[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 26.048938] kauditd_printk_skb: 7 callbacks suppressed [ 26.048950] audit: type=1800 audit(1539455424.181:29): pid=5429 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 26.076961] audit: type=1800 audit(1539455424.181:30): pid=5429 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.964233] ------------[ cut here ]------------ [ 40.971262] ODEBUG: free active (active state 1) object type: rcu_head hint: (null) [ 40.980230] WARNING: CPU: 0 PID: 0 at lib/debugobjects.c:329 debug_print_object+0x16a/0x210 [ 40.988722] Kernel panic - not syncing: panic_on_warn set ... [ 40.988722] [ 40.996087] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.0-rc7-next-20181012+ #93 [ 41.003872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.013220] Call Trace: [ 41.015813] dump_stack+0x244/0x3ab [ 41.019446] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.024640] panic+0x238/0x4e7 [ 41.027835] ? add_taint.cold.5+0x16/0x16 [ 41.031984] ? __warn.cold.8+0x148/0x1ba [ 41.036046] ? __warn.cold.8+0x117/0x1ba [ 41.040115] ? debug_print_object+0x16a/0x210 [ 41.044607] __warn.cold.8+0x163/0x1ba [ 41.048494] ? debug_print_object+0x16a/0x210 [ 41.052990] report_bug+0x254/0x2d0 [ 41.056621] do_error_trap+0x11b/0x200 [ 41.060599] do_invalid_op+0x36/0x40 [ 41.064319] ? debug_print_object+0x16a/0x210 [ 41.068813] invalid_op+0x14/0x20 [ 41.072269] RIP: 0010:debug_print_object+0x16a/0x210 [ 41.077384] Code: 41 88 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14 dd 20 07 41 88 4c 89 fe 48 c7 c7 c0 fc 40 88 e8 96 e0 b3 fd <0f> 0b 83 05 c9 dd 5e 06 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f [ 41.096306] RSP: 0018:ffffffff892076a0 EFLAGS: 00010082 [ 41.101673] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 41.108938] RDX: 0000000000000000 RSI: ffffffff8164bc15 RDI: 0000000000000005 [ 41.116203] RBP: ffffffff892076e0 R08: ffffffff89276e80 R09: ffffed003b5c3eda [ 41.123469] R10: ffffed003b5c3eda R11: ffff8801dae1f6d7 R12: 0000000000000001 [ 41.130737] R13: ffffffff8939a4e0 R14: 0000000000000000 R15: ffffffff88410160 [ 41.138021] ? vprintk_func+0x85/0x181 [ 41.141920] debug_check_no_obj_freed+0x3ae/0x58d [ 41.146771] ? debug_object_activate+0x600/0x600 [ 41.151524] ? check_preemption_disabled+0x48/0x200 [ 41.156552] kmem_cache_free+0x202/0x290 [ 41.160614] free_task+0x16e/0x1f0 [ 41.164156] ? arch_release_task_struct+0x10/0x10 [ 41.168998] ? atomic_notifier_call_chain+0xed/0x190 [ 41.174104] __put_task_struct+0x2e6/0x620 [ 41.178336] ? free_task+0x1f0/0x1f0 [ 41.182049] ? free_unref_page+0x960/0x960 [ 41.186284] ? __phys_addr+0xa6/0x120 [ 41.190110] finish_task_switch+0x66c/0x900 [ 41.194432] ? __switch_to_asm+0x40/0x70 [ 41.198496] ? preempt_notifier_register+0x200/0x200 [ 41.203600] ? __switch_to_asm+0x34/0x70 [ 41.207665] ? __switch_to_asm+0x34/0x70 [ 41.211721] ? __switch_to_asm+0x40/0x70 [ 41.215782] ? __switch_to_asm+0x34/0x70 [ 41.219841] ? __switch_to_asm+0x40/0x70 [ 41.223901] ? __switch_to_asm+0x34/0x70 [ 41.227963] ? __switch_to_asm+0x40/0x70 [ 41.232022] ? __switch_to_asm+0x34/0x70 [ 41.236093] ? __switch_to_asm+0x34/0x70 [ 41.240153] ? __switch_to_asm+0x40/0x70 [ 41.244217] ? __switch_to_asm+0x34/0x70 [ 41.248274] ? __switch_to_asm+0x40/0x70 [ 41.252349] ? __switch_to_asm+0x34/0x70 [ 41.256408] ? __switch_to_asm+0x40/0x70 [ 41.260471] __schedule+0x8d7/0x21d0 [ 41.264192] ? __sched_text_start+0x8/0x8 [ 41.268344] ? kvm_clock_read+0x18/0x30 [ 41.272331] ? tick_nohz_idle_exit+0x182/0x2d0 [ 41.276913] ? tick_nohz_idle_exit+0x182/0x2d0 [ 41.281501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.287039] ? check_preemption_disabled+0x48/0x200 [ 41.292056] ? kasan_check_write+0x14/0x20 [ 41.296296] ? sched_ttwu_pending+0xae/0x2d0 [ 41.300708] ? sched_set_stop_task+0x290/0x290 [ 41.305306] schedule_idle+0x45/0x80 [ 41.309029] do_idle+0x36e/0x5c0 [ 41.312400] ? arch_cpu_idle_exit+0x70/0x70 [ 41.316726] ? check_preemption_disabled+0x48/0x200 [ 41.321746] ? __schedule+0x21d0/0x21d0 [ 41.325724] cpu_startup_entry+0x10c/0x120 [ 41.329962] ? cpu_in_idle+0x20/0x20 [ 41.333680] rest_init+0x243/0x372 [ 41.337223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.342762] arch_call_rest_init+0xe/0x1b [ 41.346909] start_kernel+0x9f0/0xa2b [ 41.350724] ? mem_encrypt_init+0xb/0xb [ 41.354703] ? early_idt_handler_common+0x3b/0x60 [ 41.359551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.365094] ? x86_family+0x3e/0x50 [ 41.368724] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.374264] x86_64_start_reservations+0x29/0x2b [ 41.379033] x86_64_start_kernel+0x76/0x79 [ 41.383266] secondary_startup_64+0xa4/0xb0 [ 41.387599] [ 41.387605] ====================================================== [ 41.387611] WARNING: possible circular locking dependency detected [ 41.387616] 4.19.0-rc7-next-20181012+ #93 Not tainted [ 41.387621] ------------------------------------------------------ [ 41.387626] swapper/0/0 is trying to acquire lock: [ 41.387630] 0000000073a0a1e2 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70 [ 41.387646] [ 41.387650] but task is already holding lock: [ 41.387654] 0000000099c46a0a (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0x17a/0x58d [ 41.387670] [ 41.387675] which lock already depends on the new lock. [ 41.387677] [ 41.387680] [ 41.387685] the existing dependency chain (in reverse order) is: [ 41.387688] [ 41.387690] -> #3 (&obj_hash[i].lock){-.-.}: [ 41.387706] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.387711] __debug_object_init+0x127/0x1290 [ 41.387715] debug_object_init+0x16/0x20 [ 41.387719] hrtimer_init+0x97/0x490 [ 41.387724] init_dl_task_timer+0x1b/0x50 [ 41.387728] __sched_fork+0x2ae/0x590 [ 41.387732] init_idle+0x75/0x740 [ 41.387736] sched_init+0xb33/0xc02 [ 41.387740] start_kernel+0x4be/0xa2b [ 41.387744] x86_64_start_reservations+0x29/0x2b [ 41.387749] x86_64_start_kernel+0x76/0x79 [ 41.387753] secondary_startup_64+0xa4/0xb0 [ 41.387756] [ 41.387758] -> #2 (&rq->lock){-.-.}: [ 41.387773] _raw_spin_lock+0x2d/0x40 [ 41.387777] task_fork_fair+0xb0/0x6d0 [ 41.387781] sched_fork+0x443/0xba0 [ 41.387785] copy_process+0x2585/0x8760 [ 41.387789] _do_fork+0x1cb/0x11c0 [ 41.387793] kernel_thread+0x34/0x40 [ 41.387797] rest_init+0x28/0x372 [ 41.387801] arch_call_rest_init+0xe/0x1b [ 41.387806] start_kernel+0x9f0/0xa2b [ 41.387810] x86_64_start_reservations+0x29/0x2b [ 41.387815] x86_64_start_kernel+0x76/0x79 [ 41.387819] secondary_startup_64+0xa4/0xb0 [ 41.387822] [ 41.387824] -> #1 (&p->pi_lock){-.-.}: [ 41.387839] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.387844] try_to_wake_up+0xd2/0x12e0 [ 41.387848] wake_up_process+0x10/0x20 [ 41.387852] __up.isra.1+0x1c0/0x2a0 [ 41.387855] up+0x13c/0x1c0 [ 41.387860] __up_console_sem+0xbe/0x1b0 [ 41.387864] console_unlock+0x80c/0x1160 [ 41.387868] vprintk_emit+0x33d/0x930 [ 41.387872] vprintk_default+0x28/0x30 [ 41.387876] vprintk_func+0x7e/0x181 [ 41.387880] printk+0xa7/0xcf [ 41.387884] do_exit.cold.18+0x5b/0x21f [ 41.387888] do_group_exit+0x177/0x440 [ 41.387893] __x64_sys_exit_group+0x3e/0x50 [ 41.387897] do_syscall_64+0x1b9/0x820 [ 41.387902] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.387904] [ 41.387907] -> #0 ((console_sem).lock){-.-.}: [ 41.387922] lock_acquire+0x1ed/0x520 [ 41.387927] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.387931] down_trylock+0x13/0x70 [ 41.387936] __down_trylock_console_sem+0xae/0x1f0 [ 41.387940] console_trylock+0x15/0xa0 [ 41.387944] vprintk_emit+0x322/0x930 [ 41.387949] vprintk_default+0x28/0x30 [ 41.387953] vprintk_func+0x7e/0x181 [ 41.387957] printk+0xa7/0xcf [ 41.387961] __warn_printk+0x8c/0xe0 [ 41.387965] debug_print_object+0x16a/0x210 [ 41.387970] debug_check_no_obj_freed+0x3ae/0x58d [ 41.387974] kmem_cache_free+0x202/0x290 [ 41.387978] free_task+0x16e/0x1f0 [ 41.387983] __put_task_struct+0x2e6/0x620 [ 41.387987] finish_task_switch+0x66c/0x900 [ 41.387991] __schedule+0x8d7/0x21d0 [ 41.387996] schedule_idle+0x45/0x80 [ 41.387999] do_idle+0x36e/0x5c0 [ 41.388004] cpu_startup_entry+0x10c/0x120 [ 41.388008] rest_init+0x243/0x372 [ 41.388012] arch_call_rest_init+0xe/0x1b [ 41.388016] start_kernel+0x9f0/0xa2b [ 41.388021] x86_64_start_reservations+0x29/0x2b [ 41.388025] x86_64_start_kernel+0x76/0x79 [ 41.388030] secondary_startup_64+0xa4/0xb0 [ 41.388033] [ 41.388037] other info that might help us debug this: [ 41.388040] [ 41.388043] Chain exists of: [ 41.388045] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 41.388065] [ 41.388069] Possible unsafe locking scenario: [ 41.388072] [ 41.388076] CPU0 CPU1 [ 41.388081] ---- ---- [ 41.388083] lock(&obj_hash[i].lock); [ 41.388094] lock(&rq->lock); [ 41.388103] lock(&obj_hash[i].lock); [ 41.388112] lock((console_sem).lock); [ 41.388121] [ 41.388124] *** DEADLOCK *** [ 41.388127] [ 41.388130] 1 lock held by swapper/0/0: [ 41.388133] #0: 0000000099c46a0a (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0x17a/0x58d [ 41.388152] [ 41.388155] stack backtrace: [ 41.388162] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.0-rc7-next-20181012+ #93 [ 41.388169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.388173] Call Trace: [ 41.388176] dump_stack+0x244/0x3ab [ 41.388181] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.388186] ? vprintk_func+0x85/0x181 [ 41.388191] print_circular_bug.isra.35.cold.54+0x1bd/0x27d [ 41.388195] ? save_trace+0xe0/0x290 [ 41.388199] __lock_acquire+0x3445/0x4da0 [ 41.388203] ? mark_held_locks+0x130/0x130 [ 41.388208] ? mark_held_locks+0x130/0x130 [ 41.388212] ? __lock_acquire+0x678/0x4da0 [ 41.388217] ? __update_load_avg_blocked_se+0x690/0x690 [ 41.388221] ? print_usage_bug+0xc0/0xc0 [ 41.388225] ? print_usage_bug+0xc0/0xc0 [ 41.388230] ? __lock_acquire+0x678/0x4da0 [ 41.388234] ? __lock_acquire+0x678/0x4da0 [ 41.388238] ? find_held_lock+0x36/0x1c0 [ 41.388243] ? __lock_acquire+0x678/0x4da0 [ 41.388247] ? zap_class+0x640/0x640 [ 41.388251] ? print_usage_bug+0xc0/0xc0 [ 41.388256] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.388260] lock_acquire+0x1ed/0x520 [ 41.388264] ? down_trylock+0x13/0x70 [ 41.388268] ? lock_release+0xa10/0xa10 [ 41.388273] ? trace_hardirqs_off+0xb8/0x310 [ 41.388277] ? vprintk_emit+0x1d3/0x930 [ 41.388281] ? trace_hardirqs_on+0x310/0x310 [ 41.388294] ? trace_hardirqs_off+0xb8/0x310 [ 41.388304] ? log_store+0x344/0x4c0 [ 41.388308] ? vprintk_emit+0x322/0x930 [ 41.388312] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.388316] ? down_trylock+0x13/0x70 [ 41.388320] down_trylock+0x13/0x70 [ 41.388325] __down_trylock_console_sem+0xae/0x1f0 [ 41.388329] console_trylock+0x15/0xa0 [ 41.388333] vprintk_emit+0x322/0x930 [ 41.388337] ? wake_up_klogd+0x180/0x180 [ 41.388342] ? is_bpf_text_address+0xac/0x170 [ 41.388346] ? find_held_lock+0x36/0x1c0 [ 41.388350] ? zap_class+0x640/0x640 [ 41.388354] vprintk_default+0x28/0x30 [ 41.388358] vprintk_func+0x7e/0x181 [ 41.388362] printk+0xa7/0xcf [ 41.388367] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 41.388371] ? lock_acquire+0x1ed/0x520 [ 41.388375] ? __warn_printk+0x80/0xe0 [ 41.388379] __warn_printk+0x8c/0xe0 [ 41.388383] ? test_taint+0x20/0x20 [ 41.388387] ? kasan_check_read+0x11/0x20 [ 41.388391] ? do_raw_spin_lock+0x14f/0x330 [ 41.388396] ? kasan_check_read+0x11/0x20 [ 41.388400] ? __rwlock_init+0x140/0x140 [ 41.388404] debug_print_object+0x16a/0x210 [ 41.388409] debug_check_no_obj_freed+0x3ae/0x58d [ 41.388414] ? debug_object_activate+0x600/0x600 [ 41.388418] ? check_preemption_disabled+0x48/0x200 [ 41.388423] kmem_cache_free+0x202/0x290 [ 41.388427] free_task+0x16e/0x1f0 [ 41.388432] ? arch_release_task_struct+0x10/0x10 [ 41.388436] ? atomic_notifier_call_chain+0xed/0x190 [ 41.388441] __put_task_struct+0x2e6/0x620 [ 41.388445] ? free_task+0x1f0/0x1f0 [ 41.388449] ? free_unref_page+0x960/0x960 [ 41.388453] ? __phys_addr+0xa6/0x120 [ 41.388458] finish_task_switch+0x66c/0x900 [ 41.388462] ? __switch_to_asm+0x40/0x70 [ 41.388467] ? preempt_notifier_register+0x200/0x200 [ 41.388471] ? __switch_to_asm+0x34/0x70 [ 41.388475] ? __switch_to_asm+0x34/0x70 [ 41.388480] ? __switch_to_asm+0x40/0x70 [ 41.388484] ? __switch_to_asm+0x34/0x70 [ 41.388488] ? __switch_to_asm+0x40/0x70 [ 41.388493] ? __switch_to_asm+0x34/0x70 [ 41.388497] ? __switch_to_asm+0x40/0x70 [ 41.388501] ? __switch_to_asm+0x34/0x70 [ 41.388505] ? __switch_to_asm+0x34/0x70 [ 41.388509] ? __switch_to_asm+0x40/0x70 [ 41.388514] ? __switch_to_asm+0x34/0x70 [ 41.388518] ? __switch_to_asm+0x40/0x70 [ 41.388522] ? __switch_to_asm+0x34/0x70 [ 41.388526] ? __switch_to_asm+0x40/0x70 [ 41.388530] __schedule+0x8d7/0x21d0 [ 41.388535] ? __sched_text_start+0x8/0x8 [ 41.388539] ? kvm_clock_read+0x18/0x30 [ 41.388543] ? tick_nohz_idle_exit+0x182/0x2d0 [ 41.388548] ? tick_nohz_idle_exit+0x182/0x2d0 [ 41.388553] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.388558] ? check_preemption_disabled+0x48/0x200 [ 41.388562] ? kasan_check_write+0x14/0x20 [ 41.388567] ? sched_ttwu_pending+0xae/0x2d0 [ 41.388571] ? sched_set_stop_task+0x290/0x290 [ 41.388575] schedule_idle+0x45/0x80 [ 41.388579] do_idle+0x36e/0x5c0 [ 41.388583] ? arch_cpu_idle_exit+0x70/0x70 [ 41.388588] ? check_preemption_disabled+0x48/0x200 [ 41.388592] ? __schedule+0x21d0/0x21d0 [ 41.388597] cpu_startup_entry+0x10c/0x120 [ 41.388601] ? cpu_in_idle+0x20/0x20 [ 41.388605] rest_init+0x243/0x372 [ 41.388610] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.388614] arch_call_rest_init+0xe/0x1b [ 41.388618] start_kernel+0x9f0/0xa2b [ 41.388622] ? mem_encrypt_init+0xb/0xb [ 41.388627] ? early_idt_handler_common+0x3b/0x60 [ 41.388632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.388636] ? x86_family+0x3e/0x50 [ 41.388641] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.388646] x86_64_start_reservations+0x29/0x2b [ 41.388650] x86_64_start_kernel+0x76/0x79 [ 41.388654] secondary_startup_64+0xa4/0xb0 [ 41.389536] Kernel Offset: disabled [ 42.334303] Rebooting in 86400 seconds..