[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.490752] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.176595] random: sshd: uninitialized urandom read (32 bytes read) [ 26.442334] random: sshd: uninitialized urandom read (32 bytes read) [ 26.985759] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts. [ 32.927778] urandom_read: 1 callbacks suppressed [ 32.927783] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.030398] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.054777] ================================================================== [ 33.064651] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.070880] Read of size 8 at addr ffff8801c9b20058 by task syz-executor251/4639 [ 33.078398] [ 33.080021] CPU: 1 PID: 4639 Comm: syz-executor251 Not tainted 4.19.0-rc1+ #217 [ 33.087460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.096801] Call Trace: [ 33.099385] dump_stack+0x1c9/0x2b4 [ 33.103010] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.108197] ? printk+0xa7/0xcf [ 33.111474] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.116227] ? __schedule+0xf54/0x1df0 [ 33.120545] print_address_description+0x6c/0x20b [ 33.125383] ? __schedule+0xf54/0x1df0 [ 33.129266] kasan_report.cold.7+0x242/0x30d [ 33.133685] __asan_report_load8_noabort+0x14/0x20 [ 33.138614] __schedule+0xf54/0x1df0 [ 33.142329] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.147439] ? __sched_text_start+0x8/0x8 [ 33.151588] ? __call_srcu+0x7e7/0x1040 [ 33.155567] ? check_same_owner+0x340/0x340 [ 33.159883] ? mark_held_locks+0x160/0x160 [ 33.164113] ? find_held_lock+0x36/0x1c0 [ 33.168179] preempt_schedule_common+0x22/0x60 [ 33.172755] _cond_resched+0x1d/0x30 [ 33.176470] wait_for_completion+0xa5/0x8d0 [ 33.180795] ? wait_for_completion_interruptible+0x950/0x950 [ 33.186585] ? __lockdep_init_map+0x105/0x590 [ 33.191077] ? __init_waitqueue_head+0x9e/0x150 [ 33.195742] ? init_wait_entry+0x1c0/0x1c0 [ 33.199980] __synchronize_srcu+0x189/0x240 [ 33.204296] ? call_srcu+0x10/0x10 [ 33.207837] ? rcu_unexpedite_gp+0x20/0x20 [ 33.212074] synchronize_srcu+0x335/0x56f [ 33.216215] ? lock_downgrade+0x8f0/0x8f0 [ 33.220356] ? synchronize_srcu_expedited+0x20/0x20 [ 33.225379] ? kasan_check_read+0x11/0x20 [ 33.229526] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.234101] ? kasan_check_write+0x14/0x20 [ 33.238331] ? do_raw_spin_lock+0xc1/0x200 [ 33.242569] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.248293] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.253741] ? kvfree+0x61/0x70 [ 33.257015] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.262033] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.266111] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.270521] ? kvm_arch_sync_events+0x30/0x30 [ 33.275016] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.280550] ? mmu_notifier_unregister+0x474/0x600 [ 33.285475] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.289881] ? kfree+0x111/0x210 [ 33.293246] ? __mmu_notifier_register+0x30/0x30 [ 33.298001] ? __free_pages+0x10a/0x190 [ 33.301975] ? free_unref_page+0x930/0x930 [ 33.306214] kvm_put_kvm+0x73f/0x1060 [ 33.310048] ? kvm_write_guest_cached+0x40/0x40 [ 33.314716] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.319204] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.323699] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.328279] ? kasan_check_write+0x14/0x20 [ 33.332506] ? do_raw_spin_lock+0xc1/0x200 [ 33.336738] ? kvm_irqfd_release+0xdd/0x120 [ 33.341055] ? kvm_irqfd_release+0xdd/0x120 [ 33.345376] ? kvm_put_kvm+0x1060/0x1060 [ 33.349433] kvm_vm_release+0x42/0x50 [ 33.353233] __fput+0x38a/0xa40 [ 33.356509] ? __alloc_file+0x400/0x400 [ 33.360483] ? check_same_owner+0x340/0x340 [ 33.364802] ? kasan_check_write+0x14/0x20 [ 33.369033] ? do_raw_spin_lock+0xc1/0x200 [ 33.373265] ____fput+0x15/0x20 [ 33.376542] task_work_run+0x1e8/0x2a0 [ 33.380423] ? task_work_cancel+0x240/0x240 [ 33.384748] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.390287] ? switch_task_namespaces+0xa2/0xd0 [ 33.394958] do_exit+0x1ae4/0x26e0 [ 33.398498] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.403168] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.407401] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.412412] ? kfree+0x1d7/0x210 [ 33.415791] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.420022] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.425792] ? is_bpf_text_address+0xd7/0x170 [ 33.430281] ? kernel_text_address+0x79/0xf0 [ 33.434695] ? __kernel_text_address+0xd/0x40 [ 33.439189] ? unwind_get_return_address+0x61/0xa0 [ 33.444117] ? __save_stack_trace+0x8d/0xf0 [ 33.448446] ? save_stack+0xa9/0xd0 [ 33.452082] ? save_stack+0x43/0xd0 [ 33.455704] ? __kasan_slab_free+0x11a/0x170 [ 33.460105] ? kasan_slab_free+0xe/0x10 [ 33.464073] ? putname+0xf2/0x130 [ 33.467524] ? __x64_sys_openat+0x9d/0x100 [ 33.471759] ? do_syscall_64+0x1b9/0x820 [ 33.475820] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.481178] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.485578] ? kasan_check_read+0x11/0x20 [ 33.489722] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.494125] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.498563] ? initcall_blacklisted+0x9a/0x1e0 [ 33.503171] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.508275] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.513986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.519520] ? do_vfs_ioctl+0x201/0x1720 [ 33.523579] ? rcu_is_watching+0x8c/0x150 [ 33.527717] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.532037] ? ioctl_preallocate+0x300/0x300 [ 33.536445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.542005] ? __fget_light+0x2f7/0x440 [ 33.545979] ? fget_raw+0x20/0x20 [ 33.549422] ? putname+0xf2/0x130 [ 33.552877] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.557890] ? kmem_cache_free+0x246/0x280 [ 33.562121] ? putname+0xf7/0x130 [ 33.565571] do_group_exit+0x177/0x440 [ 33.569461] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.573776] ? __ia32_sys_exit+0x50/0x50 [ 33.577834] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.582931] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.588463] ? ksys_ioctl+0x81/0xd0 [ 33.592089] __x64_sys_exit_group+0x3e/0x50 [ 33.596406] do_syscall_64+0x1b9/0x820 [ 33.600295] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.605658] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.610590] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.615426] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.620447] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 33.625464] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.630483] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.635323] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.640508] RIP: 0033:0x43ecf8 [ 33.643706] Code: Bad RIP value. [ 33.647062] RSP: 002b:00007ffe5abe2a08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.654768] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8 [ 33.662028] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.669292] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.676553] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.683815] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.691083] [ 33.692706] Allocated by task 4639: [ 33.696329] save_stack+0x43/0xd0 [ 33.699774] kasan_kmalloc+0xc4/0xe0 [ 33.703484] kasan_slab_alloc+0x12/0x20 [ 33.707454] kmem_cache_alloc+0x12e/0x710 [ 33.711600] vmx_create_vcpu+0xcf/0x2830 [ 33.715654] kvm_arch_vcpu_create+0xe5/0x220 [ 33.720069] kvm_vm_ioctl+0x488/0x1d80 [ 33.723953] do_vfs_ioctl+0x1de/0x1720 [ 33.727835] ksys_ioctl+0xa9/0xd0 [ 33.731284] __x64_sys_ioctl+0x73/0xb0 [ 33.735168] do_syscall_64+0x1b9/0x820 [ 33.739049] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.744221] [ 33.745838] Freed by task 4639: [ 33.749110] save_stack+0x43/0xd0 [ 33.752557] __kasan_slab_free+0x11a/0x170 [ 33.756786] kasan_slab_free+0xe/0x10 [ 33.760577] kmem_cache_free+0x86/0x280 [ 33.764544] vmx_free_vcpu+0x26b/0x300 [ 33.768424] kvm_arch_destroy_vm+0x365/0x7c0 [ 33.772834] kvm_put_kvm+0x73f/0x1060 [ 33.776632] kvm_vm_release+0x42/0x50 [ 33.780427] __fput+0x38a/0xa40 [ 33.783706] ____fput+0x15/0x20 [ 33.786977] task_work_run+0x1e8/0x2a0 [ 33.790858] do_exit+0x1ae4/0x26e0 [ 33.794395] do_group_exit+0x177/0x440 [ 33.798281] __x64_sys_exit_group+0x3e/0x50 [ 33.802597] do_syscall_64+0x1b9/0x820 [ 33.806480] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.811656] [ 33.813283] The buggy address belongs to the object at ffff8801c9b20040 [ 33.813283] which belongs to the cache kvm_vcpu of size 23872 [ 33.825851] The buggy address is located 24 bytes inside of [ 33.825851] 23872-byte region [ffff8801c9b20040, ffff8801c9b25d80) [ 33.837803] The buggy address belongs to the page: [ 33.842727] page:ffffea000726c800 count:1 mapcount:0 mapping:ffff8801d53b49c0 index:0x0 compound_mapcount: 0 [ 33.852699] flags: 0x2fffc0000008100(slab|head) [ 33.857366] raw: 02fffc0000008100 ffff8801d53b5848 ffff8801d53b5848 ffff8801d53b49c0 [ 33.865246] raw: 0000000000000000 ffff8801c9b20040 0000000100000001 0000000000000000 [ 33.873113] page dumped because: kasan: bad access detected [ 33.879060] [ 33.880716] Memory state around the buggy address: [ 33.885636] ffff8801c9b1ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.892985] ffff8801c9b1ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.900335] >ffff8801c9b20000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 33.907684] ^ [ 33.913908] ffff8801c9b20080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.921262] ffff8801c9b20100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.928605] ================================================================== [ 33.935954] Kernel panic - not syncing: panic_on_warn set ... [ 33.935954] [ 33.943320] CPU: 1 PID: 4639 Comm: syz-executor251 Tainted: G B 4.19.0-rc1+ #217 [ 33.952147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.961493] Call Trace: [ 33.964087] dump_stack+0x1c9/0x2b4 [ 33.967717] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.972907] ? lock_downgrade+0x8f0/0x8f0 [ 33.977053] ? __schedule+0xf54/0x1df0 [ 33.980937] panic+0x238/0x4e7 [ 33.984128] ? add_taint.cold.5+0x16/0x16 [ 33.988274] ? print_shadow_for_address+0xba/0x116 [ 33.993199] ? trace_hardirqs_off+0xaf/0x2b0 [ 33.997600] ? trace_hardirqs_off+0x77/0x2b0 [ 34.002008] ? __schedule+0xf54/0x1df0 [ 34.005895] kasan_end_report+0x47/0x4f [ 34.010373] kasan_report.cold.7+0x76/0x30d [ 34.014701] __asan_report_load8_noabort+0x14/0x20 [ 34.019625] __schedule+0xf54/0x1df0 [ 34.023332] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.028433] ? __sched_text_start+0x8/0x8 [ 34.032584] ? __call_srcu+0x7e7/0x1040 [ 34.036559] ? check_same_owner+0x340/0x340 [ 34.040874] ? mark_held_locks+0x160/0x160 [ 34.045106] ? find_held_lock+0x36/0x1c0 [ 34.049164] preempt_schedule_common+0x22/0x60 [ 34.053746] _cond_resched+0x1d/0x30 [ 34.057458] wait_for_completion+0xa5/0x8d0 [ 34.061788] ? wait_for_completion_interruptible+0x950/0x950 [ 34.067581] ? __lockdep_init_map+0x105/0x590 [ 34.072094] ? __init_waitqueue_head+0x9e/0x150 [ 34.076760] ? init_wait_entry+0x1c0/0x1c0 [ 34.080996] __synchronize_srcu+0x189/0x240 [ 34.085312] ? call_srcu+0x10/0x10 [ 34.088856] ? rcu_unexpedite_gp+0x20/0x20 [ 34.093093] synchronize_srcu+0x335/0x56f [ 34.097238] ? lock_downgrade+0x8f0/0x8f0 [ 34.101390] ? synchronize_srcu_expedited+0x20/0x20 [ 34.106404] ? kasan_check_read+0x11/0x20 [ 34.110559] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.115139] ? kasan_check_write+0x14/0x20 [ 34.119366] ? do_raw_spin_lock+0xc1/0x200 [ 34.123604] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.129314] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.134758] ? kvfree+0x61/0x70 [ 34.138038] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.143051] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.147112] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.151515] ? kvm_arch_sync_events+0x30/0x30 [ 34.156011] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.161545] ? mmu_notifier_unregister+0x474/0x600 [ 34.166468] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.170870] ? kfree+0x111/0x210 [ 34.174235] ? __mmu_notifier_register+0x30/0x30 [ 34.179011] ? __free_pages+0x10a/0x190 [ 34.182984] ? free_unref_page+0x930/0x930 [ 34.187222] kvm_put_kvm+0x73f/0x1060 [ 34.191024] ? kvm_write_guest_cached+0x40/0x40 [ 34.195702] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.200192] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.204691] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.209276] ? kasan_check_write+0x14/0x20 [ 34.213505] ? do_raw_spin_lock+0xc1/0x200 [ 34.217738] ? kvm_irqfd_release+0xdd/0x120 [ 34.222052] ? kvm_irqfd_release+0xdd/0x120 [ 34.226378] ? kvm_put_kvm+0x1060/0x1060 [ 34.230474] kvm_vm_release+0x42/0x50 [ 34.234277] __fput+0x38a/0xa40 [ 34.237556] ? __alloc_file+0x400/0x400 [ 34.241531] ? check_same_owner+0x340/0x340 [ 34.245851] ? kasan_check_write+0x14/0x20 [ 34.250100] ? do_raw_spin_lock+0xc1/0x200 [ 34.254332] ____fput+0x15/0x20 [ 34.257607] task_work_run+0x1e8/0x2a0 [ 34.261582] ? task_work_cancel+0x240/0x240 [ 34.265907] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.271448] ? switch_task_namespaces+0xa2/0xd0 [ 34.276116] do_exit+0x1ae4/0x26e0 [ 34.279654] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.284849] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.289083] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.294093] ? kfree+0x1d7/0x210 [ 34.297464] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.301702] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.307413] ? is_bpf_text_address+0xd7/0x170 [ 34.311910] ? kernel_text_address+0x79/0xf0 [ 34.316313] ? __kernel_text_address+0xd/0x40 [ 34.320804] ? unwind_get_return_address+0x61/0xa0 [ 34.325730] ? __save_stack_trace+0x8d/0xf0 [ 34.330055] ? save_stack+0xa9/0xd0 [ 34.333684] ? save_stack+0x43/0xd0 [ 34.337310] ? __kasan_slab_free+0x11a/0x170 [ 34.341711] ? kasan_slab_free+0xe/0x10 [ 34.345686] ? putname+0xf2/0x130 [ 34.349138] ? __x64_sys_openat+0x9d/0x100 [ 34.353367] ? do_syscall_64+0x1b9/0x820 [ 34.357426] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.362791] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.367194] ? kasan_check_read+0x11/0x20 [ 34.371341] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.375742] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.380150] ? initcall_blacklisted+0x9a/0x1e0 [ 34.384733] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.389834] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.395543] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.401075] ? do_vfs_ioctl+0x201/0x1720 [ 34.405135] ? rcu_is_watching+0x8c/0x150 [ 34.409277] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.413598] ? ioctl_preallocate+0x300/0x300 [ 34.418004] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.423541] ? __fget_light+0x2f7/0x440 [ 34.427514] ? fget_raw+0x20/0x20 [ 34.430962] ? putname+0xf2/0x130 [ 34.434415] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.439428] ? kmem_cache_free+0x246/0x280 [ 34.443663] ? putname+0xf7/0x130 [ 34.447122] do_group_exit+0x177/0x440 [ 34.451005] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.455324] ? __ia32_sys_exit+0x50/0x50 [ 34.459382] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.464529] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.470062] ? ksys_ioctl+0x81/0xd0 [ 34.473706] __x64_sys_exit_group+0x3e/0x50 [ 34.478026] do_syscall_64+0x1b9/0x820 [ 34.481909] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.487269] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.492195] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.497031] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.502042] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.507057] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.512070] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.516910] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.522095] RIP: 0033:0x43ecf8 [ 34.525288] Code: Bad RIP value. [ 34.528656] RSP: 002b:00007ffe5abe2a08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.536362] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8 [ 34.543622] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.550883] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.558144] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.565409] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.572696] [ 34.572702] ====================================================== [ 34.572707] WARNING: possible circular locking dependency detected [ 34.572711] 4.19.0-rc1+ #217 Not tainted [ 34.572716] ------------------------------------------------------ [ 34.572721] syz-executor251/4639 is trying to acquire lock: [ 34.572725] 0000000041328e2a ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 34.572740] [ 34.572744] but task is already holding lock: [ 34.572748] 00000000b89d0088 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.572762] [ 34.572766] which lock already depends on the new lock. [ 34.572769] [ 34.572771] [ 34.572776] the existing dependency chain (in reverse order) is: [ 34.572779] [ 34.572781] -> #3 (report_lock){....}: [ 34.572796] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.572799] kasan_report+0x8e/0x110 [ 34.572804] __asan_report_load8_noabort+0x14/0x20 [ 34.572808] __schedule+0xf54/0x1df0 [ 34.572812] preempt_schedule_common+0x22/0x60 [ 34.572816] _cond_resched+0x1d/0x30 [ 34.572820] wait_for_completion+0xa5/0x8d0 [ 34.572824] __synchronize_srcu+0x189/0x240 [ 34.572829] synchronize_srcu+0x335/0x56f [ 34.572834] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.572838] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.572842] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.572846] kvm_put_kvm+0x73f/0x1060 [ 34.572850] kvm_vm_release+0x42/0x50 [ 34.572853] __fput+0x38a/0xa40 [ 34.572857] ____fput+0x15/0x20 [ 34.572861] task_work_run+0x1e8/0x2a0 [ 34.572865] do_exit+0x1ae4/0x26e0 [ 34.572869] do_group_exit+0x177/0x440 [ 34.572873] __x64_sys_exit_group+0x3e/0x50 [ 34.572877] do_syscall_64+0x1b9/0x820 [ 34.572881] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.572884] [ 34.572886] -> #2 (&rq->lock){-.-.}: [ 34.572900] _raw_spin_lock+0x2a/0x40 [ 34.572904] task_fork_fair+0x93/0x680 [ 34.572908] sched_fork+0x44b/0xbd0 [ 34.572912] copy_process+0x235e/0x7ad0 [ 34.572916] _do_fork+0x1ca/0x1170 [ 34.572919] kernel_thread+0x34/0x40 [ 34.572923] rest_init+0x22/0xe4 [ 34.572927] start_kernel+0x913/0x94e [ 34.572931] x86_64_start_reservations+0x29/0x2b [ 34.572935] x86_64_start_kernel+0x76/0x79 [ 34.572940] secondary_startup_64+0xa4/0xb0 [ 34.572943] [ 34.572945] -> #1 (&p->pi_lock){-.-.}: [ 34.572960] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.572964] try_to_wake_up+0xd2/0x1250 [ 34.572967] wake_up_process+0x10/0x20 [ 34.572971] __up.isra.1+0x1c0/0x2a0 [ 34.572975] up+0x13c/0x1c0 [ 34.572979] __up_console_sem+0xbe/0x1b0 [ 34.572983] console_unlock+0x506/0x10d0 [ 34.572987] vprintk_emit+0x33a/0x910 [ 34.572990] vprintk_default+0x28/0x30 [ 34.572994] vprintk_func+0x7a/0x117 [ 34.572998] printk+0xa7/0xcf [ 34.573001] load_umh+0x51/0xbd [ 34.573005] do_one_initcall+0x127/0x838 [ 34.573010] kernel_init_freeable+0x4bb/0x5ae [ 34.573013] kernel_init+0x11/0x1b3 [ 34.573017] ret_from_fork+0x3a/0x50 [ 34.573020] [ 34.573022] -> #0 ((console_sem).lock){-...}: [ 34.573037] lock_acquire+0x1e4/0x4f0 [ 34.573041] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.573045] down_trylock+0x13/0x70 [ 34.573049] __down_trylock_console_sem+0xae/0x200 [ 34.573053] console_trylock+0x15/0xa0 [ 34.573057] vprintk_emit+0x31f/0x910 [ 34.573061] vprintk_default+0x28/0x30 [ 34.573065] vprintk_func+0x7a/0x117 [ 34.573069] printk+0xa7/0xcf [ 34.573072] kasan_report+0x9e/0x110 [ 34.573077] __asan_report_load8_noabort+0x14/0x20 [ 34.573081] __schedule+0xf54/0x1df0 [ 34.573085] preempt_schedule_common+0x22/0x60 [ 34.573089] _cond_resched+0x1d/0x30 [ 34.573093] wait_for_completion+0xa5/0x8d0 [ 34.573098] __synchronize_srcu+0x189/0x240 [ 34.573102] synchronize_srcu+0x335/0x56f [ 34.573107] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.573111] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.573115] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.573119] kvm_put_kvm+0x73f/0x1060 [ 34.573123] kvm_vm_release+0x42/0x50 [ 34.573126] __fput+0x38a/0xa40 [ 34.573130] ____fput+0x15/0x20 [ 34.573134] task_work_run+0x1e8/0x2a0 [ 34.573137] do_exit+0x1ae4/0x26e0 [ 34.573141] do_group_exit+0x177/0x440 [ 34.573145] __x64_sys_exit_group+0x3e/0x50 [ 34.573149] do_syscall_64+0x1b9/0x820 [ 34.573154] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.573156] [ 34.573161] other info that might help us debug this: [ 34.573163] [ 34.573166] Chain exists of: [ 34.573168] (console_sem).lock --> &rq->lock --> report_lock [ 34.573187] [ 34.573191] Possible unsafe locking scenario: [ 34.573193] [ 34.573197] CPU0 CPU1 [ 34.573201] ---- ---- [ 34.573204] lock(report_lock); [ 34.573213] lock(&rq->lock); [ 34.573222] lock(report_lock); [ 34.573230] lock((console_sem).lock); [ 34.573239] [ 34.573242] *** DEADLOCK *** [ 34.573244] [ 34.573248] 2 locks held by syz-executor251/4639: [ 34.573251] #0: 00000000c0d3fa1f (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 34.573268] #1: 00000000b89d0088 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.573285] [ 34.573288] stack backtrace: [ 34.573294] CPU: 1 PID: 4639 Comm: syz-executor251 Not tainted 4.19.0-rc1+ #217 [ 34.573301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.573304] Call Trace: [ 34.573308] dump_stack+0x1c9/0x2b4 [ 34.573313] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.573317] ? vprintk_func+0x100/0x117 [ 34.573321] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 34.573325] ? save_trace+0xe0/0x290 [ 34.573329] __lock_acquire+0x3449/0x5020 [ 34.573333] ? mark_held_locks+0x160/0x160 [ 34.573338] ? mark_held_locks+0x160/0x160 [ 34.573342] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.573346] ? is_bpf_text_address+0xd7/0x170 [ 34.573350] ? kernel_text_address+0x79/0xf0 [ 34.573354] ? __kernel_text_address+0xd/0x40 [ 34.573359] ? __save_stack_trace+0x8d/0xf0 [ 34.573363] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 34.573367] ? save_trace+0x290/0x290 [ 34.573371] ? save_stack_trace+0x1a/0x20 [ 34.573375] ? save_trace+0xe0/0x290 [ 34.573379] ? graph_lock+0x170/0x170 [ 34.573383] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.573387] lock_acquire+0x1e4/0x4f0 [ 34.573391] ? down_trylock+0x13/0x70 [ 34.573395] ? lock_release+0x9f0/0x9f0 [ 34.573399] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.573403] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.573408] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.573411] ? log_store+0x34f/0x4c0 [ 34.573415] ? vprintk_emit+0x31f/0x910 [ 34.573420] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.573423] ? down_trylock+0x13/0x70 [ 34.573427] down_trylock+0x13/0x70 [ 34.573432] __down_trylock_console_sem+0xae/0x200 [ 34.573441] console_trylock+0x15/0xa0 [ 34.573445] vprintk_emit+0x31f/0x910 [ 34.573449] ? wake_up_klogd+0x110/0x110 [ 34.573453] ? run_rebalance_domains+0x4c0/0x4c0 [ 34.573457] ? kasan_check_read+0x11/0x20 [ 34.573461] ? rcu_is_watching+0x8c/0x150 [ 34.573465] ? rcu_pm_notify+0xc0/0xc0 [ 34.573469] ? lock_acquire+0x1e4/0x4f0 [ 34.573473] ? kasan_report+0x8e/0x110 [ 34.573477] ? __schedule+0xf54/0x1df0 [ 34.573481] vprintk_default+0x28/0x30 [ 34.573484] vprintk_func+0x7a/0x117 [ 34.573488] printk+0xa7/0xcf [ 34.573492] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.573496] ? kasan_check_write+0x14/0x20 [ 34.573500] ? do_raw_spin_lock+0xc1/0x200 [ 34.573504] ? do_raw_spin_lock+0xc1/0x200 [ 34.573508] kasan_report+0x9e/0x110 [ 34.573513] __asan_report_load8_noabort+0x14/0x20 [ 34.573516] __schedule+0xf54/0x1df0 [ 34.573521] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.573525] ? __sched_text_start+0x8/0x8 [ 34.573529] ? __call_srcu+0x7e7/0x1040 [ 34.573533] ? check_same_owner+0x340/0x340 [ 34.573537] ? mark_held_locks+0x160/0x160 [ 34.573541] ? find_held_lock+0x36/0x1c0 [ 34.573545] preempt_schedule_common+0x22/0x60 [ 34.573549] _cond_resched+0x1d/0x30 [ 34.573553] wait_for_completion+0xa5/0x8d0 [ 34.573558] ? wait_for_completion_interruptible+0x950/0x950 [ 34.573563] ? __lockdep_init_map+0x105/0x590 [ 34.573567] ? __init_waitqueue_head+0x9e/0x150 [ 34.573571] ? init_wait_entry+0x1c0/0x1c0 [ 34.573575] __synchronize_srcu+0x189/0x240 [ 34.573579] ? call_srcu+0x10/0x10 [ 34.573583] ? rcu_unexpedite_gp+0x20/0x20 [ 34.573587] synchronize_srcu+0x335/0x56f [ 34.573591] ? lock_downgrade+0x8f0/0x8f0 [ 34.573596] ? synchronize_srcu_expedited+0x20/0x20 [ 34.573600] ? kasan_check_read+0x11/0x20 [ 34.573604] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.573608] ? kasan_check_write+0x14/0x20 [ 34.573613] ? do_raw_spin_lock+0xc1/0x200 [ 34.573618] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.573622] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.573626] ? kvfree+0x61/0x70 [ 34.573631] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.573635] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.573639] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.573643] ? kvm_arch_sync_events+0x30/0x30 [ 34.573648] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.573652] ? mmu_notifier_unregister+0x474/0x600 [ 34.573656] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.573660] ? kfree+0x111/0x210 [ 34.573664] ? __mmu_notifier_register+0x30/0x30 [ 34.573668] ? __free_pages+0x10a/0x190 [ 34.573679] ? free_unref_page+0x930/0x930 [ 34.573684] kvm_put_kvm+0x73f/0x1060 [ 34.573688] ? kvm_write_guest_cached+0x40/0x40 [ 34.573692] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.573696] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.573701] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.573705] ? kasan_check_write+0x14/0x20 [ 34.573709] ? do_raw_spin_lock+0xc1/0x200 [ 34.573713] ? kvm_irqfd_release+0xdd/0x120 [ 34.573717] ? kvm_irqfd_release+0xdd/0x120 [ 34.573721] ? kvm_put_kvm+0x1060/0x1060 [ 34.573725] kvm_vm_release+0x42/0x50 [ 34.573729] __fput+0x38a/0xa40 [ 34.573733] ? __alloc_file+0x400/0x400 [ 34.573737] ? check_same_owner+0x340/0x340 [ 34.573741] ? kasan_check_write+0x14/0x20 [ 34.573745] ? do_raw_spin_lock+0xc1/0x200 [ 34.573749] ____fput+0x15/0x20 [ 34.573753] task_work_run+0x1e8/0x2a0 [ 34.573757] ? task_work_cancel+0x240/0x240 [ 34.573762] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.573766] ? switch_task_namespaces+0xa2/0xd0 [ 34.573770] do_exit+0x1ae4/0x26e0 [ 34.573774] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.573778] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.573782] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.573786] ? kfree+0x1d7/0x210 [ 34.573790] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.573795] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.573799] ? is_bpf_text_address+0xd7/0x170 [ 34.573801] ? [ 34.573809] Lost 55 message(s)! [ 35.657808] Shutting down cpus with NMI [ 36.716763] Dumping ftrace buffer: [ 36.720285] (ftrace buffer empty) [ 36.723978] Kernel Offset: disabled [ 36.727586] Rebooting in 86400 seconds..