INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.365357] ODEBUG: object is on stack, but not annotated [ 25.371600] WARNING: CPU: 0 PID: 4185 at lib/debugobjects.c:328 __debug_object_init+0x60a/0x1040 [ 25.380499] Kernel panic - not syncing: panic_on_warn set ... [ 25.380499] [ 25.387843] CPU: 0 PID: 4185 Comm: syzkaller382398 Not tainted 4.16.0-rc6+ #1 [ 25.395089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.404416] Call Trace: [ 25.407011] dump_stack+0x194/0x24d [ 25.410623] ? arch_local_irq_restore+0x53/0x53 [ 25.415281] ? vsnprintf+0x1ed/0x1900 [ 25.419060] panic+0x1e4/0x41c [ 25.422232] ? refcount_error_report+0x214/0x214 [ 25.426965] ? show_regs_print_info+0x18/0x18 [ 25.431439] ? __warn+0x1c1/0x200 [ 25.434873] ? __debug_object_init+0x60a/0x1040 [ 25.439515] __warn+0x1dc/0x200 [ 25.442772] ? __debug_object_init+0x60a/0x1040 [ 25.447433] report_bug+0x1f4/0x2b0 [ 25.451035] fixup_bug.part.11+0x37/0x80 [ 25.455071] do_error_trap+0x2d7/0x3e0 [ 25.458938] ? math_error+0x400/0x400 [ 25.462721] ? find_held_lock+0x35/0x1d0 [ 25.466760] ? __debug_object_init+0x55d/0x1040 [ 25.471405] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.476220] do_invalid_op+0x1b/0x20 [ 25.479919] invalid_op+0x1b/0x40 [ 25.483347] RIP: 0010:__debug_object_init+0x60a/0x1040 [ 25.488592] RSP: 0018:ffff8801b8aff968 EFLAGS: 00010082 [ 25.493928] RAX: 000000000000002d RBX: 0000000000000001 RCX: 0000000000000000 [ 25.501175] RDX: 000000000000002d RSI: 1ffff1003715fee2 RDI: ffffed003715ff21 [ 25.508419] RBP: ffff8801b8affb40 R08: 0000000000000000 R09: 1ffff1003715fe89 [ 25.515662] R10: ffff8801b8aff820 R11: ffffffff86f39cb8 R12: ffff8801c8daa0c0 [ 25.522909] R13: ffff8801b8affca0 R14: ffff8801c0c65310 R15: ffff8801c0c65320 [ 25.530168] ? __debug_object_init+0x5cc/0x1040 [ 25.534812] ? debug_object_fixup+0x30/0x30 [ 25.539108] ? lock_downgrade+0x980/0x980 [ 25.543232] ? find_held_lock+0x35/0x1d0 [ 25.547268] ? alarmtimer_get_rtcdev+0x2c/0x40 [ 25.551826] ? lock_downgrade+0x980/0x980 [ 25.555951] debug_object_init+0x17/0x20 [ 25.559986] hrtimer_init+0x8c/0x410 [ 25.563672] ? hrtimer_init_on_stack+0x40/0x40 [ 25.568225] ? do_raw_spin_trylock+0x190/0x190 [ 25.572782] ? security_capable+0x8e/0xc0 [ 25.576906] ? ns_capable_common+0xcf/0x160 [ 25.581204] alarm_timer_nsleep+0x164/0x4d0 [ 25.585498] ? alarmtimer_do_nsleep+0x600/0x600 [ 25.590142] ? get_timespec64+0x104/0x170 [ 25.594261] ? timespec_trunc+0xe0/0xe0 [ 25.598208] ? up_read+0x1a/0x40 [ 25.601547] ? __do_page_fault+0x3d6/0xc90 [ 25.605760] SyS_clock_nanosleep+0x235/0x330 [ 25.610145] ? compat_SyS_clock_getres+0x160/0x160 [ 25.615050] ? do_syscall_64+0xb7/0x940 [ 25.618998] ? compat_SyS_clock_getres+0x160/0x160 [ 25.623898] do_syscall_64+0x281/0x940 [ 25.627756] ? __do_page_fault+0xc90/0xc90 [ 25.631963] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 25.637472] ? syscall_return_slowpath+0x550/0x550 [ 25.642375] ? syscall_return_slowpath+0x2ac/0x550 [ 25.647289] ? retint_user+0x18/0x18 [ 25.650983] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.655805] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 25.660966] RIP: 0033:0x43fc99 [ 25.664126] RSP: 002b:00007ffc5da49b88 EFLAGS: 00000207 ORIG_RAX: 00000000000000e6 [ 25.671805] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fc99 [ 25.679046] RDX: 000000002084fff0 RSI: 0000000000000000 RDI: 0000000000000009 [ 25.686285] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 25.693525] R10: 0000000020fd9000 R11: 0000000000000207 R12: 00000000004015c0 [ 25.700765] R13: 0000000000401650 R14: 0000000000000000 R15: 0000000000000000 [ 25.708019] [ 25.708020] ====================================================== [ 25.708022] WARNING: possible circular locking dependency detected [ 25.708023] 4.16.0-rc6+ #1 Not tainted [ 25.708025] ------------------------------------------------------ [ 25.708027] syzkaller382398/4185 is trying to acquire lock: [ 25.708028] ((console_sem).lock){..-.}, at: [<000000006804a99b>] down_trylock+0x13/0x70 [ 25.708033] [ 25.708034] but task is already holding lock: [ 25.708035] (&obj_hash[i].lock){-.-.}, at: [<000000004f13d83a>] __debug_object_init+0x109/0x1040 [ 25.708039] [ 25.708040] which lock already depends on the new lock. [ 25.708041] [ 25.708042] [ 25.708043] the existing dependency chain (in reverse order) is: [ 25.708044] [ 25.708045] -> #3 (&obj_hash[i].lock){-.-.}: [ 25.708049] _raw_spin_lock_irqsave+0x96/0xc0 [ 25.708051] __debug_object_init+0x109/0x1040 [ 25.708052] debug_object_init+0x17/0x20 [ 25.708053] hrtimer_init+0x8c/0x410 [ 25.708055] init_dl_task_timer+0x1b/0x50 [ 25.708056] __sched_fork+0x2bb/0xb60 [ 25.708057] init_idle+0x75/0x820 [ 25.708058] sched_init+0xb19/0xc43 [ 25.708059] start_kernel+0x452/0x819 [ 25.708061] x86_64_start_reservations+0x2a/0x2c [ 25.708062] x86_64_start_kernel+0x77/0x7a [ 25.708063] secondary_startup_64+0xa5/0xb0 [ 25.708064] [ 25.708064] -> #2 (&rq->lock){-.-.}: [ 25.708069] _raw_spin_lock+0x2a/0x40 [ 25.708070] task_fork_fair+0x7a/0x690 [ 25.708071] sched_fork+0x450/0xc10 [ 25.708072] copy_process.part.38+0x1758/0x4b60 [ 25.708073] _do_fork+0x1f7/0xf70 [ 25.708075] kernel_thread+0x34/0x40 [ 25.708076] rest_init+0x22/0xf0 [ 25.708077] start_kernel+0x7f1/0x819 [ 25.708078] x86_64_start_reservations+0x2a/0x2c [ 25.708080] x86_64_start_kernel+0x77/0x7a [ 25.708081] secondary_startup_64+0xa5/0xb0 [ 25.708082] [ 25.708082] -> #1 (&p->pi_lock){-.-.}: [ 25.708086] _raw_spin_lock_irqsave+0x96/0xc0 [ 25.708088] try_to_wake_up+0xbc/0x15f0 [ 25.708089] wake_up_process+0x10/0x20 [ 25.708090] __up.isra.0+0x1cc/0x2c0 [ 25.708091] up+0x13b/0x1d0 [ 25.708092] __up_console_sem+0xb2/0x1a0 [ 25.708093] console_unlock+0x5af/0xfb0 [ 25.708095] do_con_write+0x106e/0x1f70 [ 25.708096] con_write+0x25/0xb0 [ 25.708097] n_tty_write+0x5ef/0xec0 [ 25.708098] tty_write+0x3fa/0x840 [ 25.708099] __vfs_write+0xef/0x970 [ 25.708101] vfs_write+0x189/0x510 [ 25.708102] SyS_write+0xef/0x220 [ 25.708103] do_syscall_64+0x281/0x940 [ 25.708104] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 25.708105] [ 25.708106] -> #0 ((console_sem).lock){..-.}: [ 25.708110] lock_acquire+0x1d5/0x580 [ 25.708111] _raw_spin_lock_irqsave+0x96/0xc0 [ 25.708113] down_trylock+0x13/0x70 [ 25.708114] __down_trylock_console_sem+0xa2/0x1e0 [ 25.708115] console_trylock+0x15/0x70 [ 25.708117] vprintk_emit+0x5b5/0xb90 [ 25.708118] vprintk_default+0x28/0x30 [ 25.708119] vprintk_func+0x57/0xc0 [ 25.708120] printk+0xaa/0xca [ 25.708122] __debug_object_init+0x5cc/0x1040 [ 25.708123] debug_object_init+0x17/0x20 [ 25.708124] hrtimer_init+0x8c/0x410 [ 25.708125] alarm_timer_nsleep+0x164/0x4d0 [ 25.708127] SyS_clock_nanosleep+0x235/0x330 [ 25.708128] do_syscall_64+0x281/0x940 [ 25.708130] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 25.708130] [ 25.708132] other info that might help us debug this: [ 25.708132] [ 25.708133] Chain exists of: [ 25.708134] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 25.708139] [ 25.708141] Possible unsafe locking scenario: [ 25.708142] [ 25.708143] CPU0 CPU1 [ 25.708144] ---- ---- [ 25.708145] lock(&obj_hash[i].lock); [ 25.708148] lock(&rq->lock); [ 25.708150] lock(&obj_hash[i].lock); [ 25.708153] lock((console_sem).lock); [ 25.708155] [ 25.708156] *** DEADLOCK *** [ 25.708157] [ 25.708158] 1 lock held by syzkaller382398/4185: [ 25.708159] #0: (&obj_hash[i].lock){-.-.}, at: [<000000004f13d83a>] __debug_object_init+0x109/0x1040 [ 25.708163] [ 25.708164] stack backtrace: [ 25.708166] CPU: 0 PID: 4185 Comm: syzkaller382398 Not tainted 4.16.0-rc6+ #1 [ 25.708168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.708169] Call Trace: [ 25.708171] dump_stack+0x194/0x24d [ 25.708172] ? arch_local_irq_restore+0x53/0x53 [ 25.708173] print_circular_bug.isra.38+0x2cd/0x2dc [ 25.708174] ? save_trace+0xe0/0x2b0 [ 25.708176] __lock_acquire+0x30a8/0x3e00 [ 25.708177] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.708178] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.708180] ? pagevec_lru_move_fn+0x1ce/0x260 [ 25.708181] ? get_kernel_page+0x110/0x110 [ 25.708182] ? __lru_cache_add+0x2a6/0x410 [ 25.708183] ? print_irqtrace_events+0x270/0x270 [ 25.708185] ? __pagevec_lru_add+0x30/0x30 [ 25.708186] ? print_irqtrace_events+0x270/0x270 [ 25.708187] ? __handle_mm_fault+0x178a/0x38c0 [ 25.708189] ? handle_mm_fault+0x44a/0xb10 [ 25.708190] ? trace_hardirqs_off+0x10/0x10 [ 25.708191] ? __mem_cgroup_threshold+0x810/0x810 [ 25.708193] ? mark_held_locks+0xaf/0x100 [ 25.708194] lock_acquire+0x1d5/0x580 [ 25.708195] ? lock_acquire+0x1d5/0x580 [ 25.708196] ? down_trylock+0x13/0x70 [ 25.708197] ? lock_release+0xa40/0xa40 [ 25.708198] ? vprintk_emit+0x43b/0xb90 [ 25.708200] ? lock_downgrade+0x980/0x980 [ 25.708201] ? kvm_sched_clock_read+0x25/0x40 [ 25.708202] ? sched_clock+0x31/0x40 [ 25.708203] ? sched_clock_cpu+0x1b/0x180 [ 25.708204] ? vprintk_emit+0x5b5/0xb90 [ 25.708206] _raw_spin_lock_irqsave+0x96/0xc0 [ 25.708207] ? down_trylock+0x13/0x70 [ 25.708208] down_trylock+0x13/0x70 [ 25.708209] ? vprintk_emit+0x5b5/0xb90 [ 25.708210] __down_trylock_console_sem+0xa2/0x1e0 [ 25.708212] console_trylock+0x15/0x70 [ 25.708213] vprintk_emit+0x5b5/0xb90 [ 25.708214] ? console_unlock+0xfb0/0xfb0 [ 25.708215] ? find_held_lock+0x35/0x1d0 [ 25.708217] ? __debug_object_init+0x55d/0x1040 [ 25.708218] vprintk_default+0x28/0x30 [ 25.708219] vprintk_func+0x57/0xc0 [ 25.708220] printk+0xaa/0xca [ 25.708221] ? show_regs_print_info+0x18/0x18 [ 25.708223] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.708224] __debug_object_init+0x5cc/0x1040 [ 25.708225] ? debug_object_fixup+0x30/0x30 [ 25.708227] ? lock_downgrade+0x980/0x980 [ 25.708228] ? find_held_lock+0x35/0x1d0 [ 25.708229] ? alarmtimer_get_rtcdev+0x2c/0x40 [ 25.708230] ? lock_downgrade+0x980/0x980 [ 25.708232] debug_object_init+0x17/0x20 [ 25.708233] hrtimer_init+0x8c/0x410 [ 25.708234] ? hrtimer_init_on_stack+0x40/0x40 [ 25.708235] ? do_raw_spin_trylock+0x190/0x190 [ 25.708237] ? security_capable+0x8e/0xc0 [ 25.708238] ? ns_capable_common+0xcf/0x160 [ 25.708239] alarm_timer_nsleep+0x164/0x4d0 [ 25.708240] ? alarmtimer_do_nsleep+0x600/0x600 [ 25.708242] ? get_timespec64+0x104/0x170 [ 25.708243] ? timespec_trunc+0xe0/0xe0 [ 25.708244] ? up_read+0x1a/0x40 [ 25.708245] ? __do_page_fault+0x3d6/0xc90 [ 25.708247] SyS_clock_nanosleep+0x235/0x330 [ 25.708248] ? compat_SyS_clock_getres+0x160/0x160 [ 25.708249] ? do_syscall_64+0xb7/0x940 [ 25.708251] ? compat_SyS_clock_getres+0x160/0x160 [ 25.708252] do_syscall_64+0x281/0x940 [ 25.708253] ? __do_page_fault+0xc90/0xc90 [ 25.708254] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 25.708256] ? syscall_return_slowpath+0x550/0x550 [ 25.708257] ? syscall_return_slowpath+0x2ac/0x550 [ 25.708258] ? retint_user+0x18/0x18 [ 25.708260] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.708261] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 25.708262] RIP: 0033:0x43fc99 [ 25.708263] RSP: 002b:00007ffc5da49b88 EFLAGS: 00000207 ORIG_RAX: 00000000000000e6 [ 25.708267] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fc99 [ 25.708268] RDX: 000000002084fff0 RSI: 0000000000000000 RDI: 0000000000000009 [ 25.708270] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 25.708272] R10: 0000000020fd9000 R11: 0000000000000207 R12: 00000000004015c0 [ 25.708274] R13: 0000000000401650 R14: 0000000000000000 R15: 0000000000000000 [ 25.708678] Dumping ftrace buffer: [ 26.507511] (ftrace buffer empty) [ 26.511194] Kernel Offset: disabled [ 26.514795] Rebooting in 86400 seconds..