[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.292258] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.195362] random: sshd: uninitialized urandom read (32 bytes read) [ 29.540402] random: sshd: uninitialized urandom read (32 bytes read) [ 30.130078] random: sshd: uninitialized urandom read (32 bytes read) [ 45.518105] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. [ 51.229016] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 51.358957] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 51.385878] ================================================================== [ 51.396051] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 51.402280] Read of size 8 at addr ffff8801cc2b0058 by task syz-executor911/5344 [ 51.409814] [ 51.411449] CPU: 1 PID: 5344 Comm: syz-executor911 Not tainted 4.19.0-rc4+ #247 [ 51.418942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.428308] Call Trace: [ 51.430917] dump_stack+0x1c4/0x2b4 [ 51.434571] ? dump_stack_print_info.cold.2+0x52/0x52 [ 51.439790] ? printk+0xa7/0xcf [ 51.443070] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 51.447836] print_address_description.cold.8+0x9/0x1ff [ 51.453207] kasan_report.cold.9+0x242/0x309 [ 51.457626] ? __schedule+0xfc3/0x1ed0 [ 51.461550] __asan_report_load8_noabort+0x14/0x20 [ 51.466484] __schedule+0xfc3/0x1ed0 [ 51.470226] ? __sched_text_start+0x8/0x8 [ 51.474380] ? __lock_is_held+0xb5/0x140 [ 51.478463] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 51.483620] ? find_held_lock+0x36/0x1c0 [ 51.487691] ? __call_srcu+0x7f9/0x1070 [ 51.491694] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 51.496799] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 51.501910] ? lockdep_hardirqs_on+0x421/0x5c0 [ 51.506501] ? preempt_schedule+0x4d/0x60 [ 51.510676] preempt_schedule_common+0x1f/0xd0 [ 51.515264] preempt_schedule+0x4d/0x60 [ 51.519243] ___preempt_schedule+0x16/0x18 [ 51.523481] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 51.528417] __call_srcu+0x7f9/0x1070 [ 51.532221] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 51.537330] ? srcu_offline_cpu+0x120/0x120 [ 51.541677] ? debug_object_free+0x690/0x690 [ 51.546096] ? mark_held_locks+0x130/0x130 [ 51.550352] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 51.554939] ? lock_release+0x970/0x970 [ 51.558917] ? arch_local_save_flags+0x40/0x40 [ 51.563502] ? depot_save_stack+0x292/0x470 [ 51.567839] ? __lockdep_init_map+0x105/0x590 [ 51.572337] ? __init_waitqueue_head+0x9e/0x150 [ 51.577008] ? init_wait_entry+0x1c0/0x1c0 [ 51.581264] __synchronize_srcu+0x17b/0x230 [ 51.585633] ? call_srcu+0x10/0x10 [ 51.589180] ? rcu_unexpedite_gp+0x20/0x20 [ 51.593427] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 51.598977] ? check_preemption_disabled+0x48/0x200 [ 51.604003] synchronize_srcu+0x356/0x5ab [ 51.608178] ? lock_downgrade+0x900/0x900 [ 51.612336] ? synchronize_srcu_expedited+0x20/0x20 [ 51.617366] ? kasan_check_read+0x11/0x20 [ 51.621536] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 51.626136] ? kasan_check_write+0x14/0x20 [ 51.630380] ? do_raw_spin_lock+0xc1/0x200 [ 51.634632] kvm_page_track_unregister_notifier+0x17d/0x250 [ 51.640356] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 51.645813] ? kvfree+0x61/0x70 [ 51.649099] ? rcu_read_lock_sched_held+0x108/0x120 [ 51.654146] kvm_mmu_uninit_vm+0x1c/0x20 [ 51.658213] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 51.662630] ? kvm_arch_sync_events+0x30/0x30 [ 51.667151] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 51.672708] ? mmu_notifier_unregister+0x474/0x600 [ 51.677679] ? kfree+0x107/0x230 [ 51.681084] ? __mmu_notifier_register+0x30/0x30 [ 51.685897] ? __free_pages+0x10a/0x190 [ 51.689876] ? free_unref_page+0x960/0x960 [ 51.694125] kvm_put_kvm+0x6c8/0xff0 [ 51.697860] ? kvm_write_guest_cached+0x40/0x40 [ 51.702537] ? kvm_irqfd_release+0xd1/0x120 [ 51.706863] ? _raw_spin_unlock_irq+0x27/0x80 [ 51.711364] ? _raw_spin_unlock_irq+0x27/0x80 [ 51.715875] ? kasan_check_write+0x14/0x20 [ 51.720116] ? do_raw_spin_lock+0xc1/0x200 [ 51.724380] ? kvm_irqfd_release+0xdd/0x120 [ 51.728722] ? kvm_irqfd_release+0xdd/0x120 [ 51.733071] ? kvm_put_kvm+0xff0/0xff0 [ 51.736963] kvm_vm_release+0x42/0x50 [ 51.740764] __fput+0x385/0xa30 [ 51.744050] ? get_max_files+0x20/0x20 [ 51.747942] ? trace_hardirqs_on+0xbd/0x310 [ 51.752274] ? ___might_sleep+0x1ed/0x300 [ 51.756427] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 51.761879] ? arch_local_save_flags+0x40/0x40 [ 51.766501] ? kasan_check_write+0x14/0x20 [ 51.770755] ? do_raw_spin_lock+0xc1/0x200 [ 51.774999] ____fput+0x15/0x20 [ 51.778293] task_work_run+0x1e8/0x2a0 [ 51.782211] ? task_work_cancel+0x240/0x240 [ 51.786540] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 51.792086] ? switch_task_namespaces+0x9d/0xd0 [ 51.796762] do_exit+0x1ad7/0x2610 [ 51.800348] ? mm_update_next_owner+0x990/0x990 [ 51.805045] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 51.809300] ? rcu_read_lock_sched_held+0x108/0x120 [ 51.814348] ? kfree+0x1fa/0x230 [ 51.817721] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 51.822024] ? kvm_vcpu_block+0x1030/0x1030 [ 51.826396] ? is_bpf_text_address+0xd3/0x170 [ 51.830898] ? kernel_text_address+0x79/0xf0 [ 51.835310] ? __kernel_text_address+0xd/0x40 [ 51.839806] ? unwind_get_return_address+0x61/0xa0 [ 51.844763] ? __save_stack_trace+0x8d/0xf0 [ 51.849103] ? save_stack+0xa9/0xd0 [ 51.852744] ? save_stack+0x43/0xd0 [ 51.856376] ? __kasan_slab_free+0x102/0x150 [ 51.860824] ? kasan_slab_free+0xe/0x10 [ 51.864801] ? putname+0xf2/0x130 [ 51.868282] ? __x64_sys_openat+0x9d/0x100 [ 51.872524] ? do_syscall_64+0x1b9/0x820 [ 51.876585] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.881958] ? trace_hardirqs_off+0xb8/0x310 [ 51.886383] ? kasan_check_read+0x11/0x20 [ 51.890539] ? do_raw_spin_unlock+0xa7/0x2f0 [ 51.895003] ? trace_hardirqs_on+0x310/0x310 [ 51.899458] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 51.904567] ? trace_hardirqs_off+0xb8/0x310 [ 51.909004] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.914566] ? check_preemption_disabled+0x48/0x200 [ 51.919587] ? check_preemption_disabled+0x48/0x200 [ 51.924621] ? kvm_vcpu_block+0x1030/0x1030 [ 51.928951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.934531] ? do_vfs_ioctl+0x201/0x1720 [ 51.938598] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 51.943913] ? ioctl_preallocate+0x300/0x300 [ 51.948328] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.953868] ? __fget_light+0x2e9/0x430 [ 51.957845] ? fget_raw+0x20/0x20 [ 51.961298] ? putname+0xf2/0x130 [ 51.964752] ? rcu_read_lock_sched_held+0x108/0x120 [ 51.969775] ? kmem_cache_free+0x24f/0x290 [ 51.974011] ? putname+0xf7/0x130 [ 51.977470] do_group_exit+0x177/0x440 [ 51.981365] ? trace_hardirqs_on+0xbd/0x310 [ 51.985691] ? __ia32_sys_exit+0x50/0x50 [ 51.989781] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 51.995257] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.000795] ? ksys_ioctl+0x81/0xd0 [ 52.004431] __x64_sys_exit_group+0x3e/0x50 [ 52.008780] do_syscall_64+0x1b9/0x820 [ 52.012674] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 52.018045] ? syscall_return_slowpath+0x5e0/0x5e0 [ 52.022978] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.027826] ? trace_hardirqs_on_caller+0x310/0x310 [ 52.032847] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 52.037866] ? prepare_exit_to_usermode+0x291/0x3b0 [ 52.042917] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.047766] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.052956] RIP: 0033:0x43f028 [ 52.056160] Code: Bad RIP value. [ 52.059519] RSP: 002b:00007ffe605dbc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 52.067231] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 52.074500] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 52.081771] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 52.089043] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 52.096319] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 52.103606] [ 52.105233] Allocated by task 5344: [ 52.108882] save_stack+0x43/0xd0 [ 52.112334] kasan_kmalloc+0xc7/0xe0 [ 52.116061] kasan_slab_alloc+0x12/0x20 [ 52.120064] kmem_cache_alloc+0x12e/0x730 [ 52.124216] vmx_create_vcpu+0xcf/0x25e0 [ 52.128278] kvm_arch_vcpu_create+0xe5/0x220 [ 52.132695] kvm_vm_ioctl+0x470/0x1d40 [ 52.136614] do_vfs_ioctl+0x1de/0x1720 [ 52.140505] ksys_ioctl+0xa9/0xd0 [ 52.143957] __x64_sys_ioctl+0x73/0xb0 [ 52.147908] do_syscall_64+0x1b9/0x820 [ 52.151836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.157029] [ 52.158665] Freed by task 5344: [ 52.161950] save_stack+0x43/0xd0 [ 52.165400] __kasan_slab_free+0x102/0x150 [ 52.169647] kasan_slab_free+0xe/0x10 [ 52.173452] kmem_cache_free+0x83/0x290 [ 52.177426] vmx_free_vcpu+0x26b/0x300 [ 52.181335] kvm_arch_destroy_vm+0x365/0x7c0 [ 52.185744] kvm_put_kvm+0x6c8/0xff0 [ 52.189470] kvm_vm_release+0x42/0x50 [ 52.193269] __fput+0x385/0xa30 [ 52.196544] ____fput+0x15/0x20 [ 52.199825] task_work_run+0x1e8/0x2a0 [ 52.203714] do_exit+0x1ad7/0x2610 [ 52.207267] do_group_exit+0x177/0x440 [ 52.211182] __x64_sys_exit_group+0x3e/0x50 [ 52.215507] do_syscall_64+0x1b9/0x820 [ 52.219408] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.224586] [ 52.226220] The buggy address belongs to the object at ffff8801cc2b0040 [ 52.226220] which belongs to the cache kvm_vcpu of size 23872 [ 52.238802] The buggy address is located 24 bytes inside of [ 52.238802] 23872-byte region [ffff8801cc2b0040, ffff8801cc2b5d80) [ 52.250765] The buggy address belongs to the page: [ 52.255704] page:ffffea000730ac00 count:1 mapcount:0 mapping:ffff8801d595b900 index:0x0 compound_mapcount: 0 [ 52.265691] flags: 0x2fffc0000008100(slab|head) [ 52.270375] raw: 02fffc0000008100 ffff8801d5957248 ffff8801d5957248 ffff8801d595b900 [ 52.278273] raw: 0000000000000000 ffff8801cc2b0040 0000000100000001 0000000000000000 [ 52.286158] page dumped because: kasan: bad access detected [ 52.291861] [ 52.293482] Memory state around the buggy address: [ 52.298410] ffff8801cc2aff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.305769] ffff8801cc2aff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.313153] >ffff8801cc2b0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 52.320505] ^ [ 52.326735] ffff8801cc2b0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 52.334116] ffff8801cc2b0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 52.341498] ================================================================== [ 52.349913] Kernel panic - not syncing: panic_on_warn set ... [ 52.349913] [ 52.357282] CPU: 1 PID: 5344 Comm: syz-executor911 Tainted: G B 4.19.0-rc4+ #247 [ 52.366112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.375465] Call Trace: [ 52.378074] dump_stack+0x1c4/0x2b4 [ 52.381739] ? dump_stack_print_info.cold.2+0x52/0x52 [ 52.386935] ? lock_downgrade+0x900/0x900 [ 52.391099] panic+0x238/0x4e7 [ 52.394305] ? add_taint.cold.5+0x16/0x16 [ 52.398456] ? print_shadow_for_address+0xb6/0x116 [ 52.403396] ? trace_hardirqs_off+0xaf/0x310 [ 52.407817] kasan_end_report+0x47/0x4f [ 52.411792] kasan_report.cold.9+0x76/0x309 [ 52.416116] ? __schedule+0xfc3/0x1ed0 [ 52.420053] __asan_report_load8_noabort+0x14/0x20 [ 52.424979] __schedule+0xfc3/0x1ed0 [ 52.428701] ? __sched_text_start+0x8/0x8 [ 52.432854] ? __lock_is_held+0xb5/0x140 [ 52.436954] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 52.442069] ? find_held_lock+0x36/0x1c0 [ 52.446166] ? __call_srcu+0x7f9/0x1070 [ 52.450151] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 52.455267] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 52.460512] ? lockdep_hardirqs_on+0x421/0x5c0 [ 52.465214] ? preempt_schedule+0x4d/0x60 [ 52.469366] preempt_schedule_common+0x1f/0xd0 [ 52.473942] preempt_schedule+0x4d/0x60 [ 52.477906] ___preempt_schedule+0x16/0x18 [ 52.482161] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 52.487087] __call_srcu+0x7f9/0x1070 [ 52.490884] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 52.495985] ? srcu_offline_cpu+0x120/0x120 [ 52.500300] ? debug_object_free+0x690/0x690 [ 52.504699] ? mark_held_locks+0x130/0x130 [ 52.508935] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 52.513506] ? lock_release+0x970/0x970 [ 52.517464] ? arch_local_save_flags+0x40/0x40 [ 52.522175] ? depot_save_stack+0x292/0x470 [ 52.526492] ? __lockdep_init_map+0x105/0x590 [ 52.530978] ? __init_waitqueue_head+0x9e/0x150 [ 52.535895] ? init_wait_entry+0x1c0/0x1c0 [ 52.540123] __synchronize_srcu+0x17b/0x230 [ 52.544447] ? call_srcu+0x10/0x10 [ 52.547977] ? rcu_unexpedite_gp+0x20/0x20 [ 52.552202] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 52.557869] ? check_preemption_disabled+0x48/0x200 [ 52.562977] synchronize_srcu+0x356/0x5ab [ 52.567122] ? lock_downgrade+0x900/0x900 [ 52.571266] ? synchronize_srcu_expedited+0x20/0x20 [ 52.576282] ? kasan_check_read+0x11/0x20 [ 52.580420] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 52.584998] ? kasan_check_write+0x14/0x20 [ 52.589224] ? do_raw_spin_lock+0xc1/0x200 [ 52.593581] kvm_page_track_unregister_notifier+0x17d/0x250 [ 52.599294] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 52.604732] ? kvfree+0x61/0x70 [ 52.608000] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.613009] kvm_mmu_uninit_vm+0x1c/0x20 [ 52.617163] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 52.621656] ? kvm_arch_sync_events+0x30/0x30 [ 52.626151] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.631715] ? mmu_notifier_unregister+0x474/0x600 [ 52.636639] ? kfree+0x107/0x230 [ 52.639995] ? __mmu_notifier_register+0x30/0x30 [ 52.644945] ? __free_pages+0x10a/0x190 [ 52.648912] ? free_unref_page+0x960/0x960 [ 52.653145] kvm_put_kvm+0x6c8/0xff0 [ 52.656857] ? kvm_write_guest_cached+0x40/0x40 [ 52.661520] ? kvm_irqfd_release+0xd1/0x120 [ 52.665839] ? _raw_spin_unlock_irq+0x27/0x80 [ 52.670470] ? _raw_spin_unlock_irq+0x27/0x80 [ 52.674960] ? kasan_check_write+0x14/0x20 [ 52.679185] ? do_raw_spin_lock+0xc1/0x200 [ 52.683411] ? kvm_irqfd_release+0xdd/0x120 [ 52.687723] ? kvm_irqfd_release+0xdd/0x120 [ 52.692038] ? kvm_put_kvm+0xff0/0xff0 [ 52.696015] kvm_vm_release+0x42/0x50 [ 52.699850] __fput+0x385/0xa30 [ 52.703125] ? get_max_files+0x20/0x20 [ 52.707011] ? trace_hardirqs_on+0xbd/0x310 [ 52.711337] ? ___might_sleep+0x1ed/0x300 [ 52.715478] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 52.720925] ? arch_local_save_flags+0x40/0x40 [ 52.725498] ? kasan_check_write+0x14/0x20 [ 52.729731] ? do_raw_spin_lock+0xc1/0x200 [ 52.733956] ____fput+0x15/0x20 [ 52.737232] task_work_run+0x1e8/0x2a0 [ 52.741112] ? task_work_cancel+0x240/0x240 [ 52.745432] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.750973] ? switch_task_namespaces+0x9d/0xd0 [ 52.755641] do_exit+0x1ad7/0x2610 [ 52.759179] ? mm_update_next_owner+0x990/0x990 [ 52.763961] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 52.768287] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.773293] ? kfree+0x1fa/0x230 [ 52.776646] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 52.780863] ? kvm_vcpu_block+0x1030/0x1030 [ 52.785183] ? is_bpf_text_address+0xd3/0x170 [ 52.789668] ? kernel_text_address+0x79/0xf0 [ 52.794124] ? __kernel_text_address+0xd/0x40 [ 52.798622] ? unwind_get_return_address+0x61/0xa0 [ 52.803544] ? __save_stack_trace+0x8d/0xf0 [ 52.807856] ? save_stack+0xa9/0xd0 [ 52.811476] ? save_stack+0x43/0xd0 [ 52.815085] ? __kasan_slab_free+0x102/0x150 [ 52.819547] ? kasan_slab_free+0xe/0x10 [ 52.823513] ? putname+0xf2/0x130 [ 52.827000] ? __x64_sys_openat+0x9d/0x100 [ 52.831290] ? do_syscall_64+0x1b9/0x820 [ 52.835346] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.840767] ? trace_hardirqs_off+0xb8/0x310 [ 52.845167] ? kasan_check_read+0x11/0x20 [ 52.849303] ? do_raw_spin_unlock+0xa7/0x2f0 [ 52.853695] ? trace_hardirqs_on+0x310/0x310 [ 52.858155] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 52.863365] ? trace_hardirqs_off+0xb8/0x310 [ 52.867763] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.873292] ? check_preemption_disabled+0x48/0x200 [ 52.878321] ? check_preemption_disabled+0x48/0x200 [ 52.883342] ? kvm_vcpu_block+0x1030/0x1030 [ 52.887717] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.893336] ? do_vfs_ioctl+0x201/0x1720 [ 52.897400] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 52.902732] ? ioctl_preallocate+0x300/0x300 [ 52.907145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.912674] ? __fget_light+0x2e9/0x430 [ 52.916638] ? fget_raw+0x20/0x20 [ 52.920233] ? putname+0xf2/0x130 [ 52.923689] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.928783] ? kmem_cache_free+0x24f/0x290 [ 52.933122] ? putname+0xf7/0x130 [ 52.936620] do_group_exit+0x177/0x440 [ 52.940503] ? trace_hardirqs_on+0xbd/0x310 [ 52.944858] ? __ia32_sys_exit+0x50/0x50 [ 52.948911] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 52.954352] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.959883] ? ksys_ioctl+0x81/0xd0 [ 52.963506] __x64_sys_exit_group+0x3e/0x50 [ 52.967846] do_syscall_64+0x1b9/0x820 [ 52.971769] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 52.977154] ? syscall_return_slowpath+0x5e0/0x5e0 [ 52.982095] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.986950] ? trace_hardirqs_on_caller+0x310/0x310 [ 52.991980] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 52.997025] ? prepare_exit_to_usermode+0x291/0x3b0 [ 53.002086] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.006949] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.012188] RIP: 0033:0x43f028 [ 53.015382] Code: Bad RIP value. [ 53.018748] RSP: 002b:00007ffe605dbc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 53.026461] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 53.033734] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 53.041006] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 53.048273] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 53.055552] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 53.062845] [ 53.062851] ====================================================== [ 53.062857] WARNING: possible circular locking dependency detected [ 53.062861] 4.19.0-rc4+ #247 Not tainted [ 53.062867] ------------------------------------------------------ [ 53.062872] syz-executor911/5344 is trying to acquire lock: [ 53.062876] 00000000b9e5e3a8 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 53.062912] [ 53.062916] but task is already holding lock: [ 53.062919] 00000000ec96c1c0 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 53.062934] [ 53.062939] which lock already depends on the new lock. [ 53.062941] [ 53.062944] [ 53.062950] the existing dependency chain (in reverse order) is: [ 53.062952] [ 53.062955] -> #3 (report_lock){....}: [ 53.062982] _raw_spin_lock_irqsave+0x99/0xd0 [ 53.062986] kasan_report+0x8b/0x110 [ 53.062991] __asan_report_load8_noabort+0x14/0x20 [ 53.062996] __schedule+0xfc3/0x1ed0 [ 53.063000] preempt_schedule_common+0x1f/0xd0 [ 53.063005] preempt_schedule+0x4d/0x60 [ 53.063009] ___preempt_schedule+0x16/0x18 [ 53.063014] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 53.063018] __call_srcu+0x7f9/0x1070 [ 53.063023] __synchronize_srcu+0x17b/0x230 [ 53.063027] synchronize_srcu+0x356/0x5ab [ 53.063033] kvm_page_track_unregister_notifier+0x17d/0x250 [ 53.063037] kvm_mmu_uninit_vm+0x1c/0x20 [ 53.063042] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 53.063046] kvm_put_kvm+0x6c8/0xff0 [ 53.063050] kvm_vm_release+0x42/0x50 [ 53.063054] __fput+0x385/0xa30 [ 53.063058] ____fput+0x15/0x20 [ 53.063062] task_work_run+0x1e8/0x2a0 [ 53.063066] do_exit+0x1ad7/0x2610 [ 53.063071] do_group_exit+0x177/0x440 [ 53.063088] __x64_sys_exit_group+0x3e/0x50 [ 53.063093] do_syscall_64+0x1b9/0x820 [ 53.063097] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.063100] [ 53.063102] -> #2 (&rq->lock){-.-.}: [ 53.063117] _raw_spin_lock+0x2d/0x40 [ 53.063121] task_fork_fair+0xb0/0x6d0 [ 53.063125] sched_fork+0x443/0xba0 [ 53.063138] copy_process+0x2586/0x8780 [ 53.063142] _do_fork+0x1cb/0x11d0 [ 53.063146] kernel_thread+0x34/0x40 [ 53.063150] rest_init+0x22/0xe5 [ 53.063154] start_kernel+0x8f4/0x92f [ 53.063159] x86_64_start_reservations+0x29/0x2b [ 53.063163] x86_64_start_kernel+0x76/0x79 [ 53.063167] secondary_startup_64+0xa4/0xb0 [ 53.063170] [ 53.063172] -> #1 (&p->pi_lock){-.-.}: [ 53.063187] _raw_spin_lock_irqsave+0x99/0xd0 [ 53.063192] try_to_wake_up+0xd2/0x12f0 [ 53.063196] wake_up_process+0x10/0x20 [ 53.063200] __up.isra.1+0x1c0/0x2a0 [ 53.063203] up+0x13c/0x1c0 [ 53.063207] __up_console_sem+0xbe/0x1b0 [ 53.063224] console_unlock+0x814/0x1160 [ 53.063228] vprintk_emit+0x33d/0x930 [ 53.063232] vprintk_default+0x28/0x30 [ 53.063236] vprintk_func+0x7e/0x181 [ 53.063240] printk+0xa7/0xcf [ 53.063244] load_umh+0x51/0xbd [ 53.063248] do_one_initcall+0x145/0x957 [ 53.063253] kernel_init_freeable+0x4bb/0x5ae [ 53.063257] kernel_init+0x11/0x1b2 [ 53.063261] ret_from_fork+0x3a/0x50 [ 53.063264] [ 53.063266] -> #0 ((console_sem).lock){-...}: [ 53.063281] lock_acquire+0x1ed/0x520 [ 53.063285] _raw_spin_lock_irqsave+0x99/0xd0 [ 53.063289] down_trylock+0x13/0x70 [ 53.063294] __down_trylock_console_sem+0xae/0x200 [ 53.063298] console_trylock+0x15/0xa0 [ 53.063302] vprintk_emit+0x322/0x930 [ 53.063306] vprintk_default+0x28/0x30 [ 53.063311] vprintk_func+0x7e/0x181 [ 53.063314] printk+0xa7/0xcf [ 53.063318] kasan_report+0x9b/0x110 [ 53.063323] __asan_report_load8_noabort+0x14/0x20 [ 53.063327] __schedule+0xfc3/0x1ed0 [ 53.063332] preempt_schedule_common+0x1f/0xd0 [ 53.063337] preempt_schedule+0x4d/0x60 [ 53.063341] ___preempt_schedule+0x16/0x18 [ 53.063346] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 53.063350] __call_srcu+0x7f9/0x1070 [ 53.063355] __synchronize_srcu+0x17b/0x230 [ 53.063359] synchronize_srcu+0x356/0x5ab [ 53.063365] kvm_page_track_unregister_notifier+0x17d/0x250 [ 53.063369] kvm_mmu_uninit_vm+0x1c/0x20 [ 53.063373] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 53.063377] kvm_put_kvm+0x6c8/0xff0 [ 53.063381] kvm_vm_release+0x42/0x50 [ 53.063385] __fput+0x385/0xa30 [ 53.063388] ____fput+0x15/0x20 [ 53.063392] task_work_run+0x1e8/0x2a0 [ 53.063396] do_exit+0x1ad7/0x2610 [ 53.063401] do_group_exit+0x177/0x440 [ 53.063405] __x64_sys_exit_group+0x3e/0x50 [ 53.063410] do_syscall_64+0x1b9/0x820 [ 53.063415] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.063417] [ 53.063422] other info that might help us debug this: [ 53.063425] [ 53.063428] Chain exists of: [ 53.063430] (console_sem).lock --> &rq->lock --> report_lock [ 53.063450] [ 53.063455] Possible unsafe locking scenario: [ 53.063457] [ 53.063461] CPU0 CPU1 [ 53.063465] ---- ---- [ 53.063468] lock(report_lock); [ 53.063477] lock(&rq->lock); [ 53.063487] lock(report_lock); [ 53.063496] lock((console_sem).lock); [ 53.063505] [ 53.063508] *** DEADLOCK *** [ 53.063511] [ 53.063515] 2 locks held by syz-executor911/5344: [ 53.063518] #0: 00000000e3bc0b20 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 53.063535] #1: 00000000ec96c1c0 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 53.063553] [ 53.063557] stack backtrace: [ 53.063563] CPU: 1 PID: 5344 Comm: syz-executor911 Not tainted 4.19.0-rc4+ #247 [ 53.063571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.063574] Call Trace: [ 53.063578] dump_stack+0x1c4/0x2b4 [ 53.063583] ? dump_stack_print_info.cold.2+0x52/0x52 [ 53.063588] ? vprintk_func+0x85/0x181 [ 53.063593] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 53.063597] ? save_trace+0xe0/0x290 [ 53.063602] __lock_acquire+0x33e4/0x4ec0 [ 53.063606] ? mark_held_locks+0x130/0x130 [ 53.063610] ? mark_held_locks+0x130/0x130 [ 53.063614] ? rcu_bh_qs+0xc0/0xc0 [ 53.063618] ? unwind_dump+0x190/0x190 [ 53.063623] ? is_bpf_text_address+0xd3/0x170 [ 53.063627] ? kernel_text_address+0x79/0xf0 [ 53.063632] ? __kernel_text_address+0xd/0x40 [ 53.063636] ? __save_stack_trace+0x8d/0xf0 [ 53.063641] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 53.063645] ? save_trace+0x290/0x290 [ 53.063650] ? save_stack_trace+0x1a/0x20 [ 53.063654] ? save_trace+0xe0/0x290 [ 53.063658] ? kasan_check_read+0x11/0x20 [ 53.063662] ? graph_lock+0x170/0x170 [ 53.063668] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 53.063672] lock_acquire+0x1ed/0x520 [ 53.063676] ? down_trylock+0x13/0x70 [ 53.063681] ? find_held_lock+0x36/0x1c0 [ 53.063685] ? lock_release+0x970/0x970 [ 53.063690] ? trace_hardirqs_off+0xb8/0x310 [ 53.063694] ? vprintk_emit+0x1d3/0x930 [ 53.063699] ? trace_hardirqs_on+0x310/0x310 [ 53.063703] ? trace_hardirqs_off+0xb8/0x310 [ 53.063707] ? log_store+0x344/0x4c0 [ 53.063712] ? vprintk_emit+0x322/0x930 [ 53.063716] _raw_spin_lock_irqsave+0x99/0xd0 [ 53.063720] ? down_trylock+0x13/0x70 [ 53.063724] down_trylock+0x13/0x70 [ 53.063729] __down_trylock_console_sem+0xae/0x200 [ 53.063734] console_trylock+0x15/0xa0 [ 53.063738] vprintk_emit+0x322/0x930 [ 53.063742] ? wake_up_klogd+0x180/0x180 [ 53.063747] ? run_rebalance_domains+0x500/0x500 [ 53.063751] ? wake_up_worker+0x117/0x190 [ 53.063755] ? find_held_lock+0x36/0x1c0 [ 53.063760] ? __queue_work+0x6be/0x1440 [ 53.063764] ? lock_acquire+0x1ed/0x520 [ 53.063768] vprintk_default+0x28/0x30 [ 53.063772] vprintk_func+0x7e/0x181 [ 53.063776] printk+0xa7/0xcf [ 53.063781] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 53.063785] ? kasan_check_write+0x14/0x20 [ 53.063789] ? do_raw_spin_lock+0xc1/0x200 [ 53.063794] ? do_raw_spin_lock+0xc1/0x200 [ 53.063798] kasan_report+0x9b/0x110 [ 53.063802] ? __schedule+0xfc3/0x1ed0 [ 53.063807] __asan_report_load8_noabort+0x14/0x20 [ 53.063811] __schedule+0xfc3/0x1ed0 [ 53.063815] ? __sched_text_start+0x8/0x8 [ 53.063819] ? __lock_is_held+0xb5/0x140 [ 53.063824] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 53.063828] ? find_held_lock+0x36/0x1c0 [ 53.063833] ? __call_srcu+0x7f9/0x1070 [ 53.063838] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 53.063843] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 53.063847] ? lockdep_hardirqs_on+0x421/0x5c0 [ 53.063852] ? preempt_schedule+0x4d/0x60 [ 53.063856] preempt_schedule_common+0x1f/0xd0 [ 53.063860] preempt_schedule+0x4d/0x60 [ 53.063865] ___preempt_schedule+0x16/0x18 [ 53.063870] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 53.063874] __call_srcu+0x7f9/0x1070 [ 53.063898] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 53.063915] ? srcu_offline_cpu+0x120/0x120 [ 53.063919] ? debug_object_free+0x690/0x690 [ 53.063924] ? mark_held_locks+0x130/0x130 [ 53.063929] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 53.063933] ? lock_release+0x970/0x970 [ 53.063938] ? arch_local_save_flags+0x40/0x40 [ 53.063942] ? depot_save_stack+0x292/0x470 [ 53.063947] ? __lockdep_init_map+0x105/0x590 [ 53.063951] ? __init_waitqueue_head+0x9e/0x150 [ 53.063956] ? init_wait_entry+0x1c0/0x1c0 [ 53.063960] __synchronize_srcu+0x17b/0x230 [ 53.063964] ? call_srcu+0x10/0x10 [ 53.063969] ? rcu_unexpedite_gp+0x20/0x20 [ 53.063974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 53.063979] ? check_preemption_disabled+0x48/0x200 [ 53.063983] synchronize_srcu+0x356/0x5ab [ 53.063988] ? lock_downgrade+0x900/0x900 [ 53.063993] ? synchronize_srcu_expedited+0x20/0x20 [ 53.063997] ? kasan_check_read+0x11/0x20 [ 53.064002] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 53.064006] ? kasan_check_write+0x14/0x20 [ 53.064010] ? do_raw_spin_lock+0xc1/0x200 [ 53.064016] kvm_page_track_unregister_notifier+0x17d/0x250 [ 53.064021] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 53.064025] ? kvfree+0x61/0x70 [ 53.064029] ? rcu_read_lock_sched_held+0x108/0x120 [ 53.064034] kvm_mmu_uninit_vm+0x1c/0x20 [ 53.064038] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 53.064043] ? kvm_arch_sync_events+0x30/0x30 [ 53.064048] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 53.064053] ? mmu_notifier_unregister+0x474/0x600 [ 53.064057] ? kfree+0x107/0x230 [ 53.064061] ? __mmu_notifier_register+0x30/0x30 [ 53.064066] ? __free_pages+0x10a/0x190 [ 53.064070] ? free_unref_page+0x960/0x960 [ 53.064074] kvm_put_kvm+0x6c8/0xff0 [ 53.064079] ? kvm_write_guest_cached+0x40/0x40 [ 53.064083] ? kvm_irqfd_release+0xd1/0x120 [ 53.064088] ? _raw_spin_unlock_irq+0x27/0x80 [ 53.064092] ? _raw_spin_unlock_irq+0x27/0x80 [ 53.064097] ? kasan_check_write+0x14/0x20 [ 53.064101] ? do_raw_spin_lock+0xc1/0x200 [ 53.064105] ? kvm_irqfd_release+0x [ 53.064113] Lost 82 message(s)! [ 54.246017] Shutting down cpus with NMI [ 55.306070] Kernel Offset: disabled [ 55.309695] Rebooting in 86400 seconds..