[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.650695] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.511700] random: sshd: uninitialized urandom read (32 bytes read) [ 27.819692] random: sshd: uninitialized urandom read (32 bytes read) [ 28.386596] random: sshd: uninitialized urandom read (32 bytes read) [ 28.597162] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts. [ 34.273697] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.403814] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.429818] ================================================================== [ 34.439972] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 34.446194] Read of size 8 at addr ffff8801bafa8058 by task syz-executor012/5338 [ 34.453710] [ 34.455337] CPU: 1 PID: 5338 Comm: syz-executor012 Not tainted 4.19.0-rc2+ #5 [ 34.462598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.471948] Call Trace: [ 34.474539] dump_stack+0x1c4/0x2b4 [ 34.478162] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.483351] ? printk+0xa7/0xcf [ 34.486638] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.491395] print_address_description.cold.8+0x9/0x1ff [ 34.496772] kasan_report.cold.9+0x242/0x309 [ 34.501193] ? __schedule+0xfc3/0x1ed0 [ 34.505079] __asan_report_load8_noabort+0x14/0x20 [ 34.510011] __schedule+0xfc3/0x1ed0 [ 34.513732] ? __sched_text_start+0x8/0x8 [ 34.517881] ? __lock_is_held+0xb5/0x140 [ 34.521940] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.527039] ? find_held_lock+0x36/0x1c0 [ 34.531115] ? __call_srcu+0x7f9/0x1070 [ 34.535095] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.540209] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.545308] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.549887] ? preempt_schedule+0x4d/0x60 [ 34.554039] preempt_schedule_common+0x1f/0xd0 [ 34.558623] preempt_schedule+0x4d/0x60 [ 34.562604] ___preempt_schedule+0x16/0x18 [ 34.566845] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 34.571770] __call_srcu+0x7f9/0x1070 [ 34.575566] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 34.580693] ? srcu_offline_cpu+0x120/0x120 [ 34.585014] ? debug_object_free+0x690/0x690 [ 34.589420] ? mark_held_locks+0x130/0x130 [ 34.593660] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 34.598243] ? lock_release+0x970/0x970 [ 34.602213] ? arch_local_save_flags+0x40/0x40 [ 34.606799] ? depot_save_stack+0x292/0x470 [ 34.611159] ? __lockdep_init_map+0x105/0x590 [ 34.615659] ? __init_waitqueue_head+0x9e/0x150 [ 34.620326] ? init_wait_entry+0x1c0/0x1c0 [ 34.624567] __synchronize_srcu+0x17b/0x230 [ 34.628904] ? call_srcu+0x10/0x10 [ 34.632442] ? rcu_unexpedite_gp+0x20/0x20 [ 34.636710] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.642242] ? check_preemption_disabled+0x48/0x200 [ 34.647273] synchronize_srcu+0x356/0x5ab [ 34.651453] ? lock_downgrade+0x900/0x900 [ 34.655597] ? synchronize_srcu_expedited+0x20/0x20 [ 34.660610] ? kasan_check_read+0x11/0x20 [ 34.664847] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.669459] ? kasan_check_write+0x14/0x20 [ 34.673695] ? do_raw_spin_lock+0xc1/0x200 [ 34.677931] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.683648] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.689109] ? kvfree+0x61/0x70 [ 34.692390] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.697403] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.701461] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.705866] ? kvm_arch_sync_events+0x30/0x30 [ 34.710364] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.715905] ? mmu_notifier_unregister+0x474/0x600 [ 34.720835] ? kfree+0x107/0x230 [ 34.724208] ? __mmu_notifier_register+0x30/0x30 [ 34.728967] ? __free_pages+0x10a/0x190 [ 34.732936] ? free_unref_page+0x960/0x960 [ 34.737178] kvm_put_kvm+0x6c8/0xff0 [ 34.740901] ? kvm_write_guest_cached+0x40/0x40 [ 34.745568] ? kvm_irqfd_release+0xd1/0x120 [ 34.749886] ? _raw_spin_unlock_irq+0x27/0x80 [ 34.754375] ? _raw_spin_unlock_irq+0x27/0x80 [ 34.758879] ? kasan_check_write+0x14/0x20 [ 34.763136] ? do_raw_spin_lock+0xc1/0x200 [ 34.767373] ? kvm_irqfd_release+0xdd/0x120 [ 34.771703] ? kvm_irqfd_release+0xdd/0x120 [ 34.776035] ? kvm_put_kvm+0xff0/0xff0 [ 34.779920] kvm_vm_release+0x42/0x50 [ 34.783715] __fput+0x385/0xa30 [ 34.786993] ? get_max_files+0x20/0x20 [ 34.790883] ? ___might_sleep+0x1ed/0x300 [ 34.795026] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 34.800486] ? arch_local_save_flags+0x40/0x40 [ 34.805066] ? kasan_check_write+0x14/0x20 [ 34.809306] ? do_raw_spin_lock+0xc1/0x200 [ 34.813542] ____fput+0x15/0x20 [ 34.816819] task_work_run+0x1e8/0x2a0 [ 34.820702] ? task_work_cancel+0x240/0x240 [ 34.825051] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.830587] ? switch_task_namespaces+0x9d/0xd0 [ 34.835291] do_exit+0x1ad7/0x2610 [ 34.838837] ? find_held_lock+0x36/0x1c0 [ 34.842899] ? mm_update_next_owner+0x990/0x990 [ 34.847569] ? is_bpf_text_address+0xac/0x170 [ 34.852066] ? lock_downgrade+0x900/0x900 [ 34.856227] ? check_preemption_disabled+0x48/0x200 [ 34.861248] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 34.867049] ? kasan_check_read+0x11/0x20 [ 34.871199] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 34.876477] ? rcu_bh_qs+0xc0/0xc0 [ 34.880017] ? rcu_bh_qs+0xc0/0xc0 [ 34.883552] ? unwind_dump+0x190/0x190 [ 34.887445] ? is_bpf_text_address+0xd3/0x170 [ 34.891937] ? kernel_text_address+0x79/0xf0 [ 34.896346] ? __kernel_text_address+0xd/0x40 [ 34.900864] ? unwind_get_return_address+0x61/0xa0 [ 34.905810] ? __save_stack_trace+0x8d/0xf0 [ 34.910153] ? save_stack+0xa9/0xd0 [ 34.913783] ? save_stack+0x43/0xd0 [ 34.917423] ? __kasan_slab_free+0x102/0x150 [ 34.921828] ? kasan_slab_free+0xe/0x10 [ 34.925798] ? kmem_cache_free+0x83/0x290 [ 34.929949] ? putname+0xf2/0x130 [ 34.933407] ? __x64_sys_openat+0x9d/0x100 [ 34.937645] ? do_syscall_64+0x1b9/0x820 [ 34.941707] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.947074] ? trace_hardirqs_off+0xb8/0x310 [ 34.951495] ? kasan_check_read+0x11/0x20 [ 34.955652] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.960057] ? trace_hardirqs_on+0x310/0x310 [ 34.964469] ? kasan_check_write+0x14/0x20 [ 34.968703] ? trace_hardirqs_off+0xb8/0x310 [ 34.973155] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.978728] ? check_preemption_disabled+0x48/0x200 [ 34.983744] ? check_preemption_disabled+0x48/0x200 [ 34.988767] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 34.994303] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 34.999581] ? rcu_pm_notify+0xc0/0xc0 [ 35.003470] ? putname+0xf2/0x130 [ 35.006925] ? putname+0xf2/0x130 [ 35.010389] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.015407] ? kmem_cache_free+0x24f/0x290 [ 35.019648] ? putname+0xf7/0x130 [ 35.023115] do_group_exit+0x177/0x440 [ 35.027013] ? trace_hardirqs_on+0xbd/0x310 [ 35.031332] ? __ia32_sys_exit+0x50/0x50 [ 35.035390] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.040838] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.046380] __x64_sys_exit_group+0x3e/0x50 [ 35.050701] do_syscall_64+0x1b9/0x820 [ 35.054592] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.059955] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.064888] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.069733] ? trace_hardirqs_on_caller+0x310/0x310 [ 35.074747] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.079767] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.084794] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.089653] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.094840] RIP: 0033:0x43ef58 [ 35.098033] Code: c1 f8 1f d1 fa 29 c2 8d 04 52 c1 e0 02 41 29 c2 4d 63 d2 4b 8b 04 d1 0f b6 40 01 88 46 01 44 0f be 47 01 41 83 e8 01 44 89 c0 e9 44 89 c0 b9 67 00 00 00 c1 f8 1f d1 fa 29 c2 8d 04 52 c1 e0 [ 35.116932] RSP: 002b:00007ffc26fc3998 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.124642] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef58 [ 35.131911] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.139183] RBP: 00000000004be808 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.146451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 35.153716] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.160990] [ 35.162615] Allocated by task 5338: [ 35.166248] save_stack+0x43/0xd0 [ 35.169698] kasan_kmalloc+0xc7/0xe0 [ 35.173417] kasan_slab_alloc+0x12/0x20 [ 35.177387] kmem_cache_alloc+0x12e/0x730 [ 35.181535] vmx_create_vcpu+0xcf/0x25e0 [ 35.185593] kvm_arch_vcpu_create+0xe5/0x220 [ 35.189994] kvm_vm_ioctl+0x470/0x1d40 [ 35.193880] do_vfs_ioctl+0x1de/0x1720 [ 35.197765] ksys_ioctl+0xa9/0xd0 [ 35.201212] __x64_sys_ioctl+0x73/0xb0 [ 35.205105] do_syscall_64+0x1b9/0x820 [ 35.208996] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.214175] [ 35.215792] Freed by task 5338: [ 35.219068] save_stack+0x43/0xd0 [ 35.222526] __kasan_slab_free+0x102/0x150 [ 35.226766] kasan_slab_free+0xe/0x10 [ 35.230562] kmem_cache_free+0x83/0x290 [ 35.234532] vmx_free_vcpu+0x26b/0x300 [ 35.238414] kvm_arch_destroy_vm+0x365/0x7c0 [ 35.242819] kvm_put_kvm+0x6c8/0xff0 [ 35.246547] kvm_vm_release+0x42/0x50 [ 35.250345] __fput+0x385/0xa30 [ 35.253619] ____fput+0x15/0x20 [ 35.256907] task_work_run+0x1e8/0x2a0 [ 35.260789] do_exit+0x1ad7/0x2610 [ 35.264324] do_group_exit+0x177/0x440 [ 35.268213] __x64_sys_exit_group+0x3e/0x50 [ 35.272532] do_syscall_64+0x1b9/0x820 [ 35.276415] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.281592] [ 35.283220] The buggy address belongs to the object at ffff8801bafa8040 [ 35.283220] which belongs to the cache kvm_vcpu of size 23872 [ 35.295786] The buggy address is located 24 bytes inside of [ 35.295786] 23872-byte region [ffff8801bafa8040, ffff8801bafadd80) [ 35.307737] The buggy address belongs to the page: [ 35.312661] page:ffffea0006ebea00 count:1 mapcount:0 mapping:ffff8801d7f770c0 index:0x0 compound_mapcount: 0 [ 35.322634] flags: 0x2fffc0000008100(slab|head) [ 35.327307] raw: 02fffc0000008100 ffff8801d5664d48 ffff8801d5664d48 ffff8801d7f770c0 [ 35.335193] raw: 0000000000000000 ffff8801bafa8040 0000000100000001 0000000000000000 [ 35.343064] page dumped because: kasan: bad access detected [ 35.348763] [ 35.350380] Memory state around the buggy address: [ 35.355305] ffff8801bafa7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.362661] ffff8801bafa7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.370015] >ffff8801bafa8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 35.377365] ^ [ 35.383588] ffff8801bafa8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.390939] ffff8801bafa8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.398290] ================================================================== [ 35.405644] Kernel panic - not syncing: panic_on_warn set ... [ 35.405644] [ 35.413016] CPU: 1 PID: 5338 Comm: syz-executor012 Tainted: G B 4.19.0-rc2+ #5 [ 35.421667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.431008] Call Trace: [ 35.433596] dump_stack+0x1c4/0x2b4 [ 35.437233] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.442426] ? lock_downgrade+0x900/0x900 [ 35.446578] panic+0x238/0x4e7 [ 35.449767] ? add_taint.cold.5+0x16/0x16 [ 35.453916] ? print_shadow_for_address+0xb6/0x116 [ 35.458845] ? trace_hardirqs_off+0xaf/0x310 [ 35.463256] kasan_end_report+0x47/0x4f [ 35.467232] kasan_report.cold.9+0x76/0x309 [ 35.471552] ? __schedule+0xfc3/0x1ed0 [ 35.475437] __asan_report_load8_noabort+0x14/0x20 [ 35.480363] __schedule+0xfc3/0x1ed0 [ 35.484079] ? __sched_text_start+0x8/0x8 [ 35.488240] ? __lock_is_held+0xb5/0x140 [ 35.492304] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.497407] ? find_held_lock+0x36/0x1c0 [ 35.501478] ? __call_srcu+0x7f9/0x1070 [ 35.505451] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.510553] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.515656] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.520243] ? preempt_schedule+0x4d/0x60 [ 35.524392] preempt_schedule_common+0x1f/0xd0 [ 35.528974] preempt_schedule+0x4d/0x60 [ 35.532960] ___preempt_schedule+0x16/0x18 [ 35.537196] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.542138] __call_srcu+0x7f9/0x1070 [ 35.545943] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 35.551052] ? srcu_offline_cpu+0x120/0x120 [ 35.555372] ? debug_object_free+0x690/0x690 [ 35.559778] ? mark_held_locks+0x130/0x130 [ 35.564011] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 35.568595] ? lock_release+0x970/0x970 [ 35.572576] ? arch_local_save_flags+0x40/0x40 [ 35.577156] ? depot_save_stack+0x292/0x470 [ 35.581485] ? __lockdep_init_map+0x105/0x590 [ 35.585979] ? __init_waitqueue_head+0x9e/0x150 [ 35.590655] ? init_wait_entry+0x1c0/0x1c0 [ 35.594900] __synchronize_srcu+0x17b/0x230 [ 35.599232] ? call_srcu+0x10/0x10 [ 35.602771] ? rcu_unexpedite_gp+0x20/0x20 [ 35.607009] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.612545] ? check_preemption_disabled+0x48/0x200 [ 35.617561] synchronize_srcu+0x356/0x5ab [ 35.621709] ? lock_downgrade+0x900/0x900 [ 35.625861] ? synchronize_srcu_expedited+0x20/0x20 [ 35.630885] ? kasan_check_read+0x11/0x20 [ 35.635033] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.639614] ? kasan_check_write+0x14/0x20 [ 35.643853] ? do_raw_spin_lock+0xc1/0x200 [ 35.648091] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.653811] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.659262] ? kvfree+0x61/0x70 [ 35.662543] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.667560] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.671618] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.676035] ? kvm_arch_sync_events+0x30/0x30 [ 35.680533] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.686086] ? mmu_notifier_unregister+0x474/0x600 [ 35.691024] ? kfree+0x107/0x230 [ 35.694394] ? __mmu_notifier_register+0x30/0x30 [ 35.699152] ? __free_pages+0x10a/0x190 [ 35.703133] ? free_unref_page+0x960/0x960 [ 35.707380] kvm_put_kvm+0x6c8/0xff0 [ 35.711109] ? kvm_write_guest_cached+0x40/0x40 [ 35.715790] ? kvm_irqfd_release+0xd1/0x120 [ 35.720124] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.724619] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.729137] ? kasan_check_write+0x14/0x20 [ 35.733375] ? do_raw_spin_lock+0xc1/0x200 [ 35.737613] ? kvm_irqfd_release+0xdd/0x120 [ 35.741938] ? kvm_irqfd_release+0xdd/0x120 [ 35.746263] ? kvm_put_kvm+0xff0/0xff0 [ 35.750149] kvm_vm_release+0x42/0x50 [ 35.753949] __fput+0x385/0xa30 [ 35.757229] ? get_max_files+0x20/0x20 [ 35.761125] ? ___might_sleep+0x1ed/0x300 [ 35.765277] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.770727] ? arch_local_save_flags+0x40/0x40 [ 35.775307] ? kasan_check_write+0x14/0x20 [ 35.779541] ? do_raw_spin_lock+0xc1/0x200 [ 35.783774] ____fput+0x15/0x20 [ 35.787053] task_work_run+0x1e8/0x2a0 [ 35.790941] ? task_work_cancel+0x240/0x240 [ 35.795264] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.800798] ? switch_task_namespaces+0x9d/0xd0 [ 35.805468] do_exit+0x1ad7/0x2610 [ 35.809007] ? find_held_lock+0x36/0x1c0 [ 35.813073] ? mm_update_next_owner+0x990/0x990 [ 35.817754] ? is_bpf_text_address+0xac/0x170 [ 35.822249] ? lock_downgrade+0x900/0x900 [ 35.826400] ? check_preemption_disabled+0x48/0x200 [ 35.831428] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 35.837232] ? kasan_check_read+0x11/0x20 [ 35.841380] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 35.846661] ? rcu_bh_qs+0xc0/0xc0 [ 35.850200] ? rcu_bh_qs+0xc0/0xc0 [ 35.853744] ? unwind_dump+0x190/0x190 [ 35.857639] ? is_bpf_text_address+0xd3/0x170 [ 35.862140] ? kernel_text_address+0x79/0xf0 [ 35.866545] ? __kernel_text_address+0xd/0x40 [ 35.871035] ? unwind_get_return_address+0x61/0xa0 [ 35.875967] ? __save_stack_trace+0x8d/0xf0 [ 35.880294] ? save_stack+0xa9/0xd0 [ 35.883919] ? save_stack+0x43/0xd0 [ 35.887542] ? __kasan_slab_free+0x102/0x150 [ 35.891948] ? kasan_slab_free+0xe/0x10 [ 35.895925] ? kmem_cache_free+0x83/0x290 [ 35.900069] ? putname+0xf2/0x130 [ 35.903550] ? __x64_sys_openat+0x9d/0x100 [ 35.907788] ? do_syscall_64+0x1b9/0x820 [ 35.911850] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.917218] ? trace_hardirqs_off+0xb8/0x310 [ 35.921658] ? kasan_check_read+0x11/0x20 [ 35.925815] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.930223] ? trace_hardirqs_on+0x310/0x310 [ 35.934638] ? kasan_check_write+0x14/0x20 [ 35.938877] ? trace_hardirqs_off+0xb8/0x310 [ 35.943284] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.948819] ? check_preemption_disabled+0x48/0x200 [ 35.953833] ? check_preemption_disabled+0x48/0x200 [ 35.959109] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 35.964656] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 35.969934] ? rcu_pm_notify+0xc0/0xc0 [ 35.973821] ? putname+0xf2/0x130 [ 35.977271] ? putname+0xf2/0x130 [ 35.980724] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.985738] ? kmem_cache_free+0x24f/0x290 [ 35.989972] ? putname+0xf7/0x130 [ 35.993431] do_group_exit+0x177/0x440 [ 35.997322] ? trace_hardirqs_on+0xbd/0x310 [ 36.001644] ? __ia32_sys_exit+0x50/0x50 [ 36.005706] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.011158] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.016698] __x64_sys_exit_group+0x3e/0x50 [ 36.021022] do_syscall_64+0x1b9/0x820 [ 36.024914] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.030277] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.035204] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.040044] ? trace_hardirqs_on_caller+0x310/0x310 [ 36.045059] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.050076] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.055111] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.059957] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.065656] RIP: 0033:0x43ef58 [ 36.068858] Code: c1 f8 1f d1 fa 29 c2 8d 04 52 c1 e0 02 41 29 c2 4d 63 d2 4b 8b 04 d1 0f b6 40 01 88 46 01 44 0f be 47 01 41 83 e8 01 44 89 c0 e9 44 89 c0 b9 67 00 00 00 c1 f8 1f d1 fa 29 c2 8d 04 52 c1 e0 [ 36.087753] RSP: 002b:00007ffc26fc3998 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.095458] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef58 [ 36.102724] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.109991] RBP: 00000000004be808 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.117255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 36.124523] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.131800] [ 36.131806] ====================================================== [ 36.131811] WARNING: possible circular locking dependency detected [ 36.131815] 4.19.0-rc2+ #5 Not tainted [ 36.131821] ------------------------------------------------------ [ 36.131826] syz-executor012/5338 is trying to acquire lock: [ 36.131830] 00000000b000f196 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 36.131846] [ 36.131850] but task is already holding lock: [ 36.131854] 00000000ce7d3095 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 36.131869] [ 36.131874] which lock already depends on the new lock. [ 36.131876] [ 36.131879] [ 36.131884] the existing dependency chain (in reverse order) is: [ 36.131887] [ 36.131889] -> #3 (report_lock){....}: [ 36.131905] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.131909] kasan_report+0x8b/0x110 [ 36.131914] __asan_report_load8_noabort+0x14/0x20 [ 36.131918] __schedule+0xfc3/0x1ed0 [ 36.131922] preempt_schedule_common+0x1f/0xd0 [ 36.131927] preempt_schedule+0x4d/0x60 [ 36.131931] ___preempt_schedule+0x16/0x18 [ 36.131936] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.131940] __call_srcu+0x7f9/0x1070 [ 36.131944] __synchronize_srcu+0x17b/0x230 [ 36.131949] synchronize_srcu+0x356/0x5ab [ 36.131954] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.131958] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.131962] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.131967] kvm_put_kvm+0x6c8/0xff0 [ 36.131971] kvm_vm_release+0x42/0x50 [ 36.131975] __fput+0x385/0xa30 [ 36.131978] ____fput+0x15/0x20 [ 36.131983] task_work_run+0x1e8/0x2a0 [ 36.131987] do_exit+0x1ad7/0x2610 [ 36.131991] do_group_exit+0x177/0x440 [ 36.131995] __x64_sys_exit_group+0x3e/0x50 [ 36.131999] do_syscall_64+0x1b9/0x820 [ 36.132004] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.132007] [ 36.132009] -> #2 (&rq->lock){-.-.}: [ 36.132024] _raw_spin_lock+0x2d/0x40 [ 36.132028] task_fork_fair+0xb0/0x6d0 [ 36.132032] sched_fork+0x443/0xba0 [ 36.132037] copy_process+0x2586/0x8780 [ 36.132041] _do_fork+0x1cb/0x11d0 [ 36.132045] kernel_thread+0x34/0x40 [ 36.132048] rest_init+0x22/0xe5 [ 36.132053] start_kernel+0x8f4/0x92f [ 36.132057] x86_64_start_reservations+0x29/0x2b [ 36.132062] x86_64_start_kernel+0x76/0x79 [ 36.132066] secondary_startup_64+0xa4/0xb0 [ 36.132068] [ 36.132071] -> #1 (&p->pi_lock){-.-.}: [ 36.132086] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.132091] try_to_wake_up+0xd2/0x12f0 [ 36.132095] wake_up_process+0x10/0x20 [ 36.132107] __up.isra.1+0x1c0/0x2a0 [ 36.132111] up+0x13c/0x1c0 [ 36.132115] __up_console_sem+0xbe/0x1b0 [ 36.132120] console_unlock+0x524/0x11a0 [ 36.132124] vprintk_emit+0x33d/0x930 [ 36.132128] vprintk_default+0x28/0x30 [ 36.132132] vprintk_func+0x7e/0x181 [ 36.132136] printk+0xa7/0xcf [ 36.132140] load_umh+0x51/0xbd [ 36.132144] do_one_initcall+0x145/0x957 [ 36.132149] kernel_init_freeable+0x4bb/0x5ae [ 36.132153] kernel_init+0x11/0x1b2 [ 36.132157] ret_from_fork+0x3a/0x50 [ 36.132160] [ 36.132162] -> #0 ((console_sem).lock){-...}: [ 36.132178] lock_acquire+0x1ed/0x520 [ 36.132183] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.132186] down_trylock+0x13/0x70 [ 36.132191] __down_trylock_console_sem+0xae/0x200 [ 36.132196] console_trylock+0x15/0xa0 [ 36.132200] vprintk_emit+0x322/0x930 [ 36.132204] vprintk_default+0x28/0x30 [ 36.132208] vprintk_func+0x7e/0x181 [ 36.132212] printk+0xa7/0xcf [ 36.132216] kasan_report+0x9b/0x110 [ 36.132221] __asan_report_load8_noabort+0x14/0x20 [ 36.132226] __schedule+0xfc3/0x1ed0 [ 36.132230] preempt_schedule_common+0x1f/0xd0 [ 36.132235] preempt_schedule+0x4d/0x60 [ 36.132239] ___preempt_schedule+0x16/0x18 [ 36.132244] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.132248] __call_srcu+0x7f9/0x1070 [ 36.132253] __synchronize_srcu+0x17b/0x230 [ 36.132257] synchronize_srcu+0x356/0x5ab [ 36.132262] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.132267] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.132271] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.132275] kvm_put_kvm+0x6c8/0xff0 [ 36.132280] kvm_vm_release+0x42/0x50 [ 36.132283] __fput+0x385/0xa30 [ 36.132287] ____fput+0x15/0x20 [ 36.132292] task_work_run+0x1e8/0x2a0 [ 36.132296] do_exit+0x1ad7/0x2610 [ 36.132300] do_group_exit+0x177/0x440 [ 36.132304] __x64_sys_exit_group+0x3e/0x50 [ 36.132309] do_syscall_64+0x1b9/0x820 [ 36.132314] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.132316] [ 36.132321] other info that might help us debug this: [ 36.132323] [ 36.132327] Chain exists of: [ 36.132329] (console_sem).lock --> &rq->lock --> report_lock [ 36.132349] [ 36.132353] Possible unsafe locking scenario: [ 36.132356] [ 36.132360] CPU0 CPU1 [ 36.132364] ---- ---- [ 36.132367] lock(report_lock); [ 36.132377] lock(&rq->lock); [ 36.132387] lock(report_lock); [ 36.132396] lock((console_sem).lock); [ 36.132404] [ 36.132408] *** DEADLOCK *** [ 36.132410] [ 36.132415] 2 locks held by syz-executor012/5338: [ 36.132417] #0: 00000000d5aaeb61 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 36.132436] #1: 00000000ce7d3095 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 36.132454] [ 36.132457] stack backtrace: [ 36.132464] CPU: 1 PID: 5338 Comm: syz-executor012 Not tainted 4.19.0-rc2+ #5 [ 36.132471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.132475] Call Trace: [ 36.132479] dump_stack+0x1c4/0x2b4 [ 36.132484] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.132488] ? vprintk_func+0x85/0x181 [ 36.132493] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 36.132497] ? save_trace+0xe0/0x290 [ 36.132501] __lock_acquire+0x33e4/0x4ec0 [ 36.132506] ? mark_held_locks+0x130/0x130 [ 36.132510] ? mark_held_locks+0x130/0x130 [ 36.132514] ? rcu_bh_qs+0xc0/0xc0 [ 36.132518] ? unwind_dump+0x190/0x190 [ 36.132523] ? is_bpf_text_address+0xd3/0x170 [ 36.132527] ? kernel_text_address+0x79/0xf0 [ 36.132532] ? __kernel_text_address+0xd/0x40 [ 36.132536] ? __save_stack_trace+0x8d/0xf0 [ 36.132541] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 36.132545] ? save_trace+0x290/0x290 [ 36.132550] ? save_stack_trace+0x1a/0x20 [ 36.132554] ? save_trace+0xe0/0x290 [ 36.132558] ? kasan_check_read+0x11/0x20 [ 36.132562] ? graph_lock+0x170/0x170 [ 36.132568] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.132572] lock_acquire+0x1ed/0x520 [ 36.132576] ? down_trylock+0x13/0x70 [ 36.132580] ? find_held_lock+0x36/0x1c0 [ 36.132584] ? lock_release+0x970/0x970 [ 36.132589] ? trace_hardirqs_off+0xb8/0x310 [ 36.132593] ? vprintk_emit+0x1d3/0x930 [ 36.132598] ? trace_hardirqs_on+0x310/0x310 [ 36.132602] ? trace_hardirqs_off+0xb8/0x310 [ 36.132606] ? log_store+0x344/0x4c0 [ 36.132611] ? vprintk_emit+0x322/0x930 [ 36.132615] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.132619] ? down_trylock+0x13/0x70 [ 36.132623] down_trylock+0x13/0x70 [ 36.132634] __down_trylock_console_sem+0xae/0x200 [ 36.132638] console_trylock+0x15/0xa0 [ 36.132642] vprintk_emit+0x322/0x930 [ 36.132647] ? wake_up_klogd+0x180/0x180 [ 36.132651] ? run_rebalance_domains+0x500/0x500 [ 36.132656] ? wake_up_worker+0x117/0x190 [ 36.132660] ? find_held_lock+0x36/0x1c0 [ 36.132664] ? __queue_work+0x6be/0x1440 [ 36.132669] ? lock_acquire+0x1ed/0x520 [ 36.132673] vprintk_default+0x28/0x30 [ 36.132677] vprintk_func+0x7e/0x181 [ 36.132680] printk+0xa7/0xcf [ 36.132685] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.132690] ? kasan_check_write+0x14/0x20 [ 36.132694] ? do_raw_spin_lock+0xc1/0x200 [ 36.132698] ? do_raw_spin_lock+0xc1/0x200 [ 36.132702] kasan_report+0x9b/0x110 [ 36.132706] ? __schedule+0xfc3/0x1ed0 [ 36.132711] __asan_report_load8_noabort+0x14/0x20 [ 36.132715] __schedule+0xfc3/0x1ed0 [ 36.132720] ? __sched_text_start+0x8/0x8 [ 36.132724] ? __lock_is_held+0xb5/0x140 [ 36.132729] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.132733] ? find_held_lock+0x36/0x1c0 [ 36.132737] ? __call_srcu+0x7f9/0x1070 [ 36.132742] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.132747] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.132752] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.132756] ? preempt_schedule+0x4d/0x60 [ 36.132761] preempt_schedule_common+0x1f/0xd0 [ 36.132765] preempt_schedule+0x4d/0x60 [ 36.132770] ___preempt_schedule+0x16/0x18 [ 36.132775] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.132779] __call_srcu+0x7f9/0x1070 [ 36.132784] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 36.132788] ? srcu_offline_cpu+0x120/0x120 [ 36.132793] ? debug_object_free+0x690/0x690 [ 36.132797] ? mark_held_locks+0x130/0x130 [ 36.132802] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 36.132806] ? lock_release+0x970/0x970 [ 36.132811] ? arch_local_save_flags+0x40/0x40 [ 36.132815] ? depot_save_stack+0x292/0x470 [ 36.132820] ? __lockdep_init_map+0x105/0x590 [ 36.132825] ? __init_waitqueue_head+0x9e/0x150 [ 36.132829] ? init_wait_entry+0x1c0/0x1c0 [ 36.132834] __synchronize_srcu+0x17b/0x230 [ 36.132838] ? call_srcu+0x10/0x10 [ 36.132842] ? rcu_unexpedite_gp+0x20/0x20 [ 36.132847] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.132852] ? check_preemption_disabled+0x48/0x200 [ 36.132856] synchronize_srcu+0x356/0x5ab [ 36.132861] ? lock_downgrade+0x900/0x900 [ 36.132865] ? synchronize_srcu_expedited+0x20/0x20 [ 36.132870] ? kasan_check_read+0x11/0x20 [ 36.132874] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.132879] ? kasan_check_write+0x14/0x20 [ 36.132883] ? do_raw_spin_lock+0xc1/0x200 [ 36.132888] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.132893] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.132897] ? kvfree+0x61/0x70 [ 36.132902] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.132906] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.132911] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.132915] ? kvm_arch_sync_events+0x30/0x30 [ 36.132920] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.132925] ? mmu_notifier_unregister+0x474/0x600 [ 36.132929] ? kfree+0x107/0x230 [ 36.132934] ? __mmu_notifier_register+0x30/0x30 [ 36.132938] ? __free_pages+0x10a/0x190 [ 36.132942] ? free_unref_page+0x960/0x960 [ 36.132946] kvm_put_kvm+0x6c8/0xff0 [ 36.132951] ? kvm_write_guest_cached+0x40/0x40 [ 36.132956] ? kvm_irqfd_release+0xd1/0x120 [ 36.132960] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.132965] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.132969] ? kasan_check_write+0x14/0x20 [ 36.132973] ? do_raw_spin_lock+0xc1/0x200 [ 36.132977] ? kvm_irqfd_release+0xdd/0 [ 36.132985] Lost 82 message(s)! [ 37.288618] Shutting down cpus with NMI [ 38.345913] Dumping ftrace buffer: [ 38.349437] (ftrace buffer empty) [ 38.353653] Kernel Offset: disabled [ 38.357274] Rebooting in 86400 seconds..