[....] Starting OpenBSD Secure Shell server: sshd[ 26.509782] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.330164] random: sshd: uninitialized urandom read (32 bytes read) [ 30.740580] sshd (5366) used greatest stack depth: 16760 bytes left [ 30.764009] random: sshd: uninitialized urandom read (32 bytes read) [ 31.412688] random: sshd: uninitialized urandom read (32 bytes read) [ 31.635842] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. [ 37.190525] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 37.328402] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 37.354027] ================================================================== [ 37.364183] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 37.374789] Read of size 8 at addr ffff8801bacd0058 by task syz-executor664/5383 [ 37.382318] [ 37.383955] CPU: 1 PID: 5383 Comm: syz-executor664 Not tainted 4.19.0-rc3+ #231 [ 37.391395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.400744] Call Trace: [ 37.403338] dump_stack+0x1c4/0x2b4 [ 37.406981] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.412185] ? printk+0xa7/0xcf [ 37.415474] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.420255] print_address_description.cold.8+0x9/0x1ff [ 37.425620] kasan_report.cold.9+0x242/0x309 [ 37.430033] ? __schedule+0xfc3/0x1ed0 [ 37.433927] __asan_report_load8_noabort+0x14/0x20 [ 37.438869] __schedule+0xfc3/0x1ed0 [ 37.442593] ? __sched_text_start+0x8/0x8 [ 37.446747] ? __lock_is_held+0xb5/0x140 [ 37.450808] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.455913] ? find_held_lock+0x36/0x1c0 [ 37.459984] ? __call_srcu+0x7f9/0x1070 [ 37.463975] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.469178] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.474304] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.482696] ? preempt_schedule+0x4d/0x60 [ 37.486853] preempt_schedule_common+0x1f/0xd0 [ 37.491443] preempt_schedule+0x4d/0x60 [ 37.495416] ___preempt_schedule+0x16/0x18 [ 37.499657] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.504615] __call_srcu+0x7f9/0x1070 [ 37.508421] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.513530] ? srcu_offline_cpu+0x120/0x120 [ 37.517854] ? debug_object_free+0x690/0x690 [ 37.522348] ? mark_held_locks+0x130/0x130 [ 37.530959] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.535547] ? lock_release+0x970/0x970 [ 37.539526] ? arch_local_save_flags+0x40/0x40 [ 37.544107] ? depot_save_stack+0x292/0x470 [ 37.548433] ? __lockdep_init_map+0x105/0x590 [ 37.552941] ? __init_waitqueue_head+0x9e/0x150 [ 37.557629] ? init_wait_entry+0x1c0/0x1c0 [ 37.561884] __synchronize_srcu+0x17b/0x230 [ 37.566232] ? call_srcu+0x10/0x10 [ 37.569786] ? rcu_unexpedite_gp+0x20/0x20 [ 37.574047] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.579586] ? check_preemption_disabled+0x48/0x200 [ 37.584603] synchronize_srcu+0x356/0x5ab [ 37.589249] ? lock_downgrade+0x900/0x900 [ 37.593396] ? synchronize_srcu_expedited+0x20/0x20 [ 37.598416] ? kasan_check_read+0x11/0x20 [ 37.602563] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.607146] ? kasan_check_write+0x14/0x20 [ 37.611377] ? do_raw_spin_lock+0xc1/0x200 [ 37.616076] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.621875] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.627324] ? kvfree+0x61/0x70 [ 37.630599] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.635612] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.639679] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.644793] ? kvm_arch_sync_events+0x30/0x30 [ 37.653536] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.659088] ? mmu_notifier_unregister+0x474/0x600 [ 37.664070] ? kfree+0x107/0x230 [ 37.667451] ? __mmu_notifier_register+0x30/0x30 [ 37.672218] ? __free_pages+0x10a/0x190 [ 37.676191] ? free_unref_page+0x960/0x960 [ 37.680448] kvm_put_kvm+0x6c8/0xff0 [ 37.684166] ? kvm_write_guest_cached+0x40/0x40 [ 37.688834] ? kvm_irqfd_release+0xd1/0x120 [ 37.693155] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.697647] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.702159] ? kasan_check_write+0x14/0x20 [ 37.706387] ? do_raw_spin_lock+0xc1/0x200 [ 37.715226] ? kvm_irqfd_release+0xdd/0x120 [ 37.719549] ? kvm_irqfd_release+0xdd/0x120 [ 37.723872] ? kvm_put_kvm+0xff0/0xff0 [ 37.727754] kvm_vm_release+0x42/0x50 [ 37.731552] __fput+0x385/0xa30 [ 37.734833] ? get_max_files+0x20/0x20 [ 37.738717] ? trace_hardirqs_on+0xbd/0x310 [ 37.743045] ? ___might_sleep+0x1ed/0x300 [ 37.747188] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.752646] ? arch_local_save_flags+0x40/0x40 [ 37.757236] ? kasan_check_write+0x14/0x20 [ 37.761476] ? do_raw_spin_lock+0xc1/0x200 [ 37.765707] ____fput+0x15/0x20 [ 37.768987] task_work_run+0x1e8/0x2a0 [ 37.772880] ? task_work_cancel+0x240/0x240 [ 37.777204] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.782754] ? switch_task_namespaces+0x9d/0xd0 [ 37.787425] do_exit+0x1ad7/0x2610 [ 37.790978] ? mm_update_next_owner+0x990/0x990 [ 37.795659] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 37.799897] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.804913] ? kfree+0x1fa/0x230 [ 37.808283] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 37.812518] ? kvm_vcpu_block+0x1030/0x1030 [ 37.816843] ? is_bpf_text_address+0xd3/0x170 [ 37.821358] ? kernel_text_address+0x79/0xf0 [ 37.825771] ? __kernel_text_address+0xd/0x40 [ 37.834293] ? unwind_get_return_address+0x61/0xa0 [ 37.839233] ? __save_stack_trace+0x8d/0xf0 [ 37.843566] ? save_stack+0xa9/0xd0 [ 37.847189] ? save_stack+0x43/0xd0 [ 37.850823] ? __kasan_slab_free+0x102/0x150 [ 37.855233] ? kasan_slab_free+0xe/0x10 [ 37.859205] ? putname+0xf2/0x130 [ 37.862673] ? __x64_sys_openat+0x9d/0x100 [ 37.866906] ? do_syscall_64+0x1b9/0x820 [ 37.870970] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.876339] ? trace_hardirqs_off+0xb8/0x310 [ 37.880748] ? kasan_check_read+0x11/0x20 [ 37.884907] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.892745] ? trace_hardirqs_on+0x310/0x310 [ 37.897156] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 37.902259] ? trace_hardirqs_off+0xb8/0x310 [ 37.906669] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.912216] ? check_preemption_disabled+0x48/0x200 [ 37.917238] ? check_preemption_disabled+0x48/0x200 [ 37.922260] ? kvm_vcpu_block+0x1030/0x1030 [ 37.926587] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.932126] ? do_vfs_ioctl+0x201/0x1720 [ 37.936188] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 37.941479] ? ioctl_preallocate+0x300/0x300 [ 37.945889] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.954890] ? __fget_light+0x2e9/0x430 [ 37.958864] ? fget_raw+0x20/0x20 [ 37.962316] ? putname+0xf2/0x130 [ 37.965769] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.970785] ? kmem_cache_free+0x24f/0x290 [ 37.975023] ? putname+0xf7/0x130 [ 37.978484] do_group_exit+0x177/0x440 [ 37.982378] ? trace_hardirqs_on+0xbd/0x310 [ 37.986702] ? __ia32_sys_exit+0x50/0x50 [ 37.990761] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.996219] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.001755] ? ksys_ioctl+0x81/0xd0 [ 38.005385] __x64_sys_exit_group+0x3e/0x50 [ 38.009707] do_syscall_64+0x1b9/0x820 [ 38.013594] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.018962] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.023890] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.028737] ? trace_hardirqs_on_caller+0x310/0x310 [ 38.033959] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.038979] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.048075] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.052925] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.058113] RIP: 0033:0x43f028 [ 38.061308] Code: Bad RIP value. [ 38.064666] RSP: 002b:00007ffdcd44de48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.072376] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 38.079668] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.086936] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.094202] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 38.101477] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 38.108751] [ 38.110379] Allocated by task 5383: [ 38.115530] save_stack+0x43/0xd0 [ 38.118982] kasan_kmalloc+0xc7/0xe0 [ 38.122698] kasan_slab_alloc+0x12/0x20 [ 38.126669] kmem_cache_alloc+0x12e/0x730 [ 38.131342] vmx_create_vcpu+0xcf/0x25e0 [ 38.135423] kvm_arch_vcpu_create+0xe5/0x220 [ 38.139825] kvm_vm_ioctl+0x470/0x1d40 [ 38.143714] do_vfs_ioctl+0x1de/0x1720 [ 38.148323] ksys_ioctl+0xa9/0xd0 [ 38.151775] __x64_sys_ioctl+0x73/0xb0 [ 38.155662] do_syscall_64+0x1b9/0x820 [ 38.159548] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.165270] [ 38.166890] Freed by task 5383: [ 38.170165] save_stack+0x43/0xd0 [ 38.173617] __kasan_slab_free+0x102/0x150 [ 38.179269] kasan_slab_free+0xe/0x10 [ 38.183068] kmem_cache_free+0x83/0x290 [ 38.187048] vmx_free_vcpu+0x26b/0x300 [ 38.190936] kvm_arch_destroy_vm+0x365/0x7c0 [ 38.198607] kvm_put_kvm+0x6c8/0xff0 [ 38.203520] kvm_vm_release+0x42/0x50 [ 38.207321] __fput+0x385/0xa30 [ 38.210600] ____fput+0x15/0x20 [ 38.213880] task_work_run+0x1e8/0x2a0 [ 38.217768] do_exit+0x1ad7/0x2610 [ 38.221309] do_group_exit+0x177/0x440 [ 38.225200] __x64_sys_exit_group+0x3e/0x50 [ 38.229535] do_syscall_64+0x1b9/0x820 [ 38.233895] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.239072] [ 38.240700] The buggy address belongs to the object at ffff8801bacd0040 [ 38.240700] which belongs to the cache kvm_vcpu of size 23872 [ 38.255901] The buggy address is located 24 bytes inside of [ 38.255901] 23872-byte region [ffff8801bacd0040, ffff8801bacd5d80) [ 38.268617] The buggy address belongs to the page: [ 38.274044] page:ffffea0006eb3400 count:1 mapcount:0 mapping:ffff8801d78a4480 index:0x0 compound_mapcount: 0 [ 38.284856] flags: 0x2fffc0000008100(slab|head) [ 38.290040] raw: 02fffc0000008100 ffff8801d5a8bb48 ffff8801d5a8bb48 ffff8801d78a4480 [ 38.301873] raw: 0000000000000000 ffff8801bacd0040 0000000100000001 0000000000000000 [ 38.309744] page dumped because: kasan: bad access detected [ 38.315445] [ 38.317062] Memory state around the buggy address: [ 38.321990] ffff8801baccff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.329357] ffff8801baccff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.336714] >ffff8801bacd0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 38.344065] ^ [ 38.350292] ffff8801bacd0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.358068] ffff8801bacd0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.369389] ================================================================== [ 38.376772] Kernel panic - not syncing: panic_on_warn set ... [ 38.376772] [ 38.384165] CPU: 1 PID: 5383 Comm: syz-executor664 Tainted: G B 4.19.0-rc3+ #231 [ 38.393003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.402805] Call Trace: [ 38.405403] dump_stack+0x1c4/0x2b4 [ 38.409052] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.414254] ? lock_downgrade+0x900/0x900 [ 38.418406] panic+0x238/0x4e7 [ 38.421622] ? add_taint.cold.5+0x16/0x16 [ 38.425776] ? print_shadow_for_address+0xb6/0x116 [ 38.430707] ? trace_hardirqs_off+0xaf/0x310 [ 38.435123] kasan_end_report+0x47/0x4f [ 38.439117] kasan_report.cold.9+0x76/0x309 [ 38.443445] ? __schedule+0xfc3/0x1ed0 [ 38.447339] __asan_report_load8_noabort+0x14/0x20 [ 38.452268] __schedule+0xfc3/0x1ed0 [ 38.455992] ? __sched_text_start+0x8/0x8 [ 38.460148] ? __lock_is_held+0xb5/0x140 [ 38.464220] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.469333] ? find_held_lock+0x36/0x1c0 [ 38.473403] ? __call_srcu+0x7f9/0x1070 [ 38.477389] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.482506] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.487878] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.496068] ? preempt_schedule+0x4d/0x60 [ 38.500902] preempt_schedule_common+0x1f/0xd0 [ 38.505503] preempt_schedule+0x4d/0x60 [ 38.509486] ___preempt_schedule+0x16/0x18 [ 38.513742] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.518679] __call_srcu+0x7f9/0x1070 [ 38.522488] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.527609] ? srcu_offline_cpu+0x120/0x120 [ 38.531941] ? debug_object_free+0x690/0x690 [ 38.536359] ? mark_held_locks+0x130/0x130 [ 38.540596] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.545181] ? lock_release+0x970/0x970 [ 38.549163] ? arch_local_save_flags+0x40/0x40 [ 38.553746] ? depot_save_stack+0x292/0x470 [ 38.558074] ? __lockdep_init_map+0x105/0x590 [ 38.562578] ? __init_waitqueue_head+0x9e/0x150 [ 38.567249] ? init_wait_entry+0x1c0/0x1c0 [ 38.571998] __synchronize_srcu+0x17b/0x230 [ 38.576341] ? call_srcu+0x10/0x10 [ 38.579895] ? rcu_unexpedite_gp+0x20/0x20 [ 38.584151] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.589707] ? check_preemption_disabled+0x48/0x200 [ 38.594744] synchronize_srcu+0x356/0x5ab [ 38.598902] ? lock_downgrade+0x900/0x900 [ 38.603057] ? synchronize_srcu_expedited+0x20/0x20 [ 38.608083] ? kasan_check_read+0x11/0x20 [ 38.612256] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.616842] ? kasan_check_write+0x14/0x20 [ 38.621095] ? do_raw_spin_lock+0xc1/0x200 [ 38.625336] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.631055] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.640340] ? kvfree+0x61/0x70 [ 38.643627] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.648648] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.652710] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.657120] ? kvm_arch_sync_events+0x30/0x30 [ 38.661892] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.667432] ? mmu_notifier_unregister+0x474/0x600 [ 38.672361] ? kfree+0x107/0x230 [ 38.675731] ? __mmu_notifier_register+0x30/0x30 [ 38.680499] ? __free_pages+0x10a/0x190 [ 38.684480] ? free_unref_page+0x960/0x960 [ 38.688726] kvm_put_kvm+0x6c8/0xff0 [ 38.692451] ? kvm_write_guest_cached+0x40/0x40 [ 38.697124] ? kvm_irqfd_release+0xd1/0x120 [ 38.701446] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.705942] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.710448] ? kasan_check_write+0x14/0x20 [ 38.714683] ? do_raw_spin_lock+0xc1/0x200 [ 38.718925] ? kvm_irqfd_release+0xdd/0x120 [ 38.723250] ? kvm_irqfd_release+0xdd/0x120 [ 38.727572] ? kvm_put_kvm+0xff0/0xff0 [ 38.731461] kvm_vm_release+0x42/0x50 [ 38.735261] __fput+0x385/0xa30 [ 38.738543] ? get_max_files+0x20/0x20 [ 38.742430] ? trace_hardirqs_on+0xbd/0x310 [ 38.746751] ? ___might_sleep+0x1ed/0x300 [ 38.750896] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.756346] ? arch_local_save_flags+0x40/0x40 [ 38.760930] ? kasan_check_write+0x14/0x20 [ 38.765176] ? do_raw_spin_lock+0xc1/0x200 [ 38.769422] ____fput+0x15/0x20 [ 38.772703] task_work_run+0x1e8/0x2a0 [ 38.776592] ? task_work_cancel+0x240/0x240 [ 38.780919] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.786456] ? switch_task_namespaces+0x9d/0xd0 [ 38.795599] do_exit+0x1ad7/0x2610 [ 38.799148] ? mm_update_next_owner+0x990/0x990 [ 38.803825] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 38.808062] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.813078] ? kfree+0x1fa/0x230 [ 38.816446] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 38.820688] ? kvm_vcpu_block+0x1030/0x1030 [ 38.825022] ? is_bpf_text_address+0xd3/0x170 [ 38.829519] ? kernel_text_address+0x79/0xf0 [ 38.833931] ? __kernel_text_address+0xd/0x40 [ 38.838426] ? unwind_get_return_address+0x61/0xa0 [ 38.843355] ? __save_stack_trace+0x8d/0xf0 [ 38.847683] ? save_stack+0xa9/0xd0 [ 38.851310] ? save_stack+0x43/0xd0 [ 38.854934] ? __kasan_slab_free+0x102/0x150 [ 38.859340] ? kasan_slab_free+0xe/0x10 [ 38.865659] ? putname+0xf2/0x130 [ 38.869115] ? __x64_sys_openat+0x9d/0x100 [ 38.873351] ? do_syscall_64+0x1b9/0x820 [ 38.881071] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.886441] ? trace_hardirqs_off+0xb8/0x310 [ 38.890854] ? kasan_check_read+0x11/0x20 [ 38.895001] ? do_raw_spin_unlock+0xa7/0x2f0 [ 38.899413] ? trace_hardirqs_on+0x310/0x310 [ 38.903823] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 38.908931] ? trace_hardirqs_off+0xb8/0x310 [ 38.913339] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.918884] ? check_preemption_disabled+0x48/0x200 [ 38.923896] ? check_preemption_disabled+0x48/0x200 [ 38.928914] ? kvm_vcpu_block+0x1030/0x1030 [ 38.933247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.938783] ? do_vfs_ioctl+0x201/0x1720 [ 38.942849] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 38.948132] ? ioctl_preallocate+0x300/0x300 [ 38.952540] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.958078] ? __fget_light+0x2e9/0x430 [ 38.962051] ? fget_raw+0x20/0x20 [ 38.965502] ? putname+0xf2/0x130 [ 38.968959] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.973979] ? kmem_cache_free+0x24f/0x290 [ 38.978223] ? putname+0xf7/0x130 [ 38.981681] do_group_exit+0x177/0x440 [ 38.985568] ? trace_hardirqs_on+0xbd/0x310 [ 38.989892] ? __ia32_sys_exit+0x50/0x50 [ 38.993953] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.004001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.009542] ? ksys_ioctl+0x81/0xd0 [ 39.013178] __x64_sys_exit_group+0x3e/0x50 [ 39.017513] do_syscall_64+0x1b9/0x820 [ 39.021406] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.026771] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.031699] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.041236] ? trace_hardirqs_on_caller+0x310/0x310 [ 39.046260] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.051283] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.056305] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.061157] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.066342] RIP: 0033:0x43f028 [ 39.069533] Code: Bad RIP value. [ 39.072896] RSP: 002b:00007ffdcd44de48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 39.081064] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 39.088333] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 39.095755] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 39.103027] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 39.110293] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 39.125466] [ 39.125473] ====================================================== [ 39.125479] WARNING: possible circular locking dependency detected [ 39.125483] 4.19.0-rc3+ #231 Not tainted [ 39.125489] ------------------------------------------------------ [ 39.125494] syz-executor664/5383 is trying to acquire lock: [ 39.125498] 000000002df89c56 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 39.125514] [ 39.125519] but task is already holding lock: [ 39.125522] 0000000007629e21 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.125538] [ 39.125543] which lock already depends on the new lock. [ 39.125546] [ 39.125549] [ 39.125554] the existing dependency chain (in reverse order) is: [ 39.125556] [ 39.125559] -> #3 (report_lock){....}: [ 39.125575] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.125580] kasan_report+0x8b/0x110 [ 39.125585] __asan_report_load8_noabort+0x14/0x20 [ 39.125589] __schedule+0xfc3/0x1ed0 [ 39.125594] preempt_schedule_common+0x1f/0xd0 [ 39.125598] preempt_schedule+0x4d/0x60 [ 39.125603] ___preempt_schedule+0x16/0x18 [ 39.125607] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.125612] __call_srcu+0x7f9/0x1070 [ 39.125617] __synchronize_srcu+0x17b/0x230 [ 39.125621] synchronize_srcu+0x356/0x5ab [ 39.125626] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.125631] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.125636] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.125640] kvm_put_kvm+0x6c8/0xff0 [ 39.125644] kvm_vm_release+0x42/0x50 [ 39.125648] __fput+0x385/0xa30 [ 39.125652] ____fput+0x15/0x20 [ 39.125656] task_work_run+0x1e8/0x2a0 [ 39.125660] do_exit+0x1ad7/0x2610 [ 39.125665] do_group_exit+0x177/0x440 [ 39.125669] __x64_sys_exit_group+0x3e/0x50 [ 39.125674] do_syscall_64+0x1b9/0x820 [ 39.125679] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.125681] [ 39.125684] -> #2 (&rq->lock){-.-.}: [ 39.125699] _raw_spin_lock+0x2d/0x40 [ 39.125704] task_fork_fair+0xb0/0x6d0 [ 39.125708] sched_fork+0x443/0xba0 [ 39.125712] copy_process+0x2586/0x8780 [ 39.125716] _do_fork+0x1cb/0x11d0 [ 39.125721] kernel_thread+0x34/0x40 [ 39.125725] rest_init+0x22/0xe5 [ 39.125729] start_kernel+0x8f4/0x92f [ 39.125734] x86_64_start_reservations+0x29/0x2b [ 39.125738] x86_64_start_kernel+0x76/0x79 [ 39.125743] secondary_startup_64+0xa4/0xb0 [ 39.125745] [ 39.125748] -> #1 (&p->pi_lock){-.-.}: [ 39.125764] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.125768] try_to_wake_up+0xd2/0x12f0 [ 39.125773] wake_up_process+0x10/0x20 [ 39.125777] __up.isra.1+0x1c0/0x2a0 [ 39.125781] up+0x13c/0x1c0 [ 39.125785] __up_console_sem+0xbe/0x1b0 [ 39.125790] console_unlock+0x524/0x11a0 [ 39.125794] vprintk_emit+0x33d/0x930 [ 39.125798] vprintk_default+0x28/0x30 [ 39.125802] vprintk_func+0x7e/0x181 [ 39.125806] printk+0xa7/0xcf [ 39.125810] load_umh+0x51/0xbd [ 39.125814] do_one_initcall+0x145/0x957 [ 39.125819] kernel_init_freeable+0x4bb/0x5ae [ 39.125823] kernel_init+0x11/0x1b2 [ 39.125828] ret_from_fork+0x3a/0x50 [ 39.125830] [ 39.125838] -> #0 ((console_sem).lock){-...}: [ 39.125854] lock_acquire+0x1ed/0x520 [ 39.125859] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.125863] down_trylock+0x13/0x70 [ 39.125868] __down_trylock_console_sem+0xae/0x200 [ 39.125873] console_trylock+0x15/0xa0 [ 39.125877] vprintk_emit+0x322/0x930 [ 39.125881] vprintk_default+0x28/0x30 [ 39.125886] vprintk_func+0x7e/0x181 [ 39.125890] printk+0xa7/0xcf [ 39.125894] kasan_report+0x9b/0x110 [ 39.125899] __asan_report_load8_noabort+0x14/0x20 [ 39.125903] __schedule+0xfc3/0x1ed0 [ 39.125908] preempt_schedule_common+0x1f/0xd0 [ 39.125913] preempt_schedule+0x4d/0x60 [ 39.125917] ___preempt_schedule+0x16/0x18 [ 39.125922] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.125927] __call_srcu+0x7f9/0x1070 [ 39.125931] __synchronize_srcu+0x17b/0x230 [ 39.125936] synchronize_srcu+0x356/0x5ab [ 39.125942] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.125946] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.125951] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.125955] kvm_put_kvm+0x6c8/0xff0 [ 39.125960] kvm_vm_release+0x42/0x50 [ 39.125964] __fput+0x385/0xa30 [ 39.125968] ____fput+0x15/0x20 [ 39.125978] task_work_run+0x1e8/0x2a0 [ 39.125983] do_exit+0x1ad7/0x2610 [ 39.125987] do_group_exit+0x177/0x440 [ 39.125992] __x64_sys_exit_group+0x3e/0x50 [ 39.125996] do_syscall_64+0x1b9/0x820 [ 39.126005] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.126008] [ 39.126021] other info that might help us debug this: [ 39.126024] [ 39.126027] Chain exists of: [ 39.126030] (console_sem).lock --> &rq->lock --> report_lock [ 39.126050] [ 39.126055] Possible unsafe locking scenario: [ 39.126058] [ 39.126062] CPU0 CPU1 [ 39.126067] ---- ---- [ 39.126073] lock(report_lock); [ 39.126083] lock(&rq->lock); [ 39.126094] lock(report_lock); [ 39.126103] lock((console_sem).lock); [ 39.126112] [ 39.126115] *** DEADLOCK *** [ 39.126118] [ 39.126123] 2 locks held by syz-executor664/5383: [ 39.126126] #0: 00000000b7a59fc9 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 39.126145] #1: 0000000007629e21 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.126164] [ 39.126167] stack backtrace: [ 39.126174] CPU: 1 PID: 5383 Comm: syz-executor664 Not tainted 4.19.0-rc3+ #231 [ 39.126182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.126186] Call Trace: [ 39.126190] dump_stack+0x1c4/0x2b4 [ 39.126195] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.126200] ? vprintk_func+0x85/0x181 [ 39.126205] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 39.126220] ? save_trace+0xe0/0x290 [ 39.126224] __lock_acquire+0x33e4/0x4ec0 [ 39.126229] ? mark_held_locks+0x130/0x130 [ 39.126233] ? mark_held_locks+0x130/0x130 [ 39.126237] ? rcu_bh_qs+0xc0/0xc0 [ 39.126241] ? unwind_dump+0x190/0x190 [ 39.126246] ? is_bpf_text_address+0xd3/0x170 [ 39.126251] ? kernel_text_address+0x79/0xf0 [ 39.126255] ? __kernel_text_address+0xd/0x40 [ 39.126273] ? __save_stack_trace+0x8d/0xf0 [ 39.126278] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 39.126282] ? save_trace+0x290/0x290 [ 39.126287] ? save_stack_trace+0x1a/0x20 [ 39.126291] ? save_trace+0xe0/0x290 [ 39.126296] ? kasan_check_read+0x11/0x20 [ 39.126300] ? graph_lock+0x170/0x170 [ 39.126305] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.126310] lock_acquire+0x1ed/0x520 [ 39.126314] ? down_trylock+0x13/0x70 [ 39.126319] ? find_held_lock+0x36/0x1c0 [ 39.126323] ? lock_release+0x970/0x970 [ 39.126328] ? trace_hardirqs_off+0xb8/0x310 [ 39.126332] ? vprintk_emit+0x1d3/0x930 [ 39.126337] ? trace_hardirqs_on+0x310/0x310 [ 39.126342] ? trace_hardirqs_off+0xb8/0x310 [ 39.126346] ? log_store+0x344/0x4c0 [ 39.126350] ? vprintk_emit+0x322/0x930 [ 39.126355] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.126360] ? down_trylock+0x13/0x70 [ 39.126364] down_trylock+0x13/0x70 [ 39.126369] __down_trylock_console_sem+0xae/0x200 [ 39.126373] console_trylock+0x15/0xa0 [ 39.126378] vprintk_emit+0x322/0x930 [ 39.126382] ? wake_up_klogd+0x180/0x180 [ 39.126387] ? run_rebalance_domains+0x500/0x500 [ 39.126392] ? wake_up_worker+0x117/0x190 [ 39.126396] ? find_held_lock+0x36/0x1c0 [ 39.126400] ? __queue_work+0x6be/0x1440 [ 39.126405] ? lock_acquire+0x1ed/0x520 [ 39.126409] vprintk_default+0x28/0x30 [ 39.126413] vprintk_func+0x7e/0x181 [ 39.126417] printk+0xa7/0xcf [ 39.126422] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 39.126427] ? kasan_check_write+0x14/0x20 [ 39.126431] ? do_raw_spin_lock+0xc1/0x200 [ 39.126436] ? do_raw_spin_lock+0xc1/0x200 [ 39.126440] kasan_report+0x9b/0x110 [ 39.126445] ? __schedule+0xfc3/0x1ed0 [ 39.126450] __asan_report_load8_noabort+0x14/0x20 [ 39.126454] __schedule+0xfc3/0x1ed0 [ 39.126458] ? __sched_text_start+0x8/0x8 [ 39.126463] ? __lock_is_held+0xb5/0x140 [ 39.126468] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.126472] ? find_held_lock+0x36/0x1c0 [ 39.126477] ? __call_srcu+0x7f9/0x1070 [ 39.126482] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.126487] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.126492] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.126497] ? preempt_schedule+0x4d/0x60 [ 39.126501] preempt_schedule_common+0x1f/0xd0 [ 39.126506] preempt_schedule+0x4d/0x60 [ 39.126510] ___preempt_schedule+0x16/0x18 [ 39.126515] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.126520] __call_srcu+0x7f9/0x1070 [ 39.126525] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.126530] ? srcu_offline_cpu+0x120/0x120 [ 39.126535] ? debug_object_free+0x690/0x690 [ 39.126539] ? mark_held_locks+0x130/0x130 [ 39.126544] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.126549] ? lock_release+0x970/0x970 [ 39.126553] ? arch_local_save_flags+0x40/0x40 [ 39.126558] ? depot_save_stack+0x292/0x470 [ 39.126563] ? __lockdep_init_map+0x105/0x590 [ 39.126568] ? __init_waitqueue_head+0x9e/0x150 [ 39.126572] ? init_wait_entry+0x1c0/0x1c0 [ 39.126577] __synchronize_srcu+0x17b/0x230 [ 39.126581] ? call_srcu+0x10/0x10 [ 39.126586] ? rcu_unexpedite_gp+0x20/0x20 [ 39.126591] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.126596] ? check_preemption_disabled+0x48/0x200 [ 39.126601] synchronize_srcu+0x356/0x5ab [ 39.126605] ? lock_downgrade+0x900/0x900 [ 39.126610] ? synchronize_srcu_expedited+0x20/0x20 [ 39.126615] ? kasan_check_read+0x11/0x20 [ 39.126620] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.126624] ? kasan_check_write+0x14/0x20 [ 39.126629] ? do_raw_spin_lock+0xc1/0x200 [ 39.126634] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.126640] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.126644] ? kvfree+0x61/0x70 [ 39.126649] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.126653] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.126658] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.126663] ? kvm_arch_sync_events+0x30/0x30 [ 39.126668] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.126673] ? mmu_notifier_unregister+0x474/0x600 [ 39.126677] ? kfree+0x107/0x230 [ 39.126682] ? __mmu_notifier_register+0x30/0x30 [ 39.126686] ? __free_pages+0x10a/0x190 [ 39.126691] ? free_unref_page+0x960/0x960 [ 39.126695] kvm_put_kvm+0x6c8/0xff0 [ 39.126700] ? kvm_write_guest_cached+0x40/0x40 [ 39.126705] ? kvm_irqfd_release+0xd1/0x120 [ 39.126709] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.126714] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.126719] ? kasan_check_write+0x14/0x20 [ 39.126723] ? do_raw_spin_lock+0xc1/0x200 [ 39.126727] ? kvm_irqfd_release+0x [ 39.126736] Lost 82 message(s)! [ 40.303900] Shutting down cpus with NMI [ 41.425299] Dumping ftrace buffer: [ 41.428826] (ftrace buffer empty) [ 41.433078] Kernel Offset: disabled [ 41.436845] Rebooting in 86400 seconds..