[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.993500] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.680732] random: sshd: uninitialized urandom read (32 bytes read) [ 26.961676] random: sshd: uninitialized urandom read (32 bytes read) [ 27.507693] random: sshd: uninitialized urandom read (32 bytes read) [ 27.686549] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.59' (ECDSA) to the list of known hosts. [ 33.406675] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.504769] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.530128] ================================================================== [ 33.538928] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.545160] Read of size 8 at addr ffff8801b6b88058 by task syz-executor677/4669 [ 33.552681] [ 33.554310] CPU: 1 PID: 4669 Comm: syz-executor677 Not tainted 4.19.0-rc2+ #225 [ 33.561749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.571092] Call Trace: [ 33.573698] dump_stack+0x1c9/0x2b4 [ 33.577337] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.582539] ? printk+0xa7/0xcf [ 33.585822] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.590577] ? __schedule+0xf54/0x1df0 [ 33.594472] print_address_description+0x6c/0x20b [ 33.599348] ? __schedule+0xf54/0x1df0 [ 33.603261] kasan_report.cold.7+0x242/0x30d [ 33.607673] __asan_report_load8_noabort+0x14/0x20 [ 33.612613] __schedule+0xf54/0x1df0 [ 33.616325] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.621428] ? __sched_text_start+0x8/0x8 [ 33.625581] ? __call_srcu+0x7e7/0x1040 [ 33.629597] ? check_same_owner+0x340/0x340 [ 33.633955] ? mark_held_locks+0x160/0x160 [ 33.638191] ? find_held_lock+0x36/0x1c0 [ 33.642258] preempt_schedule_common+0x22/0x60 [ 33.646839] _cond_resched+0x1d/0x30 [ 33.650553] wait_for_completion+0xa5/0x8d0 [ 33.654877] ? wait_for_completion_interruptible+0x950/0x950 [ 33.660673] ? __lockdep_init_map+0x105/0x590 [ 33.665168] ? __init_waitqueue_head+0x9e/0x150 [ 33.669841] ? init_wait_entry+0x1c0/0x1c0 [ 33.674082] __synchronize_srcu+0x189/0x240 [ 33.678418] ? call_srcu+0x10/0x10 [ 33.681958] ? rcu_unexpedite_gp+0x20/0x20 [ 33.686200] synchronize_srcu+0x335/0x56f [ 33.690347] ? lock_downgrade+0x8f0/0x8f0 [ 33.694498] ? synchronize_srcu_expedited+0x20/0x20 [ 33.699514] ? kasan_check_read+0x11/0x20 [ 33.703660] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.708244] ? kasan_check_write+0x14/0x20 [ 33.712473] ? do_raw_spin_lock+0xc1/0x200 [ 33.716718] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.722429] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.727880] ? kvfree+0x61/0x70 [ 33.731160] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.736175] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.740233] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.744659] ? kvm_arch_sync_events+0x30/0x30 [ 33.749158] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.754699] ? mmu_notifier_unregister+0x474/0x600 [ 33.759630] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.764035] ? kfree+0x111/0x210 [ 33.767404] ? __mmu_notifier_register+0x30/0x30 [ 33.772158] ? __free_pages+0x10a/0x190 [ 33.776151] ? free_unref_page+0x930/0x930 [ 33.780397] kvm_put_kvm+0x73f/0x1060 [ 33.784201] ? kvm_write_guest_cached+0x40/0x40 [ 33.788873] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.793380] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.797872] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.802456] ? kasan_check_write+0x14/0x20 [ 33.806689] ? do_raw_spin_lock+0xc1/0x200 [ 33.810923] ? kvm_irqfd_release+0xdd/0x120 [ 33.815241] ? kvm_irqfd_release+0xdd/0x120 [ 33.819568] ? kvm_put_kvm+0x1060/0x1060 [ 33.823638] kvm_vm_release+0x42/0x50 [ 33.827435] __fput+0x38a/0xa40 [ 33.830765] ? __alloc_file+0x400/0x400 [ 33.834747] ? check_same_owner+0x340/0x340 [ 33.839067] ? kasan_check_write+0x14/0x20 [ 33.843299] ? do_raw_spin_lock+0xc1/0x200 [ 33.847531] ____fput+0x15/0x20 [ 33.850817] task_work_run+0x1e8/0x2a0 [ 33.855180] ? task_work_cancel+0x240/0x240 [ 33.859506] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.865042] ? switch_task_namespaces+0xa2/0xd0 [ 33.869709] do_exit+0x1ae4/0x26e0 [ 33.873250] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.877921] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.882155] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.887165] ? kfree+0x1d7/0x210 [ 33.890529] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.894784] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.900496] ? is_bpf_text_address+0xd7/0x170 [ 33.904988] ? kernel_text_address+0x79/0xf0 [ 33.909395] ? __kernel_text_address+0xd/0x40 [ 33.913887] ? unwind_get_return_address+0x61/0xa0 [ 33.918815] ? __save_stack_trace+0x8d/0xf0 [ 33.923142] ? save_stack+0xa9/0xd0 [ 33.926782] ? save_stack+0x43/0xd0 [ 33.930409] ? __kasan_slab_free+0x11a/0x170 [ 33.934812] ? kasan_slab_free+0xe/0x10 [ 33.938782] ? putname+0xf2/0x130 [ 33.942232] ? __x64_sys_openat+0x9d/0x100 [ 33.946467] ? do_syscall_64+0x1b9/0x820 [ 33.950526] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.955890] ? trace_hardirqs_off+0xb8/0x2c0 [ 33.960292] ? kasan_check_read+0x11/0x20 [ 33.964442] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.968869] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.973281] ? initcall_blacklisted+0x9a/0x1e0 [ 33.977862] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.983128] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.988838] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.994376] ? do_vfs_ioctl+0x201/0x1720 [ 33.998438] ? rcu_is_watching+0x8c/0x150 [ 34.002579] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.006907] ? ioctl_preallocate+0x300/0x300 [ 34.011315] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.016853] ? __fget_light+0x2f7/0x440 [ 34.020828] ? fget_raw+0x20/0x20 [ 34.024303] ? putname+0xf2/0x130 [ 34.027759] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.032771] ? kmem_cache_free+0x246/0x280 [ 34.037001] ? putname+0xf7/0x130 [ 34.040454] do_group_exit+0x177/0x440 [ 34.044339] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.048665] ? __ia32_sys_exit+0x50/0x50 [ 34.052726] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.057825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.063359] ? ksys_ioctl+0x81/0xd0 [ 34.066993] __x64_sys_exit_group+0x3e/0x50 [ 34.071314] do_syscall_64+0x1b9/0x820 [ 34.075199] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.080561] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.085489] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.090331] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 34.095346] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.100373] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.105392] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.110239] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.115424] RIP: 0033:0x43ecf8 [ 34.118624] Code: Bad RIP value. [ 34.121982] RSP: 002b:00007fff188362d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.129686] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8 [ 34.136954] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.144219] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.151480] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.158755] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.166025] [ 34.167658] Allocated by task 4669: [ 34.171285] save_stack+0x43/0xd0 [ 34.174732] kasan_kmalloc+0xc4/0xe0 [ 34.178441] kasan_slab_alloc+0x12/0x20 [ 34.182410] kmem_cache_alloc+0x12e/0x710 [ 34.186557] vmx_create_vcpu+0xcf/0x2830 [ 34.190622] kvm_arch_vcpu_create+0xe5/0x220 [ 34.195031] kvm_vm_ioctl+0x488/0x1d80 [ 34.198920] do_vfs_ioctl+0x1de/0x1720 [ 34.202802] ksys_ioctl+0xa9/0xd0 [ 34.206251] __x64_sys_ioctl+0x73/0xb0 [ 34.210132] do_syscall_64+0x1b9/0x820 [ 34.214013] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.219187] [ 34.220803] Freed by task 4669: [ 34.224077] save_stack+0x43/0xd0 [ 34.227524] __kasan_slab_free+0x11a/0x170 [ 34.231756] kasan_slab_free+0xe/0x10 [ 34.235549] kmem_cache_free+0x86/0x280 [ 34.239542] vmx_free_vcpu+0x26b/0x300 [ 34.243422] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.247826] kvm_put_kvm+0x73f/0x1060 [ 34.251630] kvm_vm_release+0x42/0x50 [ 34.255429] __fput+0x38a/0xa40 [ 34.258703] ____fput+0x15/0x20 [ 34.261979] task_work_run+0x1e8/0x2a0 [ 34.265859] do_exit+0x1ae4/0x26e0 [ 34.269396] do_group_exit+0x177/0x440 [ 34.273275] __x64_sys_exit_group+0x3e/0x50 [ 34.277596] do_syscall_64+0x1b9/0x820 [ 34.281489] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.286665] [ 34.288289] The buggy address belongs to the object at ffff8801b6b88040 [ 34.288289] which belongs to the cache kvm_vcpu of size 23872 [ 34.300863] The buggy address is located 24 bytes inside of [ 34.300863] 23872-byte region [ffff8801b6b88040, ffff8801b6b8dd80) [ 34.312817] The buggy address belongs to the page: [ 34.317747] page:ffffea0006dae200 count:1 mapcount:0 mapping:ffff8801d5334d80 index:0x0 compound_mapcount: 0 [ 34.327714] flags: 0x2fffc0000008100(slab|head) [ 34.332387] raw: 02fffc0000008100 ffff8801d5329448 ffff8801d5329448 ffff8801d5334d80 [ 34.340265] raw: 0000000000000000 ffff8801b6b88040 0000000100000001 0000000000000000 [ 34.348136] page dumped because: kasan: bad access detected [ 34.353835] [ 34.355453] Memory state around the buggy address: [ 34.360381] ffff8801b6b87f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.367733] ffff8801b6b87f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.375084] >ffff8801b6b88000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.382434] ^ [ 34.388658] ffff8801b6b88080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.396009] ffff8801b6b88100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.403357] ================================================================== [ 34.410713] Kernel panic - not syncing: panic_on_warn set ... [ 34.410713] [ 34.418079] CPU: 1 PID: 4669 Comm: syz-executor677 Tainted: G B 4.19.0-rc2+ #225 [ 34.426905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.436252] Call Trace: [ 34.438842] dump_stack+0x1c9/0x2b4 [ 34.442469] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.447659] ? lock_downgrade+0x8f0/0x8f0 [ 34.451820] ? __schedule+0xf54/0x1df0 [ 34.455716] panic+0x238/0x4e7 [ 34.458905] ? add_taint.cold.5+0x16/0x16 [ 34.463059] ? print_shadow_for_address+0xba/0x116 [ 34.467988] ? trace_hardirqs_off+0xaf/0x2c0 [ 34.472394] ? trace_hardirqs_off+0x77/0x2c0 [ 34.476803] ? __schedule+0xf54/0x1df0 [ 34.480689] kasan_end_report+0x47/0x4f [ 34.484684] kasan_report.cold.7+0x76/0x30d [ 34.489009] __asan_report_load8_noabort+0x14/0x20 [ 34.493938] __schedule+0xf54/0x1df0 [ 34.497650] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.502756] ? __sched_text_start+0x8/0x8 [ 34.506904] ? __call_srcu+0x7e7/0x1040 [ 34.510885] ? check_same_owner+0x340/0x340 [ 34.515206] ? mark_held_locks+0x160/0x160 [ 34.519436] ? find_held_lock+0x36/0x1c0 [ 34.523499] preempt_schedule_common+0x22/0x60 [ 34.528077] _cond_resched+0x1d/0x30 [ 34.531789] wait_for_completion+0xa5/0x8d0 [ 34.536110] ? wait_for_completion_interruptible+0x950/0x950 [ 34.541909] ? __lockdep_init_map+0x105/0x590 [ 34.546405] ? __init_waitqueue_head+0x9e/0x150 [ 34.551071] ? init_wait_entry+0x1c0/0x1c0 [ 34.555313] __synchronize_srcu+0x189/0x240 [ 34.559632] ? call_srcu+0x10/0x10 [ 34.563175] ? rcu_unexpedite_gp+0x20/0x20 [ 34.567412] synchronize_srcu+0x335/0x56f [ 34.571555] ? lock_downgrade+0x8f0/0x8f0 [ 34.575698] ? synchronize_srcu_expedited+0x20/0x20 [ 34.580728] ? kasan_check_read+0x11/0x20 [ 34.584889] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.589468] ? kasan_check_write+0x14/0x20 [ 34.593702] ? do_raw_spin_lock+0xc1/0x200 [ 34.597940] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.603650] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.609099] ? kvfree+0x61/0x70 [ 34.612385] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.617402] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.621460] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.625870] ? kvm_arch_sync_events+0x30/0x30 [ 34.630377] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.635913] ? mmu_notifier_unregister+0x474/0x600 [ 34.640839] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.645243] ? kfree+0x111/0x210 [ 34.648618] ? __mmu_notifier_register+0x30/0x30 [ 34.653378] ? __free_pages+0x10a/0x190 [ 34.657355] ? free_unref_page+0x930/0x930 [ 34.661616] kvm_put_kvm+0x73f/0x1060 [ 34.665421] ? kvm_write_guest_cached+0x40/0x40 [ 34.670093] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.674594] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.679100] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.683688] ? kasan_check_write+0x14/0x20 [ 34.687922] ? do_raw_spin_lock+0xc1/0x200 [ 34.692153] ? kvm_irqfd_release+0xdd/0x120 [ 34.696472] ? kvm_irqfd_release+0xdd/0x120 [ 34.700794] ? kvm_put_kvm+0x1060/0x1060 [ 34.704855] kvm_vm_release+0x42/0x50 [ 34.708656] __fput+0x38a/0xa40 [ 34.711935] ? __alloc_file+0x400/0x400 [ 34.715912] ? check_same_owner+0x340/0x340 [ 34.720231] ? kasan_check_write+0x14/0x20 [ 34.724465] ? do_raw_spin_lock+0xc1/0x200 [ 34.728700] ____fput+0x15/0x20 [ 34.731978] task_work_run+0x1e8/0x2a0 [ 34.735862] ? task_work_cancel+0x240/0x240 [ 34.740210] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.746043] ? switch_task_namespaces+0xa2/0xd0 [ 34.750714] do_exit+0x1ae4/0x26e0 [ 34.754258] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.758929] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.763164] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.768175] ? kfree+0x1d7/0x210 [ 34.771559] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.775794] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.781504] ? is_bpf_text_address+0xd7/0x170 [ 34.785994] ? kernel_text_address+0x79/0xf0 [ 34.790398] ? __kernel_text_address+0xd/0x40 [ 34.794891] ? unwind_get_return_address+0x61/0xa0 [ 34.799819] ? __save_stack_trace+0x8d/0xf0 [ 34.804160] ? save_stack+0xa9/0xd0 [ 34.807785] ? save_stack+0x43/0xd0 [ 34.811408] ? __kasan_slab_free+0x11a/0x170 [ 34.815813] ? kasan_slab_free+0xe/0x10 [ 34.819783] ? putname+0xf2/0x130 [ 34.823238] ? __x64_sys_openat+0x9d/0x100 [ 34.827472] ? do_syscall_64+0x1b9/0x820 [ 34.831529] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.836896] ? trace_hardirqs_off+0xb8/0x2c0 [ 34.841301] ? kasan_check_read+0x11/0x20 [ 34.845447] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.849853] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.854721] ? initcall_blacklisted+0x9a/0x1e0 [ 34.859303] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.864407] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.870120] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.875663] ? do_vfs_ioctl+0x201/0x1720 [ 34.879720] ? rcu_is_watching+0x8c/0x150 [ 34.883884] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.888210] ? ioctl_preallocate+0x300/0x300 [ 34.892629] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.898181] ? __fget_light+0x2f7/0x440 [ 34.902157] ? fget_raw+0x20/0x20 [ 34.905613] ? putname+0xf2/0x130 [ 34.909069] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.914083] ? kmem_cache_free+0x246/0x280 [ 34.918318] ? putname+0xf7/0x130 [ 34.921770] do_group_exit+0x177/0x440 [ 34.925654] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.929970] ? __ia32_sys_exit+0x50/0x50 [ 34.934027] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.939127] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.944664] ? ksys_ioctl+0x81/0xd0 [ 34.948293] __x64_sys_exit_group+0x3e/0x50 [ 34.952621] do_syscall_64+0x1b9/0x820 [ 34.956511] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.961878] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.966805] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.971646] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 34.976663] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.981679] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.986697] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.991541] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.996725] RIP: 0033:0x43ecf8 [ 34.999919] Code: Bad RIP value. [ 35.003291] RSP: 002b:00007fff188362d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.010995] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8 [ 35.018269] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.025533] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.032798] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.040077] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.047349] [ 35.047355] ====================================================== [ 35.047360] WARNING: possible circular locking dependency detected [ 35.047369] 4.19.0-rc2+ #225 Not tainted [ 35.047375] ------------------------------------------------------ [ 35.047379] syz-executor677/4669 is trying to acquire lock: [ 35.047383] 000000009eb0320a ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 35.047398] [ 35.047402] but task is already holding lock: [ 35.047405] 0000000040648769 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.047419] [ 35.047424] which lock already depends on the new lock. [ 35.047426] [ 35.047428] [ 35.047433] the existing dependency chain (in reverse order) is: [ 35.047436] [ 35.047438] -> #3 (report_lock){....}: [ 35.047452] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.047456] kasan_report+0x8e/0x110 [ 35.047461] __asan_report_load8_noabort+0x14/0x20 [ 35.047464] __schedule+0xf54/0x1df0 [ 35.047469] preempt_schedule_common+0x22/0x60 [ 35.047472] _cond_resched+0x1d/0x30 [ 35.047477] wait_for_completion+0xa5/0x8d0 [ 35.047481] __synchronize_srcu+0x189/0x240 [ 35.047485] synchronize_srcu+0x335/0x56f [ 35.047490] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.047494] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.047498] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.047502] kvm_put_kvm+0x73f/0x1060 [ 35.047505] kvm_vm_release+0x42/0x50 [ 35.047509] __fput+0x38a/0xa40 [ 35.047512] ____fput+0x15/0x20 [ 35.047516] task_work_run+0x1e8/0x2a0 [ 35.047520] do_exit+0x1ae4/0x26e0 [ 35.047524] do_group_exit+0x177/0x440 [ 35.047528] __x64_sys_exit_group+0x3e/0x50 [ 35.047532] do_syscall_64+0x1b9/0x820 [ 35.047536] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.047538] [ 35.047541] -> #2 (&rq->lock){-.-.}: [ 35.047555] _raw_spin_lock+0x2a/0x40 [ 35.047558] task_fork_fair+0x93/0x680 [ 35.047562] sched_fork+0x44b/0xbd0 [ 35.047566] copy_process+0x235e/0x7af0 [ 35.047570] _do_fork+0x1ca/0x1170 [ 35.047573] kernel_thread+0x34/0x40 [ 35.047577] rest_init+0x22/0xe4 [ 35.047581] start_kernel+0x913/0x94e [ 35.047585] x86_64_start_reservations+0x29/0x2b [ 35.047589] x86_64_start_kernel+0x76/0x79 [ 35.047593] secondary_startup_64+0xa4/0xb0 [ 35.047596] [ 35.047598] -> #1 (&p->pi_lock){-.-.}: [ 35.047622] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.047626] try_to_wake_up+0xd2/0x1250 [ 35.047630] wake_up_process+0x10/0x20 [ 35.047633] __up.isra.1+0x1c0/0x2a0 [ 35.047637] up+0x13c/0x1c0 [ 35.047641] __up_console_sem+0xbe/0x1b0 [ 35.047645] console_unlock+0x506/0x10e0 [ 35.047649] vprintk_emit+0x33a/0x910 [ 35.047652] vprintk_default+0x28/0x30 [ 35.047656] vprintk_func+0x7a/0x117 [ 35.047660] printk+0xa7/0xcf [ 35.047663] load_umh+0x51/0xbd [ 35.047667] do_one_initcall+0x127/0x838 [ 35.047671] kernel_init_freeable+0x4bb/0x5ae [ 35.047675] kernel_init+0x11/0x1b3 [ 35.047679] ret_from_fork+0x3a/0x50 [ 35.047681] [ 35.047683] -> #0 ((console_sem).lock){-...}: [ 35.047698] lock_acquire+0x1e4/0x4f0 [ 35.047702] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.047705] down_trylock+0x13/0x70 [ 35.047710] __down_trylock_console_sem+0xae/0x200 [ 35.047714] console_trylock+0x15/0xa0 [ 35.047718] vprintk_emit+0x31f/0x910 [ 35.047721] vprintk_default+0x28/0x30 [ 35.047725] vprintk_func+0x7a/0x117 [ 35.047729] printk+0xa7/0xcf [ 35.047732] kasan_report+0x9e/0x110 [ 35.047737] __asan_report_load8_noabort+0x14/0x20 [ 35.047741] __schedule+0xf54/0x1df0 [ 35.047745] preempt_schedule_common+0x22/0x60 [ 35.047749] _cond_resched+0x1d/0x30 [ 35.047753] wait_for_completion+0xa5/0x8d0 [ 35.047757] __synchronize_srcu+0x189/0x240 [ 35.047761] synchronize_srcu+0x335/0x56f [ 35.047766] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.047770] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.047774] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.047778] kvm_put_kvm+0x73f/0x1060 [ 35.047782] kvm_vm_release+0x42/0x50 [ 35.047785] __fput+0x38a/0xa40 [ 35.047789] ____fput+0x15/0x20 [ 35.047793] task_work_run+0x1e8/0x2a0 [ 35.047796] do_exit+0x1ae4/0x26e0 [ 35.047800] do_group_exit+0x177/0x440 [ 35.047804] __x64_sys_exit_group+0x3e/0x50 [ 35.047808] do_syscall_64+0x1b9/0x820 [ 35.047813] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.047815] [ 35.047819] other info that might help us debug this: [ 35.047822] [ 35.047825] Chain exists of: [ 35.047827] (console_sem).lock --> &rq->lock --> report_lock [ 35.047845] [ 35.047849] Possible unsafe locking scenario: [ 35.047851] [ 35.047855] CPU0 CPU1 [ 35.047859] ---- ---- [ 35.047861] lock(report_lock); [ 35.047871] lock(&rq->lock); [ 35.047881] lock(report_lock); [ 35.047888] lock((console_sem).lock); [ 35.047896] [ 35.047900] *** DEADLOCK *** [ 35.047902] [ 35.047906] 2 locks held by syz-executor677/4669: [ 35.047908] #0: 000000005916c0bd (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 35.047925] #1: 0000000040648769 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.047942] [ 35.047945] stack backtrace: [ 35.047951] CPU: 1 PID: 4669 Comm: syz-executor677 Not tainted 4.19.0-rc2+ #225 [ 35.047958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.047961] Call Trace: [ 35.047965] dump_stack+0x1c9/0x2b4 [ 35.047969] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.047973] ? vprintk_func+0x100/0x117 [ 35.047978] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 35.047982] ? save_trace+0xe0/0x290 [ 35.047986] __lock_acquire+0x3449/0x5020 [ 35.047990] ? mark_held_locks+0x160/0x160 [ 35.047994] ? mark_held_locks+0x160/0x160 [ 35.047998] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.048002] ? is_bpf_text_address+0xd7/0x170 [ 35.048007] ? kernel_text_address+0x79/0xf0 [ 35.048011] ? __kernel_text_address+0xd/0x40 [ 35.048015] ? __save_stack_trace+0x8d/0xf0 [ 35.048019] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 35.048023] ? save_trace+0x290/0x290 [ 35.048027] ? save_stack_trace+0x1a/0x20 [ 35.048031] ? save_trace+0xe0/0x290 [ 35.048034] ? graph_lock+0x170/0x170 [ 35.048039] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.048043] lock_acquire+0x1e4/0x4f0 [ 35.048047] ? down_trylock+0x13/0x70 [ 35.048051] ? lock_release+0x9f0/0x9f0 [ 35.048055] ? trace_hardirqs_off+0xb8/0x2c0 [ 35.048059] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.048063] ? trace_hardirqs_off+0xb8/0x2c0 [ 35.048067] ? log_store+0x34f/0x4c0 [ 35.048070] ? vprintk_emit+0x31f/0x910 [ 35.048075] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.048078] ? down_trylock+0x13/0x70 [ 35.048082] down_trylock+0x13/0x70 [ 35.048086] __down_trylock_console_sem+0xae/0x200 [ 35.048090] console_trylock+0x15/0xa0 [ 35.048094] vprintk_emit+0x31f/0x910 [ 35.048098] ? wake_up_klogd+0x110/0x110 [ 35.048102] ? run_rebalance_domains+0x4c0/0x4c0 [ 35.048106] ? kasan_check_read+0x11/0x20 [ 35.048110] ? rcu_is_watching+0x8c/0x150 [ 35.048114] ? rcu_pm_notify+0xc0/0xc0 [ 35.048118] ? lock_acquire+0x1e4/0x4f0 [ 35.048122] ? kasan_report+0x8e/0x110 [ 35.048125] ? __schedule+0xf54/0x1df0 [ 35.048129] vprintk_default+0x28/0x30 [ 35.048133] vprintk_func+0x7a/0x117 [ 35.048136] printk+0xa7/0xcf [ 35.048141] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.048145] ? kasan_check_write+0x14/0x20 [ 35.048148] ? do_raw_spin_lock+0xc1/0x200 [ 35.048153] ? do_raw_spin_lock+0xc1/0x200 [ 35.048156] kasan_report+0x9e/0x110 [ 35.048161] __asan_report_load8_noabort+0x14/0x20 [ 35.048164] __schedule+0xf54/0x1df0 [ 35.048169] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.048173] ? __sched_text_start+0x8/0x8 [ 35.048177] ? __call_srcu+0x7e7/0x1040 [ 35.048181] ? check_same_owner+0x340/0x340 [ 35.048185] ? mark_held_locks+0x160/0x160 [ 35.048189] ? find_held_lock+0x36/0x1c0 [ 35.048193] preempt_schedule_common+0x22/0x60 [ 35.048197] _cond_resched+0x1d/0x30 [ 35.048201] wait_for_completion+0xa5/0x8d0 [ 35.048206] ? wait_for_completion_interruptible+0x950/0x950 [ 35.048210] ? __lockdep_init_map+0x105/0x590 [ 35.048214] ? __init_waitqueue_head+0x9e/0x150 [ 35.048218] ? init_wait_entry+0x1c0/0x1c0 [ 35.048222] __synchronize_srcu+0x189/0x240 [ 35.048226] ? call_srcu+0x10/0x10 [ 35.048230] ? rcu_unexpedite_gp+0x20/0x20 [ 35.048234] synchronize_srcu+0x335/0x56f [ 35.048238] ? lock_downgrade+0x8f0/0x8f0 [ 35.048242] ? synchronize_srcu_expedited+0x20/0x20 [ 35.048246] ? kasan_check_read+0x11/0x20 [ 35.048250] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.048254] ? kasan_check_write+0x14/0x20 [ 35.048258] ? do_raw_spin_lock+0xc1/0x200 [ 35.048263] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.048268] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.048271] ? kvfree+0x61/0x70 [ 35.048276] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.048280] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.048284] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.048288] ? kvm_arch_sync_events+0x30/0x30 [ 35.048293] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.048297] ? mmu_notifier_unregister+0x474/0x600 [ 35.048301] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.048305] ? kfree+0x111/0x210 [ 35.048309] ? __mmu_notifier_register+0x30/0x30 [ 35.048313] ? __free_pages+0x10a/0x190 [ 35.048317] ? free_unref_page+0x930/0x930 [ 35.048321] kvm_put_kvm+0x73f/0x1060 [ 35.048325] ? kvm_write_guest_cached+0x40/0x40 [ 35.048329] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.048333] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.048338] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.048342] ? kasan_check_write+0x14/0x20 [ 35.048346] ? do_raw_spin_lock+0xc1/0x200 [ 35.048350] ? kvm_irqfd_release+0xdd/0x120 [ 35.048354] ? kvm_irqfd_release+0xdd/0x120 [ 35.048358] ? kvm_put_kvm+0x1060/0x1060 [ 35.048361] kvm_vm_release+0x42/0x50 [ 35.048370] __fput+0x38a/0xa40 [ 35.048374] ? __alloc_file+0x400/0x400 [ 35.048378] ? check_same_owner+0x340/0x340 [ 35.048382] ? kasan_check_write+0x14/0x20 [ 35.048386] ? do_raw_spin_lock+0xc1/0x200 [ 35.048390] ____fput+0x15/0x20 [ 35.048393] task_work_run+0x1e8/0x2a0 [ 35.048397] ? task_work_cancel+0x240/0x240 [ 35.048402] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.048407] ? switch_task_namespaces+0xa2/0xd0 [ 35.048410] do_exit+0x1ae4/0x26e0 [ 35.048414] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.048418] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.048423] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.048426] ? kfree+0x1d7/0x210 [ 35.048430] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.048435] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.048439] ? is_bpf_text_address+0xd7/0x170 [ 35.048442] ? [ 35.048449] Lost 55 message(s)! [ 36.120087] Shutting down cpus with NMI [ 37.179449] Dumping ftrace buffer: [ 37.182992] (ftrace buffer empty) [ 37.186682] Kernel Offset: disabled [ 37.190289] Rebooting in 86400 seconds..