[ 44.309893] audit: type=1800 audit(1583398449.525:31): pid=7834 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 48.210534] kauditd_printk_skb: 3 callbacks suppressed [ 48.210547] audit: type=1400 audit(1583398453.485:35): avc: denied { map } for pid=8007 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.40' (ECDSA) to the list of known hosts. executing program [ 55.061062] audit: type=1400 audit(1583398460.335:36): avc: denied { map } for pid=8019 comm="syz-executor073" path="/root/syz-executor073739942" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 55.084989] IPVS: ftp: loaded support on port[0] = 21 [ 55.122453] ------------[ cut here ]------------ [ 55.128213] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 55.137492] WARNING: CPU: 0 PID: 8021 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 55.146240] Kernel panic - not syncing: panic_on_warn set ... [ 55.146240] [ 55.153587] CPU: 0 PID: 8021 Comm: syz-executor073 Not tainted 4.19.107-syzkaller #0 [ 55.161509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.170844] Call Trace: [ 55.173420] dump_stack+0x188/0x20d [ 55.177032] panic+0x26a/0x50e [ 55.180208] ? __warn_printk+0xf3/0xf3 [ 55.184111] ? debug_print_object+0x160/0x250 [ 55.188594] ? __probe_kernel_read+0x16c/0x1b0 [ 55.193173] ? __warn.cold+0x5/0x46 [ 55.196780] ? __warn+0xe4/0x1c0 [ 55.200147] ? debug_print_object+0x160/0x250 [ 55.204626] __warn.cold+0x20/0x46 [ 55.208158] ? debug_print_object+0x160/0x250 [ 55.212852] report_bug+0x262/0x2a0 [ 55.216477] do_error_trap+0x1d7/0x310 [ 55.220440] ? math_error+0x310/0x310 [ 55.224221] ? irq_work_claim+0xa6/0xc0 [ 55.228181] ? irq_work_queue+0x2b/0x80 [ 55.232139] ? wake_up_klogd+0x8c/0xc0 [ 55.236039] ? trace_hardirqs_off_caller+0x55/0x210 [ 55.241039] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.245887] invalid_op+0x14/0x20 [ 55.249327] RIP: 0010:debug_print_object+0x160/0x250 [ 55.254413] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 fb 02 e7 fd <0f> 0b 83 05 c3 b6 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 55.273409] RSP: 0018:ffff888091bff268 EFLAGS: 00010086 [ 55.278767] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 55.286118] RDX: 0000000000000000 RSI: ffffffff8152c6e1 RDI: ffffed101237fe3f [ 55.293386] RBP: 0000000000000001 R08: ffff88808f0983c0 R09: ffffed1015cc3ee3 [ 55.300639] R10: ffffed1015cc3ee2 R11: ffff8880ae61f717 R12: ffffffff88b928c0 [ 55.307891] R13: 0000000000000000 R14: ffff88809eabcb70 R15: 1ffff1101237fe5a [ 55.315156] ? vprintk_func+0x81/0x17e [ 55.319049] ? debug_print_object+0x160/0x250 [ 55.323528] debug_object_activate+0x357/0x4e0 [ 55.328095] ? debug_object_free+0x3e0/0x3e0 [ 55.332486] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 55.337050] ? route4_change+0xbab/0x2210 [ 55.341188] ? delayed_work_timer_fn+0x90/0x90 [ 55.345750] __call_rcu.constprop.0+0x31/0x7e0 [ 55.350329] ? mark_held_locks+0xa6/0xf0 [ 55.354440] queue_rcu_work+0x75/0x90 [ 55.358245] route4_change+0xe6a/0x2210 [ 55.362219] ? route4_init+0xa0/0xa0 [ 55.365919] ? route4_init+0xa0/0xa0 [ 55.369638] tc_new_tfilter+0xa6b/0x1450 [ 55.373685] ? tc_del_tfilter+0xd40/0xd40 [ 55.377827] ? __mutex_lock+0x3cd/0x1300 [ 55.381893] ? selinux_ipv4_output+0x50/0x50 [ 55.386306] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 55.390790] ? tc_del_tfilter+0xd40/0xd40 [ 55.394942] rtnetlink_rcv_msg+0x453/0xaf0 [ 55.399171] ? rtnetlink_put_metrics+0x520/0x520 [ 55.403912] ? find_held_lock+0x2d/0x110 [ 55.407956] netlink_rcv_skb+0x160/0x410 [ 55.412006] ? rtnetlink_put_metrics+0x520/0x520 [ 55.416744] ? netlink_ack+0xa60/0xa60 [ 55.420619] netlink_unicast+0x4d7/0x6a0 [ 55.424669] ? netlink_attachskb+0x710/0x710 [ 55.429062] netlink_sendmsg+0x80b/0xcd0 [ 55.433106] ? netlink_unicast+0x6a0/0x6a0 [ 55.437420] ? move_addr_to_kernel.part.0+0x110/0x110 [ 55.442592] ? netlink_unicast+0x6a0/0x6a0 [ 55.446808] sock_sendmsg+0xcf/0x120 [ 55.450505] ___sys_sendmsg+0x803/0x920 [ 55.454459] ? copy_msghdr_from_user+0x410/0x410 [ 55.459197] ? __fget+0x319/0x510 [ 55.462644] ? lock_downgrade+0x740/0x740 [ 55.466774] ? check_preemption_disabled+0x41/0x280 [ 55.471779] ? __fget+0x340/0x510 [ 55.475215] ? iterate_fd+0x350/0x350 [ 55.478999] ? find_held_lock+0x2d/0x110 [ 55.483048] ? __fd_install+0x1b4/0x610 [ 55.487016] ? __fget_light+0x1d1/0x230 [ 55.490973] __sys_sendmsg+0xec/0x1b0 [ 55.494754] ? __ia32_sys_shutdown+0x70/0x70 [ 55.499142] ? __x64_sys_futex+0x386/0x4f0 [ 55.503360] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 55.508097] ? trace_hardirqs_off_caller+0x55/0x210 [ 55.513108] ? do_syscall_64+0x21/0x620 [ 55.517077] do_syscall_64+0xf9/0x620 [ 55.520900] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.526072] RIP: 0033:0x4467c9 [ 55.529245] Code: e8 4c bf 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 4b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.548131] RSP: 002b:00007f6186a66d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.555821] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 00000000004467c9 [ 55.563088] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 55.570346] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 55.577595] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc6c [ 55.584856] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 55.592121] [ 55.592125] ====================================================== [ 55.592128] WARNING: possible circular locking dependency detected [ 55.592130] 4.19.107-syzkaller #0 Not tainted [ 55.592133] ------------------------------------------------------ [ 55.592136] syz-executor073/8021 is trying to acquire lock: [ 55.592138] 000000003c5b96d9 ((console_sem).lock){-.-.}, at: down_trylock+0xe/0x60 [ 55.592146] [ 55.592148] but task is already holding lock: [ 55.592149] 00000000f078f85c (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 55.592157] [ 55.592159] which lock already depends on the new lock. [ 55.592160] [ 55.592162] [ 55.592164] the existing dependency chain (in reverse order) is: [ 55.592166] [ 55.592167] -> #5 (&obj_hash[i].lock){-.-.}: [ 55.592174] debug_object_activate+0x131/0x4e0 [ 55.592176] enqueue_hrtimer+0x27/0x3f0 [ 55.592179] hrtimer_start_range_ns+0x580/0xbe0 [ 55.592181] schedule_hrtimeout_range_clock+0x17a/0x360 [ 55.592184] wait_task_inactive+0x443/0x550 [ 55.592186] __kthread_bind_mask+0x1f/0xb0 [ 55.592188] init_rescuer.part.0+0xf2/0x190 [ 55.592190] workqueue_init+0x504/0x7e9 [ 55.592192] kernel_init_freeable+0x2bd/0x5bb [ 55.592194] kernel_init+0xd/0x1c0 [ 55.592196] ret_from_fork+0x24/0x30 [ 55.592197] [ 55.592199] -> #4 (hrtimer_bases.lock){-.-.}: [ 55.592206] lock_hrtimer_base.isra.0+0x6d/0x120 [ 55.592208] hrtimer_start_range_ns+0xf5/0xbe0 [ 55.592211] enqueue_task_rt+0x97f/0xdf0 [ 55.592213] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 55.592215] _sched_setscheduler+0xee/0x180 [ 55.592217] watchdog_dev_init+0xdd/0x1ae [ 55.592220] watchdog_init+0x14/0x17e [ 55.592222] do_one_initcall+0xf1/0x734 [ 55.592224] kernel_init_freeable+0x4c9/0x5bb [ 55.592226] kernel_init+0xd/0x1c0 [ 55.592228] ret_from_fork+0x24/0x30 [ 55.592229] [ 55.592230] -> #3 (&rt_b->rt_runtime_lock){-.-.}: [ 55.592237] rq_online_rt+0xaf/0x390 [ 55.592240] set_rq_online.part.0+0xe3/0x140 [ 55.592242] sched_cpu_activate+0x17f/0x270 [ 55.592244] cpuhp_invoke_callback+0x213/0x1bb0 [ 55.592246] cpuhp_thread_fun+0x440/0x840 [ 55.592249] smpboot_thread_fn+0x653/0x9d0 [ 55.592251] kthread+0x34a/0x420 [ 55.592253] ret_from_fork+0x24/0x30 [ 55.592254] [ 55.592255] -> #2 (&rq->lock){-.-.}: [ 55.592262] task_fork_fair+0x6a/0x520 [ 55.592264] sched_fork+0x3a7/0x8b0 [ 55.592266] copy_process.part.0+0x187d/0x7a60 [ 55.592268] _do_fork+0x22f/0xf40 [ 55.592270] kernel_thread+0x2f/0x40 [ 55.592272] rest_init+0x1f/0x212 [ 55.592274] start_kernel+0x7e4/0x81c [ 55.592276] secondary_startup_64+0xa4/0xb0 [ 55.592277] [ 55.592278] -> #1 (&p->pi_lock){-.-.}: [ 55.592285] try_to_wake_up+0x80/0xe90 [ 55.592287] up+0x92/0xe0 [ 55.592289] __up_console_sem+0xb3/0x1c0 [ 55.592291] console_unlock+0x64d/0xfe0 [ 55.592293] vprintk_emit+0x282/0x6e0 [ 55.592295] vprintk_func+0x79/0x17e [ 55.592297] printk+0xba/0xed [ 55.592299] kauditd_hold_skb.cold+0x41/0x50 [ 55.592302] kauditd_send_queue+0x12d/0x170 [ 55.592304] kauditd_thread+0x6f4/0xa20 [ 55.592306] kthread+0x34a/0x420 [ 55.592308] ret_from_fork+0x24/0x30 [ 55.592309] [ 55.592310] -> #0 ((console_sem).lock){-.-.}: [ 55.592317] _raw_spin_lock_irqsave+0x8c/0xbf [ 55.592319] down_trylock+0xe/0x60 [ 55.592322] __down_trylock_console_sem+0xa3/0x210 [ 55.592324] console_trylock+0x12/0x90 [ 55.592326] vprintk_emit+0x269/0x6e0 [ 55.592328] vprintk_func+0x79/0x17e [ 55.592330] printk+0xba/0xed [ 55.592332] __warn_printk+0x9b/0xf3 [ 55.592334] debug_print_object+0x160/0x250 [ 55.592336] debug_object_activate+0x357/0x4e0 [ 55.592338] __call_rcu.constprop.0+0x31/0x7e0 [ 55.592340] queue_rcu_work+0x75/0x90 [ 55.592343] route4_change+0xe6a/0x2210 [ 55.592345] tc_new_tfilter+0xa6b/0x1450 [ 55.592347] rtnetlink_rcv_msg+0x453/0xaf0 [ 55.592349] netlink_rcv_skb+0x160/0x410 [ 55.592351] netlink_unicast+0x4d7/0x6a0 [ 55.592353] netlink_sendmsg+0x80b/0xcd0 [ 55.592355] sock_sendmsg+0xcf/0x120 [ 55.592357] ___sys_sendmsg+0x803/0x920 [ 55.592359] __sys_sendmsg+0xec/0x1b0 [ 55.592361] do_syscall_64+0xf9/0x620 [ 55.592364] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.592365] [ 55.592367] other info that might help us debug this: [ 55.592369] [ 55.592370] Chain exists of: [ 55.592371] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 55.592381] [ 55.592383] Possible unsafe locking scenario: [ 55.592384] [ 55.592386] CPU0 CPU1 [ 55.592388] ---- ---- [ 55.592389] lock(&obj_hash[i].lock); [ 55.592394] lock(hrtimer_bases.lock); [ 55.592399] lock(&obj_hash[i].lock); [ 55.592403] lock((console_sem).lock); [ 55.592407] [ 55.592409] *** DEADLOCK *** [ 55.592410] [ 55.592412] 2 locks held by syz-executor073/8021: [ 55.592413] #0: 00000000a3da9bbf (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 55.592422] #1: 00000000f078f85c (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 55.592431] [ 55.592432] stack backtrace: [ 55.592436] CPU: 0 PID: 8021 Comm: syz-executor073 Not tainted 4.19.107-syzkaller #0 [ 55.592440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.592441] Call Trace: [ 55.592443] dump_stack+0x188/0x20d [ 55.592446] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 55.592448] __lock_acquire+0x2e19/0x49c0 [ 55.592450] ? add_lock_to_list.isra.0+0x179/0x330 [ 55.592452] ? save_trace+0xd6/0x290 [ 55.592454] ? mark_held_locks+0xf0/0xf0 [ 55.592456] ? format_decode+0x230/0xad0 [ 55.592459] ? kvm_clock_read+0x14/0x30 [ 55.592461] lock_acquire+0x170/0x400 [ 55.592462] ? down_trylock+0xe/0x60 [ 55.592465] _raw_spin_lock_irqsave+0x8c/0xbf [ 55.592467] ? down_trylock+0xe/0x60 [ 55.592469] down_trylock+0xe/0x60 [ 55.592471] ? vprintk_emit+0x269/0x6e0 [ 55.592473] __down_trylock_console_sem+0xa3/0x210 [ 55.592475] console_trylock+0x12/0x90 [ 55.592477] vprintk_emit+0x269/0x6e0 [ 55.592479] vprintk_func+0x79/0x17e [ 55.592481] printk+0xba/0xed [ 55.592483] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 55.592485] ? __warn_printk+0x8f/0xf3 [ 55.592487] __warn_printk+0x9b/0xf3 [ 55.592489] ? add_taint.cold+0x16/0x16 [ 55.592491] ? kmem_cache_alloc+0x571/0x710 [ 55.592493] debug_print_object+0x160/0x250 [ 55.592496] debug_object_activate+0x357/0x4e0 [ 55.592498] ? debug_object_free+0x3e0/0x3e0 [ 55.592500] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 55.592502] ? route4_change+0xbab/0x2210 [ 55.592504] ? delayed_work_timer_fn+0x90/0x90 [ 55.592507] __call_rcu.constprop.0+0x31/0x7e0 [ 55.592509] ? mark_held_locks+0xa6/0xf0 [ 55.592511] queue_rcu_work+0x75/0x90 [ 55.592513] route4_change+0xe6a/0x2210 [ 55.592515] ? route4_init+0xa0/0xa0 [ 55.592517] ? route4_init+0xa0/0xa0 [ 55.592519] tc_new_tfilter+0xa6b/0x1450 [ 55.592521] ? tc_del_tfilter+0xd40/0xd40 [ 55.592523] ? __mutex_lock+0x3cd/0x1300 [ 55.592525] ? selinux_ipv4_output+0x50/0x50 [ 55.592527] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 55.592529] ? tc_del_tfilter+0xd40/0xd40 [ 55.592532] rtnetlink_rcv_msg+0x453/0xaf0 [ 55.592534] ? rtnetlink_put_metrics+0x520/0x520 [ 55.592536] ? find_held_lock+0x2d/0x110 [ 55.592538] netlink_rcv_skb+0x160/0x410 [ 55.592540] ? rtnetlink_put_metrics+0x520/0x520 [ 55.592542] ? netlink_ack+0xa60/0xa60 [ 55.592544] netlink_unicast+0x4d7/0x6a0 [ 55.592547] ? netlink_attachskb+0x710/0x710 [ 55.592549] netlink_sendmsg+0x80b/0xcd0 [ 55.592551] ? netlink_unicast+0x6a0/0x6a0 [ 55.592553] ? move_addr_to_kernel.part.0+0x110/0x110 [ 55.592555] ? netlink_unicast+0x6a0/0x6a0 [ 55.592557] sock_sendmsg+0xcf/0x120 [ 55.592559] ___sys_sendmsg+0x803/0x920 [ 55.592562] ? copy_msghdr_from_user+0x410/0x410 [ 55.592564] ? __fget+0x319/0x510 [ 55.592566] ? lock_downgrade+0x740/0x740 [ 55.592568] ? check_preemption_disabled+0x41/0x280 [ 55.592570] ? __fget+0x340/0x510 [ 55.592572] ? iterate_fd+0x350/0x350 [ 55.592574] ? find_held_lock+0x2d/0x110 [ 55.592576] ? __fd_install+0x1b4/0x610 [ 55.592578] ? __fget_light+0x1d1/0x230 [ 55.592580] __sys_sendmsg+0xec/0x1b0 [ 55.592582] ? __ia32_sys_shutdown+0x70/0x70 [ 55.592584] ? __x64_sys_futex+0x386/0x4f0 [ 55.592587] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 55.592589] ? trace_hardirqs_off_caller+0x55/0x210 [ 55.592591] ? do_syscall_64+0x21/0x620 [ 55.592593] do_syscall_64+0xf9/0x620 [ 55.592596] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.592598] RIP: 0033:0x4467c9 [ 55.592605] Code: e8 4c bf 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 4b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.592608] RSP: 002b:00007f6186a66d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.592613] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 00000000004467c9 [ 55.592616] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 55.592619] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 55.592623] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc6c [ 55.592626] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 55.594124] Kernel Offset: disabled [ 56.517486] Rebooting in 86400 seconds..