Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 58.366953] kauditd_printk_skb: 1 callbacks suppressed [ 58.366967] audit: type=1400 audit(1583400837.334:36): avc: denied { map } for pid=8045 comm="syz-executor550" path="/root/syz-executor550295093" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 58.391492] IPVS: ftp: loaded support on port[0] = 21 [ 58.434059] ------------[ cut here ]------------ [ 58.439917] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 58.449134] WARNING: CPU: 1 PID: 8047 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 58.457871] Kernel panic - not syncing: panic_on_warn set ... [ 58.457871] [ 58.465655] CPU: 1 PID: 8047 Comm: syz-executor550 Not tainted 4.19.107-syzkaller #0 [ 58.473568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.482927] Call Trace: [ 58.485509] dump_stack+0x188/0x20d [ 58.489181] panic+0x26a/0x50e [ 58.492373] ? __warn_printk+0xf3/0xf3 [ 58.496253] ? debug_print_object+0x160/0x250 [ 58.500735] ? __probe_kernel_read+0x16c/0x1b0 [ 58.505308] ? __warn.cold+0x5/0x46 [ 58.508923] ? __warn+0xe4/0x1c0 [ 58.512278] ? debug_print_object+0x160/0x250 [ 58.516758] __warn.cold+0x20/0x46 [ 58.520313] ? debug_print_object+0x160/0x250 [ 58.524793] report_bug+0x262/0x2a0 [ 58.528410] do_error_trap+0x1d7/0x310 [ 58.532325] ? math_error+0x310/0x310 [ 58.536109] ? irq_work_claim+0xa6/0xc0 [ 58.540070] ? irq_work_queue+0x2b/0x80 [ 58.544036] ? wake_up_klogd+0x8c/0xc0 [ 58.547906] ? trace_hardirqs_off_caller+0x55/0x210 [ 58.552908] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 58.557735] invalid_op+0x14/0x20 [ 58.561260] RIP: 0010:debug_print_object+0x160/0x250 [ 58.566363] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 fb 02 e7 fd <0f> 0b 83 05 c3 b6 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 58.585277] RSP: 0018:ffff88809e31f268 EFLAGS: 00010086 [ 58.590622] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 58.597871] RDX: 0000000000000000 RSI: ffffffff8152c6e1 RDI: ffffed1013c63e3f [ 58.605130] RBP: 0000000000000001 R08: ffff888074b20300 R09: ffffed1015ce3ee3 [ 58.612565] R10: ffffed1015ce3ee2 R11: ffff8880ae71f717 R12: ffffffff88b928c0 [ 58.619813] R13: 0000000000000000 R14: ffff888093e0cd30 R15: 1ffff11013c63e5a [ 58.627076] ? vprintk_func+0x81/0x17e [ 58.630962] ? debug_print_object+0x160/0x250 [ 58.635439] debug_object_activate+0x357/0x4e0 [ 58.640005] ? debug_object_free+0x3e0/0x3e0 [ 58.644396] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 58.648962] ? route4_change+0xbab/0x2210 [ 58.653104] ? delayed_work_timer_fn+0x90/0x90 [ 58.657737] __call_rcu.constprop.0+0x31/0x7e0 [ 58.662344] ? mark_held_locks+0xa6/0xf0 [ 58.666407] queue_rcu_work+0x75/0x90 [ 58.670193] route4_change+0xe6a/0x2210 [ 58.674192] ? route4_init+0xa0/0xa0 [ 58.677927] ? route4_init+0xa0/0xa0 [ 58.681622] tc_new_tfilter+0xa6b/0x1450 [ 58.685669] ? tc_del_tfilter+0xd40/0xd40 [ 58.689797] ? __mutex_lock+0x3cd/0x1300 [ 58.693879] ? selinux_ipv4_output+0x50/0x50 [ 58.698272] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 58.702685] ? tc_del_tfilter+0xd40/0xd40 [ 58.706838] rtnetlink_rcv_msg+0x453/0xaf0 [ 58.711084] ? rtnetlink_put_metrics+0x520/0x520 [ 58.715843] ? find_held_lock+0x2d/0x110 [ 58.719896] netlink_rcv_skb+0x160/0x410 [ 58.723948] ? rtnetlink_put_metrics+0x520/0x520 [ 58.728746] ? netlink_ack+0xa60/0xa60 [ 58.732685] netlink_unicast+0x4d7/0x6a0 [ 58.736737] ? netlink_attachskb+0x710/0x710 [ 58.741130] netlink_sendmsg+0x80b/0xcd0 [ 58.745217] ? netlink_unicast+0x6a0/0x6a0 [ 58.749434] ? move_addr_to_kernel.part.0+0x110/0x110 [ 58.754611] ? netlink_unicast+0x6a0/0x6a0 [ 58.758825] sock_sendmsg+0xcf/0x120 [ 58.762519] ___sys_sendmsg+0x803/0x920 [ 58.766481] ? copy_msghdr_from_user+0x410/0x410 [ 58.771223] ? __fget+0x319/0x510 [ 58.774660] ? lock_downgrade+0x740/0x740 [ 58.778793] ? check_preemption_disabled+0x41/0x280 [ 58.783794] ? __fget+0x340/0x510 [ 58.787231] ? iterate_fd+0x350/0x350 [ 58.791020] ? find_held_lock+0x2d/0x110 [ 58.795109] ? __fd_install+0x1b4/0x610 [ 58.799189] ? __fget_light+0x1d1/0x230 [ 58.803164] __sys_sendmsg+0xec/0x1b0 [ 58.807081] ? __ia32_sys_shutdown+0x70/0x70 [ 58.811475] ? __x64_sys_futex+0x386/0x4f0 [ 58.815698] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 58.820439] ? trace_hardirqs_off_caller+0x55/0x210 [ 58.825440] ? do_syscall_64+0x21/0x620 [ 58.829406] do_syscall_64+0xf9/0x620 [ 58.833218] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.838394] RIP: 0033:0x446709 [ 58.841571] Code: e8 1c ba 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.860453] RSP: 002b:00007f1cb7fd2d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.868145] RAX: ffffffffffffffda RBX: 00000000006dbc68 RCX: 0000000000446709 [ 58.875406] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 58.882662] RBP: 00000000006dbc60 R08: 0000000000000000 R09: 0000000000000000 [ 58.889924] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc6c [ 58.897175] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 58.904444] [ 58.904448] ====================================================== [ 58.904451] WARNING: possible circular locking dependency detected [ 58.904453] 4.19.107-syzkaller #0 Not tainted [ 58.904456] ------------------------------------------------------ [ 58.904459] syz-executor550/8047 is trying to acquire lock: [ 58.904461] 000000005f8b034d ((console_sem).lock){-...}, at: down_trylock+0xe/0x60 [ 58.904469] [ 58.904471] but task is already holding lock: [ 58.904472] 00000000e92afec4 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 58.904480] [ 58.904483] which lock already depends on the new lock. [ 58.904484] [ 58.904491] [ 58.904495] the existing dependency chain (in reverse order) is: [ 58.904496] [ 58.904497] -> #5 (&obj_hash[i].lock){-.-.}: [ 58.904504] debug_object_activate+0x131/0x4e0 [ 58.904507] enqueue_hrtimer+0x27/0x3f0 [ 58.904509] hrtimer_start_range_ns+0x580/0xbe0 [ 58.904512] schedule_hrtimeout_range_clock+0x17a/0x360 [ 58.904514] wait_task_inactive+0x443/0x550 [ 58.904516] __kthread_bind_mask+0x1f/0xb0 [ 58.904518] init_rescuer.part.0+0xf2/0x190 [ 58.904520] workqueue_init+0x504/0x7e9 [ 58.904523] kernel_init_freeable+0x2bd/0x5bb [ 58.904525] kernel_init+0xd/0x1c0 [ 58.904527] ret_from_fork+0x24/0x30 [ 58.904528] [ 58.904529] -> #4 (hrtimer_bases.lock){-.-.}: [ 58.904537] lock_hrtimer_base.isra.0+0x6d/0x120 [ 58.904539] hrtimer_start_range_ns+0xf5/0xbe0 [ 58.904541] enqueue_task_rt+0x97f/0xdf0 [ 58.904544] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 58.904546] _sched_setscheduler+0xee/0x180 [ 58.904548] watchdog_dev_init+0xdd/0x1ae [ 58.904550] watchdog_init+0x14/0x17e [ 58.904552] do_one_initcall+0xf1/0x734 [ 58.904554] kernel_init_freeable+0x4c9/0x5bb [ 58.904556] kernel_init+0xd/0x1c0 [ 58.904558] ret_from_fork+0x24/0x30 [ 58.904560] [ 58.904561] -> #3 (&rt_b->rt_runtime_lock){-...}: [ 58.904570] rq_online_rt+0xaf/0x390 [ 58.904573] set_rq_online.part.0+0xe3/0x140 [ 58.904576] sched_cpu_activate+0x17f/0x270 [ 58.904578] cpuhp_invoke_callback+0x213/0x1bb0 [ 58.904580] cpuhp_thread_fun+0x440/0x840 [ 58.904582] smpboot_thread_fn+0x653/0x9d0 [ 58.904584] kthread+0x34a/0x420 [ 58.904586] ret_from_fork+0x24/0x30 [ 58.904587] [ 58.904589] -> #2 (&rq->lock){-.-.}: [ 58.904595] task_fork_fair+0x6a/0x520 [ 58.904597] sched_fork+0x3a7/0x8b0 [ 58.904600] copy_process.part.0+0x187d/0x7a60 [ 58.904602] _do_fork+0x22f/0xf40 [ 58.904604] kernel_thread+0x2f/0x40 [ 58.904606] rest_init+0x1f/0x212 [ 58.904608] start_kernel+0x7e4/0x81c [ 58.904610] secondary_startup_64+0xa4/0xb0 [ 58.904611] [ 58.904612] -> #1 (&p->pi_lock){-.-.}: [ 58.904619] try_to_wake_up+0x80/0xe90 [ 58.904621] up+0x92/0xe0 [ 58.904623] __up_console_sem+0xb3/0x1c0 [ 58.904625] console_unlock+0x64d/0xfe0 [ 58.904627] vprintk_emit+0x282/0x6e0 [ 58.904629] vprintk_func+0x79/0x17e [ 58.904631] printk+0xba/0xed [ 58.904633] kauditd_hold_skb.cold+0x41/0x50 [ 58.904636] kauditd_send_queue+0x12d/0x170 [ 58.904638] kauditd_thread+0x6f4/0xa20 [ 58.904640] kthread+0x34a/0x420 [ 58.904642] ret_from_fork+0x24/0x30 [ 58.904643] [ 58.904644] -> #0 ((console_sem).lock){-...}: [ 58.904651] _raw_spin_lock_irqsave+0x8c/0xbf [ 58.904653] down_trylock+0xe/0x60 [ 58.904656] __down_trylock_console_sem+0xa3/0x210 [ 58.904658] console_trylock+0x12/0x90 [ 58.904660] vprintk_emit+0x269/0x6e0 [ 58.904662] vprintk_func+0x79/0x17e [ 58.904664] printk+0xba/0xed [ 58.904666] __warn_printk+0x9b/0xf3 [ 58.904668] debug_print_object+0x160/0x250 [ 58.904670] debug_object_activate+0x357/0x4e0 [ 58.904673] __call_rcu.constprop.0+0x31/0x7e0 [ 58.904675] queue_rcu_work+0x75/0x90 [ 58.904677] route4_change+0xe6a/0x2210 [ 58.904679] tc_new_tfilter+0xa6b/0x1450 [ 58.904681] rtnetlink_rcv_msg+0x453/0xaf0 [ 58.904683] netlink_rcv_skb+0x160/0x410 [ 58.904685] netlink_unicast+0x4d7/0x6a0 [ 58.904688] netlink_sendmsg+0x80b/0xcd0 [ 58.904690] sock_sendmsg+0xcf/0x120 [ 58.904692] ___sys_sendmsg+0x803/0x920 [ 58.904694] __sys_sendmsg+0xec/0x1b0 [ 58.904696] do_syscall_64+0xf9/0x620 [ 58.904698] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.904700] [ 58.904702] other info that might help us debug this: [ 58.904703] [ 58.904705] Chain exists of: [ 58.904706] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 58.904715] [ 58.904717] Possible unsafe locking scenario: [ 58.904718] [ 58.904720] CPU0 CPU1 [ 58.904723] ---- ---- [ 58.904724] lock(&obj_hash[i].lock); [ 58.904729] lock(hrtimer_bases.lock); [ 58.904734] lock(&obj_hash[i].lock); [ 58.904738] lock((console_sem).lock); [ 58.904742] [ 58.904743] *** DEADLOCK *** [ 58.904744] [ 58.904747] 2 locks held by syz-executor550/8047: [ 58.904748] #0: 0000000008e55fc3 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 58.904756] #1: 00000000e92afec4 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 58.904765] [ 58.904767] stack backtrace: [ 58.904770] CPU: 1 PID: 8047 Comm: syz-executor550 Not tainted 4.19.107-syzkaller #0 [ 58.904774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.904776] Call Trace: [ 58.904778] dump_stack+0x188/0x20d [ 58.904781] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 58.904783] __lock_acquire+0x2e19/0x49c0 [ 58.904785] ? add_lock_to_list.isra.0+0x179/0x330 [ 58.904791] ? save_trace+0xd6/0x290 [ 58.904793] ? mark_held_locks+0xf0/0xf0 [ 58.904795] ? format_decode+0x230/0xad0 [ 58.904797] ? kvm_clock_read+0x14/0x30 [ 58.904799] lock_acquire+0x170/0x400 [ 58.904801] ? down_trylock+0xe/0x60 [ 58.904803] _raw_spin_lock_irqsave+0x8c/0xbf [ 58.904805] ? down_trylock+0xe/0x60 [ 58.904807] down_trylock+0xe/0x60 [ 58.904809] ? vprintk_emit+0x269/0x6e0 [ 58.904812] __down_trylock_console_sem+0xa3/0x210 [ 58.904814] console_trylock+0x12/0x90 [ 58.904816] vprintk_emit+0x269/0x6e0 [ 58.904818] vprintk_func+0x79/0x17e [ 58.904819] printk+0xba/0xed [ 58.904822] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 58.904824] ? __warn_printk+0x8f/0xf3 [ 58.904826] __warn_printk+0x9b/0xf3 [ 58.904828] ? add_taint.cold+0x16/0x16 [ 58.904830] ? do_syscall_64+0xf9/0x620 [ 58.904832] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.904834] debug_print_object+0x160/0x250 [ 58.904837] debug_object_activate+0x357/0x4e0 [ 58.904839] ? debug_object_free+0x3e0/0x3e0 [ 58.904841] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 58.904843] ? route4_change+0xbab/0x2210 [ 58.904845] ? delayed_work_timer_fn+0x90/0x90 [ 58.904848] __call_rcu.constprop.0+0x31/0x7e0 [ 58.904850] ? mark_held_locks+0xa6/0xf0 [ 58.904852] queue_rcu_work+0x75/0x90 [ 58.904854] route4_change+0xe6a/0x2210 [ 58.904856] ? route4_init+0xa0/0xa0 [ 58.904858] ? route4_init+0xa0/0xa0 [ 58.904860] tc_new_tfilter+0xa6b/0x1450 [ 58.904862] ? tc_del_tfilter+0xd40/0xd40 [ 58.904864] ? __mutex_lock+0x3cd/0x1300 [ 58.904866] ? selinux_ipv4_output+0x50/0x50 [ 58.904868] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 58.904870] ? tc_del_tfilter+0xd40/0xd40 [ 58.904873] rtnetlink_rcv_msg+0x453/0xaf0 [ 58.904875] ? rtnetlink_put_metrics+0x520/0x520 [ 58.904877] ? find_held_lock+0x2d/0x110 [ 58.904879] netlink_rcv_skb+0x160/0x410 [ 58.904882] ? rtnetlink_put_metrics+0x520/0x520 [ 58.904884] ? netlink_ack+0xa60/0xa60 [ 58.904886] netlink_unicast+0x4d7/0x6a0 [ 58.904888] ? netlink_attachskb+0x710/0x710 [ 58.904890] netlink_sendmsg+0x80b/0xcd0 [ 58.904892] ? netlink_unicast+0x6a0/0x6a0 [ 58.904895] ? move_addr_to_kernel.part.0+0x110/0x110 [ 58.904897] ? netlink_unicast+0x6a0/0x6a0 [ 58.904899] sock_sendmsg+0xcf/0x120 [ 58.904901] ___sys_sendmsg+0x803/0x920 [ 58.904903] ? copy_msghdr_from_user+0x410/0x410 [ 58.904905] ? __fget+0x319/0x510 [ 58.904907] ? lock_downgrade+0x740/0x740 [ 58.904909] ? check_preemption_disabled+0x41/0x280 [ 58.904911] ? __fget+0x340/0x510 [ 58.904913] ? iterate_fd+0x350/0x350 [ 58.904915] ? find_held_lock+0x2d/0x110 [ 58.904917] ? __fd_install+0x1b4/0x610 [ 58.904919] ? __fget_light+0x1d1/0x230 [ 58.904921] __sys_sendmsg+0xec/0x1b0 [ 58.904924] ? __ia32_sys_shutdown+0x70/0x70 [ 58.904926] ? __x64_sys_futex+0x386/0x4f0 [ 58.904928] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 58.904931] ? trace_hardirqs_off_caller+0x55/0x210 [ 58.904933] ? do_syscall_64+0x21/0x620 [ 58.904935] do_syscall_64+0xf9/0x620 [ 58.904937] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.904939] RIP: 0033:0x446709 [ 58.904947] Code: e8 1c ba 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.904949] RSP: 002b:00007f1cb7fd2d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.904954] RAX: ffffffffffffffda RBX: 00000000006dbc68 RCX: 0000000000446709 [ 58.904957] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 58.904961] RBP: 00000000006dbc60 R08: 0000000000000000 R09: 0000000000000000 [ 58.904964] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc6c [ 58.904967] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 58.906357] Kernel Offset: disabled [ 59.838348] Rebooting in 86400 seconds..