Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts. [ 47.714657] ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 [ 47.725357] ------------[ cut here ]------------ [ 47.730091] WARNING: CPU: 1 PID: 8295 at lib/debugobjects.c:290 debug_print_object.cold.8+0xa7/0xdb [ 47.739284] Kernel panic - not syncing: panic_on_warn set ... [ 47.739284] [ 47.746788] CPU: 1 PID: 8295 Comm: syz-executor193 Not tainted 4.14.273-syzkaller #0 [ 47.755107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.764664] Call Trace: [ 47.767249] dump_stack+0x14b/0x1e7 [ 47.770871] ? debug_print_object.cold.8+0xa7/0xdb [ 47.775778] panic+0x1b0/0x358 [ 47.778964] ? add_taint.cold.4+0x11/0x11 [ 47.783095] ? debug_print_object.cold.8+0xa7/0xdb [ 47.788003] __warn.cold.7+0x25/0x25 [ 47.791698] ? debug_print_object.cold.8+0xa7/0xdb [ 47.796609] report_bug+0x1a1/0x200 [ 47.800208] do_error_trap+0x1bd/0x310 [ 47.804064] ? math_error+0x300/0x300 [ 47.807836] ? vprintk_emit+0x339/0x4e0 [ 47.811793] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.816610] do_invalid_op+0x1b/0x20 [ 47.820297] invalid_op+0x1b/0x40 [ 47.823816] RIP: 0010:debug_print_object.cold.8+0xa7/0xdb [ 47.829423] RSP: 0018:ffff8880afae7128 EFLAGS: 00010082 [ 47.835031] RAX: 0000000000000061 RBX: 0000000000000003 RCX: 0000000000000000 [ 47.842293] RDX: 0000000000000061 RSI: ffffffff878b9920 RDI: ffffed1015f5ce1c [ 47.850583] RBP: ffff8880afae7150 R08: 0000000000000000 R09: 0000000000000000 [ 47.857840] R10: fffffbfff15eeaf1 R11: dffffc0000000000 R12: ffffffff878b4ba0 [ 47.865183] R13: ffffffff813611b0 R14: 0000000000000000 R15: dffffc0000000000 [ 47.872531] ? work_on_cpu_safe+0x60/0x60 [ 47.876756] ? debug_print_object.cold.8+0xa7/0xdb [ 47.881679] debug_check_no_obj_freed+0x4bc/0x890 [ 47.886584] ? debug_object_activate+0x4b0/0x4b0 [ 47.891318] kfree+0xbd/0x270 [ 47.894415] kvfree+0x2c/0x30 [ 47.897504] netdev_freemem+0x47/0x60 [ 47.901278] netdev_release+0x6a/0x80 [ 47.905055] device_release+0x134/0x170 [ 47.909001] kobject_put+0x14f/0x3d0 [ 47.912689] put_device+0x12/0x20 [ 47.916118] free_netdev+0x237/0x320 [ 47.919803] ? __netlink_ns_capable+0xc3/0xf0 [ 47.924273] rtnl_newlink+0x1050/0x1520 [ 47.928218] ? rtnl_newlink+0x31e/0x1520 [ 47.932259] ? rtnl_link_unregister+0x270/0x270 [ 47.936933] rtnetlink_rcv_msg+0x34c/0x9e0 [ 47.941155] ? rtnl_calcit.isra.11+0x340/0x340 [ 47.945977] ? __netlink_lookup+0x302/0x620 [ 47.950445] ? lock_downgrade+0x7f0/0x7f0 [ 47.954664] netlink_rcv_skb+0x12f/0x3b0 [ 47.958715] ? rtnl_calcit.isra.11+0x340/0x340 [ 47.963298] ? netlink_ack+0xaa0/0xaa0 [ 47.967176] ? netlink_deliver_tap+0x8e/0x920 [ 47.972139] rtnetlink_rcv+0x10/0x20 [ 47.976020] netlink_unicast+0x40b/0x610 [ 47.980062] ? netlink_sendskb+0x40/0x40 [ 47.984099] netlink_sendmsg+0x651/0xc10 [ 47.988135] ? nlmsg_notify+0x140/0x140 [ 47.992300] ? nlmsg_notify+0x140/0x140 [ 47.996257] sock_sendmsg+0xac/0xf0 [ 47.999873] ___sys_sendmsg+0x625/0x920 [ 48.003822] ? trace_hardirqs_on+0x10/0x10 [ 48.008030] ? copy_msghdr_from_user+0x440/0x440 [ 48.012971] ? __might_fault+0xf1/0x1b0 [ 48.016927] ? kasan_check_read+0x11/0x20 [ 48.021136] ? _copy_to_user+0x91/0xb0 [ 48.025007] ? move_addr_to_user+0xe8/0x160 [ 48.029404] ? __fdget+0xe/0x10 [ 48.033108] ? sockfd_lookup_light+0x1c/0x160 [ 48.037671] ? SyS_connect+0x2b0/0x2b0 [ 48.041538] __sys_sendmsg+0xc1/0x140 [ 48.045346] ? SyS_shutdown+0x180/0x180 [ 48.049296] ? fd_install+0x47/0x60 [ 48.053139] ? do_syscall_64+0x4c/0x5b0 [ 48.057095] ? __sys_sendmsg+0x140/0x140 [ 48.061132] SyS_sendmsg+0xd/0x20 [ 48.064559] do_syscall_64+0x1c7/0x5b0 [ 48.068417] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.073330] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 48.078494] RIP: 0033:0x7fa7fba6f399 [ 48.082181] RSP: 002b:00007ffcb641bf38 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 48.089968] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa7fba6f399 [ 48.097229] RDX: 0000000004040000 RSI: 0000000020000080 RDI: 0000000000000004 [ 48.104468] RBP: 00007ffcb641bf40 R08: 65732f636f72702f R09: 65732f636f72702f [ 48.112409] R10: 65732f636f72702f R11: 0000000000000246 R12: 00007fa7fba33280 [ 48.119648] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 48.126913] [ 48.126915] ====================================================== [ 48.126916] WARNING: possible circular locking dependency detected [ 48.126916] 4.14.273-syzkaller #0 Not tainted [ 48.126917] ------------------------------------------------------ [ 48.126918] syz-executor193/8295 is trying to acquire lock: [ 48.126918] ((console_sem).lock){....}, at: [] down_trylock+0x13/0x70 [ 48.126921] [ 48.126922] but task is already holding lock: [ 48.126922] (&obj_hash[i].lock){-.-.}, at: [] debug_check_no_obj_freed+0x156/0x890 [ 48.126924] [ 48.126925] which lock already depends on the new lock. [ 48.126926] [ 48.126926] [ 48.126927] the existing dependency chain (in reverse order) is: [ 48.126927] [ 48.126928] -> #5 (&obj_hash[i].lock){-.-.}: [ 48.126930] lock_acquire+0x17e/0x3e0 [ 48.126931] _raw_spin_lock_irqsave+0x99/0xd0 [ 48.126932] debug_object_activate+0x112/0x4b0 [ 48.126933] enqueue_hrtimer+0x1f/0x330 [ 48.126933] hrtimer_start_range_ns+0x4d5/0x1040 [ 48.126934] schedule_hrtimeout_range_clock+0x138/0x2f0 [ 48.126935] schedule_hrtimeout+0x12/0x20 [ 48.126935] wait_task_inactive+0x49f/0x560 [ 48.126936] __kthread_bind_mask+0x19/0xa0 [ 48.126937] kthread_bind_mask+0xe/0x10 [ 48.126938] create_worker+0x2ea/0x570 [ 48.126938] workqueue_init+0x450/0x506 [ 48.126939] kernel_init_freeable+0x34c/0x578 [ 48.126940] kernel_init+0xc/0x113 [ 48.126940] ret_from_fork+0x24/0x30 [ 48.126941] [ 48.126941] -> #4 (hrtimer_bases.lock){-.-.}: [ 48.126944] lock_acquire+0x17e/0x3e0 [ 48.126944] _raw_spin_lock_irqsave+0x99/0xd0 [ 48.126945] lock_hrtimer_base.isra.2+0x6b/0x140 [ 48.126963] hrtimer_start_range_ns+0x89/0x1040 [ 48.126964] enqueue_task_rt+0x5a3/0xdb0 [ 48.126965] __sched_setscheduler.constprop.14+0xd5f/0x26e0 [ 48.126966] _sched_setscheduler+0x113/0x190 [ 48.126966] sched_setscheduler+0xe/0x10 [ 48.126967] watchdog_enable+0x10c/0x170 [ 48.126968] smpboot_thread_fn+0x3c4/0x850 [ 48.126968] kthread+0x338/0x400 [ 48.126969] ret_from_fork+0x24/0x30 [ 48.126969] [ 48.126970] -> #3 (&rt_b->rt_runtime_lock){-.-.}: [ 48.126972] lock_acquire+0x17e/0x3e0 [ 48.126973] _raw_spin_lock+0x2d/0x40 [ 48.126974] enqueue_task_rt+0x530/0xdb0 [ 48.126974] __sched_setscheduler.constprop.14+0xd5f/0x26e0 [ 48.126975] _sched_setscheduler+0x113/0x190 [ 48.126976] sched_setscheduler+0xe/0x10 [ 48.126976] watchdog_enable+0x10c/0x170 [ 48.126977] smpboot_thread_fn+0x3c4/0x850 [ 48.126978] kthread+0x338/0x400 [ 48.126978] ret_from_fork+0x24/0x30 [ 48.126979] [ 48.126979] -> #2 (&rq->lock){-.-.}: [ 48.126982] lock_acquire+0x17e/0x3e0 [ 48.126982] _raw_spin_lock+0x2d/0x40 [ 48.126983] task_fork_fair+0x62/0x550 [ 48.126983] sched_fork+0x3a6/0xbd0 [ 48.126984] copy_process.part.5+0x15cb/0x6e40 [ 48.126985] _do_fork+0x162/0xc70 [ 48.126986] kernel_thread+0x24/0x30 [ 48.126986] rest_init+0x1d/0x23d [ 48.126987] start_kernel+0x567/0x58f [ 48.126988] x86_64_start_reservations+0x29/0x2b [ 48.126988] x86_64_start_kernel+0x76/0x79 [ 48.126990] secondary_startup_64+0xa5/0xb0 [ 48.126990] [ 48.126990] -> #1 (&p->pi_lock){-.-.}: [ 48.126993] lock_acquire+0x17e/0x3e0 [ 48.126993] _raw_spin_lock_irqsave+0x99/0xd0 [ 48.126994] try_to_wake_up+0x8c/0x10f0 [ 48.126995] wake_up_process+0x10/0x20 [ 48.126995] __up.isra.0+0x136/0x1a0 [ 48.126996] up+0x95/0xe0 [ 48.126996] __up_console_sem+0xa0/0x150 [ 48.126997] console_unlock+0x44a/0xe50 [ 48.126998] vt_ioctl+0x1c4d/0x2030 [ 48.126998] tty_ioctl+0x438/0x12d0 [ 48.126999] do_vfs_ioctl+0x180/0xfb0 [ 48.127000] SyS_ioctl+0x74/0x80 [ 48.127000] do_syscall_64+0x1c7/0x5b0 [ 48.127001] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 48.127002] [ 48.127002] -> #0 ((console_sem).lock){....}: [ 48.127004] __lock_acquire+0x32ee/0x42d0 [ 48.127005] lock_acquire+0x17e/0x3e0 [ 48.127006] _raw_spin_lock_irqsave+0x99/0xd0 [ 48.127006] down_trylock+0x13/0x70 [ 48.127007] __down_trylock_console_sem+0x93/0x1a0 [ 48.127008] console_trylock+0x11/0x50 [ 48.127008] vprintk_emit+0x1ab/0x4e0 [ 48.127009] vprintk_default+0x1a/0x20 [ 48.127010] vprintk_func+0x49/0x130 [ 48.127010] printk+0x91/0xab [ 48.127011] debug_print_object.cold.8+0xa7/0xdb [ 48.127012] debug_check_no_obj_freed+0x4bc/0x890 [ 48.127013] kfree+0xbd/0x270 [ 48.127014] kvfree+0x2c/0x30 [ 48.127014] netdev_freemem+0x47/0x60 [ 48.127015] netdev_release+0x6a/0x80 [ 48.127015] device_release+0x134/0x170 [ 48.127016] kobject_put+0x14f/0x3d0 [ 48.127017] put_device+0x12/0x20 [ 48.127017] free_netdev+0x237/0x320 [ 48.127018] rtnl_newlink+0x1050/0x1520 [ 48.127019] rtnetlink_rcv_msg+0x34c/0x9e0 [ 48.127019] netlink_rcv_skb+0x12f/0x3b0 [ 48.127020] rtnetlink_rcv+0x10/0x20 [ 48.127021] netlink_unicast+0x40b/0x610 [ 48.127021] netlink_sendmsg+0x651/0xc10 [ 48.127022] sock_sendmsg+0xac/0xf0 [ 48.127023] ___sys_sendmsg+0x625/0x920 [ 48.127023] __sys_sendmsg+0xc1/0x140 [ 48.127024] SyS_sendmsg+0xd/0x20 [ 48.127025] do_syscall_64+0x1c7/0x5b0 [ 48.127025] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 48.127026] [ 48.127027] other info that might help us debug this: [ 48.127027] [ 48.127028] Chain exists of: [ 48.127028] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 48.127031] [ 48.127032] Possible unsafe locking scenario: [ 48.127032] [ 48.127033] CPU0 CPU1 [ 48.127034] ---- ---- [ 48.127034] lock(&obj_hash[i].lock); [ 48.127036] lock(hrtimer_bases.lock); [ 48.127037] lock(&obj_hash[i].lock); [ 48.127039] lock((console_sem).lock); [ 48.127040] [ 48.127041] *** DEADLOCK *** [ 48.127041] [ 48.127042] 2 locks held by syz-executor193/8295: [ 48.127042] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x2c0/0x9e0 [ 48.127045] #1: (&obj_hash[i].lock){-.-.}, at: [] debug_check_no_obj_freed+0x156/0x890 [ 48.127047] [ 48.127048] stack backtrace: [ 48.127049] CPU: 1 PID: 8295 Comm: syz-executor193 Not tainted 4.14.273-syzkaller #0 [ 48.127050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.127051] Call Trace: [ 48.127051] dump_stack+0x14b/0x1e7 [ 48.127052] print_circular_bug.isra.17.cold.40+0x2e3/0x41e [ 48.127053] ? save_trace+0xe0/0x290 [ 48.127053] __lock_acquire+0x32ee/0x42d0 [ 48.127054] ? trace_hardirqs_on+0x10/0x10 [ 48.127055] ? netdev_bits+0xa0/0xa0 [ 48.127055] ? trace_hardirqs_on+0x10/0x10 [ 48.127056] ? kvm_clock_read+0x23/0x40 [ 48.127057] ? kvm_sched_clock_read+0x9/0x20 [ 48.127057] lock_acquire+0x17e/0x3e0 [ 48.127058] ? down_trylock+0x13/0x70 [ 48.127059] ? vprintk_emit+0x1ab/0x4e0 [ 48.127059] _raw_spin_lock_irqsave+0x99/0xd0 [ 48.127060] ? down_trylock+0x13/0x70 [ 48.127061] down_trylock+0x13/0x70 [ 48.127061] ? vprintk_emit+0x1ab/0x4e0 [ 48.127062] __down_trylock_console_sem+0x93/0x1a0 [ 48.127063] console_trylock+0x11/0x50 [ 48.127063] vprintk_emit+0x1ab/0x4e0 [ 48.127064] ? work_on_cpu_safe+0x60/0x60 [ 48.127065] vprintk_default+0x1a/0x20 [ 48.127065] vprintk_func+0x49/0x130 [ 48.127066] ? work_on_cpu_safe+0x60/0x60 [ 48.127066] printk+0x91/0xab [ 48.127067] ? log_store.cold.10+0x11/0x11 [ 48.127068] ? lock_acquire+0x17e/0x3e0 [ 48.127069] ? debug_check_no_obj_freed+0x156/0x890 [ 48.127069] ? work_on_cpu_safe+0x60/0x60 [ 48.127070] debug_print_object.cold.8+0xa7/0xdb [ 48.127071] debug_check_no_obj_freed+0x4bc/0x890 [ 48.127071] ? debug_object_activate+0x4b0/0x4b0 [ 48.127072] kfree+0xbd/0x270 [ 48.127073] kvfree+0x2c/0x30 [ 48.127073] netdev_freemem+0x47/0x60 [ 48.127074] netdev_release+0x6a/0x80 [ 48.127075] device_release+0x134/0x170 [ 48.127075] kobject_put+0x14f/0x3d0 [ 48.127076] put_device+0x12/0x20 [ 48.127076] free_netdev+0x237/0x320 [ 48.127077] ? __netlink_ns_capable+0xc3/0xf0 [ 48.127078] rtnl_newlink+0x1050/0x1520 [ 48.127079] ? rtnl_newlink+0x31e/0x1520 [ 48.127079] ? rtnl_link_unregister+0x270/0x270 [ 48.127080] rtnetlink_rcv_msg+0x34c/0x9e0 [ 48.127081] ? rtnl_calcit.isra.11+0x340/0x340 [ 48.127082] ? __netlink_lookup+0x302/0x620 [ 48.127082] ? lock_downgrade+0x7f0/0x7f0 [ 48.127083] netlink_rcv_skb+0x12f/0x3b0 [ 48.127084] ? rtnl_calcit.isra.11+0x340/0x340 [ 48.127084] ? netlink_ack+0xaa0/0xaa0 [ 48.127085] ? netlink_deliver_tap+0x8e/0x920 [ 48.127086] rtnetlink_rcv+0x10/0x20 [ 48.127087] netlink_unicast+0x40b/0x610 [ 48.127087] ? netlink_sendskb+0x40/0x40 [ 48.127088] netlink_sendmsg+0x651/0xc10 [ 48.127089] ? nlmsg_notify+0x140/0x140 [ 48.127089] ? nlmsg_notify+0x140/0x140 [ 48.127090] sock_sendmsg+0xac/0xf0 [ 48.127090] ___sys_sendmsg+0x625/0x920 [ 48.127091] ? trace_hardirqs_on+0x10/0x10 [ 48.127092] ? copy_msghdr_from_user+0x440/0x440 [ 48.127092] ? __might_fault+0xf1/0x1b0 [ 48.127093] ? kasan_check_read+0x11/0x20 [ 48.127094] ? _copy_to_user+0x91/0xb0 [ 48.127094] ? move_addr_to_user+0xe8/0x160 [ 48.127095] ? __fdget+0xe/0x10 [ 48.127096] ? sockfd_lookup_light+0x1c/0x160 [ 48.127096] ? SyS_connect+0x2b0/0x2b0 [ 48.127097] __sys_sendmsg+0xc1/0x140 [ 48.127098] ? SyS_shutdown+0x180/0x180 [ 48.127098] ? fd_install+0x47/0x60 [ 48.127099] ? do_syscall_64+0x4c/0x5b0 [ 48.127099] ? __sys_sendmsg+0x140/0x140 [ 48.127100] SyS_sendmsg+0xd/0x20 [ 48.127101] do_syscall_64+0x1c7/0x5b0 [ 48.127101] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.127102] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 48.127103] RIP: 0033:0x7fa7fba6f399 [ 48.127104] RSP: 002b:00007ffcb641bf38 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 48.127105] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa7fba6f399 [ 48.127106] RDX: 0000000004040000 RSI: 0000000020000080 RDI: 0000000000000004 [ 48.127107] RBP: 00007ffcb641bf40 R08: 65732f636f72702f R09: 65732f636f72702f [ 48.127108] R10: 65732f636f72702f R11: 0000000000000246 R12: 00007fa7fba33280 [ 48.127109] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 49.216816] Shutting down cpus with NMI [ 50.235533] Kernel Offset: disabled [ 50.239137] Rebooting in 86400 seconds..