[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.018650] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.308554] random: sshd: uninitialized urandom read (32 bytes read) [ 26.645977] random: sshd: uninitialized urandom read (32 bytes read) [ 27.234182] random: sshd: uninitialized urandom read (32 bytes read) [ 27.419177] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.214' (ECDSA) to the list of known hosts. [ 33.146733] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.258712] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.285268] ================================================================== [ 33.295196] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.301434] Read of size 8 at addr ffff8801ca848058 by task syz-executor607/4703 [ 33.308961] [ 33.310602] CPU: 1 PID: 4703 Comm: syz-executor607 Not tainted 4.19.0-rc2+ #1 [ 33.317877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.327237] Call Trace: [ 33.329850] dump_stack+0x1c9/0x2b4 [ 33.333489] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.338683] ? printk+0xa7/0xcf [ 33.341966] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.346727] ? __schedule+0xf54/0x1df0 [ 33.350617] print_address_description+0x6c/0x20b [ 33.355459] ? __schedule+0xf54/0x1df0 [ 33.359351] kasan_report.cold.7+0x242/0x30d [ 33.363770] __asan_report_load8_noabort+0x14/0x20 [ 33.368698] __schedule+0xf54/0x1df0 [ 33.372415] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.377523] ? __sched_text_start+0x8/0x8 [ 33.381675] ? __call_srcu+0x7e7/0x1040 [ 33.385658] ? check_same_owner+0x340/0x340 [ 33.389978] ? mark_held_locks+0x160/0x160 [ 33.394226] ? find_held_lock+0x36/0x1c0 [ 33.398304] preempt_schedule_common+0x22/0x60 [ 33.402893] _cond_resched+0x1d/0x30 [ 33.406609] wait_for_completion+0xa5/0x8d0 [ 33.410938] ? wait_for_completion_interruptible+0x950/0x950 [ 33.416742] ? __lockdep_init_map+0x105/0x590 [ 33.421242] ? __init_waitqueue_head+0x9e/0x150 [ 33.425915] ? init_wait_entry+0x1c0/0x1c0 [ 33.430160] __synchronize_srcu+0x189/0x240 [ 33.434484] ? call_srcu+0x10/0x10 [ 33.438027] ? rcu_unexpedite_gp+0x20/0x20 [ 33.442272] synchronize_srcu+0x335/0x56f [ 33.446424] ? lock_downgrade+0x8f0/0x8f0 [ 33.450577] ? synchronize_srcu_expedited+0x20/0x20 [ 33.455598] ? kasan_check_read+0x11/0x20 [ 33.459746] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.464326] ? kasan_check_write+0x14/0x20 [ 33.468563] ? do_raw_spin_lock+0xc1/0x200 [ 33.472799] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.478521] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.483972] ? kvfree+0x61/0x70 [ 33.487254] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.492276] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.496359] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.500792] ? kvm_arch_sync_events+0x30/0x30 [ 33.505303] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.510866] ? mmu_notifier_unregister+0x474/0x600 [ 33.515799] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.520213] ? kfree+0x111/0x210 [ 33.523580] ? __mmu_notifier_register+0x30/0x30 [ 33.528337] ? __free_pages+0x10a/0x190 [ 33.532315] ? free_unref_page+0x930/0x930 [ 33.536557] kvm_put_kvm+0x73f/0x1060 [ 33.540370] ? kvm_write_guest_cached+0x40/0x40 [ 33.545040] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.549624] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.554118] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.558702] ? kasan_check_write+0x14/0x20 [ 33.562937] ? do_raw_spin_lock+0xc1/0x200 [ 33.567170] ? kvm_irqfd_release+0xdd/0x120 [ 33.571487] ? kvm_irqfd_release+0xdd/0x120 [ 33.575808] ? kvm_put_kvm+0x1060/0x1060 [ 33.579877] kvm_vm_release+0x42/0x50 [ 33.583680] __fput+0x38a/0xa40 [ 33.586961] ? __alloc_file+0x400/0x400 [ 33.590941] ? check_same_owner+0x340/0x340 [ 33.595271] ? kasan_check_write+0x14/0x20 [ 33.599525] ? do_raw_spin_lock+0xc1/0x200 [ 33.603762] ____fput+0x15/0x20 [ 33.607044] task_work_run+0x1e8/0x2a0 [ 33.610929] ? task_work_cancel+0x240/0x240 [ 33.615256] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.620889] ? switch_task_namespaces+0xa2/0xd0 [ 33.625559] do_exit+0x1ae4/0x26e0 [ 33.629105] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.633777] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.638013] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.643029] ? kfree+0x1d7/0x210 [ 33.646404] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.650644] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.656357] ? is_bpf_text_address+0xd7/0x170 [ 33.660858] ? kernel_text_address+0x79/0xf0 [ 33.665267] ? __kernel_text_address+0xd/0x40 [ 33.669763] ? unwind_get_return_address+0x61/0xa0 [ 33.674693] ? __save_stack_trace+0x8d/0xf0 [ 33.679020] ? save_stack+0xa9/0xd0 [ 33.682648] ? save_stack+0x43/0xd0 [ 33.686274] ? __kasan_slab_free+0x11a/0x170 [ 33.690679] ? kasan_slab_free+0xe/0x10 [ 33.694652] ? putname+0xf2/0x130 [ 33.698106] ? __x64_sys_openat+0x9d/0x100 [ 33.702339] ? do_syscall_64+0x1b9/0x820 [ 33.706405] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.711770] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.716177] ? kasan_check_read+0x11/0x20 [ 33.720324] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.724733] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.729145] ? initcall_blacklisted+0x9a/0x1e0 [ 33.733729] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.738845] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.744566] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.750107] ? do_vfs_ioctl+0x201/0x1720 [ 33.754169] ? rcu_is_watching+0x8c/0x150 [ 33.758314] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.762637] ? ioctl_preallocate+0x300/0x300 [ 33.767049] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.772590] ? __fget_light+0x2f7/0x440 [ 33.776568] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.782102] ? smack_file_ioctl+0x210/0x3c0 [ 33.786419] ? fget_raw+0x20/0x20 [ 33.789869] ? smack_file_lock+0x2e0/0x2e0 [ 33.794113] do_group_exit+0x177/0x440 [ 33.798001] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.802323] ? __ia32_sys_exit+0x50/0x50 [ 33.806898] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.812005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.817538] ? ksys_ioctl+0x81/0xd0 [ 33.821164] __x64_sys_exit_group+0x3e/0x50 [ 33.825490] do_syscall_64+0x1b9/0x820 [ 33.829385] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.834753] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.839684] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.844531] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.849545] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 33.854563] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.859582] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.864426] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.869611] RIP: 0033:0x43f028 [ 33.872809] Code: Bad RIP value. [ 33.876178] RSP: 002b:00007ffe5cca7978 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.883883] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 33.891151] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.898416] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.905681] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.912948] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 33.920218] [ 33.921845] Allocated by task 4703: [ 33.925478] save_stack+0x43/0xd0 [ 33.928925] kasan_kmalloc+0xc4/0xe0 [ 33.932637] kasan_slab_alloc+0x12/0x20 [ 33.936607] kmem_cache_alloc+0x12e/0x710 [ 33.940751] vmx_create_vcpu+0xcf/0x2830 [ 33.944809] kvm_arch_vcpu_create+0xe5/0x220 [ 33.949224] kvm_vm_ioctl+0x488/0x1d80 [ 33.953111] do_vfs_ioctl+0x1de/0x1720 [ 33.956993] ksys_ioctl+0xa9/0xd0 [ 33.960442] __x64_sys_ioctl+0x73/0xb0 [ 33.964328] do_syscall_64+0x1b9/0x820 [ 33.968213] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.973388] [ 33.975012] Freed by task 4703: [ 33.978289] save_stack+0x43/0xd0 [ 33.981740] __kasan_slab_free+0x11a/0x170 [ 33.985971] kasan_slab_free+0xe/0x10 [ 33.989764] kmem_cache_free+0x86/0x280 [ 33.993735] vmx_free_vcpu+0x26b/0x300 [ 33.997621] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.002029] kvm_put_kvm+0x73f/0x1060 [ 34.005834] kvm_vm_release+0x42/0x50 [ 34.009635] __fput+0x38a/0xa40 [ 34.012911] ____fput+0x15/0x20 [ 34.016188] task_work_run+0x1e8/0x2a0 [ 34.020073] do_exit+0x1ae4/0x26e0 [ 34.023607] do_group_exit+0x177/0x440 [ 34.027493] __x64_sys_exit_group+0x3e/0x50 [ 34.031813] do_syscall_64+0x1b9/0x820 [ 34.035708] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.040888] [ 34.042511] The buggy address belongs to the object at ffff8801ca848040 [ 34.042511] which belongs to the cache kvm_vcpu of size 23872 [ 34.055084] The buggy address is located 24 bytes inside of [ 34.055084] 23872-byte region [ffff8801ca848040, ffff8801ca84dd80) [ 34.067039] The buggy address belongs to the page: [ 34.071967] page:ffffea00072a1200 count:1 mapcount:0 mapping:ffff8801d4d82d80 index:0x0 compound_mapcount: 0 [ 34.081937] flags: 0x2fffc0000008100(slab|head) [ 34.086612] raw: 02fffc0000008100 ffff8801d4d77248 ffff8801d4d77248 ffff8801d4d82d80 [ 34.094500] raw: 0000000000000000 ffff8801ca848040 0000000100000001 0000000000000000 [ 34.102375] page dumped because: kasan: bad access detected [ 34.108074] [ 34.109691] Memory state around the buggy address: [ 34.114620] ffff8801ca847f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.121981] ffff8801ca847f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.129341] >ffff8801ca848000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.136703] ^ [ 34.142932] ffff8801ca848080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.150288] ffff8801ca848100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.157635] ================================================================== [ 34.164987] Kernel panic - not syncing: panic_on_warn set ... [ 34.164987] [ 34.172367] CPU: 1 PID: 4703 Comm: syz-executor607 Tainted: G B 4.19.0-rc2+ #1 [ 34.181031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.190391] Call Trace: [ 34.192993] dump_stack+0x1c9/0x2b4 [ 34.196629] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.201831] ? lock_downgrade+0x8f0/0x8f0 [ 34.205982] ? __schedule+0xf54/0x1df0 [ 34.209877] panic+0x238/0x4e7 [ 34.213070] ? add_taint.cold.5+0x16/0x16 [ 34.217222] ? print_shadow_for_address+0xba/0x116 [ 34.222151] ? trace_hardirqs_off+0xaf/0x2b0 [ 34.226560] ? trace_hardirqs_off+0x77/0x2b0 [ 34.230969] ? __schedule+0xf54/0x1df0 [ 34.234863] kasan_end_report+0x47/0x4f [ 34.238851] kasan_report.cold.7+0x76/0x30d [ 34.243182] __asan_report_load8_noabort+0x14/0x20 [ 34.248113] __schedule+0xf54/0x1df0 [ 34.251835] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.256946] ? __sched_text_start+0x8/0x8 [ 34.261099] ? __call_srcu+0x7e7/0x1040 [ 34.265088] ? check_same_owner+0x340/0x340 [ 34.269407] ? mark_held_locks+0x160/0x160 [ 34.273643] ? find_held_lock+0x36/0x1c0 [ 34.277712] preempt_schedule_common+0x22/0x60 [ 34.282300] _cond_resched+0x1d/0x30 [ 34.286017] wait_for_completion+0xa5/0x8d0 [ 34.290341] ? wait_for_completion_interruptible+0x950/0x950 [ 34.296146] ? __lockdep_init_map+0x105/0x590 [ 34.300646] ? __init_waitqueue_head+0x9e/0x150 [ 34.305314] ? init_wait_entry+0x1c0/0x1c0 [ 34.309556] __synchronize_srcu+0x189/0x240 [ 34.313882] ? call_srcu+0x10/0x10 [ 34.317425] ? rcu_unexpedite_gp+0x20/0x20 [ 34.321666] synchronize_srcu+0x335/0x56f [ 34.325814] ? lock_downgrade+0x8f0/0x8f0 [ 34.329973] ? synchronize_srcu_expedited+0x20/0x20 [ 34.334996] ? kasan_check_read+0x11/0x20 [ 34.339148] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.343734] ? kasan_check_write+0x14/0x20 [ 34.347973] ? do_raw_spin_lock+0xc1/0x200 [ 34.352211] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.357926] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.363383] ? kvfree+0x61/0x70 [ 34.366671] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.371692] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.375757] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.380170] ? kvm_arch_sync_events+0x30/0x30 [ 34.384674] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.390215] ? mmu_notifier_unregister+0x474/0x600 [ 34.395144] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.399556] ? kfree+0x111/0x210 [ 34.402943] ? __mmu_notifier_register+0x30/0x30 [ 34.407707] ? __free_pages+0x10a/0x190 [ 34.411684] ? free_unref_page+0x930/0x930 [ 34.415935] kvm_put_kvm+0x73f/0x1060 [ 34.419746] ? kvm_write_guest_cached+0x40/0x40 [ 34.424422] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.428923] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.433422] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.438011] ? kasan_check_write+0x14/0x20 [ 34.442253] ? do_raw_spin_lock+0xc1/0x200 [ 34.446504] ? kvm_irqfd_release+0xdd/0x120 [ 34.450838] ? kvm_irqfd_release+0xdd/0x120 [ 34.455176] ? kvm_put_kvm+0x1060/0x1060 [ 34.459238] kvm_vm_release+0x42/0x50 [ 34.463042] __fput+0x38a/0xa40 [ 34.466324] ? __alloc_file+0x400/0x400 [ 34.470303] ? check_same_owner+0x340/0x340 [ 34.474629] ? kasan_check_write+0x14/0x20 [ 34.478868] ? do_raw_spin_lock+0xc1/0x200 [ 34.483104] ____fput+0x15/0x20 [ 34.486389] task_work_run+0x1e8/0x2a0 [ 34.490279] ? task_work_cancel+0x240/0x240 [ 34.494604] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.500144] ? switch_task_namespaces+0xa2/0xd0 [ 34.504830] do_exit+0x1ae4/0x26e0 [ 34.508384] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.513065] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.517330] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.522356] ? kfree+0x1d7/0x210 [ 34.525738] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.529978] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.535695] ? is_bpf_text_address+0xd7/0x170 [ 34.540190] ? kernel_text_address+0x79/0xf0 [ 34.544597] ? __kernel_text_address+0xd/0x40 [ 34.549094] ? unwind_get_return_address+0x61/0xa0 [ 34.554028] ? __save_stack_trace+0x8d/0xf0 [ 34.558366] ? save_stack+0xa9/0xd0 [ 34.561997] ? save_stack+0x43/0xd0 [ 34.565626] ? __kasan_slab_free+0x11a/0x170 [ 34.570033] ? kasan_slab_free+0xe/0x10 [ 34.574010] ? putname+0xf2/0x130 [ 34.577467] ? __x64_sys_openat+0x9d/0x100 [ 34.581700] ? do_syscall_64+0x1b9/0x820 [ 34.585761] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.591128] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.595536] ? kasan_check_read+0x11/0x20 [ 34.599685] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.604093] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.608524] ? initcall_blacklisted+0x9a/0x1e0 [ 34.613113] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.618223] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.623944] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.629483] ? do_vfs_ioctl+0x201/0x1720 [ 34.633543] ? rcu_is_watching+0x8c/0x150 [ 34.637691] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.642016] ? ioctl_preallocate+0x300/0x300 [ 34.646428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.651970] ? __fget_light+0x2f7/0x440 [ 34.655951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.661493] ? smack_file_ioctl+0x210/0x3c0 [ 34.665814] ? fget_raw+0x20/0x20 [ 34.669279] ? smack_file_lock+0x2e0/0x2e0 [ 34.673523] do_group_exit+0x177/0x440 [ 34.677411] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.681731] ? __ia32_sys_exit+0x50/0x50 [ 34.685793] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.690901] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.696437] ? ksys_ioctl+0x81/0xd0 [ 34.700269] __x64_sys_exit_group+0x3e/0x50 [ 34.704592] do_syscall_64+0x1b9/0x820 [ 34.708480] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.713847] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.718777] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.723618] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.728632] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.733652] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.738676] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.743528] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.748717] RIP: 0033:0x43f028 [ 34.751917] Code: Bad RIP value. [ 34.755278] RSP: 002b:00007ffe5cca7978 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.762989] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 34.770257] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.777529] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.784799] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.792074] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 34.799356] [ 34.799366] ====================================================== [ 34.799372] WARNING: possible circular locking dependency detected [ 34.799375] 4.19.0-rc2+ #1 Not tainted [ 34.799381] ------------------------------------------------------ [ 34.799386] syz-executor607/4703 is trying to acquire lock: [ 34.799389] 000000009700c615 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 34.799404] [ 34.799408] but task is already holding lock: [ 34.799411] 000000000b1ed864 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.799426] [ 34.799430] which lock already depends on the new lock. [ 34.799432] [ 34.799435] [ 34.799440] the existing dependency chain (in reverse order) is: [ 34.799442] [ 34.799444] -> #3 (report_lock){....}: [ 34.799459] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.799463] kasan_report+0x8e/0x110 [ 34.799467] __asan_report_load8_noabort+0x14/0x20 [ 34.799471] __schedule+0xf54/0x1df0 [ 34.799475] preempt_schedule_common+0x22/0x60 [ 34.799479] _cond_resched+0x1d/0x30 [ 34.799483] wait_for_completion+0xa5/0x8d0 [ 34.799487] __synchronize_srcu+0x189/0x240 [ 34.799492] synchronize_srcu+0x335/0x56f [ 34.799496] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.799500] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.799504] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.799508] kvm_put_kvm+0x73f/0x1060 [ 34.799512] kvm_vm_release+0x42/0x50 [ 34.799515] __fput+0x38a/0xa40 [ 34.799519] ____fput+0x15/0x20 [ 34.799523] task_work_run+0x1e8/0x2a0 [ 34.799526] do_exit+0x1ae4/0x26e0 [ 34.799530] do_group_exit+0x177/0x440 [ 34.799534] __x64_sys_exit_group+0x3e/0x50 [ 34.799538] do_syscall_64+0x1b9/0x820 [ 34.799543] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.799545] [ 34.799547] -> #2 (&rq->lock){-.-.}: [ 34.799561] _raw_spin_lock+0x2a/0x40 [ 34.799565] task_fork_fair+0x93/0x680 [ 34.799569] sched_fork+0x44b/0xbd0 [ 34.799573] copy_process+0x235e/0x7af0 [ 34.799576] _do_fork+0x1ca/0x1170 [ 34.799580] kernel_thread+0x34/0x40 [ 34.799583] rest_init+0x22/0xe4 [ 34.799587] start_kernel+0x913/0x94e [ 34.799592] x86_64_start_reservations+0x29/0x2b [ 34.799596] x86_64_start_kernel+0x76/0x79 [ 34.799600] secondary_startup_64+0xa4/0xb0 [ 34.799602] [ 34.799604] -> #1 (&p->pi_lock){-.-.}: [ 34.799619] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.799623] try_to_wake_up+0xd2/0x1250 [ 34.799626] wake_up_process+0x10/0x20 [ 34.799630] __up.isra.1+0x1c0/0x2a0 [ 34.799633] up+0x13c/0x1c0 [ 34.799637] __up_console_sem+0xbe/0x1b0 [ 34.799641] console_unlock+0x506/0x10d0 [ 34.799645] vprintk_emit+0x33a/0x910 [ 34.799649] vprintk_default+0x28/0x30 [ 34.799653] vprintk_func+0x7a/0x117 [ 34.799656] printk+0xa7/0xcf [ 34.799659] load_umh+0x51/0xbd [ 34.799663] do_one_initcall+0x127/0x838 [ 34.799668] kernel_init_freeable+0x4bb/0x5ae [ 34.799671] kernel_init+0x11/0x1b3 [ 34.799675] ret_from_fork+0x3a/0x50 [ 34.799677] [ 34.799679] -> #0 ((console_sem).lock){-...}: [ 34.799694] lock_acquire+0x1e4/0x4f0 [ 34.799698] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.799702] down_trylock+0x13/0x70 [ 34.799706] __down_trylock_console_sem+0xae/0x200 [ 34.799710] console_trylock+0x15/0xa0 [ 34.799714] vprintk_emit+0x31f/0x910 [ 34.799718] vprintk_default+0x28/0x30 [ 34.799721] vprintk_func+0x7a/0x117 [ 34.799725] printk+0xa7/0xcf [ 34.799728] kasan_report+0x9e/0x110 [ 34.799733] __asan_report_load8_noabort+0x14/0x20 [ 34.799737] __schedule+0xf54/0x1df0 [ 34.799741] preempt_schedule_common+0x22/0x60 [ 34.799744] _cond_resched+0x1d/0x30 [ 34.799749] wait_for_completion+0xa5/0x8d0 [ 34.799753] __synchronize_srcu+0x189/0x240 [ 34.799757] synchronize_srcu+0x335/0x56f [ 34.799762] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.799766] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.799770] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.799774] kvm_put_kvm+0x73f/0x1060 [ 34.799777] kvm_vm_release+0x42/0x50 [ 34.799781] __fput+0x38a/0xa40 [ 34.799784] ____fput+0x15/0x20 [ 34.799788] task_work_run+0x1e8/0x2a0 [ 34.799792] do_exit+0x1ae4/0x26e0 [ 34.799796] do_group_exit+0x177/0x440 [ 34.799800] __x64_sys_exit_group+0x3e/0x50 [ 34.799804] do_syscall_64+0x1b9/0x820 [ 34.799809] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.799811] [ 34.799815] other info that might help us debug this: [ 34.799817] [ 34.799830] Chain exists of: [ 34.799833] (console_sem).lock --> &rq->lock --> report_lock [ 34.799851] [ 34.799855] Possible unsafe locking scenario: [ 34.799857] [ 34.799861] CPU0 CPU1 [ 34.799866] ---- ---- [ 34.799869] lock(report_lock); [ 34.799878] lock(&rq->lock); [ 34.799887] lock(report_lock); [ 34.799895] lock((console_sem).lock); [ 34.799903] [ 34.799906] *** DEADLOCK *** [ 34.799909] [ 34.799913] 2 locks held by syz-executor607/4703: [ 34.799915] #0: 00000000d49ab80f (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 34.799932] #1: 000000000b1ed864 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.799949] [ 34.799952] stack backtrace: [ 34.799958] CPU: 1 PID: 4703 Comm: syz-executor607 Not tainted 4.19.0-rc2+ #1 [ 34.799965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.799968] Call Trace: [ 34.799972] dump_stack+0x1c9/0x2b4 [ 34.799976] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.799980] ? vprintk_func+0x100/0x117 [ 34.799985] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 34.799989] ? save_trace+0xe0/0x290 [ 34.799993] __lock_acquire+0x3449/0x5020 [ 34.799997] ? mark_held_locks+0x160/0x160 [ 34.800000] ? mark_held_locks+0x160/0x160 [ 34.800005] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.800009] ? is_bpf_text_address+0xd7/0x170 [ 34.800013] ? kernel_text_address+0x79/0xf0 [ 34.800017] ? __kernel_text_address+0xd/0x40 [ 34.800021] ? __save_stack_trace+0x8d/0xf0 [ 34.800026] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 34.800029] ? save_trace+0x290/0x290 [ 34.800033] ? save_stack_trace+0x1a/0x20 [ 34.800037] ? save_trace+0xe0/0x290 [ 34.800041] ? graph_lock+0x170/0x170 [ 34.800045] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.800049] lock_acquire+0x1e4/0x4f0 [ 34.800053] ? down_trylock+0x13/0x70 [ 34.800057] ? lock_release+0x9f0/0x9f0 [ 34.800061] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.800065] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.800069] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.800073] ? log_store+0x34f/0x4c0 [ 34.800077] ? vprintk_emit+0x31f/0x910 [ 34.800081] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.800084] ? down_trylock+0x13/0x70 [ 34.800088] down_trylock+0x13/0x70 [ 34.800092] __down_trylock_console_sem+0xae/0x200 [ 34.800096] console_trylock+0x15/0xa0 [ 34.800100] vprintk_emit+0x31f/0x910 [ 34.800104] ? wake_up_klogd+0x110/0x110 [ 34.800108] ? run_rebalance_domains+0x4c0/0x4c0 [ 34.800112] ? kasan_check_read+0x11/0x20 [ 34.800116] ? rcu_is_watching+0x8c/0x150 [ 34.800120] ? rcu_pm_notify+0xc0/0xc0 [ 34.800124] ? lock_acquire+0x1e4/0x4f0 [ 34.800128] ? kasan_report+0x8e/0x110 [ 34.800131] ? __schedule+0xf54/0x1df0 [ 34.800135] vprintk_default+0x28/0x30 [ 34.800139] vprintk_func+0x7a/0x117 [ 34.800142] printk+0xa7/0xcf [ 34.800146] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.800150] ? kasan_check_write+0x14/0x20 [ 34.800154] ? do_raw_spin_lock+0xc1/0x200 [ 34.800158] ? do_raw_spin_lock+0xc1/0x200 [ 34.800162] kasan_report+0x9e/0x110 [ 34.800166] __asan_report_load8_noabort+0x14/0x20 [ 34.800170] __schedule+0xf54/0x1df0 [ 34.800175] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.800179] ? __sched_text_start+0x8/0x8 [ 34.800182] ? __call_srcu+0x7e7/0x1040 [ 34.800186] ? check_same_owner+0x340/0x340 [ 34.800190] ? mark_held_locks+0x160/0x160 [ 34.800194] ? find_held_lock+0x36/0x1c0 [ 34.800199] preempt_schedule_common+0x22/0x60 [ 34.800202] _cond_resched+0x1d/0x30 [ 34.800206] wait_for_completion+0xa5/0x8d0 [ 34.800211] ? wait_for_completion_interruptible+0x950/0x950 [ 34.800216] ? __lockdep_init_map+0x105/0x590 [ 34.800220] ? __init_waitqueue_head+0x9e/0x150 [ 34.800224] ? init_wait_entry+0x1c0/0x1c0 [ 34.800228] __synchronize_srcu+0x189/0x240 [ 34.800232] ? call_srcu+0x10/0x10 [ 34.800236] ? rcu_unexpedite_gp+0x20/0x20 [ 34.800240] synchronize_srcu+0x335/0x56f [ 34.800244] ? lock_downgrade+0x8f0/0x8f0 [ 34.800248] ? synchronize_srcu_expedited+0x20/0x20 [ 34.800252] ? kasan_check_read+0x11/0x20 [ 34.800256] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.800260] ? kasan_check_write+0x14/0x20 [ 34.800264] ? do_raw_spin_lock+0xc1/0x200 [ 34.800269] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.800274] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.800277] ? kvfree+0x61/0x70 [ 34.800282] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.800286] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.800290] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.800294] ? kvm_arch_sync_events+0x30/0x30 [ 34.800299] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.800303] ? mmu_notifier_unregister+0x474/0x600 [ 34.800307] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.800311] ? kfree+0x111/0x210 [ 34.800315] ? __mmu_notifier_register+0x30/0x30 [ 34.800319] ? __free_pages+0x10a/0x190 [ 34.800323] ? free_unref_page+0x930/0x930 [ 34.800327] kvm_put_kvm+0x73f/0x1060 [ 34.800331] ? kvm_write_guest_cached+0x40/0x40 [ 34.800335] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.800339] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.800343] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.800347] ? kasan_check_write+0x14/0x20 [ 34.800351] ? do_raw_spin_lock+0xc1/0x200 [ 34.800355] ? kvm_irqfd_release+0xdd/0x120 [ 34.800359] ? kvm_irqfd_release+0xdd/0x120 [ 34.800369] ? kvm_put_kvm+0x1060/0x1060 [ 34.800373] kvm_vm_release+0x42/0x50 [ 34.800376] __fput+0x38a/0xa40 [ 34.800380] ? __alloc_file+0x400/0x400 [ 34.800384] ? check_same_owner+0x340/0x340 [ 34.800388] ? kasan_check_write+0x14/0x20 [ 34.800392] ? do_raw_spin_lock+0xc1/0x200 [ 34.800396] ____fput+0x15/0x20 [ 34.800400] task_work_run+0x1e8/0x2a0 [ 34.800404] ? task_work_cancel+0x240/0x240 [ 34.800408] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.800413] ? switch_task_namespaces+0xa2/0xd0 [ 34.800416] do_exit+0x1ae4/0x26e0 [ 34.800420] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.800424] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.800429] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.800432] ? kfree+0x1d7/0x210 [ 34.800436] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.800441] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.800445] ? is_bpf_text_address+0xd7/0x170 [ 34.800448] ? ker [ 34.800455] Lost 54 message(s)! [ 35.860173] Shutting down cpus with NMI [ 36.920077] Dumping ftrace buffer: [ 36.923614] (ftrace buffer empty) [ 36.927312] Kernel Offset: disabled [ 36.930925] Rebooting in 86400 seconds..