Warning: Permanently added '10.128.0.52' (ECDSA) to the list of known hosts. syzkaller login: [ 35.589961] IPVS: ftp: loaded support on port[0] = 21 [ 35.749642] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.756492] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.764896] device bridge_slave_0 entered promiscuous mode [ 35.783971] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.790442] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.797365] device bridge_slave_1 entered promiscuous mode [ 35.815583] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 35.833096] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 35.882571] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 35.902697] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 35.978486] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 35.985746] team0: Port device team_slave_0 added [ 36.002250] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 36.009383] team0: Port device team_slave_1 added [ 36.027255] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 36.046165] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 36.065570] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 36.085430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 36.226810] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.233273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.240248] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.246618] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 36.752064] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.803807] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 36.854311] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 36.860769] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 36.868047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 36.920490] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.406406] ================================================================== [ 38.416358] BUG: KASAN: use-after-free in update_blocked_averages+0x1533/0x1e00 [ 38.416425] kasan: CONFIG_KASAN_INLINE enabled [ 38.423825] Read of size 8 at addr ffff8801bf0d6ea0 by task syz-executor841/6015 [ 38.423835] [ 38.428427] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 38.435959] CPU: 1 PID: 6015 Comm: syz-executor841 Not tainted 4.20.0-rc1+ #289 [ 38.437576] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 38.445415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.452862] CPU: 0 PID: 6272 Comm: syz-executor841 Not tainted 4.20.0-rc1+ #289 [ 38.459077] Call Trace: [ 38.468432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.475883] dump_stack+0x244/0x39d [ 38.478460] RIP: 0010:vmalloc_fault+0x426/0x770 [ 38.487809] ? dump_stack_print_info.cold.1+0x20/0x20 [ 38.491428] Code: e0 e8 fe 25 47 00 48 b8 00 00 00 00 00 88 ff ff 48 ba 00 00 00 00 00 fc ff df 48 01 c3 4d 21 e5 4c 01 eb 48 89 d9 48 c1 e9 03 <80> 3c 11 00 0f 85 b2 02 00 00 48 8b 1b 31 ff 49 89 dc 49 83 e4 9f [ 38.496088] ? printk+0xa7/0xcf [ 38.501260] RSP: 0018:ffff8801d9d624c8 EFLAGS: 00010002 [ 38.520167] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 38.523435] RAX: ffff880000000000 RBX: 000f100180000040 RCX: 0001e20030000008 [ 38.528796] print_address_description.cold.7+0x9/0x1ff [ 38.533537] RDX: dffffc0000000000 RSI: ffffffff813864c2 RDI: 0000000000000007 [ 38.540804] kasan_report.cold.8+0x242/0x309 [ 38.546154] RBP: ffff8801d9d624f8 R08: ffff8801bbb56700 R09: 0000000000000000 [ 38.553431] ? update_blocked_averages+0x1533/0x1e00 [ 38.557825] R10: 0000000000000000 R11: 0000000000000000 R12: 000fffffc0000000 [ 38.565091] __asan_report_load8_noabort+0x14/0x20 [ 38.570298] R13: 000f880180000000 R14: ffffc90001159838 R15: 1ffffffff12a3f98 [ 38.577566] update_blocked_averages+0x1533/0x1e00 [ 38.582483] FS: 0000000001f7d880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 38.589750] ? find_held_lock+0x36/0x1c0 [ 38.594662] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.602884] ? set_next_entity+0xc70/0xc70 [ 38.606933] CR2: ffffc90001159838 CR3: 00000001ba705000 CR4: 00000000001406f0 [ 38.612815] ? find_held_lock+0x36/0x1c0 [ 38.617029] Call Trace: [ 38.624304] ? update_curr+0x4cf/0xbd0 [ 38.628344] Modules linked in: [ 38.630937] ? lock_downgrade+0x900/0x900 [ 38.634804] ---[ end trace f6450057874cc9c7 ]--- [ 38.638003] ? check_preemption_disabled+0x48/0x280 [ 38.642135] RIP: 0010:vmalloc_fault+0x426/0x770 [ 38.646880] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 38.651882] Code: e0 e8 fe 25 47 00 48 b8 00 00 00 00 00 88 ff ff 48 ba 00 00 00 00 00 fc ff df 48 01 c3 4d 21 e5 4c 01 eb 48 89 d9 48 c1 e9 03 <80> 3c 11 00 0f 85 b2 02 00 00 48 8b 1b 31 ff 49 89 dc 49 83 e4 9f [ 38.656551] ? zap_class+0x640/0x640 [ 38.661464] RSP: 0018:ffff8801d9d624c8 EFLAGS: 00010002 [ 38.680394] ? rcu_softirq_qs+0x20/0x20 [ 38.684105] RAX: ffff880000000000 RBX: 000f100180000040 RCX: 0001e20030000008 [ 38.689468] ? find_held_lock+0x36/0x1c0 [ 38.693427] RDX: dffffc0000000000 RSI: ffffffff813864c2 RDI: 0000000000000007 [ 38.700702] ? pick_next_task_fair+0x3ac/0x1b30 [ 38.704748] RBP: ffff8801d9d624f8 R08: ffff8801bbb56700 R09: 0000000000000000 [ 38.712019] ? lock_downgrade+0x900/0x900 [ 38.716672] R10: 0000000000000000 R11: 0000000000000000 R12: 000fffffc0000000 [ 38.723942] ? reweight_entity+0x10f0/0x10f0 [ 38.728070] R13: 000f880180000000 R14: ffffc90001159838 R15: 1ffffffff12a3f98 [ 38.735340] ? kasan_check_read+0x11/0x20 [ 38.739732] FS: 0000000001f7d880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 38.747021] ? do_raw_spin_unlock+0xa7/0x330 [ 38.751155] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.759412] ? do_raw_spin_trylock+0x270/0x270 [ 38.763806] CR2: ffffc90001159838 CR3: 00000001ba705000 CR4: 00000000001406f0 [ 38.763818] Kernel panic - not syncing: Fatal exception in interrupt [ 38.769700] ? lock_pin_lock+0x350/0x350 [ 38.792090] pick_next_task_fair+0x3c2/0x1b30 [ 38.796622] ? run_rebalance_domains+0x500/0x500 [ 38.801398] ? zap_class+0x640/0x640 [ 38.805121] ? mark_held_locks+0x130/0x130 [ 38.809362] ? find_held_lock+0x36/0x1c0 [ 38.813443] ? find_held_lock+0x36/0x1c0 [ 38.817515] ? dequeue_task_fair+0xf9/0x9a0 [ 38.821845] ? lock_downgrade+0x900/0x900 [ 38.825997] ? dequeue_entity+0x17f0/0x17f0 [ 38.830321] ? sched_clock_cpu+0x1b/0x1b0 [ 38.834476] ? record_times+0x1e/0x590 [ 38.838363] ? zap_class+0x640/0x640 [ 38.842092] ? psi_task_change+0x370/0x5f0 [ 38.846330] ? __lock_is_held+0xb5/0x140 [ 38.850409] ? deactivate_task+0xfd/0x3d0 [ 38.854566] __schedule+0x487/0x21d0 [ 38.858288] ? __sched_text_start+0x8/0x8 [ 38.862445] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.867553] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.872659] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 38.877246] ? trace_hardirqs_on+0xbd/0x310 [ 38.881578] ? kasan_check_read+0x11/0x20 [ 38.885729] ? hrtimer_start_range_ns+0x6c4/0xe00 [ 38.890581] ? trace_hardirqs_off_caller+0x310/0x310 [ 38.895686] ? tick_program_event+0xbe/0x130 [ 38.900105] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.905215] ? hrtimer_start_range_ns+0x6c4/0xe00 [ 38.910061] schedule+0xfe/0x460 [ 38.913435] ? __schedule+0x21d0/0x21d0 [ 38.917423] ? debug_object_free+0x690/0x690 [ 38.921845] ? find_held_lock+0x36/0x1c0 [ 38.925919] do_nanosleep+0x21e/0x750 [ 38.929731] ? lock_downgrade+0x900/0x900 [ 38.933885] ? schedule_timeout_idle+0x90/0x90 [ 38.938487] ? lock_release+0xa00/0xa00 [ 38.942461] ? perf_trace_sched_process_exec+0x860/0x860 [ 38.947923] ? kernel_wait4+0x2e0/0x3f0 [ 38.951914] ? memset+0x31/0x40 [ 38.955199] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.960737] ? __hrtimer_init+0xdb/0x240 [ 38.964807] hrtimer_nanosleep+0x2d4/0x620 [ 38.969052] ? nanosleep_copyout+0x130/0x130 [ 38.973465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.979005] ? clock_was_set_work+0x30/0x30 [ 38.983332] ? do_syscall_64+0x9a/0x820 [ 38.987309] ? do_syscall_64+0x9a/0x820 [ 38.991289] __x64_sys_nanosleep+0x1e7/0x280 [ 38.995701] ? hrtimer_nanosleep+0x620/0x620 [ 39.000118] do_syscall_64+0x1b9/0x820 [ 39.004013] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.009394] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.014336] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.019185] ? trace_hardirqs_on_caller+0x310/0x310 [ 39.024207] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.029228] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.034261] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.039114] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.044317] RIP: 0033:0x46c680 [ 39.047516] Code: 05 48 3d 01 f0 ff ff 0f 83 2d 59 f9 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 71 76 26 00 00 75 14 b8 23 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 04 59 f9 ff c3 48 83 ec 08 e8 9a 7e fd ff [ 39.066434] RSP: 002b:00007fff940d3628 EFLAGS: 00000246 ORIG_RAX: 0000000000000023 [ 39.074160] RAX: ffffffffffffffda RBX: 00000000000000fe RCX: 000000000046c680 [ 39.081430] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fff940d3630 [ 39.088698] RBP: 00000000000095b6 R08: 0000000000000001 R09: 0000000001f7d880 [ 39.095966] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000000fe [ 39.103235] R13: 00000000004024a0 R14: 0000000000000000 R15: 0000000000000000 [ 39.110515] [ 39.112141] Allocated by task 6272: [ 39.115777] save_stack+0x43/0xd0 [ 39.119239] kasan_kmalloc+0xc7/0xe0 [ 39.122961] kasan_slab_alloc+0x12/0x20 [ 39.126938] kmem_cache_alloc_node+0x144/0x730 [ 39.131519] __alloc_skb+0x119/0x770 [ 39.135232] alloc_skb_with_frags+0x133/0x7d0 [ 39.139750] sock_alloc_send_pskb+0x87a/0xaf0 [ 39.144250] sock_alloc_send_skb+0x32/0x40 [ 39.148488] __ip_append_data.isra.48+0x15b8/0x29b0 [ 39.153512] ip_make_skb+0x2aa/0x340 [ 39.157234] udp_sendmsg+0x2921/0x3c70 [ 39.161122] udpv6_sendmsg+0x182f/0x36b0 [ 39.165205] inet_sendmsg+0x1a1/0x690 [ 39.169041] sock_sendmsg+0xd5/0x120 [ 39.172758] ___sys_sendmsg+0x51d/0x930 [ 39.176734] __sys_sendmmsg+0x246/0x6d0 [ 39.180709] __x64_sys_sendmmsg+0x9d/0x100 [ 39.184947] do_syscall_64+0x1b9/0x820 [ 39.188838] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.194022] [ 39.195646] Freed by task 6272: [ 39.198931] save_stack+0x43/0xd0 [ 39.202405] __kasan_slab_free+0x102/0x150 [ 39.206648] kasan_slab_free+0xe/0x10 [ 39.210479] kmem_cache_free+0x83/0x290 [ 39.214453] kfree_skbmem+0x154/0x230 [ 39.218252] kfree_skb+0x1c3/0x580 [ 39.221791] vti_tunnel_xmit+0xc16/0x1730 [ 39.225951] dev_hard_start_xmit+0x295/0xc80 [ 39.230356] __dev_queue_xmit+0x2f71/0x3ad0 [ 39.234687] dev_queue_xmit+0x17/0x20 [ 39.238489] neigh_direct_output+0x15/0x20 [ 39.242724] ip_finish_output2+0xa63/0x1860 [ 39.247046] ip_finish_output+0x7fd/0xfa0 [ 39.251197] ip_output+0x21d/0x8d0 [ 39.254738] ip_local_out+0xc5/0x1b0 [ 39.258471] ip_send_skb+0x40/0xe0 [ 39.262018] udp_send_skb.isra.46+0x6ad/0x11c0 [ 39.266598] udp_sendmsg+0x296c/0x3c70 [ 39.270489] udpv6_sendmsg+0x182f/0x36b0 [ 39.274552] inet_sendmsg+0x1a1/0x690 [ 39.278357] sock_sendmsg+0xd5/0x120 [ 39.282081] ___sys_sendmsg+0x51d/0x930 [ 39.286058] __sys_sendmmsg+0x246/0x6d0 [ 39.290035] __x64_sys_sendmmsg+0x9d/0x100 [ 39.294273] do_syscall_64+0x1b9/0x820 [ 39.298174] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.303355] [ 39.304995] The buggy address belongs to the object at ffff8801bf0d6e40 [ 39.304995] which belongs to the cache skbuff_head_cache of size 232 [ 39.318175] The buggy address is located 96 bytes inside of [ 39.318175] 232-byte region [ffff8801bf0d6e40, ffff8801bf0d6f28) [ 39.329963] The buggy address belongs to the page: [ 39.334890] page:ffffea0006fc3580 count:1 mapcount:0 mapping:ffff8801d9a1c0c0 index:0x0 [ 39.343040] flags: 0x2fffc0000000200(slab) [ 39.347280] raw: 02fffc0000000200 ffffea0006fc33c8 ffff8801d9a83948 ffff8801d9a1c0c0 [ 39.355168] raw: 0000000000000000 ffff8801bf0d6080 000000010000000c 0000000000000000 [ 39.363039] page dumped because: kasan: bad access detected [ 39.368738] [ 39.370357] Memory state around the buggy address: [ 39.375291] ffff8801bf0d6d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 39.382658] ffff8801bf0d6e00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 39.390016] >ffff8801bf0d6e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.397371] ^ [ 39.401787] ffff8801bf0d6f00: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 39.409148] ffff8801bf0d6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.416498] ================================================================== [ 39.914601] Shutting down cpus with NMI [ 39.919441] Kernel Offset: disabled [ 39.923059] [ 39.923063] ====================================================== [ 39.923066] WARNING: possible circular locking dependency detected [ 39.923068] 4.20.0-rc1+ #289 Not tainted [ 39.923072] ------------------------------------------------------ [ 39.923075] syz-executor841/6015 is trying to acquire lock: [ 39.923076] 0000000035b64446 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70 [ 39.923085] [ 39.923087] but task is already holding lock: [ 39.923089] 00000000073ef5c4 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.923097] [ 39.923100] which lock already depends on the new lock. [ 39.923101] [ 39.923102] [ 39.923105] the existing dependency chain (in reverse order) is: [ 39.923107] [ 39.923108] -> #3 (report_lock){....}: [ 39.923116] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.923118] kasan_report+0x8b/0x110 [ 39.923121] __asan_report_load8_noabort+0x14/0x20 [ 39.923123] update_blocked_averages+0x1533/0x1e00 [ 39.923126] pick_next_task_fair+0x3c2/0x1b30 [ 39.923128] __schedule+0x487/0x21d0 [ 39.923130] schedule+0xfe/0x460 [ 39.923132] do_nanosleep+0x21e/0x750 [ 39.923135] hrtimer_nanosleep+0x2d4/0x620 [ 39.923137] __x64_sys_nanosleep+0x1e7/0x280 [ 39.923140] do_syscall_64+0x1b9/0x820 [ 39.923142] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.923144] [ 39.923145] -> #2 (&rq->lock){-.-.}: [ 39.923152] _raw_spin_lock+0x2d/0x40 [ 39.923155] task_fork_fair+0xb0/0x6d0 [ 39.923157] sched_fork+0x443/0xba0 [ 39.923159] copy_process+0x25b8/0x87a0 [ 39.923161] _do_fork+0x1cb/0x11d0 [ 39.923163] kernel_thread+0x34/0x40 [ 39.923166] rest_init+0x28/0x372 [ 39.923168] arch_call_rest_init+0xe/0x1b [ 39.923170] start_kernel+0x9f0/0xa2b [ 39.923173] x86_64_start_reservations+0x2e/0x30 [ 39.923175] x86_64_start_kernel+0x76/0x79 [ 39.923178] secondary_startup_64+0xa4/0xb0 [ 39.923179] [ 39.923180] -> #1 (&p->pi_lock){-.-.}: [ 39.923188] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.923190] try_to_wake_up+0xdc/0x1490 [ 39.923192] wake_up_process+0x10/0x20 [ 39.923195] __up.isra.1+0x1c0/0x2a0 [ 39.923197] up+0x13c/0x1c0 [ 39.923199] __up_console_sem+0xbe/0x1b0 [ 39.923201] console_unlock+0x811/0x1190 [ 39.923204] vprintk_emit+0x391/0x990 [ 39.923206] vprintk_default+0x28/0x30 [ 39.923208] vprintk_func+0x7e/0x181 [ 39.923210] printk+0xa7/0xcf [ 39.923213] do_exit.cold.18+0x57/0x16f [ 39.923215] do_group_exit+0x177/0x440 [ 39.923217] __x64_sys_exit_group+0x3e/0x50 [ 39.923220] do_syscall_64+0x1b9/0x820 [ 39.923223] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.923224] [ 39.923225] -> #0 ((console_sem).lock){-.-.}: [ 39.923233] lock_acquire+0x1ed/0x520 [ 39.923236] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.923238] down_trylock+0x13/0x70 [ 39.923240] __down_trylock_console_sem+0xae/0x1f0 [ 39.923243] console_trylock+0x15/0xa0 [ 39.923245] vprintk_emit+0x372/0x990 [ 39.923247] vprintk_default+0x28/0x30 [ 39.923250] vprintk_func+0x7e/0x181 [ 39.923252] printk+0xa7/0xcf [ 39.923254] kasan_report+0x9b/0x110 [ 39.923256] __asan_report_load8_noabort+0x14/0x20 [ 39.923259] update_blocked_averages+0x1533/0x1e00 [ 39.923262] pick_next_task_fair+0x3c2/0x1b30 [ 39.923264] __schedule+0x487/0x21d0 [ 39.923266] schedule+0xfe/0x460 [ 39.923269] do_nanosleep+0x21e/0x750 [ 39.923271] hrtimer_nanosleep+0x2d4/0x620 [ 39.923274] __x64_sys_nanosleep+0x1e7/0x280 [ 39.923276] do_syscall_64+0x1b9/0x820 [ 39.923279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.923280] [ 39.923282] other info that might help us debug this: [ 39.923284] [ 39.923286] Chain exists of: [ 39.923287] (console_sem).lock --> &rq->lock --> report_lock [ 39.923296] [ 39.923298] Possible unsafe locking scenario: [ 39.923300] [ 39.923302] CPU0 CPU1 [ 39.923304] ---- ---- [ 39.923306] lock(report_lock); [ 39.923311] lock(&rq->lock); [ 39.923316] lock(report_lock); [ 39.923320] lock((console_sem).lock); [ 39.923324] [ 39.923326] *** DEADLOCK *** [ 39.923327] [ 39.923330] 2 locks held by syz-executor841/6015: [ 39.923331] #0: 0000000025d18683 (&rq->lock){-.-.}, at: update_blocked_averages+0x156/0x1e00 [ 39.923340] #1: 00000000073ef5c4 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.923349] [ 39.923351] stack backtrace: [ 39.923355] CPU: 1 PID: 6015 Comm: syz-executor841 Not tainted 4.20.0-rc1+ #289 [ 39.923359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.923361] Call Trace: [ 39.923363] dump_stack+0x244/0x39d [ 39.923366] ? dump_stack_print_info.cold.1+0x20/0x20 [ 39.923368] ? vprintk_func+0x85/0x181 [ 39.923371] print_circular_bug.isra.35.cold.54+0x1bd/0x27d [ 39.923373] ? save_trace+0xe0/0x290 [ 39.923375] __lock_acquire+0x3399/0x4c20 [ 39.923377] ? mark_held_locks+0x130/0x130 [ 39.923380] ? mark_held_locks+0x130/0x130 [ 39.923382] ? rcu_softirq_qs+0x20/0x20 [ 39.923384] ? unwind_dump+0x190/0x190 [ 39.923393] ? is_bpf_text_address+0xd3/0x170 [ 39.923396] ? kernel_text_address+0x79/0xf0 [ 39.923398] ? __kernel_text_address+0xd/0x40 [ 39.923405] ? __save_stack_trace+0x8d/0xf0 [ 39.923408] ? add_lock_to_list.isra.28+0x1ec/0x4c0 [ 39.923410] ? save_trace+0x290/0x290 [ 39.923412] ? save_stack_trace+0x1a/0x20 [ 39.923414] ? save_trace+0xe0/0x290 [ 39.923416] ? zap_class+0x640/0x640 [ 39.923419] ? __lock_acquire+0x2aff/0x4c20 [ 39.923422] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.923424] lock_acquire+0x1ed/0x520 [ 39.923426] ? down_trylock+0x13/0x70 [ 39.923428] ? lock_release+0xa00/0xa00 [ 39.923431] ? trace_hardirqs_off+0xb8/0x310 [ 39.923433] ? vprintk_emit+0x1de/0x990 [ 39.923436] ? trace_hardirqs_on+0x310/0x310 [ 39.923438] ? trace_hardirqs_off+0xb8/0x310 [ 39.923441] ? log_store+0x344/0x4c0 [ 39.923443] ? vprintk_emit+0x372/0x990 [ 39.923445] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.923448] ? down_trylock+0x13/0x70 [ 39.923450] down_trylock+0x13/0x70 [ 39.923452] __down_trylock_console_sem+0xae/0x1f0 [ 39.923455] console_trylock+0x15/0xa0 [ 39.923457] vprintk_emit+0x372/0x990 [ 39.923459] ? wake_up_klogd+0x180/0x180 [ 39.923461] ? zap_class+0x640/0x640 [ 39.923464] ? __lock_acquire+0x62f/0x4c20 [ 39.923466] ? mark_held_locks+0x130/0x130 [ 39.923469] ? __update_load_avg_blocked_se+0x690/0x690 [ 39.923471] ? lock_acquire+0x1ed/0x520 [ 39.923473] vprintk_default+0x28/0x30 [ 39.923475] vprintk_func+0x7e/0x181 [ 39.923477] printk+0xa7/0xcf [ 39.923480] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 39.923482] ? kvm_clock_read+0x18/0x30 [ 39.923484] kasan_report+0x9b/0x110 [ 39.923487] ? update_blocked_averages+0x1533/0x1e00 [ 39.923490] __asan_report_load8_noabort+0x14/0x20 [ 39.923492] update_blocked_averages+0x1533/0x1e00 [ 39.923495] ? find_held_lock+0x36/0x1c0 [ 39.923497] ? set_next_entity+0xc70/0xc70 [ 39.923499] ? find_held_lock+0x36/0x1c0 [ 39.923501] ? update_curr+0x4cf/0xbd0 [ 39.923504] ? lock_downgrade+0x900/0x900 [ 39.923506] ? check_preemption_disabled+0x48/0x280 [ 39.923509] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 39.923511] ? zap_class+0x640/0x640 [ 39.923513] ? rcu_softirq_qs+0x20/0x20 [ 39.923516] ? find_held_lock+0x36/0x1c0 [ 39.923518] ? pick_next_task_fair+0x3ac/0x1b30 [ 39.923521] ? lock_downgrade+0x900/0x900 [ 39.923523] ? reweight_entity+0x10f0/0x10f0 [ 39.923525] ? kasan_check_read+0x11/0x20 [ 39.923528] ? do_raw_spin_unlock+0xa7/0x330 [ 39.923530] ? do_raw_spin_trylock+0x270/0x270 [ 39.923533] ? lock_pin_lock+0x350/0x350 [ 39.923535] pick_next_task_fair+0x3c2/0x1b30 [ 39.923538] ? run_rebalance_domains+0x500/0x500 [ 39.923540] ? zap_class+0x640/0x640 [ 39.923542] ? mark_held_locks+0x130/0x130 [ 39.923545] ? find_held_lock+0x36/0x1c0 [ 39.923547] ? find_held_lock+0x36/0x1c0 [ 39.923549] ? dequeue_task_fair+0xf9/0x9a0 [ 39.923552] ? lock_downgrade+0x900/0x900 [ 39.923554] ? dequeue_entity+0x17f0/0x17f0 [ 39.923556] ? sched_clock_cpu+0x1b/0x1b0 [ 39.923559] ? record_times+0x1e/0x590 [ 39.923561] ? zap_class+0x640/0x640 [ 39.923563] ? psi_task_change+0x370/0x5f0 [ 39.923565] ? __lock_is_held+0xb5/0x140 [ 39.923568] ? deactivate_task+0xfd/0x3d0 [ 39.923570] __schedule+0x487/0x21d0 [ 39.923572] ? __sched_text_start+0x8/0x8 [ 39.923575] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.923578] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.923580] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 39.923583] ? trace_hardirqs_on+0xbd/0x310 [ 39.923585] ? kasan_check_read+0x11/0x20 [ 39.923587] ? hrtimer_start_range_ns+0x6c4/0xe00 [ 39.923590] ? trace_hardirqs_off_caller+0x310/0x310 [ 39.923593] ? tick_program_event+0xbe/0x130 [ 39.923595] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.923598] ? hrtimer_start_range_ns+0x6c4/0xe00 [ 39.923600] schedule+0xfe/0x460 [ 39.923602] ? __schedule+0x21d0/0x21d0 [ 39.923605] ? debug_object_free+0x690/0x690 [ 39.923607] ? find_held_lock+0x36/0x1c0 [ 39.923609] do_nanosleep+0x21e/0x750 [ 39.923611] ? lock_downgrade+0x900/0x900 [ 39.923614] ? schedule_timeout_idle+0x90/0x90 [ 39.923616] ? lock_release+0xa00/0xa00 [ 39.923619] ? perf_trace_sched_process_exec+0x860/0x860 [ 39.923621] ? kernel_wait4+0x2e0/0x3f0 [ 39.923623] ? memset+0x31/0x40 [ 39.923626] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.923628] ? __hrtimer_init+0xdb/0x240 [ 39.923631] hrtimer_nanosleep+0x2d4/0x620 [ 39.923633] ? nanosleep_copyout+0x130/0x130 [ 39.923636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.923638] ? clock_was_set_work+0x30/0x30 [ 39.923641] ? do_syscall_64+0x9a/0x820 [ 39.923643] ? do_syscall_64+0x9a/0x820 [ 39.923645] __x64_sys_nanosleep+0x1e7/0x280 [ 39.923648] ? hrtimer_nanosleep+0x620/0x620 [ 39.923650] do_syscall_64+0x1b9/0x820 [ 39.923653] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.923656] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.923658] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.923661] ? trace_hardirqs_on_caller+0x310/0x310 [ 39.923664] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.923666] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.923669] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.923672] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.923674] RIP: 0033:0x46c680 [ 39.923681] Code: 05 48 3d 01 f0 ff ff 0f 83 2d 59 f9 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 71 76 26 00 00 75 14 b8 23 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 04 59 f9 ff c3 48 83 ec 08 e8 9a 7e fd ff [ 39.923684] RSP: 002b:00007fff940d3628 EFLAGS: 00000246 ORIG_RAX: 0000000000000023 [ 39.923690] Lost 4 message(s)! [ 40.960921] Rebooting in 86400 seconds..