[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.165' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.258478] sp0: Synchronizing with TNC [ 27.324479] ODEBUG: free active (active state 0) object type: timer_list hint: resync_tnc+0x0/0x3c0 [ 27.334423] ------------[ cut here ]------------ [ 27.339159] WARNING: CPU: 1 PID: 7970 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb [ 27.348180] Kernel panic - not syncing: panic_on_warn set ... [ 27.348180] [ 27.355520] CPU: 1 PID: 7970 Comm: syz-executor412 Not tainted 4.14.277-syzkaller #0 [ 27.363379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.372705] Call Trace: [ 27.375300] dump_stack+0x1b2/0x281 [ 27.378899] panic+0x1f9/0x42d [ 27.382065] ? add_taint.cold+0x16/0x16 [ 27.386015] ? debug_print_object.cold+0xa7/0xdb [ 27.390749] ? debug_print_object.cold+0xa7/0xdb [ 27.395481] __warn.cold+0x20/0x44 [ 27.398998] ? ist_end_non_atomic+0x10/0x10 [ 27.403302] ? debug_print_object.cold+0xa7/0xdb [ 27.408133] report_bug+0x208/0x250 [ 27.411752] do_error_trap+0x195/0x2d0 [ 27.415626] ? math_error+0x2d0/0x2d0 [ 27.419413] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.424237] invalid_op+0x1b/0x40 [ 27.427671] RIP: 0010:debug_print_object.cold+0xa7/0xdb [ 27.433008] RSP: 0018:ffff8880b3a578d0 EFLAGS: 00010082 [ 27.438346] RAX: 0000000000000057 RBX: 0000000000000003 RCX: 0000000000000000 [ 27.445594] RDX: 0000000000000000 RSI: ffffffff878bc600 RDI: ffffed101674af10 [ 27.452837] RBP: ffffffff878b78c0 R08: 0000000000000057 R09: 0000000000000000 [ 27.460083] R10: 0000000000000000 R11: ffff8880b527a0c0 R12: ffffffff83f92780 [ 27.467327] R13: 0000000000000000 R14: ffff8880b374cd40 R15: ffff8880b53ae5b0 [ 27.474591] ? encode_sixpack+0x640/0x640 [ 27.478717] debug_check_no_obj_freed+0x3b7/0x680 [ 27.483538] ? debug_object_activate+0x490/0x490 [ 27.488268] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 27.493693] kfree+0xb9/0x250 [ 27.496774] ? xps_cpus_show+0x620/0x620 [ 27.500810] kvfree+0x45/0x50 [ 27.503888] device_release+0x15f/0x1a0 [ 27.507836] ? dev_attr_show+0xc0/0xc0 [ 27.511705] kobject_put+0x251/0x550 [ 27.515402] netdev_run_todo+0x747/0xad0 [ 27.519439] ? rollback_registered_many+0xbb0/0xbb0 [ 27.524430] ? dev_set_mtu+0x3c0/0x3c0 [ 27.528295] ? unregister_netdevice_queue+0x250/0x360 [ 27.533463] sixpack_close+0xd3/0x180 [ 27.537244] ? sixpack_compat_ioctl+0x60/0x60 [ 27.541714] tty_ldisc_close+0x8c/0xc0 [ 27.545575] tty_ldisc_hangup+0x269/0x6c0 [ 27.549700] ? do_tty_hangup+0x30/0x30 [ 27.553563] __tty_hangup.part.0+0x31a/0x730 [ 27.557949] ? do_tty_hangup+0x30/0x30 [ 27.561815] tty_vhangup+0x1d/0x30 [ 27.565327] pty_close+0x35f/0x4b0 [ 27.568840] ? pty_cleanup+0x40/0x40 [ 27.572531] tty_release+0x40b/0x10d0 [ 27.576309] ? ima_file_free+0x4f/0x330 [ 27.580258] ? do_tty_hangup+0x30/0x30 [ 27.584125] __fput+0x25f/0x7a0 [ 27.587385] task_work_run+0x11f/0x190 [ 27.591250] do_exit+0xa44/0x2850 [ 27.594679] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 27.600131] ? ioctl_preallocate+0x1a0/0x1a0 [ 27.604515] ? kmem_cache_free+0x23a/0x2b0 [ 27.608725] ? mm_update_next_owner+0x5b0/0x5b0 [ 27.613374] ? putname+0xcd/0x110 [ 27.616807] ? do_sys_open+0x208/0x410 [ 27.620757] ? filp_open+0x60/0x60 [ 27.624275] do_group_exit+0x100/0x2e0 [ 27.628137] SyS_exit_group+0x19/0x20 [ 27.631912] ? do_group_exit+0x2e0/0x2e0 [ 27.635956] do_syscall_64+0x1d5/0x640 [ 27.639824] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.644990] RIP: 0033:0x7f61f41cb049 [ 27.648674] RSP: 002b:00007ffcbc66e108 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 27.656357] RAX: ffffffffffffffda RBX: 00007f61f423f330 RCX: 00007f61f41cb049 [ 27.663602] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 27.670849] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 000000000000000d [ 27.678093] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61f423f330 [ 27.685337] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 27.692588] [ 27.692590] ====================================================== [ 27.692592] WARNING: possible circular locking dependency detected [ 27.692593] 4.14.277-syzkaller #0 Not tainted [ 27.692595] ------------------------------------------------------ [ 27.692597] syz-executor412/7970 is trying to acquire lock: [ 27.692598] ((console_sem).lock){....}, at: [] down_trylock+0xe/0x60 [ 27.692602] [ 27.692603] but task is already holding lock: [ 27.692604] (&obj_hash[i].lock){-.-.}, at: [] debug_check_no_obj_freed+0x135/0x680 [ 27.692608] [ 27.692609] which lock already depends on the new lock. [ 27.692610] [ 27.692611] [ 27.692612] the existing dependency chain (in reverse order) is: [ 27.692613] [ 27.692614] -> #5 (&obj_hash[i].lock){-.-.}: [ 27.692618] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.692619] debug_object_activate+0x10f/0x490 [ 27.692620] enqueue_hrtimer+0x22/0x3b0 [ 27.692622] hrtimer_start_range_ns+0x4a0/0x10b0 [ 27.692623] schedule_hrtimeout_range_clock+0x144/0x320 [ 27.692625] wait_task_inactive+0x469/0x520 [ 27.692626] __kthread_bind_mask+0x1f/0xb0 [ 27.692627] create_worker+0x437/0x6c0 [ 27.692628] workqueue_init+0x4ef/0x759 [ 27.692630] kernel_init_freeable+0x3ac/0x626 [ 27.692631] kernel_init+0xd/0x162 [ 27.692632] ret_from_fork+0x24/0x30 [ 27.692633] [ 27.692633] -> #4 (hrtimer_bases.lock){-.-.}: [ 27.692638] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.692639] hrtimer_start_range_ns+0x77/0x10b0 [ 27.692640] enqueue_task_rt+0x584/0xf30 [ 27.692642] __sched_setscheduler.constprop.0+0xe73/0x2640 [ 27.692643] sched_setscheduler+0xfa/0x150 [ 27.692644] watchdog_enable+0x11b/0x170 [ 27.692645] smpboot_thread_fn+0x40d/0x920 [ 27.692646] kthread+0x30d/0x420 [ 27.692647] ret_from_fork+0x24/0x30 [ 27.692648] [ 27.692649] -> #3 (&rt_b->rt_runtime_lock){-...}: [ 27.692653] _raw_spin_lock+0x2a/0x40 [ 27.692654] enqueue_task_rt+0x514/0xf30 [ 27.692656] __sched_setscheduler.constprop.0+0xe73/0x2640 [ 27.692657] sched_setscheduler+0xfa/0x150 [ 27.692658] watchdog_enable+0x11b/0x170 [ 27.692659] smpboot_thread_fn+0x40d/0x920 [ 27.692661] kthread+0x30d/0x420 [ 27.692662] ret_from_fork+0x24/0x30 [ 27.692662] [ 27.692663] -> #2 (&rq->lock){-.-.}: [ 27.692667] _raw_spin_lock+0x2a/0x40 [ 27.692668] task_fork_fair+0x63/0x550 [ 27.692669] sched_fork+0x39a/0xb60 [ 27.692671] copy_process.part.0+0x15b2/0x71c0 [ 27.692672] _do_fork+0x184/0xc80 [ 27.692673] kernel_thread+0x2f/0x40 [ 27.692674] rest_init+0x1f/0x2a3 [ 27.692675] start_kernel+0x750/0x770 [ 27.692677] secondary_startup_64+0xa5/0xb0 [ 27.692677] [ 27.692678] -> #1 (&p->pi_lock){-.-.}: [ 27.692682] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.692683] try_to_wake_up+0x6a/0x1100 [ 27.692684] up+0x75/0xb0 [ 27.692685] __up_console_sem+0xa9/0x1b0 [ 27.692687] console_unlock+0x531/0xf20 [ 27.692688] vt_ioctl+0x150a/0x1d50 [ 27.692689] tty_ioctl+0x50f/0x1430 [ 27.692690] do_vfs_ioctl+0x75a/0xff0 [ 27.692691] SyS_ioctl+0x7f/0xb0 [ 27.692692] do_syscall_64+0x1d5/0x640 [ 27.692694] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.692695] [ 27.692695] -> #0 ((console_sem).lock){....}: [ 27.692699] lock_acquire+0x170/0x3f0 [ 27.692701] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.692702] down_trylock+0xe/0x60 [ 27.692703] __down_trylock_console_sem+0x97/0x1e0 [ 27.692704] vprintk_emit+0x1ee/0x620 [ 27.692706] vprintk_func+0x58/0x160 [ 27.692707] printk+0x9e/0xbc [ 27.692708] debug_print_object.cold+0xa7/0xdb [ 27.692709] debug_check_no_obj_freed+0x3b7/0x680 [ 27.692710] kfree+0xb9/0x250 [ 27.692712] kvfree+0x45/0x50 [ 27.692713] device_release+0x15f/0x1a0 [ 27.692714] kobject_put+0x251/0x550 [ 27.692716] netdev_run_todo+0x747/0xad0 [ 27.692717] sixpack_close+0xd3/0x180 [ 27.692718] tty_ldisc_close+0x8c/0xc0 [ 27.692719] tty_ldisc_hangup+0x269/0x6c0 [ 27.692720] __tty_hangup.part.0+0x31a/0x730 [ 27.692722] tty_vhangup+0x1d/0x30 [ 27.692723] pty_close+0x35f/0x4b0 [ 27.692724] tty_release+0x40b/0x10d0 [ 27.692725] __fput+0x25f/0x7a0 [ 27.692726] task_work_run+0x11f/0x190 [ 27.692727] do_exit+0xa44/0x2850 [ 27.692729] do_group_exit+0x100/0x2e0 [ 27.692730] SyS_exit_group+0x19/0x20 [ 27.692731] do_syscall_64+0x1d5/0x640 [ 27.692732] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.692733] [ 27.692735] other info that might help us debug this: [ 27.692735] [ 27.692736] Chain exists of: [ 27.692737] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 27.692742] [ 27.692743] Possible unsafe locking scenario: [ 27.692744] [ 27.692745] CPU0 CPU1 [ 27.692746] ---- ---- [ 27.692747] lock(&obj_hash[i].lock); [ 27.692750] lock(hrtimer_bases.lock); [ 27.692753] lock(&obj_hash[i].lock); [ 27.692755] lock((console_sem).lock); [ 27.692757] [ 27.692758] *** DEADLOCK *** [ 27.692759] [ 27.692760] 4 locks held by syz-executor412/7970: [ 27.692761] #0: (&tty->legacy_mutex){+.+.}, at: [] tty_lock+0x5f/0x70 [ 27.692765] #1: (&tty->legacy_mutex/1){+.+.}, at: [] tty_lock+0x5f/0x70 [ 27.692770] #2: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_lock+0x4d/0x80 [ 27.692774] #3: (&obj_hash[i].lock){-.-.}, at: [] debug_check_no_obj_freed+0x135/0x680 [ 27.692779] [ 27.692780] stack backtrace: [ 27.692782] CPU: 1 PID: 7970 Comm: syz-executor412 Not tainted 4.14.277-syzkaller #0 [ 27.692784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.692785] Call Trace: [ 27.692786] dump_stack+0x1b2/0x281 [ 27.692788] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 27.692789] __lock_acquire+0x2e0e/0x3f20 [ 27.692790] ? pointer+0x31f/0x9e0 [ 27.692791] ? trace_hardirqs_on+0x10/0x10 [ 27.692793] ? format_decode+0x1cb/0x890 [ 27.692794] ? is_bpf_text_address+0xb8/0x150 [ 27.692795] ? check_preemption_disabled+0x35/0x240 [ 27.692796] ? kvm_clock_read+0x1f/0x30 [ 27.692798] ? kvm_sched_clock_read+0x5/0x10 [ 27.692799] ? sched_clock+0x2a/0x40 [ 27.692800] ? sched_clock_cpu+0x18/0x1b0 [ 27.692801] lock_acquire+0x170/0x3f0 [ 27.692802] ? down_trylock+0xe/0x60 [ 27.692803] ? vprintk_func+0x58/0x160 [ 27.692805] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.692806] ? down_trylock+0xe/0x60 [ 27.692807] down_trylock+0xe/0x60 [ 27.692808] ? vprintk_func+0x58/0x160 [ 27.692809] ? vprintk_func+0x58/0x160 [ 27.692810] __down_trylock_console_sem+0x97/0x1e0 [ 27.692811] vprintk_emit+0x1ee/0x620 [ 27.692813] vprintk_func+0x58/0x160 [ 27.692814] printk+0x9e/0xbc [ 27.692815] ? log_store.cold+0x16/0x16 [ 27.692816] ? lock_acquire+0x170/0x3f0 [ 27.692817] ? debug_check_no_obj_freed+0x135/0x680 [ 27.692818] ? encode_sixpack+0x640/0x640 [ 27.692820] ? encode_sixpack+0x640/0x640 [ 27.692821] debug_print_object.cold+0xa7/0xdb [ 27.692822] debug_check_no_obj_freed+0x3b7/0x680 [ 27.692823] ? debug_object_activate+0x490/0x490 [ 27.692825] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 27.692826] kfree+0xb9/0x250 [ 27.692827] ? xps_cpus_show+0x620/0x620 [ 27.692828] kvfree+0x45/0x50 [ 27.692829] device_release+0x15f/0x1a0 [ 27.692830] ? dev_attr_show+0xc0/0xc0 [ 27.692831] kobject_put+0x251/0x550 [ 27.692833] netdev_run_todo+0x747/0xad0 [ 27.692834] ? rollback_registered_many+0xbb0/0xbb0 [ 27.692835] ? dev_set_mtu+0x3c0/0x3c0 [ 27.692837] ? unregister_netdevice_queue+0x250/0x360 [ 27.692838] sixpack_close+0xd3/0x180 [ 27.692839] ? sixpack_compat_ioctl+0x60/0x60 [ 27.692840] tty_ldisc_close+0x8c/0xc0 [ 27.692841] tty_ldisc_hangup+0x269/0x6c0 [ 27.692842] ? do_tty_hangup+0x30/0x30 [ 27.692844] __tty_hangup.part.0+0x31a/0x730 [ 27.692845] ? do_tty_hangup+0x30/0x30 [ 27.692846] tty_vhangup+0x1d/0x30 [ 27.692847] pty_close+0x35f/0x4b0 [ 27.692848] ? pty_cleanup+0x40/0x40 [ 27.692849] tty_release+0x40b/0x10d0 [ 27.692850] ? ima_file_free+0x4f/0x330 [ 27.692852] ? do_tty_hangup+0x30/0x30 [ 27.692853] __fput+0x25f/0x7a0 [ 27.692854] task_work_run+0x11f/0x190 [ 27.692855] do_exit+0xa44/0x2850 [ 27.692856] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 27.692857] ? ioctl_preallocate+0x1a0/0x1a0 [ 27.692859] ? kmem_cache_free+0x23a/0x2b0 [ 27.692860] ? mm_update_next_owner+0x5b0/0x5b0 [ 27.692861] ? putname+0xcd/0x110 [ 27.692862] ? do_sys_open+0x208/0x410 [ 27.692863] ? filp_open+0x60/0x60 [ 27.692864] do_group_exit+0x100/0x2e0 [ 27.692866] SyS_exit_group+0x19/0x20 [ 27.692867] ? do_group_exit+0x2e0/0x2e0 [ 27.692868] do_syscall_64+0x1d5/0x640 [ 27.692869] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.692870] RIP: 0033:0x7f61f41cb049 [ 27.692872] RSP: 002b:00007ffcbc66e108 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 27.692875] RAX: ffffffffffffffda RBX: 00007f61f423f330 RCX: 00007f61f41cb049 [ 27.692877] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 27.692878] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 000000000000000d [ 27.692880] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61f423f330 [ 27.692882] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 27.693069] Kernel Offset: disabled [ 28.614055] Rebooting in 86400 seconds..