[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.968864] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.671681] random: sshd: uninitialized urandom read (32 bytes read) [ 29.907237] random: sshd: uninitialized urandom read (32 bytes read) [ 30.506700] random: sshd: uninitialized urandom read (32 bytes read) [ 30.726610] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.44' (ECDSA) to the list of known hosts. [ 58.025497] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 58.147584] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 58.172993] ================================================================== [ 58.182945] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 58.189175] Read of size 8 at addr ffff8801bb690058 by task syz-executor513/5336 [ 58.196694] [ 58.198320] CPU: 1 PID: 5336 Comm: syz-executor513 Not tainted 4.19.0-rc4+ #248 [ 58.205763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.215110] Call Trace: [ 58.217700] dump_stack+0x1c4/0x2b4 [ 58.221350] ? dump_stack_print_info.cold.2+0x52/0x52 [ 58.226539] ? printk+0xa7/0xcf [ 58.229819] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 58.234580] print_address_description.cold.8+0x9/0x1ff [ 58.239943] kasan_report.cold.9+0x242/0x309 [ 58.244352] ? __schedule+0xfc3/0x1ed0 [ 58.248243] __asan_report_load8_noabort+0x14/0x20 [ 58.253177] __schedule+0xfc3/0x1ed0 [ 58.256898] ? __sched_text_start+0x8/0x8 [ 58.261052] ? __lock_is_held+0xb5/0x140 [ 58.265110] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 58.270217] ? find_held_lock+0x36/0x1c0 [ 58.274286] ? __call_srcu+0x7f9/0x1070 [ 58.278263] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 58.283456] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 58.288569] ? lockdep_hardirqs_on+0x421/0x5c0 [ 58.293150] ? preempt_schedule+0x4d/0x60 [ 58.297310] preempt_schedule_common+0x1f/0xd0 [ 58.301890] preempt_schedule+0x4d/0x60 [ 58.305868] ___preempt_schedule+0x16/0x18 [ 58.310142] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 58.315073] __call_srcu+0x7f9/0x1070 [ 58.318872] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 58.323977] ? srcu_offline_cpu+0x120/0x120 [ 58.328295] ? debug_object_free+0x690/0x690 [ 58.332713] ? mark_held_locks+0x130/0x130 [ 58.336955] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 58.341551] ? lock_release+0x970/0x970 [ 58.345583] ? arch_local_save_flags+0x40/0x40 [ 58.350165] ? depot_save_stack+0x292/0x470 [ 58.354505] ? __lockdep_init_map+0x105/0x590 [ 58.359008] ? __init_waitqueue_head+0x9e/0x150 [ 58.363678] ? init_wait_entry+0x1c0/0x1c0 [ 58.367921] __synchronize_srcu+0x17b/0x230 [ 58.372246] ? call_srcu+0x10/0x10 [ 58.375793] ? rcu_unexpedite_gp+0x20/0x20 [ 58.380039] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 58.385574] ? check_preemption_disabled+0x48/0x200 [ 58.390591] synchronize_srcu+0x356/0x5ab [ 58.394743] ? lock_downgrade+0x900/0x900 [ 58.398897] ? synchronize_srcu_expedited+0x20/0x20 [ 58.403921] ? kasan_check_read+0x11/0x20 [ 58.408075] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 58.412657] ? kasan_check_write+0x14/0x20 [ 58.416889] ? do_raw_spin_lock+0xc1/0x200 [ 58.421127] kvm_page_track_unregister_notifier+0x17d/0x250 [ 58.426837] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 58.432288] ? kvfree+0x61/0x70 [ 58.435566] ? rcu_read_lock_sched_held+0x108/0x120 [ 58.440584] kvm_mmu_uninit_vm+0x1c/0x20 [ 58.444647] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 58.449060] ? kvm_arch_sync_events+0x30/0x30 [ 58.453559] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 58.459096] ? mmu_notifier_unregister+0x474/0x600 [ 58.464030] ? kfree+0x107/0x230 [ 58.467395] ? __mmu_notifier_register+0x30/0x30 [ 58.472154] ? __free_pages+0x10a/0x190 [ 58.476127] ? free_unref_page+0x960/0x960 [ 58.480375] kvm_put_kvm+0x6c8/0xff0 [ 58.484098] ? kvm_write_guest_cached+0x40/0x40 [ 58.488775] ? kvm_irqfd_release+0xd1/0x120 [ 58.493103] ? _raw_spin_unlock_irq+0x27/0x80 [ 58.497600] ? _raw_spin_unlock_irq+0x27/0x80 [ 58.502108] ? kasan_check_write+0x14/0x20 [ 58.506347] ? do_raw_spin_lock+0xc1/0x200 [ 58.510581] ? kvm_irqfd_release+0xdd/0x120 [ 58.514899] ? kvm_irqfd_release+0xdd/0x120 [ 58.519231] ? kvm_put_kvm+0xff0/0xff0 [ 58.523118] kvm_vm_release+0x42/0x50 [ 58.526916] __fput+0x385/0xa30 [ 58.530196] ? get_max_files+0x20/0x20 [ 58.534086] ? trace_hardirqs_on+0xbd/0x310 [ 58.538418] ? ___might_sleep+0x1ed/0x300 [ 58.542574] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 58.548026] ? arch_local_save_flags+0x40/0x40 [ 58.553115] ? kasan_check_write+0x14/0x20 [ 58.557350] ? do_raw_spin_lock+0xc1/0x200 [ 58.561587] ____fput+0x15/0x20 [ 58.564875] task_work_run+0x1e8/0x2a0 [ 58.568768] ? task_work_cancel+0x240/0x240 [ 58.573090] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 58.578629] ? switch_task_namespaces+0x9d/0xd0 [ 58.583310] do_exit+0x1ad7/0x2610 [ 58.586853] ? mm_update_next_owner+0x990/0x990 [ 58.591528] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 58.595787] ? rcu_read_lock_sched_held+0x108/0x120 [ 58.600811] ? kfree+0x1fa/0x230 [ 58.604194] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 58.608463] ? kvm_vcpu_block+0x1030/0x1030 [ 58.612829] ? is_bpf_text_address+0xd3/0x170 [ 58.617325] ? kernel_text_address+0x79/0xf0 [ 58.621731] ? __kernel_text_address+0xd/0x40 [ 58.626246] ? unwind_get_return_address+0x61/0xa0 [ 58.631189] ? __save_stack_trace+0x8d/0xf0 [ 58.635520] ? save_stack+0xa9/0xd0 [ 58.639142] ? save_stack+0x43/0xd0 [ 58.642768] ? __kasan_slab_free+0x102/0x150 [ 58.647177] ? kasan_slab_free+0xe/0x10 [ 58.651174] ? putname+0xf2/0x130 [ 58.654626] ? __x64_sys_openat+0x9d/0x100 [ 58.658862] ? do_syscall_64+0x1b9/0x820 [ 58.662927] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.668291] ? trace_hardirqs_off+0xb8/0x310 [ 58.672700] ? kasan_check_read+0x11/0x20 [ 58.676849] ? do_raw_spin_unlock+0xa7/0x2f0 [ 58.681254] ? trace_hardirqs_on+0x310/0x310 [ 58.685667] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 58.690783] ? trace_hardirqs_off+0xb8/0x310 [ 58.695195] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.700741] ? check_preemption_disabled+0x48/0x200 [ 58.705767] ? check_preemption_disabled+0x48/0x200 [ 58.710791] ? kvm_vcpu_block+0x1030/0x1030 [ 58.715112] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.720651] ? do_vfs_ioctl+0x201/0x1720 [ 58.724713] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 58.729995] ? ioctl_preallocate+0x300/0x300 [ 58.734407] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.739945] ? __fget_light+0x2e9/0x430 [ 58.743919] ? fget_raw+0x20/0x20 [ 58.747393] ? putname+0xf2/0x130 [ 58.750859] ? rcu_read_lock_sched_held+0x108/0x120 [ 58.755875] ? kmem_cache_free+0x24f/0x290 [ 58.760108] ? putname+0xf7/0x130 [ 58.763566] do_group_exit+0x177/0x440 [ 58.767457] ? trace_hardirqs_on+0xbd/0x310 [ 58.771789] ? __ia32_sys_exit+0x50/0x50 [ 58.775849] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 58.781295] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.786832] ? ksys_ioctl+0x81/0xd0 [ 58.790459] __x64_sys_exit_group+0x3e/0x50 [ 58.794831] do_syscall_64+0x1b9/0x820 [ 58.798722] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 58.804085] ? syscall_return_slowpath+0x5e0/0x5e0 [ 58.809015] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 58.813857] ? trace_hardirqs_on_caller+0x310/0x310 [ 58.818876] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 58.823902] ? prepare_exit_to_usermode+0x291/0x3b0 [ 58.828921] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 58.833774] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.838965] RIP: 0033:0x43ecc8 [ 58.842188] Code: Bad RIP value. [ 58.845595] RSP: 002b:00007ffd5a12a568 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 58.853315] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 58.860576] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 58.867842] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 58.875106] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 58.882382] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 58.889656] [ 58.891281] Allocated by task 5336: [ 58.894910] save_stack+0x43/0xd0 [ 58.898362] kasan_kmalloc+0xc7/0xe0 [ 58.902070] kasan_slab_alloc+0x12/0x20 [ 58.906042] kmem_cache_alloc+0x12e/0x730 [ 58.910188] vmx_create_vcpu+0xcf/0x25e0 [ 58.914250] kvm_arch_vcpu_create+0xe5/0x220 [ 58.918657] kvm_vm_ioctl+0x470/0x1d40 [ 58.922541] do_vfs_ioctl+0x1de/0x1720 [ 58.926426] ksys_ioctl+0xa9/0xd0 [ 58.929875] __x64_sys_ioctl+0x73/0xb0 [ 58.933765] do_syscall_64+0x1b9/0x820 [ 58.937655] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.942834] [ 58.944463] Freed by task 5336: [ 58.947750] save_stack+0x43/0xd0 [ 58.951204] __kasan_slab_free+0x102/0x150 [ 58.955434] kasan_slab_free+0xe/0x10 [ 58.959244] kmem_cache_free+0x83/0x290 [ 58.963216] vmx_free_vcpu+0x26b/0x300 [ 58.967100] kvm_arch_destroy_vm+0x365/0x7c0 [ 58.971511] kvm_put_kvm+0x6c8/0xff0 [ 58.975225] kvm_vm_release+0x42/0x50 [ 58.979022] __fput+0x385/0xa30 [ 58.982293] ____fput+0x15/0x20 [ 58.985571] task_work_run+0x1e8/0x2a0 [ 58.989454] do_exit+0x1ad7/0x2610 [ 58.993000] do_group_exit+0x177/0x440 [ 58.996883] __x64_sys_exit_group+0x3e/0x50 [ 59.001206] do_syscall_64+0x1b9/0x820 [ 59.005107] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.010286] [ 59.011916] The buggy address belongs to the object at ffff8801bb690040 [ 59.011916] which belongs to the cache kvm_vcpu of size 23872 [ 59.024494] The buggy address is located 24 bytes inside of [ 59.024494] 23872-byte region [ffff8801bb690040, ffff8801bb695d80) [ 59.036448] The buggy address belongs to the page: [ 59.041370] page:ffffea0006eda400 count:1 mapcount:0 mapping:ffff8801d54be6c0 index:0x0 compound_mapcount: 0 [ 59.051348] flags: 0x2fffc0000008100(slab|head) [ 59.056019] raw: 02fffc0000008100 ffff8801d54c6c48 ffff8801d54c6c48 ffff8801d54be6c0 [ 59.063923] raw: 0000000000000000 ffff8801bb690040 0000000100000001 0000000000000000 [ 59.071794] page dumped because: kasan: bad access detected [ 59.077495] [ 59.079123] Memory state around the buggy address: [ 59.084047] ffff8801bb68ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.091400] ffff8801bb68ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.098763] >ffff8801bb690000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 59.106116] ^ [ 59.112344] ffff8801bb690080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.119697] ffff8801bb690100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.127047] ================================================================== [ 59.134404] Kernel panic - not syncing: panic_on_warn set ... [ 59.134404] [ 59.141779] CPU: 1 PID: 5336 Comm: syz-executor513 Tainted: G B 4.19.0-rc4+ #248 [ 59.150611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.159960] Call Trace: [ 59.162553] dump_stack+0x1c4/0x2b4 [ 59.166182] ? dump_stack_print_info.cold.2+0x52/0x52 [ 59.171377] ? lock_downgrade+0x900/0x900 [ 59.175529] panic+0x238/0x4e7 [ 59.178724] ? add_taint.cold.5+0x16/0x16 [ 59.182880] ? print_shadow_for_address+0xb6/0x116 [ 59.187810] ? trace_hardirqs_off+0xaf/0x310 [ 59.192217] kasan_end_report+0x47/0x4f [ 59.196194] kasan_report.cold.9+0x76/0x309 [ 59.200515] ? __schedule+0xfc3/0x1ed0 [ 59.204400] __asan_report_load8_noabort+0x14/0x20 [ 59.209331] __schedule+0xfc3/0x1ed0 [ 59.213047] ? __sched_text_start+0x8/0x8 [ 59.217198] ? __lock_is_held+0xb5/0x140 [ 59.221256] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 59.226364] ? find_held_lock+0x36/0x1c0 [ 59.230431] ? __call_srcu+0x7f9/0x1070 [ 59.234402] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 59.239512] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 59.244613] ? lockdep_hardirqs_on+0x421/0x5c0 [ 59.249196] ? preempt_schedule+0x4d/0x60 [ 59.253358] preempt_schedule_common+0x1f/0xd0 [ 59.257941] preempt_schedule+0x4d/0x60 [ 59.261921] ___preempt_schedule+0x16/0x18 [ 59.266162] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 59.271092] __call_srcu+0x7f9/0x1070 [ 59.274889] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 59.279997] ? srcu_offline_cpu+0x120/0x120 [ 59.284317] ? debug_object_free+0x690/0x690 [ 59.288724] ? mark_held_locks+0x130/0x130 [ 59.292977] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 59.297594] ? lock_release+0x970/0x970 [ 59.301573] ? arch_local_save_flags+0x40/0x40 [ 59.306154] ? depot_save_stack+0x292/0x470 [ 59.310494] ? __lockdep_init_map+0x105/0x590 [ 59.314997] ? __init_waitqueue_head+0x9e/0x150 [ 59.319667] ? init_wait_entry+0x1c0/0x1c0 [ 59.323907] __synchronize_srcu+0x17b/0x230 [ 59.328227] ? call_srcu+0x10/0x10 [ 59.331770] ? rcu_unexpedite_gp+0x20/0x20 [ 59.336014] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 59.341550] ? check_preemption_disabled+0x48/0x200 [ 59.346567] synchronize_srcu+0x356/0x5ab [ 59.350717] ? lock_downgrade+0x900/0x900 [ 59.354868] ? synchronize_srcu_expedited+0x20/0x20 [ 59.359896] ? kasan_check_read+0x11/0x20 [ 59.364047] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 59.368630] ? kasan_check_write+0x14/0x20 [ 59.372864] ? do_raw_spin_lock+0xc1/0x200 [ 59.377103] kvm_page_track_unregister_notifier+0x17d/0x250 [ 59.382819] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 59.388270] ? kvfree+0x61/0x70 [ 59.391550] ? rcu_read_lock_sched_held+0x108/0x120 [ 59.396571] kvm_mmu_uninit_vm+0x1c/0x20 [ 59.400632] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 59.405044] ? kvm_arch_sync_events+0x30/0x30 [ 59.409539] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 59.415076] ? mmu_notifier_unregister+0x474/0x600 [ 59.420007] ? kfree+0x107/0x230 [ 59.423371] ? __mmu_notifier_register+0x30/0x30 [ 59.428128] ? __free_pages+0x10a/0x190 [ 59.432104] ? free_unref_page+0x960/0x960 [ 59.436347] kvm_put_kvm+0x6c8/0xff0 [ 59.440069] ? kvm_write_guest_cached+0x40/0x40 [ 59.444739] ? kvm_irqfd_release+0xd1/0x120 [ 59.449067] ? _raw_spin_unlock_irq+0x27/0x80 [ 59.453560] ? _raw_spin_unlock_irq+0x27/0x80 [ 59.458068] ? kasan_check_write+0x14/0x20 [ 59.462314] ? do_raw_spin_lock+0xc1/0x200 [ 59.466553] ? kvm_irqfd_release+0xdd/0x120 [ 59.470874] ? kvm_irqfd_release+0xdd/0x120 [ 59.475194] ? kvm_put_kvm+0xff0/0xff0 [ 59.479082] kvm_vm_release+0x42/0x50 [ 59.482883] __fput+0x385/0xa30 [ 59.486165] ? get_max_files+0x20/0x20 [ 59.490056] ? trace_hardirqs_on+0xbd/0x310 [ 59.494379] ? ___might_sleep+0x1ed/0x300 [ 59.498528] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 59.503975] ? arch_local_save_flags+0x40/0x40 [ 59.508560] ? kasan_check_write+0x14/0x20 [ 59.512798] ? do_raw_spin_lock+0xc1/0x200 [ 59.517030] ____fput+0x15/0x20 [ 59.520309] task_work_run+0x1e8/0x2a0 [ 59.524200] ? task_work_cancel+0x240/0x240 [ 59.528525] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 59.534060] ? switch_task_namespaces+0x9d/0xd0 [ 59.538731] do_exit+0x1ad7/0x2610 [ 59.542285] ? mm_update_next_owner+0x990/0x990 [ 59.546960] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 59.551432] ? rcu_read_lock_sched_held+0x108/0x120 [ 59.556462] ? kfree+0x1fa/0x230 [ 59.559841] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 59.564079] ? kvm_vcpu_block+0x1030/0x1030 [ 59.568406] ? is_bpf_text_address+0xd3/0x170 [ 59.572897] ? kernel_text_address+0x79/0xf0 [ 59.577302] ? __kernel_text_address+0xd/0x40 [ 59.581798] ? unwind_get_return_address+0x61/0xa0 [ 59.586727] ? __save_stack_trace+0x8d/0xf0 [ 59.591056] ? save_stack+0xa9/0xd0 [ 59.594679] ? save_stack+0x43/0xd0 [ 59.598301] ? __kasan_slab_free+0x102/0x150 [ 59.602704] ? kasan_slab_free+0xe/0x10 [ 59.606678] ? putname+0xf2/0x130 [ 59.610134] ? __x64_sys_openat+0x9d/0x100 [ 59.614372] ? do_syscall_64+0x1b9/0x820 [ 59.618434] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.623803] ? trace_hardirqs_off+0xb8/0x310 [ 59.628213] ? kasan_check_read+0x11/0x20 [ 59.632362] ? do_raw_spin_unlock+0xa7/0x2f0 [ 59.636773] ? trace_hardirqs_on+0x310/0x310 [ 59.641184] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 59.646288] ? trace_hardirqs_off+0xb8/0x310 [ 59.650698] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.656503] ? check_preemption_disabled+0x48/0x200 [ 59.661507] ? check_preemption_disabled+0x48/0x200 [ 59.666516] ? kvm_vcpu_block+0x1030/0x1030 [ 59.670839] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.676361] ? do_vfs_ioctl+0x201/0x1720 [ 59.680412] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 59.685679] ? ioctl_preallocate+0x300/0x300 [ 59.690075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.695602] ? __fget_light+0x2e9/0x430 [ 59.699562] ? fget_raw+0x20/0x20 [ 59.702996] ? putname+0xf2/0x130 [ 59.706433] ? rcu_read_lock_sched_held+0x108/0x120 [ 59.711474] ? kmem_cache_free+0x24f/0x290 [ 59.715710] ? putname+0xf7/0x130 [ 59.719161] do_group_exit+0x177/0x440 [ 59.723037] ? trace_hardirqs_on+0xbd/0x310 [ 59.727349] ? __ia32_sys_exit+0x50/0x50 [ 59.731395] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 59.736829] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.742346] ? ksys_ioctl+0x81/0xd0 [ 59.745953] __x64_sys_exit_group+0x3e/0x50 [ 59.750267] do_syscall_64+0x1b9/0x820 [ 59.754142] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 59.759506] ? syscall_return_slowpath+0x5e0/0x5e0 [ 59.764423] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 59.769254] ? trace_hardirqs_on_caller+0x310/0x310 [ 59.774261] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 59.779266] ? prepare_exit_to_usermode+0x291/0x3b0 [ 59.784270] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 59.789097] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.794266] RIP: 0033:0x43ecc8 [ 59.797446] Code: Bad RIP value. [ 59.800790] RSP: 002b:00007ffd5a12a568 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 59.808487] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 59.815745] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 59.822993] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 59.830249] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 59.837512] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 59.844775] [ 59.844779] ====================================================== [ 59.844782] WARNING: possible circular locking dependency detected [ 59.844785] 4.19.0-rc4+ #248 Not tainted [ 59.844788] ------------------------------------------------------ [ 59.844791] syz-executor513/5336 is trying to acquire lock: [ 59.844793] 0000000051df1905 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 59.844802] [ 59.844804] but task is already holding lock: [ 59.844806] 00000000f65754aa (report_lock){....}, at: kasan_report+0x8b/0x110 [ 59.844814] [ 59.844817] which lock already depends on the new lock. [ 59.844819] [ 59.844820] [ 59.844823] the existing dependency chain (in reverse order) is: [ 59.844824] [ 59.844826] -> #3 (report_lock){....}: [ 59.844834] _raw_spin_lock_irqsave+0x99/0xd0 [ 59.844836] kasan_report+0x8b/0x110 [ 59.844839] __asan_report_load8_noabort+0x14/0x20 [ 59.844842] __schedule+0xfc3/0x1ed0 [ 59.844844] preempt_schedule_common+0x1f/0xd0 [ 59.844847] preempt_schedule+0x4d/0x60 [ 59.844849] ___preempt_schedule+0x16/0x18 [ 59.844852] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 59.844854] __call_srcu+0x7f9/0x1070 [ 59.844857] __synchronize_srcu+0x17b/0x230 [ 59.844860] synchronize_srcu+0x356/0x5ab [ 59.844863] kvm_page_track_unregister_notifier+0x17d/0x250 [ 59.844865] kvm_mmu_uninit_vm+0x1c/0x20 [ 59.844868] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 59.844870] kvm_put_kvm+0x6c8/0xff0 [ 59.844872] kvm_vm_release+0x42/0x50 [ 59.844874] __fput+0x385/0xa30 [ 59.844877] ____fput+0x15/0x20 [ 59.844879] task_work_run+0x1e8/0x2a0 [ 59.844881] do_exit+0x1ad7/0x2610 [ 59.844883] do_group_exit+0x177/0x440 [ 59.844886] __x64_sys_exit_group+0x3e/0x50 [ 59.844888] do_syscall_64+0x1b9/0x820 [ 59.844891] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.844893] [ 59.844894] -> #2 (&rq->lock){-.-.}: [ 59.844902] _raw_spin_lock+0x2d/0x40 [ 59.844904] task_fork_fair+0xb0/0x6d0 [ 59.844906] sched_fork+0x443/0xba0 [ 59.844909] copy_process+0x2586/0x8780 [ 59.844911] _do_fork+0x1cb/0x11d0 [ 59.844913] kernel_thread+0x34/0x40 [ 59.844916] rest_init+0x22/0xe5 [ 59.844918] start_kernel+0x8f4/0x92f [ 59.844921] x86_64_start_reservations+0x29/0x2b [ 59.844923] x86_64_start_kernel+0x76/0x79 [ 59.844926] secondary_startup_64+0xa4/0xb0 [ 59.844927] [ 59.844928] -> #1 (&p->pi_lock){-.-.}: [ 59.844937] _raw_spin_lock_irqsave+0x99/0xd0 [ 59.844939] try_to_wake_up+0xd2/0x12f0 [ 59.844941] wake_up_process+0x10/0x20 [ 59.844943] __up.isra.1+0x1c0/0x2a0 [ 59.844945] up+0x13c/0x1c0 [ 59.844948] __up_console_sem+0xbe/0x1b0 [ 59.844950] console_unlock+0x814/0x1160 [ 59.844953] vprintk_emit+0x33d/0x930 [ 59.844955] vprintk_default+0x28/0x30 [ 59.844957] vprintk_func+0x7e/0x181 [ 59.844959] printk+0xa7/0xcf [ 59.844961] load_umh+0x51/0xbd [ 59.844964] do_one_initcall+0x145/0x957 [ 59.844966] kernel_init_freeable+0x4bb/0x5ae [ 59.844969] kernel_init+0x11/0x1b2 [ 59.844971] ret_from_fork+0x3a/0x50 [ 59.844972] [ 59.844973] -> #0 ((console_sem).lock){-...}: [ 59.844982] lock_acquire+0x1ed/0x520 [ 59.844984] _raw_spin_lock_irqsave+0x99/0xd0 [ 59.844987] down_trylock+0x13/0x70 [ 59.844989] __down_trylock_console_sem+0xae/0x200 [ 59.844998] console_trylock+0x15/0xa0 [ 59.845001] vprintk_emit+0x322/0x930 [ 59.845003] vprintk_default+0x28/0x30 [ 59.845006] vprintk_func+0x7e/0x181 [ 59.845008] printk+0xa7/0xcf [ 59.845010] kasan_report+0x9b/0x110 [ 59.845013] __asan_report_load8_noabort+0x14/0x20 [ 59.845015] __schedule+0xfc3/0x1ed0 [ 59.845018] preempt_schedule_common+0x1f/0xd0 [ 59.845020] preempt_schedule+0x4d/0x60 [ 59.845023] ___preempt_schedule+0x16/0x18 [ 59.845025] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 59.845028] __call_srcu+0x7f9/0x1070 [ 59.845030] __synchronize_srcu+0x17b/0x230 [ 59.845033] synchronize_srcu+0x356/0x5ab [ 59.845036] kvm_page_track_unregister_notifier+0x17d/0x250 [ 59.845038] kvm_mmu_uninit_vm+0x1c/0x20 [ 59.845041] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 59.845043] kvm_put_kvm+0x6c8/0xff0 [ 59.845045] kvm_vm_release+0x42/0x50 [ 59.845048] __fput+0x385/0xa30 [ 59.845050] ____fput+0x15/0x20 [ 59.845052] task_work_run+0x1e8/0x2a0 [ 59.845054] do_exit+0x1ad7/0x2610 [ 59.845057] do_group_exit+0x177/0x440 [ 59.845059] __x64_sys_exit_group+0x3e/0x50 [ 59.845062] do_syscall_64+0x1b9/0x820 [ 59.845065] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.845066] [ 59.845069] other info that might help us debug this: [ 59.845070] [ 59.845072] Chain exists of: [ 59.845073] (console_sem).lock --> &rq->lock --> report_lock [ 59.845084] [ 59.845086] Possible unsafe locking scenario: [ 59.845087] [ 59.845090] CPU0 CPU1 [ 59.845092] ---- ---- [ 59.845094] lock(report_lock); [ 59.845099] lock(&rq->lock); [ 59.845105] lock(report_lock); [ 59.845109] lock((console_sem).lock); [ 59.845114] [ 59.845116] *** DEADLOCK *** [ 59.845117] [ 59.845119] 2 locks held by syz-executor513/5336: [ 59.845121] #0: 000000004a9dae0a (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 59.845131] #1: 00000000f65754aa (report_lock){....}, at: kasan_report+0x8b/0x110 [ 59.845140] [ 59.845142] stack backtrace: [ 59.845146] CPU: 1 PID: 5336 Comm: syz-executor513 Not tainted 4.19.0-rc4+ #248 [ 59.845150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.845152] Call Trace: [ 59.845154] dump_stack+0x1c4/0x2b4 [ 59.845157] ? dump_stack_print_info.cold.2+0x52/0x52 [ 59.845159] ? vprintk_func+0x85/0x181 [ 59.845162] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 59.845165] ? save_trace+0xe0/0x290 [ 59.845167] __lock_acquire+0x33e4/0x4ec0 [ 59.845169] ? mark_held_locks+0x130/0x130 [ 59.845172] ? mark_held_locks+0x130/0x130 [ 59.845174] ? rcu_bh_qs+0xc0/0xc0 [ 59.845176] ? unwind_dump+0x190/0x190 [ 59.845179] ? is_bpf_text_address+0xd3/0x170 [ 59.845181] ? kernel_text_address+0x79/0xf0 [ 59.845184] ? __kernel_text_address+0xd/0x40 [ 59.845186] ? __save_stack_trace+0x8d/0xf0 [ 59.845189] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 59.845191] ? save_trace+0x290/0x290 [ 59.845194] ? save_stack_trace+0x1a/0x20 [ 59.845196] ? save_trace+0xe0/0x290 [ 59.845198] ? kasan_check_read+0x11/0x20 [ 59.845201] ? graph_lock+0x170/0x170 [ 59.845204] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 59.845206] lock_acquire+0x1ed/0x520 [ 59.845208] ? down_trylock+0x13/0x70 [ 59.845211] ? find_held_lock+0x36/0x1c0 [ 59.845213] ? lock_release+0x970/0x970 [ 59.845215] ? trace_hardirqs_off+0xb8/0x310 [ 59.845218] ? vprintk_emit+0x1d3/0x930 [ 59.845220] ? trace_hardirqs_on+0x310/0x310 [ 59.845223] ? trace_hardirqs_off+0xb8/0x310 [ 59.845225] ? log_store+0x344/0x4c0 [ 59.845227] ? vprintk_emit+0x322/0x930 [ 59.845230] _raw_spin_lock_irqsave+0x99/0xd0 [ 59.845232] ? down_trylock+0x13/0x70 [ 59.845234] down_trylock+0x13/0x70 [ 59.845237] __down_trylock_console_sem+0xae/0x200 [ 59.845239] console_trylock+0x15/0xa0 [ 59.845242] vprintk_emit+0x322/0x930 [ 59.845244] ? wake_up_klogd+0x180/0x180 [ 59.845247] ? run_rebalance_domains+0x500/0x500 [ 59.845249] ? wake_up_worker+0x117/0x190 [ 59.845251] ? find_held_lock+0x36/0x1c0 [ 59.845254] ? __queue_work+0x6be/0x1440 [ 59.845256] ? lock_acquire+0x1ed/0x520 [ 59.845258] vprintk_default+0x28/0x30 [ 59.845260] vprintk_func+0x7e/0x181 [ 59.845263] printk+0xa7/0xcf [ 59.845265] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 59.845268] ? kasan_check_write+0x14/0x20 [ 59.845270] ? do_raw_spin_lock+0xc1/0x200 [ 59.845272] ? do_raw_spin_lock+0xc1/0x200 [ 59.845275] kasan_report+0x9b/0x110 [ 59.845277] ? __schedule+0xfc3/0x1ed0 [ 59.845280] __asan_report_load8_noabort+0x14/0x20 [ 59.845282] __schedule+0xfc3/0x1ed0 [ 59.845284] ? __sched_text_start+0x8/0x8 [ 59.845287] ? __lock_is_held+0xb5/0x140 [ 59.845289] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 59.845292] ? find_held_lock+0x36/0x1c0 [ 59.845294] ? __call_srcu+0x7f9/0x1070 [ 59.845297] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 59.845300] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 59.845302] ? lockdep_hardirqs_on+0x421/0x5c0 [ 59.845305] ? preempt_schedule+0x4d/0x60 [ 59.845307] preempt_schedule_common+0x1f/0xd0 [ 59.845310] preempt_schedule+0x4d/0x60 [ 59.845312] ___preempt_schedule+0x16/0x18 [ 59.845315] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 59.845317] __call_srcu+0x7f9/0x1070 [ 59.845320] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 59.845323] ? srcu_offline_cpu+0x120/0x120 [ 59.845325] ? debug_object_free+0x690/0x690 [ 59.845328] ? mark_held_locks+0x130/0x130 [ 59.845330] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 59.845332] ? lock_release+0x970/0x970 [ 59.845335] ? arch_local_save_flags+0x40/0x40 [ 59.845337] ? depot_save_stack+0x292/0x470 [ 59.845340] ? __lockdep_init_map+0x105/0x590 [ 59.845343] ? __init_waitqueue_head+0x9e/0x150 [ 59.845345] ? init_wait_entry+0x1c0/0x1c0 [ 59.845347] __synchronize_srcu+0x17b/0x230 [ 59.845350] ? call_srcu+0x10/0x10 [ 59.845352] ? rcu_unexpedite_gp+0x20/0x20 [ 59.845355] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 59.845358] ? check_preemption_disabled+0x48/0x200 [ 59.845360] synchronize_srcu+0x356/0x5ab [ 59.845362] ? lock_downgrade+0x900/0x900 [ 59.845365] ? synchronize_srcu_expedited+0x20/0x20 [ 59.845368] ? kasan_check_read+0x11/0x20 [ 59.845370] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 59.845373] ? kasan_check_write+0x14/0x20 [ 59.845375] ? do_raw_spin_lock+0xc1/0x200 [ 59.845378] kvm_page_track_unregister_notifier+0x17d/0x250 [ 59.845381] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 59.845383] ? kvfree+0x61/0x70 [ 59.845386] ? rcu_read_lock_sched_held+0x108/0x120 [ 59.845388] kvm_mmu_uninit_vm+0x1c/0x20 [ 59.845390] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 59.845393] ? kvm_arch_sync_events+0x30/0x30 [ 59.845396] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 59.845399] ? mmu_notifier_unregister+0x474/0x600 [ 59.845401] ? kfree+0x107/0x230 [ 59.845403] ? __mmu_notifier_register+0x30/0x30 [ 59.845406] ? __free_pages+0x10a/0x190 [ 59.845408] ? free_unref_page+0x960/0x960 [ 59.845410] kvm_put_kvm+0x6c8/0xff0 [ 59.845413] ? kvm_write_guest_cached+0x40/0x40 [ 59.845415] ? kvm_irqfd_release+0xd1/0x120 [ 59.845418] ? _raw_spin_unlock_irq+0x27/0x80 [ 59.845420] ? _raw_spin_unlock_irq+0x27/0x80 [ 59.845423] ? kasan_check_write+0x14/0x20 [ 59.845425] ? do_raw_spin_lock+0xc1/0x200 [ 59.845427] ? kvm_irqfd_release+0x [ 59.845432] Lost 82 message(s)! [ 60.964896] Shutting down cpus with NMI [ 62.023079] Kernel Offset: disabled [ 62.026724] Rebooting in 86400 seconds..