[   28.206557] batman_adv: batadv0: Interface activated: batadv_slave_0
[   28.214130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   28.222704] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   28.231967] batman_adv: batadv0: Interface activated: batadv_slave_1
[   28.239158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   28.376901] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   28.756223] can: request_module (can-proto-0) failed.
[   28.765295] can: request_module (can-proto-0) failed.
[   28.775348] can: request_module (can-proto-0) failed.
[   38.563185] unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1
Warning: Permanently added '10.128.10.54' (ECDSA) to the list of known hosts.
[   46.512764] ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90
[   46.523450] ------------[ cut here ]------------
[   46.528188] WARNING: CPU: 1 PID: 8307 at lib/debugobjects.c:290 debug_print_object.cold.8+0xa7/0xdb
[   46.537357] Kernel panic - not syncing: panic_on_warn set ...
[   46.537357] 
[   46.545055] CPU: 1 PID: 8307 Comm: syz-executor635 Not tainted 4.14.267-syzkaller #0
[   46.553032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.562368] Call Trace:
[   46.564937]  dump_stack+0x14b/0x1e7
[   46.568538]  ? debug_print_object.cold.8+0xa7/0xdb
[   46.573441]  panic+0x1b0/0x358
[   46.576604]  ? add_taint.cold.4+0x11/0x11
[   46.580736]  ? debug_print_object.cold.8+0xa7/0xdb
[   46.585639]  __warn.cold.7+0x25/0x25
[   46.589322]  ? debug_print_object.cold.8+0xa7/0xdb
[   46.594220]  report_bug+0x1a1/0x200
[   46.597826]  do_error_trap+0x1bd/0x310
[   46.601681]  ? math_error+0x300/0x300
[   46.605493]  ? vprintk_emit+0x339/0x4e0
[   46.609435]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   46.614254]  do_invalid_op+0x1b/0x20
[   46.617937]  invalid_op+0x1b/0x40
[   46.621370] RIP: 0010:debug_print_object.cold.8+0xa7/0xdb
[   46.626883] RSP: 0018:ffff88809a8d7128 EFLAGS: 00010082
[   46.632217] RAX: 0000000000000061 RBX: 0000000000000003 RCX: 0000000000000000
[   46.639541] RDX: 0000000000000061 RSI: ffffffff878b92a0 RDI: ffffed101351ae1c
[   46.646898] RBP: ffff88809a8d7150 R08: 0000000000000000 R09: 0000000000000000
[   46.654148] R10: fffffbfff15eeaf1 R11: dffffc0000000000 R12: ffffffff878b4520
[   46.661396] R13: ffffffff81361180 R14: 0000000000000000 R15: dffffc0000000000
[   46.668660]  ? work_on_cpu_safe+0x60/0x60
[   46.672786]  ? debug_print_object.cold.8+0xa7/0xdb
[   46.677685]  debug_check_no_obj_freed+0x4bc/0x890
[   46.682509]  ? debug_object_activate+0x4b0/0x4b0
[   46.687237]  kfree+0xbd/0x270
[   46.690314]  kvfree+0x2c/0x30
[   46.693403]  netdev_freemem+0x47/0x60
[   46.697208]  netdev_release+0x6a/0x80
[   46.700987]  device_release+0x134/0x170
[   46.704980]  kobject_put+0x14f/0x3d0
[   46.708677]  put_device+0x12/0x20
[   46.712100]  free_netdev+0x237/0x320
[   46.715784]  ? __netlink_ns_capable+0xc3/0xf0
[   46.720247]  rtnl_newlink+0x1050/0x1520
[   46.724193]  ? rtnl_newlink+0x31e/0x1520
[   46.728228]  ? rtnl_link_unregister+0x270/0x270
[   46.732879]  rtnetlink_rcv_msg+0x34c/0x9e0
[   46.737084]  ? rtnl_calcit.isra.11+0x340/0x340
[   46.741634]  ? __netlink_lookup+0x302/0x620
[   46.745948]  ? lock_downgrade+0x7f0/0x7f0
[   46.750256]  netlink_rcv_skb+0x12f/0x3b0
[   46.754294]  ? rtnl_calcit.isra.11+0x340/0x340
[   46.758864]  ? netlink_ack+0xaa0/0xaa0
[   46.762808]  ? netlink_deliver_tap+0x8e/0x920
[   46.767293]  rtnetlink_rcv+0x10/0x20
[   46.770984]  netlink_unicast+0x40b/0x610
[   46.775015]  ? netlink_sendskb+0x40/0x40
[   46.779049]  netlink_sendmsg+0x651/0xc10
[   46.783090]  ? nlmsg_notify+0x140/0x140
[   46.787132]  ? nlmsg_notify+0x140/0x140
[   46.791344]  sock_sendmsg+0xac/0xf0
[   46.794942]  ___sys_sendmsg+0x625/0x920
[   46.798891]  ? trace_hardirqs_on+0x10/0x10
[   46.803100]  ? copy_msghdr_from_user+0x440/0x440
[   46.807844]  ? __might_fault+0xf1/0x1b0
[   46.811913]  ? kasan_check_read+0x11/0x20
[   46.816151]  ? _copy_to_user+0x91/0xb0
[   46.820309]  ? move_addr_to_user+0xe8/0x160
[   46.824726]  ? __fdget+0xe/0x10
[   46.828164]  ? sockfd_lookup_light+0x1c/0x160
[   46.832723]  ? SyS_connect+0x2b0/0x2b0
[   46.836780]  __sys_sendmsg+0xc1/0x140
[   46.840894]  ? SyS_shutdown+0x180/0x180
[   46.844847]  ? fd_install+0x47/0x60
[   46.848631]  ? do_syscall_64+0x4c/0x5b0
[   46.852579]  ? __sys_sendmsg+0x140/0x140
[   46.856612]  SyS_sendmsg+0xd/0x20
[   46.860052]  do_syscall_64+0x1c7/0x5b0
[   46.863908]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   46.868741]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   46.873902] RIP: 0033:0x7f588f447399
[   46.877591] RSP: 002b:00007fffb0c67d38 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   46.885273] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f588f447399
[   46.892532] RDX: 0000000004040000 RSI: 0000000020000080 RDI: 0000000000000004
[   46.899789] RBP: 00007fffb0c67d40 R08: 65732f636f72702f R09: 65732f636f72702f
[   46.907130] R10: 65732f636f72702f R11: 0000000000000246 R12: 00007f588f40b280
[   46.914381] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   46.921634] 
[   46.921636] ======================================================
[   46.921637] WARNING: possible circular locking dependency detected
[   46.921638] 4.14.267-syzkaller #0 Not tainted
[   46.921639] ------------------------------------------------------
[   46.921640] syz-executor635/8307 is trying to acquire lock:
[   46.921640]  ((console_sem).lock){....}, at: [<ffffffff8140e4e3>] down_trylock+0x13/0x70
[   46.921643] 
[   46.921643] but task is already holding lock:
[   46.921644]  (&obj_hash[i].lock){-.-.}, at: [<ffffffff831dc0e6>] debug_check_no_obj_freed+0x156/0x890
[   46.921646] 
[   46.921647] which lock already depends on the new lock.
[   46.921647] 
[   46.921648] 
[   46.921649] the existing dependency chain (in reverse order) is:
[   46.921649] 
[   46.921650] -> #5 (&obj_hash[i].lock){-.-.}:
[   46.921652]        lock_acquire+0x17e/0x3e0
[   46.921653]        _raw_spin_lock_irqsave+0x99/0xd0
[   46.921654]        debug_object_activate+0x112/0x4b0
[   46.921654]        enqueue_hrtimer+0x1f/0x330
[   46.921655]        hrtimer_start_range_ns+0x4d5/0x1040
[   46.921656]        schedule_hrtimeout_range_clock+0x138/0x2f0
[   46.921656]        schedule_hrtimeout+0x12/0x20
[   46.921657]        wait_task_inactive+0x49f/0x560
[   46.921658]        __kthread_bind_mask+0x19/0xa0
[   46.921658]        kthread_bind_mask+0xe/0x10
[   46.921659]        create_worker+0x2ea/0x570
[   46.921660]        workqueue_init+0x450/0x506
[   46.921660]        kernel_init_freeable+0x34c/0x578
[   46.921661]        kernel_init+0xc/0x110
[   46.921662]        ret_from_fork+0x24/0x30
[   46.921662] 
[   46.921662] -> #4 (hrtimer_bases.lock){-.-.}:
[   46.921665]        lock_acquire+0x17e/0x3e0
[   46.921665]        _raw_spin_lock_irqsave+0x99/0xd0
[   46.921666]        lock_hrtimer_base.isra.2+0x6b/0x140
[   46.921667]        hrtimer_start_range_ns+0x89/0x1040
[   46.921667]        enqueue_task_rt+0x5a3/0xdb0
[   46.921668]        __sched_setscheduler.constprop.14+0xd5f/0x26e0
[   46.921669]        _sched_setscheduler+0x113/0x190
[   46.921670]        sched_setscheduler+0xe/0x10
[   46.921670]        watchdog_enable+0x10c/0x170
[   46.921671]        smpboot_thread_fn+0x3c4/0x850
[   46.921671]        kthread+0x338/0x400
[   46.921672]        ret_from_fork+0x24/0x30
[   46.921672] 
[   46.921673] -> #3 (&rt_b->rt_runtime_lock){-.-.}:
[   46.921675]        lock_acquire+0x17e/0x3e0
[   46.921676]        _raw_spin_lock+0x2d/0x40
[   46.921676]        enqueue_task_rt+0x530/0xdb0
[   46.921677]        __sched_setscheduler.constprop.14+0xd5f/0x26e0
[   46.921678]        _sched_setscheduler+0x113/0x190
[   46.921679]        sched_setscheduler+0xe/0x10
[   46.921679]        watchdog_enable+0x10c/0x170
[   46.921680]        smpboot_thread_fn+0x3c4/0x850
[   46.921681]        kthread+0x338/0x400
[   46.921681]        ret_from_fork+0x24/0x30
[   46.921682] 
[   46.921682] -> #2 (&rq->lock){-.-.}:
[   46.921684]        lock_acquire+0x17e/0x3e0
[   46.921685]        _raw_spin_lock+0x2d/0x40
[   46.921686]        task_fork_fair+0x62/0x550
[   46.921686]        sched_fork+0x3a6/0xbd0
[   46.921687]        copy_process.part.5+0x15cb/0x6e40
[   46.921688]        _do_fork+0x162/0xc70
[   46.921688]        kernel_thread+0x24/0x30
[   46.921689]        rest_init+0x1d/0x23d
[   46.921689]        start_kernel+0x567/0x58f
[   46.921690]        x86_64_start_reservations+0x29/0x2b
[   46.921691]        x86_64_start_kernel+0x76/0x79
[   46.921691]        secondary_startup_64+0xa5/0xb0
[   46.921692] 
[   46.921692] -> #1 (&p->pi_lock){-.-.}:
[   46.921695]        lock_acquire+0x17e/0x3e0
[   46.921696]        _raw_spin_lock_irqsave+0x99/0xd0
[   46.921696]        try_to_wake_up+0x8c/0x10f0
[   46.921697]        wake_up_process+0x10/0x20
[   46.921697]        __up.isra.0+0x136/0x1a0
[   46.921698]        up+0x95/0xe0
[   46.921699]        __up_console_sem+0xa0/0x150
[   46.921699]        console_unlock+0x44a/0xe50
[   46.921700]        vt_ioctl+0x1c4d/0x2030
[   46.921700]        tty_ioctl+0x438/0x12d0
[   46.921701]        do_vfs_ioctl+0x180/0xfb0
[   46.921702]        SyS_ioctl+0x74/0x80
[   46.921702]        do_syscall_64+0x1c7/0x5b0
[   46.921703]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   46.921704] 
[   46.921704] -> #0 ((console_sem).lock){....}:
[   46.921706]        __lock_acquire+0x32ee/0x42d0
[   46.921707]        lock_acquire+0x17e/0x3e0
[   46.921707]        _raw_spin_lock_irqsave+0x99/0xd0
[   46.921708]        down_trylock+0x13/0x70
[   46.921709]        __down_trylock_console_sem+0x93/0x1a0
[   46.921709]        console_trylock+0x11/0x50
[   46.921710]        vprintk_emit+0x1ab/0x4e0
[   46.921711]        vprintk_default+0x1a/0x20
[   46.921711]        vprintk_func+0x49/0x130
[   46.921712]        printk+0x91/0xab
[   46.921713]        debug_print_object.cold.8+0xa7/0xdb
[   46.921713]        debug_check_no_obj_freed+0x4bc/0x890
[   46.921714]        kfree+0xbd/0x270
[   46.921714]        kvfree+0x2c/0x30
[   46.921715]        netdev_freemem+0x47/0x60
[   46.921716]        netdev_release+0x6a/0x80
[   46.921716]        device_release+0x134/0x170
[   46.921717]        kobject_put+0x14f/0x3d0
[   46.921718]        put_device+0x12/0x20
[   46.921718]        free_netdev+0x237/0x320
[   46.921719]        rtnl_newlink+0x1050/0x1520
[   46.921719]        rtnetlink_rcv_msg+0x34c/0x9e0
[   46.921720]        netlink_rcv_skb+0x12f/0x3b0
[   46.921721]        rtnetlink_rcv+0x10/0x20
[   46.921721]        netlink_unicast+0x40b/0x610
[   46.921722]        netlink_sendmsg+0x651/0xc10
[   46.921723]        sock_sendmsg+0xac/0xf0
[   46.921723]        ___sys_sendmsg+0x625/0x920
[   46.921724]        __sys_sendmsg+0xc1/0x140
[   46.921725]        SyS_sendmsg+0xd/0x20
[   46.921725]        do_syscall_64+0x1c7/0x5b0
[   46.921726]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   46.921726] 
[   46.921727] other info that might help us debug this:
[   46.921728] 
[   46.921728] Chain exists of:
[   46.921729]   (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock
[   46.921732] 
[   46.921732]  Possible unsafe locking scenario:
[   46.921733] 
[   46.921733]        CPU0                    CPU1
[   46.921734]        ----                    ----
[   46.921734]   lock(&obj_hash[i].lock);
[   46.921736]                                lock(hrtimer_bases.lock);
[   46.921738]                                lock(&obj_hash[i].lock);
[   46.921739]   lock((console_sem).lock);
[   46.921740] 
[   46.921741]  *** DEADLOCK ***
[   46.921741] 
[   46.921742] 2 locks held by syz-executor635/8307:
[   46.921742]  #0:  (rtnl_mutex){+.+.}, at: [<ffffffff85d2bf70>] rtnetlink_rcv_msg+0x2c0/0x9e0
[   46.921745]  #1:  (&obj_hash[i].lock){-.-.}, at: [<ffffffff831dc0e6>] debug_check_no_obj_freed+0x156/0x890
[   46.921747] 
[   46.921748] stack backtrace:
[   46.921749] CPU: 1 PID: 8307 Comm: syz-executor635 Not tainted 4.14.267-syzkaller #0
[   46.921750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.921750] Call Trace:
[   46.921751]  dump_stack+0x14b/0x1e7
[   46.921752]  print_circular_bug.isra.17.cold.40+0x2e3/0x41e
[   46.921752]  ? save_trace+0xe0/0x290
[   46.921753]  __lock_acquire+0x32ee/0x42d0
[   46.921754]  ? trace_hardirqs_on+0x10/0x10
[   46.921754]  ? netdev_bits+0xa0/0xa0
[   46.921755]  ? trace_hardirqs_on+0x10/0x10
[   46.921756]  ? kvm_clock_read+0x23/0x40
[   46.921756]  ? kvm_sched_clock_read+0x9/0x20
[   46.921757]  lock_acquire+0x17e/0x3e0
[   46.921758]  ? down_trylock+0x13/0x70
[   46.921758]  ? vprintk_emit+0x1ab/0x4e0
[   46.921759]  _raw_spin_lock_irqsave+0x99/0xd0
[   46.921759]  ? down_trylock+0x13/0x70
[   46.921760]  down_trylock+0x13/0x70
[   46.921761]  ? vprintk_emit+0x1ab/0x4e0
[   46.921761]  __down_trylock_console_sem+0x93/0x1a0
[   46.921762]  console_trylock+0x11/0x50
[   46.921762]  vprintk_emit+0x1ab/0x4e0
[   46.921763]  ? work_on_cpu_safe+0x60/0x60
[   46.921764]  vprintk_default+0x1a/0x20
[   46.921764]  vprintk_func+0x49/0x130
[   46.921765]  ? work_on_cpu_safe+0x60/0x60
[   46.921765]  printk+0x91/0xab
[   46.921766]  ? log_store.cold.10+0x11/0x11
[   46.921767]  ? lock_acquire+0x17e/0x3e0
[   46.921767]  ? debug_check_no_obj_freed+0x156/0x890
[   46.921768]  ? work_on_cpu_safe+0x60/0x60
[   46.921769]  debug_print_object.cold.8+0xa7/0xdb
[   46.921769]  debug_check_no_obj_freed+0x4bc/0x890
[   46.921770]  ? debug_object_activate+0x4b0/0x4b0
[   46.921771]  kfree+0xbd/0x270
[   46.921771]  kvfree+0x2c/0x30
[   46.921772]  netdev_freemem+0x47/0x60
[   46.921772]  netdev_release+0x6a/0x80
[   46.921773]  device_release+0x134/0x170
[   46.921774]  kobject_put+0x14f/0x3d0
[   46.921774]  put_device+0x12/0x20
[   46.921775]  free_netdev+0x237/0x320
[   46.921775]  ? __netlink_ns_capable+0xc3/0xf0
[   46.921776]  rtnl_newlink+0x1050/0x1520
[   46.921777]  ? rtnl_newlink+0x31e/0x1520
[   46.921777]  ? rtnl_link_unregister+0x270/0x270
[   46.921778]  rtnetlink_rcv_msg+0x34c/0x9e0
[   46.921779]  ? rtnl_calcit.isra.11+0x340/0x340
[   46.921779]  ? __netlink_lookup+0x302/0x620
[   46.921780]  ? lock_downgrade+0x7f0/0x7f0
[   46.921781]  netlink_rcv_skb+0x12f/0x3b0
[   46.921781]  ? rtnl_calcit.isra.11+0x340/0x340
[   46.921782]  ? netlink_ack+0xaa0/0xaa0
[   46.921783]  ? netlink_deliver_tap+0x8e/0x920
[   46.921783]  rtnetlink_rcv+0x10/0x20
[   46.921784]  netlink_unicast+0x40b/0x610
[   46.921785]  ? netlink_sendskb+0x40/0x40
[   46.921785]  netlink_sendmsg+0x651/0xc10
[   46.921786]  ? nlmsg_notify+0x140/0x140
[   46.921787]  ? nlmsg_notify+0x140/0x140
[   46.921787]  sock_sendmsg+0xac/0xf0
[   46.921788]  ___sys_sendmsg+0x625/0x920
[   46.921788]  ? trace_hardirqs_on+0x10/0x10
[   46.921789]  ? copy_msghdr_from_user+0x440/0x440
[   46.921790]  ? __might_fault+0xf1/0x1b0
[   46.921790]  ? kasan_check_read+0x11/0x20
[   46.921791]  ? _copy_to_user+0x91/0xb0
[   46.921792]  ? move_addr_to_user+0xe8/0x160
[   46.921792]  ? __fdget+0xe/0x10
[   46.921793]  ? sockfd_lookup_light+0x1c/0x160
[   46.921793]  ? SyS_connect+0x2b0/0x2b0
[   46.921794]  __sys_sendmsg+0xc1/0x140
[   46.921795]  ? SyS_shutdown+0x180/0x180
[   46.921795]  ? fd_install+0x47/0x60
[   46.921796]  ? do_syscall_64+0x4c/0x5b0
[   46.921796]  ? __sys_sendmsg+0x140/0x140
[   46.921797]  SyS_sendmsg+0xd/0x20
[   46.921798]  do_syscall_64+0x1c7/0x5b0
[   46.921798]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   46.921799]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   46.921800] RIP: 0033:0x7f588f447399
[   46.921800] RSP: 002b:00007fffb0c67d38 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   46.921802] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f588f447399
[   46.921803] RDX: 0000000004040000 RSI: 0000000020000080 RDI: 0000000000000004
[   46.921804] RBP: 00007fffb0c67d40 R08: 65732f636f72702f R09: 65732f636f72702f
[   46.921804] R10: 65732f636f72702f R11: 0000000000000246 R12: 00007f588f40b280
[   46.921805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   48.008690] Shutting down cpus with NMI
[   49.023426] Kernel Offset: disabled
[   49.027038] Rebooting in 86400 seconds..