[ 46.888527] audit: type=1800 audit(1584584118.104:29): pid=8055 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 46.936251] audit: type=1800 audit(1584584118.104:30): pid=8055 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.15' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 55.091856] kauditd_printk_skb: 5 callbacks suppressed [ 55.091871] audit: type=1400 audit(1584584126.304:36): avc: denied { map } for pid=8240 comm="syz-executor015" path="/root/syz-executor015906207" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 55.107876] IPVS: ftp: loaded support on port[0] = 21 [ 55.168769] ------------[ cut here ]------------ [ 55.174666] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 55.183907] WARNING: CPU: 1 PID: 8242 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 55.192646] Kernel panic - not syncing: panic_on_warn set ... [ 55.192646] [ 55.200000] CPU: 1 PID: 8242 Comm: syz-executor015 Not tainted 4.19.111-syzkaller #0 [ 55.207866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.217215] Call Trace: [ 55.219825] dump_stack+0x188/0x20d [ 55.223716] panic+0x26a/0x50e [ 55.226896] ? __warn_printk+0xf3/0xf3 [ 55.230822] ? debug_print_object+0x160/0x250 [ 55.235311] ? __probe_kernel_read+0x16c/0x1b0 [ 55.240033] ? __warn.cold+0x5/0x46 [ 55.243700] ? __warn+0xe4/0x1c0 [ 55.247061] ? debug_print_object+0x160/0x250 [ 55.251547] __warn.cold+0x20/0x46 [ 55.255078] ? debug_print_object+0x160/0x250 [ 55.259565] report_bug+0x262/0x2a0 [ 55.263286] do_error_trap+0x1d7/0x310 [ 55.267173] ? math_error+0x310/0x310 [ 55.270964] ? irq_work_claim+0xa6/0xc0 [ 55.274946] ? irq_work_queue+0x2b/0x80 [ 55.278917] ? wake_up_klogd+0x8c/0xc0 [ 55.283396] ? trace_hardirqs_off_caller+0x55/0x210 [ 55.288410] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.293239] invalid_op+0x14/0x20 [ 55.296680] RIP: 0010:debug_print_object+0x160/0x250 [ 55.301770] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 1b f7 e6 fd <0f> 0b 83 05 63 a5 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 55.320919] RSP: 0018:ffff88809a7f7268 EFLAGS: 00010086 [ 55.326284] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 55.333553] RDX: 0000000000000000 RSI: ffffffff8152d381 RDI: ffffed10134fee3f [ 55.340825] RBP: 0000000000000001 R08: ffff88809389e380 R09: ffffed1015ce3ee3 [ 55.348087] R10: ffffed1015ce3ee2 R11: ffff8880ae71f717 R12: ffffffff88b928c0 [ 55.355352] R13: 0000000000000000 R14: ffff8880a5c5af28 R15: 1ffff110134fee5a [ 55.362624] ? vprintk_func+0x81/0x17e [ 55.366502] ? debug_print_object+0x160/0x250 [ 55.370983] debug_object_activate+0x357/0x4e0 [ 55.375549] ? debug_object_free+0x3e0/0x3e0 [ 55.379941] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 55.384516] ? route4_change+0xbab/0x2210 [ 55.388659] ? delayed_work_timer_fn+0x90/0x90 [ 55.393223] __call_rcu.constprop.0+0x31/0x7e0 [ 55.397803] ? mark_held_locks+0xa6/0xf0 [ 55.401859] queue_rcu_work+0x75/0x90 [ 55.405650] route4_change+0xe6a/0x2210 [ 55.409610] ? route4_init+0xa0/0xa0 [ 55.413326] ? route4_init+0xa0/0xa0 [ 55.417023] tc_new_tfilter+0xa6b/0x1450 [ 55.421076] ? tc_del_tfilter+0xd40/0xd40 [ 55.426324] ? __mutex_lock+0x3cd/0x1300 [ 55.430387] ? selinux_ipv4_output+0x50/0x50 [ 55.434787] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 55.439193] ? tc_del_tfilter+0xd40/0xd40 [ 55.443334] rtnetlink_rcv_msg+0x453/0xaf0 [ 55.447576] ? rtnetlink_put_metrics+0x520/0x520 [ 55.452342] ? find_held_lock+0x2d/0x110 [ 55.456400] netlink_rcv_skb+0x160/0x410 [ 55.460482] ? rtnetlink_put_metrics+0x520/0x520 [ 55.465281] ? netlink_ack+0xa60/0xa60 [ 55.469164] netlink_unicast+0x4d7/0x6a0 [ 55.473221] ? netlink_attachskb+0x710/0x710 [ 55.477628] netlink_sendmsg+0x80b/0xcd0 [ 55.481716] ? netlink_unicast+0x6a0/0x6a0 [ 55.485945] ? move_addr_to_kernel.part.0+0x110/0x110 [ 55.491123] ? netlink_unicast+0x6a0/0x6a0 [ 55.495342] sock_sendmsg+0xcf/0x120 [ 55.499049] ___sys_sendmsg+0x803/0x920 [ 55.503019] ? copy_msghdr_from_user+0x410/0x410 [ 55.507761] ? __fget+0x319/0x510 [ 55.511198] ? lock_downgrade+0x740/0x740 [ 55.515340] ? check_preemption_disabled+0x41/0x280 [ 55.520350] ? __fget+0x340/0x510 [ 55.523808] ? iterate_fd+0x350/0x350 [ 55.527597] ? find_held_lock+0x2d/0x110 [ 55.531680] ? __fd_install+0x1b4/0x610 [ 55.535649] ? __fget_light+0x1d1/0x230 [ 55.539996] __sys_sendmsg+0xec/0x1b0 [ 55.543786] ? __ia32_sys_shutdown+0x70/0x70 [ 55.548184] ? __x64_sys_futex+0x386/0x4f0 [ 55.552413] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 55.557157] ? trace_hardirqs_off_caller+0x55/0x210 [ 55.562159] ? do_syscall_64+0x21/0x620 [ 55.566127] do_syscall_64+0xf9/0x620 [ 55.569913] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.575082] RIP: 0033:0x446f59 [ 55.578256] Code: e8 4c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.597160] RSP: 002b:00007fb6989bfd98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.604862] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 0000000000446f59 [ 55.612128] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 55.619384] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 55.626641] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc6c [ 55.634860] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 55.642132] [ 55.642135] ====================================================== [ 55.642138] WARNING: possible circular locking dependency detected [ 55.642140] 4.19.111-syzkaller #0 Not tainted [ 55.642143] ------------------------------------------------------ [ 55.642146] syz-executor015/8242 is trying to acquire lock: [ 55.642148] 000000006ba0d142 ((console_sem).lock){-...}, at: down_trylock+0xe/0x60 [ 55.642155] [ 55.642158] but task is already holding lock: [ 55.642159] 00000000fca2f75c (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 55.642167] [ 55.642169] which lock already depends on the new lock. [ 55.642170] [ 55.642171] [ 55.642174] the existing dependency chain (in reverse order) is: [ 55.642175] [ 55.642176] -> #5 (&obj_hash[i].lock){-.-.}: [ 55.642184] debug_object_activate+0x131/0x4e0 [ 55.642186] enqueue_hrtimer+0x27/0x3f0 [ 55.642188] hrtimer_start_range_ns+0x580/0xbe0 [ 55.642191] schedule_hrtimeout_range_clock+0x17a/0x360 [ 55.642195] wait_task_inactive+0x443/0x550 [ 55.642197] __kthread_bind_mask+0x1f/0xb0 [ 55.642199] init_rescuer.part.0+0xf2/0x190 [ 55.642201] workqueue_init+0x504/0x7e9 [ 55.642203] kernel_init_freeable+0x2bd/0x5bb [ 55.642205] kernel_init+0xd/0x1c0 [ 55.642207] ret_from_fork+0x24/0x30 [ 55.642208] [ 55.642209] -> #4 (hrtimer_bases.lock){-.-.}: [ 55.642217] lock_hrtimer_base.isra.0+0x6d/0x120 [ 55.642219] hrtimer_start_range_ns+0xf5/0xbe0 [ 55.642221] enqueue_task_rt+0x97f/0xdf0 [ 55.642224] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 55.642226] _sched_setscheduler+0xee/0x180 [ 55.642228] watchdog_dev_init+0xdd/0x1ae [ 55.642230] watchdog_init+0x14/0x17e [ 55.642232] do_one_initcall+0xf1/0x734 [ 55.642234] kernel_init_freeable+0x4c9/0x5bb [ 55.642236] kernel_init+0xd/0x1c0 [ 55.642238] ret_from_fork+0x24/0x30 [ 55.642239] [ 55.642240] -> #3 (&rt_b->rt_runtime_lock){-...}: [ 55.642247] rq_online_rt+0xaf/0x390 [ 55.642250] set_rq_online.part.0+0xe3/0x140 [ 55.642252] sched_cpu_activate+0x17f/0x270 [ 55.642254] cpuhp_invoke_callback+0x213/0x1bb0 [ 55.642256] cpuhp_thread_fun+0x440/0x840 [ 55.642258] smpboot_thread_fn+0x653/0x9d0 [ 55.642260] kthread+0x34a/0x420 [ 55.642262] ret_from_fork+0x24/0x30 [ 55.642263] [ 55.642264] -> #2 (&rq->lock){-.-.}: [ 55.642271] task_fork_fair+0x6a/0x520 [ 55.642273] sched_fork+0x3a7/0x8b0 [ 55.642275] copy_process.part.0+0x187d/0x7a60 [ 55.642277] _do_fork+0x22f/0xf40 [ 55.642279] kernel_thread+0x2f/0x40 [ 55.642281] rest_init+0x1f/0x212 [ 55.642283] start_kernel+0x7e4/0x81c [ 55.642285] secondary_startup_64+0xa4/0xb0 [ 55.642286] [ 55.642287] -> #1 (&p->pi_lock){-.-.}: [ 55.642294] try_to_wake_up+0x80/0xe90 [ 55.642295] up+0x92/0xe0 [ 55.642297] __up_console_sem+0xb3/0x1c0 [ 55.642300] console_unlock+0x64d/0xfe0 [ 55.642302] vprintk_emit+0x282/0x6e0 [ 55.642303] vprintk_func+0x79/0x17e [ 55.642305] printk+0xba/0xed [ 55.642307] kauditd_hold_skb.cold+0x41/0x50 [ 55.642310] kauditd_send_queue+0x12d/0x170 [ 55.642312] kauditd_thread+0x6f4/0xa20 [ 55.642313] kthread+0x34a/0x420 [ 55.642315] ret_from_fork+0x24/0x30 [ 55.642316] [ 55.642318] -> #0 ((console_sem).lock){-...}: [ 55.642325] _raw_spin_lock_irqsave+0x8c/0xbf [ 55.642327] down_trylock+0xe/0x60 [ 55.642329] __down_trylock_console_sem+0xa3/0x210 [ 55.642331] console_trylock+0x12/0x90 [ 55.642333] vprintk_emit+0x269/0x6e0 [ 55.642335] vprintk_func+0x79/0x17e [ 55.642337] printk+0xba/0xed [ 55.642339] __warn_printk+0x9b/0xf3 [ 55.642341] debug_print_object+0x160/0x250 [ 55.642343] debug_object_activate+0x357/0x4e0 [ 55.642345] __call_rcu.constprop.0+0x31/0x7e0 [ 55.642347] queue_rcu_work+0x75/0x90 [ 55.642349] route4_change+0xe6a/0x2210 [ 55.642352] tc_new_tfilter+0xa6b/0x1450 [ 55.642354] rtnetlink_rcv_msg+0x453/0xaf0 [ 55.642356] netlink_rcv_skb+0x160/0x410 [ 55.642358] netlink_unicast+0x4d7/0x6a0 [ 55.642360] netlink_sendmsg+0x80b/0xcd0 [ 55.642362] sock_sendmsg+0xcf/0x120 [ 55.642364] ___sys_sendmsg+0x803/0x920 [ 55.642366] __sys_sendmsg+0xec/0x1b0 [ 55.642368] do_syscall_64+0xf9/0x620 [ 55.642370] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.642371] [ 55.642374] other info that might help us debug this: [ 55.642375] [ 55.642376] Chain exists of: [ 55.642377] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 55.642386] [ 55.642388] Possible unsafe locking scenario: [ 55.642390] [ 55.642392] CPU0 CPU1 [ 55.642394] ---- ---- [ 55.642395] lock(&obj_hash[i].lock); [ 55.642400] lock(hrtimer_bases.lock); [ 55.642405] lock(&obj_hash[i].lock); [ 55.642409] lock((console_sem).lock); [ 55.642412] [ 55.642414] *** DEADLOCK *** [ 55.642415] [ 55.642417] 2 locks held by syz-executor015/8242: [ 55.642418] #0: 000000008cc2d2b9 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 55.642427] #1: 00000000fca2f75c (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 55.642435] [ 55.642437] stack backtrace: [ 55.642440] CPU: 1 PID: 8242 Comm: syz-executor015 Not tainted 4.19.111-syzkaller #0 [ 55.642444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.642446] Call Trace: [ 55.642448] dump_stack+0x188/0x20d [ 55.642450] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 55.642452] __lock_acquire+0x2e19/0x49c0 [ 55.642454] ? add_lock_to_list.isra.0+0x179/0x330 [ 55.642456] ? save_trace+0xd6/0x290 [ 55.642458] ? mark_held_locks+0xf0/0xf0 [ 55.642460] ? format_decode+0x230/0xad0 [ 55.642462] ? kvm_clock_read+0x14/0x30 [ 55.642464] lock_acquire+0x170/0x400 [ 55.642466] ? down_trylock+0xe/0x60 [ 55.642468] _raw_spin_lock_irqsave+0x8c/0xbf [ 55.642470] ? down_trylock+0xe/0x60 [ 55.642472] down_trylock+0xe/0x60 [ 55.642474] ? vprintk_emit+0x269/0x6e0 [ 55.642476] __down_trylock_console_sem+0xa3/0x210 [ 55.642478] console_trylock+0x12/0x90 [ 55.642480] vprintk_emit+0x269/0x6e0 [ 55.642482] vprintk_func+0x79/0x17e [ 55.642484] printk+0xba/0xed [ 55.642486] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 55.642488] ? __warn_printk+0x8f/0xf3 [ 55.642490] __warn_printk+0x9b/0xf3 [ 55.642492] ? add_taint.cold+0x16/0x16 [ 55.642494] ? do_syscall_64+0xf9/0x620 [ 55.642496] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.642498] debug_print_object+0x160/0x250 [ 55.642501] debug_object_activate+0x357/0x4e0 [ 55.642503] ? debug_object_free+0x3e0/0x3e0 [ 55.642505] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 55.642507] ? route4_change+0xbab/0x2210 [ 55.642509] ? delayed_work_timer_fn+0x90/0x90 [ 55.642511] __call_rcu.constprop.0+0x31/0x7e0 [ 55.642513] ? mark_held_locks+0xa6/0xf0 [ 55.642515] queue_rcu_work+0x75/0x90 [ 55.642517] route4_change+0xe6a/0x2210 [ 55.642519] ? route4_init+0xa0/0xa0 [ 55.642521] ? route4_init+0xa0/0xa0 [ 55.642523] tc_new_tfilter+0xa6b/0x1450 [ 55.642525] ? tc_del_tfilter+0xd40/0xd40 [ 55.642527] ? __mutex_lock+0x3cd/0x1300 [ 55.642529] ? selinux_ipv4_output+0x50/0x50 [ 55.642531] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 55.642533] ? tc_del_tfilter+0xd40/0xd40 [ 55.642535] rtnetlink_rcv_msg+0x453/0xaf0 [ 55.642538] ? rtnetlink_put_metrics+0x520/0x520 [ 55.642540] ? find_held_lock+0x2d/0x110 [ 55.642542] netlink_rcv_skb+0x160/0x410 [ 55.642544] ? rtnetlink_put_metrics+0x520/0x520 [ 55.642546] ? netlink_ack+0xa60/0xa60 [ 55.642548] netlink_unicast+0x4d7/0x6a0 [ 55.642550] ? netlink_attachskb+0x710/0x710 [ 55.642553] netlink_sendmsg+0x80b/0xcd0 [ 55.642556] ? netlink_unicast+0x6a0/0x6a0 [ 55.642559] ? move_addr_to_kernel.part.0+0x110/0x110 [ 55.642561] ? netlink_unicast+0x6a0/0x6a0 [ 55.642563] sock_sendmsg+0xcf/0x120 [ 55.642565] ___sys_sendmsg+0x803/0x920 [ 55.642567] ? copy_msghdr_from_user+0x410/0x410 [ 55.642569] ? __fget+0x319/0x510 [ 55.642571] ? lock_downgrade+0x740/0x740 [ 55.642574] ? check_preemption_disabled+0x41/0x280 [ 55.642576] ? __fget+0x340/0x510 [ 55.642579] ? iterate_fd+0x350/0x350 [ 55.642581] ? find_held_lock+0x2d/0x110 [ 55.642583] ? __fd_install+0x1b4/0x610 [ 55.642585] ? __fget_light+0x1d1/0x230 [ 55.642587] __sys_sendmsg+0xec/0x1b0 [ 55.642589] ? __ia32_sys_shutdown+0x70/0x70 [ 55.642591] ? __x64_sys_futex+0x386/0x4f0 [ 55.642593] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 55.642596] ? trace_hardirqs_off_caller+0x55/0x210 [ 55.642598] ? do_syscall_64+0x21/0x620 [ 55.642600] do_syscall_64+0xf9/0x620 [ 55.642602] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.642604] RIP: 0033:0x446f59 [ 55.642611] Code: e8 4c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.642613] RSP: 002b:00007fb6989bfd98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.642619] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 0000000000446f59 [ 55.642622] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 55.642625] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 55.642628] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc6c [ 55.642631] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 55.643904] Kernel Offset: disabled [ 56.572969] Rebooting in 86400 seconds..