[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 26.727921] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 38.961001] random: sshd: uninitialized urandom read (32 bytes read) [ 39.360465] random: sshd: uninitialized urandom read (32 bytes read) [ 39.797402] random: sshd: uninitialized urandom read (32 bytes read) [ 39.989954] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts. [ 45.545147] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 45.667916] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 45.690812] ================================================================== [ 45.699569] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 45.705776] Read of size 8 at addr ffff8801c64e0058 by task syz-executor690/5344 [ 45.713287] [ 45.714898] CPU: 1 PID: 5344 Comm: syz-executor690 Not tainted 4.19.0-rc3+ #9 [ 45.722145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.731475] Call Trace: [ 45.734043] dump_stack+0x1c4/0x2b4 [ 45.737657] ? dump_stack_print_info.cold.2+0x52/0x52 [ 45.742830] ? printk+0xa7/0xcf [ 45.746089] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 45.750829] print_address_description.cold.8+0x9/0x1ff [ 45.756171] kasan_report.cold.9+0x242/0x309 [ 45.760557] ? __schedule+0xfc3/0x1ed0 [ 45.764434] __asan_report_load8_noabort+0x14/0x20 [ 45.769349] __schedule+0xfc3/0x1ed0 [ 45.773046] ? __sched_text_start+0x8/0x8 [ 45.777176] ? __lock_is_held+0xb5/0x140 [ 45.781217] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 45.786299] ? find_held_lock+0x36/0x1c0 [ 45.790345] ? __call_srcu+0x7f9/0x1070 [ 45.794302] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 45.799387] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 45.804470] ? lockdep_hardirqs_on+0x421/0x5c0 [ 45.809033] ? preempt_schedule+0x4d/0x60 [ 45.813160] preempt_schedule_common+0x1f/0xd0 [ 45.817722] preempt_schedule+0x4d/0x60 [ 45.821677] ___preempt_schedule+0x16/0x18 [ 45.825896] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 45.830824] __call_srcu+0x7f9/0x1070 [ 45.834605] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 45.839815] ? srcu_offline_cpu+0x120/0x120 [ 45.844120] ? debug_object_free+0x690/0x690 [ 45.848511] ? mark_held_locks+0x130/0x130 [ 45.852723] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 45.857286] ? lock_release+0x970/0x970 [ 45.861238] ? arch_local_save_flags+0x40/0x40 [ 45.865804] ? depot_save_stack+0x292/0x470 [ 45.870210] ? __lockdep_init_map+0x105/0x590 [ 45.874696] ? __init_waitqueue_head+0x9e/0x150 [ 45.879452] ? init_wait_entry+0x1c0/0x1c0 [ 45.883670] __synchronize_srcu+0x17b/0x230 [ 45.887972] ? call_srcu+0x10/0x10 [ 45.891603] ? rcu_unexpedite_gp+0x20/0x20 [ 45.895824] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 45.901344] ? check_preemption_disabled+0x48/0x200 [ 45.906345] synchronize_srcu+0x356/0x5ab [ 45.910472] ? lock_downgrade+0x900/0x900 [ 45.914599] ? synchronize_srcu_expedited+0x20/0x20 [ 45.919597] ? kasan_check_read+0x11/0x20 [ 45.923723] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 45.928385] ? kasan_check_write+0x14/0x20 [ 45.932603] ? do_raw_spin_lock+0xc1/0x200 [ 45.936825] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.942518] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 45.947949] ? kvfree+0x61/0x70 [ 45.951207] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.956207] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.960249] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.964760] ? kvm_arch_sync_events+0x30/0x30 [ 45.969240] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.974756] ? mmu_notifier_unregister+0x474/0x600 [ 45.979670] ? kfree+0x107/0x230 [ 45.983020] ? __mmu_notifier_register+0x30/0x30 [ 45.987756] ? __free_pages+0x10a/0x190 [ 45.991887] ? free_unref_page+0x960/0x960 [ 45.996110] kvm_put_kvm+0x6c8/0xff0 [ 45.999812] ? kvm_write_guest_cached+0x40/0x40 [ 46.004463] ? kvm_irqfd_release+0xd1/0x120 [ 46.008775] ? _raw_spin_unlock_irq+0x27/0x80 [ 46.013259] ? _raw_spin_unlock_irq+0x27/0x80 [ 46.017742] ? kasan_check_write+0x14/0x20 [ 46.021962] ? do_raw_spin_lock+0xc1/0x200 [ 46.026182] ? kvm_irqfd_release+0xdd/0x120 [ 46.030481] ? kvm_irqfd_release+0xdd/0x120 [ 46.034784] ? kvm_put_kvm+0xff0/0xff0 [ 46.038657] kvm_vm_release+0x42/0x50 [ 46.042437] __fput+0x385/0xa30 [ 46.045695] ? get_max_files+0x20/0x20 [ 46.049610] ? trace_hardirqs_on+0xbd/0x310 [ 46.053920] ? ___might_sleep+0x1ed/0x300 [ 46.058047] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 46.063484] ? arch_local_save_flags+0x40/0x40 [ 46.068057] ? kasan_check_write+0x14/0x20 [ 46.072275] ? do_raw_spin_lock+0xc1/0x200 [ 46.076489] ____fput+0x15/0x20 [ 46.079749] task_work_run+0x1e8/0x2a0 [ 46.083616] ? task_work_cancel+0x240/0x240 [ 46.087919] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.093565] ? switch_task_namespaces+0x9d/0xd0 [ 46.098224] do_exit+0x1ad7/0x2610 [ 46.101746] ? mm_update_next_owner+0x990/0x990 [ 46.106398] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 46.110619] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.115617] ? kfree+0x1fa/0x230 [ 46.118967] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 46.123181] ? kvm_vcpu_block+0x1030/0x1030 [ 46.127485] ? is_bpf_text_address+0xd3/0x170 [ 46.131960] ? kernel_text_address+0x79/0xf0 [ 46.136348] ? __kernel_text_address+0xd/0x40 [ 46.140908] ? unwind_get_return_address+0x61/0xa0 [ 46.145829] ? __save_stack_trace+0x8d/0xf0 [ 46.150132] ? save_stack+0xa9/0xd0 [ 46.153736] ? save_stack+0x43/0xd0 [ 46.157337] ? __kasan_slab_free+0x102/0x150 [ 46.161721] ? kasan_slab_free+0xe/0x10 [ 46.165684] ? putname+0xf2/0x130 [ 46.169115] ? __x64_sys_openat+0x9d/0x100 [ 46.173340] ? do_syscall_64+0x1b9/0x820 [ 46.177498] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.182847] ? trace_hardirqs_off+0xb8/0x310 [ 46.187235] ? kasan_check_read+0x11/0x20 [ 46.191966] ? do_raw_spin_unlock+0xa7/0x2f0 [ 46.196361] ? trace_hardirqs_on+0x310/0x310 [ 46.200751] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 46.205834] ? trace_hardirqs_off+0xb8/0x310 [ 46.210224] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.215748] ? check_preemption_disabled+0x48/0x200 [ 46.220748] ? check_preemption_disabled+0x48/0x200 [ 46.225748] ? kvm_vcpu_block+0x1030/0x1030 [ 46.230062] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.235578] ? do_vfs_ioctl+0x201/0x1720 [ 46.239618] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 46.244877] ? ioctl_preallocate+0x300/0x300 [ 46.249264] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.254777] ? __fget_light+0x2e9/0x430 [ 46.258737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.264255] ? smack_file_ioctl+0x210/0x3c0 [ 46.268678] ? fget_raw+0x20/0x20 [ 46.272115] ? smack_file_lock+0x2e0/0x2e0 [ 46.276334] do_group_exit+0x177/0x440 [ 46.280254] ? trace_hardirqs_on+0xbd/0x310 [ 46.284578] ? __ia32_sys_exit+0x50/0x50 [ 46.288642] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 46.294075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.299593] ? ksys_ioctl+0x81/0xd0 [ 46.303209] __x64_sys_exit_group+0x3e/0x50 [ 46.307513] do_syscall_64+0x1b9/0x820 [ 46.311387] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 46.316734] ? syscall_return_slowpath+0x5e0/0x5e0 [ 46.321642] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.326467] ? trace_hardirqs_on_caller+0x310/0x310 [ 46.331533] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 46.336535] ? prepare_exit_to_usermode+0x291/0x3b0 [ 46.341532] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.346358] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.351597] RIP: 0033:0x43ecc8 [ 46.354781] Code: Bad RIP value. [ 46.358130] RSP: 002b:00007ffd43423738 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 46.365822] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 46.373073] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 46.380322] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 46.387567] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 46.394818] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 46.402072] [ 46.403678] Allocated by task 5344: [ 46.407286] save_stack+0x43/0xd0 [ 46.410825] kasan_kmalloc+0xc7/0xe0 [ 46.414521] kasan_slab_alloc+0x12/0x20 [ 46.418477] kmem_cache_alloc+0x12e/0x730 [ 46.422604] vmx_create_vcpu+0xcf/0x25e0 [ 46.426653] kvm_arch_vcpu_create+0xe5/0x220 [ 46.431041] kvm_vm_ioctl+0x470/0x1d40 [ 46.434923] do_vfs_ioctl+0x1de/0x1720 [ 46.438789] ksys_ioctl+0xa9/0xd0 [ 46.442300] __x64_sys_ioctl+0x73/0xb0 [ 46.446178] do_syscall_64+0x1b9/0x820 [ 46.450054] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.455222] [ 46.456836] Freed by task 5344: [ 46.460164] save_stack+0x43/0xd0 [ 46.463613] __kasan_slab_free+0x102/0x150 [ 46.467829] kasan_slab_free+0xe/0x10 [ 46.471608] kmem_cache_free+0x83/0x290 [ 46.475572] vmx_free_vcpu+0x26b/0x300 [ 46.479658] kvm_arch_destroy_vm+0x365/0x7c0 [ 46.484048] kvm_put_kvm+0x6c8/0xff0 [ 46.487741] kvm_vm_release+0x42/0x50 [ 46.491517] __fput+0x385/0xa30 [ 46.494771] ____fput+0x15/0x20 [ 46.498089] task_work_run+0x1e8/0x2a0 [ 46.501980] do_exit+0x1ad7/0x2610 [ 46.505517] do_group_exit+0x177/0x440 [ 46.509401] __x64_sys_exit_group+0x3e/0x50 [ 46.513727] do_syscall_64+0x1b9/0x820 [ 46.517612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.522787] [ 46.524420] The buggy address belongs to the object at ffff8801c64e0040 [ 46.524420] which belongs to the cache kvm_vcpu of size 23872 [ 46.537476] The buggy address is located 24 bytes inside of [ 46.537476] 23872-byte region [ffff8801c64e0040, ffff8801c64e5d80) [ 46.549527] The buggy address belongs to the page: [ 46.554440] page:ffffea0007193800 count:1 mapcount:0 mapping:ffff8801d7964540 index:0x0 compound_mapcount: 0 [ 46.565786] flags: 0x2fffc0000008100(slab|head) [ 46.570447] raw: 02fffc0000008100 ffff8801d4e84c48 ffff8801d4e84c48 ffff8801d7964540 [ 46.578315] raw: 0000000000000000 ffff8801c64e0040 0000000100000001 0000000000000000 [ 46.586171] page dumped because: kasan: bad access detected [ 46.591867] [ 46.593492] Memory state around the buggy address: [ 46.598414] ffff8801c64dff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.605769] ffff8801c64dff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.613129] >ffff8801c64e0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 46.620491] ^ [ 46.626725] ffff8801c64e0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.634087] ffff8801c64e0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.641436] ================================================================== [ 46.648787] Kernel panic - not syncing: panic_on_warn set ... [ 46.648787] [ 46.656173] CPU: 1 PID: 5344 Comm: syz-executor690 Tainted: G B 4.19.0-rc3+ #9 [ 46.664829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.674172] Call Trace: [ 46.676763] dump_stack+0x1c4/0x2b4 [ 46.680396] ? dump_stack_print_info.cold.2+0x52/0x52 [ 46.685593] ? lock_downgrade+0x900/0x900 [ 46.689757] panic+0x238/0x4e7 [ 46.692949] ? add_taint.cold.5+0x16/0x16 [ 46.697099] ? print_shadow_for_address+0xb6/0x116 [ 46.702028] ? trace_hardirqs_off+0xaf/0x310 [ 46.706438] kasan_end_report+0x47/0x4f [ 46.710411] kasan_report.cold.9+0x76/0x309 [ 46.714730] ? __schedule+0xfc3/0x1ed0 [ 46.718616] __asan_report_load8_noabort+0x14/0x20 [ 46.723543] __schedule+0xfc3/0x1ed0 [ 46.727261] ? __sched_text_start+0x8/0x8 [ 46.731409] ? __lock_is_held+0xb5/0x140 [ 46.735469] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 46.740580] ? find_held_lock+0x36/0x1c0 [ 46.744644] ? __call_srcu+0x7f9/0x1070 [ 46.748619] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 46.753721] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 46.758827] ? lockdep_hardirqs_on+0x421/0x5c0 [ 46.763411] ? preempt_schedule+0x4d/0x60 [ 46.767578] preempt_schedule_common+0x1f/0xd0 [ 46.772163] preempt_schedule+0x4d/0x60 [ 46.776137] ___preempt_schedule+0x16/0x18 [ 46.780390] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 46.785315] __call_srcu+0x7f9/0x1070 [ 46.789114] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 46.794219] ? srcu_offline_cpu+0x120/0x120 [ 46.798539] ? debug_object_free+0x690/0x690 [ 46.802948] ? mark_held_locks+0x130/0x130 [ 46.807184] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 46.811765] ? lock_release+0x970/0x970 [ 46.815745] ? arch_local_save_flags+0x40/0x40 [ 46.820324] ? depot_save_stack+0x292/0x470 [ 46.824653] ? __lockdep_init_map+0x105/0x590 [ 46.829153] ? __init_waitqueue_head+0x9e/0x150 [ 46.833824] ? init_wait_entry+0x1c0/0x1c0 [ 46.838066] __synchronize_srcu+0x17b/0x230 [ 46.842385] ? call_srcu+0x10/0x10 [ 46.845924] ? rcu_unexpedite_gp+0x20/0x20 [ 46.850161] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 46.855701] ? check_preemption_disabled+0x48/0x200 [ 46.860720] synchronize_srcu+0x356/0x5ab [ 46.864867] ? lock_downgrade+0x900/0x900 [ 46.869017] ? synchronize_srcu_expedited+0x20/0x20 [ 46.874040] ? kasan_check_read+0x11/0x20 [ 46.878189] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 46.882773] ? kasan_check_write+0x14/0x20 [ 46.887014] ? do_raw_spin_lock+0xc1/0x200 [ 46.891263] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.896972] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 46.902424] ? kvfree+0x61/0x70 [ 46.905704] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.910725] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.914809] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.919223] ? kvm_arch_sync_events+0x30/0x30 [ 46.923722] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.929268] ? mmu_notifier_unregister+0x474/0x600 [ 46.934198] ? kfree+0x107/0x230 [ 46.937565] ? __mmu_notifier_register+0x30/0x30 [ 46.942321] ? __free_pages+0x10a/0x190 [ 46.946297] ? free_unref_page+0x960/0x960 [ 46.950545] kvm_put_kvm+0x6c8/0xff0 [ 46.954263] ? kvm_write_guest_cached+0x40/0x40 [ 46.958934] ? kvm_irqfd_release+0xd1/0x120 [ 46.963256] ? _raw_spin_unlock_irq+0x27/0x80 [ 46.967754] ? _raw_spin_unlock_irq+0x27/0x80 [ 46.972278] ? kasan_check_write+0x14/0x20 [ 46.976528] ? do_raw_spin_lock+0xc1/0x200 [ 46.980764] ? kvm_irqfd_release+0xdd/0x120 [ 46.985102] ? kvm_irqfd_release+0xdd/0x120 [ 46.989425] ? kvm_put_kvm+0xff0/0xff0 [ 46.993312] kvm_vm_release+0x42/0x50 [ 46.997112] __fput+0x385/0xa30 [ 47.000390] ? get_max_files+0x20/0x20 [ 47.004274] ? trace_hardirqs_on+0xbd/0x310 [ 47.008606] ? ___might_sleep+0x1ed/0x300 [ 47.012750] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 47.018204] ? arch_local_save_flags+0x40/0x40 [ 47.022789] ? kasan_check_write+0x14/0x20 [ 47.027037] ? do_raw_spin_lock+0xc1/0x200 [ 47.031270] ____fput+0x15/0x20 [ 47.034547] task_work_run+0x1e8/0x2a0 [ 47.038436] ? task_work_cancel+0x240/0x240 [ 47.042769] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.048327] ? switch_task_namespaces+0x9d/0xd0 [ 47.052996] do_exit+0x1ad7/0x2610 [ 47.056546] ? mm_update_next_owner+0x990/0x990 [ 47.061222] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 47.065458] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.070482] ? kfree+0x1fa/0x230 [ 47.073861] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 47.078100] ? kvm_vcpu_block+0x1030/0x1030 [ 47.082442] ? is_bpf_text_address+0xd3/0x170 [ 47.086942] ? kernel_text_address+0x79/0xf0 [ 47.091356] ? __kernel_text_address+0xd/0x40 [ 47.095853] ? unwind_get_return_address+0x61/0xa0 [ 47.100785] ? __save_stack_trace+0x8d/0xf0 [ 47.105117] ? save_stack+0xa9/0xd0 [ 47.108740] ? save_stack+0x43/0xd0 [ 47.112385] ? __kasan_slab_free+0x102/0x150 [ 47.116788] ? kasan_slab_free+0xe/0x10 [ 47.120770] ? putname+0xf2/0x130 [ 47.124226] ? __x64_sys_openat+0x9d/0x100 [ 47.128461] ? do_syscall_64+0x1b9/0x820 [ 47.132526] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.137901] ? trace_hardirqs_off+0xb8/0x310 [ 47.142308] ? kasan_check_read+0x11/0x20 [ 47.146456] ? do_raw_spin_unlock+0xa7/0x2f0 [ 47.150867] ? trace_hardirqs_on+0x310/0x310 [ 47.155279] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 47.160380] ? trace_hardirqs_off+0xb8/0x310 [ 47.164790] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.170337] ? check_preemption_disabled+0x48/0x200 [ 47.175350] ? check_preemption_disabled+0x48/0x200 [ 47.180370] ? kvm_vcpu_block+0x1030/0x1030 [ 47.184690] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.190227] ? do_vfs_ioctl+0x201/0x1720 [ 47.194289] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 47.199569] ? ioctl_preallocate+0x300/0x300 [ 47.203980] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.209514] ? __fget_light+0x2e9/0x430 [ 47.213501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.219041] ? smack_file_ioctl+0x210/0x3c0 [ 47.223360] ? fget_raw+0x20/0x20 [ 47.226821] ? smack_file_lock+0x2e0/0x2e0 [ 47.231068] do_group_exit+0x177/0x440 [ 47.234959] ? trace_hardirqs_on+0xbd/0x310 [ 47.239281] ? __ia32_sys_exit+0x50/0x50 [ 47.243344] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 47.248792] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.254334] ? ksys_ioctl+0x81/0xd0 [ 47.257961] __x64_sys_exit_group+0x3e/0x50 [ 47.262281] do_syscall_64+0x1b9/0x820 [ 47.266167] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 47.271541] ? syscall_return_slowpath+0x5e0/0x5e0 [ 47.276469] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.281318] ? trace_hardirqs_on_caller+0x310/0x310 [ 47.286344] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 47.291359] ? prepare_exit_to_usermode+0x291/0x3b0 [ 47.296375] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.301219] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.306406] RIP: 0033:0x43ecc8 [ 47.309615] Code: Bad RIP value. [ 47.312977] RSP: 002b:00007ffd43423738 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 47.320685] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 47.327952] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 47.335218] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 47.342487] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 47.349760] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 47.357040] [ 47.357046] ====================================================== [ 47.357052] WARNING: possible circular locking dependency detected [ 47.357056] 4.19.0-rc3+ #9 Not tainted [ 47.357062] ------------------------------------------------------ [ 47.357067] syz-executor690/5344 is trying to acquire lock: [ 47.357071] 000000002dd6a2cb ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 47.357087] [ 47.357092] but task is already holding lock: [ 47.357095] 00000000f0189307 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 47.357111] [ 47.357116] which lock already depends on the new lock. [ 47.357118] [ 47.357121] [ 47.357127] the existing dependency chain (in reverse order) is: [ 47.357129] [ 47.357132] -> #3 (report_lock){....}: [ 47.357148] _raw_spin_lock_irqsave+0x99/0xd0 [ 47.357152] kasan_report+0x8b/0x110 [ 47.357157] __asan_report_load8_noabort+0x14/0x20 [ 47.357161] __schedule+0xfc3/0x1ed0 [ 47.357166] preempt_schedule_common+0x1f/0xd0 [ 47.357170] preempt_schedule+0x4d/0x60 [ 47.357175] ___preempt_schedule+0x16/0x18 [ 47.357180] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 47.357184] __call_srcu+0x7f9/0x1070 [ 47.357189] __synchronize_srcu+0x17b/0x230 [ 47.357193] synchronize_srcu+0x356/0x5ab [ 47.357199] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.357203] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.357208] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.357220] kvm_put_kvm+0x6c8/0xff0 [ 47.357224] kvm_vm_release+0x42/0x50 [ 47.357228] __fput+0x385/0xa30 [ 47.357232] ____fput+0x15/0x20 [ 47.357236] task_work_run+0x1e8/0x2a0 [ 47.357240] do_exit+0x1ad7/0x2610 [ 47.357245] do_group_exit+0x177/0x440 [ 47.357249] __x64_sys_exit_group+0x3e/0x50 [ 47.357254] do_syscall_64+0x1b9/0x820 [ 47.357259] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.357261] [ 47.357264] -> #2 (&rq->lock){-.-.}: [ 47.357279] _raw_spin_lock+0x2d/0x40 [ 47.357284] task_fork_fair+0xb0/0x6d0 [ 47.357288] sched_fork+0x443/0xba0 [ 47.357292] copy_process+0x2586/0x8780 [ 47.357296] _do_fork+0x1cb/0x11d0 [ 47.357301] kernel_thread+0x34/0x40 [ 47.357305] rest_init+0x22/0xe5 [ 47.357309] start_kernel+0x8f4/0x92f [ 47.357314] x86_64_start_reservations+0x29/0x2b [ 47.357318] x86_64_start_kernel+0x76/0x79 [ 47.357323] secondary_startup_64+0xa4/0xb0 [ 47.357325] [ 47.357328] -> #1 (&p->pi_lock){-.-.}: [ 47.357344] _raw_spin_lock_irqsave+0x99/0xd0 [ 47.357348] try_to_wake_up+0xd2/0x12f0 [ 47.357353] wake_up_process+0x10/0x20 [ 47.357357] __up.isra.1+0x1c0/0x2a0 [ 47.357360] up+0x13c/0x1c0 [ 47.357365] __up_console_sem+0xbe/0x1b0 [ 47.357369] console_unlock+0x524/0x11a0 [ 47.357374] vprintk_emit+0x33d/0x930 [ 47.357378] vprintk_default+0x28/0x30 [ 47.357382] vprintk_func+0x7e/0x181 [ 47.357386] printk+0xa7/0xcf [ 47.357390] load_umh+0x51/0xbd [ 47.357394] do_one_initcall+0x145/0x957 [ 47.357399] kernel_init_freeable+0x4bb/0x5ae [ 47.357403] kernel_init+0x11/0x1b2 [ 47.357407] ret_from_fork+0x3a/0x50 [ 47.357410] [ 47.357412] -> #0 ((console_sem).lock){-...}: [ 47.357428] lock_acquire+0x1ed/0x520 [ 47.357433] _raw_spin_lock_irqsave+0x99/0xd0 [ 47.357437] down_trylock+0x13/0x70 [ 47.357442] __down_trylock_console_sem+0xae/0x200 [ 47.357446] console_trylock+0x15/0xa0 [ 47.357451] vprintk_emit+0x322/0x930 [ 47.357455] vprintk_default+0x28/0x30 [ 47.357459] vprintk_func+0x7e/0x181 [ 47.357463] printk+0xa7/0xcf [ 47.357467] kasan_report+0x9b/0x110 [ 47.357472] __asan_report_load8_noabort+0x14/0x20 [ 47.357481] __schedule+0xfc3/0x1ed0 [ 47.357486] preempt_schedule_common+0x1f/0xd0 [ 47.357490] preempt_schedule+0x4d/0x60 [ 47.357495] ___preempt_schedule+0x16/0x18 [ 47.357500] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 47.357504] __call_srcu+0x7f9/0x1070 [ 47.357509] __synchronize_srcu+0x17b/0x230 [ 47.357513] synchronize_srcu+0x356/0x5ab [ 47.357519] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.357523] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.357528] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.357532] kvm_put_kvm+0x6c8/0xff0 [ 47.357536] kvm_vm_release+0x42/0x50 [ 47.357540] __fput+0x385/0xa30 [ 47.357544] ____fput+0x15/0x20 [ 47.357549] task_work_run+0x1e8/0x2a0 [ 47.357553] do_exit+0x1ad7/0x2610 [ 47.357557] do_group_exit+0x177/0x440 [ 47.357562] __x64_sys_exit_group+0x3e/0x50 [ 47.357566] do_syscall_64+0x1b9/0x820 [ 47.357571] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.357574] [ 47.357579] other info that might help us debug this: [ 47.357581] [ 47.357584] Chain exists of: [ 47.357587] (console_sem).lock --> &rq->lock --> report_lock [ 47.357607] [ 47.357612] Possible unsafe locking scenario: [ 47.357614] [ 47.357619] CPU0 CPU1 [ 47.357623] ---- ---- [ 47.357626] lock(report_lock); [ 47.357636] lock(&rq->lock); [ 47.357646] lock(report_lock); [ 47.357655] lock((console_sem).lock); [ 47.357664] [ 47.357668] *** DEADLOCK *** [ 47.357670] [ 47.357675] 2 locks held by syz-executor690/5344: [ 47.357677] #0: 000000008a43b963 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 47.357696] #1: 00000000f0189307 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 47.357714] [ 47.357718] stack backtrace: [ 47.357724] CPU: 1 PID: 5344 Comm: syz-executor690 Not tainted 4.19.0-rc3+ #9 [ 47.357732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.357736] Call Trace: [ 47.357740] dump_stack+0x1c4/0x2b4 [ 47.357745] ? dump_stack_print_info.cold.2+0x52/0x52 [ 47.357749] ? vprintk_func+0x85/0x181 [ 47.357754] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 47.357759] ? save_trace+0xe0/0x290 [ 47.357763] __lock_acquire+0x33e4/0x4ec0 [ 47.357767] ? mark_held_locks+0x130/0x130 [ 47.357772] ? mark_held_locks+0x130/0x130 [ 47.357776] ? rcu_bh_qs+0xc0/0xc0 [ 47.357780] ? unwind_dump+0x190/0x190 [ 47.357785] ? is_bpf_text_address+0xd3/0x170 [ 47.357789] ? kernel_text_address+0x79/0xf0 [ 47.357802] ? __kernel_text_address+0xd/0x40 [ 47.357807] ? __save_stack_trace+0x8d/0xf0 [ 47.357812] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 47.357817] ? save_trace+0x290/0x290 [ 47.357821] ? save_stack_trace+0x1a/0x20 [ 47.357825] ? save_trace+0xe0/0x290 [ 47.357830] ? kasan_check_read+0x11/0x20 [ 47.357834] ? graph_lock+0x170/0x170 [ 47.357839] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.357843] lock_acquire+0x1ed/0x520 [ 47.357848] ? down_trylock+0x13/0x70 [ 47.357852] ? find_held_lock+0x36/0x1c0 [ 47.357856] ? lock_release+0x970/0x970 [ 47.357861] ? trace_hardirqs_off+0xb8/0x310 [ 47.357866] ? vprintk_emit+0x1d3/0x930 [ 47.357870] ? trace_hardirqs_on+0x310/0x310 [ 47.357875] ? trace_hardirqs_off+0xb8/0x310 [ 47.357879] ? log_store+0x344/0x4c0 [ 47.357883] ? vprintk_emit+0x322/0x930 [ 47.357888] _raw_spin_lock_irqsave+0x99/0xd0 [ 47.357892] ? down_trylock+0x13/0x70 [ 47.357896] down_trylock+0x13/0x70 [ 47.357901] __down_trylock_console_sem+0xae/0x200 [ 47.357906] console_trylock+0x15/0xa0 [ 47.357910] vprintk_emit+0x322/0x930 [ 47.357914] ? wake_up_klogd+0x180/0x180 [ 47.357919] ? run_rebalance_domains+0x500/0x500 [ 47.357924] ? wake_up_worker+0x117/0x190 [ 47.357928] ? find_held_lock+0x36/0x1c0 [ 47.357932] ? __queue_work+0x6be/0x1440 [ 47.357937] ? lock_acquire+0x1ed/0x520 [ 47.357941] vprintk_default+0x28/0x30 [ 47.357945] vprintk_func+0x7e/0x181 [ 47.357949] printk+0xa7/0xcf [ 47.357954] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 47.357958] ? kasan_check_write+0x14/0x20 [ 47.357963] ? do_raw_spin_lock+0xc1/0x200 [ 47.357967] ? do_raw_spin_lock+0xc1/0x200 [ 47.357971] kasan_report+0x9b/0x110 [ 47.357975] ? __schedule+0xfc3/0x1ed0 [ 47.357981] __asan_report_load8_noabort+0x14/0x20 [ 47.357985] __schedule+0xfc3/0x1ed0 [ 47.357990] ? __sched_text_start+0x8/0x8 [ 47.357994] ? __lock_is_held+0xb5/0x140 [ 47.357999] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.358003] ? find_held_lock+0x36/0x1c0 [ 47.358008] ? __call_srcu+0x7f9/0x1070 [ 47.358013] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.358018] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.358023] ? lockdep_hardirqs_on+0x421/0x5c0 [ 47.358027] ? preempt_schedule+0x4d/0x60 [ 47.358032] preempt_schedule_common+0x1f/0xd0 [ 47.358036] preempt_schedule+0x4d/0x60 [ 47.358041] ___preempt_schedule+0x16/0x18 [ 47.358046] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 47.358050] __call_srcu+0x7f9/0x1070 [ 47.358055] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 47.358059] ? srcu_offline_cpu+0x120/0x120 [ 47.358064] ? debug_object_free+0x690/0x690 [ 47.358069] ? mark_held_locks+0x130/0x130 [ 47.358073] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 47.358078] ? lock_release+0x970/0x970 [ 47.358082] ? arch_local_save_flags+0x40/0x40 [ 47.358087] ? depot_save_stack+0x292/0x470 [ 47.358092] ? __lockdep_init_map+0x105/0x590 [ 47.358096] ? __init_waitqueue_head+0x9e/0x150 [ 47.358101] ? init_wait_entry+0x1c0/0x1c0 [ 47.358106] __synchronize_srcu+0x17b/0x230 [ 47.358110] ? call_srcu+0x10/0x10 [ 47.358114] ? rcu_unexpedite_gp+0x20/0x20 [ 47.358119] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.358125] ? check_preemption_disabled+0x48/0x200 [ 47.358129] synchronize_srcu+0x356/0x5ab [ 47.358133] ? lock_downgrade+0x900/0x900 [ 47.358138] ? synchronize_srcu_expedited+0x20/0x20 [ 47.358143] ? kasan_check_read+0x11/0x20 [ 47.358148] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 47.358152] ? kasan_check_write+0x14/0x20 [ 47.358157] ? do_raw_spin_lock+0xc1/0x200 [ 47.358162] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.358167] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 47.358171] ? kvfree+0x61/0x70 [ 47.358176] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.358181] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.358185] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.358190] ? kvm_arch_sync_events+0x30/0x30 [ 47.358195] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.358200] ? mmu_notifier_unregister+0x474/0x600 [ 47.358204] ? kfree+0x107/0x230 [ 47.358209] ? __mmu_notifier_register+0x30/0x30 [ 47.358213] ? __free_pages+0x10a/0x190 [ 47.358218] ? free_unref_page+0x960/0x960 [ 47.358222] kvm_put_kvm+0x6c8/0xff0 [ 47.358227] ? kvm_write_guest_cached+0x40/0x40 [ 47.358231] ? kvm_irqfd_release+0xd1/0x120 [ 47.358236] ? _raw_spin_unlock_irq+0x27/0x80 [ 47.358241] ? _raw_spin_unlock_irq+0x27/0x80 [ 47.358245] ? kasan_check_write+0x14/0x20 [ 47.358250] ? do_raw_spin_lock+0xc1/0x200 [ 47.358254] ? kvm_irqfd_release+0xdd/0 [ 47.358262] Lost 81 message(s)! [ 48.490162] Shutting down cpus with NMI [ 49.548137] Kernel Offset: disabled [ 49.551761] Rebooting in 86400 seconds..