[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.466467] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.794393] random: sshd: uninitialized urandom read (32 bytes read) [ 25.080226] random: sshd: uninitialized urandom read (32 bytes read) [ 25.623385] random: sshd: uninitialized urandom read (32 bytes read) [ 25.818764] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. [ 31.448625] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 31.548209] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 31.572305] ================================================================== [ 31.582155] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 31.588384] Read of size 8 at addr ffff8801b6518058 by task syz-executor402/4661 [ 31.595903] [ 31.597532] CPU: 1 PID: 4661 Comm: syz-executor402 Not tainted 4.19.0-rc1+ #216 [ 31.604965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.614310] Call Trace: [ 31.616898] dump_stack+0x1c9/0x2b4 [ 31.620526] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.625710] ? printk+0xa7/0xcf [ 31.628985] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 31.633741] ? __schedule+0xf54/0x1df0 [ 31.637624] print_address_description+0x6c/0x20b [ 31.642461] ? __schedule+0xf54/0x1df0 [ 31.646342] kasan_report.cold.7+0x242/0x30d [ 31.650749] __asan_report_load8_noabort+0x14/0x20 [ 31.655673] __schedule+0xf54/0x1df0 [ 31.659388] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.664489] ? __sched_text_start+0x8/0x8 [ 31.668637] ? __call_srcu+0x7e7/0x1040 [ 31.672612] ? check_same_owner+0x340/0x340 [ 31.676926] ? mark_held_locks+0x160/0x160 [ 31.681156] ? find_held_lock+0x36/0x1c0 [ 31.685303] preempt_schedule_common+0x22/0x60 [ 31.689879] _cond_resched+0x1d/0x30 [ 31.693588] wait_for_completion+0xa5/0x8d0 [ 31.697907] ? wait_for_completion_interruptible+0x950/0x950 [ 31.703698] ? __lockdep_init_map+0x105/0x590 [ 31.708189] ? __init_waitqueue_head+0x9e/0x150 [ 31.712859] ? init_wait_entry+0x1c0/0x1c0 [ 31.717093] __synchronize_srcu+0x189/0x240 [ 31.721407] ? call_srcu+0x10/0x10 [ 31.724942] ? rcu_unexpedite_gp+0x20/0x20 [ 31.729178] synchronize_srcu+0x335/0x56f [ 31.733320] ? lock_downgrade+0x8f0/0x8f0 [ 31.737462] ? synchronize_srcu_expedited+0x20/0x20 [ 31.742473] ? kasan_check_read+0x11/0x20 [ 31.746619] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 31.751197] ? kasan_check_write+0x14/0x20 [ 31.755424] ? do_raw_spin_lock+0xc1/0x200 [ 31.759657] kvm_page_track_unregister_notifier+0x17d/0x250 [ 31.765366] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 31.770814] ? kvfree+0x61/0x70 [ 31.774099] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.779111] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.783168] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 31.787572] ? kvm_arch_sync_events+0x30/0x30 [ 31.792069] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.797603] ? mmu_notifier_unregister+0x474/0x600 [ 31.802524] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.806928] ? kfree+0x111/0x210 [ 31.810292] ? __mmu_notifier_register+0x30/0x30 [ 31.815048] ? __free_pages+0x10a/0x190 [ 31.819017] ? free_unref_page+0x930/0x930 [ 31.823258] kvm_put_kvm+0x73f/0x1060 [ 31.827059] ? kvm_write_guest_cached+0x40/0x40 [ 31.831727] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.836219] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.840707] ? lockdep_hardirqs_on+0x421/0x5c0 [ 31.845287] ? kasan_check_write+0x14/0x20 [ 31.849516] ? do_raw_spin_lock+0xc1/0x200 [ 31.853749] ? kvm_irqfd_release+0xdd/0x120 [ 31.858062] ? kvm_irqfd_release+0xdd/0x120 [ 31.862383] ? kvm_put_kvm+0x1060/0x1060 [ 31.866439] kvm_vm_release+0x42/0x50 [ 31.870233] __fput+0x38a/0xa40 [ 31.873509] ? __alloc_file+0x400/0x400 [ 31.877483] ? check_same_owner+0x340/0x340 [ 31.881803] ? kasan_check_write+0x14/0x20 [ 31.886042] ? do_raw_spin_lock+0xc1/0x200 [ 31.890274] ____fput+0x15/0x20 [ 31.893547] task_work_run+0x1e8/0x2a0 [ 31.897431] ? task_work_cancel+0x240/0x240 [ 31.901752] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.907287] ? switch_task_namespaces+0xa2/0xd0 [ 31.911954] do_exit+0x1ae4/0x26e0 [ 31.915495] ? mm_update_next_owner+0x9a0/0x9a0 [ 31.920166] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 31.924399] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.929410] ? kfree+0x1d7/0x210 [ 31.932775] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 31.937013] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 31.942723] ? is_bpf_text_address+0xd7/0x170 [ 31.947213] ? kernel_text_address+0x79/0xf0 [ 31.951617] ? __kernel_text_address+0xd/0x40 [ 31.956107] ? unwind_get_return_address+0x61/0xa0 [ 31.961035] ? __save_stack_trace+0x8d/0xf0 [ 31.965357] ? save_stack+0xa9/0xd0 [ 31.968983] ? save_stack+0x43/0xd0 [ 31.972601] ? __kasan_slab_free+0x11a/0x170 [ 31.977020] ? kasan_slab_free+0xe/0x10 [ 31.980990] ? putname+0xf2/0x130 [ 31.984439] ? __x64_sys_openat+0x9d/0x100 [ 31.988669] ? do_syscall_64+0x1b9/0x820 [ 31.992727] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.998088] ? trace_hardirqs_off+0xb8/0x2b0 [ 32.002492] ? kasan_check_read+0x11/0x20 [ 32.006639] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.011040] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.015450] ? initcall_blacklisted+0x9a/0x1e0 [ 32.020029] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.025134] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.030853] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.036394] ? do_vfs_ioctl+0x201/0x1720 [ 32.040449] ? rcu_is_watching+0x8c/0x150 [ 32.044594] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.048915] ? ioctl_preallocate+0x300/0x300 [ 32.053789] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.059321] ? __fget_light+0x2f7/0x440 [ 32.063292] ? fget_raw+0x20/0x20 [ 32.066743] ? putname+0xf2/0x130 [ 32.070195] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.075209] ? kmem_cache_free+0x246/0x280 [ 32.079444] ? putname+0xf7/0x130 [ 32.082901] do_group_exit+0x177/0x440 [ 32.086788] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.091104] ? __ia32_sys_exit+0x50/0x50 [ 32.095160] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.100259] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.105790] ? ksys_ioctl+0x81/0xd0 [ 32.109414] __x64_sys_exit_group+0x3e/0x50 [ 32.113734] do_syscall_64+0x1b9/0x820 [ 32.117617] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.122981] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.127909] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.132746] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 32.137763] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 32.142780] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.147796] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.152638] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.157824] RIP: 0033:0x43ecc8 [ 32.161021] Code: Bad RIP value. [ 32.164383] RSP: 002b:00007fff6cebbf88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.172094] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 32.179362] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.186638] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.193911] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 32.201175] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 32.208444] [ 32.210062] Allocated by task 4661: [ 32.213690] save_stack+0x43/0xd0 [ 32.217136] kasan_kmalloc+0xc4/0xe0 [ 32.220849] kasan_slab_alloc+0x12/0x20 [ 32.224819] kmem_cache_alloc+0x12e/0x710 [ 32.228970] vmx_create_vcpu+0xcf/0x2830 [ 32.233025] kvm_arch_vcpu_create+0xe5/0x220 [ 32.237430] kvm_vm_ioctl+0x488/0x1d80 [ 32.241318] do_vfs_ioctl+0x1de/0x1720 [ 32.245201] ksys_ioctl+0xa9/0xd0 [ 32.248650] __x64_sys_ioctl+0x73/0xb0 [ 32.252535] do_syscall_64+0x1b9/0x820 [ 32.256418] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.261590] [ 32.263205] Freed by task 4661: [ 32.266479] save_stack+0x43/0xd0 [ 32.269927] __kasan_slab_free+0x11a/0x170 [ 32.274154] kasan_slab_free+0xe/0x10 [ 32.277944] kmem_cache_free+0x86/0x280 [ 32.281911] vmx_free_vcpu+0x26b/0x300 [ 32.285791] kvm_arch_destroy_vm+0x365/0x7c0 [ 32.290195] kvm_put_kvm+0x73f/0x1060 [ 32.293989] kvm_vm_release+0x42/0x50 [ 32.297784] __fput+0x38a/0xa40 [ 32.301054] ____fput+0x15/0x20 [ 32.304326] task_work_run+0x1e8/0x2a0 [ 32.308204] do_exit+0x1ae4/0x26e0 [ 32.311734] do_group_exit+0x177/0x440 [ 32.315613] __x64_sys_exit_group+0x3e/0x50 [ 32.319927] do_syscall_64+0x1b9/0x820 [ 32.323808] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.328989] [ 32.330614] The buggy address belongs to the object at ffff8801b6518040 [ 32.330614] which belongs to the cache kvm_vcpu of size 23872 [ 32.343179] The buggy address is located 24 bytes inside of [ 32.343179] 23872-byte region [ffff8801b6518040, ffff8801b651dd80) [ 32.355127] The buggy address belongs to the page: [ 32.360053] page:ffffea0006d94600 count:1 mapcount:0 mapping:ffff8801d52626c0 index:0x0 compound_mapcount: 0 [ 32.370028] flags: 0x2fffc0000008100(slab|head) [ 32.374694] raw: 02fffc0000008100 ffff8801d5268a48 ffff8801d5268a48 ffff8801d52626c0 [ 32.382571] raw: 0000000000000000 ffff8801b6518040 0000000100000001 0000000000000000 [ 32.390435] page dumped because: kasan: bad access detected [ 32.396130] [ 32.397745] Memory state around the buggy address: [ 32.402667] ffff8801b6517f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.410019] ffff8801b6517f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.417368] >ffff8801b6518000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 32.424721] ^ [ 32.430942] ffff8801b6518080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.438290] ffff8801b6518100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.445633] ================================================================== [ 32.452985] Kernel panic - not syncing: panic_on_warn set ... [ 32.452985] [ 32.460345] CPU: 1 PID: 4661 Comm: syz-executor402 Tainted: G B 4.19.0-rc1+ #216 [ 32.469173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.478516] Call Trace: [ 32.481109] dump_stack+0x1c9/0x2b4 [ 32.484738] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.489928] ? lock_downgrade+0x8f0/0x8f0 [ 32.494069] ? __schedule+0xf54/0x1df0 [ 32.497955] panic+0x238/0x4e7 [ 32.501144] ? add_taint.cold.5+0x16/0x16 [ 32.505297] ? print_shadow_for_address+0xba/0x116 [ 32.510220] ? trace_hardirqs_off+0xaf/0x2b0 [ 32.514622] ? trace_hardirqs_off+0x77/0x2b0 [ 32.519028] ? __schedule+0xf54/0x1df0 [ 32.522912] kasan_end_report+0x47/0x4f [ 32.526881] kasan_report.cold.7+0x76/0x30d [ 32.531203] __asan_report_load8_noabort+0x14/0x20 [ 32.536125] __schedule+0xf54/0x1df0 [ 32.539844] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.544948] ? __sched_text_start+0x8/0x8 [ 32.549092] ? __call_srcu+0x7e7/0x1040 [ 32.553068] ? check_same_owner+0x340/0x340 [ 32.557390] ? mark_held_locks+0x160/0x160 [ 32.561616] ? find_held_lock+0x36/0x1c0 [ 32.565676] preempt_schedule_common+0x22/0x60 [ 32.570251] _cond_resched+0x1d/0x30 [ 32.573962] wait_for_completion+0xa5/0x8d0 [ 32.578280] ? wait_for_completion_interruptible+0x950/0x950 [ 32.584076] ? __lockdep_init_map+0x105/0x590 [ 32.588569] ? __init_waitqueue_head+0x9e/0x150 [ 32.593235] ? init_wait_entry+0x1c0/0x1c0 [ 32.597467] __synchronize_srcu+0x189/0x240 [ 32.601784] ? call_srcu+0x10/0x10 [ 32.605322] ? rcu_unexpedite_gp+0x20/0x20 [ 32.609562] synchronize_srcu+0x335/0x56f [ 32.613703] ? lock_downgrade+0x8f0/0x8f0 [ 32.617851] ? synchronize_srcu_expedited+0x20/0x20 [ 32.622869] ? kasan_check_read+0x11/0x20 [ 32.627011] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.631589] ? kasan_check_write+0x14/0x20 [ 32.635819] ? do_raw_spin_lock+0xc1/0x200 [ 32.640062] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.645767] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.651213] ? kvfree+0x61/0x70 [ 32.654490] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.659505] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.663561] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.667967] ? kvm_arch_sync_events+0x30/0x30 [ 32.672463] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.677995] ? mmu_notifier_unregister+0x474/0x600 [ 32.682917] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.687326] ? kfree+0x111/0x210 [ 32.690699] ? __mmu_notifier_register+0x30/0x30 [ 32.695457] ? __free_pages+0x10a/0x190 [ 32.699437] ? free_unref_page+0x930/0x930 [ 32.703676] kvm_put_kvm+0x73f/0x1060 [ 32.707479] ? kvm_write_guest_cached+0x40/0x40 [ 32.712146] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.716639] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.721214] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.725800] ? kasan_check_write+0x14/0x20 [ 32.730037] ? do_raw_spin_lock+0xc1/0x200 [ 32.734272] ? kvm_irqfd_release+0xdd/0x120 [ 32.738588] ? kvm_irqfd_release+0xdd/0x120 [ 32.742908] ? kvm_put_kvm+0x1060/0x1060 [ 32.746967] kvm_vm_release+0x42/0x50 [ 32.750765] __fput+0x38a/0xa40 [ 32.754040] ? __alloc_file+0x400/0x400 [ 32.758017] ? check_same_owner+0x340/0x340 [ 32.762335] ? kasan_check_write+0x14/0x20 [ 32.766658] ? do_raw_spin_lock+0xc1/0x200 [ 32.770888] ____fput+0x15/0x20 [ 32.774166] task_work_run+0x1e8/0x2a0 [ 32.778050] ? task_work_cancel+0x240/0x240 [ 32.782372] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.787916] ? switch_task_namespaces+0xa2/0xd0 [ 32.792589] do_exit+0x1ae4/0x26e0 [ 32.796131] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.800804] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.805043] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.810055] ? kfree+0x1d7/0x210 [ 32.813419] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.817652] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.823364] ? is_bpf_text_address+0xd7/0x170 [ 32.827866] ? kernel_text_address+0x79/0xf0 [ 32.832274] ? __kernel_text_address+0xd/0x40 [ 32.836769] ? unwind_get_return_address+0x61/0xa0 [ 32.841698] ? __save_stack_trace+0x8d/0xf0 [ 32.846021] ? save_stack+0xa9/0xd0 [ 32.849645] ? save_stack+0x43/0xd0 [ 32.853264] ? __kasan_slab_free+0x11a/0x170 [ 32.857671] ? kasan_slab_free+0xe/0x10 [ 32.861661] ? putname+0xf2/0x130 [ 32.865111] ? __x64_sys_openat+0x9d/0x100 [ 32.869342] ? do_syscall_64+0x1b9/0x820 [ 32.873402] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.878765] ? trace_hardirqs_off+0xb8/0x2b0 [ 32.883169] ? kasan_check_read+0x11/0x20 [ 32.887316] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.891726] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.896140] ? initcall_blacklisted+0x9a/0x1e0 [ 32.900728] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.905849] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.911575] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.917124] ? do_vfs_ioctl+0x201/0x1720 [ 32.921195] ? rcu_is_watching+0x8c/0x150 [ 32.925844] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.930172] ? ioctl_preallocate+0x300/0x300 [ 32.934579] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.940118] ? __fget_light+0x2f7/0x440 [ 32.944089] ? fget_raw+0x20/0x20 [ 32.947540] ? putname+0xf2/0x130 [ 32.950993] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.956008] ? kmem_cache_free+0x246/0x280 [ 32.960247] ? putname+0xf7/0x130 [ 32.963707] do_group_exit+0x177/0x440 [ 32.967600] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.971923] ? __ia32_sys_exit+0x50/0x50 [ 32.976023] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.981127] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.986665] ? ksys_ioctl+0x81/0xd0 [ 32.990298] __x64_sys_exit_group+0x3e/0x50 [ 32.994622] do_syscall_64+0x1b9/0x820 [ 32.998509] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.003872] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.008799] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.013646] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.018663] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 33.023683] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.028710] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.033561] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.038749] RIP: 0033:0x43ecc8 [ 33.041941] Code: Bad RIP value. [ 33.045296] RSP: 002b:00007fff6cebbf88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.053423] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 33.060685] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.067948] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.075209] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.082468] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.089742] [ 33.089747] ====================================================== [ 33.089753] WARNING: possible circular locking dependency detected [ 33.089757] 4.19.0-rc1+ #216 Not tainted [ 33.089762] ------------------------------------------------------ [ 33.089767] syz-executor402/4661 is trying to acquire lock: [ 33.089771] 00000000822e0cfd ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 33.089786] [ 33.089790] but task is already holding lock: [ 33.089793] 00000000d5800d1d (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.089807] [ 33.089812] which lock already depends on the new lock. [ 33.089814] [ 33.089817] [ 33.089822] the existing dependency chain (in reverse order) is: [ 33.089824] [ 33.089826] -> #3 (report_lock){....}: [ 33.089850] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.089853] kasan_report+0x8e/0x110 [ 33.089858] __asan_report_load8_noabort+0x14/0x20 [ 33.089862] __schedule+0xf54/0x1df0 [ 33.089866] preempt_schedule_common+0x22/0x60 [ 33.089870] _cond_resched+0x1d/0x30 [ 33.089874] wait_for_completion+0xa5/0x8d0 [ 33.089877] __synchronize_srcu+0x189/0x240 [ 33.089885] synchronize_srcu+0x335/0x56f [ 33.089890] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.089894] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.089899] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.089902] kvm_put_kvm+0x73f/0x1060 [ 33.089906] kvm_vm_release+0x42/0x50 [ 33.089910] __fput+0x38a/0xa40 [ 33.089914] ____fput+0x15/0x20 [ 33.089918] task_work_run+0x1e8/0x2a0 [ 33.089926] do_exit+0x1ae4/0x26e0 [ 33.089930] do_group_exit+0x177/0x440 [ 33.089934] __x64_sys_exit_group+0x3e/0x50 [ 33.089938] do_syscall_64+0x1b9/0x820 [ 33.089943] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.089945] [ 33.089947] -> #2 (&rq->lock){-.-.}: [ 33.089962] _raw_spin_lock+0x2a/0x40 [ 33.089966] task_fork_fair+0x93/0x680 [ 33.089969] sched_fork+0x44b/0xbd0 [ 33.089973] copy_process+0x235e/0x7ad0 [ 33.089977] _do_fork+0x1ca/0x1170 [ 33.089981] kernel_thread+0x34/0x40 [ 33.089984] rest_init+0x22/0xe4 [ 33.089988] start_kernel+0x913/0x94e [ 33.089993] x86_64_start_reservations+0x29/0x2b [ 33.089997] x86_64_start_kernel+0x76/0x79 [ 33.090001] secondary_startup_64+0xa4/0xb0 [ 33.090003] [ 33.090006] -> #1 (&p->pi_lock){-.-.}: [ 33.090020] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.090024] try_to_wake_up+0xd2/0x1250 [ 33.090028] wake_up_process+0x10/0x20 [ 33.090032] __up.isra.1+0x1c0/0x2a0 [ 33.090035] up+0x13c/0x1c0 [ 33.090039] __up_console_sem+0xbe/0x1b0 [ 33.090043] console_unlock+0x506/0x10d0 [ 33.090047] vprintk_emit+0x33a/0x910 [ 33.090051] vprintk_default+0x28/0x30 [ 33.090055] vprintk_func+0x7a/0x117 [ 33.090058] printk+0xa7/0xcf [ 33.090062] load_umh+0x51/0xbd [ 33.090066] do_one_initcall+0x127/0x838 [ 33.090070] kernel_init_freeable+0x4bb/0x5ae [ 33.090074] kernel_init+0x11/0x1b3 [ 33.090078] ret_from_fork+0x3a/0x50 [ 33.090080] [ 33.090082] -> #0 ((console_sem).lock){-...}: [ 33.090097] lock_acquire+0x1e4/0x4f0 [ 33.090102] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.090105] down_trylock+0x13/0x70 [ 33.090110] __down_trylock_console_sem+0xae/0x200 [ 33.090114] console_trylock+0x15/0xa0 [ 33.090118] vprintk_emit+0x31f/0x910 [ 33.090122] vprintk_default+0x28/0x30 [ 33.090125] vprintk_func+0x7a/0x117 [ 33.090129] printk+0xa7/0xcf [ 33.090133] kasan_report+0x9e/0x110 [ 33.090137] __asan_report_load8_noabort+0x14/0x20 [ 33.090141] __schedule+0xf54/0x1df0 [ 33.090145] preempt_schedule_common+0x22/0x60 [ 33.090149] _cond_resched+0x1d/0x30 [ 33.090153] wait_for_completion+0xa5/0x8d0 [ 33.090158] __synchronize_srcu+0x189/0x240 [ 33.090162] synchronize_srcu+0x335/0x56f [ 33.090167] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.090171] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.090175] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.090179] kvm_put_kvm+0x73f/0x1060 [ 33.090183] kvm_vm_release+0x42/0x50 [ 33.090186] __fput+0x38a/0xa40 [ 33.090190] ____fput+0x15/0x20 [ 33.090194] task_work_run+0x1e8/0x2a0 [ 33.090197] do_exit+0x1ae4/0x26e0 [ 33.090201] do_group_exit+0x177/0x440 [ 33.090206] __x64_sys_exit_group+0x3e/0x50 [ 33.090209] do_syscall_64+0x1b9/0x820 [ 33.090215] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.090217] [ 33.090221] other info that might help us debug this: [ 33.090223] [ 33.090226] Chain exists of: [ 33.090229] (console_sem).lock --> &rq->lock --> report_lock [ 33.090247] [ 33.090251] Possible unsafe locking scenario: [ 33.090254] [ 33.090258] CPU0 CPU1 [ 33.090262] ---- ---- [ 33.090264] lock(report_lock); [ 33.090274] lock(&rq->lock); [ 33.090283] lock(report_lock); [ 33.090291] lock((console_sem).lock); [ 33.090299] [ 33.090302] *** DEADLOCK *** [ 33.090305] [ 33.090309] 2 locks held by syz-executor402/4661: [ 33.090311] #0: 0000000067ffd456 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 33.090328] #1: 00000000d5800d1d (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.090345] [ 33.090349] stack backtrace: [ 33.090354] CPU: 1 PID: 4661 Comm: syz-executor402 Not tainted 4.19.0-rc1+ #216 [ 33.090362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.090365] Call Trace: [ 33.090368] dump_stack+0x1c9/0x2b4 [ 33.090373] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.090382] ? vprintk_func+0x100/0x117 [ 33.090387] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 33.090391] ? save_trace+0xe0/0x290 [ 33.090395] __lock_acquire+0x3449/0x5020 [ 33.090399] ? mark_held_locks+0x160/0x160 [ 33.090403] ? mark_held_locks+0x160/0x160 [ 33.090408] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 33.090412] ? is_bpf_text_address+0xd7/0x170 [ 33.090416] ? kernel_text_address+0x79/0xf0 [ 33.090420] ? __kernel_text_address+0xd/0x40 [ 33.090424] ? __save_stack_trace+0x8d/0xf0 [ 33.090429] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 33.090433] ? save_trace+0x290/0x290 [ 33.090437] ? save_stack_trace+0x1a/0x20 [ 33.090440] ? save_trace+0xe0/0x290 [ 33.090444] ? graph_lock+0x170/0x170 [ 33.090449] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.090453] lock_acquire+0x1e4/0x4f0 [ 33.090457] ? down_trylock+0x13/0x70 [ 33.090461] ? lock_release+0x9f0/0x9f0 [ 33.090465] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.090469] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.090473] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.090477] ? log_store+0x34f/0x4c0 [ 33.090481] ? vprintk_emit+0x31f/0x910 [ 33.090485] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.090489] ? down_trylock+0x13/0x70 [ 33.090493] down_trylock+0x13/0x70 [ 33.090497] __down_trylock_console_sem+0xae/0x200 [ 33.090501] console_trylock+0x15/0xa0 [ 33.090505] vprintk_emit+0x31f/0x910 [ 33.090509] ? wake_up_klogd+0x110/0x110 [ 33.090513] ? run_rebalance_domains+0x4c0/0x4c0 [ 33.090517] ? kasan_check_read+0x11/0x20 [ 33.090521] ? rcu_is_watching+0x8c/0x150 [ 33.090525] ? rcu_pm_notify+0xc0/0xc0 [ 33.090529] ? lock_acquire+0x1e4/0x4f0 [ 33.090533] ? kasan_report+0x8e/0x110 [ 33.090537] ? __schedule+0xf54/0x1df0 [ 33.090541] vprintk_default+0x28/0x30 [ 33.090544] vprintk_func+0x7a/0x117 [ 33.090548] printk+0xa7/0xcf [ 33.090552] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.090556] ? kasan_check_write+0x14/0x20 [ 33.090560] ? do_raw_spin_lock+0xc1/0x200 [ 33.090564] ? do_raw_spin_lock+0xc1/0x200 [ 33.090568] kasan_report+0x9e/0x110 [ 33.090573] __asan_report_load8_noabort+0x14/0x20 [ 33.090576] __schedule+0xf54/0x1df0 [ 33.090581] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.090585] ? __sched_text_start+0x8/0x8 [ 33.090589] ? __call_srcu+0x7e7/0x1040 [ 33.090593] ? check_same_owner+0x340/0x340 [ 33.090597] ? mark_held_locks+0x160/0x160 [ 33.090601] ? find_held_lock+0x36/0x1c0 [ 33.090605] preempt_schedule_common+0x22/0x60 [ 33.090609] _cond_resched+0x1d/0x30 [ 33.090613] wait_for_completion+0xa5/0x8d0 [ 33.090618] ? wait_for_completion_interruptible+0x950/0x950 [ 33.090623] ? __lockdep_init_map+0x105/0x590 [ 33.090627] ? __init_waitqueue_head+0x9e/0x150 [ 33.090631] ? init_wait_entry+0x1c0/0x1c0 [ 33.090635] __synchronize_srcu+0x189/0x240 [ 33.090639] ? call_srcu+0x10/0x10 [ 33.090643] ? rcu_unexpedite_gp+0x20/0x20 [ 33.090647] synchronize_srcu+0x335/0x56f [ 33.090651] ? lock_downgrade+0x8f0/0x8f0 [ 33.090656] ? synchronize_srcu_expedited+0x20/0x20 [ 33.090660] ? kasan_check_read+0x11/0x20 [ 33.090664] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.090668] ? kasan_check_write+0x14/0x20 [ 33.090672] ? do_raw_spin_lock+0xc1/0x200 [ 33.090677] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.090682] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.090686] ? kvfree+0x61/0x70 [ 33.090691] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.090694] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.090699] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.090703] ? kvm_arch_sync_events+0x30/0x30 [ 33.090708] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.090712] ? mmu_notifier_unregister+0x474/0x600 [ 33.090716] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.090720] ? kfree+0x111/0x210 [ 33.090724] ? __mmu_notifier_register+0x30/0x30 [ 33.090728] ? __free_pages+0x10a/0x190 [ 33.090732] ? free_unref_page+0x930/0x930 [ 33.090736] kvm_put_kvm+0x73f/0x1060 [ 33.090740] ? kvm_write_guest_cached+0x40/0x40 [ 33.090745] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.090749] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.090753] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.090757] ? kasan_check_write+0x14/0x20 [ 33.090761] ? do_raw_spin_lock+0xc1/0x200 [ 33.090765] ? kvm_irqfd_release+0xdd/0x120 [ 33.090770] ? kvm_irqfd_release+0xdd/0x120 [ 33.090774] ? kvm_put_kvm+0x1060/0x1060 [ 33.090777] kvm_vm_release+0x42/0x50 [ 33.090781] __fput+0x38a/0xa40 [ 33.090785] ? __alloc_file+0x400/0x400 [ 33.090789] ? check_same_owner+0x340/0x340 [ 33.090793] ? kasan_check_write+0x14/0x20 [ 33.090797] ? do_raw_spin_lock+0xc1/0x200 [ 33.090801] ____fput+0x15/0x20 [ 33.090804] task_work_run+0x1e8/0x2a0 [ 33.090809] ? task_work_cancel+0x240/0x240 [ 33.090813] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.090818] ? switch_task_namespaces+0xa2/0xd0 [ 33.090821] do_exit+0x1ae4/0x26e0 [ 33.090826] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.090837] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.090842] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.090845] ? kfree+0x1d7/0x210 [ 33.090850] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.090854] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.090859] ? is_bpf_text_address+0xd7/0x170 [ 33.090861] ? [ 33.090868] Lost 55 message(s)! [ 34.162622] Shutting down cpus with NMI [ 35.221421] Dumping ftrace buffer: [ 35.224946] (ftrace buffer empty) [ 35.228670] Kernel Offset: disabled [ 35.232280] Rebooting in 86400 seconds..