[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.509298] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.927472] random: sshd: uninitialized urandom read (32 bytes read) [ 28.256055] random: sshd: uninitialized urandom read (32 bytes read) [ 28.836498] random: sshd: uninitialized urandom read (32 bytes read) [ 29.053303] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.205' (ECDSA) to the list of known hosts. [ 34.782857] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.902809] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.929376] ================================================================== [ 34.939407] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 34.945652] Read of size 8 at addr ffff8801c4358058 by task syz-executor863/5338 [ 34.953188] [ 34.954820] CPU: 1 PID: 5338 Comm: syz-executor863 Not tainted 4.19.0-rc3+ #231 [ 34.962263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.971622] Call Trace: [ 34.974216] dump_stack+0x1c4/0x2b4 [ 34.977845] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.983044] ? printk+0xa7/0xcf [ 34.986330] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.991104] print_address_description.cold.8+0x9/0x1ff [ 34.996505] kasan_report.cold.9+0x242/0x309 [ 35.000922] ? __schedule+0xfc3/0x1ed0 [ 35.004821] __asan_report_load8_noabort+0x14/0x20 [ 35.009781] __schedule+0xfc3/0x1ed0 [ 35.013507] ? __sched_text_start+0x8/0x8 [ 35.017663] ? __lock_is_held+0xb5/0x140 [ 35.021730] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.026855] ? find_held_lock+0x36/0x1c0 [ 35.030936] ? __call_srcu+0x7f9/0x1070 [ 35.034924] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.040028] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.045137] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.049735] ? preempt_schedule+0x4d/0x60 [ 35.053890] preempt_schedule_common+0x1f/0xd0 [ 35.058474] preempt_schedule+0x4d/0x60 [ 35.062452] ___preempt_schedule+0x16/0x18 [ 35.066694] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.071635] __call_srcu+0x7f9/0x1070 [ 35.075437] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 35.080545] ? srcu_offline_cpu+0x120/0x120 [ 35.084867] ? debug_object_free+0x690/0x690 [ 35.089276] ? mark_held_locks+0x130/0x130 [ 35.093513] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 35.098131] ? lock_release+0x970/0x970 [ 35.102137] ? arch_local_save_flags+0x40/0x40 [ 35.106721] ? depot_save_stack+0x292/0x470 [ 35.111050] ? __lockdep_init_map+0x105/0x590 [ 35.115553] ? __init_waitqueue_head+0x9e/0x150 [ 35.120223] ? init_wait_entry+0x1c0/0x1c0 [ 35.124468] __synchronize_srcu+0x17b/0x230 [ 35.128879] ? call_srcu+0x10/0x10 [ 35.132420] ? rcu_unexpedite_gp+0x20/0x20 [ 35.136673] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.142216] ? check_preemption_disabled+0x48/0x200 [ 35.147251] synchronize_srcu+0x356/0x5ab [ 35.151400] ? lock_downgrade+0x900/0x900 [ 35.155552] ? synchronize_srcu_expedited+0x20/0x20 [ 35.160579] ? kasan_check_read+0x11/0x20 [ 35.164741] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.169327] ? kasan_check_write+0x14/0x20 [ 35.173656] ? do_raw_spin_lock+0xc1/0x200 [ 35.177904] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.183633] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.189089] ? kvfree+0x61/0x70 [ 35.192373] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.197391] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.201451] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.205862] ? kvm_arch_sync_events+0x30/0x30 [ 35.210452] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.215988] ? mmu_notifier_unregister+0x474/0x600 [ 35.220915] ? kfree+0x107/0x230 [ 35.224284] ? __mmu_notifier_register+0x30/0x30 [ 35.229056] ? __free_pages+0x10a/0x190 [ 35.233031] ? free_unref_page+0x960/0x960 [ 35.237275] kvm_put_kvm+0x6c8/0xff0 [ 35.241002] ? kvm_write_guest_cached+0x40/0x40 [ 35.245850] ? kvm_irqfd_release+0xd1/0x120 [ 35.250265] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.254764] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.259277] ? kasan_check_write+0x14/0x20 [ 35.263514] ? do_raw_spin_lock+0xc1/0x200 [ 35.267756] ? kvm_irqfd_release+0xdd/0x120 [ 35.272076] ? kvm_irqfd_release+0xdd/0x120 [ 35.276398] ? kvm_put_kvm+0xff0/0xff0 [ 35.280290] kvm_vm_release+0x42/0x50 [ 35.284096] __fput+0x385/0xa30 [ 35.287379] ? get_max_files+0x20/0x20 [ 35.291277] ? trace_hardirqs_on+0xbd/0x310 [ 35.295618] ? ___might_sleep+0x1ed/0x300 [ 35.299772] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.305225] ? arch_local_save_flags+0x40/0x40 [ 35.309828] ? kasan_check_write+0x14/0x20 [ 35.314067] ? do_raw_spin_lock+0xc1/0x200 [ 35.318300] ____fput+0x15/0x20 [ 35.321586] task_work_run+0x1e8/0x2a0 [ 35.325484] ? task_work_cancel+0x240/0x240 [ 35.329818] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.335358] ? switch_task_namespaces+0x9d/0xd0 [ 35.340031] do_exit+0x1ad7/0x2610 [ 35.343576] ? mm_update_next_owner+0x990/0x990 [ 35.348259] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 35.352593] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.357634] ? kfree+0x1fa/0x230 [ 35.361005] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 35.365243] ? kvm_vcpu_block+0x1030/0x1030 [ 35.369567] ? is_bpf_text_address+0xd3/0x170 [ 35.374061] ? kernel_text_address+0x79/0xf0 [ 35.378475] ? __kernel_text_address+0xd/0x40 [ 35.382972] ? unwind_get_return_address+0x61/0xa0 [ 35.387901] ? __save_stack_trace+0x8d/0xf0 [ 35.392241] ? save_stack+0xa9/0xd0 [ 35.395865] ? save_stack+0x43/0xd0 [ 35.399506] ? __kasan_slab_free+0x102/0x150 [ 35.403918] ? kasan_slab_free+0xe/0x10 [ 35.407894] ? putname+0xf2/0x130 [ 35.411348] ? __x64_sys_openat+0x9d/0x100 [ 35.415581] ? do_syscall_64+0x1b9/0x820 [ 35.419674] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.425048] ? trace_hardirqs_off+0xb8/0x310 [ 35.429469] ? kasan_check_read+0x11/0x20 [ 35.433628] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.438056] ? trace_hardirqs_on+0x310/0x310 [ 35.442469] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 35.447578] ? trace_hardirqs_off+0xb8/0x310 [ 35.451997] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.457534] ? check_preemption_disabled+0x48/0x200 [ 35.462548] ? check_preemption_disabled+0x48/0x200 [ 35.467568] ? kvm_vcpu_block+0x1030/0x1030 [ 35.471895] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.477431] ? do_vfs_ioctl+0x201/0x1720 [ 35.481494] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 35.486773] ? ioctl_preallocate+0x300/0x300 [ 35.491186] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.496728] ? __fget_light+0x2e9/0x430 [ 35.500703] ? fget_raw+0x20/0x20 [ 35.504153] ? putname+0xf2/0x130 [ 35.507619] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.512646] ? kmem_cache_free+0x24f/0x290 [ 35.516884] ? putname+0xf7/0x130 [ 35.520346] do_group_exit+0x177/0x440 [ 35.524234] ? trace_hardirqs_on+0xbd/0x310 [ 35.528555] ? __ia32_sys_exit+0x50/0x50 [ 35.532627] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.538077] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.543626] ? ksys_ioctl+0x81/0xd0 [ 35.547258] __x64_sys_exit_group+0x3e/0x50 [ 35.551578] do_syscall_64+0x1b9/0x820 [ 35.555474] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.560860] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.565801] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.570649] ? trace_hardirqs_on_caller+0x310/0x310 [ 35.575667] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.580692] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.585727] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.590595] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.595794] RIP: 0033:0x43f028 [ 35.598988] Code: Bad RIP value. [ 35.602350] RSP: 002b:00007ffdf6074518 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.610062] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 35.617325] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.624598] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.632318] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.639590] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 35.646874] [ 35.648507] Allocated by task 5338: [ 35.652136] save_stack+0x43/0xd0 [ 35.655589] kasan_kmalloc+0xc7/0xe0 [ 35.659307] kasan_slab_alloc+0x12/0x20 [ 35.663278] kmem_cache_alloc+0x12e/0x730 [ 35.667423] vmx_create_vcpu+0xcf/0x25e0 [ 35.671480] kvm_arch_vcpu_create+0xe5/0x220 [ 35.675885] kvm_vm_ioctl+0x470/0x1d40 [ 35.679785] do_vfs_ioctl+0x1de/0x1720 [ 35.683671] ksys_ioctl+0xa9/0xd0 [ 35.687127] __x64_sys_ioctl+0x73/0xb0 [ 35.691013] do_syscall_64+0x1b9/0x820 [ 35.694899] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.700078] [ 35.701709] Freed by task 5338: [ 35.704993] save_stack+0x43/0xd0 [ 35.708447] __kasan_slab_free+0x102/0x150 [ 35.712681] kasan_slab_free+0xe/0x10 [ 35.716574] kmem_cache_free+0x83/0x290 [ 35.720545] vmx_free_vcpu+0x26b/0x300 [ 35.724432] kvm_arch_destroy_vm+0x365/0x7c0 [ 35.728842] kvm_put_kvm+0x6c8/0xff0 [ 35.732560] kvm_vm_release+0x42/0x50 [ 35.737342] __fput+0x385/0xa30 [ 35.740625] ____fput+0x15/0x20 [ 35.743928] task_work_run+0x1e8/0x2a0 [ 35.747824] do_exit+0x1ad7/0x2610 [ 35.751459] do_group_exit+0x177/0x440 [ 35.755347] __x64_sys_exit_group+0x3e/0x50 [ 35.759669] do_syscall_64+0x1b9/0x820 [ 35.763568] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.768761] [ 35.770411] The buggy address belongs to the object at ffff8801c4358040 [ 35.770411] which belongs to the cache kvm_vcpu of size 23872 [ 35.782991] The buggy address is located 24 bytes inside of [ 35.782991] 23872-byte region [ffff8801c4358040, ffff8801c435dd80) [ 35.794973] The buggy address belongs to the page: [ 35.799913] page:ffffea000710d600 count:1 mapcount:0 mapping:ffff8801d7f46240 index:0x0 compound_mapcount: 0 [ 35.809895] flags: 0x2fffc0000008100(slab|head) [ 35.814594] raw: 02fffc0000008100 ffff8801d5b89448 ffff8801d5b89448 ffff8801d7f46240 [ 35.822494] raw: 0000000000000000 ffff8801c4358040 0000000100000001 0000000000000000 [ 35.830379] page dumped because: kasan: bad access detected [ 35.836091] [ 35.837709] Memory state around the buggy address: [ 35.842673] ffff8801c4357f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.850042] ffff8801c4357f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.857414] >ffff8801c4358000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 35.864785] ^ [ 35.871112] ffff8801c4358080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.878485] ffff8801c4358100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.885844] ================================================================== [ 35.893208] Kernel panic - not syncing: panic_on_warn set ... [ 35.893208] [ 35.900597] CPU: 1 PID: 5338 Comm: syz-executor863 Tainted: G B 4.19.0-rc3+ #231 [ 35.909450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.918903] Call Trace: [ 35.921507] dump_stack+0x1c4/0x2b4 [ 35.925145] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.930347] ? lock_downgrade+0x900/0x900 [ 35.934497] panic+0x238/0x4e7 [ 35.937697] ? add_taint.cold.5+0x16/0x16 [ 35.941849] ? print_shadow_for_address+0xb6/0x116 [ 35.946779] ? trace_hardirqs_off+0xaf/0x310 [ 35.951195] kasan_end_report+0x47/0x4f [ 35.955194] kasan_report.cold.9+0x76/0x309 [ 35.959519] ? __schedule+0xfc3/0x1ed0 [ 35.963411] __asan_report_load8_noabort+0x14/0x20 [ 35.968354] __schedule+0xfc3/0x1ed0 [ 35.972085] ? __sched_text_start+0x8/0x8 [ 35.976256] ? __lock_is_held+0xb5/0x140 [ 35.980329] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.985444] ? find_held_lock+0x36/0x1c0 [ 35.989524] ? __call_srcu+0x7f9/0x1070 [ 35.993555] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.998666] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.003778] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.008544] ? preempt_schedule+0x4d/0x60 [ 36.012723] preempt_schedule_common+0x1f/0xd0 [ 36.017318] preempt_schedule+0x4d/0x60 [ 36.021302] ___preempt_schedule+0x16/0x18 [ 36.025554] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.030516] __call_srcu+0x7f9/0x1070 [ 36.034327] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 36.039473] ? srcu_offline_cpu+0x120/0x120 [ 36.043819] ? debug_object_free+0x690/0x690 [ 36.048249] ? mark_held_locks+0x130/0x130 [ 36.052504] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 36.057103] ? lock_release+0x970/0x970 [ 36.061087] ? arch_local_save_flags+0x40/0x40 [ 36.065693] ? depot_save_stack+0x292/0x470 [ 36.070033] ? __lockdep_init_map+0x105/0x590 [ 36.074541] ? __init_waitqueue_head+0x9e/0x150 [ 36.079231] ? init_wait_entry+0x1c0/0x1c0 [ 36.083472] __synchronize_srcu+0x17b/0x230 [ 36.087795] ? call_srcu+0x10/0x10 [ 36.091334] ? rcu_unexpedite_gp+0x20/0x20 [ 36.095573] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.101115] ? check_preemption_disabled+0x48/0x200 [ 36.106150] synchronize_srcu+0x356/0x5ab [ 36.110306] ? lock_downgrade+0x900/0x900 [ 36.114457] ? synchronize_srcu_expedited+0x20/0x20 [ 36.119477] ? kasan_check_read+0x11/0x20 [ 36.123641] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.128243] ? kasan_check_write+0x14/0x20 [ 36.132484] ? do_raw_spin_lock+0xc1/0x200 [ 36.136727] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.142443] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.147900] ? kvfree+0x61/0x70 [ 36.151195] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.156214] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.160273] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.164683] ? kvm_arch_sync_events+0x30/0x30 [ 36.169189] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.174732] ? mmu_notifier_unregister+0x474/0x600 [ 36.179661] ? kfree+0x107/0x230 [ 36.183029] ? __mmu_notifier_register+0x30/0x30 [ 36.187796] ? __free_pages+0x10a/0x190 [ 36.191780] ? free_unref_page+0x960/0x960 [ 36.196035] kvm_put_kvm+0x6c8/0xff0 [ 36.199776] ? kvm_write_guest_cached+0x40/0x40 [ 36.204456] ? kvm_irqfd_release+0xd1/0x120 [ 36.208782] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.213297] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.217816] ? kasan_check_write+0x14/0x20 [ 36.222061] ? do_raw_spin_lock+0xc1/0x200 [ 36.226318] ? kvm_irqfd_release+0xdd/0x120 [ 36.230661] ? kvm_irqfd_release+0xdd/0x120 [ 36.235000] ? kvm_put_kvm+0xff0/0xff0 [ 36.238894] kvm_vm_release+0x42/0x50 [ 36.242704] __fput+0x385/0xa30 [ 36.245987] ? get_max_files+0x20/0x20 [ 36.249875] ? trace_hardirqs_on+0xbd/0x310 [ 36.254209] ? ___might_sleep+0x1ed/0x300 [ 36.258360] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.263835] ? arch_local_save_flags+0x40/0x40 [ 36.268441] ? kasan_check_write+0x14/0x20 [ 36.272677] ? do_raw_spin_lock+0xc1/0x200 [ 36.277046] ____fput+0x15/0x20 [ 36.280327] task_work_run+0x1e8/0x2a0 [ 36.284224] ? task_work_cancel+0x240/0x240 [ 36.288546] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.294089] ? switch_task_namespaces+0x9d/0xd0 [ 36.298760] do_exit+0x1ad7/0x2610 [ 36.302308] ? mm_update_next_owner+0x990/0x990 [ 36.306987] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 36.311221] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.316242] ? kfree+0x1fa/0x230 [ 36.319621] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 36.323859] ? kvm_vcpu_block+0x1030/0x1030 [ 36.328193] ? is_bpf_text_address+0xd3/0x170 [ 36.332697] ? kernel_text_address+0x79/0xf0 [ 36.337124] ? __kernel_text_address+0xd/0x40 [ 36.341640] ? unwind_get_return_address+0x61/0xa0 [ 36.346577] ? __save_stack_trace+0x8d/0xf0 [ 36.350916] ? save_stack+0xa9/0xd0 [ 36.354546] ? save_stack+0x43/0xd0 [ 36.358180] ? __kasan_slab_free+0x102/0x150 [ 36.362584] ? kasan_slab_free+0xe/0x10 [ 36.366568] ? putname+0xf2/0x130 [ 36.370019] ? __x64_sys_openat+0x9d/0x100 [ 36.374261] ? do_syscall_64+0x1b9/0x820 [ 36.378345] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.383728] ? trace_hardirqs_off+0xb8/0x310 [ 36.388139] ? kasan_check_read+0x11/0x20 [ 36.392297] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.396714] ? trace_hardirqs_on+0x310/0x310 [ 36.401128] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 36.406242] ? trace_hardirqs_off+0xb8/0x310 [ 36.410661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.416211] ? check_preemption_disabled+0x48/0x200 [ 36.421230] ? check_preemption_disabled+0x48/0x200 [ 36.426255] ? kvm_vcpu_block+0x1030/0x1030 [ 36.430584] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.436136] ? do_vfs_ioctl+0x201/0x1720 [ 36.440218] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 36.445503] ? ioctl_preallocate+0x300/0x300 [ 36.449916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.455462] ? __fget_light+0x2e9/0x430 [ 36.459441] ? fget_raw+0x20/0x20 [ 36.462891] ? putname+0xf2/0x130 [ 36.466347] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.471364] ? kmem_cache_free+0x24f/0x290 [ 36.475616] ? putname+0xf7/0x130 [ 36.479081] do_group_exit+0x177/0x440 [ 36.482969] ? trace_hardirqs_on+0xbd/0x310 [ 36.487295] ? __ia32_sys_exit+0x50/0x50 [ 36.491361] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.496817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.502356] ? ksys_ioctl+0x81/0xd0 [ 36.505995] __x64_sys_exit_group+0x3e/0x50 [ 36.510322] do_syscall_64+0x1b9/0x820 [ 36.514214] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.519588] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.524528] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.529374] ? trace_hardirqs_on_caller+0x310/0x310 [ 36.534395] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.539422] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.544447] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.549300] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.554494] RIP: 0033:0x43f028 [ 36.557696] Code: Bad RIP value. [ 36.561082] RSP: 002b:00007ffdf6074518 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.568806] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 36.576075] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.583345] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.590631] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.597910] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 36.605237] [ 36.605243] ====================================================== [ 36.605249] WARNING: possible circular locking dependency detected [ 36.605253] 4.19.0-rc3+ #231 Not tainted [ 36.605259] ------------------------------------------------------ [ 36.605264] syz-executor863/5338 is trying to acquire lock: [ 36.605268] 00000000a181e706 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 36.605284] [ 36.605288] but task is already holding lock: [ 36.605292] 00000000b40b20c8 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 36.605307] [ 36.605312] which lock already depends on the new lock. [ 36.605314] [ 36.605317] [ 36.605322] the existing dependency chain (in reverse order) is: [ 36.605325] [ 36.605327] -> #3 (report_lock){....}: [ 36.605343] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.605347] kasan_report+0x8b/0x110 [ 36.605352] __asan_report_load8_noabort+0x14/0x20 [ 36.605356] __schedule+0xfc3/0x1ed0 [ 36.605361] preempt_schedule_common+0x1f/0xd0 [ 36.605365] preempt_schedule+0x4d/0x60 [ 36.605369] ___preempt_schedule+0x16/0x18 [ 36.605374] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.605378] __call_srcu+0x7f9/0x1070 [ 36.605383] __synchronize_srcu+0x17b/0x230 [ 36.605387] synchronize_srcu+0x356/0x5ab [ 36.605392] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.605397] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.605401] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.605406] kvm_put_kvm+0x6c8/0xff0 [ 36.605410] kvm_vm_release+0x42/0x50 [ 36.605413] __fput+0x385/0xa30 [ 36.605417] ____fput+0x15/0x20 [ 36.605421] task_work_run+0x1e8/0x2a0 [ 36.605425] do_exit+0x1ad7/0x2610 [ 36.605430] do_group_exit+0x177/0x440 [ 36.605434] __x64_sys_exit_group+0x3e/0x50 [ 36.605438] do_syscall_64+0x1b9/0x820 [ 36.605443] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.605446] [ 36.605448] -> #2 (&rq->lock){-.-.}: [ 36.605463] _raw_spin_lock+0x2d/0x40 [ 36.605467] task_fork_fair+0xb0/0x6d0 [ 36.605471] sched_fork+0x443/0xba0 [ 36.605475] copy_process+0x2586/0x8780 [ 36.605479] _do_fork+0x1cb/0x11d0 [ 36.605484] kernel_thread+0x34/0x40 [ 36.605487] rest_init+0x22/0xe5 [ 36.605491] start_kernel+0x8f4/0x92f [ 36.605496] x86_64_start_reservations+0x29/0x2b [ 36.605501] x86_64_start_kernel+0x76/0x79 [ 36.605505] secondary_startup_64+0xa4/0xb0 [ 36.605507] [ 36.605510] -> #1 (&p->pi_lock){-.-.}: [ 36.605525] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.605530] try_to_wake_up+0xd2/0x12f0 [ 36.605534] wake_up_process+0x10/0x20 [ 36.605538] __up.isra.1+0x1c0/0x2a0 [ 36.605541] up+0x13c/0x1c0 [ 36.605546] __up_console_sem+0xbe/0x1b0 [ 36.605550] console_unlock+0x524/0x11a0 [ 36.605554] vprintk_emit+0x33d/0x930 [ 36.605558] vprintk_default+0x28/0x30 [ 36.605562] vprintk_func+0x7e/0x181 [ 36.605566] printk+0xa7/0xcf [ 36.605570] load_umh+0x51/0xbd [ 36.605574] do_one_initcall+0x145/0x957 [ 36.605579] kernel_init_freeable+0x4bb/0x5ae [ 36.605583] kernel_init+0x11/0x1b2 [ 36.605587] ret_from_fork+0x3a/0x50 [ 36.605589] [ 36.605592] -> #0 ((console_sem).lock){-...}: [ 36.605616] lock_acquire+0x1ed/0x520 [ 36.605621] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.605625] down_trylock+0x13/0x70 [ 36.605630] __down_trylock_console_sem+0xae/0x200 [ 36.605635] console_trylock+0x15/0xa0 [ 36.605639] vprintk_emit+0x322/0x930 [ 36.605643] vprintk_default+0x28/0x30 [ 36.605647] vprintk_func+0x7e/0x181 [ 36.605651] printk+0xa7/0xcf [ 36.605655] kasan_report+0x9b/0x110 [ 36.605660] __asan_report_load8_noabort+0x14/0x20 [ 36.605664] __schedule+0xfc3/0x1ed0 [ 36.605669] preempt_schedule_common+0x1f/0xd0 [ 36.605674] preempt_schedule+0x4d/0x60 [ 36.605678] ___preempt_schedule+0x16/0x18 [ 36.605683] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.605687] __call_srcu+0x7f9/0x1070 [ 36.605692] __synchronize_srcu+0x17b/0x230 [ 36.605696] synchronize_srcu+0x356/0x5ab [ 36.605701] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.605706] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.605710] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.605715] kvm_put_kvm+0x6c8/0xff0 [ 36.605719] kvm_vm_release+0x42/0x50 [ 36.605723] __fput+0x385/0xa30 [ 36.605727] ____fput+0x15/0x20 [ 36.605731] task_work_run+0x1e8/0x2a0 [ 36.605735] do_exit+0x1ad7/0x2610 [ 36.605739] do_group_exit+0x177/0x440 [ 36.605744] __x64_sys_exit_group+0x3e/0x50 [ 36.605748] do_syscall_64+0x1b9/0x820 [ 36.605753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.605756] [ 36.605760] other info that might help us debug this: [ 36.605763] [ 36.605766] Chain exists of: [ 36.605769] (console_sem).lock --> &rq->lock --> report_lock [ 36.605789] [ 36.605793] Possible unsafe locking scenario: [ 36.605796] [ 36.605800] CPU0 CPU1 [ 36.605805] ---- ---- [ 36.605807] lock(report_lock); [ 36.605818] lock(&rq->lock); [ 36.605828] lock(report_lock); [ 36.605837] lock((console_sem).lock); [ 36.605846] [ 36.605849] *** DEADLOCK *** [ 36.605852] [ 36.605856] 2 locks held by syz-executor863/5338: [ 36.605859] #0: 0000000056731d6c (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 36.605877] #1: 00000000b40b20c8 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 36.605896] [ 36.605899] stack backtrace: [ 36.605906] CPU: 1 PID: 5338 Comm: syz-executor863 Not tainted 4.19.0-rc3+ #231 [ 36.605914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.605917] Call Trace: [ 36.605921] dump_stack+0x1c4/0x2b4 [ 36.605926] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.605930] ? vprintk_func+0x85/0x181 [ 36.605936] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 36.605940] ? save_trace+0xe0/0x290 [ 36.605944] __lock_acquire+0x33e4/0x4ec0 [ 36.605949] ? mark_held_locks+0x130/0x130 [ 36.605953] ? mark_held_locks+0x130/0x130 [ 36.605957] ? rcu_bh_qs+0xc0/0xc0 [ 36.605961] ? unwind_dump+0x190/0x190 [ 36.605966] ? is_bpf_text_address+0xd3/0x170 [ 36.605970] ? kernel_text_address+0x79/0xf0 [ 36.605975] ? __kernel_text_address+0xd/0x40 [ 36.605979] ? __save_stack_trace+0x8d/0xf0 [ 36.605984] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 36.605988] ? save_trace+0x290/0x290 [ 36.605993] ? save_stack_trace+0x1a/0x20 [ 36.605997] ? save_trace+0xe0/0x290 [ 36.606001] ? kasan_check_read+0x11/0x20 [ 36.606005] ? graph_lock+0x170/0x170 [ 36.606011] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.606015] lock_acquire+0x1ed/0x520 [ 36.606019] ? down_trylock+0x13/0x70 [ 36.606023] ? find_held_lock+0x36/0x1c0 [ 36.606027] ? lock_release+0x970/0x970 [ 36.606032] ? trace_hardirqs_off+0xb8/0x310 [ 36.606036] ? vprintk_emit+0x1d3/0x930 [ 36.606041] ? trace_hardirqs_on+0x310/0x310 [ 36.606045] ? trace_hardirqs_off+0xb8/0x310 [ 36.606050] ? log_store+0x344/0x4c0 [ 36.606054] ? vprintk_emit+0x322/0x930 [ 36.606058] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.606063] ? down_trylock+0x13/0x70 [ 36.606067] down_trylock+0x13/0x70 [ 36.606072] __down_trylock_console_sem+0xae/0x200 [ 36.606076] console_trylock+0x15/0xa0 [ 36.606080] vprintk_emit+0x322/0x930 [ 36.606084] ? wake_up_klogd+0x180/0x180 [ 36.606089] ? run_rebalance_domains+0x500/0x500 [ 36.606093] ? wake_up_worker+0x117/0x190 [ 36.606098] ? find_held_lock+0x36/0x1c0 [ 36.606102] ? __queue_work+0x6be/0x1440 [ 36.606106] ? lock_acquire+0x1ed/0x520 [ 36.606110] vprintk_default+0x28/0x30 [ 36.606115] vprintk_func+0x7e/0x181 [ 36.606118] printk+0xa7/0xcf [ 36.606123] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.606127] ? kasan_check_write+0x14/0x20 [ 36.606132] ? do_raw_spin_lock+0xc1/0x200 [ 36.606136] ? do_raw_spin_lock+0xc1/0x200 [ 36.606140] kasan_report+0x9b/0x110 [ 36.606144] ? __schedule+0xfc3/0x1ed0 [ 36.606149] __asan_report_load8_noabort+0x14/0x20 [ 36.606153] __schedule+0xfc3/0x1ed0 [ 36.606158] ? __sched_text_start+0x8/0x8 [ 36.606162] ? __lock_is_held+0xb5/0x140 [ 36.606173] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.606177] ? find_held_lock+0x36/0x1c0 [ 36.606181] ? __call_srcu+0x7f9/0x1070 [ 36.606186] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.606191] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.606196] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.606200] ? preempt_schedule+0x4d/0x60 [ 36.606205] preempt_schedule_common+0x1f/0xd0 [ 36.606209] preempt_schedule+0x4d/0x60 [ 36.606213] ___preempt_schedule+0x16/0x18 [ 36.606218] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.606222] __call_srcu+0x7f9/0x1070 [ 36.606227] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 36.606231] ? srcu_offline_cpu+0x120/0x120 [ 36.606236] ? debug_object_free+0x690/0x690 [ 36.606240] ? mark_held_locks+0x130/0x130 [ 36.606245] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 36.606249] ? lock_release+0x970/0x970 [ 36.606254] ? arch_local_save_flags+0x40/0x40 [ 36.606258] ? depot_save_stack+0x292/0x470 [ 36.606262] ? __lockdep_init_map+0x105/0x590 [ 36.606267] ? __init_waitqueue_head+0x9e/0x150 [ 36.606271] ? init_wait_entry+0x1c0/0x1c0 [ 36.606276] __synchronize_srcu+0x17b/0x230 [ 36.606280] ? call_srcu+0x10/0x10 [ 36.606284] ? rcu_unexpedite_gp+0x20/0x20 [ 36.606289] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.606294] ? check_preemption_disabled+0x48/0x200 [ 36.606299] synchronize_srcu+0x356/0x5ab [ 36.606303] ? lock_downgrade+0x900/0x900 [ 36.606308] ? synchronize_srcu_expedited+0x20/0x20 [ 36.606312] ? kasan_check_read+0x11/0x20 [ 36.606317] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.606321] ? kasan_check_write+0x14/0x20 [ 36.606325] ? do_raw_spin_lock+0xc1/0x200 [ 36.606330] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.606335] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.606339] ? kvfree+0x61/0x70 [ 36.606344] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.606348] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.606353] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.606357] ? kvm_arch_sync_events+0x30/0x30 [ 36.606362] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.606367] ? mmu_notifier_unregister+0x474/0x600 [ 36.606371] ? kfree+0x107/0x230 [ 36.606376] ? __mmu_notifier_register+0x30/0x30 [ 36.606380] ? __free_pages+0x10a/0x190 [ 36.606384] ? free_unref_page+0x960/0x960 [ 36.606388] kvm_put_kvm+0x6c8/0xff0 [ 36.606393] ? kvm_write_guest_cached+0x40/0x40 [ 36.606397] ? kvm_irqfd_release+0xd1/0x120 [ 36.606402] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.606406] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.606411] ? kasan_check_write+0x14/0x20 [ 36.606415] ? do_raw_spin_lock+0xc1/0x200 [ 36.606418] ? kvm_irqfd_release+0x [ 36.606427] Lost 82 message(s)! [ 37.744432] Shutting down cpus with NMI [ 38.802423] Dumping ftrace buffer: [ 38.805955] (ftrace buffer empty) [ 38.810158] Kernel Offset: disabled [ 38.813797] Rebooting in 86400 seconds..