[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.166409] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.319172] random: sshd: uninitialized urandom read (32 bytes read) [ 26.546482] random: sshd: uninitialized urandom read (32 bytes read) [ 27.114194] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.61' (ECDSA) to the list of known hosts. [ 32.921752] urandom_read: 1 callbacks suppressed [ 32.921758] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.024092] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.048159] ================================================================== [ 33.058062] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.064290] Read of size 8 at addr ffff8801b6960058 by task syz-executor348/4667 [ 33.071809] [ 33.073438] CPU: 1 PID: 4667 Comm: syz-executor348 Not tainted 4.19.0-rc1+ #217 [ 33.080871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.090214] Call Trace: [ 33.092814] dump_stack+0x1c9/0x2b4 [ 33.096443] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.101633] ? printk+0xa7/0xcf [ 33.104913] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.109667] ? __schedule+0xf54/0x1df0 [ 33.113553] print_address_description+0x6c/0x20b [ 33.118402] ? __schedule+0xf54/0x1df0 [ 33.122289] kasan_report.cold.7+0x242/0x30d [ 33.126699] __asan_report_load8_noabort+0x14/0x20 [ 33.131623] __schedule+0xf54/0x1df0 [ 33.135332] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.140436] ? __sched_text_start+0x8/0x8 [ 33.144584] ? __call_srcu+0x7e7/0x1040 [ 33.148562] ? check_same_owner+0x340/0x340 [ 33.152880] ? mark_held_locks+0x160/0x160 [ 33.157112] ? find_held_lock+0x36/0x1c0 [ 33.161172] preempt_schedule_common+0x22/0x60 [ 33.165769] _cond_resched+0x1d/0x30 [ 33.169487] wait_for_completion+0xa5/0x8d0 [ 33.173813] ? wait_for_completion_interruptible+0x950/0x950 [ 33.179626] ? __lockdep_init_map+0x105/0x590 [ 33.184123] ? __init_waitqueue_head+0x9e/0x150 [ 33.188795] ? init_wait_entry+0x1c0/0x1c0 [ 33.193034] __synchronize_srcu+0x189/0x240 [ 33.197350] ? call_srcu+0x10/0x10 [ 33.200893] ? rcu_unexpedite_gp+0x20/0x20 [ 33.205133] synchronize_srcu+0x335/0x56f [ 33.209278] ? lock_downgrade+0x8f0/0x8f0 [ 33.213423] ? synchronize_srcu_expedited+0x20/0x20 [ 33.218437] ? kasan_check_read+0x11/0x20 [ 33.222580] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.227157] ? kasan_check_write+0x14/0x20 [ 33.231389] ? do_raw_spin_lock+0xc1/0x200 [ 33.235623] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.241335] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.246784] ? kvfree+0x61/0x70 [ 33.250070] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.255103] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.259159] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.263563] ? kvm_arch_sync_events+0x30/0x30 [ 33.268060] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.273597] ? mmu_notifier_unregister+0x474/0x600 [ 33.278520] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.282923] ? kfree+0x111/0x210 [ 33.286290] ? __mmu_notifier_register+0x30/0x30 [ 33.291049] ? __free_pages+0x10a/0x190 [ 33.295020] ? free_unref_page+0x930/0x930 [ 33.299278] kvm_put_kvm+0x73f/0x1060 [ 33.303084] ? kvm_write_guest_cached+0x40/0x40 [ 33.307753] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.312252] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.316765] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.321355] ? kasan_check_write+0x14/0x20 [ 33.325587] ? do_raw_spin_lock+0xc1/0x200 [ 33.329824] ? kvm_irqfd_release+0xdd/0x120 [ 33.334159] ? kvm_irqfd_release+0xdd/0x120 [ 33.338484] ? kvm_put_kvm+0x1060/0x1060 [ 33.342545] kvm_vm_release+0x42/0x50 [ 33.346341] __fput+0x38a/0xa40 [ 33.349624] ? __alloc_file+0x400/0x400 [ 33.353602] ? check_same_owner+0x340/0x340 [ 33.357922] ? kasan_check_write+0x14/0x20 [ 33.362155] ? do_raw_spin_lock+0xc1/0x200 [ 33.366395] ____fput+0x15/0x20 [ 33.369679] task_work_run+0x1e8/0x2a0 [ 33.373571] ? task_work_cancel+0x240/0x240 [ 33.377902] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.383436] ? switch_task_namespaces+0xa2/0xd0 [ 33.388103] do_exit+0x1ae4/0x26e0 [ 33.391646] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.396322] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.400555] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.405567] ? kfree+0x1d7/0x210 [ 33.408935] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.413173] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.418889] ? is_bpf_text_address+0xd7/0x170 [ 33.423387] ? kernel_text_address+0x79/0xf0 [ 33.427799] ? __kernel_text_address+0xd/0x40 [ 33.432298] ? unwind_get_return_address+0x61/0xa0 [ 33.437229] ? __save_stack_trace+0x8d/0xf0 [ 33.441564] ? save_stack+0xa9/0xd0 [ 33.445187] ? save_stack+0x43/0xd0 [ 33.448811] ? __kasan_slab_free+0x11a/0x170 [ 33.453218] ? kasan_slab_free+0xe/0x10 [ 33.457199] ? putname+0xf2/0x130 [ 33.460650] ? __x64_sys_openat+0x9d/0x100 [ 33.464888] ? do_syscall_64+0x1b9/0x820 [ 33.468951] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.474319] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.478727] ? kasan_check_read+0x11/0x20 [ 33.482873] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.487278] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.491692] ? initcall_blacklisted+0x9a/0x1e0 [ 33.496275] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.501386] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.507101] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.512638] ? do_vfs_ioctl+0x201/0x1720 [ 33.516696] ? rcu_is_watching+0x8c/0x150 [ 33.520841] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.525163] ? ioctl_preallocate+0x300/0x300 [ 33.529574] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.535114] ? __fget_light+0x2f7/0x440 [ 33.539085] ? fget_raw+0x20/0x20 [ 33.542534] ? putname+0xf2/0x130 [ 33.545988] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.551002] ? kmem_cache_free+0x246/0x280 [ 33.555258] ? putname+0xf7/0x130 [ 33.558715] do_group_exit+0x177/0x440 [ 33.562602] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.566919] ? __ia32_sys_exit+0x50/0x50 [ 33.570976] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.576082] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.581617] ? ksys_ioctl+0x81/0xd0 [ 33.585256] __x64_sys_exit_group+0x3e/0x50 [ 33.589580] do_syscall_64+0x1b9/0x820 [ 33.593467] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.598832] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.603760] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.608601] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.613619] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.618638] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.623482] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.628666] RIP: 0033:0x43ecc8 [ 33.631863] Code: Bad RIP value. [ 33.635220] RSP: 002b:00007ffef2352ad8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.643108] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 33.650375] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.657640] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.664905] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.673214] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.680492] [ 33.682114] Allocated by task 4667: [ 33.685745] save_stack+0x43/0xd0 [ 33.689192] kasan_kmalloc+0xc4/0xe0 [ 33.692903] kasan_slab_alloc+0x12/0x20 [ 33.696870] kmem_cache_alloc+0x12e/0x710 [ 33.701028] vmx_create_vcpu+0xcf/0x2830 [ 33.705086] kvm_arch_vcpu_create+0xe5/0x220 [ 33.709493] kvm_vm_ioctl+0x488/0x1d80 [ 33.713378] do_vfs_ioctl+0x1de/0x1720 [ 33.717267] ksys_ioctl+0xa9/0xd0 [ 33.720716] __x64_sys_ioctl+0x73/0xb0 [ 33.724603] do_syscall_64+0x1b9/0x820 [ 33.728488] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.733661] [ 33.735278] Freed by task 4667: [ 33.738554] save_stack+0x43/0xd0 [ 33.742003] __kasan_slab_free+0x11a/0x170 [ 33.746243] kasan_slab_free+0xe/0x10 [ 33.750044] kmem_cache_free+0x86/0x280 [ 33.754014] vmx_free_vcpu+0x26b/0x300 [ 33.757899] kvm_arch_destroy_vm+0x365/0x7c0 [ 33.762308] kvm_put_kvm+0x73f/0x1060 [ 33.766108] kvm_vm_release+0x42/0x50 [ 33.769890] __fput+0x38a/0xa40 [ 33.773164] ____fput+0x15/0x20 [ 33.776443] task_work_run+0x1e8/0x2a0 [ 33.780336] do_exit+0x1ae4/0x26e0 [ 33.783872] do_group_exit+0x177/0x440 [ 33.787758] __x64_sys_exit_group+0x3e/0x50 [ 33.792081] do_syscall_64+0x1b9/0x820 [ 33.795968] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.801147] [ 33.802773] The buggy address belongs to the object at ffff8801b6960040 [ 33.802773] which belongs to the cache kvm_vcpu of size 23872 [ 33.815352] The buggy address is located 24 bytes inside of [ 33.815352] 23872-byte region [ffff8801b6960040, ffff8801b6965d80) [ 33.827312] The buggy address belongs to the page: [ 33.832257] page:ffffea0006da5800 count:1 mapcount:0 mapping:ffff8801d8778000 index:0x0 compound_mapcount: 0 [ 33.842233] flags: 0x2fffc0000008100(slab|head) [ 33.846920] raw: 02fffc0000008100 ffff8801d524d848 ffff8801d524d848 ffff8801d8778000 [ 33.854801] raw: 0000000000000000 ffff8801b6960040 0000000100000001 0000000000000000 [ 33.862672] page dumped because: kasan: bad access detected [ 33.868395] [ 33.870014] Memory state around the buggy address: [ 33.874942] ffff8801b695ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.882300] ffff8801b695ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.889662] >ffff8801b6960000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 33.897012] ^ [ 33.903250] ffff8801b6960080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.910608] ffff8801b6960100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.917959] ================================================================== [ 33.925312] Kernel panic - not syncing: panic_on_warn set ... [ 33.925312] [ 33.932998] CPU: 1 PID: 4667 Comm: syz-executor348 Tainted: G B 4.19.0-rc1+ #217 [ 33.941816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.951152] Call Trace: [ 33.953732] dump_stack+0x1c9/0x2b4 [ 33.957341] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.962515] ? lock_downgrade+0x8f0/0x8f0 [ 33.966738] ? __schedule+0xf54/0x1df0 [ 33.970637] panic+0x238/0x4e7 [ 33.973825] ? add_taint.cold.5+0x16/0x16 [ 33.977980] ? print_shadow_for_address+0xba/0x116 [ 33.982906] ? trace_hardirqs_off+0xaf/0x2b0 [ 33.987309] ? trace_hardirqs_off+0x77/0x2b0 [ 33.991719] ? __schedule+0xf54/0x1df0 [ 33.995610] kasan_end_report+0x47/0x4f [ 33.999585] kasan_report.cold.7+0x76/0x30d [ 34.003907] __asan_report_load8_noabort+0x14/0x20 [ 34.008836] __schedule+0xf54/0x1df0 [ 34.012547] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.017653] ? __sched_text_start+0x8/0x8 [ 34.021806] ? __call_srcu+0x7e7/0x1040 [ 34.025784] ? check_same_owner+0x340/0x340 [ 34.030101] ? mark_held_locks+0x160/0x160 [ 34.034330] ? find_held_lock+0x36/0x1c0 [ 34.038392] preempt_schedule_common+0x22/0x60 [ 34.042977] _cond_resched+0x1d/0x30 [ 34.046690] wait_for_completion+0xa5/0x8d0 [ 34.051011] ? wait_for_completion_interruptible+0x950/0x950 [ 34.056812] ? __lockdep_init_map+0x105/0x590 [ 34.061312] ? __init_waitqueue_head+0x9e/0x150 [ 34.065981] ? init_wait_entry+0x1c0/0x1c0 [ 34.070220] __synchronize_srcu+0x189/0x240 [ 34.074545] ? call_srcu+0x10/0x10 [ 34.078083] ? rcu_unexpedite_gp+0x20/0x20 [ 34.082324] synchronize_srcu+0x335/0x56f [ 34.086468] ? lock_downgrade+0x8f0/0x8f0 [ 34.090613] ? synchronize_srcu_expedited+0x20/0x20 [ 34.095630] ? kasan_check_read+0x11/0x20 [ 34.099782] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.104364] ? kasan_check_write+0x14/0x20 [ 34.108625] ? do_raw_spin_lock+0xc1/0x200 [ 34.112868] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.118580] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.124032] ? kvfree+0x61/0x70 [ 34.127311] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.132330] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.136389] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.140802] ? kvm_arch_sync_events+0x30/0x30 [ 34.145300] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.150838] ? mmu_notifier_unregister+0x474/0x600 [ 34.155769] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.160176] ? kfree+0x111/0x210 [ 34.163545] ? __mmu_notifier_register+0x30/0x30 [ 34.168325] ? __free_pages+0x10a/0x190 [ 34.172302] ? free_unref_page+0x930/0x930 [ 34.176543] kvm_put_kvm+0x73f/0x1060 [ 34.180348] ? kvm_write_guest_cached+0x40/0x40 [ 34.185193] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.189683] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.194180] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.198787] ? kasan_check_write+0x14/0x20 [ 34.203023] ? do_raw_spin_lock+0xc1/0x200 [ 34.207270] ? kvm_irqfd_release+0xdd/0x120 [ 34.211586] ? kvm_irqfd_release+0xdd/0x120 [ 34.215909] ? kvm_put_kvm+0x1060/0x1060 [ 34.219971] kvm_vm_release+0x42/0x50 [ 34.223773] __fput+0x38a/0xa40 [ 34.227051] ? __alloc_file+0x400/0x400 [ 34.231456] ? check_same_owner+0x340/0x340 [ 34.235777] ? kasan_check_write+0x14/0x20 [ 34.240008] ? do_raw_spin_lock+0xc1/0x200 [ 34.244248] ____fput+0x15/0x20 [ 34.247528] task_work_run+0x1e8/0x2a0 [ 34.251414] ? task_work_cancel+0x240/0x240 [ 34.255738] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.261278] ? switch_task_namespaces+0xa2/0xd0 [ 34.265947] do_exit+0x1ae4/0x26e0 [ 34.269496] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.274177] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.278415] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.283429] ? kfree+0x1d7/0x210 [ 34.286835] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.291072] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.296783] ? is_bpf_text_address+0xd7/0x170 [ 34.301276] ? kernel_text_address+0x79/0xf0 [ 34.305686] ? __kernel_text_address+0xd/0x40 [ 34.310179] ? unwind_get_return_address+0x61/0xa0 [ 34.315110] ? __save_stack_trace+0x8d/0xf0 [ 34.319441] ? save_stack+0xa9/0xd0 [ 34.323066] ? save_stack+0x43/0xd0 [ 34.326691] ? __kasan_slab_free+0x11a/0x170 [ 34.331187] ? kasan_slab_free+0xe/0x10 [ 34.335160] ? putname+0xf2/0x130 [ 34.338612] ? __x64_sys_openat+0x9d/0x100 [ 34.342849] ? do_syscall_64+0x1b9/0x820 [ 34.346910] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.352272] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.356684] ? kasan_check_read+0x11/0x20 [ 34.360830] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.365246] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.369655] ? initcall_blacklisted+0x9a/0x1e0 [ 34.374249] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.379412] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.385145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.390681] ? do_vfs_ioctl+0x201/0x1720 [ 34.394742] ? rcu_is_watching+0x8c/0x150 [ 34.398883] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.403204] ? ioctl_preallocate+0x300/0x300 [ 34.407621] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.413156] ? __fget_light+0x2f7/0x440 [ 34.417130] ? fget_raw+0x20/0x20 [ 34.420577] ? putname+0xf2/0x130 [ 34.424033] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.429049] ? kmem_cache_free+0x246/0x280 [ 34.433285] ? putname+0xf7/0x130 [ 34.436736] do_group_exit+0x177/0x440 [ 34.440623] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.444945] ? __ia32_sys_exit+0x50/0x50 [ 34.449007] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.454113] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.459650] ? ksys_ioctl+0x81/0xd0 [ 34.463280] __x64_sys_exit_group+0x3e/0x50 [ 34.467627] do_syscall_64+0x1b9/0x820 [ 34.471515] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.476877] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.481804] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.486644] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.491663] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.496685] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.501545] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.506736] RIP: 0033:0x43ecc8 [ 34.509931] Code: Bad RIP value. [ 34.513296] RSP: 002b:00007ffef2352ad8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.521003] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 34.528272] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.535538] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.542802] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.550069] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.557349] [ 34.557355] ====================================================== [ 34.557360] WARNING: possible circular locking dependency detected [ 34.557364] 4.19.0-rc1+ #217 Not tainted [ 34.557369] ------------------------------------------------------ [ 34.557374] syz-executor348/4667 is trying to acquire lock: [ 34.557378] 000000001946fddc ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 34.557394] [ 34.557397] but task is already holding lock: [ 34.557401] 0000000045ec5a86 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.557415] [ 34.557419] which lock already depends on the new lock. [ 34.557421] [ 34.557424] [ 34.557429] the existing dependency chain (in reverse order) is: [ 34.557431] [ 34.557434] -> #3 (report_lock){....}: [ 34.557448] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.557452] kasan_report+0x8e/0x110 [ 34.557457] __asan_report_load8_noabort+0x14/0x20 [ 34.557461] __schedule+0xf54/0x1df0 [ 34.557465] preempt_schedule_common+0x22/0x60 [ 34.557469] _cond_resched+0x1d/0x30 [ 34.557473] wait_for_completion+0xa5/0x8d0 [ 34.557478] __synchronize_srcu+0x189/0x240 [ 34.557482] synchronize_srcu+0x335/0x56f [ 34.557487] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.557491] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.557495] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.557499] kvm_put_kvm+0x73f/0x1060 [ 34.557503] kvm_vm_release+0x42/0x50 [ 34.557506] __fput+0x38a/0xa40 [ 34.557510] ____fput+0x15/0x20 [ 34.557514] task_work_run+0x1e8/0x2a0 [ 34.557518] do_exit+0x1ae4/0x26e0 [ 34.557522] do_group_exit+0x177/0x440 [ 34.557526] __x64_sys_exit_group+0x3e/0x50 [ 34.557530] do_syscall_64+0x1b9/0x820 [ 34.557534] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.557537] [ 34.557539] -> #2 (&rq->lock){-.-.}: [ 34.557553] _raw_spin_lock+0x2a/0x40 [ 34.557557] task_fork_fair+0x93/0x680 [ 34.557561] sched_fork+0x44b/0xbd0 [ 34.557565] copy_process+0x235e/0x7ad0 [ 34.557568] _do_fork+0x1ca/0x1170 [ 34.557572] kernel_thread+0x34/0x40 [ 34.557576] rest_init+0x22/0xe4 [ 34.557580] start_kernel+0x913/0x94e [ 34.557584] x86_64_start_reservations+0x29/0x2b [ 34.557588] x86_64_start_kernel+0x76/0x79 [ 34.557592] secondary_startup_64+0xa4/0xb0 [ 34.557594] [ 34.557597] -> #1 (&p->pi_lock){-.-.}: [ 34.557611] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.557615] try_to_wake_up+0xd2/0x1250 [ 34.557619] wake_up_process+0x10/0x20 [ 34.557623] __up.isra.1+0x1c0/0x2a0 [ 34.557626] up+0x13c/0x1c0 [ 34.557630] __up_console_sem+0xbe/0x1b0 [ 34.557634] console_unlock+0x506/0x10d0 [ 34.557638] vprintk_emit+0x33a/0x910 [ 34.557642] vprintk_default+0x28/0x30 [ 34.557646] vprintk_func+0x7a/0x117 [ 34.557649] printk+0xa7/0xcf [ 34.557653] load_umh+0x51/0xbd [ 34.557657] do_one_initcall+0x127/0x838 [ 34.557661] kernel_init_freeable+0x4bb/0x5ae [ 34.557665] kernel_init+0x11/0x1b3 [ 34.557668] ret_from_fork+0x3a/0x50 [ 34.557671] [ 34.557673] -> #0 ((console_sem).lock){-...}: [ 34.557687] lock_acquire+0x1e4/0x4f0 [ 34.557692] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.557696] down_trylock+0x13/0x70 [ 34.557700] __down_trylock_console_sem+0xae/0x200 [ 34.557704] console_trylock+0x15/0xa0 [ 34.557708] vprintk_emit+0x31f/0x910 [ 34.557712] vprintk_default+0x28/0x30 [ 34.557716] vprintk_func+0x7a/0x117 [ 34.557719] printk+0xa7/0xcf [ 34.557723] kasan_report+0x9e/0x110 [ 34.557728] __asan_report_load8_noabort+0x14/0x20 [ 34.557731] __schedule+0xf54/0x1df0 [ 34.557736] preempt_schedule_common+0x22/0x60 [ 34.557739] _cond_resched+0x1d/0x30 [ 34.557744] wait_for_completion+0xa5/0x8d0 [ 34.557748] __synchronize_srcu+0x189/0x240 [ 34.557752] synchronize_srcu+0x335/0x56f [ 34.557757] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.557761] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.557765] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.557769] kvm_put_kvm+0x73f/0x1060 [ 34.557773] kvm_vm_release+0x42/0x50 [ 34.557777] __fput+0x38a/0xa40 [ 34.557780] ____fput+0x15/0x20 [ 34.557784] task_work_run+0x1e8/0x2a0 [ 34.557788] do_exit+0x1ae4/0x26e0 [ 34.557792] do_group_exit+0x177/0x440 [ 34.557796] __x64_sys_exit_group+0x3e/0x50 [ 34.557800] do_syscall_64+0x1b9/0x820 [ 34.557804] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.557807] [ 34.557811] other info that might help us debug this: [ 34.557813] [ 34.557816] Chain exists of: [ 34.557818] (console_sem).lock --> &rq->lock --> report_lock [ 34.557837] [ 34.557841] Possible unsafe locking scenario: [ 34.557843] [ 34.557847] CPU0 CPU1 [ 34.557851] ---- ---- [ 34.557854] lock(report_lock); [ 34.557863] lock(&rq->lock); [ 34.557872] lock(report_lock); [ 34.557880] lock((console_sem).lock); [ 34.557889] [ 34.557892] *** DEADLOCK *** [ 34.557894] [ 34.557898] 2 locks held by syz-executor348/4667: [ 34.557900] #0: 000000008b052447 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 34.557917] #1: 0000000045ec5a86 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.557934] [ 34.557937] stack backtrace: [ 34.557943] CPU: 1 PID: 4667 Comm: syz-executor348 Not tainted 4.19.0-rc1+ #217 [ 34.557955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.557959] Call Trace: [ 34.557962] dump_stack+0x1c9/0x2b4 [ 34.557967] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.557971] ? vprintk_func+0x100/0x117 [ 34.557976] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 34.557980] ? save_trace+0xe0/0x290 [ 34.557984] __lock_acquire+0x3449/0x5020 [ 34.557988] ? mark_held_locks+0x160/0x160 [ 34.557992] ? mark_held_locks+0x160/0x160 [ 34.557996] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.558000] ? is_bpf_text_address+0xd7/0x170 [ 34.558005] ? kernel_text_address+0x79/0xf0 [ 34.558009] ? __kernel_text_address+0xd/0x40 [ 34.558013] ? __save_stack_trace+0x8d/0xf0 [ 34.558018] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 34.558021] ? save_trace+0x290/0x290 [ 34.558025] ? save_stack_trace+0x1a/0x20 [ 34.558029] ? save_trace+0xe0/0x290 [ 34.558033] ? graph_lock+0x170/0x170 [ 34.558038] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.558042] lock_acquire+0x1e4/0x4f0 [ 34.558046] ? down_trylock+0x13/0x70 [ 34.558050] ? lock_release+0x9f0/0x9f0 [ 34.558054] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.558058] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.558062] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.558066] ? log_store+0x34f/0x4c0 [ 34.558070] ? vprintk_emit+0x31f/0x910 [ 34.558074] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.558078] ? down_trylock+0x13/0x70 [ 34.558081] down_trylock+0x13/0x70 [ 34.558086] __down_trylock_console_sem+0xae/0x200 [ 34.558090] console_trylock+0x15/0xa0 [ 34.558093] vprintk_emit+0x31f/0x910 [ 34.558097] ? wake_up_klogd+0x110/0x110 [ 34.558102] ? run_rebalance_domains+0x4c0/0x4c0 [ 34.558106] ? kasan_check_read+0x11/0x20 [ 34.558110] ? rcu_is_watching+0x8c/0x150 [ 34.558114] ? rcu_pm_notify+0xc0/0xc0 [ 34.558118] ? lock_acquire+0x1e4/0x4f0 [ 34.558121] ? kasan_report+0x8e/0x110 [ 34.558125] ? __schedule+0xf54/0x1df0 [ 34.558129] vprintk_default+0x28/0x30 [ 34.558133] vprintk_func+0x7a/0x117 [ 34.558136] printk+0xa7/0xcf [ 34.558141] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.558145] ? kasan_check_write+0x14/0x20 [ 34.558149] ? do_raw_spin_lock+0xc1/0x200 [ 34.558153] ? do_raw_spin_lock+0xc1/0x200 [ 34.558156] kasan_report+0x9e/0x110 [ 34.558161] __asan_report_load8_noabort+0x14/0x20 [ 34.558165] __schedule+0xf54/0x1df0 [ 34.558169] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.558173] ? __sched_text_start+0x8/0x8 [ 34.558177] ? __call_srcu+0x7e7/0x1040 [ 34.558181] ? check_same_owner+0x340/0x340 [ 34.558186] ? mark_held_locks+0x160/0x160 [ 34.558189] ? find_held_lock+0x36/0x1c0 [ 34.558194] preempt_schedule_common+0x22/0x60 [ 34.558197] _cond_resched+0x1d/0x30 [ 34.558202] wait_for_completion+0xa5/0x8d0 [ 34.558207] ? wait_for_completion_interruptible+0x950/0x950 [ 34.558211] ? __lockdep_init_map+0x105/0x590 [ 34.558215] ? __init_waitqueue_head+0x9e/0x150 [ 34.558219] ? init_wait_entry+0x1c0/0x1c0 [ 34.558223] __synchronize_srcu+0x189/0x240 [ 34.558227] ? call_srcu+0x10/0x10 [ 34.558231] ? rcu_unexpedite_gp+0x20/0x20 [ 34.558244] synchronize_srcu+0x335/0x56f [ 34.558249] ? lock_downgrade+0x8f0/0x8f0 [ 34.558253] ? synchronize_srcu_expedited+0x20/0x20 [ 34.558257] ? kasan_check_read+0x11/0x20 [ 34.558262] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.558266] ? kasan_check_write+0x14/0x20 [ 34.558270] ? do_raw_spin_lock+0xc1/0x200 [ 34.558275] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.558280] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.558283] ? kvfree+0x61/0x70 [ 34.558288] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.558292] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.558296] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.558300] ? kvm_arch_sync_events+0x30/0x30 [ 34.558305] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.558310] ? mmu_notifier_unregister+0x474/0x600 [ 34.558314] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.558318] ? kfree+0x111/0x210 [ 34.558322] ? __mmu_notifier_register+0x30/0x30 [ 34.558326] ? __free_pages+0x10a/0x190 [ 34.558330] ? free_unref_page+0x930/0x930 [ 34.558334] kvm_put_kvm+0x73f/0x1060 [ 34.558338] ? kvm_write_guest_cached+0x40/0x40 [ 34.558342] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.558346] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.558350] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.558354] ? kasan_check_write+0x14/0x20 [ 34.558359] ? do_raw_spin_lock+0xc1/0x200 [ 34.558363] ? kvm_irqfd_release+0xdd/0x120 [ 34.558367] ? kvm_irqfd_release+0xdd/0x120 [ 34.558371] ? kvm_put_kvm+0x1060/0x1060 [ 34.558375] kvm_vm_release+0x42/0x50 [ 34.558378] __fput+0x38a/0xa40 [ 34.558382] ? __alloc_file+0x400/0x400 [ 34.558386] ? check_same_owner+0x340/0x340 [ 34.558390] ? kasan_check_write+0x14/0x20 [ 34.558394] ? do_raw_spin_lock+0xc1/0x200 [ 34.558397] ____fput+0x15/0x20 [ 34.558401] task_work_run+0x1e8/0x2a0 [ 34.558405] ? task_work_cancel+0x240/0x240 [ 34.558410] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.558414] ? switch_task_namespaces+0xa2/0xd0 [ 34.558418] do_exit+0x1ae4/0x26e0 [ 34.558422] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.558426] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.558431] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.558434] ? kfree+0x1d7/0x210 [ 34.558439] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.558443] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.558448] ? is_bpf_text_address+0xd7/0x170 [ 34.558450] ? [ 34.558459] Lost 54 message(s)! [ 35.684844] Shutting down cpus with NMI [ 36.744153] Dumping ftrace buffer: [ 36.748024] (ftrace buffer empty) [ 36.751716] Kernel Offset: disabled [ 36.755325] Rebooting in 86400 seconds..