[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.659080] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.709917] random: sshd: uninitialized urandom read (32 bytes read) [ 27.118593] random: sshd: uninitialized urandom read (32 bytes read) [ 27.666480] random: sshd: uninitialized urandom read (32 bytes read) [ 27.876770] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts. [ 33.410412] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.525245] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.550745] ================================================================== [ 33.560131] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 33.566839] Read of size 8 at addr ffff8801bbbf8058 by task syz-executor956/5312 [ 33.574352] [ 33.575969] CPU: 0 PID: 5312 Comm: syz-executor956 Not tainted 4.19.0-rc4+ #248 [ 33.583395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.592732] Call Trace: [ 33.595311] dump_stack+0x1c4/0x2b4 [ 33.598926] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.604107] ? printk+0xa7/0xcf [ 33.607376] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.612124] print_address_description.cold.8+0x9/0x1ff [ 33.617475] kasan_report.cold.9+0x242/0x309 [ 33.621871] ? __schedule+0xfc3/0x1ed0 [ 33.625747] __asan_report_load8_noabort+0x14/0x20 [ 33.630664] __schedule+0xfc3/0x1ed0 [ 33.634367] ? __sched_text_start+0x8/0x8 [ 33.638503] ? __lock_is_held+0xb5/0x140 [ 33.642550] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.647640] ? find_held_lock+0x36/0x1c0 [ 33.651690] ? __call_srcu+0x7f9/0x1070 [ 33.655653] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.660742] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.665831] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.670400] ? preempt_schedule+0x4d/0x60 [ 33.674541] preempt_schedule_common+0x1f/0xd0 [ 33.679113] preempt_schedule+0x4d/0x60 [ 33.683073] ___preempt_schedule+0x16/0x18 [ 33.687300] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 33.692217] __call_srcu+0x7f9/0x1070 [ 33.696004] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 33.701101] ? srcu_offline_cpu+0x120/0x120 [ 33.705419] ? debug_object_free+0x690/0x690 [ 33.709815] ? mark_held_locks+0x130/0x130 [ 33.714034] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 33.718605] ? lock_release+0x970/0x970 [ 33.722567] ? arch_local_save_flags+0x40/0x40 [ 33.727141] ? depot_save_stack+0x292/0x470 [ 33.731464] ? __lockdep_init_map+0x105/0x590 [ 33.735957] ? __init_waitqueue_head+0x9e/0x150 [ 33.740612] ? init_wait_entry+0x1c0/0x1c0 [ 33.744837] __synchronize_srcu+0x17b/0x230 [ 33.749146] ? call_srcu+0x10/0x10 [ 33.752672] ? rcu_unexpedite_gp+0x20/0x20 [ 33.756898] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.762426] ? check_preemption_disabled+0x48/0x200 [ 33.767438] synchronize_srcu+0x356/0x5ab [ 33.771573] ? lock_downgrade+0x900/0x900 [ 33.775719] ? synchronize_srcu_expedited+0x20/0x20 [ 33.780726] ? kasan_check_read+0x11/0x20 [ 33.784864] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.789435] ? kasan_check_write+0x14/0x20 [ 33.793658] ? do_raw_spin_lock+0xc1/0x200 [ 33.797886] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.803589] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.809026] ? kvfree+0x61/0x70 [ 33.812294] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.817299] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.821345] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.825739] ? kvm_arch_sync_events+0x30/0x30 [ 33.830221] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.835748] ? mmu_notifier_unregister+0x474/0x600 [ 33.840665] ? kfree+0x107/0x230 [ 33.844021] ? __mmu_notifier_register+0x30/0x30 [ 33.848768] ? __free_pages+0x10a/0x190 [ 33.852728] ? free_unref_page+0x960/0x960 [ 33.856974] kvm_put_kvm+0x6c8/0xff0 [ 33.860679] ? kvm_write_guest_cached+0x40/0x40 [ 33.865336] ? kvm_irqfd_release+0xd1/0x120 [ 33.869760] ? _raw_spin_unlock_irq+0x27/0x80 [ 33.874242] ? _raw_spin_unlock_irq+0x27/0x80 [ 33.878732] ? kasan_check_write+0x14/0x20 [ 33.882954] ? do_raw_spin_lock+0xc1/0x200 [ 33.887175] ? kvm_irqfd_release+0xdd/0x120 [ 33.891482] ? kvm_irqfd_release+0xdd/0x120 [ 33.895792] ? kvm_put_kvm+0xff0/0xff0 [ 33.899667] kvm_vm_release+0x42/0x50 [ 33.903455] __fput+0x385/0xa30 [ 33.906724] ? get_max_files+0x20/0x20 [ 33.910597] ? trace_hardirqs_on+0xbd/0x310 [ 33.914909] ? ___might_sleep+0x1ed/0x300 [ 33.919044] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 33.924483] ? arch_local_save_flags+0x40/0x40 [ 33.929052] ? kasan_check_write+0x14/0x20 [ 33.933291] ? do_raw_spin_lock+0xc1/0x200 [ 33.937512] ____fput+0x15/0x20 [ 33.940782] task_work_run+0x1e8/0x2a0 [ 33.944670] ? task_work_cancel+0x240/0x240 [ 33.948991] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.954516] ? switch_task_namespaces+0x9d/0xd0 [ 33.959176] do_exit+0x1ad7/0x2610 [ 33.962708] ? mm_update_next_owner+0x990/0x990 [ 33.967368] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 33.971595] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.976597] ? kfree+0x1fa/0x230 [ 33.979955] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 33.984180] ? kvm_vcpu_block+0x1030/0x1030 [ 33.988491] ? is_bpf_text_address+0xd3/0x170 [ 33.992971] ? kernel_text_address+0x79/0xf0 [ 33.997368] ? __kernel_text_address+0xd/0x40 [ 34.001860] ? unwind_get_return_address+0x61/0xa0 [ 34.006865] ? __save_stack_trace+0x8d/0xf0 [ 34.011177] ? save_stack+0xa9/0xd0 [ 34.014790] ? save_stack+0x43/0xd0 [ 34.018408] ? __kasan_slab_free+0x102/0x150 [ 34.022801] ? kasan_slab_free+0xe/0x10 [ 34.026758] ? putname+0xf2/0x130 [ 34.030198] ? __x64_sys_openat+0x9d/0x100 [ 34.034421] ? do_syscall_64+0x1b9/0x820 [ 34.038474] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.043827] ? trace_hardirqs_off+0xb8/0x310 [ 34.048225] ? kasan_check_read+0x11/0x20 [ 34.052362] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.056762] ? trace_hardirqs_on+0x310/0x310 [ 34.061161] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 34.066250] ? trace_hardirqs_off+0xb8/0x310 [ 34.070662] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.076185] ? check_preemption_disabled+0x48/0x200 [ 34.081186] ? check_preemption_disabled+0x48/0x200 [ 34.086190] ? kvm_vcpu_block+0x1030/0x1030 [ 34.090500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.096025] ? do_vfs_ioctl+0x201/0x1720 [ 34.100091] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 34.105371] ? ioctl_preallocate+0x300/0x300 [ 34.109772] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.115296] ? __fget_light+0x2e9/0x430 [ 34.119257] ? fget_raw+0x20/0x20 [ 34.122695] ? putname+0xf2/0x130 [ 34.126135] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.131137] ? kmem_cache_free+0x24f/0x290 [ 34.135357] ? putname+0xf7/0x130 [ 34.138805] do_group_exit+0x177/0x440 [ 34.142681] ? trace_hardirqs_on+0xbd/0x310 [ 34.146989] ? __ia32_sys_exit+0x50/0x50 [ 34.151036] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 34.156472] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.161995] ? ksys_ioctl+0x81/0xd0 [ 34.165615] __x64_sys_exit_group+0x3e/0x50 [ 34.169921] do_syscall_64+0x1b9/0x820 [ 34.173795] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.179148] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.184067] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.188896] ? trace_hardirqs_on_caller+0x310/0x310 [ 34.193901] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.198908] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.203912] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.208832] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.214011] RIP: 0033:0x43f028 [ 34.217194] Code: 88 46 05 44 0f b6 47 03 44 89 c0 41 c0 f8 07 f6 ea 66 c1 e8 08 89 c1 c0 f9 02 44 29 c1 89 c8 89 cb f6 ea c0 fb 07 41 89 d8 66 e8 08 c0 f8 02 44 29 c0 8d 04 80 01 c0 29 c1 83 c1 30 88 4e 07 [ 34.236080] RSP: 002b:00007ffd5241f328 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.243774] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 34.251044] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.258302] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.265557] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.272811] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 34.280070] [ 34.281684] Allocated by task 5312: [ 34.285298] save_stack+0x43/0xd0 [ 34.288736] kasan_kmalloc+0xc7/0xe0 [ 34.292433] kasan_slab_alloc+0x12/0x20 [ 34.296393] kmem_cache_alloc+0x12e/0x730 [ 34.300530] vmx_create_vcpu+0xcf/0x25e0 [ 34.304575] kvm_arch_vcpu_create+0xe5/0x220 [ 34.308966] kvm_vm_ioctl+0x470/0x1d40 [ 34.312840] do_vfs_ioctl+0x1de/0x1720 [ 34.316714] ksys_ioctl+0xa9/0xd0 [ 34.320152] __x64_sys_ioctl+0x73/0xb0 [ 34.324028] do_syscall_64+0x1b9/0x820 [ 34.327902] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.333071] [ 34.334681] Freed by task 5312: [ 34.337945] save_stack+0x43/0xd0 [ 34.341380] __kasan_slab_free+0x102/0x150 [ 34.345598] kasan_slab_free+0xe/0x10 [ 34.349386] kmem_cache_free+0x83/0x290 [ 34.353346] vmx_free_vcpu+0x26b/0x300 [ 34.357224] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.361618] kvm_put_kvm+0x6c8/0xff0 [ 34.365316] kvm_vm_release+0x42/0x50 [ 34.369103] __fput+0x385/0xa30 [ 34.372373] ____fput+0x15/0x20 [ 34.375640] task_work_run+0x1e8/0x2a0 [ 34.379514] do_exit+0x1ad7/0x2610 [ 34.383042] do_group_exit+0x177/0x440 [ 34.386912] __x64_sys_exit_group+0x3e/0x50 [ 34.391218] do_syscall_64+0x1b9/0x820 [ 34.395093] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.400259] [ 34.401876] The buggy address belongs to the object at ffff8801bbbf8040 [ 34.401876] which belongs to the cache kvm_vcpu of size 23872 [ 34.414452] The buggy address is located 24 bytes inside of [ 34.414452] 23872-byte region [ffff8801bbbf8040, ffff8801bbbfdd80) [ 34.426395] The buggy address belongs to the page: [ 34.431311] page:ffffea0006eefe00 count:1 mapcount:0 mapping:ffff8801d529fa80 index:0x0 compound_mapcount: 0 [ 34.441272] flags: 0x2fffc0000008100(slab|head) [ 34.445928] raw: 02fffc0000008100 ffff8801d5298548 ffff8801d5298548 ffff8801d529fa80 [ 34.453805] raw: 0000000000000000 ffff8801bbbf8040 0000000100000001 0000000000000000 [ 34.461667] page dumped because: kasan: bad access detected [ 34.467361] [ 34.468970] Memory state around the buggy address: [ 34.473884] ffff8801bbbf7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.481226] ffff8801bbbf7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.488570] >ffff8801bbbf8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.495910] ^ [ 34.502139] ffff8801bbbf8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.509505] ffff8801bbbf8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.516848] ================================================================== [ 34.524190] Kernel panic - not syncing: panic_on_warn set ... [ 34.524190] [ 34.531541] CPU: 0 PID: 5312 Comm: syz-executor956 Tainted: G B 4.19.0-rc4+ #248 [ 34.540635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.549972] Call Trace: [ 34.552551] dump_stack+0x1c4/0x2b4 [ 34.556167] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.561354] ? lock_downgrade+0x900/0x900 [ 34.565740] panic+0x238/0x4e7 [ 34.568920] ? add_taint.cold.5+0x16/0x16 [ 34.573060] ? print_shadow_for_address+0xb6/0x116 [ 34.578065] ? trace_hardirqs_off+0xaf/0x310 [ 34.582462] kasan_end_report+0x47/0x4f [ 34.586424] kasan_report.cold.9+0x76/0x309 [ 34.590733] ? __schedule+0xfc3/0x1ed0 [ 34.594609] __asan_report_load8_noabort+0x14/0x20 [ 34.599529] __schedule+0xfc3/0x1ed0 [ 34.603233] ? __sched_text_start+0x8/0x8 [ 34.607371] ? __lock_is_held+0xb5/0x140 [ 34.611419] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.616515] ? find_held_lock+0x36/0x1c0 [ 34.620567] ? __call_srcu+0x7f9/0x1070 [ 34.624533] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.629622] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.634713] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.639284] ? preempt_schedule+0x4d/0x60 [ 34.643421] preempt_schedule_common+0x1f/0xd0 [ 34.648008] preempt_schedule+0x4d/0x60 [ 34.651971] ___preempt_schedule+0x16/0x18 [ 34.656194] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 34.661112] __call_srcu+0x7f9/0x1070 [ 34.664899] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 34.669993] ? srcu_offline_cpu+0x120/0x120 [ 34.674303] ? debug_object_free+0x690/0x690 [ 34.678707] ? mark_held_locks+0x130/0x130 [ 34.682930] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 34.687506] ? lock_release+0x970/0x970 [ 34.691472] ? arch_local_save_flags+0x40/0x40 [ 34.696053] ? depot_save_stack+0x292/0x470 [ 34.700367] ? __lockdep_init_map+0x105/0x590 [ 34.704861] ? __init_waitqueue_head+0x9e/0x150 [ 34.709955] ? init_wait_entry+0x1c0/0x1c0 [ 34.714187] __synchronize_srcu+0x17b/0x230 [ 34.718500] ? call_srcu+0x10/0x10 [ 34.722026] ? rcu_unexpedite_gp+0x20/0x20 [ 34.726251] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.731788] ? check_preemption_disabled+0x48/0x200 [ 34.736808] synchronize_srcu+0x356/0x5ab [ 34.740942] ? lock_downgrade+0x900/0x900 [ 34.745075] ? synchronize_srcu_expedited+0x20/0x20 [ 34.750087] ? kasan_check_read+0x11/0x20 [ 34.754225] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.758795] ? kasan_check_write+0x14/0x20 [ 34.763018] ? do_raw_spin_lock+0xc1/0x200 [ 34.767243] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.772941] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.778382] ? kvfree+0x61/0x70 [ 34.781648] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.786654] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.790703] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.795100] ? kvm_arch_sync_events+0x30/0x30 [ 34.799588] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.805114] ? mmu_notifier_unregister+0x474/0x600 [ 34.810031] ? kfree+0x107/0x230 [ 34.813385] ? __mmu_notifier_register+0x30/0x30 [ 34.818130] ? __free_pages+0x10a/0x190 [ 34.822440] ? free_unref_page+0x960/0x960 [ 34.826673] kvm_put_kvm+0x6c8/0xff0 [ 34.830379] ? kvm_write_guest_cached+0x40/0x40 [ 34.835039] ? kvm_irqfd_release+0xd1/0x120 [ 34.839352] ? _raw_spin_unlock_irq+0x27/0x80 [ 34.843836] ? _raw_spin_unlock_irq+0x27/0x80 [ 34.848333] ? kasan_check_write+0x14/0x20 [ 34.852555] ? do_raw_spin_lock+0xc1/0x200 [ 34.856778] ? kvm_irqfd_release+0xdd/0x120 [ 34.861085] ? kvm_irqfd_release+0xdd/0x120 [ 34.865395] ? kvm_put_kvm+0xff0/0xff0 [ 34.869271] kvm_vm_release+0x42/0x50 [ 34.873067] __fput+0x385/0xa30 [ 34.876336] ? get_max_files+0x20/0x20 [ 34.880210] ? trace_hardirqs_on+0xbd/0x310 [ 34.884521] ? ___might_sleep+0x1ed/0x300 [ 34.888672] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 34.894112] ? arch_local_save_flags+0x40/0x40 [ 34.898682] ? kasan_check_write+0x14/0x20 [ 34.902909] ? do_raw_spin_lock+0xc1/0x200 [ 34.907133] ____fput+0x15/0x20 [ 34.910406] task_work_run+0x1e8/0x2a0 [ 34.914288] ? task_work_cancel+0x240/0x240 [ 34.918603] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.924132] ? switch_task_namespaces+0x9d/0xd0 [ 34.928830] do_exit+0x1ad7/0x2610 [ 34.932366] ? mm_update_next_owner+0x990/0x990 [ 34.937029] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 34.941255] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.946270] ? kfree+0x1fa/0x230 [ 34.949631] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 34.953856] ? kvm_vcpu_block+0x1030/0x1030 [ 34.958169] ? is_bpf_text_address+0xd3/0x170 [ 34.962654] ? kernel_text_address+0x79/0xf0 [ 34.967051] ? __kernel_text_address+0xd/0x40 [ 34.971536] ? unwind_get_return_address+0x61/0xa0 [ 34.976457] ? __save_stack_trace+0x8d/0xf0 [ 34.980789] ? save_stack+0xa9/0xd0 [ 34.984420] ? save_stack+0x43/0xd0 [ 34.988042] ? __kasan_slab_free+0x102/0x150 [ 34.992438] ? kasan_slab_free+0xe/0x10 [ 34.996406] ? putname+0xf2/0x130 [ 34.999845] ? __x64_sys_openat+0x9d/0x100 [ 35.004074] ? do_syscall_64+0x1b9/0x820 [ 35.008122] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.013481] ? trace_hardirqs_off+0xb8/0x310 [ 35.017878] ? kasan_check_read+0x11/0x20 [ 35.022026] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.026424] ? trace_hardirqs_on+0x310/0x310 [ 35.030823] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 35.035914] ? trace_hardirqs_off+0xb8/0x310 [ 35.040326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.045852] ? check_preemption_disabled+0x48/0x200 [ 35.050852] ? check_preemption_disabled+0x48/0x200 [ 35.055860] ? kvm_vcpu_block+0x1030/0x1030 [ 35.060168] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.065693] ? do_vfs_ioctl+0x201/0x1720 [ 35.069743] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 35.075010] ? ioctl_preallocate+0x300/0x300 [ 35.079440] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.085053] ? __fget_light+0x2e9/0x430 [ 35.089015] ? fget_raw+0x20/0x20 [ 35.092459] ? putname+0xf2/0x130 [ 35.095910] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.100916] ? kmem_cache_free+0x24f/0x290 [ 35.105142] ? putname+0xf7/0x130 [ 35.108586] do_group_exit+0x177/0x440 [ 35.112466] ? trace_hardirqs_on+0xbd/0x310 [ 35.116778] ? __ia32_sys_exit+0x50/0x50 [ 35.120828] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.126294] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.131823] ? ksys_ioctl+0x81/0xd0 [ 35.135443] __x64_sys_exit_group+0x3e/0x50 [ 35.139773] do_syscall_64+0x1b9/0x820 [ 35.143663] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.149031] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.153947] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.158781] ? trace_hardirqs_on_caller+0x310/0x310 [ 35.163787] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.168793] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.173800] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.178632] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.183805] RIP: 0033:0x43f028 [ 35.186986] Code: 88 46 05 44 0f b6 47 03 44 89 c0 41 c0 f8 07 f6 ea 66 c1 e8 08 89 c1 c0 f9 02 44 29 c1 89 c8 89 cb f6 ea c0 fb 07 41 89 d8 66 e8 08 c0 f8 02 44 29 c0 8d 04 80 01 c0 29 c1 83 c1 30 88 4e 07 [ 35.205873] RSP: 002b:00007ffd5241f328 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.213571] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 35.220837] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.228100] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.235369] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.242623] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 35.249883] [ 35.249888] ====================================================== [ 35.249892] WARNING: possible circular locking dependency detected [ 35.249896] 4.19.0-rc4+ #248 Not tainted [ 35.249900] ------------------------------------------------------ [ 35.249917] syz-executor956/5312 is trying to acquire lock: [ 35.249919] 00000000255ba6a5 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 35.249929] [ 35.249932] but task is already holding lock: [ 35.249935] 00000000749dc618 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 35.249945] [ 35.249949] which lock already depends on the new lock. [ 35.249968] [ 35.249970] [ 35.249974] the existing dependency chain (in reverse order) is: [ 35.249976] [ 35.249977] -> #3 (report_lock){....}: [ 35.249988] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.249991] kasan_report+0x8b/0x110 [ 35.249995] __asan_report_load8_noabort+0x14/0x20 [ 35.249998] __schedule+0xfc3/0x1ed0 [ 35.250002] preempt_schedule_common+0x1f/0xd0 [ 35.250005] preempt_schedule+0x4d/0x60 [ 35.250008] ___preempt_schedule+0x16/0x18 [ 35.250012] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.250015] __call_srcu+0x7f9/0x1070 [ 35.250018] __synchronize_srcu+0x17b/0x230 [ 35.250021] synchronize_srcu+0x356/0x5ab [ 35.250025] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.250028] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.250032] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.250035] kvm_put_kvm+0x6c8/0xff0 [ 35.250038] kvm_vm_release+0x42/0x50 [ 35.250041] __fput+0x385/0xa30 [ 35.250043] ____fput+0x15/0x20 [ 35.250047] task_work_run+0x1e8/0x2a0 [ 35.250049] do_exit+0x1ad7/0x2610 [ 35.250052] do_group_exit+0x177/0x440 [ 35.250056] __x64_sys_exit_group+0x3e/0x50 [ 35.250059] do_syscall_64+0x1b9/0x820 [ 35.250063] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.250064] [ 35.250066] -> #2 (&rq->lock){-.-.}: [ 35.250077] _raw_spin_lock+0x2d/0x40 [ 35.250080] task_fork_fair+0xb0/0x6d0 [ 35.250083] sched_fork+0x443/0xba0 [ 35.250086] copy_process+0x2586/0x8780 [ 35.250089] _do_fork+0x1cb/0x11d0 [ 35.250092] kernel_thread+0x34/0x40 [ 35.250095] rest_init+0x22/0xe5 [ 35.250098] start_kernel+0x8f4/0x92f [ 35.250101] x86_64_start_reservations+0x29/0x2b [ 35.250104] x86_64_start_kernel+0x76/0x79 [ 35.250108] secondary_startup_64+0xa4/0xb0 [ 35.250109] [ 35.250111] -> #1 (&p->pi_lock){-.-.}: [ 35.250122] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.250125] try_to_wake_up+0xd2/0x12f0 [ 35.250128] wake_up_process+0x10/0x20 [ 35.250131] __up.isra.1+0x1c0/0x2a0 [ 35.250134] up+0x13c/0x1c0 [ 35.250137] __up_console_sem+0xbe/0x1b0 [ 35.250140] console_unlock+0x814/0x1160 [ 35.250143] vprintk_emit+0x33d/0x930 [ 35.250146] vprintk_default+0x28/0x30 [ 35.250149] vprintk_func+0x7e/0x181 [ 35.250152] printk+0xa7/0xcf [ 35.250155] load_umh+0x51/0xbd [ 35.250158] do_one_initcall+0x145/0x957 [ 35.250162] kernel_init_freeable+0x4bb/0x5ae [ 35.250165] kernel_init+0x11/0x1b2 [ 35.250167] ret_from_fork+0x3a/0x50 [ 35.250169] [ 35.250171] -> #0 ((console_sem).lock){-...}: [ 35.250182] lock_acquire+0x1ed/0x520 [ 35.250185] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.250188] down_trylock+0x13/0x70 [ 35.250192] __down_trylock_console_sem+0xae/0x200 [ 35.250195] console_trylock+0x15/0xa0 [ 35.250198] vprintk_emit+0x322/0x930 [ 35.250201] vprintk_default+0x28/0x30 [ 35.250204] vprintk_func+0x7e/0x181 [ 35.250207] printk+0xa7/0xcf [ 35.250210] kasan_report+0x9b/0x110 [ 35.250213] __asan_report_load8_noabort+0x14/0x20 [ 35.250216] __schedule+0xfc3/0x1ed0 [ 35.250220] preempt_schedule_common+0x1f/0xd0 [ 35.250223] preempt_schedule+0x4d/0x60 [ 35.250226] ___preempt_schedule+0x16/0x18 [ 35.250230] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.250233] __call_srcu+0x7f9/0x1070 [ 35.250236] __synchronize_srcu+0x17b/0x230 [ 35.250239] synchronize_srcu+0x356/0x5ab [ 35.250243] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.250247] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.250250] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.250253] kvm_put_kvm+0x6c8/0xff0 [ 35.250256] kvm_vm_release+0x42/0x50 [ 35.250259] __fput+0x385/0xa30 [ 35.250262] ____fput+0x15/0x20 [ 35.250265] task_work_run+0x1e8/0x2a0 [ 35.250268] do_exit+0x1ad7/0x2610 [ 35.250277] do_group_exit+0x177/0x440 [ 35.250293] __x64_sys_exit_group+0x3e/0x50 [ 35.250295] do_syscall_64+0x1b9/0x820 [ 35.250299] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.250301] [ 35.250304] other info that might help us debug this: [ 35.250306] [ 35.250308] Chain exists of: [ 35.250309] (console_sem).lock --> &rq->lock --> report_lock [ 35.250322] [ 35.250325] Possible unsafe locking scenario: [ 35.250327] [ 35.250330] CPU0 CPU1 [ 35.250333] ---- ---- [ 35.250335] lock(report_lock); [ 35.250341] lock(&rq->lock); [ 35.250348] lock(report_lock); [ 35.250353] lock((console_sem).lock); [ 35.250359] [ 35.250361] *** DEADLOCK *** [ 35.250363] [ 35.250366] 2 locks held by syz-executor956/5312: [ 35.250368] #0: 00000000c2998e06 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 35.250380] #1: 00000000749dc618 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 35.250392] [ 35.250394] stack backtrace: [ 35.250398] CPU: 0 PID: 5312 Comm: syz-executor956 Not tainted 4.19.0-rc4+ #248 [ 35.250404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.250406] Call Trace: [ 35.250409] dump_stack+0x1c4/0x2b4 [ 35.250412] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.250415] ? vprintk_func+0x85/0x181 [ 35.250419] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 35.250422] ? save_trace+0xe0/0x290 [ 35.250425] __lock_acquire+0x33e4/0x4ec0 [ 35.250428] ? mark_held_locks+0x130/0x130 [ 35.250431] ? mark_held_locks+0x130/0x130 [ 35.250433] ? rcu_bh_qs+0xc0/0xc0 [ 35.250436] ? unwind_dump+0x190/0x190 [ 35.250444] ? is_bpf_text_address+0xd3/0x170 [ 35.250447] ? kernel_text_address+0x79/0xf0 [ 35.250450] ? __kernel_text_address+0xd/0x40 [ 35.250453] ? __save_stack_trace+0x8d/0xf0 [ 35.250457] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 35.250459] ? save_trace+0x290/0x290 [ 35.250462] ? save_stack_trace+0x1a/0x20 [ 35.250465] ? save_trace+0xe0/0x290 [ 35.250468] ? kasan_check_read+0x11/0x20 [ 35.250471] ? graph_lock+0x170/0x170 [ 35.250474] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.250477] lock_acquire+0x1ed/0x520 [ 35.250480] ? down_trylock+0x13/0x70 [ 35.250483] ? find_held_lock+0x36/0x1c0 [ 35.250486] ? lock_release+0x970/0x970 [ 35.250489] ? trace_hardirqs_off+0xb8/0x310 [ 35.250492] ? vprintk_emit+0x1d3/0x930 [ 35.250495] ? trace_hardirqs_on+0x310/0x310 [ 35.250498] ? trace_hardirqs_off+0xb8/0x310 [ 35.250500] ? log_store+0x344/0x4c0 [ 35.250503] ? vprintk_emit+0x322/0x930 [ 35.250506] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.250509] ? down_trylock+0x13/0x70 [ 35.250512] down_trylock+0x13/0x70 [ 35.250515] __down_trylock_console_sem+0xae/0x200 [ 35.250518] console_trylock+0x15/0xa0 [ 35.250521] vprintk_emit+0x322/0x930 [ 35.250524] ? wake_up_klogd+0x180/0x180 [ 35.250527] ? run_rebalance_domains+0x500/0x500 [ 35.250530] ? find_held_lock+0x36/0x1c0 [ 35.250533] ? __queue_work+0x6be/0x1440 [ 35.250535] ? lock_acquire+0x1ed/0x520 [ 35.250538] vprintk_default+0x28/0x30 [ 35.250541] vprintk_func+0x7e/0x181 [ 35.250543] printk+0xa7/0xcf [ 35.250547] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.250550] ? kasan_check_write+0x14/0x20 [ 35.250553] ? do_raw_spin_lock+0xc1/0x200 [ 35.250556] ? do_raw_spin_lock+0xc1/0x200 [ 35.250558] kasan_report+0x9b/0x110 [ 35.250561] ? __schedule+0xfc3/0x1ed0 [ 35.250564] __asan_report_load8_noabort+0x14/0x20 [ 35.250567] __schedule+0xfc3/0x1ed0 [ 35.250570] ? __sched_text_start+0x8/0x8 [ 35.250573] ? __lock_is_held+0xb5/0x140 [ 35.250576] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.250579] ? find_held_lock+0x36/0x1c0 [ 35.250582] ? __call_srcu+0x7f9/0x1070 [ 35.250585] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.250589] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.250592] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.250595] ? preempt_schedule+0x4d/0x60 [ 35.250598] preempt_schedule_common+0x1f/0xd0 [ 35.250601] preempt_schedule+0x4d/0x60 [ 35.250604] ___preempt_schedule+0x16/0x18 [ 35.250607] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.250610] __call_srcu+0x7f9/0x1070 [ 35.250613] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 35.250616] ? srcu_offline_cpu+0x120/0x120 [ 35.250620] ? debug_object_free+0x690/0x690 [ 35.250623] ? mark_held_locks+0x130/0x130 [ 35.250626] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 35.250629] ? lock_release+0x970/0x970 [ 35.250632] ? arch_local_save_flags+0x40/0x40 [ 35.250635] ? depot_save_stack+0x292/0x470 [ 35.250638] ? __lockdep_init_map+0x105/0x590 [ 35.250641] ? __init_waitqueue_head+0x9e/0x150 [ 35.250644] ? init_wait_entry+0x1c0/0x1c0 [ 35.250647] __synchronize_srcu+0x17b/0x230 [ 35.250650] ? call_srcu+0x10/0x10 [ 35.250653] ? rcu_unexpedite_gp+0x20/0x20 [ 35.250656] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.250660] ? check_preemption_disabled+0x48/0x200 [ 35.250663] synchronize_srcu+0x356/0x5ab [ 35.250666] ? lock_downgrade+0x900/0x900 [ 35.250669] ? synchronize_srcu_expedited+0x20/0x20 [ 35.250672] ? kasan_check_read+0x11/0x20 [ 35.250675] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.250678] ? kasan_check_write+0x14/0x20 [ 35.250681] ? do_raw_spin_lock+0xc1/0x200 [ 35.250685] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.250688] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.250691] ? kvfree+0x61/0x70 [ 35.250694] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.250697] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.250700] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.250703] ? kvm_arch_sync_events+0x30/0x30 [ 35.250707] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.250710] ? mmu_notifier_unregister+0x474/0x600 [ 35.250713] ? kfree+0x107/0x230 [ 35.250716] ? __mmu_notifier_register+0x30/0x30 [ 35.250719] ? __free_pages+0x10a/0x190 [ 35.250722] ? free_unref_page+0x960/0x960 [ 35.250725] kvm_put_kvm+0x6c8/0xff0 [ 35.250728] ? kvm_write_guest_cached+0x40/0x40 [ 35.250731] ? kvm_irqfd_release+0xd1/0x120 [ 35.250734] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.250737] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.250740] ? kasan_check_write+0x14/0x20 [ 35.250743] ? do_raw_spin_lock+0xc1/0x200 [ 35.250746] ? kvm_irqfd_release+0xdd/0x120 [ 35.250748] ? kvm_irqfd_release+ [ 35.250753] Lost 81 message(s)! [ 36.425939] Shutting down cpus with NMI [ 37.484568] Kernel Offset: disabled [ 37.488199] Rebooting in 86400 seconds..