[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.899500] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.650182] random: sshd: uninitialized urandom read (32 bytes read) [ 25.906183] random: sshd: uninitialized urandom read (32 bytes read) [ 26.454227] random: sshd: uninitialized urandom read (32 bytes read) [ 34.723682] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts. [ 40.337716] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 40.431754] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 40.454422] ================================================================== [ 40.463308] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 40.469536] Read of size 8 at addr ffff8801c9b98058 by task syz-executor131/4370 [ 40.477040] [ 40.478647] CPU: 0 PID: 4370 Comm: syz-executor131 Not tainted 4.19.0-rc1+ #213 [ 40.486088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.495419] Call Trace: [ 40.497986] dump_stack+0x1c9/0x2b4 [ 40.501593] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.506775] ? printk+0xa7/0xcf [ 40.510048] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 40.514802] ? __schedule+0xf54/0x1df0 [ 40.518747] print_address_description+0x6c/0x20b [ 40.523577] ? __schedule+0xf54/0x1df0 [ 40.527526] kasan_report.cold.7+0x242/0x30d [ 40.531924] __asan_report_load8_noabort+0x14/0x20 [ 40.536967] __schedule+0xf54/0x1df0 [ 40.540663] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 40.545890] ? __sched_text_start+0x8/0x8 [ 40.550024] ? __call_srcu+0x7e7/0x1040 [ 40.553984] ? check_same_owner+0x340/0x340 [ 40.558285] ? mark_held_locks+0x160/0x160 [ 40.562509] ? find_held_lock+0x36/0x1c0 [ 40.566549] preempt_schedule_common+0x22/0x60 [ 40.571110] _cond_resched+0x1d/0x30 [ 40.574894] wait_for_completion+0xa5/0x8d0 [ 40.579308] ? wait_for_completion_interruptible+0x950/0x950 [ 40.585194] ? __lockdep_init_map+0x105/0x590 [ 40.589671] ? __init_waitqueue_head+0x9e/0x150 [ 40.594372] ? init_wait_entry+0x1c0/0x1c0 [ 40.598599] __synchronize_srcu+0x189/0x240 [ 40.602901] ? call_srcu+0x10/0x10 [ 40.606438] ? rcu_unexpedite_gp+0x20/0x20 [ 40.610663] synchronize_srcu+0x335/0x56f [ 40.614819] ? lock_downgrade+0x8f0/0x8f0 [ 40.618950] ? synchronize_srcu_expedited+0x20/0x20 [ 40.623952] ? kasan_check_read+0x11/0x20 [ 40.628088] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.632651] ? kasan_check_write+0x14/0x20 [ 40.636878] ? do_raw_spin_lock+0xc1/0x200 [ 40.641138] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.646850] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 40.652279] ? kvfree+0x61/0x70 [ 40.655539] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.660534] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.664570] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.668974] ? kvm_arch_sync_events+0x30/0x30 [ 40.673452] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.678968] ? mmu_notifier_unregister+0x474/0x600 [ 40.683880] ? trace_hardirqs_on+0x2c0/0x2c0 [ 40.688270] ? kfree+0x111/0x210 [ 40.691676] ? __mmu_notifier_register+0x30/0x30 [ 40.696437] ? __free_pages+0x10a/0x190 [ 40.700392] ? free_unref_page+0x930/0x930 [ 40.704614] kvm_put_kvm+0x73f/0x1060 [ 40.708396] ? kvm_write_guest_cached+0x40/0x40 [ 40.713057] ? _raw_spin_unlock_irq+0x27/0x70 [ 40.717556] ? _raw_spin_unlock_irq+0x27/0x70 [ 40.722033] ? lockdep_hardirqs_on+0x421/0x5c0 [ 40.726607] ? kasan_check_write+0x14/0x20 [ 40.730983] ? do_raw_spin_lock+0xc1/0x200 [ 40.735203] ? kvm_irqfd_release+0xdd/0x120 [ 40.739507] ? kvm_irqfd_release+0xdd/0x120 [ 40.743808] ? kvm_put_kvm+0x1060/0x1060 [ 40.747855] kvm_vm_release+0x42/0x50 [ 40.751899] __fput+0x36e/0x8c0 [ 40.755160] ? __alloc_file+0x400/0x400 [ 40.759133] ? check_same_owner+0x340/0x340 [ 40.763436] ? kasan_check_write+0x14/0x20 [ 40.767669] ? do_raw_spin_lock+0xc1/0x200 [ 40.771898] ____fput+0x15/0x20 [ 40.775160] task_work_run+0x1e8/0x2a0 [ 40.779026] ? task_work_cancel+0x240/0x240 [ 40.783335] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.788972] ? switch_task_namespaces+0xa2/0xd0 [ 40.793750] do_exit+0x1ae4/0x26e0 [ 40.797282] ? mm_update_next_owner+0x9a0/0x9a0 [ 40.801935] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 40.806232] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.811233] ? kfree+0x1d7/0x210 [ 40.814579] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 40.818811] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 40.824506] ? is_bpf_text_address+0xd7/0x170 [ 40.828990] ? kernel_text_address+0x79/0xf0 [ 40.833381] ? __kernel_text_address+0xd/0x40 [ 40.837857] ? unwind_get_return_address+0x61/0xa0 [ 40.842765] ? __save_stack_trace+0x8d/0xf0 [ 40.847309] ? save_stack+0xa9/0xd0 [ 40.850931] ? save_stack+0x43/0xd0 [ 40.854553] ? __kasan_slab_free+0x11a/0x170 [ 40.858953] ? kasan_slab_free+0xe/0x10 [ 40.862925] ? putname+0xf2/0x130 [ 40.866364] ? __x64_sys_openat+0x9d/0x100 [ 40.870691] ? do_syscall_64+0x1b9/0x820 [ 40.874752] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.880100] ? trace_hardirqs_off+0xb8/0x2b0 [ 40.884500] ? kasan_check_read+0x11/0x20 [ 40.888626] ? do_raw_spin_unlock+0xa7/0x2f0 [ 40.893120] ? trace_hardirqs_on+0x2c0/0x2c0 [ 40.897513] ? initcall_blacklisted+0x9a/0x1e0 [ 40.902121] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 40.907218] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 40.913067] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.918589] ? do_vfs_ioctl+0x201/0x1720 [ 40.922637] ? rcu_is_watching+0x8c/0x150 [ 40.926765] ? trace_hardirqs_on+0xbd/0x2c0 [ 40.931190] ? ioctl_preallocate+0x300/0x300 [ 40.935621] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.941166] ? __fget_light+0x2f7/0x440 [ 40.945120] ? fget_raw+0x20/0x20 [ 40.948552] ? putname+0xf2/0x130 [ 40.951986] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.956986] ? kmem_cache_free+0x246/0x280 [ 40.961218] ? putname+0xf7/0x130 [ 40.964650] do_group_exit+0x177/0x440 [ 40.968527] ? trace_hardirqs_on+0xbd/0x2c0 [ 40.972834] ? __ia32_sys_exit+0x50/0x50 [ 40.976875] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 40.981977] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.987523] ? ksys_ioctl+0x81/0xd0 [ 40.991132] __x64_sys_exit_group+0x3e/0x50 [ 40.995435] do_syscall_64+0x1b9/0x820 [ 40.999301] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.004776] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.009691] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.014641] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 41.019637] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.024650] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.029770] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.034599] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.039785] RIP: 0033:0x43f028 [ 41.042993] Code: Bad RIP value. [ 41.046346] RSP: 002b:00007ffe6d9beba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 41.054098] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 41.061364] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 41.068611] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 41.075861] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 41.083174] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 41.090429] [ 41.092037] Allocated by task 4370: [ 41.095642] save_stack+0x43/0xd0 [ 41.099075] kasan_kmalloc+0xc4/0xe0 [ 41.102767] kasan_slab_alloc+0x12/0x20 [ 41.106718] kmem_cache_alloc+0x12e/0x710 [ 41.110853] vmx_create_vcpu+0xcf/0x2830 [ 41.114897] kvm_arch_vcpu_create+0xe5/0x220 [ 41.119284] kvm_vm_ioctl+0x488/0x1d80 [ 41.123148] do_vfs_ioctl+0x1de/0x1720 [ 41.127050] ksys_ioctl+0xa9/0xd0 [ 41.130497] __x64_sys_ioctl+0x73/0xb0 [ 41.134375] do_syscall_64+0x1b9/0x820 [ 41.138239] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.143401] [ 41.145032] Freed by task 4370: [ 41.148307] save_stack+0x43/0xd0 [ 41.151749] __kasan_slab_free+0x11a/0x170 [ 41.155960] kasan_slab_free+0xe/0x10 [ 41.159816] kmem_cache_free+0x86/0x280 [ 41.163790] vmx_free_vcpu+0x26b/0x300 [ 41.167658] kvm_arch_destroy_vm+0x365/0x7c0 [ 41.172129] kvm_put_kvm+0x73f/0x1060 [ 41.175916] kvm_vm_release+0x42/0x50 [ 41.179692] __fput+0x36e/0x8c0 [ 41.182946] ____fput+0x15/0x20 [ 41.186228] task_work_run+0x1e8/0x2a0 [ 41.190248] do_exit+0x1ae4/0x26e0 [ 41.193766] do_group_exit+0x177/0x440 [ 41.197673] __x64_sys_exit_group+0x3e/0x50 [ 41.201979] do_syscall_64+0x1b9/0x820 [ 41.205846] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.211015] [ 41.212650] The buggy address belongs to the object at ffff8801c9b98040 [ 41.212650] which belongs to the cache kvm_vcpu of size 23872 [ 41.225265] The buggy address is located 24 bytes inside of [ 41.225265] 23872-byte region [ffff8801c9b98040, ffff8801c9b9dd80) [ 41.237307] The buggy address belongs to the page: [ 41.242221] page:ffffea000726e600 count:1 mapcount:0 mapping:ffff8801d53c1dc0 index:0x0 compound_mapcount: 0 [ 41.252181] flags: 0x2fffc0000008100(slab|head) [ 41.256832] raw: 02fffc0000008100 ffff8801d53b8448 ffff8801d53b8448 ffff8801d53c1dc0 [ 41.264696] raw: 0000000000000000 ffff8801c9b98040 0000000100000001 0000000000000000 [ 41.272554] page dumped because: kasan: bad access detected [ 41.278237] [ 41.279841] Memory state around the buggy address: [ 41.284744] ffff8801c9b97f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.292088] ffff8801c9b97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.299516] >ffff8801c9b98000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 41.306854] ^ [ 41.313065] ffff8801c9b98080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.320483] ffff8801c9b98100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.327822] ================================================================== [ 41.335154] Kernel panic - not syncing: panic_on_warn set ... [ 41.335154] [ 41.342538] CPU: 0 PID: 4370 Comm: syz-executor131 Tainted: G B 4.19.0-rc1+ #213 [ 41.351358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.360694] Call Trace: [ 41.363269] dump_stack+0x1c9/0x2b4 [ 41.366887] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.372066] ? lock_downgrade+0x8f0/0x8f0 [ 41.376196] ? __schedule+0xf54/0x1df0 [ 41.380063] panic+0x238/0x4e7 [ 41.383232] ? add_taint.cold.5+0x16/0x16 [ 41.387361] ? print_shadow_for_address+0xba/0x116 [ 41.392266] ? trace_hardirqs_off+0xaf/0x2b0 [ 41.396651] ? trace_hardirqs_off+0x77/0x2b0 [ 41.401049] ? __schedule+0xf54/0x1df0 [ 41.404935] kasan_end_report+0x47/0x4f [ 41.408915] kasan_report.cold.7+0x76/0x30d [ 41.413221] __asan_report_load8_noabort+0x14/0x20 [ 41.418128] __schedule+0xf54/0x1df0 [ 41.421906] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 41.427000] ? __sched_text_start+0x8/0x8 [ 41.431131] ? __call_srcu+0x7e7/0x1040 [ 41.435107] ? check_same_owner+0x340/0x340 [ 41.439411] ? mark_held_locks+0x160/0x160 [ 41.443624] ? find_held_lock+0x36/0x1c0 [ 41.447678] preempt_schedule_common+0x22/0x60 [ 41.452239] _cond_resched+0x1d/0x30 [ 41.455979] wait_for_completion+0xa5/0x8d0 [ 41.460296] ? wait_for_completion_interruptible+0x950/0x950 [ 41.466072] ? __lockdep_init_map+0x105/0x590 [ 41.470597] ? __init_waitqueue_head+0x9e/0x150 [ 41.475253] ? init_wait_entry+0x1c0/0x1c0 [ 41.479470] __synchronize_srcu+0x189/0x240 [ 41.483776] ? call_srcu+0x10/0x10 [ 41.487300] ? rcu_unexpedite_gp+0x20/0x20 [ 41.491525] synchronize_srcu+0x335/0x56f [ 41.495650] ? lock_downgrade+0x8f0/0x8f0 [ 41.499782] ? synchronize_srcu_expedited+0x20/0x20 [ 41.504895] ? kasan_check_read+0x11/0x20 [ 41.509046] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.513611] ? kasan_check_write+0x14/0x20 [ 41.517828] ? do_raw_spin_lock+0xc1/0x200 [ 41.522110] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.528415] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.533896] ? kvfree+0x61/0x70 [ 41.537165] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.542160] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.546198] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.550592] ? kvm_arch_sync_events+0x30/0x30 [ 41.555201] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.560727] ? mmu_notifier_unregister+0x474/0x600 [ 41.565635] ? trace_hardirqs_on+0x2c0/0x2c0 [ 41.570057] ? kfree+0x111/0x210 [ 41.573420] ? __mmu_notifier_register+0x30/0x30 [ 41.578355] ? __free_pages+0x10a/0x190 [ 41.582309] ? free_unref_page+0x930/0x930 [ 41.586533] kvm_put_kvm+0x73f/0x1060 [ 41.590316] ? kvm_write_guest_cached+0x40/0x40 [ 41.594977] ? _raw_spin_unlock_irq+0x27/0x70 [ 41.599451] ? _raw_spin_unlock_irq+0x27/0x70 [ 41.603932] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.608499] ? kasan_check_write+0x14/0x20 [ 41.612710] ? do_raw_spin_lock+0xc1/0x200 [ 41.616928] ? kvm_irqfd_release+0xdd/0x120 [ 41.621331] ? kvm_irqfd_release+0xdd/0x120 [ 41.625663] ? kvm_put_kvm+0x1060/0x1060 [ 41.629705] kvm_vm_release+0x42/0x50 [ 41.633485] __fput+0x36e/0x8c0 [ 41.636782] ? __alloc_file+0x400/0x400 [ 41.640774] ? check_same_owner+0x340/0x340 [ 41.645088] ? kasan_check_write+0x14/0x20 [ 41.649420] ? do_raw_spin_lock+0xc1/0x200 [ 41.653732] ____fput+0x15/0x20 [ 41.657004] task_work_run+0x1e8/0x2a0 [ 41.660873] ? task_work_cancel+0x240/0x240 [ 41.665178] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.670695] ? switch_task_namespaces+0xa2/0xd0 [ 41.675458] do_exit+0x1ae4/0x26e0 [ 41.679041] ? mm_update_next_owner+0x9a0/0x9a0 [ 41.683701] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 41.687923] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.692919] ? kfree+0x1d7/0x210 [ 41.696265] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 41.700489] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 41.706183] ? is_bpf_text_address+0xd7/0x170 [ 41.710657] ? kernel_text_address+0x79/0xf0 [ 41.715046] ? __kernel_text_address+0xd/0x40 [ 41.719646] ? unwind_get_return_address+0x61/0xa0 [ 41.724599] ? __save_stack_trace+0x8d/0xf0 [ 41.729021] ? save_stack+0xa9/0xd0 [ 41.732670] ? save_stack+0x43/0xd0 [ 41.736285] ? __kasan_slab_free+0x11a/0x170 [ 41.740682] ? kasan_slab_free+0xe/0x10 [ 41.744639] ? putname+0xf2/0x130 [ 41.748074] ? __x64_sys_openat+0x9d/0x100 [ 41.752411] ? do_syscall_64+0x1b9/0x820 [ 41.756455] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.761804] ? trace_hardirqs_off+0xb8/0x2b0 [ 41.766193] ? kasan_check_read+0x11/0x20 [ 41.770317] ? do_raw_spin_unlock+0xa7/0x2f0 [ 41.774713] ? trace_hardirqs_on+0x2c0/0x2c0 [ 41.779103] ? initcall_blacklisted+0x9a/0x1e0 [ 41.783734] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 41.788955] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 41.794649] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.800162] ? do_vfs_ioctl+0x201/0x1720 [ 41.804201] ? rcu_is_watching+0x8c/0x150 [ 41.808329] ? trace_hardirqs_on+0xbd/0x2c0 [ 41.812641] ? ioctl_preallocate+0x300/0x300 [ 41.817029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.822544] ? __fget_light+0x2f7/0x440 [ 41.826603] ? fget_raw+0x20/0x20 [ 41.830036] ? putname+0xf2/0x130 [ 41.833470] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.838462] ? kmem_cache_free+0x246/0x280 [ 41.842675] ? putname+0xf7/0x130 [ 41.846163] do_group_exit+0x177/0x440 [ 41.850037] ? trace_hardirqs_on+0xbd/0x2c0 [ 41.854377] ? __ia32_sys_exit+0x50/0x50 [ 41.858427] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 41.863530] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.869165] ? ksys_ioctl+0x81/0xd0 [ 41.872778] __x64_sys_exit_group+0x3e/0x50 [ 41.877079] do_syscall_64+0x1b9/0x820 [ 41.880953] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.886304] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.891225] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.896048] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 41.901043] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.906038] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.911035] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.915864] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.921040] RIP: 0033:0x43f028 [ 41.924218] Code: Bad RIP value. [ 41.927654] RSP: 002b:00007ffe6d9beba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 41.935488] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 41.942754] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 41.950004] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 41.957250] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 41.964570] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 41.971831] [ 41.971835] ====================================================== [ 41.971838] WARNING: possible circular locking dependency detected [ 41.971840] 4.19.0-rc1+ #213 Not tainted [ 41.971843] ------------------------------------------------------ [ 41.971846] syz-executor131/4370 is trying to acquire lock: [ 41.971848] 00000000b30ae355 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 41.971856] [ 41.971859] but task is already holding lock: [ 41.971860] 0000000009e3ba7b (report_lock){....}, at: kasan_report+0x8e/0x110 [ 41.971868] [ 41.971871] which lock already depends on the new lock. [ 41.971872] [ 41.971873] [ 41.971876] the existing dependency chain (in reverse order) is: [ 41.971877] [ 41.971879] -> #3 (report_lock){....}: [ 41.971887] _raw_spin_lock_irqsave+0x96/0xc0 [ 41.971889] kasan_report+0x8e/0x110 [ 41.971892] __asan_report_load8_noabort+0x14/0x20 [ 41.971894] __schedule+0xf54/0x1df0 [ 41.971896] preempt_schedule_common+0x22/0x60 [ 41.971899] _cond_resched+0x1d/0x30 [ 41.971901] wait_for_completion+0xa5/0x8d0 [ 41.971904] __synchronize_srcu+0x189/0x240 [ 41.971906] synchronize_srcu+0x335/0x56f [ 41.971909] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.971911] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.971913] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.971916] kvm_put_kvm+0x73f/0x1060 [ 41.971918] kvm_vm_release+0x42/0x50 [ 41.971920] __fput+0x36e/0x8c0 [ 41.971922] ____fput+0x15/0x20 [ 41.971924] task_work_run+0x1e8/0x2a0 [ 41.971926] do_exit+0x1ae4/0x26e0 [ 41.971928] do_group_exit+0x177/0x440 [ 41.971931] __x64_sys_exit_group+0x3e/0x50 [ 41.971933] do_syscall_64+0x1b9/0x820 [ 41.971936] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.971937] [ 41.971938] -> #2 (&rq->lock){-.-.}: [ 41.971945] _raw_spin_lock+0x2a/0x40 [ 41.971948] task_fork_fair+0x93/0x680 [ 41.971950] sched_fork+0x44b/0xbd0 [ 41.971952] copy_process+0x235e/0x7ad0 [ 41.971954] _do_fork+0x1ca/0x1170 [ 41.971956] kernel_thread+0x34/0x40 [ 41.971958] rest_init+0x22/0xe4 [ 41.971960] start_kernel+0x913/0x94e [ 41.971963] x86_64_start_reservations+0x29/0x2b [ 41.971965] x86_64_start_kernel+0x76/0x79 [ 41.971968] secondary_startup_64+0xa4/0xb0 [ 41.971969] [ 41.971970] -> #1 (&p->pi_lock){-.-.}: [ 41.971978] _raw_spin_lock_irqsave+0x96/0xc0 [ 41.971980] try_to_wake_up+0xd2/0x1250 [ 41.971982] wake_up_process+0x10/0x20 [ 41.971984] __up.isra.1+0x1c0/0x2a0 [ 41.971986] up+0x13c/0x1c0 [ 41.971988] __up_console_sem+0xbe/0x1b0 [ 41.971991] console_unlock+0x506/0x10d0 [ 41.971993] do_con_write+0x1375/0x23d0 [ 41.971995] con_write+0x25/0xc0 [ 41.971997] n_tty_write+0x6c1/0x11a0 [ 41.971999] tty_write+0x3f1/0x880 [ 41.972001] __vfs_write+0x117/0x9d0 [ 41.972003] vfs_write+0x1fc/0x560 [ 41.972005] ksys_write+0x101/0x260 [ 41.972008] __x64_sys_write+0x73/0xb0 [ 41.972010] do_syscall_64+0x1b9/0x820 [ 41.972013] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.972014] [ 41.972015] -> #0 ((console_sem).lock){-...}: [ 41.972023] lock_acquire+0x1e4/0x4f0 [ 41.972025] _raw_spin_lock_irqsave+0x96/0xc0 [ 41.972027] down_trylock+0x13/0x70 [ 41.972030] __down_trylock_console_sem+0xae/0x200 [ 41.972032] console_trylock+0x15/0xa0 [ 41.972034] vprintk_emit+0x31f/0x910 [ 41.972037] vprintk_default+0x28/0x30 [ 41.972039] vprintk_func+0x7a/0x117 [ 41.972041] printk+0xa7/0xcf [ 41.972043] kasan_report+0x9e/0x110 [ 41.972045] __asan_report_load8_noabort+0x14/0x20 [ 41.972048] __schedule+0xf54/0x1df0 [ 41.972050] preempt_schedule_common+0x22/0x60 [ 41.972053] _cond_resched+0x1d/0x30 [ 41.972057] wait_for_completion+0xa5/0x8d0 [ 41.972060] __synchronize_srcu+0x189/0x240 [ 41.972063] synchronize_srcu+0x335/0x56f [ 41.972066] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.972068] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.972071] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.972073] kvm_put_kvm+0x73f/0x1060 [ 41.972075] kvm_vm_release+0x42/0x50 [ 41.972077] __fput+0x36e/0x8c0 [ 41.972079] ____fput+0x15/0x20 [ 41.972081] task_work_run+0x1e8/0x2a0 [ 41.972083] do_exit+0x1ae4/0x26e0 [ 41.972086] do_group_exit+0x177/0x440 [ 41.972088] __x64_sys_exit_group+0x3e/0x50 [ 41.972091] do_syscall_64+0x1b9/0x820 [ 41.972093] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.972095] [ 41.972097] other info that might help us debug this: [ 41.972098] [ 41.972100] Chain exists of: [ 41.972101] (console_sem).lock --> &rq->lock --> report_lock [ 41.972111] [ 41.972113] Possible unsafe locking scenario: [ 41.972114] [ 41.972117] CPU0 CPU1 [ 41.972119] ---- ---- [ 41.972120] lock(report_lock); [ 41.972126] lock(&rq->lock); [ 41.972131] lock(report_lock); [ 41.972135] lock((console_sem).lock); [ 41.972139] [ 41.972141] *** DEADLOCK *** [ 41.972142] [ 41.972144] 2 locks held by syz-executor131/4370: [ 41.972146] #0: 0000000055c90377 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 41.972155] #1: 0000000009e3ba7b (report_lock){....}, at: kasan_report+0x8e/0x110 [ 41.972164] [ 41.972165] stack backtrace: [ 41.972169] CPU: 0 PID: 4370 Comm: syz-executor131 Not tainted 4.19.0-rc1+ #213 [ 41.972173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.972175] Call Trace: [ 41.972177] dump_stack+0x1c9/0x2b4 [ 41.972180] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.972182] ? vprintk_func+0x100/0x117 [ 41.972185] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 41.972188] ? save_trace+0xe0/0x290 [ 41.972191] __lock_acquire+0x3449/0x5020 [ 41.972193] ? mark_held_locks+0x160/0x160 [ 41.972195] ? mark_held_locks+0x160/0x160 [ 41.972198] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 41.972200] ? is_bpf_text_address+0xd7/0x170 [ 41.972202] ? kernel_text_address+0x79/0xf0 [ 41.972205] ? __kernel_text_address+0xd/0x40 [ 41.972207] ? __save_stack_trace+0x8d/0xf0 [ 41.972210] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 41.972212] ? save_trace+0x290/0x290 [ 41.972214] ? save_stack_trace+0x1a/0x20 [ 41.972216] ? save_trace+0xe0/0x290 [ 41.972218] ? graph_lock+0x170/0x170 [ 41.972221] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.972223] lock_acquire+0x1e4/0x4f0 [ 41.972225] ? down_trylock+0x13/0x70 [ 41.972227] ? lock_release+0x9f0/0x9f0 [ 41.972230] ? trace_hardirqs_off+0xb8/0x2b0 [ 41.972232] ? trace_hardirqs_on+0x2c0/0x2c0 [ 41.972234] ? trace_hardirqs_off+0xb8/0x2b0 [ 41.972236] ? log_store+0x34f/0x4c0 [ 41.972239] ? vprintk_emit+0x31f/0x910 [ 41.972241] _raw_spin_lock_irqsave+0x96/0xc0 [ 41.972243] ? down_trylock+0x13/0x70 [ 41.972245] down_trylock+0x13/0x70 [ 41.972248] __down_trylock_console_sem+0xae/0x200 [ 41.972250] console_trylock+0x15/0xa0 [ 41.972252] vprintk_emit+0x31f/0x910 [ 41.972254] ? wake_up_klogd+0x110/0x110 [ 41.972257] ? run_rebalance_domains+0x4c0/0x4c0 [ 41.972259] ? kasan_check_read+0x11/0x20 [ 41.972261] ? rcu_is_watching+0x8c/0x150 [ 41.972264] ? rcu_pm_notify+0xc0/0xc0 [ 41.972266] ? lock_acquire+0x1e4/0x4f0 [ 41.972268] ? kasan_report+0x8e/0x110 [ 41.972270] ? __schedule+0xf54/0x1df0 [ 41.972272] vprintk_default+0x28/0x30 [ 41.972275] vprintk_func+0x7a/0x117 [ 41.972276] printk+0xa7/0xcf [ 41.972279] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 41.972281] ? kasan_check_write+0x14/0x20 [ 41.972284] ? do_raw_spin_lock+0xc1/0x200 [ 41.972286] ? do_raw_spin_lock+0xc1/0x200 [ 41.972288] kasan_report+0x9e/0x110 [ 41.972291] __asan_report_load8_noabort+0x14/0x20 [ 41.972293] __schedule+0xf54/0x1df0 [ 41.972295] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 41.972298] ? __sched_text_start+0x8/0x8 [ 41.972300] ? __call_srcu+0x7e7/0x1040 [ 41.972302] ? check_same_owner+0x340/0x340 [ 41.972305] ? mark_held_locks+0x160/0x160 [ 41.972307] ? find_held_lock+0x36/0x1c0 [ 41.972309] preempt_schedule_common+0x22/0x60 [ 41.972311] _cond_resched+0x1d/0x30 [ 41.972314] wait_for_completion+0xa5/0x8d0 [ 41.972317] ? wait_for_completion_interruptible+0x950/0x950 [ 41.972320] ? __lockdep_init_map+0x105/0x590 [ 41.972330] ? __init_waitqueue_head+0x9e/0x150 [ 41.972332] ? init_wait_entry+0x1c0/0x1c0 [ 41.972335] __synchronize_srcu+0x189/0x240 [ 41.972337] ? call_srcu+0x10/0x10 [ 41.972339] ? rcu_unexpedite_gp+0x20/0x20 [ 41.972342] synchronize_srcu+0x335/0x56f [ 41.972344] ? lock_downgrade+0x8f0/0x8f0 [ 41.972347] ? synchronize_srcu_expedited+0x20/0x20 [ 41.972349] ? kasan_check_read+0x11/0x20 [ 41.972352] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.972354] ? kasan_check_write+0x14/0x20 [ 41.972356] ? do_raw_spin_lock+0xc1/0x200 [ 41.972359] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.972362] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.972364] ? kvfree+0x61/0x70 [ 41.972367] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.972369] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.972371] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.972374] ? kvm_arch_sync_events+0x30/0x30 [ 41.972377] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.972379] ? mmu_notifier_unregister+0x474/0x600 [ 41.972382] ? trace_hardirqs_on+0x2c0/0x2c0 [ 41.972384] ? kfree+0x111/0x210 [ 41.972386] ? __mmu_notifier_register+0x30/0x30 [ 41.972388] ? __free_pages+0x10a/0x190 [ 41.972391] ? free_unref_page+0x930/0x930 [ 41.972393] kvm_put_kvm+0x73f/0x1060 [ 41.972395] ? kvm_write_guest_cached+0x40/0x40 [ 41.972398] ? _raw_spin_unlock_irq+0x27/0x70 [ 41.972400] ? _raw_spin_unlock_irq+0x27/0x70 [ 41.972402] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.972405] ? kasan_check_write+0x14/0x20 [ 41.972407] ? do_raw_spin_lock+0xc1/0x200 [ 41.972409] ? kvm_irqfd_release+0xdd/0x120 [ 41.972412] ? kvm_irqfd_release+0xdd/0x120 [ 41.972414] ? kvm_put_kvm+0x1060/0x1060 [ 41.972416] kvm_vm_release+0x42/0x50 [ 41.972418] __fput+0x36e/0x8c0 [ 41.972420] ? __alloc_file+0x400/0x400 [ 41.972423] ? check_same_owner+0x340/0x340 [ 41.972425] ? kasan_check_write+0x14/0x20 [ 41.972427] ? do_raw_spin_lock+0xc1/0x200 [ 41.972429] ____fput+0x15/0x20 [ 41.972431] task_work_run+0x1e8/0x2a0 [ 41.972434] ? task_work_cancel+0x240/0x240 [ 41.972436] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.972439] ? switch_task_namespaces+0xa2/0xd0 [ 41.972441] do_exit+0x1ae4/0x26e0 [ 41.972443] ? mm_update_next_owner+0x9a0/0x9a0 [ 41.972446] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 41.972448] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.972450] ? kfree+0x1d7/0x210 [ 41.972453] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 41.972455] ? kvm_uevent_notify_change.part.32+0x440/0x [ 41.972460] Lost 57 message(s)! [ 43.059667] Shutting down cpus with NMI [ 44.117008] Dumping ftrace buffer: [ 44.120532] (ftrace buffer empty) [ 44.124221] Kernel Offset: disabled [ 44.127829] Rebooting in 86400 seconds..