[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.724153] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 20.486100] random: sshd: uninitialized urandom read (32 bytes read) [ 20.763073] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.325989] random: sshd: uninitialized urandom read (32 bytes read) [ 21.510821] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts. [ 27.218179] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 27.320945] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 27.347311] ================================================================== [ 27.357232] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 27.363474] Read of size 8 at addr ffff8801cb1a0058 by task syz-executor154/4287 [ 27.371007] [ 27.372650] CPU: 0 PID: 4287 Comm: syz-executor154 Not tainted 4.19.0-rc2+ #226 [ 27.380152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.389509] Call Trace: [ 27.392115] dump_stack+0x1c9/0x2b4 [ 27.395773] ? dump_stack_print_info.cold.2+0x52/0x52 [ 27.400972] ? printk+0xa7/0xcf [ 27.404323] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 27.409152] ? __schedule+0xf54/0x1df0 [ 27.413107] print_address_description+0x6c/0x20b [ 27.417963] ? __schedule+0xf54/0x1df0 [ 27.421862] kasan_report.cold.7+0x242/0x30d [ 27.427055] __asan_report_load8_noabort+0x14/0x20 [ 27.432052] __schedule+0xf54/0x1df0 [ 27.435783] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 27.440898] ? __sched_text_start+0x8/0x8 [ 27.445060] ? __call_srcu+0x7e7/0x1040 [ 27.449055] ? check_same_owner+0x340/0x340 [ 27.453387] ? mark_held_locks+0x160/0x160 [ 27.457635] ? find_held_lock+0x36/0x1c0 [ 27.461732] preempt_schedule_common+0x22/0x60 [ 27.466334] _cond_resched+0x1d/0x30 [ 27.470062] wait_for_completion+0xa5/0x8d0 [ 27.474398] ? wait_for_completion_interruptible+0x950/0x950 [ 27.480202] ? __lockdep_init_map+0x105/0x590 [ 27.484727] ? __init_waitqueue_head+0x9e/0x150 [ 27.489424] ? init_wait_entry+0x1c0/0x1c0 [ 27.493676] __synchronize_srcu+0x189/0x240 [ 27.498035] ? call_srcu+0x10/0x10 [ 27.501590] ? rcu_unexpedite_gp+0x20/0x20 [ 27.505845] synchronize_srcu+0x335/0x56f [ 27.510004] ? lock_downgrade+0x8f0/0x8f0 [ 27.514161] ? synchronize_srcu_expedited+0x20/0x20 [ 27.519190] ? kasan_check_read+0x11/0x20 [ 27.523349] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 27.527939] ? kasan_check_write+0x14/0x20 [ 27.532182] ? do_raw_spin_lock+0xc1/0x200 [ 27.536433] kvm_page_track_unregister_notifier+0x17d/0x250 [ 27.542157] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 27.547620] ? kvfree+0x61/0x70 [ 27.550916] ? rcu_read_lock_sched_held+0x108/0x120 [ 27.555943] kvm_mmu_uninit_vm+0x1c/0x20 [ 27.560016] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 27.564438] ? kvm_arch_sync_events+0x30/0x30 [ 27.568953] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 27.574502] ? mmu_notifier_unregister+0x474/0x600 [ 27.579440] ? trace_hardirqs_on+0x2c0/0x2c0 [ 27.583860] ? kfree+0x111/0x210 [ 27.587240] ? __mmu_notifier_register+0x30/0x30 [ 27.592007] ? __free_pages+0x10a/0x190 [ 27.596051] ? free_unref_page+0x930/0x930 [ 27.600310] kvm_put_kvm+0x73f/0x1060 [ 27.604128] ? kvm_write_guest_cached+0x40/0x40 [ 27.608816] ? _raw_spin_unlock_irq+0x27/0x70 [ 27.613322] ? _raw_spin_unlock_irq+0x27/0x70 [ 27.617829] ? lockdep_hardirqs_on+0x421/0x5c0 [ 27.622425] ? kasan_check_write+0x14/0x20 [ 27.626671] ? do_raw_spin_lock+0xc1/0x200 [ 27.630940] ? kvm_irqfd_release+0xdd/0x120 [ 27.635281] ? kvm_irqfd_release+0xdd/0x120 [ 27.639617] ? kvm_put_kvm+0x1060/0x1060 [ 27.643692] kvm_vm_release+0x42/0x50 [ 27.647528] __fput+0x38a/0xa40 [ 27.650824] ? __alloc_file+0x400/0x400 [ 27.654814] ? check_same_owner+0x340/0x340 [ 27.659144] ? kasan_check_write+0x14/0x20 [ 27.663449] ? do_raw_spin_lock+0xc1/0x200 [ 27.667700] ____fput+0x15/0x20 [ 27.671024] task_work_run+0x1e8/0x2a0 [ 27.674924] ? task_work_cancel+0x240/0x240 [ 27.679318] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 27.684866] ? switch_task_namespaces+0xa2/0xd0 [ 27.689547] do_exit+0x1ae4/0x26e0 [ 27.693103] ? mm_update_next_owner+0x9a0/0x9a0 [ 27.697794] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 27.702132] ? rcu_read_lock_sched_held+0x108/0x120 [ 27.707213] ? kfree+0x1d7/0x210 [ 27.710595] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 27.714844] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 27.720570] ? is_bpf_text_address+0xd7/0x170 [ 27.725075] ? kernel_text_address+0x79/0xf0 [ 27.729495] ? __kernel_text_address+0xd/0x40 [ 27.734002] ? unwind_get_return_address+0x61/0xa0 [ 27.738949] ? __save_stack_trace+0x8d/0xf0 [ 27.743289] ? save_stack+0xa9/0xd0 [ 27.746929] ? save_stack+0x43/0xd0 [ 27.750567] ? __kasan_slab_free+0x11a/0x170 [ 27.754992] ? kasan_slab_free+0xe/0x10 [ 27.758988] ? putname+0xf2/0x130 [ 27.762455] ? __x64_sys_openat+0x9d/0x100 [ 27.766724] ? do_syscall_64+0x1b9/0x820 [ 27.770804] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.776182] ? trace_hardirqs_off+0xb8/0x2c0 [ 27.780599] ? kasan_check_read+0x11/0x20 [ 27.784771] ? do_raw_spin_unlock+0xa7/0x2f0 [ 27.789189] ? trace_hardirqs_on+0x2c0/0x2c0 [ 27.793609] ? initcall_blacklisted+0x9a/0x1e0 [ 27.798216] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 27.803334] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 27.809063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.814614] ? do_vfs_ioctl+0x201/0x1720 [ 27.818687] ? rcu_is_watching+0x8c/0x150 [ 27.822867] ? trace_hardirqs_on+0xbd/0x2c0 [ 27.827202] ? ioctl_preallocate+0x300/0x300 [ 27.831764] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.837313] ? __fget_light+0x2f7/0x440 [ 27.841313] ? fget_raw+0x20/0x20 [ 27.845034] ? putname+0xf2/0x130 [ 27.848499] ? rcu_read_lock_sched_held+0x108/0x120 [ 27.853523] ? kmem_cache_free+0x246/0x280 [ 27.857774] ? putname+0xf7/0x130 [ 27.861243] do_group_exit+0x177/0x440 [ 27.865196] ? trace_hardirqs_on+0xbd/0x2c0 [ 27.869531] ? __ia32_sys_exit+0x50/0x50 [ 27.873602] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 27.878739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.884294] ? ksys_ioctl+0x81/0xd0 [ 27.887935] __x64_sys_exit_group+0x3e/0x50 [ 27.892270] do_syscall_64+0x1b9/0x820 [ 27.896170] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 27.901542] ? syscall_return_slowpath+0x5e0/0x5e0 [ 27.906481] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.911337] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 27.916363] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 27.921391] ? prepare_exit_to_usermode+0x291/0x3b0 [ 27.926421] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.931277] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.936477] RIP: 0033:0x43ecc8 [ 27.939683] Code: Bad RIP value. [ 27.943079] RSP: 002b:00007fff07db3568 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 27.950798] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 27.958072] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 27.965352] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 27.972629] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 27.979907] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 27.987188] [ 27.988820] Allocated by task 4287: [ 27.992459] save_stack+0x43/0xd0 [ 27.995918] kasan_kmalloc+0xc4/0xe0 [ 27.999642] kasan_slab_alloc+0x12/0x20 [ 28.003681] kmem_cache_alloc+0x12e/0x710 [ 28.007866] vmx_create_vcpu+0xcf/0x2830 [ 28.011937] kvm_arch_vcpu_create+0xe5/0x220 [ 28.016352] kvm_vm_ioctl+0x488/0x1d80 [ 28.020248] do_vfs_ioctl+0x1de/0x1720 [ 28.024145] ksys_ioctl+0xa9/0xd0 [ 28.027606] __x64_sys_ioctl+0x73/0xb0 [ 28.031502] do_syscall_64+0x1b9/0x820 [ 28.035400] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.040586] [ 28.042219] Freed by task 4287: [ 28.045505] save_stack+0x43/0xd0 [ 28.048969] __kasan_slab_free+0x11a/0x170 [ 28.053215] kasan_slab_free+0xe/0x10 [ 28.057025] kmem_cache_free+0x86/0x280 [ 28.061005] vmx_free_vcpu+0x26b/0x300 [ 28.064901] kvm_arch_destroy_vm+0x365/0x7c0 [ 28.069322] kvm_put_kvm+0x73f/0x1060 [ 28.073131] kvm_vm_release+0x42/0x50 [ 28.076939] __fput+0x38a/0xa40 [ 28.080226] ____fput+0x15/0x20 [ 28.083514] task_work_run+0x1e8/0x2a0 [ 28.087410] do_exit+0x1ae4/0x26e0 [ 28.090956] do_group_exit+0x177/0x440 [ 28.094853] __x64_sys_exit_group+0x3e/0x50 [ 28.099185] do_syscall_64+0x1b9/0x820 [ 28.103085] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.108276] [ 28.109912] The buggy address belongs to the object at ffff8801cb1a0040 [ 28.109912] which belongs to the cache kvm_vcpu of size 23872 [ 28.122490] The buggy address is located 24 bytes inside of [ 28.122490] 23872-byte region [ffff8801cb1a0040, ffff8801cb1a5d80) [ 28.134458] The buggy address belongs to the page: [ 28.139396] page:ffffea00072c6800 count:1 mapcount:0 mapping:ffff8801d73d9b40 index:0x0 compound_mapcount: 0 [ 28.149558] flags: 0x2fffc0000008100(slab|head) [ 28.154242] raw: 02fffc0000008100 ffff8801d73def48 ffff8801d73def48 ffff8801d73d9b40 [ 28.162135] raw: 0000000000000000 ffff8801cb1a0040 0000000100000001 0000000000000000 [ 28.170018] page dumped because: kasan: bad access detected [ 28.175750] [ 28.177388] Memory state around the buggy address: [ 28.182326] ffff8801cb19ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.189689] ffff8801cb19ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.197140] >ffff8801cb1a0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 28.204501] ^ [ 28.210755] ffff8801cb1a0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.218126] ffff8801cb1a0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.225482] ================================================================== [ 28.232844] Kernel panic - not syncing: panic_on_warn set ... [ 28.232844] [ 28.240223] CPU: 0 PID: 4287 Comm: syz-executor154 Tainted: G B 4.19.0-rc2+ #226 [ 28.249063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.258418] Call Trace: [ 28.261022] dump_stack+0x1c9/0x2b4 [ 28.264775] ? dump_stack_print_info.cold.2+0x52/0x52 [ 28.269978] ? lock_downgrade+0x8f0/0x8f0 [ 28.274139] ? __schedule+0xf54/0x1df0 [ 28.278036] panic+0x238/0x4e7 [ 28.281237] ? add_taint.cold.5+0x16/0x16 [ 28.285406] ? print_shadow_for_address+0xba/0x116 [ 28.290344] ? trace_hardirqs_off+0xaf/0x2c0 [ 28.294777] ? trace_hardirqs_off+0x77/0x2c0 [ 28.299201] ? __schedule+0xf54/0x1df0 [ 28.303101] kasan_end_report+0x47/0x4f [ 28.307086] kasan_report.cold.7+0x76/0x30d [ 28.311424] __asan_report_load8_noabort+0x14/0x20 [ 28.316363] __schedule+0xf54/0x1df0 [ 28.320086] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 28.325200] ? __sched_text_start+0x8/0x8 [ 28.329360] ? __call_srcu+0x7e7/0x1040 [ 28.333354] ? check_same_owner+0x340/0x340 [ 28.337683] ? mark_held_locks+0x160/0x160 [ 28.341949] ? find_held_lock+0x36/0x1c0 [ 28.346025] preempt_schedule_common+0x22/0x60 [ 28.350618] _cond_resched+0x1d/0x30 [ 28.354345] wait_for_completion+0xa5/0x8d0 [ 28.358680] ? wait_for_completion_interruptible+0x950/0x950 [ 28.364513] ? __lockdep_init_map+0x105/0x590 [ 28.369021] ? __init_waitqueue_head+0x9e/0x150 [ 28.373725] ? init_wait_entry+0x1c0/0x1c0 [ 28.377983] __synchronize_srcu+0x189/0x240 [ 28.382313] ? call_srcu+0x10/0x10 [ 28.385866] ? rcu_unexpedite_gp+0x20/0x20 [ 28.390121] synchronize_srcu+0x335/0x56f [ 28.394282] ? lock_downgrade+0x8f0/0x8f0 [ 28.398444] ? synchronize_srcu_expedited+0x20/0x20 [ 28.403474] ? kasan_check_read+0x11/0x20 [ 28.407635] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 28.412228] ? kasan_check_write+0x14/0x20 [ 28.416473] ? do_raw_spin_lock+0xc1/0x200 [ 28.420744] kvm_page_track_unregister_notifier+0x17d/0x250 [ 28.426474] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 28.431932] ? kvfree+0x61/0x70 [ 28.435225] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.440365] kvm_mmu_uninit_vm+0x1c/0x20 [ 28.444439] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 28.448863] ? kvm_arch_sync_events+0x30/0x30 [ 28.453382] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 28.458936] ? mmu_notifier_unregister+0x474/0x600 [ 28.463879] ? trace_hardirqs_on+0x2c0/0x2c0 [ 28.468299] ? kfree+0x111/0x210 [ 28.471680] ? __mmu_notifier_register+0x30/0x30 [ 28.476471] ? __free_pages+0x10a/0x190 [ 28.480462] ? free_unref_page+0x930/0x930 [ 28.484743] kvm_put_kvm+0x73f/0x1060 [ 28.488570] ? kvm_write_guest_cached+0x40/0x40 [ 28.493255] ? _raw_spin_unlock_irq+0x27/0x70 [ 28.497773] ? _raw_spin_unlock_irq+0x27/0x70 [ 28.502283] ? lockdep_hardirqs_on+0x421/0x5c0 [ 28.506884] ? kasan_check_write+0x14/0x20 [ 28.511130] ? do_raw_spin_lock+0xc1/0x200 [ 28.515468] ? kvm_irqfd_release+0xdd/0x120 [ 28.519799] ? kvm_irqfd_release+0xdd/0x120 [ 28.524132] ? kvm_put_kvm+0x1060/0x1060 [ 28.528207] kvm_vm_release+0x42/0x50 [ 28.532019] __fput+0x38a/0xa40 [ 28.535400] ? __alloc_file+0x400/0x400 [ 28.539391] ? check_same_owner+0x340/0x340 [ 28.543742] ? kasan_check_write+0x14/0x20 [ 28.547994] ? do_raw_spin_lock+0xc1/0x200 [ 28.552243] ____fput+0x15/0x20 [ 28.555536] task_work_run+0x1e8/0x2a0 [ 28.559437] ? task_work_cancel+0x240/0x240 [ 28.563780] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 28.569330] ? switch_task_namespaces+0xa2/0xd0 [ 28.574014] do_exit+0x1ae4/0x26e0 [ 28.577569] ? mm_update_next_owner+0x9a0/0x9a0 [ 28.582313] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 28.586565] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.591595] ? kfree+0x1d7/0x210 [ 28.594976] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 28.599225] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 28.604953] ? is_bpf_text_address+0xd7/0x170 [ 28.609458] ? kernel_text_address+0x79/0xf0 [ 28.613875] ? __kernel_text_address+0xd/0x40 [ 28.618385] ? unwind_get_return_address+0x61/0xa0 [ 28.623330] ? __save_stack_trace+0x8d/0xf0 [ 28.627670] ? save_stack+0xa9/0xd0 [ 28.631330] ? save_stack+0x43/0xd0 [ 28.634966] ? __kasan_slab_free+0x11a/0x170 [ 28.639382] ? kasan_slab_free+0xe/0x10 [ 28.643365] ? putname+0xf2/0x130 [ 28.646829] ? __x64_sys_openat+0x9d/0x100 [ 28.651075] ? do_syscall_64+0x1b9/0x820 [ 28.655150] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.660529] ? trace_hardirqs_off+0xb8/0x2c0 [ 28.664945] ? kasan_check_read+0x11/0x20 [ 28.669099] ? do_raw_spin_unlock+0xa7/0x2f0 [ 28.673512] ? trace_hardirqs_on+0x2c0/0x2c0 [ 28.677934] ? initcall_blacklisted+0x9a/0x1e0 [ 28.682526] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 28.687638] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 28.693353] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.698902] ? do_vfs_ioctl+0x201/0x1720 [ 28.702962] ? rcu_is_watching+0x8c/0x150 [ 28.707105] ? trace_hardirqs_on+0xbd/0x2c0 [ 28.711433] ? ioctl_preallocate+0x300/0x300 [ 28.715842] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.721381] ? __fget_light+0x2f7/0x440 [ 28.725359] ? fget_raw+0x20/0x20 [ 28.728813] ? putname+0xf2/0x130 [ 28.732270] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.737739] ? kmem_cache_free+0x246/0x280 [ 28.741985] ? putname+0xf7/0x130 [ 28.745439] do_group_exit+0x177/0x440 [ 28.749333] ? trace_hardirqs_on+0xbd/0x2c0 [ 28.753658] ? __ia32_sys_exit+0x50/0x50 [ 28.757724] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 28.762835] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.768374] ? ksys_ioctl+0x81/0xd0 [ 28.772002] __x64_sys_exit_group+0x3e/0x50 [ 28.776326] do_syscall_64+0x1b9/0x820 [ 28.780211] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 28.785574] ? syscall_return_slowpath+0x5e0/0x5e0 [ 28.790500] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.795343] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 28.800361] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 28.805390] ? prepare_exit_to_usermode+0x291/0x3b0 [ 28.810442] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.815291] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.820482] RIP: 0033:0x43ecc8 [ 28.823683] Code: Bad RIP value. [ 28.827057] RSP: 002b:00007fff07db3568 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 28.834773] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 28.842049] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 28.849321] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 28.856595] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 28.863872] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 28.871159] [ 28.871164] ====================================================== [ 28.871170] WARNING: possible circular locking dependency detected [ 28.871174] 4.19.0-rc2+ #226 Not tainted [ 28.871179] ------------------------------------------------------ [ 28.871184] syz-executor154/4287 is trying to acquire lock: [ 28.871188] 0000000040928573 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 28.871203] [ 28.871207] but task is already holding lock: [ 28.871211] 00000000165402b2 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 28.871225] [ 28.871230] which lock already depends on the new lock. [ 28.871232] [ 28.871234] [ 28.871239] the existing dependency chain (in reverse order) is: [ 28.871241] [ 28.871244] -> #3 (report_lock){....}: [ 28.871258] _raw_spin_lock_irqsave+0x96/0xc0 [ 28.871263] kasan_report+0x8e/0x110 [ 28.871268] __asan_report_load8_noabort+0x14/0x20 [ 28.871272] __schedule+0xf54/0x1df0 [ 28.871276] preempt_schedule_common+0x22/0x60 [ 28.871280] _cond_resched+0x1d/0x30 [ 28.871284] wait_for_completion+0xa5/0x8d0 [ 28.871288] __synchronize_srcu+0x189/0x240 [ 28.871293] synchronize_srcu+0x335/0x56f [ 28.871298] kvm_page_track_unregister_notifier+0x17d/0x250 [ 28.871302] kvm_mmu_uninit_vm+0x1c/0x20 [ 28.871306] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 28.871310] kvm_put_kvm+0x73f/0x1060 [ 28.871314] kvm_vm_release+0x42/0x50 [ 28.871318] __fput+0x38a/0xa40 [ 28.871321] ____fput+0x15/0x20 [ 28.871325] task_work_run+0x1e8/0x2a0 [ 28.871329] do_exit+0x1ae4/0x26e0 [ 28.871333] do_group_exit+0x177/0x440 [ 28.871337] __x64_sys_exit_group+0x3e/0x50 [ 28.871341] do_syscall_64+0x1b9/0x820 [ 28.871346] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.871348] [ 28.871350] -> #2 (&rq->lock){-.-.}: [ 28.871364] _raw_spin_lock+0x2a/0x40 [ 28.871368] task_fork_fair+0x93/0x680 [ 28.871372] sched_fork+0x44b/0xbd0 [ 28.871376] copy_process+0x235e/0x7af0 [ 28.871380] _do_fork+0x1ca/0x1170 [ 28.871384] kernel_thread+0x34/0x40 [ 28.871387] rest_init+0x22/0xe4 [ 28.871391] start_kernel+0x913/0x94e [ 28.871396] x86_64_start_reservations+0x29/0x2b [ 28.871400] x86_64_start_kernel+0x76/0x79 [ 28.871404] secondary_startup_64+0xa4/0xb0 [ 28.871406] [ 28.871408] -> #1 (&p->pi_lock){-.-.}: [ 28.871423] _raw_spin_lock_irqsave+0x96/0xc0 [ 28.871427] try_to_wake_up+0xd2/0x1250 [ 28.871431] wake_up_process+0x10/0x20 [ 28.871435] __up.isra.1+0x1c0/0x2a0 [ 28.871438] up+0x13c/0x1c0 [ 28.871442] __up_console_sem+0xbe/0x1b0 [ 28.871446] console_unlock+0x506/0x10e0 [ 28.871450] vprintk_emit+0x33a/0x910 [ 28.871454] vprintk_default+0x28/0x30 [ 28.871458] vprintk_func+0x7a/0x117 [ 28.871461] printk+0xa7/0xcf [ 28.871465] load_umh+0x51/0xbd [ 28.871469] do_one_initcall+0x127/0x838 [ 28.871473] kernel_init_freeable+0x4bb/0x5ae [ 28.871477] kernel_init+0x11/0x1b3 [ 28.871481] ret_from_fork+0x3a/0x50 [ 28.871483] [ 28.871485] -> #0 ((console_sem).lock){-...}: [ 28.871500] lock_acquire+0x1e4/0x4f0 [ 28.871504] _raw_spin_lock_irqsave+0x96/0xc0 [ 28.871508] down_trylock+0x13/0x70 [ 28.871512] __down_trylock_console_sem+0xae/0x200 [ 28.871516] console_trylock+0x15/0xa0 [ 28.871520] vprintk_emit+0x31f/0x910 [ 28.871524] vprintk_default+0x28/0x30 [ 28.871528] vprintk_func+0x7a/0x117 [ 28.871531] printk+0xa7/0xcf [ 28.871535] kasan_report+0x9e/0x110 [ 28.871540] __asan_report_load8_noabort+0x14/0x20 [ 28.871544] __schedule+0xf54/0x1df0 [ 28.871548] preempt_schedule_common+0x22/0x60 [ 28.871552] _cond_resched+0x1d/0x30 [ 28.871556] wait_for_completion+0xa5/0x8d0 [ 28.871560] __synchronize_srcu+0x189/0x240 [ 28.871564] synchronize_srcu+0x335/0x56f [ 28.871570] kvm_page_track_unregister_notifier+0x17d/0x250 [ 28.871574] kvm_mmu_uninit_vm+0x1c/0x20 [ 28.871578] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 28.871582] kvm_put_kvm+0x73f/0x1060 [ 28.871586] kvm_vm_release+0x42/0x50 [ 28.871589] __fput+0x38a/0xa40 [ 28.871593] ____fput+0x15/0x20 [ 28.871597] task_work_run+0x1e8/0x2a0 [ 28.871600] do_exit+0x1ae4/0x26e0 [ 28.871604] do_group_exit+0x177/0x440 [ 28.871608] __x64_sys_exit_group+0x3e/0x50 [ 28.871612] do_syscall_64+0x1b9/0x820 [ 28.871617] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.871619] [ 28.871624] other info that might help us debug this: [ 28.871626] [ 28.871629] Chain exists of: [ 28.871631] (console_sem).lock --> &rq->lock --> report_lock [ 28.871650] [ 28.871654] Possible unsafe locking scenario: [ 28.871656] [ 28.871660] CPU0 CPU1 [ 28.871665] ---- ---- [ 28.871667] lock(report_lock); [ 28.871676] lock(&rq->lock); [ 28.871685] lock(report_lock); [ 28.871693] lock((console_sem).lock); [ 28.871718] [ 28.871721] *** DEADLOCK *** [ 28.871724] [ 28.871728] 2 locks held by syz-executor154/4287: [ 28.871731] #0: 00000000cf37d840 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 28.871748] #1: 00000000165402b2 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 28.871771] [ 28.871775] stack backtrace: [ 28.871781] CPU: 0 PID: 4287 Comm: syz-executor154 Not tainted 4.19.0-rc2+ #226 [ 28.871788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.871791] Call Trace: [ 28.871808] dump_stack+0x1c9/0x2b4 [ 28.871813] ? dump_stack_print_info.cold.2+0x52/0x52 [ 28.871818] ? vprintk_func+0x100/0x117 [ 28.871823] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 28.871827] ? save_trace+0xe0/0x290 [ 28.871831] __lock_acquire+0x3449/0x5020 [ 28.871835] ? mark_held_locks+0x160/0x160 [ 28.871839] ? mark_held_locks+0x160/0x160 [ 28.871844] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 28.871848] ? is_bpf_text_address+0xd7/0x170 [ 28.871852] ? kernel_text_address+0x79/0xf0 [ 28.871857] ? __kernel_text_address+0xd/0x40 [ 28.871861] ? __save_stack_trace+0x8d/0xf0 [ 28.871866] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 28.871870] ? save_trace+0x290/0x290 [ 28.871874] ? save_stack_trace+0x1a/0x20 [ 28.871878] ? save_trace+0xe0/0x290 [ 28.871882] ? graph_lock+0x170/0x170 [ 28.871887] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 28.871891] lock_acquire+0x1e4/0x4f0 [ 28.871895] ? down_trylock+0x13/0x70 [ 28.871899] ? lock_release+0x9f0/0x9f0 [ 28.871903] ? trace_hardirqs_off+0xb8/0x2c0 [ 28.871907] ? trace_hardirqs_on+0x2c0/0x2c0 [ 28.871911] ? trace_hardirqs_off+0xb8/0x2c0 [ 28.871915] ? log_store+0x34f/0x4c0 [ 28.871919] ? vprintk_emit+0x31f/0x910 [ 28.871924] _raw_spin_lock_irqsave+0x96/0xc0 [ 28.871928] ? down_trylock+0x13/0x70 [ 28.871931] down_trylock+0x13/0x70 [ 28.871936] __down_trylock_console_sem+0xae/0x200 [ 28.871940] console_trylock+0x15/0xa0 [ 28.871944] vprintk_emit+0x31f/0x910 [ 28.871948] ? wake_up_klogd+0x110/0x110 [ 28.871952] ? run_rebalance_domains+0x4c0/0x4c0 [ 28.871956] ? kasan_check_read+0x11/0x20 [ 28.871961] ? rcu_is_watching+0x8c/0x150 [ 28.871965] ? rcu_pm_notify+0xc0/0xc0 [ 28.871969] ? lock_acquire+0x1e4/0x4f0 [ 28.871972] ? kasan_report+0x8e/0x110 [ 28.871976] ? __schedule+0xf54/0x1df0 [ 28.871980] vprintk_default+0x28/0x30 [ 28.871984] vprintk_func+0x7a/0x117 [ 28.871988] printk+0xa7/0xcf [ 28.871992] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 28.871996] ? kasan_check_write+0x14/0x20 [ 28.872000] ? do_raw_spin_lock+0xc1/0x200 [ 28.872004] ? do_raw_spin_lock+0xc1/0x200 [ 28.872008] kasan_report+0x9e/0x110 [ 28.872013] __asan_report_load8_noabort+0x14/0x20 [ 28.872017] __schedule+0xf54/0x1df0 [ 28.872021] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 28.872026] ? __sched_text_start+0x8/0x8 [ 28.872029] ? __call_srcu+0x7e7/0x1040 [ 28.872034] ? check_same_owner+0x340/0x340 [ 28.872038] ? mark_held_locks+0x160/0x160 [ 28.872042] ? find_held_lock+0x36/0x1c0 [ 28.872046] preempt_schedule_common+0x22/0x60 [ 28.872050] _cond_resched+0x1d/0x30 [ 28.872054] wait_for_completion+0xa5/0x8d0 [ 28.872059] ? wait_for_completion_interruptible+0x950/0x950 [ 28.872064] ? __lockdep_init_map+0x105/0x590 [ 28.872068] ? __init_waitqueue_head+0x9e/0x150 [ 28.872072] ? init_wait_entry+0x1c0/0x1c0 [ 28.872076] __synchronize_srcu+0x189/0x240 [ 28.872080] ? call_srcu+0x10/0x10 [ 28.872084] ? rcu_unexpedite_gp+0x20/0x20 [ 28.872089] synchronize_srcu+0x335/0x56f [ 28.872093] ? lock_downgrade+0x8f0/0x8f0 [ 28.872098] ? synchronize_srcu_expedited+0x20/0x20 [ 28.872102] ? kasan_check_read+0x11/0x20 [ 28.872106] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 28.872110] ? kasan_check_write+0x14/0x20 [ 28.872115] ? do_raw_spin_lock+0xc1/0x200 [ 28.872120] kvm_page_track_unregister_notifier+0x17d/0x250 [ 28.872125] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 28.872128] ? kvfree+0x61/0x70 [ 28.872133] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.872137] kvm_mmu_uninit_vm+0x1c/0x20 [ 28.872141] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 28.872146] ? kvm_arch_sync_events+0x30/0x30 [ 28.872151] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 28.872155] ? mmu_notifier_unregister+0x474/0x600 [ 28.872159] ? trace_hardirqs_on+0x2c0/0x2c0 [ 28.872163] ? kfree+0x111/0x210 [ 28.872168] ? __mmu_notifier_register+0x30/0x30 [ 28.872172] ? __free_pages+0x10a/0x190 [ 28.872176] ? free_unref_page+0x930/0x930 [ 28.872180] kvm_put_kvm+0x73f/0x1060 [ 28.872184] ? kvm_write_guest_cached+0x40/0x40 [ 28.872188] ? _raw_spin_unlock_irq+0x27/0x70 [ 28.872193] ? _raw_spin_unlock_irq+0x27/0x70 [ 28.872197] ? lockdep_hardirqs_on+0x421/0x5c0 [ 28.872201] ? kasan_check_write+0x14/0x20 [ 28.872205] ? do_raw_spin_lock+0xc1/0x200 [ 28.872209] ? kvm_irqfd_release+0xdd/0x120 [ 28.872214] ? kvm_irqfd_release+0xdd/0x120 [ 28.872218] ? kvm_put_kvm+0x1060/0x1060 [ 28.872221] kvm_vm_release+0x42/0x50 [ 28.872225] __fput+0x38a/0xa40 [ 28.872229] ? __alloc_file+0x400/0x400 [ 28.872233] ? check_same_owner+0x340/0x340 [ 28.872237] ? kasan_check_write+0x14/0x20 [ 28.872241] ? do_raw_spin_lock+0xc1/0x200 [ 28.872245] ____fput+0x15/0x20 [ 28.872249] task_work_run+0x1e8/0x2a0 [ 28.872253] ? task_work_cancel+0x240/0x240 [ 28.872258] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 28.872263] ? switch_task_namespaces+0xa2/0xd0 [ 28.872267] do_exit+0x1ae4/0x26e0 [ 28.872271] ? mm_update_next_owner+0x9a0/0x9a0 [ 28.872275] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 28.872280] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.872284] ? kfree+0x1d7/0x210 [ 28.872288] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 28.872293] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 28.872297] ? is_bpf_text_address+0xd7/0x170 [ 28.872300] ? [ 28.872307] Lost 55 message(s)! [ 29.952626] Shutting down cpus with NMI [ 31.016963] Dumping ftrace buffer: [ 31.020510] (ftrace buffer empty) [ 31.024216] Kernel Offset: disabled [ 31.027845] Rebooting in 86400 seconds..