[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.802331] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.459378] random: sshd: uninitialized urandom read (32 bytes read) [ 27.800554] random: sshd: uninitialized urandom read (32 bytes read) [ 28.405673] random: sshd: uninitialized urandom read (32 bytes read) [ 37.730343] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. [ 43.312839] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 43.431815] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 43.457977] ================================================================== [ 43.467900] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 43.474131] Read of size 8 at addr ffff8801d93f0058 by task syz-executor400/5338 [ 43.481653] [ 43.483283] CPU: 0 PID: 5338 Comm: syz-executor400 Not tainted 4.19.0-rc2+ #227 [ 43.490719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.500061] Call Trace: [ 43.502649] dump_stack+0x1c4/0x2b4 [ 43.506281] ? dump_stack_print_info.cold.2+0x52/0x52 [ 43.511467] ? printk+0xa7/0xcf [ 43.514750] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 43.519520] print_address_description.cold.8+0x9/0x1ff [ 43.524883] kasan_report.cold.9+0x242/0x309 [ 43.529296] ? __schedule+0xfc3/0x1ed0 [ 43.533186] __asan_report_load8_noabort+0x14/0x20 [ 43.538111] __schedule+0xfc3/0x1ed0 [ 43.541829] ? __sched_text_start+0x8/0x8 [ 43.545986] ? __lock_is_held+0xb5/0x140 [ 43.550041] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.555140] ? find_held_lock+0x36/0x1c0 [ 43.559202] ? __call_srcu+0x7f9/0x1070 [ 43.563185] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.568291] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.573392] ? lockdep_hardirqs_on+0x421/0x5c0 [ 43.577973] ? preempt_schedule+0x4d/0x60 [ 43.582120] preempt_schedule_common+0x1f/0xd0 [ 43.586704] preempt_schedule+0x4d/0x60 [ 43.590673] ___preempt_schedule+0x16/0x18 [ 43.594928] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 43.599855] __call_srcu+0x7f9/0x1070 [ 43.603653] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 43.608769] ? srcu_offline_cpu+0x120/0x120 [ 43.613088] ? debug_object_free+0x690/0x690 [ 43.617491] ? mark_held_locks+0x130/0x130 [ 43.621724] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 43.626305] ? lock_release+0x970/0x970 [ 43.630275] ? arch_local_save_flags+0x40/0x40 [ 43.634857] ? depot_save_stack+0x292/0x470 [ 43.639183] ? __lockdep_init_map+0x105/0x590 [ 43.643688] ? __init_waitqueue_head+0x9e/0x150 [ 43.648369] ? init_wait_entry+0x1c0/0x1c0 [ 43.652610] __synchronize_srcu+0x17b/0x230 [ 43.656935] ? call_srcu+0x10/0x10 [ 43.660469] ? rcu_unexpedite_gp+0x20/0x20 [ 43.664700] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 43.670230] ? check_preemption_disabled+0x48/0x200 [ 43.675246] synchronize_srcu+0x356/0x5ab [ 43.679388] ? lock_downgrade+0x900/0x900 [ 43.683529] ? synchronize_srcu_expedited+0x20/0x20 [ 43.688542] ? kasan_check_read+0x11/0x20 [ 43.692714] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 43.697296] ? kasan_check_write+0x14/0x20 [ 43.701527] ? do_raw_spin_lock+0xc1/0x200 [ 43.705765] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.711477] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 43.716980] ? kvfree+0x61/0x70 [ 43.720257] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.725273] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.729332] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.733738] ? kvm_arch_sync_events+0x30/0x30 [ 43.738235] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.743769] ? mmu_notifier_unregister+0x474/0x600 [ 43.748717] ? kfree+0x107/0x230 [ 43.752079] ? __mmu_notifier_register+0x30/0x30 [ 43.756845] ? __free_pages+0x10a/0x190 [ 43.760817] ? free_unref_page+0x960/0x960 [ 43.765064] kvm_put_kvm+0x6c8/0xff0 [ 43.768785] ? kvm_write_guest_cached+0x40/0x40 [ 43.773454] ? kvm_irqfd_release+0xd1/0x120 [ 43.777774] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.782266] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.786781] ? kasan_check_write+0x14/0x20 [ 43.791011] ? do_raw_spin_lock+0xc1/0x200 [ 43.795241] ? kvm_irqfd_release+0xdd/0x120 [ 43.799559] ? kvm_irqfd_release+0xdd/0x120 [ 43.803893] ? kvm_put_kvm+0xff0/0xff0 [ 43.807782] kvm_vm_release+0x42/0x50 [ 43.811591] __fput+0x385/0xa30 [ 43.814869] ? get_max_files+0x20/0x20 [ 43.818757] ? ___might_sleep+0x1ed/0x300 [ 43.822915] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 43.828369] ? arch_local_save_flags+0x40/0x40 [ 43.832949] ? kasan_check_write+0x14/0x20 [ 43.837184] ? do_raw_spin_lock+0xc1/0x200 [ 43.841419] ____fput+0x15/0x20 [ 43.844697] task_work_run+0x1e8/0x2a0 [ 43.848582] ? task_work_cancel+0x240/0x240 [ 43.852902] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.858460] ? switch_task_namespaces+0x9d/0xd0 [ 43.863135] do_exit+0x1ad7/0x2610 [ 43.866676] ? find_held_lock+0x36/0x1c0 [ 43.870752] ? mm_update_next_owner+0x990/0x990 [ 43.875424] ? is_bpf_text_address+0xac/0x170 [ 43.879933] ? lock_downgrade+0x900/0x900 [ 43.884075] ? check_preemption_disabled+0x48/0x200 [ 43.889097] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 43.894935] ? kasan_check_read+0x11/0x20 [ 43.899082] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 43.904354] ? rcu_bh_qs+0xc0/0xc0 [ 43.907888] ? rcu_bh_qs+0xc0/0xc0 [ 43.911455] ? unwind_dump+0x190/0x190 [ 43.915388] ? is_bpf_text_address+0xd3/0x170 [ 43.919883] ? kernel_text_address+0x79/0xf0 [ 43.924297] ? __kernel_text_address+0xd/0x40 [ 43.928793] ? unwind_get_return_address+0x61/0xa0 [ 43.933731] ? __save_stack_trace+0x8d/0xf0 [ 43.938056] ? save_stack+0xa9/0xd0 [ 43.941676] ? save_stack+0x43/0xd0 [ 43.945299] ? __kasan_slab_free+0x102/0x150 [ 43.949705] ? kasan_slab_free+0xe/0x10 [ 43.953694] ? kmem_cache_free+0x83/0x290 [ 43.957837] ? putname+0xf2/0x130 [ 43.961285] ? __x64_sys_openat+0x9d/0x100 [ 43.965527] ? do_syscall_64+0x1b9/0x820 [ 43.969583] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.974946] ? trace_hardirqs_off+0xb8/0x310 [ 43.979349] ? kasan_check_read+0x11/0x20 [ 43.983495] ? do_raw_spin_unlock+0xa7/0x2f0 [ 43.987898] ? trace_hardirqs_on+0x310/0x310 [ 43.992327] ? kasan_check_write+0x14/0x20 [ 43.996562] ? trace_hardirqs_off+0xb8/0x310 [ 44.000967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.006509] ? check_preemption_disabled+0x48/0x200 [ 44.011537] ? check_preemption_disabled+0x48/0x200 [ 44.016579] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 44.022117] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 44.027395] ? rcu_pm_notify+0xc0/0xc0 [ 44.031283] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 44.036292] ? __fget_light+0x2e9/0x430 [ 44.040260] ? fget_raw+0x20/0x20 [ 44.043707] ? putname+0xf2/0x130 [ 44.047153] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.052168] ? kmem_cache_free+0x24f/0x290 [ 44.056402] ? putname+0xf7/0x130 [ 44.059856] do_group_exit+0x177/0x440 [ 44.063742] ? trace_hardirqs_on+0xbd/0x310 [ 44.068061] ? __ia32_sys_exit+0x50/0x50 [ 44.072118] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 44.077570] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 44.083099] ? ksys_ioctl+0x81/0xd0 [ 44.086751] __x64_sys_exit_group+0x3e/0x50 [ 44.091071] do_syscall_64+0x1b9/0x820 [ 44.094956] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 44.100333] ? syscall_return_slowpath+0x5e0/0x5e0 [ 44.105265] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.110109] ? trace_hardirqs_on_caller+0x310/0x310 [ 44.115122] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 44.120134] ? prepare_exit_to_usermode+0x291/0x3b0 [ 44.125198] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.130044] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.135228] RIP: 0033:0x43ef78 [ 44.138419] Code: Bad RIP value. [ 44.141776] RSP: 002b:00007ffc323bed48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 44.149503] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef78 [ 44.156769] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 44.164033] RBP: 00000000004be828 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 44.171297] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 44.178558] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 44.185826] [ 44.187780] Allocated by task 5338: [ 44.191412] save_stack+0x43/0xd0 [ 44.194864] kasan_kmalloc+0xc7/0xe0 [ 44.198572] kasan_slab_alloc+0x12/0x20 [ 44.202543] kmem_cache_alloc+0x12e/0x730 [ 44.206689] vmx_create_vcpu+0xcf/0x25e0 [ 44.210745] kvm_arch_vcpu_create+0xe5/0x220 [ 44.215150] kvm_vm_ioctl+0x470/0x1d40 [ 44.219035] do_vfs_ioctl+0x1de/0x1720 [ 44.222936] ksys_ioctl+0xa9/0xd0 [ 44.226386] __x64_sys_ioctl+0x73/0xb0 [ 44.230272] do_syscall_64+0x1b9/0x820 [ 44.234248] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.239434] [ 44.241057] Freed by task 5338: [ 44.244330] save_stack+0x43/0xd0 [ 44.247779] __kasan_slab_free+0x102/0x150 [ 44.252006] kasan_slab_free+0xe/0x10 [ 44.255802] kmem_cache_free+0x83/0x290 [ 44.259772] vmx_free_vcpu+0x26b/0x300 [ 44.263650] kvm_arch_destroy_vm+0x365/0x7c0 [ 44.268069] kvm_put_kvm+0x6c8/0xff0 [ 44.271788] kvm_vm_release+0x42/0x50 [ 44.275591] __fput+0x385/0xa30 [ 44.278865] ____fput+0x15/0x20 [ 44.282139] task_work_run+0x1e8/0x2a0 [ 44.286018] do_exit+0x1ad7/0x2610 [ 44.289566] do_group_exit+0x177/0x440 [ 44.293447] __x64_sys_exit_group+0x3e/0x50 [ 44.297761] do_syscall_64+0x1b9/0x820 [ 44.301642] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.306819] [ 44.308429] The buggy address belongs to the object at ffff8801d93f0040 [ 44.308429] which belongs to the cache kvm_vcpu of size 23872 [ 44.320979] The buggy address is located 24 bytes inside of [ 44.320979] 23872-byte region [ffff8801d93f0040, ffff8801d93f5d80) [ 44.332984] The buggy address belongs to the page: [ 44.337920] page:ffffea000764fc00 count:1 mapcount:0 mapping:ffff8801d59a0d80 index:0x0 compound_mapcount: 0 [ 44.347904] flags: 0x2fffc0000008100(slab|head) [ 44.352597] raw: 02fffc0000008100 ffff8801d599bd48 ffff8801d599bd48 ffff8801d59a0d80 [ 44.360473] raw: 0000000000000000 ffff8801d93f0040 0000000100000001 0000000000000000 [ 44.368342] page dumped because: kasan: bad access detected [ 44.374036] [ 44.375659] Memory state around the buggy address: [ 44.380583] ffff8801d93eff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.387934] ffff8801d93eff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.395290] >ffff8801d93f0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 44.402639] ^ [ 44.408877] ffff8801d93f0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.416239] ffff8801d93f0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.423603] ================================================================== [ 44.430956] Kernel panic - not syncing: panic_on_warn set ... [ 44.430956] [ 44.438321] CPU: 0 PID: 5338 Comm: syz-executor400 Tainted: G B 4.19.0-rc2+ #227 [ 44.447145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.456487] Call Trace: [ 44.459077] dump_stack+0x1c4/0x2b4 [ 44.462703] ? dump_stack_print_info.cold.2+0x52/0x52 [ 44.467892] ? lock_downgrade+0x900/0x900 [ 44.472049] panic+0x238/0x4e7 [ 44.475262] ? add_taint.cold.5+0x16/0x16 [ 44.479448] ? print_shadow_for_address+0xb6/0x116 [ 44.484384] ? trace_hardirqs_off+0xaf/0x310 [ 44.488790] kasan_end_report+0x47/0x4f [ 44.492768] kasan_report.cold.9+0x76/0x309 [ 44.497089] ? __schedule+0xfc3/0x1ed0 [ 44.500990] __asan_report_load8_noabort+0x14/0x20 [ 44.505923] __schedule+0xfc3/0x1ed0 [ 44.509641] ? __sched_text_start+0x8/0x8 [ 44.513821] ? __lock_is_held+0xb5/0x140 [ 44.517896] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 44.523012] ? find_held_lock+0x36/0x1c0 [ 44.527097] ? __call_srcu+0x7f9/0x1070 [ 44.531072] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 44.536175] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 44.541274] ? lockdep_hardirqs_on+0x421/0x5c0 [ 44.545855] ? preempt_schedule+0x4d/0x60 [ 44.550004] preempt_schedule_common+0x1f/0xd0 [ 44.554584] preempt_schedule+0x4d/0x60 [ 44.558554] ___preempt_schedule+0x16/0x18 [ 44.562787] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 44.567744] __call_srcu+0x7f9/0x1070 [ 44.571536] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 44.576638] ? srcu_offline_cpu+0x120/0x120 [ 44.580977] ? debug_object_free+0x690/0x690 [ 44.585381] ? mark_held_locks+0x130/0x130 [ 44.589616] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 44.594205] ? lock_release+0x970/0x970 [ 44.598176] ? arch_local_save_flags+0x40/0x40 [ 44.602761] ? depot_save_stack+0x292/0x470 [ 44.607085] ? __lockdep_init_map+0x105/0x590 [ 44.611594] ? __init_waitqueue_head+0x9e/0x150 [ 44.616276] ? init_wait_entry+0x1c0/0x1c0 [ 44.620519] __synchronize_srcu+0x17b/0x230 [ 44.624836] ? call_srcu+0x10/0x10 [ 44.628388] ? rcu_unexpedite_gp+0x20/0x20 [ 44.632660] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 44.638192] ? check_preemption_disabled+0x48/0x200 [ 44.643206] synchronize_srcu+0x356/0x5ab [ 44.647353] ? lock_downgrade+0x900/0x900 [ 44.651501] ? synchronize_srcu_expedited+0x20/0x20 [ 44.656522] ? kasan_check_read+0x11/0x20 [ 44.660685] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 44.665271] ? kasan_check_write+0x14/0x20 [ 44.669505] ? do_raw_spin_lock+0xc1/0x200 [ 44.673746] kvm_page_track_unregister_notifier+0x17d/0x250 [ 44.679454] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 44.684911] ? kvfree+0x61/0x70 [ 44.688190] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.693204] kvm_mmu_uninit_vm+0x1c/0x20 [ 44.697263] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 44.701678] ? kvm_arch_sync_events+0x30/0x30 [ 44.706175] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 44.711708] ? mmu_notifier_unregister+0x474/0x600 [ 44.716636] ? kfree+0x107/0x230 [ 44.720012] ? __mmu_notifier_register+0x30/0x30 [ 44.724792] ? __free_pages+0x10a/0x190 [ 44.728765] ? free_unref_page+0x960/0x960 [ 44.733007] kvm_put_kvm+0x6c8/0xff0 [ 44.736724] ? kvm_write_guest_cached+0x40/0x40 [ 44.741426] ? kvm_irqfd_release+0xd1/0x120 [ 44.745756] ? _raw_spin_unlock_irq+0x27/0x80 [ 44.750271] ? _raw_spin_unlock_irq+0x27/0x80 [ 44.754785] ? kasan_check_write+0x14/0x20 [ 44.759017] ? do_raw_spin_lock+0xc1/0x200 [ 44.763255] ? kvm_irqfd_release+0xdd/0x120 [ 44.767574] ? kvm_irqfd_release+0xdd/0x120 [ 44.771893] ? kvm_put_kvm+0xff0/0xff0 [ 44.775785] kvm_vm_release+0x42/0x50 [ 44.779581] __fput+0x385/0xa30 [ 44.782874] ? get_max_files+0x20/0x20 [ 44.786762] ? ___might_sleep+0x1ed/0x300 [ 44.790916] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 44.796379] ? arch_local_save_flags+0x40/0x40 [ 44.800959] ? kasan_check_write+0x14/0x20 [ 44.805192] ? do_raw_spin_lock+0xc1/0x200 [ 44.809446] ____fput+0x15/0x20 [ 44.812735] task_work_run+0x1e8/0x2a0 [ 44.816617] ? task_work_cancel+0x240/0x240 [ 44.820953] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 44.826484] ? switch_task_namespaces+0x9d/0xd0 [ 44.831156] do_exit+0x1ad7/0x2610 [ 44.834692] ? find_held_lock+0x36/0x1c0 [ 44.838770] ? mm_update_next_owner+0x990/0x990 [ 44.843451] ? is_bpf_text_address+0xac/0x170 [ 44.847942] ? lock_downgrade+0x900/0x900 [ 44.852085] ? check_preemption_disabled+0x48/0x200 [ 44.857108] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 44.862902] ? kasan_check_read+0x11/0x20 [ 44.867056] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 44.872330] ? rcu_bh_qs+0xc0/0xc0 [ 44.875880] ? rcu_bh_qs+0xc0/0xc0 [ 44.879444] ? unwind_dump+0x190/0x190 [ 44.883357] ? is_bpf_text_address+0xd3/0x170 [ 44.887858] ? kernel_text_address+0x79/0xf0 [ 44.892275] ? __kernel_text_address+0xd/0x40 [ 44.896774] ? unwind_get_return_address+0x61/0xa0 [ 44.901703] ? __save_stack_trace+0x8d/0xf0 [ 44.906030] ? save_stack+0xa9/0xd0 [ 44.909657] ? save_stack+0x43/0xd0 [ 44.913332] ? __kasan_slab_free+0x102/0x150 [ 44.917741] ? kasan_slab_free+0xe/0x10 [ 44.921714] ? kmem_cache_free+0x83/0x290 [ 44.925861] ? putname+0xf2/0x130 [ 44.929328] ? __x64_sys_openat+0x9d/0x100 [ 44.933573] ? do_syscall_64+0x1b9/0x820 [ 44.937635] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.943013] ? trace_hardirqs_off+0xb8/0x310 [ 44.947515] ? kasan_check_read+0x11/0x20 [ 44.951671] ? do_raw_spin_unlock+0xa7/0x2f0 [ 44.956078] ? trace_hardirqs_on+0x310/0x310 [ 44.960497] ? kasan_check_write+0x14/0x20 [ 44.964742] ? trace_hardirqs_off+0xb8/0x310 [ 44.969161] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.974708] ? check_preemption_disabled+0x48/0x200 [ 44.979716] ? check_preemption_disabled+0x48/0x200 [ 44.984735] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 44.990267] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 44.995539] ? rcu_pm_notify+0xc0/0xc0 [ 44.999424] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 45.004440] ? __fget_light+0x2e9/0x430 [ 45.008409] ? fget_raw+0x20/0x20 [ 45.011858] ? putname+0xf2/0x130 [ 45.015309] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.020527] ? kmem_cache_free+0x24f/0x290 [ 45.024773] ? putname+0xf7/0x130 [ 45.028231] do_group_exit+0x177/0x440 [ 45.032115] ? trace_hardirqs_on+0xbd/0x310 [ 45.036468] ? __ia32_sys_exit+0x50/0x50 [ 45.040530] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 45.045975] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 45.051509] ? ksys_ioctl+0x81/0xd0 [ 45.055135] __x64_sys_exit_group+0x3e/0x50 [ 45.059476] do_syscall_64+0x1b9/0x820 [ 45.063364] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 45.068727] ? syscall_return_slowpath+0x5e0/0x5e0 [ 45.073669] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.078524] ? trace_hardirqs_on_caller+0x310/0x310 [ 45.083562] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 45.088578] ? prepare_exit_to_usermode+0x291/0x3b0 [ 45.093604] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.098447] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.103651] RIP: 0033:0x43ef78 [ 45.106842] Code: Bad RIP value. [ 45.110199] RSP: 002b:00007ffc323bed48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 45.117903] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef78 [ 45.125177] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 45.132440] RBP: 00000000004be828 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 45.139703] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 45.146963] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 45.154237] [ 45.154243] ====================================================== [ 45.154249] WARNING: possible circular locking dependency detected [ 45.154253] 4.19.0-rc2+ #227 Not tainted [ 45.154258] ------------------------------------------------------ [ 45.154263] syz-executor400/5338 is trying to acquire lock: [ 45.154267] 000000007af6ad0b ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 45.154282] [ 45.154286] but task is already holding lock: [ 45.154290] 000000001a690728 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 45.154304] [ 45.154309] which lock already depends on the new lock. [ 45.154311] [ 45.154314] [ 45.154319] the existing dependency chain (in reverse order) is: [ 45.154322] [ 45.154324] -> #3 (report_lock){....}: [ 45.154352] _raw_spin_lock_irqsave+0x99/0xd0 [ 45.154356] kasan_report+0x8b/0x110 [ 45.154361] __asan_report_load8_noabort+0x14/0x20 [ 45.154364] __schedule+0xfc3/0x1ed0 [ 45.154369] preempt_schedule_common+0x1f/0xd0 [ 45.154373] preempt_schedule+0x4d/0x60 [ 45.154377] ___preempt_schedule+0x16/0x18 [ 45.154381] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 45.154385] __call_srcu+0x7f9/0x1070 [ 45.154390] __synchronize_srcu+0x17b/0x230 [ 45.154406] synchronize_srcu+0x356/0x5ab [ 45.154412] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.154427] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.154431] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.154435] kvm_put_kvm+0x6c8/0xff0 [ 45.154439] kvm_vm_release+0x42/0x50 [ 45.154442] __fput+0x385/0xa30 [ 45.154446] ____fput+0x15/0x20 [ 45.154449] task_work_run+0x1e8/0x2a0 [ 45.154453] do_exit+0x1ad7/0x2610 [ 45.154456] do_group_exit+0x177/0x440 [ 45.154460] __x64_sys_exit_group+0x3e/0x50 [ 45.154464] do_syscall_64+0x1b9/0x820 [ 45.154468] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.154471] [ 45.154473] -> #2 (&rq->lock){-.-.}: [ 45.154486] _raw_spin_lock+0x2d/0x40 [ 45.154490] task_fork_fair+0xb0/0x6d0 [ 45.154493] sched_fork+0x443/0xba0 [ 45.154497] copy_process+0x2586/0x8780 [ 45.154500] _do_fork+0x1cb/0x11d0 [ 45.154504] kernel_thread+0x34/0x40 [ 45.154507] rest_init+0x22/0xe5 [ 45.154523] start_kernel+0x8f4/0x92f [ 45.154527] x86_64_start_reservations+0x29/0x2b [ 45.154531] x86_64_start_kernel+0x76/0x79 [ 45.154547] secondary_startup_64+0xa4/0xb0 [ 45.154550] [ 45.154552] -> #1 (&p->pi_lock){-.-.}: [ 45.154579] _raw_spin_lock_irqsave+0x99/0xd0 [ 45.154596] try_to_wake_up+0xd2/0x12f0 [ 45.154600] wake_up_process+0x10/0x20 [ 45.154603] __up.isra.1+0x1c0/0x2a0 [ 45.154607] up+0x13c/0x1c0 [ 45.154611] __up_console_sem+0xbe/0x1b0 [ 45.154615] console_unlock+0x524/0x11a0 [ 45.154619] vprintk_emit+0x33d/0x930 [ 45.154623] vprintk_default+0x28/0x30 [ 45.154626] vprintk_func+0x7e/0x181 [ 45.154630] printk+0xa7/0xcf [ 45.154633] load_umh+0x51/0xbd [ 45.154637] do_one_initcall+0x145/0x957 [ 45.154648] kernel_init_freeable+0x4bb/0x5ae [ 45.154652] kernel_init+0x11/0x1b2 [ 45.154656] ret_from_fork+0x3a/0x50 [ 45.154670] [ 45.154673] -> #0 ((console_sem).lock){-...}: [ 45.154688] lock_acquire+0x1ed/0x520 [ 45.154692] _raw_spin_lock_irqsave+0x99/0xd0 [ 45.154696] down_trylock+0x13/0x70 [ 45.154701] __down_trylock_console_sem+0xae/0x200 [ 45.154705] console_trylock+0x15/0xa0 [ 45.154709] vprintk_emit+0x322/0x930 [ 45.154713] vprintk_default+0x28/0x30 [ 45.154717] vprintk_func+0x7e/0x181 [ 45.154720] printk+0xa7/0xcf [ 45.154724] kasan_report+0x9b/0x110 [ 45.154729] __asan_report_load8_noabort+0x14/0x20 [ 45.154733] __schedule+0xfc3/0x1ed0 [ 45.154737] preempt_schedule_common+0x1f/0xd0 [ 45.154741] preempt_schedule+0x4d/0x60 [ 45.154746] ___preempt_schedule+0x16/0x18 [ 45.154750] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 45.154754] __call_srcu+0x7f9/0x1070 [ 45.154759] __synchronize_srcu+0x17b/0x230 [ 45.154763] synchronize_srcu+0x356/0x5ab [ 45.154768] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.154772] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.154777] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.154781] kvm_put_kvm+0x6c8/0xff0 [ 45.154785] kvm_vm_release+0x42/0x50 [ 45.154788] __fput+0x385/0xa30 [ 45.154792] ____fput+0x15/0x20 [ 45.154796] task_work_run+0x1e8/0x2a0 [ 45.154800] do_exit+0x1ad7/0x2610 [ 45.154804] do_group_exit+0x177/0x440 [ 45.154808] __x64_sys_exit_group+0x3e/0x50 [ 45.154826] do_syscall_64+0x1b9/0x820 [ 45.154830] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.154833] [ 45.154837] other info that might help us debug this: [ 45.154839] [ 45.154843] Chain exists of: [ 45.154845] (console_sem).lock --> &rq->lock --> report_lock [ 45.154887] [ 45.154891] Possible unsafe locking scenario: [ 45.154893] [ 45.154897] CPU0 CPU1 [ 45.154901] ---- ---- [ 45.154903] lock(report_lock); [ 45.154918] lock(&rq->lock); [ 45.154927] lock(report_lock); [ 45.154934] lock((console_sem).lock); [ 45.154954] [ 45.154969] *** DEADLOCK *** [ 45.154971] [ 45.154975] 2 locks held by syz-executor400/5338: [ 45.154989] #0: 000000005691a9a0 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 45.155006] #1: 000000001a690728 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 45.155035] [ 45.155039] stack backtrace: [ 45.155045] CPU: 0 PID: 5338 Comm: syz-executor400 Not tainted 4.19.0-rc2+ #227 [ 45.155052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.155055] Call Trace: [ 45.155059] dump_stack+0x1c4/0x2b4 [ 45.155064] ? dump_stack_print_info.cold.2+0x52/0x52 [ 45.155068] ? vprintk_func+0x85/0x181 [ 45.155073] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 45.155077] ? save_trace+0xe0/0x290 [ 45.155081] __lock_acquire+0x33e4/0x4ec0 [ 45.155085] ? mark_held_locks+0x130/0x130 [ 45.155089] ? mark_held_locks+0x130/0x130 [ 45.155093] ? rcu_bh_qs+0xc0/0xc0 [ 45.155097] ? unwind_dump+0x190/0x190 [ 45.155101] ? is_bpf_text_address+0xd3/0x170 [ 45.155106] ? kernel_text_address+0x79/0xf0 [ 45.155110] ? __kernel_text_address+0xd/0x40 [ 45.155114] ? __save_stack_trace+0x8d/0xf0 [ 45.155119] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 45.155123] ? save_trace+0x290/0x290 [ 45.155127] ? save_stack_trace+0x1a/0x20 [ 45.155131] ? save_trace+0xe0/0x290 [ 45.155135] ? kasan_check_read+0x11/0x20 [ 45.155139] ? graph_lock+0x170/0x170 [ 45.155144] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.155148] lock_acquire+0x1ed/0x520 [ 45.155152] ? down_trylock+0x13/0x70 [ 45.155156] ? find_held_lock+0x36/0x1c0 [ 45.155161] ? lock_release+0x970/0x970 [ 45.155165] ? trace_hardirqs_off+0xb8/0x310 [ 45.155169] ? vprintk_emit+0x1d3/0x930 [ 45.155173] ? trace_hardirqs_on+0x310/0x310 [ 45.155178] ? trace_hardirqs_off+0xb8/0x310 [ 45.155182] ? log_store+0x344/0x4c0 [ 45.155186] ? vprintk_emit+0x322/0x930 [ 45.155190] _raw_spin_lock_irqsave+0x99/0xd0 [ 45.155194] ? down_trylock+0x13/0x70 [ 45.155198] down_trylock+0x13/0x70 [ 45.155203] __down_trylock_console_sem+0xae/0x200 [ 45.155206] console_trylock+0x15/0xa0 [ 45.155210] vprintk_emit+0x322/0x930 [ 45.155214] ? wake_up_klogd+0x180/0x180 [ 45.155219] ? run_rebalance_domains+0x500/0x500 [ 45.155223] ? find_held_lock+0x36/0x1c0 [ 45.155227] ? __queue_work+0x6be/0x1440 [ 45.155231] ? lock_acquire+0x1ed/0x520 [ 45.155235] vprintk_default+0x28/0x30 [ 45.155239] vprintk_func+0x7e/0x181 [ 45.155243] printk+0xa7/0xcf [ 45.155247] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 45.155251] ? kasan_check_write+0x14/0x20 [ 45.155256] ? do_raw_spin_lock+0xc1/0x200 [ 45.155260] ? do_raw_spin_lock+0xc1/0x200 [ 45.155264] kasan_report+0x9b/0x110 [ 45.155268] ? __schedule+0xfc3/0x1ed0 [ 45.155272] __asan_report_load8_noabort+0x14/0x20 [ 45.155276] __schedule+0xfc3/0x1ed0 [ 45.155280] ? __sched_text_start+0x8/0x8 [ 45.155284] ? __lock_is_held+0xb5/0x140 [ 45.155289] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 45.155293] ? find_held_lock+0x36/0x1c0 [ 45.155297] ? __call_srcu+0x7f9/0x1070 [ 45.155302] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 45.155307] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 45.155311] ? lockdep_hardirqs_on+0x421/0x5c0 [ 45.155315] ? preempt_schedule+0x4d/0x60 [ 45.155320] preempt_schedule_common+0x1f/0xd0 [ 45.155324] preempt_schedule+0x4d/0x60 [ 45.155328] ___preempt_schedule+0x16/0x18 [ 45.155333] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 45.155337] __call_srcu+0x7f9/0x1070 [ 45.155342] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 45.155346] ? srcu_offline_cpu+0x120/0x120 [ 45.155350] ? debug_object_free+0x690/0x690 [ 45.155354] ? mark_held_locks+0x130/0x130 [ 45.155359] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 45.155363] ? lock_release+0x970/0x970 [ 45.155367] ? arch_local_save_flags+0x40/0x40 [ 45.155371] ? depot_save_stack+0x292/0x470 [ 45.155376] ? __lockdep_init_map+0x105/0x590 [ 45.155380] ? __init_waitqueue_head+0x9e/0x150 [ 45.155384] ? init_wait_entry+0x1c0/0x1c0 [ 45.155389] __synchronize_srcu+0x17b/0x230 [ 45.155392] ? call_srcu+0x10/0x10 [ 45.155397] ? rcu_unexpedite_gp+0x20/0x20 [ 45.155402] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 45.155406] ? check_preemption_disabled+0x48/0x200 [ 45.155411] synchronize_srcu+0x356/0x5ab [ 45.155415] ? lock_downgrade+0x900/0x900 [ 45.155420] ? synchronize_srcu_expedited+0x20/0x20 [ 45.155424] ? kasan_check_read+0x11/0x20 [ 45.155428] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 45.155432] ? kasan_check_write+0x14/0x20 [ 45.155437] ? do_raw_spin_lock+0xc1/0x200 [ 45.155442] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.155447] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 45.155450] ? kvfree+0x61/0x70 [ 45.155455] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.155459] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.155463] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.155468] ? kvm_arch_sync_events+0x30/0x30 [ 45.155473] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.155477] ? mmu_notifier_unregister+0x474/0x600 [ 45.155481] ? kfree+0x107/0x230 [ 45.155485] ? __mmu_notifier_register+0x30/0x30 [ 45.155489] ? __free_pages+0x10a/0x190 [ 45.155494] ? free_unref_page+0x960/0x960 [ 45.155498] kvm_put_kvm+0x6c8/0xff0 [ 45.155502] ? kvm_write_guest_cached+0x40/0x40 [ 45.155506] ? kvm_irqfd_release+0xd1/0x120 [ 45.155511] ? _raw_spin_unlock_irq+0x27/0x80 [ 45.155515] ? _raw_spin_unlock_irq+0x27/0x80 [ 45.155519] ? kasan_check_write+0x14/0x20 [ 45.155523] ? do_raw_spin_lock+0xc1/0x200 [ 45.155528] ? kvm_irqfd_release+0xdd/0x120 [ 45.155531] ? kvm_irqfd_release+ [ 45.155538] Lost 84 message(s)! [ 46.331708] Shutting down cpus with NMI [ 47.388889] Dumping ftrace buffer: [ 47.392423] (ftrace buffer empty) [ 47.396700] Kernel Offset: disabled [ 47.400319] Rebooting in 86400 seconds..