[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 21.345626] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.036885] random: sshd: uninitialized urandom read (32 bytes read) [ 26.249246] random: sshd: uninitialized urandom read (32 bytes read) [ 26.764210] random: sshd: uninitialized urandom read (32 bytes read) [ 40.831932] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.59' (ECDSA) to the list of known hosts. [ 46.372036] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 46.469208] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 46.495107] ================================================================== [ 46.504990] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 46.511220] Read of size 8 at addr ffff8801b07a0058 by task syz-executor538/4400 [ 46.518739] [ 46.520371] CPU: 0 PID: 4400 Comm: syz-executor538 Not tainted 4.19.0-rc1+ #212 [ 46.527814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.537530] Call Trace: [ 46.540108] dump_stack+0x1c9/0x2b4 [ 46.543715] ? dump_stack_print_info.cold.2+0x52/0x52 [ 46.548892] ? printk+0xa7/0xcf [ 46.552154] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 46.556957] ? __schedule+0xf54/0x1df0 [ 46.560837] print_address_description+0x6c/0x20b [ 46.565661] ? __schedule+0xf54/0x1df0 [ 46.569531] kasan_report.cold.7+0x242/0x30d [ 46.574448] __asan_report_load8_noabort+0x14/0x20 [ 46.579441] __schedule+0xf54/0x1df0 [ 46.583207] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 46.588299] ? __sched_text_start+0x8/0x8 [ 46.592431] ? __call_srcu+0x7e7/0x1040 [ 46.596391] ? check_same_owner+0x340/0x340 [ 46.600692] ? mark_held_locks+0x160/0x160 [ 46.604903] ? find_held_lock+0x36/0x1c0 [ 46.608946] preempt_schedule_common+0x22/0x60 [ 46.613511] _cond_resched+0x1d/0x30 [ 46.617204] wait_for_completion+0xa5/0x8d0 [ 46.621507] ? wait_for_completion_interruptible+0x950/0x950 [ 46.627298] ? __lockdep_init_map+0x105/0x590 [ 46.631780] ? __init_waitqueue_head+0x9e/0x150 [ 46.636428] ? init_wait_entry+0x1c0/0x1c0 [ 46.640761] __synchronize_srcu+0x189/0x240 [ 46.645068] ? call_srcu+0x10/0x10 [ 46.648645] ? rcu_unexpedite_gp+0x20/0x20 [ 46.652873] synchronize_srcu+0x335/0x56f [ 46.657001] ? lock_downgrade+0x8f0/0x8f0 [ 46.661234] ? synchronize_srcu_expedited+0x20/0x20 [ 46.666237] ? kasan_check_read+0x11/0x20 [ 46.670372] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 46.674938] ? kasan_check_write+0x14/0x20 [ 46.679154] ? do_raw_spin_lock+0xc1/0x200 [ 46.683375] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.689071] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 46.694556] ? kvfree+0x61/0x70 [ 46.697833] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.702833] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.706882] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.711273] ? kvm_arch_sync_events+0x30/0x30 [ 46.715754] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.721275] ? mmu_notifier_unregister+0x474/0x600 [ 46.726185] ? trace_hardirqs_on+0x2c0/0x2c0 [ 46.730582] ? kfree+0x111/0x210 [ 46.733935] ? __mmu_notifier_register+0x30/0x30 [ 46.738676] ? __free_pages+0x10a/0x190 [ 46.742630] ? free_unref_page+0x930/0x930 [ 46.746862] kvm_put_kvm+0x73f/0x1060 [ 46.750649] ? kvm_write_guest_cached+0x40/0x40 [ 46.755371] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.759863] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.764341] ? lockdep_hardirqs_on+0x421/0x5c0 [ 46.768909] ? kasan_check_write+0x14/0x20 [ 46.773125] ? do_raw_spin_lock+0xc1/0x200 [ 46.777339] ? kvm_irqfd_release+0xdd/0x120 [ 46.781641] ? kvm_irqfd_release+0xdd/0x120 [ 46.785943] ? kvm_put_kvm+0x1060/0x1060 [ 46.789983] kvm_vm_release+0x42/0x50 [ 46.793764] __fput+0x36e/0x8c0 [ 46.797022] ? __alloc_file+0x400/0x400 [ 46.800985] ? check_same_owner+0x340/0x340 [ 46.805292] ? kasan_check_write+0x14/0x20 [ 46.809511] ? do_raw_spin_lock+0xc1/0x200 [ 46.813726] ____fput+0x15/0x20 [ 46.816987] task_work_run+0x1e8/0x2a0 [ 46.820854] ? task_work_cancel+0x240/0x240 [ 46.825259] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.830787] ? switch_task_namespaces+0xa2/0xd0 [ 46.835515] do_exit+0x1ae4/0x26e0 [ 46.839052] ? mm_update_next_owner+0x9a0/0x9a0 [ 46.843705] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 46.847921] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.852921] ? kfree+0x1d7/0x210 [ 46.856270] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 46.860545] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 46.866251] ? is_bpf_text_address+0xd7/0x170 [ 46.870732] ? kernel_text_address+0x79/0xf0 [ 46.875169] ? __kernel_text_address+0xd/0x40 [ 46.879653] ? unwind_get_return_address+0x61/0xa0 [ 46.884564] ? __save_stack_trace+0x8d/0xf0 [ 46.888870] ? save_stack+0xa9/0xd0 [ 46.892479] ? save_stack+0x43/0xd0 [ 46.896086] ? __kasan_slab_free+0x11a/0x170 [ 46.900474] ? kasan_slab_free+0xe/0x10 [ 46.904430] ? putname+0xf2/0x130 [ 46.907864] ? __x64_sys_openat+0x9d/0x100 [ 46.912083] ? do_syscall_64+0x1b9/0x820 [ 46.916131] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.921483] ? trace_hardirqs_off+0xb8/0x2b0 [ 46.925873] ? kasan_check_read+0x11/0x20 [ 46.930003] ? do_raw_spin_unlock+0xa7/0x2f0 [ 46.934398] ? trace_hardirqs_on+0x2c0/0x2c0 [ 46.938793] ? initcall_blacklisted+0x9a/0x1e0 [ 46.943361] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 46.948447] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 46.954145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.959664] ? do_vfs_ioctl+0x201/0x1720 [ 46.963706] ? rcu_is_watching+0x8c/0x150 [ 46.967832] ? trace_hardirqs_on+0xbd/0x2c0 [ 46.972199] ? ioctl_preallocate+0x300/0x300 [ 46.976601] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.982228] ? __fget_light+0x2f7/0x440 [ 46.986188] ? fget_raw+0x20/0x20 [ 46.989620] ? putname+0xf2/0x130 [ 46.993067] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.998071] ? kmem_cache_free+0x246/0x280 [ 47.002285] ? putname+0xf7/0x130 [ 47.005720] do_group_exit+0x177/0x440 [ 47.009588] ? trace_hardirqs_on+0xbd/0x2c0 [ 47.013887] ? __ia32_sys_exit+0x50/0x50 [ 47.017926] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 47.023010] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.028525] ? ksys_ioctl+0x81/0xd0 [ 47.032133] __x64_sys_exit_group+0x3e/0x50 [ 47.036506] do_syscall_64+0x1b9/0x820 [ 47.040386] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 47.045733] ? syscall_return_slowpath+0x5e0/0x5e0 [ 47.050640] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.055516] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 47.060522] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 47.065521] ? prepare_exit_to_usermode+0x291/0x3b0 [ 47.070519] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.075348] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.080520] RIP: 0033:0x43ecc8 [ 47.083702] Code: Bad RIP value. [ 47.087049] RSP: 002b:00007fff76956ab8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 47.094742] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 47.101993] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 47.109252] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 47.116505] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 47.123751] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 47.131005] [ 47.132613] Allocated by task 4400: [ 47.136226] save_stack+0x43/0xd0 [ 47.139656] kasan_kmalloc+0xc4/0xe0 [ 47.143350] kasan_slab_alloc+0x12/0x20 [ 47.147307] kmem_cache_alloc+0x12e/0x710 [ 47.151436] vmx_create_vcpu+0xcf/0x2830 [ 47.155477] kvm_arch_vcpu_create+0xe5/0x220 [ 47.159971] kvm_vm_ioctl+0x488/0x1d80 [ 47.163844] do_vfs_ioctl+0x1de/0x1720 [ 47.167713] ksys_ioctl+0xa9/0xd0 [ 47.171146] __x64_sys_ioctl+0x73/0xb0 [ 47.175014] do_syscall_64+0x1b9/0x820 [ 47.178886] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.184055] [ 47.185658] Freed by task 4400: [ 47.188917] save_stack+0x43/0xd0 [ 47.192361] __kasan_slab_free+0x11a/0x170 [ 47.196577] kasan_slab_free+0xe/0x10 [ 47.200356] kmem_cache_free+0x86/0x280 [ 47.204314] vmx_free_vcpu+0x26b/0x300 [ 47.208196] kvm_arch_destroy_vm+0x365/0x7c0 [ 47.212679] kvm_put_kvm+0x73f/0x1060 [ 47.216468] kvm_vm_release+0x42/0x50 [ 47.220253] __fput+0x36e/0x8c0 [ 47.223515] ____fput+0x15/0x20 [ 47.226772] task_work_run+0x1e8/0x2a0 [ 47.230646] do_exit+0x1ae4/0x26e0 [ 47.234167] do_group_exit+0x177/0x440 [ 47.238032] __x64_sys_exit_group+0x3e/0x50 [ 47.242339] do_syscall_64+0x1b9/0x820 [ 47.246209] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.251374] [ 47.252979] The buggy address belongs to the object at ffff8801b07a0040 [ 47.252979] which belongs to the cache kvm_vcpu of size 23872 [ 47.265533] The buggy address is located 24 bytes inside of [ 47.265533] 23872-byte region [ffff8801b07a0040, ffff8801b07a5d80) [ 47.277473] The buggy address belongs to the page: [ 47.282389] page:ffffea0006c1e800 count:1 mapcount:0 mapping:ffff8801d9fef0c0 index:0x0 compound_mapcount: 0 [ 47.292338] flags: 0x2fffc0000008100(slab|head) [ 47.296989] raw: 02fffc0000008100 ffff8801d4cf8648 ffff8801d4cf8648 ffff8801d9fef0c0 [ 47.304854] raw: 0000000000000000 ffff8801b07a0040 0000000100000001 0000000000000000 [ 47.312710] page dumped because: kasan: bad access detected [ 47.318544] [ 47.320149] Memory state around the buggy address: [ 47.325061] ffff8801b079ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.332399] ffff8801b079ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.339739] >ffff8801b07a0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 47.347074] ^ [ 47.353286] ffff8801b07a0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.360739] ffff8801b07a0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.368076] ================================================================== [ 47.375411] Kernel panic - not syncing: panic_on_warn set ... [ 47.375411] [ 47.382863] CPU: 0 PID: 4400 Comm: syz-executor538 Tainted: G B 4.19.0-rc1+ #212 [ 47.391677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.401269] Call Trace: [ 47.403894] dump_stack+0x1c9/0x2b4 [ 47.407516] ? dump_stack_print_info.cold.2+0x52/0x52 [ 47.412737] ? lock_downgrade+0x8f0/0x8f0 [ 47.416875] ? __schedule+0xf54/0x1df0 [ 47.420745] panic+0x238/0x4e7 [ 47.423914] ? add_taint.cold.5+0x16/0x16 [ 47.428051] ? print_shadow_for_address+0xba/0x116 [ 47.432959] ? trace_hardirqs_off+0xaf/0x2b0 [ 47.437347] ? trace_hardirqs_off+0x77/0x2b0 [ 47.441734] ? __schedule+0xf54/0x1df0 [ 47.445600] kasan_end_report+0x47/0x4f [ 47.449676] kasan_report.cold.7+0x76/0x30d [ 47.453980] __asan_report_load8_noabort+0x14/0x20 [ 47.458893] __schedule+0xf54/0x1df0 [ 47.462590] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 47.467673] ? __sched_text_start+0x8/0x8 [ 47.471918] ? __call_srcu+0x7e7/0x1040 [ 47.475884] ? check_same_owner+0x340/0x340 [ 47.480187] ? mark_held_locks+0x160/0x160 [ 47.484400] ? find_held_lock+0x36/0x1c0 [ 47.488443] preempt_schedule_common+0x22/0x60 [ 47.493004] _cond_resched+0x1d/0x30 [ 47.496694] wait_for_completion+0xa5/0x8d0 [ 47.500995] ? wait_for_completion_interruptible+0x950/0x950 [ 47.506778] ? __lockdep_init_map+0x105/0x590 [ 47.511255] ? __init_waitqueue_head+0x9e/0x150 [ 47.515900] ? init_wait_entry+0x1c0/0x1c0 [ 47.520116] __synchronize_srcu+0x189/0x240 [ 47.524415] ? call_srcu+0x10/0x10 [ 47.527940] ? rcu_unexpedite_gp+0x20/0x20 [ 47.532164] synchronize_srcu+0x335/0x56f [ 47.536297] ? lock_downgrade+0x8f0/0x8f0 [ 47.540425] ? synchronize_srcu_expedited+0x20/0x20 [ 47.545648] ? kasan_check_read+0x11/0x20 [ 47.549779] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 47.554343] ? kasan_check_write+0x14/0x20 [ 47.558561] ? do_raw_spin_lock+0xc1/0x200 [ 47.562780] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.568469] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 47.573897] ? kvfree+0x61/0x70 [ 47.577159] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.582160] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.586205] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.590601] ? kvm_arch_sync_events+0x30/0x30 [ 47.595087] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.600672] ? mmu_notifier_unregister+0x474/0x600 [ 47.605587] ? trace_hardirqs_on+0x2c0/0x2c0 [ 47.609973] ? kfree+0x111/0x210 [ 47.613320] ? __mmu_notifier_register+0x30/0x30 [ 47.618064] ? __free_pages+0x10a/0x190 [ 47.622028] ? free_unref_page+0x930/0x930 [ 47.626266] kvm_put_kvm+0x73f/0x1060 [ 47.630064] ? kvm_write_guest_cached+0x40/0x40 [ 47.634723] ? _raw_spin_unlock_irq+0x27/0x70 [ 47.639197] ? _raw_spin_unlock_irq+0x27/0x70 [ 47.643674] ? lockdep_hardirqs_on+0x421/0x5c0 [ 47.648239] ? kasan_check_write+0x14/0x20 [ 47.652453] ? do_raw_spin_lock+0xc1/0x200 [ 47.656818] ? kvm_irqfd_release+0xdd/0x120 [ 47.661125] ? kvm_irqfd_release+0xdd/0x120 [ 47.665428] ? kvm_put_kvm+0x1060/0x1060 [ 47.669467] kvm_vm_release+0x42/0x50 [ 47.673250] __fput+0x36e/0x8c0 [ 47.676514] ? __alloc_file+0x400/0x400 [ 47.680479] ? check_same_owner+0x340/0x340 [ 47.684787] ? kasan_check_write+0x14/0x20 [ 47.689010] ? do_raw_spin_lock+0xc1/0x200 [ 47.693279] ____fput+0x15/0x20 [ 47.696545] task_work_run+0x1e8/0x2a0 [ 47.700413] ? task_work_cancel+0x240/0x240 [ 47.704719] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.710243] ? switch_task_namespaces+0xa2/0xd0 [ 47.714898] do_exit+0x1ae4/0x26e0 [ 47.718421] ? mm_update_next_owner+0x9a0/0x9a0 [ 47.723079] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 47.727297] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.732293] ? kfree+0x1d7/0x210 [ 47.735637] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 47.739853] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 47.745543] ? is_bpf_text_address+0xd7/0x170 [ 47.750018] ? kernel_text_address+0x79/0xf0 [ 47.754408] ? __kernel_text_address+0xd/0x40 [ 47.758887] ? unwind_get_return_address+0x61/0xa0 [ 47.763806] ? __save_stack_trace+0x8d/0xf0 [ 47.768115] ? save_stack+0xa9/0xd0 [ 47.771720] ? save_stack+0x43/0xd0 [ 47.775324] ? __kasan_slab_free+0x11a/0x170 [ 47.779714] ? kasan_slab_free+0xe/0x10 [ 47.783670] ? putname+0xf2/0x130 [ 47.787102] ? __x64_sys_openat+0x9d/0x100 [ 47.791319] ? do_syscall_64+0x1b9/0x820 [ 47.795363] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.800710] ? trace_hardirqs_off+0xb8/0x2b0 [ 47.805096] ? kasan_check_read+0x11/0x20 [ 47.809227] ? do_raw_spin_unlock+0xa7/0x2f0 [ 47.813614] ? trace_hardirqs_on+0x2c0/0x2c0 [ 47.818011] ? initcall_blacklisted+0x9a/0x1e0 [ 47.822579] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 47.827666] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 47.833365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.838894] ? do_vfs_ioctl+0x201/0x1720 [ 47.842940] ? rcu_is_watching+0x8c/0x150 [ 47.847075] ? trace_hardirqs_on+0xbd/0x2c0 [ 47.851379] ? ioctl_preallocate+0x300/0x300 [ 47.855769] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.861406] ? __fget_light+0x2f7/0x440 [ 47.865363] ? fget_raw+0x20/0x20 [ 47.868793] ? putname+0xf2/0x130 [ 47.872279] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.877285] ? kmem_cache_free+0x246/0x280 [ 47.881498] ? putname+0xf7/0x130 [ 47.884933] do_group_exit+0x177/0x440 [ 47.888800] ? trace_hardirqs_on+0xbd/0x2c0 [ 47.893101] ? __ia32_sys_exit+0x50/0x50 [ 47.897143] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 47.902230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.907746] ? ksys_ioctl+0x81/0xd0 [ 47.911354] __x64_sys_exit_group+0x3e/0x50 [ 47.915659] do_syscall_64+0x1b9/0x820 [ 47.919605] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 47.924957] ? syscall_return_slowpath+0x5e0/0x5e0 [ 47.929866] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.934694] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 47.939690] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 47.944688] ? prepare_exit_to_usermode+0x291/0x3b0 [ 47.949686] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.954514] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.959682] RIP: 0033:0x43ecc8 [ 47.962866] Code: Bad RIP value. [ 47.966261] RSP: 002b:00007fff76956ab8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 47.974059] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 47.981316] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 47.988572] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 47.995837] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 48.003089] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 48.010349] [ 48.010353] ====================================================== [ 48.010356] WARNING: possible circular locking dependency detected [ 48.010358] 4.19.0-rc1+ #212 Not tainted [ 48.010361] ------------------------------------------------------ [ 48.010364] syz-executor538/4400 is trying to acquire lock: [ 48.010366] 0000000089b0b841 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 48.010375] [ 48.010377] but task is already holding lock: [ 48.010379] 00000000a9a15e57 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 48.010387] [ 48.010389] which lock already depends on the new lock. [ 48.010390] [ 48.010392] [ 48.010395] the existing dependency chain (in reverse order) is: [ 48.010396] [ 48.010397] -> #3 (report_lock){....}: [ 48.010405] _raw_spin_lock_irqsave+0x96/0xc0 [ 48.010407] kasan_report+0x8e/0x110 [ 48.010410] __asan_report_load8_noabort+0x14/0x20 [ 48.010412] __schedule+0xf54/0x1df0 [ 48.010415] preempt_schedule_common+0x22/0x60 [ 48.010417] _cond_resched+0x1d/0x30 [ 48.010420] wait_for_completion+0xa5/0x8d0 [ 48.010422] __synchronize_srcu+0x189/0x240 [ 48.010425] synchronize_srcu+0x335/0x56f [ 48.010428] kvm_page_track_unregister_notifier+0x17d/0x250 [ 48.010430] kvm_mmu_uninit_vm+0x1c/0x20 [ 48.010432] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 48.010434] kvm_put_kvm+0x73f/0x1060 [ 48.010437] kvm_vm_release+0x42/0x50 [ 48.010439] __fput+0x36e/0x8c0 [ 48.010441] ____fput+0x15/0x20 [ 48.010443] task_work_run+0x1e8/0x2a0 [ 48.010445] do_exit+0x1ae4/0x26e0 [ 48.010447] do_group_exit+0x177/0x440 [ 48.010449] __x64_sys_exit_group+0x3e/0x50 [ 48.010452] do_syscall_64+0x1b9/0x820 [ 48.010454] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.010456] [ 48.010457] -> #2 (&rq->lock){-.-.}: [ 48.010464] _raw_spin_lock+0x2a/0x40 [ 48.010466] task_fork_fair+0x93/0x680 [ 48.010468] sched_fork+0x44b/0xbd0 [ 48.010471] copy_process+0x235e/0x7ad0 [ 48.010477] _do_fork+0x1ca/0x1170 [ 48.010480] kernel_thread+0x34/0x40 [ 48.010482] rest_init+0x22/0xe4 [ 48.010484] start_kernel+0x913/0x94e [ 48.010486] x86_64_start_reservations+0x29/0x2b [ 48.010489] x86_64_start_kernel+0x76/0x79 [ 48.010491] secondary_startup_64+0xa4/0xb0 [ 48.010492] [ 48.010493] -> #1 (&p->pi_lock){-.-.}: [ 48.010501] _raw_spin_lock_irqsave+0x96/0xc0 [ 48.010503] try_to_wake_up+0xd2/0x1250 [ 48.010506] wake_up_process+0x10/0x20 [ 48.010508] __up.isra.1+0x1c0/0x2a0 [ 48.010510] up+0x13c/0x1c0 [ 48.010512] __up_console_sem+0xbe/0x1b0 [ 48.010514] console_unlock+0x506/0x10d0 [ 48.010516] vprintk_emit+0x33a/0x910 [ 48.010518] vprintk_default+0x28/0x30 [ 48.010521] vprintk_func+0x7a/0x117 [ 48.010523] printk+0xa7/0xcf [ 48.010525] load_umh+0x51/0xbd [ 48.010527] do_one_initcall+0x127/0x838 [ 48.010530] kernel_init_freeable+0x4bb/0x5ae [ 48.010532] kernel_init+0x11/0x1b3 [ 48.010534] ret_from_fork+0x3a/0x50 [ 48.010535] [ 48.010536] -> #0 ((console_sem).lock){-...}: [ 48.010544] lock_acquire+0x1e4/0x4f0 [ 48.010547] _raw_spin_lock_irqsave+0x96/0xc0 [ 48.010549] down_trylock+0x13/0x70 [ 48.010552] __down_trylock_console_sem+0xae/0x200 [ 48.010554] console_trylock+0x15/0xa0 [ 48.010556] vprintk_emit+0x31f/0x910 [ 48.010559] vprintk_default+0x28/0x30 [ 48.010561] vprintk_func+0x7a/0x117 [ 48.010563] printk+0xa7/0xcf [ 48.010565] kasan_report+0x9e/0x110 [ 48.010567] __asan_report_load8_noabort+0x14/0x20 [ 48.010569] __schedule+0xf54/0x1df0 [ 48.010572] preempt_schedule_common+0x22/0x60 [ 48.010574] _cond_resched+0x1d/0x30 [ 48.010577] wait_for_completion+0xa5/0x8d0 [ 48.010579] __synchronize_srcu+0x189/0x240 [ 48.010581] synchronize_srcu+0x335/0x56f [ 48.010584] kvm_page_track_unregister_notifier+0x17d/0x250 [ 48.010586] kvm_mmu_uninit_vm+0x1c/0x20 [ 48.010589] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 48.010591] kvm_put_kvm+0x73f/0x1060 [ 48.010593] kvm_vm_release+0x42/0x50 [ 48.010595] __fput+0x36e/0x8c0 [ 48.010597] ____fput+0x15/0x20 [ 48.010599] task_work_run+0x1e8/0x2a0 [ 48.010601] do_exit+0x1ae4/0x26e0 [ 48.010604] do_group_exit+0x177/0x440 [ 48.010606] __x64_sys_exit_group+0x3e/0x50 [ 48.010608] do_syscall_64+0x1b9/0x820 [ 48.010611] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.010612] [ 48.010615] other info that might help us debug this: [ 48.010616] [ 48.010618] Chain exists of: [ 48.010619] (console_sem).lock --> &rq->lock --> report_lock [ 48.010629] [ 48.010631] Possible unsafe locking scenario: [ 48.010632] [ 48.010635] CPU0 CPU1 [ 48.010637] ---- ---- [ 48.010638] lock(report_lock); [ 48.010644] lock(&rq->lock); [ 48.010649] lock(report_lock); [ 48.010653] lock((console_sem).lock); [ 48.010657] [ 48.010659] *** DEADLOCK *** [ 48.010660] [ 48.010662] 2 locks held by syz-executor538/4400: [ 48.010664] #0: 0000000018ffb106 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 48.010673] #1: 00000000a9a15e57 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 48.010682] [ 48.010683] stack backtrace: [ 48.010687] CPU: 0 PID: 4400 Comm: syz-executor538 Not tainted 4.19.0-rc1+ #212 [ 48.010691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.010693] Call Trace: [ 48.010695] dump_stack+0x1c9/0x2b4 [ 48.010698] ? dump_stack_print_info.cold.2+0x52/0x52 [ 48.010700] ? vprintk_func+0x100/0x117 [ 48.010703] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 48.010705] ? save_trace+0xe0/0x290 [ 48.010707] __lock_acquire+0x3449/0x5020 [ 48.010709] ? mark_held_locks+0x160/0x160 [ 48.010712] ? mark_held_locks+0x160/0x160 [ 48.010714] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 48.010716] ? is_bpf_text_address+0xd7/0x170 [ 48.010719] ? kernel_text_address+0x79/0xf0 [ 48.010721] ? __kernel_text_address+0xd/0x40 [ 48.010723] ? __save_stack_trace+0x8d/0xf0 [ 48.010726] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 48.010728] ? save_trace+0x290/0x290 [ 48.010730] ? save_stack_trace+0x1a/0x20 [ 48.010732] ? save_trace+0xe0/0x290 [ 48.010735] ? graph_lock+0x170/0x170 [ 48.010737] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.010739] lock_acquire+0x1e4/0x4f0 [ 48.010742] ? down_trylock+0x13/0x70 [ 48.010744] ? lock_release+0x9f0/0x9f0 [ 48.010746] ? trace_hardirqs_off+0xb8/0x2b0 [ 48.010748] ? trace_hardirqs_on+0x2c0/0x2c0 [ 48.010751] ? trace_hardirqs_off+0xb8/0x2b0 [ 48.010753] ? log_store+0x34f/0x4c0 [ 48.010755] ? vprintk_emit+0x31f/0x910 [ 48.010757] _raw_spin_lock_irqsave+0x96/0xc0 [ 48.010759] ? down_trylock+0x13/0x70 [ 48.010762] down_trylock+0x13/0x70 [ 48.010764] __down_trylock_console_sem+0xae/0x200 [ 48.010766] console_trylock+0x15/0xa0 [ 48.010768] vprintk_emit+0x31f/0x910 [ 48.010770] ? wake_up_klogd+0x110/0x110 [ 48.010773] ? run_rebalance_domains+0x4c0/0x4c0 [ 48.010775] ? kasan_check_read+0x11/0x20 [ 48.010777] ? rcu_is_watching+0x8c/0x150 [ 48.010780] ? rcu_pm_notify+0xc0/0xc0 [ 48.010782] ? lock_acquire+0x1e4/0x4f0 [ 48.010784] ? kasan_report+0x8e/0x110 [ 48.010786] ? __schedule+0xf54/0x1df0 [ 48.010788] vprintk_default+0x28/0x30 [ 48.010790] vprintk_func+0x7a/0x117 [ 48.010792] printk+0xa7/0xcf [ 48.010794] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 48.010797] ? kasan_check_write+0x14/0x20 [ 48.010799] ? do_raw_spin_lock+0xc1/0x200 [ 48.010801] ? do_raw_spin_lock+0xc1/0x200 [ 48.010803] kasan_report+0x9e/0x110 [ 48.010806] __asan_report_load8_noabort+0x14/0x20 [ 48.010808] __schedule+0xf54/0x1df0 [ 48.010811] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 48.010813] ? __sched_text_start+0x8/0x8 [ 48.010815] ? __call_srcu+0x7e7/0x1040 [ 48.010817] ? check_same_owner+0x340/0x340 [ 48.010820] ? mark_held_locks+0x160/0x160 [ 48.010822] ? find_held_lock+0x36/0x1c0 [ 48.010824] preempt_schedule_common+0x22/0x60 [ 48.010826] _cond_resched+0x1d/0x30 [ 48.010829] wait_for_completion+0xa5/0x8d0 [ 48.010832] ? wait_for_completion_interruptible+0x950/0x950 [ 48.010834] ? __lockdep_init_map+0x105/0x590 [ 48.010837] ? __init_waitqueue_head+0x9e/0x150 [ 48.010839] ? init_wait_entry+0x1c0/0x1c0 [ 48.010841] __synchronize_srcu+0x189/0x240 [ 48.010843] ? call_srcu+0x10/0x10 [ 48.010846] ? rcu_unexpedite_gp+0x20/0x20 [ 48.010848] synchronize_srcu+0x335/0x56f [ 48.010850] ? lock_downgrade+0x8f0/0x8f0 [ 48.010853] ? synchronize_srcu_expedited+0x20/0x20 [ 48.010855] ? kasan_check_read+0x11/0x20 [ 48.010858] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 48.010860] ? kasan_check_write+0x14/0x20 [ 48.010862] ? do_raw_spin_lock+0xc1/0x200 [ 48.010865] kvm_page_track_unregister_notifier+0x17d/0x250 [ 48.010868] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 48.010870] ? kvfree+0x61/0x70 [ 48.010872] ? rcu_read_lock_sched_held+0x108/0x120 [ 48.010875] kvm_mmu_uninit_vm+0x1c/0x20 [ 48.010877] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 48.010879] ? kvm_arch_sync_events+0x30/0x30 [ 48.010882] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.010885] ? mmu_notifier_unregister+0x474/0x600 [ 48.010887] ? trace_hardirqs_on+0x2c0/0x2c0 [ 48.010889] ? kfree+0x111/0x210 [ 48.010892] ? __mmu_notifier_register+0x30/0x30 [ 48.010894] ? __free_pages+0x10a/0x190 [ 48.010896] ? free_unref_page+0x930/0x930 [ 48.010898] kvm_put_kvm+0x73f/0x1060 [ 48.010901] ? kvm_write_guest_cached+0x40/0x40 [ 48.010903] ? _raw_spin_unlock_irq+0x27/0x70 [ 48.010905] ? _raw_spin_unlock_irq+0x27/0x70 [ 48.010908] ? lockdep_hardirqs_on+0x421/0x5c0 [ 48.010910] ? kasan_check_write+0x14/0x20 [ 48.010912] ? do_raw_spin_lock+0xc1/0x200 [ 48.010914] ? kvm_irqfd_release+0xdd/0x120 [ 48.010917] ? kvm_irqfd_release+0xdd/0x120 [ 48.010919] ? kvm_put_kvm+0x1060/0x1060 [ 48.010921] kvm_vm_release+0x42/0x50 [ 48.010923] __fput+0x36e/0x8c0 [ 48.010925] ? __alloc_file+0x400/0x400 [ 48.010928] ? check_same_owner+0x340/0x340 [ 48.010930] ? kasan_check_write+0x14/0x20 [ 48.010932] ? do_raw_spin_lock+0xc1/0x200 [ 48.010934] ____fput+0x15/0x20 [ 48.010936] task_work_run+0x1e8/0x2a0 [ 48.010938] ? task_work_cancel+0x240/0x240 [ 48.010941] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.010944] ? switch_task_namespaces+0xa2/0xd0 [ 48.010946] do_exit+0x1ae4/0x26e0 [ 48.010948] ? mm_update_next_owner+0x9a0/0x9a0 [ 48.010950] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 48.010953] ? rcu_read_lock_sched_held+0x108/0x120 [ 48.010955] ? kfree+0x1d7/0x210 [ 48.010957] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 48.010960] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 48.010962] ? is_bpf_text_address+0xd7/0x170 [ 48.010963] ? [ 48.010968] Lost 55 message(s)! [ 49.077309] Shutting down cpus with NMI [ 50.136692] Dumping ftrace buffer: [ 50.140225] (ftrace buffer empty) [ 50.143919] Kernel Offset: disabled [ 50.147533] Rebooting in 86400 seconds..