[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 27.330921] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 31.018846] random: sshd: uninitialized urandom read (32 bytes read) [ 31.419794] random: sshd: uninitialized urandom read (32 bytes read) [ 32.033362] random: sshd: uninitialized urandom read (32 bytes read) [ 32.260028] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.19' (ECDSA) to the list of known hosts. [ 37.838420] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 37.969522] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 37.997384] ================================================================== [ 38.007041] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 38.013258] Read of size 8 at addr ffff8801ba628058 by task syz-executor213/5403 [ 38.020766] [ 38.022382] CPU: 0 PID: 5403 Comm: syz-executor213 Not tainted 4.19.0-rc2+ #4 [ 38.029636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.038992] Call Trace: [ 38.041667] dump_stack+0x1c4/0x2b4 [ 38.045283] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.050463] ? printk+0xa7/0xcf [ 38.053781] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 38.058533] print_address_description.cold.8+0x9/0x1ff [ 38.064018] kasan_report.cold.9+0x242/0x309 [ 38.068420] ? __schedule+0xfc3/0x1ed0 [ 38.072297] __asan_report_load8_noabort+0x14/0x20 [ 38.077215] __schedule+0xfc3/0x1ed0 [ 38.080920] ? __sched_text_start+0x8/0x8 [ 38.085057] ? __lock_is_held+0xb5/0x140 [ 38.089107] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.094203] ? find_held_lock+0x36/0x1c0 [ 38.098252] ? __call_srcu+0x7f9/0x1070 [ 38.102222] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.107309] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.112399] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.116972] ? preempt_schedule+0x4d/0x60 [ 38.121105] preempt_schedule_common+0x1f/0xd0 [ 38.125673] preempt_schedule+0x4d/0x60 [ 38.129635] ___preempt_schedule+0x16/0x18 [ 38.133869] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.138798] __call_srcu+0x7f9/0x1070 [ 38.142594] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.147797] ? srcu_offline_cpu+0x120/0x120 [ 38.152224] ? debug_object_free+0x690/0x690 [ 38.156722] ? mark_held_locks+0x130/0x130 [ 38.160946] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.165525] ? lock_release+0x970/0x970 [ 38.169483] ? arch_local_save_flags+0x40/0x40 [ 38.174048] ? depot_save_stack+0x292/0x470 [ 38.178386] ? __lockdep_init_map+0x105/0x590 [ 38.182883] ? __init_waitqueue_head+0x9e/0x150 [ 38.187550] ? init_wait_entry+0x1c0/0x1c0 [ 38.191771] __synchronize_srcu+0x17b/0x230 [ 38.196076] ? call_srcu+0x10/0x10 [ 38.199599] ? rcu_unexpedite_gp+0x20/0x20 [ 38.203820] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.209339] ? check_preemption_disabled+0x48/0x200 [ 38.214344] synchronize_srcu+0x356/0x5ab [ 38.218494] ? lock_downgrade+0x900/0x900 [ 38.222632] ? synchronize_srcu_expedited+0x20/0x20 [ 38.227636] ? kasan_check_read+0x11/0x20 [ 38.231771] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.236342] ? kasan_check_write+0x14/0x20 [ 38.240567] ? do_raw_spin_lock+0xc1/0x200 [ 38.244796] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.250496] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.255935] ? kvfree+0x61/0x70 [ 38.259199] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.264205] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.268252] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.272645] ? kvm_arch_sync_events+0x30/0x30 [ 38.277130] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.282654] ? mmu_notifier_unregister+0x474/0x600 [ 38.287570] ? kfree+0x107/0x230 [ 38.290924] ? __mmu_notifier_register+0x30/0x30 [ 38.295667] ? __free_pages+0x10a/0x190 [ 38.299636] ? free_unref_page+0x960/0x960 [ 38.303903] kvm_put_kvm+0x6c8/0xff0 [ 38.307632] ? kvm_write_guest_cached+0x40/0x40 [ 38.312399] ? kvm_irqfd_release+0xd1/0x120 [ 38.316711] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.321196] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.325686] ? kasan_check_write+0x14/0x20 [ 38.329907] ? do_raw_spin_lock+0xc1/0x200 [ 38.334125] ? kvm_irqfd_release+0xdd/0x120 [ 38.338534] ? kvm_irqfd_release+0xdd/0x120 [ 38.342859] ? kvm_put_kvm+0xff0/0xff0 [ 38.346752] kvm_vm_release+0x42/0x50 [ 38.350538] __fput+0x385/0xa30 [ 38.353819] ? get_max_files+0x20/0x20 [ 38.357705] ? trace_hardirqs_on+0xbd/0x310 [ 38.362014] ? ___might_sleep+0x1ed/0x300 [ 38.366142] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.371673] ? arch_local_save_flags+0x40/0x40 [ 38.376340] ? kasan_check_write+0x14/0x20 [ 38.380578] ? do_raw_spin_lock+0xc1/0x200 [ 38.384796] ____fput+0x15/0x20 [ 38.388069] task_work_run+0x1e8/0x2a0 [ 38.391937] ? task_work_cancel+0x240/0x240 [ 38.396270] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.401790] ? switch_task_namespaces+0x9d/0xd0 [ 38.406445] do_exit+0x1ad7/0x2610 [ 38.409983] ? mm_update_next_owner+0x990/0x990 [ 38.414668] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 38.418885] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.423880] ? kfree+0x1fa/0x230 [ 38.427232] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 38.431451] ? kvm_vcpu_block+0x1030/0x1030 [ 38.435791] ? is_bpf_text_address+0xd3/0x170 [ 38.440269] ? kernel_text_address+0x79/0xf0 [ 38.444662] ? __kernel_text_address+0xd/0x40 [ 38.449139] ? unwind_get_return_address+0x61/0xa0 [ 38.454236] ? __save_stack_trace+0x8d/0xf0 [ 38.458548] ? save_stack+0xa9/0xd0 [ 38.462159] ? save_stack+0x43/0xd0 [ 38.465774] ? __kasan_slab_free+0x102/0x150 [ 38.470165] ? kasan_slab_free+0xe/0x10 [ 38.474122] ? putname+0xf2/0x130 [ 38.477560] ? __x64_sys_openat+0x9d/0x100 [ 38.481779] ? do_syscall_64+0x1b9/0x820 [ 38.485822] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.491170] ? trace_hardirqs_off+0xb8/0x310 [ 38.495562] ? kasan_check_read+0x11/0x20 [ 38.499696] ? do_raw_spin_unlock+0xa7/0x2f0 [ 38.504086] ? trace_hardirqs_on+0x310/0x310 [ 38.508480] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 38.513570] ? trace_hardirqs_off+0xb8/0x310 [ 38.517972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.523493] ? check_preemption_disabled+0x48/0x200 [ 38.528488] ? check_preemption_disabled+0x48/0x200 [ 38.533502] ? kvm_vcpu_block+0x1030/0x1030 [ 38.537822] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.543346] ? do_vfs_ioctl+0x201/0x1720 [ 38.547395] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 38.552663] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 38.557727] ? __fget_light+0x2e9/0x430 [ 38.561692] ? fget_raw+0x20/0x20 [ 38.565134] ? smack_file_lock+0x2e0/0x2e0 [ 38.569354] do_group_exit+0x177/0x440 [ 38.573224] ? trace_hardirqs_on+0xbd/0x310 [ 38.577529] ? __ia32_sys_exit+0x50/0x50 [ 38.581571] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.587002] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.592526] ? ksys_ioctl+0x81/0xd0 [ 38.596187] __x64_sys_exit_group+0x3e/0x50 [ 38.600502] do_syscall_64+0x1b9/0x820 [ 38.604421] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.609779] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.614695] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.619526] ? trace_hardirqs_on_caller+0x310/0x310 [ 38.624526] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.629523] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.634521] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.639348] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.644517] RIP: 0033:0x43f008 [ 38.647693] Code: f6 ea 66 c1 e8 08 89 c1 44 89 c0 c0 f8 07 c0 f9 02 29 c1 8d 0c 89 01 c9 41 29 c8 41 83 c0 30 44 88 46 05 44 0f b6 47 03 44 89 41 c0 f8 07 f6 ea 66 c1 e8 08 89 c1 c0 f9 02 44 29 c1 89 c8 89 [ 38.666579] RSP: 002b:00007ffc08478b38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.674267] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f008 [ 38.681520] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.688771] RBP: 00000000004be8c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.696020] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 38.703272] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 38.710530] [ 38.712147] Allocated by task 5403: [ 38.715761] save_stack+0x43/0xd0 [ 38.719194] kasan_kmalloc+0xc7/0xe0 [ 38.722888] kasan_slab_alloc+0x12/0x20 [ 38.726842] kmem_cache_alloc+0x12e/0x730 [ 38.731016] vmx_create_vcpu+0xcf/0x25e0 [ 38.735063] kvm_arch_vcpu_create+0xe5/0x220 [ 38.739451] kvm_vm_ioctl+0x470/0x1d40 [ 38.743319] do_vfs_ioctl+0x1de/0x1720 [ 38.747186] ksys_ioctl+0xa9/0xd0 [ 38.750619] __x64_sys_ioctl+0x73/0xb0 [ 38.754488] do_syscall_64+0x1b9/0x820 [ 38.758359] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.763521] [ 38.765131] Freed by task 5403: [ 38.768390] save_stack+0x43/0xd0 [ 38.771820] __kasan_slab_free+0x102/0x150 [ 38.776035] kasan_slab_free+0xe/0x10 [ 38.779817] kmem_cache_free+0x83/0x290 [ 38.783835] vmx_free_vcpu+0x26b/0x300 [ 38.787710] kvm_arch_destroy_vm+0x365/0x7c0 [ 38.792104] kvm_put_kvm+0x6c8/0xff0 [ 38.795800] kvm_vm_release+0x42/0x50 [ 38.799580] __fput+0x385/0xa30 [ 38.802840] ____fput+0x15/0x20 [ 38.806107] task_work_run+0x1e8/0x2a0 [ 38.809990] do_exit+0x1ad7/0x2610 [ 38.813519] do_group_exit+0x177/0x440 [ 38.817394] __x64_sys_exit_group+0x3e/0x50 [ 38.821705] do_syscall_64+0x1b9/0x820 [ 38.825644] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.830813] [ 38.832422] The buggy address belongs to the object at ffff8801ba628040 [ 38.832422] which belongs to the cache kvm_vcpu of size 23872 [ 38.845035] The buggy address is located 24 bytes inside of [ 38.845035] 23872-byte region [ffff8801ba628040, ffff8801ba62dd80) [ 38.856981] The buggy address belongs to the page: [ 38.861900] page:ffffea0006e98a00 count:1 mapcount:0 mapping:ffff8801d67091c0 index:0x0 compound_mapcount: 0 [ 38.871850] flags: 0x2fffc0000008100(slab|head) [ 38.876501] raw: 02fffc0000008100 ffff8801d5780848 ffff8801d5780848 ffff8801d67091c0 [ 38.884363] raw: 0000000000000000 ffff8801ba628040 0000000100000001 0000000000000000 [ 38.892221] page dumped because: kasan: bad access detected [ 38.897907] [ 38.899510] Memory state around the buggy address: [ 38.904419] ffff8801ba627f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.911821] ffff8801ba627f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.919166] >ffff8801ba628000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 38.926564] ^ [ 38.932782] ffff8801ba628080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.940118] ffff8801ba628100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.947457] ================================================================== [ 38.954858] Kernel panic - not syncing: panic_on_warn set ... [ 38.954858] [ 38.962212] CPU: 0 PID: 5403 Comm: syz-executor213 Tainted: G B 4.19.0-rc2+ #4 [ 38.970853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.980189] Call Trace: [ 38.982764] dump_stack+0x1c4/0x2b4 [ 38.986372] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.991552] ? lock_downgrade+0x900/0x900 [ 38.995691] panic+0x238/0x4e7 [ 38.998867] ? add_taint.cold.5+0x16/0x16 [ 39.003002] ? print_shadow_for_address+0xb6/0x116 [ 39.007919] ? trace_hardirqs_off+0xaf/0x310 [ 39.012314] kasan_end_report+0x47/0x4f [ 39.016383] kasan_report.cold.9+0x76/0x309 [ 39.020690] ? __schedule+0xfc3/0x1ed0 [ 39.024561] __asan_report_load8_noabort+0x14/0x20 [ 39.029473] __schedule+0xfc3/0x1ed0 [ 39.033170] ? __sched_text_start+0x8/0x8 [ 39.037304] ? __lock_is_held+0xb5/0x140 [ 39.041348] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.046431] ? find_held_lock+0x36/0x1c0 [ 39.050479] ? __call_srcu+0x7f9/0x1070 [ 39.054436] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.059520] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.064613] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.069181] ? preempt_schedule+0x4d/0x60 [ 39.073311] preempt_schedule_common+0x1f/0xd0 [ 39.077884] preempt_schedule+0x4d/0x60 [ 39.081850] ___preempt_schedule+0x16/0x18 [ 39.086133] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.091051] __call_srcu+0x7f9/0x1070 [ 39.094831] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.099918] ? srcu_offline_cpu+0x120/0x120 [ 39.104219] ? debug_object_free+0x690/0x690 [ 39.108613] ? mark_held_locks+0x130/0x130 [ 39.112835] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.117445] ? lock_release+0x970/0x970 [ 39.121409] ? arch_local_save_flags+0x40/0x40 [ 39.125979] ? depot_save_stack+0x292/0x470 [ 39.130286] ? __lockdep_init_map+0x105/0x590 [ 39.134766] ? __init_waitqueue_head+0x9e/0x150 [ 39.139429] ? init_wait_entry+0x1c0/0x1c0 [ 39.143659] __synchronize_srcu+0x17b/0x230 [ 39.148020] ? call_srcu+0x10/0x10 [ 39.151548] ? rcu_unexpedite_gp+0x20/0x20 [ 39.155770] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.161288] ? check_preemption_disabled+0x48/0x200 [ 39.166289] synchronize_srcu+0x356/0x5ab [ 39.170416] ? lock_downgrade+0x900/0x900 [ 39.174550] ? synchronize_srcu_expedited+0x20/0x20 [ 39.179555] ? kasan_check_read+0x11/0x20 [ 39.183691] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.188255] ? kasan_check_write+0x14/0x20 [ 39.192470] ? do_raw_spin_lock+0xc1/0x200 [ 39.196690] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.202380] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.207812] ? kvfree+0x61/0x70 [ 39.211073] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.216072] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.220191] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.224588] ? kvm_arch_sync_events+0x30/0x30 [ 39.229066] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.234583] ? mmu_notifier_unregister+0x474/0x600 [ 39.239494] ? kfree+0x107/0x230 [ 39.242847] ? __mmu_notifier_register+0x30/0x30 [ 39.247589] ? __free_pages+0x10a/0x190 [ 39.251544] ? free_unref_page+0x960/0x960 [ 39.255778] kvm_put_kvm+0x6c8/0xff0 [ 39.259479] ? kvm_write_guest_cached+0x40/0x40 [ 39.264138] ? kvm_irqfd_release+0xd1/0x120 [ 39.268443] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.272919] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.277398] ? kasan_check_write+0x14/0x20 [ 39.281613] ? do_raw_spin_lock+0xc1/0x200 [ 39.285833] ? kvm_irqfd_release+0xdd/0x120 [ 39.290141] ? kvm_irqfd_release+0xdd/0x120 [ 39.294510] ? kvm_put_kvm+0xff0/0xff0 [ 39.298385] kvm_vm_release+0x42/0x50 [ 39.302164] __fput+0x385/0xa30 [ 39.305427] ? get_max_files+0x20/0x20 [ 39.309297] ? trace_hardirqs_on+0xbd/0x310 [ 39.313610] ? ___might_sleep+0x1ed/0x300 [ 39.317741] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.323184] ? arch_local_save_flags+0x40/0x40 [ 39.327749] ? kasan_check_write+0x14/0x20 [ 39.331972] ? do_raw_spin_lock+0xc1/0x200 [ 39.336191] ____fput+0x15/0x20 [ 39.339460] task_work_run+0x1e8/0x2a0 [ 39.343335] ? task_work_cancel+0x240/0x240 [ 39.347644] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.353163] ? switch_task_namespaces+0x9d/0xd0 [ 39.357817] do_exit+0x1ad7/0x2610 [ 39.361340] ? mm_update_next_owner+0x990/0x990 [ 39.366013] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 39.370236] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.375281] ? kfree+0x1fa/0x230 [ 39.378637] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 39.382854] ? kvm_vcpu_block+0x1030/0x1030 [ 39.387161] ? is_bpf_text_address+0xd3/0x170 [ 39.391636] ? kernel_text_address+0x79/0xf0 [ 39.396030] ? __kernel_text_address+0xd/0x40 [ 39.400508] ? unwind_get_return_address+0x61/0xa0 [ 39.405419] ? __save_stack_trace+0x8d/0xf0 [ 39.409733] ? save_stack+0xa9/0xd0 [ 39.413351] ? save_stack+0x43/0xd0 [ 39.416957] ? __kasan_slab_free+0x102/0x150 [ 39.421356] ? kasan_slab_free+0xe/0x10 [ 39.425309] ? putname+0xf2/0x130 [ 39.428743] ? __x64_sys_openat+0x9d/0x100 [ 39.432959] ? do_syscall_64+0x1b9/0x820 [ 39.437013] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.442359] ? trace_hardirqs_off+0xb8/0x310 [ 39.446750] ? kasan_check_read+0x11/0x20 [ 39.450880] ? do_raw_spin_unlock+0xa7/0x2f0 [ 39.455268] ? trace_hardirqs_on+0x310/0x310 [ 39.459728] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 39.464822] ? trace_hardirqs_off+0xb8/0x310 [ 39.469215] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.474736] ? check_preemption_disabled+0x48/0x200 [ 39.479731] ? check_preemption_disabled+0x48/0x200 [ 39.484733] ? kvm_vcpu_block+0x1030/0x1030 [ 39.489043] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.494601] ? do_vfs_ioctl+0x201/0x1720 [ 39.498655] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 39.503973] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 39.509035] ? __fget_light+0x2e9/0x430 [ 39.513002] ? fget_raw+0x20/0x20 [ 39.516442] ? smack_file_lock+0x2e0/0x2e0 [ 39.520665] do_group_exit+0x177/0x440 [ 39.524828] ? trace_hardirqs_on+0xbd/0x310 [ 39.529135] ? __ia32_sys_exit+0x50/0x50 [ 39.533178] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.538611] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.544134] ? ksys_ioctl+0x81/0xd0 [ 39.547749] __x64_sys_exit_group+0x3e/0x50 [ 39.552054] do_syscall_64+0x1b9/0x820 [ 39.555925] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.561271] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.566182] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.571005] ? trace_hardirqs_on_caller+0x310/0x310 [ 39.576006] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.581006] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.586006] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.591033] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.596207] RIP: 0033:0x43f008 [ 39.599387] Code: f6 ea 66 c1 e8 08 89 c1 44 89 c0 c0 f8 07 c0 f9 02 29 c1 8d 0c 89 01 c9 41 29 c8 41 83 c0 30 44 88 46 05 44 0f b6 47 03 44 89 41 c0 f8 07 f6 ea 66 c1 e8 08 89 c1 c0 f9 02 44 29 c1 89 c8 89 [ 39.618388] RSP: 002b:00007ffc08478b38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 39.626080] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f008 [ 39.633432] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 39.640796] RBP: 00000000004be8c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 39.648047] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 39.655299] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 39.662555] [ 39.662558] ====================================================== [ 39.662561] WARNING: possible circular locking dependency detected [ 39.662563] 4.19.0-rc2+ #4 Not tainted [ 39.662566] ------------------------------------------------------ [ 39.662569] syz-executor213/5403 is trying to acquire lock: [ 39.662571] 00000000c9d8142e ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 39.662579] [ 39.662581] but task is already holding lock: [ 39.662583] 000000004c2b640e (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.662590] [ 39.662593] which lock already depends on the new lock. [ 39.662594] [ 39.662596] [ 39.662598] the existing dependency chain (in reverse order) is: [ 39.662600] [ 39.662601] -> #3 (report_lock){....}: [ 39.662609] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.662623] kasan_report+0x8b/0x110 [ 39.662626] __asan_report_load8_noabort+0x14/0x20 [ 39.662628] __schedule+0xfc3/0x1ed0 [ 39.662630] preempt_schedule_common+0x1f/0xd0 [ 39.662633] preempt_schedule+0x4d/0x60 [ 39.662635] ___preempt_schedule+0x16/0x18 [ 39.662637] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.662640] __call_srcu+0x7f9/0x1070 [ 39.662642] __synchronize_srcu+0x17b/0x230 [ 39.662644] synchronize_srcu+0x356/0x5ab [ 39.662647] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.662650] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.662652] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.662654] kvm_put_kvm+0x6c8/0xff0 [ 39.662656] kvm_vm_release+0x42/0x50 [ 39.662658] __fput+0x385/0xa30 [ 39.662660] ____fput+0x15/0x20 [ 39.662663] task_work_run+0x1e8/0x2a0 [ 39.662665] do_exit+0x1ad7/0x2610 [ 39.662667] do_group_exit+0x177/0x440 [ 39.662669] __x64_sys_exit_group+0x3e/0x50 [ 39.662672] do_syscall_64+0x1b9/0x820 [ 39.662675] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.662676] [ 39.662677] -> #2 (&rq->lock){-.-.}: [ 39.662685] _raw_spin_lock+0x2d/0x40 [ 39.662687] task_fork_fair+0xb0/0x6d0 [ 39.662689] sched_fork+0x443/0xba0 [ 39.662691] copy_process+0x2586/0x8780 [ 39.662693] _do_fork+0x1cb/0x11d0 [ 39.662695] kernel_thread+0x34/0x40 [ 39.662697] rest_init+0x22/0xe5 [ 39.662700] start_kernel+0x8f4/0x92f [ 39.662702] x86_64_start_reservations+0x29/0x2b [ 39.662705] x86_64_start_kernel+0x76/0x79 [ 39.662707] secondary_startup_64+0xa4/0xb0 [ 39.662708] [ 39.662709] -> #1 (&p->pi_lock){-.-.}: [ 39.662717] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.662719] try_to_wake_up+0xd2/0x12f0 [ 39.662722] wake_up_process+0x10/0x20 [ 39.662724] __up.isra.1+0x1c0/0x2a0 [ 39.662726] up+0x13c/0x1c0 [ 39.662728] __up_console_sem+0xbe/0x1b0 [ 39.662730] console_unlock+0x524/0x11a0 [ 39.662732] vprintk_emit+0x33d/0x930 [ 39.662735] vprintk_default+0x28/0x30 [ 39.662737] vprintk_func+0x7e/0x181 [ 39.662739] printk+0xa7/0xcf [ 39.662741] load_umh+0x51/0xbd [ 39.662743] do_one_initcall+0x145/0x957 [ 39.662745] kernel_init_freeable+0x4bb/0x5ae [ 39.662747] kernel_init+0x11/0x1b2 [ 39.662750] ret_from_fork+0x3a/0x50 [ 39.662751] [ 39.662752] -> #0 ((console_sem).lock){-...}: [ 39.662762] lock_acquire+0x1ed/0x520 [ 39.662764] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.662766] down_trylock+0x13/0x70 [ 39.662769] __down_trylock_console_sem+0xae/0x200 [ 39.662771] console_trylock+0x15/0xa0 [ 39.662773] vprintk_emit+0x322/0x930 [ 39.662775] vprintk_default+0x28/0x30 [ 39.662778] vprintk_func+0x7e/0x181 [ 39.662780] printk+0xa7/0xcf [ 39.662782] kasan_report+0x9b/0x110 [ 39.662784] __asan_report_load8_noabort+0x14/0x20 [ 39.662787] __schedule+0xfc3/0x1ed0 [ 39.662789] preempt_schedule_common+0x1f/0xd0 [ 39.662791] preempt_schedule+0x4d/0x60 [ 39.662794] ___preempt_schedule+0x16/0x18 [ 39.662796] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.662798] __call_srcu+0x7f9/0x1070 [ 39.662801] __synchronize_srcu+0x17b/0x230 [ 39.662803] synchronize_srcu+0x356/0x5ab [ 39.662806] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.662808] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.662811] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.662813] kvm_put_kvm+0x6c8/0xff0 [ 39.662815] kvm_vm_release+0x42/0x50 [ 39.662817] __fput+0x385/0xa30 [ 39.662819] ____fput+0x15/0x20 [ 39.662822] task_work_run+0x1e8/0x2a0 [ 39.662824] do_exit+0x1ad7/0x2610 [ 39.662826] do_group_exit+0x177/0x440 [ 39.662829] __x64_sys_exit_group+0x3e/0x50 [ 39.662831] do_syscall_64+0x1b9/0x820 [ 39.662834] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.662835] [ 39.662837] other info that might help us debug this: [ 39.662838] [ 39.662840] Chain exists of: [ 39.662841] (console_sem).lock --> &rq->lock --> report_lock [ 39.662851] [ 39.662853] Possible unsafe locking scenario: [ 39.662855] [ 39.662857] CPU0 CPU1 [ 39.662859] ---- ---- [ 39.662861] lock(report_lock); [ 39.662866] lock(&rq->lock); [ 39.662871] lock(report_lock); [ 39.662875] lock((console_sem).lock); [ 39.662879] [ 39.662881] *** DEADLOCK *** [ 39.662883] [ 39.662885] 2 locks held by syz-executor213/5403: [ 39.662886] #0: 00000000ba2c9263 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 39.662895] #1: 000000004c2b640e (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.662904] [ 39.662906] stack backtrace: [ 39.662910] CPU: 0 PID: 5403 Comm: syz-executor213 Not tainted 4.19.0-rc2+ #4 [ 39.662914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.662916] Call Trace: [ 39.662918] dump_stack+0x1c4/0x2b4 [ 39.662921] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.662923] ? vprintk_func+0x85/0x181 [ 39.662926] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 39.662928] ? save_trace+0xe0/0x290 [ 39.662930] __lock_acquire+0x33e4/0x4ec0 [ 39.662932] ? mark_held_locks+0x130/0x130 [ 39.662934] ? mark_held_locks+0x130/0x130 [ 39.662936] ? rcu_bh_qs+0xc0/0xc0 [ 39.662939] ? unwind_dump+0x190/0x190 [ 39.662941] ? is_bpf_text_address+0xd3/0x170 [ 39.662943] ? kernel_text_address+0x79/0xf0 [ 39.662946] ? __kernel_text_address+0xd/0x40 [ 39.662948] ? __save_stack_trace+0x8d/0xf0 [ 39.662951] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 39.662953] ? save_trace+0x290/0x290 [ 39.662955] ? save_stack_trace+0x1a/0x20 [ 39.662957] ? save_trace+0xe0/0x290 [ 39.662959] ? kasan_check_read+0x11/0x20 [ 39.662968] ? graph_lock+0x170/0x170 [ 39.662971] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.662973] lock_acquire+0x1ed/0x520 [ 39.662975] ? down_trylock+0x13/0x70 [ 39.662978] ? find_held_lock+0x36/0x1c0 [ 39.662980] ? lock_release+0x970/0x970 [ 39.662982] ? trace_hardirqs_off+0xb8/0x310 [ 39.662984] ? vprintk_emit+0x1d3/0x930 [ 39.662987] ? trace_hardirqs_on+0x310/0x310 [ 39.662989] ? trace_hardirqs_off+0xb8/0x310 [ 39.662991] ? log_store+0x344/0x4c0 [ 39.662994] ? vprintk_emit+0x322/0x930 [ 39.662996] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.662998] ? down_trylock+0x13/0x70 [ 39.663000] down_trylock+0x13/0x70 [ 39.663003] __down_trylock_console_sem+0xae/0x200 [ 39.663005] console_trylock+0x15/0xa0 [ 39.663007] vprintk_emit+0x322/0x930 [ 39.663009] ? wake_up_klogd+0x180/0x180 [ 39.663012] ? run_rebalance_domains+0x500/0x500 [ 39.663014] ? wake_up_worker+0x117/0x190 [ 39.663016] ? find_held_lock+0x36/0x1c0 [ 39.663019] ? __queue_work+0x6be/0x1440 [ 39.663021] ? lock_acquire+0x1ed/0x520 [ 39.663023] vprintk_default+0x28/0x30 [ 39.663026] vprintk_func+0x7e/0x181 [ 39.663028] printk+0xa7/0xcf [ 39.663030] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 39.663032] ? kasan_check_write+0x14/0x20 [ 39.663035] ? do_raw_spin_lock+0xc1/0x200 [ 39.663037] ? do_raw_spin_lock+0xc1/0x200 [ 39.663039] kasan_report+0x9b/0x110 [ 39.663042] ? __schedule+0xfc3/0x1ed0 [ 39.663044] __asan_report_load8_noabort+0x14/0x20 [ 39.663046] __schedule+0xfc3/0x1ed0 [ 39.663049] ? __sched_text_start+0x8/0x8 [ 39.663051] ? __lock_is_held+0xb5/0x140 [ 39.663054] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.663056] ? find_held_lock+0x36/0x1c0 [ 39.663058] ? __call_srcu+0x7f9/0x1070 [ 39.663061] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.663064] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.663066] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.663068] ? preempt_schedule+0x4d/0x60 [ 39.663071] preempt_schedule_common+0x1f/0xd0 [ 39.663073] preempt_schedule+0x4d/0x60 [ 39.663075] ___preempt_schedule+0x16/0x18 [ 39.663078] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.663080] __call_srcu+0x7f9/0x1070 [ 39.663083] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.663085] ? srcu_offline_cpu+0x120/0x120 [ 39.663088] ? debug_object_free+0x690/0x690 [ 39.663090] ? mark_held_locks+0x130/0x130 [ 39.663093] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.663095] ? lock_release+0x970/0x970 [ 39.663097] ? arch_local_save_flags+0x40/0x40 [ 39.663100] ? depot_save_stack+0x292/0x470 [ 39.663102] ? __lockdep_init_map+0x105/0x590 [ 39.663105] ? __init_waitqueue_head+0x9e/0x150 [ 39.663107] ? init_wait_entry+0x1c0/0x1c0 [ 39.663110] __synchronize_srcu+0x17b/0x230 [ 39.663112] ? call_srcu+0x10/0x10 [ 39.663114] ? rcu_unexpedite_gp+0x20/0x20 [ 39.663117] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.663120] ? check_preemption_disabled+0x48/0x200 [ 39.663122] synchronize_srcu+0x356/0x5ab [ 39.663124] ? lock_downgrade+0x900/0x900 [ 39.663127] ? synchronize_srcu_expedited+0x20/0x20 [ 39.663129] ? kasan_check_read+0x11/0x20 [ 39.663132] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.663134] ? kasan_check_write+0x14/0x20 [ 39.663136] ? do_raw_spin_lock+0xc1/0x200 [ 39.663139] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.663142] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.663144] ? kvfree+0x61/0x70 [ 39.663146] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.663149] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.663151] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.663153] ? kvm_arch_sync_events+0x30/0x30 [ 39.663156] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.663159] ? mmu_notifier_unregister+0x474/0x600 [ 39.663161] ? kfree+0x107/0x230 [ 39.663163] ? __mmu_notifier_register+0x30/0x30 [ 39.663165] ? __free_pages+0x10a/0x190 [ 39.663168] ? free_unref_page+0x960/0x960 [ 39.663170] kvm_put_kvm+0x6c8/0xff0 [ 39.663172] ? kvm_write_guest_cached+0x40/0x40 [ 39.663175] ? kvm_irqfd_release+0xd1/0x120 [ 39.663177] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.663179] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.663182] ? kasan_check_write+0x14/0x20 [ 39.663184] ? do_raw_spin_lock+0xc1/0x200 [ 39.663186] ? kvm_irqfd_release+0xdd/0 [ 39.663191] Lost 78 message(s)! [ 39.663516] Dumping ftrace buffer: [ 40.720210] (ftrace buffer empty) [ 40.724416] Kernel Offset: disabled [ 40.728040] Rebooting in 86400 seconds..