[....] Starting OpenBSD Secure Shell server: sshd[ 24.897995] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.871398] random: sshd: uninitialized urandom read (32 bytes read) [ 29.184011] sshd (5318) used greatest stack depth: 16584 bytes left [ 29.207149] random: sshd: uninitialized urandom read (32 bytes read) [ 29.849089] random: sshd: uninitialized urandom read (32 bytes read) [ 30.068807] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts. [ 35.683653] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 35.802889] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 35.828833] ================================================================== [ 35.838794] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 35.845031] Read of size 8 at addr ffff8801bae20058 by task syz-executor022/5334 [ 35.852562] [ 35.854195] CPU: 1 PID: 5334 Comm: syz-executor022 Not tainted 4.19.0-rc3+ #231 [ 35.861634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.870981] Call Trace: [ 35.873571] dump_stack+0x1c4/0x2b4 [ 35.877204] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.882394] ? printk+0xa7/0xcf [ 35.885679] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.890440] print_address_description.cold.8+0x9/0x1ff [ 35.895810] kasan_report.cold.9+0x242/0x309 [ 35.900226] ? __schedule+0xfc3/0x1ed0 [ 35.904120] __asan_report_load8_noabort+0x14/0x20 [ 35.909051] __schedule+0xfc3/0x1ed0 [ 35.912784] ? __sched_text_start+0x8/0x8 [ 35.916940] ? __lock_is_held+0xb5/0x140 [ 35.921001] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.926120] ? find_held_lock+0x36/0x1c0 [ 35.930190] ? __call_srcu+0x7f9/0x1070 [ 35.934168] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.939276] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.944380] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.948979] ? preempt_schedule+0x4d/0x60 [ 35.953128] preempt_schedule_common+0x1f/0xd0 [ 35.957715] preempt_schedule+0x4d/0x60 [ 35.961692] ___preempt_schedule+0x16/0x18 [ 35.965933] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.970867] __call_srcu+0x7f9/0x1070 [ 35.974666] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 35.979772] ? srcu_offline_cpu+0x120/0x120 [ 35.984096] ? debug_object_free+0x690/0x690 [ 35.988507] ? mark_held_locks+0x130/0x130 [ 35.992739] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 35.997324] ? lock_release+0x970/0x970 [ 36.001299] ? arch_local_save_flags+0x40/0x40 [ 36.005894] ? depot_save_stack+0x292/0x470 [ 36.010225] ? __lockdep_init_map+0x105/0x590 [ 36.014726] ? __init_waitqueue_head+0x9e/0x150 [ 36.019411] ? init_wait_entry+0x1c0/0x1c0 [ 36.023652] __synchronize_srcu+0x17b/0x230 [ 36.027976] ? call_srcu+0x10/0x10 [ 36.031518] ? rcu_unexpedite_gp+0x20/0x20 [ 36.035761] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.041296] ? check_preemption_disabled+0x48/0x200 [ 36.046317] synchronize_srcu+0x356/0x5ab [ 36.050470] ? lock_downgrade+0x900/0x900 [ 36.054619] ? synchronize_srcu_expedited+0x20/0x20 [ 36.059639] ? kasan_check_read+0x11/0x20 [ 36.063792] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.068385] ? kasan_check_write+0x14/0x20 [ 36.072625] ? do_raw_spin_lock+0xc1/0x200 [ 36.076871] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.082587] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.088041] ? kvfree+0x61/0x70 [ 36.091331] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.096357] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.100421] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.104835] ? kvm_arch_sync_events+0x30/0x30 [ 36.109337] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.114873] ? mmu_notifier_unregister+0x474/0x600 [ 36.119815] ? kfree+0x107/0x230 [ 36.123189] ? __mmu_notifier_register+0x30/0x30 [ 36.127945] ? __free_pages+0x10a/0x190 [ 36.131919] ? free_unref_page+0x960/0x960 [ 36.136164] kvm_put_kvm+0x6c8/0xff0 [ 36.139886] ? kvm_write_guest_cached+0x40/0x40 [ 36.144558] ? kvm_irqfd_release+0xd1/0x120 [ 36.148883] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.153379] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.157887] ? kasan_check_write+0x14/0x20 [ 36.162136] ? do_raw_spin_lock+0xc1/0x200 [ 36.166371] ? kvm_irqfd_release+0xdd/0x120 [ 36.170691] ? kvm_irqfd_release+0xdd/0x120 [ 36.175019] ? kvm_put_kvm+0xff0/0xff0 [ 36.178911] kvm_vm_release+0x42/0x50 [ 36.182712] __fput+0x385/0xa30 [ 36.185994] ? get_max_files+0x20/0x20 [ 36.189882] ? trace_hardirqs_on+0xbd/0x310 [ 36.194205] ? ___might_sleep+0x1ed/0x300 [ 36.198354] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.203804] ? arch_local_save_flags+0x40/0x40 [ 36.208396] ? kasan_check_write+0x14/0x20 [ 36.212633] ? do_raw_spin_lock+0xc1/0x200 [ 36.216868] ____fput+0x15/0x20 [ 36.220164] task_work_run+0x1e8/0x2a0 [ 36.224053] ? task_work_cancel+0x240/0x240 [ 36.228387] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.233929] ? switch_task_namespaces+0x9d/0xd0 [ 36.238604] do_exit+0x1ad7/0x2610 [ 36.242155] ? mm_update_next_owner+0x990/0x990 [ 36.246842] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 36.251087] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.256107] ? kfree+0x1fa/0x230 [ 36.259477] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 36.263718] ? kvm_vcpu_block+0x1030/0x1030 [ 36.268070] ? is_bpf_text_address+0xd3/0x170 [ 36.272573] ? kernel_text_address+0x79/0xf0 [ 36.276983] ? __kernel_text_address+0xd/0x40 [ 36.281481] ? unwind_get_return_address+0x61/0xa0 [ 36.286417] ? __save_stack_trace+0x8d/0xf0 [ 36.290749] ? save_stack+0xa9/0xd0 [ 36.294378] ? save_stack+0x43/0xd0 [ 36.298005] ? __kasan_slab_free+0x102/0x150 [ 36.302410] ? kasan_slab_free+0xe/0x10 [ 36.306387] ? putname+0xf2/0x130 [ 36.309844] ? __x64_sys_openat+0x9d/0x100 [ 36.314091] ? do_syscall_64+0x1b9/0x820 [ 36.318157] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.323524] ? trace_hardirqs_off+0xb8/0x310 [ 36.327935] ? kasan_check_read+0x11/0x20 [ 36.332089] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.336499] ? trace_hardirqs_on+0x310/0x310 [ 36.340910] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 36.346019] ? trace_hardirqs_off+0xb8/0x310 [ 36.350456] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.355990] ? check_preemption_disabled+0x48/0x200 [ 36.361006] ? check_preemption_disabled+0x48/0x200 [ 36.366025] ? kvm_vcpu_block+0x1030/0x1030 [ 36.370358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.375897] ? do_vfs_ioctl+0x201/0x1720 [ 36.379960] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 36.385237] ? ioctl_preallocate+0x300/0x300 [ 36.389655] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.395191] ? __fget_light+0x2e9/0x430 [ 36.399166] ? fget_raw+0x20/0x20 [ 36.402617] ? putname+0xf2/0x130 [ 36.406090] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.411110] ? kmem_cache_free+0x24f/0x290 [ 36.415359] ? putname+0xf7/0x130 [ 36.418814] do_group_exit+0x177/0x440 [ 36.422710] ? trace_hardirqs_on+0xbd/0x310 [ 36.427035] ? __ia32_sys_exit+0x50/0x50 [ 36.431110] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.436564] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.442114] ? ksys_ioctl+0x81/0xd0 [ 36.445749] __x64_sys_exit_group+0x3e/0x50 [ 36.450079] do_syscall_64+0x1b9/0x820 [ 36.453969] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.459338] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.464272] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.469120] ? trace_hardirqs_on_caller+0x310/0x310 [ 36.474140] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.479169] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.484185] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.489033] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.494227] RIP: 0033:0x43ef08 [ 36.497428] Code: Bad RIP value. [ 36.500785] RSP: 002b:00007ffeea6b9578 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.508500] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 36.515765] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.523031] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.530306] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.537573] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.544853] [ 36.546480] Allocated by task 5334: [ 36.550110] save_stack+0x43/0xd0 [ 36.553564] kasan_kmalloc+0xc7/0xe0 [ 36.557279] kasan_slab_alloc+0x12/0x20 [ 36.561255] kmem_cache_alloc+0x12e/0x730 [ 36.565400] vmx_create_vcpu+0xcf/0x25e0 [ 36.569457] kvm_arch_vcpu_create+0xe5/0x220 [ 36.573865] kvm_vm_ioctl+0x470/0x1d40 [ 36.577753] do_vfs_ioctl+0x1de/0x1720 [ 36.581654] ksys_ioctl+0xa9/0xd0 [ 36.585107] __x64_sys_ioctl+0x73/0xb0 [ 36.588992] do_syscall_64+0x1b9/0x820 [ 36.592879] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.598068] [ 36.599688] Freed by task 5334: [ 36.602965] save_stack+0x43/0xd0 [ 36.606421] __kasan_slab_free+0x102/0x150 [ 36.610655] kasan_slab_free+0xe/0x10 [ 36.614454] kmem_cache_free+0x83/0x290 [ 36.618428] vmx_free_vcpu+0x26b/0x300 [ 36.622315] kvm_arch_destroy_vm+0x365/0x7c0 [ 36.626724] kvm_put_kvm+0x6c8/0xff0 [ 36.630450] kvm_vm_release+0x42/0x50 [ 36.634261] __fput+0x385/0xa30 [ 36.637538] ____fput+0x15/0x20 [ 36.640816] task_work_run+0x1e8/0x2a0 [ 36.644729] do_exit+0x1ad7/0x2610 [ 36.648270] do_group_exit+0x177/0x440 [ 36.652156] __x64_sys_exit_group+0x3e/0x50 [ 36.656480] do_syscall_64+0x1b9/0x820 [ 36.660371] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.665548] [ 36.667173] The buggy address belongs to the object at ffff8801bae20040 [ 36.667173] which belongs to the cache kvm_vcpu of size 23872 [ 36.679747] The buggy address is located 24 bytes inside of [ 36.679747] 23872-byte region [ffff8801bae20040, ffff8801bae25d80) [ 36.691703] The buggy address belongs to the page: [ 36.696629] page:ffffea0006eb8800 count:1 mapcount:0 mapping:ffff8801d7308340 index:0x0 compound_mapcount: 0 [ 36.706601] flags: 0x2fffc0000008100(slab|head) [ 36.711274] raw: 02fffc0000008100 ffff8801d5abfe48 ffff8801d5abfe48 ffff8801d7308340 [ 36.719157] raw: 0000000000000000 ffff8801bae20040 0000000100000001 0000000000000000 [ 36.727378] page dumped because: kasan: bad access detected [ 36.733078] [ 36.734701] Memory state around the buggy address: [ 36.739626] ffff8801bae1ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.746984] ffff8801bae1ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.754342] >ffff8801bae20000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 36.761697] ^ [ 36.767923] ffff8801bae20080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.775277] ffff8801bae20100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.782625] ================================================================== [ 36.789976] Kernel panic - not syncing: panic_on_warn set ... [ 36.789976] [ 36.797806] CPU: 1 PID: 5334 Comm: syz-executor022 Tainted: G B 4.19.0-rc3+ #231 [ 36.806643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.815988] Call Trace: [ 36.818580] dump_stack+0x1c4/0x2b4 [ 36.822214] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.827405] ? lock_downgrade+0x900/0x900 [ 36.831558] panic+0x238/0x4e7 [ 36.834750] ? add_taint.cold.5+0x16/0x16 [ 36.838907] ? print_shadow_for_address+0xb6/0x116 [ 36.843840] ? trace_hardirqs_off+0xaf/0x310 [ 36.848250] kasan_end_report+0x47/0x4f [ 36.852225] kasan_report.cold.9+0x76/0x309 [ 36.856551] ? __schedule+0xfc3/0x1ed0 [ 36.860439] __asan_report_load8_noabort+0x14/0x20 [ 36.865372] __schedule+0xfc3/0x1ed0 [ 36.869096] ? __sched_text_start+0x8/0x8 [ 36.873305] ? __lock_is_held+0xb5/0x140 [ 36.877371] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.882480] ? find_held_lock+0x36/0x1c0 [ 36.886548] ? __call_srcu+0x7f9/0x1070 [ 36.890527] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.895631] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.900736] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.905319] ? preempt_schedule+0x4d/0x60 [ 36.909470] preempt_schedule_common+0x1f/0xd0 [ 36.914067] preempt_schedule+0x4d/0x60 [ 36.918052] ___preempt_schedule+0x16/0x18 [ 36.922307] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.927243] __call_srcu+0x7f9/0x1070 [ 36.931043] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 36.936188] ? srcu_offline_cpu+0x120/0x120 [ 36.940512] ? debug_object_free+0x690/0x690 [ 36.944920] ? mark_held_locks+0x130/0x130 [ 36.949159] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 36.953742] ? lock_release+0x970/0x970 [ 36.957721] ? arch_local_save_flags+0x40/0x40 [ 36.962307] ? depot_save_stack+0x292/0x470 [ 36.966641] ? __lockdep_init_map+0x105/0x590 [ 36.971140] ? __init_waitqueue_head+0x9e/0x150 [ 36.975809] ? init_wait_entry+0x1c0/0x1c0 [ 36.980064] __synchronize_srcu+0x17b/0x230 [ 36.984389] ? call_srcu+0x10/0x10 [ 36.987934] ? rcu_unexpedite_gp+0x20/0x20 [ 36.992197] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.997733] ? check_preemption_disabled+0x48/0x200 [ 37.002750] synchronize_srcu+0x356/0x5ab [ 37.006898] ? lock_downgrade+0x900/0x900 [ 37.011048] ? synchronize_srcu_expedited+0x20/0x20 [ 37.016086] ? kasan_check_read+0x11/0x20 [ 37.020240] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.024835] ? kasan_check_write+0x14/0x20 [ 37.029082] ? do_raw_spin_lock+0xc1/0x200 [ 37.033326] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.039044] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.044509] ? kvfree+0x61/0x70 [ 37.047788] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.052810] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.056877] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.061289] ? kvm_arch_sync_events+0x30/0x30 [ 37.065786] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.071326] ? mmu_notifier_unregister+0x474/0x600 [ 37.076259] ? kfree+0x107/0x230 [ 37.079628] ? __mmu_notifier_register+0x30/0x30 [ 37.084388] ? __free_pages+0x10a/0x190 [ 37.088366] ? free_unref_page+0x960/0x960 [ 37.092611] kvm_put_kvm+0x6c8/0xff0 [ 37.096332] ? kvm_write_guest_cached+0x40/0x40 [ 37.101007] ? kvm_irqfd_release+0xd1/0x120 [ 37.105329] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.109831] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.114340] ? kasan_check_write+0x14/0x20 [ 37.118579] ? do_raw_spin_lock+0xc1/0x200 [ 37.122816] ? kvm_irqfd_release+0xdd/0x120 [ 37.127140] ? kvm_irqfd_release+0xdd/0x120 [ 37.131472] ? kvm_put_kvm+0xff0/0xff0 [ 37.135365] kvm_vm_release+0x42/0x50 [ 37.139164] __fput+0x385/0xa30 [ 37.142446] ? get_max_files+0x20/0x20 [ 37.146334] ? trace_hardirqs_on+0xbd/0x310 [ 37.150662] ? ___might_sleep+0x1ed/0x300 [ 37.154813] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.160271] ? arch_local_save_flags+0x40/0x40 [ 37.164859] ? kasan_check_write+0x14/0x20 [ 37.169097] ? do_raw_spin_lock+0xc1/0x200 [ 37.173355] ____fput+0x15/0x20 [ 37.176638] task_work_run+0x1e8/0x2a0 [ 37.180531] ? task_work_cancel+0x240/0x240 [ 37.184860] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.190398] ? switch_task_namespaces+0x9d/0xd0 [ 37.195079] do_exit+0x1ad7/0x2610 [ 37.198627] ? mm_update_next_owner+0x990/0x990 [ 37.203304] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 37.207539] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.212558] ? kfree+0x1fa/0x230 [ 37.215929] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 37.220168] ? kvm_vcpu_block+0x1030/0x1030 [ 37.224498] ? is_bpf_text_address+0xd3/0x170 [ 37.228995] ? kernel_text_address+0x79/0xf0 [ 37.233404] ? __kernel_text_address+0xd/0x40 [ 37.237898] ? unwind_get_return_address+0x61/0xa0 [ 37.242833] ? __save_stack_trace+0x8d/0xf0 [ 37.247167] ? save_stack+0xa9/0xd0 [ 37.250792] ? save_stack+0x43/0xd0 [ 37.254423] ? __kasan_slab_free+0x102/0x150 [ 37.258835] ? kasan_slab_free+0xe/0x10 [ 37.262806] ? putname+0xf2/0x130 [ 37.266267] ? __x64_sys_openat+0x9d/0x100 [ 37.270505] ? do_syscall_64+0x1b9/0x820 [ 37.274568] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.279933] ? trace_hardirqs_off+0xb8/0x310 [ 37.284344] ? kasan_check_read+0x11/0x20 [ 37.288492] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.292898] ? trace_hardirqs_on+0x310/0x310 [ 37.297310] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 37.302418] ? trace_hardirqs_off+0xb8/0x310 [ 37.306832] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.312371] ? check_preemption_disabled+0x48/0x200 [ 37.317386] ? check_preemption_disabled+0x48/0x200 [ 37.322405] ? kvm_vcpu_block+0x1030/0x1030 [ 37.326726] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.332265] ? do_vfs_ioctl+0x201/0x1720 [ 37.336331] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 37.341613] ? ioctl_preallocate+0x300/0x300 [ 37.346026] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.351571] ? __fget_light+0x2e9/0x430 [ 37.355545] ? fget_raw+0x20/0x20 [ 37.358994] ? putname+0xf2/0x130 [ 37.362449] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.367471] ? kmem_cache_free+0x24f/0x290 [ 37.371716] ? putname+0xf7/0x130 [ 37.375176] do_group_exit+0x177/0x440 [ 37.379073] ? trace_hardirqs_on+0xbd/0x310 [ 37.383395] ? __ia32_sys_exit+0x50/0x50 [ 37.387460] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.392930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.398468] ? ksys_ioctl+0x81/0xd0 [ 37.402100] __x64_sys_exit_group+0x3e/0x50 [ 37.406429] do_syscall_64+0x1b9/0x820 [ 37.410318] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.415684] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.420613] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.425463] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.430484] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.435502] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.440521] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.445370] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.450558] RIP: 0033:0x43ef08 [ 37.453751] Code: Bad RIP value. [ 37.457116] RSP: 002b:00007ffeea6b9578 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.464830] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 37.472099] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.479363] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.486629] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.493896] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 37.501176] [ 37.501182] ====================================================== [ 37.501188] WARNING: possible circular locking dependency detected [ 37.501192] 4.19.0-rc3+ #231 Not tainted [ 37.501198] ------------------------------------------------------ [ 37.501203] syz-executor022/5334 is trying to acquire lock: [ 37.501207] 0000000088e78c7e ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 37.501223] [ 37.501227] but task is already holding lock: [ 37.501231] 0000000047901871 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 37.501246] [ 37.501251] which lock already depends on the new lock. [ 37.501253] [ 37.501256] [ 37.501262] the existing dependency chain (in reverse order) is: [ 37.501264] [ 37.501267] -> #3 (report_lock){....}: [ 37.501283] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.501287] kasan_report+0x8b/0x110 [ 37.501292] __asan_report_load8_noabort+0x14/0x20 [ 37.501296] __schedule+0xfc3/0x1ed0 [ 37.501301] preempt_schedule_common+0x1f/0xd0 [ 37.501305] preempt_schedule+0x4d/0x60 [ 37.501309] ___preempt_schedule+0x16/0x18 [ 37.501314] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.501318] __call_srcu+0x7f9/0x1070 [ 37.501322] __synchronize_srcu+0x17b/0x230 [ 37.501327] synchronize_srcu+0x356/0x5ab [ 37.501333] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.501337] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.501342] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.501346] kvm_put_kvm+0x6c8/0xff0 [ 37.501350] kvm_vm_release+0x42/0x50 [ 37.501354] __fput+0x385/0xa30 [ 37.501358] ____fput+0x15/0x20 [ 37.501362] task_work_run+0x1e8/0x2a0 [ 37.501366] do_exit+0x1ad7/0x2610 [ 37.501371] do_group_exit+0x177/0x440 [ 37.501375] __x64_sys_exit_group+0x3e/0x50 [ 37.501379] do_syscall_64+0x1b9/0x820 [ 37.501384] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.501387] [ 37.501389] -> #2 (&rq->lock){-.-.}: [ 37.501405] _raw_spin_lock+0x2d/0x40 [ 37.501409] task_fork_fair+0xb0/0x6d0 [ 37.501413] sched_fork+0x443/0xba0 [ 37.501418] copy_process+0x2586/0x8780 [ 37.501422] _do_fork+0x1cb/0x11d0 [ 37.501426] kernel_thread+0x34/0x40 [ 37.501430] rest_init+0x22/0xe5 [ 37.501434] start_kernel+0x8f4/0x92f [ 37.501439] x86_64_start_reservations+0x29/0x2b [ 37.501443] x86_64_start_kernel+0x76/0x79 [ 37.501448] secondary_startup_64+0xa4/0xb0 [ 37.501450] [ 37.501453] -> #1 (&p->pi_lock){-.-.}: [ 37.501468] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.501473] try_to_wake_up+0xd2/0x12f0 [ 37.501477] wake_up_process+0x10/0x20 [ 37.501481] __up.isra.1+0x1c0/0x2a0 [ 37.501485] up+0x13c/0x1c0 [ 37.501489] __up_console_sem+0xbe/0x1b0 [ 37.501494] console_unlock+0x524/0x11a0 [ 37.501498] vprintk_emit+0x33d/0x930 [ 37.501502] vprintk_default+0x28/0x30 [ 37.501506] vprintk_func+0x7e/0x181 [ 37.501510] printk+0xa7/0xcf [ 37.501514] load_umh+0x51/0xbd [ 37.501518] do_one_initcall+0x145/0x957 [ 37.501523] kernel_init_freeable+0x4bb/0x5ae [ 37.501527] kernel_init+0x11/0x1b2 [ 37.501531] ret_from_fork+0x3a/0x50 [ 37.501534] [ 37.501536] -> #0 ((console_sem).lock){-...}: [ 37.501552] lock_acquire+0x1ed/0x520 [ 37.501557] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.501561] down_trylock+0x13/0x70 [ 37.501566] __down_trylock_console_sem+0xae/0x200 [ 37.501570] console_trylock+0x15/0xa0 [ 37.501574] vprintk_emit+0x322/0x930 [ 37.501578] vprintk_default+0x28/0x30 [ 37.501583] vprintk_func+0x7e/0x181 [ 37.501586] printk+0xa7/0xcf [ 37.501590] kasan_report+0x9b/0x110 [ 37.501595] __asan_report_load8_noabort+0x14/0x20 [ 37.501599] __schedule+0xfc3/0x1ed0 [ 37.501604] preempt_schedule_common+0x1f/0xd0 [ 37.501608] preempt_schedule+0x4d/0x60 [ 37.501613] ___preempt_schedule+0x16/0x18 [ 37.501618] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.501622] __call_srcu+0x7f9/0x1070 [ 37.501627] __synchronize_srcu+0x17b/0x230 [ 37.501631] synchronize_srcu+0x356/0x5ab [ 37.501636] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.501641] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.501645] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.501650] kvm_put_kvm+0x6c8/0xff0 [ 37.501654] kvm_vm_release+0x42/0x50 [ 37.501658] __fput+0x385/0xa30 [ 37.501661] ____fput+0x15/0x20 [ 37.501666] task_work_run+0x1e8/0x2a0 [ 37.501670] do_exit+0x1ad7/0x2610 [ 37.501674] do_group_exit+0x177/0x440 [ 37.501679] __x64_sys_exit_group+0x3e/0x50 [ 37.501683] do_syscall_64+0x1b9/0x820 [ 37.501688] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.501690] [ 37.501695] other info that might help us debug this: [ 37.501698] [ 37.501701] Chain exists of: [ 37.501703] (console_sem).lock --> &rq->lock --> report_lock [ 37.501723] [ 37.501728] Possible unsafe locking scenario: [ 37.501730] [ 37.501734] CPU0 CPU1 [ 37.501739] ---- ---- [ 37.501742] lock(report_lock); [ 37.501751] lock(&rq->lock); [ 37.501761] lock(report_lock); [ 37.501770] lock((console_sem).lock); [ 37.501779] [ 37.501782] *** DEADLOCK *** [ 37.501785] [ 37.501789] 2 locks held by syz-executor022/5334: [ 37.501792] #0: 00000000029ebb8c (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 37.501810] #1: 0000000047901871 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 37.501835] [ 37.501839] stack backtrace: [ 37.501845] CPU: 1 PID: 5334 Comm: syz-executor022 Not tainted 4.19.0-rc3+ #231 [ 37.501853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.501857] Call Trace: [ 37.501861] dump_stack+0x1c4/0x2b4 [ 37.501866] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.501870] ? vprintk_func+0x85/0x181 [ 37.501875] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 37.501880] ? save_trace+0xe0/0x290 [ 37.501884] __lock_acquire+0x33e4/0x4ec0 [ 37.501888] ? mark_held_locks+0x130/0x130 [ 37.501893] ? mark_held_locks+0x130/0x130 [ 37.501897] ? rcu_bh_qs+0xc0/0xc0 [ 37.501901] ? unwind_dump+0x190/0x190 [ 37.501906] ? is_bpf_text_address+0xd3/0x170 [ 37.501910] ? kernel_text_address+0x79/0xf0 [ 37.501915] ? __kernel_text_address+0xd/0x40 [ 37.501919] ? __save_stack_trace+0x8d/0xf0 [ 37.501924] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 37.501928] ? save_trace+0x290/0x290 [ 37.501933] ? save_stack_trace+0x1a/0x20 [ 37.501937] ? save_trace+0xe0/0x290 [ 37.501941] ? kasan_check_read+0x11/0x20 [ 37.501945] ? graph_lock+0x170/0x170 [ 37.501950] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.501955] lock_acquire+0x1ed/0x520 [ 37.501959] ? down_trylock+0x13/0x70 [ 37.501963] ? find_held_lock+0x36/0x1c0 [ 37.501967] ? lock_release+0x970/0x970 [ 37.501972] ? trace_hardirqs_off+0xb8/0x310 [ 37.501976] ? vprintk_emit+0x1d3/0x930 [ 37.501981] ? trace_hardirqs_on+0x310/0x310 [ 37.501985] ? trace_hardirqs_off+0xb8/0x310 [ 37.501989] ? log_store+0x344/0x4c0 [ 37.501994] ? vprintk_emit+0x322/0x930 [ 37.501998] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.502002] ? down_trylock+0x13/0x70 [ 37.502007] down_trylock+0x13/0x70 [ 37.502011] __down_trylock_console_sem+0xae/0x200 [ 37.502016] console_trylock+0x15/0xa0 [ 37.502020] vprintk_emit+0x322/0x930 [ 37.502024] ? wake_up_klogd+0x180/0x180 [ 37.502029] ? run_rebalance_domains+0x500/0x500 [ 37.502033] ? wake_up_worker+0x117/0x190 [ 37.502038] ? find_held_lock+0x36/0x1c0 [ 37.502042] ? __queue_work+0x6be/0x1440 [ 37.502046] ? lock_acquire+0x1ed/0x520 [ 37.502051] vprintk_default+0x28/0x30 [ 37.502063] vprintk_func+0x7e/0x181 [ 37.502067] printk+0xa7/0xcf [ 37.502071] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.502076] ? kasan_check_write+0x14/0x20 [ 37.502080] ? do_raw_spin_lock+0xc1/0x200 [ 37.502085] ? do_raw_spin_lock+0xc1/0x200 [ 37.502089] kasan_report+0x9b/0x110 [ 37.502093] ? __schedule+0xfc3/0x1ed0 [ 37.502098] __asan_report_load8_noabort+0x14/0x20 [ 37.502102] __schedule+0xfc3/0x1ed0 [ 37.502106] ? __sched_text_start+0x8/0x8 [ 37.502111] ? __lock_is_held+0xb5/0x140 [ 37.502116] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.502120] ? find_held_lock+0x36/0x1c0 [ 37.502124] ? __call_srcu+0x7f9/0x1070 [ 37.502129] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.502134] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.502139] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.502143] ? preempt_schedule+0x4d/0x60 [ 37.502148] preempt_schedule_common+0x1f/0xd0 [ 37.502152] preempt_schedule+0x4d/0x60 [ 37.502156] ___preempt_schedule+0x16/0x18 [ 37.502161] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.502165] __call_srcu+0x7f9/0x1070 [ 37.502170] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.502175] ? srcu_offline_cpu+0x120/0x120 [ 37.502179] ? debug_object_free+0x690/0x690 [ 37.502184] ? mark_held_locks+0x130/0x130 [ 37.502189] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.502193] ? lock_release+0x970/0x970 [ 37.502198] ? arch_local_save_flags+0x40/0x40 [ 37.502202] ? depot_save_stack+0x292/0x470 [ 37.502207] ? __lockdep_init_map+0x105/0x590 [ 37.502212] ? __init_waitqueue_head+0x9e/0x150 [ 37.502216] ? init_wait_entry+0x1c0/0x1c0 [ 37.502220] __synchronize_srcu+0x17b/0x230 [ 37.502225] ? call_srcu+0x10/0x10 [ 37.502229] ? rcu_unexpedite_gp+0x20/0x20 [ 37.502234] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.502239] ? check_preemption_disabled+0x48/0x200 [ 37.502244] synchronize_srcu+0x356/0x5ab [ 37.502248] ? lock_downgrade+0x900/0x900 [ 37.502253] ? synchronize_srcu_expedited+0x20/0x20 [ 37.502258] ? kasan_check_read+0x11/0x20 [ 37.502262] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.502267] ? kasan_check_write+0x14/0x20 [ 37.502271] ? do_raw_spin_lock+0xc1/0x200 [ 37.502276] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.502281] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.502285] ? kvfree+0x61/0x70 [ 37.502290] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.502294] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.502299] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.502304] ? kvm_arch_sync_events+0x30/0x30 [ 37.502309] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.502314] ? mmu_notifier_unregister+0x474/0x600 [ 37.502317] ? kfree+0x107/0x230 [ 37.502323] ? __mmu_notifier_register+0x30/0x30 [ 37.502327] ? __free_pages+0x10a/0x190 [ 37.502331] ? free_unref_page+0x960/0x960 [ 37.502336] kvm_put_kvm+0x6c8/0xff0 [ 37.502340] ? kvm_write_guest_cached+0x40/0x40 [ 37.502345] ? kvm_irqfd_release+0xd1/0x120 [ 37.502349] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.502354] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.502358] ? kasan_check_write+0x14/0x20 [ 37.502363] ? do_raw_spin_lock+0xc1/0x200 [ 37.502366] ? kvm_irqfd_release+0x [ 37.502374] Lost 82 message(s)! [ 38.642246] Shutting down cpus with NMI [ 39.700291] Dumping ftrace buffer: [ 39.703827] (ftrace buffer empty) [ 39.708168] Kernel Offset: disabled [ 39.711790] Rebooting in 86400 seconds..