[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.772186] kauditd_printk_skb: 8 callbacks suppressed [ 29.772209] audit: type=1800 audit(1545490905.324:29): pid=5950 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.805524] audit: type=1800 audit(1545490905.334:30): pid=5950 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.648905] sshd (6086) used greatest stack depth: 15736 bytes left Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts. net.ipv6.conf.syz_tun.accept_dad = 0 [ 41.404963] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 41.660829] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.667576] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.675608] device bridge_slave_0 entered promiscuous mode [ 41.694034] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.700419] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.707678] device bridge_slave_1 entered promiscuous mode [ 41.725403] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 41.743231] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 41.794498] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 41.815373] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 41.891128] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 41.898483] team0: Port device team_slave_0 added [ 41.915063] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 41.922332] team0: Port device team_slave_1 added [ 41.940505] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 41.959900] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 41.979553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.998771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 42.143800] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.150484] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.157516] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.163890] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 42.681240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.735322] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.788856] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.795307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.802905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.851278] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 43.141243] Started in network mode [ 43.145460] Own node identity 5ab1ce9d262e, cluster identity 4711 [ 43.151833] FAULT_INJECTION: forcing a failure. [ 43.151833] name failslab, interval 1, probability 0, space 0, times 1 [ 43.163975] CPU: 1 PID: 6104 Comm: syz-executor926 Not tainted 4.20.0-rc7+ #358 [ 43.171419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.180763] Call Trace: [ 43.183351] dump_stack+0x1d3/0x2c6 [ 43.186973] ? dump_stack_print_info.cold.1+0x20/0x20 [ 43.192277] ? graph_lock+0x270/0x270 [ 43.196080] should_fail.cold.4+0xa/0x17 [ 43.200137] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 43.205253] ? find_held_lock+0x36/0x1c0 [ 43.209311] ? dev_add_pack+0x20d/0x2f0 [ 43.213289] ? lock_downgrade+0x900/0x900 [ 43.217452] ? graph_lock+0x270/0x270 [ 43.221271] ? kasan_check_read+0x11/0x20 [ 43.225419] ? do_raw_spin_unlock+0xa7/0x330 [ 43.229818] ? do_raw_spin_trylock+0x270/0x270 [ 43.234393] ? tipc_enable_l2_media+0x577/0xdd0 [ 43.239119] ? lock_downgrade+0x900/0x900 [ 43.243274] ? find_held_lock+0x36/0x1c0 [ 43.247332] ? tipc_disc_create+0x244/0xcc0 [ 43.251642] ? lock_downgrade+0x900/0x900 [ 43.255785] ? check_preemption_disabled+0x48/0x280 [ 43.260970] __should_failslab+0x124/0x180 [ 43.265300] should_failslab+0x9/0x14 [ 43.269100] kmem_cache_alloc_trace+0x4b/0x750 [ 43.273682] tipc_disc_create+0x2a3/0xcc0 [ 43.277825] ? tipc_disc_remove_dest+0x120/0x120 [ 43.282582] ? tipc_enable_bearer+0x90d/0xf10 [ 43.287088] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.292093] ? kmem_cache_alloc_trace+0x353/0x750 [ 43.296936] tipc_enable_bearer+0xb9f/0xf10 [ 43.301250] ? mutex_trylock+0x2b0/0x2b0 [ 43.305310] ? tipc_bearer_xmit_skb+0x350/0x350 [ 43.310051] ? nla_memcmp+0x90/0x90 [ 43.313683] ? lock_release+0xa00/0xa00 [ 43.317650] ? arch_local_save_flags+0x40/0x40 [ 43.322238] ? mark_held_locks+0x130/0x130 [ 43.326468] ? check_preemption_disabled+0x48/0x280 [ 43.331495] __tipc_nl_bearer_enable+0x37c/0x4a0 [ 43.336250] ? __tipc_nl_bearer_enable+0x37c/0x4a0 [ 43.341175] ? tipc_nl_bearer_disable+0x30/0x30 [ 43.345871] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.351402] ? __nla_parse+0x12c/0x3e0 [ 43.355287] tipc_nl_bearer_enable+0x22/0x30 [ 43.359688] genl_family_rcv_msg+0x8a7/0x11a0 [ 43.364260] ? genl_unregister_family+0x8a0/0x8a0 [ 43.369098] ? lock_downgrade+0x900/0x900 [ 43.373253] ? check_preemption_disabled+0x48/0x280 [ 43.378402] ? rcu_read_unlock_special+0x1d0/0x1d0 [ 43.383334] ? kasan_check_read+0x11/0x20 [ 43.387477] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 43.392744] ? rcu_softirq_qs+0x20/0x20 [ 43.396721] genl_rcv_msg+0xc6/0x168 [ 43.400426] netlink_rcv_skb+0x16c/0x430 [ 43.404479] ? genl_family_rcv_msg+0x11a0/0x11a0 [ 43.409235] ? netlink_ack+0xb70/0xb70 [ 43.413111] ? down_read+0x8d/0x120 [ 43.416734] genl_rcv+0x28/0x40 [ 43.420005] netlink_unicast+0x59f/0x750 [ 43.424063] ? netlink_attachskb+0x9a0/0x9a0 [ 43.428465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.433997] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 43.439007] netlink_sendmsg+0xa18/0xfc0 [ 43.443069] ? netlink_unicast+0x750/0x750 [ 43.447298] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 43.452235] ? apparmor_socket_sendmsg+0x29/0x30 [ 43.456988] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.462532] ? security_socket_sendmsg+0x94/0xc0 [ 43.467292] ? netlink_unicast+0x750/0x750 [ 43.471522] sock_sendmsg+0xd5/0x120 [ 43.475240] ___sys_sendmsg+0x7fd/0x930 [ 43.479220] ? rcu_softirq_qs+0x20/0x20 [ 43.483189] ? find_vpid+0xf0/0xf0 [ 43.486738] ? copy_msghdr_from_user+0x580/0x580 [ 43.491483] ? graph_lock+0x270/0x270 [ 43.495287] ? proc_fail_nth_write+0x9e/0x210 [ 43.499785] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.505323] ? __fget_light+0x2e9/0x430 [ 43.509293] ? fget_raw+0x20/0x20 [ 43.512740] ? find_held_lock+0x36/0x1c0 [ 43.516797] ? vfs_write+0x2f3/0x560 [ 43.520513] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 43.526048] ? sockfd_lookup_light+0xc5/0x160 [ 43.530536] __sys_sendmsg+0x11d/0x280 [ 43.534416] ? __ia32_sys_shutdown+0x80/0x80 [ 43.538817] ? __sb_end_write+0xd9/0x110 [ 43.542871] ? vfs_write+0x2ad/0x560 [ 43.546578] ? do_syscall_64+0x9a/0x820 [ 43.550542] ? do_syscall_64+0x9a/0x820 [ 43.554511] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 43.559962] __x64_sys_sendmsg+0x78/0xb0 [ 43.564027] do_syscall_64+0x1b9/0x820 [ 43.567912] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 43.573336] ? syscall_return_slowpath+0x5e0/0x5e0 [ 43.578263] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.583101] ? trace_hardirqs_on_caller+0x310/0x310 [ 43.588121] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 43.593137] ? prepare_exit_to_usermode+0x291/0x3b0 [ 43.598152] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.602998] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.608179] RIP: 0033:0x4456a9 [ 43.611379] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 4b cd fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 43.630275] RSP: 002b:00007ffc7161d698 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 43.637974] RAX: ffffffffffffffda RBX: 00007ffc7161d6e0 RCX: 00000000004456a9 [ 43.645255] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 43.652532] RBP: 0000000000000004 R08: 0000000000000001 R09: 0000000000000100 [ 43.659810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 43.667072] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 [ 43.676946] Disabling bearer [ 43.682688] ------------[ cut here ]------------ [ 43.688835] ODEBUG: free active (active state 1) object type: rcu_head hint: (null) [ 43.697695] WARNING: CPU: 1 PID: 6104 at lib/debugobjects.c:328 debug_print_object+0x16a/0x210 [ 43.706436] Kernel panic - not syncing: panic_on_warn set ... [ 43.712310] CPU: 1 PID: 6104 Comm: syz-executor926 Not tainted 4.20.0-rc7+ #358 [ 43.719738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.729076] Call Trace: [ 43.731652] dump_stack+0x1d3/0x2c6 [ 43.735270] ? dump_stack_print_info.cold.1+0x20/0x20 [ 43.740449] panic+0x2ad/0x55c [ 43.743628] ? add_taint.cold.5+0x16/0x16 [ 43.747765] ? __warn.cold.8+0x5/0x45 [ 43.751552] ? __warn+0xe8/0x1d0 [ 43.754974] ? debug_print_object+0x16a/0x210 [ 43.759471] __warn.cold.8+0x20/0x45 [ 43.763177] ? debug_print_object+0x16a/0x210 [ 43.767682] report_bug+0x254/0x2d0 [ 43.771526] do_error_trap+0x11b/0x200 [ 43.775412] do_invalid_op+0x36/0x40 [ 43.779264] ? debug_print_object+0x16a/0x210 [ 43.783753] invalid_op+0x14/0x20 [ 43.787195] RIP: 0010:debug_print_object+0x16a/0x210 [ 43.792302] Code: 60 88 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14 dd e0 f7 60 88 4c 89 fe 48 c7 c7 80 ed 60 88 e8 16 a6 b7 fd <0f> 0b 83 05 61 92 86 06 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f [ 43.811191] RSP: 0018:ffff8881b3856fe0 EFLAGS: 00010086 [ 43.816558] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 43.823815] RDX: 0000000000000000 RSI: ffffffff81653fa5 RDI: 0000000000000005 [ 43.831073] RBP: ffff8881b3857020 R08: ffff8881bd440300 R09: ffffed103b5e3ef8 [ 43.838331] R10: ffffed103b5e3ef8 R11: ffff8881daf1f7c7 R12: 0000000000000001 [ 43.845592] R13: ffffffff8959bf20 R14: 0000000000000000 R15: ffffffff8860f220 [ 43.852865] ? vprintk_func+0x85/0x181 [ 43.856753] debug_check_no_obj_freed+0x3ae/0x58d [ 43.861594] ? free_obj_work+0xb80/0xb80 [ 43.865651] kfree+0xbd/0x230 [ 43.868749] tipc_enable_bearer+0xefa/0xf10 [ 43.873064] ? mutex_trylock+0x2b0/0x2b0 [ 43.877116] ? tipc_bearer_xmit_skb+0x350/0x350 [ 43.881772] ? nla_memcmp+0x90/0x90 [ 43.885393] ? lock_release+0xa00/0xa00 [ 43.889356] ? arch_local_save_flags+0x40/0x40 [ 43.893928] ? mark_held_locks+0x130/0x130 [ 43.898152] ? check_preemption_disabled+0x48/0x280 [ 43.903167] __tipc_nl_bearer_enable+0x37c/0x4a0 [ 43.907914] ? __tipc_nl_bearer_enable+0x37c/0x4a0 [ 43.912894] ? tipc_nl_bearer_disable+0x30/0x30 [ 43.917564] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.923096] ? __nla_parse+0x12c/0x3e0 [ 43.926979] tipc_nl_bearer_enable+0x22/0x30 [ 43.931376] genl_family_rcv_msg+0x8a7/0x11a0 [ 43.935878] ? genl_unregister_family+0x8a0/0x8a0 [ 43.940724] ? lock_downgrade+0x900/0x900 [ 43.944871] ? check_preemption_disabled+0x48/0x280 [ 43.949943] ? rcu_read_unlock_special+0x1d0/0x1d0 [ 43.954870] ? kasan_check_read+0x11/0x20 [ 43.959008] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 43.964281] ? rcu_softirq_qs+0x20/0x20 [ 43.968258] genl_rcv_msg+0xc6/0x168 [ 43.971965] netlink_rcv_skb+0x16c/0x430 [ 43.976016] ? genl_family_rcv_msg+0x11a0/0x11a0 [ 43.980763] ? netlink_ack+0xb70/0xb70 [ 43.984639] ? down_read+0x8d/0x120 [ 43.988379] genl_rcv+0x28/0x40 [ 43.991651] netlink_unicast+0x59f/0x750 [ 43.995704] ? netlink_attachskb+0x9a0/0x9a0 [ 44.000104] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.005633] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 44.010640] netlink_sendmsg+0xa18/0xfc0 [ 44.014692] ? netlink_unicast+0x750/0x750 [ 44.018913] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 44.023833] ? apparmor_socket_sendmsg+0x29/0x30 [ 44.028579] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.034194] ? security_socket_sendmsg+0x94/0xc0 [ 44.038969] ? netlink_unicast+0x750/0x750 [ 44.043196] sock_sendmsg+0xd5/0x120 [ 44.046919] ___sys_sendmsg+0x7fd/0x930 [ 44.050880] ? rcu_softirq_qs+0x20/0x20 [ 44.054846] ? find_vpid+0xf0/0xf0 [ 44.058375] ? copy_msghdr_from_user+0x580/0x580 [ 44.063124] ? graph_lock+0x270/0x270 [ 44.066918] ? proc_fail_nth_write+0x9e/0x210 [ 44.071402] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.076932] ? __fget_light+0x2e9/0x430 [ 44.080896] ? fget_raw+0x20/0x20 [ 44.084342] ? find_held_lock+0x36/0x1c0 [ 44.088395] ? vfs_write+0x2f3/0x560 [ 44.092103] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 44.097631] ? sockfd_lookup_light+0xc5/0x160 [ 44.102117] __sys_sendmsg+0x11d/0x280 [ 44.105995] ? __ia32_sys_shutdown+0x80/0x80 [ 44.110392] ? __sb_end_write+0xd9/0x110 [ 44.114443] ? vfs_write+0x2ad/0x560 [ 44.118146] ? do_syscall_64+0x9a/0x820 [ 44.130515] ? do_syscall_64+0x9a/0x820 [ 44.134483] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 44.139926] __x64_sys_sendmsg+0x78/0xb0 [ 44.144015] do_syscall_64+0x1b9/0x820 [ 44.147897] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 44.153252] ? syscall_return_slowpath+0x5e0/0x5e0 [ 44.158169] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.163003] ? trace_hardirqs_on_caller+0x310/0x310 [ 44.168009] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 44.173015] ? prepare_exit_to_usermode+0x291/0x3b0 [ 44.178021] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.182857] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.188071] RIP: 0033:0x4456a9 [ 44.191258] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 4b cd fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 44.210147] RSP: 002b:00007ffc7161d698 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 44.218024] RAX: ffffffffffffffda RBX: 00007ffc7161d6e0 RCX: 00000000004456a9 [ 44.225319] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 44.232577] RBP: 0000000000000004 R08: 0000000000000001 R09: 0000000000000100 [ 44.239839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 44.247134] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 [ 44.254512] [ 44.254516] ====================================================== [ 44.254519] WARNING: possible circular locking dependency detected [ 44.254521] 4.20.0-rc7+ #358 Not tainted [ 44.254525] ------------------------------------------------------ [ 44.254528] syz-executor926/6104 is trying to acquire lock: [ 44.254530] 0000000065118b5a ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 44.254538] [ 44.254541] but task is already holding lock: [ 44.254543] 00000000d78d5834 (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0x17a/0x58d [ 44.254551] [ 44.254554] which lock already depends on the new lock. [ 44.254555] [ 44.254557] [ 44.254560] the existing dependency chain (in reverse order) is: [ 44.254561] [ 44.254563] -> #3 (&obj_hash[i].lock){-.-.}: [ 44.254571] _raw_spin_lock_irqsave+0x99/0xd0 [ 44.254573] __debug_object_init+0x127/0x1290 [ 44.254576] debug_object_init+0x16/0x20 [ 44.254578] hrtimer_init+0x97/0x490 [ 44.254581] init_dl_task_timer+0x1b/0x50 [ 44.254583] __sched_fork+0x2ae/0x590 [ 44.254585] init_idle+0x75/0x6d0 [ 44.254587] sched_init+0xb33/0xc07 [ 44.254590] start_kernel+0x448/0x8fd [ 44.254592] x86_64_start_reservations+0x29/0x2b [ 44.254595] x86_64_start_kernel+0x76/0x79 [ 44.254597] secondary_startup_64+0xa4/0xb0 [ 44.254599] [ 44.254600] -> #2 (&rq->lock){-.-.}: [ 44.254608] _raw_spin_lock+0x2d/0x40 [ 44.254610] task_fork_fair+0xb0/0x6d0 [ 44.254612] sched_fork+0x443/0xba0 [ 44.254614] copy_process+0x25b8/0x8790 [ 44.254617] _do_fork+0x1cb/0x11d0 [ 44.254619] kernel_thread+0x34/0x40 [ 44.254621] rest_init+0x28/0x372 [ 44.254624] arch_call_rest_init+0xe/0x1b [ 44.254626] start_kernel+0x8c2/0x8fd [ 44.254628] x86_64_start_reservations+0x29/0x2b [ 44.254631] x86_64_start_kernel+0x76/0x79 [ 44.254633] secondary_startup_64+0xa4/0xb0 [ 44.254635] [ 44.254636] -> #1 (&p->pi_lock){-.-.}: [ 44.254644] _raw_spin_lock_irqsave+0x99/0xd0 [ 44.254647] try_to_wake_up+0xdc/0x1460 [ 44.254649] wake_up_process+0x10/0x20 [ 44.254651] __up.isra.1+0x1c0/0x2a0 [ 44.254653] up+0x13c/0x1c0 [ 44.254656] __up_console_sem+0xbe/0x1b0 [ 44.254658] console_unlock+0x811/0x1180 [ 44.254675] vprintk_emit+0x39c/0x990 [ 44.254677] vprintk_default+0x28/0x30 [ 44.254680] vprintk_func+0x7e/0x181 [ 44.254682] printk+0xa7/0xcf [ 44.254684] do_exit.cold.19+0x57/0x16f [ 44.254686] do_group_exit+0x177/0x440 [ 44.254689] __x64_sys_exit_group+0x3e/0x50 [ 44.254691] do_syscall_64+0x1b9/0x820 [ 44.254694] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.254695] [ 44.254696] -> #0 ((console_sem).lock){-...}: [ 44.254704] lock_acquire+0x1ed/0x520 [ 44.254707] _raw_spin_lock_irqsave+0x99/0xd0 [ 44.254709] down_trylock+0x13/0x70 [ 44.254712] __down_trylock_console_sem+0xae/0x200 [ 44.254714] console_trylock+0x15/0xa0 [ 44.254716] vprintk_emit+0x37d/0x990 [ 44.254719] vprintk_default+0x28/0x30 [ 44.254725] vprintk_func+0x7e/0x181 [ 44.254742] printk+0xa7/0xcf [ 44.254745] __warn_printk+0x8c/0xe0 [ 44.254747] debug_print_object+0x16a/0x210 [ 44.254750] debug_check_no_obj_freed+0x3ae/0x58d [ 44.254752] kfree+0xbd/0x230 [ 44.254755] tipc_enable_bearer+0xefa/0xf10 [ 44.254757] __tipc_nl_bearer_enable+0x37c/0x4a0 [ 44.254760] tipc_nl_bearer_enable+0x22/0x30 [ 44.254762] genl_family_rcv_msg+0x8a7/0x11a0 [ 44.254765] genl_rcv_msg+0xc6/0x168 [ 44.254767] netlink_rcv_skb+0x16c/0x430 [ 44.254769] genl_rcv+0x28/0x40 [ 44.254772] netlink_unicast+0x59f/0x750 [ 44.254774] netlink_sendmsg+0xa18/0xfc0 [ 44.254777] sock_sendmsg+0xd5/0x120 [ 44.254779] ___sys_sendmsg+0x7fd/0x930 [ 44.254781] __sys_sendmsg+0x11d/0x280 [ 44.254784] __x64_sys_sendmsg+0x78/0xb0 [ 44.254786] do_syscall_64+0x1b9/0x820 [ 44.254789] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.254790] [ 44.254793] other info that might help us debug this: [ 44.254794] [ 44.254796] Chain exists of: [ 44.254797] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 44.254807] [ 44.254810] Possible unsafe locking scenario: [ 44.254811] [ 44.254813] CPU0 CPU1 [ 44.254816] ---- ---- [ 44.254817] lock(&obj_hash[i].lock); [ 44.254823] lock(&rq->lock); [ 44.254828] lock(&obj_hash[i].lock); [ 44.254832] lock((console_sem).lock); [ 44.254837] [ 44.254839] *** DEADLOCK *** [ 44.254840] [ 44.254842] 4 locks held by syz-executor926/6104: [ 44.254844] #0: 000000008bc6bb7a (cb_lock){++++}, at: genl_rcv+0x19/0x40 [ 44.254853] #1: 000000005a3e3ae6 (genl_mutex){+.+.}, at: genl_rcv_msg+0x13a/0x168 [ 44.254862] #2: 00000000fe29ad2e (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 44.254871] #3: 00000000d78d5834 (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0x17a/0x58d [ 44.254881] [ 44.254883] stack backtrace: [ 44.254886] CPU: 1 PID: 6104 Comm: syz-executor926 Not tainted 4.20.0-rc7+ #358 [ 44.254891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.254893] Call Trace: [ 44.254895] dump_stack+0x1d3/0x2c6 [ 44.254898] ? dump_stack_print_info.cold.1+0x20/0x20 [ 44.254900] ? vprintk_func+0x85/0x181 [ 44.254903] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 44.254905] ? save_trace+0xe0/0x290 [ 44.254908] __lock_acquire+0x3360/0x4c20 [ 44.254910] ? mark_held_locks+0x130/0x130 [ 44.254912] ? mark_held_locks+0x130/0x130 [ 44.254915] ? print_usage_bug+0xc0/0xc0 [ 44.254917] ? __lock_acquire+0x62f/0x4c20 [ 44.254919] ? mark_held_locks+0xc7/0x130 [ 44.254922] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 44.254924] ? __lock_acquire+0x62f/0x4c20 [ 44.254927] ? mark_held_locks+0x130/0x130 [ 44.254929] ? trace_hardirqs_off+0x310/0x310 [ 44.254932] ? graph_lock+0x270/0x270 [ 44.254934] ? print_usage_bug+0xc0/0xc0 [ 44.254936] ? mark_held_locks+0x130/0x130 [ 44.254939] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 44.254942] lock_acquire+0x1ed/0x520 [ 44.254944] ? down_trylock+0x13/0x70 [ 44.254946] ? lock_release+0xa00/0xa00 [ 44.254949] ? trace_hardirqs_off+0xb8/0x310 [ 44.254951] ? vprintk_emit+0x1de/0x990 [ 44.254954] ? trace_hardirqs_on+0x310/0x310 [ 44.254956] ? trace_hardirqs_off+0xb8/0x310 [ 44.254959] ? log_store+0x344/0x4c0 [ 44.254961] ? vprintk_emit+0x37d/0x990 [ 44.254963] _raw_spin_lock_irqsave+0x99/0xd0 [ 44.254966] ? down_trylock+0x13/0x70 [ 44.254968] down_trylock+0x13/0x70 [ 44.254971] __down_trylock_console_sem+0xae/0x200 [ 44.254973] console_trylock+0x15/0xa0 [ 44.254975] vprintk_emit+0x37d/0x990 [ 44.254978] ? wake_up_klogd+0x180/0x180 [ 44.254980] ? tipc_mon_delete+0x428/0xfc0 [ 44.254982] ? lock_downgrade+0x900/0x900 [ 44.254985] ? check_preemption_disabled+0x48/0x280 [ 44.254988] ? rcu_read_unlock_special+0x1d0/0x1d0 [ 44.254990] ? kasan_check_read+0x11/0x20 [ 44.254993] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 44.254995] ? rcu_softirq_qs+0x20/0x20 [ 44.254998] vprintk_default+0x28/0x30 [ 44.255000] vprintk_func+0x7e/0x181 [ 44.255002] printk+0xa7/0xcf [ 44.255004] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 44.255007] ? lock_acquire+0x1ed/0x520 [ 44.255009] ? __warn_printk+0x80/0xe0 [ 44.255011] __warn_printk+0x8c/0xe0 [ 44.255013] ? test_taint+0x20/0x20 [ 44.255016] ? kasan_check_read+0x11/0x20 [ 44.255018] ? do_raw_spin_lock+0x14f/0x350 [ 44.255021] ? rwlock_bug.part.2+0x90/0x90 [ 44.255023] debug_print_object+0x16a/0x210 [ 44.255026] debug_check_no_obj_freed+0x3ae/0x58d [ 44.255028] ? free_obj_work+0xb80/0xb80 [ 44.255030] kfree+0xbd/0x230 [ 44.255032] tipc_enable_bearer+0xefa/0xf10 [ 44.255035] ? mutex_trylock+0x2b0/0x2b0 [ 44.255037] ? tipc_bearer_xmit_skb+0x350/0x350 [ 44.255039] ? nla_memcmp+0x90/0x90 [ 44.255042] ? lock_release+0xa00/0xa00 [ 44.255044] ? arch_local_save_flags+0x40/0x40 [ 44.255047] ? mark_held_locks+0x130/0x130 [ 44.255049] ? check_preemption_disabled+0x48/0x280 [ 44.255052] __tipc_nl_bearer_enable+0x37c/0x4a0 [ 44.255055] ? __tipc_nl_bearer_enable+0x37c/0x4a0 [ 44.255057] ? tipc_nl_bearer_disable+0x30/0x30 [ 44.255060] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.255063] ? __nla_parse+0x12c/0x3e0 [ 44.255065] tipc_nl_bearer_enable+0x22/0x30 [ 44.255068] genl_family_rcv_msg+0x8a7/0x11a0 [ 44.255070] ? genl_unregister_family+0x8a0/0x8a0 [ 44.255073] ? lock_downgrade+0x900/0x900 [ 44.255075] ? check_preemption_disabled+0x48/0x280 [ 44.255078] ? rcu_read_unlock_special+0x1d0/0x1d0 [ 44.255080] ? kasan_check_read+0x11/0x20 [ 44.255083] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 44.255086] ? rcu_softirq_qs+0x20/0x20 [ 44.255088] genl_rcv_msg+0xc6/0x168 [ 44.255090] netlink_rcv_skb+0x16c/0x430 [ 44.255093] ? genl_family_rcv_msg+0x11a0/0x11a0 [ 44.255095] ? netlink_ack+0xb70/0xb70 [ 44.255097] ? down_read+0x8d/0x120 [ 44.255099] genl_rcv+0x28/0x40 [ 44.255102] netlink_unicast+0x59f/0x750 [ 44.255104] ? netlink_attachskb+0x9a0/0x9a0 [ 44.255107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.255110] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 44.255112] netlink_sendmsg+0xa18/0xfc0 [ 44.255115] ? netlink_unicast+0x750/0x750 [ 44.255117] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 44.255120] ? apparmor_socket_sendmsg+0x29/0x30 [ 44.255123] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.255126] ? security_socket_sendmsg+0x94/0xc0 [ 44.255128] ? netlink_unicast+0x750/0x750 [ 44.255130] sock_sendmsg+0xd5/0x120 [ 44.255132] ___sys_sendmsg+0x7fd/0x930 [ 44.255135] ? rcu_softirq_qs+0x20/0x20 [ 44.255137] ? find_vpid+0xf0/0xf0 [ 44.255139] ? copy_msghdr_from_user+0x580/0x580 [ 44.255142] ? graph_lock+0x270/0x270 [ 44.255144] ? proc_fail_nth_write+0x9e/0x210 [ 44.255147] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.255150] ? __fget_light+0x2e9/0x430 [ 44.255152] ? fget_raw+0x20/0x20 [ 44.255154] ? find_held_lock+0x36/0x1c0 [ 44.255156] ? vfs_write+0x2f3/0x560 [ 44.255159] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 44.255162] ? sockfd_lookup_light+0xc5/0x160 [ 44.255164] __sys_sendmsg+0x11d/0x280 [ 44.255167] ? __ia32_sys_shutdown+0x80/0x80 [ 44.255169] ? __sb_end_write+0xd9/0x110 [ 44.255171] ? vfs_write+0x2ad/0x560 [ 44.255174] ? do_syscall_64+0x9a/0x820 [ 44.255176] ? do_syscall_64+0x9a/0x820 [ 44.255179] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 44.255181] __x64_sys_sendmsg+0x78/0xb0 [ 44.255184] do_syscall_64+0x1b9/0x820 [ 44.255186] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 44.255189] ? syscall_return_slowpath+0x5e0/0x5e0 [ 44.255191] ? trace_hardirqs_of [ 44.255196] Lost 14 message(s)! [ 44.256173] Kernel Offset: disabled [ 45.304316] Rebooting in 86400 seconds..