[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 26.234203] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.271808] random: sshd: uninitialized urandom read (32 bytes read) [ 29.614050] random: sshd: uninitialized urandom read (32 bytes read) [ 30.198466] random: sshd: uninitialized urandom read (32 bytes read) [ 30.419758] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.3' (ECDSA) to the list of known hosts. [ 36.086515] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 36.214096] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 36.239648] ================================================================== [ 36.249713] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 36.255940] Read of size 8 at addr ffff8801bb198058 by task syz-executor486/5371 [ 36.263461] [ 36.265088] CPU: 1 PID: 5371 Comm: syz-executor486 Not tainted 4.19.0-rc4+ #248 [ 36.272524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.281872] Call Trace: [ 36.284457] dump_stack+0x1c4/0x2b4 [ 36.288083] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.293278] ? printk+0xa7/0xcf [ 36.296561] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.301319] print_address_description.cold.8+0x9/0x1ff [ 36.306685] kasan_report.cold.9+0x242/0x309 [ 36.311095] ? __schedule+0xfc3/0x1ed0 [ 36.314986] __asan_report_load8_noabort+0x14/0x20 [ 36.319919] __schedule+0xfc3/0x1ed0 [ 36.323652] ? __sched_text_start+0x8/0x8 [ 36.327804] ? __lock_is_held+0xb5/0x140 [ 36.331861] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.336977] ? find_held_lock+0x36/0x1c0 [ 36.341051] ? __call_srcu+0x7f9/0x1070 [ 36.345031] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.350135] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.355237] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.359844] ? preempt_schedule+0x4d/0x60 [ 36.363991] preempt_schedule_common+0x1f/0xd0 [ 36.368581] preempt_schedule+0x4d/0x60 [ 36.372589] ___preempt_schedule+0x16/0x18 [ 36.376830] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.381759] __call_srcu+0x7f9/0x1070 [ 36.385574] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 36.390682] ? srcu_offline_cpu+0x120/0x120 [ 36.395000] ? debug_object_free+0x690/0x690 [ 36.399415] ? mark_held_locks+0x130/0x130 [ 36.403648] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 36.408232] ? lock_release+0x970/0x970 [ 36.412253] ? arch_local_save_flags+0x40/0x40 [ 36.416849] ? depot_save_stack+0x292/0x470 [ 36.421173] ? __lockdep_init_map+0x105/0x590 [ 36.425687] ? __init_waitqueue_head+0x9e/0x150 [ 36.430361] ? init_wait_entry+0x1c0/0x1c0 [ 36.434616] __synchronize_srcu+0x17b/0x230 [ 36.438950] ? call_srcu+0x10/0x10 [ 36.442501] ? rcu_unexpedite_gp+0x20/0x20 [ 36.446743] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.452276] ? check_preemption_disabled+0x48/0x200 [ 36.457295] synchronize_srcu+0x356/0x5ab [ 36.461441] ? lock_downgrade+0x900/0x900 [ 36.465587] ? synchronize_srcu_expedited+0x20/0x20 [ 36.470613] ? kasan_check_read+0x11/0x20 [ 36.474766] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.479350] ? kasan_check_write+0x14/0x20 [ 36.483610] ? do_raw_spin_lock+0xc1/0x200 [ 36.487848] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.493559] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.499016] ? kvfree+0x61/0x70 [ 36.502296] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.507316] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.511399] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.515811] ? kvm_arch_sync_events+0x30/0x30 [ 36.520312] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.525935] ? mmu_notifier_unregister+0x474/0x600 [ 36.530863] ? kfree+0x107/0x230 [ 36.534239] ? __mmu_notifier_register+0x30/0x30 [ 36.539004] ? __free_pages+0x10a/0x190 [ 36.542989] ? free_unref_page+0x960/0x960 [ 36.547261] kvm_put_kvm+0x6c8/0xff0 [ 36.550984] ? kvm_write_guest_cached+0x40/0x40 [ 36.555664] ? kvm_irqfd_release+0xd1/0x120 [ 36.559989] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.564489] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.569027] ? kasan_check_write+0x14/0x20 [ 36.573272] ? do_raw_spin_lock+0xc1/0x200 [ 36.577515] ? kvm_irqfd_release+0xdd/0x120 [ 36.581836] ? kvm_irqfd_release+0xdd/0x120 [ 36.586160] ? kvm_put_kvm+0xff0/0xff0 [ 36.590076] kvm_vm_release+0x42/0x50 [ 36.593887] __fput+0x385/0xa30 [ 36.597168] ? get_max_files+0x20/0x20 [ 36.601058] ? trace_hardirqs_on+0xbd/0x310 [ 36.605385] ? ___might_sleep+0x1ed/0x300 [ 36.609534] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.614987] ? arch_local_save_flags+0x40/0x40 [ 36.619585] ? kasan_check_write+0x14/0x20 [ 36.623818] ? do_raw_spin_lock+0xc1/0x200 [ 36.628051] ____fput+0x15/0x20 [ 36.631331] task_work_run+0x1e8/0x2a0 [ 36.635218] ? task_work_cancel+0x240/0x240 [ 36.639550] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.645101] ? switch_task_namespaces+0x9d/0xd0 [ 36.649773] do_exit+0x1ad7/0x2610 [ 36.653316] ? mm_update_next_owner+0x990/0x990 [ 36.657989] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 36.662233] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.667270] ? kfree+0x1fa/0x230 [ 36.670640] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 36.674876] ? kvm_vcpu_block+0x1030/0x1030 [ 36.679203] ? is_bpf_text_address+0xd3/0x170 [ 36.683701] ? kernel_text_address+0x79/0xf0 [ 36.688107] ? __kernel_text_address+0xd/0x40 [ 36.692606] ? unwind_get_return_address+0x61/0xa0 [ 36.697546] ? __save_stack_trace+0x8d/0xf0 [ 36.701877] ? save_stack+0xa9/0xd0 [ 36.705499] ? save_stack+0x43/0xd0 [ 36.709150] ? __kasan_slab_free+0x102/0x150 [ 36.713556] ? kasan_slab_free+0xe/0x10 [ 36.717530] ? putname+0xf2/0x130 [ 36.720984] ? __x64_sys_openat+0x9d/0x100 [ 36.725227] ? do_syscall_64+0x1b9/0x820 [ 36.729299] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.734669] ? trace_hardirqs_off+0xb8/0x310 [ 36.739080] ? kasan_check_read+0x11/0x20 [ 36.743230] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.747648] ? trace_hardirqs_on+0x310/0x310 [ 36.752056] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 36.757173] ? trace_hardirqs_off+0xb8/0x310 [ 36.761584] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.767119] ? check_preemption_disabled+0x48/0x200 [ 36.772131] ? check_preemption_disabled+0x48/0x200 [ 36.777147] ? kvm_vcpu_block+0x1030/0x1030 [ 36.781471] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.787013] ? do_vfs_ioctl+0x201/0x1720 [ 36.791096] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 36.796384] ? ioctl_preallocate+0x300/0x300 [ 36.800794] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.806330] ? __fget_light+0x2e9/0x430 [ 36.810302] ? fget_raw+0x20/0x20 [ 36.813751] ? putname+0xf2/0x130 [ 36.817228] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.822264] ? kmem_cache_free+0x24f/0x290 [ 36.826500] ? putname+0xf7/0x130 [ 36.829962] do_group_exit+0x177/0x440 [ 36.833854] ? trace_hardirqs_on+0xbd/0x310 [ 36.838177] ? __ia32_sys_exit+0x50/0x50 [ 36.842240] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.847697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.853233] ? ksys_ioctl+0x81/0xd0 [ 36.856874] __x64_sys_exit_group+0x3e/0x50 [ 36.861197] do_syscall_64+0x1b9/0x820 [ 36.865090] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.870456] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.875387] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.880231] ? trace_hardirqs_on_caller+0x310/0x310 [ 36.885266] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.890283] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.895303] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.900151] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.905343] RIP: 0033:0x43ef08 [ 36.908538] Code: Bad RIP value. [ 36.911895] RSP: 002b:00007ffdab0b6548 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.919603] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 36.926869] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.934139] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.941403] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.948667] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.955945] [ 36.957573] Allocated by task 5371: [ 36.961202] save_stack+0x43/0xd0 [ 36.964653] kasan_kmalloc+0xc7/0xe0 [ 36.968365] kasan_slab_alloc+0x12/0x20 [ 36.972341] kmem_cache_alloc+0x12e/0x730 [ 36.976495] vmx_create_vcpu+0xcf/0x25e0 [ 36.980562] kvm_arch_vcpu_create+0xe5/0x220 [ 36.984972] kvm_vm_ioctl+0x470/0x1d40 [ 36.988860] do_vfs_ioctl+0x1de/0x1720 [ 36.992745] ksys_ioctl+0xa9/0xd0 [ 36.996194] __x64_sys_ioctl+0x73/0xb0 [ 37.000079] do_syscall_64+0x1b9/0x820 [ 37.003978] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.009155] [ 37.010778] Freed by task 5371: [ 37.014052] save_stack+0x43/0xd0 [ 37.017501] __kasan_slab_free+0x102/0x150 [ 37.021734] kasan_slab_free+0xe/0x10 [ 37.025530] kmem_cache_free+0x83/0x290 [ 37.029508] vmx_free_vcpu+0x26b/0x300 [ 37.033390] kvm_arch_destroy_vm+0x365/0x7c0 [ 37.037821] kvm_put_kvm+0x6c8/0xff0 [ 37.041537] kvm_vm_release+0x42/0x50 [ 37.045333] __fput+0x385/0xa30 [ 37.048608] ____fput+0x15/0x20 [ 37.051886] task_work_run+0x1e8/0x2a0 [ 37.055772] do_exit+0x1ad7/0x2610 [ 37.059312] do_group_exit+0x177/0x440 [ 37.063196] __x64_sys_exit_group+0x3e/0x50 [ 37.067999] do_syscall_64+0x1b9/0x820 [ 37.071906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.077081] [ 37.078733] The buggy address belongs to the object at ffff8801bb198040 [ 37.078733] which belongs to the cache kvm_vcpu of size 23872 [ 37.091311] The buggy address is located 24 bytes inside of [ 37.091311] 23872-byte region [ffff8801bb198040, ffff8801bb19dd80) [ 37.103266] The buggy address belongs to the page: [ 37.108191] page:ffffea0006ec6600 count:1 mapcount:0 mapping:ffff8801d5ac7900 index:0x0 compound_mapcount: 0 [ 37.118180] flags: 0x2fffc0000008100(slab|head) [ 37.122851] raw: 02fffc0000008100 ffff8801d5acbb48 ffff8801d5acbb48 ffff8801d5ac7900 [ 37.130733] raw: 0000000000000000 ffff8801bb198040 0000000100000001 0000000000000000 [ 37.138605] page dumped because: kasan: bad access detected [ 37.144305] [ 37.145922] Memory state around the buggy address: [ 37.150848] ffff8801bb197f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.158200] ffff8801bb197f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.165556] >ffff8801bb198000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 37.172908] ^ [ 37.179132] ffff8801bb198080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.186487] ffff8801bb198100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.193836] ================================================================== [ 37.201203] Kernel panic - not syncing: panic_on_warn set ... [ 37.201203] [ 37.208571] CPU: 1 PID: 5371 Comm: syz-executor486 Tainted: G B 4.19.0-rc4+ #248 [ 37.217399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.226746] Call Trace: [ 37.229340] dump_stack+0x1c4/0x2b4 [ 37.232968] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.238162] ? lock_downgrade+0x900/0x900 [ 37.242312] panic+0x238/0x4e7 [ 37.245504] ? add_taint.cold.5+0x16/0x16 [ 37.249679] ? print_shadow_for_address+0xb6/0x116 [ 37.254611] ? trace_hardirqs_off+0xaf/0x310 [ 37.259024] kasan_end_report+0x47/0x4f [ 37.262998] kasan_report.cold.9+0x76/0x309 [ 37.267326] ? __schedule+0xfc3/0x1ed0 [ 37.271214] __asan_report_load8_noabort+0x14/0x20 [ 37.276150] __schedule+0xfc3/0x1ed0 [ 37.279886] ? __sched_text_start+0x8/0x8 [ 37.284068] ? __lock_is_held+0xb5/0x140 [ 37.288130] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.293255] ? find_held_lock+0x36/0x1c0 [ 37.297320] ? __call_srcu+0x7f9/0x1070 [ 37.301298] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.306403] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.311513] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.316096] ? preempt_schedule+0x4d/0x60 [ 37.320259] preempt_schedule_common+0x1f/0xd0 [ 37.324846] preempt_schedule+0x4d/0x60 [ 37.328824] ___preempt_schedule+0x16/0x18 [ 37.333062] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.337991] __call_srcu+0x7f9/0x1070 [ 37.341795] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.346903] ? srcu_offline_cpu+0x120/0x120 [ 37.351227] ? debug_object_free+0x690/0x690 [ 37.355646] ? mark_held_locks+0x130/0x130 [ 37.360278] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.364893] ? lock_release+0x970/0x970 [ 37.368869] ? arch_local_save_flags+0x40/0x40 [ 37.373450] ? depot_save_stack+0x292/0x470 [ 37.377777] ? __lockdep_init_map+0x105/0x590 [ 37.382282] ? __init_waitqueue_head+0x9e/0x150 [ 37.386951] ? init_wait_entry+0x1c0/0x1c0 [ 37.391192] __synchronize_srcu+0x17b/0x230 [ 37.395511] ? call_srcu+0x10/0x10 [ 37.399056] ? rcu_unexpedite_gp+0x20/0x20 [ 37.403298] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.408846] ? check_preemption_disabled+0x48/0x200 [ 37.413865] synchronize_srcu+0x356/0x5ab [ 37.418019] ? lock_downgrade+0x900/0x900 [ 37.422167] ? synchronize_srcu_expedited+0x20/0x20 [ 37.427187] ? kasan_check_read+0x11/0x20 [ 37.431346] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.435932] ? kasan_check_write+0x14/0x20 [ 37.440170] ? do_raw_spin_lock+0xc1/0x200 [ 37.444431] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.450145] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.455601] ? kvfree+0x61/0x70 [ 37.458879] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.463898] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.467962] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.472371] ? kvm_arch_sync_events+0x30/0x30 [ 37.476869] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.482408] ? mmu_notifier_unregister+0x474/0x600 [ 37.487337] ? kfree+0x107/0x230 [ 37.490706] ? __mmu_notifier_register+0x30/0x30 [ 37.495461] ? __free_pages+0x10a/0x190 [ 37.499436] ? free_unref_page+0x960/0x960 [ 37.503681] kvm_put_kvm+0x6c8/0xff0 [ 37.507402] ? kvm_write_guest_cached+0x40/0x40 [ 37.512083] ? kvm_irqfd_release+0xd1/0x120 [ 37.516405] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.520911] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.525437] ? kasan_check_write+0x14/0x20 [ 37.529773] ? do_raw_spin_lock+0xc1/0x200 [ 37.534024] ? kvm_irqfd_release+0xdd/0x120 [ 37.538346] ? kvm_irqfd_release+0xdd/0x120 [ 37.542670] ? kvm_put_kvm+0xff0/0xff0 [ 37.546560] kvm_vm_release+0x42/0x50 [ 37.550361] __fput+0x385/0xa30 [ 37.553645] ? get_max_files+0x20/0x20 [ 37.557533] ? trace_hardirqs_on+0xbd/0x310 [ 37.561857] ? ___might_sleep+0x1ed/0x300 [ 37.566004] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.571458] ? arch_local_save_flags+0x40/0x40 [ 37.576075] ? kasan_check_write+0x14/0x20 [ 37.580336] ? do_raw_spin_lock+0xc1/0x200 [ 37.584578] ____fput+0x15/0x20 [ 37.587869] task_work_run+0x1e8/0x2a0 [ 37.591758] ? task_work_cancel+0x240/0x240 [ 37.596084] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.601647] ? switch_task_namespaces+0x9d/0xd0 [ 37.606333] do_exit+0x1ad7/0x2610 [ 37.609878] ? mm_update_next_owner+0x990/0x990 [ 37.614556] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 37.618789] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.623803] ? kfree+0x1fa/0x230 [ 37.627173] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 37.631411] ? kvm_vcpu_block+0x1030/0x1030 [ 37.635738] ? is_bpf_text_address+0xd3/0x170 [ 37.640259] ? kernel_text_address+0x79/0xf0 [ 37.644682] ? __kernel_text_address+0xd/0x40 [ 37.649196] ? unwind_get_return_address+0x61/0xa0 [ 37.654127] ? __save_stack_trace+0x8d/0xf0 [ 37.658452] ? save_stack+0xa9/0xd0 [ 37.662076] ? save_stack+0x43/0xd0 [ 37.665702] ? __kasan_slab_free+0x102/0x150 [ 37.670105] ? kasan_slab_free+0xe/0x10 [ 37.674092] ? putname+0xf2/0x130 [ 37.677546] ? __x64_sys_openat+0x9d/0x100 [ 37.681782] ? do_syscall_64+0x1b9/0x820 [ 37.685878] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.691256] ? trace_hardirqs_off+0xb8/0x310 [ 37.695664] ? kasan_check_read+0x11/0x20 [ 37.699825] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.704227] ? trace_hardirqs_on+0x310/0x310 [ 37.708644] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 37.713750] ? trace_hardirqs_off+0xb8/0x310 [ 37.718174] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.723712] ? check_preemption_disabled+0x48/0x200 [ 37.728743] ? check_preemption_disabled+0x48/0x200 [ 37.733763] ? kvm_vcpu_block+0x1030/0x1030 [ 37.738080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.743633] ? do_vfs_ioctl+0x201/0x1720 [ 37.747694] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 37.752974] ? ioctl_preallocate+0x300/0x300 [ 37.757384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.762927] ? __fget_light+0x2e9/0x430 [ 37.766907] ? fget_raw+0x20/0x20 [ 37.770369] ? putname+0xf2/0x130 [ 37.773822] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.778839] ? kmem_cache_free+0x24f/0x290 [ 37.783074] ? putname+0xf7/0x130 [ 37.786534] do_group_exit+0x177/0x440 [ 37.790435] ? trace_hardirqs_on+0xbd/0x310 [ 37.794756] ? __ia32_sys_exit+0x50/0x50 [ 37.798817] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.804276] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.809813] ? ksys_ioctl+0x81/0xd0 [ 37.813443] __x64_sys_exit_group+0x3e/0x50 [ 37.817767] do_syscall_64+0x1b9/0x820 [ 37.821653] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.827020] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.831951] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.836792] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.841809] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.846826] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.851846] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.856693] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.861881] RIP: 0033:0x43ef08 [ 37.865078] Code: Bad RIP value. [ 37.868436] RSP: 002b:00007ffdab0b6548 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.876140] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 37.883403] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.890667] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.897930] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.905195] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 37.912475] [ 37.912481] ====================================================== [ 37.912487] WARNING: possible circular locking dependency detected [ 37.912491] 4.19.0-rc4+ #248 Not tainted [ 37.912496] ------------------------------------------------------ [ 37.912501] syz-executor486/5371 is trying to acquire lock: [ 37.912505] 0000000088cb9968 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 37.912521] [ 37.912525] but task is already holding lock: [ 37.912529] 00000000aa1f18e9 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 37.912544] [ 37.912548] which lock already depends on the new lock. [ 37.912551] [ 37.912554] [ 37.912559] the existing dependency chain (in reverse order) is: [ 37.912561] [ 37.912564] -> #3 (report_lock){....}: [ 37.912579] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.912583] kasan_report+0x8b/0x110 [ 37.912588] __asan_report_load8_noabort+0x14/0x20 [ 37.912592] __schedule+0xfc3/0x1ed0 [ 37.912597] preempt_schedule_common+0x1f/0xd0 [ 37.912601] preempt_schedule+0x4d/0x60 [ 37.912605] ___preempt_schedule+0x16/0x18 [ 37.912610] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.912614] __call_srcu+0x7f9/0x1070 [ 37.912618] __synchronize_srcu+0x17b/0x230 [ 37.912622] synchronize_srcu+0x356/0x5ab [ 37.912627] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.912631] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.912636] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.912640] kvm_put_kvm+0x6c8/0xff0 [ 37.912644] kvm_vm_release+0x42/0x50 [ 37.912648] __fput+0x385/0xa30 [ 37.912651] ____fput+0x15/0x20 [ 37.912655] task_work_run+0x1e8/0x2a0 [ 37.912659] do_exit+0x1ad7/0x2610 [ 37.912663] do_group_exit+0x177/0x440 [ 37.912668] __x64_sys_exit_group+0x3e/0x50 [ 37.912672] do_syscall_64+0x1b9/0x820 [ 37.912677] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.912679] [ 37.912682] -> #2 (&rq->lock){-.-.}: [ 37.912696] _raw_spin_lock+0x2d/0x40 [ 37.912701] task_fork_fair+0xb0/0x6d0 [ 37.912705] sched_fork+0x443/0xba0 [ 37.912709] copy_process+0x2586/0x8780 [ 37.912713] _do_fork+0x1cb/0x11d0 [ 37.912716] kernel_thread+0x34/0x40 [ 37.912720] rest_init+0x22/0xe5 [ 37.912724] start_kernel+0x8f4/0x92f [ 37.912729] x86_64_start_reservations+0x29/0x2b [ 37.912733] x86_64_start_kernel+0x76/0x79 [ 37.912737] secondary_startup_64+0xa4/0xb0 [ 37.912740] [ 37.912742] -> #1 (&p->pi_lock){-.-.}: [ 37.912758] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.912762] try_to_wake_up+0xd2/0x12f0 [ 37.912766] wake_up_process+0x10/0x20 [ 37.912770] __up.isra.1+0x1c0/0x2a0 [ 37.912773] up+0x13c/0x1c0 [ 37.912777] __up_console_sem+0xbe/0x1b0 [ 37.912781] console_unlock+0x814/0x1160 [ 37.912785] vprintk_emit+0x33d/0x930 [ 37.912790] vprintk_default+0x28/0x30 [ 37.912793] vprintk_func+0x7e/0x181 [ 37.912797] printk+0xa7/0xcf [ 37.912801] load_umh+0x51/0xbd [ 37.912805] do_one_initcall+0x145/0x957 [ 37.912809] kernel_init_freeable+0x4bb/0x5ae [ 37.912813] kernel_init+0x11/0x1b2 [ 37.912817] ret_from_fork+0x3a/0x50 [ 37.912820] [ 37.912822] -> #0 ((console_sem).lock){-...}: [ 37.912837] lock_acquire+0x1ed/0x520 [ 37.912842] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.912846] down_trylock+0x13/0x70 [ 37.912850] __down_trylock_console_sem+0xae/0x200 [ 37.912854] console_trylock+0x15/0xa0 [ 37.912858] vprintk_emit+0x322/0x930 [ 37.912863] vprintk_default+0x28/0x30 [ 37.912867] vprintk_func+0x7e/0x181 [ 37.912870] printk+0xa7/0xcf [ 37.912874] kasan_report+0x9b/0x110 [ 37.912879] __asan_report_load8_noabort+0x14/0x20 [ 37.912883] __schedule+0xfc3/0x1ed0 [ 37.912887] preempt_schedule_common+0x1f/0xd0 [ 37.912891] preempt_schedule+0x4d/0x60 [ 37.912896] ___preempt_schedule+0x16/0x18 [ 37.912900] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.912904] __call_srcu+0x7f9/0x1070 [ 37.912908] __synchronize_srcu+0x17b/0x230 [ 37.912913] synchronize_srcu+0x356/0x5ab [ 37.912918] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.912922] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.912926] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.912930] kvm_put_kvm+0x6c8/0xff0 [ 37.912934] kvm_vm_release+0x42/0x50 [ 37.912938] __fput+0x385/0xa30 [ 37.912942] ____fput+0x15/0x20 [ 37.912946] task_work_run+0x1e8/0x2a0 [ 37.912950] do_exit+0x1ad7/0x2610 [ 37.912954] do_group_exit+0x177/0x440 [ 37.912958] __x64_sys_exit_group+0x3e/0x50 [ 37.912962] do_syscall_64+0x1b9/0x820 [ 37.912967] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.912969] [ 37.912974] other info that might help us debug this: [ 37.912976] [ 37.912980] Chain exists of: [ 37.912982] (console_sem).lock --> &rq->lock --> report_lock [ 37.913001] [ 37.913005] Possible unsafe locking scenario: [ 37.913014] [ 37.913018] CPU0 CPU1 [ 37.913023] ---- ---- [ 37.913025] lock(report_lock); [ 37.913035] lock(&rq->lock); [ 37.913045] lock(report_lock); [ 37.913054] lock((console_sem).lock); [ 37.913062] [ 37.913066] *** DEADLOCK *** [ 37.913068] [ 37.913072] 2 locks held by syz-executor486/5371: [ 37.913075] #0: 000000002ccd5c07 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 37.913093] #1: 00000000aa1f18e9 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 37.913111] [ 37.913114] stack backtrace: [ 37.913120] CPU: 1 PID: 5371 Comm: syz-executor486 Not tainted 4.19.0-rc4+ #248 [ 37.913128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.913131] Call Trace: [ 37.913135] dump_stack+0x1c4/0x2b4 [ 37.913140] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.913144] ? vprintk_func+0x85/0x181 [ 37.913149] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 37.913153] ? save_trace+0xe0/0x290 [ 37.913157] __lock_acquire+0x33e4/0x4ec0 [ 37.913162] ? mark_held_locks+0x130/0x130 [ 37.913166] ? mark_held_locks+0x130/0x130 [ 37.913170] ? rcu_bh_qs+0xc0/0xc0 [ 37.913174] ? unwind_dump+0x190/0x190 [ 37.913178] ? is_bpf_text_address+0xd3/0x170 [ 37.913182] ? kernel_text_address+0x79/0xf0 [ 37.913187] ? __kernel_text_address+0xd/0x40 [ 37.913191] ? __save_stack_trace+0x8d/0xf0 [ 37.913196] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 37.913200] ? save_trace+0x290/0x290 [ 37.913204] ? save_stack_trace+0x1a/0x20 [ 37.913208] ? save_trace+0xe0/0x290 [ 37.913212] ? kasan_check_read+0x11/0x20 [ 37.913216] ? graph_lock+0x170/0x170 [ 37.913221] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.913225] lock_acquire+0x1ed/0x520 [ 37.913229] ? down_trylock+0x13/0x70 [ 37.913233] ? find_held_lock+0x36/0x1c0 [ 37.913237] ? lock_release+0x970/0x970 [ 37.913242] ? trace_hardirqs_off+0xb8/0x310 [ 37.913254] ? vprintk_emit+0x1d3/0x930 [ 37.913258] ? trace_hardirqs_on+0x310/0x310 [ 37.913263] ? trace_hardirqs_off+0xb8/0x310 [ 37.913267] ? log_store+0x344/0x4c0 [ 37.913271] ? vprintk_emit+0x322/0x930 [ 37.913275] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.913280] ? down_trylock+0x13/0x70 [ 37.913284] down_trylock+0x13/0x70 [ 37.913288] __down_trylock_console_sem+0xae/0x200 [ 37.913292] console_trylock+0x15/0xa0 [ 37.913296] vprintk_emit+0x322/0x930 [ 37.913301] ? wake_up_klogd+0x180/0x180 [ 37.913305] ? run_rebalance_domains+0x500/0x500 [ 37.913310] ? wake_up_worker+0x117/0x190 [ 37.913314] ? find_held_lock+0x36/0x1c0 [ 37.913318] ? __queue_work+0x6be/0x1440 [ 37.913322] ? lock_acquire+0x1ed/0x520 [ 37.913326] vprintk_default+0x28/0x30 [ 37.913330] vprintk_func+0x7e/0x181 [ 37.913334] printk+0xa7/0xcf [ 37.913339] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.913343] ? kasan_check_write+0x14/0x20 [ 37.913347] ? do_raw_spin_lock+0xc1/0x200 [ 37.913352] ? do_raw_spin_lock+0xc1/0x200 [ 37.913356] kasan_report+0x9b/0x110 [ 37.913360] ? __schedule+0xfc3/0x1ed0 [ 37.913364] __asan_report_load8_noabort+0x14/0x20 [ 37.913368] __schedule+0xfc3/0x1ed0 [ 37.913373] ? __sched_text_start+0x8/0x8 [ 37.913377] ? __lock_is_held+0xb5/0x140 [ 37.913382] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.913386] ? find_held_lock+0x36/0x1c0 [ 37.913390] ? __call_srcu+0x7f9/0x1070 [ 37.913395] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.913400] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.913405] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.913409] ? preempt_schedule+0x4d/0x60 [ 37.913414] preempt_schedule_common+0x1f/0xd0 [ 37.913418] preempt_schedule+0x4d/0x60 [ 37.913422] ___preempt_schedule+0x16/0x18 [ 37.913427] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.913431] __call_srcu+0x7f9/0x1070 [ 37.913436] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.913440] ? srcu_offline_cpu+0x120/0x120 [ 37.913445] ? debug_object_free+0x690/0x690 [ 37.913449] ? mark_held_locks+0x130/0x130 [ 37.913454] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.913458] ? lock_release+0x970/0x970 [ 37.913463] ? arch_local_save_flags+0x40/0x40 [ 37.913467] ? depot_save_stack+0x292/0x470 [ 37.913472] ? __lockdep_init_map+0x105/0x590 [ 37.913476] ? __init_waitqueue_head+0x9e/0x150 [ 37.913481] ? init_wait_entry+0x1c0/0x1c0 [ 37.913485] __synchronize_srcu+0x17b/0x230 [ 37.913489] ? call_srcu+0x10/0x10 [ 37.913493] ? rcu_unexpedite_gp+0x20/0x20 [ 37.913498] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.913503] ? check_preemption_disabled+0x48/0x200 [ 37.913507] synchronize_srcu+0x356/0x5ab [ 37.913513] ? lock_downgrade+0x900/0x900 [ 37.913517] ? synchronize_srcu_expedited+0x20/0x20 [ 37.913522] ? kasan_check_read+0x11/0x20 [ 37.913526] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.913530] ? kasan_check_write+0x14/0x20 [ 37.913535] ? do_raw_spin_lock+0xc1/0x200 [ 37.913540] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.913545] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.913549] ? kvfree+0x61/0x70 [ 37.913553] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.913557] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.913562] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.913566] ? kvm_arch_sync_events+0x30/0x30 [ 37.913571] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.913576] ? mmu_notifier_unregister+0x474/0x600 [ 37.913580] ? kfree+0x107/0x230 [ 37.913584] ? __mmu_notifier_register+0x30/0x30 [ 37.913589] ? __free_pages+0x10a/0x190 [ 37.913593] ? free_unref_page+0x960/0x960 [ 37.913597] kvm_put_kvm+0x6c8/0xff0 [ 37.913601] ? kvm_write_guest_cached+0x40/0x40 [ 37.913606] ? kvm_irqfd_release+0xd1/0x120 [ 37.913610] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.913615] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.913619] ? kasan_check_write+0x14/0x20 [ 37.913623] ? do_raw_spin_lock+0xc1/0x200 [ 37.913627] ? kvm_irqfd_release+0x [ 37.913635] Lost 82 message(s)! [ 39.061435] Shutting down cpus with NMI [ 40.120960] Kernel Offset: disabled [ 40.124595] Rebooting in 86400 seconds..