INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 23.763043] ODEBUG: object is on stack, but not annotated [ 23.769296] WARNING: CPU: 1 PID: 4192 at lib/debugobjects.c:328 __debug_object_init+0x60a/0x1040 [ 23.778189] Kernel panic - not syncing: panic_on_warn set ... [ 23.778189] [ 23.785532] CPU: 1 PID: 4192 Comm: syzkaller734257 Not tainted 4.16.0-rc6+ #1 [ 23.792785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.802111] Call Trace: [ 23.804673] dump_stack+0x194/0x24d [ 23.808275] ? arch_local_irq_restore+0x53/0x53 [ 23.812920] ? vsnprintf+0x1ed/0x1900 [ 23.816700] panic+0x1e4/0x41c [ 23.819863] ? refcount_error_report+0x214/0x214 [ 23.824590] ? show_regs_print_info+0x18/0x18 [ 23.829061] ? __warn+0x1c1/0x200 [ 23.832490] ? __debug_object_init+0x60a/0x1040 [ 23.837128] __warn+0x1dc/0x200 [ 23.840393] ? __debug_object_init+0x60a/0x1040 [ 23.845037] report_bug+0x1f4/0x2b0 [ 23.848638] fixup_bug.part.11+0x37/0x80 [ 23.852672] do_error_trap+0x2d7/0x3e0 [ 23.856541] ? math_error+0x400/0x400 [ 23.860318] ? find_held_lock+0x35/0x1d0 [ 23.864355] ? __debug_object_init+0x55d/0x1040 [ 23.868995] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 23.873814] do_invalid_op+0x1b/0x20 [ 23.877498] invalid_op+0x1b/0x40 [ 23.880926] RIP: 0010:__debug_object_init+0x60a/0x1040 [ 23.886174] RSP: 0018:ffff8801c3acf968 EFLAGS: 00010082 [ 23.891519] RAX: 000000000000002d RBX: 0000000000000001 RCX: 0000000000000000 [ 23.898763] RDX: 000000000000002d RSI: 1ffff10038759ee2 RDI: ffffed0038759f21 [ 23.906022] RBP: ffff8801c3acfb40 R08: 0000000000000000 R09: 1ffff10038759e89 [ 23.913277] R10: ffff8801c3acf820 R11: ffffffff86f39cb8 R12: ffff8801c2d06080 [ 23.920519] R13: ffff8801c3acfca0 R14: ffff8801ba8a6348 R15: ffff8801ba8a6358 [ 23.927778] ? __debug_object_init+0x5cc/0x1040 [ 23.932426] ? debug_object_fixup+0x30/0x30 [ 23.936727] ? lock_downgrade+0x980/0x980 [ 23.940853] ? find_held_lock+0x35/0x1d0 [ 23.944890] ? alarmtimer_get_rtcdev+0x2c/0x40 [ 23.949444] ? lock_downgrade+0x980/0x980 [ 23.953570] debug_object_init+0x17/0x20 [ 23.957607] hrtimer_init+0x8c/0x410 [ 23.961296] ? hrtimer_init_on_stack+0x40/0x40 [ 23.965850] ? do_raw_spin_trylock+0x190/0x190 [ 23.970408] ? security_capable+0x8e/0xc0 [ 23.974539] ? ns_capable_common+0xcf/0x160 [ 23.978853] alarm_timer_nsleep+0x164/0x4d0 [ 23.983150] ? alarmtimer_do_nsleep+0x600/0x600 [ 23.987793] ? get_timespec64+0x104/0x170 [ 23.991913] ? timespec_trunc+0xe0/0xe0 [ 23.995863] ? up_read+0x1a/0x40 [ 23.999201] ? __do_page_fault+0x3d6/0xc90 [ 24.003410] SyS_clock_nanosleep+0x235/0x330 [ 24.007794] ? compat_SyS_clock_getres+0x160/0x160 [ 24.012697] ? do_syscall_64+0xb7/0x940 [ 24.016646] ? compat_SyS_clock_getres+0x160/0x160 [ 24.021551] do_syscall_64+0x281/0x940 [ 24.025410] ? __do_page_fault+0xc90/0xc90 [ 24.029615] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 24.035123] ? syscall_return_slowpath+0x550/0x550 [ 24.040029] ? syscall_return_slowpath+0x2ac/0x550 [ 24.044934] ? retint_user+0x18/0x18 [ 24.048623] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.053454] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 24.058617] RIP: 0033:0x43fc99 [ 24.061777] RSP: 002b:00007ffdfec34418 EFLAGS: 00000207 ORIG_RAX: 00000000000000e6 [ 24.069454] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fc99 [ 24.076694] RDX: 0000000020000200 RSI: 0000000000000000 RDI: 0000000000000009 [ 24.083934] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 24.091174] R10: 0000000020000240 R11: 0000000000000207 R12: 00000000004015c0 [ 24.098418] R13: 0000000000401650 R14: 0000000000000000 R15: 0000000000000000 [ 24.105682] [ 24.105684] ====================================================== [ 24.105685] WARNING: possible circular locking dependency detected [ 24.105687] 4.16.0-rc6+ #1 Not tainted [ 24.105688] ------------------------------------------------------ [ 24.105690] syzkaller734257/4192 is trying to acquire lock: [ 24.105691] ((console_sem).lock){..-.}, at: [<000000006e822a1d>] down_trylock+0x13/0x70 [ 24.105695] [ 24.105697] but task is already holding lock: [ 24.105697] (&obj_hash[i].lock){-.-.}, at: [<000000007c3b955b>] __debug_object_init+0x109/0x1040 [ 24.105701] [ 24.105703] which lock already depends on the new lock. [ 24.105703] [ 24.105704] [ 24.105706] the existing dependency chain (in reverse order) is: [ 24.105706] [ 24.105707] -> #3 (&obj_hash[i].lock){-.-.}: [ 24.105712] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.105713] __debug_object_init+0x109/0x1040 [ 24.105714] debug_object_init+0x17/0x20 [ 24.105715] hrtimer_init+0x8c/0x410 [ 24.105717] init_dl_task_timer+0x1b/0x50 [ 24.105718] __sched_fork+0x2bb/0xb60 [ 24.105719] init_idle+0x75/0x820 [ 24.105720] sched_init+0xb19/0xc43 [ 24.105721] start_kernel+0x452/0x819 [ 24.105723] x86_64_start_reservations+0x2a/0x2c [ 24.105724] x86_64_start_kernel+0x77/0x7a [ 24.105725] secondary_startup_64+0xa5/0xb0 [ 24.105726] [ 24.105727] -> #2 (&rq->lock){-.-.}: [ 24.105731] _raw_spin_lock+0x2a/0x40 [ 24.105732] task_fork_fair+0x7a/0x690 [ 24.105733] sched_fork+0x450/0xc10 [ 24.105734] copy_process.part.38+0x1758/0x4b60 [ 24.105735] _do_fork+0x1f7/0xf70 [ 24.105736] kernel_thread+0x34/0x40 [ 24.105738] rest_init+0x22/0xf0 [ 24.105739] start_kernel+0x7f1/0x819 [ 24.105740] x86_64_start_reservations+0x2a/0x2c [ 24.105741] x86_64_start_kernel+0x77/0x7a [ 24.105743] secondary_startup_64+0xa5/0xb0 [ 24.105743] [ 24.105744] -> #1 (&p->pi_lock){-.-.}: [ 24.105748] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.105749] try_to_wake_up+0xbc/0x15f0 [ 24.105750] wake_up_process+0x10/0x20 [ 24.105752] __up.isra.0+0x1cc/0x2c0 [ 24.105753] up+0x13b/0x1d0 [ 24.105754] __up_console_sem+0xb2/0x1a0 [ 24.105755] console_unlock+0x5af/0xfb0 [ 24.105756] do_con_write+0x106e/0x1f70 [ 24.105758] con_write+0x25/0xb0 [ 24.105759] n_tty_write+0x5ef/0xec0 [ 24.105760] tty_write+0x3fa/0x840 [ 24.105761] __vfs_write+0xef/0x970 [ 24.105762] vfs_write+0x189/0x510 [ 24.105763] SyS_write+0xef/0x220 [ 24.105765] do_syscall_64+0x281/0x940 [ 24.105766] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 24.105767] [ 24.105768] -> #0 ((console_sem).lock){..-.}: [ 24.105772] lock_acquire+0x1d5/0x580 [ 24.105773] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.105774] down_trylock+0x13/0x70 [ 24.105776] __down_trylock_console_sem+0xa2/0x1e0 [ 24.105777] console_trylock+0x15/0x70 [ 24.105778] vprintk_emit+0x5b5/0xb90 [ 24.105779] vprintk_default+0x28/0x30 [ 24.105781] vprintk_func+0x57/0xc0 [ 24.105782] printk+0xaa/0xca [ 24.105783] __debug_object_init+0x5cc/0x1040 [ 24.105784] debug_object_init+0x17/0x20 [ 24.105786] hrtimer_init+0x8c/0x410 [ 24.105787] alarm_timer_nsleep+0x164/0x4d0 [ 24.105788] SyS_clock_nanosleep+0x235/0x330 [ 24.105790] do_syscall_64+0x281/0x940 [ 24.105791] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 24.105792] [ 24.105793] other info that might help us debug this: [ 24.105794] [ 24.105795] Chain exists of: [ 24.105795] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 24.105800] [ 24.105802] Possible unsafe locking scenario: [ 24.105802] [ 24.105804] CPU0 CPU1 [ 24.105805] ---- ---- [ 24.105806] lock(&obj_hash[i].lock); [ 24.105808] lock(&rq->lock); [ 24.105811] lock(&obj_hash[i].lock); [ 24.105814] lock((console_sem).lock); [ 24.105816] [ 24.105817] *** DEADLOCK *** [ 24.105818] [ 24.105819] 1 lock held by syzkaller734257/4192: [ 24.105819] #0: (&obj_hash[i].lock){-.-.}, at: [<000000007c3b955b>] __debug_object_init+0x109/0x1040 [ 24.105824] [ 24.105825] stack backtrace: [ 24.105827] CPU: 1 PID: 4192 Comm: syzkaller734257 Not tainted 4.16.0-rc6+ #1 [ 24.105829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.105830] Call Trace: [ 24.105831] dump_stack+0x194/0x24d [ 24.105833] ? arch_local_irq_restore+0x53/0x53 [ 24.105834] print_circular_bug.isra.38+0x2cd/0x2dc [ 24.105835] ? save_trace+0xe0/0x2b0 [ 24.105836] __lock_acquire+0x30a8/0x3e00 [ 24.105838] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.105839] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.105841] ? pagevec_lru_move_fn+0x1ce/0x260 [ 24.105842] ? get_kernel_page+0x110/0x110 [ 24.105843] ? __lru_cache_add+0x2a6/0x410 [ 24.105844] ? print_irqtrace_events+0x270/0x270 [ 24.105846] ? __pagevec_lru_add+0x30/0x30 [ 24.105847] ? print_irqtrace_events+0x270/0x270 [ 24.105849] ? __handle_mm_fault+0x178a/0x38c0 [ 24.105850] ? handle_mm_fault+0x44a/0xb10 [ 24.105851] ? trace_hardirqs_off+0x10/0x10 [ 24.105852] ? __mem_cgroup_threshold+0x810/0x810 [ 24.105854] ? mark_held_locks+0xaf/0x100 [ 24.105855] lock_acquire+0x1d5/0x580 [ 24.105856] ? lock_acquire+0x1d5/0x580 [ 24.105857] ? down_trylock+0x13/0x70 [ 24.105858] ? lock_release+0xa40/0xa40 [ 24.105859] ? vprintk_emit+0x43b/0xb90 [ 24.105860] ? lock_downgrade+0x980/0x980 [ 24.105862] ? kvm_sched_clock_read+0x25/0x40 [ 24.105863] ? sched_clock+0x31/0x40 [ 24.105864] ? sched_clock_cpu+0x1b/0x180 [ 24.105865] ? vprintk_emit+0x5b5/0xb90 [ 24.105866] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.105868] ? down_trylock+0x13/0x70 [ 24.105869] down_trylock+0x13/0x70 [ 24.105870] ? vprintk_emit+0x5b5/0xb90 [ 24.105871] __down_trylock_console_sem+0xa2/0x1e0 [ 24.105872] console_trylock+0x15/0x70 [ 24.105873] vprintk_emit+0x5b5/0xb90 [ 24.105875] ? console_unlock+0xfb0/0xfb0 [ 24.105876] ? find_held_lock+0x35/0x1d0 [ 24.105877] ? __debug_object_init+0x55d/0x1040 [ 24.105878] vprintk_default+0x28/0x30 [ 24.105880] vprintk_func+0x57/0xc0 [ 24.105881] printk+0xaa/0xca [ 24.105882] ? show_regs_print_info+0x18/0x18 [ 24.105883] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.105885] __debug_object_init+0x5cc/0x1040 [ 24.105886] ? debug_object_fixup+0x30/0x30 [ 24.105887] ? lock_downgrade+0x980/0x980 [ 24.105888] ? find_held_lock+0x35/0x1d0 [ 24.105890] ? alarmtimer_get_rtcdev+0x2c/0x40 [ 24.105891] ? lock_downgrade+0x980/0x980 [ 24.105892] debug_object_init+0x17/0x20 [ 24.105893] hrtimer_init+0x8c/0x410 [ 24.105895] ? hrtimer_init_on_stack+0x40/0x40 [ 24.105896] ? do_raw_spin_trylock+0x190/0x190 [ 24.105897] ? security_capable+0x8e/0xc0 [ 24.105898] ? ns_capable_common+0xcf/0x160 [ 24.105900] alarm_timer_nsleep+0x164/0x4d0 [ 24.105901] ? alarmtimer_do_nsleep+0x600/0x600 [ 24.105902] ? get_timespec64+0x104/0x170 [ 24.105903] ? timespec_trunc+0xe0/0xe0 [ 24.105904] ? up_read+0x1a/0x40 [ 24.105906] ? __do_page_fault+0x3d6/0xc90 [ 24.105907] SyS_clock_nanosleep+0x235/0x330 [ 24.105908] ? compat_SyS_clock_getres+0x160/0x160 [ 24.105909] ? do_syscall_64+0xb7/0x940 [ 24.105911] ? compat_SyS_clock_getres+0x160/0x160 [ 24.105912] do_syscall_64+0x281/0x940 [ 24.105913] ? __do_page_fault+0xc90/0xc90 [ 24.105915] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 24.105916] ? syscall_return_slowpath+0x550/0x550 [ 24.105917] ? syscall_return_slowpath+0x2ac/0x550 [ 24.105918] ? retint_user+0x18/0x18 [ 24.105920] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.105921] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 24.105922] RIP: 0033:0x43fc99 [ 24.105924] RSP: 002b:00007ffdfec34418 EFLAGS: 00000207 ORIG_RAX: 00000000000000e6 [ 24.105927] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fc99 [ 24.105929] RDX: 0000000020000200 RSI: 0000000000000000 RDI: 0000000000000009 [ 24.105930] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 24.105932] R10: 0000000020000240 R11: 0000000000000207 R12: 00000000004015c0 [ 24.105934] R13: 0000000000401650 R14: 0000000000000000 R15: 0000000000000000 [ 24.106468] Dumping ftrace buffer: [ 24.904829] (ftrace buffer empty) [ 24.908514] Kernel Offset: disabled [ 24.912115] Rebooting in 86400 seconds..