[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.450847] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.491258] random: sshd: uninitialized urandom read (32 bytes read) [ 26.766496] random: sshd: uninitialized urandom read (32 bytes read) [ 27.290416] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.59' (ECDSA) to the list of known hosts. [ 33.123105] urandom_read: 1 callbacks suppressed [ 33.123110] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.224490] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.250173] ================================================================== [ 33.260053] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.266284] Read of size 8 at addr ffff8801b8f08058 by task syz-executor192/4654 [ 33.273814] [ 33.275444] CPU: 1 PID: 4654 Comm: syz-executor192 Not tainted 4.19.0-rc1+ #216 [ 33.282885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.292235] Call Trace: [ 33.294831] dump_stack+0x1c9/0x2b4 [ 33.298469] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.303655] ? printk+0xa7/0xcf [ 33.306934] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.311700] ? __schedule+0xf54/0x1df0 [ 33.315585] print_address_description+0x6c/0x20b [ 33.320424] ? __schedule+0xf54/0x1df0 [ 33.324316] kasan_report.cold.7+0x242/0x30d [ 33.328723] __asan_report_load8_noabort+0x14/0x20 [ 33.333648] __schedule+0xf54/0x1df0 [ 33.337366] ? __sched_text_start+0x8/0x8 [ 33.341509] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 33.347073] ? __call_srcu+0x7e7/0x1040 [ 33.351052] ? check_same_owner+0x340/0x340 [ 33.355370] ? mark_held_locks+0x160/0x160 [ 33.359599] ? find_held_lock+0x36/0x1c0 [ 33.363667] preempt_schedule_common+0x22/0x60 [ 33.368246] _cond_resched+0x1d/0x30 [ 33.371964] wait_for_completion+0xa5/0x8d0 [ 33.376287] ? wait_for_completion_interruptible+0x950/0x950 [ 33.382082] ? __lockdep_init_map+0x105/0x590 [ 33.386575] ? __init_waitqueue_head+0x9e/0x150 [ 33.391235] ? init_wait_entry+0x1c0/0x1c0 [ 33.395479] __synchronize_srcu+0x189/0x240 [ 33.399794] ? call_srcu+0x10/0x10 [ 33.403331] ? rcu_unexpedite_gp+0x20/0x20 [ 33.407569] synchronize_srcu+0x335/0x56f [ 33.411714] ? lock_downgrade+0x8f0/0x8f0 [ 33.415856] ? synchronize_srcu_expedited+0x20/0x20 [ 33.420875] ? kasan_check_read+0x11/0x20 [ 33.425023] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.429604] ? kasan_check_write+0x14/0x20 [ 33.433837] ? do_raw_spin_lock+0xc1/0x200 [ 33.438082] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.443794] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.449241] ? kvfree+0x61/0x70 [ 33.452518] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.457532] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.461587] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.466002] ? kvm_arch_sync_events+0x30/0x30 [ 33.470501] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.476036] ? mmu_notifier_unregister+0x474/0x600 [ 33.480966] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.485370] ? kfree+0x111/0x210 [ 33.488736] ? __mmu_notifier_register+0x30/0x30 [ 33.493489] ? __free_pages+0x10a/0x190 [ 33.497463] ? free_unref_page+0x930/0x930 [ 33.501705] kvm_put_kvm+0x73f/0x1060 [ 33.505510] ? kvm_write_guest_cached+0x40/0x40 [ 33.510178] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.514667] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.519160] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.523746] ? kasan_check_write+0x14/0x20 [ 33.527981] ? do_raw_spin_lock+0xc1/0x200 [ 33.532212] ? kvm_irqfd_release+0xdd/0x120 [ 33.536528] ? kvm_irqfd_release+0xdd/0x120 [ 33.540848] ? kvm_put_kvm+0x1060/0x1060 [ 33.544903] kvm_vm_release+0x42/0x50 [ 33.548699] __fput+0x38a/0xa40 [ 33.551981] ? __alloc_file+0x400/0x400 [ 33.555961] ? check_same_owner+0x340/0x340 [ 33.560282] ? kasan_check_write+0x14/0x20 [ 33.564512] ? do_raw_spin_lock+0xc1/0x200 [ 33.568744] ____fput+0x15/0x20 [ 33.572016] task_work_run+0x1e8/0x2a0 [ 33.575897] ? task_work_cancel+0x240/0x240 [ 33.580219] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.585751] ? switch_task_namespaces+0xa2/0xd0 [ 33.590435] do_exit+0x1ae4/0x26e0 [ 33.593982] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.598655] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.602896] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.607907] ? kfree+0x1d7/0x210 [ 33.611270] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.615504] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.621213] ? is_bpf_text_address+0xd7/0x170 [ 33.625702] ? kernel_text_address+0x79/0xf0 [ 33.630103] ? __kernel_text_address+0xd/0x40 [ 33.634593] ? unwind_get_return_address+0x61/0xa0 [ 33.639534] ? __save_stack_trace+0x8d/0xf0 [ 33.643857] ? save_stack+0xa9/0xd0 [ 33.647481] ? save_stack+0x43/0xd0 [ 33.651104] ? __kasan_slab_free+0x11a/0x170 [ 33.655504] ? kasan_slab_free+0xe/0x10 [ 33.659473] ? putname+0xf2/0x130 [ 33.662924] ? __x64_sys_openat+0x9d/0x100 [ 33.667160] ? do_syscall_64+0x1b9/0x820 [ 33.671220] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.676581] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.680985] ? kasan_check_read+0x11/0x20 [ 33.685129] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.689537] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.693955] ? initcall_blacklisted+0x9a/0x1e0 [ 33.698540] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.703647] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.709356] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.714889] ? do_vfs_ioctl+0x201/0x1720 [ 33.718956] ? rcu_is_watching+0x8c/0x150 [ 33.723101] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.727424] ? ioctl_preallocate+0x300/0x300 [ 33.731830] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.737363] ? __fget_light+0x2f7/0x440 [ 33.741335] ? fget_raw+0x20/0x20 [ 33.744783] ? putname+0xf2/0x130 [ 33.748232] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.753241] ? kmem_cache_free+0x246/0x280 [ 33.757474] ? putname+0xf7/0x130 [ 33.760928] do_group_exit+0x177/0x440 [ 33.764819] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.769135] ? __ia32_sys_exit+0x50/0x50 [ 33.773195] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.778296] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.783834] ? ksys_ioctl+0x81/0xd0 [ 33.787472] __x64_sys_exit_group+0x3e/0x50 [ 33.791797] do_syscall_64+0x1b9/0x820 [ 33.795686] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.801050] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.805984] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.810826] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.815841] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.820855] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.825696] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.830876] RIP: 0033:0x43ecc8 [ 33.834068] Code: Bad RIP value. [ 33.837421] RSP: 002b:00007fffc3501f48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.845129] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 33.852393] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.859653] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.866913] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.874182] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.881451] [ 33.883073] Allocated by task 4654: [ 33.886696] save_stack+0x43/0xd0 [ 33.890141] kasan_kmalloc+0xc4/0xe0 [ 33.893854] kasan_slab_alloc+0x12/0x20 [ 33.897820] kmem_cache_alloc+0x12e/0x710 [ 33.901967] vmx_create_vcpu+0xcf/0x2830 [ 33.906025] kvm_arch_vcpu_create+0xe5/0x220 [ 33.910430] kvm_vm_ioctl+0x488/0x1d80 [ 33.914317] do_vfs_ioctl+0x1de/0x1720 [ 33.918201] ksys_ioctl+0xa9/0xd0 [ 33.921648] __x64_sys_ioctl+0x73/0xb0 [ 33.925534] do_syscall_64+0x1b9/0x820 [ 33.929417] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.934590] [ 33.936206] Freed by task 4654: [ 33.939484] save_stack+0x43/0xd0 [ 33.942931] __kasan_slab_free+0x11a/0x170 [ 33.947167] kasan_slab_free+0xe/0x10 [ 33.950964] kmem_cache_free+0x86/0x280 [ 33.954934] vmx_free_vcpu+0x26b/0x300 [ 33.958827] kvm_arch_destroy_vm+0x365/0x7c0 [ 33.963234] kvm_put_kvm+0x73f/0x1060 [ 33.967039] kvm_vm_release+0x42/0x50 [ 33.970833] __fput+0x38a/0xa40 [ 33.974105] ____fput+0x15/0x20 [ 33.977379] task_work_run+0x1e8/0x2a0 [ 33.981262] do_exit+0x1ae4/0x26e0 [ 33.984795] do_group_exit+0x177/0x440 [ 33.988674] __x64_sys_exit_group+0x3e/0x50 [ 33.992988] do_syscall_64+0x1b9/0x820 [ 33.996868] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.002042] [ 34.003671] The buggy address belongs to the object at ffff8801b8f08040 [ 34.003671] which belongs to the cache kvm_vcpu of size 23872 [ 34.016236] The buggy address is located 24 bytes inside of [ 34.016236] 23872-byte region [ffff8801b8f08040, ffff8801b8f0dd80) [ 34.028188] The buggy address belongs to the page: [ 34.033110] page:ffffea0006e3c200 count:1 mapcount:0 mapping:ffff8801d5166c00 index:0x0 compound_mapcount: 0 [ 34.043073] flags: 0x2fffc0000008100(slab|head) [ 34.047769] raw: 02fffc0000008100 ffff8801d5163948 ffff8801d5163948 ffff8801d5166c00 [ 34.055647] raw: 0000000000000000 ffff8801b8f08040 0000000100000001 0000000000000000 [ 34.063520] page dumped because: kasan: bad access detected [ 34.069221] [ 34.070835] Memory state around the buggy address: [ 34.075761] ffff8801b8f07f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.083115] ffff8801b8f07f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.090470] >ffff8801b8f08000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.097818] ^ [ 34.104042] ffff8801b8f08080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.111393] ffff8801b8f08100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.118736] ================================================================== [ 34.126088] Kernel panic - not syncing: panic_on_warn set ... [ 34.126088] [ 34.133461] CPU: 1 PID: 4654 Comm: syz-executor192 Tainted: G B 4.19.0-rc1+ #216 [ 34.142291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.151662] Call Trace: [ 34.154259] dump_stack+0x1c9/0x2b4 [ 34.157889] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.163080] ? lock_downgrade+0x8f0/0x8f0 [ 34.167223] ? __schedule+0xf54/0x1df0 [ 34.171105] panic+0x238/0x4e7 [ 34.174295] ? add_taint.cold.5+0x16/0x16 [ 34.178441] ? print_shadow_for_address+0xba/0x116 [ 34.183372] ? trace_hardirqs_off+0xaf/0x2b0 [ 34.187776] ? trace_hardirqs_off+0x77/0x2b0 [ 34.192180] ? __schedule+0xf54/0x1df0 [ 34.196073] kasan_end_report+0x47/0x4f [ 34.200044] kasan_report.cold.7+0x76/0x30d [ 34.204363] __asan_report_load8_noabort+0x14/0x20 [ 34.209292] __schedule+0xf54/0x1df0 [ 34.213009] ? __sched_text_start+0x8/0x8 [ 34.217155] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 34.222255] ? __call_srcu+0x7e7/0x1040 [ 34.226233] ? check_same_owner+0x340/0x340 [ 34.230553] ? mark_held_locks+0x160/0x160 [ 34.234785] ? find_held_lock+0x36/0x1c0 [ 34.238844] preempt_schedule_common+0x22/0x60 [ 34.243421] _cond_resched+0x1d/0x30 [ 34.247130] wait_for_completion+0xa5/0x8d0 [ 34.251448] ? wait_for_completion_interruptible+0x950/0x950 [ 34.257248] ? __lockdep_init_map+0x105/0x590 [ 34.261740] ? __init_waitqueue_head+0x9e/0x150 [ 34.266402] ? init_wait_entry+0x1c0/0x1c0 [ 34.270636] __synchronize_srcu+0x189/0x240 [ 34.274960] ? call_srcu+0x10/0x10 [ 34.278618] ? rcu_unexpedite_gp+0x20/0x20 [ 34.282856] synchronize_srcu+0x335/0x56f [ 34.286997] ? lock_downgrade+0x8f0/0x8f0 [ 34.291138] ? synchronize_srcu_expedited+0x20/0x20 [ 34.296154] ? kasan_check_read+0x11/0x20 [ 34.300297] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.304879] ? kasan_check_write+0x14/0x20 [ 34.309109] ? do_raw_spin_lock+0xc1/0x200 [ 34.313344] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.319052] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.324498] ? kvfree+0x61/0x70 [ 34.327778] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.332792] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.336849] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.341258] ? kvm_arch_sync_events+0x30/0x30 [ 34.345994] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.351531] ? mmu_notifier_unregister+0x474/0x600 [ 34.356453] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.360861] ? kfree+0x111/0x210 [ 34.364225] ? __mmu_notifier_register+0x30/0x30 [ 34.368980] ? __free_pages+0x10a/0x190 [ 34.372959] ? free_unref_page+0x930/0x930 [ 34.377203] kvm_put_kvm+0x73f/0x1060 [ 34.381004] ? kvm_write_guest_cached+0x40/0x40 [ 34.385672] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.390163] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.394654] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.399235] ? kasan_check_write+0x14/0x20 [ 34.403483] ? do_raw_spin_lock+0xc1/0x200 [ 34.407716] ? kvm_irqfd_release+0xdd/0x120 [ 34.412032] ? kvm_irqfd_release+0xdd/0x120 [ 34.416350] ? kvm_put_kvm+0x1060/0x1060 [ 34.420410] kvm_vm_release+0x42/0x50 [ 34.424202] __fput+0x38a/0xa40 [ 34.427479] ? __alloc_file+0x400/0x400 [ 34.431461] ? check_same_owner+0x340/0x340 [ 34.435778] ? kasan_check_write+0x14/0x20 [ 34.440005] ? do_raw_spin_lock+0xc1/0x200 [ 34.444234] ____fput+0x15/0x20 [ 34.447511] task_work_run+0x1e8/0x2a0 [ 34.451398] ? task_work_cancel+0x240/0x240 [ 34.455718] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.461252] ? switch_task_namespaces+0xa2/0xd0 [ 34.465919] do_exit+0x1ae4/0x26e0 [ 34.469471] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.474142] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.478373] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.483384] ? kfree+0x1d7/0x210 [ 34.486751] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.490990] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.496700] ? is_bpf_text_address+0xd7/0x170 [ 34.501196] ? kernel_text_address+0x79/0xf0 [ 34.505600] ? __kernel_text_address+0xd/0x40 [ 34.510094] ? unwind_get_return_address+0x61/0xa0 [ 34.515024] ? __save_stack_trace+0x8d/0xf0 [ 34.519347] ? save_stack+0xa9/0xd0 [ 34.522978] ? save_stack+0x43/0xd0 [ 34.526601] ? __kasan_slab_free+0x11a/0x170 [ 34.531005] ? kasan_slab_free+0xe/0x10 [ 34.534983] ? putname+0xf2/0x130 [ 34.538431] ? __x64_sys_openat+0x9d/0x100 [ 34.542665] ? do_syscall_64+0x1b9/0x820 [ 34.546720] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.552079] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.556482] ? kasan_check_read+0x11/0x20 [ 34.560624] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.565026] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.569431] ? initcall_blacklisted+0x9a/0x1e0 [ 34.574020] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.579126] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.584837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.590368] ? do_vfs_ioctl+0x201/0x1720 [ 34.594422] ? rcu_is_watching+0x8c/0x150 [ 34.598561] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.602880] ? ioctl_preallocate+0x300/0x300 [ 34.607284] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.612815] ? __fget_light+0x2f7/0x440 [ 34.616782] ? fget_raw+0x20/0x20 [ 34.620226] ? putname+0xf2/0x130 [ 34.623675] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.628687] ? kmem_cache_free+0x246/0x280 [ 34.632915] ? putname+0xf7/0x130 [ 34.636375] do_group_exit+0x177/0x440 [ 34.640259] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.644572] ? __ia32_sys_exit+0x50/0x50 [ 34.648628] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.653729] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.659262] ? ksys_ioctl+0x81/0xd0 [ 34.662889] __x64_sys_exit_group+0x3e/0x50 [ 34.667207] do_syscall_64+0x1b9/0x820 [ 34.671090] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.676451] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.681378] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.686218] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.691230] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.696247] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.701086] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.706269] RIP: 0033:0x43ecc8 [ 34.709465] Code: Bad RIP value. [ 34.712818] RSP: 002b:00007fffc3501f48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.720525] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 34.727788] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.735051] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.742314] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.749575] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.756852] [ 34.756858] ====================================================== [ 34.756864] WARNING: possible circular locking dependency detected [ 34.756867] 4.19.0-rc1+ #216 Not tainted [ 34.756873] ------------------------------------------------------ [ 34.756878] syz-executor192/4654 is trying to acquire lock: [ 34.756882] 000000007bd67b49 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 34.756897] [ 34.756901] but task is already holding lock: [ 34.756904] 0000000088592f08 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.756918] [ 34.756923] which lock already depends on the new lock. [ 34.756925] [ 34.756928] [ 34.756932] the existing dependency chain (in reverse order) is: [ 34.756935] [ 34.756937] -> #3 (report_lock){....}: [ 34.756960] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.756964] kasan_report+0x8e/0x110 [ 34.756969] __asan_report_load8_noabort+0x14/0x20 [ 34.756972] __schedule+0xf54/0x1df0 [ 34.756977] preempt_schedule_common+0x22/0x60 [ 34.756981] _cond_resched+0x1d/0x30 [ 34.756985] wait_for_completion+0xa5/0x8d0 [ 34.756989] __synchronize_srcu+0x189/0x240 [ 34.756993] synchronize_srcu+0x335/0x56f [ 34.756998] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.757002] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.757007] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.757010] kvm_put_kvm+0x73f/0x1060 [ 34.757014] kvm_vm_release+0x42/0x50 [ 34.757018] __fput+0x38a/0xa40 [ 34.757021] ____fput+0x15/0x20 [ 34.757025] task_work_run+0x1e8/0x2a0 [ 34.757029] do_exit+0x1ae4/0x26e0 [ 34.757033] do_group_exit+0x177/0x440 [ 34.757037] __x64_sys_exit_group+0x3e/0x50 [ 34.757041] do_syscall_64+0x1b9/0x820 [ 34.757046] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.757048] [ 34.757051] -> #2 (&rq->lock){-.-.}: [ 34.757065] _raw_spin_lock+0x2a/0x40 [ 34.757069] task_fork_fair+0x93/0x680 [ 34.757072] sched_fork+0x44b/0xbd0 [ 34.757076] copy_process+0x235e/0x7ad0 [ 34.757080] _do_fork+0x1ca/0x1170 [ 34.757084] kernel_thread+0x34/0x40 [ 34.757087] rest_init+0x22/0xe4 [ 34.757091] start_kernel+0x913/0x94e [ 34.757096] x86_64_start_reservations+0x29/0x2b [ 34.757100] x86_64_start_kernel+0x76/0x79 [ 34.757104] secondary_startup_64+0xa4/0xb0 [ 34.757106] [ 34.757108] -> #1 (&p->pi_lock){-.-.}: [ 34.757123] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.757127] try_to_wake_up+0xd2/0x1250 [ 34.757131] wake_up_process+0x10/0x20 [ 34.757135] __up.isra.1+0x1c0/0x2a0 [ 34.757138] up+0x13c/0x1c0 [ 34.757142] __up_console_sem+0xbe/0x1b0 [ 34.757146] console_unlock+0x506/0x10d0 [ 34.757150] vprintk_emit+0x33a/0x910 [ 34.757154] vprintk_default+0x28/0x30 [ 34.757158] vprintk_func+0x7a/0x117 [ 34.757161] printk+0xa7/0xcf [ 34.757165] load_umh+0x51/0xbd [ 34.757169] do_one_initcall+0x127/0x838 [ 34.757173] kernel_init_freeable+0x4bb/0x5ae [ 34.757177] kernel_init+0x11/0x1b3 [ 34.757181] ret_from_fork+0x3a/0x50 [ 34.757183] [ 34.757185] -> #0 ((console_sem).lock){-...}: [ 34.757200] lock_acquire+0x1e4/0x4f0 [ 34.757204] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.757208] down_trylock+0x13/0x70 [ 34.757213] __down_trylock_console_sem+0xae/0x200 [ 34.757216] console_trylock+0x15/0xa0 [ 34.757220] vprintk_emit+0x31f/0x910 [ 34.757224] vprintk_default+0x28/0x30 [ 34.757228] vprintk_func+0x7a/0x117 [ 34.757232] printk+0xa7/0xcf [ 34.757235] kasan_report+0x9e/0x110 [ 34.757240] __asan_report_load8_noabort+0x14/0x20 [ 34.757244] __schedule+0xf54/0x1df0 [ 34.757248] preempt_schedule_common+0x22/0x60 [ 34.757252] _cond_resched+0x1d/0x30 [ 34.757256] wait_for_completion+0xa5/0x8d0 [ 34.757260] __synchronize_srcu+0x189/0x240 [ 34.757264] synchronize_srcu+0x335/0x56f [ 34.757269] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.757273] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.757278] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.757281] kvm_put_kvm+0x73f/0x1060 [ 34.757285] kvm_vm_release+0x42/0x50 [ 34.757289] __fput+0x38a/0xa40 [ 34.757293] ____fput+0x15/0x20 [ 34.757296] task_work_run+0x1e8/0x2a0 [ 34.757300] do_exit+0x1ae4/0x26e0 [ 34.757304] do_group_exit+0x177/0x440 [ 34.757308] __x64_sys_exit_group+0x3e/0x50 [ 34.757312] do_syscall_64+0x1b9/0x820 [ 34.757317] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.757319] [ 34.757324] other info that might help us debug this: [ 34.757326] [ 34.757329] Chain exists of: [ 34.757331] (console_sem).lock --> &rq->lock --> report_lock [ 34.757350] [ 34.757354] Possible unsafe locking scenario: [ 34.757356] [ 34.757360] CPU0 CPU1 [ 34.757364] ---- ---- [ 34.757367] lock(report_lock); [ 34.757383] lock(&rq->lock); [ 34.757392] lock(report_lock); [ 34.757400] lock((console_sem).lock); [ 34.757408] [ 34.757411] *** DEADLOCK *** [ 34.757414] [ 34.757418] 2 locks held by syz-executor192/4654: [ 34.757420] #0: 0000000077ba57a0 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 34.757437] #1: 0000000088592f08 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.757454] [ 34.757463] stack backtrace: [ 34.757469] CPU: 1 PID: 4654 Comm: syz-executor192 Not tainted 4.19.0-rc1+ #216 [ 34.757476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.757479] Call Trace: [ 34.757483] dump_stack+0x1c9/0x2b4 [ 34.757488] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.757492] ? vprintk_func+0x100/0x117 [ 34.757497] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 34.757500] ? save_trace+0xe0/0x290 [ 34.757505] __lock_acquire+0x3449/0x5020 [ 34.757509] ? mark_held_locks+0x160/0x160 [ 34.757513] ? mark_held_locks+0x160/0x160 [ 34.757517] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.757521] ? is_bpf_text_address+0xd7/0x170 [ 34.757526] ? kernel_text_address+0x79/0xf0 [ 34.757530] ? __kernel_text_address+0xd/0x40 [ 34.757534] ? __save_stack_trace+0x8d/0xf0 [ 34.757538] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 34.757542] ? save_trace+0x290/0x290 [ 34.757546] ? save_stack_trace+0x1a/0x20 [ 34.757550] ? save_trace+0xe0/0x290 [ 34.757554] ? graph_lock+0x170/0x170 [ 34.757559] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.757563] lock_acquire+0x1e4/0x4f0 [ 34.757566] ? down_trylock+0x13/0x70 [ 34.757570] ? lock_release+0x9f0/0x9f0 [ 34.757575] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.757579] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.757583] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.757587] ? log_store+0x34f/0x4c0 [ 34.757591] ? vprintk_emit+0x31f/0x910 [ 34.757595] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.757599] ? down_trylock+0x13/0x70 [ 34.757602] down_trylock+0x13/0x70 [ 34.757607] __down_trylock_console_sem+0xae/0x200 [ 34.757611] console_trylock+0x15/0xa0 [ 34.757615] vprintk_emit+0x31f/0x910 [ 34.757619] ? wake_up_klogd+0x110/0x110 [ 34.757623] ? run_rebalance_domains+0x4c0/0x4c0 [ 34.757627] ? kasan_check_read+0x11/0x20 [ 34.757631] ? rcu_is_watching+0x8c/0x150 [ 34.757635] ? rcu_pm_notify+0xc0/0xc0 [ 34.757639] ? lock_acquire+0x1e4/0x4f0 [ 34.757643] ? kasan_report+0x8e/0x110 [ 34.757647] ? __schedule+0xf54/0x1df0 [ 34.757650] vprintk_default+0x28/0x30 [ 34.757654] vprintk_func+0x7a/0x117 [ 34.757658] printk+0xa7/0xcf [ 34.757662] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.757666] ? kasan_check_write+0x14/0x20 [ 34.757670] ? do_raw_spin_lock+0xc1/0x200 [ 34.757674] ? do_raw_spin_lock+0xc1/0x200 [ 34.757678] kasan_report+0x9e/0x110 [ 34.757682] __asan_report_load8_noabort+0x14/0x20 [ 34.757686] __schedule+0xf54/0x1df0 [ 34.757690] ? __sched_text_start+0x8/0x8 [ 34.757695] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 34.757699] ? __call_srcu+0x7e7/0x1040 [ 34.757703] ? check_same_owner+0x340/0x340 [ 34.757707] ? mark_held_locks+0x160/0x160 [ 34.757711] ? find_held_lock+0x36/0x1c0 [ 34.757715] preempt_schedule_common+0x22/0x60 [ 34.757719] _cond_resched+0x1d/0x30 [ 34.757723] wait_for_completion+0xa5/0x8d0 [ 34.757728] ? wait_for_completion_interruptible+0x950/0x950 [ 34.757732] ? __lockdep_init_map+0x105/0x590 [ 34.757737] ? __init_waitqueue_head+0x9e/0x150 [ 34.757741] ? init_wait_entry+0x1c0/0x1c0 [ 34.757745] __synchronize_srcu+0x189/0x240 [ 34.757748] ? call_srcu+0x10/0x10 [ 34.757753] ? rcu_unexpedite_gp+0x20/0x20 [ 34.757757] synchronize_srcu+0x335/0x56f [ 34.757761] ? lock_downgrade+0x8f0/0x8f0 [ 34.757765] ? synchronize_srcu_expedited+0x20/0x20 [ 34.757770] ? kasan_check_read+0x11/0x20 [ 34.757774] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.757778] ? kasan_check_write+0x14/0x20 [ 34.757782] ? do_raw_spin_lock+0xc1/0x200 [ 34.757787] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.757792] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.757795] ? kvfree+0x61/0x70 [ 34.757800] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.757804] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.757808] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.757812] ? kvm_arch_sync_events+0x30/0x30 [ 34.757817] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.757822] ? mmu_notifier_unregister+0x474/0x600 [ 34.757826] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.757830] ? kfree+0x111/0x210 [ 34.757834] ? __mmu_notifier_register+0x30/0x30 [ 34.757838] ? __free_pages+0x10a/0x190 [ 34.757842] ? free_unref_page+0x930/0x930 [ 34.757846] kvm_put_kvm+0x73f/0x1060 [ 34.757850] ? kvm_write_guest_cached+0x40/0x40 [ 34.757854] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.757859] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.757863] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.757867] ? kasan_check_write+0x14/0x20 [ 34.757871] ? do_raw_spin_lock+0xc1/0x200 [ 34.757875] ? kvm_irqfd_release+0xdd/0x120 [ 34.757879] ? kvm_irqfd_release+0xdd/0x120 [ 34.757883] ? kvm_put_kvm+0x1060/0x1060 [ 34.757887] kvm_vm_release+0x42/0x50 [ 34.757891] __fput+0x38a/0xa40 [ 34.757895] ? __alloc_file+0x400/0x400 [ 34.757899] ? check_same_owner+0x340/0x340 [ 34.757903] ? kasan_check_write+0x14/0x20 [ 34.757907] ? do_raw_spin_lock+0xc1/0x200 [ 34.757911] ____fput+0x15/0x20 [ 34.757914] task_work_run+0x1e8/0x2a0 [ 34.757919] ? task_work_cancel+0x240/0x240 [ 34.757923] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.757928] ? switch_task_namespaces+0xa2/0xd0 [ 34.757931] do_exit+0x1ae4/0x26e0 [ 34.757936] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.757940] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.757951] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.757955] ? kfree+0x1d7/0x210 [ 34.757959] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.757965] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.757969] ? is_bpf_text_address+0xd7/0x170 [ 34.757971] ? [ 34.757978] Lost 54 message(s)! [ 35.830833] Shutting down cpus with NMI [ 36.889561] Dumping ftrace buffer: [ 36.893086] (ftrace buffer empty) [ 36.896774] Kernel Offset: disabled [ 36.900380] Rebooting in 86400 seconds..