[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 26.326506] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.762875] random: sshd: uninitialized urandom read (32 bytes read) [ 31.102744] random: sshd: uninitialized urandom read (32 bytes read) [ 31.746090] random: sshd: uninitialized urandom read (32 bytes read) [ 31.971998] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts. [ 37.586541] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 37.725407] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 37.750967] ================================================================== [ 37.760972] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 37.767213] Read of size 8 at addr ffff8801c4008058 by task syz-executor132/5352 [ 37.774748] [ 37.776386] CPU: 0 PID: 5352 Comm: syz-executor132 Not tainted 4.19.0-rc4+ #248 [ 37.783826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.793171] Call Trace: [ 37.795779] dump_stack+0x1c4/0x2b4 [ 37.799450] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.804643] ? printk+0xa7/0xcf [ 37.807929] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.812689] print_address_description.cold.8+0x9/0x1ff [ 37.818091] kasan_report.cold.9+0x242/0x309 [ 37.822515] ? __schedule+0xfc3/0x1ed0 [ 37.826402] __asan_report_load8_noabort+0x14/0x20 [ 37.831334] __schedule+0xfc3/0x1ed0 [ 37.835051] ? __sched_text_start+0x8/0x8 [ 37.839217] ? __lock_is_held+0xb5/0x140 [ 37.843287] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.848387] ? find_held_lock+0x36/0x1c0 [ 37.852456] ? __call_srcu+0x7f9/0x1070 [ 37.856428] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.861535] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.866636] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.871221] ? preempt_schedule+0x4d/0x60 [ 37.875375] preempt_schedule_common+0x1f/0xd0 [ 37.879966] preempt_schedule+0x4d/0x60 [ 37.883940] ___preempt_schedule+0x16/0x18 [ 37.888179] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.893112] __call_srcu+0x7f9/0x1070 [ 37.896912] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.902017] ? srcu_offline_cpu+0x120/0x120 [ 37.906341] ? debug_object_free+0x690/0x690 [ 37.910754] ? mark_held_locks+0x130/0x130 [ 37.914994] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.919580] ? lock_release+0x970/0x970 [ 37.923558] ? arch_local_save_flags+0x40/0x40 [ 37.928142] ? depot_save_stack+0x292/0x470 [ 37.932478] ? __lockdep_init_map+0x105/0x590 [ 37.936977] ? __init_waitqueue_head+0x9e/0x150 [ 37.941659] ? init_wait_entry+0x1c0/0x1c0 [ 37.945909] __synchronize_srcu+0x17b/0x230 [ 37.950233] ? call_srcu+0x10/0x10 [ 37.953772] ? rcu_unexpedite_gp+0x20/0x20 [ 37.958010] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.963557] ? check_preemption_disabled+0x48/0x200 [ 37.968623] synchronize_srcu+0x356/0x5ab [ 37.972773] ? lock_downgrade+0x900/0x900 [ 37.976926] ? synchronize_srcu_expedited+0x20/0x20 [ 37.981973] ? kasan_check_read+0x11/0x20 [ 37.986125] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.990723] ? kasan_check_write+0x14/0x20 [ 37.994975] ? do_raw_spin_lock+0xc1/0x200 [ 37.999226] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.004955] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.010413] ? kvfree+0x61/0x70 [ 38.013712] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.018739] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.022826] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.027235] ? kvm_arch_sync_events+0x30/0x30 [ 38.031740] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.037279] ? mmu_notifier_unregister+0x474/0x600 [ 38.042220] ? kfree+0x107/0x230 [ 38.045593] ? __mmu_notifier_register+0x30/0x30 [ 38.050396] ? __free_pages+0x10a/0x190 [ 38.054384] ? free_unref_page+0x960/0x960 [ 38.058650] kvm_put_kvm+0x6c8/0xff0 [ 38.062393] ? kvm_write_guest_cached+0x40/0x40 [ 38.067079] ? kvm_irqfd_release+0xd1/0x120 [ 38.071416] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.075939] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.080458] ? kasan_check_write+0x14/0x20 [ 38.084703] ? do_raw_spin_lock+0xc1/0x200 [ 38.088979] ? kvm_irqfd_release+0xdd/0x120 [ 38.093309] ? kvm_irqfd_release+0xdd/0x120 [ 38.097632] ? kvm_put_kvm+0xff0/0xff0 [ 38.101545] kvm_vm_release+0x42/0x50 [ 38.105359] __fput+0x385/0xa30 [ 38.108642] ? get_max_files+0x20/0x20 [ 38.112567] ? trace_hardirqs_on+0xbd/0x310 [ 38.116893] ? ___might_sleep+0x1ed/0x300 [ 38.121044] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.126524] ? arch_local_save_flags+0x40/0x40 [ 38.131128] ? kasan_check_write+0x14/0x20 [ 38.135373] ? do_raw_spin_lock+0xc1/0x200 [ 38.139616] ____fput+0x15/0x20 [ 38.142921] task_work_run+0x1e8/0x2a0 [ 38.146812] ? task_work_cancel+0x240/0x240 [ 38.151134] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.156678] ? switch_task_namespaces+0x9d/0xd0 [ 38.161378] do_exit+0x1ad7/0x2610 [ 38.164920] ? mm_update_next_owner+0x990/0x990 [ 38.169599] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 38.173836] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.178851] ? kfree+0x1fa/0x230 [ 38.182242] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 38.186480] ? kvm_vcpu_block+0x1030/0x1030 [ 38.190809] ? is_bpf_text_address+0xd3/0x170 [ 38.195301] ? kernel_text_address+0x79/0xf0 [ 38.199718] ? __kernel_text_address+0xd/0x40 [ 38.204216] ? unwind_get_return_address+0x61/0xa0 [ 38.209159] ? __save_stack_trace+0x8d/0xf0 [ 38.213509] ? save_stack+0xa9/0xd0 [ 38.217378] ? save_stack+0x43/0xd0 [ 38.220999] ? __kasan_slab_free+0x102/0x150 [ 38.225407] ? kasan_slab_free+0xe/0x10 [ 38.229393] ? putname+0xf2/0x130 [ 38.232846] ? __x64_sys_openat+0x9d/0x100 [ 38.237098] ? do_syscall_64+0x1b9/0x820 [ 38.241159] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.246527] ? trace_hardirqs_off+0xb8/0x310 [ 38.250935] ? kasan_check_read+0x11/0x20 [ 38.255088] ? do_raw_spin_unlock+0xa7/0x2f0 [ 38.259511] ? trace_hardirqs_on+0x310/0x310 [ 38.263925] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 38.269039] ? trace_hardirqs_off+0xb8/0x310 [ 38.273490] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.279027] ? check_preemption_disabled+0x48/0x200 [ 38.284038] ? check_preemption_disabled+0x48/0x200 [ 38.289061] ? kvm_vcpu_block+0x1030/0x1030 [ 38.293378] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.298924] ? do_vfs_ioctl+0x201/0x1720 [ 38.302989] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 38.308265] ? ioctl_preallocate+0x300/0x300 [ 38.312670] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.318223] ? __fget_light+0x2e9/0x430 [ 38.322200] ? fget_raw+0x20/0x20 [ 38.325646] ? putname+0xf2/0x130 [ 38.329096] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.334111] ? kmem_cache_free+0x24f/0x290 [ 38.338342] ? putname+0xf7/0x130 [ 38.341808] do_group_exit+0x177/0x440 [ 38.345692] ? trace_hardirqs_on+0xbd/0x310 [ 38.350034] ? __ia32_sys_exit+0x50/0x50 [ 38.354091] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.359542] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.365078] ? ksys_ioctl+0x81/0xd0 [ 38.368714] __x64_sys_exit_group+0x3e/0x50 [ 38.373034] do_syscall_64+0x1b9/0x820 [ 38.376934] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.382300] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.387247] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.392092] ? trace_hardirqs_on_caller+0x310/0x310 [ 38.397118] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.402132] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.407150] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.411993] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.417176] RIP: 0033:0x43ecd8 [ 38.420370] Code: 44 29 c0 8d 04 80 01 c0 29 c1 83 c1 30 88 4e 11 0f b6 4f 05 89 c8 f6 ea 66 c1 e8 08 89 c2 89 c8 c0 fa 02 c0 f8 07 29 c2 8d 14 <92> 01 d2 29 d1 83 c1 30 88 4e 12 80 7f 06 00 0f 8e a3 01 00 00 c6 [ 38.439268] RSP: 002b:00007fffc77091c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.446972] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8 [ 38.454255] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.461527] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.468815] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 38.476083] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 38.483353] [ 38.484973] Allocated by task 5352: [ 38.488601] save_stack+0x43/0xd0 [ 38.492055] kasan_kmalloc+0xc7/0xe0 [ 38.495763] kasan_slab_alloc+0x12/0x20 [ 38.499752] kmem_cache_alloc+0x12e/0x730 [ 38.503894] vmx_create_vcpu+0xcf/0x25e0 [ 38.507952] kvm_arch_vcpu_create+0xe5/0x220 [ 38.512364] kvm_vm_ioctl+0x470/0x1d40 [ 38.516251] do_vfs_ioctl+0x1de/0x1720 [ 38.520146] ksys_ioctl+0xa9/0xd0 [ 38.523594] __x64_sys_ioctl+0x73/0xb0 [ 38.527479] do_syscall_64+0x1b9/0x820 [ 38.531369] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.536548] [ 38.538171] Freed by task 5352: [ 38.541453] save_stack+0x43/0xd0 [ 38.544901] __kasan_slab_free+0x102/0x150 [ 38.549128] kasan_slab_free+0xe/0x10 [ 38.552925] kmem_cache_free+0x83/0x290 [ 38.556899] vmx_free_vcpu+0x26b/0x300 [ 38.560797] kvm_arch_destroy_vm+0x365/0x7c0 [ 38.565224] kvm_put_kvm+0x6c8/0xff0 [ 38.568936] kvm_vm_release+0x42/0x50 [ 38.572742] __fput+0x385/0xa30 [ 38.576017] ____fput+0x15/0x20 [ 38.579304] task_work_run+0x1e8/0x2a0 [ 38.583187] do_exit+0x1ad7/0x2610 [ 38.586742] do_group_exit+0x177/0x440 [ 38.590650] __x64_sys_exit_group+0x3e/0x50 [ 38.594973] do_syscall_64+0x1b9/0x820 [ 38.598867] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.604074] [ 38.605696] The buggy address belongs to the object at ffff8801c4008040 [ 38.605696] which belongs to the cache kvm_vcpu of size 23872 [ 38.618289] The buggy address is located 24 bytes inside of [ 38.618289] 23872-byte region [ffff8801c4008040, ffff8801c400dd80) [ 38.630263] The buggy address belongs to the page: [ 38.635187] page:ffffea0007100200 count:1 mapcount:0 mapping:ffff8801d5278a80 index:0x0 compound_mapcount: 0 [ 38.645161] flags: 0x2fffc0000008100(slab|head) [ 38.649831] raw: 02fffc0000008100 ffff8801d5272748 ffff8801d5272748 ffff8801d5278a80 [ 38.657715] raw: 0000000000000000 ffff8801c4008040 0000000100000001 0000000000000000 [ 38.665600] page dumped because: kasan: bad access detected [ 38.671301] [ 38.672917] Memory state around the buggy address: [ 38.677851] ffff8801c4007f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.685203] ffff8801c4007f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.692558] >ffff8801c4008000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 38.699920] ^ [ 38.706147] ffff8801c4008080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.713514] ffff8801c4008100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.720906] ================================================================== [ 38.728262] Kernel panic - not syncing: panic_on_warn set ... [ 38.728262] [ 38.735630] CPU: 0 PID: 5352 Comm: syz-executor132 Tainted: G B 4.19.0-rc4+ #248 [ 38.744463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.753810] Call Trace: [ 38.756410] dump_stack+0x1c4/0x2b4 [ 38.760033] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.765219] ? lock_downgrade+0x900/0x900 [ 38.769367] panic+0x238/0x4e7 [ 38.772555] ? add_taint.cold.5+0x16/0x16 [ 38.776711] ? print_shadow_for_address+0xb6/0x116 [ 38.781644] ? trace_hardirqs_off+0xaf/0x310 [ 38.786052] kasan_end_report+0x47/0x4f [ 38.790027] kasan_report.cold.9+0x76/0x309 [ 38.794347] ? __schedule+0xfc3/0x1ed0 [ 38.798319] __asan_report_load8_noabort+0x14/0x20 [ 38.803250] __schedule+0xfc3/0x1ed0 [ 38.806977] ? __sched_text_start+0x8/0x8 [ 38.811134] ? __lock_is_held+0xb5/0x140 [ 38.815201] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.820308] ? find_held_lock+0x36/0x1c0 [ 38.824382] ? __call_srcu+0x7f9/0x1070 [ 38.828357] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.833466] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.838582] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.843163] ? preempt_schedule+0x4d/0x60 [ 38.847313] preempt_schedule_common+0x1f/0xd0 [ 38.851892] preempt_schedule+0x4d/0x60 [ 38.855896] ___preempt_schedule+0x16/0x18 [ 38.860136] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.865082] __call_srcu+0x7f9/0x1070 [ 38.868882] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.873998] ? srcu_offline_cpu+0x120/0x120 [ 38.878315] ? debug_object_free+0x690/0x690 [ 38.882725] ? mark_held_locks+0x130/0x130 [ 38.886956] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.891543] ? lock_release+0x970/0x970 [ 38.895516] ? arch_local_save_flags+0x40/0x40 [ 38.900094] ? depot_save_stack+0x292/0x470 [ 38.904419] ? __lockdep_init_map+0x105/0x590 [ 38.908925] ? __init_waitqueue_head+0x9e/0x150 [ 38.913592] ? init_wait_entry+0x1c0/0x1c0 [ 38.917850] __synchronize_srcu+0x17b/0x230 [ 38.922169] ? call_srcu+0x10/0x10 [ 38.925723] ? rcu_unexpedite_gp+0x20/0x20 [ 38.929976] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.935513] ? check_preemption_disabled+0x48/0x200 [ 38.940535] synchronize_srcu+0x356/0x5ab [ 38.944680] ? lock_downgrade+0x900/0x900 [ 38.948846] ? synchronize_srcu_expedited+0x20/0x20 [ 38.953868] ? kasan_check_read+0x11/0x20 [ 38.958017] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.962612] ? kasan_check_write+0x14/0x20 [ 38.966846] ? do_raw_spin_lock+0xc1/0x200 [ 38.971085] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.976809] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.982262] ? kvfree+0x61/0x70 [ 38.985548] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.990576] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.994634] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.999056] ? kvm_arch_sync_events+0x30/0x30 [ 39.003561] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.009101] ? mmu_notifier_unregister+0x474/0x600 [ 39.014036] ? kfree+0x107/0x230 [ 39.017404] ? __mmu_notifier_register+0x30/0x30 [ 39.022162] ? __free_pages+0x10a/0x190 [ 39.026138] ? free_unref_page+0x960/0x960 [ 39.030409] kvm_put_kvm+0x6c8/0xff0 [ 39.034146] ? kvm_write_guest_cached+0x40/0x40 [ 39.038825] ? kvm_irqfd_release+0xd1/0x120 [ 39.043157] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.047654] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.052160] ? kasan_check_write+0x14/0x20 [ 39.056399] ? do_raw_spin_lock+0xc1/0x200 [ 39.060644] ? kvm_irqfd_release+0xdd/0x120 [ 39.064975] ? kvm_irqfd_release+0xdd/0x120 [ 39.069302] ? kvm_put_kvm+0xff0/0xff0 [ 39.073192] kvm_vm_release+0x42/0x50 [ 39.076991] __fput+0x385/0xa30 [ 39.080276] ? get_max_files+0x20/0x20 [ 39.084168] ? trace_hardirqs_on+0xbd/0x310 [ 39.088505] ? ___might_sleep+0x1ed/0x300 [ 39.092667] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.098136] ? arch_local_save_flags+0x40/0x40 [ 39.102730] ? kasan_check_write+0x14/0x20 [ 39.106978] ? do_raw_spin_lock+0xc1/0x200 [ 39.111259] ____fput+0x15/0x20 [ 39.114547] task_work_run+0x1e8/0x2a0 [ 39.118440] ? task_work_cancel+0x240/0x240 [ 39.122776] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.128313] ? switch_task_namespaces+0x9d/0xd0 [ 39.132983] do_exit+0x1ad7/0x2610 [ 39.136531] ? mm_update_next_owner+0x990/0x990 [ 39.141203] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 39.145463] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.150490] ? kfree+0x1fa/0x230 [ 39.153864] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 39.158112] ? kvm_vcpu_block+0x1030/0x1030 [ 39.162486] ? is_bpf_text_address+0xd3/0x170 [ 39.166994] ? kernel_text_address+0x79/0xf0 [ 39.171434] ? __kernel_text_address+0xd/0x40 [ 39.175958] ? unwind_get_return_address+0x61/0xa0 [ 39.180902] ? __save_stack_trace+0x8d/0xf0 [ 39.185235] ? save_stack+0xa9/0xd0 [ 39.188862] ? save_stack+0x43/0xd0 [ 39.192490] ? __kasan_slab_free+0x102/0x150 [ 39.196897] ? kasan_slab_free+0xe/0x10 [ 39.200869] ? putname+0xf2/0x130 [ 39.204332] ? __x64_sys_openat+0x9d/0x100 [ 39.208571] ? do_syscall_64+0x1b9/0x820 [ 39.212632] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.218537] ? trace_hardirqs_off+0xb8/0x310 [ 39.222962] ? kasan_check_read+0x11/0x20 [ 39.227117] ? do_raw_spin_unlock+0xa7/0x2f0 [ 39.231527] ? trace_hardirqs_on+0x310/0x310 [ 39.235938] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 39.241038] ? trace_hardirqs_off+0xb8/0x310 [ 39.245467] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.251005] ? check_preemption_disabled+0x48/0x200 [ 39.256016] ? check_preemption_disabled+0x48/0x200 [ 39.261036] ? kvm_vcpu_block+0x1030/0x1030 [ 39.265356] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.270892] ? do_vfs_ioctl+0x201/0x1720 [ 39.274951] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 39.280228] ? ioctl_preallocate+0x300/0x300 [ 39.284655] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.290194] ? __fget_light+0x2e9/0x430 [ 39.294194] ? fget_raw+0x20/0x20 [ 39.297651] ? putname+0xf2/0x130 [ 39.301102] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.306119] ? kmem_cache_free+0x24f/0x290 [ 39.310351] ? putname+0xf7/0x130 [ 39.313812] do_group_exit+0x177/0x440 [ 39.317730] ? trace_hardirqs_on+0xbd/0x310 [ 39.322415] ? __ia32_sys_exit+0x50/0x50 [ 39.326486] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.331934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.337478] ? ksys_ioctl+0x81/0xd0 [ 39.341109] __x64_sys_exit_group+0x3e/0x50 [ 39.345435] do_syscall_64+0x1b9/0x820 [ 39.349338] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.354701] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.359634] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.364484] ? trace_hardirqs_on_caller+0x310/0x310 [ 39.369497] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.374516] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.379537] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.384379] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.389559] RIP: 0033:0x43ecd8 [ 39.392755] Code: 44 29 c0 8d 04 80 01 c0 29 c1 83 c1 30 88 4e 11 0f b6 4f 05 89 c8 f6 ea 66 c1 e8 08 89 c2 89 c8 c0 fa 02 c0 f8 07 29 c2 8d 14 <92> 01 d2 29 d1 83 c1 30 88 4e 12 80 7f 06 00 0f 8e a3 01 00 00 c6 [ 39.411650] RSP: 002b:00007fffc77091c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 39.419353] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8 [ 39.426630] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 39.433893] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 39.441184] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 39.448459] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 39.455741] [ 39.455760] ====================================================== [ 39.455765] WARNING: possible circular locking dependency detected [ 39.455781] 4.19.0-rc4+ #248 Not tainted [ 39.455787] ------------------------------------------------------ [ 39.455792] syz-executor132/5352 is trying to acquire lock: [ 39.455807] 000000004fc16075 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 39.455823] [ 39.455827] but task is already holding lock: [ 39.455830] 0000000063ccc4f3 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.455845] [ 39.455850] which lock already depends on the new lock. [ 39.455852] [ 39.455855] [ 39.455860] the existing dependency chain (in reverse order) is: [ 39.455863] [ 39.455865] -> #3 (report_lock){....}: [ 39.455880] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.455884] kasan_report+0x8b/0x110 [ 39.455889] __asan_report_load8_noabort+0x14/0x20 [ 39.455893] __schedule+0xfc3/0x1ed0 [ 39.455897] preempt_schedule_common+0x1f/0xd0 [ 39.455901] preempt_schedule+0x4d/0x60 [ 39.455906] ___preempt_schedule+0x16/0x18 [ 39.455911] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.455915] __call_srcu+0x7f9/0x1070 [ 39.455919] __synchronize_srcu+0x17b/0x230 [ 39.455923] synchronize_srcu+0x356/0x5ab [ 39.455928] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.455933] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.455937] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.455941] kvm_put_kvm+0x6c8/0xff0 [ 39.455945] kvm_vm_release+0x42/0x50 [ 39.455949] __fput+0x385/0xa30 [ 39.455953] ____fput+0x15/0x20 [ 39.455957] task_work_run+0x1e8/0x2a0 [ 39.455961] do_exit+0x1ad7/0x2610 [ 39.455965] do_group_exit+0x177/0x440 [ 39.455969] __x64_sys_exit_group+0x3e/0x50 [ 39.455973] do_syscall_64+0x1b9/0x820 [ 39.455978] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.455980] [ 39.455983] -> #2 (&rq->lock){-.-.}: [ 39.455997] _raw_spin_lock+0x2d/0x40 [ 39.456001] task_fork_fair+0xb0/0x6d0 [ 39.456005] sched_fork+0x443/0xba0 [ 39.456009] copy_process+0x2586/0x8780 [ 39.456013] _do_fork+0x1cb/0x11d0 [ 39.456017] kernel_thread+0x34/0x40 [ 39.456021] rest_init+0x22/0xe5 [ 39.456025] start_kernel+0x8f4/0x92f [ 39.456030] x86_64_start_reservations+0x29/0x2b [ 39.456034] x86_64_start_kernel+0x76/0x79 [ 39.456038] secondary_startup_64+0xa4/0xb0 [ 39.456040] [ 39.456043] -> #1 (&p->pi_lock){-.-.}: [ 39.456058] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.456062] try_to_wake_up+0xd2/0x12f0 [ 39.456066] wake_up_process+0x10/0x20 [ 39.456070] __up.isra.1+0x1c0/0x2a0 [ 39.456074] up+0x13c/0x1c0 [ 39.456078] __up_console_sem+0xbe/0x1b0 [ 39.456082] console_unlock+0x814/0x1160 [ 39.456086] vprintk_emit+0x33d/0x930 [ 39.456090] vprintk_default+0x28/0x30 [ 39.456094] vprintk_func+0x7e/0x181 [ 39.456097] printk+0xa7/0xcf [ 39.456101] load_umh+0x51/0xbd [ 39.456105] do_one_initcall+0x145/0x957 [ 39.456109] kernel_init_freeable+0x4bb/0x5ae [ 39.456113] kernel_init+0x11/0x1b2 [ 39.456117] ret_from_fork+0x3a/0x50 [ 39.456120] [ 39.456122] -> #0 ((console_sem).lock){-...}: [ 39.456138] lock_acquire+0x1ed/0x520 [ 39.456142] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.456146] down_trylock+0x13/0x70 [ 39.456150] __down_trylock_console_sem+0xae/0x200 [ 39.456154] console_trylock+0x15/0xa0 [ 39.456159] vprintk_emit+0x322/0x930 [ 39.456163] vprintk_default+0x28/0x30 [ 39.456167] vprintk_func+0x7e/0x181 [ 39.456170] printk+0xa7/0xcf [ 39.456174] kasan_report+0x9b/0x110 [ 39.456192] __asan_report_load8_noabort+0x14/0x20 [ 39.456196] __schedule+0xfc3/0x1ed0 [ 39.456200] preempt_schedule_common+0x1f/0xd0 [ 39.456204] preempt_schedule+0x4d/0x60 [ 39.456208] ___preempt_schedule+0x16/0x18 [ 39.456213] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.456217] __call_srcu+0x7f9/0x1070 [ 39.456234] __synchronize_srcu+0x17b/0x230 [ 39.456238] synchronize_srcu+0x356/0x5ab [ 39.456243] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.456247] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.456252] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.456256] kvm_put_kvm+0x6c8/0xff0 [ 39.456260] kvm_vm_release+0x42/0x50 [ 39.456263] __fput+0x385/0xa30 [ 39.456267] ____fput+0x15/0x20 [ 39.456271] task_work_run+0x1e8/0x2a0 [ 39.456275] do_exit+0x1ad7/0x2610 [ 39.456279] do_group_exit+0x177/0x440 [ 39.456283] __x64_sys_exit_group+0x3e/0x50 [ 39.456287] do_syscall_64+0x1b9/0x820 [ 39.456292] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.456295] [ 39.456299] other info that might help us debug this: [ 39.456302] [ 39.456305] Chain exists of: [ 39.456307] (console_sem).lock --> &rq->lock --> report_lock [ 39.456327] [ 39.456331] Possible unsafe locking scenario: [ 39.456346] [ 39.456351] CPU0 CPU1 [ 39.456355] ---- ---- [ 39.456357] lock(report_lock); [ 39.456379] lock(&rq->lock); [ 39.456389] lock(report_lock); [ 39.456397] lock((console_sem).lock); [ 39.456406] [ 39.456409] *** DEADLOCK *** [ 39.456411] [ 39.456416] 2 locks held by syz-executor132/5352: [ 39.456418] #0: 00000000348abc8d (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 39.456459] #1: 0000000063ccc4f3 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.456476] [ 39.456480] stack backtrace: [ 39.456486] CPU: 0 PID: 5352 Comm: syz-executor132 Not tainted 4.19.0-rc4+ #248 [ 39.456493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.456496] Call Trace: [ 39.456500] dump_stack+0x1c4/0x2b4 [ 39.456505] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.456509] ? vprintk_func+0x85/0x181 [ 39.456514] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 39.456518] ? save_trace+0xe0/0x290 [ 39.456522] __lock_acquire+0x33e4/0x4ec0 [ 39.456538] ? mark_held_locks+0x130/0x130 [ 39.456543] ? mark_held_locks+0x130/0x130 [ 39.456547] ? rcu_bh_qs+0xc0/0xc0 [ 39.456551] ? unwind_dump+0x190/0x190 [ 39.456555] ? is_bpf_text_address+0xd3/0x170 [ 39.456560] ? kernel_text_address+0x79/0xf0 [ 39.456564] ? __kernel_text_address+0xd/0x40 [ 39.456568] ? __save_stack_trace+0x8d/0xf0 [ 39.456573] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 39.456577] ? save_trace+0x290/0x290 [ 39.456581] ? save_stack_trace+0x1a/0x20 [ 39.456585] ? save_trace+0xe0/0x290 [ 39.456590] ? kasan_check_read+0x11/0x20 [ 39.456594] ? graph_lock+0x170/0x170 [ 39.456599] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.456603] lock_acquire+0x1ed/0x520 [ 39.456607] ? down_trylock+0x13/0x70 [ 39.456611] ? find_held_lock+0x36/0x1c0 [ 39.456615] ? lock_release+0x970/0x970 [ 39.456620] ? trace_hardirqs_off+0xb8/0x310 [ 39.456624] ? vprintk_emit+0x1d3/0x930 [ 39.456628] ? trace_hardirqs_on+0x310/0x310 [ 39.456633] ? trace_hardirqs_off+0xb8/0x310 [ 39.456637] ? log_store+0x344/0x4c0 [ 39.456641] ? vprintk_emit+0x322/0x930 [ 39.456645] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.456649] ? down_trylock+0x13/0x70 [ 39.456653] down_trylock+0x13/0x70 [ 39.456658] __down_trylock_console_sem+0xae/0x200 [ 39.456662] console_trylock+0x15/0xa0 [ 39.456666] vprintk_emit+0x322/0x930 [ 39.456670] ? wake_up_klogd+0x180/0x180 [ 39.456675] ? run_rebalance_domains+0x500/0x500 [ 39.456679] ? wake_up_worker+0x117/0x190 [ 39.456683] ? find_held_lock+0x36/0x1c0 [ 39.456687] ? __queue_work+0x6be/0x1440 [ 39.456691] ? lock_acquire+0x1ed/0x520 [ 39.456695] vprintk_default+0x28/0x30 [ 39.456699] vprintk_func+0x7e/0x181 [ 39.456703] printk+0xa7/0xcf [ 39.456714] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 39.456718] ? kasan_check_write+0x14/0x20 [ 39.456722] ? do_raw_spin_lock+0xc1/0x200 [ 39.456726] ? do_raw_spin_lock+0xc1/0x200 [ 39.456730] kasan_report+0x9b/0x110 [ 39.456734] ? __schedule+0xfc3/0x1ed0 [ 39.456739] __asan_report_load8_noabort+0x14/0x20 [ 39.456743] __schedule+0xfc3/0x1ed0 [ 39.456747] ? __sched_text_start+0x8/0x8 [ 39.456751] ? __lock_is_held+0xb5/0x140 [ 39.456756] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.456760] ? find_held_lock+0x36/0x1c0 [ 39.456764] ? __call_srcu+0x7f9/0x1070 [ 39.456769] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.456774] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.456778] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.456783] ? preempt_schedule+0x4d/0x60 [ 39.456787] preempt_schedule_common+0x1f/0xd0 [ 39.456792] preempt_schedule+0x4d/0x60 [ 39.456796] ___preempt_schedule+0x16/0x18 [ 39.456801] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.456805] __call_srcu+0x7f9/0x1070 [ 39.456810] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.456814] ? srcu_offline_cpu+0x120/0x120 [ 39.456818] ? debug_object_free+0x690/0x690 [ 39.456823] ? mark_held_locks+0x130/0x130 [ 39.456827] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.456831] ? lock_release+0x970/0x970 [ 39.456836] ? arch_local_save_flags+0x40/0x40 [ 39.456840] ? depot_save_stack+0x292/0x470 [ 39.456845] ? __lockdep_init_map+0x105/0x590 [ 39.456849] ? __init_waitqueue_head+0x9e/0x150 [ 39.456854] ? init_wait_entry+0x1c0/0x1c0 [ 39.456858] __synchronize_srcu+0x17b/0x230 [ 39.456862] ? call_srcu+0x10/0x10 [ 39.456866] ? rcu_unexpedite_gp+0x20/0x20 [ 39.456871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.456876] ? check_preemption_disabled+0x48/0x200 [ 39.456880] synchronize_srcu+0x356/0x5ab [ 39.456884] ? lock_downgrade+0x900/0x900 [ 39.456889] ? synchronize_srcu_expedited+0x20/0x20 [ 39.456893] ? kasan_check_read+0x11/0x20 [ 39.456898] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.456902] ? kasan_check_write+0x14/0x20 [ 39.456906] ? do_raw_spin_lock+0xc1/0x200 [ 39.456911] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.456916] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.456920] ? kvfree+0x61/0x70 [ 39.456925] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.456929] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.456933] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.456938] ? kvm_arch_sync_events+0x30/0x30 [ 39.456943] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.456947] ? mmu_notifier_unregister+0x474/0x600 [ 39.456951] ? kfree+0x107/0x230 [ 39.456956] ? __mmu_notifier_register+0x30/0x30 [ 39.456960] ? __free_pages+0x10a/0x190 [ 39.456964] ? free_unref_page+0x960/0x960 [ 39.456968] kvm_put_kvm+0x6c8/0xff0 [ 39.456973] ? kvm_write_guest_cached+0x40/0x40 [ 39.456977] ? kvm_irqfd_release+0xd1/0x120 [ 39.456981] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.456986] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.456990] ? kasan_check_write+0x14/0x20 [ 39.456994] ? do_raw_spin_lock+0xc1/0x200 [ 39.456998] ? kvm_irqfd_release+0x [ 39.457006] Lost 82 message(s)! [ 40.631296] Shutting down cpus with NMI [ 41.690369] Kernel Offset: disabled [ 41.693999] Rebooting in 86400 seconds..