[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 27.823271] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 31.284953] random: sshd: uninitialized urandom read (32 bytes read) [ 31.680798] random: sshd: uninitialized urandom read (32 bytes read) [ 32.323678] random: sshd: uninitialized urandom read (32 bytes read) [ 32.551559] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts. [ 38.115806] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 38.243117] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 38.270417] ================================================================== [ 38.280532] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 38.286758] Read of size 8 at addr ffff8801c7c78058 by task syz-executor915/5397 [ 38.294282] [ 38.295915] CPU: 0 PID: 5397 Comm: syz-executor915 Not tainted 4.19.0-rc3+ #8 [ 38.303183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.312531] Call Trace: [ 38.315119] dump_stack+0x1c4/0x2b4 [ 38.318749] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.323938] ? printk+0xa7/0xcf [ 38.327219] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 38.331984] print_address_description.cold.8+0x9/0x1ff [ 38.337349] kasan_report.cold.9+0x242/0x309 [ 38.341756] ? __schedule+0xfc3/0x1ed0 [ 38.345648] __asan_report_load8_noabort+0x14/0x20 [ 38.350580] __schedule+0xfc3/0x1ed0 [ 38.354298] ? __sched_text_start+0x8/0x8 [ 38.358458] ? __lock_is_held+0xb5/0x140 [ 38.362518] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.367624] ? find_held_lock+0x36/0x1c0 [ 38.371689] ? __call_srcu+0x7f9/0x1070 [ 38.375669] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.380768] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.385871] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.390458] ? preempt_schedule+0x4d/0x60 [ 38.394610] preempt_schedule_common+0x1f/0xd0 [ 38.399193] preempt_schedule+0x4d/0x60 [ 38.403168] ___preempt_schedule+0x16/0x18 [ 38.407409] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.412347] __call_srcu+0x7f9/0x1070 [ 38.416149] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.421258] ? srcu_offline_cpu+0x120/0x120 [ 38.425583] ? debug_object_free+0x690/0x690 [ 38.429988] ? mark_held_locks+0x130/0x130 [ 38.434224] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.438808] ? lock_release+0x970/0x970 [ 38.442780] ? arch_local_save_flags+0x40/0x40 [ 38.447360] ? depot_save_stack+0x292/0x470 [ 38.451691] ? __lockdep_init_map+0x105/0x590 [ 38.456199] ? __init_waitqueue_head+0x9e/0x150 [ 38.460870] ? init_wait_entry+0x1c0/0x1c0 [ 38.465110] __synchronize_srcu+0x17b/0x230 [ 38.469441] ? call_srcu+0x10/0x10 [ 38.472984] ? rcu_unexpedite_gp+0x20/0x20 [ 38.477237] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.482773] ? check_preemption_disabled+0x48/0x200 [ 38.487794] synchronize_srcu+0x356/0x5ab [ 38.491939] ? lock_downgrade+0x900/0x900 [ 38.496089] ? synchronize_srcu_expedited+0x20/0x20 [ 38.501108] ? kasan_check_read+0x11/0x20 [ 38.505273] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.509860] ? kasan_check_write+0x14/0x20 [ 38.514094] ? do_raw_spin_lock+0xc1/0x200 [ 38.518334] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.524050] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.529499] ? kvfree+0x61/0x70 [ 38.532778] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.537801] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.541866] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.546275] ? kvm_arch_sync_events+0x30/0x30 [ 38.550774] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.556309] ? mmu_notifier_unregister+0x474/0x600 [ 38.561237] ? kfree+0x107/0x230 [ 38.564616] ? __mmu_notifier_register+0x30/0x30 [ 38.569383] ? __free_pages+0x10a/0x190 [ 38.573357] ? free_unref_page+0x960/0x960 [ 38.577624] kvm_put_kvm+0x6c8/0xff0 [ 38.581355] ? kvm_write_guest_cached+0x40/0x40 [ 38.586027] ? kvm_irqfd_release+0xd1/0x120 [ 38.590356] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.594849] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.599349] ? kasan_check_write+0x14/0x20 [ 38.603592] ? do_raw_spin_lock+0xc1/0x200 [ 38.607829] ? kvm_irqfd_release+0xdd/0x120 [ 38.612146] ? kvm_irqfd_release+0xdd/0x120 [ 38.616477] ? kvm_put_kvm+0xff0/0xff0 [ 38.620370] kvm_vm_release+0x42/0x50 [ 38.624168] __fput+0x385/0xa30 [ 38.627458] ? get_max_files+0x20/0x20 [ 38.631350] ? ___might_sleep+0x1ed/0x300 [ 38.635502] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.640968] ? arch_local_save_flags+0x40/0x40 [ 38.645555] ? kasan_check_write+0x14/0x20 [ 38.649789] ? do_raw_spin_lock+0xc1/0x200 [ 38.654026] ____fput+0x15/0x20 [ 38.657302] task_work_run+0x1e8/0x2a0 [ 38.661362] ? task_work_cancel+0x240/0x240 [ 38.665684] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.671225] ? switch_task_namespaces+0x9d/0xd0 [ 38.675902] do_exit+0x1ad7/0x2610 [ 38.679448] ? find_held_lock+0x36/0x1c0 [ 38.683599] ? mm_update_next_owner+0x990/0x990 [ 38.688272] ? is_bpf_text_address+0xac/0x170 [ 38.692769] ? lock_downgrade+0x900/0x900 [ 38.696912] ? check_preemption_disabled+0x48/0x200 [ 38.701932] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 38.707736] ? kasan_check_read+0x11/0x20 [ 38.711887] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 38.717164] ? rcu_bh_qs+0xc0/0xc0 [ 38.720702] ? rcu_bh_qs+0xc0/0xc0 [ 38.724247] ? unwind_dump+0x190/0x190 [ 38.728136] ? is_bpf_text_address+0xd3/0x170 [ 38.732675] ? kernel_text_address+0x79/0xf0 [ 38.737081] ? __kernel_text_address+0xd/0x40 [ 38.741580] ? unwind_get_return_address+0x61/0xa0 [ 38.746516] ? __save_stack_trace+0x8d/0xf0 [ 38.750843] ? save_stack+0xa9/0xd0 [ 38.754473] ? save_stack+0x43/0xd0 [ 38.758094] ? __kasan_slab_free+0x102/0x150 [ 38.762500] ? kasan_slab_free+0xe/0x10 [ 38.766690] ? kmem_cache_free+0x83/0x290 [ 38.770843] ? putname+0xf2/0x130 [ 38.774296] ? __x64_sys_openat+0x9d/0x100 [ 38.778529] ? do_syscall_64+0x1b9/0x820 [ 38.782589] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.787960] ? trace_hardirqs_off+0xb8/0x310 [ 38.792375] ? kasan_check_read+0x11/0x20 [ 38.796527] ? do_raw_spin_unlock+0xa7/0x2f0 [ 38.800941] ? trace_hardirqs_on+0x310/0x310 [ 38.805353] ? kasan_check_write+0x14/0x20 [ 38.809597] ? trace_hardirqs_off+0xb8/0x310 [ 38.814006] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.819546] ? check_preemption_disabled+0x48/0x200 [ 38.824561] ? check_preemption_disabled+0x48/0x200 [ 38.829583] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 38.835128] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 38.840412] ? rcu_pm_notify+0xc0/0xc0 [ 38.844314] ? putname+0xf2/0x130 [ 38.847775] ? putname+0xf2/0x130 [ 38.851235] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.856265] ? kmem_cache_free+0x24f/0x290 [ 38.860513] ? putname+0xf7/0x130 [ 38.863976] do_group_exit+0x177/0x440 [ 38.867867] ? trace_hardirqs_on+0xbd/0x310 [ 38.872191] ? __ia32_sys_exit+0x50/0x50 [ 38.876258] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.881722] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.887272] __x64_sys_exit_group+0x3e/0x50 [ 38.891603] do_syscall_64+0x1b9/0x820 [ 38.895502] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.900880] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.905817] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.910675] ? trace_hardirqs_on_caller+0x310/0x310 [ 38.915700] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.920743] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.925777] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.930629] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.935818] RIP: 0033:0x43ed18 [ 38.939024] Code: Bad RIP value. [ 38.942384] RSP: 002b:00007ffd67671348 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.950099] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed18 [ 38.957372] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.964643] RBP: 00000000004be5c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.971939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 38.979244] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 38.986523] [ 38.988149] Allocated by task 5397: [ 38.991786] save_stack+0x43/0xd0 [ 38.995235] kasan_kmalloc+0xc7/0xe0 [ 38.998949] kasan_slab_alloc+0x12/0x20 [ 39.002934] kmem_cache_alloc+0x12e/0x730 [ 39.007083] vmx_create_vcpu+0xcf/0x25e0 [ 39.011140] kvm_arch_vcpu_create+0xe5/0x220 [ 39.015547] kvm_vm_ioctl+0x470/0x1d40 [ 39.019441] do_vfs_ioctl+0x1de/0x1720 [ 39.023326] ksys_ioctl+0xa9/0xd0 [ 39.026781] __x64_sys_ioctl+0x73/0xb0 [ 39.030667] do_syscall_64+0x1b9/0x820 [ 39.034554] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.039736] [ 39.041356] Freed by task 5397: [ 39.044634] save_stack+0x43/0xd0 [ 39.048088] __kasan_slab_free+0x102/0x150 [ 39.052315] kasan_slab_free+0xe/0x10 [ 39.056112] kmem_cache_free+0x83/0x290 [ 39.060087] vmx_free_vcpu+0x26b/0x300 [ 39.063973] kvm_arch_destroy_vm+0x365/0x7c0 [ 39.068380] kvm_put_kvm+0x6c8/0xff0 [ 39.072090] kvm_vm_release+0x42/0x50 [ 39.075883] __fput+0x385/0xa30 [ 39.079159] ____fput+0x15/0x20 [ 39.082448] task_work_run+0x1e8/0x2a0 [ 39.086334] do_exit+0x1ad7/0x2610 [ 39.089868] do_group_exit+0x177/0x440 [ 39.093753] __x64_sys_exit_group+0x3e/0x50 [ 39.098077] do_syscall_64+0x1b9/0x820 [ 39.101966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.107142] [ 39.108765] The buggy address belongs to the object at ffff8801c7c78040 [ 39.108765] which belongs to the cache kvm_vcpu of size 23872 [ 39.121339] The buggy address is located 24 bytes inside of [ 39.121339] 23872-byte region [ffff8801c7c78040, ffff8801c7c7dd80) [ 39.133303] The buggy address belongs to the page: [ 39.138231] page:ffffea00071f1e00 count:1 mapcount:0 mapping:ffff8801d4ec8d80 index:0x0 compound_mapcount: 0 [ 39.148201] flags: 0x2fffc0000008100(slab|head) [ 39.152873] raw: 02fffc0000008100 ffff8801d558c748 ffff8801d558c748 ffff8801d4ec8d80 [ 39.160756] raw: 0000000000000000 ffff8801c7c78040 0000000100000001 0000000000000000 [ 39.168628] page dumped because: kasan: bad access detected [ 39.174329] [ 39.175950] Memory state around the buggy address: [ 39.180882] ffff8801c7c77f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.188241] ffff8801c7c77f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.195605] >ffff8801c7c78000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 39.202965] ^ [ 39.209196] ffff8801c7c78080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.216557] ffff8801c7c78100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.223913] ================================================================== [ 39.231270] Kernel panic - not syncing: panic_on_warn set ... [ 39.231270] [ 39.238641] CPU: 0 PID: 5397 Comm: syz-executor915 Tainted: G B 4.19.0-rc3+ #8 [ 39.247299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.256646] Call Trace: [ 39.259240] dump_stack+0x1c4/0x2b4 [ 39.262873] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.268062] ? lock_downgrade+0x900/0x900 [ 39.272215] panic+0x238/0x4e7 [ 39.275406] ? add_taint.cold.5+0x16/0x16 [ 39.279568] ? print_shadow_for_address+0xb6/0x116 [ 39.284497] ? trace_hardirqs_off+0xaf/0x310 [ 39.288909] kasan_end_report+0x47/0x4f [ 39.292891] kasan_report.cold.9+0x76/0x309 [ 39.297217] ? __schedule+0xfc3/0x1ed0 [ 39.301107] __asan_report_load8_noabort+0x14/0x20 [ 39.306059] __schedule+0xfc3/0x1ed0 [ 39.309784] ? __sched_text_start+0x8/0x8 [ 39.313934] ? __lock_is_held+0xb5/0x140 [ 39.317997] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.323103] ? find_held_lock+0x36/0x1c0 [ 39.327168] ? __call_srcu+0x7f9/0x1070 [ 39.331145] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.336246] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.341350] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.345931] ? preempt_schedule+0x4d/0x60 [ 39.350081] preempt_schedule_common+0x1f/0xd0 [ 39.354693] preempt_schedule+0x4d/0x60 [ 39.358679] ___preempt_schedule+0x16/0x18 [ 39.362925] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.367859] __call_srcu+0x7f9/0x1070 [ 39.371678] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.376795] ? srcu_offline_cpu+0x120/0x120 [ 39.381118] ? debug_object_free+0x690/0x690 [ 39.385530] ? mark_held_locks+0x130/0x130 [ 39.389766] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.394354] ? lock_release+0x970/0x970 [ 39.398359] ? arch_local_save_flags+0x40/0x40 [ 39.402944] ? depot_save_stack+0x292/0x470 [ 39.407283] ? __lockdep_init_map+0x105/0x590 [ 39.411798] ? __init_waitqueue_head+0x9e/0x150 [ 39.416478] ? init_wait_entry+0x1c0/0x1c0 [ 39.420748] __synchronize_srcu+0x17b/0x230 [ 39.425075] ? call_srcu+0x10/0x10 [ 39.428618] ? rcu_unexpedite_gp+0x20/0x20 [ 39.432860] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.438401] ? check_preemption_disabled+0x48/0x200 [ 39.443431] synchronize_srcu+0x356/0x5ab [ 39.447594] ? lock_downgrade+0x900/0x900 [ 39.451752] ? synchronize_srcu_expedited+0x20/0x20 [ 39.456775] ? kasan_check_read+0x11/0x20 [ 39.460926] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.465518] ? kasan_check_write+0x14/0x20 [ 39.469760] ? do_raw_spin_lock+0xc1/0x200 [ 39.474006] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.479729] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.485183] ? kvfree+0x61/0x70 [ 39.488477] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.493497] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.497563] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.501976] ? kvm_arch_sync_events+0x30/0x30 [ 39.506480] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.512022] ? mmu_notifier_unregister+0x474/0x600 [ 39.516971] ? kfree+0x107/0x230 [ 39.520338] ? __mmu_notifier_register+0x30/0x30 [ 39.525093] ? __free_pages+0x10a/0x190 [ 39.529066] ? free_unref_page+0x960/0x960 [ 39.533326] kvm_put_kvm+0x6c8/0xff0 [ 39.537046] ? kvm_write_guest_cached+0x40/0x40 [ 39.541721] ? kvm_irqfd_release+0xd1/0x120 [ 39.546052] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.550545] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.555052] ? kasan_check_write+0x14/0x20 [ 39.559289] ? do_raw_spin_lock+0xc1/0x200 [ 39.563525] ? kvm_irqfd_release+0xdd/0x120 [ 39.567844] ? kvm_irqfd_release+0xdd/0x120 [ 39.572169] ? kvm_put_kvm+0xff0/0xff0 [ 39.576058] kvm_vm_release+0x42/0x50 [ 39.579858] __fput+0x385/0xa30 [ 39.583139] ? get_max_files+0x20/0x20 [ 39.587034] ? ___might_sleep+0x1ed/0x300 [ 39.591183] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.596634] ? arch_local_save_flags+0x40/0x40 [ 39.601216] ? kasan_check_write+0x14/0x20 [ 39.605468] ? do_raw_spin_lock+0xc1/0x200 [ 39.609705] ____fput+0x15/0x20 [ 39.612997] task_work_run+0x1e8/0x2a0 [ 39.616890] ? task_work_cancel+0x240/0x240 [ 39.621213] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.626755] ? switch_task_namespaces+0x9d/0xd0 [ 39.631431] do_exit+0x1ad7/0x2610 [ 39.634982] ? find_held_lock+0x36/0x1c0 [ 39.639046] ? mm_update_next_owner+0x990/0x990 [ 39.643720] ? is_bpf_text_address+0xac/0x170 [ 39.648236] ? lock_downgrade+0x900/0x900 [ 39.652384] ? check_preemption_disabled+0x48/0x200 [ 39.657408] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 39.663734] ? kasan_check_read+0x11/0x20 [ 39.667892] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 39.673171] ? rcu_bh_qs+0xc0/0xc0 [ 39.676720] ? rcu_bh_qs+0xc0/0xc0 [ 39.680259] ? unwind_dump+0x190/0x190 [ 39.684159] ? is_bpf_text_address+0xd3/0x170 [ 39.688656] ? kernel_text_address+0x79/0xf0 [ 39.693068] ? __kernel_text_address+0xd/0x40 [ 39.697567] ? unwind_get_return_address+0x61/0xa0 [ 39.702498] ? __save_stack_trace+0x8d/0xf0 [ 39.706829] ? save_stack+0xa9/0xd0 [ 39.710459] ? save_stack+0x43/0xd0 [ 39.714089] ? __kasan_slab_free+0x102/0x150 [ 39.718493] ? kasan_slab_free+0xe/0x10 [ 39.722474] ? kmem_cache_free+0x83/0x290 [ 39.726622] ? putname+0xf2/0x130 [ 39.730082] ? __x64_sys_openat+0x9d/0x100 [ 39.734323] ? do_syscall_64+0x1b9/0x820 [ 39.738385] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.743758] ? trace_hardirqs_off+0xb8/0x310 [ 39.748172] ? kasan_check_read+0x11/0x20 [ 39.752331] ? do_raw_spin_unlock+0xa7/0x2f0 [ 39.756748] ? trace_hardirqs_on+0x310/0x310 [ 39.761163] ? kasan_check_write+0x14/0x20 [ 39.765403] ? trace_hardirqs_off+0xb8/0x310 [ 39.769824] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.775361] ? check_preemption_disabled+0x48/0x200 [ 39.780378] ? check_preemption_disabled+0x48/0x200 [ 39.785401] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 39.790947] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 39.796228] ? rcu_pm_notify+0xc0/0xc0 [ 39.800119] ? putname+0xf2/0x130 [ 39.803573] ? putname+0xf2/0x130 [ 39.807028] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.812049] ? kmem_cache_free+0x24f/0x290 [ 39.816290] ? putname+0xf7/0x130 [ 39.819754] do_group_exit+0x177/0x440 [ 39.823641] ? trace_hardirqs_on+0xbd/0x310 [ 39.827967] ? __ia32_sys_exit+0x50/0x50 [ 39.832028] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.837480] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.843029] __x64_sys_exit_group+0x3e/0x50 [ 39.847364] do_syscall_64+0x1b9/0x820 [ 39.851263] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.856639] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.861590] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.866450] ? trace_hardirqs_on_caller+0x310/0x310 [ 39.871479] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.876502] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.881530] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.886381] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.891568] RIP: 0033:0x43ed18 [ 39.894761] Code: Bad RIP value. [ 39.898122] RSP: 002b:00007ffd67671348 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 39.905829] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed18 [ 39.913099] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 39.920369] RBP: 00000000004be5c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 39.927636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 39.934903] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 39.942183] [ 39.942189] ====================================================== [ 39.942195] WARNING: possible circular locking dependency detected [ 39.942199] 4.19.0-rc3+ #8 Not tainted [ 39.942205] ------------------------------------------------------ [ 39.942211] syz-executor915/5397 is trying to acquire lock: [ 39.942214] 00000000a7ea3bd6 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 39.942232] [ 39.942237] but task is already holding lock: [ 39.942240] 00000000b007da01 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.942257] [ 39.942262] which lock already depends on the new lock. [ 39.942264] [ 39.942267] [ 39.942273] the existing dependency chain (in reverse order) is: [ 39.942275] [ 39.942278] -> #3 (report_lock){....}: [ 39.942295] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.942299] kasan_report+0x8b/0x110 [ 39.942304] __asan_report_load8_noabort+0x14/0x20 [ 39.942309] __schedule+0xfc3/0x1ed0 [ 39.942313] preempt_schedule_common+0x1f/0xd0 [ 39.942318] preempt_schedule+0x4d/0x60 [ 39.942322] ___preempt_schedule+0x16/0x18 [ 39.942328] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.942332] __call_srcu+0x7f9/0x1070 [ 39.942336] __synchronize_srcu+0x17b/0x230 [ 39.942341] synchronize_srcu+0x356/0x5ab [ 39.942347] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.942351] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.942356] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.942360] kvm_put_kvm+0x6c8/0xff0 [ 39.942365] kvm_vm_release+0x42/0x50 [ 39.942369] __fput+0x385/0xa30 [ 39.942373] ____fput+0x15/0x20 [ 39.942377] task_work_run+0x1e8/0x2a0 [ 39.942381] do_exit+0x1ad7/0x2610 [ 39.942386] do_group_exit+0x177/0x440 [ 39.942390] __x64_sys_exit_group+0x3e/0x50 [ 39.942395] do_syscall_64+0x1b9/0x820 [ 39.942400] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.942402] [ 39.942405] -> #2 (&rq->lock){-.-.}: [ 39.942421] _raw_spin_lock+0x2d/0x40 [ 39.942425] task_fork_fair+0xb0/0x6d0 [ 39.942430] sched_fork+0x443/0xba0 [ 39.942444] copy_process+0x2586/0x8780 [ 39.942448] _do_fork+0x1cb/0x11d0 [ 39.942452] kernel_thread+0x34/0x40 [ 39.942456] rest_init+0x22/0xe5 [ 39.942461] start_kernel+0x8f4/0x92f [ 39.942466] x86_64_start_reservations+0x29/0x2b [ 39.942470] x86_64_start_kernel+0x76/0x79 [ 39.942475] secondary_startup_64+0xa4/0xb0 [ 39.942477] [ 39.942480] -> #1 (&p->pi_lock){-.-.}: [ 39.942496] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.942501] try_to_wake_up+0xd2/0x12f0 [ 39.942505] wake_up_process+0x10/0x20 [ 39.942510] __up.isra.1+0x1c0/0x2a0 [ 39.942513] up+0x13c/0x1c0 [ 39.942518] __up_console_sem+0xbe/0x1b0 [ 39.942522] console_unlock+0x524/0x11a0 [ 39.942527] vprintk_emit+0x33d/0x930 [ 39.942531] vprintk_default+0x28/0x30 [ 39.942535] vprintk_func+0x7e/0x181 [ 39.942539] printk+0xa7/0xcf [ 39.942543] load_umh+0x51/0xbd [ 39.942548] do_one_initcall+0x145/0x957 [ 39.942553] kernel_init_freeable+0x4bb/0x5ae [ 39.942557] kernel_init+0x11/0x1b2 [ 39.942561] ret_from_fork+0x3a/0x50 [ 39.942564] [ 39.942566] -> #0 ((console_sem).lock){-...}: [ 39.942583] lock_acquire+0x1ed/0x520 [ 39.942587] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.942592] down_trylock+0x13/0x70 [ 39.942597] __down_trylock_console_sem+0xae/0x200 [ 39.942601] console_trylock+0x15/0xa0 [ 39.942605] vprintk_emit+0x322/0x930 [ 39.942610] vprintk_default+0x28/0x30 [ 39.942614] vprintk_func+0x7e/0x181 [ 39.942618] printk+0xa7/0xcf [ 39.942622] kasan_report+0x9b/0x110 [ 39.942627] __asan_report_load8_noabort+0x14/0x20 [ 39.942632] __schedule+0xfc3/0x1ed0 [ 39.942636] preempt_schedule_common+0x1f/0xd0 [ 39.942641] preempt_schedule+0x4d/0x60 [ 39.942645] ___preempt_schedule+0x16/0x18 [ 39.942650] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.942655] __call_srcu+0x7f9/0x1070 [ 39.942659] __synchronize_srcu+0x17b/0x230 [ 39.942664] synchronize_srcu+0x356/0x5ab [ 39.942670] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.942674] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.942679] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.942683] kvm_put_kvm+0x6c8/0xff0 [ 39.942688] kvm_vm_release+0x42/0x50 [ 39.942691] __fput+0x385/0xa30 [ 39.942695] ____fput+0x15/0x20 [ 39.942700] task_work_run+0x1e8/0x2a0 [ 39.942704] do_exit+0x1ad7/0x2610 [ 39.942708] do_group_exit+0x177/0x440 [ 39.942719] __x64_sys_exit_group+0x3e/0x50 [ 39.942723] do_syscall_64+0x1b9/0x820 [ 39.942728] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.942731] [ 39.942736] other info that might help us debug this: [ 39.942738] [ 39.942742] Chain exists of: [ 39.942745] (console_sem).lock --> &rq->lock --> report_lock [ 39.942765] [ 39.942769] Possible unsafe locking scenario: [ 39.942772] [ 39.942777] CPU0 CPU1 [ 39.942781] ---- ---- [ 39.942784] lock(report_lock); [ 39.942794] lock(&rq->lock); [ 39.942805] lock(report_lock); [ 39.942814] lock((console_sem).lock); [ 39.942823] [ 39.942826] *** DEADLOCK *** [ 39.942829] [ 39.942834] 2 locks held by syz-executor915/5397: [ 39.942836] #0: 000000002e9f8dc6 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 39.942855] #1: 00000000b007da01 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.942874] [ 39.942877] stack backtrace: [ 39.942884] CPU: 0 PID: 5397 Comm: syz-executor915 Not tainted 4.19.0-rc3+ #8 [ 39.942892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.942896] Call Trace: [ 39.942900] dump_stack+0x1c4/0x2b4 [ 39.942905] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.942909] ? vprintk_func+0x85/0x181 [ 39.942915] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 39.942919] ? save_trace+0xe0/0x290 [ 39.942924] __lock_acquire+0x33e4/0x4ec0 [ 39.942928] ? mark_held_locks+0x130/0x130 [ 39.942933] ? mark_held_locks+0x130/0x130 [ 39.942937] ? rcu_bh_qs+0xc0/0xc0 [ 39.942941] ? unwind_dump+0x190/0x190 [ 39.942946] ? is_bpf_text_address+0xd3/0x170 [ 39.942951] ? kernel_text_address+0x79/0xf0 [ 39.942956] ? __kernel_text_address+0xd/0x40 [ 39.942960] ? __save_stack_trace+0x8d/0xf0 [ 39.942965] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 39.942969] ? save_trace+0x290/0x290 [ 39.942974] ? save_stack_trace+0x1a/0x20 [ 39.942978] ? save_trace+0xe0/0x290 [ 39.942983] ? kasan_check_read+0x11/0x20 [ 39.942987] ? graph_lock+0x170/0x170 [ 39.942992] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.942997] lock_acquire+0x1ed/0x520 [ 39.943001] ? down_trylock+0x13/0x70 [ 39.943005] ? find_held_lock+0x36/0x1c0 [ 39.943010] ? lock_release+0x970/0x970 [ 39.943015] ? trace_hardirqs_off+0xb8/0x310 [ 39.943019] ? vprintk_emit+0x1d3/0x930 [ 39.943024] ? trace_hardirqs_on+0x310/0x310 [ 39.943028] ? trace_hardirqs_off+0xb8/0x310 [ 39.943033] ? log_store+0x344/0x4c0 [ 39.943037] ? vprintk_emit+0x322/0x930 [ 39.943042] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.943046] ? down_trylock+0x13/0x70 [ 39.943050] down_trylock+0x13/0x70 [ 39.943055] __down_trylock_console_sem+0xae/0x200 [ 39.943060] console_trylock+0x15/0xa0 [ 39.943064] vprintk_emit+0x322/0x930 [ 39.943069] ? wake_up_klogd+0x180/0x180 [ 39.943074] ? run_rebalance_domains+0x500/0x500 [ 39.943078] ? wake_up_worker+0x117/0x190 [ 39.943083] ? find_held_lock+0x36/0x1c0 [ 39.943087] ? __queue_work+0x6be/0x1440 [ 39.943092] ? lock_acquire+0x1ed/0x520 [ 39.943096] vprintk_default+0x28/0x30 [ 39.943100] vprintk_func+0x7e/0x181 [ 39.943104] printk+0xa7/0xcf [ 39.943109] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 39.943113] ? kasan_check_write+0x14/0x20 [ 39.943118] ? do_raw_spin_lock+0xc1/0x200 [ 39.943123] ? do_raw_spin_lock+0xc1/0x200 [ 39.943127] kasan_report+0x9b/0x110 [ 39.943131] ? __schedule+0xfc3/0x1ed0 [ 39.943136] __asan_report_load8_noabort+0x14/0x20 [ 39.943140] __schedule+0xfc3/0x1ed0 [ 39.943145] ? __sched_text_start+0x8/0x8 [ 39.943149] ? __lock_is_held+0xb5/0x140 [ 39.943154] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.943159] ? find_held_lock+0x36/0x1c0 [ 39.943163] ? __call_srcu+0x7f9/0x1070 [ 39.943168] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.943174] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.943178] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.943183] ? preempt_schedule+0x4d/0x60 [ 39.943188] preempt_schedule_common+0x1f/0xd0 [ 39.943192] preempt_schedule+0x4d/0x60 [ 39.943197] ___preempt_schedule+0x16/0x18 [ 39.943202] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.943206] __call_srcu+0x7f9/0x1070 [ 39.943211] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.943216] ? srcu_offline_cpu+0x120/0x120 [ 39.943221] ? debug_object_free+0x690/0x690 [ 39.943225] ? mark_held_locks+0x130/0x130 [ 39.943230] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.943235] ? lock_release+0x970/0x970 [ 39.943240] ? arch_local_save_flags+0x40/0x40 [ 39.943244] ? depot_save_stack+0x292/0x470 [ 39.943249] ? __lockdep_init_map+0x105/0x590 [ 39.943254] ? __init_waitqueue_head+0x9e/0x150 [ 39.943258] ? init_wait_entry+0x1c0/0x1c0 [ 39.943263] __synchronize_srcu+0x17b/0x230 [ 39.943267] ? call_srcu+0x10/0x10 [ 39.943272] ? rcu_unexpedite_gp+0x20/0x20 [ 39.943277] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.943282] ? check_preemption_disabled+0x48/0x200 [ 39.943287] synchronize_srcu+0x356/0x5ab [ 39.943291] ? lock_downgrade+0x900/0x900 [ 39.943296] ? synchronize_srcu_expedited+0x20/0x20 [ 39.943301] ? kasan_check_read+0x11/0x20 [ 39.943306] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.943310] ? kasan_check_write+0x14/0x20 [ 39.943315] ? do_raw_spin_lock+0xc1/0x200 [ 39.943320] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.943325] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.943329] ? kvfree+0x61/0x70 [ 39.943334] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.943339] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.943343] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.943348] ? kvm_arch_sync_events+0x30/0x30 [ 39.943354] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.943359] ? mmu_notifier_unregister+0x474/0x600 [ 39.943363] ? kfree+0x107/0x230 [ 39.943368] ? __mmu_notifier_register+0x30/0x30 [ 39.943372] ? __free_pages+0x10a/0x190 [ 39.943377] ? free_unref_page+0x960/0x960 [ 39.943381] kvm_put_kvm+0x6c8/0xff0 [ 39.943386] ? kvm_write_guest_cached+0x40/0x40 [ 39.943390] ? kvm_irqfd_release+0xd1/0x120 [ 39.943395] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.943400] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.943404] ? kasan_check_write+0x14/0x20 [ 39.943409] ? do_raw_spin_lock+0xc1/0x200 [ 39.943413] ? kvm_irqfd_release+0xdd/0 [ 39.943421] Lost 82 message(s)! [ 41.069306] Shutting down cpus with NMI [ 42.126724] Dumping ftrace buffer: [ 42.130248] (ftrace buffer empty) [ 42.134458] Kernel Offset: disabled [ 42.138079] Rebooting in 86400 seconds..