[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.035339] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.473809] random: sshd: uninitialized urandom read (32 bytes read) [ 29.871355] random: sshd: uninitialized urandom read (32 bytes read) [ 30.442894] random: sshd: uninitialized urandom read (32 bytes read) [ 30.620390] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.206' (ECDSA) to the list of known hosts. [ 36.204998] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 36.303729] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 36.329959] ================================================================== [ 36.340822] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 36.347044] Read of size 8 at addr ffff8801b5668058 by task syz-executor288/4690 [ 36.354561] [ 36.356184] CPU: 0 PID: 4690 Comm: syz-executor288 Not tainted 4.19.0-rc1+ #219 [ 36.363643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.372984] Call Trace: [ 36.375567] dump_stack+0x1c9/0x2b4 [ 36.379195] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.384384] ? printk+0xa7/0xcf [ 36.387663] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.392416] ? __schedule+0xf54/0x1df0 [ 36.396303] print_address_description+0x6c/0x20b [ 36.401167] ? __schedule+0xf54/0x1df0 [ 36.405055] kasan_report.cold.7+0x242/0x30d [ 36.409469] __asan_report_load8_noabort+0x14/0x20 [ 36.414400] __schedule+0xf54/0x1df0 [ 36.418108] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.423209] ? __sched_text_start+0x8/0x8 [ 36.427369] ? __call_srcu+0x7e7/0x1040 [ 36.431345] ? check_same_owner+0x340/0x340 [ 36.435662] ? mark_held_locks+0x160/0x160 [ 36.439901] ? find_held_lock+0x36/0x1c0 [ 36.443963] preempt_schedule_common+0x22/0x60 [ 36.448542] _cond_resched+0x1d/0x30 [ 36.452279] wait_for_completion+0xa5/0x8d0 [ 36.456602] ? wait_for_completion_interruptible+0x950/0x950 [ 36.462405] ? __lockdep_init_map+0x105/0x590 [ 36.466912] ? __init_waitqueue_head+0x9e/0x150 [ 36.471577] ? init_wait_entry+0x1c0/0x1c0 [ 36.475812] __synchronize_srcu+0x189/0x240 [ 36.480132] ? call_srcu+0x10/0x10 [ 36.483668] ? rcu_unexpedite_gp+0x20/0x20 [ 36.487927] synchronize_srcu+0x335/0x56f [ 36.492070] ? lock_downgrade+0x8f0/0x8f0 [ 36.496236] ? synchronize_srcu_expedited+0x20/0x20 [ 36.501253] ? kasan_check_read+0x11/0x20 [ 36.505395] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.509972] ? kasan_check_write+0x14/0x20 [ 36.514211] ? do_raw_spin_lock+0xc1/0x200 [ 36.518454] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.524162] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.529607] ? kvfree+0x61/0x70 [ 36.532885] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.537898] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.541968] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.546378] ? kvm_arch_sync_events+0x30/0x30 [ 36.550877] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.556408] ? mmu_notifier_unregister+0x474/0x600 [ 36.561329] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.565729] ? kfree+0x111/0x210 [ 36.569089] ? __mmu_notifier_register+0x30/0x30 [ 36.573842] ? __free_pages+0x10a/0x190 [ 36.577805] ? free_unref_page+0x930/0x930 [ 36.582045] kvm_put_kvm+0x73f/0x1060 [ 36.585878] ? kvm_write_guest_cached+0x40/0x40 [ 36.590559] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.595051] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.599537] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.604120] ? kasan_check_write+0x14/0x20 [ 36.608350] ? do_raw_spin_lock+0xc1/0x200 [ 36.612585] ? kvm_irqfd_release+0xdd/0x120 [ 36.616901] ? kvm_irqfd_release+0xdd/0x120 [ 36.621218] ? kvm_put_kvm+0x1060/0x1060 [ 36.625301] kvm_vm_release+0x42/0x50 [ 36.629098] __fput+0x38a/0xa40 [ 36.632374] ? __alloc_file+0x400/0x400 [ 36.636350] ? check_same_owner+0x340/0x340 [ 36.640665] ? kasan_check_write+0x14/0x20 [ 36.644894] ? do_raw_spin_lock+0xc1/0x200 [ 36.649124] ____fput+0x15/0x20 [ 36.652411] task_work_run+0x1e8/0x2a0 [ 36.656332] ? task_work_cancel+0x240/0x240 [ 36.660655] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.666197] ? switch_task_namespaces+0xa2/0xd0 [ 36.670863] do_exit+0x1ae4/0x26e0 [ 36.674411] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.679079] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.683310] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.688321] ? kfree+0x1d7/0x210 [ 36.691681] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.695915] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.701641] ? is_bpf_text_address+0xd7/0x170 [ 36.706131] ? kernel_text_address+0x79/0xf0 [ 36.710534] ? __kernel_text_address+0xd/0x40 [ 36.715023] ? unwind_get_return_address+0x61/0xa0 [ 36.719951] ? __save_stack_trace+0x8d/0xf0 [ 36.724272] ? save_stack+0xa9/0xd0 [ 36.727910] ? save_stack+0x43/0xd0 [ 36.731536] ? __kasan_slab_free+0x11a/0x170 [ 36.735940] ? kasan_slab_free+0xe/0x10 [ 36.739913] ? putname+0xf2/0x130 [ 36.743361] ? __x64_sys_openat+0x9d/0x100 [ 36.747593] ? do_syscall_64+0x1b9/0x820 [ 36.751648] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.757006] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.761418] ? kasan_check_read+0x11/0x20 [ 36.765580] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.769994] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.774406] ? initcall_blacklisted+0x9a/0x1e0 [ 36.778994] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.784108] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.789816] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.795353] ? do_vfs_ioctl+0x201/0x1720 [ 36.799408] ? rcu_is_watching+0x8c/0x150 [ 36.803550] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.807880] ? ioctl_preallocate+0x300/0x300 [ 36.812331] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.817864] ? __fget_light+0x2f7/0x440 [ 36.821831] ? fget_raw+0x20/0x20 [ 36.825277] ? putname+0xf2/0x130 [ 36.828731] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.833741] ? kmem_cache_free+0x246/0x280 [ 36.837970] ? putname+0xf7/0x130 [ 36.841425] do_group_exit+0x177/0x440 [ 36.845313] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.849627] ? __ia32_sys_exit+0x50/0x50 [ 36.853684] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.858807] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.864345] ? ksys_ioctl+0x81/0xd0 [ 36.867983] __x64_sys_exit_group+0x3e/0x50 [ 36.872301] do_syscall_64+0x1b9/0x820 [ 36.876182] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.881552] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.886480] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.891326] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.896335] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.901348] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.906362] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.911203] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.916388] RIP: 0033:0x43f028 [ 36.919580] Code: Bad RIP value. [ 36.922937] RSP: 002b:00007fffcfc12a98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.930642] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 36.937901] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.945160] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.952420] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.959687] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 36.966952] [ 36.968582] Allocated by task 4690: [ 36.972205] save_stack+0x43/0xd0 [ 36.975652] kasan_kmalloc+0xc4/0xe0 [ 36.979357] kasan_slab_alloc+0x12/0x20 [ 36.983338] kmem_cache_alloc+0x12e/0x710 [ 36.987479] vmx_create_vcpu+0xcf/0x2830 [ 36.991533] kvm_arch_vcpu_create+0xe5/0x220 [ 36.995937] kvm_vm_ioctl+0x488/0x1d80 [ 36.999820] do_vfs_ioctl+0x1de/0x1720 [ 37.003703] ksys_ioctl+0xa9/0xd0 [ 37.007152] __x64_sys_ioctl+0x73/0xb0 [ 37.011032] do_syscall_64+0x1b9/0x820 [ 37.014912] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.020085] [ 37.021699] Freed by task 4690: [ 37.024971] save_stack+0x43/0xd0 [ 37.028417] __kasan_slab_free+0x11a/0x170 [ 37.032658] kasan_slab_free+0xe/0x10 [ 37.036466] kmem_cache_free+0x86/0x280 [ 37.040436] vmx_free_vcpu+0x26b/0x300 [ 37.044320] kvm_arch_destroy_vm+0x365/0x7c0 [ 37.048720] kvm_put_kvm+0x73f/0x1060 [ 37.052526] kvm_vm_release+0x42/0x50 [ 37.056316] __fput+0x38a/0xa40 [ 37.059585] ____fput+0x15/0x20 [ 37.062858] task_work_run+0x1e8/0x2a0 [ 37.066735] do_exit+0x1ae4/0x26e0 [ 37.070262] do_group_exit+0x177/0x440 [ 37.074143] __x64_sys_exit_group+0x3e/0x50 [ 37.078473] do_syscall_64+0x1b9/0x820 [ 37.082358] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.087529] [ 37.089149] The buggy address belongs to the object at ffff8801b5668040 [ 37.089149] which belongs to the cache kvm_vcpu of size 23872 [ 37.101715] The buggy address is located 24 bytes inside of [ 37.101715] 23872-byte region [ffff8801b5668040, ffff8801b566dd80) [ 37.113701] The buggy address belongs to the page: [ 37.118624] page:ffffea0006d59a00 count:1 mapcount:0 mapping:ffff8801d5230b40 index:0x0 compound_mapcount: 0 [ 37.128583] flags: 0x2fffc0000008100(slab|head) [ 37.133253] raw: 02fffc0000008100 ffff8801d522e948 ffff8801d522e948 ffff8801d5230b40 [ 37.141129] raw: 0000000000000000 ffff8801b5668040 0000000100000001 0000000000000000 [ 37.148997] page dumped because: kasan: bad access detected [ 37.154689] [ 37.156308] Memory state around the buggy address: [ 37.161228] ffff8801b5667f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.168578] ffff8801b5667f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.175928] >ffff8801b5668000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 37.183280] ^ [ 37.189511] ffff8801b5668080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.196859] ffff8801b5668100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.204205] ================================================================== [ 37.211554] Kernel panic - not syncing: panic_on_warn set ... [ 37.211554] [ 37.218917] CPU: 0 PID: 4690 Comm: syz-executor288 Tainted: G B 4.19.0-rc1+ #219 [ 37.227741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.237082] Call Trace: [ 37.239670] dump_stack+0x1c9/0x2b4 [ 37.243298] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.248491] ? lock_downgrade+0x8f0/0x8f0 [ 37.252637] ? __schedule+0xf54/0x1df0 [ 37.256518] panic+0x238/0x4e7 [ 37.259706] ? add_taint.cold.5+0x16/0x16 [ 37.263853] ? print_shadow_for_address+0xba/0x116 [ 37.268776] ? trace_hardirqs_off+0xaf/0x2b0 [ 37.273178] ? trace_hardirqs_off+0x77/0x2b0 [ 37.277606] ? __schedule+0xf54/0x1df0 [ 37.281482] kasan_end_report+0x47/0x4f [ 37.285462] kasan_report.cold.7+0x76/0x30d [ 37.289797] __asan_report_load8_noabort+0x14/0x20 [ 37.294735] __schedule+0xf54/0x1df0 [ 37.298452] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.303554] ? __sched_text_start+0x8/0x8 [ 37.307705] ? __call_srcu+0x7e7/0x1040 [ 37.311683] ? check_same_owner+0x340/0x340 [ 37.316000] ? mark_held_locks+0x160/0x160 [ 37.320228] ? find_held_lock+0x36/0x1c0 [ 37.324299] preempt_schedule_common+0x22/0x60 [ 37.328881] _cond_resched+0x1d/0x30 [ 37.332584] wait_for_completion+0xa5/0x8d0 [ 37.336902] ? wait_for_completion_interruptible+0x950/0x950 [ 37.342706] ? __lockdep_init_map+0x105/0x590 [ 37.347201] ? __init_waitqueue_head+0x9e/0x150 [ 37.351876] ? init_wait_entry+0x1c0/0x1c0 [ 37.356131] __synchronize_srcu+0x189/0x240 [ 37.360465] ? call_srcu+0x10/0x10 [ 37.364003] ? rcu_unexpedite_gp+0x20/0x20 [ 37.368240] synchronize_srcu+0x335/0x56f [ 37.372379] ? lock_downgrade+0x8f0/0x8f0 [ 37.376546] ? synchronize_srcu_expedited+0x20/0x20 [ 37.381559] ? kasan_check_read+0x11/0x20 [ 37.385704] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.390284] ? kasan_check_write+0x14/0x20 [ 37.394514] ? do_raw_spin_lock+0xc1/0x200 [ 37.398748] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.404482] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.409964] ? kvfree+0x61/0x70 [ 37.413238] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.418248] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.422303] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.426707] ? kvm_arch_sync_events+0x30/0x30 [ 37.431205] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.436740] ? mmu_notifier_unregister+0x474/0x600 [ 37.441675] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.446076] ? kfree+0x111/0x210 [ 37.449435] ? __mmu_notifier_register+0x30/0x30 [ 37.454217] ? __free_pages+0x10a/0x190 [ 37.458185] ? free_unref_page+0x930/0x930 [ 37.462421] kvm_put_kvm+0x73f/0x1060 [ 37.466226] ? kvm_write_guest_cached+0x40/0x40 [ 37.470907] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.475393] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.479883] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.484475] ? kasan_check_write+0x14/0x20 [ 37.488721] ? do_raw_spin_lock+0xc1/0x200 [ 37.492957] ? kvm_irqfd_release+0xdd/0x120 [ 37.497276] ? kvm_irqfd_release+0xdd/0x120 [ 37.501591] ? kvm_put_kvm+0x1060/0x1060 [ 37.505647] kvm_vm_release+0x42/0x50 [ 37.509437] __fput+0x38a/0xa40 [ 37.512716] ? __alloc_file+0x400/0x400 [ 37.516687] ? check_same_owner+0x340/0x340 [ 37.520999] ? kasan_check_write+0x14/0x20 [ 37.525229] ? do_raw_spin_lock+0xc1/0x200 [ 37.529464] ____fput+0x15/0x20 [ 37.532740] task_work_run+0x1e8/0x2a0 [ 37.536623] ? task_work_cancel+0x240/0x240 [ 37.540940] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.546474] ? switch_task_namespaces+0xa2/0xd0 [ 37.551136] do_exit+0x1ae4/0x26e0 [ 37.554674] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.559342] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 37.563573] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.568580] ? kfree+0x1d7/0x210 [ 37.571952] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 37.576201] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.581911] ? is_bpf_text_address+0xd7/0x170 [ 37.586402] ? kernel_text_address+0x79/0xf0 [ 37.590813] ? __kernel_text_address+0xd/0x40 [ 37.595315] ? unwind_get_return_address+0x61/0xa0 [ 37.600241] ? __save_stack_trace+0x8d/0xf0 [ 37.604565] ? save_stack+0xa9/0xd0 [ 37.608187] ? save_stack+0x43/0xd0 [ 37.611823] ? __kasan_slab_free+0x11a/0x170 [ 37.616237] ? kasan_slab_free+0xe/0x10 [ 37.620203] ? putname+0xf2/0x130 [ 37.623649] ? __x64_sys_openat+0x9d/0x100 [ 37.627889] ? do_syscall_64+0x1b9/0x820 [ 37.631941] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.637299] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.641699] ? kasan_check_read+0x11/0x20 [ 37.645843] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.650245] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.654661] ? initcall_blacklisted+0x9a/0x1e0 [ 37.659238] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 37.664340] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.670049] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.675582] ? do_vfs_ioctl+0x201/0x1720 [ 37.679637] ? rcu_is_watching+0x8c/0x150 [ 37.683776] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.688094] ? ioctl_preallocate+0x300/0x300 [ 37.692498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.698030] ? __fget_light+0x2f7/0x440 [ 37.702005] ? fget_raw+0x20/0x20 [ 37.705460] ? putname+0xf2/0x130 [ 37.708912] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.713923] ? kmem_cache_free+0x246/0x280 [ 37.718168] ? putname+0xf7/0x130 [ 37.721619] do_group_exit+0x177/0x440 [ 37.725500] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.729814] ? __ia32_sys_exit+0x50/0x50 [ 37.733867] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.738974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.744506] ? ksys_ioctl+0x81/0xd0 [ 37.748127] __x64_sys_exit_group+0x3e/0x50 [ 37.752461] do_syscall_64+0x1b9/0x820 [ 37.756345] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.761704] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.766629] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.771472] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 37.776482] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.781490] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.786523] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.791362] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.796555] RIP: 0033:0x43f028 [ 37.799748] Code: Bad RIP value. [ 37.803102] RSP: 002b:00007fffcfc12a98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.810802] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 37.818062] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.825335] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.832595] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.839857] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 37.847130] [ 37.847135] ====================================================== [ 37.847141] WARNING: possible circular locking dependency detected [ 37.847144] 4.19.0-rc1+ #219 Not tainted [ 37.847150] ------------------------------------------------------ [ 37.847154] syz-executor288/4690 is trying to acquire lock: [ 37.847158] 00000000a8d465b7 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 37.847172] [ 37.847176] but task is already holding lock: [ 37.847179] 00000000bea9f28e (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.847193] [ 37.847197] which lock already depends on the new lock. [ 37.847199] [ 37.847202] [ 37.847207] the existing dependency chain (in reverse order) is: [ 37.847209] [ 37.847211] -> #3 (report_lock){....}: [ 37.847225] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.847229] kasan_report+0x8e/0x110 [ 37.847233] __asan_report_load8_noabort+0x14/0x20 [ 37.847237] __schedule+0xf54/0x1df0 [ 37.847241] preempt_schedule_common+0x22/0x60 [ 37.847245] _cond_resched+0x1d/0x30 [ 37.847249] wait_for_completion+0xa5/0x8d0 [ 37.847253] __synchronize_srcu+0x189/0x240 [ 37.847257] synchronize_srcu+0x335/0x56f [ 37.847262] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.847266] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.847271] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.847274] kvm_put_kvm+0x73f/0x1060 [ 37.847278] kvm_vm_release+0x42/0x50 [ 37.847282] __fput+0x38a/0xa40 [ 37.847285] ____fput+0x15/0x20 [ 37.847289] task_work_run+0x1e8/0x2a0 [ 37.847293] do_exit+0x1ae4/0x26e0 [ 37.847296] do_group_exit+0x177/0x440 [ 37.847300] __x64_sys_exit_group+0x3e/0x50 [ 37.847304] do_syscall_64+0x1b9/0x820 [ 37.847309] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.847311] [ 37.847313] -> #2 (&rq->lock){-.-.}: [ 37.847327] _raw_spin_lock+0x2a/0x40 [ 37.847330] task_fork_fair+0x93/0x680 [ 37.847334] sched_fork+0x44b/0xbd0 [ 37.847338] copy_process+0x235e/0x7ad0 [ 37.847341] _do_fork+0x1ca/0x1170 [ 37.847345] kernel_thread+0x34/0x40 [ 37.847348] rest_init+0x22/0xe4 [ 37.847352] start_kernel+0x913/0x94e [ 37.847356] x86_64_start_reservations+0x29/0x2b [ 37.847360] x86_64_start_kernel+0x76/0x79 [ 37.847364] secondary_startup_64+0xa4/0xb0 [ 37.847366] [ 37.847369] -> #1 (&p->pi_lock){-.-.}: [ 37.847383] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.847387] try_to_wake_up+0xd2/0x1250 [ 37.847390] wake_up_process+0x10/0x20 [ 37.847394] __up.isra.1+0x1c0/0x2a0 [ 37.847397] up+0x13c/0x1c0 [ 37.847401] __up_console_sem+0xbe/0x1b0 [ 37.847405] console_unlock+0x506/0x10d0 [ 37.847409] vprintk_emit+0x33a/0x910 [ 37.847412] vprintk_default+0x28/0x30 [ 37.847416] vprintk_func+0x7a/0x117 [ 37.847419] printk+0xa7/0xcf [ 37.847423] load_umh+0x51/0xbd [ 37.847426] do_one_initcall+0x127/0x838 [ 37.847431] kernel_init_freeable+0x4bb/0x5ae [ 37.847434] kernel_init+0x11/0x1b3 [ 37.847438] ret_from_fork+0x3a/0x50 [ 37.847440] [ 37.847442] -> #0 ((console_sem).lock){-...}: [ 37.847463] lock_acquire+0x1e4/0x4f0 [ 37.847467] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.847471] down_trylock+0x13/0x70 [ 37.847475] __down_trylock_console_sem+0xae/0x200 [ 37.847479] console_trylock+0x15/0xa0 [ 37.847483] vprintk_emit+0x31f/0x910 [ 37.847487] vprintk_default+0x28/0x30 [ 37.847490] vprintk_func+0x7a/0x117 [ 37.847494] printk+0xa7/0xcf [ 37.847497] kasan_report+0x9e/0x110 [ 37.847501] __asan_report_load8_noabort+0x14/0x20 [ 37.847505] __schedule+0xf54/0x1df0 [ 37.847509] preempt_schedule_common+0x22/0x60 [ 37.847513] _cond_resched+0x1d/0x30 [ 37.847517] wait_for_completion+0xa5/0x8d0 [ 37.847521] __synchronize_srcu+0x189/0x240 [ 37.847525] synchronize_srcu+0x335/0x56f [ 37.847530] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.847534] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.847538] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.847542] kvm_put_kvm+0x73f/0x1060 [ 37.847545] kvm_vm_release+0x42/0x50 [ 37.847549] __fput+0x38a/0xa40 [ 37.847552] ____fput+0x15/0x20 [ 37.847556] task_work_run+0x1e8/0x2a0 [ 37.847559] do_exit+0x1ae4/0x26e0 [ 37.847563] do_group_exit+0x177/0x440 [ 37.847567] __x64_sys_exit_group+0x3e/0x50 [ 37.847571] do_syscall_64+0x1b9/0x820 [ 37.847576] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.847578] [ 37.847582] other info that might help us debug this: [ 37.847584] [ 37.847587] Chain exists of: [ 37.847589] (console_sem).lock --> &rq->lock --> report_lock [ 37.847607] [ 37.847611] Possible unsafe locking scenario: [ 37.847613] [ 37.847617] CPU0 CPU1 [ 37.847621] ---- ---- [ 37.847623] lock(report_lock); [ 37.847632] lock(&rq->lock); [ 37.847641] lock(report_lock); [ 37.847649] lock((console_sem).lock); [ 37.847657] [ 37.847660] *** DEADLOCK *** [ 37.847662] [ 37.847666] 2 locks held by syz-executor288/4690: [ 37.847668] #0: 00000000c482f2ee (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 37.847685] #1: 00000000bea9f28e (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.847701] [ 37.847704] stack backtrace: [ 37.847710] CPU: 0 PID: 4690 Comm: syz-executor288 Not tainted 4.19.0-rc1+ #219 [ 37.847717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.847720] Call Trace: [ 37.847723] dump_stack+0x1c9/0x2b4 [ 37.847728] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.847732] ? vprintk_func+0x100/0x117 [ 37.847736] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 37.847740] ? save_trace+0xe0/0x290 [ 37.847744] __lock_acquire+0x3449/0x5020 [ 37.847748] ? mark_held_locks+0x160/0x160 [ 37.847752] ? mark_held_locks+0x160/0x160 [ 37.847756] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 37.847760] ? is_bpf_text_address+0xd7/0x170 [ 37.847764] ? kernel_text_address+0x79/0xf0 [ 37.847768] ? __kernel_text_address+0xd/0x40 [ 37.847772] ? __save_stack_trace+0x8d/0xf0 [ 37.847776] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 37.847780] ? save_trace+0x290/0x290 [ 37.847784] ? save_stack_trace+0x1a/0x20 [ 37.847787] ? save_trace+0xe0/0x290 [ 37.847791] ? graph_lock+0x170/0x170 [ 37.847796] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.847799] lock_acquire+0x1e4/0x4f0 [ 37.847803] ? down_trylock+0x13/0x70 [ 37.847807] ? lock_release+0x9f0/0x9f0 [ 37.847811] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.847815] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.847819] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.847823] ? log_store+0x34f/0x4c0 [ 37.847826] ? vprintk_emit+0x31f/0x910 [ 37.847830] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.847834] ? down_trylock+0x13/0x70 [ 37.847838] down_trylock+0x13/0x70 [ 37.847842] __down_trylock_console_sem+0xae/0x200 [ 37.847846] console_trylock+0x15/0xa0 [ 37.847849] vprintk_emit+0x31f/0x910 [ 37.847853] ? wake_up_klogd+0x110/0x110 [ 37.847857] ? run_rebalance_domains+0x4c0/0x4c0 [ 37.847861] ? kasan_check_read+0x11/0x20 [ 37.847865] ? rcu_is_watching+0x8c/0x150 [ 37.847869] ? rcu_pm_notify+0xc0/0xc0 [ 37.847884] ? lock_acquire+0x1e4/0x4f0 [ 37.847888] ? kasan_report+0x8e/0x110 [ 37.847892] ? __schedule+0xf54/0x1df0 [ 37.847895] vprintk_default+0x28/0x30 [ 37.847899] vprintk_func+0x7a/0x117 [ 37.847902] printk+0xa7/0xcf [ 37.847906] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.847910] ? kasan_check_write+0x14/0x20 [ 37.847931] ? do_raw_spin_lock+0xc1/0x200 [ 37.847934] ? do_raw_spin_lock+0xc1/0x200 [ 37.847951] kasan_report+0x9e/0x110 [ 37.847956] __asan_report_load8_noabort+0x14/0x20 [ 37.847959] __schedule+0xf54/0x1df0 [ 37.847963] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.847967] ? __sched_text_start+0x8/0x8 [ 37.847970] ? __call_srcu+0x7e7/0x1040 [ 37.847974] ? check_same_owner+0x340/0x340 [ 37.847977] ? mark_held_locks+0x160/0x160 [ 37.847981] ? find_held_lock+0x36/0x1c0 [ 37.847984] preempt_schedule_common+0x22/0x60 [ 37.847988] _cond_resched+0x1d/0x30 [ 37.847991] wait_for_completion+0xa5/0x8d0 [ 37.847995] ? wait_for_completion_interruptible+0x950/0x950 [ 37.847999] ? __lockdep_init_map+0x105/0x590 [ 37.848003] ? __init_waitqueue_head+0x9e/0x150 [ 37.848006] ? init_wait_entry+0x1c0/0x1c0 [ 37.848010] __synchronize_srcu+0x189/0x240 [ 37.848013] ? call_srcu+0x10/0x10 [ 37.848017] ? rcu_unexpedite_gp+0x20/0x20 [ 37.848020] synchronize_srcu+0x335/0x56f [ 37.848024] ? lock_downgrade+0x8f0/0x8f0 [ 37.848028] ? synchronize_srcu_expedited+0x20/0x20 [ 37.848032] ? kasan_check_read+0x11/0x20 [ 37.848035] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.848039] ? kasan_check_write+0x14/0x20 [ 37.848042] ? do_raw_spin_lock+0xc1/0x200 [ 37.848047] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.848051] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.848054] ? kvfree+0x61/0x70 [ 37.848058] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.848074] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.848077] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.848081] ? kvm_arch_sync_events+0x30/0x30 [ 37.848085] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.848089] ? mmu_notifier_unregister+0x474/0x600 [ 37.848092] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.848095] ? kfree+0x111/0x210 [ 37.848099] ? __mmu_notifier_register+0x30/0x30 [ 37.848102] ? __free_pages+0x10a/0x190 [ 37.848105] ? free_unref_page+0x930/0x930 [ 37.848109] kvm_put_kvm+0x73f/0x1060 [ 37.848112] ? kvm_write_guest_cached+0x40/0x40 [ 37.848128] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.848132] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.848147] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.848151] ? kasan_check_write+0x14/0x20 [ 37.848154] ? do_raw_spin_lock+0xc1/0x200 [ 37.848170] ? kvm_irqfd_release+0xdd/0x120 [ 37.848174] ? kvm_irqfd_release+0xdd/0x120 [ 37.848178] ? kvm_put_kvm+0x1060/0x1060 [ 37.848181] kvm_vm_release+0x42/0x50 [ 37.848185] __fput+0x38a/0xa40 [ 37.848188] ? __alloc_file+0x400/0x400 [ 37.848192] ? check_same_owner+0x340/0x340 [ 37.848196] ? kasan_check_write+0x14/0x20 [ 37.848213] ? do_raw_spin_lock+0xc1/0x200 [ 37.848216] ____fput+0x15/0x20 [ 37.848219] task_work_run+0x1e8/0x2a0 [ 37.848223] ? task_work_cancel+0x240/0x240 [ 37.848227] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.848231] ? switch_task_namespaces+0xa2/0xd0 [ 37.848235] do_exit+0x1ae4/0x26e0 [ 37.848238] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.848242] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 37.848246] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.848249] ? kfree+0x1d7/0x210 [ 37.848265] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 37.848270] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.848273] ? is_bpf_text_address+0xd7/0x170 [ 37.848288] ? [ 37.848294] Lost 55 message(s)! [ 38.947321] Shutting down cpus with NMI [ 40.005908] Dumping ftrace buffer: [ 40.009431] (ftrace buffer empty) [ 40.013122] Kernel Offset: disabled [ 40.016732] Rebooting in 86400 seconds..