[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.436500] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.790268] random: sshd: uninitialized urandom read (32 bytes read) [ 26.198312] random: sshd: uninitialized urandom read (32 bytes read) [ 26.745300] random: sshd: uninitialized urandom read (32 bytes read) [ 26.924028] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.31' (ECDSA) to the list of known hosts. [ 32.693208] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 32.798622] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 32.822964] ================================================================== [ 32.832943] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 32.839214] Read of size 8 at addr ffff8801d9a88058 by task syz-executor858/4457 [ 32.846762] [ 32.848388] CPU: 0 PID: 4457 Comm: syz-executor858 Not tainted 4.19.0-rc1+ #212 [ 32.855822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.865244] Call Trace: [ 32.867822] dump_stack+0x1c9/0x2b4 [ 32.871451] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.876634] ? printk+0xa7/0xcf [ 32.879906] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.884693] ? __schedule+0xf54/0x1df0 [ 32.888577] print_address_description+0x6c/0x20b [ 32.893420] ? __schedule+0xf54/0x1df0 [ 32.897301] kasan_report.cold.7+0x242/0x30d [ 32.901708] __asan_report_load8_noabort+0x14/0x20 [ 32.906629] __schedule+0xf54/0x1df0 [ 32.910334] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.915439] ? __sched_text_start+0x8/0x8 [ 32.919580] ? __call_srcu+0x7e7/0x1040 [ 32.923556] ? check_same_owner+0x340/0x340 [ 32.927885] ? mark_held_locks+0x160/0x160 [ 32.932123] ? find_held_lock+0x36/0x1c0 [ 32.936188] preempt_schedule_common+0x22/0x60 [ 32.940779] _cond_resched+0x1d/0x30 [ 32.944502] wait_for_completion+0xa5/0x8d0 [ 32.948852] ? wait_for_completion_interruptible+0x950/0x950 [ 32.954664] ? __lockdep_init_map+0x105/0x590 [ 32.959161] ? __init_waitqueue_head+0x9e/0x150 [ 32.963836] ? init_wait_entry+0x1c0/0x1c0 [ 32.968067] __synchronize_srcu+0x189/0x240 [ 32.972380] ? call_srcu+0x10/0x10 [ 32.975926] ? rcu_unexpedite_gp+0x20/0x20 [ 32.980165] synchronize_srcu+0x335/0x56f [ 32.984311] ? lock_downgrade+0x8f0/0x8f0 [ 32.988454] ? synchronize_srcu_expedited+0x20/0x20 [ 32.993464] ? kasan_check_read+0x11/0x20 [ 32.997607] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.002190] ? kasan_check_write+0x14/0x20 [ 33.006422] ? do_raw_spin_lock+0xc1/0x200 [ 33.010673] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.016409] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.021851] ? kvfree+0x61/0x70 [ 33.025129] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.030141] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.034199] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.038603] ? kvm_arch_sync_events+0x30/0x30 [ 33.043097] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.048642] ? mmu_notifier_unregister+0x474/0x600 [ 33.053569] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.057973] ? kfree+0x111/0x210 [ 33.061339] ? __mmu_notifier_register+0x30/0x30 [ 33.066096] ? __free_pages+0x10a/0x190 [ 33.070070] ? free_unref_page+0x930/0x930 [ 33.074309] kvm_put_kvm+0x73f/0x1060 [ 33.078113] ? kvm_write_guest_cached+0x40/0x40 [ 33.082781] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.087268] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.091788] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.096588] ? kasan_check_write+0x14/0x20 [ 33.100831] ? do_raw_spin_lock+0xc1/0x200 [ 33.105068] ? kvm_irqfd_release+0xdd/0x120 [ 33.109385] ? kvm_irqfd_release+0xdd/0x120 [ 33.113703] ? kvm_put_kvm+0x1060/0x1060 [ 33.117765] kvm_vm_release+0x42/0x50 [ 33.121556] __fput+0x36e/0x8c0 [ 33.124842] ? __alloc_file+0x400/0x400 [ 33.128808] ? check_same_owner+0x340/0x340 [ 33.133139] ? kasan_check_write+0x14/0x20 [ 33.137365] ? do_raw_spin_lock+0xc1/0x200 [ 33.141592] ____fput+0x15/0x20 [ 33.144866] task_work_run+0x1e8/0x2a0 [ 33.148815] ? task_work_cancel+0x240/0x240 [ 33.153149] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.158684] ? switch_task_namespaces+0xa2/0xd0 [ 33.163365] do_exit+0x1ae4/0x26e0 [ 33.166902] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.171578] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.175808] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.180818] ? kfree+0x1d7/0x210 [ 33.184188] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.188442] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.194183] ? is_bpf_text_address+0xd7/0x170 [ 33.198684] ? kernel_text_address+0x79/0xf0 [ 33.203104] ? __kernel_text_address+0xd/0x40 [ 33.207593] ? unwind_get_return_address+0x61/0xa0 [ 33.212518] ? __save_stack_trace+0x8d/0xf0 [ 33.216842] ? save_stack+0xa9/0xd0 [ 33.220462] ? save_stack+0x43/0xd0 [ 33.224085] ? __kasan_slab_free+0x11a/0x170 [ 33.228488] ? kasan_slab_free+0xe/0x10 [ 33.232455] ? putname+0xf2/0x130 [ 33.235903] ? __x64_sys_openat+0x9d/0x100 [ 33.240136] ? do_syscall_64+0x1b9/0x820 [ 33.244198] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.249557] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.253959] ? kasan_check_read+0x11/0x20 [ 33.258124] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.262524] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.266937] ? initcall_blacklisted+0x9a/0x1e0 [ 33.271519] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.276620] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.282347] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.287876] ? do_vfs_ioctl+0x201/0x1720 [ 33.291938] ? rcu_is_watching+0x8c/0x150 [ 33.296753] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.301070] ? ioctl_preallocate+0x300/0x300 [ 33.305494] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.311028] ? __fget_light+0x2f7/0x440 [ 33.314999] ? fget_raw+0x20/0x20 [ 33.318443] ? putname+0xf2/0x130 [ 33.321908] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.326934] ? kmem_cache_free+0x246/0x280 [ 33.331164] ? putname+0xf7/0x130 [ 33.334633] do_group_exit+0x177/0x440 [ 33.338531] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.342846] ? __ia32_sys_exit+0x50/0x50 [ 33.346900] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.352009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.357539] ? ksys_ioctl+0x81/0xd0 [ 33.361200] __x64_sys_exit_group+0x3e/0x50 [ 33.365519] do_syscall_64+0x1b9/0x820 [ 33.369407] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.374763] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.379698] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.384535] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.389561] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 33.394571] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.399582] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.404426] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.409606] RIP: 0033:0x43ecc8 [ 33.412794] Code: Bad RIP value. [ 33.416153] RSP: 002b:00007ffdb8904a68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.423856] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 33.431130] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.438392] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.445649] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.452952] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.460217] [ 33.461831] Allocated by task 4457: [ 33.465466] save_stack+0x43/0xd0 [ 33.468909] kasan_kmalloc+0xc4/0xe0 [ 33.472627] kasan_slab_alloc+0x12/0x20 [ 33.476591] kmem_cache_alloc+0x12e/0x710 [ 33.480732] vmx_create_vcpu+0xcf/0x2830 [ 33.484786] kvm_arch_vcpu_create+0xe5/0x220 [ 33.489193] kvm_vm_ioctl+0x488/0x1d80 [ 33.493074] do_vfs_ioctl+0x1de/0x1720 [ 33.496994] ksys_ioctl+0xa9/0xd0 [ 33.500438] __x64_sys_ioctl+0x73/0xb0 [ 33.504338] do_syscall_64+0x1b9/0x820 [ 33.508225] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.513395] [ 33.515011] Freed by task 4457: [ 33.518282] save_stack+0x43/0xd0 [ 33.521726] __kasan_slab_free+0x11a/0x170 [ 33.525956] kasan_slab_free+0xe/0x10 [ 33.529745] kmem_cache_free+0x86/0x280 [ 33.533709] vmx_free_vcpu+0x26b/0x300 [ 33.537604] kvm_arch_destroy_vm+0x365/0x7c0 [ 33.542004] kvm_put_kvm+0x73f/0x1060 [ 33.545798] kvm_vm_release+0x42/0x50 [ 33.549588] __fput+0x36e/0x8c0 [ 33.552860] ____fput+0x15/0x20 [ 33.556130] task_work_run+0x1e8/0x2a0 [ 33.560011] do_exit+0x1ae4/0x26e0 [ 33.563543] do_group_exit+0x177/0x440 [ 33.567426] __x64_sys_exit_group+0x3e/0x50 [ 33.571741] do_syscall_64+0x1b9/0x820 [ 33.575623] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.580794] [ 33.582411] The buggy address belongs to the object at ffff8801d9a88040 [ 33.582411] which belongs to the cache kvm_vcpu of size 23872 [ 33.594978] The buggy address is located 24 bytes inside of [ 33.594978] 23872-byte region [ffff8801d9a88040, ffff8801d9a8dd80) [ 33.606949] The buggy address belongs to the page: [ 33.611876] page:ffffea000766a200 count:1 mapcount:0 mapping:ffff8801d5453200 index:0x0 compound_mapcount: 0 [ 33.621837] flags: 0x2fffc0000008100(slab|head) [ 33.626503] raw: 02fffc0000008100 ffff8801d57e2348 ffff8801d57e2348 ffff8801d5453200 [ 33.634382] raw: 0000000000000000 ffff8801d9a88040 0000000100000001 0000000000000000 [ 33.642248] page dumped because: kasan: bad access detected [ 33.647941] [ 33.649553] Memory state around the buggy address: [ 33.654475] ffff8801d9a87f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.661823] ffff8801d9a87f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.669171] >ffff8801d9a88000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 33.676519] ^ [ 33.682739] ffff8801d9a88080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.690086] ffff8801d9a88100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.697431] ================================================================== [ 33.704778] Kernel panic - not syncing: panic_on_warn set ... [ 33.704778] [ 33.712140] CPU: 0 PID: 4457 Comm: syz-executor858 Tainted: G B 4.19.0-rc1+ #212 [ 33.720975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.730314] Call Trace: [ 33.732901] dump_stack+0x1c9/0x2b4 [ 33.736534] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.741729] ? lock_downgrade+0x8f0/0x8f0 [ 33.745873] ? __schedule+0xf54/0x1df0 [ 33.749757] panic+0x238/0x4e7 [ 33.752953] ? add_taint.cold.5+0x16/0x16 [ 33.757103] ? print_shadow_for_address+0xba/0x116 [ 33.762026] ? trace_hardirqs_off+0xaf/0x2b0 [ 33.766431] ? trace_hardirqs_off+0x77/0x2b0 [ 33.770832] ? __schedule+0xf54/0x1df0 [ 33.774730] kasan_end_report+0x47/0x4f [ 33.778731] kasan_report.cold.7+0x76/0x30d [ 33.783051] __asan_report_load8_noabort+0x14/0x20 [ 33.787972] __schedule+0xf54/0x1df0 [ 33.791679] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.796779] ? __sched_text_start+0x8/0x8 [ 33.800931] ? __call_srcu+0x7e7/0x1040 [ 33.804912] ? check_same_owner+0x340/0x340 [ 33.809262] ? mark_held_locks+0x160/0x160 [ 33.813488] ? find_held_lock+0x36/0x1c0 [ 33.817543] preempt_schedule_common+0x22/0x60 [ 33.822120] _cond_resched+0x1d/0x30 [ 33.825825] wait_for_completion+0xa5/0x8d0 [ 33.830174] ? wait_for_completion_interruptible+0x950/0x950 [ 33.835991] ? __lockdep_init_map+0x105/0x590 [ 33.840482] ? __init_waitqueue_head+0x9e/0x150 [ 33.845144] ? init_wait_entry+0x1c0/0x1c0 [ 33.849379] __synchronize_srcu+0x189/0x240 [ 33.853693] ? call_srcu+0x10/0x10 [ 33.857232] ? rcu_unexpedite_gp+0x20/0x20 [ 33.861471] synchronize_srcu+0x335/0x56f [ 33.865644] ? lock_downgrade+0x8f0/0x8f0 [ 33.869783] ? synchronize_srcu_expedited+0x20/0x20 [ 33.874807] ? kasan_check_read+0x11/0x20 [ 33.878965] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.883540] ? kasan_check_write+0x14/0x20 [ 33.887766] ? do_raw_spin_lock+0xc1/0x200 [ 33.892001] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.897706] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.903149] ? kvfree+0x61/0x70 [ 33.906430] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.911440] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.915494] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.919900] ? kvm_arch_sync_events+0x30/0x30 [ 33.924403] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.929943] ? mmu_notifier_unregister+0x474/0x600 [ 33.934868] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.939266] ? kfree+0x111/0x210 [ 33.942630] ? __mmu_notifier_register+0x30/0x30 [ 33.947381] ? __free_pages+0x10a/0x190 [ 33.951350] ? free_unref_page+0x930/0x930 [ 33.955592] kvm_put_kvm+0x73f/0x1060 [ 33.959392] ? kvm_write_guest_cached+0x40/0x40 [ 33.964061] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.968553] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.973046] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.977629] ? kasan_check_write+0x14/0x20 [ 33.981879] ? do_raw_spin_lock+0xc1/0x200 [ 33.986147] ? kvm_irqfd_release+0xdd/0x120 [ 33.990462] ? kvm_irqfd_release+0xdd/0x120 [ 33.994782] ? kvm_put_kvm+0x1060/0x1060 [ 33.998855] kvm_vm_release+0x42/0x50 [ 34.002652] __fput+0x36e/0x8c0 [ 34.005947] ? __alloc_file+0x400/0x400 [ 34.009925] ? check_same_owner+0x340/0x340 [ 34.014256] ? kasan_check_write+0x14/0x20 [ 34.018483] ? do_raw_spin_lock+0xc1/0x200 [ 34.022710] ____fput+0x15/0x20 [ 34.025996] task_work_run+0x1e8/0x2a0 [ 34.029902] ? task_work_cancel+0x240/0x240 [ 34.034229] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.039760] ? switch_task_namespaces+0xa2/0xd0 [ 34.044427] do_exit+0x1ae4/0x26e0 [ 34.047965] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.052632] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.056882] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.061890] ? kfree+0x1d7/0x210 [ 34.065258] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.069488] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.075213] ? is_bpf_text_address+0xd7/0x170 [ 34.079703] ? kernel_text_address+0x79/0xf0 [ 34.084104] ? __kernel_text_address+0xd/0x40 [ 34.088608] ? unwind_get_return_address+0x61/0xa0 [ 34.093532] ? __save_stack_trace+0x8d/0xf0 [ 34.098061] ? save_stack+0xa9/0xd0 [ 34.101700] ? save_stack+0x43/0xd0 [ 34.105350] ? __kasan_slab_free+0x11a/0x170 [ 34.109769] ? kasan_slab_free+0xe/0x10 [ 34.113736] ? putname+0xf2/0x130 [ 34.117192] ? __x64_sys_openat+0x9d/0x100 [ 34.121420] ? do_syscall_64+0x1b9/0x820 [ 34.125478] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.130836] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.135233] ? kasan_check_read+0x11/0x20 [ 34.139373] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.143775] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.148185] ? initcall_blacklisted+0x9a/0x1e0 [ 34.152768] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.157867] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.163576] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.169106] ? do_vfs_ioctl+0x201/0x1720 [ 34.173161] ? rcu_is_watching+0x8c/0x150 [ 34.177306] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.181640] ? ioctl_preallocate+0x300/0x300 [ 34.186044] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.191578] ? __fget_light+0x2f7/0x440 [ 34.195546] ? fget_raw+0x20/0x20 [ 34.198988] ? putname+0xf2/0x130 [ 34.202435] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.207447] ? kmem_cache_free+0x246/0x280 [ 34.211674] ? putname+0xf7/0x130 [ 34.215123] do_group_exit+0x177/0x440 [ 34.219003] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.223322] ? __ia32_sys_exit+0x50/0x50 [ 34.227697] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.232802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.238336] ? ksys_ioctl+0x81/0xd0 [ 34.241964] __x64_sys_exit_group+0x3e/0x50 [ 34.246295] do_syscall_64+0x1b9/0x820 [ 34.250201] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.255559] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.260485] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.265325] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.270337] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.275347] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.280363] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.285218] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.290398] RIP: 0033:0x43ecc8 [ 34.293587] Code: Bad RIP value. [ 34.296955] RSP: 002b:00007ffdb8904a68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.304656] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 34.311939] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.319204] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.326478] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.333752] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.341020] [ 34.341026] ====================================================== [ 34.341031] WARNING: possible circular locking dependency detected [ 34.341035] 4.19.0-rc1+ #212 Not tainted [ 34.341040] ------------------------------------------------------ [ 34.341045] syz-executor858/4457 is trying to acquire lock: [ 34.341049] 000000006bcc20aa ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 34.341063] [ 34.341067] but task is already holding lock: [ 34.341071] 00000000fc23f88d (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.341085] [ 34.341089] which lock already depends on the new lock. [ 34.341092] [ 34.341094] [ 34.341099] the existing dependency chain (in reverse order) is: [ 34.341101] [ 34.341104] -> #3 (report_lock){....}: [ 34.341118] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.341122] kasan_report+0x8e/0x110 [ 34.341127] __asan_report_load8_noabort+0x14/0x20 [ 34.341131] __schedule+0xf54/0x1df0 [ 34.341135] preempt_schedule_common+0x22/0x60 [ 34.341139] _cond_resched+0x1d/0x30 [ 34.341143] wait_for_completion+0xa5/0x8d0 [ 34.341147] __synchronize_srcu+0x189/0x240 [ 34.341151] synchronize_srcu+0x335/0x56f [ 34.341156] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.341160] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.341164] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.341168] kvm_put_kvm+0x73f/0x1060 [ 34.341172] kvm_vm_release+0x42/0x50 [ 34.341176] __fput+0x36e/0x8c0 [ 34.341200] ____fput+0x15/0x20 [ 34.341204] task_work_run+0x1e8/0x2a0 [ 34.341208] do_exit+0x1ae4/0x26e0 [ 34.341211] do_group_exit+0x177/0x440 [ 34.341215] __x64_sys_exit_group+0x3e/0x50 [ 34.341219] do_syscall_64+0x1b9/0x820 [ 34.341224] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.341226] [ 34.341243] -> #2 (&rq->lock){-.-.}: [ 34.341257] _raw_spin_lock+0x2a/0x40 [ 34.341261] task_fork_fair+0x93/0x680 [ 34.341265] sched_fork+0x44b/0xbd0 [ 34.341269] copy_process+0x235e/0x7ad0 [ 34.341273] _do_fork+0x1ca/0x1170 [ 34.341276] kernel_thread+0x34/0x40 [ 34.341280] rest_init+0x22/0xe4 [ 34.341284] start_kernel+0x913/0x94e [ 34.341288] x86_64_start_reservations+0x29/0x2b [ 34.341292] x86_64_start_kernel+0x76/0x79 [ 34.341297] secondary_startup_64+0xa4/0xb0 [ 34.341299] [ 34.341301] -> #1 (&p->pi_lock){-.-.}: [ 34.341316] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.341320] try_to_wake_up+0xd2/0x1250 [ 34.341323] wake_up_process+0x10/0x20 [ 34.341327] __up.isra.1+0x1c0/0x2a0 [ 34.341331] up+0x13c/0x1c0 [ 34.341335] __up_console_sem+0xbe/0x1b0 [ 34.341339] console_unlock+0x506/0x10d0 [ 34.341342] vprintk_emit+0x33a/0x910 [ 34.341346] vprintk_default+0x28/0x30 [ 34.341350] vprintk_func+0x7a/0x117 [ 34.341354] printk+0xa7/0xcf [ 34.341357] load_umh+0x51/0xbd [ 34.341361] do_one_initcall+0x127/0x838 [ 34.341365] kernel_init_freeable+0x4bb/0x5ae [ 34.341369] kernel_init+0x11/0x1b3 [ 34.341373] ret_from_fork+0x3a/0x50 [ 34.341375] [ 34.341377] -> #0 ((console_sem).lock){-...}: [ 34.341392] lock_acquire+0x1e4/0x4f0 [ 34.341396] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.341400] down_trylock+0x13/0x70 [ 34.341404] __down_trylock_console_sem+0xae/0x200 [ 34.341408] console_trylock+0x15/0xa0 [ 34.341412] vprintk_emit+0x31f/0x910 [ 34.341416] vprintk_default+0x28/0x30 [ 34.341420] vprintk_func+0x7a/0x117 [ 34.341423] printk+0xa7/0xcf [ 34.341427] kasan_report+0x9e/0x110 [ 34.341432] __asan_report_load8_noabort+0x14/0x20 [ 34.341435] __schedule+0xf54/0x1df0 [ 34.341440] preempt_schedule_common+0x22/0x60 [ 34.341443] _cond_resched+0x1d/0x30 [ 34.341448] wait_for_completion+0xa5/0x8d0 [ 34.341452] __synchronize_srcu+0x189/0x240 [ 34.341456] synchronize_srcu+0x335/0x56f [ 34.341461] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.341465] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.341469] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.341473] kvm_put_kvm+0x73f/0x1060 [ 34.341477] kvm_vm_release+0x42/0x50 [ 34.341480] __fput+0x36e/0x8c0 [ 34.341484] ____fput+0x15/0x20 [ 34.341488] task_work_run+0x1e8/0x2a0 [ 34.341508] do_exit+0x1ae4/0x26e0 [ 34.341511] do_group_exit+0x177/0x440 [ 34.341515] __x64_sys_exit_group+0x3e/0x50 [ 34.341519] do_syscall_64+0x1b9/0x820 [ 34.341539] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.341541] [ 34.341545] other info that might help us debug this: [ 34.341548] [ 34.341551] Chain exists of: [ 34.341553] (console_sem).lock --> &rq->lock --> report_lock [ 34.341571] [ 34.341575] Possible unsafe locking scenario: [ 34.341578] [ 34.341582] CPU0 CPU1 [ 34.341586] ---- ---- [ 34.341588] lock(report_lock); [ 34.341597] lock(&rq->lock); [ 34.341607] lock(report_lock); [ 34.341615] lock((console_sem).lock); [ 34.341623] [ 34.341626] *** DEADLOCK *** [ 34.341628] [ 34.341632] 2 locks held by syz-executor858/4457: [ 34.341634] #0: 0000000089b672af (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 34.341651] #1: 00000000fc23f88d (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.341668] [ 34.341671] stack backtrace: [ 34.341677] CPU: 0 PID: 4457 Comm: syz-executor858 Not tainted 4.19.0-rc1+ #212 [ 34.341685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.341689] Call Trace: [ 34.341692] dump_stack+0x1c9/0x2b4 [ 34.341697] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.341701] ? vprintk_func+0x100/0x117 [ 34.341706] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 34.341709] ? save_trace+0xe0/0x290 [ 34.341714] __lock_acquire+0x3449/0x5020 [ 34.341718] ? mark_held_locks+0x160/0x160 [ 34.341722] ? mark_held_locks+0x160/0x160 [ 34.341726] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.341730] ? is_bpf_text_address+0xd7/0x170 [ 34.341734] ? kernel_text_address+0x79/0xf0 [ 34.341738] ? __kernel_text_address+0xd/0x40 [ 34.341743] ? __save_stack_trace+0x8d/0xf0 [ 34.341747] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 34.341751] ? save_trace+0x290/0x290 [ 34.341755] ? save_stack_trace+0x1a/0x20 [ 34.341759] ? save_trace+0xe0/0x290 [ 34.341763] ? graph_lock+0x170/0x170 [ 34.341767] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.341771] lock_acquire+0x1e4/0x4f0 [ 34.341775] ? down_trylock+0x13/0x70 [ 34.341779] ? lock_release+0x9f0/0x9f0 [ 34.341783] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.341787] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.341792] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.341795] ? log_store+0x34f/0x4c0 [ 34.341799] ? vprintk_emit+0x31f/0x910 [ 34.341803] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.341807] ? down_trylock+0x13/0x70 [ 34.341811] down_trylock+0x13/0x70 [ 34.341816] __down_trylock_console_sem+0xae/0x200 [ 34.341819] console_trylock+0x15/0xa0 [ 34.341823] vprintk_emit+0x31f/0x910 [ 34.341827] ? wake_up_klogd+0x110/0x110 [ 34.341831] ? run_rebalance_domains+0x4c0/0x4c0 [ 34.341835] ? kasan_check_read+0x11/0x20 [ 34.341840] ? rcu_is_watching+0x8c/0x150 [ 34.341843] ? rcu_pm_notify+0xc0/0xc0 [ 34.341847] ? lock_acquire+0x1e4/0x4f0 [ 34.341851] ? kasan_report+0x8e/0x110 [ 34.341855] ? __schedule+0xf54/0x1df0 [ 34.341859] vprintk_default+0x28/0x30 [ 34.341863] vprintk_func+0x7a/0x117 [ 34.341866] printk+0xa7/0xcf [ 34.341870] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.341874] ? kasan_check_write+0x14/0x20 [ 34.341878] ? do_raw_spin_lock+0xc1/0x200 [ 34.341882] ? do_raw_spin_lock+0xc1/0x200 [ 34.341886] kasan_report+0x9e/0x110 [ 34.341891] __asan_report_load8_noabort+0x14/0x20 [ 34.341894] __schedule+0xf54/0x1df0 [ 34.341899] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.341903] ? __sched_text_start+0x8/0x8 [ 34.341907] ? __call_srcu+0x7e7/0x1040 [ 34.341911] ? check_same_owner+0x340/0x340 [ 34.341915] ? mark_held_locks+0x160/0x160 [ 34.341927] ? find_held_lock+0x36/0x1c0 [ 34.341931] preempt_schedule_common+0x22/0x60 [ 34.341935] _cond_resched+0x1d/0x30 [ 34.341939] wait_for_completion+0xa5/0x8d0 [ 34.341944] ? wait_for_completion_interruptible+0x950/0x950 [ 34.341948] ? __lockdep_init_map+0x105/0x590 [ 34.341953] ? __init_waitqueue_head+0x9e/0x150 [ 34.341957] ? init_wait_entry+0x1c0/0x1c0 [ 34.341961] __synchronize_srcu+0x189/0x240 [ 34.341964] ? call_srcu+0x10/0x10 [ 34.341968] ? rcu_unexpedite_gp+0x20/0x20 [ 34.341972] synchronize_srcu+0x335/0x56f [ 34.341976] ? lock_downgrade+0x8f0/0x8f0 [ 34.341981] ? synchronize_srcu_expedited+0x20/0x20 [ 34.341985] ? kasan_check_read+0x11/0x20 [ 34.341989] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.341994] ? kasan_check_write+0x14/0x20 [ 34.341998] ? do_raw_spin_lock+0xc1/0x200 [ 34.342003] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.342007] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.342011] ? kvfree+0x61/0x70 [ 34.342015] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.342019] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.342023] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.342028] ? kvm_arch_sync_events+0x30/0x30 [ 34.342033] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.342037] ? mmu_notifier_unregister+0x474/0x600 [ 34.342041] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.342045] ? kfree+0x111/0x210 [ 34.342049] ? __mmu_notifier_register+0x30/0x30 [ 34.342053] ? __free_pages+0x10a/0x190 [ 34.342057] ? free_unref_page+0x930/0x930 [ 34.342061] kvm_put_kvm+0x73f/0x1060 [ 34.342065] ? kvm_write_guest_cached+0x40/0x40 [ 34.342069] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.342074] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.342078] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.342082] ? kasan_check_write+0x14/0x20 [ 34.342086] ? do_raw_spin_lock+0xc1/0x200 [ 34.342090] ? kvm_irqfd_release+0xdd/0x120 [ 34.342094] ? kvm_irqfd_release+0xdd/0x120 [ 34.342098] ? kvm_put_kvm+0x1060/0x1060 [ 34.342102] kvm_vm_release+0x42/0x50 [ 34.342105] __fput+0x36e/0x8c0 [ 34.342109] ? __alloc_file+0x400/0x400 [ 34.342113] ? check_same_owner+0x340/0x340 [ 34.342118] ? kasan_check_write+0x14/0x20 [ 34.342122] ? do_raw_spin_lock+0xc1/0x200 [ 34.342125] ____fput+0x15/0x20 [ 34.342129] task_work_run+0x1e8/0x2a0 [ 34.342133] ? task_work_cancel+0x240/0x240 [ 34.342138] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.342142] ? switch_task_namespaces+0xa2/0xd0 [ 34.342146] do_exit+0x1ae4/0x26e0 [ 34.342150] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.342154] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.342159] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.342162] ? kfree+0x1d7/0x210 [ 34.342166] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.342171] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.342175] ? is_bpf_text_address+0xd7/0x170 [ 34.342183] ? [ 34.342190] Lost 55 message(s)! [ 35.444720] Shutting down cpus with NMI [ 36.503339] Dumping ftrace buffer: [ 36.506863] (ftrace buffer empty) [ 36.510548] Kernel Offset: disabled [ 36.514162] Rebooting in 86400 seconds..