[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.916700] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 25.208266] random: sshd: uninitialized urandom read (32 bytes read) [ 25.548655] random: sshd: uninitialized urandom read (32 bytes read) [ 26.152922] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.639693] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.31' (ECDSA) to the list of known hosts. [ 43.245777] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 43.369207] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 43.395203] ================================================================== [ 43.405115] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 43.411354] Read of size 8 at addr ffff8801d8b80058 by task syz-executor076/5325 [ 43.418880] [ 43.420516] CPU: 0 PID: 5325 Comm: syz-executor076 Not tainted 4.19.0-rc3+ #9 [ 43.427782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.437132] Call Trace: [ 43.439729] dump_stack+0x1c4/0x2b4 [ 43.443364] ? dump_stack_print_info.cold.2+0x52/0x52 [ 43.448556] ? printk+0xa7/0xcf [ 43.451844] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 43.456608] print_address_description.cold.8+0x9/0x1ff [ 43.461972] kasan_report.cold.9+0x242/0x309 [ 43.466383] ? __schedule+0xfc3/0x1ed0 [ 43.470276] __asan_report_load8_noabort+0x14/0x20 [ 43.475212] __schedule+0xfc3/0x1ed0 [ 43.478936] ? __sched_text_start+0x8/0x8 [ 43.483083] ? __lock_is_held+0xb5/0x140 [ 43.487145] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.492248] ? find_held_lock+0x36/0x1c0 [ 43.496313] ? __call_srcu+0x7f9/0x1070 [ 43.500285] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.505390] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.510495] ? lockdep_hardirqs_on+0x421/0x5c0 [ 43.515075] ? preempt_schedule+0x4d/0x60 [ 43.519226] preempt_schedule_common+0x1f/0xd0 [ 43.523861] preempt_schedule+0x4d/0x60 [ 43.527889] ___preempt_schedule+0x16/0x18 [ 43.532131] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 43.537063] __call_srcu+0x7f9/0x1070 [ 43.540855] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 43.545945] ? srcu_offline_cpu+0x120/0x120 [ 43.550251] ? debug_object_free+0x690/0x690 [ 43.554647] ? mark_held_locks+0x130/0x130 [ 43.558867] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 43.563453] ? lock_release+0x970/0x970 [ 43.567431] ? arch_local_save_flags+0x40/0x40 [ 43.572019] ? depot_save_stack+0x292/0x470 [ 43.576351] ? __lockdep_init_map+0x105/0x590 [ 43.580853] ? __init_waitqueue_head+0x9e/0x150 [ 43.585527] ? init_wait_entry+0x1c0/0x1c0 [ 43.589773] __synchronize_srcu+0x17b/0x230 [ 43.594099] ? call_srcu+0x10/0x10 [ 43.597640] ? rcu_unexpedite_gp+0x20/0x20 [ 43.601885] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 43.607422] ? check_preemption_disabled+0x48/0x200 [ 43.612449] synchronize_srcu+0x356/0x5ab [ 43.616601] ? lock_downgrade+0x900/0x900 [ 43.620756] ? synchronize_srcu_expedited+0x20/0x20 [ 43.625775] ? kasan_check_read+0x11/0x20 [ 43.629922] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 43.634508] ? kasan_check_write+0x14/0x20 [ 43.638743] ? do_raw_spin_lock+0xc1/0x200 [ 43.642979] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.648722] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 43.654178] ? kvfree+0x61/0x70 [ 43.657469] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.662489] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.666560] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.670975] ? kvm_arch_sync_events+0x30/0x30 [ 43.675472] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.681008] ? mmu_notifier_unregister+0x474/0x600 [ 43.685939] ? kfree+0x107/0x230 [ 43.689310] ? __mmu_notifier_register+0x30/0x30 [ 43.694070] ? __free_pages+0x10a/0x190 [ 43.698044] ? free_unref_page+0x960/0x960 [ 43.702294] kvm_put_kvm+0x6c8/0xff0 [ 43.706015] ? kvm_write_guest_cached+0x40/0x40 [ 43.713727] ? kvm_irqfd_release+0xd1/0x120 [ 43.718050] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.722545] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.727054] ? kasan_check_write+0x14/0x20 [ 43.731290] ? do_raw_spin_lock+0xc1/0x200 [ 43.735525] ? kvm_irqfd_release+0xdd/0x120 [ 43.739840] ? kvm_irqfd_release+0xdd/0x120 [ 43.744160] ? kvm_put_kvm+0xff0/0xff0 [ 43.748059] kvm_vm_release+0x42/0x50 [ 43.751863] __fput+0x385/0xa30 [ 43.755146] ? get_max_files+0x20/0x20 [ 43.759036] ? trace_hardirqs_on+0xbd/0x310 [ 43.763357] ? ___might_sleep+0x1ed/0x300 [ 43.767506] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 43.772962] ? arch_local_save_flags+0x40/0x40 [ 43.777545] ? kasan_check_write+0x14/0x20 [ 43.781779] ? do_raw_spin_lock+0xc1/0x200 [ 43.786013] ____fput+0x15/0x20 [ 43.789295] task_work_run+0x1e8/0x2a0 [ 43.793192] ? task_work_cancel+0x240/0x240 [ 43.797514] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.803052] ? switch_task_namespaces+0x9d/0xd0 [ 43.807723] do_exit+0x1ad7/0x2610 [ 43.811270] ? mm_update_next_owner+0x990/0x990 [ 43.815944] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 43.820192] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.825217] ? kfree+0x1fa/0x230 [ 43.828588] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 43.832822] ? kvm_vcpu_block+0x1030/0x1030 [ 43.837155] ? is_bpf_text_address+0xd3/0x170 [ 43.841659] ? kernel_text_address+0x79/0xf0 [ 43.846070] ? __kernel_text_address+0xd/0x40 [ 43.850564] ? unwind_get_return_address+0x61/0xa0 [ 43.855498] ? __save_stack_trace+0x8d/0xf0 [ 43.859825] ? save_stack+0xa9/0xd0 [ 43.863450] ? save_stack+0x43/0xd0 [ 43.867074] ? __kasan_slab_free+0x102/0x150 [ 43.871476] ? kasan_slab_free+0xe/0x10 [ 43.875449] ? putname+0xf2/0x130 [ 43.878898] ? __x64_sys_openat+0x9d/0x100 [ 43.883128] ? do_syscall_64+0x1b9/0x820 [ 43.887197] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.892568] ? trace_hardirqs_off+0xb8/0x310 [ 43.896974] ? kasan_check_read+0x11/0x20 [ 43.901121] ? do_raw_spin_unlock+0xa7/0x2f0 [ 43.905531] ? trace_hardirqs_on+0x310/0x310 [ 43.909946] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 43.915055] ? trace_hardirqs_off+0xb8/0x310 [ 43.919465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.925001] ? check_preemption_disabled+0x48/0x200 [ 43.930015] ? check_preemption_disabled+0x48/0x200 [ 43.935035] ? kvm_vcpu_block+0x1030/0x1030 [ 43.939354] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.944893] ? do_vfs_ioctl+0x201/0x1720 [ 43.948956] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 43.954237] ? ioctl_preallocate+0x300/0x300 [ 43.958652] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.964201] ? __fget_light+0x2e9/0x430 [ 43.968188] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.973735] ? smack_file_ioctl+0x210/0x3c0 [ 43.978054] ? fget_raw+0x20/0x20 [ 43.981506] ? smack_file_lock+0x2e0/0x2e0 [ 43.985747] do_group_exit+0x177/0x440 [ 43.989638] ? trace_hardirqs_on+0xbd/0x310 [ 43.994047] ? __ia32_sys_exit+0x50/0x50 [ 43.998106] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 44.003553] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.009086] ? ksys_ioctl+0x81/0xd0 [ 44.012717] __x64_sys_exit_group+0x3e/0x50 [ 44.017070] do_syscall_64+0x1b9/0x820 [ 44.020960] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 44.026326] ? syscall_return_slowpath+0x5e0/0x5e0 [ 44.031251] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.036095] ? trace_hardirqs_on_caller+0x310/0x310 [ 44.041142] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 44.046157] ? prepare_exit_to_usermode+0x291/0x3b0 [ 44.051192] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.056041] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.061226] RIP: 0033:0x43ecc8 [ 44.064419] Code: Bad RIP value. [ 44.067777] RSP: 002b:00007fff2660e6a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 44.075484] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 44.082748] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 44.090014] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 44.097276] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 44.104539] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 44.111809] [ 44.113434] Allocated by task 5325: [ 44.117061] save_stack+0x43/0xd0 [ 44.120505] kasan_kmalloc+0xc7/0xe0 [ 44.124213] kasan_slab_alloc+0x12/0x20 [ 44.128192] kmem_cache_alloc+0x12e/0x730 [ 44.132339] vmx_create_vcpu+0xcf/0x25e0 [ 44.136393] kvm_arch_vcpu_create+0xe5/0x220 [ 44.140796] kvm_vm_ioctl+0x470/0x1d40 [ 44.144685] do_vfs_ioctl+0x1de/0x1720 [ 44.148567] ksys_ioctl+0xa9/0xd0 [ 44.152013] __x64_sys_ioctl+0x73/0xb0 [ 44.155897] do_syscall_64+0x1b9/0x820 [ 44.159781] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.164959] [ 44.166578] Freed by task 5325: [ 44.169853] save_stack+0x43/0xd0 [ 44.173303] __kasan_slab_free+0x102/0x150 [ 44.177532] kasan_slab_free+0xe/0x10 [ 44.181332] kmem_cache_free+0x83/0x290 [ 44.185305] vmx_free_vcpu+0x26b/0x300 [ 44.189194] kvm_arch_destroy_vm+0x365/0x7c0 [ 44.193600] kvm_put_kvm+0x6c8/0xff0 [ 44.197307] kvm_vm_release+0x42/0x50 [ 44.201103] __fput+0x385/0xa30 [ 44.204372] ____fput+0x15/0x20 [ 44.207646] task_work_run+0x1e8/0x2a0 [ 44.211535] do_exit+0x1ad7/0x2610 [ 44.215070] do_group_exit+0x177/0x440 [ 44.218955] __x64_sys_exit_group+0x3e/0x50 [ 44.223276] do_syscall_64+0x1b9/0x820 [ 44.227162] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.232344] [ 44.233969] The buggy address belongs to the object at ffff8801d8b80040 [ 44.233969] which belongs to the cache kvm_vcpu of size 23872 [ 44.246540] The buggy address is located 24 bytes inside of [ 44.246540] 23872-byte region [ffff8801d8b80040, ffff8801d8b85d80) [ 44.258499] The buggy address belongs to the page: [ 44.263431] page:ffffea000762e000 count:1 mapcount:0 mapping:ffff8801d79e8180 index:0x0 compound_mapcount: 0 [ 44.273399] flags: 0x2fffc0000008100(slab|head) [ 44.278072] raw: 02fffc0000008100 ffff8801d55e8448 ffff8801d55e8448 ffff8801d79e8180 [ 44.285948] raw: 0000000000000000 ffff8801d8b80040 0000000100000001 0000000000000000 [ 44.293820] page dumped because: kasan: bad access detected [ 44.299514] [ 44.301141] Memory state around the buggy address: [ 44.306065] ffff8801d8b7ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.313418] ffff8801d8b7ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.321388] >ffff8801d8b80000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 44.328741] ^ [ 44.334964] ffff8801d8b80080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.342311] ffff8801d8b80100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.349652] ================================================================== [ 44.357096] Kernel panic - not syncing: panic_on_warn set ... [ 44.357096] [ 44.364491] CPU: 0 PID: 5325 Comm: syz-executor076 Tainted: G B 4.19.0-rc3+ #9 [ 44.373136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.382477] Call Trace: [ 44.385062] dump_stack+0x1c4/0x2b4 [ 44.390599] ? dump_stack_print_info.cold.2+0x52/0x52 [ 44.395894] ? lock_downgrade+0x900/0x900 [ 44.400148] panic+0x238/0x4e7 [ 44.403446] ? add_taint.cold.5+0x16/0x16 [ 44.407583] ? print_shadow_for_address+0xb6/0x116 [ 44.412595] ? trace_hardirqs_off+0xaf/0x310 [ 44.416996] kasan_end_report+0x47/0x4f [ 44.420956] kasan_report.cold.9+0x76/0x309 [ 44.425261] ? __schedule+0xfc3/0x1ed0 [ 44.429145] __asan_report_load8_noabort+0x14/0x20 [ 44.434066] __schedule+0xfc3/0x1ed0 [ 44.437899] ? __sched_text_start+0x8/0x8 [ 44.442038] ? __lock_is_held+0xb5/0x140 [ 44.446081] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 44.451276] ? find_held_lock+0x36/0x1c0 [ 44.455332] ? __call_srcu+0x7f9/0x1070 [ 44.459298] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 44.464387] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 44.469479] ? lockdep_hardirqs_on+0x421/0x5c0 [ 44.474047] ? preempt_schedule+0x4d/0x60 [ 44.478199] preempt_schedule_common+0x1f/0xd0 [ 44.482787] preempt_schedule+0x4d/0x60 [ 44.486761] ___preempt_schedule+0x16/0x18 [ 44.490990] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 44.495909] __call_srcu+0x7f9/0x1070 [ 44.499696] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 44.504899] ? srcu_offline_cpu+0x120/0x120 [ 44.509213] ? debug_object_free+0x690/0x690 [ 44.513802] ? mark_held_locks+0x130/0x130 [ 44.518264] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 44.522855] ? lock_release+0x970/0x970 [ 44.526834] ? arch_local_save_flags+0x40/0x40 [ 44.531423] ? depot_save_stack+0x292/0x470 [ 44.535743] ? __lockdep_init_map+0x105/0x590 [ 44.540234] ? __init_waitqueue_head+0x9e/0x150 [ 44.544889] ? init_wait_entry+0x1c0/0x1c0 [ 44.549111] __synchronize_srcu+0x17b/0x230 [ 44.553465] ? call_srcu+0x10/0x10 [ 44.556995] ? rcu_unexpedite_gp+0x20/0x20 [ 44.561219] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 44.566745] ? check_preemption_disabled+0x48/0x200 [ 44.571755] synchronize_srcu+0x356/0x5ab [ 44.575893] ? lock_downgrade+0x900/0x900 [ 44.580036] ? synchronize_srcu_expedited+0x20/0x20 [ 44.585043] ? kasan_check_read+0x11/0x20 [ 44.589193] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 44.593759] ? kasan_check_write+0x14/0x20 [ 44.597976] ? do_raw_spin_lock+0xc1/0x200 [ 44.602211] kvm_page_track_unregister_notifier+0x17d/0x250 [ 44.607920] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 44.613372] ? kvfree+0x61/0x70 [ 44.616642] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.621662] kvm_mmu_uninit_vm+0x1c/0x20 [ 44.625721] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 44.630130] ? kvm_arch_sync_events+0x30/0x30 [ 44.634624] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 44.640152] ? mmu_notifier_unregister+0x474/0x600 [ 44.645067] ? kfree+0x107/0x230 [ 44.648420] ? __mmu_notifier_register+0x30/0x30 [ 44.653174] ? __free_pages+0x10a/0x190 [ 44.657143] ? free_unref_page+0x960/0x960 [ 44.661371] kvm_put_kvm+0x6c8/0xff0 [ 44.665073] ? kvm_write_guest_cached+0x40/0x40 [ 44.669729] ? kvm_irqfd_release+0xd1/0x120 [ 44.674039] ? _raw_spin_unlock_irq+0x27/0x80 [ 44.678527] ? _raw_spin_unlock_irq+0x27/0x80 [ 44.683021] ? kasan_check_write+0x14/0x20 [ 44.687242] ? do_raw_spin_lock+0xc1/0x200 [ 44.691465] ? kvm_irqfd_release+0xdd/0x120 [ 44.695768] ? kvm_irqfd_release+0xdd/0x120 [ 44.700081] ? kvm_put_kvm+0xff0/0xff0 [ 44.703960] kvm_vm_release+0x42/0x50 [ 44.707748] __fput+0x385/0xa30 [ 44.711088] ? get_max_files+0x20/0x20 [ 44.714985] ? trace_hardirqs_on+0xbd/0x310 [ 44.719316] ? ___might_sleep+0x1ed/0x300 [ 44.723460] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 44.728900] ? arch_local_save_flags+0x40/0x40 [ 44.733516] ? kasan_check_write+0x14/0x20 [ 44.737822] ? do_raw_spin_lock+0xc1/0x200 [ 44.742055] ____fput+0x15/0x20 [ 44.745333] task_work_run+0x1e8/0x2a0 [ 44.749219] ? task_work_cancel+0x240/0x240 [ 44.753541] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 44.759072] ? switch_task_namespaces+0x9d/0xd0 [ 44.763737] do_exit+0x1ad7/0x2610 [ 44.767266] ? mm_update_next_owner+0x990/0x990 [ 44.771928] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 44.776146] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.781150] ? kfree+0x1fa/0x230 [ 44.784501] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 44.788719] ? kvm_vcpu_block+0x1030/0x1030 [ 44.793025] ? is_bpf_text_address+0xd3/0x170 [ 44.797505] ? kernel_text_address+0x79/0xf0 [ 44.801902] ? __kernel_text_address+0xd/0x40 [ 44.806430] ? unwind_get_return_address+0x61/0xa0 [ 44.811351] ? __save_stack_trace+0x8d/0xf0 [ 44.815664] ? save_stack+0xa9/0xd0 [ 44.819278] ? save_stack+0x43/0xd0 [ 44.822886] ? __kasan_slab_free+0x102/0x150 [ 44.827276] ? kasan_slab_free+0xe/0x10 [ 44.831232] ? putname+0xf2/0x130 [ 44.834716] ? __x64_sys_openat+0x9d/0x100 [ 44.838941] ? do_syscall_64+0x1b9/0x820 [ 44.843022] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.848375] ? trace_hardirqs_off+0xb8/0x310 [ 44.852765] ? kasan_check_read+0x11/0x20 [ 44.856940] ? do_raw_spin_unlock+0xa7/0x2f0 [ 44.861335] ? trace_hardirqs_on+0x310/0x310 [ 44.865733] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 44.870952] ? trace_hardirqs_off+0xb8/0x310 [ 44.875347] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.880864] ? check_preemption_disabled+0x48/0x200 [ 44.885872] ? check_preemption_disabled+0x48/0x200 [ 44.890887] ? kvm_vcpu_block+0x1030/0x1030 [ 44.895202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.900725] ? do_vfs_ioctl+0x201/0x1720 [ 44.904777] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 44.910040] ? ioctl_preallocate+0x300/0x300 [ 44.914436] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.919955] ? __fget_light+0x2e9/0x430 [ 44.923913] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.929436] ? smack_file_ioctl+0x210/0x3c0 [ 44.933736] ? fget_raw+0x20/0x20 [ 44.937171] ? smack_file_lock+0x2e0/0x2e0 [ 44.941406] do_group_exit+0x177/0x440 [ 44.945282] ? trace_hardirqs_on+0xbd/0x310 [ 44.949591] ? __ia32_sys_exit+0x50/0x50 [ 44.953633] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 44.959063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.964585] ? ksys_ioctl+0x81/0xd0 [ 44.968209] __x64_sys_exit_group+0x3e/0x50 [ 44.972572] do_syscall_64+0x1b9/0x820 [ 44.977834] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 44.983212] ? syscall_return_slowpath+0x5e0/0x5e0 [ 44.988142] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.992986] ? trace_hardirqs_on_caller+0x310/0x310 [ 44.998004] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 45.003022] ? prepare_exit_to_usermode+0x291/0x3b0 [ 45.008041] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.012887] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.018071] RIP: 0033:0x43ecc8 [ 45.021264] Code: Bad RIP value. [ 45.024621] RSP: 002b:00007fff2660e6a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 45.032328] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 45.039592] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 45.046857] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 45.054123] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 45.061383] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 45.068662] [ 45.068669] ====================================================== [ 45.068675] WARNING: possible circular locking dependency detected [ 45.068679] 4.19.0-rc3+ #9 Not tainted [ 45.068685] ------------------------------------------------------ [ 45.068690] syz-executor076/5325 is trying to acquire lock: [ 45.068694] 00000000abb0df8d ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 45.068710] [ 45.068715] but task is already holding lock: [ 45.068718] 00000000e86657ab (report_lock){....}, at: kasan_report+0x8b/0x110 [ 45.068734] [ 45.068739] which lock already depends on the new lock. [ 45.068742] [ 45.068745] [ 45.068750] the existing dependency chain (in reverse order) is: [ 45.068753] [ 45.068755] -> #3 (report_lock){....}: [ 45.068771] _raw_spin_lock_irqsave+0x99/0xd0 [ 45.068776] kasan_report+0x8b/0x110 [ 45.068781] __asan_report_load8_noabort+0x14/0x20 [ 45.068785] __schedule+0xfc3/0x1ed0 [ 45.068790] preempt_schedule_common+0x1f/0xd0 [ 45.068794] preempt_schedule+0x4d/0x60 [ 45.068799] ___preempt_schedule+0x16/0x18 [ 45.068804] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 45.068808] __call_srcu+0x7f9/0x1070 [ 45.068812] __synchronize_srcu+0x17b/0x230 [ 45.068817] synchronize_srcu+0x356/0x5ab [ 45.068823] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.068827] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.068832] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.068836] kvm_put_kvm+0x6c8/0xff0 [ 45.068840] kvm_vm_release+0x42/0x50 [ 45.068844] __fput+0x385/0xa30 [ 45.068848] ____fput+0x15/0x20 [ 45.068853] task_work_run+0x1e8/0x2a0 [ 45.068857] do_exit+0x1ad7/0x2610 [ 45.068861] do_group_exit+0x177/0x440 [ 45.068866] __x64_sys_exit_group+0x3e/0x50 [ 45.068870] do_syscall_64+0x1b9/0x820 [ 45.068875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.068878] [ 45.068880] -> #2 (&rq->lock){-.-.}: [ 45.068896] _raw_spin_lock+0x2d/0x40 [ 45.068900] task_fork_fair+0xb0/0x6d0 [ 45.068904] sched_fork+0x443/0xba0 [ 45.068909] copy_process+0x2586/0x8780 [ 45.068913] _do_fork+0x1cb/0x11d0 [ 45.068917] kernel_thread+0x34/0x40 [ 45.068921] rest_init+0x22/0xe5 [ 45.068925] start_kernel+0x8f4/0x92f [ 45.068930] x86_64_start_reservations+0x29/0x2b [ 45.068935] x86_64_start_kernel+0x76/0x79 [ 45.068939] secondary_startup_64+0xa4/0xb0 [ 45.068942] [ 45.068945] -> #1 (&p->pi_lock){-.-.}: [ 45.068960] _raw_spin_lock_irqsave+0x99/0xd0 [ 45.068965] try_to_wake_up+0xd2/0x12f0 [ 45.068969] wake_up_process+0x10/0x20 [ 45.068973] __up.isra.1+0x1c0/0x2a0 [ 45.068977] up+0x13c/0x1c0 [ 45.068982] __up_console_sem+0xbe/0x1b0 [ 45.068986] console_unlock+0x524/0x11a0 [ 45.068990] vprintk_emit+0x33d/0x930 [ 45.068995] vprintk_default+0x28/0x30 [ 45.068999] vprintk_func+0x7e/0x181 [ 45.069003] printk+0xa7/0xcf [ 45.069007] load_umh+0x51/0xbd [ 45.069011] do_one_initcall+0x145/0x957 [ 45.069016] kernel_init_freeable+0x4bb/0x5ae [ 45.069020] kernel_init+0x11/0x1b2 [ 45.069024] ret_from_fork+0x3a/0x50 [ 45.069027] [ 45.069030] -> #0 ((console_sem).lock){-...}: [ 45.069045] lock_acquire+0x1ed/0x520 [ 45.069050] _raw_spin_lock_irqsave+0x99/0xd0 [ 45.069054] down_trylock+0x13/0x70 [ 45.069059] __down_trylock_console_sem+0xae/0x200 [ 45.069064] console_trylock+0x15/0xa0 [ 45.069068] vprintk_emit+0x322/0x930 [ 45.069072] vprintk_default+0x28/0x30 [ 45.069077] vprintk_func+0x7e/0x181 [ 45.069081] printk+0xa7/0xcf [ 45.069085] kasan_report+0x9b/0x110 [ 45.069090] __asan_report_load8_noabort+0x14/0x20 [ 45.069094] __schedule+0xfc3/0x1ed0 [ 45.069099] preempt_schedule_common+0x1f/0xd0 [ 45.069103] preempt_schedule+0x4d/0x60 [ 45.069108] ___preempt_schedule+0x16/0x18 [ 45.069113] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 45.069117] __call_srcu+0x7f9/0x1070 [ 45.069122] __synchronize_srcu+0x17b/0x230 [ 45.069127] synchronize_srcu+0x356/0x5ab [ 45.069132] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.069137] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.069141] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.069146] kvm_put_kvm+0x6c8/0xff0 [ 45.069150] kvm_vm_release+0x42/0x50 [ 45.069154] __fput+0x385/0xa30 [ 45.069158] ____fput+0x15/0x20 [ 45.069162] task_work_run+0x1e8/0x2a0 [ 45.069166] do_exit+0x1ad7/0x2610 [ 45.069171] do_group_exit+0x177/0x440 [ 45.069175] __x64_sys_exit_group+0x3e/0x50 [ 45.069188] do_syscall_64+0x1b9/0x820 [ 45.069194] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.069196] [ 45.069201] other info that might help us debug this: [ 45.069203] [ 45.069207] Chain exists of: [ 45.069209] (console_sem).lock --> &rq->lock --> report_lock [ 45.069229] [ 45.069234] Possible unsafe locking scenario: [ 45.069237] [ 45.069241] CPU0 CPU1 [ 45.069246] ---- ---- [ 45.069248] lock(report_lock); [ 45.069259] lock(&rq->lock); [ 45.069269] lock(report_lock); [ 45.069278] lock((console_sem).lock); [ 45.069286] [ 45.069290] *** DEADLOCK *** [ 45.069293] [ 45.069297] 2 locks held by syz-executor076/5325: [ 45.069300] #0: 00000000e0582d87 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 45.069319] #1: 00000000e86657ab (report_lock){....}, at: kasan_report+0x8b/0x110 [ 45.069337] [ 45.069341] stack backtrace: [ 45.069347] CPU: 0 PID: 5325 Comm: syz-executor076 Not tainted 4.19.0-rc3+ #9 [ 45.069355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.069358] Call Trace: [ 45.069363] dump_stack+0x1c4/0x2b4 [ 45.069368] ? dump_stack_print_info.cold.2+0x52/0x52 [ 45.069372] ? vprintk_func+0x85/0x181 [ 45.069377] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 45.069382] ? save_trace+0xe0/0x290 [ 45.069386] __lock_acquire+0x33e4/0x4ec0 [ 45.069391] ? mark_held_locks+0x130/0x130 [ 45.069395] ? mark_held_locks+0x130/0x130 [ 45.069399] ? rcu_bh_qs+0xc0/0xc0 [ 45.069404] ? unwind_dump+0x190/0x190 [ 45.069408] ? is_bpf_text_address+0xd3/0x170 [ 45.069413] ? kernel_text_address+0x79/0xf0 [ 45.069418] ? __kernel_text_address+0xd/0x40 [ 45.069422] ? __save_stack_trace+0x8d/0xf0 [ 45.069427] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 45.069432] ? save_trace+0x290/0x290 [ 45.069436] ? save_stack_trace+0x1a/0x20 [ 45.069440] ? save_trace+0xe0/0x290 [ 45.069445] ? kasan_check_read+0x11/0x20 [ 45.069449] ? graph_lock+0x170/0x170 [ 45.069460] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.069464] lock_acquire+0x1ed/0x520 [ 45.069469] ? down_trylock+0x13/0x70 [ 45.069473] ? find_held_lock+0x36/0x1c0 [ 45.069477] ? lock_release+0x970/0x970 [ 45.069482] ? trace_hardirqs_off+0xb8/0x310 [ 45.069486] ? vprintk_emit+0x1d3/0x930 [ 45.069491] ? trace_hardirqs_on+0x310/0x310 [ 45.069496] ? trace_hardirqs_off+0xb8/0x310 [ 45.069500] ? log_store+0x344/0x4c0 [ 45.069504] ? vprintk_emit+0x322/0x930 [ 45.069509] _raw_spin_lock_irqsave+0x99/0xd0 [ 45.069513] ? down_trylock+0x13/0x70 [ 45.069517] down_trylock+0x13/0x70 [ 45.069522] __down_trylock_console_sem+0xae/0x200 [ 45.069527] console_trylock+0x15/0xa0 [ 45.069531] vprintk_emit+0x322/0x930 [ 45.069535] ? wake_up_klogd+0x180/0x180 [ 45.069540] ? run_rebalance_domains+0x500/0x500 [ 45.069545] ? wake_up_worker+0x117/0x190 [ 45.069549] ? find_held_lock+0x36/0x1c0 [ 45.069554] ? __queue_work+0x6be/0x1440 [ 45.069558] ? lock_acquire+0x1ed/0x520 [ 45.069562] vprintk_default+0x28/0x30 [ 45.069566] vprintk_func+0x7e/0x181 [ 45.069570] printk+0xa7/0xcf [ 45.069575] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 45.069580] ? kasan_check_write+0x14/0x20 [ 45.069584] ? do_raw_spin_lock+0xc1/0x200 [ 45.069589] ? do_raw_spin_lock+0xc1/0x200 [ 45.069593] kasan_report+0x9b/0x110 [ 45.069597] ? __schedule+0xfc3/0x1ed0 [ 45.069602] __asan_report_load8_noabort+0x14/0x20 [ 45.069607] __schedule+0xfc3/0x1ed0 [ 45.069611] ? __sched_text_start+0x8/0x8 [ 45.069615] ? __lock_is_held+0xb5/0x140 [ 45.069621] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 45.069625] ? find_held_lock+0x36/0x1c0 [ 45.069629] ? __call_srcu+0x7f9/0x1070 [ 45.069635] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 45.069640] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 45.069644] ? lockdep_hardirqs_on+0x421/0x5c0 [ 45.069649] ? preempt_schedule+0x4d/0x60 [ 45.069654] preempt_schedule_common+0x1f/0xd0 [ 45.069658] preempt_schedule+0x4d/0x60 [ 45.069663] ___preempt_schedule+0x16/0x18 [ 45.069668] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 45.069672] __call_srcu+0x7f9/0x1070 [ 45.069677] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 45.069682] ? srcu_offline_cpu+0x120/0x120 [ 45.069686] ? debug_object_free+0x690/0x690 [ 45.069691] ? mark_held_locks+0x130/0x130 [ 45.069695] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 45.069700] ? lock_release+0x970/0x970 [ 45.069704] ? arch_local_save_flags+0x40/0x40 [ 45.069709] ? depot_save_stack+0x292/0x470 [ 45.069714] ? __lockdep_init_map+0x105/0x590 [ 45.069719] ? __init_waitqueue_head+0x9e/0x150 [ 45.069723] ? init_wait_entry+0x1c0/0x1c0 [ 45.069728] __synchronize_srcu+0x17b/0x230 [ 45.069732] ? call_srcu+0x10/0x10 [ 45.069736] ? rcu_unexpedite_gp+0x20/0x20 [ 45.069742] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 45.069747] ? check_preemption_disabled+0x48/0x200 [ 45.069751] synchronize_srcu+0x356/0x5ab [ 45.069756] ? lock_downgrade+0x900/0x900 [ 45.069761] ? synchronize_srcu_expedited+0x20/0x20 [ 45.069765] ? kasan_check_read+0x11/0x20 [ 45.069770] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 45.069774] ? kasan_check_write+0x14/0x20 [ 45.069779] ? do_raw_spin_lock+0xc1/0x200 [ 45.069784] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.069790] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 45.069794] ? kvfree+0x61/0x70 [ 45.069799] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.069803] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.069807] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.069812] ? kvm_arch_sync_events+0x30/0x30 [ 45.069818] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.069822] ? mmu_notifier_unregister+0x474/0x600 [ 45.069826] ? kfree+0x107/0x230 [ 45.069831] ? __mmu_notifier_register+0x30/0x30 [ 45.069836] ? __free_pages+0x10a/0x190 [ 45.069840] ? free_unref_page+0x960/0x960 [ 45.069844] kvm_put_kvm+0x6c8/0xff0 [ 45.069849] ? kvm_write_guest_cached+0x40/0x40 [ 45.069854] ? kvm_irqfd_release+0xd1/0x120 [ 45.069858] ? _raw_spin_unlock_irq+0x27/0x80 [ 45.069863] ? _raw_spin_unlock_irq+0x27/0x80 [ 45.069868] ? kasan_check_write+0x14/0x20 [ 45.069872] ? do_raw_spin_lock+0xc1/0x200 [ 45.069876] ? kvm_irqfd_release+0xdd/0 [ 45.069884] Lost 81 message(s)! [ 46.211446] Shutting down cpus with NMI [ 47.269897] Kernel Offset: disabled [ 47.273524] Rebooting in 86400 seconds..