[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.903314] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 24.692079] random: sshd: uninitialized urandom read (32 bytes read) [ 25.061384] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.627713] random: sshd: uninitialized urandom read (32 bytes read) [ 25.806876] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. [ 31.364152] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 31.463813] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 31.488679] ================================================================== [ 31.498572] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 31.504807] Read of size 8 at addr ffff8801bce08058 by task syz-executor080/4691 [ 31.512325] [ 31.513950] CPU: 0 PID: 4691 Comm: syz-executor080 Not tainted 4.19.0-rc1+ #216 [ 31.521385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.530726] Call Trace: [ 31.533324] dump_stack+0x1c9/0x2b4 [ 31.536952] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.542139] ? printk+0xa7/0xcf [ 31.545415] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 31.550177] ? __schedule+0xf54/0x1df0 [ 31.554065] print_address_description+0x6c/0x20b [ 31.558916] ? __schedule+0xf54/0x1df0 [ 31.562802] kasan_report.cold.7+0x242/0x30d [ 31.567211] __asan_report_load8_noabort+0x14/0x20 [ 31.572140] __schedule+0xf54/0x1df0 [ 31.575852] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.580954] ? __sched_text_start+0x8/0x8 [ 31.585113] ? __call_srcu+0x7e7/0x1040 [ 31.589113] ? check_same_owner+0x340/0x340 [ 31.593433] ? mark_held_locks+0x160/0x160 [ 31.597665] ? find_held_lock+0x36/0x1c0 [ 31.601725] preempt_schedule_common+0x22/0x60 [ 31.606303] _cond_resched+0x1d/0x30 [ 31.610013] wait_for_completion+0xa5/0x8d0 [ 31.614337] ? wait_for_completion_interruptible+0x950/0x950 [ 31.620137] ? __lockdep_init_map+0x105/0x590 [ 31.624645] ? __init_waitqueue_head+0x9e/0x150 [ 31.629311] ? init_wait_entry+0x1c0/0x1c0 [ 31.633572] __synchronize_srcu+0x189/0x240 [ 31.637901] ? call_srcu+0x10/0x10 [ 31.641441] ? rcu_unexpedite_gp+0x20/0x20 [ 31.645679] synchronize_srcu+0x335/0x56f [ 31.649845] ? lock_downgrade+0x8f0/0x8f0 [ 31.654013] ? synchronize_srcu_expedited+0x20/0x20 [ 31.659030] ? kasan_check_read+0x11/0x20 [ 31.663178] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 31.667760] ? kasan_check_write+0x14/0x20 [ 31.672007] ? do_raw_spin_lock+0xc1/0x200 [ 31.676243] kvm_page_track_unregister_notifier+0x17d/0x250 [ 31.681955] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 31.687404] ? kvfree+0x61/0x70 [ 31.690686] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.695704] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.699789] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 31.704193] ? kvm_arch_sync_events+0x30/0x30 [ 31.708687] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.714220] ? mmu_notifier_unregister+0x474/0x600 [ 31.719144] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.723557] ? kfree+0x111/0x210 [ 31.726923] ? __mmu_notifier_register+0x30/0x30 [ 31.731684] ? __free_pages+0x10a/0x190 [ 31.735659] ? free_unref_page+0x930/0x930 [ 31.739921] kvm_put_kvm+0x73f/0x1060 [ 31.743750] ? kvm_write_guest_cached+0x40/0x40 [ 31.748434] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.752928] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.757423] ? lockdep_hardirqs_on+0x421/0x5c0 [ 31.762017] ? kasan_check_write+0x14/0x20 [ 31.766247] ? do_raw_spin_lock+0xc1/0x200 [ 31.770495] ? kvm_irqfd_release+0xdd/0x120 [ 31.774809] ? kvm_irqfd_release+0xdd/0x120 [ 31.779128] ? kvm_put_kvm+0x1060/0x1060 [ 31.783186] kvm_vm_release+0x42/0x50 [ 31.786985] __fput+0x38a/0xa40 [ 31.790278] ? __alloc_file+0x400/0x400 [ 31.794257] ? check_same_owner+0x340/0x340 [ 31.798577] ? kasan_check_write+0x14/0x20 [ 31.802804] ? do_raw_spin_lock+0xc1/0x200 [ 31.807033] ____fput+0x15/0x20 [ 31.810313] task_work_run+0x1e8/0x2a0 [ 31.814202] ? task_work_cancel+0x240/0x240 [ 31.818535] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.824072] ? switch_task_namespaces+0xa2/0xd0 [ 31.828754] do_exit+0x1ae4/0x26e0 [ 31.832292] ? mm_update_next_owner+0x9a0/0x9a0 [ 31.836962] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 31.841195] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.846208] ? kfree+0x1d7/0x210 [ 31.849573] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 31.853806] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 31.859515] ? is_bpf_text_address+0xd7/0x170 [ 31.864009] ? kernel_text_address+0x79/0xf0 [ 31.868411] ? __kernel_text_address+0xd/0x40 [ 31.872940] ? unwind_get_return_address+0x61/0xa0 [ 31.877872] ? __save_stack_trace+0x8d/0xf0 [ 31.882214] ? save_stack+0xa9/0xd0 [ 31.885835] ? save_stack+0x43/0xd0 [ 31.889454] ? __kasan_slab_free+0x11a/0x170 [ 31.893855] ? kasan_slab_free+0xe/0x10 [ 31.897825] ? putname+0xf2/0x130 [ 31.901281] ? __x64_sys_openat+0x9d/0x100 [ 31.905521] ? do_syscall_64+0x1b9/0x820 [ 31.909604] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.914970] ? trace_hardirqs_off+0xb8/0x2b0 [ 31.919378] ? kasan_check_read+0x11/0x20 [ 31.923535] ? do_raw_spin_unlock+0xa7/0x2f0 [ 31.927939] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.932346] ? initcall_blacklisted+0x9a/0x1e0 [ 31.936929] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 31.942125] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 31.947847] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.953397] ? do_vfs_ioctl+0x201/0x1720 [ 31.957454] ? rcu_is_watching+0x8c/0x150 [ 31.961596] ? trace_hardirqs_on+0xbd/0x2c0 [ 31.965919] ? ioctl_preallocate+0x300/0x300 [ 31.970341] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.975877] ? __fget_light+0x2f7/0x440 [ 31.979848] ? fget_raw+0x20/0x20 [ 31.983311] ? putname+0xf2/0x130 [ 31.986762] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.991779] ? kmem_cache_free+0x246/0x280 [ 31.996020] ? putname+0xf7/0x130 [ 31.999476] do_group_exit+0x177/0x440 [ 32.003362] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.007679] ? __ia32_sys_exit+0x50/0x50 [ 32.011734] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.016838] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.022372] ? ksys_ioctl+0x81/0xd0 [ 32.026001] __x64_sys_exit_group+0x3e/0x50 [ 32.030323] do_syscall_64+0x1b9/0x820 [ 32.034207] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.039572] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.044502] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.049341] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 32.054360] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 32.059378] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.064400] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.069254] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.074450] RIP: 0033:0x43ecd8 [ 32.077647] Code: Bad RIP value. [ 32.081003] RSP: 002b:00007ffdd605a258 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.088712] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8 [ 32.095978] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.103760] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.111028] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 32.118292] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 32.125567] [ 32.127190] Allocated by task 4691: [ 32.130824] save_stack+0x43/0xd0 [ 32.134279] kasan_kmalloc+0xc4/0xe0 [ 32.137991] kasan_slab_alloc+0x12/0x20 [ 32.141963] kmem_cache_alloc+0x12e/0x710 [ 32.146121] vmx_create_vcpu+0xcf/0x2830 [ 32.150179] kvm_arch_vcpu_create+0xe5/0x220 [ 32.154586] kvm_vm_ioctl+0x488/0x1d80 [ 32.158472] do_vfs_ioctl+0x1de/0x1720 [ 32.162367] ksys_ioctl+0xa9/0xd0 [ 32.165816] __x64_sys_ioctl+0x73/0xb0 [ 32.169709] do_syscall_64+0x1b9/0x820 [ 32.174358] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.179536] [ 32.181162] Freed by task 4691: [ 32.184450] save_stack+0x43/0xd0 [ 32.187913] __kasan_slab_free+0x11a/0x170 [ 32.192145] kasan_slab_free+0xe/0x10 [ 32.195942] kmem_cache_free+0x86/0x280 [ 32.199917] vmx_free_vcpu+0x26b/0x300 [ 32.203801] kvm_arch_destroy_vm+0x365/0x7c0 [ 32.208630] kvm_put_kvm+0x73f/0x1060 [ 32.212443] kvm_vm_release+0x42/0x50 [ 32.216245] __fput+0x38a/0xa40 [ 32.219520] ____fput+0x15/0x20 [ 32.222800] task_work_run+0x1e8/0x2a0 [ 32.226685] do_exit+0x1ae4/0x26e0 [ 32.230222] do_group_exit+0x177/0x440 [ 32.234119] __x64_sys_exit_group+0x3e/0x50 [ 32.238444] do_syscall_64+0x1b9/0x820 [ 32.242328] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.247504] [ 32.249142] The buggy address belongs to the object at ffff8801bce08040 [ 32.249142] which belongs to the cache kvm_vcpu of size 23872 [ 32.261728] The buggy address is located 24 bytes inside of [ 32.261728] 23872-byte region [ffff8801bce08040, ffff8801bce0dd80) [ 32.273697] The buggy address belongs to the page: [ 32.278629] page:ffffea0006f38200 count:1 mapcount:0 mapping:ffff8801d5314d80 index:0x0 compound_mapcount: 0 [ 32.288651] flags: 0x2fffc0000008100(slab|head) [ 32.293326] raw: 02fffc0000008100 ffff8801d530a648 ffff8801d530a648 ffff8801d5314d80 [ 32.301211] raw: 0000000000000000 ffff8801bce08040 0000000100000001 0000000000000000 [ 32.309099] page dumped because: kasan: bad access detected [ 32.314809] [ 32.316425] Memory state around the buggy address: [ 32.321356] ffff8801bce07f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.328710] ffff8801bce07f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.336064] >ffff8801bce08000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 32.343458] ^ [ 32.349698] ffff8801bce08080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.357053] ffff8801bce08100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.364437] ================================================================== [ 32.371792] Kernel panic - not syncing: panic_on_warn set ... [ 32.371792] [ 32.379160] CPU: 0 PID: 4691 Comm: syz-executor080 Tainted: G B 4.19.0-rc1+ #216 [ 32.387988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.397335] Call Trace: [ 32.399931] dump_stack+0x1c9/0x2b4 [ 32.403562] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.408754] ? lock_downgrade+0x8f0/0x8f0 [ 32.412905] ? __schedule+0xf54/0x1df0 [ 32.416802] panic+0x238/0x4e7 [ 32.419998] ? add_taint.cold.5+0x16/0x16 [ 32.424149] ? print_shadow_for_address+0xba/0x116 [ 32.429074] ? trace_hardirqs_off+0xaf/0x2b0 [ 32.433497] ? trace_hardirqs_off+0x77/0x2b0 [ 32.437906] ? __schedule+0xf54/0x1df0 [ 32.441803] kasan_end_report+0x47/0x4f [ 32.445787] kasan_report.cold.7+0x76/0x30d [ 32.450137] __asan_report_load8_noabort+0x14/0x20 [ 32.455098] __schedule+0xf54/0x1df0 [ 32.458817] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.463922] ? __sched_text_start+0x8/0x8 [ 32.468075] ? __call_srcu+0x7e7/0x1040 [ 32.472075] ? check_same_owner+0x340/0x340 [ 32.476414] ? mark_held_locks+0x160/0x160 [ 32.480650] ? find_held_lock+0x36/0x1c0 [ 32.484715] preempt_schedule_common+0x22/0x60 [ 32.489300] _cond_resched+0x1d/0x30 [ 32.493018] wait_for_completion+0xa5/0x8d0 [ 32.497342] ? wait_for_completion_interruptible+0x950/0x950 [ 32.503146] ? __lockdep_init_map+0x105/0x590 [ 32.507652] ? __init_waitqueue_head+0x9e/0x150 [ 32.512323] ? init_wait_entry+0x1c0/0x1c0 [ 32.516581] __synchronize_srcu+0x189/0x240 [ 32.520901] ? call_srcu+0x10/0x10 [ 32.524441] ? rcu_unexpedite_gp+0x20/0x20 [ 32.528683] synchronize_srcu+0x335/0x56f [ 32.532846] ? lock_downgrade+0x8f0/0x8f0 [ 32.536996] ? synchronize_srcu_expedited+0x20/0x20 [ 32.542018] ? kasan_check_read+0x11/0x20 [ 32.546169] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.550754] ? kasan_check_write+0x14/0x20 [ 32.554988] ? do_raw_spin_lock+0xc1/0x200 [ 32.559228] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.564951] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.570403] ? kvfree+0x61/0x70 [ 32.573684] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.578709] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.582775] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.587185] ? kvm_arch_sync_events+0x30/0x30 [ 32.591689] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.597233] ? mmu_notifier_unregister+0x474/0x600 [ 32.602160] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.606563] ? kfree+0x111/0x210 [ 32.609930] ? __mmu_notifier_register+0x30/0x30 [ 32.614687] ? __free_pages+0x10a/0x190 [ 32.618659] ? free_unref_page+0x930/0x930 [ 32.622902] kvm_put_kvm+0x73f/0x1060 [ 32.626709] ? kvm_write_guest_cached+0x40/0x40 [ 32.631380] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.635874] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.640372] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.644958] ? kasan_check_write+0x14/0x20 [ 32.649193] ? do_raw_spin_lock+0xc1/0x200 [ 32.653428] ? kvm_irqfd_release+0xdd/0x120 [ 32.657749] ? kvm_irqfd_release+0xdd/0x120 [ 32.662071] ? kvm_put_kvm+0x1060/0x1060 [ 32.666151] kvm_vm_release+0x42/0x50 [ 32.669958] __fput+0x38a/0xa40 [ 32.673237] ? __alloc_file+0x400/0x400 [ 32.677215] ? check_same_owner+0x340/0x340 [ 32.681537] ? kasan_check_write+0x14/0x20 [ 32.685771] ? do_raw_spin_lock+0xc1/0x200 [ 32.690002] ____fput+0x15/0x20 [ 32.693280] task_work_run+0x1e8/0x2a0 [ 32.697191] ? task_work_cancel+0x240/0x240 [ 32.701528] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.707086] ? switch_task_namespaces+0xa2/0xd0 [ 32.711765] do_exit+0x1ae4/0x26e0 [ 32.715309] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.719983] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.724218] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.729235] ? kfree+0x1d7/0x210 [ 32.732614] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.736855] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.742579] ? is_bpf_text_address+0xd7/0x170 [ 32.747085] ? kernel_text_address+0x79/0xf0 [ 32.751502] ? __kernel_text_address+0xd/0x40 [ 32.755998] ? unwind_get_return_address+0x61/0xa0 [ 32.760930] ? __save_stack_trace+0x8d/0xf0 [ 32.765262] ? save_stack+0xa9/0xd0 [ 32.768892] ? save_stack+0x43/0xd0 [ 32.772521] ? __kasan_slab_free+0x11a/0x170 [ 32.776928] ? kasan_slab_free+0xe/0x10 [ 32.780903] ? putname+0xf2/0x130 [ 32.784356] ? __x64_sys_openat+0x9d/0x100 [ 32.788592] ? do_syscall_64+0x1b9/0x820 [ 32.792657] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.798028] ? trace_hardirqs_off+0xb8/0x2b0 [ 32.802441] ? kasan_check_read+0x11/0x20 [ 32.806589] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.811004] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.815430] ? initcall_blacklisted+0x9a/0x1e0 [ 32.820043] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.825185] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.830935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.836494] ? do_vfs_ioctl+0x201/0x1720 [ 32.840567] ? rcu_is_watching+0x8c/0x150 [ 32.844736] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.849074] ? ioctl_preallocate+0x300/0x300 [ 32.853512] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.859087] ? __fget_light+0x2f7/0x440 [ 32.863100] ? fget_raw+0x20/0x20 [ 32.866572] ? putname+0xf2/0x130 [ 32.870037] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.875073] ? kmem_cache_free+0x246/0x280 [ 32.879343] ? putname+0xf7/0x130 [ 32.882807] do_group_exit+0x177/0x440 [ 32.886700] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.891047] ? __ia32_sys_exit+0x50/0x50 [ 32.895128] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.900252] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.905819] ? ksys_ioctl+0x81/0xd0 [ 32.909464] __x64_sys_exit_group+0x3e/0x50 [ 32.913810] do_syscall_64+0x1b9/0x820 [ 32.917706] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.923119] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.928064] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.932941] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 32.937957] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 32.943063] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.948111] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.952958] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.958144] RIP: 0033:0x43ecd8 [ 32.961350] Code: Bad RIP value. [ 32.964728] RSP: 002b:00007ffdd605a258 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.972453] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8 [ 32.979735] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.987001] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.994265] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.001530] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.008812] [ 33.008817] ====================================================== [ 33.008822] WARNING: possible circular locking dependency detected [ 33.008826] 4.19.0-rc1+ #216 Not tainted [ 33.008831] ------------------------------------------------------ [ 33.008836] syz-executor080/4691 is trying to acquire lock: [ 33.008839] 0000000079a0431b ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 33.008854] [ 33.008858] but task is already holding lock: [ 33.008861] 00000000102c2b4b (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.008875] [ 33.008879] which lock already depends on the new lock. [ 33.008881] [ 33.008884] [ 33.008889] the existing dependency chain (in reverse order) is: [ 33.008891] [ 33.008893] -> #3 (report_lock){....}: [ 33.008907] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.008911] kasan_report+0x8e/0x110 [ 33.008915] __asan_report_load8_noabort+0x14/0x20 [ 33.008919] __schedule+0xf54/0x1df0 [ 33.008923] preempt_schedule_common+0x22/0x60 [ 33.008927] _cond_resched+0x1d/0x30 [ 33.008931] wait_for_completion+0xa5/0x8d0 [ 33.008935] __synchronize_srcu+0x189/0x240 [ 33.008939] synchronize_srcu+0x335/0x56f [ 33.008944] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.008948] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.008952] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.008956] kvm_put_kvm+0x73f/0x1060 [ 33.008959] kvm_vm_release+0x42/0x50 [ 33.008963] __fput+0x38a/0xa40 [ 33.008966] ____fput+0x15/0x20 [ 33.008970] task_work_run+0x1e8/0x2a0 [ 33.008974] do_exit+0x1ae4/0x26e0 [ 33.008978] do_group_exit+0x177/0x440 [ 33.008982] __x64_sys_exit_group+0x3e/0x50 [ 33.008985] do_syscall_64+0x1b9/0x820 [ 33.008990] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.008992] [ 33.008994] -> #2 (&rq->lock){-.-.}: [ 33.009008] _raw_spin_lock+0x2a/0x40 [ 33.009012] task_fork_fair+0x93/0x680 [ 33.009015] sched_fork+0x44b/0xbd0 [ 33.009019] copy_process+0x235e/0x7ad0 [ 33.009023] _do_fork+0x1ca/0x1170 [ 33.009026] kernel_thread+0x34/0x40 [ 33.009030] rest_init+0x22/0xe4 [ 33.009033] start_kernel+0x913/0x94e [ 33.009038] x86_64_start_reservations+0x29/0x2b [ 33.009042] x86_64_start_kernel+0x76/0x79 [ 33.009045] secondary_startup_64+0xa4/0xb0 [ 33.009048] [ 33.009050] -> #1 (&p->pi_lock){-.-.}: [ 33.009064] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.009068] try_to_wake_up+0xd2/0x1250 [ 33.009071] wake_up_process+0x10/0x20 [ 33.009075] __up.isra.1+0x1c0/0x2a0 [ 33.009087] up+0x13c/0x1c0 [ 33.009097] __up_console_sem+0xbe/0x1b0 [ 33.009101] console_unlock+0x506/0x10d0 [ 33.009104] vprintk_emit+0x33a/0x910 [ 33.009108] vprintk_default+0x28/0x30 [ 33.009112] vprintk_func+0x7a/0x117 [ 33.009115] printk+0xa7/0xcf [ 33.009119] do_exit.cold.22+0x120/0x21f [ 33.009123] do_group_exit+0x177/0x440 [ 33.009127] __x64_sys_exit_group+0x3e/0x50 [ 33.009131] do_syscall_64+0x1b9/0x820 [ 33.009135] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.009137] [ 33.009140] -> #0 ((console_sem).lock){-...}: [ 33.009154] lock_acquire+0x1e4/0x4f0 [ 33.009158] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.009162] down_trylock+0x13/0x70 [ 33.009166] __down_trylock_console_sem+0xae/0x200 [ 33.009170] console_trylock+0x15/0xa0 [ 33.009174] vprintk_emit+0x31f/0x910 [ 33.009177] vprintk_default+0x28/0x30 [ 33.009181] vprintk_func+0x7a/0x117 [ 33.009184] printk+0xa7/0xcf [ 33.009188] kasan_report+0x9e/0x110 [ 33.009192] __asan_report_load8_noabort+0x14/0x20 [ 33.009196] __schedule+0xf54/0x1df0 [ 33.009200] preempt_schedule_common+0x22/0x60 [ 33.009204] _cond_resched+0x1d/0x30 [ 33.009208] wait_for_completion+0xa5/0x8d0 [ 33.009212] __synchronize_srcu+0x189/0x240 [ 33.009216] synchronize_srcu+0x335/0x56f [ 33.009221] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.009225] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.009242] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.009246] kvm_put_kvm+0x73f/0x1060 [ 33.009250] kvm_vm_release+0x42/0x50 [ 33.009253] __fput+0x38a/0xa40 [ 33.009257] ____fput+0x15/0x20 [ 33.009260] task_work_run+0x1e8/0x2a0 [ 33.009264] do_exit+0x1ae4/0x26e0 [ 33.009267] do_group_exit+0x177/0x440 [ 33.009283] __x64_sys_exit_group+0x3e/0x50 [ 33.009287] do_syscall_64+0x1b9/0x820 [ 33.009292] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.009294] [ 33.009298] other info that might help us debug this: [ 33.009300] [ 33.009303] Chain exists of: [ 33.009306] (console_sem).lock --> &rq->lock --> report_lock [ 33.009323] [ 33.009327] Possible unsafe locking scenario: [ 33.009330] [ 33.009334] CPU0 CPU1 [ 33.009337] ---- ---- [ 33.009340] lock(report_lock); [ 33.009349] lock(&rq->lock); [ 33.009358] lock(report_lock); [ 33.009366] lock((console_sem).lock); [ 33.009374] [ 33.009377] *** DEADLOCK *** [ 33.009379] [ 33.009383] 2 locks held by syz-executor080/4691: [ 33.009385] #0: 000000008062ed27 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 33.009402] #1: 00000000102c2b4b (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.009419] [ 33.009422] stack backtrace: [ 33.009427] CPU: 0 PID: 4691 Comm: syz-executor080 Not tainted 4.19.0-rc1+ #216 [ 33.009434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.009437] Call Trace: [ 33.009441] dump_stack+0x1c9/0x2b4 [ 33.009445] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.009449] ? vprintk_func+0x100/0x117 [ 33.009454] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 33.009457] ? save_trace+0xe0/0x290 [ 33.009461] __lock_acquire+0x3449/0x5020 [ 33.009465] ? mark_held_locks+0x160/0x160 [ 33.009469] ? mark_held_locks+0x160/0x160 [ 33.009473] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 33.009477] ? is_bpf_text_address+0xd7/0x170 [ 33.009481] ? kernel_text_address+0x79/0xf0 [ 33.009486] ? __kernel_text_address+0xd/0x40 [ 33.009489] ? __save_stack_trace+0x8d/0xf0 [ 33.009494] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 33.009497] ? save_trace+0x290/0x290 [ 33.009501] ? save_stack_trace+0x1a/0x20 [ 33.009505] ? save_trace+0xe0/0x290 [ 33.009509] ? graph_lock+0x170/0x170 [ 33.009513] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.009517] lock_acquire+0x1e4/0x4f0 [ 33.009521] ? down_trylock+0x13/0x70 [ 33.009524] ? lock_release+0x9f0/0x9f0 [ 33.009529] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.009533] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.009537] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.009540] ? log_store+0x34f/0x4c0 [ 33.009544] ? vprintk_emit+0x31f/0x910 [ 33.009548] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.009552] ? down_trylock+0x13/0x70 [ 33.009555] down_trylock+0x13/0x70 [ 33.009560] __down_trylock_console_sem+0xae/0x200 [ 33.009563] console_trylock+0x15/0xa0 [ 33.009567] vprintk_emit+0x31f/0x910 [ 33.009571] ? wake_up_klogd+0x110/0x110 [ 33.009575] ? run_rebalance_domains+0x4c0/0x4c0 [ 33.009579] ? kasan_check_read+0x11/0x20 [ 33.009583] ? rcu_is_watching+0x8c/0x150 [ 33.009586] ? rcu_pm_notify+0xc0/0xc0 [ 33.009590] ? lock_acquire+0x1e4/0x4f0 [ 33.009594] ? kasan_report+0x8e/0x110 [ 33.009598] ? __schedule+0xf54/0x1df0 [ 33.009602] vprintk_default+0x28/0x30 [ 33.009606] vprintk_func+0x7a/0x117 [ 33.009609] printk+0xa7/0xcf [ 33.009613] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.009617] ? kasan_check_write+0x14/0x20 [ 33.009621] ? do_raw_spin_lock+0xc1/0x200 [ 33.009625] ? do_raw_spin_lock+0xc1/0x200 [ 33.009628] kasan_report+0x9e/0x110 [ 33.009633] __asan_report_load8_noabort+0x14/0x20 [ 33.009636] __schedule+0xf54/0x1df0 [ 33.009641] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.009645] ? __sched_text_start+0x8/0x8 [ 33.009648] ? __call_srcu+0x7e7/0x1040 [ 33.009652] ? check_same_owner+0x340/0x340 [ 33.009656] ? mark_held_locks+0x160/0x160 [ 33.009660] ? find_held_lock+0x36/0x1c0 [ 33.009664] preempt_schedule_common+0x22/0x60 [ 33.009668] _cond_resched+0x1d/0x30 [ 33.009672] wait_for_completion+0xa5/0x8d0 [ 33.009677] ? wait_for_completion_interruptible+0x950/0x950 [ 33.009681] ? __lockdep_init_map+0x105/0x590 [ 33.009685] ? __init_waitqueue_head+0x9e/0x150 [ 33.009689] ? init_wait_entry+0x1c0/0x1c0 [ 33.009693] __synchronize_srcu+0x189/0x240 [ 33.009696] ? call_srcu+0x10/0x10 [ 33.009700] ? rcu_unexpedite_gp+0x20/0x20 [ 33.009704] synchronize_srcu+0x335/0x56f [ 33.009708] ? lock_downgrade+0x8f0/0x8f0 [ 33.009713] ? synchronize_srcu_expedited+0x20/0x20 [ 33.009716] ? kasan_check_read+0x11/0x20 [ 33.009721] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.009725] ? kasan_check_write+0x14/0x20 [ 33.009729] ? do_raw_spin_lock+0xc1/0x200 [ 33.009734] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.009738] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.009742] ? kvfree+0x61/0x70 [ 33.009746] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.009750] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.009754] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.009758] ? kvm_arch_sync_events+0x30/0x30 [ 33.009763] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.009767] ? mmu_notifier_unregister+0x474/0x600 [ 33.009771] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.009774] ? kfree+0x111/0x210 [ 33.009778] ? __mmu_notifier_register+0x30/0x30 [ 33.009782] ? __free_pages+0x10a/0x190 [ 33.009786] ? free_unref_page+0x930/0x930 [ 33.009790] kvm_put_kvm+0x73f/0x1060 [ 33.009794] ? kvm_write_guest_cached+0x40/0x40 [ 33.009798] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.009802] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.009806] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.009810] ? kasan_check_write+0x14/0x20 [ 33.009814] ? do_raw_spin_lock+0xc1/0x200 [ 33.009818] ? kvm_irqfd_release+0xdd/0x120 [ 33.009822] ? kvm_irqfd_release+0xdd/0x120 [ 33.009826] ? kvm_put_kvm+0x1060/0x1060 [ 33.009830] kvm_vm_release+0x42/0x50 [ 33.009833] __fput+0x38a/0xa40 [ 33.009837] ? __alloc_file+0x400/0x400 [ 33.009841] ? check_same_owner+0x340/0x340 [ 33.009845] ? kasan_check_write+0x14/0x20 [ 33.009848] ? do_raw_spin_lock+0xc1/0x200 [ 33.009852] ____fput+0x15/0x20 [ 33.009855] task_work_run+0x1e8/0x2a0 [ 33.009859] ? task_work_cancel+0x240/0x240 [ 33.009864] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.009868] ? switch_task_namespaces+0xa2/0xd0 [ 33.009872] do_exit+0x1ae4/0x26e0 [ 33.009876] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.009880] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.009884] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.009888] ? kfree+0x1d7/0x210 [ 33.009892] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.009896] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.009899] ? is_bpf_tex [ 33.009907] Lost 56 message(s)! [ 34.116237] Shutting down cpus with NMI [ 35.175088] Dumping ftrace buffer: [ 35.178625] (ftrace buffer empty) [ 35.182314] Kernel Offset: disabled [ 35.185926] Rebooting in 86400 seconds..