[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts.
syzkaller login: [   30.307372] IPVS: ftp: loaded support on port[0] = 21
executing program
[   30.364986] Zero length message leads to an empty skb
[   30.403723] ODEBUG: free active (active state 0) object type: rcu_head hint:           (null)
[   30.412998] ------------[ cut here ]------------
[   30.417732] WARNING: CPU: 0 PID: 0 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb
[   30.426452] Kernel panic - not syncing: panic_on_warn set ...
[   30.426452] 
[   30.433788] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.273-syzkaller #0
[   30.440857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.450183] Call Trace:
[   30.452740]  <IRQ>
[   30.454872]  dump_stack+0x1b2/0x281
[   30.458472]  panic+0x1f9/0x42d
[   30.461637]  ? add_taint.cold+0x16/0x16
[   30.465585]  ? debug_print_object.cold+0xa7/0xdb
[   30.470315]  ? debug_print_object.cold+0xa7/0xdb
[   30.475044]  __warn.cold+0x20/0x44
[   30.478557]  ? ist_end_non_atomic+0x10/0x10
[   30.482850]  ? debug_print_object.cold+0xa7/0xdb
[   30.487578]  report_bug+0x208/0x250
[   30.491182]  do_error_trap+0x195/0x2d0
[   30.495042]  ? math_error+0x2d0/0x2d0
[   30.498819]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.503637]  invalid_op+0x1b/0x40
[   30.507063] RIP: 0010:debug_print_object.cold+0xa7/0xdb
[   30.512395] RSP: 0018:ffff8880ba407d00 EFLAGS: 00010082
[   30.517731] RAX: 0000000000000051 RBX: 0000000000000003 RCX: 0000000000000000
[   30.524975] RDX: 0000000000000100 RSI: ffffffff878bc340 RDI: ffffed1017480f96
[   30.532221] RBP: ffffffff878b14c0 R08: 0000000000000051 R09: 0000000000000000
[   30.539464] R10: 0000000000000000 R11: ffffffff88e74440 R12: 0000000000000000
[   30.546702] R13: 0000000000000000 R14: ffff88809d6c5c00 R15: ffff8880a99c7f50
[   30.553972]  debug_check_no_obj_freed+0x3b7/0x680
[   30.558792]  ? debug_object_deactivate+0x1da/0x2e0
[   30.563693]  ? debug_object_activate+0x490/0x490
[   30.568420]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   30.573847]  kfree+0xb9/0x250
[   30.576928]  __tcindex_destroy+0x2e/0x70
[   30.580961]  ? __tcindex_partial_destroy+0x50/0x50
[   30.585863]  rcu_process_callbacks+0x780/0x1180
[   30.590512]  ? note_gp_changes+0x2f0/0x2f0
[   30.594720]  ? sched_clock+0x2a/0x40
[   30.598405]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   30.603830]  __do_softirq+0x24d/0x9ff
[   30.607604]  ? check_preemption_disabled+0x35/0x240
[   30.612594]  irq_exit+0x193/0x240
[   30.616020]  smp_apic_timer_interrupt+0x141/0x5e0
[   30.620838]  apic_timer_interrupt+0x93/0xa0
[   30.625127]  </IRQ>
[   30.627336] RIP: 0010:native_safe_halt+0xe/0x10
[   30.631975] RSP: 0018:ffffffff88e07e78 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10
[   30.639655] RAX: 1ffffffff11e12f4 RBX: dffffc0000000000 RCX: 0000000000000000
[   30.646896] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff88e74cc4
[   30.654158] RBP: ffffffff88f09790 R08: 0000000000000000 R09: 0000000000000000
[   30.661403] R10: 0000000000000000 R11: 0000000000000000 R12: fffffbfff11ce888
[   30.668646] R13: ffffffff88e74440 R14: 0000000000000000 R15: 0000000000000000
[   30.675911]  default_idle+0x47/0x370
[   30.679609]  do_idle+0x250/0x3c0
[   30.683562]  ? trace_event_define_fields_x86_irq_vector+0x28/0x28
[   30.689766]  cpu_startup_entry+0x14/0x20
[   30.693813]  start_kernel+0x750/0x770
[   30.697586]  ? mem_encrypt_init+0x5/0x5
[   30.701533]  ? load_ucode_bsp+0x1ae/0x1e4
[   30.705668]  secondary_startup_64+0xa5/0xb0
[   30.709964] 
[   30.709966] ======================================================
[   30.709968] WARNING: possible circular locking dependency detected
[   30.709969] 4.14.273-syzkaller #0 Not tainted
[   30.709971] ------------------------------------------------------
[   30.709972] swapper/0/0 is trying to acquire lock:
[   30.709973]  ((console_sem).lock){..-.}, at: [<ffffffff8140d88e>] down_trylock+0xe/0x60
[   30.709978] 
[   30.709979] but task is already holding lock:
[   30.709980]  (&obj_hash[i].lock){-.-.}, at: [<ffffffff831a19c5>] debug_check_no_obj_freed+0x135/0x680
[   30.709984] 
[   30.709985] which lock already depends on the new lock.
[   30.709986] 
[   30.709987] 
[   30.709988] the existing dependency chain (in reverse order) is:
[   30.709989] 
[   30.709990] -> #5 (&obj_hash[i].lock){-.-.}:
[   30.709994]        _raw_spin_lock_irqsave+0x8c/0xc0
[   30.709996]        debug_object_activate+0x10f/0x490
[   30.709997]        enqueue_hrtimer+0x22/0x3b0
[   30.709998]        hrtimer_start_range_ns+0x4a0/0x10b0
[   30.710000]        schedule_hrtimeout_range_clock+0x144/0x320
[   30.710001]        wait_task_inactive+0x469/0x520
[   30.710003]        __kthread_bind_mask+0x1f/0xb0
[   30.710004]        create_worker+0x437/0x6c0
[   30.710005]        workqueue_init+0x4ef/0x759
[   30.710007]        kernel_init_freeable+0x3ac/0x626
[   30.710008]        kernel_init+0xd/0x169
[   30.710009]        ret_from_fork+0x24/0x30
[   30.710010] 
[   30.710010] -> #4 (hrtimer_bases.lock){-.-.}:
[   30.710015]        _raw_spin_lock_irqsave+0x8c/0xc0
[   30.710016]        hrtimer_start_range_ns+0x77/0x10b0
[   30.710017]        enqueue_task_rt+0x584/0xf30
[   30.710019]        __sched_setscheduler.constprop.0+0xe73/0x2640
[   30.710020]        sched_setscheduler+0xfa/0x150
[   30.710022]        watchdog_enable+0x11b/0x170
[   30.710023]        smpboot_thread_fn+0x40d/0x920
[   30.710024]        kthread+0x30d/0x420
[   30.710025]        ret_from_fork+0x24/0x30
[   30.710026] 
[   30.710027] -> #3 (&rt_b->rt_runtime_lock){-.-.}:
[   30.710031]        _raw_spin_lock+0x2a/0x40
[   30.710032]        enqueue_task_rt+0x514/0xf30
[   30.710034]        __sched_setscheduler.constprop.0+0xe73/0x2640
[   30.710035]        sched_setscheduler+0xfa/0x150
[   30.710036]        watchdog_enable+0x11b/0x170
[   30.710038]        smpboot_thread_fn+0x40d/0x920
[   30.710039]        kthread+0x30d/0x420
[   30.710040]        ret_from_fork+0x24/0x30
[   30.710041] 
[   30.710041] -> #2 (&rq->lock){-.-.}:
[   30.710045]        _raw_spin_lock+0x2a/0x40
[   30.710047]        task_fork_fair+0x63/0x550
[   30.710048]        sched_fork+0x39a/0xb60
[   30.710049]        copy_process.part.0+0x15b2/0x71c0
[   30.710050]        _do_fork+0x184/0xc80
[   30.710052]        kernel_thread+0x2f/0x40
[   30.710053]        rest_init+0x1f/0x2a3
[   30.710054]        start_kernel+0x750/0x770
[   30.710055]        secondary_startup_64+0xa5/0xb0
[   30.710056] 
[   30.710057] -> #1 (&p->pi_lock){-.-.}:
[   30.710061]        _raw_spin_lock_irqsave+0x8c/0xc0
[   30.710062]        try_to_wake_up+0x6a/0x1100
[   30.710063]        up+0x75/0xb0
[   30.710064]        __up_console_sem+0xa9/0x1b0
[   30.710066]        console_unlock+0x531/0xf20
[   30.710067]        vt_ioctl+0x150a/0x1d50
[   30.710068]        tty_ioctl+0x50f/0x1430
[   30.710069]        do_vfs_ioctl+0x75a/0xff0
[   30.710070]        SyS_ioctl+0x7f/0xb0
[   30.710072]        do_syscall_64+0x1d5/0x640
[   30.710073]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   30.710074] 
[   30.710075] -> #0 ((console_sem).lock){..-.}:
[   30.710079]        lock_acquire+0x170/0x3f0
[   30.710080]        _raw_spin_lock_irqsave+0x8c/0xc0
[   30.710081]        down_trylock+0xe/0x60
[   30.710083]        __down_trylock_console_sem+0x97/0x1e0
[   30.710084]        vprintk_emit+0x1ee/0x620
[   30.710085]        vprintk_func+0x58/0x160
[   30.710086]        printk+0x9e/0xbc
[   30.710088]        debug_print_object.cold+0xa7/0xdb
[   30.710089]        debug_check_no_obj_freed+0x3b7/0x680
[   30.710090]        kfree+0xb9/0x250
[   30.710092]        __tcindex_destroy+0x2e/0x70
[   30.710093]        rcu_process_callbacks+0x780/0x1180
[   30.710094]        __do_softirq+0x24d/0x9ff
[   30.710095]        irq_exit+0x193/0x240
[   30.710097]        smp_apic_timer_interrupt+0x141/0x5e0
[   30.710098]        apic_timer_interrupt+0x93/0xa0
[   30.710099]        native_safe_halt+0xe/0x10
[   30.710101]        default_idle+0x47/0x370
[   30.710102]        do_idle+0x250/0x3c0
[   30.710103]        cpu_startup_entry+0x14/0x20
[   30.710104]        start_kernel+0x750/0x770
[   30.710106]        secondary_startup_64+0xa5/0xb0
[   30.710106] 
[   30.710108] other info that might help us debug this:
[   30.710108] 
[   30.710109] Chain exists of:
[   30.710110]   (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock
[   30.710115] 
[   30.710117]  Possible unsafe locking scenario:
[   30.710117] 
[   30.710118]        CPU0                    CPU1
[   30.710120]        ----                    ----
[   30.710120]   lock(&obj_hash[i].lock);
[   30.710123]                                lock(hrtimer_bases.lock);
[   30.710126]                                lock(&obj_hash[i].lock);
[   30.710129]   lock((console_sem).lock);
[   30.710131] 
[   30.710132]  *** DEADLOCK ***
[   30.710132] 
[   30.710134] 2 locks held by swapper/0/0:
[   30.710134]  #0:  (rcu_callback){....}, at: [<ffffffff8146db4e>] rcu_process_callbacks+0x84e/0x1180
[   30.710139]  #1:  (&obj_hash[i].lock){-.-.}, at: [<ffffffff831a19c5>] debug_check_no_obj_freed+0x135/0x680
[   30.710144] 
[   30.710145] stack backtrace:
[   30.710147] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.273-syzkaller #0
[   30.710149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.710150] Call Trace:
[   30.710151]  <IRQ>
[   30.710152]  dump_stack+0x1b2/0x281
[   30.710154]  print_circular_bug.constprop.0.cold+0x2d7/0x41e
[   30.710155]  __lock_acquire+0x2e0e/0x3f20
[   30.710156]  ? pointer+0x31f/0x9e0
[   30.710157]  ? trace_hardirqs_on+0x10/0x10
[   30.710159]  ? format_decode+0x1cb/0x890
[   30.710160]  ? __lock_acquire+0x2190/0x3f20
[   30.710161]  ? check_preemption_disabled+0x35/0x240
[   30.710163]  ? kvm_clock_read+0x1f/0x30
[   30.710164]  ? kvm_sched_clock_read+0x5/0x10
[   30.710165]  ? sched_clock+0x2a/0x40
[   30.710166]  ? sched_clock_cpu+0x18/0x1b0
[   30.710167]  lock_acquire+0x170/0x3f0
[   30.710169]  ? down_trylock+0xe/0x60
[   30.710170]  ? vprintk_func+0x58/0x160
[   30.710171]  _raw_spin_lock_irqsave+0x8c/0xc0
[   30.710172]  ? down_trylock+0xe/0x60
[   30.710173]  down_trylock+0xe/0x60
[   30.710175]  ? vprintk_func+0x58/0x160
[   30.710176]  ? vprintk_func+0x58/0x160
[   30.710177]  __down_trylock_console_sem+0x97/0x1e0
[   30.710178]  vprintk_emit+0x1ee/0x620
[   30.710179]  vprintk_func+0x58/0x160
[   30.710180]  printk+0x9e/0xbc
[   30.710182]  ? log_store.cold+0x16/0x16
[   30.710183]  ? lock_acquire+0x170/0x3f0
[   30.710184]  ? debug_check_no_obj_freed+0x135/0x680
[   30.710186]  debug_print_object.cold+0xa7/0xdb
[   30.710187]  debug_check_no_obj_freed+0x3b7/0x680
[   30.710188]  ? debug_object_deactivate+0x1da/0x2e0
[   30.710190]  ? debug_object_activate+0x490/0x490
[   30.710191]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   30.710192]  kfree+0xb9/0x250
[   30.710194]  __tcindex_destroy+0x2e/0x70
[   30.710195]  ? __tcindex_partial_destroy+0x50/0x50
[   30.710196]  rcu_process_callbacks+0x780/0x1180
[   30.710198]  ? note_gp_changes+0x2f0/0x2f0
[   30.710199]  ? sched_clock+0x2a/0x40
[   30.710200]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   30.710201]  __do_softirq+0x24d/0x9ff
[   30.710203]  ? check_preemption_disabled+0x35/0x240
[   30.710204]  irq_exit+0x193/0x240
[   30.710205]  smp_apic_timer_interrupt+0x141/0x5e0
[   30.710207]  apic_timer_interrupt+0x93/0xa0
[   30.710208]  </IRQ>
[   30.710209] RIP: 0010:native_safe_halt+0xe/0x10
[   30.710210] RSP: 0018:ffffffff88e07e78 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10
[   30.710214] RAX: 1ffffffff11e12f4 RBX: dffffc0000000000 RCX: 0000000000000000
[   30.710215] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff88e74cc4
[   30.710217] RBP: ffffffff88f09790 R08: 0000000000000000 R09: 0000000000000000
[   30.710219] R10: 0000000000000000 R11: 0000000000000000 R12: fffffbfff11ce888
[   30.710221] R13: ffffffff88e74440 R14: 0000000000000000 R15: 0000000000000000
[   30.710222]  default_idle+0x47/0x370
[   30.710224]  do_idle+0x250/0x3c0
[   30.710225]  ? trace_event_define_fields_x86_irq_vector+0x28/0x28
[   30.710227]  cpu_startup_entry+0x14/0x20
[   30.710228]  start_kernel+0x750/0x770
[   30.710229]  ? mem_encrypt_init+0x5/0x5
[   30.710230]  ? load_ucode_bsp+0x1ae/0x1e4
[   30.710231]  secondary_startup_64+0xa5/0xb0
[   30.710308] Kernel Offset: disabled
[   31.523026] Rebooting in 86400 seconds..