[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.793006] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.782970] random: sshd: uninitialized urandom read (32 bytes read) [ 27.127890] random: sshd: uninitialized urandom read (32 bytes read) [ 27.713246] random: sshd: uninitialized urandom read (32 bytes read) [ 27.929221] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts. [ 33.543187] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.660440] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.685535] ================================================================== [ 33.695466] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 33.701690] Read of size 8 at addr ffff8801d9360058 by task syz-executor813/5329 [ 33.709206] [ 33.710836] CPU: 0 PID: 5329 Comm: syz-executor813 Not tainted 4.19.0-rc3+ #231 [ 33.718275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.727616] Call Trace: [ 33.730207] dump_stack+0x1c4/0x2b4 [ 33.733834] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.739024] ? printk+0xa7/0xcf [ 33.742303] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.747064] print_address_description.cold.8+0x9/0x1ff [ 33.752427] kasan_report.cold.9+0x242/0x309 [ 33.756856] ? __schedule+0xfc3/0x1ed0 [ 33.760747] __asan_report_load8_noabort+0x14/0x20 [ 33.765675] __schedule+0xfc3/0x1ed0 [ 33.769396] ? __sched_text_start+0x8/0x8 [ 33.773549] ? __lock_is_held+0xb5/0x140 [ 33.777611] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.782717] ? find_held_lock+0x36/0x1c0 [ 33.786778] ? __call_srcu+0x7f9/0x1070 [ 33.790749] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.795847] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.800950] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.805533] ? preempt_schedule+0x4d/0x60 [ 33.809685] preempt_schedule_common+0x1f/0xd0 [ 33.814268] preempt_schedule+0x4d/0x60 [ 33.818241] ___preempt_schedule+0x16/0x18 [ 33.822476] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 33.827405] __call_srcu+0x7f9/0x1070 [ 33.831203] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 33.836313] ? srcu_offline_cpu+0x120/0x120 [ 33.840637] ? debug_object_free+0x690/0x690 [ 33.845046] ? mark_held_locks+0x130/0x130 [ 33.849279] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 33.853860] ? lock_release+0x970/0x970 [ 33.857832] ? arch_local_save_flags+0x40/0x40 [ 33.862413] ? depot_save_stack+0x292/0x470 [ 33.866742] ? __lockdep_init_map+0x105/0x590 [ 33.871272] ? __init_waitqueue_head+0x9e/0x150 [ 33.875937] ? init_wait_entry+0x1c0/0x1c0 [ 33.880178] __synchronize_srcu+0x17b/0x230 [ 33.884502] ? call_srcu+0x10/0x10 [ 33.888039] ? rcu_unexpedite_gp+0x20/0x20 [ 33.892277] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.897809] ? check_preemption_disabled+0x48/0x200 [ 33.902843] synchronize_srcu+0x356/0x5ab [ 33.906992] ? lock_downgrade+0x900/0x900 [ 33.911137] ? synchronize_srcu_expedited+0x20/0x20 [ 33.916174] ? kasan_check_read+0x11/0x20 [ 33.920327] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.924919] ? kasan_check_write+0x14/0x20 [ 33.929157] ? do_raw_spin_lock+0xc1/0x200 [ 33.933395] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.939107] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.944555] ? kvfree+0x61/0x70 [ 33.947831] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.952856] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.956914] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.961320] ? kvm_arch_sync_events+0x30/0x30 [ 33.965826] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.971366] ? mmu_notifier_unregister+0x474/0x600 [ 33.976292] ? kfree+0x107/0x230 [ 33.979657] ? __mmu_notifier_register+0x30/0x30 [ 33.984408] ? __free_pages+0x10a/0x190 [ 33.988384] ? free_unref_page+0x960/0x960 [ 33.992635] kvm_put_kvm+0x6c8/0xff0 [ 33.996362] ? kvm_write_guest_cached+0x40/0x40 [ 34.001033] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.005796] ? preempt_schedule+0x4d/0x60 [ 34.009944] ? ___preempt_schedule+0x16/0x18 [ 34.014360] ? kvm_irqfd_release+0xdd/0x120 [ 34.018690] ? kvm_irqfd_release+0xdd/0x120 [ 34.023024] ? kvm_put_kvm+0xff0/0xff0 [ 34.026910] kvm_vm_release+0x42/0x50 [ 34.030706] __fput+0x385/0xa30 [ 34.033988] ? get_max_files+0x20/0x20 [ 34.037870] ? trace_hardirqs_on+0xbd/0x310 [ 34.042194] ? ___might_sleep+0x1ed/0x300 [ 34.046337] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 34.051793] ? arch_local_save_flags+0x40/0x40 [ 34.056384] ? kasan_check_write+0x14/0x20 [ 34.060621] ? do_raw_spin_lock+0xc1/0x200 [ 34.064860] ____fput+0x15/0x20 [ 34.068160] task_work_run+0x1e8/0x2a0 [ 34.072049] ? task_work_cancel+0x240/0x240 [ 34.076382] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.081937] ? switch_task_namespaces+0x9d/0xd0 [ 34.086612] do_exit+0x1ad7/0x2610 [ 34.090160] ? mm_update_next_owner+0x990/0x990 [ 34.094837] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 34.099069] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.104082] ? kfree+0x1fa/0x230 [ 34.107457] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 34.111690] ? kvm_vcpu_block+0x1030/0x1030 [ 34.116014] ? is_bpf_text_address+0xd3/0x170 [ 34.120526] ? kernel_text_address+0x79/0xf0 [ 34.124937] ? __kernel_text_address+0xd/0x40 [ 34.129439] ? unwind_get_return_address+0x61/0xa0 [ 34.134382] ? __save_stack_trace+0x8d/0xf0 [ 34.138709] ? save_stack+0xa9/0xd0 [ 34.142333] ? save_stack+0x43/0xd0 [ 34.145960] ? __kasan_slab_free+0x102/0x150 [ 34.150372] ? kasan_slab_free+0xe/0x10 [ 34.154347] ? putname+0xf2/0x130 [ 34.157808] ? __x64_sys_openat+0x9d/0x100 [ 34.162042] ? do_syscall_64+0x1b9/0x820 [ 34.166101] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.171468] ? trace_hardirqs_off+0xb8/0x310 [ 34.175875] ? kasan_check_read+0x11/0x20 [ 34.180024] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.184430] ? trace_hardirqs_on+0x310/0x310 [ 34.188841] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 34.193944] ? trace_hardirqs_off+0xb8/0x310 [ 34.198375] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.203911] ? check_preemption_disabled+0x48/0x200 [ 34.208922] ? check_preemption_disabled+0x48/0x200 [ 34.213939] ? kvm_vcpu_block+0x1030/0x1030 [ 34.218262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.223795] ? do_vfs_ioctl+0x201/0x1720 [ 34.227860] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 34.233143] ? ioctl_preallocate+0x300/0x300 [ 34.237553] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.243088] ? __fget_light+0x2e9/0x430 [ 34.247062] ? fget_raw+0x20/0x20 [ 34.250510] ? putname+0xf2/0x130 [ 34.253962] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.258978] ? kmem_cache_free+0x24f/0x290 [ 34.263209] ? putname+0xf7/0x130 [ 34.266681] do_group_exit+0x177/0x440 [ 34.270815] ? trace_hardirqs_on+0xbd/0x310 [ 34.275132] ? __ia32_sys_exit+0x50/0x50 [ 34.279189] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 34.284643] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.290175] ? ksys_ioctl+0x81/0xd0 [ 34.293801] __x64_sys_exit_group+0x3e/0x50 [ 34.298120] do_syscall_64+0x1b9/0x820 [ 34.302006] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.307378] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.312307] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.317148] ? trace_hardirqs_on_caller+0x310/0x310 [ 34.322161] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.327177] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.332191] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.337040] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.342222] RIP: 0033:0x43ecc8 [ 34.345412] Code: cb f6 ea c0 fb 07 41 89 d8 66 c1 e8 08 c0 f8 02 44 29 c0 8d 04 80 01 c0 29 c1 83 c1 30 88 4e 11 0f b6 4f 05 89 c8 f6 ea 66 c1 08 89 c2 89 c8 c0 fa 02 c0 f8 07 29 c2 8d 14 92 01 d2 29 d1 83 [ 34.364313] RSP: 002b:00007ffec010aa48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.372031] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 34.379297] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.386558] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.393826] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.401094] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.408372] [ 34.409994] Allocated by task 5329: [ 34.413621] save_stack+0x43/0xd0 [ 34.417076] kasan_kmalloc+0xc7/0xe0 [ 34.420785] kasan_slab_alloc+0x12/0x20 [ 34.424754] kmem_cache_alloc+0x12e/0x730 [ 34.428901] vmx_create_vcpu+0xcf/0x25e0 [ 34.432955] kvm_arch_vcpu_create+0xe5/0x220 [ 34.437367] kvm_vm_ioctl+0x470/0x1d40 [ 34.441253] do_vfs_ioctl+0x1de/0x1720 [ 34.445137] ksys_ioctl+0xa9/0xd0 [ 34.448583] __x64_sys_ioctl+0x73/0xb0 [ 34.452469] do_syscall_64+0x1b9/0x820 [ 34.456361] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.461540] [ 34.463162] Freed by task 5329: [ 34.466440] save_stack+0x43/0xd0 [ 34.469888] __kasan_slab_free+0x102/0x150 [ 34.474834] kasan_slab_free+0xe/0x10 [ 34.478641] kmem_cache_free+0x83/0x290 [ 34.482609] vmx_free_vcpu+0x26b/0x300 [ 34.486498] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.490905] kvm_put_kvm+0x6c8/0xff0 [ 34.494612] kvm_vm_release+0x42/0x50 [ 34.498410] __fput+0x385/0xa30 [ 34.501684] ____fput+0x15/0x20 [ 34.504959] task_work_run+0x1e8/0x2a0 [ 34.508843] do_exit+0x1ad7/0x2610 [ 34.512382] do_group_exit+0x177/0x440 [ 34.516269] __x64_sys_exit_group+0x3e/0x50 [ 34.520589] do_syscall_64+0x1b9/0x820 [ 34.524477] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.529650] [ 34.531276] The buggy address belongs to the object at ffff8801d9360040 [ 34.531276] which belongs to the cache kvm_vcpu of size 23872 [ 34.543846] The buggy address is located 24 bytes inside of [ 34.543846] 23872-byte region [ffff8801d9360040, ffff8801d9365d80) [ 34.555797] The buggy address belongs to the page: [ 34.560722] page:ffffea000764d800 count:1 mapcount:0 mapping:ffff8801d76674c0 index:0x0 compound_mapcount: 0 [ 34.570690] flags: 0x2fffc0000008100(slab|head) [ 34.575371] raw: 02fffc0000008100 ffff8801d5bb6648 ffff8801d5bb6648 ffff8801d76674c0 [ 34.583254] raw: 0000000000000000 ffff8801d9360040 0000000100000001 0000000000000000 [ 34.591123] page dumped because: kasan: bad access detected [ 34.596822] [ 34.598439] Memory state around the buggy address: [ 34.603375] ffff8801d935ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.610728] ffff8801d935ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.618079] >ffff8801d9360000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.625426] ^ [ 34.631652] ffff8801d9360080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.639004] ffff8801d9360100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.646361] ================================================================== [ 34.653721] Kernel panic - not syncing: panic_on_warn set ... [ 34.653721] [ 34.661087] CPU: 0 PID: 5329 Comm: syz-executor813 Tainted: G B 4.19.0-rc3+ #231 [ 34.669914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.679258] Call Trace: [ 34.681846] dump_stack+0x1c4/0x2b4 [ 34.685470] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.690659] ? lock_downgrade+0x900/0x900 [ 34.694807] panic+0x238/0x4e7 [ 34.697999] ? add_taint.cold.5+0x16/0x16 [ 34.702154] ? print_shadow_for_address+0xb6/0x116 [ 34.707084] ? trace_hardirqs_off+0xaf/0x310 [ 34.711491] kasan_end_report+0x47/0x4f [ 34.715461] kasan_report.cold.9+0x76/0x309 [ 34.719781] ? __schedule+0xfc3/0x1ed0 [ 34.723669] __asan_report_load8_noabort+0x14/0x20 [ 34.728593] __schedule+0xfc3/0x1ed0 [ 34.732313] ? __sched_text_start+0x8/0x8 [ 34.736464] ? __lock_is_held+0xb5/0x140 [ 34.740518] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.745622] ? find_held_lock+0x36/0x1c0 [ 34.749696] ? __call_srcu+0x7f9/0x1070 [ 34.753666] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.758763] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.763867] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.768444] ? preempt_schedule+0x4d/0x60 [ 34.772590] preempt_schedule_common+0x1f/0xd0 [ 34.777170] preempt_schedule+0x4d/0x60 [ 34.781141] ___preempt_schedule+0x16/0x18 [ 34.785384] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 34.790316] __call_srcu+0x7f9/0x1070 [ 34.794111] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 34.799218] ? srcu_offline_cpu+0x120/0x120 [ 34.803539] ? debug_object_free+0x690/0x690 [ 34.807943] ? mark_held_locks+0x130/0x130 [ 34.812180] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 34.816760] ? lock_release+0x970/0x970 [ 34.820734] ? arch_local_save_flags+0x40/0x40 [ 34.825337] ? depot_save_stack+0x292/0x470 [ 34.829681] ? __lockdep_init_map+0x105/0x590 [ 34.834174] ? __init_waitqueue_head+0x9e/0x150 [ 34.838853] ? init_wait_entry+0x1c0/0x1c0 [ 34.843094] __synchronize_srcu+0x17b/0x230 [ 34.847416] ? call_srcu+0x10/0x10 [ 34.850953] ? rcu_unexpedite_gp+0x20/0x20 [ 34.855190] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.860720] ? check_preemption_disabled+0x48/0x200 [ 34.865733] synchronize_srcu+0x356/0x5ab [ 34.869876] ? lock_downgrade+0x900/0x900 [ 34.874022] ? synchronize_srcu_expedited+0x20/0x20 [ 34.879044] ? kasan_check_read+0x11/0x20 [ 34.883193] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.887777] ? kasan_check_write+0x14/0x20 [ 34.892009] ? do_raw_spin_lock+0xc1/0x200 [ 34.896251] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.901961] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.907409] ? kvfree+0x61/0x70 [ 34.910686] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.915700] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.919758] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.924168] ? kvm_arch_sync_events+0x30/0x30 [ 34.928664] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.934197] ? mmu_notifier_unregister+0x474/0x600 [ 34.939124] ? kfree+0x107/0x230 [ 34.942493] ? __mmu_notifier_register+0x30/0x30 [ 34.947249] ? __free_pages+0x10a/0x190 [ 34.951222] ? free_unref_page+0x960/0x960 [ 34.955470] kvm_put_kvm+0x6c8/0xff0 [ 34.959187] ? kvm_write_guest_cached+0x40/0x40 [ 34.963858] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.968623] ? preempt_schedule+0x4d/0x60 [ 34.972776] ? ___preempt_schedule+0x16/0x18 [ 34.977185] ? kvm_irqfd_release+0xdd/0x120 [ 34.981503] ? kvm_irqfd_release+0xdd/0x120 [ 34.985828] ? kvm_put_kvm+0xff0/0xff0 [ 34.989713] kvm_vm_release+0x42/0x50 [ 34.993512] __fput+0x385/0xa30 [ 34.996790] ? get_max_files+0x20/0x20 [ 35.000678] ? trace_hardirqs_on+0xbd/0x310 [ 35.005002] ? ___might_sleep+0x1ed/0x300 [ 35.009166] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.014636] ? arch_local_save_flags+0x40/0x40 [ 35.019228] ? kasan_check_write+0x14/0x20 [ 35.023463] ? do_raw_spin_lock+0xc1/0x200 [ 35.027693] ____fput+0x15/0x20 [ 35.030969] task_work_run+0x1e8/0x2a0 [ 35.034855] ? task_work_cancel+0x240/0x240 [ 35.039174] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.044709] ? switch_task_namespaces+0x9d/0xd0 [ 35.049381] do_exit+0x1ad7/0x2610 [ 35.052941] ? mm_update_next_owner+0x990/0x990 [ 35.057614] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 35.061850] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.066864] ? kfree+0x1fa/0x230 [ 35.070232] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 35.074465] ? kvm_vcpu_block+0x1030/0x1030 [ 35.078788] ? is_bpf_text_address+0xd3/0x170 [ 35.083280] ? kernel_text_address+0x79/0xf0 [ 35.087686] ? __kernel_text_address+0xd/0x40 [ 35.092177] ? unwind_get_return_address+0x61/0xa0 [ 35.097109] ? __save_stack_trace+0x8d/0xf0 [ 35.101438] ? save_stack+0xa9/0xd0 [ 35.105058] ? save_stack+0x43/0xd0 [ 35.108679] ? __kasan_slab_free+0x102/0x150 [ 35.113084] ? kasan_slab_free+0xe/0x10 [ 35.117051] ? putname+0xf2/0x130 [ 35.120500] ? __x64_sys_openat+0x9d/0x100 [ 35.124731] ? do_syscall_64+0x1b9/0x820 [ 35.128793] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.134156] ? trace_hardirqs_off+0xb8/0x310 [ 35.138561] ? kasan_check_read+0x11/0x20 [ 35.142708] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.147112] ? trace_hardirqs_on+0x310/0x310 [ 35.151525] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 35.156635] ? trace_hardirqs_off+0xb8/0x310 [ 35.161044] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.166578] ? check_preemption_disabled+0x48/0x200 [ 35.171589] ? check_preemption_disabled+0x48/0x200 [ 35.176609] ? kvm_vcpu_block+0x1030/0x1030 [ 35.180931] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.186463] ? do_vfs_ioctl+0x201/0x1720 [ 35.190522] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 35.195799] ? ioctl_preallocate+0x300/0x300 [ 35.200205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.205756] ? __fget_light+0x2e9/0x430 [ 35.209731] ? fget_raw+0x20/0x20 [ 35.213178] ? putname+0xf2/0x130 [ 35.216633] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.221654] ? kmem_cache_free+0x24f/0x290 [ 35.225884] ? putname+0xf7/0x130 [ 35.229526] do_group_exit+0x177/0x440 [ 35.233410] ? trace_hardirqs_on+0xbd/0x310 [ 35.237745] ? __ia32_sys_exit+0x50/0x50 [ 35.241809] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.247258] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.252790] ? ksys_ioctl+0x81/0xd0 [ 35.256417] __x64_sys_exit_group+0x3e/0x50 [ 35.260738] do_syscall_64+0x1b9/0x820 [ 35.264631] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.270186] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.275112] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.279953] ? trace_hardirqs_on_caller+0x310/0x310 [ 35.284968] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.289986] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.295005] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.299854] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.305036] RIP: 0033:0x43ecc8 [ 35.308233] Code: cb f6 ea c0 fb 07 41 89 d8 66 c1 e8 08 c0 f8 02 44 29 c0 8d 04 80 01 c0 29 c1 83 c1 30 88 4e 11 0f b6 4f 05 89 c8 f6 ea 66 c1 08 89 c2 89 c8 c0 fa 02 c0 f8 07 29 c2 8d 14 92 01 d2 29 d1 83 [ 35.327137] RSP: 002b:00007ffec010aa48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.334855] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 35.342119] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.349387] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.356705] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.363973] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.371248] [ 35.371254] ====================================================== [ 35.371260] WARNING: possible circular locking dependency detected [ 35.371264] 4.19.0-rc3+ #231 Not tainted [ 35.371270] ------------------------------------------------------ [ 35.371275] syz-executor813/5329 is trying to acquire lock: [ 35.371279] 0000000078c8fba2 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 35.371296] [ 35.371300] but task is already holding lock: [ 35.371303] 00000000001943a5 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 35.371319] [ 35.371324] which lock already depends on the new lock. [ 35.371327] [ 35.371330] [ 35.371335] the existing dependency chain (in reverse order) is: [ 35.371337] [ 35.371340] -> #3 (report_lock){....}: [ 35.371365] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.371369] kasan_report+0x8b/0x110 [ 35.371374] __asan_report_load8_noabort+0x14/0x20 [ 35.371378] __schedule+0xfc3/0x1ed0 [ 35.371383] preempt_schedule_common+0x1f/0xd0 [ 35.371388] preempt_schedule+0x4d/0x60 [ 35.371392] ___preempt_schedule+0x16/0x18 [ 35.371397] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.371401] __call_srcu+0x7f9/0x1070 [ 35.371406] __synchronize_srcu+0x17b/0x230 [ 35.371410] synchronize_srcu+0x356/0x5ab [ 35.371416] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.371420] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.371425] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.371429] kvm_put_kvm+0x6c8/0xff0 [ 35.371433] kvm_vm_release+0x42/0x50 [ 35.371437] __fput+0x385/0xa30 [ 35.371441] ____fput+0x15/0x20 [ 35.371446] task_work_run+0x1e8/0x2a0 [ 35.371450] do_exit+0x1ad7/0x2610 [ 35.371454] do_group_exit+0x177/0x440 [ 35.371459] __x64_sys_exit_group+0x3e/0x50 [ 35.371463] do_syscall_64+0x1b9/0x820 [ 35.371468] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.371471] [ 35.371473] -> #2 (&rq->lock){-.-.}: [ 35.371489] _raw_spin_lock+0x2d/0x40 [ 35.371493] task_fork_fair+0xb0/0x6d0 [ 35.371497] sched_fork+0x443/0xba0 [ 35.371502] copy_process+0x2586/0x8780 [ 35.371506] _do_fork+0x1cb/0x11d0 [ 35.371510] kernel_thread+0x34/0x40 [ 35.371514] rest_init+0x22/0xe5 [ 35.371518] start_kernel+0x8f4/0x92f [ 35.371523] x86_64_start_reservations+0x29/0x2b [ 35.371528] x86_64_start_kernel+0x76/0x79 [ 35.371532] secondary_startup_64+0xa4/0xb0 [ 35.371535] [ 35.371537] -> #1 (&p->pi_lock){-.-.}: [ 35.371553] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.371558] try_to_wake_up+0xd2/0x12f0 [ 35.371562] wake_up_process+0x10/0x20 [ 35.371566] __up.isra.1+0x1c0/0x2a0 [ 35.371570] up+0x13c/0x1c0 [ 35.371574] __up_console_sem+0xbe/0x1b0 [ 35.371579] console_unlock+0x524/0x11a0 [ 35.371583] vprintk_emit+0x33d/0x930 [ 35.371587] vprintk_default+0x28/0x30 [ 35.371592] vprintk_func+0x7e/0x181 [ 35.371595] printk+0xa7/0xcf [ 35.371599] load_umh+0x51/0xbd [ 35.371604] do_one_initcall+0x145/0x957 [ 35.371608] kernel_init_freeable+0x4bb/0x5ae [ 35.371612] kernel_init+0x11/0x1b2 [ 35.371617] ret_from_fork+0x3a/0x50 [ 35.371619] [ 35.371622] -> #0 ((console_sem).lock){-...}: [ 35.371643] lock_acquire+0x1ed/0x520 [ 35.371648] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.371652] down_trylock+0x13/0x70 [ 35.371657] __down_trylock_console_sem+0xae/0x200 [ 35.371661] console_trylock+0x15/0xa0 [ 35.371665] vprintk_emit+0x322/0x930 [ 35.371669] vprintk_default+0x28/0x30 [ 35.371674] vprintk_func+0x7e/0x181 [ 35.371677] printk+0xa7/0xcf [ 35.371681] kasan_report+0x9b/0x110 [ 35.371686] __asan_report_load8_noabort+0x14/0x20 [ 35.371691] __schedule+0xfc3/0x1ed0 [ 35.371695] preempt_schedule_common+0x1f/0xd0 [ 35.371700] preempt_schedule+0x4d/0x60 [ 35.371704] ___preempt_schedule+0x16/0x18 [ 35.371709] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.371713] __call_srcu+0x7f9/0x1070 [ 35.371718] __synchronize_srcu+0x17b/0x230 [ 35.371722] synchronize_srcu+0x356/0x5ab [ 35.371728] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.371732] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.371737] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.371741] kvm_put_kvm+0x6c8/0xff0 [ 35.371745] kvm_vm_release+0x42/0x50 [ 35.371749] __fput+0x385/0xa30 [ 35.371753] ____fput+0x15/0x20 [ 35.371757] task_work_run+0x1e8/0x2a0 [ 35.371761] do_exit+0x1ad7/0x2610 [ 35.371765] do_group_exit+0x177/0x440 [ 35.371770] __x64_sys_exit_group+0x3e/0x50 [ 35.371774] do_syscall_64+0x1b9/0x820 [ 35.371779] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.371782] [ 35.371787] other info that might help us debug this: [ 35.371789] [ 35.371793] Chain exists of: [ 35.371795] (console_sem).lock --> &rq->lock --> report_lock [ 35.371815] [ 35.371820] Possible unsafe locking scenario: [ 35.371822] [ 35.371827] CPU0 CPU1 [ 35.371831] ---- ---- [ 35.371834] lock(report_lock); [ 35.371844] lock(&rq->lock); [ 35.371854] lock(report_lock); [ 35.371863] lock((console_sem).lock); [ 35.371872] [ 35.371875] *** DEADLOCK *** [ 35.371878] [ 35.371883] 2 locks held by syz-executor813/5329: [ 35.371885] #0: 00000000d1fdace3 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 35.371904] #1: 00000000001943a5 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 35.371922] [ 35.371926] stack backtrace: [ 35.371933] CPU: 0 PID: 5329 Comm: syz-executor813 Not tainted 4.19.0-rc3+ #231 [ 35.371940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.371944] Call Trace: [ 35.371948] dump_stack+0x1c4/0x2b4 [ 35.371953] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.371957] ? vprintk_func+0x85/0x181 [ 35.371963] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 35.371967] ? save_trace+0xe0/0x290 [ 35.371971] __lock_acquire+0x33e4/0x4ec0 [ 35.371976] ? mark_held_locks+0x130/0x130 [ 35.371980] ? mark_held_locks+0x130/0x130 [ 35.371984] ? rcu_bh_qs+0xc0/0xc0 [ 35.371988] ? unwind_dump+0x190/0x190 [ 35.371993] ? is_bpf_text_address+0xd3/0x170 [ 35.371998] ? kernel_text_address+0x79/0xf0 [ 35.372002] ? __kernel_text_address+0xd/0x40 [ 35.372007] ? __save_stack_trace+0x8d/0xf0 [ 35.372012] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 35.372016] ? save_trace+0x290/0x290 [ 35.372020] ? save_stack_trace+0x1a/0x20 [ 35.372024] ? save_trace+0xe0/0x290 [ 35.372029] ? kasan_check_read+0x11/0x20 [ 35.372033] ? graph_lock+0x170/0x170 [ 35.372038] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.372042] lock_acquire+0x1ed/0x520 [ 35.372046] ? down_trylock+0x13/0x70 [ 35.372051] ? find_held_lock+0x36/0x1c0 [ 35.372055] ? lock_release+0x970/0x970 [ 35.372060] ? trace_hardirqs_off+0xb8/0x310 [ 35.372064] ? vprintk_emit+0x1d3/0x930 [ 35.372069] ? trace_hardirqs_on+0x310/0x310 [ 35.372073] ? trace_hardirqs_off+0xb8/0x310 [ 35.372077] ? log_store+0x344/0x4c0 [ 35.372082] ? vprintk_emit+0x322/0x930 [ 35.372086] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.372090] ? down_trylock+0x13/0x70 [ 35.372095] down_trylock+0x13/0x70 [ 35.372099] __down_trylock_console_sem+0xae/0x200 [ 35.372104] console_trylock+0x15/0xa0 [ 35.372108] vprintk_emit+0x322/0x930 [ 35.372112] ? wake_up_klogd+0x180/0x180 [ 35.372117] ? run_rebalance_domains+0x500/0x500 [ 35.372121] ? wake_up_worker+0x117/0x190 [ 35.372125] ? find_held_lock+0x36/0x1c0 [ 35.372130] ? __queue_work+0x6be/0x1440 [ 35.372135] ? lock_acquire+0x1ed/0x520 [ 35.372139] vprintk_default+0x28/0x30 [ 35.372143] vprintk_func+0x7e/0x181 [ 35.372147] printk+0xa7/0xcf [ 35.372152] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.372156] ? kasan_check_write+0x14/0x20 [ 35.372161] ? do_raw_spin_lock+0xc1/0x200 [ 35.372165] ? do_raw_spin_lock+0xc1/0x200 [ 35.372169] kasan_report+0x9b/0x110 [ 35.372173] ? __schedule+0xfc3/0x1ed0 [ 35.372178] __asan_report_load8_noabort+0x14/0x20 [ 35.372182] __schedule+0xfc3/0x1ed0 [ 35.372187] ? __sched_text_start+0x8/0x8 [ 35.372191] ? __lock_is_held+0xb5/0x140 [ 35.372196] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.372200] ? find_held_lock+0x36/0x1c0 [ 35.372205] ? __call_srcu+0x7f9/0x1070 [ 35.372210] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.372215] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.372219] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.372224] ? preempt_schedule+0x4d/0x60 [ 35.372228] preempt_schedule_common+0x1f/0xd0 [ 35.372233] preempt_schedule+0x4d/0x60 [ 35.372237] ___preempt_schedule+0x16/0x18 [ 35.372242] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.372246] __call_srcu+0x7f9/0x1070 [ 35.372251] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 35.372256] ? srcu_offline_cpu+0x120/0x120 [ 35.372260] ? debug_object_free+0x690/0x690 [ 35.372265] ? mark_held_locks+0x130/0x130 [ 35.372270] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 35.372274] ? lock_release+0x970/0x970 [ 35.372279] ? arch_local_save_flags+0x40/0x40 [ 35.372283] ? depot_save_stack+0x292/0x470 [ 35.372288] ? __lockdep_init_map+0x105/0x590 [ 35.372292] ? __init_waitqueue_head+0x9e/0x150 [ 35.372297] ? init_wait_entry+0x1c0/0x1c0 [ 35.372302] __synchronize_srcu+0x17b/0x230 [ 35.372306] ? call_srcu+0x10/0x10 [ 35.372310] ? rcu_unexpedite_gp+0x20/0x20 [ 35.372315] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.372320] ? check_preemption_disabled+0x48/0x200 [ 35.372325] synchronize_srcu+0x356/0x5ab [ 35.372329] ? lock_downgrade+0x900/0x900 [ 35.372334] ? synchronize_srcu_expedited+0x20/0x20 [ 35.372339] ? kasan_check_read+0x11/0x20 [ 35.372344] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.372348] ? kasan_check_write+0x14/0x20 [ 35.372360] ? do_raw_spin_lock+0xc1/0x200 [ 35.372366] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.372371] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.372375] ? kvfree+0x61/0x70 [ 35.372380] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.372384] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.372389] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.372393] ? kvm_arch_sync_events+0x30/0x30 [ 35.372399] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.372404] ? mmu_notifier_unregister+0x474/0x600 [ 35.372408] ? kfree+0x107/0x230 [ 35.372412] ? __mmu_notifier_register+0x30/0x30 [ 35.372417] ? __free_pages+0x10a/0x190 [ 35.372421] ? free_unref_page+0x960/0x960 [ 35.372425] kvm_put_kvm+0x6c8/0xff0 [ 35.372430] ? kvm_write_guest_cached+0x40/0x40 [ 35.372435] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 35.372439] ? preempt_schedule+0x4d/0x60 [ 35.372444] ? ___preempt_schedule+0x16/0x18 [ 35.372448] ? kvm_irqfd_release+0xdd/0x120 [ 35.372453] ? kvm_irqfd_release+0xdd/0x120 [ 35.372457] ? kvm_put_kvm+0xff0/ [ 35.372465] Lost 80 message(s)! [ 36.533843] Shutting down cpus with NMI [ 37.591247] Dumping ftrace buffer: [ 37.594775] (ftrace buffer empty) [ 37.599015] Kernel Offset: disabled [ 37.602641] Rebooting in 86400 seconds..