[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.469461] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.809914] random: sshd: uninitialized urandom read (32 bytes read) [ 27.999485] random: sshd: uninitialized urandom read (32 bytes read) [ 28.549675] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. [ 34.588549] urandom_read: 1 callbacks suppressed [ 34.588555] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.692679] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.718982] ================================================================== [ 34.728813] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 34.735048] Read of size 8 at addr ffff8801b8c10058 by task syz-executor054/4659 [ 34.742581] [ 34.744212] CPU: 1 PID: 4659 Comm: syz-executor054 Not tainted 4.19.0-rc1+ #218 [ 34.751650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.761725] Call Trace: [ 34.764328] dump_stack+0x1c9/0x2b4 [ 34.767959] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.773152] ? printk+0xa7/0xcf [ 34.776439] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.781201] ? __schedule+0xf54/0x1df0 [ 34.785095] print_address_description+0x6c/0x20b [ 34.789949] ? __schedule+0xf54/0x1df0 [ 34.793843] kasan_report.cold.7+0x242/0x30d [ 34.798258] __asan_report_load8_noabort+0x14/0x20 [ 34.803194] __schedule+0xf54/0x1df0 [ 34.806913] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.812025] ? __sched_text_start+0x8/0x8 [ 34.816175] ? __call_srcu+0x7e7/0x1040 [ 34.820161] ? check_same_owner+0x340/0x340 [ 34.824482] ? mark_held_locks+0x160/0x160 [ 34.828715] ? find_held_lock+0x36/0x1c0 [ 34.832792] preempt_schedule_common+0x22/0x60 [ 34.837397] _cond_resched+0x1d/0x30 [ 34.841126] wait_for_completion+0xa5/0x8d0 [ 34.845468] ? wait_for_completion_interruptible+0x950/0x950 [ 34.851283] ? __lockdep_init_map+0x105/0x590 [ 34.855796] ? __init_waitqueue_head+0x9e/0x150 [ 34.860495] ? init_wait_entry+0x1c0/0x1c0 [ 34.864748] __synchronize_srcu+0x189/0x240 [ 34.869085] ? call_srcu+0x10/0x10 [ 34.872641] ? rcu_unexpedite_gp+0x20/0x20 [ 34.876896] synchronize_srcu+0x335/0x56f [ 34.881055] ? lock_downgrade+0x8f0/0x8f0 [ 34.885207] ? synchronize_srcu_expedited+0x20/0x20 [ 34.890226] ? kasan_check_read+0x11/0x20 [ 34.894381] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.898968] ? kasan_check_write+0x14/0x20 [ 34.903203] ? do_raw_spin_lock+0xc1/0x200 [ 34.907446] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.913170] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.918622] ? kvfree+0x61/0x70 [ 34.921905] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.926924] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.930986] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.935394] ? kvm_arch_sync_events+0x30/0x30 [ 34.939893] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.945433] ? mmu_notifier_unregister+0x474/0x600 [ 34.950360] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.954769] ? kfree+0x111/0x210 [ 34.958138] ? __mmu_notifier_register+0x30/0x30 [ 34.962902] ? __free_pages+0x10a/0x190 [ 34.966880] ? free_unref_page+0x930/0x930 [ 34.971129] kvm_put_kvm+0x73f/0x1060 [ 34.974937] ? kvm_write_guest_cached+0x40/0x40 [ 34.980416] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.984911] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.989409] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.993996] ? kasan_check_write+0x14/0x20 [ 34.998232] ? do_raw_spin_lock+0xc1/0x200 [ 35.002471] ? kvm_irqfd_release+0xdd/0x120 [ 35.006790] ? kvm_irqfd_release+0xdd/0x120 [ 35.011118] ? kvm_put_kvm+0x1060/0x1060 [ 35.015177] kvm_vm_release+0x42/0x50 [ 35.018978] __fput+0x38a/0xa40 [ 35.022257] ? __alloc_file+0x400/0x400 [ 35.026236] ? check_same_owner+0x340/0x340 [ 35.030558] ? kasan_check_write+0x14/0x20 [ 35.034797] ? do_raw_spin_lock+0xc1/0x200 [ 35.039047] ____fput+0x15/0x20 [ 35.042330] task_work_run+0x1e8/0x2a0 [ 35.046217] ? task_work_cancel+0x240/0x240 [ 35.050544] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.056094] ? switch_task_namespaces+0xa2/0xd0 [ 35.060774] do_exit+0x1ae4/0x26e0 [ 35.064331] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.069009] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.073248] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.078280] ? kfree+0x1d7/0x210 [ 35.081657] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.085899] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.091618] ? is_bpf_text_address+0xd7/0x170 [ 35.096142] ? kernel_text_address+0x79/0xf0 [ 35.100554] ? __kernel_text_address+0xd/0x40 [ 35.105060] ? unwind_get_return_address+0x61/0xa0 [ 35.109999] ? __save_stack_trace+0x8d/0xf0 [ 35.114336] ? save_stack+0xa9/0xd0 [ 35.117975] ? save_stack+0x43/0xd0 [ 35.121609] ? __kasan_slab_free+0x11a/0x170 [ 35.126017] ? kasan_slab_free+0xe/0x10 [ 35.129992] ? putname+0xf2/0x130 [ 35.133450] ? __x64_sys_openat+0x9d/0x100 [ 35.137688] ? do_syscall_64+0x1b9/0x820 [ 35.141767] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.147134] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.151544] ? kasan_check_read+0x11/0x20 [ 35.155698] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.160109] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.164522] ? initcall_blacklisted+0x9a/0x1e0 [ 35.169109] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.174218] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.179932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.185479] ? do_vfs_ioctl+0x201/0x1720 [ 35.189545] ? rcu_is_watching+0x8c/0x150 [ 35.193705] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.198033] ? ioctl_preallocate+0x300/0x300 [ 35.202447] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.207989] ? __fget_light+0x2f7/0x440 [ 35.211966] ? fget_raw+0x20/0x20 [ 35.215421] ? putname+0xf2/0x130 [ 35.218881] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.223900] ? kmem_cache_free+0x246/0x280 [ 35.228139] ? putname+0xf7/0x130 [ 35.231599] do_group_exit+0x177/0x440 [ 35.235488] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.239822] ? __ia32_sys_exit+0x50/0x50 [ 35.243883] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.248993] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.254534] ? ksys_ioctl+0x81/0xd0 [ 35.258166] __x64_sys_exit_group+0x3e/0x50 [ 35.262493] do_syscall_64+0x1b9/0x820 [ 35.266381] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.271750] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.276682] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.281524] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.286549] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.291579] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.296643] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.301495] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.306693] RIP: 0033:0x43ecc8 [ 35.309895] Code: Bad RIP value. [ 35.313256] RSP: 002b:00007ffdd7ab0a28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.320979] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 35.328256] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.335536] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.342827] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.350093] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.357364] [ 35.358986] Allocated by task 4659: [ 35.362614] save_stack+0x43/0xd0 [ 35.366068] kasan_kmalloc+0xc4/0xe0 [ 35.369781] kasan_slab_alloc+0x12/0x20 [ 35.373760] kmem_cache_alloc+0x12e/0x710 [ 35.377910] vmx_create_vcpu+0xcf/0x2830 [ 35.381973] kvm_arch_vcpu_create+0xe5/0x220 [ 35.386380] kvm_vm_ioctl+0x488/0x1d80 [ 35.390269] do_vfs_ioctl+0x1de/0x1720 [ 35.394163] ksys_ioctl+0xa9/0xd0 [ 35.397611] __x64_sys_ioctl+0x73/0xb0 [ 35.401502] do_syscall_64+0x1b9/0x820 [ 35.405392] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.410577] [ 35.412199] Freed by task 4659: [ 35.415480] save_stack+0x43/0xd0 [ 35.418931] __kasan_slab_free+0x11a/0x170 [ 35.423164] kasan_slab_free+0xe/0x10 [ 35.426959] kmem_cache_free+0x86/0x280 [ 35.430930] vmx_free_vcpu+0x26b/0x300 [ 35.434820] kvm_arch_destroy_vm+0x365/0x7c0 [ 35.439227] kvm_put_kvm+0x73f/0x1060 [ 35.443024] kvm_vm_release+0x42/0x50 [ 35.446827] __fput+0x38a/0xa40 [ 35.450100] ____fput+0x15/0x20 [ 35.453373] task_work_run+0x1e8/0x2a0 [ 35.457254] do_exit+0x1ae4/0x26e0 [ 35.460787] do_group_exit+0x177/0x440 [ 35.464674] __x64_sys_exit_group+0x3e/0x50 [ 35.468992] do_syscall_64+0x1b9/0x820 [ 35.472876] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.478053] [ 35.479679] The buggy address belongs to the object at ffff8801b8c10040 [ 35.479679] which belongs to the cache kvm_vcpu of size 23872 [ 35.492245] The buggy address is located 24 bytes inside of [ 35.492245] 23872-byte region [ffff8801b8c10040, ffff8801b8c15d80) [ 35.504197] The buggy address belongs to the page: [ 35.509120] page:ffffea0006e30400 count:1 mapcount:0 mapping:ffff8801d5311d80 index:0x0 compound_mapcount: 0 [ 35.519085] flags: 0x2fffc0000008100(slab|head) [ 35.523759] raw: 02fffc0000008100 ffff8801d5312f48 ffff8801d5312f48 ffff8801d5311d80 [ 35.531638] raw: 0000000000000000 ffff8801b8c10040 0000000100000001 0000000000000000 [ 35.539506] page dumped because: kasan: bad access detected [ 35.545204] [ 35.546828] Memory state around the buggy address: [ 35.551753] ffff8801b8c0ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.559106] ffff8801b8c0ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.566459] >ffff8801b8c10000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 35.573816] ^ [ 35.580041] ffff8801b8c10080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.587393] ffff8801b8c10100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.594742] ================================================================== [ 35.602093] Kernel panic - not syncing: panic_on_warn set ... [ 35.602093] [ 35.609460] CPU: 1 PID: 4659 Comm: syz-executor054 Tainted: G B 4.19.0-rc1+ #218 [ 35.618285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.627627] Call Trace: [ 35.630224] dump_stack+0x1c9/0x2b4 [ 35.633862] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.639052] ? lock_downgrade+0x8f0/0x8f0 [ 35.643200] ? __schedule+0xf54/0x1df0 [ 35.647090] panic+0x238/0x4e7 [ 35.650284] ? add_taint.cold.5+0x16/0x16 [ 35.654443] ? print_shadow_for_address+0xba/0x116 [ 35.659371] ? trace_hardirqs_off+0xaf/0x2b0 [ 35.663772] ? trace_hardirqs_off+0x77/0x2b0 [ 35.668177] ? __schedule+0xf54/0x1df0 [ 35.672063] kasan_end_report+0x47/0x4f [ 35.676038] kasan_report.cold.7+0x76/0x30d [ 35.680361] __asan_report_load8_noabort+0x14/0x20 [ 35.685289] __schedule+0xf54/0x1df0 [ 35.688998] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.694103] ? __sched_text_start+0x8/0x8 [ 35.698256] ? __call_srcu+0x7e7/0x1040 [ 35.702239] ? check_same_owner+0x340/0x340 [ 35.706558] ? mark_held_locks+0x160/0x160 [ 35.710795] ? find_held_lock+0x36/0x1c0 [ 35.714874] preempt_schedule_common+0x22/0x60 [ 35.719454] _cond_resched+0x1d/0x30 [ 35.723169] wait_for_completion+0xa5/0x8d0 [ 35.727493] ? wait_for_completion_interruptible+0x950/0x950 [ 35.733289] ? __lockdep_init_map+0x105/0x590 [ 35.737786] ? __init_waitqueue_head+0x9e/0x150 [ 35.742455] ? init_wait_entry+0x1c0/0x1c0 [ 35.746694] __synchronize_srcu+0x189/0x240 [ 35.751015] ? call_srcu+0x10/0x10 [ 35.755095] ? rcu_unexpedite_gp+0x20/0x20 [ 35.759339] synchronize_srcu+0x335/0x56f [ 35.763510] ? lock_downgrade+0x8f0/0x8f0 [ 35.767656] ? synchronize_srcu_expedited+0x20/0x20 [ 35.772675] ? kasan_check_read+0x11/0x20 [ 35.776830] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.781408] ? kasan_check_write+0x14/0x20 [ 35.785642] ? do_raw_spin_lock+0xc1/0x200 [ 35.789881] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.795602] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.801051] ? kvfree+0x61/0x70 [ 35.804330] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.809431] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.813488] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.817895] ? kvm_arch_sync_events+0x30/0x30 [ 35.822395] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.827933] ? mmu_notifier_unregister+0x474/0x600 [ 35.832865] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.837269] ? kfree+0x111/0x210 [ 35.840639] ? __mmu_notifier_register+0x30/0x30 [ 35.845396] ? __free_pages+0x10a/0x190 [ 35.849367] ? free_unref_page+0x930/0x930 [ 35.853619] kvm_put_kvm+0x73f/0x1060 [ 35.857424] ? kvm_write_guest_cached+0x40/0x40 [ 35.862099] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.866600] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.871112] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.875704] ? kasan_check_write+0x14/0x20 [ 35.879939] ? do_raw_spin_lock+0xc1/0x200 [ 35.884175] ? kvm_irqfd_release+0xdd/0x120 [ 35.888501] ? kvm_irqfd_release+0xdd/0x120 [ 35.892827] ? kvm_put_kvm+0x1060/0x1060 [ 35.896891] kvm_vm_release+0x42/0x50 [ 35.900689] __fput+0x38a/0xa40 [ 35.903967] ? __alloc_file+0x400/0x400 [ 35.907946] ? check_same_owner+0x340/0x340 [ 35.912265] ? kasan_check_write+0x14/0x20 [ 35.916498] ? do_raw_spin_lock+0xc1/0x200 [ 35.920734] ____fput+0x15/0x20 [ 35.924012] task_work_run+0x1e8/0x2a0 [ 35.927900] ? task_work_cancel+0x240/0x240 [ 35.932223] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.937761] ? switch_task_namespaces+0xa2/0xd0 [ 35.942435] do_exit+0x1ae4/0x26e0 [ 35.945977] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.950651] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.954885] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.959903] ? kfree+0x1d7/0x210 [ 35.963268] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.967507] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.973221] ? is_bpf_text_address+0xd7/0x170 [ 35.977712] ? kernel_text_address+0x79/0xf0 [ 35.982119] ? __kernel_text_address+0xd/0x40 [ 35.986616] ? unwind_get_return_address+0x61/0xa0 [ 35.991551] ? __save_stack_trace+0x8d/0xf0 [ 35.995882] ? save_stack+0xa9/0xd0 [ 35.999508] ? save_stack+0x43/0xd0 [ 36.003133] ? __kasan_slab_free+0x11a/0x170 [ 36.007539] ? kasan_slab_free+0xe/0x10 [ 36.011512] ? putname+0xf2/0x130 [ 36.014967] ? __x64_sys_openat+0x9d/0x100 [ 36.019200] ? do_syscall_64+0x1b9/0x820 [ 36.023258] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.028625] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.033031] ? kasan_check_read+0x11/0x20 [ 36.037181] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.041590] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.046005] ? initcall_blacklisted+0x9a/0x1e0 [ 36.050596] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.055700] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.061416] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.066955] ? do_vfs_ioctl+0x201/0x1720 [ 36.071017] ? rcu_is_watching+0x8c/0x150 [ 36.075163] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.079488] ? ioctl_preallocate+0x300/0x300 [ 36.083895] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.089432] ? __fget_light+0x2f7/0x440 [ 36.093403] ? fget_raw+0x20/0x20 [ 36.096856] ? putname+0xf2/0x130 [ 36.100313] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.105329] ? kmem_cache_free+0x246/0x280 [ 36.109852] ? putname+0xf7/0x130 [ 36.113310] do_group_exit+0x177/0x440 [ 36.117199] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.121517] ? __ia32_sys_exit+0x50/0x50 [ 36.125578] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.130683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.136218] ? ksys_ioctl+0x81/0xd0 [ 36.139845] __x64_sys_exit_group+0x3e/0x50 [ 36.144193] do_syscall_64+0x1b9/0x820 [ 36.148082] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.153545] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.158474] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.163314] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.168330] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.173344] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.178362] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.183207] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.188391] RIP: 0033:0x43ecc8 [ 36.191597] Code: Bad RIP value. [ 36.194959] RSP: 002b:00007ffdd7ab0a28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.202664] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 36.209927] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.217194] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.224460] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.231724] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.239000] [ 36.239006] ====================================================== [ 36.239011] WARNING: possible circular locking dependency detected [ 36.239015] 4.19.0-rc1+ #218 Not tainted [ 36.239021] ------------------------------------------------------ [ 36.239026] syz-executor054/4659 is trying to acquire lock: [ 36.239029] 0000000083789160 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 36.239045] [ 36.239049] but task is already holding lock: [ 36.239052] 00000000d7d31b2d (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.239066] [ 36.239071] which lock already depends on the new lock. [ 36.239073] [ 36.239075] [ 36.239080] the existing dependency chain (in reverse order) is: [ 36.239083] [ 36.239085] -> #3 (report_lock){....}: [ 36.239100] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.239104] kasan_report+0x8e/0x110 [ 36.239108] __asan_report_load8_noabort+0x14/0x20 [ 36.239112] __schedule+0xf54/0x1df0 [ 36.239117] preempt_schedule_common+0x22/0x60 [ 36.239120] _cond_resched+0x1d/0x30 [ 36.239125] wait_for_completion+0xa5/0x8d0 [ 36.239129] __synchronize_srcu+0x189/0x240 [ 36.239133] synchronize_srcu+0x335/0x56f [ 36.239138] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.239142] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.239147] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.239151] kvm_put_kvm+0x73f/0x1060 [ 36.239155] kvm_vm_release+0x42/0x50 [ 36.239158] __fput+0x38a/0xa40 [ 36.239162] ____fput+0x15/0x20 [ 36.239166] task_work_run+0x1e8/0x2a0 [ 36.239170] do_exit+0x1ae4/0x26e0 [ 36.239174] do_group_exit+0x177/0x440 [ 36.239178] __x64_sys_exit_group+0x3e/0x50 [ 36.239182] do_syscall_64+0x1b9/0x820 [ 36.239187] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.239189] [ 36.239191] -> #2 (&rq->lock){-.-.}: [ 36.239205] _raw_spin_lock+0x2a/0x40 [ 36.239209] task_fork_fair+0x93/0x680 [ 36.239213] sched_fork+0x44b/0xbd0 [ 36.239217] copy_process+0x235e/0x7ad0 [ 36.239221] _do_fork+0x1ca/0x1170 [ 36.239225] kernel_thread+0x34/0x40 [ 36.239228] rest_init+0x22/0xe4 [ 36.239232] start_kernel+0x913/0x94e [ 36.239237] x86_64_start_reservations+0x29/0x2b [ 36.239241] x86_64_start_kernel+0x76/0x79 [ 36.239245] secondary_startup_64+0xa4/0xb0 [ 36.239247] [ 36.239249] -> #1 (&p->pi_lock){-.-.}: [ 36.239264] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.239268] try_to_wake_up+0xd2/0x1250 [ 36.239272] wake_up_process+0x10/0x20 [ 36.239276] __up.isra.1+0x1c0/0x2a0 [ 36.239279] up+0x13c/0x1c0 [ 36.239283] __up_console_sem+0xbe/0x1b0 [ 36.239287] console_unlock+0x506/0x10d0 [ 36.239291] vprintk_emit+0x33a/0x910 [ 36.239295] vprintk_default+0x28/0x30 [ 36.239299] vprintk_func+0x7a/0x117 [ 36.239302] printk+0xa7/0xcf [ 36.239306] load_umh+0x51/0xbd [ 36.239310] do_one_initcall+0x127/0x838 [ 36.239314] kernel_init_freeable+0x4bb/0x5ae [ 36.239318] kernel_init+0x11/0x1b3 [ 36.239322] ret_from_fork+0x3a/0x50 [ 36.239324] [ 36.239326] -> #0 ((console_sem).lock){-...}: [ 36.239341] lock_acquire+0x1e4/0x4f0 [ 36.239345] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.239349] down_trylock+0x13/0x70 [ 36.239354] __down_trylock_console_sem+0xae/0x200 [ 36.239357] console_trylock+0x15/0xa0 [ 36.239361] vprintk_emit+0x31f/0x910 [ 36.239365] vprintk_default+0x28/0x30 [ 36.239369] vprintk_func+0x7a/0x117 [ 36.239373] printk+0xa7/0xcf [ 36.239376] kasan_report+0x9e/0x110 [ 36.239381] __asan_report_load8_noabort+0x14/0x20 [ 36.239385] __schedule+0xf54/0x1df0 [ 36.239389] preempt_schedule_common+0x22/0x60 [ 36.239393] _cond_resched+0x1d/0x30 [ 36.239397] wait_for_completion+0xa5/0x8d0 [ 36.239401] __synchronize_srcu+0x189/0x240 [ 36.239406] synchronize_srcu+0x335/0x56f [ 36.239411] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.239415] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.239420] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.239424] kvm_put_kvm+0x73f/0x1060 [ 36.239428] kvm_vm_release+0x42/0x50 [ 36.239432] __fput+0x38a/0xa40 [ 36.239435] ____fput+0x15/0x20 [ 36.239439] task_work_run+0x1e8/0x2a0 [ 36.239443] do_exit+0x1ae4/0x26e0 [ 36.239447] do_group_exit+0x177/0x440 [ 36.239451] __x64_sys_exit_group+0x3e/0x50 [ 36.239455] do_syscall_64+0x1b9/0x820 [ 36.239460] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.239462] [ 36.239466] other info that might help us debug this: [ 36.239469] [ 36.239472] Chain exists of: [ 36.239474] (console_sem).lock --> &rq->lock --> report_lock [ 36.239492] [ 36.239496] Possible unsafe locking scenario: [ 36.239499] [ 36.239503] CPU0 CPU1 [ 36.239507] ---- ---- [ 36.239509] lock(report_lock); [ 36.239519] lock(&rq->lock); [ 36.239528] lock(report_lock); [ 36.239536] lock((console_sem).lock); [ 36.239544] [ 36.239547] *** DEADLOCK *** [ 36.239550] [ 36.239554] 2 locks held by syz-executor054/4659: [ 36.239556] #0: 0000000043aaccb2 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 36.239580] #1: 00000000d7d31b2d (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.239597] [ 36.239600] stack backtrace: [ 36.239606] CPU: 1 PID: 4659 Comm: syz-executor054 Not tainted 4.19.0-rc1+ #218 [ 36.239613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.239617] Call Trace: [ 36.239620] dump_stack+0x1c9/0x2b4 [ 36.239625] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.239629] ? vprintk_func+0x100/0x117 [ 36.239634] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 36.239638] ? save_trace+0xe0/0x290 [ 36.239642] __lock_acquire+0x3449/0x5020 [ 36.239646] ? mark_held_locks+0x160/0x160 [ 36.239650] ? mark_held_locks+0x160/0x160 [ 36.239655] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.239659] ? is_bpf_text_address+0xd7/0x170 [ 36.239663] ? kernel_text_address+0x79/0xf0 [ 36.239667] ? __kernel_text_address+0xd/0x40 [ 36.239671] ? __save_stack_trace+0x8d/0xf0 [ 36.239676] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 36.239680] ? save_trace+0x290/0x290 [ 36.239684] ? save_stack_trace+0x1a/0x20 [ 36.239687] ? save_trace+0xe0/0x290 [ 36.239691] ? graph_lock+0x170/0x170 [ 36.239696] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.239700] lock_acquire+0x1e4/0x4f0 [ 36.239704] ? down_trylock+0x13/0x70 [ 36.239708] ? lock_release+0x9f0/0x9f0 [ 36.239712] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.239716] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.239720] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.239724] ? log_store+0x34f/0x4c0 [ 36.239728] ? vprintk_emit+0x31f/0x910 [ 36.239732] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.239736] ? down_trylock+0x13/0x70 [ 36.239740] down_trylock+0x13/0x70 [ 36.239744] __down_trylock_console_sem+0xae/0x200 [ 36.239748] console_trylock+0x15/0xa0 [ 36.239752] vprintk_emit+0x31f/0x910 [ 36.239756] ? wake_up_klogd+0x110/0x110 [ 36.239760] ? run_rebalance_domains+0x4c0/0x4c0 [ 36.239764] ? kasan_check_read+0x11/0x20 [ 36.239768] ? rcu_is_watching+0x8c/0x150 [ 36.239772] ? rcu_pm_notify+0xc0/0xc0 [ 36.239776] ? lock_acquire+0x1e4/0x4f0 [ 36.239780] ? kasan_report+0x8e/0x110 [ 36.239784] ? __schedule+0xf54/0x1df0 [ 36.239788] vprintk_default+0x28/0x30 [ 36.239791] vprintk_func+0x7a/0x117 [ 36.239795] printk+0xa7/0xcf [ 36.239799] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.239803] ? kasan_check_write+0x14/0x20 [ 36.239815] ? do_raw_spin_lock+0xc1/0x200 [ 36.239819] ? do_raw_spin_lock+0xc1/0x200 [ 36.239823] kasan_report+0x9e/0x110 [ 36.239827] __asan_report_load8_noabort+0x14/0x20 [ 36.239831] __schedule+0xf54/0x1df0 [ 36.239836] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.239840] ? __sched_text_start+0x8/0x8 [ 36.239844] ? __call_srcu+0x7e7/0x1040 [ 36.239848] ? check_same_owner+0x340/0x340 [ 36.239852] ? mark_held_locks+0x160/0x160 [ 36.239856] ? find_held_lock+0x36/0x1c0 [ 36.239860] preempt_schedule_common+0x22/0x60 [ 36.239864] _cond_resched+0x1d/0x30 [ 36.239868] wait_for_completion+0xa5/0x8d0 [ 36.239873] ? wait_for_completion_interruptible+0x950/0x950 [ 36.239877] ? __lockdep_init_map+0x105/0x590 [ 36.239882] ? __init_waitqueue_head+0x9e/0x150 [ 36.239886] ? init_wait_entry+0x1c0/0x1c0 [ 36.239890] __synchronize_srcu+0x189/0x240 [ 36.239893] ? call_srcu+0x10/0x10 [ 36.239898] ? rcu_unexpedite_gp+0x20/0x20 [ 36.239902] synchronize_srcu+0x335/0x56f [ 36.239906] ? lock_downgrade+0x8f0/0x8f0 [ 36.239910] ? synchronize_srcu_expedited+0x20/0x20 [ 36.239915] ? kasan_check_read+0x11/0x20 [ 36.239919] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.239923] ? kasan_check_write+0x14/0x20 [ 36.239927] ? do_raw_spin_lock+0xc1/0x200 [ 36.239932] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.239937] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.239941] ? kvfree+0x61/0x70 [ 36.239945] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.239949] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.239954] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.239958] ? kvm_arch_sync_events+0x30/0x30 [ 36.239963] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.239967] ? mmu_notifier_unregister+0x474/0x600 [ 36.239971] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.239975] ? kfree+0x111/0x210 [ 36.239979] ? __mmu_notifier_register+0x30/0x30 [ 36.239983] ? __free_pages+0x10a/0x190 [ 36.239987] ? free_unref_page+0x930/0x930 [ 36.239991] kvm_put_kvm+0x73f/0x1060 [ 36.239995] ? kvm_write_guest_cached+0x40/0x40 [ 36.240000] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.240004] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.240008] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.240012] ? kasan_check_write+0x14/0x20 [ 36.240016] ? do_raw_spin_lock+0xc1/0x200 [ 36.240020] ? kvm_irqfd_release+0xdd/0x120 [ 36.240025] ? kvm_irqfd_release+0xdd/0x120 [ 36.240029] ? kvm_put_kvm+0x1060/0x1060 [ 36.240032] kvm_vm_release+0x42/0x50 [ 36.240036] __fput+0x38a/0xa40 [ 36.240040] ? __alloc_file+0x400/0x400 [ 36.240044] ? check_same_owner+0x340/0x340 [ 36.240048] ? kasan_check_write+0x14/0x20 [ 36.240052] ? do_raw_spin_lock+0xc1/0x200 [ 36.240055] ____fput+0x15/0x20 [ 36.240059] task_work_run+0x1e8/0x2a0 [ 36.240063] ? task_work_cancel+0x240/0x240 [ 36.240068] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.240072] ? switch_task_namespaces+0xa2/0xd0 [ 36.240077] do_exit+0x1ae4/0x26e0 [ 36.240082] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.240086] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.240090] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.240094] ? kfree+0x1d7/0x210 [ 36.240098] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.240103] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.240107] ? is_bpf_text_address+0xd7/0x170 [ 36.240109] ? [ 36.240117] Lost 55 message(s)! [ 37.301842] Shutting down cpus with NMI [ 38.360858] Dumping ftrace buffer: [ 38.364401] (ftrace buffer empty) [ 38.368089] Kernel Offset: disabled [ 38.371696] Rebooting in 86400 seconds..