[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.965183] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 38.628636] random: sshd: uninitialized urandom read (32 bytes read) [ 38.955401] random: sshd: uninitialized urandom read (32 bytes read) [ 39.490596] random: sshd: uninitialized urandom read (32 bytes read) [ 39.705514] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. [ 45.808692] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 45.941271] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 45.967411] ================================================================== [ 45.977382] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 45.983610] Read of size 8 at addr ffff8801d8c80058 by task syz-executor625/5320 [ 45.991131] [ 45.992757] CPU: 1 PID: 5320 Comm: syz-executor625 Not tainted 4.19.0-rc4+ #248 [ 46.000199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.009548] Call Trace: [ 46.012137] dump_stack+0x1c4/0x2b4 [ 46.015763] ? dump_stack_print_info.cold.2+0x52/0x52 [ 46.020952] ? printk+0xa7/0xcf [ 46.024237] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 46.029003] print_address_description.cold.8+0x9/0x1ff [ 46.034370] kasan_report.cold.9+0x242/0x309 [ 46.038776] ? __schedule+0xfc3/0x1ed0 [ 46.042662] __asan_report_load8_noabort+0x14/0x20 [ 46.047589] __schedule+0xfc3/0x1ed0 [ 46.051310] ? __sched_text_start+0x8/0x8 [ 46.055462] ? __lock_is_held+0xb5/0x140 [ 46.059523] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 46.064625] ? find_held_lock+0x36/0x1c0 [ 46.068689] ? __call_srcu+0x7f9/0x1070 [ 46.072669] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 46.077768] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 46.082871] ? lockdep_hardirqs_on+0x421/0x5c0 [ 46.087453] ? preempt_schedule+0x4d/0x60 [ 46.091601] preempt_schedule_common+0x1f/0xd0 [ 46.096185] preempt_schedule+0x4d/0x60 [ 46.100162] ___preempt_schedule+0x16/0x18 [ 46.104403] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 46.109334] __call_srcu+0x7f9/0x1070 [ 46.113136] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 46.118267] ? srcu_offline_cpu+0x120/0x120 [ 46.122588] ? debug_object_free+0x690/0x690 [ 46.127006] ? mark_held_locks+0x130/0x130 [ 46.131241] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 46.135827] ? lock_release+0x970/0x970 [ 46.139801] ? arch_local_save_flags+0x40/0x40 [ 46.144387] ? depot_save_stack+0x292/0x470 [ 46.148712] ? __lockdep_init_map+0x105/0x590 [ 46.153213] ? __init_waitqueue_head+0x9e/0x150 [ 46.157882] ? init_wait_entry+0x1c0/0x1c0 [ 46.162122] __synchronize_srcu+0x17b/0x230 [ 46.166440] ? call_srcu+0x10/0x10 [ 46.169977] ? rcu_unexpedite_gp+0x20/0x20 [ 46.174227] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 46.179761] ? check_preemption_disabled+0x48/0x200 [ 46.184778] synchronize_srcu+0x356/0x5ab [ 46.188927] ? lock_downgrade+0x900/0x900 [ 46.193077] ? synchronize_srcu_expedited+0x20/0x20 [ 46.198374] ? kasan_check_read+0x11/0x20 [ 46.202531] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 46.207150] ? kasan_check_write+0x14/0x20 [ 46.211388] ? do_raw_spin_lock+0xc1/0x200 [ 46.215629] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.221341] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 46.226794] ? kvfree+0x61/0x70 [ 46.230075] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.235096] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.239155] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.243564] ? kvm_arch_sync_events+0x30/0x30 [ 46.248064] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.253599] ? mmu_notifier_unregister+0x474/0x600 [ 46.258532] ? kfree+0x107/0x230 [ 46.261899] ? __mmu_notifier_register+0x30/0x30 [ 46.266658] ? __free_pages+0x10a/0x190 [ 46.270632] ? free_unref_page+0x960/0x960 [ 46.274875] kvm_put_kvm+0x6c8/0xff0 [ 46.278594] ? kvm_write_guest_cached+0x40/0x40 [ 46.283267] ? kvm_irqfd_release+0xd1/0x120 [ 46.287591] ? _raw_spin_unlock_irq+0x27/0x80 [ 46.292087] ? _raw_spin_unlock_irq+0x27/0x80 [ 46.296589] ? kasan_check_write+0x14/0x20 [ 46.300825] ? do_raw_spin_lock+0xc1/0x200 [ 46.305060] ? kvm_irqfd_release+0xdd/0x120 [ 46.309384] ? kvm_irqfd_release+0xdd/0x120 [ 46.313713] ? kvm_put_kvm+0xff0/0xff0 [ 46.317600] kvm_vm_release+0x42/0x50 [ 46.321403] __fput+0x385/0xa30 [ 46.324688] ? get_max_files+0x20/0x20 [ 46.329093] ? ___might_sleep+0x1ed/0x300 [ 46.333245] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 46.338696] ? arch_local_save_flags+0x40/0x40 [ 46.343281] ? kasan_check_write+0x14/0x20 [ 46.347532] ? do_raw_spin_lock+0xc1/0x200 [ 46.351769] ____fput+0x15/0x20 [ 46.355048] task_work_run+0x1e8/0x2a0 [ 46.358934] ? task_work_cancel+0x240/0x240 [ 46.363258] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.368799] ? switch_task_namespaces+0x9d/0xd0 [ 46.373473] do_exit+0x1ad7/0x2610 [ 46.377029] ? find_held_lock+0x36/0x1c0 [ 46.381096] ? mm_update_next_owner+0x990/0x990 [ 46.385769] ? is_bpf_text_address+0xac/0x170 [ 46.390269] ? lock_downgrade+0x900/0x900 [ 46.394416] ? check_preemption_disabled+0x48/0x200 [ 46.399436] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 46.405235] ? kasan_check_read+0x11/0x20 [ 46.409386] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 46.414661] ? rcu_bh_qs+0xc0/0xc0 [ 46.418198] ? rcu_bh_qs+0xc0/0xc0 [ 46.421735] ? unwind_dump+0x190/0x190 [ 46.425629] ? is_bpf_text_address+0xd3/0x170 [ 46.430126] ? kernel_text_address+0x79/0xf0 [ 46.434535] ? __kernel_text_address+0xd/0x40 [ 46.439032] ? unwind_get_return_address+0x61/0xa0 [ 46.443968] ? __save_stack_trace+0x8d/0xf0 [ 46.448306] ? save_stack+0xa9/0xd0 [ 46.451933] ? save_stack+0x43/0xd0 [ 46.455559] ? __kasan_slab_free+0x102/0x150 [ 46.459965] ? kasan_slab_free+0xe/0x10 [ 46.463948] ? kmem_cache_free+0x83/0x290 [ 46.468093] ? putname+0xf2/0x130 [ 46.471546] ? __x64_sys_openat+0x9d/0x100 [ 46.475781] ? do_syscall_64+0x1b9/0x820 [ 46.479843] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.485212] ? trace_hardirqs_off+0xb8/0x310 [ 46.489618] ? kasan_check_read+0x11/0x20 [ 46.493770] ? do_raw_spin_unlock+0xa7/0x2f0 [ 46.498182] ? trace_hardirqs_on+0x310/0x310 [ 46.502594] ? kasan_check_write+0x14/0x20 [ 46.506828] ? trace_hardirqs_off+0xb8/0x310 [ 46.511237] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.516771] ? check_preemption_disabled+0x48/0x200 [ 46.521794] ? check_preemption_disabled+0x48/0x200 [ 46.526814] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 46.532351] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 46.537629] ? rcu_pm_notify+0xc0/0xc0 [ 46.541521] ? putname+0xf2/0x130 [ 46.544977] ? putname+0xf2/0x130 [ 46.548441] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.553456] ? kmem_cache_free+0x24f/0x290 [ 46.557690] ? putname+0xf7/0x130 [ 46.561148] do_group_exit+0x177/0x440 [ 46.565036] ? trace_hardirqs_on+0xbd/0x310 [ 46.569357] ? __ia32_sys_exit+0x50/0x50 [ 46.573420] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 46.578874] __x64_sys_exit_group+0x3e/0x50 [ 46.583195] do_syscall_64+0x1b9/0x820 [ 46.587082] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 46.592447] ? syscall_return_slowpath+0x5e0/0x5e0 [ 46.597377] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.602221] ? trace_hardirqs_on_caller+0x310/0x310 [ 46.607240] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 46.612261] ? prepare_exit_to_usermode+0x291/0x3b0 [ 46.617279] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.622124] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.627308] RIP: 0033:0x43f228 [ 46.630510] Code: Bad RIP value. [ 46.633870] RSP: 002b:00007ffe3389c078 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 46.641576] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f228 [ 46.648842] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 46.656111] RBP: 00000000004c0b28 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 46.663390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 46.670654] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 46.677926] [ 46.679546] Allocated by task 5320: [ 46.683171] save_stack+0x43/0xd0 [ 46.686636] kasan_kmalloc+0xc7/0xe0 [ 46.690347] kasan_slab_alloc+0x12/0x20 [ 46.694320] kmem_cache_alloc+0x12e/0x730 [ 46.698465] vmx_create_vcpu+0xcf/0x25e0 [ 46.702525] kvm_arch_vcpu_create+0xe5/0x220 [ 46.706929] kvm_vm_ioctl+0x470/0x1d40 [ 46.710817] do_vfs_ioctl+0x1de/0x1720 [ 46.714700] ksys_ioctl+0xa9/0xd0 [ 46.718153] __x64_sys_ioctl+0x73/0xb0 [ 46.722038] do_syscall_64+0x1b9/0x820 [ 46.725922] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.731099] [ 46.732719] Freed by task 5320: [ 46.736003] save_stack+0x43/0xd0 [ 46.739458] __kasan_slab_free+0x102/0x150 [ 46.743688] kasan_slab_free+0xe/0x10 [ 46.747485] kmem_cache_free+0x83/0x290 [ 46.751462] vmx_free_vcpu+0x26b/0x300 [ 46.755349] kvm_arch_destroy_vm+0x365/0x7c0 [ 46.759755] kvm_put_kvm+0x6c8/0xff0 [ 46.763467] kvm_vm_release+0x42/0x50 [ 46.767264] __fput+0x385/0xa30 [ 46.770537] ____fput+0x15/0x20 [ 46.773813] task_work_run+0x1e8/0x2a0 [ 46.777698] do_exit+0x1ad7/0x2610 [ 46.781237] do_group_exit+0x177/0x440 [ 46.785122] __x64_sys_exit_group+0x3e/0x50 [ 46.789446] do_syscall_64+0x1b9/0x820 [ 46.793342] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.798519] [ 46.800147] The buggy address belongs to the object at ffff8801d8c80040 [ 46.800147] which belongs to the cache kvm_vcpu of size 23872 [ 46.812718] The buggy address is located 24 bytes inside of [ 46.812718] 23872-byte region [ffff8801d8c80040, ffff8801d8c85d80) [ 46.824671] The buggy address belongs to the page: [ 46.829597] page:ffffea0007632000 count:1 mapcount:0 mapping:ffff8801d5aa16c0 index:0x0 compound_mapcount: 0 [ 46.839565] flags: 0x2fffc0000008100(slab|head) [ 46.844241] raw: 02fffc0000008100 ffff8801d5aa0148 ffff8801d5aa0148 ffff8801d5aa16c0 [ 46.852122] raw: 0000000000000000 ffff8801d8c80040 0000000100000001 0000000000000000 [ 46.859999] page dumped because: kasan: bad access detected [ 46.865698] [ 46.867313] Memory state around the buggy address: [ 46.872240] ffff8801d8c7ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.879619] ffff8801d8c7ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.886974] >ffff8801d8c80000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 46.894332] ^ [ 46.900557] ffff8801d8c80080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.907912] ffff8801d8c80100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.915265] ================================================================== [ 46.922615] Kernel panic - not syncing: panic_on_warn set ... [ 46.922615] [ 46.929982] CPU: 1 PID: 5320 Comm: syz-executor625 Tainted: G B 4.19.0-rc4+ #248 [ 46.938823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.948167] Call Trace: [ 46.950759] dump_stack+0x1c4/0x2b4 [ 46.954385] ? dump_stack_print_info.cold.2+0x52/0x52 [ 46.959576] ? lock_downgrade+0x900/0x900 [ 46.963726] panic+0x238/0x4e7 [ 46.966922] ? add_taint.cold.5+0x16/0x16 [ 46.971073] ? print_shadow_for_address+0xb6/0x116 [ 46.976008] ? trace_hardirqs_off+0xaf/0x310 [ 46.980424] kasan_end_report+0x47/0x4f [ 46.984401] kasan_report.cold.9+0x76/0x309 [ 46.988725] ? __schedule+0xfc3/0x1ed0 [ 46.992613] __asan_report_load8_noabort+0x14/0x20 [ 46.997564] __schedule+0xfc3/0x1ed0 [ 47.001286] ? __sched_text_start+0x8/0x8 [ 47.005440] ? __lock_is_held+0xb5/0x140 [ 47.009507] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.014615] ? find_held_lock+0x36/0x1c0 [ 47.018683] ? __call_srcu+0x7f9/0x1070 [ 47.022662] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.027767] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.032872] ? lockdep_hardirqs_on+0x421/0x5c0 [ 47.037454] ? preempt_schedule+0x4d/0x60 [ 47.041604] preempt_schedule_common+0x1f/0xd0 [ 47.046189] preempt_schedule+0x4d/0x60 [ 47.050168] ___preempt_schedule+0x16/0x18 [ 47.054407] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 47.059335] __call_srcu+0x7f9/0x1070 [ 47.063137] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 47.068247] ? srcu_offline_cpu+0x120/0x120 [ 47.072569] ? debug_object_free+0x690/0x690 [ 47.076976] ? mark_held_locks+0x130/0x130 [ 47.081220] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 47.085805] ? lock_release+0x970/0x970 [ 47.089779] ? arch_local_save_flags+0x40/0x40 [ 47.094364] ? depot_save_stack+0x292/0x470 [ 47.098693] ? __lockdep_init_map+0x105/0x590 [ 47.103191] ? __init_waitqueue_head+0x9e/0x150 [ 47.107858] ? init_wait_entry+0x1c0/0x1c0 [ 47.112098] __synchronize_srcu+0x17b/0x230 [ 47.116420] ? call_srcu+0x10/0x10 [ 47.119958] ? rcu_unexpedite_gp+0x20/0x20 [ 47.124198] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.129733] ? check_preemption_disabled+0x48/0x200 [ 47.134754] synchronize_srcu+0x356/0x5ab [ 47.138900] ? lock_downgrade+0x900/0x900 [ 47.143049] ? synchronize_srcu_expedited+0x20/0x20 [ 47.148069] ? kasan_check_read+0x11/0x20 [ 47.152221] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 47.156805] ? kasan_check_write+0x14/0x20 [ 47.161043] ? do_raw_spin_lock+0xc1/0x200 [ 47.165294] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.171015] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 47.176465] ? kvfree+0x61/0x70 [ 47.179742] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.184758] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.188822] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.193231] ? kvm_arch_sync_events+0x30/0x30 [ 47.197733] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.203269] ? mmu_notifier_unregister+0x474/0x600 [ 47.208196] ? kfree+0x107/0x230 [ 47.211562] ? __mmu_notifier_register+0x30/0x30 [ 47.216317] ? __free_pages+0x10a/0x190 [ 47.220306] ? free_unref_page+0x960/0x960 [ 47.224551] kvm_put_kvm+0x6c8/0xff0 [ 47.228274] ? kvm_write_guest_cached+0x40/0x40 [ 47.232947] ? kvm_irqfd_release+0xd1/0x120 [ 47.237274] ? _raw_spin_unlock_irq+0x27/0x80 [ 47.241769] ? _raw_spin_unlock_irq+0x27/0x80 [ 47.246274] ? kasan_check_write+0x14/0x20 [ 47.250515] ? do_raw_spin_lock+0xc1/0x200 [ 47.254752] ? kvm_irqfd_release+0xdd/0x120 [ 47.259074] ? kvm_irqfd_release+0xdd/0x120 [ 47.263397] ? kvm_put_kvm+0xff0/0xff0 [ 47.267289] kvm_vm_release+0x42/0x50 [ 47.271090] __fput+0x385/0xa30 [ 47.274369] ? get_max_files+0x20/0x20 [ 47.278259] ? ___might_sleep+0x1ed/0x300 [ 47.282410] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 47.287864] ? arch_local_save_flags+0x40/0x40 [ 47.292449] ? kasan_check_write+0x14/0x20 [ 47.296687] ? do_raw_spin_lock+0xc1/0x200 [ 47.300927] ____fput+0x15/0x20 [ 47.304210] task_work_run+0x1e8/0x2a0 [ 47.308102] ? task_work_cancel+0x240/0x240 [ 47.312428] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.317968] ? switch_task_namespaces+0x9d/0xd0 [ 47.322650] do_exit+0x1ad7/0x2610 [ 47.326552] ? find_held_lock+0x36/0x1c0 [ 47.330616] ? mm_update_next_owner+0x990/0x990 [ 47.335291] ? is_bpf_text_address+0xac/0x170 [ 47.339787] ? lock_downgrade+0x900/0x900 [ 47.343936] ? check_preemption_disabled+0x48/0x200 [ 47.348957] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 47.354756] ? kasan_check_read+0x11/0x20 [ 47.358907] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 47.364183] ? rcu_bh_qs+0xc0/0xc0 [ 47.367724] ? rcu_bh_qs+0xc0/0xc0 [ 47.371261] ? unwind_dump+0x190/0x190 [ 47.375157] ? is_bpf_text_address+0xd3/0x170 [ 47.379653] ? kernel_text_address+0x79/0xf0 [ 47.384064] ? __kernel_text_address+0xd/0x40 [ 47.388557] ? unwind_get_return_address+0x61/0xa0 [ 47.393486] ? __save_stack_trace+0x8d/0xf0 [ 47.397819] ? save_stack+0xa9/0xd0 [ 47.401446] ? save_stack+0x43/0xd0 [ 47.405071] ? __kasan_slab_free+0x102/0x150 [ 47.409474] ? kasan_slab_free+0xe/0x10 [ 47.413454] ? kmem_cache_free+0x83/0x290 [ 47.417597] ? putname+0xf2/0x130 [ 47.421050] ? __x64_sys_openat+0x9d/0x100 [ 47.425288] ? do_syscall_64+0x1b9/0x820 [ 47.429352] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.434721] ? trace_hardirqs_off+0xb8/0x310 [ 47.439129] ? kasan_check_read+0x11/0x20 [ 47.443277] ? do_raw_spin_unlock+0xa7/0x2f0 [ 47.447683] ? trace_hardirqs_on+0x310/0x310 [ 47.452096] ? kasan_check_write+0x14/0x20 [ 47.456333] ? trace_hardirqs_off+0xb8/0x310 [ 47.460745] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.466281] ? check_preemption_disabled+0x48/0x200 [ 47.471299] ? check_preemption_disabled+0x48/0x200 [ 47.476322] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 47.481858] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 47.487138] ? rcu_pm_notify+0xc0/0xc0 [ 47.491029] ? putname+0xf2/0x130 [ 47.494482] ? putname+0xf2/0x130 [ 47.497937] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.502951] ? kmem_cache_free+0x24f/0x290 [ 47.507189] ? putname+0xf7/0x130 [ 47.510652] do_group_exit+0x177/0x440 [ 47.514544] ? trace_hardirqs_on+0xbd/0x310 [ 47.518915] ? __ia32_sys_exit+0x50/0x50 [ 47.522975] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 47.528442] __x64_sys_exit_group+0x3e/0x50 [ 47.532764] do_syscall_64+0x1b9/0x820 [ 47.536651] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 47.542024] ? syscall_return_slowpath+0x5e0/0x5e0 [ 47.546953] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.551795] ? trace_hardirqs_on_caller+0x310/0x310 [ 47.556813] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 47.561833] ? prepare_exit_to_usermode+0x291/0x3b0 [ 47.566867] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.571721] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.576908] RIP: 0033:0x43f228 [ 47.580101] Code: Bad RIP value. [ 47.583462] RSP: 002b:00007ffe3389c078 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 47.591172] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f228 [ 47.598438] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 47.605717] RBP: 00000000004c0b28 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 47.612988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 47.620262] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 47.627545] [ 47.627553] ====================================================== [ 47.627559] WARNING: possible circular locking dependency detected [ 47.627563] 4.19.0-rc4+ #248 Not tainted [ 47.627569] ------------------------------------------------------ [ 47.627574] syz-executor625/5320 is trying to acquire lock: [ 47.627578] 000000009e13314c ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 47.627595] [ 47.627599] but task is already holding lock: [ 47.627603] 00000000c86d4f50 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 47.627619] [ 47.627624] which lock already depends on the new lock. [ 47.627626] [ 47.627629] [ 47.627634] the existing dependency chain (in reverse order) is: [ 47.627637] [ 47.627640] -> #3 (report_lock){....}: [ 47.627656] _raw_spin_lock_irqsave+0x99/0xd0 [ 47.627660] kasan_report+0x8b/0x110 [ 47.627665] __asan_report_load8_noabort+0x14/0x20 [ 47.627669] __schedule+0xfc3/0x1ed0 [ 47.627673] preempt_schedule_common+0x1f/0xd0 [ 47.627678] preempt_schedule+0x4d/0x60 [ 47.627682] ___preempt_schedule+0x16/0x18 [ 47.627687] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 47.627691] __call_srcu+0x7f9/0x1070 [ 47.627696] __synchronize_srcu+0x17b/0x230 [ 47.627700] synchronize_srcu+0x356/0x5ab [ 47.627705] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.627710] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.627714] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.627718] kvm_put_kvm+0x6c8/0xff0 [ 47.627723] kvm_vm_release+0x42/0x50 [ 47.627727] __fput+0x385/0xa30 [ 47.627730] ____fput+0x15/0x20 [ 47.627735] task_work_run+0x1e8/0x2a0 [ 47.627739] do_exit+0x1ad7/0x2610 [ 47.627743] do_group_exit+0x177/0x440 [ 47.627747] __x64_sys_exit_group+0x3e/0x50 [ 47.627752] do_syscall_64+0x1b9/0x820 [ 47.627757] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.627759] [ 47.627762] -> #2 (&rq->lock){-.-.}: [ 47.627777] _raw_spin_lock+0x2d/0x40 [ 47.627782] task_fork_fair+0xb0/0x6d0 [ 47.627786] sched_fork+0x443/0xba0 [ 47.627790] copy_process+0x2586/0x8780 [ 47.627794] _do_fork+0x1cb/0x11d0 [ 47.627798] kernel_thread+0x34/0x40 [ 47.627802] rest_init+0x22/0xe5 [ 47.627806] start_kernel+0x8f4/0x92f [ 47.627811] x86_64_start_reservations+0x29/0x2b [ 47.627815] x86_64_start_kernel+0x76/0x79 [ 47.627820] secondary_startup_64+0xa4/0xb0 [ 47.627822] [ 47.627825] -> #1 (&p->pi_lock){-.-.}: [ 47.627841] _raw_spin_lock_irqsave+0x99/0xd0 [ 47.627845] try_to_wake_up+0xd2/0x12f0 [ 47.627849] wake_up_process+0x10/0x20 [ 47.627854] __up.isra.1+0x1c0/0x2a0 [ 47.627857] up+0x13c/0x1c0 [ 47.627861] __up_console_sem+0xbe/0x1b0 [ 47.627866] console_unlock+0x814/0x1160 [ 47.627870] vprintk_emit+0x33d/0x930 [ 47.627874] vprintk_default+0x28/0x30 [ 47.627878] vprintk_func+0x7e/0x181 [ 47.627882] printk+0xa7/0xcf [ 47.627886] load_umh+0x51/0xbd [ 47.627890] do_one_initcall+0x145/0x957 [ 47.627895] kernel_init_freeable+0x4bb/0x5ae [ 47.627899] kernel_init+0x11/0x1b2 [ 47.627903] ret_from_fork+0x3a/0x50 [ 47.627906] [ 47.627908] -> #0 ((console_sem).lock){-...}: [ 47.627924] lock_acquire+0x1ed/0x520 [ 47.627929] _raw_spin_lock_irqsave+0x99/0xd0 [ 47.627933] down_trylock+0x13/0x70 [ 47.627937] __down_trylock_console_sem+0xae/0x200 [ 47.627942] console_trylock+0x15/0xa0 [ 47.627946] vprintk_emit+0x322/0x930 [ 47.627950] vprintk_default+0x28/0x30 [ 47.627954] vprintk_func+0x7e/0x181 [ 47.627958] printk+0xa7/0xcf [ 47.627962] kasan_report+0x9b/0x110 [ 47.627967] __asan_report_load8_noabort+0x14/0x20 [ 47.627971] __schedule+0xfc3/0x1ed0 [ 47.627976] preempt_schedule_common+0x1f/0xd0 [ 47.627980] preempt_schedule+0x4d/0x60 [ 47.627985] ___preempt_schedule+0x16/0x18 [ 47.627989] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 47.628002] __call_srcu+0x7f9/0x1070 [ 47.628007] __synchronize_srcu+0x17b/0x230 [ 47.628011] synchronize_srcu+0x356/0x5ab [ 47.628017] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.628021] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.628025] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.628030] kvm_put_kvm+0x6c8/0xff0 [ 47.628034] kvm_vm_release+0x42/0x50 [ 47.628038] __fput+0x385/0xa30 [ 47.628042] ____fput+0x15/0x20 [ 47.628046] task_work_run+0x1e8/0x2a0 [ 47.628050] do_exit+0x1ad7/0x2610 [ 47.628054] do_group_exit+0x177/0x440 [ 47.628059] __x64_sys_exit_group+0x3e/0x50 [ 47.628063] do_syscall_64+0x1b9/0x820 [ 47.628068] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.628070] [ 47.628075] other info that might help us debug this: [ 47.628078] [ 47.628081] Chain exists of: [ 47.628084] (console_sem).lock --> &rq->lock --> report_lock [ 47.628104] [ 47.628108] Possible unsafe locking scenario: [ 47.628111] [ 47.628115] CPU0 CPU1 [ 47.628120] ---- ---- [ 47.628122] lock(report_lock); [ 47.628132] lock(&rq->lock); [ 47.628143] lock(report_lock); [ 47.628151] lock((console_sem).lock); [ 47.628160] [ 47.628164] *** DEADLOCK *** [ 47.628166] [ 47.628171] 2 locks held by syz-executor625/5320: [ 47.628173] #0: 00000000aa3b8882 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 47.628192] #1: 00000000c86d4f50 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 47.628210] [ 47.628214] stack backtrace: [ 47.628220] CPU: 1 PID: 5320 Comm: syz-executor625 Not tainted 4.19.0-rc4+ #248 [ 47.628228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.628232] Call Trace: [ 47.628236] dump_stack+0x1c4/0x2b4 [ 47.628241] ? dump_stack_print_info.cold.2+0x52/0x52 [ 47.628245] ? vprintk_func+0x85/0x181 [ 47.628250] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 47.628254] ? save_trace+0xe0/0x290 [ 47.628259] __lock_acquire+0x33e4/0x4ec0 [ 47.628263] ? mark_held_locks+0x130/0x130 [ 47.628267] ? mark_held_locks+0x130/0x130 [ 47.628271] ? rcu_bh_qs+0xc0/0xc0 [ 47.628276] ? unwind_dump+0x190/0x190 [ 47.628280] ? is_bpf_text_address+0xd3/0x170 [ 47.628285] ? kernel_text_address+0x79/0xf0 [ 47.628289] ? __kernel_text_address+0xd/0x40 [ 47.628294] ? __save_stack_trace+0x8d/0xf0 [ 47.628299] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 47.628303] ? save_trace+0x290/0x290 [ 47.628307] ? save_stack_trace+0x1a/0x20 [ 47.628312] ? save_trace+0xe0/0x290 [ 47.628316] ? kasan_check_read+0x11/0x20 [ 47.628320] ? graph_lock+0x170/0x170 [ 47.628325] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.628330] lock_acquire+0x1ed/0x520 [ 47.628334] ? down_trylock+0x13/0x70 [ 47.628338] ? find_held_lock+0x36/0x1c0 [ 47.628342] ? lock_release+0x970/0x970 [ 47.628347] ? trace_hardirqs_off+0xb8/0x310 [ 47.628351] ? vprintk_emit+0x1d3/0x930 [ 47.628356] ? trace_hardirqs_on+0x310/0x310 [ 47.628360] ? trace_hardirqs_off+0xb8/0x310 [ 47.628364] ? log_store+0x344/0x4c0 [ 47.628369] ? vprintk_emit+0x322/0x930 [ 47.628373] _raw_spin_lock_irqsave+0x99/0xd0 [ 47.628378] ? down_trylock+0x13/0x70 [ 47.628382] down_trylock+0x13/0x70 [ 47.628386] __down_trylock_console_sem+0xae/0x200 [ 47.628391] console_trylock+0x15/0xa0 [ 47.628395] vprintk_emit+0x322/0x930 [ 47.628399] ? wake_up_klogd+0x180/0x180 [ 47.628404] ? run_rebalance_domains+0x500/0x500 [ 47.628408] ? find_held_lock+0x36/0x1c0 [ 47.628413] ? __queue_work+0x6be/0x1440 [ 47.628417] ? lock_acquire+0x1ed/0x520 [ 47.628421] vprintk_default+0x28/0x30 [ 47.628425] vprintk_func+0x7e/0x181 [ 47.628429] printk+0xa7/0xcf [ 47.628434] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 47.628438] ? kasan_check_write+0x14/0x20 [ 47.628443] ? do_raw_spin_lock+0xc1/0x200 [ 47.628447] ? do_raw_spin_lock+0xc1/0x200 [ 47.628451] kasan_report+0x9b/0x110 [ 47.628455] ? __schedule+0xfc3/0x1ed0 [ 47.628460] __asan_report_load8_noabort+0x14/0x20 [ 47.628464] __schedule+0xfc3/0x1ed0 [ 47.628469] ? __sched_text_start+0x8/0x8 [ 47.628473] ? __lock_is_held+0xb5/0x140 [ 47.628478] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.628482] ? find_held_lock+0x36/0x1c0 [ 47.628486] ? __call_srcu+0x7f9/0x1070 [ 47.628491] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.628496] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.628501] ? lockdep_hardirqs_on+0x421/0x5c0 [ 47.628511] ? preempt_schedule+0x4d/0x60 [ 47.628515] preempt_schedule_common+0x1f/0xd0 [ 47.628520] preempt_schedule+0x4d/0x60 [ 47.628524] ___preempt_schedule+0x16/0x18 [ 47.628529] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 47.628533] __call_srcu+0x7f9/0x1070 [ 47.628538] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 47.628543] ? srcu_offline_cpu+0x120/0x120 [ 47.628547] ? debug_object_free+0x690/0x690 [ 47.628552] ? mark_held_locks+0x130/0x130 [ 47.628557] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 47.628561] ? lock_release+0x970/0x970 [ 47.628566] ? arch_local_save_flags+0x40/0x40 [ 47.628570] ? depot_save_stack+0x292/0x470 [ 47.628575] ? __lockdep_init_map+0x105/0x590 [ 47.628580] ? __init_waitqueue_head+0x9e/0x150 [ 47.628584] ? init_wait_entry+0x1c0/0x1c0 [ 47.628588] __synchronize_srcu+0x17b/0x230 [ 47.628593] ? call_srcu+0x10/0x10 [ 47.628597] ? rcu_unexpedite_gp+0x20/0x20 [ 47.628602] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.628607] ? check_preemption_disabled+0x48/0x200 [ 47.628612] synchronize_srcu+0x356/0x5ab [ 47.628616] ? lock_downgrade+0x900/0x900 [ 47.628621] ? synchronize_srcu_expedited+0x20/0x20 [ 47.628625] ? kasan_check_read+0x11/0x20 [ 47.628630] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 47.628634] ? kasan_check_write+0x14/0x20 [ 47.628639] ? do_raw_spin_lock+0xc1/0x200 [ 47.628644] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.628649] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 47.628653] ? kvfree+0x61/0x70 [ 47.628658] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.628662] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.628667] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.628671] ? kvm_arch_sync_events+0x30/0x30 [ 47.628676] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.628681] ? mmu_notifier_unregister+0x474/0x600 [ 47.628685] ? kfree+0x107/0x230 [ 47.628690] ? __mmu_notifier_register+0x30/0x30 [ 47.628694] ? __free_pages+0x10a/0x190 [ 47.628699] ? free_unref_page+0x960/0x960 [ 47.628703] kvm_put_kvm+0x6c8/0xff0 [ 47.628707] ? kvm_write_guest_cached+0x40/0x40 [ 47.628712] ? kvm_irqfd_release+0xd1/0x120 [ 47.628716] ? _raw_spin_unlock_irq+0x27/0x80 [ 47.628721] ? _raw_spin_unlock_irq+0x27/0x80 [ 47.628725] ? kasan_check_write+0x14/0x20 [ 47.628730] ? do_raw_spin_lock+0xc1/0x200 [ 47.628734] ? kvm_irqfd_release+0xdd/0x120 [ 47.628738] ? kvm_irqfd_release+ [ 47.628746] Lost 80 message(s)! [ 48.781438] Shutting down cpus with NMI [ 49.840570] Kernel Offset: disabled [ 49.844197] Rebooting in 86400 seconds..