[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.311125] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.140543] random: sshd: uninitialized urandom read (32 bytes read) [ 27.366206] random: sshd: uninitialized urandom read (32 bytes read) [ 27.959024] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.38' (ECDSA) to the list of known hosts. [ 33.703064] urandom_read: 1 callbacks suppressed [ 33.703069] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.805015] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.830135] ================================================================== [ 33.839886] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.846124] Read of size 8 at addr ffff8801ba660058 by task syz-executor235/4645 [ 33.853639] [ 33.855278] CPU: 0 PID: 4645 Comm: syz-executor235 Not tainted 4.19.0-rc2+ #220 [ 33.862709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.872049] Call Trace: [ 33.874633] dump_stack+0x1c9/0x2b4 [ 33.878271] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.883454] ? printk+0xa7/0xcf [ 33.886727] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.891479] ? __schedule+0xf54/0x1df0 [ 33.895406] print_address_description+0x6c/0x20b [ 33.900245] ? __schedule+0xf54/0x1df0 [ 33.904127] kasan_report.cold.7+0x242/0x30d [ 33.908531] __asan_report_load8_noabort+0x14/0x20 [ 33.913480] __schedule+0xf54/0x1df0 [ 33.917192] ? __sched_text_start+0x8/0x8 [ 33.921337] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 33.926436] ? __call_srcu+0x7e7/0x1040 [ 33.930422] ? check_same_owner+0x340/0x340 [ 33.934735] ? mark_held_locks+0x160/0x160 [ 33.938968] ? find_held_lock+0x36/0x1c0 [ 33.943030] preempt_schedule_common+0x22/0x60 [ 33.947606] _cond_resched+0x1d/0x30 [ 33.951342] wait_for_completion+0xa5/0x8d0 [ 33.955671] ? wait_for_completion_interruptible+0x950/0x950 [ 33.961461] ? __lockdep_init_map+0x105/0x590 [ 33.965955] ? __init_waitqueue_head+0x9e/0x150 [ 33.970617] ? init_wait_entry+0x1c0/0x1c0 [ 33.974854] __synchronize_srcu+0x189/0x240 [ 33.979178] ? call_srcu+0x10/0x10 [ 33.982718] ? rcu_unexpedite_gp+0x20/0x20 [ 33.986973] synchronize_srcu+0x335/0x56f [ 33.991113] ? lock_downgrade+0x8f0/0x8f0 [ 33.995256] ? synchronize_srcu_expedited+0x20/0x20 [ 34.000271] ? kasan_check_read+0x11/0x20 [ 34.004432] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.009012] ? kasan_check_write+0x14/0x20 [ 34.013239] ? do_raw_spin_lock+0xc1/0x200 [ 34.017472] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.023181] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.028630] ? kvfree+0x61/0x70 [ 34.031933] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.036960] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.041014] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.045431] ? kvm_arch_sync_events+0x30/0x30 [ 34.049930] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.055465] ? mmu_notifier_unregister+0x474/0x600 [ 34.060384] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.064795] ? kfree+0x111/0x210 [ 34.068155] ? __mmu_notifier_register+0x30/0x30 [ 34.072924] ? __free_pages+0x10a/0x190 [ 34.076911] ? free_unref_page+0x930/0x930 [ 34.081152] kvm_put_kvm+0x73f/0x1060 [ 34.084952] ? kvm_write_guest_cached+0x40/0x40 [ 34.089629] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.094116] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.098606] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.103185] ? kasan_check_write+0x14/0x20 [ 34.107416] ? do_raw_spin_lock+0xc1/0x200 [ 34.111650] ? kvm_irqfd_release+0xdd/0x120 [ 34.115974] ? kvm_irqfd_release+0xdd/0x120 [ 34.120291] ? kvm_put_kvm+0x1060/0x1060 [ 34.124350] kvm_vm_release+0x42/0x50 [ 34.128151] __fput+0x38a/0xa40 [ 34.131429] ? __alloc_file+0x400/0x400 [ 34.135400] ? check_same_owner+0x340/0x340 [ 34.139714] ? kasan_check_write+0x14/0x20 [ 34.143940] ? do_raw_spin_lock+0xc1/0x200 [ 34.148167] ____fput+0x15/0x20 [ 34.151466] task_work_run+0x1e8/0x2a0 [ 34.155351] ? task_work_cancel+0x240/0x240 [ 34.159842] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.165379] ? switch_task_namespaces+0xa2/0xd0 [ 34.170061] do_exit+0x1ae4/0x26e0 [ 34.173611] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.178275] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.182503] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.187538] ? kfree+0x1d7/0x210 [ 34.190913] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.195145] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.200851] ? is_bpf_text_address+0xd7/0x170 [ 34.205352] ? kernel_text_address+0x79/0xf0 [ 34.209777] ? __kernel_text_address+0xd/0x40 [ 34.214279] ? unwind_get_return_address+0x61/0xa0 [ 34.219207] ? __save_stack_trace+0x8d/0xf0 [ 34.223535] ? save_stack+0xa9/0xd0 [ 34.227153] ? save_stack+0x43/0xd0 [ 34.230795] ? __kasan_slab_free+0x11a/0x170 [ 34.235221] ? kasan_slab_free+0xe/0x10 [ 34.239209] ? putname+0xf2/0x130 [ 34.242656] ? __x64_sys_openat+0x9d/0x100 [ 34.246890] ? do_syscall_64+0x1b9/0x820 [ 34.250954] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.256313] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.260712] ? kasan_check_read+0x11/0x20 [ 34.264850] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.269262] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.273681] ? initcall_blacklisted+0x9a/0x1e0 [ 34.278258] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.283354] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.289063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.294595] ? do_vfs_ioctl+0x201/0x1720 [ 34.298663] ? rcu_is_watching+0x8c/0x150 [ 34.302800] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.307122] ? ioctl_preallocate+0x300/0x300 [ 34.311526] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.317053] ? __fget_light+0x2f7/0x440 [ 34.321025] ? fget_raw+0x20/0x20 [ 34.324468] ? putname+0xf2/0x130 [ 34.327928] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.332937] ? kmem_cache_free+0x246/0x280 [ 34.337164] ? putname+0xf7/0x130 [ 34.340616] do_group_exit+0x177/0x440 [ 34.344496] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.348813] ? __ia32_sys_exit+0x50/0x50 [ 34.352867] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.357994] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.363526] ? ksys_ioctl+0x81/0xd0 [ 34.367144] __x64_sys_exit_group+0x3e/0x50 [ 34.371458] do_syscall_64+0x1b9/0x820 [ 34.375336] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.380694] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.385617] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.390457] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.395468] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.400479] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.405360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.410540] RIP: 0033:0x43ecc8 [ 34.413725] Code: Bad RIP value. [ 34.417094] RSP: 002b:00007ffe5de6a7b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.424798] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 34.432058] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.439318] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.446593] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.453858] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.461131] [ 34.462749] Allocated by task 4645: [ 34.466374] save_stack+0x43/0xd0 [ 34.469839] kasan_kmalloc+0xc4/0xe0 [ 34.473548] kasan_slab_alloc+0x12/0x20 [ 34.477509] kmem_cache_alloc+0x12e/0x710 [ 34.481661] vmx_create_vcpu+0xcf/0x2830 [ 34.485715] kvm_arch_vcpu_create+0xe5/0x220 [ 34.490119] kvm_vm_ioctl+0x488/0x1d80 [ 34.494453] do_vfs_ioctl+0x1de/0x1720 [ 34.498335] ksys_ioctl+0xa9/0xd0 [ 34.501790] __x64_sys_ioctl+0x73/0xb0 [ 34.505669] do_syscall_64+0x1b9/0x820 [ 34.509553] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.514740] [ 34.516370] Freed by task 4645: [ 34.519654] save_stack+0x43/0xd0 [ 34.523098] __kasan_slab_free+0x11a/0x170 [ 34.527325] kasan_slab_free+0xe/0x10 [ 34.531116] kmem_cache_free+0x86/0x280 [ 34.535084] vmx_free_vcpu+0x26b/0x300 [ 34.538964] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.543364] kvm_put_kvm+0x73f/0x1060 [ 34.547160] kvm_vm_release+0x42/0x50 [ 34.550953] __fput+0x38a/0xa40 [ 34.554222] ____fput+0x15/0x20 [ 34.557490] task_work_run+0x1e8/0x2a0 [ 34.561366] do_exit+0x1ae4/0x26e0 [ 34.564901] do_group_exit+0x177/0x440 [ 34.568788] __x64_sys_exit_group+0x3e/0x50 [ 34.573104] do_syscall_64+0x1b9/0x820 [ 34.576986] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.582160] [ 34.583780] The buggy address belongs to the object at ffff8801ba660040 [ 34.583780] which belongs to the cache kvm_vcpu of size 23872 [ 34.596343] The buggy address is located 24 bytes inside of [ 34.596343] 23872-byte region [ffff8801ba660040, ffff8801ba665d80) [ 34.609263] The buggy address belongs to the page: [ 34.614200] page:ffffea0006e99800 count:1 mapcount:0 mapping:ffff8801d4a9ac00 index:0x0 compound_mapcount: 0 [ 34.624161] flags: 0x2fffc0000008100(slab|head) [ 34.628826] raw: 02fffc0000008100 ffff8801d4a99d48 ffff8801d4a99d48 ffff8801d4a9ac00 [ 34.636714] raw: 0000000000000000 ffff8801ba660040 0000000100000001 0000000000000000 [ 34.644582] page dumped because: kasan: bad access detected [ 34.650279] [ 34.651898] Memory state around the buggy address: [ 34.656866] ffff8801ba65ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.664226] ffff8801ba65ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.671577] >ffff8801ba660000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.678933] ^ [ 34.685155] ffff8801ba660080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.692507] ffff8801ba660100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.699862] ================================================================== [ 34.707216] Kernel panic - not syncing: panic_on_warn set ... [ 34.707216] [ 34.714577] CPU: 0 PID: 4645 Comm: syz-executor235 Tainted: G B 4.19.0-rc2+ #220 [ 34.723403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.732746] Call Trace: [ 34.735333] dump_stack+0x1c9/0x2b4 [ 34.738960] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.744154] ? lock_downgrade+0x8f0/0x8f0 [ 34.748301] ? __schedule+0xf54/0x1df0 [ 34.752187] panic+0x238/0x4e7 [ 34.755372] ? add_taint.cold.5+0x16/0x16 [ 34.759519] ? print_shadow_for_address+0xba/0x116 [ 34.764446] ? trace_hardirqs_off+0xaf/0x2b0 [ 34.768849] ? trace_hardirqs_off+0x77/0x2b0 [ 34.773262] ? __schedule+0xf54/0x1df0 [ 34.777152] kasan_end_report+0x47/0x4f [ 34.781125] kasan_report.cold.7+0x76/0x30d [ 34.785446] __asan_report_load8_noabort+0x14/0x20 [ 34.790368] __schedule+0xf54/0x1df0 [ 34.794080] ? __sched_text_start+0x8/0x8 [ 34.798222] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 34.803326] ? __call_srcu+0x7e7/0x1040 [ 34.807320] ? check_same_owner+0x340/0x340 [ 34.811651] ? mark_held_locks+0x160/0x160 [ 34.815899] ? find_held_lock+0x36/0x1c0 [ 34.819976] preempt_schedule_common+0x22/0x60 [ 34.824553] _cond_resched+0x1d/0x30 [ 34.828262] wait_for_completion+0xa5/0x8d0 [ 34.832587] ? wait_for_completion_interruptible+0x950/0x950 [ 34.838382] ? __lockdep_init_map+0x105/0x590 [ 34.842888] ? __init_waitqueue_head+0x9e/0x150 [ 34.847560] ? init_wait_entry+0x1c0/0x1c0 [ 34.851818] __synchronize_srcu+0x189/0x240 [ 34.856150] ? call_srcu+0x10/0x10 [ 34.859688] ? rcu_unexpedite_gp+0x20/0x20 [ 34.863949] synchronize_srcu+0x335/0x56f [ 34.868097] ? lock_downgrade+0x8f0/0x8f0 [ 34.872245] ? synchronize_srcu_expedited+0x20/0x20 [ 34.877261] ? kasan_check_read+0x11/0x20 [ 34.881421] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.886014] ? kasan_check_write+0x14/0x20 [ 34.890248] ? do_raw_spin_lock+0xc1/0x200 [ 34.894482] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.900195] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.905647] ? kvfree+0x61/0x70 [ 34.908934] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.913956] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.918012] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.922420] ? kvm_arch_sync_events+0x30/0x30 [ 34.926931] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.932468] ? mmu_notifier_unregister+0x474/0x600 [ 34.937389] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.941794] ? kfree+0x111/0x210 [ 34.945162] ? __mmu_notifier_register+0x30/0x30 [ 34.949935] ? __free_pages+0x10a/0x190 [ 34.953918] ? free_unref_page+0x930/0x930 [ 34.958173] kvm_put_kvm+0x73f/0x1060 [ 34.961974] ? kvm_write_guest_cached+0x40/0x40 [ 34.966641] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.971145] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.975632] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.980211] ? kasan_check_write+0x14/0x20 [ 34.984443] ? do_raw_spin_lock+0xc1/0x200 [ 34.988675] ? kvm_irqfd_release+0xdd/0x120 [ 34.993006] ? kvm_irqfd_release+0xdd/0x120 [ 34.997324] ? kvm_put_kvm+0x1060/0x1060 [ 35.001395] kvm_vm_release+0x42/0x50 [ 35.005194] __fput+0x38a/0xa40 [ 35.008470] ? __alloc_file+0x400/0x400 [ 35.012449] ? check_same_owner+0x340/0x340 [ 35.016776] ? kasan_check_write+0x14/0x20 [ 35.021005] ? do_raw_spin_lock+0xc1/0x200 [ 35.025241] ____fput+0x15/0x20 [ 35.028514] task_work_run+0x1e8/0x2a0 [ 35.032410] ? task_work_cancel+0x240/0x240 [ 35.036735] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.042272] ? switch_task_namespaces+0xa2/0xd0 [ 35.046942] do_exit+0x1ae4/0x26e0 [ 35.050481] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.055154] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.059384] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.064396] ? kfree+0x1d7/0x210 [ 35.067774] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.072007] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.077723] ? is_bpf_text_address+0xd7/0x170 [ 35.082224] ? kernel_text_address+0x79/0xf0 [ 35.086629] ? __kernel_text_address+0xd/0x40 [ 35.091130] ? unwind_get_return_address+0x61/0xa0 [ 35.096087] ? __save_stack_trace+0x8d/0xf0 [ 35.100414] ? save_stack+0xa9/0xd0 [ 35.104051] ? save_stack+0x43/0xd0 [ 35.107673] ? __kasan_slab_free+0x11a/0x170 [ 35.112089] ? kasan_slab_free+0xe/0x10 [ 35.116068] ? putname+0xf2/0x130 [ 35.119520] ? __x64_sys_openat+0x9d/0x100 [ 35.123752] ? do_syscall_64+0x1b9/0x820 [ 35.127807] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.133167] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.137571] ? kasan_check_read+0x11/0x20 [ 35.141715] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.146120] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.150525] ? initcall_blacklisted+0x9a/0x1e0 [ 35.155103] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.160203] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.165921] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.171453] ? do_vfs_ioctl+0x201/0x1720 [ 35.175511] ? rcu_is_watching+0x8c/0x150 [ 35.179652] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.183973] ? ioctl_preallocate+0x300/0x300 [ 35.188382] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.193941] ? __fget_light+0x2f7/0x440 [ 35.197921] ? fget_raw+0x20/0x20 [ 35.201374] ? putname+0xf2/0x130 [ 35.204826] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.209835] ? kmem_cache_free+0x246/0x280 [ 35.214063] ? putname+0xf7/0x130 [ 35.217514] do_group_exit+0x177/0x440 [ 35.221394] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.225711] ? __ia32_sys_exit+0x50/0x50 [ 35.229763] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.234870] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.240424] ? ksys_ioctl+0x81/0xd0 [ 35.244051] __x64_sys_exit_group+0x3e/0x50 [ 35.248366] do_syscall_64+0x1b9/0x820 [ 35.252246] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.257616] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.262541] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.267383] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.272394] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.277424] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.282265] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.287446] RIP: 0033:0x43ecc8 [ 35.290638] Code: Bad RIP value. [ 35.293993] RSP: 002b:00007ffe5de6a7b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.301695] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 35.308955] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.316219] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.323478] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.330736] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.338010] [ 35.338015] ====================================================== [ 35.338020] WARNING: possible circular locking dependency detected [ 35.338024] 4.19.0-rc2+ #220 Not tainted [ 35.338029] ------------------------------------------------------ [ 35.338034] syz-executor235/4645 is trying to acquire lock: [ 35.338037] 0000000061ccd02b ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 35.338052] [ 35.338056] but task is already holding lock: [ 35.338059] 0000000092c49836 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.338073] [ 35.338077] which lock already depends on the new lock. [ 35.338079] [ 35.338082] [ 35.338087] the existing dependency chain (in reverse order) is: [ 35.338089] [ 35.338091] -> #3 (report_lock){....}: [ 35.338105] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.338109] kasan_report+0x8e/0x110 [ 35.338113] __asan_report_load8_noabort+0x14/0x20 [ 35.338117] __schedule+0xf54/0x1df0 [ 35.338121] preempt_schedule_common+0x22/0x60 [ 35.338125] _cond_resched+0x1d/0x30 [ 35.338129] wait_for_completion+0xa5/0x8d0 [ 35.338133] __synchronize_srcu+0x189/0x240 [ 35.338137] synchronize_srcu+0x335/0x56f [ 35.338142] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.338146] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.338150] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.338153] kvm_put_kvm+0x73f/0x1060 [ 35.338157] kvm_vm_release+0x42/0x50 [ 35.338161] __fput+0x38a/0xa40 [ 35.338164] ____fput+0x15/0x20 [ 35.338168] task_work_run+0x1e8/0x2a0 [ 35.338171] do_exit+0x1ae4/0x26e0 [ 35.338175] do_group_exit+0x177/0x440 [ 35.338179] __x64_sys_exit_group+0x3e/0x50 [ 35.338183] do_syscall_64+0x1b9/0x820 [ 35.338188] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.338190] [ 35.338192] -> #2 (&rq->lock){-.-.}: [ 35.338205] _raw_spin_lock+0x2a/0x40 [ 35.338209] task_fork_fair+0x93/0x680 [ 35.338213] sched_fork+0x44b/0xbd0 [ 35.338217] copy_process+0x235e/0x7ad0 [ 35.338220] _do_fork+0x1ca/0x1170 [ 35.338224] kernel_thread+0x34/0x40 [ 35.338227] rest_init+0x22/0xe4 [ 35.338231] start_kernel+0x913/0x94e [ 35.338235] x86_64_start_reservations+0x29/0x2b [ 35.338239] x86_64_start_kernel+0x76/0x79 [ 35.338243] secondary_startup_64+0xa4/0xb0 [ 35.338246] [ 35.338248] -> #1 (&p->pi_lock){-.-.}: [ 35.338262] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.338266] try_to_wake_up+0xd2/0x1250 [ 35.338269] wake_up_process+0x10/0x20 [ 35.338273] __up.isra.1+0x1c0/0x2a0 [ 35.338276] up+0x13c/0x1c0 [ 35.338280] __up_console_sem+0xbe/0x1b0 [ 35.338284] console_unlock+0x506/0x10d0 [ 35.338287] vprintk_emit+0x33a/0x910 [ 35.338292] vprintk_default+0x28/0x30 [ 35.338295] vprintk_func+0x7a/0x117 [ 35.338299] printk+0xa7/0xcf [ 35.338302] load_umh+0x51/0xbd [ 35.338306] do_one_initcall+0x127/0x838 [ 35.338310] kernel_init_freeable+0x4bb/0x5ae [ 35.338314] kernel_init+0x11/0x1b3 [ 35.338318] ret_from_fork+0x3a/0x50 [ 35.338320] [ 35.338322] -> #0 ((console_sem).lock){-...}: [ 35.338336] lock_acquire+0x1e4/0x4f0 [ 35.338340] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.338344] down_trylock+0x13/0x70 [ 35.338348] __down_trylock_console_sem+0xae/0x200 [ 35.338352] console_trylock+0x15/0xa0 [ 35.338356] vprintk_emit+0x31f/0x910 [ 35.338359] vprintk_default+0x28/0x30 [ 35.338363] vprintk_func+0x7a/0x117 [ 35.338366] printk+0xa7/0xcf [ 35.338370] kasan_report+0x9e/0x110 [ 35.338374] __asan_report_load8_noabort+0x14/0x20 [ 35.338378] __schedule+0xf54/0x1df0 [ 35.338382] preempt_schedule_common+0x22/0x60 [ 35.338386] _cond_resched+0x1d/0x30 [ 35.338390] wait_for_completion+0xa5/0x8d0 [ 35.338394] __synchronize_srcu+0x189/0x240 [ 35.338398] synchronize_srcu+0x335/0x56f [ 35.338403] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.338407] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.338411] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.338415] kvm_put_kvm+0x73f/0x1060 [ 35.338418] kvm_vm_release+0x42/0x50 [ 35.338422] __fput+0x38a/0xa40 [ 35.338425] ____fput+0x15/0x20 [ 35.338429] task_work_run+0x1e8/0x2a0 [ 35.338433] do_exit+0x1ae4/0x26e0 [ 35.338436] do_group_exit+0x177/0x440 [ 35.338440] __x64_sys_exit_group+0x3e/0x50 [ 35.338444] do_syscall_64+0x1b9/0x820 [ 35.338449] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.338451] [ 35.338455] other info that might help us debug this: [ 35.338457] [ 35.338460] Chain exists of: [ 35.338462] (console_sem).lock --> &rq->lock --> report_lock [ 35.338480] [ 35.338484] Possible unsafe locking scenario: [ 35.338486] [ 35.338490] CPU0 CPU1 [ 35.338494] ---- ---- [ 35.338496] lock(report_lock); [ 35.338505] lock(&rq->lock); [ 35.338514] lock(report_lock); [ 35.338535] lock((console_sem).lock); [ 35.338542] [ 35.338561] *** DEADLOCK *** [ 35.338563] [ 35.338567] 2 locks held by syz-executor235/4645: [ 35.338582] #0: 000000005a8b862e (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 35.338598] #1: 0000000092c49836 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.338614] [ 35.338617] stack backtrace: [ 35.338623] CPU: 0 PID: 4645 Comm: syz-executor235 Not tainted 4.19.0-rc2+ #220 [ 35.338629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.338632] Call Trace: [ 35.338636] dump_stack+0x1c9/0x2b4 [ 35.338640] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.338644] ? vprintk_func+0x100/0x117 [ 35.338648] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 35.338652] ? save_trace+0xe0/0x290 [ 35.338656] __lock_acquire+0x3449/0x5020 [ 35.338659] ? mark_held_locks+0x160/0x160 [ 35.338663] ? mark_held_locks+0x160/0x160 [ 35.338667] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.338671] ? is_bpf_text_address+0xd7/0x170 [ 35.338675] ? kernel_text_address+0x79/0xf0 [ 35.338679] ? __kernel_text_address+0xd/0x40 [ 35.338683] ? __save_stack_trace+0x8d/0xf0 [ 35.338687] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 35.338691] ? save_trace+0x290/0x290 [ 35.338694] ? save_stack_trace+0x1a/0x20 [ 35.338698] ? save_trace+0xe0/0x290 [ 35.338701] ? graph_lock+0x170/0x170 [ 35.338706] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.338710] lock_acquire+0x1e4/0x4f0 [ 35.338713] ? down_trylock+0x13/0x70 [ 35.338717] ? lock_release+0x9f0/0x9f0 [ 35.338721] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.338725] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.338729] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.338732] ? log_store+0x34f/0x4c0 [ 35.338736] ? vprintk_emit+0x31f/0x910 [ 35.338740] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.338743] ? down_trylock+0x13/0x70 [ 35.338747] down_trylock+0x13/0x70 [ 35.338751] __down_trylock_console_sem+0xae/0x200 [ 35.338754] console_trylock+0x15/0xa0 [ 35.338758] vprintk_emit+0x31f/0x910 [ 35.338762] ? wake_up_klogd+0x110/0x110 [ 35.338766] ? run_rebalance_domains+0x4c0/0x4c0 [ 35.338770] ? kasan_check_read+0x11/0x20 [ 35.338773] ? rcu_is_watching+0x8c/0x150 [ 35.338777] ? rcu_pm_notify+0xc0/0xc0 [ 35.338781] ? lock_acquire+0x1e4/0x4f0 [ 35.338784] ? kasan_report+0x8e/0x110 [ 35.338788] ? __schedule+0xf54/0x1df0 [ 35.338792] vprintk_default+0x28/0x30 [ 35.338795] vprintk_func+0x7a/0x117 [ 35.338798] printk+0xa7/0xcf [ 35.338802] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.338806] ? kasan_check_write+0x14/0x20 [ 35.338810] ? do_raw_spin_lock+0xc1/0x200 [ 35.338814] ? do_raw_spin_lock+0xc1/0x200 [ 35.338817] kasan_report+0x9e/0x110 [ 35.338822] __asan_report_load8_noabort+0x14/0x20 [ 35.338825] __schedule+0xf54/0x1df0 [ 35.338829] ? __sched_text_start+0x8/0x8 [ 35.338833] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 35.338837] ? __call_srcu+0x7e7/0x1040 [ 35.338841] ? check_same_owner+0x340/0x340 [ 35.338845] ? mark_held_locks+0x160/0x160 [ 35.338848] ? find_held_lock+0x36/0x1c0 [ 35.338852] preempt_schedule_common+0x22/0x60 [ 35.338856] _cond_resched+0x1d/0x30 [ 35.338860] wait_for_completion+0xa5/0x8d0 [ 35.338864] ? wait_for_completion_interruptible+0x950/0x950 [ 35.338868] ? __lockdep_init_map+0x105/0x590 [ 35.338872] ? __init_waitqueue_head+0x9e/0x150 [ 35.338876] ? init_wait_entry+0x1c0/0x1c0 [ 35.338888] __synchronize_srcu+0x189/0x240 [ 35.338891] ? call_srcu+0x10/0x10 [ 35.338895] ? rcu_unexpedite_gp+0x20/0x20 [ 35.338899] synchronize_srcu+0x335/0x56f [ 35.338903] ? lock_downgrade+0x8f0/0x8f0 [ 35.338913] ? synchronize_srcu_expedited+0x20/0x20 [ 35.338917] ? kasan_check_read+0x11/0x20 [ 35.338921] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.338925] ? kasan_check_write+0x14/0x20 [ 35.338928] ? do_raw_spin_lock+0xc1/0x200 [ 35.338933] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.338938] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.338941] ? kvfree+0x61/0x70 [ 35.338945] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.338949] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.338953] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.338957] ? kvm_arch_sync_events+0x30/0x30 [ 35.338962] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.338966] ? mmu_notifier_unregister+0x474/0x600 [ 35.338970] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.338973] ? kfree+0x111/0x210 [ 35.338977] ? __mmu_notifier_register+0x30/0x30 [ 35.338981] ? __free_pages+0x10a/0x190 [ 35.338985] ? free_unref_page+0x930/0x930 [ 35.338989] kvm_put_kvm+0x73f/0x1060 [ 35.338993] ? kvm_write_guest_cached+0x40/0x40 [ 35.338997] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.339000] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.339004] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.339008] ? kasan_check_write+0x14/0x20 [ 35.339012] ? do_raw_spin_lock+0xc1/0x200 [ 35.339016] ? kvm_irqfd_release+0xdd/0x120 [ 35.339020] ? kvm_irqfd_release+0xdd/0x120 [ 35.339023] ? kvm_put_kvm+0x1060/0x1060 [ 35.339027] kvm_vm_release+0x42/0x50 [ 35.339030] __fput+0x38a/0xa40 [ 35.339034] ? __alloc_file+0x400/0x400 [ 35.339038] ? check_same_owner+0x340/0x340 [ 35.339042] ? kasan_check_write+0x14/0x20 [ 35.339045] ? do_raw_spin_lock+0xc1/0x200 [ 35.339049] ____fput+0x15/0x20 [ 35.339052] task_work_run+0x1e8/0x2a0 [ 35.339056] ? task_work_cancel+0x240/0x240 [ 35.339061] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.339065] ? switch_task_namespaces+0xa2/0xd0 [ 35.339068] do_exit+0x1ae4/0x26e0 [ 35.339072] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.339076] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.339081] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.339084] ? kfree+0x1d7/0x210 [ 35.339088] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.339092] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.339096] ? is_bpf_text_address+0xd7/0x170 [ 35.339099] ? [ 35.339105] Lost 54 message(s)! [ 36.443701] Shutting down cpus with NMI [ 37.502683] Dumping ftrace buffer: [ 37.506211] (ftrace buffer empty) [ 37.509902] Kernel Offset: disabled [ 37.513538] Rebooting in 86400 seconds..