[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.325939] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.723400] random: sshd: uninitialized urandom read (32 bytes read) [ 31.107101] random: sshd: uninitialized urandom read (32 bytes read) [ 31.707355] random: sshd: uninitialized urandom read (32 bytes read) [ 31.916939] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts. [ 37.701651] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 37.828277] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 37.855510] ================================================================== [ 37.865551] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 37.871781] Read of size 8 at addr ffff8801c4c40058 by task syz-executor725/5325 [ 37.879312] [ 37.880948] CPU: 0 PID: 5325 Comm: syz-executor725 Not tainted 4.19.0-rc4+ #248 [ 37.888393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.897751] Call Trace: [ 37.900352] dump_stack+0x1c4/0x2b4 [ 37.903993] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.909206] ? printk+0xa7/0xcf [ 37.912498] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.917265] print_address_description.cold.8+0x9/0x1ff [ 37.922650] kasan_report.cold.9+0x242/0x309 [ 37.927083] ? __schedule+0xfc3/0x1ed0 [ 37.930972] __asan_report_load8_noabort+0x14/0x20 [ 37.935925] __schedule+0xfc3/0x1ed0 [ 37.939646] ? __sched_text_start+0x8/0x8 [ 37.943801] ? __lock_is_held+0xb5/0x140 [ 37.947875] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.952985] ? find_held_lock+0x36/0x1c0 [ 37.957054] ? __call_srcu+0x7f9/0x1070 [ 37.961036] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.966147] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.971249] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.975832] ? preempt_schedule+0x4d/0x60 [ 37.979980] preempt_schedule_common+0x1f/0xd0 [ 37.984567] preempt_schedule+0x4d/0x60 [ 37.988547] ___preempt_schedule+0x16/0x18 [ 37.992785] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.997726] __call_srcu+0x7f9/0x1070 [ 38.001523] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.006629] ? srcu_offline_cpu+0x120/0x120 [ 38.010948] ? debug_object_free+0x690/0x690 [ 38.015357] ? mark_held_locks+0x130/0x130 [ 38.019587] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.024173] ? lock_release+0x970/0x970 [ 38.028146] ? arch_local_save_flags+0x40/0x40 [ 38.032727] ? depot_save_stack+0x292/0x470 [ 38.037054] ? __lockdep_init_map+0x105/0x590 [ 38.041562] ? __init_waitqueue_head+0x9e/0x150 [ 38.046227] ? init_wait_entry+0x1c0/0x1c0 [ 38.050469] __synchronize_srcu+0x17b/0x230 [ 38.054789] ? call_srcu+0x10/0x10 [ 38.058327] ? rcu_unexpedite_gp+0x20/0x20 [ 38.062565] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.068103] ? check_preemption_disabled+0x48/0x200 [ 38.073123] synchronize_srcu+0x356/0x5ab [ 38.077267] ? lock_downgrade+0x900/0x900 [ 38.081412] ? synchronize_srcu_expedited+0x20/0x20 [ 38.086432] ? kasan_check_read+0x11/0x20 [ 38.090579] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.095160] ? kasan_check_write+0x14/0x20 [ 38.099392] ? do_raw_spin_lock+0xc1/0x200 [ 38.103635] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.109344] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.114797] ? kvfree+0x61/0x70 [ 38.118091] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.123108] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.127171] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.131586] ? kvm_arch_sync_events+0x30/0x30 [ 38.136088] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.141834] ? mmu_notifier_unregister+0x474/0x600 [ 38.146789] ? kfree+0x107/0x230 [ 38.150157] ? __mmu_notifier_register+0x30/0x30 [ 38.154912] ? __free_pages+0x10a/0x190 [ 38.158889] ? free_unref_page+0x960/0x960 [ 38.163134] kvm_put_kvm+0x6c8/0xff0 [ 38.166852] ? kvm_write_guest_cached+0x40/0x40 [ 38.171523] ? kvm_irqfd_release+0xd1/0x120 [ 38.175847] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.180340] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.184846] ? kasan_check_write+0x14/0x20 [ 38.189102] ? do_raw_spin_lock+0xc1/0x200 [ 38.193338] ? kvm_irqfd_release+0xdd/0x120 [ 38.197658] ? kvm_irqfd_release+0xdd/0x120 [ 38.201985] ? kvm_put_kvm+0xff0/0xff0 [ 38.205874] kvm_vm_release+0x42/0x50 [ 38.209679] __fput+0x385/0xa30 [ 38.212965] ? get_max_files+0x20/0x20 [ 38.216856] ? trace_hardirqs_on+0xbd/0x310 [ 38.221179] ? ___might_sleep+0x1ed/0x300 [ 38.225329] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.230781] ? arch_local_save_flags+0x40/0x40 [ 38.235366] ? kasan_check_write+0x14/0x20 [ 38.239600] ? do_raw_spin_lock+0xc1/0x200 [ 38.243838] ____fput+0x15/0x20 [ 38.247119] task_work_run+0x1e8/0x2a0 [ 38.251007] ? task_work_cancel+0x240/0x240 [ 38.255327] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.260868] ? switch_task_namespaces+0x9d/0xd0 [ 38.265540] do_exit+0x1ad7/0x2610 [ 38.269088] ? mm_update_next_owner+0x990/0x990 [ 38.273758] ? mark_held_locks+0x130/0x130 [ 38.277996] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 38.282231] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.287250] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 38.291487] ? pud_val+0x88/0x100 [ 38.294945] ? is_bpf_text_address+0xd3/0x170 [ 38.299446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.304983] ? __handle_mm_fault+0x9ab/0x53e0 [ 38.309477] ? unwind_get_return_address+0x61/0xa0 [ 38.314411] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 38.319252] ? graph_lock+0x170/0x170 [ 38.323050] ? print_usage_bug+0xc0/0xc0 [ 38.327119] ? graph_lock+0x170/0x170 [ 38.330915] ? graph_lock+0x170/0x170 [ 38.334714] ? find_held_lock+0x36/0x1c0 [ 38.338778] ? __might_fault+0x12b/0x1e0 [ 38.342836] ? lock_downgrade+0x900/0x900 [ 38.346982] ? lock_release+0x970/0x970 [ 38.350955] ? arch_local_save_flags+0x40/0x40 [ 38.355542] ? __do_page_fault+0x6c1/0xed0 [ 38.359787] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.365321] ? do_mq_getsetattr+0x42d/0x590 [ 38.369646] ? _copy_from_user+0xdf/0x150 [ 38.373795] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.379330] ? __do_sys_mq_getsetattr+0x12d/0x1b0 [ 38.384189] ? do_mq_getsetattr+0x590/0x590 [ 38.388516] do_group_exit+0x177/0x440 [ 38.392413] ? trace_hardirqs_on+0xbd/0x310 [ 38.396738] ? __ia32_sys_exit+0x50/0x50 [ 38.400811] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.406269] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.411810] __x64_sys_exit_group+0x3e/0x50 [ 38.416130] do_syscall_64+0x1b9/0x820 [ 38.420017] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.425383] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.430308] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.435150] ? trace_hardirqs_on_caller+0x310/0x310 [ 38.440166] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.445191] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.450213] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.455062] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.460257] RIP: 0033:0x43efb8 [ 38.463447] Code: Bad RIP value. [ 38.466805] RSP: 002b:00007fff217a5368 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.474513] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043efb8 [ 38.481779] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.489046] RBP: 00000000004be868 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.496316] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 38.503586] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 38.510873] [ 38.512497] Allocated by task 5325: [ 38.516124] save_stack+0x43/0xd0 [ 38.519573] kasan_kmalloc+0xc7/0xe0 [ 38.523289] kasan_slab_alloc+0x12/0x20 [ 38.527263] kmem_cache_alloc+0x12e/0x730 [ 38.531410] vmx_create_vcpu+0xcf/0x25e0 [ 38.535464] kvm_arch_vcpu_create+0xe5/0x220 [ 38.539869] kvm_vm_ioctl+0x470/0x1d40 [ 38.543752] do_vfs_ioctl+0x1de/0x1720 [ 38.547634] ksys_ioctl+0xa9/0xd0 [ 38.551094] __x64_sys_ioctl+0x73/0xb0 [ 38.554978] do_syscall_64+0x1b9/0x820 [ 38.558866] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.564045] [ 38.565675] Freed by task 5325: [ 38.568949] save_stack+0x43/0xd0 [ 38.572397] __kasan_slab_free+0x102/0x150 [ 38.576626] kasan_slab_free+0xe/0x10 [ 38.580424] kmem_cache_free+0x83/0x290 [ 38.584394] vmx_free_vcpu+0x26b/0x300 [ 38.588277] kvm_arch_destroy_vm+0x365/0x7c0 [ 38.592693] kvm_put_kvm+0x6c8/0xff0 [ 38.596404] kvm_vm_release+0x42/0x50 [ 38.600203] __fput+0x385/0xa30 [ 38.603478] ____fput+0x15/0x20 [ 38.606757] task_work_run+0x1e8/0x2a0 [ 38.610645] do_exit+0x1ad7/0x2610 [ 38.614198] do_group_exit+0x177/0x440 [ 38.618089] __x64_sys_exit_group+0x3e/0x50 [ 38.622411] do_syscall_64+0x1b9/0x820 [ 38.626297] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.631471] [ 38.633101] The buggy address belongs to the object at ffff8801c4c40040 [ 38.633101] which belongs to the cache kvm_vcpu of size 23872 [ 38.645680] The buggy address is located 24 bytes inside of [ 38.645680] 23872-byte region [ffff8801c4c40040, ffff8801c4c45d80) [ 38.657639] The buggy address belongs to the page: [ 38.662574] page:ffffea0007131000 count:1 mapcount:0 mapping:ffff8801d5bb3900 index:0x0 compound_mapcount: 0 [ 38.672543] flags: 0x2fffc0000008100(slab|head) [ 38.677218] raw: 02fffc0000008100 ffff8801d773f048 ffff8801d773f048 ffff8801d5bb3900 [ 38.685104] raw: 0000000000000000 ffff8801c4c40040 0000000100000001 0000000000000000 [ 38.692975] page dumped because: kasan: bad access detected [ 38.698813] [ 38.700417] Memory state around the buggy address: [ 38.705326] ffff8801c4c3ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.712709] ffff8801c4c3ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.720075] >ffff8801c4c40000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 38.727439] ^ [ 38.733664] ffff8801c4c40080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.741022] ffff8801c4c40100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.748370] ================================================================== [ 38.755719] Kernel panic - not syncing: panic_on_warn set ... [ 38.755719] [ 38.763092] CPU: 0 PID: 5325 Comm: syz-executor725 Tainted: G B 4.19.0-rc4+ #248 [ 38.771919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.781267] Call Trace: [ 38.783954] dump_stack+0x1c4/0x2b4 [ 38.787584] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.792774] ? lock_downgrade+0x900/0x900 [ 38.796925] panic+0x238/0x4e7 [ 38.800118] ? add_taint.cold.5+0x16/0x16 [ 38.804267] ? print_shadow_for_address+0xb6/0x116 [ 38.809196] ? trace_hardirqs_off+0xaf/0x310 [ 38.813606] kasan_end_report+0x47/0x4f [ 38.817584] kasan_report.cold.9+0x76/0x309 [ 38.821906] ? __schedule+0xfc3/0x1ed0 [ 38.825795] __asan_report_load8_noabort+0x14/0x20 [ 38.830722] __schedule+0xfc3/0x1ed0 [ 38.834443] ? __sched_text_start+0x8/0x8 [ 38.838597] ? __lock_is_held+0xb5/0x140 [ 38.842657] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.847772] ? find_held_lock+0x36/0x1c0 [ 38.851836] ? __call_srcu+0x7f9/0x1070 [ 38.855814] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.860921] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.866026] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.870610] ? preempt_schedule+0x4d/0x60 [ 38.874762] preempt_schedule_common+0x1f/0xd0 [ 38.879348] preempt_schedule+0x4d/0x60 [ 38.883322] ___preempt_schedule+0x16/0x18 [ 38.887563] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.892493] __call_srcu+0x7f9/0x1070 [ 38.896296] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.901419] ? srcu_offline_cpu+0x120/0x120 [ 38.905740] ? debug_object_free+0x690/0x690 [ 38.910148] ? mark_held_locks+0x130/0x130 [ 38.914380] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.918964] ? lock_release+0x970/0x970 [ 38.922936] ? arch_local_save_flags+0x40/0x40 [ 38.927518] ? depot_save_stack+0x292/0x470 [ 38.931846] ? __lockdep_init_map+0x105/0x590 [ 38.936342] ? __init_waitqueue_head+0x9e/0x150 [ 38.941007] ? init_wait_entry+0x1c0/0x1c0 [ 38.945245] __synchronize_srcu+0x17b/0x230 [ 38.949565] ? call_srcu+0x10/0x10 [ 38.953110] ? rcu_unexpedite_gp+0x20/0x20 [ 38.957350] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.962884] ? check_preemption_disabled+0x48/0x200 [ 38.967901] synchronize_srcu+0x356/0x5ab [ 38.972049] ? lock_downgrade+0x900/0x900 [ 38.976205] ? synchronize_srcu_expedited+0x20/0x20 [ 38.981225] ? kasan_check_read+0x11/0x20 [ 38.985374] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.989971] ? kasan_check_write+0x14/0x20 [ 38.994207] ? do_raw_spin_lock+0xc1/0x200 [ 38.998446] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.004157] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.009612] ? kvfree+0x61/0x70 [ 39.012894] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.017913] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.021987] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.026396] ? kvm_arch_sync_events+0x30/0x30 [ 39.030895] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.036437] ? mmu_notifier_unregister+0x474/0x600 [ 39.041371] ? kfree+0x107/0x230 [ 39.044747] ? __mmu_notifier_register+0x30/0x30 [ 39.049507] ? __free_pages+0x10a/0x190 [ 39.053481] ? free_unref_page+0x960/0x960 [ 39.057730] kvm_put_kvm+0x6c8/0xff0 [ 39.061455] ? kvm_write_guest_cached+0x40/0x40 [ 39.066131] ? kvm_irqfd_release+0xd1/0x120 [ 39.070491] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.074986] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.079520] ? kasan_check_write+0x14/0x20 [ 39.083757] ? do_raw_spin_lock+0xc1/0x200 [ 39.087991] ? kvm_irqfd_release+0xdd/0x120 [ 39.092314] ? kvm_irqfd_release+0xdd/0x120 [ 39.096635] ? kvm_put_kvm+0xff0/0xff0 [ 39.100527] kvm_vm_release+0x42/0x50 [ 39.104329] __fput+0x385/0xa30 [ 39.107609] ? get_max_files+0x20/0x20 [ 39.111495] ? trace_hardirqs_on+0xbd/0x310 [ 39.115820] ? ___might_sleep+0x1ed/0x300 [ 39.119966] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.125418] ? arch_local_save_flags+0x40/0x40 [ 39.130003] ? kasan_check_write+0x14/0x20 [ 39.134241] ? do_raw_spin_lock+0xc1/0x200 [ 39.138474] ____fput+0x15/0x20 [ 39.141773] task_work_run+0x1e8/0x2a0 [ 39.145665] ? task_work_cancel+0x240/0x240 [ 39.149998] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.155544] ? switch_task_namespaces+0x9d/0xd0 [ 39.160217] do_exit+0x1ad7/0x2610 [ 39.163762] ? mm_update_next_owner+0x990/0x990 [ 39.168437] ? mark_held_locks+0x130/0x130 [ 39.172684] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 39.176918] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.181939] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 39.186178] ? pud_val+0x88/0x100 [ 39.189639] ? is_bpf_text_address+0xd3/0x170 [ 39.194144] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.199704] ? __handle_mm_fault+0x9ab/0x53e0 [ 39.204203] ? unwind_get_return_address+0x61/0xa0 [ 39.209137] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 39.213986] ? graph_lock+0x170/0x170 [ 39.217795] ? print_usage_bug+0xc0/0xc0 [ 39.221859] ? graph_lock+0x170/0x170 [ 39.225656] ? graph_lock+0x170/0x170 [ 39.229466] ? find_held_lock+0x36/0x1c0 [ 39.233532] ? __might_fault+0x12b/0x1e0 [ 39.237594] ? lock_downgrade+0x900/0x900 [ 39.241744] ? lock_release+0x970/0x970 [ 39.245719] ? arch_local_save_flags+0x40/0x40 [ 39.250320] ? __do_page_fault+0x6c1/0xed0 [ 39.254579] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.260111] ? do_mq_getsetattr+0x42d/0x590 [ 39.264434] ? _copy_from_user+0xdf/0x150 [ 39.268584] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.274118] ? __do_sys_mq_getsetattr+0x12d/0x1b0 [ 39.278957] ? do_mq_getsetattr+0x590/0x590 [ 39.283299] do_group_exit+0x177/0x440 [ 39.287200] ? trace_hardirqs_on+0xbd/0x310 [ 39.291533] ? __ia32_sys_exit+0x50/0x50 [ 39.295596] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.301046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.306598] __x64_sys_exit_group+0x3e/0x50 [ 39.310924] do_syscall_64+0x1b9/0x820 [ 39.314824] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.320199] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.325132] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.329984] ? trace_hardirqs_on_caller+0x310/0x310 [ 39.335010] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.340030] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.345054] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.349909] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.355100] RIP: 0033:0x43efb8 [ 39.358292] Code: Bad RIP value. [ 39.361650] RSP: 002b:00007fff217a5368 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 39.369361] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043efb8 [ 39.376627] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 39.383893] RBP: 00000000004be868 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 39.391157] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 39.398425] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 39.405703] [ 39.405709] ====================================================== [ 39.405715] WARNING: possible circular locking dependency detected [ 39.405719] 4.19.0-rc4+ #248 Not tainted [ 39.405725] ------------------------------------------------------ [ 39.405731] syz-executor725/5325 is trying to acquire lock: [ 39.405734] 000000000c3f9594 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 39.405750] [ 39.405755] but task is already holding lock: [ 39.405758] 00000000fb10f49c (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.405774] [ 39.405778] which lock already depends on the new lock. [ 39.405781] [ 39.405784] [ 39.405789] the existing dependency chain (in reverse order) is: [ 39.405792] [ 39.405794] -> #3 (report_lock){....}: [ 39.405810] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.405814] kasan_report+0x8b/0x110 [ 39.405819] __asan_report_load8_noabort+0x14/0x20 [ 39.405823] __schedule+0xfc3/0x1ed0 [ 39.405828] preempt_schedule_common+0x1f/0xd0 [ 39.405832] preempt_schedule+0x4d/0x60 [ 39.405836] ___preempt_schedule+0x16/0x18 [ 39.405841] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.405845] __call_srcu+0x7f9/0x1070 [ 39.405850] __synchronize_srcu+0x17b/0x230 [ 39.405854] synchronize_srcu+0x356/0x5ab [ 39.405859] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.405864] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.405868] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.405872] kvm_put_kvm+0x6c8/0xff0 [ 39.405877] kvm_vm_release+0x42/0x50 [ 39.405880] __fput+0x385/0xa30 [ 39.405884] ____fput+0x15/0x20 [ 39.405888] task_work_run+0x1e8/0x2a0 [ 39.405892] do_exit+0x1ad7/0x2610 [ 39.405897] do_group_exit+0x177/0x440 [ 39.405901] __x64_sys_exit_group+0x3e/0x50 [ 39.405905] do_syscall_64+0x1b9/0x820 [ 39.405910] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.405913] [ 39.405915] -> #2 (&rq->lock){-.-.}: [ 39.405930] _raw_spin_lock+0x2d/0x40 [ 39.405934] task_fork_fair+0xb0/0x6d0 [ 39.405938] sched_fork+0x443/0xba0 [ 39.405943] copy_process+0x2586/0x8780 [ 39.405947] _do_fork+0x1cb/0x11d0 [ 39.405951] kernel_thread+0x34/0x40 [ 39.405955] rest_init+0x22/0xe5 [ 39.405959] start_kernel+0x8f4/0x92f [ 39.405963] x86_64_start_reservations+0x29/0x2b [ 39.405968] x86_64_start_kernel+0x76/0x79 [ 39.405972] secondary_startup_64+0xa4/0xb0 [ 39.405975] [ 39.405977] -> #1 (&p->pi_lock){-.-.}: [ 39.405993] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.405997] try_to_wake_up+0xd2/0x12f0 [ 39.406001] wake_up_process+0x10/0x20 [ 39.406006] __up.isra.1+0x1c0/0x2a0 [ 39.406009] up+0x13c/0x1c0 [ 39.406014] __up_console_sem+0xbe/0x1b0 [ 39.406018] console_unlock+0x814/0x1160 [ 39.406022] vprintk_emit+0x33d/0x930 [ 39.406026] vprintk_default+0x28/0x30 [ 39.406031] vprintk_func+0x7e/0x181 [ 39.406034] printk+0xa7/0xcf [ 39.406038] load_umh+0x51/0xbd [ 39.406043] do_one_initcall+0x145/0x957 [ 39.406047] kernel_init_freeable+0x4bb/0x5ae [ 39.406051] kernel_init+0x11/0x1b2 [ 39.406055] ret_from_fork+0x3a/0x50 [ 39.406058] [ 39.406060] -> #0 ((console_sem).lock){-...}: [ 39.406085] lock_acquire+0x1ed/0x520 [ 39.406090] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.406094] down_trylock+0x13/0x70 [ 39.406099] __down_trylock_console_sem+0xae/0x200 [ 39.406103] console_trylock+0x15/0xa0 [ 39.406107] vprintk_emit+0x322/0x930 [ 39.406111] vprintk_default+0x28/0x30 [ 39.406116] vprintk_func+0x7e/0x181 [ 39.406119] printk+0xa7/0xcf [ 39.406124] kasan_report+0x9b/0x110 [ 39.406128] __asan_report_load8_noabort+0x14/0x20 [ 39.406133] __schedule+0xfc3/0x1ed0 [ 39.406137] preempt_schedule_common+0x1f/0xd0 [ 39.406141] preempt_schedule+0x4d/0x60 [ 39.406146] ___preempt_schedule+0x16/0x18 [ 39.406151] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.406155] __call_srcu+0x7f9/0x1070 [ 39.406159] __synchronize_srcu+0x17b/0x230 [ 39.406164] synchronize_srcu+0x356/0x5ab [ 39.406169] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.406174] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.406179] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.406183] kvm_put_kvm+0x6c8/0xff0 [ 39.406187] kvm_vm_release+0x42/0x50 [ 39.406191] __fput+0x385/0xa30 [ 39.406194] ____fput+0x15/0x20 [ 39.406199] task_work_run+0x1e8/0x2a0 [ 39.406203] do_exit+0x1ad7/0x2610 [ 39.406207] do_group_exit+0x177/0x440 [ 39.406211] __x64_sys_exit_group+0x3e/0x50 [ 39.406215] do_syscall_64+0x1b9/0x820 [ 39.406220] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.406223] [ 39.406228] other info that might help us debug this: [ 39.406230] [ 39.406234] Chain exists of: [ 39.406236] (console_sem).lock --> &rq->lock --> report_lock [ 39.406256] [ 39.406260] Possible unsafe locking scenario: [ 39.406263] [ 39.406267] CPU0 CPU1 [ 39.406271] ---- ---- [ 39.406274] lock(report_lock); [ 39.406284] lock(&rq->lock); [ 39.406294] lock(report_lock); [ 39.406303] lock((console_sem).lock); [ 39.406312] [ 39.406316] *** DEADLOCK *** [ 39.406318] [ 39.406323] 2 locks held by syz-executor725/5325: [ 39.406325] #0: 00000000f1b2d3e7 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 39.406343] #1: 00000000fb10f49c (report_lock){....}, at: kasan_report+0x8b/0x110 [ 39.406362] [ 39.406365] stack backtrace: [ 39.406372] CPU: 0 PID: 5325 Comm: syz-executor725 Not tainted 4.19.0-rc4+ #248 [ 39.406379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.406383] Call Trace: [ 39.406387] dump_stack+0x1c4/0x2b4 [ 39.406392] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.406396] ? vprintk_func+0x85/0x181 [ 39.406401] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 39.406405] ? save_trace+0xe0/0x290 [ 39.406410] __lock_acquire+0x33e4/0x4ec0 [ 39.406414] ? mark_held_locks+0x130/0x130 [ 39.406418] ? mark_held_locks+0x130/0x130 [ 39.406422] ? rcu_bh_qs+0xc0/0xc0 [ 39.406427] ? unwind_dump+0x190/0x190 [ 39.406431] ? is_bpf_text_address+0xd3/0x170 [ 39.406436] ? kernel_text_address+0x79/0xf0 [ 39.406440] ? __kernel_text_address+0xd/0x40 [ 39.406445] ? __save_stack_trace+0x8d/0xf0 [ 39.406450] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 39.406454] ? save_trace+0x290/0x290 [ 39.406458] ? save_stack_trace+0x1a/0x20 [ 39.406462] ? save_trace+0xe0/0x290 [ 39.406467] ? kasan_check_read+0x11/0x20 [ 39.406471] ? graph_lock+0x170/0x170 [ 39.406476] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.406480] lock_acquire+0x1ed/0x520 [ 39.406484] ? down_trylock+0x13/0x70 [ 39.406489] ? find_held_lock+0x36/0x1c0 [ 39.406493] ? lock_release+0x970/0x970 [ 39.406498] ? trace_hardirqs_off+0xb8/0x310 [ 39.406502] ? vprintk_emit+0x1d3/0x930 [ 39.406507] ? trace_hardirqs_on+0x310/0x310 [ 39.406511] ? trace_hardirqs_off+0xb8/0x310 [ 39.406515] ? log_store+0x344/0x4c0 [ 39.406519] ? vprintk_emit+0x322/0x930 [ 39.406524] _raw_spin_lock_irqsave+0x99/0xd0 [ 39.406528] ? down_trylock+0x13/0x70 [ 39.406532] down_trylock+0x13/0x70 [ 39.406537] __down_trylock_console_sem+0xae/0x200 [ 39.406541] console_trylock+0x15/0xa0 [ 39.406545] vprintk_emit+0x322/0x930 [ 39.406550] ? wake_up_klogd+0x180/0x180 [ 39.406554] ? run_rebalance_domains+0x500/0x500 [ 39.406559] ? wake_up_worker+0x117/0x190 [ 39.406563] ? find_held_lock+0x36/0x1c0 [ 39.406567] ? __queue_work+0x6be/0x1440 [ 39.406571] ? lock_acquire+0x1ed/0x520 [ 39.406576] vprintk_default+0x28/0x30 [ 39.406580] vprintk_func+0x7e/0x181 [ 39.406583] printk+0xa7/0xcf [ 39.406588] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 39.406593] ? kasan_check_write+0x14/0x20 [ 39.406597] ? do_raw_spin_lock+0xc1/0x200 [ 39.406601] ? do_raw_spin_lock+0xc1/0x200 [ 39.406605] kasan_report+0x9b/0x110 [ 39.406610] ? __schedule+0xfc3/0x1ed0 [ 39.406614] __asan_report_load8_noabort+0x14/0x20 [ 39.406619] __schedule+0xfc3/0x1ed0 [ 39.406623] ? __sched_text_start+0x8/0x8 [ 39.406627] ? __lock_is_held+0xb5/0x140 [ 39.406632] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.406637] ? find_held_lock+0x36/0x1c0 [ 39.406641] ? __call_srcu+0x7f9/0x1070 [ 39.406646] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.406651] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.406656] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.406660] ? preempt_schedule+0x4d/0x60 [ 39.406665] preempt_schedule_common+0x1f/0xd0 [ 39.406675] preempt_schedule+0x4d/0x60 [ 39.406679] ___preempt_schedule+0x16/0x18 [ 39.406684] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.406688] __call_srcu+0x7f9/0x1070 [ 39.406693] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.406697] ? srcu_offline_cpu+0x120/0x120 [ 39.406702] ? debug_object_free+0x690/0x690 [ 39.406706] ? mark_held_locks+0x130/0x130 [ 39.406711] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.406715] ? lock_release+0x970/0x970 [ 39.406720] ? arch_local_save_flags+0x40/0x40 [ 39.406724] ? depot_save_stack+0x292/0x470 [ 39.406729] ? __lockdep_init_map+0x105/0x590 [ 39.406734] ? __init_waitqueue_head+0x9e/0x150 [ 39.406738] ? init_wait_entry+0x1c0/0x1c0 [ 39.406742] __synchronize_srcu+0x17b/0x230 [ 39.406746] ? call_srcu+0x10/0x10 [ 39.406751] ? rcu_unexpedite_gp+0x20/0x20 [ 39.406756] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.406761] ? check_preemption_disabled+0x48/0x200 [ 39.406765] synchronize_srcu+0x356/0x5ab [ 39.406770] ? lock_downgrade+0x900/0x900 [ 39.406774] ? synchronize_srcu_expedited+0x20/0x20 [ 39.406779] ? kasan_check_read+0x11/0x20 [ 39.406784] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.406788] ? kasan_check_write+0x14/0x20 [ 39.406792] ? do_raw_spin_lock+0xc1/0x200 [ 39.406798] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.406803] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.406807] ? kvfree+0x61/0x70 [ 39.406812] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.406816] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.406821] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.406825] ? kvm_arch_sync_events+0x30/0x30 [ 39.406830] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.406835] ? mmu_notifier_unregister+0x474/0x600 [ 39.406839] ? kfree+0x107/0x230 [ 39.406844] ? __mmu_notifier_register+0x30/0x30 [ 39.406848] ? __free_pages+0x10a/0x190 [ 39.406853] ? free_unref_page+0x960/0x960 [ 39.406857] kvm_put_kvm+0x6c8/0xff0 [ 39.406861] ? kvm_write_guest_cached+0x40/0x40 [ 39.406866] ? kvm_irqfd_release+0xd1/0x120 [ 39.406870] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.406875] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.406879] ? kasan_check_write+0x14/0x20 [ 39.406884] ? do_raw_spin_lock+0xc1/0x200 [ 39.406887] ? kvm_irqfd_release+0x [ 39.406896] Lost 68 message(s)! [ 40.552253] Shutting down cpus with NMI [ 41.610419] Kernel Offset: disabled [ 41.614042] Rebooting in 86400 seconds..