[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.969132] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.752846] random: sshd: uninitialized urandom read (32 bytes read) [ 31.291323] random: sshd: uninitialized urandom read (32 bytes read) [ 31.895971] random: sshd: uninitialized urandom read (32 bytes read) [ 32.109764] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.89' (ECDSA) to the list of known hosts. [ 37.815959] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 37.936238] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 37.965241] ================================================================== [ 37.975266] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 37.981522] Read of size 8 at addr ffff8801d9318058 by task syz-executor929/5343 [ 37.989058] [ 37.990702] CPU: 0 PID: 5343 Comm: syz-executor929 Not tainted 4.19.0-rc4+ #25 [ 37.998067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.007431] Call Trace: [ 38.010037] dump_stack+0x1c4/0x2b4 [ 38.013678] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.018899] ? printk+0xa7/0xcf [ 38.022186] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 38.026954] print_address_description.cold.8+0x9/0x1ff [ 38.032347] kasan_report.cold.9+0x242/0x309 [ 38.036767] ? __schedule+0xfc3/0x1ed0 [ 38.040682] __asan_report_load8_noabort+0x14/0x20 [ 38.045638] __schedule+0xfc3/0x1ed0 [ 38.049381] ? __sched_text_start+0x8/0x8 [ 38.053554] ? __lock_is_held+0xb5/0x140 [ 38.057648] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.062769] ? find_held_lock+0x36/0x1c0 [ 38.066839] ? __call_srcu+0x7f9/0x1070 [ 38.070818] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.075926] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.081032] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.085620] ? preempt_schedule+0x4d/0x60 [ 38.089790] preempt_schedule_common+0x1f/0xd0 [ 38.094380] preempt_schedule+0x4d/0x60 [ 38.098365] ___preempt_schedule+0x16/0x18 [ 38.102608] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.107545] __call_srcu+0x7f9/0x1070 [ 38.111351] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.116464] ? srcu_offline_cpu+0x120/0x120 [ 38.120796] ? debug_object_free+0x690/0x690 [ 38.125208] ? mark_held_locks+0x130/0x130 [ 38.129442] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.134030] ? lock_release+0x970/0x970 [ 38.138003] ? arch_local_save_flags+0x40/0x40 [ 38.142612] ? depot_save_stack+0x292/0x470 [ 38.146954] ? __lockdep_init_map+0x105/0x590 [ 38.151451] ? __init_waitqueue_head+0x9e/0x150 [ 38.156125] ? init_wait_entry+0x1c0/0x1c0 [ 38.160367] __synchronize_srcu+0x17b/0x230 [ 38.164691] ? call_srcu+0x10/0x10 [ 38.168230] ? rcu_unexpedite_gp+0x20/0x20 [ 38.172474] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.178017] ? check_preemption_disabled+0x48/0x200 [ 38.183039] synchronize_srcu+0x356/0x5ab [ 38.187193] ? lock_downgrade+0x900/0x900 [ 38.191344] ? synchronize_srcu_expedited+0x20/0x20 [ 38.196365] ? kasan_check_read+0x11/0x20 [ 38.200521] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.205108] ? kasan_check_write+0x14/0x20 [ 38.209342] ? do_raw_spin_lock+0xc1/0x200 [ 38.213599] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.219320] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.224774] ? kvfree+0x61/0x70 [ 38.228054] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.233072] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.237135] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.241545] ? kvm_arch_sync_events+0x30/0x30 [ 38.246046] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.251581] ? mmu_notifier_unregister+0x474/0x600 [ 38.256512] ? kfree+0x107/0x230 [ 38.259882] ? __mmu_notifier_register+0x30/0x30 [ 38.264654] ? __free_pages+0x10a/0x190 [ 38.268641] ? free_unref_page+0x960/0x960 [ 38.272888] kvm_put_kvm+0x6c8/0xff0 [ 38.276609] ? kvm_write_guest_cached+0x40/0x40 [ 38.281288] ? kvm_irqfd_release+0xd1/0x120 [ 38.285612] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.290115] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.294623] ? kasan_check_write+0x14/0x20 [ 38.298871] ? do_raw_spin_lock+0xc1/0x200 [ 38.303117] ? kvm_irqfd_release+0xdd/0x120 [ 38.307435] ? kvm_irqfd_release+0xdd/0x120 [ 38.312460] ? kvm_put_kvm+0xff0/0xff0 [ 38.316351] kvm_vm_release+0x42/0x50 [ 38.320173] __fput+0x385/0xa30 [ 38.323451] ? get_max_files+0x20/0x20 [ 38.327363] ? trace_hardirqs_on+0xbd/0x310 [ 38.331800] ? ___might_sleep+0x1ed/0x300 [ 38.336053] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.341492] ? arch_local_save_flags+0x40/0x40 [ 38.346059] ? kasan_check_write+0x14/0x20 [ 38.350283] ? do_raw_spin_lock+0xc1/0x200 [ 38.354501] ____fput+0x15/0x20 [ 38.357764] task_work_run+0x1e8/0x2a0 [ 38.361651] ? task_work_cancel+0x240/0x240 [ 38.365970] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.371597] ? switch_task_namespaces+0x9d/0xd0 [ 38.376374] do_exit+0x1ad7/0x2610 [ 38.379904] ? mm_update_next_owner+0x990/0x990 [ 38.384560] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 38.388779] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.393892] ? kfree+0x1fa/0x230 [ 38.397257] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 38.401497] ? kvm_vcpu_block+0x1030/0x1030 [ 38.405851] ? is_bpf_text_address+0xd3/0x170 [ 38.410336] ? kernel_text_address+0x79/0xf0 [ 38.414818] ? __kernel_text_address+0xd/0x40 [ 38.419347] ? unwind_get_return_address+0x61/0xa0 [ 38.424276] ? __save_stack_trace+0x8d/0xf0 [ 38.428590] ? save_stack+0xa9/0xd0 [ 38.432201] ? save_stack+0x43/0xd0 [ 38.435812] ? __kasan_slab_free+0x102/0x150 [ 38.440209] ? kasan_slab_free+0xe/0x10 [ 38.444174] ? putname+0xf2/0x130 [ 38.447611] ? __x64_sys_openat+0x9d/0x100 [ 38.451835] ? do_syscall_64+0x1b9/0x820 [ 38.455880] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.461240] ? trace_hardirqs_off+0xb8/0x310 [ 38.465770] ? kasan_check_read+0x11/0x20 [ 38.469912] ? do_raw_spin_unlock+0xa7/0x2f0 [ 38.474305] ? trace_hardirqs_on+0x310/0x310 [ 38.478701] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 38.483805] ? trace_hardirqs_off+0xb8/0x310 [ 38.488204] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.493723] ? check_preemption_disabled+0x48/0x200 [ 38.498762] ? check_preemption_disabled+0x48/0x200 [ 38.503819] ? kvm_vcpu_block+0x1030/0x1030 [ 38.508128] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.513658] ? do_vfs_ioctl+0x201/0x1720 [ 38.517704] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 38.522969] ? ioctl_preallocate+0x300/0x300 [ 38.527362] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.532878] ? __fget_light+0x2e9/0x430 [ 38.536831] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.542354] ? smack_file_ioctl+0x210/0x3c0 [ 38.546658] ? fget_raw+0x20/0x20 [ 38.550091] ? smack_file_lock+0x2e0/0x2e0 [ 38.554310] do_group_exit+0x177/0x440 [ 38.558182] ? trace_hardirqs_on+0xbd/0x310 [ 38.562488] ? __ia32_sys_exit+0x50/0x50 [ 38.566530] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.572012] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.577541] ? ksys_ioctl+0x81/0xd0 [ 38.581152] __x64_sys_exit_group+0x3e/0x50 [ 38.585458] do_syscall_64+0x1b9/0x820 [ 38.589327] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.594738] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.599723] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.604558] ? trace_hardirqs_on_caller+0x310/0x310 [ 38.609561] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.614561] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.619559] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.624390] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.629563] RIP: 0033:0x43ef28 [ 38.632738] Code: fa 29 c2 8d 04 52 c1 e0 02 41 29 c1 49 63 c1 4c 8d 0d 8c 89 21 00 49 8b 04 c1 0f b6 00 88 06 44 0f be 57 01 41 83 ea 01 44 89 f7 e9 44 89 d0 c1 f8 1f d1 fa 29 c2 8d 04 52 c1 e0 02 41 29 c2 [ 38.651627] RSP: 002b:00007fff904ee808 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.659338] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef28 [ 38.666643] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.673905] RBP: 00000000004be7e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.681158] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 38.688414] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 38.695700] [ 38.697316] Allocated by task 5343: [ 38.700929] save_stack+0x43/0xd0 [ 38.704363] kasan_kmalloc+0xc7/0xe0 [ 38.708160] kasan_slab_alloc+0x12/0x20 [ 38.712124] kmem_cache_alloc+0x12e/0x730 [ 38.716257] vmx_create_vcpu+0xcf/0x25e0 [ 38.720299] kvm_arch_vcpu_create+0xe5/0x220 [ 38.724687] kvm_vm_ioctl+0x470/0x1d40 [ 38.728553] do_vfs_ioctl+0x1de/0x1720 [ 38.732522] ksys_ioctl+0xa9/0xd0 [ 38.735958] __x64_sys_ioctl+0x73/0xb0 [ 38.739830] do_syscall_64+0x1b9/0x820 [ 38.743707] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.748875] [ 38.750481] Freed by task 5343: [ 38.753742] save_stack+0x43/0xd0 [ 38.757178] __kasan_slab_free+0x102/0x150 [ 38.761401] kasan_slab_free+0xe/0x10 [ 38.765188] kmem_cache_free+0x83/0x290 [ 38.769150] vmx_free_vcpu+0x26b/0x300 [ 38.773020] kvm_arch_destroy_vm+0x365/0x7c0 [ 38.777411] kvm_put_kvm+0x6c8/0xff0 [ 38.781102] kvm_vm_release+0x42/0x50 [ 38.784928] __fput+0x385/0xa30 [ 38.788195] ____fput+0x15/0x20 [ 38.791453] task_work_run+0x1e8/0x2a0 [ 38.795324] do_exit+0x1ad7/0x2610 [ 38.798845] do_group_exit+0x177/0x440 [ 38.802710] __x64_sys_exit_group+0x3e/0x50 [ 38.807012] do_syscall_64+0x1b9/0x820 [ 38.810885] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.816084] [ 38.817694] The buggy address belongs to the object at ffff8801d9318040 [ 38.817694] which belongs to the cache kvm_vcpu of size 23872 [ 38.830320] The buggy address is located 24 bytes inside of [ 38.830320] 23872-byte region [ffff8801d9318040, ffff8801d931dd80) [ 38.842266] The buggy address belongs to the page: [ 38.847178] page:ffffea000764c600 count:1 mapcount:0 mapping:ffff8801d4f4ec00 index:0x0 compound_mapcount: 0 [ 38.857131] flags: 0x2fffc0000008100(slab|head) [ 38.861789] raw: 02fffc0000008100 ffff8801d55c2848 ffff8801d55c2848 ffff8801d4f4ec00 [ 38.869665] raw: 0000000000000000 ffff8801d9318040 0000000100000001 0000000000000000 [ 38.877558] page dumped because: kasan: bad access detected [ 38.883295] [ 38.884910] Memory state around the buggy address: [ 38.889865] ffff8801d9317f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.897226] ffff8801d9317f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.904624] >ffff8801d9318000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 38.911986] ^ [ 38.918216] ffff8801d9318080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.925560] ffff8801d9318100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.932909] ================================================================== [ 38.940250] Kernel panic - not syncing: panic_on_warn set ... [ 38.940250] [ 38.947596] CPU: 0 PID: 5343 Comm: syz-executor929 Tainted: G B 4.19.0-rc4+ #25 [ 38.956330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.965671] Call Trace: [ 38.968333] dump_stack+0x1c4/0x2b4 [ 38.971951] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.977125] ? lock_downgrade+0x900/0x900 [ 38.981261] panic+0x238/0x4e7 [ 38.984435] ? add_taint.cold.5+0x16/0x16 [ 38.988575] ? print_shadow_for_address+0xb6/0x116 [ 38.993493] ? trace_hardirqs_off+0xaf/0x310 [ 38.997895] kasan_end_report+0x47/0x4f [ 39.001858] kasan_report.cold.9+0x76/0x309 [ 39.006174] ? __schedule+0xfc3/0x1ed0 [ 39.010049] __asan_report_load8_noabort+0x14/0x20 [ 39.014967] __schedule+0xfc3/0x1ed0 [ 39.018715] ? __sched_text_start+0x8/0x8 [ 39.022863] ? __lock_is_held+0xb5/0x140 [ 39.026913] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.032008] ? find_held_lock+0x36/0x1c0 [ 39.036065] ? __call_srcu+0x7f9/0x1070 [ 39.040027] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.045115] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.050207] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.054783] ? preempt_schedule+0x4d/0x60 [ 39.058922] preempt_schedule_common+0x1f/0xd0 [ 39.063491] preempt_schedule+0x4d/0x60 [ 39.067450] ___preempt_schedule+0x16/0x18 [ 39.071673] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.076658] __call_srcu+0x7f9/0x1070 [ 39.080521] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.085639] ? srcu_offline_cpu+0x120/0x120 [ 39.090025] ? debug_object_free+0x690/0x690 [ 39.094432] ? mark_held_locks+0x130/0x130 [ 39.098660] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.103227] ? lock_release+0x970/0x970 [ 39.107191] ? arch_local_save_flags+0x40/0x40 [ 39.111883] ? depot_save_stack+0x292/0x470 [ 39.116193] ? __lockdep_init_map+0x105/0x590 [ 39.120741] ? __init_waitqueue_head+0x9e/0x150 [ 39.125397] ? init_wait_entry+0x1c0/0x1c0 [ 39.129615] __synchronize_srcu+0x17b/0x230 [ 39.133926] ? call_srcu+0x10/0x10 [ 39.137446] ? rcu_unexpedite_gp+0x20/0x20 [ 39.141671] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.147195] ? check_preemption_disabled+0x48/0x200 [ 39.152216] synchronize_srcu+0x356/0x5ab [ 39.156351] ? lock_downgrade+0x900/0x900 [ 39.160479] ? synchronize_srcu_expedited+0x20/0x20 [ 39.165480] ? kasan_check_read+0x11/0x20 [ 39.169606] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.174171] ? kasan_check_write+0x14/0x20 [ 39.178385] ? do_raw_spin_lock+0xc1/0x200 [ 39.182604] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.188294] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.193727] ? kvfree+0x61/0x70 [ 39.196989] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.201995] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.206042] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.210440] ? kvm_arch_sync_events+0x30/0x30 [ 39.214922] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.220440] ? mmu_notifier_unregister+0x474/0x600 [ 39.225393] ? kfree+0x107/0x230 [ 39.228749] ? __mmu_notifier_register+0x30/0x30 [ 39.233486] ? __free_pages+0x10a/0x190 [ 39.237440] ? free_unref_page+0x960/0x960 [ 39.241663] kvm_put_kvm+0x6c8/0xff0 [ 39.245360] ? kvm_write_guest_cached+0x40/0x40 [ 39.250052] ? kvm_irqfd_release+0xd1/0x120 [ 39.254362] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.258839] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.263326] ? kasan_check_write+0x14/0x20 [ 39.267550] ? do_raw_spin_lock+0xc1/0x200 [ 39.271773] ? kvm_irqfd_release+0xdd/0x120 [ 39.276077] ? kvm_irqfd_release+0xdd/0x120 [ 39.280383] ? kvm_put_kvm+0xff0/0xff0 [ 39.284331] kvm_vm_release+0x42/0x50 [ 39.288119] __fput+0x385/0xa30 [ 39.291379] ? get_max_files+0x20/0x20 [ 39.295257] ? trace_hardirqs_on+0xbd/0x310 [ 39.299563] ? ___might_sleep+0x1ed/0x300 [ 39.303694] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.309129] ? arch_local_save_flags+0x40/0x40 [ 39.313693] ? kasan_check_write+0x14/0x20 [ 39.317911] ? do_raw_spin_lock+0xc1/0x200 [ 39.322128] ____fput+0x15/0x20 [ 39.325388] task_work_run+0x1e8/0x2a0 [ 39.329257] ? task_work_cancel+0x240/0x240 [ 39.333563] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.339082] ? switch_task_namespaces+0x9d/0xd0 [ 39.343737] do_exit+0x1ad7/0x2610 [ 39.347259] ? mm_update_next_owner+0x990/0x990 [ 39.351911] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 39.356125] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.361229] ? kfree+0x1fa/0x230 [ 39.364581] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 39.368796] ? kvm_vcpu_block+0x1030/0x1030 [ 39.373119] ? is_bpf_text_address+0xd3/0x170 [ 39.377614] ? kernel_text_address+0x79/0xf0 [ 39.382041] ? __kernel_text_address+0xd/0x40 [ 39.386526] ? unwind_get_return_address+0x61/0xa0 [ 39.391441] ? __save_stack_trace+0x8d/0xf0 [ 39.395747] ? save_stack+0xa9/0xd0 [ 39.399533] ? save_stack+0x43/0xd0 [ 39.403153] ? __kasan_slab_free+0x102/0x150 [ 39.407548] ? kasan_slab_free+0xe/0x10 [ 39.411594] ? putname+0xf2/0x130 [ 39.415039] ? __x64_sys_openat+0x9d/0x100 [ 39.419266] ? do_syscall_64+0x1b9/0x820 [ 39.423352] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.428706] ? trace_hardirqs_off+0xb8/0x310 [ 39.433104] ? kasan_check_read+0x11/0x20 [ 39.437243] ? do_raw_spin_unlock+0xa7/0x2f0 [ 39.441698] ? trace_hardirqs_on+0x310/0x310 [ 39.446100] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 39.451188] ? trace_hardirqs_off+0xb8/0x310 [ 39.455585] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.461108] ? check_preemption_disabled+0x48/0x200 [ 39.466102] ? check_preemption_disabled+0x48/0x200 [ 39.471101] ? kvm_vcpu_block+0x1030/0x1030 [ 39.475409] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.480934] ? do_vfs_ioctl+0x201/0x1720 [ 39.487240] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 39.492499] ? ioctl_preallocate+0x300/0x300 [ 39.496896] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.502416] ? __fget_light+0x2e9/0x430 [ 39.506378] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.511946] ? smack_file_ioctl+0x210/0x3c0 [ 39.516348] ? fget_raw+0x20/0x20 [ 39.519793] ? smack_file_lock+0x2e0/0x2e0 [ 39.524020] do_group_exit+0x177/0x440 [ 39.527896] ? trace_hardirqs_on+0xbd/0x310 [ 39.532303] ? __ia32_sys_exit+0x50/0x50 [ 39.536350] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.541790] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.547321] ? ksys_ioctl+0x81/0xd0 [ 39.551041] __x64_sys_exit_group+0x3e/0x50 [ 39.555369] do_syscall_64+0x1b9/0x820 [ 39.559239] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.564588] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.569506] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.574338] ? trace_hardirqs_on_caller+0x310/0x310 [ 39.579338] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.584412] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.589449] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.594304] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.599491] RIP: 0033:0x43ef28 [ 39.602686] Code: fa 29 c2 8d 04 52 c1 e0 02 41 29 c1 49 63 c1 4c 8d 0d 8c 89 21 00 49 8b 04 c1 0f b6 00 88 06 44 0f be 57 01 41 83 ea 01 44 89 f7 e9 44 89 d0 c1 f8 1f d1 fa 29 c2 8d 04 52 c1 e0 02 41 29 c2 [ 39.621589] RSP: 002b:00007fff904ee808 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 39.629297] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef28 [ 39.636563] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 39.643828] RBP: 00000000004be7e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 39.651182] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 39.658466] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 39.665744] [ 39.665750] ====================================================== [ 39.665755] WARNING: possible circular locking dependency detected [ 39.665759] 4.19.0-rc4+ #25 Not tainted [ 39.665765] ------------------------------------------------------ [ 39.665770] syz-executor929/5343 is trying to acquire lock: [ 39.665774] 000000002a1be66d ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 39.665790] [ 39.665795] but task is already holding lock: [ 39.665798] 0000000041c8781e (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.665814] [ 39.665819] which lock already depends on the new lock. [ 39.665821] [ 39.665824] [ 39.665829] the existing dependency chain (in reverse order) is: [ 39.665832] [ 39.665834] -> #3 (report_lock){....}: [ 39.665850] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.665854] kasan_report+0x8b/0x110 [ 39.665859] __asan_report_load8_noabort+0x14/0x20 [ 39.665863] __schedule+0xfc3/0x1ed0 [ 39.665868] preempt_schedule_common+0x1f/0xd0 [ 39.665872] preempt_schedule+0x4d/0x60 [ 39.665876] ___preempt_schedule+0x16/0x18 [ 39.665881] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.665885] __call_srcu+0x7f9/0x1070 [ 39.665890] __synchronize_srcu+0x17b/0x230 [ 39.665894] synchronize_srcu+0x356/0x5ab [ 39.665900] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.665904] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.665908] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.665913] kvm_put_kvm+0x6c8/0xff0 [ 39.665917] kvm_vm_release+0x42/0x50 [ 39.665920] __fput+0x385/0xa30 [ 39.665924] ____fput+0x15/0x20 [ 39.665929] task_work_run+0x1e8/0x2a0 [ 39.665933] do_exit+0x1ad7/0x2610 [ 39.665937] do_group_exit+0x177/0x440 [ 39.665941] __x64_sys_exit_group+0x3e/0x50 [ 39.665945] do_syscall_64+0x1b9/0x820 [ 39.665950] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.665953] [ 39.665955] -> #2 (&rq->lock){-.-.}: [ 39.665970] _raw_spin_lock+0x2d/0x40 [ 39.665975] task_fork_fair+0xb0/0x6d0 [ 39.665979] sched_fork+0x443/0xba0 [ 39.665983] copy_process+0x2586/0x8780 [ 39.665987] _do_fork+0x1cb/0x11d0 [ 39.665991] kernel_thread+0x34/0x40 [ 39.665995] rest_init+0x22/0xe5 [ 39.665999] start_kernel+0x8f4/0x92f [ 39.666003] x86_64_start_reservations+0x29/0x2b [ 39.666008] x86_64_start_kernel+0x76/0x79 [ 39.666012] secondary_startup_64+0xa4/0xb0 [ 39.666015] [ 39.666017] -> #1 (&p->pi_lock){-.-.}: [ 39.666033] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.666037] try_to_wake_up+0xd2/0x12f0 [ 39.666041] wake_up_process+0x10/0x20 [ 39.666046] __up.isra.1+0x1c0/0x2a0 [ 39.666049] up+0x13c/0x1c0 [ 39.666053] __up_console_sem+0xbe/0x1b0 [ 39.666058] console_unlock+0x814/0x1160 [ 39.666062] vprintk_emit+0x33d/0x930 [ 39.666066] vprintk_default+0x28/0x30 [ 39.666070] vprintk_func+0x7e/0x181 [ 39.666074] printk+0xa7/0xcf [ 39.666078] load_umh+0x51/0xbd [ 39.666082] do_one_initcall+0x145/0x957 [ 39.666086] kernel_init_freeable+0x4bb/0x5ae [ 39.666090] kernel_init+0x11/0x1b2 [ 39.666095] ret_from_fork+0x3a/0x50 [ 39.666097] [ 39.666100] -> #0 ((console_sem).lock){-...}: [ 39.666115] lock_acquire+0x1ed/0x520 [ 39.666120] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.666124] down_trylock+0x13/0x70 [ 39.666128] __down_trylock_console_sem+0xae/0x200 [ 39.666133] console_trylock+0x15/0xa0 [ 39.666137] vprintk_emit+0x322/0x930 [ 39.666141] vprintk_default+0x28/0x30 [ 39.666145] vprintk_func+0x7e/0x181 [ 39.666149] printk+0xa7/0xcf [ 39.666153] kasan_report+0x9b/0x110 [ 39.666158] __asan_report_load8_noabort+0x14/0x20 [ 39.666162] __schedule+0xfc3/0x1ed0 [ 39.666167] preempt_schedule_common+0x1f/0xd0 [ 39.666171] preempt_schedule+0x4d/0x60 [ 39.666176] ___preempt_schedule+0x16/0x18 [ 39.666180] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.666184] __call_srcu+0x7f9/0x1070 [ 39.666189] __synchronize_srcu+0x17b/0x230 [ 39.666193] synchronize_srcu+0x356/0x5ab [ 39.666198] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.666203] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.666207] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.666211] kvm_put_kvm+0x6c8/0xff0 [ 39.666216] kvm_vm_release+0x42/0x50 [ 39.666219] __fput+0x385/0xa30 [ 39.666223] ____fput+0x15/0x20 [ 39.666227] task_work_run+0x1e8/0x2a0 [ 39.666231] do_exit+0x1ad7/0x2610 [ 39.666236] do_group_exit+0x177/0x440 [ 39.666240] __x64_sys_exit_group+0x3e/0x50 [ 39.666244] do_syscall_64+0x1b9/0x820 [ 39.666249] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.666252] [ 39.666256] other info that might help us debug this: [ 39.666259] [ 39.666262] Chain exists of: [ 39.666265] (console_sem).lock --> &rq->lock --> report_lock [ 39.666285] [ 39.666289] Possible unsafe locking scenario: [ 39.666291] [ 39.666296] CPU0 CPU1 [ 39.666300] ---- ---- [ 39.666303] lock(report_lock); [ 39.666313] lock(&rq->lock); [ 39.666323] lock(report_lock); [ 39.666332] lock((console_sem).lock); [ 39.666340] [ 39.666344] *** DEADLOCK *** [ 39.666346] [ 39.666351] 2 locks held by syz-executor929/5343: [ 39.666353] #0: 00000000e4c3b711 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 39.666372] #1: 0000000041c8781e (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.666390] [ 39.666393] stack backtrace: [ 39.666400] CPU: 0 PID: 5343 Comm: syz-executor929 Not tainted 4.19.0-rc4+ #25 [ 39.666407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.666411] Call Trace: [ 39.666415] dump_stack+0x1c4/0x2b4 [ 39.666420] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.666424] ? vprintk_func+0x85/0x181 [ 39.666429] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 39.666433] ? save_trace+0xe0/0x290 [ 39.666438] __lock_acquire+0x33e4/0x4ec0 [ 39.666442] ? mark_held_locks+0x130/0x130 [ 39.666446] ? mark_held_locks+0x130/0x130 [ 39.666450] ? rcu_bh_qs+0xc0/0xc0 [ 39.666454] ? unwind_dump+0x190/0x190 [ 39.666459] ? is_bpf_text_address+0xd3/0x170 [ 39.666463] ? kernel_text_address+0x79/0xf0 [ 39.666468] ? __kernel_text_address+0xd/0x40 [ 39.666472] ? __save_stack_trace+0x8d/0xf0 [ 39.666477] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 39.666481] ? save_trace+0x290/0x290 [ 39.666486] ? save_stack_trace+0x1a/0x20 [ 39.666490] ? save_trace+0xe0/0x290 [ 39.666494] ? kasan_check_read+0x11/0x20 [ 39.666498] ? graph_lock+0x170/0x170 [ 39.666503] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.666507] lock_acquire+0x1ed/0x520 [ 39.666512] ? down_trylock+0x13/0x70 [ 39.666516] ? find_held_lock+0x36/0x1c0 [ 39.666520] ? lock_release+0x970/0x970 [ 39.666525] ? trace_hardirqs_off+0xb8/0x310 [ 39.666529] ? vprintk_emit+0x1d3/0x930 [ 39.666533] ? trace_hardirqs_on+0x310/0x310 [ 39.666538] ? trace_hardirqs_off+0xb8/0x310 [ 39.666542] ? log_store+0x344/0x4c0 [ 39.666546] ? vprintk_emit+0x322/0x930 [ 39.666551] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.666555] ? down_trylock+0x13/0x70 [ 39.666559] down_trylock+0x13/0x70 [ 39.666564] __down_trylock_console_sem+0xae/0x200 [ 39.666568] console_trylock+0x15/0xa0 [ 39.666572] vprintk_emit+0x322/0x930 [ 39.666576] ? wake_up_klogd+0x180/0x180 [ 39.666581] ? run_rebalance_domains+0x500/0x500 [ 39.666585] ? find_held_lock+0x36/0x1c0 [ 39.666589] ? __queue_work+0x6be/0x1440 [ 39.666593] ? lock_acquire+0x1ed/0x520 [ 39.666598] vprintk_default+0x28/0x30 [ 39.666602] vprintk_func+0x7e/0x181 [ 39.666605] printk+0xa7/0xcf [ 39.666610] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 39.666614] ? kasan_check_write+0x14/0x20 [ 39.666619] ? do_raw_spin_lock+0xc1/0x200 [ 39.666623] ? do_raw_spin_lock+0xc1/0x200 [ 39.666627] kasan_report+0x9b/0x110 [ 39.666639] ? __schedule+0xfc3/0x1ed0 [ 39.666644] __asan_report_load8_noabort+0x14/0x20 [ 39.666648] __schedule+0xfc3/0x1ed0 [ 39.666658] ? __sched_text_start+0x8/0x8 [ 39.666663] ? __lock_is_held+0xb5/0x140 [ 39.666668] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.666672] ? find_held_lock+0x36/0x1c0 [ 39.666676] ? __call_srcu+0x7f9/0x1070 [ 39.666681] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.666686] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.666691] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.666695] ? preempt_schedule+0x4d/0x60 [ 39.666700] preempt_schedule_common+0x1f/0xd0 [ 39.666704] preempt_schedule+0x4d/0x60 [ 39.666708] ___preempt_schedule+0x16/0x18 [ 39.666713] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.666717] __call_srcu+0x7f9/0x1070 [ 39.666722] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.666727] ? srcu_offline_cpu+0x120/0x120 [ 39.666731] ? debug_object_free+0x690/0x690 [ 39.666736] ? mark_held_locks+0x130/0x130 [ 39.666740] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.666745] ? lock_release+0x970/0x970 [ 39.666749] ? arch_local_save_flags+0x40/0x40 [ 39.666754] ? depot_save_stack+0x292/0x470 [ 39.666758] ? __lockdep_init_map+0x105/0x590 [ 39.666763] ? __init_waitqueue_head+0x9e/0x150 [ 39.666767] ? init_wait_entry+0x1c0/0x1c0 [ 39.666772] __synchronize_srcu+0x17b/0x230 [ 39.666776] ? call_srcu+0x10/0x10 [ 39.666780] ? rcu_unexpedite_gp+0x20/0x20 [ 39.666785] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.666790] ? check_preemption_disabled+0x48/0x200 [ 39.666795] synchronize_srcu+0x356/0x5ab [ 39.666799] ? lock_downgrade+0x900/0x900 [ 39.666809] ? synchronize_srcu_expedited+0x20/0x20 [ 39.666813] ? kasan_check_read+0x11/0x20 [ 39.666818] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.666822] ? kasan_check_write+0x14/0x20 [ 39.666827] ? do_raw_spin_lock+0xc1/0x200 [ 39.666832] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.666837] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.666841] ? kvfree+0x61/0x70 [ 39.666846] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.666850] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.666855] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.666859] ? kvm_arch_sync_events+0x30/0x30 [ 39.666864] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.666869] ? mmu_notifier_unregister+0x474/0x600 [ 39.666873] ? kfree+0x107/0x230 [ 39.666878] ? __mmu_notifier_register+0x30/0x30 [ 39.666882] ? __free_pages+0x10a/0x190 [ 39.666886] ? free_unref_page+0x960/0x960 [ 39.666890] kvm_put_kvm+0x6c8/0xff0 [ 39.666895] ? kvm_write_guest_cached+0x40/0x40 [ 39.666899] ? kvm_irqfd_release+0xd1/0x120 [ 39.666904] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.666909] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.666913] ? kasan_check_write+0x14/0x20 [ 39.666917] ? do_raw_spin_lock+0xc1/0x200 [ 39.666922] ? kvm_irqfd_release+0xdd/0x120 [ 39.666925] ? kvm_irqfd_release+0x [ 39.666934] Lost 80 message(s)! [ 40.817316] Shutting down cpus with NMI [ 41.875400] Kernel Offset: disabled [ 41.879026] Rebooting in 86400 seconds..