Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.180' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program syzkaller login: [ 27.709026] ODEBUG: free active (active state 0) object type: rcu_head hint: (null) [ 27.718505] ------------[ cut here ]------------ [ 27.723246] WARNING: CPU: 1 PID: 18 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb [ 27.732428] Kernel panic - not syncing: panic_on_warn set ... [ 27.732428] [ 27.739780] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.14.288-syzkaller #0 [ 27.747119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 27.756456] Call Trace: [ 27.759040] dump_stack+0x1b2/0x281 [ 27.762647] panic+0x1f9/0x42d [ 27.765814] ? add_taint.cold+0x16/0x16 [ 27.769768] ? debug_print_object.cold+0xa7/0xdb [ 27.774497] ? debug_print_object.cold+0xa7/0xdb [ 27.779241] __warn.cold+0x20/0x44 [ 27.782761] ? ist_end_non_atomic+0x10/0x10 [ 27.787064] ? debug_print_object.cold+0xa7/0xdb [ 27.791799] report_bug+0x208/0x250 [ 27.795405] do_error_trap+0x195/0x2d0 [ 27.799281] ? math_error+0x2d0/0x2d0 [ 27.803078] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.807896] invalid_op+0x1b/0x40 [ 27.811325] RIP: 0010:debug_print_object.cold+0xa7/0xdb [ 27.816657] RSP: 0018:ffff8880b54b7bc0 EFLAGS: 00010086 [ 27.821993] RAX: 0000000000000051 RBX: 0000000000000003 RCX: 0000000000000000 [ 27.829235] RDX: 0000000000000100 RSI: ffffffff878bc880 RDI: ffffed1016a96f6e [ 27.836479] RBP: ffffffff878b1a00 R08: 0000000000000051 R09: 0000000000000000 [ 27.843720] R10: 0000000000000000 R11: ffff8880b54a64c0 R12: 0000000000000000 [ 27.850963] R13: 0000000000000000 R14: ffff88808d300100 R15: ffff8880b52bbb28 [ 27.858217] debug_check_no_obj_freed+0x3b7/0x680 [ 27.863052] ? debug_object_deactivate+0x1da/0x2e0 [ 27.867965] ? debug_object_activate+0x490/0x490 [ 27.872703] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 27.878133] kfree+0xb9/0x250 [ 27.881213] __tcindex_destroy+0x2e/0x70 [ 27.885251] ? __tcindex_partial_destroy+0x50/0x50 [ 27.890151] rcu_process_callbacks+0x780/0x1180 [ 27.894797] ? note_gp_changes+0x2f0/0x2f0 [ 27.899005] ? sched_clock+0x2a/0x40 [ 27.902693] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 27.908117] __do_softirq+0x24d/0x9ff [ 27.911895] ? __local_bh_enable_ip+0x170/0x170 [ 27.916535] run_ksoftirqd+0x50/0x1a0 [ 27.920318] smpboot_thread_fn+0x5c1/0x920 [ 27.924537] ? sort_range+0x30/0x30 [ 27.928134] ? sort_range+0x30/0x30 [ 27.931746] kthread+0x30d/0x420 [ 27.935085] ? kthread_create_on_node+0xd0/0xd0 [ 27.939728] ret_from_fork+0x24/0x30 [ 27.943419] [ 27.943421] ====================================================== [ 27.943423] WARNING: possible circular locking dependency detected [ 27.943424] 4.14.288-syzkaller #0 Not tainted [ 27.943426] ------------------------------------------------------ [ 27.943427] ksoftirqd/1/18 is trying to acquire lock: [ 27.943428] ((console_sem).lock){..-.}, at: [] down_trylock+0xe/0x60 [ 27.943432] [ 27.943433] but task is already holding lock: [ 27.943434] (&obj_hash[i].lock){-.-.}, at: [] debug_check_no_obj_freed+0x135/0x680 [ 27.943438] [ 27.943439] which lock already depends on the new lock. [ 27.943440] [ 27.943441] [ 27.943442] the existing dependency chain (in reverse order) is: [ 27.943443] [ 27.943444] -> #5 (&obj_hash[i].lock){-.-.}: [ 27.943448] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.943449] debug_object_activate+0x10f/0x490 [ 27.943450] enqueue_hrtimer+0x22/0x3b0 [ 27.943452] hrtimer_start_range_ns+0x4a0/0x10b0 [ 27.943453] schedule_hrtimeout_range_clock+0x144/0x320 [ 27.943455] wait_task_inactive+0x469/0x520 [ 27.943456] __kthread_bind_mask+0x1f/0xb0 [ 27.943457] create_worker+0x437/0x6c0 [ 27.943458] workqueue_init+0x4ef/0x756 [ 27.943460] kernel_init_freeable+0x3ac/0x626 [ 27.943461] kernel_init+0xd/0x15d [ 27.943462] ret_from_fork+0x24/0x30 [ 27.943462] [ 27.943463] -> #4 (hrtimer_bases.lock){-.-.}: [ 27.943467] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.943469] hrtimer_start_range_ns+0x77/0x10b0 [ 27.943470] enqueue_task_rt+0x584/0xf30 [ 27.943471] __sched_setscheduler.constprop.0+0xe73/0x2640 [ 27.943473] sched_setscheduler+0xfa/0x150 [ 27.943474] watchdog_enable+0x11b/0x170 [ 27.943475] smpboot_thread_fn+0x40d/0x920 [ 27.943476] kthread+0x30d/0x420 [ 27.943477] ret_from_fork+0x24/0x30 [ 27.943478] [ 27.943479] -> #3 (&rt_b->rt_runtime_lock){-.-.}: [ 27.943483] _raw_spin_lock+0x2a/0x40 [ 27.943484] enqueue_task_rt+0x514/0xf30 [ 27.943485] __sched_setscheduler.constprop.0+0xe73/0x2640 [ 27.943487] sched_setscheduler+0xfa/0x150 [ 27.943488] watchdog_enable+0x11b/0x170 [ 27.943489] smpboot_thread_fn+0x40d/0x920 [ 27.943490] kthread+0x30d/0x420 [ 27.943491] ret_from_fork+0x24/0x30 [ 27.943492] [ 27.943493] -> #2 (&rq->lock){-.-.}: [ 27.943497] _raw_spin_lock+0x2a/0x40 [ 27.943498] task_fork_fair+0x63/0x550 [ 27.943499] sched_fork+0x39a/0xb60 [ 27.943500] copy_process.part.0+0x15b2/0x71c0 [ 27.943501] _do_fork+0x184/0xc80 [ 27.943502] kernel_thread+0x2f/0x40 [ 27.943504] rest_init+0x1f/0x2a3 [ 27.943505] start_kernel+0x743/0x763 [ 27.943506] secondary_startup_64+0xa5/0xb0 [ 27.943507] [ 27.943507] -> #1 (&p->pi_lock){-.-.}: [ 27.943511] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.943512] try_to_wake_up+0x6a/0x1100 [ 27.943513] up+0x75/0xb0 [ 27.943515] __up_console_sem+0xa9/0x1b0 [ 27.943516] console_unlock+0x531/0xf20 [ 27.943517] vprintk_emit+0x224/0x620 [ 27.943518] vprintk_func+0x58/0x160 [ 27.943519] printk+0x9e/0xbc [ 27.943520] __ext4_msg.cold+0x4d/0x52 [ 27.943522] ext4_remount+0x1169/0x1df0 [ 27.943523] do_remount_sb+0x150/0x530 [ 27.943524] do_mount+0x15f3/0x2a30 [ 27.943525] SyS_mount+0xa8/0x120 [ 27.943526] do_syscall_64+0x1d5/0x640 [ 27.943528] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.943528] [ 27.943529] -> #0 ((console_sem).lock){..-.}: [ 27.943533] lock_acquire+0x170/0x3f0 [ 27.943534] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.943535] down_trylock+0xe/0x60 [ 27.943537] __down_trylock_console_sem+0x97/0x1e0 [ 27.943538] vprintk_emit+0x1ee/0x620 [ 27.943539] vprintk_func+0x58/0x160 [ 27.943540] printk+0x9e/0xbc [ 27.943541] debug_print_object.cold+0xa7/0xdb [ 27.943543] debug_check_no_obj_freed+0x3b7/0x680 [ 27.943544] kfree+0xb9/0x250 [ 27.943545] __tcindex_destroy+0x2e/0x70 [ 27.943546] rcu_process_callbacks+0x780/0x1180 [ 27.943548] __do_softirq+0x24d/0x9ff [ 27.943549] run_ksoftirqd+0x50/0x1a0 [ 27.943550] smpboot_thread_fn+0x5c1/0x920 [ 27.943551] kthread+0x30d/0x420 [ 27.943552] ret_from_fork+0x24/0x30 [ 27.943553] [ 27.943554] other info that might help us debug this: [ 27.943555] [ 27.943556] Chain exists of: [ 27.943556] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 27.943562] [ 27.943563] Possible unsafe locking scenario: [ 27.943563] [ 27.943565] CPU0 CPU1 [ 27.943566] ---- ---- [ 27.943567] lock(&obj_hash[i].lock); [ 27.943569] lock(hrtimer_bases.lock); [ 27.943572] lock(&obj_hash[i].lock); [ 27.943574] lock((console_sem).lock); [ 27.943577] [ 27.943578] *** DEADLOCK *** [ 27.943578] [ 27.943579] 2 locks held by ksoftirqd/1/18: [ 27.943580] #0: (rcu_callback){....}, at: [] rcu_process_callbacks+0x84e/0x1180 [ 27.943584] #1: (&obj_hash[i].lock){-.-.}, at: [] debug_check_no_obj_freed+0x135/0x680 [ 27.943589] [ 27.943590] stack backtrace: [ 27.943592] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.14.288-syzkaller #0 [ 27.943594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 27.943595] Call Trace: [ 27.943596] dump_stack+0x1b2/0x281 [ 27.943598] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 27.943599] __lock_acquire+0x2e0e/0x3f20 [ 27.943600] ? pointer+0x31f/0x9e0 [ 27.943601] ? trace_hardirqs_on+0x10/0x10 [ 27.943602] ? format_decode+0x1cb/0x890 [ 27.943603] ? __lock_acquire+0x2190/0x3f20 [ 27.943605] ? check_preemption_disabled+0x35/0x240 [ 27.943606] ? kvm_clock_read+0x1f/0x30 [ 27.943607] ? kvm_sched_clock_read+0x5/0x10 [ 27.943608] ? sched_clock+0x2a/0x40 [ 27.943610] ? sched_clock_cpu+0x18/0x1b0 [ 27.943611] lock_acquire+0x170/0x3f0 [ 27.943612] ? down_trylock+0xe/0x60 [ 27.943613] ? vprintk_func+0x58/0x160 [ 27.943614] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.943615] ? down_trylock+0xe/0x60 [ 27.943616] down_trylock+0xe/0x60 [ 27.943618] ? vprintk_func+0x58/0x160 [ 27.943619] ? vprintk_func+0x58/0x160 [ 27.943620] __down_trylock_console_sem+0x97/0x1e0 [ 27.943621] vprintk_emit+0x1ee/0x620 [ 27.943622] vprintk_func+0x58/0x160 [ 27.943623] printk+0x9e/0xbc [ 27.943624] ? log_store.cold+0x16/0x16 [ 27.943626] ? lock_acquire+0x170/0x3f0 [ 27.943627] ? debug_check_no_obj_freed+0x135/0x680 [ 27.943628] debug_print_object.cold+0xa7/0xdb [ 27.943629] debug_check_no_obj_freed+0x3b7/0x680 [ 27.943631] ? debug_object_deactivate+0x1da/0x2e0 [ 27.943632] ? debug_object_activate+0x490/0x490 [ 27.943634] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 27.943635] kfree+0xb9/0x250 [ 27.943636] __tcindex_destroy+0x2e/0x70 [ 27.943637] ? __tcindex_partial_destroy+0x50/0x50 [ 27.943638] rcu_process_callbacks+0x780/0x1180 [ 27.943640] ? note_gp_changes+0x2f0/0x2f0 [ 27.943641] ? sched_clock+0x2a/0x40 [ 27.943642] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 27.943643] __do_softirq+0x24d/0x9ff [ 27.943645] ? __local_bh_enable_ip+0x170/0x170 [ 27.943646] run_ksoftirqd+0x50/0x1a0 [ 27.943647] smpboot_thread_fn+0x5c1/0x920 [ 27.943648] ? sort_range+0x30/0x30 [ 27.943649] ? sort_range+0x30/0x30 [ 27.943650] kthread+0x30d/0x420 [ 27.943651] ? kthread_create_on_node+0xd0/0xd0 [ 27.943653] ret_from_fork+0x24/0x30 [ 29.031507] Shutting down cpus with NMI [ 29.769922] Kernel Offset: disabled [ 29.773532] Rebooting in 86400 seconds..