RDX: 0000000020011000 RSI: 0000000000000000 RDI: 0000000000000009
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020000240 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000004f R14: 00000000006f2808 R15: 0000000000000000
ODEBUG: object is on stack, but not annotated
WARNING: CPU: 1 PID: 13074 at lib/debugobjects.c:328 debug_object_is_on_stack lib/debugobjects.c:327 [inline]
WARNING: CPU: 1 PID: 13074 at lib/debugobjects.c:328 __debug_object_init+0x60a/0x1040 lib/debugobjects.c:354
ODEBUG: object is on stack, but not annotated
Kernel panic - not syncing: panic_on_warn set ...

WARNING: CPU: 0 PID: 13088 at lib/debugobjects.c:328 debug_object_is_on_stack lib/debugobjects.c:327 [inline]
WARNING: CPU: 0 PID: 13088 at lib/debugobjects.c:328 __debug_object_init+0x60a/0x1040 lib/debugobjects.c:354
CPU: 1 PID: 13074 Comm: syz-executor0 Not tainted 4.16.0+ #10
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
CPU: 0 PID: 13088 Comm: syz-executor0 Not tainted 4.16.0+ #10
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x24d lib/dump_stack.c:53
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:debug_object_is_on_stack lib/debugobjects.c:327 [inline]
RIP: 0010:__debug_object_init+0x60a/0x1040 lib/debugobjects.c:354
RSP: 0018:ffff880177bd7968 EFLAGS: 00010082
 panic+0x1e4/0x41c kernel/panic.c:183
RAX: 000000000000002d RBX: 0000000000000002 RCX: 0000000000000000
RDX: 000000000000002d RSI: ffffc900022aa000 RDI: ffffed002ef7af21
RBP: ffff880177bd7b40 R08: 0000000000000000 R09: 1ffff1002ef7ae8c
R10: ffff880177bd7820 R11: ffffffff88582f78 R12: ffff8801ccf94700
 __warn+0x1dc/0x200 kernel/panic.c:547
R13: ffff880177bd7ca0 R14: ffff8801d12e6070 R15: ffff8801d12e6080
FS:  00007f1415be4700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
 report_bug+0x1f4/0x2b0 lib/bug.c:186
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 fixup_bug.part.10+0x37/0x80 arch/x86/kernel/traps.c:178
CR2: 0000000020011008 CR3: 0000000181d4e004 CR4: 00000000001606f0
 fixup_bug arch/x86/kernel/traps.c:247 [inline]
 do_error_trap+0x2d7/0x3e0 arch/x86/kernel/traps.c:296
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
 invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:986
RIP: 0010:debug_object_is_on_stack lib/debugobjects.c:327 [inline]
RIP: 0010:__debug_object_init+0x60a/0x1040 lib/debugobjects.c:354
RSP: 0018:ffff8801b200f968 EFLAGS: 00010082
RAX: 000000000000002d RBX: 0000000000000001 RCX: 0000000000000000
 debug_object_init+0x17/0x20 lib/debugobjects.c:391
RDX: 000000000000002d RSI: ffffc90001ea8000 RDI: ffffed0036401f21
 debug_hrtimer_init kernel/time/hrtimer.c:410 [inline]
 debug_init kernel/time/hrtimer.c:458 [inline]
 hrtimer_init+0x8c/0x410 kernel/time/hrtimer.c:1259
RBP: ffff8801b200fb40 R08: 0000000000000000 R09: 1ffff10036401e89
R10: ffff8801b200f820 R11: ffffffff88583158 R12: ffff8801ad496440
R13: ffff8801b200fca0 R14: ffff8801d7ba4380 R15: ffff8801d7ba4390
 alarm_init kernel/time/alarmtimer.c:339 [inline]
 alarm_timer_nsleep+0x164/0x4d0 kernel/time/alarmtimer.c:787
 SYSC_clock_nanosleep kernel/time/posix-timers.c:1227 [inline]
 SyS_clock_nanosleep+0x235/0x330 kernel/time/posix-timers.c:1205
 debug_object_init+0x17/0x20 lib/debugobjects.c:391
 debug_hrtimer_init kernel/time/hrtimer.c:410 [inline]
 debug_init kernel/time/hrtimer.c:458 [inline]
 hrtimer_init+0x8c/0x410 kernel/time/hrtimer.c:1259
 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
 alarm_init kernel/time/alarmtimer.c:339 [inline]
 alarm_timer_nsleep+0x164/0x4d0 kernel/time/alarmtimer.c:787
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
 SYSC_clock_nanosleep kernel/time/posix-timers.c:1227 [inline]
 SyS_clock_nanosleep+0x235/0x330 kernel/time/posix-timers.c:1205
RIP: 0033:0x455269
RSP: 002b:00007f1415be3c68 EFLAGS: 00000246
 ORIG_RAX: 00000000000000e6
RAX: ffffffffffffffda RBX: 00007f1415be46d4 RCX: 0000000000455269
 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
RDX: 0000000020011000 RSI: 0000000000000000 RDI: 0000000000000009
RBP: 000000000072c010 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020000240 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000004f R14: 00000000006f2808 R15: 0000000000000002
Code: 
00 
00 
00 
e9 
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
3b 
RIP: 0033:0x455269
fc 
RSP: 002b:00007f1415c25c68 EFLAGS: 00000246
ff 
 ORIG_RAX: 00000000000000e6
ff 
RAX: ffffffffffffffda RBX: 00007f1415c266d4 RCX: 0000000000455269
8b 
RDX: 0000000020011000 RSI: 0000000000000000 RDI: 0000000000000009
85 
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
50 
R10: 0000000020000240 R11: 0000000000000246 R12: 00000000ffffffff
fe 
R13: 000000000000004f R14: 00000000006f2808 R15: 0000000000000000
ff 

======================================================
WARNING: possible circular locking dependency detected
4.16.0+ #10 Not tainted
------------------------------------------------------
syz-executor0/13074 is trying to acquire lock:
 ((console_sem).lock){-.-.}, at: [<000000004c507deb>] down_trylock+0x13/0x70 kernel/locking/semaphore.c:136

but task is already holding lock:
 (&obj_hash[i].lock){-.-.}, at: [<000000004452bff0>] __debug_object_init+0x109/0x1040 lib/debugobjects.c:343

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (&obj_hash[i].lock){-.-.}:
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
       __debug_object_init+0x109/0x1040 lib/debugobjects.c:343
       debug_object_init+0x17/0x20 lib/debugobjects.c:391
       debug_hrtimer_init kernel/time/hrtimer.c:410 [inline]
       debug_init kernel/time/hrtimer.c:458 [inline]
       hrtimer_init+0x8c/0x410 kernel/time/hrtimer.c:1259
       init_dl_task_timer+0x1b/0x50 kernel/sched/deadline.c:1060
       __sched_fork+0x2bb/0xb60 kernel/sched/core.c:2189
       init_idle+0x75/0x820 kernel/sched/core.c:5352
       sched_init+0xb19/0xc43 kernel/sched/core.c:6049
       start_kernel+0x452/0x819 init/main.c:586
       x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378
       x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359
       secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:239

-> #2 (&rq->lock){-.-.}:
       __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
       _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
       rq_lock kernel/sched/sched.h:1760 [inline]
       task_fork_fair+0x7a/0x690 kernel/sched/fair.c:9471
       sched_fork+0x450/0xc10 kernel/sched/core.c:2405
       copy_process.part.38+0x17c9/0x4bd0 kernel/fork.c:1763
       copy_process kernel/fork.c:1606 [inline]
       _do_fork+0x1f7/0xf70 kernel/fork.c:2087
       kernel_thread+0x34/0x40 kernel/fork.c:2146
       rest_init+0x22/0xf0 init/main.c:403
       start_kernel+0x7f1/0x819 init/main.c:717
       x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378
       x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359
       secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:239

-> #1 (&p->pi_lock){-.-.}:
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
       try_to_wake_up+0xbc/0x15f0 kernel/sched/core.c:1989
       wake_up_process+0x10/0x20 kernel/sched/core.c:2152
       __up.isra.0+0x1cc/0x2c0 kernel/locking/semaphore.c:262
       up+0x13b/0x1d0 kernel/locking/semaphore.c:187
       __up_console_sem+0xb2/0x1a0 kernel/printk/printk.c:242
       console_unlock+0x5af/0xfb0 kernel/printk/printk.c:2417
       do_con_write+0x106e/0x1f70 drivers/tty/vt/vt.c:2433
       con_write+0x25/0xb0 drivers/tty/vt/vt.c:2782
       process_output_block drivers/tty/n_tty.c:579 [inline]
       n_tty_write+0x5ef/0xec0 drivers/tty/n_tty.c:2308
       do_tty_write drivers/tty/tty_io.c:958 [inline]
       tty_write+0x3fa/0x840 drivers/tty/tty_io.c:1042
       __vfs_write+0xef/0x970 fs/read_write.c:480
       vfs_write+0x189/0x510 fs/read_write.c:544
       SYSC_write fs/read_write.c:589 [inline]
       SyS_write+0xef/0x220 fs/read_write.c:581
       do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
       entry_SYSCALL_64_after_hwframe+0x42/0xb7

-> #0 ((console_sem).lock){-.-.}:
       lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
       down_trylock+0x13/0x70 kernel/locking/semaphore.c:136
       __down_trylock_console_sem+0xa2/0x1e0 kernel/printk/printk.c:225
       console_trylock+0x15/0x70 kernel/printk/printk.c:2229
       console_trylock_spinning kernel/printk/printk.c:1643 [inline]
       vprintk_emit+0x5b5/0xb90 kernel/printk/printk.c:1906
       vprintk_default+0x28/0x30 kernel/printk/printk.c:1947
       vprintk_func+0x57/0xc0 kernel/printk/printk_safe.c:379
       printk+0xaa/0xca kernel/printk/printk.c:1980
       debug_object_is_on_stack lib/debugobjects.c:325 [inline]
       __debug_object_init+0x5cc/0x1040 lib/debugobjects.c:354
       debug_object_init+0x17/0x20 lib/debugobjects.c:391
       debug_hrtimer_init kernel/time/hrtimer.c:410 [inline]
       debug_init kernel/time/hrtimer.c:458 [inline]
       hrtimer_init+0x8c/0x410 kernel/time/hrtimer.c:1259
       alarm_init kernel/time/alarmtimer.c:339 [inline]
       alarm_timer_nsleep+0x164/0x4d0 kernel/time/alarmtimer.c:787
       SYSC_clock_nanosleep kernel/time/posix-timers.c:1227 [inline]
       SyS_clock_nanosleep+0x235/0x330 kernel/time/posix-timers.c:1205
       do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
       entry_SYSCALL_64_after_hwframe+0x42/0xb7

other info that might help us debug this:

Chain exists of:
  (console_sem).lock --> &rq->lock --> &obj_hash[i].lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&obj_hash[i].lock);
                               lock(&rq->lock);
                               lock(&obj_hash[i].lock);
  lock((console_sem).lock);

 *** DEADLOCK ***

1 lock held by syz-executor0/13074:
 #0:  (&obj_hash[i].lock){-.-.}, at: [<000000004452bff0>] __debug_object_init+0x109/0x1040 lib/debugobjects.c:343

stack backtrace:
CPU: 1 PID: 13074 Comm: syz-executor0 Not tainted 4.16.0+ #10
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x24d lib/dump_stack.c:53
 print_circular_bug.isra.38+0x2cd/0x2dc kernel/locking/lockdep.c:1223
 check_prev_add kernel/locking/lockdep.c:1863 [inline]
 check_prevs_add kernel/locking/lockdep.c:1976 [inline]
 validate_chain kernel/locking/lockdep.c:2417 [inline]
 __lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3431
 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
 down_trylock+0x13/0x70 kernel/locking/semaphore.c:136
 __down_trylock_console_sem+0xa2/0x1e0 kernel/printk/printk.c:225
 console_trylock+0x15/0x70 kernel/printk/printk.c:2229
 console_trylock_spinning kernel/printk/printk.c:1643 [inline]
 vprintk_emit+0x5b5/0xb90 kernel/printk/printk.c:1906
 vprintk_default+0x28/0x30 kernel/printk/printk.c:1947
 vprintk_func+0x57/0xc0 kernel/printk/printk_safe.c:379
 printk+0xaa/0xca kernel/printk/printk.c:1980
 debug_object_is_on_stack lib/debugobjects.c:325 [inline]
 __debug_object_init+0x5cc/0x1040 lib/debugobjects.c:354
 debug_object_init+0x17/0x20 lib/debugobjects.c:391
 debug_hrtimer_init kernel/time/hrtimer.c:410 [inline]
 debug_init kernel/time/hrtimer.c:458 [inline]
 hrtimer_init+0x8c/0x410 kernel/time/hrtimer.c:1259
 alarm_init kernel/time/alarmtimer.c:339 [inline]
 alarm_timer_nsleep+0x164/0x4d0 kernel/time/alarmtimer.c:787
 SYSC_clock_nanosleep kernel/time/posix-timers.c:1227 [inline]
 SyS_clock_nanosleep+0x235/0x330 kernel/time/posix-timers.c:1205
 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x455269
RSP: 002b:00007f1415c25c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6
RAX: ffffffffffffffda RBX: 00007f1415c266d4 RCX: 0000000000455269
RDX: 0000000020011000 RSI: 0000000000000000 RDI: 0000000000000009
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020000240 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000004f R14: 00000000006f2808 R15: 0000000000000000
ff 85 c0 0f 84 e5 fb ff ff 83 c3 01 48 c7 c7 00 bf 75 87 89 1d cb bc d1 06 e8 5e fd 47 fe <0f> 0b e9 c9 fb ff ff 48 c7 c6 c0 bf 75 87 4c 89 f7 e8 90 e9 ff 
---[ end trace 7b1dc07f0b85b00f ]---
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..