[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.780937] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.484275] random: sshd: uninitialized urandom read (32 bytes read) [ 27.898936] random: sshd: uninitialized urandom read (32 bytes read) [ 28.484184] random: sshd: uninitialized urandom read (32 bytes read) [ 28.697069] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts. [ 34.384871] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.503730] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.529494] ================================================================== [ 34.539532] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 34.545761] Read of size 8 at addr ffff8801bda20058 by task syz-executor400/5352 [ 34.553283] [ 34.554914] CPU: 0 PID: 5352 Comm: syz-executor400 Not tainted 4.19.0-rc3+ #231 [ 34.562352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.571697] Call Trace: [ 34.574280] dump_stack+0x1c4/0x2b4 [ 34.577911] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.583098] ? printk+0xa7/0xcf [ 34.586383] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.591146] print_address_description.cold.8+0x9/0x1ff [ 34.596509] kasan_report.cold.9+0x242/0x309 [ 34.600919] ? __schedule+0xfc3/0x1ed0 [ 34.604810] __asan_report_load8_noabort+0x14/0x20 [ 34.609739] __schedule+0xfc3/0x1ed0 [ 34.613472] ? __sched_text_start+0x8/0x8 [ 34.617622] ? __lock_is_held+0xb5/0x140 [ 34.621680] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.626782] ? find_held_lock+0x36/0x1c0 [ 34.630849] ? __call_srcu+0x7f9/0x1070 [ 34.634823] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.639953] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.645068] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.649649] ? preempt_schedule+0x4d/0x60 [ 34.653798] preempt_schedule_common+0x1f/0xd0 [ 34.658385] preempt_schedule+0x4d/0x60 [ 34.662360] ___preempt_schedule+0x16/0x18 [ 34.666598] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 34.671532] __call_srcu+0x7f9/0x1070 [ 34.675332] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 34.680437] ? srcu_offline_cpu+0x120/0x120 [ 34.684760] ? debug_object_free+0x690/0x690 [ 34.689168] ? mark_held_locks+0x130/0x130 [ 34.693401] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 34.698004] ? lock_release+0x970/0x970 [ 34.701999] ? arch_local_save_flags+0x40/0x40 [ 34.706618] ? depot_save_stack+0x292/0x470 [ 34.710950] ? __lockdep_init_map+0x105/0x590 [ 34.715447] ? __init_waitqueue_head+0x9e/0x150 [ 34.720119] ? init_wait_entry+0x1c0/0x1c0 [ 34.724361] __synchronize_srcu+0x17b/0x230 [ 34.728682] ? call_srcu+0x10/0x10 [ 34.732220] ? rcu_unexpedite_gp+0x20/0x20 [ 34.736463] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.742001] ? check_preemption_disabled+0x48/0x200 [ 34.747044] synchronize_srcu+0x356/0x5ab [ 34.751200] ? lock_downgrade+0x900/0x900 [ 34.755351] ? synchronize_srcu_expedited+0x20/0x20 [ 34.760382] ? kasan_check_read+0x11/0x20 [ 34.764535] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.769120] ? kasan_check_write+0x14/0x20 [ 34.773358] ? do_raw_spin_lock+0xc1/0x200 [ 34.777597] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.783312] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.788761] ? kvfree+0x61/0x70 [ 34.792059] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.797081] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.801140] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.805549] ? kvm_arch_sync_events+0x30/0x30 [ 34.810065] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.815604] ? mmu_notifier_unregister+0x474/0x600 [ 34.820531] ? kfree+0x107/0x230 [ 34.823899] ? __mmu_notifier_register+0x30/0x30 [ 34.828660] ? __free_pages+0x10a/0x190 [ 34.832639] ? free_unref_page+0x960/0x960 [ 34.836888] kvm_put_kvm+0x6c8/0xff0 [ 34.840612] ? kvm_write_guest_cached+0x40/0x40 [ 34.845291] ? kvm_irqfd_release+0xd1/0x120 [ 34.849612] ? _raw_spin_unlock_irq+0x27/0x80 [ 34.854111] ? _raw_spin_unlock_irq+0x27/0x80 [ 34.858617] ? kasan_check_write+0x14/0x20 [ 34.862855] ? do_raw_spin_lock+0xc1/0x200 [ 34.867096] ? kvm_irqfd_release+0xdd/0x120 [ 34.871418] ? kvm_irqfd_release+0xdd/0x120 [ 34.875747] ? kvm_put_kvm+0xff0/0xff0 [ 34.879638] kvm_vm_release+0x42/0x50 [ 34.883439] __fput+0x385/0xa30 [ 34.886722] ? get_max_files+0x20/0x20 [ 34.890608] ? trace_hardirqs_on+0xbd/0x310 [ 34.894931] ? ___might_sleep+0x1ed/0x300 [ 34.899084] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 34.904534] ? arch_local_save_flags+0x40/0x40 [ 34.909117] ? kasan_check_write+0x14/0x20 [ 34.913356] ? do_raw_spin_lock+0xc1/0x200 [ 34.917591] ____fput+0x15/0x20 [ 34.920869] task_work_run+0x1e8/0x2a0 [ 34.924758] ? task_work_cancel+0x240/0x240 [ 34.929086] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.934628] ? switch_task_namespaces+0x9d/0xd0 [ 34.939299] do_exit+0x1ad7/0x2610 [ 34.942845] ? mm_update_next_owner+0x990/0x990 [ 34.947517] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.952102] ? mark_held_locks+0x130/0x130 [ 34.956336] ? kasan_check_write+0x14/0x20 [ 34.960593] ? do_raw_spin_lock+0xc1/0x200 [ 34.964830] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.970380] ? __call_rcu.constprop.69+0x429/0xbc0 [ 34.975314] ? __call_rcu.constprop.69+0x429/0xbc0 [ 34.980250] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.984836] ? trace_hardirqs_on+0xbd/0x310 [ 34.989159] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 34.994437] ? debug_object_deactivate+0x450/0x450 [ 34.999363] ? call_rcu+0x12/0x20 [ 35.002820] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.008270] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.013804] ? check_preemption_disabled+0x48/0x200 [ 35.018826] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.024283] ? rcu_is_watching+0x30/0x30 [ 35.028343] ? __kasan_slab_free+0x119/0x150 [ 35.032757] ? kzfree+0x28/0x30 [ 35.036046] ? kzfree+0x28/0x30 [ 35.039337] ? blkcg_maybe_throttle_current+0xa38/0x1080 [ 35.044791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.050334] ? blkcg_print_stat+0x13e0/0x13e0 [ 35.054832] ? task_work_run+0x1af/0x2a0 [ 35.058899] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.063397] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.067892] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.072477] ? trace_hardirqs_on+0xbd/0x310 [ 35.076800] ? kasan_check_read+0x11/0x20 [ 35.080950] ? task_work_run+0x1af/0x2a0 [ 35.085010] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.090477] ? kasan_check_write+0x14/0x20 [ 35.094717] ? do_raw_spin_lock+0xc1/0x200 [ 35.098955] ? trace_hardirqs_off+0xb8/0x310 [ 35.103365] ? do_syscall_64+0x6be/0x820 [ 35.107425] ? trace_hardirqs_on+0x310/0x310 [ 35.111839] do_group_exit+0x177/0x440 [ 35.115729] ? trace_hardirqs_on+0xbd/0x310 [ 35.120062] ? __ia32_sys_exit+0x50/0x50 [ 35.124130] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.129593] __x64_sys_exit_group+0x3e/0x50 [ 35.133916] do_syscall_64+0x1b9/0x820 [ 35.137807] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.143176] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.148112] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.152961] ? trace_hardirqs_on_caller+0x310/0x310 [ 35.157979] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.162997] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.168038] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.172894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.178084] RIP: 0033:0x442c58 [ 35.181277] Code: Bad RIP value. [ 35.184640] RSP: 002b:00007fffac605b18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.192352] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442c58 [ 35.199620] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.206886] RBP: 00000000004c2828 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.214152] R10: 00000000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 35.221419] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000 [ 35.228697] [ 35.230319] Allocated by task 5352: [ 35.233945] save_stack+0x43/0xd0 [ 35.237397] kasan_kmalloc+0xc7/0xe0 [ 35.241109] kasan_slab_alloc+0x12/0x20 [ 35.245090] kmem_cache_alloc+0x12e/0x730 [ 35.249240] vmx_create_vcpu+0xcf/0x25e0 [ 35.253302] kvm_arch_vcpu_create+0xe5/0x220 [ 35.257710] kvm_vm_ioctl+0x470/0x1d40 [ 35.261600] do_vfs_ioctl+0x1de/0x1720 [ 35.265485] ksys_ioctl+0xa9/0xd0 [ 35.268937] __x64_sys_ioctl+0x73/0xb0 [ 35.272825] do_syscall_64+0x1b9/0x820 [ 35.276719] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.281899] [ 35.283521] Freed by task 5352: [ 35.286797] save_stack+0x43/0xd0 [ 35.290249] __kasan_slab_free+0x102/0x150 [ 35.294481] kasan_slab_free+0xe/0x10 [ 35.298279] kmem_cache_free+0x83/0x290 [ 35.302251] vmx_free_vcpu+0x26b/0x300 [ 35.306140] kvm_arch_destroy_vm+0x365/0x7c0 [ 35.310552] kvm_put_kvm+0x6c8/0xff0 [ 35.314266] kvm_vm_release+0x42/0x50 [ 35.318071] __fput+0x385/0xa30 [ 35.321799] ____fput+0x15/0x20 [ 35.325082] task_work_run+0x1e8/0x2a0 [ 35.328969] do_exit+0x1ad7/0x2610 [ 35.332505] do_group_exit+0x177/0x440 [ 35.336392] __x64_sys_exit_group+0x3e/0x50 [ 35.340724] do_syscall_64+0x1b9/0x820 [ 35.344622] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.349799] [ 35.351422] The buggy address belongs to the object at ffff8801bda20040 [ 35.351422] which belongs to the cache kvm_vcpu of size 23872 [ 35.364003] The buggy address is located 24 bytes inside of [ 35.364003] 23872-byte region [ffff8801bda20040, ffff8801bda25d80) [ 35.375981] The buggy address belongs to the page: [ 35.380914] page:ffffea0006f68800 count:1 mapcount:0 mapping:ffff8801d5b86d80 index:0x0 compound_mapcount: 0 [ 35.390888] flags: 0x2fffc0000008100(slab|head) [ 35.395566] raw: 02fffc0000008100 ffff8801d5b81c48 ffff8801d5b81c48 ffff8801d5b86d80 [ 35.403457] raw: 0000000000000000 ffff8801bda20040 0000000100000001 0000000000000000 [ 35.411330] page dumped because: kasan: bad access detected [ 35.417037] [ 35.418673] Memory state around the buggy address: [ 35.423612] ffff8801bda1ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.430995] ffff8801bda1ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.438358] >ffff8801bda20000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 35.445708] ^ [ 35.451949] ffff8801bda20080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.459321] ffff8801bda20100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.466669] ================================================================== [ 35.474018] Kernel panic - not syncing: panic_on_warn set ... [ 35.474018] [ 35.481396] CPU: 0 PID: 5352 Comm: syz-executor400 Tainted: G B 4.19.0-rc3+ #231 [ 35.490224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.499574] Call Trace: [ 35.502166] dump_stack+0x1c4/0x2b4 [ 35.505797] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.510987] ? lock_downgrade+0x900/0x900 [ 35.515156] panic+0x238/0x4e7 [ 35.518344] ? add_taint.cold.5+0x16/0x16 [ 35.522492] ? print_shadow_for_address+0xb6/0x116 [ 35.527442] ? trace_hardirqs_off+0xaf/0x310 [ 35.531871] kasan_end_report+0x47/0x4f [ 35.535845] kasan_report.cold.9+0x76/0x309 [ 35.540169] ? __schedule+0xfc3/0x1ed0 [ 35.544066] __asan_report_load8_noabort+0x14/0x20 [ 35.548993] __schedule+0xfc3/0x1ed0 [ 35.552719] ? __sched_text_start+0x8/0x8 [ 35.556871] ? __lock_is_held+0xb5/0x140 [ 35.560935] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.566067] ? find_held_lock+0x36/0x1c0 [ 35.570129] ? __call_srcu+0x7f9/0x1070 [ 35.574106] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.579209] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.584311] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.588896] ? preempt_schedule+0x4d/0x60 [ 35.593059] preempt_schedule_common+0x1f/0xd0 [ 35.597640] preempt_schedule+0x4d/0x60 [ 35.601635] ___preempt_schedule+0x16/0x18 [ 35.605880] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.610805] __call_srcu+0x7f9/0x1070 [ 35.614600] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 35.619707] ? srcu_offline_cpu+0x120/0x120 [ 35.624046] ? debug_object_free+0x690/0x690 [ 35.628462] ? mark_held_locks+0x130/0x130 [ 35.632696] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 35.637282] ? lock_release+0x970/0x970 [ 35.641254] ? arch_local_save_flags+0x40/0x40 [ 35.645837] ? depot_save_stack+0x292/0x470 [ 35.650169] ? __lockdep_init_map+0x105/0x590 [ 35.654667] ? __init_waitqueue_head+0x9e/0x150 [ 35.659335] ? init_wait_entry+0x1c0/0x1c0 [ 35.663582] __synchronize_srcu+0x17b/0x230 [ 35.667918] ? call_srcu+0x10/0x10 [ 35.671468] ? rcu_unexpedite_gp+0x20/0x20 [ 35.675714] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.681264] ? check_preemption_disabled+0x48/0x200 [ 35.686285] synchronize_srcu+0x356/0x5ab [ 35.690430] ? lock_downgrade+0x900/0x900 [ 35.694580] ? synchronize_srcu_expedited+0x20/0x20 [ 35.699627] ? kasan_check_read+0x11/0x20 [ 35.703775] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.708362] ? kasan_check_write+0x14/0x20 [ 35.712599] ? do_raw_spin_lock+0xc1/0x200 [ 35.716843] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.722557] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.728010] ? kvfree+0x61/0x70 [ 35.731307] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.736329] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.740397] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.744806] ? kvm_arch_sync_events+0x30/0x30 [ 35.749302] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.754835] ? mmu_notifier_unregister+0x474/0x600 [ 35.759763] ? kfree+0x107/0x230 [ 35.763128] ? __mmu_notifier_register+0x30/0x30 [ 35.767897] ? __free_pages+0x10a/0x190 [ 35.771880] ? free_unref_page+0x960/0x960 [ 35.776136] kvm_put_kvm+0x6c8/0xff0 [ 35.779864] ? kvm_write_guest_cached+0x40/0x40 [ 35.784540] ? kvm_irqfd_release+0xd1/0x120 [ 35.788863] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.793358] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.797857] ? kasan_check_write+0x14/0x20 [ 35.802085] ? do_raw_spin_lock+0xc1/0x200 [ 35.806321] ? kvm_irqfd_release+0xdd/0x120 [ 35.810635] ? kvm_irqfd_release+0xdd/0x120 [ 35.814954] ? kvm_put_kvm+0xff0/0xff0 [ 35.818835] kvm_vm_release+0x42/0x50 [ 35.822632] __fput+0x385/0xa30 [ 35.825914] ? get_max_files+0x20/0x20 [ 35.829812] ? trace_hardirqs_on+0xbd/0x310 [ 35.834137] ? ___might_sleep+0x1ed/0x300 [ 35.838279] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.843728] ? arch_local_save_flags+0x40/0x40 [ 35.848308] ? kasan_check_write+0x14/0x20 [ 35.852548] ? do_raw_spin_lock+0xc1/0x200 [ 35.856791] ____fput+0x15/0x20 [ 35.860072] task_work_run+0x1e8/0x2a0 [ 35.863957] ? task_work_cancel+0x240/0x240 [ 35.868289] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.873840] ? switch_task_namespaces+0x9d/0xd0 [ 35.878507] do_exit+0x1ad7/0x2610 [ 35.882072] ? mm_update_next_owner+0x990/0x990 [ 35.886741] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.891320] ? mark_held_locks+0x130/0x130 [ 35.895551] ? kasan_check_write+0x14/0x20 [ 35.899797] ? do_raw_spin_lock+0xc1/0x200 [ 35.904036] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.909576] ? __call_rcu.constprop.69+0x429/0xbc0 [ 35.914501] ? __call_rcu.constprop.69+0x429/0xbc0 [ 35.919432] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.924010] ? trace_hardirqs_on+0xbd/0x310 [ 35.928339] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 35.933624] ? debug_object_deactivate+0x450/0x450 [ 35.938543] ? call_rcu+0x12/0x20 [ 35.941991] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.947458] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.953014] ? check_preemption_disabled+0x48/0x200 [ 35.958070] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.963522] ? rcu_is_watching+0x30/0x30 [ 35.967583] ? __kasan_slab_free+0x119/0x150 [ 35.971991] ? kzfree+0x28/0x30 [ 35.975278] ? kzfree+0x28/0x30 [ 35.978558] ? blkcg_maybe_throttle_current+0xa38/0x1080 [ 35.984031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.989595] ? blkcg_print_stat+0x13e0/0x13e0 [ 35.994095] ? task_work_run+0x1af/0x2a0 [ 35.998158] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.002647] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.007137] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.011718] ? trace_hardirqs_on+0xbd/0x310 [ 36.016046] ? kasan_check_read+0x11/0x20 [ 36.020215] ? task_work_run+0x1af/0x2a0 [ 36.024277] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.029729] ? kasan_check_write+0x14/0x20 [ 36.033965] ? do_raw_spin_lock+0xc1/0x200 [ 36.038229] ? trace_hardirqs_off+0xb8/0x310 [ 36.042635] ? do_syscall_64+0x6be/0x820 [ 36.046690] ? trace_hardirqs_on+0x310/0x310 [ 36.051108] do_group_exit+0x177/0x440 [ 36.054993] ? trace_hardirqs_on+0xbd/0x310 [ 36.059321] ? __ia32_sys_exit+0x50/0x50 [ 36.063381] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.068837] __x64_sys_exit_group+0x3e/0x50 [ 36.073169] do_syscall_64+0x1b9/0x820 [ 36.077065] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.082435] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.087369] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.092214] ? trace_hardirqs_on_caller+0x310/0x310 [ 36.097228] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.102246] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.107267] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.112114] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.117301] RIP: 0033:0x442c58 [ 36.120498] Code: Bad RIP value. [ 36.123869] RSP: 002b:00007fffac605b18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.131599] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442c58 [ 36.138860] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.146125] RBP: 00000000004c2828 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.153392] R10: 00000000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 36.160670] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000 [ 36.167948] [ 36.167954] ====================================================== [ 36.167960] WARNING: possible circular locking dependency detected [ 36.167964] 4.19.0-rc3+ #231 Not tainted [ 36.167970] ------------------------------------------------------ [ 36.167975] syz-executor400/5352 is trying to acquire lock: [ 36.167979] 00000000ba04a12a ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 36.167995] [ 36.167999] but task is already holding lock: [ 36.168003] 000000007d8b5593 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 36.168018] [ 36.168031] which lock already depends on the new lock. [ 36.168033] [ 36.168036] [ 36.168041] the existing dependency chain (in reverse order) is: [ 36.168044] [ 36.168046] -> #3 (report_lock){....}: [ 36.168069] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.168073] kasan_report+0x8b/0x110 [ 36.168078] __asan_report_load8_noabort+0x14/0x20 [ 36.168082] __schedule+0xfc3/0x1ed0 [ 36.168086] preempt_schedule_common+0x1f/0xd0 [ 36.168091] preempt_schedule+0x4d/0x60 [ 36.168095] ___preempt_schedule+0x16/0x18 [ 36.168100] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.168104] __call_srcu+0x7f9/0x1070 [ 36.168109] __synchronize_srcu+0x17b/0x230 [ 36.168113] synchronize_srcu+0x356/0x5ab [ 36.168118] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.168123] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.168127] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.168131] kvm_put_kvm+0x6c8/0xff0 [ 36.168136] kvm_vm_release+0x42/0x50 [ 36.168139] __fput+0x385/0xa30 [ 36.168143] ____fput+0x15/0x20 [ 36.168147] task_work_run+0x1e8/0x2a0 [ 36.168151] do_exit+0x1ad7/0x2610 [ 36.168156] do_group_exit+0x177/0x440 [ 36.168160] __x64_sys_exit_group+0x3e/0x50 [ 36.168164] do_syscall_64+0x1b9/0x820 [ 36.168169] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.168172] [ 36.168174] -> #2 (&rq->lock){-.-.}: [ 36.168189] _raw_spin_lock+0x2d/0x40 [ 36.168193] task_fork_fair+0xb0/0x6d0 [ 36.168197] sched_fork+0x443/0xba0 [ 36.168202] copy_process+0x2586/0x8780 [ 36.168205] _do_fork+0x1cb/0x11d0 [ 36.168210] kernel_thread+0x34/0x40 [ 36.168214] rest_init+0x22/0xe5 [ 36.168218] start_kernel+0x8f4/0x92f [ 36.168222] x86_64_start_reservations+0x29/0x2b [ 36.168227] x86_64_start_kernel+0x76/0x79 [ 36.168231] secondary_startup_64+0xa4/0xb0 [ 36.168234] [ 36.168236] -> #1 (&p->pi_lock){-.-.}: [ 36.168252] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.168256] try_to_wake_up+0xd2/0x12f0 [ 36.168260] wake_up_process+0x10/0x20 [ 36.168264] __up.isra.1+0x1c0/0x2a0 [ 36.168268] up+0x13c/0x1c0 [ 36.168272] __up_console_sem+0xbe/0x1b0 [ 36.168276] console_unlock+0x524/0x11a0 [ 36.168280] vprintk_emit+0x33d/0x930 [ 36.168285] vprintk_default+0x28/0x30 [ 36.168289] vprintk_func+0x7e/0x181 [ 36.168292] printk+0xa7/0xcf [ 36.168296] load_umh+0x51/0xbd [ 36.168301] do_one_initcall+0x145/0x957 [ 36.168305] kernel_init_freeable+0x4bb/0x5ae [ 36.168309] kernel_init+0x11/0x1b2 [ 36.168313] ret_from_fork+0x3a/0x50 [ 36.168316] [ 36.168318] -> #0 ((console_sem).lock){-...}: [ 36.168334] lock_acquire+0x1ed/0x520 [ 36.168338] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.168342] down_trylock+0x13/0x70 [ 36.168347] __down_trylock_console_sem+0xae/0x200 [ 36.168351] console_trylock+0x15/0xa0 [ 36.168355] vprintk_emit+0x322/0x930 [ 36.168360] vprintk_default+0x28/0x30 [ 36.168364] vprintk_func+0x7e/0x181 [ 36.168367] printk+0xa7/0xcf [ 36.168372] kasan_report+0x9b/0x110 [ 36.168376] __asan_report_load8_noabort+0x14/0x20 [ 36.168380] __schedule+0xfc3/0x1ed0 [ 36.168385] preempt_schedule_common+0x1f/0xd0 [ 36.168389] preempt_schedule+0x4d/0x60 [ 36.168394] ___preempt_schedule+0x16/0x18 [ 36.168398] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.168403] __call_srcu+0x7f9/0x1070 [ 36.168407] __synchronize_srcu+0x17b/0x230 [ 36.168411] synchronize_srcu+0x356/0x5ab [ 36.168417] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.168421] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.168425] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.168429] kvm_put_kvm+0x6c8/0xff0 [ 36.168434] kvm_vm_release+0x42/0x50 [ 36.168437] __fput+0x385/0xa30 [ 36.168441] ____fput+0x15/0x20 [ 36.168445] task_work_run+0x1e8/0x2a0 [ 36.168449] do_exit+0x1ad7/0x2610 [ 36.168454] do_group_exit+0x177/0x440 [ 36.168458] __x64_sys_exit_group+0x3e/0x50 [ 36.168462] do_syscall_64+0x1b9/0x820 [ 36.168467] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.168470] [ 36.168474] other info that might help us debug this: [ 36.168477] [ 36.168480] Chain exists of: [ 36.168482] (console_sem).lock --> &rq->lock --> report_lock [ 36.168502] [ 36.168506] Possible unsafe locking scenario: [ 36.168509] [ 36.168513] CPU0 CPU1 [ 36.168518] ---- ---- [ 36.168520] lock(report_lock); [ 36.168530] lock(&rq->lock); [ 36.168553] lock(report_lock); [ 36.168561] lock((console_sem).lock); [ 36.168570] [ 36.168573] *** DEADLOCK *** [ 36.168576] [ 36.168580] 2 locks held by syz-executor400/5352: [ 36.168582] #0: 000000008b111ff8 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 36.168600] #1: 000000007d8b5593 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 36.168617] [ 36.168620] stack backtrace: [ 36.168627] CPU: 0 PID: 5352 Comm: syz-executor400 Not tainted 4.19.0-rc3+ #231 [ 36.168634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.168637] Call Trace: [ 36.168641] dump_stack+0x1c4/0x2b4 [ 36.168646] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.168650] ? vprintk_func+0x85/0x181 [ 36.168655] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 36.168659] ? save_trace+0xe0/0x290 [ 36.168663] __lock_acquire+0x33e4/0x4ec0 [ 36.168667] ? mark_held_locks+0x130/0x130 [ 36.168671] ? mark_held_locks+0x130/0x130 [ 36.168675] ? rcu_bh_qs+0xc0/0xc0 [ 36.168679] ? unwind_dump+0x190/0x190 [ 36.168684] ? is_bpf_text_address+0xd3/0x170 [ 36.168688] ? kernel_text_address+0x79/0xf0 [ 36.168692] ? __kernel_text_address+0xd/0x40 [ 36.168697] ? __save_stack_trace+0x8d/0xf0 [ 36.168701] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 36.168705] ? save_trace+0x290/0x290 [ 36.168709] ? save_stack_trace+0x1a/0x20 [ 36.168713] ? save_trace+0xe0/0x290 [ 36.168717] ? kasan_check_read+0x11/0x20 [ 36.168721] ? graph_lock+0x170/0x170 [ 36.168726] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.168730] lock_acquire+0x1ed/0x520 [ 36.168734] ? down_trylock+0x13/0x70 [ 36.168738] ? find_held_lock+0x36/0x1c0 [ 36.168742] ? lock_release+0x970/0x970 [ 36.168747] ? trace_hardirqs_off+0xb8/0x310 [ 36.168751] ? vprintk_emit+0x1d3/0x930 [ 36.168755] ? trace_hardirqs_on+0x310/0x310 [ 36.168759] ? trace_hardirqs_off+0xb8/0x310 [ 36.168763] ? log_store+0x344/0x4c0 [ 36.168767] ? vprintk_emit+0x322/0x930 [ 36.168784] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.168788] ? down_trylock+0x13/0x70 [ 36.168792] down_trylock+0x13/0x70 [ 36.168797] __down_trylock_console_sem+0xae/0x200 [ 36.168801] console_trylock+0x15/0xa0 [ 36.168805] vprintk_emit+0x322/0x930 [ 36.168809] ? wake_up_klogd+0x180/0x180 [ 36.168814] ? run_rebalance_domains+0x500/0x500 [ 36.168818] ? wake_up_worker+0x117/0x190 [ 36.168822] ? find_held_lock+0x36/0x1c0 [ 36.168827] ? __queue_work+0x6be/0x1440 [ 36.168831] ? lock_acquire+0x1ed/0x520 [ 36.168835] vprintk_default+0x28/0x30 [ 36.168839] vprintk_func+0x7e/0x181 [ 36.168843] printk+0xa7/0xcf [ 36.168848] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.168852] ? kasan_check_write+0x14/0x20 [ 36.168856] ? do_raw_spin_lock+0xc1/0x200 [ 36.168861] ? do_raw_spin_lock+0xc1/0x200 [ 36.168865] kasan_report+0x9b/0x110 [ 36.168869] ? __schedule+0xfc3/0x1ed0 [ 36.168874] __asan_report_load8_noabort+0x14/0x20 [ 36.168878] __schedule+0xfc3/0x1ed0 [ 36.168882] ? __sched_text_start+0x8/0x8 [ 36.168886] ? __lock_is_held+0xb5/0x140 [ 36.168891] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.168895] ? find_held_lock+0x36/0x1c0 [ 36.168899] ? __call_srcu+0x7f9/0x1070 [ 36.168904] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.168909] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.168914] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.168918] ? preempt_schedule+0x4d/0x60 [ 36.168923] preempt_schedule_common+0x1f/0xd0 [ 36.168927] preempt_schedule+0x4d/0x60 [ 36.168931] ___preempt_schedule+0x16/0x18 [ 36.168936] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.168940] __call_srcu+0x7f9/0x1070 [ 36.168945] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 36.168949] ? srcu_offline_cpu+0x120/0x120 [ 36.168953] ? debug_object_free+0x690/0x690 [ 36.168958] ? mark_held_locks+0x130/0x130 [ 36.168976] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 36.168980] ? lock_release+0x970/0x970 [ 36.168984] ? arch_local_save_flags+0x40/0x40 [ 36.168988] ? depot_save_stack+0x292/0x470 [ 36.168993] ? __lockdep_init_map+0x105/0x590 [ 36.168997] ? __init_waitqueue_head+0x9e/0x150 [ 36.169001] ? init_wait_entry+0x1c0/0x1c0 [ 36.169006] __synchronize_srcu+0x17b/0x230 [ 36.169009] ? call_srcu+0x10/0x10 [ 36.169013] ? rcu_unexpedite_gp+0x20/0x20 [ 36.169018] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.169031] ? check_preemption_disabled+0x48/0x200 [ 36.169035] synchronize_srcu+0x356/0x5ab [ 36.169040] ? lock_downgrade+0x900/0x900 [ 36.169044] ? synchronize_srcu_expedited+0x20/0x20 [ 36.169066] ? kasan_check_read+0x11/0x20 [ 36.169071] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.169075] ? kasan_check_write+0x14/0x20 [ 36.169091] ? do_raw_spin_lock+0xc1/0x200 [ 36.169096] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.169101] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.169105] ? kvfree+0x61/0x70 [ 36.169110] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.169114] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.169118] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.169122] ? kvm_arch_sync_events+0x30/0x30 [ 36.169140] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.169145] ? mmu_notifier_unregister+0x474/0x600 [ 36.169149] ? kfree+0x107/0x230 [ 36.169153] ? __mmu_notifier_register+0x30/0x30 [ 36.169157] ? __free_pages+0x10a/0x190 [ 36.169162] ? free_unref_page+0x960/0x960 [ 36.169166] kvm_put_kvm+0x6c8/0xff0 [ 36.169171] ? kvm_write_guest_cached+0x40/0x40 [ 36.169175] ? kvm_irqfd_release+0xd1/0x120 [ 36.169180] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.169184] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.169189] ? kasan_check_write+0x14/0x20 [ 36.169193] ? do_raw_spin_lock+0xc1/0x200 [ 36.169197] ? kvm_irqfd_release+0x [ 36.169205] Lost 77 message(s)! [ 37.348512] Shutting down cpus with NMI [ 38.405451] Dumping ftrace buffer: [ 38.408978] (ftrace buffer empty) [ 38.413256] Kernel Offset: disabled [ 38.416900] Rebooting in 86400 seconds..