[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.470626] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.882532] random: sshd: uninitialized urandom read (32 bytes read) [ 28.297773] random: sshd: uninitialized urandom read (32 bytes read) [ 28.859314] random: sshd: uninitialized urandom read (32 bytes read) [ 29.038043] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.214' (ECDSA) to the list of known hosts. [ 34.667201] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.765227] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.790995] ================================================================== [ 34.800892] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 34.807119] Read of size 8 at addr ffff8801b3c28058 by task syz-executor258/4699 [ 34.814642] [ 34.816270] CPU: 0 PID: 4699 Comm: syz-executor258 Not tainted 4.19.0-rc2+ #224 [ 34.823710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.833063] Call Trace: [ 34.835675] dump_stack+0x1c9/0x2b4 [ 34.839305] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.844497] ? printk+0xa7/0xcf [ 34.847774] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.852530] ? __schedule+0xf54/0x1df0 [ 34.856420] print_address_description+0x6c/0x20b [ 34.861265] ? __schedule+0xf54/0x1df0 [ 34.865159] kasan_report.cold.7+0x242/0x30d [ 34.869570] __asan_report_load8_noabort+0x14/0x20 [ 34.874501] __schedule+0xf54/0x1df0 [ 34.878221] ? __sched_text_start+0x8/0x8 [ 34.882372] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 34.887478] ? __call_srcu+0x7e7/0x1040 [ 34.891479] ? check_same_owner+0x340/0x340 [ 34.895799] ? mark_held_locks+0x160/0x160 [ 34.900029] ? find_held_lock+0x36/0x1c0 [ 34.904101] preempt_schedule_common+0x22/0x60 [ 34.908694] _cond_resched+0x1d/0x30 [ 34.912407] wait_for_completion+0xa5/0x8d0 [ 34.916739] ? wait_for_completion_interruptible+0x950/0x950 [ 34.922535] ? __lockdep_init_map+0x105/0x590 [ 34.927034] ? __init_waitqueue_head+0x9e/0x150 [ 34.931702] ? init_wait_entry+0x1c0/0x1c0 [ 34.935942] __synchronize_srcu+0x189/0x240 [ 34.940260] ? call_srcu+0x10/0x10 [ 34.943799] ? rcu_unexpedite_gp+0x20/0x20 [ 34.948040] synchronize_srcu+0x335/0x56f [ 34.952191] ? lock_downgrade+0x8f0/0x8f0 [ 34.956338] ? synchronize_srcu_expedited+0x20/0x20 [ 34.961355] ? kasan_check_read+0x11/0x20 [ 34.965499] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.970087] ? kasan_check_write+0x14/0x20 [ 34.974321] ? do_raw_spin_lock+0xc1/0x200 [ 34.978576] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.984291] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.989747] ? kvfree+0x61/0x70 [ 34.993030] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.998045] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.002118] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.006531] ? kvm_arch_sync_events+0x30/0x30 [ 35.011030] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.016567] ? mmu_notifier_unregister+0x474/0x600 [ 35.021493] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.025896] ? kfree+0x111/0x210 [ 35.029264] ? __mmu_notifier_register+0x30/0x30 [ 35.034022] ? __free_pages+0x10a/0x190 [ 35.037994] ? free_unref_page+0x930/0x930 [ 35.042237] kvm_put_kvm+0x73f/0x1060 [ 35.046042] ? kvm_write_guest_cached+0x40/0x40 [ 35.050723] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.055214] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.059797] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.064384] ? kasan_check_write+0x14/0x20 [ 35.068619] ? do_raw_spin_lock+0xc1/0x200 [ 35.072855] ? kvm_irqfd_release+0xdd/0x120 [ 35.077178] ? kvm_irqfd_release+0xdd/0x120 [ 35.081501] ? kvm_put_kvm+0x1060/0x1060 [ 35.085557] kvm_vm_release+0x42/0x50 [ 35.089363] __fput+0x38a/0xa40 [ 35.092640] ? __alloc_file+0x400/0x400 [ 35.096619] ? check_same_owner+0x340/0x340 [ 35.100941] ? kasan_check_write+0x14/0x20 [ 35.105179] ? do_raw_spin_lock+0xc1/0x200 [ 35.109410] ____fput+0x15/0x20 [ 35.112687] task_work_run+0x1e8/0x2a0 [ 35.116570] ? task_work_cancel+0x240/0x240 [ 35.120893] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.126430] ? switch_task_namespaces+0xa2/0xd0 [ 35.131111] do_exit+0x1ae4/0x26e0 [ 35.134674] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.139353] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.143591] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.148605] ? kfree+0x1d7/0x210 [ 35.151973] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.156381] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.162101] ? is_bpf_text_address+0xd7/0x170 [ 35.166594] ? kernel_text_address+0x79/0xf0 [ 35.170999] ? __kernel_text_address+0xd/0x40 [ 35.175490] ? unwind_get_return_address+0x61/0xa0 [ 35.180438] ? __save_stack_trace+0x8d/0xf0 [ 35.184767] ? save_stack+0xa9/0xd0 [ 35.188391] ? save_stack+0x43/0xd0 [ 35.192016] ? __kasan_slab_free+0x11a/0x170 [ 35.196423] ? kasan_slab_free+0xe/0x10 [ 35.200397] ? putname+0xf2/0x130 [ 35.203851] ? __x64_sys_openat+0x9d/0x100 [ 35.208091] ? do_syscall_64+0x1b9/0x820 [ 35.212158] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.217522] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.222015] ? kasan_check_read+0x11/0x20 [ 35.226170] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.230582] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.234992] ? initcall_blacklisted+0x9a/0x1e0 [ 35.239579] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.244685] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.250396] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.255935] ? do_vfs_ioctl+0x201/0x1720 [ 35.259993] ? rcu_is_watching+0x8c/0x150 [ 35.264145] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.268466] ? ioctl_preallocate+0x300/0x300 [ 35.272878] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.278413] ? __fget_light+0x2f7/0x440 [ 35.282384] ? fget_raw+0x20/0x20 [ 35.285835] ? putname+0xf2/0x130 [ 35.289291] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.294310] ? kmem_cache_free+0x246/0x280 [ 35.298546] ? putname+0xf7/0x130 [ 35.302000] do_group_exit+0x177/0x440 [ 35.305885] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.310204] ? __ia32_sys_exit+0x50/0x50 [ 35.314260] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.319365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.324933] ? ksys_ioctl+0x81/0xd0 [ 35.328559] __x64_sys_exit_group+0x3e/0x50 [ 35.332884] do_syscall_64+0x1b9/0x820 [ 35.336770] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.342144] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.347095] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.351944] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.356965] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.361980] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.366995] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.371839] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.377027] RIP: 0033:0x43ecc8 [ 35.380229] Code: Bad RIP value. [ 35.383586] RSP: 002b:00007fffb9414f08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.391295] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 35.398581] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.405847] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.413112] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.420382] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.427659] [ 35.429282] Allocated by task 4699: [ 35.432913] save_stack+0x43/0xd0 [ 35.436382] kasan_kmalloc+0xc4/0xe0 [ 35.440096] kasan_slab_alloc+0x12/0x20 [ 35.444068] kmem_cache_alloc+0x12e/0x710 [ 35.448223] vmx_create_vcpu+0xcf/0x2830 [ 35.452280] kvm_arch_vcpu_create+0xe5/0x220 [ 35.456688] kvm_vm_ioctl+0x488/0x1d80 [ 35.460572] do_vfs_ioctl+0x1de/0x1720 [ 35.464471] ksys_ioctl+0xa9/0xd0 [ 35.467920] __x64_sys_ioctl+0x73/0xb0 [ 35.471809] do_syscall_64+0x1b9/0x820 [ 35.475697] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.480874] [ 35.482494] Freed by task 4699: [ 35.485770] save_stack+0x43/0xd0 [ 35.489222] __kasan_slab_free+0x11a/0x170 [ 35.493457] kasan_slab_free+0xe/0x10 [ 35.497253] kmem_cache_free+0x86/0x280 [ 35.501228] vmx_free_vcpu+0x26b/0x300 [ 35.505117] kvm_arch_destroy_vm+0x365/0x7c0 [ 35.509529] kvm_put_kvm+0x73f/0x1060 [ 35.513331] kvm_vm_release+0x42/0x50 [ 35.517128] __fput+0x38a/0xa40 [ 35.520406] ____fput+0x15/0x20 [ 35.523684] task_work_run+0x1e8/0x2a0 [ 35.527567] do_exit+0x1ae4/0x26e0 [ 35.531106] do_group_exit+0x177/0x440 [ 35.535011] __x64_sys_exit_group+0x3e/0x50 [ 35.539371] do_syscall_64+0x1b9/0x820 [ 35.543265] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.548445] [ 35.550097] The buggy address belongs to the object at ffff8801b3c28040 [ 35.550097] which belongs to the cache kvm_vcpu of size 23872 [ 35.562683] The buggy address is located 24 bytes inside of [ 35.562683] 23872-byte region [ffff8801b3c28040, ffff8801b3c2dd80) [ 35.574638] The buggy address belongs to the page: [ 35.579563] page:ffffea0006cf0a00 count:1 mapcount:0 mapping:ffff8801d863f000 index:0x0 compound_mapcount: 0 [ 35.589532] flags: 0x2fffc0000008100(slab|head) [ 35.594210] raw: 02fffc0000008100 ffff8801d4a74d48 ffff8801d4a74d48 ffff8801d863f000 [ 35.602096] raw: 0000000000000000 ffff8801b3c28040 0000000100000001 0000000000000000 [ 35.609968] page dumped because: kasan: bad access detected [ 35.615670] [ 35.617285] Memory state around the buggy address: [ 35.622214] ffff8801b3c27f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.629577] ffff8801b3c27f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.636935] >ffff8801b3c28000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 35.644738] ^ [ 35.650964] ffff8801b3c28080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.658317] ffff8801b3c28100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.665662] ================================================================== [ 35.673015] Kernel panic - not syncing: panic_on_warn set ... [ 35.673015] [ 35.680384] CPU: 0 PID: 4699 Comm: syz-executor258 Tainted: G B 4.19.0-rc2+ #224 [ 35.689214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.698559] Call Trace: [ 35.701184] dump_stack+0x1c9/0x2b4 [ 35.704812] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.710003] ? lock_downgrade+0x8f0/0x8f0 [ 35.714157] ? __schedule+0xf54/0x1df0 [ 35.718044] panic+0x238/0x4e7 [ 35.721251] ? add_taint.cold.5+0x16/0x16 [ 35.725403] ? print_shadow_for_address+0xba/0x116 [ 35.730351] ? trace_hardirqs_off+0xaf/0x2b0 [ 35.734766] ? trace_hardirqs_off+0x77/0x2b0 [ 35.739206] ? __schedule+0xf54/0x1df0 [ 35.743108] kasan_end_report+0x47/0x4f [ 35.747094] kasan_report.cold.7+0x76/0x30d [ 35.751426] __asan_report_load8_noabort+0x14/0x20 [ 35.756356] __schedule+0xf54/0x1df0 [ 35.760085] ? __sched_text_start+0x8/0x8 [ 35.764230] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 35.769340] ? __call_srcu+0x7e7/0x1040 [ 35.773323] ? check_same_owner+0x340/0x340 [ 35.777647] ? mark_held_locks+0x160/0x160 [ 35.781881] ? find_held_lock+0x36/0x1c0 [ 35.785950] preempt_schedule_common+0x22/0x60 [ 35.790538] _cond_resched+0x1d/0x30 [ 35.794252] wait_for_completion+0xa5/0x8d0 [ 35.798576] ? wait_for_completion_interruptible+0x950/0x950 [ 35.804382] ? __lockdep_init_map+0x105/0x590 [ 35.808880] ? __init_waitqueue_head+0x9e/0x150 [ 35.813548] ? init_wait_entry+0x1c0/0x1c0 [ 35.817786] __synchronize_srcu+0x189/0x240 [ 35.822106] ? call_srcu+0x10/0x10 [ 35.825654] ? rcu_unexpedite_gp+0x20/0x20 [ 35.829894] synchronize_srcu+0x335/0x56f [ 35.834045] ? lock_downgrade+0x8f0/0x8f0 [ 35.838198] ? synchronize_srcu_expedited+0x20/0x20 [ 35.843234] ? kasan_check_read+0x11/0x20 [ 35.847385] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.851979] ? kasan_check_write+0x14/0x20 [ 35.856213] ? do_raw_spin_lock+0xc1/0x200 [ 35.860453] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.866169] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.871618] ? kvfree+0x61/0x70 [ 35.874903] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.879926] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.883999] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.888413] ? kvm_arch_sync_events+0x30/0x30 [ 35.892917] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.898459] ? mmu_notifier_unregister+0x474/0x600 [ 35.903405] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.907814] ? kfree+0x111/0x210 [ 35.911184] ? __mmu_notifier_register+0x30/0x30 [ 35.915939] ? __free_pages+0x10a/0x190 [ 35.919914] ? free_unref_page+0x930/0x930 [ 35.924168] kvm_put_kvm+0x73f/0x1060 [ 35.927977] ? kvm_write_guest_cached+0x40/0x40 [ 35.932650] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.937147] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.941644] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.946235] ? kasan_check_write+0x14/0x20 [ 35.950474] ? do_raw_spin_lock+0xc1/0x200 [ 35.954713] ? kvm_irqfd_release+0xdd/0x120 [ 35.959030] ? kvm_irqfd_release+0xdd/0x120 [ 35.963352] ? kvm_put_kvm+0x1060/0x1060 [ 35.967410] kvm_vm_release+0x42/0x50 [ 35.971208] __fput+0x38a/0xa40 [ 35.974487] ? __alloc_file+0x400/0x400 [ 35.978464] ? check_same_owner+0x340/0x340 [ 35.982783] ? kasan_check_write+0x14/0x20 [ 35.987015] ? do_raw_spin_lock+0xc1/0x200 [ 35.991246] ____fput+0x15/0x20 [ 35.994523] task_work_run+0x1e8/0x2a0 [ 35.998410] ? task_work_cancel+0x240/0x240 [ 36.002732] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.008267] ? switch_task_namespaces+0xa2/0xd0 [ 36.012937] do_exit+0x1ae4/0x26e0 [ 36.016477] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.021156] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.025393] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.030405] ? kfree+0x1d7/0x210 [ 36.033788] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.038021] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.043754] ? is_bpf_text_address+0xd7/0x170 [ 36.048250] ? kernel_text_address+0x79/0xf0 [ 36.052657] ? __kernel_text_address+0xd/0x40 [ 36.057159] ? unwind_get_return_address+0x61/0xa0 [ 36.062097] ? __save_stack_trace+0x8d/0xf0 [ 36.066469] ? save_stack+0xa9/0xd0 [ 36.070099] ? save_stack+0x43/0xd0 [ 36.073727] ? __kasan_slab_free+0x11a/0x170 [ 36.078130] ? kasan_slab_free+0xe/0x10 [ 36.082106] ? putname+0xf2/0x130 [ 36.085558] ? __x64_sys_openat+0x9d/0x100 [ 36.089791] ? do_syscall_64+0x1b9/0x820 [ 36.093850] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.099215] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.103623] ? kasan_check_read+0x11/0x20 [ 36.107773] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.112184] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.116595] ? initcall_blacklisted+0x9a/0x1e0 [ 36.121178] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.126282] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.132000] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.137552] ? do_vfs_ioctl+0x201/0x1720 [ 36.141622] ? rcu_is_watching+0x8c/0x150 [ 36.145770] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.150101] ? ioctl_preallocate+0x300/0x300 [ 36.154511] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.160048] ? __fget_light+0x2f7/0x440 [ 36.164028] ? fget_raw+0x20/0x20 [ 36.167477] ? putname+0xf2/0x130 [ 36.170934] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.175948] ? kmem_cache_free+0x246/0x280 [ 36.180182] ? putname+0xf7/0x130 [ 36.183640] do_group_exit+0x177/0x440 [ 36.187532] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.191856] ? __ia32_sys_exit+0x50/0x50 [ 36.195915] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.201024] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.206610] ? ksys_ioctl+0x81/0xd0 [ 36.210239] __x64_sys_exit_group+0x3e/0x50 [ 36.214563] do_syscall_64+0x1b9/0x820 [ 36.218452] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.223815] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.228749] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.233590] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.238604] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.243618] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.248632] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.253479] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.258664] RIP: 0033:0x43ecc8 [ 36.261862] Code: Bad RIP value. [ 36.265220] RSP: 002b:00007fffb9414f08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.272925] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 36.280190] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.287453] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.294717] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.301980] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.309254] [ 36.309259] ====================================================== [ 36.309265] WARNING: possible circular locking dependency detected [ 36.309268] 4.19.0-rc2+ #224 Not tainted [ 36.309274] ------------------------------------------------------ [ 36.309279] syz-executor258/4699 is trying to acquire lock: [ 36.309282] 00000000d22bb798 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 36.309297] [ 36.309301] but task is already holding lock: [ 36.309305] 000000003557c298 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.309319] [ 36.309323] which lock already depends on the new lock. [ 36.309326] [ 36.309328] [ 36.309333] the existing dependency chain (in reverse order) is: [ 36.309336] [ 36.309338] -> #3 (report_lock){....}: [ 36.309353] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.309356] kasan_report+0x8e/0x110 [ 36.309361] __asan_report_load8_noabort+0x14/0x20 [ 36.309365] __schedule+0xf54/0x1df0 [ 36.309369] preempt_schedule_common+0x22/0x60 [ 36.309373] _cond_resched+0x1d/0x30 [ 36.309377] wait_for_completion+0xa5/0x8d0 [ 36.309382] __synchronize_srcu+0x189/0x240 [ 36.309386] synchronize_srcu+0x335/0x56f [ 36.309391] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.309394] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.309399] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.309402] kvm_put_kvm+0x73f/0x1060 [ 36.309406] kvm_vm_release+0x42/0x50 [ 36.309410] __fput+0x38a/0xa40 [ 36.309413] ____fput+0x15/0x20 [ 36.309417] task_work_run+0x1e8/0x2a0 [ 36.309421] do_exit+0x1ae4/0x26e0 [ 36.309425] do_group_exit+0x177/0x440 [ 36.309429] __x64_sys_exit_group+0x3e/0x50 [ 36.309433] do_syscall_64+0x1b9/0x820 [ 36.309437] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.309440] [ 36.309442] -> #2 (&rq->lock){-.-.}: [ 36.309456] _raw_spin_lock+0x2a/0x40 [ 36.309460] task_fork_fair+0x93/0x680 [ 36.309464] sched_fork+0x44b/0xbd0 [ 36.309467] copy_process+0x235e/0x7af0 [ 36.309471] _do_fork+0x1ca/0x1170 [ 36.309475] kernel_thread+0x34/0x40 [ 36.309478] rest_init+0x22/0xe4 [ 36.309482] start_kernel+0x913/0x94e [ 36.309487] x86_64_start_reservations+0x29/0x2b [ 36.309491] x86_64_start_kernel+0x76/0x79 [ 36.309495] secondary_startup_64+0xa4/0xb0 [ 36.309497] [ 36.309499] -> #1 (&p->pi_lock){-.-.}: [ 36.309514] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.309518] try_to_wake_up+0xd2/0x1250 [ 36.309522] wake_up_process+0x10/0x20 [ 36.309526] __up.isra.1+0x1c0/0x2a0 [ 36.309529] up+0x13c/0x1c0 [ 36.309533] __up_console_sem+0xbe/0x1b0 [ 36.309537] console_unlock+0x506/0x10d0 [ 36.309541] vprintk_emit+0x33a/0x910 [ 36.309545] vprintk_default+0x28/0x30 [ 36.309548] vprintk_func+0x7a/0x117 [ 36.309552] printk+0xa7/0xcf [ 36.309555] load_umh+0x51/0xbd [ 36.309559] do_one_initcall+0x127/0x838 [ 36.309564] kernel_init_freeable+0x4bb/0x5ae [ 36.309567] kernel_init+0x11/0x1b3 [ 36.309571] ret_from_fork+0x3a/0x50 [ 36.309573] [ 36.309576] -> #0 ((console_sem).lock){-...}: [ 36.309590] lock_acquire+0x1e4/0x4f0 [ 36.309595] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.309599] down_trylock+0x13/0x70 [ 36.309603] __down_trylock_console_sem+0xae/0x200 [ 36.309607] console_trylock+0x15/0xa0 [ 36.309611] vprintk_emit+0x31f/0x910 [ 36.309615] vprintk_default+0x28/0x30 [ 36.309618] vprintk_func+0x7a/0x117 [ 36.309622] printk+0xa7/0xcf [ 36.309626] kasan_report+0x9e/0x110 [ 36.309630] __asan_report_load8_noabort+0x14/0x20 [ 36.309634] __schedule+0xf54/0x1df0 [ 36.309638] preempt_schedule_common+0x22/0x60 [ 36.309643] _cond_resched+0x1d/0x30 [ 36.309647] wait_for_completion+0xa5/0x8d0 [ 36.309651] __synchronize_srcu+0x189/0x240 [ 36.309655] synchronize_srcu+0x335/0x56f [ 36.309660] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.309664] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.309668] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.309672] kvm_put_kvm+0x73f/0x1060 [ 36.309676] kvm_vm_release+0x42/0x50 [ 36.309679] __fput+0x38a/0xa40 [ 36.309683] ____fput+0x15/0x20 [ 36.309687] task_work_run+0x1e8/0x2a0 [ 36.309691] do_exit+0x1ae4/0x26e0 [ 36.309694] do_group_exit+0x177/0x440 [ 36.309699] __x64_sys_exit_group+0x3e/0x50 [ 36.309703] do_syscall_64+0x1b9/0x820 [ 36.309708] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.309710] [ 36.309714] other info that might help us debug this: [ 36.309716] [ 36.309720] Chain exists of: [ 36.309722] (console_sem).lock --> &rq->lock --> report_lock [ 36.309740] [ 36.309744] Possible unsafe locking scenario: [ 36.309746] [ 36.309751] CPU0 CPU1 [ 36.309755] ---- ---- [ 36.309757] lock(report_lock); [ 36.309766] lock(&rq->lock); [ 36.309776] lock(report_lock); [ 36.309784] lock((console_sem).lock); [ 36.309792] [ 36.309795] *** DEADLOCK *** [ 36.309797] [ 36.309801] 2 locks held by syz-executor258/4699: [ 36.309804] #0: 00000000eb74ab71 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 36.309821] #1: 000000003557c298 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.309838] [ 36.309841] stack backtrace: [ 36.309847] CPU: 0 PID: 4699 Comm: syz-executor258 Not tainted 4.19.0-rc2+ #224 [ 36.309854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.309857] Call Trace: [ 36.309861] dump_stack+0x1c9/0x2b4 [ 36.309865] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.309869] ? vprintk_func+0x100/0x117 [ 36.309874] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 36.309878] ? save_trace+0xe0/0x290 [ 36.309882] __lock_acquire+0x3449/0x5020 [ 36.309886] ? mark_held_locks+0x160/0x160 [ 36.309890] ? mark_held_locks+0x160/0x160 [ 36.309894] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.309899] ? is_bpf_text_address+0xd7/0x170 [ 36.309903] ? kernel_text_address+0x79/0xf0 [ 36.309907] ? __kernel_text_address+0xd/0x40 [ 36.309911] ? __save_stack_trace+0x8d/0xf0 [ 36.309916] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 36.309919] ? save_trace+0x290/0x290 [ 36.309923] ? save_stack_trace+0x1a/0x20 [ 36.309927] ? save_trace+0xe0/0x290 [ 36.309931] ? graph_lock+0x170/0x170 [ 36.309936] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.309939] lock_acquire+0x1e4/0x4f0 [ 36.309943] ? down_trylock+0x13/0x70 [ 36.309947] ? lock_release+0x9f0/0x9f0 [ 36.309951] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.309955] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.309960] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.309963] ? log_store+0x34f/0x4c0 [ 36.309967] ? vprintk_emit+0x31f/0x910 [ 36.309971] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.309975] ? down_trylock+0x13/0x70 [ 36.309979] down_trylock+0x13/0x70 [ 36.309983] __down_trylock_console_sem+0xae/0x200 [ 36.309987] console_trylock+0x15/0xa0 [ 36.309991] vprintk_emit+0x31f/0x910 [ 36.309995] ? wake_up_klogd+0x110/0x110 [ 36.309999] ? run_rebalance_domains+0x4c0/0x4c0 [ 36.310003] ? kasan_check_read+0x11/0x20 [ 36.310007] ? rcu_is_watching+0x8c/0x150 [ 36.310011] ? rcu_pm_notify+0xc0/0xc0 [ 36.310015] ? lock_acquire+0x1e4/0x4f0 [ 36.310019] ? kasan_report+0x8e/0x110 [ 36.310023] ? __schedule+0xf54/0x1df0 [ 36.310027] vprintk_default+0x28/0x30 [ 36.310030] vprintk_func+0x7a/0x117 [ 36.310034] printk+0xa7/0xcf [ 36.310038] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.310042] ? kasan_check_write+0x14/0x20 [ 36.310046] ? do_raw_spin_lock+0xc1/0x200 [ 36.310050] ? do_raw_spin_lock+0xc1/0x200 [ 36.310054] kasan_report+0x9e/0x110 [ 36.310058] __asan_report_load8_noabort+0x14/0x20 [ 36.310062] __schedule+0xf54/0x1df0 [ 36.310066] ? __sched_text_start+0x8/0x8 [ 36.310079] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 36.310083] ? __call_srcu+0x7e7/0x1040 [ 36.310087] ? check_same_owner+0x340/0x340 [ 36.310091] ? mark_held_locks+0x160/0x160 [ 36.310095] ? find_held_lock+0x36/0x1c0 [ 36.310099] preempt_schedule_common+0x22/0x60 [ 36.310103] _cond_resched+0x1d/0x30 [ 36.310107] wait_for_completion+0xa5/0x8d0 [ 36.310112] ? wait_for_completion_interruptible+0x950/0x950 [ 36.310116] ? __lockdep_init_map+0x105/0x590 [ 36.310121] ? __init_waitqueue_head+0x9e/0x150 [ 36.310125] ? init_wait_entry+0x1c0/0x1c0 [ 36.310129] __synchronize_srcu+0x189/0x240 [ 36.310133] ? call_srcu+0x10/0x10 [ 36.310141] ? rcu_unexpedite_gp+0x20/0x20 [ 36.310145] synchronize_srcu+0x335/0x56f [ 36.310149] ? lock_downgrade+0x8f0/0x8f0 [ 36.310154] ? synchronize_srcu_expedited+0x20/0x20 [ 36.310158] ? kasan_check_read+0x11/0x20 [ 36.310162] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.310166] ? kasan_check_write+0x14/0x20 [ 36.310170] ? do_raw_spin_lock+0xc1/0x200 [ 36.310175] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.310180] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.310183] ? kvfree+0x61/0x70 [ 36.310188] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.310192] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.310196] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.310200] ? kvm_arch_sync_events+0x30/0x30 [ 36.310205] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.310209] ? mmu_notifier_unregister+0x474/0x600 [ 36.310214] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.310217] ? kfree+0x111/0x210 [ 36.310221] ? __mmu_notifier_register+0x30/0x30 [ 36.310225] ? __free_pages+0x10a/0x190 [ 36.310229] ? free_unref_page+0x930/0x930 [ 36.310233] kvm_put_kvm+0x73f/0x1060 [ 36.310237] ? kvm_write_guest_cached+0x40/0x40 [ 36.310242] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.310246] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.310250] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.310254] ? kasan_check_write+0x14/0x20 [ 36.310258] ? do_raw_spin_lock+0xc1/0x200 [ 36.310262] ? kvm_irqfd_release+0xdd/0x120 [ 36.310266] ? kvm_irqfd_release+0xdd/0x120 [ 36.310270] ? kvm_put_kvm+0x1060/0x1060 [ 36.310274] kvm_vm_release+0x42/0x50 [ 36.310277] __fput+0x38a/0xa40 [ 36.310281] ? __alloc_file+0x400/0x400 [ 36.310285] ? check_same_owner+0x340/0x340 [ 36.310289] ? kasan_check_write+0x14/0x20 [ 36.310293] ? do_raw_spin_lock+0xc1/0x200 [ 36.310297] ____fput+0x15/0x20 [ 36.310301] task_work_run+0x1e8/0x2a0 [ 36.310305] ? task_work_cancel+0x240/0x240 [ 36.310310] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.310314] ? switch_task_namespaces+0xa2/0xd0 [ 36.310317] do_exit+0x1ae4/0x26e0 [ 36.310322] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.310326] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.310330] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.310334] ? kfree+0x1d7/0x210 [ 36.310338] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.310343] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.310347] ? is_bpf_text_address+0xd7/0x170 [ 36.310349] ? [ 36.310357] Lost 55 message(s)! [ 37.380666] Shutting down cpus with NMI [ 38.440187] Dumping ftrace buffer: [ 38.443723] (ftrace buffer empty) [ 38.447412] Kernel Offset: disabled [ 38.451023] Rebooting in 86400 seconds..