Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   51.896177] kauditd_printk_skb: 2 callbacks suppressed
[   51.896190] audit: type=1400 audit(1565806898.921:36): avc:  denied  { map } for  pid=7596 comm="syz-executor374" path="/root/syz-executor374699302" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
executing program
executing program
[   56.907276] ------------[ cut here ]------------
[   56.913007] ODEBUG: free active (active state 0) object type: timer_list hint: rfcomm_dlc_timeout+0x0/0x80
[   56.922989] WARNING: CPU: 0 PID: 7599 at lib/debugobjects.c:325 debug_print_object+0x168/0x250
[   56.931806] Kernel panic - not syncing: panic_on_warn set ...
[   56.931806] 
[   56.939153] CPU: 0 PID: 7599 Comm: syz-executor374 Not tainted 4.19.66 #40
[   56.946159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   56.955568] Call Trace:
[   56.958153]  dump_stack+0x172/0x1f0
[   56.961760]  panic+0x263/0x507
[   56.964933]  ? __warn_printk+0xf3/0xf3
[   56.968803]  ? debug_print_object+0x168/0x250
[   56.973281]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   56.978796]  ? __warn.cold+0x5/0x4a
[   56.982426]  ? __warn+0xe8/0x1d0
[   56.985797]  ? debug_print_object+0x168/0x250
[   56.990286]  __warn.cold+0x20/0x4a
[   56.993930]  ? trace_hardirqs_off+0x62/0x220
[   56.998317]  ? debug_print_object+0x168/0x250
[   57.002836]  report_bug+0x263/0x2b0
[   57.006471]  do_error_trap+0x204/0x360
[   57.010352]  ? math_error+0x340/0x340
[   57.014280]  ? wake_up_klogd+0x99/0xd0
[   57.018162]  ? vprintk_emit+0x1ab/0x690
[   57.022115]  ? error_entry+0x7c/0xe0
[   57.025808]  ? trace_hardirqs_off_caller+0x65/0x220
[   57.030812]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   57.035643]  do_invalid_op+0x1b/0x20
[   57.039337]  invalid_op+0x14/0x20
[   57.042881] RIP: 0010:debug_print_object+0x168/0x250
[   57.047970] Code: dd a0 52 82 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 b5 00 00 00 48 8b 14 dd a0 52 82 87 48 c7 c7 e0 47 82 87 e8 a6 23 19 fe <0f> 0b 83 05 bb aa 17 06 01 48 83 c4 20 5b 41 5c 41 5d 41 5e 5d c3
[   57.066862] RSP: 0018:ffff8880a90678d8 EFLAGS: 00010086
[   57.072205] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[   57.079454] RDX: 0000000000000000 RSI: ffffffff8155d916 RDI: ffffed101520cf0d
[   57.086975] RBP: ffff8880a9067918 R08: ffff88808f492500 R09: ffffed1015d03ee3
[   57.094383] R10: ffffed1015d03ee2 R11: ffff8880ae81f717 R12: 0000000000000001
[   57.101648] R13: ffffffff887ac4c0 R14: ffffffff815b4e70 R15: ffff888091b5eaa8
[   57.108914]  ? __internal_add_timer+0x1f0/0x1f0
[   57.113568]  ? vprintk_func+0x86/0x189
[   57.117444]  ? debug_print_object+0x168/0x250
[   57.121919]  debug_check_no_obj_freed+0x29f/0x464
[   57.126741]  kfree+0xbd/0x220
[   57.131048]  rfcomm_dlc_free+0x20/0x30
[   57.134914]  rfcomm_dev_ioctl+0x181f/0x1b60
[   57.139213]  ? __local_bh_enable_ip+0x15a/0x270
[   57.143860]  ? lock_sock_nested+0xe2/0x120
[   57.148310]  ? __local_bh_enable_ip+0x15a/0x270
[   57.152970]  ? rfcomm_dev_state_change+0x150/0x150
[   57.157894]  ? __local_bh_enable_ip+0x15a/0x270
[   57.162572]  rfcomm_sock_ioctl+0x90/0xb0
[   57.166628]  sock_do_ioctl+0xd8/0x2f0
[   57.170411]  ? compat_ifr_data_ioctl+0x160/0x160
[   57.175151]  ? __lock_acquire+0x6ee/0x49c0
[   57.179372]  ? rcu_read_lock_sched_held+0x110/0x130
[   57.184433]  ? kmem_cache_alloc+0x32a/0x700
[   57.188748]  sock_ioctl+0x325/0x610
[   57.192369]  ? dlci_ioctl_set+0x40/0x40
[   57.196333]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   57.201864]  ? __might_sleep+0x95/0x190
[   57.205877]  ? find_held_lock+0x35/0x130
[   57.209927]  ? dlci_ioctl_set+0x40/0x40
[   57.213897]  do_vfs_ioctl+0xd5f/0x1380
[   57.217770]  ? selinux_file_ioctl+0x46f/0x5e0
[   57.222254]  ? selinux_file_ioctl+0x125/0x5e0
[   57.226875]  ? ioctl_preallocate+0x210/0x210
[   57.231272]  ? selinux_file_mprotect+0x620/0x620
[   57.236024]  ? __sanitizer_cov_trace_cmp1+0x1b/0x20
[   57.241036]  ? __fd_install+0x200/0x640
[   57.245000]  ? fd_install+0x4d/0x60
[   57.248616]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   57.254138]  ? security_file_ioctl+0x8d/0xc0
[   57.258674]  ksys_ioctl+0xab/0xd0
[   57.262129]  __x64_sys_ioctl+0x73/0xb0
[   57.266002]  do_syscall_64+0xfd/0x620
[   57.269794]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   57.275189] RIP: 0033:0x441229
[   57.278366] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   57.297300] RSP: 002b:00007ffcd2abbc28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   57.305119] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441229
[   57.312372] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000004
[   57.319633] RBP: 000000000000de35 R08: 00000000004002c8 R09: 00000000004002c8
[   57.326893] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402050
[   57.334155] R13: 00000000004020e0 R14: 0000000000000000 R15: 0000000000000000
[   57.341419] 
[   57.341423] ======================================================
[   57.341426] WARNING: possible circular locking dependency detected
[   57.341428] 4.19.66 #40 Not tainted
[   57.341432] ------------------------------------------------------
[   57.341435] syz-executor374/7599 is trying to acquire lock:
[   57.341437] 0000000028fba798 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[   57.341446] 
[   57.341448] but task is already holding lock:
[   57.341450] 00000000e9bf1190 (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xbe/0x464
[   57.341463] 
[   57.341466] which lock already depends on the new lock.
[   57.341467] 
[   57.341468] 
[   57.341471] the existing dependency chain (in reverse order) is:
[   57.341473] 
[   57.341474] -> #3 (&obj_hash[i].lock){-.-.}:
[   57.341483]        _raw_spin_lock_irqsave+0x95/0xcd
[   57.341485]        __debug_object_init+0xc6/0xc30
[   57.341488]        debug_object_init+0x16/0x20
[   57.341490]        hrtimer_init+0x2a/0x300
[   57.341492]        init_dl_task_timer+0x1b/0x50
[   57.341495]        __sched_fork+0x22a/0x4b0
[   57.341497]        init_idle+0x75/0x800
[   57.341499]        sched_init+0x952/0x9f0
[   57.341501]        start_kernel+0x402/0x8c5
[   57.341504]        x86_64_start_reservations+0x29/0x2b
[   57.341506]        x86_64_start_kernel+0x77/0x7b
[   57.341509]        secondary_startup_64+0xa4/0xb0
[   57.341510] 
[   57.341512] -> #2 (&rq->lock){-.-.}:
[   57.341520]        _raw_spin_lock+0x2f/0x40
[   57.341522]        task_fork_fair+0x6a/0x520
[   57.341524]        sched_fork+0x3af/0x900
[   57.341527]        copy_process.part.0+0x1859/0x7a30
[   57.341529]        _do_fork+0x257/0xfd0
[   57.341531]        kernel_thread+0x34/0x40
[   57.341534]        rest_init+0x24/0x222
[   57.341536]        start_kernel+0x88c/0x8c5
[   57.341539]        x86_64_start_reservations+0x29/0x2b
[   57.341541]        x86_64_start_kernel+0x77/0x7b
[   57.341544]        secondary_startup_64+0xa4/0xb0
[   57.341545] 
[   57.341546] -> #1 (&p->pi_lock){-.-.}:
[   57.341554]        _raw_spin_lock_irqsave+0x95/0xcd
[   57.341557]        try_to_wake_up+0x94/0xf50
[   57.341559]        wake_up_process+0x10/0x20
[   57.341561]        __up.isra.0+0x136/0x1a0
[   57.341563]        up+0x9c/0xe0
[   57.341566]        __up_console_sem+0xb7/0x1c0
[   57.341568]        console_unlock+0x6c7/0x10b0
[   57.341571]        vprintk_emit+0x238/0x690
[   57.341573]        vprintk_default+0x28/0x30
[   57.341575]        vprintk_func+0x7e/0x189
[   57.341577]        printk+0xba/0xed
[   57.341580]        kauditd_hold_skb.cold+0x3f/0x4e
[   57.341582]        kauditd_send_queue+0x12b/0x170
[   57.341585]        kauditd_thread+0x732/0xa60
[   57.341587]        kthread+0x354/0x420
[   57.341589]        ret_from_fork+0x24/0x30
[   57.341590] 
[   57.341592] -> #0 ((console_sem).lock){-...}:
[   57.341600]        lock_acquire+0x16f/0x3f0
[   57.341603]        _raw_spin_lock_irqsave+0x95/0xcd
[   57.341605]        down_trylock+0x13/0x70
[   57.341608]        __down_trylock_console_sem+0xa8/0x210
[   57.341610]        console_trylock+0x15/0xa0
[   57.341612]        vprintk_emit+0x21d/0x690
[   57.341615]        vprintk_default+0x28/0x30
[   57.341617]        vprintk_func+0x7e/0x189
[   57.341619]        printk+0xba/0xed
[   57.341621]        __warn_printk+0x9b/0xf3
[   57.341624]        debug_print_object+0x168/0x250
[   57.341627]        debug_check_no_obj_freed+0x29f/0x464
[   57.341629]        kfree+0xbd/0x220
[   57.341631]        rfcomm_dlc_free+0x20/0x30
[   57.341634]        rfcomm_dev_ioctl+0x181f/0x1b60
[   57.341636]        rfcomm_sock_ioctl+0x90/0xb0
[   57.341639]        sock_do_ioctl+0xd8/0x2f0
[   57.341641]        sock_ioctl+0x325/0x610
[   57.341643]        do_vfs_ioctl+0xd5f/0x1380
[   57.341645]        ksys_ioctl+0xab/0xd0
[   57.341648]        __x64_sys_ioctl+0x73/0xb0
[   57.341650]        do_syscall_64+0xfd/0x620
[   57.341653]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   57.341654] 
[   57.341657] other info that might help us debug this:
[   57.341658] 
[   57.341660] Chain exists of:
[   57.341661]   (console_sem).lock --> &rq->lock --> &obj_hash[i].lock
[   57.341672] 
[   57.341674]  Possible unsafe locking scenario:
[   57.341676] 
[   57.341678]        CPU0                    CPU1
[   57.341680]        ----                    ----
[   57.341682]   lock(&obj_hash[i].lock);
[   57.341687]                                lock(&rq->lock);
[   57.341693]                                lock(&obj_hash[i].lock);
[   57.341697]   lock((console_sem).lock);
[   57.341702] 
[   57.341704]  *** DEADLOCK ***
[   57.341705] 
[   57.341708] 3 locks held by syz-executor374/7599:
[   57.341709]  #0: 00000000f81dd80d (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}, at: rfcomm_sock_ioctl+0x82/0xb0
[   57.341720]  #1: 000000005847e570 (rfcomm_ioctl_mutex){+.+.}, at: rfcomm_dev_ioctl+0x4f0/0x1b60
[   57.341730]  #2: 00000000e9bf1190 (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xbe/0x464
[   57.341740] 
[   57.341742] stack backtrace:
[   57.341746] CPU: 0 PID: 7599 Comm: syz-executor374 Not tainted 4.19.66 #40
[   57.341750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.341752] Call Trace:
[   57.341754]  dump_stack+0x172/0x1f0
[   57.341757]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   57.341759]  __lock_acquire+0x2e19/0x49c0
[   57.341762]  ? mark_held_locks+0x100/0x100
[   57.341764]  ? kvm_clock_read+0x18/0x30
[   57.341766]  ? kvm_sched_clock_read+0x9/0x20
[   57.341769]  lock_acquire+0x16f/0x3f0
[   57.341771]  ? down_trylock+0x13/0x70
[   57.341773]  _raw_spin_lock_irqsave+0x95/0xcd
[   57.341776]  ? down_trylock+0x13/0x70
[   57.341778]  ? vprintk_emit+0x21d/0x690
[   57.341780]  down_trylock+0x13/0x70
[   57.341782]  ? vprintk_emit+0x21d/0x690
[   57.341785]  __down_trylock_console_sem+0xa8/0x210
[   57.341788]  console_trylock+0x15/0xa0
[   57.341790]  vprintk_emit+0x21d/0x690
[   57.341792]  ? __internal_add_timer+0x1f0/0x1f0
[   57.341795]  vprintk_default+0x28/0x30
[   57.341797]  vprintk_func+0x7e/0x189
[   57.341799]  printk+0xba/0xed
[   57.341801]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   57.341804]  ? __warn_printk+0x8f/0xf3
[   57.341806]  ? rfcomm_session_add+0x300/0x300
[   57.341808]  __warn_printk+0x9b/0xf3
[   57.341811]  ? add_taint.cold+0x16/0x16
[   57.341813]  ? skb_dequeue+0x12e/0x180
[   57.341816]  ? rfcomm_session_add+0x300/0x300
[   57.341818]  debug_print_object+0x168/0x250
[   57.341821]  debug_check_no_obj_freed+0x29f/0x464
[   57.341823]  kfree+0xbd/0x220
[   57.341825]  rfcomm_dlc_free+0x20/0x30
[   57.341841]  rfcomm_dev_ioctl+0x181f/0x1b60
[   57.341843]  ? __local_bh_enable_ip+0x15a/0x270
[   57.341845]  ? lock_sock_nested+0xe2/0x120
[   57.341848]  ? __local_bh_enable_ip+0x15a/0x270
[   57.341850]  ? rfcomm_dev_state_change+0x150/0x150
[   57.341853]  ? __local_bh_enable_ip+0x15a/0x270
[   57.341855]  rfcomm_sock_ioctl+0x90/0xb0
[   57.341857]  sock_do_ioctl+0xd8/0x2f0
[   57.341860]  ? compat_ifr_data_ioctl+0x160/0x160
[   57.341862]  ? __lock_acquire+0x6ee/0x49c0
[   57.341865]  ? rcu_read_lock_sched_held+0x110/0x130
[   57.341867]  ? kmem_cache_alloc+0x32a/0x700
[   57.341869]  sock_ioctl+0x325/0x610
[   57.341871]  ? dlci_ioctl_set+0x40/0x40
[   57.341874]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   57.341877]  ? __might_sleep+0x95/0x190
[   57.341879]  ? find_held_lock+0x35/0x130
[   57.341881]  ? dlci_ioctl_set+0x40/0x40
[   57.341883]  do_vfs_ioctl+0xd5f/0x1380
[   57.341886]  ? selinux_file_ioctl+0x46f/0x5e0
[   57.341888]  ? selinux_file_ioctl+0x125/0x5e0
[   57.341890]  ? ioctl_preallocate+0x210/0x210
[   57.341893]  ? selinux_file_mprotect+0x620/0x620
[   57.341896]  ? __sanitizer_cov_trace_cmp1+0x1b/0x20
[   57.341898]  ? __fd_install+0x200/0x640
[   57.341900]  ? fd_install+0x4d/0x60
[   57.341903]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   57.341905]  ? security_file_ioctl+0x8d/0xc0
[   57.341907]  ksys_ioctl+0xab/0xd0
[   57.341910]  __x64_sys_ioctl+0x73/0xb0
[   57.341912]  do_syscall_64+0xfd/0x620
[   57.341914]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   57.341916] RIP: 0033:0x441229
[   57.341924] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   57.341927] RSP: 002b:00007ffcd2abbc28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   57.341933] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441229
[   57.341936] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000004
[   57.341940] RBP: 000000000000de35 R08: 00000000004002c8 R09: 00000000004002c8
[   57.341943] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402050
[   57.341947] R13: 00000000004020e0 R14: 0000000000000000 R15: 0000000000000000
[   57.342984] Kernel Offset: disabled
[   58.164671] Rebooting in 86400 seconds..