[....] Starting OpenBSD Secure Shell server: sshd[ 27.284880] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.211777] random: sshd: uninitialized urandom read (32 bytes read) [ 35.727022] random: sshd: uninitialized urandom read (32 bytes read) [ 36.297158] sshd (5387) used greatest stack depth: 16408 bytes left [ 36.319424] random: sshd: uninitialized urandom read (32 bytes read) [ 36.543829] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.98' (ECDSA) to the list of known hosts. [ 42.200308] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 42.325719] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 42.353305] ================================================================== [ 42.363354] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 42.369589] Read of size 8 at addr ffff8801d4880058 by task syz-executor585/5400 [ 42.377122] [ 42.378749] CPU: 0 PID: 5400 Comm: syz-executor585 Not tainted 4.19.0-rc4+ #25 [ 42.386104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.395457] Call Trace: [ 42.398045] dump_stack+0x1c4/0x2b4 [ 42.401671] ? dump_stack_print_info.cold.2+0x52/0x52 [ 42.406860] ? printk+0xa7/0xcf [ 42.410143] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 42.414901] print_address_description.cold.8+0x9/0x1ff [ 42.420263] kasan_report.cold.9+0x242/0x309 [ 42.424671] ? __schedule+0xfc3/0x1ed0 [ 42.428557] __asan_report_load8_noabort+0x14/0x20 [ 42.433483] __schedule+0xfc3/0x1ed0 [ 42.437213] ? __sched_text_start+0x8/0x8 [ 42.441367] ? __lock_is_held+0xb5/0x140 [ 42.445426] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.450532] ? find_held_lock+0x36/0x1c0 [ 42.454596] ? __call_srcu+0x7f9/0x1070 [ 42.458600] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.463712] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.468812] ? lockdep_hardirqs_on+0x421/0x5c0 [ 42.473521] ? preempt_schedule+0x4d/0x60 [ 42.477671] preempt_schedule_common+0x1f/0xd0 [ 42.482273] preempt_schedule+0x4d/0x60 [ 42.486247] ___preempt_schedule+0x16/0x18 [ 42.490484] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.495416] __call_srcu+0x7f9/0x1070 [ 42.499215] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 42.504323] ? srcu_offline_cpu+0x120/0x120 [ 42.508645] ? debug_object_free+0x690/0x690 [ 42.513050] ? mark_held_locks+0x130/0x130 [ 42.517284] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 42.521869] ? lock_release+0x970/0x970 [ 42.525843] ? arch_local_save_flags+0x40/0x40 [ 42.530425] ? depot_save_stack+0x292/0x470 [ 42.534763] ? __lockdep_init_map+0x105/0x590 [ 42.539284] ? __init_waitqueue_head+0x9e/0x150 [ 42.543951] ? init_wait_entry+0x1c0/0x1c0 [ 42.548192] __synchronize_srcu+0x17b/0x230 [ 42.552532] ? call_srcu+0x10/0x10 [ 42.556070] ? rcu_unexpedite_gp+0x20/0x20 [ 42.560320] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.565877] ? check_preemption_disabled+0x48/0x200 [ 42.570895] synchronize_srcu+0x356/0x5ab [ 42.575045] ? lock_downgrade+0x900/0x900 [ 42.579194] ? synchronize_srcu_expedited+0x20/0x20 [ 42.584213] ? kasan_check_read+0x11/0x20 [ 42.588361] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 42.592956] ? kasan_check_write+0x14/0x20 [ 42.597215] ? do_raw_spin_lock+0xc1/0x200 [ 42.601456] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.607168] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 42.612639] ? kvfree+0x61/0x70 [ 42.615930] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.620951] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.625128] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.629546] ? kvm_arch_sync_events+0x30/0x30 [ 42.634043] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.639583] ? mmu_notifier_unregister+0x474/0x600 [ 42.644509] ? kfree+0x107/0x230 [ 42.647896] ? __mmu_notifier_register+0x30/0x30 [ 42.652679] ? __free_pages+0x10a/0x190 [ 42.656652] ? free_unref_page+0x960/0x960 [ 42.660896] kvm_put_kvm+0x6c8/0xff0 [ 42.664619] ? kvm_write_guest_cached+0x40/0x40 [ 42.669291] ? kvm_irqfd_release+0xd1/0x120 [ 42.673616] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.678130] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.682635] ? kasan_check_write+0x14/0x20 [ 42.686873] ? do_raw_spin_lock+0xc1/0x200 [ 42.691133] ? kvm_irqfd_release+0xdd/0x120 [ 42.695455] ? kvm_irqfd_release+0xdd/0x120 [ 42.699794] ? kvm_put_kvm+0xff0/0xff0 [ 42.703679] kvm_vm_release+0x42/0x50 [ 42.707478] __fput+0x385/0xa30 [ 42.710758] ? get_max_files+0x20/0x20 [ 42.714644] ? trace_hardirqs_on+0xbd/0x310 [ 42.718970] ? ___might_sleep+0x1ed/0x300 [ 42.723764] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.729221] ? arch_local_save_flags+0x40/0x40 [ 42.733805] ? kasan_check_write+0x14/0x20 [ 42.738044] ? do_raw_spin_lock+0xc1/0x200 [ 42.742281] ____fput+0x15/0x20 [ 42.745561] task_work_run+0x1e8/0x2a0 [ 42.749450] ? task_work_cancel+0x240/0x240 [ 42.753816] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.759357] ? switch_task_namespaces+0x9d/0xd0 [ 42.764034] do_exit+0x1ad7/0x2610 [ 42.767580] ? mm_update_next_owner+0x990/0x990 [ 42.772258] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 42.776496] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.781513] ? kfree+0x1fa/0x230 [ 42.784880] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 42.789140] ? kvm_vcpu_block+0x1030/0x1030 [ 42.793472] ? is_bpf_text_address+0xd3/0x170 [ 42.797968] ? kernel_text_address+0x79/0xf0 [ 42.802373] ? __kernel_text_address+0xd/0x40 [ 42.806870] ? unwind_get_return_address+0x61/0xa0 [ 42.811829] ? __save_stack_trace+0x8d/0xf0 [ 42.816155] ? save_stack+0xa9/0xd0 [ 42.819777] ? save_stack+0x43/0xd0 [ 42.823399] ? __kasan_slab_free+0x102/0x150 [ 42.827798] ? kasan_slab_free+0xe/0x10 [ 42.831794] ? putname+0xf2/0x130 [ 42.835246] ? __x64_sys_openat+0x9d/0x100 [ 42.839478] ? do_syscall_64+0x1b9/0x820 [ 42.843538] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.848932] ? trace_hardirqs_off+0xb8/0x310 [ 42.853342] ? kasan_check_read+0x11/0x20 [ 42.857495] ? do_raw_spin_unlock+0xa7/0x2f0 [ 42.861904] ? trace_hardirqs_on+0x310/0x310 [ 42.866311] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 42.871415] ? trace_hardirqs_off+0xb8/0x310 [ 42.875825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.881360] ? check_preemption_disabled+0x48/0x200 [ 42.886373] ? check_preemption_disabled+0x48/0x200 [ 42.891391] ? kvm_vcpu_block+0x1030/0x1030 [ 42.895714] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.901249] ? do_vfs_ioctl+0x201/0x1720 [ 42.905310] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 42.910589] ? ioctl_preallocate+0x300/0x300 [ 42.914994] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.920528] ? __fget_light+0x2e9/0x430 [ 42.924501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.930056] ? smack_file_ioctl+0x210/0x3c0 [ 42.934373] ? fget_raw+0x20/0x20 [ 42.937826] ? smack_file_lock+0x2e0/0x2e0 [ 42.942068] do_group_exit+0x177/0x440 [ 42.945961] ? trace_hardirqs_on+0xbd/0x310 [ 42.950280] ? __ia32_sys_exit+0x50/0x50 [ 42.954357] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.959805] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.965341] ? ksys_ioctl+0x81/0xd0 [ 42.968970] __x64_sys_exit_group+0x3e/0x50 [ 42.973297] do_syscall_64+0x1b9/0x820 [ 42.977184] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 42.982572] ? syscall_return_slowpath+0x5e0/0x5e0 [ 42.987511] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.992352] ? trace_hardirqs_on_caller+0x310/0x310 [ 42.997366] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 43.002384] ? prepare_exit_to_usermode+0x291/0x3b0 [ 43.007405] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.012256] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.017459] RIP: 0033:0x43ecd8 [ 43.020653] Code: Bad RIP value. [ 43.024012] RSP: 002b:00007ffdc4504268 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 43.031729] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8 [ 43.038991] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 43.046261] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 43.053546] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 43.060815] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 43.068103] [ 43.069736] Allocated by task 5400: [ 43.073360] save_stack+0x43/0xd0 [ 43.076808] kasan_kmalloc+0xc7/0xe0 [ 43.080529] kasan_slab_alloc+0x12/0x20 [ 43.084501] kmem_cache_alloc+0x12e/0x730 [ 43.088645] vmx_create_vcpu+0xcf/0x25e0 [ 43.092703] kvm_arch_vcpu_create+0xe5/0x220 [ 43.097120] kvm_vm_ioctl+0x470/0x1d40 [ 43.101008] do_vfs_ioctl+0x1de/0x1720 [ 43.104893] ksys_ioctl+0xa9/0xd0 [ 43.108343] __x64_sys_ioctl+0x73/0xb0 [ 43.112234] do_syscall_64+0x1b9/0x820 [ 43.116133] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.121323] [ 43.122941] Freed by task 5400: [ 43.126216] save_stack+0x43/0xd0 [ 43.129663] __kasan_slab_free+0x102/0x150 [ 43.133894] kasan_slab_free+0xe/0x10 [ 43.137697] kmem_cache_free+0x83/0x290 [ 43.141667] vmx_free_vcpu+0x26b/0x300 [ 43.145576] kvm_arch_destroy_vm+0x365/0x7c0 [ 43.149982] kvm_put_kvm+0x6c8/0xff0 [ 43.153706] kvm_vm_release+0x42/0x50 [ 43.157525] __fput+0x385/0xa30 [ 43.160821] ____fput+0x15/0x20 [ 43.164120] task_work_run+0x1e8/0x2a0 [ 43.168024] do_exit+0x1ad7/0x2610 [ 43.171561] do_group_exit+0x177/0x440 [ 43.175459] __x64_sys_exit_group+0x3e/0x50 [ 43.179786] do_syscall_64+0x1b9/0x820 [ 43.183675] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.188851] [ 43.190479] The buggy address belongs to the object at ffff8801d4880040 [ 43.190479] which belongs to the cache kvm_vcpu of size 23872 [ 43.203048] The buggy address is located 24 bytes inside of [ 43.203048] 23872-byte region [ffff8801d4880040, ffff8801d4885d80) [ 43.215023] The buggy address belongs to the page: [ 43.219952] page:ffffea0007522000 count:1 mapcount:0 mapping:ffff8801d5767780 index:0x0 compound_mapcount: 0 [ 43.229935] flags: 0x2fffc0000008100(slab|head) [ 43.234606] raw: 02fffc0000008100 ffff8801d5771d48 ffff8801d5771d48 ffff8801d5767780 [ 43.242486] raw: 0000000000000000 ffff8801d4880040 0000000100000001 0000000000000000 [ 43.250371] page dumped because: kasan: bad access detected [ 43.256069] [ 43.257694] Memory state around the buggy address: [ 43.262621] ffff8801d487ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.270002] ffff8801d487ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.277357] >ffff8801d4880000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 43.284704] ^ [ 43.290928] ffff8801d4880080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.298301] ffff8801d4880100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.305666] ================================================================== [ 43.313030] Kernel panic - not syncing: panic_on_warn set ... [ 43.313030] [ 43.320400] CPU: 0 PID: 5400 Comm: syz-executor585 Tainted: G B 4.19.0-rc4+ #25 [ 43.329142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.338487] Call Trace: [ 43.341085] dump_stack+0x1c4/0x2b4 [ 43.344736] ? dump_stack_print_info.cold.2+0x52/0x52 [ 43.349927] ? lock_downgrade+0x900/0x900 [ 43.354083] panic+0x238/0x4e7 [ 43.357290] ? add_taint.cold.5+0x16/0x16 [ 43.361467] ? print_shadow_for_address+0xb6/0x116 [ 43.366397] ? trace_hardirqs_off+0xaf/0x310 [ 43.370807] kasan_end_report+0x47/0x4f [ 43.374804] kasan_report.cold.9+0x76/0x309 [ 43.379157] ? __schedule+0xfc3/0x1ed0 [ 43.383045] __asan_report_load8_noabort+0x14/0x20 [ 43.387985] __schedule+0xfc3/0x1ed0 [ 43.391707] ? __sched_text_start+0x8/0x8 [ 43.395857] ? __lock_is_held+0xb5/0x140 [ 43.399916] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.405018] ? find_held_lock+0x36/0x1c0 [ 43.409107] ? __call_srcu+0x7f9/0x1070 [ 43.413089] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.418209] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.423330] ? lockdep_hardirqs_on+0x421/0x5c0 [ 43.427912] ? preempt_schedule+0x4d/0x60 [ 43.432164] preempt_schedule_common+0x1f/0xd0 [ 43.436750] preempt_schedule+0x4d/0x60 [ 43.440726] ___preempt_schedule+0x16/0x18 [ 43.444964] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 43.449893] __call_srcu+0x7f9/0x1070 [ 43.453694] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 43.458815] ? srcu_offline_cpu+0x120/0x120 [ 43.463145] ? debug_object_free+0x690/0x690 [ 43.467567] ? mark_held_locks+0x130/0x130 [ 43.471827] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 43.476430] ? lock_release+0x970/0x970 [ 43.480409] ? arch_local_save_flags+0x40/0x40 [ 43.485007] ? depot_save_stack+0x292/0x470 [ 43.489348] ? __lockdep_init_map+0x105/0x590 [ 43.493848] ? __init_waitqueue_head+0x9e/0x150 [ 43.498518] ? init_wait_entry+0x1c0/0x1c0 [ 43.502761] __synchronize_srcu+0x17b/0x230 [ 43.507085] ? call_srcu+0x10/0x10 [ 43.510636] ? rcu_unexpedite_gp+0x20/0x20 [ 43.514882] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 43.520419] ? check_preemption_disabled+0x48/0x200 [ 43.525443] synchronize_srcu+0x356/0x5ab [ 43.529597] ? lock_downgrade+0x900/0x900 [ 43.533744] ? synchronize_srcu_expedited+0x20/0x20 [ 43.538765] ? kasan_check_read+0x11/0x20 [ 43.542932] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 43.547519] ? kasan_check_write+0x14/0x20 [ 43.551802] ? do_raw_spin_lock+0xc1/0x200 [ 43.556077] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.561864] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 43.567318] ? kvfree+0x61/0x70 [ 43.570607] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.575628] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.579689] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.584105] ? kvm_arch_sync_events+0x30/0x30 [ 43.588610] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.594151] ? mmu_notifier_unregister+0x474/0x600 [ 43.599080] ? kfree+0x107/0x230 [ 43.602475] ? __mmu_notifier_register+0x30/0x30 [ 43.607232] ? __free_pages+0x10a/0x190 [ 43.611206] ? free_unref_page+0x960/0x960 [ 43.615457] kvm_put_kvm+0x6c8/0xff0 [ 43.619190] ? kvm_write_guest_cached+0x40/0x40 [ 43.623860] ? kvm_irqfd_release+0xd1/0x120 [ 43.628182] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.632674] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.637187] ? kasan_check_write+0x14/0x20 [ 43.641432] ? do_raw_spin_lock+0xc1/0x200 [ 43.646155] ? kvm_irqfd_release+0xdd/0x120 [ 43.650499] ? kvm_irqfd_release+0xdd/0x120 [ 43.654819] ? kvm_put_kvm+0xff0/0xff0 [ 43.658709] kvm_vm_release+0x42/0x50 [ 43.662530] __fput+0x385/0xa30 [ 43.665810] ? get_max_files+0x20/0x20 [ 43.669700] ? trace_hardirqs_on+0xbd/0x310 [ 43.674025] ? ___might_sleep+0x1ed/0x300 [ 43.678182] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 43.683630] ? arch_local_save_flags+0x40/0x40 [ 43.688216] ? kasan_check_write+0x14/0x20 [ 43.692468] ? do_raw_spin_lock+0xc1/0x200 [ 43.696698] ____fput+0x15/0x20 [ 43.699976] task_work_run+0x1e8/0x2a0 [ 43.703869] ? task_work_cancel+0x240/0x240 [ 43.708207] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.713741] ? switch_task_namespaces+0x9d/0xd0 [ 43.718413] do_exit+0x1ad7/0x2610 [ 43.721956] ? mm_update_next_owner+0x990/0x990 [ 43.726631] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 43.730875] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.735890] ? kfree+0x1fa/0x230 [ 43.739259] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 43.743496] ? kvm_vcpu_block+0x1030/0x1030 [ 43.747851] ? is_bpf_text_address+0xd3/0x170 [ 43.752640] ? kernel_text_address+0x79/0xf0 [ 43.757050] ? __kernel_text_address+0xd/0x40 [ 43.761557] ? unwind_get_return_address+0x61/0xa0 [ 43.766489] ? __save_stack_trace+0x8d/0xf0 [ 43.770825] ? save_stack+0xa9/0xd0 [ 43.774460] ? save_stack+0x43/0xd0 [ 43.778104] ? __kasan_slab_free+0x102/0x150 [ 43.782513] ? kasan_slab_free+0xe/0x10 [ 43.786499] ? putname+0xf2/0x130 [ 43.789950] ? __x64_sys_openat+0x9d/0x100 [ 43.794184] ? do_syscall_64+0x1b9/0x820 [ 43.798246] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.803612] ? trace_hardirqs_off+0xb8/0x310 [ 43.808024] ? kasan_check_read+0x11/0x20 [ 43.812173] ? do_raw_spin_unlock+0xa7/0x2f0 [ 43.816581] ? trace_hardirqs_on+0x310/0x310 [ 43.820997] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 43.826127] ? trace_hardirqs_off+0xb8/0x310 [ 43.830548] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.836084] ? check_preemption_disabled+0x48/0x200 [ 43.841121] ? check_preemption_disabled+0x48/0x200 [ 43.846153] ? kvm_vcpu_block+0x1030/0x1030 [ 43.850476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.856040] ? do_vfs_ioctl+0x201/0x1720 [ 43.860127] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 43.865413] ? ioctl_preallocate+0x300/0x300 [ 43.869821] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.875367] ? __fget_light+0x2e9/0x430 [ 43.879339] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.884880] ? smack_file_ioctl+0x210/0x3c0 [ 43.889201] ? fget_raw+0x20/0x20 [ 43.892655] ? smack_file_lock+0x2e0/0x2e0 [ 43.896933] do_group_exit+0x177/0x440 [ 43.900823] ? trace_hardirqs_on+0xbd/0x310 [ 43.905153] ? __ia32_sys_exit+0x50/0x50 [ 43.909216] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 43.914681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.920219] ? ksys_ioctl+0x81/0xd0 [ 43.923854] __x64_sys_exit_group+0x3e/0x50 [ 43.928189] do_syscall_64+0x1b9/0x820 [ 43.932081] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 43.937464] ? syscall_return_slowpath+0x5e0/0x5e0 [ 43.942393] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.947247] ? trace_hardirqs_on_caller+0x310/0x310 [ 43.952269] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 43.957287] ? prepare_exit_to_usermode+0x291/0x3b0 [ 43.962404] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.967259] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.972454] RIP: 0033:0x43ecd8 [ 43.975648] Code: Bad RIP value. [ 43.979010] RSP: 002b:00007ffdc4504268 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 43.986727] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8 [ 43.994006] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 44.001282] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 44.008553] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 44.015827] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 44.023126] [ 44.023132] ====================================================== [ 44.023137] WARNING: possible circular locking dependency detected [ 44.023141] 4.19.0-rc4+ #25 Not tainted [ 44.023147] ------------------------------------------------------ [ 44.023152] syz-executor585/5400 is trying to acquire lock: [ 44.023156] 000000000010c262 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 44.023171] [ 44.023176] but task is already holding lock: [ 44.023179] 000000003a5b866d (report_lock){....}, at: kasan_report+0x8b/0x110 [ 44.023194] [ 44.023199] which lock already depends on the new lock. [ 44.023201] [ 44.023204] [ 44.023209] the existing dependency chain (in reverse order) is: [ 44.023212] [ 44.023214] -> #3 (report_lock){....}: [ 44.023229] _raw_spin_lock_irqsave+0x99/0xd0 [ 44.023233] kasan_report+0x8b/0x110 [ 44.023238] __asan_report_load8_noabort+0x14/0x20 [ 44.023242] __schedule+0xfc3/0x1ed0 [ 44.023246] preempt_schedule_common+0x1f/0xd0 [ 44.023251] preempt_schedule+0x4d/0x60 [ 44.023255] ___preempt_schedule+0x16/0x18 [ 44.023259] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 44.023263] __call_srcu+0x7f9/0x1070 [ 44.023268] __synchronize_srcu+0x17b/0x230 [ 44.023272] synchronize_srcu+0x356/0x5ab [ 44.023277] kvm_page_track_unregister_notifier+0x17d/0x250 [ 44.023281] kvm_mmu_uninit_vm+0x1c/0x20 [ 44.023286] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 44.023290] kvm_put_kvm+0x6c8/0xff0 [ 44.023294] kvm_vm_release+0x42/0x50 [ 44.023298] __fput+0x385/0xa30 [ 44.023301] ____fput+0x15/0x20 [ 44.023305] task_work_run+0x1e8/0x2a0 [ 44.023309] do_exit+0x1ad7/0x2610 [ 44.023313] do_group_exit+0x177/0x440 [ 44.023318] __x64_sys_exit_group+0x3e/0x50 [ 44.023322] do_syscall_64+0x1b9/0x820 [ 44.023327] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.023329] [ 44.023332] -> #2 (&rq->lock){-.-.}: [ 44.023346] _raw_spin_lock+0x2d/0x40 [ 44.023350] task_fork_fair+0xb0/0x6d0 [ 44.023354] sched_fork+0x443/0xba0 [ 44.023358] copy_process+0x2586/0x8780 [ 44.023362] _do_fork+0x1cb/0x11d0 [ 44.023366] kernel_thread+0x34/0x40 [ 44.023370] rest_init+0x22/0xe5 [ 44.023374] start_kernel+0x8f4/0x92f [ 44.023378] x86_64_start_reservations+0x29/0x2b [ 44.023383] x86_64_start_kernel+0x76/0x79 [ 44.023387] secondary_startup_64+0xa4/0xb0 [ 44.023389] [ 44.023392] -> #1 (&p->pi_lock){-.-.}: [ 44.023407] _raw_spin_lock_irqsave+0x99/0xd0 [ 44.023411] try_to_wake_up+0xd2/0x12f0 [ 44.023415] wake_up_process+0x10/0x20 [ 44.023419] __up.isra.1+0x1c0/0x2a0 [ 44.023422] up+0x13c/0x1c0 [ 44.023427] __up_console_sem+0xbe/0x1b0 [ 44.023431] console_unlock+0x814/0x1160 [ 44.023435] vprintk_emit+0x33d/0x930 [ 44.023439] vprintk_default+0x28/0x30 [ 44.023443] vprintk_func+0x7e/0x181 [ 44.023446] printk+0xa7/0xcf [ 44.023450] load_umh+0x51/0xbd [ 44.023454] do_one_initcall+0x145/0x957 [ 44.023459] kernel_init_freeable+0x4bb/0x5ae [ 44.023462] kernel_init+0x11/0x1b2 [ 44.023466] ret_from_fork+0x3a/0x50 [ 44.023469] [ 44.023471] -> #0 ((console_sem).lock){-...}: [ 44.023486] lock_acquire+0x1ed/0x520 [ 44.023491] _raw_spin_lock_irqsave+0x99/0xd0 [ 44.023495] down_trylock+0x13/0x70 [ 44.023499] __down_trylock_console_sem+0xae/0x200 [ 44.023503] console_trylock+0x15/0xa0 [ 44.023507] vprintk_emit+0x322/0x930 [ 44.023511] vprintk_default+0x28/0x30 [ 44.023515] vprintk_func+0x7e/0x181 [ 44.023519] printk+0xa7/0xcf [ 44.023523] kasan_report+0x9b/0x110 [ 44.023528] __asan_report_load8_noabort+0x14/0x20 [ 44.023532] __schedule+0xfc3/0x1ed0 [ 44.023536] preempt_schedule_common+0x1f/0xd0 [ 44.023540] preempt_schedule+0x4d/0x60 [ 44.023545] ___preempt_schedule+0x16/0x18 [ 44.023549] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 44.023553] __call_srcu+0x7f9/0x1070 [ 44.023557] __synchronize_srcu+0x17b/0x230 [ 44.023561] synchronize_srcu+0x356/0x5ab [ 44.023567] kvm_page_track_unregister_notifier+0x17d/0x250 [ 44.023571] kvm_mmu_uninit_vm+0x1c/0x20 [ 44.023575] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 44.023579] kvm_put_kvm+0x6c8/0xff0 [ 44.023583] kvm_vm_release+0x42/0x50 [ 44.023587] __fput+0x385/0xa30 [ 44.023591] ____fput+0x15/0x20 [ 44.023595] task_work_run+0x1e8/0x2a0 [ 44.023599] do_exit+0x1ad7/0x2610 [ 44.023603] do_group_exit+0x177/0x440 [ 44.023607] __x64_sys_exit_group+0x3e/0x50 [ 44.023611] do_syscall_64+0x1b9/0x820 [ 44.023617] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.023619] [ 44.023624] other info that might help us debug this: [ 44.023626] [ 44.023630] Chain exists of: [ 44.023632] (console_sem).lock --> &rq->lock --> report_lock [ 44.023651] [ 44.023656] Possible unsafe locking scenario: [ 44.023658] [ 44.023662] CPU0 CPU1 [ 44.023667] ---- ---- [ 44.023669] lock(report_lock); [ 44.023679] lock(&rq->lock); [ 44.023689] lock(report_lock); [ 44.023697] lock((console_sem).lock); [ 44.023706] [ 44.023709] *** DEADLOCK *** [ 44.023712] [ 44.023716] 2 locks held by syz-executor585/5400: [ 44.023719] #0: 000000005fcdb4e5 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 44.023736] #1: 000000003a5b866d (report_lock){....}, at: kasan_report+0x8b/0x110 [ 44.023754] [ 44.023758] stack backtrace: [ 44.023764] CPU: 0 PID: 5400 Comm: syz-executor585 Not tainted 4.19.0-rc4+ #25 [ 44.023771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.023775] Call Trace: [ 44.023778] dump_stack+0x1c4/0x2b4 [ 44.023783] ? dump_stack_print_info.cold.2+0x52/0x52 [ 44.023787] ? vprintk_func+0x85/0x181 [ 44.023792] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 44.023796] ? save_trace+0xe0/0x290 [ 44.023800] __lock_acquire+0x33e4/0x4ec0 [ 44.023804] ? mark_held_locks+0x130/0x130 [ 44.023809] ? mark_held_locks+0x130/0x130 [ 44.023813] ? rcu_bh_qs+0xc0/0xc0 [ 44.023816] ? unwind_dump+0x190/0x190 [ 44.023821] ? is_bpf_text_address+0xd3/0x170 [ 44.023825] ? kernel_text_address+0x79/0xf0 [ 44.023830] ? __kernel_text_address+0xd/0x40 [ 44.023834] ? __save_stack_trace+0x8d/0xf0 [ 44.023839] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 44.023843] ? save_trace+0x290/0x290 [ 44.023847] ? save_stack_trace+0x1a/0x20 [ 44.023851] ? save_trace+0xe0/0x290 [ 44.023855] ? kasan_check_read+0x11/0x20 [ 44.023859] ? graph_lock+0x170/0x170 [ 44.023864] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 44.023868] lock_acquire+0x1ed/0x520 [ 44.023872] ? down_trylock+0x13/0x70 [ 44.023876] ? find_held_lock+0x36/0x1c0 [ 44.023880] ? lock_release+0x970/0x970 [ 44.023885] ? trace_hardirqs_off+0xb8/0x310 [ 44.023889] ? vprintk_emit+0x1d3/0x930 [ 44.023893] ? trace_hardirqs_on+0x310/0x310 [ 44.023897] ? trace_hardirqs_off+0xb8/0x310 [ 44.023901] ? log_store+0x344/0x4c0 [ 44.023905] ? vprintk_emit+0x322/0x930 [ 44.023910] _raw_spin_lock_irqsave+0x99/0xd0 [ 44.023914] ? down_trylock+0x13/0x70 [ 44.023918] down_trylock+0x13/0x70 [ 44.023922] __down_trylock_console_sem+0xae/0x200 [ 44.023926] console_trylock+0x15/0xa0 [ 44.023930] vprintk_emit+0x322/0x930 [ 44.023934] ? wake_up_klogd+0x180/0x180 [ 44.023939] ? run_rebalance_domains+0x500/0x500 [ 44.023943] ? wake_up_worker+0x117/0x190 [ 44.023947] ? find_held_lock+0x36/0x1c0 [ 44.023951] ? __queue_work+0x6be/0x1440 [ 44.023955] ? lock_acquire+0x1ed/0x520 [ 44.023959] vprintk_default+0x28/0x30 [ 44.023963] vprintk_func+0x7e/0x181 [ 44.023967] printk+0xa7/0xcf [ 44.023971] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 44.023976] ? kasan_check_write+0x14/0x20 [ 44.023980] ? do_raw_spin_lock+0xc1/0x200 [ 44.023984] ? do_raw_spin_lock+0xc1/0x200 [ 44.023988] kasan_report+0x9b/0x110 [ 44.023992] ? __schedule+0xfc3/0x1ed0 [ 44.023996] __asan_report_load8_noabort+0x14/0x20 [ 44.024000] __schedule+0xfc3/0x1ed0 [ 44.024004] ? __sched_text_start+0x8/0x8 [ 44.024009] ? __lock_is_held+0xb5/0x140 [ 44.024013] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 44.024017] ? find_held_lock+0x36/0x1c0 [ 44.024022] ? __call_srcu+0x7f9/0x1070 [ 44.024026] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 44.024031] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 44.024035] ? lockdep_hardirqs_on+0x421/0x5c0 [ 44.024039] ? preempt_schedule+0x4d/0x60 [ 44.024044] preempt_schedule_common+0x1f/0xd0 [ 44.024048] preempt_schedule+0x4d/0x60 [ 44.024052] ___preempt_schedule+0x16/0x18 [ 44.024057] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 44.024061] __call_srcu+0x7f9/0x1070 [ 44.024066] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 44.024070] ? srcu_offline_cpu+0x120/0x120 [ 44.024075] ? debug_object_free+0x690/0x690 [ 44.024079] ? mark_held_locks+0x130/0x130 [ 44.024083] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 44.024087] ? lock_release+0x970/0x970 [ 44.024092] ? arch_local_save_flags+0x40/0x40 [ 44.024104] ? depot_save_stack+0x292/0x470 [ 44.024108] ? __lockdep_init_map+0x105/0x590 [ 44.024118] ? __init_waitqueue_head+0x9e/0x150 [ 44.024125] ? init_wait_entry+0x1c0/0x1c0 [ 44.024129] __synchronize_srcu+0x17b/0x230 [ 44.024133] ? call_srcu+0x10/0x10 [ 44.024137] ? rcu_unexpedite_gp+0x20/0x20 [ 44.024142] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 44.024147] ? check_preemption_disabled+0x48/0x200 [ 44.024151] synchronize_srcu+0x356/0x5ab [ 44.024155] ? lock_downgrade+0x900/0x900 [ 44.024160] ? synchronize_srcu_expedited+0x20/0x20 [ 44.024164] ? kasan_check_read+0x11/0x20 [ 44.024169] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 44.024173] ? kasan_check_write+0x14/0x20 [ 44.024177] ? do_raw_spin_lock+0xc1/0x200 [ 44.024182] kvm_page_track_unregister_notifier+0x17d/0x250 [ 44.024187] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 44.024191] ? kvfree+0x61/0x70 [ 44.024195] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.024199] kvm_mmu_uninit_vm+0x1c/0x20 [ 44.024204] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 44.024208] ? kvm_arch_sync_events+0x30/0x30 [ 44.024213] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 44.024218] ? mmu_notifier_unregister+0x474/0x600 [ 44.024221] ? kfree+0x107/0x230 [ 44.024226] ? __mmu_notifier_register+0x30/0x30 [ 44.024230] ? __free_pages+0x10a/0x190 [ 44.024234] ? free_unref_page+0x960/0x960 [ 44.024238] kvm_put_kvm+0x6c8/0xff0 [ 44.024242] ? kvm_write_guest_cached+0x40/0x40 [ 44.024247] ? kvm_irqfd_release+0xd1/0x120 [ 44.024251] ? _raw_spin_unlock_irq+0x27/0x80 [ 44.024255] ? _raw_spin_unlock_irq+0x27/0x80 [ 44.024260] ? kasan_check_write+0x14/0x20 [ 44.024264] ? do_raw_spin_lock+0xc1/0x200 [ 44.024267] ? kvm_irqfd_release+0xdd [ 44.024276] Lost 81 message(s)! [ 45.180800] Shutting down cpus with NMI [ 46.239848] Kernel Offset: disabled [ 46.243477] Rebooting in 86400 seconds..