[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.826262] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.543526] random: sshd: uninitialized urandom read (32 bytes read) [ 28.896679] random: sshd: uninitialized urandom read (32 bytes read) [ 29.491159] random: sshd: uninitialized urandom read (32 bytes read) [ 29.704988] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts. [ 35.460011] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 35.592512] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 35.617462] ================================================================== [ 35.627421] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 35.633647] Read of size 8 at addr ffff8801d8bf8058 by task syz-executor332/5333 [ 35.641171] [ 35.642802] CPU: 1 PID: 5333 Comm: syz-executor332 Not tainted 4.19.0-rc3+ #231 [ 35.650248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.659605] Call Trace: [ 35.662199] dump_stack+0x1c4/0x2b4 [ 35.665823] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.671012] ? printk+0xa7/0xcf [ 35.674289] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.679053] print_address_description.cold.8+0x9/0x1ff [ 35.684429] kasan_report.cold.9+0x242/0x309 [ 35.688837] ? __schedule+0xfc3/0x1ed0 [ 35.692734] __asan_report_load8_noabort+0x14/0x20 [ 35.697663] __schedule+0xfc3/0x1ed0 [ 35.701387] ? __sched_text_start+0x8/0x8 [ 35.705537] ? __lock_is_held+0xb5/0x140 [ 35.709599] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.714707] ? find_held_lock+0x36/0x1c0 [ 35.719261] ? __call_srcu+0x7f9/0x1070 [ 35.723250] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.728359] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.733469] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.738049] ? preempt_schedule+0x4d/0x60 [ 35.742200] preempt_schedule_common+0x1f/0xd0 [ 35.746793] preempt_schedule+0x4d/0x60 [ 35.750774] ___preempt_schedule+0x16/0x18 [ 35.755025] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.759957] __call_srcu+0x7f9/0x1070 [ 35.763759] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 35.768875] ? srcu_offline_cpu+0x120/0x120 [ 35.773210] ? debug_object_free+0x690/0x690 [ 35.777625] ? mark_held_locks+0x130/0x130 [ 35.781876] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 35.786468] ? lock_release+0x970/0x970 [ 35.790448] ? arch_local_save_flags+0x40/0x40 [ 35.795049] ? depot_save_stack+0x292/0x470 [ 35.799394] ? __lockdep_init_map+0x105/0x590 [ 35.803911] ? __init_waitqueue_head+0x9e/0x150 [ 35.808587] ? init_wait_entry+0x1c0/0x1c0 [ 35.812830] __synchronize_srcu+0x17b/0x230 [ 35.817158] ? call_srcu+0x10/0x10 [ 35.820713] ? rcu_unexpedite_gp+0x20/0x20 [ 35.824969] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.830505] ? check_preemption_disabled+0x48/0x200 [ 35.835530] synchronize_srcu+0x356/0x5ab [ 35.839691] ? lock_downgrade+0x900/0x900 [ 35.843839] ? synchronize_srcu_expedited+0x20/0x20 [ 35.848880] ? kasan_check_read+0x11/0x20 [ 35.853038] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.857624] ? kasan_check_write+0x14/0x20 [ 35.861882] ? do_raw_spin_lock+0xc1/0x200 [ 35.866127] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.871845] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.877300] ? kvfree+0x61/0x70 [ 35.880597] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.885614] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.889671] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.894078] ? kvm_arch_sync_events+0x30/0x30 [ 35.898578] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.904116] ? mmu_notifier_unregister+0x474/0x600 [ 35.909053] ? kfree+0x107/0x230 [ 35.912422] ? __mmu_notifier_register+0x30/0x30 [ 35.917178] ? __free_pages+0x10a/0x190 [ 35.921148] ? free_unref_page+0x960/0x960 [ 35.925399] kvm_put_kvm+0x6c8/0xff0 [ 35.929119] ? kvm_write_guest_cached+0x40/0x40 [ 35.933790] ? kvm_irqfd_release+0xd1/0x120 [ 35.938110] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.942600] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.947116] ? kasan_check_write+0x14/0x20 [ 35.951352] ? do_raw_spin_lock+0xc1/0x200 [ 35.955607] ? kvm_irqfd_release+0xdd/0x120 [ 35.959927] ? kvm_irqfd_release+0xdd/0x120 [ 35.964251] ? kvm_put_kvm+0xff0/0xff0 [ 35.968139] kvm_vm_release+0x42/0x50 [ 35.971935] __fput+0x385/0xa30 [ 35.975216] ? get_max_files+0x20/0x20 [ 35.979102] ? trace_hardirqs_on+0xbd/0x310 [ 35.983428] ? ___might_sleep+0x1ed/0x300 [ 35.987574] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.993024] ? arch_local_save_flags+0x40/0x40 [ 35.997611] ? kasan_check_write+0x14/0x20 [ 36.001842] ? do_raw_spin_lock+0xc1/0x200 [ 36.006083] ____fput+0x15/0x20 [ 36.009360] task_work_run+0x1e8/0x2a0 [ 36.013254] ? task_work_cancel+0x240/0x240 [ 36.017578] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.023113] ? switch_task_namespaces+0x9d/0xd0 [ 36.027784] do_exit+0x1ad7/0x2610 [ 36.031327] ? mm_update_next_owner+0x990/0x990 [ 36.036008] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 36.040248] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.045266] ? kfree+0x1fa/0x230 [ 36.048643] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 36.053065] ? kvm_vcpu_block+0x1030/0x1030 [ 36.057392] ? is_bpf_text_address+0xd3/0x170 [ 36.061893] ? kernel_text_address+0x79/0xf0 [ 36.066301] ? __kernel_text_address+0xd/0x40 [ 36.070792] ? unwind_get_return_address+0x61/0xa0 [ 36.075718] ? __save_stack_trace+0x8d/0xf0 [ 36.080044] ? save_stack+0xa9/0xd0 [ 36.083667] ? save_stack+0x43/0xd0 [ 36.087291] ? __kasan_slab_free+0x102/0x150 [ 36.091697] ? kasan_slab_free+0xe/0x10 [ 36.095668] ? putname+0xf2/0x130 [ 36.099120] ? __x64_sys_openat+0x9d/0x100 [ 36.103355] ? do_syscall_64+0x1b9/0x820 [ 36.107418] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.112788] ? trace_hardirqs_off+0xb8/0x310 [ 36.117201] ? kasan_check_read+0x11/0x20 [ 36.121347] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.125760] ? trace_hardirqs_on+0x310/0x310 [ 36.130170] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 36.135276] ? trace_hardirqs_off+0xb8/0x310 [ 36.139683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.145220] ? check_preemption_disabled+0x48/0x200 [ 36.150233] ? check_preemption_disabled+0x48/0x200 [ 36.155255] ? kvm_vcpu_block+0x1030/0x1030 [ 36.159580] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.165116] ? do_vfs_ioctl+0x201/0x1720 [ 36.169180] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 36.174546] ? ioctl_preallocate+0x300/0x300 [ 36.178956] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.184490] ? __fget_light+0x2e9/0x430 [ 36.188465] ? fget_raw+0x20/0x20 [ 36.191911] ? putname+0xf2/0x130 [ 36.195362] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.200388] ? kmem_cache_free+0x24f/0x290 [ 36.204621] ? putname+0xf7/0x130 [ 36.208075] do_group_exit+0x177/0x440 [ 36.211969] ? trace_hardirqs_on+0xbd/0x310 [ 36.216296] ? __ia32_sys_exit+0x50/0x50 [ 36.220357] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.225810] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.231343] ? ksys_ioctl+0x81/0xd0 [ 36.234977] __x64_sys_exit_group+0x3e/0x50 [ 36.239302] do_syscall_64+0x1b9/0x820 [ 36.243191] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.248555] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.253480] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.258324] ? trace_hardirqs_on_caller+0x310/0x310 [ 36.263342] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.268362] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.273389] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.278235] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.283420] RIP: 0033:0x43ed58 [ 36.286612] Code: Bad RIP value. [ 36.289972] RSP: 002b:00007ffd2552a698 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.297676] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed58 [ 36.304943] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.312220] RBP: 00000000004be608 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.319496] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.326771] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.334052] [ 36.335684] Allocated by task 5333: [ 36.339308] save_stack+0x43/0xd0 [ 36.342764] kasan_kmalloc+0xc7/0xe0 [ 36.346485] kasan_slab_alloc+0x12/0x20 [ 36.350456] kmem_cache_alloc+0x12e/0x730 [ 36.354608] vmx_create_vcpu+0xcf/0x25e0 [ 36.358673] kvm_arch_vcpu_create+0xe5/0x220 [ 36.363082] kvm_vm_ioctl+0x470/0x1d40 [ 36.366996] do_vfs_ioctl+0x1de/0x1720 [ 36.370888] ksys_ioctl+0xa9/0xd0 [ 36.374338] __x64_sys_ioctl+0x73/0xb0 [ 36.378226] do_syscall_64+0x1b9/0x820 [ 36.382115] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.387290] [ 36.388907] Freed by task 5333: [ 36.392184] save_stack+0x43/0xd0 [ 36.395631] __kasan_slab_free+0x102/0x150 [ 36.399871] kasan_slab_free+0xe/0x10 [ 36.403671] kmem_cache_free+0x83/0x290 [ 36.407644] vmx_free_vcpu+0x26b/0x300 [ 36.411530] kvm_arch_destroy_vm+0x365/0x7c0 [ 36.416109] kvm_put_kvm+0x6c8/0xff0 [ 36.419818] kvm_vm_release+0x42/0x50 [ 36.423616] __fput+0x385/0xa30 [ 36.426892] ____fput+0x15/0x20 [ 36.430176] task_work_run+0x1e8/0x2a0 [ 36.434069] do_exit+0x1ad7/0x2610 [ 36.437610] do_group_exit+0x177/0x440 [ 36.441494] __x64_sys_exit_group+0x3e/0x50 [ 36.445814] do_syscall_64+0x1b9/0x820 [ 36.449699] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.454888] [ 36.456511] The buggy address belongs to the object at ffff8801d8bf8040 [ 36.456511] which belongs to the cache kvm_vcpu of size 23872 [ 36.469087] The buggy address is located 24 bytes inside of [ 36.469087] 23872-byte region [ffff8801d8bf8040, ffff8801d8bfdd80) [ 36.481045] The buggy address belongs to the page: [ 36.485979] page:ffffea000762fe00 count:1 mapcount:0 mapping:ffff8801d7f8f040 index:0x0 compound_mapcount: 0 [ 36.496001] flags: 0x2fffc0000008100(slab|head) [ 36.500677] raw: 02fffc0000008100 ffff8801d5aa9e48 ffff8801d5aa9e48 ffff8801d7f8f040 [ 36.508561] raw: 0000000000000000 ffff8801d8bf8040 0000000100000001 0000000000000000 [ 36.516431] page dumped because: kasan: bad access detected [ 36.522143] [ 36.523762] Memory state around the buggy address: [ 36.528709] ffff8801d8bf7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.536075] ffff8801d8bf7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.543441] >ffff8801d8bf8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 36.550799] ^ [ 36.557037] ffff8801d8bf8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.564410] ffff8801d8bf8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.571768] ================================================================== [ 36.579124] Kernel panic - not syncing: panic_on_warn set ... [ 36.579124] [ 36.586492] CPU: 1 PID: 5333 Comm: syz-executor332 Tainted: G B 4.19.0-rc3+ #231 [ 36.595318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.604664] Call Trace: [ 36.607252] dump_stack+0x1c4/0x2b4 [ 36.610884] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.616079] ? lock_downgrade+0x900/0x900 [ 36.620230] panic+0x238/0x4e7 [ 36.623421] ? add_taint.cold.5+0x16/0x16 [ 36.627568] ? print_shadow_for_address+0xb6/0x116 [ 36.632504] ? trace_hardirqs_off+0xaf/0x310 [ 36.636943] kasan_end_report+0x47/0x4f [ 36.640928] kasan_report.cold.9+0x76/0x309 [ 36.645259] ? __schedule+0xfc3/0x1ed0 [ 36.649157] __asan_report_load8_noabort+0x14/0x20 [ 36.654096] __schedule+0xfc3/0x1ed0 [ 36.657813] ? __sched_text_start+0x8/0x8 [ 36.661962] ? __lock_is_held+0xb5/0x140 [ 36.666023] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.671129] ? find_held_lock+0x36/0x1c0 [ 36.675192] ? __call_srcu+0x7f9/0x1070 [ 36.679164] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.684268] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.689367] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.693965] ? preempt_schedule+0x4d/0x60 [ 36.698115] preempt_schedule_common+0x1f/0xd0 [ 36.702706] preempt_schedule+0x4d/0x60 [ 36.706680] ___preempt_schedule+0x16/0x18 [ 36.710920] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.715848] __call_srcu+0x7f9/0x1070 [ 36.720172] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 36.725282] ? srcu_offline_cpu+0x120/0x120 [ 36.729604] ? debug_object_free+0x690/0x690 [ 36.734012] ? mark_held_locks+0x130/0x130 [ 36.738242] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 36.742828] ? lock_release+0x970/0x970 [ 36.746809] ? arch_local_save_flags+0x40/0x40 [ 36.751393] ? depot_save_stack+0x292/0x470 [ 36.755717] ? __lockdep_init_map+0x105/0x590 [ 36.760217] ? __init_waitqueue_head+0x9e/0x150 [ 36.764907] ? init_wait_entry+0x1c0/0x1c0 [ 36.769154] __synchronize_srcu+0x17b/0x230 [ 36.773483] ? call_srcu+0x10/0x10 [ 36.777032] ? rcu_unexpedite_gp+0x20/0x20 [ 36.781277] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.786821] ? check_preemption_disabled+0x48/0x200 [ 36.791852] synchronize_srcu+0x356/0x5ab [ 36.796017] ? lock_downgrade+0x900/0x900 [ 36.800170] ? synchronize_srcu_expedited+0x20/0x20 [ 36.805203] ? kasan_check_read+0x11/0x20 [ 36.809375] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.813960] ? kasan_check_write+0x14/0x20 [ 36.818206] ? do_raw_spin_lock+0xc1/0x200 [ 36.822447] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.828161] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.833613] ? kvfree+0x61/0x70 [ 36.836898] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.841926] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.845994] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.850420] ? kvm_arch_sync_events+0x30/0x30 [ 36.854919] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.860457] ? mmu_notifier_unregister+0x474/0x600 [ 36.865389] ? kfree+0x107/0x230 [ 36.868763] ? __mmu_notifier_register+0x30/0x30 [ 36.873532] ? __free_pages+0x10a/0x190 [ 36.877520] ? free_unref_page+0x960/0x960 [ 36.881774] kvm_put_kvm+0x6c8/0xff0 [ 36.885498] ? kvm_write_guest_cached+0x40/0x40 [ 36.890177] ? kvm_irqfd_release+0xd1/0x120 [ 36.894503] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.898992] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.903512] ? kasan_check_write+0x14/0x20 [ 36.907746] ? do_raw_spin_lock+0xc1/0x200 [ 36.912003] ? kvm_irqfd_release+0xdd/0x120 [ 36.916327] ? kvm_irqfd_release+0xdd/0x120 [ 36.920657] ? kvm_put_kvm+0xff0/0xff0 [ 36.924555] kvm_vm_release+0x42/0x50 [ 36.928360] __fput+0x385/0xa30 [ 36.931646] ? get_max_files+0x20/0x20 [ 36.935533] ? trace_hardirqs_on+0xbd/0x310 [ 36.939869] ? ___might_sleep+0x1ed/0x300 [ 36.944019] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.949477] ? arch_local_save_flags+0x40/0x40 [ 36.954063] ? kasan_check_write+0x14/0x20 [ 36.958296] ? do_raw_spin_lock+0xc1/0x200 [ 36.962537] ____fput+0x15/0x20 [ 36.965822] task_work_run+0x1e8/0x2a0 [ 36.969719] ? task_work_cancel+0x240/0x240 [ 36.974050] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.979601] ? switch_task_namespaces+0x9d/0xd0 [ 36.984282] do_exit+0x1ad7/0x2610 [ 36.987832] ? mm_update_next_owner+0x990/0x990 [ 36.992523] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 36.996758] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.001776] ? kfree+0x1fa/0x230 [ 37.005147] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 37.009398] ? kvm_vcpu_block+0x1030/0x1030 [ 37.013728] ? is_bpf_text_address+0xd3/0x170 [ 37.018230] ? kernel_text_address+0x79/0xf0 [ 37.022643] ? __kernel_text_address+0xd/0x40 [ 37.027134] ? unwind_get_return_address+0x61/0xa0 [ 37.032060] ? __save_stack_trace+0x8d/0xf0 [ 37.036393] ? save_stack+0xa9/0xd0 [ 37.040015] ? save_stack+0x43/0xd0 [ 37.043634] ? __kasan_slab_free+0x102/0x150 [ 37.048034] ? kasan_slab_free+0xe/0x10 [ 37.052006] ? putname+0xf2/0x130 [ 37.055458] ? __x64_sys_openat+0x9d/0x100 [ 37.059687] ? do_syscall_64+0x1b9/0x820 [ 37.063745] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.069107] ? trace_hardirqs_off+0xb8/0x310 [ 37.073515] ? kasan_check_read+0x11/0x20 [ 37.077661] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.082067] ? trace_hardirqs_on+0x310/0x310 [ 37.086473] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 37.091573] ? trace_hardirqs_off+0xb8/0x310 [ 37.095981] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.101512] ? check_preemption_disabled+0x48/0x200 [ 37.106520] ? check_preemption_disabled+0x48/0x200 [ 37.111538] ? kvm_vcpu_block+0x1030/0x1030 [ 37.115869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.121406] ? do_vfs_ioctl+0x201/0x1720 [ 37.125467] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 37.130744] ? ioctl_preallocate+0x300/0x300 [ 37.135153] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.140690] ? __fget_light+0x2e9/0x430 [ 37.144662] ? fget_raw+0x20/0x20 [ 37.148106] ? putname+0xf2/0x130 [ 37.151560] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.156572] ? kmem_cache_free+0x24f/0x290 [ 37.160802] ? putname+0xf7/0x130 [ 37.164256] do_group_exit+0x177/0x440 [ 37.168142] ? trace_hardirqs_on+0xbd/0x310 [ 37.172464] ? __ia32_sys_exit+0x50/0x50 [ 37.176522] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.181985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.187520] ? ksys_ioctl+0x81/0xd0 [ 37.191147] __x64_sys_exit_group+0x3e/0x50 [ 37.195471] do_syscall_64+0x1b9/0x820 [ 37.199355] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.204719] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.209653] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.214495] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.219511] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.224523] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.229630] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.234479] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.239665] RIP: 0033:0x43ed58 [ 37.242867] Code: Bad RIP value. [ 37.246227] RSP: 002b:00007ffd2552a698 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.253937] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed58 [ 37.261201] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.268467] RBP: 00000000004be608 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.275765] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.283034] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 37.290324] [ 37.290330] ====================================================== [ 37.290336] WARNING: possible circular locking dependency detected [ 37.290340] 4.19.0-rc3+ #231 Not tainted [ 37.290346] ------------------------------------------------------ [ 37.290352] syz-executor332/5333 is trying to acquire lock: [ 37.290356] 00000000717afbd1 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 37.290377] [ 37.290382] but task is already holding lock: [ 37.290385] 00000000ba956787 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 37.290401] [ 37.290406] which lock already depends on the new lock. [ 37.290409] [ 37.290412] [ 37.290417] the existing dependency chain (in reverse order) is: [ 37.290420] [ 37.290422] -> #3 (report_lock){....}: [ 37.290438] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.290443] kasan_report+0x8b/0x110 [ 37.290448] __asan_report_load8_noabort+0x14/0x20 [ 37.290452] __schedule+0xfc3/0x1ed0 [ 37.290457] preempt_schedule_common+0x1f/0xd0 [ 37.290461] preempt_schedule+0x4d/0x60 [ 37.290466] ___preempt_schedule+0x16/0x18 [ 37.290471] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.290475] __call_srcu+0x7f9/0x1070 [ 37.290480] __synchronize_srcu+0x17b/0x230 [ 37.290484] synchronize_srcu+0x356/0x5ab [ 37.290490] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.290494] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.290499] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.290503] kvm_put_kvm+0x6c8/0xff0 [ 37.290507] kvm_vm_release+0x42/0x50 [ 37.290511] __fput+0x385/0xa30 [ 37.290515] ____fput+0x15/0x20 [ 37.290520] task_work_run+0x1e8/0x2a0 [ 37.290524] do_exit+0x1ad7/0x2610 [ 37.290528] do_group_exit+0x177/0x440 [ 37.290533] __x64_sys_exit_group+0x3e/0x50 [ 37.290537] do_syscall_64+0x1b9/0x820 [ 37.290542] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.290545] [ 37.290547] -> #2 (&rq->lock){-.-.}: [ 37.290563] _raw_spin_lock+0x2d/0x40 [ 37.290567] task_fork_fair+0xb0/0x6d0 [ 37.290571] sched_fork+0x443/0xba0 [ 37.290576] copy_process+0x2586/0x8780 [ 37.290580] _do_fork+0x1cb/0x11d0 [ 37.290584] kernel_thread+0x34/0x40 [ 37.290588] rest_init+0x22/0xe5 [ 37.290592] start_kernel+0x8f4/0x92f [ 37.290597] x86_64_start_reservations+0x29/0x2b [ 37.290602] x86_64_start_kernel+0x76/0x79 [ 37.290606] secondary_startup_64+0xa4/0xb0 [ 37.290609] [ 37.290611] -> #1 (&p->pi_lock){-.-.}: [ 37.290627] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.290632] try_to_wake_up+0xd2/0x12f0 [ 37.290636] wake_up_process+0x10/0x20 [ 37.290640] __up.isra.1+0x1c0/0x2a0 [ 37.290644] up+0x13c/0x1c0 [ 37.290648] __up_console_sem+0xbe/0x1b0 [ 37.290653] console_unlock+0x524/0x11a0 [ 37.290657] vprintk_emit+0x33d/0x930 [ 37.290661] vprintk_default+0x28/0x30 [ 37.290666] vprintk_func+0x7e/0x181 [ 37.290670] printk+0xa7/0xcf [ 37.290674] __dynamic_pr_debug+0x149/0x1c0 [ 37.290679] kobject_get_path+0x1b2/0x210 [ 37.290683] kobject_uevent_env+0x281/0x1360 [ 37.290688] reg_query_database+0x2f3/0x5d0 [ 37.290692] reg_process_hint+0x186/0xf30 [ 37.290696] reg_todo+0x49a/0xc20 [ 37.290701] process_one_work+0xc90/0x1b90 [ 37.290705] worker_thread+0x17f/0x1390 [ 37.290709] kthread+0x35a/0x420 [ 37.290714] ret_from_fork+0x3a/0x50 [ 37.290716] [ 37.290719] -> #0 ((console_sem).lock){-...}: [ 37.290735] lock_acquire+0x1ed/0x520 [ 37.290739] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.290744] down_trylock+0x13/0x70 [ 37.290749] __down_trylock_console_sem+0xae/0x200 [ 37.290753] console_trylock+0x15/0xa0 [ 37.290757] vprintk_emit+0x322/0x930 [ 37.290761] vprintk_default+0x28/0x30 [ 37.290766] vprintk_func+0x7e/0x181 [ 37.290769] printk+0xa7/0xcf [ 37.290774] kasan_report+0x9b/0x110 [ 37.290779] __asan_report_load8_noabort+0x14/0x20 [ 37.290783] __schedule+0xfc3/0x1ed0 [ 37.290788] preempt_schedule_common+0x1f/0xd0 [ 37.290792] preempt_schedule+0x4d/0x60 [ 37.290796] ___preempt_schedule+0x16/0x18 [ 37.290801] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.290806] __call_srcu+0x7f9/0x1070 [ 37.290810] __synchronize_srcu+0x17b/0x230 [ 37.290815] synchronize_srcu+0x356/0x5ab [ 37.290820] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.290825] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.290829] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.290834] kvm_put_kvm+0x6c8/0xff0 [ 37.290838] kvm_vm_release+0x42/0x50 [ 37.290842] __fput+0x385/0xa30 [ 37.290846] ____fput+0x15/0x20 [ 37.290850] task_work_run+0x1e8/0x2a0 [ 37.290854] do_exit+0x1ad7/0x2610 [ 37.290867] do_group_exit+0x177/0x440 [ 37.290871] __x64_sys_exit_group+0x3e/0x50 [ 37.290875] do_syscall_64+0x1b9/0x820 [ 37.290879] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.290881] [ 37.290887] other info that might help us debug this: [ 37.290889] [ 37.290893] Chain exists of: [ 37.290895] (console_sem).lock --> &rq->lock --> report_lock [ 37.290915] [ 37.290920] Possible unsafe locking scenario: [ 37.290922] [ 37.290927] CPU0 CPU1 [ 37.290931] ---- ---- [ 37.290934] lock(report_lock); [ 37.290944] lock(&rq->lock); [ 37.290955] lock(report_lock); [ 37.290963] lock((console_sem).lock); [ 37.290972] [ 37.290976] *** DEADLOCK *** [ 37.290979] [ 37.290983] 2 locks held by syz-executor332/5333: [ 37.290986] #0: 000000001f3e6a3c (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 37.291004] #1: 00000000ba956787 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 37.291023] [ 37.291027] stack backtrace: [ 37.291033] CPU: 1 PID: 5333 Comm: syz-executor332 Not tainted 4.19.0-rc3+ #231 [ 37.291041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.291045] Call Trace: [ 37.291049] dump_stack+0x1c4/0x2b4 [ 37.291054] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.291058] ? vprintk_func+0x85/0x181 [ 37.291064] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 37.291068] ? save_trace+0xe0/0x290 [ 37.291072] __lock_acquire+0x33e4/0x4ec0 [ 37.291077] ? mark_held_locks+0x130/0x130 [ 37.291081] ? mark_held_locks+0x130/0x130 [ 37.291085] ? rcu_bh_qs+0xc0/0xc0 [ 37.291090] ? unwind_dump+0x190/0x190 [ 37.291094] ? is_bpf_text_address+0xd3/0x170 [ 37.291099] ? kernel_text_address+0x79/0xf0 [ 37.291104] ? __kernel_text_address+0xd/0x40 [ 37.291108] ? __save_stack_trace+0x8d/0xf0 [ 37.291113] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 37.291117] ? save_trace+0x290/0x290 [ 37.291122] ? save_stack_trace+0x1a/0x20 [ 37.291126] ? save_trace+0xe0/0x290 [ 37.291130] ? kasan_check_read+0x11/0x20 [ 37.291135] ? graph_lock+0x170/0x170 [ 37.291140] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.291144] lock_acquire+0x1ed/0x520 [ 37.291149] ? down_trylock+0x13/0x70 [ 37.291153] ? find_held_lock+0x36/0x1c0 [ 37.291157] ? lock_release+0x970/0x970 [ 37.291162] ? trace_hardirqs_off+0xb8/0x310 [ 37.291166] ? vprintk_emit+0x1d3/0x930 [ 37.291171] ? trace_hardirqs_on+0x310/0x310 [ 37.291176] ? trace_hardirqs_off+0xb8/0x310 [ 37.291180] ? log_store+0x344/0x4c0 [ 37.291184] ? vprintk_emit+0x322/0x930 [ 37.291189] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.291193] ? down_trylock+0x13/0x70 [ 37.291197] down_trylock+0x13/0x70 [ 37.291202] __down_trylock_console_sem+0xae/0x200 [ 37.291207] console_trylock+0x15/0xa0 [ 37.291211] vprintk_emit+0x322/0x930 [ 37.291215] ? wake_up_klogd+0x180/0x180 [ 37.291220] ? run_rebalance_domains+0x500/0x500 [ 37.291224] ? wake_up_worker+0x117/0x190 [ 37.291229] ? find_held_lock+0x36/0x1c0 [ 37.291233] ? __queue_work+0x6be/0x1440 [ 37.291237] ? lock_acquire+0x1ed/0x520 [ 37.291242] vprintk_default+0x28/0x30 [ 37.291246] vprintk_func+0x7e/0x181 [ 37.291250] printk+0xa7/0xcf [ 37.291255] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.291259] ? kasan_check_write+0x14/0x20 [ 37.291263] ? do_raw_spin_lock+0xc1/0x200 [ 37.291268] ? do_raw_spin_lock+0xc1/0x200 [ 37.291272] kasan_report+0x9b/0x110 [ 37.291276] ? __schedule+0xfc3/0x1ed0 [ 37.291281] __asan_report_load8_noabort+0x14/0x20 [ 37.291285] __schedule+0xfc3/0x1ed0 [ 37.291290] ? __sched_text_start+0x8/0x8 [ 37.291294] ? __lock_is_held+0xb5/0x140 [ 37.291299] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.291304] ? find_held_lock+0x36/0x1c0 [ 37.291308] ? __call_srcu+0x7f9/0x1070 [ 37.291313] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.291318] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.291323] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.291327] ? preempt_schedule+0x4d/0x60 [ 37.291332] preempt_schedule_common+0x1f/0xd0 [ 37.291336] preempt_schedule+0x4d/0x60 [ 37.291341] ___preempt_schedule+0x16/0x18 [ 37.291346] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.291350] __call_srcu+0x7f9/0x1070 [ 37.291355] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.291360] ? srcu_offline_cpu+0x120/0x120 [ 37.291364] ? debug_object_free+0x690/0x690 [ 37.291374] ? mark_held_locks+0x130/0x130 [ 37.291379] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.291383] ? lock_release+0x970/0x970 [ 37.291388] ? arch_local_save_flags+0x40/0x40 [ 37.291393] ? depot_save_stack+0x292/0x470 [ 37.291397] ? __lockdep_init_map+0x105/0x590 [ 37.291402] ? __init_waitqueue_head+0x9e/0x150 [ 37.291406] ? init_wait_entry+0x1c0/0x1c0 [ 37.291411] __synchronize_srcu+0x17b/0x230 [ 37.291415] ? call_srcu+0x10/0x10 [ 37.291419] ? rcu_unexpedite_gp+0x20/0x20 [ 37.291425] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.291430] ? check_preemption_disabled+0x48/0x200 [ 37.291434] synchronize_srcu+0x356/0x5ab [ 37.291439] ? lock_downgrade+0x900/0x900 [ 37.291444] ? synchronize_srcu_expedited+0x20/0x20 [ 37.291448] ? kasan_check_read+0x11/0x20 [ 37.291453] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.291458] ? kasan_check_write+0x14/0x20 [ 37.291462] ? do_raw_spin_lock+0xc1/0x200 [ 37.291468] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.291473] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.291477] ? kvfree+0x61/0x70 [ 37.291482] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.291486] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.291491] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.291495] ? kvm_arch_sync_events+0x30/0x30 [ 37.291501] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.291506] ? mmu_notifier_unregister+0x474/0x600 [ 37.291509] ? kfree+0x107/0x230 [ 37.291514] ? __mmu_notifier_register+0x30/0x30 [ 37.291519] ? __free_pages+0x10a/0x190 [ 37.291523] ? free_unref_page+0x960/0x960 [ 37.291527] kvm_put_kvm+0x6c8/0xff0 [ 37.291532] ? kvm_write_guest_cached+0x40/0x40 [ 37.291535] ? kvm_irqfd_ [ 37.291543] Lost 87 message(s)! [ 38.444554] Shutting down cpus with NMI [ 39.502436] Dumping ftrace buffer: [ 39.505956] (ftrace buffer empty) [ 39.510154] Kernel Offset: disabled [ 39.513772] Rebooting in 86400 seconds..