[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.703520] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.254709] random: sshd: uninitialized urandom read (32 bytes read) [ 27.591720] random: sshd: uninitialized urandom read (32 bytes read) [ 28.200194] random: sshd: uninitialized urandom read (32 bytes read) [ 28.418899] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.66' (ECDSA) to the list of known hosts. [ 33.966204] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.085030] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.110656] ================================================================== [ 34.120686] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 34.126920] Read of size 8 at addr ffff8801c41b0058 by task syz-executor506/5339 [ 34.134441] [ 34.136070] CPU: 1 PID: 5339 Comm: syz-executor506 Not tainted 4.19.0-rc4+ #248 [ 34.143507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.152855] Call Trace: [ 34.155451] dump_stack+0x1c4/0x2b4 [ 34.159080] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.164270] ? printk+0xa7/0xcf [ 34.167563] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.172334] print_address_description.cold.8+0x9/0x1ff [ 34.177701] kasan_report.cold.9+0x242/0x309 [ 34.182111] ? __schedule+0xfc3/0x1ed0 [ 34.186000] __asan_report_load8_noabort+0x14/0x20 [ 34.190927] __schedule+0xfc3/0x1ed0 [ 34.194649] ? __sched_text_start+0x8/0x8 [ 34.198797] ? __lock_is_held+0xb5/0x140 [ 34.202859] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.207967] ? find_held_lock+0x36/0x1c0 [ 34.212033] ? __call_srcu+0x7f9/0x1070 [ 34.216008] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.221111] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.226219] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.230801] ? preempt_schedule+0x4d/0x60 [ 34.234952] preempt_schedule_common+0x1f/0xd0 [ 34.239562] preempt_schedule+0x4d/0x60 [ 34.243540] ___preempt_schedule+0x16/0x18 [ 34.247792] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 34.252727] __call_srcu+0x7f9/0x1070 [ 34.256524] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 34.261638] ? srcu_offline_cpu+0x120/0x120 [ 34.265956] ? debug_object_free+0x690/0x690 [ 34.270362] ? mark_held_locks+0x130/0x130 [ 34.274594] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 34.279177] ? lock_release+0x970/0x970 [ 34.283150] ? arch_local_save_flags+0x40/0x40 [ 34.287734] ? depot_save_stack+0x292/0x470 [ 34.292060] ? __lockdep_init_map+0x105/0x590 [ 34.296568] ? __init_waitqueue_head+0x9e/0x150 [ 34.301236] ? init_wait_entry+0x1c0/0x1c0 [ 34.305477] __synchronize_srcu+0x17b/0x230 [ 34.309795] ? call_srcu+0x10/0x10 [ 34.313337] ? rcu_unexpedite_gp+0x20/0x20 [ 34.317583] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.323117] ? check_preemption_disabled+0x48/0x200 [ 34.328137] synchronize_srcu+0x356/0x5ab [ 34.332289] ? lock_downgrade+0x900/0x900 [ 34.336446] ? synchronize_srcu_expedited+0x20/0x20 [ 34.341466] ? kasan_check_read+0x11/0x20 [ 34.345616] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.350201] ? kasan_check_write+0x14/0x20 [ 34.354438] ? do_raw_spin_lock+0xc1/0x200 [ 34.358680] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.364390] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.369841] ? kvfree+0x61/0x70 [ 34.373117] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.378136] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.382196] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.386605] ? kvm_arch_sync_events+0x30/0x30 [ 34.391099] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.396736] ? mmu_notifier_unregister+0x474/0x600 [ 34.401666] ? kfree+0x107/0x230 [ 34.405035] ? __mmu_notifier_register+0x30/0x30 [ 34.409789] ? __free_pages+0x10a/0x190 [ 34.413761] ? free_unref_page+0x960/0x960 [ 34.418006] kvm_put_kvm+0x6c8/0xff0 [ 34.421748] ? kvm_write_guest_cached+0x40/0x40 [ 34.426421] ? kvm_irqfd_release+0xd1/0x120 [ 34.430759] ? _raw_spin_unlock_irq+0x27/0x80 [ 34.435252] ? _raw_spin_unlock_irq+0x27/0x80 [ 34.439755] ? kasan_check_write+0x14/0x20 [ 34.443992] ? do_raw_spin_lock+0xc1/0x200 [ 34.448228] ? kvm_irqfd_release+0xdd/0x120 [ 34.452554] ? kvm_irqfd_release+0xdd/0x120 [ 34.456880] ? kvm_put_kvm+0xff0/0xff0 [ 34.461233] kvm_vm_release+0x42/0x50 [ 34.465040] __fput+0x385/0xa30 [ 34.468332] ? get_max_files+0x20/0x20 [ 34.472219] ? trace_hardirqs_on+0xbd/0x310 [ 34.476555] ? ___might_sleep+0x1ed/0x300 [ 34.480702] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 34.486156] ? arch_local_save_flags+0x40/0x40 [ 34.490746] ? kasan_check_write+0x14/0x20 [ 34.494982] ? do_raw_spin_lock+0xc1/0x200 [ 34.499219] ____fput+0x15/0x20 [ 34.502498] task_work_run+0x1e8/0x2a0 [ 34.506389] ? task_work_cancel+0x240/0x240 [ 34.510738] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.516274] ? switch_task_namespaces+0x9d/0xd0 [ 34.520947] do_exit+0x1ad7/0x2610 [ 34.524490] ? mm_update_next_owner+0x990/0x990 [ 34.529168] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 34.533406] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.538424] ? kfree+0x1fa/0x230 [ 34.541790] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 34.546024] ? kvm_vcpu_block+0x1030/0x1030 [ 34.550348] ? is_bpf_text_address+0xd3/0x170 [ 34.554841] ? kernel_text_address+0x79/0xf0 [ 34.559249] ? __kernel_text_address+0xd/0x40 [ 34.563746] ? unwind_get_return_address+0x61/0xa0 [ 34.568676] ? __save_stack_trace+0x8d/0xf0 [ 34.573001] ? save_stack+0xa9/0xd0 [ 34.576626] ? save_stack+0x43/0xd0 [ 34.580250] ? __kasan_slab_free+0x102/0x150 [ 34.584652] ? kasan_slab_free+0xe/0x10 [ 34.588624] ? putname+0xf2/0x130 [ 34.592074] ? __x64_sys_openat+0x9d/0x100 [ 34.596318] ? do_syscall_64+0x1b9/0x820 [ 34.600377] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.605742] ? trace_hardirqs_off+0xb8/0x310 [ 34.610151] ? kasan_check_read+0x11/0x20 [ 34.614304] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.618716] ? trace_hardirqs_on+0x310/0x310 [ 34.623129] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 34.628237] ? trace_hardirqs_off+0xb8/0x310 [ 34.632645] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.638177] ? check_preemption_disabled+0x48/0x200 [ 34.643187] ? check_preemption_disabled+0x48/0x200 [ 34.648205] ? kvm_vcpu_block+0x1030/0x1030 [ 34.652526] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.658073] ? do_vfs_ioctl+0x201/0x1720 [ 34.662136] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 34.667413] ? ioctl_preallocate+0x300/0x300 [ 34.671819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.677354] ? __fget_light+0x2e9/0x430 [ 34.681330] ? fget_raw+0x20/0x20 [ 34.684778] ? putname+0xf2/0x130 [ 34.688237] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.693264] ? kmem_cache_free+0x24f/0x290 [ 34.697506] ? putname+0xf7/0x130 [ 34.700964] do_group_exit+0x177/0x440 [ 34.704852] ? trace_hardirqs_on+0xbd/0x310 [ 34.709170] ? __ia32_sys_exit+0x50/0x50 [ 34.713231] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 34.718681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.724217] ? ksys_ioctl+0x81/0xd0 [ 34.727853] __x64_sys_exit_group+0x3e/0x50 [ 34.732181] do_syscall_64+0x1b9/0x820 [ 34.736072] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.741444] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.746377] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.751220] ? trace_hardirqs_on_caller+0x310/0x310 [ 34.756235] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.761249] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.766272] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.771123] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.776313] RIP: 0033:0x43ecd8 [ 34.779513] Code: Bad RIP value. [ 34.782869] RSP: 002b:00007ffc02ab2db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.790578] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8 [ 34.797846] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.805112] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.812923] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.820185] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.827459] [ 34.829079] Allocated by task 5339: [ 34.832716] save_stack+0x43/0xd0 [ 34.836165] kasan_kmalloc+0xc7/0xe0 [ 34.839875] kasan_slab_alloc+0x12/0x20 [ 34.843850] kmem_cache_alloc+0x12e/0x730 [ 34.847994] vmx_create_vcpu+0xcf/0x25e0 [ 34.852057] kvm_arch_vcpu_create+0xe5/0x220 [ 34.856463] kvm_vm_ioctl+0x470/0x1d40 [ 34.860353] do_vfs_ioctl+0x1de/0x1720 [ 34.864496] ksys_ioctl+0xa9/0xd0 [ 34.867945] __x64_sys_ioctl+0x73/0xb0 [ 34.871835] do_syscall_64+0x1b9/0x820 [ 34.875720] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.880896] [ 34.882513] Freed by task 5339: [ 34.885792] save_stack+0x43/0xd0 [ 34.889244] __kasan_slab_free+0x102/0x150 [ 34.893478] kasan_slab_free+0xe/0x10 [ 34.897279] kmem_cache_free+0x83/0x290 [ 34.901251] vmx_free_vcpu+0x26b/0x300 [ 34.905132] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.909540] kvm_put_kvm+0x6c8/0xff0 [ 34.913262] kvm_vm_release+0x42/0x50 [ 34.917057] __fput+0x385/0xa30 [ 34.920339] ____fput+0x15/0x20 [ 34.923618] task_work_run+0x1e8/0x2a0 [ 34.927507] do_exit+0x1ad7/0x2610 [ 34.931041] do_group_exit+0x177/0x440 [ 34.934926] __x64_sys_exit_group+0x3e/0x50 [ 34.939249] do_syscall_64+0x1b9/0x820 [ 34.943135] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.948314] [ 34.949940] The buggy address belongs to the object at ffff8801c41b0040 [ 34.949940] which belongs to the cache kvm_vcpu of size 23872 [ 34.962513] The buggy address is located 24 bytes inside of [ 34.962513] 23872-byte region [ffff8801c41b0040, ffff8801c41b5d80) [ 34.974475] The buggy address belongs to the page: [ 34.979405] page:ffffea0007106c00 count:1 mapcount:0 mapping:ffff8801d59aaa80 index:0x0 compound_mapcount: 0 [ 34.989375] flags: 0x2fffc0000008100(slab|head) [ 34.994054] raw: 02fffc0000008100 ffff8801d59a2348 ffff8801d59a2348 ffff8801d59aaa80 [ 35.001935] raw: 0000000000000000 ffff8801c41b0040 0000000100000001 0000000000000000 [ 35.009805] page dumped because: kasan: bad access detected [ 35.015505] [ 35.017121] Memory state around the buggy address: [ 35.022049] ffff8801c41aff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.029404] ffff8801c41aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.036762] >ffff8801c41b0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 35.044111] ^ [ 35.050341] ffff8801c41b0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.057699] ffff8801c41b0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.065052] ================================================================== [ 35.072401] Kernel panic - not syncing: panic_on_warn set ... [ 35.072401] [ 35.079767] CPU: 1 PID: 5339 Comm: syz-executor506 Tainted: G B 4.19.0-rc4+ #248 [ 35.088611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.097973] Call Trace: [ 35.100582] dump_stack+0x1c4/0x2b4 [ 35.104215] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.109409] ? lock_downgrade+0x900/0x900 [ 35.113569] panic+0x238/0x4e7 [ 35.116766] ? add_taint.cold.5+0x16/0x16 [ 35.120916] ? print_shadow_for_address+0xb6/0x116 [ 35.125845] ? trace_hardirqs_off+0xaf/0x310 [ 35.130284] kasan_end_report+0x47/0x4f [ 35.134268] kasan_report.cold.9+0x76/0x309 [ 35.138589] ? __schedule+0xfc3/0x1ed0 [ 35.142479] __asan_report_load8_noabort+0x14/0x20 [ 35.147407] __schedule+0xfc3/0x1ed0 [ 35.151125] ? __sched_text_start+0x8/0x8 [ 35.155296] ? __lock_is_held+0xb5/0x140 [ 35.159361] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.164467] ? find_held_lock+0x36/0x1c0 [ 35.168536] ? __call_srcu+0x7f9/0x1070 [ 35.172532] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.177646] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.182755] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.187352] ? preempt_schedule+0x4d/0x60 [ 35.191505] preempt_schedule_common+0x1f/0xd0 [ 35.196099] preempt_schedule+0x4d/0x60 [ 35.200083] ___preempt_schedule+0x16/0x18 [ 35.204340] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.209275] __call_srcu+0x7f9/0x1070 [ 35.213083] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 35.218193] ? srcu_offline_cpu+0x120/0x120 [ 35.222516] ? debug_object_free+0x690/0x690 [ 35.226940] ? mark_held_locks+0x130/0x130 [ 35.231190] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 35.235781] ? lock_release+0x970/0x970 [ 35.239763] ? arch_local_save_flags+0x40/0x40 [ 35.244354] ? depot_save_stack+0x292/0x470 [ 35.248683] ? __lockdep_init_map+0x105/0x590 [ 35.253185] ? __init_waitqueue_head+0x9e/0x150 [ 35.257861] ? init_wait_entry+0x1c0/0x1c0 [ 35.262109] __synchronize_srcu+0x17b/0x230 [ 35.266479] ? call_srcu+0x10/0x10 [ 35.270106] ? rcu_unexpedite_gp+0x20/0x20 [ 35.274348] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.279886] ? check_preemption_disabled+0x48/0x200 [ 35.284914] synchronize_srcu+0x356/0x5ab [ 35.289072] ? lock_downgrade+0x900/0x900 [ 35.293222] ? synchronize_srcu_expedited+0x20/0x20 [ 35.298249] ? kasan_check_read+0x11/0x20 [ 35.302404] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.306999] ? kasan_check_write+0x14/0x20 [ 35.311236] ? do_raw_spin_lock+0xc1/0x200 [ 35.315485] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.321211] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.326671] ? kvfree+0x61/0x70 [ 35.330282] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.335315] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.339380] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.343792] ? kvm_arch_sync_events+0x30/0x30 [ 35.348292] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.353834] ? mmu_notifier_unregister+0x474/0x600 [ 35.358763] ? kfree+0x107/0x230 [ 35.362127] ? __mmu_notifier_register+0x30/0x30 [ 35.366887] ? __free_pages+0x10a/0x190 [ 35.370865] ? free_unref_page+0x960/0x960 [ 35.375109] kvm_put_kvm+0x6c8/0xff0 [ 35.378828] ? kvm_write_guest_cached+0x40/0x40 [ 35.383504] ? kvm_irqfd_release+0xd1/0x120 [ 35.387832] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.392334] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.396849] ? kasan_check_write+0x14/0x20 [ 35.401093] ? do_raw_spin_lock+0xc1/0x200 [ 35.405335] ? kvm_irqfd_release+0xdd/0x120 [ 35.409659] ? kvm_irqfd_release+0xdd/0x120 [ 35.413985] ? kvm_put_kvm+0xff0/0xff0 [ 35.417871] kvm_vm_release+0x42/0x50 [ 35.421670] __fput+0x385/0xa30 [ 35.424953] ? get_max_files+0x20/0x20 [ 35.428841] ? trace_hardirqs_on+0xbd/0x310 [ 35.433168] ? ___might_sleep+0x1ed/0x300 [ 35.437323] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.442778] ? arch_local_save_flags+0x40/0x40 [ 35.447363] ? kasan_check_write+0x14/0x20 [ 35.451600] ? do_raw_spin_lock+0xc1/0x200 [ 35.455837] ____fput+0x15/0x20 [ 35.459121] task_work_run+0x1e8/0x2a0 [ 35.463517] ? task_work_cancel+0x240/0x240 [ 35.467852] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.473392] ? switch_task_namespaces+0x9d/0xd0 [ 35.478066] do_exit+0x1ad7/0x2610 [ 35.481613] ? mm_update_next_owner+0x990/0x990 [ 35.486289] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 35.490526] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.495564] ? kfree+0x1fa/0x230 [ 35.498942] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 35.503179] ? kvm_vcpu_block+0x1030/0x1030 [ 35.507510] ? is_bpf_text_address+0xd3/0x170 [ 35.512019] ? kernel_text_address+0x79/0xf0 [ 35.516463] ? __kernel_text_address+0xd/0x40 [ 35.520965] ? unwind_get_return_address+0x61/0xa0 [ 35.525931] ? __save_stack_trace+0x8d/0xf0 [ 35.530262] ? save_stack+0xa9/0xd0 [ 35.533889] ? save_stack+0x43/0xd0 [ 35.537515] ? __kasan_slab_free+0x102/0x150 [ 35.541926] ? kasan_slab_free+0xe/0x10 [ 35.545897] ? putname+0xf2/0x130 [ 35.549348] ? __x64_sys_openat+0x9d/0x100 [ 35.553588] ? do_syscall_64+0x1b9/0x820 [ 35.557656] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.563034] ? trace_hardirqs_off+0xb8/0x310 [ 35.567448] ? kasan_check_read+0x11/0x20 [ 35.571596] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.576000] ? trace_hardirqs_on+0x310/0x310 [ 35.580409] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 35.585513] ? trace_hardirqs_off+0xb8/0x310 [ 35.589919] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.595454] ? check_preemption_disabled+0x48/0x200 [ 35.600470] ? check_preemption_disabled+0x48/0x200 [ 35.605487] ? kvm_vcpu_block+0x1030/0x1030 [ 35.609812] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.615354] ? do_vfs_ioctl+0x201/0x1720 [ 35.619416] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 35.624695] ? ioctl_preallocate+0x300/0x300 [ 35.629103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.634641] ? __fget_light+0x2e9/0x430 [ 35.638616] ? fget_raw+0x20/0x20 [ 35.642070] ? putname+0xf2/0x130 [ 35.645523] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.650557] ? kmem_cache_free+0x24f/0x290 [ 35.654794] ? putname+0xf7/0x130 [ 35.658250] do_group_exit+0x177/0x440 [ 35.662140] ? trace_hardirqs_on+0xbd/0x310 [ 35.666463] ? __ia32_sys_exit+0x50/0x50 [ 35.670523] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.675977] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.681508] ? ksys_ioctl+0x81/0xd0 [ 35.685141] __x64_sys_exit_group+0x3e/0x50 [ 35.689467] do_syscall_64+0x1b9/0x820 [ 35.693354] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.698735] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.703667] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.708507] ? trace_hardirqs_on_caller+0x310/0x310 [ 35.713524] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.718559] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.723585] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.728431] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.733633] RIP: 0033:0x43ecd8 [ 35.736832] Code: Bad RIP value. [ 35.740193] RSP: 002b:00007ffc02ab2db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.747903] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8 [ 35.755164] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.762431] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.769695] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.776958] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.784257] [ 35.784263] ====================================================== [ 35.784269] WARNING: possible circular locking dependency detected [ 35.784273] 4.19.0-rc4+ #248 Not tainted [ 35.784279] ------------------------------------------------------ [ 35.784285] syz-executor506/5339 is trying to acquire lock: [ 35.784288] 000000008ecd254a ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 35.784305] [ 35.784315] but task is already holding lock: [ 35.784318] 00000000a92d8d85 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 35.784334] [ 35.784339] which lock already depends on the new lock. [ 35.784341] [ 35.784344] [ 35.784349] the existing dependency chain (in reverse order) is: [ 35.784352] [ 35.784355] -> #3 (report_lock){....}: [ 35.784371] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.784375] kasan_report+0x8b/0x110 [ 35.784380] __asan_report_load8_noabort+0x14/0x20 [ 35.784384] __schedule+0xfc3/0x1ed0 [ 35.784389] preempt_schedule_common+0x1f/0xd0 [ 35.784393] preempt_schedule+0x4d/0x60 [ 35.784398] ___preempt_schedule+0x16/0x18 [ 35.784402] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.784406] __call_srcu+0x7f9/0x1070 [ 35.784411] __synchronize_srcu+0x17b/0x230 [ 35.784415] synchronize_srcu+0x356/0x5ab [ 35.784421] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.784425] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.784430] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.784434] kvm_put_kvm+0x6c8/0xff0 [ 35.784438] kvm_vm_release+0x42/0x50 [ 35.784442] __fput+0x385/0xa30 [ 35.784446] ____fput+0x15/0x20 [ 35.784451] task_work_run+0x1e8/0x2a0 [ 35.784455] do_exit+0x1ad7/0x2610 [ 35.784459] do_group_exit+0x177/0x440 [ 35.784463] __x64_sys_exit_group+0x3e/0x50 [ 35.784468] do_syscall_64+0x1b9/0x820 [ 35.784473] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.784475] [ 35.784478] -> #2 (&rq->lock){-.-.}: [ 35.784493] _raw_spin_lock+0x2d/0x40 [ 35.784497] task_fork_fair+0xb0/0x6d0 [ 35.784501] sched_fork+0x443/0xba0 [ 35.784506] copy_process+0x2586/0x8780 [ 35.784510] _do_fork+0x1cb/0x11d0 [ 35.784514] kernel_thread+0x34/0x40 [ 35.784518] rest_init+0x22/0xe5 [ 35.784522] start_kernel+0x8f4/0x92f [ 35.784527] x86_64_start_reservations+0x29/0x2b [ 35.784531] x86_64_start_kernel+0x76/0x79 [ 35.784535] secondary_startup_64+0xa4/0xb0 [ 35.784538] [ 35.784540] -> #1 (&p->pi_lock){-.-.}: [ 35.784565] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.784569] try_to_wake_up+0xd2/0x12f0 [ 35.784573] wake_up_process+0x10/0x20 [ 35.784577] __up.isra.1+0x1c0/0x2a0 [ 35.784581] up+0x13c/0x1c0 [ 35.784585] __up_console_sem+0xbe/0x1b0 [ 35.784590] console_unlock+0x814/0x1160 [ 35.784594] vprintk_emit+0x33d/0x930 [ 35.784598] vprintk_default+0x28/0x30 [ 35.784602] vprintk_func+0x7e/0x181 [ 35.784606] printk+0xa7/0xcf [ 35.784610] load_umh+0x51/0xbd [ 35.784614] do_one_initcall+0x145/0x957 [ 35.784619] kernel_init_freeable+0x4bb/0x5ae [ 35.784623] kernel_init+0x11/0x1b2 [ 35.784627] ret_from_fork+0x3a/0x50 [ 35.784630] [ 35.784633] -> #0 ((console_sem).lock){-...}: [ 35.784648] lock_acquire+0x1ed/0x520 [ 35.784653] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.784657] down_trylock+0x13/0x70 [ 35.784662] __down_trylock_console_sem+0xae/0x200 [ 35.784667] console_trylock+0x15/0xa0 [ 35.784671] vprintk_emit+0x322/0x930 [ 35.784675] vprintk_default+0x28/0x30 [ 35.784680] vprintk_func+0x7e/0x181 [ 35.784683] printk+0xa7/0xcf [ 35.784687] kasan_report+0x9b/0x110 [ 35.784692] __asan_report_load8_noabort+0x14/0x20 [ 35.784696] __schedule+0xfc3/0x1ed0 [ 35.784701] preempt_schedule_common+0x1f/0xd0 [ 35.784705] preempt_schedule+0x4d/0x60 [ 35.784710] ___preempt_schedule+0x16/0x18 [ 35.784715] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.784719] __call_srcu+0x7f9/0x1070 [ 35.784723] __synchronize_srcu+0x17b/0x230 [ 35.784728] synchronize_srcu+0x356/0x5ab [ 35.784733] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.784737] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.784742] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.784746] kvm_put_kvm+0x6c8/0xff0 [ 35.784750] kvm_vm_release+0x42/0x50 [ 35.784754] __fput+0x385/0xa30 [ 35.784758] ____fput+0x15/0x20 [ 35.784762] task_work_run+0x1e8/0x2a0 [ 35.784766] do_exit+0x1ad7/0x2610 [ 35.784771] do_group_exit+0x177/0x440 [ 35.784775] __x64_sys_exit_group+0x3e/0x50 [ 35.784779] do_syscall_64+0x1b9/0x820 [ 35.784784] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.784787] [ 35.784791] other info that might help us debug this: [ 35.784794] [ 35.784797] Chain exists of: [ 35.784800] (console_sem).lock --> &rq->lock --> report_lock [ 35.784820] [ 35.784825] Possible unsafe locking scenario: [ 35.784827] [ 35.784831] CPU0 CPU1 [ 35.784836] ---- ---- [ 35.784839] lock(report_lock); [ 35.784849] lock(&rq->lock); [ 35.784859] lock(report_lock); [ 35.784868] lock((console_sem).lock); [ 35.784877] [ 35.784881] *** DEADLOCK *** [ 35.784883] [ 35.784888] 2 locks held by syz-executor506/5339: [ 35.784891] #0: 00000000a97762a7 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 35.784909] #1: 00000000a92d8d85 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 35.784928] [ 35.784932] stack backtrace: [ 35.784938] CPU: 1 PID: 5339 Comm: syz-executor506 Not tainted 4.19.0-rc4+ #248 [ 35.784946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.784949] Call Trace: [ 35.784954] dump_stack+0x1c4/0x2b4 [ 35.784959] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.784963] ? vprintk_func+0x85/0x181 [ 35.784968] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 35.784972] ? save_trace+0xe0/0x290 [ 35.784977] __lock_acquire+0x33e4/0x4ec0 [ 35.784981] ? mark_held_locks+0x130/0x130 [ 35.784986] ? mark_held_locks+0x130/0x130 [ 35.784990] ? rcu_bh_qs+0xc0/0xc0 [ 35.784994] ? unwind_dump+0x190/0x190 [ 35.784998] ? is_bpf_text_address+0xd3/0x170 [ 35.785003] ? kernel_text_address+0x79/0xf0 [ 35.785008] ? __kernel_text_address+0xd/0x40 [ 35.785012] ? __save_stack_trace+0x8d/0xf0 [ 35.785017] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 35.785021] ? save_trace+0x290/0x290 [ 35.785025] ? save_stack_trace+0x1a/0x20 [ 35.785030] ? save_trace+0xe0/0x290 [ 35.785034] ? kasan_check_read+0x11/0x20 [ 35.785038] ? graph_lock+0x170/0x170 [ 35.785043] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.785048] lock_acquire+0x1ed/0x520 [ 35.785052] ? down_trylock+0x13/0x70 [ 35.785056] ? find_held_lock+0x36/0x1c0 [ 35.785060] ? lock_release+0x970/0x970 [ 35.785065] ? trace_hardirqs_off+0xb8/0x310 [ 35.785069] ? vprintk_emit+0x1d3/0x930 [ 35.785074] ? trace_hardirqs_on+0x310/0x310 [ 35.785079] ? trace_hardirqs_off+0xb8/0x310 [ 35.785083] ? log_store+0x344/0x4c0 [ 35.785087] ? vprintk_emit+0x322/0x930 [ 35.785092] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.785096] ? down_trylock+0x13/0x70 [ 35.785100] down_trylock+0x13/0x70 [ 35.785105] __down_trylock_console_sem+0xae/0x200 [ 35.785109] console_trylock+0x15/0xa0 [ 35.785113] vprintk_emit+0x322/0x930 [ 35.785118] ? wake_up_klogd+0x180/0x180 [ 35.785122] ? run_rebalance_domains+0x500/0x500 [ 35.785127] ? find_held_lock+0x36/0x1c0 [ 35.785131] ? __queue_work+0x6be/0x1440 [ 35.785135] ? lock_acquire+0x1ed/0x520 [ 35.785140] vprintk_default+0x28/0x30 [ 35.785144] vprintk_func+0x7e/0x181 [ 35.785147] printk+0xa7/0xcf [ 35.785152] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.785157] ? kasan_check_write+0x14/0x20 [ 35.785161] ? do_raw_spin_lock+0xc1/0x200 [ 35.785165] ? do_raw_spin_lock+0xc1/0x200 [ 35.785170] kasan_report+0x9b/0x110 [ 35.785174] ? __schedule+0xfc3/0x1ed0 [ 35.785179] __asan_report_load8_noabort+0x14/0x20 [ 35.785183] __schedule+0xfc3/0x1ed0 [ 35.785187] ? __sched_text_start+0x8/0x8 [ 35.785191] ? __lock_is_held+0xb5/0x140 [ 35.785196] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.785201] ? find_held_lock+0x36/0x1c0 [ 35.785205] ? __call_srcu+0x7f9/0x1070 [ 35.785210] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.785215] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.785219] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.785224] ? preempt_schedule+0x4d/0x60 [ 35.785229] preempt_schedule_common+0x1f/0xd0 [ 35.785233] preempt_schedule+0x4d/0x60 [ 35.785237] ___preempt_schedule+0x16/0x18 [ 35.785242] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.785246] __call_srcu+0x7f9/0x1070 [ 35.785251] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 35.785256] ? srcu_offline_cpu+0x120/0x120 [ 35.785260] ? debug_object_free+0x690/0x690 [ 35.785265] ? mark_held_locks+0x130/0x130 [ 35.785270] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 35.785274] ? lock_release+0x970/0x970 [ 35.785279] ? arch_local_save_flags+0x40/0x40 [ 35.785283] ? depot_save_stack+0x292/0x470 [ 35.785288] ? __lockdep_init_map+0x105/0x590 [ 35.785293] ? __init_waitqueue_head+0x9e/0x150 [ 35.785297] ? init_wait_entry+0x1c0/0x1c0 [ 35.785302] __synchronize_srcu+0x17b/0x230 [ 35.785306] ? call_srcu+0x10/0x10 [ 35.785316] ? rcu_unexpedite_gp+0x20/0x20 [ 35.785321] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.785326] ? check_preemption_disabled+0x48/0x200 [ 35.785331] synchronize_srcu+0x356/0x5ab [ 35.785335] ? lock_downgrade+0x900/0x900 [ 35.785340] ? synchronize_srcu_expedited+0x20/0x20 [ 35.785344] ? kasan_check_read+0x11/0x20 [ 35.785349] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.785354] ? kasan_check_write+0x14/0x20 [ 35.785358] ? do_raw_spin_lock+0xc1/0x200 [ 35.785363] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.785368] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.785372] ? kvfree+0x61/0x70 [ 35.785377] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.785382] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.785386] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.785391] ? kvm_arch_sync_events+0x30/0x30 [ 35.785396] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.785401] ? mmu_notifier_unregister+0x474/0x600 [ 35.785405] ? kfree+0x107/0x230 [ 35.785409] ? __mmu_notifier_register+0x30/0x30 [ 35.785414] ? __free_pages+0x10a/0x190 [ 35.785418] ? free_unref_page+0x960/0x960 [ 35.785422] kvm_put_kvm+0x6c8/0xff0 [ 35.785427] ? kvm_write_guest_cached+0x40/0x40 [ 35.785431] ? kvm_irqfd_release+0xd1/0x120 [ 35.785436] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.785440] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.785445] ? kasan_check_write+0x14/0x20 [ 35.785449] ? do_raw_spin_lock+0xc1/0x200 [ 35.785454] ? kvm_irqfd_release+0xdd/0x120 [ 35.785457] ? kvm_irqfd_release+ [ 35.785465] Lost 81 message(s)! [ 36.942518] Shutting down cpus with NMI [ 38.000971] Kernel Offset: disabled [ 38.004594] Rebooting in 86400 seconds..