[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 26.723879] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.909005] random: sshd: uninitialized urandom read (32 bytes read) [ 30.283961] random: sshd: uninitialized urandom read (32 bytes read) [ 30.892146] random: sshd: uninitialized urandom read (32 bytes read) [ 31.108699] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts. [ 36.665276] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 36.784729] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 36.809354] ================================================================== [ 36.819410] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 36.825637] Read of size 8 at addr ffff8801baf70058 by task syz-executor798/5349 [ 36.833159] [ 36.834790] CPU: 1 PID: 5349 Comm: syz-executor798 Not tainted 4.19.0-rc4+ #247 [ 36.842230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.851575] Call Trace: [ 36.854169] dump_stack+0x1c4/0x2b4 [ 36.857798] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.862987] ? printk+0xa7/0xcf [ 36.866267] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.871034] print_address_description.cold.8+0x9/0x1ff [ 36.876411] kasan_report.cold.9+0x242/0x309 [ 36.880826] ? __schedule+0xfc3/0x1ed0 [ 36.884714] __asan_report_load8_noabort+0x14/0x20 [ 36.889646] __schedule+0xfc3/0x1ed0 [ 36.893373] ? __sched_text_start+0x8/0x8 [ 36.897525] ? __lock_is_held+0xb5/0x140 [ 36.901582] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.906683] ? find_held_lock+0x36/0x1c0 [ 36.910744] ? __call_srcu+0x7f9/0x1070 [ 36.914717] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.919820] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.924922] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.929504] ? preempt_schedule+0x4d/0x60 [ 36.933658] preempt_schedule_common+0x1f/0xd0 [ 36.938242] preempt_schedule+0x4d/0x60 [ 36.942219] ___preempt_schedule+0x16/0x18 [ 36.946455] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.951384] __call_srcu+0x7f9/0x1070 [ 36.955184] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 36.960586] ? srcu_offline_cpu+0x120/0x120 [ 36.964904] ? debug_object_free+0x690/0x690 [ 36.969309] ? mark_held_locks+0x130/0x130 [ 36.973546] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 36.978305] ? lock_release+0x970/0x970 [ 36.982288] ? arch_local_save_flags+0x40/0x40 [ 36.986902] ? depot_save_stack+0x292/0x470 [ 36.991230] ? __lockdep_init_map+0x105/0x590 [ 36.995730] ? __init_waitqueue_head+0x9e/0x150 [ 37.000398] ? init_wait_entry+0x1c0/0x1c0 [ 37.004638] __synchronize_srcu+0x17b/0x230 [ 37.008956] ? call_srcu+0x10/0x10 [ 37.012494] ? rcu_unexpedite_gp+0x20/0x20 [ 37.016734] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.022270] ? check_preemption_disabled+0x48/0x200 [ 37.027289] synchronize_srcu+0x356/0x5ab [ 37.031436] ? lock_downgrade+0x900/0x900 [ 37.035581] ? synchronize_srcu_expedited+0x20/0x20 [ 37.040602] ? kasan_check_read+0x11/0x20 [ 37.044753] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.049345] ? kasan_check_write+0x14/0x20 [ 37.053581] ? do_raw_spin_lock+0xc1/0x200 [ 37.057823] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.063537] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.068988] ? kvfree+0x61/0x70 [ 37.072265] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.077283] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.081354] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.085768] ? kvm_arch_sync_events+0x30/0x30 [ 37.090742] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.096276] ? mmu_notifier_unregister+0x474/0x600 [ 37.101202] ? kfree+0x107/0x230 [ 37.104566] ? __mmu_notifier_register+0x30/0x30 [ 37.109322] ? __free_pages+0x10a/0x190 [ 37.113314] ? free_unref_page+0x960/0x960 [ 37.117566] kvm_put_kvm+0x6c8/0xff0 [ 37.121289] ? kvm_write_guest_cached+0x40/0x40 [ 37.125959] ? kvm_irqfd_release+0xd1/0x120 [ 37.130285] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.134778] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.139283] ? kasan_check_write+0x14/0x20 [ 37.143517] ? do_raw_spin_lock+0xc1/0x200 [ 37.147752] ? kvm_irqfd_release+0xdd/0x120 [ 37.152069] ? kvm_irqfd_release+0xdd/0x120 [ 37.156394] ? kvm_put_kvm+0xff0/0xff0 [ 37.160284] kvm_vm_release+0x42/0x50 [ 37.164080] __fput+0x385/0xa30 [ 37.167373] ? get_max_files+0x20/0x20 [ 37.171258] ? trace_hardirqs_on+0xbd/0x310 [ 37.175585] ? ___might_sleep+0x1ed/0x300 [ 37.179739] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.185214] ? arch_local_save_flags+0x40/0x40 [ 37.189800] ? kasan_check_write+0x14/0x20 [ 37.194036] ? do_raw_spin_lock+0xc1/0x200 [ 37.198268] ____fput+0x15/0x20 [ 37.201546] task_work_run+0x1e8/0x2a0 [ 37.205435] ? task_work_cancel+0x240/0x240 [ 37.209758] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.215292] ? switch_task_namespaces+0x9d/0xd0 [ 37.219962] do_exit+0x1ad7/0x2610 [ 37.223510] ? mm_update_next_owner+0x990/0x990 [ 37.228183] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 37.232417] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.237429] ? kfree+0x1fa/0x230 [ 37.240794] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 37.245028] ? kvm_vcpu_block+0x1030/0x1030 [ 37.249363] ? is_bpf_text_address+0xd3/0x170 [ 37.253857] ? kernel_text_address+0x79/0xf0 [ 37.258266] ? __kernel_text_address+0xd/0x40 [ 37.262763] ? unwind_get_return_address+0x61/0xa0 [ 37.267697] ? __save_stack_trace+0x8d/0xf0 [ 37.272027] ? save_stack+0xa9/0xd0 [ 37.275651] ? save_stack+0x43/0xd0 [ 37.279273] ? __kasan_slab_free+0x102/0x150 [ 37.283675] ? kasan_slab_free+0xe/0x10 [ 37.287645] ? putname+0xf2/0x130 [ 37.291099] ? __x64_sys_openat+0x9d/0x100 [ 37.295349] ? do_syscall_64+0x1b9/0x820 [ 37.299409] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.304773] ? trace_hardirqs_off+0xb8/0x310 [ 37.309178] ? kasan_check_read+0x11/0x20 [ 37.313325] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.317738] ? trace_hardirqs_on+0x310/0x310 [ 37.322147] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 37.327247] ? trace_hardirqs_off+0xb8/0x310 [ 37.331657] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.337194] ? check_preemption_disabled+0x48/0x200 [ 37.342206] ? check_preemption_disabled+0x48/0x200 [ 37.347227] ? kvm_vcpu_block+0x1030/0x1030 [ 37.351548] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.357098] ? do_vfs_ioctl+0x201/0x1720 [ 37.361164] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 37.366443] ? ioctl_preallocate+0x300/0x300 [ 37.370853] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.376387] ? __fget_light+0x2e9/0x430 [ 37.380371] ? fget_raw+0x20/0x20 [ 37.383818] ? putname+0xf2/0x130 [ 37.387270] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.392289] ? kmem_cache_free+0x24f/0x290 [ 37.396523] ? putname+0xf7/0x130 [ 37.399982] do_group_exit+0x177/0x440 [ 37.403875] ? trace_hardirqs_on+0xbd/0x310 [ 37.408195] ? __ia32_sys_exit+0x50/0x50 [ 37.412258] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.417715] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.423262] ? ksys_ioctl+0x81/0xd0 [ 37.426892] __x64_sys_exit_group+0x3e/0x50 [ 37.431217] do_syscall_64+0x1b9/0x820 [ 37.435111] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.440477] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.445409] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.450253] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.455265] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.460281] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.465296] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.470141] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.475326] RIP: 0033:0x43ef08 [ 37.478530] Code: Bad RIP value. [ 37.481885] RSP: 002b:00007ffe0893cb68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.489591] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 37.496853] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.504119] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.511427] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.518697] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 37.525973] [ 37.527598] Allocated by task 5349: [ 37.531223] save_stack+0x43/0xd0 [ 37.534671] kasan_kmalloc+0xc7/0xe0 [ 37.538381] kasan_slab_alloc+0x12/0x20 [ 37.542359] kmem_cache_alloc+0x12e/0x730 [ 37.546506] vmx_create_vcpu+0xcf/0x25e0 [ 37.550564] kvm_arch_vcpu_create+0xe5/0x220 [ 37.554966] kvm_vm_ioctl+0x470/0x1d40 [ 37.558847] do_vfs_ioctl+0x1de/0x1720 [ 37.562728] ksys_ioctl+0xa9/0xd0 [ 37.566175] __x64_sys_ioctl+0x73/0xb0 [ 37.570058] do_syscall_64+0x1b9/0x820 [ 37.573945] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.579125] [ 37.580749] Freed by task 5349: [ 37.584022] save_stack+0x43/0xd0 [ 37.587467] __kasan_slab_free+0x102/0x150 [ 37.591693] kasan_slab_free+0xe/0x10 [ 37.595493] kmem_cache_free+0x83/0x290 [ 37.599464] vmx_free_vcpu+0x26b/0x300 [ 37.603357] kvm_arch_destroy_vm+0x365/0x7c0 [ 37.607762] kvm_put_kvm+0x6c8/0xff0 [ 37.611473] kvm_vm_release+0x42/0x50 [ 37.615264] __fput+0x385/0xa30 [ 37.618539] ____fput+0x15/0x20 [ 37.621817] task_work_run+0x1e8/0x2a0 [ 37.625704] do_exit+0x1ad7/0x2610 [ 37.629241] do_group_exit+0x177/0x440 [ 37.633127] __x64_sys_exit_group+0x3e/0x50 [ 37.637447] do_syscall_64+0x1b9/0x820 [ 37.641343] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.646517] [ 37.648141] The buggy address belongs to the object at ffff8801baf70040 [ 37.648141] which belongs to the cache kvm_vcpu of size 23872 [ 37.660710] The buggy address is located 24 bytes inside of [ 37.660710] 23872-byte region [ffff8801baf70040, ffff8801baf75d80) [ 37.672680] The buggy address belongs to the page: [ 37.677604] page:ffffea0006ebdc00 count:1 mapcount:0 mapping:ffff8801d7977180 index:0x0 compound_mapcount: 0 [ 37.687576] flags: 0x2fffc0000008100(slab|head) [ 37.692251] raw: 02fffc0000008100 ffff8801d5b7c748 ffff8801d5b7c748 ffff8801d7977180 [ 37.700140] raw: 0000000000000000 ffff8801baf70040 0000000100000001 0000000000000000 [ 37.708010] page dumped because: kasan: bad access detected [ 37.713733] [ 37.715359] Memory state around the buggy address: [ 37.720282] ffff8801baf6ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.727637] ffff8801baf6ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.734991] >ffff8801baf70000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 37.742345] ^ [ 37.748573] ffff8801baf70080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.755926] ffff8801baf70100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.763270] ================================================================== [ 37.770620] Kernel panic - not syncing: panic_on_warn set ... [ 37.770620] [ 37.777983] CPU: 1 PID: 5349 Comm: syz-executor798 Tainted: G B 4.19.0-rc4+ #247 [ 37.786811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.796155] Call Trace: [ 37.798747] dump_stack+0x1c4/0x2b4 [ 37.802371] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.807562] ? lock_downgrade+0x900/0x900 [ 37.811712] panic+0x238/0x4e7 [ 37.814901] ? add_taint.cold.5+0x16/0x16 [ 37.819050] ? print_shadow_for_address+0xb6/0x116 [ 37.823974] ? trace_hardirqs_off+0xaf/0x310 [ 37.828385] kasan_end_report+0x47/0x4f [ 37.832371] kasan_report.cold.9+0x76/0x309 [ 37.836698] ? __schedule+0xfc3/0x1ed0 [ 37.840588] __asan_report_load8_noabort+0x14/0x20 [ 37.845516] __schedule+0xfc3/0x1ed0 [ 37.849233] ? __sched_text_start+0x8/0x8 [ 37.853381] ? __lock_is_held+0xb5/0x140 [ 37.857439] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.862539] ? find_held_lock+0x36/0x1c0 [ 37.866605] ? __call_srcu+0x7f9/0x1070 [ 37.870577] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.875675] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.880774] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.885362] ? preempt_schedule+0x4d/0x60 [ 37.889512] preempt_schedule_common+0x1f/0xd0 [ 37.894096] preempt_schedule+0x4d/0x60 [ 37.898081] ___preempt_schedule+0x16/0x18 [ 37.902324] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.907264] __call_srcu+0x7f9/0x1070 [ 37.911062] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.916171] ? srcu_offline_cpu+0x120/0x120 [ 37.920493] ? debug_object_free+0x690/0x690 [ 37.924899] ? mark_held_locks+0x130/0x130 [ 37.929137] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.933721] ? lock_release+0x970/0x970 [ 37.937697] ? arch_local_save_flags+0x40/0x40 [ 37.942280] ? depot_save_stack+0x292/0x470 [ 37.946604] ? __lockdep_init_map+0x105/0x590 [ 37.951109] ? __init_waitqueue_head+0x9e/0x150 [ 37.955776] ? init_wait_entry+0x1c0/0x1c0 [ 37.960016] __synchronize_srcu+0x17b/0x230 [ 37.964346] ? call_srcu+0x10/0x10 [ 37.967889] ? rcu_unexpedite_gp+0x20/0x20 [ 37.972134] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.977668] ? check_preemption_disabled+0x48/0x200 [ 37.982685] synchronize_srcu+0x356/0x5ab [ 37.986830] ? lock_downgrade+0x900/0x900 [ 37.990979] ? synchronize_srcu_expedited+0x20/0x20 [ 37.995998] ? kasan_check_read+0x11/0x20 [ 38.000144] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.004723] ? kasan_check_write+0x14/0x20 [ 38.008959] ? do_raw_spin_lock+0xc1/0x200 [ 38.013199] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.018913] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.024367] ? kvfree+0x61/0x70 [ 38.027645] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.032665] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.036722] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.041134] ? kvm_arch_sync_events+0x30/0x30 [ 38.045632] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.051167] ? mmu_notifier_unregister+0x474/0x600 [ 38.056093] ? kfree+0x107/0x230 [ 38.059461] ? __mmu_notifier_register+0x30/0x30 [ 38.064215] ? __free_pages+0x10a/0x190 [ 38.068190] ? free_unref_page+0x960/0x960 [ 38.072435] kvm_put_kvm+0x6c8/0xff0 [ 38.076154] ? kvm_write_guest_cached+0x40/0x40 [ 38.080824] ? kvm_irqfd_release+0xd1/0x120 [ 38.085144] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.090124] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.094628] ? kasan_check_write+0x14/0x20 [ 38.098867] ? do_raw_spin_lock+0xc1/0x200 [ 38.103112] ? kvm_irqfd_release+0xdd/0x120 [ 38.107431] ? kvm_irqfd_release+0xdd/0x120 [ 38.111753] ? kvm_put_kvm+0xff0/0xff0 [ 38.115639] kvm_vm_release+0x42/0x50 [ 38.119439] __fput+0x385/0xa30 [ 38.122718] ? get_max_files+0x20/0x20 [ 38.126605] ? trace_hardirqs_on+0xbd/0x310 [ 38.130927] ? ___might_sleep+0x1ed/0x300 [ 38.135076] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.140531] ? arch_local_save_flags+0x40/0x40 [ 38.145116] ? kasan_check_write+0x14/0x20 [ 38.149365] ? do_raw_spin_lock+0xc1/0x200 [ 38.153603] ____fput+0x15/0x20 [ 38.156889] task_work_run+0x1e8/0x2a0 [ 38.160781] ? task_work_cancel+0x240/0x240 [ 38.165108] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.170648] ? switch_task_namespaces+0x9d/0xd0 [ 38.175320] do_exit+0x1ad7/0x2610 [ 38.178874] ? mm_update_next_owner+0x990/0x990 [ 38.183554] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 38.187790] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.192806] ? kfree+0x1fa/0x230 [ 38.196175] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 38.200414] ? kvm_vcpu_block+0x1030/0x1030 [ 38.204743] ? is_bpf_text_address+0xd3/0x170 [ 38.209239] ? kernel_text_address+0x79/0xf0 [ 38.213651] ? __kernel_text_address+0xd/0x40 [ 38.218149] ? unwind_get_return_address+0x61/0xa0 [ 38.223080] ? __save_stack_trace+0x8d/0xf0 [ 38.227415] ? save_stack+0xa9/0xd0 [ 38.231036] ? save_stack+0x43/0xd0 [ 38.234660] ? __kasan_slab_free+0x102/0x150 [ 38.239066] ? kasan_slab_free+0xe/0x10 [ 38.243040] ? putname+0xf2/0x130 [ 38.246493] ? __x64_sys_openat+0x9d/0x100 [ 38.250728] ? do_syscall_64+0x1b9/0x820 [ 38.254788] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.260155] ? trace_hardirqs_off+0xb8/0x310 [ 38.264572] ? kasan_check_read+0x11/0x20 [ 38.268721] ? do_raw_spin_unlock+0xa7/0x2f0 [ 38.273131] ? trace_hardirqs_on+0x310/0x310 [ 38.277542] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 38.282647] ? trace_hardirqs_off+0xb8/0x310 [ 38.287055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.292594] ? check_preemption_disabled+0x48/0x200 [ 38.297606] ? check_preemption_disabled+0x48/0x200 [ 38.302630] ? kvm_vcpu_block+0x1030/0x1030 [ 38.306954] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.312493] ? do_vfs_ioctl+0x201/0x1720 [ 38.316555] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 38.321851] ? ioctl_preallocate+0x300/0x300 [ 38.326260] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.331794] ? __fget_light+0x2e9/0x430 [ 38.335764] ? fget_raw+0x20/0x20 [ 38.339213] ? putname+0xf2/0x130 [ 38.342664] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.347678] ? kmem_cache_free+0x24f/0x290 [ 38.351912] ? putname+0xf7/0x130 [ 38.355377] do_group_exit+0x177/0x440 [ 38.359269] ? trace_hardirqs_on+0xbd/0x310 [ 38.363593] ? __ia32_sys_exit+0x50/0x50 [ 38.367658] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.373114] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.378649] ? ksys_ioctl+0x81/0xd0 [ 38.382281] __x64_sys_exit_group+0x3e/0x50 [ 38.386608] do_syscall_64+0x1b9/0x820 [ 38.390495] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.395859] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.400791] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.405640] ? trace_hardirqs_on_caller+0x310/0x310 [ 38.410660] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.415680] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.420700] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.425547] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.430732] RIP: 0033:0x43ef08 [ 38.433921] Code: Bad RIP value. [ 38.437276] RSP: 002b:00007ffe0893cb68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.444983] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 38.452249] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.459531] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.466805] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 38.474072] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 38.481365] [ 38.481372] ====================================================== [ 38.481378] WARNING: possible circular locking dependency detected [ 38.481382] 4.19.0-rc4+ #247 Not tainted [ 38.481388] ------------------------------------------------------ [ 38.481394] syz-executor798/5349 is trying to acquire lock: [ 38.481398] 000000000297feea ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 38.481415] [ 38.481419] but task is already holding lock: [ 38.481423] 00000000e0a485ff (report_lock){....}, at: kasan_report+0x8b/0x110 [ 38.481439] [ 38.481444] which lock already depends on the new lock. [ 38.481447] [ 38.481450] [ 38.481455] the existing dependency chain (in reverse order) is: [ 38.481458] [ 38.481461] -> #3 (report_lock){....}: [ 38.481477] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.481482] kasan_report+0x8b/0x110 [ 38.481487] __asan_report_load8_noabort+0x14/0x20 [ 38.481491] __schedule+0xfc3/0x1ed0 [ 38.481496] preempt_schedule_common+0x1f/0xd0 [ 38.481501] preempt_schedule+0x4d/0x60 [ 38.481505] ___preempt_schedule+0x16/0x18 [ 38.481510] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.481515] __call_srcu+0x7f9/0x1070 [ 38.481519] __synchronize_srcu+0x17b/0x230 [ 38.481524] synchronize_srcu+0x356/0x5ab [ 38.481529] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.481534] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.481539] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.481543] kvm_put_kvm+0x6c8/0xff0 [ 38.481547] kvm_vm_release+0x42/0x50 [ 38.481551] __fput+0x385/0xa30 [ 38.481555] ____fput+0x15/0x20 [ 38.481560] task_work_run+0x1e8/0x2a0 [ 38.481564] do_exit+0x1ad7/0x2610 [ 38.481568] do_group_exit+0x177/0x440 [ 38.481573] __x64_sys_exit_group+0x3e/0x50 [ 38.481578] do_syscall_64+0x1b9/0x820 [ 38.481583] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.481585] [ 38.481588] -> #2 (&rq->lock){-.-.}: [ 38.481604] _raw_spin_lock+0x2d/0x40 [ 38.481608] task_fork_fair+0xb0/0x6d0 [ 38.481613] sched_fork+0x443/0xba0 [ 38.481617] copy_process+0x2586/0x8780 [ 38.481621] _do_fork+0x1cb/0x11d0 [ 38.481626] kernel_thread+0x34/0x40 [ 38.481630] rest_init+0x22/0xe5 [ 38.481634] start_kernel+0x8f4/0x92f [ 38.481639] x86_64_start_reservations+0x29/0x2b [ 38.481644] x86_64_start_kernel+0x76/0x79 [ 38.481649] secondary_startup_64+0xa4/0xb0 [ 38.481651] [ 38.481654] -> #1 (&p->pi_lock){-.-.}: [ 38.481670] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.481675] try_to_wake_up+0xd2/0x12f0 [ 38.481679] wake_up_process+0x10/0x20 [ 38.481684] __up.isra.1+0x1c0/0x2a0 [ 38.481687] up+0x13c/0x1c0 [ 38.481692] __up_console_sem+0xbe/0x1b0 [ 38.481696] console_unlock+0x814/0x1160 [ 38.481701] vprintk_emit+0x33d/0x930 [ 38.481705] vprintk_default+0x28/0x30 [ 38.481710] vprintk_func+0x7e/0x181 [ 38.481713] printk+0xa7/0xcf [ 38.481717] load_umh+0x51/0xbd [ 38.481722] do_one_initcall+0x145/0x957 [ 38.481727] kernel_init_freeable+0x4bb/0x5ae [ 38.481731] kernel_init+0x11/0x1b2 [ 38.481736] ret_from_fork+0x3a/0x50 [ 38.481738] [ 38.481741] -> #0 ((console_sem).lock){-...}: [ 38.481757] lock_acquire+0x1ed/0x520 [ 38.481762] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.481766] down_trylock+0x13/0x70 [ 38.481771] __down_trylock_console_sem+0xae/0x200 [ 38.481776] console_trylock+0x15/0xa0 [ 38.481780] vprintk_emit+0x322/0x930 [ 38.481785] vprintk_default+0x28/0x30 [ 38.481789] vprintk_func+0x7e/0x181 [ 38.481793] printk+0xa7/0xcf [ 38.481797] kasan_report+0x9b/0x110 [ 38.481802] __asan_report_load8_noabort+0x14/0x20 [ 38.481806] __schedule+0xfc3/0x1ed0 [ 38.481811] preempt_schedule_common+0x1f/0xd0 [ 38.481816] preempt_schedule+0x4d/0x60 [ 38.481820] ___preempt_schedule+0x16/0x18 [ 38.481825] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.481830] __call_srcu+0x7f9/0x1070 [ 38.481835] __synchronize_srcu+0x17b/0x230 [ 38.481839] synchronize_srcu+0x356/0x5ab [ 38.481845] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.481849] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.481854] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.481858] kvm_put_kvm+0x6c8/0xff0 [ 38.481863] kvm_vm_release+0x42/0x50 [ 38.481867] __fput+0x385/0xa30 [ 38.481871] ____fput+0x15/0x20 [ 38.481875] task_work_run+0x1e8/0x2a0 [ 38.481879] do_exit+0x1ad7/0x2610 [ 38.481884] do_group_exit+0x177/0x440 [ 38.481889] __x64_sys_exit_group+0x3e/0x50 [ 38.481893] do_syscall_64+0x1b9/0x820 [ 38.481898] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.481901] [ 38.481906] other info that might help us debug this: [ 38.481908] [ 38.481912] Chain exists of: [ 38.481914] (console_sem).lock --> &rq->lock --> report_lock [ 38.481935] [ 38.481940] Possible unsafe locking scenario: [ 38.481942] [ 38.481947] CPU0 CPU1 [ 38.481951] ---- ---- [ 38.481954] lock(report_lock); [ 38.481965] lock(&rq->lock); [ 38.481975] lock(report_lock); [ 38.481984] lock((console_sem).lock); [ 38.481994] [ 38.481997] *** DEADLOCK *** [ 38.482000] [ 38.482005] 2 locks held by syz-executor798/5349: [ 38.482007] #0: 000000001eee3839 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 38.482027] #1: 00000000e0a485ff (report_lock){....}, at: kasan_report+0x8b/0x110 [ 38.482046] [ 38.482049] stack backtrace: [ 38.482056] CPU: 1 PID: 5349 Comm: syz-executor798 Not tainted 4.19.0-rc4+ #247 [ 38.482064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.482068] Call Trace: [ 38.482072] dump_stack+0x1c4/0x2b4 [ 38.482078] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.482082] ? vprintk_func+0x85/0x181 [ 38.482088] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 38.482092] ? save_trace+0xe0/0x290 [ 38.482097] __lock_acquire+0x33e4/0x4ec0 [ 38.482101] ? mark_held_locks+0x130/0x130 [ 38.482111] ? mark_held_locks+0x130/0x130 [ 38.482115] ? rcu_bh_qs+0xc0/0xc0 [ 38.482120] ? unwind_dump+0x190/0x190 [ 38.482125] ? is_bpf_text_address+0xd3/0x170 [ 38.482129] ? kernel_text_address+0x79/0xf0 [ 38.482134] ? __kernel_text_address+0xd/0x40 [ 38.482139] ? __save_stack_trace+0x8d/0xf0 [ 38.482144] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 38.482148] ? save_trace+0x290/0x290 [ 38.482153] ? save_stack_trace+0x1a/0x20 [ 38.482157] ? save_trace+0xe0/0x290 [ 38.482162] ? kasan_check_read+0x11/0x20 [ 38.482166] ? graph_lock+0x170/0x170 [ 38.482172] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.482176] lock_acquire+0x1ed/0x520 [ 38.482180] ? down_trylock+0x13/0x70 [ 38.482185] ? find_held_lock+0x36/0x1c0 [ 38.482189] ? lock_release+0x970/0x970 [ 38.482194] ? trace_hardirqs_off+0xb8/0x310 [ 38.482199] ? vprintk_emit+0x1d3/0x930 [ 38.482203] ? trace_hardirqs_on+0x310/0x310 [ 38.482208] ? trace_hardirqs_off+0xb8/0x310 [ 38.482212] ? log_store+0x344/0x4c0 [ 38.482217] ? vprintk_emit+0x322/0x930 [ 38.482222] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.482226] ? down_trylock+0x13/0x70 [ 38.482230] down_trylock+0x13/0x70 [ 38.482235] __down_trylock_console_sem+0xae/0x200 [ 38.482240] console_trylock+0x15/0xa0 [ 38.482244] vprintk_emit+0x322/0x930 [ 38.482249] ? wake_up_klogd+0x180/0x180 [ 38.482253] ? run_rebalance_domains+0x500/0x500 [ 38.482258] ? wake_up_worker+0x117/0x190 [ 38.482263] ? find_held_lock+0x36/0x1c0 [ 38.482267] ? __queue_work+0x6be/0x1440 [ 38.482272] ? lock_acquire+0x1ed/0x520 [ 38.482276] vprintk_default+0x28/0x30 [ 38.482280] vprintk_func+0x7e/0x181 [ 38.482284] printk+0xa7/0xcf [ 38.482289] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 38.482294] ? kasan_check_write+0x14/0x20 [ 38.482298] ? do_raw_spin_lock+0xc1/0x200 [ 38.482303] ? do_raw_spin_lock+0xc1/0x200 [ 38.482307] kasan_report+0x9b/0x110 [ 38.482312] ? __schedule+0xfc3/0x1ed0 [ 38.482317] __asan_report_load8_noabort+0x14/0x20 [ 38.482321] __schedule+0xfc3/0x1ed0 [ 38.482325] ? __sched_text_start+0x8/0x8 [ 38.482336] ? __lock_is_held+0xb5/0x140 [ 38.482342] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.482346] ? find_held_lock+0x36/0x1c0 [ 38.482351] ? __call_srcu+0x7f9/0x1070 [ 38.482356] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.482361] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.482366] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.482370] ? preempt_schedule+0x4d/0x60 [ 38.482375] preempt_schedule_common+0x1f/0xd0 [ 38.482380] preempt_schedule+0x4d/0x60 [ 38.482385] ___preempt_schedule+0x16/0x18 [ 38.482390] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.482394] __call_srcu+0x7f9/0x1070 [ 38.482399] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.482404] ? srcu_offline_cpu+0x120/0x120 [ 38.482408] ? debug_object_free+0x690/0x690 [ 38.482413] ? mark_held_locks+0x130/0x130 [ 38.482418] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.482423] ? lock_release+0x970/0x970 [ 38.482427] ? arch_local_save_flags+0x40/0x40 [ 38.482432] ? depot_save_stack+0x292/0x470 [ 38.482437] ? __lockdep_init_map+0x105/0x590 [ 38.482442] ? __init_waitqueue_head+0x9e/0x150 [ 38.482447] ? init_wait_entry+0x1c0/0x1c0 [ 38.482451] __synchronize_srcu+0x17b/0x230 [ 38.482455] ? call_srcu+0x10/0x10 [ 38.482460] ? rcu_unexpedite_gp+0x20/0x20 [ 38.482466] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.482471] ? check_preemption_disabled+0x48/0x200 [ 38.482475] synchronize_srcu+0x356/0x5ab [ 38.482480] ? lock_downgrade+0x900/0x900 [ 38.482485] ? synchronize_srcu_expedited+0x20/0x20 [ 38.482490] ? kasan_check_read+0x11/0x20 [ 38.482495] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.482499] ? kasan_check_write+0x14/0x20 [ 38.482504] ? do_raw_spin_lock+0xc1/0x200 [ 38.482510] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.482515] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.482519] ? kvfree+0x61/0x70 [ 38.482524] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.482529] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.482533] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.482538] ? kvm_arch_sync_events+0x30/0x30 [ 38.482543] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.482548] ? mmu_notifier_unregister+0x474/0x600 [ 38.482553] ? kfree+0x107/0x230 [ 38.482558] ? __mmu_notifier_register+0x30/0x30 [ 38.482562] ? __free_pages+0x10a/0x190 [ 38.482567] ? free_unref_page+0x960/0x960 [ 38.482571] kvm_put_kvm+0x6c8/0xff0 [ 38.482576] ? kvm_write_guest_cached+0x40/0x40 [ 38.482580] ? kvm_irqfd_release+0xd1/0x120 [ 38.482585] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.482590] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.482595] ? kasan_check_write+0x14/0x20 [ 38.482599] ? do_raw_spin_lock+0xc1/0x200 [ 38.482603] ? kvm_irqfd_release+0x [ 38.482612] Lost 82 message(s)! [ 39.624565] Shutting down cpus with NMI [ 40.681522] Kernel Offset: disabled [ 40.685143] Rebooting in 86400 seconds..