[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 26.428765] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.054590] random: sshd: uninitialized urandom read (32 bytes read) [ 30.401458] random: sshd: uninitialized urandom read (32 bytes read) [ 31.002862] random: sshd: uninitialized urandom read (32 bytes read) [ 50.588687] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.59' (ECDSA) to the list of known hosts. [ 56.221742] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 56.354061] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 56.382033] ================================================================== [ 56.392161] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 56.398394] Read of size 8 at addr ffff8801d9298058 by task syz-executor661/5371 [ 56.405954] [ 56.407584] CPU: 1 PID: 5371 Comm: syz-executor661 Not tainted 4.19.0-rc3+ #231 [ 56.415020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.424455] Call Trace: [ 56.427038] dump_stack+0x1c4/0x2b4 [ 56.430666] ? dump_stack_print_info.cold.2+0x52/0x52 [ 56.435858] ? printk+0xa7/0xcf [ 56.439138] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 56.443910] print_address_description.cold.8+0x9/0x1ff [ 56.449289] kasan_report.cold.9+0x242/0x309 [ 56.453695] ? __schedule+0xfc3/0x1ed0 [ 56.457582] __asan_report_load8_noabort+0x14/0x20 [ 56.462512] __schedule+0xfc3/0x1ed0 [ 56.466229] ? __sched_text_start+0x8/0x8 [ 56.470379] ? __lock_is_held+0xb5/0x140 [ 56.474442] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 56.479548] ? find_held_lock+0x36/0x1c0 [ 56.483613] ? __call_srcu+0x7f9/0x1070 [ 56.487588] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 56.492683] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 56.497780] ? lockdep_hardirqs_on+0x421/0x5c0 [ 56.502360] ? preempt_schedule+0x4d/0x60 [ 56.506511] preempt_schedule_common+0x1f/0xd0 [ 56.511113] preempt_schedule+0x4d/0x60 [ 56.515092] ___preempt_schedule+0x16/0x18 [ 56.519321] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 56.524255] __call_srcu+0x7f9/0x1070 [ 56.528042] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 56.533132] ? srcu_offline_cpu+0x120/0x120 [ 56.537444] ? debug_object_free+0x690/0x690 [ 56.541832] ? mark_held_locks+0x130/0x130 [ 56.546048] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 56.550615] ? lock_release+0x970/0x970 [ 56.554571] ? arch_local_save_flags+0x40/0x40 [ 56.559135] ? depot_save_stack+0x292/0x470 [ 56.563450] ? __lockdep_init_map+0x105/0x590 [ 56.567930] ? __init_waitqueue_head+0x9e/0x150 [ 56.572585] ? init_wait_entry+0x1c0/0x1c0 [ 56.576805] __synchronize_srcu+0x17b/0x230 [ 56.581108] ? call_srcu+0x10/0x10 [ 56.584632] ? rcu_unexpedite_gp+0x20/0x20 [ 56.588852] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 56.594385] ? check_preemption_disabled+0x48/0x200 [ 56.599411] synchronize_srcu+0x356/0x5ab [ 56.603564] ? lock_downgrade+0x900/0x900 [ 56.607715] ? synchronize_srcu_expedited+0x20/0x20 [ 56.612735] ? kasan_check_read+0x11/0x20 [ 56.616890] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 56.621485] ? kasan_check_write+0x14/0x20 [ 56.625717] ? do_raw_spin_lock+0xc1/0x200 [ 56.629955] kvm_page_track_unregister_notifier+0x17d/0x250 [ 56.635669] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 56.641123] ? kvfree+0x61/0x70 [ 56.644408] ? rcu_read_lock_sched_held+0x108/0x120 [ 56.649440] kvm_mmu_uninit_vm+0x1c/0x20 [ 56.653510] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 56.657919] ? kvm_arch_sync_events+0x30/0x30 [ 56.662419] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 56.667956] ? mmu_notifier_unregister+0x474/0x600 [ 56.672884] ? kfree+0x107/0x230 [ 56.676254] ? __mmu_notifier_register+0x30/0x30 [ 56.681010] ? __free_pages+0x10a/0x190 [ 56.684982] ? free_unref_page+0x960/0x960 [ 56.689233] kvm_put_kvm+0x6c8/0xff0 [ 56.692953] ? kvm_write_guest_cached+0x40/0x40 [ 56.697629] ? kvm_irqfd_release+0xd1/0x120 [ 56.701951] ? _raw_spin_unlock_irq+0x27/0x80 [ 56.706447] ? _raw_spin_unlock_irq+0x27/0x80 [ 56.710955] ? kasan_check_write+0x14/0x20 [ 56.715191] ? do_raw_spin_lock+0xc1/0x200 [ 56.719448] ? kvm_irqfd_release+0xdd/0x120 [ 56.723772] ? kvm_irqfd_release+0xdd/0x120 [ 56.728107] ? kvm_put_kvm+0xff0/0xff0 [ 56.731989] kvm_vm_release+0x42/0x50 [ 56.735790] __fput+0x385/0xa30 [ 56.739070] ? get_max_files+0x20/0x20 [ 56.742956] ? trace_hardirqs_on+0xbd/0x310 [ 56.747279] ? ___might_sleep+0x1ed/0x300 [ 56.751430] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 56.756884] ? arch_local_save_flags+0x40/0x40 [ 56.761471] ? kasan_check_write+0x14/0x20 [ 56.765706] ? do_raw_spin_lock+0xc1/0x200 [ 56.769942] ____fput+0x15/0x20 [ 56.773226] task_work_run+0x1e8/0x2a0 [ 56.777120] ? task_work_cancel+0x240/0x240 [ 56.781451] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 56.786989] ? switch_task_namespaces+0x9d/0xd0 [ 56.791659] do_exit+0x1ad7/0x2610 [ 56.795203] ? mm_update_next_owner+0x990/0x990 [ 56.799883] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 56.804117] ? rcu_read_lock_sched_held+0x108/0x120 [ 56.809142] ? kfree+0x1fa/0x230 [ 56.812526] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 56.816769] ? kvm_vcpu_block+0x1030/0x1030 [ 56.821093] ? is_bpf_text_address+0xd3/0x170 [ 56.825587] ? kernel_text_address+0x79/0xf0 [ 56.829992] ? __kernel_text_address+0xd/0x40 [ 56.834487] ? unwind_get_return_address+0x61/0xa0 [ 56.839420] ? __save_stack_trace+0x8d/0xf0 [ 56.843753] ? save_stack+0xa9/0xd0 [ 56.847375] ? save_stack+0x43/0xd0 [ 56.851000] ? __kasan_slab_free+0x102/0x150 [ 56.855407] ? kasan_slab_free+0xe/0x10 [ 56.859383] ? putname+0xf2/0x130 [ 56.862834] ? __x64_sys_openat+0x9d/0x100 [ 56.867070] ? do_syscall_64+0x1b9/0x820 [ 56.871134] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.876512] ? trace_hardirqs_off+0xb8/0x310 [ 56.880932] ? kasan_check_read+0x11/0x20 [ 56.885090] ? do_raw_spin_unlock+0xa7/0x2f0 [ 56.889510] ? trace_hardirqs_on+0x310/0x310 [ 56.893915] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 56.899031] ? trace_hardirqs_off+0xb8/0x310 [ 56.903466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.909003] ? check_preemption_disabled+0x48/0x200 [ 56.914016] ? check_preemption_disabled+0x48/0x200 [ 56.919040] ? kvm_vcpu_block+0x1030/0x1030 [ 56.923363] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.928901] ? do_vfs_ioctl+0x201/0x1720 [ 56.932964] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 56.938245] ? ioctl_preallocate+0x300/0x300 [ 56.942653] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.948192] ? __fget_light+0x2e9/0x430 [ 56.952173] ? fget_raw+0x20/0x20 [ 56.955624] ? putname+0xf2/0x130 [ 56.959088] ? rcu_read_lock_sched_held+0x108/0x120 [ 56.964105] ? kmem_cache_free+0x24f/0x290 [ 56.968341] ? putname+0xf7/0x130 [ 56.971798] do_group_exit+0x177/0x440 [ 56.975689] ? trace_hardirqs_on+0xbd/0x310 [ 56.980014] ? __ia32_sys_exit+0x50/0x50 [ 56.984086] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 56.989538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.995080] ? ksys_ioctl+0x81/0xd0 [ 56.998713] __x64_sys_exit_group+0x3e/0x50 [ 57.003034] do_syscall_64+0x1b9/0x820 [ 57.006922] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 57.012298] ? syscall_return_slowpath+0x5e0/0x5e0 [ 57.017229] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.022582] ? trace_hardirqs_on_caller+0x310/0x310 [ 57.027598] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 57.032618] ? prepare_exit_to_usermode+0x291/0x3b0 [ 57.037640] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.042484] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.047669] RIP: 0033:0x43ecc8 [ 57.050862] Code: Bad RIP value. [ 57.054230] RSP: 002b:00007ffec008c528 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 57.061950] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 57.069213] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 57.076488] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 57.083749] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 57.091012] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 57.098292] [ 57.099934] Allocated by task 5371: [ 57.103562] save_stack+0x43/0xd0 [ 57.107014] kasan_kmalloc+0xc7/0xe0 [ 57.110721] kasan_slab_alloc+0x12/0x20 [ 57.114692] kmem_cache_alloc+0x12e/0x730 [ 57.118839] vmx_create_vcpu+0xcf/0x25e0 [ 57.122901] kvm_arch_vcpu_create+0xe5/0x220 [ 57.127813] kvm_vm_ioctl+0x470/0x1d40 [ 57.131697] do_vfs_ioctl+0x1de/0x1720 [ 57.135579] ksys_ioctl+0xa9/0xd0 [ 57.139027] __x64_sys_ioctl+0x73/0xb0 [ 57.142923] do_syscall_64+0x1b9/0x820 [ 57.146822] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.152010] [ 57.153631] Freed by task 5371: [ 57.156920] save_stack+0x43/0xd0 [ 57.160381] __kasan_slab_free+0x102/0x150 [ 57.164610] kasan_slab_free+0xe/0x10 [ 57.168411] kmem_cache_free+0x83/0x290 [ 57.172380] vmx_free_vcpu+0x26b/0x300 [ 57.176273] kvm_arch_destroy_vm+0x365/0x7c0 [ 57.180675] kvm_put_kvm+0x6c8/0xff0 [ 57.184386] kvm_vm_release+0x42/0x50 [ 57.188185] __fput+0x385/0xa30 [ 57.191460] ____fput+0x15/0x20 [ 57.194738] task_work_run+0x1e8/0x2a0 [ 57.198624] do_exit+0x1ad7/0x2610 [ 57.202171] do_group_exit+0x177/0x440 [ 57.206056] __x64_sys_exit_group+0x3e/0x50 [ 57.210694] do_syscall_64+0x1b9/0x820 [ 57.214584] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.219772] [ 57.221405] The buggy address belongs to the object at ffff8801d9298040 [ 57.221405] which belongs to the cache kvm_vcpu of size 23872 [ 57.233989] The buggy address is located 24 bytes inside of [ 57.233989] 23872-byte region [ffff8801d9298040, ffff8801d929dd80) [ 57.245950] The buggy address belongs to the page: [ 57.250875] page:ffffea000764a600 count:1 mapcount:0 mapping:ffff8801d78814c0 index:0x0 compound_mapcount: 0 [ 57.260840] flags: 0x2fffc0000008100(slab|head) [ 57.265511] raw: 02fffc0000008100 ffff8801d5ba1a48 ffff8801d5ba1a48 ffff8801d78814c0 [ 57.273391] raw: 0000000000000000 ffff8801d9298040 0000000100000001 0000000000000000 [ 57.281260] page dumped because: kasan: bad access detected [ 57.286969] [ 57.288600] Memory state around the buggy address: [ 57.293528] ffff8801d9297f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.300885] ffff8801d9297f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.308250] >ffff8801d9298000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 57.315598] ^ [ 57.321827] ffff8801d9298080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.329183] ffff8801d9298100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.336532] ================================================================== [ 57.343887] Kernel panic - not syncing: panic_on_warn set ... [ 57.343887] [ 57.351281] CPU: 1 PID: 5371 Comm: syz-executor661 Tainted: G B 4.19.0-rc3+ #231 [ 57.360111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.369838] Call Trace: [ 57.372427] dump_stack+0x1c4/0x2b4 [ 57.376059] ? dump_stack_print_info.cold.2+0x52/0x52 [ 57.381252] ? lock_downgrade+0x900/0x900 [ 57.385400] panic+0x238/0x4e7 [ 57.388589] ? add_taint.cold.5+0x16/0x16 [ 57.392744] ? print_shadow_for_address+0xb6/0x116 [ 57.397670] ? trace_hardirqs_off+0xaf/0x310 [ 57.402082] kasan_end_report+0x47/0x4f [ 57.406058] kasan_report.cold.9+0x76/0x309 [ 57.410383] ? __schedule+0xfc3/0x1ed0 [ 57.414271] __asan_report_load8_noabort+0x14/0x20 [ 57.419198] __schedule+0xfc3/0x1ed0 [ 57.422916] ? __sched_text_start+0x8/0x8 [ 57.427071] ? __lock_is_held+0xb5/0x140 [ 57.431132] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 57.436243] ? find_held_lock+0x36/0x1c0 [ 57.440306] ? __call_srcu+0x7f9/0x1070 [ 57.444280] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 57.449386] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 57.454491] ? lockdep_hardirqs_on+0x421/0x5c0 [ 57.459079] ? preempt_schedule+0x4d/0x60 [ 57.463230] preempt_schedule_common+0x1f/0xd0 [ 57.467812] preempt_schedule+0x4d/0x60 [ 57.471784] ___preempt_schedule+0x16/0x18 [ 57.476025] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 57.480958] __call_srcu+0x7f9/0x1070 [ 57.484760] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 57.489865] ? srcu_offline_cpu+0x120/0x120 [ 57.494189] ? debug_object_free+0x690/0x690 [ 57.498600] ? mark_held_locks+0x130/0x130 [ 57.502836] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 57.507423] ? lock_release+0x970/0x970 [ 57.511395] ? arch_local_save_flags+0x40/0x40 [ 57.515977] ? depot_save_stack+0x292/0x470 [ 57.520317] ? __lockdep_init_map+0x105/0x590 [ 57.524816] ? __init_waitqueue_head+0x9e/0x150 [ 57.529496] ? init_wait_entry+0x1c0/0x1c0 [ 57.533739] __synchronize_srcu+0x17b/0x230 [ 57.538059] ? call_srcu+0x10/0x10 [ 57.541598] ? rcu_unexpedite_gp+0x20/0x20 [ 57.545839] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 57.551375] ? check_preemption_disabled+0x48/0x200 [ 57.556393] synchronize_srcu+0x356/0x5ab [ 57.560541] ? lock_downgrade+0x900/0x900 [ 57.564701] ? synchronize_srcu_expedited+0x20/0x20 [ 57.569723] ? kasan_check_read+0x11/0x20 [ 57.573871] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 57.578455] ? kasan_check_write+0x14/0x20 [ 57.582688] ? do_raw_spin_lock+0xc1/0x200 [ 57.586927] kvm_page_track_unregister_notifier+0x17d/0x250 [ 57.592642] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 57.598114] ? kvfree+0x61/0x70 [ 57.601395] ? rcu_read_lock_sched_held+0x108/0x120 [ 57.606413] kvm_mmu_uninit_vm+0x1c/0x20 [ 57.610477] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 57.614886] ? kvm_arch_sync_events+0x30/0x30 [ 57.619386] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 57.624923] ? mmu_notifier_unregister+0x474/0x600 [ 57.629854] ? kfree+0x107/0x230 [ 57.633221] ? __mmu_notifier_register+0x30/0x30 [ 57.637976] ? __free_pages+0x10a/0x190 [ 57.641960] ? free_unref_page+0x960/0x960 [ 57.646205] kvm_put_kvm+0x6c8/0xff0 [ 57.649931] ? kvm_write_guest_cached+0x40/0x40 [ 57.654600] ? kvm_irqfd_release+0xd1/0x120 [ 57.658920] ? _raw_spin_unlock_irq+0x27/0x80 [ 57.663412] ? _raw_spin_unlock_irq+0x27/0x80 [ 57.667928] ? kasan_check_write+0x14/0x20 [ 57.672172] ? do_raw_spin_lock+0xc1/0x200 [ 57.676410] ? kvm_irqfd_release+0xdd/0x120 [ 57.680729] ? kvm_irqfd_release+0xdd/0x120 [ 57.685051] ? kvm_put_kvm+0xff0/0xff0 [ 57.688938] kvm_vm_release+0x42/0x50 [ 57.692741] __fput+0x385/0xa30 [ 57.696021] ? get_max_files+0x20/0x20 [ 57.699908] ? trace_hardirqs_on+0xbd/0x310 [ 57.704235] ? ___might_sleep+0x1ed/0x300 [ 57.708380] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 57.713830] ? arch_local_save_flags+0x40/0x40 [ 57.718412] ? kasan_check_write+0x14/0x20 [ 57.722649] ? do_raw_spin_lock+0xc1/0x200 [ 57.726885] ____fput+0x15/0x20 [ 57.730184] task_work_run+0x1e8/0x2a0 [ 57.734089] ? task_work_cancel+0x240/0x240 [ 57.738413] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 57.743950] ? switch_task_namespaces+0x9d/0xd0 [ 57.748621] do_exit+0x1ad7/0x2610 [ 57.752171] ? mm_update_next_owner+0x990/0x990 [ 57.756849] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 57.761082] ? rcu_read_lock_sched_held+0x108/0x120 [ 57.766100] ? kfree+0x1fa/0x230 [ 57.769466] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 57.773703] ? kvm_vcpu_block+0x1030/0x1030 [ 57.778027] ? is_bpf_text_address+0xd3/0x170 [ 57.782523] ? kernel_text_address+0x79/0xf0 [ 57.786940] ? __kernel_text_address+0xd/0x40 [ 57.791447] ? unwind_get_return_address+0x61/0xa0 [ 57.796387] ? __save_stack_trace+0x8d/0xf0 [ 57.800713] ? save_stack+0xa9/0xd0 [ 57.804335] ? save_stack+0x43/0xd0 [ 57.807961] ? __kasan_slab_free+0x102/0x150 [ 57.812365] ? kasan_slab_free+0xe/0x10 [ 57.816336] ? putname+0xf2/0x130 [ 57.819793] ? __x64_sys_openat+0x9d/0x100 [ 57.824030] ? do_syscall_64+0x1b9/0x820 [ 57.828093] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.833463] ? trace_hardirqs_off+0xb8/0x310 [ 57.837870] ? kasan_check_read+0x11/0x20 [ 57.842019] ? do_raw_spin_unlock+0xa7/0x2f0 [ 57.846425] ? trace_hardirqs_on+0x310/0x310 [ 57.850833] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 57.855935] ? trace_hardirqs_off+0xb8/0x310 [ 57.860346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.865884] ? check_preemption_disabled+0x48/0x200 [ 57.870897] ? check_preemption_disabled+0x48/0x200 [ 57.875915] ? kvm_vcpu_block+0x1030/0x1030 [ 57.880236] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.885810] ? do_vfs_ioctl+0x201/0x1720 [ 57.889886] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 57.895176] ? ioctl_preallocate+0x300/0x300 [ 57.899591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.905125] ? __fget_light+0x2e9/0x430 [ 57.909108] ? fget_raw+0x20/0x20 [ 57.912562] ? putname+0xf2/0x130 [ 57.916014] ? rcu_read_lock_sched_held+0x108/0x120 [ 57.921031] ? kmem_cache_free+0x24f/0x290 [ 57.925279] ? putname+0xf7/0x130 [ 57.928738] do_group_exit+0x177/0x440 [ 57.932625] ? trace_hardirqs_on+0xbd/0x310 [ 57.936952] ? __ia32_sys_exit+0x50/0x50 [ 57.941032] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 57.946479] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.952024] ? ksys_ioctl+0x81/0xd0 [ 57.955656] __x64_sys_exit_group+0x3e/0x50 [ 57.959989] do_syscall_64+0x1b9/0x820 [ 57.963885] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 57.969246] ? syscall_return_slowpath+0x5e0/0x5e0 [ 57.974180] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.979023] ? trace_hardirqs_on_caller+0x310/0x310 [ 57.984039] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 57.989065] ? prepare_exit_to_usermode+0x291/0x3b0 [ 57.994083] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.998929] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.004114] RIP: 0033:0x43ecc8 [ 58.007311] Code: Bad RIP value. [ 58.010672] RSP: 002b:00007ffec008c528 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 58.018376] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 58.025662] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 58.032931] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 58.040199] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 58.047466] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 58.054743] [ 58.054749] ====================================================== [ 58.054755] WARNING: possible circular locking dependency detected [ 58.054759] 4.19.0-rc3+ #231 Not tainted [ 58.054765] ------------------------------------------------------ [ 58.054770] syz-executor661/5371 is trying to acquire lock: [ 58.054774] 00000000b5a0af0c ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 58.054790] [ 58.054794] but task is already holding lock: [ 58.054798] 00000000074b3f3e (report_lock){....}, at: kasan_report+0x8b/0x110 [ 58.054813] [ 58.054818] which lock already depends on the new lock. [ 58.054820] [ 58.054823] [ 58.054829] the existing dependency chain (in reverse order) is: [ 58.054831] [ 58.054834] -> #3 (report_lock){....}: [ 58.054849] _raw_spin_lock_irqsave+0x99/0xd0 [ 58.054853] kasan_report+0x8b/0x110 [ 58.054858] __asan_report_load8_noabort+0x14/0x20 [ 58.054862] __schedule+0xfc3/0x1ed0 [ 58.054867] preempt_schedule_common+0x1f/0xd0 [ 58.054871] preempt_schedule+0x4d/0x60 [ 58.054876] ___preempt_schedule+0x16/0x18 [ 58.054881] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 58.054885] __call_srcu+0x7f9/0x1070 [ 58.054889] __synchronize_srcu+0x17b/0x230 [ 58.054893] synchronize_srcu+0x356/0x5ab [ 58.054899] kvm_page_track_unregister_notifier+0x17d/0x250 [ 58.054903] kvm_mmu_uninit_vm+0x1c/0x20 [ 58.054908] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 58.054912] kvm_put_kvm+0x6c8/0xff0 [ 58.054916] kvm_vm_release+0x42/0x50 [ 58.054920] __fput+0x385/0xa30 [ 58.054924] ____fput+0x15/0x20 [ 58.054928] task_work_run+0x1e8/0x2a0 [ 58.054932] do_exit+0x1ad7/0x2610 [ 58.054936] do_group_exit+0x177/0x440 [ 58.054940] __x64_sys_exit_group+0x3e/0x50 [ 58.054944] do_syscall_64+0x1b9/0x820 [ 58.054949] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.054952] [ 58.054954] -> #2 (&rq->lock){-.-.}: [ 58.054969] _raw_spin_lock+0x2d/0x40 [ 58.054974] task_fork_fair+0xb0/0x6d0 [ 58.054978] sched_fork+0x443/0xba0 [ 58.054982] copy_process+0x2586/0x8780 [ 58.054986] _do_fork+0x1cb/0x11d0 [ 58.054990] kernel_thread+0x34/0x40 [ 58.054994] rest_init+0x22/0xe5 [ 58.054998] start_kernel+0x8f4/0x92f [ 58.055003] x86_64_start_reservations+0x29/0x2b [ 58.055007] x86_64_start_kernel+0x76/0x79 [ 58.055012] secondary_startup_64+0xa4/0xb0 [ 58.055014] [ 58.055017] -> #1 (&p->pi_lock){-.-.}: [ 58.055032] _raw_spin_lock_irqsave+0x99/0xd0 [ 58.055036] try_to_wake_up+0xd2/0x12f0 [ 58.055041] wake_up_process+0x10/0x20 [ 58.055045] __up.isra.1+0x1c0/0x2a0 [ 58.055048] up+0x13c/0x1c0 [ 58.055052] __up_console_sem+0xbe/0x1b0 [ 58.055057] console_unlock+0x524/0x11a0 [ 58.055062] vprintk_emit+0x33d/0x930 [ 58.055066] vprintk_default+0x28/0x30 [ 58.055070] vprintk_func+0x7e/0x181 [ 58.055074] printk+0xa7/0xcf [ 58.055078] load_umh+0x51/0xbd [ 58.055082] do_one_initcall+0x145/0x957 [ 58.055086] kernel_init_freeable+0x4bb/0x5ae [ 58.055091] kernel_init+0x11/0x1b2 [ 58.055095] ret_from_fork+0x3a/0x50 [ 58.055097] [ 58.055100] -> #0 ((console_sem).lock){-...}: [ 58.055115] lock_acquire+0x1ed/0x520 [ 58.055120] _raw_spin_lock_irqsave+0x99/0xd0 [ 58.055124] down_trylock+0x13/0x70 [ 58.055129] __down_trylock_console_sem+0xae/0x200 [ 58.055133] console_trylock+0x15/0xa0 [ 58.055137] vprintk_emit+0x322/0x930 [ 58.055142] vprintk_default+0x28/0x30 [ 58.055146] vprintk_func+0x7e/0x181 [ 58.055160] printk+0xa7/0xcf [ 58.055164] kasan_report+0x9b/0x110 [ 58.055169] __asan_report_load8_noabort+0x14/0x20 [ 58.055173] __schedule+0xfc3/0x1ed0 [ 58.055178] preempt_schedule_common+0x1f/0xd0 [ 58.055182] preempt_schedule+0x4d/0x60 [ 58.055187] ___preempt_schedule+0x16/0x18 [ 58.055191] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 58.055195] __call_srcu+0x7f9/0x1070 [ 58.055200] __synchronize_srcu+0x17b/0x230 [ 58.055204] synchronize_srcu+0x356/0x5ab [ 58.055210] kvm_page_track_unregister_notifier+0x17d/0x250 [ 58.055214] kvm_mmu_uninit_vm+0x1c/0x20 [ 58.055219] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 58.055223] kvm_put_kvm+0x6c8/0xff0 [ 58.055227] kvm_vm_release+0x42/0x50 [ 58.055231] __fput+0x385/0xa30 [ 58.055235] ____fput+0x15/0x20 [ 58.055239] task_work_run+0x1e8/0x2a0 [ 58.055243] do_exit+0x1ad7/0x2610 [ 58.055248] do_group_exit+0x177/0x440 [ 58.055252] __x64_sys_exit_group+0x3e/0x50 [ 58.055256] do_syscall_64+0x1b9/0x820 [ 58.055261] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.055264] [ 58.055268] other info that might help us debug this: [ 58.055271] [ 58.055274] Chain exists of: [ 58.055277] (console_sem).lock --> &rq->lock --> report_lock [ 58.055296] [ 58.055301] Possible unsafe locking scenario: [ 58.055303] [ 58.055308] CPU0 CPU1 [ 58.055312] ---- ---- [ 58.055315] lock(report_lock); [ 58.055325] lock(&rq->lock); [ 58.055334] lock(report_lock); [ 58.055343] lock((console_sem).lock); [ 58.055352] [ 58.055355] *** DEADLOCK *** [ 58.055358] [ 58.055362] 2 locks held by syz-executor661/5371: [ 58.055365] #0: 0000000013879ddf (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 58.055383] #1: 00000000074b3f3e (report_lock){....}, at: kasan_report+0x8b/0x110 [ 58.055401] [ 58.055405] stack backtrace: [ 58.055411] CPU: 1 PID: 5371 Comm: syz-executor661 Not tainted 4.19.0-rc3+ #231 [ 58.055419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.055422] Call Trace: [ 58.055426] dump_stack+0x1c4/0x2b4 [ 58.055431] ? dump_stack_print_info.cold.2+0x52/0x52 [ 58.055435] ? vprintk_func+0x85/0x181 [ 58.055440] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 58.055444] ? save_trace+0xe0/0x290 [ 58.055449] __lock_acquire+0x33e4/0x4ec0 [ 58.055453] ? mark_held_locks+0x130/0x130 [ 58.055457] ? mark_held_locks+0x130/0x130 [ 58.055461] ? rcu_bh_qs+0xc0/0xc0 [ 58.055466] ? unwind_dump+0x190/0x190 [ 58.055470] ? is_bpf_text_address+0xd3/0x170 [ 58.055475] ? kernel_text_address+0x79/0xf0 [ 58.055479] ? __kernel_text_address+0xd/0x40 [ 58.055484] ? __save_stack_trace+0x8d/0xf0 [ 58.055489] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 58.055493] ? save_trace+0x290/0x290 [ 58.055497] ? save_stack_trace+0x1a/0x20 [ 58.055501] ? save_trace+0xe0/0x290 [ 58.055505] ? kasan_check_read+0x11/0x20 [ 58.055509] ? graph_lock+0x170/0x170 [ 58.055515] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 58.055519] lock_acquire+0x1ed/0x520 [ 58.055523] ? down_trylock+0x13/0x70 [ 58.055527] ? find_held_lock+0x36/0x1c0 [ 58.055531] ? lock_release+0x970/0x970 [ 58.055536] ? trace_hardirqs_off+0xb8/0x310 [ 58.055540] ? vprintk_emit+0x1d3/0x930 [ 58.055545] ? trace_hardirqs_on+0x310/0x310 [ 58.055549] ? trace_hardirqs_off+0xb8/0x310 [ 58.055560] ? log_store+0x344/0x4c0 [ 58.055565] ? vprintk_emit+0x322/0x930 [ 58.055569] _raw_spin_lock_irqsave+0x99/0xd0 [ 58.055573] ? down_trylock+0x13/0x70 [ 58.055577] down_trylock+0x13/0x70 [ 58.055582] __down_trylock_console_sem+0xae/0x200 [ 58.055586] console_trylock+0x15/0xa0 [ 58.055590] vprintk_emit+0x322/0x930 [ 58.055594] ? wake_up_klogd+0x180/0x180 [ 58.055599] ? run_rebalance_domains+0x500/0x500 [ 58.055603] ? wake_up_worker+0x117/0x190 [ 58.055608] ? find_held_lock+0x36/0x1c0 [ 58.055612] ? __queue_work+0x6be/0x1440 [ 58.055616] ? lock_acquire+0x1ed/0x520 [ 58.055620] vprintk_default+0x28/0x30 [ 58.055624] vprintk_func+0x7e/0x181 [ 58.055628] printk+0xa7/0xcf [ 58.055633] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 58.055637] ? kasan_check_write+0x14/0x20 [ 58.055641] ? do_raw_spin_lock+0xc1/0x200 [ 58.055646] ? do_raw_spin_lock+0xc1/0x200 [ 58.055650] kasan_report+0x9b/0x110 [ 58.055654] ? __schedule+0xfc3/0x1ed0 [ 58.055659] __asan_report_load8_noabort+0x14/0x20 [ 58.055663] __schedule+0xfc3/0x1ed0 [ 58.055667] ? __sched_text_start+0x8/0x8 [ 58.055671] ? __lock_is_held+0xb5/0x140 [ 58.055676] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 58.055680] ? find_held_lock+0x36/0x1c0 [ 58.055685] ? __call_srcu+0x7f9/0x1070 [ 58.055690] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 58.055694] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 58.055699] ? lockdep_hardirqs_on+0x421/0x5c0 [ 58.055703] ? preempt_schedule+0x4d/0x60 [ 58.055708] preempt_schedule_common+0x1f/0xd0 [ 58.055712] preempt_schedule+0x4d/0x60 [ 58.055717] ___preempt_schedule+0x16/0x18 [ 58.055722] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 58.055726] __call_srcu+0x7f9/0x1070 [ 58.055731] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 58.055735] ? srcu_offline_cpu+0x120/0x120 [ 58.055739] ? debug_object_free+0x690/0x690 [ 58.055744] ? mark_held_locks+0x130/0x130 [ 58.055749] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 58.055753] ? lock_release+0x970/0x970 [ 58.055757] ? arch_local_save_flags+0x40/0x40 [ 58.055762] ? depot_save_stack+0x292/0x470 [ 58.055766] ? __lockdep_init_map+0x105/0x590 [ 58.055771] ? __init_waitqueue_head+0x9e/0x150 [ 58.055775] ? init_wait_entry+0x1c0/0x1c0 [ 58.055780] __synchronize_srcu+0x17b/0x230 [ 58.055784] ? call_srcu+0x10/0x10 [ 58.055788] ? rcu_unexpedite_gp+0x20/0x20 [ 58.055793] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 58.055798] ? check_preemption_disabled+0x48/0x200 [ 58.055802] synchronize_srcu+0x356/0x5ab [ 58.055807] ? lock_downgrade+0x900/0x900 [ 58.055812] ? synchronize_srcu_expedited+0x20/0x20 [ 58.055816] ? kasan_check_read+0x11/0x20 [ 58.055820] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 58.055825] ? kasan_check_write+0x14/0x20 [ 58.055829] ? do_raw_spin_lock+0xc1/0x200 [ 58.055834] kvm_page_track_unregister_notifier+0x17d/0x250 [ 58.055840] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 58.055843] ? kvfree+0x61/0x70 [ 58.055848] ? rcu_read_lock_sched_held+0x108/0x120 [ 58.055852] kvm_mmu_uninit_vm+0x1c/0x20 [ 58.055857] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 58.055861] ? kvm_arch_sync_events+0x30/0x30 [ 58.055867] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 58.055871] ? mmu_notifier_unregister+0x474/0x600 [ 58.055875] ? kfree+0x107/0x230 [ 58.055880] ? __mmu_notifier_register+0x30/0x30 [ 58.055884] ? __free_pages+0x10a/0x190 [ 58.055889] ? free_unref_page+0x960/0x960 [ 58.055893] kvm_put_kvm+0x6c8/0xff0 [ 58.055897] ? kvm_write_guest_cached+0x40/0x40 [ 58.055902] ? kvm_irqfd_release+0xd1/0x120 [ 58.055906] ? _raw_spin_unlock_irq+0x27/0x80 [ 58.055911] ? _raw_spin_unlock_irq+0x27/0x80 [ 58.055915] ? kasan_check_write+0x14/0x20 [ 58.055919] ? do_raw_spin_lock+0xc1/0x200 [ 58.055923] ? kvm_irqfd_release+0x [ 58.055931] Lost 82 message(s)! [ 59.260827] Shutting down cpus with NMI [ 60.383825] Dumping ftrace buffer: [ 60.387353] (ftrace buffer empty) [ 60.391597] Kernel Offset: disabled [ 60.395219] Rebooting in 86400 seconds..