[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.981912] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.078474] random: sshd: uninitialized urandom read (32 bytes read) [ 27.406610] random: sshd: uninitialized urandom read (32 bytes read) [ 27.978544] random: sshd: uninitialized urandom read (32 bytes read) [ 28.165410] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. [ 33.805695] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.906486] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.931547] ================================================================== [ 33.941415] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.947648] Read of size 8 at addr ffff8801cb418058 by task syz-executor354/4657 [ 33.955189] [ 33.956838] CPU: 0 PID: 4657 Comm: syz-executor354 Not tainted 4.19.0-rc1+ #217 [ 33.964278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.973632] Call Trace: [ 33.976241] dump_stack+0x1c9/0x2b4 [ 33.979871] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.985090] ? printk+0xa7/0xcf [ 33.988380] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.993140] ? __schedule+0xf54/0x1df0 [ 33.997076] print_address_description+0x6c/0x20b [ 34.001927] ? __schedule+0xf54/0x1df0 [ 34.005819] kasan_report.cold.7+0x242/0x30d [ 34.010229] __asan_report_load8_noabort+0x14/0x20 [ 34.015172] __schedule+0xf54/0x1df0 [ 34.018884] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.023987] ? __sched_text_start+0x8/0x8 [ 34.028135] ? __call_srcu+0x7e7/0x1040 [ 34.032119] ? check_same_owner+0x340/0x340 [ 34.036441] ? mark_held_locks+0x160/0x160 [ 34.040685] ? find_held_lock+0x36/0x1c0 [ 34.044757] preempt_schedule_common+0x22/0x60 [ 34.049349] _cond_resched+0x1d/0x30 [ 34.053063] wait_for_completion+0xa5/0x8d0 [ 34.057386] ? wait_for_completion_interruptible+0x950/0x950 [ 34.063188] ? __lockdep_init_map+0x105/0x590 [ 34.067694] ? __init_waitqueue_head+0x9e/0x150 [ 34.072366] ? init_wait_entry+0x1c0/0x1c0 [ 34.076609] __synchronize_srcu+0x189/0x240 [ 34.080931] ? call_srcu+0x10/0x10 [ 34.084491] ? rcu_unexpedite_gp+0x20/0x20 [ 34.088742] synchronize_srcu+0x335/0x56f [ 34.092883] ? lock_downgrade+0x8f0/0x8f0 [ 34.097024] ? synchronize_srcu_expedited+0x20/0x20 [ 34.102142] ? kasan_check_read+0x11/0x20 [ 34.106285] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.110863] ? kasan_check_write+0x14/0x20 [ 34.115341] ? do_raw_spin_lock+0xc1/0x200 [ 34.119589] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.125320] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.130783] ? kvfree+0x61/0x70 [ 34.134180] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.139197] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.143259] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.147672] ? kvm_arch_sync_events+0x30/0x30 [ 34.152234] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.157771] ? mmu_notifier_unregister+0x474/0x600 [ 34.162699] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.167114] ? kfree+0x111/0x210 [ 34.170476] ? __mmu_notifier_register+0x30/0x30 [ 34.175239] ? __free_pages+0x10a/0x190 [ 34.179316] ? free_unref_page+0x930/0x930 [ 34.183555] kvm_put_kvm+0x73f/0x1060 [ 34.187360] ? kvm_write_guest_cached+0x40/0x40 [ 34.192142] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.196759] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.201374] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.205970] ? kasan_check_write+0x14/0x20 [ 34.210209] ? do_raw_spin_lock+0xc1/0x200 [ 34.214442] ? kvm_irqfd_release+0xdd/0x120 [ 34.218763] ? kvm_irqfd_release+0xdd/0x120 [ 34.223083] ? kvm_put_kvm+0x1060/0x1060 [ 34.227265] kvm_vm_release+0x42/0x50 [ 34.231077] __fput+0x38a/0xa40 [ 34.234363] ? __alloc_file+0x400/0x400 [ 34.238343] ? check_same_owner+0x340/0x340 [ 34.242703] ? kasan_check_write+0x14/0x20 [ 34.246937] ? do_raw_spin_lock+0xc1/0x200 [ 34.251178] ____fput+0x15/0x20 [ 34.254479] task_work_run+0x1e8/0x2a0 [ 34.258411] ? task_work_cancel+0x240/0x240 [ 34.262778] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.268402] ? switch_task_namespaces+0xa2/0xd0 [ 34.273137] do_exit+0x1ae4/0x26e0 [ 34.276717] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.281416] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.285676] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.291199] ? kfree+0x1d7/0x210 [ 34.294595] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.298863] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.304611] ? is_bpf_text_address+0xd7/0x170 [ 34.309131] ? kernel_text_address+0x79/0xf0 [ 34.313567] ? __kernel_text_address+0xd/0x40 [ 34.318092] ? unwind_get_return_address+0x61/0xa0 [ 34.323044] ? __save_stack_trace+0x8d/0xf0 [ 34.327405] ? save_stack+0xa9/0xd0 [ 34.331052] ? save_stack+0x43/0xd0 [ 34.334692] ? __kasan_slab_free+0x11a/0x170 [ 34.339098] ? kasan_slab_free+0xe/0x10 [ 34.343068] ? putname+0xf2/0x130 [ 34.346531] ? __x64_sys_openat+0x9d/0x100 [ 34.350773] ? do_syscall_64+0x1b9/0x820 [ 34.354853] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.360217] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.364913] ? kasan_check_read+0x11/0x20 [ 34.369078] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.373488] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.377903] ? initcall_blacklisted+0x9a/0x1e0 [ 34.382489] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.387598] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.393316] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.398856] ? do_vfs_ioctl+0x201/0x1720 [ 34.402938] ? rcu_is_watching+0x8c/0x150 [ 34.407093] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.411426] ? ioctl_preallocate+0x300/0x300 [ 34.415854] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.421409] ? __fget_light+0x2f7/0x440 [ 34.425403] ? fget_raw+0x20/0x20 [ 34.428854] ? putname+0xf2/0x130 [ 34.432334] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.437369] ? kmem_cache_free+0x246/0x280 [ 34.441604] ? putname+0xf7/0x130 [ 34.445068] do_group_exit+0x177/0x440 [ 34.448959] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.453286] ? __ia32_sys_exit+0x50/0x50 [ 34.457362] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.462489] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.468029] ? ksys_ioctl+0x81/0xd0 [ 34.471675] __x64_sys_exit_group+0x3e/0x50 [ 34.476016] do_syscall_64+0x1b9/0x820 [ 34.479903] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.485271] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.490211] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.495255] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.500280] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.505310] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.510337] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.515183] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.520382] RIP: 0033:0x43ef08 [ 34.523580] Code: Bad RIP value. [ 34.526949] RSP: 002b:00007ffd2c65b2b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.534667] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 34.541943] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.549232] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.556509] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.563797] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.571073] [ 34.572702] Allocated by task 4657: [ 34.576335] save_stack+0x43/0xd0 [ 34.579786] kasan_kmalloc+0xc4/0xe0 [ 34.583523] kasan_slab_alloc+0x12/0x20 [ 34.587532] kmem_cache_alloc+0x12e/0x710 [ 34.591695] vmx_create_vcpu+0xcf/0x2830 [ 34.595752] kvm_arch_vcpu_create+0xe5/0x220 [ 34.600160] kvm_vm_ioctl+0x488/0x1d80 [ 34.604048] do_vfs_ioctl+0x1de/0x1720 [ 34.607934] ksys_ioctl+0xa9/0xd0 [ 34.611388] __x64_sys_ioctl+0x73/0xb0 [ 34.615287] do_syscall_64+0x1b9/0x820 [ 34.619175] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.624361] [ 34.625999] Freed by task 4657: [ 34.629292] save_stack+0x43/0xd0 [ 34.632777] __kasan_slab_free+0x11a/0x170 [ 34.637037] kasan_slab_free+0xe/0x10 [ 34.640860] kmem_cache_free+0x86/0x280 [ 34.644838] vmx_free_vcpu+0x26b/0x300 [ 34.648724] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.653136] kvm_put_kvm+0x73f/0x1060 [ 34.656945] kvm_vm_release+0x42/0x50 [ 34.660773] __fput+0x38a/0xa40 [ 34.664045] ____fput+0x15/0x20 [ 34.667334] task_work_run+0x1e8/0x2a0 [ 34.671228] do_exit+0x1ae4/0x26e0 [ 34.674762] do_group_exit+0x177/0x440 [ 34.678640] __x64_sys_exit_group+0x3e/0x50 [ 34.682974] do_syscall_64+0x1b9/0x820 [ 34.686859] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.692033] [ 34.693671] The buggy address belongs to the object at ffff8801cb418040 [ 34.693671] which belongs to the cache kvm_vcpu of size 23872 [ 34.706256] The buggy address is located 24 bytes inside of [ 34.706256] 23872-byte region [ffff8801cb418040, ffff8801cb41dd80) [ 34.718212] The buggy address belongs to the page: [ 34.723142] page:ffffea00072d0600 count:1 mapcount:0 mapping:ffff8801d52d59c0 index:0x0 compound_mapcount: 0 [ 34.733109] flags: 0x2fffc0000008100(slab|head) [ 34.737777] raw: 02fffc0000008100 ffff8801d52e4f48 ffff8801d52e4f48 ffff8801d52d59c0 [ 34.745677] raw: 0000000000000000 ffff8801cb418040 0000000100000001 0000000000000000 [ 34.753552] page dumped because: kasan: bad access detected [ 34.759258] [ 34.760875] Memory state around the buggy address: [ 34.765817] ffff8801cb417f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.773200] ffff8801cb417f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.780572] >ffff8801cb418000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.787928] ^ [ 34.794163] ffff8801cb418080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.801525] ffff8801cb418100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.808882] ================================================================== [ 34.816277] Kernel panic - not syncing: panic_on_warn set ... [ 34.816277] [ 34.823641] CPU: 0 PID: 4657 Comm: syz-executor354 Tainted: G B 4.19.0-rc1+ #217 [ 34.832488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.841834] Call Trace: [ 34.844448] dump_stack+0x1c9/0x2b4 [ 34.848078] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.853268] ? lock_downgrade+0x8f0/0x8f0 [ 34.857416] ? __schedule+0xf54/0x1df0 [ 34.861301] panic+0x238/0x4e7 [ 34.864488] ? add_taint.cold.5+0x16/0x16 [ 34.868676] ? print_shadow_for_address+0xba/0x116 [ 34.873603] ? trace_hardirqs_off+0xaf/0x2b0 [ 34.878005] ? trace_hardirqs_off+0x77/0x2b0 [ 34.882413] ? __schedule+0xf54/0x1df0 [ 34.886315] kasan_end_report+0x47/0x4f [ 34.890295] kasan_report.cold.7+0x76/0x30d [ 34.894619] __asan_report_load8_noabort+0x14/0x20 [ 34.899552] __schedule+0xf54/0x1df0 [ 34.903277] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.908413] ? __sched_text_start+0x8/0x8 [ 34.912567] ? __call_srcu+0x7e7/0x1040 [ 34.916549] ? check_same_owner+0x340/0x340 [ 34.920880] ? mark_held_locks+0x160/0x160 [ 34.925114] ? find_held_lock+0x36/0x1c0 [ 34.929178] preempt_schedule_common+0x22/0x60 [ 34.933765] _cond_resched+0x1d/0x30 [ 34.937482] wait_for_completion+0xa5/0x8d0 [ 34.941828] ? wait_for_completion_interruptible+0x950/0x950 [ 34.947669] ? __lockdep_init_map+0x105/0x590 [ 34.952194] ? __init_waitqueue_head+0x9e/0x150 [ 34.956886] ? init_wait_entry+0x1c0/0x1c0 [ 34.961144] __synchronize_srcu+0x189/0x240 [ 34.965489] ? call_srcu+0x10/0x10 [ 34.969038] ? rcu_unexpedite_gp+0x20/0x20 [ 34.973290] synchronize_srcu+0x335/0x56f [ 34.977439] ? lock_downgrade+0x8f0/0x8f0 [ 34.981589] ? synchronize_srcu_expedited+0x20/0x20 [ 34.986607] ? kasan_check_read+0x11/0x20 [ 34.990778] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.995365] ? kasan_check_write+0x14/0x20 [ 34.999638] ? do_raw_spin_lock+0xc1/0x200 [ 35.003903] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.009634] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.015105] ? kvfree+0x61/0x70 [ 35.018400] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.023432] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.027511] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.031968] ? kvm_arch_sync_events+0x30/0x30 [ 35.036477] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.042030] ? mmu_notifier_unregister+0x474/0x600 [ 35.046966] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.051390] ? kfree+0x111/0x210 [ 35.054775] ? __mmu_notifier_register+0x30/0x30 [ 35.059539] ? __free_pages+0x10a/0x190 [ 35.063520] ? free_unref_page+0x930/0x930 [ 35.067771] kvm_put_kvm+0x73f/0x1060 [ 35.071612] ? kvm_write_guest_cached+0x40/0x40 [ 35.076290] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.080808] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.085440] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.090041] ? kasan_check_write+0x14/0x20 [ 35.094347] ? do_raw_spin_lock+0xc1/0x200 [ 35.098594] ? kvm_irqfd_release+0xdd/0x120 [ 35.102912] ? kvm_irqfd_release+0xdd/0x120 [ 35.107286] ? kvm_put_kvm+0x1060/0x1060 [ 35.111383] kvm_vm_release+0x42/0x50 [ 35.115185] __fput+0x38a/0xa40 [ 35.118472] ? __alloc_file+0x400/0x400 [ 35.122448] ? check_same_owner+0x340/0x340 [ 35.126769] ? kasan_check_write+0x14/0x20 [ 35.131004] ? do_raw_spin_lock+0xc1/0x200 [ 35.135237] ____fput+0x15/0x20 [ 35.139023] task_work_run+0x1e8/0x2a0 [ 35.143351] ? task_work_cancel+0x240/0x240 [ 35.147699] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.153235] ? switch_task_namespaces+0xa2/0xd0 [ 35.157907] do_exit+0x1ae4/0x26e0 [ 35.161449] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.166124] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.170396] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.175433] ? kfree+0x1d7/0x210 [ 35.178809] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.183071] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.188787] ? is_bpf_text_address+0xd7/0x170 [ 35.193299] ? kernel_text_address+0x79/0xf0 [ 35.197709] ? __kernel_text_address+0xd/0x40 [ 35.202203] ? unwind_get_return_address+0x61/0xa0 [ 35.207137] ? __save_stack_trace+0x8d/0xf0 [ 35.211463] ? save_stack+0xa9/0xd0 [ 35.215096] ? save_stack+0x43/0xd0 [ 35.218744] ? __kasan_slab_free+0x11a/0x170 [ 35.223157] ? kasan_slab_free+0xe/0x10 [ 35.227133] ? putname+0xf2/0x130 [ 35.230586] ? __x64_sys_openat+0x9d/0x100 [ 35.234824] ? do_syscall_64+0x1b9/0x820 [ 35.238884] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.244248] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.248666] ? kasan_check_read+0x11/0x20 [ 35.252816] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.257218] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.261632] ? initcall_blacklisted+0x9a/0x1e0 [ 35.266234] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.271344] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.277059] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.282608] ? do_vfs_ioctl+0x201/0x1720 [ 35.286678] ? rcu_is_watching+0x8c/0x150 [ 35.290844] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.295254] ? ioctl_preallocate+0x300/0x300 [ 35.299690] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.305240] ? __fget_light+0x2f7/0x440 [ 35.309214] ? fget_raw+0x20/0x20 [ 35.312685] ? putname+0xf2/0x130 [ 35.316141] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.321165] ? kmem_cache_free+0x246/0x280 [ 35.325419] ? putname+0xf7/0x130 [ 35.328873] do_group_exit+0x177/0x440 [ 35.332757] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.337076] ? __ia32_sys_exit+0x50/0x50 [ 35.341132] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.346263] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.351797] ? ksys_ioctl+0x81/0xd0 [ 35.355434] __x64_sys_exit_group+0x3e/0x50 [ 35.359799] do_syscall_64+0x1b9/0x820 [ 35.363715] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.369106] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.374048] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.378899] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.383927] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.388976] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.394023] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.398893] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.404095] RIP: 0033:0x43ef08 [ 35.407296] Code: Bad RIP value. [ 35.410675] RSP: 002b:00007ffd2c65b2b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.418407] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 35.425693] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.432974] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.440248] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.447520] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.454799] [ 35.454805] ====================================================== [ 35.454810] WARNING: possible circular locking dependency detected [ 35.454814] 4.19.0-rc1+ #217 Not tainted [ 35.454819] ------------------------------------------------------ [ 35.454824] syz-executor354/4657 is trying to acquire lock: [ 35.454828] 0000000008aaf010 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 35.454843] [ 35.454846] but task is already holding lock: [ 35.454850] 00000000fea2a1ca (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.454863] [ 35.454868] which lock already depends on the new lock. [ 35.454870] [ 35.454873] [ 35.454877] the existing dependency chain (in reverse order) is: [ 35.454880] [ 35.454882] -> #3 (report_lock){....}: [ 35.454896] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.454900] kasan_report+0x8e/0x110 [ 35.454904] __asan_report_load8_noabort+0x14/0x20 [ 35.454908] __schedule+0xf54/0x1df0 [ 35.454912] preempt_schedule_common+0x22/0x60 [ 35.454916] _cond_resched+0x1d/0x30 [ 35.454920] wait_for_completion+0xa5/0x8d0 [ 35.454924] __synchronize_srcu+0x189/0x240 [ 35.454928] synchronize_srcu+0x335/0x56f [ 35.454933] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.454937] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.454941] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.454945] kvm_put_kvm+0x73f/0x1060 [ 35.454949] kvm_vm_release+0x42/0x50 [ 35.454952] __fput+0x38a/0xa40 [ 35.454956] ____fput+0x15/0x20 [ 35.454960] task_work_run+0x1e8/0x2a0 [ 35.454963] do_exit+0x1ae4/0x26e0 [ 35.454967] do_group_exit+0x177/0x440 [ 35.454971] __x64_sys_exit_group+0x3e/0x50 [ 35.454975] do_syscall_64+0x1b9/0x820 [ 35.454979] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.454982] [ 35.454984] -> #2 (&rq->lock){-.-.}: [ 35.455011] _raw_spin_lock+0x2a/0x40 [ 35.455014] task_fork_fair+0x93/0x680 [ 35.455018] sched_fork+0x44b/0xbd0 [ 35.455022] copy_process+0x235e/0x7ad0 [ 35.455025] _do_fork+0x1ca/0x1170 [ 35.455029] kernel_thread+0x34/0x40 [ 35.455032] rest_init+0x22/0xe4 [ 35.455036] start_kernel+0x913/0x94e [ 35.455040] x86_64_start_reservations+0x29/0x2b [ 35.455044] x86_64_start_kernel+0x76/0x79 [ 35.455047] secondary_startup_64+0xa4/0xb0 [ 35.455050] [ 35.455052] -> #1 (&p->pi_lock){-.-.}: [ 35.455065] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.455069] try_to_wake_up+0xd2/0x1250 [ 35.455073] wake_up_process+0x10/0x20 [ 35.455076] __up.isra.1+0x1c0/0x2a0 [ 35.455079] up+0x13c/0x1c0 [ 35.455095] __up_console_sem+0xbe/0x1b0 [ 35.455099] console_unlock+0x506/0x10d0 [ 35.455103] vprintk_emit+0x33a/0x910 [ 35.455106] vprintk_default+0x28/0x30 [ 35.455110] vprintk_func+0x7a/0x117 [ 35.455113] printk+0xa7/0xcf [ 35.455117] load_umh+0x51/0xbd [ 35.455121] do_one_initcall+0x127/0x838 [ 35.455125] kernel_init_freeable+0x4bb/0x5ae [ 35.455129] kernel_init+0x11/0x1b3 [ 35.455132] ret_from_fork+0x3a/0x50 [ 35.455135] [ 35.455137] -> #0 ((console_sem).lock){-...}: [ 35.455152] lock_acquire+0x1e4/0x4f0 [ 35.455156] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.455159] down_trylock+0x13/0x70 [ 35.455164] __down_trylock_console_sem+0xae/0x200 [ 35.455168] console_trylock+0x15/0xa0 [ 35.455171] vprintk_emit+0x31f/0x910 [ 35.455175] vprintk_default+0x28/0x30 [ 35.455179] vprintk_func+0x7a/0x117 [ 35.455182] printk+0xa7/0xcf [ 35.455186] kasan_report+0x9e/0x110 [ 35.455190] __asan_report_load8_noabort+0x14/0x20 [ 35.455194] __schedule+0xf54/0x1df0 [ 35.455198] preempt_schedule_common+0x22/0x60 [ 35.455202] _cond_resched+0x1d/0x30 [ 35.455206] wait_for_completion+0xa5/0x8d0 [ 35.455210] __synchronize_srcu+0x189/0x240 [ 35.455214] synchronize_srcu+0x335/0x56f [ 35.455219] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.455223] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.455227] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.455230] kvm_put_kvm+0x73f/0x1060 [ 35.455234] kvm_vm_release+0x42/0x50 [ 35.455238] __fput+0x38a/0xa40 [ 35.455241] ____fput+0x15/0x20 [ 35.455245] task_work_run+0x1e8/0x2a0 [ 35.455249] do_exit+0x1ae4/0x26e0 [ 35.455252] do_group_exit+0x177/0x440 [ 35.455257] __x64_sys_exit_group+0x3e/0x50 [ 35.455260] do_syscall_64+0x1b9/0x820 [ 35.455265] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.455267] [ 35.455271] other info that might help us debug this: [ 35.455274] [ 35.455277] Chain exists of: [ 35.455279] (console_sem).lock --> &rq->lock --> report_lock [ 35.455297] [ 35.455300] Possible unsafe locking scenario: [ 35.455303] [ 35.455307] CPU0 CPU1 [ 35.455311] ---- ---- [ 35.455313] lock(report_lock); [ 35.455322] lock(&rq->lock); [ 35.455331] lock(report_lock); [ 35.455339] lock((console_sem).lock); [ 35.455347] [ 35.455350] *** DEADLOCK *** [ 35.455352] [ 35.455356] 2 locks held by syz-executor354/4657: [ 35.455358] #0: 000000000aeabe2f (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 35.455375] #1: 00000000fea2a1ca (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.455391] [ 35.455394] stack backtrace: [ 35.455400] CPU: 0 PID: 4657 Comm: syz-executor354 Not tainted 4.19.0-rc1+ #217 [ 35.455407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.455410] Call Trace: [ 35.455414] dump_stack+0x1c9/0x2b4 [ 35.455418] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.455422] ? vprintk_func+0x100/0x117 [ 35.455427] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 35.455430] ? save_trace+0xe0/0x290 [ 35.455434] __lock_acquire+0x3449/0x5020 [ 35.455438] ? mark_held_locks+0x160/0x160 [ 35.455442] ? mark_held_locks+0x160/0x160 [ 35.455446] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.455450] ? is_bpf_text_address+0xd7/0x170 [ 35.455454] ? kernel_text_address+0x79/0xf0 [ 35.455458] ? __kernel_text_address+0xd/0x40 [ 35.455462] ? __save_stack_trace+0x8d/0xf0 [ 35.455467] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 35.455470] ? save_trace+0x290/0x290 [ 35.455474] ? save_stack_trace+0x1a/0x20 [ 35.455478] ? save_trace+0xe0/0x290 [ 35.455481] ? graph_lock+0x170/0x170 [ 35.455486] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.455490] lock_acquire+0x1e4/0x4f0 [ 35.455494] ? down_trylock+0x13/0x70 [ 35.455497] ? lock_release+0x9f0/0x9f0 [ 35.455501] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.455505] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.455509] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.455513] ? log_store+0x34f/0x4c0 [ 35.455517] ? vprintk_emit+0x31f/0x910 [ 35.455521] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.455525] ? down_trylock+0x13/0x70 [ 35.455528] down_trylock+0x13/0x70 [ 35.455532] __down_trylock_console_sem+0xae/0x200 [ 35.455549] console_trylock+0x15/0xa0 [ 35.455553] vprintk_emit+0x31f/0x910 [ 35.455557] ? wake_up_klogd+0x110/0x110 [ 35.455561] ? run_rebalance_domains+0x4c0/0x4c0 [ 35.455564] ? kasan_check_read+0x11/0x20 [ 35.455568] ? rcu_is_watching+0x8c/0x150 [ 35.455584] ? rcu_pm_notify+0xc0/0xc0 [ 35.455588] ? lock_acquire+0x1e4/0x4f0 [ 35.455605] ? kasan_report+0x8e/0x110 [ 35.455609] ? __schedule+0xf54/0x1df0 [ 35.455613] vprintk_default+0x28/0x30 [ 35.455616] vprintk_func+0x7a/0x117 [ 35.455619] printk+0xa7/0xcf [ 35.455623] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.455627] ? kasan_check_write+0x14/0x20 [ 35.455631] ? do_raw_spin_lock+0xc1/0x200 [ 35.455634] ? do_raw_spin_lock+0xc1/0x200 [ 35.455638] kasan_report+0x9e/0x110 [ 35.455648] __asan_report_load8_noabort+0x14/0x20 [ 35.455652] __schedule+0xf54/0x1df0 [ 35.455679] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.455683] ? __sched_text_start+0x8/0x8 [ 35.455687] ? __call_srcu+0x7e7/0x1040 [ 35.455691] ? check_same_owner+0x340/0x340 [ 35.455695] ? mark_held_locks+0x160/0x160 [ 35.455698] ? find_held_lock+0x36/0x1c0 [ 35.455702] preempt_schedule_common+0x22/0x60 [ 35.455706] _cond_resched+0x1d/0x30 [ 35.455710] wait_for_completion+0xa5/0x8d0 [ 35.455715] ? wait_for_completion_interruptible+0x950/0x950 [ 35.455719] ? __lockdep_init_map+0x105/0x590 [ 35.455723] ? __init_waitqueue_head+0x9e/0x150 [ 35.455727] ? init_wait_entry+0x1c0/0x1c0 [ 35.455731] __synchronize_srcu+0x189/0x240 [ 35.455735] ? call_srcu+0x10/0x10 [ 35.455739] ? rcu_unexpedite_gp+0x20/0x20 [ 35.455756] synchronize_srcu+0x335/0x56f [ 35.455760] ? lock_downgrade+0x8f0/0x8f0 [ 35.455765] ? synchronize_srcu_expedited+0x20/0x20 [ 35.455768] ? kasan_check_read+0x11/0x20 [ 35.455772] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.455776] ? kasan_check_write+0x14/0x20 [ 35.455780] ? do_raw_spin_lock+0xc1/0x200 [ 35.455785] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.455789] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.455793] ? kvfree+0x61/0x70 [ 35.455797] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.455801] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.455804] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.455808] ? kvm_arch_sync_events+0x30/0x30 [ 35.455813] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.455817] ? mmu_notifier_unregister+0x474/0x600 [ 35.455821] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.455824] ? kfree+0x111/0x210 [ 35.455828] ? __mmu_notifier_register+0x30/0x30 [ 35.455832] ? __free_pages+0x10a/0x190 [ 35.455836] ? free_unref_page+0x930/0x930 [ 35.455839] kvm_put_kvm+0x73f/0x1060 [ 35.455843] ? kvm_write_guest_cached+0x40/0x40 [ 35.455847] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.455851] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.455855] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.455859] ? kasan_check_write+0x14/0x20 [ 35.455863] ? do_raw_spin_lock+0xc1/0x200 [ 35.455866] ? kvm_irqfd_release+0xdd/0x120 [ 35.455870] ? kvm_irqfd_release+0xdd/0x120 [ 35.455874] ? kvm_put_kvm+0x1060/0x1060 [ 35.455877] kvm_vm_release+0x42/0x50 [ 35.455881] __fput+0x38a/0xa40 [ 35.455884] ? __alloc_file+0x400/0x400 [ 35.455888] ? check_same_owner+0x340/0x340 [ 35.455892] ? kasan_check_write+0x14/0x20 [ 35.455896] ? do_raw_spin_lock+0xc1/0x200 [ 35.455899] ____fput+0x15/0x20 [ 35.455903] task_work_run+0x1e8/0x2a0 [ 35.455906] ? task_work_cancel+0x240/0x240 [ 35.455911] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.455915] ? switch_task_namespaces+0xa2/0xd0 [ 35.455918] do_exit+0x1ae4/0x26e0 [ 35.455922] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.455926] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.455945] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.455949] ? kfree+0x1d7/0x210 [ 35.455953] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.455971] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.455975] ? is_bpf_text_address+0xd7/0x170 [ 35.455977] ? [ 35.455986] Lost 55 message(s)! [ 36.559468] Shutting down cpus with NMI [ 37.619407] Dumping ftrace buffer: [ 37.622939] (ftrace buffer empty) [ 37.626629] Kernel Offset: disabled [ 37.630239] Rebooting in 86400 seconds..