[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.336472] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.137869] random: sshd: uninitialized urandom read (32 bytes read) [ 27.417449] random: sshd: uninitialized urandom read (32 bytes read) [ 28.014907] random: sshd: uninitialized urandom read (32 bytes read) [ 28.228580] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. [ 33.932239] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.057844] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.082823] ================================================================== [ 34.092727] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 34.098964] Read of size 8 at addr ffff8801d92a0058 by task syz-executor704/5340 [ 34.106494] [ 34.108131] CPU: 0 PID: 5340 Comm: syz-executor704 Not tainted 4.19.0-rc3+ #231 [ 34.115573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.124927] Call Trace: [ 34.127535] dump_stack+0x1c4/0x2b4 [ 34.131176] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.136367] ? printk+0xa7/0xcf [ 34.139649] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.144412] print_address_description.cold.8+0x9/0x1ff [ 34.149780] kasan_report.cold.9+0x242/0x309 [ 34.154186] ? __schedule+0xfc3/0x1ed0 [ 34.158077] __asan_report_load8_noabort+0x14/0x20 [ 34.163009] __schedule+0xfc3/0x1ed0 [ 34.166734] ? __sched_text_start+0x8/0x8 [ 34.170885] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.175648] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.180232] ? retint_kernel+0x2d/0x2d [ 34.184122] ? trace_hardirqs_on_caller+0xc0/0x310 [ 34.189069] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.193840] ? trace_hardirqs_off+0x310/0x310 [ 34.198335] ? find_held_lock+0x36/0x1c0 [ 34.202405] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.207162] ? preempt_schedule+0x4d/0x60 [ 34.211311] preempt_schedule_common+0x1f/0xd0 [ 34.215898] preempt_schedule+0x4d/0x60 [ 34.219897] ___preempt_schedule+0x16/0x18 [ 34.224140] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 34.229070] __call_srcu+0x7f9/0x1070 [ 34.232890] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 34.237999] ? srcu_offline_cpu+0x120/0x120 [ 34.242322] ? debug_object_free+0x690/0x690 [ 34.246740] ? mark_held_locks+0x130/0x130 [ 34.250973] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 34.255556] ? lock_release+0x970/0x970 [ 34.259531] ? arch_local_save_flags+0x40/0x40 [ 34.264116] ? depot_save_stack+0x292/0x470 [ 34.268445] ? __lockdep_init_map+0x105/0x590 [ 34.272942] ? __init_waitqueue_head+0x9e/0x150 [ 34.277609] ? init_wait_entry+0x1c0/0x1c0 [ 34.281855] __synchronize_srcu+0x17b/0x230 [ 34.286178] ? call_srcu+0x10/0x10 [ 34.289720] ? rcu_unexpedite_gp+0x20/0x20 [ 34.293965] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.299503] ? check_preemption_disabled+0x48/0x200 [ 34.304525] synchronize_srcu+0x356/0x5ab [ 34.308673] ? lock_downgrade+0x900/0x900 [ 34.312828] ? synchronize_srcu_expedited+0x20/0x20 [ 34.317850] ? kasan_check_read+0x11/0x20 [ 34.322003] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.326587] ? kasan_check_write+0x14/0x20 [ 34.330824] ? do_raw_spin_lock+0xc1/0x200 [ 34.335069] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.340794] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.346250] ? kvfree+0x61/0x70 [ 34.349536] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.354559] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.358620] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.363032] ? kvm_arch_sync_events+0x30/0x30 [ 34.367532] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.373103] ? mmu_notifier_unregister+0x474/0x600 [ 34.378037] ? kfree+0x107/0x230 [ 34.381405] ? __mmu_notifier_register+0x30/0x30 [ 34.386164] ? __free_pages+0x10a/0x190 [ 34.390144] ? free_unref_page+0x960/0x960 [ 34.394570] kvm_put_kvm+0x6c8/0xff0 [ 34.398298] ? kvm_write_guest_cached+0x40/0x40 [ 34.402986] ? kvm_irqfd_release+0xd1/0x120 [ 34.407320] ? _raw_spin_unlock_irq+0x27/0x80 [ 34.411824] ? _raw_spin_unlock_irq+0x27/0x80 [ 34.416338] ? kasan_check_write+0x14/0x20 [ 34.420584] ? do_raw_spin_lock+0xc1/0x200 [ 34.424831] ? kvm_irqfd_release+0xdd/0x120 [ 34.429161] ? kvm_irqfd_release+0xdd/0x120 [ 34.433493] ? kvm_put_kvm+0xff0/0xff0 [ 34.437389] kvm_vm_release+0x42/0x50 [ 34.441199] __fput+0x385/0xa30 [ 34.444488] ? get_max_files+0x20/0x20 [ 34.448382] ? trace_hardirqs_on+0xbd/0x310 [ 34.452721] ? ___might_sleep+0x1ed/0x300 [ 34.456880] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 34.462343] ? arch_local_save_flags+0x40/0x40 [ 34.466936] ? kasan_check_write+0x14/0x20 [ 34.471181] ? do_raw_spin_lock+0xc1/0x200 [ 34.475420] ____fput+0x15/0x20 [ 34.478698] task_work_run+0x1e8/0x2a0 [ 34.482599] ? task_work_cancel+0x240/0x240 [ 34.486941] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.492492] ? switch_task_namespaces+0x9d/0xd0 [ 34.497173] do_exit+0x1ad7/0x2610 [ 34.500733] ? mm_update_next_owner+0x990/0x990 [ 34.505421] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 34.509667] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.514702] ? kfree+0x1fa/0x230 [ 34.518082] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 34.522329] ? kvm_vcpu_block+0x1030/0x1030 [ 34.526655] ? is_bpf_text_address+0xd3/0x170 [ 34.531152] ? kernel_text_address+0x79/0xf0 [ 34.535563] ? __kernel_text_address+0xd/0x40 [ 34.540057] ? unwind_get_return_address+0x61/0xa0 [ 34.544992] ? __save_stack_trace+0x8d/0xf0 [ 34.549317] ? save_stack+0xa9/0xd0 [ 34.552941] ? save_stack+0x43/0xd0 [ 34.556566] ? __kasan_slab_free+0x102/0x150 [ 34.560974] ? kasan_slab_free+0xe/0x10 [ 34.564954] ? putname+0xf2/0x130 [ 34.568414] ? __x64_sys_openat+0x9d/0x100 [ 34.572656] ? do_syscall_64+0x1b9/0x820 [ 34.576726] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.582188] ? trace_hardirqs_off+0xb8/0x310 [ 34.586604] ? kasan_check_read+0x11/0x20 [ 34.590765] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.595179] ? trace_hardirqs_on+0x310/0x310 [ 34.599594] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 34.604698] ? trace_hardirqs_off+0xb8/0x310 [ 34.609311] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.614849] ? check_preemption_disabled+0x48/0x200 [ 34.619862] ? check_preemption_disabled+0x48/0x200 [ 34.624881] ? kvm_vcpu_block+0x1030/0x1030 [ 34.629202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.634746] ? do_vfs_ioctl+0x201/0x1720 [ 34.638812] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 34.644092] ? ioctl_preallocate+0x300/0x300 [ 34.648501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.654038] ? __fget_light+0x2e9/0x430 [ 34.658010] ? fget_raw+0x20/0x20 [ 34.661459] ? putname+0xf2/0x130 [ 34.664912] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.669928] ? kmem_cache_free+0x24f/0x290 [ 34.674161] ? putname+0xf7/0x130 [ 34.677620] do_group_exit+0x177/0x440 [ 34.681507] ? trace_hardirqs_on+0xbd/0x310 [ 34.685833] ? __ia32_sys_exit+0x50/0x50 [ 34.689897] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 34.695357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.700901] ? ksys_ioctl+0x81/0xd0 [ 34.704529] __x64_sys_exit_group+0x3e/0x50 [ 34.708851] do_syscall_64+0x1b9/0x820 [ 34.712746] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.718112] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.723044] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.727888] ? trace_hardirqs_on_caller+0x310/0x310 [ 34.732910] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.737927] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.742791] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.747986] RIP: 0033:0x43ecc8 [ 34.751179] Code: Bad RIP value. [ 34.754537] RSP: 002b:00007fff1630c8d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.762242] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 34.769505] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.776769] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.784036] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.791298] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.798574] [ 34.800198] Allocated by task 5340: [ 34.803823] save_stack+0x43/0xd0 [ 34.807276] kasan_kmalloc+0xc7/0xe0 [ 34.811507] kasan_slab_alloc+0x12/0x20 [ 34.815476] kmem_cache_alloc+0x12e/0x730 [ 34.819617] vmx_create_vcpu+0xcf/0x25e0 [ 34.823703] kvm_arch_vcpu_create+0xe5/0x220 [ 34.828115] kvm_vm_ioctl+0x470/0x1d40 [ 34.831998] do_vfs_ioctl+0x1de/0x1720 [ 34.835879] ksys_ioctl+0xa9/0xd0 [ 34.839325] __x64_sys_ioctl+0x73/0xb0 [ 34.843208] do_syscall_64+0x1b9/0x820 [ 34.847096] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.852269] [ 34.853887] Freed by task 5340: [ 34.857159] save_stack+0x43/0xd0 [ 34.860607] __kasan_slab_free+0x102/0x150 [ 34.864838] kasan_slab_free+0xe/0x10 [ 34.868637] kmem_cache_free+0x83/0x290 [ 34.872605] vmx_free_vcpu+0x26b/0x300 [ 34.876485] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.880895] kvm_put_kvm+0x6c8/0xff0 [ 34.884606] kvm_vm_release+0x42/0x50 [ 34.888399] __fput+0x385/0xa30 [ 34.891670] ____fput+0x15/0x20 [ 34.894949] task_work_run+0x1e8/0x2a0 [ 34.898839] do_exit+0x1ad7/0x2610 [ 34.902378] do_group_exit+0x177/0x440 [ 34.906260] __x64_sys_exit_group+0x3e/0x50 [ 34.910583] do_syscall_64+0x1b9/0x820 [ 34.914472] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.919648] [ 34.921274] The buggy address belongs to the object at ffff8801d92a0040 [ 34.921274] which belongs to the cache kvm_vcpu of size 23872 [ 34.933845] The buggy address is located 24 bytes inside of [ 34.933845] 23872-byte region [ffff8801d92a0040, ffff8801d92a5d80) [ 34.945802] The buggy address belongs to the page: [ 34.950737] page:ffffea000764a800 count:1 mapcount:0 mapping:ffff8801d5b2c780 index:0x0 compound_mapcount: 0 [ 34.960752] flags: 0x2fffc0000008100(slab|head) [ 34.965421] raw: 02fffc0000008100 ffff8801d5b34a48 ffff8801d5b34a48 ffff8801d5b2c780 [ 34.973316] raw: 0000000000000000 ffff8801d92a0040 0000000100000001 0000000000000000 [ 34.981190] page dumped because: kasan: bad access detected [ 34.986889] [ 34.988506] Memory state around the buggy address: [ 34.993429] ffff8801d929ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.000786] ffff8801d929ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.008144] >ffff8801d92a0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 35.015752] ^ [ 35.021983] ffff8801d92a0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.029337] ffff8801d92a0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.036688] ================================================================== [ 35.044048] Kernel panic - not syncing: panic_on_warn set ... [ 35.044048] [ 35.051414] CPU: 0 PID: 5340 Comm: syz-executor704 Tainted: G B 4.19.0-rc3+ #231 [ 35.060262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.069606] Call Trace: [ 35.072204] dump_stack+0x1c4/0x2b4 [ 35.075832] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.081023] ? lock_downgrade+0x900/0x900 [ 35.085177] panic+0x238/0x4e7 [ 35.088367] ? add_taint.cold.5+0x16/0x16 [ 35.092515] ? print_shadow_for_address+0xb6/0x116 [ 35.097444] ? trace_hardirqs_off+0xaf/0x310 [ 35.101859] kasan_end_report+0x47/0x4f [ 35.105834] kasan_report.cold.9+0x76/0x309 [ 35.110155] ? __schedule+0xfc3/0x1ed0 [ 35.114043] __asan_report_load8_noabort+0x14/0x20 [ 35.118995] __schedule+0xfc3/0x1ed0 [ 35.122717] ? __sched_text_start+0x8/0x8 [ 35.126870] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 35.131627] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.136207] ? retint_kernel+0x2d/0x2d [ 35.140094] ? trace_hardirqs_on_caller+0xc0/0x310 [ 35.145024] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 35.149780] ? trace_hardirqs_off+0x310/0x310 [ 35.154273] ? find_held_lock+0x36/0x1c0 [ 35.158339] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 35.163098] ? preempt_schedule+0x4d/0x60 [ 35.167251] preempt_schedule_common+0x1f/0xd0 [ 35.171840] preempt_schedule+0x4d/0x60 [ 35.175814] ___preempt_schedule+0x16/0x18 [ 35.180052] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.184982] __call_srcu+0x7f9/0x1070 [ 35.188780] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 35.193889] ? srcu_offline_cpu+0x120/0x120 [ 35.198209] ? debug_object_free+0x690/0x690 [ 35.202620] ? mark_held_locks+0x130/0x130 [ 35.206858] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 35.211439] ? lock_release+0x970/0x970 [ 35.215413] ? arch_local_save_flags+0x40/0x40 [ 35.219996] ? depot_save_stack+0x292/0x470 [ 35.224322] ? __lockdep_init_map+0x105/0x590 [ 35.228827] ? __init_waitqueue_head+0x9e/0x150 [ 35.233522] ? init_wait_entry+0x1c0/0x1c0 [ 35.237793] __synchronize_srcu+0x17b/0x230 [ 35.242115] ? call_srcu+0x10/0x10 [ 35.245651] ? rcu_unexpedite_gp+0x20/0x20 [ 35.249892] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.255429] ? check_preemption_disabled+0x48/0x200 [ 35.260446] synchronize_srcu+0x356/0x5ab [ 35.264592] ? lock_downgrade+0x900/0x900 [ 35.268742] ? synchronize_srcu_expedited+0x20/0x20 [ 35.273764] ? kasan_check_read+0x11/0x20 [ 35.277917] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.282500] ? kasan_check_write+0x14/0x20 [ 35.286744] ? do_raw_spin_lock+0xc1/0x200 [ 35.290985] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.296705] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.302184] ? kvfree+0x61/0x70 [ 35.305465] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.310483] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.314546] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.318956] ? kvm_arch_sync_events+0x30/0x30 [ 35.323453] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.328991] ? mmu_notifier_unregister+0x474/0x600 [ 35.333919] ? kfree+0x107/0x230 [ 35.337288] ? __mmu_notifier_register+0x30/0x30 [ 35.342045] ? __free_pages+0x10a/0x190 [ 35.346024] ? free_unref_page+0x960/0x960 [ 35.350269] kvm_put_kvm+0x6c8/0xff0 [ 35.353993] ? kvm_write_guest_cached+0x40/0x40 [ 35.358672] ? kvm_irqfd_release+0xd1/0x120 [ 35.363003] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.367496] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.371999] ? kasan_check_write+0x14/0x20 [ 35.376238] ? do_raw_spin_lock+0xc1/0x200 [ 35.380498] ? kvm_irqfd_release+0xdd/0x120 [ 35.384819] ? kvm_irqfd_release+0xdd/0x120 [ 35.389142] ? kvm_put_kvm+0xff0/0xff0 [ 35.393027] kvm_vm_release+0x42/0x50 [ 35.396827] __fput+0x385/0xa30 [ 35.400105] ? get_max_files+0x20/0x20 [ 35.403991] ? trace_hardirqs_on+0xbd/0x310 [ 35.408311] ? ___might_sleep+0x1ed/0x300 [ 35.412457] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.417911] ? arch_local_save_flags+0x40/0x40 [ 35.422495] ? kasan_check_write+0x14/0x20 [ 35.426734] ? do_raw_spin_lock+0xc1/0x200 [ 35.430966] ____fput+0x15/0x20 [ 35.434249] task_work_run+0x1e8/0x2a0 [ 35.438135] ? task_work_cancel+0x240/0x240 [ 35.442466] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.448002] ? switch_task_namespaces+0x9d/0xd0 [ 35.452674] do_exit+0x1ad7/0x2610 [ 35.456221] ? mm_update_next_owner+0x990/0x990 [ 35.460908] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 35.465145] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.470163] ? kfree+0x1fa/0x230 [ 35.473530] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 35.477769] ? kvm_vcpu_block+0x1030/0x1030 [ 35.482099] ? is_bpf_text_address+0xd3/0x170 [ 35.486597] ? kernel_text_address+0x79/0xf0 [ 35.491004] ? __kernel_text_address+0xd/0x40 [ 35.495500] ? unwind_get_return_address+0x61/0xa0 [ 35.500433] ? __save_stack_trace+0x8d/0xf0 [ 35.504779] ? save_stack+0xa9/0xd0 [ 35.508423] ? save_stack+0x43/0xd0 [ 35.512137] ? __kasan_slab_free+0x102/0x150 [ 35.516542] ? kasan_slab_free+0xe/0x10 [ 35.520515] ? putname+0xf2/0x130 [ 35.523971] ? __x64_sys_openat+0x9d/0x100 [ 35.528204] ? do_syscall_64+0x1b9/0x820 [ 35.532266] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.537629] ? trace_hardirqs_off+0xb8/0x310 [ 35.542036] ? kasan_check_read+0x11/0x20 [ 35.546185] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.550590] ? trace_hardirqs_on+0x310/0x310 [ 35.554999] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 35.560100] ? trace_hardirqs_off+0xb8/0x310 [ 35.564510] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.570052] ? check_preemption_disabled+0x48/0x200 [ 35.575066] ? check_preemption_disabled+0x48/0x200 [ 35.580085] ? kvm_vcpu_block+0x1030/0x1030 [ 35.584415] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.589952] ? do_vfs_ioctl+0x201/0x1720 [ 35.594012] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 35.599292] ? ioctl_preallocate+0x300/0x300 [ 35.603701] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.609244] ? __fget_light+0x2e9/0x430 [ 35.613216] ? fget_raw+0x20/0x20 [ 35.616670] ? putname+0xf2/0x130 [ 35.620125] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.625142] ? kmem_cache_free+0x24f/0x290 [ 35.629378] ? putname+0xf7/0x130 [ 35.632838] do_group_exit+0x177/0x440 [ 35.636732] ? trace_hardirqs_on+0xbd/0x310 [ 35.641054] ? __ia32_sys_exit+0x50/0x50 [ 35.645114] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.650561] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.656096] ? ksys_ioctl+0x81/0xd0 [ 35.659730] __x64_sys_exit_group+0x3e/0x50 [ 35.664057] do_syscall_64+0x1b9/0x820 [ 35.667944] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.673306] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.678233] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.683079] ? trace_hardirqs_on_caller+0x310/0x310 [ 35.688096] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.693119] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.697966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.703149] RIP: 0033:0x43ecc8 [ 35.706343] Code: Bad RIP value. [ 35.709713] RSP: 002b:00007fff1630c8d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.717420] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 35.724682] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.731949] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.739230] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.746497] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.753774] [ 35.753781] ====================================================== [ 35.753787] WARNING: possible circular locking dependency detected [ 35.753791] 4.19.0-rc3+ #231 Not tainted [ 35.753796] ------------------------------------------------------ [ 35.753801] syz-executor704/5340 is trying to acquire lock: [ 35.753805] 000000002936a414 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 35.753820] [ 35.753825] but task is already holding lock: [ 35.753828] 00000000eab909f5 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 35.753843] [ 35.753847] which lock already depends on the new lock. [ 35.753850] [ 35.753852] [ 35.753857] the existing dependency chain (in reverse order) is: [ 35.753860] [ 35.753862] -> #3 (report_lock){....}: [ 35.753877] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.753881] kasan_report+0x8b/0x110 [ 35.753886] __asan_report_load8_noabort+0x14/0x20 [ 35.753890] __schedule+0xfc3/0x1ed0 [ 35.753894] preempt_schedule_common+0x1f/0xd0 [ 35.753898] preempt_schedule+0x4d/0x60 [ 35.753903] ___preempt_schedule+0x16/0x18 [ 35.753907] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.753911] __call_srcu+0x7f9/0x1070 [ 35.753916] __synchronize_srcu+0x17b/0x230 [ 35.753920] synchronize_srcu+0x356/0x5ab [ 35.753925] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.753929] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.753933] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.753938] kvm_put_kvm+0x6c8/0xff0 [ 35.753942] kvm_vm_release+0x42/0x50 [ 35.753945] __fput+0x385/0xa30 [ 35.753949] ____fput+0x15/0x20 [ 35.753953] task_work_run+0x1e8/0x2a0 [ 35.753957] do_exit+0x1ad7/0x2610 [ 35.753961] do_group_exit+0x177/0x440 [ 35.753965] __x64_sys_exit_group+0x3e/0x50 [ 35.753969] do_syscall_64+0x1b9/0x820 [ 35.753974] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.753977] [ 35.753979] -> #2 (&rq->lock){-.-.}: [ 35.753993] _raw_spin_lock+0x2d/0x40 [ 35.753997] task_fork_fair+0xb0/0x6d0 [ 35.754001] sched_fork+0x443/0xba0 [ 35.754005] copy_process+0x2586/0x8780 [ 35.754009] _do_fork+0x1cb/0x11d0 [ 35.754013] kernel_thread+0x34/0x40 [ 35.754017] rest_init+0x22/0xe5 [ 35.754021] start_kernel+0x8f4/0x92f [ 35.754025] x86_64_start_reservations+0x29/0x2b [ 35.754030] x86_64_start_kernel+0x76/0x79 [ 35.754034] secondary_startup_64+0xa4/0xb0 [ 35.754036] [ 35.754039] -> #1 (&p->pi_lock){-.-.}: [ 35.754054] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.754058] try_to_wake_up+0xd2/0x12f0 [ 35.754062] wake_up_process+0x10/0x20 [ 35.754066] __up.isra.1+0x1c0/0x2a0 [ 35.754069] up+0x13c/0x1c0 [ 35.754073] __up_console_sem+0xbe/0x1b0 [ 35.754077] console_unlock+0x524/0x11a0 [ 35.754081] vprintk_emit+0x33d/0x930 [ 35.754085] vprintk_default+0x28/0x30 [ 35.754089] vprintk_func+0x7e/0x181 [ 35.754093] printk+0xa7/0xcf [ 35.754096] load_umh+0x51/0xbd [ 35.754101] do_one_initcall+0x145/0x957 [ 35.754105] kernel_init_freeable+0x4bb/0x5ae [ 35.754109] kernel_init+0x11/0x1b2 [ 35.754113] ret_from_fork+0x3a/0x50 [ 35.754115] [ 35.754118] -> #0 ((console_sem).lock){-...}: [ 35.754132] lock_acquire+0x1ed/0x520 [ 35.754137] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.754141] down_trylock+0x13/0x70 [ 35.754145] __down_trylock_console_sem+0xae/0x200 [ 35.754150] console_trylock+0x15/0xa0 [ 35.754153] vprintk_emit+0x322/0x930 [ 35.754158] vprintk_default+0x28/0x30 [ 35.754161] vprintk_func+0x7e/0x181 [ 35.754165] printk+0xa7/0xcf [ 35.754169] kasan_report+0x9b/0x110 [ 35.754174] __asan_report_load8_noabort+0x14/0x20 [ 35.754177] __schedule+0xfc3/0x1ed0 [ 35.754182] preempt_schedule_common+0x1f/0xd0 [ 35.754186] preempt_schedule+0x4d/0x60 [ 35.754190] ___preempt_schedule+0x16/0x18 [ 35.754195] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.754199] __call_srcu+0x7f9/0x1070 [ 35.754203] __synchronize_srcu+0x17b/0x230 [ 35.754207] synchronize_srcu+0x356/0x5ab [ 35.754213] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.754217] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.754222] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.754226] kvm_put_kvm+0x6c8/0xff0 [ 35.754230] kvm_vm_release+0x42/0x50 [ 35.754233] __fput+0x385/0xa30 [ 35.754237] ____fput+0x15/0x20 [ 35.754241] task_work_run+0x1e8/0x2a0 [ 35.754245] do_exit+0x1ad7/0x2610 [ 35.754249] do_group_exit+0x177/0x440 [ 35.754253] __x64_sys_exit_group+0x3e/0x50 [ 35.754257] do_syscall_64+0x1b9/0x820 [ 35.754262] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.754265] [ 35.754269] other info that might help us debug this: [ 35.754271] [ 35.754275] Chain exists of: [ 35.754277] (console_sem).lock --> &rq->lock --> report_lock [ 35.754296] [ 35.754300] Possible unsafe locking scenario: [ 35.754302] [ 35.754306] CPU0 CPU1 [ 35.754311] ---- ---- [ 35.754313] lock(report_lock); [ 35.754323] lock(&rq->lock); [ 35.754332] lock(report_lock); [ 35.754341] lock((console_sem).lock); [ 35.754349] [ 35.754352] *** DEADLOCK *** [ 35.754355] [ 35.754359] 2 locks held by syz-executor704/5340: [ 35.754361] #0: 00000000de276b8a (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 35.754379] #1: 00000000eab909f5 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 35.754396] [ 35.754399] stack backtrace: [ 35.754406] CPU: 0 PID: 5340 Comm: syz-executor704 Not tainted 4.19.0-rc3+ #231 [ 35.754414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.754417] Call Trace: [ 35.754421] dump_stack+0x1c4/0x2b4 [ 35.754425] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.754430] ? vprintk_func+0x85/0x181 [ 35.754435] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 35.754439] ? save_trace+0xe0/0x290 [ 35.754443] __lock_acquire+0x33e4/0x4ec0 [ 35.754447] ? mark_held_locks+0x130/0x130 [ 35.754451] ? mark_held_locks+0x130/0x130 [ 35.754455] ? rcu_bh_qs+0xc0/0xc0 [ 35.754459] ? unwind_dump+0x190/0x190 [ 35.754464] ? is_bpf_text_address+0xd3/0x170 [ 35.754468] ? kernel_text_address+0x79/0xf0 [ 35.754472] ? __kernel_text_address+0xd/0x40 [ 35.754477] ? __save_stack_trace+0x8d/0xf0 [ 35.754481] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 35.754485] ? save_trace+0x290/0x290 [ 35.754489] ? save_stack_trace+0x1a/0x20 [ 35.754493] ? save_trace+0xe0/0x290 [ 35.754497] ? kasan_check_read+0x11/0x20 [ 35.754501] ? graph_lock+0x170/0x170 [ 35.754506] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.754510] lock_acquire+0x1ed/0x520 [ 35.754514] ? down_trylock+0x13/0x70 [ 35.754518] ? find_held_lock+0x36/0x1c0 [ 35.754522] ? lock_release+0x970/0x970 [ 35.754527] ? trace_hardirqs_off+0xb8/0x310 [ 35.754531] ? vprintk_emit+0x1d3/0x930 [ 35.754535] ? trace_hardirqs_on+0x310/0x310 [ 35.754539] ? trace_hardirqs_off+0xb8/0x310 [ 35.754543] ? log_store+0x344/0x4c0 [ 35.754547] ? vprintk_emit+0x322/0x930 [ 35.754552] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.754556] ? down_trylock+0x13/0x70 [ 35.754560] down_trylock+0x13/0x70 [ 35.754564] __down_trylock_console_sem+0xae/0x200 [ 35.754568] console_trylock+0x15/0xa0 [ 35.754572] vprintk_emit+0x322/0x930 [ 35.754576] ? wake_up_klogd+0x180/0x180 [ 35.754581] ? run_rebalance_domains+0x500/0x500 [ 35.754585] ? wake_up_worker+0x117/0x190 [ 35.754589] ? find_held_lock+0x36/0x1c0 [ 35.754593] ? __queue_work+0x6be/0x1440 [ 35.754597] ? lock_acquire+0x1ed/0x520 [ 35.754601] vprintk_default+0x28/0x30 [ 35.754605] vprintk_func+0x7e/0x181 [ 35.754609] printk+0xa7/0xcf [ 35.754613] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.754617] ? kasan_check_write+0x14/0x20 [ 35.754622] ? do_raw_spin_lock+0xc1/0x200 [ 35.754626] ? do_raw_spin_lock+0xc1/0x200 [ 35.754630] kasan_report+0x9b/0x110 [ 35.754634] ? __schedule+0xfc3/0x1ed0 [ 35.754638] __asan_report_load8_noabort+0x14/0x20 [ 35.754642] __schedule+0xfc3/0x1ed0 [ 35.754646] ? __sched_text_start+0x8/0x8 [ 35.754651] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 35.754655] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.754659] ? retint_kernel+0x2d/0x2d [ 35.754664] ? trace_hardirqs_on_caller+0xc0/0x310 [ 35.754668] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 35.754673] ? trace_hardirqs_off+0x310/0x310 [ 35.754677] ? find_held_lock+0x36/0x1c0 [ 35.754681] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 35.754686] ? preempt_schedule+0x4d/0x60 [ 35.754690] preempt_schedule_common+0x1f/0xd0 [ 35.754694] preempt_schedule+0x4d/0x60 [ 35.754698] ___preempt_schedule+0x16/0x18 [ 35.754703] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.754714] __call_srcu+0x7f9/0x1070 [ 35.754718] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 35.754723] ? srcu_offline_cpu+0x120/0x120 [ 35.754727] ? debug_object_free+0x690/0x690 [ 35.754731] ? mark_held_locks+0x130/0x130 [ 35.754736] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 35.754740] ? lock_release+0x970/0x970 [ 35.754745] ? arch_local_save_flags+0x40/0x40 [ 35.754749] ? depot_save_stack+0x292/0x470 [ 35.754753] ? __lockdep_init_map+0x105/0x590 [ 35.754758] ? __init_waitqueue_head+0x9e/0x150 [ 35.754762] ? init_wait_entry+0x1c0/0x1c0 [ 35.754766] __synchronize_srcu+0x17b/0x230 [ 35.754770] ? call_srcu+0x10/0x10 [ 35.754774] ? rcu_unexpedite_gp+0x20/0x20 [ 35.754779] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.754784] ? check_preemption_disabled+0x48/0x200 [ 35.754788] synchronize_srcu+0x356/0x5ab [ 35.754792] ? lock_downgrade+0x900/0x900 [ 35.754797] ? synchronize_srcu_expedited+0x20/0x20 [ 35.754801] ? kasan_check_read+0x11/0x20 [ 35.754806] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.754810] ? kasan_check_write+0x14/0x20 [ 35.754814] ? do_raw_spin_lock+0xc1/0x200 [ 35.754819] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.754824] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.754828] ? kvfree+0x61/0x70 [ 35.754832] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.754837] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.754841] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.754845] ? kvm_arch_sync_events+0x30/0x30 [ 35.754850] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.754855] ? mmu_notifier_unregister+0x474/0x600 [ 35.754858] ? kfree+0x107/0x230 [ 35.754863] ? __mmu_notifier_register+0x30/0x30 [ 35.754867] ? __free_pages+0x10a/0x190 [ 35.754871] ? free_unref_page+0x960/0x960 [ 35.754875] kvm_put_kvm+0x6c8/0xff0 [ 35.754880] ? kvm_write_guest_cached+0x40/0x40 [ 35.754884] ? kvm_irqfd_release+0xd1/0x120 [ 35.754888] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.754893] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.754897] ? kasan_check_write+0x14/0x20 [ 35.754900] ? do_raw_spin_lock+0xc [ 35.754908] Lost 82 message(s)! [ 36.889576] Shutting down cpus with NMI [ 37.946531] Dumping ftrace buffer: [ 37.950054] (ftrace buffer empty) [ 37.954233] Kernel Offset: disabled [ 37.957856] Rebooting in 86400 seconds..