[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.423096] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.594992] random: sshd: uninitialized urandom read (32 bytes read) [ 29.853004] random: sshd: uninitialized urandom read (32 bytes read) [ 30.452898] random: sshd: uninitialized urandom read (32 bytes read) [ 45.167836] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.53' (ECDSA) to the list of known hosts. [ 50.863752] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 50.986043] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 51.012925] ================================================================== [ 51.021725] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 51.027945] Read of size 8 at addr ffff8801d8fb8058 by task syz-executor268/5353 [ 51.035455] [ 51.037069] CPU: 0 PID: 5353 Comm: syz-executor268 Not tainted 4.19.0-rc3+ #231 [ 51.044502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.053846] Call Trace: [ 51.056429] dump_stack+0x1c4/0x2b4 [ 51.060046] ? dump_stack_print_info.cold.2+0x52/0x52 [ 51.065217] ? printk+0xa7/0xcf [ 51.068478] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 51.073216] print_address_description.cold.8+0x9/0x1ff [ 51.078571] kasan_report.cold.9+0x242/0x309 [ 51.082967] ? __schedule+0xfc3/0x1ed0 [ 51.086839] __asan_report_load8_noabort+0x14/0x20 [ 51.091750] __schedule+0xfc3/0x1ed0 [ 51.095445] ? __sched_text_start+0x8/0x8 [ 51.099576] ? __lock_is_held+0xb5/0x140 [ 51.103630] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 51.108714] ? find_held_lock+0x36/0x1c0 [ 51.112758] ? __call_srcu+0x7f9/0x1070 [ 51.116713] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 51.121798] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 51.126894] ? lockdep_hardirqs_on+0x421/0x5c0 [ 51.131459] ? preempt_schedule+0x4d/0x60 [ 51.135592] preempt_schedule_common+0x1f/0xd0 [ 51.140156] preempt_schedule+0x4d/0x60 [ 51.144113] ___preempt_schedule+0x16/0x18 [ 51.148331] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 51.153245] __call_srcu+0x7f9/0x1070 [ 51.157028] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 51.162119] ? srcu_offline_cpu+0x120/0x120 [ 51.166421] ? debug_object_free+0x690/0x690 [ 51.170900] ? mark_held_locks+0x130/0x130 [ 51.175125] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 51.179754] ? lock_release+0x970/0x970 [ 51.183720] ? arch_local_save_flags+0x40/0x40 [ 51.188334] ? depot_save_stack+0x292/0x470 [ 51.192648] ? __lockdep_init_map+0x105/0x590 [ 51.197128] ? __init_waitqueue_head+0x9e/0x150 [ 51.201782] ? init_wait_entry+0x1c0/0x1c0 [ 51.206002] __synchronize_srcu+0x17b/0x230 [ 51.210307] ? call_srcu+0x10/0x10 [ 51.213828] ? rcu_unexpedite_gp+0x20/0x20 [ 51.218047] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 51.223574] ? check_preemption_disabled+0x48/0x200 [ 51.228582] synchronize_srcu+0x356/0x5ab [ 51.232714] ? lock_downgrade+0x900/0x900 [ 51.236846] ? synchronize_srcu_expedited+0x20/0x20 [ 51.241917] ? kasan_check_read+0x11/0x20 [ 51.246057] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 51.250685] ? kasan_check_write+0x14/0x20 [ 51.254912] ? do_raw_spin_lock+0xc1/0x200 [ 51.259140] kvm_page_track_unregister_notifier+0x17d/0x250 [ 51.264895] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 51.270347] ? kvfree+0x61/0x70 [ 51.273634] ? rcu_read_lock_sched_held+0x108/0x120 [ 51.278638] kvm_mmu_uninit_vm+0x1c/0x20 [ 51.282685] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 51.287083] ? kvm_arch_sync_events+0x30/0x30 [ 51.291568] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 51.297119] ? mmu_notifier_unregister+0x474/0x600 [ 51.302033] ? kfree+0x107/0x230 [ 51.305380] ? __mmu_notifier_register+0x30/0x30 [ 51.310135] ? __free_pages+0x10a/0x190 [ 51.314097] ? free_unref_page+0x960/0x960 [ 51.318323] kvm_put_kvm+0x6c8/0xff0 [ 51.322066] ? kvm_write_guest_cached+0x40/0x40 [ 51.326726] ? kvm_irqfd_release+0xd1/0x120 [ 51.331031] ? _raw_spin_unlock_irq+0x27/0x80 [ 51.335614] ? _raw_spin_unlock_irq+0x27/0x80 [ 51.340104] ? kasan_check_write+0x14/0x20 [ 51.344323] ? do_raw_spin_lock+0xc1/0x200 [ 51.348550] ? kvm_irqfd_release+0xdd/0x120 [ 51.352917] ? kvm_irqfd_release+0xdd/0x120 [ 51.357230] ? kvm_put_kvm+0xff0/0xff0 [ 51.361103] kvm_vm_release+0x42/0x50 [ 51.364891] __fput+0x385/0xa30 [ 51.368152] ? get_max_files+0x20/0x20 [ 51.372021] ? trace_hardirqs_on+0xbd/0x310 [ 51.376329] ? ___might_sleep+0x1ed/0x300 [ 51.380461] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 51.385903] ? arch_local_save_flags+0x40/0x40 [ 51.390469] ? kasan_check_write+0x14/0x20 [ 51.394686] ? do_raw_spin_lock+0xc1/0x200 [ 51.398906] ____fput+0x15/0x20 [ 51.402167] task_work_run+0x1e8/0x2a0 [ 51.406037] ? task_work_cancel+0x240/0x240 [ 51.410343] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 51.415861] ? switch_task_namespaces+0x9d/0xd0 [ 51.420527] do_exit+0x1ad7/0x2610 [ 51.424060] ? mm_update_next_owner+0x990/0x990 [ 51.428718] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 51.432943] ? rcu_read_lock_sched_held+0x108/0x120 [ 51.437964] ? kfree+0x1fa/0x230 [ 51.441327] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 51.445554] ? kvm_vcpu_block+0x1030/0x1030 [ 51.449867] ? is_bpf_text_address+0xd3/0x170 [ 51.454356] ? kernel_text_address+0x79/0xf0 [ 51.458753] ? __kernel_text_address+0xd/0x40 [ 51.463234] ? unwind_get_return_address+0x61/0xa0 [ 51.468145] ? __save_stack_trace+0x8d/0xf0 [ 51.472451] ? save_stack+0xa9/0xd0 [ 51.476055] ? save_stack+0x43/0xd0 [ 51.479662] ? __kasan_slab_free+0x102/0x150 [ 51.484097] ? kasan_slab_free+0xe/0x10 [ 51.488060] ? putname+0xf2/0x130 [ 51.491496] ? __x64_sys_openat+0x9d/0x100 [ 51.495742] ? do_syscall_64+0x1b9/0x820 [ 51.499788] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.505136] ? trace_hardirqs_off+0xb8/0x310 [ 51.509525] ? kasan_check_read+0x11/0x20 [ 51.513662] ? do_raw_spin_unlock+0xa7/0x2f0 [ 51.518060] ? trace_hardirqs_on+0x310/0x310 [ 51.522460] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 51.527547] ? trace_hardirqs_off+0xb8/0x310 [ 51.531937] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.537454] ? check_preemption_disabled+0x48/0x200 [ 51.542454] ? check_preemption_disabled+0x48/0x200 [ 51.547460] ? kvm_vcpu_block+0x1030/0x1030 [ 51.551767] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.557283] ? do_vfs_ioctl+0x201/0x1720 [ 51.561326] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 51.566582] ? ioctl_preallocate+0x300/0x300 [ 51.570974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.576492] ? __fget_light+0x2e9/0x430 [ 51.580446] ? fget_raw+0x20/0x20 [ 51.583883] ? putname+0xf2/0x130 [ 51.587317] ? rcu_read_lock_sched_held+0x108/0x120 [ 51.592317] ? kmem_cache_free+0x24f/0x290 [ 51.596607] ? putname+0xf7/0x130 [ 51.600056] do_group_exit+0x177/0x440 [ 51.603924] ? trace_hardirqs_on+0xbd/0x310 [ 51.608226] ? __ia32_sys_exit+0x50/0x50 [ 51.612270] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 51.617704] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.623224] ? ksys_ioctl+0x81/0xd0 [ 51.626841] __x64_sys_exit_group+0x3e/0x50 [ 51.631150] do_syscall_64+0x1b9/0x820 [ 51.635020] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 51.640365] ? syscall_return_slowpath+0x5e0/0x5e0 [ 51.645278] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.650104] ? trace_hardirqs_on_caller+0x310/0x310 [ 51.655102] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 51.660103] ? prepare_exit_to_usermode+0x291/0x3b0 [ 51.665103] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.669928] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.675104] RIP: 0033:0x43ecc8 [ 51.678282] Code: Bad RIP value. [ 51.681629] RSP: 002b:00007ffc945258f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 51.689315] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 51.696562] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 51.703811] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 51.711059] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 51.718306] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 51.725557] [ 51.727164] Allocated by task 5353: [ 51.730772] save_stack+0x43/0xd0 [ 51.734210] kasan_kmalloc+0xc7/0xe0 [ 51.737901] kasan_slab_alloc+0x12/0x20 [ 51.741856] kmem_cache_alloc+0x12e/0x730 [ 51.746097] vmx_create_vcpu+0xcf/0x25e0 [ 51.750143] kvm_arch_vcpu_create+0xe5/0x220 [ 51.754618] kvm_vm_ioctl+0x470/0x1d40 [ 51.758505] do_vfs_ioctl+0x1de/0x1720 [ 51.762384] ksys_ioctl+0xa9/0xd0 [ 51.765822] __x64_sys_ioctl+0x73/0xb0 [ 51.769692] do_syscall_64+0x1b9/0x820 [ 51.773568] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.778736] [ 51.780341] Freed by task 5353: [ 51.783707] save_stack+0x43/0xd0 [ 51.787144] __kasan_slab_free+0x102/0x150 [ 51.791361] kasan_slab_free+0xe/0x10 [ 51.795148] kmem_cache_free+0x83/0x290 [ 51.799100] vmx_free_vcpu+0x26b/0x300 [ 51.802977] kvm_arch_destroy_vm+0x365/0x7c0 [ 51.807369] kvm_put_kvm+0x6c8/0xff0 [ 51.811064] kvm_vm_release+0x42/0x50 [ 51.814848] __fput+0x385/0xa30 [ 51.818104] ____fput+0x15/0x20 [ 51.821369] task_work_run+0x1e8/0x2a0 [ 51.825241] do_exit+0x1ad7/0x2610 [ 51.828760] do_group_exit+0x177/0x440 [ 51.832639] __x64_sys_exit_group+0x3e/0x50 [ 51.836941] do_syscall_64+0x1b9/0x820 [ 51.840812] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.845983] [ 51.847592] The buggy address belongs to the object at ffff8801d8fb8040 [ 51.847592] which belongs to the cache kvm_vcpu of size 23872 [ 51.860143] The buggy address is located 24 bytes inside of [ 51.860143] 23872-byte region [ffff8801d8fb8040, ffff8801d8fbdd80) [ 51.872087] The buggy address belongs to the page: [ 51.876997] page:ffffea000763ee00 count:1 mapcount:0 mapping:ffff8801d5a996c0 index:0x0 compound_mapcount: 0 [ 51.887035] flags: 0x2fffc0000008100(slab|head) [ 51.891702] raw: 02fffc0000008100 ffff8801d5a9a548 ffff8801d5a9a548 ffff8801d5a996c0 [ 51.899565] raw: 0000000000000000 ffff8801d8fb8040 0000000100000001 0000000000000000 [ 51.907419] page dumped because: kasan: bad access detected [ 51.913183] [ 51.914792] Memory state around the buggy address: [ 51.919700] ffff8801d8fb7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.927081] ffff8801d8fb7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.934425] >ffff8801d8fb8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 51.941764] ^ [ 51.947984] ffff8801d8fb8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.955323] ffff8801d8fb8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.962656] ================================================================== [ 51.969991] Kernel panic - not syncing: panic_on_warn set ... [ 51.969991] [ 51.977333] CPU: 0 PID: 5353 Comm: syz-executor268 Tainted: G B 4.19.0-rc3+ #231 [ 51.986143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.995490] Call Trace: [ 51.998065] dump_stack+0x1c4/0x2b4 [ 52.001744] ? dump_stack_print_info.cold.2+0x52/0x52 [ 52.006961] ? lock_downgrade+0x900/0x900 [ 52.011110] panic+0x238/0x4e7 [ 52.014284] ? add_taint.cold.5+0x16/0x16 [ 52.018480] ? print_shadow_for_address+0xb6/0x116 [ 52.023396] ? trace_hardirqs_off+0xaf/0x310 [ 52.027790] kasan_end_report+0x47/0x4f [ 52.031745] kasan_report.cold.9+0x76/0x309 [ 52.036046] ? __schedule+0xfc3/0x1ed0 [ 52.039995] __asan_report_load8_noabort+0x14/0x20 [ 52.045006] __schedule+0xfc3/0x1ed0 [ 52.048721] ? __sched_text_start+0x8/0x8 [ 52.052860] ? __lock_is_held+0xb5/0x140 [ 52.056921] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 52.062027] ? find_held_lock+0x36/0x1c0 [ 52.066079] ? __call_srcu+0x7f9/0x1070 [ 52.070039] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 52.075125] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 52.080270] ? lockdep_hardirqs_on+0x421/0x5c0 [ 52.084839] ? preempt_schedule+0x4d/0x60 [ 52.088970] preempt_schedule_common+0x1f/0xd0 [ 52.093533] preempt_schedule+0x4d/0x60 [ 52.097493] ___preempt_schedule+0x16/0x18 [ 52.101728] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 52.106639] __call_srcu+0x7f9/0x1070 [ 52.110421] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 52.115519] ? srcu_offline_cpu+0x120/0x120 [ 52.119818] ? debug_object_free+0x690/0x690 [ 52.124207] ? mark_held_locks+0x130/0x130 [ 52.128422] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 52.132988] ? lock_release+0x970/0x970 [ 52.136942] ? arch_local_save_flags+0x40/0x40 [ 52.141600] ? depot_save_stack+0x292/0x470 [ 52.145910] ? __lockdep_init_map+0x105/0x590 [ 52.150396] ? __init_waitqueue_head+0x9e/0x150 [ 52.155049] ? init_wait_entry+0x1c0/0x1c0 [ 52.159337] __synchronize_srcu+0x17b/0x230 [ 52.163709] ? call_srcu+0x10/0x10 [ 52.167249] ? rcu_unexpedite_gp+0x20/0x20 [ 52.171482] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 52.177000] ? check_preemption_disabled+0x48/0x200 [ 52.182003] synchronize_srcu+0x356/0x5ab [ 52.186144] ? lock_downgrade+0x900/0x900 [ 52.190273] ? synchronize_srcu_expedited+0x20/0x20 [ 52.195335] ? kasan_check_read+0x11/0x20 [ 52.199476] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 52.204098] ? kasan_check_write+0x14/0x20 [ 52.208363] ? do_raw_spin_lock+0xc1/0x200 [ 52.212586] kvm_page_track_unregister_notifier+0x17d/0x250 [ 52.218282] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 52.223713] ? kvfree+0x61/0x70 [ 52.226975] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.232093] kvm_mmu_uninit_vm+0x1c/0x20 [ 52.236139] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 52.240528] ? kvm_arch_sync_events+0x30/0x30 [ 52.245010] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.250530] ? mmu_notifier_unregister+0x474/0x600 [ 52.255440] ? kfree+0x107/0x230 [ 52.258789] ? __mmu_notifier_register+0x30/0x30 [ 52.263527] ? __free_pages+0x10a/0x190 [ 52.267480] ? free_unref_page+0x960/0x960 [ 52.271699] kvm_put_kvm+0x6c8/0xff0 [ 52.275404] ? kvm_write_guest_cached+0x40/0x40 [ 52.280053] ? kvm_irqfd_release+0xd1/0x120 [ 52.284382] ? _raw_spin_unlock_irq+0x27/0x80 [ 52.288854] ? _raw_spin_unlock_irq+0x27/0x80 [ 52.293339] ? kasan_check_write+0x14/0x20 [ 52.297569] ? do_raw_spin_lock+0xc1/0x200 [ 52.301786] ? kvm_irqfd_release+0xdd/0x120 [ 52.306090] ? kvm_irqfd_release+0xdd/0x120 [ 52.310395] ? kvm_put_kvm+0xff0/0xff0 [ 52.314276] kvm_vm_release+0x42/0x50 [ 52.318056] __fput+0x385/0xa30 [ 52.321316] ? get_max_files+0x20/0x20 [ 52.325188] ? trace_hardirqs_on+0xbd/0x310 [ 52.329493] ? ___might_sleep+0x1ed/0x300 [ 52.333625] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 52.339060] ? arch_local_save_flags+0x40/0x40 [ 52.343627] ? kasan_check_write+0x14/0x20 [ 52.347843] ? do_raw_spin_lock+0xc1/0x200 [ 52.352057] ____fput+0x15/0x20 [ 52.355323] task_work_run+0x1e8/0x2a0 [ 52.359190] ? task_work_cancel+0x240/0x240 [ 52.363502] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.369074] ? switch_task_namespaces+0x9d/0xd0 [ 52.373732] do_exit+0x1ad7/0x2610 [ 52.377256] ? mm_update_next_owner+0x990/0x990 [ 52.381914] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 52.386132] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.391127] ? kfree+0x1fa/0x230 [ 52.394476] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 52.398694] ? kvm_vcpu_block+0x1030/0x1030 [ 52.403000] ? is_bpf_text_address+0xd3/0x170 [ 52.407477] ? kernel_text_address+0x79/0xf0 [ 52.411864] ? __kernel_text_address+0xd/0x40 [ 52.416349] ? unwind_get_return_address+0x61/0xa0 [ 52.421266] ? __save_stack_trace+0x8d/0xf0 [ 52.425573] ? save_stack+0xa9/0xd0 [ 52.429188] ? save_stack+0x43/0xd0 [ 52.432796] ? __kasan_slab_free+0x102/0x150 [ 52.437284] ? kasan_slab_free+0xe/0x10 [ 52.441248] ? putname+0xf2/0x130 [ 52.444689] ? __x64_sys_openat+0x9d/0x100 [ 52.448909] ? do_syscall_64+0x1b9/0x820 [ 52.452958] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.458424] ? trace_hardirqs_off+0xb8/0x310 [ 52.462820] ? kasan_check_read+0x11/0x20 [ 52.466954] ? do_raw_spin_unlock+0xa7/0x2f0 [ 52.471470] ? trace_hardirqs_on+0x310/0x310 [ 52.475864] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 52.481009] ? trace_hardirqs_off+0xb8/0x310 [ 52.485407] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.491123] ? check_preemption_disabled+0x48/0x200 [ 52.496169] ? check_preemption_disabled+0x48/0x200 [ 52.501175] ? kvm_vcpu_block+0x1030/0x1030 [ 52.505478] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.510996] ? do_vfs_ioctl+0x201/0x1720 [ 52.515038] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 52.520296] ? ioctl_preallocate+0x300/0x300 [ 52.524685] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.530200] ? __fget_light+0x2e9/0x430 [ 52.534155] ? fget_raw+0x20/0x20 [ 52.537588] ? putname+0xf2/0x130 [ 52.541027] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.546024] ? kmem_cache_free+0x24f/0x290 [ 52.550241] ? putname+0xf7/0x130 [ 52.553678] do_group_exit+0x177/0x440 [ 52.557549] ? trace_hardirqs_on+0xbd/0x310 [ 52.561852] ? __ia32_sys_exit+0x50/0x50 [ 52.565919] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 52.571382] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.576921] ? ksys_ioctl+0x81/0xd0 [ 52.580579] __x64_sys_exit_group+0x3e/0x50 [ 52.584926] do_syscall_64+0x1b9/0x820 [ 52.588836] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 52.594198] ? syscall_return_slowpath+0x5e0/0x5e0 [ 52.599126] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.603966] ? trace_hardirqs_on_caller+0x310/0x310 [ 52.608985] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 52.614012] ? prepare_exit_to_usermode+0x291/0x3b0 [ 52.619029] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.623890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.629417] RIP: 0033:0x43ecc8 [ 52.632609] Code: Bad RIP value. [ 52.635978] RSP: 002b:00007ffc945258f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 52.643699] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 52.650981] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 52.658247] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 52.665512] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 52.672774] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 52.680052] [ 52.680058] ====================================================== [ 52.680064] WARNING: possible circular locking dependency detected [ 52.680068] 4.19.0-rc3+ #231 Not tainted [ 52.680074] ------------------------------------------------------ [ 52.680079] syz-executor268/5353 is trying to acquire lock: [ 52.680083] 00000000b09be9a7 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 52.680099] [ 52.680103] but task is already holding lock: [ 52.680107] 0000000093687c56 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 52.680122] [ 52.680127] which lock already depends on the new lock. [ 52.680130] [ 52.680132] [ 52.680138] the existing dependency chain (in reverse order) is: [ 52.680140] [ 52.680143] -> #3 (report_lock){....}: [ 52.680158] _raw_spin_lock_irqsave+0x99/0xd0 [ 52.680163] kasan_report+0x8b/0x110 [ 52.680167] __asan_report_load8_noabort+0x14/0x20 [ 52.680172] __schedule+0xfc3/0x1ed0 [ 52.680176] preempt_schedule_common+0x1f/0xd0 [ 52.680180] preempt_schedule+0x4d/0x60 [ 52.680185] ___preempt_schedule+0x16/0x18 [ 52.680190] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 52.680194] __call_srcu+0x7f9/0x1070 [ 52.680198] __synchronize_srcu+0x17b/0x230 [ 52.680203] synchronize_srcu+0x356/0x5ab [ 52.680208] kvm_page_track_unregister_notifier+0x17d/0x250 [ 52.680213] kvm_mmu_uninit_vm+0x1c/0x20 [ 52.680217] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 52.680221] kvm_put_kvm+0x6c8/0xff0 [ 52.680225] kvm_vm_release+0x42/0x50 [ 52.680229] __fput+0x385/0xa30 [ 52.680233] ____fput+0x15/0x20 [ 52.680237] task_work_run+0x1e8/0x2a0 [ 52.680241] do_exit+0x1ad7/0x2610 [ 52.680245] do_group_exit+0x177/0x440 [ 52.680250] __x64_sys_exit_group+0x3e/0x50 [ 52.680254] do_syscall_64+0x1b9/0x820 [ 52.680259] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.680262] [ 52.680264] -> #2 (&rq->lock){-.-.}: [ 52.680279] _raw_spin_lock+0x2d/0x40 [ 52.680283] task_fork_fair+0xb0/0x6d0 [ 52.680287] sched_fork+0x443/0xba0 [ 52.680292] copy_process+0x2586/0x8780 [ 52.680296] _do_fork+0x1cb/0x11d0 [ 52.680300] kernel_thread+0x34/0x40 [ 52.680304] rest_init+0x22/0xe5 [ 52.680308] start_kernel+0x8f4/0x92f [ 52.680312] x86_64_start_reservations+0x29/0x2b [ 52.680317] x86_64_start_kernel+0x76/0x79 [ 52.680321] secondary_startup_64+0xa4/0xb0 [ 52.680324] [ 52.680327] -> #1 (&p->pi_lock){-.-.}: [ 52.680342] _raw_spin_lock_irqsave+0x99/0xd0 [ 52.680346] try_to_wake_up+0xd2/0x12f0 [ 52.680351] wake_up_process+0x10/0x20 [ 52.680355] __up.isra.1+0x1c0/0x2a0 [ 52.680358] up+0x13c/0x1c0 [ 52.680363] __up_console_sem+0xbe/0x1b0 [ 52.680367] console_unlock+0x524/0x11a0 [ 52.680378] vprintk_emit+0x33d/0x930 [ 52.680382] vprintk_default+0x28/0x30 [ 52.680386] vprintk_func+0x7e/0x181 [ 52.680390] printk+0xa7/0xcf [ 52.680394] load_umh+0x51/0xbd [ 52.680398] do_one_initcall+0x145/0x957 [ 52.680403] kernel_init_freeable+0x4bb/0x5ae [ 52.680407] kernel_init+0x11/0x1b2 [ 52.680411] ret_from_fork+0x3a/0x50 [ 52.680414] [ 52.680416] -> #0 ((console_sem).lock){-...}: [ 52.680432] lock_acquire+0x1ed/0x520 [ 52.680436] _raw_spin_lock_irqsave+0x99/0xd0 [ 52.680440] down_trylock+0x13/0x70 [ 52.680445] __down_trylock_console_sem+0xae/0x200 [ 52.680449] console_trylock+0x15/0xa0 [ 52.680454] vprintk_emit+0x322/0x930 [ 52.680458] vprintk_default+0x28/0x30 [ 52.680462] vprintk_func+0x7e/0x181 [ 52.680466] printk+0xa7/0xcf [ 52.680470] kasan_report+0x9b/0x110 [ 52.680475] __asan_report_load8_noabort+0x14/0x20 [ 52.680479] __schedule+0xfc3/0x1ed0 [ 52.680483] preempt_schedule_common+0x1f/0xd0 [ 52.680488] preempt_schedule+0x4d/0x60 [ 52.680492] ___preempt_schedule+0x16/0x18 [ 52.680497] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 52.680501] __call_srcu+0x7f9/0x1070 [ 52.680506] __synchronize_srcu+0x17b/0x230 [ 52.680510] synchronize_srcu+0x356/0x5ab [ 52.680515] kvm_page_track_unregister_notifier+0x17d/0x250 [ 52.680520] kvm_mmu_uninit_vm+0x1c/0x20 [ 52.680524] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 52.680529] kvm_put_kvm+0x6c8/0xff0 [ 52.680533] kvm_vm_release+0x42/0x50 [ 52.680537] __fput+0x385/0xa30 [ 52.680541] ____fput+0x15/0x20 [ 52.680545] task_work_run+0x1e8/0x2a0 [ 52.680549] do_exit+0x1ad7/0x2610 [ 52.680553] do_group_exit+0x177/0x440 [ 52.680558] __x64_sys_exit_group+0x3e/0x50 [ 52.680562] do_syscall_64+0x1b9/0x820 [ 52.680567] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.680569] [ 52.680574] other info that might help us debug this: [ 52.680576] [ 52.680580] Chain exists of: [ 52.680582] (console_sem).lock --> &rq->lock --> report_lock [ 52.680602] [ 52.680606] Possible unsafe locking scenario: [ 52.680609] [ 52.680613] CPU0 CPU1 [ 52.680618] ---- ---- [ 52.680620] lock(report_lock); [ 52.680630] lock(&rq->lock); [ 52.680640] lock(report_lock); [ 52.680649] lock((console_sem).lock); [ 52.680658] [ 52.680661] *** DEADLOCK *** [ 52.680664] [ 52.680668] 2 locks held by syz-executor268/5353: [ 52.680671] #0: 00000000229f2cf2 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 52.680689] #1: 0000000093687c56 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 52.680707] [ 52.680711] stack backtrace: [ 52.680717] CPU: 0 PID: 5353 Comm: syz-executor268 Not tainted 4.19.0-rc3+ #231 [ 52.680725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.680728] Call Trace: [ 52.680732] dump_stack+0x1c4/0x2b4 [ 52.680737] ? dump_stack_print_info.cold.2+0x52/0x52 [ 52.680741] ? vprintk_func+0x85/0x181 [ 52.680746] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 52.680751] ? save_trace+0xe0/0x290 [ 52.680755] __lock_acquire+0x33e4/0x4ec0 [ 52.680759] ? mark_held_locks+0x130/0x130 [ 52.680764] ? mark_held_locks+0x130/0x130 [ 52.680768] ? rcu_bh_qs+0xc0/0xc0 [ 52.680772] ? unwind_dump+0x190/0x190 [ 52.680776] ? is_bpf_text_address+0xd3/0x170 [ 52.680781] ? kernel_text_address+0x79/0xf0 [ 52.680785] ? __kernel_text_address+0xd/0x40 [ 52.680790] ? __save_stack_trace+0x8d/0xf0 [ 52.680795] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 52.680799] ? save_trace+0x290/0x290 [ 52.680803] ? save_stack_trace+0x1a/0x20 [ 52.680807] ? save_trace+0xe0/0x290 [ 52.680812] ? kasan_check_read+0x11/0x20 [ 52.680816] ? graph_lock+0x170/0x170 [ 52.680821] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.680825] lock_acquire+0x1ed/0x520 [ 52.680829] ? down_trylock+0x13/0x70 [ 52.680833] ? find_held_lock+0x36/0x1c0 [ 52.680838] ? lock_release+0x970/0x970 [ 52.680842] ? trace_hardirqs_off+0xb8/0x310 [ 52.680847] ? vprintk_emit+0x1d3/0x930 [ 52.680851] ? trace_hardirqs_on+0x310/0x310 [ 52.680856] ? trace_hardirqs_off+0xb8/0x310 [ 52.680860] ? log_store+0x344/0x4c0 [ 52.680864] ? vprintk_emit+0x322/0x930 [ 52.680869] _raw_spin_lock_irqsave+0x99/0xd0 [ 52.680881] ? down_trylock+0x13/0x70 [ 52.680886] down_trylock+0x13/0x70 [ 52.680891] __down_trylock_console_sem+0xae/0x200 [ 52.680895] console_trylock+0x15/0xa0 [ 52.680899] vprintk_emit+0x322/0x930 [ 52.680903] ? wake_up_klogd+0x180/0x180 [ 52.680908] ? run_rebalance_domains+0x500/0x500 [ 52.680912] ? wake_up_worker+0x117/0x190 [ 52.680917] ? find_held_lock+0x36/0x1c0 [ 52.680921] ? __queue_work+0x6be/0x1440 [ 52.680925] ? lock_acquire+0x1ed/0x520 [ 52.680929] vprintk_default+0x28/0x30 [ 52.680933] vprintk_func+0x7e/0x181 [ 52.680937] printk+0xa7/0xcf [ 52.680942] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 52.680946] ? kasan_check_write+0x14/0x20 [ 52.680951] ? do_raw_spin_lock+0xc1/0x200 [ 52.680955] ? do_raw_spin_lock+0xc1/0x200 [ 52.680959] kasan_report+0x9b/0x110 [ 52.680963] ? __schedule+0xfc3/0x1ed0 [ 52.680968] __asan_report_load8_noabort+0x14/0x20 [ 52.680972] __schedule+0xfc3/0x1ed0 [ 52.680976] ? __sched_text_start+0x8/0x8 [ 52.680981] ? __lock_is_held+0xb5/0x140 [ 52.680986] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 52.680990] ? find_held_lock+0x36/0x1c0 [ 52.680994] ? __call_srcu+0x7f9/0x1070 [ 52.680999] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 52.681004] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 52.681009] ? lockdep_hardirqs_on+0x421/0x5c0 [ 52.681013] ? preempt_schedule+0x4d/0x60 [ 52.681018] preempt_schedule_common+0x1f/0xd0 [ 52.681022] preempt_schedule+0x4d/0x60 [ 52.681027] ___preempt_schedule+0x16/0x18 [ 52.681031] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 52.681036] __call_srcu+0x7f9/0x1070 [ 52.681041] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 52.681045] ? srcu_offline_cpu+0x120/0x120 [ 52.681050] ? debug_object_free+0x690/0x690 [ 52.681054] ? mark_held_locks+0x130/0x130 [ 52.681059] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 52.681063] ? lock_release+0x970/0x970 [ 52.681068] ? arch_local_save_flags+0x40/0x40 [ 52.681072] ? depot_save_stack+0x292/0x470 [ 52.681077] ? __lockdep_init_map+0x105/0x590 [ 52.681081] ? __init_waitqueue_head+0x9e/0x150 [ 52.681086] ? init_wait_entry+0x1c0/0x1c0 [ 52.681090] __synchronize_srcu+0x17b/0x230 [ 52.681094] ? call_srcu+0x10/0x10 [ 52.681099] ? rcu_unexpedite_gp+0x20/0x20 [ 52.681104] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 52.681109] ? check_preemption_disabled+0x48/0x200 [ 52.681113] synchronize_srcu+0x356/0x5ab [ 52.681118] ? lock_downgrade+0x900/0x900 [ 52.681122] ? synchronize_srcu_expedited+0x20/0x20 [ 52.681127] ? kasan_check_read+0x11/0x20 [ 52.681131] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 52.681136] ? kasan_check_write+0x14/0x20 [ 52.681140] ? do_raw_spin_lock+0xc1/0x200 [ 52.681146] kvm_page_track_unregister_notifier+0x17d/0x250 [ 52.681151] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 52.681155] ? kvfree+0x61/0x70 [ 52.681159] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.681164] kvm_mmu_uninit_vm+0x1c/0x20 [ 52.681168] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 52.681173] ? kvm_arch_sync_events+0x30/0x30 [ 52.681178] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.681183] ? mmu_notifier_unregister+0x474/0x600 [ 52.681187] ? kfree+0x107/0x230 [ 52.681192] ? __mmu_notifier_register+0x30/0x30 [ 52.681196] ? __free_pages+0x10a/0x190 [ 52.681200] ? free_unref_page+0x960/0x960 [ 52.681204] kvm_put_kvm+0x6c8/0xff0 [ 52.681209] ? kvm_write_guest_cached+0x40/0x40 [ 52.681213] ? kvm_irqfd_release+0xd1/0x120 [ 52.681218] ? _raw_spin_unlock_irq+0x27/0x80 [ 52.681222] ? _raw_spin_unlock_irq+0x27/0x80 [ 52.681227] ? kasan_check_write+0x14/0x20 [ 52.681231] ? do_raw_spin_lock+0xc1/0x200 [ 52.681235] ? kvm_irqfd_release+0x [ 52.681243] Lost 82 message(s)! [ 53.839440] Shutting down cpus with NMI [ 54.897444] Dumping ftrace buffer: [ 54.900972] (ftrace buffer empty) [ 54.905208] Kernel Offset: disabled [ 54.908832] Rebooting in 86400 seconds..