[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.027836] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.748553] random: sshd: uninitialized urandom read (32 bytes read) [ 36.061386] random: sshd: uninitialized urandom read (32 bytes read) [ 36.619834] random: sshd: uninitialized urandom read (32 bytes read) [ 36.798233] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts. [ 46.114299] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 46.225629] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 46.251041] ================================================================== [ 46.260967] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 46.267217] Read of size 8 at addr ffff8801c9200058 by task syz-executor070/4648 [ 46.274753] [ 46.276396] CPU: 1 PID: 4648 Comm: syz-executor070 Not tainted 4.19.0-rc2+ #220 [ 46.283835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.293194] Call Trace: [ 46.295802] dump_stack+0x1c9/0x2b4 [ 46.299452] ? dump_stack_print_info.cold.2+0x52/0x52 [ 46.304667] ? printk+0xa7/0xcf [ 46.307965] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 46.312747] ? __schedule+0xf54/0x1df0 [ 46.316667] print_address_description+0x6c/0x20b [ 46.321531] ? __schedule+0xf54/0x1df0 [ 46.325425] kasan_report.cold.7+0x242/0x30d [ 46.329840] __asan_report_load8_noabort+0x14/0x20 [ 46.334774] __schedule+0xf54/0x1df0 [ 46.338492] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 46.343611] ? __sched_text_start+0x8/0x8 [ 46.347772] ? __call_srcu+0x7e7/0x1040 [ 46.351759] ? check_same_owner+0x340/0x340 [ 46.356082] ? mark_held_locks+0x160/0x160 [ 46.360317] ? find_held_lock+0x36/0x1c0 [ 46.364387] preempt_schedule_common+0x22/0x60 [ 46.368979] _cond_resched+0x1d/0x30 [ 46.372703] wait_for_completion+0xa5/0x8d0 [ 46.377036] ? wait_for_completion_interruptible+0x950/0x950 [ 46.382840] ? __lockdep_init_map+0x105/0x590 [ 46.387343] ? __init_waitqueue_head+0x9e/0x150 [ 46.392013] ? init_wait_entry+0x1c0/0x1c0 [ 46.396252] __synchronize_srcu+0x189/0x240 [ 46.400573] ? call_srcu+0x10/0x10 [ 46.404118] ? rcu_unexpedite_gp+0x20/0x20 [ 46.408375] synchronize_srcu+0x335/0x56f [ 46.412531] ? lock_downgrade+0x8f0/0x8f0 [ 46.416683] ? synchronize_srcu_expedited+0x20/0x20 [ 46.421704] ? kasan_check_read+0x11/0x20 [ 46.425860] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 46.430442] ? kasan_check_write+0x14/0x20 [ 46.434676] ? do_raw_spin_lock+0xc1/0x200 [ 46.438915] kvm_page_track_unregister_notifier+0x17d/0x250 [ 46.444640] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 46.450091] ? kvfree+0x61/0x70 [ 46.453382] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.458397] kvm_mmu_uninit_vm+0x1c/0x20 [ 46.462452] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 46.466865] ? kvm_arch_sync_events+0x30/0x30 [ 46.471374] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.476933] ? mmu_notifier_unregister+0x474/0x600 [ 46.481879] ? trace_hardirqs_on+0x2c0/0x2c0 [ 46.486294] ? kfree+0x111/0x210 [ 46.489684] ? __mmu_notifier_register+0x30/0x30 [ 46.494458] ? __free_pages+0x10a/0x190 [ 46.498462] ? free_unref_page+0x930/0x930 [ 46.502713] kvm_put_kvm+0x73f/0x1060 [ 46.506521] ? kvm_write_guest_cached+0x40/0x40 [ 46.511198] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.516700] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.521195] ? lockdep_hardirqs_on+0x421/0x5c0 [ 46.525783] ? kasan_check_write+0x14/0x20 [ 46.530016] ? do_raw_spin_lock+0xc1/0x200 [ 46.534253] ? kvm_irqfd_release+0xdd/0x120 [ 46.538570] ? kvm_irqfd_release+0xdd/0x120 [ 46.542893] ? kvm_put_kvm+0x1060/0x1060 [ 46.546953] kvm_vm_release+0x42/0x50 [ 46.550757] __fput+0x38a/0xa40 [ 46.554035] ? __alloc_file+0x400/0x400 [ 46.558015] ? check_same_owner+0x340/0x340 [ 46.562338] ? kasan_check_write+0x14/0x20 [ 46.566576] ? do_raw_spin_lock+0xc1/0x200 [ 46.570815] ____fput+0x15/0x20 [ 46.574127] task_work_run+0x1e8/0x2a0 [ 46.578018] ? task_work_cancel+0x240/0x240 [ 46.582343] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 46.587906] ? switch_task_namespaces+0xa2/0xd0 [ 46.592580] do_exit+0x1ae4/0x26e0 [ 46.596122] ? mm_update_next_owner+0x9a0/0x9a0 [ 46.600804] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 46.605044] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.610065] ? kfree+0x1d7/0x210 [ 46.613438] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 46.617678] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 46.623396] ? is_bpf_text_address+0xd7/0x170 [ 46.627895] ? kernel_text_address+0x79/0xf0 [ 46.632307] ? __kernel_text_address+0xd/0x40 [ 46.636807] ? unwind_get_return_address+0x61/0xa0 [ 46.641763] ? __save_stack_trace+0x8d/0xf0 [ 46.646094] ? save_stack+0xa9/0xd0 [ 46.649716] ? save_stack+0x43/0xd0 [ 46.653344] ? __kasan_slab_free+0x11a/0x170 [ 46.657754] ? kasan_slab_free+0xe/0x10 [ 46.661729] ? putname+0xf2/0x130 [ 46.665187] ? __x64_sys_openat+0x9d/0x100 [ 46.669423] ? do_syscall_64+0x1b9/0x820 [ 46.673484] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.678845] ? trace_hardirqs_off+0xb8/0x2b0 [ 46.683254] ? kasan_check_read+0x11/0x20 [ 46.687404] ? do_raw_spin_unlock+0xa7/0x2f0 [ 46.691809] ? trace_hardirqs_on+0x2c0/0x2c0 [ 46.696224] ? initcall_blacklisted+0x9a/0x1e0 [ 46.700818] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 46.705966] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 46.711689] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.717231] ? do_vfs_ioctl+0x201/0x1720 [ 46.721297] ? rcu_is_watching+0x8c/0x150 [ 46.725445] ? trace_hardirqs_on+0xbd/0x2c0 [ 46.729771] ? ioctl_preallocate+0x300/0x300 [ 46.734184] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.739723] ? __fget_light+0x2f7/0x440 [ 46.743695] ? fget_raw+0x20/0x20 [ 46.747150] ? putname+0xf2/0x130 [ 46.750604] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.755626] ? kmem_cache_free+0x246/0x280 [ 46.759871] ? putname+0xf7/0x130 [ 46.763328] do_group_exit+0x177/0x440 [ 46.767217] ? trace_hardirqs_on+0xbd/0x2c0 [ 46.771539] ? __ia32_sys_exit+0x50/0x50 [ 46.775596] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 46.780702] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.786237] ? ksys_ioctl+0x81/0xd0 [ 46.789868] __x64_sys_exit_group+0x3e/0x50 [ 46.794195] do_syscall_64+0x1b9/0x820 [ 46.798080] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 46.803450] ? syscall_return_slowpath+0x5e0/0x5e0 [ 46.808378] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.813217] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 46.818231] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 46.823249] ? prepare_exit_to_usermode+0x291/0x3b0 [ 46.828267] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.833114] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.838320] RIP: 0033:0x43ecc8 [ 46.841514] Code: Bad RIP value. [ 46.844870] RSP: 002b:00007ffe56efa518 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 46.852575] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 46.859838] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 46.867103] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 46.874365] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 46.881639] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 46.888911] [ 46.890532] Allocated by task 4648: [ 46.894167] save_stack+0x43/0xd0 [ 46.897617] kasan_kmalloc+0xc4/0xe0 [ 46.901357] kasan_slab_alloc+0x12/0x20 [ 46.905329] kmem_cache_alloc+0x12e/0x710 [ 46.909473] vmx_create_vcpu+0xcf/0x2830 [ 46.913534] kvm_arch_vcpu_create+0xe5/0x220 [ 46.917947] kvm_vm_ioctl+0x488/0x1d80 [ 46.921835] do_vfs_ioctl+0x1de/0x1720 [ 46.925722] ksys_ioctl+0xa9/0xd0 [ 46.929179] __x64_sys_ioctl+0x73/0xb0 [ 46.933068] do_syscall_64+0x1b9/0x820 [ 46.936952] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.942129] [ 46.943752] Freed by task 4648: [ 46.947030] save_stack+0x43/0xd0 [ 46.950481] __kasan_slab_free+0x11a/0x170 [ 46.954727] kasan_slab_free+0xe/0x10 [ 46.958521] kmem_cache_free+0x86/0x280 [ 46.962495] vmx_free_vcpu+0x26b/0x300 [ 46.966378] kvm_arch_destroy_vm+0x365/0x7c0 [ 46.970785] kvm_put_kvm+0x73f/0x1060 [ 46.974583] kvm_vm_release+0x42/0x50 [ 46.978380] __fput+0x38a/0xa40 [ 46.981662] ____fput+0x15/0x20 [ 46.984940] task_work_run+0x1e8/0x2a0 [ 46.988824] do_exit+0x1ae4/0x26e0 [ 46.992362] do_group_exit+0x177/0x440 [ 46.996248] __x64_sys_exit_group+0x3e/0x50 [ 47.000568] do_syscall_64+0x1b9/0x820 [ 47.004455] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.009641] [ 47.011270] The buggy address belongs to the object at ffff8801c9200040 [ 47.011270] which belongs to the cache kvm_vcpu of size 23872 [ 47.023850] The buggy address is located 24 bytes inside of [ 47.023850] 23872-byte region [ffff8801c9200040, ffff8801c9205d80) [ 47.035808] The buggy address belongs to the page: [ 47.040740] page:ffffea0007248000 count:1 mapcount:0 mapping:ffff8801d4a4f9c0 index:0x0 compound_mapcount: 0 [ 47.050731] flags: 0x2fffc0000008100(slab|head) [ 47.055403] raw: 02fffc0000008100 ffff8801d4a63c48 ffff8801d4a63c48 ffff8801d4a4f9c0 [ 47.063289] raw: 0000000000000000 ffff8801c9200040 0000000100000001 0000000000000000 [ 47.071166] page dumped because: kasan: bad access detected [ 47.076865] [ 47.078482] Memory state around the buggy address: [ 47.083409] ffff8801c91fff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.090766] ffff8801c91fff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.098119] >ffff8801c9200000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 47.105473] ^ [ 47.111702] ffff8801c9200080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.119059] ffff8801c9200100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.126407] ================================================================== [ 47.133761] Kernel panic - not syncing: panic_on_warn set ... [ 47.133761] [ 47.141132] CPU: 1 PID: 4648 Comm: syz-executor070 Tainted: G B 4.19.0-rc2+ #220 [ 47.149963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.159313] Call Trace: [ 47.161909] dump_stack+0x1c9/0x2b4 [ 47.165541] ? dump_stack_print_info.cold.2+0x52/0x52 [ 47.170731] ? lock_downgrade+0x8f0/0x8f0 [ 47.174881] ? __schedule+0xf54/0x1df0 [ 47.178770] panic+0x238/0x4e7 [ 47.181962] ? add_taint.cold.5+0x16/0x16 [ 47.186117] ? print_shadow_for_address+0xba/0x116 [ 47.191049] ? trace_hardirqs_off+0xaf/0x2b0 [ 47.195454] ? trace_hardirqs_off+0x77/0x2b0 [ 47.199863] ? __schedule+0xf54/0x1df0 [ 47.203753] kasan_end_report+0x47/0x4f [ 47.207729] kasan_report.cold.7+0x76/0x30d [ 47.212053] __asan_report_load8_noabort+0x14/0x20 [ 47.216981] __schedule+0xf54/0x1df0 [ 47.220695] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 47.225804] ? __sched_text_start+0x8/0x8 [ 47.229950] ? __call_srcu+0x7e7/0x1040 [ 47.233932] ? check_same_owner+0x340/0x340 [ 47.238287] ? mark_held_locks+0x160/0x160 [ 47.242519] ? find_held_lock+0x36/0x1c0 [ 47.246591] preempt_schedule_common+0x22/0x60 [ 47.251178] _cond_resched+0x1d/0x30 [ 47.254895] wait_for_completion+0xa5/0x8d0 [ 47.259218] ? wait_for_completion_interruptible+0x950/0x950 [ 47.265016] ? __lockdep_init_map+0x105/0x590 [ 47.269513] ? __init_waitqueue_head+0x9e/0x150 [ 47.274180] ? init_wait_entry+0x1c0/0x1c0 [ 47.278418] __synchronize_srcu+0x189/0x240 [ 47.282739] ? call_srcu+0x10/0x10 [ 47.286281] ? rcu_unexpedite_gp+0x20/0x20 [ 47.290519] synchronize_srcu+0x335/0x56f [ 47.294671] ? lock_downgrade+0x8f0/0x8f0 [ 47.298819] ? synchronize_srcu_expedited+0x20/0x20 [ 47.303835] ? kasan_check_read+0x11/0x20 [ 47.307982] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 47.312571] ? kasan_check_write+0x14/0x20 [ 47.316832] ? do_raw_spin_lock+0xc1/0x200 [ 47.321072] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.326786] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 47.332241] ? kvfree+0x61/0x70 [ 47.335522] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.340539] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.344601] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.349014] ? kvm_arch_sync_events+0x30/0x30 [ 47.353512] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.359050] ? mmu_notifier_unregister+0x474/0x600 [ 47.363976] ? trace_hardirqs_on+0x2c0/0x2c0 [ 47.368381] ? kfree+0x111/0x210 [ 47.371752] ? __mmu_notifier_register+0x30/0x30 [ 47.376510] ? __free_pages+0x10a/0x190 [ 47.380483] ? free_unref_page+0x930/0x930 [ 47.384977] kvm_put_kvm+0x73f/0x1060 [ 47.388783] ? kvm_write_guest_cached+0x40/0x40 [ 47.393457] ? _raw_spin_unlock_irq+0x27/0x70 [ 47.397954] ? _raw_spin_unlock_irq+0x27/0x70 [ 47.402450] ? lockdep_hardirqs_on+0x421/0x5c0 [ 47.407039] ? kasan_check_write+0x14/0x20 [ 47.411273] ? do_raw_spin_lock+0xc1/0x200 [ 47.415515] ? kvm_irqfd_release+0xdd/0x120 [ 47.419836] ? kvm_irqfd_release+0xdd/0x120 [ 47.424168] ? kvm_put_kvm+0x1060/0x1060 [ 47.428229] kvm_vm_release+0x42/0x50 [ 47.432029] __fput+0x38a/0xa40 [ 47.435310] ? __alloc_file+0x400/0x400 [ 47.439286] ? check_same_owner+0x340/0x340 [ 47.443605] ? kasan_check_write+0x14/0x20 [ 47.447857] ? do_raw_spin_lock+0xc1/0x200 [ 47.452093] ____fput+0x15/0x20 [ 47.455370] task_work_run+0x1e8/0x2a0 [ 47.459260] ? task_work_cancel+0x240/0x240 [ 47.463585] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.469122] ? switch_task_namespaces+0xa2/0xd0 [ 47.473797] do_exit+0x1ae4/0x26e0 [ 47.477340] ? mm_update_next_owner+0x9a0/0x9a0 [ 47.482015] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 47.486250] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.491263] ? kfree+0x1d7/0x210 [ 47.494640] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 47.498879] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 47.504597] ? is_bpf_text_address+0xd7/0x170 [ 47.509096] ? kernel_text_address+0x79/0xf0 [ 47.513505] ? __kernel_text_address+0xd/0x40 [ 47.518469] ? unwind_get_return_address+0x61/0xa0 [ 47.523404] ? __save_stack_trace+0x8d/0xf0 [ 47.527731] ? save_stack+0xa9/0xd0 [ 47.531358] ? save_stack+0x43/0xd0 [ 47.534981] ? __kasan_slab_free+0x11a/0x170 [ 47.539385] ? kasan_slab_free+0xe/0x10 [ 47.543358] ? putname+0xf2/0x130 [ 47.546814] ? __x64_sys_openat+0x9d/0x100 [ 47.551048] ? do_syscall_64+0x1b9/0x820 [ 47.555106] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.560472] ? trace_hardirqs_off+0xb8/0x2b0 [ 47.564878] ? kasan_check_read+0x11/0x20 [ 47.569026] ? do_raw_spin_unlock+0xa7/0x2f0 [ 47.573430] ? trace_hardirqs_on+0x2c0/0x2c0 [ 47.577839] ? initcall_blacklisted+0x9a/0x1e0 [ 47.582420] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 47.587525] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 47.593237] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.598777] ? do_vfs_ioctl+0x201/0x1720 [ 47.602840] ? rcu_is_watching+0x8c/0x150 [ 47.606986] ? trace_hardirqs_on+0xbd/0x2c0 [ 47.611305] ? ioctl_preallocate+0x300/0x300 [ 47.615717] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.621255] ? __fget_light+0x2f7/0x440 [ 47.625230] ? fget_raw+0x20/0x20 [ 47.628680] ? putname+0xf2/0x130 [ 47.632134] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.637162] ? kmem_cache_free+0x246/0x280 [ 47.641398] ? putname+0xf7/0x130 [ 47.644853] do_group_exit+0x177/0x440 [ 47.648782] ? trace_hardirqs_on+0xbd/0x2c0 [ 47.653126] ? __ia32_sys_exit+0x50/0x50 [ 47.657195] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 47.662300] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.667838] ? ksys_ioctl+0x81/0xd0 [ 47.671467] __x64_sys_exit_group+0x3e/0x50 [ 47.675803] do_syscall_64+0x1b9/0x820 [ 47.679689] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 47.685053] ? syscall_return_slowpath+0x5e0/0x5e0 [ 47.689978] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.694822] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 47.699841] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 47.704866] ? prepare_exit_to_usermode+0x291/0x3b0 [ 47.709888] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.714740] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.719927] RIP: 0033:0x43ecc8 [ 47.723124] Code: Bad RIP value. [ 47.726488] RSP: 002b:00007ffe56efa518 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 47.734197] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 47.741464] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 47.748732] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 47.756000] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 47.763266] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 47.770545] [ 47.770551] ====================================================== [ 47.770556] WARNING: possible circular locking dependency detected [ 47.770560] 4.19.0-rc2+ #220 Not tainted [ 47.770565] ------------------------------------------------------ [ 47.770570] syz-executor070/4648 is trying to acquire lock: [ 47.770574] 000000001cb12bd0 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 47.770590] [ 47.770594] but task is already holding lock: [ 47.770597] 000000006012af63 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 47.770611] [ 47.770616] which lock already depends on the new lock. [ 47.770618] [ 47.770621] [ 47.770626] the existing dependency chain (in reverse order) is: [ 47.770628] [ 47.770630] -> #3 (report_lock){....}: [ 47.770654] _raw_spin_lock_irqsave+0x96/0xc0 [ 47.770658] kasan_report+0x8e/0x110 [ 47.770662] __asan_report_load8_noabort+0x14/0x20 [ 47.770666] __schedule+0xf54/0x1df0 [ 47.770670] preempt_schedule_common+0x22/0x60 [ 47.770674] _cond_resched+0x1d/0x30 [ 47.770678] wait_for_completion+0xa5/0x8d0 [ 47.770683] __synchronize_srcu+0x189/0x240 [ 47.770687] synchronize_srcu+0x335/0x56f [ 47.770692] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.770696] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.770700] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.770704] kvm_put_kvm+0x73f/0x1060 [ 47.770708] kvm_vm_release+0x42/0x50 [ 47.770711] __fput+0x38a/0xa40 [ 47.770715] ____fput+0x15/0x20 [ 47.770719] task_work_run+0x1e8/0x2a0 [ 47.770723] do_exit+0x1ae4/0x26e0 [ 47.770727] do_group_exit+0x177/0x440 [ 47.770731] __x64_sys_exit_group+0x3e/0x50 [ 47.770735] do_syscall_64+0x1b9/0x820 [ 47.770740] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.770742] [ 47.770744] -> #2 (&rq->lock){-.-.}: [ 47.770758] _raw_spin_lock+0x2a/0x40 [ 47.770762] task_fork_fair+0x93/0x680 [ 47.770766] sched_fork+0x44b/0xbd0 [ 47.770770] copy_process+0x235e/0x7ad0 [ 47.770773] _do_fork+0x1ca/0x1170 [ 47.770777] kernel_thread+0x34/0x40 [ 47.770781] rest_init+0x22/0xe4 [ 47.770785] start_kernel+0x913/0x94e [ 47.770789] x86_64_start_reservations+0x29/0x2b [ 47.770793] x86_64_start_kernel+0x76/0x79 [ 47.770797] secondary_startup_64+0xa4/0xb0 [ 47.770799] [ 47.770802] -> #1 (&p->pi_lock){-.-.}: [ 47.770816] _raw_spin_lock_irqsave+0x96/0xc0 [ 47.770820] try_to_wake_up+0xd2/0x1250 [ 47.770824] wake_up_process+0x10/0x20 [ 47.770828] __up.isra.1+0x1c0/0x2a0 [ 47.770831] up+0x13c/0x1c0 [ 47.770835] __up_console_sem+0xbe/0x1b0 [ 47.770839] console_unlock+0x506/0x10d0 [ 47.770843] vprintk_emit+0x33a/0x910 [ 47.770847] vprintk_default+0x28/0x30 [ 47.770851] vprintk_func+0x7a/0x117 [ 47.770854] printk+0xa7/0xcf [ 47.770858] load_umh+0x51/0xbd [ 47.770862] do_one_initcall+0x127/0x838 [ 47.770866] kernel_init_freeable+0x4bb/0x5ae [ 47.770870] kernel_init+0x11/0x1b3 [ 47.770873] ret_from_fork+0x3a/0x50 [ 47.770876] [ 47.770878] -> #0 ((console_sem).lock){-...}: [ 47.770892] lock_acquire+0x1e4/0x4f0 [ 47.770897] _raw_spin_lock_irqsave+0x96/0xc0 [ 47.770900] down_trylock+0x13/0x70 [ 47.770905] __down_trylock_console_sem+0xae/0x200 [ 47.770909] console_trylock+0x15/0xa0 [ 47.770913] vprintk_emit+0x31f/0x910 [ 47.770917] vprintk_default+0x28/0x30 [ 47.770920] vprintk_func+0x7a/0x117 [ 47.770924] printk+0xa7/0xcf [ 47.770928] kasan_report+0x9e/0x110 [ 47.770932] __asan_report_load8_noabort+0x14/0x20 [ 47.770936] __schedule+0xf54/0x1df0 [ 47.770940] preempt_schedule_common+0x22/0x60 [ 47.770944] _cond_resched+0x1d/0x30 [ 47.770948] wait_for_completion+0xa5/0x8d0 [ 47.770953] __synchronize_srcu+0x189/0x240 [ 47.770957] synchronize_srcu+0x335/0x56f [ 47.770962] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.770966] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.770970] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.770974] kvm_put_kvm+0x73f/0x1060 [ 47.770978] kvm_vm_release+0x42/0x50 [ 47.770981] __fput+0x38a/0xa40 [ 47.770985] ____fput+0x15/0x20 [ 47.770989] task_work_run+0x1e8/0x2a0 [ 47.770992] do_exit+0x1ae4/0x26e0 [ 47.770996] do_group_exit+0x177/0x440 [ 47.771000] __x64_sys_exit_group+0x3e/0x50 [ 47.771004] do_syscall_64+0x1b9/0x820 [ 47.771009] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.771011] [ 47.771016] other info that might help us debug this: [ 47.771018] [ 47.771021] Chain exists of: [ 47.771023] (console_sem).lock --> &rq->lock --> report_lock [ 47.771041] [ 47.771046] Possible unsafe locking scenario: [ 47.771048] [ 47.771052] CPU0 CPU1 [ 47.771056] ---- ---- [ 47.771058] lock(report_lock); [ 47.771068] lock(&rq->lock); [ 47.771077] lock(report_lock); [ 47.771100] lock((console_sem).lock); [ 47.771123] [ 47.771126] *** DEADLOCK *** [ 47.771129] [ 47.771133] 2 locks held by syz-executor070/4648: [ 47.771135] #0: 0000000018765ffa (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 47.771158] #1: 000000006012af63 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 47.771174] [ 47.771177] stack backtrace: [ 47.771183] CPU: 1 PID: 4648 Comm: syz-executor070 Not tainted 4.19.0-rc2+ #220 [ 47.771191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.771194] Call Trace: [ 47.771197] dump_stack+0x1c9/0x2b4 [ 47.771202] ? dump_stack_print_info.cold.2+0x52/0x52 [ 47.771206] ? vprintk_func+0x100/0x117 [ 47.771211] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 47.771215] ? save_trace+0xe0/0x290 [ 47.771219] __lock_acquire+0x3449/0x5020 [ 47.771223] ? mark_held_locks+0x160/0x160 [ 47.771227] ? mark_held_locks+0x160/0x160 [ 47.771231] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 47.771236] ? is_bpf_text_address+0xd7/0x170 [ 47.771240] ? kernel_text_address+0x79/0xf0 [ 47.771244] ? __kernel_text_address+0xd/0x40 [ 47.771248] ? __save_stack_trace+0x8d/0xf0 [ 47.771253] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 47.771257] ? save_trace+0x290/0x290 [ 47.771261] ? save_stack_trace+0x1a/0x20 [ 47.771264] ? save_trace+0xe0/0x290 [ 47.771268] ? graph_lock+0x170/0x170 [ 47.771273] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.771277] lock_acquire+0x1e4/0x4f0 [ 47.771281] ? down_trylock+0x13/0x70 [ 47.771285] ? lock_release+0x9f0/0x9f0 [ 47.771289] ? trace_hardirqs_off+0xb8/0x2b0 [ 47.771293] ? trace_hardirqs_on+0x2c0/0x2c0 [ 47.771297] ? trace_hardirqs_off+0xb8/0x2b0 [ 47.771301] ? log_store+0x34f/0x4c0 [ 47.771305] ? vprintk_emit+0x31f/0x910 [ 47.771309] _raw_spin_lock_irqsave+0x96/0xc0 [ 47.771313] ? down_trylock+0x13/0x70 [ 47.771317] down_trylock+0x13/0x70 [ 47.771321] __down_trylock_console_sem+0xae/0x200 [ 47.771325] console_trylock+0x15/0xa0 [ 47.771329] vprintk_emit+0x31f/0x910 [ 47.771333] ? wake_up_klogd+0x110/0x110 [ 47.771337] ? run_rebalance_domains+0x4c0/0x4c0 [ 47.771341] ? kasan_check_read+0x11/0x20 [ 47.771345] ? rcu_is_watching+0x8c/0x150 [ 47.771349] ? rcu_pm_notify+0xc0/0xc0 [ 47.771353] ? lock_acquire+0x1e4/0x4f0 [ 47.771357] ? kasan_report+0x8e/0x110 [ 47.771361] ? __schedule+0xf54/0x1df0 [ 47.771365] vprintk_default+0x28/0x30 [ 47.771369] vprintk_func+0x7a/0x117 [ 47.771372] printk+0xa7/0xcf [ 47.771376] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 47.771381] ? kasan_check_write+0x14/0x20 [ 47.771385] ? do_raw_spin_lock+0xc1/0x200 [ 47.771389] ? do_raw_spin_lock+0xc1/0x200 [ 47.771392] kasan_report+0x9e/0x110 [ 47.771397] __asan_report_load8_noabort+0x14/0x20 [ 47.771401] __schedule+0xf54/0x1df0 [ 47.771405] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 47.771409] ? __sched_text_start+0x8/0x8 [ 47.771413] ? __call_srcu+0x7e7/0x1040 [ 47.771417] ? check_same_owner+0x340/0x340 [ 47.771422] ? mark_held_locks+0x160/0x160 [ 47.771425] ? find_held_lock+0x36/0x1c0 [ 47.771430] preempt_schedule_common+0x22/0x60 [ 47.771434] _cond_resched+0x1d/0x30 [ 47.771438] wait_for_completion+0xa5/0x8d0 [ 47.771443] ? wait_for_completion_interruptible+0x950/0x950 [ 47.771447] ? __lockdep_init_map+0x105/0x590 [ 47.771451] ? __init_waitqueue_head+0x9e/0x150 [ 47.771455] ? init_wait_entry+0x1c0/0x1c0 [ 47.771460] __synchronize_srcu+0x189/0x240 [ 47.771463] ? call_srcu+0x10/0x10 [ 47.771467] ? rcu_unexpedite_gp+0x20/0x20 [ 47.771471] synchronize_srcu+0x335/0x56f [ 47.771475] ? lock_downgrade+0x8f0/0x8f0 [ 47.771480] ? synchronize_srcu_expedited+0x20/0x20 [ 47.771484] ? kasan_check_read+0x11/0x20 [ 47.771488] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 47.771493] ? kasan_check_write+0x14/0x20 [ 47.771497] ? do_raw_spin_lock+0xc1/0x200 [ 47.771502] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.771506] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 47.771510] ? kvfree+0x61/0x70 [ 47.771514] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.771518] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.771523] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.771527] ? kvm_arch_sync_events+0x30/0x30 [ 47.771532] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.771536] ? mmu_notifier_unregister+0x474/0x600 [ 47.771540] ? trace_hardirqs_on+0x2c0/0x2c0 [ 47.771544] ? kfree+0x111/0x210 [ 47.771548] ? __mmu_notifier_register+0x30/0x30 [ 47.771552] ? __free_pages+0x10a/0x190 [ 47.771556] ? free_unref_page+0x930/0x930 [ 47.771560] kvm_put_kvm+0x73f/0x1060 [ 47.771564] ? kvm_write_guest_cached+0x40/0x40 [ 47.771569] ? _raw_spin_unlock_irq+0x27/0x70 [ 47.771573] ? _raw_spin_unlock_irq+0x27/0x70 [ 47.771577] ? lockdep_hardirqs_on+0x421/0x5c0 [ 47.771581] ? kasan_check_write+0x14/0x20 [ 47.771585] ? do_raw_spin_lock+0xc1/0x200 [ 47.771589] ? kvm_irqfd_release+0xdd/0x120 [ 47.771594] ? kvm_irqfd_release+0xdd/0x120 [ 47.771598] ? kvm_put_kvm+0x1060/0x1060 [ 47.771601] kvm_vm_release+0x42/0x50 [ 47.771605] __fput+0x38a/0xa40 [ 47.771609] ? __alloc_file+0x400/0x400 [ 47.771613] ? check_same_owner+0x340/0x340 [ 47.771617] ? kasan_check_write+0x14/0x20 [ 47.771621] ? do_raw_spin_lock+0xc1/0x200 [ 47.771625] ____fput+0x15/0x20 [ 47.771629] task_work_run+0x1e8/0x2a0 [ 47.771640] ? task_work_cancel+0x240/0x240 [ 47.771645] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.771651] ? switch_task_namespaces+0xa2/0xd0 [ 47.771654] do_exit+0x1ae4/0x26e0 [ 47.771659] ? mm_update_next_owner+0x9a0/0x9a0 [ 47.771663] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 47.771667] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.771671] ? kfree+0x1d7/0x210 [ 47.771675] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 47.771680] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 47.771684] ? is_bpf_text_address+0xd7/0x170 [ 47.771686] ? [ 47.771694] Lost 55 message(s)! [ 48.834724] Shutting down cpus with NMI [ 49.894085] Dumping ftrace buffer: [ 49.897609] (ftrace buffer empty) [ 49.901298] Kernel Offset: disabled [ 49.904907] Rebooting in 86400 seconds..