[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.351409] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.926184] random: sshd: uninitialized urandom read (32 bytes read) [ 26.190024] random: sshd: uninitialized urandom read (32 bytes read) [ 26.737095] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts. [ 32.660767] urandom_read: 1 callbacks suppressed [ 32.660772] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 32.763892] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 32.789319] ================================================================== [ 32.799234] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 32.805462] Read of size 8 at addr ffff8801ba490058 by task syz-executor896/4633 [ 32.812981] [ 32.814604] CPU: 1 PID: 4633 Comm: syz-executor896 Not tainted 4.19.0-rc1+ #217 [ 32.822040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.831380] Call Trace: [ 32.833966] dump_stack+0x1c9/0x2b4 [ 32.837592] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.842779] ? printk+0xa7/0xcf [ 32.846054] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.850814] ? __schedule+0xf54/0x1df0 [ 32.854709] print_address_description+0x6c/0x20b [ 32.859549] ? __schedule+0xf54/0x1df0 [ 32.863474] kasan_report.cold.7+0x242/0x30d [ 32.867878] __asan_report_load8_noabort+0x14/0x20 [ 32.872836] __schedule+0xf54/0x1df0 [ 32.876542] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.881645] ? __sched_text_start+0x8/0x8 [ 32.885789] ? __call_srcu+0x7e7/0x1040 [ 32.889769] ? check_same_owner+0x340/0x340 [ 32.894086] ? mark_held_locks+0x160/0x160 [ 32.898314] ? find_held_lock+0x36/0x1c0 [ 32.902374] preempt_schedule_common+0x22/0x60 [ 32.906955] _cond_resched+0x1d/0x30 [ 32.910666] wait_for_completion+0xa5/0x8d0 [ 32.914993] ? wait_for_completion_interruptible+0x950/0x950 [ 32.920787] ? __lockdep_init_map+0x105/0x590 [ 32.925285] ? __init_waitqueue_head+0x9e/0x150 [ 32.929951] ? init_wait_entry+0x1c0/0x1c0 [ 32.934190] __synchronize_srcu+0x189/0x240 [ 32.938504] ? call_srcu+0x10/0x10 [ 32.942040] ? rcu_unexpedite_gp+0x20/0x20 [ 32.946278] synchronize_srcu+0x335/0x56f [ 32.950420] ? lock_downgrade+0x8f0/0x8f0 [ 32.954566] ? synchronize_srcu_expedited+0x20/0x20 [ 32.959582] ? kasan_check_read+0x11/0x20 [ 32.963729] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.968307] ? kasan_check_write+0x14/0x20 [ 32.972536] ? do_raw_spin_lock+0xc1/0x200 [ 32.976772] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.982480] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.987926] ? kvfree+0x61/0x70 [ 32.991203] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.996217] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.000271] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.004676] ? kvm_arch_sync_events+0x30/0x30 [ 33.009178] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.014732] ? mmu_notifier_unregister+0x474/0x600 [ 33.019670] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.024080] ? kfree+0x111/0x210 [ 33.027443] ? __mmu_notifier_register+0x30/0x30 [ 33.032205] ? __free_pages+0x10a/0x190 [ 33.036177] ? free_unref_page+0x930/0x930 [ 33.040416] kvm_put_kvm+0x73f/0x1060 [ 33.044218] ? kvm_write_guest_cached+0x40/0x40 [ 33.048888] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.053378] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.057869] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.062457] ? kasan_check_write+0x14/0x20 [ 33.066696] ? do_raw_spin_lock+0xc1/0x200 [ 33.070931] ? kvm_irqfd_release+0xdd/0x120 [ 33.075249] ? kvm_irqfd_release+0xdd/0x120 [ 33.079566] ? kvm_put_kvm+0x1060/0x1060 [ 33.083658] kvm_vm_release+0x42/0x50 [ 33.087467] __fput+0x38a/0xa40 [ 33.090743] ? __alloc_file+0x400/0x400 [ 33.094722] ? check_same_owner+0x340/0x340 [ 33.099038] ? kasan_check_write+0x14/0x20 [ 33.103270] ? do_raw_spin_lock+0xc1/0x200 [ 33.107498] ____fput+0x15/0x20 [ 33.110773] task_work_run+0x1e8/0x2a0 [ 33.114657] ? task_work_cancel+0x240/0x240 [ 33.118999] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.124531] ? switch_task_namespaces+0xa2/0xd0 [ 33.129198] do_exit+0x1ae4/0x26e0 [ 33.132738] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.137410] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.141659] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.146679] ? kfree+0x1d7/0x210 [ 33.150053] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.154283] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.159990] ? is_bpf_text_address+0xd7/0x170 [ 33.164479] ? kernel_text_address+0x79/0xf0 [ 33.168881] ? __kernel_text_address+0xd/0x40 [ 33.173375] ? unwind_get_return_address+0x61/0xa0 [ 33.178304] ? __save_stack_trace+0x8d/0xf0 [ 33.182627] ? save_stack+0xa9/0xd0 [ 33.186248] ? save_stack+0x43/0xd0 [ 33.189868] ? __kasan_slab_free+0x11a/0x170 [ 33.194274] ? kasan_slab_free+0xe/0x10 [ 33.198249] ? putname+0xf2/0x130 [ 33.201709] ? __x64_sys_openat+0x9d/0x100 [ 33.205942] ? do_syscall_64+0x1b9/0x820 [ 33.210001] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.215363] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.219768] ? kasan_check_read+0x11/0x20 [ 33.223913] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.228318] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.232729] ? initcall_blacklisted+0x9a/0x1e0 [ 33.237314] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.242417] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.248130] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.253663] ? do_vfs_ioctl+0x201/0x1720 [ 33.257726] ? rcu_is_watching+0x8c/0x150 [ 33.261868] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.266186] ? ioctl_preallocate+0x300/0x300 [ 33.270624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.276160] ? __fget_light+0x2f7/0x440 [ 33.280128] ? fget_raw+0x20/0x20 [ 33.283573] ? putname+0xf2/0x130 [ 33.287040] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.292054] ? kmem_cache_free+0x246/0x280 [ 33.296286] ? putname+0xf7/0x130 [ 33.299741] do_group_exit+0x177/0x440 [ 33.303626] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.307957] ? __ia32_sys_exit+0x50/0x50 [ 33.312080] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.317183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.322724] ? ksys_ioctl+0x81/0xd0 [ 33.326347] __x64_sys_exit_group+0x3e/0x50 [ 33.330664] do_syscall_64+0x1b9/0x820 [ 33.334552] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.339926] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.344850] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.349697] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.354732] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 33.359761] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.364793] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.369637] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.374994] RIP: 0033:0x43ef08 [ 33.378185] Code: Bad RIP value. [ 33.381543] RSP: 002b:00007ffc1b8c14d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.389246] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 33.396507] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.403773] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.411042] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.418309] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.425577] [ 33.427195] Allocated by task 4633: [ 33.430821] save_stack+0x43/0xd0 [ 33.434266] kasan_kmalloc+0xc4/0xe0 [ 33.437971] kasan_slab_alloc+0x12/0x20 [ 33.441941] kmem_cache_alloc+0x12e/0x710 [ 33.446086] vmx_create_vcpu+0xcf/0x2830 [ 33.450142] kvm_arch_vcpu_create+0xe5/0x220 [ 33.454549] kvm_vm_ioctl+0x488/0x1d80 [ 33.458429] do_vfs_ioctl+0x1de/0x1720 [ 33.462315] ksys_ioctl+0xa9/0xd0 [ 33.465764] __x64_sys_ioctl+0x73/0xb0 [ 33.469648] do_syscall_64+0x1b9/0x820 [ 33.473532] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.478711] [ 33.480328] Freed by task 4633: [ 33.483599] save_stack+0x43/0xd0 [ 33.487048] __kasan_slab_free+0x11a/0x170 [ 33.491275] kasan_slab_free+0xe/0x10 [ 33.495071] kmem_cache_free+0x86/0x280 [ 33.499039] vmx_free_vcpu+0x26b/0x300 [ 33.502921] kvm_arch_destroy_vm+0x365/0x7c0 [ 33.507323] kvm_put_kvm+0x73f/0x1060 [ 33.511117] kvm_vm_release+0x42/0x50 [ 33.514912] __fput+0x38a/0xa40 [ 33.518188] ____fput+0x15/0x20 [ 33.521464] task_work_run+0x1e8/0x2a0 [ 33.525831] do_exit+0x1ae4/0x26e0 [ 33.529364] do_group_exit+0x177/0x440 [ 33.533243] __x64_sys_exit_group+0x3e/0x50 [ 33.537567] do_syscall_64+0x1b9/0x820 [ 33.541457] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.546632] [ 33.548257] The buggy address belongs to the object at ffff8801ba490040 [ 33.548257] which belongs to the cache kvm_vcpu of size 23872 [ 33.560828] The buggy address is located 24 bytes inside of [ 33.560828] 23872-byte region [ffff8801ba490040, ffff8801ba495d80) [ 33.572786] The buggy address belongs to the page: [ 33.577723] page:ffffea0006e92400 count:1 mapcount:0 mapping:ffff8801d4aa3d80 index:0x0 compound_mapcount: 0 [ 33.587701] flags: 0x2fffc0000008100(slab|head) [ 33.592374] raw: 02fffc0000008100 ffff8801d51fe348 ffff8801d51fe348 ffff8801d4aa3d80 [ 33.600251] raw: 0000000000000000 ffff8801ba490040 0000000100000001 0000000000000000 [ 33.608121] page dumped because: kasan: bad access detected [ 33.613819] [ 33.615431] Memory state around the buggy address: [ 33.620358] ffff8801ba48ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.627723] ffff8801ba48ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.635076] >ffff8801ba490000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 33.642427] ^ [ 33.648655] ffff8801ba490080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.656008] ffff8801ba490100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.663355] ================================================================== [ 33.670709] Kernel panic - not syncing: panic_on_warn set ... [ 33.670709] [ 33.678073] CPU: 1 PID: 4633 Comm: syz-executor896 Tainted: G B 4.19.0-rc1+ #217 [ 33.686920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.696352] Call Trace: [ 33.698954] dump_stack+0x1c9/0x2b4 [ 33.702581] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.707770] ? lock_downgrade+0x8f0/0x8f0 [ 33.711915] ? __schedule+0xf54/0x1df0 [ 33.715800] panic+0x238/0x4e7 [ 33.718988] ? add_taint.cold.5+0x16/0x16 [ 33.723140] ? print_shadow_for_address+0xba/0x116 [ 33.728063] ? trace_hardirqs_off+0xaf/0x2b0 [ 33.732469] ? trace_hardirqs_off+0x77/0x2b0 [ 33.736879] ? __schedule+0xf54/0x1df0 [ 33.740765] kasan_end_report+0x47/0x4f [ 33.744739] kasan_report.cold.7+0x76/0x30d [ 33.749064] __asan_report_load8_noabort+0x14/0x20 [ 33.753989] __schedule+0xf54/0x1df0 [ 33.757706] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.762809] ? __sched_text_start+0x8/0x8 [ 33.766960] ? __call_srcu+0x7e7/0x1040 [ 33.770939] ? check_same_owner+0x340/0x340 [ 33.775255] ? mark_held_locks+0x160/0x160 [ 33.779555] ? find_held_lock+0x36/0x1c0 [ 33.783620] preempt_schedule_common+0x22/0x60 [ 33.788219] _cond_resched+0x1d/0x30 [ 33.791929] wait_for_completion+0xa5/0x8d0 [ 33.796253] ? wait_for_completion_interruptible+0x950/0x950 [ 33.802050] ? __lockdep_init_map+0x105/0x590 [ 33.806564] ? __init_waitqueue_head+0x9e/0x150 [ 33.811233] ? init_wait_entry+0x1c0/0x1c0 [ 33.815467] __synchronize_srcu+0x189/0x240 [ 33.819786] ? call_srcu+0x10/0x10 [ 33.823332] ? rcu_unexpedite_gp+0x20/0x20 [ 33.827570] synchronize_srcu+0x335/0x56f [ 33.831719] ? lock_downgrade+0x8f0/0x8f0 [ 33.835861] ? synchronize_srcu_expedited+0x20/0x20 [ 33.840875] ? kasan_check_read+0x11/0x20 [ 33.845024] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.849601] ? kasan_check_write+0x14/0x20 [ 33.853835] ? do_raw_spin_lock+0xc1/0x200 [ 33.858072] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.863779] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.869231] ? kvfree+0x61/0x70 [ 33.872528] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.877541] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.881607] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.886027] ? kvm_arch_sync_events+0x30/0x30 [ 33.890533] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.896076] ? mmu_notifier_unregister+0x474/0x600 [ 33.901014] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.905432] ? kfree+0x111/0x210 [ 33.908813] ? __mmu_notifier_register+0x30/0x30 [ 33.913595] ? __free_pages+0x10a/0x190 [ 33.917579] ? free_unref_page+0x930/0x930 [ 33.921828] kvm_put_kvm+0x73f/0x1060 [ 33.925632] ? kvm_write_guest_cached+0x40/0x40 [ 33.930307] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.934806] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.939301] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.943892] ? kasan_check_write+0x14/0x20 [ 33.948125] ? do_raw_spin_lock+0xc1/0x200 [ 33.952363] ? kvm_irqfd_release+0xdd/0x120 [ 33.956695] ? kvm_irqfd_release+0xdd/0x120 [ 33.961026] ? kvm_put_kvm+0x1060/0x1060 [ 33.965090] kvm_vm_release+0x42/0x50 [ 33.968894] __fput+0x38a/0xa40 [ 33.972176] ? __alloc_file+0x400/0x400 [ 33.976153] ? check_same_owner+0x340/0x340 [ 33.980471] ? kasan_check_write+0x14/0x20 [ 33.984711] ? do_raw_spin_lock+0xc1/0x200 [ 33.988947] ____fput+0x15/0x20 [ 33.992228] task_work_run+0x1e8/0x2a0 [ 33.996119] ? task_work_cancel+0x240/0x240 [ 34.000446] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.005992] ? switch_task_namespaces+0xa2/0xd0 [ 34.010666] do_exit+0x1ae4/0x26e0 [ 34.014218] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.018895] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.023136] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.028150] ? kfree+0x1d7/0x210 [ 34.031516] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.035760] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.041473] ? is_bpf_text_address+0xd7/0x170 [ 34.045973] ? kernel_text_address+0x79/0xf0 [ 34.050382] ? __kernel_text_address+0xd/0x40 [ 34.055227] ? unwind_get_return_address+0x61/0xa0 [ 34.060158] ? __save_stack_trace+0x8d/0xf0 [ 34.064498] ? save_stack+0xa9/0xd0 [ 34.068126] ? save_stack+0x43/0xd0 [ 34.071750] ? __kasan_slab_free+0x11a/0x170 [ 34.076158] ? kasan_slab_free+0xe/0x10 [ 34.080128] ? putname+0xf2/0x130 [ 34.083594] ? __x64_sys_openat+0x9d/0x100 [ 34.087832] ? do_syscall_64+0x1b9/0x820 [ 34.091893] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.097261] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.101669] ? kasan_check_read+0x11/0x20 [ 34.105827] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.110234] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.114646] ? initcall_blacklisted+0x9a/0x1e0 [ 34.119232] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.124345] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.130062] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.135601] ? do_vfs_ioctl+0x201/0x1720 [ 34.139659] ? rcu_is_watching+0x8c/0x150 [ 34.143815] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.148142] ? ioctl_preallocate+0x300/0x300 [ 34.152551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.158089] ? __fget_light+0x2f7/0x440 [ 34.162063] ? fget_raw+0x20/0x20 [ 34.165513] ? putname+0xf2/0x130 [ 34.168968] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.174026] ? kmem_cache_free+0x246/0x280 [ 34.178276] ? putname+0xf7/0x130 [ 34.181731] do_group_exit+0x177/0x440 [ 34.185617] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.189935] ? __ia32_sys_exit+0x50/0x50 [ 34.193993] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.199094] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.204628] ? ksys_ioctl+0x81/0xd0 [ 34.208256] __x64_sys_exit_group+0x3e/0x50 [ 34.212584] do_syscall_64+0x1b9/0x820 [ 34.216479] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.221860] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.226797] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.231671] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.236717] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.241836] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.246868] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.251737] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.256931] RIP: 0033:0x43ef08 [ 34.260128] Code: Bad RIP value. [ 34.263482] RSP: 002b:00007ffc1b8c14d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.271187] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 34.278454] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.285724] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.292995] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.300261] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.307545] [ 34.307551] ====================================================== [ 34.307556] WARNING: possible circular locking dependency detected [ 34.307560] 4.19.0-rc1+ #217 Not tainted [ 34.307565] ------------------------------------------------------ [ 34.307570] syz-executor896/4633 is trying to acquire lock: [ 34.307574] 000000007bd8fde4 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 34.307590] [ 34.307594] but task is already holding lock: [ 34.307597] 00000000caf72904 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.307611] [ 34.307616] which lock already depends on the new lock. [ 34.307618] [ 34.307621] [ 34.307626] the existing dependency chain (in reverse order) is: [ 34.307628] [ 34.307630] -> #3 (report_lock){....}: [ 34.307645] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.307649] kasan_report+0x8e/0x110 [ 34.307653] __asan_report_load8_noabort+0x14/0x20 [ 34.307657] __schedule+0xf54/0x1df0 [ 34.307662] preempt_schedule_common+0x22/0x60 [ 34.307665] _cond_resched+0x1d/0x30 [ 34.307670] wait_for_completion+0xa5/0x8d0 [ 34.307674] __synchronize_srcu+0x189/0x240 [ 34.307678] synchronize_srcu+0x335/0x56f [ 34.307683] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.307695] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.307700] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.307703] kvm_put_kvm+0x73f/0x1060 [ 34.307707] kvm_vm_release+0x42/0x50 [ 34.307711] __fput+0x38a/0xa40 [ 34.307715] ____fput+0x15/0x20 [ 34.307718] task_work_run+0x1e8/0x2a0 [ 34.307722] do_exit+0x1ae4/0x26e0 [ 34.307726] do_group_exit+0x177/0x440 [ 34.307730] __x64_sys_exit_group+0x3e/0x50 [ 34.307734] do_syscall_64+0x1b9/0x820 [ 34.307739] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.307741] [ 34.307744] -> #2 (&rq->lock){-.-.}: [ 34.307758] _raw_spin_lock+0x2a/0x40 [ 34.307762] task_fork_fair+0x93/0x680 [ 34.307765] sched_fork+0x44b/0xbd0 [ 34.307769] copy_process+0x235e/0x7ad0 [ 34.307773] _do_fork+0x1ca/0x1170 [ 34.307777] kernel_thread+0x34/0x40 [ 34.307781] rest_init+0x22/0xe4 [ 34.307784] start_kernel+0x913/0x94e [ 34.307793] x86_64_start_reservations+0x29/0x2b [ 34.307797] x86_64_start_kernel+0x76/0x79 [ 34.307801] secondary_startup_64+0xa4/0xb0 [ 34.307804] [ 34.307806] -> #1 (&p->pi_lock){-.-.}: [ 34.307821] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.307825] try_to_wake_up+0xd2/0x1250 [ 34.307829] wake_up_process+0x10/0x20 [ 34.307833] __up.isra.1+0x1c0/0x2a0 [ 34.307836] up+0x13c/0x1c0 [ 34.307840] __up_console_sem+0xbe/0x1b0 [ 34.307844] console_unlock+0x506/0x10d0 [ 34.307848] vprintk_emit+0x33a/0x910 [ 34.307852] vprintk_default+0x28/0x30 [ 34.307856] vprintk_func+0x7a/0x117 [ 34.307859] printk+0xa7/0xcf [ 34.307863] load_umh+0x51/0xbd [ 34.307867] do_one_initcall+0x127/0x838 [ 34.307871] kernel_init_freeable+0x4bb/0x5ae [ 34.307875] kernel_init+0x11/0x1b3 [ 34.307879] ret_from_fork+0x3a/0x50 [ 34.307881] [ 34.307883] -> #0 ((console_sem).lock){-...}: [ 34.307898] lock_acquire+0x1e4/0x4f0 [ 34.307903] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.307907] down_trylock+0x13/0x70 [ 34.307911] __down_trylock_console_sem+0xae/0x200 [ 34.307915] console_trylock+0x15/0xa0 [ 34.307919] vprintk_emit+0x31f/0x910 [ 34.307923] vprintk_default+0x28/0x30 [ 34.307927] vprintk_func+0x7a/0x117 [ 34.307930] printk+0xa7/0xcf [ 34.307934] kasan_report+0x9e/0x110 [ 34.307938] __asan_report_load8_noabort+0x14/0x20 [ 34.307942] __schedule+0xf54/0x1df0 [ 34.307946] preempt_schedule_common+0x22/0x60 [ 34.307950] _cond_resched+0x1d/0x30 [ 34.307954] wait_for_completion+0xa5/0x8d0 [ 34.307959] __synchronize_srcu+0x189/0x240 [ 34.307963] synchronize_srcu+0x335/0x56f [ 34.307968] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.307972] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.307976] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.307980] kvm_put_kvm+0x73f/0x1060 [ 34.307984] kvm_vm_release+0x42/0x50 [ 34.307987] __fput+0x38a/0xa40 [ 34.307991] ____fput+0x15/0x20 [ 34.307995] task_work_run+0x1e8/0x2a0 [ 34.307998] do_exit+0x1ae4/0x26e0 [ 34.308002] do_group_exit+0x177/0x440 [ 34.308006] __x64_sys_exit_group+0x3e/0x50 [ 34.308010] do_syscall_64+0x1b9/0x820 [ 34.308015] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.308017] [ 34.308022] other info that might help us debug this: [ 34.308024] [ 34.308027] Chain exists of: [ 34.308029] (console_sem).lock --> &rq->lock --> report_lock [ 34.308047] [ 34.308051] Possible unsafe locking scenario: [ 34.308054] [ 34.308058] CPU0 CPU1 [ 34.308062] ---- ---- [ 34.308064] lock(report_lock); [ 34.308074] lock(&rq->lock); [ 34.308083] lock(report_lock); [ 34.308091] lock((console_sem).lock); [ 34.308099] [ 34.308102] *** DEADLOCK *** [ 34.308104] [ 34.308109] 2 locks held by syz-executor896/4633: [ 34.308111] #0: 000000004ecc18e2 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 34.308128] #1: 00000000caf72904 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.308145] [ 34.308148] stack backtrace: [ 34.308154] CPU: 1 PID: 4633 Comm: syz-executor896 Not tainted 4.19.0-rc1+ #217 [ 34.308161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.308164] Call Trace: [ 34.308168] dump_stack+0x1c9/0x2b4 [ 34.308172] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.308176] ? vprintk_func+0x100/0x117 [ 34.308181] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 34.308185] ? save_trace+0xe0/0x290 [ 34.308189] __lock_acquire+0x3449/0x5020 [ 34.308193] ? mark_held_locks+0x160/0x160 [ 34.308197] ? mark_held_locks+0x160/0x160 [ 34.308202] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.308206] ? is_bpf_text_address+0xd7/0x170 [ 34.308210] ? kernel_text_address+0x79/0xf0 [ 34.308214] ? __kernel_text_address+0xd/0x40 [ 34.308218] ? __save_stack_trace+0x8d/0xf0 [ 34.308223] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 34.308227] ? save_trace+0x290/0x290 [ 34.308231] ? save_stack_trace+0x1a/0x20 [ 34.308234] ? save_trace+0xe0/0x290 [ 34.308238] ? graph_lock+0x170/0x170 [ 34.308243] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.308247] lock_acquire+0x1e4/0x4f0 [ 34.308251] ? down_trylock+0x13/0x70 [ 34.308255] ? lock_release+0x9f0/0x9f0 [ 34.308259] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.308263] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.308267] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.308271] ? log_store+0x34f/0x4c0 [ 34.308275] ? vprintk_emit+0x31f/0x910 [ 34.308279] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.308283] ? down_trylock+0x13/0x70 [ 34.308286] down_trylock+0x13/0x70 [ 34.308291] __down_trylock_console_sem+0xae/0x200 [ 34.308295] console_trylock+0x15/0xa0 [ 34.308299] vprintk_emit+0x31f/0x910 [ 34.308302] ? wake_up_klogd+0x110/0x110 [ 34.308307] ? run_rebalance_domains+0x4c0/0x4c0 [ 34.308311] ? kasan_check_read+0x11/0x20 [ 34.308321] ? rcu_is_watching+0x8c/0x150 [ 34.308324] ? rcu_pm_notify+0xc0/0xc0 [ 34.308328] ? lock_acquire+0x1e4/0x4f0 [ 34.308332] ? kasan_report+0x8e/0x110 [ 34.308336] ? __schedule+0xf54/0x1df0 [ 34.308340] vprintk_default+0x28/0x30 [ 34.308343] vprintk_func+0x7a/0x117 [ 34.308347] printk+0xa7/0xcf [ 34.308351] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.308355] ? kasan_check_write+0x14/0x20 [ 34.308359] ? do_raw_spin_lock+0xc1/0x200 [ 34.308363] ? do_raw_spin_lock+0xc1/0x200 [ 34.308367] kasan_report+0x9e/0x110 [ 34.308372] __asan_report_load8_noabort+0x14/0x20 [ 34.308375] __schedule+0xf54/0x1df0 [ 34.308380] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.308384] ? __sched_text_start+0x8/0x8 [ 34.308388] ? __call_srcu+0x7e7/0x1040 [ 34.308392] ? check_same_owner+0x340/0x340 [ 34.308396] ? mark_held_locks+0x160/0x160 [ 34.308400] ? find_held_lock+0x36/0x1c0 [ 34.308404] preempt_schedule_common+0x22/0x60 [ 34.308408] _cond_resched+0x1d/0x30 [ 34.308412] wait_for_completion+0xa5/0x8d0 [ 34.308417] ? wait_for_completion_interruptible+0x950/0x950 [ 34.308421] ? __lockdep_init_map+0x105/0x590 [ 34.308426] ? __init_waitqueue_head+0x9e/0x150 [ 34.308430] ? init_wait_entry+0x1c0/0x1c0 [ 34.308434] __synchronize_srcu+0x189/0x240 [ 34.308438] ? call_srcu+0x10/0x10 [ 34.308442] ? rcu_unexpedite_gp+0x20/0x20 [ 34.308446] synchronize_srcu+0x335/0x56f [ 34.308450] ? lock_downgrade+0x8f0/0x8f0 [ 34.308455] ? synchronize_srcu_expedited+0x20/0x20 [ 34.308459] ? kasan_check_read+0x11/0x20 [ 34.308463] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.308467] ? kasan_check_write+0x14/0x20 [ 34.308472] ? do_raw_spin_lock+0xc1/0x200 [ 34.308476] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.308481] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.308485] ? kvfree+0x61/0x70 [ 34.308489] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.308493] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.308497] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.308502] ? kvm_arch_sync_events+0x30/0x30 [ 34.308506] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.308511] ? mmu_notifier_unregister+0x474/0x600 [ 34.308515] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.308519] ? kfree+0x111/0x210 [ 34.308523] ? __mmu_notifier_register+0x30/0x30 [ 34.308527] ? __free_pages+0x10a/0x190 [ 34.308531] ? free_unref_page+0x930/0x930 [ 34.308535] kvm_put_kvm+0x73f/0x1060 [ 34.308539] ? kvm_write_guest_cached+0x40/0x40 [ 34.308543] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.308547] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.308552] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.308556] ? kasan_check_write+0x14/0x20 [ 34.308560] ? do_raw_spin_lock+0xc1/0x200 [ 34.308564] ? kvm_irqfd_release+0xdd/0x120 [ 34.308568] ? kvm_irqfd_release+0xdd/0x120 [ 34.308572] ? kvm_put_kvm+0x1060/0x1060 [ 34.308576] kvm_vm_release+0x42/0x50 [ 34.308579] __fput+0x38a/0xa40 [ 34.308583] ? __alloc_file+0x400/0x400 [ 34.308587] ? check_same_owner+0x340/0x340 [ 34.308591] ? kasan_check_write+0x14/0x20 [ 34.308595] ? do_raw_spin_lock+0xc1/0x200 [ 34.308599] ____fput+0x15/0x20 [ 34.308603] task_work_run+0x1e8/0x2a0 [ 34.308607] ? task_work_cancel+0x240/0x240 [ 34.308612] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.308616] ? switch_task_namespaces+0xa2/0xd0 [ 34.308620] do_exit+0x1ae4/0x26e0 [ 34.308624] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.308628] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.308633] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.308636] ? kfree+0x1d7/0x210 [ 34.308640] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.308645] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.308649] ? is_bpf_text_address+0xd7/0x170 [ 34.308652] ? [ 34.308659] Lost 55 message(s)! [ 35.377841] Shutting down cpus with NMI [ 36.436841] Dumping ftrace buffer: [ 36.440387] (ftrace buffer empty) [ 36.444076] Kernel Offset: disabled [ 36.447683] Rebooting in 86400 seconds..