[....] Starting OpenBSD Secure Shell server: sshd[ 24.228270] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.822381] random: sshd: uninitialized urandom read (32 bytes read) [ 27.198685] random: sshd: uninitialized urandom read (32 bytes read) [ 27.762703] sshd (5314) used greatest stack depth: 16600 bytes left [ 27.783299] random: sshd: uninitialized urandom read (32 bytes read) [ 27.999956] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts. [ 33.675864] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.797292] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.822185] ================================================================== [ 33.832183] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 33.838406] Read of size 8 at addr ffff8801be1c8058 by task syz-executor173/5327 [ 33.845924] [ 33.847558] CPU: 1 PID: 5327 Comm: syz-executor173 Not tainted 4.19.0-rc3+ #232 [ 33.854997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.864342] Call Trace: [ 33.866944] dump_stack+0x1c4/0x2b4 [ 33.870567] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.875763] ? printk+0xa7/0xcf [ 33.879048] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.883821] print_address_description.cold.8+0x9/0x1ff [ 33.889184] kasan_report.cold.9+0x242/0x309 [ 33.893587] ? __schedule+0xfc3/0x1ed0 [ 33.897473] __asan_report_load8_noabort+0x14/0x20 [ 33.902396] __schedule+0xfc3/0x1ed0 [ 33.906109] ? __sched_text_start+0x8/0x8 [ 33.910258] ? __lock_is_held+0xb5/0x140 [ 33.914315] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.919416] ? find_held_lock+0x36/0x1c0 [ 33.923476] ? __call_srcu+0x7f9/0x1070 [ 33.927448] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.932544] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 33.937642] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.942218] ? preempt_schedule+0x4d/0x60 [ 33.946367] preempt_schedule_common+0x1f/0xd0 [ 33.950955] preempt_schedule+0x4d/0x60 [ 33.954927] ___preempt_schedule+0x16/0x18 [ 33.959172] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 33.964102] __call_srcu+0x7f9/0x1070 [ 33.967900] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 33.973004] ? srcu_offline_cpu+0x120/0x120 [ 33.977323] ? debug_object_free+0x690/0x690 [ 33.981728] ? mark_held_locks+0x130/0x130 [ 33.985971] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 33.990554] ? lock_release+0x970/0x970 [ 33.994529] ? arch_local_save_flags+0x40/0x40 [ 33.999116] ? depot_save_stack+0x292/0x470 [ 34.003455] ? __lockdep_init_map+0x105/0x590 [ 34.007967] ? __init_waitqueue_head+0x9e/0x150 [ 34.012636] ? init_wait_entry+0x1c0/0x1c0 [ 34.016878] __synchronize_srcu+0x17b/0x230 [ 34.021195] ? call_srcu+0x10/0x10 [ 34.024735] ? rcu_unexpedite_gp+0x20/0x20 [ 34.028976] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.034506] ? check_preemption_disabled+0x48/0x200 [ 34.039522] synchronize_srcu+0x356/0x5ab [ 34.043666] ? lock_downgrade+0x900/0x900 [ 34.047810] ? synchronize_srcu_expedited+0x20/0x20 [ 34.052825] ? kasan_check_read+0x11/0x20 [ 34.056976] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.061558] ? kasan_check_write+0x14/0x20 [ 34.065788] ? do_raw_spin_lock+0xc1/0x200 [ 34.070027] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.075742] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.081189] ? kvfree+0x61/0x70 [ 34.084467] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.089479] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.093539] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.097953] ? kvm_arch_sync_events+0x30/0x30 [ 34.102453] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.107992] ? mmu_notifier_unregister+0x474/0x600 [ 34.112922] ? kfree+0x107/0x230 [ 34.116293] ? __mmu_notifier_register+0x30/0x30 [ 34.121051] ? __free_pages+0x10a/0x190 [ 34.125031] ? free_unref_page+0x960/0x960 [ 34.129285] kvm_put_kvm+0x6c8/0xff0 [ 34.133004] ? kvm_write_guest_cached+0x40/0x40 [ 34.137671] ? kvm_irqfd_release+0xd1/0x120 [ 34.141994] ? _raw_spin_unlock_irq+0x27/0x80 [ 34.146481] ? _raw_spin_unlock_irq+0x27/0x80 [ 34.150985] ? kasan_check_write+0x14/0x20 [ 34.155216] ? do_raw_spin_lock+0xc1/0x200 [ 34.159450] ? kvm_irqfd_release+0xdd/0x120 [ 34.163764] ? kvm_irqfd_release+0xdd/0x120 [ 34.168081] ? kvm_put_kvm+0xff0/0xff0 [ 34.171968] kvm_vm_release+0x42/0x50 [ 34.175763] __fput+0x385/0xa30 [ 34.179041] ? get_max_files+0x20/0x20 [ 34.182922] ? trace_hardirqs_on+0xbd/0x310 [ 34.187252] ? ___might_sleep+0x1ed/0x300 [ 34.191396] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 34.196851] ? arch_local_save_flags+0x40/0x40 [ 34.201432] ? kasan_check_write+0x14/0x20 [ 34.205662] ? do_raw_spin_lock+0xc1/0x200 [ 34.209895] ____fput+0x15/0x20 [ 34.213169] task_work_run+0x1e8/0x2a0 [ 34.217055] ? task_work_cancel+0x240/0x240 [ 34.221374] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.226915] ? switch_task_namespaces+0x9d/0xd0 [ 34.231596] do_exit+0x1ad7/0x2610 [ 34.235136] ? mm_update_next_owner+0x990/0x990 [ 34.239811] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 34.244047] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.249079] ? kfree+0x1fa/0x230 [ 34.252451] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 34.256687] ? kvm_vcpu_block+0x1030/0x1030 [ 34.261008] ? is_bpf_text_address+0xd3/0x170 [ 34.265497] ? kernel_text_address+0x79/0xf0 [ 34.269905] ? __kernel_text_address+0xd/0x40 [ 34.274418] ? unwind_get_return_address+0x61/0xa0 [ 34.279345] ? __save_stack_trace+0x8d/0xf0 [ 34.283672] ? save_stack+0xa9/0xd0 [ 34.287291] ? save_stack+0x43/0xd0 [ 34.290908] ? __kasan_slab_free+0x102/0x150 [ 34.295320] ? kasan_slab_free+0xe/0x10 [ 34.299289] ? putname+0xf2/0x130 [ 34.302743] ? __x64_sys_openat+0x9d/0x100 [ 34.306974] ? do_syscall_64+0x1b9/0x820 [ 34.311041] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.316408] ? trace_hardirqs_off+0xb8/0x310 [ 34.320815] ? kasan_check_read+0x11/0x20 [ 34.324966] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.329373] ? trace_hardirqs_on+0x310/0x310 [ 34.333783] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 34.338887] ? trace_hardirqs_off+0xb8/0x310 [ 34.343680] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.349218] ? check_preemption_disabled+0x48/0x200 [ 34.354236] ? check_preemption_disabled+0x48/0x200 [ 34.359256] ? kvm_vcpu_block+0x1030/0x1030 [ 34.363581] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.369124] ? do_vfs_ioctl+0x201/0x1720 [ 34.373199] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 34.378481] ? ioctl_preallocate+0x300/0x300 [ 34.382887] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.388421] ? __fget_light+0x2e9/0x430 [ 34.392392] ? fget_raw+0x20/0x20 [ 34.395836] ? putname+0xf2/0x130 [ 34.399283] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.404297] ? kmem_cache_free+0x24f/0x290 [ 34.408529] ? putname+0xf7/0x130 [ 34.411984] do_group_exit+0x177/0x440 [ 34.415867] ? trace_hardirqs_on+0xbd/0x310 [ 34.420188] ? __ia32_sys_exit+0x50/0x50 [ 34.424248] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 34.429697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.435231] ? ksys_ioctl+0x81/0xd0 [ 34.438866] __x64_sys_exit_group+0x3e/0x50 [ 34.443189] do_syscall_64+0x1b9/0x820 [ 34.447074] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.452432] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.457358] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.462198] ? trace_hardirqs_on_caller+0x310/0x310 [ 34.467211] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.472239] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.477769] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.482617] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.487812] RIP: 0033:0x43ecd8 [ 34.491009] Code: Bad RIP value. [ 34.494372] RSP: 002b:00007ffe90d0bf28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.502091] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8 [ 34.509357] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.516625] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.523889] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.531153] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.538426] [ 34.540051] Allocated by task 5327: [ 34.543678] save_stack+0x43/0xd0 [ 34.547125] kasan_kmalloc+0xc7/0xe0 [ 34.550835] kasan_slab_alloc+0x12/0x20 [ 34.554803] kmem_cache_alloc+0x12e/0x730 [ 34.558953] vmx_create_vcpu+0xcf/0x25e0 [ 34.563014] kvm_arch_vcpu_create+0xe5/0x220 [ 34.567418] kvm_vm_ioctl+0x470/0x1d40 [ 34.571302] do_vfs_ioctl+0x1de/0x1720 [ 34.575184] ksys_ioctl+0xa9/0xd0 [ 34.578629] __x64_sys_ioctl+0x73/0xb0 [ 34.582511] do_syscall_64+0x1b9/0x820 [ 34.586397] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.591569] [ 34.593187] Freed by task 5327: [ 34.596469] save_stack+0x43/0xd0 [ 34.599923] __kasan_slab_free+0x102/0x150 [ 34.604159] kasan_slab_free+0xe/0x10 [ 34.607966] kmem_cache_free+0x83/0x290 [ 34.611953] vmx_free_vcpu+0x26b/0x300 [ 34.615847] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.620267] kvm_put_kvm+0x6c8/0xff0 [ 34.623990] kvm_vm_release+0x42/0x50 [ 34.627791] __fput+0x385/0xa30 [ 34.631063] ____fput+0x15/0x20 [ 34.634339] task_work_run+0x1e8/0x2a0 [ 34.638225] do_exit+0x1ad7/0x2610 [ 34.641759] do_group_exit+0x177/0x440 [ 34.645645] __x64_sys_exit_group+0x3e/0x50 [ 34.649970] do_syscall_64+0x1b9/0x820 [ 34.653858] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.659035] [ 34.660660] The buggy address belongs to the object at ffff8801be1c8040 [ 34.660660] which belongs to the cache kvm_vcpu of size 23872 [ 34.673236] The buggy address is located 24 bytes inside of [ 34.673236] 23872-byte region [ffff8801be1c8040, ffff8801be1cdd80) [ 34.685194] The buggy address belongs to the page: [ 34.690130] page:ffffea0006f87200 count:1 mapcount:0 mapping:ffff8801d528d780 index:0x0 compound_mapcount: 0 [ 34.700099] flags: 0x2fffc0000008100(slab|head) [ 34.704771] raw: 02fffc0000008100 ffff8801d5291848 ffff8801d5291848 ffff8801d528d780 [ 34.712652] raw: 0000000000000000 ffff8801be1c8040 0000000100000001 0000000000000000 [ 34.720518] page dumped because: kasan: bad access detected [ 34.726218] [ 34.727836] Memory state around the buggy address: [ 34.732763] ffff8801be1c7f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.740124] ffff8801be1c7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.747495] >ffff8801be1c8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.754846] ^ [ 34.761075] ffff8801be1c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.768429] ffff8801be1c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.775777] ================================================================== [ 34.783127] Kernel panic - not syncing: panic_on_warn set ... [ 34.783127] [ 34.790489] CPU: 1 PID: 5327 Comm: syz-executor173 Tainted: G B 4.19.0-rc3+ #232 [ 34.799312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.808652] Call Trace: [ 34.811246] dump_stack+0x1c4/0x2b4 [ 34.814876] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.820065] ? lock_downgrade+0x900/0x900 [ 34.824211] panic+0x238/0x4e7 [ 34.827398] ? add_taint.cold.5+0x16/0x16 [ 34.831544] ? print_shadow_for_address+0xb6/0x116 [ 34.836467] ? trace_hardirqs_off+0xaf/0x310 [ 34.840876] kasan_end_report+0x47/0x4f [ 34.844846] kasan_report.cold.9+0x76/0x309 [ 34.849170] ? __schedule+0xfc3/0x1ed0 [ 34.853062] __asan_report_load8_noabort+0x14/0x20 [ 34.857988] __schedule+0xfc3/0x1ed0 [ 34.861711] ? __sched_text_start+0x8/0x8 [ 34.865881] ? __lock_is_held+0xb5/0x140 [ 34.869957] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.875073] ? find_held_lock+0x36/0x1c0 [ 34.879140] ? __call_srcu+0x7f9/0x1070 [ 34.883123] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.888225] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.893327] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.897908] ? preempt_schedule+0x4d/0x60 [ 34.902065] preempt_schedule_common+0x1f/0xd0 [ 34.906648] preempt_schedule+0x4d/0x60 [ 34.910621] ___preempt_schedule+0x16/0x18 [ 34.914861] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 34.919793] __call_srcu+0x7f9/0x1070 [ 34.923589] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 34.928694] ? srcu_offline_cpu+0x120/0x120 [ 34.933017] ? debug_object_free+0x690/0x690 [ 34.937439] ? mark_held_locks+0x130/0x130 [ 34.941701] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 34.946289] ? lock_release+0x970/0x970 [ 34.950259] ? arch_local_save_flags+0x40/0x40 [ 34.954842] ? depot_save_stack+0x292/0x470 [ 34.959167] ? __lockdep_init_map+0x105/0x590 [ 34.963661] ? __init_waitqueue_head+0x9e/0x150 [ 34.968339] ? init_wait_entry+0x1c0/0x1c0 [ 34.972620] __synchronize_srcu+0x17b/0x230 [ 34.976954] ? call_srcu+0x10/0x10 [ 34.980491] ? rcu_unexpedite_gp+0x20/0x20 [ 34.984744] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.990392] ? check_preemption_disabled+0x48/0x200 [ 34.995429] synchronize_srcu+0x356/0x5ab [ 34.999604] ? lock_downgrade+0x900/0x900 [ 35.003755] ? synchronize_srcu_expedited+0x20/0x20 [ 35.008772] ? kasan_check_read+0x11/0x20 [ 35.012929] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.017526] ? kasan_check_write+0x14/0x20 [ 35.021762] ? do_raw_spin_lock+0xc1/0x200 [ 35.026001] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.031710] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.037178] ? kvfree+0x61/0x70 [ 35.040457] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.045471] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.049530] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.053944] ? kvm_arch_sync_events+0x30/0x30 [ 35.058444] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.063992] ? mmu_notifier_unregister+0x474/0x600 [ 35.068918] ? kfree+0x107/0x230 [ 35.072290] ? __mmu_notifier_register+0x30/0x30 [ 35.077048] ? __free_pages+0x10a/0x190 [ 35.081017] ? free_unref_page+0x960/0x960 [ 35.085261] kvm_put_kvm+0x6c8/0xff0 [ 35.088979] ? kvm_write_guest_cached+0x40/0x40 [ 35.093658] ? kvm_irqfd_release+0xd1/0x120 [ 35.097984] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.102478] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.106986] ? kasan_check_write+0x14/0x20 [ 35.111227] ? do_raw_spin_lock+0xc1/0x200 [ 35.115474] ? kvm_irqfd_release+0xdd/0x120 [ 35.119807] ? kvm_irqfd_release+0xdd/0x120 [ 35.124139] ? kvm_put_kvm+0xff0/0xff0 [ 35.128051] kvm_vm_release+0x42/0x50 [ 35.131846] __fput+0x385/0xa30 [ 35.135126] ? get_max_files+0x20/0x20 [ 35.139013] ? trace_hardirqs_on+0xbd/0x310 [ 35.143359] ? ___might_sleep+0x1ed/0x300 [ 35.147504] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.152963] ? arch_local_save_flags+0x40/0x40 [ 35.157546] ? kasan_check_write+0x14/0x20 [ 35.161784] ? do_raw_spin_lock+0xc1/0x200 [ 35.166161] ____fput+0x15/0x20 [ 35.169436] task_work_run+0x1e8/0x2a0 [ 35.173322] ? task_work_cancel+0x240/0x240 [ 35.177645] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.183192] ? switch_task_namespaces+0x9d/0xd0 [ 35.187875] do_exit+0x1ad7/0x2610 [ 35.191421] ? mm_update_next_owner+0x990/0x990 [ 35.196096] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 35.200331] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.205348] ? kfree+0x1fa/0x230 [ 35.208715] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 35.212962] ? kvm_vcpu_block+0x1030/0x1030 [ 35.217292] ? is_bpf_text_address+0xd3/0x170 [ 35.221799] ? kernel_text_address+0x79/0xf0 [ 35.226213] ? __kernel_text_address+0xd/0x40 [ 35.230708] ? unwind_get_return_address+0x61/0xa0 [ 35.235650] ? __save_stack_trace+0x8d/0xf0 [ 35.239987] ? save_stack+0xa9/0xd0 [ 35.243620] ? save_stack+0x43/0xd0 [ 35.247248] ? __kasan_slab_free+0x102/0x150 [ 35.251663] ? kasan_slab_free+0xe/0x10 [ 35.255635] ? putname+0xf2/0x130 [ 35.259083] ? __x64_sys_openat+0x9d/0x100 [ 35.263317] ? do_syscall_64+0x1b9/0x820 [ 35.267386] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.272754] ? trace_hardirqs_off+0xb8/0x310 [ 35.277160] ? kasan_check_read+0x11/0x20 [ 35.281309] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.285711] ? trace_hardirqs_on+0x310/0x310 [ 35.290139] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 35.295239] ? trace_hardirqs_off+0xb8/0x310 [ 35.299645] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.305179] ? check_preemption_disabled+0x48/0x200 [ 35.310191] ? check_preemption_disabled+0x48/0x200 [ 35.315216] ? kvm_vcpu_block+0x1030/0x1030 [ 35.319539] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.325076] ? do_vfs_ioctl+0x201/0x1720 [ 35.329136] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 35.334414] ? ioctl_preallocate+0x300/0x300 [ 35.338817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.344359] ? __fget_light+0x2e9/0x430 [ 35.348336] ? fget_raw+0x20/0x20 [ 35.351784] ? putname+0xf2/0x130 [ 35.355233] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.360258] ? kmem_cache_free+0x24f/0x290 [ 35.364502] ? putname+0xf7/0x130 [ 35.367974] do_group_exit+0x177/0x440 [ 35.371879] ? trace_hardirqs_on+0xbd/0x310 [ 35.376204] ? __ia32_sys_exit+0x50/0x50 [ 35.380260] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.385705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.391241] ? ksys_ioctl+0x81/0xd0 [ 35.394870] __x64_sys_exit_group+0x3e/0x50 [ 35.399192] do_syscall_64+0x1b9/0x820 [ 35.403078] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.408438] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.413381] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.418221] ? trace_hardirqs_on_caller+0x310/0x310 [ 35.423239] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.428253] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.433273] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.438161] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.443347] RIP: 0033:0x43ecd8 [ 35.446536] Code: Bad RIP value. [ 35.449892] RSP: 002b:00007ffe90d0bf28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.457599] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8 [ 35.464865] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.472132] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.480124] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.487397] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.494688] [ 35.494694] ====================================================== [ 35.494700] WARNING: possible circular locking dependency detected [ 35.494705] 4.19.0-rc3+ #232 Not tainted [ 35.494710] ------------------------------------------------------ [ 35.494716] syz-executor173/5327 is trying to acquire lock: [ 35.494720] 00000000509e7e84 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 35.494742] [ 35.494746] but task is already holding lock: [ 35.494750] 00000000d4b0b768 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 35.494766] [ 35.494770] which lock already depends on the new lock. [ 35.494773] [ 35.494776] [ 35.494782] the existing dependency chain (in reverse order) is: [ 35.494784] [ 35.494787] -> #3 (report_lock){....}: [ 35.494803] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.494808] kasan_report+0x8b/0x110 [ 35.494813] __asan_report_load8_noabort+0x14/0x20 [ 35.494817] __schedule+0xfc3/0x1ed0 [ 35.494822] preempt_schedule_common+0x1f/0xd0 [ 35.494826] preempt_schedule+0x4d/0x60 [ 35.494831] ___preempt_schedule+0x16/0x18 [ 35.494836] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.494840] __call_srcu+0x7f9/0x1070 [ 35.494845] __synchronize_srcu+0x17b/0x230 [ 35.494849] synchronize_srcu+0x356/0x5ab [ 35.494855] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.494859] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.494864] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.494868] kvm_put_kvm+0x6c8/0xff0 [ 35.494872] kvm_vm_release+0x42/0x50 [ 35.494876] __fput+0x385/0xa30 [ 35.494880] ____fput+0x15/0x20 [ 35.494885] task_work_run+0x1e8/0x2a0 [ 35.494889] do_exit+0x1ad7/0x2610 [ 35.494893] do_group_exit+0x177/0x440 [ 35.494898] __x64_sys_exit_group+0x3e/0x50 [ 35.494902] do_syscall_64+0x1b9/0x820 [ 35.494907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.494910] [ 35.494912] -> #2 (&rq->lock){-.-.}: [ 35.494928] _raw_spin_lock+0x2d/0x40 [ 35.494932] task_fork_fair+0xb0/0x6d0 [ 35.494944] sched_fork+0x443/0xba0 [ 35.494949] copy_process+0x2586/0x8780 [ 35.494953] _do_fork+0x1cb/0x11d0 [ 35.494957] kernel_thread+0x34/0x40 [ 35.494961] rest_init+0x22/0xe5 [ 35.494966] start_kernel+0x8f4/0x92f [ 35.494970] x86_64_start_reservations+0x29/0x2b [ 35.494975] x86_64_start_kernel+0x76/0x79 [ 35.494980] secondary_startup_64+0xa4/0xb0 [ 35.494982] [ 35.494985] -> #1 (&p->pi_lock){-.-.}: [ 35.495001] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.495005] try_to_wake_up+0xd2/0x12f0 [ 35.495010] wake_up_process+0x10/0x20 [ 35.495014] __up.isra.1+0x1c0/0x2a0 [ 35.495018] up+0x13c/0x1c0 [ 35.495022] __up_console_sem+0xbe/0x1b0 [ 35.495027] console_unlock+0x524/0x11a0 [ 35.495031] vprintk_emit+0x33d/0x930 [ 35.495035] vprintk_default+0x28/0x30 [ 35.495040] vprintk_func+0x7e/0x181 [ 35.495044] printk+0xa7/0xcf [ 35.495048] load_umh+0x51/0xbd [ 35.495052] do_one_initcall+0x145/0x957 [ 35.495057] kernel_init_freeable+0x4bb/0x5ae [ 35.495061] kernel_init+0x11/0x1b2 [ 35.495065] ret_from_fork+0x3a/0x50 [ 35.495068] [ 35.495070] -> #0 ((console_sem).lock){-...}: [ 35.495086] lock_acquire+0x1ed/0x520 [ 35.495091] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.495095] down_trylock+0x13/0x70 [ 35.495100] __down_trylock_console_sem+0xae/0x200 [ 35.495105] console_trylock+0x15/0xa0 [ 35.495109] vprintk_emit+0x322/0x930 [ 35.495114] vprintk_default+0x28/0x30 [ 35.495118] vprintk_func+0x7e/0x181 [ 35.495122] printk+0xa7/0xcf [ 35.495126] kasan_report+0x9b/0x110 [ 35.495131] __asan_report_load8_noabort+0x14/0x20 [ 35.495135] __schedule+0xfc3/0x1ed0 [ 35.495140] preempt_schedule_common+0x1f/0xd0 [ 35.495144] preempt_schedule+0x4d/0x60 [ 35.495149] ___preempt_schedule+0x16/0x18 [ 35.495154] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.495158] __call_srcu+0x7f9/0x1070 [ 35.495163] __synchronize_srcu+0x17b/0x230 [ 35.495167] synchronize_srcu+0x356/0x5ab [ 35.495173] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.495177] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.495182] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.495186] kvm_put_kvm+0x6c8/0xff0 [ 35.495190] kvm_vm_release+0x42/0x50 [ 35.495194] __fput+0x385/0xa30 [ 35.495198] ____fput+0x15/0x20 [ 35.495202] task_work_run+0x1e8/0x2a0 [ 35.495207] do_exit+0x1ad7/0x2610 [ 35.495211] do_group_exit+0x177/0x440 [ 35.495215] __x64_sys_exit_group+0x3e/0x50 [ 35.495220] do_syscall_64+0x1b9/0x820 [ 35.495225] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.495227] [ 35.495232] other info that might help us debug this: [ 35.495235] [ 35.495239] Chain exists of: [ 35.495241] (console_sem).lock --> &rq->lock --> report_lock [ 35.495261] [ 35.495266] Possible unsafe locking scenario: [ 35.495268] [ 35.495273] CPU0 CPU1 [ 35.495277] ---- ---- [ 35.495280] lock(report_lock); [ 35.495290] lock(&rq->lock); [ 35.495301] lock(report_lock); [ 35.495310] lock((console_sem).lock); [ 35.495319] [ 35.495322] *** DEADLOCK *** [ 35.495325] [ 35.495329] 2 locks held by syz-executor173/5327: [ 35.495332] #0: 0000000055d04cdc (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 35.495351] #1: 00000000d4b0b768 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 35.495369] [ 35.495373] stack backtrace: [ 35.495380] CPU: 1 PID: 5327 Comm: syz-executor173 Not tainted 4.19.0-rc3+ #232 [ 35.495387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.495391] Call Trace: [ 35.495395] dump_stack+0x1c4/0x2b4 [ 35.495400] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.495404] ? vprintk_func+0x85/0x181 [ 35.495410] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 35.495414] ? save_trace+0xe0/0x290 [ 35.495419] __lock_acquire+0x33e4/0x4ec0 [ 35.495423] ? mark_held_locks+0x130/0x130 [ 35.495428] ? mark_held_locks+0x130/0x130 [ 35.495432] ? rcu_bh_qs+0xc0/0xc0 [ 35.495436] ? unwind_dump+0x190/0x190 [ 35.495441] ? is_bpf_text_address+0xd3/0x170 [ 35.495445] ? kernel_text_address+0x79/0xf0 [ 35.495450] ? __kernel_text_address+0xd/0x40 [ 35.495455] ? __save_stack_trace+0x8d/0xf0 [ 35.495460] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 35.495464] ? save_trace+0x290/0x290 [ 35.495468] ? save_stack_trace+0x1a/0x20 [ 35.495473] ? save_trace+0xe0/0x290 [ 35.495477] ? kasan_check_read+0x11/0x20 [ 35.495481] ? graph_lock+0x170/0x170 [ 35.495487] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.495491] lock_acquire+0x1ed/0x520 [ 35.495495] ? down_trylock+0x13/0x70 [ 35.495499] ? find_held_lock+0x36/0x1c0 [ 35.495504] ? lock_release+0x970/0x970 [ 35.495508] ? trace_hardirqs_off+0xb8/0x310 [ 35.495513] ? vprintk_emit+0x1d3/0x930 [ 35.495517] ? trace_hardirqs_on+0x310/0x310 [ 35.495522] ? trace_hardirqs_off+0xb8/0x310 [ 35.495526] ? log_store+0x344/0x4c0 [ 35.495531] ? vprintk_emit+0x322/0x930 [ 35.495535] _raw_spin_lock_irqsave+0x99/0xd0 [ 35.495540] ? down_trylock+0x13/0x70 [ 35.495544] down_trylock+0x13/0x70 [ 35.495549] __down_trylock_console_sem+0xae/0x200 [ 35.495553] console_trylock+0x15/0xa0 [ 35.495557] vprintk_emit+0x322/0x930 [ 35.495562] ? wake_up_klogd+0x180/0x180 [ 35.495567] ? run_rebalance_domains+0x500/0x500 [ 35.495571] ? wake_up_worker+0x117/0x190 [ 35.495576] ? find_held_lock+0x36/0x1c0 [ 35.495580] ? __queue_work+0x6be/0x1440 [ 35.495584] ? lock_acquire+0x1ed/0x520 [ 35.495589] vprintk_default+0x28/0x30 [ 35.495593] vprintk_func+0x7e/0x181 [ 35.495597] printk+0xa7/0xcf [ 35.495602] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.495606] ? kasan_check_write+0x14/0x20 [ 35.495611] ? do_raw_spin_lock+0xc1/0x200 [ 35.495615] ? do_raw_spin_lock+0xc1/0x200 [ 35.495619] kasan_report+0x9b/0x110 [ 35.495624] ? __schedule+0xfc3/0x1ed0 [ 35.495629] __asan_report_load8_noabort+0x14/0x20 [ 35.495633] __schedule+0xfc3/0x1ed0 [ 35.495637] ? __sched_text_start+0x8/0x8 [ 35.495642] ? __lock_is_held+0xb5/0x140 [ 35.495647] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.495651] ? find_held_lock+0x36/0x1c0 [ 35.495655] ? __call_srcu+0x7f9/0x1070 [ 35.495661] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.495666] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.495670] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.495675] ? preempt_schedule+0x4d/0x60 [ 35.495680] preempt_schedule_common+0x1f/0xd0 [ 35.495684] preempt_schedule+0x4d/0x60 [ 35.495689] ___preempt_schedule+0x16/0x18 [ 35.495693] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.495698] __call_srcu+0x7f9/0x1070 [ 35.495703] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 35.495708] ? srcu_offline_cpu+0x120/0x120 [ 35.495712] ? debug_object_free+0x690/0x690 [ 35.495717] ? mark_held_locks+0x130/0x130 [ 35.495722] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 35.495726] ? lock_release+0x970/0x970 [ 35.495736] ? arch_local_save_flags+0x40/0x40 [ 35.495741] ? depot_save_stack+0x292/0x470 [ 35.495746] ? __lockdep_init_map+0x105/0x590 [ 35.495751] ? __init_waitqueue_head+0x9e/0x150 [ 35.495755] ? init_wait_entry+0x1c0/0x1c0 [ 35.495760] __synchronize_srcu+0x17b/0x230 [ 35.495764] ? call_srcu+0x10/0x10 [ 35.495768] ? rcu_unexpedite_gp+0x20/0x20 [ 35.495774] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.495779] ? check_preemption_disabled+0x48/0x200 [ 35.495783] synchronize_srcu+0x356/0x5ab [ 35.495788] ? lock_downgrade+0x900/0x900 [ 35.495793] ? synchronize_srcu_expedited+0x20/0x20 [ 35.495797] ? kasan_check_read+0x11/0x20 [ 35.495802] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.495806] ? kasan_check_write+0x14/0x20 [ 35.495811] ? do_raw_spin_lock+0xc1/0x200 [ 35.495816] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.495822] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.495826] ? kvfree+0x61/0x70 [ 35.495830] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.495835] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.495839] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.495844] ? kvm_arch_sync_events+0x30/0x30 [ 35.495849] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.495854] ? mmu_notifier_unregister+0x474/0x600 [ 35.495858] ? kfree+0x107/0x230 [ 35.495863] ? __mmu_notifier_register+0x30/0x30 [ 35.495868] ? __free_pages+0x10a/0x190 [ 35.495872] ? free_unref_page+0x960/0x960 [ 35.495876] kvm_put_kvm+0x6c8/0xff0 [ 35.495881] ? kvm_write_guest_cached+0x40/0x40 [ 35.495886] ? kvm_irqfd_release+0xd1/0x120 [ 35.495890] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.495895] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.495900] ? kasan_check_write+0x14/0x20 [ 35.495904] ? do_raw_spin_lock+0xc1/0x200 [ 35.495908] ? kvm_irqfd_release+0x [ 35.495918] Lost 82 message(s)! [ 36.642435] Shutting down cpus with NMI [ 37.700487] Kernel Offset: disabled [ 37.704117] Rebooting in 86400 seconds..