[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.736015] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.536686] random: sshd: uninitialized urandom read (32 bytes read) [ 25.773211] random: sshd: uninitialized urandom read (32 bytes read) [ 26.322352] random: sshd: uninitialized urandom read (32 bytes read) [ 38.010046] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts. [ 43.746225] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 43.843285] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 43.865470] ================================================================== [ 43.874221] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 43.880433] Read of size 8 at addr ffff8801d9940058 by task syz-executor100/4674 [ 43.887939] [ 43.889557] CPU: 0 PID: 4674 Comm: syz-executor100 Not tainted 4.19.0-rc1+ #217 [ 43.896985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.906318] Call Trace: [ 43.908888] dump_stack+0x1c9/0x2b4 [ 43.912502] ? dump_stack_print_info.cold.2+0x52/0x52 [ 43.917712] ? printk+0xa7/0xcf [ 43.920985] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 43.925724] ? __schedule+0xf54/0x1df0 [ 43.929593] print_address_description+0x6c/0x20b [ 43.934419] ? __schedule+0xf54/0x1df0 [ 43.938285] kasan_report.cold.7+0x242/0x30d [ 43.942680] __asan_report_load8_noabort+0x14/0x20 [ 43.947590] __schedule+0xf54/0x1df0 [ 43.951354] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 43.956445] ? __sched_text_start+0x8/0x8 [ 43.960617] ? __call_srcu+0x7e7/0x1040 [ 43.964582] ? check_same_owner+0x340/0x340 [ 43.968882] ? mark_held_locks+0x160/0x160 [ 43.973098] ? find_held_lock+0x36/0x1c0 [ 43.977240] preempt_schedule_common+0x22/0x60 [ 43.981810] _cond_resched+0x1d/0x30 [ 43.985509] wait_for_completion+0xa5/0x8d0 [ 43.989819] ? wait_for_completion_interruptible+0x950/0x950 [ 43.995595] ? __lockdep_init_map+0x105/0x590 [ 44.000070] ? __init_waitqueue_head+0x9e/0x150 [ 44.004716] ? init_wait_entry+0x1c0/0x1c0 [ 44.008937] __synchronize_srcu+0x189/0x240 [ 44.013261] ? call_srcu+0x10/0x10 [ 44.016796] ? rcu_unexpedite_gp+0x20/0x20 [ 44.021014] synchronize_srcu+0x335/0x56f [ 44.025155] ? lock_downgrade+0x8f0/0x8f0 [ 44.029280] ? synchronize_srcu_expedited+0x20/0x20 [ 44.034286] ? kasan_check_read+0x11/0x20 [ 44.038417] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 44.042985] ? kasan_check_write+0x14/0x20 [ 44.047201] ? do_raw_spin_lock+0xc1/0x200 [ 44.051420] kvm_page_track_unregister_notifier+0x17d/0x250 [ 44.057115] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 44.062608] ? kvfree+0x61/0x70 [ 44.065877] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.070893] kvm_mmu_uninit_vm+0x1c/0x20 [ 44.074956] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 44.079346] ? kvm_arch_sync_events+0x30/0x30 [ 44.083822] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 44.089350] ? mmu_notifier_unregister+0x474/0x600 [ 44.094264] ? trace_hardirqs_on+0x2c0/0x2c0 [ 44.098655] ? kfree+0x111/0x210 [ 44.102097] ? __mmu_notifier_register+0x30/0x30 [ 44.106847] ? __free_pages+0x10a/0x190 [ 44.110806] ? free_unref_page+0x930/0x930 [ 44.115032] kvm_put_kvm+0x73f/0x1060 [ 44.118879] ? kvm_write_guest_cached+0x40/0x40 [ 44.123538] ? _raw_spin_unlock_irq+0x27/0x70 [ 44.128013] ? _raw_spin_unlock_irq+0x27/0x70 [ 44.132496] ? lockdep_hardirqs_on+0x421/0x5c0 [ 44.137067] ? kasan_check_write+0x14/0x20 [ 44.141819] ? do_raw_spin_lock+0xc1/0x200 [ 44.146045] ? kvm_irqfd_release+0xdd/0x120 [ 44.150349] ? kvm_irqfd_release+0xdd/0x120 [ 44.154657] ? kvm_put_kvm+0x1060/0x1060 [ 44.158699] kvm_vm_release+0x42/0x50 [ 44.162481] __fput+0x38a/0xa40 [ 44.165740] ? __alloc_file+0x400/0x400 [ 44.169773] ? check_same_owner+0x340/0x340 [ 44.174084] ? kasan_check_write+0x14/0x20 [ 44.178351] ? do_raw_spin_lock+0xc1/0x200 [ 44.182573] ____fput+0x15/0x20 [ 44.185833] task_work_run+0x1e8/0x2a0 [ 44.189699] ? task_work_cancel+0x240/0x240 [ 44.194106] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 44.199631] ? switch_task_namespaces+0xa2/0xd0 [ 44.204284] do_exit+0x1ae4/0x26e0 [ 44.207809] ? mm_update_next_owner+0x9a0/0x9a0 [ 44.212575] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 44.216844] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.221875] ? kfree+0x1d7/0x210 [ 44.225225] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 44.229443] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 44.235141] ? is_bpf_text_address+0xd7/0x170 [ 44.239617] ? kernel_text_address+0x79/0xf0 [ 44.244097] ? __kernel_text_address+0xd/0x40 [ 44.248578] ? unwind_get_return_address+0x61/0xa0 [ 44.253493] ? __save_stack_trace+0x8d/0xf0 [ 44.257799] ? save_stack+0xa9/0xd0 [ 44.261407] ? save_stack+0x43/0xd0 [ 44.265023] ? __kasan_slab_free+0x11a/0x170 [ 44.269421] ? kasan_slab_free+0xe/0x10 [ 44.273377] ? putname+0xf2/0x130 [ 44.276814] ? __x64_sys_openat+0x9d/0x100 [ 44.281031] ? do_syscall_64+0x1b9/0x820 [ 44.285075] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.290426] ? trace_hardirqs_off+0xb8/0x2b0 [ 44.294827] ? kasan_check_read+0x11/0x20 [ 44.298967] ? do_raw_spin_unlock+0xa7/0x2f0 [ 44.303360] ? trace_hardirqs_on+0x2c0/0x2c0 [ 44.307751] ? initcall_blacklisted+0x9a/0x1e0 [ 44.312315] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 44.317411] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 44.323106] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.328634] ? do_vfs_ioctl+0x201/0x1720 [ 44.332779] ? rcu_is_watching+0x8c/0x150 [ 44.336915] ? trace_hardirqs_on+0xbd/0x2c0 [ 44.341222] ? ioctl_preallocate+0x300/0x300 [ 44.345617] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.351136] ? __fget_light+0x2f7/0x440 [ 44.355090] ? fget_raw+0x20/0x20 [ 44.358523] ? putname+0xf2/0x130 [ 44.361963] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.366981] ? kmem_cache_free+0x246/0x280 [ 44.371200] ? putname+0xf7/0x130 [ 44.374638] do_group_exit+0x177/0x440 [ 44.378508] ? trace_hardirqs_on+0xbd/0x2c0 [ 44.382819] ? __ia32_sys_exit+0x50/0x50 [ 44.386872] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 44.391964] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.397490] ? ksys_ioctl+0x81/0xd0 [ 44.401107] __x64_sys_exit_group+0x3e/0x50 [ 44.405458] do_syscall_64+0x1b9/0x820 [ 44.409394] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 44.414747] ? syscall_return_slowpath+0x5e0/0x5e0 [ 44.419665] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.424496] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 44.429493] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 44.434493] ? prepare_exit_to_usermode+0x291/0x3b0 [ 44.439541] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.444380] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.449566] RIP: 0033:0x43ecc8 [ 44.452741] Code: Bad RIP value. [ 44.456086] RSP: 002b:00007ffd7c62fbc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 44.463778] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 44.471131] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 44.478389] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 44.485641] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 44.492893] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 44.500150] [ 44.501763] Allocated by task 4674: [ 44.505378] save_stack+0x43/0xd0 [ 44.508811] kasan_kmalloc+0xc4/0xe0 [ 44.512506] kasan_slab_alloc+0x12/0x20 [ 44.516510] kmem_cache_alloc+0x12e/0x710 [ 44.520644] vmx_create_vcpu+0xcf/0x2830 [ 44.524684] kvm_arch_vcpu_create+0xe5/0x220 [ 44.529234] kvm_vm_ioctl+0x488/0x1d80 [ 44.533105] do_vfs_ioctl+0x1de/0x1720 [ 44.537023] ksys_ioctl+0xa9/0xd0 [ 44.540674] __x64_sys_ioctl+0x73/0xb0 [ 44.544573] do_syscall_64+0x1b9/0x820 [ 44.548460] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.553639] [ 44.555263] Freed by task 4674: [ 44.558540] save_stack+0x43/0xd0 [ 44.561994] __kasan_slab_free+0x11a/0x170 [ 44.566234] kasan_slab_free+0xe/0x10 [ 44.570292] kmem_cache_free+0x86/0x280 [ 44.574274] vmx_free_vcpu+0x26b/0x300 [ 44.578160] kvm_arch_destroy_vm+0x365/0x7c0 [ 44.582571] kvm_put_kvm+0x73f/0x1060 [ 44.586373] kvm_vm_release+0x42/0x50 [ 44.590174] __fput+0x38a/0xa40 [ 44.593449] ____fput+0x15/0x20 [ 44.596730] task_work_run+0x1e8/0x2a0 [ 44.600618] do_exit+0x1ae4/0x26e0 [ 44.604158] do_group_exit+0x177/0x440 [ 44.608044] __x64_sys_exit_group+0x3e/0x50 [ 44.612365] do_syscall_64+0x1b9/0x820 [ 44.616249] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.621429] [ 44.623054] The buggy address belongs to the object at ffff8801d9940040 [ 44.623054] which belongs to the cache kvm_vcpu of size 23872 [ 44.635627] The buggy address is located 24 bytes inside of [ 44.635627] 23872-byte region [ffff8801d9940040, ffff8801d9945d80) [ 44.647585] The buggy address belongs to the page: [ 44.652517] page:ffffea0007665000 count:1 mapcount:0 mapping:ffff8801d5131b40 index:0x0 compound_mapcount: 0 [ 44.662504] flags: 0x2fffc0000008100(slab|head) [ 44.667180] raw: 02fffc0000008100 ffff8801d512c848 ffff8801d512c848 ffff8801d5131b40 [ 44.675061] raw: 0000000000000000 ffff8801d9940040 0000000100000001 0000000000000000 [ 44.682960] page dumped because: kasan: bad access detected [ 44.688657] [ 44.690278] Memory state around the buggy address: [ 44.695204] ffff8801d993ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.702565] ffff8801d993ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.709917] >ffff8801d9940000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 44.717272] ^ [ 44.723500] ffff8801d9940080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.730867] ffff8801d9940100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.738224] ================================================================== [ 44.745579] Kernel panic - not syncing: panic_on_warn set ... [ 44.745579] [ 44.752958] CPU: 0 PID: 4674 Comm: syz-executor100 Tainted: G B 4.19.0-rc1+ #217 [ 44.761786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.771133] Call Trace: [ 44.773731] dump_stack+0x1c9/0x2b4 [ 44.777364] ? dump_stack_print_info.cold.2+0x52/0x52 [ 44.782557] ? lock_downgrade+0x8f0/0x8f0 [ 44.786708] ? __schedule+0xf54/0x1df0 [ 44.790595] panic+0x238/0x4e7 [ 44.793788] ? add_taint.cold.5+0x16/0x16 [ 44.797943] ? print_shadow_for_address+0xba/0x116 [ 44.802878] ? trace_hardirqs_off+0xaf/0x2b0 [ 44.807284] ? trace_hardirqs_off+0x77/0x2b0 [ 44.811701] ? __schedule+0xf54/0x1df0 [ 44.815590] kasan_end_report+0x47/0x4f [ 44.819565] kasan_report.cold.7+0x76/0x30d [ 44.823893] __asan_report_load8_noabort+0x14/0x20 [ 44.828822] __schedule+0xf54/0x1df0 [ 44.832534] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 44.837655] ? __sched_text_start+0x8/0x8 [ 44.841815] ? __call_srcu+0x7e7/0x1040 [ 44.845799] ? check_same_owner+0x340/0x340 [ 44.850118] ? mark_held_locks+0x160/0x160 [ 44.854355] ? find_held_lock+0x36/0x1c0 [ 44.858422] preempt_schedule_common+0x22/0x60 [ 44.863022] _cond_resched+0x1d/0x30 [ 44.866734] wait_for_completion+0xa5/0x8d0 [ 44.871059] ? wait_for_completion_interruptible+0x950/0x950 [ 44.876856] ? __lockdep_init_map+0x105/0x590 [ 44.881357] ? __init_waitqueue_head+0x9e/0x150 [ 44.886028] ? init_wait_entry+0x1c0/0x1c0 [ 44.890267] __synchronize_srcu+0x189/0x240 [ 44.894589] ? call_srcu+0x10/0x10 [ 44.898132] ? rcu_unexpedite_gp+0x20/0x20 [ 44.902374] synchronize_srcu+0x335/0x56f [ 44.906524] ? lock_downgrade+0x8f0/0x8f0 [ 44.910670] ? synchronize_srcu_expedited+0x20/0x20 [ 44.915709] ? kasan_check_read+0x11/0x20 [ 44.919871] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 44.924466] ? kasan_check_write+0x14/0x20 [ 44.928710] ? do_raw_spin_lock+0xc1/0x200 [ 44.932967] kvm_page_track_unregister_notifier+0x17d/0x250 [ 44.938705] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 44.944169] ? kvfree+0x61/0x70 [ 44.947474] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.952509] kvm_mmu_uninit_vm+0x1c/0x20 [ 44.956585] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 44.961013] ? kvm_arch_sync_events+0x30/0x30 [ 44.965524] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 44.971085] ? mmu_notifier_unregister+0x474/0x600 [ 44.976032] ? trace_hardirqs_on+0x2c0/0x2c0 [ 44.980453] ? kfree+0x111/0x210 [ 44.983832] ? __mmu_notifier_register+0x30/0x30 [ 44.988602] ? __free_pages+0x10a/0x190 [ 44.992584] ? free_unref_page+0x930/0x930 [ 44.996832] kvm_put_kvm+0x73f/0x1060 [ 45.000642] ? kvm_write_guest_cached+0x40/0x40 [ 45.005316] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.009816] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.014318] ? lockdep_hardirqs_on+0x421/0x5c0 [ 45.018908] ? kasan_check_write+0x14/0x20 [ 45.023154] ? do_raw_spin_lock+0xc1/0x200 [ 45.027393] ? kvm_irqfd_release+0xdd/0x120 [ 45.031721] ? kvm_irqfd_release+0xdd/0x120 [ 45.036080] ? kvm_put_kvm+0x1060/0x1060 [ 45.040144] kvm_vm_release+0x42/0x50 [ 45.043988] __fput+0x38a/0xa40 [ 45.047279] ? __alloc_file+0x400/0x400 [ 45.051273] ? check_same_owner+0x340/0x340 [ 45.055603] ? kasan_check_write+0x14/0x20 [ 45.059841] ? do_raw_spin_lock+0xc1/0x200 [ 45.064079] ____fput+0x15/0x20 [ 45.067357] task_work_run+0x1e8/0x2a0 [ 45.071245] ? task_work_cancel+0x240/0x240 [ 45.075574] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.081111] ? switch_task_namespaces+0xa2/0xd0 [ 45.085783] do_exit+0x1ae4/0x26e0 [ 45.089326] ? mm_update_next_owner+0x9a0/0x9a0 [ 45.094002] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 45.098240] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.103260] ? kfree+0x1d7/0x210 [ 45.106633] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 45.110870] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 45.116585] ? is_bpf_text_address+0xd7/0x170 [ 45.121085] ? kernel_text_address+0x79/0xf0 [ 45.125494] ? __kernel_text_address+0xd/0x40 [ 45.129997] ? unwind_get_return_address+0x61/0xa0 [ 45.134934] ? __save_stack_trace+0x8d/0xf0 [ 45.139299] ? save_stack+0xa9/0xd0 [ 45.142930] ? save_stack+0x43/0xd0 [ 45.146565] ? __kasan_slab_free+0x11a/0x170 [ 45.150981] ? kasan_slab_free+0xe/0x10 [ 45.154963] ? putname+0xf2/0x130 [ 45.158418] ? __x64_sys_openat+0x9d/0x100 [ 45.163423] ? do_syscall_64+0x1b9/0x820 [ 45.167484] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.172850] ? trace_hardirqs_off+0xb8/0x2b0 [ 45.177260] ? kasan_check_read+0x11/0x20 [ 45.181412] ? do_raw_spin_unlock+0xa7/0x2f0 [ 45.185823] ? trace_hardirqs_on+0x2c0/0x2c0 [ 45.190239] ? initcall_blacklisted+0x9a/0x1e0 [ 45.194826] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 45.199939] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 45.205678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.211230] ? do_vfs_ioctl+0x201/0x1720 [ 45.215298] ? rcu_is_watching+0x8c/0x150 [ 45.219471] ? trace_hardirqs_on+0xbd/0x2c0 [ 45.223801] ? ioctl_preallocate+0x300/0x300 [ 45.228215] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.233758] ? __fget_light+0x2f7/0x440 [ 45.237742] ? fget_raw+0x20/0x20 [ 45.241195] ? putname+0xf2/0x130 [ 45.244652] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.249678] ? kmem_cache_free+0x246/0x280 [ 45.253924] ? putname+0xf7/0x130 [ 45.257394] do_group_exit+0x177/0x440 [ 45.261284] ? trace_hardirqs_on+0xbd/0x2c0 [ 45.265609] ? __ia32_sys_exit+0x50/0x50 [ 45.269669] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 45.274788] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.280342] ? ksys_ioctl+0x81/0xd0 [ 45.283985] __x64_sys_exit_group+0x3e/0x50 [ 45.288313] do_syscall_64+0x1b9/0x820 [ 45.292203] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 45.297573] ? syscall_return_slowpath+0x5e0/0x5e0 [ 45.302510] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.307357] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 45.312382] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 45.317411] ? prepare_exit_to_usermode+0x291/0x3b0 [ 45.322460] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.327312] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.332500] RIP: 0033:0x43ecc8 [ 45.335702] Code: Bad RIP value. [ 45.339064] RSP: 002b:00007ffd7c62fbc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 45.346791] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 45.354062] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 45.361333] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 45.368604] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 45.375878] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 45.383161] [ 45.383167] ====================================================== [ 45.383172] WARNING: possible circular locking dependency detected [ 45.383176] 4.19.0-rc1+ #217 Not tainted [ 45.383181] ------------------------------------------------------ [ 45.383186] syz-executor100/4674 is trying to acquire lock: [ 45.383190] 00000000d8015250 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 45.383204] [ 45.383208] but task is already holding lock: [ 45.383211] 000000007aa311b3 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 45.383225] [ 45.383230] which lock already depends on the new lock. [ 45.383232] [ 45.383235] [ 45.383239] the existing dependency chain (in reverse order) is: [ 45.383242] [ 45.383244] -> #3 (report_lock){....}: [ 45.383258] _raw_spin_lock_irqsave+0x96/0xc0 [ 45.383262] kasan_report+0x8e/0x110 [ 45.383266] __asan_report_load8_noabort+0x14/0x20 [ 45.383270] __schedule+0xf54/0x1df0 [ 45.383274] preempt_schedule_common+0x22/0x60 [ 45.383278] _cond_resched+0x1d/0x30 [ 45.383282] wait_for_completion+0xa5/0x8d0 [ 45.383286] __synchronize_srcu+0x189/0x240 [ 45.383290] synchronize_srcu+0x335/0x56f [ 45.383295] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.383299] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.383303] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.383307] kvm_put_kvm+0x73f/0x1060 [ 45.383311] kvm_vm_release+0x42/0x50 [ 45.383314] __fput+0x38a/0xa40 [ 45.383318] ____fput+0x15/0x20 [ 45.383322] task_work_run+0x1e8/0x2a0 [ 45.383325] do_exit+0x1ae4/0x26e0 [ 45.383329] do_group_exit+0x177/0x440 [ 45.383333] __x64_sys_exit_group+0x3e/0x50 [ 45.383337] do_syscall_64+0x1b9/0x820 [ 45.383341] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.383344] [ 45.383346] -> #2 (&rq->lock){-.-.}: [ 45.383359] _raw_spin_lock+0x2a/0x40 [ 45.383363] task_fork_fair+0x93/0x680 [ 45.383367] sched_fork+0x44b/0xbd0 [ 45.383371] copy_process+0x235e/0x7ad0 [ 45.383374] _do_fork+0x1ca/0x1170 [ 45.383378] kernel_thread+0x34/0x40 [ 45.383382] rest_init+0x22/0xe4 [ 45.383385] start_kernel+0x913/0x94e [ 45.383389] x86_64_start_reservations+0x29/0x2b [ 45.383393] x86_64_start_kernel+0x76/0x79 [ 45.383397] secondary_startup_64+0xa4/0xb0 [ 45.383400] [ 45.383402] -> #1 (&p->pi_lock){-.-.}: [ 45.383416] _raw_spin_lock_irqsave+0x96/0xc0 [ 45.383420] try_to_wake_up+0xd2/0x1250 [ 45.383424] wake_up_process+0x10/0x20 [ 45.383428] __up.isra.1+0x1c0/0x2a0 [ 45.383431] up+0x13c/0x1c0 [ 45.383435] __up_console_sem+0xbe/0x1b0 [ 45.383438] console_unlock+0x506/0x10d0 [ 45.383442] vprintk_emit+0x33a/0x910 [ 45.383446] vprintk_default+0x28/0x30 [ 45.383450] vprintk_func+0x7a/0x117 [ 45.383453] printk+0xa7/0xcf [ 45.383457] do_exit.cold.22+0x120/0x21f [ 45.383460] do_group_exit+0x177/0x440 [ 45.383465] __x64_sys_exit_group+0x3e/0x50 [ 45.383468] do_syscall_64+0x1b9/0x820 [ 45.383473] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.383475] [ 45.383477] -> #0 ((console_sem).lock){-...}: [ 45.383491] lock_acquire+0x1e4/0x4f0 [ 45.383495] _raw_spin_lock_irqsave+0x96/0xc0 [ 45.383499] down_trylock+0x13/0x70 [ 45.383503] __down_trylock_console_sem+0xae/0x200 [ 45.383507] console_trylock+0x15/0xa0 [ 45.383511] vprintk_emit+0x31f/0x910 [ 45.383515] vprintk_default+0x28/0x30 [ 45.383519] vprintk_func+0x7a/0x117 [ 45.383522] printk+0xa7/0xcf [ 45.383526] kasan_report+0x9e/0x110 [ 45.383530] __asan_report_load8_noabort+0x14/0x20 [ 45.383534] __schedule+0xf54/0x1df0 [ 45.383538] preempt_schedule_common+0x22/0x60 [ 45.383542] _cond_resched+0x1d/0x30 [ 45.383546] wait_for_completion+0xa5/0x8d0 [ 45.383550] __synchronize_srcu+0x189/0x240 [ 45.383554] synchronize_srcu+0x335/0x56f [ 45.383559] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.383563] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.383567] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.383570] kvm_put_kvm+0x73f/0x1060 [ 45.383574] kvm_vm_release+0x42/0x50 [ 45.383578] __fput+0x38a/0xa40 [ 45.383581] ____fput+0x15/0x20 [ 45.383585] task_work_run+0x1e8/0x2a0 [ 45.383589] do_exit+0x1ae4/0x26e0 [ 45.383592] do_group_exit+0x177/0x440 [ 45.383596] __x64_sys_exit_group+0x3e/0x50 [ 45.383600] do_syscall_64+0x1b9/0x820 [ 45.383605] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.383607] [ 45.383611] other info that might help us debug this: [ 45.383613] [ 45.383616] Chain exists of: [ 45.383618] (console_sem).lock --> &rq->lock --> report_lock [ 45.383636] [ 45.383640] Possible unsafe locking scenario: [ 45.383642] [ 45.383646] CPU0 CPU1 [ 45.383650] ---- ---- [ 45.383653] lock(report_lock); [ 45.383662] lock(&rq->lock); [ 45.383671] lock(report_lock); [ 45.383678] lock((console_sem).lock); [ 45.383692] [ 45.383695] *** DEADLOCK *** [ 45.383697] [ 45.383701] 2 locks held by syz-executor100/4674: [ 45.383704] #0: 0000000063e9771f (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 45.383720] #1: 000000007aa311b3 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 45.383737] [ 45.383740] stack backtrace: [ 45.383746] CPU: 0 PID: 4674 Comm: syz-executor100 Not tainted 4.19.0-rc1+ #217 [ 45.383753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.383756] Call Trace: [ 45.383760] dump_stack+0x1c9/0x2b4 [ 45.383764] ? dump_stack_print_info.cold.2+0x52/0x52 [ 45.383768] ? vprintk_func+0x100/0x117 [ 45.383773] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 45.383776] ? save_trace+0xe0/0x290 [ 45.383780] __lock_acquire+0x3449/0x5020 [ 45.383784] ? mark_held_locks+0x160/0x160 [ 45.383788] ? mark_held_locks+0x160/0x160 [ 45.383792] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 45.383796] ? is_bpf_text_address+0xd7/0x170 [ 45.383800] ? kernel_text_address+0x79/0xf0 [ 45.383804] ? __kernel_text_address+0xd/0x40 [ 45.383808] ? __save_stack_trace+0x8d/0xf0 [ 45.383813] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 45.383816] ? save_trace+0x290/0x290 [ 45.383820] ? save_stack_trace+0x1a/0x20 [ 45.383824] ? save_trace+0xe0/0x290 [ 45.383828] ? graph_lock+0x170/0x170 [ 45.383832] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.383836] lock_acquire+0x1e4/0x4f0 [ 45.383840] ? down_trylock+0x13/0x70 [ 45.383844] ? lock_release+0x9f0/0x9f0 [ 45.383848] ? trace_hardirqs_off+0xb8/0x2b0 [ 45.383852] ? trace_hardirqs_on+0x2c0/0x2c0 [ 45.383856] ? trace_hardirqs_off+0xb8/0x2b0 [ 45.383859] ? log_store+0x34f/0x4c0 [ 45.383863] ? vprintk_emit+0x31f/0x910 [ 45.383867] _raw_spin_lock_irqsave+0x96/0xc0 [ 45.383871] ? down_trylock+0x13/0x70 [ 45.383874] down_trylock+0x13/0x70 [ 45.383879] __down_trylock_console_sem+0xae/0x200 [ 45.383882] console_trylock+0x15/0xa0 [ 45.383886] vprintk_emit+0x31f/0x910 [ 45.383890] ? wake_up_klogd+0x110/0x110 [ 45.383894] ? run_rebalance_domains+0x4c0/0x4c0 [ 45.383898] ? kasan_check_read+0x11/0x20 [ 45.383902] ? rcu_is_watching+0x8c/0x150 [ 45.383906] ? rcu_pm_notify+0xc0/0xc0 [ 45.383909] ? lock_acquire+0x1e4/0x4f0 [ 45.383913] ? kasan_report+0x8e/0x110 [ 45.383917] ? __schedule+0xf54/0x1df0 [ 45.383921] vprintk_default+0x28/0x30 [ 45.383924] vprintk_func+0x7a/0x117 [ 45.383928] printk+0xa7/0xcf [ 45.383932] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 45.383936] ? kasan_check_write+0x14/0x20 [ 45.383940] ? do_raw_spin_lock+0xc1/0x200 [ 45.383944] ? do_raw_spin_lock+0xc1/0x200 [ 45.383955] kasan_report+0x9e/0x110 [ 45.383960] __asan_report_load8_noabort+0x14/0x20 [ 45.383963] __schedule+0xf54/0x1df0 [ 45.383968] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 45.383972] ? __sched_text_start+0x8/0x8 [ 45.383976] ? __call_srcu+0x7e7/0x1040 [ 45.383980] ? check_same_owner+0x340/0x340 [ 45.383983] ? mark_held_locks+0x160/0x160 [ 45.383987] ? find_held_lock+0x36/0x1c0 [ 45.383991] preempt_schedule_common+0x22/0x60 [ 45.383995] _cond_resched+0x1d/0x30 [ 45.383999] wait_for_completion+0xa5/0x8d0 [ 45.384004] ? wait_for_completion_interruptible+0x950/0x950 [ 45.384008] ? __lockdep_init_map+0x105/0x590 [ 45.384012] ? __init_waitqueue_head+0x9e/0x150 [ 45.384016] ? init_wait_entry+0x1c0/0x1c0 [ 45.384020] __synchronize_srcu+0x189/0x240 [ 45.384023] ? call_srcu+0x10/0x10 [ 45.384027] ? rcu_unexpedite_gp+0x20/0x20 [ 45.384031] synchronize_srcu+0x335/0x56f [ 45.384035] ? lock_downgrade+0x8f0/0x8f0 [ 45.384040] ? synchronize_srcu_expedited+0x20/0x20 [ 45.384044] ? kasan_check_read+0x11/0x20 [ 45.384048] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 45.384052] ? kasan_check_write+0x14/0x20 [ 45.384056] ? do_raw_spin_lock+0xc1/0x200 [ 45.384061] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.384065] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 45.384069] ? kvfree+0x61/0x70 [ 45.384073] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.384077] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.384081] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.384085] ? kvm_arch_sync_events+0x30/0x30 [ 45.384090] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.384094] ? mmu_notifier_unregister+0x474/0x600 [ 45.384098] ? trace_hardirqs_on+0x2c0/0x2c0 [ 45.384102] ? kfree+0x111/0x210 [ 45.384106] ? __mmu_notifier_register+0x30/0x30 [ 45.384110] ? __free_pages+0x10a/0x190 [ 45.384114] ? free_unref_page+0x930/0x930 [ 45.384117] kvm_put_kvm+0x73f/0x1060 [ 45.384122] ? kvm_write_guest_cached+0x40/0x40 [ 45.384126] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.384130] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.384134] ? lockdep_hardirqs_on+0x421/0x5c0 [ 45.384138] ? kasan_check_write+0x14/0x20 [ 45.384141] ? do_raw_spin_lock+0xc1/0x200 [ 45.384145] ? kvm_irqfd_release+0xdd/0x120 [ 45.384150] ? kvm_irqfd_release+0xdd/0x120 [ 45.384153] ? kvm_put_kvm+0x1060/0x1060 [ 45.384157] kvm_vm_release+0x42/0x50 [ 45.384160] __fput+0x38a/0xa40 [ 45.384164] ? __alloc_file+0x400/0x400 [ 45.384168] ? check_same_owner+0x340/0x340 [ 45.384172] ? kasan_check_write+0x14/0x20 [ 45.384176] ? do_raw_spin_lock+0xc1/0x200 [ 45.384179] ____fput+0x15/0x20 [ 45.384183] task_work_run+0x1e8/0x2a0 [ 45.384188] ? task_work_cancel+0x240/0x240 [ 45.384192] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.384196] ? switch_task_namespaces+0xa2/0xd0 [ 45.384200] do_exit+0x1ae4/0x26e0 [ 45.384204] ? mm_update_next_owner+0x9a0/0x9a0 [ 45.384208] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 45.384212] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.384216] ? kfree+0x1d7/0x210 [ 45.384220] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 45.384224] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 45.384227] ? is_bpf_tex [ 45.384236] Lost 56 message(s)! [ 46.465393] Shutting down cpus with NMI [ 47.524244] Dumping ftrace buffer: [ 47.527766] (ftrace buffer empty) [ 47.531456] Kernel Offset: disabled [ 47.535066] Rebooting in 86400 seconds..