[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.652861] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 23.681969] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 23.998395] random: sshd: uninitialized urandom read (32 bytes read) [ 24.525973] random: sshd: uninitialized urandom read (32 bytes read) [ 39.275367] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.10' (ECDSA) to the list of known hosts. [ 44.877766] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 44.978370] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 45.001217] ================================================================== [ 45.010098] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 45.016373] Read of size 8 at addr ffff8801b96e8058 by task syz-executor748/4670 [ 45.023901] [ 45.025528] CPU: 1 PID: 4670 Comm: syz-executor748 Not tainted 4.19.0-rc1+ #217 [ 45.032959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.042303] Call Trace: [ 45.044884] dump_stack+0x1c9/0x2b4 [ 45.048499] ? dump_stack_print_info.cold.2+0x52/0x52 [ 45.053677] ? printk+0xa7/0xcf [ 45.056943] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 45.061691] ? __schedule+0xf54/0x1df0 [ 45.065635] print_address_description+0x6c/0x20b [ 45.070478] ? __schedule+0xf54/0x1df0 [ 45.074348] kasan_report.cold.7+0x242/0x30d [ 45.078738] __asan_report_load8_noabort+0x14/0x20 [ 45.083659] __schedule+0xf54/0x1df0 [ 45.087366] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 45.092454] ? __sched_text_start+0x8/0x8 [ 45.096588] ? __call_srcu+0x7e7/0x1040 [ 45.100604] ? check_same_owner+0x340/0x340 [ 45.104919] ? mark_held_locks+0x160/0x160 [ 45.109138] ? find_held_lock+0x36/0x1c0 [ 45.113186] preempt_schedule_common+0x22/0x60 [ 45.117751] _cond_resched+0x1d/0x30 [ 45.121531] wait_for_completion+0xa5/0x8d0 [ 45.125845] ? wait_for_completion_interruptible+0x950/0x950 [ 45.131634] ? __lockdep_init_map+0x105/0x590 [ 45.136112] ? __init_waitqueue_head+0x9e/0x150 [ 45.140762] ? init_wait_entry+0x1c0/0x1c0 [ 45.145080] __synchronize_srcu+0x189/0x240 [ 45.149409] ? call_srcu+0x10/0x10 [ 45.152940] ? rcu_unexpedite_gp+0x20/0x20 [ 45.157157] synchronize_srcu+0x335/0x56f [ 45.161340] ? lock_downgrade+0x8f0/0x8f0 [ 45.165477] ? synchronize_srcu_expedited+0x20/0x20 [ 45.170487] ? kasan_check_read+0x11/0x20 [ 45.174692] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 45.179263] ? kasan_check_write+0x14/0x20 [ 45.183478] ? do_raw_spin_lock+0xc1/0x200 [ 45.187695] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.193388] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 45.198873] ? kvfree+0x61/0x70 [ 45.202187] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.207238] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.211292] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.215696] ? kvm_arch_sync_events+0x30/0x30 [ 45.220177] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.225696] ? mmu_notifier_unregister+0x474/0x600 [ 45.230607] ? trace_hardirqs_on+0x2c0/0x2c0 [ 45.235013] ? kfree+0x111/0x210 [ 45.238377] ? __mmu_notifier_register+0x30/0x30 [ 45.243120] ? __free_pages+0x10a/0x190 [ 45.247078] ? free_unref_page+0x930/0x930 [ 45.251308] kvm_put_kvm+0x73f/0x1060 [ 45.255144] ? kvm_write_guest_cached+0x40/0x40 [ 45.259811] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.264448] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.268934] ? lockdep_hardirqs_on+0x421/0x5c0 [ 45.273548] ? kasan_check_write+0x14/0x20 [ 45.277773] ? do_raw_spin_lock+0xc1/0x200 [ 45.282039] ? kvm_irqfd_release+0xdd/0x120 [ 45.286351] ? kvm_irqfd_release+0xdd/0x120 [ 45.290663] ? kvm_put_kvm+0x1060/0x1060 [ 45.294707] kvm_vm_release+0x42/0x50 [ 45.298492] __fput+0x38a/0xa40 [ 45.301753] ? __alloc_file+0x400/0x400 [ 45.305713] ? check_same_owner+0x340/0x340 [ 45.310023] ? kasan_check_write+0x14/0x20 [ 45.314242] ? do_raw_spin_lock+0xc1/0x200 [ 45.318457] ____fput+0x15/0x20 [ 45.321719] task_work_run+0x1e8/0x2a0 [ 45.325670] ? task_work_cancel+0x240/0x240 [ 45.330002] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.335529] ? switch_task_namespaces+0xa2/0xd0 [ 45.340184] do_exit+0x1ae4/0x26e0 [ 45.343708] ? mm_update_next_owner+0x9a0/0x9a0 [ 45.348362] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 45.352579] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.357575] ? kfree+0x1d7/0x210 [ 45.360921] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 45.365139] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 45.370836] ? is_bpf_text_address+0xd7/0x170 [ 45.375312] ? kernel_text_address+0x79/0xf0 [ 45.379703] ? __kernel_text_address+0xd/0x40 [ 45.384203] ? unwind_get_return_address+0x61/0xa0 [ 45.389120] ? __save_stack_trace+0x8d/0xf0 [ 45.393429] ? save_stack+0xa9/0xd0 [ 45.397165] ? save_stack+0x43/0xd0 [ 45.400779] ? __kasan_slab_free+0x11a/0x170 [ 45.405174] ? kasan_slab_free+0xe/0x10 [ 45.409145] ? putname+0xf2/0x130 [ 45.412590] ? __x64_sys_openat+0x9d/0x100 [ 45.416815] ? do_syscall_64+0x1b9/0x820 [ 45.420865] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.426213] ? trace_hardirqs_off+0xb8/0x2b0 [ 45.430603] ? kasan_check_read+0x11/0x20 [ 45.434738] ? do_raw_spin_unlock+0xa7/0x2f0 [ 45.439128] ? trace_hardirqs_on+0x2c0/0x2c0 [ 45.443521] ? initcall_blacklisted+0x9a/0x1e0 [ 45.448085] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 45.453222] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 45.458923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.464440] ? do_vfs_ioctl+0x201/0x1720 [ 45.468480] ? rcu_is_watching+0x8c/0x150 [ 45.472606] ? trace_hardirqs_on+0xbd/0x2c0 [ 45.476937] ? ioctl_preallocate+0x300/0x300 [ 45.481444] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.486979] ? __fget_light+0x2f7/0x440 [ 45.490935] ? fget_raw+0x20/0x20 [ 45.494373] ? putname+0xf2/0x130 [ 45.497810] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.502807] ? kmem_cache_free+0x246/0x280 [ 45.507026] ? putname+0xf7/0x130 [ 45.510565] do_group_exit+0x177/0x440 [ 45.514441] ? trace_hardirqs_on+0xbd/0x2c0 [ 45.518752] ? __ia32_sys_exit+0x50/0x50 [ 45.522795] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 45.527880] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.533397] ? ksys_ioctl+0x81/0xd0 [ 45.537010] __x64_sys_exit_group+0x3e/0x50 [ 45.541324] do_syscall_64+0x1b9/0x820 [ 45.545201] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 45.550551] ? syscall_return_slowpath+0x5e0/0x5e0 [ 45.555467] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.560294] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 45.565294] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 45.570366] ? prepare_exit_to_usermode+0x291/0x3b0 [ 45.575445] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.580283] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.585453] RIP: 0033:0x43ef08 [ 45.588632] Code: Bad RIP value. [ 45.592038] RSP: 002b:00007ffd171ca298 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 45.599739] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 45.607001] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 45.614251] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 45.621558] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 45.628815] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 45.636066] [ 45.637671] Allocated by task 4670: [ 45.641285] save_stack+0x43/0xd0 [ 45.644718] kasan_kmalloc+0xc4/0xe0 [ 45.648411] kasan_slab_alloc+0x12/0x20 [ 45.652428] kmem_cache_alloc+0x12e/0x710 [ 45.656566] vmx_create_vcpu+0xcf/0x2830 [ 45.660606] kvm_arch_vcpu_create+0xe5/0x220 [ 45.665067] kvm_vm_ioctl+0x488/0x1d80 [ 45.668942] do_vfs_ioctl+0x1de/0x1720 [ 45.672809] ksys_ioctl+0xa9/0xd0 [ 45.676239] __x64_sys_ioctl+0x73/0xb0 [ 45.680109] do_syscall_64+0x1b9/0x820 [ 45.683981] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.689292] [ 45.690912] Freed by task 4670: [ 45.694177] save_stack+0x43/0xd0 [ 45.697618] __kasan_slab_free+0x11a/0x170 [ 45.701883] kasan_slab_free+0xe/0x10 [ 45.705675] kmem_cache_free+0x86/0x280 [ 45.709630] vmx_free_vcpu+0x26b/0x300 [ 45.713496] kvm_arch_destroy_vm+0x365/0x7c0 [ 45.717885] kvm_put_kvm+0x73f/0x1060 [ 45.721668] kvm_vm_release+0x42/0x50 [ 45.725456] __fput+0x38a/0xa40 [ 45.728717] ____fput+0x15/0x20 [ 45.731977] task_work_run+0x1e8/0x2a0 [ 45.735847] do_exit+0x1ae4/0x26e0 [ 45.739364] do_group_exit+0x177/0x440 [ 45.743234] __x64_sys_exit_group+0x3e/0x50 [ 45.747537] do_syscall_64+0x1b9/0x820 [ 45.751406] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.756568] [ 45.758257] The buggy address belongs to the object at ffff8801b96e8040 [ 45.758257] which belongs to the cache kvm_vcpu of size 23872 [ 45.770822] The buggy address is located 24 bytes inside of [ 45.770822] 23872-byte region [ffff8801b96e8040, ffff8801b96edd80) [ 45.782832] The buggy address belongs to the page: [ 45.787751] page:ffffea0006e5ba00 count:1 mapcount:0 mapping:ffff8801d5354b40 index:0x0 compound_mapcount: 0 [ 45.797704] flags: 0x2fffc0000008100(slab|head) [ 45.802356] raw: 02fffc0000008100 ffff8801d534e448 ffff8801d534e448 ffff8801d5354b40 [ 45.810229] raw: 0000000000000000 ffff8801b96e8040 0000000100000001 0000000000000000 [ 45.818090] page dumped because: kasan: bad access detected [ 45.823776] [ 45.825394] Memory state around the buggy address: [ 45.830323] ffff8801b96e7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.837773] ffff8801b96e7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.845116] >ffff8801b96e8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 45.852454] ^ [ 45.858669] ffff8801b96e8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.866018] ffff8801b96e8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.873365] ================================================================== [ 45.880706] Kernel panic - not syncing: panic_on_warn set ... [ 45.880706] [ 45.888155] CPU: 1 PID: 4670 Comm: syz-executor748 Tainted: G B 4.19.0-rc1+ #217 [ 45.897017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.906359] Call Trace: [ 45.909009] dump_stack+0x1c9/0x2b4 [ 45.912711] ? dump_stack_print_info.cold.2+0x52/0x52 [ 45.917895] ? lock_downgrade+0x8f0/0x8f0 [ 45.922024] ? __schedule+0xf54/0x1df0 [ 45.925890] panic+0x238/0x4e7 [ 45.929114] ? add_taint.cold.5+0x16/0x16 [ 45.933245] ? print_shadow_for_address+0xba/0x116 [ 45.938151] ? trace_hardirqs_off+0xaf/0x2b0 [ 45.942536] ? trace_hardirqs_off+0x77/0x2b0 [ 45.946983] ? __schedule+0xf54/0x1df0 [ 45.950858] kasan_end_report+0x47/0x4f [ 45.954815] kasan_report.cold.7+0x76/0x30d [ 45.959122] __asan_report_load8_noabort+0x14/0x20 [ 45.964039] __schedule+0xf54/0x1df0 [ 45.967740] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 45.972838] ? __sched_text_start+0x8/0x8 [ 45.976978] ? __call_srcu+0x7e7/0x1040 [ 45.980946] ? check_same_owner+0x340/0x340 [ 45.985257] ? mark_held_locks+0x160/0x160 [ 45.989476] ? find_held_lock+0x36/0x1c0 [ 45.993522] preempt_schedule_common+0x22/0x60 [ 45.998092] _cond_resched+0x1d/0x30 [ 46.001788] wait_for_completion+0xa5/0x8d0 [ 46.006199] ? wait_for_completion_interruptible+0x950/0x950 [ 46.011981] ? __lockdep_init_map+0x105/0x590 [ 46.016461] ? __init_waitqueue_head+0x9e/0x150 [ 46.021112] ? init_wait_entry+0x1c0/0x1c0 [ 46.025422] __synchronize_srcu+0x189/0x240 [ 46.029730] ? call_srcu+0x10/0x10 [ 46.033253] ? rcu_unexpedite_gp+0x20/0x20 [ 46.037473] synchronize_srcu+0x335/0x56f [ 46.041600] ? lock_downgrade+0x8f0/0x8f0 [ 46.045727] ? synchronize_srcu_expedited+0x20/0x20 [ 46.050733] ? kasan_check_read+0x11/0x20 [ 46.054871] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 46.059433] ? kasan_check_write+0x14/0x20 [ 46.063646] ? do_raw_spin_lock+0xc1/0x200 [ 46.067868] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.073632] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 46.079074] ? kvfree+0x61/0x70 [ 46.082344] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.087347] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.091393] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.096095] ? kvm_arch_sync_events+0x30/0x30 [ 46.100586] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.106201] ? mmu_notifier_unregister+0x474/0x600 [ 46.111124] ? trace_hardirqs_on+0x2c0/0x2c0 [ 46.115525] ? kfree+0x111/0x210 [ 46.118879] ? __mmu_notifier_register+0x30/0x30 [ 46.123634] ? __free_pages+0x10a/0x190 [ 46.127594] ? free_unref_page+0x930/0x930 [ 46.131815] kvm_put_kvm+0x73f/0x1060 [ 46.135609] ? kvm_write_guest_cached+0x40/0x40 [ 46.140339] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.144830] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.149314] ? lockdep_hardirqs_on+0x421/0x5c0 [ 46.153889] ? kasan_check_write+0x14/0x20 [ 46.158755] ? do_raw_spin_lock+0xc1/0x200 [ 46.162979] ? kvm_irqfd_release+0xdd/0x120 [ 46.167288] ? kvm_irqfd_release+0xdd/0x120 [ 46.171602] ? kvm_put_kvm+0x1060/0x1060 [ 46.175716] kvm_vm_release+0x42/0x50 [ 46.179508] __fput+0x38a/0xa40 [ 46.182773] ? __alloc_file+0x400/0x400 [ 46.186740] ? check_same_owner+0x340/0x340 [ 46.191047] ? kasan_check_write+0x14/0x20 [ 46.195266] ? do_raw_spin_lock+0xc1/0x200 [ 46.199490] ____fput+0x15/0x20 [ 46.202765] task_work_run+0x1e8/0x2a0 [ 46.206641] ? task_work_cancel+0x240/0x240 [ 46.210957] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.216488] ? switch_task_namespaces+0xa2/0xd0 [ 46.221145] do_exit+0x1ae4/0x26e0 [ 46.224676] ? mm_update_next_owner+0x9a0/0x9a0 [ 46.229337] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 46.233557] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.238554] ? kfree+0x1d7/0x210 [ 46.241904] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 46.246120] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 46.251815] ? is_bpf_text_address+0xd7/0x170 [ 46.256299] ? kernel_text_address+0x79/0xf0 [ 46.260696] ? __kernel_text_address+0xd/0x40 [ 46.265181] ? unwind_get_return_address+0x61/0xa0 [ 46.270097] ? __save_stack_trace+0x8d/0xf0 [ 46.274406] ? save_stack+0xa9/0xd0 [ 46.278024] ? save_stack+0x43/0xd0 [ 46.281633] ? __kasan_slab_free+0x11a/0x170 [ 46.286028] ? kasan_slab_free+0xe/0x10 [ 46.289988] ? putname+0xf2/0x130 [ 46.293427] ? __x64_sys_openat+0x9d/0x100 [ 46.297653] ? do_syscall_64+0x1b9/0x820 [ 46.301815] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.307170] ? trace_hardirqs_off+0xb8/0x2b0 [ 46.311565] ? kasan_check_read+0x11/0x20 [ 46.315704] ? do_raw_spin_unlock+0xa7/0x2f0 [ 46.320099] ? trace_hardirqs_on+0x2c0/0x2c0 [ 46.324493] ? initcall_blacklisted+0x9a/0x1e0 [ 46.329061] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 46.334219] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 46.339926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.345453] ? do_vfs_ioctl+0x201/0x1720 [ 46.349501] ? rcu_is_watching+0x8c/0x150 [ 46.353633] ? trace_hardirqs_on+0xbd/0x2c0 [ 46.357962] ? ioctl_preallocate+0x300/0x300 [ 46.362359] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.367885] ? __fget_light+0x2f7/0x440 [ 46.371844] ? fget_raw+0x20/0x20 [ 46.375281] ? putname+0xf2/0x130 [ 46.378729] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.383736] ? kmem_cache_free+0x246/0x280 [ 46.387964] ? putname+0xf7/0x130 [ 46.391414] do_group_exit+0x177/0x440 [ 46.395286] ? trace_hardirqs_on+0xbd/0x2c0 [ 46.399592] ? __ia32_sys_exit+0x50/0x50 [ 46.403633] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 46.408795] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.414325] ? ksys_ioctl+0x81/0xd0 [ 46.417940] __x64_sys_exit_group+0x3e/0x50 [ 46.422324] do_syscall_64+0x1b9/0x820 [ 46.426209] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 46.431564] ? syscall_return_slowpath+0x5e0/0x5e0 [ 46.436476] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.441311] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 46.446424] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 46.451427] ? prepare_exit_to_usermode+0x291/0x3b0 [ 46.456428] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.461321] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.466496] RIP: 0033:0x43ef08 [ 46.469689] Code: Bad RIP value. [ 46.473033] RSP: 002b:00007ffd171ca298 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 46.480727] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 46.487986] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 46.495247] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 46.502507] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 46.509931] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 46.517217] [ 46.517222] ====================================================== [ 46.517227] WARNING: possible circular locking dependency detected [ 46.517231] 4.19.0-rc1+ #217 Not tainted [ 46.517236] ------------------------------------------------------ [ 46.517241] syz-executor748/4670 is trying to acquire lock: [ 46.517244] 00000000e8c50ae2 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 46.517259] [ 46.517263] but task is already holding lock: [ 46.517266] 00000000c341220b (report_lock){....}, at: kasan_report+0x8e/0x110 [ 46.517280] [ 46.517285] which lock already depends on the new lock. [ 46.517287] [ 46.517289] [ 46.517294] the existing dependency chain (in reverse order) is: [ 46.517297] [ 46.517299] -> #3 (report_lock){....}: [ 46.517313] _raw_spin_lock_irqsave+0x96/0xc0 [ 46.517317] kasan_report+0x8e/0x110 [ 46.517321] __asan_report_load8_noabort+0x14/0x20 [ 46.517325] __schedule+0xf54/0x1df0 [ 46.517329] preempt_schedule_common+0x22/0x60 [ 46.517333] _cond_resched+0x1d/0x30 [ 46.517337] wait_for_completion+0xa5/0x8d0 [ 46.517341] __synchronize_srcu+0x189/0x240 [ 46.517345] synchronize_srcu+0x335/0x56f [ 46.517350] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.517354] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.517358] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.517361] kvm_put_kvm+0x73f/0x1060 [ 46.517365] kvm_vm_release+0x42/0x50 [ 46.517369] __fput+0x38a/0xa40 [ 46.517372] ____fput+0x15/0x20 [ 46.517376] task_work_run+0x1e8/0x2a0 [ 46.517380] do_exit+0x1ae4/0x26e0 [ 46.517383] do_group_exit+0x177/0x440 [ 46.517387] __x64_sys_exit_group+0x3e/0x50 [ 46.517391] do_syscall_64+0x1b9/0x820 [ 46.517396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.517398] [ 46.517400] -> #2 (&rq->lock){-.-.}: [ 46.517414] _raw_spin_lock+0x2a/0x40 [ 46.517418] task_fork_fair+0x93/0x680 [ 46.517421] sched_fork+0x44b/0xbd0 [ 46.517425] copy_process+0x235e/0x7ad0 [ 46.517429] _do_fork+0x1ca/0x1170 [ 46.517432] kernel_thread+0x34/0x40 [ 46.517436] rest_init+0x22/0xe4 [ 46.517439] start_kernel+0x913/0x94e [ 46.517444] x86_64_start_reservations+0x29/0x2b [ 46.517448] x86_64_start_kernel+0x76/0x79 [ 46.517452] secondary_startup_64+0xa4/0xb0 [ 46.517454] [ 46.517456] -> #1 (&p->pi_lock){-.-.}: [ 46.517470] _raw_spin_lock_irqsave+0x96/0xc0 [ 46.517474] try_to_wake_up+0xd2/0x1250 [ 46.517478] wake_up_process+0x10/0x20 [ 46.517482] __up.isra.1+0x1c0/0x2a0 [ 46.517485] up+0x13c/0x1c0 [ 46.517489] __up_console_sem+0xbe/0x1b0 [ 46.517493] console_unlock+0x506/0x10d0 [ 46.517497] vprintk_emit+0x33a/0x910 [ 46.517500] vprintk_default+0x28/0x30 [ 46.517504] vprintk_func+0x7a/0x117 [ 46.517507] printk+0xa7/0xcf [ 46.517511] load_umh+0x51/0xbd [ 46.517515] do_one_initcall+0x127/0x838 [ 46.517519] kernel_init_freeable+0x4bb/0x5ae [ 46.517522] kernel_init+0x11/0x1b3 [ 46.517526] ret_from_fork+0x3a/0x50 [ 46.517528] [ 46.517531] -> #0 ((console_sem).lock){-...}: [ 46.517545] lock_acquire+0x1e4/0x4f0 [ 46.517549] _raw_spin_lock_irqsave+0x96/0xc0 [ 46.517553] down_trylock+0x13/0x70 [ 46.517557] __down_trylock_console_sem+0xae/0x200 [ 46.517561] console_trylock+0x15/0xa0 [ 46.517565] vprintk_emit+0x31f/0x910 [ 46.517568] vprintk_default+0x28/0x30 [ 46.517572] vprintk_func+0x7a/0x117 [ 46.517575] printk+0xa7/0xcf [ 46.517579] kasan_report+0x9e/0x110 [ 46.517583] __asan_report_load8_noabort+0x14/0x20 [ 46.517587] __schedule+0xf54/0x1df0 [ 46.517591] preempt_schedule_common+0x22/0x60 [ 46.517595] _cond_resched+0x1d/0x30 [ 46.517599] wait_for_completion+0xa5/0x8d0 [ 46.517603] __synchronize_srcu+0x189/0x240 [ 46.517607] synchronize_srcu+0x335/0x56f [ 46.517612] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.517616] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.517620] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.517624] kvm_put_kvm+0x73f/0x1060 [ 46.517628] kvm_vm_release+0x42/0x50 [ 46.517631] __fput+0x38a/0xa40 [ 46.517634] ____fput+0x15/0x20 [ 46.517638] task_work_run+0x1e8/0x2a0 [ 46.517649] do_exit+0x1ae4/0x26e0 [ 46.517653] do_group_exit+0x177/0x440 [ 46.517657] __x64_sys_exit_group+0x3e/0x50 [ 46.517661] do_syscall_64+0x1b9/0x820 [ 46.517666] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.517668] [ 46.517672] other info that might help us debug this: [ 46.517674] [ 46.517677] Chain exists of: [ 46.517679] (console_sem).lock --> &rq->lock --> report_lock [ 46.517698] [ 46.517702] Possible unsafe locking scenario: [ 46.517704] [ 46.517708] CPU0 CPU1 [ 46.517712] ---- ---- [ 46.517714] lock(report_lock); [ 46.517723] lock(&rq->lock); [ 46.517732] lock(report_lock); [ 46.517740] lock((console_sem).lock); [ 46.517748] [ 46.517751] *** DEADLOCK *** [ 46.517753] [ 46.517757] 2 locks held by syz-executor748/4670: [ 46.517759] #0: 00000000f298aa12 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 46.517776] #1: 00000000c341220b (report_lock){....}, at: kasan_report+0x8e/0x110 [ 46.517792] [ 46.517795] stack backtrace: [ 46.517801] CPU: 1 PID: 4670 Comm: syz-executor748 Not tainted 4.19.0-rc1+ #217 [ 46.517808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.517811] Call Trace: [ 46.517815] dump_stack+0x1c9/0x2b4 [ 46.517819] ? dump_stack_print_info.cold.2+0x52/0x52 [ 46.517823] ? vprintk_func+0x100/0x117 [ 46.517828] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 46.517831] ? save_trace+0xe0/0x290 [ 46.517835] __lock_acquire+0x3449/0x5020 [ 46.517839] ? mark_held_locks+0x160/0x160 [ 46.517843] ? mark_held_locks+0x160/0x160 [ 46.517847] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 46.517851] ? is_bpf_text_address+0xd7/0x170 [ 46.517855] ? kernel_text_address+0x79/0xf0 [ 46.517859] ? __kernel_text_address+0xd/0x40 [ 46.517863] ? __save_stack_trace+0x8d/0xf0 [ 46.517868] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 46.517871] ? save_trace+0x290/0x290 [ 46.517875] ? save_stack_trace+0x1a/0x20 [ 46.517879] ? save_trace+0xe0/0x290 [ 46.517882] ? graph_lock+0x170/0x170 [ 46.517887] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.517891] lock_acquire+0x1e4/0x4f0 [ 46.517894] ? down_trylock+0x13/0x70 [ 46.517898] ? lock_release+0x9f0/0x9f0 [ 46.517902] ? trace_hardirqs_off+0xb8/0x2b0 [ 46.517906] ? trace_hardirqs_on+0x2c0/0x2c0 [ 46.517910] ? trace_hardirqs_off+0xb8/0x2b0 [ 46.517914] ? log_store+0x34f/0x4c0 [ 46.517918] ? vprintk_emit+0x31f/0x910 [ 46.517922] _raw_spin_lock_irqsave+0x96/0xc0 [ 46.517925] ? down_trylock+0x13/0x70 [ 46.517929] down_trylock+0x13/0x70 [ 46.517933] __down_trylock_console_sem+0xae/0x200 [ 46.517937] console_trylock+0x15/0xa0 [ 46.517941] vprintk_emit+0x31f/0x910 [ 46.517944] ? wake_up_klogd+0x110/0x110 [ 46.517949] ? run_rebalance_domains+0x4c0/0x4c0 [ 46.517953] ? kasan_check_read+0x11/0x20 [ 46.517956] ? rcu_is_watching+0x8c/0x150 [ 46.517960] ? rcu_pm_notify+0xc0/0xc0 [ 46.517964] ? lock_acquire+0x1e4/0x4f0 [ 46.517968] ? kasan_report+0x8e/0x110 [ 46.517971] ? __schedule+0xf54/0x1df0 [ 46.517975] vprintk_default+0x28/0x30 [ 46.517979] vprintk_func+0x7a/0x117 [ 46.517982] printk+0xa7/0xcf [ 46.517986] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 46.517990] ? kasan_check_write+0x14/0x20 [ 46.517994] ? do_raw_spin_lock+0xc1/0x200 [ 46.517998] ? do_raw_spin_lock+0xc1/0x200 [ 46.518002] kasan_report+0x9e/0x110 [ 46.518006] __asan_report_load8_noabort+0x14/0x20 [ 46.518010] __schedule+0xf54/0x1df0 [ 46.518014] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 46.518018] ? __sched_text_start+0x8/0x8 [ 46.518022] ? __call_srcu+0x7e7/0x1040 [ 46.518026] ? check_same_owner+0x340/0x340 [ 46.518030] ? mark_held_locks+0x160/0x160 [ 46.518033] ? find_held_lock+0x36/0x1c0 [ 46.518037] preempt_schedule_common+0x22/0x60 [ 46.518041] _cond_resched+0x1d/0x30 [ 46.518045] wait_for_completion+0xa5/0x8d0 [ 46.518050] ? wait_for_completion_interruptible+0x950/0x950 [ 46.518054] ? __lockdep_init_map+0x105/0x590 [ 46.518058] ? __init_waitqueue_head+0x9e/0x150 [ 46.518062] ? init_wait_entry+0x1c0/0x1c0 [ 46.518066] __synchronize_srcu+0x189/0x240 [ 46.518070] ? call_srcu+0x10/0x10 [ 46.518074] ? rcu_unexpedite_gp+0x20/0x20 [ 46.518078] synchronize_srcu+0x335/0x56f [ 46.518081] ? lock_downgrade+0x8f0/0x8f0 [ 46.518086] ? synchronize_srcu_expedited+0x20/0x20 [ 46.518090] ? kasan_check_read+0x11/0x20 [ 46.518094] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 46.518098] ? kasan_check_write+0x14/0x20 [ 46.518102] ? do_raw_spin_lock+0xc1/0x200 [ 46.518107] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.518111] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 46.518115] ? kvfree+0x61/0x70 [ 46.518119] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.518123] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.518127] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.518131] ? kvm_arch_sync_events+0x30/0x30 [ 46.518136] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.518140] ? mmu_notifier_unregister+0x474/0x600 [ 46.518144] ? trace_hardirqs_on+0x2c0/0x2c0 [ 46.518148] ? kfree+0x111/0x210 [ 46.518152] ? __mmu_notifier_register+0x30/0x30 [ 46.518156] ? __free_pages+0x10a/0x190 [ 46.518160] ? free_unref_page+0x930/0x930 [ 46.518163] kvm_put_kvm+0x73f/0x1060 [ 46.518167] ? kvm_write_guest_cached+0x40/0x40 [ 46.518171] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.518176] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.518180] ? lockdep_hardirqs_on+0x421/0x5c0 [ 46.518189] ? kasan_check_write+0x14/0x20 [ 46.518193] ? do_raw_spin_lock+0xc1/0x200 [ 46.518197] ? kvm_irqfd_release+0xdd/0x120 [ 46.518201] ? kvm_irqfd_release+0xdd/0x120 [ 46.518205] ? kvm_put_kvm+0x1060/0x1060 [ 46.518209] kvm_vm_release+0x42/0x50 [ 46.518212] __fput+0x38a/0xa40 [ 46.518216] ? __alloc_file+0x400/0x400 [ 46.518220] ? check_same_owner+0x340/0x340 [ 46.518224] ? kasan_check_write+0x14/0x20 [ 46.518227] ? do_raw_spin_lock+0xc1/0x200 [ 46.518231] ____fput+0x15/0x20 [ 46.518235] task_work_run+0x1e8/0x2a0 [ 46.518239] ? task_work_cancel+0x240/0x240 [ 46.518243] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.518248] ? switch_task_namespaces+0xa2/0xd0 [ 46.518251] do_exit+0x1ae4/0x26e0 [ 46.518255] ? mm_update_next_owner+0x9a0/0x9a0 [ 46.518259] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 46.518264] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.518267] ? kfree+0x1d7/0x210 [ 46.518271] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 46.518276] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 46.518280] ? is_bpf_text_address+0xd7/0x170 [ 46.518282] ? [ 46.518289] Lost 55 message(s)! [ 47.589284] Shutting down cpus with NMI [ 48.648811] Dumping ftrace buffer: [ 48.652350] (ftrace buffer empty) [ 48.656048] Kernel Offset: disabled [ 48.659661] Rebooting in 86400 seconds..