Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 53.566563] kauditd_printk_skb: 5 callbacks suppressed [ 53.566577] audit: type=1400 audit(1584461388.218:36): avc: denied { map } for pid=8077 comm="syz-executor551" path="/root/syz-executor551614381" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 53.583419] IPVS: ftp: loaded support on port[0] = 21 [ 53.641289] ------------[ cut here ]------------ [ 53.647097] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null) [ 53.656436] WARNING: CPU: 0 PID: 8080 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 53.665183] Kernel panic - not syncing: panic_on_warn set ... [ 53.665183] [ 53.672550] CPU: 0 PID: 8080 Comm: syz-executor551 Not tainted 4.19.110-syzkaller #0 [ 53.680426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.689776] Call Trace: [ 53.692355] dump_stack+0x188/0x20d [ 53.695981] panic+0x26a/0x50e [ 53.699158] ? __warn_printk+0xf3/0xf3 [ 53.703032] ? debug_print_object+0x160/0x250 [ 53.707512] ? __probe_kernel_read+0x16c/0x1b0 [ 53.712076] ? __warn.cold+0x5/0x46 [ 53.715687] ? __warn+0xe4/0x1c0 [ 53.719038] ? debug_print_object+0x160/0x250 [ 53.723515] __warn.cold+0x20/0x46 [ 53.727039] ? debug_print_object+0x160/0x250 [ 53.731556] report_bug+0x262/0x2a0 [ 53.735177] do_error_trap+0x1d7/0x310 [ 53.739067] ? math_error+0x310/0x310 [ 53.742868] ? irq_work_claim+0xa6/0xc0 [ 53.746831] ? irq_work_queue+0x2b/0x80 [ 53.750790] ? wake_up_klogd+0x8c/0xc0 [ 53.754672] ? trace_hardirqs_off_caller+0x55/0x210 [ 53.759900] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.764777] invalid_op+0x14/0x20 [ 53.768231] RIP: 0010:debug_print_object+0x160/0x250 [ 53.773330] Code: dd 60 0f ab 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 0f ab 87 48 c7 c7 a0 04 ab 87 e8 9b f8 e6 fd <0f> 0b 83 05 a3 a5 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 53.792230] RSP: 0018:ffff888092db7268 EFLAGS: 00010086 [ 53.797598] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 53.804860] RDX: 0000000000000000 RSI: ffffffff8152d2f1 RDI: ffffed10125b6e3f [ 53.812137] RBP: 0000000000000001 R08: ffff888088d60440 R09: ffffed1015cc3ee3 [ 53.819399] R10: ffffed1015cc3ee2 R11: ffff8880ae61f717 R12: ffffffff88b928c0 [ 53.826652] R13: 0000000000000000 R14: ffff88808d35ef28 R15: 1ffff110125b6e5a [ 53.833919] ? vprintk_func+0x81/0x17e [ 53.837838] ? debug_print_object+0x160/0x250 [ 53.842320] debug_object_activate+0x357/0x4e0 [ 53.846887] ? debug_object_free+0x3e0/0x3e0 [ 53.851276] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 53.855843] ? route4_change+0xbab/0x2210 [ 53.860675] ? delayed_work_timer_fn+0x90/0x90 [ 53.865238] __call_rcu.constprop.0+0x31/0x7e0 [ 53.869815] ? mark_held_locks+0xa6/0xf0 [ 53.873858] queue_rcu_work+0x75/0x90 [ 53.877655] route4_change+0xe6a/0x2210 [ 53.881615] ? route4_init+0xa0/0xa0 [ 53.885312] ? route4_init+0xa0/0xa0 [ 53.889007] tc_new_tfilter+0xa6b/0x1450 [ 53.893053] ? tc_del_tfilter+0xd40/0xd40 [ 53.897182] ? __mutex_lock+0x3cd/0x1300 [ 53.901226] ? selinux_ipv4_output+0x50/0x50 [ 53.905617] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 53.910013] ? tc_del_tfilter+0xd40/0xd40 [ 53.914160] rtnetlink_rcv_msg+0x453/0xaf0 [ 53.918380] ? rtnetlink_put_metrics+0x520/0x520 [ 53.923142] ? find_held_lock+0x2d/0x110 [ 53.927201] netlink_rcv_skb+0x160/0x410 [ 53.931255] ? rtnetlink_put_metrics+0x520/0x520 [ 53.935997] ? netlink_ack+0xa60/0xa60 [ 53.939873] netlink_unicast+0x4d7/0x6a0 [ 53.943922] ? netlink_attachskb+0x710/0x710 [ 53.948319] netlink_sendmsg+0x80b/0xcd0 [ 53.952367] ? netlink_unicast+0x6a0/0x6a0 [ 53.956602] ? move_addr_to_kernel.part.0+0x110/0x110 [ 53.961779] ? netlink_unicast+0x6a0/0x6a0 [ 53.965995] sock_sendmsg+0xcf/0x120 [ 53.969702] ___sys_sendmsg+0x803/0x920 [ 53.973657] ? copy_msghdr_from_user+0x410/0x410 [ 53.978395] ? __fget+0x319/0x510 [ 53.981841] ? lock_downgrade+0x740/0x740 [ 53.985970] ? check_preemption_disabled+0x41/0x280 [ 53.990983] ? __fget+0x340/0x510 [ 53.994433] ? iterate_fd+0x350/0x350 [ 53.998235] ? find_held_lock+0x2d/0x110 [ 54.005241] ? __fd_install+0x1b4/0x610 [ 54.009205] ? __fget_light+0x1d1/0x230 [ 54.013167] __sys_sendmsg+0xec/0x1b0 [ 54.016964] ? __ia32_sys_shutdown+0x70/0x70 [ 54.021357] ? __x64_sys_futex+0x386/0x4f0 [ 54.025581] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 54.030319] ? trace_hardirqs_off_caller+0x55/0x210 [ 54.035321] ? do_syscall_64+0x21/0x620 [ 54.039292] do_syscall_64+0xf9/0x620 [ 54.043077] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.048263] RIP: 0033:0x446ec9 [ 54.051440] Code: e8 4c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.070324] RSP: 002b:00007ff64331fd98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 54.078013] RAX: ffffffffffffffda RBX: 00000000006dcc78 RCX: 0000000000446ec9 [ 54.085265] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 54.092519] RBP: 00000000006dcc70 R08: 0000000000000000 R09: 0000000000000000 [ 54.099785] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc7c [ 54.107070] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 54.114340] [ 54.114343] ====================================================== [ 54.114346] WARNING: possible circular locking dependency detected [ 54.114348] 4.19.110-syzkaller #0 Not tainted [ 54.114351] ------------------------------------------------------ [ 54.114354] syz-executor551/8080 is trying to acquire lock: [ 54.114356] 00000000b6093d84 ((console_sem).lock){-...}, at: down_trylock+0xe/0x60 [ 54.114364] [ 54.114366] but task is already holding lock: [ 54.114367] 0000000011102440 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 54.114375] [ 54.114378] which lock already depends on the new lock. [ 54.114379] [ 54.114380] [ 54.114383] the existing dependency chain (in reverse order) is: [ 54.114384] [ 54.114385] -> #5 (&obj_hash[i].lock){-.-.}: [ 54.114392] debug_object_activate+0x131/0x4e0 [ 54.114395] enqueue_hrtimer+0x27/0x3f0 [ 54.114397] hrtimer_start_range_ns+0x580/0xbe0 [ 54.114400] schedule_hrtimeout_range_clock+0x17a/0x360 [ 54.114402] wait_task_inactive+0x443/0x550 [ 54.114404] __kthread_bind_mask+0x1f/0xb0 [ 54.114406] init_rescuer.part.0+0xf2/0x190 [ 54.114409] workqueue_init+0x504/0x7e9 [ 54.114411] kernel_init_freeable+0x2bd/0x5bb [ 54.114413] kernel_init+0xd/0x1c0 [ 54.114415] ret_from_fork+0x24/0x30 [ 54.114416] [ 54.114417] -> #4 (hrtimer_bases.lock){-.-.}: [ 54.114425] lock_hrtimer_base.isra.0+0x6d/0x120 [ 54.114427] hrtimer_start_range_ns+0xf5/0xbe0 [ 54.114429] enqueue_task_rt+0x97f/0xdf0 [ 54.114432] __sched_setscheduler.constprop.0+0xc79/0x1df0 [ 54.114434] _sched_setscheduler+0xee/0x180 [ 54.114437] watchdog_dev_init+0xdd/0x1ae [ 54.114439] watchdog_init+0x14/0x17e [ 54.114441] do_one_initcall+0xf1/0x734 [ 54.114443] kernel_init_freeable+0x4c9/0x5bb [ 54.114445] kernel_init+0xd/0x1c0 [ 54.114447] ret_from_fork+0x24/0x30 [ 54.114448] [ 54.114449] -> #3 (&rt_b->rt_runtime_lock){-...}: [ 54.114456] rq_online_rt+0xaf/0x390 [ 54.114459] set_rq_online.part.0+0xe3/0x140 [ 54.114461] sched_cpu_activate+0x17f/0x270 [ 54.114463] cpuhp_invoke_callback+0x213/0x1bb0 [ 54.114465] cpuhp_thread_fun+0x440/0x840 [ 54.114468] smpboot_thread_fn+0x653/0x9d0 [ 54.114469] kthread+0x34a/0x420 [ 54.114471] ret_from_fork+0x24/0x30 [ 54.114473] [ 54.114474] -> #2 (&rq->lock){-.-.}: [ 54.114481] task_fork_fair+0x6a/0x520 [ 54.114482] sched_fork+0x3a7/0x8b0 [ 54.114485] copy_process.part.0+0x187d/0x7a60 [ 54.114487] _do_fork+0x22f/0xf40 [ 54.114489] kernel_thread+0x2f/0x40 [ 54.114491] rest_init+0x1f/0x212 [ 54.114493] start_kernel+0x7e4/0x81c [ 54.114495] secondary_startup_64+0xa4/0xb0 [ 54.114496] [ 54.114497] -> #1 (&p->pi_lock){-.-.}: [ 54.114504] try_to_wake_up+0x80/0xe90 [ 54.114506] up+0x92/0xe0 [ 54.114508] __up_console_sem+0xb3/0x1c0 [ 54.114510] console_unlock+0x64d/0xfe0 [ 54.114512] vprintk_emit+0x282/0x6e0 [ 54.114514] vprintk_func+0x79/0x17e [ 54.114516] printk+0xba/0xed [ 54.114518] regdb_fw_cb.cold+0x18/0x9c [ 54.114520] request_firmware_work_func+0x126/0x250 [ 54.114523] process_one_work+0x91f/0x1640 [ 54.114525] worker_thread+0x96/0xe20 [ 54.114527] kthread+0x34a/0x420 [ 54.114528] ret_from_fork+0x24/0x30 [ 54.114530] [ 54.114531] -> #0 ((console_sem).lock){-...}: [ 54.114538] _raw_spin_lock_irqsave+0x8c/0xbf [ 54.114540] down_trylock+0xe/0x60 [ 54.114542] __down_trylock_console_sem+0xa3/0x210 [ 54.114545] console_trylock+0x12/0x90 [ 54.114547] vprintk_emit+0x269/0x6e0 [ 54.114549] vprintk_func+0x79/0x17e [ 54.114550] printk+0xba/0xed [ 54.114552] __warn_printk+0x9b/0xf3 [ 54.114555] debug_print_object+0x160/0x250 [ 54.114557] debug_object_activate+0x357/0x4e0 [ 54.114559] __call_rcu.constprop.0+0x31/0x7e0 [ 54.114561] queue_rcu_work+0x75/0x90 [ 54.114563] route4_change+0xe6a/0x2210 [ 54.114565] tc_new_tfilter+0xa6b/0x1450 [ 54.114568] rtnetlink_rcv_msg+0x453/0xaf0 [ 54.114570] netlink_rcv_skb+0x160/0x410 [ 54.114572] netlink_unicast+0x4d7/0x6a0 [ 54.114574] netlink_sendmsg+0x80b/0xcd0 [ 54.114576] sock_sendmsg+0xcf/0x120 [ 54.114578] ___sys_sendmsg+0x803/0x920 [ 54.114580] __sys_sendmsg+0xec/0x1b0 [ 54.114582] do_syscall_64+0xf9/0x620 [ 54.114585] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.114586] [ 54.114588] other info that might help us debug this: [ 54.114589] [ 54.114591] Chain exists of: [ 54.114592] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 54.114601] [ 54.114603] Possible unsafe locking scenario: [ 54.114604] [ 54.114607] CPU0 CPU1 [ 54.114609] ---- ---- [ 54.114610] lock(&obj_hash[i].lock); [ 54.114615] lock(hrtimer_bases.lock); [ 54.114620] lock(&obj_hash[i].lock); [ 54.114624] lock((console_sem).lock); [ 54.114628] [ 54.114629] *** DEADLOCK *** [ 54.114630] [ 54.114632] 2 locks held by syz-executor551/8080: [ 54.114634] #0: 000000008721b98b (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xaf0 [ 54.114642] #1: 0000000011102440 (&obj_hash[i].lock){-.-.}, at: debug_object_activate+0x131/0x4e0 [ 54.114651] [ 54.114652] stack backtrace: [ 54.114656] CPU: 0 PID: 8080 Comm: syz-executor551 Not tainted 4.19.110-syzkaller #0 [ 54.114660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.114662] Call Trace: [ 54.114663] dump_stack+0x188/0x20d [ 54.114666] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 54.114668] __lock_acquire+0x2e19/0x49c0 [ 54.114670] ? add_lock_to_list.isra.0+0x179/0x330 [ 54.114672] ? save_trace+0xd6/0x290 [ 54.114675] ? mark_held_locks+0xf0/0xf0 [ 54.114677] ? format_decode+0x230/0xad0 [ 54.114709] ? kvm_clock_read+0x14/0x30 [ 54.114716] lock_acquire+0x170/0x400 [ 54.114718] ? down_trylock+0xe/0x60 [ 54.114720] _raw_spin_lock_irqsave+0x8c/0xbf [ 54.114722] ? down_trylock+0xe/0x60 [ 54.114724] down_trylock+0xe/0x60 [ 54.114726] ? vprintk_emit+0x269/0x6e0 [ 54.114729] __down_trylock_console_sem+0xa3/0x210 [ 54.114731] console_trylock+0x12/0x90 [ 54.114733] vprintk_emit+0x269/0x6e0 [ 54.114735] vprintk_func+0x79/0x17e [ 54.114736] printk+0xba/0xed [ 54.114739] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 54.114741] ? __warn_printk+0x8f/0xf3 [ 54.114743] __warn_printk+0x9b/0xf3 [ 54.114745] ? add_taint.cold+0x16/0x16 [ 54.114747] ? do_syscall_64+0xf9/0x620 [ 54.114749] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.114752] debug_print_object+0x160/0x250 [ 54.114754] debug_object_activate+0x357/0x4e0 [ 54.114756] ? debug_object_free+0x3e0/0x3e0 [ 54.114758] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 54.114760] ? route4_change+0xbab/0x2210 [ 54.114763] ? delayed_work_timer_fn+0x90/0x90 [ 54.114765] __call_rcu.constprop.0+0x31/0x7e0 [ 54.114767] ? mark_held_locks+0xa6/0xf0 [ 54.114769] queue_rcu_work+0x75/0x90 [ 54.114771] route4_change+0xe6a/0x2210 [ 54.114773] ? route4_init+0xa0/0xa0 [ 54.114775] ? route4_init+0xa0/0xa0 [ 54.114777] tc_new_tfilter+0xa6b/0x1450 [ 54.114779] ? tc_del_tfilter+0xd40/0xd40 [ 54.114781] ? __mutex_lock+0x3cd/0x1300 [ 54.114784] ? selinux_ipv4_output+0x50/0x50 [ 54.114786] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 54.114788] ? tc_del_tfilter+0xd40/0xd40 [ 54.114790] rtnetlink_rcv_msg+0x453/0xaf0 [ 54.114792] ? rtnetlink_put_metrics+0x520/0x520 [ 54.114794] ? find_held_lock+0x2d/0x110 [ 54.114797] netlink_rcv_skb+0x160/0x410 [ 54.114799] ? rtnetlink_put_metrics+0x520/0x520 [ 54.114801] ? netlink_ack+0xa60/0xa60 [ 54.114803] netlink_unicast+0x4d7/0x6a0 [ 54.114805] ? netlink_attachskb+0x710/0x710 [ 54.114807] netlink_sendmsg+0x80b/0xcd0 [ 54.114809] ? netlink_unicast+0x6a0/0x6a0 [ 54.114812] ? move_addr_to_kernel.part.0+0x110/0x110 [ 54.114814] ? netlink_unicast+0x6a0/0x6a0 [ 54.114816] sock_sendmsg+0xcf/0x120 [ 54.114818] ___sys_sendmsg+0x803/0x920 [ 54.114820] ? copy_msghdr_from_user+0x410/0x410 [ 54.114822] ? __fget+0x319/0x510 [ 54.114824] ? lock_downgrade+0x740/0x740 [ 54.114827] ? check_preemption_disabled+0x41/0x280 [ 54.114829] ? __fget+0x340/0x510 [ 54.114831] ? iterate_fd+0x350/0x350 [ 54.114833] ? find_held_lock+0x2d/0x110 [ 54.114835] ? __fd_install+0x1b4/0x610 [ 54.114837] ? __fget_light+0x1d1/0x230 [ 54.114839] __sys_sendmsg+0xec/0x1b0 [ 54.114841] ? __ia32_sys_shutdown+0x70/0x70 [ 54.114843] ? __x64_sys_futex+0x386/0x4f0 [ 54.114846] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 54.114848] ? trace_hardirqs_off_caller+0x55/0x210 [ 54.114850] ? do_syscall_64+0x21/0x620 [ 54.114852] do_syscall_64+0xf9/0x620 [ 54.114855] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.114857] RIP: 0033:0x446ec9 [ 54.114864] Code: e8 4c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.114867] RSP: 002b:00007ff64331fd98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 54.114872] RAX: ffffffffffffffda RBX: 00000000006dcc78 RCX: 0000000000446ec9 [ 54.114876] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 54.114879] RBP: 00000000006dcc70 R08: 0000000000000000 R09: 0000000000000000 [ 54.114882] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc7c [ 54.114885] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038 [ 54.116310] Kernel Offset: disabled [ 55.048403] Rebooting in 86400 seconds..