Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. [ 59.959828] audit: type=1400 audit(1585019747.090:36): avc: denied { map } for pid=8103 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2020/03/24 03:15:47 parsed 1 programs [ 61.630768] audit: type=1400 audit(1585019748.760:37): avc: denied { map } for pid=8103 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=43 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2020/03/24 03:15:48 executed programs: 0 [ 61.811527] IPVS: ftp: loaded support on port[0] = 21 [ 61.877089] chnl_net:caif_netlink_parms(): no params data found [ 61.929141] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.936274] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.943845] device bridge_slave_0 entered promiscuous mode [ 61.951973] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.958369] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.966102] device bridge_slave_1 entered promiscuous mode [ 61.984108] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 61.993769] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 62.011839] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 62.019421] team0: Port device team_slave_0 added [ 62.025466] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 62.033000] team0: Port device team_slave_1 added [ 62.047447] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.054058] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.079370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.092307] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.098595] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.124453] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.135890] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 62.143599] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 62.222898] device hsr_slave_0 entered promiscuous mode [ 62.300990] device hsr_slave_1 entered promiscuous mode [ 62.341667] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 62.349299] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 62.402626] audit: type=1400 audit(1585019749.540:38): avc: denied { create } for pid=8119 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 62.426241] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.427029] audit: type=1400 audit(1585019749.540:39): avc: denied { write } for pid=8119 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 62.433339] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.457344] audit: type=1400 audit(1585019749.540:40): avc: denied { read } for pid=8119 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 62.464170] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.493913] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.533099] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 62.539200] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.548086] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.558298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.577266] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.585758] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.593862] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 62.604878] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 62.611167] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.620948] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.628679] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.635191] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.651494] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.659162] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.665574] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.675475] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.684028] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 62.703081] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 62.711295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.719635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.728902] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 62.735633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 62.749142] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 62.758412] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 62.765572] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 62.776822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.790387] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 62.801284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 62.843466] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 62.851443] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 62.858123] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 62.868582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.876720] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 62.883982] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 62.894744] device veth0_vlan entered promiscuous mode [ 62.905333] device veth1_vlan entered promiscuous mode [ 62.920219] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 62.930331] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 62.937665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 62.946543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 62.955913] device veth0_macvtap entered promiscuous mode [ 62.962904] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 62.972238] device veth1_macvtap entered promiscuous mode [ 62.978514] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 62.987420] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 62.997843] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 63.007698] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 63.015007] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.022087] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 63.029469] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 63.036897] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 63.044989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 63.055947] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 63.063367] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.069930] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 63.077980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 63.191915] audit: type=1400 audit(1585019750.330:41): avc: denied { associate } for pid=8119 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 63.680436] ------------[ cut here ]------------ [ 63.686923] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 63.696218] WARNING: CPU: 0 PID: 8231 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 63.705164] Kernel panic - not syncing: panic_on_warn set ... [ 63.705164] [ 63.712631] CPU: 0 PID: 8231 Comm: syz-executor.0 Not tainted 4.19.112-syzkaller #0 [ 63.720418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.729771] Call Trace: [ 63.732354] dump_stack+0x188/0x20d [ 63.735977] panic+0x26a/0x50e [ 63.739175] ? __warn_printk+0xf3/0xf3 [ 63.743061] ? debug_print_object+0x160/0x250 [ 63.747559] ? __probe_kernel_read+0x16c/0x1b0 [ 63.752150] ? __warn.cold+0x5/0x46 [ 63.756088] ? __warn+0xe4/0x1c0 [ 63.759454] ? debug_print_object+0x160/0x250 [ 63.763957] __warn.cold+0x20/0x46 [ 63.767545] ? debug_print_object+0x160/0x250 [ 63.772042] report_bug+0x262/0x2a0 [ 63.775713] do_error_trap+0x1d7/0x310 [ 63.779600] ? math_error+0x310/0x310 [ 63.783498] ? irq_work_claim+0xa6/0xc0 [ 63.787475] ? irq_work_queue+0x2b/0x80 [ 63.791444] ? wake_up_klogd+0x8c/0xc0 [ 63.795341] ? trace_hardirqs_off_caller+0x55/0x210 [ 63.800368] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 63.805415] invalid_op+0x14/0x20 [ 63.809280] RIP: 0010:debug_print_object+0x160/0x250 [ 63.814680] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 9b f6 e6 fd <0f> 0b 83 05 23 a5 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 63.834072] RSP: 0018:ffff8880a478f268 EFLAGS: 00010086 [ 63.839431] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 63.846706] RDX: 0000000000000000 RSI: ffffffff8152d3a1 RDI: ffffed10148f1e3f [ 63.854027] RBP: 0000000000000001 R08: ffff888092952040 R09: ffffed1015cc3ee3 [ 63.861308] R10: ffffed1015cc3ee2 R11: ffff8880ae61f717 R12: ffffffff88b928c0 [ 63.869799] R13: 0000000000000000 R14: ffff888089950358 R15: 1ffff110148f1e5a [ 63.877073] ? vprintk_func+0x81/0x17e [ 63.881030] ? debug_print_object+0x160/0x250 [ 63.885587] debug_object_activate+0x357/0x4e0 [ 63.890255] ? debug_object_free+0x3e0/0x3e0 [ 63.894671] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 63.899265] ? route4_change+0xbab/0x2210 [ 63.903592] ? delayed_work_timer_fn+0x90/0x90 [ 63.908193] __call_rcu.constprop.0+0x31/0x7e0 [ 63.912773] ? mark_held_locks+0xa6/0xf0 [ 63.916830] queue_rcu_work+0x75/0x90 [ 63.920639] route4_change+0xe6a/0x2210 [ 63.924605] ? route4_init+0xa0/0xa0 [ 63.928319] ? route4_init+0xa0/0xa0 [ 63.932016] tc_new_tfilter+0xa6b/0x1450 [ 63.936060] ? tc_del_tfilter+0xd40/0xd40 [ 63.940194] ? __mutex_lock+0x3cd/0x1300 [ 63.944241] ? selinux_ipv4_output+0x50/0x50 [ 63.948648] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 63.953056] ? kfree_skbmem+0xc1/0x140 [ 63.956945] ? tc_del_tfilter+0xd40/0xd40 [ 63.961094] rtnetlink_rcv_msg+0x453/0xaf0 [ 63.965378] ? rtnetlink_put_metrics+0x520/0x520 [ 63.970138] ? netdev_pick_tx+0x2f0/0x2f0 [ 63.974278] ? __copy_skb_header+0x2c0/0x510 [ 63.978676] ? sock_spd_release+0x270/0x270 [ 63.983001] netlink_rcv_skb+0x160/0x410 [ 63.987077] ? rtnetlink_put_metrics+0x520/0x520 [ 63.991957] ? netlink_ack+0xa60/0xa60 [ 63.995842] netlink_unicast+0x4d7/0x6a0 [ 64.000003] ? netlink_attachskb+0x710/0x710 [ 64.004403] netlink_sendmsg+0x80b/0xcd0 [ 64.008470] ? netlink_unicast+0x6a0/0x6a0 [ 64.012717] ? move_addr_to_kernel.part.0+0x110/0x110 [ 64.017907] ? netlink_unicast+0x6a0/0x6a0 [ 64.022132] sock_sendmsg+0xcf/0x120 [ 64.025855] ___sys_sendmsg+0x803/0x920 [ 64.029989] ? copy_msghdr_from_user+0x410/0x410 [ 64.034772] ? __fget+0x319/0x510 [ 64.038231] ? lock_downgrade+0x740/0x740 [ 64.042387] ? check_preemption_disabled+0x41/0x280 [ 64.047433] ? __fget+0x340/0x510 [ 64.050915] ? iterate_fd+0x350/0x350 [ 64.054719] ? __fget_light+0x1d1/0x230 [ 64.058750] __sys_sendmsg+0xec/0x1b0 [ 64.062544] ? __ia32_sys_shutdown+0x70/0x70 [ 64.066945] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 64.071745] ? trace_hardirqs_off_caller+0x55/0x210 [ 64.076782] ? do_syscall_64+0x21/0x620 [ 64.080788] do_syscall_64+0xf9/0x620 [ 64.084859] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.090248] RIP: 0033:0x45c849 [ 64.094486] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.113385] RSP: 002b:00007f97f4370c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 64.121088] RAX: ffffffffffffffda RBX: 00007f97f43716d4 RCX: 000000000045c849 [ 64.128349] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005 [ 64.135609] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 64.142943] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 64.150287] R13: 00000000000009f9 R14: 00000000004ccb11 R15: 000000000076bf0c [ 64.157601] [ 64.157604] ====================================================== [ 64.157607] WARNING: possible circular locking dependency detected [ 64.157609] 4.19.112-syzkaller #0 Not tainted [ 64.157612] ------------------------------------------------------ [ 64.157615] syz-executor.0/8231 is trying to acquire lock: [ 64.157617] 00000000819958c4 ((console_sem).lock){-.-.}, at: down_trylock+0xe/0x60 [ 64.157624] [ 64.157626] but task is already holding lock: [ 64.157628] 000000008b3ff5c3 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 64.157635] [ 64.157638] which lock already depends on the new lock. [ 64.157639] [ 64.157640] [ 64.157643] the existing dependency chain (in reverse order) is: [ 64.157644] [ 64.157645] -> #5 (&obj_hash[i].lock){-.-.}: [ 64.157653] debug_object_activate+0x131/0x4e0 [ 64.157655] enqueue_hrtimer+0x27/0x3f0 [ 64.157657] hrtimer_start_range_ns+0x580/0xbe0 [ 64.157659] schedule_hrtimeout_range_clock+0x17a/0x360 [ 64.157661] wait_task_inactive+0x443/0x550 [ 64.157664] __kthread_bind_mask+0x1f/0xb0 [ 64.157666] init_rescuer.part.0+0xf2/0x190 [ 64.157668] workqueue_init+0x504/0x7e9 [ 64.157670] kernel_init_freeable+0x2bd/0x5bb [ 64.157672] kernel_init+0xd/0x1c2 [ 64.157674] ret_from_fork+0x24/0x30 [ 64.157675] [ 64.157676] -> #4 (hrtimer_bases.lock){-.-.}: [ 64.157683] lock_hrtimer_base.isra.0+0x6d/0x120 [ 64.157686] hrtimer_start_range_ns+0xf5/0xbe0 [ 64.157688] enqueue_task_rt+0x97f/0xdf0 [ 64.157690] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 64.157692] _sched_setscheduler+0xee/0x180 [ 64.157694] watchdog_dev_init+0xdd/0x1ae [ 64.157696] watchdog_init+0x14/0x17e [ 64.157698] do_one_initcall+0xf1/0x734 [ 64.157701] kernel_init_freeable+0x4c9/0x5bb [ 64.157703] kernel_init+0xd/0x1c2 [ 64.157705] ret_from_fork+0x24/0x30 [ 64.157706] [ 64.157707] -> #3 (&rt_b->rt_runtime_lock){-.-.}: [ 64.157715] rq_online_rt+0xaf/0x390 [ 64.157719] set_rq_online.part.0+0xe3/0x140 [ 64.157722] sched_cpu_activate+0x17f/0x270 [ 64.157724] cpuhp_invoke_callback+0x213/0x1bb0 [ 64.157727] cpuhp_thread_fun+0x440/0x840 [ 64.157729] smpboot_thread_fn+0x653/0x9d0 [ 64.157731] kthread+0x34a/0x420 [ 64.157732] ret_from_fork+0x24/0x30 [ 64.157734] [ 64.157735] -> #2 (&rq->lock){-.-.}: [ 64.157741] task_fork_fair+0x6a/0x520 [ 64.157743] sched_fork+0x3a7/0x8b0 [ 64.157746] copy_process.part.0+0x187d/0x7a60 [ 64.157747] _do_fork+0x22f/0xf40 [ 64.157749] kernel_thread+0x2f/0x40 [ 64.157751] rest_init+0x1f/0x212 [ 64.157753] start_kernel+0x7e4/0x81c [ 64.157755] secondary_startup_64+0xa4/0xb0 [ 64.157756] [ 64.157758] -> #1 (&p->pi_lock){-.-.}: [ 64.157764] try_to_wake_up+0x80/0xe90 [ 64.157766] up+0x92/0xe0 [ 64.157768] __up_console_sem+0xb3/0x1c0 [ 64.157770] console_unlock+0x64d/0xfe0 [ 64.157772] vprintk_emit+0x282/0x6e0 [ 64.157774] vprintk_func+0x79/0x17e [ 64.157776] printk+0xba/0xed [ 64.157778] kauditd_hold_skb.cold+0x41/0x50 [ 64.157780] kauditd_send_queue+0x12d/0x170 [ 64.157782] kauditd_thread+0x6f4/0xa20 [ 64.157784] kthread+0x34a/0x420 [ 64.157786] ret_from_fork+0x24/0x30 [ 64.157787] [ 64.157788] -> #0 ((console_sem).lock){-.-.}: [ 64.157796] _raw_spin_lock_irqsave+0x8c/0xbf [ 64.157798] down_trylock+0xe/0x60 [ 64.157800] __down_trylock_console_sem+0xa3/0x210 [ 64.157802] console_trylock+0x12/0x90 [ 64.157804] vprintk_emit+0x269/0x6e0 [ 64.157806] vprintk_func+0x79/0x17e [ 64.157808] printk+0xba/0xed [ 64.157810] __warn_printk+0x9b/0xf3 [ 64.157812] debug_print_object+0x160/0x250 [ 64.157814] debug_object_activate+0x357/0x4e0 [ 64.157817] __call_rcu.constprop.0+0x31/0x7e0 [ 64.157819] queue_rcu_work+0x75/0x90 [ 64.157821] route4_change+0xe6a/0x2210 [ 64.157823] tc_new_tfilter+0xa6b/0x1450 [ 64.157825] rtnetlink_rcv_msg+0x453/0xaf0 [ 64.157827] netlink_rcv_skb+0x160/0x410 [ 64.157829] netlink_unicast+0x4d7/0x6a0 [ 64.157831] netlink_sendmsg+0x80b/0xcd0 [ 64.157833] sock_sendmsg+0xcf/0x120 [ 64.157835] ___sys_sendmsg+0x803/0x920 [ 64.157837] __sys_sendmsg+0xec/0x1b0 [ 64.157839] do_syscall_64+0xf9/0x620 [ 64.157841] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.157842] [ 64.157845] other info that might help us debug this: [ 64.157846] [ 64.157847] Chain exists of: [ 64.157848] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 64.157858] [ 64.157860] Possible unsafe locking scenario: [ 64.157861] [ 64.157863] CPU0 CPU1 [ 64.157865] ---- ---- [ 64.157866] lock(&obj_hash[i].lock); [ 64.157871] lock(hrtimer_bases.lock); [ 64.157876] lock(&obj_hash[i].lock); [ 64.157880] lock((console_sem).lock); [ 64.157884] [ 64.157885] *** DEADLOCK *** [ 64.157886] [ 64.157888] 2 locks held by syz-executor.0/8231: [ 64.157890] #0: 0000000020811671 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 64.157898] #1: 000000008b3ff5c3 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 64.157906] [ 64.157908] stack backtrace: [ 64.157911] CPU: 0 PID: 8231 Comm: syz-executor.0 Not tainted 4.19.112-syzkaller #0 [ 64.157915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.157917] Call Trace: [ 64.157919] dump_stack+0x188/0x20d [ 64.157921] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 64.157923] __lock_acquire+0x2e19/0x49c0 [ 64.157925] ? add_lock_to_list.isra.0+0x179/0x330 [ 64.157927] ? save_trace+0xd6/0x290 [ 64.157929] ? mark_held_locks+0xf0/0xf0 [ 64.157931] ? format_decode+0x230/0xad0 [ 64.157937] ? kvm_clock_read+0x14/0x30 [ 64.157939] lock_acquire+0x170/0x400 [ 64.157941] ? down_trylock+0xe/0x60 [ 64.157943] _raw_spin_lock_irqsave+0x8c/0xbf [ 64.157945] ? down_trylock+0xe/0x60 [ 64.157947] down_trylock+0xe/0x60 [ 64.157949] ? vprintk_emit+0x269/0x6e0 [ 64.157951] __down_trylock_console_sem+0xa3/0x210 [ 64.157953] console_trylock+0x12/0x90 [ 64.157955] vprintk_emit+0x269/0x6e0 [ 64.157957] vprintk_func+0x79/0x17e [ 64.157958] printk+0xba/0xed [ 64.157961] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 64.157963] ? __warn_printk+0x8f/0xf3 [ 64.157965] __warn_printk+0x9b/0xf3 [ 64.157967] ? add_taint.cold+0x16/0x16 [ 64.157969] ? do_syscall_64+0xf9/0x620 [ 64.157971] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.157973] debug_print_object+0x160/0x250 [ 64.157975] debug_object_activate+0x357/0x4e0 [ 64.157977] ? debug_object_free+0x3e0/0x3e0 [ 64.157980] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 64.157982] ? route4_change+0xbab/0x2210 [ 64.157984] ? delayed_work_timer_fn+0x90/0x90 [ 64.157986] __call_rcu.constprop.0+0x31/0x7e0 [ 64.157988] ? mark_held_locks+0xa6/0xf0 [ 64.157990] queue_rcu_work+0x75/0x90 [ 64.157992] route4_change+0xe6a/0x2210 [ 64.157994] ? route4_init+0xa0/0xa0 [ 64.157996] ? route4_init+0xa0/0xa0 [ 64.157998] tc_new_tfilter+0xa6b/0x1450 [ 64.158000] ? tc_del_tfilter+0xd40/0xd40 [ 64.158002] ? __mutex_lock+0x3cd/0x1300 [ 64.158004] ? selinux_ipv4_output+0x50/0x50 [ 64.158006] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 64.158008] ? kfree_skbmem+0xc1/0x140 [ 64.158010] ? tc_del_tfilter+0xd40/0xd40 [ 64.158012] rtnetlink_rcv_msg+0x453/0xaf0 [ 64.158014] ? rtnetlink_put_metrics+0x520/0x520 [ 64.158016] ? netdev_pick_tx+0x2f0/0x2f0 [ 64.158019] ? __copy_skb_header+0x2c0/0x510 [ 64.158021] ? sock_spd_release+0x270/0x270 [ 64.158023] netlink_rcv_skb+0x160/0x410 [ 64.158025] ? rtnetlink_put_metrics+0x520/0x520 [ 64.158027] ? netlink_ack+0xa60/0xa60 [ 64.158029] netlink_unicast+0x4d7/0x6a0 [ 64.158031] ? netlink_attachskb+0x710/0x710 [ 64.158033] netlink_sendmsg+0x80b/0xcd0 [ 64.158035] ? netlink_unicast+0x6a0/0x6a0 [ 64.158038] ? move_addr_to_kernel.part.0+0x110/0x110 [ 64.158040] ? netlink_unicast+0x6a0/0x6a0 [ 64.158042] sock_sendmsg+0xcf/0x120 [ 64.158044] ___sys_sendmsg+0x803/0x920 [ 64.158046] ? copy_msghdr_from_user+0x410/0x410 [ 64.158048] ? __fget+0x319/0x510 [ 64.158050] ? lock_downgrade+0x740/0x740 [ 64.158052] ? check_preemption_disabled+0x41/0x280 [ 64.158054] ? __fget+0x340/0x510 [ 64.158056] ? iterate_fd+0x350/0x350 [ 64.158058] ? __fget_light+0x1d1/0x230 [ 64.158060] __sys_sendmsg+0xec/0x1b0 [ 64.158062] ? __ia32_sys_shutdown+0x70/0x70 [ 64.158064] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 64.158067] ? trace_hardirqs_off_caller+0x55/0x210 [ 64.158069] ? do_syscall_64+0x21/0x620 [ 64.158070] do_syscall_64+0xf9/0x620 [ 64.158073] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.158075] RIP: 0033:0x45c849 [ 64.158082] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.158084] RSP: 002b:00007f97f4370c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 64.158089] RAX: ffffffffffffffda RBX: 00007f97f43716d4 RCX: 000000000045c849 [ 64.158092] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005 [ 64.158095] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 64.158098] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 64.158101] R13: 00000000000009f9 R14: 00000000004ccb11 R15: 000000000076bf0c [ 64.159630] Kernel Offset: disabled [ 65.100389] Rebooting in 86400 seconds..