[....] Starting OpenBSD Secure Shell server: sshd[ 26.096511] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.887212] random: sshd: uninitialized urandom read (32 bytes read) [ 34.252527] random: sshd: uninitialized urandom read (32 bytes read) [ 34.842402] sshd (5341) used greatest stack depth: 16872 bytes left [ 34.866131] random: sshd: uninitialized urandom read (32 bytes read) [ 35.090597] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. [ 40.636441] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 40.768818] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 40.794677] ================================================================== [ 40.804764] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 40.810987] Read of size 8 at addr ffff8801bae58058 by task syz-executor510/5354 [ 40.818511] [ 40.820138] CPU: 1 PID: 5354 Comm: syz-executor510 Not tainted 4.19.0-rc4+ #25 [ 40.827490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.836830] Call Trace: [ 40.839426] dump_stack+0x1c4/0x2b4 [ 40.843056] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.848239] ? printk+0xa7/0xcf [ 40.851519] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 40.856275] print_address_description.cold.8+0x9/0x1ff [ 40.861634] kasan_report.cold.9+0x242/0x309 [ 40.866041] ? __schedule+0xfc3/0x1ed0 [ 40.869925] __asan_report_load8_noabort+0x14/0x20 [ 40.874849] __schedule+0xfc3/0x1ed0 [ 40.879080] ? __sched_text_start+0x8/0x8 [ 40.883228] ? __lock_is_held+0xb5/0x140 [ 40.887283] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.892386] ? find_held_lock+0x36/0x1c0 [ 40.896445] ? __call_srcu+0x7f9/0x1070 [ 40.900414] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.905511] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.910613] ? lockdep_hardirqs_on+0x421/0x5c0 [ 40.915191] ? preempt_schedule+0x4d/0x60 [ 40.919338] preempt_schedule_common+0x1f/0xd0 [ 40.923920] preempt_schedule+0x4d/0x60 [ 40.927901] ___preempt_schedule+0x16/0x18 [ 40.932139] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 40.937066] __call_srcu+0x7f9/0x1070 [ 40.940866] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 40.945979] ? srcu_offline_cpu+0x120/0x120 [ 40.950299] ? debug_object_free+0x690/0x690 [ 40.954709] ? mark_held_locks+0x130/0x130 [ 40.958968] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 40.963563] ? lock_release+0x970/0x970 [ 40.967536] ? arch_local_save_flags+0x40/0x40 [ 40.972118] ? depot_save_stack+0x292/0x470 [ 40.976444] ? __lockdep_init_map+0x105/0x590 [ 40.980941] ? __init_waitqueue_head+0x9e/0x150 [ 40.985607] ? init_wait_entry+0x1c0/0x1c0 [ 40.989858] __synchronize_srcu+0x17b/0x230 [ 40.994198] ? call_srcu+0x10/0x10 [ 40.997736] ? rcu_unexpedite_gp+0x20/0x20 [ 41.001987] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.007521] ? check_preemption_disabled+0x48/0x200 [ 41.012541] synchronize_srcu+0x356/0x5ab [ 41.016690] ? lock_downgrade+0x900/0x900 [ 41.020836] ? synchronize_srcu_expedited+0x20/0x20 [ 41.025889] ? kasan_check_read+0x11/0x20 [ 41.030050] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.034630] ? kasan_check_write+0x14/0x20 [ 41.038864] ? do_raw_spin_lock+0xc1/0x200 [ 41.043118] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.048840] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.054295] ? kvfree+0x61/0x70 [ 41.057572] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.062585] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.066644] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.071056] ? kvm_arch_sync_events+0x30/0x30 [ 41.075548] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.081081] ? mmu_notifier_unregister+0x474/0x600 [ 41.086007] ? kfree+0x107/0x230 [ 41.089373] ? __mmu_notifier_register+0x30/0x30 [ 41.094127] ? __free_pages+0x10a/0x190 [ 41.098102] ? free_unref_page+0x960/0x960 [ 41.102343] kvm_put_kvm+0x6c8/0xff0 [ 41.106058] ? kvm_write_guest_cached+0x40/0x40 [ 41.110742] ? kvm_irqfd_release+0xd1/0x120 [ 41.115059] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.119550] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.124050] ? kasan_check_write+0x14/0x20 [ 41.128283] ? do_raw_spin_lock+0xc1/0x200 [ 41.132515] ? kvm_irqfd_release+0xdd/0x120 [ 41.136832] ? kvm_irqfd_release+0xdd/0x120 [ 41.141152] ? kvm_put_kvm+0xff0/0xff0 [ 41.145057] kvm_vm_release+0x42/0x50 [ 41.148850] __fput+0x385/0xa30 [ 41.152167] ? get_max_files+0x20/0x20 [ 41.156055] ? trace_hardirqs_on+0xbd/0x310 [ 41.160377] ? ___might_sleep+0x1ed/0x300 [ 41.164519] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.169968] ? arch_local_save_flags+0x40/0x40 [ 41.174547] ? kasan_check_write+0x14/0x20 [ 41.178779] ? do_raw_spin_lock+0xc1/0x200 [ 41.183010] ____fput+0x15/0x20 [ 41.186286] task_work_run+0x1e8/0x2a0 [ 41.190175] ? task_work_cancel+0x240/0x240 [ 41.194493] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.200032] ? switch_task_namespaces+0x9d/0xd0 [ 41.204702] do_exit+0x1ad7/0x2610 [ 41.208262] ? mm_update_next_owner+0x990/0x990 [ 41.212937] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 41.217164] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.222189] ? kfree+0x1fa/0x230 [ 41.225556] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 41.229806] ? kvm_vcpu_block+0x1030/0x1030 [ 41.234126] ? is_bpf_text_address+0xd3/0x170 [ 41.238616] ? kernel_text_address+0x79/0xf0 [ 41.243037] ? __kernel_text_address+0xd/0x40 [ 41.247562] ? unwind_get_return_address+0x61/0xa0 [ 41.252491] ? __save_stack_trace+0x8d/0xf0 [ 41.256832] ? save_stack+0xa9/0xd0 [ 41.260475] ? save_stack+0x43/0xd0 [ 41.264098] ? __kasan_slab_free+0x102/0x150 [ 41.268513] ? kasan_slab_free+0xe/0x10 [ 41.272479] ? putname+0xf2/0x130 [ 41.275925] ? __x64_sys_openat+0x9d/0x100 [ 41.280153] ? do_syscall_64+0x1b9/0x820 [ 41.284209] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.289573] ? trace_hardirqs_off+0xb8/0x310 [ 41.293979] ? kasan_check_read+0x11/0x20 [ 41.298122] ? do_raw_spin_unlock+0xa7/0x2f0 [ 41.302524] ? trace_hardirqs_on+0x310/0x310 [ 41.306932] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 41.312036] ? trace_hardirqs_off+0xb8/0x310 [ 41.316439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.321984] ? check_preemption_disabled+0x48/0x200 [ 41.326993] ? check_preemption_disabled+0x48/0x200 [ 41.332005] ? kvm_vcpu_block+0x1030/0x1030 [ 41.336324] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.341858] ? do_vfs_ioctl+0x201/0x1720 [ 41.345954] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 41.351231] ? ioctl_preallocate+0x300/0x300 [ 41.355644] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.361188] ? __fget_light+0x2e9/0x430 [ 41.365159] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.370700] ? smack_file_ioctl+0x210/0x3c0 [ 41.375017] ? fget_raw+0x20/0x20 [ 41.378471] ? smack_file_lock+0x2e0/0x2e0 [ 41.382730] do_group_exit+0x177/0x440 [ 41.386660] ? trace_hardirqs_on+0xbd/0x310 [ 41.390977] ? __ia32_sys_exit+0x50/0x50 [ 41.395039] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.400500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.406034] ? ksys_ioctl+0x81/0xd0 [ 41.409662] __x64_sys_exit_group+0x3e/0x50 [ 41.413979] do_syscall_64+0x1b9/0x820 [ 41.417861] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.423229] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.428158] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.432996] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.438006] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.443020] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.448051] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.452904] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.458091] RIP: 0033:0x43f028 [ 41.461284] Code: 88 46 05 44 0f b6 47 03 44 89 c0 41 c0 f8 07 f6 ea 66 c1 e8 08 89 c1 c0 f9 02 44 29 c1 89 c8 89 cb f6 ea c0 fb 07 41 89 d8 66 e8 08 c0 f8 02 44 29 c0 8d 04 80 01 c0 29 c1 83 c1 30 88 4e 07 [ 41.480179] RSP: 002b:00007ffe967f0568 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 41.487908] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 41.495174] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 41.502436] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 41.509702] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 41.516964] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 41.524258] [ 41.525887] Allocated by task 5354: [ 41.529509] save_stack+0x43/0xd0 [ 41.532955] kasan_kmalloc+0xc7/0xe0 [ 41.536666] kasan_slab_alloc+0x12/0x20 [ 41.540638] kmem_cache_alloc+0x12e/0x730 [ 41.544789] vmx_create_vcpu+0xcf/0x25e0 [ 41.548847] kvm_arch_vcpu_create+0xe5/0x220 [ 41.553252] kvm_vm_ioctl+0x470/0x1d40 [ 41.557139] do_vfs_ioctl+0x1de/0x1720 [ 41.561022] ksys_ioctl+0xa9/0xd0 [ 41.564469] __x64_sys_ioctl+0x73/0xb0 [ 41.568355] do_syscall_64+0x1b9/0x820 [ 41.572242] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.577417] [ 41.579037] Freed by task 5354: [ 41.582310] save_stack+0x43/0xd0 [ 41.585759] __kasan_slab_free+0x102/0x150 [ 41.589987] kasan_slab_free+0xe/0x10 [ 41.593781] kmem_cache_free+0x83/0x290 [ 41.597750] vmx_free_vcpu+0x26b/0x300 [ 41.601635] kvm_arch_destroy_vm+0x365/0x7c0 [ 41.606042] kvm_put_kvm+0x6c8/0xff0 [ 41.609753] kvm_vm_release+0x42/0x50 [ 41.613561] __fput+0x385/0xa30 [ 41.616855] ____fput+0x15/0x20 [ 41.620134] task_work_run+0x1e8/0x2a0 [ 41.624032] do_exit+0x1ad7/0x2610 [ 41.627582] do_group_exit+0x177/0x440 [ 41.631495] __x64_sys_exit_group+0x3e/0x50 [ 41.635822] do_syscall_64+0x1b9/0x820 [ 41.639704] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.644888] [ 41.646557] The buggy address belongs to the object at ffff8801bae58040 [ 41.646557] which belongs to the cache kvm_vcpu of size 23872 [ 41.659140] The buggy address is located 24 bytes inside of [ 41.659140] 23872-byte region [ffff8801bae58040, ffff8801bae5dd80) [ 41.671106] The buggy address belongs to the page: [ 41.676057] page:ffffea0006eb9600 count:1 mapcount:0 mapping:ffff8801d5736780 index:0x0 compound_mapcount: 0 [ 41.686020] flags: 0x2fffc0000008100(slab|head) [ 41.690705] raw: 02fffc0000008100 ffff8801d573b948 ffff8801d573b948 ffff8801d5736780 [ 41.698586] raw: 0000000000000000 ffff8801bae58040 0000000100000001 0000000000000000 [ 41.706450] page dumped because: kasan: bad access detected [ 41.712142] [ 41.713754] Memory state around the buggy address: [ 41.718678] ffff8801bae57f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.726034] ffff8801bae57f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.733397] >ffff8801bae58000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 41.740745] ^ [ 41.746968] ffff8801bae58080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.754322] ffff8801bae58100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.761669] ================================================================== [ 41.769023] Kernel panic - not syncing: panic_on_warn set ... [ 41.769023] [ 41.776385] CPU: 1 PID: 5354 Comm: syz-executor510 Tainted: G B 4.19.0-rc4+ #25 [ 41.785121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.794465] Call Trace: [ 41.797049] dump_stack+0x1c4/0x2b4 [ 41.800706] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.805898] ? lock_downgrade+0x900/0x900 [ 41.810043] panic+0x238/0x4e7 [ 41.813227] ? add_taint.cold.5+0x16/0x16 [ 41.817373] ? print_shadow_for_address+0xb6/0x116 [ 41.822301] ? trace_hardirqs_off+0xaf/0x310 [ 41.826710] kasan_end_report+0x47/0x4f [ 41.830680] kasan_report.cold.9+0x76/0x309 [ 41.834997] ? __schedule+0xfc3/0x1ed0 [ 41.838893] __asan_report_load8_noabort+0x14/0x20 [ 41.843821] __schedule+0xfc3/0x1ed0 [ 41.847575] ? __sched_text_start+0x8/0x8 [ 41.851720] ? __lock_is_held+0xb5/0x140 [ 41.855775] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.860886] ? find_held_lock+0x36/0x1c0 [ 41.864952] ? __call_srcu+0x7f9/0x1070 [ 41.868956] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.874055] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.879692] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.884284] ? preempt_schedule+0x4d/0x60 [ 41.888434] preempt_schedule_common+0x1f/0xd0 [ 41.893015] preempt_schedule+0x4d/0x60 [ 41.896986] ___preempt_schedule+0x16/0x18 [ 41.901268] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.906194] __call_srcu+0x7f9/0x1070 [ 41.909993] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.915101] ? srcu_offline_cpu+0x120/0x120 [ 41.919417] ? debug_object_free+0x690/0x690 [ 41.923820] ? mark_held_locks+0x130/0x130 [ 41.928066] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 41.932660] ? lock_release+0x970/0x970 [ 41.936635] ? arch_local_save_flags+0x40/0x40 [ 41.941222] ? depot_save_stack+0x292/0x470 [ 41.945547] ? __lockdep_init_map+0x105/0x590 [ 41.950112] ? __init_waitqueue_head+0x9e/0x150 [ 41.954780] ? init_wait_entry+0x1c0/0x1c0 [ 41.959022] __synchronize_srcu+0x17b/0x230 [ 41.963338] ? call_srcu+0x10/0x10 [ 41.966876] ? rcu_unexpedite_gp+0x20/0x20 [ 41.971124] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.976662] ? check_preemption_disabled+0x48/0x200 [ 41.981698] synchronize_srcu+0x356/0x5ab [ 41.985841] ? lock_downgrade+0x900/0x900 [ 41.989990] ? synchronize_srcu_expedited+0x20/0x20 [ 41.995027] ? kasan_check_read+0x11/0x20 [ 41.999171] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 42.003762] ? kasan_check_write+0x14/0x20 [ 42.008003] ? do_raw_spin_lock+0xc1/0x200 [ 42.012247] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.017956] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 42.023404] ? kvfree+0x61/0x70 [ 42.026722] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.031752] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.035812] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.040218] ? kvm_arch_sync_events+0x30/0x30 [ 42.044714] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.050250] ? mmu_notifier_unregister+0x474/0x600 [ 42.055176] ? kfree+0x107/0x230 [ 42.058542] ? __mmu_notifier_register+0x30/0x30 [ 42.063299] ? __free_pages+0x10a/0x190 [ 42.067270] ? free_unref_page+0x960/0x960 [ 42.071510] kvm_put_kvm+0x6c8/0xff0 [ 42.075231] ? kvm_write_guest_cached+0x40/0x40 [ 42.079910] ? kvm_irqfd_release+0xd1/0x120 [ 42.084230] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.088721] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.093253] ? kasan_check_write+0x14/0x20 [ 42.097488] ? do_raw_spin_lock+0xc1/0x200 [ 42.101723] ? kvm_irqfd_release+0xdd/0x120 [ 42.106039] ? kvm_irqfd_release+0xdd/0x120 [ 42.110362] ? kvm_put_kvm+0xff0/0xff0 [ 42.114245] kvm_vm_release+0x42/0x50 [ 42.118040] __fput+0x385/0xa30 [ 42.121321] ? get_max_files+0x20/0x20 [ 42.125208] ? trace_hardirqs_on+0xbd/0x310 [ 42.129529] ? ___might_sleep+0x1ed/0x300 [ 42.133681] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.139128] ? arch_local_save_flags+0x40/0x40 [ 42.143705] ? kasan_check_write+0x14/0x20 [ 42.147937] ? do_raw_spin_lock+0xc1/0x200 [ 42.152199] ____fput+0x15/0x20 [ 42.155477] task_work_run+0x1e8/0x2a0 [ 42.159363] ? task_work_cancel+0x240/0x240 [ 42.163682] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.169222] ? switch_task_namespaces+0x9d/0xd0 [ 42.173896] do_exit+0x1ad7/0x2610 [ 42.177439] ? mm_update_next_owner+0x990/0x990 [ 42.182115] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 42.186346] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.191355] ? kfree+0x1fa/0x230 [ 42.194721] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 42.198954] ? kvm_vcpu_block+0x1030/0x1030 [ 42.203275] ? is_bpf_text_address+0xd3/0x170 [ 42.207764] ? kernel_text_address+0x79/0xf0 [ 42.212167] ? __kernel_text_address+0xd/0x40 [ 42.216667] ? unwind_get_return_address+0x61/0xa0 [ 42.221595] ? __save_stack_trace+0x8d/0xf0 [ 42.225935] ? save_stack+0xa9/0xd0 [ 42.229554] ? save_stack+0x43/0xd0 [ 42.233174] ? __kasan_slab_free+0x102/0x150 [ 42.237578] ? kasan_slab_free+0xe/0x10 [ 42.241546] ? putname+0xf2/0x130 [ 42.244995] ? __x64_sys_openat+0x9d/0x100 [ 42.249225] ? do_syscall_64+0x1b9/0x820 [ 42.253285] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.258658] ? trace_hardirqs_off+0xb8/0x310 [ 42.263065] ? kasan_check_read+0x11/0x20 [ 42.267208] ? do_raw_spin_unlock+0xa7/0x2f0 [ 42.271614] ? trace_hardirqs_on+0x310/0x310 [ 42.276018] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 42.281121] ? trace_hardirqs_off+0xb8/0x310 [ 42.285525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.291061] ? check_preemption_disabled+0x48/0x200 [ 42.296070] ? check_preemption_disabled+0x48/0x200 [ 42.301085] ? kvm_vcpu_block+0x1030/0x1030 [ 42.305401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.310934] ? do_vfs_ioctl+0x201/0x1720 [ 42.314991] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 42.320270] ? ioctl_preallocate+0x300/0x300 [ 42.324680] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.330261] ? __fget_light+0x2e9/0x430 [ 42.334247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.339785] ? smack_file_ioctl+0x210/0x3c0 [ 42.344100] ? fget_raw+0x20/0x20 [ 42.347553] ? smack_file_lock+0x2e0/0x2e0 [ 42.351810] do_group_exit+0x177/0x440 [ 42.355696] ? trace_hardirqs_on+0xbd/0x310 [ 42.360015] ? __ia32_sys_exit+0x50/0x50 [ 42.364071] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.369518] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.375054] ? ksys_ioctl+0x81/0xd0 [ 42.378694] __x64_sys_exit_group+0x3e/0x50 [ 42.383026] do_syscall_64+0x1b9/0x820 [ 42.386914] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 42.392288] ? syscall_return_slowpath+0x5e0/0x5e0 [ 42.397228] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.402109] ? trace_hardirqs_on_caller+0x310/0x310 [ 42.407123] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 42.412135] ? prepare_exit_to_usermode+0x291/0x3b0 [ 42.417150] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.421992] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.427189] RIP: 0033:0x43f028 [ 42.430379] Code: 88 46 05 44 0f b6 47 03 44 89 c0 41 c0 f8 07 f6 ea 66 c1 e8 08 89 c1 c0 f9 02 44 29 c1 89 c8 89 cb f6 ea c0 fb 07 41 89 d8 66 e8 08 c0 f8 02 44 29 c0 8d 04 80 01 c0 29 c1 83 c1 30 88 4e 07 [ 42.449271] RSP: 002b:00007ffe967f0568 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 42.456974] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 42.464240] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 42.471505] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 42.478768] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 42.486034] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 42.493308] [ 42.493314] ====================================================== [ 42.493320] WARNING: possible circular locking dependency detected [ 42.493324] 4.19.0-rc4+ #25 Not tainted [ 42.493329] ------------------------------------------------------ [ 42.493335] syz-executor510/5354 is trying to acquire lock: [ 42.493339] 00000000d3d8e8a0 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 42.493355] [ 42.493359] but task is already holding lock: [ 42.493362] 0000000094e4bae5 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 42.493378] [ 42.493383] which lock already depends on the new lock. [ 42.493385] [ 42.493388] [ 42.493393] the existing dependency chain (in reverse order) is: [ 42.493396] [ 42.493398] -> #3 (report_lock){....}: [ 42.493414] _raw_spin_lock_irqsave+0x99/0xd0 [ 42.493418] kasan_report+0x8b/0x110 [ 42.493423] __asan_report_load8_noabort+0x14/0x20 [ 42.493427] __schedule+0xfc3/0x1ed0 [ 42.493432] preempt_schedule_common+0x1f/0xd0 [ 42.493436] preempt_schedule+0x4d/0x60 [ 42.493441] ___preempt_schedule+0x16/0x18 [ 42.493446] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.493465] __call_srcu+0x7f9/0x1070 [ 42.493469] __synchronize_srcu+0x17b/0x230 [ 42.493489] synchronize_srcu+0x356/0x5ab [ 42.493494] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.493514] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.493518] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.493522] kvm_put_kvm+0x6c8/0xff0 [ 42.493526] kvm_vm_release+0x42/0x50 [ 42.493530] __fput+0x385/0xa30 [ 42.493533] ____fput+0x15/0x20 [ 42.493537] task_work_run+0x1e8/0x2a0 [ 42.493541] do_exit+0x1ad7/0x2610 [ 42.493545] do_group_exit+0x177/0x440 [ 42.493549] __x64_sys_exit_group+0x3e/0x50 [ 42.493553] do_syscall_64+0x1b9/0x820 [ 42.493557] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.493560] [ 42.493562] -> #2 (&rq->lock){-.-.}: [ 42.493576] _raw_spin_lock+0x2d/0x40 [ 42.493580] task_fork_fair+0xb0/0x6d0 [ 42.493584] sched_fork+0x443/0xba0 [ 42.493588] copy_process+0x2586/0x8780 [ 42.493592] _do_fork+0x1cb/0x11d0 [ 42.493595] kernel_thread+0x34/0x40 [ 42.493599] rest_init+0x22/0xe5 [ 42.493603] start_kernel+0x8f4/0x92f [ 42.493607] x86_64_start_reservations+0x29/0x2b [ 42.493612] x86_64_start_kernel+0x76/0x79 [ 42.493616] secondary_startup_64+0xa4/0xb0 [ 42.493618] [ 42.493620] -> #1 (&p->pi_lock){-.-.}: [ 42.493635] _raw_spin_lock_irqsave+0x99/0xd0 [ 42.493639] try_to_wake_up+0xd2/0x12f0 [ 42.493643] wake_up_process+0x10/0x20 [ 42.493647] __up.isra.1+0x1c0/0x2a0 [ 42.493650] up+0x13c/0x1c0 [ 42.493659] __up_console_sem+0xbe/0x1b0 [ 42.493663] console_unlock+0x814/0x1160 [ 42.493667] vprintk_emit+0x33d/0x930 [ 42.493671] vprintk_default+0x28/0x30 [ 42.493675] vprintk_func+0x7e/0x181 [ 42.493679] printk+0xa7/0xcf [ 42.493682] load_umh+0x51/0xbd [ 42.493686] do_one_initcall+0x145/0x957 [ 42.493690] kernel_init_freeable+0x4bb/0x5ae [ 42.493694] kernel_init+0x11/0x1b2 [ 42.493698] ret_from_fork+0x3a/0x50 [ 42.493700] [ 42.493703] -> #0 ((console_sem).lock){-...}: [ 42.493717] lock_acquire+0x1ed/0x520 [ 42.493722] _raw_spin_lock_irqsave+0x99/0xd0 [ 42.493725] down_trylock+0x13/0x70 [ 42.493730] __down_trylock_console_sem+0xae/0x200 [ 42.493734] console_trylock+0x15/0xa0 [ 42.493738] vprintk_emit+0x322/0x930 [ 42.493742] vprintk_default+0x28/0x30 [ 42.493746] vprintk_func+0x7e/0x181 [ 42.493749] printk+0xa7/0xcf [ 42.493753] kasan_report+0x9b/0x110 [ 42.493757] __asan_report_load8_noabort+0x14/0x20 [ 42.493761] __schedule+0xfc3/0x1ed0 [ 42.493765] preempt_schedule_common+0x1f/0xd0 [ 42.493770] preempt_schedule+0x4d/0x60 [ 42.493774] ___preempt_schedule+0x16/0x18 [ 42.493778] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.493782] __call_srcu+0x7f9/0x1070 [ 42.493786] __synchronize_srcu+0x17b/0x230 [ 42.493791] synchronize_srcu+0x356/0x5ab [ 42.493796] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.493800] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.493804] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.493808] kvm_put_kvm+0x6c8/0xff0 [ 42.493812] kvm_vm_release+0x42/0x50 [ 42.493815] __fput+0x385/0xa30 [ 42.493819] ____fput+0x15/0x20 [ 42.493823] task_work_run+0x1e8/0x2a0 [ 42.493827] do_exit+0x1ad7/0x2610 [ 42.493831] do_group_exit+0x177/0x440 [ 42.493835] __x64_sys_exit_group+0x3e/0x50 [ 42.493839] do_syscall_64+0x1b9/0x820 [ 42.493844] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.493846] [ 42.493850] other info that might help us debug this: [ 42.493853] [ 42.493856] Chain exists of: [ 42.493858] (console_sem).lock --> &rq->lock --> report_lock [ 42.493900] [ 42.493905] Possible unsafe locking scenario: [ 42.493907] [ 42.493911] CPU0 CPU1 [ 42.493916] ---- ---- [ 42.493919] lock(report_lock); [ 42.493929] lock(&rq->lock); [ 42.493939] lock(report_lock); [ 42.493948] lock((console_sem).lock); [ 42.493956] [ 42.493960] *** DEADLOCK *** [ 42.493962] [ 42.493967] 2 locks held by syz-executor510/5354: [ 42.493969] #0: 000000004da820dc (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 42.493988] #1: 0000000094e4bae5 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 42.494006] [ 42.494010] stack backtrace: [ 42.494016] CPU: 1 PID: 5354 Comm: syz-executor510 Not tainted 4.19.0-rc4+ #25 [ 42.494024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.494027] Call Trace: [ 42.494031] dump_stack+0x1c4/0x2b4 [ 42.494036] ? dump_stack_print_info.cold.2+0x52/0x52 [ 42.494040] ? vprintk_func+0x85/0x181 [ 42.494046] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 42.494050] ? save_trace+0xe0/0x290 [ 42.494054] __lock_acquire+0x33e4/0x4ec0 [ 42.494059] ? mark_held_locks+0x130/0x130 [ 42.494063] ? mark_held_locks+0x130/0x130 [ 42.494067] ? rcu_bh_qs+0xc0/0xc0 [ 42.494071] ? unwind_dump+0x190/0x190 [ 42.494076] ? is_bpf_text_address+0xd3/0x170 [ 42.494080] ? kernel_text_address+0x79/0xf0 [ 42.494085] ? __kernel_text_address+0xd/0x40 [ 42.494089] ? __save_stack_trace+0x8d/0xf0 [ 42.494094] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 42.494099] ? save_trace+0x290/0x290 [ 42.494103] ? save_stack_trace+0x1a/0x20 [ 42.494107] ? save_trace+0xe0/0x290 [ 42.494112] ? kasan_check_read+0x11/0x20 [ 42.494116] ? graph_lock+0x170/0x170 [ 42.494121] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.494125] lock_acquire+0x1ed/0x520 [ 42.494129] ? down_trylock+0x13/0x70 [ 42.494134] ? find_held_lock+0x36/0x1c0 [ 42.494138] ? lock_release+0x970/0x970 [ 42.494143] ? trace_hardirqs_off+0xb8/0x310 [ 42.494147] ? vprintk_emit+0x1d3/0x930 [ 42.494151] ? trace_hardirqs_on+0x310/0x310 [ 42.494157] ? trace_hardirqs_off+0xb8/0x310 [ 42.494161] ? log_store+0x344/0x4c0 [ 42.494165] ? vprintk_emit+0x322/0x930 [ 42.494170] _raw_spin_lock_irqsave+0x99/0xd0 [ 42.494174] ? down_trylock+0x13/0x70 [ 42.494178] down_trylock+0x13/0x70 [ 42.494183] __down_trylock_console_sem+0xae/0x200 [ 42.494187] console_trylock+0x15/0xa0 [ 42.494191] vprintk_emit+0x322/0x930 [ 42.494195] ? wake_up_klogd+0x180/0x180 [ 42.494200] ? run_rebalance_domains+0x500/0x500 [ 42.494205] ? wake_up_worker+0x117/0x190 [ 42.494209] ? find_held_lock+0x36/0x1c0 [ 42.494213] ? __queue_work+0x6be/0x1440 [ 42.494218] ? lock_acquire+0x1ed/0x520 [ 42.494222] vprintk_default+0x28/0x30 [ 42.494226] vprintk_func+0x7e/0x181 [ 42.494230] printk+0xa7/0xcf [ 42.494234] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 42.494239] ? kasan_check_write+0x14/0x20 [ 42.494243] ? do_raw_spin_lock+0xc1/0x200 [ 42.494248] ? do_raw_spin_lock+0xc1/0x200 [ 42.494252] kasan_report+0x9b/0x110 [ 42.494256] ? __schedule+0xfc3/0x1ed0 [ 42.494261] __asan_report_load8_noabort+0x14/0x20 [ 42.494265] __schedule+0xfc3/0x1ed0 [ 42.494269] ? __sched_text_start+0x8/0x8 [ 42.494274] ? __lock_is_held+0xb5/0x140 [ 42.494278] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.494283] ? find_held_lock+0x36/0x1c0 [ 42.494287] ? __call_srcu+0x7f9/0x1070 [ 42.494292] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.494297] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.494302] ? lockdep_hardirqs_on+0x421/0x5c0 [ 42.494306] ? preempt_schedule+0x4d/0x60 [ 42.494311] preempt_schedule_common+0x1f/0xd0 [ 42.494315] preempt_schedule+0x4d/0x60 [ 42.494320] ___preempt_schedule+0x16/0x18 [ 42.494325] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.494329] __call_srcu+0x7f9/0x1070 [ 42.494334] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 42.494338] ? srcu_offline_cpu+0x120/0x120 [ 42.494343] ? debug_object_free+0x690/0x690 [ 42.494347] ? mark_held_locks+0x130/0x130 [ 42.494352] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 42.494356] ? lock_release+0x970/0x970 [ 42.494361] ? arch_local_save_flags+0x40/0x40 [ 42.494365] ? depot_save_stack+0x292/0x470 [ 42.494370] ? __lockdep_init_map+0x105/0x590 [ 42.494375] ? __init_waitqueue_head+0x9e/0x150 [ 42.494379] ? init_wait_entry+0x1c0/0x1c0 [ 42.494383] __synchronize_srcu+0x17b/0x230 [ 42.494387] ? call_srcu+0x10/0x10 [ 42.494392] ? rcu_unexpedite_gp+0x20/0x20 [ 42.494397] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.494402] ? check_preemption_disabled+0x48/0x200 [ 42.494406] synchronize_srcu+0x356/0x5ab [ 42.494411] ? lock_downgrade+0x900/0x900 [ 42.494415] ? synchronize_srcu_expedited+0x20/0x20 [ 42.494420] ? kasan_check_read+0x11/0x20 [ 42.494425] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 42.494429] ? kasan_check_write+0x14/0x20 [ 42.494433] ? do_raw_spin_lock+0xc1/0x200 [ 42.494439] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.494444] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 42.494448] ? kvfree+0x61/0x70 [ 42.494453] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.494457] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.494461] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.494466] ? kvm_arch_sync_events+0x30/0x30 [ 42.494471] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.494476] ? mmu_notifier_unregister+0x474/0x600 [ 42.494480] ? kfree+0x107/0x230 [ 42.494485] ? __mmu_notifier_register+0x30/0x30 [ 42.494489] ? __free_pages+0x10a/0x190 [ 42.494493] ? free_unref_page+0x960/0x960 [ 42.494498] kvm_put_kvm+0x6c8/0xff0 [ 42.494502] ? kvm_write_guest_cached+0x40/0x40 [ 42.494507] ? kvm_irqfd_release+0xd1/0x120 [ 42.494511] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.494516] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.494520] ? kasan_check_write+0x14/0x20 [ 42.494525] ? do_raw_spin_lock+0xc1/0x200 [ 42.494528] ? kvm_irqfd_release+0xdd [ 42.494536] Lost 81 message(s)! [ 43.665383] Shutting down cpus with NMI [ 44.722506] Kernel Offset: disabled [ 44.726127] Rebooting in 86400 seconds..