[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 26.032037] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.370246] random: sshd: uninitialized urandom read (32 bytes read) [ 29.731165] random: sshd: uninitialized urandom read (32 bytes read) [ 30.334287] random: sshd: uninitialized urandom read (32 bytes read) [ 30.564803] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. [ 36.135591] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 36.262879] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 36.292988] ================================================================== [ 36.303011] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 36.309237] Read of size 8 at addr ffff8801baef8058 by task syz-executor820/5344 [ 36.317104] [ 36.318746] CPU: 1 PID: 5344 Comm: syz-executor820 Not tainted 4.19.0-rc3+ #9 [ 36.326010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.335361] Call Trace: [ 36.337950] dump_stack+0x1c4/0x2b4 [ 36.341578] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.346776] ? printk+0xa7/0xcf [ 36.350056] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.354817] print_address_description.cold.8+0x9/0x1ff [ 36.360682] kasan_report.cold.9+0x242/0x309 [ 36.365089] ? __schedule+0xfc3/0x1ed0 [ 36.368978] __asan_report_load8_noabort+0x14/0x20 [ 36.373940] __schedule+0xfc3/0x1ed0 [ 36.377689] ? __sched_text_start+0x8/0x8 [ 36.382116] ? __lock_is_held+0xb5/0x140 [ 36.386177] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.391279] ? find_held_lock+0x36/0x1c0 [ 36.395346] ? __call_srcu+0x7f9/0x1070 [ 36.399326] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.404456] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.409567] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.414149] ? preempt_schedule+0x4d/0x60 [ 36.418299] preempt_schedule_common+0x1f/0xd0 [ 36.422881] preempt_schedule+0x4d/0x60 [ 36.426853] ___preempt_schedule+0x16/0x18 [ 36.431089] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.436021] __call_srcu+0x7f9/0x1070 [ 36.439843] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 36.444965] ? srcu_offline_cpu+0x120/0x120 [ 36.449286] ? debug_object_free+0x690/0x690 [ 36.453730] ? mark_held_locks+0x130/0x130 [ 36.457978] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 36.462568] ? lock_release+0x970/0x970 [ 36.466549] ? arch_local_save_flags+0x40/0x40 [ 36.471129] ? depot_save_stack+0x292/0x470 [ 36.475453] ? __lockdep_init_map+0x105/0x590 [ 36.479949] ? __init_waitqueue_head+0x9e/0x150 [ 36.484653] ? init_wait_entry+0x1c0/0x1c0 [ 36.488911] __synchronize_srcu+0x17b/0x230 [ 36.493231] ? call_srcu+0x10/0x10 [ 36.496767] ? rcu_unexpedite_gp+0x20/0x20 [ 36.501022] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.506559] ? check_preemption_disabled+0x48/0x200 [ 36.511612] synchronize_srcu+0x356/0x5ab [ 36.515774] ? lock_downgrade+0x900/0x900 [ 36.519934] ? synchronize_srcu_expedited+0x20/0x20 [ 36.524984] ? kasan_check_read+0x11/0x20 [ 36.529133] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.533717] ? kasan_check_write+0x14/0x20 [ 36.537950] ? do_raw_spin_lock+0xc1/0x200 [ 36.542189] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.547900] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.553351] ? kvfree+0x61/0x70 [ 36.556634] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.561668] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.565725] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.570164] ? kvm_arch_sync_events+0x30/0x30 [ 36.574676] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.580209] ? mmu_notifier_unregister+0x474/0x600 [ 36.585134] ? kfree+0x107/0x230 [ 36.588503] ? __mmu_notifier_register+0x30/0x30 [ 36.593258] ? __free_pages+0x10a/0x190 [ 36.597230] ? free_unref_page+0x960/0x960 [ 36.601500] kvm_put_kvm+0x6c8/0xff0 [ 36.605220] ? kvm_write_guest_cached+0x40/0x40 [ 36.609889] ? kvm_irqfd_release+0xd1/0x120 [ 36.614213] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.618724] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.623242] ? kasan_check_write+0x14/0x20 [ 36.627501] ? do_raw_spin_lock+0xc1/0x200 [ 36.631735] ? kvm_irqfd_release+0xdd/0x120 [ 36.636054] ? kvm_irqfd_release+0xdd/0x120 [ 36.640379] ? kvm_put_kvm+0xff0/0xff0 [ 36.644266] kvm_vm_release+0x42/0x50 [ 36.648064] __fput+0x385/0xa30 [ 36.651344] ? get_max_files+0x20/0x20 [ 36.655233] ? trace_hardirqs_on+0xbd/0x310 [ 36.659557] ? ___might_sleep+0x1ed/0x300 [ 36.663702] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.669153] ? arch_local_save_flags+0x40/0x40 [ 36.673737] ? kasan_check_write+0x14/0x20 [ 36.677975] ? do_raw_spin_lock+0xc1/0x200 [ 36.682209] ____fput+0x15/0x20 [ 36.685490] task_work_run+0x1e8/0x2a0 [ 36.689381] ? task_work_cancel+0x240/0x240 [ 36.693705] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.699245] ? switch_task_namespaces+0x9d/0xd0 [ 36.703915] do_exit+0x1ad7/0x2610 [ 36.707453] ? find_held_lock+0x36/0x1c0 [ 36.711580] ? mm_update_next_owner+0x990/0x990 [ 36.716256] ? is_bpf_text_address+0xac/0x170 [ 36.720752] ? lock_downgrade+0x900/0x900 [ 36.724916] ? check_preemption_disabled+0x48/0x200 [ 36.729950] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 36.735782] ? kasan_check_read+0x11/0x20 [ 36.739927] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 36.745200] ? rcu_bh_qs+0xc0/0xc0 [ 36.748741] ? rcu_bh_qs+0xc0/0xc0 [ 36.752449] ? unwind_dump+0x190/0x190 [ 36.756340] ? is_bpf_text_address+0xd3/0x170 [ 36.760842] ? kernel_text_address+0x79/0xf0 [ 36.765262] ? __kernel_text_address+0xd/0x40 [ 36.769756] ? unwind_get_return_address+0x61/0xa0 [ 36.774703] ? __save_stack_trace+0x8d/0xf0 [ 36.779030] ? save_stack+0xa9/0xd0 [ 36.782654] ? save_stack+0x43/0xd0 [ 36.786293] ? __kasan_slab_free+0x102/0x150 [ 36.790700] ? kasan_slab_free+0xe/0x10 [ 36.794687] ? kmem_cache_free+0x83/0x290 [ 36.798831] ? putname+0xf2/0x130 [ 36.802280] ? __x64_sys_openat+0x9d/0x100 [ 36.806511] ? do_syscall_64+0x1b9/0x820 [ 36.810586] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.815962] ? trace_hardirqs_off+0xb8/0x310 [ 36.820374] ? kasan_check_read+0x11/0x20 [ 36.824535] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.828942] ? trace_hardirqs_on+0x310/0x310 [ 36.833351] ? kasan_check_write+0x14/0x20 [ 36.837600] ? trace_hardirqs_off+0xb8/0x310 [ 36.842011] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.847543] ? check_preemption_disabled+0x48/0x200 [ 36.852553] ? check_preemption_disabled+0x48/0x200 [ 36.857571] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 36.863115] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 36.868390] ? rcu_pm_notify+0xc0/0xc0 [ 36.872292] ? putname+0xf2/0x130 [ 36.875744] ? putname+0xf2/0x130 [ 36.879198] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.884212] ? kmem_cache_free+0x24f/0x290 [ 36.888444] ? putname+0xf7/0x130 [ 36.891903] do_group_exit+0x177/0x440 [ 36.895791] ? trace_hardirqs_on+0xbd/0x310 [ 36.900115] ? __ia32_sys_exit+0x50/0x50 [ 36.904172] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.909633] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.915174] __x64_sys_exit_group+0x3e/0x50 [ 36.919498] do_syscall_64+0x1b9/0x820 [ 36.923391] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.928754] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.933692] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.938532] ? trace_hardirqs_on_caller+0x310/0x310 [ 36.943575] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.948620] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.953643] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.958506] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.963690] RIP: 0033:0x442fc8 [ 36.966894] Code: Bad RIP value. [ 36.970284] RSP: 002b:00007ffe7da14de8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.977989] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442fc8 [ 36.985255] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.992530] RBP: 00000000004c2bc8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.999792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 37.007056] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000 [ 37.014335] [ 37.015978] Allocated by task 5344: [ 37.019610] save_stack+0x43/0xd0 [ 37.023056] kasan_kmalloc+0xc7/0xe0 [ 37.026766] kasan_slab_alloc+0x12/0x20 [ 37.030746] kmem_cache_alloc+0x12e/0x730 [ 37.034892] vmx_create_vcpu+0xcf/0x25e0 [ 37.038960] kvm_arch_vcpu_create+0xe5/0x220 [ 37.043369] kvm_vm_ioctl+0x470/0x1d40 [ 37.047261] do_vfs_ioctl+0x1de/0x1720 [ 37.051147] ksys_ioctl+0xa9/0xd0 [ 37.054606] __x64_sys_ioctl+0x73/0xb0 [ 37.058508] do_syscall_64+0x1b9/0x820 [ 37.062396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.067578] [ 37.069206] Freed by task 5344: [ 37.072479] save_stack+0x43/0xd0 [ 37.075929] __kasan_slab_free+0x102/0x150 [ 37.080158] kasan_slab_free+0xe/0x10 [ 37.083957] kmem_cache_free+0x83/0x290 [ 37.087927] vmx_free_vcpu+0x26b/0x300 [ 37.091838] kvm_arch_destroy_vm+0x365/0x7c0 [ 37.096244] kvm_put_kvm+0x6c8/0xff0 [ 37.099956] kvm_vm_release+0x42/0x50 [ 37.103770] __fput+0x385/0xa30 [ 37.107040] ____fput+0x15/0x20 [ 37.110316] task_work_run+0x1e8/0x2a0 [ 37.114202] do_exit+0x1ad7/0x2610 [ 37.117736] do_group_exit+0x177/0x440 [ 37.121624] __x64_sys_exit_group+0x3e/0x50 [ 37.125942] do_syscall_64+0x1b9/0x820 [ 37.129828] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.135003] [ 37.136629] The buggy address belongs to the object at ffff8801baef8040 [ 37.136629] which belongs to the cache kvm_vcpu of size 23872 [ 37.149201] The buggy address is located 24 bytes inside of [ 37.149201] 23872-byte region [ffff8801baef8040, ffff8801baefdd80) [ 37.161156] The buggy address belongs to the page: [ 37.166082] page:ffffea0006ebbe00 count:1 mapcount:0 mapping:ffff8801d5773c00 index:0x0 compound_mapcount: 0 [ 37.176050] flags: 0x2fffc0000008100(slab|head) [ 37.180723] raw: 02fffc0000008100 ffff8801d5771948 ffff8801d5771948 ffff8801d5773c00 [ 37.188611] raw: 0000000000000000 ffff8801baef8040 0000000100000001 0000000000000000 [ 37.196487] page dumped because: kasan: bad access detected [ 37.202201] [ 37.203818] Memory state around the buggy address: [ 37.208852] ffff8801baef7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.216193] ffff8801baef7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.223542] >ffff8801baef8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 37.230894] ^ [ 37.237120] ffff8801baef8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.244472] ffff8801baef8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.251820] ================================================================== [ 37.259171] Kernel panic - not syncing: panic_on_warn set ... [ 37.259171] [ 37.266544] CPU: 1 PID: 5344 Comm: syz-executor820 Tainted: G B 4.19.0-rc3+ #9 [ 37.275497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.284844] Call Trace: [ 37.287438] dump_stack+0x1c4/0x2b4 [ 37.291067] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.296260] ? lock_downgrade+0x900/0x900 [ 37.300408] panic+0x238/0x4e7 [ 37.303603] ? add_taint.cold.5+0x16/0x16 [ 37.307754] ? print_shadow_for_address+0xb6/0x116 [ 37.312684] ? trace_hardirqs_off+0xaf/0x310 [ 37.317093] kasan_end_report+0x47/0x4f [ 37.321063] kasan_report.cold.9+0x76/0x309 [ 37.325382] ? __schedule+0xfc3/0x1ed0 [ 37.329270] __asan_report_load8_noabort+0x14/0x20 [ 37.334204] __schedule+0xfc3/0x1ed0 [ 37.337924] ? __sched_text_start+0x8/0x8 [ 37.342070] ? __lock_is_held+0xb5/0x140 [ 37.346126] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.351226] ? find_held_lock+0x36/0x1c0 [ 37.355288] ? __call_srcu+0x7f9/0x1070 [ 37.359258] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.364365] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.369476] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.374061] ? preempt_schedule+0x4d/0x60 [ 37.378211] preempt_schedule_common+0x1f/0xd0 [ 37.382797] preempt_schedule+0x4d/0x60 [ 37.386772] ___preempt_schedule+0x16/0x18 [ 37.391009] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.395938] __call_srcu+0x7f9/0x1070 [ 37.399739] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.405250] ? srcu_offline_cpu+0x120/0x120 [ 37.409574] ? debug_object_free+0x690/0x690 [ 37.413985] ? mark_held_locks+0x130/0x130 [ 37.418222] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.422804] ? lock_release+0x970/0x970 [ 37.426781] ? arch_local_save_flags+0x40/0x40 [ 37.431365] ? depot_save_stack+0x292/0x470 [ 37.435694] ? __lockdep_init_map+0x105/0x590 [ 37.440196] ? __init_waitqueue_head+0x9e/0x150 [ 37.444863] ? init_wait_entry+0x1c0/0x1c0 [ 37.449102] __synchronize_srcu+0x17b/0x230 [ 37.453420] ? call_srcu+0x10/0x10 [ 37.456957] ? rcu_unexpedite_gp+0x20/0x20 [ 37.461203] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.466740] ? check_preemption_disabled+0x48/0x200 [ 37.471761] synchronize_srcu+0x356/0x5ab [ 37.475906] ? lock_downgrade+0x900/0x900 [ 37.480053] ? synchronize_srcu_expedited+0x20/0x20 [ 37.485161] ? kasan_check_read+0x11/0x20 [ 37.489314] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.493902] ? kasan_check_write+0x14/0x20 [ 37.498135] ? do_raw_spin_lock+0xc1/0x200 [ 37.502377] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.508092] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.513542] ? kvfree+0x61/0x70 [ 37.516824] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.521844] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.525906] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.530314] ? kvm_arch_sync_events+0x30/0x30 [ 37.534810] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.540346] ? mmu_notifier_unregister+0x474/0x600 [ 37.545271] ? kfree+0x107/0x230 [ 37.548639] ? __mmu_notifier_register+0x30/0x30 [ 37.553397] ? __free_pages+0x10a/0x190 [ 37.557365] ? free_unref_page+0x960/0x960 [ 37.561618] kvm_put_kvm+0x6c8/0xff0 [ 37.565340] ? kvm_write_guest_cached+0x40/0x40 [ 37.570010] ? kvm_irqfd_release+0xd1/0x120 [ 37.574330] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.578823] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.583330] ? kasan_check_write+0x14/0x20 [ 37.587568] ? do_raw_spin_lock+0xc1/0x200 [ 37.591812] ? kvm_irqfd_release+0xdd/0x120 [ 37.596127] ? kvm_irqfd_release+0xdd/0x120 [ 37.600451] ? kvm_put_kvm+0xff0/0xff0 [ 37.604333] kvm_vm_release+0x42/0x50 [ 37.608130] __fput+0x385/0xa30 [ 37.611409] ? get_max_files+0x20/0x20 [ 37.615295] ? trace_hardirqs_on+0xbd/0x310 [ 37.619624] ? ___might_sleep+0x1ed/0x300 [ 37.623769] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.629221] ? arch_local_save_flags+0x40/0x40 [ 37.633804] ? kasan_check_write+0x14/0x20 [ 37.638039] ? do_raw_spin_lock+0xc1/0x200 [ 37.642267] ____fput+0x15/0x20 [ 37.645542] task_work_run+0x1e8/0x2a0 [ 37.649427] ? task_work_cancel+0x240/0x240 [ 37.653749] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.659290] ? switch_task_namespaces+0x9d/0xd0 [ 37.663959] do_exit+0x1ad7/0x2610 [ 37.667493] ? find_held_lock+0x36/0x1c0 [ 37.671556] ? mm_update_next_owner+0x990/0x990 [ 37.676230] ? is_bpf_text_address+0xac/0x170 [ 37.680726] ? lock_downgrade+0x900/0x900 [ 37.684871] ? check_preemption_disabled+0x48/0x200 [ 37.689891] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 37.695686] ? kasan_check_read+0x11/0x20 [ 37.699835] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 37.705109] ? rcu_bh_qs+0xc0/0xc0 [ 37.708648] ? rcu_bh_qs+0xc0/0xc0 [ 37.712182] ? unwind_dump+0x190/0x190 [ 37.716075] ? is_bpf_text_address+0xd3/0x170 [ 37.720566] ? kernel_text_address+0x79/0xf0 [ 37.724977] ? __kernel_text_address+0xd/0x40 [ 37.729466] ? unwind_get_return_address+0x61/0xa0 [ 37.734395] ? __save_stack_trace+0x8d/0xf0 [ 37.738733] ? save_stack+0xa9/0xd0 [ 37.742354] ? save_stack+0x43/0xd0 [ 37.745976] ? __kasan_slab_free+0x102/0x150 [ 37.750380] ? kasan_slab_free+0xe/0x10 [ 37.754347] ? kmem_cache_free+0x83/0x290 [ 37.758491] ? putname+0xf2/0x130 [ 37.761944] ? __x64_sys_openat+0x9d/0x100 [ 37.766179] ? do_syscall_64+0x1b9/0x820 [ 37.770246] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.775617] ? trace_hardirqs_off+0xb8/0x310 [ 37.780024] ? kasan_check_read+0x11/0x20 [ 37.784170] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.788580] ? trace_hardirqs_on+0x310/0x310 [ 37.792998] ? kasan_check_write+0x14/0x20 [ 37.797229] ? trace_hardirqs_off+0xb8/0x310 [ 37.801637] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.807172] ? check_preemption_disabled+0x48/0x200 [ 37.812195] ? check_preemption_disabled+0x48/0x200 [ 37.817219] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 37.822751] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 37.828028] ? rcu_pm_notify+0xc0/0xc0 [ 37.831913] ? putname+0xf2/0x130 [ 37.835392] ? putname+0xf2/0x130 [ 37.838845] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.843858] ? kmem_cache_free+0x24f/0x290 [ 37.848090] ? putname+0xf7/0x130 [ 37.851550] do_group_exit+0x177/0x440 [ 37.855439] ? trace_hardirqs_on+0xbd/0x310 [ 37.859757] ? __ia32_sys_exit+0x50/0x50 [ 37.863819] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.869264] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.874803] __x64_sys_exit_group+0x3e/0x50 [ 37.879126] do_syscall_64+0x1b9/0x820 [ 37.883016] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.888384] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.893315] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.898157] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.903179] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.908205] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.913223] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.918070] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.923254] RIP: 0033:0x442fc8 [ 37.926446] Code: Bad RIP value. [ 37.929804] RSP: 002b:00007ffe7da14de8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.937539] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442fc8 [ 37.944803] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.952066] RBP: 00000000004c2bc8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.959331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 37.966592] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000 [ 37.973876] [ 37.973882] ====================================================== [ 37.973888] WARNING: possible circular locking dependency detected [ 37.973892] 4.19.0-rc3+ #9 Not tainted [ 37.973898] ------------------------------------------------------ [ 37.973904] syz-executor820/5344 is trying to acquire lock: [ 37.973908] 00000000a1ab5a03 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 37.973924] [ 37.973929] but task is already holding lock: [ 37.973932] 00000000a3fbf266 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 37.973948] [ 37.973953] which lock already depends on the new lock. [ 37.973956] [ 37.973959] [ 37.973964] the existing dependency chain (in reverse order) is: [ 37.973967] [ 37.973969] -> #3 (report_lock){....}: [ 37.973985] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.973990] kasan_report+0x8b/0x110 [ 37.973995] __asan_report_load8_noabort+0x14/0x20 [ 37.973999] __schedule+0xfc3/0x1ed0 [ 37.974004] preempt_schedule_common+0x1f/0xd0 [ 37.974008] preempt_schedule+0x4d/0x60 [ 37.974013] ___preempt_schedule+0x16/0x18 [ 37.974018] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.974022] __call_srcu+0x7f9/0x1070 [ 37.974027] __synchronize_srcu+0x17b/0x230 [ 37.974031] synchronize_srcu+0x356/0x5ab [ 37.974037] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.974041] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.974046] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.974050] kvm_put_kvm+0x6c8/0xff0 [ 37.974055] kvm_vm_release+0x42/0x50 [ 37.974058] __fput+0x385/0xa30 [ 37.974063] ____fput+0x15/0x20 [ 37.974067] task_work_run+0x1e8/0x2a0 [ 37.974071] do_exit+0x1ad7/0x2610 [ 37.974075] do_group_exit+0x177/0x440 [ 37.974080] __x64_sys_exit_group+0x3e/0x50 [ 37.974085] do_syscall_64+0x1b9/0x820 [ 37.974090] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.974092] [ 37.974095] -> #2 (&rq->lock){-.-.}: [ 37.974110] _raw_spin_lock+0x2d/0x40 [ 37.974115] task_fork_fair+0xb0/0x6d0 [ 37.974119] sched_fork+0x443/0xba0 [ 37.974124] copy_process+0x2586/0x8780 [ 37.974128] _do_fork+0x1cb/0x11d0 [ 37.974132] kernel_thread+0x34/0x40 [ 37.974136] rest_init+0x22/0xe5 [ 37.974140] start_kernel+0x8f4/0x92f [ 37.974145] x86_64_start_reservations+0x29/0x2b [ 37.974150] x86_64_start_kernel+0x76/0x79 [ 37.974155] secondary_startup_64+0xa4/0xb0 [ 37.974157] [ 37.974160] -> #1 (&p->pi_lock){-.-.}: [ 37.974176] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.974180] try_to_wake_up+0xd2/0x12f0 [ 37.974190] wake_up_process+0x10/0x20 [ 37.974195] __up.isra.1+0x1c0/0x2a0 [ 37.974198] up+0x13c/0x1c0 [ 37.974203] __up_console_sem+0xbe/0x1b0 [ 37.974207] console_unlock+0x524/0x11a0 [ 37.974212] vprintk_emit+0x33d/0x930 [ 37.974216] vprintk_default+0x28/0x30 [ 37.974220] vprintk_func+0x7e/0x181 [ 37.974224] printk+0xa7/0xcf [ 37.974228] load_umh+0x51/0xbd [ 37.974233] do_one_initcall+0x145/0x957 [ 37.974237] kernel_init_freeable+0x4bb/0x5ae [ 37.974242] kernel_init+0x11/0x1b2 [ 37.974246] ret_from_fork+0x3a/0x50 [ 37.974249] [ 37.974251] -> #0 ((console_sem).lock){-...}: [ 37.974267] lock_acquire+0x1ed/0x520 [ 37.974272] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.974276] down_trylock+0x13/0x70 [ 37.974282] __down_trylock_console_sem+0xae/0x200 [ 37.974286] console_trylock+0x15/0xa0 [ 37.974290] vprintk_emit+0x322/0x930 [ 37.974295] vprintk_default+0x28/0x30 [ 37.974299] vprintk_func+0x7e/0x181 [ 37.974303] printk+0xa7/0xcf [ 37.974307] kasan_report+0x9b/0x110 [ 37.974312] __asan_report_load8_noabort+0x14/0x20 [ 37.974317] __schedule+0xfc3/0x1ed0 [ 37.974321] preempt_schedule_common+0x1f/0xd0 [ 37.974326] preempt_schedule+0x4d/0x60 [ 37.974330] ___preempt_schedule+0x16/0x18 [ 37.974335] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.974340] __call_srcu+0x7f9/0x1070 [ 37.974344] __synchronize_srcu+0x17b/0x230 [ 37.974349] synchronize_srcu+0x356/0x5ab [ 37.974354] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.974359] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.974363] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.974368] kvm_put_kvm+0x6c8/0xff0 [ 37.974372] kvm_vm_release+0x42/0x50 [ 37.974376] __fput+0x385/0xa30 [ 37.974380] ____fput+0x15/0x20 [ 37.974384] task_work_run+0x1e8/0x2a0 [ 37.974388] do_exit+0x1ad7/0x2610 [ 37.974393] do_group_exit+0x177/0x440 [ 37.974397] __x64_sys_exit_group+0x3e/0x50 [ 37.974402] do_syscall_64+0x1b9/0x820 [ 37.974407] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.974409] [ 37.974414] other info that might help us debug this: [ 37.974417] [ 37.974421] Chain exists of: [ 37.974423] (console_sem).lock --> &rq->lock --> report_lock [ 37.974443] [ 37.974448] Possible unsafe locking scenario: [ 37.974450] [ 37.974455] CPU0 CPU1 [ 37.974459] ---- ---- [ 37.974462] lock(report_lock); [ 37.974472] lock(&rq->lock); [ 37.974482] lock(report_lock); [ 37.974491] lock((console_sem).lock); [ 37.974500] [ 37.974504] *** DEADLOCK *** [ 37.974506] [ 37.974511] 2 locks held by syz-executor820/5344: [ 37.974514] #0: 000000000732e4e5 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 37.974532] #1: 00000000a3fbf266 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 37.974551] [ 37.974554] stack backtrace: [ 37.974561] CPU: 1 PID: 5344 Comm: syz-executor820 Not tainted 4.19.0-rc3+ #9 [ 37.974569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.974573] Call Trace: [ 37.974577] dump_stack+0x1c4/0x2b4 [ 37.974582] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.974586] ? vprintk_func+0x85/0x181 [ 37.974592] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 37.974605] ? save_trace+0xe0/0x290 [ 37.974609] __lock_acquire+0x33e4/0x4ec0 [ 37.974614] ? mark_held_locks+0x130/0x130 [ 37.974618] ? mark_held_locks+0x130/0x130 [ 37.974622] ? rcu_bh_qs+0xc0/0xc0 [ 37.974627] ? unwind_dump+0x190/0x190 [ 37.974632] ? is_bpf_text_address+0xd3/0x170 [ 37.974636] ? kernel_text_address+0x79/0xf0 [ 37.974641] ? __kernel_text_address+0xd/0x40 [ 37.974646] ? __save_stack_trace+0x8d/0xf0 [ 37.974651] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 37.974655] ? save_trace+0x290/0x290 [ 37.974659] ? save_stack_trace+0x1a/0x20 [ 37.974664] ? save_trace+0xe0/0x290 [ 37.974668] ? kasan_check_read+0x11/0x20 [ 37.974672] ? graph_lock+0x170/0x170 [ 37.974678] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.974682] lock_acquire+0x1ed/0x520 [ 37.974686] ? down_trylock+0x13/0x70 [ 37.974691] ? find_held_lock+0x36/0x1c0 [ 37.974695] ? lock_release+0x970/0x970 [ 37.974700] ? trace_hardirqs_off+0xb8/0x310 [ 37.974705] ? vprintk_emit+0x1d3/0x930 [ 37.974709] ? trace_hardirqs_on+0x310/0x310 [ 37.974714] ? trace_hardirqs_off+0xb8/0x310 [ 37.974718] ? log_store+0x344/0x4c0 [ 37.974722] ? vprintk_emit+0x322/0x930 [ 37.974727] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.974731] ? down_trylock+0x13/0x70 [ 37.974736] down_trylock+0x13/0x70 [ 37.974741] __down_trylock_console_sem+0xae/0x200 [ 37.974745] console_trylock+0x15/0xa0 [ 37.974749] vprintk_emit+0x322/0x930 [ 37.974754] ? wake_up_klogd+0x180/0x180 [ 37.974759] ? run_rebalance_domains+0x500/0x500 [ 37.974763] ? wake_up_worker+0x117/0x190 [ 37.974768] ? find_held_lock+0x36/0x1c0 [ 37.974772] ? __queue_work+0x6be/0x1440 [ 37.974777] ? lock_acquire+0x1ed/0x520 [ 37.974781] vprintk_default+0x28/0x30 [ 37.974785] vprintk_func+0x7e/0x181 [ 37.974789] printk+0xa7/0xcf [ 37.974794] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.974799] ? kasan_check_write+0x14/0x20 [ 37.974803] ? do_raw_spin_lock+0xc1/0x200 [ 37.974808] ? do_raw_spin_lock+0xc1/0x200 [ 37.974812] kasan_report+0x9b/0x110 [ 37.974816] ? __schedule+0xfc3/0x1ed0 [ 37.974821] __asan_report_load8_noabort+0x14/0x20 [ 37.974825] __schedule+0xfc3/0x1ed0 [ 37.974830] ? __sched_text_start+0x8/0x8 [ 37.974834] ? __lock_is_held+0xb5/0x140 [ 37.974839] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.974843] ? find_held_lock+0x36/0x1c0 [ 37.974848] ? __call_srcu+0x7f9/0x1070 [ 37.974853] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.974858] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.974863] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.974867] ? preempt_schedule+0x4d/0x60 [ 37.974872] preempt_schedule_common+0x1f/0xd0 [ 37.974876] preempt_schedule+0x4d/0x60 [ 37.974881] ___preempt_schedule+0x16/0x18 [ 37.974886] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.974890] __call_srcu+0x7f9/0x1070 [ 37.974895] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.974900] ? srcu_offline_cpu+0x120/0x120 [ 37.974904] ? debug_object_free+0x690/0x690 [ 37.974909] ? mark_held_locks+0x130/0x130 [ 37.974914] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.974918] ? lock_release+0x970/0x970 [ 37.974923] ? arch_local_save_flags+0x40/0x40 [ 37.974928] ? depot_save_stack+0x292/0x470 [ 37.974932] ? __lockdep_init_map+0x105/0x590 [ 37.974937] ? __init_waitqueue_head+0x9e/0x150 [ 37.974942] ? init_wait_entry+0x1c0/0x1c0 [ 37.974946] __synchronize_srcu+0x17b/0x230 [ 37.974951] ? call_srcu+0x10/0x10 [ 37.974955] ? rcu_unexpedite_gp+0x20/0x20 [ 37.974960] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.974966] ? check_preemption_disabled+0x48/0x200 [ 37.974970] synchronize_srcu+0x356/0x5ab [ 37.974975] ? lock_downgrade+0x900/0x900 [ 37.974980] ? synchronize_srcu_expedited+0x20/0x20 [ 37.974984] ? kasan_check_read+0x11/0x20 [ 37.974989] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.974994] ? kasan_check_write+0x14/0x20 [ 37.974998] ? do_raw_spin_lock+0xc1/0x200 [ 37.975004] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.975009] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.975013] ? kvfree+0x61/0x70 [ 37.975018] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.975022] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.975027] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.975031] ? kvm_arch_sync_events+0x30/0x30 [ 37.975037] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.975042] ? mmu_notifier_unregister+0x474/0x600 [ 37.975046] ? kfree+0x107/0x230 [ 37.975051] ? __mmu_notifier_register+0x30/0x30 [ 37.975055] ? __free_pages+0x10a/0x190 [ 37.975060] ? free_unref_page+0x960/0x960 [ 37.975064] kvm_put_kvm+0x6c8/0xff0 [ 37.975068] ? kvm_write_guest_cached+0x40/0x40 [ 37.975073] ? kvm_irqfd_release+0xd1/0x120 [ 37.975078] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.975082] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.975087] ? kasan_check_write+0x14/0x20 [ 37.975091] ? do_raw_spin_lock+0xc1/0x200 [ 37.975096] ? kvm_irqfd_release+0xdd/0 [ 37.975104] Lost 83 message(s)! [ 39.121233] Shutting down cpus with NMI [ 40.179094] Kernel Offset: disabled [ 40.182744] Rebooting in 86400 seconds..