[ 47.617818] audit: type=1800 audit(1555717782.916:27): pid=5398 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 47.637491] audit: type=1800 audit(1555717782.916:28): pid=5398 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 48.208993] audit: type=1800 audit(1555717783.546:29): pid=5398 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 48.228423] audit: type=1800 audit(1555717783.556:30): pid=5398 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.8' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 58.177996] IPVS: ftp: loaded support on port[0] = 21 [ 58.472141] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 58.712178] usb 1-1: Using ep0 maxpacket: 8 [ 58.832215] usb 1-1: config 0 has an invalid interface number: 53 but max is 0 [ 58.839714] usb 1-1: config 0 has no interface number 0 [ 58.845200] usb 1-1: New USB device found, idVendor=1618, idProduct=9113, bcdDevice=a7.e2 [ 58.853575] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.862645] usb 1-1: config 0 descriptor?? [ 58.904899] rsi_91x: rsi_probe: Initialized os intf ops [ 59.302186] rsi_91x: rsi_usb_reg_read: Reg read failed with error code :-71 [ 59.309359] rsi_91x: rsi_load_firmware: REGOUT read failed [ 59.315133] rsi_91x: rsi_hal_device_init: Failed to load TA instructions [ 59.322380] rsi_91x: rsi_probe: Failed in device init [ 59.329692] ------------[ cut here ]------------ [ 59.335723] ODEBUG: free active (active state 0) object type: timer_list hint: bl_cmd_timeout+0x0/0x50 [ 59.345359] WARNING: CPU: 0 PID: 563 at lib/debugobjects.c:325 debug_print_object+0x162/0x250 [ 59.354016] Kernel panic - not syncing: panic_on_warn set ... [ 59.359933] CPU: 0 PID: 563 Comm: kworker/0:2 Not tainted 5.1.0-rc5-319617-gd34f951 #4 [ 59.368245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.377605] Workqueue: usb_hub_wq hub_event [ 59.381944] Call Trace: [ 59.384527] dump_stack+0xe8/0x16e [ 59.388096] ? debug_print_object+0x130/0x250 [ 59.392584] panic+0x29d/0x5f2 [ 59.395776] ? __warn_printk+0xf8/0xf8 [ 59.399696] ? debug_print_object+0x162/0x250 [ 59.404187] ? __probe_kernel_read+0x171/0x1b0 [ 59.408763] ? __warn.cold+0x5/0x48 [ 59.412382] ? __warn+0xe9/0x1d0 [ 59.415747] ? debug_print_object+0x162/0x250 [ 59.420242] __warn.cold+0x20/0x48 [ 59.424028] ? debug_print_object+0x162/0x250 [ 59.428540] report_bug+0x262/0x2a0 [ 59.433803] do_error_trap+0x130/0x1f0 [ 59.437689] ? debug_print_object+0x162/0x250 [ 59.442194] do_invalid_op+0x37/0x40 [ 59.446051] ? debug_print_object+0x162/0x250 [ 59.450550] invalid_op+0x14/0x20 [ 59.454000] RIP: 0010:debug_print_object+0x162/0x250 [ 59.459100] Code: dd c0 a8 b3 8e 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd c0 a8 b3 8e 48 c7 c7 40 9d b3 8e e8 8e c3 d2 fd <0f> 0b 83 05 f9 0f 5a 10 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89 [ 59.478246] RSP: 0018:ffff88809e1ef110 EFLAGS: 00010086 [ 59.483611] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 59.490875] RDX: 0000000000000000 RSI: ffffffff815b1d22 RDI: ffffed1013c3de14 [ 59.498288] RBP: 0000000000000001 R08: ffff88809e1cb100 R09: ffffed1015a03edb [ 59.505550] R10: ffffed1015a03eda R11: ffff8880ad01f6d7 R12: ffffffff917e77c0 [ 59.512809] R13: ffffffff8161e740 R14: ffffffff96d3ea28 R15: ffff8880a5a75f60 [ 59.520088] ? __internal_add_timer+0x1e0/0x1e0 [ 59.524850] ? vprintk_func+0x82/0x118 [ 59.528737] debug_check_no_obj_freed+0x2a3/0x42e [ 59.533662] ? slab_free_freelist_hook+0xdc/0x140 [ 59.538662] slab_free_freelist_hook+0xfb/0x140 [ 59.543328] ? rsi_probe+0xdf3/0x140d [ 59.547120] ? rsi_probe+0xdf3/0x140d [ 59.550915] kfree+0xce/0x280 [ 59.554012] rsi_probe+0xdf3/0x140d [ 59.557687] ? __pm_runtime_set_status+0x5d6/0xa10 [ 59.562919] ? rsi_disconnect+0x450/0x450 [ 59.567055] ? is_dynamic_key+0x170/0x1b0 [ 59.571197] ? __pm_runtime_resume+0x116/0x180 [ 59.575769] usb_probe_interface+0x31d/0x820 [ 59.580164] ? usb_probe_device+0x150/0x150 [ 59.584525] really_probe+0x2da/0xb10 [ 59.588324] driver_probe_device+0x21d/0x350 [ 59.592725] __device_attach_driver+0x1d8/0x290 [ 59.597389] ? driver_allows_async_probing+0x160/0x160 [ 59.602700] bus_for_each_drv+0x163/0x1e0 [ 59.606918] ? bus_rescan_devices+0x30/0x30 [ 59.611445] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 59.616617] ? lockdep_hardirqs_on+0x37e/0x580 [ 59.621202] __device_attach+0x223/0x3a0 [ 59.625271] ? device_bind_driver+0xe0/0xe0 [ 59.629871] ? kobject_uevent_env+0x295/0x13d0 [ 59.634485] bus_probe_device+0x1f1/0x2a0 [ 59.638633] ? blocking_notifier_call_chain+0x59/0xb0 [ 59.643815] device_add+0xad2/0x16e0 [ 59.647524] ? get_device_parent.isra.0+0x560/0x560 [ 59.652592] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 59.657694] usb_set_configuration+0xdf7/0x1740 [ 59.662356] generic_probe+0xa2/0xda [ 59.666113] usb_probe_device+0xc0/0x150 [ 59.670234] ? usb_suspend+0x5f0/0x5f0 [ 59.674223] really_probe+0x2da/0xb10 [ 59.678055] driver_probe_device+0x21d/0x350 [ 59.682600] __device_attach_driver+0x1d8/0x290 [ 59.687438] ? driver_allows_async_probing+0x160/0x160 [ 59.692876] bus_for_each_drv+0x163/0x1e0 [ 59.697059] ? bus_rescan_devices+0x30/0x30 [ 59.701379] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 59.706474] ? lockdep_hardirqs_on+0x37e/0x580 [ 59.711046] __device_attach+0x223/0x3a0 [ 59.715148] ? device_bind_driver+0xe0/0xe0 [ 59.719506] ? kobject_uevent_env+0x295/0x13d0 [ 59.724121] bus_probe_device+0x1f1/0x2a0 [ 59.728278] ? blocking_notifier_call_chain+0x59/0xb0 [ 59.733460] device_add+0xad2/0x16e0 [ 59.737221] ? get_device_parent.isra.0+0x560/0x560 [ 59.742230] usb_new_device.cold+0x537/0xccf [ 59.746623] hub_event+0x1398/0x3b00 [ 59.750335] ? hub_port_debounce+0x350/0x350 [ 59.754878] ? _raw_spin_unlock_irq+0x29/0x40 [ 59.759391] process_one_work+0x90f/0x1580 [ 59.763625] ? wq_pool_ids_show+0x300/0x300 [ 59.767932] ? do_raw_spin_lock+0x11f/0x290 [ 59.772332] worker_thread+0x9b/0xe20 [ 59.776229] ? process_one_work+0x1580/0x1580 [ 59.780866] kthread+0x313/0x420 [ 59.784225] ? kthread_park+0x1a0/0x1a0 [ 59.788191] ret_from_fork+0x3a/0x50 [ 59.791920] [ 59.791924] ====================================================== [ 59.791926] WARNING: possible circular locking dependency detected [ 59.791929] 5.1.0-rc5-319617-gd34f951 #4 Not tainted [ 59.791932] ------------------------------------------------------ [ 59.791934] kworker/0:2/563 is trying to acquire lock: [ 59.791936] 00000000a5d5f18b ((console_sem).lock){....}, at: down_trylock+0x13/0x70 [ 59.791943] [ 59.791945] but task is already holding lock: [ 59.791946] 000000008657db9e (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xc4/0x42e [ 59.791953] [ 59.791957] which lock already depends on the new lock. [ 59.791958] [ 59.791960] [ 59.791962] the existing dependency chain (in reverse order) is: [ 59.791963] [ 59.791964] -> #3 (&obj_hash[i].lock){-.-.}: [ 59.791974] _raw_spin_lock_irqsave+0x44/0x60 [ 59.791977] __debug_object_init+0xb7/0xac0 [ 59.791981] hrtimer_init+0x2c/0x270 [ 59.791984] init_dl_task_timer+0x1c/0x50 [ 59.791987] __sched_fork+0x212/0x4c0 [ 59.791990] init_idle+0x73/0x6b0 [ 59.791993] sched_init+0x930/0x9cd [ 59.791997] start_kernel+0x3d9/0x83d [ 59.791999] secondary_startup_64+0xa4/0xb0 [ 59.792001] [ 59.792003] -> #2 (&rq->lock){-.-.}: [ 59.792012] _raw_spin_lock+0x2c/0x40 [ 59.792015] task_fork_fair+0x3c/0x470 [ 59.792018] sched_fork+0x3a9/0x8d0 [ 59.792021] copy_process.part.0+0x16bc/0x76b0 [ 59.792024] _do_fork+0x234/0xed0 [ 59.792027] kernel_thread+0x34/0x40 [ 59.792030] rest_init+0x28/0x376 [ 59.792033] start_kernel+0x805/0x83d [ 59.792036] secondary_startup_64+0xa4/0xb0 [ 59.792038] [ 59.792039] -> #1 (&p->pi_lock){-.-.}: [ 59.792050] _raw_spin_lock_irqsave+0x44/0x60 [ 59.792053] try_to_wake_up+0x86/0xf90 [ 59.792055] up+0x97/0xe0 [ 59.792057] __up_console_sem+0x55/0xb0 [ 59.792059] console_unlock+0x5bf/0xc30 [ 59.792061] vprintk_emit+0x2b5/0x5a0 [ 59.792063] vprintk_func+0x7a/0x118 [ 59.792072] printk+0xbf/0xf2 [ 59.792074] do_exit.cold+0x5d/0x235 [ 59.792076] do_group_exit+0x12a/0x350 [ 59.792078] __x64_sys_exit_group+0x3f/0x50 [ 59.792080] do_syscall_64+0xcf/0x4f0 [ 59.792082] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.792083] [ 59.792084] -> #0 ((console_sem).lock){....}: [ 59.792091] lock_acquire+0x10d/0x2f0 [ 59.792093] _raw_spin_lock_irqsave+0x44/0x60 [ 59.792095] down_trylock+0x13/0x70 [ 59.792098] __down_trylock_console_sem+0x44/0xf0 [ 59.792100] console_trylock+0x17/0xa0 [ 59.792101] vprintk_emit+0x298/0x5a0 [ 59.792103] vprintk_func+0x7a/0x118 [ 59.792105] printk+0xbf/0xf2 [ 59.792107] __warn_printk+0xa0/0xf8 [ 59.792109] debug_print_object+0x162/0x250 [ 59.792111] debug_check_no_obj_freed+0x2a3/0x42e [ 59.792114] slab_free_freelist_hook+0xfb/0x140 [ 59.792115] kfree+0xce/0x280 [ 59.792117] rsi_probe+0xdf3/0x140d [ 59.792119] usb_probe_interface+0x31d/0x820 [ 59.792121] really_probe+0x2da/0xb10 [ 59.792123] driver_probe_device+0x21d/0x350 [ 59.792125] __device_attach_driver+0x1d8/0x290 [ 59.792127] bus_for_each_drv+0x163/0x1e0 [ 59.792129] __device_attach+0x223/0x3a0 [ 59.792132] bus_probe_device+0x1f1/0x2a0 [ 59.792135] device_add+0xad2/0x16e0 [ 59.792138] usb_set_configuration+0xdf7/0x1740 [ 59.792141] generic_probe+0xa2/0xda [ 59.792144] usb_probe_device+0xc0/0x150 [ 59.792146] really_probe+0x2da/0xb10 [ 59.792148] driver_probe_device+0x21d/0x350 [ 59.792151] __device_attach_driver+0x1d8/0x290 [ 59.792153] bus_for_each_drv+0x163/0x1e0 [ 59.792155] __device_attach+0x223/0x3a0 [ 59.792157] bus_probe_device+0x1f1/0x2a0 [ 59.792158] device_add+0xad2/0x16e0 [ 59.792161] usb_new_device.cold+0x537/0xccf [ 59.792163] hub_event+0x1398/0x3b00 [ 59.792165] process_one_work+0x90f/0x1580 [ 59.792166] worker_thread+0x9b/0xe20 [ 59.792168] kthread+0x313/0x420 [ 59.792170] ret_from_fork+0x3a/0x50 [ 59.792171] [ 59.792173] other info that might help us debug this: [ 59.792174] [ 59.792176] Chain exists of: [ 59.792177] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 59.792185] [ 59.792187] Possible unsafe locking scenario: [ 59.792188] [ 59.792190] CPU0 CPU1 [ 59.792193] ---- ---- [ 59.792194] lock(&obj_hash[i].lock); [ 59.792198] lock(&rq->lock); [ 59.792202] lock(&obj_hash[i].lock); [ 59.792206] lock((console_sem).lock); [ 59.792210] [ 59.792211] *** DEADLOCK *** [ 59.792212] [ 59.792214] 6 locks held by kworker/0:2/563: [ 59.792215] #0: 000000008841abb8 ((wq_completion)usb_hub_wq){+.+.}, at: process_one_work+0x81f/0x1580 [ 59.792224] #1: 0000000088731fac ((work_completion)(&hub->events)){+.+.}, at: process_one_work+0x853/0x1580 [ 59.792232] #2: 00000000d2f1af70 (&dev->mutex){....}, at: hub_event+0x18a/0x3b00 [ 59.792240] #3: 000000000f24229c (&dev->mutex){....}, at: __device_attach+0x80/0x3a0 [ 59.792247] #4: 0000000099263f35 (&dev->mutex){....}, at: __device_attach+0x80/0x3a0 [ 59.792255] #5: 000000008657db9e (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xc4/0x42e [ 59.792263] [ 59.792268] stack backtrace: [ 59.792272] CPU: 0 PID: 563 Comm: kworker/0:2 Not tainted 5.1.0-rc5-319617-gd34f951 #4 [ 59.792276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.792277] Workqueue: usb_hub_wq hub_event [ 59.792280] Call Trace: [ 59.792281] dump_stack+0xe8/0x16e [ 59.792284] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 59.792286] check_prev_add.constprop.0+0xf11/0x23c0 [ 59.792288] ? native_queued_spin_lock_slowpath+0xd2/0x930 [ 59.792290] ? check_usage+0x520/0x520 [ 59.792293] ? check_prev_add.constprop.0+0x8c7/0x23c0 [ 59.792294] ? graph_lock+0x15a/0x180 [ 59.792296] ? __lockdep_free_key_range+0x110/0x110 [ 59.792298] __lock_acquire+0x20c0/0x37c0 [ 59.792300] ? enable_ptr_key_workfn+0x30/0x30 [ 59.792302] ? mark_held_locks+0xe0/0xe0 [ 59.792304] lock_acquire+0x10d/0x2f0 [ 59.792306] ? down_trylock+0x13/0x70 [ 59.792307] _raw_spin_lock_irqsave+0x44/0x60 [ 59.792309] ? down_trylock+0x13/0x70 [ 59.792311] down_trylock+0x13/0x70 [ 59.792313] ? vprintk_emit+0x298/0x5a0 [ 59.792315] __down_trylock_console_sem+0x44/0xf0 [ 59.792316] console_trylock+0x17/0xa0 [ 59.792318] vprintk_emit+0x298/0x5a0 [ 59.792320] ? __internal_add_timer+0x1e0/0x1e0 [ 59.792322] vprintk_func+0x7a/0x118 [ 59.792324] printk+0xbf/0xf2 [ 59.792327] ? kmsg_dump_rewind_nolock+0xde/0xde [ 59.792329] ? bus_for_each_drv+0x163/0x1e0 [ 59.792331] ? __device_attach+0x223/0x3a0 [ 59.792333] ? bus_probe_device+0x1f1/0x2a0 [ 59.792335] ? device_add+0xad2/0x16e0 [ 59.792337] ? usb_set_configuration+0xdf7/0x1740 [ 59.792338] ? generic_probe+0xa2/0xda [ 59.792340] ? really_probe+0x2da/0xb10 [ 59.792342] ? __warn_printk+0x94/0xf8 [ 59.792344] ? bl_write_cmd+0x720/0x720 [ 59.792345] __warn_printk+0xa0/0xf8 [ 59.792347] ? add_taint.cold+0x16/0x16 [ 59.792349] ? do_raw_spin_lock+0x11f/0x290 [ 59.792351] ? do_raw_spin_lock+0x11f/0x290 [ 59.792353] ? bl_write_cmd+0x720/0x720 [ 59.792355] debug_print_object+0x162/0x250 [ 59.792357] debug_check_no_obj_freed+0x2a3/0x42e [ 59.792359] ? slab_free_freelist_hook+0xdc/0x140 [ 59.792361] slab_free_freelist_hook+0xfb/0x140 [ 59.792363] ? rsi_probe+0xdf3/0x140d [ 59.792365] ? rsi_probe+0xdf3/0x140d [ 59.792366] kfree+0xce/0x280 [ 59.792368] rsi_probe+0xdf3/0x140d [ 59.792370] ? __pm_runtime_set_status+0x5d6/0xa10 [ 59.792372] ? rsi_disconnect+0x450/0x450 [ 59.792374] ? is_dynamic_key+0x170/0x1b0 [ 59.792376] ? __pm_runtime_resume+0x116/0x180 [ 59.792378] usb_probe_interface+0x31d/0x820 [ 59.792380] ? usb_probe_device+0x150/0x150 [ 59.792382] really_probe+0x2da/0xb10 [ 59.792384] driver_probe_device+0x21d/0x350 [ 59.792386] __device_attach_driver+0x1d8/0x290 [ 59.792388] ? driver_allows_async_probing+0x160/0x160 [ 59.792390] bus_for_each_drv+0x163/0x1e0 [ 59.792392] ? bus_rescan_devices+0x30/0x30 [ 59.792394] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 59.792396] ? lockdep_hardirqs_on+0x37e/0x580 [ 59.792398] __device_attach+0x223/0x3a0 [ 59.792399] ? device_bind_driver+0xe0/0xe0 [ 59.792401] ? kobject_uevent_env+0x295/0x13d0 [ 59.792403] bus_probe_device+0x1f1/0x2a0 [ 59.792406] ? blocking_notifier_call_chain+0x59/0xb0 [ 59.792407] device_add+0xad2/0x16e0 [ 59.792409] ? get_device_parent.isra.0+0x560/0x560 [ 59.792412] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 59.792414] usb_set_configuration+0xdf7/0x1740 [ 59.792415] generic_probe+0xa2/0xda [ 59.792417] usb_probe_device+0xc0/0x150 [ 59.792419] ? usb_suspend+0x5f0/0x5f0 [ 59.792420] really_probe+0x2da/0xb10 [ 59.792423] driver_probe_device+0x21d/0x350 [ 59.792425] __device_attach_driver+0x1d8/0x290 [ 59.792427] ? driver_allows_async_probing+0x160/0x160 [ 59.792429] bus_for_each_drv+0x163/0x1e0 [ 59.792431] ? bus_rescan_devices+0x30/0x30 [ 59.792433] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 59.792435] ? lockdep_hardirqs_on+0x37e/0x580 [ 59.792437] __device_attach+0x223/0x3a0 [ 59.792439] ? device_bind_driver+0xe0/0xe0 [ 59.792441] ? kobject_uevent_env+0x295/0x13d0 [ 59.792442] bus_probe_device+0x1f1/0x2a0 [ 59.792445] ? blocking_notifier_call_chain+0x59/0xb0 [ 59.792446] device_add+0xad2/0x16e0 [ 59.792449] ? get_device_parent.isra.0+0x560/0x560 [ 59.792450] usb_new_device.cold+0x537/0xccf [ 59.792452] hub_event+0x1398/0x3b00 [ 59.792454] ? hub_port_debounce+0x350/0x350 [ 59.792456] ? _raw_spin_unlock_irq+0x29/0x40 [ 59.792458] process_one_work+0x90f/0x1580 [ 59.792460] ? wq_pool_ids_show+0x300/0x300 [ 59.792462] ? do_raw_spin_lock+0x11f/0x290 [ 59.792463] worker_thread+0x9b/0xe20 [ 59.792465] ? process_one_work+0x1580/0x1580 [ 59.792467] kthread+0x313/0x420 [ 59.792469] ? kthread_park+0x1a0/0x1a0 [ 59.792470] ret_from_fork+0x3a/0x50 [ 59.793224] Kernel Offset: disabled [ 60.783742] Rebooting in 86400 seconds..