[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.637470] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 24.531593] random: sshd: uninitialized urandom read (32 bytes read) [ 24.854166] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.388942] random: sshd: uninitialized urandom read (32 bytes read) [ 25.563598] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts. [ 31.608102] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 31.707288] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 31.731624] ================================================================== [ 31.741458] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 31.747695] Read of size 8 at addr ffff8801d94d0058 by task syz-executor650/4671 [ 31.755218] [ 31.756848] CPU: 1 PID: 4671 Comm: syz-executor650 Not tainted 4.19.0-rc2+ #220 [ 31.764307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.773651] Call Trace: [ 31.776246] dump_stack+0x1c9/0x2b4 [ 31.779873] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.785065] ? printk+0xa7/0xcf [ 31.788340] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 31.793097] ? __schedule+0xf54/0x1df0 [ 31.796984] print_address_description+0x6c/0x20b [ 31.801822] ? __schedule+0xf54/0x1df0 [ 31.805707] kasan_report.cold.7+0x242/0x30d [ 31.810121] __asan_report_load8_noabort+0x14/0x20 [ 31.815046] __schedule+0xf54/0x1df0 [ 31.818762] ? __sched_text_start+0x8/0x8 [ 31.822996] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 31.828099] ? __call_srcu+0x7e7/0x1040 [ 31.832097] ? check_same_owner+0x340/0x340 [ 31.836424] ? mark_held_locks+0x160/0x160 [ 31.840656] ? find_held_lock+0x36/0x1c0 [ 31.844715] preempt_schedule_common+0x22/0x60 [ 31.849295] _cond_resched+0x1d/0x30 [ 31.853015] wait_for_completion+0xa5/0x8d0 [ 31.857339] ? wait_for_completion_interruptible+0x950/0x950 [ 31.863137] ? __lockdep_init_map+0x105/0x590 [ 31.867630] ? __init_waitqueue_head+0x9e/0x150 [ 31.872295] ? init_wait_entry+0x1c0/0x1c0 [ 31.876529] __synchronize_srcu+0x189/0x240 [ 31.880848] ? call_srcu+0x10/0x10 [ 31.884399] ? rcu_unexpedite_gp+0x20/0x20 [ 31.888636] synchronize_srcu+0x335/0x56f [ 31.892784] ? lock_downgrade+0x8f0/0x8f0 [ 31.896932] ? synchronize_srcu_expedited+0x20/0x20 [ 31.901946] ? kasan_check_read+0x11/0x20 [ 31.906089] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 31.910668] ? kasan_check_write+0x14/0x20 [ 31.914905] ? do_raw_spin_lock+0xc1/0x200 [ 31.919144] kvm_page_track_unregister_notifier+0x17d/0x250 [ 31.924852] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 31.930299] ? kvfree+0x61/0x70 [ 31.933577] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.938593] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.942653] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 31.947062] ? kvm_arch_sync_events+0x30/0x30 [ 31.951560] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.957096] ? mmu_notifier_unregister+0x474/0x600 [ 31.962019] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.966423] ? kfree+0x111/0x210 [ 31.969793] ? __mmu_notifier_register+0x30/0x30 [ 31.974547] ? __free_pages+0x10a/0x190 [ 31.978521] ? free_unref_page+0x930/0x930 [ 31.982761] kvm_put_kvm+0x73f/0x1060 [ 31.986568] ? kvm_write_guest_cached+0x40/0x40 [ 31.991238] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.995729] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.000218] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.004800] ? kasan_check_write+0x14/0x20 [ 32.009028] ? do_raw_spin_lock+0xc1/0x200 [ 32.013260] ? kvm_irqfd_release+0xdd/0x120 [ 32.017578] ? kvm_irqfd_release+0xdd/0x120 [ 32.021908] ? kvm_put_kvm+0x1060/0x1060 [ 32.025968] kvm_vm_release+0x42/0x50 [ 32.029763] __fput+0x38a/0xa40 [ 32.033038] ? __alloc_file+0x400/0x400 [ 32.037018] ? check_same_owner+0x340/0x340 [ 32.041337] ? kasan_check_write+0x14/0x20 [ 32.045566] ? do_raw_spin_lock+0xc1/0x200 [ 32.049797] ____fput+0x15/0x20 [ 32.053069] task_work_run+0x1e8/0x2a0 [ 32.056948] ? task_work_cancel+0x240/0x240 [ 32.061277] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.066813] ? switch_task_namespaces+0xa2/0xd0 [ 32.071480] do_exit+0x1ae4/0x26e0 [ 32.075017] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.079687] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.083925] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.088936] ? kfree+0x1d7/0x210 [ 32.092305] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.096540] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.102252] ? is_bpf_text_address+0xd7/0x170 [ 32.106743] ? kernel_text_address+0x79/0xf0 [ 32.111145] ? __kernel_text_address+0xd/0x40 [ 32.115636] ? unwind_get_return_address+0x61/0xa0 [ 32.120562] ? __save_stack_trace+0x8d/0xf0 [ 32.124887] ? save_stack+0xa9/0xd0 [ 32.128516] ? save_stack+0x43/0xd0 [ 32.132139] ? __kasan_slab_free+0x11a/0x170 [ 32.136545] ? kasan_slab_free+0xe/0x10 [ 32.140514] ? putname+0xf2/0x130 [ 32.143963] ? __x64_sys_openat+0x9d/0x100 [ 32.148204] ? do_syscall_64+0x1b9/0x820 [ 32.152261] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.157622] ? trace_hardirqs_off+0xb8/0x2b0 [ 32.162028] ? kasan_check_read+0x11/0x20 [ 32.166176] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.170584] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.174990] ? initcall_blacklisted+0x9a/0x1e0 [ 32.179579] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.185139] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.190848] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.196381] ? do_vfs_ioctl+0x201/0x1720 [ 32.200449] ? rcu_is_watching+0x8c/0x150 [ 32.204594] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.208919] ? ioctl_preallocate+0x300/0x300 [ 32.213326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.218861] ? __fget_light+0x2f7/0x440 [ 32.222834] ? fget_raw+0x20/0x20 [ 32.226281] ? putname+0xf2/0x130 [ 32.229735] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.234746] ? kmem_cache_free+0x246/0x280 [ 32.238979] ? putname+0xf7/0x130 [ 32.242430] do_group_exit+0x177/0x440 [ 32.246313] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.250632] ? __ia32_sys_exit+0x50/0x50 [ 32.254687] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.259786] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.265325] ? ksys_ioctl+0x81/0xd0 [ 32.268956] __x64_sys_exit_group+0x3e/0x50 [ 32.273279] do_syscall_64+0x1b9/0x820 [ 32.277169] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.282532] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.287458] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.292297] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 32.297309] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 32.302323] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.307338] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.312183] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.317363] RIP: 0033:0x43ef08 [ 32.320558] Code: Bad RIP value. [ 32.323916] RSP: 002b:00007ffe27fa2128 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.331623] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 32.338894] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.346167] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.353431] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 32.360698] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 32.367969] [ 32.369621] Allocated by task 4671: [ 32.373252] save_stack+0x43/0xd0 [ 32.376701] kasan_kmalloc+0xc4/0xe0 [ 32.380420] kasan_slab_alloc+0x12/0x20 [ 32.384406] kmem_cache_alloc+0x12e/0x710 [ 32.388556] vmx_create_vcpu+0xcf/0x2830 [ 32.392613] kvm_arch_vcpu_create+0xe5/0x220 [ 32.397020] kvm_vm_ioctl+0x488/0x1d80 [ 32.400910] do_vfs_ioctl+0x1de/0x1720 [ 32.404796] ksys_ioctl+0xa9/0xd0 [ 32.408244] __x64_sys_ioctl+0x73/0xb0 [ 32.412132] do_syscall_64+0x1b9/0x820 [ 32.416023] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.421199] [ 32.422821] Freed by task 4671: [ 32.426097] save_stack+0x43/0xd0 [ 32.429546] __kasan_slab_free+0x11a/0x170 [ 32.433777] kasan_slab_free+0xe/0x10 [ 32.437569] kmem_cache_free+0x86/0x280 [ 32.441537] vmx_free_vcpu+0x26b/0x300 [ 32.445427] kvm_arch_destroy_vm+0x365/0x7c0 [ 32.449833] kvm_put_kvm+0x73f/0x1060 [ 32.453631] kvm_vm_release+0x42/0x50 [ 32.457434] __fput+0x38a/0xa40 [ 32.460710] ____fput+0x15/0x20 [ 32.463988] task_work_run+0x1e8/0x2a0 [ 32.467877] do_exit+0x1ae4/0x26e0 [ 32.471429] do_group_exit+0x177/0x440 [ 32.475316] __x64_sys_exit_group+0x3e/0x50 [ 32.479636] do_syscall_64+0x1b9/0x820 [ 32.483528] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.488708] [ 32.490334] The buggy address belongs to the object at ffff8801d94d0040 [ 32.490334] which belongs to the cache kvm_vcpu of size 23872 [ 32.502909] The buggy address is located 24 bytes inside of [ 32.502909] 23872-byte region [ffff8801d94d0040, ffff8801d94d5d80) [ 32.514881] The buggy address belongs to the page: [ 32.519817] page:ffffea0007653400 count:1 mapcount:0 mapping:ffff8801d5324c00 index:0x0 compound_mapcount: 0 [ 32.529786] flags: 0x2fffc0000008100(slab|head) [ 32.534455] raw: 02fffc0000008100 ffff8801d531d648 ffff8801d531d648 ffff8801d5324c00 [ 32.542431] raw: 0000000000000000 ffff8801d94d0040 0000000100000001 0000000000000000 [ 32.550306] page dumped because: kasan: bad access detected [ 32.556006] [ 32.557625] Memory state around the buggy address: [ 32.562554] ffff8801d94cff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.569920] ffff8801d94cff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.577277] >ffff8801d94d0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 32.584632] ^ [ 32.590860] ffff8801d94d0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.598219] ffff8801d94d0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.605572] ================================================================== [ 32.612930] Kernel panic - not syncing: panic_on_warn set ... [ 32.612930] [ 32.620305] CPU: 1 PID: 4671 Comm: syz-executor650 Tainted: G B 4.19.0-rc2+ #220 [ 32.629233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.638586] Call Trace: [ 32.641270] dump_stack+0x1c9/0x2b4 [ 32.644900] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.650097] ? lock_downgrade+0x8f0/0x8f0 [ 32.654252] ? __schedule+0xf54/0x1df0 [ 32.658140] panic+0x238/0x4e7 [ 32.661332] ? add_taint.cold.5+0x16/0x16 [ 32.665485] ? print_shadow_for_address+0xba/0x116 [ 32.670415] ? trace_hardirqs_off+0xaf/0x2b0 [ 32.674816] ? trace_hardirqs_off+0x77/0x2b0 [ 32.679221] ? __schedule+0xf54/0x1df0 [ 32.683104] kasan_end_report+0x47/0x4f [ 32.687079] kasan_report.cold.7+0x76/0x30d [ 32.691409] __asan_report_load8_noabort+0x14/0x20 [ 32.696340] __schedule+0xf54/0x1df0 [ 32.700054] ? __sched_text_start+0x8/0x8 [ 32.704196] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 32.709311] ? __call_srcu+0x7e7/0x1040 [ 32.713292] ? check_same_owner+0x340/0x340 [ 32.717610] ? mark_held_locks+0x160/0x160 [ 32.721838] ? find_held_lock+0x36/0x1c0 [ 32.725906] preempt_schedule_common+0x22/0x60 [ 32.730485] _cond_resched+0x1d/0x30 [ 32.734203] wait_for_completion+0xa5/0x8d0 [ 32.738529] ? wait_for_completion_interruptible+0x950/0x950 [ 32.744326] ? __lockdep_init_map+0x105/0x590 [ 32.748821] ? __init_waitqueue_head+0x9e/0x150 [ 32.753487] ? init_wait_entry+0x1c0/0x1c0 [ 32.757725] __synchronize_srcu+0x189/0x240 [ 32.762048] ? call_srcu+0x10/0x10 [ 32.765589] ? rcu_unexpedite_gp+0x20/0x20 [ 32.769831] synchronize_srcu+0x335/0x56f [ 32.773979] ? lock_downgrade+0x8f0/0x8f0 [ 32.778126] ? synchronize_srcu_expedited+0x20/0x20 [ 32.783144] ? kasan_check_read+0x11/0x20 [ 32.787292] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.791871] ? kasan_check_write+0x14/0x20 [ 32.796106] ? do_raw_spin_lock+0xc1/0x200 [ 32.800342] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.806054] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.811502] ? kvfree+0x61/0x70 [ 32.814784] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.819796] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.823872] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.828283] ? kvm_arch_sync_events+0x30/0x30 [ 32.832778] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.838311] ? mmu_notifier_unregister+0x474/0x600 [ 32.843234] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.847637] ? kfree+0x111/0x210 [ 32.851002] ? __mmu_notifier_register+0x30/0x30 [ 32.855757] ? __free_pages+0x10a/0x190 [ 32.859730] ? free_unref_page+0x930/0x930 [ 32.863973] kvm_put_kvm+0x73f/0x1060 [ 32.867775] ? kvm_write_guest_cached+0x40/0x40 [ 32.872446] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.876934] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.881434] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.886016] ? kasan_check_write+0x14/0x20 [ 32.890247] ? do_raw_spin_lock+0xc1/0x200 [ 32.894479] ? kvm_irqfd_release+0xdd/0x120 [ 32.898797] ? kvm_irqfd_release+0xdd/0x120 [ 32.903115] ? kvm_put_kvm+0x1060/0x1060 [ 32.907172] kvm_vm_release+0x42/0x50 [ 32.910971] __fput+0x38a/0xa40 [ 32.914246] ? __alloc_file+0x400/0x400 [ 32.918219] ? check_same_owner+0x340/0x340 [ 32.922539] ? kasan_check_write+0x14/0x20 [ 32.926771] ? do_raw_spin_lock+0xc1/0x200 [ 32.931004] ____fput+0x15/0x20 [ 32.934277] task_work_run+0x1e8/0x2a0 [ 32.938163] ? task_work_cancel+0x240/0x240 [ 32.942483] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.948019] ? switch_task_namespaces+0xa2/0xd0 [ 32.952690] do_exit+0x1ae4/0x26e0 [ 32.956233] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.960908] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.965143] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.970153] ? kfree+0x1d7/0x210 [ 32.973522] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.977756] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.983468] ? is_bpf_text_address+0xd7/0x170 [ 32.987962] ? kernel_text_address+0x79/0xf0 [ 32.992366] ? __kernel_text_address+0xd/0x40 [ 32.996864] ? unwind_get_return_address+0x61/0xa0 [ 33.001807] ? __save_stack_trace+0x8d/0xf0 [ 33.006131] ? save_stack+0xa9/0xd0 [ 33.009754] ? save_stack+0x43/0xd0 [ 33.013376] ? __kasan_slab_free+0x11a/0x170 [ 33.017787] ? kasan_slab_free+0xe/0x10 [ 33.021759] ? putname+0xf2/0x130 [ 33.025207] ? __x64_sys_openat+0x9d/0x100 [ 33.029438] ? do_syscall_64+0x1b9/0x820 [ 33.033497] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.038889] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.043296] ? kasan_check_read+0x11/0x20 [ 33.047460] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.051865] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.056579] ? initcall_blacklisted+0x9a/0x1e0 [ 33.061159] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.066263] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.071972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.077507] ? do_vfs_ioctl+0x201/0x1720 [ 33.081563] ? rcu_is_watching+0x8c/0x150 [ 33.085706] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.090026] ? ioctl_preallocate+0x300/0x300 [ 33.094434] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.099969] ? __fget_light+0x2f7/0x440 [ 33.103946] ? fget_raw+0x20/0x20 [ 33.107400] ? putname+0xf2/0x130 [ 33.110855] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.115869] ? kmem_cache_free+0x246/0x280 [ 33.120098] ? putname+0xf7/0x130 [ 33.123549] do_group_exit+0x177/0x440 [ 33.127437] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.131755] ? __ia32_sys_exit+0x50/0x50 [ 33.135814] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.140926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.146464] ? ksys_ioctl+0x81/0xd0 [ 33.150093] __x64_sys_exit_group+0x3e/0x50 [ 33.154426] do_syscall_64+0x1b9/0x820 [ 33.158311] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.163673] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.168601] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.173444] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.178459] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 33.183476] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.188966] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.193827] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.199010] RIP: 0033:0x43ef08 [ 33.202197] Code: Bad RIP value. [ 33.205553] RSP: 002b:00007ffe27fa2128 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.213256] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 33.220517] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.227784] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.235046] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.242313] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.249587] [ 33.249593] ====================================================== [ 33.249598] WARNING: possible circular locking dependency detected [ 33.249602] 4.19.0-rc2+ #220 Not tainted [ 33.249608] ------------------------------------------------------ [ 33.249613] syz-executor650/4671 is trying to acquire lock: [ 33.249616] 00000000aecef729 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 33.249631] [ 33.249635] but task is already holding lock: [ 33.249639] 00000000ccac64f2 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.249653] [ 33.249657] which lock already depends on the new lock. [ 33.249660] [ 33.249662] [ 33.249667] the existing dependency chain (in reverse order) is: [ 33.249669] [ 33.249672] -> #3 (report_lock){....}: [ 33.249686] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.249690] kasan_report+0x8e/0x110 [ 33.249695] __asan_report_load8_noabort+0x14/0x20 [ 33.249699] __schedule+0xf54/0x1df0 [ 33.249703] preempt_schedule_common+0x22/0x60 [ 33.249707] _cond_resched+0x1d/0x30 [ 33.249711] wait_for_completion+0xa5/0x8d0 [ 33.249715] __synchronize_srcu+0x189/0x240 [ 33.249719] synchronize_srcu+0x335/0x56f [ 33.249724] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.249728] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.249733] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.249736] kvm_put_kvm+0x73f/0x1060 [ 33.249740] kvm_vm_release+0x42/0x50 [ 33.249744] __fput+0x38a/0xa40 [ 33.249747] ____fput+0x15/0x20 [ 33.249751] task_work_run+0x1e8/0x2a0 [ 33.249755] do_exit+0x1ae4/0x26e0 [ 33.249759] do_group_exit+0x177/0x440 [ 33.249763] __x64_sys_exit_group+0x3e/0x50 [ 33.249767] do_syscall_64+0x1b9/0x820 [ 33.249771] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.249774] [ 33.249776] -> #2 (&rq->lock){-.-.}: [ 33.249790] _raw_spin_lock+0x2a/0x40 [ 33.249794] task_fork_fair+0x93/0x680 [ 33.249798] sched_fork+0x44b/0xbd0 [ 33.249802] copy_process+0x235e/0x7ad0 [ 33.249805] _do_fork+0x1ca/0x1170 [ 33.249809] kernel_thread+0x34/0x40 [ 33.249813] rest_init+0x22/0xe4 [ 33.249817] start_kernel+0x913/0x94e [ 33.249821] x86_64_start_reservations+0x29/0x2b [ 33.249825] x86_64_start_kernel+0x76/0x79 [ 33.249829] secondary_startup_64+0xa4/0xb0 [ 33.249832] [ 33.249834] -> #1 (&p->pi_lock){-.-.}: [ 33.249848] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.249852] try_to_wake_up+0xd2/0x1250 [ 33.249856] wake_up_process+0x10/0x20 [ 33.249860] __up.isra.1+0x1c0/0x2a0 [ 33.249863] up+0x13c/0x1c0 [ 33.249867] __up_console_sem+0xbe/0x1b0 [ 33.249871] console_unlock+0x506/0x10d0 [ 33.249875] vprintk_emit+0x33a/0x910 [ 33.249879] vprintk_default+0x28/0x30 [ 33.249883] vprintk_func+0x7a/0x117 [ 33.249886] printk+0xa7/0xcf [ 33.249890] do_exit.cold.22+0x120/0x21f [ 33.249894] do_group_exit+0x177/0x440 [ 33.249898] __x64_sys_exit_group+0x3e/0x50 [ 33.249908] do_syscall_64+0x1b9/0x820 [ 33.249913] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.249915] [ 33.249918] -> #0 ((console_sem).lock){-...}: [ 33.249932] lock_acquire+0x1e4/0x4f0 [ 33.249936] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.249940] down_trylock+0x13/0x70 [ 33.249945] __down_trylock_console_sem+0xae/0x200 [ 33.249949] console_trylock+0x15/0xa0 [ 33.249953] vprintk_emit+0x31f/0x910 [ 33.249957] vprintk_default+0x28/0x30 [ 33.249960] vprintk_func+0x7a/0x117 [ 33.249964] printk+0xa7/0xcf [ 33.249968] kasan_report+0x9e/0x110 [ 33.249972] __asan_report_load8_noabort+0x14/0x20 [ 33.249976] __schedule+0xf54/0x1df0 [ 33.249980] preempt_schedule_common+0x22/0x60 [ 33.249984] _cond_resched+0x1d/0x30 [ 33.249988] wait_for_completion+0xa5/0x8d0 [ 33.249992] __synchronize_srcu+0x189/0x240 [ 33.249997] synchronize_srcu+0x335/0x56f [ 33.250002] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.250006] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.250010] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.250014] kvm_put_kvm+0x73f/0x1060 [ 33.250018] kvm_vm_release+0x42/0x50 [ 33.250021] __fput+0x38a/0xa40 [ 33.250025] ____fput+0x15/0x20 [ 33.250029] task_work_run+0x1e8/0x2a0 [ 33.250032] do_exit+0x1ae4/0x26e0 [ 33.250036] do_group_exit+0x177/0x440 [ 33.250041] __x64_sys_exit_group+0x3e/0x50 [ 33.250045] do_syscall_64+0x1b9/0x820 [ 33.250049] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.250052] [ 33.250056] other info that might help us debug this: [ 33.250058] [ 33.250061] Chain exists of: [ 33.250063] (console_sem).lock --> &rq->lock --> report_lock [ 33.250082] [ 33.250086] Possible unsafe locking scenario: [ 33.250088] [ 33.250092] CPU0 CPU1 [ 33.250096] ---- ---- [ 33.250099] lock(report_lock); [ 33.250108] lock(&rq->lock); [ 33.250117] lock(report_lock); [ 33.250125] lock((console_sem).lock); [ 33.250133] [ 33.250136] *** DEADLOCK *** [ 33.250138] [ 33.250143] 2 locks held by syz-executor650/4671: [ 33.250145] #0: 00000000e0e82199 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 33.250162] #1: 00000000ccac64f2 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.250179] [ 33.250182] stack backtrace: [ 33.250188] CPU: 1 PID: 4671 Comm: syz-executor650 Not tainted 4.19.0-rc2+ #220 [ 33.250195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.250198] Call Trace: [ 33.250202] dump_stack+0x1c9/0x2b4 [ 33.250207] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.250210] ? vprintk_func+0x100/0x117 [ 33.250215] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 33.250219] ? save_trace+0xe0/0x290 [ 33.250223] __lock_acquire+0x3449/0x5020 [ 33.250227] ? mark_held_locks+0x160/0x160 [ 33.250231] ? mark_held_locks+0x160/0x160 [ 33.250236] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 33.250240] ? is_bpf_text_address+0xd7/0x170 [ 33.250244] ? kernel_text_address+0x79/0xf0 [ 33.250249] ? __kernel_text_address+0xd/0x40 [ 33.250253] ? __save_stack_trace+0x8d/0xf0 [ 33.250257] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 33.250261] ? save_trace+0x290/0x290 [ 33.250265] ? save_stack_trace+0x1a/0x20 [ 33.250269] ? save_trace+0xe0/0x290 [ 33.250273] ? graph_lock+0x170/0x170 [ 33.250277] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.250281] lock_acquire+0x1e4/0x4f0 [ 33.250285] ? down_trylock+0x13/0x70 [ 33.250289] ? lock_release+0x9f0/0x9f0 [ 33.250293] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.250297] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.250302] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.250305] ? log_store+0x34f/0x4c0 [ 33.250309] ? vprintk_emit+0x31f/0x910 [ 33.250314] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.250317] ? down_trylock+0x13/0x70 [ 33.250321] down_trylock+0x13/0x70 [ 33.250326] __down_trylock_console_sem+0xae/0x200 [ 33.250329] console_trylock+0x15/0xa0 [ 33.250333] vprintk_emit+0x31f/0x910 [ 33.250337] ? wake_up_klogd+0x110/0x110 [ 33.250342] ? run_rebalance_domains+0x4c0/0x4c0 [ 33.250346] ? kasan_check_read+0x11/0x20 [ 33.250350] ? rcu_is_watching+0x8c/0x150 [ 33.250354] ? rcu_pm_notify+0xc0/0xc0 [ 33.250358] ? lock_acquire+0x1e4/0x4f0 [ 33.250362] ? kasan_report+0x8e/0x110 [ 33.250365] ? __schedule+0xf54/0x1df0 [ 33.250369] vprintk_default+0x28/0x30 [ 33.250373] vprintk_func+0x7a/0x117 [ 33.250376] printk+0xa7/0xcf [ 33.250381] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.250385] ? kasan_check_write+0x14/0x20 [ 33.250397] ? do_raw_spin_lock+0xc1/0x200 [ 33.250401] ? do_raw_spin_lock+0xc1/0x200 [ 33.250404] kasan_report+0x9e/0x110 [ 33.250410] __asan_report_load8_noabort+0x14/0x20 [ 33.250413] __schedule+0xf54/0x1df0 [ 33.250417] ? __sched_text_start+0x8/0x8 [ 33.250422] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 33.250426] ? __call_srcu+0x7e7/0x1040 [ 33.250430] ? check_same_owner+0x340/0x340 [ 33.250434] ? mark_held_locks+0x160/0x160 [ 33.250438] ? find_held_lock+0x36/0x1c0 [ 33.250443] preempt_schedule_common+0x22/0x60 [ 33.250446] _cond_resched+0x1d/0x30 [ 33.250450] wait_for_completion+0xa5/0x8d0 [ 33.250456] ? wait_for_completion_interruptible+0x950/0x950 [ 33.250460] ? __lockdep_init_map+0x105/0x590 [ 33.250464] ? __init_waitqueue_head+0x9e/0x150 [ 33.250468] ? init_wait_entry+0x1c0/0x1c0 [ 33.250472] __synchronize_srcu+0x189/0x240 [ 33.250476] ? call_srcu+0x10/0x10 [ 33.250480] ? rcu_unexpedite_gp+0x20/0x20 [ 33.250484] synchronize_srcu+0x335/0x56f [ 33.250488] ? lock_downgrade+0x8f0/0x8f0 [ 33.250493] ? synchronize_srcu_expedited+0x20/0x20 [ 33.250497] ? kasan_check_read+0x11/0x20 [ 33.250501] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.250505] ? kasan_check_write+0x14/0x20 [ 33.250510] ? do_raw_spin_lock+0xc1/0x200 [ 33.250515] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.250519] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.250523] ? kvfree+0x61/0x70 [ 33.250527] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.250531] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.250536] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.250540] ? kvm_arch_sync_events+0x30/0x30 [ 33.250545] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.250549] ? mmu_notifier_unregister+0x474/0x600 [ 33.250554] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.250557] ? kfree+0x111/0x210 [ 33.250562] ? __mmu_notifier_register+0x30/0x30 [ 33.250565] ? __free_pages+0x10a/0x190 [ 33.250569] ? free_unref_page+0x930/0x930 [ 33.250573] kvm_put_kvm+0x73f/0x1060 [ 33.250578] ? kvm_write_guest_cached+0x40/0x40 [ 33.250582] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.250586] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.250590] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.250594] ? kasan_check_write+0x14/0x20 [ 33.250598] ? do_raw_spin_lock+0xc1/0x200 [ 33.250603] ? kvm_irqfd_release+0xdd/0x120 [ 33.250607] ? kvm_irqfd_release+0xdd/0x120 [ 33.250611] ? kvm_put_kvm+0x1060/0x1060 [ 33.250615] kvm_vm_release+0x42/0x50 [ 33.250618] __fput+0x38a/0xa40 [ 33.250622] ? __alloc_file+0x400/0x400 [ 33.250626] ? check_same_owner+0x340/0x340 [ 33.250630] ? kasan_check_write+0x14/0x20 [ 33.250634] ? do_raw_spin_lock+0xc1/0x200 [ 33.250638] ____fput+0x15/0x20 [ 33.250642] task_work_run+0x1e8/0x2a0 [ 33.250646] ? task_work_cancel+0x240/0x240 [ 33.250651] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.250655] ? switch_task_namespaces+0xa2/0xd0 [ 33.250659] do_exit+0x1ae4/0x26e0 [ 33.250663] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.250667] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.250672] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.250675] ? kfree+0x1d7/0x210 [ 33.250679] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.250684] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.250687] ? is_bpf_tex [ 33.250695] Lost 56 message(s)! [ 34.310938] Shutting down cpus with NMI [ 35.368537] Dumping ftrace buffer: [ 35.372056] (ftrace buffer empty) [ 35.375744] Kernel Offset: disabled [ 35.379370] Rebooting in 86400 seconds..