Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   27.448904] ODEBUG: free active (active state 1) object type: rcu_head hint:           (null)
[   27.458396] ------------[ cut here ]------------
[   27.463157] WARNING: CPU: 1 PID: 7972 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb
[   27.472146] Kernel panic - not syncing: panic_on_warn set ...
[   27.472146] 
[   27.479485] CPU: 1 PID: 7972 Comm: syz-executor199 Not tainted 4.14.290-syzkaller #0
[   27.487349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   27.496685] Call Trace:
[   27.499260]  dump_stack+0x1b2/0x281
[   27.502865]  panic+0x1f9/0x42d
[   27.506032]  ? add_taint.cold+0x16/0x16
[   27.509983]  ? debug_print_object.cold+0xa7/0xdb
[   27.514975]  ? debug_print_object.cold+0xa7/0xdb
[   27.519703]  __warn.cold+0x20/0x44
[   27.523218]  ? ist_end_non_atomic+0x10/0x10
[   27.527511]  ? debug_print_object.cold+0xa7/0xdb
[   27.532239]  report_bug+0x208/0x250
[   27.535840]  do_error_trap+0x195/0x2d0
[   27.539700]  ? math_error+0x2d0/0x2d0
[   27.543488]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.548306]  invalid_op+0x1b/0x40
[   27.551737] RIP: 0010:debug_print_object.cold+0xa7/0xdb
[   27.557079] RSP: 0018:ffff8880aa27f1d8 EFLAGS: 00010086
[   27.562427] RAX: 0000000000000051 RBX: 0000000000000003 RCX: 0000000000000000
[   27.569674] RDX: 0000000000000000 RSI: ffffffff878bc880 RDI: ffffed101544fe31
[   27.576920] RBP: ffffffff878b1a00 R08: 0000000000000051 R09: 0000000000000000
[   27.584164] R10: 0000000000000000 R11: ffff8880962d6380 R12: 0000000000000000
[   27.591409] R13: 0000000000000001 R14: ffff8880b4941d40 R15: ffff8880b57c2690
[   27.598667]  ? debug_print_object.cold+0xa7/0xdb
[   27.603399]  debug_check_no_obj_freed+0x3b7/0x680
[   27.608220]  ? debug_object_activate+0x490/0x490
[   27.612951]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   27.618377]  kfree+0xb9/0x250
[   27.621457]  __tcf_idr_release+0x202/0x260
[   27.625665]  tcf_sample_init+0x788/0x8c0
[   27.629810]  ? tcf_sample_cleanup_rcu+0x60/0x60
[   27.634464]  tcf_action_init_1+0x51a/0x9e0
[   27.638670]  ? tcf_action_dump_old+0x80/0x80
[   27.643135]  ? nla_parse+0x157/0x1f0
[   27.646837]  tcf_action_init+0x26d/0x400
[   27.650894]  ? tcf_action_init_1+0x9e0/0x9e0
[   27.655284]  ? memset+0x20/0x40
[   27.658551]  ? nla_parse+0x157/0x1f0
[   27.662504]  tc_ctl_action+0x2e3/0x510
[   27.666375]  ? tca_action_gd+0x790/0x790
[   27.670430]  ? rtnetlink_rcv_msg+0x2e8/0xb10
[   27.674816]  ? tca_action_gd+0x790/0x790
[   27.678853]  rtnetlink_rcv_msg+0x3be/0xb10
[   27.683091]  ? rtnl_calcit.isra.0+0x3a0/0x3a0
[   27.687563]  ? __netlink_lookup+0x345/0x5d0
[   27.691860]  netlink_rcv_skb+0x125/0x390
[   27.695898]  ? rtnl_calcit.isra.0+0x3a0/0x3a0
[   27.700368]  ? netlink_ack+0x9a0/0x9a0
[   27.704230]  netlink_unicast+0x437/0x610
[   27.708380]  ? netlink_sendskb+0xd0/0xd0
[   27.712417]  ? __check_object_size+0x179/0x230
[   27.717322]  netlink_sendmsg+0x648/0xbc0
[   27.721360]  ? nlmsg_notify+0x1b0/0x1b0
[   27.725306]  ? kernel_recvmsg+0x210/0x210
[   27.729429]  ? security_socket_sendmsg+0x83/0xb0
[   27.734157]  ? nlmsg_notify+0x1b0/0x1b0
[   27.738110]  sock_sendmsg+0xb5/0x100
[   27.741799]  ___sys_sendmsg+0x6c8/0x800
[   27.745746]  ? copy_msghdr_from_user+0x3b0/0x3b0
[   27.750489]  ? lock_downgrade+0x740/0x740
[   27.754614]  ? __lru_cache_add+0x178/0x250
[   27.758827]  ? do_raw_spin_unlock+0x164/0x220
[   27.763297]  ? _raw_spin_unlock+0x29/0x40
[   27.767429]  ? do_huge_pmd_anonymous_page+0x72e/0x1700
[   27.772677]  ? prep_transhuge_page+0xa0/0xa0
[   27.777078]  ? _raw_spin_unlock+0x29/0x40
[   27.781200]  ? __pmd_alloc+0x27f/0x3f0
[   27.785062]  ? __handle_mm_fault+0x80f/0x4620
[   27.789536]  ? lock_downgrade+0x740/0x740
[   27.793666]  ? vm_insert_page+0x7c0/0x7c0
[   27.797787]  ? __fdget+0x167/0x1f0
[   27.801301]  ? sockfd_lookup_light+0xb2/0x160
[   27.805769]  __sys_sendmsg+0xa3/0x120
[   27.809543]  ? SyS_shutdown+0x160/0x160
[   27.813494]  ? up_read+0x17/0x30
[   27.816837]  ? __do_page_fault+0x159/0xad0
[   27.821046]  SyS_sendmsg+0x27/0x40
[   27.824562]  ? __sys_sendmsg+0x120/0x120
[   27.828596]  do_syscall_64+0x1d5/0x640
[   27.832457]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   27.837617] RIP: 0033:0x7f2ea37bf259
[   27.841309] RSP: 002b:00007ffd62551f38 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   27.848992] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2ea37bf259
[   27.856241] RDX: 0000000000000000 RSI: 0000000020002980 RDI: 0000000000000003
[   27.863487] RBP: 00007f2ea3783240 R08: 0000000000000007 R09: 0000000000000000
[   27.870739] R10: 000000000000000c R11: 0000000000000246 R12: 00007f2ea37832d0
[   27.877984] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   27.885318] 
[   27.885320] ======================================================
[   27.885322] WARNING: possible circular locking dependency detected
[   27.885323] 4.14.290-syzkaller #0 Not tainted
[   27.885325] ------------------------------------------------------
[   27.885326] syz-executor199/7972 is trying to acquire lock:
[   27.885327]  ((console_sem).lock){....}, at: [<ffffffff8140d8de>] down_trylock+0xe/0x60
[   27.885331] 
[   27.885332] but task is already holding lock:
[   27.885333]  (&obj_hash[i].lock){-.-.}, at: [<ffffffff831a35c5>] debug_check_no_obj_freed+0x135/0x680
[   27.885337] 
[   27.885339] which lock already depends on the new lock.
[   27.885339] 
[   27.885340] 
[   27.885342] the existing dependency chain (in reverse order) is:
[   27.885343] 
[   27.885343] -> #5 (&obj_hash[i].lock){-.-.}:
[   27.885353]        _raw_spin_lock_irqsave+0x8c/0xc0
[   27.885354]        debug_object_activate+0x10f/0x490
[   27.885355]        enqueue_hrtimer+0x22/0x3b0
[   27.885357]        hrtimer_start_range_ns+0x4a0/0x10b0
[   27.885358]        schedule_hrtimeout_range_clock+0x144/0x320
[   27.885359]        wait_task_inactive+0x469/0x520
[   27.885361]        __kthread_bind_mask+0x1f/0xb0
[   27.885362]        create_worker+0x437/0x6c0
[   27.885363]        workqueue_init+0x4ef/0x756
[   27.885365]        kernel_init_freeable+0x3ac/0x626
[   27.885366]        kernel_init+0xd/0x15e
[   27.885367]        ret_from_fork+0x24/0x30
[   27.885367] 
[   27.885368] -> #4 (hrtimer_bases.lock){-.-.}:
[   27.885372]        _raw_spin_lock_irqsave+0x8c/0xc0
[   27.885374]        hrtimer_start_range_ns+0x77/0x10b0
[   27.885375]        enqueue_task_rt+0x584/0xf30
[   27.885377]        __sched_setscheduler.constprop.0+0xe73/0x2640
[   27.885378]        sched_setscheduler+0xfa/0x150
[   27.885379]        watchdog_enable+0x11b/0x170
[   27.885380]        smpboot_thread_fn+0x40d/0x920
[   27.885381]        kthread+0x30d/0x420
[   27.885383]        ret_from_fork+0x24/0x30
[   27.885383] 
[   27.885384] -> #3 (&rt_b->rt_runtime_lock){-.-.}:
[   27.885388]        _raw_spin_lock+0x2a/0x40
[   27.885389]        enqueue_task_rt+0x514/0xf30
[   27.885391]        __sched_setscheduler.constprop.0+0xe73/0x2640
[   27.885392]        sched_setscheduler+0xfa/0x150
[   27.885393]        watchdog_enable+0x11b/0x170
[   27.885395]        smpboot_thread_fn+0x40d/0x920
[   27.885396]        kthread+0x30d/0x420
[   27.885397]        ret_from_fork+0x24/0x30
[   27.885398] 
[   27.885398] -> #2 (&rq->lock){-.-.}:
[   27.885402]        _raw_spin_lock+0x2a/0x40
[   27.885403]        task_fork_fair+0x63/0x550
[   27.885405]        sched_fork+0x39a/0xb60
[   27.885406]        copy_process.part.0+0x15b2/0x71c0
[   27.885407]        _do_fork+0x184/0xc80
[   27.885408]        kernel_thread+0x2f/0x40
[   27.885409]        rest_init+0x1f/0x2a3
[   27.885411]        start_kernel+0x743/0x763
[   27.885412]        secondary_startup_64+0xa5/0xb0
[   27.885413] 
[   27.885413] -> #1 (&p->pi_lock){-.-.}:
[   27.885417]        _raw_spin_lock_irqsave+0x8c/0xc0
[   27.885419]        try_to_wake_up+0x6a/0x1100
[   27.885420]        up+0x75/0xb0
[   27.885421]        __up_console_sem+0xa9/0x1b0
[   27.885422]        console_unlock+0x531/0xf20
[   27.885423]        vt_ioctl+0x144c/0x1b90
[   27.885425]        tty_ioctl+0x50f/0x1430
[   27.885426]        do_vfs_ioctl+0x75a/0xff0
[   27.885427]        SyS_ioctl+0x7f/0xb0
[   27.885428]        do_syscall_64+0x1d5/0x640
[   27.885430]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   27.885430] 
[   27.885431] -> #0 ((console_sem).lock){....}:
[   27.885435]        lock_acquire+0x170/0x3f0
[   27.885436]        _raw_spin_lock_irqsave+0x8c/0xc0
[   27.885437]        down_trylock+0xe/0x60
[   27.885439]        __down_trylock_console_sem+0x97/0x1e0
[   27.885440]        vprintk_emit+0x1ee/0x620
[   27.885441]        vprintk_func+0x58/0x160
[   27.885442]        printk+0x9e/0xbc
[   27.885444]        debug_print_object.cold+0xa7/0xdb
[   27.885445]        debug_check_no_obj_freed+0x3b7/0x680
[   27.885446]        kfree+0xb9/0x250
[   27.885447]        __tcf_idr_release+0x202/0x260
[   27.885449]        tcf_sample_init+0x788/0x8c0
[   27.885450]        tcf_action_init_1+0x51a/0x9e0
[   27.885451]        tcf_action_init+0x26d/0x400
[   27.885452]        tc_ctl_action+0x2e3/0x510
[   27.885454]        rtnetlink_rcv_msg+0x3be/0xb10
[   27.885455]        netlink_rcv_skb+0x125/0x390
[   27.885456]        netlink_unicast+0x437/0x610
[   27.885457]        netlink_sendmsg+0x648/0xbc0
[   27.885458]        sock_sendmsg+0xb5/0x100
[   27.885460]        ___sys_sendmsg+0x6c8/0x800
[   27.885461]        __sys_sendmsg+0xa3/0x120
[   27.885462]        SyS_sendmsg+0x27/0x40
[   27.885463]        do_syscall_64+0x1d5/0x640
[   27.885464]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   27.885465] 
[   27.885466] other info that might help us debug this:
[   27.885467] 
[   27.885468] Chain exists of:
[   27.885469]   (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock
[   27.885474] 
[   27.885475]  Possible unsafe locking scenario:
[   27.885476] 
[   27.885477]        CPU0                    CPU1
[   27.885478]        ----                    ----
[   27.885479]   lock(&obj_hash[i].lock);
[   27.885482]                                lock(hrtimer_bases.lock);
[   27.885485]                                lock(&obj_hash[i].lock);
[   27.885487]   lock((console_sem).lock);
[   27.885489] 
[   27.885490]  *** DEADLOCK ***
[   27.885491] 
[   27.885492] 2 locks held by syz-executor199/7972:
[   27.885493]  #0:  (rtnl_mutex){+.+.}, at: [<ffffffff85c805bd>] rtnetlink_rcv_msg+0x31d/0xb10
[   27.885497]  #1:  (&obj_hash[i].lock){-.-.}, at: [<ffffffff831a35c5>] debug_check_no_obj_freed+0x135/0x680
[   27.885502] 
[   27.885503] stack backtrace:
[   27.885505] CPU: 1 PID: 7972 Comm: syz-executor199 Not tainted 4.14.290-syzkaller #0
[   27.885508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   27.885508] Call Trace:
[   27.885510]  dump_stack+0x1b2/0x281
[   27.885511]  print_circular_bug.constprop.0.cold+0x2d7/0x41e
[   27.885512]  __lock_acquire+0x2e0e/0x3f20
[   27.885513]  ? pointer+0x31f/0x9e0
[   27.885515]  ? trace_hardirqs_on+0x10/0x10
[   27.885516]  ? format_decode+0x1cb/0x890
[   27.885517]  ? check_preemption_disabled+0x35/0x240
[   27.885518]  ? kvm_clock_read+0x1f/0x30
[   27.885520]  ? kvm_sched_clock_read+0x5/0x10
[   27.885521]  ? sched_clock+0x2a/0x40
[   27.885522]  ? sched_clock_cpu+0x18/0x1b0
[   27.885523]  lock_acquire+0x170/0x3f0
[   27.885524]  ? down_trylock+0xe/0x60
[   27.885525]  ? vprintk_func+0x58/0x160
[   27.885527]  _raw_spin_lock_irqsave+0x8c/0xc0
[   27.885528]  ? down_trylock+0xe/0x60
[   27.885529]  down_trylock+0xe/0x60
[   27.885530]  ? vprintk_func+0x58/0x160
[   27.885531]  ? vprintk_func+0x58/0x160
[   27.885533]  __down_trylock_console_sem+0x97/0x1e0
[   27.885534]  vprintk_emit+0x1ee/0x620
[   27.885535]  vprintk_func+0x58/0x160
[   27.885536]  printk+0x9e/0xbc
[   27.885537]  ? log_store.cold+0x16/0x16
[   27.885538]  ? lock_acquire+0x170/0x3f0
[   27.885540]  ? debug_check_no_obj_freed+0x135/0x680
[   27.885541]  debug_print_object.cold+0xa7/0xdb
[   27.885542]  debug_check_no_obj_freed+0x3b7/0x680
[   27.885544]  ? debug_object_activate+0x490/0x490
[   27.885545]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   27.885546]  kfree+0xb9/0x250
[   27.885548]  __tcf_idr_release+0x202/0x260
[   27.885549]  tcf_sample_init+0x788/0x8c0
[   27.885550]  ? tcf_sample_cleanup_rcu+0x60/0x60
[   27.885551]  tcf_action_init_1+0x51a/0x9e0
[   27.885552]  ? tcf_action_dump_old+0x80/0x80
[   27.885554]  ? nla_parse+0x157/0x1f0
[   27.885555]  tcf_action_init+0x26d/0x400
[   27.885556]  ? tcf_action_init_1+0x9e0/0x9e0
[   27.885557]  ? memset+0x20/0x40
[   27.885558]  ? nla_parse+0x157/0x1f0
[   27.885559]  tc_ctl_action+0x2e3/0x510
[   27.885561]  ? tca_action_gd+0x790/0x790
[   27.885562]  ? rtnetlink_rcv_msg+0x2e8/0xb10
[   27.885563]  ? tca_action_gd+0x790/0x790
[   27.885564]  rtnetlink_rcv_msg+0x3be/0xb10
[   27.885566]  ? rtnl_calcit.isra.0+0x3a0/0x3a0
[   27.885567]  ? __netlink_lookup+0x345/0x5d0
[   27.885568]  netlink_rcv_skb+0x125/0x390
[   27.885569]  ? rtnl_calcit.isra.0+0x3a0/0x3a0
[   27.885570]  ? netlink_ack+0x9a0/0x9a0
[   27.885572]  netlink_unicast+0x437/0x610
[   27.885573]  ? netlink_sendskb+0xd0/0xd0
[   27.885574]  ? __check_object_size+0x179/0x230
[   27.885575]  netlink_sendmsg+0x648/0xbc0
[   27.885576]  ? nlmsg_notify+0x1b0/0x1b0
[   27.885578]  ? kernel_recvmsg+0x210/0x210
[   27.885579]  ? security_socket_sendmsg+0x83/0xb0
[   27.885580]  ? nlmsg_notify+0x1b0/0x1b0
[   27.885581]  sock_sendmsg+0xb5/0x100
[   27.885583]  ___sys_sendmsg+0x6c8/0x800
[   27.885584]  ? copy_msghdr_from_user+0x3b0/0x3b0
[   27.885585]  ? lock_downgrade+0x740/0x740
[   27.885586]  ? __lru_cache_add+0x178/0x250
[   27.885588]  ? do_raw_spin_unlock+0x164/0x220
[   27.885589]  ? _raw_spin_unlock+0x29/0x40
[   27.885590]  ? do_huge_pmd_anonymous_page+0x72e/0x1700
[   27.885591]  ? prep_transhuge_page+0xa0/0xa0
[   27.885593]  ? _raw_spin_unlock+0x29/0x40
[   27.885594]  ? __pmd_alloc+0x27f/0x3f0
[   27.885595]  ? __handle_mm_fault+0x80f/0x4620
[   27.885596]  ? lock_downgrade+0x740/0x740
[   27.885598]  ? vm_insert_page+0x7c0/0x7c0
[   27.885599]  ? __fdget+0x167/0x1f0
[   27.885600]  ? sockfd_lookup_light+0xb2/0x160
[   27.885601]  __sys_sendmsg+0xa3/0x120
[   27.885602]  ? SyS_shutdown+0x160/0x160
[   27.885603]  ? up_read+0x17/0x30
[   27.885604]  ? __do_page_fault+0x159/0xad0
[   27.885606]  SyS_sendmsg+0x27/0x40
[   27.885607]  ? __sys_sendmsg+0x120/0x120
[   27.885608]  do_syscall_64+0x1d5/0x640
[   27.885609]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   27.885610] RIP: 0033:0x7f2ea37bf259
[   27.885612] RSP: 002b:00007ffd62551f38 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   27.885615] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2ea37bf259
[   27.885617] RDX: 0000000000000000 RSI: 0000000020002980 RDI: 0000000000000003
[   27.885619] RBP: 00007f2ea3783240 R08: 0000000000000007 R09: 0000000000000000
[   27.885621] R10: 000000000000000c R11: 0000000000000246 R12: 00007f2ea37832d0
[   27.885622] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   27.885787] Kernel Offset: disabled
[   28.836494] Rebooting in 86400 seconds..