[ 46.527487] audit: type=1800 audit(1584398542.743:30): pid=8175 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 51.211081] kauditd_printk_skb: 4 callbacks suppressed [ 51.211094] audit: type=1400 audit(1584398547.453:35): avc: denied { map } for pid=8346 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.220' (ECDSA) to the list of known hosts. executing program [ 58.031895] audit: type=1400 audit(1584398554.273:36): avc: denied { map } for pid=8358 comm="syz-executor464" path="/root/syz-executor464124032" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 58.050045] IPVS: ftp: loaded support on port[0] = 21 [ 58.101560] ------------[ cut here ]------------ [ 58.107311] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 58.116555] WARNING: CPU: 1 PID: 8361 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 58.125296] Kernel panic - not syncing: panic_on_warn set ... [ 58.125296] [ 58.132663] CPU: 1 PID: 8361 Comm: syz-executor464 Not tainted 4.19.110-syzkaller #0 [ 58.140547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.149905] Call Trace: [ 58.152493] dump_stack+0x188/0x20d [ 58.156142] panic+0x26a/0x50e [ 58.159345] ? __warn_printk+0xf3/0xf3 [ 58.163238] ? debug_print_object+0x160/0x250 [ 58.167745] ? __probe_kernel_read+0x16c/0x1b0 [ 58.173371] ? __warn.cold+0x5/0x46 [ 58.176983] ? __warn+0xe4/0x1c0 [ 58.180384] ? debug_print_object+0x160/0x250 [ 58.184878] __warn.cold+0x20/0x46 [ 58.188605] ? debug_print_object+0x160/0x250 [ 58.193113] report_bug+0x262/0x2a0 [ 58.196741] do_error_trap+0x1d7/0x310 [ 58.200641] ? math_error+0x310/0x310 [ 58.204444] ? irq_work_claim+0xa6/0xc0 [ 58.208410] ? irq_work_queue+0x2b/0x80 [ 58.212370] ? wake_up_klogd+0x8c/0xc0 [ 58.216247] ? trace_hardirqs_off_caller+0x55/0x210 [ 58.221251] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 58.226086] invalid_op+0x14/0x20 [ 58.229552] RIP: 0010:debug_print_object+0x160/0x250 [ 58.234650] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 9b f8 e6 fd <0f> 0b 83 05 a3 a5 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 58.253542] RSP: 0018:ffff8880986cf268 EFLAGS: 00010086 [ 58.258900] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 58.266162] RDX: 0000000000000000 RSI: ffffffff8152d2f1 RDI: ffffed10130d9e3f [ 58.273529] RBP: 0000000000000001 R08: ffff8880929d8600 R09: ffffed1015ce3ee3 [ 58.280788] R10: ffffed1015ce3ee2 R11: ffff8880ae71f717 R12: ffffffff88b928c0 [ 58.288041] R13: 0000000000000000 R14: ffff88809dc054a8 R15: 1ffff110130d9e5a [ 58.295404] ? vprintk_func+0x81/0x17e [ 58.299283] ? debug_print_object+0x160/0x250 [ 58.303773] debug_object_activate+0x357/0x4e0 [ 58.308345] ? debug_object_free+0x3e0/0x3e0 [ 58.312752] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 58.317360] ? route4_change+0xbab/0x2210 [ 58.321499] ? delayed_work_timer_fn+0x90/0x90 [ 58.326152] __call_rcu.constprop.0+0x31/0x7e0 [ 58.330721] ? mark_held_locks+0xa6/0xf0 [ 58.334779] queue_rcu_work+0x75/0x90 [ 58.338570] route4_change+0xe6a/0x2210 [ 58.342540] ? route4_init+0xa0/0xa0 [ 58.346253] ? route4_init+0xa0/0xa0 [ 58.349958] tc_new_tfilter+0xa6b/0x1450 [ 58.354022] ? tc_del_tfilter+0xd40/0xd40 [ 58.358177] ? __mutex_lock+0x3cd/0x1300 [ 58.362230] ? selinux_ipv4_output+0x50/0x50 [ 58.366638] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 58.371038] ? tc_del_tfilter+0xd40/0xd40 [ 58.375185] rtnetlink_rcv_msg+0x453/0xaf0 [ 58.379411] ? rtnetlink_put_metrics+0x520/0x520 [ 58.384168] ? find_held_lock+0x2d/0x110 [ 58.388229] netlink_rcv_skb+0x160/0x410 [ 58.392291] ? rtnetlink_put_metrics+0x520/0x520 [ 58.397048] ? netlink_ack+0xa60/0xa60 [ 58.400940] netlink_unicast+0x4d7/0x6a0 [ 58.405004] ? netlink_attachskb+0x710/0x710 [ 58.409402] netlink_sendmsg+0x80b/0xcd0 [ 58.413452] ? netlink_unicast+0x6a0/0x6a0 [ 58.417684] ? move_addr_to_kernel.part.0+0x110/0x110 [ 58.422877] ? netlink_unicast+0x6a0/0x6a0 [ 58.427128] sock_sendmsg+0xcf/0x120 [ 58.430842] ___sys_sendmsg+0x803/0x920 [ 58.434837] ? copy_msghdr_from_user+0x410/0x410 [ 58.439580] ? __fget+0x319/0x510 [ 58.443035] ? lock_downgrade+0x740/0x740 [ 58.447167] ? check_preemption_disabled+0x41/0x280 [ 58.452169] ? __fget+0x340/0x510 [ 58.455622] ? iterate_fd+0x350/0x350 [ 58.459410] ? find_held_lock+0x2d/0x110 [ 58.463458] ? __fd_install+0x1b4/0x610 [ 58.467424] ? __fget_light+0x1d1/0x230 [ 58.471429] __sys_sendmsg+0xec/0x1b0 [ 58.475257] ? __ia32_sys_shutdown+0x70/0x70 [ 58.479658] ? __x64_sys_futex+0x386/0x4f0 [ 58.483885] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 58.488644] ? trace_hardirqs_off_caller+0x55/0x210 [ 58.493669] ? do_syscall_64+0x21/0x620 [ 58.497636] do_syscall_64+0xf9/0x620 [ 58.501431] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.506603] RIP: 0033:0x446ec9 [ 58.509791] Code: e8 4c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.528744] RSP: 002b:00007fe9b0da8d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.536453] RAX: ffffffffffffffda RBX: 00000000006dcc78 RCX: 0000000000446ec9 [ 58.543723] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 58.551001] RBP: 00000000006dcc70 R08: 0000000000000000 R09: 0000000000000000 [ 58.558274] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc7c [ 58.565532] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 58.572813] [ 58.572816] ====================================================== [ 58.572819] WARNING: possible circular locking dependency detected [ 58.572821] 4.19.110-syzkaller #0 Not tainted [ 58.572824] ------------------------------------------------------ [ 58.572827] syz-executor464/8361 is trying to acquire lock: [ 58.572829] 0000000090d82825 ((console_sem).lock){-...}, at: down_trylock+0xe/0x60 [ 58.572836] [ 58.572838] but task is already holding lock: [ 58.572840] 000000003c23b5a9 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 58.572847] [ 58.572850] which lock already depends on the new lock. [ 58.572851] [ 58.572852] [ 58.572854] the existing dependency chain (in reverse order) is: [ 58.572856] [ 58.572857] -> #5 (&obj_hash[i].lock){-.-.}: [ 58.572864] debug_object_activate+0x131/0x4e0 [ 58.572866] enqueue_hrtimer+0x27/0x3f0 [ 58.572868] hrtimer_start_range_ns+0x580/0xbe0 [ 58.572871] schedule_hrtimeout_range_clock+0x17a/0x360 [ 58.572873] wait_task_inactive+0x443/0x550 [ 58.572875] __kthread_bind_mask+0x1f/0xb0 [ 58.572877] init_rescuer.part.0+0xf2/0x190 [ 58.572879] workqueue_init+0x504/0x7e9 [ 58.572881] kernel_init_freeable+0x2bd/0x5bb [ 58.572883] kernel_init+0xd/0x1c0 [ 58.572885] ret_from_fork+0x24/0x30 [ 58.572886] [ 58.572887] -> #4 (hrtimer_bases.lock){-.-.}: [ 58.572894] lock_hrtimer_base.isra.0+0x6d/0x120 [ 58.572897] hrtimer_start_range_ns+0xf5/0xbe0 [ 58.572899] enqueue_task_rt+0x97f/0xdf0 [ 58.572901] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 58.572903] _sched_setscheduler+0xee/0x180 [ 58.572905] watchdog_dev_init+0xdd/0x1ae [ 58.572907] watchdog_init+0x14/0x17e [ 58.572909] do_one_initcall+0xf1/0x734 [ 58.572911] kernel_init_freeable+0x4c9/0x5bb [ 58.572913] kernel_init+0xd/0x1c0 [ 58.572915] ret_from_fork+0x24/0x30 [ 58.572916] [ 58.572917] -> #3 (&rt_b->rt_runtime_lock){-...}: [ 58.572924] rq_online_rt+0xaf/0x390 [ 58.572926] set_rq_online.part.0+0xe3/0x140 [ 58.572929] sched_cpu_activate+0x17f/0x270 [ 58.572931] cpuhp_invoke_callback+0x213/0x1bb0 [ 58.572933] cpuhp_thread_fun+0x440/0x840 [ 58.572935] smpboot_thread_fn+0x653/0x9d0 [ 58.572937] kthread+0x34a/0x420 [ 58.572938] ret_from_fork+0x24/0x30 [ 58.572940] [ 58.572941] -> #2 (&rq->lock){-.-.}: [ 58.572947] task_fork_fair+0x6a/0x520 [ 58.572949] sched_fork+0x3a7/0x8b0 [ 58.572951] copy_process.part.0+0x187d/0x7a60 [ 58.572953] _do_fork+0x22f/0xf40 [ 58.572955] kernel_thread+0x2f/0x40 [ 58.572957] rest_init+0x1f/0x212 [ 58.572959] start_kernel+0x7e4/0x81c [ 58.572961] secondary_startup_64+0xa4/0xb0 [ 58.572962] [ 58.572963] -> #1 (&p->pi_lock){-.-.}: [ 58.572970] try_to_wake_up+0x80/0xe90 [ 58.572972] up+0x92/0xe0 [ 58.572974] __up_console_sem+0xb3/0x1c0 [ 58.572976] console_unlock+0x64d/0xfe0 [ 58.572978] vprintk_emit+0x282/0x6e0 [ 58.572979] vprintk_func+0x79/0x17e [ 58.572981] printk+0xba/0xed [ 58.572983] kauditd_hold_skb.cold+0x41/0x50 [ 58.572985] kauditd_send_queue+0x12d/0x170 [ 58.572987] kauditd_thread+0x6f4/0xa20 [ 58.572989] kthread+0x34a/0x420 [ 58.572991] ret_from_fork+0x24/0x30 [ 58.572992] [ 58.572993] -> #0 ((console_sem).lock){-...}: [ 58.573000] _raw_spin_lock_irqsave+0x8c/0xbf [ 58.573002] down_trylock+0xe/0x60 [ 58.573005] __down_trylock_console_sem+0xa3/0x210 [ 58.573007] console_trylock+0x12/0x90 [ 58.573009] vprintk_emit+0x269/0x6e0 [ 58.573010] vprintk_func+0x79/0x17e [ 58.573012] printk+0xba/0xed [ 58.573014] __warn_printk+0x9b/0xf3 [ 58.573016] debug_print_object+0x160/0x250 [ 58.573018] debug_object_activate+0x357/0x4e0 [ 58.573021] __call_rcu.constprop.0+0x31/0x7e0 [ 58.573023] queue_rcu_work+0x75/0x90 [ 58.573025] route4_change+0xe6a/0x2210 [ 58.573027] tc_new_tfilter+0xa6b/0x1450 [ 58.573029] rtnetlink_rcv_msg+0x453/0xaf0 [ 58.573031] netlink_rcv_skb+0x160/0x410 [ 58.573033] netlink_unicast+0x4d7/0x6a0 [ 58.573035] netlink_sendmsg+0x80b/0xcd0 [ 58.573037] sock_sendmsg+0xcf/0x120 [ 58.573039] ___sys_sendmsg+0x803/0x920 [ 58.573041] __sys_sendmsg+0xec/0x1b0 [ 58.573043] do_syscall_64+0xf9/0x620 [ 58.573045] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.573046] [ 58.573048] other info that might help us debug this: [ 58.573049] [ 58.573051] Chain exists of: [ 58.573052] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 58.573061] [ 58.573063] Possible unsafe locking scenario: [ 58.573064] [ 58.573066] CPU0 CPU1 [ 58.573068] ---- ---- [ 58.573069] lock(&obj_hash[i].lock); [ 58.573074] lock(hrtimer_bases.lock); [ 58.573079] lock(&obj_hash[i].lock); [ 58.573083] lock((console_sem).lock); [ 58.573086] [ 58.573088] *** DEADLOCK *** [ 58.573089] [ 58.573091] 2 locks held by syz-executor464/8361: [ 58.573092] #0: 000000003a9e0f03 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 58.573101] #1: 000000003c23b5a9 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 58.573109] [ 58.573110] stack backtrace: [ 58.573114] CPU: 1 PID: 8361 Comm: syz-executor464 Not tainted 4.19.110-syzkaller #0 [ 58.573118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.573119] Call Trace: [ 58.573121] dump_stack+0x188/0x20d [ 58.573123] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 58.573125] __lock_acquire+0x2e19/0x49c0 [ 58.573128] ? add_lock_to_list.isra.0+0x179/0x330 [ 58.573129] ? save_trace+0xd6/0x290 [ 58.573131] ? mark_held_locks+0xf0/0xf0 [ 58.573133] ? format_decode+0x230/0xad0 [ 58.573135] ? kvm_clock_read+0x14/0x30 [ 58.573137] lock_acquire+0x170/0x400 [ 58.573139] ? down_trylock+0xe/0x60 [ 58.573141] _raw_spin_lock_irqsave+0x8c/0xbf [ 58.573143] ? down_trylock+0xe/0x60 [ 58.573145] down_trylock+0xe/0x60 [ 58.573147] ? vprintk_emit+0x269/0x6e0 [ 58.573149] __down_trylock_console_sem+0xa3/0x210 [ 58.573151] console_trylock+0x12/0x90 [ 58.573153] vprintk_emit+0x269/0x6e0 [ 58.573155] vprintk_func+0x79/0x17e [ 58.573157] printk+0xba/0xed [ 58.573159] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 58.573161] ? __warn_printk+0x8f/0xf3 [ 58.573163] __warn_printk+0x9b/0xf3 [ 58.573165] ? add_taint.cold+0x16/0x16 [ 58.573167] ? do_syscall_64+0xf9/0x620 [ 58.573169] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.573171] debug_print_object+0x160/0x250 [ 58.573173] debug_object_activate+0x357/0x4e0 [ 58.573175] ? debug_object_free+0x3e0/0x3e0 [ 58.573177] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 58.573179] ? route4_change+0xbab/0x2210 [ 58.573182] ? delayed_work_timer_fn+0x90/0x90 [ 58.573184] __call_rcu.constprop.0+0x31/0x7e0 [ 58.573186] ? mark_held_locks+0xa6/0xf0 [ 58.573188] queue_rcu_work+0x75/0x90 [ 58.573190] route4_change+0xe6a/0x2210 [ 58.573191] ? route4_init+0xa0/0xa0 [ 58.573193] ? route4_init+0xa0/0xa0 [ 58.573195] tc_new_tfilter+0xa6b/0x1450 [ 58.573197] ? tc_del_tfilter+0xd40/0xd40 [ 58.573199] ? __mutex_lock+0x3cd/0x1300 [ 58.573201] ? selinux_ipv4_output+0x50/0x50 [ 58.573203] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 58.573205] ? tc_del_tfilter+0xd40/0xd40 [ 58.573207] rtnetlink_rcv_msg+0x453/0xaf0 [ 58.573210] ? rtnetlink_put_metrics+0x520/0x520 [ 58.573212] ? find_held_lock+0x2d/0x110 [ 58.573214] netlink_rcv_skb+0x160/0x410 [ 58.573216] ? rtnetlink_put_metrics+0x520/0x520 [ 58.573218] ? netlink_ack+0xa60/0xa60 [ 58.573220] netlink_unicast+0x4d7/0x6a0 [ 58.573222] ? netlink_attachskb+0x710/0x710 [ 58.573224] netlink_sendmsg+0x80b/0xcd0 [ 58.573226] ? netlink_unicast+0x6a0/0x6a0 [ 58.573228] ? move_addr_to_kernel.part.0+0x110/0x110 [ 58.573230] ? netlink_unicast+0x6a0/0x6a0 [ 58.573232] sock_sendmsg+0xcf/0x120 [ 58.573234] ___sys_sendmsg+0x803/0x920 [ 58.573236] ? copy_msghdr_from_user+0x410/0x410 [ 58.573238] ? __fget+0x319/0x510 [ 58.573240] ? lock_downgrade+0x740/0x740 [ 58.573242] ? check_preemption_disabled+0x41/0x280 [ 58.573244] ? __fget+0x340/0x510 [ 58.573246] ? iterate_fd+0x350/0x350 [ 58.573248] ? find_held_lock+0x2d/0x110 [ 58.573250] ? __fd_install+0x1b4/0x610 [ 58.573252] ? __fget_light+0x1d1/0x230 [ 58.573254] __sys_sendmsg+0xec/0x1b0 [ 58.573256] ? __ia32_sys_shutdown+0x70/0x70 [ 58.573258] ? __x64_sys_futex+0x386/0x4f0 [ 58.573260] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 58.573263] ? trace_hardirqs_off_caller+0x55/0x210 [ 58.573265] ? do_syscall_64+0x21/0x620 [ 58.573267] do_syscall_64+0xf9/0x620 [ 58.573269] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.573271] RIP: 0033:0x446ec9 [ 58.573278] Code: e8 4c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.573280] RSP: 002b:00007fe9b0da8d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.573285] RAX: ffffffffffffffda RBX: 00000000006dcc78 RCX: 0000000000446ec9 [ 58.573288] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 58.573291] RBP: 00000000006dcc70 R08: 0000000000000000 R09: 0000000000000000 [ 58.573294] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc7c [ 58.573297] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 58.574568] Kernel Offset: disabled [ 59.506296] Rebooting in 86400 seconds..