[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.639161] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.762668] random: sshd: uninitialized urandom read (32 bytes read) [ 29.122518] random: sshd: uninitialized urandom read (32 bytes read) [ 29.863145] random: sshd: uninitialized urandom read (32 bytes read) [ 30.081012] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts. [ 35.791778] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 35.917303] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 35.943363] ================================================================== [ 35.953298] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 35.959523] Read of size 8 at addr ffff8801bafa8058 by task syz-executor657/5336 [ 35.967042] [ 35.968668] CPU: 0 PID: 5336 Comm: syz-executor657 Not tainted 4.19.0-rc2+ #5 [ 35.975928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.985281] Call Trace: [ 35.987867] dump_stack+0x1c4/0x2b4 [ 35.991492] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.996679] ? printk+0xa7/0xcf [ 35.999958] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.004718] print_address_description.cold.8+0x9/0x1ff [ 36.010089] kasan_report.cold.9+0x242/0x309 [ 36.014500] ? __schedule+0xfc3/0x1ed0 [ 36.018386] __asan_report_load8_noabort+0x14/0x20 [ 36.023313] __schedule+0xfc3/0x1ed0 [ 36.027029] ? __sched_text_start+0x8/0x8 [ 36.031176] ? __lock_is_held+0xb5/0x140 [ 36.035235] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.040336] ? find_held_lock+0x36/0x1c0 [ 36.044400] ? __call_srcu+0x7f9/0x1070 [ 36.048374] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.053474] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.058578] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.063159] ? preempt_schedule+0x4d/0x60 [ 36.067306] preempt_schedule_common+0x1f/0xd0 [ 36.071888] preempt_schedule+0x4d/0x60 [ 36.075863] ___preempt_schedule+0x16/0x18 [ 36.080111] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.085046] __call_srcu+0x7f9/0x1070 [ 36.088851] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 36.093958] ? srcu_offline_cpu+0x120/0x120 [ 36.098279] ? debug_object_free+0x690/0x690 [ 36.102688] ? mark_held_locks+0x130/0x130 [ 36.106918] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 36.111502] ? lock_release+0x970/0x970 [ 36.115473] ? arch_local_save_flags+0x40/0x40 [ 36.120051] ? depot_save_stack+0x292/0x470 [ 36.124385] ? __lockdep_init_map+0x105/0x590 [ 36.128882] ? __init_waitqueue_head+0x9e/0x150 [ 36.133551] ? init_wait_entry+0x1c0/0x1c0 [ 36.137791] __synchronize_srcu+0x17b/0x230 [ 36.142119] ? call_srcu+0x10/0x10 [ 36.145654] ? rcu_unexpedite_gp+0x20/0x20 [ 36.149911] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.155449] ? check_preemption_disabled+0x48/0x200 [ 36.160466] synchronize_srcu+0x356/0x5ab [ 36.164611] ? lock_downgrade+0x900/0x900 [ 36.168759] ? synchronize_srcu_expedited+0x20/0x20 [ 36.173776] ? kasan_check_read+0x11/0x20 [ 36.177936] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.182522] ? kasan_check_write+0x14/0x20 [ 36.186757] ? do_raw_spin_lock+0xc1/0x200 [ 36.190995] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.196703] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.202155] ? kvfree+0x61/0x70 [ 36.205434] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.210451] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.214509] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.218916] ? kvm_arch_sync_events+0x30/0x30 [ 36.223413] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.228946] ? mmu_notifier_unregister+0x474/0x600 [ 36.233869] ? kfree+0x107/0x230 [ 36.237233] ? __mmu_notifier_register+0x30/0x30 [ 36.241985] ? __free_pages+0x10a/0x190 [ 36.245954] ? free_unref_page+0x960/0x960 [ 36.250201] kvm_put_kvm+0x6c8/0xff0 [ 36.253920] ? kvm_write_guest_cached+0x40/0x40 [ 36.258587] ? kvm_irqfd_release+0xd1/0x120 [ 36.262910] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.267403] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.271903] ? kasan_check_write+0x14/0x20 [ 36.276139] ? do_raw_spin_lock+0xc1/0x200 [ 36.280371] ? kvm_irqfd_release+0xdd/0x120 [ 36.284689] ? kvm_irqfd_release+0xdd/0x120 [ 36.289009] ? kvm_put_kvm+0xff0/0xff0 [ 36.292899] kvm_vm_release+0x42/0x50 [ 36.296698] __fput+0x385/0xa30 [ 36.299978] ? get_max_files+0x20/0x20 [ 36.303862] ? trace_hardirqs_on+0xbd/0x310 [ 36.308186] ? ___might_sleep+0x1ed/0x300 [ 36.312333] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.317785] ? arch_local_save_flags+0x40/0x40 [ 36.322365] ? kasan_check_write+0x14/0x20 [ 36.326600] ? do_raw_spin_lock+0xc1/0x200 [ 36.330831] ____fput+0x15/0x20 [ 36.334122] task_work_run+0x1e8/0x2a0 [ 36.338030] ? task_work_cancel+0x240/0x240 [ 36.342351] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.347886] ? switch_task_namespaces+0x9d/0xd0 [ 36.352558] do_exit+0x1ad7/0x2610 [ 36.356111] ? mm_update_next_owner+0x990/0x990 [ 36.360786] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 36.365023] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.370035] ? kfree+0x1fa/0x230 [ 36.373402] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 36.377638] ? kvm_vcpu_block+0x1030/0x1030 [ 36.381964] ? is_bpf_text_address+0xd3/0x170 [ 36.386458] ? kernel_text_address+0x79/0xf0 [ 36.390869] ? __kernel_text_address+0xd/0x40 [ 36.395366] ? unwind_get_return_address+0x61/0xa0 [ 36.400299] ? __save_stack_trace+0x8d/0xf0 [ 36.404627] ? save_stack+0xa9/0xd0 [ 36.408253] ? save_stack+0x43/0xd0 [ 36.411874] ? __kasan_slab_free+0x102/0x150 [ 36.416280] ? kasan_slab_free+0xe/0x10 [ 36.420247] ? putname+0xf2/0x130 [ 36.423703] ? __x64_sys_openat+0x9d/0x100 [ 36.427933] ? do_syscall_64+0x1b9/0x820 [ 36.431991] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.437364] ? trace_hardirqs_off+0xb8/0x310 [ 36.441770] ? kasan_check_read+0x11/0x20 [ 36.445920] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.450326] ? trace_hardirqs_on+0x310/0x310 [ 36.454734] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 36.459841] ? trace_hardirqs_off+0xb8/0x310 [ 36.464249] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.469781] ? check_preemption_disabled+0x48/0x200 [ 36.474794] ? check_preemption_disabled+0x48/0x200 [ 36.479811] ? kvm_vcpu_block+0x1030/0x1030 [ 36.484145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.489681] ? do_vfs_ioctl+0x201/0x1720 [ 36.493752] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 36.499027] ? ioctl_preallocate+0x300/0x300 [ 36.503431] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.508963] ? __fget_light+0x2e9/0x430 [ 36.512939] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.518480] ? smack_file_ioctl+0x210/0x3c0 [ 36.522798] ? fget_raw+0x20/0x20 [ 36.526252] ? smack_file_lock+0x2e0/0x2e0 [ 36.530494] do_group_exit+0x177/0x440 [ 36.534467] ? trace_hardirqs_on+0xbd/0x310 [ 36.538785] ? __ia32_sys_exit+0x50/0x50 [ 36.542846] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.548296] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.553831] ? ksys_ioctl+0x81/0xd0 [ 36.557464] __x64_sys_exit_group+0x3e/0x50 [ 36.561788] do_syscall_64+0x1b9/0x820 [ 36.565678] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.571042] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.575968] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.580811] ? trace_hardirqs_on_caller+0x310/0x310 [ 36.585827] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.590840] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.595867] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.600716] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.605898] RIP: 0033:0x43ecc8 [ 36.609096] Code: Bad RIP value. [ 36.612459] RSP: 002b:00007ffe732bfa08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.620162] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 36.627425] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.634693] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.641959] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.649225] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.656499] [ 36.658129] Allocated by task 5336: [ 36.661753] save_stack+0x43/0xd0 [ 36.665204] kasan_kmalloc+0xc7/0xe0 [ 36.668909] kasan_slab_alloc+0x12/0x20 [ 36.672884] kmem_cache_alloc+0x12e/0x730 [ 36.677028] vmx_create_vcpu+0xcf/0x25e0 [ 36.681096] kvm_arch_vcpu_create+0xe5/0x220 [ 36.685507] kvm_vm_ioctl+0x470/0x1d40 [ 36.689475] do_vfs_ioctl+0x1de/0x1720 [ 36.693358] ksys_ioctl+0xa9/0xd0 [ 36.696806] __x64_sys_ioctl+0x73/0xb0 [ 36.700690] do_syscall_64+0x1b9/0x820 [ 36.704573] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.709749] [ 36.711367] Freed by task 5336: [ 36.714638] save_stack+0x43/0xd0 [ 36.718090] __kasan_slab_free+0x102/0x150 [ 36.722325] kasan_slab_free+0xe/0x10 [ 36.726125] kmem_cache_free+0x83/0x290 [ 36.730117] vmx_free_vcpu+0x26b/0x300 [ 36.734014] kvm_arch_destroy_vm+0x365/0x7c0 [ 36.739108] kvm_put_kvm+0x6c8/0xff0 [ 36.742818] kvm_vm_release+0x42/0x50 [ 36.746611] __fput+0x385/0xa30 [ 36.749883] ____fput+0x15/0x20 [ 36.753157] task_work_run+0x1e8/0x2a0 [ 36.757038] do_exit+0x1ad7/0x2610 [ 36.760575] do_group_exit+0x177/0x440 [ 36.764466] __x64_sys_exit_group+0x3e/0x50 [ 36.768787] do_syscall_64+0x1b9/0x820 [ 36.772675] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.777848] [ 36.779471] The buggy address belongs to the object at ffff8801bafa8040 [ 36.779471] which belongs to the cache kvm_vcpu of size 23872 [ 36.792347] The buggy address is located 24 bytes inside of [ 36.792347] 23872-byte region [ffff8801bafa8040, ffff8801bafadd80) [ 36.804298] The buggy address belongs to the page: [ 36.809223] page:ffffea0006ebea00 count:1 mapcount:0 mapping:ffff8801d50203c0 index:0x0 compound_mapcount: 0 [ 36.819190] flags: 0x2fffc0000008100(slab|head) [ 36.823863] raw: 02fffc0000008100 ffff8801d4e37648 ffff8801d4e37648 ffff8801d50203c0 [ 36.831742] raw: 0000000000000000 ffff8801bafa8040 0000000100000001 0000000000000000 [ 36.839613] page dumped because: kasan: bad access detected [ 36.845309] [ 36.846924] Memory state around the buggy address: [ 36.851848] ffff8801bafa7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.859200] ffff8801bafa7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.866638] >ffff8801bafa8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 36.873992] ^ [ 36.880214] ffff8801bafa8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.887568] ffff8801bafa8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.894914] ================================================================== [ 36.902264] Kernel panic - not syncing: panic_on_warn set ... [ 36.902264] [ 36.909630] CPU: 0 PID: 5336 Comm: syz-executor657 Tainted: G B 4.19.0-rc2+ #5 [ 36.918282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.927628] Call Trace: [ 36.930217] dump_stack+0x1c4/0x2b4 [ 36.933849] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.939042] ? lock_downgrade+0x900/0x900 [ 36.943191] panic+0x238/0x4e7 [ 36.946384] ? add_taint.cold.5+0x16/0x16 [ 36.950531] ? print_shadow_for_address+0xb6/0x116 [ 36.955454] ? trace_hardirqs_off+0xaf/0x310 [ 36.959862] kasan_end_report+0x47/0x4f [ 36.963834] kasan_report.cold.9+0x76/0x309 [ 36.968153] ? __schedule+0xfc3/0x1ed0 [ 36.972043] __asan_report_load8_noabort+0x14/0x20 [ 36.976969] __schedule+0xfc3/0x1ed0 [ 36.980689] ? __sched_text_start+0x8/0x8 [ 36.984839] ? __lock_is_held+0xb5/0x140 [ 36.988896] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.994002] ? find_held_lock+0x36/0x1c0 [ 36.998066] ? __call_srcu+0x7f9/0x1070 [ 37.002056] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.007162] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.012264] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.016847] ? preempt_schedule+0x4d/0x60 [ 37.020997] preempt_schedule_common+0x1f/0xd0 [ 37.025581] preempt_schedule+0x4d/0x60 [ 37.029559] ___preempt_schedule+0x16/0x18 [ 37.033795] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.038731] __call_srcu+0x7f9/0x1070 [ 37.042531] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.047636] ? srcu_offline_cpu+0x120/0x120 [ 37.051955] ? debug_object_free+0x690/0x690 [ 37.056363] ? mark_held_locks+0x130/0x130 [ 37.060597] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.065185] ? lock_release+0x970/0x970 [ 37.069160] ? arch_local_save_flags+0x40/0x40 [ 37.073741] ? depot_save_stack+0x292/0x470 [ 37.078068] ? __lockdep_init_map+0x105/0x590 [ 37.082583] ? __init_waitqueue_head+0x9e/0x150 [ 37.087254] ? init_wait_entry+0x1c0/0x1c0 [ 37.091497] __synchronize_srcu+0x17b/0x230 [ 37.095819] ? call_srcu+0x10/0x10 [ 37.099362] ? rcu_unexpedite_gp+0x20/0x20 [ 37.103605] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.109143] ? check_preemption_disabled+0x48/0x200 [ 37.114161] synchronize_srcu+0x356/0x5ab [ 37.118310] ? lock_downgrade+0x900/0x900 [ 37.122464] ? synchronize_srcu_expedited+0x20/0x20 [ 37.127489] ? kasan_check_read+0x11/0x20 [ 37.131638] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.136225] ? kasan_check_write+0x14/0x20 [ 37.140458] ? do_raw_spin_lock+0xc1/0x200 [ 37.144698] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.150410] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.155862] ? kvfree+0x61/0x70 [ 37.159140] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.164156] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.168214] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.172624] ? kvm_arch_sync_events+0x30/0x30 [ 37.177126] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.182682] ? mmu_notifier_unregister+0x474/0x600 [ 37.187624] ? kfree+0x107/0x230 [ 37.190988] ? __mmu_notifier_register+0x30/0x30 [ 37.195741] ? __free_pages+0x10a/0x190 [ 37.199714] ? free_unref_page+0x960/0x960 [ 37.203961] kvm_put_kvm+0x6c8/0xff0 [ 37.207684] ? kvm_write_guest_cached+0x40/0x40 [ 37.212352] ? kvm_irqfd_release+0xd1/0x120 [ 37.216670] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.221160] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.225665] ? kasan_check_write+0x14/0x20 [ 37.229903] ? do_raw_spin_lock+0xc1/0x200 [ 37.234140] ? kvm_irqfd_release+0xdd/0x120 [ 37.238457] ? kvm_irqfd_release+0xdd/0x120 [ 37.242779] ? kvm_put_kvm+0xff0/0xff0 [ 37.246663] kvm_vm_release+0x42/0x50 [ 37.250461] __fput+0x385/0xa30 [ 37.253742] ? get_max_files+0x20/0x20 [ 37.257631] ? trace_hardirqs_on+0xbd/0x310 [ 37.261953] ? ___might_sleep+0x1ed/0x300 [ 37.266113] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.271561] ? arch_local_save_flags+0x40/0x40 [ 37.276145] ? kasan_check_write+0x14/0x20 [ 37.280379] ? do_raw_spin_lock+0xc1/0x200 [ 37.284613] ____fput+0x15/0x20 [ 37.287889] task_work_run+0x1e8/0x2a0 [ 37.291775] ? task_work_cancel+0x240/0x240 [ 37.296108] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.301646] ? switch_task_namespaces+0x9d/0xd0 [ 37.306315] do_exit+0x1ad7/0x2610 [ 37.309853] ? mm_update_next_owner+0x990/0x990 [ 37.314524] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 37.318760] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.323776] ? kfree+0x1fa/0x230 [ 37.327145] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 37.331380] ? kvm_vcpu_block+0x1030/0x1030 [ 37.335705] ? is_bpf_text_address+0xd3/0x170 [ 37.340199] ? kernel_text_address+0x79/0xf0 [ 37.344608] ? __kernel_text_address+0xd/0x40 [ 37.349115] ? unwind_get_return_address+0x61/0xa0 [ 37.354044] ? __save_stack_trace+0x8d/0xf0 [ 37.358369] ? save_stack+0xa9/0xd0 [ 37.361988] ? save_stack+0x43/0xd0 [ 37.365608] ? __kasan_slab_free+0x102/0x150 [ 37.370011] ? kasan_slab_free+0xe/0x10 [ 37.373984] ? putname+0xf2/0x130 [ 37.377437] ? __x64_sys_openat+0x9d/0x100 [ 37.381668] ? do_syscall_64+0x1b9/0x820 [ 37.385725] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.391099] ? trace_hardirqs_off+0xb8/0x310 [ 37.395512] ? kasan_check_read+0x11/0x20 [ 37.399663] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.404073] ? trace_hardirqs_on+0x310/0x310 [ 37.408496] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 37.413599] ? trace_hardirqs_off+0xb8/0x310 [ 37.418010] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.423543] ? check_preemption_disabled+0x48/0x200 [ 37.428553] ? check_preemption_disabled+0x48/0x200 [ 37.433571] ? kvm_vcpu_block+0x1030/0x1030 [ 37.437889] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.443423] ? do_vfs_ioctl+0x201/0x1720 [ 37.447484] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 37.452764] ? ioctl_preallocate+0x300/0x300 [ 37.457186] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.462723] ? __fget_light+0x2e9/0x430 [ 37.466696] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.472235] ? smack_file_ioctl+0x210/0x3c0 [ 37.476550] ? fget_raw+0x20/0x20 [ 37.479998] ? smack_file_lock+0x2e0/0x2e0 [ 37.484239] do_group_exit+0x177/0x440 [ 37.488132] ? trace_hardirqs_on+0xbd/0x310 [ 37.492452] ? __ia32_sys_exit+0x50/0x50 [ 37.496513] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.501960] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.507495] ? ksys_ioctl+0x81/0xd0 [ 37.511128] __x64_sys_exit_group+0x3e/0x50 [ 37.515451] do_syscall_64+0x1b9/0x820 [ 37.519339] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.524703] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.529630] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.534468] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.539482] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.544496] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.549515] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.554361] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.559546] RIP: 0033:0x43ecc8 [ 37.562737] Code: Bad RIP value. [ 37.566097] RSP: 002b:00007ffe732bfa08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.573810] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 37.582725] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.589985] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.597264] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.604525] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 37.611801] [ 37.611807] ====================================================== [ 37.611813] WARNING: possible circular locking dependency detected [ 37.611817] 4.19.0-rc2+ #5 Not tainted [ 37.611823] ------------------------------------------------------ [ 37.611828] syz-executor657/5336 is trying to acquire lock: [ 37.611832] 000000009af3afaa ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 37.611848] [ 37.611853] but task is already holding lock: [ 37.611856] 0000000047400fcd (report_lock){....}, at: kasan_report+0x8b/0x110 [ 37.611872] [ 37.611877] which lock already depends on the new lock. [ 37.611879] [ 37.611882] [ 37.611888] the existing dependency chain (in reverse order) is: [ 37.611890] [ 37.611893] -> #3 (report_lock){....}: [ 37.611909] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.611913] kasan_report+0x8b/0x110 [ 37.611918] __asan_report_load8_noabort+0x14/0x20 [ 37.611922] __schedule+0xfc3/0x1ed0 [ 37.611927] preempt_schedule_common+0x1f/0xd0 [ 37.611931] preempt_schedule+0x4d/0x60 [ 37.611936] ___preempt_schedule+0x16/0x18 [ 37.611941] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.611945] __call_srcu+0x7f9/0x1070 [ 37.611950] __synchronize_srcu+0x17b/0x230 [ 37.611954] synchronize_srcu+0x356/0x5ab [ 37.611960] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.611964] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.611969] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.611973] kvm_put_kvm+0x6c8/0xff0 [ 37.611977] kvm_vm_release+0x42/0x50 [ 37.611981] __fput+0x385/0xa30 [ 37.611985] ____fput+0x15/0x20 [ 37.611989] task_work_run+0x1e8/0x2a0 [ 37.611993] do_exit+0x1ad7/0x2610 [ 37.611998] do_group_exit+0x177/0x440 [ 37.612002] __x64_sys_exit_group+0x3e/0x50 [ 37.612007] do_syscall_64+0x1b9/0x820 [ 37.612012] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.612014] [ 37.612017] -> #2 (&rq->lock){-.-.}: [ 37.612032] _raw_spin_lock+0x2d/0x40 [ 37.612037] task_fork_fair+0xb0/0x6d0 [ 37.612041] sched_fork+0x443/0xba0 [ 37.612045] copy_process+0x2586/0x8780 [ 37.612049] _do_fork+0x1cb/0x11d0 [ 37.612053] kernel_thread+0x34/0x40 [ 37.612057] rest_init+0x22/0xe5 [ 37.612062] start_kernel+0x8f4/0x92f [ 37.612067] x86_64_start_reservations+0x29/0x2b [ 37.612071] x86_64_start_kernel+0x76/0x79 [ 37.612076] secondary_startup_64+0xa4/0xb0 [ 37.612086] [ 37.612089] -> #1 (&p->pi_lock){-.-.}: [ 37.612110] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.612115] try_to_wake_up+0xd2/0x12f0 [ 37.612119] wake_up_process+0x10/0x20 [ 37.612123] __up.isra.1+0x1c0/0x2a0 [ 37.612127] up+0x13c/0x1c0 [ 37.612131] __up_console_sem+0xbe/0x1b0 [ 37.612136] console_unlock+0x524/0x11a0 [ 37.612140] vprintk_emit+0x33d/0x930 [ 37.612144] vprintk_default+0x28/0x30 [ 37.612148] vprintk_func+0x7e/0x181 [ 37.612152] printk+0xa7/0xcf [ 37.612156] load_umh+0x51/0xbd [ 37.612160] do_one_initcall+0x145/0x957 [ 37.612165] kernel_init_freeable+0x4bb/0x5ae [ 37.612169] kernel_init+0x11/0x1b2 [ 37.612173] ret_from_fork+0x3a/0x50 [ 37.612176] [ 37.612178] -> #0 ((console_sem).lock){-...}: [ 37.612194] lock_acquire+0x1ed/0x520 [ 37.612199] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.612203] down_trylock+0x13/0x70 [ 37.612208] __down_trylock_console_sem+0xae/0x200 [ 37.612212] console_trylock+0x15/0xa0 [ 37.612217] vprintk_emit+0x322/0x930 [ 37.612221] vprintk_default+0x28/0x30 [ 37.612225] vprintk_func+0x7e/0x181 [ 37.612229] printk+0xa7/0xcf [ 37.612233] kasan_report+0x9b/0x110 [ 37.612238] __asan_report_load8_noabort+0x14/0x20 [ 37.612242] __schedule+0xfc3/0x1ed0 [ 37.612247] preempt_schedule_common+0x1f/0xd0 [ 37.612251] preempt_schedule+0x4d/0x60 [ 37.612256] ___preempt_schedule+0x16/0x18 [ 37.612261] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.612265] __call_srcu+0x7f9/0x1070 [ 37.612270] __synchronize_srcu+0x17b/0x230 [ 37.612274] synchronize_srcu+0x356/0x5ab [ 37.612279] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.612284] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.612288] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.612292] kvm_put_kvm+0x6c8/0xff0 [ 37.612297] kvm_vm_release+0x42/0x50 [ 37.612300] __fput+0x385/0xa30 [ 37.612304] ____fput+0x15/0x20 [ 37.612309] task_work_run+0x1e8/0x2a0 [ 37.612313] do_exit+0x1ad7/0x2610 [ 37.612317] do_group_exit+0x177/0x440 [ 37.612322] __x64_sys_exit_group+0x3e/0x50 [ 37.612326] do_syscall_64+0x1b9/0x820 [ 37.612331] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.612333] [ 37.612338] other info that might help us debug this: [ 37.612341] [ 37.612344] Chain exists of: [ 37.612346] (console_sem).lock --> &rq->lock --> report_lock [ 37.612367] [ 37.612371] Possible unsafe locking scenario: [ 37.612373] [ 37.612378] CPU0 CPU1 [ 37.612382] ---- ---- [ 37.612385] lock(report_lock); [ 37.612395] lock(&rq->lock); [ 37.612405] lock(report_lock); [ 37.612414] lock((console_sem).lock); [ 37.612423] [ 37.612426] *** DEADLOCK *** [ 37.612429] [ 37.612433] 2 locks held by syz-executor657/5336: [ 37.612436] #0: 00000000a0a27353 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 37.612455] #1: 0000000047400fcd (report_lock){....}, at: kasan_report+0x8b/0x110 [ 37.612473] [ 37.612477] stack backtrace: [ 37.612483] CPU: 0 PID: 5336 Comm: syz-executor657 Not tainted 4.19.0-rc2+ #5 [ 37.612491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.612494] Call Trace: [ 37.612498] dump_stack+0x1c4/0x2b4 [ 37.612503] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.612508] ? vprintk_func+0x85/0x181 [ 37.612513] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 37.612517] ? save_trace+0xe0/0x290 [ 37.612521] __lock_acquire+0x33e4/0x4ec0 [ 37.612526] ? mark_held_locks+0x130/0x130 [ 37.612530] ? mark_held_locks+0x130/0x130 [ 37.612534] ? rcu_bh_qs+0xc0/0xc0 [ 37.612538] ? unwind_dump+0x190/0x190 [ 37.612543] ? is_bpf_text_address+0xd3/0x170 [ 37.612548] ? kernel_text_address+0x79/0xf0 [ 37.612552] ? __kernel_text_address+0xd/0x40 [ 37.612557] ? __save_stack_trace+0x8d/0xf0 [ 37.612562] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 37.612566] ? save_trace+0x290/0x290 [ 37.612570] ? save_stack_trace+0x1a/0x20 [ 37.612574] ? save_trace+0xe0/0x290 [ 37.612578] ? kasan_check_read+0x11/0x20 [ 37.612583] ? graph_lock+0x170/0x170 [ 37.612588] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.612592] lock_acquire+0x1ed/0x520 [ 37.612596] ? down_trylock+0x13/0x70 [ 37.612600] ? find_held_lock+0x36/0x1c0 [ 37.612605] ? lock_release+0x970/0x970 [ 37.612609] ? trace_hardirqs_off+0xb8/0x310 [ 37.612614] ? vprintk_emit+0x1d3/0x930 [ 37.612618] ? trace_hardirqs_on+0x310/0x310 [ 37.612623] ? trace_hardirqs_off+0xb8/0x310 [ 37.612627] ? log_store+0x344/0x4c0 [ 37.612631] ? vprintk_emit+0x322/0x930 [ 37.612636] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.612640] ? down_trylock+0x13/0x70 [ 37.612644] down_trylock+0x13/0x70 [ 37.612649] __down_trylock_console_sem+0xae/0x200 [ 37.612653] console_trylock+0x15/0xa0 [ 37.612657] vprintk_emit+0x322/0x930 [ 37.612661] ? wake_up_klogd+0x180/0x180 [ 37.612666] ? run_rebalance_domains+0x500/0x500 [ 37.612671] ? wake_up_worker+0x117/0x190 [ 37.612675] ? find_held_lock+0x36/0x1c0 [ 37.612679] ? __queue_work+0x6be/0x1440 [ 37.612684] ? lock_acquire+0x1ed/0x520 [ 37.612688] vprintk_default+0x28/0x30 [ 37.612692] vprintk_func+0x7e/0x181 [ 37.612696] printk+0xa7/0xcf [ 37.612700] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.612705] ? kasan_check_write+0x14/0x20 [ 37.612709] ? do_raw_spin_lock+0xc1/0x200 [ 37.612714] ? do_raw_spin_lock+0xc1/0x200 [ 37.612718] kasan_report+0x9b/0x110 [ 37.612722] ? __schedule+0xfc3/0x1ed0 [ 37.612727] __asan_report_load8_noabort+0x14/0x20 [ 37.612731] __schedule+0xfc3/0x1ed0 [ 37.612735] ? __sched_text_start+0x8/0x8 [ 37.612739] ? __lock_is_held+0xb5/0x140 [ 37.612744] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.612749] ? find_held_lock+0x36/0x1c0 [ 37.612753] ? __call_srcu+0x7f9/0x1070 [ 37.612758] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.612763] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.612768] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.612772] ? preempt_schedule+0x4d/0x60 [ 37.612777] preempt_schedule_common+0x1f/0xd0 [ 37.612781] preempt_schedule+0x4d/0x60 [ 37.612785] ___preempt_schedule+0x16/0x18 [ 37.612790] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.612794] __call_srcu+0x7f9/0x1070 [ 37.612799] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.612804] ? srcu_offline_cpu+0x120/0x120 [ 37.612808] ? debug_object_free+0x690/0x690 [ 37.612813] ? mark_held_locks+0x130/0x130 [ 37.612817] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.612822] ? lock_release+0x970/0x970 [ 37.612827] ? arch_local_save_flags+0x40/0x40 [ 37.612831] ? depot_save_stack+0x292/0x470 [ 37.612836] ? __lockdep_init_map+0x105/0x590 [ 37.612840] ? __init_waitqueue_head+0x9e/0x150 [ 37.612845] ? init_wait_entry+0x1c0/0x1c0 [ 37.612849] __synchronize_srcu+0x17b/0x230 [ 37.612854] ? call_srcu+0x10/0x10 [ 37.612858] ? rcu_unexpedite_gp+0x20/0x20 [ 37.612863] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.612868] ? check_preemption_disabled+0x48/0x200 [ 37.612872] synchronize_srcu+0x356/0x5ab [ 37.612877] ? lock_downgrade+0x900/0x900 [ 37.612882] ? synchronize_srcu_expedited+0x20/0x20 [ 37.612886] ? kasan_check_read+0x11/0x20 [ 37.612891] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.612895] ? kasan_check_write+0x14/0x20 [ 37.612900] ? do_raw_spin_lock+0xc1/0x200 [ 37.612905] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.612910] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.612914] ? kvfree+0x61/0x70 [ 37.612919] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.612923] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.612928] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.612932] ? kvm_arch_sync_events+0x30/0x30 [ 37.612937] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.612942] ? mmu_notifier_unregister+0x474/0x600 [ 37.612946] ? kfree+0x107/0x230 [ 37.612951] ? __mmu_notifier_register+0x30/0x30 [ 37.612955] ? __free_pages+0x10a/0x190 [ 37.612959] ? free_unref_page+0x960/0x960 [ 37.612963] kvm_put_kvm+0x6c8/0xff0 [ 37.612968] ? kvm_write_guest_cached+0x40/0x40 [ 37.612973] ? kvm_irqfd_release+0xd1/0x120 [ 37.612977] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.612982] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.612986] ? kasan_check_write+0x14/0x20 [ 37.612990] ? do_raw_spin_lock+0xc1/0x200 [ 37.612994] ? kvm_irqfd_release+0xdd/0 [ 37.613002] Lost 81 message(s)! [ 38.750969] Shutting down cpus with NMI [ 39.809021] Dumping ftrace buffer: [ 39.812545] (ftrace buffer empty) [ 39.816747] Kernel Offset: disabled [ 39.820370] Rebooting in 86400 seconds..