[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.416532] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.559878] random: sshd: uninitialized urandom read (32 bytes read) [ 24.788588] random: sshd: uninitialized urandom read (32 bytes read) [ 25.348193] random: sshd: uninitialized urandom read (32 bytes read) [ 29.581416] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts. [ 35.271063] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 35.374980] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 35.399977] ================================================================== [ 35.409907] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 35.416139] Read of size 8 at addr ffff8801b9d28058 by task syz-executor938/4640 [ 35.423667] [ 35.425305] CPU: 1 PID: 4640 Comm: syz-executor938 Not tainted 4.19.0-rc1+ #216 [ 35.432758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.442111] Call Trace: [ 35.444708] dump_stack+0x1c9/0x2b4 [ 35.448345] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.453532] ? printk+0xa7/0xcf [ 35.456809] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.461568] ? __schedule+0xf54/0x1df0 [ 35.465455] print_address_description+0x6c/0x20b [ 35.470303] ? __schedule+0xf54/0x1df0 [ 35.474198] kasan_report.cold.7+0x242/0x30d [ 35.478608] __asan_report_load8_noabort+0x14/0x20 [ 35.483537] __schedule+0xf54/0x1df0 [ 35.487250] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.492380] ? __sched_text_start+0x8/0x8 [ 35.496538] ? __call_srcu+0x7e7/0x1040 [ 35.500520] ? check_same_owner+0x340/0x340 [ 35.505252] ? mark_held_locks+0x160/0x160 [ 35.509483] ? find_held_lock+0x36/0x1c0 [ 35.513546] preempt_schedule_common+0x22/0x60 [ 35.518135] _cond_resched+0x1d/0x30 [ 35.521850] wait_for_completion+0xa5/0x8d0 [ 35.526173] ? wait_for_completion_interruptible+0x950/0x950 [ 35.531967] ? __lockdep_init_map+0x105/0x590 [ 35.536470] ? __init_waitqueue_head+0x9e/0x150 [ 35.541134] ? init_wait_entry+0x1c0/0x1c0 [ 35.545370] __synchronize_srcu+0x189/0x240 [ 35.549692] ? call_srcu+0x10/0x10 [ 35.553234] ? rcu_unexpedite_gp+0x20/0x20 [ 35.557472] synchronize_srcu+0x335/0x56f [ 35.561619] ? lock_downgrade+0x8f0/0x8f0 [ 35.565762] ? synchronize_srcu_expedited+0x20/0x20 [ 35.570777] ? kasan_check_read+0x11/0x20 [ 35.574925] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.579506] ? kasan_check_write+0x14/0x20 [ 35.583738] ? do_raw_spin_lock+0xc1/0x200 [ 35.587977] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.593687] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.599163] ? kvfree+0x61/0x70 [ 35.602454] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.607474] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.611535] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.615946] ? kvm_arch_sync_events+0x30/0x30 [ 35.620442] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.625982] ? mmu_notifier_unregister+0x474/0x600 [ 35.630916] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.635330] ? kfree+0x111/0x210 [ 35.638696] ? __mmu_notifier_register+0x30/0x30 [ 35.643450] ? __free_pages+0x10a/0x190 [ 35.647423] ? free_unref_page+0x930/0x930 [ 35.651669] kvm_put_kvm+0x73f/0x1060 [ 35.655476] ? kvm_write_guest_cached+0x40/0x40 [ 35.660147] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.664640] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.669133] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.673719] ? kasan_check_write+0x14/0x20 [ 35.677954] ? do_raw_spin_lock+0xc1/0x200 [ 35.682190] ? kvm_irqfd_release+0xdd/0x120 [ 35.686514] ? kvm_irqfd_release+0xdd/0x120 [ 35.690840] ? kvm_put_kvm+0x1060/0x1060 [ 35.694906] kvm_vm_release+0x42/0x50 [ 35.698711] __fput+0x38a/0xa40 [ 35.701993] ? __alloc_file+0x400/0x400 [ 35.705968] ? check_same_owner+0x340/0x340 [ 35.710292] ? kasan_check_write+0x14/0x20 [ 35.714532] ? do_raw_spin_lock+0xc1/0x200 [ 35.718768] ____fput+0x15/0x20 [ 35.722049] task_work_run+0x1e8/0x2a0 [ 35.725937] ? task_work_cancel+0x240/0x240 [ 35.730264] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.735807] ? switch_task_namespaces+0xa2/0xd0 [ 35.740488] do_exit+0x1ae4/0x26e0 [ 35.744041] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.748730] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.752981] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.758005] ? kfree+0x1d7/0x210 [ 35.761380] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.765639] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.771361] ? is_bpf_text_address+0xd7/0x170 [ 35.775861] ? kernel_text_address+0x79/0xf0 [ 35.780267] ? __kernel_text_address+0xd/0x40 [ 35.784763] ? unwind_get_return_address+0x61/0xa0 [ 35.789693] ? __save_stack_trace+0x8d/0xf0 [ 35.794024] ? save_stack+0xa9/0xd0 [ 35.797655] ? save_stack+0x43/0xd0 [ 35.801284] ? __kasan_slab_free+0x11a/0x170 [ 35.805719] ? kasan_slab_free+0xe/0x10 [ 35.809695] ? putname+0xf2/0x130 [ 35.813152] ? __x64_sys_openat+0x9d/0x100 [ 35.817398] ? do_syscall_64+0x1b9/0x820 [ 35.821464] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.826830] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.831236] ? kasan_check_read+0x11/0x20 [ 35.835395] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.839800] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.844209] ? initcall_blacklisted+0x9a/0x1e0 [ 35.848790] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.853895] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.859621] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.865167] ? do_vfs_ioctl+0x201/0x1720 [ 35.869243] ? rcu_is_watching+0x8c/0x150 [ 35.873407] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.877742] ? ioctl_preallocate+0x300/0x300 [ 35.882164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.887717] ? __fget_light+0x2f7/0x440 [ 35.891700] ? fget_raw+0x20/0x20 [ 35.895150] ? putname+0xf2/0x130 [ 35.898604] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.903614] ? kmem_cache_free+0x246/0x280 [ 35.907846] ? putname+0xf7/0x130 [ 35.911301] do_group_exit+0x177/0x440 [ 35.915195] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.919523] ? __ia32_sys_exit+0x50/0x50 [ 35.923579] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.928681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.934215] ? ksys_ioctl+0x81/0xd0 [ 35.937848] __x64_sys_exit_group+0x3e/0x50 [ 35.942169] do_syscall_64+0x1b9/0x820 [ 35.946058] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.951421] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.956355] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.961284] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.966305] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.971337] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.976353] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.981201] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.986390] RIP: 0033:0x43f028 [ 35.989580] Code: Bad RIP value. [ 35.992940] RSP: 002b:00007ffc7e336138 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.000646] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 36.007912] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.015175] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.022438] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.029699] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 36.036965] [ 36.038587] Allocated by task 4640: [ 36.042220] save_stack+0x43/0xd0 [ 36.045671] kasan_kmalloc+0xc4/0xe0 [ 36.049390] kasan_slab_alloc+0x12/0x20 [ 36.053359] kmem_cache_alloc+0x12e/0x710 [ 36.057509] vmx_create_vcpu+0xcf/0x2830 [ 36.061568] kvm_arch_vcpu_create+0xe5/0x220 [ 36.065971] kvm_vm_ioctl+0x488/0x1d80 [ 36.069852] do_vfs_ioctl+0x1de/0x1720 [ 36.073732] ksys_ioctl+0xa9/0xd0 [ 36.077182] __x64_sys_ioctl+0x73/0xb0 [ 36.081066] do_syscall_64+0x1b9/0x820 [ 36.084952] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.090134] [ 36.091750] Freed by task 4640: [ 36.095024] save_stack+0x43/0xd0 [ 36.098470] __kasan_slab_free+0x11a/0x170 [ 36.102700] kasan_slab_free+0xe/0x10 [ 36.106495] kmem_cache_free+0x86/0x280 [ 36.110464] vmx_free_vcpu+0x26b/0x300 [ 36.114346] kvm_arch_destroy_vm+0x365/0x7c0 [ 36.118755] kvm_put_kvm+0x73f/0x1060 [ 36.122548] kvm_vm_release+0x42/0x50 [ 36.126345] __fput+0x38a/0xa40 [ 36.129617] ____fput+0x15/0x20 [ 36.132889] task_work_run+0x1e8/0x2a0 [ 36.136772] do_exit+0x1ae4/0x26e0 [ 36.140309] do_group_exit+0x177/0x440 [ 36.144198] __x64_sys_exit_group+0x3e/0x50 [ 36.148513] do_syscall_64+0x1b9/0x820 [ 36.152403] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.157581] [ 36.159206] The buggy address belongs to the object at ffff8801b9d28040 [ 36.159206] which belongs to the cache kvm_vcpu of size 23872 [ 36.171779] The buggy address is located 24 bytes inside of [ 36.171779] 23872-byte region [ffff8801b9d28040, ffff8801b9d2dd80) [ 36.183737] The buggy address belongs to the page: [ 36.188664] page:ffffea0006e74a00 count:1 mapcount:0 mapping:ffff8801d5216c00 index:0x0 compound_mapcount: 0 [ 36.198629] flags: 0x2fffc0000008100(slab|head) [ 36.203305] raw: 02fffc0000008100 ffff8801d5212748 ffff8801d5212748 ffff8801d5216c00 [ 36.211224] raw: 0000000000000000 ffff8801b9d28040 0000000100000001 0000000000000000 [ 36.219092] page dumped because: kasan: bad access detected [ 36.224789] [ 36.226404] Memory state around the buggy address: [ 36.231334] ffff8801b9d27f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.238691] ffff8801b9d27f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.246047] >ffff8801b9d28000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 36.253400] ^ [ 36.259632] ffff8801b9d28080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.266989] ffff8801b9d28100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.274346] ================================================================== [ 36.281696] Kernel panic - not syncing: panic_on_warn set ... [ 36.281696] [ 36.289083] CPU: 1 PID: 4640 Comm: syz-executor938 Tainted: G B 4.19.0-rc1+ #216 [ 36.297914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.307263] Call Trace: [ 36.309857] dump_stack+0x1c9/0x2b4 [ 36.313487] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.318674] ? lock_downgrade+0x8f0/0x8f0 [ 36.322817] ? __schedule+0xf54/0x1df0 [ 36.326700] panic+0x238/0x4e7 [ 36.329890] ? add_taint.cold.5+0x16/0x16 [ 36.334040] ? print_shadow_for_address+0xba/0x116 [ 36.338967] ? trace_hardirqs_off+0xaf/0x2b0 [ 36.343373] ? trace_hardirqs_off+0x77/0x2b0 [ 36.347785] ? __schedule+0xf54/0x1df0 [ 36.351672] kasan_end_report+0x47/0x4f [ 36.355645] kasan_report.cold.7+0x76/0x30d [ 36.359970] __asan_report_load8_noabort+0x14/0x20 [ 36.364894] __schedule+0xf54/0x1df0 [ 36.368608] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.374076] ? __sched_text_start+0x8/0x8 [ 36.378253] ? __call_srcu+0x7e7/0x1040 [ 36.382232] ? check_same_owner+0x340/0x340 [ 36.386547] ? mark_held_locks+0x160/0x160 [ 36.390778] ? find_held_lock+0x36/0x1c0 [ 36.394842] preempt_schedule_common+0x22/0x60 [ 36.399420] _cond_resched+0x1d/0x30 [ 36.403137] wait_for_completion+0xa5/0x8d0 [ 36.407460] ? wait_for_completion_interruptible+0x950/0x950 [ 36.413255] ? __lockdep_init_map+0x105/0x590 [ 36.417749] ? __init_waitqueue_head+0x9e/0x150 [ 36.422418] ? init_wait_entry+0x1c0/0x1c0 [ 36.426652] __synchronize_srcu+0x189/0x240 [ 36.430968] ? call_srcu+0x10/0x10 [ 36.434506] ? rcu_unexpedite_gp+0x20/0x20 [ 36.438743] synchronize_srcu+0x335/0x56f [ 36.442890] ? lock_downgrade+0x8f0/0x8f0 [ 36.447033] ? synchronize_srcu_expedited+0x20/0x20 [ 36.452051] ? kasan_check_read+0x11/0x20 [ 36.456196] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.460773] ? kasan_check_write+0x14/0x20 [ 36.465007] ? do_raw_spin_lock+0xc1/0x200 [ 36.469245] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.474953] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.480407] ? kvfree+0x61/0x70 [ 36.483691] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.488705] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.492766] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.497180] ? kvm_arch_sync_events+0x30/0x30 [ 36.501680] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.507208] ? mmu_notifier_unregister+0x474/0x600 [ 36.512118] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.516509] ? kfree+0x111/0x210 [ 36.519857] ? __mmu_notifier_register+0x30/0x30 [ 36.524594] ? __free_pages+0x10a/0x190 [ 36.528615] ? free_unref_page+0x930/0x930 [ 36.532866] kvm_put_kvm+0x73f/0x1060 [ 36.536673] ? kvm_write_guest_cached+0x40/0x40 [ 36.541349] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.545844] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.550344] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.554928] ? kasan_check_write+0x14/0x20 [ 36.559161] ? do_raw_spin_lock+0xc1/0x200 [ 36.563394] ? kvm_irqfd_release+0xdd/0x120 [ 36.567714] ? kvm_irqfd_release+0xdd/0x120 [ 36.572036] ? kvm_put_kvm+0x1060/0x1060 [ 36.576096] kvm_vm_release+0x42/0x50 [ 36.579894] __fput+0x38a/0xa40 [ 36.583175] ? __alloc_file+0x400/0x400 [ 36.587154] ? check_same_owner+0x340/0x340 [ 36.591474] ? kasan_check_write+0x14/0x20 [ 36.595710] ? do_raw_spin_lock+0xc1/0x200 [ 36.599942] ____fput+0x15/0x20 [ 36.603217] task_work_run+0x1e8/0x2a0 [ 36.607100] ? task_work_cancel+0x240/0x240 [ 36.611424] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.616962] ? switch_task_namespaces+0xa2/0xd0 [ 36.621635] do_exit+0x1ae4/0x26e0 [ 36.625174] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.629846] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.634090] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.639103] ? kfree+0x1d7/0x210 [ 36.642468] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.646703] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.652411] ? is_bpf_text_address+0xd7/0x170 [ 36.656904] ? kernel_text_address+0x79/0xf0 [ 36.661312] ? __kernel_text_address+0xd/0x40 [ 36.665813] ? unwind_get_return_address+0x61/0xa0 [ 36.670744] ? __save_stack_trace+0x8d/0xf0 [ 36.675068] ? save_stack+0xa9/0xd0 [ 36.678693] ? save_stack+0x43/0xd0 [ 36.682322] ? __kasan_slab_free+0x11a/0x170 [ 36.686733] ? kasan_slab_free+0xe/0x10 [ 36.690702] ? putname+0xf2/0x130 [ 36.694156] ? __x64_sys_openat+0x9d/0x100 [ 36.698404] ? do_syscall_64+0x1b9/0x820 [ 36.702464] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.707838] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.712243] ? kasan_check_read+0x11/0x20 [ 36.716392] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.720799] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.725206] ? initcall_blacklisted+0x9a/0x1e0 [ 36.729791] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.734899] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.740612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.746146] ? do_vfs_ioctl+0x201/0x1720 [ 36.750204] ? rcu_is_watching+0x8c/0x150 [ 36.754347] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.758677] ? ioctl_preallocate+0x300/0x300 [ 36.763091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.768636] ? __fget_light+0x2f7/0x440 [ 36.772617] ? fget_raw+0x20/0x20 [ 36.776069] ? putname+0xf2/0x130 [ 36.779523] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.784544] ? kmem_cache_free+0x246/0x280 [ 36.788780] ? putname+0xf7/0x130 [ 36.792332] do_group_exit+0x177/0x440 [ 36.796218] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.800540] ? __ia32_sys_exit+0x50/0x50 [ 36.804600] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.809702] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.815239] ? ksys_ioctl+0x81/0xd0 [ 36.818874] __x64_sys_exit_group+0x3e/0x50 [ 36.823196] do_syscall_64+0x1b9/0x820 [ 36.827087] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.832455] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.837384] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.842223] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.847245] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.852260] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.857279] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.862123] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.867310] RIP: 0033:0x43f028 [ 36.870526] Code: Bad RIP value. [ 36.873972] RSP: 002b:00007ffc7e336138 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.881688] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 36.888960] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.896239] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.903511] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.910781] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 36.918332] [ 36.918338] ====================================================== [ 36.918343] WARNING: possible circular locking dependency detected [ 36.918347] 4.19.0-rc1+ #216 Not tainted [ 36.918352] ------------------------------------------------------ [ 36.918357] syz-executor938/4640 is trying to acquire lock: [ 36.918371] 000000001aff919d ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 36.918385] [ 36.918389] but task is already holding lock: [ 36.918393] 00000000ed79667b (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.918407] [ 36.918411] which lock already depends on the new lock. [ 36.918413] [ 36.918416] [ 36.918421] the existing dependency chain (in reverse order) is: [ 36.918423] [ 36.918425] -> #3 (report_lock){....}: [ 36.918440] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.918443] kasan_report+0x8e/0x110 [ 36.918448] __asan_report_load8_noabort+0x14/0x20 [ 36.918452] __schedule+0xf54/0x1df0 [ 36.918456] preempt_schedule_common+0x22/0x60 [ 36.918460] _cond_resched+0x1d/0x30 [ 36.918464] wait_for_completion+0xa5/0x8d0 [ 36.918468] __synchronize_srcu+0x189/0x240 [ 36.918472] synchronize_srcu+0x335/0x56f [ 36.918477] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.918481] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.918485] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.918490] kvm_put_kvm+0x73f/0x1060 [ 36.918494] kvm_vm_release+0x42/0x50 [ 36.918497] __fput+0x38a/0xa40 [ 36.918501] ____fput+0x15/0x20 [ 36.918504] task_work_run+0x1e8/0x2a0 [ 36.918508] do_exit+0x1ae4/0x26e0 [ 36.918512] do_group_exit+0x177/0x440 [ 36.918516] __x64_sys_exit_group+0x3e/0x50 [ 36.918520] do_syscall_64+0x1b9/0x820 [ 36.918525] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.918527] [ 36.918529] -> #2 (&rq->lock){-.-.}: [ 36.918543] _raw_spin_lock+0x2a/0x40 [ 36.918547] task_fork_fair+0x93/0x680 [ 36.918551] sched_fork+0x44b/0xbd0 [ 36.918555] copy_process+0x235e/0x7ad0 [ 36.918558] _do_fork+0x1ca/0x1170 [ 36.918562] kernel_thread+0x34/0x40 [ 36.918566] rest_init+0x22/0xe4 [ 36.918570] start_kernel+0x913/0x94e [ 36.918574] x86_64_start_reservations+0x29/0x2b [ 36.918578] x86_64_start_kernel+0x76/0x79 [ 36.918582] secondary_startup_64+0xa4/0xb0 [ 36.918584] [ 36.918587] -> #1 (&p->pi_lock){-.-.}: [ 36.918601] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.918605] try_to_wake_up+0xd2/0x1250 [ 36.918609] wake_up_process+0x10/0x20 [ 36.918612] __up.isra.1+0x1c0/0x2a0 [ 36.918616] up+0x13c/0x1c0 [ 36.918620] __up_console_sem+0xbe/0x1b0 [ 36.918624] console_unlock+0x506/0x10d0 [ 36.918627] vprintk_emit+0x33a/0x910 [ 36.918631] vprintk_default+0x28/0x30 [ 36.918635] vprintk_func+0x7a/0x117 [ 36.918638] printk+0xa7/0xcf [ 36.918642] load_umh+0x51/0xbd [ 36.918646] do_one_initcall+0x127/0x838 [ 36.918650] kernel_init_freeable+0x4bb/0x5ae [ 36.918654] kernel_init+0x11/0x1b3 [ 36.918657] ret_from_fork+0x3a/0x50 [ 36.918660] [ 36.918662] -> #0 ((console_sem).lock){-...}: [ 36.918676] lock_acquire+0x1e4/0x4f0 [ 36.918680] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.918684] down_trylock+0x13/0x70 [ 36.918689] __down_trylock_console_sem+0xae/0x200 [ 36.918693] console_trylock+0x15/0xa0 [ 36.918696] vprintk_emit+0x31f/0x910 [ 36.918700] vprintk_default+0x28/0x30 [ 36.918704] vprintk_func+0x7a/0x117 [ 36.918707] printk+0xa7/0xcf [ 36.918711] kasan_report+0x9e/0x110 [ 36.918716] __asan_report_load8_noabort+0x14/0x20 [ 36.918719] __schedule+0xf54/0x1df0 [ 36.918724] preempt_schedule_common+0x22/0x60 [ 36.918727] _cond_resched+0x1d/0x30 [ 36.918731] wait_for_completion+0xa5/0x8d0 [ 36.918736] __synchronize_srcu+0x189/0x240 [ 36.918740] synchronize_srcu+0x335/0x56f [ 36.918745] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.918748] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.918753] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.918756] kvm_put_kvm+0x73f/0x1060 [ 36.918760] kvm_vm_release+0x42/0x50 [ 36.918764] __fput+0x38a/0xa40 [ 36.918767] ____fput+0x15/0x20 [ 36.918771] task_work_run+0x1e8/0x2a0 [ 36.918775] do_exit+0x1ae4/0x26e0 [ 36.918779] do_group_exit+0x177/0x440 [ 36.918783] __x64_sys_exit_group+0x3e/0x50 [ 36.918787] do_syscall_64+0x1b9/0x820 [ 36.918791] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.918793] [ 36.918798] other info that might help us debug this: [ 36.918800] [ 36.918803] Chain exists of: [ 36.918805] (console_sem).lock --> &rq->lock --> report_lock [ 36.918823] [ 36.918827] Possible unsafe locking scenario: [ 36.918830] [ 36.918834] CPU0 CPU1 [ 36.918838] ---- ---- [ 36.918840] lock(report_lock); [ 36.918849] lock(&rq->lock); [ 36.918858] lock(report_lock); [ 36.918866] lock((console_sem).lock); [ 36.918874] [ 36.918877] *** DEADLOCK *** [ 36.918880] [ 36.918884] 2 locks held by syz-executor938/4640: [ 36.918886] #0: 0000000006fe2d15 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 36.918903] #1: 00000000ed79667b (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.918920] [ 36.918923] stack backtrace: [ 36.918928] CPU: 1 PID: 4640 Comm: syz-executor938 Not tainted 4.19.0-rc1+ #216 [ 36.918935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.918938] Call Trace: [ 36.918942] dump_stack+0x1c9/0x2b4 [ 36.918947] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.918951] ? vprintk_func+0x100/0x117 [ 36.918956] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 36.918959] ? save_trace+0xe0/0x290 [ 36.918963] __lock_acquire+0x3449/0x5020 [ 36.918967] ? mark_held_locks+0x160/0x160 [ 36.918971] ? mark_held_locks+0x160/0x160 [ 36.918976] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.918980] ? is_bpf_text_address+0xd7/0x170 [ 36.918989] ? kernel_text_address+0x79/0xf0 [ 36.918993] ? __kernel_text_address+0xd/0x40 [ 36.918997] ? __save_stack_trace+0x8d/0xf0 [ 36.919002] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 36.919006] ? save_trace+0x290/0x290 [ 36.919010] ? save_stack_trace+0x1a/0x20 [ 36.919013] ? save_trace+0xe0/0x290 [ 36.919017] ? graph_lock+0x170/0x170 [ 36.919022] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.919026] lock_acquire+0x1e4/0x4f0 [ 36.919029] ? down_trylock+0x13/0x70 [ 36.919033] ? lock_release+0x9f0/0x9f0 [ 36.919037] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.919041] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.919045] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.919049] ? log_store+0x34f/0x4c0 [ 36.919053] ? vprintk_emit+0x31f/0x910 [ 36.919057] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.919061] ? down_trylock+0x13/0x70 [ 36.919065] down_trylock+0x13/0x70 [ 36.919069] __down_trylock_console_sem+0xae/0x200 [ 36.919073] console_trylock+0x15/0xa0 [ 36.919077] vprintk_emit+0x31f/0x910 [ 36.919081] ? wake_up_klogd+0x110/0x110 [ 36.919085] ? run_rebalance_domains+0x4c0/0x4c0 [ 36.919089] ? kasan_check_read+0x11/0x20 [ 36.919093] ? rcu_is_watching+0x8c/0x150 [ 36.919097] ? rcu_pm_notify+0xc0/0xc0 [ 36.919100] ? lock_acquire+0x1e4/0x4f0 [ 36.919104] ? kasan_report+0x8e/0x110 [ 36.919108] ? __schedule+0xf54/0x1df0 [ 36.919112] vprintk_default+0x28/0x30 [ 36.919115] vprintk_func+0x7a/0x117 [ 36.919119] printk+0xa7/0xcf [ 36.919123] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.919127] ? kasan_check_write+0x14/0x20 [ 36.919131] ? do_raw_spin_lock+0xc1/0x200 [ 36.919135] ? do_raw_spin_lock+0xc1/0x200 [ 36.919139] kasan_report+0x9e/0x110 [ 36.919143] __asan_report_load8_noabort+0x14/0x20 [ 36.919147] __schedule+0xf54/0x1df0 [ 36.919151] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.919155] ? __sched_text_start+0x8/0x8 [ 36.919159] ? __call_srcu+0x7e7/0x1040 [ 36.919163] ? check_same_owner+0x340/0x340 [ 36.919167] ? mark_held_locks+0x160/0x160 [ 36.919171] ? find_held_lock+0x36/0x1c0 [ 36.919175] preempt_schedule_common+0x22/0x60 [ 36.919179] _cond_resched+0x1d/0x30 [ 36.919183] wait_for_completion+0xa5/0x8d0 [ 36.919188] ? wait_for_completion_interruptible+0x950/0x950 [ 36.919192] ? __lockdep_init_map+0x105/0x590 [ 36.919197] ? __init_waitqueue_head+0x9e/0x150 [ 36.919201] ? init_wait_entry+0x1c0/0x1c0 [ 36.919205] __synchronize_srcu+0x189/0x240 [ 36.919208] ? call_srcu+0x10/0x10 [ 36.919212] ? rcu_unexpedite_gp+0x20/0x20 [ 36.919216] synchronize_srcu+0x335/0x56f [ 36.919220] ? lock_downgrade+0x8f0/0x8f0 [ 36.919225] ? synchronize_srcu_expedited+0x20/0x20 [ 36.919228] ? kasan_check_read+0x11/0x20 [ 36.919233] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.919237] ? kasan_check_write+0x14/0x20 [ 36.919241] ? do_raw_spin_lock+0xc1/0x200 [ 36.919245] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.919250] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.919254] ? kvfree+0x61/0x70 [ 36.919258] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.919262] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.919266] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.919270] ? kvm_arch_sync_events+0x30/0x30 [ 36.919275] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.919280] ? mmu_notifier_unregister+0x474/0x600 [ 36.919284] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.919287] ? kfree+0x111/0x210 [ 36.919292] ? __mmu_notifier_register+0x30/0x30 [ 36.919295] ? __free_pages+0x10a/0x190 [ 36.919299] ? free_unref_page+0x930/0x930 [ 36.919303] kvm_put_kvm+0x73f/0x1060 [ 36.919307] ? kvm_write_guest_cached+0x40/0x40 [ 36.919311] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.919323] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.919328] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.919332] ? kasan_check_write+0x14/0x20 [ 36.919336] ? do_raw_spin_lock+0xc1/0x200 [ 36.919340] ? kvm_irqfd_release+0xdd/0x120 [ 36.919344] ? kvm_irqfd_release+0xdd/0x120 [ 36.919348] ? kvm_put_kvm+0x1060/0x1060 [ 36.919351] kvm_vm_release+0x42/0x50 [ 36.919355] __fput+0x38a/0xa40 [ 36.919359] ? __alloc_file+0x400/0x400 [ 36.919363] ? check_same_owner+0x340/0x340 [ 36.919367] ? kasan_check_write+0x14/0x20 [ 36.919371] ? do_raw_spin_lock+0xc1/0x200 [ 36.919374] ____fput+0x15/0x20 [ 36.919378] task_work_run+0x1e8/0x2a0 [ 36.919382] ? task_work_cancel+0x240/0x240 [ 36.919387] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.919391] ? switch_task_namespaces+0xa2/0xd0 [ 36.919395] do_exit+0x1ae4/0x26e0 [ 36.919399] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.919403] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.919407] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.919411] ? kfree+0x1d7/0x210 [ 36.919415] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.919420] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.919424] ? is_bpf_text_address+0xd7/0x170 [ 36.919426] ? [ 36.919434] Lost 55 message(s)! [ 37.991583] Shutting down cpus with NMI [ 39.051811] Dumping ftrace buffer: [ 39.055336] (ftrace buffer empty) [ 39.059025] Kernel Offset: disabled [ 39.062631] Rebooting in 86400 seconds..