[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 21.969459] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.431550] random: sshd: uninitialized urandom read (32 bytes read) [ 26.781951] random: sshd: uninitialized urandom read (32 bytes read) [ 27.329357] random: sshd: uninitialized urandom read (32 bytes read) [ 29.740503] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.40' (ECDSA) to the list of known hosts. [ 35.396587] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 35.494334] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 35.519389] ================================================================== [ 35.529244] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 35.535471] Read of size 8 at addr ffff8801b9788058 by task syz-executor745/4647 [ 35.542995] [ 35.544606] CPU: 0 PID: 4647 Comm: syz-executor745 Not tainted 4.19.0-rc2+ #220 [ 35.552117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.561467] Call Trace: [ 35.564068] dump_stack+0x1c9/0x2b4 [ 35.567720] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.572907] ? printk+0xa7/0xcf [ 35.576184] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.580940] ? __schedule+0xf54/0x1df0 [ 35.584849] print_address_description+0x6c/0x20b [ 35.589686] ? __schedule+0xf54/0x1df0 [ 35.593568] kasan_report.cold.7+0x242/0x30d [ 35.597974] __asan_report_load8_noabort+0x14/0x20 [ 35.602898] __schedule+0xf54/0x1df0 [ 35.606615] ? __sched_text_start+0x8/0x8 [ 35.610758] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 35.615867] ? __call_srcu+0x7e7/0x1040 [ 35.619844] ? check_same_owner+0x340/0x340 [ 35.624159] ? mark_held_locks+0x160/0x160 [ 35.628390] ? find_held_lock+0x36/0x1c0 [ 35.632451] preempt_schedule_common+0x22/0x60 [ 35.637037] _cond_resched+0x1d/0x30 [ 35.640749] wait_for_completion+0xa5/0x8d0 [ 35.645071] ? wait_for_completion_interruptible+0x950/0x950 [ 35.650866] ? __lockdep_init_map+0x105/0x590 [ 35.655358] ? __init_waitqueue_head+0x9e/0x150 [ 35.660020] ? init_wait_entry+0x1c0/0x1c0 [ 35.664254] __synchronize_srcu+0x189/0x240 [ 35.668569] ? call_srcu+0x10/0x10 [ 35.672127] ? rcu_unexpedite_gp+0x20/0x20 [ 35.676369] synchronize_srcu+0x335/0x56f [ 35.680514] ? lock_downgrade+0x8f0/0x8f0 [ 35.684662] ? synchronize_srcu_expedited+0x20/0x20 [ 35.689676] ? kasan_check_read+0x11/0x20 [ 35.693819] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.698395] ? kasan_check_write+0x14/0x20 [ 35.702622] ? do_raw_spin_lock+0xc1/0x200 [ 35.706859] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.712565] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.718022] ? kvfree+0x61/0x70 [ 35.721300] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.726316] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.730382] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.734791] ? kvm_arch_sync_events+0x30/0x30 [ 35.739289] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.744825] ? mmu_notifier_unregister+0x474/0x600 [ 35.749752] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.754628] ? kfree+0x111/0x210 [ 35.757993] ? __mmu_notifier_register+0x30/0x30 [ 35.762747] ? __free_pages+0x10a/0x190 [ 35.766729] ? free_unref_page+0x930/0x930 [ 35.770967] kvm_put_kvm+0x73f/0x1060 [ 35.774773] ? kvm_write_guest_cached+0x40/0x40 [ 35.779441] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.783929] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.788417] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.793001] ? kasan_check_write+0x14/0x20 [ 35.797232] ? do_raw_spin_lock+0xc1/0x200 [ 35.801463] ? kvm_irqfd_release+0xdd/0x120 [ 35.805787] ? kvm_irqfd_release+0xdd/0x120 [ 35.810104] ? kvm_put_kvm+0x1060/0x1060 [ 35.814159] kvm_vm_release+0x42/0x50 [ 35.817958] __fput+0x38a/0xa40 [ 35.821237] ? __alloc_file+0x400/0x400 [ 35.825210] ? check_same_owner+0x340/0x340 [ 35.829533] ? kasan_check_write+0x14/0x20 [ 35.833763] ? do_raw_spin_lock+0xc1/0x200 [ 35.837994] ____fput+0x15/0x20 [ 35.841790] task_work_run+0x1e8/0x2a0 [ 35.845673] ? task_work_cancel+0x240/0x240 [ 35.849994] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.855544] ? switch_task_namespaces+0xa2/0xd0 [ 35.860217] do_exit+0x1ae4/0x26e0 [ 35.863761] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.868434] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.872672] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.877687] ? kfree+0x1d7/0x210 [ 35.881055] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.885300] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.891013] ? is_bpf_text_address+0xd7/0x170 [ 35.895511] ? kernel_text_address+0x79/0xf0 [ 35.899922] ? __kernel_text_address+0xd/0x40 [ 35.904415] ? unwind_get_return_address+0x61/0xa0 [ 35.909344] ? __save_stack_trace+0x8d/0xf0 [ 35.913669] ? save_stack+0xa9/0xd0 [ 35.917294] ? save_stack+0x43/0xd0 [ 35.920975] ? __kasan_slab_free+0x11a/0x170 [ 35.925390] ? kasan_slab_free+0xe/0x10 [ 35.929357] ? putname+0xf2/0x130 [ 35.932813] ? __x64_sys_openat+0x9d/0x100 [ 35.937042] ? do_syscall_64+0x1b9/0x820 [ 35.941099] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.946458] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.950866] ? kasan_check_read+0x11/0x20 [ 35.955009] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.959414] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.963820] ? initcall_blacklisted+0x9a/0x1e0 [ 35.968399] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.973507] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.979220] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.984755] ? do_vfs_ioctl+0x201/0x1720 [ 35.988810] ? rcu_is_watching+0x8c/0x150 [ 35.992949] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.997267] ? ioctl_preallocate+0x300/0x300 [ 36.001670] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.007206] ? __fget_light+0x2f7/0x440 [ 36.011179] ? fget_raw+0x20/0x20 [ 36.014624] ? putname+0xf2/0x130 [ 36.018077] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.023090] ? kmem_cache_free+0x246/0x280 [ 36.027322] ? putname+0xf7/0x130 [ 36.030776] do_group_exit+0x177/0x440 [ 36.034663] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.038983] ? __ia32_sys_exit+0x50/0x50 [ 36.043039] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.048141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.053672] ? ksys_ioctl+0x81/0xd0 [ 36.057299] __x64_sys_exit_group+0x3e/0x50 [ 36.061620] do_syscall_64+0x1b9/0x820 [ 36.065511] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.070892] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.075815] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.080660] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.085671] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.090683] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.095697] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.100543] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.105724] RIP: 0033:0x43f028 [ 36.108939] Code: Bad RIP value. [ 36.112295] RSP: 002b:00007fffe7b2f9a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.119997] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 36.127262] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.134532] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.141800] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.149059] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 36.156328] [ 36.157946] Allocated by task 4647: [ 36.161574] save_stack+0x43/0xd0 [ 36.165023] kasan_kmalloc+0xc4/0xe0 [ 36.168730] kasan_slab_alloc+0x12/0x20 [ 36.172695] kmem_cache_alloc+0x12e/0x710 [ 36.176836] vmx_create_vcpu+0xcf/0x2830 [ 36.181062] kvm_arch_vcpu_create+0xe5/0x220 [ 36.185468] kvm_vm_ioctl+0x488/0x1d80 [ 36.189364] do_vfs_ioctl+0x1de/0x1720 [ 36.193246] ksys_ioctl+0xa9/0xd0 [ 36.196692] __x64_sys_ioctl+0x73/0xb0 [ 36.200576] do_syscall_64+0x1b9/0x820 [ 36.204456] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.209640] [ 36.211257] Freed by task 4647: [ 36.214545] save_stack+0x43/0xd0 [ 36.217996] __kasan_slab_free+0x11a/0x170 [ 36.222226] kasan_slab_free+0xe/0x10 [ 36.226021] kmem_cache_free+0x86/0x280 [ 36.229989] vmx_free_vcpu+0x26b/0x300 [ 36.233868] kvm_arch_destroy_vm+0x365/0x7c0 [ 36.238274] kvm_put_kvm+0x73f/0x1060 [ 36.242068] kvm_vm_release+0x42/0x50 [ 36.245864] __fput+0x38a/0xa40 [ 36.249135] ____fput+0x15/0x20 [ 36.252409] task_work_run+0x1e8/0x2a0 [ 36.256289] do_exit+0x1ae4/0x26e0 [ 36.259824] do_group_exit+0x177/0x440 [ 36.263704] __x64_sys_exit_group+0x3e/0x50 [ 36.268021] do_syscall_64+0x1b9/0x820 [ 36.271906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.277079] [ 36.278699] The buggy address belongs to the object at ffff8801b9788040 [ 36.278699] which belongs to the cache kvm_vcpu of size 23872 [ 36.291265] The buggy address is located 24 bytes inside of [ 36.291265] 23872-byte region [ffff8801b9788040, ffff8801b978dd80) [ 36.303213] The buggy address belongs to the page: [ 36.308136] page:ffffea0006e5e200 count:1 mapcount:0 mapping:ffff8801d5265c00 index:0x0 compound_mapcount: 0 [ 36.318102] flags: 0x2fffc0000008100(slab|head) [ 36.322787] raw: 02fffc0000008100 ffff8801d526af48 ffff8801d526af48 ffff8801d5265c00 [ 36.330673] raw: 0000000000000000 ffff8801b9788040 0000000100000001 0000000000000000 [ 36.338554] page dumped because: kasan: bad access detected [ 36.344252] [ 36.345865] Memory state around the buggy address: [ 36.350787] ffff8801b9787f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.358144] ffff8801b9787f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.365506] >ffff8801b9788000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 36.372857] ^ [ 36.379083] ffff8801b9788080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.386436] ffff8801b9788100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.393784] ================================================================== [ 36.401132] Kernel panic - not syncing: panic_on_warn set ... [ 36.401132] [ 36.408511] CPU: 0 PID: 4647 Comm: syz-executor745 Tainted: G B 4.19.0-rc2+ #220 [ 36.417341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.426687] Call Trace: [ 36.429276] dump_stack+0x1c9/0x2b4 [ 36.432901] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.438086] ? lock_downgrade+0x8f0/0x8f0 [ 36.442230] ? __schedule+0xf54/0x1df0 [ 36.446115] panic+0x238/0x4e7 [ 36.449303] ? add_taint.cold.5+0x16/0x16 [ 36.453449] ? print_shadow_for_address+0xba/0x116 [ 36.458381] ? trace_hardirqs_off+0xaf/0x2b0 [ 36.462784] ? trace_hardirqs_off+0x77/0x2b0 [ 36.467191] ? __schedule+0xf54/0x1df0 [ 36.471073] kasan_end_report+0x47/0x4f [ 36.475041] kasan_report.cold.7+0x76/0x30d [ 36.479363] __asan_report_load8_noabort+0x14/0x20 [ 36.484288] __schedule+0xf54/0x1df0 [ 36.488003] ? __sched_text_start+0x8/0x8 [ 36.492152] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 36.497252] ? __call_srcu+0x7e7/0x1040 [ 36.501230] ? check_same_owner+0x340/0x340 [ 36.505551] ? mark_held_locks+0x160/0x160 [ 36.509779] ? find_held_lock+0x36/0x1c0 [ 36.513842] preempt_schedule_common+0x22/0x60 [ 36.518420] _cond_resched+0x1d/0x30 [ 36.522132] wait_for_completion+0xa5/0x8d0 [ 36.526459] ? wait_for_completion_interruptible+0x950/0x950 [ 36.532262] ? __lockdep_init_map+0x105/0x590 [ 36.536756] ? __init_waitqueue_head+0x9e/0x150 [ 36.541426] ? init_wait_entry+0x1c0/0x1c0 [ 36.545659] __synchronize_srcu+0x189/0x240 [ 36.549978] ? call_srcu+0x10/0x10 [ 36.553520] ? rcu_unexpedite_gp+0x20/0x20 [ 36.557764] synchronize_srcu+0x335/0x56f [ 36.561908] ? lock_downgrade+0x8f0/0x8f0 [ 36.566054] ? synchronize_srcu_expedited+0x20/0x20 [ 36.571074] ? kasan_check_read+0x11/0x20 [ 36.575232] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.579815] ? kasan_check_write+0x14/0x20 [ 36.584046] ? do_raw_spin_lock+0xc1/0x200 [ 36.588284] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.594008] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.599457] ? kvfree+0x61/0x70 [ 36.602757] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.607770] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.611828] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.616236] ? kvm_arch_sync_events+0x30/0x30 [ 36.620736] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.626269] ? mmu_notifier_unregister+0x474/0x600 [ 36.631192] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.635595] ? kfree+0x111/0x210 [ 36.638961] ? __mmu_notifier_register+0x30/0x30 [ 36.643714] ? __free_pages+0x10a/0x190 [ 36.647684] ? free_unref_page+0x930/0x930 [ 36.651924] kvm_put_kvm+0x73f/0x1060 [ 36.655728] ? kvm_write_guest_cached+0x40/0x40 [ 36.660401] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.664895] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.669387] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.673973] ? kasan_check_write+0x14/0x20 [ 36.678206] ? do_raw_spin_lock+0xc1/0x200 [ 36.682439] ? kvm_irqfd_release+0xdd/0x120 [ 36.686752] ? kvm_irqfd_release+0xdd/0x120 [ 36.691070] ? kvm_put_kvm+0x1060/0x1060 [ 36.695126] kvm_vm_release+0x42/0x50 [ 36.698925] __fput+0x38a/0xa40 [ 36.702206] ? __alloc_file+0x400/0x400 [ 36.706185] ? check_same_owner+0x340/0x340 [ 36.710510] ? kasan_check_write+0x14/0x20 [ 36.714744] ? do_raw_spin_lock+0xc1/0x200 [ 36.718989] ____fput+0x15/0x20 [ 36.722265] task_work_run+0x1e8/0x2a0 [ 36.726146] ? task_work_cancel+0x240/0x240 [ 36.730471] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.736012] ? switch_task_namespaces+0xa2/0xd0 [ 36.740680] do_exit+0x1ae4/0x26e0 [ 36.744221] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.748893] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.753578] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.758587] ? kfree+0x1d7/0x210 [ 36.761952] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.766185] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.771895] ? is_bpf_text_address+0xd7/0x170 [ 36.776384] ? kernel_text_address+0x79/0xf0 [ 36.780788] ? __kernel_text_address+0xd/0x40 [ 36.785278] ? unwind_get_return_address+0x61/0xa0 [ 36.790206] ? __save_stack_trace+0x8d/0xf0 [ 36.794537] ? save_stack+0xa9/0xd0 [ 36.798163] ? save_stack+0x43/0xd0 [ 36.801787] ? __kasan_slab_free+0x11a/0x170 [ 36.806192] ? kasan_slab_free+0xe/0x10 [ 36.810160] ? putname+0xf2/0x130 [ 36.813617] ? __x64_sys_openat+0x9d/0x100 [ 36.817848] ? do_syscall_64+0x1b9/0x820 [ 36.821902] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.827262] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.831692] ? kasan_check_read+0x11/0x20 [ 36.835841] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.840277] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.844681] ? initcall_blacklisted+0x9a/0x1e0 [ 36.849263] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.854368] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.860097] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.865648] ? do_vfs_ioctl+0x201/0x1720 [ 36.869706] ? rcu_is_watching+0x8c/0x150 [ 36.873846] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.878166] ? ioctl_preallocate+0x300/0x300 [ 36.882574] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.888414] ? __fget_light+0x2f7/0x440 [ 36.892384] ? fget_raw+0x20/0x20 [ 36.895832] ? putname+0xf2/0x130 [ 36.899285] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.904295] ? kmem_cache_free+0x246/0x280 [ 36.908533] ? putname+0xf7/0x130 [ 36.911984] do_group_exit+0x177/0x440 [ 36.915873] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.920187] ? __ia32_sys_exit+0x50/0x50 [ 36.924248] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.929352] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.934886] ? ksys_ioctl+0x81/0xd0 [ 36.938514] __x64_sys_exit_group+0x3e/0x50 [ 36.942865] do_syscall_64+0x1b9/0x820 [ 36.946755] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.952116] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.957048] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.961886] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.966907] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.971933] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.976951] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.981797] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.986982] RIP: 0033:0x43f028 [ 36.990175] Code: Bad RIP value. [ 36.993538] RSP: 002b:00007fffe7b2f9a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.001241] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 37.008505] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.015771] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.023039] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.031083] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 37.038370] [ 37.038376] ====================================================== [ 37.038381] WARNING: possible circular locking dependency detected [ 37.038385] 4.19.0-rc2+ #220 Not tainted [ 37.038391] ------------------------------------------------------ [ 37.038395] syz-executor745/4647 is trying to acquire lock: [ 37.038399] 0000000080f05b52 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 37.038414] [ 37.038418] but task is already holding lock: [ 37.038421] 00000000b6e61199 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.038435] [ 37.038439] which lock already depends on the new lock. [ 37.038442] [ 37.038444] [ 37.038449] the existing dependency chain (in reverse order) is: [ 37.038451] [ 37.038453] -> #3 (report_lock){....}: [ 37.038468] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.038472] kasan_report+0x8e/0x110 [ 37.038476] __asan_report_load8_noabort+0x14/0x20 [ 37.038488] __schedule+0xf54/0x1df0 [ 37.038492] preempt_schedule_common+0x22/0x60 [ 37.038496] _cond_resched+0x1d/0x30 [ 37.038500] wait_for_completion+0xa5/0x8d0 [ 37.038504] __synchronize_srcu+0x189/0x240 [ 37.038508] synchronize_srcu+0x335/0x56f [ 37.038513] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.038517] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.038521] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.038530] kvm_put_kvm+0x73f/0x1060 [ 37.038534] kvm_vm_release+0x42/0x50 [ 37.038538] __fput+0x38a/0xa40 [ 37.038541] ____fput+0x15/0x20 [ 37.038545] task_work_run+0x1e8/0x2a0 [ 37.038549] do_exit+0x1ae4/0x26e0 [ 37.038553] do_group_exit+0x177/0x440 [ 37.038557] __x64_sys_exit_group+0x3e/0x50 [ 37.038561] do_syscall_64+0x1b9/0x820 [ 37.038565] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.038568] [ 37.038570] -> #2 (&rq->lock){-.-.}: [ 37.038584] _raw_spin_lock+0x2a/0x40 [ 37.038588] task_fork_fair+0x93/0x680 [ 37.038591] sched_fork+0x44b/0xbd0 [ 37.038595] copy_process+0x235e/0x7ad0 [ 37.038599] _do_fork+0x1ca/0x1170 [ 37.038603] kernel_thread+0x34/0x40 [ 37.038606] rest_init+0x22/0xe4 [ 37.038610] start_kernel+0x913/0x94e [ 37.038614] x86_64_start_reservations+0x29/0x2b [ 37.038618] x86_64_start_kernel+0x76/0x79 [ 37.038622] secondary_startup_64+0xa4/0xb0 [ 37.038624] [ 37.038627] -> #1 (&p->pi_lock){-.-.}: [ 37.038641] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.038645] try_to_wake_up+0xd2/0x1250 [ 37.038649] wake_up_process+0x10/0x20 [ 37.038652] __up.isra.1+0x1c0/0x2a0 [ 37.038656] up+0x13c/0x1c0 [ 37.038660] __up_console_sem+0xbe/0x1b0 [ 37.038664] console_unlock+0x506/0x10d0 [ 37.038667] vprintk_emit+0x33a/0x910 [ 37.038671] vprintk_default+0x28/0x30 [ 37.038675] vprintk_func+0x7a/0x117 [ 37.038678] printk+0xa7/0xcf [ 37.038682] load_umh+0x51/0xbd [ 37.038686] do_one_initcall+0x127/0x838 [ 37.038690] kernel_init_freeable+0x4bb/0x5ae [ 37.038694] kernel_init+0x11/0x1b3 [ 37.038697] ret_from_fork+0x3a/0x50 [ 37.038700] [ 37.038702] -> #0 ((console_sem).lock){-...}: [ 37.038716] lock_acquire+0x1e4/0x4f0 [ 37.038720] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.038724] down_trylock+0x13/0x70 [ 37.038728] __down_trylock_console_sem+0xae/0x200 [ 37.038732] console_trylock+0x15/0xa0 [ 37.038736] vprintk_emit+0x31f/0x910 [ 37.038740] vprintk_default+0x28/0x30 [ 37.038744] vprintk_func+0x7a/0x117 [ 37.038747] printk+0xa7/0xcf [ 37.038751] kasan_report+0x9e/0x110 [ 37.038755] __asan_report_load8_noabort+0x14/0x20 [ 37.038759] __schedule+0xf54/0x1df0 [ 37.038763] preempt_schedule_common+0x22/0x60 [ 37.038767] _cond_resched+0x1d/0x30 [ 37.038771] wait_for_completion+0xa5/0x8d0 [ 37.038775] __synchronize_srcu+0x189/0x240 [ 37.038779] synchronize_srcu+0x335/0x56f [ 37.038784] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.038788] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.038792] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.038796] kvm_put_kvm+0x73f/0x1060 [ 37.038800] kvm_vm_release+0x42/0x50 [ 37.038803] __fput+0x38a/0xa40 [ 37.038807] ____fput+0x15/0x20 [ 37.038810] task_work_run+0x1e8/0x2a0 [ 37.038814] do_exit+0x1ae4/0x26e0 [ 37.038818] do_group_exit+0x177/0x440 [ 37.038822] __x64_sys_exit_group+0x3e/0x50 [ 37.038826] do_syscall_64+0x1b9/0x820 [ 37.038830] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.038832] [ 37.038837] other info that might help us debug this: [ 37.038839] [ 37.038842] Chain exists of: [ 37.038844] (console_sem).lock --> &rq->lock --> report_lock [ 37.038862] [ 37.038866] Possible unsafe locking scenario: [ 37.038868] [ 37.038872] CPU0 CPU1 [ 37.038876] ---- ---- [ 37.038879] lock(report_lock); [ 37.038888] lock(&rq->lock); [ 37.038897] lock(report_lock); [ 37.038905] lock((console_sem).lock); [ 37.038913] [ 37.038916] *** DEADLOCK *** [ 37.038918] [ 37.038922] 2 locks held by syz-executor745/4647: [ 37.038925] #0: 00000000224c55b7 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 37.038941] #1: 00000000b6e61199 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.038958] [ 37.038961] stack backtrace: [ 37.038967] CPU: 0 PID: 4647 Comm: syz-executor745 Not tainted 4.19.0-rc2+ #220 [ 37.038974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.038977] Call Trace: [ 37.038981] dump_stack+0x1c9/0x2b4 [ 37.038985] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.038989] ? vprintk_func+0x100/0x117 [ 37.038994] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 37.038998] ? save_trace+0xe0/0x290 [ 37.039002] __lock_acquire+0x3449/0x5020 [ 37.039006] ? mark_held_locks+0x160/0x160 [ 37.039010] ? mark_held_locks+0x160/0x160 [ 37.039014] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 37.039018] ? is_bpf_text_address+0xd7/0x170 [ 37.039022] ? kernel_text_address+0x79/0xf0 [ 37.039027] ? __kernel_text_address+0xd/0x40 [ 37.039031] ? __save_stack_trace+0x8d/0xf0 [ 37.039036] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 37.039040] ? save_trace+0x290/0x290 [ 37.039044] ? save_stack_trace+0x1a/0x20 [ 37.039047] ? save_trace+0xe0/0x290 [ 37.039051] ? graph_lock+0x170/0x170 [ 37.039056] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.039060] lock_acquire+0x1e4/0x4f0 [ 37.039063] ? down_trylock+0x13/0x70 [ 37.039067] ? lock_release+0x9f0/0x9f0 [ 37.039071] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.039075] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.039080] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.039083] ? log_store+0x34f/0x4c0 [ 37.039087] ? vprintk_emit+0x31f/0x910 [ 37.039091] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.039095] ? down_trylock+0x13/0x70 [ 37.039099] down_trylock+0x13/0x70 [ 37.039103] __down_trylock_console_sem+0xae/0x200 [ 37.039107] console_trylock+0x15/0xa0 [ 37.039111] vprintk_emit+0x31f/0x910 [ 37.039115] ? wake_up_klogd+0x110/0x110 [ 37.039119] ? run_rebalance_domains+0x4c0/0x4c0 [ 37.039123] ? kasan_check_read+0x11/0x20 [ 37.039127] ? rcu_is_watching+0x8c/0x150 [ 37.039131] ? rcu_pm_notify+0xc0/0xc0 [ 37.039134] ? lock_acquire+0x1e4/0x4f0 [ 37.039138] ? kasan_report+0x8e/0x110 [ 37.039142] ? __schedule+0xf54/0x1df0 [ 37.039146] vprintk_default+0x28/0x30 [ 37.039149] vprintk_func+0x7a/0x117 [ 37.039153] printk+0xa7/0xcf [ 37.039157] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.039161] ? kasan_check_write+0x14/0x20 [ 37.039165] ? do_raw_spin_lock+0xc1/0x200 [ 37.039169] ? do_raw_spin_lock+0xc1/0x200 [ 37.039173] kasan_report+0x9e/0x110 [ 37.039177] __asan_report_load8_noabort+0x14/0x20 [ 37.039181] __schedule+0xf54/0x1df0 [ 37.039185] ? __sched_text_start+0x8/0x8 [ 37.039190] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 37.039194] ? __call_srcu+0x7e7/0x1040 [ 37.039198] ? check_same_owner+0x340/0x340 [ 37.039202] ? mark_held_locks+0x160/0x160 [ 37.039206] ? find_held_lock+0x36/0x1c0 [ 37.039210] preempt_schedule_common+0x22/0x60 [ 37.039214] _cond_resched+0x1d/0x30 [ 37.039218] wait_for_completion+0xa5/0x8d0 [ 37.039223] ? wait_for_completion_interruptible+0x950/0x950 [ 37.039227] ? __lockdep_init_map+0x105/0x590 [ 37.039231] ? __init_waitqueue_head+0x9e/0x150 [ 37.039235] ? init_wait_entry+0x1c0/0x1c0 [ 37.039239] __synchronize_srcu+0x189/0x240 [ 37.039243] ? call_srcu+0x10/0x10 [ 37.039247] ? rcu_unexpedite_gp+0x20/0x20 [ 37.039251] synchronize_srcu+0x335/0x56f [ 37.039255] ? lock_downgrade+0x8f0/0x8f0 [ 37.039260] ? synchronize_srcu_expedited+0x20/0x20 [ 37.039264] ? kasan_check_read+0x11/0x20 [ 37.039268] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.039272] ? kasan_check_write+0x14/0x20 [ 37.039276] ? do_raw_spin_lock+0xc1/0x200 [ 37.039281] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.039286] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.039289] ? kvfree+0x61/0x70 [ 37.039294] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.039298] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.039302] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.039306] ? kvm_arch_sync_events+0x30/0x30 [ 37.039311] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.039315] ? mmu_notifier_unregister+0x474/0x600 [ 37.039319] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.039323] ? kfree+0x111/0x210 [ 37.039327] ? __mmu_notifier_register+0x30/0x30 [ 37.039331] ? __free_pages+0x10a/0x190 [ 37.039335] ? free_unref_page+0x930/0x930 [ 37.039339] kvm_put_kvm+0x73f/0x1060 [ 37.039343] ? kvm_write_guest_cached+0x40/0x40 [ 37.039347] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.039351] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.039355] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.039359] ? kasan_check_write+0x14/0x20 [ 37.039363] ? do_raw_spin_lock+0xc1/0x200 [ 37.039368] ? kvm_irqfd_release+0xdd/0x120 [ 37.039372] ? kvm_irqfd_release+0xdd/0x120 [ 37.039376] ? kvm_put_kvm+0x1060/0x1060 [ 37.039379] kvm_vm_release+0x42/0x50 [ 37.039383] __fput+0x38a/0xa40 [ 37.039387] ? __alloc_file+0x400/0x400 [ 37.039391] ? check_same_owner+0x340/0x340 [ 37.039395] ? kasan_check_write+0x14/0x20 [ 37.039399] ? do_raw_spin_lock+0xc1/0x200 [ 37.039402] ____fput+0x15/0x20 [ 37.039406] task_work_run+0x1e8/0x2a0 [ 37.039410] ? task_work_cancel+0x240/0x240 [ 37.039415] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.039419] ? switch_task_namespaces+0xa2/0xd0 [ 37.039423] do_exit+0x1ae4/0x26e0 [ 37.039427] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.039431] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 37.039436] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.039439] ? kfree+0x1d7/0x210 [ 37.039443] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 37.039448] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.039452] ? is_bpf_text_address+0xd7/0x170 [ 37.039454] ? [ 37.039462] Lost 55 message(s)! [ 38.097884] Shutting down cpus with NMI [ 39.156619] Dumping ftrace buffer: [ 39.160143] (ftrace buffer empty) [ 39.163834] Kernel Offset: disabled [ 39.167448] Rebooting in 86400 seconds..