[....] Starting OpenBSD Secure Shell server: sshd[ 26.504104] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 31.365865] random: sshd: uninitialized urandom read (32 bytes read) [ 31.700089] sshd (5322) used greatest stack depth: 16424 bytes left [ 31.724032] random: sshd: uninitialized urandom read (32 bytes read) [ 32.315861] random: sshd: uninitialized urandom read (32 bytes read) [ 32.535524] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. [ 38.056991] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 38.191923] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 38.218431] ================================================================== [ 38.228450] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 38.234683] Read of size 8 at addr ffff8801d9318058 by task syz-executor627/5339 [ 38.242220] [ 38.243857] CPU: 0 PID: 5339 Comm: syz-executor627 Not tainted 4.19.0-rc2+ #230 [ 38.251301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.260651] Call Trace: [ 38.263241] dump_stack+0x1c4/0x2b4 [ 38.266871] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.272064] ? printk+0xa7/0xcf [ 38.275349] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 38.280118] print_address_description.cold.8+0x9/0x1ff [ 38.285502] kasan_report.cold.9+0x242/0x309 [ 38.289920] ? __schedule+0xfc3/0x1ed0 [ 38.293818] __asan_report_load8_noabort+0x14/0x20 [ 38.298769] __schedule+0xfc3/0x1ed0 [ 38.302493] ? __sched_text_start+0x8/0x8 [ 38.306650] ? __lock_is_held+0xb5/0x140 [ 38.310711] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.315849] ? find_held_lock+0x36/0x1c0 [ 38.319917] ? __call_srcu+0x7f9/0x1070 [ 38.323930] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.329038] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.334147] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.338756] ? preempt_schedule+0x4d/0x60 [ 38.342914] preempt_schedule_common+0x1f/0xd0 [ 38.347500] preempt_schedule+0x4d/0x60 [ 38.351483] ___preempt_schedule+0x16/0x18 [ 38.355729] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.360678] __call_srcu+0x7f9/0x1070 [ 38.364520] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.369634] ? srcu_offline_cpu+0x120/0x120 [ 38.373956] ? debug_object_free+0x690/0x690 [ 38.378370] ? mark_held_locks+0x130/0x130 [ 38.382610] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.387195] ? lock_release+0x970/0x970 [ 38.391172] ? arch_local_save_flags+0x40/0x40 [ 38.395769] ? depot_save_stack+0x292/0x470 [ 38.400098] ? __lockdep_init_map+0x105/0x590 [ 38.404596] ? __init_waitqueue_head+0x9e/0x150 [ 38.409267] ? init_wait_entry+0x1c0/0x1c0 [ 38.413510] __synchronize_srcu+0x17b/0x230 [ 38.417841] ? call_srcu+0x10/0x10 [ 38.421382] ? rcu_unexpedite_gp+0x20/0x20 [ 38.425623] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.431165] ? check_preemption_disabled+0x48/0x200 [ 38.436188] synchronize_srcu+0x356/0x5ab [ 38.440339] ? lock_downgrade+0x900/0x900 [ 38.444495] ? synchronize_srcu_expedited+0x20/0x20 [ 38.449515] ? kasan_check_read+0x11/0x20 [ 38.453670] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.458275] ? kasan_check_write+0x14/0x20 [ 38.462518] ? do_raw_spin_lock+0xc1/0x200 [ 38.466777] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.472501] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.477963] ? kvfree+0x61/0x70 [ 38.481248] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.486277] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.490342] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.494772] ? kvm_arch_sync_events+0x30/0x30 [ 38.499272] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.504821] ? mmu_notifier_unregister+0x474/0x600 [ 38.509763] ? kfree+0x107/0x230 [ 38.513135] ? __mmu_notifier_register+0x30/0x30 [ 38.517893] ? __free_pages+0x10a/0x190 [ 38.521873] ? free_unref_page+0x960/0x960 [ 38.526125] kvm_put_kvm+0x6c8/0xff0 [ 38.529855] ? kvm_write_guest_cached+0x40/0x40 [ 38.534538] ? kvm_irqfd_release+0xd1/0x120 [ 38.538868] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.543374] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.547889] ? kasan_check_write+0x14/0x20 [ 38.552129] ? do_raw_spin_lock+0xc1/0x200 [ 38.556365] ? kvm_irqfd_release+0xdd/0x120 [ 38.560684] ? kvm_irqfd_release+0xdd/0x120 [ 38.565013] ? kvm_put_kvm+0xff0/0xff0 [ 38.568899] kvm_vm_release+0x42/0x50 [ 38.572702] __fput+0x385/0xa30 [ 38.575981] ? get_max_files+0x20/0x20 [ 38.579867] ? trace_hardirqs_on+0xbd/0x310 [ 38.584189] ? ___might_sleep+0x1ed/0x300 [ 38.588336] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.593792] ? arch_local_save_flags+0x40/0x40 [ 38.598379] ? kasan_check_write+0x14/0x20 [ 38.602619] ? do_raw_spin_lock+0xc1/0x200 [ 38.606868] ____fput+0x15/0x20 [ 38.610152] task_work_run+0x1e8/0x2a0 [ 38.614041] ? task_work_cancel+0x240/0x240 [ 38.618363] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.623901] ? switch_task_namespaces+0x9d/0xd0 [ 38.628575] do_exit+0x1ad7/0x2610 [ 38.632123] ? mm_update_next_owner+0x990/0x990 [ 38.636794] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.641391] ? mark_held_locks+0x130/0x130 [ 38.645641] ? kasan_check_write+0x14/0x20 [ 38.649876] ? do_raw_spin_lock+0xc1/0x200 [ 38.654112] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.659658] ? __call_rcu.constprop.69+0x429/0xbc0 [ 38.664585] ? __call_rcu.constprop.69+0x429/0xbc0 [ 38.669524] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.674110] ? trace_hardirqs_on+0xbd/0x310 [ 38.678431] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 38.683708] ? debug_object_deactivate+0x450/0x450 [ 38.688643] ? call_rcu+0x12/0x20 [ 38.692110] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.697562] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.703099] ? check_preemption_disabled+0x48/0x200 [ 38.708121] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.713574] ? rcu_is_watching+0x30/0x30 [ 38.717634] ? __kasan_slab_free+0x119/0x150 [ 38.722043] ? kzfree+0x28/0x30 [ 38.725329] ? kzfree+0x28/0x30 [ 38.728612] ? blkcg_maybe_throttle_current+0xa38/0x1080 [ 38.734062] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.739605] ? blkcg_print_stat+0x13e0/0x13e0 [ 38.744102] ? __fget_light+0x2e9/0x430 [ 38.748081] ? fget_raw+0x20/0x20 [ 38.751535] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.756030] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.760610] ? trace_hardirqs_on+0xbd/0x310 [ 38.764934] ? kasan_check_read+0x11/0x20 [ 38.769091] ? task_work_run+0x1af/0x2a0 [ 38.773155] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.778614] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.784149] ? __fdget_pos+0xde/0x200 [ 38.787948] ? __fdget_raw+0x20/0x20 [ 38.791666] ? trace_hardirqs_off+0xb8/0x310 [ 38.796077] ? do_syscall_64+0x6be/0x820 [ 38.800143] ? trace_hardirqs_on+0x310/0x310 [ 38.804551] ? putname+0xf7/0x130 [ 38.808007] do_group_exit+0x177/0x440 [ 38.812677] ? trace_hardirqs_on+0xbd/0x310 [ 38.817001] ? __ia32_sys_exit+0x50/0x50 [ 38.821068] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.826516] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.832066] ? ksys_ioctl+0x81/0xd0 [ 38.835695] __x64_sys_exit_group+0x3e/0x50 [ 38.840023] do_syscall_64+0x1b9/0x820 [ 38.844039] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.849396] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.854324] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.859166] ? trace_hardirqs_on_caller+0x310/0x310 [ 38.864181] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.869198] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.874230] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.879077] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.884266] RIP: 0033:0x43ee88 [ 38.887458] Code: Bad RIP value. [ 38.890816] RSP: 002b:00007ffd40d42e38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.898522] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ee88 [ 38.905791] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.913069] RBP: 00000000004be748 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.920333] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 38.927604] R13: 00000000006d01a0 R14: 0000000000000000 R15: 0000000000000000 [ 38.934877] [ 38.936498] Allocated by task 5339: [ 38.940130] save_stack+0x43/0xd0 [ 38.943580] kasan_kmalloc+0xc7/0xe0 [ 38.947288] kasan_slab_alloc+0x12/0x20 [ 38.951260] kmem_cache_alloc+0x12e/0x730 [ 38.955411] vmx_create_vcpu+0xcf/0x25e0 [ 38.959470] kvm_arch_vcpu_create+0xe5/0x220 [ 38.963877] kvm_vm_ioctl+0x470/0x1d40 [ 38.967773] do_vfs_ioctl+0x1de/0x1720 [ 38.971668] ksys_ioctl+0xa9/0xd0 [ 38.975119] __x64_sys_ioctl+0x73/0xb0 [ 38.979004] do_syscall_64+0x1b9/0x820 [ 38.982894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.988093] [ 38.989714] Freed by task 5339: [ 38.993002] save_stack+0x43/0xd0 [ 38.996452] __kasan_slab_free+0x102/0x150 [ 39.000688] kasan_slab_free+0xe/0x10 [ 39.004489] kmem_cache_free+0x83/0x290 [ 39.008474] vmx_free_vcpu+0x26b/0x300 [ 39.012412] kvm_arch_destroy_vm+0x365/0x7c0 [ 39.016822] kvm_put_kvm+0x6c8/0xff0 [ 39.020534] kvm_vm_release+0x42/0x50 [ 39.024333] __fput+0x385/0xa30 [ 39.027613] ____fput+0x15/0x20 [ 39.030897] task_work_run+0x1e8/0x2a0 [ 39.034800] do_exit+0x1ad7/0x2610 [ 39.038337] do_group_exit+0x177/0x440 [ 39.042221] __x64_sys_exit_group+0x3e/0x50 [ 39.046540] do_syscall_64+0x1b9/0x820 [ 39.050428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.055606] [ 39.057233] The buggy address belongs to the object at ffff8801d9318040 [ 39.057233] which belongs to the cache kvm_vcpu of size 23872 [ 39.069806] The buggy address is located 24 bytes inside of [ 39.069806] 23872-byte region [ffff8801d9318040, ffff8801d931dd80) [ 39.081774] The buggy address belongs to the page: [ 39.086698] page:ffffea000764c600 count:1 mapcount:0 mapping:ffff8801d595cc00 index:0x0 compound_mapcount: 0 [ 39.096674] flags: 0x2fffc0000008100(slab|head) [ 39.101346] raw: 02fffc0000008100 ffff8801d5959948 ffff8801d5959948 ffff8801d595cc00 [ 39.109230] raw: 0000000000000000 ffff8801d9318040 0000000100000001 0000000000000000 [ 39.117105] page dumped because: kasan: bad access detected [ 39.122802] [ 39.124421] Memory state around the buggy address: [ 39.129347] ffff8801d9317f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.136702] ffff8801d9317f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.144058] >ffff8801d9318000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 39.151418] ^ [ 39.157648] ffff8801d9318080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.165007] ffff8801d9318100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.172354] ================================================================== [ 39.179705] Kernel panic - not syncing: panic_on_warn set ... [ 39.179705] [ 39.187083] CPU: 0 PID: 5339 Comm: syz-executor627 Tainted: G B 4.19.0-rc2+ #230 [ 39.195934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.205285] Call Trace: [ 39.207878] dump_stack+0x1c4/0x2b4 [ 39.211522] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.216712] ? lock_downgrade+0x900/0x900 [ 39.220896] panic+0x238/0x4e7 [ 39.224089] ? add_taint.cold.5+0x16/0x16 [ 39.228245] ? print_shadow_for_address+0xb6/0x116 [ 39.233175] ? trace_hardirqs_off+0xaf/0x310 [ 39.237590] kasan_end_report+0x47/0x4f [ 39.241563] kasan_report.cold.9+0x76/0x309 [ 39.245889] ? __schedule+0xfc3/0x1ed0 [ 39.249782] __asan_report_load8_noabort+0x14/0x20 [ 39.254715] __schedule+0xfc3/0x1ed0 [ 39.258458] ? __sched_text_start+0x8/0x8 [ 39.262613] ? __lock_is_held+0xb5/0x140 [ 39.266672] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.271785] ? find_held_lock+0x36/0x1c0 [ 39.275851] ? __call_srcu+0x7f9/0x1070 [ 39.279831] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.284935] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.290041] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.294627] ? preempt_schedule+0x4d/0x60 [ 39.298786] preempt_schedule_common+0x1f/0xd0 [ 39.303368] preempt_schedule+0x4d/0x60 [ 39.307343] ___preempt_schedule+0x16/0x18 [ 39.311586] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.316515] __call_srcu+0x7f9/0x1070 [ 39.320316] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.325428] ? srcu_offline_cpu+0x120/0x120 [ 39.329772] ? debug_object_free+0x690/0x690 [ 39.334186] ? mark_held_locks+0x130/0x130 [ 39.338420] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.343009] ? lock_release+0x970/0x970 [ 39.346988] ? arch_local_save_flags+0x40/0x40 [ 39.351569] ? depot_save_stack+0x292/0x470 [ 39.355900] ? __lockdep_init_map+0x105/0x590 [ 39.360401] ? __init_waitqueue_head+0x9e/0x150 [ 39.365071] ? init_wait_entry+0x1c0/0x1c0 [ 39.369312] __synchronize_srcu+0x17b/0x230 [ 39.373632] ? call_srcu+0x10/0x10 [ 39.377169] ? rcu_unexpedite_gp+0x20/0x20 [ 39.381409] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.386945] ? check_preemption_disabled+0x48/0x200 [ 39.391966] synchronize_srcu+0x356/0x5ab [ 39.396113] ? lock_downgrade+0x900/0x900 [ 39.400265] ? synchronize_srcu_expedited+0x20/0x20 [ 39.405290] ? kasan_check_read+0x11/0x20 [ 39.409546] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.414131] ? kasan_check_write+0x14/0x20 [ 39.418369] ? do_raw_spin_lock+0xc1/0x200 [ 39.422608] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.428323] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.433785] ? kvfree+0x61/0x70 [ 39.437064] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.442084] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.446145] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.450571] ? kvm_arch_sync_events+0x30/0x30 [ 39.455069] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.460618] ? mmu_notifier_unregister+0x474/0x600 [ 39.465562] ? kfree+0x107/0x230 [ 39.468928] ? __mmu_notifier_register+0x30/0x30 [ 39.473684] ? __free_pages+0x10a/0x190 [ 39.477661] ? free_unref_page+0x960/0x960 [ 39.481906] kvm_put_kvm+0x6c8/0xff0 [ 39.485631] ? kvm_write_guest_cached+0x40/0x40 [ 39.490305] ? kvm_irqfd_release+0xd1/0x120 [ 39.494630] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.499125] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.503634] ? kasan_check_write+0x14/0x20 [ 39.507874] ? do_raw_spin_lock+0xc1/0x200 [ 39.512112] ? kvm_irqfd_release+0xdd/0x120 [ 39.516434] ? kvm_irqfd_release+0xdd/0x120 [ 39.520779] ? kvm_put_kvm+0xff0/0xff0 [ 39.524667] kvm_vm_release+0x42/0x50 [ 39.528469] __fput+0x385/0xa30 [ 39.531763] ? get_max_files+0x20/0x20 [ 39.535675] ? trace_hardirqs_on+0xbd/0x310 [ 39.540003] ? ___might_sleep+0x1ed/0x300 [ 39.544149] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.549602] ? arch_local_save_flags+0x40/0x40 [ 39.554189] ? kasan_check_write+0x14/0x20 [ 39.558424] ? do_raw_spin_lock+0xc1/0x200 [ 39.562658] ____fput+0x15/0x20 [ 39.565949] task_work_run+0x1e8/0x2a0 [ 39.569843] ? task_work_cancel+0x240/0x240 [ 39.574167] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.579707] ? switch_task_namespaces+0x9d/0xd0 [ 39.584387] do_exit+0x1ad7/0x2610 [ 39.587933] ? mm_update_next_owner+0x990/0x990 [ 39.592602] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.597209] ? mark_held_locks+0x130/0x130 [ 39.601465] ? kasan_check_write+0x14/0x20 [ 39.605707] ? do_raw_spin_lock+0xc1/0x200 [ 39.609951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.615493] ? __call_rcu.constprop.69+0x429/0xbc0 [ 39.620425] ? __call_rcu.constprop.69+0x429/0xbc0 [ 39.625355] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.629942] ? trace_hardirqs_on+0xbd/0x310 [ 39.634268] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 39.639547] ? debug_object_deactivate+0x450/0x450 [ 39.644482] ? call_rcu+0x12/0x20 [ 39.647936] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.653386] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.658936] ? check_preemption_disabled+0x48/0x200 [ 39.663961] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.669416] ? rcu_is_watching+0x30/0x30 [ 39.673476] ? __kasan_slab_free+0x119/0x150 [ 39.677885] ? kzfree+0x28/0x30 [ 39.681173] ? kzfree+0x28/0x30 [ 39.684456] ? blkcg_maybe_throttle_current+0xa38/0x1080 [ 39.689907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.695455] ? blkcg_print_stat+0x13e0/0x13e0 [ 39.699956] ? __fget_light+0x2e9/0x430 [ 39.703931] ? fget_raw+0x20/0x20 [ 39.707389] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.711884] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.716489] ? trace_hardirqs_on+0xbd/0x310 [ 39.720817] ? kasan_check_read+0x11/0x20 [ 39.724997] ? task_work_run+0x1af/0x2a0 [ 39.729072] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.734529] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.740564] ? __fdget_pos+0xde/0x200 [ 39.744366] ? __fdget_raw+0x20/0x20 [ 39.748081] ? trace_hardirqs_off+0xb8/0x310 [ 39.752490] ? do_syscall_64+0x6be/0x820 [ 39.756562] ? trace_hardirqs_on+0x310/0x310 [ 39.760969] ? putname+0xf7/0x130 [ 39.764430] do_group_exit+0x177/0x440 [ 39.768318] ? trace_hardirqs_on+0xbd/0x310 [ 39.772644] ? __ia32_sys_exit+0x50/0x50 [ 39.776705] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.782164] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.787707] ? ksys_ioctl+0x81/0xd0 [ 39.791349] __x64_sys_exit_group+0x3e/0x50 [ 39.795677] do_syscall_64+0x1b9/0x820 [ 39.799572] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.804942] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.809875] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.814729] ? trace_hardirqs_on_caller+0x310/0x310 [ 39.819777] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.824804] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.829829] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.834682] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.839873] RIP: 0033:0x43ee88 [ 39.843072] Code: Bad RIP value. [ 39.846443] RSP: 002b:00007ffd40d42e38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 39.854170] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ee88 [ 39.861454] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 39.868735] RBP: 00000000004be748 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 39.876032] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 39.883413] R13: 00000000006d01a0 R14: 0000000000000000 R15: 0000000000000000 [ 39.890705] [ 39.890712] ====================================================== [ 39.890718] WARNING: possible circular locking dependency detected [ 39.890722] 4.19.0-rc2+ #230 Not tainted [ 39.890728] ------------------------------------------------------ [ 39.890733] syz-executor627/5339 is trying to acquire lock: [ 39.890747] 00000000e622b6d6 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 39.890769] [ 39.890774] but task is already holding lock: [ 39.890777] 00000000f10f3320 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.890793] [ 39.890798] which lock already depends on the new lock. [ 39.890801] [ 39.890804] [ 39.890809] the existing dependency chain (in reverse order) is: [ 39.890812] [ 39.890815] -> #3 (report_lock){....}: [ 39.890831] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.890835] kasan_report+0x8b/0x110 [ 39.890840] __asan_report_load8_noabort+0x14/0x20 [ 39.890845] __schedule+0xfc3/0x1ed0 [ 39.890849] preempt_schedule_common+0x1f/0xd0 [ 39.890854] preempt_schedule+0x4d/0x60 [ 39.890859] ___preempt_schedule+0x16/0x18 [ 39.890864] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.890868] __call_srcu+0x7f9/0x1070 [ 39.890873] __synchronize_srcu+0x17b/0x230 [ 39.890877] synchronize_srcu+0x356/0x5ab [ 39.890883] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.890887] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.890892] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.890897] kvm_put_kvm+0x6c8/0xff0 [ 39.890901] kvm_vm_release+0x42/0x50 [ 39.890905] __fput+0x385/0xa30 [ 39.890909] ____fput+0x15/0x20 [ 39.890913] task_work_run+0x1e8/0x2a0 [ 39.890917] do_exit+0x1ad7/0x2610 [ 39.890922] do_group_exit+0x177/0x440 [ 39.890926] __x64_sys_exit_group+0x3e/0x50 [ 39.890931] do_syscall_64+0x1b9/0x820 [ 39.890936] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.890939] [ 39.890941] -> #2 (&rq->lock){-.-.}: [ 39.890957] _raw_spin_lock+0x2d/0x40 [ 39.890961] task_fork_fair+0xb0/0x6d0 [ 39.890966] sched_fork+0x443/0xba0 [ 39.890970] copy_process+0x2586/0x8780 [ 39.890974] _do_fork+0x1cb/0x11d0 [ 39.890978] kernel_thread+0x34/0x40 [ 39.890983] rest_init+0x22/0xe5 [ 39.890987] start_kernel+0x8f4/0x92f [ 39.890992] x86_64_start_reservations+0x29/0x2b [ 39.890996] x86_64_start_kernel+0x76/0x79 [ 39.891001] secondary_startup_64+0xa4/0xb0 [ 39.891004] [ 39.891006] -> #1 (&p->pi_lock){-.-.}: [ 39.891022] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.891027] try_to_wake_up+0xd2/0x12f0 [ 39.891031] wake_up_process+0x10/0x20 [ 39.891036] __up.isra.1+0x1c0/0x2a0 [ 39.891039] up+0x13c/0x1c0 [ 39.891044] __up_console_sem+0xbe/0x1b0 [ 39.891048] console_unlock+0x524/0x11a0 [ 39.891053] vprintk_emit+0x33d/0x930 [ 39.891057] vprintk_default+0x28/0x30 [ 39.891061] vprintk_func+0x7e/0x181 [ 39.891065] printk+0xa7/0xcf [ 39.891069] load_umh+0x51/0xbd [ 39.891074] do_one_initcall+0x145/0x957 [ 39.891078] kernel_init_freeable+0x4bb/0x5ae [ 39.891083] kernel_init+0x11/0x1b2 [ 39.891087] ret_from_fork+0x3a/0x50 [ 39.891090] [ 39.891092] -> #0 ((console_sem).lock){-...}: [ 39.891109] lock_acquire+0x1ed/0x520 [ 39.891113] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.891118] down_trylock+0x13/0x70 [ 39.891123] __down_trylock_console_sem+0xae/0x200 [ 39.891127] console_trylock+0x15/0xa0 [ 39.891131] vprintk_emit+0x322/0x930 [ 39.891136] vprintk_default+0x28/0x30 [ 39.891140] vprintk_func+0x7e/0x181 [ 39.891144] printk+0xa7/0xcf [ 39.891148] kasan_report+0x9b/0x110 [ 39.891153] __asan_report_load8_noabort+0x14/0x20 [ 39.891158] __schedule+0xfc3/0x1ed0 [ 39.891162] preempt_schedule_common+0x1f/0xd0 [ 39.891167] preempt_schedule+0x4d/0x60 [ 39.891171] ___preempt_schedule+0x16/0x18 [ 39.891177] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.891181] __call_srcu+0x7f9/0x1070 [ 39.891186] __synchronize_srcu+0x17b/0x230 [ 39.891190] synchronize_srcu+0x356/0x5ab [ 39.891196] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.891200] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.891205] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.891209] kvm_put_kvm+0x6c8/0xff0 [ 39.891214] kvm_vm_release+0x42/0x50 [ 39.891218] __fput+0x385/0xa30 [ 39.891222] ____fput+0x15/0x20 [ 39.891226] task_work_run+0x1e8/0x2a0 [ 39.891230] do_exit+0x1ad7/0x2610 [ 39.891235] do_group_exit+0x177/0x440 [ 39.891239] __x64_sys_exit_group+0x3e/0x50 [ 39.891244] do_syscall_64+0x1b9/0x820 [ 39.891249] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.891251] [ 39.891257] other info that might help us debug this: [ 39.891260] [ 39.891263] Chain exists of: [ 39.891266] (console_sem).lock --> &rq->lock --> report_lock [ 39.891286] [ 39.891291] Possible unsafe locking scenario: [ 39.891293] [ 39.891298] CPU0 CPU1 [ 39.891302] ---- ---- [ 39.891305] lock(report_lock); [ 39.891315] lock(&rq->lock); [ 39.891326] lock(report_lock); [ 39.891335] lock((console_sem).lock); [ 39.891344] [ 39.891347] *** DEADLOCK *** [ 39.891350] [ 39.891355] 2 locks held by syz-executor627/5339: [ 39.891357] #0: 000000001b8e0f42 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 39.891376] #1: 00000000f10f3320 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.891395] [ 39.891399] stack backtrace: [ 39.891405] CPU: 0 PID: 5339 Comm: syz-executor627 Not tainted 4.19.0-rc2+ #230 [ 39.891413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.891417] Call Trace: [ 39.891421] dump_stack+0x1c4/0x2b4 [ 39.891426] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.891431] ? vprintk_func+0x85/0x181 [ 39.891436] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 39.891440] ? save_trace+0xe0/0x290 [ 39.891445] __lock_acquire+0x33e4/0x4ec0 [ 39.891449] ? mark_held_locks+0x130/0x130 [ 39.891454] ? mark_held_locks+0x130/0x130 [ 39.891458] ? rcu_bh_qs+0xc0/0xc0 [ 39.891462] ? unwind_dump+0x190/0x190 [ 39.891467] ? is_bpf_text_address+0xd3/0x170 [ 39.891472] ? kernel_text_address+0x79/0xf0 [ 39.891477] ? __kernel_text_address+0xd/0x40 [ 39.891481] ? __save_stack_trace+0x8d/0xf0 [ 39.891486] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 39.891491] ? save_trace+0x290/0x290 [ 39.891495] ? save_stack_trace+0x1a/0x20 [ 39.891499] ? save_trace+0xe0/0x290 [ 39.891504] ? kasan_check_read+0x11/0x20 [ 39.891508] ? graph_lock+0x170/0x170 [ 39.891514] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.891518] lock_acquire+0x1ed/0x520 [ 39.891522] ? down_trylock+0x13/0x70 [ 39.891527] ? find_held_lock+0x36/0x1c0 [ 39.891531] ? lock_release+0x970/0x970 [ 39.891536] ? trace_hardirqs_off+0xb8/0x310 [ 39.891540] ? vprintk_emit+0x1d3/0x930 [ 39.891545] ? trace_hardirqs_on+0x310/0x310 [ 39.891550] ? trace_hardirqs_off+0xb8/0x310 [ 39.891554] ? log_store+0x344/0x4c0 [ 39.891559] ? vprintk_emit+0x322/0x930 [ 39.891563] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.891568] ? down_trylock+0x13/0x70 [ 39.891572] down_trylock+0x13/0x70 [ 39.891577] __down_trylock_console_sem+0xae/0x200 [ 39.891581] console_trylock+0x15/0xa0 [ 39.891586] vprintk_emit+0x322/0x930 [ 39.891590] ? wake_up_klogd+0x180/0x180 [ 39.891595] ? run_rebalance_domains+0x500/0x500 [ 39.891599] ? find_held_lock+0x36/0x1c0 [ 39.891604] ? __queue_work+0x6be/0x1440 [ 39.891608] ? lock_acquire+0x1ed/0x520 [ 39.891613] vprintk_default+0x28/0x30 [ 39.891617] vprintk_func+0x7e/0x181 [ 39.891621] printk+0xa7/0xcf [ 39.891626] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 39.891630] ? kasan_check_write+0x14/0x20 [ 39.891635] ? do_raw_spin_lock+0xc1/0x200 [ 39.891639] ? do_raw_spin_lock+0xc1/0x200 [ 39.891644] kasan_report+0x9b/0x110 [ 39.891648] ? __schedule+0xfc3/0x1ed0 [ 39.891653] __asan_report_load8_noabort+0x14/0x20 [ 39.891657] __schedule+0xfc3/0x1ed0 [ 39.891662] ? __sched_text_start+0x8/0x8 [ 39.891666] ? __lock_is_held+0xb5/0x140 [ 39.891671] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.891676] ? find_held_lock+0x36/0x1c0 [ 39.891680] ? __call_srcu+0x7f9/0x1070 [ 39.891685] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.891690] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.891695] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.891700] ? preempt_schedule+0x4d/0x60 [ 39.891705] preempt_schedule_common+0x1f/0xd0 [ 39.891709] preempt_schedule+0x4d/0x60 [ 39.891714] ___preempt_schedule+0x16/0x18 [ 39.891719] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.891723] __call_srcu+0x7f9/0x1070 [ 39.891728] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.891733] ? srcu_offline_cpu+0x120/0x120 [ 39.891746] ? debug_object_free+0x690/0x690 [ 39.891757] ? mark_held_locks+0x130/0x130 [ 39.891762] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.891766] ? lock_release+0x970/0x970 [ 39.891771] ? arch_local_save_flags+0x40/0x40 [ 39.891776] ? depot_save_stack+0x292/0x470 [ 39.891780] ? __lockdep_init_map+0x105/0x590 [ 39.891785] ? __init_waitqueue_head+0x9e/0x150 [ 39.891790] ? init_wait_entry+0x1c0/0x1c0 [ 39.891794] __synchronize_srcu+0x17b/0x230 [ 39.891798] ? call_srcu+0x10/0x10 [ 39.891803] ? rcu_unexpedite_gp+0x20/0x20 [ 39.891808] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.891814] ? check_preemption_disabled+0x48/0x200 [ 39.891818] synchronize_srcu+0x356/0x5ab [ 39.891823] ? lock_downgrade+0x900/0x900 [ 39.891828] ? synchronize_srcu_expedited+0x20/0x20 [ 39.891832] ? kasan_check_read+0x11/0x20 [ 39.891837] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.891841] ? kasan_check_write+0x14/0x20 [ 39.891846] ? do_raw_spin_lock+0xc1/0x200 [ 39.891852] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.891857] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.891861] ? kvfree+0x61/0x70 [ 39.891866] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.891871] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.891875] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.891880] ? kvm_arch_sync_events+0x30/0x30 [ 39.891885] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.891890] ? mmu_notifier_unregister+0x474/0x600 [ 39.891894] ? kfree+0x107/0x230 [ 39.891899] ? __mmu_notifier_register+0x30/0x30 [ 39.891904] ? __free_pages+0x10a/0x190 [ 39.891908] ? free_unref_page+0x960/0x960 [ 39.891912] kvm_put_kvm+0x6c8/0xff0 [ 39.891917] ? kvm_write_guest_cached+0x40/0x40 [ 39.891922] ? kvm_irqfd_release+0xd1/0x120 [ 39.891927] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.891931] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.891936] ? kasan_check_write+0x14/0x20 [ 39.891941] ? do_raw_spin_lock+0xc1/0x200 [ 39.891945] ? kvm_irqfd_release+0xdd/0x120 [ 39.891949] ? kvm_irqfd_release+ [ 39.891958] Lost 80 message(s)! [ 41.024016] Shutting down cpus with NMI [ 42.082443] Dumping ftrace buffer: [ 42.085974] (ftrace buffer empty) [ 42.090267] Kernel Offset: disabled [ 42.093895] Rebooting in 86400 seconds..