[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.309132] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.272241] random: sshd: uninitialized urandom read (32 bytes read) [ 27.555450] random: sshd: uninitialized urandom read (32 bytes read) [ 28.089763] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts. [ 33.961268] urandom_read: 1 callbacks suppressed [ 33.961274] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.063381] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.088543] ================================================================== [ 34.098455] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 34.104682] Read of size 8 at addr ffff8801d9bc8058 by task syz-executor523/4633 [ 34.112201] [ 34.113826] CPU: 1 PID: 4633 Comm: syz-executor523 Not tainted 4.19.0-rc1+ #217 [ 34.121261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.130607] Call Trace: [ 34.133197] dump_stack+0x1c9/0x2b4 [ 34.136822] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.142009] ? printk+0xa7/0xcf [ 34.145284] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.150039] ? __schedule+0xf54/0x1df0 [ 34.153922] print_address_description+0x6c/0x20b [ 34.158765] ? __schedule+0xf54/0x1df0 [ 34.162650] kasan_report.cold.7+0x242/0x30d [ 34.167055] __asan_report_load8_noabort+0x14/0x20 [ 34.171984] __schedule+0xf54/0x1df0 [ 34.175693] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.180794] ? __sched_text_start+0x8/0x8 [ 34.184938] ? __call_srcu+0x7e7/0x1040 [ 34.188922] ? check_same_owner+0x340/0x340 [ 34.193244] ? mark_held_locks+0x160/0x160 [ 34.197475] ? find_held_lock+0x36/0x1c0 [ 34.201536] preempt_schedule_common+0x22/0x60 [ 34.206116] _cond_resched+0x1d/0x30 [ 34.209829] wait_for_completion+0xa5/0x8d0 [ 34.214152] ? wait_for_completion_interruptible+0x950/0x950 [ 34.219948] ? __lockdep_init_map+0x105/0x590 [ 34.224455] ? __init_waitqueue_head+0x9e/0x150 [ 34.229122] ? init_wait_entry+0x1c0/0x1c0 [ 34.233358] __synchronize_srcu+0x189/0x240 [ 34.237676] ? call_srcu+0x10/0x10 [ 34.241218] ? rcu_unexpedite_gp+0x20/0x20 [ 34.245454] synchronize_srcu+0x335/0x56f [ 34.249597] ? lock_downgrade+0x8f0/0x8f0 [ 34.253750] ? synchronize_srcu_expedited+0x20/0x20 [ 34.258773] ? kasan_check_read+0x11/0x20 [ 34.262917] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.267497] ? kasan_check_write+0x14/0x20 [ 34.271724] ? do_raw_spin_lock+0xc1/0x200 [ 34.275962] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.281668] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.287112] ? kvfree+0x61/0x70 [ 34.290389] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.295406] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.299476] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.303882] ? kvm_arch_sync_events+0x30/0x30 [ 34.308377] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.314182] ? mmu_notifier_unregister+0x474/0x600 [ 34.319108] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.323510] ? kfree+0x111/0x210 [ 34.326874] ? __mmu_notifier_register+0x30/0x30 [ 34.331629] ? __free_pages+0x10a/0x190 [ 34.335606] ? free_unref_page+0x930/0x930 [ 34.339849] kvm_put_kvm+0x73f/0x1060 [ 34.343656] ? kvm_write_guest_cached+0x40/0x40 [ 34.348327] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.352815] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.357311] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.361896] ? kasan_check_write+0x14/0x20 [ 34.366129] ? do_raw_spin_lock+0xc1/0x200 [ 34.370364] ? kvm_irqfd_release+0xdd/0x120 [ 34.374682] ? kvm_irqfd_release+0xdd/0x120 [ 34.379001] ? kvm_put_kvm+0x1060/0x1060 [ 34.383059] kvm_vm_release+0x42/0x50 [ 34.386860] __fput+0x38a/0xa40 [ 34.390135] ? __alloc_file+0x400/0x400 [ 34.394115] ? check_same_owner+0x340/0x340 [ 34.398458] ? kasan_check_write+0x14/0x20 [ 34.402696] ? do_raw_spin_lock+0xc1/0x200 [ 34.406932] ____fput+0x15/0x20 [ 34.410212] task_work_run+0x1e8/0x2a0 [ 34.414094] ? task_work_cancel+0x240/0x240 [ 34.418435] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.423988] ? switch_task_namespaces+0xa2/0xd0 [ 34.428661] do_exit+0x1ae4/0x26e0 [ 34.432206] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.436880] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.441126] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.446604] ? kfree+0x1d7/0x210 [ 34.449972] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.454207] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.459917] ? is_bpf_text_address+0xd7/0x170 [ 34.464412] ? kernel_text_address+0x79/0xf0 [ 34.468826] ? __kernel_text_address+0xd/0x40 [ 34.473318] ? unwind_get_return_address+0x61/0xa0 [ 34.478248] ? __save_stack_trace+0x8d/0xf0 [ 34.482571] ? save_stack+0xa9/0xd0 [ 34.486192] ? save_stack+0x43/0xd0 [ 34.489813] ? __kasan_slab_free+0x11a/0x170 [ 34.494217] ? kasan_slab_free+0xe/0x10 [ 34.498184] ? putname+0xf2/0x130 [ 34.501638] ? __x64_sys_openat+0x9d/0x100 [ 34.505869] ? do_syscall_64+0x1b9/0x820 [ 34.509928] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.515301] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.519712] ? kasan_check_read+0x11/0x20 [ 34.523860] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.528266] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.532679] ? initcall_blacklisted+0x9a/0x1e0 [ 34.537261] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.542364] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.548078] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.553611] ? do_vfs_ioctl+0x201/0x1720 [ 34.557692] ? rcu_is_watching+0x8c/0x150 [ 34.561837] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.566158] ? ioctl_preallocate+0x300/0x300 [ 34.570565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.576100] ? __fget_light+0x2f7/0x440 [ 34.580073] ? fget_raw+0x20/0x20 [ 34.583522] ? putname+0xf2/0x130 [ 34.586975] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.591999] ? kmem_cache_free+0x246/0x280 [ 34.596234] ? putname+0xf7/0x130 [ 34.599692] do_group_exit+0x177/0x440 [ 34.603582] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.607903] ? __ia32_sys_exit+0x50/0x50 [ 34.611966] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.617074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.622614] ? ksys_ioctl+0x81/0xd0 [ 34.626244] __x64_sys_exit_group+0x3e/0x50 [ 34.630598] do_syscall_64+0x1b9/0x820 [ 34.634485] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.639854] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.644784] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.649624] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.654638] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.659654] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.664511] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.669694] RIP: 0033:0x43ef08 [ 34.672884] Code: Bad RIP value. [ 34.676239] RSP: 002b:00007fff9d827008 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.683960] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 34.691227] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.698490] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.705757] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.713021] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.720289] [ 34.721908] Allocated by task 4633: [ 34.725537] save_stack+0x43/0xd0 [ 34.728988] kasan_kmalloc+0xc4/0xe0 [ 34.732696] kasan_slab_alloc+0x12/0x20 [ 34.736665] kmem_cache_alloc+0x12e/0x710 [ 34.740808] vmx_create_vcpu+0xcf/0x2830 [ 34.744860] kvm_arch_vcpu_create+0xe5/0x220 [ 34.749263] kvm_vm_ioctl+0x488/0x1d80 [ 34.753144] do_vfs_ioctl+0x1de/0x1720 [ 34.757024] ksys_ioctl+0xa9/0xd0 [ 34.760473] __x64_sys_ioctl+0x73/0xb0 [ 34.764359] do_syscall_64+0x1b9/0x820 [ 34.768244] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.773427] [ 34.775043] Freed by task 4633: [ 34.778314] save_stack+0x43/0xd0 [ 34.781764] __kasan_slab_free+0x11a/0x170 [ 34.785993] kasan_slab_free+0xe/0x10 [ 34.789783] kmem_cache_free+0x86/0x280 [ 34.793752] vmx_free_vcpu+0x26b/0x300 [ 34.797635] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.802037] kvm_put_kvm+0x73f/0x1060 [ 34.805832] kvm_vm_release+0x42/0x50 [ 34.809628] __fput+0x38a/0xa40 [ 34.812900] ____fput+0x15/0x20 [ 34.816183] task_work_run+0x1e8/0x2a0 [ 34.820063] do_exit+0x1ae4/0x26e0 [ 34.823623] do_group_exit+0x177/0x440 [ 34.827503] __x64_sys_exit_group+0x3e/0x50 [ 34.831851] do_syscall_64+0x1b9/0x820 [ 34.835741] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.840917] [ 34.842537] The buggy address belongs to the object at ffff8801d9bc8040 [ 34.842537] which belongs to the cache kvm_vcpu of size 23872 [ 34.855104] The buggy address is located 24 bytes inside of [ 34.855104] 23872-byte region [ffff8801d9bc8040, ffff8801d9bcdd80) [ 34.867058] The buggy address belongs to the page: [ 34.871983] page:ffffea000766f200 count:1 mapcount:0 mapping:ffff8801d5241b40 index:0x0 compound_mapcount: 0 [ 34.881947] flags: 0x2fffc0000008100(slab|head) [ 34.886619] raw: 02fffc0000008100 ffff8801d5239748 ffff8801d5239748 ffff8801d5241b40 [ 34.894499] raw: 0000000000000000 ffff8801d9bc8040 0000000100000001 0000000000000000 [ 34.902364] page dumped because: kasan: bad access detected [ 34.908064] [ 34.909678] Memory state around the buggy address: [ 34.914600] ffff8801d9bc7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.921956] ffff8801d9bc7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.929312] >ffff8801d9bc8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.936659] ^ [ 34.942883] ffff8801d9bc8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.950242] ffff8801d9bc8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.957590] ================================================================== [ 34.964940] Kernel panic - not syncing: panic_on_warn set ... [ 34.964940] [ 34.972317] CPU: 1 PID: 4633 Comm: syz-executor523 Tainted: G B 4.19.0-rc1+ #217 [ 34.981151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.990502] Call Trace: [ 34.993097] dump_stack+0x1c9/0x2b4 [ 34.996779] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.001977] ? lock_downgrade+0x8f0/0x8f0 [ 35.006123] ? __schedule+0xf54/0x1df0 [ 35.010006] panic+0x238/0x4e7 [ 35.013192] ? add_taint.cold.5+0x16/0x16 [ 35.017341] ? print_shadow_for_address+0xba/0x116 [ 35.022277] ? trace_hardirqs_off+0xaf/0x2b0 [ 35.026680] ? trace_hardirqs_off+0x77/0x2b0 [ 35.031084] ? __schedule+0xf54/0x1df0 [ 35.034972] kasan_end_report+0x47/0x4f [ 35.038944] kasan_report.cold.7+0x76/0x30d [ 35.043268] __asan_report_load8_noabort+0x14/0x20 [ 35.048195] __schedule+0xf54/0x1df0 [ 35.051906] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.057006] ? __sched_text_start+0x8/0x8 [ 35.061152] ? __call_srcu+0x7e7/0x1040 [ 35.065129] ? check_same_owner+0x340/0x340 [ 35.069446] ? mark_held_locks+0x160/0x160 [ 35.073675] ? find_held_lock+0x36/0x1c0 [ 35.077740] preempt_schedule_common+0x22/0x60 [ 35.082321] _cond_resched+0x1d/0x30 [ 35.086034] wait_for_completion+0xa5/0x8d0 [ 35.090356] ? wait_for_completion_interruptible+0x950/0x950 [ 35.096148] ? __lockdep_init_map+0x105/0x590 [ 35.100640] ? __init_waitqueue_head+0x9e/0x150 [ 35.105303] ? init_wait_entry+0x1c0/0x1c0 [ 35.109540] __synchronize_srcu+0x189/0x240 [ 35.113858] ? call_srcu+0x10/0x10 [ 35.117396] ? rcu_unexpedite_gp+0x20/0x20 [ 35.121641] synchronize_srcu+0x335/0x56f [ 35.125784] ? lock_downgrade+0x8f0/0x8f0 [ 35.129928] ? synchronize_srcu_expedited+0x20/0x20 [ 35.134947] ? kasan_check_read+0x11/0x20 [ 35.139102] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.143685] ? kasan_check_write+0x14/0x20 [ 35.147914] ? do_raw_spin_lock+0xc1/0x200 [ 35.152151] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.157856] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.163303] ? kvfree+0x61/0x70 [ 35.166580] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.171593] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.175649] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.180054] ? kvm_arch_sync_events+0x30/0x30 [ 35.184550] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.190085] ? mmu_notifier_unregister+0x474/0x600 [ 35.195005] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.199406] ? kfree+0x111/0x210 [ 35.202792] ? __mmu_notifier_register+0x30/0x30 [ 35.207553] ? __free_pages+0x10a/0x190 [ 35.211528] ? free_unref_page+0x930/0x930 [ 35.215773] kvm_put_kvm+0x73f/0x1060 [ 35.219577] ? kvm_write_guest_cached+0x40/0x40 [ 35.224246] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.228733] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.233227] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.237809] ? kasan_check_write+0x14/0x20 [ 35.242039] ? do_raw_spin_lock+0xc1/0x200 [ 35.246275] ? kvm_irqfd_release+0xdd/0x120 [ 35.250608] ? kvm_irqfd_release+0xdd/0x120 [ 35.254932] ? kvm_put_kvm+0x1060/0x1060 [ 35.258993] kvm_vm_release+0x42/0x50 [ 35.262789] __fput+0x38a/0xa40 [ 35.266066] ? __alloc_file+0x400/0x400 [ 35.270039] ? check_same_owner+0x340/0x340 [ 35.274355] ? kasan_check_write+0x14/0x20 [ 35.278597] ? do_raw_spin_lock+0xc1/0x200 [ 35.282831] ____fput+0x15/0x20 [ 35.286119] task_work_run+0x1e8/0x2a0 [ 35.290001] ? task_work_cancel+0x240/0x240 [ 35.294325] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.299864] ? switch_task_namespaces+0xa2/0xd0 [ 35.304532] do_exit+0x1ae4/0x26e0 [ 35.308072] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.312749] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.316988] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.321996] ? kfree+0x1d7/0x210 [ 35.325362] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.329599] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.335312] ? is_bpf_text_address+0xd7/0x170 [ 35.339810] ? kernel_text_address+0x79/0xf0 [ 35.344214] ? __kernel_text_address+0xd/0x40 [ 35.348710] ? unwind_get_return_address+0x61/0xa0 [ 35.353636] ? __save_stack_trace+0x8d/0xf0 [ 35.357967] ? save_stack+0xa9/0xd0 [ 35.361598] ? save_stack+0x43/0xd0 [ 35.365219] ? __kasan_slab_free+0x11a/0x170 [ 35.369624] ? kasan_slab_free+0xe/0x10 [ 35.373593] ? putname+0xf2/0x130 [ 35.377042] ? __x64_sys_openat+0x9d/0x100 [ 35.381280] ? do_syscall_64+0x1b9/0x820 [ 35.385334] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.390700] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.395100] ? kasan_check_read+0x11/0x20 [ 35.399246] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.403647] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.408052] ? initcall_blacklisted+0x9a/0x1e0 [ 35.412631] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.417734] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.423463] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.429009] ? do_vfs_ioctl+0x201/0x1720 [ 35.433070] ? rcu_is_watching+0x8c/0x150 [ 35.437221] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.442005] ? ioctl_preallocate+0x300/0x300 [ 35.446414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.451959] ? __fget_light+0x2f7/0x440 [ 35.455930] ? fget_raw+0x20/0x20 [ 35.459389] ? putname+0xf2/0x130 [ 35.462848] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.467858] ? kmem_cache_free+0x246/0x280 [ 35.472089] ? putname+0xf7/0x130 [ 35.475540] do_group_exit+0x177/0x440 [ 35.479432] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.483751] ? __ia32_sys_exit+0x50/0x50 [ 35.487805] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.492907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.498444] ? ksys_ioctl+0x81/0xd0 [ 35.502070] __x64_sys_exit_group+0x3e/0x50 [ 35.506388] do_syscall_64+0x1b9/0x820 [ 35.510281] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.515641] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.520564] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.525405] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.530435] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.535451] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.540296] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.545478] RIP: 0033:0x43ef08 [ 35.548670] Code: Bad RIP value. [ 35.552023] RSP: 002b:00007fff9d827008 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.559741] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 35.567005] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.574266] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.581533] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.588794] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.596068] [ 35.596073] ====================================================== [ 35.596079] WARNING: possible circular locking dependency detected [ 35.596082] 4.19.0-rc1+ #217 Not tainted [ 35.596088] ------------------------------------------------------ [ 35.596093] syz-executor523/4633 is trying to acquire lock: [ 35.596096] 00000000245b6952 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 35.596111] [ 35.596116] but task is already holding lock: [ 35.596119] 00000000b211240f (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.596133] [ 35.596138] which lock already depends on the new lock. [ 35.596140] [ 35.596142] [ 35.596147] the existing dependency chain (in reverse order) is: [ 35.596150] [ 35.596152] -> #3 (report_lock){....}: [ 35.596167] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.596170] kasan_report+0x8e/0x110 [ 35.596175] __asan_report_load8_noabort+0x14/0x20 [ 35.596179] __schedule+0xf54/0x1df0 [ 35.596183] preempt_schedule_common+0x22/0x60 [ 35.596187] _cond_resched+0x1d/0x30 [ 35.596191] wait_for_completion+0xa5/0x8d0 [ 35.596195] __synchronize_srcu+0x189/0x240 [ 35.596200] synchronize_srcu+0x335/0x56f [ 35.596205] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.596209] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.596213] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.596217] kvm_put_kvm+0x73f/0x1060 [ 35.596221] kvm_vm_release+0x42/0x50 [ 35.596224] __fput+0x38a/0xa40 [ 35.596228] ____fput+0x15/0x20 [ 35.596232] task_work_run+0x1e8/0x2a0 [ 35.596235] do_exit+0x1ae4/0x26e0 [ 35.596239] do_group_exit+0x177/0x440 [ 35.596244] __x64_sys_exit_group+0x3e/0x50 [ 35.596247] do_syscall_64+0x1b9/0x820 [ 35.596252] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.596254] [ 35.596257] -> #2 (&rq->lock){-.-.}: [ 35.596271] _raw_spin_lock+0x2a/0x40 [ 35.596275] task_fork_fair+0x93/0x680 [ 35.596278] sched_fork+0x44b/0xbd0 [ 35.596282] copy_process+0x235e/0x7ad0 [ 35.596286] _do_fork+0x1ca/0x1170 [ 35.596290] kernel_thread+0x34/0x40 [ 35.596293] rest_init+0x22/0xe4 [ 35.596297] start_kernel+0x913/0x94e [ 35.596302] x86_64_start_reservations+0x29/0x2b [ 35.596306] x86_64_start_kernel+0x76/0x79 [ 35.596310] secondary_startup_64+0xa4/0xb0 [ 35.596312] [ 35.596315] -> #1 (&p->pi_lock){-.-.}: [ 35.596329] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.596333] try_to_wake_up+0xd2/0x1250 [ 35.596337] wake_up_process+0x10/0x20 [ 35.596341] __up.isra.1+0x1c0/0x2a0 [ 35.596344] up+0x13c/0x1c0 [ 35.596348] __up_console_sem+0xbe/0x1b0 [ 35.596352] console_unlock+0x506/0x10d0 [ 35.596356] vprintk_emit+0x33a/0x910 [ 35.596360] vprintk_default+0x28/0x30 [ 35.596364] vprintk_func+0x7a/0x117 [ 35.596368] printk+0xa7/0xcf [ 35.596371] load_umh+0x51/0xbd [ 35.596375] do_one_initcall+0x127/0x838 [ 35.596379] kernel_init_freeable+0x4bb/0x5ae [ 35.596383] kernel_init+0x11/0x1b3 [ 35.596387] ret_from_fork+0x3a/0x50 [ 35.596389] [ 35.596391] -> #0 ((console_sem).lock){-...}: [ 35.596406] lock_acquire+0x1e4/0x4f0 [ 35.596411] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.596414] down_trylock+0x13/0x70 [ 35.596427] __down_trylock_console_sem+0xae/0x200 [ 35.596431] console_trylock+0x15/0xa0 [ 35.596435] vprintk_emit+0x31f/0x910 [ 35.596439] vprintk_default+0x28/0x30 [ 35.596443] vprintk_func+0x7a/0x117 [ 35.596446] printk+0xa7/0xcf [ 35.596450] kasan_report+0x9e/0x110 [ 35.596456] __asan_report_load8_noabort+0x14/0x20 [ 35.596459] __schedule+0xf54/0x1df0 [ 35.596464] preempt_schedule_common+0x22/0x60 [ 35.596468] _cond_resched+0x1d/0x30 [ 35.596472] wait_for_completion+0xa5/0x8d0 [ 35.596476] __synchronize_srcu+0x189/0x240 [ 35.596480] synchronize_srcu+0x335/0x56f [ 35.596485] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.596489] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.596493] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.596497] kvm_put_kvm+0x73f/0x1060 [ 35.596501] kvm_vm_release+0x42/0x50 [ 35.596505] __fput+0x38a/0xa40 [ 35.596508] ____fput+0x15/0x20 [ 35.596512] task_work_run+0x1e8/0x2a0 [ 35.596516] do_exit+0x1ae4/0x26e0 [ 35.596520] do_group_exit+0x177/0x440 [ 35.596524] __x64_sys_exit_group+0x3e/0x50 [ 35.596528] do_syscall_64+0x1b9/0x820 [ 35.596533] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.596535] [ 35.596540] other info that might help us debug this: [ 35.596542] [ 35.596545] Chain exists of: [ 35.596547] (console_sem).lock --> &rq->lock --> report_lock [ 35.596566] [ 35.596570] Possible unsafe locking scenario: [ 35.596572] [ 35.596576] CPU0 CPU1 [ 35.596580] ---- ---- [ 35.596583] lock(report_lock); [ 35.596592] lock(&rq->lock); [ 35.596601] lock(report_lock); [ 35.596609] lock((console_sem).lock); [ 35.596618] [ 35.596621] *** DEADLOCK *** [ 35.596623] [ 35.596627] 2 locks held by syz-executor523/4633: [ 35.596629] #0: 000000009a6de67c (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 35.596647] #1: 00000000b211240f (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.596664] [ 35.596667] stack backtrace: [ 35.596673] CPU: 1 PID: 4633 Comm: syz-executor523 Not tainted 4.19.0-rc1+ #217 [ 35.596680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.596683] Call Trace: [ 35.596687] dump_stack+0x1c9/0x2b4 [ 35.596691] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.596695] ? vprintk_func+0x100/0x117 [ 35.596700] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 35.596704] ? save_trace+0xe0/0x290 [ 35.596708] __lock_acquire+0x3449/0x5020 [ 35.596712] ? mark_held_locks+0x160/0x160 [ 35.596716] ? mark_held_locks+0x160/0x160 [ 35.596720] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.596725] ? is_bpf_text_address+0xd7/0x170 [ 35.596729] ? kernel_text_address+0x79/0xf0 [ 35.596733] ? __kernel_text_address+0xd/0x40 [ 35.596737] ? __save_stack_trace+0x8d/0xf0 [ 35.596742] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 35.596746] ? save_trace+0x290/0x290 [ 35.596750] ? save_stack_trace+0x1a/0x20 [ 35.596753] ? save_trace+0xe0/0x290 [ 35.596757] ? graph_lock+0x170/0x170 [ 35.596762] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.596766] lock_acquire+0x1e4/0x4f0 [ 35.596770] ? down_trylock+0x13/0x70 [ 35.596774] ? lock_release+0x9f0/0x9f0 [ 35.596778] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.596782] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.596786] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.596790] ? log_store+0x34f/0x4c0 [ 35.596794] ? vprintk_emit+0x31f/0x910 [ 35.596798] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.596802] ? down_trylock+0x13/0x70 [ 35.596806] down_trylock+0x13/0x70 [ 35.596810] __down_trylock_console_sem+0xae/0x200 [ 35.596814] console_trylock+0x15/0xa0 [ 35.596818] vprintk_emit+0x31f/0x910 [ 35.596822] ? wake_up_klogd+0x110/0x110 [ 35.596826] ? run_rebalance_domains+0x4c0/0x4c0 [ 35.596830] ? kasan_check_read+0x11/0x20 [ 35.596835] ? rcu_is_watching+0x8c/0x150 [ 35.596838] ? rcu_pm_notify+0xc0/0xc0 [ 35.596842] ? lock_acquire+0x1e4/0x4f0 [ 35.596846] ? kasan_report+0x8e/0x110 [ 35.596850] ? __schedule+0xf54/0x1df0 [ 35.596854] vprintk_default+0x28/0x30 [ 35.596858] vprintk_func+0x7a/0x117 [ 35.596861] printk+0xa7/0xcf [ 35.596865] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.596870] ? kasan_check_write+0x14/0x20 [ 35.596874] ? do_raw_spin_lock+0xc1/0x200 [ 35.596878] ? do_raw_spin_lock+0xc1/0x200 [ 35.596882] kasan_report+0x9e/0x110 [ 35.596886] __asan_report_load8_noabort+0x14/0x20 [ 35.596890] __schedule+0xf54/0x1df0 [ 35.596910] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.596914] ? __sched_text_start+0x8/0x8 [ 35.596917] ? __call_srcu+0x7e7/0x1040 [ 35.596921] ? check_same_owner+0x340/0x340 [ 35.596925] ? mark_held_locks+0x160/0x160 [ 35.596929] ? find_held_lock+0x36/0x1c0 [ 35.596933] preempt_schedule_common+0x22/0x60 [ 35.596937] _cond_resched+0x1d/0x30 [ 35.596941] wait_for_completion+0xa5/0x8d0 [ 35.596945] ? wait_for_completion_interruptible+0x950/0x950 [ 35.596954] ? __lockdep_init_map+0x105/0x590 [ 35.596959] ? __init_waitqueue_head+0x9e/0x150 [ 35.596963] ? init_wait_entry+0x1c0/0x1c0 [ 35.596967] __synchronize_srcu+0x189/0x240 [ 35.596970] ? call_srcu+0x10/0x10 [ 35.596974] ? rcu_unexpedite_gp+0x20/0x20 [ 35.596978] synchronize_srcu+0x335/0x56f [ 35.596982] ? lock_downgrade+0x8f0/0x8f0 [ 35.597002] ? synchronize_srcu_expedited+0x20/0x20 [ 35.597006] ? kasan_check_read+0x11/0x20 [ 35.597010] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.597014] ? kasan_check_write+0x14/0x20 [ 35.597018] ? do_raw_spin_lock+0xc1/0x200 [ 35.597023] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.597028] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.597032] ? kvfree+0x61/0x70 [ 35.597036] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.597040] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.597044] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.597049] ? kvm_arch_sync_events+0x30/0x30 [ 35.597053] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.597058] ? mmu_notifier_unregister+0x474/0x600 [ 35.597062] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.597066] ? kfree+0x111/0x210 [ 35.597070] ? __mmu_notifier_register+0x30/0x30 [ 35.597074] ? __free_pages+0x10a/0x190 [ 35.597078] ? free_unref_page+0x930/0x930 [ 35.597082] kvm_put_kvm+0x73f/0x1060 [ 35.597086] ? kvm_write_guest_cached+0x40/0x40 [ 35.597090] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.597095] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.597099] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.597103] ? kasan_check_write+0x14/0x20 [ 35.597107] ? do_raw_spin_lock+0xc1/0x200 [ 35.597111] ? kvm_irqfd_release+0xdd/0x120 [ 35.597115] ? kvm_irqfd_release+0xdd/0x120 [ 35.597119] ? kvm_put_kvm+0x1060/0x1060 [ 35.597123] kvm_vm_release+0x42/0x50 [ 35.597127] __fput+0x38a/0xa40 [ 35.597130] ? __alloc_file+0x400/0x400 [ 35.597135] ? check_same_owner+0x340/0x340 [ 35.597139] ? kasan_check_write+0x14/0x20 [ 35.597143] ? do_raw_spin_lock+0xc1/0x200 [ 35.597146] ____fput+0x15/0x20 [ 35.597150] task_work_run+0x1e8/0x2a0 [ 35.597154] ? task_work_cancel+0x240/0x240 [ 35.597159] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.597163] ? switch_task_namespaces+0xa2/0xd0 [ 35.597167] do_exit+0x1ae4/0x26e0 [ 35.597171] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.597175] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.597180] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.597183] ? kfree+0x1d7/0x210 [ 35.597188] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.597192] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.597197] ? is_bpf_text_address+0xd7/0x170 [ 35.597199] ? [ 35.597206] Lost 54 message(s)! [ 36.668905] Shutting down cpus with NMI [ 37.728573] Dumping ftrace buffer: [ 37.732096] (ftrace buffer empty) [ 37.735784] Kernel Offset: disabled [ 37.739394] Rebooting in 86400 seconds..