[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 21.355867] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.722460] random: sshd: uninitialized urandom read (32 bytes read) [ 22.997761] random: sshd: uninitialized urandom read (32 bytes read) [ 23.530200] random: sshd: uninitialized urandom read (32 bytes read) [ 40.883281] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts. [ 46.583096] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 46.681775] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 46.706745] ================================================================== [ 46.716609] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 46.722848] Read of size 8 at addr ffff8801bd388058 by task syz-executor117/4653 [ 46.730377] [ 46.732011] CPU: 0 PID: 4653 Comm: syz-executor117 Not tainted 4.19.0-rc1+ #217 [ 46.739454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.748810] Call Trace: [ 46.751403] dump_stack+0x1c9/0x2b4 [ 46.755034] ? dump_stack_print_info.cold.2+0x52/0x52 [ 46.760224] ? printk+0xa7/0xcf [ 46.763505] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 46.768261] ? __schedule+0xf54/0x1df0 [ 46.772149] print_address_description+0x6c/0x20b [ 46.776994] ? __schedule+0xf54/0x1df0 [ 46.780881] kasan_report.cold.7+0x242/0x30d [ 46.785289] __asan_report_load8_noabort+0x14/0x20 [ 46.790220] __schedule+0xf54/0x1df0 [ 46.793932] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 46.799035] ? __sched_text_start+0x8/0x8 [ 46.803181] ? __call_srcu+0x7e7/0x1040 [ 46.807159] ? check_same_owner+0x340/0x340 [ 46.811475] ? mark_held_locks+0x160/0x160 [ 46.815708] ? find_held_lock+0x36/0x1c0 [ 46.819774] preempt_schedule_common+0x22/0x60 [ 46.824360] _cond_resched+0x1d/0x30 [ 46.828070] wait_for_completion+0xa5/0x8d0 [ 46.832393] ? wait_for_completion_interruptible+0x950/0x950 [ 46.838192] ? __lockdep_init_map+0x105/0x590 [ 46.842690] ? __init_waitqueue_head+0x9e/0x150 [ 46.847356] ? init_wait_entry+0x1c0/0x1c0 [ 46.851592] __synchronize_srcu+0x189/0x240 [ 46.855914] ? call_srcu+0x10/0x10 [ 46.859455] ? rcu_unexpedite_gp+0x20/0x20 [ 46.863696] synchronize_srcu+0x335/0x56f [ 46.867841] ? lock_downgrade+0x8f0/0x8f0 [ 46.871985] ? synchronize_srcu_expedited+0x20/0x20 [ 46.877000] ? kasan_check_read+0x11/0x20 [ 46.881149] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 46.885737] ? kasan_check_write+0x14/0x20 [ 46.889996] ? do_raw_spin_lock+0xc1/0x200 [ 46.894240] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.899954] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 46.905405] ? kvfree+0x61/0x70 [ 46.908687] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.913700] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.917769] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.922189] ? kvm_arch_sync_events+0x30/0x30 [ 46.926687] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.932224] ? mmu_notifier_unregister+0x474/0x600 [ 46.937148] ? trace_hardirqs_on+0x2c0/0x2c0 [ 46.941554] ? kfree+0x111/0x210 [ 46.944923] ? __mmu_notifier_register+0x30/0x30 [ 46.949685] ? __free_pages+0x10a/0x190 [ 46.953663] ? free_unref_page+0x930/0x930 [ 46.957905] kvm_put_kvm+0x73f/0x1060 [ 46.961711] ? kvm_write_guest_cached+0x40/0x40 [ 46.966385] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.970876] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.975366] ? lockdep_hardirqs_on+0x421/0x5c0 [ 46.979947] ? kasan_check_write+0x14/0x20 [ 46.984178] ? do_raw_spin_lock+0xc1/0x200 [ 46.988414] ? kvm_irqfd_release+0xdd/0x120 [ 46.992735] ? kvm_irqfd_release+0xdd/0x120 [ 46.997059] ? kvm_put_kvm+0x1060/0x1060 [ 47.001122] kvm_vm_release+0x42/0x50 [ 47.004921] __fput+0x38a/0xa40 [ 47.008200] ? __alloc_file+0x400/0x400 [ 47.012178] ? check_same_owner+0x340/0x340 [ 47.016501] ? kasan_check_write+0x14/0x20 [ 47.020735] ? do_raw_spin_lock+0xc1/0x200 [ 47.025060] ____fput+0x15/0x20 [ 47.028340] task_work_run+0x1e8/0x2a0 [ 47.032232] ? task_work_cancel+0x240/0x240 [ 47.036557] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.042106] ? switch_task_namespaces+0xa2/0xd0 [ 47.046779] do_exit+0x1ae4/0x26e0 [ 47.050332] ? mm_update_next_owner+0x9a0/0x9a0 [ 47.055007] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 47.059246] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.064352] ? kfree+0x1d7/0x210 [ 47.067723] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 47.071965] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 47.077682] ? is_bpf_text_address+0xd7/0x170 [ 47.082179] ? kernel_text_address+0x79/0xf0 [ 47.086589] ? __kernel_text_address+0xd/0x40 [ 47.091084] ? unwind_get_return_address+0x61/0xa0 [ 47.096020] ? __save_stack_trace+0x8d/0xf0 [ 47.100349] ? save_stack+0xa9/0xd0 [ 47.103978] ? save_stack+0x43/0xd0 [ 47.107663] ? __kasan_slab_free+0x11a/0x170 [ 47.112086] ? kasan_slab_free+0xe/0x10 [ 47.116060] ? putname+0xf2/0x130 [ 47.119509] ? __x64_sys_openat+0x9d/0x100 [ 47.123744] ? do_syscall_64+0x1b9/0x820 [ 47.127824] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.133192] ? trace_hardirqs_off+0xb8/0x2b0 [ 47.137617] ? kasan_check_read+0x11/0x20 [ 47.141772] ? do_raw_spin_unlock+0xa7/0x2f0 [ 47.146181] ? trace_hardirqs_on+0x2c0/0x2c0 [ 47.150586] ? initcall_blacklisted+0x9a/0x1e0 [ 47.155168] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 47.160271] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 47.165981] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.171519] ? do_vfs_ioctl+0x201/0x1720 [ 47.175582] ? rcu_is_watching+0x8c/0x150 [ 47.179723] ? trace_hardirqs_on+0xbd/0x2c0 [ 47.184048] ? ioctl_preallocate+0x300/0x300 [ 47.188454] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.193989] ? __fget_light+0x2f7/0x440 [ 47.197971] ? fget_raw+0x20/0x20 [ 47.201448] ? putname+0xf2/0x130 [ 47.204906] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.209922] ? kmem_cache_free+0x246/0x280 [ 47.214158] ? putname+0xf7/0x130 [ 47.217611] do_group_exit+0x177/0x440 [ 47.221503] ? trace_hardirqs_on+0xbd/0x2c0 [ 47.225828] ? __ia32_sys_exit+0x50/0x50 [ 47.229889] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 47.234991] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.240529] ? ksys_ioctl+0x81/0xd0 [ 47.244164] __x64_sys_exit_group+0x3e/0x50 [ 47.248488] do_syscall_64+0x1b9/0x820 [ 47.252376] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 47.257745] ? syscall_return_slowpath+0x5e0/0x5e0 [ 47.262682] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.267526] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 47.272545] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 47.277564] ? prepare_exit_to_usermode+0x291/0x3b0 [ 47.282580] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.287412] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.292583] RIP: 0033:0x43ecf8 [ 47.295765] Code: Bad RIP value. [ 47.299125] RSP: 002b:00007ffff452f2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 47.306833] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8 [ 47.314111] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 47.321397] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 47.328675] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 47.335944] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 47.343217] [ 47.344837] Allocated by task 4653: [ 47.348464] save_stack+0x43/0xd0 [ 47.351914] kasan_kmalloc+0xc4/0xe0 [ 47.355624] kasan_slab_alloc+0x12/0x20 [ 47.359603] kmem_cache_alloc+0x12e/0x710 [ 47.363751] vmx_create_vcpu+0xcf/0x2830 [ 47.367817] kvm_arch_vcpu_create+0xe5/0x220 [ 47.372208] kvm_vm_ioctl+0x488/0x1d80 [ 47.376077] do_vfs_ioctl+0x1de/0x1720 [ 47.379946] ksys_ioctl+0xa9/0xd0 [ 47.383378] __x64_sys_ioctl+0x73/0xb0 [ 47.387253] do_syscall_64+0x1b9/0x820 [ 47.391122] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.396286] [ 47.397891] Freed by task 4653: [ 47.401153] save_stack+0x43/0xd0 [ 47.404588] __kasan_slab_free+0x11a/0x170 [ 47.408810] kasan_slab_free+0xe/0x10 [ 47.412830] kmem_cache_free+0x86/0x280 [ 47.416786] vmx_free_vcpu+0x26b/0x300 [ 47.420662] kvm_arch_destroy_vm+0x365/0x7c0 [ 47.425054] kvm_put_kvm+0x73f/0x1060 [ 47.428842] kvm_vm_release+0x42/0x50 [ 47.432627] __fput+0x38a/0xa40 [ 47.435904] ____fput+0x15/0x20 [ 47.439171] task_work_run+0x1e8/0x2a0 [ 47.443038] do_exit+0x1ae4/0x26e0 [ 47.446559] do_group_exit+0x177/0x440 [ 47.450424] __x64_sys_exit_group+0x3e/0x50 [ 47.454732] do_syscall_64+0x1b9/0x820 [ 47.458601] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.463772] [ 47.465385] The buggy address belongs to the object at ffff8801bd388040 [ 47.465385] which belongs to the cache kvm_vcpu of size 23872 [ 47.478010] The buggy address is located 24 bytes inside of [ 47.478010] 23872-byte region [ffff8801bd388040, ffff8801bd38dd80) [ 47.489958] The buggy address belongs to the page: [ 47.494873] page:ffffea0006f4e200 count:1 mapcount:0 mapping:ffff8801d52f5d80 index:0x0 compound_mapcount: 0 [ 47.504830] flags: 0x2fffc0000008100(slab|head) [ 47.509490] raw: 02fffc0000008100 ffff8801d6eae148 ffff8801d6eae148 ffff8801d52f5d80 [ 47.517357] raw: 0000000000000000 ffff8801bd388040 0000000100000001 0000000000000000 [ 47.525285] page dumped because: kasan: bad access detected [ 47.530978] [ 47.532581] Memory state around the buggy address: [ 47.537488] ffff8801bd387f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.544899] ffff8801bd387f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.552247] >ffff8801bd388000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 47.559702] ^ [ 47.565932] ffff8801bd388080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.573276] ffff8801bd388100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.580671] ================================================================== [ 47.588040] Kernel panic - not syncing: panic_on_warn set ... [ 47.588040] [ 47.595480] CPU: 0 PID: 4653 Comm: syz-executor117 Tainted: G B 4.19.0-rc1+ #217 [ 47.604341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.613771] Call Trace: [ 47.616351] dump_stack+0x1c9/0x2b4 [ 47.620028] ? dump_stack_print_info.cold.2+0x52/0x52 [ 47.625254] ? lock_downgrade+0x8f0/0x8f0 [ 47.629391] ? __schedule+0xf54/0x1df0 [ 47.633263] panic+0x238/0x4e7 [ 47.636440] ? add_taint.cold.5+0x16/0x16 [ 47.640576] ? print_shadow_for_address+0xba/0x116 [ 47.645486] ? trace_hardirqs_off+0xaf/0x2b0 [ 47.649877] ? trace_hardirqs_off+0x77/0x2b0 [ 47.654271] ? __schedule+0xf54/0x1df0 [ 47.658142] kasan_end_report+0x47/0x4f [ 47.662103] kasan_report.cold.7+0x76/0x30d [ 47.666417] __asan_report_load8_noabort+0x14/0x20 [ 47.671332] __schedule+0xf54/0x1df0 [ 47.675036] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 47.680127] ? __sched_text_start+0x8/0x8 [ 47.684262] ? __call_srcu+0x7e7/0x1040 [ 47.688223] ? check_same_owner+0x340/0x340 [ 47.692527] ? mark_held_locks+0x160/0x160 [ 47.696744] ? find_held_lock+0x36/0x1c0 [ 47.700792] preempt_schedule_common+0x22/0x60 [ 47.705371] _cond_resched+0x1d/0x30 [ 47.709135] wait_for_completion+0xa5/0x8d0 [ 47.713445] ? wait_for_completion_interruptible+0x950/0x950 [ 47.719228] ? __lockdep_init_map+0x105/0x590 [ 47.723708] ? __init_waitqueue_head+0x9e/0x150 [ 47.728358] ? init_wait_entry+0x1c0/0x1c0 [ 47.732581] __synchronize_srcu+0x189/0x240 [ 47.736885] ? call_srcu+0x10/0x10 [ 47.740409] ? rcu_unexpedite_gp+0x20/0x20 [ 47.744628] synchronize_srcu+0x335/0x56f [ 47.748923] ? lock_downgrade+0x8f0/0x8f0 [ 47.753057] ? synchronize_srcu_expedited+0x20/0x20 [ 47.758057] ? kasan_check_read+0x11/0x20 [ 47.762188] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 47.766756] ? kasan_check_write+0x14/0x20 [ 47.770972] ? do_raw_spin_lock+0xc1/0x200 [ 47.775191] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.780885] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 47.786323] ? kvfree+0x61/0x70 [ 47.789582] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.794579] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.798622] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.803015] ? kvm_arch_sync_events+0x30/0x30 [ 47.807493] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.813017] ? mmu_notifier_unregister+0x474/0x600 [ 47.817925] ? trace_hardirqs_on+0x2c0/0x2c0 [ 47.822312] ? kfree+0x111/0x210 [ 47.825668] ? __mmu_notifier_register+0x30/0x30 [ 47.830405] ? __free_pages+0x10a/0x190 [ 47.834363] ? free_unref_page+0x930/0x930 [ 47.838586] kvm_put_kvm+0x73f/0x1060 [ 47.842370] ? kvm_write_guest_cached+0x40/0x40 [ 47.847022] ? _raw_spin_unlock_irq+0x27/0x70 [ 47.851497] ? _raw_spin_unlock_irq+0x27/0x70 [ 47.855972] ? lockdep_hardirqs_on+0x421/0x5c0 [ 47.860540] ? kasan_check_write+0x14/0x20 [ 47.864761] ? do_raw_spin_lock+0xc1/0x200 [ 47.869067] ? kvm_irqfd_release+0xdd/0x120 [ 47.873370] ? kvm_irqfd_release+0xdd/0x120 [ 47.877677] ? kvm_put_kvm+0x1060/0x1060 [ 47.881719] kvm_vm_release+0x42/0x50 [ 47.885504] __fput+0x38a/0xa40 [ 47.888768] ? __alloc_file+0x400/0x400 [ 47.892729] ? check_same_owner+0x340/0x340 [ 47.897035] ? kasan_check_write+0x14/0x20 [ 47.901252] ? do_raw_spin_lock+0xc1/0x200 [ 47.905469] ____fput+0x15/0x20 [ 47.908734] task_work_run+0x1e8/0x2a0 [ 47.912606] ? task_work_cancel+0x240/0x240 [ 47.916910] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.922431] ? switch_task_namespaces+0xa2/0xd0 [ 47.927083] do_exit+0x1ae4/0x26e0 [ 47.930607] ? mm_update_next_owner+0x9a0/0x9a0 [ 47.935271] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 47.939488] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.944488] ? kfree+0x1d7/0x210 [ 47.947841] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 47.952067] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 47.957771] ? is_bpf_text_address+0xd7/0x170 [ 47.962252] ? kernel_text_address+0x79/0xf0 [ 47.966651] ? __kernel_text_address+0xd/0x40 [ 47.971130] ? unwind_get_return_address+0x61/0xa0 [ 47.976046] ? __save_stack_trace+0x8d/0xf0 [ 47.980353] ? save_stack+0xa9/0xd0 [ 47.983960] ? save_stack+0x43/0xd0 [ 47.987566] ? __kasan_slab_free+0x11a/0x170 [ 47.991956] ? kasan_slab_free+0xe/0x10 [ 47.995973] ? putname+0xf2/0x130 [ 47.999416] ? __x64_sys_openat+0x9d/0x100 [ 48.003633] ? do_syscall_64+0x1b9/0x820 [ 48.007681] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.013079] ? trace_hardirqs_off+0xb8/0x2b0 [ 48.017469] ? kasan_check_read+0x11/0x20 [ 48.021605] ? do_raw_spin_unlock+0xa7/0x2f0 [ 48.025994] ? trace_hardirqs_on+0x2c0/0x2c0 [ 48.030386] ? initcall_blacklisted+0x9a/0x1e0 [ 48.035042] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 48.040141] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 48.045849] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.051370] ? do_vfs_ioctl+0x201/0x1720 [ 48.055415] ? rcu_is_watching+0x8c/0x150 [ 48.059549] ? trace_hardirqs_on+0xbd/0x2c0 [ 48.063857] ? ioctl_preallocate+0x300/0x300 [ 48.068254] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.073779] ? __fget_light+0x2f7/0x440 [ 48.077737] ? fget_raw+0x20/0x20 [ 48.081173] ? putname+0xf2/0x130 [ 48.084614] ? rcu_read_lock_sched_held+0x108/0x120 [ 48.089616] ? kmem_cache_free+0x246/0x280 [ 48.093850] ? putname+0xf7/0x130 [ 48.097292] do_group_exit+0x177/0x440 [ 48.101164] ? trace_hardirqs_on+0xbd/0x2c0 [ 48.105473] ? __ia32_sys_exit+0x50/0x50 [ 48.109519] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 48.114607] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.120130] ? ksys_ioctl+0x81/0xd0 [ 48.123750] __x64_sys_exit_group+0x3e/0x50 [ 48.128065] do_syscall_64+0x1b9/0x820 [ 48.131936] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 48.137288] ? syscall_return_slowpath+0x5e0/0x5e0 [ 48.142382] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.147213] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 48.152219] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 48.157224] ? prepare_exit_to_usermode+0x291/0x3b0 [ 48.162229] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.167065] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.172243] RIP: 0033:0x43ecf8 [ 48.175420] Code: Bad RIP value. [ 48.178764] RSP: 002b:00007ffff452f2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 48.186458] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8 [ 48.193716] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 48.200969] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 48.208222] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 48.215477] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 48.222736] [ 48.222739] ====================================================== [ 48.222743] WARNING: possible circular locking dependency detected [ 48.222745] 4.19.0-rc1+ #217 Not tainted [ 48.222748] ------------------------------------------------------ [ 48.222751] syz-executor117/4653 is trying to acquire lock: [ 48.222753] 00000000ee0ef043 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 48.222762] [ 48.222764] but task is already holding lock: [ 48.222766] 000000000d1b4b16 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 48.222773] [ 48.222776] which lock already depends on the new lock. [ 48.222777] [ 48.222779] [ 48.222782] the existing dependency chain (in reverse order) is: [ 48.222783] [ 48.222784] -> #3 (report_lock){....}: [ 48.222792] _raw_spin_lock_irqsave+0x96/0xc0 [ 48.222794] kasan_report+0x8e/0x110 [ 48.222801] __asan_report_load8_noabort+0x14/0x20 [ 48.222804] __schedule+0xf54/0x1df0 [ 48.222806] preempt_schedule_common+0x22/0x60 [ 48.222808] _cond_resched+0x1d/0x30 [ 48.222811] wait_for_completion+0xa5/0x8d0 [ 48.222813] __synchronize_srcu+0x189/0x240 [ 48.222816] synchronize_srcu+0x335/0x56f [ 48.222819] kvm_page_track_unregister_notifier+0x17d/0x250 [ 48.222821] kvm_mmu_uninit_vm+0x1c/0x20 [ 48.222824] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 48.222826] kvm_put_kvm+0x73f/0x1060 [ 48.222828] kvm_vm_release+0x42/0x50 [ 48.222830] __fput+0x38a/0xa40 [ 48.222832] ____fput+0x15/0x20 [ 48.222834] task_work_run+0x1e8/0x2a0 [ 48.222837] do_exit+0x1ae4/0x26e0 [ 48.222839] do_group_exit+0x177/0x440 [ 48.222841] __x64_sys_exit_group+0x3e/0x50 [ 48.222844] do_syscall_64+0x1b9/0x820 [ 48.222846] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.222848] [ 48.222849] -> #2 (&rq->lock){-.-.}: [ 48.222856] _raw_spin_lock+0x2a/0x40 [ 48.222859] task_fork_fair+0x93/0x680 [ 48.222861] sched_fork+0x44b/0xbd0 [ 48.222863] copy_process+0x235e/0x7ad0 [ 48.222865] _do_fork+0x1ca/0x1170 [ 48.222867] kernel_thread+0x34/0x40 [ 48.222869] rest_init+0x22/0xe4 [ 48.222871] start_kernel+0x913/0x94e [ 48.222874] x86_64_start_reservations+0x29/0x2b [ 48.222876] x86_64_start_kernel+0x76/0x79 [ 48.222879] secondary_startup_64+0xa4/0xb0 [ 48.222880] [ 48.222881] -> #1 (&p->pi_lock){-.-.}: [ 48.222889] _raw_spin_lock_irqsave+0x96/0xc0 [ 48.222891] try_to_wake_up+0xd2/0x1250 [ 48.222893] wake_up_process+0x10/0x20 [ 48.222896] __up.isra.1+0x1c0/0x2a0 [ 48.222897] up+0x13c/0x1c0 [ 48.222900] __up_console_sem+0xbe/0x1b0 [ 48.222902] console_unlock+0x506/0x10d0 [ 48.222904] vprintk_emit+0x33a/0x910 [ 48.222906] vprintk_default+0x28/0x30 [ 48.222909] vprintk_func+0x7a/0x117 [ 48.222911] printk+0xa7/0xcf [ 48.222913] load_umh+0x51/0xbd [ 48.222915] do_one_initcall+0x127/0x838 [ 48.222917] kernel_init_freeable+0x4bb/0x5ae [ 48.222919] kernel_init+0x11/0x1b3 [ 48.222922] ret_from_fork+0x3a/0x50 [ 48.222923] [ 48.222924] -> #0 ((console_sem).lock){-...}: [ 48.222932] lock_acquire+0x1e4/0x4f0 [ 48.222934] _raw_spin_lock_irqsave+0x96/0xc0 [ 48.222936] down_trylock+0x13/0x70 [ 48.222939] __down_trylock_console_sem+0xae/0x200 [ 48.222941] console_trylock+0x15/0xa0 [ 48.222944] vprintk_emit+0x31f/0x910 [ 48.222946] vprintk_default+0x28/0x30 [ 48.222948] vprintk_func+0x7a/0x117 [ 48.222950] printk+0xa7/0xcf [ 48.222952] kasan_report+0x9e/0x110 [ 48.222955] __asan_report_load8_noabort+0x14/0x20 [ 48.222957] __schedule+0xf54/0x1df0 [ 48.222959] preempt_schedule_common+0x22/0x60 [ 48.222962] _cond_resched+0x1d/0x30 [ 48.222964] wait_for_completion+0xa5/0x8d0 [ 48.222967] __synchronize_srcu+0x189/0x240 [ 48.222969] synchronize_srcu+0x335/0x56f [ 48.222972] kvm_page_track_unregister_notifier+0x17d/0x250 [ 48.222974] kvm_mmu_uninit_vm+0x1c/0x20 [ 48.222977] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 48.222979] kvm_put_kvm+0x73f/0x1060 [ 48.222981] kvm_vm_release+0x42/0x50 [ 48.222983] __fput+0x38a/0xa40 [ 48.222985] ____fput+0x15/0x20 [ 48.222987] task_work_run+0x1e8/0x2a0 [ 48.222989] do_exit+0x1ae4/0x26e0 [ 48.222992] do_group_exit+0x177/0x440 [ 48.222994] __x64_sys_exit_group+0x3e/0x50 [ 48.222996] do_syscall_64+0x1b9/0x820 [ 48.222999] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.223000] [ 48.223003] other info that might help us debug this: [ 48.223004] [ 48.223006] Chain exists of: [ 48.223007] (console_sem).lock --> &rq->lock --> report_lock [ 48.223016] [ 48.223019] Possible unsafe locking scenario: [ 48.223020] [ 48.223022] CPU0 CPU1 [ 48.223025] ---- ---- [ 48.223026] lock(report_lock); [ 48.223031] lock(&rq->lock); [ 48.223036] lock(report_lock); [ 48.223040] lock((console_sem).lock); [ 48.223045] [ 48.223046] *** DEADLOCK *** [ 48.223048] [ 48.223050] 2 locks held by syz-executor117/4653: [ 48.223051] #0: 000000005d8d6b37 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 48.223060] #1: 000000000d1b4b16 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 48.223070] [ 48.223071] stack backtrace: [ 48.223075] CPU: 0 PID: 4653 Comm: syz-executor117 Not tainted 4.19.0-rc1+ #217 [ 48.223079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.223081] Call Trace: [ 48.223083] dump_stack+0x1c9/0x2b4 [ 48.223086] ? dump_stack_print_info.cold.2+0x52/0x52 [ 48.223088] ? vprintk_func+0x100/0x117 [ 48.223091] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 48.223093] ? save_trace+0xe0/0x290 [ 48.223095] __lock_acquire+0x3449/0x5020 [ 48.223098] ? mark_held_locks+0x160/0x160 [ 48.223100] ? mark_held_locks+0x160/0x160 [ 48.223102] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 48.223105] ? is_bpf_text_address+0xd7/0x170 [ 48.223107] ? kernel_text_address+0x79/0xf0 [ 48.223110] ? __kernel_text_address+0xd/0x40 [ 48.223112] ? __save_stack_trace+0x8d/0xf0 [ 48.223114] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 48.223117] ? save_trace+0x290/0x290 [ 48.223119] ? save_stack_trace+0x1a/0x20 [ 48.223121] ? save_trace+0xe0/0x290 [ 48.223123] ? graph_lock+0x170/0x170 [ 48.223126] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.223128] lock_acquire+0x1e4/0x4f0 [ 48.223130] ? down_trylock+0x13/0x70 [ 48.223132] ? lock_release+0x9f0/0x9f0 [ 48.223135] ? trace_hardirqs_off+0xb8/0x2b0 [ 48.223137] ? trace_hardirqs_on+0x2c0/0x2c0 [ 48.223139] ? trace_hardirqs_off+0xb8/0x2b0 [ 48.223142] ? log_store+0x34f/0x4c0 [ 48.223144] ? vprintk_emit+0x31f/0x910 [ 48.223146] _raw_spin_lock_irqsave+0x96/0xc0 [ 48.223148] ? down_trylock+0x13/0x70 [ 48.223150] down_trylock+0x13/0x70 [ 48.223153] __down_trylock_console_sem+0xae/0x200 [ 48.223155] console_trylock+0x15/0xa0 [ 48.223157] vprintk_emit+0x31f/0x910 [ 48.223159] ? wake_up_klogd+0x110/0x110 [ 48.223162] ? run_rebalance_domains+0x4c0/0x4c0 [ 48.223164] ? kasan_check_read+0x11/0x20 [ 48.223166] ? rcu_is_watching+0x8c/0x150 [ 48.223169] ? rcu_pm_notify+0xc0/0xc0 [ 48.223171] ? lock_acquire+0x1e4/0x4f0 [ 48.223173] ? kasan_report+0x8e/0x110 [ 48.223175] ? __schedule+0xf54/0x1df0 [ 48.223177] vprintk_default+0x28/0x30 [ 48.223179] vprintk_func+0x7a/0x117 [ 48.223181] printk+0xa7/0xcf [ 48.223184] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 48.223186] ? kasan_check_write+0x14/0x20 [ 48.223188] ? do_raw_spin_lock+0xc1/0x200 [ 48.223191] ? do_raw_spin_lock+0xc1/0x200 [ 48.223193] kasan_report+0x9e/0x110 [ 48.223195] __asan_report_load8_noabort+0x14/0x20 [ 48.223197] __schedule+0xf54/0x1df0 [ 48.223200] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 48.223202] ? __sched_text_start+0x8/0x8 [ 48.223205] ? __call_srcu+0x7e7/0x1040 [ 48.223207] ? check_same_owner+0x340/0x340 [ 48.223209] ? mark_held_locks+0x160/0x160 [ 48.223211] ? find_held_lock+0x36/0x1c0 [ 48.223214] preempt_schedule_common+0x22/0x60 [ 48.223216] _cond_resched+0x1d/0x30 [ 48.223218] wait_for_completion+0xa5/0x8d0 [ 48.223221] ? wait_for_completion_interruptible+0x950/0x950 [ 48.223224] ? __lockdep_init_map+0x105/0x590 [ 48.223226] ? __init_waitqueue_head+0x9e/0x150 [ 48.223228] ? init_wait_entry+0x1c0/0x1c0 [ 48.223231] __synchronize_srcu+0x189/0x240 [ 48.223233] ? call_srcu+0x10/0x10 [ 48.223235] ? rcu_unexpedite_gp+0x20/0x20 [ 48.223238] synchronize_srcu+0x335/0x56f [ 48.223240] ? lock_downgrade+0x8f0/0x8f0 [ 48.223243] ? synchronize_srcu_expedited+0x20/0x20 [ 48.223245] ? kasan_check_read+0x11/0x20 [ 48.223248] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 48.223250] ? kasan_check_write+0x14/0x20 [ 48.223252] ? do_raw_spin_lock+0xc1/0x200 [ 48.223255] kvm_page_track_unregister_notifier+0x17d/0x250 [ 48.223258] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 48.223260] ? kvfree+0x61/0x70 [ 48.223263] ? rcu_read_lock_sched_held+0x108/0x120 [ 48.223265] kvm_mmu_uninit_vm+0x1c/0x20 [ 48.223267] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 48.223270] ? kvm_arch_sync_events+0x30/0x30 [ 48.223273] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.223275] ? mmu_notifier_unregister+0x474/0x600 [ 48.223278] ? trace_hardirqs_on+0x2c0/0x2c0 [ 48.223280] ? kfree+0x111/0x210 [ 48.223282] ? __mmu_notifier_register+0x30/0x30 [ 48.223284] ? __free_pages+0x10a/0x190 [ 48.223287] ? free_unref_page+0x930/0x930 [ 48.223289] kvm_put_kvm+0x73f/0x1060 [ 48.223291] ? kvm_write_guest_cached+0x40/0x40 [ 48.223294] ? _raw_spin_unlock_irq+0x27/0x70 [ 48.223296] ? _raw_spin_unlock_irq+0x27/0x70 [ 48.223300] ? lockdep_hardirqs_on+0x421/0x5c0 [ 48.223302] ? kasan_check_write+0x14/0x20 [ 48.223305] ? do_raw_spin_lock+0xc1/0x200 [ 48.223307] ? kvm_irqfd_release+0xdd/0x120 [ 48.223309] ? kvm_irqfd_release+0xdd/0x120 [ 48.223312] ? kvm_put_kvm+0x1060/0x1060 [ 48.223314] kvm_vm_release+0x42/0x50 [ 48.223316] __fput+0x38a/0xa40 [ 48.223318] ? __alloc_file+0x400/0x400 [ 48.223320] ? check_same_owner+0x340/0x340 [ 48.223322] ? kasan_check_write+0x14/0x20 [ 48.223325] ? do_raw_spin_lock+0xc1/0x200 [ 48.223327] ____fput+0x15/0x20 [ 48.223329] task_work_run+0x1e8/0x2a0 [ 48.223331] ? task_work_cancel+0x240/0x240 [ 48.223334] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.223336] ? switch_task_namespaces+0xa2/0xd0 [ 48.223338] do_exit+0x1ae4/0x26e0 [ 48.223341] ? mm_update_next_owner+0x9a0/0x9a0 [ 48.223343] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 48.223346] ? rcu_read_lock_sched_held+0x108/0x120 [ 48.223348] ? kfree+0x1d7/0x210 [ 48.223350] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 48.223353] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 48.223355] ? is_bpf_text_address+0xd7/0x170 [ 48.223357] ? [ 48.223361] Lost 55 message(s)! [ 49.284215] Shutting down cpus with NMI [ 50.343782] Dumping ftrace buffer: [ 50.347308] (ftrace buffer empty) [ 50.350995] Kernel Offset: disabled [ 50.354601] Rebooting in 86400 seconds..