[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.199491] can: request_module (can-proto-0) failed. [ 30.203743] can: request_module (can-proto-0) failed. [ 30.762083] IPVS: ftp: loaded support on port[0] = 21 [ 31.015235] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 31.641411] syz-executor0 (3627) used greatest stack depth: 15768 bytes left Warning: Permanently added '10.128.10.57' (ECDSA) to the list of known hosts. 2019/11/30 10:39:27 parsed 1 programs 2019/11/30 10:39:27 executed programs: 0 [ 38.506093] IPVS: ftp: loaded support on port[0] = 21 [ 38.636077] IPVS: ftp: loaded support on port[0] = 21 [ 38.699472] ================================================================== [ 38.707413] BUG: KASAN: stack-out-of-bounds in update_stack_state+0x5d9/0x670 [ 38.714665] Read of size 8 at addr ffff8801d8266a18 by task syz-executor1/3788 [ 38.721998] [ 38.723605] CPU: 0 PID: 3788 Comm: syz-executor1 Not tainted 4.14.0-syzkaller #0 [ 38.731114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.740450] Call Trace: [ 38.743020] dump_stack+0x145/0x1f0 [ 38.746631] ? arch_local_irq_restore+0x43/0x43 [ 38.751278] ? printk+0x91/0xab [ 38.754536] ? log_store.cold.32+0x22/0x22 [ 38.758760] print_address_description+0x6c/0x20b [ 38.763582] ? update_stack_state+0x5d9/0x670 [ 38.768069] kasan_report.cold.7+0x11a/0x2d3 [ 38.772464] __asan_report_load8_noabort+0x14/0x20 [ 38.777378] update_stack_state+0x5d9/0x670 [ 38.781679] ? zap_class+0x720/0x720 [ 38.785382] ? __read_once_size_nocheck.constprop.8+0x10/0x10 [ 38.791249] ? perf_trace_buf_update+0x58/0xb0 [ 38.795831] __unwind_start+0xf9/0x330 [ 38.799708] perf_callchain_kernel+0x23f/0x5a0 [ 38.804280] ? arch_perf_update_userpage+0x480/0x480 [ 38.809403] get_perf_callchain+0x436/0xe10 [ 38.813715] ? put_callchain_buffers+0x100/0x100 [ 38.818454] ? __task_pid_nr_ns+0x269/0x4b0 [ 38.822762] ? kvm_clock_read+0x25/0x30 [ 38.827153] ? kvm_sched_clock_read+0x9/0x20 [ 38.831541] ? sched_clock_cpu+0x1b/0x180 [ 38.835678] perf_callchain+0x125/0x170 [ 38.839648] perf_prepare_sample+0xdb6/0x1940 [ 38.844135] ? perf_output_sample+0x1c70/0x1c70 [ 38.848789] ? lock_release+0xcb0/0xcb0 [ 38.852751] ? perf_trace_run_bpf_submit+0x1dd/0x3d0 [ 38.857845] ? rcutorture_record_progress+0x10/0x10 [ 38.862871] perf_event_output_forward+0xdb/0x210 [ 38.867692] ? perf_prepare_sample+0x1940/0x1940 [ 38.872423] ? perf_trace_run_bpf_submit+0x1dd/0x3d0 [ 38.877502] ? perf_trace_run_bpf_submit+0x1dd/0x3d0 [ 38.882591] ? perf_tp_event+0xb60/0xb60 [ 38.886638] ? debug_check_no_locks_freed+0x310/0x310 [ 38.891813] __perf_event_overflow+0x1f1/0x4d0 [ 38.896379] ? __perf_event_account_interrupt+0x220/0x220 [ 38.901903] ? copy_trace+0x140/0x140 [ 38.905689] ? perf_prepare_sample+0x1940/0x1940 [ 38.910438] perf_swevent_overflow+0x1e9/0x310 [ 38.915008] ? __perf_event_overflow+0x4d0/0x4d0 [ 38.919756] ? __lock_is_held+0xbb/0x140 [ 38.923815] perf_swevent_event+0x15e/0x2f0 [ 38.928122] ___perf_sw_event+0x3e5/0x620 [ 38.932258] ? perf_swevent_put_recursion_context+0x60/0x60 [ 38.937947] ? lock_downgrade+0x830/0x830 [ 38.942147] ? __update_idle_core+0xbc/0x5f0 [ 38.946544] ? lock_release+0xcb0/0xcb0 [ 38.950509] ? __lock_is_held+0xbb/0x140 [ 38.954659] ? copy_trace+0x140/0x140 [ 38.958436] ? copy_trace+0x140/0x140 [ 38.962361] ? cpu_load_update_active+0x2b0/0x2b0 [ 38.967241] ? __lock_is_held+0xbb/0x140 [ 38.971323] __schedule+0xff3/0x1f70 [ 38.975022] ? __schedule+0xff3/0x1f70 [ 38.978890] ? perf_trace_lock+0x495/0x900 [ 38.983554] ? pci_mmcfg_check_reserved+0x120/0x120 [ 38.988558] ? plist_check_list+0x6a/0x90 [ 38.992694] ? plist_check_head+0xcf/0x120 [ 38.996926] ? plist_check_list+0x90/0x90 [ 39.001058] ? copy_trace+0x140/0x140 [ 39.004850] ? find_held_lock+0x3a/0x1d0 [ 39.008924] schedule+0xef/0x430 [ 39.012273] ? __schedule+0x1f70/0x1f70 [ 39.016240] ? lock_downgrade+0x830/0x830 [ 39.020365] ? lock_downgrade+0x830/0x830 [ 39.024509] ? do_raw_spin_unlock+0x1ec/0x2d0 [ 39.028981] ? do_raw_spin_trylock+0x190/0x190 [ 39.033545] ? lock_acquire+0x1dc/0x520 [ 39.037517] futex_wait_queue_me+0x3ce/0x850 [ 39.041908] ? refill_pi_state_cache.part.6+0x340/0x340 [ 39.047261] ? trace_hardirqs_on+0xd/0x10 [ 39.051409] ? _raw_spin_lock+0x32/0x40 [ 39.055370] ? futex_wait_setup+0x14e/0x370 [ 39.059681] ? futex_wake+0x890/0x890 [ 39.063462] ? lock_downgrade+0x830/0x830 [ 39.067583] ? lock_pi_update_atomic+0x100/0x100 [ 39.072331] ? futex_wake+0x2bd/0x890 [ 39.076116] futex_wait+0x3e7/0x930 [ 39.079746] ? futex_wait_setup+0x370/0x370 [ 39.084066] ? wake_up_q+0x9c/0xe0 [ 39.087590] ? futex_wake+0x237/0x890 [ 39.091378] ? get_futex_key+0x1c40/0x1c40 [ 39.095650] do_futex+0x8b1/0x2620 [ 39.099170] ? lock_downgrade+0x830/0x830 [ 39.103471] ? lock_acquire+0x1dc/0x520 [ 39.107435] ? get_unused_fd_flags+0x190/0x190 [ 39.112012] ? exit_robust_list+0x1b0/0x1b0 [ 39.116321] ? __lock_is_held+0xbb/0x140 [ 39.120435] ? __fd_install+0x258/0x6f0 [ 39.124433] ? __mutex_unlock_slowpath+0xf0/0x9f0 [ 39.129279] ? get_unused_fd_flags+0x190/0x190 [ 39.133862] ? wait_for_completion+0x920/0x920 [ 39.138447] ? lock_release+0xcb0/0xcb0 [ 39.142413] ? mark_held_locks+0xcc/0x160 [ 39.146633] ? do_raw_spin_trylock+0x190/0x190 [ 39.151205] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 39.156323] ? fd_install+0x47/0x60 [ 39.159944] ? SYSC_perf_event_open+0x1c0e/0x2990 [ 39.164785] ? up_read+0x1a/0x40 [ 39.169375] ? perf_event_set_output+0x520/0x520 [ 39.174123] ? vmalloc_fault+0xbd0/0xbd0 [ 39.178283] ? do_page_fault+0xd9/0x650 [ 39.182256] SyS_futex+0xf0/0x3e7 [ 39.185720] ? lockdep_sys_exit+0x43/0x60 [ 39.189866] ? do_futex+0x2620/0x2620 [ 39.193734] ? entry_SYSCALL_64_fastpath+0x5/0x9a [ 39.198571] ? trace_hardirqs_on_caller+0x40c/0x580 [ 39.203582] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 39.208337] entry_SYSCALL_64_fastpath+0x23/0x9a [ 39.213072] RIP: 0033:0x453ef9 [ 39.216240] RSP: 002b:00007f97d0f81ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 39.223925] RAX: ffffffffffffffda RBX: 000000000072bec8 RCX: 0000000000453ef9 [ 39.231182] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000072bec8 [ 39.238434] RBP: 0000000000000086 R08: 0000000000000000 R09: 000000000072bea0 [ 39.245684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 39.253369] R13: 00007ffc823a31df R14: 00007f97d0f829c0 R15: 0000000000000000 [ 39.260650] [ 39.262254] The buggy address belongs to the page: [ 39.267862] page:ffffea0007609980 count:0 mapcount:0 mapping: (null) index:0xffff8801d8266980 [ 39.277373] flags: 0x2fffc0000000000() [ 39.281237] raw: 02fffc0000000000 0000000000000000 ffff8801d8266980 00000000ffffffff [ 39.289095] raw: 0000000000000000 dead000000000200 ffff8801dac00dc0 0000000000000000 [ 39.297049] page dumped because: kasan: bad access detected [ 39.302744] [ 39.304435] Memory state around the buggy address: [ 39.309341] ffff8801d8266900: 00 00 00 00 00 00 f2 f3 f3 f3 f3 00 00 00 00 00 [ 39.316675] ffff8801d8266980: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 [ 39.324019] >ffff8801d8266a00: f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 00 [ 39.331355] ^ [ 39.335481] ffff8801d8266a80: 00 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 [ 39.342818] ffff8801d8266b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 [ 39.350429] ================================================================== [ 39.357787] Kernel panic - not syncing: panic_on_warn set ... [ 39.357787] [ 39.365128] CPU: 0 PID: 3788 Comm: syz-executor1 Tainted: G B 4.14.0-syzkaller #0 [ 39.374085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.383517] Call Trace: [ 39.386096] dump_stack+0x145/0x1f0 [ 39.389806] ? arch_local_irq_restore+0x43/0x43 [ 39.394490] ? vprintk_emit+0x29e/0x4f0 [ 39.398551] ? update_stack_state+0x5d9/0x670 [ 39.403040] panic+0x1a9/0x34e [ 39.406218] ? add_taint.cold.5+0x11/0x11 [ 39.410970] ? do_raw_spin_trylock+0x190/0x190 [ 39.415552] ? print_shadow_for_address+0xba/0x116 [ 39.420489] ? update_stack_state+0x5d9/0x670 [ 39.424973] kasan_end_report+0x47/0x4f [ 39.428939] kasan_report.cold.7+0x76/0x2d3 [ 39.433266] __asan_report_load8_noabort+0x14/0x20 [ 39.438175] update_stack_state+0x5d9/0x670 [ 39.442481] ? zap_class+0x720/0x720 [ 39.446198] ? __read_once_size_nocheck.constprop.8+0x10/0x10 [ 39.452241] ? perf_trace_buf_update+0x58/0xb0 [ 39.456840] __unwind_start+0xf9/0x330 [ 39.460911] perf_callchain_kernel+0x23f/0x5a0 [ 39.465584] ? arch_perf_update_userpage+0x480/0x480 [ 39.470699] get_perf_callchain+0x436/0xe10 [ 39.475012] ? put_callchain_buffers+0x100/0x100 [ 39.479871] ? __task_pid_nr_ns+0x269/0x4b0 [ 39.484623] ? kvm_clock_read+0x25/0x30 [ 39.488577] ? kvm_sched_clock_read+0x9/0x20 [ 39.492971] ? sched_clock_cpu+0x1b/0x180 [ 39.497138] perf_callchain+0x125/0x170 [ 39.501102] perf_prepare_sample+0xdb6/0x1940 [ 39.505597] ? perf_output_sample+0x1c70/0x1c70 [ 39.510254] ? lock_release+0xcb0/0xcb0 [ 39.514216] ? perf_trace_run_bpf_submit+0x1dd/0x3d0 [ 39.519402] ? rcutorture_record_progress+0x10/0x10 [ 39.524432] perf_event_output_forward+0xdb/0x210 [ 39.529269] ? perf_prepare_sample+0x1940/0x1940 [ 39.534004] ? perf_trace_run_bpf_submit+0x1dd/0x3d0 [ 39.539084] ? perf_trace_run_bpf_submit+0x1dd/0x3d0 [ 39.544279] ? perf_tp_event+0xb60/0xb60 [ 39.548516] ? debug_check_no_locks_freed+0x310/0x310 [ 39.553705] __perf_event_overflow+0x1f1/0x4d0 [ 39.558434] ? __perf_event_account_interrupt+0x220/0x220 [ 39.563975] ? copy_trace+0x140/0x140 [ 39.567761] ? perf_prepare_sample+0x1940/0x1940 [ 39.572541] perf_swevent_overflow+0x1e9/0x310 [ 39.577207] ? __perf_event_overflow+0x4d0/0x4d0 [ 39.581966] ? __lock_is_held+0xbb/0x140 [ 39.586551] perf_swevent_event+0x15e/0x2f0 [ 39.590862] ___perf_sw_event+0x3e5/0x620 [ 39.595018] ? perf_swevent_put_recursion_context+0x60/0x60 [ 39.600860] ? lock_downgrade+0x830/0x830 [ 39.604998] ? __update_idle_core+0xbc/0x5f0 [ 39.609405] ? lock_release+0xcb0/0xcb0 [ 39.613385] ? __lock_is_held+0xbb/0x140 [ 39.617470] ? copy_trace+0x140/0x140 [ 39.621272] ? copy_trace+0x140/0x140 [ 39.625057] ? cpu_load_update_active+0x2b0/0x2b0 [ 39.629923] ? __lock_is_held+0xbb/0x140 [ 39.633983] __schedule+0xff3/0x1f70 [ 39.637694] ? __schedule+0xff3/0x1f70 [ 39.641558] ? perf_trace_lock+0x495/0x900 [ 39.645803] ? pci_mmcfg_check_reserved+0x120/0x120 [ 39.650820] ? plist_check_list+0x6a/0x90 [ 39.654953] ? plist_check_head+0xcf/0x120 [ 39.659428] ? plist_check_list+0x90/0x90 [ 39.663563] ? copy_trace+0x140/0x140 [ 39.667353] ? find_held_lock+0x3a/0x1d0 [ 39.671440] schedule+0xef/0x430 [ 39.674798] ? __schedule+0x1f70/0x1f70 [ 39.678772] ? lock_downgrade+0x830/0x830 [ 39.682898] ? lock_downgrade+0x830/0x830 [ 39.687048] ? do_raw_spin_unlock+0x1ec/0x2d0 [ 39.691535] ? do_raw_spin_trylock+0x190/0x190 [ 39.696105] ? lock_acquire+0x1dc/0x520 [ 39.700092] futex_wait_queue_me+0x3ce/0x850 [ 39.704482] ? refill_pi_state_cache.part.6+0x340/0x340 [ 39.709827] ? trace_hardirqs_on+0xd/0x10 [ 39.713966] ? _raw_spin_lock+0x32/0x40 [ 39.717934] ? futex_wait_setup+0x14e/0x370 [ 39.722261] ? futex_wake+0x890/0x890 [ 39.726047] ? lock_downgrade+0x830/0x830 [ 39.730173] ? lock_pi_update_atomic+0x100/0x100 [ 39.735011] ? futex_wake+0x2bd/0x890 [ 39.738798] futex_wait+0x3e7/0x930 [ 39.742421] ? futex_wait_setup+0x370/0x370 [ 39.746734] ? wake_up_q+0x9c/0xe0 [ 39.750261] ? futex_wake+0x237/0x890 [ 39.754061] ? get_futex_key+0x1c40/0x1c40 [ 39.758316] do_futex+0x8b1/0x2620 [ 39.761835] ? lock_downgrade+0x830/0x830 [ 39.765971] ? lock_acquire+0x1dc/0x520 [ 39.769924] ? get_unused_fd_flags+0x190/0x190 [ 39.774498] ? exit_robust_list+0x1b0/0x1b0 [ 39.778799] ? __lock_is_held+0xbb/0x140 [ 39.782880] ? __fd_install+0x258/0x6f0 [ 39.786853] ? __mutex_unlock_slowpath+0xf0/0x9f0 [ 39.791685] ? get_unused_fd_flags+0x190/0x190 [ 39.796247] ? wait_for_completion+0x920/0x920 [ 39.800813] ? lock_release+0xcb0/0xcb0 [ 39.804793] ? mark_held_locks+0xcc/0x160 [ 39.808927] ? do_raw_spin_trylock+0x190/0x190 [ 39.813502] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 39.818612] ? fd_install+0x47/0x60 [ 39.822223] ? SYSC_perf_event_open+0x1c0e/0x2990 [ 39.827057] ? up_read+0x1a/0x40 [ 39.830421] ? perf_event_set_output+0x520/0x520 [ 39.835154] ? vmalloc_fault+0xbd0/0xbd0 [ 39.839215] ? do_page_fault+0xd9/0x650 [ 39.843182] SyS_futex+0xf0/0x3e7 [ 39.846614] ? lockdep_sys_exit+0x43/0x60 [ 39.850745] ? do_futex+0x2620/0x2620 [ 39.854529] ? entry_SYSCALL_64_fastpath+0x5/0x9a [ 39.859353] ? trace_hardirqs_on_caller+0x40c/0x580 [ 39.864364] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 39.869107] entry_SYSCALL_64_fastpath+0x23/0x9a [ 39.873852] RIP: 0033:0x453ef9 [ 39.877023] RSP: 002b:00007f97d0f81ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 39.885591] RAX: ffffffffffffffda RBX: 000000000072bec8 RCX: 0000000000453ef9 [ 39.892840] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000072bec8 [ 39.900087] RBP: 0000000000000086 R08: 0000000000000000 R09: 000000000072bea0 [ 39.907347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 39.914594] R13: 00007ffc823a31df R14: 00007f97d0f829c0 R15: 0000000000000000 [ 39.921888] [ 39.921890] ====================================================== [ 39.921891] WARNING: possible circular locking dependency detected [ 39.921893] 4.14.0-syzkaller #0 Not tainted [ 39.921894] ------------------------------------------------------ [ 39.921895] syz-executor1/3788 is trying to acquire lock: [ 39.921896] ((console_sem).lock){..-.}, at: [] down_trylock+0x13/0x70 [ 39.921900] [ 39.921902] but task is already holding lock: [ 39.921902] (report_lock){....}, at: [] kasan_report+0x6b/0xe0 [ 39.921906] [ 39.921907] which lock already depends on the new lock. [ 39.921908] [ 39.921909] [ 39.921911] the existing dependency chain (in reverse order) is: [ 39.921912] [ 39.921912] -> #3 (report_lock){....}: [ 39.921917] lock_acquire+0x1dc/0x520 [ 39.921918] _raw_spin_lock_irqsave+0x96/0xbf [ 39.921919] kasan_report+0x6b/0xe0 [ 39.921920] __asan_report_load8_noabort+0x14/0x20 [ 39.921922] update_stack_state+0x5d9/0x670 [ 39.921923] __unwind_start+0xf9/0x330 [ 39.921924] perf_callchain_kernel+0x23f/0x5a0 [ 39.921925] get_perf_callchain+0x436/0xe10 [ 39.921926] perf_callchain+0x125/0x170 [ 39.921927] perf_prepare_sample+0xdb6/0x1940 [ 39.921929] perf_event_output_forward+0xdb/0x210 [ 39.921930] __perf_event_overflow+0x1f1/0x4d0 [ 39.921931] perf_swevent_overflow+0x1e9/0x310 [ 39.921932] perf_swevent_event+0x15e/0x2f0 [ 39.921933] ___perf_sw_event+0x3e5/0x620 [ 39.921934] __schedule+0xff3/0x1f70 [ 39.921936] schedule+0xef/0x430 [ 39.921937] futex_wait_queue_me+0x3ce/0x850 [ 39.921938] futex_wait+0x3e7/0x930 [ 39.921939] do_futex+0x8b1/0x2620 [ 39.921940] SyS_futex+0xf0/0x3e7 [ 39.921941] entry_SYSCALL_64_fastpath+0x23/0x9a [ 39.921942] [ 39.921943] -> #2 (&rq->lock){-.-.}: [ 39.921947] lock_acquire+0x1dc/0x520 [ 39.921948] _raw_spin_lock+0x2a/0x40 [ 39.921950] task_fork_fair+0x8a/0x660 [ 39.921951] sched_fork+0x43b/0xb60 [ 39.921952] copy_process.part.37+0x18b0/0x4bc0 [ 39.921953] _do_fork+0x1a3/0xe70 [ 39.921954] kernel_thread+0x24/0x30 [ 39.921955] rest_init+0x1d/0xdf [ 39.921956] start_kernel+0x720/0x747 [ 39.921957] x86_64_start_reservations+0x29/0x2b [ 39.921959] x86_64_start_kernel+0x76/0x79 [ 39.921960] secondary_startup_64+0xa5/0xb0 [ 39.921961] [ 39.921961] -> #1 (&p->pi_lock){-.-.}: [ 39.921966] lock_acquire+0x1dc/0x520 [ 39.921967] _raw_spin_lock_irqsave+0x96/0xbf [ 39.921968] try_to_wake_up+0xc7/0x1400 [ 39.921969] wake_up_process+0x10/0x20 [ 39.921970] __up.isra.1+0x1b8/0x290 [ 39.921971] up+0x12f/0x1b0 [ 39.921973] __up_console_sem+0xa0/0x150 [ 39.921974] console_unlock+0x533/0xd20 [ 39.921975] vprintk_emit+0x29e/0x4f0 [ 39.921976] vprintk_default+0x1a/0x20 [ 39.921977] vprintk_func+0x22/0x53 [ 39.921978] printk+0x91/0xab [ 39.921979] do_exit.cold.20+0xed/0x1d2 [ 39.921980] do_group_exit+0x135/0x3b0 [ 39.921981] SyS_exit_group+0x18/0x20 [ 39.921983] entry_SYSCALL_64_fastpath+0x23/0x9a [ 39.921983] [ 39.921984] -> #0 ((console_sem).lock){..-.}: [ 39.921989] __lock_acquire+0x285e/0x4510 [ 39.921990] lock_acquire+0x1dc/0x520 [ 39.921991] _raw_spin_lock_irqsave+0x96/0xbf [ 39.921992] down_trylock+0x13/0x70 [ 39.921993] __down_trylock_console_sem+0x93/0x190 [ 39.921995] console_trylock+0x11/0xb0 [ 39.921996] vprintk_emit+0x295/0x4f0 [ 39.921997] vprintk_default+0x1a/0x20 [ 39.921998] vprintk_func+0x22/0x53 [ 39.921999] printk+0x91/0xab [ 39.922000] kasan_report+0x7b/0xe0 [ 39.922001] __asan_report_load8_noabort+0x14/0x20 [ 39.922002] update_stack_state+0x5d9/0x670 [ 39.922004] __unwind_start+0xf9/0x330 [ 39.922005] perf_callchain_kernel+0x23f/0x5a0 [ 39.922006] get_perf_callchain+0x436/0xe10 [ 39.922007] perf_callchain+0x125/0x170 [ 39.922008] perf_prepare_sample+0xdb6/0x1940 [ 39.922009] perf_event_output_forward+0xdb/0x210 [ 39.922011] __perf_event_overflow+0x1f1/0x4d0 [ 39.922012] perf_swevent_overflow+0x1e9/0x310 [ 39.922013] perf_swevent_event+0x15e/0x2f0 [ 39.922014] ___perf_sw_event+0x3e5/0x620 [ 39.922015] __schedule+0xff3/0x1f70 [ 39.922016] schedule+0xef/0x430 [ 39.922017] futex_wait_queue_me+0x3ce/0x850 [ 39.922018] futex_wait+0x3e7/0x930 [ 39.922020] do_futex+0x8b1/0x2620 [ 39.922021] SyS_futex+0xf0/0x3e7 [ 39.922022] entry_SYSCALL_64_fastpath+0x23/0x9a [ 39.922023] [ 39.922024] other info that might help us debug this: [ 39.922025] [ 39.922026] Chain exists of: [ 39.922027] (console_sem).lock --> &rq->lock --> report_lock [ 39.922033] [ 39.922034] Possible unsafe locking scenario: [ 39.922035] [ 39.922036] CPU0 CPU1 [ 39.922037] ---- ---- [ 39.922038] lock(report_lock); [ 39.922041] lock(&rq->lock); [ 39.922047] lock(report_lock); [ 39.922050] lock((console_sem).lock); [ 39.922053] [ 39.922054] *** DEADLOCK *** [ 39.922055] [ 39.922056] 4 locks held by syz-executor1/3788: [ 39.922057] #0: (&rq->lock){-.-.}, at: [] __schedule+0x246/0x1f70 [ 39.922061] #1: (rcu_read_lock){....}, at: [] ___perf_sw_event+0x1e5/0x620 [ 39.922066] #2: (rcu_read_lock){....}, at: [] perf_event_output_forward+0x0/0x210 [ 39.922070] #3: (report_lock){....}, at: [] kasan_report+0x6b/0xe0 [ 39.922075] [ 39.922076] stack backtrace: [ 39.922077] CPU: 0 PID: 3788 Comm: syz-executor1 Not tainted 4.14.0-syzkaller #0 [ 39.922079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.922080] Call Trace: [ 39.922081] dump_stack+0x145/0x1f0 [ 39.922082] ? arch_local_irq_restore+0x43/0x43 [ 39.922083] ? print_lock+0x9d/0xa0 [ 39.922084] print_circular_bug.cold.66+0x218/0x387 [ 39.922086] ? save_stack_trace+0x1a/0x20 [ 39.922087] check_prev_add+0xc04/0x1430 [ 39.922088] ? graph_lock+0x160/0x160 [ 39.922089] ? check_usage+0x720/0x720 [ 39.922090] ? check_prev_add+0x894/0x1430 [ 39.922092] ? __kernel_text_address+0xd/0x40 [ 39.922093] ? graph_lock+0x160/0x160 [ 39.922094] __lock_acquire+0x285e/0x4510 [ 39.922095] ? save_stack_trace+0x1a/0x20 [ 39.922096] ? debug_check_no_locks_freed+0x310/0x310 [ 39.922097] ? perf_tp_event+0xb60/0xb60 [ 39.922098] ? debug_check_no_locks_freed+0x310/0x310 [ 39.922099] ? memset+0x31/0x40 [ 39.922101] ? perf_trace_lock+0x495/0x900 [ 39.922102] ? zap_class+0x720/0x720 [ 39.922103] ? copy_trace+0x140/0x140 [ 39.922104] ? search_extable+0x69/0x80 [ 39.922105] lock_acquire+0x1dc/0x520 [ 39.922106] ? down_trylock+0x13/0x70 [ 39.922107] ? lock_release+0xcb0/0xcb0 [ 39.922108] ? lock_acquire+0x1dc/0x520 [ 39.922109] ? kvm_sched_clock_read+0x9/0x20 [ 39.922110] ? sched_clock+0x31/0x40 [ 39.922112] ? sched_clock_cpu+0x1b/0x180 [ 39.922113] ? vprintk_emit+0x295/0x4f0 [ 39.922114] _raw_spin_lock_irqsave+0x96/0xbf [ 39.922115] ? down_trylock+0x13/0x70 [ 39.922116] down_trylock+0x13/0x70 [ 39.922117] ? vprintk_emit+0x295/0x4f0 [ 39.922118] __down_trylock_console_sem+0x93/0x190 [ 39.922119] console_trylock+0x11/0xb0 [ 39.922120] ? trace_hardirqs_off+0xd/0x10 [ 39.922122] vprintk_emit+0x295/0x4f0 [ 39.922123] ? update_stack_state+0x5d9/0x670 [ 39.922124] vprintk_default+0x1a/0x20 [ 39.922125] vprintk_func+0x22/0x53 [ 39.922126] printk+0x91/0xab [ 39.922127] ? log_store.cold.32+0x22/0x22 [ 39.922128] ? update_stack_state+0x5d9/0x670 [ 39.922129] kasan_report+0x7b/0xe0 [ 39.922130] __asan_report_load8_noabort+0x14/0x20 [ 39.922132] update_stack_state+0x5d9/0x670 [ 39.922133] ? zap_class+0x720/0x720 [ 39.922134] ? __read_once_size_nocheck.constprop.8+0x10/0x10 [ 39.922135] ? perf_trace_buf_update+0x58/0xb0 [ 39.922136] __unwind_start+0xf9/0x330 [ 39.922137] perf_callchain_kernel+0x23f/0x5a0 [ 39.922139] ? arch_perf_update_userpage+0x480/0x480 [ 39.922140] get_perf_callchain+0x436/0xe10 [ 39.922141] ? put_callchain_buffers+0x100/0x100 [ 39.922142] ? __task_pid_nr_ns+0x269/0x4b0 [ 39.922143] ? kvm_clock_read+0x25/0x30 [ 39.922144] ? kvm_sched_clock_read+0x9/0x20 [ 39.922145] ? sched_clock_cpu+0x1b/0x180 [ 39.922146] perf_callchain+0x125/0x170 [ 39.922148] perf_prepare_sample+0xdb6/0x1940 [ 39.922149] ? perf_output_sample+0x1c70/0x1c70 [ 39.922150] ? lock_release+0xcb0/0xcb0 [ 39.922151] ? perf_trace_run_bpf_submit+0x1dd/0x3d0 [ 39.922152] ? rcutorture_record_progress+0x10/0x10 [ 39.922154] perf_event_output_forward+0xdb/0x210 [ 39.922155] ? perf_prepare_sample+0x1940/0x1940 [ 39.922156] ? perf_trace_run_bpf_submit+0x1dd/0x3d0 [ 39.922157] ? perf_trace_run_bpf_submit+0x1dd/0x3d0 [ 39.922158] ? perf_tp_event+0xb60/0xb60 [ 39.922159] ? debug_check_no_locks_freed+0x310/0x310 [ 39.922161] __perf_event_overflow+0x1f1/0x4d0 [ 39.922162] ? __perf_event_account_interrupt+0x220/0x220 [ 39.922163] ? copy_trace+0x140/0x140 [ 39.922164] ? perf_prepare_sample+0x1940/0x1940 [ 39.922165] perf_swevent_overflow+0x1e9/0x310 [ 39.922166] ? __perf_event_overflow+0x4d0/0x4d0 [ 39.922168] ? __lock_is_held+0xbb/0x140 [ 39.922169] perf_swevent_event+0x15e/0x2f0 [ 39.922170] ___perf_sw_event+0x3e5/0x620 [ 39.922171] ? perf_swevent_put_recursion_context+0x60/0x60 [ 39.922173] ? lock_downgrade+0x830/0x830 [ 39.922174] ? __update_idle_core+0xbc/0x5f0 [ 39.922175] ? lock_release+0xcb0/0xcb0 [ 39.922176] ? __lock_is_held+0xbb/0x140 [ 39.922177] ? copy_trace+0x140/0x140 [ 39.922178] ? copy_trace+0x140/0x140 [ 39.922179] ? cpu_load_update_active+0x2b0/0x2b0 [ 39.922180] ? __lock_is_held+0xbb/0x140 [ 39.922182] __schedule+0xff3/0x1f70 [ 39.922183] ? __schedule+0xff3/0x1f70 [ 39.922184] ? perf_trace_lock+0x495/0x900 [ 39.922185] ? pci_mmcfg_check_reserved+0x120/0x120 [ 39.922186] ? plist_check_list+0x6a/0x90 [ 39.922187] ? plist_check_head+0xcf/0x120 [ 39.922188] ? plist_check_list+0x90/0x90 [ 39.922189] ? copy_trace+0x140/0x140 [ 39.922191] ? find_held_lock+0x3a/0x1d0 [ 39.922192] schedule+0xef/0x430 [ 39.922193] ? __schedule+0x1f70/0x1f70 [ 39.922194] ? lock_downgrade+0x830/0x830 [ 39.922195] ? lock_downgrade+0x830/0x830 [ 39.922196] ? do_raw_spin_unlock+0x1ec/0x2d0 [ 39.922197] ? do_raw_spin_trylock+0x190/0x190 [ 39.922198] ? lock_acquire+0x1dc/0x520 [ 39.922199] futex_wait_queue_me+0x3ce/0x850 [ 39.922201] ? refill_pi_state_cache.part.6+0x340/0x340 [ 39.922202] ? trace_hardirqs_on+0xd/0x10 [ 39.922203] ? _raw_spin_lock+0x32/0x40 [ 39.922204] ? futex_wait_setup+0x14e/0x370 [ 39.922205] ? futex_wake+0x8 [ 39.922208] Lost 43 message(s)! [ 40.997659] Shutting down cpus with NMI [ 42.058722] Kernel Offset: disabled [ 42.062366] Rebooting in 86400 seconds..