[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.338978] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 25.200118] random: sshd: uninitialized urandom read (32 bytes read) [ 25.578713] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.168755] random: sshd: uninitialized urandom read (32 bytes read) [ 26.407346] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts. [ 31.988230] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 32.121019] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 32.146360] ================================================================== [ 32.156355] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 32.162587] Read of size 8 at addr ffff8801c7680058 by task syz-executor751/5324 [ 32.170110] [ 32.171766] CPU: 0 PID: 5324 Comm: syz-executor751 Not tainted 4.19.0-rc2+ #228 [ 32.179201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.188544] Call Trace: [ 32.191136] dump_stack+0x1c4/0x2b4 [ 32.194782] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.199970] ? printk+0xa7/0xcf [ 32.203250] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.208013] print_address_description.cold.8+0x9/0x1ff [ 32.213376] kasan_report.cold.9+0x242/0x309 [ 32.217783] ? __schedule+0xfc3/0x1ed0 [ 32.221669] __asan_report_load8_noabort+0x14/0x20 [ 32.226596] __schedule+0xfc3/0x1ed0 [ 32.230312] ? __sched_text_start+0x8/0x8 [ 32.234463] ? __lock_is_held+0xb5/0x140 [ 32.238521] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 32.243624] ? find_held_lock+0x36/0x1c0 [ 32.247691] ? __call_srcu+0x7f9/0x1070 [ 32.251667] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 32.256767] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 32.261874] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.266456] ? preempt_schedule+0x4d/0x60 [ 32.270606] preempt_schedule_common+0x1f/0xd0 [ 32.275188] preempt_schedule+0x4d/0x60 [ 32.279171] ___preempt_schedule+0x16/0x18 [ 32.283407] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 32.288340] __call_srcu+0x7f9/0x1070 [ 32.292146] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 32.297262] ? srcu_offline_cpu+0x120/0x120 [ 32.301587] ? debug_object_free+0x690/0x690 [ 32.306001] ? mark_held_locks+0x130/0x130 [ 32.310235] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 32.314818] ? lock_release+0x970/0x970 [ 32.318800] ? arch_local_save_flags+0x40/0x40 [ 32.323381] ? depot_save_stack+0x292/0x470 [ 32.327712] ? __lockdep_init_map+0x105/0x590 [ 32.332208] ? __init_waitqueue_head+0x9e/0x150 [ 32.336877] ? init_wait_entry+0x1c0/0x1c0 [ 32.341122] __synchronize_srcu+0x17b/0x230 [ 32.345444] ? call_srcu+0x10/0x10 [ 32.348980] ? rcu_unexpedite_gp+0x20/0x20 [ 32.353219] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 32.358766] ? check_preemption_disabled+0x48/0x200 [ 32.363792] synchronize_srcu+0x356/0x5ab [ 32.367945] ? lock_downgrade+0x900/0x900 [ 32.372091] ? synchronize_srcu_expedited+0x20/0x20 [ 32.377124] ? kasan_check_read+0x11/0x20 [ 32.381275] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.385867] ? kasan_check_write+0x14/0x20 [ 32.390113] ? do_raw_spin_lock+0xc1/0x200 [ 32.394356] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.400069] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.405528] ? kvfree+0x61/0x70 [ 32.408809] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.413835] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.417906] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.422318] ? kvm_arch_sync_events+0x30/0x30 [ 32.426816] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.432364] ? mmu_notifier_unregister+0x474/0x600 [ 32.437293] ? kfree+0x107/0x230 [ 32.440662] ? __mmu_notifier_register+0x30/0x30 [ 32.445420] ? __free_pages+0x10a/0x190 [ 32.449401] ? free_unref_page+0x960/0x960 [ 32.453663] kvm_put_kvm+0x6c8/0xff0 [ 32.457398] ? kvm_write_guest_cached+0x40/0x40 [ 32.462074] ? kvm_irqfd_release+0xd1/0x120 [ 32.466405] ? _raw_spin_unlock_irq+0x27/0x80 [ 32.470900] ? _raw_spin_unlock_irq+0x27/0x80 [ 32.475405] ? kasan_check_write+0x14/0x20 [ 32.479642] ? do_raw_spin_lock+0xc1/0x200 [ 32.483882] ? kvm_irqfd_release+0xdd/0x120 [ 32.488201] ? kvm_irqfd_release+0xdd/0x120 [ 32.492527] ? kvm_put_kvm+0xff0/0xff0 [ 32.496415] kvm_vm_release+0x42/0x50 [ 32.500214] __fput+0x385/0xa30 [ 32.503495] ? get_max_files+0x20/0x20 [ 32.507383] ? trace_hardirqs_on+0xbd/0x310 [ 32.511719] ? ___might_sleep+0x1ed/0x300 [ 32.515880] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 32.521334] ? arch_local_save_flags+0x40/0x40 [ 32.525916] ? kasan_check_write+0x14/0x20 [ 32.530152] ? do_raw_spin_lock+0xc1/0x200 [ 32.534385] ____fput+0x15/0x20 [ 32.537664] task_work_run+0x1e8/0x2a0 [ 32.541552] ? task_work_cancel+0x240/0x240 [ 32.545891] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.551433] ? switch_task_namespaces+0x9d/0xd0 [ 32.556136] do_exit+0x1ad7/0x2610 [ 32.559688] ? mm_update_next_owner+0x990/0x990 [ 32.564364] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 32.568598] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.573618] ? kfree+0x1fa/0x230 [ 32.576988] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 32.581226] ? kvm_vcpu_block+0x1030/0x1030 [ 32.585553] ? is_bpf_text_address+0xd3/0x170 [ 32.590050] ? kernel_text_address+0x79/0xf0 [ 32.594456] ? __kernel_text_address+0xd/0x40 [ 32.598955] ? unwind_get_return_address+0x61/0xa0 [ 32.603899] ? __save_stack_trace+0x8d/0xf0 [ 32.608229] ? save_stack+0xa9/0xd0 [ 32.611861] ? save_stack+0x43/0xd0 [ 32.615485] ? __kasan_slab_free+0x102/0x150 [ 32.619890] ? kasan_slab_free+0xe/0x10 [ 32.623873] ? putname+0xf2/0x130 [ 32.627328] ? __x64_sys_openat+0x9d/0x100 [ 32.631562] ? do_syscall_64+0x1b9/0x820 [ 32.635624] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.640996] ? trace_hardirqs_off+0xb8/0x310 [ 32.645407] ? kasan_check_read+0x11/0x20 [ 32.649561] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.654496] ? trace_hardirqs_on+0x310/0x310 [ 32.658926] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 32.664053] ? trace_hardirqs_off+0xb8/0x310 [ 32.668485] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.674045] ? check_preemption_disabled+0x48/0x200 [ 32.679079] ? check_preemption_disabled+0x48/0x200 [ 32.684127] ? kvm_vcpu_block+0x1030/0x1030 [ 32.688454] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.693992] ? do_vfs_ioctl+0x201/0x1720 [ 32.698055] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 32.703336] ? ioctl_preallocate+0x300/0x300 [ 32.707748] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.713289] ? __fget_light+0x2e9/0x430 [ 32.717263] ? fget_raw+0x20/0x20 [ 32.720715] ? putname+0xf2/0x130 [ 32.724200] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.729218] ? kmem_cache_free+0x24f/0x290 [ 32.733454] ? putname+0xf7/0x130 [ 32.736915] do_group_exit+0x177/0x440 [ 32.740811] ? trace_hardirqs_on+0xbd/0x310 [ 32.745161] ? __ia32_sys_exit+0x50/0x50 [ 32.749230] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 32.754681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.760219] ? ksys_ioctl+0x81/0xd0 [ 32.763858] __x64_sys_exit_group+0x3e/0x50 [ 32.768185] do_syscall_64+0x1b9/0x820 [ 32.772077] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.777450] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.782585] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.787425] ? trace_hardirqs_on_caller+0x310/0x310 [ 32.792440] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 32.798117] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.803138] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.807988] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.813179] RIP: 0033:0x43ecd8 [ 32.816375] Code: Bad RIP value. [ 32.819731] RSP: 002b:00007ffdf90a05c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.827439] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8 [ 32.834705] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.841971] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.849233] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 32.856498] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 32.863772] [ 32.865394] Allocated by task 5324: [ 32.869022] save_stack+0x43/0xd0 [ 32.872474] kasan_kmalloc+0xc7/0xe0 [ 32.876184] kasan_slab_alloc+0x12/0x20 [ 32.880155] kmem_cache_alloc+0x12e/0x730 [ 32.884304] vmx_create_vcpu+0xcf/0x25e0 [ 32.888361] kvm_arch_vcpu_create+0xe5/0x220 [ 32.892764] kvm_vm_ioctl+0x470/0x1d40 [ 32.896656] do_vfs_ioctl+0x1de/0x1720 [ 32.900540] ksys_ioctl+0xa9/0xd0 [ 32.903990] __x64_sys_ioctl+0x73/0xb0 [ 32.907879] do_syscall_64+0x1b9/0x820 [ 32.911767] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.916941] [ 32.918558] Freed by task 5324: [ 32.921833] save_stack+0x43/0xd0 [ 32.925295] __kasan_slab_free+0x102/0x150 [ 32.929524] kasan_slab_free+0xe/0x10 [ 32.933324] kmem_cache_free+0x83/0x290 [ 32.937295] vmx_free_vcpu+0x26b/0x300 [ 32.941180] kvm_arch_destroy_vm+0x365/0x7c0 [ 32.945587] kvm_put_kvm+0x6c8/0xff0 [ 32.949301] kvm_vm_release+0x42/0x50 [ 32.953096] __fput+0x385/0xa30 [ 32.956375] ____fput+0x15/0x20 [ 32.959652] task_work_run+0x1e8/0x2a0 [ 32.963537] do_exit+0x1ad7/0x2610 [ 32.967074] do_group_exit+0x177/0x440 [ 32.970964] __x64_sys_exit_group+0x3e/0x50 [ 32.975285] do_syscall_64+0x1b9/0x820 [ 32.979176] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.984369] [ 32.985995] The buggy address belongs to the object at ffff8801c7680040 [ 32.985995] which belongs to the cache kvm_vcpu of size 23872 [ 32.998563] The buggy address is located 24 bytes inside of [ 32.998563] 23872-byte region [ffff8801c7680040, ffff8801c7685d80) [ 33.010515] The buggy address belongs to the page: [ 33.015444] page:ffffea00071da000 count:1 mapcount:0 mapping:ffff8801d76594c0 index:0x0 compound_mapcount: 0 [ 33.025412] flags: 0x2fffc0000008100(slab|head) [ 33.030083] raw: 02fffc0000008100 ffff8801d527ea48 ffff8801d527ea48 ffff8801d76594c0 [ 33.037970] raw: 0000000000000000 ffff8801c7680040 0000000100000001 0000000000000000 [ 33.045846] page dumped because: kasan: bad access detected [ 33.051544] [ 33.053162] Memory state around the buggy address: [ 33.058087] ffff8801c767ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.065475] ffff8801c767ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.072832] >ffff8801c7680000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 33.080194] ^ [ 33.086420] ffff8801c7680080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.093772] ffff8801c7680100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.101151] ================================================================== [ 33.108500] Kernel panic - not syncing: panic_on_warn set ... [ 33.108500] [ 33.115873] CPU: 0 PID: 5324 Comm: syz-executor751 Tainted: G B 4.19.0-rc2+ #228 [ 33.124702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.134043] Call Trace: [ 33.136636] dump_stack+0x1c4/0x2b4 [ 33.140262] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.145453] ? lock_downgrade+0x900/0x900 [ 33.149605] panic+0x238/0x4e7 [ 33.152814] ? add_taint.cold.5+0x16/0x16 [ 33.156981] ? print_shadow_for_address+0xb6/0x116 [ 33.161909] ? trace_hardirqs_off+0xaf/0x310 [ 33.166319] kasan_end_report+0x47/0x4f [ 33.170294] kasan_report.cold.9+0x76/0x309 [ 33.174616] ? __schedule+0xfc3/0x1ed0 [ 33.178504] __asan_report_load8_noabort+0x14/0x20 [ 33.183433] __schedule+0xfc3/0x1ed0 [ 33.187151] ? __sched_text_start+0x8/0x8 [ 33.191303] ? __lock_is_held+0xb5/0x140 [ 33.195363] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.200466] ? find_held_lock+0x36/0x1c0 [ 33.204534] ? __call_srcu+0x7f9/0x1070 [ 33.208509] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.213611] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.218715] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.223296] ? preempt_schedule+0x4d/0x60 [ 33.227445] preempt_schedule_common+0x1f/0xd0 [ 33.232028] preempt_schedule+0x4d/0x60 [ 33.236002] ___preempt_schedule+0x16/0x18 [ 33.240239] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 33.245169] __call_srcu+0x7f9/0x1070 [ 33.248967] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 33.254075] ? srcu_offline_cpu+0x120/0x120 [ 33.258401] ? debug_object_free+0x690/0x690 [ 33.262832] ? mark_held_locks+0x130/0x130 [ 33.267093] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 33.271681] ? lock_release+0x970/0x970 [ 33.275697] ? arch_local_save_flags+0x40/0x40 [ 33.280298] ? depot_save_stack+0x292/0x470 [ 33.284624] ? __lockdep_init_map+0x105/0x590 [ 33.289128] ? __init_waitqueue_head+0x9e/0x150 [ 33.293794] ? init_wait_entry+0x1c0/0x1c0 [ 33.298036] __synchronize_srcu+0x17b/0x230 [ 33.302357] ? call_srcu+0x10/0x10 [ 33.305895] ? rcu_unexpedite_gp+0x20/0x20 [ 33.310136] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.315688] ? check_preemption_disabled+0x48/0x200 [ 33.320707] synchronize_srcu+0x356/0x5ab [ 33.324862] ? lock_downgrade+0x900/0x900 [ 33.329013] ? synchronize_srcu_expedited+0x20/0x20 [ 33.334033] ? kasan_check_read+0x11/0x20 [ 33.338182] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.342765] ? kasan_check_write+0x14/0x20 [ 33.346997] ? do_raw_spin_lock+0xc1/0x200 [ 33.351248] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.356960] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.362413] ? kvfree+0x61/0x70 [ 33.365693] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.370726] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.374787] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.379198] ? kvm_arch_sync_events+0x30/0x30 [ 33.383697] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.389231] ? mmu_notifier_unregister+0x474/0x600 [ 33.394157] ? kfree+0x107/0x230 [ 33.397523] ? __mmu_notifier_register+0x30/0x30 [ 33.402279] ? __free_pages+0x10a/0x190 [ 33.406276] ? free_unref_page+0x960/0x960 [ 33.410529] kvm_put_kvm+0x6c8/0xff0 [ 33.414250] ? kvm_write_guest_cached+0x40/0x40 [ 33.418921] ? kvm_irqfd_release+0xd1/0x120 [ 33.423245] ? _raw_spin_unlock_irq+0x27/0x80 [ 33.427740] ? _raw_spin_unlock_irq+0x27/0x80 [ 33.432242] ? kasan_check_write+0x14/0x20 [ 33.436477] ? do_raw_spin_lock+0xc1/0x200 [ 33.440715] ? kvm_irqfd_release+0xdd/0x120 [ 33.445034] ? kvm_irqfd_release+0xdd/0x120 [ 33.449358] ? kvm_put_kvm+0xff0/0xff0 [ 33.453248] kvm_vm_release+0x42/0x50 [ 33.457046] __fput+0x385/0xa30 [ 33.460324] ? get_max_files+0x20/0x20 [ 33.464210] ? trace_hardirqs_on+0xbd/0x310 [ 33.468533] ? ___might_sleep+0x1ed/0x300 [ 33.472720] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 33.478189] ? arch_local_save_flags+0x40/0x40 [ 33.482766] ? kasan_check_write+0x14/0x20 [ 33.487002] ? do_raw_spin_lock+0xc1/0x200 [ 33.491235] ____fput+0x15/0x20 [ 33.494554] task_work_run+0x1e8/0x2a0 [ 33.498469] ? task_work_cancel+0x240/0x240 [ 33.502790] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.508327] ? switch_task_namespaces+0x9d/0xd0 [ 33.512995] do_exit+0x1ad7/0x2610 [ 33.516536] ? mm_update_next_owner+0x990/0x990 [ 33.521210] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 33.525495] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.530515] ? kfree+0x1fa/0x230 [ 33.533886] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 33.538140] ? kvm_vcpu_block+0x1030/0x1030 [ 33.542571] ? is_bpf_text_address+0xd3/0x170 [ 33.547094] ? kernel_text_address+0x79/0xf0 [ 33.551507] ? __kernel_text_address+0xd/0x40 [ 33.556001] ? unwind_get_return_address+0x61/0xa0 [ 33.560944] ? __save_stack_trace+0x8d/0xf0 [ 33.565287] ? save_stack+0xa9/0xd0 [ 33.568911] ? save_stack+0x43/0xd0 [ 33.572538] ? __kasan_slab_free+0x102/0x150 [ 33.576941] ? kasan_slab_free+0xe/0x10 [ 33.580913] ? putname+0xf2/0x130 [ 33.584369] ? __x64_sys_openat+0x9d/0x100 [ 33.588612] ? do_syscall_64+0x1b9/0x820 [ 33.592686] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.598054] ? trace_hardirqs_off+0xb8/0x310 [ 33.602465] ? kasan_check_read+0x11/0x20 [ 33.606616] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.611025] ? trace_hardirqs_on+0x310/0x310 [ 33.615439] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 33.620541] ? trace_hardirqs_off+0xb8/0x310 [ 33.624965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.630560] ? check_preemption_disabled+0x48/0x200 [ 33.635573] ? check_preemption_disabled+0x48/0x200 [ 33.640609] ? kvm_vcpu_block+0x1030/0x1030 [ 33.644932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.650488] ? do_vfs_ioctl+0x201/0x1720 [ 33.654598] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 33.659904] ? ioctl_preallocate+0x300/0x300 [ 33.664326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.669866] ? __fget_light+0x2e9/0x430 [ 33.673847] ? fget_raw+0x20/0x20 [ 33.677299] ? putname+0xf2/0x130 [ 33.680752] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.685769] ? kmem_cache_free+0x24f/0x290 [ 33.690005] ? putname+0xf7/0x130 [ 33.693463] do_group_exit+0x177/0x440 [ 33.697354] ? trace_hardirqs_on+0xbd/0x310 [ 33.701678] ? __ia32_sys_exit+0x50/0x50 [ 33.705740] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 33.711202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.716736] ? ksys_ioctl+0x81/0xd0 [ 33.720387] __x64_sys_exit_group+0x3e/0x50 [ 33.724713] do_syscall_64+0x1b9/0x820 [ 33.728599] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.733962] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.738891] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.743795] ? trace_hardirqs_on_caller+0x310/0x310 [ 33.748809] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 33.753831] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.758868] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.763716] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.768905] RIP: 0033:0x43ecd8 [ 33.772107] Code: Bad RIP value. [ 33.775466] RSP: 002b:00007ffdf90a05c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.783173] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8 [ 33.790438] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.797718] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.804995] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.812259] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.819538] [ 33.819545] ====================================================== [ 33.819551] WARNING: possible circular locking dependency detected [ 33.819555] 4.19.0-rc2+ #228 Not tainted [ 33.819561] ------------------------------------------------------ [ 33.819566] syz-executor751/5324 is trying to acquire lock: [ 33.819570] 0000000060e14547 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 33.819587] [ 33.819591] but task is already holding lock: [ 33.819595] 00000000553a3208 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 33.819611] [ 33.819616] which lock already depends on the new lock. [ 33.819619] [ 33.819621] [ 33.819627] the existing dependency chain (in reverse order) is: [ 33.819629] [ 33.819632] -> #3 (report_lock){....}: [ 33.819648] _raw_spin_lock_irqsave+0x99/0xd0 [ 33.819653] kasan_report+0x8b/0x110 [ 33.819658] __asan_report_load8_noabort+0x14/0x20 [ 33.819662] __schedule+0xfc3/0x1ed0 [ 33.819667] preempt_schedule_common+0x1f/0xd0 [ 33.819671] preempt_schedule+0x4d/0x60 [ 33.819676] ___preempt_schedule+0x16/0x18 [ 33.819681] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 33.819685] __call_srcu+0x7f9/0x1070 [ 33.819690] __synchronize_srcu+0x17b/0x230 [ 33.819694] synchronize_srcu+0x356/0x5ab [ 33.819700] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.819704] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.819709] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.819713] kvm_put_kvm+0x6c8/0xff0 [ 33.819718] kvm_vm_release+0x42/0x50 [ 33.819722] __fput+0x385/0xa30 [ 33.819725] ____fput+0x15/0x20 [ 33.819730] task_work_run+0x1e8/0x2a0 [ 33.819734] do_exit+0x1ad7/0x2610 [ 33.819738] do_group_exit+0x177/0x440 [ 33.819743] __x64_sys_exit_group+0x3e/0x50 [ 33.819747] do_syscall_64+0x1b9/0x820 [ 33.819753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.819755] [ 33.819758] -> #2 (&rq->lock){-.-.}: [ 33.819773] _raw_spin_lock+0x2d/0x40 [ 33.819778] task_fork_fair+0xb0/0x6d0 [ 33.819782] sched_fork+0x443/0xba0 [ 33.819786] copy_process+0x2586/0x8780 [ 33.819790] _do_fork+0x1cb/0x11d0 [ 33.819795] kernel_thread+0x34/0x40 [ 33.819799] rest_init+0x22/0xe5 [ 33.819803] start_kernel+0x8f4/0x92f [ 33.819808] x86_64_start_reservations+0x29/0x2b [ 33.819813] x86_64_start_kernel+0x76/0x79 [ 33.819817] secondary_startup_64+0xa4/0xb0 [ 33.819820] [ 33.819823] -> #1 (&p->pi_lock){-.-.}: [ 33.819846] _raw_spin_lock_irqsave+0x99/0xd0 [ 33.819851] try_to_wake_up+0xd2/0x12f0 [ 33.819856] wake_up_process+0x10/0x20 [ 33.819860] __up.isra.1+0x1c0/0x2a0 [ 33.819864] up+0x13c/0x1c0 [ 33.819868] __up_console_sem+0xbe/0x1b0 [ 33.819873] console_unlock+0x524/0x11a0 [ 33.819877] vprintk_emit+0x33d/0x930 [ 33.819881] vprintk_default+0x28/0x30 [ 33.819886] vprintk_func+0x7e/0x181 [ 33.819890] printk+0xa7/0xcf [ 33.819894] load_umh+0x51/0xbd [ 33.819898] do_one_initcall+0x145/0x957 [ 33.819903] kernel_init_freeable+0x4bb/0x5ae [ 33.819907] kernel_init+0x11/0x1b2 [ 33.819912] ret_from_fork+0x3a/0x50 [ 33.819914] [ 33.819917] -> #0 ((console_sem).lock){-...}: [ 33.819933] lock_acquire+0x1ed/0x520 [ 33.819938] _raw_spin_lock_irqsave+0x99/0xd0 [ 33.819942] down_trylock+0x13/0x70 [ 33.819947] __down_trylock_console_sem+0xae/0x200 [ 33.819951] console_trylock+0x15/0xa0 [ 33.819955] vprintk_emit+0x322/0x930 [ 33.819960] vprintk_default+0x28/0x30 [ 33.819964] vprintk_func+0x7e/0x181 [ 33.819968] printk+0xa7/0xcf [ 33.819972] kasan_report+0x9b/0x110 [ 33.819977] __asan_report_load8_noabort+0x14/0x20 [ 33.819982] __schedule+0xfc3/0x1ed0 [ 33.819986] preempt_schedule_common+0x1f/0xd0 [ 33.819991] preempt_schedule+0x4d/0x60 [ 33.819995] ___preempt_schedule+0x16/0x18 [ 33.820000] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 33.820005] __call_srcu+0x7f9/0x1070 [ 33.820009] __synchronize_srcu+0x17b/0x230 [ 33.820014] synchronize_srcu+0x356/0x5ab [ 33.820019] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.820024] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.820028] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.820033] kvm_put_kvm+0x6c8/0xff0 [ 33.820037] kvm_vm_release+0x42/0x50 [ 33.820041] __fput+0x385/0xa30 [ 33.820045] ____fput+0x15/0x20 [ 33.820049] task_work_run+0x1e8/0x2a0 [ 33.820053] do_exit+0x1ad7/0x2610 [ 33.820057] do_group_exit+0x177/0x440 [ 33.820062] __x64_sys_exit_group+0x3e/0x50 [ 33.820066] do_syscall_64+0x1b9/0x820 [ 33.820071] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.820074] [ 33.820079] other info that might help us debug this: [ 33.820081] [ 33.820085] Chain exists of: [ 33.820087] (console_sem).lock --> &rq->lock --> report_lock [ 33.820113] [ 33.820118] Possible unsafe locking scenario: [ 33.820120] [ 33.820125] CPU0 CPU1 [ 33.820129] ---- ---- [ 33.820132] lock(report_lock); [ 33.820142] lock(&rq->lock); [ 33.820152] lock(report_lock); [ 33.820161] lock((console_sem).lock); [ 33.820170] [ 33.820173] *** DEADLOCK *** [ 33.820176] [ 33.820180] 2 locks held by syz-executor751/5324: [ 33.820183] #0: 00000000de5f3a8d (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 33.820201] #1: 00000000553a3208 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 33.820220] [ 33.820223] stack backtrace: [ 33.820230] CPU: 0 PID: 5324 Comm: syz-executor751 Not tainted 4.19.0-rc2+ #228 [ 33.820238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.820241] Call Trace: [ 33.820246] dump_stack+0x1c4/0x2b4 [ 33.820251] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.820255] ? vprintk_func+0x85/0x181 [ 33.820260] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 33.820265] ? save_trace+0xe0/0x290 [ 33.820269] __lock_acquire+0x33e4/0x4ec0 [ 33.820274] ? mark_held_locks+0x130/0x130 [ 33.820278] ? mark_held_locks+0x130/0x130 [ 33.820283] ? rcu_bh_qs+0xc0/0xc0 [ 33.820287] ? unwind_dump+0x190/0x190 [ 33.820292] ? is_bpf_text_address+0xd3/0x170 [ 33.820296] ? kernel_text_address+0x79/0xf0 [ 33.820301] ? __kernel_text_address+0xd/0x40 [ 33.820306] ? __save_stack_trace+0x8d/0xf0 [ 33.820310] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 33.820315] ? save_trace+0x290/0x290 [ 33.820319] ? save_stack_trace+0x1a/0x20 [ 33.820323] ? save_trace+0xe0/0x290 [ 33.820328] ? kasan_check_read+0x11/0x20 [ 33.820332] ? graph_lock+0x170/0x170 [ 33.820337] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.820341] lock_acquire+0x1ed/0x520 [ 33.820346] ? down_trylock+0x13/0x70 [ 33.820350] ? find_held_lock+0x36/0x1c0 [ 33.820354] ? lock_release+0x970/0x970 [ 33.820359] ? trace_hardirqs_off+0xb8/0x310 [ 33.820363] ? vprintk_emit+0x1d3/0x930 [ 33.820368] ? trace_hardirqs_on+0x310/0x310 [ 33.820373] ? trace_hardirqs_off+0xb8/0x310 [ 33.820377] ? log_store+0x344/0x4c0 [ 33.820381] ? vprintk_emit+0x322/0x930 [ 33.820386] _raw_spin_lock_irqsave+0x99/0xd0 [ 33.820390] ? down_trylock+0x13/0x70 [ 33.820394] down_trylock+0x13/0x70 [ 33.820399] __down_trylock_console_sem+0xae/0x200 [ 33.820403] console_trylock+0x15/0xa0 [ 33.820408] vprintk_emit+0x322/0x930 [ 33.820412] ? wake_up_klogd+0x180/0x180 [ 33.820417] ? run_rebalance_domains+0x500/0x500 [ 33.820422] ? wake_up_worker+0x117/0x190 [ 33.820426] ? find_held_lock+0x36/0x1c0 [ 33.820431] ? __queue_work+0x6be/0x1440 [ 33.820435] ? lock_acquire+0x1ed/0x520 [ 33.820439] vprintk_default+0x28/0x30 [ 33.820444] vprintk_func+0x7e/0x181 [ 33.820447] printk+0xa7/0xcf [ 33.820452] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.820457] ? kasan_check_write+0x14/0x20 [ 33.820461] ? do_raw_spin_lock+0xc1/0x200 [ 33.820466] ? do_raw_spin_lock+0xc1/0x200 [ 33.820470] kasan_report+0x9b/0x110 [ 33.820474] ? __schedule+0xfc3/0x1ed0 [ 33.820479] __asan_report_load8_noabort+0x14/0x20 [ 33.820483] __schedule+0xfc3/0x1ed0 [ 33.820488] ? __sched_text_start+0x8/0x8 [ 33.820492] ? __lock_is_held+0xb5/0x140 [ 33.820497] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.820501] ? find_held_lock+0x36/0x1c0 [ 33.820506] ? __call_srcu+0x7f9/0x1070 [ 33.820511] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.820516] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.820521] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.820525] ? preempt_schedule+0x4d/0x60 [ 33.820530] preempt_schedule_common+0x1f/0xd0 [ 33.820534] preempt_schedule+0x4d/0x60 [ 33.820539] ___preempt_schedule+0x16/0x18 [ 33.820544] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 33.820548] __call_srcu+0x7f9/0x1070 [ 33.820553] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 33.820558] ? srcu_offline_cpu+0x120/0x120 [ 33.820562] ? debug_object_free+0x690/0x690 [ 33.820567] ? mark_held_locks+0x130/0x130 [ 33.820572] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 33.820576] ? lock_release+0x970/0x970 [ 33.820581] ? arch_local_save_flags+0x40/0x40 [ 33.820585] ? depot_save_stack+0x292/0x470 [ 33.820590] ? __lockdep_init_map+0x105/0x590 [ 33.820595] ? __init_waitqueue_head+0x9e/0x150 [ 33.820599] ? init_wait_entry+0x1c0/0x1c0 [ 33.820604] __synchronize_srcu+0x17b/0x230 [ 33.820608] ? call_srcu+0x10/0x10 [ 33.820613] ? rcu_unexpedite_gp+0x20/0x20 [ 33.820618] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.820623] ? check_preemption_disabled+0x48/0x200 [ 33.820628] synchronize_srcu+0x356/0x5ab [ 33.820632] ? lock_downgrade+0x900/0x900 [ 33.820638] ? synchronize_srcu_expedited+0x20/0x20 [ 33.820642] ? kasan_check_read+0x11/0x20 [ 33.820647] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.820652] ? kasan_check_write+0x14/0x20 [ 33.820656] ? do_raw_spin_lock+0xc1/0x200 [ 33.820662] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.820667] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.820671] ? kvfree+0x61/0x70 [ 33.820676] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.820680] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.820685] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.820689] ? kvm_arch_sync_events+0x30/0x30 [ 33.820695] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.820700] ? mmu_notifier_unregister+0x474/0x600 [ 33.820704] ? kfree+0x107/0x230 [ 33.820708] ? __mmu_notifier_register+0x30/0x30 [ 33.820713] ? __free_pages+0x10a/0x190 [ 33.820717] ? free_unref_page+0x960/0x960 [ 33.820721] kvm_put_kvm+0x6c8/0xff0 [ 33.820726] ? kvm_write_guest_cached+0x40/0x40 [ 33.820731] ? kvm_irqfd_release+0xd1/0x120 [ 33.820735] ? _raw_spin_unlock_irq+0x27/0x80 [ 33.820740] ? _raw_spin_unlock_irq+0x27/0x80 [ 33.820744] ? kasan_check_write+0x14/0x20 [ 33.820749] ? do_raw_spin_lock+0xc1/0x200 [ 33.820753] ? kvm_irqfd_release+0x [ 33.820761] Lost 82 message(s)! [ 34.985605] Shutting down cpus with NMI [ 36.043192] Dumping ftrace buffer: [ 36.046720] (ftrace buffer empty) [ 36.051038] Kernel Offset: disabled [ 36.054661] Rebooting in 86400 seconds..