[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.881498] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.967885] random: sshd: uninitialized urandom read (32 bytes read) [ 28.196262] random: sshd: uninitialized urandom read (32 bytes read) [ 28.727030] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.200' (ECDSA) to the list of known hosts. [ 34.430104] urandom_read: 1 callbacks suppressed [ 34.430110] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.534129] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.559341] ================================================================== [ 34.569085] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 34.575324] Read of size 8 at addr ffff8801b25b0058 by task syz-executor239/4733 [ 34.582842] [ 34.584464] CPU: 1 PID: 4733 Comm: syz-executor239 Not tainted 4.19.0-rc1+ #217 [ 34.591897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.601257] Call Trace: [ 34.603839] dump_stack+0x1c9/0x2b4 [ 34.607462] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.612647] ? printk+0xa7/0xcf [ 34.615934] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.620691] ? __schedule+0xf54/0x1df0 [ 34.624591] print_address_description+0x6c/0x20b [ 34.629431] ? __schedule+0xf54/0x1df0 [ 34.633330] kasan_report.cold.7+0x242/0x30d [ 34.637738] __asan_report_load8_noabort+0x14/0x20 [ 34.642667] __schedule+0xf54/0x1df0 [ 34.646373] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.651472] ? __sched_text_start+0x8/0x8 [ 34.655615] ? __call_srcu+0x7e7/0x1040 [ 34.659592] ? check_same_owner+0x340/0x340 [ 34.663907] ? mark_held_locks+0x160/0x160 [ 34.668146] ? find_held_lock+0x36/0x1c0 [ 34.672228] preempt_schedule_common+0x22/0x60 [ 34.676823] _cond_resched+0x1d/0x30 [ 34.680555] wait_for_completion+0xa5/0x8d0 [ 34.684878] ? wait_for_completion_interruptible+0x950/0x950 [ 34.690672] ? __lockdep_init_map+0x105/0x590 [ 34.695164] ? __init_waitqueue_head+0x9e/0x150 [ 34.699856] ? init_wait_entry+0x1c0/0x1c0 [ 34.704095] __synchronize_srcu+0x189/0x240 [ 34.708414] ? call_srcu+0x10/0x10 [ 34.711950] ? rcu_unexpedite_gp+0x20/0x20 [ 34.716187] synchronize_srcu+0x335/0x56f [ 34.720331] ? lock_downgrade+0x8f0/0x8f0 [ 34.724473] ? synchronize_srcu_expedited+0x20/0x20 [ 34.729488] ? kasan_check_read+0x11/0x20 [ 34.733635] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.738219] ? kasan_check_write+0x14/0x20 [ 34.742453] ? do_raw_spin_lock+0xc1/0x200 [ 34.746703] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.752412] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.757858] ? kvfree+0x61/0x70 [ 34.761146] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.766185] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.770242] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.774658] ? kvm_arch_sync_events+0x30/0x30 [ 34.779182] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.784733] ? mmu_notifier_unregister+0x474/0x600 [ 34.789658] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.794059] ? kfree+0x111/0x210 [ 34.797423] ? __mmu_notifier_register+0x30/0x30 [ 34.802176] ? __free_pages+0x10a/0x190 [ 34.806148] ? free_unref_page+0x930/0x930 [ 34.810389] kvm_put_kvm+0x73f/0x1060 [ 34.814191] ? kvm_write_guest_cached+0x40/0x40 [ 34.818858] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.823348] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.827837] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.832421] ? kasan_check_write+0x14/0x20 [ 34.836651] ? do_raw_spin_lock+0xc1/0x200 [ 34.840895] ? kvm_irqfd_release+0xdd/0x120 [ 34.845211] ? kvm_irqfd_release+0xdd/0x120 [ 34.849547] ? kvm_put_kvm+0x1060/0x1060 [ 34.853623] kvm_vm_release+0x42/0x50 [ 34.857422] __fput+0x38a/0xa40 [ 34.860697] ? __alloc_file+0x400/0x400 [ 34.864677] ? check_same_owner+0x340/0x340 [ 34.868991] ? kasan_check_write+0x14/0x20 [ 34.873248] ? do_raw_spin_lock+0xc1/0x200 [ 34.877497] ____fput+0x15/0x20 [ 34.880775] task_work_run+0x1e8/0x2a0 [ 34.884658] ? task_work_cancel+0x240/0x240 [ 34.888979] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.894511] ? switch_task_namespaces+0xa2/0xd0 [ 34.899176] do_exit+0x1ae4/0x26e0 [ 34.902714] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.907386] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.911635] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.916669] ? kfree+0x1d7/0x210 [ 34.920036] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.924276] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.929988] ? is_bpf_text_address+0xd7/0x170 [ 34.934480] ? kernel_text_address+0x79/0xf0 [ 34.938898] ? __kernel_text_address+0xd/0x40 [ 34.943388] ? unwind_get_return_address+0x61/0xa0 [ 34.948325] ? __save_stack_trace+0x8d/0xf0 [ 34.952654] ? save_stack+0xa9/0xd0 [ 34.956289] ? save_stack+0x43/0xd0 [ 34.959922] ? __kasan_slab_free+0x11a/0x170 [ 34.964324] ? kasan_slab_free+0xe/0x10 [ 34.968291] ? putname+0xf2/0x130 [ 34.971739] ? __x64_sys_openat+0x9d/0x100 [ 34.975974] ? do_syscall_64+0x1b9/0x820 [ 34.980030] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.985386] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.989812] ? kasan_check_read+0x11/0x20 [ 34.993959] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.998360] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.002766] ? initcall_blacklisted+0x9a/0x1e0 [ 35.007350] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.012464] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.018172] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.023719] ? do_vfs_ioctl+0x201/0x1720 [ 35.027789] ? rcu_is_watching+0x8c/0x150 [ 35.031930] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.036266] ? ioctl_preallocate+0x300/0x300 [ 35.040674] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.046206] ? __fget_light+0x2f7/0x440 [ 35.050192] ? fget_raw+0x20/0x20 [ 35.053635] ? putname+0xf2/0x130 [ 35.057085] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.062108] ? kmem_cache_free+0x246/0x280 [ 35.066350] ? putname+0xf7/0x130 [ 35.069802] do_group_exit+0x177/0x440 [ 35.073685] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.078018] ? __ia32_sys_exit+0x50/0x50 [ 35.082075] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.087172] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.092712] ? ksys_ioctl+0x81/0xd0 [ 35.096337] __x64_sys_exit_group+0x3e/0x50 [ 35.100667] do_syscall_64+0x1b9/0x820 [ 35.104555] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.109915] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.114845] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.119681] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.124694] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.129721] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.134576] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.139763] RIP: 0033:0x43ecc8 [ 35.142963] Code: Bad RIP value. [ 35.146321] RSP: 002b:00007ffc33a9eaf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.154023] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 35.161470] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.168743] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.176005] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.183271] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.190533] [ 35.192156] Allocated by task 4733: [ 35.195782] save_stack+0x43/0xd0 [ 35.199232] kasan_kmalloc+0xc4/0xe0 [ 35.202952] kasan_slab_alloc+0x12/0x20 [ 35.206922] kmem_cache_alloc+0x12e/0x710 [ 35.211062] vmx_create_vcpu+0xcf/0x2830 [ 35.215117] kvm_arch_vcpu_create+0xe5/0x220 [ 35.219522] kvm_vm_ioctl+0x488/0x1d80 [ 35.223405] do_vfs_ioctl+0x1de/0x1720 [ 35.227324] ksys_ioctl+0xa9/0xd0 [ 35.230781] __x64_sys_ioctl+0x73/0xb0 [ 35.234662] do_syscall_64+0x1b9/0x820 [ 35.238544] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.243718] [ 35.245333] Freed by task 4733: [ 35.248616] save_stack+0x43/0xd0 [ 35.252058] __kasan_slab_free+0x11a/0x170 [ 35.256283] kasan_slab_free+0xe/0x10 [ 35.260080] kmem_cache_free+0x86/0x280 [ 35.264048] vmx_free_vcpu+0x26b/0x300 [ 35.267932] kvm_arch_destroy_vm+0x365/0x7c0 [ 35.272338] kvm_put_kvm+0x73f/0x1060 [ 35.276134] kvm_vm_release+0x42/0x50 [ 35.279925] __fput+0x38a/0xa40 [ 35.283194] ____fput+0x15/0x20 [ 35.286491] task_work_run+0x1e8/0x2a0 [ 35.290369] do_exit+0x1ae4/0x26e0 [ 35.293903] do_group_exit+0x177/0x440 [ 35.297783] __x64_sys_exit_group+0x3e/0x50 [ 35.302101] do_syscall_64+0x1b9/0x820 [ 35.305982] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.311154] [ 35.312800] The buggy address belongs to the object at ffff8801b25b0040 [ 35.312800] which belongs to the cache kvm_vcpu of size 23872 [ 35.325363] The buggy address is located 24 bytes inside of [ 35.325363] 23872-byte region [ffff8801b25b0040, ffff8801b25b5d80) [ 35.337315] The buggy address belongs to the page: [ 35.342262] page:ffffea0006c96c00 count:1 mapcount:0 mapping:ffff8801d4a63b40 index:0x0 compound_mapcount: 0 [ 35.352229] flags: 0x2fffc0000008100(slab|head) [ 35.356917] raw: 02fffc0000008100 ffff8801d4a5a248 ffff8801d4a5a248 ffff8801d4a63b40 [ 35.364799] raw: 0000000000000000 ffff8801b25b0040 0000000100000001 0000000000000000 [ 35.372663] page dumped because: kasan: bad access detected [ 35.378356] [ 35.379972] Memory state around the buggy address: [ 35.384893] ffff8801b25aff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.392268] ffff8801b25aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.399637] >ffff8801b25b0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 35.406991] ^ [ 35.413237] ffff8801b25b0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.420596] ffff8801b25b0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.427943] ================================================================== [ 35.435292] Kernel panic - not syncing: panic_on_warn set ... [ 35.435292] [ 35.442674] CPU: 1 PID: 4733 Comm: syz-executor239 Tainted: G B 4.19.0-rc1+ #217 [ 35.451499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.460840] Call Trace: [ 35.463428] dump_stack+0x1c9/0x2b4 [ 35.467056] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.472257] ? lock_downgrade+0x8f0/0x8f0 [ 35.476411] ? __schedule+0xf54/0x1df0 [ 35.480293] panic+0x238/0x4e7 [ 35.483480] ? add_taint.cold.5+0x16/0x16 [ 35.487627] ? print_shadow_for_address+0xba/0x116 [ 35.492568] ? trace_hardirqs_off+0xaf/0x2b0 [ 35.496966] ? trace_hardirqs_off+0x77/0x2b0 [ 35.501382] ? __schedule+0xf54/0x1df0 [ 35.505269] kasan_end_report+0x47/0x4f [ 35.509256] kasan_report.cold.7+0x76/0x30d [ 35.513576] __asan_report_load8_noabort+0x14/0x20 [ 35.518501] __schedule+0xf54/0x1df0 [ 35.522221] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.527325] ? __sched_text_start+0x8/0x8 [ 35.531475] ? __call_srcu+0x7e7/0x1040 [ 35.535452] ? check_same_owner+0x340/0x340 [ 35.539769] ? mark_held_locks+0x160/0x160 [ 35.544002] ? find_held_lock+0x36/0x1c0 [ 35.548060] preempt_schedule_common+0x22/0x60 [ 35.552635] _cond_resched+0x1d/0x30 [ 35.556345] wait_for_completion+0xa5/0x8d0 [ 35.560663] ? wait_for_completion_interruptible+0x950/0x950 [ 35.566458] ? __lockdep_init_map+0x105/0x590 [ 35.570951] ? __init_waitqueue_head+0x9e/0x150 [ 35.575612] ? init_wait_entry+0x1c0/0x1c0 [ 35.579849] __synchronize_srcu+0x189/0x240 [ 35.584167] ? call_srcu+0x10/0x10 [ 35.587703] ? rcu_unexpedite_gp+0x20/0x20 [ 35.591938] synchronize_srcu+0x335/0x56f [ 35.596085] ? lock_downgrade+0x8f0/0x8f0 [ 35.600226] ? synchronize_srcu_expedited+0x20/0x20 [ 35.605241] ? kasan_check_read+0x11/0x20 [ 35.609413] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.613993] ? kasan_check_write+0x14/0x20 [ 35.618223] ? do_raw_spin_lock+0xc1/0x200 [ 35.622462] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.628170] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.633614] ? kvfree+0x61/0x70 [ 35.636890] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.641904] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.645962] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.650364] ? kvm_arch_sync_events+0x30/0x30 [ 35.654858] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.660393] ? mmu_notifier_unregister+0x474/0x600 [ 35.665316] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.669717] ? kfree+0x111/0x210 [ 35.673082] ? __mmu_notifier_register+0x30/0x30 [ 35.677837] ? __free_pages+0x10a/0x190 [ 35.681809] ? free_unref_page+0x930/0x930 [ 35.686050] kvm_put_kvm+0x73f/0x1060 [ 35.689854] ? kvm_write_guest_cached+0x40/0x40 [ 35.694520] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.699013] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.703517] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.708110] ? kasan_check_write+0x14/0x20 [ 35.712344] ? do_raw_spin_lock+0xc1/0x200 [ 35.716578] ? kvm_irqfd_release+0xdd/0x120 [ 35.720891] ? kvm_irqfd_release+0xdd/0x120 [ 35.725214] ? kvm_put_kvm+0x1060/0x1060 [ 35.729277] kvm_vm_release+0x42/0x50 [ 35.733075] __fput+0x38a/0xa40 [ 35.736351] ? __alloc_file+0x400/0x400 [ 35.740324] ? check_same_owner+0x340/0x340 [ 35.744640] ? kasan_check_write+0x14/0x20 [ 35.748868] ? do_raw_spin_lock+0xc1/0x200 [ 35.753100] ____fput+0x15/0x20 [ 35.756373] task_work_run+0x1e8/0x2a0 [ 35.760263] ? task_work_cancel+0x240/0x240 [ 35.764588] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.770121] ? switch_task_namespaces+0xa2/0xd0 [ 35.774792] do_exit+0x1ae4/0x26e0 [ 35.778335] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.783009] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.787239] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.792264] ? kfree+0x1d7/0x210 [ 35.795629] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.799860] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.805571] ? is_bpf_text_address+0xd7/0x170 [ 35.810059] ? kernel_text_address+0x79/0xf0 [ 35.814461] ? __kernel_text_address+0xd/0x40 [ 35.818953] ? unwind_get_return_address+0x61/0xa0 [ 35.823888] ? __save_stack_trace+0x8d/0xf0 [ 35.828213] ? save_stack+0xa9/0xd0 [ 35.831853] ? save_stack+0x43/0xd0 [ 35.835473] ? __kasan_slab_free+0x11a/0x170 [ 35.839874] ? kasan_slab_free+0xe/0x10 [ 35.843841] ? putname+0xf2/0x130 [ 35.847294] ? __x64_sys_openat+0x9d/0x100 [ 35.851547] ? do_syscall_64+0x1b9/0x820 [ 35.855603] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.860966] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.865371] ? kasan_check_read+0x11/0x20 [ 35.869513] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.873915] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.878334] ? initcall_blacklisted+0x9a/0x1e0 [ 35.882914] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.888014] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.893722] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.899260] ? do_vfs_ioctl+0x201/0x1720 [ 35.903316] ? rcu_is_watching+0x8c/0x150 [ 35.907455] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.911772] ? ioctl_preallocate+0x300/0x300 [ 35.916177] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.921708] ? __fget_light+0x2f7/0x440 [ 35.925681] ? fget_raw+0x20/0x20 [ 35.929126] ? putname+0xf2/0x130 [ 35.932577] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.937586] ? kmem_cache_free+0x246/0x280 [ 35.941820] ? putname+0xf7/0x130 [ 35.945276] do_group_exit+0x177/0x440 [ 35.949163] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.953483] ? __ia32_sys_exit+0x50/0x50 [ 35.957540] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.962643] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.968179] ? ksys_ioctl+0x81/0xd0 [ 35.971807] __x64_sys_exit_group+0x3e/0x50 [ 35.976128] do_syscall_64+0x1b9/0x820 [ 35.980014] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.985380] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.990309] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.995146] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.000162] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.005205] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.010048] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.015235] RIP: 0033:0x43ecc8 [ 36.018432] Code: Bad RIP value. [ 36.021797] RSP: 002b:00007ffc33a9eaf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.029500] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 36.036767] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.044032] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.051296] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.058558] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.065829] [ 36.065834] ====================================================== [ 36.065839] WARNING: possible circular locking dependency detected [ 36.065843] 4.19.0-rc1+ #217 Not tainted [ 36.065848] ------------------------------------------------------ [ 36.065853] syz-executor239/4733 is trying to acquire lock: [ 36.065856] 000000006070f746 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 36.065871] [ 36.065875] but task is already holding lock: [ 36.065878] 00000000bc9dbfcc (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.065891] [ 36.065896] which lock already depends on the new lock. [ 36.065898] [ 36.065900] [ 36.065905] the existing dependency chain (in reverse order) is: [ 36.065907] [ 36.065910] -> #3 (report_lock){....}: [ 36.065924] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.065928] kasan_report+0x8e/0x110 [ 36.065932] __asan_report_load8_noabort+0x14/0x20 [ 36.065936] __schedule+0xf54/0x1df0 [ 36.065940] preempt_schedule_common+0x22/0x60 [ 36.065944] _cond_resched+0x1d/0x30 [ 36.065948] wait_for_completion+0xa5/0x8d0 [ 36.065952] __synchronize_srcu+0x189/0x240 [ 36.065956] synchronize_srcu+0x335/0x56f [ 36.065961] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.065964] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.065968] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.065972] kvm_put_kvm+0x73f/0x1060 [ 36.065976] kvm_vm_release+0x42/0x50 [ 36.065980] __fput+0x38a/0xa40 [ 36.065983] ____fput+0x15/0x20 [ 36.065987] task_work_run+0x1e8/0x2a0 [ 36.065990] do_exit+0x1ae4/0x26e0 [ 36.065994] do_group_exit+0x177/0x440 [ 36.065998] __x64_sys_exit_group+0x3e/0x50 [ 36.066002] do_syscall_64+0x1b9/0x820 [ 36.066007] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.066009] [ 36.066011] -> #2 (&rq->lock){-.-.}: [ 36.066025] _raw_spin_lock+0x2a/0x40 [ 36.066028] task_fork_fair+0x93/0x680 [ 36.066032] sched_fork+0x44b/0xbd0 [ 36.066036] copy_process+0x235e/0x7ad0 [ 36.066039] _do_fork+0x1ca/0x1170 [ 36.066043] kernel_thread+0x34/0x40 [ 36.066047] rest_init+0x22/0xe4 [ 36.066050] start_kernel+0x913/0x94e [ 36.066055] x86_64_start_reservations+0x29/0x2b [ 36.066059] x86_64_start_kernel+0x76/0x79 [ 36.066063] secondary_startup_64+0xa4/0xb0 [ 36.066065] [ 36.066067] -> #1 (&p->pi_lock){-.-.}: [ 36.066081] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.066085] try_to_wake_up+0xd2/0x1250 [ 36.066089] wake_up_process+0x10/0x20 [ 36.066092] __up.isra.1+0x1c0/0x2a0 [ 36.066096] up+0x13c/0x1c0 [ 36.066100] __up_console_sem+0xbe/0x1b0 [ 36.066103] console_unlock+0x506/0x10d0 [ 36.066107] vprintk_emit+0x33a/0x910 [ 36.066111] vprintk_default+0x28/0x30 [ 36.066115] vprintk_func+0x7a/0x117 [ 36.066118] printk+0xa7/0xcf [ 36.066122] do_exit.cold.22+0x120/0x21f [ 36.066126] do_group_exit+0x177/0x440 [ 36.066130] __x64_sys_exit_group+0x3e/0x50 [ 36.066133] do_syscall_64+0x1b9/0x820 [ 36.066138] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.066140] [ 36.066142] -> #0 ((console_sem).lock){-...}: [ 36.066156] lock_acquire+0x1e4/0x4f0 [ 36.066161] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.066164] down_trylock+0x13/0x70 [ 36.066169] __down_trylock_console_sem+0xae/0x200 [ 36.066172] console_trylock+0x15/0xa0 [ 36.066176] vprintk_emit+0x31f/0x910 [ 36.066180] vprintk_default+0x28/0x30 [ 36.066184] vprintk_func+0x7a/0x117 [ 36.066187] printk+0xa7/0xcf [ 36.066191] kasan_report+0x9e/0x110 [ 36.066195] __asan_report_load8_noabort+0x14/0x20 [ 36.066199] __schedule+0xf54/0x1df0 [ 36.066203] preempt_schedule_common+0x22/0x60 [ 36.066207] _cond_resched+0x1d/0x30 [ 36.066211] wait_for_completion+0xa5/0x8d0 [ 36.066215] __synchronize_srcu+0x189/0x240 [ 36.066219] synchronize_srcu+0x335/0x56f [ 36.066224] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.066227] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.066231] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.066235] kvm_put_kvm+0x73f/0x1060 [ 36.066239] kvm_vm_release+0x42/0x50 [ 36.066242] __fput+0x38a/0xa40 [ 36.066246] ____fput+0x15/0x20 [ 36.066250] task_work_run+0x1e8/0x2a0 [ 36.066260] do_exit+0x1ae4/0x26e0 [ 36.066263] do_group_exit+0x177/0x440 [ 36.066267] __x64_sys_exit_group+0x3e/0x50 [ 36.066271] do_syscall_64+0x1b9/0x820 [ 36.066276] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.066278] [ 36.066282] other info that might help us debug this: [ 36.066285] [ 36.066288] Chain exists of: [ 36.066290] (console_sem).lock --> &rq->lock --> report_lock [ 36.066308] [ 36.066311] Possible unsafe locking scenario: [ 36.066314] [ 36.066318] CPU0 CPU1 [ 36.066322] ---- ---- [ 36.066324] lock(report_lock); [ 36.066333] lock(&rq->lock); [ 36.066342] lock(report_lock); [ 36.066350] lock((console_sem).lock); [ 36.066357] [ 36.066361] *** DEADLOCK *** [ 36.066363] [ 36.066367] 2 locks held by syz-executor239/4733: [ 36.066369] #0: 000000006eb19984 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 36.066386] #1: 00000000bc9dbfcc (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.066402] [ 36.066405] stack backtrace: [ 36.066411] CPU: 1 PID: 4733 Comm: syz-executor239 Not tainted 4.19.0-rc1+ #217 [ 36.066418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.066421] Call Trace: [ 36.066424] dump_stack+0x1c9/0x2b4 [ 36.066429] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.066433] ? vprintk_func+0x100/0x117 [ 36.066437] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 36.066441] ? save_trace+0xe0/0x290 [ 36.066445] __lock_acquire+0x3449/0x5020 [ 36.066449] ? mark_held_locks+0x160/0x160 [ 36.066453] ? mark_held_locks+0x160/0x160 [ 36.066457] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.066461] ? is_bpf_text_address+0xd7/0x170 [ 36.066465] ? kernel_text_address+0x79/0xf0 [ 36.066469] ? __kernel_text_address+0xd/0x40 [ 36.066473] ? __save_stack_trace+0x8d/0xf0 [ 36.066477] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 36.066481] ? save_trace+0x290/0x290 [ 36.066485] ? save_stack_trace+0x1a/0x20 [ 36.066488] ? save_trace+0xe0/0x290 [ 36.066492] ? graph_lock+0x170/0x170 [ 36.066497] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.066501] lock_acquire+0x1e4/0x4f0 [ 36.066504] ? down_trylock+0x13/0x70 [ 36.066508] ? lock_release+0x9f0/0x9f0 [ 36.066512] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.066516] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.066520] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.066524] ? log_store+0x34f/0x4c0 [ 36.066527] ? vprintk_emit+0x31f/0x910 [ 36.066531] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.066535] ? down_trylock+0x13/0x70 [ 36.066539] down_trylock+0x13/0x70 [ 36.066543] __down_trylock_console_sem+0xae/0x200 [ 36.066547] console_trylock+0x15/0xa0 [ 36.066550] vprintk_emit+0x31f/0x910 [ 36.066554] ? wake_up_klogd+0x110/0x110 [ 36.066558] ? run_rebalance_domains+0x4c0/0x4c0 [ 36.066562] ? kasan_check_read+0x11/0x20 [ 36.066566] ? rcu_is_watching+0x8c/0x150 [ 36.066570] ? rcu_pm_notify+0xc0/0xc0 [ 36.066574] ? lock_acquire+0x1e4/0x4f0 [ 36.066577] ? kasan_report+0x8e/0x110 [ 36.066581] ? __schedule+0xf54/0x1df0 [ 36.066585] vprintk_default+0x28/0x30 [ 36.066588] vprintk_func+0x7a/0x117 [ 36.066592] printk+0xa7/0xcf [ 36.066596] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.066600] ? kasan_check_write+0x14/0x20 [ 36.066604] ? do_raw_spin_lock+0xc1/0x200 [ 36.066608] ? do_raw_spin_lock+0xc1/0x200 [ 36.066611] kasan_report+0x9e/0x110 [ 36.066616] __asan_report_load8_noabort+0x14/0x20 [ 36.066619] __schedule+0xf54/0x1df0 [ 36.066624] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.066628] ? __sched_text_start+0x8/0x8 [ 36.066631] ? __call_srcu+0x7e7/0x1040 [ 36.066635] ? check_same_owner+0x340/0x340 [ 36.066639] ? mark_held_locks+0x160/0x160 [ 36.066656] ? find_held_lock+0x36/0x1c0 [ 36.066660] preempt_schedule_common+0x22/0x60 [ 36.066663] _cond_resched+0x1d/0x30 [ 36.066667] wait_for_completion+0xa5/0x8d0 [ 36.066672] ? wait_for_completion_interruptible+0x950/0x950 [ 36.066676] ? __lockdep_init_map+0x105/0x590 [ 36.066680] ? __init_waitqueue_head+0x9e/0x150 [ 36.066684] ? init_wait_entry+0x1c0/0x1c0 [ 36.066687] __synchronize_srcu+0x189/0x240 [ 36.066691] ? call_srcu+0x10/0x10 [ 36.066695] ? rcu_unexpedite_gp+0x20/0x20 [ 36.066698] synchronize_srcu+0x335/0x56f [ 36.066702] ? lock_downgrade+0x8f0/0x8f0 [ 36.066706] ? synchronize_srcu_expedited+0x20/0x20 [ 36.066710] ? kasan_check_read+0x11/0x20 [ 36.066714] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.066718] ? kasan_check_write+0x14/0x20 [ 36.066722] ? do_raw_spin_lock+0xc1/0x200 [ 36.066727] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.066731] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.066734] ? kvfree+0x61/0x70 [ 36.066739] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.066742] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.066746] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.066750] ? kvm_arch_sync_events+0x30/0x30 [ 36.066756] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.066760] ? mmu_notifier_unregister+0x474/0x600 [ 36.066764] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.066767] ? kfree+0x111/0x210 [ 36.066771] ? __mmu_notifier_register+0x30/0x30 [ 36.066775] ? __free_pages+0x10a/0x190 [ 36.066779] ? free_unref_page+0x930/0x930 [ 36.066782] kvm_put_kvm+0x73f/0x1060 [ 36.066786] ? kvm_write_guest_cached+0x40/0x40 [ 36.066790] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.066794] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.066798] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.066802] ? kasan_check_write+0x14/0x20 [ 36.066806] ? do_raw_spin_lock+0xc1/0x200 [ 36.066810] ? kvm_irqfd_release+0xdd/0x120 [ 36.066814] ? kvm_irqfd_release+0xdd/0x120 [ 36.066817] ? kvm_put_kvm+0x1060/0x1060 [ 36.066821] kvm_vm_release+0x42/0x50 [ 36.066824] __fput+0x38a/0xa40 [ 36.066828] ? __alloc_file+0x400/0x400 [ 36.066832] ? check_same_owner+0x340/0x340 [ 36.066835] ? kasan_check_write+0x14/0x20 [ 36.066839] ? do_raw_spin_lock+0xc1/0x200 [ 36.066842] ____fput+0x15/0x20 [ 36.066859] task_work_run+0x1e8/0x2a0 [ 36.066863] ? task_work_cancel+0x240/0x240 [ 36.066867] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.066871] ? switch_task_namespaces+0xa2/0xd0 [ 36.066875] do_exit+0x1ae4/0x26e0 [ 36.066879] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.066883] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.066887] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.066891] ? kfree+0x1d7/0x210 [ 36.066895] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.066899] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.066902] ? is_bpf_tex [ 36.066909] Lost 55 message(s)! [ 37.169028] Shutting down cpus with NMI [ 38.226023] Dumping ftrace buffer: [ 38.229551] (ftrace buffer empty) [ 38.233239] Kernel Offset: disabled [ 38.236852] Rebooting in 86400 seconds..