? find_held_lock+0x2d/0x110 [ 62.848188] netlink_rcv_skb+0x160/0x410 [ 62.853107] ? rtnetlink_put_metrics+0x520/0x520 [ 62.858458] ? netlink_ack+0xa60/0xa60 [ 62.862341] netlink_unicast+0x4d7/0x6a0 [ 62.866397] ? netlink_attachskb+0x710/0x710 [ 62.870847] netlink_sendmsg+0x80b/0xcd0 [ 62.874936] ? netlink_unicast+0x6a0/0x6a0 [ 62.879163] ? move_addr_to_kernel.part.0+0x110/0x110 [ 62.884353] ? netlink_unicast+0x6a0/0x6a0 [ 62.888590] sock_sendmsg+0xcf/0x120 [ 62.892409] ___sys_sendmsg+0x803/0x920 [ 62.896376] ? copy_msghdr_from_user+0x410/0x410 [ 62.901122] ? __fget+0x319/0x510 [ 62.904581] ? lock_downgrade+0x740/0x740 [ 62.908728] ? check_preemption_disabled+0x41/0x280 [ 62.913755] ? __fget+0x340/0x510 [ 62.917195] ? iterate_fd+0x350/0x350 [ 62.920982] ? find_held_lock+0x2d/0x110 [ 62.925035] ? __fd_install+0x1b4/0x610 [ 62.928999] ? __fget_light+0x1d1/0x230 [ 62.932964] __sys_sendmsg+0xec/0x1b0 [ 62.936755] ? __ia32_sys_shutdown+0x70/0x70 [ 62.941268] ? __x64_sys_futex+0x386/0x4f0 [ 62.945517] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 62.950259] ? trace_hardirqs_off_caller+0x55/0x210 [ 62.955353] ? do_syscall_64+0x21/0x620 [ 62.959317] do_syscall_64+0xf9/0x620 [ 62.963122] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.968472] RIP: 0033:0x446e09 [ 62.971650] Code: e8 bc b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.990566] RSP: 002b:00007ff7331b6d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 62.998300] RAX: ffffffffffffffda RBX: 00000000006dbc78 RCX: 0000000000446e09 [ 63.005562] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 63.012825] RBP: 00000000006dbc70 R08: 0000000000000000 R09: 0000000000000000 [ 63.020547] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc7c [ 63.027815] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 63.035291] [ 63.035294] ====================================================== [ 63.035297] WARNING: possible circular locking dependency detected [ 63.035300] 4.19.111-syzkaller #0 Not tainted [ 63.035303] ------------------------------------------------------ [ 63.035305] syz-executor709/8179 is trying to acquire lock: [ 63.035307] 000000004c6e9c8f ((console_sem).lock){-...}, at: down_trylock+0xe/0x60 [ 63.035320] [ 63.035322] but task is already holding lock: [ 63.035324] 00000000452852b1 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 63.035331] [ 63.035334] which lock already depends on the new lock. [ 63.035335] [ 63.035336] [ 63.035339] the existing dependency chain (in reverse order) is: [ 63.035340] [ 63.035341] -> #5 (&obj_hash[i].lock){-.-.}: [ 63.035349] debug_object_activate+0x131/0x4e0 [ 63.035351] enqueue_hrtimer+0x27/0x3f0 [ 63.035354] hrtimer_start_range_ns+0x580/0xbe0 [ 63.035356] schedule_hrtimeout_range_clock+0x17a/0x360 [ 63.035359] wait_task_inactive+0x443/0x550 [ 63.035361] __kthread_bind_mask+0x1f/0xb0 [ 63.035363] init_rescuer.part.0+0xf2/0x190 [ 63.035365] workqueue_init+0x504/0x7e9 [ 63.035368] kernel_init_freeable+0x2bd/0x5bb [ 63.035370] kernel_init+0xd/0x1c0 [ 63.035372] ret_from_fork+0x24/0x30 [ 63.035373] [ 63.035374] -> #4 (hrtimer_bases.lock){-.-.}: [ 63.035381] lock_hrtimer_base.isra.0+0x6d/0x120 [ 63.035384] hrtimer_start_range_ns+0xf5/0xbe0 [ 63.035386] enqueue_task_rt+0x97f/0xdf0 [ 63.035389] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 63.035391] _sched_setscheduler+0xee/0x180 [ 63.035393] watchdog_dev_init+0xdd/0x1ae [ 63.035395] watchdog_init+0x14/0x17e [ 63.035398] do_one_initcall+0xf1/0x734 [ 63.035400] kernel_init_freeable+0x4c9/0x5bb [ 63.035402] kernel_init+0xd/0x1c0 [ 63.035404] ret_from_fork+0x24/0x30 [ 63.035405] [ 63.035406] -> #3 (&rt_b->rt_runtime_lock){-.-.}: [ 63.035413] rq_online_rt+0xaf/0x390 [ 63.035416] set_rq_online.part.0+0xe3/0x140 [ 63.035418] sched_cpu_activate+0x17f/0x270 [ 63.035420] cpuhp_invoke_callback+0x213/0x1bb0 [ 63.035423] cpuhp_thread_fun+0x440/0x840 [ 63.035425] smpboot_thread_fn+0x653/0x9d0 [ 63.035427] kthread+0x34a/0x420 [ 63.035429] ret_from_fork+0x24/0x30 [ 63.035430] [ 63.035431] -> #2 (&rq->lock){-.-.}: [ 63.035438] task_fork_fair+0x6a/0x520 [ 63.035440] sched_fork+0x3a7/0x8b0 [ 63.035442] copy_process.part.0+0x187d/0x7a60 [ 63.035444] _do_fork+0x22f/0xf40 [ 63.035446] kernel_thread+0x2f/0x40 [ 63.035448] rest_init+0x1f/0x212 [ 63.035450] start_kernel+0x7e4/0x81c [ 63.035453] secondary_startup_64+0xa4/0xb0 [ 63.035454] [ 63.035455] -> #1 (&p->pi_lock){-.-.}: [ 63.035462] try_to_wake_up+0x80/0xe90 [ 63.035464] up+0x92/0xe0 [ 63.035466] __up_console_sem+0xb3/0x1c0 [ 63.035468] console_unlock+0x64d/0xfe0 [ 63.035470] vprintk_emit+0x282/0x6e0 [ 63.035472] vprintk_func+0x79/0x17e [ 63.035474] printk+0xba/0xed [ 63.035477] kauditd_hold_skb.cold+0x41/0x50 [ 63.035479] kauditd_send_queue+0x12d/0x170 [ 63.035481] kauditd_thread+0x6f4/0xa20 [ 63.035483] kthread+0x34a/0x420 [ 63.035485] ret_from_fork+0x24/0x30 [ 63.035486] [ 63.035487] -> #0 ((console_sem).lock){-...}: [ 63.035495] _raw_spin_lock_irqsave+0x8c/0xbf [ 63.035497] down_trylock+0xe/0x60 [ 63.035499] __down_trylock_console_sem+0xa3/0x210 [ 63.035502] console_trylock+0x12/0x90 [ 63.035504] vprintk_emit+0x269/0x6e0 [ 63.035506] vprintk_func+0x79/0x17e [ 63.035508] printk+0xba/0xed [ 63.035510] __warn_printk+0x9b/0xf3 [ 63.035512] debug_print_object+0x160/0x250 [ 63.035514] debug_object_activate+0x357/0x4e0 [ 63.035517] __call_rcu.constprop.0+0x31/0x7e0 [ 63.035519] queue_rcu_work+0x75/0x90 [ 63.035521] route4_change+0xe6a/0x2210 [ 63.035523] tc_new_tfilter+0xa6b/0x1450 [ 63.035525] rtnetlink_rcv_msg+0x453/0xaf0 [ 63.035527] netlink_rcv_skb+0x160/0x410 [ 63.035529] netlink_unicast+0x4d7/0x6a0 [ 63.035532] netlink_sendmsg+0x80b/0xcd0 [ 63.035534] sock_sendmsg+0xcf/0x120 [ 63.035536] ___sys_sendmsg+0x803/0x920 [ 63.035538] __sys_sendmsg+0xec/0x1b0 [ 63.035540] do_syscall_64+0xf9/0x620 [ 63.035543] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.035544] [ 63.035546] other info that might help us debug this: [ 63.035547] [ 63.035549] Chain exists of: [ 63.035550] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 63.035559] [ 63.035562] Possible unsafe locking scenario: [ 63.035563] [ 63.035565] CPU0 CPU1 [ 63.035567] ---- ---- [ 63.035568] lock(&obj_hash[i].lock); [ 63.035573] lock(hrtimer_bases.lock); [ 63.035578] lock(&obj_hash[i].lock); [ 63.035583] lock((console_sem).lock); [ 63.035587] [ 63.035588] *** DEADLOCK *** [ 63.035589] [ 63.035592] 2 locks held by syz-executor709/8179: [ 63.035593] #0: 0000000095701be0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 63.035601] #1: 00000000452852b1 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 63.035610] [ 63.035612] stack backtrace: [ 63.035615] CPU: 1 PID: 8179 Comm: syz-executor709 Not tainted 4.19.111-syzkaller #0 [ 63.035620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.035627] Call Trace: [ 63.035629] dump_stack+0x188/0x20d [ 63.035632] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 63.035634] __lock_acquire+0x2e19/0x49c0 [ 63.035637] ? add_lock_to_list.isra.0+0x179/0x330 [ 63.035639] ? save_trace+0xd6/0x290 [ 63.035641] ? mark_held_locks+0xf0/0xf0 [ 63.035643] ? format_decode+0x230/0xad0 [ 63.035645] ? kvm_clock_read+0x14/0x30 [ 63.035647] lock_acquire+0x170/0x400 [ 63.035649] ? down_trylock+0xe/0x60 [ 63.035651] _raw_spin_lock_irqsave+0x8c/0xbf [ 63.035653] ? down_trylock+0xe/0x60 [ 63.035655] down_trylock+0xe/0x60 [ 63.035657] ? vprintk_emit+0x269/0x6e0 [ 63.035660] __down_trylock_console_sem+0xa3/0x210 [ 63.035662] console_trylock+0x12/0x90 [ 63.035664] vprintk_emit+0x269/0x6e0 [ 63.035666] vprintk_func+0x79/0x17e [ 63.035668] printk+0xba/0xed [ 63.035670] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 63.035672] ? __warn_printk+0x8f/0xf3 [ 63.035674] __warn_printk+0x9b/0xf3 [ 63.035676] ? add_taint.cold+0x16/0x16 [ 63.035678] ? do_syscall_64+0xf9/0x620 [ 63.035681] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.035683] debug_print_object+0x160/0x250 [ 63.035685] debug_object_activate+0x357/0x4e0 [ 63.035688] ? debug_object_free+0x3e0/0x3e0 [ 63.035690] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 63.035692] ? route4_change+0xbab/0x2210 [ 63.035694] ? delayed_work_timer_fn+0x90/0x90 [ 63.035697] __call_rcu.constprop.0+0x31/0x7e0 [ 63.035699] ? mark_held_locks+0xa6/0xf0 [ 63.035701] queue_rcu_work+0x75/0x90 [ 63.035703] route4_change+0xe6a/0x2210 [ 63.035705] ? route4_init+0xa0/0xa0 [ 63.035707] ? route4_init+0xa0/0xa0 [ 63.035709] tc_new_tfilter+0xa6b/0x1450 [ 63.035711] ? tc_del_tfilter+0xd40/0xd40 [ 63.035713] ? __mutex_lock+0x3cd/0x1300 [ 63.035716] ? selinux_ipv4_output+0x50/0x50 [ 63.035718] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 63.035720] ? tc_del_tfilter+0xd40/0xd40 [ 63.035722] rtnetlink_rcv_msg+0x453/0xaf0 [ 63.035725] ? rtnetlink_put_metrics+0x520/0x520 [ 63.035727] ? find_held_lock+0x2d/0x110 [ 63.035729] netlink_rcv_skb+0x160/0x410 [ 63.035731] ? rtnetlink_put_metrics+0x520/0x520 [ 63.035735] ? netlink_ack+0xa60/0xa60 [ 63.035738] netlink_unicast+0x4d7/0x6a0 [ 63.035740] ? netlink_attachskb+0x710/0x710 [ 63.035742] netlink_sendmsg+0x80b/0xcd0 [ 63.035744] ? netlink_unicast+0x6a0/0x6a0 [ 63.035747] ? move_addr_to_kernel.part.0+0x110/0x110 [ 63.035749] ? netlink_unicast+0x6a0/0x6a0 [ 63.035751] sock_sendmsg+0xcf/0x120 [ 63.035753] ___sys_sendmsg+0x803/0x920 [ 63.035755] ? copy_msghdr_from_user+0x410/0x410 [ 63.035757] ? __fget+0x319/0x510 [ 63.035760] ? lock_downgrade+0x740/0x740 [ 63.035762] ? check_preemption_disabled+0x41/0x280 [ 63.035764] ? __fget+0x340/0x510 [ 63.035766] ? iterate_fd+0x350/0x350 [ 63.035768] ? find_held_lock+0x2d/0x110 [ 63.035770] ? __fd_install+0x1b4/0x610 [ 63.035772] ? __fget_light+0x1d1/0x230 [ 63.035774] __sys_sendmsg+0xec/0x1b0 [ 63.035777] ? __ia32_sys_shutdown+0x70/0x70 [ 63.035779] ? __x64_sys_futex+0x386/0x4f0 [ 63.035781] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 63.035784] ? trace_hardirqs_off_caller+0x55/0x210 [ 63.035786] ? do_syscall_64+0x21/0x620 [ 63.035788] do_syscall_64+0xf9/0x620 [ 63.035791] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.035792] RIP: 0033:0x446e09 [ 63.035800] Code: e8 bc b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.035803] RSP: 002b:00007ff7331b6d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.035808] RAX: ffffffffffffffda RBX: 00000000006dbc78 RCX: 0000000000446e09 [ 63.035812] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 63.035817] RBP: 00000000006dbc70 R08: 0000000000000000 R09: 0000000000000000 [ 63.035820] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc7c [ 63.035823] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 63.037227] Kernel Offset: disabled [ 63.968002] Rebooting in 86400 seconds..