[ 45.599641] audit: type=1800 audit(1577506368.947:30): pid=7745 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0
Starting mcstransd:
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 49.744245] kauditd_printk_skb: 4 callbacks suppressed
[ 49.744261] audit: type=1400 audit(1577506373.127:35): avc: denied { map } for pid=7918 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.69' (ECDSA) to the list of known hosts.
executing program
[ 56.483671] audit: type=1400 audit(1577506379.867:36): avc: denied { map } for pid=7930 comm="syz-executor381" path="/root/syz-executor381553478" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
executing program
executing program
[ 61.495852] ------------[ cut here ]------------
[ 61.501798] ODEBUG: free active (active state 0) object type: timer_list hint: rfcomm_dlc_timeout+0x0/0x80
[ 61.511818] WARNING: CPU: 0 PID: 7933 at lib/debugobjects.c:325 debug_print_object+0x168/0x250
[ 61.520647] Kernel panic - not syncing: panic_on_warn set ...
[ 61.520647]
[ 61.528030] CPU: 0 PID: 7933 Comm: syz-executor381 Not tainted 4.19.91-syzkaller #0
[ 61.535839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 61.545181] Call Trace:
[ 61.547763] dump_stack+0x197/0x210
[ 61.551381] panic+0x26a/0x50e
[ 61.554561] ? __warn_printk+0xf3/0xf3
[ 61.558440] ? debug_print_object+0x168/0x250
[ 61.562939] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 61.568468] ? __warn.cold+0x5/0x53
[ 61.572083] ? __warn+0xe8/0x1d0
[ 61.575453] ? debug_print_object+0x168/0x250
[ 61.580212] __warn.cold+0x20/0x53
[ 61.584256] ? trace_hardirqs_off+0x62/0x220
[ 61.588910] ? debug_print_object+0x168/0x250
[ 61.593429] report_bug+0x263/0x2b0
[ 61.597053] do_error_trap+0x204/0x360
[ 61.600981] ? math_error+0x340/0x340
[ 61.605427] ? wake_up_klogd+0x99/0xd0
[ 61.609498] ? vprintk_emit+0x1ce/0x6d0
[ 61.613466] ? error_entry+0x7c/0xe0
[ 61.617197] ? trace_hardirqs_off_caller+0x65/0x220
[ 61.622212] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 61.627048] do_invalid_op+0x1b/0x20
[ 61.630761] invalid_op+0x14/0x20
[ 61.634206] RIP: 0010:debug_print_object+0x168/0x250
[ 61.639475] Code: dd e0 63 ea 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 b5 00 00 00 48 8b 14 dd e0 63 ea 87 48 c7 c7 20 59 ea 87 e8 a6 46 dc fd <0f> 0b 83 05 ab 96 6a 06 01 48 83 c4 20 5b 41 5c 41 5d 41 5e 5d c3
[ 61.658732] RSP: 0018:ffff888092c1f8b8 EFLAGS: 00010082
[ 61.664088] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[ 61.671346] RDX: 0000000000000000 RSI: ffffffff8155bb16 RDI: ffffed1012583f09
[ 61.679821] RBP: ffff888092c1f8f8 R08: ffff888083d1a3c0 R09: ffffed1015d03ee3
[ 61.687094] R10: ffffed1015d03ee2 R11: ffff8880ae81f717 R12: 0000000000000001
[ 61.694361] R13: ffffffff88fa43a0 R14: ffffffff815b30d0 R15: ffff888099131aa8
[ 61.701658] ? __internal_add_timer+0x1f0/0x1f0
[ 61.706334] ? vprintk_func+0x86/0x189
[ 61.710233] ? debug_print_object+0x168/0x250
[ 61.714742] debug_check_no_obj_freed+0x29f/0x464
[ 61.719738] kfree+0xbd/0x220
[ 61.722849] rfcomm_dlc_free+0x20/0x30
[ 61.726901] rfcomm_dev_ioctl+0x1988/0x1c90
[ 61.731344] ? mark_held_locks+0xb1/0x100
[ 61.735518] ? lock_sock_nested+0xe2/0x120
[ 61.739966] ? rfcomm_tty_install+0x1a0/0x1a0
[ 61.744470] ? lock_sock_nested+0x9a/0x120
[ 61.748707] ? trace_hardirqs_on+0x67/0x220
[ 61.753038] ? __local_bh_enable_ip+0x15a/0x270
[ 61.757701] rfcomm_sock_ioctl+0x90/0xb0
[ 61.761756] sock_do_ioctl+0xd8/0x2f0
[ 61.765546] ? compat_ifr_data_ioctl+0x160/0x160
[ 61.770365] ? __lock_acquire+0x6ee/0x49c0
[ 61.774606] ? rcu_read_lock_sched_held+0x110/0x130
[ 61.779630] ? kmem_cache_alloc+0x32a/0x700
[ 61.784009] sock_ioctl+0x325/0x610
[ 61.787764] ? dlci_ioctl_set+0x40/0x40
[ 61.791736] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 61.797312] ? __might_sleep+0x95/0x190
[ 61.801396] ? find_held_lock+0x35/0x130
[ 61.805479] ? dlci_ioctl_set+0x40/0x40
[ 61.809466] do_vfs_ioctl+0xd5f/0x1380
[ 61.813630] ? selinux_file_ioctl+0x46f/0x5e0
[ 61.818590] ? selinux_file_ioctl+0x125/0x5e0
[ 61.823099] ? ioctl_preallocate+0x210/0x210
[ 61.827524] ? selinux_file_mprotect+0x620/0x620
[ 61.832293] ? __sanitizer_cov_trace_cmp1+0xb/0x20
[ 61.837409] ? __fd_install+0x200/0x640
[ 61.841396] ? fd_install+0x4d/0x60
[ 61.845176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 61.851240] ? security_file_ioctl+0x8d/0xc0
[ 61.855664] ksys_ioctl+0xab/0xd0
[ 61.859125] __x64_sys_ioctl+0x73/0xb0
[ 61.863035] do_syscall_64+0xfd/0x620
[ 61.866856] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 61.872169] RIP: 0033:0x4412b9
[ 61.875404] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 61.894616] RSP: 002b:00007fff9e19a6a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 61.902808] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004412b9
[ 61.910331] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000004
[ 61.917741] RBP: 000000000000f003 R08: 00000000004002c8 R09: 00000000004002c8
[ 61.926332] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004020e0
[ 61.934487] R13: 0000000000402170 R14: 0000000000000000 R15: 0000000000000000
[ 61.941854]
[ 61.941858] ======================================================
[ 61.941861] WARNING: possible circular locking dependency detected
[ 61.941864] 4.19.91-syzkaller #0 Not tainted
[ 61.941867] ------------------------------------------------------
[ 61.941870] syz-executor381/7933 is trying to acquire lock:
[ 61.941872] 00000000fab81f98 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 61.941881]
[ 61.941884] but task is already holding lock:
[ 61.941885] 000000005cc73143 (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xbe/0x464
[ 61.941894]
[ 61.941897] which lock already depends on the new lock.
[ 61.941898]
[ 61.941899]
[ 61.941902] the existing dependency chain (in reverse order) is:
[ 61.941904]
[ 61.941905] -> #5 (&obj_hash[i].lock){-.-.}:
[ 61.941914] _raw_spin_lock_irqsave+0x95/0xcd
[ 61.941916] debug_object_activate+0x131/0x4e0
[ 61.941919] enqueue_hrtimer+0x2a/0x3f0
[ 61.941922] hrtimer_start_range_ns+0x603/0xc70
[ 61.941924] schedule_hrtimeout_range_clock+0x1a0/0x380
[ 61.941927] schedule_hrtimeout+0x25/0x30
[ 61.941929] wait_task_inactive+0x4a2/0x630
[ 61.941932] __kthread_bind_mask+0x24/0xb0
[ 61.941934] kthread_bind_mask+0x23/0x30
[ 61.941937] init_rescuer.part.0+0xfc/0x190
[ 61.941939] workqueue_init+0x51a/0x808
[ 61.941942] kernel_init_freeable+0x2c0/0x5c8
[ 61.941944] kernel_init+0x12/0x1c2
[ 61.941946] ret_from_fork+0x24/0x30
[ 61.941947]
[ 61.941949] -> #4 (hrtimer_bases.lock){-.-.}:
[ 61.941957] _raw_spin_lock_irqsave+0x95/0xcd
[ 61.941960] lock_hrtimer_base.isra.0+0x75/0x130
[ 61.941962] hrtimer_start_range_ns+0xff/0xc70
[ 61.941965] enqueue_task_rt+0x998/0xe70
[ 61.941967] __sched_setscheduler+0xd93/0x1ed0
[ 61.941970] _sched_setscheduler+0x10a/0x1b0
[ 61.941972] sched_setscheduler+0xe/0x10
[ 61.941975] watchdog_dev_init+0xe0/0x1b2
[ 61.941977] watchdog_init+0x17/0x181
[ 61.941980] do_one_initcall+0x107/0x78c
[ 61.941982] kernel_init_freeable+0x4d4/0x5c8
[ 61.941984] kernel_init+0x12/0x1c2
[ 61.941987] ret_from_fork+0x24/0x30
[ 61.941988]
[ 61.941989] -> #3 (&rt_b->rt_runtime_lock){-...}:
[ 61.941997] _raw_spin_lock+0x2f/0x40
[ 61.941999] rq_online_rt+0xb4/0x390
[ 61.942002] set_rq_online.part.0+0xe4/0x140
[ 61.942004] sched_cpu_activate+0x17f/0x270
[ 61.942007] cpuhp_invoke_callback+0x201/0x1af0
[ 61.942009] cpuhp_thread_fun+0x453/0x850
[ 61.942012] smpboot_thread_fn+0x6a3/0xa30
[ 61.942014] kthread+0x354/0x420
[ 61.942016] ret_from_fork+0x24/0x30
[ 61.942018]
[ 61.942019] -> #2 (&rq->lock){-.-.}:
[ 61.942027] _raw_spin_lock+0x2f/0x40
[ 61.942029] task_fork_fair+0x6a/0x520
[ 61.942031] sched_fork+0x3af/0x900
[ 61.942034] copy_process.part.0+0x1859/0x7a30
[ 61.942036] _do_fork+0x257/0xfd0
[ 61.942038] kernel_thread+0x34/0x40
[ 61.942041] rest_init+0x24/0x222
[ 61.942043] start_kernel+0x88c/0x8c5
[ 61.942046] x86_64_start_reservations+0x29/0x2b
[ 61.942048] x86_64_start_kernel+0x77/0x7b
[ 61.942051] secondary_startup_64+0xa4/0xb0
[ 61.942052]
[ 61.942054] -> #1 (&p->pi_lock){-.-.}:
[ 61.942062] _raw_spin_lock_irqsave+0x95/0xcd
[ 61.942066] try_to_wake_up+0x94/0xf50
[ 61.942069] wake_up_process+0x10/0x20
[ 61.942074] __up.isra.0+0x136/0x1a0
[ 61.942077] up+0x9c/0xe0
[ 61.942081] __up_console_sem+0xb7/0x1c0
[ 61.942085] console_unlock+0x6c7/0x10d0
[ 61.942089] vprintk_emit+0x280/0x6d0
[ 61.942092] vprintk_default+0x28/0x30
[ 61.942096] vprintk_func+0x7e/0x189
[ 61.942100] printk+0xba/0xed
[ 61.942104] regdb_fw_cb.cold+0x18/0x9c
[ 61.942109] request_firmware_work_func+0x137/0x280
[ 61.942113] process_one_work+0x989/0x1750
[ 61.942117] worker_thread+0x98/0xe40
[ 61.942121] kthread+0x354/0x420
[ 61.942125] ret_from_fork+0x24/0x30
[ 61.942127]
[ 61.942129] -> #0 ((console_sem).lock){-...}:
[ 61.942138] lock_acquire+0x16f/0x3f0
[ 61.942141] _raw_spin_lock_irqsave+0x95/0xcd
[ 61.942143] down_trylock+0x13/0x70
[ 61.942146] __down_trylock_console_sem+0xa8/0x210
[ 61.942148] console_trylock+0x15/0xa0
[ 61.942151] vprintk_emit+0x267/0x6d0
[ 61.942153] vprintk_default+0x28/0x30
[ 61.942155] vprintk_func+0x7e/0x189
[ 61.942157] printk+0xba/0xed
[ 61.942160] __warn_printk+0x9b/0xf3
[ 61.942162] debug_print_object+0x168/0x250
[ 61.942165] debug_check_no_obj_freed+0x29f/0x464
[ 61.942167] kfree+0xbd/0x220
[ 61.942169] rfcomm_dlc_free+0x20/0x30
[ 61.942172] rfcomm_dev_ioctl+0x1988/0x1c90
[ 61.942174] rfcomm_sock_ioctl+0x90/0xb0
[ 61.942176] sock_do_ioctl+0xd8/0x2f0
[ 61.942179] sock_ioctl+0x325/0x610
[ 61.942181] do_vfs_ioctl+0xd5f/0x1380
[ 61.942183] ksys_ioctl+0xab/0xd0
[ 61.942185] __x64_sys_ioctl+0x73/0xb0
[ 61.942188] do_syscall_64+0xfd/0x620
[ 61.942191] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 61.942192]
[ 61.942195] other info that might help us debug this:
[ 61.942196]
[ 61.942197] Chain exists of:
[ 61.942199] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock
[ 61.942209]
[ 61.942211] Possible unsafe locking scenario:
[ 61.942213]
[ 61.942215] CPU0 CPU1
[ 61.942218] ---- ----
[ 61.942219] lock(&obj_hash[i].lock);
[ 61.942224] lock(hrtimer_bases.lock);
[ 61.942230] lock(&obj_hash[i].lock);
[ 61.942235] lock((console_sem).lock);
[ 61.942239]
[ 61.942241] *** DEADLOCK ***
[ 61.942242]
[ 61.942244] 3 locks held by syz-executor381/7933:
[ 61.942246] #0: 00000000fdd10d6b (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}, at: rfcomm_sock_ioctl+0x82/0xb0
[ 61.942256] #1: 0000000063e75eb9 (rfcomm_ioctl_mutex){+.+.}, at: rfcomm_dev_ioctl+0x923/0x1c90
[ 61.942266] #2: 000000005cc73143 (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xbe/0x464
[ 61.942276]
[ 61.942277] stack backtrace:
[ 61.942281] CPU: 0 PID: 7933 Comm: syz-executor381 Not tainted 4.19.91-syzkaller #0
[ 61.942286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 61.942288] Call Trace:
[ 61.942290] dump_stack+0x197/0x210
[ 61.942293] print_circular_bug.isra.0.cold+0x1cc/0x28f
[ 61.942295] __lock_acquire+0x2e19/0x49c0
[ 61.942298] ? mark_held_locks+0x100/0x100
[ 61.942300] ? kvm_clock_read+0x18/0x30
[ 61.942303] ? kvm_sched_clock_read+0x9/0x20
[ 61.942305] lock_acquire+0x16f/0x3f0
[ 61.942307] ? down_trylock+0x13/0x70
[ 61.942310] _raw_spin_lock_irqsave+0x95/0xcd
[ 61.942312] ? down_trylock+0x13/0x70
[ 61.942314] ? vprintk_emit+0x267/0x6d0
[ 61.942317] down_trylock+0x13/0x70
[ 61.942319] ? vprintk_emit+0x267/0x6d0
[ 61.942322] __down_trylock_console_sem+0xa8/0x210
[ 61.942324] console_trylock+0x15/0xa0
[ 61.942326] vprintk_emit+0x267/0x6d0
[ 61.942329] ? __internal_add_timer+0x1f0/0x1f0
[ 61.942331] vprintk_default+0x28/0x30
[ 61.942334] vprintk_func+0x7e/0x189
[ 61.942336] printk+0xba/0xed
[ 61.942338] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 61.942340] ? __warn_printk+0x8f/0xf3
[ 61.942343] ? rfcomm_dlc_link+0x170/0x170
[ 61.942345] __warn_printk+0x9b/0xf3
[ 61.942348] ? add_taint.cold+0x16/0x16
[ 61.942350] ? skb_dequeue+0x12e/0x180
[ 61.942353] ? rfcomm_dlc_link+0x170/0x170
[ 61.942355] debug_print_object+0x168/0x250
[ 61.942358] debug_check_no_obj_freed+0x29f/0x464
[ 61.942360] kfree+0xbd/0x220
[ 61.942362] rfcomm_dlc_free+0x20/0x30
[ 61.942364] rfcomm_dev_ioctl+0x1988/0x1c90
[ 61.942367] ? mark_held_locks+0xb1/0x100
[ 61.942369] ? lock_sock_nested+0xe2/0x120
[ 61.942372] ? rfcomm_tty_install+0x1a0/0x1a0
[ 61.942374] ? lock_sock_nested+0x9a/0x120
[ 61.942377] ? trace_hardirqs_on+0x67/0x220
[ 61.942379] ? __local_bh_enable_ip+0x15a/0x270
[ 61.942382] rfcomm_sock_ioctl+0x90/0xb0
[ 61.942384] sock_do_ioctl+0xd8/0x2f0
[ 61.942387] ? compat_ifr_data_ioctl+0x160/0x160
[ 61.942389] ? __lock_acquire+0x6ee/0x49c0
[ 61.942392] ? rcu_read_lock_sched_held+0x110/0x130
[ 61.942394] ? kmem_cache_alloc+0x32a/0x700
[ 61.942397] sock_ioctl+0x325/0x610
[ 61.942399] ? dlci_ioctl_set+0x40/0x40
[ 61.942402] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 61.942404] ? __might_sleep+0x95/0x190
[ 61.942407] ? find_held_lock+0x35/0x130
[ 61.942409] ? dlci_ioctl_set+0x40/0x40
[ 61.942411] do_vfs_ioctl+0xd5f/0x1380
[ 61.942414] ? selinux_file_ioctl+0x46f/0x5e0
[ 61.942417] ? selinux_file_ioctl+0x125/0x5e0
[ 61.942419] ? ioctl_preallocate+0x210/0x210
[ 61.942422] ? selinux_file_mprotect+0x620/0x620
[ 61.942425] ? __sanitizer_cov_trace_cmp1+0xb/0x20
[ 61.942427] ? __fd_install+0x200/0x640
[ 61.942429] ? fd_install+0x4d/0x60
[ 61.942432] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 61.942435] ? security_file_ioctl+0x8d/0xc0
[ 61.942437] ksys_ioctl+0xab/0xd0
[ 61.942439] __x64_sys_ioctl+0x73/0xb0
[ 61.942441] do_syscall_64+0xfd/0x620
[ 61.942444] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 61.942446] RIP: 0033:0x4412b9
[ 61.942455] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 61.942457] RSP: 002b:00007fff9e19a6a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 61.942464] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004412b9
[ 61.942467] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000004
[ 61.942471] RBP: 000000000000f003 R08: 00000000004002c8 R09: 00000000004002c8
[ 61.942475] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004020e0
[ 61.942478] R13: 0000000000402170 R14: 0000000000000000 R15: 0000000000000000
[ 61.944373] Kernel Offset: disabled
[ 62.922176] Rebooting in 86400 seconds..