[ 47.294889] audit: type=1800 audit(1583396042.975:30): pid=8156 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 52.207373] kauditd_printk_skb: 4 callbacks suppressed [ 52.207387] audit: type=1400 audit(1583396047.915:35): avc: denied { map } for pid=8329 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.250' (ECDSA) to the list of known hosts. [ 59.128213] audit: type=1400 audit(1583396054.835:36): avc: denied { map } for pid=8341 comm="syz-executor171" path="/root/syz-executor171377787" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 59.153771] IPVS: ftp: loaded support on port[0] = 21 executing program [ 59.188235] audit: type=1400 audit(1583396054.895:37): avc: denied { create } for pid=8342 comm="syz-executor171" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 59.202849] ------------[ cut here ]------------ [ 59.212449] audit: type=1400 audit(1583396054.895:38): avc: denied { write } for pid=8342 comm="syz-executor171" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 59.217036] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 59.241535] audit: type=1400 audit(1583396054.895:39): avc: denied { read } for pid=8342 comm="syz-executor171" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 59.250294] WARNING: CPU: 0 PID: 8343 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 59.282573] Kernel panic - not syncing: panic_on_warn set ... [ 59.282573] [ 59.290075] CPU: 0 PID: 8343 Comm: syz-executor171 Not tainted 4.19.107-syzkaller #0 [ 59.297955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.307346] Call Trace: [ 59.309948] dump_stack+0x188/0x20d [ 59.313610] panic+0x26a/0x50e [ 59.316808] ? __warn_printk+0xf3/0xf3 [ 59.320719] ? debug_print_object+0x160/0x250 [ 59.325258] ? __probe_kernel_read+0x16c/0x1b0 [ 59.330079] ? __warn.cold+0x5/0x46 [ 59.333705] ? __warn+0xe4/0x1c0 [ 59.337104] ? debug_print_object+0x160/0x250 [ 59.341601] __warn.cold+0x20/0x46 [ 59.345181] ? debug_print_object+0x160/0x250 [ 59.349669] report_bug+0x262/0x2a0 [ 59.353297] do_error_trap+0x1d7/0x310 [ 59.357179] ? math_error+0x310/0x310 [ 59.361012] ? irq_work_claim+0xa6/0xc0 [ 59.364987] ? irq_work_queue+0x2b/0x80 [ 59.368952] ? wake_up_klogd+0x8c/0xc0 [ 59.372879] ? trace_hardirqs_off_caller+0x55/0x210 [ 59.377904] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 59.382774] invalid_op+0x14/0x20 [ 59.386234] RIP: 0010:debug_print_object+0x160/0x250 [ 59.391501] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 fb 02 e7 fd <0f> 0b 83 05 c3 b6 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 59.410406] RSP: 0018:ffff888088187268 EFLAGS: 00010086 [ 59.415764] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 59.423039] RDX: 0000000000000000 RSI: ffffffff8152c6e1 RDI: ffffed1011030e3f [ 59.430449] RBP: 0000000000000001 R08: ffff88808be3a640 R09: ffffed1015cc3ee3 [ 59.437718] R10: ffffed1015cc3ee2 R11: ffff8880ae61f717 R12: ffffffff88b928c0 [ 59.445006] R13: 0000000000000000 R14: ffff88808e019010 R15: 1ffff11011030e5a [ 59.452285] ? vprintk_func+0x81/0x17e [ 59.456168] ? debug_print_object+0x160/0x250 [ 59.460657] debug_object_activate+0x357/0x4e0 [ 59.465227] ? debug_object_free+0x3e0/0x3e0 [ 59.469659] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 59.474230] ? route4_change+0xbab/0x2210 [ 59.478394] ? delayed_work_timer_fn+0x90/0x90 [ 59.482961] __call_rcu.constprop.0+0x31/0x7e0 [ 59.487533] ? mark_held_locks+0xa6/0xf0 [ 59.491583] queue_rcu_work+0x75/0x90 [ 59.495371] route4_change+0xe6a/0x2210 [ 59.499342] ? route4_init+0xa0/0xa0 [ 59.503045] ? route4_init+0xa0/0xa0 [ 59.506745] tc_new_tfilter+0xa6b/0x1450 [ 59.510797] ? tc_del_tfilter+0xd40/0xd40 [ 59.514950] ? __mutex_lock+0x3cd/0x1300 [ 59.519043] ? selinux_ipv4_output+0x50/0x50 [ 59.523459] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 59.527893] ? tc_del_tfilter+0xd40/0xd40 [ 59.532057] rtnetlink_rcv_msg+0x453/0xaf0 [ 59.536310] ? rtnetlink_put_metrics+0x520/0x520 [ 59.541207] ? find_held_lock+0x2d/0x110 [ 59.545292] netlink_rcv_skb+0x160/0x410 [ 59.549352] ? rtnetlink_put_metrics+0x520/0x520 [ 59.554101] ? netlink_ack+0xa60/0xa60 [ 59.557976] netlink_unicast+0x4d7/0x6a0 [ 59.562031] ? netlink_attachskb+0x710/0x710 [ 59.566424] netlink_sendmsg+0x80b/0xcd0 [ 59.570473] ? netlink_unicast+0x6a0/0x6a0 [ 59.574710] ? move_addr_to_kernel.part.0+0x110/0x110 [ 59.579908] ? netlink_unicast+0x6a0/0x6a0 [ 59.584133] sock_sendmsg+0xcf/0x120 [ 59.587892] ___sys_sendmsg+0x803/0x920 [ 59.591860] ? copy_msghdr_from_user+0x410/0x410 [ 59.596646] ? __fget+0x319/0x510 [ 59.600105] ? lock_downgrade+0x740/0x740 [ 59.604259] ? check_preemption_disabled+0x41/0x280 [ 59.609273] ? __fget+0x340/0x510 [ 59.612750] ? iterate_fd+0x350/0x350 [ 59.616543] ? find_held_lock+0x2d/0x110 [ 59.620599] ? __fd_install+0x1b4/0x610 [ 59.624597] ? __fget_light+0x1d1/0x230 [ 59.628574] __sys_sendmsg+0xec/0x1b0 [ 59.632386] ? __ia32_sys_shutdown+0x70/0x70 [ 59.636795] ? __x64_sys_futex+0x386/0x4f0 [ 59.641029] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 59.645779] ? trace_hardirqs_off_caller+0x55/0x210 [ 59.650779] ? do_syscall_64+0x21/0x620 [ 59.654911] do_syscall_64+0xf9/0x620 [ 59.658710] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.663902] RIP: 0033:0x446de9 [ 59.667088] Code: e8 ec 0f 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.685984] RSP: 002b:00007f2ea3090d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.693693] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 0000000000446de9 [ 59.700958] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 59.708221] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 59.715486] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc6c [ 59.722746] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 59.730014] [ 59.730023] ====================================================== [ 59.730026] WARNING: possible circular locking dependency detected [ 59.730028] 4.19.107-syzkaller #0 Not tainted [ 59.730031] ------------------------------------------------------ [ 59.730033] syz-executor171/8343 is trying to acquire lock: [ 59.730036] 0000000080d780e3 ((console_sem).lock){-...}, at: down_trylock+0xe/0x60 [ 59.730043] [ 59.730045] but task is already holding lock: [ 59.730047] 00000000dbf5a5b9 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 59.730054] [ 59.730056] which lock already depends on the new lock. [ 59.730058] [ 59.730059] [ 59.730061] the existing dependency chain (in reverse order) is: [ 59.730062] [ 59.730064] -> #5 (&obj_hash[i].lock){-.-.}: [ 59.730071] debug_object_activate+0x131/0x4e0 [ 59.730073] enqueue_hrtimer+0x27/0x3f0 [ 59.730075] hrtimer_start_range_ns+0x580/0xbe0 [ 59.730078] schedule_hrtimeout_range_clock+0x17a/0x360 [ 59.730083] wait_task_inactive+0x443/0x550 [ 59.730086] __kthread_bind_mask+0x1f/0xb0 [ 59.730088] init_rescuer.part.0+0xf2/0x190 [ 59.730090] workqueue_init+0x504/0x7e9 [ 59.730092] kernel_init_freeable+0x2bd/0x5bb [ 59.730094] kernel_init+0xd/0x1c0 [ 59.730096] ret_from_fork+0x24/0x30 [ 59.730097] [ 59.730098] -> #4 (hrtimer_bases.lock){-.-.}: [ 59.730105] lock_hrtimer_base.isra.0+0x6d/0x120 [ 59.730108] hrtimer_start_range_ns+0xf5/0xbe0 [ 59.730110] enqueue_task_rt+0x97f/0xdf0 [ 59.730112] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 59.730114] _sched_setscheduler+0xee/0x180 [ 59.730116] watchdog_dev_init+0xdd/0x1ae [ 59.730118] watchdog_init+0x14/0x17e [ 59.730120] do_one_initcall+0xf1/0x734 [ 59.730123] kernel_init_freeable+0x4c9/0x5bb [ 59.730125] kernel_init+0xd/0x1c0 [ 59.730126] ret_from_fork+0x24/0x30 [ 59.730128] [ 59.730129] -> #3 (&rt_b->rt_runtime_lock){-.-.}: [ 59.730136] rq_online_rt+0xaf/0x390 [ 59.730138] set_rq_online.part.0+0xe3/0x140 [ 59.730140] sched_cpu_activate+0x17f/0x270 [ 59.730142] cpuhp_invoke_callback+0x213/0x1bb0 [ 59.730144] cpuhp_thread_fun+0x440/0x840 [ 59.730147] smpboot_thread_fn+0x653/0x9d0 [ 59.730148] kthread+0x34a/0x420 [ 59.730150] ret_from_fork+0x24/0x30 [ 59.730151] [ 59.730152] -> #2 (&rq->lock){-.-.}: [ 59.730159] task_fork_fair+0x6a/0x520 [ 59.730161] sched_fork+0x3a7/0x8b0 [ 59.730163] copy_process.part.0+0x187d/0x7a60 [ 59.730165] _do_fork+0x22f/0xf40 [ 59.730167] kernel_thread+0x2f/0x40 [ 59.730169] rest_init+0x1f/0x212 [ 59.730171] start_kernel+0x7e4/0x81c [ 59.730173] secondary_startup_64+0xa4/0xb0 [ 59.730174] [ 59.730175] -> #1 (&p->pi_lock){-.-.}: [ 59.730182] try_to_wake_up+0x80/0xe90 [ 59.730183] up+0x92/0xe0 [ 59.730185] __up_console_sem+0xb3/0x1c0 [ 59.730188] console_unlock+0x64d/0xfe0 [ 59.730189] vprintk_emit+0x282/0x6e0 [ 59.730191] vprintk_func+0x79/0x17e [ 59.730193] printk+0xba/0xed [ 59.730195] kauditd_hold_skb.cold+0x41/0x50 [ 59.730197] kauditd_send_queue+0x12d/0x170 [ 59.730199] kauditd_thread+0x6f4/0xa20 [ 59.730201] kthread+0x34a/0x420 [ 59.730203] ret_from_fork+0x24/0x30 [ 59.730204] [ 59.730205] -> #0 ((console_sem).lock){-...}: [ 59.730213] _raw_spin_lock_irqsave+0x8c/0xbf [ 59.730215] down_trylock+0xe/0x60 [ 59.730217] __down_trylock_console_sem+0xa3/0x210 [ 59.730219] console_trylock+0x12/0x90 [ 59.730221] vprintk_emit+0x269/0x6e0 [ 59.730223] vprintk_func+0x79/0x17e [ 59.730225] printk+0xba/0xed [ 59.730227] __warn_printk+0x9b/0xf3 [ 59.730229] debug_print_object+0x160/0x250 [ 59.730231] debug_object_activate+0x357/0x4e0 [ 59.730233] __call_rcu.constprop.0+0x31/0x7e0 [ 59.730235] queue_rcu_work+0x75/0x90 [ 59.730237] route4_change+0xe6a/0x2210 [ 59.730239] tc_new_tfilter+0xa6b/0x1450 [ 59.730241] rtnetlink_rcv_msg+0x453/0xaf0 [ 59.730243] netlink_rcv_skb+0x160/0x410 [ 59.730245] netlink_unicast+0x4d7/0x6a0 [ 59.730248] netlink_sendmsg+0x80b/0xcd0 [ 59.730250] sock_sendmsg+0xcf/0x120 [ 59.730252] ___sys_sendmsg+0x803/0x920 [ 59.730253] __sys_sendmsg+0xec/0x1b0 [ 59.730255] do_syscall_64+0xf9/0x620 [ 59.730258] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.730259] [ 59.730261] other info that might help us debug this: [ 59.730262] [ 59.730264] Chain exists of: [ 59.730265] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 59.730274] [ 59.730276] Possible unsafe locking scenario: [ 59.730277] [ 59.730279] CPU0 CPU1 [ 59.730281] ---- ---- [ 59.730282] lock(&obj_hash[i].lock); [ 59.730287] lock(hrtimer_bases.lock); [ 59.730292] lock(&obj_hash[i].lock); [ 59.730296] lock((console_sem).lock); [ 59.730300] [ 59.730301] *** DEADLOCK *** [ 59.730302] [ 59.730304] 2 locks held by syz-executor171/8343: [ 59.730306] #0: 00000000575a240d (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 59.730314] #1: 00000000dbf5a5b9 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 59.730322] [ 59.730324] stack backtrace: [ 59.730327] CPU: 0 PID: 8343 Comm: syz-executor171 Not tainted 4.19.107-syzkaller #0 [ 59.730331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.730333] Call Trace: [ 59.730334] dump_stack+0x188/0x20d [ 59.730337] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 59.730339] __lock_acquire+0x2e19/0x49c0 [ 59.730341] ? add_lock_to_list.isra.0+0x179/0x330 [ 59.730343] ? save_trace+0xd6/0x290 [ 59.730345] ? mark_held_locks+0xf0/0xf0 [ 59.730347] ? format_decode+0x230/0xad0 [ 59.730349] ? kvm_clock_read+0x14/0x30 [ 59.730351] lock_acquire+0x170/0x400 [ 59.730353] ? down_trylock+0xe/0x60 [ 59.730355] _raw_spin_lock_irqsave+0x8c/0xbf [ 59.730357] ? down_trylock+0xe/0x60 [ 59.730359] down_trylock+0xe/0x60 [ 59.730361] ? vprintk_emit+0x269/0x6e0 [ 59.730363] __down_trylock_console_sem+0xa3/0x210 [ 59.730365] console_trylock+0x12/0x90 [ 59.730367] vprintk_emit+0x269/0x6e0 [ 59.730369] vprintk_func+0x79/0x17e [ 59.730370] printk+0xba/0xed [ 59.730373] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 59.730375] ? __warn_printk+0x8f/0xf3 [ 59.730376] __warn_printk+0x9b/0xf3 [ 59.730378] ? add_taint.cold+0x16/0x16 [ 59.730380] ? do_syscall_64+0xf9/0x620 [ 59.730383] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.730385] debug_print_object+0x160/0x250 [ 59.730387] debug_object_activate+0x357/0x4e0 [ 59.730389] ? debug_object_free+0x3e0/0x3e0 [ 59.730391] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 59.730393] ? route4_change+0xbab/0x2210 [ 59.730395] ? delayed_work_timer_fn+0x90/0x90 [ 59.730398] __call_rcu.constprop.0+0x31/0x7e0 [ 59.730400] ? mark_held_locks+0xa6/0xf0 [ 59.730401] queue_rcu_work+0x75/0x90 [ 59.730403] route4_change+0xe6a/0x2210 [ 59.730405] ? route4_init+0xa0/0xa0 [ 59.730407] ? route4_init+0xa0/0xa0 [ 59.730409] tc_new_tfilter+0xa6b/0x1450 [ 59.730411] ? tc_del_tfilter+0xd40/0xd40 [ 59.730413] ? __mutex_lock+0x3cd/0x1300 [ 59.730415] ? selinux_ipv4_output+0x50/0x50 [ 59.730418] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 59.730420] ? tc_del_tfilter+0xd40/0xd40 [ 59.730422] rtnetlink_rcv_msg+0x453/0xaf0 [ 59.730424] ? rtnetlink_put_metrics+0x520/0x520 [ 59.730426] ? find_held_lock+0x2d/0x110 [ 59.730428] netlink_rcv_skb+0x160/0x410 [ 59.730430] ? rtnetlink_put_metrics+0x520/0x520 [ 59.730432] ? netlink_ack+0xa60/0xa60 [ 59.730434] netlink_unicast+0x4d7/0x6a0 [ 59.730436] ? netlink_attachskb+0x710/0x710 [ 59.730438] netlink_sendmsg+0x80b/0xcd0 [ 59.730440] ? netlink_unicast+0x6a0/0x6a0 [ 59.730443] ? move_addr_to_kernel.part.0+0x110/0x110 [ 59.730445] ? netlink_unicast+0x6a0/0x6a0 [ 59.730447] sock_sendmsg+0xcf/0x120 [ 59.730449] ___sys_sendmsg+0x803/0x920 [ 59.730451] ? copy_msghdr_from_user+0x410/0x410 [ 59.730453] ? __fget+0x319/0x510 [ 59.730455] ? lock_downgrade+0x740/0x740 [ 59.730457] ? check_preemption_disabled+0x41/0x280 [ 59.730459] ? __fget+0x340/0x510 [ 59.730461] ? iterate_fd+0x350/0x350 [ 59.730463] ? find_held_lock+0x2d/0x110 [ 59.730464] ? __fd_install+0x1b4/0x610 [ 59.730466] ? __fget_light+0x1d1/0x230 [ 59.730468] __sys_sendmsg+0xec/0x1b0 [ 59.730470] ? __ia32_sys_shutdown+0x70/0x70 [ 59.730473] ? __x64_sys_futex+0x386/0x4f0 [ 59.730475] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 59.730477] ? trace_hardirqs_off_caller+0x55/0x210 [ 59.730479] ? do_syscall_64+0x21/0x620 [ 59.730481] do_syscall_64+0xf9/0x620 [ 59.730483] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.730485] RIP: 0033:0x446de9 [ 59.730492] Code: e8 ec 0f 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.730495] RSP: 002b:00007f2ea3090d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.730500] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 0000000000446de9 [ 59.730503] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 59.730506] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 59.730509] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc6c [ 59.730512] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 59.731749] Kernel Offset: disabled [ 60.658302] Rebooting in 86400 seconds..