[ 46.642193] audit: type=1800 audit(1584556403.583:29): pid=8071 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 46.672128] audit: type=1800 audit(1584556403.583:30): pid=8071 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.249' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 55.994063] kauditd_printk_skb: 5 callbacks suppressed [ 55.994078] audit: type=1400 audit(1584556412.933:36): avc: denied { map } for pid=8255 comm="syz-executor741" path="/root/syz-executor741951763" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 56.019831] IPVS: ftp: loaded support on port[0] = 21 [ 56.062356] ------------[ cut here ]------------ [ 56.068086] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 56.077308] WARNING: CPU: 1 PID: 8258 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 56.086041] Kernel panic - not syncing: panic_on_warn set ... [ 56.086041] [ 56.093433] CPU: 1 PID: 8258 Comm: syz-executor741 Not tainted 4.19.111-syzkaller #0 [ 56.101296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.111062] Call Trace: [ 56.113648] dump_stack+0x188/0x20d [ 56.117262] panic+0x26a/0x50e [ 56.120440] ? __warn_printk+0xf3/0xf3 [ 56.124321] ? debug_print_object+0x160/0x250 [ 56.128818] ? __probe_kernel_read+0x16c/0x1b0 [ 56.133390] ? __warn.cold+0x5/0x46 [ 56.137005] ? __warn+0xe4/0x1c0 [ 56.140377] ? debug_print_object+0x160/0x250 [ 56.144886] __warn.cold+0x20/0x46 [ 56.148417] ? debug_print_object+0x160/0x250 [ 56.152931] report_bug+0x262/0x2a0 [ 56.156556] do_error_trap+0x1d7/0x310 [ 56.160444] ? math_error+0x310/0x310 [ 56.164233] ? irq_work_claim+0xa6/0xc0 [ 56.168459] ? irq_work_queue+0x2b/0x80 [ 56.172442] ? wake_up_klogd+0x8c/0xc0 [ 56.176325] ? trace_hardirqs_off_caller+0x55/0x210 [ 56.181327] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.186164] invalid_op+0x14/0x20 [ 56.189604] RIP: 0010:debug_print_object+0x160/0x250 [ 56.194716] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 1b f7 e6 fd <0f> 0b 83 05 63 a5 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 56.213624] RSP: 0018:ffff8880a084f268 EFLAGS: 00010086 [ 56.218987] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 56.226249] RDX: 0000000000000000 RSI: ffffffff8152d381 RDI: ffffed1014109e3f [ 56.233514] RBP: 0000000000000001 R08: ffff88808f2c66c0 R09: ffffed1015ce3ee3 [ 56.240772] R10: ffffed1015ce3ee2 R11: ffff8880ae71f717 R12: ffffffff88b928c0 [ 56.248062] R13: 0000000000000000 R14: ffff8880a9283be0 R15: 1ffff11014109e5a [ 56.255329] ? vprintk_func+0x81/0x17e [ 56.259207] ? debug_print_object+0x160/0x250 [ 56.263701] debug_object_activate+0x357/0x4e0 [ 56.268285] ? debug_object_free+0x3e0/0x3e0 [ 56.272681] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 56.277249] ? route4_change+0xbab/0x2210 [ 56.281395] ? delayed_work_timer_fn+0x90/0x90 [ 56.285976] __call_rcu.constprop.0+0x31/0x7e0 [ 56.290543] ? mark_held_locks+0xa6/0xf0 [ 56.294600] queue_rcu_work+0x75/0x90 [ 56.298391] route4_change+0xe6a/0x2210 [ 56.302380] ? route4_init+0xa0/0xa0 [ 56.306083] ? route4_init+0xa0/0xa0 [ 56.309785] tc_new_tfilter+0xa6b/0x1450 [ 56.313845] ? tc_del_tfilter+0xd40/0xd40 [ 56.317982] ? __mutex_lock+0x3cd/0x1300 [ 56.322031] ? selinux_ipv4_output+0x50/0x50 [ 56.326434] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 56.330853] ? tc_del_tfilter+0xd40/0xd40 [ 56.334990] rtnetlink_rcv_msg+0x453/0xaf0 [ 56.339221] ? rtnetlink_put_metrics+0x520/0x520 [ 56.343965] ? find_held_lock+0x2d/0x110 [ 56.348022] netlink_rcv_skb+0x160/0x410 [ 56.352068] ? rtnetlink_put_metrics+0x520/0x520 [ 56.356808] ? netlink_ack+0xa60/0xa60 [ 56.360682] netlink_unicast+0x4d7/0x6a0 [ 56.364726] ? netlink_attachskb+0x710/0x710 [ 56.369142] netlink_sendmsg+0x80b/0xcd0 [ 56.373207] ? netlink_unicast+0x6a0/0x6a0 [ 56.377428] ? move_addr_to_kernel.part.0+0x110/0x110 [ 56.382602] ? netlink_unicast+0x6a0/0x6a0 [ 56.386831] sock_sendmsg+0xcf/0x120 [ 56.390528] ___sys_sendmsg+0x803/0x920 [ 56.394490] ? copy_msghdr_from_user+0x410/0x410 [ 56.399228] ? __fget+0x319/0x510 [ 56.402673] ? lock_downgrade+0x740/0x740 [ 56.406810] ? check_preemption_disabled+0x41/0x280 [ 56.411809] ? __fget+0x340/0x510 [ 56.415245] ? iterate_fd+0x350/0x350 [ 56.419028] ? find_held_lock+0x2d/0x110 [ 56.423075] ? __fd_install+0x1b4/0x610 [ 56.427040] ? __fget_light+0x1d1/0x230 [ 56.431000] __sys_sendmsg+0xec/0x1b0 [ 56.434794] ? __ia32_sys_shutdown+0x70/0x70 [ 56.439185] ? __x64_sys_futex+0x386/0x4f0 [ 56.443435] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 56.448185] ? trace_hardirqs_off_caller+0x55/0x210 [ 56.453187] ? do_syscall_64+0x21/0x620 [ 56.457142] do_syscall_64+0xf9/0x620 [ 56.460927] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.466113] RIP: 0033:0x446649 [ 56.469299] Code: e8 1c ba 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.488186] RSP: 002b:00007fc2e106cd98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.495879] RAX: ffffffffffffffda RBX: 00000000006dbc78 RCX: 0000000000446649 [ 56.503149] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 56.510422] RBP: 00000000006dbc70 R08: 0000000000000000 R09: 0000000000000000 [ 56.517677] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc7c [ 56.524934] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 56.532255] [ 56.532259] ====================================================== [ 56.532263] WARNING: possible circular locking dependency detected [ 56.532266] 4.19.111-syzkaller #0 Not tainted [ 56.532268] ------------------------------------------------------ [ 56.532271] syz-executor741/8258 is trying to acquire lock: [ 56.532273] 00000000b9d555fc ((console_sem).lock){-...}, at: down_trylock+0xe/0x60 [ 56.532280] [ 56.532282] but task is already holding lock: [ 56.532284] 0000000068841b86 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 56.532291] [ 56.532294] which lock already depends on the new lock. [ 56.532295] [ 56.532296] [ 56.532299] the existing dependency chain (in reverse order) is: [ 56.532300] [ 56.532301] -> #5 (&obj_hash[i].lock){-.-.}: [ 56.532308] debug_object_activate+0x131/0x4e0 [ 56.532311] enqueue_hrtimer+0x27/0x3f0 [ 56.532313] hrtimer_start_range_ns+0x580/0xbe0 [ 56.532315] schedule_hrtimeout_range_clock+0x17a/0x360 [ 56.532318] wait_task_inactive+0x443/0x550 [ 56.532320] __kthread_bind_mask+0x1f/0xb0 [ 56.532322] init_rescuer.part.0+0xf2/0x190 [ 56.532324] workqueue_init+0x504/0x7e9 [ 56.532326] kernel_init_freeable+0x2bd/0x5bb [ 56.532328] kernel_init+0xd/0x1c0 [ 56.532330] ret_from_fork+0x24/0x30 [ 56.532331] [ 56.532332] -> #4 (hrtimer_bases.lock){-.-.}: [ 56.532340] lock_hrtimer_base.isra.0+0x6d/0x120 [ 56.532342] hrtimer_start_range_ns+0xf5/0xbe0 [ 56.532344] enqueue_task_rt+0x97f/0xdf0 [ 56.532347] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 56.532349] _sched_setscheduler+0xee/0x180 [ 56.532351] watchdog_dev_init+0xdd/0x1ae [ 56.532353] watchdog_init+0x14/0x17e [ 56.532355] do_one_initcall+0xf1/0x734 [ 56.532358] kernel_init_freeable+0x4c9/0x5bb [ 56.532361] kernel_init+0xd/0x1c0 [ 56.532363] ret_from_fork+0x24/0x30 [ 56.532364] [ 56.532365] -> #3 (&rt_b->rt_runtime_lock){-...}: [ 56.532372] rq_online_rt+0xaf/0x390 [ 56.532374] set_rq_online.part.0+0xe3/0x140 [ 56.532377] sched_cpu_activate+0x17f/0x270 [ 56.532379] cpuhp_invoke_callback+0x213/0x1bb0 [ 56.532381] cpuhp_thread_fun+0x440/0x840 [ 56.532385] smpboot_thread_fn+0x653/0x9d0 [ 56.532387] kthread+0x34a/0x420 [ 56.532389] ret_from_fork+0x24/0x30 [ 56.532390] [ 56.532391] -> #2 (&rq->lock){-.-.}: [ 56.532398] task_fork_fair+0x6a/0x520 [ 56.532400] sched_fork+0x3a7/0x8b0 [ 56.532402] copy_process.part.0+0x187d/0x7a60 [ 56.532404] _do_fork+0x22f/0xf40 [ 56.532406] kernel_thread+0x2f/0x40 [ 56.532408] rest_init+0x1f/0x212 [ 56.532410] start_kernel+0x7e4/0x81c [ 56.532412] secondary_startup_64+0xa4/0xb0 [ 56.532413] [ 56.532414] -> #1 (&p->pi_lock){-.-.}: [ 56.532421] try_to_wake_up+0x80/0xe90 [ 56.532422] up+0x92/0xe0 [ 56.532424] __up_console_sem+0xb3/0x1c0 [ 56.532426] console_unlock+0x64d/0xfe0 [ 56.532428] vprintk_emit+0x282/0x6e0 [ 56.532430] vprintk_func+0x79/0x17e [ 56.532432] printk+0xba/0xed [ 56.532434] kauditd_hold_skb.cold+0x41/0x50 [ 56.532436] kauditd_send_queue+0x12d/0x170 [ 56.532438] kauditd_thread+0x6f4/0xa20 [ 56.532440] kthread+0x34a/0x420 [ 56.532442] ret_from_fork+0x24/0x30 [ 56.532443] [ 56.532445] -> #0 ((console_sem).lock){-...}: [ 56.532452] _raw_spin_lock_irqsave+0x8c/0xbf [ 56.532454] down_trylock+0xe/0x60 [ 56.532456] __down_trylock_console_sem+0xa3/0x210 [ 56.532458] console_trylock+0x12/0x90 [ 56.532460] vprintk_emit+0x269/0x6e0 [ 56.532462] vprintk_func+0x79/0x17e [ 56.532464] printk+0xba/0xed [ 56.532466] __warn_printk+0x9b/0xf3 [ 56.532468] debug_print_object+0x160/0x250 [ 56.532470] debug_object_activate+0x357/0x4e0 [ 56.532472] __call_rcu.constprop.0+0x31/0x7e0 [ 56.532474] queue_rcu_work+0x75/0x90 [ 56.532476] route4_change+0xe6a/0x2210 [ 56.532479] tc_new_tfilter+0xa6b/0x1450 [ 56.532481] rtnetlink_rcv_msg+0x453/0xaf0 [ 56.532483] netlink_rcv_skb+0x160/0x410 [ 56.532485] netlink_unicast+0x4d7/0x6a0 [ 56.532487] netlink_sendmsg+0x80b/0xcd0 [ 56.532489] sock_sendmsg+0xcf/0x120 [ 56.532491] ___sys_sendmsg+0x803/0x920 [ 56.532493] __sys_sendmsg+0xec/0x1b0 [ 56.532495] do_syscall_64+0xf9/0x620 [ 56.532503] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.532505] [ 56.532507] other info that might help us debug this: [ 56.532508] [ 56.532510] Chain exists of: [ 56.532511] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 56.532520] [ 56.532522] Possible unsafe locking scenario: [ 56.532523] [ 56.532533] CPU0 CPU1 [ 56.532535] ---- ---- [ 56.532536] lock(&obj_hash[i].lock); [ 56.532541] lock(hrtimer_bases.lock); [ 56.532546] lock(&obj_hash[i].lock); [ 56.532550] lock((console_sem).lock); [ 56.532554] [ 56.532555] *** DEADLOCK *** [ 56.532556] [ 56.532558] 2 locks held by syz-executor741/8258: [ 56.532560] #0: 00000000835d6d46 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 56.532568] #1: 0000000068841b86 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 56.532578] [ 56.532580] stack backtrace: [ 56.532584] CPU: 1 PID: 8258 Comm: syz-executor741 Not tainted 4.19.111-syzkaller #0 [ 56.532588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.532589] Call Trace: [ 56.532591] dump_stack+0x188/0x20d [ 56.532594] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 56.532596] __lock_acquire+0x2e19/0x49c0 [ 56.532598] ? add_lock_to_list.isra.0+0x179/0x330 [ 56.532600] ? save_trace+0xd6/0x290 [ 56.532602] ? mark_held_locks+0xf0/0xf0 [ 56.532604] ? format_decode+0x230/0xad0 [ 56.532606] ? kvm_clock_read+0x14/0x30 [ 56.532608] lock_acquire+0x170/0x400 [ 56.532610] ? down_trylock+0xe/0x60 [ 56.532612] _raw_spin_lock_irqsave+0x8c/0xbf [ 56.532614] ? down_trylock+0xe/0x60 [ 56.532616] down_trylock+0xe/0x60 [ 56.532618] ? vprintk_emit+0x269/0x6e0 [ 56.532620] __down_trylock_console_sem+0xa3/0x210 [ 56.532622] console_trylock+0x12/0x90 [ 56.532624] vprintk_emit+0x269/0x6e0 [ 56.532626] vprintk_func+0x79/0x17e [ 56.532628] printk+0xba/0xed [ 56.532630] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 56.532632] ? __warn_printk+0x8f/0xf3 [ 56.532634] __warn_printk+0x9b/0xf3 [ 56.532636] ? add_taint.cold+0x16/0x16 [ 56.532638] ? do_syscall_64+0xf9/0x620 [ 56.532640] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.532643] debug_print_object+0x160/0x250 [ 56.532645] debug_object_activate+0x357/0x4e0 [ 56.532647] ? debug_object_free+0x3e0/0x3e0 [ 56.532649] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 56.532651] ? route4_change+0xbab/0x2210 [ 56.532654] ? delayed_work_timer_fn+0x90/0x90 [ 56.532656] __call_rcu.constprop.0+0x31/0x7e0 [ 56.532658] ? mark_held_locks+0xa6/0xf0 [ 56.532660] queue_rcu_work+0x75/0x90 [ 56.532662] route4_change+0xe6a/0x2210 [ 56.532664] ? route4_init+0xa0/0xa0 [ 56.532665] ? route4_init+0xa0/0xa0 [ 56.532667] tc_new_tfilter+0xa6b/0x1450 [ 56.532670] ? tc_del_tfilter+0xd40/0xd40 [ 56.532672] ? __mutex_lock+0x3cd/0x1300 [ 56.532674] ? selinux_ipv4_output+0x50/0x50 [ 56.532676] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 56.532678] ? tc_del_tfilter+0xd40/0xd40 [ 56.532680] rtnetlink_rcv_msg+0x453/0xaf0 [ 56.532682] ? rtnetlink_put_metrics+0x520/0x520 [ 56.532684] ? find_held_lock+0x2d/0x110 [ 56.532686] netlink_rcv_skb+0x160/0x410 [ 56.532689] ? rtnetlink_put_metrics+0x520/0x520 [ 56.532690] ? netlink_ack+0xa60/0xa60 [ 56.532693] netlink_unicast+0x4d7/0x6a0 [ 56.532695] ? netlink_attachskb+0x710/0x710 [ 56.532697] netlink_sendmsg+0x80b/0xcd0 [ 56.532699] ? netlink_unicast+0x6a0/0x6a0 [ 56.532701] ? move_addr_to_kernel.part.0+0x110/0x110 [ 56.532703] ? netlink_unicast+0x6a0/0x6a0 [ 56.532705] sock_sendmsg+0xcf/0x120 [ 56.532707] ___sys_sendmsg+0x803/0x920 [ 56.532709] ? copy_msghdr_from_user+0x410/0x410 [ 56.532711] ? __fget+0x319/0x510 [ 56.532713] ? lock_downgrade+0x740/0x740 [ 56.532716] ? check_preemption_disabled+0x41/0x280 [ 56.532717] ? __fget+0x340/0x510 [ 56.532719] ? iterate_fd+0x350/0x350 [ 56.532721] ? find_held_lock+0x2d/0x110 [ 56.532723] ? __fd_install+0x1b4/0x610 [ 56.532725] ? __fget_light+0x1d1/0x230 [ 56.532727] __sys_sendmsg+0xec/0x1b0 [ 56.532729] ? __ia32_sys_shutdown+0x70/0x70 [ 56.532732] ? __x64_sys_futex+0x386/0x4f0 [ 56.532734] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 56.532736] ? trace_hardirqs_off_caller+0x55/0x210 [ 56.532738] ? do_syscall_64+0x21/0x620 [ 56.532740] do_syscall_64+0xf9/0x620 [ 56.532742] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.532744] RIP: 0033:0x446649 [ 56.532752] Code: e8 1c ba 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.532754] RSP: 002b:00007fc2e106cd98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.532759] RAX: ffffffffffffffda RBX: 00000000006dbc78 RCX: 0000000000446649 [ 56.532762] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 56.532766] RBP: 00000000006dbc70 R08: 0000000000000000 R09: 0000000000000000 [ 56.532769] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc7c [ 56.532772] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 56.533911] Kernel Offset: disabled [ 57.460076] Rebooting in 86400 seconds..