[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 26.215038] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.756773] random: sshd: uninitialized urandom read (32 bytes read) [ 30.146246] random: sshd: uninitialized urandom read (32 bytes read) [ 30.759230] random: sshd: uninitialized urandom read (32 bytes read) [ 39.803699] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts. [ 45.503152] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 45.619233] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 45.644800] ================================================================== [ 45.654840] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 45.661069] Read of size 8 at addr ffff8801d7f78058 by task syz-executor682/5357 [ 45.668859] [ 45.670489] CPU: 0 PID: 5357 Comm: syz-executor682 Not tainted 4.19.0-rc4+ #24 [ 45.677837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.687182] Call Trace: [ 45.689781] dump_stack+0x1c4/0x2b4 [ 45.693412] ? dump_stack_print_info.cold.2+0x52/0x52 [ 45.698602] ? printk+0xa7/0xcf [ 45.701882] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 45.706641] print_address_description.cold.8+0x9/0x1ff [ 45.712007] kasan_report.cold.9+0x242/0x309 [ 45.716412] ? __schedule+0xfc3/0x1ed0 [ 45.720302] __asan_report_load8_noabort+0x14/0x20 [ 45.725228] __schedule+0xfc3/0x1ed0 [ 45.728949] ? __sched_text_start+0x8/0x8 [ 45.733102] ? __lock_is_held+0xb5/0x140 [ 45.737162] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 45.742266] ? find_held_lock+0x36/0x1c0 [ 45.746358] ? __call_srcu+0x7f9/0x1070 [ 45.750354] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 45.755460] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 45.760562] ? lockdep_hardirqs_on+0x421/0x5c0 [ 45.765142] ? preempt_schedule+0x4d/0x60 [ 45.769290] preempt_schedule_common+0x1f/0xd0 [ 45.773877] preempt_schedule+0x4d/0x60 [ 45.777854] ___preempt_schedule+0x16/0x18 [ 45.782095] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 45.787024] __call_srcu+0x7f9/0x1070 [ 45.790823] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 45.795954] ? srcu_offline_cpu+0x120/0x120 [ 45.800276] ? debug_object_free+0x690/0x690 [ 45.804697] ? mark_held_locks+0x130/0x130 [ 45.808940] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 45.813525] ? lock_release+0x970/0x970 [ 45.817501] ? arch_local_save_flags+0x40/0x40 [ 45.822080] ? depot_save_stack+0x292/0x470 [ 45.826413] ? __lockdep_init_map+0x105/0x590 [ 45.830909] ? __init_waitqueue_head+0x9e/0x150 [ 45.835583] ? init_wait_entry+0x1c0/0x1c0 [ 45.839995] __synchronize_srcu+0x17b/0x230 [ 45.844313] ? call_srcu+0x10/0x10 [ 45.847849] ? rcu_unexpedite_gp+0x20/0x20 [ 45.852089] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 45.857623] ? check_preemption_disabled+0x48/0x200 [ 45.862644] synchronize_srcu+0x356/0x5ab [ 45.866790] ? lock_downgrade+0x900/0x900 [ 45.870938] ? synchronize_srcu_expedited+0x20/0x20 [ 45.875959] ? kasan_check_read+0x11/0x20 [ 45.880114] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 45.884698] ? kasan_check_write+0x14/0x20 [ 45.888942] ? do_raw_spin_lock+0xc1/0x200 [ 45.893184] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.898902] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 45.904357] ? kvfree+0x61/0x70 [ 45.907648] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.912665] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.916737] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.921156] ? kvm_arch_sync_events+0x30/0x30 [ 45.925653] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.931197] ? mmu_notifier_unregister+0x474/0x600 [ 45.936126] ? kfree+0x107/0x230 [ 45.939491] ? __mmu_notifier_register+0x30/0x30 [ 45.944249] ? __free_pages+0x10a/0x190 [ 45.948222] ? free_unref_page+0x960/0x960 [ 45.952472] kvm_put_kvm+0x6c8/0xff0 [ 45.956195] ? kvm_write_guest_cached+0x40/0x40 [ 45.960866] ? kvm_irqfd_release+0xd1/0x120 [ 45.965187] ? _raw_spin_unlock_irq+0x27/0x80 [ 45.969678] ? _raw_spin_unlock_irq+0x27/0x80 [ 45.974180] ? kasan_check_write+0x14/0x20 [ 45.978418] ? do_raw_spin_lock+0xc1/0x200 [ 45.982653] ? kvm_irqfd_release+0xdd/0x120 [ 45.986971] ? kvm_irqfd_release+0xdd/0x120 [ 45.991292] ? kvm_put_kvm+0xff0/0xff0 [ 45.995181] kvm_vm_release+0x42/0x50 [ 45.998981] __fput+0x385/0xa30 [ 46.002262] ? get_max_files+0x20/0x20 [ 46.006158] ? trace_hardirqs_on+0xbd/0x310 [ 46.010603] ? ___might_sleep+0x1ed/0x300 [ 46.014744] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 46.020176] ? arch_local_save_flags+0x40/0x40 [ 46.024765] ? kasan_check_write+0x14/0x20 [ 46.029010] ? do_raw_spin_lock+0xc1/0x200 [ 46.033244] ____fput+0x15/0x20 [ 46.036525] task_work_run+0x1e8/0x2a0 [ 46.040413] ? task_work_cancel+0x240/0x240 [ 46.044748] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.050290] ? switch_task_namespaces+0x9d/0xd0 [ 46.054959] do_exit+0x1ad7/0x2610 [ 46.058505] ? mm_update_next_owner+0x990/0x990 [ 46.063436] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 46.067668] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.072682] ? kfree+0x1fa/0x230 [ 46.076052] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 46.080286] ? kvm_vcpu_block+0x1030/0x1030 [ 46.084609] ? is_bpf_text_address+0xd3/0x170 [ 46.089100] ? kernel_text_address+0x79/0xf0 [ 46.093508] ? __kernel_text_address+0xd/0x40 [ 46.098000] ? unwind_get_return_address+0x61/0xa0 [ 46.102933] ? __save_stack_trace+0x8d/0xf0 [ 46.107258] ? save_stack+0xa9/0xd0 [ 46.110879] ? save_stack+0x43/0xd0 [ 46.114504] ? __kasan_slab_free+0x102/0x150 [ 46.118907] ? kasan_slab_free+0xe/0x10 [ 46.122882] ? putname+0xf2/0x130 [ 46.126334] ? __x64_sys_openat+0x9d/0x100 [ 46.130568] ? do_syscall_64+0x1b9/0x820 [ 46.134626] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.139991] ? trace_hardirqs_off+0xb8/0x310 [ 46.144401] ? kasan_check_read+0x11/0x20 [ 46.148547] ? do_raw_spin_unlock+0xa7/0x2f0 [ 46.152957] ? trace_hardirqs_on+0x310/0x310 [ 46.157365] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 46.162470] ? trace_hardirqs_off+0xb8/0x310 [ 46.166885] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.172420] ? check_preemption_disabled+0x48/0x200 [ 46.177430] ? check_preemption_disabled+0x48/0x200 [ 46.182449] ? kvm_vcpu_block+0x1030/0x1030 [ 46.186778] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.192317] ? do_vfs_ioctl+0x201/0x1720 [ 46.196379] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 46.201654] ? ioctl_preallocate+0x300/0x300 [ 46.206065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.211606] ? __fget_light+0x2e9/0x430 [ 46.215582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.221121] ? smack_file_ioctl+0x210/0x3c0 [ 46.225437] ? fget_raw+0x20/0x20 [ 46.228891] ? smack_file_lock+0x2e0/0x2e0 [ 46.233137] do_group_exit+0x177/0x440 [ 46.237025] ? trace_hardirqs_on+0xbd/0x310 [ 46.241346] ? __ia32_sys_exit+0x50/0x50 [ 46.245411] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 46.250858] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.256395] ? ksys_ioctl+0x81/0xd0 [ 46.260028] __x64_sys_exit_group+0x3e/0x50 [ 46.264354] do_syscall_64+0x1b9/0x820 [ 46.268247] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 46.273613] ? syscall_return_slowpath+0x5e0/0x5e0 [ 46.278539] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.283384] ? trace_hardirqs_on_caller+0x310/0x310 [ 46.288399] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 46.293503] ? prepare_exit_to_usermode+0x291/0x3b0 [ 46.298521] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.303368] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.308554] RIP: 0033:0x43f028 [ 46.311760] Code: Bad RIP value. [ 46.315123] RSP: 002b:00007ffc2cf6b6f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 46.322842] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 46.330112] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 46.337383] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 46.344653] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 46.351922] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 46.359193] [ 46.360815] Allocated by task 5357: [ 46.364442] save_stack+0x43/0xd0 [ 46.367894] kasan_kmalloc+0xc7/0xe0 [ 46.371602] kasan_slab_alloc+0x12/0x20 [ 46.375574] kmem_cache_alloc+0x12e/0x730 [ 46.379726] vmx_create_vcpu+0xcf/0x25e0 [ 46.383791] kvm_arch_vcpu_create+0xe5/0x220 [ 46.388193] kvm_vm_ioctl+0x470/0x1d40 [ 46.392080] do_vfs_ioctl+0x1de/0x1720 [ 46.395961] ksys_ioctl+0xa9/0xd0 [ 46.399408] __x64_sys_ioctl+0x73/0xb0 [ 46.403295] do_syscall_64+0x1b9/0x820 [ 46.407180] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.412356] [ 46.413979] Freed by task 5357: [ 46.417251] save_stack+0x43/0xd0 [ 46.420698] __kasan_slab_free+0x102/0x150 [ 46.424939] kasan_slab_free+0xe/0x10 [ 46.428749] kmem_cache_free+0x83/0x290 [ 46.432732] vmx_free_vcpu+0x26b/0x300 [ 46.436629] kvm_arch_destroy_vm+0x365/0x7c0 [ 46.441038] kvm_put_kvm+0x6c8/0xff0 [ 46.444763] kvm_vm_release+0x42/0x50 [ 46.448557] __fput+0x385/0xa30 [ 46.451833] ____fput+0x15/0x20 [ 46.455109] task_work_run+0x1e8/0x2a0 [ 46.458994] do_exit+0x1ad7/0x2610 [ 46.462535] do_group_exit+0x177/0x440 [ 46.466420] __x64_sys_exit_group+0x3e/0x50 [ 46.470749] do_syscall_64+0x1b9/0x820 [ 46.474634] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.479813] [ 46.481434] The buggy address belongs to the object at ffff8801d7f78040 [ 46.481434] which belongs to the cache kvm_vcpu of size 23872 [ 46.494009] The buggy address is located 24 bytes inside of [ 46.494009] 23872-byte region [ffff8801d7f78040, ffff8801d7f7dd80) [ 46.505967] The buggy address belongs to the page: [ 46.510901] page:ffffea00075fde00 count:1 mapcount:0 mapping:ffff8801d57c5240 index:0x0 compound_mapcount: 0 [ 46.520867] flags: 0x2fffc0000008100(slab|head) [ 46.525540] raw: 02fffc0000008100 ffff8801d4e69a48 ffff8801d4e69a48 ffff8801d57c5240 [ 46.533421] raw: 0000000000000000 ffff8801d7f78040 0000000100000001 0000000000000000 [ 46.541300] page dumped because: kasan: bad access detected [ 46.546997] [ 46.548611] Memory state around the buggy address: [ 46.553533] ffff8801d7f77f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.560888] ffff8801d7f77f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.568331] >ffff8801d7f78000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 46.575683] ^ [ 46.581912] ffff8801d7f78080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.589269] ffff8801d7f78100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.596620] ================================================================== [ 46.603969] Kernel panic - not syncing: panic_on_warn set ... [ 46.603969] [ 46.611334] CPU: 0 PID: 5357 Comm: syz-executor682 Tainted: G B 4.19.0-rc4+ #24 [ 46.620076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.629421] Call Trace: [ 46.632015] dump_stack+0x1c4/0x2b4 [ 46.635650] ? dump_stack_print_info.cold.2+0x52/0x52 [ 46.640841] ? lock_downgrade+0x900/0x900 [ 46.644998] panic+0x238/0x4e7 [ 46.648189] ? add_taint.cold.5+0x16/0x16 [ 46.652343] ? print_shadow_for_address+0xb6/0x116 [ 46.657289] ? trace_hardirqs_off+0xaf/0x310 [ 46.661698] kasan_end_report+0x47/0x4f [ 46.665676] kasan_report.cold.9+0x76/0x309 [ 46.670001] ? __schedule+0xfc3/0x1ed0 [ 46.673891] __asan_report_load8_noabort+0x14/0x20 [ 46.678826] __schedule+0xfc3/0x1ed0 [ 46.682544] ? __sched_text_start+0x8/0x8 [ 46.686723] ? __lock_is_held+0xb5/0x140 [ 46.690786] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 46.695894] ? find_held_lock+0x36/0x1c0 [ 46.699956] ? __call_srcu+0x7f9/0x1070 [ 46.703928] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 46.709027] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 46.714138] ? lockdep_hardirqs_on+0x421/0x5c0 [ 46.718730] ? preempt_schedule+0x4d/0x60 [ 46.722887] preempt_schedule_common+0x1f/0xd0 [ 46.727468] preempt_schedule+0x4d/0x60 [ 46.731446] ___preempt_schedule+0x16/0x18 [ 46.735687] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 46.740623] __call_srcu+0x7f9/0x1070 [ 46.744421] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 46.749537] ? srcu_offline_cpu+0x120/0x120 [ 46.753913] ? debug_object_free+0x690/0x690 [ 46.758326] ? mark_held_locks+0x130/0x130 [ 46.762563] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 46.767151] ? lock_release+0x970/0x970 [ 46.771125] ? arch_local_save_flags+0x40/0x40 [ 46.775707] ? depot_save_stack+0x292/0x470 [ 46.780049] ? __lockdep_init_map+0x105/0x590 [ 46.784569] ? __init_waitqueue_head+0x9e/0x150 [ 46.789242] ? init_wait_entry+0x1c0/0x1c0 [ 46.793484] __synchronize_srcu+0x17b/0x230 [ 46.797807] ? call_srcu+0x10/0x10 [ 46.801350] ? rcu_unexpedite_gp+0x20/0x20 [ 46.805594] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 46.811152] ? check_preemption_disabled+0x48/0x200 [ 46.816171] synchronize_srcu+0x356/0x5ab [ 46.820320] ? lock_downgrade+0x900/0x900 [ 46.824470] ? synchronize_srcu_expedited+0x20/0x20 [ 46.829487] ? kasan_check_read+0x11/0x20 [ 46.833639] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 46.838221] ? kasan_check_write+0x14/0x20 [ 46.842458] ? do_raw_spin_lock+0xc1/0x200 [ 46.846695] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.852417] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 46.857870] ? kvfree+0x61/0x70 [ 46.861155] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.866170] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.870232] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.874641] ? kvm_arch_sync_events+0x30/0x30 [ 46.879137] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.884673] ? mmu_notifier_unregister+0x474/0x600 [ 46.889606] ? kfree+0x107/0x230 [ 46.892971] ? __mmu_notifier_register+0x30/0x30 [ 46.897734] ? __free_pages+0x10a/0x190 [ 46.901735] ? free_unref_page+0x960/0x960 [ 46.905990] kvm_put_kvm+0x6c8/0xff0 [ 46.909708] ? kvm_write_guest_cached+0x40/0x40 [ 46.914392] ? kvm_irqfd_release+0xd1/0x120 [ 46.918713] ? _raw_spin_unlock_irq+0x27/0x80 [ 46.923219] ? _raw_spin_unlock_irq+0x27/0x80 [ 46.927750] ? kasan_check_write+0x14/0x20 [ 46.931997] ? do_raw_spin_lock+0xc1/0x200 [ 46.936240] ? kvm_irqfd_release+0xdd/0x120 [ 46.940563] ? kvm_irqfd_release+0xdd/0x120 [ 46.944895] ? kvm_put_kvm+0xff0/0xff0 [ 46.948781] kvm_vm_release+0x42/0x50 [ 46.952577] __fput+0x385/0xa30 [ 46.955856] ? get_max_files+0x20/0x20 [ 46.959754] ? trace_hardirqs_on+0xbd/0x310 [ 46.964074] ? ___might_sleep+0x1ed/0x300 [ 46.968223] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 46.973679] ? arch_local_save_flags+0x40/0x40 [ 46.978262] ? kasan_check_write+0x14/0x20 [ 46.982498] ? do_raw_spin_lock+0xc1/0x200 [ 46.986739] ____fput+0x15/0x20 [ 46.990019] task_work_run+0x1e8/0x2a0 [ 46.993911] ? task_work_cancel+0x240/0x240 [ 46.998233] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.003770] ? switch_task_namespaces+0x9d/0xd0 [ 47.008432] do_exit+0x1ad7/0x2610 [ 47.012116] ? mm_update_next_owner+0x990/0x990 [ 47.016794] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 47.021054] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.026074] ? kfree+0x1fa/0x230 [ 47.029445] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 47.034157] ? kvm_vcpu_block+0x1030/0x1030 [ 47.038485] ? is_bpf_text_address+0xd3/0x170 [ 47.042983] ? kernel_text_address+0x79/0xf0 [ 47.047392] ? __kernel_text_address+0xd/0x40 [ 47.051891] ? unwind_get_return_address+0x61/0xa0 [ 47.056820] ? __save_stack_trace+0x8d/0xf0 [ 47.061145] ? save_stack+0xa9/0xd0 [ 47.064767] ? save_stack+0x43/0xd0 [ 47.068397] ? __kasan_slab_free+0x102/0x150 [ 47.072798] ? kasan_slab_free+0xe/0x10 [ 47.076771] ? putname+0xf2/0x130 [ 47.080222] ? __x64_sys_openat+0x9d/0x100 [ 47.084547] ? do_syscall_64+0x1b9/0x820 [ 47.088604] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.093977] ? trace_hardirqs_off+0xb8/0x310 [ 47.098388] ? kasan_check_read+0x11/0x20 [ 47.102539] ? do_raw_spin_unlock+0xa7/0x2f0 [ 47.106946] ? trace_hardirqs_on+0x310/0x310 [ 47.111359] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 47.116476] ? trace_hardirqs_off+0xb8/0x310 [ 47.120883] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.126416] ? check_preemption_disabled+0x48/0x200 [ 47.131514] ? check_preemption_disabled+0x48/0x200 [ 47.136529] ? kvm_vcpu_block+0x1030/0x1030 [ 47.140852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.146395] ? do_vfs_ioctl+0x201/0x1720 [ 47.150458] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 47.155742] ? ioctl_preallocate+0x300/0x300 [ 47.160151] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.165715] ? __fget_light+0x2e9/0x430 [ 47.169702] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.175251] ? smack_file_ioctl+0x210/0x3c0 [ 47.179573] ? fget_raw+0x20/0x20 [ 47.183027] ? smack_file_lock+0x2e0/0x2e0 [ 47.187269] do_group_exit+0x177/0x440 [ 47.191180] ? trace_hardirqs_on+0xbd/0x310 [ 47.195503] ? __ia32_sys_exit+0x50/0x50 [ 47.199585] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 47.205035] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.210605] ? ksys_ioctl+0x81/0xd0 [ 47.214236] __x64_sys_exit_group+0x3e/0x50 [ 47.218560] do_syscall_64+0x1b9/0x820 [ 47.222450] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 47.227816] ? syscall_return_slowpath+0x5e0/0x5e0 [ 47.232753] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.237594] ? trace_hardirqs_on_caller+0x310/0x310 [ 47.242609] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 47.247641] ? prepare_exit_to_usermode+0x291/0x3b0 [ 47.252659] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.257505] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.262688] RIP: 0033:0x43f028 [ 47.265893] Code: Bad RIP value. [ 47.269250] RSP: 002b:00007ffc2cf6b6f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 47.276979] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 47.284244] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 47.291508] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 47.298773] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 47.306036] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 47.313309] [ 47.313315] ====================================================== [ 47.313321] WARNING: possible circular locking dependency detected [ 47.313326] 4.19.0-rc4+ #24 Not tainted [ 47.313332] ------------------------------------------------------ [ 47.313337] syz-executor682/5357 is trying to acquire lock: [ 47.313341] 0000000089782b05 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 47.313358] [ 47.313362] but task is already holding lock: [ 47.313371] 000000003b484eb6 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 47.313387] [ 47.313392] which lock already depends on the new lock. [ 47.313395] [ 47.313398] [ 47.313404] the existing dependency chain (in reverse order) is: [ 47.313406] [ 47.313409] -> #3 (report_lock){....}: [ 47.313425] _raw_spin_lock_irqsave+0x99/0xd0 [ 47.313430] kasan_report+0x8b/0x110 [ 47.313435] __asan_report_load8_noabort+0x14/0x20 [ 47.313439] __schedule+0xfc3/0x1ed0 [ 47.313444] preempt_schedule_common+0x1f/0xd0 [ 47.313448] preempt_schedule+0x4d/0x60 [ 47.313453] ___preempt_schedule+0x16/0x18 [ 47.313458] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 47.313463] __call_srcu+0x7f9/0x1070 [ 47.313467] __synchronize_srcu+0x17b/0x230 [ 47.313472] synchronize_srcu+0x356/0x5ab [ 47.313477] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.313482] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.313487] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.313491] kvm_put_kvm+0x6c8/0xff0 [ 47.313495] kvm_vm_release+0x42/0x50 [ 47.313499] __fput+0x385/0xa30 [ 47.313503] ____fput+0x15/0x20 [ 47.313508] task_work_run+0x1e8/0x2a0 [ 47.313512] do_exit+0x1ad7/0x2610 [ 47.313516] do_group_exit+0x177/0x440 [ 47.313521] __x64_sys_exit_group+0x3e/0x50 [ 47.313525] do_syscall_64+0x1b9/0x820 [ 47.313530] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.313533] [ 47.313535] -> #2 (&rq->lock){-.-.}: [ 47.313551] _raw_spin_lock+0x2d/0x40 [ 47.313555] task_fork_fair+0xb0/0x6d0 [ 47.313559] sched_fork+0x443/0xba0 [ 47.313564] copy_process+0x2586/0x8780 [ 47.313568] _do_fork+0x1cb/0x11d0 [ 47.313572] kernel_thread+0x34/0x40 [ 47.313576] rest_init+0x22/0xe5 [ 47.313581] start_kernel+0x8f4/0x92f [ 47.313586] x86_64_start_reservations+0x29/0x2b [ 47.313590] x86_64_start_kernel+0x76/0x79 [ 47.313595] secondary_startup_64+0xa4/0xb0 [ 47.313597] [ 47.313600] -> #1 (&p->pi_lock){-.-.}: [ 47.313616] _raw_spin_lock_irqsave+0x99/0xd0 [ 47.313620] try_to_wake_up+0xd2/0x12f0 [ 47.313625] wake_up_process+0x10/0x20 [ 47.313629] __up.isra.1+0x1c0/0x2a0 [ 47.313633] up+0x13c/0x1c0 [ 47.313637] __up_console_sem+0xbe/0x1b0 [ 47.313642] console_unlock+0x814/0x1160 [ 47.313646] vprintk_emit+0x33d/0x930 [ 47.313650] vprintk_default+0x28/0x30 [ 47.313655] vprintk_func+0x7e/0x181 [ 47.313659] printk+0xa7/0xcf [ 47.313663] load_umh+0x51/0xbd [ 47.313667] do_one_initcall+0x145/0x957 [ 47.313672] kernel_init_freeable+0x4bb/0x5ae [ 47.313676] kernel_init+0x11/0x1b2 [ 47.313680] ret_from_fork+0x3a/0x50 [ 47.313683] [ 47.313685] -> #0 ((console_sem).lock){-...}: [ 47.313702] lock_acquire+0x1ed/0x520 [ 47.313706] _raw_spin_lock_irqsave+0x99/0xd0 [ 47.313711] down_trylock+0x13/0x70 [ 47.313715] __down_trylock_console_sem+0xae/0x200 [ 47.313728] console_trylock+0x15/0xa0 [ 47.313733] vprintk_emit+0x322/0x930 [ 47.313737] vprintk_default+0x28/0x30 [ 47.313741] vprintk_func+0x7e/0x181 [ 47.313745] printk+0xa7/0xcf [ 47.313749] kasan_report+0x9b/0x110 [ 47.313754] __asan_report_load8_noabort+0x14/0x20 [ 47.313759] __schedule+0xfc3/0x1ed0 [ 47.313764] preempt_schedule_common+0x1f/0xd0 [ 47.313768] preempt_schedule+0x4d/0x60 [ 47.313772] ___preempt_schedule+0x16/0x18 [ 47.313777] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 47.313782] __call_srcu+0x7f9/0x1070 [ 47.313786] __synchronize_srcu+0x17b/0x230 [ 47.313791] synchronize_srcu+0x356/0x5ab [ 47.313796] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.313801] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.313806] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.313810] kvm_put_kvm+0x6c8/0xff0 [ 47.313815] kvm_vm_release+0x42/0x50 [ 47.313819] __fput+0x385/0xa30 [ 47.313823] ____fput+0x15/0x20 [ 47.313827] task_work_run+0x1e8/0x2a0 [ 47.313831] do_exit+0x1ad7/0x2610 [ 47.313835] do_group_exit+0x177/0x440 [ 47.313840] __x64_sys_exit_group+0x3e/0x50 [ 47.313844] do_syscall_64+0x1b9/0x820 [ 47.313850] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.313859] [ 47.313864] other info that might help us debug this: [ 47.313866] [ 47.313870] Chain exists of: [ 47.313873] (console_sem).lock --> &rq->lock --> report_lock [ 47.313893] [ 47.313898] Possible unsafe locking scenario: [ 47.313900] [ 47.313905] CPU0 CPU1 [ 47.313909] ---- ---- [ 47.313912] lock(report_lock); [ 47.313922] lock(&rq->lock); [ 47.313933] lock(report_lock); [ 47.313942] lock((console_sem).lock); [ 47.313951] [ 47.313954] *** DEADLOCK *** [ 47.313957] [ 47.313961] 2 locks held by syz-executor682/5357: [ 47.313964] #0: 00000000ad5acd22 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 47.313983] #1: 000000003b484eb6 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 47.314012] [ 47.314015] stack backtrace: [ 47.314022] CPU: 0 PID: 5357 Comm: syz-executor682 Not tainted 4.19.0-rc4+ #24 [ 47.314030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.314033] Call Trace: [ 47.314038] dump_stack+0x1c4/0x2b4 [ 47.314043] ? dump_stack_print_info.cold.2+0x52/0x52 [ 47.314047] ? vprintk_func+0x85/0x181 [ 47.314053] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 47.314057] ? save_trace+0xe0/0x290 [ 47.314061] __lock_acquire+0x33e4/0x4ec0 [ 47.314066] ? mark_held_locks+0x130/0x130 [ 47.314071] ? mark_held_locks+0x130/0x130 [ 47.314075] ? rcu_bh_qs+0xc0/0xc0 [ 47.314079] ? unwind_dump+0x190/0x190 [ 47.314084] ? is_bpf_text_address+0xd3/0x170 [ 47.314088] ? kernel_text_address+0x79/0xf0 [ 47.314093] ? __kernel_text_address+0xd/0x40 [ 47.314098] ? __save_stack_trace+0x8d/0xf0 [ 47.314103] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 47.314107] ? save_trace+0x290/0x290 [ 47.314112] ? save_stack_trace+0x1a/0x20 [ 47.314116] ? save_trace+0xe0/0x290 [ 47.314120] ? kasan_check_read+0x11/0x20 [ 47.314125] ? graph_lock+0x170/0x170 [ 47.314130] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.314134] lock_acquire+0x1ed/0x520 [ 47.314139] ? down_trylock+0x13/0x70 [ 47.314143] ? find_held_lock+0x36/0x1c0 [ 47.314148] ? lock_release+0x970/0x970 [ 47.314152] ? trace_hardirqs_off+0xb8/0x310 [ 47.314157] ? vprintk_emit+0x1d3/0x930 [ 47.314162] ? trace_hardirqs_on+0x310/0x310 [ 47.314166] ? trace_hardirqs_off+0xb8/0x310 [ 47.314170] ? log_store+0x344/0x4c0 [ 47.314175] ? vprintk_emit+0x322/0x930 [ 47.314180] _raw_spin_lock_irqsave+0x99/0xd0 [ 47.314184] ? down_trylock+0x13/0x70 [ 47.314188] down_trylock+0x13/0x70 [ 47.314197] __down_trylock_console_sem+0xae/0x200 [ 47.314202] console_trylock+0x15/0xa0 [ 47.314206] vprintk_emit+0x322/0x930 [ 47.314211] ? wake_up_klogd+0x180/0x180 [ 47.314215] ? run_rebalance_domains+0x500/0x500 [ 47.314220] ? wake_up_worker+0x117/0x190 [ 47.314224] ? find_held_lock+0x36/0x1c0 [ 47.314229] ? __queue_work+0x6be/0x1440 [ 47.314233] ? lock_acquire+0x1ed/0x520 [ 47.314237] vprintk_default+0x28/0x30 [ 47.314242] vprintk_func+0x7e/0x181 [ 47.314246] printk+0xa7/0xcf [ 47.314250] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 47.314255] ? kasan_check_write+0x14/0x20 [ 47.314259] ? do_raw_spin_lock+0xc1/0x200 [ 47.314264] ? do_raw_spin_lock+0xc1/0x200 [ 47.314268] kasan_report+0x9b/0x110 [ 47.314272] ? __schedule+0xfc3/0x1ed0 [ 47.314277] __asan_report_load8_noabort+0x14/0x20 [ 47.314282] __schedule+0xfc3/0x1ed0 [ 47.314286] ? __sched_text_start+0x8/0x8 [ 47.314290] ? __lock_is_held+0xb5/0x140 [ 47.314296] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.314300] ? find_held_lock+0x36/0x1c0 [ 47.314304] ? __call_srcu+0x7f9/0x1070 [ 47.314310] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.314315] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.314320] ? lockdep_hardirqs_on+0x421/0x5c0 [ 47.314324] ? preempt_schedule+0x4d/0x60 [ 47.314329] preempt_schedule_common+0x1f/0xd0 [ 47.314333] preempt_schedule+0x4d/0x60 [ 47.314338] ___preempt_schedule+0x16/0x18 [ 47.314343] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 47.314347] __call_srcu+0x7f9/0x1070 [ 47.314352] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 47.314357] ? srcu_offline_cpu+0x120/0x120 [ 47.314362] ? debug_object_free+0x690/0x690 [ 47.314371] ? mark_held_locks+0x130/0x130 [ 47.314376] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 47.314381] ? lock_release+0x970/0x970 [ 47.314386] ? arch_local_save_flags+0x40/0x40 [ 47.314390] ? depot_save_stack+0x292/0x470 [ 47.314395] ? __lockdep_init_map+0x105/0x590 [ 47.314400] ? __init_waitqueue_head+0x9e/0x150 [ 47.314404] ? init_wait_entry+0x1c0/0x1c0 [ 47.314409] __synchronize_srcu+0x17b/0x230 [ 47.314413] ? call_srcu+0x10/0x10 [ 47.314418] ? rcu_unexpedite_gp+0x20/0x20 [ 47.314423] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.314428] ? check_preemption_disabled+0x48/0x200 [ 47.314433] synchronize_srcu+0x356/0x5ab [ 47.314437] ? lock_downgrade+0x900/0x900 [ 47.314442] ? synchronize_srcu_expedited+0x20/0x20 [ 47.314447] ? kasan_check_read+0x11/0x20 [ 47.314451] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 47.314456] ? kasan_check_write+0x14/0x20 [ 47.314460] ? do_raw_spin_lock+0xc1/0x200 [ 47.314466] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.314471] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 47.314475] ? kvfree+0x61/0x70 [ 47.314480] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.314485] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.314489] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.314494] ? kvm_arch_sync_events+0x30/0x30 [ 47.314499] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.314504] ? mmu_notifier_unregister+0x474/0x600 [ 47.314508] ? kfree+0x107/0x230 [ 47.314513] ? __mmu_notifier_register+0x30/0x30 [ 47.314518] ? __free_pages+0x10a/0x190 [ 47.314522] ? free_unref_page+0x960/0x960 [ 47.314526] kvm_put_kvm+0x6c8/0xff0 [ 47.314531] ? kvm_write_guest_cached+0x40/0x40 [ 47.314536] ? kvm_irqfd_release+0xd1/0x120 [ 47.314540] ? _raw_spin_unlock_irq+0x27/0x80 [ 47.314545] ? _raw_spin_unlock_irq+0x27/0x80 [ 47.314550] ? kasan_check_write+0x14/0x20 [ 47.314554] ? do_raw_spin_lock+0xc1/0x200 [ 47.314558] ? kvm_irqfd_release+0xdd [ 47.314566] Lost 81 message(s)! [ 48.433835] Shutting down cpus with NMI [ 49.491900] Kernel Offset: disabled [ 49.495525] Rebooting in 86400 seconds..