[....] Starting OpenBSD Secure Shell server: sshd[ 26.274487] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.361421] random: sshd: uninitialized urandom read (32 bytes read) [ 30.682084] random: sshd: uninitialized urandom read (32 bytes read) [ 31.311651] random: sshd: uninitialized urandom read (32 bytes read) [ 31.511642] sshd (5342) used greatest stack depth: 16408 bytes left [ 31.536690] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. [ 37.371271] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 37.498271] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 37.524241] ================================================================== [ 37.533788] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 37.540063] Read of size 8 at addr ffff8801d9030058 by task syz-executor540/5352 [ 37.547599] [ 37.549251] CPU: 0 PID: 5352 Comm: syz-executor540 Not tainted 4.19.0-rc3+ #231 [ 37.556720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.566066] Call Trace: [ 37.568669] dump_stack+0x1c4/0x2b4 [ 37.572301] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.577496] ? printk+0xa7/0xcf [ 37.580786] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.585549] print_address_description.cold.8+0x9/0x1ff [ 37.590919] kasan_report.cold.9+0x242/0x309 [ 37.595328] ? __schedule+0xfc3/0x1ed0 [ 37.599224] __asan_report_load8_noabort+0x14/0x20 [ 37.604155] __schedule+0xfc3/0x1ed0 [ 37.607874] ? __sched_text_start+0x8/0x8 [ 37.612029] ? __lock_is_held+0xb5/0x140 [ 37.616087] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.621190] ? find_held_lock+0x36/0x1c0 [ 37.625265] ? __call_srcu+0x7f9/0x1070 [ 37.629248] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.634351] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.639453] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.644038] ? preempt_schedule+0x4d/0x60 [ 37.648193] preempt_schedule_common+0x1f/0xd0 [ 37.652793] preempt_schedule+0x4d/0x60 [ 37.656784] ___preempt_schedule+0x16/0x18 [ 37.661031] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.665990] __call_srcu+0x7f9/0x1070 [ 37.669800] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.674911] ? srcu_offline_cpu+0x120/0x120 [ 37.679252] ? debug_object_free+0x690/0x690 [ 37.683662] ? mark_held_locks+0x130/0x130 [ 37.687906] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.692493] ? lock_release+0x970/0x970 [ 37.696468] ? arch_local_save_flags+0x40/0x40 [ 37.701055] ? depot_save_stack+0x292/0x470 [ 37.705385] ? __lockdep_init_map+0x105/0x590 [ 37.709888] ? __init_waitqueue_head+0x9e/0x150 [ 37.714559] ? init_wait_entry+0x1c0/0x1c0 [ 37.718809] __synchronize_srcu+0x17b/0x230 [ 37.723136] ? call_srcu+0x10/0x10 [ 37.726673] ? rcu_unexpedite_gp+0x20/0x20 [ 37.730914] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.736451] ? check_preemption_disabled+0x48/0x200 [ 37.741474] synchronize_srcu+0x356/0x5ab [ 37.745622] ? lock_downgrade+0x900/0x900 [ 37.749784] ? synchronize_srcu_expedited+0x20/0x20 [ 37.754807] ? kasan_check_read+0x11/0x20 [ 37.758960] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.763544] ? kasan_check_write+0x14/0x20 [ 37.767790] ? do_raw_spin_lock+0xc1/0x200 [ 37.772038] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.777756] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.783227] ? kvfree+0x61/0x70 [ 37.786507] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.791524] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.795589] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.800235] ? kvm_arch_sync_events+0x30/0x30 [ 37.804736] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.810286] ? mmu_notifier_unregister+0x474/0x600 [ 37.815219] ? kfree+0x107/0x230 [ 37.818589] ? __mmu_notifier_register+0x30/0x30 [ 37.823346] ? __free_pages+0x10a/0x190 [ 37.827319] ? free_unref_page+0x960/0x960 [ 37.831566] kvm_put_kvm+0x6c8/0xff0 [ 37.835287] ? kvm_write_guest_cached+0x40/0x40 [ 37.839961] ? kvm_irqfd_release+0xd1/0x120 [ 37.844284] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.848786] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.853288] ? kasan_check_write+0x14/0x20 [ 37.857524] ? do_raw_spin_lock+0xc1/0x200 [ 37.861757] ? kvm_irqfd_release+0xdd/0x120 [ 37.866085] ? kvm_irqfd_release+0xdd/0x120 [ 37.870406] ? kvm_put_kvm+0xff0/0xff0 [ 37.874293] kvm_vm_release+0x42/0x50 [ 37.878091] __fput+0x385/0xa30 [ 37.881375] ? get_max_files+0x20/0x20 [ 37.885265] ? trace_hardirqs_on+0xbd/0x310 [ 37.889588] ? ___might_sleep+0x1ed/0x300 [ 37.894056] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.899499] ? arch_local_save_flags+0x40/0x40 [ 37.904079] ? kasan_check_write+0x14/0x20 [ 37.908485] ? do_raw_spin_lock+0xc1/0x200 [ 37.912794] ____fput+0x15/0x20 [ 37.916068] task_work_run+0x1e8/0x2a0 [ 37.919951] ? task_work_cancel+0x240/0x240 [ 37.924263] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.929800] ? switch_task_namespaces+0x9d/0xd0 [ 37.934456] do_exit+0x1ad7/0x2610 [ 37.937990] ? mm_update_next_owner+0x990/0x990 [ 37.942648] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 37.946934] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.951938] ? kfree+0x1fa/0x230 [ 37.955288] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 37.959520] ? kvm_vcpu_block+0x1030/0x1030 [ 37.963831] ? is_bpf_text_address+0xd3/0x170 [ 37.968323] ? kernel_text_address+0x79/0xf0 [ 37.972722] ? __kernel_text_address+0xd/0x40 [ 37.977205] ? unwind_get_return_address+0x61/0xa0 [ 37.982119] ? __save_stack_trace+0x8d/0xf0 [ 37.986455] ? save_stack+0xa9/0xd0 [ 37.990078] ? save_stack+0x43/0xd0 [ 37.993687] ? __kasan_slab_free+0x102/0x150 [ 37.998080] ? kasan_slab_free+0xe/0x10 [ 38.002040] ? putname+0xf2/0x130 [ 38.005479] ? __x64_sys_openat+0x9d/0x100 [ 38.009744] ? do_syscall_64+0x1b9/0x820 [ 38.013810] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.019166] ? trace_hardirqs_off+0xb8/0x310 [ 38.023569] ? kasan_check_read+0x11/0x20 [ 38.027747] ? do_raw_spin_unlock+0xa7/0x2f0 [ 38.032153] ? trace_hardirqs_on+0x310/0x310 [ 38.036546] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 38.041772] ? trace_hardirqs_off+0xb8/0x310 [ 38.046187] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.051713] ? check_preemption_disabled+0x48/0x200 [ 38.056792] ? check_preemption_disabled+0x48/0x200 [ 38.061908] ? kvm_vcpu_block+0x1030/0x1030 [ 38.066267] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.071799] ? do_vfs_ioctl+0x201/0x1720 [ 38.075850] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 38.081112] ? ioctl_preallocate+0x300/0x300 [ 38.085510] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.091031] ? __fget_light+0x2e9/0x430 [ 38.094988] ? fget_raw+0x20/0x20 [ 38.098423] ? putname+0xf2/0x130 [ 38.101885] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.106938] ? kmem_cache_free+0x24f/0x290 [ 38.111179] ? putname+0xf7/0x130 [ 38.114639] do_group_exit+0x177/0x440 [ 38.118518] ? trace_hardirqs_on+0xbd/0x310 [ 38.122858] ? __ia32_sys_exit+0x50/0x50 [ 38.126909] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.132356] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.137878] ? ksys_ioctl+0x81/0xd0 [ 38.141496] __x64_sys_exit_group+0x3e/0x50 [ 38.145851] do_syscall_64+0x1b9/0x820 [ 38.149727] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.155077] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.159996] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.164830] ? trace_hardirqs_on_caller+0x310/0x310 [ 38.169837] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.174981] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.179993] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.184829] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.190044] RIP: 0033:0x43ecc8 [ 38.193228] Code: Bad RIP value. [ 38.196573] RSP: 002b:00007ffd91a30298 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.204266] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 38.211520] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.218825] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.226088] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 38.233346] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 38.240607] [ 38.242330] Allocated by task 5352: [ 38.245944] save_stack+0x43/0xd0 [ 38.249387] kasan_kmalloc+0xc7/0xe0 [ 38.253098] kasan_slab_alloc+0x12/0x20 [ 38.257055] kmem_cache_alloc+0x12e/0x730 [ 38.261186] vmx_create_vcpu+0xcf/0x25e0 [ 38.265227] kvm_arch_vcpu_create+0xe5/0x220 [ 38.269617] kvm_vm_ioctl+0x470/0x1d40 [ 38.273484] do_vfs_ioctl+0x1de/0x1720 [ 38.277479] ksys_ioctl+0xa9/0xd0 [ 38.280925] __x64_sys_ioctl+0x73/0xb0 [ 38.284806] do_syscall_64+0x1b9/0x820 [ 38.288678] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.293842] [ 38.295455] Freed by task 5352: [ 38.298719] save_stack+0x43/0xd0 [ 38.302157] __kasan_slab_free+0x102/0x150 [ 38.306373] kasan_slab_free+0xe/0x10 [ 38.310157] kmem_cache_free+0x83/0x290 [ 38.314112] vmx_free_vcpu+0x26b/0x300 [ 38.317981] kvm_arch_destroy_vm+0x365/0x7c0 [ 38.322477] kvm_put_kvm+0x6c8/0xff0 [ 38.326184] kvm_vm_release+0x42/0x50 [ 38.329968] __fput+0x385/0xa30 [ 38.333227] ____fput+0x15/0x20 [ 38.336486] task_work_run+0x1e8/0x2a0 [ 38.340354] do_exit+0x1ad7/0x2610 [ 38.343883] do_group_exit+0x177/0x440 [ 38.347827] __x64_sys_exit_group+0x3e/0x50 [ 38.352139] do_syscall_64+0x1b9/0x820 [ 38.356010] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.361175] [ 38.362791] The buggy address belongs to the object at ffff8801d9030040 [ 38.362791] which belongs to the cache kvm_vcpu of size 23872 [ 38.375404] The buggy address is located 24 bytes inside of [ 38.375404] 23872-byte region [ffff8801d9030040, ffff8801d9035d80) [ 38.387350] The buggy address belongs to the page: [ 38.392262] page:ffffea0007640c00 count:1 mapcount:0 mapping:ffff8801d525cc00 index:0x0 compound_mapcount: 0 [ 38.402214] flags: 0x2fffc0000008100(slab|head) [ 38.406868] raw: 02fffc0000008100 ffff8801d5251148 ffff8801d5251148 ffff8801d525cc00 [ 38.414739] raw: 0000000000000000 ffff8801d9030040 0000000100000001 0000000000000000 [ 38.422613] page dumped because: kasan: bad access detected [ 38.428359] [ 38.429974] Memory state around the buggy address: [ 38.434889] ffff8801d902ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.442228] ffff8801d902ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.449628] >ffff8801d9030000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 38.456979] ^ [ 38.463202] ffff8801d9030080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.470551] ffff8801d9030100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.477897] ================================================================== [ 38.485243] Kernel panic - not syncing: panic_on_warn set ... [ 38.485243] [ 38.492604] CPU: 0 PID: 5352 Comm: syz-executor540 Tainted: G B 4.19.0-rc3+ #231 [ 38.501520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.510857] Call Trace: [ 38.513435] dump_stack+0x1c4/0x2b4 [ 38.517047] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.522223] ? lock_downgrade+0x900/0x900 [ 38.526358] panic+0x238/0x4e7 [ 38.529572] ? add_taint.cold.5+0x16/0x16 [ 38.533852] ? print_shadow_for_address+0xb6/0x116 [ 38.538873] ? trace_hardirqs_off+0xaf/0x310 [ 38.543273] kasan_end_report+0x47/0x4f [ 38.547360] kasan_report.cold.9+0x76/0x309 [ 38.551667] ? __schedule+0xfc3/0x1ed0 [ 38.555543] __asan_report_load8_noabort+0x14/0x20 [ 38.560459] __schedule+0xfc3/0x1ed0 [ 38.564159] ? __sched_text_start+0x8/0x8 [ 38.568297] ? __lock_is_held+0xb5/0x140 [ 38.572363] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.577534] ? find_held_lock+0x36/0x1c0 [ 38.581588] ? __call_srcu+0x7f9/0x1070 [ 38.585552] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.590643] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.595737] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.600364] ? preempt_schedule+0x4d/0x60 [ 38.604510] preempt_schedule_common+0x1f/0xd0 [ 38.609082] preempt_schedule+0x4d/0x60 [ 38.613042] ___preempt_schedule+0x16/0x18 [ 38.617261] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.622174] __call_srcu+0x7f9/0x1070 [ 38.625956] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.631051] ? srcu_offline_cpu+0x120/0x120 [ 38.635418] ? debug_object_free+0x690/0x690 [ 38.639833] ? mark_held_locks+0x130/0x130 [ 38.644063] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.648630] ? lock_release+0x970/0x970 [ 38.652696] ? arch_local_save_flags+0x40/0x40 [ 38.657264] ? depot_save_stack+0x292/0x470 [ 38.661619] ? __lockdep_init_map+0x105/0x590 [ 38.666104] ? __init_waitqueue_head+0x9e/0x150 [ 38.670820] ? init_wait_entry+0x1c0/0x1c0 [ 38.675046] __synchronize_srcu+0x17b/0x230 [ 38.679357] ? call_srcu+0x10/0x10 [ 38.682888] ? rcu_unexpedite_gp+0x20/0x20 [ 38.687181] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.692706] ? check_preemption_disabled+0x48/0x200 [ 38.697707] synchronize_srcu+0x356/0x5ab [ 38.701841] ? lock_downgrade+0x900/0x900 [ 38.705981] ? synchronize_srcu_expedited+0x20/0x20 [ 38.711033] ? kasan_check_read+0x11/0x20 [ 38.715176] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.719743] ? kasan_check_write+0x14/0x20 [ 38.723973] ? do_raw_spin_lock+0xc1/0x200 [ 38.728198] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.733893] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.739464] ? kvfree+0x61/0x70 [ 38.742782] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.747798] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.751852] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.756263] ? kvm_arch_sync_events+0x30/0x30 [ 38.760755] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.766299] ? mmu_notifier_unregister+0x474/0x600 [ 38.771214] ? kfree+0x107/0x230 [ 38.774563] ? __mmu_notifier_register+0x30/0x30 [ 38.779330] ? __free_pages+0x10a/0x190 [ 38.783355] ? free_unref_page+0x960/0x960 [ 38.787578] kvm_put_kvm+0x6c8/0xff0 [ 38.791308] ? kvm_write_guest_cached+0x40/0x40 [ 38.795957] ? kvm_irqfd_release+0xd1/0x120 [ 38.800285] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.804772] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.809270] ? kasan_check_write+0x14/0x20 [ 38.813496] ? do_raw_spin_lock+0xc1/0x200 [ 38.817721] ? kvm_irqfd_release+0xdd/0x120 [ 38.822032] ? kvm_irqfd_release+0xdd/0x120 [ 38.826346] ? kvm_put_kvm+0xff0/0xff0 [ 38.830221] kvm_vm_release+0x42/0x50 [ 38.834011] __fput+0x385/0xa30 [ 38.837336] ? get_max_files+0x20/0x20 [ 38.841218] ? trace_hardirqs_on+0xbd/0x310 [ 38.845532] ? ___might_sleep+0x1ed/0x300 [ 38.849664] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.855212] ? arch_local_save_flags+0x40/0x40 [ 38.859784] ? kasan_check_write+0x14/0x20 [ 38.864062] ? do_raw_spin_lock+0xc1/0x200 [ 38.868283] ____fput+0x15/0x20 [ 38.871545] task_work_run+0x1e8/0x2a0 [ 38.875509] ? task_work_cancel+0x240/0x240 [ 38.879821] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.885345] ? switch_task_namespaces+0x9d/0xd0 [ 38.890000] do_exit+0x1ad7/0x2610 [ 38.893526] ? mm_update_next_owner+0x990/0x990 [ 38.898188] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 38.902408] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.907407] ? kfree+0x1fa/0x230 [ 38.910756] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 38.914981] ? kvm_vcpu_block+0x1030/0x1030 [ 38.919409] ? is_bpf_text_address+0xd3/0x170 [ 38.924008] ? kernel_text_address+0x79/0xf0 [ 38.928411] ? __kernel_text_address+0xd/0x40 [ 38.932896] ? unwind_get_return_address+0x61/0xa0 [ 38.937827] ? __save_stack_trace+0x8d/0xf0 [ 38.942139] ? save_stack+0xa9/0xd0 [ 38.945753] ? save_stack+0x43/0xd0 [ 38.949369] ? __kasan_slab_free+0x102/0x150 [ 38.953757] ? kasan_slab_free+0xe/0x10 [ 38.957833] ? putname+0xf2/0x130 [ 38.961282] ? __x64_sys_openat+0x9d/0x100 [ 38.965500] ? do_syscall_64+0x1b9/0x820 [ 38.969550] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.974899] ? trace_hardirqs_off+0xb8/0x310 [ 38.979289] ? kasan_check_read+0x11/0x20 [ 38.983428] ? do_raw_spin_unlock+0xa7/0x2f0 [ 38.987831] ? trace_hardirqs_on+0x310/0x310 [ 38.992223] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 38.997320] ? trace_hardirqs_off+0xb8/0x310 [ 39.001711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.007233] ? check_preemption_disabled+0x48/0x200 [ 39.012234] ? check_preemption_disabled+0x48/0x200 [ 39.017270] ? kvm_vcpu_block+0x1030/0x1030 [ 39.021755] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.027298] ? do_vfs_ioctl+0x201/0x1720 [ 39.031346] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 39.036609] ? ioctl_preallocate+0x300/0x300 [ 39.041005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.046530] ? __fget_light+0x2e9/0x430 [ 39.050505] ? fget_raw+0x20/0x20 [ 39.053987] ? putname+0xf2/0x130 [ 39.057491] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.062500] ? kmem_cache_free+0x24f/0x290 [ 39.066727] ? putname+0xf7/0x130 [ 39.070170] do_group_exit+0x177/0x440 [ 39.074152] ? trace_hardirqs_on+0xbd/0x310 [ 39.078499] ? __ia32_sys_exit+0x50/0x50 [ 39.082564] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.088064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.093698] ? ksys_ioctl+0x81/0xd0 [ 39.097339] __x64_sys_exit_group+0x3e/0x50 [ 39.101751] do_syscall_64+0x1b9/0x820 [ 39.105633] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.110984] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.115902] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.120728] ? trace_hardirqs_on_caller+0x310/0x310 [ 39.125744] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.130758] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.135774] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.140599] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.145864] RIP: 0033:0x43ecc8 [ 39.149050] Code: Bad RIP value. [ 39.152398] RSP: 002b:00007ffd91a30298 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 39.160091] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 39.167343] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 39.174610] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 39.181865] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 39.189120] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 39.196444] [ 39.196448] ====================================================== [ 39.196452] WARNING: possible circular locking dependency detected [ 39.196454] 4.19.0-rc3+ #231 Not tainted [ 39.196457] ------------------------------------------------------ [ 39.196460] syz-executor540/5352 is trying to acquire lock: [ 39.196463] 00000000e95e7e31 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 39.196471] [ 39.196474] but task is already holding lock: [ 39.196475] 00000000c455fc35 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.196483] [ 39.196486] which lock already depends on the new lock. [ 39.196488] [ 39.196489] [ 39.196492] the existing dependency chain (in reverse order) is: [ 39.196493] [ 39.196495] -> #3 (report_lock){....}: [ 39.196503] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.196505] kasan_report+0x8b/0x110 [ 39.196508] __asan_report_load8_noabort+0x14/0x20 [ 39.196510] __schedule+0xfc3/0x1ed0 [ 39.196513] preempt_schedule_common+0x1f/0xd0 [ 39.196515] preempt_schedule+0x4d/0x60 [ 39.196518] ___preempt_schedule+0x16/0x18 [ 39.196521] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.196523] __call_srcu+0x7f9/0x1070 [ 39.196525] __synchronize_srcu+0x17b/0x230 [ 39.196528] synchronize_srcu+0x356/0x5ab [ 39.196544] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.196547] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.196549] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.196551] kvm_put_kvm+0x6c8/0xff0 [ 39.196554] kvm_vm_release+0x42/0x50 [ 39.196556] __fput+0x385/0xa30 [ 39.196558] ____fput+0x15/0x20 [ 39.196560] task_work_run+0x1e8/0x2a0 [ 39.196562] do_exit+0x1ad7/0x2610 [ 39.196564] do_group_exit+0x177/0x440 [ 39.196567] __x64_sys_exit_group+0x3e/0x50 [ 39.196569] do_syscall_64+0x1b9/0x820 [ 39.196572] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.196573] [ 39.196574] -> #2 (&rq->lock){-.-.}: [ 39.196582] _raw_spin_lock+0x2d/0x40 [ 39.196584] task_fork_fair+0xb0/0x6d0 [ 39.196586] sched_fork+0x443/0xba0 [ 39.196588] copy_process+0x2586/0x8780 [ 39.196591] _do_fork+0x1cb/0x11d0 [ 39.196593] kernel_thread+0x34/0x40 [ 39.196595] rest_init+0x22/0xe5 [ 39.196597] start_kernel+0x8f4/0x92f [ 39.196600] x86_64_start_reservations+0x29/0x2b [ 39.196602] x86_64_start_kernel+0x76/0x79 [ 39.196604] secondary_startup_64+0xa4/0xb0 [ 39.196606] [ 39.196607] -> #1 (&p->pi_lock){-.-.}: [ 39.196615] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.196617] try_to_wake_up+0xd2/0x12f0 [ 39.196619] wake_up_process+0x10/0x20 [ 39.196621] __up.isra.1+0x1c0/0x2a0 [ 39.196623] up+0x13c/0x1c0 [ 39.196626] __up_console_sem+0xbe/0x1b0 [ 39.196628] console_unlock+0x524/0x11a0 [ 39.196630] vprintk_emit+0x33d/0x930 [ 39.196633] vprintk_default+0x28/0x30 [ 39.196635] vprintk_func+0x7e/0x181 [ 39.196637] printk+0xa7/0xcf [ 39.196639] load_umh+0x51/0xbd [ 39.196641] do_one_initcall+0x145/0x957 [ 39.196644] kernel_init_freeable+0x4bb/0x5ae [ 39.196646] kernel_init+0x11/0x1b2 [ 39.196648] ret_from_fork+0x3a/0x50 [ 39.196649] [ 39.196650] -> #0 ((console_sem).lock){-...}: [ 39.196658] lock_acquire+0x1ed/0x520 [ 39.196661] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.196663] down_trylock+0x13/0x70 [ 39.196666] __down_trylock_console_sem+0xae/0x200 [ 39.196668] console_trylock+0x15/0xa0 [ 39.196670] vprintk_emit+0x322/0x930 [ 39.196672] vprintk_default+0x28/0x30 [ 39.196675] vprintk_func+0x7e/0x181 [ 39.196677] printk+0xa7/0xcf [ 39.196679] kasan_report+0x9b/0x110 [ 39.196681] __asan_report_load8_noabort+0x14/0x20 [ 39.196684] __schedule+0xfc3/0x1ed0 [ 39.196686] preempt_schedule_common+0x1f/0xd0 [ 39.196688] preempt_schedule+0x4d/0x60 [ 39.196691] ___preempt_schedule+0x16/0x18 [ 39.196694] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.196696] __call_srcu+0x7f9/0x1070 [ 39.196698] __synchronize_srcu+0x17b/0x230 [ 39.196700] synchronize_srcu+0x356/0x5ab [ 39.196703] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.196706] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.196708] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.196710] kvm_put_kvm+0x6c8/0xff0 [ 39.196713] kvm_vm_release+0x42/0x50 [ 39.196715] __fput+0x385/0xa30 [ 39.196717] ____fput+0x15/0x20 [ 39.196719] task_work_run+0x1e8/0x2a0 [ 39.196721] do_exit+0x1ad7/0x2610 [ 39.196723] do_group_exit+0x177/0x440 [ 39.196726] __x64_sys_exit_group+0x3e/0x50 [ 39.196728] do_syscall_64+0x1b9/0x820 [ 39.196731] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.196732] [ 39.196735] other info that might help us debug this: [ 39.196736] [ 39.196738] Chain exists of: [ 39.196739] (console_sem).lock --> &rq->lock --> report_lock [ 39.196749] [ 39.196751] Possible unsafe locking scenario: [ 39.196752] [ 39.196755] CPU0 CPU1 [ 39.196757] ---- ---- [ 39.196758] lock(report_lock); [ 39.196773] lock(&rq->lock); [ 39.196778] lock(report_lock); [ 39.196782] lock((console_sem).lock); [ 39.196787] [ 39.196789] *** DEADLOCK *** [ 39.196790] [ 39.196792] 2 locks held by syz-executor540/5352: [ 39.196793] #0: 00000000d80c9490 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 39.196803] #1: 00000000c455fc35 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.196812] [ 39.196814] stack backtrace: [ 39.196818] CPU: 0 PID: 5352 Comm: syz-executor540 Not tainted 4.19.0-rc3+ #231 [ 39.196822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.196824] Call Trace: [ 39.196826] dump_stack+0x1c4/0x2b4 [ 39.196829] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.196831] ? vprintk_func+0x85/0x181 [ 39.196834] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 39.196836] ? save_trace+0xe0/0x290 [ 39.196838] __lock_acquire+0x33e4/0x4ec0 [ 39.196840] ? mark_held_locks+0x130/0x130 [ 39.196843] ? mark_held_locks+0x130/0x130 [ 39.196845] ? rcu_bh_qs+0xc0/0xc0 [ 39.196847] ? unwind_dump+0x190/0x190 [ 39.196849] ? is_bpf_text_address+0xd3/0x170 [ 39.196852] ? kernel_text_address+0x79/0xf0 [ 39.196854] ? __kernel_text_address+0xd/0x40 [ 39.196856] ? __save_stack_trace+0x8d/0xf0 [ 39.196859] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 39.196861] ? save_trace+0x290/0x290 [ 39.196863] ? save_stack_trace+0x1a/0x20 [ 39.196866] ? save_trace+0xe0/0x290 [ 39.196868] ? kasan_check_read+0x11/0x20 [ 39.196870] ? graph_lock+0x170/0x170 [ 39.196879] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.196881] lock_acquire+0x1ed/0x520 [ 39.196883] ? down_trylock+0x13/0x70 [ 39.196885] ? find_held_lock+0x36/0x1c0 [ 39.196888] ? lock_release+0x970/0x970 [ 39.196890] ? trace_hardirqs_off+0xb8/0x310 [ 39.196893] ? vprintk_emit+0x1d3/0x930 [ 39.196895] ? trace_hardirqs_on+0x310/0x310 [ 39.196897] ? trace_hardirqs_off+0xb8/0x310 [ 39.196899] ? log_store+0x344/0x4c0 [ 39.196902] ? vprintk_emit+0x322/0x930 [ 39.196904] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.196906] ? down_trylock+0x13/0x70 [ 39.196908] down_trylock+0x13/0x70 [ 39.196911] __down_trylock_console_sem+0xae/0x200 [ 39.196913] console_trylock+0x15/0xa0 [ 39.196915] vprintk_emit+0x322/0x930 [ 39.196918] ? wake_up_klogd+0x180/0x180 [ 39.196922] ? run_rebalance_domains+0x500/0x500 [ 39.196924] ? wake_up_worker+0x117/0x190 [ 39.196926] ? find_held_lock+0x36/0x1c0 [ 39.196929] ? __queue_work+0x6be/0x1440 [ 39.196931] ? lock_acquire+0x1ed/0x520 [ 39.196933] vprintk_default+0x28/0x30 [ 39.196935] vprintk_func+0x7e/0x181 [ 39.196937] printk+0xa7/0xcf [ 39.196940] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 39.196942] ? kasan_check_write+0x14/0x20 [ 39.196944] ? do_raw_spin_lock+0xc1/0x200 [ 39.196947] ? do_raw_spin_lock+0xc1/0x200 [ 39.196949] kasan_report+0x9b/0x110 [ 39.196951] ? __schedule+0xfc3/0x1ed0 [ 39.196954] __asan_report_load8_noabort+0x14/0x20 [ 39.196956] __schedule+0xfc3/0x1ed0 [ 39.196958] ? __sched_text_start+0x8/0x8 [ 39.196960] ? __lock_is_held+0xb5/0x140 [ 39.196963] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.196965] ? find_held_lock+0x36/0x1c0 [ 39.196968] ? __call_srcu+0x7f9/0x1070 [ 39.196970] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.196973] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.196975] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.196977] ? preempt_schedule+0x4d/0x60 [ 39.196980] preempt_schedule_common+0x1f/0xd0 [ 39.196982] preempt_schedule+0x4d/0x60 [ 39.196984] ___preempt_schedule+0x16/0x18 [ 39.196987] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.197002] __call_srcu+0x7f9/0x1070 [ 39.197005] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.197007] ? srcu_offline_cpu+0x120/0x120 [ 39.197010] ? debug_object_free+0x690/0x690 [ 39.197012] ? mark_held_locks+0x130/0x130 [ 39.197015] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.197017] ? lock_release+0x970/0x970 [ 39.197019] ? arch_local_save_flags+0x40/0x40 [ 39.197022] ? depot_save_stack+0x292/0x470 [ 39.197024] ? __lockdep_init_map+0x105/0x590 [ 39.197027] ? __init_waitqueue_head+0x9e/0x150 [ 39.197029] ? init_wait_entry+0x1c0/0x1c0 [ 39.197032] __synchronize_srcu+0x17b/0x230 [ 39.197034] ? call_srcu+0x10/0x10 [ 39.197036] ? rcu_unexpedite_gp+0x20/0x20 [ 39.197039] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.197042] ? check_preemption_disabled+0x48/0x200 [ 39.197044] synchronize_srcu+0x356/0x5ab [ 39.197047] ? lock_downgrade+0x900/0x900 [ 39.197049] ? synchronize_srcu_expedited+0x20/0x20 [ 39.197052] ? kasan_check_read+0x11/0x20 [ 39.197054] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.197057] ? kasan_check_write+0x14/0x20 [ 39.197059] ? do_raw_spin_lock+0xc1/0x200 [ 39.197062] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.197065] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.197067] ? kvfree+0x61/0x70 [ 39.197070] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.197072] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.197074] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.197077] ? kvm_arch_sync_events+0x30/0x30 [ 39.197080] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.197082] ? mmu_notifier_unregister+0x474/0x600 [ 39.197085] ? kfree+0x107/0x230 [ 39.197087] ? __mmu_notifier_register+0x30/0x30 [ 39.197089] ? __free_pages+0x10a/0x190 [ 39.197092] ? free_unref_page+0x960/0x960 [ 39.197094] kvm_put_kvm+0x6c8/0xff0 [ 39.197097] ? kvm_write_guest_cached+0x40/0x40 [ 39.197099] ? kvm_irqfd_release+0xd1/0x120 [ 39.197101] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.197104] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.197106] ? kasan_check_write+0x14/0x20 [ 39.197109] ? do_raw_spin_lock+0xc1/0x200 [ 39.197111] ? kvm_irqfd_release+0x [ 39.197116] Lost 82 message(s)! [ 40.368292] Shutting down cpus with NMI [ 41.425382] Dumping ftrace buffer: [ 41.428933] (ftrace buffer empty) [ 41.433146] Kernel Offset: disabled [ 41.436775] Rebooting in 86400 seconds..