[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 27.226795] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 27.771470] random: sshd: uninitialized urandom read (32 bytes read) [ 28.140664] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.756124] random: sshd: uninitialized urandom read (32 bytes read) [ 28.981235] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts. [ 34.539645] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.662507] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.689556] ================================================================== [ 34.699818] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 34.706048] Read of size 8 at addr ffff8801cbec0058 by task syz-executor957/5398 [ 34.713574] [ 34.715207] CPU: 1 PID: 5398 Comm: syz-executor957 Not tainted 4.19.0-rc4+ #24 [ 34.722563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.731933] Call Trace: [ 34.734529] dump_stack+0x1c4/0x2b4 [ 34.738188] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.743389] ? printk+0xa7/0xcf [ 34.746684] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.751448] print_address_description.cold.8+0x9/0x1ff [ 34.756817] kasan_report.cold.9+0x242/0x309 [ 34.761233] ? __schedule+0xfc3/0x1ed0 [ 34.765128] __asan_report_load8_noabort+0x14/0x20 [ 34.770090] __schedule+0xfc3/0x1ed0 [ 34.773817] ? __sched_text_start+0x8/0x8 [ 34.777970] ? __lock_is_held+0xb5/0x140 [ 34.782033] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.787156] ? find_held_lock+0x36/0x1c0 [ 34.791220] ? __call_srcu+0x7f9/0x1070 [ 34.795194] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.800294] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 34.805406] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.809987] ? preempt_schedule+0x4d/0x60 [ 34.814144] preempt_schedule_common+0x1f/0xd0 [ 34.818723] preempt_schedule+0x4d/0x60 [ 34.822701] ___preempt_schedule+0x16/0x18 [ 34.826939] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 34.831876] __call_srcu+0x7f9/0x1070 [ 34.835677] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 34.840804] ? srcu_offline_cpu+0x120/0x120 [ 34.845131] ? debug_object_free+0x690/0x690 [ 34.849537] ? mark_held_locks+0x130/0x130 [ 34.853783] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 34.858368] ? lock_release+0x970/0x970 [ 34.862354] ? arch_local_save_flags+0x40/0x40 [ 34.866937] ? depot_save_stack+0x292/0x470 [ 34.871268] ? __lockdep_init_map+0x105/0x590 [ 34.875768] ? __init_waitqueue_head+0x9e/0x150 [ 34.880438] ? init_wait_entry+0x1c0/0x1c0 [ 34.884677] __synchronize_srcu+0x17b/0x230 [ 34.888996] ? call_srcu+0x10/0x10 [ 34.892537] ? rcu_unexpedite_gp+0x20/0x20 [ 34.896801] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.902363] ? check_preemption_disabled+0x48/0x200 [ 34.907417] synchronize_srcu+0x356/0x5ab [ 34.911578] ? lock_downgrade+0x900/0x900 [ 34.915731] ? synchronize_srcu_expedited+0x20/0x20 [ 34.920754] ? kasan_check_read+0x11/0x20 [ 34.924905] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.929487] ? kasan_check_write+0x14/0x20 [ 34.933723] ? do_raw_spin_lock+0xc1/0x200 [ 34.937961] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.943693] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.949145] ? kvfree+0x61/0x70 [ 34.952426] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.957457] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.961522] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.965944] ? kvm_arch_sync_events+0x30/0x30 [ 34.970444] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.975981] ? mmu_notifier_unregister+0x474/0x600 [ 34.980912] ? kfree+0x107/0x230 [ 34.984278] ? __mmu_notifier_register+0x30/0x30 [ 34.989033] ? __free_pages+0x10a/0x190 [ 34.993018] ? free_unref_page+0x960/0x960 [ 34.997269] kvm_put_kvm+0x6c8/0xff0 [ 35.000990] ? kvm_write_guest_cached+0x40/0x40 [ 35.005662] ? kvm_irqfd_release+0xd1/0x120 [ 35.009995] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.014489] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.018994] ? kasan_check_write+0x14/0x20 [ 35.023226] ? do_raw_spin_lock+0xc1/0x200 [ 35.027464] ? kvm_irqfd_release+0xdd/0x120 [ 35.031785] ? kvm_irqfd_release+0xdd/0x120 [ 35.036121] ? kvm_put_kvm+0xff0/0xff0 [ 35.040032] kvm_vm_release+0x42/0x50 [ 35.043844] __fput+0x385/0xa30 [ 35.047139] ? get_max_files+0x20/0x20 [ 35.051042] ? trace_hardirqs_on+0xbd/0x310 [ 35.055382] ? ___might_sleep+0x1ed/0x300 [ 35.059531] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.065000] ? arch_local_save_flags+0x40/0x40 [ 35.069591] ? kasan_check_write+0x14/0x20 [ 35.073826] ? do_raw_spin_lock+0xc1/0x200 [ 35.078078] ____fput+0x15/0x20 [ 35.081371] task_work_run+0x1e8/0x2a0 [ 35.085274] ? task_work_cancel+0x240/0x240 [ 35.089622] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.095151] ? switch_task_namespaces+0x9d/0xd0 [ 35.099815] do_exit+0x1ad7/0x2610 [ 35.103364] ? mm_update_next_owner+0x990/0x990 [ 35.108073] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 35.112320] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.117370] ? kfree+0x1fa/0x230 [ 35.120740] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 35.124988] ? kvm_vcpu_block+0x1030/0x1030 [ 35.129312] ? is_bpf_text_address+0xd3/0x170 [ 35.133807] ? kernel_text_address+0x79/0xf0 [ 35.138214] ? __kernel_text_address+0xd/0x40 [ 35.142714] ? unwind_get_return_address+0x61/0xa0 [ 35.147647] ? __save_stack_trace+0x8d/0xf0 [ 35.151975] ? save_stack+0xa9/0xd0 [ 35.155599] ? save_stack+0x43/0xd0 [ 35.159233] ? __kasan_slab_free+0x102/0x150 [ 35.163640] ? kasan_slab_free+0xe/0x10 [ 35.167616] ? putname+0xf2/0x130 [ 35.171075] ? __x64_sys_openat+0x9d/0x100 [ 35.175308] ? do_syscall_64+0x1b9/0x820 [ 35.179366] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.184734] ? trace_hardirqs_off+0xb8/0x310 [ 35.189142] ? kasan_check_read+0x11/0x20 [ 35.193297] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.197707] ? trace_hardirqs_on+0x310/0x310 [ 35.202118] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 35.207754] ? trace_hardirqs_off+0xb8/0x310 [ 35.212180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.217717] ? check_preemption_disabled+0x48/0x200 [ 35.222761] ? check_preemption_disabled+0x48/0x200 [ 35.227788] ? kvm_vcpu_block+0x1030/0x1030 [ 35.232135] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.237672] ? do_vfs_ioctl+0x201/0x1720 [ 35.241735] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 35.247013] ? ioctl_preallocate+0x300/0x300 [ 35.251422] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.256974] ? __fget_light+0x2e9/0x430 [ 35.260948] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.266485] ? smack_file_ioctl+0x210/0x3c0 [ 35.270806] ? fget_raw+0x20/0x20 [ 35.274258] ? smack_file_lock+0x2e0/0x2e0 [ 35.278510] do_group_exit+0x177/0x440 [ 35.282400] ? trace_hardirqs_on+0xbd/0x310 [ 35.286723] ? __ia32_sys_exit+0x50/0x50 [ 35.290796] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.296245] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.301786] ? ksys_ioctl+0x81/0xd0 [ 35.305426] __x64_sys_exit_group+0x3e/0x50 [ 35.309755] do_syscall_64+0x1b9/0x820 [ 35.313648] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.319018] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.323949] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.328798] ? trace_hardirqs_on_caller+0x310/0x310 [ 35.333821] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.338837] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.343856] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.348707] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.353896] RIP: 0033:0x43ef08 [ 35.357093] Code: 00 00 44 0f be 4f 01 b9 ab aa aa 2a 41 89 d3 53 41 83 e9 01 44 89 c8 f7 e9 44 89 c8 c1 f8 1f d1 fa 29 c2 8d 04 52 c1 e0 02 41 <29> c1 49 63 c1 4c 8d 0d 8c 89 21 00 49 8b 04 c1 0f b6 00 88 06 44 [ 35.375995] RSP: 002b:00007fff209bf138 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.383710] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 35.390976] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.398244] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.405513] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.412786] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.420066] [ 35.421687] Allocated by task 5398: [ 35.425312] save_stack+0x43/0xd0 [ 35.428762] kasan_kmalloc+0xc7/0xe0 [ 35.432469] kasan_slab_alloc+0x12/0x20 [ 35.436439] kmem_cache_alloc+0x12e/0x730 [ 35.440592] vmx_create_vcpu+0xcf/0x25e0 [ 35.444653] kvm_arch_vcpu_create+0xe5/0x220 [ 35.449065] kvm_vm_ioctl+0x470/0x1d40 [ 35.452951] do_vfs_ioctl+0x1de/0x1720 [ 35.456838] ksys_ioctl+0xa9/0xd0 [ 35.460289] __x64_sys_ioctl+0x73/0xb0 [ 35.464175] do_syscall_64+0x1b9/0x820 [ 35.468069] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.473245] [ 35.474869] Freed by task 5398: [ 35.478143] save_stack+0x43/0xd0 [ 35.481604] __kasan_slab_free+0x102/0x150 [ 35.485850] kasan_slab_free+0xe/0x10 [ 35.489668] kmem_cache_free+0x83/0x290 [ 35.493649] vmx_free_vcpu+0x26b/0x300 [ 35.497535] kvm_arch_destroy_vm+0x365/0x7c0 [ 35.501951] kvm_put_kvm+0x6c8/0xff0 [ 35.505667] kvm_vm_release+0x42/0x50 [ 35.509463] __fput+0x385/0xa30 [ 35.512736] ____fput+0x15/0x20 [ 35.516016] task_work_run+0x1e8/0x2a0 [ 35.519903] do_exit+0x1ad7/0x2610 [ 35.523451] do_group_exit+0x177/0x440 [ 35.527339] __x64_sys_exit_group+0x3e/0x50 [ 35.531662] do_syscall_64+0x1b9/0x820 [ 35.535556] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.540738] [ 35.542366] The buggy address belongs to the object at ffff8801cbec0040 [ 35.542366] which belongs to the cache kvm_vcpu of size 23872 [ 35.554936] The buggy address is located 24 bytes inside of [ 35.554936] 23872-byte region [ffff8801cbec0040, ffff8801cbec5d80) [ 35.566888] The buggy address belongs to the page: [ 35.571816] page:ffffea00072fb000 count:1 mapcount:0 mapping:ffff8801d79354c0 index:0x0 compound_mapcount: 0 [ 35.581782] flags: 0x2fffc0000008100(slab|head) [ 35.586456] raw: 02fffc0000008100 ffff8801d4e93f48 ffff8801d4e93f48 ffff8801d79354c0 [ 35.594339] raw: 0000000000000000 ffff8801cbec0040 0000000100000001 0000000000000000 [ 35.602208] page dumped because: kasan: bad access detected [ 35.607908] [ 35.609527] Memory state around the buggy address: [ 35.614462] ffff8801cbebff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.621818] ffff8801cbebff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.629171] >ffff8801cbec0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 35.636556] ^ [ 35.642789] ffff8801cbec0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.650144] ffff8801cbec0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.657494] ================================================================== [ 35.664844] Kernel panic - not syncing: panic_on_warn set ... [ 35.664844] [ 35.672211] CPU: 1 PID: 5398 Comm: syz-executor957 Tainted: G B 4.19.0-rc4+ #24 [ 35.680953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.690300] Call Trace: [ 35.692900] dump_stack+0x1c4/0x2b4 [ 35.696531] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.701735] ? lock_downgrade+0x900/0x900 [ 35.705890] panic+0x238/0x4e7 [ 35.709088] ? add_taint.cold.5+0x16/0x16 [ 35.713240] ? print_shadow_for_address+0xb6/0x116 [ 35.718171] ? trace_hardirqs_off+0xaf/0x310 [ 35.722588] kasan_end_report+0x47/0x4f [ 35.726595] kasan_report.cold.9+0x76/0x309 [ 35.730922] ? __schedule+0xfc3/0x1ed0 [ 35.734813] __asan_report_load8_noabort+0x14/0x20 [ 35.739749] __schedule+0xfc3/0x1ed0 [ 35.743469] ? __sched_text_start+0x8/0x8 [ 35.747630] ? __lock_is_held+0xb5/0x140 [ 35.751693] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.756798] ? find_held_lock+0x36/0x1c0 [ 35.760866] ? __call_srcu+0x7f9/0x1070 [ 35.764843] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.769954] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 35.775066] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.779652] ? preempt_schedule+0x4d/0x60 [ 35.783806] preempt_schedule_common+0x1f/0xd0 [ 35.788391] preempt_schedule+0x4d/0x60 [ 35.792368] ___preempt_schedule+0x16/0x18 [ 35.796609] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 35.801541] __call_srcu+0x7f9/0x1070 [ 35.805364] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 35.810479] ? srcu_offline_cpu+0x120/0x120 [ 35.814802] ? debug_object_free+0x690/0x690 [ 35.819212] ? mark_held_locks+0x130/0x130 [ 35.823450] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 35.828035] ? lock_release+0x970/0x970 [ 35.832017] ? arch_local_save_flags+0x40/0x40 [ 35.836612] ? depot_save_stack+0x292/0x470 [ 35.840941] ? __lockdep_init_map+0x105/0x590 [ 35.845458] ? __init_waitqueue_head+0x9e/0x150 [ 35.850126] ? init_wait_entry+0x1c0/0x1c0 [ 35.854381] __synchronize_srcu+0x17b/0x230 [ 35.858704] ? call_srcu+0x10/0x10 [ 35.862242] ? rcu_unexpedite_gp+0x20/0x20 [ 35.866483] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.872021] ? check_preemption_disabled+0x48/0x200 [ 35.877039] synchronize_srcu+0x356/0x5ab [ 35.881192] ? lock_downgrade+0x900/0x900 [ 35.885343] ? synchronize_srcu_expedited+0x20/0x20 [ 35.890365] ? kasan_check_read+0x11/0x20 [ 35.894514] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.899127] ? kasan_check_write+0x14/0x20 [ 35.903365] ? do_raw_spin_lock+0xc1/0x200 [ 35.907605] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.913321] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.918775] ? kvfree+0x61/0x70 [ 35.922083] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.927112] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.931196] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.935603] ? kvm_arch_sync_events+0x30/0x30 [ 35.940108] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.945656] ? mmu_notifier_unregister+0x474/0x600 [ 35.950585] ? kfree+0x107/0x230 [ 35.953966] ? __mmu_notifier_register+0x30/0x30 [ 35.958727] ? __free_pages+0x10a/0x190 [ 35.962701] ? free_unref_page+0x960/0x960 [ 35.966967] kvm_put_kvm+0x6c8/0xff0 [ 35.970691] ? kvm_write_guest_cached+0x40/0x40 [ 35.975360] ? kvm_irqfd_release+0xd1/0x120 [ 35.979695] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.984215] ? _raw_spin_unlock_irq+0x27/0x80 [ 35.988719] ? kasan_check_write+0x14/0x20 [ 35.992953] ? do_raw_spin_lock+0xc1/0x200 [ 35.997188] ? kvm_irqfd_release+0xdd/0x120 [ 36.001508] ? kvm_irqfd_release+0xdd/0x120 [ 36.005860] ? kvm_put_kvm+0xff0/0xff0 [ 36.009755] kvm_vm_release+0x42/0x50 [ 36.013564] __fput+0x385/0xa30 [ 36.016848] ? get_max_files+0x20/0x20 [ 36.020734] ? trace_hardirqs_on+0xbd/0x310 [ 36.025066] ? ___might_sleep+0x1ed/0x300 [ 36.029212] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.034678] ? arch_local_save_flags+0x40/0x40 [ 36.039263] ? kasan_check_write+0x14/0x20 [ 36.043502] ? do_raw_spin_lock+0xc1/0x200 [ 36.047747] ____fput+0x15/0x20 [ 36.051029] task_work_run+0x1e8/0x2a0 [ 36.054927] ? task_work_cancel+0x240/0x240 [ 36.059251] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.064791] ? switch_task_namespaces+0x9d/0xd0 [ 36.069465] do_exit+0x1ad7/0x2610 [ 36.073012] ? mm_update_next_owner+0x990/0x990 [ 36.077686] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 36.081924] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.086942] ? kfree+0x1fa/0x230 [ 36.090315] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 36.094563] ? kvm_vcpu_block+0x1030/0x1030 [ 36.099244] ? is_bpf_text_address+0xd3/0x170 [ 36.103752] ? kernel_text_address+0x79/0xf0 [ 36.108164] ? __kernel_text_address+0xd/0x40 [ 36.112667] ? unwind_get_return_address+0x61/0xa0 [ 36.117599] ? __save_stack_trace+0x8d/0xf0 [ 36.121939] ? save_stack+0xa9/0xd0 [ 36.125569] ? save_stack+0x43/0xd0 [ 36.129198] ? __kasan_slab_free+0x102/0x150 [ 36.133609] ? kasan_slab_free+0xe/0x10 [ 36.137585] ? putname+0xf2/0x130 [ 36.141041] ? __x64_sys_openat+0x9d/0x100 [ 36.145277] ? do_syscall_64+0x1b9/0x820 [ 36.149337] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.154705] ? trace_hardirqs_off+0xb8/0x310 [ 36.159116] ? kasan_check_read+0x11/0x20 [ 36.163294] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.167703] ? trace_hardirqs_on+0x310/0x310 [ 36.172114] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 36.177217] ? trace_hardirqs_off+0xb8/0x310 [ 36.181634] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.187173] ? check_preemption_disabled+0x48/0x200 [ 36.192186] ? check_preemption_disabled+0x48/0x200 [ 36.197202] ? kvm_vcpu_block+0x1030/0x1030 [ 36.201523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.207566] ? do_vfs_ioctl+0x201/0x1720 [ 36.211637] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 36.216914] ? ioctl_preallocate+0x300/0x300 [ 36.221322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.226884] ? __fget_light+0x2e9/0x430 [ 36.230855] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.236403] ? smack_file_ioctl+0x210/0x3c0 [ 36.240747] ? fget_raw+0x20/0x20 [ 36.244216] ? smack_file_lock+0x2e0/0x2e0 [ 36.248483] do_group_exit+0x177/0x440 [ 36.252379] ? trace_hardirqs_on+0xbd/0x310 [ 36.256705] ? __ia32_sys_exit+0x50/0x50 [ 36.260764] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.266213] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.271753] ? ksys_ioctl+0x81/0xd0 [ 36.275386] __x64_sys_exit_group+0x3e/0x50 [ 36.279710] do_syscall_64+0x1b9/0x820 [ 36.283612] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.288987] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.293917] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.298759] ? trace_hardirqs_on_caller+0x310/0x310 [ 36.303773] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.308792] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.313812] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.318705] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.323894] RIP: 0033:0x43ef08 [ 36.327090] Code: 00 00 44 0f be 4f 01 b9 ab aa aa 2a 41 89 d3 53 41 83 e9 01 44 89 c8 f7 e9 44 89 c8 c1 f8 1f d1 fa 29 c2 8d 04 52 c1 e0 02 41 <29> c1 49 63 c1 4c 8d 0d 8c 89 21 00 49 8b 04 c1 0f b6 00 88 06 44 [ 36.345991] RSP: 002b:00007fff209bf138 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.353702] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 36.360971] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.368264] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.375562] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.382830] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.390110] [ 36.390117] ====================================================== [ 36.390122] WARNING: possible circular locking dependency detected [ 36.390126] 4.19.0-rc4+ #24 Not tainted [ 36.390132] ------------------------------------------------------ [ 36.390138] syz-executor957/5398 is trying to acquire lock: [ 36.390141] 0000000047b8e9cf ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 36.390157] [ 36.390162] but task is already holding lock: [ 36.390165] 000000000ff0138e (report_lock){....}, at: kasan_report+0x8b/0x110 [ 36.390181] [ 36.390186] which lock already depends on the new lock. [ 36.390188] [ 36.390191] [ 36.390196] the existing dependency chain (in reverse order) is: [ 36.390199] [ 36.390202] -> #3 (report_lock){....}: [ 36.390217] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.390222] kasan_report+0x8b/0x110 [ 36.390226] __asan_report_load8_noabort+0x14/0x20 [ 36.390231] __schedule+0xfc3/0x1ed0 [ 36.390235] preempt_schedule_common+0x1f/0xd0 [ 36.390240] preempt_schedule+0x4d/0x60 [ 36.390244] ___preempt_schedule+0x16/0x18 [ 36.390249] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.390253] __call_srcu+0x7f9/0x1070 [ 36.390258] __synchronize_srcu+0x17b/0x230 [ 36.390262] synchronize_srcu+0x356/0x5ab [ 36.390268] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.390272] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.390277] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.390281] kvm_put_kvm+0x6c8/0xff0 [ 36.390285] kvm_vm_release+0x42/0x50 [ 36.390289] __fput+0x385/0xa30 [ 36.390293] ____fput+0x15/0x20 [ 36.390297] task_work_run+0x1e8/0x2a0 [ 36.390301] do_exit+0x1ad7/0x2610 [ 36.390306] do_group_exit+0x177/0x440 [ 36.390310] __x64_sys_exit_group+0x3e/0x50 [ 36.390327] do_syscall_64+0x1b9/0x820 [ 36.390332] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.390348] [ 36.390350] -> #2 (&rq->lock){-.-.}: [ 36.390376] _raw_spin_lock+0x2d/0x40 [ 36.390392] task_fork_fair+0xb0/0x6d0 [ 36.390395] sched_fork+0x443/0xba0 [ 36.390412] copy_process+0x2586/0x8780 [ 36.390416] _do_fork+0x1cb/0x11d0 [ 36.390420] kernel_thread+0x34/0x40 [ 36.390423] rest_init+0x22/0xe5 [ 36.390427] start_kernel+0x8f4/0x92f [ 36.390432] x86_64_start_reservations+0x29/0x2b [ 36.390436] x86_64_start_kernel+0x76/0x79 [ 36.390441] secondary_startup_64+0xa4/0xb0 [ 36.390443] [ 36.390446] -> #1 (&p->pi_lock){-.-.}: [ 36.390461] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.390465] try_to_wake_up+0xd2/0x12f0 [ 36.390469] wake_up_process+0x10/0x20 [ 36.390473] __up.isra.1+0x1c0/0x2a0 [ 36.390476] up+0x13c/0x1c0 [ 36.390481] __up_console_sem+0xbe/0x1b0 [ 36.390485] console_unlock+0x814/0x1160 [ 36.390489] vprintk_emit+0x33d/0x930 [ 36.390493] vprintk_default+0x28/0x30 [ 36.390497] vprintk_func+0x7e/0x181 [ 36.390501] printk+0xa7/0xcf [ 36.390504] load_umh+0x51/0xbd [ 36.390508] do_one_initcall+0x145/0x957 [ 36.390513] kernel_init_freeable+0x4bb/0x5ae [ 36.390517] kernel_init+0x11/0x1b2 [ 36.390521] ret_from_fork+0x3a/0x50 [ 36.390523] [ 36.390526] -> #0 ((console_sem).lock){-...}: [ 36.390541] lock_acquire+0x1ed/0x520 [ 36.390555] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.390572] down_trylock+0x13/0x70 [ 36.390576] __down_trylock_console_sem+0xae/0x200 [ 36.390587] console_trylock+0x15/0xa0 [ 36.390591] vprintk_emit+0x322/0x930 [ 36.390595] vprintk_default+0x28/0x30 [ 36.390599] vprintk_func+0x7e/0x181 [ 36.390603] printk+0xa7/0xcf [ 36.390607] kasan_report+0x9b/0x110 [ 36.390611] __asan_report_load8_noabort+0x14/0x20 [ 36.390615] __schedule+0xfc3/0x1ed0 [ 36.390619] preempt_schedule_common+0x1f/0xd0 [ 36.390623] preempt_schedule+0x4d/0x60 [ 36.390628] ___preempt_schedule+0x16/0x18 [ 36.390644] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.390670] __call_srcu+0x7f9/0x1070 [ 36.390675] __synchronize_srcu+0x17b/0x230 [ 36.390679] synchronize_srcu+0x356/0x5ab [ 36.390685] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.390689] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.390694] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.390698] kvm_put_kvm+0x6c8/0xff0 [ 36.390702] kvm_vm_release+0x42/0x50 [ 36.390706] __fput+0x385/0xa30 [ 36.390710] ____fput+0x15/0x20 [ 36.390714] task_work_run+0x1e8/0x2a0 [ 36.390718] do_exit+0x1ad7/0x2610 [ 36.390723] do_group_exit+0x177/0x440 [ 36.390727] __x64_sys_exit_group+0x3e/0x50 [ 36.390732] do_syscall_64+0x1b9/0x820 [ 36.390737] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.390739] [ 36.390744] other info that might help us debug this: [ 36.390747] [ 36.390750] Chain exists of: [ 36.390752] (console_sem).lock --> &rq->lock --> report_lock [ 36.390772] [ 36.390777] Possible unsafe locking scenario: [ 36.390779] [ 36.390784] CPU0 CPU1 [ 36.390788] ---- ---- [ 36.390791] lock(report_lock); [ 36.390801] lock(&rq->lock); [ 36.390811] lock(report_lock); [ 36.390820] lock((console_sem).lock); [ 36.390829] [ 36.390832] *** DEADLOCK *** [ 36.390835] [ 36.390839] 2 locks held by syz-executor957/5398: [ 36.390842] #0: 00000000ee5ed7c1 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 36.390860] #1: 000000000ff0138e (report_lock){....}, at: kasan_report+0x8b/0x110 [ 36.390878] [ 36.390882] stack backtrace: [ 36.390888] CPU: 1 PID: 5398 Comm: syz-executor957 Not tainted 4.19.0-rc4+ #24 [ 36.390896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.390899] Call Trace: [ 36.390903] dump_stack+0x1c4/0x2b4 [ 36.390908] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.390913] ? vprintk_func+0x85/0x181 [ 36.390918] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 36.390922] ? save_trace+0xe0/0x290 [ 36.390926] __lock_acquire+0x33e4/0x4ec0 [ 36.390931] ? mark_held_locks+0x130/0x130 [ 36.390935] ? mark_held_locks+0x130/0x130 [ 36.390939] ? rcu_bh_qs+0xc0/0xc0 [ 36.390943] ? unwind_dump+0x190/0x190 [ 36.390948] ? is_bpf_text_address+0xd3/0x170 [ 36.390953] ? kernel_text_address+0x79/0xf0 [ 36.390969] ? __kernel_text_address+0xd/0x40 [ 36.390973] ? __save_stack_trace+0x8d/0xf0 [ 36.390978] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 36.390982] ? save_trace+0x290/0x290 [ 36.390986] ? save_stack_trace+0x1a/0x20 [ 36.390990] ? save_trace+0xe0/0x290 [ 36.391007] ? kasan_check_read+0x11/0x20 [ 36.391011] ? graph_lock+0x170/0x170 [ 36.391016] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.391020] lock_acquire+0x1ed/0x520 [ 36.391024] ? down_trylock+0x13/0x70 [ 36.391028] ? find_held_lock+0x36/0x1c0 [ 36.391032] ? lock_release+0x970/0x970 [ 36.391048] ? trace_hardirqs_off+0xb8/0x310 [ 36.391052] ? vprintk_emit+0x1d3/0x930 [ 36.391075] ? trace_hardirqs_on+0x310/0x310 [ 36.391079] ? trace_hardirqs_off+0xb8/0x310 [ 36.391083] ? log_store+0x344/0x4c0 [ 36.391087] ? vprintk_emit+0x322/0x930 [ 36.391091] _raw_spin_lock_irqsave+0x99/0xd0 [ 36.391095] ? down_trylock+0x13/0x70 [ 36.391099] down_trylock+0x13/0x70 [ 36.391103] __down_trylock_console_sem+0xae/0x200 [ 36.391107] console_trylock+0x15/0xa0 [ 36.391111] vprintk_emit+0x322/0x930 [ 36.391115] ? wake_up_klogd+0x180/0x180 [ 36.391119] ? run_rebalance_domains+0x500/0x500 [ 36.391123] ? wake_up_worker+0x117/0x190 [ 36.391127] ? find_held_lock+0x36/0x1c0 [ 36.391131] ? __queue_work+0x6be/0x1440 [ 36.391136] ? lock_acquire+0x1ed/0x520 [ 36.391139] vprintk_default+0x28/0x30 [ 36.391143] vprintk_func+0x7e/0x181 [ 36.391147] printk+0xa7/0xcf [ 36.391151] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.391155] ? kasan_check_write+0x14/0x20 [ 36.391159] ? do_raw_spin_lock+0xc1/0x200 [ 36.391163] ? do_raw_spin_lock+0xc1/0x200 [ 36.391167] kasan_report+0x9b/0x110 [ 36.391171] ? __schedule+0xfc3/0x1ed0 [ 36.391176] __asan_report_load8_noabort+0x14/0x20 [ 36.391179] __schedule+0xfc3/0x1ed0 [ 36.391184] ? __sched_text_start+0x8/0x8 [ 36.391188] ? __lock_is_held+0xb5/0x140 [ 36.391192] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.391196] ? find_held_lock+0x36/0x1c0 [ 36.391200] ? __call_srcu+0x7f9/0x1070 [ 36.391205] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.391209] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.391214] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.391218] ? preempt_schedule+0x4d/0x60 [ 36.391222] preempt_schedule_common+0x1f/0xd0 [ 36.391226] preempt_schedule+0x4d/0x60 [ 36.391230] ___preempt_schedule+0x16/0x18 [ 36.391235] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.391239] __call_srcu+0x7f9/0x1070 [ 36.391244] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 36.391248] ? srcu_offline_cpu+0x120/0x120 [ 36.391252] ? debug_object_free+0x690/0x690 [ 36.391256] ? mark_held_locks+0x130/0x130 [ 36.391261] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 36.391265] ? lock_release+0x970/0x970 [ 36.391269] ? arch_local_save_flags+0x40/0x40 [ 36.391273] ? depot_save_stack+0x292/0x470 [ 36.391278] ? __lockdep_init_map+0x105/0x590 [ 36.391282] ? __init_waitqueue_head+0x9e/0x150 [ 36.391286] ? init_wait_entry+0x1c0/0x1c0 [ 36.391290] __synchronize_srcu+0x17b/0x230 [ 36.391294] ? call_srcu+0x10/0x10 [ 36.391298] ? rcu_unexpedite_gp+0x20/0x20 [ 36.391303] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.391308] ? check_preemption_disabled+0x48/0x200 [ 36.391312] synchronize_srcu+0x356/0x5ab [ 36.391316] ? lock_downgrade+0x900/0x900 [ 36.391320] ? synchronize_srcu_expedited+0x20/0x20 [ 36.391324] ? kasan_check_read+0x11/0x20 [ 36.391341] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.391345] ? kasan_check_write+0x14/0x20 [ 36.391363] ? do_raw_spin_lock+0xc1/0x200 [ 36.391368] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.391372] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.391376] ? kvfree+0x61/0x70 [ 36.391392] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.391396] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.391414] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.391419] ? kvm_arch_sync_events+0x30/0x30 [ 36.391424] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.391428] ? mmu_notifier_unregister+0x474/0x600 [ 36.391432] ? kfree+0x107/0x230 [ 36.391436] ? __mmu_notifier_register+0x30/0x30 [ 36.391440] ? __free_pages+0x10a/0x190 [ 36.391444] ? free_unref_page+0x960/0x960 [ 36.391460] kvm_put_kvm+0x6c8/0xff0 [ 36.391464] ? kvm_write_guest_cached+0x40/0x40 [ 36.391468] ? kvm_irqfd_release+0xd1/0x120 [ 36.391475] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.391480] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.391484] ? kasan_check_write+0x14/0x20 [ 36.391488] ? do_raw_spin_lock+0xc1/0x200 [ 36.391492] ? kvm_irqfd_release+0xdd [ 36.391500] Lost 81 message(s)! [ 37.571825] Shutting down cpus with NMI [ 38.631697] Kernel Offset: disabled [ 38.635324] Rebooting in 86400 seconds..