[ 35.672984] audit: type=1800 audit(1585268171.620:33): pid=7229 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[ 35.699619] audit: type=1800 audit(1585268171.620:34): pid=7229 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0
[ 36.442316] random: sshd: uninitialized urandom read (32 bytes read)
[ 36.745945] audit: type=1400 audit(1585268172.690:35): avc: denied { map } for pid=7402 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[ 36.791399] random: sshd: uninitialized urandom read (32 bytes read)
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 37.549007] random: sshd: uninitialized urandom read (32 bytes read)
[ 37.752790] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.131' (ECDSA) to the list of known hosts.
[ 43.418053] random: sshd: uninitialized urandom read (32 bytes read)
[ 43.535479] audit: type=1400 audit(1585268179.480:36): avc: denied { map } for pid=7415 comm="syz-executor872" path="/root/syz-executor872222417" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 43.771059] IPVS: ftp: loaded support on port[0] = 21
executing program
[ 44.632736] ODEBUG: activate active (active state 1) object type: rcu_head hint: (null)
[ 44.642435] ------------[ cut here ]------------
[ 44.647180] WARNING: CPU: 0 PID: 7419 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb
[ 44.656178] Kernel panic - not syncing: panic_on_warn set ...
[ 44.656178]
[ 44.663529] CPU: 0 PID: 7419 Comm: syz-executor872 Not tainted 4.14.174-syzkaller #0
[ 44.671395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 44.680751] Call Trace:
[ 44.683330] dump_stack+0x13e/0x194
[ 44.686943] panic+0x1f9/0x42d
[ 44.690118] ? add_taint.cold+0x16/0x16
[ 44.694072] ? debug_print_object.cold+0xa7/0xdb
[ 44.698808] ? debug_print_object.cold+0xa7/0xdb
[ 44.703543] __warn.cold+0x2f/0x30
[ 44.707086] ? ist_end_non_atomic+0x10/0x10
[ 44.711472] ? debug_print_object.cold+0xa7/0xdb
[ 44.716315] report_bug+0x20a/0x248
[ 44.719921] do_error_trap+0x195/0x2d0
[ 44.723790] ? math_error+0x2d0/0x2d0
[ 44.727585] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 44.732410] invalid_op+0x1b/0x40
[ 44.735845] RIP: 0010:debug_print_object.cold+0xa7/0xdb
[ 44.741184] RSP: 0018:ffff888082007430 EFLAGS: 00010082
[ 44.746540] RAX: 0000000000000055 RBX: 0000000000000003 RCX: 0000000000000000
[ 44.753817] RDX: 0000000000000000 RSI: ffffffff86ac07e0 RDI: ffffed1010400e7c
[ 44.761082] RBP: ffffffff86ab5ee0 R08: 0000000000000055 R09: 0000000000000000
[ 44.768331] R10: fffffbfff14a8cd8 R11: ffff888089186500 R12: 0000000000000000
[ 44.775596] R13: 0000000000000001 R14: 1ffff11010400e90 R15: ffffffff87d84240
[ 44.782868] debug_object_activate+0x307/0x450
[ 44.787475] ? debug_object_free+0x390/0x390
[ 44.791868] ? find_held_lock+0x2d/0x110
[ 44.795928] ? route4_walk+0x450/0x450
[ 44.799796] __call_rcu.constprop.0+0x31/0x7e0
[ 44.804357] route4_change+0xb27/0x1c4d
[ 44.808318] ? route4_delete+0x760/0x760
[ 44.812895] ? route4_delete+0x760/0x760
[ 44.816952] tc_ctl_tfilter+0xf13/0x18e6
[ 44.821018] ? tfilter_notify+0x240/0x240
[ 44.825152] ? mutex_trylock+0x1a0/0x1a0
[ 44.829240] ? rtnetlink_rcv_msg+0x2e8/0xb10
[ 44.833676] ? tfilter_notify+0x240/0x240
[ 44.837805] rtnetlink_rcv_msg+0x3be/0xb10
[ 44.842037] ? rtnl_bridge_getlink+0x7a0/0x7a0
[ 44.846600] ? save_trace+0x290/0x290
[ 44.850380] ? save_trace+0x290/0x290
[ 44.854160] netlink_rcv_skb+0x127/0x370
[ 44.858379] ? rtnl_bridge_getlink+0x7a0/0x7a0
[ 44.862939] ? netlink_ack+0x980/0x980
[ 44.866805] netlink_unicast+0x437/0x620
[ 44.870843] ? netlink_attachskb+0x600/0x600
[ 44.875239] netlink_sendmsg+0x733/0xbe0
[ 44.879297] ? netlink_unicast+0x620/0x620
[ 44.883531] ? SYSC_sendto+0x2b0/0x2b0
[ 44.887408] ? security_socket_sendmsg+0x83/0xb0
[ 44.892149] ? netlink_unicast+0x620/0x620
[ 44.896363] sock_sendmsg+0xc5/0x100
[ 44.900061] ___sys_sendmsg+0x70a/0x840
[ 44.904114] ? trace_hardirqs_on+0x10/0x10
[ 44.908347] ? copy_msghdr_from_user+0x380/0x380
[ 44.913217] ? find_held_lock+0x2d/0x110
[ 44.917278] ? lock_downgrade+0x6e0/0x6e0
[ 44.921410] ? __fget+0x228/0x360
[ 44.924851] ? __fget_light+0x199/0x1f0
[ 44.928807] ? sockfd_lookup_light+0xb2/0x160
[ 44.933304] __sys_sendmsg+0xa3/0x120
[ 44.937219] ? SyS_shutdown+0x160/0x160
[ 44.941184] ? move_addr_to_kernel+0x60/0x60
[ 44.945577] SyS_sendmsg+0x27/0x40
[ 44.949102] ? __sys_sendmsg+0x120/0x120
[ 44.953145] do_syscall_64+0x1d5/0x640
[ 44.957037] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 44.962206] RIP: 0033:0x446e09
[ 44.965391] RSP: 002b:00007f2ecfa85d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 44.973091] RAX: ffffffffffffffda RBX: 00000000006dbc78 RCX: 0000000000446e09
[ 44.980372] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006
[ 44.987732] RBP: 00000000006dbc70 R08: 0000000000000000 R09: 0000000000000000
[ 44.994984] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc7c
[ 45.002237] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038
[ 45.009525]
[ 45.009527] ======================================================
[ 45.009529] WARNING: possible circular locking dependency detected
[ 45.009530] 4.14.174-syzkaller #0 Not tainted
[ 45.009532] ------------------------------------------------------
[ 45.009534] syz-executor872/7419 is trying to acquire lock:
[ 45.009535] ((console_sem).lock){-...}, at: [<ffffffff81452fde>] down_trylock+0xe/0x60
[ 45.009539]
[ 45.009540] but task is already holding lock:
[ 45.009541] (&obj_hash[i].lock){-.-.}, at: [<ffffffff82fe481b>] debug_object_activate+0x10b/0x450
[ 45.009545]
[ 45.009546] which lock already depends on the new lock.
[ 45.009547]
[ 45.009548]
[ 45.009549] the existing dependency chain (in reverse order) is:
[ 45.009550]
[ 45.009551] -> #5 (&obj_hash[i].lock){-.-.}:
[ 45.009555] _raw_spin_lock_irqsave+0x8c/0xbf
[ 45.009556] debug_object_activate+0x10b/0x450
[ 45.009558] enqueue_hrtimer+0x22/0x3b0
[ 45.009559] hrtimer_start_range_ns+0x4e6/0x1060
[ 45.009560] schedule_hrtimeout_range_clock+0x13c/0x2f0
[ 45.009562] wait_task_inactive+0x478/0x530
[ 45.009563] __kthread_bind_mask+0x1f/0xb0
[ 45.009564] create_worker+0x313/0x530
[ 45.009565] workqueue_init+0x55f/0x66e
[ 45.009567] kernel_init_freeable+0x2ab/0x526
[ 45.009568] kernel_init+0xd/0x15b
[ 45.009569] ret_from_fork+0x24/0x30
[ 45.009570]
[ 45.009570] -> #4 (hrtimer_bases.lock){-.-.}:
[ 45.009575] _raw_spin_lock_irqsave+0x8c/0xbf
[ 45.009576] lock_hrtimer_base.isra.0+0x6d/0x120
[ 45.009577] hrtimer_start_range_ns+0x7b/0x1060
[ 45.009579] enqueue_task_rt+0x94d/0xdb0
[ 45.009580] __sched_setscheduler.constprop.0+0xc11/0x1f70
[ 45.009582] _sched_setscheduler+0xf9/0x150
[ 45.009583] watchdog_enable+0xff/0x150
[ 45.009584] smpboot_thread_fn+0x40d/0x920
[ 45.009585] kthread+0x30d/0x420
[ 45.009586] ret_from_fork+0x24/0x30
[ 45.009587]
[ 45.009588] -> #3 (&rt_b->rt_runtime_lock){-...}:
[ 45.009592] _raw_spin_lock+0x2a/0x40
[ 45.009593] enqueue_task_rt+0x508/0xdb0
[ 45.009594] __sched_setscheduler.constprop.0+0xc11/0x1f70
[ 45.009596] _sched_setscheduler+0xf9/0x150
[ 45.009597] watchdog_enable+0xff/0x150
[ 45.009598] smpboot_thread_fn+0x40d/0x920
[ 45.009599] kthread+0x30d/0x420
[ 45.009600] ret_from_fork+0x24/0x30
[ 45.009601]
[ 45.009602] -> #2 (&rq->lock){-.-.}:
[ 45.009606] _raw_spin_lock+0x2a/0x40
[ 45.009607] task_fork_fair+0x63/0x5b0
[ 45.009608] sched_fork+0x39a/0xbd0
[ 45.009609] copy_process.part.0+0x15b7/0x6a70
[ 45.009611] _do_fork+0x180/0xc80
[ 45.009612] kernel_thread+0x2f/0x40
[ 45.009613] rest_init+0x1f/0x1d2
[ 45.009614] start_kernel+0x659/0x676
[ 45.009615] secondary_startup_64+0xa5/0xb0
[ 45.009616]
[ 45.009617] -> #1 (&p->pi_lock){-.-.}:
[ 45.009621] _raw_spin_lock_irqsave+0x8c/0xbf
[ 45.009622] try_to_wake_up+0x6a/0xef0
[ 45.009623] up+0x92/0xe0
[ 45.009624] __up_console_sem+0xa9/0x1b0
[ 45.009625] console_unlock+0x596/0xec0
[ 45.009627] vprintk_emit+0x1f8/0x600
[ 45.009628] vprintk_func+0x58/0x152
[ 45.009629] printk+0x9e/0xbc
[ 45.009630] kauditd_hold_skb.cold+0x3e/0x4d
[ 45.009632] kauditd_send_queue+0xfb/0x140
[ 45.009633] kauditd_thread+0x625/0x840
[ 45.009634] kthread+0x30d/0x420
[ 45.009635] ret_from_fork+0x24/0x30
[ 45.009636]
[ 45.009636] -> #0 ((console_sem).lock){-...}:
[ 45.009640] lock_acquire+0x170/0x3f0
[ 45.009642] _raw_spin_lock_irqsave+0x8c/0xbf
[ 45.009643] down_trylock+0xe/0x60
[ 45.009644] __down_trylock_console_sem+0x97/0x1f0
[ 45.009646] console_trylock+0x14/0x70
[ 45.009647] vprintk_emit+0x1ea/0x600
[ 45.009648] vprintk_func+0x58/0x152
[ 45.009649] printk+0x9e/0xbc
[ 45.009650] debug_print_object.cold+0xa7/0xdb
[ 45.009652] debug_object_activate+0x307/0x450
[ 45.009653] __call_rcu.constprop.0+0x31/0x7e0
[ 45.009654] route4_change+0xb27/0x1c4d
[ 45.009656] tc_ctl_tfilter+0xf13/0x18e6
[ 45.009657] rtnetlink_rcv_msg+0x3be/0xb10
[ 45.009658] netlink_rcv_skb+0x127/0x370
[ 45.009659] netlink_unicast+0x437/0x620
[ 45.009661] netlink_sendmsg+0x733/0xbe0
[ 45.009662] sock_sendmsg+0xc5/0x100
[ 45.009663] ___sys_sendmsg+0x70a/0x840
[ 45.009664] __sys_sendmsg+0xa3/0x120
[ 45.009665] SyS_sendmsg+0x27/0x40
[ 45.009667] do_syscall_64+0x1d5/0x640
[ 45.009668] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 45.009669]
[ 45.009670] other info that might help us debug this:
[ 45.009671]
[ 45.009672] Chain exists of:
[ 45.009672] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock
[ 45.009678]
[ 45.009679] Possible unsafe locking scenario:
[ 45.009679]
[ 45.009681] CPU0 CPU1
[ 45.009682] ---- ----
[ 45.009683] lock(&obj_hash[i].lock);
[ 45.009685] lock(hrtimer_bases.lock);
[ 45.009688] lock(&obj_hash[i].lock);
[ 45.009690] lock((console_sem).lock);
[ 45.009693]
[ 45.009694] *** DEADLOCK ***
[ 45.009694]
[ 45.009696] 2 locks held by syz-executor872/7419:
[ 45.009696] #0: (rtnl_mutex){+.+.}, at: [<ffffffff8502970d>] rtnetlink_rcv_msg+0x31d/0xb10
[ 45.009701] #1: (&obj_hash[i].lock){-.-.}, at: [<ffffffff82fe481b>] debug_object_activate+0x10b/0x450
[ 45.009705]
[ 45.009706] stack backtrace:
[ 45.009708] CPU: 0 PID: 7419 Comm: syz-executor872 Not tainted 4.14.174-syzkaller #0
[ 45.009710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 45.009711] Call Trace:
[ 45.009713] dump_stack+0x13e/0x194
[ 45.009714] print_circular_bug.isra.0.cold+0x1c4/0x282
[ 45.009715] __lock_acquire+0x2cb3/0x4620
[ 45.009716] ? string+0x17e/0x1d0
[ 45.009718] ? trace_hardirqs_on+0x10/0x10
[ 45.009720] ? netdev_bits+0xa0/0xa0
[ 45.009722] ? kvm_clock_read+0x1f/0x30
[ 45.009724] ? kvm_sched_clock_read+0x5/0x10
[ 45.009726] lock_acquire+0x170/0x3f0
[ 45.009727] ? down_trylock+0xe/0x60
[ 45.009730] _raw_spin_lock_irqsave+0x8c/0xbf
[ 45.009731] ? down_trylock+0xe/0x60
[ 45.009733] down_trylock+0xe/0x60
[ 45.009735] ? vprintk_emit+0x1ea/0x600
[ 45.009738] __down_trylock_console_sem+0x97/0x1f0
[ 45.009740] console_trylock+0x14/0x70
[ 45.009741] vprintk_emit+0x1ea/0x600
[ 45.009743] vprintk_func+0x58/0x152
[ 45.009745] printk+0x9e/0xbc
[ 45.009747] ? show_regs_print_info+0x5b/0x5b
[ 45.009749] ? lock_acquire+0x170/0x3f0
[ 45.009752] ? debug_object_activate+0x10b/0x450
[ 45.009754] debug_print_object.cold+0xa7/0xdb
[ 45.009756] debug_object_activate+0x307/0x450
[ 45.009758] ? debug_object_free+0x390/0x390
[ 45.009760] ? find_held_lock+0x2d/0x110
[ 45.009762] ? route4_walk+0x450/0x450
[ 45.009763] __call_rcu.constprop.0+0x31/0x7e0
[ 45.009765] route4_change+0xb27/0x1c4d
[ 45.009766] ? route4_delete+0x760/0x760
[ 45.009767] ? route4_delete+0x760/0x760
[ 45.009768] tc_ctl_tfilter+0xf13/0x18e6
[ 45.009769] ? tfilter_notify+0x240/0x240
[ 45.009771] ? mutex_trylock+0x1a0/0x1a0
[ 45.009772] ? rtnetlink_rcv_msg+0x2e8/0xb10
[ 45.009773] ? tfilter_notify+0x240/0x240
[ 45.009774] rtnetlink_rcv_msg+0x3be/0xb10
[ 45.009775] ? rtnl_bridge_getlink+0x7a0/0x7a0
[ 45.009777] ? save_trace+0x290/0x290
[ 45.009778] ? save_trace+0x290/0x290
[ 45.009779] netlink_rcv_skb+0x127/0x370
[ 45.009780] ? rtnl_bridge_getlink+0x7a0/0x7a0
[ 45.009781] ? netlink_ack+0x980/0x980
[ 45.009783] netlink_unicast+0x437/0x620
[ 45.009784] ? netlink_attachskb+0x600/0x600
[ 45.009785] netlink_sendmsg+0x733/0xbe0
[ 45.009786] ? netlink_unicast+0x620/0x620
[ 45.009787] ? SYSC_sendto+0x2b0/0x2b0
[ 45.009789] ? security_socket_sendmsg+0x83/0xb0
[ 45.009790] ? netlink_unicast+0x620/0x620
[ 45.009791] sock_sendmsg+0xc5/0x100
[ 45.009792] ___sys_sendmsg+0x70a/0x840
[ 45.009793] ? trace_hardirqs_on+0x10/0x10
[ 45.009795] ? copy_msghdr_from_user+0x380/0x380
[ 45.009796] ? find_held_lock+0x2d/0x110
[ 45.009797] ? lock_downgrade+0x6e0/0x6e0
[ 45.009798] ? __fget+0x228/0x360
[ 45.009799] ? __fget_light+0x199/0x1f0
[ 45.009801] ? sockfd_lookup_light+0xb2/0x160
[ 45.009802] __sys_sendmsg+0xa3/0x120
[ 45.009803] ? SyS_shutdown+0x160/0x160
[ 45.009804] ? move_addr_to_kernel+0x60/0x60
[ 45.009805] SyS_sendmsg+0x27/0x40
[ 45.009806] ? __sys_sendmsg+0x120/0x120
[ 45.009807] do_syscall_64+0x1d5/0x640
[ 45.009809] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 45.009810] RIP: 0033:0x446e09
[ 45.009811] RSP: 002b:00007f2ecfa85d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 45.009814] RAX: ffffffffffffffda RBX: 00000000006dbc78 RCX: 0000000000446e09
[ 45.009816] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006
[ 45.009818] RBP: 00000000006dbc70 R08: 0000000000000000 R09: 0000000000000000
[ 45.009820] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc7c
[ 45.009822] R13: 0000000000000005 R14: 00a3a20740000000 R15: 0507002400000038
[ 45.011231] Kernel Offset: disabled
[ 45.895213] Rebooting in 86400 seconds..