INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.130' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 39.607300][ T107] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 39.847288][ T107] usb 1-1: Using ep0 maxpacket: 8 [ 39.967394][ T107] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 39.978605][ T107] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 39.991894][ T107] usb 1-1: New USB device found, idVendor=054c, idProduct=0374, bcdDevice= 0.00 [ 40.001057][ T107] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.010310][ T107] usb 1-1: config 0 descriptor?? [ 40.489113][ T107] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 40.495997][ T107] sony 0003:054C:0374.0001: unknown main item tag 0x3 [ 40.502875][ T107] sony 0003:054C:0374.0001: unknown main item tag 0xd [ 40.509788][ T107] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 40.516552][ T107] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 40.523382][ T107] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 40.530204][ T107] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 40.537172][ T107] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 40.544043][ T107] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 40.550937][ T107] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 40.557761][ T107] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 40.564727][ T107] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 40.571724][ T107] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 40.578735][ T107] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 40.585503][ T107] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 40.592346][ T107] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 40.602121][ T107] sony 0003:054C:0374.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 054c:0374] on usb-dummy_hcd.0-1/input0 [ 40.613931][ T107] sony 0003:054C:0374.0001: failed to claim input executing program [ 40.688782][ T21] usb 1-1: USB disconnect, device number 2 [ 40.696563][ T21] ------------[ cut here ]------------ [ 40.702869][ T21] ODEBUG: free active (active state 0) object type: timer_list hint: hid_retry_timeout+0x0/0xd0 [ 40.713321][ T21] WARNING: CPU: 1 PID: 21 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 [ 40.722757][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 40.729334][ T21] CPU: 1 PID: 21 Comm: kworker/1:1 Not tainted 5.2.0-rc6+ #15 [ 40.736767][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.746813][ T21] Workqueue: usb_hub_wq hub_event [ 40.751813][ T21] Call Trace: [ 40.755139][ T21] dump_stack+0xca/0x13e [ 40.759374][ T21] ? debug_print_object+0xe0/0x250 [ 40.764470][ T21] panic+0x292/0x6c9 [ 40.768354][ T21] ? __warn_printk+0xf3/0xf3 [ 40.772932][ T21] ? debug_print_object+0x160/0x250 [ 40.778109][ T21] ? __probe_kernel_read+0x16c/0x1b0 [ 40.783375][ T21] ? __warn.cold+0x5/0x4b [ 40.787687][ T21] ? __warn+0xe4/0x1c0 [ 40.791732][ T21] ? debug_print_object+0x160/0x250 [ 40.796910][ T21] __warn.cold+0x20/0x4b [ 40.801134][ T21] ? debug_print_object+0x160/0x250 [ 40.806422][ T21] report_bug+0x262/0x2a0 [ 40.810744][ T21] do_error_trap+0x12b/0x1e0 [ 40.815334][ T21] ? debug_print_object+0x160/0x250 [ 40.820520][ T21] do_invalid_op+0x32/0x40 [ 40.824919][ T21] ? debug_print_object+0x160/0x250 [ 40.830100][ T21] invalid_op+0x14/0x20 [ 40.834325][ T21] RIP: 0010:debug_print_object+0x160/0x250 [ 40.840106][ T21] Code: dd e0 16 ba 85 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd e0 16 ba 85 48 c7 c7 c0 0c ba 85 e8 db c7 33 ff <0f> 0b 83 05 03 6e 86 05 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 40.859705][ T21] RSP: 0018:ffff8881d9eff710 EFLAGS: 00010086 [ 40.865792][ T21] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 40.873757][ T21] RDX: 0000000000000000 RSI: ffffffff8127ef3d RDI: ffffed103b3dfed4 [ 40.881741][ T21] RBP: 0000000000000001 R08: ffff8881d9e36000 R09: ffffed103b663ed7 [ 40.889697][ T21] R10: ffffed103b663ed6 R11: ffff8881db31f6b7 R12: ffffffff86b04760 [ 40.897656][ T21] R13: ffffffff812db3c0 R14: ffffffff88f4bae8 R15: ffff8881d0e1a8c8 [ 40.905626][ T21] ? calc_wheel_index+0x220/0x220 [ 40.910641][ T21] ? vprintk_func+0x7d/0x113 [ 40.915222][ T21] debug_check_no_obj_freed+0x2a3/0x42e [ 40.920755][ T21] __free_pages_ok+0x215/0x1bb0 [ 40.925597][ T21] ? usbhid_disconnect+0x98/0xd0 [ 40.930522][ T21] ? rcu_read_lock_sched_held+0x113/0x130 [ 40.936254][ T21] usbhid_disconnect+0x98/0xd0 [ 40.941010][ T21] usb_unbind_interface+0x1bd/0x8a0 [ 40.946197][ T21] ? usb_autoresume_device+0x60/0x60 [ 40.951469][ T21] device_release_driver_internal+0x404/0x4c0 [ 40.957530][ T21] bus_remove_device+0x2dc/0x4a0 [ 40.962454][ T21] device_del+0x460/0xb80 [ 40.966776][ T21] ? __device_links_no_driver+0x240/0x240 [ 40.972502][ T21] ? usb_remove_ep_devs+0x3e/0x80 [ 40.977618][ T21] ? remove_intf_ep_devs+0x13f/0x1d0 [ 40.982892][ T21] usb_disable_device+0x211/0x690 [ 40.987905][ T21] usb_disconnect+0x284/0x830 [ 40.992571][ T21] hub_event+0x13bd/0x3550 [ 40.997067][ T21] ? hub_port_debounce+0x260/0x260 [ 41.002171][ T21] process_one_work+0x905/0x1570 [ 41.007104][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 41.012472][ T21] ? do_raw_spin_lock+0x11a/0x280 [ 41.017498][ T21] worker_thread+0x96/0xe20 [ 41.022016][ T21] ? process_one_work+0x1570/0x1570 [ 41.027211][ T21] kthread+0x30b/0x410 [ 41.031295][ T21] ? kthread_park+0x1a0/0x1a0 [ 41.035965][ T21] ret_from_fork+0x24/0x30 [ 41.040370][ T21] [ 41.040375][ T21] ====================================================== [ 41.040380][ T21] WARNING: possible circular locking dependency detected [ 41.040384][ T21] 5.2.0-rc6+ #15 Not tainted [ 41.040389][ T21] ------------------------------------------------------ [ 41.040393][ T21] kworker/1:1/21 is trying to acquire lock: [ 41.040396][ T21] 00000000f76098a6 ((console_sem).lock){-.-.}, at: down_trylock+0xe/0x60 [ 41.040410][ T21] [ 41.040413][ T21] but task is already holding lock: [ 41.040416][ T21] 00000000a644d969 (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xc4/0x42e [ 41.040430][ T21] [ 41.040434][ T21] which lock already depends on the new lock. [ 41.040436][ T21] [ 41.040439][ T21] [ 41.040443][ T21] the existing dependency chain (in reverse order) is: [ 41.040446][ T21] [ 41.040448][ T21] -> #3 (&obj_hash[i].lock){-.-.}: [ 41.040461][ T21] _raw_spin_lock_irqsave+0x32/0x50 [ 41.040465][ T21] __debug_object_init+0xb7/0xac0 [ 41.040469][ T21] hrtimer_init+0x27/0x260 [ 41.040473][ T21] init_dl_task_timer+0x17/0x50 [ 41.040477][ T21] __sched_fork.isra.0+0x207/0x460 [ 41.040480][ T21] init_idle+0x6c/0x760 [ 41.040484][ T21] sched_init+0x91f/0x9bc [ 41.040487][ T21] start_kernel+0x347/0x81a [ 41.040491][ T21] secondary_startup_64+0xa4/0xb0 [ 41.040493][ T21] [ 41.040495][ T21] -> #2 (&rq->lock){-.-.}: [ 41.040508][ T21] _raw_spin_lock+0x27/0x40 [ 41.040512][ T21] task_fork_fair+0x37/0x550 [ 41.040515][ T21] sched_fork+0x3a4/0x8d0 [ 41.040519][ T21] copy_process.part.0+0x16c1/0x63a0 [ 41.040523][ T21] _do_fork+0x233/0xec0 [ 41.040531][ T21] kernel_thread+0x2f/0x40 [ 41.040534][ T21] rest_init+0x23/0x371 [ 41.040538][ T21] start_kernel+0x7e0/0x81a [ 41.040542][ T21] secondary_startup_64+0xa4/0xb0 [ 41.040544][ T21] [ 41.040546][ T21] -> #1 (&p->pi_lock){-.-.}: [ 41.040559][ T21] _raw_spin_lock_irqsave+0x32/0x50 [ 41.040563][ T21] try_to_wake_up+0x80/0x1410 [ 41.040566][ T21] up+0x92/0xe0 [ 41.040570][ T21] __up_console_sem+0x42/0x80 [ 41.040573][ T21] console_unlock+0x5ab/0xbf0 [ 41.040577][ T21] vprintk_emit+0x171/0x3e0 [ 41.040581][ T21] vprintk_func+0x75/0x113 [ 41.040584][ T21] printk+0xba/0xed [ 41.040587][ T21] do_exit.cold+0x148/0x230 [ 41.040591][ T21] do_group_exit+0x125/0x350 [ 41.040595][ T21] __x64_sys_exit_group+0x3a/0x50 [ 41.040598][ T21] do_syscall_64+0xb7/0x560 [ 41.040603][ T21] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.040605][ T21] [ 41.040607][ T21] -> #0 ((console_sem).lock){-.-.}: [ 41.040620][ T21] lock_acquire+0x100/0x2b0 [ 41.040624][ T21] _raw_spin_lock_irqsave+0x32/0x50 [ 41.040628][ T21] down_trylock+0xe/0x60 [ 41.040632][ T21] __down_trylock_console_sem+0x31/0xc0 [ 41.040635][ T21] console_trylock+0x12/0x90 [ 41.040639][ T21] vprintk_emit+0x158/0x3e0 [ 41.040642][ T21] vprintk_func+0x75/0x113 [ 41.040646][ T21] printk+0xba/0xed [ 41.040649][ T21] __warn_printk+0x9b/0xf3 [ 41.040653][ T21] debug_print_object+0x160/0x250 [ 41.040657][ T21] debug_check_no_obj_freed+0x2a3/0x42e [ 41.040661][ T21] __free_pages_ok+0x215/0x1bb0 [ 41.040665][ T21] usbhid_disconnect+0x98/0xd0 [ 41.040669][ T21] usb_unbind_interface+0x1bd/0x8a0 [ 41.040673][ T21] device_release_driver_internal+0x404/0x4c0 [ 41.040677][ T21] bus_remove_device+0x2dc/0x4a0 [ 41.040681][ T21] device_del+0x460/0xb80 [ 41.040685][ T21] usb_disable_device+0x211/0x690 [ 41.040688][ T21] usb_disconnect+0x284/0x830 [ 41.040692][ T21] hub_event+0x13bd/0x3550 [ 41.040696][ T21] process_one_work+0x905/0x1570 [ 41.040699][ T21] worker_thread+0x96/0xe20 [ 41.040703][ T21] kthread+0x30b/0x410 [ 41.040706][ T21] ret_from_fork+0x24/0x30 [ 41.040708][ T21] [ 41.040712][ T21] other info that might help us debug this: [ 41.040715][ T21] [ 41.040717][ T21] Chain exists of: [ 41.040720][ T21] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 41.040736][ T21] [ 41.040740][ T21] Possible unsafe locking scenario: [ 41.040742][ T21] [ 41.040746][ T21] CPU0 CPU1 [ 41.040750][ T21] ---- ---- [ 41.040752][ T21] lock(&obj_hash[i].lock); [ 41.040761][ T21] lock(&rq->lock); [ 41.040769][ T21] lock(&obj_hash[i].lock); [ 41.040777][ T21] lock((console_sem).lock); [ 41.040784][ T21] [ 41.040787][ T21] *** DEADLOCK *** [ 41.040789][ T21] [ 41.040793][ T21] 6 locks held by kworker/1:1/21: [ 41.040795][ T21] #0: 000000007de29873 ((wq_completion)usb_hub_wq){+.+.}, at: process_one_work+0x81a/0x1570 [ 41.040811][ T21] #1: 00000000b9a33fd8 ((work_completion)(&hub->events)){+.+.}, at: process_one_work+0x84e/0x1570 [ 41.040827][ T21] #2: 000000008891b8a1 (&dev->mutex){....}, at: hub_event+0x179/0x3550 [ 41.040843][ T21] #3: 000000000ab86670 (&dev->mutex){....}, at: usb_disconnect+0x91/0x830 [ 41.040858][ T21] #4: 000000001edc1545 (&dev->mutex){....}, at: device_release_driver_internal+0x23/0x4c0 [ 41.040874][ T21] #5: 00000000a644d969 (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xc4/0x42e [ 41.040890][ T21] [ 41.040893][ T21] stack backtrace: [ 41.040898][ T21] CPU: 1 PID: 21 Comm: kworker/1:1 Not tainted 5.2.0-rc6+ #15 [ 41.040904][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.040907][ T21] Workqueue: usb_hub_wq hub_event [ 41.040912][ T21] Call Trace: [ 41.040916][ T21] dump_stack+0xca/0x13e [ 41.040920][ T21] print_circular_bug.cold+0x1c4/0x282 [ 41.040923][ T21] __lock_acquire+0x3654/0x5340 [ 41.040927][ T21] ? add_lock_to_list.isra.0+0x17f/0x2d0 [ 41.040930][ T21] ? mark_held_locks+0xe0/0xe0 [ 41.040934][ T21] ? enable_ptr_key_workfn+0x30/0x30 [ 41.040937][ T21] ? memcpy+0x35/0x50 [ 41.040941][ T21] ? kvm_sched_clock_read+0x14/0x30 [ 41.040944][ T21] ? sched_clock+0x5/0x10 [ 41.040947][ T21] lock_acquire+0x100/0x2b0 [ 41.040951][ T21] ? down_trylock+0xe/0x60 [ 41.040954][ T21] ? vprintk_emit+0x158/0x3e0 [ 41.040958][ T21] _raw_spin_lock_irqsave+0x32/0x50 [ 41.040961][ T21] ? down_trylock+0xe/0x60 [ 41.040964][ T21] down_trylock+0xe/0x60 [ 41.040968][ T21] ? vprintk_emit+0x158/0x3e0 [ 41.040971][ T21] ? vprintk_emit+0x158/0x3e0 [ 41.040975][ T21] __down_trylock_console_sem+0x31/0xc0 [ 41.040978][ T21] console_trylock+0x12/0x90 [ 41.040982][ T21] vprintk_emit+0x158/0x3e0 [ 41.040985][ T21] ? calc_wheel_index+0x220/0x220 [ 41.040988][ T21] vprintk_func+0x75/0x113 [ 41.040991][ T21] printk+0xba/0xed [ 41.040995][ T21] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 41.040999][ T21] ? mark_held_locks+0xe0/0xe0 [ 41.041002][ T21] ? __warn_printk+0x8f/0xf3 [ 41.041005][ T21] ? usbhid_open+0x340/0x340 [ 41.041009][ T21] __warn_printk+0x9b/0xf3 [ 41.041012][ T21] ? add_taint.cold+0x16/0x16 [ 41.041016][ T21] ? debug_check_no_obj_freed+0x20a/0x42e [ 41.041020][ T21] ? do_raw_spin_lock+0x11a/0x280 [ 41.041023][ T21] ? lock_acquire+0x100/0x2b0 [ 41.041026][ T21] ? usbhid_open+0x340/0x340 [ 41.041030][ T21] debug_print_object+0x160/0x250 [ 41.041034][ T21] debug_check_no_obj_freed+0x2a3/0x42e [ 41.041038][ T21] __free_pages_ok+0x215/0x1bb0 [ 41.041041][ T21] ? usbhid_disconnect+0x98/0xd0 [ 41.041045][ T21] ? rcu_read_lock_sched_held+0x113/0x130 [ 41.041049][ T21] usbhid_disconnect+0x98/0xd0 [ 41.041052][ T21] usb_unbind_interface+0x1bd/0x8a0 [ 41.041056][ T21] ? usb_autoresume_device+0x60/0x60 [ 41.041060][ T21] device_release_driver_internal+0x404/0x4c0 [ 41.041064][ T21] bus_remove_device+0x2dc/0x4a0 [ 41.041067][ T21] device_del+0x460/0xb80 [ 41.041071][ T21] ? __device_links_no_driver+0x240/0x240 [ 41.041074][ T21] ? usb_remove_ep_devs+0x3e/0x80 [ 41.041078][ T21] ? remove_intf_ep_devs+0x13f/0x1d0 [ 41.041082][ T21] usb_disable_device+0x211/0x690 [ 41.041085][ T21] usb_disconnect+0x284/0x830 [ 41.041089][ T21] hub_event+0x13bd/0x3550 [ 41.041092][ T21] ? hub_port_debounce+0x260/0x260 [ 41.041096][ T21] process_one_work+0x905/0x1570 [ 41.041099][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 41.041103][ T21] ? do_raw_spin_lock+0x11a/0x280 [ 41.041106][ T21] worker_thread+0x96/0xe20 [ 41.041110][ T21] ? process_one_work+0x1570/0x1570 [ 41.041113][ T21] kthread+0x30b/0x410 [ 41.041116][ T21] ? kthread_park+0x1a0/0x1a0 [ 41.041120][ T21] ret_from_fork+0x24/0x30 [ 42.090965][ T21] Shutting down cpus with NMI [ 42.950913][ T21] Kernel Offset: disabled [ 42.955347][ T21] Rebooting in 86400 seconds..