[....] Starting OpenBSD Secure Shell server: sshd[ 22.941236] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.068873] random: sshd: uninitialized urandom read (32 bytes read) [ 25.283054] sshd (4658) used greatest stack depth: 16856 bytes left [ 25.302615] random: sshd: uninitialized urandom read (32 bytes read) [ 25.867886] random: sshd: uninitialized urandom read (32 bytes read) [ 35.943281] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.202' (ECDSA) to the list of known hosts. [ 41.528006] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 41.633155] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 41.657686] ================================================================== [ 41.667471] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 41.673698] Read of size 8 at addr ffff8801bdb08058 by task syz-executor838/4677 [ 41.681231] [ 41.682871] CPU: 1 PID: 4677 Comm: syz-executor838 Not tainted 4.19.0-rc1+ #217 [ 41.690336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.699682] Call Trace: [ 41.702276] dump_stack+0x1c9/0x2b4 [ 41.705914] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.711112] ? printk+0xa7/0xcf [ 41.714421] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 41.719183] ? __schedule+0xf54/0x1df0 [ 41.723084] print_address_description+0x6c/0x20b [ 41.727927] ? __schedule+0xf54/0x1df0 [ 41.731820] kasan_report.cold.7+0x242/0x30d [ 41.736236] __asan_report_load8_noabort+0x14/0x20 [ 41.741165] __schedule+0xf54/0x1df0 [ 41.744879] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 41.749985] ? __sched_text_start+0x8/0x8 [ 41.754184] ? __call_srcu+0x7e7/0x1040 [ 41.758170] ? check_same_owner+0x340/0x340 [ 41.762512] ? mark_held_locks+0x160/0x160 [ 41.766745] ? find_held_lock+0x36/0x1c0 [ 41.770815] preempt_schedule_common+0x22/0x60 [ 41.775396] _cond_resched+0x1d/0x30 [ 41.779117] wait_for_completion+0xa5/0x8d0 [ 41.783446] ? wait_for_completion_interruptible+0x950/0x950 [ 41.789244] ? __lockdep_init_map+0x105/0x590 [ 41.793749] ? __init_waitqueue_head+0x9e/0x150 [ 41.798414] ? init_wait_entry+0x1c0/0x1c0 [ 41.802656] __synchronize_srcu+0x189/0x240 [ 41.806980] ? call_srcu+0x10/0x10 [ 41.810523] ? rcu_unexpedite_gp+0x20/0x20 [ 41.814774] synchronize_srcu+0x335/0x56f [ 41.818921] ? lock_downgrade+0x8f0/0x8f0 [ 41.823064] ? synchronize_srcu_expedited+0x20/0x20 [ 41.828084] ? kasan_check_read+0x11/0x20 [ 41.832232] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.836811] ? kasan_check_write+0x14/0x20 [ 41.841043] ? do_raw_spin_lock+0xc1/0x200 [ 41.845280] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.850997] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.856446] ? kvfree+0x61/0x70 [ 41.859728] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.864743] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.868803] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.873211] ? kvm_arch_sync_events+0x30/0x30 [ 41.877710] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.883246] ? mmu_notifier_unregister+0x474/0x600 [ 41.888172] ? trace_hardirqs_on+0x2c0/0x2c0 [ 41.892577] ? kfree+0x111/0x210 [ 41.895940] ? __mmu_notifier_register+0x30/0x30 [ 41.900697] ? __free_pages+0x10a/0x190 [ 41.904673] ? free_unref_page+0x930/0x930 [ 41.908916] kvm_put_kvm+0x73f/0x1060 [ 41.912718] ? kvm_write_guest_cached+0x40/0x40 [ 41.917388] ? _raw_spin_unlock_irq+0x27/0x70 [ 41.921883] ? _raw_spin_unlock_irq+0x27/0x70 [ 41.926375] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.930957] ? kasan_check_write+0x14/0x20 [ 41.935189] ? do_raw_spin_lock+0xc1/0x200 [ 41.939426] ? kvm_irqfd_release+0xdd/0x120 [ 41.943747] ? kvm_irqfd_release+0xdd/0x120 [ 41.948065] ? kvm_put_kvm+0x1060/0x1060 [ 41.952147] kvm_vm_release+0x42/0x50 [ 41.955945] __fput+0x38a/0xa40 [ 41.959225] ? __alloc_file+0x400/0x400 [ 41.963205] ? check_same_owner+0x340/0x340 [ 41.967523] ? kasan_check_write+0x14/0x20 [ 41.971760] ? do_raw_spin_lock+0xc1/0x200 [ 41.975992] ____fput+0x15/0x20 [ 41.979268] task_work_run+0x1e8/0x2a0 [ 41.983157] ? task_work_cancel+0x240/0x240 [ 41.987480] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.993020] ? switch_task_namespaces+0xa2/0xd0 [ 41.997697] do_exit+0x1ae4/0x26e0 [ 42.001247] ? mm_update_next_owner+0x9a0/0x9a0 [ 42.005920] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 42.010159] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.015175] ? kfree+0x1d7/0x210 [ 42.018542] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 42.022888] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 42.028599] ? is_bpf_text_address+0xd7/0x170 [ 42.033092] ? kernel_text_address+0x79/0xf0 [ 42.037497] ? __kernel_text_address+0xd/0x40 [ 42.042004] ? unwind_get_return_address+0x61/0xa0 [ 42.046935] ? __save_stack_trace+0x8d/0xf0 [ 42.051258] ? save_stack+0xa9/0xd0 [ 42.054885] ? save_stack+0x43/0xd0 [ 42.058506] ? __kasan_slab_free+0x11a/0x170 [ 42.062911] ? kasan_slab_free+0xe/0x10 [ 42.066880] ? putname+0xf2/0x130 [ 42.070334] ? __x64_sys_openat+0x9d/0x100 [ 42.074570] ? do_syscall_64+0x1b9/0x820 [ 42.078632] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.083997] ? trace_hardirqs_off+0xb8/0x2b0 [ 42.088401] ? kasan_check_read+0x11/0x20 [ 42.092573] ? do_raw_spin_unlock+0xa7/0x2f0 [ 42.096980] ? trace_hardirqs_on+0x2c0/0x2c0 [ 42.101390] ? initcall_blacklisted+0x9a/0x1e0 [ 42.105973] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 42.111084] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 42.116807] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.122350] ? do_vfs_ioctl+0x201/0x1720 [ 42.126418] ? rcu_is_watching+0x8c/0x150 [ 42.130558] ? trace_hardirqs_on+0xbd/0x2c0 [ 42.134879] ? ioctl_preallocate+0x300/0x300 [ 42.139602] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.145151] ? __fget_light+0x2f7/0x440 [ 42.149134] ? fget_raw+0x20/0x20 [ 42.152592] ? putname+0xf2/0x130 [ 42.156054] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.161090] ? kmem_cache_free+0x246/0x280 [ 42.165357] ? putname+0xf7/0x130 [ 42.168835] do_group_exit+0x177/0x440 [ 42.172731] ? trace_hardirqs_on+0xbd/0x2c0 [ 42.177057] ? __ia32_sys_exit+0x50/0x50 [ 42.181122] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 42.186230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.191785] ? ksys_ioctl+0x81/0xd0 [ 42.195430] __x64_sys_exit_group+0x3e/0x50 [ 42.199757] do_syscall_64+0x1b9/0x820 [ 42.203653] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 42.209024] ? syscall_return_slowpath+0x5e0/0x5e0 [ 42.213953] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.218800] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 42.223815] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 42.228830] ? prepare_exit_to_usermode+0x291/0x3b0 [ 42.233848] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.238697] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.243881] RIP: 0033:0x43ecc8 [ 42.247077] Code: Bad RIP value. [ 42.250434] RSP: 002b:00007ffde72eb388 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 42.258141] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 42.265426] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 42.272688] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 42.279952] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 42.287215] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 42.294486] [ 42.296108] Allocated by task 4677: [ 42.299747] save_stack+0x43/0xd0 [ 42.303207] kasan_kmalloc+0xc4/0xe0 [ 42.306915] kasan_slab_alloc+0x12/0x20 [ 42.310884] kmem_cache_alloc+0x12e/0x710 [ 42.315040] vmx_create_vcpu+0xcf/0x2830 [ 42.319099] kvm_arch_vcpu_create+0xe5/0x220 [ 42.323509] kvm_vm_ioctl+0x488/0x1d80 [ 42.327418] do_vfs_ioctl+0x1de/0x1720 [ 42.331308] ksys_ioctl+0xa9/0xd0 [ 42.334762] __x64_sys_ioctl+0x73/0xb0 [ 42.338656] do_syscall_64+0x1b9/0x820 [ 42.342543] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.347731] [ 42.349351] Freed by task 4677: [ 42.352626] save_stack+0x43/0xd0 [ 42.356074] __kasan_slab_free+0x11a/0x170 [ 42.360317] kasan_slab_free+0xe/0x10 [ 42.364113] kmem_cache_free+0x86/0x280 [ 42.368083] vmx_free_vcpu+0x26b/0x300 [ 42.371995] kvm_arch_destroy_vm+0x365/0x7c0 [ 42.376411] kvm_put_kvm+0x73f/0x1060 [ 42.380208] kvm_vm_release+0x42/0x50 [ 42.384003] __fput+0x38a/0xa40 [ 42.387289] ____fput+0x15/0x20 [ 42.390580] task_work_run+0x1e8/0x2a0 [ 42.394462] do_exit+0x1ae4/0x26e0 [ 42.397995] do_group_exit+0x177/0x440 [ 42.401879] __x64_sys_exit_group+0x3e/0x50 [ 42.406198] do_syscall_64+0x1b9/0x820 [ 42.410082] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.415255] [ 42.416886] The buggy address belongs to the object at ffff8801bdb08040 [ 42.416886] which belongs to the cache kvm_vcpu of size 23872 [ 42.429458] The buggy address is located 24 bytes inside of [ 42.429458] 23872-byte region [ffff8801bdb08040, ffff8801bdb0dd80) [ 42.441412] The buggy address belongs to the page: [ 42.446337] page:ffffea0006f6c200 count:1 mapcount:0 mapping:ffff8801d87f5000 index:0x0 compound_mapcount: 0 [ 42.456327] flags: 0x2fffc0000008100(slab|head) [ 42.461023] raw: 02fffc0000008100 ffff8801d51f8d48 ffff8801d51f8d48 ffff8801d87f5000 [ 42.468911] raw: 0000000000000000 ffff8801bdb08040 0000000100000001 0000000000000000 [ 42.476783] page dumped because: kasan: bad access detected [ 42.482481] [ 42.484095] Memory state around the buggy address: [ 42.489019] ffff8801bdb07f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.496373] ffff8801bdb07f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.503726] >ffff8801bdb08000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 42.511077] ^ [ 42.517334] ffff8801bdb08080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.524701] ffff8801bdb08100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.532072] ================================================================== [ 42.539419] Kernel panic - not syncing: panic_on_warn set ... [ 42.539419] [ 42.546788] CPU: 1 PID: 4677 Comm: syz-executor838 Tainted: G B 4.19.0-rc1+ #217 [ 42.555615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.564960] Call Trace: [ 42.567557] dump_stack+0x1c9/0x2b4 [ 42.571207] ? dump_stack_print_info.cold.2+0x52/0x52 [ 42.576597] ? lock_downgrade+0x8f0/0x8f0 [ 42.580744] ? __schedule+0xf54/0x1df0 [ 42.584641] panic+0x238/0x4e7 [ 42.587829] ? add_taint.cold.5+0x16/0x16 [ 42.591990] ? print_shadow_for_address+0xba/0x116 [ 42.596926] ? trace_hardirqs_off+0xaf/0x2b0 [ 42.601342] ? trace_hardirqs_off+0x77/0x2b0 [ 42.605750] ? __schedule+0xf54/0x1df0 [ 42.609641] kasan_end_report+0x47/0x4f [ 42.613612] kasan_report.cold.7+0x76/0x30d [ 42.617959] __asan_report_load8_noabort+0x14/0x20 [ 42.622889] __schedule+0xf54/0x1df0 [ 42.626602] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 42.631707] ? __sched_text_start+0x8/0x8 [ 42.635872] ? __call_srcu+0x7e7/0x1040 [ 42.639858] ? check_same_owner+0x340/0x340 [ 42.644181] ? mark_held_locks+0x160/0x160 [ 42.648410] ? find_held_lock+0x36/0x1c0 [ 42.652478] preempt_schedule_common+0x22/0x60 [ 42.657060] _cond_resched+0x1d/0x30 [ 42.660779] wait_for_completion+0xa5/0x8d0 [ 42.665116] ? wait_for_completion_interruptible+0x950/0x950 [ 42.670910] ? __lockdep_init_map+0x105/0x590 [ 42.675406] ? __init_waitqueue_head+0x9e/0x150 [ 42.680073] ? init_wait_entry+0x1c0/0x1c0 [ 42.684400] __synchronize_srcu+0x189/0x240 [ 42.688717] ? call_srcu+0x10/0x10 [ 42.692255] ? rcu_unexpedite_gp+0x20/0x20 [ 42.696494] synchronize_srcu+0x335/0x56f [ 42.700646] ? lock_downgrade+0x8f0/0x8f0 [ 42.704796] ? synchronize_srcu_expedited+0x20/0x20 [ 42.709814] ? kasan_check_read+0x11/0x20 [ 42.713964] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 42.718556] ? kasan_check_write+0x14/0x20 [ 42.722792] ? do_raw_spin_lock+0xc1/0x200 [ 42.727033] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.732747] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 42.738205] ? kvfree+0x61/0x70 [ 42.741487] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.746503] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.750562] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.754975] ? kvm_arch_sync_events+0x30/0x30 [ 42.759477] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.765029] ? mmu_notifier_unregister+0x474/0x600 [ 42.769969] ? trace_hardirqs_on+0x2c0/0x2c0 [ 42.774377] ? kfree+0x111/0x210 [ 42.777750] ? __mmu_notifier_register+0x30/0x30 [ 42.782522] ? __free_pages+0x10a/0x190 [ 42.786525] ? free_unref_page+0x930/0x930 [ 42.790806] kvm_put_kvm+0x73f/0x1060 [ 42.794663] ? kvm_write_guest_cached+0x40/0x40 [ 42.799350] ? _raw_spin_unlock_irq+0x27/0x70 [ 42.803850] ? _raw_spin_unlock_irq+0x27/0x70 [ 42.808345] ? lockdep_hardirqs_on+0x421/0x5c0 [ 42.812955] ? kasan_check_write+0x14/0x20 [ 42.817193] ? do_raw_spin_lock+0xc1/0x200 [ 42.821432] ? kvm_irqfd_release+0xdd/0x120 [ 42.825756] ? kvm_irqfd_release+0xdd/0x120 [ 42.830086] ? kvm_put_kvm+0x1060/0x1060 [ 42.834144] kvm_vm_release+0x42/0x50 [ 42.837947] __fput+0x38a/0xa40 [ 42.841228] ? __alloc_file+0x400/0x400 [ 42.845209] ? check_same_owner+0x340/0x340 [ 42.849527] ? kasan_check_write+0x14/0x20 [ 42.853761] ? do_raw_spin_lock+0xc1/0x200 [ 42.858002] ____fput+0x15/0x20 [ 42.861314] task_work_run+0x1e8/0x2a0 [ 42.865203] ? task_work_cancel+0x240/0x240 [ 42.869529] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.875080] ? switch_task_namespaces+0xa2/0xd0 [ 42.879776] do_exit+0x1ae4/0x26e0 [ 42.883326] ? mm_update_next_owner+0x9a0/0x9a0 [ 42.888001] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 42.892248] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.897263] ? kfree+0x1d7/0x210 [ 42.900640] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 42.904881] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 42.910595] ? is_bpf_text_address+0xd7/0x170 [ 42.915090] ? kernel_text_address+0x79/0xf0 [ 42.919495] ? __kernel_text_address+0xd/0x40 [ 42.924002] ? unwind_get_return_address+0x61/0xa0 [ 42.928956] ? __save_stack_trace+0x8d/0xf0 [ 42.933282] ? save_stack+0xa9/0xd0 [ 42.936919] ? save_stack+0x43/0xd0 [ 42.940542] ? __kasan_slab_free+0x11a/0x170 [ 42.944948] ? kasan_slab_free+0xe/0x10 [ 42.948922] ? putname+0xf2/0x130 [ 42.952375] ? __x64_sys_openat+0x9d/0x100 [ 42.956611] ? do_syscall_64+0x1b9/0x820 [ 42.960680] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.966043] ? trace_hardirqs_off+0xb8/0x2b0 [ 42.970452] ? kasan_check_read+0x11/0x20 [ 42.974599] ? do_raw_spin_unlock+0xa7/0x2f0 [ 42.979003] ? trace_hardirqs_on+0x2c0/0x2c0 [ 42.983410] ? initcall_blacklisted+0x9a/0x1e0 [ 42.987994] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 42.993099] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 42.998837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.004383] ? do_vfs_ioctl+0x201/0x1720 [ 43.008441] ? rcu_is_watching+0x8c/0x150 [ 43.012584] ? trace_hardirqs_on+0xbd/0x2c0 [ 43.016905] ? ioctl_preallocate+0x300/0x300 [ 43.021334] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.026873] ? __fget_light+0x2f7/0x440 [ 43.030846] ? fget_raw+0x20/0x20 [ 43.034305] ? putname+0xf2/0x130 [ 43.037759] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.042784] ? kmem_cache_free+0x246/0x280 [ 43.047019] ? putname+0xf7/0x130 [ 43.050579] do_group_exit+0x177/0x440 [ 43.054533] ? trace_hardirqs_on+0xbd/0x2c0 [ 43.058879] ? __ia32_sys_exit+0x50/0x50 [ 43.062935] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 43.068035] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.073597] ? ksys_ioctl+0x81/0xd0 [ 43.077234] __x64_sys_exit_group+0x3e/0x50 [ 43.081559] do_syscall_64+0x1b9/0x820 [ 43.085466] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 43.090833] ? syscall_return_slowpath+0x5e0/0x5e0 [ 43.095764] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.100622] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 43.105650] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 43.110671] ? prepare_exit_to_usermode+0x291/0x3b0 [ 43.115690] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.120538] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.125726] RIP: 0033:0x43ecc8 [ 43.128922] Code: Bad RIP value. [ 43.132315] RSP: 002b:00007ffde72eb388 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 43.140042] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 43.147312] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 43.154574] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 43.161879] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 43.169146] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 43.176442] [ 43.176448] ====================================================== [ 43.176453] WARNING: possible circular locking dependency detected [ 43.176457] 4.19.0-rc1+ #217 Not tainted [ 43.176462] ------------------------------------------------------ [ 43.176467] syz-executor838/4677 is trying to acquire lock: [ 43.176470] 0000000088ec75b2 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 43.176485] [ 43.176489] but task is already holding lock: [ 43.176492] 000000009b25554d (report_lock){....}, at: kasan_report+0x8e/0x110 [ 43.176506] [ 43.176510] which lock already depends on the new lock. [ 43.176512] [ 43.176515] [ 43.176520] the existing dependency chain (in reverse order) is: [ 43.176522] [ 43.176524] -> #3 (report_lock){....}: [ 43.176538] _raw_spin_lock_irqsave+0x96/0xc0 [ 43.176542] kasan_report+0x8e/0x110 [ 43.176546] __asan_report_load8_noabort+0x14/0x20 [ 43.176550] __schedule+0xf54/0x1df0 [ 43.176554] preempt_schedule_common+0x22/0x60 [ 43.176558] _cond_resched+0x1d/0x30 [ 43.176562] wait_for_completion+0xa5/0x8d0 [ 43.176566] __synchronize_srcu+0x189/0x240 [ 43.176570] synchronize_srcu+0x335/0x56f [ 43.176575] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.176579] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.176583] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.176587] kvm_put_kvm+0x73f/0x1060 [ 43.176591] kvm_vm_release+0x42/0x50 [ 43.176594] __fput+0x38a/0xa40 [ 43.176598] ____fput+0x15/0x20 [ 43.176601] task_work_run+0x1e8/0x2a0 [ 43.176611] do_exit+0x1ae4/0x26e0 [ 43.176615] do_group_exit+0x177/0x440 [ 43.176619] __x64_sys_exit_group+0x3e/0x50 [ 43.176623] do_syscall_64+0x1b9/0x820 [ 43.176627] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.176630] [ 43.176632] -> #2 (&rq->lock){-.-.}: [ 43.176645] _raw_spin_lock+0x2a/0x40 [ 43.176649] task_fork_fair+0x93/0x680 [ 43.176653] sched_fork+0x44b/0xbd0 [ 43.176657] copy_process+0x235e/0x7ad0 [ 43.176660] _do_fork+0x1ca/0x1170 [ 43.176664] kernel_thread+0x34/0x40 [ 43.176668] rest_init+0x22/0xe4 [ 43.176671] start_kernel+0x913/0x94e [ 43.176676] x86_64_start_reservations+0x29/0x2b [ 43.176680] x86_64_start_kernel+0x76/0x79 [ 43.176684] secondary_startup_64+0xa4/0xb0 [ 43.176686] [ 43.176688] -> #1 (&p->pi_lock){-.-.}: [ 43.176703] _raw_spin_lock_irqsave+0x96/0xc0 [ 43.176706] try_to_wake_up+0xd2/0x1250 [ 43.176710] wake_up_process+0x10/0x20 [ 43.176714] __up.isra.1+0x1c0/0x2a0 [ 43.176717] up+0x13c/0x1c0 [ 43.176721] __up_console_sem+0xbe/0x1b0 [ 43.176725] console_unlock+0x506/0x10d0 [ 43.176729] vprintk_emit+0x33a/0x910 [ 43.176732] vprintk_default+0x28/0x30 [ 43.176736] vprintk_func+0x7a/0x117 [ 43.176739] printk+0xa7/0xcf [ 43.176743] do_exit.cold.22+0x120/0x21f [ 43.176747] do_group_exit+0x177/0x440 [ 43.176751] __x64_sys_exit_group+0x3e/0x50 [ 43.176755] do_syscall_64+0x1b9/0x820 [ 43.176759] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.176762] [ 43.176764] -> #0 ((console_sem).lock){-...}: [ 43.176778] lock_acquire+0x1e4/0x4f0 [ 43.176782] _raw_spin_lock_irqsave+0x96/0xc0 [ 43.176785] down_trylock+0x13/0x70 [ 43.176790] __down_trylock_console_sem+0xae/0x200 [ 43.176794] console_trylock+0x15/0xa0 [ 43.176797] vprintk_emit+0x31f/0x910 [ 43.176801] vprintk_default+0x28/0x30 [ 43.176805] vprintk_func+0x7a/0x117 [ 43.176808] printk+0xa7/0xcf [ 43.176812] kasan_report+0x9e/0x110 [ 43.176816] __asan_report_load8_noabort+0x14/0x20 [ 43.176820] __schedule+0xf54/0x1df0 [ 43.176824] preempt_schedule_common+0x22/0x60 [ 43.176828] _cond_resched+0x1d/0x30 [ 43.176832] wait_for_completion+0xa5/0x8d0 [ 43.176836] __synchronize_srcu+0x189/0x240 [ 43.176840] synchronize_srcu+0x335/0x56f [ 43.176845] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.176848] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.176852] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.176856] kvm_put_kvm+0x73f/0x1060 [ 43.176860] kvm_vm_release+0x42/0x50 [ 43.176863] __fput+0x38a/0xa40 [ 43.176867] ____fput+0x15/0x20 [ 43.176871] task_work_run+0x1e8/0x2a0 [ 43.176874] do_exit+0x1ae4/0x26e0 [ 43.176878] do_group_exit+0x177/0x440 [ 43.176882] __x64_sys_exit_group+0x3e/0x50 [ 43.176886] do_syscall_64+0x1b9/0x820 [ 43.176891] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.176893] [ 43.176897] other info that might help us debug this: [ 43.176899] [ 43.176902] Chain exists of: [ 43.176904] (console_sem).lock --> &rq->lock --> report_lock [ 43.176922] [ 43.176926] Possible unsafe locking scenario: [ 43.176928] [ 43.176932] CPU0 CPU1 [ 43.176936] ---- ---- [ 43.176938] lock(report_lock); [ 43.176947] lock(&rq->lock); [ 43.176956] lock(report_lock); [ 43.176964] lock((console_sem).lock); [ 43.176972] [ 43.176975] *** DEADLOCK *** [ 43.176977] [ 43.176981] 2 locks held by syz-executor838/4677: [ 43.176983] #0: 000000002181a4dc (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 43.177000] #1: 000000009b25554d (report_lock){....}, at: kasan_report+0x8e/0x110 [ 43.177016] [ 43.177019] stack backtrace: [ 43.177025] CPU: 1 PID: 4677 Comm: syz-executor838 Not tainted 4.19.0-rc1+ #217 [ 43.177032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.177035] Call Trace: [ 43.177038] dump_stack+0x1c9/0x2b4 [ 43.177043] ? dump_stack_print_info.cold.2+0x52/0x52 [ 43.177047] ? vprintk_func+0x100/0x117 [ 43.177051] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 43.177055] ? save_trace+0xe0/0x290 [ 43.177059] __lock_acquire+0x3449/0x5020 [ 43.177063] ? mark_held_locks+0x160/0x160 [ 43.177067] ? mark_held_locks+0x160/0x160 [ 43.177071] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 43.177075] ? is_bpf_text_address+0xd7/0x170 [ 43.177079] ? kernel_text_address+0x79/0xf0 [ 43.177083] ? __kernel_text_address+0xd/0x40 [ 43.177087] ? __save_stack_trace+0x8d/0xf0 [ 43.177091] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 43.177095] ? save_trace+0x290/0x290 [ 43.177099] ? save_stack_trace+0x1a/0x20 [ 43.177102] ? save_trace+0xe0/0x290 [ 43.177106] ? graph_lock+0x170/0x170 [ 43.177111] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.177115] lock_acquire+0x1e4/0x4f0 [ 43.177119] ? down_trylock+0x13/0x70 [ 43.177122] ? lock_release+0x9f0/0x9f0 [ 43.177126] ? trace_hardirqs_off+0xb8/0x2b0 [ 43.177130] ? trace_hardirqs_on+0x2c0/0x2c0 [ 43.177134] ? trace_hardirqs_off+0xb8/0x2b0 [ 43.177138] ? log_store+0x34f/0x4c0 [ 43.177142] ? vprintk_emit+0x31f/0x910 [ 43.177146] _raw_spin_lock_irqsave+0x96/0xc0 [ 43.177149] ? down_trylock+0x13/0x70 [ 43.177153] down_trylock+0x13/0x70 [ 43.177157] __down_trylock_console_sem+0xae/0x200 [ 43.177161] console_trylock+0x15/0xa0 [ 43.177165] vprintk_emit+0x31f/0x910 [ 43.177169] ? wake_up_klogd+0x110/0x110 [ 43.177173] ? run_rebalance_domains+0x4c0/0x4c0 [ 43.177177] ? kasan_check_read+0x11/0x20 [ 43.177180] ? rcu_is_watching+0x8c/0x150 [ 43.177184] ? rcu_pm_notify+0xc0/0xc0 [ 43.177188] ? lock_acquire+0x1e4/0x4f0 [ 43.177192] ? kasan_report+0x8e/0x110 [ 43.177195] ? __schedule+0xf54/0x1df0 [ 43.177199] vprintk_default+0x28/0x30 [ 43.177203] vprintk_func+0x7a/0x117 [ 43.177206] printk+0xa7/0xcf [ 43.177210] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 43.177214] ? kasan_check_write+0x14/0x20 [ 43.177218] ? do_raw_spin_lock+0xc1/0x200 [ 43.177222] ? do_raw_spin_lock+0xc1/0x200 [ 43.177226] kasan_report+0x9e/0x110 [ 43.177230] __asan_report_load8_noabort+0x14/0x20 [ 43.177234] __schedule+0xf54/0x1df0 [ 43.177238] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 43.177242] ? __sched_text_start+0x8/0x8 [ 43.177246] ? __call_srcu+0x7e7/0x1040 [ 43.177250] ? check_same_owner+0x340/0x340 [ 43.177254] ? mark_held_locks+0x160/0x160 [ 43.177258] ? find_held_lock+0x36/0x1c0 [ 43.177262] preempt_schedule_common+0x22/0x60 [ 43.177265] _cond_resched+0x1d/0x30 [ 43.177269] wait_for_completion+0xa5/0x8d0 [ 43.177274] ? wait_for_completion_interruptible+0x950/0x950 [ 43.177278] ? __lockdep_init_map+0x105/0x590 [ 43.177283] ? __init_waitqueue_head+0x9e/0x150 [ 43.177287] ? init_wait_entry+0x1c0/0x1c0 [ 43.177291] __synchronize_srcu+0x189/0x240 [ 43.177294] ? call_srcu+0x10/0x10 [ 43.177308] ? rcu_unexpedite_gp+0x20/0x20 [ 43.177312] synchronize_srcu+0x335/0x56f [ 43.177316] ? lock_downgrade+0x8f0/0x8f0 [ 43.177320] ? synchronize_srcu_expedited+0x20/0x20 [ 43.177324] ? kasan_check_read+0x11/0x20 [ 43.177329] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 43.177333] ? kasan_check_write+0x14/0x20 [ 43.177337] ? do_raw_spin_lock+0xc1/0x200 [ 43.177341] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.177346] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 43.177349] ? kvfree+0x61/0x70 [ 43.177354] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.177358] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.177362] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.177366] ? kvm_arch_sync_events+0x30/0x30 [ 43.177371] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.177375] ? mmu_notifier_unregister+0x474/0x600 [ 43.177379] ? trace_hardirqs_on+0x2c0/0x2c0 [ 43.177383] ? kfree+0x111/0x210 [ 43.177387] ? __mmu_notifier_register+0x30/0x30 [ 43.177391] ? __free_pages+0x10a/0x190 [ 43.177394] ? free_unref_page+0x930/0x930 [ 43.177398] kvm_put_kvm+0x73f/0x1060 [ 43.177402] ? kvm_write_guest_cached+0x40/0x40 [ 43.177406] ? _raw_spin_unlock_irq+0x27/0x70 [ 43.177410] ? _raw_spin_unlock_irq+0x27/0x70 [ 43.177414] ? lockdep_hardirqs_on+0x421/0x5c0 [ 43.177418] ? kasan_check_write+0x14/0x20 [ 43.177422] ? do_raw_spin_lock+0xc1/0x200 [ 43.177426] ? kvm_irqfd_release+0xdd/0x120 [ 43.177430] ? kvm_irqfd_release+0xdd/0x120 [ 43.177434] ? kvm_put_kvm+0x1060/0x1060 [ 43.177438] kvm_vm_release+0x42/0x50 [ 43.177441] __fput+0x38a/0xa40 [ 43.177445] ? __alloc_file+0x400/0x400 [ 43.177449] ? check_same_owner+0x340/0x340 [ 43.177453] ? kasan_check_write+0x14/0x20 [ 43.177457] ? do_raw_spin_lock+0xc1/0x200 [ 43.177460] ____fput+0x15/0x20 [ 43.177464] task_work_run+0x1e8/0x2a0 [ 43.177468] ? task_work_cancel+0x240/0x240 [ 43.177472] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.177476] ? switch_task_namespaces+0xa2/0xd0 [ 43.177480] do_exit+0x1ae4/0x26e0 [ 43.177484] ? mm_update_next_owner+0x9a0/0x9a0 [ 43.177488] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 43.177492] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.177496] ? kfree+0x1d7/0x210 [ 43.177500] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 43.177505] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 43.177507] ? is_bpf_tex [ 43.177515] Lost 56 message(s)! [ 44.274643] Shutting down cpus with NMI [ 45.332599] Dumping ftrace buffer: [ 45.336127] (ftrace buffer empty) [ 45.339814] Kernel Offset: disabled [ 45.343420] Rebooting in 86400 seconds..