[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   26.772748] kauditd_printk_skb: 7 callbacks suppressed
[   26.772759] audit: type=1800 audit(1539961129.221:29): pid=5443 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   26.799631] audit: type=1800 audit(1539961129.221:30): pid=5443 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.77' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   38.546534] ODEBUG: object 00000000945e43e1 is on stack 00000000e8e95b47, but NOT annotated.
[   38.556696] WARNING: CPU: 0 PID: 5599 at lib/debugobjects.c:369 __debug_object_init.cold.14+0x51/0xdf
[   38.566219] Kernel panic - not syncing: panic_on_warn set ...
[   38.572098] CPU: 0 PID: 5599 Comm: syz-executor943 Not tainted 4.19.0-rc8-next-20181019+ #98
[   38.580662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   38.590005] Call Trace:
[   38.592586]  dump_stack+0x244/0x39d
[   38.596207]  ? dump_stack_print_info.cold.1+0x20/0x20
[   38.601400]  panic+0x2ad/0x55c
[   38.604587]  ? add_taint.cold.5+0x16/0x16
[   38.608791]  ? __warn.cold.8+0x5/0x45
[   38.612657]  ? __warn+0xe8/0x1d0
[   38.616021]  ? __debug_object_init.cold.14+0x51/0xdf
[   38.621118]  __warn.cold.8+0x20/0x45
[   38.624826]  ? __debug_object_init.cold.14+0x51/0xdf
[   38.629924]  report_bug+0x254/0x2d0
[   38.633632]  do_error_trap+0x11b/0x200
[   38.637515]  do_invalid_op+0x36/0x40
[   38.641224]  ? __debug_object_init.cold.14+0x51/0xdf
[   38.646321]  invalid_op+0x14/0x20
[   38.649771] RIP: 0010:__debug_object_init.cold.14+0x51/0xdf
[   38.655498] Code: ea 03 80 3c 02 00 75 7c 49 8b 54 24 18 48 89 de 48 c7 c7 c0 f1 40 88 4c 89 85 d0 fd ff ff e8 09 8c d1 fd 4c 8b 85 d0 fd ff ff <0f> 0b e9 09 d6 ff ff 41 83 c4 01 b8 ff ff 37 00 44 89 25 b7 4e 66
[   38.674394] RSP: 0018:ffff8801d8b57308 EFLAGS: 00010086
[   38.679787] RAX: 0000000000000050 RBX: ffff8801d8b57af8 RCX: 0000000000000000
[   38.687055] RDX: 0000000000000000 RSI: ffffffff816585a5 RDI: 0000000000000005
[   38.694331] RBP: ffff8801d8b57560 R08: ffff8801c4206978 R09: ffffed003b5c5008
[   38.701592] R10: ffffed003b5c5008 R11: ffff8801dae28047 R12: ffff8801d8b4c500
[   38.708852] R13: 00000000000cb680 R14: ffff8801d8b4c500 R15: ffff8801c4206968
[   38.716126]  ? vprintk_func+0x85/0x181
[   38.720013]  ? __debug_object_init.cold.14+0x4a/0xdf
[   38.725110]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   38.729688]  ? debug_object_free+0x690/0x690
[   38.734088]  ? unwind_get_return_address+0x61/0xa0
[   38.739136]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[   38.744237]  ? depot_save_stack+0x292/0x470
[   38.748557]  ? save_stack+0xa9/0xd0
[   38.752225]  ? save_stack+0x43/0xd0
[   38.755844]  ? kasan_kmalloc+0xc7/0xe0
[   38.759784]  ? bpf_test_init.isra.10+0x98/0x100
[   38.764445]  ? zap_class+0x640/0x640
[   38.768178]  ? do_syscall_64+0x1b9/0x820
[   38.772318]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   38.777678]  ? kasan_check_read+0x11/0x20
[   38.781880]  ? __lock_acquire+0x2aff/0x4c20
[   38.786204]  ? find_held_lock+0x36/0x1c0
[   38.790263]  debug_object_init+0x16/0x20
[   38.794319]  init_timer_key+0xa9/0x480
[   38.798206]  ? init_timer_on_stack_key+0xe0/0xe0
[   38.802959]  ? __might_fault+0x12b/0x1e0
[   38.807014]  ? __lockdep_init_map+0x105/0x590
[   38.811572]  ? __lockdep_init_map+0x105/0x590
[   38.816105]  ? lockdep_init_map+0x9/0x10
[   38.820328]  sock_init_data+0xe1/0xdc0
[   38.824209]  ? sk_stop_timer+0x50/0x50
[   38.828100]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   38.833632]  ? _copy_from_user+0xdf/0x150
[   38.837779]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   38.843312]  ? bpf_test_init.isra.10+0x70/0x100
[   38.848087]  bpf_prog_test_run_skb+0x255/0xc40
[   38.852785]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   38.858233]  ? bpf_test_finish.isra.9+0x1f0/0x1f0
[   38.863072]  ? __lock_acquire+0x62f/0x4c20
[   38.867339]  ? bpf_prog_add+0x69/0xd0
[   38.871136]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.876665]  ? __bpf_prog_get+0x9b/0x290
[   38.880728]  ? bpf_test_finish.isra.9+0x1f0/0x1f0
[   38.885564]  bpf_prog_test_run+0x130/0x1a0
[   38.889839]  __x64_sys_bpf+0x3d8/0x510
[   38.893774]  ? bpf_prog_get+0x20/0x20
[   38.897578]  do_syscall_64+0x1b9/0x820
[   38.901479]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   38.906840]  ? syscall_return_slowpath+0x5e0/0x5e0
[   38.911762]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   38.916598]  ? trace_hardirqs_on_caller+0x310/0x310
[   38.921657]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   38.926668]  ? prepare_exit_to_usermode+0x291/0x3b0
[   38.931711]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   38.936555]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   38.941738] RIP: 0033:0x440299
[   38.944925] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   38.963822] RSP: 002b:00007ffc937272b8 EFLAGS: 00000213 ORIG_RAX: 0000000000000141
[   38.971655] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440299
[   38.979043] RDX: 0000000000000028 RSI: 0000000020000100 RDI: 000000000000000a
[   38.986304] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   38.993568] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401b20
[   39.000828] R13: 0000000000401bb0 R14: 0000000000000000 R15: 0000000000000000
[   39.008096] 
[   39.008100] ======================================================
[   39.008103] WARNING: possible circular locking dependency detected
[   39.008106] 4.19.0-rc8-next-20181019+ #98 Not tainted
[   39.008109] ------------------------------------------------------
[   39.008112] syz-executor943/5599 is trying to acquire lock:
[   39.008114] 00000000322d4e98 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70
[   39.008123] 
[   39.008126] but task is already holding lock:
[   39.008127] 000000007732fbdf (&obj_hash[i].lock){-.-.}, at: __debug_object_init+0x127/0x1290
[   39.008136] 
[   39.008139] which lock already depends on the new lock.
[   39.008141] 
[   39.008142] 
[   39.008145] the existing dependency chain (in reverse order) is:
[   39.008147] 
[   39.008148] -> #3 (&obj_hash[i].lock){-.-.}:
[   39.008157]        _raw_spin_lock_irqsave+0x99/0xd0
[   39.008159]        __debug_object_init+0x127/0x1290
[   39.008162]        debug_object_init+0x16/0x20
[   39.008164]        hrtimer_init+0x97/0x490
[   39.008166]        init_dl_task_timer+0x1b/0x50
[   39.008169]        __sched_fork+0x2ae/0x590
[   39.008171]        init_idle+0x75/0x740
[   39.008173]        sched_init+0xb33/0xc02
[   39.008175]        start_kernel+0x4be/0xa2b
[   39.008178]        x86_64_start_reservations+0x2e/0x30
[   39.008181]        x86_64_start_kernel+0x76/0x79
[   39.008183]        secondary_startup_64+0xa4/0xb0
[   39.008184] 
[   39.008186] -> #2 (&rq->lock){-.-.}:
[   39.008194]        _raw_spin_lock+0x2d/0x40
[   39.008196]        task_fork_fair+0xb0/0x6d0
[   39.008198]        sched_fork+0x443/0xba0
[   39.008201]        copy_process+0x2585/0x8770
[   39.008203]        _do_fork+0x1cb/0x11c0
[   39.008205]        kernel_thread+0x34/0x40
[   39.008208]        rest_init+0x28/0x372
[   39.008210]        arch_call_rest_init+0xe/0x1b
[   39.008213]        start_kernel+0x9f0/0xa2b
[   39.008217]        x86_64_start_reservations+0x2e/0x30
[   39.008219]        x86_64_start_kernel+0x76/0x79
[   39.008222]        secondary_startup_64+0xa4/0xb0
[   39.008223] 
[   39.008224] -> #1 (&p->pi_lock){-.-.}:
[   39.008232]        _raw_spin_lock_irqsave+0x99/0xd0
[   39.008235]        try_to_wake_up+0xd2/0x12e0
[   39.008237]        wake_up_process+0x10/0x20
[   39.008239]        __up.isra.1+0x1c0/0x2a0
[   39.008241]        up+0x13c/0x1c0
[   39.008244]        __up_console_sem+0xbe/0x1b0
[   39.008246]        console_unlock+0x80c/0x1190
[   39.008248]        vprintk_emit+0x391/0x990
[   39.008251]        vprintk_default+0x28/0x30
[   39.008253]        vprintk_func+0x7e/0x181
[   39.008255]        printk+0xa7/0xcf
[   39.008257]        do_exit.cold.18+0x57/0x16f
[   39.008260]        do_group_exit+0x177/0x440
[   39.008262]        __x64_sys_exit_group+0x3e/0x50
[   39.008265]        do_syscall_64+0x1b9/0x820
[   39.008268]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.008269] 
[   39.008270] -> #0 ((console_sem).lock){-.-.}:
[   39.008278]        lock_acquire+0x1ed/0x520
[   39.008281]        _raw_spin_lock_irqsave+0x99/0xd0
[   39.008283]        down_trylock+0x13/0x70
[   39.008286]        __down_trylock_console_sem+0xae/0x1f0
[   39.008288]        console_trylock+0x15/0xa0
[   39.008291]        vprintk_emit+0x372/0x990
[   39.008293]        vprintk_default+0x28/0x30
[   39.008295]        vprintk_func+0x7e/0x181
[   39.008298]        printk+0xa7/0xcf
[   39.008301]        __debug_object_init.cold.14+0x4a/0xdf
[   39.008303]        debug_object_init+0x16/0x20
[   39.008305]        init_timer_key+0xa9/0x480
[   39.008308]        sock_init_data+0xe1/0xdc0
[   39.008310]        bpf_prog_test_run_skb+0x255/0xc40
[   39.008313]        bpf_prog_test_run+0x130/0x1a0
[   39.008315]        __x64_sys_bpf+0x3d8/0x510
[   39.008318]        do_syscall_64+0x1b9/0x820
[   39.008320]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.008322] 
[   39.008324] other info that might help us debug this:
[   39.008326] 
[   39.008327] Chain exists of:
[   39.008329]   (console_sem).lock --> &rq->lock --> &obj_hash[i].lock
[   39.008339] 
[   39.008341]  Possible unsafe locking scenario:
[   39.008342] 
[   39.008345]        CPU0                    CPU1
[   39.008347]        ----                    ----
[   39.008349]   lock(&obj_hash[i].lock);
[   39.008354]                                lock(&rq->lock);
[   39.008359]                                lock(&obj_hash[i].lock);
[   39.008364]   lock((console_sem).lock);
[   39.008368] 
[   39.008370]  *** DEADLOCK ***
[   39.008371] 
[   39.008374] 1 lock held by syz-executor943/5599:
[   39.008375]  #0: 000000007732fbdf (&obj_hash[i].lock){-.-.}, at: __debug_object_init+0x127/0x1290
[   39.008385] 
[   39.008387] stack backtrace:
[   39.008391] CPU: 0 PID: 5599 Comm: syz-executor943 Not tainted 4.19.0-rc8-next-20181019+ #98
[   39.008395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.008397] Call Trace:
[   39.008399]  dump_stack+0x244/0x39d
[   39.008402]  ? dump_stack_print_info.cold.1+0x20/0x20
[   39.008404]  ? vprintk_func+0x85/0x181
[   39.008407]  print_circular_bug.isra.35.cold.54+0x1bd/0x27d
[   39.008410]  ? save_trace+0xe0/0x290
[   39.008412]  __lock_acquire+0x3399/0x4c20
[   39.008414]  ? mark_held_locks+0x130/0x130
[   39.008416]  ? put_dec+0xf0/0xf0
[   39.008419]  ? mark_held_locks+0x130/0x130
[   39.008421]  ? kasan_check_read+0x11/0x20
[   39.008424]  ? pointer_string+0x14e/0x1b0
[   39.008426]  ? number+0xca0/0xca0
[   39.008428]  ? print_usage_bug+0xc0/0xc0
[   39.008430]  ? ptr_to_id+0xd0/0x1d0
[   39.008433]  ? dentry_name+0x8f0/0x8f0
[   39.008435]  ? print_usage_bug+0xc0/0xc0
[   39.008437]  ? zap_class+0x640/0x640
[   39.008440]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   39.008442]  lock_acquire+0x1ed/0x520
[   39.008445]  ? down_trylock+0x13/0x70
[   39.008447]  ? lock_release+0xa10/0xa10
[   39.008449]  ? trace_hardirqs_off+0xb8/0x310
[   39.008474]  ? vprintk_emit+0x1de/0x990
[   39.008476]  ? trace_hardirqs_on+0x310/0x310
[   39.008479]  ? trace_hardirqs_off+0xb8/0x310
[   39.008481]  ? log_store+0x344/0x4c0
[   39.008483]  ? vprintk_emit+0x372/0x990
[   39.008486]  _raw_spin_lock_irqsave+0x99/0xd0
[   39.008488]  ? down_trylock+0x13/0x70
[   39.008490]  down_trylock+0x13/0x70
[   39.008493]  __down_trylock_console_sem+0xae/0x1f0
[   39.008495]  console_trylock+0x15/0xa0
[   39.008497]  vprintk_emit+0x372/0x990
[   39.008500]  ? wake_up_klogd+0x180/0x180
[   39.008502]  ? zap_class+0x640/0x640
[   39.008505]  ? __bpf_trace_xdp_cpumap_enqueue+0x40/0x40
[   39.008507]  ? print_usage_bug+0xc0/0xc0
[   39.008509]  ? find_held_lock+0x36/0x1c0
[   39.008511]  vprintk_default+0x28/0x30
[   39.008514]  vprintk_func+0x7e/0x181
[   39.008516]  printk+0xa7/0xcf
[   39.008518]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   39.008521]  __debug_object_init.cold.14+0x4a/0xdf
[   39.008524]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   39.008526]  ? debug_object_free+0x690/0x690
[   39.008529]  ? unwind_get_return_address+0x61/0xa0
[   39.008532]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[   39.008534]  ? depot_save_stack+0x292/0x470
[   39.008537]  ? save_stack+0xa9/0xd0
[   39.008539]  ? save_stack+0x43/0xd0
[   39.008541]  ? kasan_kmalloc+0xc7/0xe0
[   39.008544]  ? bpf_test_init.isra.10+0x98/0x100
[   39.008546]  ? zap_class+0x640/0x640
[   39.008548]  ? do_syscall_64+0x1b9/0x820
[   39.008551]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.008554]  ? kasan_check_read+0x11/0x20
[   39.008556]  ? __lock_acquire+0x2aff/0x4c20
[   39.008558]  ? find_held_lock+0x36/0x1c0
[   39.008561]  debug_object_init+0x16/0x20
[   39.008563]  init_timer_key+0xa9/0x480
[   39.008565]  ? init_timer_on_stack_key+0xe0/0xe0
[   39.008568]  ? __might_fault+0x12b/0x1e0
[   39.008570]  ? __lockdep_init_map+0x105/0x590
[   39.008573]  ? __lockdep_init_map+0x105/0x590
[   39.008575]  ? lockdep_init_map+0x9/0x10
[   39.008577]  sock_init_data+0xe1/0xdc0
[   39.008580]  ? sk_stop_timer+0x50/0x50
[   39.008583]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   39.008585]  ? _copy_from_user+0xdf/0x150
[   39.008588]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   39.008590]  ? bpf_test_init.isra.10+0x70/0x100
[   39.008593]  bpf_prog_test_run_skb+0x255/0xc40
[   39.008596]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   39.008599]  ? bpf_test_finish.isra.9+0x1f0/0x1f0
[   39.008601]  ? __lock_acquire+0x62f/0x4c20
[   39.008603]  ? bpf_prog_add+0x69/0xd0
[   39.008606]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.008608]  ? __bpf_prog_get+0x9b/0x290
[   39.008611]  ? bpf_test_finish.isra.9+0x1f0/0x1f0
[   39.008613]  bpf_prog_test_run+0x130/0x1a0
[   39.008616]  __x64_sys_bpf+0x3d8/0x510
[   39.008618]  ? bpf_prog_get+0x20/0x20
[   39.008620]  do_syscall_64+0x1b9/0x820
[   39.008623]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   39.008626]  ? syscall_return_slowpath+0x5e0/0x5e0
[   39.008628]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.008631]  ? trace_hardirqs_on_caller+0x310/0x310
[   39.008634]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   39.008636]  ? prepare_exit_to_usermode+0x291/0x3b0
[   39.008639]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.008642]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.008644] RIP: 0033:0x440299
[   39.008652] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   39.008655] RSP: 002b:00007ffc937272b8 EFLAGS: 00000213 ORIG_RAX: 0000000000000141
[   39.008661] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440299
[   39.008664] RDX: 0000000000000028 RSI: 0000000020000100 RDI: 000000000000000a
[   39.008668] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   39.008671] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401b20
[   39.008675] R13: 0000000000401bb0 R14: 0000000000000000 R15: 0000000000000000
[   39.009741] Kernel Offset: disabled
[   39.929135] Rebooting in 86400 seconds..