[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 26.009554] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.369022] random: sshd: uninitialized urandom read (32 bytes read) [ 29.778603] random: sshd: uninitialized urandom read (32 bytes read) [ 30.379372] random: sshd: uninitialized urandom read (32 bytes read) [ 30.620436] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.221' (ECDSA) to the list of known hosts. [ 36.283239] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 36.405203] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 36.432221] ================================================================== [ 36.441697] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 36.447928] Read of size 8 at addr ffff8801bc2f0058 by task syz-executor474/5364 [ 36.455453] [ 36.457087] CPU: 0 PID: 5364 Comm: syz-executor474 Not tainted 4.19.0-rc3+ #231 [ 36.464526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.473892] Call Trace: [ 36.476487] dump_stack+0x1c4/0x2b4 [ 36.480115] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.485321] ? printk+0xa7/0xcf [ 36.488603] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.493367] print_address_description.cold.8+0x9/0x1ff [ 36.498743] kasan_report.cold.9+0x242/0x309 [ 36.503160] ? __schedule+0xfc3/0x1ed0 [ 36.507830] __asan_report_load8_noabort+0x14/0x20 [ 36.512762] __schedule+0xfc3/0x1ed0 [ 36.516480] ? __sched_text_start+0x8/0x8 [ 36.520631] ? __lock_is_held+0xb5/0x140 [ 36.524691] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.529798] ? find_held_lock+0x36/0x1c0 [ 36.533866] ? __call_srcu+0x7f9/0x1070 [ 36.537847] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.542967] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.548072] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.552654] ? preempt_schedule+0x4d/0x60 [ 36.556803] preempt_schedule_common+0x1f/0xd0 [ 36.561396] preempt_schedule+0x4d/0x60 [ 36.565375] ___preempt_schedule+0x16/0x18 [ 36.569618] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.574547] __call_srcu+0x7f9/0x1070 [ 36.578349] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 36.583456] ? srcu_offline_cpu+0x120/0x120 [ 36.587779] ? debug_object_free+0x690/0x690 [ 36.592188] ? mark_held_locks+0x130/0x130 [ 36.596437] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 36.601021] ? lock_release+0x970/0x970 [ 36.604995] ? arch_local_save_flags+0x40/0x40 [ 36.609595] ? depot_save_stack+0x292/0x470 [ 36.613965] ? __lockdep_init_map+0x105/0x590 [ 36.618478] ? __init_waitqueue_head+0x9e/0x150 [ 36.623155] ? init_wait_entry+0x1c0/0x1c0 [ 36.627424] __synchronize_srcu+0x17b/0x230 [ 36.631776] ? call_srcu+0x10/0x10 [ 36.635328] ? rcu_unexpedite_gp+0x20/0x20 [ 36.639597] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.645143] ? check_preemption_disabled+0x48/0x200 [ 36.650178] synchronize_srcu+0x356/0x5ab [ 36.654341] ? lock_downgrade+0x900/0x900 [ 36.658487] ? synchronize_srcu_expedited+0x20/0x20 [ 36.663516] ? kasan_check_read+0x11/0x20 [ 36.667667] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.672253] ? kasan_check_write+0x14/0x20 [ 36.676493] ? do_raw_spin_lock+0xc1/0x200 [ 36.681148] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.686870] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.692339] ? kvfree+0x61/0x70 [ 36.695638] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.700769] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.704844] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.709252] ? kvm_arch_sync_events+0x30/0x30 [ 36.713746] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.719285] ? mmu_notifier_unregister+0x474/0x600 [ 36.724211] ? kfree+0x107/0x230 [ 36.727597] ? __mmu_notifier_register+0x30/0x30 [ 36.732354] ? __free_pages+0x10a/0x190 [ 36.736330] ? free_unref_page+0x960/0x960 [ 36.740583] kvm_put_kvm+0x6c8/0xff0 [ 36.744303] ? kvm_write_guest_cached+0x40/0x40 [ 36.748979] ? kvm_irqfd_release+0xd1/0x120 [ 36.753329] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.757819] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.762321] ? kasan_check_write+0x14/0x20 [ 36.766567] ? do_raw_spin_lock+0xc1/0x200 [ 36.770805] ? kvm_irqfd_release+0xdd/0x120 [ 36.775135] ? kvm_irqfd_release+0xdd/0x120 [ 36.779479] ? kvm_put_kvm+0xff0/0xff0 [ 36.783367] kvm_vm_release+0x42/0x50 [ 36.787169] __fput+0x385/0xa30 [ 36.790449] ? get_max_files+0x20/0x20 [ 36.794349] ? trace_hardirqs_on+0xbd/0x310 [ 36.798673] ? ___might_sleep+0x1ed/0x300 [ 36.802818] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.808268] ? arch_local_save_flags+0x40/0x40 [ 36.812864] ? kasan_check_write+0x14/0x20 [ 36.817121] ? do_raw_spin_lock+0xc1/0x200 [ 36.821378] ____fput+0x15/0x20 [ 36.824679] task_work_run+0x1e8/0x2a0 [ 36.828593] ? task_work_cancel+0x240/0x240 [ 36.832916] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.838463] ? switch_task_namespaces+0x9d/0xd0 [ 36.843145] do_exit+0x1ad7/0x2610 [ 36.846690] ? mm_update_next_owner+0x990/0x990 [ 36.851361] ? mark_held_locks+0x130/0x130 [ 36.855604] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 36.859847] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.864868] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 36.869109] ? pud_val+0x88/0x100 [ 36.872573] ? is_bpf_text_address+0xd3/0x170 [ 36.877077] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.882632] ? __handle_mm_fault+0x9ab/0x53e0 [ 36.887132] ? unwind_get_return_address+0x61/0xa0 [ 36.892070] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 36.896910] ? graph_lock+0x170/0x170 [ 36.900733] ? print_usage_bug+0xc0/0xc0 [ 36.904796] ? graph_lock+0x170/0x170 [ 36.908591] ? graph_lock+0x170/0x170 [ 36.912413] ? graph_lock+0x170/0x170 [ 36.916215] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 36.921230] ? __fget_light+0x2e9/0x430 [ 36.925205] ? fget_raw+0x20/0x20 [ 36.928655] ? find_held_lock+0x36/0x1c0 [ 36.932736] ? __do_page_fault+0x6c1/0xed0 [ 36.936972] ? lock_downgrade+0x900/0x900 [ 36.941135] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.946689] ? sockfd_lookup_light+0xc5/0x160 [ 36.951187] ? __sys_sendmsg+0x1b2/0x280 [ 36.955251] ? __ia32_sys_shutdown+0x80/0x80 [ 36.959668] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.965237] do_group_exit+0x177/0x440 [ 36.969158] ? trace_hardirqs_on+0xbd/0x310 [ 36.973480] ? __ia32_sys_exit+0x50/0x50 [ 36.977545] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.982992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.988527] __x64_sys_exit_group+0x3e/0x50 [ 36.992847] do_syscall_64+0x1b9/0x820 [ 36.996734] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.002101] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.007039] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.011910] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.016940] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.021976] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.026989] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.031834] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.037035] RIP: 0033:0x43ef78 [ 37.040251] Code: Bad RIP value. [ 37.043613] RSP: 002b:00007ffc1265dab8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.051320] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef78 [ 37.058584] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.065854] RBP: 00000000004be828 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.073121] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.080418] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 37.087691] [ 37.089333] Allocated by task 5364: [ 37.092965] save_stack+0x43/0xd0 [ 37.096418] kasan_kmalloc+0xc7/0xe0 [ 37.100137] kasan_slab_alloc+0x12/0x20 [ 37.104113] kmem_cache_alloc+0x12e/0x730 [ 37.108268] vmx_create_vcpu+0xcf/0x25e0 [ 37.112323] kvm_arch_vcpu_create+0xe5/0x220 [ 37.116729] kvm_vm_ioctl+0x470/0x1d40 [ 37.120613] do_vfs_ioctl+0x1de/0x1720 [ 37.124495] ksys_ioctl+0xa9/0xd0 [ 37.127956] __x64_sys_ioctl+0x73/0xb0 [ 37.131839] do_syscall_64+0x1b9/0x820 [ 37.135727] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.140906] [ 37.142528] Freed by task 5364: [ 37.145802] save_stack+0x43/0xd0 [ 37.149249] __kasan_slab_free+0x102/0x150 [ 37.153544] kasan_slab_free+0xe/0x10 [ 37.157345] kmem_cache_free+0x83/0x290 [ 37.161316] vmx_free_vcpu+0x26b/0x300 [ 37.165199] kvm_arch_destroy_vm+0x365/0x7c0 [ 37.169606] kvm_put_kvm+0x6c8/0xff0 [ 37.173362] kvm_vm_release+0x42/0x50 [ 37.177209] __fput+0x385/0xa30 [ 37.180536] ____fput+0x15/0x20 [ 37.183821] task_work_run+0x1e8/0x2a0 [ 37.187798] do_exit+0x1ad7/0x2610 [ 37.191336] do_group_exit+0x177/0x440 [ 37.195221] __x64_sys_exit_group+0x3e/0x50 [ 37.199541] do_syscall_64+0x1b9/0x820 [ 37.203427] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.208623] [ 37.210248] The buggy address belongs to the object at ffff8801bc2f0040 [ 37.210248] which belongs to the cache kvm_vcpu of size 23872 [ 37.222823] The buggy address is located 24 bytes inside of [ 37.222823] 23872-byte region [ffff8801bc2f0040, ffff8801bc2f5d80) [ 37.234782] The buggy address belongs to the page: [ 37.239713] page:ffffea0006f0bc00 count:1 mapcount:0 mapping:ffff8801d5ab36c0 index:0x0 compound_mapcount: 0 [ 37.249687] flags: 0x2fffc0000008100(slab|head) [ 37.255232] raw: 02fffc0000008100 ffff8801d5abaa48 ffff8801d5abaa48 ffff8801d5ab36c0 [ 37.263117] raw: 0000000000000000 ffff8801bc2f0040 0000000100000001 0000000000000000 [ 37.271000] page dumped because: kasan: bad access detected [ 37.276715] [ 37.278333] Memory state around the buggy address: [ 37.283259] ffff8801bc2eff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.290699] ffff8801bc2eff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.298053] >ffff8801bc2f0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 37.305410] ^ [ 37.311651] ffff8801bc2f0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.319006] ffff8801bc2f0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.326356] ================================================================== [ 37.333711] Kernel panic - not syncing: panic_on_warn set ... [ 37.333711] [ 37.341078] CPU: 0 PID: 5364 Comm: syz-executor474 Tainted: G B 4.19.0-rc3+ #231 [ 37.350015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.359363] Call Trace: [ 37.361972] dump_stack+0x1c4/0x2b4 [ 37.365613] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.370821] ? lock_downgrade+0x900/0x900 [ 37.374971] panic+0x238/0x4e7 [ 37.378161] ? add_taint.cold.5+0x16/0x16 [ 37.382316] ? print_shadow_for_address+0xb6/0x116 [ 37.387244] ? trace_hardirqs_off+0xaf/0x310 [ 37.391655] kasan_end_report+0x47/0x4f [ 37.395632] kasan_report.cold.9+0x76/0x309 [ 37.399957] ? __schedule+0xfc3/0x1ed0 [ 37.403872] __asan_report_load8_noabort+0x14/0x20 [ 37.408825] __schedule+0xfc3/0x1ed0 [ 37.412562] ? __sched_text_start+0x8/0x8 [ 37.416820] ? __lock_is_held+0xb5/0x140 [ 37.420894] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.426009] ? find_held_lock+0x36/0x1c0 [ 37.430093] ? __call_srcu+0x7f9/0x1070 [ 37.434076] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.439178] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.444281] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.448863] ? preempt_schedule+0x4d/0x60 [ 37.453013] preempt_schedule_common+0x1f/0xd0 [ 37.457595] preempt_schedule+0x4d/0x60 [ 37.461569] ___preempt_schedule+0x16/0x18 [ 37.465809] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.470738] __call_srcu+0x7f9/0x1070 [ 37.474540] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.479646] ? srcu_offline_cpu+0x120/0x120 [ 37.483970] ? debug_object_free+0x690/0x690 [ 37.488403] ? mark_held_locks+0x130/0x130 [ 37.492638] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.497221] ? lock_release+0x970/0x970 [ 37.501195] ? arch_local_save_flags+0x40/0x40 [ 37.505798] ? depot_save_stack+0x292/0x470 [ 37.510135] ? __lockdep_init_map+0x105/0x590 [ 37.514637] ? __init_waitqueue_head+0x9e/0x150 [ 37.519305] ? init_wait_entry+0x1c0/0x1c0 [ 37.523546] __synchronize_srcu+0x17b/0x230 [ 37.527865] ? call_srcu+0x10/0x10 [ 37.531411] ? rcu_unexpedite_gp+0x20/0x20 [ 37.535652] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.541274] ? check_preemption_disabled+0x48/0x200 [ 37.546293] synchronize_srcu+0x356/0x5ab [ 37.550447] ? lock_downgrade+0x900/0x900 [ 37.554599] ? synchronize_srcu_expedited+0x20/0x20 [ 37.559618] ? kasan_check_read+0x11/0x20 [ 37.563786] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.568393] ? kasan_check_write+0x14/0x20 [ 37.572935] ? do_raw_spin_lock+0xc1/0x200 [ 37.577204] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.582922] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.588396] ? kvfree+0x61/0x70 [ 37.591675] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.596691] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.600755] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.605163] ? kvm_arch_sync_events+0x30/0x30 [ 37.609660] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.615197] ? mmu_notifier_unregister+0x474/0x600 [ 37.620144] ? kfree+0x107/0x230 [ 37.623510] ? __mmu_notifier_register+0x30/0x30 [ 37.628266] ? __free_pages+0x10a/0x190 [ 37.632240] ? free_unref_page+0x960/0x960 [ 37.636495] kvm_put_kvm+0x6c8/0xff0 [ 37.640216] ? kvm_write_guest_cached+0x40/0x40 [ 37.644890] ? kvm_irqfd_release+0xd1/0x120 [ 37.649227] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.653763] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.658286] ? kasan_check_write+0x14/0x20 [ 37.662526] ? do_raw_spin_lock+0xc1/0x200 [ 37.666762] ? kvm_irqfd_release+0xdd/0x120 [ 37.671085] ? kvm_irqfd_release+0xdd/0x120 [ 37.676369] ? kvm_put_kvm+0xff0/0xff0 [ 37.680265] kvm_vm_release+0x42/0x50 [ 37.684066] __fput+0x385/0xa30 [ 37.687367] ? get_max_files+0x20/0x20 [ 37.691262] ? trace_hardirqs_on+0xbd/0x310 [ 37.695610] ? ___might_sleep+0x1ed/0x300 [ 37.699757] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.705204] ? arch_local_save_flags+0x40/0x40 [ 37.709799] ? kasan_check_write+0x14/0x20 [ 37.714035] ? do_raw_spin_lock+0xc1/0x200 [ 37.718274] ____fput+0x15/0x20 [ 37.721552] task_work_run+0x1e8/0x2a0 [ 37.725467] ? task_work_cancel+0x240/0x240 [ 37.729798] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.735357] ? switch_task_namespaces+0x9d/0xd0 [ 37.740050] do_exit+0x1ad7/0x2610 [ 37.743596] ? mm_update_next_owner+0x990/0x990 [ 37.748278] ? mark_held_locks+0x130/0x130 [ 37.752511] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 37.756744] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.761777] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 37.766013] ? pud_val+0x88/0x100 [ 37.769468] ? is_bpf_text_address+0xd3/0x170 [ 37.773968] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.779503] ? __handle_mm_fault+0x9ab/0x53e0 [ 37.783998] ? unwind_get_return_address+0x61/0xa0 [ 37.788935] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 37.793795] ? graph_lock+0x170/0x170 [ 37.797598] ? print_usage_bug+0xc0/0xc0 [ 37.801658] ? graph_lock+0x170/0x170 [ 37.805474] ? graph_lock+0x170/0x170 [ 37.809287] ? graph_lock+0x170/0x170 [ 37.813091] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 37.818107] ? __fget_light+0x2e9/0x430 [ 37.822108] ? fget_raw+0x20/0x20 [ 37.825573] ? find_held_lock+0x36/0x1c0 [ 37.829640] ? __do_page_fault+0x6c1/0xed0 [ 37.833875] ? lock_downgrade+0x900/0x900 [ 37.838030] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.843592] ? sockfd_lookup_light+0xc5/0x160 [ 37.848088] ? __sys_sendmsg+0x1b2/0x280 [ 37.852168] ? __ia32_sys_shutdown+0x80/0x80 [ 37.856580] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.862119] do_group_exit+0x177/0x440 [ 37.866040] ? trace_hardirqs_on+0xbd/0x310 [ 37.870360] ? __ia32_sys_exit+0x50/0x50 [ 37.874441] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.879898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.885454] __x64_sys_exit_group+0x3e/0x50 [ 37.889775] do_syscall_64+0x1b9/0x820 [ 37.893661] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.899049] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.903975] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.908816] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.913831] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.918849] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.923867] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.928718] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.933906] RIP: 0033:0x43ef78 [ 37.937116] Code: Bad RIP value. [ 37.940497] RSP: 002b:00007ffc1265dab8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.948216] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef78 [ 37.955485] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.962750] RBP: 00000000004be828 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.970030] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.977294] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 37.984587] [ 37.984593] ====================================================== [ 37.984598] WARNING: possible circular locking dependency detected [ 37.984603] 4.19.0-rc3+ #231 Not tainted [ 37.984608] ------------------------------------------------------ [ 37.984613] syz-executor474/5364 is trying to acquire lock: [ 37.984617] 0000000018d3d2e3 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70 [ 37.984633] [ 37.984637] but task is already holding lock: [ 37.984641] 0000000024393d03 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 37.984656] [ 37.984661] which lock already depends on the new lock. [ 37.984663] [ 37.984666] [ 37.984671] the existing dependency chain (in reverse order) is: [ 37.984674] [ 37.984676] -> #3 (report_lock){....}: [ 37.984692] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.984696] kasan_report+0x8b/0x110 [ 37.984700] __asan_report_load8_noabort+0x14/0x20 [ 37.984705] __schedule+0xfc3/0x1ed0 [ 37.984709] preempt_schedule_common+0x1f/0xd0 [ 37.984713] preempt_schedule+0x4d/0x60 [ 37.984718] ___preempt_schedule+0x16/0x18 [ 37.984723] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.984727] __call_srcu+0x7f9/0x1070 [ 37.984731] __synchronize_srcu+0x17b/0x230 [ 37.984735] synchronize_srcu+0x356/0x5ab [ 37.984741] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.984745] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.984749] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.984753] kvm_put_kvm+0x6c8/0xff0 [ 37.984757] kvm_vm_release+0x42/0x50 [ 37.984761] __fput+0x385/0xa30 [ 37.984765] ____fput+0x15/0x20 [ 37.984769] task_work_run+0x1e8/0x2a0 [ 37.984773] do_exit+0x1ad7/0x2610 [ 37.984777] do_group_exit+0x177/0x440 [ 37.984782] __x64_sys_exit_group+0x3e/0x50 [ 37.984786] do_syscall_64+0x1b9/0x820 [ 37.984791] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.984793] [ 37.984795] -> #2 (&rq->lock){-.-.}: [ 37.984810] _raw_spin_lock+0x2d/0x40 [ 37.984815] task_fork_fair+0xb0/0x6d0 [ 37.984819] sched_fork+0x443/0xba0 [ 37.984823] copy_process+0x2586/0x8780 [ 37.984827] _do_fork+0x1cb/0x11d0 [ 37.984831] kernel_thread+0x34/0x40 [ 37.984835] rest_init+0x22/0xe5 [ 37.984839] start_kernel+0x8f4/0x92f [ 37.984858] x86_64_start_reservations+0x29/0x2b [ 37.984862] x86_64_start_kernel+0x76/0x79 [ 37.984880] secondary_startup_64+0xa4/0xb0 [ 37.984882] [ 37.984884] -> #1 (&p->pi_lock){-.-.}: [ 37.984898] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.984902] try_to_wake_up+0xd2/0x12f0 [ 37.984906] wake_up_process+0x10/0x20 [ 37.984910] __up.isra.1+0x1c0/0x2a0 [ 37.984913] up+0x13c/0x1c0 [ 37.984917] __up_console_sem+0xbe/0x1b0 [ 37.984921] console_unlock+0x524/0x11a0 [ 37.984924] vprintk_emit+0x33d/0x930 [ 37.984928] vprintk_default+0x28/0x30 [ 37.984932] vprintk_func+0x7e/0x181 [ 37.984935] printk+0xa7/0xcf [ 37.984939] load_umh+0x51/0xbd [ 37.984943] do_one_initcall+0x145/0x957 [ 37.984947] kernel_init_freeable+0x4bb/0x5ae [ 37.984950] kernel_init+0x11/0x1b2 [ 37.984954] ret_from_fork+0x3a/0x50 [ 37.984956] [ 37.984958] -> #0 ((console_sem).lock){-.-.}: [ 37.984972] lock_acquire+0x1ed/0x520 [ 37.984976] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.984980] down_trylock+0x13/0x70 [ 37.984984] __down_trylock_console_sem+0xae/0x200 [ 37.984988] console_trylock+0x15/0xa0 [ 37.984992] vprintk_emit+0x322/0x930 [ 37.984996] vprintk_default+0x28/0x30 [ 37.984999] vprintk_func+0x7e/0x181 [ 37.985002] printk+0xa7/0xcf [ 37.985006] kasan_report+0x9b/0x110 [ 37.985010] __asan_report_load8_noabort+0x14/0x20 [ 37.985014] __schedule+0xfc3/0x1ed0 [ 37.985018] preempt_schedule_common+0x1f/0xd0 [ 37.985022] preempt_schedule+0x4d/0x60 [ 37.985026] ___preempt_schedule+0x16/0x18 [ 37.985030] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.985034] __call_srcu+0x7f9/0x1070 [ 37.985038] __synchronize_srcu+0x17b/0x230 [ 37.985042] synchronize_srcu+0x356/0x5ab [ 37.985047] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.985051] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.985055] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.985058] kvm_put_kvm+0x6c8/0xff0 [ 37.985062] kvm_vm_release+0x42/0x50 [ 37.985065] __fput+0x385/0xa30 [ 37.985069] ____fput+0x15/0x20 [ 37.985073] task_work_run+0x1e8/0x2a0 [ 37.985076] do_exit+0x1ad7/0x2610 [ 37.985080] do_group_exit+0x177/0x440 [ 37.985084] __x64_sys_exit_group+0x3e/0x50 [ 37.985088] do_syscall_64+0x1b9/0x820 [ 37.985092] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.985094] [ 37.985099] other info that might help us debug this: [ 37.985101] [ 37.985104] Chain exists of: [ 37.985106] (console_sem).lock --> &rq->lock --> report_lock [ 37.985132] [ 37.985136] Possible unsafe locking scenario: [ 37.985138] [ 37.985142] CPU0 CPU1 [ 37.985146] ---- ---- [ 37.985149] lock(report_lock); [ 37.985158] lock(&rq->lock); [ 37.985167] lock(report_lock); [ 37.985186] lock((console_sem).lock); [ 37.985194] [ 37.985198] *** DEADLOCK *** [ 37.985200] [ 37.985204] 2 locks held by syz-executor474/5364: [ 37.985207] #0: 000000001b04060d (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 37.985235] #1: 0000000024393d03 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 37.985265] [ 37.985269] stack backtrace: [ 37.985275] CPU: 0 PID: 5364 Comm: syz-executor474 Not tainted 4.19.0-rc3+ #231 [ 37.985283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.985286] Call Trace: [ 37.985290] dump_stack+0x1c4/0x2b4 [ 37.985295] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.985299] ? vprintk_func+0x85/0x181 [ 37.985305] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 37.985309] ? save_trace+0xe0/0x290 [ 37.985313] __lock_acquire+0x33e4/0x4ec0 [ 37.985318] ? mark_held_locks+0x130/0x130 [ 37.985322] ? mark_held_locks+0x130/0x130 [ 37.985326] ? rcu_bh_qs+0xc0/0xc0 [ 37.985330] ? unwind_dump+0x190/0x190 [ 37.985335] ? is_bpf_text_address+0xd3/0x170 [ 37.985339] ? kernel_text_address+0x79/0xf0 [ 37.985344] ? __kernel_text_address+0xd/0x40 [ 37.985348] ? __save_stack_trace+0x8d/0xf0 [ 37.985353] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 37.985357] ? save_trace+0x290/0x290 [ 37.985362] ? save_stack_trace+0x1a/0x20 [ 37.985366] ? save_trace+0xe0/0x290 [ 37.985370] ? kasan_check_read+0x11/0x20 [ 37.985374] ? graph_lock+0x170/0x170 [ 37.985379] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.985384] lock_acquire+0x1ed/0x520 [ 37.985394] ? down_trylock+0x13/0x70 [ 37.985398] ? find_held_lock+0x36/0x1c0 [ 37.985402] ? lock_release+0x970/0x970 [ 37.985407] ? trace_hardirqs_off+0xb8/0x310 [ 37.985411] ? vprintk_emit+0x1d3/0x930 [ 37.985416] ? trace_hardirqs_on+0x310/0x310 [ 37.985420] ? trace_hardirqs_off+0xb8/0x310 [ 37.985424] ? log_store+0x344/0x4c0 [ 37.985429] ? vprintk_emit+0x322/0x930 [ 37.985433] _raw_spin_lock_irqsave+0x99/0xd0 [ 37.985437] ? down_trylock+0x13/0x70 [ 37.985441] down_trylock+0x13/0x70 [ 37.985458] __down_trylock_console_sem+0xae/0x200 [ 37.985462] console_trylock+0x15/0xa0 [ 37.985466] vprintk_emit+0x322/0x930 [ 37.985470] ? wake_up_klogd+0x180/0x180 [ 37.985475] ? run_rebalance_domains+0x500/0x500 [ 37.985479] ? wake_up_worker+0x117/0x190 [ 37.985483] ? find_held_lock+0x36/0x1c0 [ 37.985487] ? __queue_work+0x6be/0x1440 [ 37.985491] ? lock_acquire+0x1ed/0x520 [ 37.985496] vprintk_default+0x28/0x30 [ 37.985499] vprintk_func+0x7e/0x181 [ 37.985503] printk+0xa7/0xcf [ 37.985508] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.985512] ? kasan_check_write+0x14/0x20 [ 37.985516] ? do_raw_spin_lock+0xc1/0x200 [ 37.985520] ? do_raw_spin_lock+0xc1/0x200 [ 37.985524] kasan_report+0x9b/0x110 [ 37.985542] ? __schedule+0xfc3/0x1ed0 [ 37.985546] __asan_report_load8_noabort+0x14/0x20 [ 37.985550] __schedule+0xfc3/0x1ed0 [ 37.985566] ? __sched_text_start+0x8/0x8 [ 37.985569] ? __lock_is_held+0xb5/0x140 [ 37.985586] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.985590] ? find_held_lock+0x36/0x1c0 [ 37.985594] ? __call_srcu+0x7f9/0x1070 [ 37.985611] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.985616] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.985620] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.985625] ? preempt_schedule+0x4d/0x60 [ 37.985630] preempt_schedule_common+0x1f/0xd0 [ 37.985634] preempt_schedule+0x4d/0x60 [ 37.985638] ___preempt_schedule+0x16/0x18 [ 37.985643] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.985647] __call_srcu+0x7f9/0x1070 [ 37.985652] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.985657] ? srcu_offline_cpu+0x120/0x120 [ 37.985661] ? debug_object_free+0x690/0x690 [ 37.985666] ? mark_held_locks+0x130/0x130 [ 37.985670] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.985675] ? lock_release+0x970/0x970 [ 37.985679] ? arch_local_save_flags+0x40/0x40 [ 37.985684] ? depot_save_stack+0x292/0x470 [ 37.985700] ? __lockdep_init_map+0x105/0x590 [ 37.985705] ? __init_waitqueue_head+0x9e/0x150 [ 37.985721] ? init_wait_entry+0x1c0/0x1c0 [ 37.985725] __synchronize_srcu+0x17b/0x230 [ 37.985729] ? call_srcu+0x10/0x10 [ 37.985733] ? rcu_unexpedite_gp+0x20/0x20 [ 37.985739] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.985743] ? check_preemption_disabled+0x48/0x200 [ 37.985748] synchronize_srcu+0x356/0x5ab [ 37.985752] ? lock_downgrade+0x900/0x900 [ 37.985757] ? synchronize_srcu_expedited+0x20/0x20 [ 37.985761] ? kasan_check_read+0x11/0x20 [ 37.985766] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.985770] ? kasan_check_write+0x14/0x20 [ 37.985775] ? do_raw_spin_lock+0xc1/0x200 [ 37.985780] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.985785] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.985789] ? kvfree+0x61/0x70 [ 37.985794] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.985798] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.985803] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.985807] ? kvm_arch_sync_events+0x30/0x30 [ 37.985812] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.985817] ? mmu_notifier_unregister+0x474/0x600 [ 37.985821] ? kfree+0x107/0x230 [ 37.985826] ? __mmu_notifier_register+0x30/0x30 [ 37.985830] ? __free_pages+0x10a/0x190 [ 37.985834] ? free_unref_page+0x960/0x960 [ 37.985839] kvm_put_kvm+0x6c8/0xff0 [ 37.985843] ? kvm_write_guest_cached+0x40/0x40 [ 37.985848] ? kvm_irqfd_release+0xd1/0x120 [ 37.985852] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.985857] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.985861] ? kasan_check_write+0x14/0x20 [ 37.985865] ? do_raw_spin_lock+0xc1/0x200 [ 37.985869] ? kvm_irqfd_release+0x [ 37.985877] Lost 68 message(s)! [ 39.133223] Shutting down cpus with NMI [ 40.191965] Dumping ftrace buffer: [ 40.195490] (ftrace buffer empty) [ 40.199689] Kernel Offset: disabled [ 40.203313] Rebooting in 86400 seconds..