[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 21.913092] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.246471] random: sshd: uninitialized urandom read (32 bytes read) [ 26.580783] random: sshd: uninitialized urandom read (32 bytes read) [ 27.133990] random: sshd: uninitialized urandom read (32 bytes read) [ 27.310758] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.201' (ECDSA) to the list of known hosts. [ 32.843472] random: sshd: uninitialized urandom read (32 bytes read) net.ipv6.conf.syz_tun.accept_dad = 0 [ 32.955355] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 33.165002] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.171470] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.179129] device bridge_slave_0 entered promiscuous mode [ 33.195940] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.202342] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.209571] device bridge_slave_1 entered promiscuous mode [ 33.226810] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 33.243136] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 33.287109] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 33.305885] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 33.371620] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 33.378921] team0: Port device team_slave_0 added [ 33.394720] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 33.401801] team0: Port device team_slave_1 added [ 33.417117] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 33.435632] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 33.453082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 33.471039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 33.600522] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.606956] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.613857] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.620225] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 34.064212] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.070355] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.114587] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.158252] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 34.167787] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 34.173910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.181474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.224991] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 34.471078] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.538785] ================================================================== [ 34.548650] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 34.554875] Read of size 8 at addr ffff8801d6f90058 by task syz-executor397/4899 [ 34.562392] [ 34.564087] CPU: 0 PID: 4899 Comm: syz-executor397 Not tainted 4.19.0-rc2+ #225 [ 34.571521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.580861] Call Trace: [ 34.583449] dump_stack+0x1c9/0x2b4 [ 34.587076] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.592261] ? printk+0xa7/0xcf [ 34.595537] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.600287] ? __schedule+0xf54/0x1df0 [ 34.604171] print_address_description+0x6c/0x20b [ 34.609008] ? __schedule+0xf54/0x1df0 [ 34.612895] kasan_report.cold.7+0x242/0x30d [ 34.617308] __asan_report_load8_noabort+0x14/0x20 [ 34.622242] __schedule+0xf54/0x1df0 [ 34.625959] ? __sched_text_start+0x8/0x8 [ 34.630100] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 34.635199] ? __call_srcu+0x7e7/0x1040 [ 34.639179] ? check_same_owner+0x340/0x340 [ 34.643498] ? mark_held_locks+0x160/0x160 [ 34.647728] ? find_held_lock+0x36/0x1c0 [ 34.651786] preempt_schedule_common+0x22/0x60 [ 34.656372] _cond_resched+0x1d/0x30 [ 34.660082] wait_for_completion+0xa5/0x8d0 [ 34.664405] ? wait_for_completion_interruptible+0x950/0x950 [ 34.670201] ? __lockdep_init_map+0x105/0x590 [ 34.674693] ? __init_waitqueue_head+0x9e/0x150 [ 34.679363] ? init_wait_entry+0x1c0/0x1c0 [ 34.683599] __synchronize_srcu+0x189/0x240 [ 34.687912] ? call_srcu+0x10/0x10 [ 34.691449] ? rcu_unexpedite_gp+0x20/0x20 [ 34.695689] synchronize_srcu+0x335/0x56f [ 34.699829] ? lock_downgrade+0x8f0/0x8f0 [ 34.703971] ? synchronize_srcu_expedited+0x20/0x20 [ 34.708987] ? kasan_check_read+0x11/0x20 [ 34.713133] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.717713] ? kasan_check_write+0x14/0x20 [ 34.721941] ? do_raw_spin_lock+0xc1/0x200 [ 34.726179] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.731889] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.737352] ? kvfree+0x61/0x70 [ 34.740634] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.745648] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.749703] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.754108] ? kvm_arch_sync_events+0x30/0x30 [ 34.758607] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.764156] ? mmu_notifier_unregister+0x474/0x600 [ 34.769079] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.773481] ? kfree+0x111/0x210 [ 34.776847] ? __mmu_notifier_register+0x30/0x30 [ 34.781602] ? __free_pages+0x10a/0x190 [ 34.785571] ? free_unref_page+0x930/0x930 [ 34.789812] kvm_put_kvm+0x73f/0x1060 [ 34.793618] ? kvm_write_guest_cached+0x40/0x40 [ 34.798286] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.803049] ? kvm_irqfd_release+0xdd/0x120 [ 34.807368] ? kvm_irqfd_release+0xdd/0x120 [ 34.811684] ? kvm_put_kvm+0x1060/0x1060 [ 34.815739] kvm_vm_release+0x42/0x50 [ 34.819544] __fput+0x38a/0xa40 [ 34.822823] ? __alloc_file+0x400/0x400 [ 34.826797] ? check_same_owner+0x340/0x340 [ 34.831114] ____fput+0x15/0x20 [ 34.834386] task_work_run+0x1e8/0x2a0 [ 34.838285] ? task_work_cancel+0x240/0x240 [ 34.842603] ? switch_task_namespaces+0xbd/0xd0 [ 34.847298] do_exit+0xfba/0x26e0 [ 34.850769] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.855435] ? print_usage_bug+0xc0/0xc0 [ 34.859494] ? rcu_is_watching+0x8c/0x150 [ 34.863637] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.868299] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.872980] ? is_bpf_text_address+0xd7/0x170 [ 34.877473] ? __lock_acquire+0x7fc/0x5020 [ 34.881702] ? unwind_get_return_address+0x61/0xa0 [ 34.886630] ? __save_stack_trace+0x8d/0xf0 [ 34.890966] ? mark_held_locks+0x160/0x160 [ 34.895196] ? save_stack+0xa9/0xd0 [ 34.898819] ? save_stack+0x43/0xd0 [ 34.902451] ? __kasan_slab_free+0x11a/0x170 [ 34.906852] ? kasan_slab_free+0xe/0x10 [ 34.910818] ? kmem_cache_free+0x86/0x280 [ 34.914964] ? sock_destroy_inode+0x51/0x60 [ 34.919282] ? destroy_inode+0x159/0x200 [ 34.923352] ? evict+0x5d5/0x990 [ 34.926714] ? iput+0x5fa/0xa00 [ 34.929991] ? __sock_release+0x1ec/0x250 [ 34.934136] ? __sock_create+0x44e/0x940 [ 34.938193] ? __sys_socket+0x106/0x260 [ 34.942165] ? __x64_sys_socket+0x73/0xb0 [ 34.946313] ? do_syscall_64+0x1b9/0x820 [ 34.950385] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.955747] ? trace_hardirqs_off+0xb8/0x2c0 [ 34.960147] ? kasan_check_read+0x11/0x20 [ 34.964290] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.968694] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.973097] ? kasan_check_write+0x14/0x20 [ 34.977346] ? trace_hardirqs_off+0xb8/0x2c0 [ 34.981750] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.986847] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.991253] ? kmem_cache_free+0xa0/0x280 [ 34.995394] ? graph_lock+0x170/0x170 [ 34.999192] ? rcu_is_watching+0x8c/0x150 [ 35.003344] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.007661] ? rcu_pm_notify+0xc0/0xc0 [ 35.011545] ? memset+0x31/0x40 [ 35.014821] ? find_held_lock+0x36/0x1c0 [ 35.018884] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.023382] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.027873] do_group_exit+0x177/0x440 [ 35.031754] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.036851] ? __ia32_sys_exit+0x50/0x50 [ 35.040918] get_signal+0x851/0x18e0 [ 35.044636] ? ptrace_notify+0x130/0x130 [ 35.048692] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.053279] ? iput+0x5ff/0xa00 [ 35.056555] ? inode_add_lru+0x2a0/0x2a0 [ 35.060615] ? inet6_create+0xc03/0x1250 [ 35.064687] do_signal+0x9c/0x21c0 [ 35.068227] ? inet6_net_init+0x8e0/0x8e0 [ 35.072386] ? rcu_is_watching+0x8c/0x150 [ 35.076530] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.081194] ? setup_sigcontext+0x7d0/0x7d0 [ 35.085514] ? __sock_release+0x1a0/0x250 [ 35.089677] ? __sock_create+0x126/0x940 [ 35.093738] ? exit_to_usermode_loop+0x8c/0x380 [ 35.098416] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.103950] exit_to_usermode_loop+0x2e5/0x380 [ 35.108532] ? syscall_slow_exit_work+0x490/0x490 [ 35.113378] do_syscall_64+0x6be/0x820 [ 35.117263] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.122626] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.127559] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.132397] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 35.137413] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.142429] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.147443] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.152283] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.157466] RIP: 0033:0x445a69 [ 35.160656] Code: Bad RIP value. [ 35.164011] RSP: 002b:00007fffdaa1f5c8 EFLAGS: 00000207 ORIG_RAX: 0000000000000029 [ 35.171713] RAX: ffffffffffffffa2 RBX: 0000000020000240 RCX: 0000000000445a69 [ 35.178973] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 35.186236] RBP: 6d74702f7665642f R08: 000000000000001c R09: 000000000000001c [ 35.194457] R10: 000000000000001c R11: 0000000000000207 R12: 0000000000402be0 [ 35.201725] R13: 0000000000402c70 R14: 0000000000000000 R15: 0000000000000000 [ 35.208997] [ 35.210618] Allocated by task 4899: [ 35.214250] save_stack+0x43/0xd0 [ 35.217702] kasan_kmalloc+0xc4/0xe0 [ 35.221412] kasan_slab_alloc+0x12/0x20 [ 35.225386] kmem_cache_alloc+0x12e/0x710 [ 35.229533] vmx_create_vcpu+0xcf/0x2830 [ 35.233590] kvm_arch_vcpu_create+0xe5/0x220 [ 35.237994] kvm_vm_ioctl+0x488/0x1d80 [ 35.241879] do_vfs_ioctl+0x1de/0x1720 [ 35.245764] ksys_ioctl+0xa9/0xd0 [ 35.249210] __x64_sys_ioctl+0x73/0xb0 [ 35.253095] do_syscall_64+0x1b9/0x820 [ 35.256977] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.262150] [ 35.263767] Freed by task 4899: [ 35.267051] save_stack+0x43/0xd0 [ 35.270497] __kasan_slab_free+0x11a/0x170 [ 35.274723] kasan_slab_free+0xe/0x10 [ 35.278520] kmem_cache_free+0x86/0x280 [ 35.282493] vmx_free_vcpu+0x26b/0x300 [ 35.286374] kvm_arch_destroy_vm+0x365/0x7c0 [ 35.290779] kvm_put_kvm+0x73f/0x1060 [ 35.294575] kvm_vm_release+0x42/0x50 [ 35.298368] __fput+0x38a/0xa40 [ 35.301644] ____fput+0x15/0x20 [ 35.304916] task_work_run+0x1e8/0x2a0 [ 35.308800] do_exit+0xfba/0x26e0 [ 35.312247] do_group_exit+0x177/0x440 [ 35.316128] get_signal+0x851/0x18e0 [ 35.319834] do_signal+0x9c/0x21c0 [ 35.323374] exit_to_usermode_loop+0x2e5/0x380 [ 35.327978] do_syscall_64+0x6be/0x820 [ 35.331864] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.337038] [ 35.338659] The buggy address belongs to the object at ffff8801d6f90040 [ 35.338659] which belongs to the cache kvm_vcpu of size 23872 [ 35.351234] The buggy address is located 24 bytes inside of [ 35.351234] 23872-byte region [ffff8801d6f90040, ffff8801d6f95d80) [ 35.363185] The buggy address belongs to the page: [ 35.368110] page:ffffea00075be400 count:1 mapcount:0 mapping:ffff8801d8796000 index:0x0 compound_mapcount: 0 [ 35.378088] flags: 0x2fffc0000008100(slab|head) [ 35.382758] raw: 02fffc0000008100 ffff8801d5200948 ffff8801d5200948 ffff8801d8796000 [ 35.390641] raw: 0000000000000000 ffff8801d6f90040 0000000100000001 0000000000000000 [ 35.398512] page dumped because: kasan: bad access detected [ 35.404208] [ 35.405826] Memory state around the buggy address: [ 35.410748] ffff8801d6f8ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.418120] ffff8801d6f8ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.425478] >ffff8801d6f90000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 35.432828] ^ [ 35.439055] ffff8801d6f90080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.446406] ffff8801d6f90100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.453752] ================================================================== [ 35.461098] Kernel panic - not syncing: panic_on_warn set ... [ 35.461098] [ 35.468460] CPU: 0 PID: 4899 Comm: syz-executor397 Tainted: G B 4.19.0-rc2+ #225 [ 35.477301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.486684] Call Trace: [ 35.489273] dump_stack+0x1c9/0x2b4 [ 35.492898] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.498084] ? lock_downgrade+0x8f0/0x8f0 [ 35.502259] ? __schedule+0xf54/0x1df0 [ 35.506166] panic+0x238/0x4e7 [ 35.509398] ? add_taint.cold.5+0x16/0x16 [ 35.513565] ? print_shadow_for_address+0xba/0x116 [ 35.518491] ? trace_hardirqs_off+0xaf/0x2c0 [ 35.522893] ? trace_hardirqs_off+0x77/0x2c0 [ 35.527297] ? __schedule+0xf54/0x1df0 [ 35.531191] kasan_end_report+0x47/0x4f [ 35.535165] kasan_report.cold.7+0x76/0x30d [ 35.539488] __asan_report_load8_noabort+0x14/0x20 [ 35.544411] __schedule+0xf54/0x1df0 [ 35.548130] ? __sched_text_start+0x8/0x8 [ 35.552273] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 35.557374] ? __call_srcu+0x7e7/0x1040 [ 35.561368] ? check_same_owner+0x340/0x340 [ 35.565685] ? mark_held_locks+0x160/0x160 [ 35.569917] ? find_held_lock+0x36/0x1c0 [ 35.573980] preempt_schedule_common+0x22/0x60 [ 35.578562] _cond_resched+0x1d/0x30 [ 35.582272] wait_for_completion+0xa5/0x8d0 [ 35.586605] ? wait_for_completion_interruptible+0x950/0x950 [ 35.592405] ? __lockdep_init_map+0x105/0x590 [ 35.596899] ? __init_waitqueue_head+0x9e/0x150 [ 35.601565] ? init_wait_entry+0x1c0/0x1c0 [ 35.605802] __synchronize_srcu+0x189/0x240 [ 35.610120] ? call_srcu+0x10/0x10 [ 35.613669] ? rcu_unexpedite_gp+0x20/0x20 [ 35.617909] synchronize_srcu+0x335/0x56f [ 35.622055] ? lock_downgrade+0x8f0/0x8f0 [ 35.626203] ? synchronize_srcu_expedited+0x20/0x20 [ 35.631221] ? kasan_check_read+0x11/0x20 [ 35.635372] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.639960] ? kasan_check_write+0x14/0x20 [ 35.644192] ? do_raw_spin_lock+0xc1/0x200 [ 35.648429] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.654145] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.659596] ? kvfree+0x61/0x70 [ 35.662879] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.667892] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.671977] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.676409] ? kvm_arch_sync_events+0x30/0x30 [ 35.680904] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.686461] ? mmu_notifier_unregister+0x474/0x600 [ 35.691388] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.695803] ? kfree+0x111/0x210 [ 35.699183] ? __mmu_notifier_register+0x30/0x30 [ 35.703952] ? __free_pages+0x10a/0x190 [ 35.707923] ? free_unref_page+0x930/0x930 [ 35.712206] kvm_put_kvm+0x73f/0x1060 [ 35.716033] ? kvm_write_guest_cached+0x40/0x40 [ 35.720726] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 35.725511] ? kvm_irqfd_release+0xdd/0x120 [ 35.729835] ? kvm_irqfd_release+0xdd/0x120 [ 35.734162] ? kvm_put_kvm+0x1060/0x1060 [ 35.738224] kvm_vm_release+0x42/0x50 [ 35.742025] __fput+0x38a/0xa40 [ 35.745302] ? __alloc_file+0x400/0x400 [ 35.749322] ? check_same_owner+0x340/0x340 [ 35.753680] ____fput+0x15/0x20 [ 35.756957] task_work_run+0x1e8/0x2a0 [ 35.760839] ? task_work_cancel+0x240/0x240 [ 35.765161] ? switch_task_namespaces+0xbd/0xd0 [ 35.769830] do_exit+0xfba/0x26e0 [ 35.773287] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.777957] ? print_usage_bug+0xc0/0xc0 [ 35.782012] ? rcu_is_watching+0x8c/0x150 [ 35.786159] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.790853] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.795552] ? is_bpf_text_address+0xd7/0x170 [ 35.800049] ? __lock_acquire+0x7fc/0x5020 [ 35.804282] ? unwind_get_return_address+0x61/0xa0 [ 35.809248] ? __save_stack_trace+0x8d/0xf0 [ 35.813596] ? mark_held_locks+0x160/0x160 [ 35.817830] ? save_stack+0xa9/0xd0 [ 35.821457] ? save_stack+0x43/0xd0 [ 35.825083] ? __kasan_slab_free+0x11a/0x170 [ 35.829539] ? kasan_slab_free+0xe/0x10 [ 35.833542] ? kmem_cache_free+0x86/0x280 [ 35.837687] ? sock_destroy_inode+0x51/0x60 [ 35.842007] ? destroy_inode+0x159/0x200 [ 35.846061] ? evict+0x5d5/0x990 [ 35.849429] ? iput+0x5fa/0xa00 [ 35.852710] ? __sock_release+0x1ec/0x250 [ 35.856857] ? __sock_create+0x44e/0x940 [ 35.860912] ? __sys_socket+0x106/0x260 [ 35.864885] ? __x64_sys_socket+0x73/0xb0 [ 35.869030] ? do_syscall_64+0x1b9/0x820 [ 35.873086] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.878444] ? trace_hardirqs_off+0xb8/0x2c0 [ 35.882848] ? kasan_check_read+0x11/0x20 [ 35.886992] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.891397] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.895801] ? kasan_check_write+0x14/0x20 [ 35.900031] ? trace_hardirqs_off+0xb8/0x2c0 [ 35.904441] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.909541] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.913948] ? kmem_cache_free+0xa0/0x280 [ 35.918093] ? graph_lock+0x170/0x170 [ 35.921887] ? rcu_is_watching+0x8c/0x150 [ 35.926029] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.930383] ? rcu_pm_notify+0xc0/0xc0 [ 35.934298] ? memset+0x31/0x40 [ 35.937603] ? find_held_lock+0x36/0x1c0 [ 35.941665] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.946155] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.950653] do_group_exit+0x177/0x440 [ 35.954539] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.959641] ? __ia32_sys_exit+0x50/0x50 [ 35.963713] get_signal+0x851/0x18e0 [ 35.967437] ? ptrace_notify+0x130/0x130 [ 35.971497] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.976079] ? iput+0x5ff/0xa00 [ 35.979366] ? inode_add_lru+0x2a0/0x2a0 [ 35.983428] ? inet6_create+0xc03/0x1250 [ 35.987486] do_signal+0x9c/0x21c0 [ 35.991021] ? inet6_net_init+0x8e0/0x8e0 [ 35.995170] ? rcu_is_watching+0x8c/0x150 [ 35.999332] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.004038] ? setup_sigcontext+0x7d0/0x7d0 [ 36.008384] ? __sock_release+0x1a0/0x250 [ 36.012531] ? __sock_create+0x126/0x940 [ 36.016595] ? exit_to_usermode_loop+0x8c/0x380 [ 36.021274] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.026841] exit_to_usermode_loop+0x2e5/0x380 [ 36.031449] ? syscall_slow_exit_work+0x490/0x490 [ 36.036302] do_syscall_64+0x6be/0x820 [ 36.040201] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.045566] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.050496] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.055840] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 36.060898] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.065936] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.070951] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.075796] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.080995] RIP: 0033:0x445a69 [ 36.084193] Code: Bad RIP value. [ 36.087548] RSP: 002b:00007fffdaa1f5c8 EFLAGS: 00000207 ORIG_RAX: 0000000000000029 [ 36.095273] RAX: ffffffffffffffa2 RBX: 0000000020000240 RCX: 0000000000445a69 [ 36.102550] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 36.109840] RBP: 6d74702f7665642f R08: 000000000000001c R09: 000000000000001c [ 36.117104] R10: 000000000000001c R11: 0000000000000207 R12: 0000000000402be0 [ 36.124365] R13: 0000000000402c70 R14: 0000000000000000 R15: 0000000000000000 [ 36.131636] [ 36.131641] ====================================================== [ 36.131647] WARNING: possible circular locking dependency detected [ 36.131650] 4.19.0-rc2+ #225 Not tainted [ 36.131656] ------------------------------------------------------ [ 36.131661] syz-executor397/4899 is trying to acquire lock: [ 36.131664] 000000009713390e ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 36.131686] [ 36.131690] but task is already holding lock: [ 36.131693] 00000000674fd709 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.131707] [ 36.131712] which lock already depends on the new lock. [ 36.131714] [ 36.131717] [ 36.131722] the existing dependency chain (in reverse order) is: [ 36.131724] [ 36.131727] -> #3 (report_lock){....}: [ 36.131742] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.131746] kasan_report+0x8e/0x110 [ 36.131750] __asan_report_load8_noabort+0x14/0x20 [ 36.131754] __schedule+0xf54/0x1df0 [ 36.131759] preempt_schedule_common+0x22/0x60 [ 36.131762] _cond_resched+0x1d/0x30 [ 36.131767] wait_for_completion+0xa5/0x8d0 [ 36.131771] __synchronize_srcu+0x189/0x240 [ 36.131775] synchronize_srcu+0x335/0x56f [ 36.131780] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.131784] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.131789] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.131792] kvm_put_kvm+0x73f/0x1060 [ 36.131796] kvm_vm_release+0x42/0x50 [ 36.131800] __fput+0x38a/0xa40 [ 36.131803] ____fput+0x15/0x20 [ 36.131807] task_work_run+0x1e8/0x2a0 [ 36.131811] do_exit+0xfba/0x26e0 [ 36.131815] do_group_exit+0x177/0x440 [ 36.131819] get_signal+0x851/0x18e0 [ 36.131823] do_signal+0x9c/0x21c0 [ 36.131827] exit_to_usermode_loop+0x2e5/0x380 [ 36.131831] do_syscall_64+0x6be/0x820 [ 36.131836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.131838] [ 36.131841] -> #2 (&rq->lock){-.-.}: [ 36.131864] _raw_spin_lock+0x2a/0x40 [ 36.131868] task_fork_fair+0x93/0x680 [ 36.131872] sched_fork+0x44b/0xbd0 [ 36.131876] copy_process+0x235e/0x7af0 [ 36.131880] _do_fork+0x1ca/0x1170 [ 36.131883] kernel_thread+0x34/0x40 [ 36.131887] rest_init+0x22/0xe4 [ 36.131891] start_kernel+0x913/0x94e [ 36.131896] x86_64_start_reservations+0x29/0x2b [ 36.131900] x86_64_start_kernel+0x76/0x79 [ 36.131904] secondary_startup_64+0xa4/0xb0 [ 36.131906] [ 36.131909] -> #1 (&p->pi_lock){-.-.}: [ 36.131923] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.131928] try_to_wake_up+0xd2/0x1250 [ 36.131931] wake_up_process+0x10/0x20 [ 36.131935] __up.isra.1+0x1c0/0x2a0 [ 36.131939] up+0x13c/0x1c0 [ 36.131943] __up_console_sem+0xbe/0x1b0 [ 36.131947] console_unlock+0x506/0x10e0 [ 36.131951] vprintk_emit+0x33a/0x910 [ 36.131955] vprintk_default+0x28/0x30 [ 36.131959] vprintk_func+0x7a/0x117 [ 36.131962] printk+0xa7/0xcf [ 36.131966] load_umh+0x51/0xbd [ 36.131970] do_one_initcall+0x127/0x838 [ 36.131974] kernel_init_freeable+0x4bb/0x5ae [ 36.131978] kernel_init+0x11/0x1b3 [ 36.131982] ret_from_fork+0x3a/0x50 [ 36.131984] [ 36.131986] -> #0 ((console_sem).lock){-...}: [ 36.132001] lock_acquire+0x1e4/0x4f0 [ 36.132005] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.132009] down_trylock+0x13/0x70 [ 36.132014] __down_trylock_console_sem+0xae/0x200 [ 36.132018] console_trylock+0x15/0xa0 [ 36.132022] vprintk_emit+0x31f/0x910 [ 36.132026] vprintk_default+0x28/0x30 [ 36.132029] vprintk_func+0x7a/0x117 [ 36.132033] printk+0xa7/0xcf [ 36.132037] kasan_report+0x9e/0x110 [ 36.132041] __asan_report_load8_noabort+0x14/0x20 [ 36.132045] __schedule+0xf54/0x1df0 [ 36.132050] preempt_schedule_common+0x22/0x60 [ 36.132053] _cond_resched+0x1d/0x30 [ 36.132058] wait_for_completion+0xa5/0x8d0 [ 36.132062] __synchronize_srcu+0x189/0x240 [ 36.132066] synchronize_srcu+0x335/0x56f [ 36.132071] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.132075] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.132080] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.132084] kvm_put_kvm+0x73f/0x1060 [ 36.132087] kvm_vm_release+0x42/0x50 [ 36.132091] __fput+0x38a/0xa40 [ 36.132095] ____fput+0x15/0x20 [ 36.132098] task_work_run+0x1e8/0x2a0 [ 36.132102] do_exit+0xfba/0x26e0 [ 36.132106] do_group_exit+0x177/0x440 [ 36.132110] get_signal+0x851/0x18e0 [ 36.132114] do_signal+0x9c/0x21c0 [ 36.132118] exit_to_usermode_loop+0x2e5/0x380 [ 36.132122] do_syscall_64+0x6be/0x820 [ 36.132127] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.132129] [ 36.132133] other info that might help us debug this: [ 36.132139] [ 36.132145] Chain exists of: [ 36.132153] (console_sem).lock --> &rq->lock --> report_lock [ 36.132195] [ 36.132206] Possible unsafe locking scenario: [ 36.132214] [ 36.132223] CPU0 CPU1 [ 36.132230] ---- ---- [ 36.132235] lock(report_lock); [ 36.132259] lock(&rq->lock); [ 36.132279] lock(report_lock); [ 36.132298] lock((console_sem).lock); [ 36.132317] [ 36.132334] *** DEADLOCK *** [ 36.132345] [ 36.132358] 2 locks held by syz-executor397/4899: [ 36.132366] #0: 00000000c27964bf (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 36.132403] #1: 00000000674fd709 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.132443] [ 36.132449] stack backtrace: [ 36.132463] CPU: 0 PID: 4899 Comm: syz-executor397 Not tainted 4.19.0-rc2+ #225 [ 36.132481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.132487] Call Trace: [ 36.132499] dump_stack+0x1c9/0x2b4 [ 36.132507] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.132511] ? vprintk_func+0x100/0x117 [ 36.132525] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 36.132537] ? save_trace+0xe0/0x290 [ 36.132544] __lock_acquire+0x3449/0x5020 [ 36.132554] ? mark_held_locks+0x160/0x160 [ 36.132566] ? mark_held_locks+0x160/0x160 [ 36.132576] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.132586] ? is_bpf_text_address+0xd7/0x170 [ 36.132599] ? kernel_text_address+0x79/0xf0 [ 36.132609] ? __kernel_text_address+0xd/0x40 [ 36.132614] ? __save_stack_trace+0x8d/0xf0 [ 36.132626] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 36.132636] ? save_trace+0x290/0x290 [ 36.132645] ? save_stack_trace+0x1a/0x20 [ 36.132649] ? save_trace+0xe0/0x290 [ 36.132659] ? graph_lock+0x170/0x170 [ 36.132672] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.132681] lock_acquire+0x1e4/0x4f0 [ 36.132688] ? down_trylock+0x13/0x70 [ 36.132697] ? lock_release+0x9f0/0x9f0 [ 36.132707] ? trace_hardirqs_off+0xb8/0x2c0 [ 36.132717] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.132727] ? trace_hardirqs_off+0xb8/0x2c0 [ 36.132736] ? log_store+0x34f/0x4c0 [ 36.132745] ? vprintk_emit+0x31f/0x910 [ 36.132756] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.132768] ? down_trylock+0x13/0x70 [ 36.132772] down_trylock+0x13/0x70 [ 36.132779] __down_trylock_console_sem+0xae/0x200 [ 36.132789] console_trylock+0x15/0xa0 [ 36.132795] vprintk_emit+0x31f/0x910 [ 36.132808] ? wake_up_klogd+0x110/0x110 [ 36.132817] ? run_rebalance_domains+0x4c0/0x4c0 [ 36.132824] ? kasan_check_read+0x11/0x20 [ 36.132831] ? rcu_is_watching+0x8c/0x150 [ 36.132840] ? rcu_pm_notify+0xc0/0xc0 [ 36.132850] ? lock_acquire+0x1e4/0x4f0 [ 36.132857] ? kasan_report+0x8e/0x110 [ 36.132863] ? __schedule+0xf54/0x1df0 [ 36.132870] vprintk_default+0x28/0x30 [ 36.132882] vprintk_func+0x7a/0x117 [ 36.132891] printk+0xa7/0xcf [ 36.132898] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.132910] ? kasan_check_write+0x14/0x20 [ 36.132920] ? do_raw_spin_lock+0xc1/0x200 [ 36.132929] ? do_raw_spin_lock+0xc1/0x200 [ 36.132936] kasan_report+0x9e/0x110 [ 36.132943] __asan_report_load8_noabort+0x14/0x20 [ 36.132955] __schedule+0xf54/0x1df0 [ 36.132966] ? __sched_text_start+0x8/0x8 [ 36.132973] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 36.132983] ? __call_srcu+0x7e7/0x1040 [ 36.132993] ? check_same_owner+0x340/0x340 [ 36.133002] ? mark_held_locks+0x160/0x160 [ 36.133009] ? find_held_lock+0x36/0x1c0 [ 36.133019] preempt_schedule_common+0x22/0x60 [ 36.133028] _cond_resched+0x1d/0x30 [ 36.133038] wait_for_completion+0xa5/0x8d0 [ 36.133046] ? wait_for_completion_interruptible+0x950/0x950 [ 36.133058] ? __lockdep_init_map+0x105/0x590 [ 36.133068] ? __init_waitqueue_head+0x9e/0x150 [ 36.133078] ? init_wait_entry+0x1c0/0x1c0 [ 36.133085] __synchronize_srcu+0x189/0x240 [ 36.133088] ? call_srcu+0x10/0x10 [ 36.133092] ? rcu_unexpedite_gp+0x20/0x20 [ 36.133096] synchronize_srcu+0x335/0x56f [ 36.133103] ? lock_downgrade+0x8f0/0x8f0 [ 36.133111] ? synchronize_srcu_expedited+0x20/0x20 [ 36.133120] ? kasan_check_read+0x11/0x20 [ 36.133133] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.133142] ? kasan_check_write+0x14/0x20 [ 36.133147] ? do_raw_spin_lock+0xc1/0x200 [ 36.133154] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.133168] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.133177] ? kvfree+0x61/0x70 [ 36.133184] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.133197] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.133210] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.133217] ? kvm_arch_sync_events+0x30/0x30 [ 36.133229] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.133242] ? mmu_notifier_unregister+0x474/0x600 [ 36.133249] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.133258] ? kfree+0x111/0x210 [ 36.133265] ? __mmu_notifier_register+0x30/0x30 [ 36.133278] ? __free_pages+0x10a/0x190 [ 36.133284] ? free_unref_page+0x930/0x930 [ 36.133291] kvm_put_kvm+0x73f/0x1060 [ 36.133301] ? kvm_write_guest_cached+0x40/0x40 [ 36.133311] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 36.133320] ? kvm_irqfd_release+0xdd/0x120 [ 36.133342] ? kvm_irqfd_release+0xdd/0x120 [ 36.133352] ? kvm_put_kvm+0x1060/0x1060 [ 36.133358] kvm_vm_release+0x42/0x50 [ 36.133367] __fput+0x38a/0xa40 [ 36.133377] ? __alloc_file+0x400/0x400 [ 36.133389] ? check_same_owner+0x340/0x340 [ 36.133396] ____fput+0x15/0x20 [ 36.133409] task_work_run+0x1e8/0x2a0 [ 36.133419] ? task_work_cancel+0x240/0x240 [ 36.133427] ? switch_task_namespaces+0xbd/0xd0 [ 36.133433] do_exit+0xfba/0x26e0 [ 36.133446] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.133450] ? print_usage_bug+0xc0/0xc0 [ 36.133457] ? rcu_is_watching+0x8c/0x150 [ 36.133464] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.133468] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.133478] ? is_bpf_text_address+0xd7/0x170 [ 36.133488] ? __lock_acquire+0x7fc/0x5020 [ 36.133498] ? unwind_get_return_address+0x61/0xa0 [ 36.133508] ? __save_stack_trace+0x8d/0xf0 [ 36.133518] ? mark_held_locks+0x160/0x160 [ 36.133530] ? save_stack+0xa9/0xd0 [ 36.133532] ? s [ 36.133540] Lost 68 message(s)! [ 37.217361] Shutting down cpus with NMI [ 38.278461] Dumping ftrace buffer: [ 38.281981] (ftrace buffer empty) [ 38.285670] Kernel Offset: disabled [ 38.289278] Rebooting in 86400 seconds..