Warning: Permanently added '10.128.10.33' (ECDSA) to the list of known hosts. [ 53.264634] ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 [ 53.275298] ------------[ cut here ]------------ [ 53.280175] WARNING: CPU: 1 PID: 8281 at lib/debugobjects.c:290 debug_print_object.cold.8+0xa7/0xdb [ 53.289377] Kernel panic - not syncing: panic_on_warn set ... [ 53.289377] [ 53.296735] CPU: 1 PID: 8281 Comm: syz-executor210 Not tainted 4.14.262-syzkaller #0 [ 53.304602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.314042] Call Trace: [ 53.316722] dump_stack+0x14b/0x1e7 [ 53.320333] ? debug_print_object.cold.8+0xa7/0xdb [ 53.325243] panic+0x1b0/0x358 [ 53.328412] ? add_taint.cold.4+0x11/0x11 [ 53.332561] ? debug_print_object.cold.8+0xa7/0xdb [ 53.337549] __warn.cold.7+0x25/0x25 [ 53.341246] ? debug_print_object.cold.8+0xa7/0xdb [ 53.346146] report_bug+0x1a1/0x200 [ 53.349875] do_error_trap+0x1bd/0x310 [ 53.353836] ? math_error+0x300/0x300 [ 53.357625] ? vprintk_emit+0x339/0x4e0 [ 53.361634] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.366464] do_invalid_op+0x1b/0x20 [ 53.370175] invalid_op+0x1b/0x40 [ 53.373977] RIP: 0010:debug_print_object.cold.8+0xa7/0xdb [ 53.379603] RSP: 0018:ffff888091ad7128 EFLAGS: 00010082 [ 53.385048] RAX: 0000000000000061 RBX: 0000000000000003 RCX: 0000000000000000 [ 53.392516] RDX: 0000000000000061 RSI: ffffffff878b92a0 RDI: ffffed101235ae1c [ 53.399972] RBP: ffff888091ad7150 R08: 0000000000000000 R09: 0000000000000000 [ 53.407217] R10: fffffbfff15ee2f1 R11: dffffc0000000000 R12: ffffffff878b4520 [ 53.414461] R13: ffffffff81360d70 R14: 0000000000000000 R15: dffffc0000000000 [ 53.421724] ? work_on_cpu_safe+0x60/0x60 [ 53.425911] ? debug_print_object.cold.8+0xa7/0xdb [ 53.430814] debug_check_no_obj_freed+0x4bc/0x890 [ 53.435627] ? debug_object_activate+0x4b0/0x4b0 [ 53.440468] kfree+0xbd/0x270 [ 53.443546] kvfree+0x2c/0x30 [ 53.446734] netdev_freemem+0x47/0x60 [ 53.450594] netdev_release+0x6a/0x80 [ 53.454456] device_release+0x134/0x170 [ 53.458666] kobject_put+0x14f/0x3d0 [ 53.462354] put_device+0x12/0x20 [ 53.465780] free_netdev+0x237/0x320 [ 53.469466] ? __netlink_ns_capable+0xc3/0xf0 [ 53.474553] rtnl_newlink+0x109b/0x1630 [ 53.478513] ? rtnl_newlink+0x334/0x1630 [ 53.482557] ? rtnl_link_unregister+0x270/0x270 [ 53.487213] rtnetlink_rcv_msg+0x34c/0x9e0 [ 53.491419] ? rtnl_calcit.isra.11+0x340/0x340 [ 53.495978] ? __netlink_lookup+0x302/0x620 [ 53.500287] ? lock_downgrade+0x7f0/0x7f0 [ 53.505015] netlink_rcv_skb+0x12f/0x3b0 [ 53.509062] ? rtnl_calcit.isra.11+0x340/0x340 [ 53.516190] ? netlink_ack+0xaa0/0xaa0 [ 53.520353] ? netlink_deliver_tap+0x8e/0x920 [ 53.525199] rtnetlink_rcv+0x10/0x20 [ 53.529083] netlink_unicast+0x40b/0x610 [ 53.533140] ? netlink_sendskb+0x40/0x40 [ 53.537382] netlink_sendmsg+0x651/0xc10 [ 53.541452] ? nlmsg_notify+0x140/0x140 [ 53.547729] ? nlmsg_notify+0x140/0x140 [ 53.551703] sock_sendmsg+0xac/0xf0 [ 53.555667] ___sys_sendmsg+0x625/0x920 [ 53.559911] ? trace_hardirqs_on+0x10/0x10 [ 53.564277] ? copy_msghdr_from_user+0x440/0x440 [ 53.569209] ? __might_fault+0xf1/0x1b0 [ 53.573472] ? kasan_check_read+0x11/0x20 [ 53.577617] ? _copy_to_user+0x91/0xb0 [ 53.581618] ? move_addr_to_user+0xe8/0x160 [ 53.586683] ? __fdget+0xe/0x10 [ 53.589955] ? sockfd_lookup_light+0x1c/0x160 [ 53.594645] ? SyS_connect+0x2b0/0x2b0 [ 53.598535] __sys_sendmsg+0xc1/0x140 [ 53.602473] ? SyS_shutdown+0x180/0x180 [ 53.606751] ? fd_install+0x47/0x60 [ 53.610995] ? do_syscall_64+0x4c/0x5b0 [ 53.615074] ? __sys_sendmsg+0x140/0x140 [ 53.619260] SyS_sendmsg+0xd/0x20 [ 53.622781] do_syscall_64+0x1c7/0x5b0 [ 53.626642] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.631547] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 53.636811] RIP: 0033:0x7f7f1da90399 [ 53.640625] RSP: 002b:00007ffe20ed5e28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.648304] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7f1da90399 [ 53.655759] RDX: 0000000004040000 RSI: 0000000020000080 RDI: 0000000000000004 [ 53.663002] RBP: 00007ffe20ed5e30 R08: 65732f636f72702f R09: 65732f636f72702f [ 53.670350] R10: 65732f636f72702f R11: 0000000000000246 R12: 00007f7f1da54280 [ 53.677639] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 53.685178] [ 53.685179] ====================================================== [ 53.685180] WARNING: possible circular locking dependency detected [ 53.685181] 4.14.262-syzkaller #0 Not tainted [ 53.685182] ------------------------------------------------------ [ 53.685183] syz-executor210/8281 is trying to acquire lock: [ 53.685183] ((console_sem).lock){....}, at: [] down_trylock+0x13/0x70 [ 53.685186] [ 53.685187] but task is already holding lock: [ 53.685188] (&obj_hash[i].lock){-.-.}, at: [] debug_check_no_obj_freed+0x156/0x890 [ 53.685190] [ 53.685191] which lock already depends on the new lock. [ 53.685192] [ 53.685192] [ 53.685193] the existing dependency chain (in reverse order) is: [ 53.685194] [ 53.685194] -> #5 (&obj_hash[i].lock){-.-.}: [ 53.685197] lock_acquire+0x17e/0x3e0 [ 53.685197] _raw_spin_lock_irqsave+0x99/0xd0 [ 53.685198] debug_object_activate+0x112/0x4b0 [ 53.685199] enqueue_hrtimer+0x1f/0x330 [ 53.685200] hrtimer_start_range_ns+0x4d5/0x1040 [ 53.685200] schedule_hrtimeout_range_clock+0x138/0x2f0 [ 53.685201] schedule_hrtimeout+0x12/0x20 [ 53.685202] wait_task_inactive+0x49f/0x560 [ 53.685203] __kthread_bind_mask+0x19/0xa0 [ 53.685203] kthread_bind_mask+0xe/0x10 [ 53.685204] create_worker+0x2ea/0x570 [ 53.685205] workqueue_init+0x450/0x506 [ 53.685206] kernel_init_freeable+0x34c/0x578 [ 53.685206] kernel_init+0xc/0x110 [ 53.685207] ret_from_fork+0x24/0x30 [ 53.685208] [ 53.685208] -> #4 (hrtimer_bases.lock){-.-.}: [ 53.685211] lock_acquire+0x17e/0x3e0 [ 53.685211] _raw_spin_lock_irqsave+0x99/0xd0 [ 53.685212] lock_hrtimer_base.isra.2+0x6b/0x140 [ 53.685213] hrtimer_start_range_ns+0x89/0x1040 [ 53.685214] enqueue_task_rt+0x5a3/0xdb0 [ 53.685215] __sched_setscheduler.constprop.14+0xd5f/0x26e0 [ 53.685215] _sched_setscheduler+0x113/0x190 [ 53.685216] sched_setscheduler+0xe/0x10 [ 53.685217] watchdog_enable+0x10c/0x170 [ 53.685217] smpboot_thread_fn+0x3c4/0x850 [ 53.685218] kthread+0x338/0x400 [ 53.685219] ret_from_fork+0x24/0x30 [ 53.685219] [ 53.685220] -> #3 (&rt_b->rt_runtime_lock){-.-.}: [ 53.685222] lock_acquire+0x17e/0x3e0 [ 53.685223] _raw_spin_lock+0x2d/0x40 [ 53.685224] enqueue_task_rt+0x530/0xdb0 [ 53.685224] __sched_setscheduler.constprop.14+0xd5f/0x26e0 [ 53.685225] _sched_setscheduler+0x113/0x190 [ 53.685226] sched_setscheduler+0xe/0x10 [ 53.685227] watchdog_enable+0x10c/0x170 [ 53.685227] smpboot_thread_fn+0x3c4/0x850 [ 53.685228] kthread+0x338/0x400 [ 53.685229] ret_from_fork+0x24/0x30 [ 53.685229] [ 53.685230] -> #2 (&rq->lock){-.-.}: [ 53.685232] lock_acquire+0x17e/0x3e0 [ 53.685233] _raw_spin_lock+0x2d/0x40 [ 53.685234] task_fork_fair+0x62/0x550 [ 53.685234] sched_fork+0x3a6/0xbd0 [ 53.685235] copy_process.part.5+0x15cb/0x6e40 [ 53.685236] _do_fork+0x162/0xc70 [ 53.685236] kernel_thread+0x24/0x30 [ 53.685237] rest_init+0x1d/0x23d [ 53.685238] start_kernel+0x567/0x58f [ 53.685239] x86_64_start_reservations+0x29/0x2b [ 53.685239] x86_64_start_kernel+0x76/0x79 [ 53.685240] secondary_startup_64+0xa5/0xb0 [ 53.685241] [ 53.685241] -> #1 (&p->pi_lock){-.-.}: [ 53.685244] lock_acquire+0x17e/0x3e0 [ 53.685244] _raw_spin_lock_irqsave+0x99/0xd0 [ 53.685245] try_to_wake_up+0x8c/0x10f0 [ 53.685246] wake_up_process+0x10/0x20 [ 53.685246] __up.isra.0+0x136/0x1a0 [ 53.685247] up+0x95/0xe0 [ 53.685248] __up_console_sem+0xa0/0x150 [ 53.685248] console_unlock+0x44a/0xe50 [ 53.685249] do_con_write.part.13+0xd94/0x19b0 [ 53.685250] con_write+0x1f/0x80 [ 53.685250] n_tty_write+0x498/0x1030 [ 53.685251] tty_write+0x342/0x770 [ 53.685252] __vfs_write+0xdb/0x840 [ 53.685253] vfs_write+0x150/0x4f0 [ 53.685253] SyS_write+0x100/0x250 [ 53.685254] do_syscall_64+0x1c7/0x5b0 [ 53.685255] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 53.685255] [ 53.685256] -> #0 ((console_sem).lock){....}: [ 53.685258] __lock_acquire+0x32ee/0x42d0 [ 53.685259] lock_acquire+0x17e/0x3e0 [ 53.685260] _raw_spin_lock_irqsave+0x99/0xd0 [ 53.685260] down_trylock+0x13/0x70 [ 53.685261] __down_trylock_console_sem+0x93/0x1a0 [ 53.685262] console_trylock+0x11/0x50 [ 53.685262] vprintk_emit+0x1ab/0x4e0 [ 53.685263] vprintk_default+0x1a/0x20 [ 53.685264] vprintk_func+0x49/0x130 [ 53.685265] printk+0x91/0xab [ 53.685265] debug_print_object.cold.8+0xa7/0xdb [ 53.685266] debug_check_no_obj_freed+0x4bc/0x890 [ 53.685267] kfree+0xbd/0x270 [ 53.685267] kvfree+0x2c/0x30 [ 53.685268] netdev_freemem+0x47/0x60 [ 53.685269] netdev_release+0x6a/0x80 [ 53.685269] device_release+0x134/0x170 [ 53.685270] kobject_put+0x14f/0x3d0 [ 53.685271] put_device+0x12/0x20 [ 53.685271] free_netdev+0x237/0x320 [ 53.685272] rtnl_newlink+0x109b/0x1630 [ 53.685273] rtnetlink_rcv_msg+0x34c/0x9e0 [ 53.685273] netlink_rcv_skb+0x12f/0x3b0 [ 53.685274] rtnetlink_rcv+0x10/0x20 [ 53.685275] netlink_unicast+0x40b/0x610 [ 53.685276] netlink_sendmsg+0x651/0xc10 [ 53.685276] sock_sendmsg+0xac/0xf0 [ 53.685277] ___sys_sendmsg+0x625/0x920 [ 53.685278] __sys_sendmsg+0xc1/0x140 [ 53.685278] SyS_sendmsg+0xd/0x20 [ 53.685279] do_syscall_64+0x1c7/0x5b0 [ 53.685280] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 53.685280] [ 53.685281] other info that might help us debug this: [ 53.685282] [ 53.685282] Chain exists of: [ 53.685283] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 53.685286] [ 53.685287] Possible unsafe locking scenario: [ 53.685287] [ 53.685288] CPU0 CPU1 [ 53.685289] ---- ---- [ 53.685289] lock(&obj_hash[i].lock); [ 53.685291] lock(hrtimer_bases.lock); [ 53.685293] lock(&obj_hash[i].lock); [ 53.685294] lock((console_sem).lock); [ 53.685296] [ 53.685296] *** DEADLOCK *** [ 53.685297] [ 53.685297] 2 locks held by syz-executor210/8281: [ 53.685298] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x2c0/0x9e0 [ 53.685301] #1: (&obj_hash[i].lock){-.-.}, at: [] debug_check_no_obj_freed+0x156/0x890 [ 53.685303] [ 53.685304] stack backtrace: [ 53.685305] CPU: 1 PID: 8281 Comm: syz-executor210 Not tainted 4.14.262-syzkaller #0 [ 53.685306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.685307] Call Trace: [ 53.685307] dump_stack+0x14b/0x1e7 [ 53.685308] print_circular_bug.isra.17.cold.40+0x2e3/0x41e [ 53.685309] ? save_trace+0xe0/0x290 [ 53.685310] __lock_acquire+0x32ee/0x42d0 [ 53.685310] ? trace_hardirqs_on+0x10/0x10 [ 53.685311] ? netdev_bits+0xa0/0xa0 [ 53.685312] ? trace_hardirqs_on+0x10/0x10 [ 53.685312] ? kvm_clock_read+0x23/0x40 [ 53.685313] ? kvm_sched_clock_read+0x9/0x20 [ 53.685314] lock_acquire+0x17e/0x3e0 [ 53.685314] ? down_trylock+0x13/0x70 [ 53.685315] ? vprintk_emit+0x1ab/0x4e0 [ 53.685316] _raw_spin_lock_irqsave+0x99/0xd0 [ 53.685316] ? down_trylock+0x13/0x70 [ 53.685317] down_trylock+0x13/0x70 [ 53.685318] ? vprintk_emit+0x1ab/0x4e0 [ 53.685319] __down_trylock_console_sem+0x93/0x1a0 [ 53.685319] console_trylock+0x11/0x50 [ 53.685320] vprintk_emit+0x1ab/0x4e0 [ 53.685321] ? work_on_cpu_safe+0x60/0x60 [ 53.685321] vprintk_default+0x1a/0x20 [ 53.685322] vprintk_func+0x49/0x130 [ 53.685323] ? work_on_cpu_safe+0x60/0x60 [ 53.685323] printk+0x91/0xab [ 53.685324] ? log_store.cold.10+0x11/0x11 [ 53.685324] ? lock_acquire+0x17e/0x3e0 [ 53.685325] ? debug_check_no_obj_freed+0x156/0x890 [ 53.685326] ? work_on_cpu_safe+0x60/0x60 [ 53.685327] debug_print_object.cold.8+0xa7/0xdb [ 53.685328] debug_check_no_obj_freed+0x4bc/0x890 [ 53.685328] ? debug_object_activate+0x4b0/0x4b0 [ 53.685329] kfree+0xbd/0x270 [ 53.685329] kvfree+0x2c/0x30 [ 53.685330] netdev_freemem+0x47/0x60 [ 53.685331] netdev_release+0x6a/0x80 [ 53.685332] device_release+0x134/0x170 [ 53.685332] kobject_put+0x14f/0x3d0 [ 53.685333] put_device+0x12/0x20 [ 53.685333] free_netdev+0x237/0x320 [ 53.685334] ? __netlink_ns_capable+0xc3/0xf0 [ 53.685335] rtnl_newlink+0x109b/0x1630 [ 53.685336] ? rtnl_newlink+0x334/0x1630 [ 53.685336] ? rtnl_link_unregister+0x270/0x270 [ 53.685337] rtnetlink_rcv_msg+0x34c/0x9e0 [ 53.685338] ? rtnl_calcit.isra.11+0x340/0x340 [ 53.685339] ? __netlink_lookup+0x302/0x620 [ 53.685339] ? lock_downgrade+0x7f0/0x7f0 [ 53.685340] netlink_rcv_skb+0x12f/0x3b0 [ 53.685341] ? rtnl_calcit.isra.11+0x340/0x340 [ 53.685341] ? netlink_ack+0xaa0/0xaa0 [ 53.685342] ? netlink_deliver_tap+0x8e/0x920 [ 53.685343] rtnetlink_rcv+0x10/0x20 [ 53.685344] netlink_unicast+0x40b/0x610 [ 53.685344] ? netlink_sendskb+0x40/0x40 [ 53.685345] netlink_sendmsg+0x651/0xc10 [ 53.685346] ? nlmsg_notify+0x140/0x140 [ 53.685346] ? nlmsg_notify+0x140/0x140 [ 53.685347] sock_sendmsg+0xac/0xf0 [ 53.685348] ___sys_sendmsg+0x625/0x920 [ 53.685349] ? trace_hardirqs_on+0x10/0x10 [ 53.685349] ? copy_msghdr_from_user+0x440/0x440 [ 53.685350] ? __might_fault+0xf1/0x1b0 [ 53.685351] ? kasan_check_read+0x11/0x20 [ 53.685352] ? _copy_to_user+0x91/0xb0 [ 53.685352] ? move_addr_to_user+0xe8/0x160 [ 53.685353] ? __fdget+0xe/0x10 [ 53.685354] ? sockfd_lookup_light+0x1c/0x160 [ 53.685354] ? SyS_connect+0x2b0/0x2b0 [ 53.685355] __sys_sendmsg+0xc1/0x140 [ 53.685356] ? SyS_shutdown+0x180/0x180 [ 53.685356] ? fd_install+0x47/0x60 [ 53.685357] ? do_syscall_64+0x4c/0x5b0 [ 53.685357] ? __sys_sendmsg+0x140/0x140 [ 53.685358] SyS_sendmsg+0xd/0x20 [ 53.685359] do_syscall_64+0x1c7/0x5b0 [ 53.685360] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.685360] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 53.685361] RIP: 0033:0x7f7f1da90399 [ 53.685362] RSP: 002b:00007ffe20ed5e28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.685363] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7f1da90399 [ 53.685364] RDX: 0000000004040000 RSI: 0000000020000080 RDI: 0000000000000004 [ 53.685365] RBP: 00007ffe20ed5e30 R08: 65732f636f72702f R09: 65732f636f72702f [ 53.685366] R10: 65732f636f72702f R11: 0000000000000246 R12: 00007f7f1da54280 [ 53.685367] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 54.778333] Shutting down cpus with NMI [ 55.829286] Kernel Offset: disabled [ 55.832900] Rebooting in 86400 seconds..