[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.090944] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.271771] random: sshd: uninitialized urandom read (32 bytes read) [ 27.620345] random: sshd: uninitialized urandom read (32 bytes read) [ 28.188960] random: sshd: uninitialized urandom read (32 bytes read) [ 28.370238] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts. [ 33.892012] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.988122] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.014049] ================================================================== [ 34.023830] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 34.030076] Read of size 8 at addr ffff8801bdad8058 by task syz-executor352/4653 [ 34.037593] [ 34.039235] CPU: 0 PID: 4653 Comm: syz-executor352 Not tainted 4.19.0-rc1+ #217 [ 34.046682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.056022] Call Trace: [ 34.058606] dump_stack+0x1c9/0x2b4 [ 34.062256] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.067444] ? printk+0xa7/0xcf [ 34.070721] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.075473] ? __schedule+0xf54/0x1df0 [ 34.079379] print_address_description+0x6c/0x20b [ 34.084216] ? __schedule+0xf54/0x1df0 [ 34.088106] kasan_report.cold.7+0x242/0x30d [ 34.092513] __asan_report_load8_noabort+0x14/0x20 [ 34.097444] __schedule+0xf54/0x1df0 [ 34.101165] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.106264] ? __sched_text_start+0x8/0x8 [ 34.110409] ? __call_srcu+0x7e7/0x1040 [ 34.114385] ? check_same_owner+0x340/0x340 [ 34.118696] ? mark_held_locks+0x160/0x160 [ 34.122926] ? find_held_lock+0x36/0x1c0 [ 34.126999] preempt_schedule_common+0x22/0x60 [ 34.131586] _cond_resched+0x1d/0x30 [ 34.135294] wait_for_completion+0xa5/0x8d0 [ 34.140068] ? wait_for_completion_interruptible+0x950/0x950 [ 34.145865] ? __lockdep_init_map+0x105/0x590 [ 34.150357] ? __init_waitqueue_head+0x9e/0x150 [ 34.155020] ? init_wait_entry+0x1c0/0x1c0 [ 34.159256] __synchronize_srcu+0x189/0x240 [ 34.163585] ? call_srcu+0x10/0x10 [ 34.167138] ? rcu_unexpedite_gp+0x20/0x20 [ 34.171373] synchronize_srcu+0x335/0x56f [ 34.175531] ? lock_downgrade+0x8f0/0x8f0 [ 34.179686] ? synchronize_srcu_expedited+0x20/0x20 [ 34.184710] ? kasan_check_read+0x11/0x20 [ 34.188858] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.193900] ? kasan_check_write+0x14/0x20 [ 34.198129] ? do_raw_spin_lock+0xc1/0x200 [ 34.202364] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.208070] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.213514] ? kvfree+0x61/0x70 [ 34.216790] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.221800] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.225856] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.230261] ? kvm_arch_sync_events+0x30/0x30 [ 34.234753] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.240287] ? mmu_notifier_unregister+0x474/0x600 [ 34.245207] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.249645] ? kfree+0x111/0x210 [ 34.253008] ? __mmu_notifier_register+0x30/0x30 [ 34.257764] ? __free_pages+0x10a/0x190 [ 34.261732] ? free_unref_page+0x930/0x930 [ 34.265972] kvm_put_kvm+0x73f/0x1060 [ 34.269770] ? kvm_write_guest_cached+0x40/0x40 [ 34.274440] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.278940] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.283456] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.288035] ? kasan_check_write+0x14/0x20 [ 34.292270] ? do_raw_spin_lock+0xc1/0x200 [ 34.296521] ? kvm_irqfd_release+0xdd/0x120 [ 34.300831] ? kvm_irqfd_release+0xdd/0x120 [ 34.305146] ? kvm_put_kvm+0x1060/0x1060 [ 34.309204] kvm_vm_release+0x42/0x50 [ 34.313005] __fput+0x38a/0xa40 [ 34.316308] ? __alloc_file+0x400/0x400 [ 34.320281] ? check_same_owner+0x340/0x340 [ 34.324597] ? kasan_check_write+0x14/0x20 [ 34.328830] ? do_raw_spin_lock+0xc1/0x200 [ 34.333060] ____fput+0x15/0x20 [ 34.336336] task_work_run+0x1e8/0x2a0 [ 34.340221] ? task_work_cancel+0x240/0x240 [ 34.344550] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.350082] ? switch_task_namespaces+0xa2/0xd0 [ 34.354766] do_exit+0x1ae4/0x26e0 [ 34.358311] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.362979] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.367206] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.372236] ? kfree+0x1d7/0x210 [ 34.375599] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.379829] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.385537] ? is_bpf_text_address+0xd7/0x170 [ 34.390027] ? kernel_text_address+0x79/0xf0 [ 34.394430] ? __kernel_text_address+0xd/0x40 [ 34.398920] ? unwind_get_return_address+0x61/0xa0 [ 34.403849] ? __save_stack_trace+0x8d/0xf0 [ 34.408171] ? save_stack+0xa9/0xd0 [ 34.411791] ? save_stack+0x43/0xd0 [ 34.415437] ? __kasan_slab_free+0x11a/0x170 [ 34.419937] ? kasan_slab_free+0xe/0x10 [ 34.423920] ? putname+0xf2/0x130 [ 34.427370] ? __x64_sys_openat+0x9d/0x100 [ 34.431604] ? do_syscall_64+0x1b9/0x820 [ 34.435661] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.441022] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.445422] ? kasan_check_read+0x11/0x20 [ 34.449575] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.454025] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.458460] ? initcall_blacklisted+0x9a/0x1e0 [ 34.463052] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.468159] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.473867] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.479400] ? do_vfs_ioctl+0x201/0x1720 [ 34.483461] ? rcu_is_watching+0x8c/0x150 [ 34.487627] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.491942] ? ioctl_preallocate+0x300/0x300 [ 34.496346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.501889] ? __fget_light+0x2f7/0x440 [ 34.505870] ? fget_raw+0x20/0x20 [ 34.509321] ? putname+0xf2/0x130 [ 34.512775] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.517788] ? kmem_cache_free+0x246/0x280 [ 34.522029] ? putname+0xf7/0x130 [ 34.525483] do_group_exit+0x177/0x440 [ 34.529387] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.533704] ? __ia32_sys_exit+0x50/0x50 [ 34.537780] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.542892] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.548423] ? ksys_ioctl+0x81/0xd0 [ 34.552050] __x64_sys_exit_group+0x3e/0x50 [ 34.556368] do_syscall_64+0x1b9/0x820 [ 34.560496] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.565927] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.570843] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.575672] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.580677] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.585677] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.590779] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.595614] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.600786] RIP: 0033:0x43ecf8 [ 34.604080] Code: Bad RIP value. [ 34.607439] RSP: 002b:00007fffd2709398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.615158] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8 [ 34.622406] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.629827] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.637182] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.644447] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.651717] [ 34.653329] Allocated by task 4653: [ 34.656937] save_stack+0x43/0xd0 [ 34.660377] kasan_kmalloc+0xc4/0xe0 [ 34.664080] kasan_slab_alloc+0x12/0x20 [ 34.668096] kmem_cache_alloc+0x12e/0x710 [ 34.672232] vmx_create_vcpu+0xcf/0x2830 [ 34.676275] kvm_arch_vcpu_create+0xe5/0x220 [ 34.680665] kvm_vm_ioctl+0x488/0x1d80 [ 34.684538] do_vfs_ioctl+0x1de/0x1720 [ 34.688479] ksys_ioctl+0xa9/0xd0 [ 34.691913] __x64_sys_ioctl+0x73/0xb0 [ 34.695786] do_syscall_64+0x1b9/0x820 [ 34.699658] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.704822] [ 34.706428] Freed by task 4653: [ 34.709690] save_stack+0x43/0xd0 [ 34.713127] __kasan_slab_free+0x11a/0x170 [ 34.717351] kasan_slab_free+0xe/0x10 [ 34.721137] kmem_cache_free+0x86/0x280 [ 34.725091] vmx_free_vcpu+0x26b/0x300 [ 34.728976] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.733377] kvm_put_kvm+0x73f/0x1060 [ 34.737180] kvm_vm_release+0x42/0x50 [ 34.740968] __fput+0x38a/0xa40 [ 34.744227] ____fput+0x15/0x20 [ 34.747502] task_work_run+0x1e8/0x2a0 [ 34.751377] do_exit+0x1ae4/0x26e0 [ 34.754902] do_group_exit+0x177/0x440 [ 34.758880] __x64_sys_exit_group+0x3e/0x50 [ 34.763271] do_syscall_64+0x1b9/0x820 [ 34.767143] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.772309] [ 34.773916] The buggy address belongs to the object at ffff8801bdad8040 [ 34.773916] which belongs to the cache kvm_vcpu of size 23872 [ 34.786468] The buggy address is located 24 bytes inside of [ 34.786468] 23872-byte region [ffff8801bdad8040, ffff8801bdaddd80) [ 34.798412] The buggy address belongs to the page: [ 34.803326] page:ffffea0006f6b600 count:1 mapcount:0 mapping:ffff8801d527dd80 index:0x0 compound_mapcount: 0 [ 34.813285] flags: 0x2fffc0000008100(slab|head) [ 34.817934] raw: 02fffc0000008100 ffff8801d731d248 ffff8801d731d248 ffff8801d527dd80 [ 34.825796] raw: 0000000000000000 ffff8801bdad8040 0000000100000001 0000000000000000 [ 34.833655] page dumped because: kasan: bad access detected [ 34.839341] [ 34.840948] Memory state around the buggy address: [ 34.845857] ffff8801bdad7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.853258] ffff8801bdad7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.860704] >ffff8801bdad8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.868041] ^ [ 34.874300] ffff8801bdad8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.881647] ffff8801bdad8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.889015] ================================================================== [ 34.896359] Kernel panic - not syncing: panic_on_warn set ... [ 34.896359] [ 34.903708] CPU: 0 PID: 4653 Comm: syz-executor352 Tainted: G B 4.19.0-rc1+ #217 [ 34.912526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.922816] Call Trace: [ 34.925393] dump_stack+0x1c9/0x2b4 [ 34.929008] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.934183] ? lock_downgrade+0x8f0/0x8f0 [ 34.938309] ? __schedule+0xf54/0x1df0 [ 34.942335] panic+0x238/0x4e7 [ 34.945511] ? add_taint.cold.5+0x16/0x16 [ 34.949658] ? print_shadow_for_address+0xba/0x116 [ 34.954572] ? trace_hardirqs_off+0xaf/0x2b0 [ 34.958964] ? trace_hardirqs_off+0x77/0x2b0 [ 34.963398] ? __schedule+0xf54/0x1df0 [ 34.967273] kasan_end_report+0x47/0x4f [ 34.971228] kasan_report.cold.7+0x76/0x30d [ 34.975530] __asan_report_load8_noabort+0x14/0x20 [ 34.980452] __schedule+0xf54/0x1df0 [ 34.984159] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.989246] ? __sched_text_start+0x8/0x8 [ 34.993525] ? __call_srcu+0x7e7/0x1040 [ 34.997518] ? check_same_owner+0x340/0x340 [ 35.001820] ? mark_held_locks+0x160/0x160 [ 35.006033] ? find_held_lock+0x36/0x1c0 [ 35.010077] preempt_schedule_common+0x22/0x60 [ 35.014683] _cond_resched+0x1d/0x30 [ 35.018387] wait_for_completion+0xa5/0x8d0 [ 35.022751] ? wait_for_completion_interruptible+0x950/0x950 [ 35.028538] ? __lockdep_init_map+0x105/0x590 [ 35.033016] ? __init_waitqueue_head+0x9e/0x150 [ 35.037667] ? init_wait_entry+0x1c0/0x1c0 [ 35.041888] __synchronize_srcu+0x189/0x240 [ 35.046189] ? call_srcu+0x10/0x10 [ 35.049711] ? rcu_unexpedite_gp+0x20/0x20 [ 35.053933] synchronize_srcu+0x335/0x56f [ 35.058065] ? lock_downgrade+0x8f0/0x8f0 [ 35.062245] ? synchronize_srcu_expedited+0x20/0x20 [ 35.067261] ? kasan_check_read+0x11/0x20 [ 35.071397] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.075960] ? kasan_check_write+0x14/0x20 [ 35.080182] ? do_raw_spin_lock+0xc1/0x200 [ 35.084403] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.090096] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.095532] ? kvfree+0x61/0x70 [ 35.098798] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.103795] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.107837] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.112227] ? kvm_arch_sync_events+0x30/0x30 [ 35.116708] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.122297] ? mmu_notifier_unregister+0x474/0x600 [ 35.127211] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.131601] ? kfree+0x111/0x210 [ 35.134955] ? __mmu_notifier_register+0x30/0x30 [ 35.139695] ? __free_pages+0x10a/0x190 [ 35.143654] ? free_unref_page+0x930/0x930 [ 35.147877] kvm_put_kvm+0x73f/0x1060 [ 35.151667] ? kvm_write_guest_cached+0x40/0x40 [ 35.156323] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.160816] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.165322] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.169940] ? kasan_check_write+0x14/0x20 [ 35.174166] ? do_raw_spin_lock+0xc1/0x200 [ 35.178488] ? kvm_irqfd_release+0xdd/0x120 [ 35.182794] ? kvm_irqfd_release+0xdd/0x120 [ 35.187115] ? kvm_put_kvm+0x1060/0x1060 [ 35.191156] kvm_vm_release+0x42/0x50 [ 35.194941] __fput+0x38a/0xa40 [ 35.198265] ? __alloc_file+0x400/0x400 [ 35.202234] ? check_same_owner+0x340/0x340 [ 35.206603] ? kasan_check_write+0x14/0x20 [ 35.210824] ? do_raw_spin_lock+0xc1/0x200 [ 35.215037] ____fput+0x15/0x20 [ 35.218338] task_work_run+0x1e8/0x2a0 [ 35.222208] ? task_work_cancel+0x240/0x240 [ 35.226516] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.232054] ? switch_task_namespaces+0xa2/0xd0 [ 35.236712] do_exit+0x1ae4/0x26e0 [ 35.240250] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.244909] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.249191] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.254193] ? kfree+0x1d7/0x210 [ 35.257543] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.261823] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.267578] ? is_bpf_text_address+0xd7/0x170 [ 35.272062] ? kernel_text_address+0x79/0xf0 [ 35.276568] ? __kernel_text_address+0xd/0x40 [ 35.281051] ? unwind_get_return_address+0x61/0xa0 [ 35.286080] ? __save_stack_trace+0x8d/0xf0 [ 35.290386] ? save_stack+0xa9/0xd0 [ 35.293990] ? save_stack+0x43/0xd0 [ 35.297595] ? __kasan_slab_free+0x11a/0x170 [ 35.301983] ? kasan_slab_free+0xe/0x10 [ 35.305934] ? putname+0xf2/0x130 [ 35.309369] ? __x64_sys_openat+0x9d/0x100 [ 35.313586] ? do_syscall_64+0x1b9/0x820 [ 35.317631] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.323099] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.327495] ? kasan_check_read+0x11/0x20 [ 35.331630] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.336016] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.340407] ? initcall_blacklisted+0x9a/0x1e0 [ 35.344978] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.350068] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.355774] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.361291] ? do_vfs_ioctl+0x201/0x1720 [ 35.365344] ? rcu_is_watching+0x8c/0x150 [ 35.369485] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.373851] ? ioctl_preallocate+0x300/0x300 [ 35.378250] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.383784] ? __fget_light+0x2f7/0x440 [ 35.387739] ? fget_raw+0x20/0x20 [ 35.391169] ? putname+0xf2/0x130 [ 35.394647] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.399649] ? kmem_cache_free+0x246/0x280 [ 35.403863] ? putname+0xf7/0x130 [ 35.407368] do_group_exit+0x177/0x440 [ 35.411240] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.415545] ? __ia32_sys_exit+0x50/0x50 [ 35.419687] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.424773] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.430314] ? ksys_ioctl+0x81/0xd0 [ 35.433928] __x64_sys_exit_group+0x3e/0x50 [ 35.438235] do_syscall_64+0x1b9/0x820 [ 35.442109] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.447549] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.452468] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.457314] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.462361] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.467470] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.472494] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.477333] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.482505] RIP: 0033:0x43ecf8 [ 35.485681] Code: Bad RIP value. [ 35.489019] RSP: 002b:00007fffd2709398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.496783] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8 [ 35.504039] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.511289] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.518539] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.525789] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.533043] [ 35.533047] ====================================================== [ 35.533050] WARNING: possible circular locking dependency detected [ 35.533052] 4.19.0-rc1+ #217 Not tainted [ 35.533055] ------------------------------------------------------ [ 35.533058] syz-executor352/4653 is trying to acquire lock: [ 35.533060] 00000000a744f29f ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 35.533067] [ 35.533070] but task is already holding lock: [ 35.533071] 00000000e6239ac4 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.533079] [ 35.533082] which lock already depends on the new lock. [ 35.533083] [ 35.533084] [ 35.533087] the existing dependency chain (in reverse order) is: [ 35.533088] [ 35.533089] -> #3 (report_lock){....}: [ 35.533097] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.533099] kasan_report+0x8e/0x110 [ 35.533101] __asan_report_load8_noabort+0x14/0x20 [ 35.533103] __schedule+0xf54/0x1df0 [ 35.533106] preempt_schedule_common+0x22/0x60 [ 35.533108] _cond_resched+0x1d/0x30 [ 35.533110] wait_for_completion+0xa5/0x8d0 [ 35.533113] __synchronize_srcu+0x189/0x240 [ 35.533115] synchronize_srcu+0x335/0x56f [ 35.533118] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.533120] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.533123] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.533125] kvm_put_kvm+0x73f/0x1060 [ 35.533127] kvm_vm_release+0x42/0x50 [ 35.533129] __fput+0x38a/0xa40 [ 35.533131] ____fput+0x15/0x20 [ 35.533133] task_work_run+0x1e8/0x2a0 [ 35.533135] do_exit+0x1ae4/0x26e0 [ 35.533138] do_group_exit+0x177/0x440 [ 35.533140] __x64_sys_exit_group+0x3e/0x50 [ 35.533142] do_syscall_64+0x1b9/0x820 [ 35.533145] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.533146] [ 35.533147] -> #2 (&rq->lock){-.-.}: [ 35.533154] _raw_spin_lock+0x2a/0x40 [ 35.533156] task_fork_fair+0x93/0x680 [ 35.533158] sched_fork+0x44b/0xbd0 [ 35.533161] copy_process+0x235e/0x7ad0 [ 35.533163] _do_fork+0x1ca/0x1170 [ 35.533165] kernel_thread+0x34/0x40 [ 35.533167] rest_init+0x22/0xe4 [ 35.533169] start_kernel+0x913/0x94e [ 35.533171] x86_64_start_reservations+0x29/0x2b [ 35.533174] x86_64_start_kernel+0x76/0x79 [ 35.533176] secondary_startup_64+0xa4/0xb0 [ 35.533177] [ 35.533178] -> #1 (&p->pi_lock){-.-.}: [ 35.533186] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.533188] try_to_wake_up+0xd2/0x1250 [ 35.533190] wake_up_process+0x10/0x20 [ 35.533192] __up.isra.1+0x1c0/0x2a0 [ 35.533194] up+0x13c/0x1c0 [ 35.533196] __up_console_sem+0xbe/0x1b0 [ 35.533198] console_unlock+0x506/0x10d0 [ 35.533200] vprintk_emit+0x33a/0x910 [ 35.533203] vprintk_default+0x28/0x30 [ 35.533205] vprintk_func+0x7a/0x117 [ 35.533207] printk+0xa7/0xcf [ 35.533208] load_umh+0x51/0xbd [ 35.533211] do_one_initcall+0x127/0x838 [ 35.533213] kernel_init_freeable+0x4bb/0x5ae [ 35.533215] kernel_init+0x11/0x1b3 [ 35.533217] ret_from_fork+0x3a/0x50 [ 35.533218] [ 35.533219] -> #0 ((console_sem).lock){-...}: [ 35.533227] lock_acquire+0x1e4/0x4f0 [ 35.533229] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.533231] down_trylock+0x13/0x70 [ 35.533234] __down_trylock_console_sem+0xae/0x200 [ 35.533236] console_trylock+0x15/0xa0 [ 35.533238] vprintk_emit+0x31f/0x910 [ 35.533240] vprintk_default+0x28/0x30 [ 35.533242] vprintk_func+0x7a/0x117 [ 35.533244] printk+0xa7/0xcf [ 35.533246] kasan_report+0x9e/0x110 [ 35.533249] __asan_report_load8_noabort+0x14/0x20 [ 35.533251] __schedule+0xf54/0x1df0 [ 35.533253] preempt_schedule_common+0x22/0x60 [ 35.533255] _cond_resched+0x1d/0x30 [ 35.533258] wait_for_completion+0xa5/0x8d0 [ 35.533260] __synchronize_srcu+0x189/0x240 [ 35.533262] synchronize_srcu+0x335/0x56f [ 35.533265] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.533267] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.533270] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.533272] kvm_put_kvm+0x73f/0x1060 [ 35.533274] kvm_vm_release+0x42/0x50 [ 35.533276] __fput+0x38a/0xa40 [ 35.533278] ____fput+0x15/0x20 [ 35.533280] task_work_run+0x1e8/0x2a0 [ 35.533282] do_exit+0x1ae4/0x26e0 [ 35.533284] do_group_exit+0x177/0x440 [ 35.533286] __x64_sys_exit_group+0x3e/0x50 [ 35.533289] do_syscall_64+0x1b9/0x820 [ 35.533291] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.533292] [ 35.533295] other info that might help us debug this: [ 35.533296] [ 35.533298] Chain exists of: [ 35.533299] (console_sem).lock --> &rq->lock --> report_lock [ 35.533308] [ 35.533310] Possible unsafe locking scenario: [ 35.533311] [ 35.533314] CPU0 CPU1 [ 35.533316] ---- ---- [ 35.533317] lock(report_lock); [ 35.533322] lock(&rq->lock); [ 35.533327] lock(report_lock); [ 35.533331] lock((console_sem).lock); [ 35.533335] [ 35.533337] *** DEADLOCK *** [ 35.533338] [ 35.533340] 2 locks held by syz-executor352/4653: [ 35.533342] #0: 000000007d7eb78d (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 35.533355] #1: 00000000e6239ac4 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.533364] [ 35.533366] stack backtrace: [ 35.533369] CPU: 0 PID: 4653 Comm: syz-executor352 Not tainted 4.19.0-rc1+ #217 [ 35.533374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.533375] Call Trace: [ 35.533377] dump_stack+0x1c9/0x2b4 [ 35.533380] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.533382] ? vprintk_func+0x100/0x117 [ 35.533385] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 35.533387] ? save_trace+0xe0/0x290 [ 35.533389] __lock_acquire+0x3449/0x5020 [ 35.533392] ? mark_held_locks+0x160/0x160 [ 35.533394] ? mark_held_locks+0x160/0x160 [ 35.533396] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.533399] ? is_bpf_text_address+0xd7/0x170 [ 35.533401] ? kernel_text_address+0x79/0xf0 [ 35.533403] ? __kernel_text_address+0xd/0x40 [ 35.533405] ? __save_stack_trace+0x8d/0xf0 [ 35.533408] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 35.533410] ? save_trace+0x290/0x290 [ 35.533412] ? save_stack_trace+0x1a/0x20 [ 35.533414] ? save_trace+0xe0/0x290 [ 35.533416] ? graph_lock+0x170/0x170 [ 35.533419] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.533421] lock_acquire+0x1e4/0x4f0 [ 35.533423] ? down_trylock+0x13/0x70 [ 35.533425] ? lock_release+0x9f0/0x9f0 [ 35.533427] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.533429] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.533432] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.533434] ? log_store+0x34f/0x4c0 [ 35.533436] ? vprintk_emit+0x31f/0x910 [ 35.533438] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.533452] ? down_trylock+0x13/0x70 [ 35.533454] down_trylock+0x13/0x70 [ 35.533457] __down_trylock_console_sem+0xae/0x200 [ 35.533459] console_trylock+0x15/0xa0 [ 35.533461] vprintk_emit+0x31f/0x910 [ 35.533463] ? wake_up_klogd+0x110/0x110 [ 35.533466] ? run_rebalance_domains+0x4c0/0x4c0 [ 35.533468] ? kasan_check_read+0x11/0x20 [ 35.533470] ? rcu_is_watching+0x8c/0x150 [ 35.533472] ? rcu_pm_notify+0xc0/0xc0 [ 35.533475] ? lock_acquire+0x1e4/0x4f0 [ 35.533477] ? kasan_report+0x8e/0x110 [ 35.533479] ? __schedule+0xf54/0x1df0 [ 35.533481] vprintk_default+0x28/0x30 [ 35.533483] vprintk_func+0x7a/0x117 [ 35.533485] printk+0xa7/0xcf [ 35.533487] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.533490] ? kasan_check_write+0x14/0x20 [ 35.533492] ? do_raw_spin_lock+0xc1/0x200 [ 35.533494] ? do_raw_spin_lock+0xc1/0x200 [ 35.533496] kasan_report+0x9e/0x110 [ 35.533499] __asan_report_load8_noabort+0x14/0x20 [ 35.533501] __schedule+0xf54/0x1df0 [ 35.533503] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.533506] ? __sched_text_start+0x8/0x8 [ 35.533508] ? __call_srcu+0x7e7/0x1040 [ 35.533510] ? check_same_owner+0x340/0x340 [ 35.533512] ? mark_held_locks+0x160/0x160 [ 35.533515] ? find_held_lock+0x36/0x1c0 [ 35.533517] preempt_schedule_common+0x22/0x60 [ 35.533519] _cond_resched+0x1d/0x30 [ 35.533521] wait_for_completion+0xa5/0x8d0 [ 35.533524] ? wait_for_completion_interruptible+0x950/0x950 [ 35.533527] ? __lockdep_init_map+0x105/0x590 [ 35.533529] ? __init_waitqueue_head+0x9e/0x150 [ 35.533531] ? init_wait_entry+0x1c0/0x1c0 [ 35.533534] __synchronize_srcu+0x189/0x240 [ 35.533536] ? call_srcu+0x10/0x10 [ 35.533538] ? rcu_unexpedite_gp+0x20/0x20 [ 35.533540] synchronize_srcu+0x335/0x56f [ 35.533543] ? lock_downgrade+0x8f0/0x8f0 [ 35.533545] ? synchronize_srcu_expedited+0x20/0x20 [ 35.533548] ? kasan_check_read+0x11/0x20 [ 35.533550] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.533552] ? kasan_check_write+0x14/0x20 [ 35.533555] ? do_raw_spin_lock+0xc1/0x200 [ 35.533558] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.533560] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.533562] ? kvfree+0x61/0x70 [ 35.533565] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.533567] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.533570] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.533572] ? kvm_arch_sync_events+0x30/0x30 [ 35.533575] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.533578] ? mmu_notifier_unregister+0x474/0x600 [ 35.533580] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.533582] ? kfree+0x111/0x210 [ 35.533584] ? __mmu_notifier_register+0x30/0x30 [ 35.533586] ? __free_pages+0x10a/0x190 [ 35.533589] ? free_unref_page+0x930/0x930 [ 35.533591] kvm_put_kvm+0x73f/0x1060 [ 35.533593] ? kvm_write_guest_cached+0x40/0x40 [ 35.533596] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.533598] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.533600] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.533602] ? kasan_check_write+0x14/0x20 [ 35.533605] ? do_raw_spin_lock+0xc1/0x200 [ 35.533607] ? kvm_irqfd_release+0xdd/0x120 [ 35.533609] ? kvm_irqfd_release+0xdd/0x120 [ 35.533612] ? kvm_put_kvm+0x1060/0x1060 [ 35.533614] kvm_vm_release+0x42/0x50 [ 35.533616] __fput+0x38a/0xa40 [ 35.533618] ? __alloc_file+0x400/0x400 [ 35.533620] ? check_same_owner+0x340/0x340 [ 35.533622] ? kasan_check_write+0x14/0x20 [ 35.533625] ? do_raw_spin_lock+0xc1/0x200 [ 35.533626] ____fput+0x15/0x20 [ 35.533629] task_work_run+0x1e8/0x2a0 [ 35.533631] ? task_work_cancel+0x240/0x240 [ 35.533634] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.533636] ? switch_task_namespaces+0xa2/0xd0 [ 35.533638] do_exit+0x1ae4/0x26e0 [ 35.533641] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.533643] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.533645] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.533647] ? kfree+0x1d7/0x210 [ 35.533650] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.533652] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.533655] ? is_bpf_text_address+0xd7/0x170 [ 35.533656] ? [ 35.533660] Lost 55 message(s)! [ 36.633698] Shutting down cpus with NMI [ 37.692494] Dumping ftrace buffer: [ 37.696019] (ftrace buffer empty) [ 37.699722] Kernel Offset: disabled [ 37.703335] Rebooting in 86400 seconds..