[ 45.019374] audit: type=1800 audit(1584925701.665:32): pid=7902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 49.605274] kauditd_printk_skb: 2 callbacks suppressed [ 49.605289] audit: type=1400 audit(1584925706.355:35): avc: denied { map } for pid=8075 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.52' (ECDSA) to the list of known hosts. executing program [ 59.421780] audit: type=1400 audit(1584925716.165:36): avc: denied { map } for pid=8087 comm="syz-executor017" path="/root/syz-executor017686063" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 59.443534] IPVS: ftp: loaded support on port[0] = 21 [ 59.486394] ------------[ cut here ]------------ [ 59.492266] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 59.501457] WARNING: CPU: 0 PID: 8091 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 59.510205] Kernel panic - not syncing: panic_on_warn set ... [ 59.510205] [ 59.517614] CPU: 0 PID: 8091 Comm: syz-executor017 Not tainted 4.19.112-syzkaller #0 [ 59.525483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.534846] Call Trace: [ 59.537437] dump_stack+0x188/0x20d [ 59.541064] panic+0x26a/0x50e [ 59.544246] ? __warn_printk+0xf3/0xf3 [ 59.548123] ? debug_print_object+0x160/0x250 [ 59.552601] ? __probe_kernel_read+0x16c/0x1b0 [ 59.557176] ? __warn.cold+0x5/0x46 [ 59.560787] ? __warn+0xe4/0x1c0 [ 59.564144] ? debug_print_object+0x160/0x250 [ 59.568626] __warn.cold+0x20/0x46 [ 59.572159] ? debug_print_object+0x160/0x250 [ 59.576641] report_bug+0x262/0x2a0 [ 59.580257] do_error_trap+0x1d7/0x310 [ 59.584144] ? math_error+0x310/0x310 [ 59.587929] ? irq_work_claim+0xa6/0xc0 [ 59.591891] ? irq_work_queue+0x2b/0x80 [ 59.595868] ? wake_up_klogd+0x8c/0xc0 [ 59.599923] ? trace_hardirqs_off_caller+0x55/0x210 [ 59.604929] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 59.609759] invalid_op+0x14/0x20 [ 59.613198] RIP: 0010:debug_print_object+0x160/0x250 [ 59.618299] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 9b f6 e6 fd <0f> 0b 83 05 23 a5 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 59.637219] RSP: 0018:ffff8880973ef268 EFLAGS: 00010086 [ 59.643100] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 59.650369] RDX: 0000000000000000 RSI: ffffffff8152d3a1 RDI: ffffed1012e7de3f [ 59.657625] RBP: 0000000000000001 R08: ffff888091a70700 R09: ffffed1015cc3ee3 [ 59.665109] R10: ffffed1015cc3ee2 R11: ffff8880ae61f717 R12: ffffffff88b928c0 [ 59.672383] R13: 0000000000000000 R14: ffff88809ffb8400 R15: 1ffff11012e7de5a [ 59.679730] ? vprintk_func+0x81/0x17e [ 59.683620] ? debug_print_object+0x160/0x250 [ 59.688102] debug_object_activate+0x357/0x4e0 [ 59.692669] ? debug_object_free+0x3e0/0x3e0 [ 59.697061] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 59.701631] ? route4_change+0xbab/0x2210 [ 59.705765] ? delayed_work_timer_fn+0x90/0x90 [ 59.710639] __call_rcu.constprop.0+0x31/0x7e0 [ 59.715238] ? mark_held_locks+0xa6/0xf0 [ 59.719297] queue_rcu_work+0x75/0x90 [ 59.723096] route4_change+0xe6a/0x2210 [ 59.727068] ? route4_init+0xa0/0xa0 [ 59.730769] ? route4_init+0xa0/0xa0 [ 59.734470] tc_new_tfilter+0xa6b/0x1450 [ 59.738520] ? tc_del_tfilter+0xd40/0xd40 [ 59.742719] ? __mutex_lock+0x3cd/0x1300 [ 59.746856] ? selinux_ipv4_output+0x50/0x50 [ 59.751334] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 59.755763] ? tc_del_tfilter+0xd40/0xd40 [ 59.759924] rtnetlink_rcv_msg+0x453/0xaf0 [ 59.764150] ? rtnetlink_put_metrics+0x520/0x520 [ 59.768898] ? find_held_lock+0x2d/0x110 [ 59.772962] netlink_rcv_skb+0x160/0x410 [ 59.777010] ? rtnetlink_put_metrics+0x520/0x520 [ 59.781762] ? netlink_ack+0xa60/0xa60 [ 59.785642] netlink_unicast+0x4d7/0x6a0 [ 59.789871] ? netlink_attachskb+0x710/0x710 [ 59.794282] netlink_sendmsg+0x80b/0xcd0 [ 59.798334] ? netlink_unicast+0x6a0/0x6a0 [ 59.802565] ? move_addr_to_kernel.part.0+0x110/0x110 [ 59.807746] ? netlink_unicast+0x6a0/0x6a0 [ 59.811992] sock_sendmsg+0xcf/0x120 [ 59.815723] ___sys_sendmsg+0x803/0x920 [ 59.820479] ? copy_msghdr_from_user+0x410/0x410 [ 59.825238] ? __fget+0x319/0x510 [ 59.828683] ? lock_downgrade+0x740/0x740 [ 59.832847] ? check_preemption_disabled+0x41/0x280 [ 59.837848] ? __fget+0x340/0x510 [ 59.841284] ? iterate_fd+0x350/0x350 [ 59.845072] ? __might_fault+0x192/0x1d0 [ 59.849130] ? _copy_to_user+0xb8/0x100 [ 59.853106] ? __fget_light+0x1d1/0x230 [ 59.857068] __sys_sendmsg+0xec/0x1b0 [ 59.860854] ? __ia32_sys_shutdown+0x70/0x70 [ 59.865258] ? __x64_sys_futex+0x386/0x4f0 [ 59.869494] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 59.874240] ? trace_hardirqs_off_caller+0x55/0x210 [ 59.879259] ? do_syscall_64+0x21/0x620 [ 59.883244] do_syscall_64+0xf9/0x620 [ 59.887044] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.892224] RIP: 0033:0x446e89 [ 59.895408] Code: e8 bc b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.914383] RSP: 002b:00007fc220589d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.922100] RAX: ffffffffffffffda RBX: 00000000006dbc78 RCX: 0000000000446e89 [ 59.929355] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 59.936611] RBP: 00000000006dbc70 R08: 0000000000000000 R09: 0000000000000000 [ 59.943866] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc7c [ 59.951120] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 59.958380] [ 59.958383] ====================================================== [ 59.958386] WARNING: possible circular locking dependency detected [ 59.958388] 4.19.112-syzkaller #0 Not tainted [ 59.958391] ------------------------------------------------------ [ 59.958394] syz-executor017/8091 is trying to acquire lock: [ 59.958395] 00000000c73f760c ((console_sem).lock){-.-.}, at: down_trylock+0xe/0x60 [ 59.958403] [ 59.958405] but task is already holding lock: [ 59.958407] 00000000a3c123da (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 59.958414] [ 59.958417] which lock already depends on the new lock. [ 59.958418] [ 59.958419] [ 59.958422] the existing dependency chain (in reverse order) is: [ 59.958423] [ 59.958424] -> #5 (&obj_hash[i].lock){-.-.}: [ 59.958431] debug_object_activate+0x131/0x4e0 [ 59.958433] enqueue_hrtimer+0x27/0x3f0 [ 59.958435] hrtimer_start_range_ns+0x580/0xbe0 [ 59.958438] schedule_hrtimeout_range_clock+0x17a/0x360 [ 59.958440] wait_task_inactive+0x443/0x550 [ 59.958442] __kthread_bind_mask+0x1f/0xb0 [ 59.958444] init_rescuer.part.0+0xf2/0x190 [ 59.958447] workqueue_init+0x504/0x7e9 [ 59.958449] kernel_init_freeable+0x2bd/0x5bb [ 59.958451] kernel_init+0xd/0x1c2 [ 59.958453] ret_from_fork+0x24/0x30 [ 59.958454] [ 59.958455] -> #4 (hrtimer_bases.lock){-.-.}: [ 59.958462] lock_hrtimer_base.isra.0+0x6d/0x120 [ 59.958464] hrtimer_start_range_ns+0xf5/0xbe0 [ 59.958466] enqueue_task_rt+0x97f/0xdf0 [ 59.958469] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 59.958471] _sched_setscheduler+0xee/0x180 [ 59.958473] watchdog_dev_init+0xdd/0x1ae [ 59.958475] watchdog_init+0x14/0x17e [ 59.958477] do_one_initcall+0xf1/0x734 [ 59.958480] kernel_init_freeable+0x4c9/0x5bb [ 59.958481] kernel_init+0xd/0x1c2 [ 59.958483] ret_from_fork+0x24/0x30 [ 59.958485] [ 59.958486] -> #3 (&rt_b->rt_runtime_lock){-...}: [ 59.958493] rq_online_rt+0xaf/0x390 [ 59.958495] set_rq_online.part.0+0xe3/0x140 [ 59.958497] sched_cpu_activate+0x17f/0x270 [ 59.958500] cpuhp_invoke_callback+0x213/0x1bb0 [ 59.958502] cpuhp_thread_fun+0x440/0x840 [ 59.958504] smpboot_thread_fn+0x653/0x9d0 [ 59.958506] kthread+0x34a/0x420 [ 59.958508] ret_from_fork+0x24/0x30 [ 59.958509] [ 59.958510] -> #2 (&rq->lock){-.-.}: [ 59.958517] task_fork_fair+0x6a/0x520 [ 59.958518] sched_fork+0x3a7/0x8b0 [ 59.958521] copy_process.part.0+0x187d/0x7a60 [ 59.958523] _do_fork+0x22f/0xf40 [ 59.958524] kernel_thread+0x2f/0x40 [ 59.958526] rest_init+0x1f/0x212 [ 59.958528] start_kernel+0x7e4/0x81c [ 59.958530] secondary_startup_64+0xa4/0xb0 [ 59.958531] [ 59.958533] -> #1 (&p->pi_lock){-.-.}: [ 59.958539] try_to_wake_up+0x80/0xe90 [ 59.958541] up+0x92/0xe0 [ 59.958543] __up_console_sem+0xb3/0x1c0 [ 59.958545] console_unlock+0x64d/0xfe0 [ 59.958547] vprintk_emit+0x282/0x6e0 [ 59.958549] vprintk_func+0x79/0x17e [ 59.958551] printk+0xba/0xed [ 59.958553] kauditd_hold_skb.cold+0x41/0x50 [ 59.958555] kauditd_send_queue+0x12d/0x170 [ 59.958557] kauditd_thread+0x6f4/0xa20 [ 59.958559] kthread+0x34a/0x420 [ 59.958561] ret_from_fork+0x24/0x30 [ 59.958562] [ 59.958564] -> #0 ((console_sem).lock){-.-.}: [ 59.958571] _raw_spin_lock_irqsave+0x8c/0xbf [ 59.958573] down_trylock+0xe/0x60 [ 59.958575] __down_trylock_console_sem+0xa3/0x210 [ 59.958577] console_trylock+0x12/0x90 [ 59.958579] vprintk_emit+0x269/0x6e0 [ 59.958581] vprintk_func+0x79/0x17e [ 59.958583] printk+0xba/0xed [ 59.958585] __warn_printk+0x9b/0xf3 [ 59.958587] debug_print_object+0x160/0x250 [ 59.958590] debug_object_activate+0x357/0x4e0 [ 59.958592] __call_rcu.constprop.0+0x31/0x7e0 [ 59.958594] queue_rcu_work+0x75/0x90 [ 59.958596] route4_change+0xe6a/0x2210 [ 59.958598] tc_new_tfilter+0xa6b/0x1450 [ 59.958600] rtnetlink_rcv_msg+0x453/0xaf0 [ 59.958602] netlink_rcv_skb+0x160/0x410 [ 59.958604] netlink_unicast+0x4d7/0x6a0 [ 59.958606] netlink_sendmsg+0x80b/0xcd0 [ 59.958608] sock_sendmsg+0xcf/0x120 [ 59.958610] ___sys_sendmsg+0x803/0x920 [ 59.958612] __sys_sendmsg+0xec/0x1b0 [ 59.958614] do_syscall_64+0xf9/0x620 [ 59.958617] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.958618] [ 59.958620] other info that might help us debug this: [ 59.958621] [ 59.958623] Chain exists of: [ 59.958624] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 59.958633] [ 59.958635] Possible unsafe locking scenario: [ 59.958636] [ 59.958638] CPU0 CPU1 [ 59.958640] ---- ---- [ 59.958641] lock(&obj_hash[i].lock); [ 59.958672] lock(hrtimer_bases.lock); [ 59.958677] lock(&obj_hash[i].lock); [ 59.958681] lock((console_sem).lock); [ 59.958685] [ 59.958686] *** DEADLOCK *** [ 59.958687] [ 59.958690] 2 locks held by syz-executor017/8091: [ 59.958691] #0: 00000000f1d9895b (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 59.958699] #1: 00000000a3c123da (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 59.958708] [ 59.958709] stack backtrace: [ 59.958713] CPU: 0 PID: 8091 Comm: syz-executor017 Not tainted 4.19.112-syzkaller #0 [ 59.958716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.958718] Call Trace: [ 59.958720] dump_stack+0x188/0x20d [ 59.958722] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 59.958724] __lock_acquire+0x2e19/0x49c0 [ 59.958727] ? add_lock_to_list.isra.0+0x179/0x330 [ 59.958729] ? save_trace+0xd6/0x290 [ 59.958731] ? mark_held_locks+0xf0/0xf0 [ 59.958733] ? format_decode+0x230/0xad0 [ 59.958735] ? kvm_clock_read+0x14/0x30 [ 59.958737] lock_acquire+0x170/0x400 [ 59.958738] ? down_trylock+0xe/0x60 [ 59.958741] _raw_spin_lock_irqsave+0x8c/0xbf [ 59.958743] ? down_trylock+0xe/0x60 [ 59.958744] down_trylock+0xe/0x60 [ 59.958746] ? vprintk_emit+0x269/0x6e0 [ 59.958749] __down_trylock_console_sem+0xa3/0x210 [ 59.958751] console_trylock+0x12/0x90 [ 59.958753] vprintk_emit+0x269/0x6e0 [ 59.958755] vprintk_func+0x79/0x17e [ 59.958756] printk+0xba/0xed [ 59.958759] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 59.958761] ? __warn_printk+0x8f/0xf3 [ 59.958763] __warn_printk+0x9b/0xf3 [ 59.958765] ? add_taint.cold+0x16/0x16 [ 59.958767] ? do_syscall_64+0xf9/0x620 [ 59.958769] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.958771] debug_print_object+0x160/0x250 [ 59.958774] debug_object_activate+0x357/0x4e0 [ 59.958776] ? debug_object_free+0x3e0/0x3e0 [ 59.958778] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 59.958780] ? route4_change+0xbab/0x2210 [ 59.958783] ? delayed_work_timer_fn+0x90/0x90 [ 59.958785] __call_rcu.constprop.0+0x31/0x7e0 [ 59.958787] ? mark_held_locks+0xa6/0xf0 [ 59.958789] queue_rcu_work+0x75/0x90 [ 59.958791] route4_change+0xe6a/0x2210 [ 59.958793] ? route4_init+0xa0/0xa0 [ 59.958795] ? route4_init+0xa0/0xa0 [ 59.958797] tc_new_tfilter+0xa6b/0x1450 [ 59.958799] ? tc_del_tfilter+0xd40/0xd40 [ 59.958801] ? __mutex_lock+0x3cd/0x1300 [ 59.958803] ? selinux_ipv4_output+0x50/0x50 [ 59.958805] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 59.958807] ? tc_del_tfilter+0xd40/0xd40 [ 59.958809] rtnetlink_rcv_msg+0x453/0xaf0 [ 59.958811] ? rtnetlink_put_metrics+0x520/0x520 [ 59.958813] ? find_held_lock+0x2d/0x110 [ 59.958815] netlink_rcv_skb+0x160/0x410 [ 59.958818] ? rtnetlink_put_metrics+0x520/0x520 [ 59.958820] ? netlink_ack+0xa60/0xa60 [ 59.958822] netlink_unicast+0x4d7/0x6a0 [ 59.958824] ? netlink_attachskb+0x710/0x710 [ 59.958826] netlink_sendmsg+0x80b/0xcd0 [ 59.958828] ? netlink_unicast+0x6a0/0x6a0 [ 59.958831] ? move_addr_to_kernel.part.0+0x110/0x110 [ 59.958833] ? netlink_unicast+0x6a0/0x6a0 [ 59.958835] sock_sendmsg+0xcf/0x120 [ 59.958837] ___sys_sendmsg+0x803/0x920 [ 59.958839] ? copy_msghdr_from_user+0x410/0x410 [ 59.958841] ? __fget+0x319/0x510 [ 59.958843] ? lock_downgrade+0x740/0x740 [ 59.958845] ? check_preemption_disabled+0x41/0x280 [ 59.958847] ? __fget+0x340/0x510 [ 59.958849] ? iterate_fd+0x350/0x350 [ 59.958851] ? __might_fault+0x192/0x1d0 [ 59.958854] ? _copy_to_user+0xb8/0x100 [ 59.958857] ? __fget_light+0x1d1/0x230 [ 59.958860] __sys_sendmsg+0xec/0x1b0 [ 59.958864] ? __ia32_sys_shutdown+0x70/0x70 [ 59.958867] ? __x64_sys_futex+0x386/0x4f0 [ 59.958871] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 59.958875] ? trace_hardirqs_off_caller+0x55/0x210 [ 59.958879] ? do_syscall_64+0x21/0x620 [ 59.958882] do_syscall_64+0xf9/0x620 [ 59.958887] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.958891] RIP: 0033:0x446e89 [ 59.958902] Code: e8 bc b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.958906] RSP: 002b:00007fc220589d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.958912] RAX: ffffffffffffffda RBX: 00000000006dbc78 RCX: 0000000000446e89 [ 59.958915] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 59.958918] RBP: 00000000006dbc70 R08: 0000000000000000 R09: 0000000000000000 [ 59.958921] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc7c [ 59.958924] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 59.960380] Kernel Offset: disabled [ 60.888362] Rebooting in 86400 seconds..