[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.384432] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.552624] random: sshd: uninitialized urandom read (32 bytes read) [ 26.759054] random: sshd: uninitialized urandom read (32 bytes read) [ 27.291311] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts. [ 33.040036] urandom_read: 1 callbacks suppressed [ 33.040042] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.154757] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.179489] ================================================================== [ 33.189339] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.195564] Read of size 8 at addr ffff8801b9d80058 by task syz-executor039/4663 [ 33.203082] [ 33.204711] CPU: 1 PID: 4663 Comm: syz-executor039 Not tainted 4.19.0-rc1+ #217 [ 33.212143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.221488] Call Trace: [ 33.224078] dump_stack+0x1c9/0x2b4 [ 33.227706] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.232899] ? printk+0xa7/0xcf [ 33.236179] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.240937] ? __schedule+0xf54/0x1df0 [ 33.244820] print_address_description+0x6c/0x20b [ 33.249662] ? __schedule+0xf54/0x1df0 [ 33.253545] kasan_report.cold.7+0x242/0x30d [ 33.257950] __asan_report_load8_noabort+0x14/0x20 [ 33.262881] __schedule+0xf54/0x1df0 [ 33.266591] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.271691] ? __sched_text_start+0x8/0x8 [ 33.275839] ? __call_srcu+0x7e7/0x1040 [ 33.279851] ? check_same_owner+0x340/0x340 [ 33.284175] ? mark_held_locks+0x160/0x160 [ 33.288411] ? find_held_lock+0x36/0x1c0 [ 33.292472] preempt_schedule_common+0x22/0x60 [ 33.297049] _cond_resched+0x1d/0x30 [ 33.300757] wait_for_completion+0xa5/0x8d0 [ 33.305080] ? wait_for_completion_interruptible+0x950/0x950 [ 33.310883] ? __lockdep_init_map+0x105/0x590 [ 33.315380] ? __init_waitqueue_head+0x9e/0x150 [ 33.320048] ? init_wait_entry+0x1c0/0x1c0 [ 33.324283] __synchronize_srcu+0x189/0x240 [ 33.328596] ? call_srcu+0x10/0x10 [ 33.332131] ? rcu_unexpedite_gp+0x20/0x20 [ 33.336367] synchronize_srcu+0x335/0x56f [ 33.340512] ? lock_downgrade+0x8f0/0x8f0 [ 33.344657] ? synchronize_srcu_expedited+0x20/0x20 [ 33.349674] ? kasan_check_read+0x11/0x20 [ 33.353817] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.358399] ? kasan_check_write+0x14/0x20 [ 33.362632] ? do_raw_spin_lock+0xc1/0x200 [ 33.366876] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.372583] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.378027] ? kvfree+0x61/0x70 [ 33.381301] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.386316] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.390373] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.394780] ? kvm_arch_sync_events+0x30/0x30 [ 33.399292] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.404829] ? mmu_notifier_unregister+0x474/0x600 [ 33.409754] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.414157] ? kfree+0x111/0x210 [ 33.417519] ? __mmu_notifier_register+0x30/0x30 [ 33.422272] ? __free_pages+0x10a/0x190 [ 33.426246] ? free_unref_page+0x930/0x930 [ 33.430488] kvm_put_kvm+0x73f/0x1060 [ 33.434293] ? kvm_write_guest_cached+0x40/0x40 [ 33.438961] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.443453] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.447941] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.452524] ? kasan_check_write+0x14/0x20 [ 33.456754] ? do_raw_spin_lock+0xc1/0x200 [ 33.460987] ? kvm_irqfd_release+0xdd/0x120 [ 33.465303] ? kvm_irqfd_release+0xdd/0x120 [ 33.469622] ? kvm_put_kvm+0x1060/0x1060 [ 33.473677] kvm_vm_release+0x42/0x50 [ 33.477472] __fput+0x38a/0xa40 [ 33.480750] ? __alloc_file+0x400/0x400 [ 33.484723] ? check_same_owner+0x340/0x340 [ 33.489038] ? kasan_check_write+0x14/0x20 [ 33.493266] ? do_raw_spin_lock+0xc1/0x200 [ 33.497498] ____fput+0x15/0x20 [ 33.500773] task_work_run+0x1e8/0x2a0 [ 33.504653] ? task_work_cancel+0x240/0x240 [ 33.508975] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.514506] ? switch_task_namespaces+0xa2/0xd0 [ 33.519175] do_exit+0x1ae4/0x26e0 [ 33.522712] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.527381] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.531627] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.536636] ? kfree+0x1d7/0x210 [ 33.539999] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.544231] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.549942] ? is_bpf_text_address+0xd7/0x170 [ 33.554435] ? kernel_text_address+0x79/0xf0 [ 33.558839] ? __kernel_text_address+0xd/0x40 [ 33.563339] ? unwind_get_return_address+0x61/0xa0 [ 33.568263] ? __save_stack_trace+0x8d/0xf0 [ 33.572586] ? save_stack+0xa9/0xd0 [ 33.576209] ? save_stack+0x43/0xd0 [ 33.579828] ? __kasan_slab_free+0x11a/0x170 [ 33.584229] ? kasan_slab_free+0xe/0x10 [ 33.588196] ? putname+0xf2/0x130 [ 33.591647] ? __x64_sys_openat+0x9d/0x100 [ 33.595884] ? do_syscall_64+0x1b9/0x820 [ 33.599942] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.605319] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.609724] ? kasan_check_read+0x11/0x20 [ 33.613878] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.618283] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.622693] ? initcall_blacklisted+0x9a/0x1e0 [ 33.627274] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.632375] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.638091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.643624] ? do_vfs_ioctl+0x201/0x1720 [ 33.647679] ? rcu_is_watching+0x8c/0x150 [ 33.651822] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.656143] ? ioctl_preallocate+0x300/0x300 [ 33.660550] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.666080] ? __fget_light+0x2f7/0x440 [ 33.670051] ? fget_raw+0x20/0x20 [ 33.673495] ? putname+0xf2/0x130 [ 33.676944] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.681957] ? kmem_cache_free+0x246/0x280 [ 33.686188] ? putname+0xf7/0x130 [ 33.689637] do_group_exit+0x177/0x440 [ 33.693521] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.697847] ? __ia32_sys_exit+0x50/0x50 [ 33.701910] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.707013] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.712543] ? ksys_ioctl+0x81/0xd0 [ 33.716165] __x64_sys_exit_group+0x3e/0x50 [ 33.720483] do_syscall_64+0x1b9/0x820 [ 33.724369] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.729734] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.734656] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.739496] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.744507] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.749522] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.754363] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.759546] RIP: 0033:0x43f028 [ 33.762733] Code: Bad RIP value. [ 33.766089] RSP: 002b:00007ffe3cce9198 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.773790] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 33.781055] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.788321] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.795619] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.802895] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 33.810171] [ 33.811791] Allocated by task 4663: [ 33.815419] save_stack+0x43/0xd0 [ 33.818875] kasan_kmalloc+0xc4/0xe0 [ 33.822585] kasan_slab_alloc+0x12/0x20 [ 33.826551] kmem_cache_alloc+0x12e/0x710 [ 33.830692] vmx_create_vcpu+0xcf/0x2830 [ 33.834745] kvm_arch_vcpu_create+0xe5/0x220 [ 33.839164] kvm_vm_ioctl+0x488/0x1d80 [ 33.843044] do_vfs_ioctl+0x1de/0x1720 [ 33.846924] ksys_ioctl+0xa9/0xd0 [ 33.850375] __x64_sys_ioctl+0x73/0xb0 [ 33.854259] do_syscall_64+0x1b9/0x820 [ 33.858146] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.863324] [ 33.864940] Freed by task 4663: [ 33.868211] save_stack+0x43/0xd0 [ 33.871658] __kasan_slab_free+0x11a/0x170 [ 33.875895] kasan_slab_free+0xe/0x10 [ 33.879686] kmem_cache_free+0x86/0x280 [ 33.883651] vmx_free_vcpu+0x26b/0x300 [ 33.887529] kvm_arch_destroy_vm+0x365/0x7c0 [ 33.891930] kvm_put_kvm+0x73f/0x1060 [ 33.895724] kvm_vm_release+0x42/0x50 [ 33.899517] __fput+0x38a/0xa40 [ 33.902787] ____fput+0x15/0x20 [ 33.906061] task_work_run+0x1e8/0x2a0 [ 33.909938] do_exit+0x1ae4/0x26e0 [ 33.913474] do_group_exit+0x177/0x440 [ 33.917355] __x64_sys_exit_group+0x3e/0x50 [ 33.921672] do_syscall_64+0x1b9/0x820 [ 33.925554] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.930926] [ 33.932547] The buggy address belongs to the object at ffff8801b9d80040 [ 33.932547] which belongs to the cache kvm_vcpu of size 23872 [ 33.945114] The buggy address is located 24 bytes inside of [ 33.945114] 23872-byte region [ffff8801b9d80040, ffff8801b9d85d80) [ 33.957064] The buggy address belongs to the page: [ 33.961986] page:ffffea0006e76000 count:1 mapcount:0 mapping:ffff8801d533cb40 index:0x0 compound_mapcount: 0 [ 33.971949] flags: 0x2fffc0000008100(slab|head) [ 33.976619] raw: 02fffc0000008100 ffff8801d73ad048 ffff8801d73ad048 ffff8801d533cb40 [ 33.984494] raw: 0000000000000000 ffff8801b9d80040 0000000100000001 0000000000000000 [ 33.992358] page dumped because: kasan: bad access detected [ 33.998051] [ 33.999664] Memory state around the buggy address: [ 34.004583] ffff8801b9d7ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.011938] ffff8801b9d7ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.019291] >ffff8801b9d80000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.026648] ^ [ 34.032877] ffff8801b9d80080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.040232] ffff8801b9d80100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.047573] ================================================================== [ 34.054925] Kernel panic - not syncing: panic_on_warn set ... [ 34.054925] [ 34.062755] CPU: 1 PID: 4663 Comm: syz-executor039 Tainted: G B 4.19.0-rc1+ #217 [ 34.071583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.080923] Call Trace: [ 34.083513] dump_stack+0x1c9/0x2b4 [ 34.087142] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.092327] ? lock_downgrade+0x8f0/0x8f0 [ 34.096471] ? __schedule+0xf54/0x1df0 [ 34.100357] panic+0x238/0x4e7 [ 34.103546] ? add_taint.cold.5+0x16/0x16 [ 34.107695] ? print_shadow_for_address+0xba/0x116 [ 34.112618] ? trace_hardirqs_off+0xaf/0x2b0 [ 34.117049] ? trace_hardirqs_off+0x77/0x2b0 [ 34.121454] ? __schedule+0xf54/0x1df0 [ 34.125335] kasan_end_report+0x47/0x4f [ 34.129320] kasan_report.cold.7+0x76/0x30d [ 34.133638] __asan_report_load8_noabort+0x14/0x20 [ 34.138560] __schedule+0xf54/0x1df0 [ 34.142271] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.147371] ? __sched_text_start+0x8/0x8 [ 34.151523] ? __call_srcu+0x7e7/0x1040 [ 34.155500] ? check_same_owner+0x340/0x340 [ 34.159816] ? mark_held_locks+0x160/0x160 [ 34.164042] ? find_held_lock+0x36/0x1c0 [ 34.168102] preempt_schedule_common+0x22/0x60 [ 34.172681] _cond_resched+0x1d/0x30 [ 34.176399] wait_for_completion+0xa5/0x8d0 [ 34.180722] ? wait_for_completion_interruptible+0x950/0x950 [ 34.186523] ? __lockdep_init_map+0x105/0x590 [ 34.191014] ? __init_waitqueue_head+0x9e/0x150 [ 34.195676] ? init_wait_entry+0x1c0/0x1c0 [ 34.199911] __synchronize_srcu+0x189/0x240 [ 34.204226] ? call_srcu+0x10/0x10 [ 34.207764] ? rcu_unexpedite_gp+0x20/0x20 [ 34.212002] synchronize_srcu+0x335/0x56f [ 34.216145] ? lock_downgrade+0x8f0/0x8f0 [ 34.220291] ? synchronize_srcu_expedited+0x20/0x20 [ 34.225309] ? kasan_check_read+0x11/0x20 [ 34.229456] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.234036] ? kasan_check_write+0x14/0x20 [ 34.238264] ? do_raw_spin_lock+0xc1/0x200 [ 34.242501] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.248206] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.253650] ? kvfree+0x61/0x70 [ 34.256930] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.261943] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.266001] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.270409] ? kvm_arch_sync_events+0x30/0x30 [ 34.274903] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.280440] ? mmu_notifier_unregister+0x474/0x600 [ 34.285363] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.289769] ? kfree+0x111/0x210 [ 34.293134] ? __mmu_notifier_register+0x30/0x30 [ 34.297892] ? __free_pages+0x10a/0x190 [ 34.301874] ? free_unref_page+0x930/0x930 [ 34.306113] kvm_put_kvm+0x73f/0x1060 [ 34.309919] ? kvm_write_guest_cached+0x40/0x40 [ 34.314587] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.319077] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.323566] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.328149] ? kasan_check_write+0x14/0x20 [ 34.332377] ? do_raw_spin_lock+0xc1/0x200 [ 34.336614] ? kvm_irqfd_release+0xdd/0x120 [ 34.340955] ? kvm_irqfd_release+0xdd/0x120 [ 34.345274] ? kvm_put_kvm+0x1060/0x1060 [ 34.349331] kvm_vm_release+0x42/0x50 [ 34.353127] __fput+0x38a/0xa40 [ 34.356407] ? __alloc_file+0x400/0x400 [ 34.360382] ? check_same_owner+0x340/0x340 [ 34.364705] ? kasan_check_write+0x14/0x20 [ 34.368937] ? do_raw_spin_lock+0xc1/0x200 [ 34.373167] ____fput+0x15/0x20 [ 34.376444] task_work_run+0x1e8/0x2a0 [ 34.380326] ? task_work_cancel+0x240/0x240 [ 34.384645] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.390176] ? switch_task_namespaces+0xa2/0xd0 [ 34.394841] do_exit+0x1ae4/0x26e0 [ 34.398387] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.403064] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.407301] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.412314] ? kfree+0x1d7/0x210 [ 34.415678] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.419909] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.425616] ? is_bpf_text_address+0xd7/0x170 [ 34.430104] ? kernel_text_address+0x79/0xf0 [ 34.434854] ? __kernel_text_address+0xd/0x40 [ 34.439353] ? unwind_get_return_address+0x61/0xa0 [ 34.444284] ? __save_stack_trace+0x8d/0xf0 [ 34.448607] ? save_stack+0xa9/0xd0 [ 34.452230] ? save_stack+0x43/0xd0 [ 34.455853] ? __kasan_slab_free+0x11a/0x170 [ 34.460263] ? kasan_slab_free+0xe/0x10 [ 34.464230] ? putname+0xf2/0x130 [ 34.467680] ? __x64_sys_openat+0x9d/0x100 [ 34.471910] ? do_syscall_64+0x1b9/0x820 [ 34.475968] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.481327] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.485732] ? kasan_check_read+0x11/0x20 [ 34.489882] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.494285] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.498692] ? initcall_blacklisted+0x9a/0x1e0 [ 34.503270] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.508375] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.514085] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.519617] ? do_vfs_ioctl+0x201/0x1720 [ 34.523674] ? rcu_is_watching+0x8c/0x150 [ 34.527816] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.532139] ? ioctl_preallocate+0x300/0x300 [ 34.536545] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.542081] ? __fget_light+0x2f7/0x440 [ 34.546058] ? fget_raw+0x20/0x20 [ 34.549503] ? putname+0xf2/0x130 [ 34.552955] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.557971] ? kmem_cache_free+0x246/0x280 [ 34.562198] ? putname+0xf7/0x130 [ 34.565649] do_group_exit+0x177/0x440 [ 34.569535] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.573851] ? __ia32_sys_exit+0x50/0x50 [ 34.577915] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.583015] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.588547] ? ksys_ioctl+0x81/0xd0 [ 34.592173] __x64_sys_exit_group+0x3e/0x50 [ 34.596491] do_syscall_64+0x1b9/0x820 [ 34.600372] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.605739] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.610661] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.615496] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.620507] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.625524] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.630364] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.635548] RIP: 0033:0x43f028 [ 34.638751] Code: Bad RIP value. [ 34.642106] RSP: 002b:00007ffe3cce9198 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.649807] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 34.657078] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.664339] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.671601] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.678862] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 34.686143] [ 34.686148] ====================================================== [ 34.686154] WARNING: possible circular locking dependency detected [ 34.686157] 4.19.0-rc1+ #217 Not tainted [ 34.686163] ------------------------------------------------------ [ 34.686168] syz-executor039/4663 is trying to acquire lock: [ 34.686171] 000000001ed2d6a4 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 34.686186] [ 34.686190] but task is already holding lock: [ 34.686194] 0000000099fee23f (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.686208] [ 34.686212] which lock already depends on the new lock. [ 34.686215] [ 34.686217] [ 34.686222] the existing dependency chain (in reverse order) is: [ 34.686224] [ 34.686227] -> #3 (report_lock){....}: [ 34.686241] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.686245] kasan_report+0x8e/0x110 [ 34.686250] __asan_report_load8_noabort+0x14/0x20 [ 34.686254] __schedule+0xf54/0x1df0 [ 34.686258] preempt_schedule_common+0x22/0x60 [ 34.686262] _cond_resched+0x1d/0x30 [ 34.686266] wait_for_completion+0xa5/0x8d0 [ 34.686270] __synchronize_srcu+0x189/0x240 [ 34.686274] synchronize_srcu+0x335/0x56f [ 34.686279] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.686283] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.686287] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.686291] kvm_put_kvm+0x73f/0x1060 [ 34.686295] kvm_vm_release+0x42/0x50 [ 34.686299] __fput+0x38a/0xa40 [ 34.686302] ____fput+0x15/0x20 [ 34.686306] task_work_run+0x1e8/0x2a0 [ 34.686310] do_exit+0x1ae4/0x26e0 [ 34.686314] do_group_exit+0x177/0x440 [ 34.686318] __x64_sys_exit_group+0x3e/0x50 [ 34.686322] do_syscall_64+0x1b9/0x820 [ 34.686326] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.686329] [ 34.686331] -> #2 (&rq->lock){-.-.}: [ 34.686345] _raw_spin_lock+0x2a/0x40 [ 34.686349] task_fork_fair+0x93/0x680 [ 34.686353] sched_fork+0x44b/0xbd0 [ 34.686356] copy_process+0x235e/0x7ad0 [ 34.686360] _do_fork+0x1ca/0x1170 [ 34.686364] kernel_thread+0x34/0x40 [ 34.686368] rest_init+0x22/0xe4 [ 34.686371] start_kernel+0x913/0x94e [ 34.686376] x86_64_start_reservations+0x29/0x2b [ 34.686380] x86_64_start_kernel+0x76/0x79 [ 34.686384] secondary_startup_64+0xa4/0xb0 [ 34.686386] [ 34.686394] -> #1 (&p->pi_lock){-.-.}: [ 34.686409] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.686413] try_to_wake_up+0xd2/0x1250 [ 34.686417] wake_up_process+0x10/0x20 [ 34.686420] __up.isra.1+0x1c0/0x2a0 [ 34.686424] up+0x13c/0x1c0 [ 34.686428] __up_console_sem+0xbe/0x1b0 [ 34.686432] console_unlock+0x506/0x10d0 [ 34.686436] vprintk_emit+0x33a/0x910 [ 34.686439] vprintk_default+0x28/0x30 [ 34.686443] vprintk_func+0x7a/0x117 [ 34.686447] printk+0xa7/0xcf [ 34.686450] load_umh+0x51/0xbd [ 34.686454] do_one_initcall+0x127/0x838 [ 34.686458] kernel_init_freeable+0x4bb/0x5ae [ 34.686462] kernel_init+0x11/0x1b3 [ 34.686466] ret_from_fork+0x3a/0x50 [ 34.686468] [ 34.686471] -> #0 ((console_sem).lock){-...}: [ 34.686485] lock_acquire+0x1e4/0x4f0 [ 34.686489] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.686493] down_trylock+0x13/0x70 [ 34.686498] __down_trylock_console_sem+0xae/0x200 [ 34.686502] console_trylock+0x15/0xa0 [ 34.686506] vprintk_emit+0x31f/0x910 [ 34.686509] vprintk_default+0x28/0x30 [ 34.686513] vprintk_func+0x7a/0x117 [ 34.686517] printk+0xa7/0xcf [ 34.686521] kasan_report+0x9e/0x110 [ 34.686525] __asan_report_load8_noabort+0x14/0x20 [ 34.686529] __schedule+0xf54/0x1df0 [ 34.686533] preempt_schedule_common+0x22/0x60 [ 34.686537] _cond_resched+0x1d/0x30 [ 34.686541] wait_for_completion+0xa5/0x8d0 [ 34.686545] __synchronize_srcu+0x189/0x240 [ 34.686549] synchronize_srcu+0x335/0x56f [ 34.686554] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.686558] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.686562] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.686566] kvm_put_kvm+0x73f/0x1060 [ 34.686570] kvm_vm_release+0x42/0x50 [ 34.686574] __fput+0x38a/0xa40 [ 34.686577] ____fput+0x15/0x20 [ 34.686581] task_work_run+0x1e8/0x2a0 [ 34.686585] do_exit+0x1ae4/0x26e0 [ 34.686589] do_group_exit+0x177/0x440 [ 34.686593] __x64_sys_exit_group+0x3e/0x50 [ 34.686597] do_syscall_64+0x1b9/0x820 [ 34.686601] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.686604] [ 34.686608] other info that might help us debug this: [ 34.686610] [ 34.686613] Chain exists of: [ 34.686615] (console_sem).lock --> &rq->lock --> report_lock [ 34.686634] [ 34.686638] Possible unsafe locking scenario: [ 34.686640] [ 34.686644] CPU0 CPU1 [ 34.686648] ---- ---- [ 34.686650] lock(report_lock); [ 34.686660] lock(&rq->lock); [ 34.686669] lock(report_lock); [ 34.686677] lock((console_sem).lock); [ 34.686685] [ 34.686688] *** DEADLOCK *** [ 34.686691] [ 34.686695] 2 locks held by syz-executor039/4663: [ 34.686697] #0: 00000000b9683bb2 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 34.686714] #1: 0000000099fee23f (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.686731] [ 34.686734] stack backtrace: [ 34.686740] CPU: 1 PID: 4663 Comm: syz-executor039 Not tainted 4.19.0-rc1+ #217 [ 34.686747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.686750] Call Trace: [ 34.686754] dump_stack+0x1c9/0x2b4 [ 34.686759] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.686762] ? vprintk_func+0x100/0x117 [ 34.686767] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 34.686771] ? save_trace+0xe0/0x290 [ 34.686775] __lock_acquire+0x3449/0x5020 [ 34.686779] ? mark_held_locks+0x160/0x160 [ 34.686783] ? mark_held_locks+0x160/0x160 [ 34.686788] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.686792] ? is_bpf_text_address+0xd7/0x170 [ 34.686796] ? kernel_text_address+0x79/0xf0 [ 34.686800] ? __kernel_text_address+0xd/0x40 [ 34.686804] ? __save_stack_trace+0x8d/0xf0 [ 34.686809] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 34.686813] ? save_trace+0x290/0x290 [ 34.686817] ? save_stack_trace+0x1a/0x20 [ 34.686820] ? save_trace+0xe0/0x290 [ 34.686824] ? graph_lock+0x170/0x170 [ 34.686829] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.686833] lock_acquire+0x1e4/0x4f0 [ 34.686837] ? down_trylock+0x13/0x70 [ 34.686841] ? lock_release+0x9f0/0x9f0 [ 34.686845] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.686849] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.686853] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.686857] ? log_store+0x34f/0x4c0 [ 34.686861] ? vprintk_emit+0x31f/0x910 [ 34.686874] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.686878] ? down_trylock+0x13/0x70 [ 34.686882] down_trylock+0x13/0x70 [ 34.686886] __down_trylock_console_sem+0xae/0x200 [ 34.686890] console_trylock+0x15/0xa0 [ 34.686894] vprintk_emit+0x31f/0x910 [ 34.686898] ? wake_up_klogd+0x110/0x110 [ 34.686902] ? run_rebalance_domains+0x4c0/0x4c0 [ 34.686906] ? kasan_check_read+0x11/0x20 [ 34.686910] ? rcu_is_watching+0x8c/0x150 [ 34.686914] ? rcu_pm_notify+0xc0/0xc0 [ 34.686918] ? lock_acquire+0x1e4/0x4f0 [ 34.686922] ? kasan_report+0x8e/0x110 [ 34.686926] ? __schedule+0xf54/0x1df0 [ 34.686930] vprintk_default+0x28/0x30 [ 34.686933] vprintk_func+0x7a/0x117 [ 34.686937] printk+0xa7/0xcf [ 34.686941] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.686945] ? kasan_check_write+0x14/0x20 [ 34.686949] ? do_raw_spin_lock+0xc1/0x200 [ 34.686953] ? do_raw_spin_lock+0xc1/0x200 [ 34.686957] kasan_report+0x9e/0x110 [ 34.686962] __asan_report_load8_noabort+0x14/0x20 [ 34.686965] __schedule+0xf54/0x1df0 [ 34.686970] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.686974] ? __sched_text_start+0x8/0x8 [ 34.686978] ? __call_srcu+0x7e7/0x1040 [ 34.686982] ? check_same_owner+0x340/0x340 [ 34.686986] ? mark_held_locks+0x160/0x160 [ 34.686990] ? find_held_lock+0x36/0x1c0 [ 34.686994] preempt_schedule_common+0x22/0x60 [ 34.686998] _cond_resched+0x1d/0x30 [ 34.687002] wait_for_completion+0xa5/0x8d0 [ 34.687007] ? wait_for_completion_interruptible+0x950/0x950 [ 34.687011] ? __lockdep_init_map+0x105/0x590 [ 34.687016] ? __init_waitqueue_head+0x9e/0x150 [ 34.687020] ? init_wait_entry+0x1c0/0x1c0 [ 34.687024] __synchronize_srcu+0x189/0x240 [ 34.687028] ? call_srcu+0x10/0x10 [ 34.687032] ? rcu_unexpedite_gp+0x20/0x20 [ 34.687036] synchronize_srcu+0x335/0x56f [ 34.687040] ? lock_downgrade+0x8f0/0x8f0 [ 34.687044] ? synchronize_srcu_expedited+0x20/0x20 [ 34.687048] ? kasan_check_read+0x11/0x20 [ 34.687053] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.687057] ? kasan_check_write+0x14/0x20 [ 34.687061] ? do_raw_spin_lock+0xc1/0x200 [ 34.687066] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.687070] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.687074] ? kvfree+0x61/0x70 [ 34.687079] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.687083] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.687087] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.687091] ? kvm_arch_sync_events+0x30/0x30 [ 34.687096] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.687100] ? mmu_notifier_unregister+0x474/0x600 [ 34.687105] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.687108] ? kfree+0x111/0x210 [ 34.687113] ? __mmu_notifier_register+0x30/0x30 [ 34.687117] ? __free_pages+0x10a/0x190 [ 34.687121] ? free_unref_page+0x930/0x930 [ 34.687124] kvm_put_kvm+0x73f/0x1060 [ 34.687129] ? kvm_write_guest_cached+0x40/0x40 [ 34.687133] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.687137] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.687141] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.687145] ? kasan_check_write+0x14/0x20 [ 34.687149] ? do_raw_spin_lock+0xc1/0x200 [ 34.687154] ? kvm_irqfd_release+0xdd/0x120 [ 34.687158] ? kvm_irqfd_release+0xdd/0x120 [ 34.687162] ? kvm_put_kvm+0x1060/0x1060 [ 34.687165] kvm_vm_release+0x42/0x50 [ 34.687169] __fput+0x38a/0xa40 [ 34.687173] ? __alloc_file+0x400/0x400 [ 34.687177] ? check_same_owner+0x340/0x340 [ 34.687181] ? kasan_check_write+0x14/0x20 [ 34.687185] ? do_raw_spin_lock+0xc1/0x200 [ 34.687189] ____fput+0x15/0x20 [ 34.687192] task_work_run+0x1e8/0x2a0 [ 34.687197] ? task_work_cancel+0x240/0x240 [ 34.687201] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.687206] ? switch_task_namespaces+0xa2/0xd0 [ 34.687209] do_exit+0x1ae4/0x26e0 [ 34.687214] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.687218] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.687222] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.687226] ? kfree+0x1d7/0x210 [ 34.687230] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.687235] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.687239] ? is_bpf_text_address+0xd7/0x170 [ 34.687241] ? [ 34.687248] Lost 54 message(s)! [ 35.763410] Shutting down cpus with NMI [ 36.822585] Dumping ftrace buffer: [ 36.826113] (ftrace buffer empty) [ 36.829800] Kernel Offset: disabled [ 36.833419] Rebooting in 86400 seconds..