[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.772192] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.041361] random: sshd: uninitialized urandom read (32 bytes read) [ 27.441460] random: sshd: uninitialized urandom read (32 bytes read) [ 28.007309] random: sshd: uninitialized urandom read (32 bytes read) [ 28.186275] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.203' (ECDSA) to the list of known hosts. [ 33.831896] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.936208] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.961524] ================================================================== [ 33.971326] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.977561] Read of size 8 at addr ffff8801b8bc8058 by task syz-executor393/4653 [ 33.985171] [ 33.986803] CPU: 1 PID: 4653 Comm: syz-executor393 Not tainted 4.19.0-rc1+ #216 [ 33.994240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.003619] Call Trace: [ 34.006214] dump_stack+0x1c9/0x2b4 [ 34.009841] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.015032] ? printk+0xa7/0xcf [ 34.018313] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.023075] ? __schedule+0xf54/0x1df0 [ 34.026978] print_address_description+0x6c/0x20b [ 34.032002] ? __schedule+0xf54/0x1df0 [ 34.035892] kasan_report.cold.7+0x242/0x30d [ 34.040308] __asan_report_load8_noabort+0x14/0x20 [ 34.045237] __schedule+0xf54/0x1df0 [ 34.048958] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.054074] ? __sched_text_start+0x8/0x8 [ 34.058230] ? __call_srcu+0x7e7/0x1040 [ 34.062211] ? check_same_owner+0x340/0x340 [ 34.066533] ? mark_held_locks+0x160/0x160 [ 34.070768] ? find_held_lock+0x36/0x1c0 [ 34.074839] preempt_schedule_common+0x22/0x60 [ 34.079435] _cond_resched+0x1d/0x30 [ 34.083158] wait_for_completion+0xa5/0x8d0 [ 34.087488] ? wait_for_completion_interruptible+0x950/0x950 [ 34.093290] ? __lockdep_init_map+0x105/0x590 [ 34.097788] ? __init_waitqueue_head+0x9e/0x150 [ 34.102490] ? init_wait_entry+0x1c0/0x1c0 [ 34.106736] __synchronize_srcu+0x189/0x240 [ 34.111057] ? call_srcu+0x10/0x10 [ 34.114596] ? rcu_unexpedite_gp+0x20/0x20 [ 34.118833] synchronize_srcu+0x335/0x56f [ 34.122980] ? lock_downgrade+0x8f0/0x8f0 [ 34.127137] ? synchronize_srcu_expedited+0x20/0x20 [ 34.132154] ? kasan_check_read+0x11/0x20 [ 34.136299] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.140881] ? kasan_check_write+0x14/0x20 [ 34.145115] ? do_raw_spin_lock+0xc1/0x200 [ 34.149356] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.155078] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.160535] ? kvfree+0x61/0x70 [ 34.163813] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.168828] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.172884] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.177307] ? kvm_arch_sync_events+0x30/0x30 [ 34.181807] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.187340] ? mmu_notifier_unregister+0x474/0x600 [ 34.192263] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.196668] ? kfree+0x111/0x210 [ 34.200038] ? __mmu_notifier_register+0x30/0x30 [ 34.204800] ? __free_pages+0x10a/0x190 [ 34.208774] ? free_unref_page+0x930/0x930 [ 34.213014] kvm_put_kvm+0x73f/0x1060 [ 34.216838] ? kvm_write_guest_cached+0x40/0x40 [ 34.221509] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.226008] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.230502] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.235088] ? kasan_check_write+0x14/0x20 [ 34.239324] ? do_raw_spin_lock+0xc1/0x200 [ 34.243563] ? kvm_irqfd_release+0xdd/0x120 [ 34.247884] ? kvm_irqfd_release+0xdd/0x120 [ 34.252210] ? kvm_put_kvm+0x1060/0x1060 [ 34.256283] kvm_vm_release+0x42/0x50 [ 34.260081] __fput+0x38a/0xa40 [ 34.263364] ? __alloc_file+0x400/0x400 [ 34.267343] ? check_same_owner+0x340/0x340 [ 34.271661] ? kasan_check_write+0x14/0x20 [ 34.275898] ? do_raw_spin_lock+0xc1/0x200 [ 34.280130] ____fput+0x15/0x20 [ 34.283404] task_work_run+0x1e8/0x2a0 [ 34.287287] ? task_work_cancel+0x240/0x240 [ 34.291610] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.297160] ? switch_task_namespaces+0xa2/0xd0 [ 34.301827] do_exit+0x1ae4/0x26e0 [ 34.305368] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.310036] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.314273] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.319297] ? kfree+0x1d7/0x210 [ 34.322668] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.326903] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.332611] ? is_bpf_text_address+0xd7/0x170 [ 34.337108] ? kernel_text_address+0x79/0xf0 [ 34.341520] ? __kernel_text_address+0xd/0x40 [ 34.346030] ? unwind_get_return_address+0x61/0xa0 [ 34.350960] ? __save_stack_trace+0x8d/0xf0 [ 34.355285] ? save_stack+0xa9/0xd0 [ 34.358910] ? save_stack+0x43/0xd0 [ 34.362532] ? __kasan_slab_free+0x11a/0x170 [ 34.366942] ? kasan_slab_free+0xe/0x10 [ 34.370918] ? putname+0xf2/0x130 [ 34.374367] ? __x64_sys_openat+0x9d/0x100 [ 34.378609] ? do_syscall_64+0x1b9/0x820 [ 34.382674] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.388034] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.392451] ? kasan_check_read+0x11/0x20 [ 34.396599] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.401007] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.405414] ? initcall_blacklisted+0x9a/0x1e0 [ 34.410004] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.415137] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.420868] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.426406] ? do_vfs_ioctl+0x201/0x1720 [ 34.430465] ? rcu_is_watching+0x8c/0x150 [ 34.434616] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.438943] ? ioctl_preallocate+0x300/0x300 [ 34.443358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.449432] ? __fget_light+0x2f7/0x440 [ 34.453406] ? fget_raw+0x20/0x20 [ 34.456857] ? putname+0xf2/0x130 [ 34.460309] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.465320] ? kmem_cache_free+0x246/0x280 [ 34.469566] ? putname+0xf7/0x130 [ 34.473024] do_group_exit+0x177/0x440 [ 34.476907] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.481227] ? __ia32_sys_exit+0x50/0x50 [ 34.485284] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.490390] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.495932] ? ksys_ioctl+0x81/0xd0 [ 34.499559] __x64_sys_exit_group+0x3e/0x50 [ 34.503879] do_syscall_64+0x1b9/0x820 [ 34.507761] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.513133] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.518075] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.522920] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.527935] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.532947] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.538052] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.542905] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.548090] RIP: 0033:0x43ef08 [ 34.551288] Code: Bad RIP value. [ 34.554646] RSP: 002b:00007ffeac394368 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.562352] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 34.569618] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.576887] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.584151] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.591419] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.598692] [ 34.600313] Allocated by task 4653: [ 34.603938] save_stack+0x43/0xd0 [ 34.607383] kasan_kmalloc+0xc4/0xe0 [ 34.611106] kasan_slab_alloc+0x12/0x20 [ 34.615077] kmem_cache_alloc+0x12e/0x710 [ 34.619223] vmx_create_vcpu+0xcf/0x2830 [ 34.623276] kvm_arch_vcpu_create+0xe5/0x220 [ 34.627681] kvm_vm_ioctl+0x488/0x1d80 [ 34.631567] do_vfs_ioctl+0x1de/0x1720 [ 34.635454] ksys_ioctl+0xa9/0xd0 [ 34.638904] __x64_sys_ioctl+0x73/0xb0 [ 34.642785] do_syscall_64+0x1b9/0x820 [ 34.646668] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.651839] [ 34.653463] Freed by task 4653: [ 34.656744] save_stack+0x43/0xd0 [ 34.660191] __kasan_slab_free+0x11a/0x170 [ 34.664418] kasan_slab_free+0xe/0x10 [ 34.668211] kmem_cache_free+0x86/0x280 [ 34.672178] vmx_free_vcpu+0x26b/0x300 [ 34.676057] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.680553] kvm_put_kvm+0x73f/0x1060 [ 34.684353] kvm_vm_release+0x42/0x50 [ 34.688147] __fput+0x38a/0xa40 [ 34.691418] ____fput+0x15/0x20 [ 34.694693] task_work_run+0x1e8/0x2a0 [ 34.698575] do_exit+0x1ae4/0x26e0 [ 34.702128] do_group_exit+0x177/0x440 [ 34.706026] __x64_sys_exit_group+0x3e/0x50 [ 34.710342] do_syscall_64+0x1b9/0x820 [ 34.714228] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.719401] [ 34.721020] The buggy address belongs to the object at ffff8801b8bc8040 [ 34.721020] which belongs to the cache kvm_vcpu of size 23872 [ 34.733600] The buggy address is located 24 bytes inside of [ 34.733600] 23872-byte region [ffff8801b8bc8040, ffff8801b8bcdd80) [ 34.745556] The buggy address belongs to the page: [ 34.750491] page:ffffea0006e2f200 count:1 mapcount:0 mapping:ffff8801d52b5b40 index:0x0 compound_mapcount: 0 [ 34.760478] flags: 0x2fffc0000008100(slab|head) [ 34.765150] raw: 02fffc0000008100 ffff8801d52ae348 ffff8801d52ae348 ffff8801d52b5b40 [ 34.773039] raw: 0000000000000000 ffff8801b8bc8040 0000000100000001 0000000000000000 [ 34.780921] page dumped because: kasan: bad access detected [ 34.786619] [ 34.788233] Memory state around the buggy address: [ 34.793162] ffff8801b8bc7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.800536] ffff8801b8bc7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.807899] >ffff8801b8bc8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.815255] ^ [ 34.821495] ffff8801b8bc8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.828866] ffff8801b8bc8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.836216] ================================================================== [ 34.843569] Kernel panic - not syncing: panic_on_warn set ... [ 34.843569] [ 34.851003] CPU: 1 PID: 4653 Comm: syz-executor393 Tainted: G B 4.19.0-rc1+ #216 [ 34.859842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.869191] Call Trace: [ 34.871779] dump_stack+0x1c9/0x2b4 [ 34.875415] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.880606] ? lock_downgrade+0x8f0/0x8f0 [ 34.884750] ? __schedule+0xf54/0x1df0 [ 34.888632] panic+0x238/0x4e7 [ 34.891819] ? add_taint.cold.5+0x16/0x16 [ 34.895970] ? print_shadow_for_address+0xba/0x116 [ 34.900900] ? trace_hardirqs_off+0xaf/0x2b0 [ 34.905305] ? trace_hardirqs_off+0x77/0x2b0 [ 34.909710] ? __schedule+0xf54/0x1df0 [ 34.913595] kasan_end_report+0x47/0x4f [ 34.917577] kasan_report.cold.7+0x76/0x30d [ 34.921913] __asan_report_load8_noabort+0x14/0x20 [ 34.926842] __schedule+0xf54/0x1df0 [ 34.930552] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.935655] ? __sched_text_start+0x8/0x8 [ 34.939798] ? __call_srcu+0x7e7/0x1040 [ 34.943788] ? check_same_owner+0x340/0x340 [ 34.948110] ? mark_held_locks+0x160/0x160 [ 34.952342] ? find_held_lock+0x36/0x1c0 [ 34.956402] preempt_schedule_common+0x22/0x60 [ 34.960980] _cond_resched+0x1d/0x30 [ 34.964704] wait_for_completion+0xa5/0x8d0 [ 34.969033] ? wait_for_completion_interruptible+0x950/0x950 [ 34.974831] ? __lockdep_init_map+0x105/0x590 [ 34.979331] ? __init_waitqueue_head+0x9e/0x150 [ 34.983994] ? init_wait_entry+0x1c0/0x1c0 [ 34.988232] __synchronize_srcu+0x189/0x240 [ 34.992559] ? call_srcu+0x10/0x10 [ 34.996107] ? rcu_unexpedite_gp+0x20/0x20 [ 35.000352] synchronize_srcu+0x335/0x56f [ 35.004497] ? lock_downgrade+0x8f0/0x8f0 [ 35.008652] ? synchronize_srcu_expedited+0x20/0x20 [ 35.013684] ? kasan_check_read+0x11/0x20 [ 35.017838] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.022421] ? kasan_check_write+0x14/0x20 [ 35.026653] ? do_raw_spin_lock+0xc1/0x200 [ 35.030889] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.036599] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.042064] ? kvfree+0x61/0x70 [ 35.045349] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.050366] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.054425] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.058838] ? kvm_arch_sync_events+0x30/0x30 [ 35.063337] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.068878] ? mmu_notifier_unregister+0x474/0x600 [ 35.073803] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.078207] ? kfree+0x111/0x210 [ 35.081576] ? __mmu_notifier_register+0x30/0x30 [ 35.086335] ? __free_pages+0x10a/0x190 [ 35.090318] ? free_unref_page+0x930/0x930 [ 35.094566] kvm_put_kvm+0x73f/0x1060 [ 35.098367] ? kvm_write_guest_cached+0x40/0x40 [ 35.103040] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.107542] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.112071] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.116673] ? kasan_check_write+0x14/0x20 [ 35.120906] ? do_raw_spin_lock+0xc1/0x200 [ 35.125141] ? kvm_irqfd_release+0xdd/0x120 [ 35.129460] ? kvm_irqfd_release+0xdd/0x120 [ 35.133783] ? kvm_put_kvm+0x1060/0x1060 [ 35.137860] kvm_vm_release+0x42/0x50 [ 35.141664] __fput+0x38a/0xa40 [ 35.144947] ? __alloc_file+0x400/0x400 [ 35.148923] ? check_same_owner+0x340/0x340 [ 35.153245] ? kasan_check_write+0x14/0x20 [ 35.157480] ? do_raw_spin_lock+0xc1/0x200 [ 35.161729] ____fput+0x15/0x20 [ 35.165017] task_work_run+0x1e8/0x2a0 [ 35.168908] ? task_work_cancel+0x240/0x240 [ 35.173235] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.178771] ? switch_task_namespaces+0xa2/0xd0 [ 35.183447] do_exit+0x1ae4/0x26e0 [ 35.187000] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.191674] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.195909] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.200925] ? kfree+0x1d7/0x210 [ 35.204290] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.208549] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.214292] ? is_bpf_text_address+0xd7/0x170 [ 35.218789] ? kernel_text_address+0x79/0xf0 [ 35.223197] ? __kernel_text_address+0xd/0x40 [ 35.227689] ? unwind_get_return_address+0x61/0xa0 [ 35.232622] ? __save_stack_trace+0x8d/0xf0 [ 35.237045] ? save_stack+0xa9/0xd0 [ 35.240675] ? save_stack+0x43/0xd0 [ 35.244298] ? __kasan_slab_free+0x11a/0x170 [ 35.248706] ? kasan_slab_free+0xe/0x10 [ 35.252679] ? putname+0xf2/0x130 [ 35.256135] ? __x64_sys_openat+0x9d/0x100 [ 35.260380] ? do_syscall_64+0x1b9/0x820 [ 35.264458] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.269824] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.274231] ? kasan_check_read+0x11/0x20 [ 35.278376] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.282789] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.287212] ? initcall_blacklisted+0x9a/0x1e0 [ 35.291813] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.296919] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.302633] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.308182] ? do_vfs_ioctl+0x201/0x1720 [ 35.312259] ? rcu_is_watching+0x8c/0x150 [ 35.316411] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.320737] ? ioctl_preallocate+0x300/0x300 [ 35.325148] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.330695] ? __fget_light+0x2f7/0x440 [ 35.334677] ? fget_raw+0x20/0x20 [ 35.338138] ? putname+0xf2/0x130 [ 35.341821] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.346837] ? kmem_cache_free+0x246/0x280 [ 35.351070] ? putname+0xf7/0x130 [ 35.354531] do_group_exit+0x177/0x440 [ 35.358426] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.362754] ? __ia32_sys_exit+0x50/0x50 [ 35.366831] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.371948] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.377490] ? ksys_ioctl+0x81/0xd0 [ 35.381131] __x64_sys_exit_group+0x3e/0x50 [ 35.385471] do_syscall_64+0x1b9/0x820 [ 35.389372] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.394744] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.399675] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.404522] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.409553] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.414588] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.419611] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.424466] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.429659] RIP: 0033:0x43ef08 [ 35.432860] Code: Bad RIP value. [ 35.436244] RSP: 002b:00007ffeac394368 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.443954] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 35.451223] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.458497] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.465782] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.473064] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.480361] [ 35.480367] ====================================================== [ 35.480372] WARNING: possible circular locking dependency detected [ 35.480375] 4.19.0-rc1+ #216 Not tainted [ 35.480381] ------------------------------------------------------ [ 35.480385] syz-executor393/4653 is trying to acquire lock: [ 35.480389] 00000000a47c3c42 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 35.480403] [ 35.480407] but task is already holding lock: [ 35.480410] 00000000e73ebc35 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.480424] [ 35.480428] which lock already depends on the new lock. [ 35.480430] [ 35.480433] [ 35.480438] the existing dependency chain (in reverse order) is: [ 35.480440] [ 35.480442] -> #3 (report_lock){....}: [ 35.480456] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.480460] kasan_report+0x8e/0x110 [ 35.480464] __asan_report_load8_noabort+0x14/0x20 [ 35.480468] __schedule+0xf54/0x1df0 [ 35.480472] preempt_schedule_common+0x22/0x60 [ 35.480476] _cond_resched+0x1d/0x30 [ 35.480480] wait_for_completion+0xa5/0x8d0 [ 35.480484] __synchronize_srcu+0x189/0x240 [ 35.480488] synchronize_srcu+0x335/0x56f [ 35.480493] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.480497] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.480501] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.480505] kvm_put_kvm+0x73f/0x1060 [ 35.480508] kvm_vm_release+0x42/0x50 [ 35.480521] __fput+0x38a/0xa40 [ 35.480524] ____fput+0x15/0x20 [ 35.480528] task_work_run+0x1e8/0x2a0 [ 35.480532] do_exit+0x1ae4/0x26e0 [ 35.480536] do_group_exit+0x177/0x440 [ 35.480540] __x64_sys_exit_group+0x3e/0x50 [ 35.480543] do_syscall_64+0x1b9/0x820 [ 35.480548] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.480550] [ 35.480552] -> #2 (&rq->lock){-.-.}: [ 35.480566] _raw_spin_lock+0x2a/0x40 [ 35.480570] task_fork_fair+0x93/0x680 [ 35.480574] sched_fork+0x44b/0xbd0 [ 35.480577] copy_process+0x235e/0x7ad0 [ 35.480581] _do_fork+0x1ca/0x1170 [ 35.480585] kernel_thread+0x34/0x40 [ 35.480588] rest_init+0x22/0xe4 [ 35.480592] start_kernel+0x913/0x94e [ 35.480596] x86_64_start_reservations+0x29/0x2b [ 35.480601] x86_64_start_kernel+0x76/0x79 [ 35.480605] secondary_startup_64+0xa4/0xb0 [ 35.480607] [ 35.480609] -> #1 (&p->pi_lock){-.-.}: [ 35.480623] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.480627] try_to_wake_up+0xd2/0x1250 [ 35.480631] wake_up_process+0x10/0x20 [ 35.480635] __up.isra.1+0x1c0/0x2a0 [ 35.480638] up+0x13c/0x1c0 [ 35.480642] __up_console_sem+0xbe/0x1b0 [ 35.480646] console_unlock+0x506/0x10d0 [ 35.480650] vprintk_emit+0x33a/0x910 [ 35.480654] vprintk_default+0x28/0x30 [ 35.480657] vprintk_func+0x7a/0x117 [ 35.480661] printk+0xa7/0xcf [ 35.480664] load_umh+0x51/0xbd [ 35.480668] do_one_initcall+0x127/0x838 [ 35.480672] kernel_init_freeable+0x4bb/0x5ae [ 35.480676] kernel_init+0x11/0x1b3 [ 35.480680] ret_from_fork+0x3a/0x50 [ 35.480682] [ 35.480684] -> #0 ((console_sem).lock){-...}: [ 35.480698] lock_acquire+0x1e4/0x4f0 [ 35.480702] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.480706] down_trylock+0x13/0x70 [ 35.480710] __down_trylock_console_sem+0xae/0x200 [ 35.480714] console_trylock+0x15/0xa0 [ 35.480718] vprintk_emit+0x31f/0x910 [ 35.480722] vprintk_default+0x28/0x30 [ 35.480725] vprintk_func+0x7a/0x117 [ 35.480729] printk+0xa7/0xcf [ 35.480732] kasan_report+0x9e/0x110 [ 35.480737] __asan_report_load8_noabort+0x14/0x20 [ 35.480740] __schedule+0xf54/0x1df0 [ 35.480745] preempt_schedule_common+0x22/0x60 [ 35.480749] _cond_resched+0x1d/0x30 [ 35.480753] wait_for_completion+0xa5/0x8d0 [ 35.480757] __synchronize_srcu+0x189/0x240 [ 35.480761] synchronize_srcu+0x335/0x56f [ 35.480766] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.480770] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.480774] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.480778] kvm_put_kvm+0x73f/0x1060 [ 35.480781] kvm_vm_release+0x42/0x50 [ 35.480785] __fput+0x38a/0xa40 [ 35.480788] ____fput+0x15/0x20 [ 35.480792] task_work_run+0x1e8/0x2a0 [ 35.480796] do_exit+0x1ae4/0x26e0 [ 35.480799] do_group_exit+0x177/0x440 [ 35.480803] __x64_sys_exit_group+0x3e/0x50 [ 35.480807] do_syscall_64+0x1b9/0x820 [ 35.480812] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.480814] [ 35.480818] other info that might help us debug this: [ 35.480820] [ 35.480823] Chain exists of: [ 35.480825] (console_sem).lock --> &rq->lock --> report_lock [ 35.480843] [ 35.480847] Possible unsafe locking scenario: [ 35.480849] [ 35.480853] CPU0 CPU1 [ 35.480857] ---- ---- [ 35.480860] lock(report_lock); [ 35.480869] lock(&rq->lock); [ 35.480878] lock(report_lock); [ 35.480885] lock((console_sem).lock); [ 35.480893] [ 35.480896] *** DEADLOCK *** [ 35.480899] [ 35.480903] 2 locks held by syz-executor393/4653: [ 35.480905] #0: 0000000042c30fb2 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 35.480921] #1: 00000000e73ebc35 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.480938] [ 35.480941] stack backtrace: [ 35.480947] CPU: 1 PID: 4653 Comm: syz-executor393 Not tainted 4.19.0-rc1+ #216 [ 35.480953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.480956] Call Trace: [ 35.480960] dump_stack+0x1c9/0x2b4 [ 35.480964] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.480968] ? vprintk_func+0x100/0x117 [ 35.480973] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 35.480976] ? save_trace+0xe0/0x290 [ 35.480980] __lock_acquire+0x3449/0x5020 [ 35.480984] ? mark_held_locks+0x160/0x160 [ 35.480988] ? mark_held_locks+0x160/0x160 [ 35.480993] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.480997] ? is_bpf_text_address+0xd7/0x170 [ 35.481001] ? kernel_text_address+0x79/0xf0 [ 35.481005] ? __kernel_text_address+0xd/0x40 [ 35.481009] ? __save_stack_trace+0x8d/0xf0 [ 35.481013] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 35.481017] ? save_trace+0x290/0x290 [ 35.481021] ? save_stack_trace+0x1a/0x20 [ 35.481024] ? save_trace+0xe0/0x290 [ 35.481028] ? graph_lock+0x170/0x170 [ 35.481033] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.481036] lock_acquire+0x1e4/0x4f0 [ 35.481040] ? down_trylock+0x13/0x70 [ 35.481044] ? lock_release+0x9f0/0x9f0 [ 35.481048] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.481052] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.481056] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.481059] ? log_store+0x34f/0x4c0 [ 35.481063] ? vprintk_emit+0x31f/0x910 [ 35.481067] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.481071] ? down_trylock+0x13/0x70 [ 35.481074] down_trylock+0x13/0x70 [ 35.481079] __down_trylock_console_sem+0xae/0x200 [ 35.481083] console_trylock+0x15/0xa0 [ 35.481086] vprintk_emit+0x31f/0x910 [ 35.481090] ? wake_up_klogd+0x110/0x110 [ 35.481100] ? run_rebalance_domains+0x4c0/0x4c0 [ 35.481104] ? kasan_check_read+0x11/0x20 [ 35.481108] ? rcu_is_watching+0x8c/0x150 [ 35.481112] ? rcu_pm_notify+0xc0/0xc0 [ 35.481116] ? lock_acquire+0x1e4/0x4f0 [ 35.481119] ? kasan_report+0x8e/0x110 [ 35.481123] ? __schedule+0xf54/0x1df0 [ 35.481127] vprintk_default+0x28/0x30 [ 35.481131] vprintk_func+0x7a/0x117 [ 35.481134] printk+0xa7/0xcf [ 35.481138] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.481142] ? kasan_check_write+0x14/0x20 [ 35.481146] ? do_raw_spin_lock+0xc1/0x200 [ 35.481150] ? do_raw_spin_lock+0xc1/0x200 [ 35.481153] kasan_report+0x9e/0x110 [ 35.481158] __asan_report_load8_noabort+0x14/0x20 [ 35.481161] __schedule+0xf54/0x1df0 [ 35.481166] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.481170] ? __sched_text_start+0x8/0x8 [ 35.481174] ? __call_srcu+0x7e7/0x1040 [ 35.481178] ? check_same_owner+0x340/0x340 [ 35.481181] ? mark_held_locks+0x160/0x160 [ 35.481194] ? find_held_lock+0x36/0x1c0 [ 35.481198] preempt_schedule_common+0x22/0x60 [ 35.481202] _cond_resched+0x1d/0x30 [ 35.481206] wait_for_completion+0xa5/0x8d0 [ 35.481210] ? wait_for_completion_interruptible+0x950/0x950 [ 35.481215] ? __lockdep_init_map+0x105/0x590 [ 35.481219] ? __init_waitqueue_head+0x9e/0x150 [ 35.481223] ? init_wait_entry+0x1c0/0x1c0 [ 35.481227] __synchronize_srcu+0x189/0x240 [ 35.481230] ? call_srcu+0x10/0x10 [ 35.481234] ? rcu_unexpedite_gp+0x20/0x20 [ 35.481238] synchronize_srcu+0x335/0x56f [ 35.481242] ? lock_downgrade+0x8f0/0x8f0 [ 35.481247] ? synchronize_srcu_expedited+0x20/0x20 [ 35.481251] ? kasan_check_read+0x11/0x20 [ 35.481255] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.481259] ? kasan_check_write+0x14/0x20 [ 35.481262] ? do_raw_spin_lock+0xc1/0x200 [ 35.481267] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.481272] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.481275] ? kvfree+0x61/0x70 [ 35.481280] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.481284] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.481288] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.481292] ? kvm_arch_sync_events+0x30/0x30 [ 35.481296] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.481301] ? mmu_notifier_unregister+0x474/0x600 [ 35.481305] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.481308] ? kfree+0x111/0x210 [ 35.481312] ? __mmu_notifier_register+0x30/0x30 [ 35.481316] ? __free_pages+0x10a/0x190 [ 35.481320] ? free_unref_page+0x930/0x930 [ 35.481324] kvm_put_kvm+0x73f/0x1060 [ 35.481328] ? kvm_write_guest_cached+0x40/0x40 [ 35.481332] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.481336] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.481340] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.481344] ? kasan_check_write+0x14/0x20 [ 35.481348] ? do_raw_spin_lock+0xc1/0x200 [ 35.481352] ? kvm_irqfd_release+0xdd/0x120 [ 35.481356] ? kvm_irqfd_release+0xdd/0x120 [ 35.481360] ? kvm_put_kvm+0x1060/0x1060 [ 35.481364] kvm_vm_release+0x42/0x50 [ 35.481367] __fput+0x38a/0xa40 [ 35.481371] ? __alloc_file+0x400/0x400 [ 35.481375] ? check_same_owner+0x340/0x340 [ 35.481379] ? kasan_check_write+0x14/0x20 [ 35.481383] ? do_raw_spin_lock+0xc1/0x200 [ 35.481386] ____fput+0x15/0x20 [ 35.481390] task_work_run+0x1e8/0x2a0 [ 35.481394] ? task_work_cancel+0x240/0x240 [ 35.481398] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.481403] ? switch_task_namespaces+0xa2/0xd0 [ 35.481406] do_exit+0x1ae4/0x26e0 [ 35.481410] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.481414] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.481418] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.481422] ? kfree+0x1d7/0x210 [ 35.481426] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.481430] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.481435] ? is_bpf_text_address+0xd7/0x170 [ 35.481437] ? [ 35.481446] Lost 55 message(s)! [ 36.561922] Shutting down cpus with NMI [ 37.621832] Dumping ftrace buffer: [ 37.625358] (ftrace buffer empty) [ 37.629048] Kernel Offset: disabled [ 37.632666] Rebooting in 86400 seconds..