[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 27.107545] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.221061] random: sshd: uninitialized urandom read (32 bytes read) [ 30.707401] random: sshd: uninitialized urandom read (32 bytes read) [ 31.331432] random: sshd: uninitialized urandom read (32 bytes read) [ 31.555147] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.11' (ECDSA) to the list of known hosts. [ 37.136196] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 37.257893] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 37.288815] ================================================================== [ 37.298760] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 37.305007] Read of size 8 at addr ffff8801bafe0058 by task syz-executor340/5391 [ 37.312546] [ 37.314184] CPU: 1 PID: 5391 Comm: syz-executor340 Not tainted 4.19.0-rc3+ #231 [ 37.321655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.331016] Call Trace: [ 37.333610] dump_stack+0x1c4/0x2b4 [ 37.337257] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.342466] ? printk+0xa7/0xcf [ 37.345752] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.350526] print_address_description.cold.8+0x9/0x1ff [ 37.355893] kasan_report.cold.9+0x242/0x309 [ 37.360318] ? __schedule+0xfc3/0x1ed0 [ 37.364222] __asan_report_load8_noabort+0x14/0x20 [ 37.369167] __schedule+0xfc3/0x1ed0 [ 37.372894] ? __sched_text_start+0x8/0x8 [ 37.377050] ? __lock_is_held+0xb5/0x140 [ 37.381140] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.386254] ? find_held_lock+0x36/0x1c0 [ 37.390328] ? __call_srcu+0x7f9/0x1070 [ 37.394305] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.399434] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.404543] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.409131] ? preempt_schedule+0x4d/0x60 [ 37.413292] preempt_schedule_common+0x1f/0xd0 [ 37.417892] preempt_schedule+0x4d/0x60 [ 37.421875] ___preempt_schedule+0x16/0x18 [ 37.426118] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.431059] __call_srcu+0x7f9/0x1070 [ 37.434894] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.440024] ? srcu_offline_cpu+0x120/0x120 [ 37.444349] ? debug_object_free+0x690/0x690 [ 37.448759] ? mark_held_locks+0x130/0x130 [ 37.453004] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.457593] ? lock_release+0x970/0x970 [ 37.461583] ? arch_local_save_flags+0x40/0x40 [ 37.466179] ? depot_save_stack+0x292/0x470 [ 37.470521] ? __lockdep_init_map+0x105/0x590 [ 37.475035] ? __init_waitqueue_head+0x9e/0x150 [ 37.479734] ? init_wait_entry+0x1c0/0x1c0 [ 37.483991] __synchronize_srcu+0x17b/0x230 [ 37.488326] ? call_srcu+0x10/0x10 [ 37.491873] ? rcu_unexpedite_gp+0x20/0x20 [ 37.496118] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.501675] ? check_preemption_disabled+0x48/0x200 [ 37.506704] synchronize_srcu+0x356/0x5ab [ 37.510877] ? lock_downgrade+0x900/0x900 [ 37.515038] ? synchronize_srcu_expedited+0x20/0x20 [ 37.520103] ? kasan_check_read+0x11/0x20 [ 37.524279] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.528872] ? kasan_check_write+0x14/0x20 [ 37.533121] ? do_raw_spin_lock+0xc1/0x200 [ 37.537379] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.543119] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.548598] ? kvfree+0x61/0x70 [ 37.551887] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.556912] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.560996] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.565426] ? kvm_arch_sync_events+0x30/0x30 [ 37.569949] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.575505] ? mmu_notifier_unregister+0x474/0x600 [ 37.580437] ? kfree+0x107/0x230 [ 37.583845] ? __mmu_notifier_register+0x30/0x30 [ 37.588632] ? __free_pages+0x10a/0x190 [ 37.592623] ? free_unref_page+0x960/0x960 [ 37.596885] kvm_put_kvm+0x6c8/0xff0 [ 37.600624] ? kvm_write_guest_cached+0x40/0x40 [ 37.605329] ? kvm_irqfd_release+0xd1/0x120 [ 37.609673] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.614184] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.618694] ? kasan_check_write+0x14/0x20 [ 37.622950] ? do_raw_spin_lock+0xc1/0x200 [ 37.627217] ? kvm_irqfd_release+0xdd/0x120 [ 37.631565] ? kvm_irqfd_release+0xdd/0x120 [ 37.635894] ? kvm_put_kvm+0xff0/0xff0 [ 37.639798] kvm_vm_release+0x42/0x50 [ 37.643604] __fput+0x385/0xa30 [ 37.646911] ? get_max_files+0x20/0x20 [ 37.650817] ? trace_hardirqs_on+0xbd/0x310 [ 37.655153] ? ___might_sleep+0x1ed/0x300 [ 37.659311] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.664782] ? arch_local_save_flags+0x40/0x40 [ 37.669385] ? kasan_check_write+0x14/0x20 [ 37.673624] ? do_raw_spin_lock+0xc1/0x200 [ 37.677878] ____fput+0x15/0x20 [ 37.681162] task_work_run+0x1e8/0x2a0 [ 37.685060] ? task_work_cancel+0x240/0x240 [ 37.689416] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.694962] ? switch_task_namespaces+0x9d/0xd0 [ 37.699646] do_exit+0x1ad7/0x2610 [ 37.703206] ? mm_update_next_owner+0x990/0x990 [ 37.707889] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 37.712136] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.717167] ? kfree+0x1fa/0x230 [ 37.720543] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 37.724783] ? kvm_vcpu_block+0x1030/0x1030 [ 37.729137] ? is_bpf_text_address+0xd3/0x170 [ 37.733652] ? kernel_text_address+0x79/0xf0 [ 37.738082] ? __kernel_text_address+0xd/0x40 [ 37.742599] ? unwind_get_return_address+0x61/0xa0 [ 37.747536] ? __save_stack_trace+0x8d/0xf0 [ 37.751885] ? save_stack+0xa9/0xd0 [ 37.755525] ? save_stack+0x43/0xd0 [ 37.759154] ? __kasan_slab_free+0x102/0x150 [ 37.763566] ? kasan_slab_free+0xe/0x10 [ 37.767549] ? putname+0xf2/0x130 [ 37.771018] ? __x64_sys_openat+0x9d/0x100 [ 37.775274] ? do_syscall_64+0x1b9/0x820 [ 37.779352] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.784727] ? trace_hardirqs_off+0xb8/0x310 [ 37.789164] ? kasan_check_read+0x11/0x20 [ 37.793336] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.797765] ? trace_hardirqs_on+0x310/0x310 [ 37.802198] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 37.807317] ? trace_hardirqs_off+0xb8/0x310 [ 37.811746] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.817304] ? check_preemption_disabled+0x48/0x200 [ 37.822335] ? check_preemption_disabled+0x48/0x200 [ 37.827377] ? kvm_vcpu_block+0x1030/0x1030 [ 37.831714] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.837286] ? do_vfs_ioctl+0x201/0x1720 [ 37.841366] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 37.846661] ? ioctl_preallocate+0x300/0x300 [ 37.851108] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.856670] ? __fget_light+0x2e9/0x430 [ 37.860653] ? fget_raw+0x20/0x20 [ 37.864105] ? putname+0xf2/0x130 [ 37.867578] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.872609] ? kmem_cache_free+0x24f/0x290 [ 37.876871] ? putname+0xf7/0x130 [ 37.880342] do_group_exit+0x177/0x440 [ 37.884240] ? trace_hardirqs_on+0xbd/0x310 [ 37.888578] ? __ia32_sys_exit+0x50/0x50 [ 37.892932] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.898405] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.903960] ? ksys_ioctl+0x81/0xd0 [ 37.907596] __x64_sys_exit_group+0x3e/0x50 [ 37.911924] do_syscall_64+0x1b9/0x820 [ 37.915837] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.921229] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.926174] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.931039] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.936098] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.941234] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.946289] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.951159] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.956364] RIP: 0033:0x43ecc8 [ 37.959570] Code: Bad RIP value. [ 37.962937] RSP: 002b:00007ffe7d0a44c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.970669] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 37.977947] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.985229] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.992514] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 38.000309] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 38.007707] [ 38.009341] Allocated by task 5391: [ 38.012968] save_stack+0x43/0xd0 [ 38.016416] kasan_kmalloc+0xc7/0xe0 [ 38.020141] kasan_slab_alloc+0x12/0x20 [ 38.024122] kmem_cache_alloc+0x12e/0x730 [ 38.028274] vmx_create_vcpu+0xcf/0x25e0 [ 38.032349] kvm_arch_vcpu_create+0xe5/0x220 [ 38.036760] kvm_vm_ioctl+0x470/0x1d40 [ 38.040667] do_vfs_ioctl+0x1de/0x1720 [ 38.044564] ksys_ioctl+0xa9/0xd0 [ 38.048021] __x64_sys_ioctl+0x73/0xb0 [ 38.051908] do_syscall_64+0x1b9/0x820 [ 38.055824] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.061007] [ 38.062632] Freed by task 5391: [ 38.065915] save_stack+0x43/0xd0 [ 38.069373] __kasan_slab_free+0x102/0x150 [ 38.073613] kasan_slab_free+0xe/0x10 [ 38.077418] kmem_cache_free+0x83/0x290 [ 38.081405] vmx_free_vcpu+0x26b/0x300 [ 38.085325] kvm_arch_destroy_vm+0x365/0x7c0 [ 38.089754] kvm_put_kvm+0x6c8/0xff0 [ 38.093497] kvm_vm_release+0x42/0x50 [ 38.097319] __fput+0x385/0xa30 [ 38.100611] ____fput+0x15/0x20 [ 38.103904] task_work_run+0x1e8/0x2a0 [ 38.107797] do_exit+0x1ad7/0x2610 [ 38.111339] do_group_exit+0x177/0x440 [ 38.115230] __x64_sys_exit_group+0x3e/0x50 [ 38.119557] do_syscall_64+0x1b9/0x820 [ 38.123468] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.128654] [ 38.130283] The buggy address belongs to the object at ffff8801bafe0040 [ 38.130283] which belongs to the cache kvm_vcpu of size 23872 [ 38.142872] The buggy address is located 24 bytes inside of [ 38.142872] 23872-byte region [ffff8801bafe0040, ffff8801bafe5d80) [ 38.154838] The buggy address belongs to the page: [ 38.159779] page:ffffea0006ebf800 count:1 mapcount:0 mapping:ffff8801d5a03780 index:0x0 compound_mapcount: 0 [ 38.169767] flags: 0x2fffc0000008100(slab|head) [ 38.174449] raw: 02fffc0000008100 ffff8801d5a05648 ffff8801d5a05648 ffff8801d5a03780 [ 38.182344] raw: 0000000000000000 ffff8801bafe0040 0000000100000001 0000000000000000 [ 38.190231] page dumped because: kasan: bad access detected [ 38.195936] [ 38.197557] Memory state around the buggy address: [ 38.202491] ffff8801bafdff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.209863] ffff8801bafdff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.217240] >ffff8801bafe0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 38.224614] ^ [ 38.230973] ffff8801bafe0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.238346] ffff8801bafe0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.245713] ================================================================== [ 38.253105] Kernel panic - not syncing: panic_on_warn set ... [ 38.253105] [ 38.260489] CPU: 1 PID: 5391 Comm: syz-executor340 Tainted: G B 4.19.0-rc3+ #231 [ 38.269332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.278700] Call Trace: [ 38.281299] dump_stack+0x1c4/0x2b4 [ 38.284937] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.290145] ? lock_downgrade+0x900/0x900 [ 38.294309] panic+0x238/0x4e7 [ 38.297507] ? add_taint.cold.5+0x16/0x16 [ 38.301664] ? print_shadow_for_address+0xb6/0x116 [ 38.306603] ? trace_hardirqs_off+0xaf/0x310 [ 38.311038] kasan_end_report+0x47/0x4f [ 38.315027] kasan_report.cold.9+0x76/0x309 [ 38.319380] ? __schedule+0xfc3/0x1ed0 [ 38.323286] __asan_report_load8_noabort+0x14/0x20 [ 38.328233] __schedule+0xfc3/0x1ed0 [ 38.331966] ? __sched_text_start+0x8/0x8 [ 38.336121] ? __lock_is_held+0xb5/0x140 [ 38.340185] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.345309] ? find_held_lock+0x36/0x1c0 [ 38.349418] ? __call_srcu+0x7f9/0x1070 [ 38.353412] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.358530] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.363649] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.368261] ? preempt_schedule+0x4d/0x60 [ 38.372446] preempt_schedule_common+0x1f/0xd0 [ 38.377054] preempt_schedule+0x4d/0x60 [ 38.381048] ___preempt_schedule+0x16/0x18 [ 38.385311] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.390262] __call_srcu+0x7f9/0x1070 [ 38.394112] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.399230] ? srcu_offline_cpu+0x120/0x120 [ 38.403556] ? debug_object_free+0x690/0x690 [ 38.407978] ? mark_held_locks+0x130/0x130 [ 38.412223] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.416819] ? lock_release+0x970/0x970 [ 38.420805] ? arch_local_save_flags+0x40/0x40 [ 38.425391] ? depot_save_stack+0x292/0x470 [ 38.429751] ? __lockdep_init_map+0x105/0x590 [ 38.434273] ? __init_waitqueue_head+0x9e/0x150 [ 38.438946] ? init_wait_entry+0x1c0/0x1c0 [ 38.443203] __synchronize_srcu+0x17b/0x230 [ 38.447543] ? call_srcu+0x10/0x10 [ 38.451109] ? rcu_unexpedite_gp+0x20/0x20 [ 38.455365] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.460907] ? check_preemption_disabled+0x48/0x200 [ 38.465939] synchronize_srcu+0x356/0x5ab [ 38.470102] ? lock_downgrade+0x900/0x900 [ 38.474285] ? synchronize_srcu_expedited+0x20/0x20 [ 38.479322] ? kasan_check_read+0x11/0x20 [ 38.483501] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.488118] ? kasan_check_write+0x14/0x20 [ 38.492362] ? do_raw_spin_lock+0xc1/0x200 [ 38.496623] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.502364] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.507841] ? kvfree+0x61/0x70 [ 38.511133] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.516180] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.520252] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.524673] ? kvm_arch_sync_events+0x30/0x30 [ 38.529180] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.534733] ? mmu_notifier_unregister+0x474/0x600 [ 38.539686] ? kfree+0x107/0x230 [ 38.543066] ? __mmu_notifier_register+0x30/0x30 [ 38.547840] ? __free_pages+0x10a/0x190 [ 38.551831] ? free_unref_page+0x960/0x960 [ 38.556097] kvm_put_kvm+0x6c8/0xff0 [ 38.559841] ? kvm_write_guest_cached+0x40/0x40 [ 38.564520] ? kvm_irqfd_release+0xd1/0x120 [ 38.568979] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.573490] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.578011] ? kasan_check_write+0x14/0x20 [ 38.582257] ? do_raw_spin_lock+0xc1/0x200 [ 38.586512] ? kvm_irqfd_release+0xdd/0x120 [ 38.590835] ? kvm_irqfd_release+0xdd/0x120 [ 38.595172] ? kvm_put_kvm+0xff0/0xff0 [ 38.599098] kvm_vm_release+0x42/0x50 [ 38.602913] __fput+0x385/0xa30 [ 38.606205] ? get_max_files+0x20/0x20 [ 38.610115] ? trace_hardirqs_on+0xbd/0x310 [ 38.614450] ? ___might_sleep+0x1ed/0x300 [ 38.618606] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.624086] ? arch_local_save_flags+0x40/0x40 [ 38.628709] ? kasan_check_write+0x14/0x20 [ 38.632995] ? do_raw_spin_lock+0xc1/0x200 [ 38.637256] ____fput+0x15/0x20 [ 38.640556] task_work_run+0x1e8/0x2a0 [ 38.644470] ? task_work_cancel+0x240/0x240 [ 38.648804] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.654352] ? switch_task_namespaces+0x9d/0xd0 [ 38.659032] do_exit+0x1ad7/0x2610 [ 38.662593] ? mm_update_next_owner+0x990/0x990 [ 38.667283] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 38.671543] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.676567] ? kfree+0x1fa/0x230 [ 38.679940] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 38.684205] ? kvm_vcpu_block+0x1030/0x1030 [ 38.688537] ? is_bpf_text_address+0xd3/0x170 [ 38.693036] ? kernel_text_address+0x79/0xf0 [ 38.697461] ? __kernel_text_address+0xd/0x40 [ 38.701965] ? unwind_get_return_address+0x61/0xa0 [ 38.706915] ? __save_stack_trace+0x8d/0xf0 [ 38.711250] ? save_stack+0xa9/0xd0 [ 38.714873] ? save_stack+0x43/0xd0 [ 38.718508] ? __kasan_slab_free+0x102/0x150 [ 38.722918] ? kasan_slab_free+0xe/0x10 [ 38.726918] ? putname+0xf2/0x130 [ 38.730377] ? __x64_sys_openat+0x9d/0x100 [ 38.734617] ? do_syscall_64+0x1b9/0x820 [ 38.738695] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.744091] ? trace_hardirqs_off+0xb8/0x310 [ 38.748522] ? kasan_check_read+0x11/0x20 [ 38.752691] ? do_raw_spin_unlock+0xa7/0x2f0 [ 38.757115] ? trace_hardirqs_on+0x310/0x310 [ 38.761559] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 38.766691] ? trace_hardirqs_off+0xb8/0x310 [ 38.771120] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.776663] ? check_preemption_disabled+0x48/0x200 [ 38.781679] ? check_preemption_disabled+0x48/0x200 [ 38.786729] ? kvm_vcpu_block+0x1030/0x1030 [ 38.791080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.796641] ? do_vfs_ioctl+0x201/0x1720 [ 38.800728] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 38.806031] ? ioctl_preallocate+0x300/0x300 [ 38.810495] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.816045] ? __fget_light+0x2e9/0x430 [ 38.820050] ? fget_raw+0x20/0x20 [ 38.823508] ? putname+0xf2/0x130 [ 38.826969] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.832005] ? kmem_cache_free+0x24f/0x290 [ 38.836248] ? putname+0xf7/0x130 [ 38.839712] do_group_exit+0x177/0x440 [ 38.843604] ? trace_hardirqs_on+0xbd/0x310 [ 38.847940] ? __ia32_sys_exit+0x50/0x50 [ 38.852012] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.857479] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.863029] ? ksys_ioctl+0x81/0xd0 [ 38.866673] __x64_sys_exit_group+0x3e/0x50 [ 38.871024] do_syscall_64+0x1b9/0x820 [ 38.874917] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.880293] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.885244] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.890125] ? trace_hardirqs_on_caller+0x310/0x310 [ 38.895835] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.900865] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.905888] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.910751] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.915950] RIP: 0033:0x43ecc8 [ 38.919145] Code: Bad RIP value. [ 38.922506] RSP: 002b:00007ffe7d0a44c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.930229] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 38.937510] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.944791] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.952072] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 38.959354] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 38.966643] [ 38.966649] ====================================================== [ 38.966655] WARNING: possible circular locking dependency detected [ 38.966659] 4.19.0-rc3+ #231 Not tainted [ 38.966665] ------------------------------------------------------ [ 38.966670] syz-executor340/5391 is trying to acquire lock: [ 38.966674] 000000009ed5f290 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 38.966691] [ 38.966695] but task is already holding lock: [ 38.966698] 00000000697af960 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 38.966714] [ 38.966719] which lock already depends on the new lock. [ 38.966722] [ 38.966724] [ 38.966730] the existing dependency chain (in reverse order) is: [ 38.966732] [ 38.966735] -> #3 (report_lock){....}: [ 38.966751] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.966755] kasan_report+0x8b/0x110 [ 38.966760] __asan_report_load8_noabort+0x14/0x20 [ 38.966771] __schedule+0xfc3/0x1ed0 [ 38.966775] preempt_schedule_common+0x1f/0xd0 [ 38.966780] preempt_schedule+0x4d/0x60 [ 38.966784] ___preempt_schedule+0x16/0x18 [ 38.966789] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.966793] __call_srcu+0x7f9/0x1070 [ 38.966798] __synchronize_srcu+0x17b/0x230 [ 38.966802] synchronize_srcu+0x356/0x5ab [ 38.966807] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.966812] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.966816] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.966820] kvm_put_kvm+0x6c8/0xff0 [ 38.966825] kvm_vm_release+0x42/0x50 [ 38.966828] __fput+0x385/0xa30 [ 38.966832] ____fput+0x15/0x20 [ 38.966837] task_work_run+0x1e8/0x2a0 [ 38.966841] do_exit+0x1ad7/0x2610 [ 38.966845] do_group_exit+0x177/0x440 [ 38.966849] __x64_sys_exit_group+0x3e/0x50 [ 38.966854] do_syscall_64+0x1b9/0x820 [ 38.966859] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.966861] [ 38.966864] -> #2 (&rq->lock){-.-.}: [ 38.966879] _raw_spin_lock+0x2d/0x40 [ 38.966884] task_fork_fair+0xb0/0x6d0 [ 38.966888] sched_fork+0x443/0xba0 [ 38.966892] copy_process+0x2586/0x8780 [ 38.966896] _do_fork+0x1cb/0x11d0 [ 38.966900] kernel_thread+0x34/0x40 [ 38.966904] rest_init+0x22/0xe5 [ 38.966908] start_kernel+0x8f4/0x92f [ 38.966913] x86_64_start_reservations+0x29/0x2b [ 38.966918] x86_64_start_kernel+0x76/0x79 [ 38.966922] secondary_startup_64+0xa4/0xb0 [ 38.966925] [ 38.966927] -> #1 (&p->pi_lock){-.-.}: [ 38.966943] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.966947] try_to_wake_up+0xd2/0x12f0 [ 38.966952] wake_up_process+0x10/0x20 [ 38.966956] __up.isra.1+0x1c0/0x2a0 [ 38.966959] up+0x13c/0x1c0 [ 38.966964] __up_console_sem+0xbe/0x1b0 [ 38.966968] console_unlock+0x524/0x11a0 [ 38.966972] vprintk_emit+0x33d/0x930 [ 38.966977] vprintk_default+0x28/0x30 [ 38.966981] vprintk_func+0x7e/0x181 [ 38.966984] printk+0xa7/0xcf [ 38.966988] load_umh+0x51/0xbd [ 38.966993] do_one_initcall+0x145/0x957 [ 38.966997] kernel_init_freeable+0x4bb/0x5ae [ 38.967001] kernel_init+0x11/0x1b2 [ 38.967005] ret_from_fork+0x3a/0x50 [ 38.967008] [ 38.967010] -> #0 ((console_sem).lock){-...}: [ 38.967026] lock_acquire+0x1ed/0x520 [ 38.967031] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.967035] down_trylock+0x13/0x70 [ 38.967040] __down_trylock_console_sem+0xae/0x200 [ 38.967044] console_trylock+0x15/0xa0 [ 38.967048] vprintk_emit+0x322/0x930 [ 38.967053] vprintk_default+0x28/0x30 [ 38.967057] vprintk_func+0x7e/0x181 [ 38.967061] printk+0xa7/0xcf [ 38.967065] kasan_report+0x9b/0x110 [ 38.967069] __asan_report_load8_noabort+0x14/0x20 [ 38.967073] __schedule+0xfc3/0x1ed0 [ 38.967078] preempt_schedule_common+0x1f/0xd0 [ 38.967082] preempt_schedule+0x4d/0x60 [ 38.967087] ___preempt_schedule+0x16/0x18 [ 38.967092] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.967096] __call_srcu+0x7f9/0x1070 [ 38.967100] __synchronize_srcu+0x17b/0x230 [ 38.967105] synchronize_srcu+0x356/0x5ab [ 38.967110] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.967114] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.967119] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.967123] kvm_put_kvm+0x6c8/0xff0 [ 38.967127] kvm_vm_release+0x42/0x50 [ 38.967131] __fput+0x385/0xa30 [ 38.967135] ____fput+0x15/0x20 [ 38.967139] task_work_run+0x1e8/0x2a0 [ 38.967143] do_exit+0x1ad7/0x2610 [ 38.967148] do_group_exit+0x177/0x440 [ 38.967152] __x64_sys_exit_group+0x3e/0x50 [ 38.967156] do_syscall_64+0x1b9/0x820 [ 38.967161] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.967164] [ 38.967169] other info that might help us debug this: [ 38.967171] [ 38.967175] Chain exists of: [ 38.967177] (console_sem).lock --> &rq->lock --> report_lock [ 38.967197] [ 38.967202] Possible unsafe locking scenario: [ 38.967204] [ 38.967209] CPU0 CPU1 [ 38.967213] ---- ---- [ 38.967216] lock(report_lock); [ 38.967226] lock(&rq->lock); [ 38.967236] lock(report_lock); [ 38.967245] lock((console_sem).lock); [ 38.967254] [ 38.967257] *** DEADLOCK *** [ 38.967260] [ 38.967264] 2 locks held by syz-executor340/5391: [ 38.967267] #0: 000000009cad6e91 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 38.967286] #1: 00000000697af960 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 38.967305] [ 38.967308] stack backtrace: [ 38.967315] CPU: 1 PID: 5391 Comm: syz-executor340 Not tainted 4.19.0-rc3+ #231 [ 38.967322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.967326] Call Trace: [ 38.967330] dump_stack+0x1c4/0x2b4 [ 38.967335] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.967339] ? vprintk_func+0x85/0x181 [ 38.967344] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 38.967348] ? save_trace+0xe0/0x290 [ 38.967353] __lock_acquire+0x33e4/0x4ec0 [ 38.967357] ? mark_held_locks+0x130/0x130 [ 38.967362] ? mark_held_locks+0x130/0x130 [ 38.967366] ? rcu_bh_qs+0xc0/0xc0 [ 38.967370] ? unwind_dump+0x190/0x190 [ 38.967374] ? is_bpf_text_address+0xd3/0x170 [ 38.967379] ? kernel_text_address+0x79/0xf0 [ 38.967384] ? __kernel_text_address+0xd/0x40 [ 38.967388] ? __save_stack_trace+0x8d/0xf0 [ 38.967393] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 38.967397] ? save_trace+0x290/0x290 [ 38.967401] ? save_stack_trace+0x1a/0x20 [ 38.967405] ? save_trace+0xe0/0x290 [ 38.967410] ? kasan_check_read+0x11/0x20 [ 38.967414] ? graph_lock+0x170/0x170 [ 38.967419] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.967423] lock_acquire+0x1ed/0x520 [ 38.967427] ? down_trylock+0x13/0x70 [ 38.967432] ? find_held_lock+0x36/0x1c0 [ 38.967436] ? lock_release+0x970/0x970 [ 38.967441] ? trace_hardirqs_off+0xb8/0x310 [ 38.967445] ? vprintk_emit+0x1d3/0x930 [ 38.967450] ? trace_hardirqs_on+0x310/0x310 [ 38.967454] ? trace_hardirqs_off+0xb8/0x310 [ 38.967458] ? log_store+0x344/0x4c0 [ 38.967463] ? vprintk_emit+0x322/0x930 [ 38.967467] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.967471] ? down_trylock+0x13/0x70 [ 38.967475] down_trylock+0x13/0x70 [ 38.967480] __down_trylock_console_sem+0xae/0x200 [ 38.967484] console_trylock+0x15/0xa0 [ 38.967489] vprintk_emit+0x322/0x930 [ 38.967493] ? wake_up_klogd+0x180/0x180 [ 38.967498] ? run_rebalance_domains+0x500/0x500 [ 38.967502] ? wake_up_worker+0x117/0x190 [ 38.967506] ? find_held_lock+0x36/0x1c0 [ 38.967511] ? __queue_work+0x6be/0x1440 [ 38.967515] ? lock_acquire+0x1ed/0x520 [ 38.967519] vprintk_default+0x28/0x30 [ 38.967523] vprintk_func+0x7e/0x181 [ 38.967527] printk+0xa7/0xcf [ 38.967532] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 38.967536] ? kasan_check_write+0x14/0x20 [ 38.967541] ? do_raw_spin_lock+0xc1/0x200 [ 38.967545] ? do_raw_spin_lock+0xc1/0x200 [ 38.967549] kasan_report+0x9b/0x110 [ 38.967553] ? __schedule+0xfc3/0x1ed0 [ 38.967558] __asan_report_load8_noabort+0x14/0x20 [ 38.967562] __schedule+0xfc3/0x1ed0 [ 38.967566] ? __sched_text_start+0x8/0x8 [ 38.967571] ? __lock_is_held+0xb5/0x140 [ 38.967576] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.967580] ? find_held_lock+0x36/0x1c0 [ 38.967584] ? __call_srcu+0x7f9/0x1070 [ 38.967589] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.967594] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.967599] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.967603] ? preempt_schedule+0x4d/0x60 [ 38.967608] preempt_schedule_common+0x1f/0xd0 [ 38.967612] preempt_schedule+0x4d/0x60 [ 38.967616] ___preempt_schedule+0x16/0x18 [ 38.967621] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.967625] __call_srcu+0x7f9/0x1070 [ 38.967630] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.967635] ? srcu_offline_cpu+0x120/0x120 [ 38.967639] ? debug_object_free+0x690/0x690 [ 38.967644] ? mark_held_locks+0x130/0x130 [ 38.967648] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.967653] ? lock_release+0x970/0x970 [ 38.967657] ? arch_local_save_flags+0x40/0x40 [ 38.967662] ? depot_save_stack+0x292/0x470 [ 38.967666] ? __lockdep_init_map+0x105/0x590 [ 38.967671] ? __init_waitqueue_head+0x9e/0x150 [ 38.967675] ? init_wait_entry+0x1c0/0x1c0 [ 38.967680] __synchronize_srcu+0x17b/0x230 [ 38.967684] ? call_srcu+0x10/0x10 [ 38.967688] ? rcu_unexpedite_gp+0x20/0x20 [ 38.967693] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.967698] ? check_preemption_disabled+0x48/0x200 [ 38.967703] synchronize_srcu+0x356/0x5ab [ 38.967707] ? lock_downgrade+0x900/0x900 [ 38.967712] ? synchronize_srcu_expedited+0x20/0x20 [ 38.967717] ? kasan_check_read+0x11/0x20 [ 38.967721] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.967726] ? kasan_check_write+0x14/0x20 [ 38.967730] ? do_raw_spin_lock+0xc1/0x200 [ 38.967735] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.967740] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.967744] ? kvfree+0x61/0x70 [ 38.967749] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.967753] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.967758] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.967768] ? kvm_arch_sync_events+0x30/0x30 [ 38.967773] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.967778] ? mmu_notifier_unregister+0x474/0x600 [ 38.967782] ? kfree+0x107/0x230 [ 38.967786] ? __mmu_notifier_register+0x30/0x30 [ 38.967791] ? __free_pages+0x10a/0x190 [ 38.967795] ? free_unref_page+0x960/0x960 [ 38.967799] kvm_put_kvm+0x6c8/0xff0 [ 38.967804] ? kvm_write_guest_cached+0x40/0x40 [ 38.967808] ? kvm_irqfd_release+0xd1/0x120 [ 38.967813] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.967817] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.967822] ? kasan_check_write+0x14/0x20 [ 38.967826] ? do_raw_spin_lock+0xc1/0x200 [ 38.967830] ? kvm_irqfd_release+0x [ 38.967838] Lost 82 message(s)! [ 40.117681] Shutting down cpus with NMI [ 41.181645] Dumping ftrace buffer: [ 41.185182] (ftrace buffer empty) [ 41.189536] Kernel Offset: disabled [ 41.193172] Rebooting in 86400 seconds..