[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.075044] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.432169] random: sshd: uninitialized urandom read (32 bytes read) [ 29.789214] random: sshd: uninitialized urandom read (32 bytes read) [ 30.335704] random: sshd: uninitialized urandom read (32 bytes read) [ 30.517992] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts. [ 36.045937] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 36.143425] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 36.165856] ================================================================== [ 36.174632] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 36.180860] Read of size 8 at addr ffff8801ca2f8058 by task syz-executor226/4666 [ 36.188375] [ 36.189992] CPU: 0 PID: 4666 Comm: syz-executor226 Not tainted 4.19.0-rc2+ #224 [ 36.197420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.206756] Call Trace: [ 36.209336] dump_stack+0x1c9/0x2b4 [ 36.212952] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.218236] ? printk+0xa7/0xcf [ 36.221508] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.226253] ? __schedule+0xf54/0x1df0 [ 36.230128] print_address_description+0x6c/0x20b [ 36.234953] ? __schedule+0xf54/0x1df0 [ 36.238820] kasan_report.cold.7+0x242/0x30d [ 36.243222] __asan_report_load8_noabort+0x14/0x20 [ 36.248136] __schedule+0xf54/0x1df0 [ 36.251833] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.256922] ? __sched_text_start+0x8/0x8 [ 36.261053] ? __call_srcu+0x7e7/0x1040 [ 36.265084] ? check_same_owner+0x340/0x340 [ 36.269396] ? mark_held_locks+0x160/0x160 [ 36.273613] ? find_held_lock+0x36/0x1c0 [ 36.277662] preempt_schedule_common+0x22/0x60 [ 36.282225] _cond_resched+0x1d/0x30 [ 36.285921] wait_for_completion+0xa5/0x8d0 [ 36.290234] ? wait_for_completion_interruptible+0x950/0x950 [ 36.296033] ? __lockdep_init_map+0x105/0x590 [ 36.300579] ? __init_waitqueue_head+0x9e/0x150 [ 36.305293] ? init_wait_entry+0x1c0/0x1c0 [ 36.309522] __synchronize_srcu+0x189/0x240 [ 36.313833] ? call_srcu+0x10/0x10 [ 36.317361] ? rcu_unexpedite_gp+0x20/0x20 [ 36.321588] synchronize_srcu+0x335/0x56f [ 36.325766] ? lock_downgrade+0x8f0/0x8f0 [ 36.329905] ? synchronize_srcu_expedited+0x20/0x20 [ 36.334905] ? kasan_check_read+0x11/0x20 [ 36.339040] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.343609] ? kasan_check_write+0x14/0x20 [ 36.347827] ? do_raw_spin_lock+0xc1/0x200 [ 36.352045] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.357795] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.363237] ? kvfree+0x61/0x70 [ 36.366512] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.371578] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.375631] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.380024] ? kvm_arch_sync_events+0x30/0x30 [ 36.384586] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.390121] ? mmu_notifier_unregister+0x474/0x600 [ 36.395036] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.399499] ? kfree+0x111/0x210 [ 36.402866] ? __mmu_notifier_register+0x30/0x30 [ 36.407609] ? __free_pages+0x10a/0x190 [ 36.411667] ? free_unref_page+0x930/0x930 [ 36.415894] kvm_put_kvm+0x73f/0x1060 [ 36.419700] ? kvm_write_guest_cached+0x40/0x40 [ 36.424358] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.428833] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.433310] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.437876] ? kasan_check_write+0x14/0x20 [ 36.442093] ? do_raw_spin_lock+0xc1/0x200 [ 36.446313] ? kvm_irqfd_release+0xdd/0x120 [ 36.450615] ? kvm_irqfd_release+0xdd/0x120 [ 36.454918] ? kvm_put_kvm+0x1060/0x1060 [ 36.458969] kvm_vm_release+0x42/0x50 [ 36.462755] __fput+0x38a/0xa40 [ 36.466017] ? __alloc_file+0x400/0x400 [ 36.469988] ? check_same_owner+0x340/0x340 [ 36.474301] ? kasan_check_write+0x14/0x20 [ 36.478527] ? do_raw_spin_lock+0xc1/0x200 [ 36.482755] ____fput+0x15/0x20 [ 36.486028] task_work_run+0x1e8/0x2a0 [ 36.489971] ? task_work_cancel+0x240/0x240 [ 36.494300] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.499843] ? switch_task_namespaces+0xa2/0xd0 [ 36.504513] do_exit+0x1ae4/0x26e0 [ 36.508123] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.512801] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.517206] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.522277] ? kfree+0x1d7/0x210 [ 36.525649] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.529888] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.535601] ? is_bpf_text_address+0xd7/0x170 [ 36.540096] ? kernel_text_address+0x79/0xf0 [ 36.544506] ? __kernel_text_address+0xd/0x40 [ 36.549003] ? unwind_get_return_address+0x61/0xa0 [ 36.553936] ? __save_stack_trace+0x8d/0xf0 [ 36.558318] ? save_stack+0xa9/0xd0 [ 36.561944] ? save_stack+0x43/0xd0 [ 36.565676] ? __kasan_slab_free+0x11a/0x170 [ 36.570083] ? kasan_slab_free+0xe/0x10 [ 36.574042] ? putname+0xf2/0x130 [ 36.577484] ? __x64_sys_openat+0x9d/0x100 [ 36.581788] ? do_syscall_64+0x1b9/0x820 [ 36.585839] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.591200] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.595600] ? kasan_check_read+0x11/0x20 [ 36.599741] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.604145] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.608545] ? initcall_blacklisted+0x9a/0x1e0 [ 36.613118] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.618291] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.624000] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.629525] ? do_vfs_ioctl+0x201/0x1720 [ 36.633838] ? rcu_is_watching+0x8c/0x150 [ 36.637978] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.642301] ? ioctl_preallocate+0x300/0x300 [ 36.646703] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.652230] ? __fget_light+0x2f7/0x440 [ 36.656192] ? fget_raw+0x20/0x20 [ 36.659631] ? putname+0xf2/0x130 [ 36.663131] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.668147] ? kmem_cache_free+0x246/0x280 [ 36.672379] ? putname+0xf7/0x130 [ 36.675830] do_group_exit+0x177/0x440 [ 36.679707] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.684024] ? __ia32_sys_exit+0x50/0x50 [ 36.688083] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.693185] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.698805] ? ksys_ioctl+0x81/0xd0 [ 36.702438] __x64_sys_exit_group+0x3e/0x50 [ 36.706759] do_syscall_64+0x1b9/0x820 [ 36.710667] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.716019] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.721009] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.725848] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.730858] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.735873] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.740885] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.745729] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.750907] RIP: 0033:0x43ef08 [ 36.754091] Code: Bad RIP value. [ 36.757439] RSP: 002b:00007fffbaa86848 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.765192] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 36.772460] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.779720] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.787010] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.794276] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.801543] [ 36.803159] Allocated by task 4666: [ 36.806785] save_stack+0x43/0xd0 [ 36.810224] kasan_kmalloc+0xc4/0xe0 [ 36.813928] kasan_slab_alloc+0x12/0x20 [ 36.817894] kmem_cache_alloc+0x12e/0x710 [ 36.822031] vmx_create_vcpu+0xcf/0x2830 [ 36.826077] kvm_arch_vcpu_create+0xe5/0x220 [ 36.830476] kvm_vm_ioctl+0x488/0x1d80 [ 36.834361] do_vfs_ioctl+0x1de/0x1720 [ 36.838240] ksys_ioctl+0xa9/0xd0 [ 36.841679] __x64_sys_ioctl+0x73/0xb0 [ 36.845574] do_syscall_64+0x1b9/0x820 [ 36.849459] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.854640] [ 36.856256] Freed by task 4666: [ 36.859621] save_stack+0x43/0xd0 [ 36.863078] __kasan_slab_free+0x11a/0x170 [ 36.867324] kasan_slab_free+0xe/0x10 [ 36.871141] kmem_cache_free+0x86/0x280 [ 36.875123] vmx_free_vcpu+0x26b/0x300 [ 36.879014] kvm_arch_destroy_vm+0x365/0x7c0 [ 36.883473] kvm_put_kvm+0x73f/0x1060 [ 36.887320] kvm_vm_release+0x42/0x50 [ 36.891114] __fput+0x38a/0xa40 [ 36.894385] ____fput+0x15/0x20 [ 36.897751] task_work_run+0x1e8/0x2a0 [ 36.901637] do_exit+0x1ae4/0x26e0 [ 36.905164] do_group_exit+0x177/0x440 [ 36.909038] __x64_sys_exit_group+0x3e/0x50 [ 36.913349] do_syscall_64+0x1b9/0x820 [ 36.917222] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.922391] [ 36.924007] The buggy address belongs to the object at ffff8801ca2f8040 [ 36.924007] which belongs to the cache kvm_vcpu of size 23872 [ 36.936575] The buggy address is located 24 bytes inside of [ 36.936575] 23872-byte region [ffff8801ca2f8040, ffff8801ca2fdd80) [ 36.948545] The buggy address belongs to the page: [ 36.953472] page:ffffea000728be00 count:1 mapcount:0 mapping:ffff8801d51f79c0 index:0x0 compound_mapcount: 0 [ 36.963566] flags: 0x2fffc0000008100(slab|head) [ 36.968229] raw: 02fffc0000008100 ffff8801d51f4748 ffff8801d51f4748 ffff8801d51f79c0 [ 36.976104] raw: 0000000000000000 ffff8801ca2f8040 0000000100000001 0000000000000000 [ 36.983977] page dumped because: kasan: bad access detected [ 36.989673] [ 36.991360] Memory state around the buggy address: [ 36.996393] ffff8801ca2f7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.003739] ffff8801ca2f7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.011081] >ffff8801ca2f8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 37.018474] ^ [ 37.024704] ffff8801ca2f8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.032048] ffff8801ca2f8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.039388] ================================================================== [ 37.046730] Kernel panic - not syncing: panic_on_warn set ... [ 37.046730] [ 37.054086] CPU: 0 PID: 4666 Comm: syz-executor226 Tainted: G B 4.19.0-rc2+ #224 [ 37.062910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.072256] Call Trace: [ 37.074903] dump_stack+0x1c9/0x2b4 [ 37.078526] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.083708] ? lock_downgrade+0x8f0/0x8f0 [ 37.087848] ? __schedule+0xf54/0x1df0 [ 37.091723] panic+0x238/0x4e7 [ 37.094976] ? add_taint.cold.5+0x16/0x16 [ 37.099125] ? print_shadow_for_address+0xba/0x116 [ 37.104043] ? trace_hardirqs_off+0xaf/0x2b0 [ 37.108446] ? trace_hardirqs_off+0x77/0x2b0 [ 37.112993] ? __schedule+0xf54/0x1df0 [ 37.116934] kasan_end_report+0x47/0x4f [ 37.120913] kasan_report.cold.7+0x76/0x30d [ 37.125287] __asan_report_load8_noabort+0x14/0x20 [ 37.130216] __schedule+0xf54/0x1df0 [ 37.133932] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.139040] ? __sched_text_start+0x8/0x8 [ 37.143192] ? __call_srcu+0x7e7/0x1040 [ 37.147168] ? check_same_owner+0x340/0x340 [ 37.151481] ? mark_held_locks+0x160/0x160 [ 37.155714] ? find_held_lock+0x36/0x1c0 [ 37.159768] preempt_schedule_common+0x22/0x60 [ 37.164390] _cond_resched+0x1d/0x30 [ 37.168099] wait_for_completion+0xa5/0x8d0 [ 37.172410] ? wait_for_completion_interruptible+0x950/0x950 [ 37.178192] ? __lockdep_init_map+0x105/0x590 [ 37.182690] ? __init_waitqueue_head+0x9e/0x150 [ 37.187345] ? init_wait_entry+0x1c0/0x1c0 [ 37.191565] __synchronize_srcu+0x189/0x240 [ 37.195870] ? call_srcu+0x10/0x10 [ 37.199397] ? rcu_unexpedite_gp+0x20/0x20 [ 37.203686] synchronize_srcu+0x335/0x56f [ 37.207829] ? lock_downgrade+0x8f0/0x8f0 [ 37.211973] ? synchronize_srcu_expedited+0x20/0x20 [ 37.216985] ? kasan_check_read+0x11/0x20 [ 37.221134] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.225715] ? kasan_check_write+0x14/0x20 [ 37.229952] ? do_raw_spin_lock+0xc1/0x200 [ 37.234188] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.239901] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.245341] ? kvfree+0x61/0x70 [ 37.248619] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.253627] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.257677] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.262076] ? kvm_arch_sync_events+0x30/0x30 [ 37.266573] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.272221] ? mmu_notifier_unregister+0x474/0x600 [ 37.277143] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.281544] ? kfree+0x111/0x210 [ 37.284900] ? __mmu_notifier_register+0x30/0x30 [ 37.289646] ? __free_pages+0x10a/0x190 [ 37.293609] ? free_unref_page+0x930/0x930 [ 37.297835] kvm_put_kvm+0x73f/0x1060 [ 37.301628] ? kvm_write_guest_cached+0x40/0x40 [ 37.306286] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.310764] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.315244] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.319817] ? kasan_check_write+0x14/0x20 [ 37.324041] ? do_raw_spin_lock+0xc1/0x200 [ 37.328268] ? kvm_irqfd_release+0xdd/0x120 [ 37.333134] ? kvm_irqfd_release+0xdd/0x120 [ 37.337459] ? kvm_put_kvm+0x1060/0x1060 [ 37.341630] kvm_vm_release+0x42/0x50 [ 37.345428] __fput+0x38a/0xa40 [ 37.348707] ? __alloc_file+0x400/0x400 [ 37.352673] ? check_same_owner+0x340/0x340 [ 37.357007] ? kasan_check_write+0x14/0x20 [ 37.361235] ? do_raw_spin_lock+0xc1/0x200 [ 37.365457] ____fput+0x15/0x20 [ 37.368730] task_work_run+0x1e8/0x2a0 [ 37.372602] ? task_work_cancel+0x240/0x240 [ 37.376910] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.382437] ? switch_task_namespaces+0xa2/0xd0 [ 37.387098] do_exit+0x1ae4/0x26e0 [ 37.390630] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.395294] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 37.399523] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.404533] ? kfree+0x1d7/0x210 [ 37.407894] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 37.412133] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.417843] ? is_bpf_text_address+0xd7/0x170 [ 37.422347] ? kernel_text_address+0x79/0xf0 [ 37.426856] ? __kernel_text_address+0xd/0x40 [ 37.431449] ? unwind_get_return_address+0x61/0xa0 [ 37.436379] ? __save_stack_trace+0x8d/0xf0 [ 37.440690] ? save_stack+0xa9/0xd0 [ 37.444310] ? save_stack+0x43/0xd0 [ 37.447921] ? __kasan_slab_free+0x11a/0x170 [ 37.452315] ? kasan_slab_free+0xe/0x10 [ 37.456272] ? putname+0xf2/0x130 [ 37.459710] ? __x64_sys_openat+0x9d/0x100 [ 37.463933] ? do_syscall_64+0x1b9/0x820 [ 37.467979] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.473327] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.477720] ? kasan_check_read+0x11/0x20 [ 37.481859] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.486251] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.490648] ? initcall_blacklisted+0x9a/0x1e0 [ 37.495215] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 37.500309] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.506014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.511542] ? do_vfs_ioctl+0x201/0x1720 [ 37.515591] ? rcu_is_watching+0x8c/0x150 [ 37.519729] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.524040] ? ioctl_preallocate+0x300/0x300 [ 37.528437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.534037] ? __fget_light+0x2f7/0x440 [ 37.538002] ? fget_raw+0x20/0x20 [ 37.541441] ? putname+0xf2/0x130 [ 37.544883] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.549889] ? kmem_cache_free+0x246/0x280 [ 37.554112] ? putname+0xf7/0x130 [ 37.557556] do_group_exit+0x177/0x440 [ 37.561440] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.565748] ? __ia32_sys_exit+0x50/0x50 [ 37.569798] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.574892] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.580418] ? ksys_ioctl+0x81/0xd0 [ 37.584044] __x64_sys_exit_group+0x3e/0x50 [ 37.588370] do_syscall_64+0x1b9/0x820 [ 37.592257] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.597742] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.602660] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.607550] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 37.612561] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.617562] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.622583] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.627419] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.632594] RIP: 0033:0x43ef08 [ 37.635771] Code: Bad RIP value. [ 37.639116] RSP: 002b:00007fffbaa86848 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.647011] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 37.654274] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.661534] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.668790] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.676045] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 37.683306] [ 37.683309] ====================================================== [ 37.683313] WARNING: possible circular locking dependency detected [ 37.683315] 4.19.0-rc2+ #224 Not tainted [ 37.683318] ------------------------------------------------------ [ 37.683321] syz-executor226/4666 is trying to acquire lock: [ 37.683323] 0000000013e099b2 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 37.683332] [ 37.683334] but task is already holding lock: [ 37.683336] 000000005e7e1c9a (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.683344] [ 37.683347] which lock already depends on the new lock. [ 37.683348] [ 37.683349] [ 37.683352] the existing dependency chain (in reverse order) is: [ 37.683354] [ 37.683355] -> #3 (report_lock){....}: [ 37.683363] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.683365] kasan_report+0x8e/0x110 [ 37.683368] __asan_report_load8_noabort+0x14/0x20 [ 37.683370] __schedule+0xf54/0x1df0 [ 37.683373] preempt_schedule_common+0x22/0x60 [ 37.683375] _cond_resched+0x1d/0x30 [ 37.683378] wait_for_completion+0xa5/0x8d0 [ 37.683380] __synchronize_srcu+0x189/0x240 [ 37.683383] synchronize_srcu+0x335/0x56f [ 37.683386] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.683388] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.683391] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.683393] kvm_put_kvm+0x73f/0x1060 [ 37.683395] kvm_vm_release+0x42/0x50 [ 37.683398] __fput+0x38a/0xa40 [ 37.683400] ____fput+0x15/0x20 [ 37.683402] task_work_run+0x1e8/0x2a0 [ 37.683404] do_exit+0x1ae4/0x26e0 [ 37.683406] do_group_exit+0x177/0x440 [ 37.683409] __x64_sys_exit_group+0x3e/0x50 [ 37.683411] do_syscall_64+0x1b9/0x820 [ 37.683414] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.683415] [ 37.683417] -> #2 (&rq->lock){-.-.}: [ 37.683424] _raw_spin_lock+0x2a/0x40 [ 37.683427] task_fork_fair+0x93/0x680 [ 37.683429] sched_fork+0x44b/0xbd0 [ 37.683431] copy_process+0x235e/0x7af0 [ 37.683433] _do_fork+0x1ca/0x1170 [ 37.683435] kernel_thread+0x34/0x40 [ 37.683438] rest_init+0x22/0xe4 [ 37.683440] start_kernel+0x913/0x94e [ 37.683442] x86_64_start_reservations+0x29/0x2b [ 37.683445] x86_64_start_kernel+0x76/0x79 [ 37.683447] secondary_startup_64+0xa4/0xb0 [ 37.683449] [ 37.683450] -> #1 (&p->pi_lock){-.-.}: [ 37.683458] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.683460] try_to_wake_up+0xd2/0x1250 [ 37.683463] wake_up_process+0x10/0x20 [ 37.683465] __up.isra.1+0x1c0/0x2a0 [ 37.683467] up+0x13c/0x1c0 [ 37.683469] __up_console_sem+0xbe/0x1b0 [ 37.683472] console_unlock+0x506/0x10d0 [ 37.683474] vprintk_emit+0x33a/0x910 [ 37.683476] vprintk_default+0x28/0x30 [ 37.683478] vprintk_func+0x7a/0x117 [ 37.683480] printk+0xa7/0xcf [ 37.683482] load_umh+0x51/0xbd [ 37.683485] do_one_initcall+0x127/0x838 [ 37.683487] kernel_init_freeable+0x4bb/0x5ae [ 37.683489] kernel_init+0x11/0x1b3 [ 37.683492] ret_from_fork+0x3a/0x50 [ 37.683493] [ 37.683494] -> #0 ((console_sem).lock){-...}: [ 37.683502] lock_acquire+0x1e4/0x4f0 [ 37.683505] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.683507] down_trylock+0x13/0x70 [ 37.683510] __down_trylock_console_sem+0xae/0x200 [ 37.683512] console_trylock+0x15/0xa0 [ 37.683515] vprintk_emit+0x31f/0x910 [ 37.683517] vprintk_default+0x28/0x30 [ 37.683519] vprintk_func+0x7a/0x117 [ 37.683521] printk+0xa7/0xcf [ 37.683523] kasan_report+0x9e/0x110 [ 37.683526] __asan_report_load8_noabort+0x14/0x20 [ 37.683528] __schedule+0xf54/0x1df0 [ 37.683531] preempt_schedule_common+0x22/0x60 [ 37.683533] _cond_resched+0x1d/0x30 [ 37.683536] wait_for_completion+0xa5/0x8d0 [ 37.683538] __synchronize_srcu+0x189/0x240 [ 37.683541] synchronize_srcu+0x335/0x56f [ 37.683544] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.683546] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.683549] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.683551] kvm_put_kvm+0x73f/0x1060 [ 37.683554] kvm_vm_release+0x42/0x50 [ 37.683556] __fput+0x38a/0xa40 [ 37.683558] ____fput+0x15/0x20 [ 37.683560] task_work_run+0x1e8/0x2a0 [ 37.683562] do_exit+0x1ae4/0x26e0 [ 37.683564] do_group_exit+0x177/0x440 [ 37.683567] __x64_sys_exit_group+0x3e/0x50 [ 37.683569] do_syscall_64+0x1b9/0x820 [ 37.683572] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.683573] [ 37.683576] other info that might help us debug this: [ 37.683577] [ 37.683579] Chain exists of: [ 37.683580] (console_sem).lock --> &rq->lock --> report_lock [ 37.683590] [ 37.683593] Possible unsafe locking scenario: [ 37.683594] [ 37.683596] CPU0 CPU1 [ 37.683599] ---- ---- [ 37.683600] lock(report_lock); [ 37.683605] lock(&rq->lock); [ 37.683611] lock(report_lock); [ 37.683619] lock((console_sem).lock); [ 37.683623] [ 37.683625] *** DEADLOCK *** [ 37.683626] [ 37.683629] 2 locks held by syz-executor226/4666: [ 37.683630] #0: 00000000f092338c (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 37.683640] #1: 000000005e7e1c9a (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.683649] [ 37.683651] stack backtrace: [ 37.683654] CPU: 0 PID: 4666 Comm: syz-executor226 Not tainted 4.19.0-rc2+ #224 [ 37.683659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.683661] Call Trace: [ 37.683663] dump_stack+0x1c9/0x2b4 [ 37.683666] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.683668] ? vprintk_func+0x100/0x117 [ 37.683671] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 37.683673] ? save_trace+0xe0/0x290 [ 37.683675] __lock_acquire+0x3449/0x5020 [ 37.683678] ? mark_held_locks+0x160/0x160 [ 37.683680] ? mark_held_locks+0x160/0x160 [ 37.683682] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 37.683685] ? is_bpf_text_address+0xd7/0x170 [ 37.683687] ? kernel_text_address+0x79/0xf0 [ 37.683690] ? __kernel_text_address+0xd/0x40 [ 37.683692] ? __save_stack_trace+0x8d/0xf0 [ 37.683695] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 37.683697] ? save_trace+0x290/0x290 [ 37.683699] ? save_stack_trace+0x1a/0x20 [ 37.683701] ? save_trace+0xe0/0x290 [ 37.683704] ? graph_lock+0x170/0x170 [ 37.683706] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.683709] lock_acquire+0x1e4/0x4f0 [ 37.683711] ? down_trylock+0x13/0x70 [ 37.683713] ? lock_release+0x9f0/0x9f0 [ 37.683716] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.683718] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.683720] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.683723] ? log_store+0x34f/0x4c0 [ 37.683725] ? vprintk_emit+0x31f/0x910 [ 37.683727] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.683729] ? down_trylock+0x13/0x70 [ 37.683732] down_trylock+0x13/0x70 [ 37.683734] __down_trylock_console_sem+0xae/0x200 [ 37.683736] console_trylock+0x15/0xa0 [ 37.683739] vprintk_emit+0x31f/0x910 [ 37.683741] ? wake_up_klogd+0x110/0x110 [ 37.683743] ? run_rebalance_domains+0x4c0/0x4c0 [ 37.683746] ? kasan_check_read+0x11/0x20 [ 37.683754] ? rcu_is_watching+0x8c/0x150 [ 37.683756] ? rcu_pm_notify+0xc0/0xc0 [ 37.683758] ? lock_acquire+0x1e4/0x4f0 [ 37.683760] ? kasan_report+0x8e/0x110 [ 37.683763] ? __schedule+0xf54/0x1df0 [ 37.683765] vprintk_default+0x28/0x30 [ 37.683767] vprintk_func+0x7a/0x117 [ 37.683769] printk+0xa7/0xcf [ 37.683772] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.683774] ? kasan_check_write+0x14/0x20 [ 37.683776] ? do_raw_spin_lock+0xc1/0x200 [ 37.683779] ? do_raw_spin_lock+0xc1/0x200 [ 37.683781] kasan_report+0x9e/0x110 [ 37.683783] __asan_report_load8_noabort+0x14/0x20 [ 37.683786] __schedule+0xf54/0x1df0 [ 37.683788] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.683791] ? __sched_text_start+0x8/0x8 [ 37.683793] ? __call_srcu+0x7e7/0x1040 [ 37.683795] ? check_same_owner+0x340/0x340 [ 37.683798] ? mark_held_locks+0x160/0x160 [ 37.683800] ? find_held_lock+0x36/0x1c0 [ 37.683803] preempt_schedule_common+0x22/0x60 [ 37.683805] _cond_resched+0x1d/0x30 [ 37.683807] wait_for_completion+0xa5/0x8d0 [ 37.683810] ? wait_for_completion_interruptible+0x950/0x950 [ 37.683813] ? __lockdep_init_map+0x105/0x590 [ 37.683815] ? __init_waitqueue_head+0x9e/0x150 [ 37.683818] ? init_wait_entry+0x1c0/0x1c0 [ 37.683820] __synchronize_srcu+0x189/0x240 [ 37.683822] ? call_srcu+0x10/0x10 [ 37.683825] ? rcu_unexpedite_gp+0x20/0x20 [ 37.683827] synchronize_srcu+0x335/0x56f [ 37.683830] ? lock_downgrade+0x8f0/0x8f0 [ 37.683833] ? synchronize_srcu_expedited+0x20/0x20 [ 37.683835] ? kasan_check_read+0x11/0x20 [ 37.683838] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.683840] ? kasan_check_write+0x14/0x20 [ 37.683842] ? do_raw_spin_lock+0xc1/0x200 [ 37.683845] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.683848] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.683850] ? kvfree+0x61/0x70 [ 37.683853] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.683855] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.683858] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.683860] ? kvm_arch_sync_events+0x30/0x30 [ 37.683863] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.683866] ? mmu_notifier_unregister+0x474/0x600 [ 37.683868] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.683871] ? kfree+0x111/0x210 [ 37.683873] ? __mmu_notifier_register+0x30/0x30 [ 37.683875] ? __free_pages+0x10a/0x190 [ 37.683878] ? free_unref_page+0x930/0x930 [ 37.683880] kvm_put_kvm+0x73f/0x1060 [ 37.683883] ? kvm_write_guest_cached+0x40/0x40 [ 37.683885] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.683888] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.683890] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.683892] ? kasan_check_write+0x14/0x20 [ 37.683895] ? do_raw_spin_lock+0xc1/0x200 [ 37.683897] ? kvm_irqfd_release+0xdd/0x120 [ 37.683900] ? kvm_irqfd_release+0xdd/0x120 [ 37.683902] ? kvm_put_kvm+0x1060/0x1060 [ 37.683904] kvm_vm_release+0x42/0x50 [ 37.683906] __fput+0x38a/0xa40 [ 37.683909] ? __alloc_file+0x400/0x400 [ 37.683911] ? check_same_owner+0x340/0x340 [ 37.683913] ? kasan_check_write+0x14/0x20 [ 37.683916] ? do_raw_spin_lock+0xc1/0x200 [ 37.683918] ____fput+0x15/0x20 [ 37.683920] task_work_run+0x1e8/0x2a0 [ 37.683922] ? task_work_cancel+0x240/0x240 [ 37.683925] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.683928] ? switch_task_namespaces+0xa2/0xd0 [ 37.683930] do_exit+0x1ae4/0x26e0 [ 37.683932] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.683935] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 37.683938] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.683940] ? kfree+0x1d7/0x210 [ 37.683942] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 37.683945] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.683947] ? is_bpf_text_address+0xd7/0x170 [ 37.683949] ? [ 37.683954] Lost 55 message(s)! [ 38.742072] Shutting down cpus with NMI [ 39.802819] Dumping ftrace buffer: [ 39.806356] (ftrace buffer empty) [ 39.810049] Kernel Offset: disabled [ 39.813666] Rebooting in 86400 seconds..