[....] Starting OpenBSD Secure Shell server: sshd[ 26.553166] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 31.245016] random: sshd: uninitialized urandom read (32 bytes read) [ 31.657417] random: sshd: uninitialized urandom read (32 bytes read) [ 32.229217] sshd (5363) used greatest stack depth: 16408 bytes left [ 32.252370] random: sshd: uninitialized urandom read (32 bytes read) [ 32.467252] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts. [ 38.032306] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 38.151316] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 38.177120] ================================================================== [ 38.187148] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 38.193373] Read of size 8 at addr ffff8801ba598058 by task syz-executor099/5376 [ 38.200894] [ 38.202521] CPU: 1 PID: 5376 Comm: syz-executor099 Not tainted 4.19.0-rc2+ #7 [ 38.209789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.219134] Call Trace: [ 38.221726] dump_stack+0x1c4/0x2b4 [ 38.225349] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.230542] ? printk+0xa7/0xcf [ 38.233842] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 38.238606] print_address_description.cold.8+0x9/0x1ff [ 38.243976] kasan_report.cold.9+0x242/0x309 [ 38.248383] ? __schedule+0xfc3/0x1ed0 [ 38.252272] __asan_report_load8_noabort+0x14/0x20 [ 38.257195] __schedule+0xfc3/0x1ed0 [ 38.260919] ? __sched_text_start+0x8/0x8 [ 38.265070] ? __lock_is_held+0xb5/0x140 [ 38.269132] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.274234] ? find_held_lock+0x36/0x1c0 [ 38.278297] ? __call_srcu+0x7f9/0x1070 [ 38.282271] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.287372] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.292474] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.297055] ? preempt_schedule+0x4d/0x60 [ 38.301208] preempt_schedule_common+0x1f/0xd0 [ 38.305786] preempt_schedule+0x4d/0x60 [ 38.309762] ___preempt_schedule+0x16/0x18 [ 38.314032] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.318964] __call_srcu+0x7f9/0x1070 [ 38.322763] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.327869] ? srcu_offline_cpu+0x120/0x120 [ 38.332190] ? debug_object_free+0x690/0x690 [ 38.336594] ? mark_held_locks+0x130/0x130 [ 38.340830] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.345415] ? lock_release+0x970/0x970 [ 38.349388] ? arch_local_save_flags+0x40/0x40 [ 38.353993] ? depot_save_stack+0x292/0x470 [ 38.358332] ? __lockdep_init_map+0x105/0x590 [ 38.362830] ? __init_waitqueue_head+0x9e/0x150 [ 38.367497] ? init_wait_entry+0x1c0/0x1c0 [ 38.371735] __synchronize_srcu+0x17b/0x230 [ 38.376055] ? call_srcu+0x10/0x10 [ 38.379598] ? rcu_unexpedite_gp+0x20/0x20 [ 38.383837] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.389384] ? check_preemption_disabled+0x48/0x200 [ 38.394403] synchronize_srcu+0x356/0x5ab [ 38.398556] ? lock_downgrade+0x900/0x900 [ 38.402703] ? synchronize_srcu_expedited+0x20/0x20 [ 38.407736] ? kasan_check_read+0x11/0x20 [ 38.411886] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.416468] ? kasan_check_write+0x14/0x20 [ 38.420705] ? do_raw_spin_lock+0xc1/0x200 [ 38.424945] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.430660] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.436108] ? kvfree+0x61/0x70 [ 38.439384] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.444400] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.448460] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.452873] ? kvm_arch_sync_events+0x30/0x30 [ 38.457373] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.462912] ? mmu_notifier_unregister+0x474/0x600 [ 38.467840] ? kfree+0x107/0x230 [ 38.471217] ? __mmu_notifier_register+0x30/0x30 [ 38.475976] ? __free_pages+0x10a/0x190 [ 38.479960] ? free_unref_page+0x960/0x960 [ 38.484204] kvm_put_kvm+0x6c8/0xff0 [ 38.487923] ? kvm_write_guest_cached+0x40/0x40 [ 38.492608] ? kvm_irqfd_release+0xd1/0x120 [ 38.496958] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.501461] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.505967] ? kasan_check_write+0x14/0x20 [ 38.510208] ? do_raw_spin_lock+0xc1/0x200 [ 38.514445] ? kvm_irqfd_release+0xdd/0x120 [ 38.518777] ? kvm_irqfd_release+0xdd/0x120 [ 38.523105] ? kvm_put_kvm+0xff0/0xff0 [ 38.526994] kvm_vm_release+0x42/0x50 [ 38.530797] __fput+0x385/0xa30 [ 38.534090] ? get_max_files+0x20/0x20 [ 38.537973] ? trace_hardirqs_on+0xbd/0x310 [ 38.542296] ? ___might_sleep+0x1ed/0x300 [ 38.546457] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.551910] ? arch_local_save_flags+0x40/0x40 [ 38.556497] ? kasan_check_write+0x14/0x20 [ 38.560744] ? do_raw_spin_lock+0xc1/0x200 [ 38.564988] ____fput+0x15/0x20 [ 38.568277] task_work_run+0x1e8/0x2a0 [ 38.572168] ? task_work_cancel+0x240/0x240 [ 38.576489] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.582026] ? switch_task_namespaces+0x9d/0xd0 [ 38.586696] do_exit+0x1ad7/0x2610 [ 38.590239] ? mm_update_next_owner+0x990/0x990 [ 38.594914] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 38.599148] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.604165] ? kfree+0x1fa/0x230 [ 38.607528] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 38.611772] ? kvm_vcpu_block+0x1030/0x1030 [ 38.616100] ? is_bpf_text_address+0xd3/0x170 [ 38.620597] ? kernel_text_address+0x79/0xf0 [ 38.625001] ? __kernel_text_address+0xd/0x40 [ 38.629495] ? unwind_get_return_address+0x61/0xa0 [ 38.634420] ? __save_stack_trace+0x8d/0xf0 [ 38.638748] ? save_stack+0xa9/0xd0 [ 38.642381] ? save_stack+0x43/0xd0 [ 38.646001] ? __kasan_slab_free+0x102/0x150 [ 38.650403] ? kasan_slab_free+0xe/0x10 [ 38.654372] ? putname+0xf2/0x130 [ 38.657841] ? __x64_sys_openat+0x9d/0x100 [ 38.662076] ? do_syscall_64+0x1b9/0x820 [ 38.666137] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.671503] ? trace_hardirqs_off+0xb8/0x310 [ 38.675912] ? kasan_check_read+0x11/0x20 [ 38.680057] ? do_raw_spin_unlock+0xa7/0x2f0 [ 38.684482] ? trace_hardirqs_on+0x310/0x310 [ 38.688888] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 38.694011] ? trace_hardirqs_off+0xb8/0x310 [ 38.698418] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.703951] ? check_preemption_disabled+0x48/0x200 [ 38.708971] ? check_preemption_disabled+0x48/0x200 [ 38.713988] ? kvm_vcpu_block+0x1030/0x1030 [ 38.718397] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.723931] ? do_vfs_ioctl+0x201/0x1720 [ 38.727989] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 38.733269] ? ioctl_preallocate+0x300/0x300 [ 38.737684] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.743232] ? __fget_light+0x2e9/0x430 [ 38.747218] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.752751] ? smack_file_ioctl+0x210/0x3c0 [ 38.757069] ? fget_raw+0x20/0x20 [ 38.760522] ? smack_file_lock+0x2e0/0x2e0 [ 38.764771] do_group_exit+0x177/0x440 [ 38.768656] ? trace_hardirqs_on+0xbd/0x310 [ 38.772974] ? __ia32_sys_exit+0x50/0x50 [ 38.777045] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.782504] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.788036] ? ksys_ioctl+0x81/0xd0 [ 38.791673] __x64_sys_exit_group+0x3e/0x50 [ 38.795996] do_syscall_64+0x1b9/0x820 [ 38.799886] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.805249] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.810180] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.815021] ? trace_hardirqs_on_caller+0x310/0x310 [ 38.820058] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.825081] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.830098] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.834940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.840139] RIP: 0033:0x43f068 [ 38.843331] Code: Bad RIP value. [ 38.846687] RSP: 002b:00007ffefb8930c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.854396] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f068 [ 38.861665] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.868951] RBP: 00000000004c0928 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.876215] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 38.883476] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 38.890741] [ 38.892371] Allocated by task 5376: [ 38.896000] save_stack+0x43/0xd0 [ 38.899442] kasan_kmalloc+0xc7/0xe0 [ 38.903152] kasan_slab_alloc+0x12/0x20 [ 38.907123] kmem_cache_alloc+0x12e/0x730 [ 38.911271] vmx_create_vcpu+0xcf/0x25e0 [ 38.915327] kvm_arch_vcpu_create+0xe5/0x220 [ 38.919728] kvm_vm_ioctl+0x470/0x1d40 [ 38.923611] do_vfs_ioctl+0x1de/0x1720 [ 38.927496] ksys_ioctl+0xa9/0xd0 [ 38.930943] __x64_sys_ioctl+0x73/0xb0 [ 38.934825] do_syscall_64+0x1b9/0x820 [ 38.938710] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.943887] [ 38.945505] Freed by task 5376: [ 38.948788] save_stack+0x43/0xd0 [ 38.952242] __kasan_slab_free+0x102/0x150 [ 38.956494] kasan_slab_free+0xe/0x10 [ 38.960293] kmem_cache_free+0x83/0x290 [ 38.964265] vmx_free_vcpu+0x26b/0x300 [ 38.968146] kvm_arch_destroy_vm+0x365/0x7c0 [ 38.972559] kvm_put_kvm+0x6c8/0xff0 [ 38.976284] kvm_vm_release+0x42/0x50 [ 38.980083] __fput+0x385/0xa30 [ 38.983359] ____fput+0x15/0x20 [ 38.986637] task_work_run+0x1e8/0x2a0 [ 38.990517] do_exit+0x1ad7/0x2610 [ 38.994057] do_group_exit+0x177/0x440 [ 38.997946] __x64_sys_exit_group+0x3e/0x50 [ 39.002266] do_syscall_64+0x1b9/0x820 [ 39.006150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.011324] [ 39.012959] The buggy address belongs to the object at ffff8801ba598040 [ 39.012959] which belongs to the cache kvm_vcpu of size 23872 [ 39.025527] The buggy address is located 24 bytes inside of [ 39.025527] 23872-byte region [ffff8801ba598040, ffff8801ba59dd80) [ 39.037503] The buggy address belongs to the page: [ 39.042429] page:ffffea0006e96600 count:1 mapcount:0 mapping:ffff8801d7a364c0 index:0x0 compound_mapcount: 0 [ 39.052394] flags: 0x2fffc0000008100(slab|head) [ 39.057079] raw: 02fffc0000008100 ffff8801d56c2248 ffff8801d56c2248 ffff8801d7a364c0 [ 39.064960] raw: 0000000000000000 ffff8801ba598040 0000000100000001 0000000000000000 [ 39.073328] page dumped because: kasan: bad access detected [ 39.079024] [ 39.080644] Memory state around the buggy address: [ 39.085579] ffff8801ba597f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.092937] ffff8801ba597f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.100292] >ffff8801ba598000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 39.107641] ^ [ 39.113866] ffff8801ba598080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.121222] ffff8801ba598100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.128569] ================================================================== [ 39.135920] Kernel panic - not syncing: panic_on_warn set ... [ 39.135920] [ 39.143285] CPU: 1 PID: 5376 Comm: syz-executor099 Tainted: G B 4.19.0-rc2+ #7 [ 39.151935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.161276] Call Trace: [ 39.163869] dump_stack+0x1c4/0x2b4 [ 39.167495] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.172687] ? lock_downgrade+0x900/0x900 [ 39.176835] panic+0x238/0x4e7 [ 39.180023] ? add_taint.cold.5+0x16/0x16 [ 39.184174] ? print_shadow_for_address+0xb6/0x116 [ 39.189105] ? trace_hardirqs_off+0xaf/0x310 [ 39.193514] kasan_end_report+0x47/0x4f [ 39.197488] kasan_report.cold.9+0x76/0x309 [ 39.201823] ? __schedule+0xfc3/0x1ed0 [ 39.205712] __asan_report_load8_noabort+0x14/0x20 [ 39.210646] __schedule+0xfc3/0x1ed0 [ 39.214360] ? __sched_text_start+0x8/0x8 [ 39.218516] ? __lock_is_held+0xb5/0x140 [ 39.222599] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.227732] ? find_held_lock+0x36/0x1c0 [ 39.231798] ? __call_srcu+0x7f9/0x1070 [ 39.235771] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.240871] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.245979] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.250572] ? preempt_schedule+0x4d/0x60 [ 39.254742] preempt_schedule_common+0x1f/0xd0 [ 39.259323] preempt_schedule+0x4d/0x60 [ 39.263297] ___preempt_schedule+0x16/0x18 [ 39.267532] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.272473] __call_srcu+0x7f9/0x1070 [ 39.276271] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.281391] ? srcu_offline_cpu+0x120/0x120 [ 39.285712] ? debug_object_free+0x690/0x690 [ 39.290121] ? mark_held_locks+0x130/0x130 [ 39.294355] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.298961] ? lock_release+0x970/0x970 [ 39.302933] ? arch_local_save_flags+0x40/0x40 [ 39.307519] ? depot_save_stack+0x292/0x470 [ 39.311846] ? __lockdep_init_map+0x105/0x590 [ 39.316343] ? __init_waitqueue_head+0x9e/0x150 [ 39.321033] ? init_wait_entry+0x1c0/0x1c0 [ 39.325391] __synchronize_srcu+0x17b/0x230 [ 39.329711] ? call_srcu+0x10/0x10 [ 39.333247] ? rcu_unexpedite_gp+0x20/0x20 [ 39.337485] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.343032] ? check_preemption_disabled+0x48/0x200 [ 39.348057] synchronize_srcu+0x356/0x5ab [ 39.352216] ? lock_downgrade+0x900/0x900 [ 39.356358] ? synchronize_srcu_expedited+0x20/0x20 [ 39.361408] ? kasan_check_read+0x11/0x20 [ 39.365566] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.370149] ? kasan_check_write+0x14/0x20 [ 39.374379] ? do_raw_spin_lock+0xc1/0x200 [ 39.378622] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.384337] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.389789] ? kvfree+0x61/0x70 [ 39.393075] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.398099] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.402156] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.406578] ? kvm_arch_sync_events+0x30/0x30 [ 39.411086] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.416626] ? mmu_notifier_unregister+0x474/0x600 [ 39.421564] ? kfree+0x107/0x230 [ 39.424930] ? __mmu_notifier_register+0x30/0x30 [ 39.429693] ? __free_pages+0x10a/0x190 [ 39.433664] ? free_unref_page+0x960/0x960 [ 39.437920] kvm_put_kvm+0x6c8/0xff0 [ 39.441653] ? kvm_write_guest_cached+0x40/0x40 [ 39.446320] ? kvm_irqfd_release+0xd1/0x120 [ 39.450646] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.455136] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.459637] ? kasan_check_write+0x14/0x20 [ 39.463882] ? do_raw_spin_lock+0xc1/0x200 [ 39.468117] ? kvm_irqfd_release+0xdd/0x120 [ 39.472435] ? kvm_irqfd_release+0xdd/0x120 [ 39.476798] ? kvm_put_kvm+0xff0/0xff0 [ 39.480688] kvm_vm_release+0x42/0x50 [ 39.484487] __fput+0x385/0xa30 [ 39.487764] ? get_max_files+0x20/0x20 [ 39.491654] ? trace_hardirqs_on+0xbd/0x310 [ 39.495977] ? ___might_sleep+0x1ed/0x300 [ 39.500120] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.505577] ? arch_local_save_flags+0x40/0x40 [ 39.510164] ? kasan_check_write+0x14/0x20 [ 39.514401] ? do_raw_spin_lock+0xc1/0x200 [ 39.518638] ____fput+0x15/0x20 [ 39.521923] task_work_run+0x1e8/0x2a0 [ 39.525809] ? task_work_cancel+0x240/0x240 [ 39.530132] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.535670] ? switch_task_namespaces+0x9d/0xd0 [ 39.540340] do_exit+0x1ad7/0x2610 [ 39.543881] ? mm_update_next_owner+0x990/0x990 [ 39.548565] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 39.552808] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.557835] ? kfree+0x1fa/0x230 [ 39.561217] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 39.565459] ? kvm_vcpu_block+0x1030/0x1030 [ 39.569806] ? is_bpf_text_address+0xd3/0x170 [ 39.574347] ? kernel_text_address+0x79/0xf0 [ 39.578752] ? __kernel_text_address+0xd/0x40 [ 39.583249] ? unwind_get_return_address+0x61/0xa0 [ 39.588179] ? __save_stack_trace+0x8d/0xf0 [ 39.592530] ? save_stack+0xa9/0xd0 [ 39.596163] ? save_stack+0x43/0xd0 [ 39.599788] ? __kasan_slab_free+0x102/0x150 [ 39.604202] ? kasan_slab_free+0xe/0x10 [ 39.608183] ? putname+0xf2/0x130 [ 39.611639] ? __x64_sys_openat+0x9d/0x100 [ 39.615872] ? do_syscall_64+0x1b9/0x820 [ 39.619936] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.625307] ? trace_hardirqs_off+0xb8/0x310 [ 39.629713] ? kasan_check_read+0x11/0x20 [ 39.633861] ? do_raw_spin_unlock+0xa7/0x2f0 [ 39.638271] ? trace_hardirqs_on+0x310/0x310 [ 39.642679] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 39.647817] ? trace_hardirqs_off+0xb8/0x310 [ 39.652234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.657773] ? check_preemption_disabled+0x48/0x200 [ 39.662801] ? check_preemption_disabled+0x48/0x200 [ 39.667819] ? kvm_vcpu_block+0x1030/0x1030 [ 39.672145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.677684] ? do_vfs_ioctl+0x201/0x1720 [ 39.681754] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 39.687032] ? ioctl_preallocate+0x300/0x300 [ 39.691440] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.696979] ? __fget_light+0x2e9/0x430 [ 39.700965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.706513] ? smack_file_ioctl+0x210/0x3c0 [ 39.710833] ? fget_raw+0x20/0x20 [ 39.714290] ? smack_file_lock+0x2e0/0x2e0 [ 39.718531] do_group_exit+0x177/0x440 [ 39.722429] ? trace_hardirqs_on+0xbd/0x310 [ 39.726755] ? __ia32_sys_exit+0x50/0x50 [ 39.730814] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.736266] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.741800] ? ksys_ioctl+0x81/0xd0 [ 39.745428] __x64_sys_exit_group+0x3e/0x50 [ 39.749751] do_syscall_64+0x1b9/0x820 [ 39.753641] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.759007] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.763934] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.768780] ? trace_hardirqs_on_caller+0x310/0x310 [ 39.773796] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.778810] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.783828] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.788680] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.793865] RIP: 0033:0x43f068 [ 39.797059] Code: Bad RIP value. [ 39.800423] RSP: 002b:00007ffefb8930c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 39.808130] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f068 [ 39.815394] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 39.822658] RBP: 00000000004c0928 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 39.829921] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 39.837186] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 39.844481] [ 39.844487] ====================================================== [ 39.844493] WARNING: possible circular locking dependency detected [ 39.844497] 4.19.0-rc2+ #7 Not tainted [ 39.844502] ------------------------------------------------------ [ 39.844507] syz-executor099/5376 is trying to acquire lock: [ 39.844511] 0000000069e1442d ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 39.844526] [ 39.844530] but task is already holding lock: [ 39.844533] 000000003d6ca2ba (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.844555] [ 39.844560] which lock already depends on the new lock. [ 39.844573] [ 39.844577] [ 39.844582] the existing dependency chain (in reverse order) is: [ 39.844584] [ 39.844587] -> #3 (report_lock){....}: [ 39.844602] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.844606] kasan_report+0x8b/0x110 [ 39.844611] __asan_report_load8_noabort+0x14/0x20 [ 39.844615] __schedule+0xfc3/0x1ed0 [ 39.844620] preempt_schedule_common+0x1f/0xd0 [ 39.844624] preempt_schedule+0x4d/0x60 [ 39.844628] ___preempt_schedule+0x16/0x18 [ 39.844633] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.844638] __call_srcu+0x7f9/0x1070 [ 39.844642] __synchronize_srcu+0x17b/0x230 [ 39.844646] synchronize_srcu+0x356/0x5ab [ 39.844651] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.844656] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.844660] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.844664] kvm_put_kvm+0x6c8/0xff0 [ 39.844668] kvm_vm_release+0x42/0x50 [ 39.844672] __fput+0x385/0xa30 [ 39.844676] ____fput+0x15/0x20 [ 39.844680] task_work_run+0x1e8/0x2a0 [ 39.844684] do_exit+0x1ad7/0x2610 [ 39.844688] do_group_exit+0x177/0x440 [ 39.844693] __x64_sys_exit_group+0x3e/0x50 [ 39.844697] do_syscall_64+0x1b9/0x820 [ 39.844702] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.844704] [ 39.844707] -> #2 (&rq->lock){-.-.}: [ 39.844721] _raw_spin_lock+0x2d/0x40 [ 39.844726] task_fork_fair+0xb0/0x6d0 [ 39.844730] sched_fork+0x443/0xba0 [ 39.844734] copy_process+0x2586/0x8780 [ 39.844738] _do_fork+0x1cb/0x11d0 [ 39.844742] kernel_thread+0x34/0x40 [ 39.844746] rest_init+0x22/0xe5 [ 39.844765] start_kernel+0x8f4/0x92f [ 39.844770] x86_64_start_reservations+0x29/0x2b [ 39.844774] x86_64_start_kernel+0x76/0x79 [ 39.844778] secondary_startup_64+0xa4/0xb0 [ 39.844781] [ 39.844783] -> #1 (&p->pi_lock){-.-.}: [ 39.844798] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.844802] try_to_wake_up+0xd2/0x12f0 [ 39.844806] wake_up_process+0x10/0x20 [ 39.844810] __up.isra.1+0x1c0/0x2a0 [ 39.844813] up+0x13c/0x1c0 [ 39.844817] __up_console_sem+0xbe/0x1b0 [ 39.844821] console_unlock+0x524/0x11a0 [ 39.844837] vprintk_emit+0x33d/0x930 [ 39.844841] vprintk_default+0x28/0x30 [ 39.844845] vprintk_func+0x7e/0x181 [ 39.844849] printk+0xa7/0xcf [ 39.844853] load_umh+0x51/0xbd [ 39.844857] do_one_initcall+0x145/0x957 [ 39.844861] kernel_init_freeable+0x4bb/0x5ae [ 39.844866] kernel_init+0x11/0x1b2 [ 39.844869] ret_from_fork+0x3a/0x50 [ 39.844872] [ 39.844874] -> #0 ((console_sem).lock){-...}: [ 39.844902] lock_acquire+0x1ed/0x520 [ 39.844907] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.844923] down_trylock+0x13/0x70 [ 39.844928] __down_trylock_console_sem+0xae/0x200 [ 39.844932] console_trylock+0x15/0xa0 [ 39.844936] vprintk_emit+0x322/0x930 [ 39.844941] vprintk_default+0x28/0x30 [ 39.844945] vprintk_func+0x7e/0x181 [ 39.844948] printk+0xa7/0xcf [ 39.844952] kasan_report+0x9b/0x110 [ 39.844957] __asan_report_load8_noabort+0x14/0x20 [ 39.844961] __schedule+0xfc3/0x1ed0 [ 39.844966] preempt_schedule_common+0x1f/0xd0 [ 39.844970] preempt_schedule+0x4d/0x60 [ 39.844974] ___preempt_schedule+0x16/0x18 [ 39.844979] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.844983] __call_srcu+0x7f9/0x1070 [ 39.844987] __synchronize_srcu+0x17b/0x230 [ 39.844992] synchronize_srcu+0x356/0x5ab [ 39.844997] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.845001] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.845006] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.845010] kvm_put_kvm+0x6c8/0xff0 [ 39.845025] kvm_vm_release+0x42/0x50 [ 39.845029] __fput+0x385/0xa30 [ 39.845033] ____fput+0x15/0x20 [ 39.845037] task_work_run+0x1e8/0x2a0 [ 39.845041] do_exit+0x1ad7/0x2610 [ 39.845046] do_group_exit+0x177/0x440 [ 39.845050] __x64_sys_exit_group+0x3e/0x50 [ 39.845054] do_syscall_64+0x1b9/0x820 [ 39.845059] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.845068] [ 39.845072] other info that might help us debug this: [ 39.845075] [ 39.845078] Chain exists of: [ 39.845081] (console_sem).lock --> &rq->lock --> report_lock [ 39.845100] [ 39.845116] Possible unsafe locking scenario: [ 39.845119] [ 39.845123] CPU0 CPU1 [ 39.845127] ---- ---- [ 39.845130] lock(report_lock); [ 39.845140] lock(&rq->lock); [ 39.845149] lock(report_lock); [ 39.845158] lock((console_sem).lock); [ 39.845166] [ 39.845169] *** DEADLOCK *** [ 39.845172] [ 39.845176] 2 locks held by syz-executor099/5376: [ 39.845179] #0: 000000000b80de26 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 39.845210] #1: 000000003d6ca2ba (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.845227] [ 39.845230] stack backtrace: [ 39.845236] CPU: 1 PID: 5376 Comm: syz-executor099 Not tainted 4.19.0-rc2+ #7 [ 39.845243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.845247] Call Trace: [ 39.845251] dump_stack+0x1c4/0x2b4 [ 39.845255] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.845259] ? vprintk_func+0x85/0x181 [ 39.845264] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 39.845268] ? save_trace+0xe0/0x290 [ 39.845272] __lock_acquire+0x33e4/0x4ec0 [ 39.845276] ? mark_held_locks+0x130/0x130 [ 39.845280] ? mark_held_locks+0x130/0x130 [ 39.845284] ? rcu_bh_qs+0xc0/0xc0 [ 39.845288] ? unwind_dump+0x190/0x190 [ 39.845293] ? is_bpf_text_address+0xd3/0x170 [ 39.845297] ? kernel_text_address+0x79/0xf0 [ 39.845301] ? __kernel_text_address+0xd/0x40 [ 39.845305] ? __save_stack_trace+0x8d/0xf0 [ 39.845310] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 39.845314] ? save_trace+0x290/0x290 [ 39.845318] ? save_stack_trace+0x1a/0x20 [ 39.845322] ? save_trace+0xe0/0x290 [ 39.845326] ? kasan_check_read+0x11/0x20 [ 39.845330] ? graph_lock+0x170/0x170 [ 39.845335] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.845338] lock_acquire+0x1ed/0x520 [ 39.845342] ? down_trylock+0x13/0x70 [ 39.845346] ? find_held_lock+0x36/0x1c0 [ 39.845350] ? lock_release+0x970/0x970 [ 39.845355] ? trace_hardirqs_off+0xb8/0x310 [ 39.845359] ? vprintk_emit+0x1d3/0x930 [ 39.845363] ? trace_hardirqs_on+0x310/0x310 [ 39.845367] ? trace_hardirqs_off+0xb8/0x310 [ 39.845371] ? log_store+0x344/0x4c0 [ 39.845375] ? vprintk_emit+0x322/0x930 [ 39.845380] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.845383] ? down_trylock+0x13/0x70 [ 39.845387] down_trylock+0x13/0x70 [ 39.845392] __down_trylock_console_sem+0xae/0x200 [ 39.845396] console_trylock+0x15/0xa0 [ 39.845400] vprintk_emit+0x322/0x930 [ 39.845404] ? wake_up_klogd+0x180/0x180 [ 39.845408] ? run_rebalance_domains+0x500/0x500 [ 39.845412] ? wake_up_worker+0x117/0x190 [ 39.845416] ? find_held_lock+0x36/0x1c0 [ 39.845420] ? __queue_work+0x6be/0x1440 [ 39.845424] ? lock_acquire+0x1ed/0x520 [ 39.845428] vprintk_default+0x28/0x30 [ 39.845432] vprintk_func+0x7e/0x181 [ 39.845436] printk+0xa7/0xcf [ 39.845440] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 39.845444] ? kasan_check_write+0x14/0x20 [ 39.845448] ? do_raw_spin_lock+0xc1/0x200 [ 39.845452] ? do_raw_spin_lock+0xc1/0x200 [ 39.845456] kasan_report+0x9b/0x110 [ 39.845460] ? __schedule+0xfc3/0x1ed0 [ 39.845465] __asan_report_load8_noabort+0x14/0x20 [ 39.845468] __schedule+0xfc3/0x1ed0 [ 39.845472] ? __sched_text_start+0x8/0x8 [ 39.845476] ? __lock_is_held+0xb5/0x140 [ 39.845481] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.845485] ? find_held_lock+0x36/0x1c0 [ 39.845489] ? __call_srcu+0x7f9/0x1070 [ 39.845494] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.845498] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.845503] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.845507] ? preempt_schedule+0x4d/0x60 [ 39.845511] preempt_schedule_common+0x1f/0xd0 [ 39.845515] preempt_schedule+0x4d/0x60 [ 39.845519] ___preempt_schedule+0x16/0x18 [ 39.845524] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.845528] __call_srcu+0x7f9/0x1070 [ 39.845532] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.845536] ? srcu_offline_cpu+0x120/0x120 [ 39.845541] ? debug_object_free+0x690/0x690 [ 39.845545] ? mark_held_locks+0x130/0x130 [ 39.845556] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.845560] ? lock_release+0x970/0x970 [ 39.845565] ? arch_local_save_flags+0x40/0x40 [ 39.845569] ? depot_save_stack+0x292/0x470 [ 39.845573] ? __lockdep_init_map+0x105/0x590 [ 39.845577] ? __init_waitqueue_head+0x9e/0x150 [ 39.845582] ? init_wait_entry+0x1c0/0x1c0 [ 39.845586] __synchronize_srcu+0x17b/0x230 [ 39.845602] ? call_srcu+0x10/0x10 [ 39.845606] ? rcu_unexpedite_gp+0x20/0x20 [ 39.845612] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.845616] ? check_preemption_disabled+0x48/0x200 [ 39.845621] synchronize_srcu+0x356/0x5ab [ 39.845625] ? lock_downgrade+0x900/0x900 [ 39.845630] ? synchronize_srcu_expedited+0x20/0x20 [ 39.845634] ? kasan_check_read+0x11/0x20 [ 39.845639] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.845643] ? kasan_check_write+0x14/0x20 [ 39.845647] ? do_raw_spin_lock+0xc1/0x200 [ 39.845652] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.845657] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.845661] ? kvfree+0x61/0x70 [ 39.845666] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.845670] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.845674] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.845679] ? kvm_arch_sync_events+0x30/0x30 [ 39.845684] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.845689] ? mmu_notifier_unregister+0x474/0x600 [ 39.845692] ? kfree+0x107/0x230 [ 39.845697] ? __mmu_notifier_register+0x30/0x30 [ 39.845701] ? __free_pages+0x10a/0x190 [ 39.845705] ? free_unref_page+0x960/0x960 [ 39.845709] kvm_put_kvm+0x6c8/0xff0 [ 39.845714] ? kvm_write_guest_cached+0x40/0x40 [ 39.845718] ? kvm_irqfd_release+0xd1/0x120 [ 39.845722] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.845739] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.845743] ? kasan_check_write+0x14/0x20 [ 39.845748] ? do_raw_spin_lock+0xc1/0x200 [ 39.845751] ? kvm_irqfd_release+0xdd/0 [ 39.845759] Lost 81 message(s)! [ 41.018285] Shutting down cpus with NMI [ 42.075845] Dumping ftrace buffer: [ 42.079373] (ftrace buffer empty) [ 42.083667] Kernel Offset: disabled [ 42.087287] Rebooting in 86400 seconds..