[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.449943] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.169014] random: sshd: uninitialized urandom read (32 bytes read) [ 27.499753] random: sshd: uninitialized urandom read (32 bytes read) [ 28.081352] random: sshd: uninitialized urandom read (32 bytes read) [ 28.261392] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.47' (ECDSA) to the list of known hosts. [ 33.823907] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.922721] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.948589] ================================================================== [ 33.958614] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.964859] Read of size 8 at addr ffff8801b66b8058 by task syz-executor435/4665 [ 33.972392] [ 33.974032] CPU: 1 PID: 4665 Comm: syz-executor435 Not tainted 4.19.0-rc2+ #225 [ 33.981471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.990836] Call Trace: [ 33.993424] dump_stack+0x1c9/0x2b4 [ 33.997049] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.002241] ? printk+0xa7/0xcf [ 34.005518] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.010275] ? __schedule+0xf54/0x1df0 [ 34.014164] print_address_description+0x6c/0x20b [ 34.019005] ? __schedule+0xf54/0x1df0 [ 34.022898] kasan_report.cold.7+0x242/0x30d [ 34.027331] __asan_report_load8_noabort+0x14/0x20 [ 34.032260] __schedule+0xf54/0x1df0 [ 34.035976] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.041083] ? __sched_text_start+0x8/0x8 [ 34.045244] ? __call_srcu+0x7e7/0x1040 [ 34.049225] ? check_same_owner+0x340/0x340 [ 34.053540] ? mark_held_locks+0x160/0x160 [ 34.057774] ? find_held_lock+0x36/0x1c0 [ 34.061847] preempt_schedule_common+0x22/0x60 [ 34.066429] _cond_resched+0x1d/0x30 [ 34.070142] wait_for_completion+0xa5/0x8d0 [ 34.074465] ? wait_for_completion_interruptible+0x950/0x950 [ 34.080262] ? __lockdep_init_map+0x105/0x590 [ 34.084759] ? __init_waitqueue_head+0x9e/0x150 [ 34.089427] ? init_wait_entry+0x1c0/0x1c0 [ 34.093661] __synchronize_srcu+0x189/0x240 [ 34.097979] ? call_srcu+0x10/0x10 [ 34.101516] ? rcu_unexpedite_gp+0x20/0x20 [ 34.105776] synchronize_srcu+0x335/0x56f [ 34.109948] ? lock_downgrade+0x8f0/0x8f0 [ 34.114097] ? synchronize_srcu_expedited+0x20/0x20 [ 34.119118] ? kasan_check_read+0x11/0x20 [ 34.123263] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.127843] ? kasan_check_write+0x14/0x20 [ 34.132075] ? do_raw_spin_lock+0xc1/0x200 [ 34.136311] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.142020] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.147475] ? kvfree+0x61/0x70 [ 34.150751] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.155782] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.159855] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.164267] ? kvm_arch_sync_events+0x30/0x30 [ 34.168762] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.174303] ? mmu_notifier_unregister+0x474/0x600 [ 34.179239] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.183645] ? kfree+0x111/0x210 [ 34.187025] ? __mmu_notifier_register+0x30/0x30 [ 34.191781] ? __free_pages+0x10a/0x190 [ 34.195786] ? free_unref_page+0x930/0x930 [ 34.200039] kvm_put_kvm+0x73f/0x1060 [ 34.203846] ? kvm_write_guest_cached+0x40/0x40 [ 34.208517] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.213012] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.217508] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.222093] ? kasan_check_write+0x14/0x20 [ 34.226324] ? do_raw_spin_lock+0xc1/0x200 [ 34.230570] ? kvm_irqfd_release+0xdd/0x120 [ 34.234895] ? kvm_irqfd_release+0xdd/0x120 [ 34.239226] ? kvm_put_kvm+0x1060/0x1060 [ 34.243284] kvm_vm_release+0x42/0x50 [ 34.247093] __fput+0x38a/0xa40 [ 34.250372] ? __alloc_file+0x400/0x400 [ 34.254352] ? check_same_owner+0x340/0x340 [ 34.258673] ? kasan_check_write+0x14/0x20 [ 34.262929] ? do_raw_spin_lock+0xc1/0x200 [ 34.267162] ____fput+0x15/0x20 [ 34.270461] task_work_run+0x1e8/0x2a0 [ 34.274346] ? task_work_cancel+0x240/0x240 [ 34.278669] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.284204] ? switch_task_namespaces+0xa2/0xd0 [ 34.288871] do_exit+0x1ae4/0x26e0 [ 34.292424] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.297098] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.301332] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.306344] ? kfree+0x1d7/0x210 [ 34.309711] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.313945] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.319667] ? is_bpf_text_address+0xd7/0x170 [ 34.324163] ? kernel_text_address+0x79/0xf0 [ 34.328573] ? __kernel_text_address+0xd/0x40 [ 34.333101] ? unwind_get_return_address+0x61/0xa0 [ 34.338033] ? __save_stack_trace+0x8d/0xf0 [ 34.342358] ? save_stack+0xa9/0xd0 [ 34.345982] ? save_stack+0x43/0xd0 [ 34.349605] ? __kasan_slab_free+0x11a/0x170 [ 34.354012] ? kasan_slab_free+0xe/0x10 [ 34.357985] ? putname+0xf2/0x130 [ 34.361437] ? __x64_sys_openat+0x9d/0x100 [ 34.365666] ? do_syscall_64+0x1b9/0x820 [ 34.369734] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.375184] ? trace_hardirqs_off+0xb8/0x2c0 [ 34.379592] ? kasan_check_read+0x11/0x20 [ 34.383736] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.388141] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.392549] ? initcall_blacklisted+0x9a/0x1e0 [ 34.397143] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.402248] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.407960] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.413496] ? do_vfs_ioctl+0x201/0x1720 [ 34.417564] ? rcu_is_watching+0x8c/0x150 [ 34.421721] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.426040] ? ioctl_preallocate+0x300/0x300 [ 34.430455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.436002] ? __fget_light+0x2f7/0x440 [ 34.439975] ? fget_raw+0x20/0x20 [ 34.443433] ? putname+0xf2/0x130 [ 34.446909] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.451922] ? kmem_cache_free+0x246/0x280 [ 34.456169] ? putname+0xf7/0x130 [ 34.459626] do_group_exit+0x177/0x440 [ 34.463524] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.467840] ? __ia32_sys_exit+0x50/0x50 [ 34.471901] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.477034] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.482575] ? ksys_ioctl+0x81/0xd0 [ 34.486202] __x64_sys_exit_group+0x3e/0x50 [ 34.490545] do_syscall_64+0x1b9/0x820 [ 34.494431] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.499792] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.504728] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.509569] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 34.514583] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.519601] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.524623] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.529469] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.534663] RIP: 0033:0x43ef08 [ 34.537872] Code: Bad RIP value. [ 34.541234] RSP: 002b:00007ffe604a33e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.548959] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 34.556228] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.563493] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.570758] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.578023] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.585726] [ 34.587350] Allocated by task 4665: [ 34.590976] save_stack+0x43/0xd0 [ 34.594457] kasan_kmalloc+0xc4/0xe0 [ 34.598180] kasan_slab_alloc+0x12/0x20 [ 34.602153] kmem_cache_alloc+0x12e/0x710 [ 34.606297] vmx_create_vcpu+0xcf/0x2830 [ 34.610366] kvm_arch_vcpu_create+0xe5/0x220 [ 34.614773] kvm_vm_ioctl+0x488/0x1d80 [ 34.618665] do_vfs_ioctl+0x1de/0x1720 [ 34.622548] ksys_ioctl+0xa9/0xd0 [ 34.626000] __x64_sys_ioctl+0x73/0xb0 [ 34.629891] do_syscall_64+0x1b9/0x820 [ 34.633774] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.638960] [ 34.640591] Freed by task 4665: [ 34.643863] save_stack+0x43/0xd0 [ 34.647316] __kasan_slab_free+0x11a/0x170 [ 34.651548] kasan_slab_free+0xe/0x10 [ 34.655346] kmem_cache_free+0x86/0x280 [ 34.659321] vmx_free_vcpu+0x26b/0x300 [ 34.663210] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.667615] kvm_put_kvm+0x73f/0x1060 [ 34.671422] kvm_vm_release+0x42/0x50 [ 34.675228] __fput+0x38a/0xa40 [ 34.678508] ____fput+0x15/0x20 [ 34.681823] task_work_run+0x1e8/0x2a0 [ 34.685712] do_exit+0x1ae4/0x26e0 [ 34.689252] do_group_exit+0x177/0x440 [ 34.693135] __x64_sys_exit_group+0x3e/0x50 [ 34.697452] do_syscall_64+0x1b9/0x820 [ 34.701335] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.706508] [ 34.708131] The buggy address belongs to the object at ffff8801b66b8040 [ 34.708131] which belongs to the cache kvm_vcpu of size 23872 [ 34.720719] The buggy address is located 24 bytes inside of [ 34.720719] 23872-byte region [ffff8801b66b8040, ffff8801b66bdd80) [ 34.732672] The buggy address belongs to the page: [ 34.737598] page:ffffea0006d9ae00 count:1 mapcount:0 mapping:ffff8801d538ab40 index:0x0 compound_mapcount: 0 [ 34.747565] flags: 0x2fffc0000008100(slab|head) [ 34.752234] raw: 02fffc0000008100 ffff8801d5385948 ffff8801d5385948 ffff8801d538ab40 [ 34.760113] raw: 0000000000000000 ffff8801b66b8040 0000000100000001 0000000000000000 [ 34.767984] page dumped because: kasan: bad access detected [ 34.773683] [ 34.775305] Memory state around the buggy address: [ 34.780228] ffff8801b66b7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.787576] ffff8801b66b7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.794956] >ffff8801b66b8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.802307] ^ [ 34.808533] ffff8801b66b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.815919] ffff8801b66b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.823277] ================================================================== [ 34.830626] Kernel panic - not syncing: panic_on_warn set ... [ 34.830626] [ 34.837988] CPU: 1 PID: 4665 Comm: syz-executor435 Tainted: G B 4.19.0-rc2+ #225 [ 34.846819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.856166] Call Trace: [ 34.858755] dump_stack+0x1c9/0x2b4 [ 34.862384] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.867587] ? lock_downgrade+0x8f0/0x8f0 [ 34.871731] ? __schedule+0xf54/0x1df0 [ 34.875616] panic+0x238/0x4e7 [ 34.878812] ? add_taint.cold.5+0x16/0x16 [ 34.882966] ? print_shadow_for_address+0xba/0x116 [ 34.887896] ? trace_hardirqs_off+0xaf/0x2c0 [ 34.892345] ? trace_hardirqs_off+0x77/0x2c0 [ 34.896752] ? __schedule+0xf54/0x1df0 [ 34.900658] kasan_end_report+0x47/0x4f [ 34.904641] kasan_report.cold.7+0x76/0x30d [ 34.908962] __asan_report_load8_noabort+0x14/0x20 [ 34.913892] __schedule+0xf54/0x1df0 [ 34.917606] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.922712] ? __sched_text_start+0x8/0x8 [ 34.926859] ? __call_srcu+0x7e7/0x1040 [ 34.930848] ? check_same_owner+0x340/0x340 [ 34.935166] ? mark_held_locks+0x160/0x160 [ 34.939399] ? find_held_lock+0x36/0x1c0 [ 34.943491] preempt_schedule_common+0x22/0x60 [ 34.948068] _cond_resched+0x1d/0x30 [ 34.951781] wait_for_completion+0xa5/0x8d0 [ 34.956124] ? wait_for_completion_interruptible+0x950/0x950 [ 34.961944] ? __lockdep_init_map+0x105/0x590 [ 34.966439] ? __init_waitqueue_head+0x9e/0x150 [ 34.971103] ? init_wait_entry+0x1c0/0x1c0 [ 34.975340] __synchronize_srcu+0x189/0x240 [ 34.979656] ? call_srcu+0x10/0x10 [ 34.983194] ? rcu_unexpedite_gp+0x20/0x20 [ 34.987445] synchronize_srcu+0x335/0x56f [ 34.991599] ? lock_downgrade+0x8f0/0x8f0 [ 34.995745] ? synchronize_srcu_expedited+0x20/0x20 [ 35.000761] ? kasan_check_read+0x11/0x20 [ 35.004911] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.009495] ? kasan_check_write+0x14/0x20 [ 35.013729] ? do_raw_spin_lock+0xc1/0x200 [ 35.017969] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.023676] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.029137] ? kvfree+0x61/0x70 [ 35.032418] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.037432] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.041489] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.045906] ? kvm_arch_sync_events+0x30/0x30 [ 35.050405] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.055946] ? mmu_notifier_unregister+0x474/0x600 [ 35.060876] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.065289] ? kfree+0x111/0x210 [ 35.068675] ? __mmu_notifier_register+0x30/0x30 [ 35.073431] ? __free_pages+0x10a/0x190 [ 35.077406] ? free_unref_page+0x930/0x930 [ 35.081648] kvm_put_kvm+0x73f/0x1060 [ 35.085453] ? kvm_write_guest_cached+0x40/0x40 [ 35.090126] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.094633] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.099138] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.103727] ? kasan_check_write+0x14/0x20 [ 35.107960] ? do_raw_spin_lock+0xc1/0x200 [ 35.112193] ? kvm_irqfd_release+0xdd/0x120 [ 35.116511] ? kvm_irqfd_release+0xdd/0x120 [ 35.120843] ? kvm_put_kvm+0x1060/0x1060 [ 35.124906] kvm_vm_release+0x42/0x50 [ 35.128708] __fput+0x38a/0xa40 [ 35.132006] ? __alloc_file+0x400/0x400 [ 35.135983] ? check_same_owner+0x340/0x340 [ 35.140302] ? kasan_check_write+0x14/0x20 [ 35.144536] ? do_raw_spin_lock+0xc1/0x200 [ 35.148783] ____fput+0x15/0x20 [ 35.152066] task_work_run+0x1e8/0x2a0 [ 35.155994] ? task_work_cancel+0x240/0x240 [ 35.160319] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.165853] ? switch_task_namespaces+0xa2/0xd0 [ 35.170524] do_exit+0x1ae4/0x26e0 [ 35.174064] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.178736] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.182972] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.187983] ? kfree+0x1d7/0x210 [ 35.191350] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.195605] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.201313] ? is_bpf_text_address+0xd7/0x170 [ 35.205839] ? kernel_text_address+0x79/0xf0 [ 35.210249] ? __kernel_text_address+0xd/0x40 [ 35.214741] ? unwind_get_return_address+0x61/0xa0 [ 35.219679] ? __save_stack_trace+0x8d/0xf0 [ 35.224005] ? save_stack+0xa9/0xd0 [ 35.227633] ? save_stack+0x43/0xd0 [ 35.231260] ? __kasan_slab_free+0x11a/0x170 [ 35.235682] ? kasan_slab_free+0xe/0x10 [ 35.239663] ? putname+0xf2/0x130 [ 35.243114] ? __x64_sys_openat+0x9d/0x100 [ 35.247375] ? do_syscall_64+0x1b9/0x820 [ 35.251435] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.256808] ? trace_hardirqs_off+0xb8/0x2c0 [ 35.261216] ? kasan_check_read+0x11/0x20 [ 35.265362] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.269778] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.274199] ? initcall_blacklisted+0x9a/0x1e0 [ 35.278782] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.283900] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.289612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.295150] ? do_vfs_ioctl+0x201/0x1720 [ 35.299210] ? rcu_is_watching+0x8c/0x150 [ 35.303355] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.307680] ? ioctl_preallocate+0x300/0x300 [ 35.312088] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.317633] ? __fget_light+0x2f7/0x440 [ 35.321607] ? fget_raw+0x20/0x20 [ 35.325056] ? putname+0xf2/0x130 [ 35.328513] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.333533] ? kmem_cache_free+0x246/0x280 [ 35.337759] ? putname+0xf7/0x130 [ 35.341230] do_group_exit+0x177/0x440 [ 35.345116] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.349437] ? __ia32_sys_exit+0x50/0x50 [ 35.353507] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.358608] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.364168] ? ksys_ioctl+0x81/0xd0 [ 35.367822] __x64_sys_exit_group+0x3e/0x50 [ 35.372146] do_syscall_64+0x1b9/0x820 [ 35.376040] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.381406] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.386330] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.391173] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 35.396212] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.401227] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.406246] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.411089] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.416286] RIP: 0033:0x43ef08 [ 35.419490] Code: Bad RIP value. [ 35.422847] RSP: 002b:00007ffe604a33e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.430565] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 35.437843] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.445107] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.452389] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.459655] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.466932] [ 35.466937] ====================================================== [ 35.466942] WARNING: possible circular locking dependency detected [ 35.466946] 4.19.0-rc2+ #225 Not tainted [ 35.466952] ------------------------------------------------------ [ 35.466956] syz-executor435/4665 is trying to acquire lock: [ 35.466960] 000000004bea2b6d ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 35.466974] [ 35.466978] but task is already holding lock: [ 35.466981] 0000000034d56f92 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.466995] [ 35.467000] which lock already depends on the new lock. [ 35.467002] [ 35.467004] [ 35.467009] the existing dependency chain (in reverse order) is: [ 35.467011] [ 35.467014] -> #3 (report_lock){....}: [ 35.467028] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.467032] kasan_report+0x8e/0x110 [ 35.467036] __asan_report_load8_noabort+0x14/0x20 [ 35.467040] __schedule+0xf54/0x1df0 [ 35.467044] preempt_schedule_common+0x22/0x60 [ 35.467048] _cond_resched+0x1d/0x30 [ 35.467052] wait_for_completion+0xa5/0x8d0 [ 35.467056] __synchronize_srcu+0x189/0x240 [ 35.467060] synchronize_srcu+0x335/0x56f [ 35.467065] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.467069] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.467073] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.467076] kvm_put_kvm+0x73f/0x1060 [ 35.467080] kvm_vm_release+0x42/0x50 [ 35.467083] __fput+0x38a/0xa40 [ 35.467087] ____fput+0x15/0x20 [ 35.467091] task_work_run+0x1e8/0x2a0 [ 35.467094] do_exit+0x1ae4/0x26e0 [ 35.467098] do_group_exit+0x177/0x440 [ 35.467102] __x64_sys_exit_group+0x3e/0x50 [ 35.467106] do_syscall_64+0x1b9/0x820 [ 35.467111] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.467113] [ 35.467115] -> #2 (&rq->lock){-.-.}: [ 35.467129] _raw_spin_lock+0x2a/0x40 [ 35.467132] task_fork_fair+0x93/0x680 [ 35.467136] sched_fork+0x44b/0xbd0 [ 35.467140] copy_process+0x235e/0x7af0 [ 35.467143] _do_fork+0x1ca/0x1170 [ 35.467147] kernel_thread+0x34/0x40 [ 35.467151] rest_init+0x22/0xe4 [ 35.467154] start_kernel+0x913/0x94e [ 35.467159] x86_64_start_reservations+0x29/0x2b [ 35.467163] x86_64_start_kernel+0x76/0x79 [ 35.467167] secondary_startup_64+0xa4/0xb0 [ 35.467169] [ 35.467171] -> #1 (&p->pi_lock){-.-.}: [ 35.467185] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.467189] try_to_wake_up+0xd2/0x1250 [ 35.467193] wake_up_process+0x10/0x20 [ 35.467196] __up.isra.1+0x1c0/0x2a0 [ 35.467200] up+0x13c/0x1c0 [ 35.467204] __up_console_sem+0xbe/0x1b0 [ 35.467207] console_unlock+0x506/0x10e0 [ 35.467211] vprintk_emit+0x33a/0x910 [ 35.467215] vprintk_default+0x28/0x30 [ 35.467219] vprintk_func+0x7a/0x117 [ 35.467222] printk+0xa7/0xcf [ 35.467225] load_umh+0x51/0xbd [ 35.467229] do_one_initcall+0x127/0x838 [ 35.467234] kernel_init_freeable+0x4bb/0x5ae [ 35.467237] kernel_init+0x11/0x1b3 [ 35.467241] ret_from_fork+0x3a/0x50 [ 35.467243] [ 35.467245] -> #0 ((console_sem).lock){-...}: [ 35.467259] lock_acquire+0x1e4/0x4f0 [ 35.467264] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.467267] down_trylock+0x13/0x70 [ 35.467272] __down_trylock_console_sem+0xae/0x200 [ 35.467275] console_trylock+0x15/0xa0 [ 35.467279] vprintk_emit+0x31f/0x910 [ 35.467283] vprintk_default+0x28/0x30 [ 35.467287] vprintk_func+0x7a/0x117 [ 35.467290] printk+0xa7/0xcf [ 35.467294] kasan_report+0x9e/0x110 [ 35.467298] __asan_report_load8_noabort+0x14/0x20 [ 35.467302] __schedule+0xf54/0x1df0 [ 35.467306] preempt_schedule_common+0x22/0x60 [ 35.467310] _cond_resched+0x1d/0x30 [ 35.467314] wait_for_completion+0xa5/0x8d0 [ 35.467318] __synchronize_srcu+0x189/0x240 [ 35.467322] synchronize_srcu+0x335/0x56f [ 35.467340] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.467344] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.467348] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.467364] kvm_put_kvm+0x73f/0x1060 [ 35.467368] kvm_vm_release+0x42/0x50 [ 35.467371] __fput+0x38a/0xa40 [ 35.467374] ____fput+0x15/0x20 [ 35.467378] task_work_run+0x1e8/0x2a0 [ 35.467382] do_exit+0x1ae4/0x26e0 [ 35.467385] do_group_exit+0x177/0x440 [ 35.467389] __x64_sys_exit_group+0x3e/0x50 [ 35.467394] do_syscall_64+0x1b9/0x820 [ 35.467399] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.467401] [ 35.467405] other info that might help us debug this: [ 35.467407] [ 35.467410] Chain exists of: [ 35.467412] (console_sem).lock --> &rq->lock --> report_lock [ 35.467430] [ 35.467434] Possible unsafe locking scenario: [ 35.467436] [ 35.467440] CPU0 CPU1 [ 35.467444] ---- ---- [ 35.467446] lock(report_lock); [ 35.467456] lock(&rq->lock); [ 35.467465] lock(report_lock); [ 35.467472] lock((console_sem).lock); [ 35.467480] [ 35.467483] *** DEADLOCK *** [ 35.467486] [ 35.467490] 2 locks held by syz-executor435/4665: [ 35.467492] #0: 00000000693c8d60 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 35.467508] #1: 0000000034d56f92 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.467525] [ 35.467528] stack backtrace: [ 35.467534] CPU: 1 PID: 4665 Comm: syz-executor435 Not tainted 4.19.0-rc2+ #225 [ 35.467541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.467544] Call Trace: [ 35.467547] dump_stack+0x1c9/0x2b4 [ 35.467552] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.467556] ? vprintk_func+0x100/0x117 [ 35.467560] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 35.467564] ? save_trace+0xe0/0x290 [ 35.467568] __lock_acquire+0x3449/0x5020 [ 35.467572] ? mark_held_locks+0x160/0x160 [ 35.467576] ? mark_held_locks+0x160/0x160 [ 35.467580] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.467584] ? is_bpf_text_address+0xd7/0x170 [ 35.467588] ? kernel_text_address+0x79/0xf0 [ 35.467592] ? __kernel_text_address+0xd/0x40 [ 35.467596] ? __save_stack_trace+0x8d/0xf0 [ 35.467601] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 35.467604] ? save_trace+0x290/0x290 [ 35.467608] ? save_stack_trace+0x1a/0x20 [ 35.467612] ? save_trace+0xe0/0x290 [ 35.467616] ? graph_lock+0x170/0x170 [ 35.467620] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.467624] lock_acquire+0x1e4/0x4f0 [ 35.467628] ? down_trylock+0x13/0x70 [ 35.467632] ? lock_release+0x9f0/0x9f0 [ 35.467636] ? trace_hardirqs_off+0xb8/0x2c0 [ 35.467640] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.467644] ? trace_hardirqs_off+0xb8/0x2c0 [ 35.467647] ? log_store+0x34f/0x4c0 [ 35.467651] ? vprintk_emit+0x31f/0x910 [ 35.467655] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.467659] ? down_trylock+0x13/0x70 [ 35.467663] down_trylock+0x13/0x70 [ 35.467667] __down_trylock_console_sem+0xae/0x200 [ 35.467671] console_trylock+0x15/0xa0 [ 35.467674] vprintk_emit+0x31f/0x910 [ 35.467678] ? wake_up_klogd+0x110/0x110 [ 35.467682] ? run_rebalance_domains+0x4c0/0x4c0 [ 35.467686] ? kasan_check_read+0x11/0x20 [ 35.467690] ? rcu_is_watching+0x8c/0x150 [ 35.467694] ? rcu_pm_notify+0xc0/0xc0 [ 35.467698] ? lock_acquire+0x1e4/0x4f0 [ 35.467702] ? kasan_report+0x8e/0x110 [ 35.467705] ? __schedule+0xf54/0x1df0 [ 35.467709] vprintk_default+0x28/0x30 [ 35.467713] vprintk_func+0x7a/0x117 [ 35.467716] printk+0xa7/0xcf [ 35.467720] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.467724] ? kasan_check_write+0x14/0x20 [ 35.467728] ? do_raw_spin_lock+0xc1/0x200 [ 35.467732] ? do_raw_spin_lock+0xc1/0x200 [ 35.467736] kasan_report+0x9e/0x110 [ 35.467740] __asan_report_load8_noabort+0x14/0x20 [ 35.467744] __schedule+0xf54/0x1df0 [ 35.467748] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.467752] ? __sched_text_start+0x8/0x8 [ 35.467756] ? __call_srcu+0x7e7/0x1040 [ 35.467760] ? check_same_owner+0x340/0x340 [ 35.467764] ? mark_held_locks+0x160/0x160 [ 35.467768] ? find_held_lock+0x36/0x1c0 [ 35.467772] preempt_schedule_common+0x22/0x60 [ 35.467775] _cond_resched+0x1d/0x30 [ 35.467779] wait_for_completion+0xa5/0x8d0 [ 35.467784] ? wait_for_completion_interruptible+0x950/0x950 [ 35.467788] ? __lockdep_init_map+0x105/0x590 [ 35.467792] ? __init_waitqueue_head+0x9e/0x150 [ 35.467796] ? init_wait_entry+0x1c0/0x1c0 [ 35.467809] __synchronize_srcu+0x189/0x240 [ 35.467812] ? call_srcu+0x10/0x10 [ 35.467816] ? rcu_unexpedite_gp+0x20/0x20 [ 35.467820] synchronize_srcu+0x335/0x56f [ 35.467824] ? lock_downgrade+0x8f0/0x8f0 [ 35.467829] ? synchronize_srcu_expedited+0x20/0x20 [ 35.467833] ? kasan_check_read+0x11/0x20 [ 35.467837] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.467841] ? kasan_check_write+0x14/0x20 [ 35.467845] ? do_raw_spin_lock+0xc1/0x200 [ 35.467850] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.467855] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.467858] ? kvfree+0x61/0x70 [ 35.467863] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.467867] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.467871] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.467875] ? kvm_arch_sync_events+0x30/0x30 [ 35.467880] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.467890] ? mmu_notifier_unregister+0x474/0x600 [ 35.467894] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.467897] ? kfree+0x111/0x210 [ 35.467902] ? __mmu_notifier_register+0x30/0x30 [ 35.467905] ? __free_pages+0x10a/0x190 [ 35.467909] ? free_unref_page+0x930/0x930 [ 35.467913] kvm_put_kvm+0x73f/0x1060 [ 35.467917] ? kvm_write_guest_cached+0x40/0x40 [ 35.467921] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.467925] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.467930] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.467934] ? kasan_check_write+0x14/0x20 [ 35.467938] ? do_raw_spin_lock+0xc1/0x200 [ 35.467942] ? kvm_irqfd_release+0xdd/0x120 [ 35.467946] ? kvm_irqfd_release+0xdd/0x120 [ 35.467950] ? kvm_put_kvm+0x1060/0x1060 [ 35.467953] kvm_vm_release+0x42/0x50 [ 35.467957] __fput+0x38a/0xa40 [ 35.467961] ? __alloc_file+0x400/0x400 [ 35.467965] ? check_same_owner+0x340/0x340 [ 35.467969] ? kasan_check_write+0x14/0x20 [ 35.467973] ? do_raw_spin_lock+0xc1/0x200 [ 35.467976] ____fput+0x15/0x20 [ 35.467981] task_work_run+0x1e8/0x2a0 [ 35.467985] ? task_work_cancel+0x240/0x240 [ 35.467990] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.467994] ? switch_task_namespaces+0xa2/0xd0 [ 35.467998] do_exit+0x1ae4/0x26e0 [ 35.468002] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.468006] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.468010] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.468014] ? kfree+0x1d7/0x210 [ 35.468017] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.468022] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.468026] ? is_bpf_text_address+0xd7/0x170 [ 35.468029] ? [ 35.468036] Lost 55 message(s)! [ 36.555616] Shutting down cpus with NMI [ 37.615582] Dumping ftrace buffer: [ 37.619114] (ftrace buffer empty) [ 37.622811] Kernel Offset: disabled [ 37.626435] Rebooting in 86400 seconds..