Warning: Permanently added '10.128.10.4' (ECDSA) to the list of known hosts. [ 31.924303] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 32.050209] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 32.075225] ================================================================== [ 32.085305] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 32.091536] Read of size 8 at addr ffff8801c5f10058 by task syz-executor527/5329 [ 32.099056] [ 32.100696] CPU: 1 PID: 5329 Comm: syz-executor527 Not tainted 4.19.0-rc4+ #247 [ 32.108159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.117520] Call Trace: [ 32.120128] dump_stack+0x1c4/0x2b4 [ 32.123763] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.128965] ? printk+0xa7/0xcf [ 32.132249] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.137017] print_address_description.cold.8+0x9/0x1ff [ 32.142387] kasan_report.cold.9+0x242/0x309 [ 32.146799] ? __schedule+0xfc3/0x1ed0 [ 32.150766] __asan_report_load8_noabort+0x14/0x20 [ 32.155714] __schedule+0xfc3/0x1ed0 [ 32.159441] ? __sched_text_start+0x8/0x8 [ 32.163597] ? __lock_is_held+0xb5/0x140 [ 32.167671] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 32.172819] ? find_held_lock+0x36/0x1c0 [ 32.176899] ? __call_srcu+0x7f9/0x1070 [ 32.180884] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 32.185995] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 32.191114] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.195708] ? preempt_schedule+0x4d/0x60 [ 32.199870] preempt_schedule_common+0x1f/0xd0 [ 32.204457] preempt_schedule+0x4d/0x60 [ 32.208439] ___preempt_schedule+0x16/0x18 [ 32.212684] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 32.217626] __call_srcu+0x7f9/0x1070 [ 32.221428] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 32.226541] ? srcu_offline_cpu+0x120/0x120 [ 32.230866] ? debug_object_free+0x690/0x690 [ 32.235277] ? mark_held_locks+0x130/0x130 [ 32.239511] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 32.244113] ? lock_release+0x970/0x970 [ 32.248103] ? arch_local_save_flags+0x40/0x40 [ 32.252694] ? depot_save_stack+0x292/0x470 [ 32.257025] ? __lockdep_init_map+0x105/0x590 [ 32.261529] ? __init_waitqueue_head+0x9e/0x150 [ 32.266200] ? init_wait_entry+0x1c0/0x1c0 [ 32.270442] __synchronize_srcu+0x17b/0x230 [ 32.274765] ? call_srcu+0x10/0x10 [ 32.278398] ? rcu_unexpedite_gp+0x20/0x20 [ 32.282647] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 32.288187] ? check_preemption_disabled+0x48/0x200 [ 32.293211] synchronize_srcu+0x356/0x5ab [ 32.297377] ? lock_downgrade+0x900/0x900 [ 32.301543] ? synchronize_srcu_expedited+0x20/0x20 [ 32.306568] ? kasan_check_read+0x11/0x20 [ 32.310724] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.315334] ? kasan_check_write+0x14/0x20 [ 32.319568] ? do_raw_spin_lock+0xc1/0x200 [ 32.323809] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.329522] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.334977] ? kvfree+0x61/0x70 [ 32.338270] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.343290] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.347352] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.351856] ? kvm_arch_sync_events+0x30/0x30 [ 32.356357] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.361899] ? mmu_notifier_unregister+0x474/0x600 [ 32.366835] ? kfree+0x107/0x230 [ 32.370203] ? __mmu_notifier_register+0x30/0x30 [ 32.374966] ? __free_pages+0x10a/0x190 [ 32.378944] ? free_unref_page+0x960/0x960 [ 32.383195] kvm_put_kvm+0x6c8/0xff0 [ 32.386917] ? kvm_write_guest_cached+0x40/0x40 [ 32.391589] ? kvm_irqfd_release+0xd1/0x120 [ 32.395931] ? _raw_spin_unlock_irq+0x27/0x80 [ 32.400429] ? _raw_spin_unlock_irq+0x27/0x80 [ 32.404935] ? kasan_check_write+0x14/0x20 [ 32.409418] ? do_raw_spin_lock+0xc1/0x200 [ 32.413660] ? kvm_irqfd_release+0xdd/0x120 [ 32.418070] ? kvm_irqfd_release+0xdd/0x120 [ 32.422428] ? kvm_put_kvm+0xff0/0xff0 [ 32.426323] kvm_vm_release+0x42/0x50 [ 32.430133] __fput+0x385/0xa30 [ 32.433421] ? get_max_files+0x20/0x20 [ 32.437318] ? trace_hardirqs_on+0xbd/0x310 [ 32.441652] ? ___might_sleep+0x1ed/0x300 [ 32.445807] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 32.451264] ? arch_local_save_flags+0x40/0x40 [ 32.455855] ? kasan_check_write+0x14/0x20 [ 32.460122] ? do_raw_spin_lock+0xc1/0x200 [ 32.464363] ____fput+0x15/0x20 [ 32.467652] task_work_run+0x1e8/0x2a0 [ 32.471552] ? task_work_cancel+0x240/0x240 [ 32.475881] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.481430] ? switch_task_namespaces+0x9d/0xd0 [ 32.486125] do_exit+0x1ad7/0x2610 [ 32.489681] ? mm_update_next_owner+0x990/0x990 [ 32.494384] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 32.498638] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.503664] ? kfree+0x1fa/0x230 [ 32.507043] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 32.511291] ? kvm_vcpu_block+0x1030/0x1030 [ 32.515643] ? is_bpf_text_address+0xd3/0x170 [ 32.520147] ? kernel_text_address+0x79/0xf0 [ 32.524572] ? __kernel_text_address+0xd/0x40 [ 32.529076] ? unwind_get_return_address+0x61/0xa0 [ 32.534026] ? __save_stack_trace+0x8d/0xf0 [ 32.538812] ? save_stack+0xa9/0xd0 [ 32.542445] ? save_stack+0x43/0xd0 [ 32.546076] ? __kasan_slab_free+0x102/0x150 [ 32.550500] ? kasan_slab_free+0xe/0x10 [ 32.554477] ? putname+0xf2/0x130 [ 32.557935] ? __x64_sys_openat+0x9d/0x100 [ 32.562173] ? do_syscall_64+0x1b9/0x820 [ 32.566242] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.571613] ? trace_hardirqs_off+0xb8/0x310 [ 32.576031] ? kasan_check_read+0x11/0x20 [ 32.580186] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.584614] ? trace_hardirqs_on+0x310/0x310 [ 32.589033] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 32.594139] ? trace_hardirqs_off+0xb8/0x310 [ 32.598549] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.604096] ? check_preemption_disabled+0x48/0x200 [ 32.609123] ? check_preemption_disabled+0x48/0x200 [ 32.614153] ? kvm_vcpu_block+0x1030/0x1030 [ 32.618484] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.624022] ? do_vfs_ioctl+0x201/0x1720 [ 32.628112] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 32.633401] ? ioctl_preallocate+0x300/0x300 [ 32.637815] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.643358] ? __fget_light+0x2e9/0x430 [ 32.647341] ? fget_raw+0x20/0x20 [ 32.650798] ? putname+0xf2/0x130 [ 32.654253] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.659279] ? kmem_cache_free+0x24f/0x290 [ 32.663521] ? putname+0xf7/0x130 [ 32.666982] do_group_exit+0x177/0x440 [ 32.670877] ? trace_hardirqs_on+0xbd/0x310 [ 32.675202] ? __ia32_sys_exit+0x50/0x50 [ 32.679379] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 32.684836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.690379] ? ksys_ioctl+0x81/0xd0 [ 32.694014] __x64_sys_exit_group+0x3e/0x50 [ 32.698341] do_syscall_64+0x1b9/0x820 [ 32.702235] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.707605] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.712544] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.717399] ? trace_hardirqs_on_caller+0x310/0x310 [ 32.722426] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 32.727478] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.732505] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.737361] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.742550] RIP: 0033:0x43ef08 [ 32.745841] Code: 00 00 44 0f be 4f 01 b9 ab aa aa 2a 41 89 d3 53 41 83 e9 01 44 89 c8 f7 e9 44 89 c8 c1 f8 1f d1 fa 29 c2 8d 04 52 c1 e0 02 41 <29> c1 49 63 c1 4c 8d 0d 8c 89 21 00 49 8b 04 c1 0f b6 00 88 06 44 [ 32.764748] RSP: 002b:00007ffff3a9bac8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.772480] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 32.779761] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.787031] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.794391] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 32.801660] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 32.808940] [ 32.810564] Allocated by task 5329: [ 32.814199] save_stack+0x43/0xd0 [ 32.817653] kasan_kmalloc+0xc7/0xe0 [ 32.821364] kasan_slab_alloc+0x12/0x20 [ 32.825338] kmem_cache_alloc+0x12e/0x730 [ 32.829485] vmx_create_vcpu+0xcf/0x25e0 [ 32.833542] kvm_arch_vcpu_create+0xe5/0x220 [ 32.837945] kvm_vm_ioctl+0x470/0x1d40 [ 32.841832] do_vfs_ioctl+0x1de/0x1720 [ 32.845721] ksys_ioctl+0xa9/0xd0 [ 32.849172] __x64_sys_ioctl+0x73/0xb0 [ 32.853061] do_syscall_64+0x1b9/0x820 [ 32.856957] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.862143] [ 32.863771] Freed by task 5329: [ 32.867052] save_stack+0x43/0xd0 [ 32.870520] __kasan_slab_free+0x102/0x150 [ 32.874754] kasan_slab_free+0xe/0x10 [ 32.878555] kmem_cache_free+0x83/0x290 [ 32.882530] vmx_free_vcpu+0x26b/0x300 [ 32.886418] kvm_arch_destroy_vm+0x365/0x7c0 [ 32.890871] kvm_put_kvm+0x6c8/0xff0 [ 32.894583] kvm_vm_release+0x42/0x50 [ 32.898386] __fput+0x385/0xa30 [ 32.901664] ____fput+0x15/0x20 [ 32.904945] task_work_run+0x1e8/0x2a0 [ 32.908831] do_exit+0x1ad7/0x2610 [ 32.912374] do_group_exit+0x177/0x440 [ 32.916265] __x64_sys_exit_group+0x3e/0x50 [ 32.920588] do_syscall_64+0x1b9/0x820 [ 32.924491] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.929672] [ 32.931299] The buggy address belongs to the object at ffff8801c5f10040 [ 32.931299] which belongs to the cache kvm_vcpu of size 23872 [ 32.943882] The buggy address is located 24 bytes inside of [ 32.943882] 23872-byte region [ffff8801c5f10040, ffff8801c5f15d80) [ 32.955841] The buggy address belongs to the page: [ 32.960787] page:ffffea000717c400 count:1 mapcount:0 mapping:ffff8801d5aa46c0 index:0x0 compound_mapcount: 0 [ 32.970763] flags: 0x2fffc0000008100(slab|head) [ 32.975441] raw: 02fffc0000008100 ffff8801d5aa5348 ffff8801d5aa5348 ffff8801d5aa46c0 [ 32.983333] raw: 0000000000000000 ffff8801c5f10040 0000000100000001 0000000000000000 [ 32.991205] page dumped because: kasan: bad access detected [ 32.996921] [ 32.998541] Memory state around the buggy address: [ 33.003469] ffff8801c5f0ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.010918] ffff8801c5f0ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.018281] >ffff8801c5f10000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 33.025637] ^ [ 33.031878] ffff8801c5f10080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.039249] ffff8801c5f10100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.046603] ================================================================== [ 33.053971] Kernel panic - not syncing: panic_on_warn set ... [ 33.053971] [ 33.061351] CPU: 1 PID: 5329 Comm: syz-executor527 Tainted: G B 4.19.0-rc4+ #247 [ 33.070187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.079549] Call Trace: [ 33.082150] dump_stack+0x1c4/0x2b4 [ 33.085789] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.090986] ? lock_downgrade+0x900/0x900 [ 33.095234] panic+0x238/0x4e7 [ 33.098430] ? add_taint.cold.5+0x16/0x16 [ 33.102585] ? print_shadow_for_address+0xb6/0x116 [ 33.107520] ? trace_hardirqs_off+0xaf/0x310 [ 33.111938] kasan_end_report+0x47/0x4f [ 33.115919] kasan_report.cold.9+0x76/0x309 [ 33.120249] ? __schedule+0xfc3/0x1ed0 [ 33.124144] __asan_report_load8_noabort+0x14/0x20 [ 33.129090] __schedule+0xfc3/0x1ed0 [ 33.132818] ? __sched_text_start+0x8/0x8 [ 33.137062] ? __lock_is_held+0xb5/0x140 [ 33.141135] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.146251] ? find_held_lock+0x36/0x1c0 [ 33.150473] ? __call_srcu+0x7f9/0x1070 [ 33.154453] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.159563] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.164674] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.169265] ? preempt_schedule+0x4d/0x60 [ 33.173424] preempt_schedule_common+0x1f/0xd0 [ 33.178019] preempt_schedule+0x4d/0x60 [ 33.182000] ___preempt_schedule+0x16/0x18 [ 33.186245] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 33.191179] __call_srcu+0x7f9/0x1070 [ 33.194988] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 33.200113] ? srcu_offline_cpu+0x120/0x120 [ 33.204443] ? debug_object_free+0x690/0x690 [ 33.208861] ? mark_held_locks+0x130/0x130 [ 33.213111] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 33.217703] ? lock_release+0x970/0x970 [ 33.221688] ? arch_local_save_flags+0x40/0x40 [ 33.226275] ? depot_save_stack+0x292/0x470 [ 33.230606] ? __lockdep_init_map+0x105/0x590 [ 33.235122] ? __init_waitqueue_head+0x9e/0x150 [ 33.239795] ? init_wait_entry+0x1c0/0x1c0 [ 33.244041] __synchronize_srcu+0x17b/0x230 [ 33.248367] ? call_srcu+0x10/0x10 [ 33.251906] ? rcu_unexpedite_gp+0x20/0x20 [ 33.256148] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.261778] ? check_preemption_disabled+0x48/0x200 [ 33.266805] synchronize_srcu+0x356/0x5ab [ 33.270962] ? lock_downgrade+0x900/0x900 [ 33.275127] ? synchronize_srcu_expedited+0x20/0x20 [ 33.280155] ? kasan_check_read+0x11/0x20 [ 33.284309] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.288897] ? kasan_check_write+0x14/0x20 [ 33.293136] ? do_raw_spin_lock+0xc1/0x200 [ 33.297386] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.303112] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.308574] ? kvfree+0x61/0x70 [ 33.311857] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.316884] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.320949] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.325362] ? kvm_arch_sync_events+0x30/0x30 [ 33.329861] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.335403] ? mmu_notifier_unregister+0x474/0x600 [ 33.340334] ? kfree+0x107/0x230 [ 33.343717] ? __mmu_notifier_register+0x30/0x30 [ 33.348476] ? __free_pages+0x10a/0x190 [ 33.352449] ? free_unref_page+0x960/0x960 [ 33.356698] kvm_put_kvm+0x6c8/0xff0 [ 33.360427] ? kvm_write_guest_cached+0x40/0x40 [ 33.365149] ? kvm_irqfd_release+0xd1/0x120 [ 33.369501] ? _raw_spin_unlock_irq+0x27/0x80 [ 33.374000] ? _raw_spin_unlock_irq+0x27/0x80 [ 33.378600] ? kasan_check_write+0x14/0x20 [ 33.382850] ? do_raw_spin_lock+0xc1/0x200 [ 33.387099] ? kvm_irqfd_release+0xdd/0x120 [ 33.391427] ? kvm_irqfd_release+0xdd/0x120 [ 33.395754] ? kvm_put_kvm+0xff0/0xff0 [ 33.399648] kvm_vm_release+0x42/0x50 [ 33.403449] __fput+0x385/0xa30 [ 33.406742] ? get_max_files+0x20/0x20 [ 33.410635] ? trace_hardirqs_on+0xbd/0x310 [ 33.414963] ? ___might_sleep+0x1ed/0x300 [ 33.419117] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 33.424573] ? arch_local_save_flags+0x40/0x40 [ 33.429161] ? kasan_check_write+0x14/0x20 [ 33.433398] ? do_raw_spin_lock+0xc1/0x200 [ 33.437641] ____fput+0x15/0x20 [ 33.440926] task_work_run+0x1e8/0x2a0 [ 33.444817] ? task_work_cancel+0x240/0x240 [ 33.449145] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.454691] ? switch_task_namespaces+0x9d/0xd0 [ 33.459386] do_exit+0x1ad7/0x2610 [ 33.462938] ? mm_update_next_owner+0x990/0x990 [ 33.467621] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 33.471861] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.476883] ? kfree+0x1fa/0x230 [ 33.480253] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 33.484492] ? kvm_vcpu_block+0x1030/0x1030 [ 33.488822] ? is_bpf_text_address+0xd3/0x170 [ 33.493343] ? kernel_text_address+0x79/0xf0 [ 33.497759] ? __kernel_text_address+0xd/0x40 [ 33.502262] ? unwind_get_return_address+0x61/0xa0 [ 33.507197] ? __save_stack_trace+0x8d/0xf0 [ 33.511533] ? save_stack+0xa9/0xd0 [ 33.515158] ? save_stack+0x43/0xd0 [ 33.518785] ? __kasan_slab_free+0x102/0x150 [ 33.523215] ? kasan_slab_free+0xe/0x10 [ 33.527195] ? putname+0xf2/0x130 [ 33.530651] ? __x64_sys_openat+0x9d/0x100 [ 33.534888] ? do_syscall_64+0x1b9/0x820 [ 33.539428] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.544800] ? trace_hardirqs_off+0xb8/0x310 [ 33.549216] ? kasan_check_read+0x11/0x20 [ 33.553372] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.557795] ? trace_hardirqs_on+0x310/0x310 [ 33.562209] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 33.567318] ? trace_hardirqs_off+0xb8/0x310 [ 33.571727] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.577269] ? check_preemption_disabled+0x48/0x200 [ 33.582285] ? check_preemption_disabled+0x48/0x200 [ 33.587309] ? kvm_vcpu_block+0x1030/0x1030 [ 33.591649] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.597209] ? do_vfs_ioctl+0x201/0x1720 [ 33.601276] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 33.606561] ? ioctl_preallocate+0x300/0x300 [ 33.610977] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.616526] ? __fget_light+0x2e9/0x430 [ 33.620508] ? fget_raw+0x20/0x20 [ 33.623965] ? putname+0xf2/0x130 [ 33.627422] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.632447] ? kmem_cache_free+0x24f/0x290 [ 33.636688] ? putname+0xf7/0x130 [ 33.640151] do_group_exit+0x177/0x440 [ 33.644044] ? trace_hardirqs_on+0xbd/0x310 [ 33.648369] ? __ia32_sys_exit+0x50/0x50 [ 33.652432] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 33.657886] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.663430] ? ksys_ioctl+0x81/0xd0 [ 33.667100] __x64_sys_exit_group+0x3e/0x50 [ 33.671429] do_syscall_64+0x1b9/0x820 [ 33.675320] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.680698] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.685639] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.690485] ? trace_hardirqs_on_caller+0x310/0x310 [ 33.695523] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 33.701158] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.706190] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.711059] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.716260] RIP: 0033:0x43ef08 [ 33.719458] Code: 00 00 44 0f be 4f 01 b9 ab aa aa 2a 41 89 d3 53 41 83 e9 01 44 89 c8 f7 e9 44 89 c8 c1 f8 1f d1 fa 29 c2 8d 04 52 c1 e0 02 41 <29> c1 49 63 c1 4c 8d 0d 8c 89 21 00 49 8b 04 c1 0f b6 00 88 06 44 [ 33.738363] RSP: 002b:00007ffff3a9bac8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.746092] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 33.753372] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.760649] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.767931] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.775203] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.782486] [ 33.782493] ====================================================== [ 33.782499] WARNING: possible circular locking dependency detected [ 33.782503] 4.19.0-rc4+ #247 Not tainted [ 33.782509] ------------------------------------------------------ [ 33.782515] syz-executor527/5329 is trying to acquire lock: [ 33.782519] 00000000fb2d60c4 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70 [ 33.782536] [ 33.782540] but task is already holding lock: [ 33.782544] 0000000020c561a0 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 33.782560] [ 33.782566] which lock already depends on the new lock. [ 33.782568] [ 33.782571] [ 33.782577] the existing dependency chain (in reverse order) is: [ 33.782579] [ 33.782582] -> #3 (report_lock){....}: [ 33.782599] _raw_spin_lock_irqsave+0x99/0xd0 [ 33.782603] kasan_report+0x8b/0x110 [ 33.782608] __asan_report_load8_noabort+0x14/0x20 [ 33.782613] __schedule+0xfc3/0x1ed0 [ 33.782624] preempt_schedule_common+0x1f/0xd0 [ 33.782628] preempt_schedule+0x4d/0x60 [ 33.782633] ___preempt_schedule+0x16/0x18 [ 33.782638] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 33.782642] __call_srcu+0x7f9/0x1070 [ 33.782647] __synchronize_srcu+0x17b/0x230 [ 33.782652] synchronize_srcu+0x356/0x5ab [ 33.782657] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.782662] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.782666] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.782671] kvm_put_kvm+0x6c8/0xff0 [ 33.782675] kvm_vm_release+0x42/0x50 [ 33.782679] __fput+0x385/0xa30 [ 33.782683] ____fput+0x15/0x20 [ 33.782688] task_work_run+0x1e8/0x2a0 [ 33.782692] do_exit+0x1ad7/0x2610 [ 33.782696] do_group_exit+0x177/0x440 [ 33.782701] __x64_sys_exit_group+0x3e/0x50 [ 33.782706] do_syscall_64+0x1b9/0x820 [ 33.782711] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.782713] [ 33.782716] -> #2 (&rq->lock){-.-.}: [ 33.782732] _raw_spin_lock+0x2d/0x40 [ 33.782737] task_fork_fair+0xb0/0x6d0 [ 33.782741] sched_fork+0x443/0xba0 [ 33.782745] copy_process+0x2586/0x8780 [ 33.782750] _do_fork+0x1cb/0x11d0 [ 33.782754] kernel_thread+0x34/0x40 [ 33.782758] rest_init+0x22/0xe5 [ 33.782763] start_kernel+0x8f4/0x92f [ 33.782768] x86_64_start_reservations+0x29/0x2b [ 33.782772] x86_64_start_kernel+0x76/0x79 [ 33.782777] secondary_startup_64+0xa4/0xb0 [ 33.782780] [ 33.782782] -> #1 (&p->pi_lock){-.-.}: [ 33.782799] _raw_spin_lock_irqsave+0x99/0xd0 [ 33.782803] try_to_wake_up+0xd2/0x12f0 [ 33.782808] wake_up_process+0x10/0x20 [ 33.782812] __up.isra.1+0x1c0/0x2a0 [ 33.782816] up+0x13c/0x1c0 [ 33.782820] __up_console_sem+0xbe/0x1b0 [ 33.782825] console_unlock+0x814/0x1160 [ 33.782829] vprintk_emit+0x33d/0x930 [ 33.782834] vprintk_default+0x28/0x30 [ 33.782838] vprintk_func+0x7e/0x181 [ 33.782842] printk+0xa7/0xcf [ 33.782846] load_umh+0x51/0xbd [ 33.782850] do_one_initcall+0x145/0x957 [ 33.782855] kernel_init_freeable+0x4bb/0x5ae [ 33.782859] kernel_init+0x11/0x1b2 [ 33.782864] ret_from_fork+0x3a/0x50 [ 33.782866] [ 33.782869] -> #0 ((console_sem).lock){-.-.}: [ 33.782885] lock_acquire+0x1ed/0x520 [ 33.782890] _raw_spin_lock_irqsave+0x99/0xd0 [ 33.782895] down_trylock+0x13/0x70 [ 33.782900] __down_trylock_console_sem+0xae/0x200 [ 33.782904] console_trylock+0x15/0xa0 [ 33.782908] vprintk_emit+0x322/0x930 [ 33.782913] vprintk_default+0x28/0x30 [ 33.782917] vprintk_func+0x7e/0x181 [ 33.782921] printk+0xa7/0xcf [ 33.782925] kasan_report+0x9b/0x110 [ 33.782930] __asan_report_load8_noabort+0x14/0x20 [ 33.782935] __schedule+0xfc3/0x1ed0 [ 33.782940] preempt_schedule_common+0x1f/0xd0 [ 33.782944] preempt_schedule+0x4d/0x60 [ 33.782949] ___preempt_schedule+0x16/0x18 [ 33.782954] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 33.782958] __call_srcu+0x7f9/0x1070 [ 33.782963] __synchronize_srcu+0x17b/0x230 [ 33.782968] synchronize_srcu+0x356/0x5ab [ 33.782973] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.782978] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.782982] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.782987] kvm_put_kvm+0x6c8/0xff0 [ 33.782991] kvm_vm_release+0x42/0x50 [ 33.782995] __fput+0x385/0xa30 [ 33.782999] ____fput+0x15/0x20 [ 33.783004] task_work_run+0x1e8/0x2a0 [ 33.783008] do_exit+0x1ad7/0x2610 [ 33.783012] do_group_exit+0x177/0x440 [ 33.783017] __x64_sys_exit_group+0x3e/0x50 [ 33.783021] do_syscall_64+0x1b9/0x820 [ 33.783027] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.783029] [ 33.783034] other info that might help us debug this: [ 33.783037] [ 33.783040] Chain exists of: [ 33.783043] (console_sem).lock --> &rq->lock --> report_lock [ 33.783064] [ 33.783068] Possible unsafe locking scenario: [ 33.783071] [ 33.783075] CPU0 CPU1 [ 33.783080] ---- ---- [ 33.783090] lock(report_lock); [ 33.783101] lock(&rq->lock); [ 33.783112] lock(report_lock); [ 33.783121] lock((console_sem).lock); [ 33.783130] [ 33.783134] *** DEADLOCK *** [ 33.783137] [ 33.783141] 2 locks held by syz-executor527/5329: [ 33.783144] #0: 000000008b21c4ac (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 33.783163] #1: 0000000020c561a0 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 33.783183] [ 33.783186] stack backtrace: [ 33.783193] CPU: 1 PID: 5329 Comm: syz-executor527 Not tainted 4.19.0-rc4+ #247 [ 33.783201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.783205] Call Trace: [ 33.783209] dump_stack+0x1c4/0x2b4 [ 33.783215] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.783219] ? vprintk_func+0x85/0x181 [ 33.783225] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 33.783229] ? save_trace+0xe0/0x290 [ 33.783234] __lock_acquire+0x33e4/0x4ec0 [ 33.783238] ? mark_held_locks+0x130/0x130 [ 33.783243] ? mark_held_locks+0x130/0x130 [ 33.783247] ? rcu_bh_qs+0xc0/0xc0 [ 33.783251] ? unwind_dump+0x190/0x190 [ 33.783256] ? is_bpf_text_address+0xd3/0x170 [ 33.783261] ? kernel_text_address+0x79/0xf0 [ 33.783266] ? __kernel_text_address+0xd/0x40 [ 33.783270] ? __save_stack_trace+0x8d/0xf0 [ 33.783275] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 33.783280] ? save_trace+0x290/0x290 [ 33.783284] ? save_stack_trace+0x1a/0x20 [ 33.783288] ? save_trace+0xe0/0x290 [ 33.783293] ? kasan_check_read+0x11/0x20 [ 33.783297] ? graph_lock+0x170/0x170 [ 33.783303] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.783307] lock_acquire+0x1ed/0x520 [ 33.783311] ? down_trylock+0x13/0x70 [ 33.783316] ? find_held_lock+0x36/0x1c0 [ 33.783320] ? lock_release+0x970/0x970 [ 33.783325] ? trace_hardirqs_off+0xb8/0x310 [ 33.783330] ? vprintk_emit+0x1d3/0x930 [ 33.783334] ? trace_hardirqs_on+0x310/0x310 [ 33.783339] ? trace_hardirqs_off+0xb8/0x310 [ 33.783343] ? log_store+0x344/0x4c0 [ 33.783348] ? vprintk_emit+0x322/0x930 [ 33.783353] _raw_spin_lock_irqsave+0x99/0xd0 [ 33.783357] ? down_trylock+0x13/0x70 [ 33.783361] down_trylock+0x13/0x70 [ 33.783366] __down_trylock_console_sem+0xae/0x200 [ 33.783371] console_trylock+0x15/0xa0 [ 33.783375] vprintk_emit+0x322/0x930 [ 33.783380] ? wake_up_klogd+0x180/0x180 [ 33.783385] ? run_rebalance_domains+0x500/0x500 [ 33.783389] ? wake_up_worker+0x117/0x190 [ 33.783394] ? find_held_lock+0x36/0x1c0 [ 33.783398] ? __queue_work+0x6be/0x1440 [ 33.783403] ? lock_acquire+0x1ed/0x520 [ 33.783407] vprintk_default+0x28/0x30 [ 33.783412] vprintk_func+0x7e/0x181 [ 33.783415] printk+0xa7/0xcf [ 33.783420] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.783425] ? kasan_check_write+0x14/0x20 [ 33.783430] ? do_raw_spin_lock+0xc1/0x200 [ 33.783434] ? do_raw_spin_lock+0xc1/0x200 [ 33.783438] kasan_report+0x9b/0x110 [ 33.783443] ? __schedule+0xfc3/0x1ed0 [ 33.783448] __asan_report_load8_noabort+0x14/0x20 [ 33.783452] __schedule+0xfc3/0x1ed0 [ 33.783457] ? __sched_text_start+0x8/0x8 [ 33.783461] ? __lock_is_held+0xb5/0x140 [ 33.783466] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.783471] ? find_held_lock+0x36/0x1c0 [ 33.783475] ? __call_srcu+0x7f9/0x1070 [ 33.783480] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.783486] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.783490] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.783495] ? preempt_schedule+0x4d/0x60 [ 33.783500] preempt_schedule_common+0x1f/0xd0 [ 33.783504] preempt_schedule+0x4d/0x60 [ 33.783509] ___preempt_schedule+0x16/0x18 [ 33.783514] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 33.783518] __call_srcu+0x7f9/0x1070 [ 33.783523] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 33.783528] ? srcu_offline_cpu+0x120/0x120 [ 33.783533] ? debug_object_free+0x690/0x690 [ 33.783538] ? mark_held_locks+0x130/0x130 [ 33.783542] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 33.783547] ? lock_release+0x970/0x970 [ 33.783552] ? arch_local_save_flags+0x40/0x40 [ 33.783556] ? depot_save_stack+0x292/0x470 [ 33.783561] ? __lockdep_init_map+0x105/0x590 [ 33.783566] ? __init_waitqueue_head+0x9e/0x150 [ 33.783571] ? init_wait_entry+0x1c0/0x1c0 [ 33.783575] __synchronize_srcu+0x17b/0x230 [ 33.783580] ? call_srcu+0x10/0x10 [ 33.783585] ? rcu_unexpedite_gp+0x20/0x20 [ 33.783590] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.783595] ? check_preemption_disabled+0x48/0x200 [ 33.783600] synchronize_srcu+0x356/0x5ab [ 33.783605] ? lock_downgrade+0x900/0x900 [ 33.783610] ? synchronize_srcu_expedited+0x20/0x20 [ 33.783614] ? kasan_check_read+0x11/0x20 [ 33.783625] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.783629] ? kasan_check_write+0x14/0x20 [ 33.783634] ? do_raw_spin_lock+0xc1/0x200 [ 33.783640] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.783645] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.783649] ? kvfree+0x61/0x70 [ 33.783654] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.783658] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.783663] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.783668] ? kvm_arch_sync_events+0x30/0x30 [ 33.783673] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.783678] ? mmu_notifier_unregister+0x474/0x600 [ 33.783682] ? kfree+0x107/0x230 [ 33.783687] ? __mmu_notifier_register+0x30/0x30 [ 33.783692] ? __free_pages+0x10a/0x190 [ 33.783697] ? free_unref_page+0x960/0x960 [ 33.783701] kvm_put_kvm+0x6c8/0xff0 [ 33.783706] ? kvm_write_guest_cached+0x40/0x40 [ 33.783710] ? kvm_irqfd_release+0xd1/0x120 [ 33.783715] ? _raw_spin_unlock_irq+0x27/0x80 [ 33.783720] ? _raw_spin_unlock_irq+0x27/0x80 [ 33.783724] ? kasan_check_write+0x14/0x20 [ 33.783729] ? do_raw_spin_lock+0xc1/0x200 [ 33.783733] ? kvm_irqfd_release+0x [ 33.783742] Lost 82 message(s)! [ 34.911451] Shutting down cpus with NMI [ 35.969598] Kernel Offset: disabled [ 35.973235] Rebooting in 86400 seconds..