[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.429653] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 20.525254] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.879904] random: sshd: uninitialized urandom read (32 bytes read) [ 21.483727] random: sshd: uninitialized urandom read (32 bytes read) [ 21.669295] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.63' (ECDSA) to the list of known hosts. [ 27.175383] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 27.274293] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 27.300377] ================================================================== [ 27.310274] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 27.316512] Read of size 8 at addr ffff8801cac38058 by task syz-executor412/4286 [ 27.324034] [ 27.325665] CPU: 0 PID: 4286 Comm: syz-executor412 Not tainted 4.19.0-rc2+ #226 [ 27.333102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.342454] Call Trace: [ 27.345052] dump_stack+0x1c9/0x2b4 [ 27.348683] ? dump_stack_print_info.cold.2+0x52/0x52 [ 27.353875] ? printk+0xa7/0xcf [ 27.357155] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 27.361913] ? __schedule+0xf54/0x1df0 [ 27.365803] print_address_description+0x6c/0x20b [ 27.370647] ? __schedule+0xf54/0x1df0 [ 27.374536] kasan_report.cold.7+0x242/0x30d [ 27.378944] __asan_report_load8_noabort+0x14/0x20 [ 27.383870] __schedule+0xf54/0x1df0 [ 27.387588] ? __sched_text_start+0x8/0x8 [ 27.391731] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 27.396833] ? __call_srcu+0x7e7/0x1040 [ 27.400820] ? check_same_owner+0x340/0x340 [ 27.405137] ? mark_held_locks+0x160/0x160 [ 27.409372] ? find_held_lock+0x36/0x1c0 [ 27.413450] preempt_schedule_common+0x22/0x60 [ 27.418047] _cond_resched+0x1d/0x30 [ 27.421768] wait_for_completion+0xa5/0x8d0 [ 27.426103] ? wait_for_completion_interruptible+0x950/0x950 [ 27.431906] ? __lockdep_init_map+0x105/0x590 [ 27.436402] ? __init_waitqueue_head+0x9e/0x150 [ 27.441076] ? init_wait_entry+0x1c0/0x1c0 [ 27.445316] __synchronize_srcu+0x189/0x240 [ 27.449634] ? call_srcu+0x10/0x10 [ 27.453177] ? rcu_unexpedite_gp+0x20/0x20 [ 27.457416] synchronize_srcu+0x335/0x56f [ 27.461569] ? lock_downgrade+0x8f0/0x8f0 [ 27.465713] ? synchronize_srcu_expedited+0x20/0x20 [ 27.470729] ? kasan_check_read+0x11/0x20 [ 27.474881] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 27.479471] ? kasan_check_write+0x14/0x20 [ 27.483710] ? do_raw_spin_lock+0xc1/0x200 [ 27.487950] kvm_page_track_unregister_notifier+0x17d/0x250 [ 27.493664] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 27.499114] ? kvfree+0x61/0x70 [ 27.502399] ? rcu_read_lock_sched_held+0x108/0x120 [ 27.507534] kvm_mmu_uninit_vm+0x1c/0x20 [ 27.511608] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 27.516028] ? kvm_arch_sync_events+0x30/0x30 [ 27.520537] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 27.526082] ? mmu_notifier_unregister+0x474/0x600 [ 27.531010] ? trace_hardirqs_on+0x2c0/0x2c0 [ 27.535423] ? kfree+0x111/0x210 [ 27.538799] ? __mmu_notifier_register+0x30/0x30 [ 27.543556] ? __free_pages+0x10a/0x190 [ 27.547535] ? free_unref_page+0x930/0x930 [ 27.551780] kvm_put_kvm+0x73f/0x1060 [ 27.555588] ? kvm_write_guest_cached+0x40/0x40 [ 27.560257] ? _raw_spin_unlock_irq+0x27/0x70 [ 27.564746] ? _raw_spin_unlock_irq+0x27/0x70 [ 27.569239] ? lockdep_hardirqs_on+0x421/0x5c0 [ 27.573825] ? kasan_check_write+0x14/0x20 [ 27.578057] ? do_raw_spin_lock+0xc1/0x200 [ 27.582295] ? kvm_irqfd_release+0xdd/0x120 [ 27.586614] ? kvm_irqfd_release+0xdd/0x120 [ 27.590937] ? kvm_put_kvm+0x1060/0x1060 [ 27.595000] kvm_vm_release+0x42/0x50 [ 27.598802] __fput+0x38a/0xa40 [ 27.602080] ? __alloc_file+0x400/0x400 [ 27.606061] ? check_same_owner+0x340/0x340 [ 27.610402] ? kasan_check_write+0x14/0x20 [ 27.614642] ? do_raw_spin_lock+0xc1/0x200 [ 27.618876] ____fput+0x15/0x20 [ 27.622157] task_work_run+0x1e8/0x2a0 [ 27.626075] ? task_work_cancel+0x240/0x240 [ 27.630401] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 27.635945] ? switch_task_namespaces+0xa2/0xd0 [ 27.640614] do_exit+0x1ae4/0x26e0 [ 27.644155] ? mm_update_next_owner+0x9a0/0x9a0 [ 27.648831] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 27.653070] ? rcu_read_lock_sched_held+0x108/0x120 [ 27.658100] ? kfree+0x1d7/0x210 [ 27.661469] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 27.665709] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 27.671422] ? is_bpf_text_address+0xd7/0x170 [ 27.675923] ? kernel_text_address+0x79/0xf0 [ 27.680330] ? __kernel_text_address+0xd/0x40 [ 27.684827] ? unwind_get_return_address+0x61/0xa0 [ 27.689755] ? __save_stack_trace+0x8d/0xf0 [ 27.694080] ? save_stack+0xa9/0xd0 [ 27.697704] ? save_stack+0x43/0xd0 [ 27.701329] ? __kasan_slab_free+0x11a/0x170 [ 27.705734] ? kasan_slab_free+0xe/0x10 [ 27.709708] ? putname+0xf2/0x130 [ 27.713158] ? __x64_sys_openat+0x9d/0x100 [ 27.717393] ? do_syscall_64+0x1b9/0x820 [ 27.721464] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.726831] ? trace_hardirqs_off+0xb8/0x2c0 [ 27.731238] ? kasan_check_read+0x11/0x20 [ 27.735388] ? do_raw_spin_unlock+0xa7/0x2f0 [ 27.739794] ? trace_hardirqs_on+0x2c0/0x2c0 [ 27.744207] ? initcall_blacklisted+0x9a/0x1e0 [ 27.748796] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 27.753909] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 27.759629] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.765172] ? do_vfs_ioctl+0x201/0x1720 [ 27.769240] ? rcu_is_watching+0x8c/0x150 [ 27.773385] ? trace_hardirqs_on+0xbd/0x2c0 [ 27.777711] ? ioctl_preallocate+0x300/0x300 [ 27.782124] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.787664] ? __fget_light+0x2f7/0x440 [ 27.791639] ? fget_raw+0x20/0x20 [ 27.795089] ? putname+0xf2/0x130 [ 27.798547] ? rcu_read_lock_sched_held+0x108/0x120 [ 27.804010] ? kmem_cache_free+0x246/0x280 [ 27.808244] ? putname+0xf7/0x130 [ 27.811708] do_group_exit+0x177/0x440 [ 27.815598] ? trace_hardirqs_on+0xbd/0x2c0 [ 27.819923] ? __ia32_sys_exit+0x50/0x50 [ 27.823996] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 27.829105] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.834649] ? ksys_ioctl+0x81/0xd0 [ 27.838279] __x64_sys_exit_group+0x3e/0x50 [ 27.842603] do_syscall_64+0x1b9/0x820 [ 27.846491] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 27.851887] ? syscall_return_slowpath+0x5e0/0x5e0 [ 27.856839] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.861687] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 27.866704] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 27.871722] ? prepare_exit_to_usermode+0x291/0x3b0 [ 27.876746] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.881601] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.886789] RIP: 0033:0x43f028 [ 27.889985] Code: Bad RIP value. [ 27.893345] RSP: 002b:00007fffed79e8c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 27.901063] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 27.908333] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 27.915603] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 27.922876] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 27.930150] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 27.937425] [ 27.939060] Allocated by task 4286: [ 27.942691] save_stack+0x43/0xd0 [ 27.946140] kasan_kmalloc+0xc4/0xe0 [ 27.949865] kasan_slab_alloc+0x12/0x20 [ 27.953836] kmem_cache_alloc+0x12e/0x710 [ 27.957985] vmx_create_vcpu+0xcf/0x2830 [ 27.962043] kvm_arch_vcpu_create+0xe5/0x220 [ 27.966462] kvm_vm_ioctl+0x488/0x1d80 [ 27.970349] do_vfs_ioctl+0x1de/0x1720 [ 27.974232] ksys_ioctl+0xa9/0xd0 [ 27.977686] __x64_sys_ioctl+0x73/0xb0 [ 27.981578] do_syscall_64+0x1b9/0x820 [ 27.985468] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.990651] [ 27.992269] Freed by task 4286: [ 27.995570] save_stack+0x43/0xd0 [ 27.999026] __kasan_slab_free+0x11a/0x170 [ 28.003260] kasan_slab_free+0xe/0x10 [ 28.007060] kmem_cache_free+0x86/0x280 [ 28.011034] vmx_free_vcpu+0x26b/0x300 [ 28.014918] kvm_arch_destroy_vm+0x365/0x7c0 [ 28.019347] kvm_put_kvm+0x73f/0x1060 [ 28.023166] kvm_vm_release+0x42/0x50 [ 28.026982] __fput+0x38a/0xa40 [ 28.030257] ____fput+0x15/0x20 [ 28.033539] task_work_run+0x1e8/0x2a0 [ 28.037453] do_exit+0x1ae4/0x26e0 [ 28.040988] do_group_exit+0x177/0x440 [ 28.044889] __x64_sys_exit_group+0x3e/0x50 [ 28.049213] do_syscall_64+0x1b9/0x820 [ 28.053098] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.058276] [ 28.059904] The buggy address belongs to the object at ffff8801cac38040 [ 28.059904] which belongs to the cache kvm_vcpu of size 23872 [ 28.072490] The buggy address is located 24 bytes inside of [ 28.072490] 23872-byte region [ffff8801cac38040, ffff8801cac3dd80) [ 28.084470] The buggy address belongs to the page: [ 28.089412] page:ffffea00072b0e00 count:1 mapcount:0 mapping:ffff8801d58a8d80 index:0x0 compound_mapcount: 0 [ 28.099400] flags: 0x2fffc0000008100(slab|head) [ 28.104105] raw: 02fffc0000008100 ffff8801d6f15b48 ffff8801d6f15b48 ffff8801d58a8d80 [ 28.112004] raw: 0000000000000000 ffff8801cac38040 0000000100000001 0000000000000000 [ 28.119886] page dumped because: kasan: bad access detected [ 28.125589] [ 28.127208] Memory state around the buggy address: [ 28.132136] ffff8801cac37f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.139505] ffff8801cac37f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.146865] >ffff8801cac38000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 28.154218] ^ [ 28.160460] ffff8801cac38080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.167829] ffff8801cac38100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.175186] ================================================================== [ 28.182547] Kernel panic - not syncing: panic_on_warn set ... [ 28.182547] [ 28.189923] CPU: 0 PID: 4286 Comm: syz-executor412 Tainted: G B 4.19.0-rc2+ #226 [ 28.198762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.208123] Call Trace: [ 28.210729] dump_stack+0x1c9/0x2b4 [ 28.214364] ? dump_stack_print_info.cold.2+0x52/0x52 [ 28.219567] ? lock_downgrade+0x8f0/0x8f0 [ 28.223727] ? __schedule+0xf54/0x1df0 [ 28.227622] panic+0x238/0x4e7 [ 28.230835] ? add_taint.cold.5+0x16/0x16 [ 28.234991] ? print_shadow_for_address+0xba/0x116 [ 28.239921] ? trace_hardirqs_off+0xaf/0x2c0 [ 28.244363] ? trace_hardirqs_off+0x77/0x2c0 [ 28.248779] ? __schedule+0xf54/0x1df0 [ 28.252675] kasan_end_report+0x47/0x4f [ 28.256650] kasan_report.cold.7+0x76/0x30d [ 28.260974] __asan_report_load8_noabort+0x14/0x20 [ 28.265912] __schedule+0xf54/0x1df0 [ 28.269634] ? __sched_text_start+0x8/0x8 [ 28.273786] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 28.278901] ? __call_srcu+0x7e7/0x1040 [ 28.282893] ? check_same_owner+0x340/0x340 [ 28.287213] ? mark_held_locks+0x160/0x160 [ 28.291453] ? find_held_lock+0x36/0x1c0 [ 28.295526] preempt_schedule_common+0x22/0x60 [ 28.300112] _cond_resched+0x1d/0x30 [ 28.303843] wait_for_completion+0xa5/0x8d0 [ 28.308274] ? wait_for_completion_interruptible+0x950/0x950 [ 28.314529] ? __lockdep_init_map+0x105/0x590 [ 28.319031] ? __init_waitqueue_head+0x9e/0x150 [ 28.323703] ? init_wait_entry+0x1c0/0x1c0 [ 28.327964] __synchronize_srcu+0x189/0x240 [ 28.332292] ? call_srcu+0x10/0x10 [ 28.335831] ? rcu_unexpedite_gp+0x20/0x20 [ 28.340072] synchronize_srcu+0x335/0x56f [ 28.344217] ? lock_downgrade+0x8f0/0x8f0 [ 28.348365] ? synchronize_srcu_expedited+0x20/0x20 [ 28.353385] ? kasan_check_read+0x11/0x20 [ 28.357541] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 28.362126] ? kasan_check_write+0x14/0x20 [ 28.366461] ? do_raw_spin_lock+0xc1/0x200 [ 28.370703] kvm_page_track_unregister_notifier+0x17d/0x250 [ 28.376414] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 28.381894] ? kvfree+0x61/0x70 [ 28.385176] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.390195] kvm_mmu_uninit_vm+0x1c/0x20 [ 28.394256] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 28.398666] ? kvm_arch_sync_events+0x30/0x30 [ 28.403165] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 28.408704] ? mmu_notifier_unregister+0x474/0x600 [ 28.413627] ? trace_hardirqs_on+0x2c0/0x2c0 [ 28.418032] ? kfree+0x111/0x210 [ 28.421397] ? __mmu_notifier_register+0x30/0x30 [ 28.426152] ? __free_pages+0x10a/0x190 [ 28.430125] ? free_unref_page+0x930/0x930 [ 28.434365] kvm_put_kvm+0x73f/0x1060 [ 28.438173] ? kvm_write_guest_cached+0x40/0x40 [ 28.442846] ? _raw_spin_unlock_irq+0x27/0x70 [ 28.447423] ? _raw_spin_unlock_irq+0x27/0x70 [ 28.451928] ? lockdep_hardirqs_on+0x421/0x5c0 [ 28.456518] ? kasan_check_write+0x14/0x20 [ 28.460751] ? do_raw_spin_lock+0xc1/0x200 [ 28.464984] ? kvm_irqfd_release+0xdd/0x120 [ 28.469304] ? kvm_irqfd_release+0xdd/0x120 [ 28.473627] ? kvm_put_kvm+0x1060/0x1060 [ 28.477686] kvm_vm_release+0x42/0x50 [ 28.481487] __fput+0x38a/0xa40 [ 28.484771] ? __alloc_file+0x400/0x400 [ 28.488747] ? check_same_owner+0x340/0x340 [ 28.493067] ? kasan_check_write+0x14/0x20 [ 28.497299] ? do_raw_spin_lock+0xc1/0x200 [ 28.501534] ____fput+0x15/0x20 [ 28.504815] task_work_run+0x1e8/0x2a0 [ 28.508699] ? task_work_cancel+0x240/0x240 [ 28.513023] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 28.518559] ? switch_task_namespaces+0xa2/0xd0 [ 28.523230] do_exit+0x1ae4/0x26e0 [ 28.526772] ? mm_update_next_owner+0x9a0/0x9a0 [ 28.531451] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 28.535692] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.540708] ? kfree+0x1d7/0x210 [ 28.544076] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 28.548316] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 28.554042] ? is_bpf_text_address+0xd7/0x170 [ 28.558543] ? kernel_text_address+0x79/0xf0 [ 28.562953] ? __kernel_text_address+0xd/0x40 [ 28.567460] ? unwind_get_return_address+0x61/0xa0 [ 28.572394] ? __save_stack_trace+0x8d/0xf0 [ 28.576729] ? save_stack+0xa9/0xd0 [ 28.580356] ? save_stack+0x43/0xd0 [ 28.583980] ? __kasan_slab_free+0x11a/0x170 [ 28.588387] ? kasan_slab_free+0xe/0x10 [ 28.592362] ? putname+0xf2/0x130 [ 28.595819] ? __x64_sys_openat+0x9d/0x100 [ 28.600057] ? do_syscall_64+0x1b9/0x820 [ 28.604118] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.609488] ? trace_hardirqs_off+0xb8/0x2c0 [ 28.613895] ? kasan_check_read+0x11/0x20 [ 28.618045] ? do_raw_spin_unlock+0xa7/0x2f0 [ 28.622457] ? trace_hardirqs_on+0x2c0/0x2c0 [ 28.626868] ? initcall_blacklisted+0x9a/0x1e0 [ 28.631459] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 28.636572] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 28.642290] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.647831] ? do_vfs_ioctl+0x201/0x1720 [ 28.651890] ? rcu_is_watching+0x8c/0x150 [ 28.656033] ? trace_hardirqs_on+0xbd/0x2c0 [ 28.660357] ? ioctl_preallocate+0x300/0x300 [ 28.664770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.670322] ? __fget_light+0x2f7/0x440 [ 28.674295] ? fget_raw+0x20/0x20 [ 28.677746] ? putname+0xf2/0x130 [ 28.681206] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.686227] ? kmem_cache_free+0x246/0x280 [ 28.690469] ? putname+0xf7/0x130 [ 28.693927] do_group_exit+0x177/0x440 [ 28.697816] ? trace_hardirqs_on+0xbd/0x2c0 [ 28.702141] ? __ia32_sys_exit+0x50/0x50 [ 28.706203] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 28.711310] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.716847] ? ksys_ioctl+0x81/0xd0 [ 28.720476] __x64_sys_exit_group+0x3e/0x50 [ 28.724806] do_syscall_64+0x1b9/0x820 [ 28.728694] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 28.734082] ? syscall_return_slowpath+0x5e0/0x5e0 [ 28.739012] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.743874] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 28.748892] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 28.753908] ? prepare_exit_to_usermode+0x291/0x3b0 [ 28.758924] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.763800] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.768985] RIP: 0033:0x43f028 [ 28.772177] Code: Bad RIP value. [ 28.775536] RSP: 002b:00007fffed79e8c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 28.783247] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 28.790516] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 28.797783] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 28.805597] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 28.812863] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 28.820153] [ 28.820159] ====================================================== [ 28.820164] WARNING: possible circular locking dependency detected [ 28.820168] 4.19.0-rc2+ #226 Not tainted [ 28.820174] ------------------------------------------------------ [ 28.820179] syz-executor412/4286 is trying to acquire lock: [ 28.820182] 000000006685c13f ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 28.820198] [ 28.820202] but task is already holding lock: [ 28.820205] 0000000061d9b8b2 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 28.820219] [ 28.820224] which lock already depends on the new lock. [ 28.820226] [ 28.820229] [ 28.820234] the existing dependency chain (in reverse order) is: [ 28.820236] [ 28.820239] -> #3 (report_lock){....}: [ 28.820254] _raw_spin_lock_irqsave+0x96/0xc0 [ 28.820258] kasan_report+0x8e/0x110 [ 28.820262] __asan_report_load8_noabort+0x14/0x20 [ 28.820266] __schedule+0xf54/0x1df0 [ 28.820271] preempt_schedule_common+0x22/0x60 [ 28.820274] _cond_resched+0x1d/0x30 [ 28.820279] wait_for_completion+0xa5/0x8d0 [ 28.820283] __synchronize_srcu+0x189/0x240 [ 28.820287] synchronize_srcu+0x335/0x56f [ 28.820292] kvm_page_track_unregister_notifier+0x17d/0x250 [ 28.820297] kvm_mmu_uninit_vm+0x1c/0x20 [ 28.820301] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 28.820305] kvm_put_kvm+0x73f/0x1060 [ 28.820309] kvm_vm_release+0x42/0x50 [ 28.820312] __fput+0x38a/0xa40 [ 28.820316] ____fput+0x15/0x20 [ 28.820320] task_work_run+0x1e8/0x2a0 [ 28.820323] do_exit+0x1ae4/0x26e0 [ 28.820327] do_group_exit+0x177/0x440 [ 28.820332] __x64_sys_exit_group+0x3e/0x50 [ 28.820336] do_syscall_64+0x1b9/0x820 [ 28.820340] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.820343] [ 28.820345] -> #2 (&rq->lock){-.-.}: [ 28.820359] _raw_spin_lock+0x2a/0x40 [ 28.820363] task_fork_fair+0x93/0x680 [ 28.820367] sched_fork+0x44b/0xbd0 [ 28.820371] copy_process+0x235e/0x7af0 [ 28.820374] _do_fork+0x1ca/0x1170 [ 28.820378] kernel_thread+0x34/0x40 [ 28.820382] rest_init+0x22/0xe4 [ 28.820386] start_kernel+0x913/0x94e [ 28.820390] x86_64_start_reservations+0x29/0x2b [ 28.820394] x86_64_start_kernel+0x76/0x79 [ 28.820399] secondary_startup_64+0xa4/0xb0 [ 28.820401] [ 28.820403] -> #1 (&p->pi_lock){-.-.}: [ 28.820418] _raw_spin_lock_irqsave+0x96/0xc0 [ 28.820422] try_to_wake_up+0xd2/0x1250 [ 28.820426] wake_up_process+0x10/0x20 [ 28.820437] __up.isra.1+0x1c0/0x2a0 [ 28.820440] up+0x13c/0x1c0 [ 28.820445] __up_console_sem+0xbe/0x1b0 [ 28.820449] console_unlock+0x506/0x10e0 [ 28.820453] vprintk_emit+0x33a/0x910 [ 28.820456] vprintk_default+0x28/0x30 [ 28.820460] vprintk_func+0x7a/0x117 [ 28.820464] printk+0xa7/0xcf [ 28.820467] load_umh+0x51/0xbd [ 28.820472] do_one_initcall+0x127/0x838 [ 28.820476] kernel_init_freeable+0x4bb/0x5ae [ 28.820480] kernel_init+0x11/0x1b3 [ 28.820483] ret_from_fork+0x3a/0x50 [ 28.820486] [ 28.820488] -> #0 ((console_sem).lock){-...}: [ 28.820508] lock_acquire+0x1e4/0x4f0 [ 28.820513] _raw_spin_lock_irqsave+0x96/0xc0 [ 28.820516] down_trylock+0x13/0x70 [ 28.820521] __down_trylock_console_sem+0xae/0x200 [ 28.820525] console_trylock+0x15/0xa0 [ 28.820529] vprintk_emit+0x31f/0x910 [ 28.820533] vprintk_default+0x28/0x30 [ 28.820537] vprintk_func+0x7a/0x117 [ 28.820540] printk+0xa7/0xcf [ 28.820544] kasan_report+0x9e/0x110 [ 28.820549] __asan_report_load8_noabort+0x14/0x20 [ 28.820552] __schedule+0xf54/0x1df0 [ 28.820557] preempt_schedule_common+0x22/0x60 [ 28.820561] _cond_resched+0x1d/0x30 [ 28.820565] wait_for_completion+0xa5/0x8d0 [ 28.820569] __synchronize_srcu+0x189/0x240 [ 28.820573] synchronize_srcu+0x335/0x56f [ 28.820578] kvm_page_track_unregister_notifier+0x17d/0x250 [ 28.820582] kvm_mmu_uninit_vm+0x1c/0x20 [ 28.820587] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 28.820591] kvm_put_kvm+0x73f/0x1060 [ 28.820595] kvm_vm_release+0x42/0x50 [ 28.820598] __fput+0x38a/0xa40 [ 28.820602] ____fput+0x15/0x20 [ 28.820606] task_work_run+0x1e8/0x2a0 [ 28.820609] do_exit+0x1ae4/0x26e0 [ 28.820613] do_group_exit+0x177/0x440 [ 28.820618] __x64_sys_exit_group+0x3e/0x50 [ 28.820622] do_syscall_64+0x1b9/0x820 [ 28.820627] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.820629] [ 28.820633] other info that might help us debug this: [ 28.820636] [ 28.820639] Chain exists of: [ 28.820641] (console_sem).lock --> &rq->lock --> report_lock [ 28.820660] [ 28.820664] Possible unsafe locking scenario: [ 28.820666] [ 28.820670] CPU0 CPU1 [ 28.820675] ---- ---- [ 28.820677] lock(report_lock); [ 28.820686] lock(&rq->lock); [ 28.820696] lock(report_lock); [ 28.820704] lock((console_sem).lock); [ 28.820712] [ 28.820715] *** DEADLOCK *** [ 28.820717] [ 28.820722] 2 locks held by syz-executor412/4286: [ 28.820724] #0: 000000007fe73194 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 28.820741] #1: 0000000061d9b8b2 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 28.820758] [ 28.820761] stack backtrace: [ 28.820767] CPU: 0 PID: 4286 Comm: syz-executor412 Not tainted 4.19.0-rc2+ #226 [ 28.820775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.820778] Call Trace: [ 28.820782] dump_stack+0x1c9/0x2b4 [ 28.820786] ? dump_stack_print_info.cold.2+0x52/0x52 [ 28.820790] ? vprintk_func+0x100/0x117 [ 28.820795] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 28.820799] ? save_trace+0xe0/0x290 [ 28.820803] __lock_acquire+0x3449/0x5020 [ 28.820807] ? mark_held_locks+0x160/0x160 [ 28.820811] ? mark_held_locks+0x160/0x160 [ 28.820816] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 28.820820] ? is_bpf_text_address+0xd7/0x170 [ 28.820824] ? kernel_text_address+0x79/0xf0 [ 28.820828] ? __kernel_text_address+0xd/0x40 [ 28.820833] ? __save_stack_trace+0x8d/0xf0 [ 28.820837] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 28.820841] ? save_trace+0x290/0x290 [ 28.820845] ? save_stack_trace+0x1a/0x20 [ 28.820849] ? save_trace+0xe0/0x290 [ 28.820853] ? graph_lock+0x170/0x170 [ 28.820858] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 28.820861] lock_acquire+0x1e4/0x4f0 [ 28.820865] ? down_trylock+0x13/0x70 [ 28.820869] ? lock_release+0x9f0/0x9f0 [ 28.820873] ? trace_hardirqs_off+0xb8/0x2c0 [ 28.820878] ? trace_hardirqs_on+0x2c0/0x2c0 [ 28.820882] ? trace_hardirqs_off+0xb8/0x2c0 [ 28.820886] ? log_store+0x34f/0x4c0 [ 28.820890] ? vprintk_emit+0x31f/0x910 [ 28.820894] _raw_spin_lock_irqsave+0x96/0xc0 [ 28.820898] ? down_trylock+0x13/0x70 [ 28.820901] down_trylock+0x13/0x70 [ 28.820906] __down_trylock_console_sem+0xae/0x200 [ 28.820910] console_trylock+0x15/0xa0 [ 28.820914] vprintk_emit+0x31f/0x910 [ 28.820918] ? wake_up_klogd+0x110/0x110 [ 28.820922] ? run_rebalance_domains+0x4c0/0x4c0 [ 28.820926] ? kasan_check_read+0x11/0x20 [ 28.820930] ? rcu_is_watching+0x8c/0x150 [ 28.820934] ? rcu_pm_notify+0xc0/0xc0 [ 28.820938] ? lock_acquire+0x1e4/0x4f0 [ 28.820942] ? kasan_report+0x8e/0x110 [ 28.820946] ? __schedule+0xf54/0x1df0 [ 28.820950] vprintk_default+0x28/0x30 [ 28.820954] vprintk_func+0x7a/0x117 [ 28.820957] printk+0xa7/0xcf [ 28.820961] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 28.820966] ? kasan_check_write+0x14/0x20 [ 28.820970] ? do_raw_spin_lock+0xc1/0x200 [ 28.820974] ? do_raw_spin_lock+0xc1/0x200 [ 28.820978] kasan_report+0x9e/0x110 [ 28.820982] __asan_report_load8_noabort+0x14/0x20 [ 28.820986] __schedule+0xf54/0x1df0 [ 28.820990] ? __sched_text_start+0x8/0x8 [ 28.820995] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 28.820998] ? __call_srcu+0x7e7/0x1040 [ 28.821003] ? check_same_owner+0x340/0x340 [ 28.821007] ? mark_held_locks+0x160/0x160 [ 28.821011] ? find_held_lock+0x36/0x1c0 [ 28.821016] preempt_schedule_common+0x22/0x60 [ 28.821020] _cond_resched+0x1d/0x30 [ 28.821024] wait_for_completion+0xa5/0x8d0 [ 28.821029] ? wait_for_completion_interruptible+0x950/0x950 [ 28.821033] ? __lockdep_init_map+0x105/0x590 [ 28.821038] ? __init_waitqueue_head+0x9e/0x150 [ 28.821042] ? init_wait_entry+0x1c0/0x1c0 [ 28.821046] __synchronize_srcu+0x189/0x240 [ 28.821050] ? call_srcu+0x10/0x10 [ 28.821054] ? rcu_unexpedite_gp+0x20/0x20 [ 28.821058] synchronize_srcu+0x335/0x56f [ 28.821063] ? lock_downgrade+0x8f0/0x8f0 [ 28.821067] ? synchronize_srcu_expedited+0x20/0x20 [ 28.821071] ? kasan_check_read+0x11/0x20 [ 28.821076] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 28.821080] ? kasan_check_write+0x14/0x20 [ 28.821084] ? do_raw_spin_lock+0xc1/0x200 [ 28.821089] kvm_page_track_unregister_notifier+0x17d/0x250 [ 28.821094] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 28.821097] ? kvfree+0x61/0x70 [ 28.821102] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.821106] kvm_mmu_uninit_vm+0x1c/0x20 [ 28.821110] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 28.821114] ? kvm_arch_sync_events+0x30/0x30 [ 28.821119] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 28.821124] ? mmu_notifier_unregister+0x474/0x600 [ 28.821128] ? trace_hardirqs_on+0x2c0/0x2c0 [ 28.821131] ? kfree+0x111/0x210 [ 28.821136] ? __mmu_notifier_register+0x30/0x30 [ 28.821140] ? __free_pages+0x10a/0x190 [ 28.821144] ? free_unref_page+0x930/0x930 [ 28.821148] kvm_put_kvm+0x73f/0x1060 [ 28.821152] ? kvm_write_guest_cached+0x40/0x40 [ 28.821156] ? _raw_spin_unlock_irq+0x27/0x70 [ 28.821161] ? _raw_spin_unlock_irq+0x27/0x70 [ 28.821165] ? lockdep_hardirqs_on+0x421/0x5c0 [ 28.821169] ? kasan_check_write+0x14/0x20 [ 28.821173] ? do_raw_spin_lock+0xc1/0x200 [ 28.821177] ? kvm_irqfd_release+0xdd/0x120 [ 28.821182] ? kvm_irqfd_release+0xdd/0x120 [ 28.821186] ? kvm_put_kvm+0x1060/0x1060 [ 28.821189] kvm_vm_release+0x42/0x50 [ 28.821193] __fput+0x38a/0xa40 [ 28.821197] ? __alloc_file+0x400/0x400 [ 28.821201] ? check_same_owner+0x340/0x340 [ 28.821205] ? kasan_check_write+0x14/0x20 [ 28.821209] ? do_raw_spin_lock+0xc1/0x200 [ 28.821213] ____fput+0x15/0x20 [ 28.821217] task_work_run+0x1e8/0x2a0 [ 28.821220] ? task_work_cancel+0x240/0x240 [ 28.821224] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 28.821228] ? switch_task_namespaces+0xa2/0xd0 [ 28.821232] do_exit+0x1ae4/0x26e0 [ 28.821236] ? mm_update_next_owner+0x9a0/0x9a0 [ 28.821240] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 28.821245] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.821248] ? kfree+0x1d7/0x210 [ 28.821252] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 28.821257] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 28.821262] ? is_bpf_text_address+0xd7/0x170 [ 28.821264] ? [ 28.821272] Lost 55 message(s)! [ 29.888226] Shutting down cpus with NMI [ 30.950017] Dumping ftrace buffer: [ 30.953545] (ftrace buffer empty) [ 30.957236] Kernel Offset: disabled [ 30.960847] Rebooting in 86400 seconds..