[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 26.848986] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.862223] random: sshd: uninitialized urandom read (32 bytes read) [ 31.261525] random: sshd: uninitialized urandom read (32 bytes read) [ 31.851397] random: sshd: uninitialized urandom read (32 bytes read) [ 32.073482] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts. [ 37.658179] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 37.785384] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 37.812440] ================================================================== [ 37.822445] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 37.828678] Read of size 8 at addr ffff8801c19f0058 by task syz-executor740/5373 [ 37.836210] [ 37.837842] CPU: 1 PID: 5373 Comm: syz-executor740 Not tainted 4.19.0-rc4+ #247 [ 37.845289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.854639] Call Trace: [ 37.857240] dump_stack+0x1c4/0x2b4 [ 37.860872] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.866072] ? printk+0xa7/0xcf [ 37.869354] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.874118] print_address_description.cold.8+0x9/0x1ff [ 37.879489] kasan_report.cold.9+0x242/0x309 [ 37.883901] ? __schedule+0xfc3/0x1ed0 [ 37.887794] __asan_report_load8_noabort+0x14/0x20 [ 37.892727] __schedule+0xfc3/0x1ed0 [ 37.896448] ? __sched_text_start+0x8/0x8 [ 37.900594] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 37.905356] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.909939] ? retint_kernel+0x2d/0x2d [ 37.913827] ? trace_hardirqs_on_caller+0xc0/0x310 [ 37.918759] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 37.923518] ? trace_hardirqs_off+0x310/0x310 [ 37.928014] ? find_held_lock+0x36/0x1c0 [ 37.932092] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 37.936850] ? preempt_schedule+0x4d/0x60 [ 37.941002] preempt_schedule_common+0x1f/0xd0 [ 37.945597] preempt_schedule+0x4d/0x60 [ 37.949573] ___preempt_schedule+0x16/0x18 [ 37.953812] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.958741] __call_srcu+0x7f9/0x1070 [ 37.962540] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.967649] ? srcu_offline_cpu+0x120/0x120 [ 37.971969] ? debug_object_free+0x690/0x690 [ 37.976381] ? mark_held_locks+0x130/0x130 [ 37.980617] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.985200] ? lock_release+0x970/0x970 [ 37.989190] ? arch_local_save_flags+0x40/0x40 [ 37.993782] ? depot_save_stack+0x292/0x470 [ 37.998113] ? __lockdep_init_map+0x105/0x590 [ 38.002614] ? __init_waitqueue_head+0x9e/0x150 [ 38.007283] ? init_wait_entry+0x1c0/0x1c0 [ 38.011525] __synchronize_srcu+0x17b/0x230 [ 38.015848] ? call_srcu+0x10/0x10 [ 38.019387] ? rcu_unexpedite_gp+0x20/0x20 [ 38.023641] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.029181] ? check_preemption_disabled+0x48/0x200 [ 38.034223] synchronize_srcu+0x356/0x5ab [ 38.038372] ? lock_downgrade+0x900/0x900 [ 38.042524] ? synchronize_srcu_expedited+0x20/0x20 [ 38.047549] ? kasan_check_read+0x11/0x20 [ 38.051700] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.056288] ? kasan_check_write+0x14/0x20 [ 38.060534] ? do_raw_spin_lock+0xc1/0x200 [ 38.064776] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.070489] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.075941] ? kvfree+0x61/0x70 [ 38.079228] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.084251] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.088329] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.092740] ? kvm_arch_sync_events+0x30/0x30 [ 38.097247] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.102786] ? mmu_notifier_unregister+0x474/0x600 [ 38.107714] ? kfree+0x107/0x230 [ 38.111081] ? __mmu_notifier_register+0x30/0x30 [ 38.115840] ? __free_pages+0x10a/0x190 [ 38.119817] ? free_unref_page+0x960/0x960 [ 38.124068] kvm_put_kvm+0x6c8/0xff0 [ 38.127788] ? kvm_write_guest_cached+0x40/0x40 [ 38.132457] ? kvm_irqfd_release+0xd1/0x120 [ 38.136795] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.141293] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.145798] ? kasan_check_write+0x14/0x20 [ 38.150040] ? do_raw_spin_lock+0xc1/0x200 [ 38.154278] ? kvm_irqfd_release+0xdd/0x120 [ 38.158598] ? kvm_irqfd_release+0xdd/0x120 [ 38.162921] ? kvm_put_kvm+0xff0/0xff0 [ 38.166811] kvm_vm_release+0x42/0x50 [ 38.170610] __fput+0x385/0xa30 [ 38.173893] ? get_max_files+0x20/0x20 [ 38.177778] ? trace_hardirqs_on+0xbd/0x310 [ 38.182105] ? ___might_sleep+0x1ed/0x300 [ 38.186344] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.191799] ? arch_local_save_flags+0x40/0x40 [ 38.196385] ? kasan_check_write+0x14/0x20 [ 38.200621] ? do_raw_spin_lock+0xc1/0x200 [ 38.204856] ____fput+0x15/0x20 [ 38.208136] task_work_run+0x1e8/0x2a0 [ 38.212029] ? task_work_cancel+0x240/0x240 [ 38.216353] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.221889] ? switch_task_namespaces+0x9d/0xd0 [ 38.226560] do_exit+0x1ad7/0x2610 [ 38.230104] ? mm_update_next_owner+0x990/0x990 [ 38.234780] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 38.239013] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.244039] ? kfree+0x1fa/0x230 [ 38.247407] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 38.251645] ? kvm_vcpu_block+0x1030/0x1030 [ 38.255971] ? is_bpf_text_address+0xd3/0x170 [ 38.260466] ? kernel_text_address+0x79/0xf0 [ 38.264874] ? __kernel_text_address+0xd/0x40 [ 38.269370] ? unwind_get_return_address+0x61/0xa0 [ 38.274303] ? __save_stack_trace+0x8d/0xf0 [ 38.278629] ? save_stack+0xa9/0xd0 [ 38.282257] ? save_stack+0x43/0xd0 [ 38.285878] ? __kasan_slab_free+0x102/0x150 [ 38.290289] ? kasan_slab_free+0xe/0x10 [ 38.294260] ? putname+0xf2/0x130 [ 38.297719] ? __x64_sys_openat+0x9d/0x100 [ 38.301951] ? do_syscall_64+0x1b9/0x820 [ 38.306013] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.311389] ? trace_hardirqs_off+0xb8/0x310 [ 38.315797] ? kasan_check_read+0x11/0x20 [ 38.319947] ? do_raw_spin_unlock+0xa7/0x2f0 [ 38.324359] ? trace_hardirqs_on+0x310/0x310 [ 38.328770] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 38.333878] ? trace_hardirqs_off+0xb8/0x310 [ 38.338290] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.343837] ? check_preemption_disabled+0x48/0x200 [ 38.348855] ? check_preemption_disabled+0x48/0x200 [ 38.353877] ? kvm_vcpu_block+0x1030/0x1030 [ 38.358220] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.363759] ? do_vfs_ioctl+0x201/0x1720 [ 38.367822] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 38.373102] ? ioctl_preallocate+0x300/0x300 [ 38.377512] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.383065] ? __fget_light+0x2e9/0x430 [ 38.387043] ? fget_raw+0x20/0x20 [ 38.390792] ? putname+0xf2/0x130 [ 38.394248] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.399262] ? kmem_cache_free+0x24f/0x290 [ 38.403499] ? putname+0xf7/0x130 [ 38.406985] do_group_exit+0x177/0x440 [ 38.410890] ? trace_hardirqs_on+0xbd/0x310 [ 38.415218] ? __ia32_sys_exit+0x50/0x50 [ 38.419282] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.424732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.430270] ? ksys_ioctl+0x81/0xd0 [ 38.433902] __x64_sys_exit_group+0x3e/0x50 [ 38.438235] do_syscall_64+0x1b9/0x820 [ 38.442148] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.447518] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.452450] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.457294] ? trace_hardirqs_on_caller+0x310/0x310 [ 38.462316] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.467335] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.472362] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.477219] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.482408] RIP: 0033:0x43ef08 [ 38.485599] Code: Bad RIP value. [ 38.488961] RSP: 002b:00007fff2fb6b028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.497135] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 38.504404] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.511669] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.518933] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 38.526212] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 38.533491] [ 38.535112] Allocated by task 5373: [ 38.538741] save_stack+0x43/0xd0 [ 38.542188] kasan_kmalloc+0xc7/0xe0 [ 38.545904] kasan_slab_alloc+0x12/0x20 [ 38.549875] kmem_cache_alloc+0x12e/0x730 [ 38.554028] vmx_create_vcpu+0xcf/0x25e0 [ 38.558110] kvm_arch_vcpu_create+0xe5/0x220 [ 38.562524] kvm_vm_ioctl+0x470/0x1d40 [ 38.566408] do_vfs_ioctl+0x1de/0x1720 [ 38.570295] ksys_ioctl+0xa9/0xd0 [ 38.573746] __x64_sys_ioctl+0x73/0xb0 [ 38.577633] do_syscall_64+0x1b9/0x820 [ 38.581523] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.586699] [ 38.588337] Freed by task 5373: [ 38.591614] save_stack+0x43/0xd0 [ 38.595062] __kasan_slab_free+0x102/0x150 [ 38.599295] kasan_slab_free+0xe/0x10 [ 38.603098] kmem_cache_free+0x83/0x290 [ 38.607069] vmx_free_vcpu+0x26b/0x300 [ 38.610952] kvm_arch_destroy_vm+0x365/0x7c0 [ 38.615363] kvm_put_kvm+0x6c8/0xff0 [ 38.619076] kvm_vm_release+0x42/0x50 [ 38.622872] __fput+0x385/0xa30 [ 38.626148] ____fput+0x15/0x20 [ 38.629426] task_work_run+0x1e8/0x2a0 [ 38.633312] do_exit+0x1ad7/0x2610 [ 38.636854] do_group_exit+0x177/0x440 [ 38.640742] __x64_sys_exit_group+0x3e/0x50 [ 38.645061] do_syscall_64+0x1b9/0x820 [ 38.648950] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.654128] [ 38.655752] The buggy address belongs to the object at ffff8801c19f0040 [ 38.655752] which belongs to the cache kvm_vcpu of size 23872 [ 38.668335] The buggy address is located 24 bytes inside of [ 38.668335] 23872-byte region [ffff8801c19f0040, ffff8801c19f5d80) [ 38.680293] The buggy address belongs to the page: [ 38.685230] page:ffffea0007067c00 count:1 mapcount:0 mapping:ffff8801d78da340 index:0x0 compound_mapcount: 0 [ 38.695208] flags: 0x2fffc0000008100(slab|head) [ 38.699892] raw: 02fffc0000008100 ffff8801d59b6d48 ffff8801d59b6d48 ffff8801d78da340 [ 38.707775] raw: 0000000000000000 ffff8801c19f0040 0000000100000001 0000000000000000 [ 38.715649] page dumped because: kasan: bad access detected [ 38.721347] [ 38.722965] Memory state around the buggy address: [ 38.727888] ffff8801c19eff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.735245] ffff8801c19eff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.742615] >ffff8801c19f0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 38.749966] ^ [ 38.756193] ffff8801c19f0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.763557] ffff8801c19f0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.770906] ================================================================== [ 38.778263] Kernel panic - not syncing: panic_on_warn set ... [ 38.778263] [ 38.785632] CPU: 1 PID: 5373 Comm: syz-executor740 Tainted: G B 4.19.0-rc4+ #247 [ 38.794462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.803809] Call Trace: [ 38.806399] dump_stack+0x1c4/0x2b4 [ 38.810034] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.815235] ? lock_downgrade+0x900/0x900 [ 38.819383] panic+0x238/0x4e7 [ 38.822577] ? add_taint.cold.5+0x16/0x16 [ 38.826735] ? print_shadow_for_address+0xb6/0x116 [ 38.831664] ? trace_hardirqs_off+0xaf/0x310 [ 38.836078] kasan_end_report+0x47/0x4f [ 38.840060] kasan_report.cold.9+0x76/0x309 [ 38.844383] ? __schedule+0xfc3/0x1ed0 [ 38.848275] __asan_report_load8_noabort+0x14/0x20 [ 38.853212] __schedule+0xfc3/0x1ed0 [ 38.856938] ? __sched_text_start+0x8/0x8 [ 38.861090] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 38.865846] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.870427] ? retint_kernel+0x2d/0x2d [ 38.874313] ? trace_hardirqs_on_caller+0xc0/0x310 [ 38.879249] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 38.884010] ? trace_hardirqs_off+0x310/0x310 [ 38.888510] ? find_held_lock+0x36/0x1c0 [ 38.892581] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 38.897343] ? preempt_schedule+0x4d/0x60 [ 38.901492] preempt_schedule_common+0x1f/0xd0 [ 38.906084] preempt_schedule+0x4d/0x60 [ 38.910068] ___preempt_schedule+0x16/0x18 [ 38.914322] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.919261] __call_srcu+0x7f9/0x1070 [ 38.923066] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.928174] ? srcu_offline_cpu+0x120/0x120 [ 38.932504] ? debug_object_free+0x690/0x690 [ 38.936916] ? mark_held_locks+0x130/0x130 [ 38.941150] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.945737] ? lock_release+0x970/0x970 [ 38.949710] ? arch_local_save_flags+0x40/0x40 [ 38.954292] ? depot_save_stack+0x292/0x470 [ 38.958619] ? __lockdep_init_map+0x105/0x590 [ 38.963118] ? __init_waitqueue_head+0x9e/0x150 [ 38.967789] ? init_wait_entry+0x1c0/0x1c0 [ 38.972035] __synchronize_srcu+0x17b/0x230 [ 38.976357] ? call_srcu+0x10/0x10 [ 38.979918] ? rcu_unexpedite_gp+0x20/0x20 [ 38.984162] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.989700] ? check_preemption_disabled+0x48/0x200 [ 38.994725] synchronize_srcu+0x356/0x5ab [ 38.998877] ? lock_downgrade+0x900/0x900 [ 39.003058] ? synchronize_srcu_expedited+0x20/0x20 [ 39.008079] ? kasan_check_read+0x11/0x20 [ 39.012237] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.016822] ? kasan_check_write+0x14/0x20 [ 39.021058] ? do_raw_spin_lock+0xc1/0x200 [ 39.025298] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.031012] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.036480] ? kvfree+0x61/0x70 [ 39.039759] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.044777] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.048842] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.053252] ? kvm_arch_sync_events+0x30/0x30 [ 39.057749] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.063284] ? mmu_notifier_unregister+0x474/0x600 [ 39.068219] ? kfree+0x107/0x230 [ 39.071591] ? __mmu_notifier_register+0x30/0x30 [ 39.076363] ? __free_pages+0x10a/0x190 [ 39.080335] ? free_unref_page+0x960/0x960 [ 39.084579] kvm_put_kvm+0x6c8/0xff0 [ 39.088316] ? kvm_write_guest_cached+0x40/0x40 [ 39.092986] ? kvm_irqfd_release+0xd1/0x120 [ 39.097311] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.101807] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.106327] ? kasan_check_write+0x14/0x20 [ 39.110563] ? do_raw_spin_lock+0xc1/0x200 [ 39.114800] ? kvm_irqfd_release+0xdd/0x120 [ 39.119118] ? kvm_irqfd_release+0xdd/0x120 [ 39.123442] ? kvm_put_kvm+0xff0/0xff0 [ 39.127332] kvm_vm_release+0x42/0x50 [ 39.131133] __fput+0x385/0xa30 [ 39.134415] ? get_max_files+0x20/0x20 [ 39.138306] ? trace_hardirqs_on+0xbd/0x310 [ 39.142633] ? ___might_sleep+0x1ed/0x300 [ 39.146781] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.152236] ? arch_local_save_flags+0x40/0x40 [ 39.156825] ? kasan_check_write+0x14/0x20 [ 39.161063] ? do_raw_spin_lock+0xc1/0x200 [ 39.165298] ____fput+0x15/0x20 [ 39.168576] task_work_run+0x1e8/0x2a0 [ 39.172466] ? task_work_cancel+0x240/0x240 [ 39.176795] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.182333] ? switch_task_namespaces+0x9d/0xd0 [ 39.187007] do_exit+0x1ad7/0x2610 [ 39.190556] ? mm_update_next_owner+0x990/0x990 [ 39.195243] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 39.199563] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.204579] ? kfree+0x1fa/0x230 [ 39.207951] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 39.212186] ? kvm_vcpu_block+0x1030/0x1030 [ 39.216519] ? is_bpf_text_address+0xd3/0x170 [ 39.221015] ? kernel_text_address+0x79/0xf0 [ 39.225429] ? __kernel_text_address+0xd/0x40 [ 39.229923] ? unwind_get_return_address+0x61/0xa0 [ 39.234854] ? __save_stack_trace+0x8d/0xf0 [ 39.239183] ? save_stack+0xa9/0xd0 [ 39.242814] ? save_stack+0x43/0xd0 [ 39.246437] ? __kasan_slab_free+0x102/0x150 [ 39.250839] ? kasan_slab_free+0xe/0x10 [ 39.254809] ? putname+0xf2/0x130 [ 39.258265] ? __x64_sys_openat+0x9d/0x100 [ 39.262507] ? do_syscall_64+0x1b9/0x820 [ 39.266572] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.271944] ? trace_hardirqs_off+0xb8/0x310 [ 39.276353] ? kasan_check_read+0x11/0x20 [ 39.280502] ? do_raw_spin_unlock+0xa7/0x2f0 [ 39.284928] ? trace_hardirqs_on+0x310/0x310 [ 39.289339] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 39.294441] ? trace_hardirqs_off+0xb8/0x310 [ 39.298851] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.304389] ? check_preemption_disabled+0x48/0x200 [ 39.309402] ? check_preemption_disabled+0x48/0x200 [ 39.314418] ? kvm_vcpu_block+0x1030/0x1030 [ 39.318740] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.324278] ? do_vfs_ioctl+0x201/0x1720 [ 39.328342] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 39.333625] ? ioctl_preallocate+0x300/0x300 [ 39.338053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.343594] ? __fget_light+0x2e9/0x430 [ 39.347566] ? fget_raw+0x20/0x20 [ 39.351012] ? putname+0xf2/0x130 [ 39.354471] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.359494] ? kmem_cache_free+0x24f/0x290 [ 39.363728] ? putname+0xf7/0x130 [ 39.367185] do_group_exit+0x177/0x440 [ 39.371259] ? trace_hardirqs_on+0xbd/0x310 [ 39.375579] ? __ia32_sys_exit+0x50/0x50 [ 39.379643] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.385091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.390637] ? ksys_ioctl+0x81/0xd0 [ 39.394271] __x64_sys_exit_group+0x3e/0x50 [ 39.398596] do_syscall_64+0x1b9/0x820 [ 39.402571] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.407954] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.412883] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.417726] ? trace_hardirqs_on_caller+0x310/0x310 [ 39.422746] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.427762] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.432783] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.437630] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.442814] RIP: 0033:0x43ef08 [ 39.446015] Code: Bad RIP value. [ 39.449382] RSP: 002b:00007fff2fb6b028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 39.457092] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 39.464359] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 39.471628] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 39.478896] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 39.486159] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 39.493441] [ 39.493447] ====================================================== [ 39.493453] WARNING: possible circular locking dependency detected [ 39.493457] 4.19.0-rc4+ #247 Not tainted [ 39.493463] ------------------------------------------------------ [ 39.493468] syz-executor740/5373 is trying to acquire lock: [ 39.493472] 00000000f876432b ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 39.493488] [ 39.493492] but task is already holding lock: [ 39.493496] 0000000052ea3944 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.493511] [ 39.493516] which lock already depends on the new lock. [ 39.493518] [ 39.493521] [ 39.493527] the existing dependency chain (in reverse order) is: [ 39.493529] [ 39.493532] -> #3 (report_lock){....}: [ 39.493548] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.493552] kasan_report+0x8b/0x110 [ 39.493557] __asan_report_load8_noabort+0x14/0x20 [ 39.493561] __schedule+0xfc3/0x1ed0 [ 39.493566] preempt_schedule_common+0x1f/0xd0 [ 39.493570] preempt_schedule+0x4d/0x60 [ 39.493574] ___preempt_schedule+0x16/0x18 [ 39.493579] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.493584] __call_srcu+0x7f9/0x1070 [ 39.493588] __synchronize_srcu+0x17b/0x230 [ 39.493592] synchronize_srcu+0x356/0x5ab [ 39.493598] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.493602] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.493607] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.493611] kvm_put_kvm+0x6c8/0xff0 [ 39.493615] kvm_vm_release+0x42/0x50 [ 39.493619] __fput+0x385/0xa30 [ 39.493623] ____fput+0x15/0x20 [ 39.493627] task_work_run+0x1e8/0x2a0 [ 39.493631] do_exit+0x1ad7/0x2610 [ 39.493636] do_group_exit+0x177/0x440 [ 39.493640] __x64_sys_exit_group+0x3e/0x50 [ 39.493644] do_syscall_64+0x1b9/0x820 [ 39.493649] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.493652] [ 39.493654] -> #2 (&rq->lock){-.-.}: [ 39.493669] _raw_spin_lock+0x2d/0x40 [ 39.493674] task_fork_fair+0xb0/0x6d0 [ 39.493678] sched_fork+0x443/0xba0 [ 39.493682] copy_process+0x2586/0x8780 [ 39.493686] _do_fork+0x1cb/0x11d0 [ 39.493690] kernel_thread+0x34/0x40 [ 39.493694] rest_init+0x22/0xe5 [ 39.493698] start_kernel+0x8f4/0x92f [ 39.493703] x86_64_start_reservations+0x29/0x2b [ 39.493708] x86_64_start_kernel+0x76/0x79 [ 39.493712] secondary_startup_64+0xa4/0xb0 [ 39.493714] [ 39.493717] -> #1 (&p->pi_lock){-.-.}: [ 39.493733] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.493737] try_to_wake_up+0xd2/0x12f0 [ 39.493741] wake_up_process+0x10/0x20 [ 39.493745] __up.isra.1+0x1c0/0x2a0 [ 39.493749] up+0x13c/0x1c0 [ 39.493753] __up_console_sem+0xbe/0x1b0 [ 39.493757] console_unlock+0x814/0x1160 [ 39.493762] vprintk_emit+0x33d/0x930 [ 39.493766] vprintk_default+0x28/0x30 [ 39.493770] vprintk_func+0x7e/0x181 [ 39.493774] printk+0xa7/0xcf [ 39.493778] load_umh+0x51/0xbd [ 39.493782] do_one_initcall+0x145/0x957 [ 39.493787] kernel_init_freeable+0x4bb/0x5ae [ 39.493791] kernel_init+0x11/0x1b2 [ 39.493795] ret_from_fork+0x3a/0x50 [ 39.493797] [ 39.493800] -> #0 ((console_sem).lock){-...}: [ 39.493816] lock_acquire+0x1ed/0x520 [ 39.493820] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.493824] down_trylock+0x13/0x70 [ 39.493829] __down_trylock_console_sem+0xae/0x200 [ 39.493834] console_trylock+0x15/0xa0 [ 39.493838] vprintk_emit+0x322/0x930 [ 39.493842] vprintk_default+0x28/0x30 [ 39.493846] vprintk_func+0x7e/0x181 [ 39.493850] printk+0xa7/0xcf [ 39.493854] kasan_report+0x9b/0x110 [ 39.493859] __asan_report_load8_noabort+0x14/0x20 [ 39.493863] __schedule+0xfc3/0x1ed0 [ 39.493868] preempt_schedule_common+0x1f/0xd0 [ 39.493872] preempt_schedule+0x4d/0x60 [ 39.493876] ___preempt_schedule+0x16/0x18 [ 39.493881] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.493885] __call_srcu+0x7f9/0x1070 [ 39.493890] __synchronize_srcu+0x17b/0x230 [ 39.493894] synchronize_srcu+0x356/0x5ab [ 39.493899] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.493904] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.493908] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.493912] kvm_put_kvm+0x6c8/0xff0 [ 39.493917] kvm_vm_release+0x42/0x50 [ 39.493921] __fput+0x385/0xa30 [ 39.493924] ____fput+0x15/0x20 [ 39.493929] task_work_run+0x1e8/0x2a0 [ 39.493933] do_exit+0x1ad7/0x2610 [ 39.493937] do_group_exit+0x177/0x440 [ 39.493941] __x64_sys_exit_group+0x3e/0x50 [ 39.493946] do_syscall_64+0x1b9/0x820 [ 39.493951] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.493953] [ 39.493958] other info that might help us debug this: [ 39.493960] [ 39.493964] Chain exists of: [ 39.493966] (console_sem).lock --> &rq->lock --> report_lock [ 39.493986] [ 39.493990] Possible unsafe locking scenario: [ 39.493993] [ 39.493997] CPU0 CPU1 [ 39.494001] ---- ---- [ 39.494004] lock(report_lock); [ 39.494014] lock(&rq->lock); [ 39.494030] lock(report_lock); [ 39.494039] lock((console_sem).lock); [ 39.494048] [ 39.494051] *** DEADLOCK *** [ 39.494054] [ 39.494058] 2 locks held by syz-executor740/5373: [ 39.494061] #0: 000000006f7584f9 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 39.494079] #1: 0000000052ea3944 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.494098] [ 39.494101] stack backtrace: [ 39.494107] CPU: 1 PID: 5373 Comm: syz-executor740 Not tainted 4.19.0-rc4+ #247 [ 39.494115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.494118] Call Trace: [ 39.494122] dump_stack+0x1c4/0x2b4 [ 39.494128] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.494132] ? vprintk_func+0x85/0x181 [ 39.494137] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 39.494141] ? save_trace+0xe0/0x290 [ 39.494145] __lock_acquire+0x33e4/0x4ec0 [ 39.494150] ? mark_held_locks+0x130/0x130 [ 39.494154] ? mark_held_locks+0x130/0x130 [ 39.494158] ? rcu_bh_qs+0xc0/0xc0 [ 39.494162] ? unwind_dump+0x190/0x190 [ 39.494167] ? is_bpf_text_address+0xd3/0x170 [ 39.494171] ? kernel_text_address+0x79/0xf0 [ 39.494176] ? __kernel_text_address+0xd/0x40 [ 39.494180] ? __save_stack_trace+0x8d/0xf0 [ 39.494185] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 39.494189] ? save_trace+0x290/0x290 [ 39.494194] ? save_stack_trace+0x1a/0x20 [ 39.494198] ? save_trace+0xe0/0x290 [ 39.494210] ? kasan_check_read+0x11/0x20 [ 39.494214] ? graph_lock+0x170/0x170 [ 39.494219] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.494224] lock_acquire+0x1ed/0x520 [ 39.494228] ? down_trylock+0x13/0x70 [ 39.494232] ? find_held_lock+0x36/0x1c0 [ 39.494236] ? lock_release+0x970/0x970 [ 39.494241] ? trace_hardirqs_off+0xb8/0x310 [ 39.494245] ? vprintk_emit+0x1d3/0x930 [ 39.494250] ? trace_hardirqs_on+0x310/0x310 [ 39.494254] ? trace_hardirqs_off+0xb8/0x310 [ 39.494259] ? log_store+0x344/0x4c0 [ 39.494263] ? vprintk_emit+0x322/0x930 [ 39.494267] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.494272] ? down_trylock+0x13/0x70 [ 39.494276] down_trylock+0x13/0x70 [ 39.494281] __down_trylock_console_sem+0xae/0x200 [ 39.494285] console_trylock+0x15/0xa0 [ 39.494289] vprintk_emit+0x322/0x930 [ 39.494293] ? wake_up_klogd+0x180/0x180 [ 39.494298] ? run_rebalance_domains+0x500/0x500 [ 39.494303] ? wake_up_worker+0x117/0x190 [ 39.494307] ? find_held_lock+0x36/0x1c0 [ 39.494311] ? __queue_work+0x6be/0x1440 [ 39.494315] ? lock_acquire+0x1ed/0x520 [ 39.494320] vprintk_default+0x28/0x30 [ 39.494324] vprintk_func+0x7e/0x181 [ 39.494328] printk+0xa7/0xcf [ 39.494332] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 39.494337] ? kasan_check_write+0x14/0x20 [ 39.494341] ? do_raw_spin_lock+0xc1/0x200 [ 39.494345] ? do_raw_spin_lock+0xc1/0x200 [ 39.494349] kasan_report+0x9b/0x110 [ 39.494354] ? __schedule+0xfc3/0x1ed0 [ 39.494359] __asan_report_load8_noabort+0x14/0x20 [ 39.494363] __schedule+0xfc3/0x1ed0 [ 39.494367] ? __sched_text_start+0x8/0x8 [ 39.494372] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 39.494376] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.494381] ? retint_kernel+0x2d/0x2d [ 39.494385] ? trace_hardirqs_on_caller+0xc0/0x310 [ 39.494390] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 39.494395] ? trace_hardirqs_off+0x310/0x310 [ 39.494399] ? find_held_lock+0x36/0x1c0 [ 39.494404] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 39.494408] ? preempt_schedule+0x4d/0x60 [ 39.494413] preempt_schedule_common+0x1f/0xd0 [ 39.494417] preempt_schedule+0x4d/0x60 [ 39.494422] ___preempt_schedule+0x16/0x18 [ 39.494427] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.494431] __call_srcu+0x7f9/0x1070 [ 39.494436] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.494440] ? srcu_offline_cpu+0x120/0x120 [ 39.494445] ? debug_object_free+0x690/0x690 [ 39.494449] ? mark_held_locks+0x130/0x130 [ 39.494454] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.494458] ? lock_release+0x970/0x970 [ 39.494463] ? arch_local_save_flags+0x40/0x40 [ 39.494467] ? depot_save_stack+0x292/0x470 [ 39.494472] ? __lockdep_init_map+0x105/0x590 [ 39.494477] ? __init_waitqueue_head+0x9e/0x150 [ 39.494481] ? init_wait_entry+0x1c0/0x1c0 [ 39.494486] __synchronize_srcu+0x17b/0x230 [ 39.494490] ? call_srcu+0x10/0x10 [ 39.494494] ? rcu_unexpedite_gp+0x20/0x20 [ 39.494499] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.494504] ? check_preemption_disabled+0x48/0x200 [ 39.494509] synchronize_srcu+0x356/0x5ab [ 39.494513] ? lock_downgrade+0x900/0x900 [ 39.494518] ? synchronize_srcu_expedited+0x20/0x20 [ 39.494522] ? kasan_check_read+0x11/0x20 [ 39.494527] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.494532] ? kasan_check_write+0x14/0x20 [ 39.494536] ? do_raw_spin_lock+0xc1/0x200 [ 39.494542] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.494547] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.494551] ? kvfree+0x61/0x70 [ 39.494556] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.494560] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.494564] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.494569] ? kvm_arch_sync_events+0x30/0x30 [ 39.494574] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.494579] ? mmu_notifier_unregister+0x474/0x600 [ 39.494583] ? kfree+0x107/0x230 [ 39.494588] ? __mmu_notifier_register+0x30/0x30 [ 39.494592] ? __free_pages+0x10a/0x190 [ 39.494596] ? free_unref_page+0x960/0x960 [ 39.494600] kvm_put_kvm+0x6c8/0xff0 [ 39.494605] ? kvm_write_guest_cached+0x40/0x40 [ 39.494610] ? kvm_irqfd_release+0xd1/0x120 [ 39.494614] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.494619] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.494623] ? kasan_check_write+0x14/0x20 [ 39.494627] ? do_raw_spin_lock+0xc [ 39.494635] Lost 83 message(s)! [ 40.639757] Shutting down cpus with NMI [ 41.698498] Kernel Offset: disabled [ 41.702128] Rebooting in 86400 seconds..