[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.423211] cfg80211: Calling CRDA to update world regulatory domain
[   20.583609] cfg80211: Calling CRDA to update world regulatory domain
[   23.072397] IPVS: Creating netns size=2688 id=1
[   23.077133] IPVS: ftp: loaded support on port[0] = 21
[   23.743200] cfg80211: Calling CRDA to update world regulatory domain
[   26.903227] cfg80211: Calling CRDA to update world regulatory domain
Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts.
2019/12/05 05:37:41 parsed 1 programs
2019/12/05 05:37:41 executed programs: 0
[   29.707658] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready
[   29.714478] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready
[   29.722437] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready
[   29.729553] IPVS: Creating netns size=2688 id=2
[   29.731226] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready
[   29.732640] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready
[   29.733023] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready
[   29.753346] IPVS: ftp: loaded support on port[0] = 21
[   29.765207] IPVS: Creating netns size=2688 id=3
[   29.769973] IPVS: ftp: loaded support on port[0] = 21
[   29.784105] chnl_net:caif_netlink_parms(): no params data found
[   29.791855] IPVS: Creating netns size=2688 id=4
[   29.796703] IPVS: ftp: loaded support on port[0] = 21
[   29.808747] device bridge_slave_0 entered promiscuous mode
[   29.819312] device bridge_slave_1 entered promiscuous mode
[   29.829038] IPVS: Creating netns size=2688 id=5
[   29.830138] chnl_net:caif_netlink_parms(): no params data found
[   29.840000] IPVS: ftp: loaded support on port[0] = 21
[   29.842535] device bridge_slave_0 entered promiscuous mode
[   29.842873] device bridge_slave_1 entered promiscuous mode
[   29.845586] IPv6: ADDRCONF(NETDEV_UP): bond_slave_0: link is not ready
[   29.846046] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   29.846205] IPv6: ADDRCONF(NETDEV_UP): bond_slave_1: link is not ready
[   29.846309] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   29.856158] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   29.856266] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   29.860647] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   29.860712] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   29.862171] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.862252] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.862264] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.862272] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.938240] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.944837] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.957007] IPv6: ADDRCONF(NETDEV_UP): bond_slave_0: link is not ready
[   29.964466] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   29.972267] IPv6: ADDRCONF(NETDEV_UP): bond_slave_1: link is not ready
[   29.979206] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   29.999025] IPVS: Creating netns size=2688 id=6
[   30.002343] chnl_net:caif_netlink_parms(): no params data found
[   30.007047] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   30.007145] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   30.011502] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   30.011560] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   30.012581] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.012596] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.012609] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.012617] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.062644] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.062784] IPVS: ftp: loaded support on port[0] = 21
[   30.075220] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.085708] cfg80211: Calling CRDA to update world regulatory domain
[   30.099401] chnl_net:caif_netlink_parms(): no params data found
[   30.110553] IPVS: Creating netns size=2688 id=7
[   30.115432] IPVS: ftp: loaded support on port[0] = 21
[   30.116228] device bridge_slave_0 entered promiscuous mode
[   30.116576] device bridge_slave_1 entered promiscuous mode
[   30.119202] IPv6: ADDRCONF(NETDEV_UP): bond_slave_0: link is not ready
[   30.119322] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   30.119445] IPv6: ADDRCONF(NETDEV_UP): bond_slave_1: link is not ready
[   30.119538] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   30.130818] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   30.130905] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   30.135573] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   30.135634] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   30.136757] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.136773] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.136785] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.136792] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.213339] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.219747] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.227840] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.239402] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   30.259608] device bridge_slave_0 entered promiscuous mode
[   30.266883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.277849] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.284793] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   30.291126] device bridge_slave_1 entered promiscuous mode
[   30.298291] chnl_net:caif_netlink_parms(): no params data found
[   30.308400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.320537] IPv6: ADDRCONF(NETDEV_UP): bond_slave_0: link is not ready
[   30.327572] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   30.336309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   30.343945] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.350431] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.357081] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   30.364986] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.371472] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.378413] IPv6: ADDRCONF(NETDEV_UP): bond_slave_1: link is not ready
[   30.385276] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   30.394251] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.401724] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   30.411307] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   30.418703] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   30.426176] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.432654] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.439592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   30.446976] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.453467] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.461630] chnl_net:caif_netlink_parms(): no params data found
[   30.468780] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   30.475908] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   30.483946] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   30.490996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.497763] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   30.505276] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   30.517449] device bridge_slave_0 entered promiscuous mode
[   30.523982] device bridge_slave_1 entered promiscuous mode
[   30.529802] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   30.537453] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   30.549736] IPv6: ADDRCONF(NETDEV_UP): bond_slave_0: link is not ready
[   30.556628] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   30.564597] IPv6: ADDRCONF(NETDEV_UP): bond_slave_1: link is not ready
[   30.571438] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   30.586135] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   30.596210] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   30.603623] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   30.610982] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.617570] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.624403] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   30.631832] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.638369] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.644987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   30.652343] device bridge_slave_0 entered promiscuous mode
[   30.658346] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   30.665235] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   30.674130] device bridge_slave_1 entered promiscuous mode
[   30.683492] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   30.691692] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   30.703712] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   30.710841] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   30.719640] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   30.727249] IPv6: ADDRCONF(NETDEV_UP): bond_slave_0: link is not ready
[   30.734904] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   30.744283] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   30.752913] IPv6: ADDRCONF(NETDEV_UP): bond_slave_1: link is not ready
[   30.759877] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   30.781161] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   30.789762] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   30.797695] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   30.807036] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   30.817481] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   30.826153] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.832601] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   30.843329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.854182] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   30.861019] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   30.873452] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   30.892524] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   30.902074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   30.909857] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.916384] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.923833] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   30.931301] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.937817] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.944562] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   30.952524] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   30.965332] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.976219] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   30.983756] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   30.993079] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   31.002166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   31.016488] sp0: Synchronizing with TNC
[   31.022011] 8021q: adding VLAN 0 to HW filter on device bond0
[   31.059947] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   31.067420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   31.094846] ------------[ cut here ]------------
[   31.099630] WARNING: CPU: 0 PID: 5903 at lib/debugobjects.c:263 debug_print_object+0x89/0xb0()
[   31.101233] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   31.101570] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   31.102429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   31.102484] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.102497] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.102554] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   31.102591] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.102599] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.102747] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   31.102804] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   31.102941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   31.138197] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   31.138536] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   31.139482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   31.139542] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.139555] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.139612] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   31.139651] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.139659] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.139800] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   31.139843] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   31.139990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   31.254309] sp0: Synchronizing with TNC
[   31.263177] ODEBUG: free active (active state 0) object type: timer_list hint: resync_tnc+0x0/0xb0
[   31.272467] Kernel panic - not syncing: panic_on_warn set ...
[   31.272467] 
[   31.279821] CPU: 0 PID: 5903 Comm: syz-executor.0 Not tainted 4.1.0-syzkaller #0
[   31.287341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.296686]  ffffffff82ee423b ffff8800b2c1b928 ffffffff827956a0 0000000000000032
[   31.304790]  ffffffff82e6806b ffff8800b2c1b9a8 ffffffff82790a5b 0000000000000000
[   31.312797]  ffffffff00000008 ffff8800b2c1b9b8 ffff8800b2c1b958 00000000ffffc000
[   31.320841] Call Trace:
[   31.323406]  [<ffffffff827956a0>] dump_stack+0x4f/0x7b
[   31.328705]  [<ffffffff82790a5b>] panic+0xcd/0x211
[   31.333659]  [<ffffffff8116c3cb>] warn_slowpath_common+0xbb/0xc0
[   31.339806]  [<ffffffff8116c411>] warn_slowpath_fmt+0x41/0x50
[   31.345678]  [<ffffffff81a1fc59>] debug_print_object+0x89/0xb0
[   31.351646]  [<ffffffff81e3e950>] ? sp_put+0x30/0x30
[   31.356722]  [<ffffffff81a20b12>] ? debug_check_no_obj_freed+0x92/0x250
[   31.363447]  [<ffffffff81a20c5b>] debug_check_no_obj_freed+0x1db/0x250
[   31.370086]  [<ffffffff81299465>] ? kvfree+0x25/0x40
[   31.375163]  [<ffffffff812d9ce0>] kfree+0xd0/0x4b0
[   31.380062]  [<ffffffff812da074>] ? kfree+0x464/0x4b0
[   31.385221]  [<ffffffff81299465>] kvfree+0x25/0x40
[   31.390132]  [<ffffffff8224e6c3>] netdev_freemem+0x13/0x20
[   31.395787]  [<ffffffff82266aea>] netdev_release+0x2a/0x40
[   31.401439]  [<ffffffff81c87d51>] device_release+0x31/0xa0
[   31.407043]  [<ffffffff81a038b1>] kobject_release+0x111/0x120
[   31.412901]  [<ffffffff81a036c5>] kobject_put+0x35/0x70
[   31.418280]  [<ffffffff8224e532>] netdev_run_todo+0x242/0x310
[   31.424139]  [<ffffffff81a1fa61>] ? list_del+0x11/0x40
[   31.429398]  [<ffffffff8225aec9>] rtnl_unlock+0x9/0x10
[   31.434669]  [<ffffffff82245570>] unregister_netdev+0x20/0x30
[   31.440526]  [<ffffffff81e3ea59>] sixpack_close+0x59/0x90
[   31.446039]  [<ffffffff81b02113>] tty_ldisc_close.isra.1+0x33/0x60
[   31.452328]  [<ffffffff81b02334>] tty_ldisc_reinit+0x44/0xd0
[   31.458096]  [<ffffffff81b02935>] tty_ldisc_hangup+0xd5/0x220
[   31.463950]  [<ffffffff81af9778>] __tty_hangup+0x2f8/0x460
[   31.469542]  [<ffffffff81af98eb>] tty_vhangup+0xb/0x10
[   31.474795]  [<ffffffff81b05239>] pty_close+0x139/0x180
[   31.480128]  [<ffffffff81afb4da>] tty_release+0xfa/0x570
[   31.485550]  [<ffffffff8119a3c5>] ? ___might_sleep+0x205/0x270
[   31.491591]  [<ffffffff8130020d>] __fput+0xed/0x250
[   31.496577]  [<ffffffff8130006e>] ? fput+0x4e/0x90
[   31.501487]  [<ffffffff813003b9>] ____fput+0x9/0x10
[   31.506505]  [<ffffffff81191944>] task_work_run+0xc4/0xf0
[   31.512029]  [<ffffffff8107d238>] do_notify_resume+0x68/0x70
[   31.517807]  [<ffffffff827a5b6b>] int_signal+0x12/0x17
[   31.524586] Kernel Offset: disabled
[   31.528253] 
[   31.529851] ======================================================
[   31.536157] [ INFO: possible circular locking dependency detected ]
[   31.542553] 4.1.0-syzkaller #0 Not tainted
[   31.546760] -------------------------------------------------------
[   31.553138] syz-executor.0/5903 is trying to acquire lock:
[   31.558732]  ((console_sem).lock){......}, at: [<ffffffff811be00f>] down_trylock+0xf/0x40
[   31.567630] 
[   31.567630] but task is already holding lock:
[   31.573675]  (&obj_hash[i].lock){-.-.-.}, at: [<ffffffff81a20b12>] debug_check_no_obj_freed+0x92/0x250
[   31.583607] 
[   31.583607] which lock already depends on the new lock.
[   31.583607] 
[   31.591905] 
[   31.591905] the existing dependency chain (in reverse order) is:
[   31.599501] 
-> #3 (&obj_hash[i].lock){-.-.-.}:
[   31.604720]        [<ffffffff811c5876>] lock_acquire+0xe6/0x310
[   31.610873]        [<ffffffff827a54c2>] _raw_spin_lock_irqsave+0x62/0x90
[   31.617899]        [<ffffffff81a1feaf>] __debug_object_init+0x5f/0x450
[   31.624656]        [<ffffffff81a202bb>] debug_object_init+0x1b/0x20
[   31.631336]        [<ffffffff811ef000>] hrtimer_init+0x20/0x230
[   31.637497]        [<ffffffff811bb20f>] init_dl_task_timer+0x1f/0x40
[   31.644089]        [<ffffffff81199a92>] __sched_fork+0xa2/0x230
[   31.650247]        [<ffffffff811a328b>] init_idle+0x3b/0x140
[   31.656157]        [<ffffffff83496411>] sched_init+0x3db/0x422
[   31.662227]        [<ffffffff83472d74>] start_kernel+0x223/0x445
[   31.668466]        [<ffffffff83472345>] x86_64_start_reservations+0x2a/0x2c
[   31.675661]        [<ffffffff8347248c>] x86_64_start_kernel+0x145/0x154
[   31.682526] 
-> #2 (&rq->lock){-.-.-.}:
[   31.687051]        [<ffffffff811c5876>] lock_acquire+0xe6/0x310
[   31.693208]        [<ffffffff827a49e6>] _raw_spin_lock+0x36/0x50
[   31.699451]        [<ffffffff811a5bb8>] sched_move_task+0x48/0x200
[   31.705859]        [<ffffffff811a5d99>] cpu_cgroup_fork+0x9/0x10
[   31.712096]        [<ffffffff8121df1d>] cgroup_post_fork+0x4d/0x140
[   31.718605]        [<ffffffff8116a8bf>] copy_process.part.30+0x130f/0x1bc0
[   31.725738]        [<ffffffff8116b324>] do_fork+0xd4/0x810
[   31.731468]        [<ffffffff8116ba81>] kernel_thread+0x21/0x30
[   31.737635]        [<ffffffff82786853>] rest_init+0x23/0x140
[   31.743539]        [<ffffffff83472f89>] start_kernel+0x438/0x445
[   31.749817]        [<ffffffff83472345>] x86_64_start_reservations+0x2a/0x2c
[   31.757007]        [<ffffffff8347248c>] x86_64_start_kernel+0x145/0x154
[   31.763955] 
-> #1 (&p->pi_lock){-.-.-.}:
[   31.768703]        [<ffffffff811c5876>] lock_acquire+0xe6/0x310
[   31.774878]        [<ffffffff827a54c2>] _raw_spin_lock_irqsave+0x62/0x90
[   31.781841]        [<ffffffff811a28db>] try_to_wake_up+0x2b/0x350
[   31.788242]        [<ffffffff811a2c22>] wake_up_process+0x22/0x50
[   31.794675]        [<ffffffff827a2efe>] __up.isra.0+0x1e/0x30
[   31.800664]        [<ffffffff811be0d1>] up+0x41/0x50
[   31.805859]        [<ffffffff811d7e79>] console_unlock+0x1b9/0x570
[   31.812286]        [<ffffffff81b1ad7b>] do_con_write.part.23+0x75b/0xa50
[   31.819228]        [<ffffffff81b1b10d>] con_write+0x5d/0x70
[   31.826275]        [<ffffffff81afdb7d>] n_tty_write+0x1bd/0x510
[   31.832429]        [<ffffffff81af9d4d>] tty_write+0x1ed/0x2f0
[   31.838408]        [<ffffffff812fe1c3>] __vfs_write+0x23/0x100
[   31.844479]        [<ffffffff812fe8d1>] vfs_write+0xa1/0x1c0
[   31.850379]        [<ffffffff812ff574>] SyS_write+0x44/0xb0
[   31.856207]        [<ffffffff827a5972>] system_call_fastpath+0x16/0x7a
[   31.862997] 
-> #0 ((console_sem).lock){......}:
[   31.868322]        [<ffffffff811c4a34>] __lock_acquire+0x18f4/0x1c70
[   31.874912]        [<ffffffff811c5876>] lock_acquire+0xe6/0x310
[   31.881074]        [<ffffffff827a54c2>] _raw_spin_lock_irqsave+0x62/0x90
[   31.888121]        [<ffffffff811be00f>] down_trylock+0xf/0x40
[   31.894103]        [<ffffffff811d8ae3>] console_unblank+0x23/0xb0
[   31.900438]        [<ffffffff81a10dbe>] bust_spinlocks+0x1e/0x40
[   31.906675]        [<ffffffff82790aa0>] panic+0x112/0x211
[   31.912303]        [<ffffffff8116c3cb>] warn_slowpath_common+0xbb/0xc0
[   31.919070]        [<ffffffff8116c411>] warn_slowpath_fmt+0x41/0x50
[   31.925601]        [<ffffffff81a1fc59>] debug_print_object+0x89/0xb0
[   31.932207]        [<ffffffff81a20c5b>] debug_check_no_obj_freed+0x1db/0x250
[   31.939507]        [<ffffffff812d9ce0>] kfree+0xd0/0x4b0
[   31.945051]        [<ffffffff81299465>] kvfree+0x25/0x40
[   31.950593]        [<ffffffff8224e6c3>] netdev_freemem+0x13/0x20
[   31.956832]        [<ffffffff82266aea>] netdev_release+0x2a/0x40
[   31.963079]        [<ffffffff81c87d51>] device_release+0x31/0xa0
[   31.969318]        [<ffffffff81a038b1>] kobject_release+0x111/0x120
[   31.975829]        [<ffffffff81a036c5>] kobject_put+0x35/0x70
[   31.981807]        [<ffffffff8224e532>] netdev_run_todo+0x242/0x310
[   31.988302]        [<ffffffff8225aec9>] rtnl_unlock+0x9/0x10
[   31.994203]        [<ffffffff82245570>] unregister_netdev+0x20/0x30
[   32.000710]        [<ffffffff81e3ea59>] sixpack_close+0x59/0x90
[   32.006864]        [<ffffffff81b02113>] tty_ldisc_close.isra.1+0x33/0x60
[   32.013796]        [<ffffffff81b02334>] tty_ldisc_reinit+0x44/0xd0
[   32.020205]        [<ffffffff81b02935>] tty_ldisc_hangup+0xd5/0x220
[   32.026710]        [<ffffffff81af9778>] __tty_hangup+0x2f8/0x460
[   32.032950]        [<ffffffff81af98eb>] tty_vhangup+0xb/0x10
[   32.038849]        [<ffffffff81b05239>] pty_close+0x139/0x180
[   32.044936]        [<ffffffff81afb4da>] tty_release+0xfa/0x570
[   32.051016]        [<ffffffff8130020d>] __fput+0xed/0x250
[   32.056664]        [<ffffffff813003b9>] ____fput+0x9/0x10
[   32.062293]        [<ffffffff81191944>] task_work_run+0xc4/0xf0
[   32.068794]        [<ffffffff8107d238>] do_notify_resume+0x68/0x70
[   32.075212]        [<ffffffff827a5b6b>] int_signal+0x12/0x17
[   32.081127] 
[   32.081127] other info that might help us debug this:
[   32.081127] 
[   32.089239] Chain exists of:
  (console_sem).lock --> &rq->lock --> &obj_hash[i].lock

[   32.098227]  Possible unsafe locking scenario:
[   32.098227] 
[   32.104259]        CPU0                    CPU1
[   32.108903]        ----                    ----
[   32.113542]   lock(&obj_hash[i].lock);
[   32.117643]                                lock(&rq->lock);
[   32.123600]                                lock(&obj_hash[i].lock);
[   32.130292]   lock((console_sem).lock);
[   32.134521] 
[   32.134521]  *** DEADLOCK ***
[   32.134521] 
[   32.140682] 5 locks held by syz-executor.0/5903:
[   32.145413]  #0:  (&tty->legacy_mutex){+.+.+.}, at: [<ffffffff827a57d9>] tty_lock+0x39/0x90
[   32.154505]  #1:  (&tty->legacy_mutex/1){+.+.+.}, at: [<ffffffff827a57d9>] tty_lock+0x39/0x90
[   32.163916]  #2:  (&tty->ldisc_sem){++++++}, at: [<ffffffff827a5775>] tty_ldisc_lock+0x15/0x40
[   32.173274]  #3:  (&obj_hash[i].lock){-.-.-.}, at: [<ffffffff81a20b12>] debug_check_no_obj_freed+0x92/0x250
[   32.183788]  #4:  (panic_lock){......}, at: [<ffffffff827909d8>] panic+0x4a/0x211
[   32.192009] 
[   32.192009] stack backtrace:
[   32.196477] CPU: 0 PID: 5903 Comm: syz-executor.0 Not tainted 4.1.0-syzkaller #0
[   32.203980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.213305]  ffffffff83d7d6c0 ffff8800b2c1b6f8 ffffffff827956a0 0000000000000011
[   32.221316]  ffffffff83d79f10 ffff8800b2c1b748 ffffffff811c11b6 ffff8800b2c1b728
[   32.229434]  ffff8800b885a850 0000000000000005 ffff8800b885b130 0000000000000005
[   32.237472] Call Trace:
[   32.240039]  [<ffffffff827956a0>] dump_stack+0x4f/0x7b
[   32.245405]  [<ffffffff811c11b6>] print_circular_bug+0x246/0x2d0
[   32.251522]  [<ffffffff811c4a34>] __lock_acquire+0x18f4/0x1c70
[   32.257466]  [<ffffffff811d8544>] ? vprintk_emit+0x314/0x6f0
[   32.263372]  [<ffffffff811c5876>] lock_acquire+0xe6/0x310
[   32.268886]  [<ffffffff811be00f>] ? down_trylock+0xf/0x40
[   32.274412]  [<ffffffff81a1fc59>] ? debug_print_object+0x89/0xb0
[   32.280541]  [<ffffffff827a54c2>] _raw_spin_lock_irqsave+0x62/0x90
[   32.286900]  [<ffffffff811be00f>] ? down_trylock+0xf/0x40
[   32.292429]  [<ffffffff81a10dbe>] ? bust_spinlocks+0x1e/0x40
[   32.298201]  [<ffffffff811be00f>] down_trylock+0xf/0x40
[   32.303536]  [<ffffffff81a10dbe>] ? bust_spinlocks+0x1e/0x40
[   32.309305]  [<ffffffff811d8ae3>] console_unblank+0x23/0xb0
[   32.314998]  [<ffffffff81a10dbe>] bust_spinlocks+0x1e/0x40
[   32.320605]  [<ffffffff82790aa0>] panic+0x112/0x211
[   32.325594]  [<ffffffff8116c3cb>] warn_slowpath_common+0xbb/0xc0
[   32.331716]  [<ffffffff8116c411>] warn_slowpath_fmt+0x41/0x50
[   32.337579]  [<ffffffff81a1fc59>] debug_print_object+0x89/0xb0
[   32.343532]  [<ffffffff81e3e950>] ? sp_put+0x30/0x30
[   32.348604]  [<ffffffff81a20b12>] ? debug_check_no_obj_freed+0x92/0x250
[   32.355326]  [<ffffffff81a20c5b>] debug_check_no_obj_freed+0x1db/0x250
[   32.361968]  [<ffffffff81299465>] ? kvfree+0x25/0x40
[   32.367043]  [<ffffffff812d9ce0>] kfree+0xd0/0x4b0
[   32.371941]  [<ffffffff812da074>] ? kfree+0x464/0x4b0
[   32.377100]  [<ffffffff81299465>] kvfree+0x25/0x40
[   32.382028]  [<ffffffff8224e6c3>] netdev_freemem+0x13/0x20
[   32.387622]  [<ffffffff82266aea>] netdev_release+0x2a/0x40
[   32.393228]  [<ffffffff81c87d51>] device_release+0x31/0xa0
[   32.398822]  [<ffffffff81a038b1>] kobject_release+0x111/0x120
[   32.404686]  [<ffffffff81a036c5>] kobject_put+0x35/0x70
[   32.410019]  [<ffffffff8224e532>] netdev_run_todo+0x242/0x310
[   32.415876]  [<ffffffff81a1fa61>] ? list_del+0x11/0x40
[   32.421134]  [<ffffffff8225aec9>] rtnl_unlock+0x9/0x10
[   32.426380]  [<ffffffff82245570>] unregister_netdev+0x20/0x30
[   32.432233]  [<ffffffff81e3ea59>] sixpack_close+0x59/0x90
[   32.437742]  [<ffffffff81b02113>] tty_ldisc_close.isra.1+0x33/0x60
[   32.444026]  [<ffffffff81b02334>] tty_ldisc_reinit+0x44/0xd0
[   32.449792]  [<ffffffff81b02935>] tty_ldisc_hangup+0xd5/0x220
[   32.455644]  [<ffffffff81af9778>] __tty_hangup+0x2f8/0x460
[   32.461256]  [<ffffffff81af98eb>] tty_vhangup+0xb/0x10
[   32.466504]  [<ffffffff81b05239>] pty_close+0x139/0x180
[   32.471848]  [<ffffffff81afb4da>] tty_release+0xfa/0x570
[   32.477282]  [<ffffffff8119a3c5>] ? ___might_sleep+0x205/0x270
[   32.483224]  [<ffffffff8130020d>] __fput+0xed/0x250
[   32.488222]  [<ffffffff8130006e>] ? fput+0x4e/0x90
[   32.493130]  [<ffffffff813003b9>] ____fput+0x9/0x10
[   32.498125]  [<ffffffff81191944>] task_work_run+0xc4/0xf0
[   32.503632]  [<ffffffff8107d238>] do_notify_resume+0x68/0x70
[   32.509401]  [<ffffffff827a5b6b>] int_signal+0x12/0x17