[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 21.725153] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.494835] random: sshd: uninitialized urandom read (32 bytes read) [ 25.787624] random: sshd: uninitialized urandom read (32 bytes read) [ 26.341953] random: sshd: uninitialized urandom read (32 bytes read) [ 33.908828] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts. [ 39.513137] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 39.610120] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 39.635377] ================================================================== [ 39.645570] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 39.651797] Read of size 8 at addr ffff8801b6a10058 by task syz-executor896/4665 [ 39.659316] [ 39.660941] CPU: 0 PID: 4665 Comm: syz-executor896 Not tainted 4.19.0-rc2+ #220 [ 39.668387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.677752] Call Trace: [ 39.680352] dump_stack+0x1c9/0x2b4 [ 39.683983] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.689170] ? printk+0xa7/0xcf [ 39.692460] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 39.697222] ? __schedule+0xf54/0x1df0 [ 39.701107] print_address_description+0x6c/0x20b [ 39.705954] ? __schedule+0xf54/0x1df0 [ 39.709839] kasan_report.cold.7+0x242/0x30d [ 39.714249] __asan_report_load8_noabort+0x14/0x20 [ 39.719192] __schedule+0xf54/0x1df0 [ 39.722903] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 39.728011] ? __sched_text_start+0x8/0x8 [ 39.732160] ? __call_srcu+0x7e7/0x1040 [ 39.736143] ? check_same_owner+0x340/0x340 [ 39.740461] ? mark_held_locks+0x160/0x160 [ 39.744706] preempt_schedule_common+0x22/0x60 [ 39.749293] _cond_resched+0x1d/0x30 [ 39.753008] wait_for_completion+0xa5/0x8d0 [ 39.757335] ? wait_for_completion_interruptible+0x950/0x950 [ 39.763138] ? __lockdep_init_map+0x105/0x590 [ 39.767639] ? __init_waitqueue_head+0x9e/0x150 [ 39.772700] ? init_wait_entry+0x1c0/0x1c0 [ 39.776956] __synchronize_srcu+0x189/0x240 [ 39.781278] ? call_srcu+0x10/0x10 [ 39.784826] ? rcu_unexpedite_gp+0x20/0x20 [ 39.789067] synchronize_srcu+0x335/0x56f [ 39.793219] ? lock_downgrade+0x8f0/0x8f0 [ 39.797367] ? synchronize_srcu_expedited+0x20/0x20 [ 39.802383] ? kasan_check_read+0x11/0x20 [ 39.806535] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.811622] ? kasan_check_write+0x14/0x20 [ 39.815858] ? do_raw_spin_lock+0xc1/0x200 [ 39.820104] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.825828] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.831280] ? kvfree+0x61/0x70 [ 39.834564] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.839582] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.843644] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.848051] ? kvm_arch_sync_events+0x30/0x30 [ 39.852550] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.858091] ? mmu_notifier_unregister+0x474/0x600 [ 39.863018] ? trace_hardirqs_on+0x2c0/0x2c0 [ 39.867425] ? kfree+0x111/0x210 [ 39.870789] ? __mmu_notifier_register+0x30/0x30 [ 39.875548] ? __free_pages+0x10a/0x190 [ 39.879520] ? free_unref_page+0x930/0x930 [ 39.883766] kvm_put_kvm+0x73f/0x1060 [ 39.887574] ? kvm_write_guest_cached+0x40/0x40 [ 39.892244] ? _raw_spin_unlock_irq+0x27/0x70 [ 39.896753] ? _raw_spin_unlock_irq+0x27/0x70 [ 39.901262] ? kasan_check_write+0x14/0x20 [ 39.905501] ? do_raw_spin_lock+0xc1/0x200 [ 39.909743] ? kvm_irqfd_release+0xdd/0x120 [ 39.914061] ? kvm_irqfd_release+0xdd/0x120 [ 39.918383] ? kvm_put_kvm+0x1060/0x1060 [ 39.922440] kvm_vm_release+0x42/0x50 [ 39.926241] __fput+0x38a/0xa40 [ 39.929521] ? __alloc_file+0x400/0x400 [ 39.933496] ? check_same_owner+0x340/0x340 [ 39.937816] ? kasan_check_write+0x14/0x20 [ 39.942052] ? do_raw_spin_lock+0xc1/0x200 [ 39.946287] ____fput+0x15/0x20 [ 39.949567] task_work_run+0x1e8/0x2a0 [ 39.953453] ? task_work_cancel+0x240/0x240 [ 39.957779] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.963320] ? switch_task_namespaces+0xa2/0xd0 [ 39.967989] do_exit+0x1ae4/0x26e0 [ 39.971527] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.976112] ? mm_update_next_owner+0x9a0/0x9a0 [ 39.980782] ? profiling_store+0xd0/0xd0 [ 39.984839] ? kasan_check_write+0x14/0x20 [ 39.989072] ? do_raw_spin_lock+0xc1/0x200 [ 39.993312] ? do_coredump+0x477/0x3fff [ 39.997287] ? kasan_check_write+0x14/0x20 [ 40.001557] ? do_raw_spin_lock+0xc1/0x200 [ 40.005796] ? _raw_read_unlock_irqrestore+0x60/0xc0 [ 40.010902] ? dump_align+0xa0/0xa0 [ 40.014528] ? save_stack+0xa9/0xd0 [ 40.018153] ? save_stack+0x43/0xd0 [ 40.021797] ? __kasan_slab_free+0x11a/0x170 [ 40.026201] ? kasan_slab_free+0xe/0x10 [ 40.030170] ? kmem_cache_free+0x86/0x280 [ 40.034317] ? __sigqueue_free.part.29+0x7d/0xa0 [ 40.039067] ? __dequeue_signal+0x530/0x7d0 [ 40.043385] ? dequeue_signal+0xbc/0x620 [ 40.047443] ? get_signal+0x3f0/0x18e0 [ 40.051329] ? do_signal+0x9c/0x21c0 [ 40.055041] ? exit_to_usermode_loop+0x2e5/0x380 [ 40.059798] ? prepare_exit_to_usermode+0x342/0x3b0 [ 40.064814] ? trace_hardirqs_off+0xb8/0x2b0 [ 40.069220] ? kasan_check_read+0x11/0x20 [ 40.073366] ? do_raw_spin_unlock+0xa7/0x2f0 [ 40.077772] ? trace_hardirqs_on+0x2c0/0x2c0 [ 40.082175] ? kasan_check_write+0x14/0x20 [ 40.086403] ? graph_lock+0x170/0x170 [ 40.090199] ? trace_hardirqs_off+0xb8/0x2b0 [ 40.094608] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 40.099714] ? __lock_is_held+0xb5/0x140 [ 40.103781] ? __sigqueue_free.part.29+0x7d/0xa0 [ 40.108534] ? graph_lock+0x170/0x170 [ 40.112335] ? __sigqueue_free.part.29+0x7d/0xa0 [ 40.117139] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.122152] ? kmem_cache_free+0x246/0x280 [ 40.126387] ? __sigqueue_free.part.29+0x7d/0xa0 [ 40.131143] ? find_held_lock+0x36/0x1c0 [ 40.135205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.140749] ? proc_coredump_connector+0x4d0/0x610 [ 40.145677] ? proc_comm_connector+0x500/0x500 [ 40.150261] do_group_exit+0x177/0x440 [ 40.154150] ? __ia32_sys_exit+0x50/0x50 [ 40.158214] get_signal+0x851/0x18e0 [ 40.161932] ? ptrace_notify+0x130/0x130 [ 40.165998] ? lock_release+0x9f0/0x9f0 [ 40.169973] ? __bad_area_nosemaphore+0x311/0x3f0 [ 40.174816] do_signal+0x9c/0x21c0 [ 40.178357] ? __bad_area+0x159/0x200 [ 40.182157] ? bad_area_nosemaphore+0x40/0x40 [ 40.186648] ? setup_sigcontext+0x7d0/0x7d0 [ 40.190969] ? bad_area_access_error+0x1f2/0x2e0 [ 40.195768] ? find_vma+0x34/0x190 [ 40.199315] ? __do_page_fault+0x449/0xe50 [ 40.203548] ? exit_to_usermode_loop+0x8c/0x380 [ 40.208217] ? trace_hardirqs_on+0x2c0/0x2c0 [ 40.212626] exit_to_usermode_loop+0x2e5/0x380 [ 40.217208] ? syscall_slow_exit_work+0x490/0x490 [ 40.222047] ? trace_hardirqs_off_caller+0xbb/0x2b0 [ 40.227062] ? syscall_return_slowpath+0x5e0/0x5e0 [ 40.231988] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.236827] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.241673] prepare_exit_to_usermode+0x342/0x3b0 [ 40.246517] ? perf_trace_sys_enter+0xb10/0xb10 [ 40.251183] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.256023] ? page_fault+0x8/0x30 [ 40.259559] retint_user+0x8/0x18 [ 40.263010] RIP: 0033:0x400c6b [ 40.266200] Code: Bad RIP value. [ 40.269559] RSP: 002b:00007fff1a50f3b0 EFLAGS: 00010217 [ 40.274917] RAX: 7073642f7665642f RBX: 00000000004002e0 RCX: 0000000000444059 [ 40.282191] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020000000 [ 40.289456] RBP: 00000000006ce018 R08: 00000000ffffffff R09: 0000000000000000 [ 40.296717] R10: 0000000000000032 R11: 0000000000000216 R12: 0000000000401d60 [ 40.303989] R13: 0000000000401df0 R14: 0000000000000000 R15: 0000000000000000 [ 40.311263] [ 40.312889] Allocated by task 4665: [ 40.316516] save_stack+0x43/0xd0 [ 40.319969] kasan_kmalloc+0xc4/0xe0 [ 40.323679] kasan_slab_alloc+0x12/0x20 [ 40.327646] kmem_cache_alloc+0x12e/0x710 [ 40.331790] vmx_create_vcpu+0xcf/0x2830 [ 40.335846] kvm_arch_vcpu_create+0xe5/0x220 [ 40.340250] kvm_vm_ioctl+0x488/0x1d80 [ 40.344132] do_vfs_ioctl+0x1de/0x1720 [ 40.348015] ksys_ioctl+0xa9/0xd0 [ 40.351464] __x64_sys_ioctl+0x73/0xb0 [ 40.355350] do_syscall_64+0x1b9/0x820 [ 40.359234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.364408] [ 40.366030] Freed by task 4665: [ 40.369315] save_stack+0x43/0xd0 [ 40.372769] __kasan_slab_free+0x11a/0x170 [ 40.377000] kasan_slab_free+0xe/0x10 [ 40.380800] kmem_cache_free+0x86/0x280 [ 40.384770] vmx_free_vcpu+0x26b/0x300 [ 40.388651] kvm_arch_destroy_vm+0x365/0x7c0 [ 40.393054] kvm_put_kvm+0x73f/0x1060 [ 40.396854] kvm_vm_release+0x42/0x50 [ 40.400651] __fput+0x38a/0xa40 [ 40.403924] ____fput+0x15/0x20 [ 40.407200] task_work_run+0x1e8/0x2a0 [ 40.411082] do_exit+0x1ae4/0x26e0 [ 40.414617] do_group_exit+0x177/0x440 [ 40.418502] get_signal+0x851/0x18e0 [ 40.422212] do_signal+0x9c/0x21c0 [ 40.425756] exit_to_usermode_loop+0x2e5/0x380 [ 40.430335] prepare_exit_to_usermode+0x342/0x3b0 [ 40.435170] retint_user+0x8/0x18 [ 40.438607] [ 40.440228] The buggy address belongs to the object at ffff8801b6a10040 [ 40.440228] which belongs to the cache kvm_vcpu of size 23872 [ 40.452799] The buggy address is located 24 bytes inside of [ 40.452799] 23872-byte region [ffff8801b6a10040, ffff8801b6a15d80) [ 40.464761] The buggy address belongs to the page: [ 40.469692] page:ffffea0006da8400 count:1 mapcount:0 mapping:ffff8801d528a080 index:0x0 compound_mapcount: 0 [ 40.479674] flags: 0x2fffc0000008100(slab|head) [ 40.484350] raw: 02fffc0000008100 ffff8801d4a39a48 ffff8801d4a39a48 ffff8801d528a080 [ 40.492233] raw: 0000000000000000 ffff8801b6a10040 0000000100000001 0000000000000000 [ 40.500101] page dumped because: kasan: bad access detected [ 40.505799] [ 40.507425] Memory state around the buggy address: [ 40.512348] ffff8801b6a0ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.519702] ffff8801b6a0ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.527060] >ffff8801b6a10000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 40.534408] ^ [ 40.540636] ffff8801b6a10080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.547989] ffff8801b6a10100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.555336] ================================================================== [ 40.562691] Kernel panic - not syncing: panic_on_warn set ... [ 40.562691] [ 40.570057] CPU: 0 PID: 4665 Comm: syz-executor896 Tainted: G B 4.19.0-rc2+ #220 [ 40.578890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.588239] Call Trace: [ 40.590832] dump_stack+0x1c9/0x2b4 [ 40.594464] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.599655] ? lock_downgrade+0x8f0/0x8f0 [ 40.603799] ? __schedule+0xf54/0x1df0 [ 40.607684] panic+0x238/0x4e7 [ 40.610874] ? add_taint.cold.5+0x16/0x16 [ 40.615021] ? print_shadow_for_address+0xba/0x116 [ 40.619945] ? trace_hardirqs_off+0xaf/0x2b0 [ 40.624348] ? trace_hardirqs_off+0x77/0x2b0 [ 40.628763] ? __schedule+0xf54/0x1df0 [ 40.632655] kasan_end_report+0x47/0x4f [ 40.636625] kasan_report.cold.7+0x76/0x30d [ 40.640946] __asan_report_load8_noabort+0x14/0x20 [ 40.645874] __schedule+0xf54/0x1df0 [ 40.649581] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 40.654687] ? __sched_text_start+0x8/0x8 [ 40.658852] ? __call_srcu+0x7e7/0x1040 [ 40.662832] ? check_same_owner+0x340/0x340 [ 40.667152] ? mark_held_locks+0x160/0x160 [ 40.671388] preempt_schedule_common+0x22/0x60 [ 40.675968] _cond_resched+0x1d/0x30 [ 40.679795] wait_for_completion+0xa5/0x8d0 [ 40.684103] ? wait_for_completion_interruptible+0x950/0x950 [ 40.689890] ? __lockdep_init_map+0x105/0x590 [ 40.694824] ? __init_waitqueue_head+0x9e/0x150 [ 40.699474] ? init_wait_entry+0x1c0/0x1c0 [ 40.703699] __synchronize_srcu+0x189/0x240 [ 40.708003] ? call_srcu+0x10/0x10 [ 40.711530] ? rcu_unexpedite_gp+0x20/0x20 [ 40.715756] synchronize_srcu+0x335/0x56f [ 40.719885] ? lock_downgrade+0x8f0/0x8f0 [ 40.724016] ? synchronize_srcu_expedited+0x20/0x20 [ 40.729013] ? kasan_check_read+0x11/0x20 [ 40.733142] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.737703] ? kasan_check_write+0x14/0x20 [ 40.741916] ? do_raw_spin_lock+0xc1/0x200 [ 40.746136] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.751829] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 40.758329] ? kvfree+0x61/0x70 [ 40.761596] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.766602] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.770663] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.775075] ? kvm_arch_sync_events+0x30/0x30 [ 40.779574] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.785121] ? mmu_notifier_unregister+0x474/0x600 [ 40.790067] ? trace_hardirqs_on+0x2c0/0x2c0 [ 40.794477] ? kfree+0x111/0x210 [ 40.797852] ? __mmu_notifier_register+0x30/0x30 [ 40.802611] ? __free_pages+0x10a/0x190 [ 40.806587] ? free_unref_page+0x930/0x930 [ 40.811348] kvm_put_kvm+0x73f/0x1060 [ 40.815158] ? kvm_write_guest_cached+0x40/0x40 [ 40.819855] ? _raw_spin_unlock_irq+0x27/0x70 [ 40.824346] ? _raw_spin_unlock_irq+0x27/0x70 [ 40.828864] ? kasan_check_write+0x14/0x20 [ 40.833106] ? do_raw_spin_lock+0xc1/0x200 [ 40.837374] ? kvm_irqfd_release+0xdd/0x120 [ 40.841702] ? kvm_irqfd_release+0xdd/0x120 [ 40.846046] ? kvm_put_kvm+0x1060/0x1060 [ 40.850116] kvm_vm_release+0x42/0x50 [ 40.853918] __fput+0x38a/0xa40 [ 40.857199] ? __alloc_file+0x400/0x400 [ 40.861173] ? check_same_owner+0x340/0x340 [ 40.865494] ? kasan_check_write+0x14/0x20 [ 40.869731] ? do_raw_spin_lock+0xc1/0x200 [ 40.873975] ____fput+0x15/0x20 [ 40.877252] task_work_run+0x1e8/0x2a0 [ 40.881152] ? task_work_cancel+0x240/0x240 [ 40.885477] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.891019] ? switch_task_namespaces+0xa2/0xd0 [ 40.895691] do_exit+0x1ae4/0x26e0 [ 40.899235] ? lockdep_hardirqs_on+0x421/0x5c0 [ 40.903824] ? mm_update_next_owner+0x9a0/0x9a0 [ 40.908498] ? profiling_store+0xd0/0xd0 [ 40.912567] ? kasan_check_write+0x14/0x20 [ 40.916802] ? do_raw_spin_lock+0xc1/0x200 [ 40.921040] ? do_coredump+0x477/0x3fff [ 40.925033] ? kasan_check_write+0x14/0x20 [ 40.929267] ? do_raw_spin_lock+0xc1/0x200 [ 40.933504] ? _raw_read_unlock_irqrestore+0x60/0xc0 [ 40.938619] ? dump_align+0xa0/0xa0 [ 40.942244] ? save_stack+0xa9/0xd0 [ 40.945871] ? save_stack+0x43/0xd0 [ 40.949495] ? __kasan_slab_free+0x11a/0x170 [ 40.953901] ? kasan_slab_free+0xe/0x10 [ 40.957874] ? kmem_cache_free+0x86/0x280 [ 40.962021] ? __sigqueue_free.part.29+0x7d/0xa0 [ 40.966775] ? __dequeue_signal+0x530/0x7d0 [ 40.971091] ? dequeue_signal+0xbc/0x620 [ 40.975153] ? get_signal+0x3f0/0x18e0 [ 40.979037] ? do_signal+0x9c/0x21c0 [ 40.982757] ? exit_to_usermode_loop+0x2e5/0x380 [ 40.987520] ? prepare_exit_to_usermode+0x342/0x3b0 [ 40.992536] ? trace_hardirqs_off+0xb8/0x2b0 [ 40.996942] ? kasan_check_read+0x11/0x20 [ 41.001098] ? do_raw_spin_unlock+0xa7/0x2f0 [ 41.005513] ? trace_hardirqs_on+0x2c0/0x2c0 [ 41.009923] ? kasan_check_write+0x14/0x20 [ 41.014154] ? graph_lock+0x170/0x170 [ 41.017956] ? trace_hardirqs_off+0xb8/0x2b0 [ 41.022362] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 41.027464] ? __lock_is_held+0xb5/0x140 [ 41.031525] ? __sigqueue_free.part.29+0x7d/0xa0 [ 41.036276] ? graph_lock+0x170/0x170 [ 41.040111] ? __sigqueue_free.part.29+0x7d/0xa0 [ 41.044873] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.049895] ? kmem_cache_free+0x246/0x280 [ 41.054131] ? __sigqueue_free.part.29+0x7d/0xa0 [ 41.058897] ? find_held_lock+0x36/0x1c0 [ 41.062973] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.068521] ? proc_coredump_connector+0x4d0/0x610 [ 41.073462] ? proc_comm_connector+0x500/0x500 [ 41.078052] do_group_exit+0x177/0x440 [ 41.081943] ? __ia32_sys_exit+0x50/0x50 [ 41.086008] get_signal+0x851/0x18e0 [ 41.089728] ? ptrace_notify+0x130/0x130 [ 41.093803] ? lock_release+0x9f0/0x9f0 [ 41.097780] ? __bad_area_nosemaphore+0x311/0x3f0 [ 41.102627] do_signal+0x9c/0x21c0 [ 41.106169] ? __bad_area+0x159/0x200 [ 41.109969] ? bad_area_nosemaphore+0x40/0x40 [ 41.114462] ? setup_sigcontext+0x7d0/0x7d0 [ 41.118786] ? bad_area_access_error+0x1f2/0x2e0 [ 41.123541] ? find_vma+0x34/0x190 [ 41.127079] ? __do_page_fault+0x449/0xe50 [ 41.131320] ? exit_to_usermode_loop+0x8c/0x380 [ 41.135992] ? trace_hardirqs_on+0x2c0/0x2c0 [ 41.140410] exit_to_usermode_loop+0x2e5/0x380 [ 41.144992] ? syscall_slow_exit_work+0x490/0x490 [ 41.149832] ? trace_hardirqs_off_caller+0xbb/0x2b0 [ 41.154856] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.159784] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.164621] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.169467] prepare_exit_to_usermode+0x342/0x3b0 [ 41.174317] ? perf_trace_sys_enter+0xb10/0xb10 [ 41.178992] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.183837] ? page_fault+0x8/0x30 [ 41.187382] retint_user+0x8/0x18 [ 41.190844] RIP: 0033:0x400c6b [ 41.194043] Code: Bad RIP value. [ 41.197408] RSP: 002b:00007fff1a50f3b0 EFLAGS: 00010217 [ 41.202782] RAX: 7073642f7665642f RBX: 00000000004002e0 RCX: 0000000000444059 [ 41.210050] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020000000 [ 41.217323] RBP: 00000000006ce018 R08: 00000000ffffffff R09: 0000000000000000 [ 41.224590] R10: 0000000000000032 R11: 0000000000000216 R12: 0000000000401d60 [ 41.231857] R13: 0000000000401df0 R14: 0000000000000000 R15: 0000000000000000 [ 41.239134] [ 41.239140] ====================================================== [ 41.239146] WARNING: possible circular locking dependency detected [ 41.239150] 4.19.0-rc2+ #220 Not tainted [ 41.239155] ------------------------------------------------------ [ 41.239160] syz-executor896/4665 is trying to acquire lock: [ 41.239164] 0000000018feeebd ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 41.239179] [ 41.239183] but task is already holding lock: [ 41.239186] 00000000a1f4b8e8 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 41.239200] [ 41.239205] which lock already depends on the new lock. [ 41.239207] [ 41.239210] [ 41.239215] the existing dependency chain (in reverse order) is: [ 41.239217] [ 41.239219] -> #3 (report_lock){....}: [ 41.239234] _raw_spin_lock_irqsave+0x96/0xc0 [ 41.239238] kasan_report+0x8e/0x110 [ 41.239242] __asan_report_load8_noabort+0x14/0x20 [ 41.239246] __schedule+0xf54/0x1df0 [ 41.239250] preempt_schedule_common+0x22/0x60 [ 41.239254] _cond_resched+0x1d/0x30 [ 41.239258] wait_for_completion+0xa5/0x8d0 [ 41.239263] __synchronize_srcu+0x189/0x240 [ 41.239267] synchronize_srcu+0x335/0x56f [ 41.239272] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.239276] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.239280] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.239283] kvm_put_kvm+0x73f/0x1060 [ 41.239287] kvm_vm_release+0x42/0x50 [ 41.239291] __fput+0x38a/0xa40 [ 41.239294] ____fput+0x15/0x20 [ 41.239298] task_work_run+0x1e8/0x2a0 [ 41.239302] do_exit+0x1ae4/0x26e0 [ 41.239306] do_group_exit+0x177/0x440 [ 41.239310] get_signal+0x851/0x18e0 [ 41.239319] do_signal+0x9c/0x21c0 [ 41.239329] exit_to_usermode_loop+0x2e5/0x380 [ 41.239333] prepare_exit_to_usermode+0x342/0x3b0 [ 41.239337] retint_user+0x8/0x18 [ 41.239339] [ 41.239341] -> #2 (&rq->lock){-.-.}: [ 41.239355] _raw_spin_lock+0x2a/0x40 [ 41.239359] task_fork_fair+0x93/0x680 [ 41.239363] sched_fork+0x44b/0xbd0 [ 41.239367] copy_process+0x235e/0x7ad0 [ 41.239370] _do_fork+0x1ca/0x1170 [ 41.239374] kernel_thread+0x34/0x40 [ 41.239378] rest_init+0x22/0xe4 [ 41.239382] start_kernel+0x913/0x94e [ 41.239386] x86_64_start_reservations+0x29/0x2b [ 41.239390] x86_64_start_kernel+0x76/0x79 [ 41.239394] secondary_startup_64+0xa4/0xb0 [ 41.239396] [ 41.239399] -> #1 (&p->pi_lock){-.-.}: [ 41.239413] _raw_spin_lock_irqsave+0x96/0xc0 [ 41.239417] try_to_wake_up+0xd2/0x1250 [ 41.239421] wake_up_process+0x10/0x20 [ 41.239425] __up.isra.1+0x1c0/0x2a0 [ 41.239428] up+0x13c/0x1c0 [ 41.239432] __up_console_sem+0xbe/0x1b0 [ 41.239436] console_unlock+0x506/0x10d0 [ 41.239440] vprintk_emit+0x33a/0x910 [ 41.239444] vprintk_default+0x28/0x30 [ 41.239448] vprintk_func+0x7a/0x117 [ 41.239451] printk+0xa7/0xcf [ 41.239455] regdb_fw_cb.cold.36+0x18/0x89 [ 41.239460] request_firmware_work_func+0x15c/0x2e0 [ 41.239464] process_one_work+0xc73/0x1aa0 [ 41.239468] worker_thread+0x189/0x13c0 [ 41.239471] kthread+0x35a/0x420 [ 41.239475] ret_from_fork+0x3a/0x50 [ 41.239477] [ 41.239480] -> #0 ((console_sem).lock){-...}: [ 41.239494] lock_acquire+0x1e4/0x4f0 [ 41.239498] _raw_spin_lock_irqsave+0x96/0xc0 [ 41.239502] down_trylock+0x13/0x70 [ 41.239507] __down_trylock_console_sem+0xae/0x200 [ 41.239511] console_trylock+0x15/0xa0 [ 41.239514] vprintk_emit+0x31f/0x910 [ 41.239518] vprintk_default+0x28/0x30 [ 41.239522] vprintk_func+0x7a/0x117 [ 41.239526] printk+0xa7/0xcf [ 41.239529] kasan_report+0x9e/0x110 [ 41.239534] __asan_report_load8_noabort+0x14/0x20 [ 41.239538] __schedule+0xf54/0x1df0 [ 41.239542] preempt_schedule_common+0x22/0x60 [ 41.239546] _cond_resched+0x1d/0x30 [ 41.239550] wait_for_completion+0xa5/0x8d0 [ 41.239554] __synchronize_srcu+0x189/0x240 [ 41.239559] synchronize_srcu+0x335/0x56f [ 41.239564] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.239567] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.239572] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.239576] kvm_put_kvm+0x73f/0x1060 [ 41.239579] kvm_vm_release+0x42/0x50 [ 41.239583] __fput+0x38a/0xa40 [ 41.239587] ____fput+0x15/0x20 [ 41.239591] task_work_run+0x1e8/0x2a0 [ 41.239594] do_exit+0x1ae4/0x26e0 [ 41.239598] do_group_exit+0x177/0x440 [ 41.239602] get_signal+0x851/0x18e0 [ 41.239606] do_signal+0x9c/0x21c0 [ 41.239610] exit_to_usermode_loop+0x2e5/0x380 [ 41.239615] prepare_exit_to_usermode+0x342/0x3b0 [ 41.239618] retint_user+0x8/0x18 [ 41.239620] [ 41.239625] other info that might help us debug this: [ 41.239627] [ 41.239630] Chain exists of: [ 41.239632] (console_sem).lock --> &rq->lock --> report_lock [ 41.239650] [ 41.239654] Possible unsafe locking scenario: [ 41.239657] [ 41.239661] CPU0 CPU1 [ 41.239665] ---- ---- [ 41.239667] lock(report_lock); [ 41.239676] lock(&rq->lock); [ 41.239686] lock(report_lock); [ 41.239694] lock((console_sem).lock); [ 41.239702] [ 41.239705] *** DEADLOCK *** [ 41.239707] [ 41.239711] 2 locks held by syz-executor896/4665: [ 41.239713] #0: 000000005c55085b (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 41.239730] #1: 00000000a1f4b8e8 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 41.239755] [ 41.239758] stack backtrace: [ 41.239764] CPU: 0 PID: 4665 Comm: syz-executor896 Not tainted 4.19.0-rc2+ #220 [ 41.239772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.239775] Call Trace: [ 41.239778] dump_stack+0x1c9/0x2b4 [ 41.239783] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.239787] ? vprintk_func+0x100/0x117 [ 41.239792] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 41.239796] ? save_trace+0xe0/0x290 [ 41.239800] __lock_acquire+0x3449/0x5020 [ 41.239804] ? mark_held_locks+0x160/0x160 [ 41.239808] ? mark_held_locks+0x160/0x160 [ 41.239812] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 41.239817] ? is_bpf_text_address+0xd7/0x170 [ 41.239821] ? kernel_text_address+0x79/0xf0 [ 41.239826] ? __kernel_text_address+0xd/0x40 [ 41.239830] ? __save_stack_trace+0x8d/0xf0 [ 41.239834] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 41.239838] ? save_trace+0x290/0x290 [ 41.239842] ? save_stack_trace+0x1a/0x20 [ 41.239846] ? save_trace+0xe0/0x290 [ 41.239850] ? graph_lock+0x170/0x170 [ 41.239855] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.239858] lock_acquire+0x1e4/0x4f0 [ 41.239862] ? down_trylock+0x13/0x70 [ 41.239866] ? lock_release+0x9f0/0x9f0 [ 41.239870] ? trace_hardirqs_off+0xb8/0x2b0 [ 41.239875] ? trace_hardirqs_on+0x2c0/0x2c0 [ 41.239879] ? trace_hardirqs_off+0xb8/0x2b0 [ 41.239883] ? log_store+0x34f/0x4c0 [ 41.239887] ? vprintk_emit+0x31f/0x910 [ 41.239891] _raw_spin_lock_irqsave+0x96/0xc0 [ 41.239895] ? down_trylock+0x13/0x70 [ 41.239898] down_trylock+0x13/0x70 [ 41.239903] __down_trylock_console_sem+0xae/0x200 [ 41.239907] console_trylock+0x15/0xa0 [ 41.239911] vprintk_emit+0x31f/0x910 [ 41.239915] ? wake_up_klogd+0x110/0x110 [ 41.239919] ? run_rebalance_domains+0x4c0/0x4c0 [ 41.239923] ? kasan_check_read+0x11/0x20 [ 41.239927] ? rcu_is_watching+0x8c/0x150 [ 41.239931] ? rcu_pm_notify+0xc0/0xc0 [ 41.239935] ? lock_acquire+0x1e4/0x4f0 [ 41.239939] ? kasan_report+0x8e/0x110 [ 41.239943] ? __schedule+0xf54/0x1df0 [ 41.239947] vprintk_default+0x28/0x30 [ 41.239950] vprintk_func+0x7a/0x117 [ 41.239954] printk+0xa7/0xcf [ 41.239958] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 41.239963] ? kasan_check_write+0x14/0x20 [ 41.239967] ? do_raw_spin_lock+0xc1/0x200 [ 41.239971] ? do_raw_spin_lock+0xc1/0x200 [ 41.239975] kasan_report+0x9e/0x110 [ 41.239979] __asan_report_load8_noabort+0x14/0x20 [ 41.239983] __schedule+0xf54/0x1df0 [ 41.239988] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 41.239992] ? __sched_text_start+0x8/0x8 [ 41.239995] ? __call_srcu+0x7e7/0x1040 [ 41.240000] ? check_same_owner+0x340/0x340 [ 41.240004] ? mark_held_locks+0x160/0x160 [ 41.240008] preempt_schedule_common+0x22/0x60 [ 41.240012] _cond_resched+0x1d/0x30 [ 41.240016] wait_for_completion+0xa5/0x8d0 [ 41.240021] ? wait_for_completion_interruptible+0x950/0x950 [ 41.240025] ? __lockdep_init_map+0x105/0x590 [ 41.240029] ? __init_waitqueue_head+0x9e/0x150 [ 41.240034] ? init_wait_entry+0x1c0/0x1c0 [ 41.240038] __synchronize_srcu+0x189/0x240 [ 41.240041] ? call_srcu+0x10/0x10 [ 41.240046] ? rcu_unexpedite_gp+0x20/0x20 [ 41.240050] synchronize_srcu+0x335/0x56f [ 41.240054] ? lock_downgrade+0x8f0/0x8f0 [ 41.240058] ? synchronize_srcu_expedited+0x20/0x20 [ 41.240062] ? kasan_check_read+0x11/0x20 [ 41.240067] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.240071] ? kasan_check_write+0x14/0x20 [ 41.240075] ? do_raw_spin_lock+0xc1/0x200 [ 41.240080] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.240085] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.240088] ? kvfree+0x61/0x70 [ 41.240093] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.240097] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.240101] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.240105] ? kvm_arch_sync_events+0x30/0x30 [ 41.240110] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.240114] ? mmu_notifier_unregister+0x474/0x600 [ 41.240119] ? trace_hardirqs_on+0x2c0/0x2c0 [ 41.240122] ? kfree+0x111/0x210 [ 41.240127] ? __mmu_notifier_register+0x30/0x30 [ 41.240131] ? __free_pages+0x10a/0x190 [ 41.240135] ? free_unref_page+0x930/0x930 [ 41.240138] kvm_put_kvm+0x73f/0x1060 [ 41.240143] ? kvm_write_guest_cached+0x40/0x40 [ 41.240147] ? _raw_spin_unlock_irq+0x27/0x70 [ 41.240151] ? _raw_spin_unlock_irq+0x27/0x70 [ 41.240155] ? kasan_check_write+0x14/0x20 [ 41.240159] ? do_raw_spin_lock+0xc1/0x200 [ 41.240163] ? kvm_irqfd_release+0xdd/0x120 [ 41.240168] ? kvm_irqfd_release+0xdd/0x120 [ 41.240171] ? kvm_put_kvm+0x1060/0x1060 [ 41.240175] kvm_vm_release+0x42/0x50 [ 41.240179] __fput+0x38a/0xa40 [ 41.240183] ? __alloc_file+0x400/0x400 [ 41.240187] ? check_same_owner+0x340/0x340 [ 41.240191] ? kasan_check_write+0x14/0x20 [ 41.240195] ? do_raw_spin_lock+0xc1/0x200 [ 41.240198] ____fput+0x15/0x20 [ 41.240202] task_work_run+0x1e8/0x2a0 [ 41.240206] ? task_work_cancel+0x240/0x240 [ 41.240211] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.240216] ? switch_task_namespaces+0xa2/0xd0 [ 41.240219] do_exit+0x1ae4/0x26e0 [ 41.240224] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.240228] ? mm_update_next_owner+0x9a0/0x9a0 [ 41.240232] ? profiling_store+0xd0/0xd0 [ 41.240236] ? kasan_check_write+0x14/0x20 [ 41.240240] ? do_raw_spin_lock+0xc1/0x2 [ 41.240247] Lost 71 message(s)! [ 42.302293] Shutting down cpus with NMI [ 43.362817] Dumping ftrace buffer: [ 43.366344] (ftrace buffer empty) [ 43.370030] Kernel Offset: disabled [ 43.373640] Rebooting in 86400 seconds..