[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.038464] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.356453] random: sshd: uninitialized urandom read (32 bytes read) [ 24.569310] random: sshd: uninitialized urandom read (32 bytes read) [ 25.112197] random: sshd: uninitialized urandom read (32 bytes read) [ 39.280234] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts. [ 44.862770] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 44.961127] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 44.986672] ================================================================== [ 44.996389] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 45.002615] Read of size 8 at addr ffff8801b8aa8058 by task syz-executor577/4289 [ 45.010155] [ 45.011781] CPU: 1 PID: 4289 Comm: syz-executor577 Not tainted 4.19.0-rc2+ #226 [ 45.019216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.028562] Call Trace: [ 45.031156] dump_stack+0x1c9/0x2b4 [ 45.034786] ? dump_stack_print_info.cold.2+0x52/0x52 [ 45.039975] ? printk+0xa7/0xcf [ 45.043254] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 45.048009] ? __schedule+0xf54/0x1df0 [ 45.051895] print_address_description+0x6c/0x20b [ 45.056734] ? __schedule+0xf54/0x1df0 [ 45.060627] kasan_report.cold.7+0x242/0x30d [ 45.065042] __asan_report_load8_noabort+0x14/0x20 [ 45.069969] __schedule+0xf54/0x1df0 [ 45.073678] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 45.078785] ? __sched_text_start+0x8/0x8 [ 45.082934] ? __call_srcu+0x7e7/0x1040 [ 45.086915] ? check_same_owner+0x340/0x340 [ 45.091240] ? mark_held_locks+0x160/0x160 [ 45.095501] ? find_held_lock+0x36/0x1c0 [ 45.099563] preempt_schedule_common+0x22/0x60 [ 45.104143] _cond_resched+0x1d/0x30 [ 45.107855] wait_for_completion+0xa5/0x8d0 [ 45.112177] ? wait_for_completion_interruptible+0x950/0x950 [ 45.117971] ? __lockdep_init_map+0x105/0x590 [ 45.122464] ? __init_waitqueue_head+0x9e/0x150 [ 45.127132] ? init_wait_entry+0x1c0/0x1c0 [ 45.131366] __synchronize_srcu+0x189/0x240 [ 45.135687] ? call_srcu+0x10/0x10 [ 45.139226] ? rcu_unexpedite_gp+0x20/0x20 [ 45.143464] synchronize_srcu+0x335/0x56f [ 45.147607] ? lock_downgrade+0x8f0/0x8f0 [ 45.151750] ? synchronize_srcu_expedited+0x20/0x20 [ 45.156770] ? kasan_check_read+0x11/0x20 [ 45.160920] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 45.165506] ? kasan_check_write+0x14/0x20 [ 45.169737] ? do_raw_spin_lock+0xc1/0x200 [ 45.173975] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.179687] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 45.185137] ? kvfree+0x61/0x70 [ 45.188428] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.193449] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.197518] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.201928] ? kvm_arch_sync_events+0x30/0x30 [ 45.206427] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.211963] ? mmu_notifier_unregister+0x474/0x600 [ 45.216892] ? trace_hardirqs_on+0x2c0/0x2c0 [ 45.221577] ? kfree+0x111/0x210 [ 45.224929] ? __mmu_notifier_register+0x30/0x30 [ 45.229673] ? __free_pages+0x10a/0x190 [ 45.233630] ? free_unref_page+0x930/0x930 [ 45.237851] kvm_put_kvm+0x73f/0x1060 [ 45.241636] ? kvm_write_guest_cached+0x40/0x40 [ 45.246286] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.250766] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.255246] ? lockdep_hardirqs_on+0x421/0x5c0 [ 45.260030] ? kasan_check_write+0x14/0x20 [ 45.264247] ? do_raw_spin_lock+0xc1/0x200 [ 45.268467] ? kvm_irqfd_release+0xdd/0x120 [ 45.272771] ? kvm_irqfd_release+0xdd/0x120 [ 45.277075] ? kvm_put_kvm+0x1060/0x1060 [ 45.281126] kvm_vm_release+0x42/0x50 [ 45.284916] __fput+0x38a/0xa40 [ 45.288180] ? __alloc_file+0x400/0x400 [ 45.292143] ? check_same_owner+0x340/0x340 [ 45.296454] ? kasan_check_write+0x14/0x20 [ 45.300674] ? do_raw_spin_lock+0xc1/0x200 [ 45.304890] ____fput+0x15/0x20 [ 45.308150] task_work_run+0x1e8/0x2a0 [ 45.312020] ? task_work_cancel+0x240/0x240 [ 45.316327] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.321846] ? switch_task_namespaces+0xa2/0xd0 [ 45.326496] do_exit+0x1ae4/0x26e0 [ 45.330042] ? mm_update_next_owner+0x9a0/0x9a0 [ 45.334706] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 45.338973] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.343977] ? kfree+0x1d7/0x210 [ 45.347373] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 45.351605] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 45.357308] ? is_bpf_text_address+0xd7/0x170 [ 45.361787] ? kernel_text_address+0x79/0xf0 [ 45.366226] ? __kernel_text_address+0xd/0x40 [ 45.370753] ? unwind_get_return_address+0x61/0xa0 [ 45.375736] ? __save_stack_trace+0x8d/0xf0 [ 45.380052] ? save_stack+0xa9/0xd0 [ 45.383670] ? save_stack+0x43/0xd0 [ 45.387283] ? __kasan_slab_free+0x11a/0x170 [ 45.391679] ? kasan_slab_free+0xe/0x10 [ 45.395636] ? putname+0xf2/0x130 [ 45.399075] ? __x64_sys_openat+0x9d/0x100 [ 45.403294] ? do_syscall_64+0x1b9/0x820 [ 45.407340] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.412903] ? trace_hardirqs_off+0xb8/0x2c0 [ 45.417303] ? kasan_check_read+0x11/0x20 [ 45.421436] ? do_raw_spin_unlock+0xa7/0x2f0 [ 45.425833] ? trace_hardirqs_on+0x2c0/0x2c0 [ 45.430230] ? initcall_blacklisted+0x9a/0x1e0 [ 45.434796] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 45.439886] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 45.445696] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.451219] ? do_vfs_ioctl+0x201/0x1720 [ 45.455265] ? rcu_is_watching+0x8c/0x150 [ 45.459395] ? trace_hardirqs_on+0xbd/0x2c0 [ 45.463706] ? ioctl_preallocate+0x300/0x300 [ 45.468102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.473621] ? __fget_light+0x2f7/0x440 [ 45.477574] ? fget_raw+0x20/0x20 [ 45.481015] ? putname+0xf2/0x130 [ 45.484462] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.489464] ? kmem_cache_free+0x246/0x280 [ 45.493688] ? putname+0xf7/0x130 [ 45.497128] do_group_exit+0x177/0x440 [ 45.500998] ? trace_hardirqs_on+0xbd/0x2c0 [ 45.505356] ? __ia32_sys_exit+0x50/0x50 [ 45.509404] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 45.514487] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.520006] ? ksys_ioctl+0x81/0xd0 [ 45.523624] __x64_sys_exit_group+0x3e/0x50 [ 45.527935] do_syscall_64+0x1b9/0x820 [ 45.531855] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 45.537214] ? syscall_return_slowpath+0x5e0/0x5e0 [ 45.542126] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.546950] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 45.551955] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 45.556967] ? prepare_exit_to_usermode+0x291/0x3b0 [ 45.561974] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.566806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.571978] RIP: 0033:0x43f028 [ 45.575152] Code: Bad RIP value. [ 45.578494] RSP: 002b:00007ffcea477b88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 45.586180] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 45.593432] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 45.600742] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 45.608002] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 45.615262] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 45.622517] [ 45.624126] Allocated by task 4289: [ 45.627736] save_stack+0x43/0xd0 [ 45.631214] kasan_kmalloc+0xc4/0xe0 [ 45.634974] kasan_slab_alloc+0x12/0x20 [ 45.638954] kmem_cache_alloc+0x12e/0x710 [ 45.643098] vmx_create_vcpu+0xcf/0x2830 [ 45.647145] kvm_arch_vcpu_create+0xe5/0x220 [ 45.651538] kvm_vm_ioctl+0x488/0x1d80 [ 45.655412] do_vfs_ioctl+0x1de/0x1720 [ 45.659282] ksys_ioctl+0xa9/0xd0 [ 45.662714] __x64_sys_ioctl+0x73/0xb0 [ 45.666636] do_syscall_64+0x1b9/0x820 [ 45.670515] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.675683] [ 45.677293] Freed by task 4289: [ 45.680574] save_stack+0x43/0xd0 [ 45.684025] __kasan_slab_free+0x11a/0x170 [ 45.688322] kasan_slab_free+0xe/0x10 [ 45.692120] kmem_cache_free+0x86/0x280 [ 45.696082] vmx_free_vcpu+0x26b/0x300 [ 45.699954] kvm_arch_destroy_vm+0x365/0x7c0 [ 45.704352] kvm_put_kvm+0x73f/0x1060 [ 45.708143] kvm_vm_release+0x42/0x50 [ 45.711992] __fput+0x38a/0xa40 [ 45.715256] ____fput+0x15/0x20 [ 45.718515] task_work_run+0x1e8/0x2a0 [ 45.722382] do_exit+0x1ae4/0x26e0 [ 45.725902] do_group_exit+0x177/0x440 [ 45.729767] __x64_sys_exit_group+0x3e/0x50 [ 45.734071] do_syscall_64+0x1b9/0x820 [ 45.737955] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.743229] [ 45.744852] The buggy address belongs to the object at ffff8801b8aa8040 [ 45.744852] which belongs to the cache kvm_vcpu of size 23872 [ 45.757407] The buggy address is located 24 bytes inside of [ 45.757407] 23872-byte region [ffff8801b8aa8040, ffff8801b8aadd80) [ 45.769461] The buggy address belongs to the page: [ 45.774419] page:ffffea0006e2aa00 count:1 mapcount:0 mapping:ffff8801d6017d80 index:0x0 compound_mapcount: 0 [ 45.784380] flags: 0x2fffc0000008100(slab|head) [ 45.789039] raw: 02fffc0000008100 ffff8801d600b648 ffff8801d600b648 ffff8801d6017d80 [ 45.796949] raw: 0000000000000000 ffff8801b8aa8040 0000000100000001 0000000000000000 [ 45.804870] page dumped because: kasan: bad access detected [ 45.810566] [ 45.812176] Memory state around the buggy address: [ 45.817088] ffff8801b8aa7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.824481] ffff8801b8aa7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.831838] >ffff8801b8aa8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 45.839283] ^ [ 45.845505] ffff8801b8aa8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.852911] ffff8801b8aa8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.860253] ================================================================== [ 45.867603] Kernel panic - not syncing: panic_on_warn set ... [ 45.867603] [ 45.874952] CPU: 1 PID: 4289 Comm: syz-executor577 Tainted: G B 4.19.0-rc2+ #226 [ 45.883769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.893105] Call Trace: [ 45.895681] dump_stack+0x1c9/0x2b4 [ 45.899296] ? dump_stack_print_info.cold.2+0x52/0x52 [ 45.904469] ? lock_downgrade+0x8f0/0x8f0 [ 45.908604] ? __schedule+0xf54/0x1df0 [ 45.912476] panic+0x238/0x4e7 [ 45.915656] ? add_taint.cold.5+0x16/0x16 [ 45.919787] ? print_shadow_for_address+0xba/0x116 [ 45.924700] ? trace_hardirqs_off+0xaf/0x2c0 [ 45.929098] ? trace_hardirqs_off+0x77/0x2c0 [ 45.933495] ? __schedule+0xf54/0x1df0 [ 45.937439] kasan_end_report+0x47/0x4f [ 45.941413] kasan_report.cold.7+0x76/0x30d [ 45.945763] __asan_report_load8_noabort+0x14/0x20 [ 45.950683] __schedule+0xf54/0x1df0 [ 45.954479] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 45.959576] ? __sched_text_start+0x8/0x8 [ 45.963708] ? __call_srcu+0x7e7/0x1040 [ 45.967668] ? check_same_owner+0x340/0x340 [ 45.971974] ? mark_held_locks+0x160/0x160 [ 45.976249] ? find_held_lock+0x36/0x1c0 [ 45.980303] preempt_schedule_common+0x22/0x60 [ 45.984872] _cond_resched+0x1d/0x30 [ 45.988574] wait_for_completion+0xa5/0x8d0 [ 45.992886] ? wait_for_completion_interruptible+0x950/0x950 [ 45.998708] ? __lockdep_init_map+0x105/0x590 [ 46.003196] ? __init_waitqueue_head+0x9e/0x150 [ 46.007892] ? init_wait_entry+0x1c0/0x1c0 [ 46.012117] __synchronize_srcu+0x189/0x240 [ 46.016425] ? call_srcu+0x10/0x10 [ 46.019950] ? rcu_unexpedite_gp+0x20/0x20 [ 46.024175] synchronize_srcu+0x335/0x56f [ 46.028310] ? lock_downgrade+0x8f0/0x8f0 [ 46.032447] ? synchronize_srcu_expedited+0x20/0x20 [ 46.037458] ? kasan_check_read+0x11/0x20 [ 46.041597] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 46.046209] ? kasan_check_write+0x14/0x20 [ 46.050440] ? do_raw_spin_lock+0xc1/0x200 [ 46.054661] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.060362] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 46.065846] ? kvfree+0x61/0x70 [ 46.069119] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.074128] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.078181] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.082575] ? kvm_arch_sync_events+0x30/0x30 [ 46.087054] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.092742] ? mmu_notifier_unregister+0x474/0x600 [ 46.097656] ? trace_hardirqs_on+0x2c0/0x2c0 [ 46.102050] ? kfree+0x111/0x210 [ 46.105401] ? __mmu_notifier_register+0x30/0x30 [ 46.110142] ? __free_pages+0x10a/0x190 [ 46.114103] ? free_unref_page+0x930/0x930 [ 46.118323] kvm_put_kvm+0x73f/0x1060 [ 46.122112] ? kvm_write_guest_cached+0x40/0x40 [ 46.126766] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.131241] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.135722] ? lockdep_hardirqs_on+0x421/0x5c0 [ 46.140291] ? kasan_check_write+0x14/0x20 [ 46.144507] ? do_raw_spin_lock+0xc1/0x200 [ 46.148936] ? kvm_irqfd_release+0xdd/0x120 [ 46.153277] ? kvm_irqfd_release+0xdd/0x120 [ 46.157616] ? kvm_put_kvm+0x1060/0x1060 [ 46.161680] kvm_vm_release+0x42/0x50 [ 46.165575] __fput+0x38a/0xa40 [ 46.168863] ? __alloc_file+0x400/0x400 [ 46.172852] ? check_same_owner+0x340/0x340 [ 46.177178] ? kasan_check_write+0x14/0x20 [ 46.181414] ? do_raw_spin_lock+0xc1/0x200 [ 46.185649] ____fput+0x15/0x20 [ 46.188930] task_work_run+0x1e8/0x2a0 [ 46.192821] ? task_work_cancel+0x240/0x240 [ 46.197380] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.202983] ? switch_task_namespaces+0xa2/0xd0 [ 46.207647] do_exit+0x1ae4/0x26e0 [ 46.211181] ? mm_update_next_owner+0x9a0/0x9a0 [ 46.215856] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 46.220083] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.225084] ? kfree+0x1d7/0x210 [ 46.228434] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 46.232661] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 46.238363] ? is_bpf_text_address+0xd7/0x170 [ 46.242846] ? kernel_text_address+0x79/0xf0 [ 46.247238] ? __kernel_text_address+0xd/0x40 [ 46.251725] ? unwind_get_return_address+0x61/0xa0 [ 46.256642] ? __save_stack_trace+0x8d/0xf0 [ 46.260950] ? save_stack+0xa9/0xd0 [ 46.264614] ? save_stack+0x43/0xd0 [ 46.268230] ? __kasan_slab_free+0x11a/0x170 [ 46.272660] ? kasan_slab_free+0xe/0x10 [ 46.276625] ? putname+0xf2/0x130 [ 46.280061] ? __x64_sys_openat+0x9d/0x100 [ 46.284317] ? do_syscall_64+0x1b9/0x820 [ 46.288371] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.293720] ? trace_hardirqs_off+0xb8/0x2c0 [ 46.298111] ? kasan_check_read+0x11/0x20 [ 46.302241] ? do_raw_spin_unlock+0xa7/0x2f0 [ 46.306627] ? trace_hardirqs_on+0x2c0/0x2c0 [ 46.311197] ? initcall_blacklisted+0x9a/0x1e0 [ 46.315771] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 46.320861] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 46.326560] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.332081] ? do_vfs_ioctl+0x201/0x1720 [ 46.336177] ? rcu_is_watching+0x8c/0x150 [ 46.340317] ? trace_hardirqs_on+0xbd/0x2c0 [ 46.344626] ? ioctl_preallocate+0x300/0x300 [ 46.349018] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.354534] ? __fget_light+0x2f7/0x440 [ 46.358502] ? fget_raw+0x20/0x20 [ 46.361938] ? putname+0xf2/0x130 [ 46.365378] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.370404] ? kmem_cache_free+0x246/0x280 [ 46.374650] ? putname+0xf7/0x130 [ 46.378107] do_group_exit+0x177/0x440 [ 46.381994] ? trace_hardirqs_on+0xbd/0x2c0 [ 46.386312] ? __ia32_sys_exit+0x50/0x50 [ 46.390375] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 46.395477] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.401010] ? ksys_ioctl+0x81/0xd0 [ 46.404638] __x64_sys_exit_group+0x3e/0x50 [ 46.408962] do_syscall_64+0x1b9/0x820 [ 46.412865] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 46.418238] ? syscall_return_slowpath+0x5e0/0x5e0 [ 46.423177] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.428017] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 46.433030] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 46.438047] ? prepare_exit_to_usermode+0x291/0x3b0 [ 46.443067] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.447914] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.453132] RIP: 0033:0x43f028 [ 46.456323] Code: Bad RIP value. [ 46.459686] RSP: 002b:00007ffcea477b88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 46.467394] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 46.474658] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 46.481922] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 46.489185] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 46.496452] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 46.503723] [ 46.503729] ====================================================== [ 46.503734] WARNING: possible circular locking dependency detected [ 46.503738] 4.19.0-rc2+ #226 Not tainted [ 46.503743] ------------------------------------------------------ [ 46.503748] syz-executor577/4289 is trying to acquire lock: [ 46.503751] 00000000b1ec8d9c ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 46.503779] [ 46.503783] but task is already holding lock: [ 46.503786] 0000000086b5778d (report_lock){....}, at: kasan_report+0x8e/0x110 [ 46.503799] [ 46.503803] which lock already depends on the new lock. [ 46.503813] [ 46.503815] [ 46.503820] the existing dependency chain (in reverse order) is: [ 46.503822] [ 46.503824] -> #3 (report_lock){....}: [ 46.503838] _raw_spin_lock_irqsave+0x96/0xc0 [ 46.503842] kasan_report+0x8e/0x110 [ 46.503846] __asan_report_load8_noabort+0x14/0x20 [ 46.503850] __schedule+0xf54/0x1df0 [ 46.503854] preempt_schedule_common+0x22/0x60 [ 46.503857] _cond_resched+0x1d/0x30 [ 46.503861] wait_for_completion+0xa5/0x8d0 [ 46.503865] __synchronize_srcu+0x189/0x240 [ 46.503869] synchronize_srcu+0x335/0x56f [ 46.503874] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.503878] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.503882] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.503885] kvm_put_kvm+0x73f/0x1060 [ 46.503889] kvm_vm_release+0x42/0x50 [ 46.503892] __fput+0x38a/0xa40 [ 46.503896] ____fput+0x15/0x20 [ 46.503913] task_work_run+0x1e8/0x2a0 [ 46.503916] do_exit+0x1ae4/0x26e0 [ 46.503920] do_group_exit+0x177/0x440 [ 46.503923] __x64_sys_exit_group+0x3e/0x50 [ 46.503939] do_syscall_64+0x1b9/0x820 [ 46.503943] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.503945] [ 46.503948] -> #2 (&rq->lock){-.-.}: [ 46.503961] _raw_spin_lock+0x2a/0x40 [ 46.503964] task_fork_fair+0x93/0x680 [ 46.503968] sched_fork+0x44b/0xbd0 [ 46.503984] copy_process+0x235e/0x7af0 [ 46.503987] _do_fork+0x1ca/0x1170 [ 46.503991] kernel_thread+0x34/0x40 [ 46.503994] rest_init+0x22/0xe4 [ 46.503998] start_kernel+0x913/0x94e [ 46.504002] x86_64_start_reservations+0x29/0x2b [ 46.504006] x86_64_start_kernel+0x76/0x79 [ 46.504010] secondary_startup_64+0xa4/0xb0 [ 46.504013] [ 46.504015] -> #1 (&p->pi_lock){-.-.}: [ 46.504029] _raw_spin_lock_irqsave+0x96/0xc0 [ 46.504033] try_to_wake_up+0xd2/0x1250 [ 46.504037] wake_up_process+0x10/0x20 [ 46.504040] __up.isra.1+0x1c0/0x2a0 [ 46.504044] up+0x13c/0x1c0 [ 46.504047] __up_console_sem+0xbe/0x1b0 [ 46.504051] console_unlock+0x506/0x10e0 [ 46.504055] vprintk_emit+0x33a/0x910 [ 46.504059] vprintk_default+0x28/0x30 [ 46.504063] vprintk_func+0x7a/0x117 [ 46.504066] printk+0xa7/0xcf [ 46.504069] load_umh+0x51/0xbd [ 46.504073] do_one_initcall+0x127/0x838 [ 46.504077] kernel_init_freeable+0x4bb/0x5ae [ 46.504081] kernel_init+0x11/0x1b3 [ 46.504085] ret_from_fork+0x3a/0x50 [ 46.504087] [ 46.504089] -> #0 ((console_sem).lock){-...}: [ 46.504103] lock_acquire+0x1e4/0x4f0 [ 46.504107] _raw_spin_lock_irqsave+0x96/0xc0 [ 46.504111] down_trylock+0x13/0x70 [ 46.504115] __down_trylock_console_sem+0xae/0x200 [ 46.504119] console_trylock+0x15/0xa0 [ 46.504123] vprintk_emit+0x31f/0x910 [ 46.504127] vprintk_default+0x28/0x30 [ 46.504130] vprintk_func+0x7a/0x117 [ 46.504134] printk+0xa7/0xcf [ 46.504137] kasan_report+0x9e/0x110 [ 46.504142] __asan_report_load8_noabort+0x14/0x20 [ 46.504146] __schedule+0xf54/0x1df0 [ 46.504150] preempt_schedule_common+0x22/0x60 [ 46.504154] _cond_resched+0x1d/0x30 [ 46.504158] wait_for_completion+0xa5/0x8d0 [ 46.504162] __synchronize_srcu+0x189/0x240 [ 46.504166] synchronize_srcu+0x335/0x56f [ 46.504171] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.504174] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.504179] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.504182] kvm_put_kvm+0x73f/0x1060 [ 46.504186] kvm_vm_release+0x42/0x50 [ 46.504190] __fput+0x38a/0xa40 [ 46.504193] ____fput+0x15/0x20 [ 46.504197] task_work_run+0x1e8/0x2a0 [ 46.504200] do_exit+0x1ae4/0x26e0 [ 46.504204] do_group_exit+0x177/0x440 [ 46.504208] __x64_sys_exit_group+0x3e/0x50 [ 46.504212] do_syscall_64+0x1b9/0x820 [ 46.504217] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.504219] [ 46.504223] other info that might help us debug this: [ 46.504225] [ 46.504228] Chain exists of: [ 46.504230] (console_sem).lock --> &rq->lock --> report_lock [ 46.504248] [ 46.504252] Possible unsafe locking scenario: [ 46.504254] [ 46.504272] CPU0 CPU1 [ 46.504275] ---- ---- [ 46.504278] lock(report_lock); [ 46.504286] lock(&rq->lock); [ 46.504307] lock(report_lock); [ 46.504315] lock((console_sem).lock); [ 46.504323] [ 46.504326] *** DEADLOCK *** [ 46.504328] [ 46.504338] 2 locks held by syz-executor577/4289: [ 46.504340] #0: 000000008d9101c8 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 46.504357] #1: 0000000086b5778d (report_lock){....}, at: kasan_report+0x8e/0x110 [ 46.504374] [ 46.504377] stack backtrace: [ 46.504382] CPU: 1 PID: 4289 Comm: syz-executor577 Not tainted 4.19.0-rc2+ #226 [ 46.504389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.504392] Call Trace: [ 46.504396] dump_stack+0x1c9/0x2b4 [ 46.504401] ? dump_stack_print_info.cold.2+0x52/0x52 [ 46.504404] ? vprintk_func+0x100/0x117 [ 46.504409] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 46.504413] ? save_trace+0xe0/0x290 [ 46.504417] __lock_acquire+0x3449/0x5020 [ 46.504421] ? mark_held_locks+0x160/0x160 [ 46.504425] ? mark_held_locks+0x160/0x160 [ 46.504429] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 46.504433] ? is_bpf_text_address+0xd7/0x170 [ 46.504437] ? kernel_text_address+0x79/0xf0 [ 46.504441] ? __kernel_text_address+0xd/0x40 [ 46.504445] ? __save_stack_trace+0x8d/0xf0 [ 46.504450] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 46.504453] ? save_trace+0x290/0x290 [ 46.504457] ? save_stack_trace+0x1a/0x20 [ 46.504461] ? save_trace+0xe0/0x290 [ 46.504465] ? graph_lock+0x170/0x170 [ 46.504469] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.504473] lock_acquire+0x1e4/0x4f0 [ 46.504477] ? down_trylock+0x13/0x70 [ 46.504481] ? lock_release+0x9f0/0x9f0 [ 46.504485] ? trace_hardirqs_off+0xb8/0x2c0 [ 46.504489] ? trace_hardirqs_on+0x2c0/0x2c0 [ 46.504493] ? trace_hardirqs_off+0xb8/0x2c0 [ 46.504496] ? log_store+0x34f/0x4c0 [ 46.504500] ? vprintk_emit+0x31f/0x910 [ 46.504504] _raw_spin_lock_irqsave+0x96/0xc0 [ 46.504508] ? down_trylock+0x13/0x70 [ 46.504512] down_trylock+0x13/0x70 [ 46.504517] __down_trylock_console_sem+0xae/0x200 [ 46.504520] console_trylock+0x15/0xa0 [ 46.504524] vprintk_emit+0x31f/0x910 [ 46.504528] ? wake_up_klogd+0x110/0x110 [ 46.504532] ? run_rebalance_domains+0x4c0/0x4c0 [ 46.504536] ? kasan_check_read+0x11/0x20 [ 46.504540] ? rcu_is_watching+0x8c/0x150 [ 46.504544] ? rcu_pm_notify+0xc0/0xc0 [ 46.504547] ? lock_acquire+0x1e4/0x4f0 [ 46.504551] ? kasan_report+0x8e/0x110 [ 46.504555] ? __schedule+0xf54/0x1df0 [ 46.504559] vprintk_default+0x28/0x30 [ 46.504562] vprintk_func+0x7a/0x117 [ 46.504566] printk+0xa7/0xcf [ 46.504570] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 46.504585] ? kasan_check_write+0x14/0x20 [ 46.504589] ? do_raw_spin_lock+0xc1/0x200 [ 46.504593] ? do_raw_spin_lock+0xc1/0x200 [ 46.504597] kasan_report+0x9e/0x110 [ 46.504601] __asan_report_load8_noabort+0x14/0x20 [ 46.504605] __schedule+0xf54/0x1df0 [ 46.504609] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 46.504613] ? __sched_text_start+0x8/0x8 [ 46.504617] ? __call_srcu+0x7e7/0x1040 [ 46.504621] ? check_same_owner+0x340/0x340 [ 46.504625] ? mark_held_locks+0x160/0x160 [ 46.504629] ? find_held_lock+0x36/0x1c0 [ 46.504633] preempt_schedule_common+0x22/0x60 [ 46.504637] _cond_resched+0x1d/0x30 [ 46.504641] wait_for_completion+0xa5/0x8d0 [ 46.504646] ? wait_for_completion_interruptible+0x950/0x950 [ 46.504650] ? __lockdep_init_map+0x105/0x590 [ 46.504654] ? __init_waitqueue_head+0x9e/0x150 [ 46.504658] ? init_wait_entry+0x1c0/0x1c0 [ 46.504662] __synchronize_srcu+0x189/0x240 [ 46.504666] ? call_srcu+0x10/0x10 [ 46.504670] ? rcu_unexpedite_gp+0x20/0x20 [ 46.504674] synchronize_srcu+0x335/0x56f [ 46.504678] ? lock_downgrade+0x8f0/0x8f0 [ 46.504682] ? synchronize_srcu_expedited+0x20/0x20 [ 46.504686] ? kasan_check_read+0x11/0x20 [ 46.504691] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 46.504695] ? kasan_check_write+0x14/0x20 [ 46.504699] ? do_raw_spin_lock+0xc1/0x200 [ 46.504704] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.504708] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 46.504712] ? kvfree+0x61/0x70 [ 46.504716] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.504720] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.504724] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.504728] ? kvm_arch_sync_events+0x30/0x30 [ 46.504733] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.504738] ? mmu_notifier_unregister+0x474/0x600 [ 46.504742] ? trace_hardirqs_on+0x2c0/0x2c0 [ 46.504745] ? kfree+0x111/0x210 [ 46.504749] ? __mmu_notifier_register+0x30/0x30 [ 46.504753] ? __free_pages+0x10a/0x190 [ 46.504757] ? free_unref_page+0x930/0x930 [ 46.504761] kvm_put_kvm+0x73f/0x1060 [ 46.504765] ? kvm_write_guest_cached+0x40/0x40 [ 46.504769] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.504774] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.504778] ? lockdep_hardirqs_on+0x421/0x5c0 [ 46.504782] ? kasan_check_write+0x14/0x20 [ 46.504786] ? do_raw_spin_lock+0xc1/0x200 [ 46.504790] ? kvm_irqfd_release+0xdd/0x120 [ 46.504794] ? kvm_irqfd_release+0xdd/0x120 [ 46.504798] ? kvm_put_kvm+0x1060/0x1060 [ 46.504801] kvm_vm_release+0x42/0x50 [ 46.504810] __fput+0x38a/0xa40 [ 46.504814] ? __alloc_file+0x400/0x400 [ 46.504818] ? check_same_owner+0x340/0x340 [ 46.504822] ? kasan_check_write+0x14/0x20 [ 46.504826] ? do_raw_spin_lock+0xc1/0x200 [ 46.504829] ____fput+0x15/0x20 [ 46.504833] task_work_run+0x1e8/0x2a0 [ 46.504837] ? task_work_cancel+0x240/0x240 [ 46.504843] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.504847] ? switch_task_namespaces+0xa2/0xd0 [ 46.504850] do_exit+0x1ae4/0x26e0 [ 46.504855] ? mm_update_next_owner+0x9a0/0x9a0 [ 46.504859] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 46.504863] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.504867] ? kfree+0x1d7/0x210 [ 46.504870] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 46.504875] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 46.504879] ? is_bpf_text_address+0xd7/0x170 [ 46.504882] ? [ 46.504889] Lost 55 message(s)! [ 47.574065] Shutting down cpus with NMI [ 48.639671] Dumping ftrace buffer: [ 48.643197] (ftrace buffer empty) [ 48.646911] Kernel Offset: disabled [ 48.650524] Rebooting in 86400 seconds..