[....] Starting OpenBSD Secure Shell server: sshd[ 21.746634] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.368098] random: sshd: uninitialized urandom read (32 bytes read) [ 26.674760] sshd (4612) used greatest stack depth: 16664 bytes left [ 26.697838] random: sshd: uninitialized urandom read (32 bytes read) [ 27.289198] random: sshd: uninitialized urandom read (32 bytes read) [ 38.837363] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.63' (ECDSA) to the list of known hosts. [ 44.502946] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 44.600820] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 44.625458] ================================================================== [ 44.635277] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 44.641501] Read of size 8 at addr ffff8801bb540058 by task syz-executor236/4631 [ 44.649025] [ 44.650656] CPU: 0 PID: 4631 Comm: syz-executor236 Not tainted 4.19.0-rc1+ #217 [ 44.658189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.667544] Call Trace: [ 44.670142] dump_stack+0x1c9/0x2b4 [ 44.673773] ? dump_stack_print_info.cold.2+0x52/0x52 [ 44.678965] ? printk+0xa7/0xcf [ 44.682244] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 44.687004] ? __schedule+0xf54/0x1df0 [ 44.690892] print_address_description+0x6c/0x20b [ 44.695743] ? __schedule+0xf54/0x1df0 [ 44.699653] kasan_report.cold.7+0x242/0x30d [ 44.704067] __asan_report_load8_noabort+0x14/0x20 [ 44.709009] __schedule+0xf54/0x1df0 [ 44.712723] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 44.717827] ? __sched_text_start+0x8/0x8 [ 44.721985] ? __call_srcu+0x7e7/0x1040 [ 44.725975] ? check_same_owner+0x340/0x340 [ 44.730292] ? mark_held_locks+0x160/0x160 [ 44.734521] ? find_held_lock+0x36/0x1c0 [ 44.738584] preempt_schedule_common+0x22/0x60 [ 44.743165] _cond_resched+0x1d/0x30 [ 44.746908] wait_for_completion+0xa5/0x8d0 [ 44.751236] ? wait_for_completion_interruptible+0x950/0x950 [ 44.757054] ? __lockdep_init_map+0x105/0x590 [ 44.761549] ? __init_waitqueue_head+0x9e/0x150 [ 44.766215] ? init_wait_entry+0x1c0/0x1c0 [ 44.770453] __synchronize_srcu+0x189/0x240 [ 44.774768] ? call_srcu+0x10/0x10 [ 44.778304] ? rcu_unexpedite_gp+0x20/0x20 [ 44.782541] synchronize_srcu+0x335/0x56f [ 44.786685] ? lock_downgrade+0x8f0/0x8f0 [ 44.790853] ? synchronize_srcu_expedited+0x20/0x20 [ 44.795867] ? kasan_check_read+0x11/0x20 [ 44.800010] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 44.804589] ? kasan_check_write+0x14/0x20 [ 44.808820] ? do_raw_spin_lock+0xc1/0x200 [ 44.813054] kvm_page_track_unregister_notifier+0x17d/0x250 [ 44.818763] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 44.824212] ? kvfree+0x61/0x70 [ 44.827493] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.832509] kvm_mmu_uninit_vm+0x1c/0x20 [ 44.836563] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 44.840978] ? kvm_arch_sync_events+0x30/0x30 [ 44.845473] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 44.851014] ? mmu_notifier_unregister+0x474/0x600 [ 44.855942] ? trace_hardirqs_on+0x2c0/0x2c0 [ 44.860354] ? kfree+0x111/0x210 [ 44.863724] ? __mmu_notifier_register+0x30/0x30 [ 44.868482] ? __free_pages+0x10a/0x190 [ 44.872457] ? free_unref_page+0x930/0x930 [ 44.876697] kvm_put_kvm+0x73f/0x1060 [ 44.880502] ? kvm_write_guest_cached+0x40/0x40 [ 44.885174] ? _raw_spin_unlock_irq+0x27/0x70 [ 44.889666] ? _raw_spin_unlock_irq+0x27/0x70 [ 44.894154] ? lockdep_hardirqs_on+0x421/0x5c0 [ 44.898735] ? kasan_check_write+0x14/0x20 [ 44.902971] ? do_raw_spin_lock+0xc1/0x200 [ 44.907208] ? kvm_irqfd_release+0xdd/0x120 [ 44.911521] ? kvm_irqfd_release+0xdd/0x120 [ 44.915840] ? kvm_put_kvm+0x1060/0x1060 [ 44.919895] kvm_vm_release+0x42/0x50 [ 44.923693] __fput+0x38a/0xa40 [ 44.926974] ? __alloc_file+0x400/0x400 [ 44.930961] ? check_same_owner+0x340/0x340 [ 44.935282] ? kasan_check_write+0x14/0x20 [ 44.939514] ? do_raw_spin_lock+0xc1/0x200 [ 44.943748] ____fput+0x15/0x20 [ 44.947022] task_work_run+0x1e8/0x2a0 [ 44.950904] ? task_work_cancel+0x240/0x240 [ 44.955229] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 44.960765] ? switch_task_namespaces+0xa2/0xd0 [ 44.965440] do_exit+0x1ae4/0x26e0 [ 44.968987] ? mm_update_next_owner+0x9a0/0x9a0 [ 44.973657] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 44.977891] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.982904] ? kfree+0x1d7/0x210 [ 44.986267] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 44.990505] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 44.996216] ? is_bpf_text_address+0xd7/0x170 [ 45.000707] ? kernel_text_address+0x79/0xf0 [ 45.005114] ? __kernel_text_address+0xd/0x40 [ 45.009608] ? unwind_get_return_address+0x61/0xa0 [ 45.014539] ? __save_stack_trace+0x8d/0xf0 [ 45.018865] ? save_stack+0xa9/0xd0 [ 45.022486] ? save_stack+0x43/0xd0 [ 45.026112] ? __kasan_slab_free+0x11a/0x170 [ 45.030514] ? kasan_slab_free+0xe/0x10 [ 45.034482] ? putname+0xf2/0x130 [ 45.037929] ? __x64_sys_openat+0x9d/0x100 [ 45.042168] ? do_syscall_64+0x1b9/0x820 [ 45.046245] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.051612] ? trace_hardirqs_off+0xb8/0x2b0 [ 45.056018] ? kasan_check_read+0x11/0x20 [ 45.060161] ? do_raw_spin_unlock+0xa7/0x2f0 [ 45.064564] ? trace_hardirqs_on+0x2c0/0x2c0 [ 45.068978] ? initcall_blacklisted+0x9a/0x1e0 [ 45.073562] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 45.078684] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 45.084393] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.089924] ? do_vfs_ioctl+0x201/0x1720 [ 45.093987] ? rcu_is_watching+0x8c/0x150 [ 45.098126] ? trace_hardirqs_on+0xbd/0x2c0 [ 45.102444] ? ioctl_preallocate+0x300/0x300 [ 45.106849] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.112381] ? __fget_light+0x2f7/0x440 [ 45.116351] ? fget_raw+0x20/0x20 [ 45.119796] ? putname+0xf2/0x130 [ 45.123250] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.128261] ? kmem_cache_free+0x246/0x280 [ 45.132511] ? putname+0xf7/0x130 [ 45.135972] do_group_exit+0x177/0x440 [ 45.139856] ? trace_hardirqs_on+0xbd/0x2c0 [ 45.144181] ? __ia32_sys_exit+0x50/0x50 [ 45.148238] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 45.153340] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.158871] ? ksys_ioctl+0x81/0xd0 [ 45.162494] __x64_sys_exit_group+0x3e/0x50 [ 45.166811] do_syscall_64+0x1b9/0x820 [ 45.170693] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 45.176055] ? syscall_return_slowpath+0x5e0/0x5e0 [ 45.180983] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.185818] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 45.190827] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 45.195839] ? prepare_exit_to_usermode+0x291/0x3b0 [ 45.200853] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.205784] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.210973] RIP: 0033:0x43ef08 [ 45.214163] Code: Bad RIP value. [ 45.217515] RSP: 002b:00007ffd5ea7e548 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 45.225294] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 45.232684] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 45.239983] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 45.247242] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 45.254491] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 45.261844] [ 45.263452] Allocated by task 4631: [ 45.267066] save_stack+0x43/0xd0 [ 45.270496] kasan_kmalloc+0xc4/0xe0 [ 45.274251] kasan_slab_alloc+0x12/0x20 [ 45.278212] kmem_cache_alloc+0x12e/0x710 [ 45.282341] vmx_create_vcpu+0xcf/0x2830 [ 45.286378] kvm_arch_vcpu_create+0xe5/0x220 [ 45.290774] kvm_vm_ioctl+0x488/0x1d80 [ 45.294643] do_vfs_ioctl+0x1de/0x1720 [ 45.298509] ksys_ioctl+0xa9/0xd0 [ 45.301942] __x64_sys_ioctl+0x73/0xb0 [ 45.305815] do_syscall_64+0x1b9/0x820 [ 45.309681] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.314844] [ 45.316446] Freed by task 4631: [ 45.319773] save_stack+0x43/0xd0 [ 45.323216] __kasan_slab_free+0x11a/0x170 [ 45.327432] kasan_slab_free+0xe/0x10 [ 45.331339] kmem_cache_free+0x86/0x280 [ 45.335296] vmx_free_vcpu+0x26b/0x300 [ 45.339165] kvm_arch_destroy_vm+0x365/0x7c0 [ 45.343551] kvm_put_kvm+0x73f/0x1060 [ 45.347331] kvm_vm_release+0x42/0x50 [ 45.351111] __fput+0x38a/0xa40 [ 45.354370] ____fput+0x15/0x20 [ 45.357635] task_work_run+0x1e8/0x2a0 [ 45.361505] do_exit+0x1ae4/0x26e0 [ 45.365021] do_group_exit+0x177/0x440 [ 45.368888] __x64_sys_exit_group+0x3e/0x50 [ 45.373190] do_syscall_64+0x1b9/0x820 [ 45.377067] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.382235] [ 45.383845] The buggy address belongs to the object at ffff8801bb540040 [ 45.383845] which belongs to the cache kvm_vcpu of size 23872 [ 45.396396] The buggy address is located 24 bytes inside of [ 45.396396] 23872-byte region [ffff8801bb540040, ffff8801bb545d80) [ 45.408335] The buggy address belongs to the page: [ 45.413250] page:ffffea0006ed5000 count:1 mapcount:0 mapping:ffff8801d51839c0 index:0x0 compound_mapcount: 0 [ 45.423203] flags: 0x2fffc0000008100(slab|head) [ 45.427861] raw: 02fffc0000008100 ffff8801d517f348 ffff8801d517f348 ffff8801d51839c0 [ 45.435725] raw: 0000000000000000 ffff8801bb540040 0000000100000001 0000000000000000 [ 45.443583] page dumped because: kasan: bad access detected [ 45.449269] [ 45.450873] Memory state around the buggy address: [ 45.455779] ffff8801bb53ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.463114] ffff8801bb53ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.470451] >ffff8801bb540000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 45.477792] ^ [ 45.484003] ffff8801bb540080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.491387] ffff8801bb540100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.498727] ================================================================== [ 45.506064] Kernel panic - not syncing: panic_on_warn set ... [ 45.506064] [ 45.513554] CPU: 0 PID: 4631 Comm: syz-executor236 Tainted: G B 4.19.0-rc1+ #217 [ 45.522375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.531710] Call Trace: [ 45.534293] dump_stack+0x1c9/0x2b4 [ 45.537904] ? dump_stack_print_info.cold.2+0x52/0x52 [ 45.543085] ? lock_downgrade+0x8f0/0x8f0 [ 45.547226] ? __schedule+0xf54/0x1df0 [ 45.551113] panic+0x238/0x4e7 [ 45.554340] ? add_taint.cold.5+0x16/0x16 [ 45.558480] ? print_shadow_for_address+0xba/0x116 [ 45.563398] ? trace_hardirqs_off+0xaf/0x2b0 [ 45.567789] ? trace_hardirqs_off+0x77/0x2b0 [ 45.572182] ? __schedule+0xf54/0x1df0 [ 45.576068] kasan_end_report+0x47/0x4f [ 45.580127] kasan_report.cold.7+0x76/0x30d [ 45.584443] __asan_report_load8_noabort+0x14/0x20 [ 45.589358] __schedule+0xf54/0x1df0 [ 45.593054] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 45.598152] ? __sched_text_start+0x8/0x8 [ 45.602289] ? __call_srcu+0x7e7/0x1040 [ 45.606251] ? check_same_owner+0x340/0x340 [ 45.610555] ? mark_held_locks+0x160/0x160 [ 45.614940] ? find_held_lock+0x36/0x1c0 [ 45.618998] preempt_schedule_common+0x22/0x60 [ 45.623563] _cond_resched+0x1d/0x30 [ 45.627257] wait_for_completion+0xa5/0x8d0 [ 45.631569] ? wait_for_completion_interruptible+0x950/0x950 [ 45.637351] ? __lockdep_init_map+0x105/0x590 [ 45.641888] ? __init_waitqueue_head+0x9e/0x150 [ 45.646542] ? init_wait_entry+0x1c0/0x1c0 [ 45.650762] __synchronize_srcu+0x189/0x240 [ 45.655064] ? call_srcu+0x10/0x10 [ 45.658636] ? rcu_unexpedite_gp+0x20/0x20 [ 45.662873] synchronize_srcu+0x335/0x56f [ 45.667104] ? lock_downgrade+0x8f0/0x8f0 [ 45.671237] ? synchronize_srcu_expedited+0x20/0x20 [ 45.676236] ? kasan_check_read+0x11/0x20 [ 45.680367] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 45.684994] ? kasan_check_write+0x14/0x20 [ 45.689222] ? do_raw_spin_lock+0xc1/0x200 [ 45.693447] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.699154] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 45.704592] ? kvfree+0x61/0x70 [ 45.707853] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.712851] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.716896] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.721299] ? kvm_arch_sync_events+0x30/0x30 [ 45.725789] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.731323] ? mmu_notifier_unregister+0x474/0x600 [ 45.736240] ? trace_hardirqs_on+0x2c0/0x2c0 [ 45.740633] ? kfree+0x111/0x210 [ 45.743986] ? __mmu_notifier_register+0x30/0x30 [ 45.748741] ? __free_pages+0x10a/0x190 [ 45.752703] ? free_unref_page+0x930/0x930 [ 45.756929] kvm_put_kvm+0x73f/0x1060 [ 45.760722] ? kvm_write_guest_cached+0x40/0x40 [ 45.765491] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.769975] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.774498] ? lockdep_hardirqs_on+0x421/0x5c0 [ 45.779071] ? kasan_check_write+0x14/0x20 [ 45.783285] ? do_raw_spin_lock+0xc1/0x200 [ 45.787501] ? kvm_irqfd_release+0xdd/0x120 [ 45.791852] ? kvm_irqfd_release+0xdd/0x120 [ 45.796174] ? kvm_put_kvm+0x1060/0x1060 [ 45.800221] kvm_vm_release+0x42/0x50 [ 45.804017] __fput+0x38a/0xa40 [ 45.807279] ? __alloc_file+0x400/0x400 [ 45.811344] ? check_same_owner+0x340/0x340 [ 45.815655] ? kasan_check_write+0x14/0x20 [ 45.819869] ? do_raw_spin_lock+0xc1/0x200 [ 45.824083] ____fput+0x15/0x20 [ 45.827345] task_work_run+0x1e8/0x2a0 [ 45.831212] ? task_work_cancel+0x240/0x240 [ 45.835574] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.841100] ? switch_task_namespaces+0xa2/0xd0 [ 45.845752] do_exit+0x1ae4/0x26e0 [ 45.849272] ? mm_update_next_owner+0x9a0/0x9a0 [ 45.853934] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 45.858170] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.863169] ? kfree+0x1d7/0x210 [ 45.866565] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 45.870793] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 45.876553] ? is_bpf_text_address+0xd7/0x170 [ 45.881042] ? kernel_text_address+0x79/0xf0 [ 45.885447] ? __kernel_text_address+0xd/0x40 [ 45.889929] ? unwind_get_return_address+0x61/0xa0 [ 45.894851] ? __save_stack_trace+0x8d/0xf0 [ 45.899164] ? save_stack+0xa9/0xd0 [ 45.902772] ? save_stack+0x43/0xd0 [ 45.906378] ? __kasan_slab_free+0x11a/0x170 [ 45.910764] ? kasan_slab_free+0xe/0x10 [ 45.914726] ? putname+0xf2/0x130 [ 45.918163] ? __x64_sys_openat+0x9d/0x100 [ 45.922379] ? do_syscall_64+0x1b9/0x820 [ 45.926426] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.931772] ? trace_hardirqs_off+0xb8/0x2b0 [ 45.936217] ? kasan_check_read+0x11/0x20 [ 45.940367] ? do_raw_spin_unlock+0xa7/0x2f0 [ 45.944762] ? trace_hardirqs_on+0x2c0/0x2c0 [ 45.949160] ? initcall_blacklisted+0x9a/0x1e0 [ 45.953776] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 45.958874] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 45.964569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.970088] ? do_vfs_ioctl+0x201/0x1720 [ 45.974141] ? rcu_is_watching+0x8c/0x150 [ 45.978269] ? trace_hardirqs_on+0xbd/0x2c0 [ 45.982573] ? ioctl_preallocate+0x300/0x300 [ 45.986978] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.992499] ? __fget_light+0x2f7/0x440 [ 45.996452] ? fget_raw+0x20/0x20 [ 45.999883] ? putname+0xf2/0x130 [ 46.003321] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.008340] ? kmem_cache_free+0x246/0x280 [ 46.012567] ? putname+0xf7/0x130 [ 46.016013] do_group_exit+0x177/0x440 [ 46.019885] ? trace_hardirqs_on+0xbd/0x2c0 [ 46.024189] ? __ia32_sys_exit+0x50/0x50 [ 46.028228] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 46.033327] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.038852] ? ksys_ioctl+0x81/0xd0 [ 46.042471] __x64_sys_exit_group+0x3e/0x50 [ 46.046785] do_syscall_64+0x1b9/0x820 [ 46.050658] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 46.056002] ? syscall_return_slowpath+0x5e0/0x5e0 [ 46.060920] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.065749] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 46.070863] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 46.075869] ? prepare_exit_to_usermode+0x291/0x3b0 [ 46.080867] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.085703] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.090881] RIP: 0033:0x43ef08 [ 46.094212] Code: Bad RIP value. [ 46.097561] RSP: 002b:00007ffd5ea7e548 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 46.105250] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 46.112503] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 46.119754] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 46.127002] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 46.134257] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 46.141522] [ 46.141526] ====================================================== [ 46.141529] WARNING: possible circular locking dependency detected [ 46.141531] 4.19.0-rc1+ #217 Not tainted [ 46.141535] ------------------------------------------------------ [ 46.141538] syz-executor236/4631 is trying to acquire lock: [ 46.141540] 0000000011b79006 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 46.141549] [ 46.141551] but task is already holding lock: [ 46.141553] 00000000945f585d (report_lock){....}, at: kasan_report+0x8e/0x110 [ 46.141561] [ 46.141563] which lock already depends on the new lock. [ 46.141564] [ 46.141566] [ 46.141569] the existing dependency chain (in reverse order) is: [ 46.141570] [ 46.141571] -> #3 (report_lock){....}: [ 46.141579] _raw_spin_lock_irqsave+0x96/0xc0 [ 46.141581] kasan_report+0x8e/0x110 [ 46.141584] __asan_report_load8_noabort+0x14/0x20 [ 46.141586] __schedule+0xf54/0x1df0 [ 46.141589] preempt_schedule_common+0x22/0x60 [ 46.141591] _cond_resched+0x1d/0x30 [ 46.141594] wait_for_completion+0xa5/0x8d0 [ 46.141596] __synchronize_srcu+0x189/0x240 [ 46.141599] synchronize_srcu+0x335/0x56f [ 46.141602] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.141604] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.141607] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.141609] kvm_put_kvm+0x73f/0x1060 [ 46.141611] kvm_vm_release+0x42/0x50 [ 46.141613] __fput+0x38a/0xa40 [ 46.141615] ____fput+0x15/0x20 [ 46.141618] task_work_run+0x1e8/0x2a0 [ 46.141620] do_exit+0x1ae4/0x26e0 [ 46.141622] do_group_exit+0x177/0x440 [ 46.141624] __x64_sys_exit_group+0x3e/0x50 [ 46.141627] do_syscall_64+0x1b9/0x820 [ 46.141629] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.141631] [ 46.141632] -> #2 (&rq->lock){-.-.}: [ 46.141639] _raw_spin_lock+0x2a/0x40 [ 46.141642] task_fork_fair+0x93/0x680 [ 46.141644] sched_fork+0x44b/0xbd0 [ 46.141646] copy_process+0x235e/0x7ad0 [ 46.141648] _do_fork+0x1ca/0x1170 [ 46.141650] kernel_thread+0x34/0x40 [ 46.141652] rest_init+0x22/0xe4 [ 46.141654] start_kernel+0x913/0x94e [ 46.141657] x86_64_start_reservations+0x29/0x2b [ 46.141659] x86_64_start_kernel+0x76/0x79 [ 46.141662] secondary_startup_64+0xa4/0xb0 [ 46.141663] [ 46.141664] -> #1 (&p->pi_lock){-.-.}: [ 46.141672] _raw_spin_lock_irqsave+0x96/0xc0 [ 46.141674] try_to_wake_up+0xd2/0x1250 [ 46.141677] wake_up_process+0x10/0x20 [ 46.141679] __up.isra.1+0x1c0/0x2a0 [ 46.141681] up+0x13c/0x1c0 [ 46.141683] __up_console_sem+0xbe/0x1b0 [ 46.141685] console_unlock+0x506/0x10d0 [ 46.141687] vprintk_emit+0x33a/0x910 [ 46.141690] vprintk_default+0x28/0x30 [ 46.141692] vprintk_func+0x7a/0x117 [ 46.141694] printk+0xa7/0xcf [ 46.141696] do_exit.cold.22+0x120/0x21f [ 46.141698] do_group_exit+0x177/0x440 [ 46.141701] __x64_sys_exit_group+0x3e/0x50 [ 46.141703] do_syscall_64+0x1b9/0x820 [ 46.141706] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.141707] [ 46.141708] -> #0 ((console_sem).lock){-...}: [ 46.141716] lock_acquire+0x1e4/0x4f0 [ 46.141718] _raw_spin_lock_irqsave+0x96/0xc0 [ 46.141721] down_trylock+0x13/0x70 [ 46.141723] __down_trylock_console_sem+0xae/0x200 [ 46.141725] console_trylock+0x15/0xa0 [ 46.141728] vprintk_emit+0x31f/0x910 [ 46.141730] vprintk_default+0x28/0x30 [ 46.141732] vprintk_func+0x7a/0x117 [ 46.141734] printk+0xa7/0xcf [ 46.141736] kasan_report+0x9e/0x110 [ 46.141739] __asan_report_load8_noabort+0x14/0x20 [ 46.141741] __schedule+0xf54/0x1df0 [ 46.141744] preempt_schedule_common+0x22/0x60 [ 46.141746] _cond_resched+0x1d/0x30 [ 46.141748] wait_for_completion+0xa5/0x8d0 [ 46.141751] __synchronize_srcu+0x189/0x240 [ 46.141753] synchronize_srcu+0x335/0x56f [ 46.141756] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.141758] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.141761] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.141763] kvm_put_kvm+0x73f/0x1060 [ 46.141765] kvm_vm_release+0x42/0x50 [ 46.141767] __fput+0x38a/0xa40 [ 46.141769] ____fput+0x15/0x20 [ 46.141771] task_work_run+0x1e8/0x2a0 [ 46.141773] do_exit+0x1ae4/0x26e0 [ 46.141776] do_group_exit+0x177/0x440 [ 46.141778] __x64_sys_exit_group+0x3e/0x50 [ 46.141781] do_syscall_64+0x1b9/0x820 [ 46.141783] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.141785] [ 46.141787] other info that might help us debug this: [ 46.141788] [ 46.141790] Chain exists of: [ 46.141791] (console_sem).lock --> &rq->lock --> report_lock [ 46.141801] [ 46.141803] Possible unsafe locking scenario: [ 46.141805] [ 46.141807] CPU0 CPU1 [ 46.141810] ---- ---- [ 46.141811] lock(report_lock); [ 46.141816] lock(&rq->lock); [ 46.141821] lock(report_lock); [ 46.141825] lock((console_sem).lock); [ 46.141830] [ 46.141832] *** DEADLOCK *** [ 46.141833] [ 46.141835] 2 locks held by syz-executor236/4631: [ 46.141836] #0: 00000000a6ca6996 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 46.141846] #1: 00000000945f585d (report_lock){....}, at: kasan_report+0x8e/0x110 [ 46.141855] [ 46.141856] stack backtrace: [ 46.141860] CPU: 0 PID: 4631 Comm: syz-executor236 Not tainted 4.19.0-rc1+ #217 [ 46.141864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.141866] Call Trace: [ 46.141868] dump_stack+0x1c9/0x2b4 [ 46.141872] ? dump_stack_print_info.cold.2+0x52/0x52 [ 46.141875] ? vprintk_func+0x100/0x117 [ 46.141878] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 46.141880] ? save_trace+0xe0/0x290 [ 46.141882] __lock_acquire+0x3449/0x5020 [ 46.141885] ? mark_held_locks+0x160/0x160 [ 46.141887] ? mark_held_locks+0x160/0x160 [ 46.141889] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 46.141892] ? is_bpf_text_address+0xd7/0x170 [ 46.141894] ? kernel_text_address+0x79/0xf0 [ 46.141896] ? __kernel_text_address+0xd/0x40 [ 46.141899] ? __save_stack_trace+0x8d/0xf0 [ 46.141901] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 46.141904] ? save_trace+0x290/0x290 [ 46.141906] ? save_stack_trace+0x1a/0x20 [ 46.141908] ? save_trace+0xe0/0x290 [ 46.141910] ? graph_lock+0x170/0x170 [ 46.141913] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.141915] lock_acquire+0x1e4/0x4f0 [ 46.141917] ? down_trylock+0x13/0x70 [ 46.141920] ? lock_release+0x9f0/0x9f0 [ 46.141922] ? trace_hardirqs_off+0xb8/0x2b0 [ 46.141924] ? trace_hardirqs_on+0x2c0/0x2c0 [ 46.141927] ? trace_hardirqs_off+0xb8/0x2b0 [ 46.141929] ? log_store+0x34f/0x4c0 [ 46.141931] ? vprintk_emit+0x31f/0x910 [ 46.141933] _raw_spin_lock_irqsave+0x96/0xc0 [ 46.141935] ? down_trylock+0x13/0x70 [ 46.141937] down_trylock+0x13/0x70 [ 46.141940] __down_trylock_console_sem+0xae/0x200 [ 46.141942] console_trylock+0x15/0xa0 [ 46.141944] vprintk_emit+0x31f/0x910 [ 46.141947] ? wake_up_klogd+0x110/0x110 [ 46.141957] ? run_rebalance_domains+0x4c0/0x4c0 [ 46.141959] ? kasan_check_read+0x11/0x20 [ 46.141962] ? rcu_is_watching+0x8c/0x150 [ 46.141964] ? rcu_pm_notify+0xc0/0xc0 [ 46.141966] ? lock_acquire+0x1e4/0x4f0 [ 46.141968] ? kasan_report+0x8e/0x110 [ 46.141970] ? __schedule+0xf54/0x1df0 [ 46.141972] vprintk_default+0x28/0x30 [ 46.141975] vprintk_func+0x7a/0x117 [ 46.141976] printk+0xa7/0xcf [ 46.141979] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 46.141981] ? kasan_check_write+0x14/0x20 [ 46.141984] ? do_raw_spin_lock+0xc1/0x200 [ 46.141986] ? do_raw_spin_lock+0xc1/0x200 [ 46.141988] kasan_report+0x9e/0x110 [ 46.141991] __asan_report_load8_noabort+0x14/0x20 [ 46.141993] __schedule+0xf54/0x1df0 [ 46.141995] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 46.141998] ? __sched_text_start+0x8/0x8 [ 46.142000] ? __call_srcu+0x7e7/0x1040 [ 46.142002] ? check_same_owner+0x340/0x340 [ 46.142005] ? mark_held_locks+0x160/0x160 [ 46.142007] ? find_held_lock+0x36/0x1c0 [ 46.142010] preempt_schedule_common+0x22/0x60 [ 46.142012] _cond_resched+0x1d/0x30 [ 46.142014] wait_for_completion+0xa5/0x8d0 [ 46.142017] ? wait_for_completion_interruptible+0x950/0x950 [ 46.142020] ? __lockdep_init_map+0x105/0x590 [ 46.142022] ? __init_waitqueue_head+0x9e/0x150 [ 46.142025] ? init_wait_entry+0x1c0/0x1c0 [ 46.142027] __synchronize_srcu+0x189/0x240 [ 46.142029] ? call_srcu+0x10/0x10 [ 46.142031] ? rcu_unexpedite_gp+0x20/0x20 [ 46.142034] synchronize_srcu+0x335/0x56f [ 46.142036] ? lock_downgrade+0x8f0/0x8f0 [ 46.142039] ? synchronize_srcu_expedited+0x20/0x20 [ 46.142041] ? kasan_check_read+0x11/0x20 [ 46.142044] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 46.142046] ? kasan_check_write+0x14/0x20 [ 46.142049] ? do_raw_spin_lock+0xc1/0x200 [ 46.142052] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.142054] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 46.142056] ? kvfree+0x61/0x70 [ 46.142059] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.142061] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.142064] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.142066] ? kvm_arch_sync_events+0x30/0x30 [ 46.142069] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.142072] ? mmu_notifier_unregister+0x474/0x600 [ 46.142074] ? trace_hardirqs_on+0x2c0/0x2c0 [ 46.142076] ? kfree+0x111/0x210 [ 46.142079] ? __mmu_notifier_register+0x30/0x30 [ 46.142082] ? __free_pages+0x10a/0x190 [ 46.142085] ? free_unref_page+0x930/0x930 [ 46.142087] kvm_put_kvm+0x73f/0x1060 [ 46.142090] ? kvm_write_guest_cached+0x40/0x40 [ 46.142092] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.142095] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.142097] ? lockdep_hardirqs_on+0x421/0x5c0 [ 46.142099] ? kasan_check_write+0x14/0x20 [ 46.142102] ? do_raw_spin_lock+0xc1/0x200 [ 46.142104] ? kvm_irqfd_release+0xdd/0x120 [ 46.142106] ? kvm_irqfd_release+0xdd/0x120 [ 46.142109] ? kvm_put_kvm+0x1060/0x1060 [ 46.142111] kvm_vm_release+0x42/0x50 [ 46.142113] __fput+0x38a/0xa40 [ 46.142115] ? __alloc_file+0x400/0x400 [ 46.142117] ? check_same_owner+0x340/0x340 [ 46.142120] ? kasan_check_write+0x14/0x20 [ 46.142122] ? do_raw_spin_lock+0xc1/0x200 [ 46.142124] ____fput+0x15/0x20 [ 46.142126] task_work_run+0x1e8/0x2a0 [ 46.142129] ? task_work_cancel+0x240/0x240 [ 46.142132] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.142134] ? switch_task_namespaces+0xa2/0xd0 [ 46.142136] do_exit+0x1ae4/0x26e0 [ 46.142139] ? mm_update_next_owner+0x9a0/0x9a0 [ 46.142141] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 46.142144] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.142146] ? kfree+0x1d7/0x210 [ 46.142148] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 46.142151] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 46.142153] ? is_bpf_tex [ 46.142158] Lost 56 message(s)! [ 47.212036] Shutting down cpus with NMI [ 48.270073] Dumping ftrace buffer: [ 48.273592] (ftrace buffer empty) [ 48.277277] Kernel Offset: disabled [ 48.280885] Rebooting in 86400 seconds..