[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.623572] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.850967] random: sshd: uninitialized urandom read (32 bytes read) [ 28.183356] random: sshd: uninitialized urandom read (32 bytes read) [ 28.808160] random: sshd: uninitialized urandom read (32 bytes read) [ 29.030833] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. [ 34.647791] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.773092] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.799194] ================================================================== [ 34.809234] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 34.815461] Read of size 8 at addr ffff8801d9610058 by task syz-executor331/5340 [ 34.822987] [ 34.824619] CPU: 0 PID: 5340 Comm: syz-executor331 Not tainted 4.19.0-rc4+ #248 [ 34.832057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.841403] Call Trace: [ 34.843990] dump_stack+0x1c4/0x2b4 [ 34.847623] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.852811] ? printk+0xa7/0xcf [ 34.856091] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.860852] print_address_description.cold.8+0x9/0x1ff [ 34.866315] kasan_report.cold.9+0x242/0x309 [ 34.870727] ? __schedule+0xfc3/0x1ed0 [ 34.874618] __asan_report_load8_noabort+0x14/0x20 [ 34.879554] __schedule+0xfc3/0x1ed0 [ 34.883278] ? __sched_text_start+0x8/0x8 [ 34.887426] ? __lock_is_held+0xb5/0x140 [ 34.891485] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.896601] ? find_held_lock+0x36/0x1c0 [ 34.900665] ? __call_srcu+0x7f9/0x1070 [ 34.904640] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.909745] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.914847] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.919427] ? preempt_schedule+0x4d/0x60 [ 34.923575] preempt_schedule_common+0x1f/0xd0 [ 34.928166] preempt_schedule+0x4d/0x60 [ 34.932165] ___preempt_schedule+0x16/0x18 [ 34.936411] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 34.941341] __call_srcu+0x7f9/0x1070 [ 34.945140] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 34.950249] ? srcu_offline_cpu+0x120/0x120 [ 34.954573] ? debug_object_free+0x690/0x690 [ 34.958982] ? mark_held_locks+0x130/0x130 [ 34.963219] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 34.967825] ? lock_release+0x970/0x970 [ 34.971810] ? arch_local_save_flags+0x40/0x40 [ 34.976396] ? depot_save_stack+0x292/0x470 [ 34.980726] ? __lockdep_init_map+0x105/0x590 [ 34.985227] ? __init_waitqueue_head+0x9e/0x150 [ 34.989899] ? init_wait_entry+0x1c0/0x1c0 [ 34.994144] __synchronize_srcu+0x17b/0x230 [ 34.998467] ? call_srcu+0x10/0x10 [ 35.002006] ? rcu_unexpedite_gp+0x20/0x20 [ 35.006249] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.011782] ? check_preemption_disabled+0x48/0x200 [ 35.016804] synchronize_srcu+0x356/0x5ab [ 35.020951] ? lock_downgrade+0x900/0x900 [ 35.025098] ? synchronize_srcu_expedited+0x20/0x20 [ 35.030120] ? kasan_check_read+0x11/0x20 [ 35.034264] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.038848] ? kasan_check_write+0x14/0x20 [ 35.043083] ? do_raw_spin_lock+0xc1/0x200 [ 35.047336] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.053049] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.058511] ? kvfree+0x61/0x70 [ 35.061798] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.066819] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.070879] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.075289] ? kvm_arch_sync_events+0x30/0x30 [ 35.079785] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.085319] ? mmu_notifier_unregister+0x474/0x600 [ 35.090245] ? kfree+0x107/0x230 [ 35.093616] ? __mmu_notifier_register+0x30/0x30 [ 35.098371] ? __free_pages+0x10a/0x190 [ 35.102344] ? free_unref_page+0x960/0x960 [ 35.106589] kvm_put_kvm+0x6c8/0xff0 [ 35.110308] ? kvm_write_guest_cached+0x40/0x40 [ 35.114987] ? kvm_irqfd_release+0xd1/0x120 [ 35.119313] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.123808] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.128311] ? kasan_check_write+0x14/0x20 [ 35.132552] ? do_raw_spin_lock+0xc1/0x200 [ 35.136788] ? kvm_irqfd_release+0xdd/0x120 [ 35.141129] ? kvm_irqfd_release+0xdd/0x120 [ 35.145450] ? kvm_put_kvm+0xff0/0xff0 [ 35.149335] kvm_vm_release+0x42/0x50 [ 35.153139] __fput+0x385/0xa30 [ 35.156425] ? get_max_files+0x20/0x20 [ 35.160313] ? trace_hardirqs_on+0xbd/0x310 [ 35.164635] ? ___might_sleep+0x1ed/0x300 [ 35.168780] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.174233] ? arch_local_save_flags+0x40/0x40 [ 35.178816] ? kasan_check_write+0x14/0x20 [ 35.183055] ? do_raw_spin_lock+0xc1/0x200 [ 35.187287] ____fput+0x15/0x20 [ 35.190573] task_work_run+0x1e8/0x2a0 [ 35.194463] ? task_work_cancel+0x240/0x240 [ 35.198791] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.204332] ? switch_task_namespaces+0x9d/0xd0 [ 35.209012] do_exit+0x1ad7/0x2610 [ 35.212556] ? mm_update_next_owner+0x990/0x990 [ 35.217231] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 35.221468] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.226490] ? kfree+0x1fa/0x230 [ 35.229872] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 35.234107] ? kvm_vcpu_block+0x1030/0x1030 [ 35.238435] ? is_bpf_text_address+0xd3/0x170 [ 35.242932] ? kernel_text_address+0x79/0xf0 [ 35.247338] ? __kernel_text_address+0xd/0x40 [ 35.251835] ? unwind_get_return_address+0x61/0xa0 [ 35.256771] ? __save_stack_trace+0x8d/0xf0 [ 35.261097] ? save_stack+0xa9/0xd0 [ 35.264720] ? save_stack+0x43/0xd0 [ 35.268363] ? __kasan_slab_free+0x102/0x150 [ 35.272772] ? kasan_slab_free+0xe/0x10 [ 35.276742] ? putname+0xf2/0x130 [ 35.280195] ? __x64_sys_openat+0x9d/0x100 [ 35.284430] ? do_syscall_64+0x1b9/0x820 [ 35.288491] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.293869] ? trace_hardirqs_off+0xb8/0x310 [ 35.298280] ? kasan_check_read+0x11/0x20 [ 35.302427] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.306834] ? trace_hardirqs_on+0x310/0x310 [ 35.311244] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 35.316350] ? trace_hardirqs_off+0xb8/0x310 [ 35.320760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.326297] ? check_preemption_disabled+0x48/0x200 [ 35.331310] ? check_preemption_disabled+0x48/0x200 [ 35.336330] ? kvm_vcpu_block+0x1030/0x1030 [ 35.340656] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.346208] ? do_vfs_ioctl+0x201/0x1720 [ 35.350279] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 35.355562] ? ioctl_preallocate+0x300/0x300 [ 35.359984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.365541] ? __fget_light+0x2e9/0x430 [ 35.370019] ? fget_raw+0x20/0x20 [ 35.373474] ? putname+0xf2/0x130 [ 35.376941] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.381964] ? kmem_cache_free+0x24f/0x290 [ 35.386203] ? putname+0xf7/0x130 [ 35.389672] do_group_exit+0x177/0x440 [ 35.393570] ? trace_hardirqs_on+0xbd/0x310 [ 35.397890] ? __ia32_sys_exit+0x50/0x50 [ 35.401949] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.407397] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.412933] ? ksys_ioctl+0x81/0xd0 [ 35.416562] __x64_sys_exit_group+0x3e/0x50 [ 35.420885] do_syscall_64+0x1b9/0x820 [ 35.424776] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.430140] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.435072] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.439914] ? trace_hardirqs_on_caller+0x310/0x310 [ 35.444930] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.449951] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.454971] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.459815] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.465002] RIP: 0033:0x43f028 [ 35.468202] Code: Bad RIP value. [ 35.471562] RSP: 002b:00007ffcf52b02d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.479584] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 35.486850] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.494118] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.501388] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.508651] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 35.515925] [ 35.517546] Allocated by task 5340: [ 35.521169] save_stack+0x43/0xd0 [ 35.524616] kasan_kmalloc+0xc7/0xe0 [ 35.528326] kasan_slab_alloc+0x12/0x20 [ 35.532301] kmem_cache_alloc+0x12e/0x730 [ 35.536445] vmx_create_vcpu+0xcf/0x25e0 [ 35.540514] kvm_arch_vcpu_create+0xe5/0x220 [ 35.544930] kvm_vm_ioctl+0x470/0x1d40 [ 35.548817] do_vfs_ioctl+0x1de/0x1720 [ 35.552699] ksys_ioctl+0xa9/0xd0 [ 35.556153] __x64_sys_ioctl+0x73/0xb0 [ 35.560039] do_syscall_64+0x1b9/0x820 [ 35.563925] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.569106] [ 35.570725] Freed by task 5340: [ 35.573998] save_stack+0x43/0xd0 [ 35.577448] __kasan_slab_free+0x102/0x150 [ 35.581676] kasan_slab_free+0xe/0x10 [ 35.585473] kmem_cache_free+0x83/0x290 [ 35.589450] vmx_free_vcpu+0x26b/0x300 [ 35.593333] kvm_arch_destroy_vm+0x365/0x7c0 [ 35.597743] kvm_put_kvm+0x6c8/0xff0 [ 35.601453] kvm_vm_release+0x42/0x50 [ 35.605250] __fput+0x385/0xa30 [ 35.608536] ____fput+0x15/0x20 [ 35.611818] task_work_run+0x1e8/0x2a0 [ 35.615705] do_exit+0x1ad7/0x2610 [ 35.619244] do_group_exit+0x177/0x440 [ 35.623128] __x64_sys_exit_group+0x3e/0x50 [ 35.627449] do_syscall_64+0x1b9/0x820 [ 35.631337] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.636524] [ 35.638149] The buggy address belongs to the object at ffff8801d9610040 [ 35.638149] which belongs to the cache kvm_vcpu of size 23872 [ 35.650722] The buggy address is located 24 bytes inside of [ 35.650722] 23872-byte region [ffff8801d9610040, ffff8801d9615d80) [ 35.662674] The buggy address belongs to the page: [ 35.667602] page:ffffea0007658400 count:1 mapcount:0 mapping:ffff8801d5242840 index:0x0 compound_mapcount: 0 [ 35.677571] flags: 0x2fffc0000008100(slab|head) [ 35.682245] raw: 02fffc0000008100 ffff8801d523a648 ffff8801d523a648 ffff8801d5242840 [ 35.690124] raw: 0000000000000000 ffff8801d9610040 0000000100000001 0000000000000000 [ 35.697992] page dumped because: kasan: bad access detected [ 35.703688] [ 35.705306] Memory state around the buggy address: [ 35.710233] ffff8801d960ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.717589] ffff8801d960ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.724947] >ffff8801d9610000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 35.732299] ^ [ 35.738535] ffff8801d9610080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.745889] ffff8801d9610100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.753237] ================================================================== [ 35.760602] Kernel panic - not syncing: panic_on_warn set ... [ 35.760602] [ 35.767970] CPU: 0 PID: 5340 Comm: syz-executor331 Tainted: G B 4.19.0-rc4+ #248 [ 35.776799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.786143] Call Trace: [ 35.788737] dump_stack+0x1c4/0x2b4 [ 35.792364] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.797557] ? lock_downgrade+0x900/0x900 [ 35.801727] panic+0x238/0x4e7 [ 35.804919] ? add_taint.cold.5+0x16/0x16 [ 35.809071] ? print_shadow_for_address+0xb6/0x116 [ 35.813999] ? trace_hardirqs_off+0xaf/0x310 [ 35.818411] kasan_end_report+0x47/0x4f [ 35.822388] kasan_report.cold.9+0x76/0x309 [ 35.826711] ? __schedule+0xfc3/0x1ed0 [ 35.830604] __asan_report_load8_noabort+0x14/0x20 [ 35.835547] __schedule+0xfc3/0x1ed0 [ 35.839265] ? __sched_text_start+0x8/0x8 [ 35.843417] ? __lock_is_held+0xb5/0x140 [ 35.847479] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.852594] ? find_held_lock+0x36/0x1c0 [ 35.856657] ? __call_srcu+0x7f9/0x1070 [ 35.860634] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.865735] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.870844] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.875430] ? preempt_schedule+0x4d/0x60 [ 35.879584] preempt_schedule_common+0x1f/0xd0 [ 35.884168] preempt_schedule+0x4d/0x60 [ 35.888143] ___preempt_schedule+0x16/0x18 [ 35.892386] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.897316] __call_srcu+0x7f9/0x1070 [ 35.901114] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 35.906221] ? srcu_offline_cpu+0x120/0x120 [ 35.910550] ? debug_object_free+0x690/0x690 [ 35.914955] ? mark_held_locks+0x130/0x130 [ 35.919189] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 35.923775] ? lock_release+0x970/0x970 [ 35.927752] ? arch_local_save_flags+0x40/0x40 [ 35.932334] ? depot_save_stack+0x292/0x470 [ 35.936664] ? __lockdep_init_map+0x105/0x590 [ 35.941164] ? __init_waitqueue_head+0x9e/0x150 [ 35.945832] ? init_wait_entry+0x1c0/0x1c0 [ 35.950071] __synchronize_srcu+0x17b/0x230 [ 35.954393] ? call_srcu+0x10/0x10 [ 35.957933] ? rcu_unexpedite_gp+0x20/0x20 [ 35.962175] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.967716] ? check_preemption_disabled+0x48/0x200 [ 35.972739] synchronize_srcu+0x356/0x5ab [ 35.976885] ? lock_downgrade+0x900/0x900 [ 35.981032] ? synchronize_srcu_expedited+0x20/0x20 [ 35.986056] ? kasan_check_read+0x11/0x20 [ 35.990205] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.994791] ? kasan_check_write+0x14/0x20 [ 35.999025] ? do_raw_spin_lock+0xc1/0x200 [ 36.003268] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.008982] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.014435] ? kvfree+0x61/0x70 [ 36.017716] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.022734] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.026795] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.031206] ? kvm_arch_sync_events+0x30/0x30 [ 36.035702] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.041236] ? mmu_notifier_unregister+0x474/0x600 [ 36.046167] ? kfree+0x107/0x230 [ 36.049548] ? __mmu_notifier_register+0x30/0x30 [ 36.054306] ? __free_pages+0x10a/0x190 [ 36.058280] ? free_unref_page+0x960/0x960 [ 36.062537] kvm_put_kvm+0x6c8/0xff0 [ 36.066260] ? kvm_write_guest_cached+0x40/0x40 [ 36.070932] ? kvm_irqfd_release+0xd1/0x120 [ 36.075271] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.079766] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.084273] ? kasan_check_write+0x14/0x20 [ 36.088525] ? do_raw_spin_lock+0xc1/0x200 [ 36.092768] ? kvm_irqfd_release+0xdd/0x120 [ 36.097087] ? kvm_irqfd_release+0xdd/0x120 [ 36.101411] ? kvm_put_kvm+0xff0/0xff0 [ 36.105298] kvm_vm_release+0x42/0x50 [ 36.109101] __fput+0x385/0xa30 [ 36.112387] ? get_max_files+0x20/0x20 [ 36.116276] ? trace_hardirqs_on+0xbd/0x310 [ 36.120603] ? ___might_sleep+0x1ed/0x300 [ 36.124750] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.130200] ? arch_local_save_flags+0x40/0x40 [ 36.134784] ? kasan_check_write+0x14/0x20 [ 36.139022] ? do_raw_spin_lock+0xc1/0x200 [ 36.143268] ____fput+0x15/0x20 [ 36.146568] task_work_run+0x1e8/0x2a0 [ 36.150463] ? task_work_cancel+0x240/0x240 [ 36.154793] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.160348] ? switch_task_namespaces+0x9d/0xd0 [ 36.165022] do_exit+0x1ad7/0x2610 [ 36.168569] ? mm_update_next_owner+0x990/0x990 [ 36.173248] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 36.177525] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.182553] ? kfree+0x1fa/0x230 [ 36.185922] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 36.190160] ? kvm_vcpu_block+0x1030/0x1030 [ 36.194486] ? is_bpf_text_address+0xd3/0x170 [ 36.198998] ? kernel_text_address+0x79/0xf0 [ 36.203407] ? __kernel_text_address+0xd/0x40 [ 36.207906] ? unwind_get_return_address+0x61/0xa0 [ 36.212839] ? __save_stack_trace+0x8d/0xf0 [ 36.217169] ? save_stack+0xa9/0xd0 [ 36.220792] ? save_stack+0x43/0xd0 [ 36.224414] ? __kasan_slab_free+0x102/0x150 [ 36.228821] ? kasan_slab_free+0xe/0x10 [ 36.232798] ? putname+0xf2/0x130 [ 36.236247] ? __x64_sys_openat+0x9d/0x100 [ 36.240483] ? do_syscall_64+0x1b9/0x820 [ 36.244559] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.249928] ? trace_hardirqs_off+0xb8/0x310 [ 36.254336] ? kasan_check_read+0x11/0x20 [ 36.258485] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.262907] ? trace_hardirqs_on+0x310/0x310 [ 36.267321] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 36.272423] ? trace_hardirqs_off+0xb8/0x310 [ 36.276834] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.282369] ? check_preemption_disabled+0x48/0x200 [ 36.287386] ? check_preemption_disabled+0x48/0x200 [ 36.292405] ? kvm_vcpu_block+0x1030/0x1030 [ 36.296726] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.302263] ? do_vfs_ioctl+0x201/0x1720 [ 36.306324] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 36.311602] ? ioctl_preallocate+0x300/0x300 [ 36.316007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.321554] ? __fget_light+0x2e9/0x430 [ 36.325541] ? fget_raw+0x20/0x20 [ 36.328990] ? putname+0xf2/0x130 [ 36.332442] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.337458] ? kmem_cache_free+0x24f/0x290 [ 36.341695] ? putname+0xf7/0x130 [ 36.345157] do_group_exit+0x177/0x440 [ 36.349049] ? trace_hardirqs_on+0xbd/0x310 [ 36.353374] ? __ia32_sys_exit+0x50/0x50 [ 36.357440] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.362890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.368428] ? ksys_ioctl+0x81/0xd0 [ 36.372544] __x64_sys_exit_group+0x3e/0x50 [ 36.376870] do_syscall_64+0x1b9/0x820 [ 36.380762] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.386127] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.391053] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.395897] ? trace_hardirqs_on_caller+0x310/0x310 [ 36.400916] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.405937] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.410961] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.415811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.420997] RIP: 0033:0x43f028 [ 36.424197] Code: Bad RIP value. [ 36.427556] RSP: 002b:00007ffcf52b02d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.435266] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 36.442540] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.449810] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.457098] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.464370] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 36.471655] [ 36.471664] ====================================================== [ 36.471670] WARNING: possible circular locking dependency detected [ 36.471674] 4.19.0-rc4+ #248 Not tainted [ 36.471680] ------------------------------------------------------ [ 36.471685] syz-executor331/5340 is trying to acquire lock: [ 36.471689] 000000005f1998af ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 36.471706] [ 36.471710] but task is already holding lock: [ 36.471713] 00000000984e16aa (report_lock){....}, at: kasan_report+0x8b/0x110 [ 36.471729] [ 36.471737] which lock already depends on the new lock. [ 36.471740] [ 36.471746] [ 36.471751] the existing dependency chain (in reverse order) is: [ 36.471754] [ 36.471756] -> #3 (report_lock){....}: [ 36.471772] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.471776] kasan_report+0x8b/0x110 [ 36.471781] __asan_report_load8_noabort+0x14/0x20 [ 36.471785] __schedule+0xfc3/0x1ed0 [ 36.471790] preempt_schedule_common+0x1f/0xd0 [ 36.471794] preempt_schedule+0x4d/0x60 [ 36.471799] ___preempt_schedule+0x16/0x18 [ 36.471806] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.471811] __call_srcu+0x7f9/0x1070 [ 36.471818] __synchronize_srcu+0x17b/0x230 [ 36.471823] synchronize_srcu+0x356/0x5ab [ 36.471828] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.471832] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.471837] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.471841] kvm_put_kvm+0x6c8/0xff0 [ 36.471845] kvm_vm_release+0x42/0x50 [ 36.471849] __fput+0x385/0xa30 [ 36.471853] ____fput+0x15/0x20 [ 36.471857] task_work_run+0x1e8/0x2a0 [ 36.471861] do_exit+0x1ad7/0x2610 [ 36.471866] do_group_exit+0x177/0x440 [ 36.471870] __x64_sys_exit_group+0x3e/0x50 [ 36.471874] do_syscall_64+0x1b9/0x820 [ 36.471879] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.471882] [ 36.471885] -> #2 (&rq->lock){-.-.}: [ 36.471900] _raw_spin_lock+0x2d/0x40 [ 36.471904] task_fork_fair+0xb0/0x6d0 [ 36.471908] sched_fork+0x443/0xba0 [ 36.471913] copy_process+0x2586/0x8780 [ 36.471917] _do_fork+0x1cb/0x11d0 [ 36.471921] kernel_thread+0x34/0x40 [ 36.471925] rest_init+0x22/0xe5 [ 36.471929] start_kernel+0x8f4/0x92f [ 36.471934] x86_64_start_reservations+0x29/0x2b [ 36.471939] x86_64_start_kernel+0x76/0x79 [ 36.471943] secondary_startup_64+0xa4/0xb0 [ 36.471946] [ 36.471948] -> #1 (&p->pi_lock){-.-.}: [ 36.471964] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.471968] try_to_wake_up+0xd2/0x12f0 [ 36.471973] wake_up_process+0x10/0x20 [ 36.471977] __up.isra.1+0x1c0/0x2a0 [ 36.471980] up+0x13c/0x1c0 [ 36.471985] __up_console_sem+0xbe/0x1b0 [ 36.471989] console_unlock+0x814/0x1160 [ 36.471993] vprintk_emit+0x33d/0x930 [ 36.471998] vprintk_default+0x28/0x30 [ 36.472002] vprintk_func+0x7e/0x181 [ 36.472005] printk+0xa7/0xcf [ 36.472009] load_umh+0x51/0xbd [ 36.472014] do_one_initcall+0x145/0x957 [ 36.472018] kernel_init_freeable+0x4bb/0x5ae [ 36.472023] kernel_init+0x11/0x1b2 [ 36.472027] ret_from_fork+0x3a/0x50 [ 36.472030] [ 36.472032] -> #0 ((console_sem).lock){-...}: [ 36.472048] lock_acquire+0x1ed/0x520 [ 36.472053] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.472057] down_trylock+0x13/0x70 [ 36.472062] __down_trylock_console_sem+0xae/0x200 [ 36.472066] console_trylock+0x15/0xa0 [ 36.472070] vprintk_emit+0x322/0x930 [ 36.472074] vprintk_default+0x28/0x30 [ 36.472079] vprintk_func+0x7e/0x181 [ 36.472082] printk+0xa7/0xcf [ 36.472087] kasan_report+0x9b/0x110 [ 36.472091] __asan_report_load8_noabort+0x14/0x20 [ 36.472096] __schedule+0xfc3/0x1ed0 [ 36.472100] preempt_schedule_common+0x1f/0xd0 [ 36.472105] preempt_schedule+0x4d/0x60 [ 36.472109] ___preempt_schedule+0x16/0x18 [ 36.472114] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.472118] __call_srcu+0x7f9/0x1070 [ 36.472123] __synchronize_srcu+0x17b/0x230 [ 36.472128] synchronize_srcu+0x356/0x5ab [ 36.472133] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.472137] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.472142] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.472146] kvm_put_kvm+0x6c8/0xff0 [ 36.472150] kvm_vm_release+0x42/0x50 [ 36.472155] __fput+0x385/0xa30 [ 36.472158] ____fput+0x15/0x20 [ 36.472163] task_work_run+0x1e8/0x2a0 [ 36.472167] do_exit+0x1ad7/0x2610 [ 36.472171] do_group_exit+0x177/0x440 [ 36.472175] __x64_sys_exit_group+0x3e/0x50 [ 36.472180] do_syscall_64+0x1b9/0x820 [ 36.472185] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.472187] [ 36.472192] other info that might help us debug this: [ 36.472194] [ 36.472198] Chain exists of: [ 36.472200] (console_sem).lock --> &rq->lock --> report_lock [ 36.472220] [ 36.472225] Possible unsafe locking scenario: [ 36.472227] [ 36.472232] CPU0 CPU1 [ 36.472236] ---- ---- [ 36.472239] lock(report_lock); [ 36.472249] lock(&rq->lock); [ 36.472259] lock(report_lock); [ 36.472268] lock((console_sem).lock); [ 36.472277] [ 36.472280] *** DEADLOCK *** [ 36.472283] [ 36.472287] 2 locks held by syz-executor331/5340: [ 36.472290] #0: 0000000000790b2d (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 36.472308] #1: 00000000984e16aa (report_lock){....}, at: kasan_report+0x8b/0x110 [ 36.472325] [ 36.472329] stack backtrace: [ 36.472335] CPU: 0 PID: 5340 Comm: syz-executor331 Not tainted 4.19.0-rc4+ #248 [ 36.472343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.472346] Call Trace: [ 36.472350] dump_stack+0x1c4/0x2b4 [ 36.472355] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.472360] ? vprintk_func+0x85/0x181 [ 36.472365] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 36.472369] ? save_trace+0xe0/0x290 [ 36.472374] __lock_acquire+0x33e4/0x4ec0 [ 36.472378] ? mark_held_locks+0x130/0x130 [ 36.472383] ? mark_held_locks+0x130/0x130 [ 36.472387] ? rcu_bh_qs+0xc0/0xc0 [ 36.472391] ? unwind_dump+0x190/0x190 [ 36.472396] ? is_bpf_text_address+0xd3/0x170 [ 36.472400] ? kernel_text_address+0x79/0xf0 [ 36.472405] ? __kernel_text_address+0xd/0x40 [ 36.472409] ? __save_stack_trace+0x8d/0xf0 [ 36.472414] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 36.472418] ? save_trace+0x290/0x290 [ 36.472423] ? save_stack_trace+0x1a/0x20 [ 36.472427] ? save_trace+0xe0/0x290 [ 36.472431] ? kasan_check_read+0x11/0x20 [ 36.472435] ? graph_lock+0x170/0x170 [ 36.472441] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.472445] lock_acquire+0x1ed/0x520 [ 36.472449] ? down_trylock+0x13/0x70 [ 36.472453] ? find_held_lock+0x36/0x1c0 [ 36.472457] ? lock_release+0x970/0x970 [ 36.472462] ? trace_hardirqs_off+0xb8/0x310 [ 36.472466] ? vprintk_emit+0x1d3/0x930 [ 36.472471] ? trace_hardirqs_on+0x310/0x310 [ 36.472475] ? trace_hardirqs_off+0xb8/0x310 [ 36.472480] ? log_store+0x344/0x4c0 [ 36.472484] ? vprintk_emit+0x322/0x930 [ 36.472488] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.472493] ? down_trylock+0x13/0x70 [ 36.472497] down_trylock+0x13/0x70 [ 36.472510] __down_trylock_console_sem+0xae/0x200 [ 36.472515] console_trylock+0x15/0xa0 [ 36.472526] vprintk_emit+0x322/0x930 [ 36.472530] ? wake_up_klogd+0x180/0x180 [ 36.472535] ? run_rebalance_domains+0x500/0x500 [ 36.472539] ? wake_up_worker+0x117/0x190 [ 36.472543] ? find_held_lock+0x36/0x1c0 [ 36.472548] ? __queue_work+0x6be/0x1440 [ 36.472552] ? lock_acquire+0x1ed/0x520 [ 36.472556] vprintk_default+0x28/0x30 [ 36.472561] vprintk_func+0x7e/0x181 [ 36.472564] printk+0xa7/0xcf [ 36.472569] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.472574] ? kasan_check_write+0x14/0x20 [ 36.472578] ? do_raw_spin_lock+0xc1/0x200 [ 36.472583] ? do_raw_spin_lock+0xc1/0x200 [ 36.472587] kasan_report+0x9b/0x110 [ 36.472591] ? __schedule+0xfc3/0x1ed0 [ 36.472596] __asan_report_load8_noabort+0x14/0x20 [ 36.472600] __schedule+0xfc3/0x1ed0 [ 36.472604] ? __sched_text_start+0x8/0x8 [ 36.472609] ? __lock_is_held+0xb5/0x140 [ 36.472614] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.472618] ? find_held_lock+0x36/0x1c0 [ 36.472622] ? __call_srcu+0x7f9/0x1070 [ 36.472627] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.472632] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.472637] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.472641] ? preempt_schedule+0x4d/0x60 [ 36.472646] preempt_schedule_common+0x1f/0xd0 [ 36.472650] preempt_schedule+0x4d/0x60 [ 36.472655] ___preempt_schedule+0x16/0x18 [ 36.472659] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.472664] __call_srcu+0x7f9/0x1070 [ 36.472669] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 36.472673] ? srcu_offline_cpu+0x120/0x120 [ 36.472678] ? debug_object_free+0x690/0x690 [ 36.472682] ? mark_held_locks+0x130/0x130 [ 36.472687] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 36.472691] ? lock_release+0x970/0x970 [ 36.472696] ? arch_local_save_flags+0x40/0x40 [ 36.472700] ? depot_save_stack+0x292/0x470 [ 36.472705] ? __lockdep_init_map+0x105/0x590 [ 36.472710] ? __init_waitqueue_head+0x9e/0x150 [ 36.472714] ? init_wait_entry+0x1c0/0x1c0 [ 36.472719] __synchronize_srcu+0x17b/0x230 [ 36.472723] ? call_srcu+0x10/0x10 [ 36.472727] ? rcu_unexpedite_gp+0x20/0x20 [ 36.472733] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.472737] ? check_preemption_disabled+0x48/0x200 [ 36.472742] synchronize_srcu+0x356/0x5ab [ 36.472746] ? lock_downgrade+0x900/0x900 [ 36.472751] ? synchronize_srcu_expedited+0x20/0x20 [ 36.472756] ? kasan_check_read+0x11/0x20 [ 36.472761] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.472765] ? kasan_check_write+0x14/0x20 [ 36.472770] ? do_raw_spin_lock+0xc1/0x200 [ 36.472775] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.472780] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.472784] ? kvfree+0x61/0x70 [ 36.472789] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.472793] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.472798] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.472802] ? kvm_arch_sync_events+0x30/0x30 [ 36.472807] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.472812] ? mmu_notifier_unregister+0x474/0x600 [ 36.472816] ? kfree+0x107/0x230 [ 36.472821] ? __mmu_notifier_register+0x30/0x30 [ 36.472825] ? __free_pages+0x10a/0x190 [ 36.472830] ? free_unref_page+0x960/0x960 [ 36.472834] kvm_put_kvm+0x6c8/0xff0 [ 36.472839] ? kvm_write_guest_cached+0x40/0x40 [ 36.472843] ? kvm_irqfd_release+0xd1/0x120 [ 36.472848] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.472852] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.472857] ? kasan_check_write+0x14/0x20 [ 36.472861] ? do_raw_spin_lock+0xc1/0x200 [ 36.472865] ? kvm_irqfd_release+0x [ 36.472873] Lost 82 message(s)! [ 37.636866] Shutting down cpus with NMI [ 38.694321] Kernel Offset: disabled [ 38.697946] Rebooting in 86400 seconds..