[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.355311] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.052219] random: sshd: uninitialized urandom read (32 bytes read) [ 28.267039] random: sshd: uninitialized urandom read (32 bytes read) [ 28.879618] random: sshd: uninitialized urandom read (32 bytes read) [ 40.362695] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. [ 46.064833] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 46.189238] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 46.216002] ================================================================== [ 46.226007] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 46.232235] Read of size 8 at addr ffff8801d95c8058 by task syz-executor040/5327 [ 46.239756] [ 46.241387] CPU: 1 PID: 5327 Comm: syz-executor040 Not tainted 4.19.0-rc4+ #248 [ 46.248823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.258181] Call Trace: [ 46.260769] dump_stack+0x1c4/0x2b4 [ 46.264404] ? dump_stack_print_info.cold.2+0x52/0x52 [ 46.269594] ? printk+0xa7/0xcf [ 46.272886] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 46.277644] print_address_description.cold.8+0x9/0x1ff [ 46.283008] kasan_report.cold.9+0x242/0x309 [ 46.287419] ? __schedule+0xfc3/0x1ed0 [ 46.291308] __asan_report_load8_noabort+0x14/0x20 [ 46.296235] __schedule+0xfc3/0x1ed0 [ 46.299950] ? __sched_text_start+0x8/0x8 [ 46.304097] ? __lock_is_held+0xb5/0x140 [ 46.308156] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 46.313255] ? find_held_lock+0x36/0x1c0 [ 46.317320] ? __call_srcu+0x7f9/0x1070 [ 46.321293] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 46.326394] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 46.331495] ? lockdep_hardirqs_on+0x421/0x5c0 [ 46.336104] ? preempt_schedule+0x4d/0x60 [ 46.340254] preempt_schedule_common+0x1f/0xd0 [ 46.344843] preempt_schedule+0x4d/0x60 [ 46.348835] ___preempt_schedule+0x16/0x18 [ 46.353083] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 46.358014] __call_srcu+0x7f9/0x1070 [ 46.361813] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 46.366933] ? srcu_offline_cpu+0x120/0x120 [ 46.371253] ? debug_object_free+0x690/0x690 [ 46.375663] ? mark_held_locks+0x130/0x130 [ 46.379893] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 46.384477] ? lock_release+0x970/0x970 [ 46.388454] ? arch_local_save_flags+0x40/0x40 [ 46.393039] ? depot_save_stack+0x292/0x470 [ 46.397363] ? __lockdep_init_map+0x105/0x590 [ 46.401871] ? __init_waitqueue_head+0x9e/0x150 [ 46.406539] ? init_wait_entry+0x1c0/0x1c0 [ 46.410777] __synchronize_srcu+0x17b/0x230 [ 46.415099] ? call_srcu+0x10/0x10 [ 46.418634] ? rcu_unexpedite_gp+0x20/0x20 [ 46.422879] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 46.428417] ? check_preemption_disabled+0x48/0x200 [ 46.433435] synchronize_srcu+0x356/0x5ab [ 46.437582] ? lock_downgrade+0x900/0x900 [ 46.441755] ? synchronize_srcu_expedited+0x20/0x20 [ 46.446773] ? kasan_check_read+0x11/0x20 [ 46.450921] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 46.455503] ? kasan_check_write+0x14/0x20 [ 46.459738] ? do_raw_spin_lock+0xc1/0x200 [ 46.463976] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.469685] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 46.475139] ? kvfree+0x61/0x70 [ 46.478420] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.483442] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.487502] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.491913] ? kvm_arch_sync_events+0x30/0x30 [ 46.496409] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.501958] ? mmu_notifier_unregister+0x474/0x600 [ 46.506902] ? kfree+0x107/0x230 [ 46.510307] ? __mmu_notifier_register+0x30/0x30 [ 46.515083] ? __free_pages+0x10a/0x190 [ 46.519074] ? free_unref_page+0x960/0x960 [ 46.523334] kvm_put_kvm+0x6c8/0xff0 [ 46.527065] ? kvm_write_guest_cached+0x40/0x40 [ 46.531748] ? kvm_irqfd_release+0xd1/0x120 [ 46.536078] ? _raw_spin_unlock_irq+0x27/0x80 [ 46.540577] ? _raw_spin_unlock_irq+0x27/0x80 [ 46.545083] ? kasan_check_write+0x14/0x20 [ 46.549321] ? do_raw_spin_lock+0xc1/0x200 [ 46.553559] ? kvm_irqfd_release+0xdd/0x120 [ 46.557883] ? kvm_irqfd_release+0xdd/0x120 [ 46.562204] ? kvm_put_kvm+0xff0/0xff0 [ 46.566090] kvm_vm_release+0x42/0x50 [ 46.569890] __fput+0x385/0xa30 [ 46.573174] ? get_max_files+0x20/0x20 [ 46.577057] ? trace_hardirqs_on+0xbd/0x310 [ 46.581381] ? ___might_sleep+0x1ed/0x300 [ 46.585525] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 46.590974] ? arch_local_save_flags+0x40/0x40 [ 46.595559] ? kasan_check_write+0x14/0x20 [ 46.599791] ? do_raw_spin_lock+0xc1/0x200 [ 46.604027] ____fput+0x15/0x20 [ 46.607302] task_work_run+0x1e8/0x2a0 [ 46.611189] ? task_work_cancel+0x240/0x240 [ 46.615512] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.621050] ? switch_task_namespaces+0x9d/0xd0 [ 46.625726] do_exit+0x1ad7/0x2610 [ 46.629271] ? mm_update_next_owner+0x990/0x990 [ 46.633948] ? print_usage_bug+0xc0/0xc0 [ 46.638008] ? try_to_wake_up+0x10a/0x12f0 [ 46.642243] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 46.647346] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 46.652452] ? lockdep_hardirqs_on+0x421/0x5c0 [ 46.657034] ? preempt_schedule+0x4d/0x60 [ 46.661185] ? preempt_schedule_common+0x1f/0xd0 [ 46.665947] ? preempt_schedule+0x4d/0x60 [ 46.670099] ? __lock_acquire+0x7ec/0x4ec0 [ 46.674339] ? _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 46.679443] ? try_to_wake_up+0x10a/0x12f0 [ 46.683673] ? __mutex_lock+0x85e/0x1700 [ 46.687735] ? queue_delayed_work_on+0xec/0x1f0 [ 46.692410] ? mark_held_locks+0x130/0x130 [ 46.696643] ? find_held_lock+0x36/0x1c0 [ 46.700710] ? lock_downgrade+0x900/0x900 [ 46.704873] ? kasan_check_read+0x11/0x20 [ 46.709026] ? do_raw_spin_unlock+0xa7/0x2f0 [ 46.713438] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 46.718024] ? __unqueue_futex+0x2e0/0x2e0 [ 46.722269] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 46.727471] ? drop_futex_key_refs.isra.15+0x6d/0xe0 [ 46.732581] ? graph_lock+0x170/0x170 [ 46.736389] ? memset+0x31/0x40 [ 46.739673] ? find_held_lock+0x36/0x1c0 [ 46.743740] ? get_signal+0x95b/0x1980 [ 46.747628] ? _raw_spin_unlock_irq+0x27/0x80 [ 46.752122] ? _raw_spin_unlock_irq+0x27/0x80 [ 46.756622] do_group_exit+0x177/0x440 [ 46.760511] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 46.765961] ? __ia32_sys_exit+0x50/0x50 [ 46.770027] get_signal+0x8b0/0x1980 [ 46.773748] ? ptrace_notify+0x130/0x130 [ 46.777811] ? kasan_check_read+0x11/0x20 [ 46.781965] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 46.787241] ? rcu_bh_qs+0xc0/0xc0 [ 46.790786] ? __fget+0x4d1/0x740 [ 46.794244] do_signal+0x9c/0x21e0 [ 46.797785] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 46.802894] ? trace_hardirqs_off+0xb8/0x310 [ 46.807304] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.812845] ? check_preemption_disabled+0x48/0x200 [ 46.817877] ? setup_sigcontext+0x7d0/0x7d0 [ 46.822197] ? kvm_vcpu_block+0x1030/0x1030 [ 46.826515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.832048] ? do_vfs_ioctl+0x201/0x1720 [ 46.836106] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 46.841387] ? ioctl_preallocate+0x300/0x300 [ 46.845795] ? exit_to_usermode_loop+0x8c/0x380 [ 46.850477] ? __x64_sys_futex+0x47f/0x6a0 [ 46.854717] exit_to_usermode_loop+0x2e5/0x380 [ 46.859297] ? syscall_slow_exit_work+0x520/0x520 [ 46.864137] ? ksys_ioctl+0x81/0xd0 [ 46.867795] do_syscall_64+0x6be/0x820 [ 46.871681] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 46.877045] ? syscall_return_slowpath+0x5e0/0x5e0 [ 46.881971] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.886812] ? trace_hardirqs_on_caller+0x310/0x310 [ 46.891834] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 46.896865] ? prepare_exit_to_usermode+0x291/0x3b0 [ 46.901974] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.906819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.912017] RIP: 0033:0x4458a9 [ 46.915209] Code: Bad RIP value. [ 46.918565] RSP: 002b:00007f1b93b08d98 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 46.926292] RAX: 0000000000000001 RBX: 00000000006dac48 RCX: 00000000004458a9 [ 46.933553] RDX: 00000000004458a9 RSI: 0000000000000081 RDI: 00000000006dac4c [ 46.940818] RBP: 00000000006dac40 R08: 0000000000000000 R09: 0000000000000000 [ 46.948094] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac4c [ 46.955360] R13: 6d766b2f7665642f R14: 00007f1b93b099c0 R15: 00000000006dad4c [ 46.962633] [ 46.964252] Allocated by task 5327: [ 46.968224] save_stack+0x43/0xd0 [ 46.971670] kasan_kmalloc+0xc7/0xe0 [ 46.975379] kasan_slab_alloc+0x12/0x20 [ 46.979351] kmem_cache_alloc+0x12e/0x730 [ 46.983493] vmx_create_vcpu+0xcf/0x25e0 [ 46.987546] kvm_arch_vcpu_create+0xe5/0x220 [ 46.991951] kvm_vm_ioctl+0x470/0x1d40 [ 46.995858] do_vfs_ioctl+0x1de/0x1720 [ 46.999744] ksys_ioctl+0xa9/0xd0 [ 47.003193] __x64_sys_ioctl+0x73/0xb0 [ 47.007077] do_syscall_64+0x1b9/0x820 [ 47.010962] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.016137] [ 47.017754] Freed by task 5327: [ 47.021033] save_stack+0x43/0xd0 [ 47.024927] __kasan_slab_free+0x102/0x150 [ 47.029161] kasan_slab_free+0xe/0x10 [ 47.032957] kmem_cache_free+0x83/0x290 [ 47.036926] vmx_free_vcpu+0x26b/0x300 [ 47.040812] kvm_arch_destroy_vm+0x365/0x7c0 [ 47.045222] kvm_put_kvm+0x6c8/0xff0 [ 47.048931] kvm_vm_release+0x42/0x50 [ 47.052722] __fput+0x385/0xa30 [ 47.055996] ____fput+0x15/0x20 [ 47.059270] task_work_run+0x1e8/0x2a0 [ 47.063162] do_exit+0x1ad7/0x2610 [ 47.066698] do_group_exit+0x177/0x440 [ 47.070585] get_signal+0x8b0/0x1980 [ 47.074293] do_signal+0x9c/0x21e0 [ 47.077835] exit_to_usermode_loop+0x2e5/0x380 [ 47.082419] do_syscall_64+0x6be/0x820 [ 47.086326] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.091504] [ 47.093129] The buggy address belongs to the object at ffff8801d95c8040 [ 47.093129] which belongs to the cache kvm_vcpu of size 23872 [ 47.105698] The buggy address is located 24 bytes inside of [ 47.105698] 23872-byte region [ffff8801d95c8040, ffff8801d95cdd80) [ 47.117650] The buggy address belongs to the page: [ 47.122575] page:ffffea0007657200 count:1 mapcount:0 mapping:ffff8801d72c21c0 index:0x0 compound_mapcount: 0 [ 47.132541] flags: 0x2fffc0000008100(slab|head) [ 47.137210] raw: 02fffc0000008100 ffff8801d5abdd48 ffff8801d5abdd48 ffff8801d72c21c0 [ 47.145093] raw: 0000000000000000 ffff8801d95c8040 0000000100000001 0000000000000000 [ 47.152963] page dumped because: kasan: bad access detected [ 47.158660] [ 47.160274] Memory state around the buggy address: [ 47.165196] ffff8801d95c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.172550] ffff8801d95c7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.179901] >ffff8801d95c8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 47.187251] ^ [ 47.193474] ffff8801d95c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.200832] ffff8801d95c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.208184] ================================================================== [ 47.215531] Kernel panic - not syncing: panic_on_warn set ... [ 47.215531] [ 47.222917] CPU: 1 PID: 5327 Comm: syz-executor040 Tainted: G B 4.19.0-rc4+ #248 [ 47.231744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.241092] Call Trace: [ 47.243683] dump_stack+0x1c4/0x2b4 [ 47.247306] ? dump_stack_print_info.cold.2+0x52/0x52 [ 47.252499] ? lock_downgrade+0x900/0x900 [ 47.256650] panic+0x238/0x4e7 [ 47.259845] ? add_taint.cold.5+0x16/0x16 [ 47.264006] ? print_shadow_for_address+0xb6/0x116 [ 47.268936] ? trace_hardirqs_off+0xaf/0x310 [ 47.273342] kasan_end_report+0x47/0x4f [ 47.277312] kasan_report.cold.9+0x76/0x309 [ 47.281633] ? __schedule+0xfc3/0x1ed0 [ 47.285521] __asan_report_load8_noabort+0x14/0x20 [ 47.290450] __schedule+0xfc3/0x1ed0 [ 47.294167] ? __sched_text_start+0x8/0x8 [ 47.298312] ? __lock_is_held+0xb5/0x140 [ 47.302371] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.307470] ? find_held_lock+0x36/0x1c0 [ 47.311530] ? __call_srcu+0x7f9/0x1070 [ 47.315502] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.320600] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.325698] ? lockdep_hardirqs_on+0x421/0x5c0 [ 47.330276] ? preempt_schedule+0x4d/0x60 [ 47.334426] preempt_schedule_common+0x1f/0xd0 [ 47.339005] preempt_schedule+0x4d/0x60 [ 47.342976] ___preempt_schedule+0x16/0x18 [ 47.347212] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 47.352138] __call_srcu+0x7f9/0x1070 [ 47.355934] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 47.361041] ? srcu_offline_cpu+0x120/0x120 [ 47.365359] ? debug_object_free+0x690/0x690 [ 47.369768] ? mark_held_locks+0x130/0x130 [ 47.374001] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 47.378582] ? lock_release+0x970/0x970 [ 47.382555] ? arch_local_save_flags+0x40/0x40 [ 47.387139] ? depot_save_stack+0x292/0x470 [ 47.391469] ? __lockdep_init_map+0x105/0x590 [ 47.395969] ? __init_waitqueue_head+0x9e/0x150 [ 47.400638] ? init_wait_entry+0x1c0/0x1c0 [ 47.404885] __synchronize_srcu+0x17b/0x230 [ 47.409204] ? call_srcu+0x10/0x10 [ 47.412740] ? rcu_unexpedite_gp+0x20/0x20 [ 47.416976] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.422510] ? check_preemption_disabled+0x48/0x200 [ 47.427528] synchronize_srcu+0x356/0x5ab [ 47.431675] ? lock_downgrade+0x900/0x900 [ 47.435822] ? synchronize_srcu_expedited+0x20/0x20 [ 47.440863] ? kasan_check_read+0x11/0x20 [ 47.445015] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 47.449597] ? kasan_check_write+0x14/0x20 [ 47.453836] ? do_raw_spin_lock+0xc1/0x200 [ 47.458082] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.463794] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 47.469245] ? kvfree+0x61/0x70 [ 47.472520] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.477537] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.481599] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.486010] ? kvm_arch_sync_events+0x30/0x30 [ 47.490505] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.496042] ? mmu_notifier_unregister+0x474/0x600 [ 47.500968] ? kfree+0x107/0x230 [ 47.504334] ? __mmu_notifier_register+0x30/0x30 [ 47.509090] ? __free_pages+0x10a/0x190 [ 47.513062] ? free_unref_page+0x960/0x960 [ 47.517304] kvm_put_kvm+0x6c8/0xff0 [ 47.521023] ? kvm_write_guest_cached+0x40/0x40 [ 47.525693] ? kvm_irqfd_release+0xd1/0x120 [ 47.530017] ? _raw_spin_unlock_irq+0x27/0x80 [ 47.534507] ? _raw_spin_unlock_irq+0x27/0x80 [ 47.539008] ? kasan_check_write+0x14/0x20 [ 47.543242] ? do_raw_spin_lock+0xc1/0x200 [ 47.547481] ? kvm_irqfd_release+0xdd/0x120 [ 47.551797] ? kvm_irqfd_release+0xdd/0x120 [ 47.556121] ? kvm_put_kvm+0xff0/0xff0 [ 47.560005] kvm_vm_release+0x42/0x50 [ 47.563802] __fput+0x385/0xa30 [ 47.567087] ? get_max_files+0x20/0x20 [ 47.570969] ? trace_hardirqs_on+0xbd/0x310 [ 47.575294] ? ___might_sleep+0x1ed/0x300 [ 47.579439] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 47.584887] ? arch_local_save_flags+0x40/0x40 [ 47.589468] ? kasan_check_write+0x14/0x20 [ 47.593702] ? do_raw_spin_lock+0xc1/0x200 [ 47.597937] ____fput+0x15/0x20 [ 47.601214] task_work_run+0x1e8/0x2a0 [ 47.605101] ? task_work_cancel+0x240/0x240 [ 47.609423] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.614961] ? switch_task_namespaces+0x9d/0xd0 [ 47.619628] do_exit+0x1ad7/0x2610 [ 47.623173] ? mm_update_next_owner+0x990/0x990 [ 47.627845] ? print_usage_bug+0xc0/0xc0 [ 47.631911] ? try_to_wake_up+0x10a/0x12f0 [ 47.636146] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.641244] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.646343] ? lockdep_hardirqs_on+0x421/0x5c0 [ 47.650930] ? preempt_schedule+0x4d/0x60 [ 47.655078] ? preempt_schedule_common+0x1f/0xd0 [ 47.659838] ? preempt_schedule+0x4d/0x60 [ 47.663993] ? __lock_acquire+0x7ec/0x4ec0 [ 47.668231] ? _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 47.673328] ? try_to_wake_up+0x10a/0x12f0 [ 47.677558] ? __mutex_lock+0x85e/0x1700 [ 47.681618] ? queue_delayed_work_on+0xec/0x1f0 [ 47.686287] ? mark_held_locks+0x130/0x130 [ 47.690515] ? find_held_lock+0x36/0x1c0 [ 47.694578] ? lock_downgrade+0x900/0x900 [ 47.698731] ? kasan_check_read+0x11/0x20 [ 47.702885] ? do_raw_spin_unlock+0xa7/0x2f0 [ 47.707293] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 47.711880] ? __unqueue_futex+0x2e0/0x2e0 [ 47.716112] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 47.721300] ? drop_futex_key_refs.isra.15+0x6d/0xe0 [ 47.726399] ? graph_lock+0x170/0x170 [ 47.730204] ? memset+0x31/0x40 [ 47.733483] ? find_held_lock+0x36/0x1c0 [ 47.737550] ? get_signal+0x95b/0x1980 [ 47.741434] ? _raw_spin_unlock_irq+0x27/0x80 [ 47.745926] ? _raw_spin_unlock_irq+0x27/0x80 [ 47.750423] do_group_exit+0x177/0x440 [ 47.754312] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 47.759760] ? __ia32_sys_exit+0x50/0x50 [ 47.763862] get_signal+0x8b0/0x1980 [ 47.767584] ? ptrace_notify+0x130/0x130 [ 47.771642] ? kasan_check_read+0x11/0x20 [ 47.775793] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 47.781067] ? rcu_bh_qs+0xc0/0xc0 [ 47.784608] ? __fget+0x4d1/0x740 [ 47.788064] do_signal+0x9c/0x21e0 [ 47.791603] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 47.796707] ? trace_hardirqs_off+0xb8/0x310 [ 47.801115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.806648] ? check_preemption_disabled+0x48/0x200 [ 47.811658] ? setup_sigcontext+0x7d0/0x7d0 [ 47.815983] ? kvm_vcpu_block+0x1030/0x1030 [ 47.820300] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.825838] ? do_vfs_ioctl+0x201/0x1720 [ 47.829909] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 47.835190] ? ioctl_preallocate+0x300/0x300 [ 47.839598] ? exit_to_usermode_loop+0x8c/0x380 [ 47.844277] ? __x64_sys_futex+0x47f/0x6a0 [ 47.848516] exit_to_usermode_loop+0x2e5/0x380 [ 47.853100] ? syscall_slow_exit_work+0x520/0x520 [ 47.857939] ? ksys_ioctl+0x81/0xd0 [ 47.861566] do_syscall_64+0x6be/0x820 [ 47.865450] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 47.870811] ? syscall_return_slowpath+0x5e0/0x5e0 [ 47.875744] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.880585] ? trace_hardirqs_on_caller+0x310/0x310 [ 47.885602] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 47.891177] ? prepare_exit_to_usermode+0x291/0x3b0 [ 47.896175] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.901025] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.906212] RIP: 0033:0x4458a9 [ 47.909403] Code: Bad RIP value. [ 47.912759] RSP: 002b:00007f1b93b08d98 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 47.920467] RAX: 0000000000000001 RBX: 00000000006dac48 RCX: 00000000004458a9 [ 47.927730] RDX: 00000000004458a9 RSI: 0000000000000081 RDI: 00000000006dac4c [ 47.934992] RBP: 00000000006dac40 R08: 0000000000000000 R09: 0000000000000000 [ 47.942879] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac4c [ 47.950150] R13: 6d766b2f7665642f R14: 00007f1b93b099c0 R15: 00000000006dad4c [ 47.957426] [ 47.957432] ====================================================== [ 47.957438] WARNING: possible circular locking dependency detected [ 47.957442] 4.19.0-rc4+ #248 Not tainted [ 47.957448] ------------------------------------------------------ [ 47.957453] syz-executor040/5327 is trying to acquire lock: [ 47.957457] 000000003ab678a8 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 47.957473] [ 47.957477] but task is already holding lock: [ 47.957481] 000000006a18a175 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 47.957496] [ 47.957501] which lock already depends on the new lock. [ 47.957504] [ 47.957506] [ 47.957512] the existing dependency chain (in reverse order) is: [ 47.957514] [ 47.957517] -> #3 (report_lock){....}: [ 47.957533] _raw_spin_lock_irqsave+0x99/0xd0 [ 47.957537] kasan_report+0x8b/0x110 [ 47.957542] __asan_report_load8_noabort+0x14/0x20 [ 47.957546] __schedule+0xfc3/0x1ed0 [ 47.957551] preempt_schedule_common+0x1f/0xd0 [ 47.957555] preempt_schedule+0x4d/0x60 [ 47.957560] ___preempt_schedule+0x16/0x18 [ 47.957564] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 47.957569] __call_srcu+0x7f9/0x1070 [ 47.957573] __synchronize_srcu+0x17b/0x230 [ 47.957578] synchronize_srcu+0x356/0x5ab [ 47.957583] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.957587] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.957592] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.957596] kvm_put_kvm+0x6c8/0xff0 [ 47.957600] kvm_vm_release+0x42/0x50 [ 47.957604] __fput+0x385/0xa30 [ 47.957608] ____fput+0x15/0x20 [ 47.957612] task_work_run+0x1e8/0x2a0 [ 47.957616] do_exit+0x1ad7/0x2610 [ 47.957620] do_group_exit+0x177/0x440 [ 47.957630] get_signal+0x8b0/0x1980 [ 47.957634] do_signal+0x9c/0x21e0 [ 47.957638] exit_to_usermode_loop+0x2e5/0x380 [ 47.957643] do_syscall_64+0x6be/0x820 [ 47.957648] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.957650] [ 47.957653] -> #2 (&rq->lock){-.-.}: [ 47.957668] _raw_spin_lock+0x2d/0x40 [ 47.957672] task_fork_fair+0xb0/0x6d0 [ 47.957676] sched_fork+0x443/0xba0 [ 47.957681] copy_process+0x2586/0x8780 [ 47.957685] _do_fork+0x1cb/0x11d0 [ 47.957689] kernel_thread+0x34/0x40 [ 47.957693] rest_init+0x22/0xe5 [ 47.957697] start_kernel+0x8f4/0x92f [ 47.957702] x86_64_start_reservations+0x29/0x2b [ 47.957706] x86_64_start_kernel+0x76/0x79 [ 47.957711] secondary_startup_64+0xa4/0xb0 [ 47.957713] [ 47.957716] -> #1 (&p->pi_lock){-.-.}: [ 47.957732] _raw_spin_lock_irqsave+0x99/0xd0 [ 47.957736] try_to_wake_up+0xd2/0x12f0 [ 47.957740] wake_up_process+0x10/0x20 [ 47.957744] __up.isra.1+0x1c0/0x2a0 [ 47.957748] up+0x13c/0x1c0 [ 47.957752] __up_console_sem+0xbe/0x1b0 [ 47.957757] console_unlock+0x814/0x1160 [ 47.957761] vprintk_emit+0x33d/0x930 [ 47.957765] vprintk_default+0x28/0x30 [ 47.957769] vprintk_func+0x7e/0x181 [ 47.957773] printk+0xa7/0xcf [ 47.957777] load_umh+0x51/0xbd [ 47.957781] do_one_initcall+0x145/0x957 [ 47.957786] kernel_init_freeable+0x4bb/0x5ae [ 47.957790] kernel_init+0x11/0x1b2 [ 47.957794] ret_from_fork+0x3a/0x50 [ 47.957797] [ 47.957799] -> #0 ((console_sem).lock){-...}: [ 47.957815] lock_acquire+0x1ed/0x520 [ 47.957819] _raw_spin_lock_irqsave+0x99/0xd0 [ 47.957823] down_trylock+0x13/0x70 [ 47.957828] __down_trylock_console_sem+0xae/0x200 [ 47.957833] console_trylock+0x15/0xa0 [ 47.957837] vprintk_emit+0x322/0x930 [ 47.957841] vprintk_default+0x28/0x30 [ 47.957845] vprintk_func+0x7e/0x181 [ 47.957857] printk+0xa7/0xcf [ 47.957862] kasan_report+0x9b/0x110 [ 47.957867] __asan_report_load8_noabort+0x14/0x20 [ 47.957871] __schedule+0xfc3/0x1ed0 [ 47.957875] preempt_schedule_common+0x1f/0xd0 [ 47.957880] preempt_schedule+0x4d/0x60 [ 47.957884] ___preempt_schedule+0x16/0x18 [ 47.957889] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 47.957893] __call_srcu+0x7f9/0x1070 [ 47.957898] __synchronize_srcu+0x17b/0x230 [ 47.957902] synchronize_srcu+0x356/0x5ab [ 47.957907] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.957912] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.957916] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.957920] kvm_put_kvm+0x6c8/0xff0 [ 47.957925] kvm_vm_release+0x42/0x50 [ 47.957928] __fput+0x385/0xa30 [ 47.957932] ____fput+0x15/0x20 [ 47.957937] task_work_run+0x1e8/0x2a0 [ 47.957941] do_exit+0x1ad7/0x2610 [ 47.957945] do_group_exit+0x177/0x440 [ 47.957949] get_signal+0x8b0/0x1980 [ 47.957953] do_signal+0x9c/0x21e0 [ 47.957958] exit_to_usermode_loop+0x2e5/0x380 [ 47.957962] do_syscall_64+0x6be/0x820 [ 47.957967] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.957970] [ 47.957974] other info that might help us debug this: [ 47.957977] [ 47.957980] Chain exists of: [ 47.957983] (console_sem).lock --> &rq->lock --> report_lock [ 47.958003] [ 47.958007] Possible unsafe locking scenario: [ 47.958010] [ 47.958014] CPU0 CPU1 [ 47.958019] ---- ---- [ 47.958021] lock(report_lock); [ 47.958031] lock(&rq->lock); [ 47.958041] lock(report_lock); [ 47.958050] lock((console_sem).lock); [ 47.958059] [ 47.958062] *** DEADLOCK *** [ 47.958065] [ 47.958069] 2 locks held by syz-executor040/5327: [ 47.958072] #0: 000000003242b97a (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 47.958090] #1: 000000006a18a175 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 47.958108] [ 47.958112] stack backtrace: [ 47.958118] CPU: 1 PID: 5327 Comm: syz-executor040 Not tainted 4.19.0-rc4+ #248 [ 47.958127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.958130] Call Trace: [ 47.958134] dump_stack+0x1c4/0x2b4 [ 47.958139] ? dump_stack_print_info.cold.2+0x52/0x52 [ 47.958143] ? vprintk_func+0x85/0x181 [ 47.958149] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 47.958153] ? save_trace+0xe0/0x290 [ 47.958172] __lock_acquire+0x33e4/0x4ec0 [ 47.958176] ? mark_held_locks+0x130/0x130 [ 47.958181] ? mark_held_locks+0x130/0x130 [ 47.958184] ? rcu_bh_qs+0xc0/0xc0 [ 47.958188] ? unwind_dump+0x190/0x190 [ 47.958193] ? is_bpf_text_address+0xd3/0x170 [ 47.958212] ? kernel_text_address+0x79/0xf0 [ 47.958217] ? __kernel_text_address+0xd/0x40 [ 47.958221] ? __save_stack_trace+0x8d/0xf0 [ 47.958226] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 47.958230] ? save_trace+0x290/0x290 [ 47.958234] ? save_stack_trace+0x1a/0x20 [ 47.958239] ? save_trace+0xe0/0x290 [ 47.958243] ? kasan_check_read+0x11/0x20 [ 47.958247] ? graph_lock+0x170/0x170 [ 47.958252] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.958257] lock_acquire+0x1ed/0x520 [ 47.958261] ? down_trylock+0x13/0x70 [ 47.958265] ? find_held_lock+0x36/0x1c0 [ 47.958269] ? lock_release+0x970/0x970 [ 47.958274] ? trace_hardirqs_off+0xb8/0x310 [ 47.958278] ? vprintk_emit+0x1d3/0x930 [ 47.958283] ? trace_hardirqs_on+0x310/0x310 [ 47.958287] ? trace_hardirqs_off+0xb8/0x310 [ 47.958291] ? log_store+0x344/0x4c0 [ 47.958296] ? vprintk_emit+0x322/0x930 [ 47.958300] _raw_spin_lock_irqsave+0x99/0xd0 [ 47.958304] ? down_trylock+0x13/0x70 [ 47.958308] down_trylock+0x13/0x70 [ 47.958313] __down_trylock_console_sem+0xae/0x200 [ 47.958317] console_trylock+0x15/0xa0 [ 47.958322] vprintk_emit+0x322/0x930 [ 47.958326] ? wake_up_klogd+0x180/0x180 [ 47.958331] ? run_rebalance_domains+0x500/0x500 [ 47.958335] ? find_held_lock+0x36/0x1c0 [ 47.958340] ? __queue_work+0x6be/0x1440 [ 47.958344] ? lock_acquire+0x1ed/0x520 [ 47.958348] vprintk_default+0x28/0x30 [ 47.958352] vprintk_func+0x7e/0x181 [ 47.958356] printk+0xa7/0xcf [ 47.958361] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 47.958365] ? kasan_check_write+0x14/0x20 [ 47.958369] ? do_raw_spin_lock+0xc1/0x200 [ 47.958374] ? do_raw_spin_lock+0xc1/0x200 [ 47.958378] kasan_report+0x9b/0x110 [ 47.958382] ? __schedule+0xfc3/0x1ed0 [ 47.958387] __asan_report_load8_noabort+0x14/0x20 [ 47.958391] __schedule+0xfc3/0x1ed0 [ 47.958396] ? __sched_text_start+0x8/0x8 [ 47.958400] ? __lock_is_held+0xb5/0x140 [ 47.958405] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.958410] ? find_held_lock+0x36/0x1c0 [ 47.958414] ? __call_srcu+0x7f9/0x1070 [ 47.958419] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.958424] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.958428] ? lockdep_hardirqs_on+0x421/0x5c0 [ 47.958433] ? preempt_schedule+0x4d/0x60 [ 47.958438] preempt_schedule_common+0x1f/0xd0 [ 47.958442] preempt_schedule+0x4d/0x60 [ 47.958446] ___preempt_schedule+0x16/0x18 [ 47.958451] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 47.958455] __call_srcu+0x7f9/0x1070 [ 47.958460] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 47.958465] ? srcu_offline_cpu+0x120/0x120 [ 47.958469] ? debug_object_free+0x690/0x690 [ 47.958474] ? mark_held_locks+0x130/0x130 [ 47.958478] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 47.958483] ? lock_release+0x970/0x970 [ 47.958487] ? arch_local_save_flags+0x40/0x40 [ 47.958492] ? depot_save_stack+0x292/0x470 [ 47.958496] ? __lockdep_init_map+0x105/0x590 [ 47.958501] ? __init_waitqueue_head+0x9e/0x150 [ 47.958505] ? init_wait_entry+0x1c0/0x1c0 [ 47.958510] __synchronize_srcu+0x17b/0x230 [ 47.958514] ? call_srcu+0x10/0x10 [ 47.958518] ? rcu_unexpedite_gp+0x20/0x20 [ 47.958523] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.958528] ? check_preemption_disabled+0x48/0x200 [ 47.958533] synchronize_srcu+0x356/0x5ab [ 47.958537] ? lock_downgrade+0x900/0x900 [ 47.958542] ? synchronize_srcu_expedited+0x20/0x20 [ 47.958546] ? kasan_check_read+0x11/0x20 [ 47.958551] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 47.958555] ? kasan_check_write+0x14/0x20 [ 47.958560] ? do_raw_spin_lock+0xc1/0x200 [ 47.958565] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.958570] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 47.958574] ? kvfree+0x61/0x70 [ 47.958579] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.958583] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.958588] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.958592] ? kvm_arch_sync_events+0x30/0x30 [ 47.958597] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.958602] ? mmu_notifier_unregister+0x474/0x600 [ 47.958606] ? kfree+0x107/0x230 [ 47.958611] ? __mmu_notifier_register+0x30/0x30 [ 47.958615] ? __free_pages+0x10a/0x190 [ 47.958619] ? free_unref_page+0x960/0x960 [ 47.958628] kvm_put_kvm+0x6c8/0xff0 [ 47.958633] ? kvm_write_guest_cached+0x40/0x40 [ 47.958638] ? kvm_irqfd_release+0xd1/0x120 [ 47.958642] ? _raw_spin_unlock_irq+0x27/0x80 [ 47.958646] ? _raw_spin_unlock_irq+0x27/0x [ 47.958654] Lost 92 message(s)! [ 49.113343] Shutting down cpus with NMI [ 50.171891] Kernel Offset: disabled [ 50.175533] Rebooting in 86400 seconds..