[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.971974] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.623908] random: sshd: uninitialized urandom read (32 bytes read) [ 24.920614] random: sshd: uninitialized urandom read (32 bytes read) [ 25.486631] random: sshd: uninitialized urandom read (32 bytes read) [ 25.662764] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts. [ 31.315438] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 31.418914] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 31.443595] ================================================================== [ 31.453410] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 31.459635] Read of size 8 at addr ffff8801b7c38058 by task syz-executor778/4660 [ 31.467152] [ 31.468779] CPU: 1 PID: 4660 Comm: syz-executor778 Not tainted 4.19.0-rc2+ #225 [ 31.476214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.485555] Call Trace: [ 31.488147] dump_stack+0x1c9/0x2b4 [ 31.491780] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.496964] ? printk+0xa7/0xcf [ 31.500241] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 31.505001] ? __schedule+0xf54/0x1df0 [ 31.508890] print_address_description+0x6c/0x20b [ 31.513737] ? __schedule+0xf54/0x1df0 [ 31.517626] kasan_report.cold.7+0x242/0x30d [ 31.522034] __asan_report_load8_noabort+0x14/0x20 [ 31.526960] __schedule+0xf54/0x1df0 [ 31.530698] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.535827] ? __sched_text_start+0x8/0x8 [ 31.539976] ? __call_srcu+0x7e7/0x1040 [ 31.543965] ? check_same_owner+0x340/0x340 [ 31.548281] ? mark_held_locks+0x160/0x160 [ 31.552511] ? find_held_lock+0x36/0x1c0 [ 31.556574] preempt_schedule_common+0x22/0x60 [ 31.561153] _cond_resched+0x1d/0x30 [ 31.564864] wait_for_completion+0xa5/0x8d0 [ 31.569184] ? wait_for_completion_interruptible+0x950/0x950 [ 31.574980] ? __lockdep_init_map+0x105/0x590 [ 31.579490] ? __init_waitqueue_head+0x9e/0x150 [ 31.584158] ? init_wait_entry+0x1c0/0x1c0 [ 31.588395] __synchronize_srcu+0x189/0x240 [ 31.592724] ? call_srcu+0x10/0x10 [ 31.596269] ? rcu_unexpedite_gp+0x20/0x20 [ 31.600508] synchronize_srcu+0x335/0x56f [ 31.604655] ? lock_downgrade+0x8f0/0x8f0 [ 31.608803] ? synchronize_srcu_expedited+0x20/0x20 [ 31.613818] ? kasan_check_read+0x11/0x20 [ 31.617965] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 31.622543] ? kasan_check_write+0x14/0x20 [ 31.626776] ? do_raw_spin_lock+0xc1/0x200 [ 31.631016] kvm_page_track_unregister_notifier+0x17d/0x250 [ 31.636734] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 31.642185] ? kvfree+0x61/0x70 [ 31.645464] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.650481] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.654536] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 31.658941] ? kvm_arch_sync_events+0x30/0x30 [ 31.663437] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.668976] ? mmu_notifier_unregister+0x474/0x600 [ 31.673900] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.678304] ? kfree+0x111/0x210 [ 31.681667] ? __mmu_notifier_register+0x30/0x30 [ 31.686425] ? __free_pages+0x10a/0x190 [ 31.690399] ? free_unref_page+0x930/0x930 [ 31.694643] kvm_put_kvm+0x73f/0x1060 [ 31.698448] ? kvm_write_guest_cached+0x40/0x40 [ 31.703117] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.707608] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.712100] ? lockdep_hardirqs_on+0x421/0x5c0 [ 31.716684] ? kasan_check_write+0x14/0x20 [ 31.720913] ? do_raw_spin_lock+0xc1/0x200 [ 31.725149] ? kvm_irqfd_release+0xdd/0x120 [ 31.729464] ? kvm_irqfd_release+0xdd/0x120 [ 31.733785] ? kvm_put_kvm+0x1060/0x1060 [ 31.737842] kvm_vm_release+0x42/0x50 [ 31.741641] __fput+0x38a/0xa40 [ 31.744918] ? __alloc_file+0x400/0x400 [ 31.748894] ? check_same_owner+0x340/0x340 [ 31.753215] ? kasan_check_write+0x14/0x20 [ 31.757445] ? do_raw_spin_lock+0xc1/0x200 [ 31.761676] ____fput+0x15/0x20 [ 31.764955] task_work_run+0x1e8/0x2a0 [ 31.768839] ? task_work_cancel+0x240/0x240 [ 31.773163] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.778696] ? switch_task_namespaces+0xa2/0xd0 [ 31.783371] do_exit+0x1ae4/0x26e0 [ 31.786911] ? mm_update_next_owner+0x9a0/0x9a0 [ 31.791581] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 31.795815] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.800828] ? kfree+0x1d7/0x210 [ 31.804192] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 31.808425] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 31.814137] ? is_bpf_text_address+0xd7/0x170 [ 31.818626] ? kernel_text_address+0x79/0xf0 [ 31.823032] ? __kernel_text_address+0xd/0x40 [ 31.827524] ? unwind_get_return_address+0x61/0xa0 [ 31.832452] ? __save_stack_trace+0x8d/0xf0 [ 31.836777] ? save_stack+0xa9/0xd0 [ 31.840403] ? save_stack+0x43/0xd0 [ 31.844029] ? __kasan_slab_free+0x11a/0x170 [ 31.848433] ? kasan_slab_free+0xe/0x10 [ 31.852402] ? putname+0xf2/0x130 [ 31.855852] ? __x64_sys_openat+0x9d/0x100 [ 31.860086] ? do_syscall_64+0x1b9/0x820 [ 31.864143] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.869503] ? trace_hardirqs_off+0xb8/0x2c0 [ 31.873905] ? kasan_check_read+0x11/0x20 [ 31.878047] ? do_raw_spin_unlock+0xa7/0x2f0 [ 31.882453] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.886865] ? initcall_blacklisted+0x9a/0x1e0 [ 31.891446] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 31.896549] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 31.902266] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.907801] ? do_vfs_ioctl+0x201/0x1720 [ 31.911863] ? rcu_is_watching+0x8c/0x150 [ 31.916007] ? trace_hardirqs_on+0xbd/0x2c0 [ 31.920327] ? ioctl_preallocate+0x300/0x300 [ 31.924742] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.930284] ? __fget_light+0x2f7/0x440 [ 31.934265] ? fget_raw+0x20/0x20 [ 31.937711] ? putname+0xf2/0x130 [ 31.941172] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.946184] ? kmem_cache_free+0x246/0x280 [ 31.950417] ? putname+0xf7/0x130 [ 31.953871] do_group_exit+0x177/0x440 [ 31.957756] ? trace_hardirqs_on+0xbd/0x2c0 [ 31.962078] ? __ia32_sys_exit+0x50/0x50 [ 31.966133] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.971234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.976774] ? ksys_ioctl+0x81/0xd0 [ 31.980399] __x64_sys_exit_group+0x3e/0x50 [ 31.984726] do_syscall_64+0x1b9/0x820 [ 31.988616] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 31.993976] ? syscall_return_slowpath+0x5e0/0x5e0 [ 31.998904] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.003750] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 32.008764] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 32.013780] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.018801] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.023646] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.028838] RIP: 0033:0x43ef08 [ 32.032029] Code: Bad RIP value. [ 32.035391] RSP: 002b:00007ffd6455ebf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.043096] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 32.050362] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.057627] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.064890] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 32.072157] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 32.079432] [ 32.081052] Allocated by task 4660: [ 32.084680] save_stack+0x43/0xd0 [ 32.088126] kasan_kmalloc+0xc4/0xe0 [ 32.091837] kasan_slab_alloc+0x12/0x20 [ 32.095811] kmem_cache_alloc+0x12e/0x710 [ 32.099955] vmx_create_vcpu+0xcf/0x2830 [ 32.104009] kvm_arch_vcpu_create+0xe5/0x220 [ 32.108411] kvm_vm_ioctl+0x488/0x1d80 [ 32.112294] do_vfs_ioctl+0x1de/0x1720 [ 32.116175] ksys_ioctl+0xa9/0xd0 [ 32.119624] __x64_sys_ioctl+0x73/0xb0 [ 32.123507] do_syscall_64+0x1b9/0x820 [ 32.127390] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.132564] [ 32.134181] Freed by task 4660: [ 32.137454] save_stack+0x43/0xd0 [ 32.140899] __kasan_slab_free+0x11a/0x170 [ 32.145126] kasan_slab_free+0xe/0x10 [ 32.148925] kmem_cache_free+0x86/0x280 [ 32.153181] vmx_free_vcpu+0x26b/0x300 [ 32.157062] kvm_arch_destroy_vm+0x365/0x7c0 [ 32.161473] kvm_put_kvm+0x73f/0x1060 [ 32.165272] kvm_vm_release+0x42/0x50 [ 32.169069] __fput+0x38a/0xa40 [ 32.172343] ____fput+0x15/0x20 [ 32.175617] task_work_run+0x1e8/0x2a0 [ 32.179498] do_exit+0x1ae4/0x26e0 [ 32.183030] do_group_exit+0x177/0x440 [ 32.186913] __x64_sys_exit_group+0x3e/0x50 [ 32.191231] do_syscall_64+0x1b9/0x820 [ 32.195120] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.200296] [ 32.201923] The buggy address belongs to the object at ffff8801b7c38040 [ 32.201923] which belongs to the cache kvm_vcpu of size 23872 [ 32.214500] The buggy address is located 24 bytes inside of [ 32.214500] 23872-byte region [ffff8801b7c38040, ffff8801b7c3dd80) [ 32.226460] The buggy address belongs to the page: [ 32.231389] page:ffffea0006df0e00 count:1 mapcount:0 mapping:ffff8801d4a6fc00 index:0x0 compound_mapcount: 0 [ 32.241357] flags: 0x2fffc0000008100(slab|head) [ 32.246027] raw: 02fffc0000008100 ffff8801d5197448 ffff8801d5197448 ffff8801d4a6fc00 [ 32.253905] raw: 0000000000000000 ffff8801b7c38040 0000000100000001 0000000000000000 [ 32.261776] page dumped because: kasan: bad access detected [ 32.267489] [ 32.269105] Memory state around the buggy address: [ 32.274031] ffff8801b7c37f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.281830] ffff8801b7c37f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.289185] >ffff8801b7c38000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 32.296532] ^ [ 32.302753] ffff8801b7c38080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.310108] ffff8801b7c38100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.317454] ================================================================== [ 32.324808] Kernel panic - not syncing: panic_on_warn set ... [ 32.324808] [ 32.332170] CPU: 1 PID: 4660 Comm: syz-executor778 Tainted: G B 4.19.0-rc2+ #225 [ 32.341000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.350343] Call Trace: [ 32.352945] dump_stack+0x1c9/0x2b4 [ 32.356575] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.361767] ? lock_downgrade+0x8f0/0x8f0 [ 32.365914] ? __schedule+0xf54/0x1df0 [ 32.369801] panic+0x238/0x4e7 [ 32.372988] ? add_taint.cold.5+0x16/0x16 [ 32.377135] ? print_shadow_for_address+0xba/0x116 [ 32.382063] ? trace_hardirqs_off+0xaf/0x2c0 [ 32.386467] ? trace_hardirqs_off+0x77/0x2c0 [ 32.390878] ? __schedule+0xf54/0x1df0 [ 32.394763] kasan_end_report+0x47/0x4f [ 32.398740] kasan_report.cold.7+0x76/0x30d [ 32.403062] __asan_report_load8_noabort+0x14/0x20 [ 32.407987] __schedule+0xf54/0x1df0 [ 32.411695] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.416809] ? __sched_text_start+0x8/0x8 [ 32.420953] ? __call_srcu+0x7e7/0x1040 [ 32.424936] ? check_same_owner+0x340/0x340 [ 32.429259] ? mark_held_locks+0x160/0x160 [ 32.433491] ? find_held_lock+0x36/0x1c0 [ 32.437550] preempt_schedule_common+0x22/0x60 [ 32.442131] _cond_resched+0x1d/0x30 [ 32.445845] wait_for_completion+0xa5/0x8d0 [ 32.450170] ? wait_for_completion_interruptible+0x950/0x950 [ 32.455969] ? __lockdep_init_map+0x105/0x590 [ 32.460462] ? __init_waitqueue_head+0x9e/0x150 [ 32.465126] ? init_wait_entry+0x1c0/0x1c0 [ 32.469363] __synchronize_srcu+0x189/0x240 [ 32.473681] ? call_srcu+0x10/0x10 [ 32.477219] ? rcu_unexpedite_gp+0x20/0x20 [ 32.481460] synchronize_srcu+0x335/0x56f [ 32.485604] ? lock_downgrade+0x8f0/0x8f0 [ 32.489759] ? synchronize_srcu_expedited+0x20/0x20 [ 32.494779] ? kasan_check_read+0x11/0x20 [ 32.498924] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.503502] ? kasan_check_write+0x14/0x20 [ 32.507738] ? do_raw_spin_lock+0xc1/0x200 [ 32.511976] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.517688] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.523140] ? kvfree+0x61/0x70 [ 32.526419] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.531436] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.535497] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.540427] ? kvm_arch_sync_events+0x30/0x30 [ 32.544924] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.550458] ? mmu_notifier_unregister+0x474/0x600 [ 32.555382] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.559786] ? kfree+0x111/0x210 [ 32.563152] ? __mmu_notifier_register+0x30/0x30 [ 32.567911] ? __free_pages+0x10a/0x190 [ 32.571883] ? free_unref_page+0x930/0x930 [ 32.576127] kvm_put_kvm+0x73f/0x1060 [ 32.579930] ? kvm_write_guest_cached+0x40/0x40 [ 32.584597] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.589086] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.593580] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.598162] ? kasan_check_write+0x14/0x20 [ 32.602392] ? do_raw_spin_lock+0xc1/0x200 [ 32.606630] ? kvm_irqfd_release+0xdd/0x120 [ 32.610949] ? kvm_irqfd_release+0xdd/0x120 [ 32.615272] ? kvm_put_kvm+0x1060/0x1060 [ 32.619333] kvm_vm_release+0x42/0x50 [ 32.623128] __fput+0x38a/0xa40 [ 32.626406] ? __alloc_file+0x400/0x400 [ 32.630382] ? check_same_owner+0x340/0x340 [ 32.634697] ? kasan_check_write+0x14/0x20 [ 32.638935] ? do_raw_spin_lock+0xc1/0x200 [ 32.643168] ____fput+0x15/0x20 [ 32.646445] task_work_run+0x1e8/0x2a0 [ 32.650328] ? task_work_cancel+0x240/0x240 [ 32.654649] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.660184] ? switch_task_namespaces+0xa2/0xd0 [ 32.664850] do_exit+0x1ae4/0x26e0 [ 32.668391] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.673067] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.677304] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.682317] ? kfree+0x1d7/0x210 [ 32.685681] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.689918] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.695631] ? is_bpf_text_address+0xd7/0x170 [ 32.700126] ? kernel_text_address+0x79/0xf0 [ 32.704531] ? __kernel_text_address+0xd/0x40 [ 32.709025] ? unwind_get_return_address+0x61/0xa0 [ 32.713956] ? __save_stack_trace+0x8d/0xf0 [ 32.718284] ? save_stack+0xa9/0xd0 [ 32.721905] ? save_stack+0x43/0xd0 [ 32.725530] ? __kasan_slab_free+0x11a/0x170 [ 32.729936] ? kasan_slab_free+0xe/0x10 [ 32.733910] ? putname+0xf2/0x130 [ 32.737360] ? __x64_sys_openat+0x9d/0x100 [ 32.741589] ? do_syscall_64+0x1b9/0x820 [ 32.745647] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.751007] ? trace_hardirqs_off+0xb8/0x2c0 [ 32.755408] ? kasan_check_read+0x11/0x20 [ 32.759554] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.763955] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.768361] ? initcall_blacklisted+0x9a/0x1e0 [ 32.772945] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.778053] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.783766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.789301] ? do_vfs_ioctl+0x201/0x1720 [ 32.793361] ? rcu_is_watching+0x8c/0x150 [ 32.797502] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.801823] ? ioctl_preallocate+0x300/0x300 [ 32.806231] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.811769] ? __fget_light+0x2f7/0x440 [ 32.815745] ? fget_raw+0x20/0x20 [ 32.819193] ? putname+0xf2/0x130 [ 32.822643] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.827659] ? kmem_cache_free+0x246/0x280 [ 32.831892] ? putname+0xf7/0x130 [ 32.835347] do_group_exit+0x177/0x440 [ 32.839230] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.843550] ? __ia32_sys_exit+0x50/0x50 [ 32.847607] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.852707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.858249] ? ksys_ioctl+0x81/0xd0 [ 32.861879] __x64_sys_exit_group+0x3e/0x50 [ 32.866202] do_syscall_64+0x1b9/0x820 [ 32.870090] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.875464] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.880388] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.885225] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 32.890247] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 32.895268] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.900289] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.905132] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.910316] RIP: 0033:0x43ef08 [ 32.913507] Code: Bad RIP value. [ 32.916868] RSP: 002b:00007ffd6455ebf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.924576] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 32.931841] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.939106] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.946371] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 32.953635] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 32.960920] [ 32.960926] ====================================================== [ 32.960931] WARNING: possible circular locking dependency detected [ 32.960935] 4.19.0-rc2+ #225 Not tainted [ 32.960941] ------------------------------------------------------ [ 32.960946] syz-executor778/4660 is trying to acquire lock: [ 32.960949] 000000001d00bd4d ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 32.960964] [ 32.960968] but task is already holding lock: [ 32.960971] 00000000f772f694 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 32.960986] [ 32.960990] which lock already depends on the new lock. [ 32.960992] [ 32.960995] [ 32.961000] the existing dependency chain (in reverse order) is: [ 32.961002] [ 32.961005] -> #3 (report_lock){....}: [ 32.961019] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.961023] kasan_report+0x8e/0x110 [ 32.961028] __asan_report_load8_noabort+0x14/0x20 [ 32.961031] __schedule+0xf54/0x1df0 [ 32.961036] preempt_schedule_common+0x22/0x60 [ 32.961040] _cond_resched+0x1d/0x30 [ 32.961044] wait_for_completion+0xa5/0x8d0 [ 32.961048] __synchronize_srcu+0x189/0x240 [ 32.961052] synchronize_srcu+0x335/0x56f [ 32.961057] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.961061] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.961066] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.961070] kvm_put_kvm+0x73f/0x1060 [ 32.961073] kvm_vm_release+0x42/0x50 [ 32.961077] __fput+0x38a/0xa40 [ 32.961080] ____fput+0x15/0x20 [ 32.961084] task_work_run+0x1e8/0x2a0 [ 32.961088] do_exit+0x1ae4/0x26e0 [ 32.961092] do_group_exit+0x177/0x440 [ 32.961096] __x64_sys_exit_group+0x3e/0x50 [ 32.961100] do_syscall_64+0x1b9/0x820 [ 32.961105] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.961107] [ 32.961109] -> #2 (&rq->lock){-.-.}: [ 32.961123] _raw_spin_lock+0x2a/0x40 [ 32.961127] task_fork_fair+0x93/0x680 [ 32.961131] sched_fork+0x44b/0xbd0 [ 32.961135] copy_process+0x235e/0x7af0 [ 32.961139] _do_fork+0x1ca/0x1170 [ 32.961142] kernel_thread+0x34/0x40 [ 32.961146] rest_init+0x22/0xe4 [ 32.961150] start_kernel+0x913/0x94e [ 32.961154] x86_64_start_reservations+0x29/0x2b [ 32.961158] x86_64_start_kernel+0x76/0x79 [ 32.961163] secondary_startup_64+0xa4/0xb0 [ 32.961165] [ 32.961167] -> #1 (&p->pi_lock){-.-.}: [ 32.961181] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.961186] try_to_wake_up+0xd2/0x1250 [ 32.961190] wake_up_process+0x10/0x20 [ 32.961193] __up.isra.1+0x1c0/0x2a0 [ 32.961197] up+0x13c/0x1c0 [ 32.961201] __up_console_sem+0xbe/0x1b0 [ 32.961205] console_unlock+0x506/0x10e0 [ 32.961209] vprintk_emit+0x33a/0x910 [ 32.961212] vprintk_default+0x28/0x30 [ 32.961216] vprintk_func+0x7a/0x117 [ 32.961220] printk+0xa7/0xcf [ 32.961223] load_umh+0x51/0xbd [ 32.961227] do_one_initcall+0x127/0x838 [ 32.961232] kernel_init_freeable+0x4bb/0x5ae [ 32.961235] kernel_init+0x11/0x1b3 [ 32.961239] ret_from_fork+0x3a/0x50 [ 32.961241] [ 32.961244] -> #0 ((console_sem).lock){-...}: [ 32.961263] lock_acquire+0x1e4/0x4f0 [ 32.961268] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.961272] down_trylock+0x13/0x70 [ 32.961276] __down_trylock_console_sem+0xae/0x200 [ 32.961280] console_trylock+0x15/0xa0 [ 32.961284] vprintk_emit+0x31f/0x910 [ 32.961288] vprintk_default+0x28/0x30 [ 32.961292] vprintk_func+0x7a/0x117 [ 32.961295] printk+0xa7/0xcf [ 32.961299] kasan_report+0x9e/0x110 [ 32.961304] __asan_report_load8_noabort+0x14/0x20 [ 32.961307] __schedule+0xf54/0x1df0 [ 32.961312] preempt_schedule_common+0x22/0x60 [ 32.961316] _cond_resched+0x1d/0x30 [ 32.961320] wait_for_completion+0xa5/0x8d0 [ 32.961324] __synchronize_srcu+0x189/0x240 [ 32.961328] synchronize_srcu+0x335/0x56f [ 32.961333] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.961337] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.961342] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.961346] kvm_put_kvm+0x73f/0x1060 [ 32.961349] kvm_vm_release+0x42/0x50 [ 32.961353] __fput+0x38a/0xa40 [ 32.961357] ____fput+0x15/0x20 [ 32.961360] task_work_run+0x1e8/0x2a0 [ 32.961364] do_exit+0x1ae4/0x26e0 [ 32.961368] do_group_exit+0x177/0x440 [ 32.961372] __x64_sys_exit_group+0x3e/0x50 [ 32.961376] do_syscall_64+0x1b9/0x820 [ 32.961381] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.961383] [ 32.961388] other info that might help us debug this: [ 32.961390] [ 32.961393] Chain exists of: [ 32.961395] (console_sem).lock --> &rq->lock --> report_lock [ 32.961413] [ 32.961417] Possible unsafe locking scenario: [ 32.961420] [ 32.961424] CPU0 CPU1 [ 32.961428] ---- ---- [ 32.961430] lock(report_lock); [ 32.961440] lock(&rq->lock); [ 32.961449] lock(report_lock); [ 32.961457] lock((console_sem).lock); [ 32.961465] [ 32.961468] *** DEADLOCK *** [ 32.961470] [ 32.961474] 2 locks held by syz-executor778/4660: [ 32.961477] #0: 000000005547431f (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 32.961494] #1: 00000000f772f694 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 32.961510] [ 32.961513] stack backtrace: [ 32.961519] CPU: 1 PID: 4660 Comm: syz-executor778 Not tainted 4.19.0-rc2+ #225 [ 32.961527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.961530] Call Trace: [ 32.961533] dump_stack+0x1c9/0x2b4 [ 32.961538] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.961542] ? vprintk_func+0x100/0x117 [ 32.961547] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 32.961551] ? save_trace+0xe0/0x290 [ 32.961555] __lock_acquire+0x3449/0x5020 [ 32.961559] ? mark_held_locks+0x160/0x160 [ 32.961563] ? mark_held_locks+0x160/0x160 [ 32.961567] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 32.961572] ? is_bpf_text_address+0xd7/0x170 [ 32.961576] ? kernel_text_address+0x79/0xf0 [ 32.961580] ? __kernel_text_address+0xd/0x40 [ 32.961584] ? __save_stack_trace+0x8d/0xf0 [ 32.961589] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 32.961592] ? save_trace+0x290/0x290 [ 32.961596] ? save_stack_trace+0x1a/0x20 [ 32.961600] ? save_trace+0xe0/0x290 [ 32.961604] ? graph_lock+0x170/0x170 [ 32.961609] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.961613] lock_acquire+0x1e4/0x4f0 [ 32.961616] ? down_trylock+0x13/0x70 [ 32.961620] ? lock_release+0x9f0/0x9f0 [ 32.961625] ? trace_hardirqs_off+0xb8/0x2c0 [ 32.961629] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.961633] ? trace_hardirqs_off+0xb8/0x2c0 [ 32.961637] ? log_store+0x34f/0x4c0 [ 32.961641] ? vprintk_emit+0x31f/0x910 [ 32.961645] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.961649] ? down_trylock+0x13/0x70 [ 32.961652] down_trylock+0x13/0x70 [ 32.961657] __down_trylock_console_sem+0xae/0x200 [ 32.961661] console_trylock+0x15/0xa0 [ 32.961664] vprintk_emit+0x31f/0x910 [ 32.961668] ? wake_up_klogd+0x110/0x110 [ 32.961673] ? run_rebalance_domains+0x4c0/0x4c0 [ 32.961677] ? kasan_check_read+0x11/0x20 [ 32.961681] ? rcu_is_watching+0x8c/0x150 [ 32.961685] ? rcu_pm_notify+0xc0/0xc0 [ 32.961689] ? lock_acquire+0x1e4/0x4f0 [ 32.961692] ? kasan_report+0x8e/0x110 [ 32.961696] ? __schedule+0xf54/0x1df0 [ 32.961700] vprintk_default+0x28/0x30 [ 32.961704] vprintk_func+0x7a/0x117 [ 32.961707] printk+0xa7/0xcf [ 32.961712] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.961716] ? kasan_check_write+0x14/0x20 [ 32.961728] ? do_raw_spin_lock+0xc1/0x200 [ 32.961732] ? do_raw_spin_lock+0xc1/0x200 [ 32.961736] kasan_report+0x9e/0x110 [ 32.961740] __asan_report_load8_noabort+0x14/0x20 [ 32.961744] __schedule+0xf54/0x1df0 [ 32.961749] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.961752] ? __sched_text_start+0x8/0x8 [ 32.961756] ? __call_srcu+0x7e7/0x1040 [ 32.961761] ? check_same_owner+0x340/0x340 [ 32.961765] ? mark_held_locks+0x160/0x160 [ 32.961769] ? find_held_lock+0x36/0x1c0 [ 32.961773] preempt_schedule_common+0x22/0x60 [ 32.961777] _cond_resched+0x1d/0x30 [ 32.961781] wait_for_completion+0xa5/0x8d0 [ 32.961786] ? wait_for_completion_interruptible+0x950/0x950 [ 32.961790] ? __lockdep_init_map+0x105/0x590 [ 32.961794] ? __init_waitqueue_head+0x9e/0x150 [ 32.961798] ? init_wait_entry+0x1c0/0x1c0 [ 32.961803] __synchronize_srcu+0x189/0x240 [ 32.961806] ? call_srcu+0x10/0x10 [ 32.961810] ? rcu_unexpedite_gp+0x20/0x20 [ 32.961814] synchronize_srcu+0x335/0x56f [ 32.961818] ? lock_downgrade+0x8f0/0x8f0 [ 32.961823] ? synchronize_srcu_expedited+0x20/0x20 [ 32.961827] ? kasan_check_read+0x11/0x20 [ 32.961831] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.961835] ? kasan_check_write+0x14/0x20 [ 32.961839] ? do_raw_spin_lock+0xc1/0x200 [ 32.961844] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.961849] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.961853] ? kvfree+0x61/0x70 [ 32.961857] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.961861] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.961865] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.961870] ? kvm_arch_sync_events+0x30/0x30 [ 32.961874] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.961879] ? mmu_notifier_unregister+0x474/0x600 [ 32.961883] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.961887] ? kfree+0x111/0x210 [ 32.961891] ? __mmu_notifier_register+0x30/0x30 [ 32.961895] ? __free_pages+0x10a/0x190 [ 32.961899] ? free_unref_page+0x930/0x930 [ 32.961903] kvm_put_kvm+0x73f/0x1060 [ 32.961907] ? kvm_write_guest_cached+0x40/0x40 [ 32.961911] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.961915] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.961920] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.961924] ? kasan_check_write+0x14/0x20 [ 32.961928] ? do_raw_spin_lock+0xc1/0x200 [ 32.961932] ? kvm_irqfd_release+0xdd/0x120 [ 32.961936] ? kvm_irqfd_release+0xdd/0x120 [ 32.961940] ? kvm_put_kvm+0x1060/0x1060 [ 32.961944] kvm_vm_release+0x42/0x50 [ 32.961947] __fput+0x38a/0xa40 [ 32.961951] ? __alloc_file+0x400/0x400 [ 32.961955] ? check_same_owner+0x340/0x340 [ 32.961959] ? kasan_check_write+0x14/0x20 [ 32.961964] ? do_raw_spin_lock+0xc1/0x200 [ 32.961967] ____fput+0x15/0x20 [ 32.961971] task_work_run+0x1e8/0x2a0 [ 32.961975] ? task_work_cancel+0x240/0x240 [ 32.961980] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.961984] ? switch_task_namespaces+0xa2/0xd0 [ 32.961988] do_exit+0x1ae4/0x26e0 [ 32.961992] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.961996] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.962001] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.962004] ? kfree+0x1d7/0x210 [ 32.962008] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.962013] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.962018] ? is_bpf_text_address+0xd7/0x170 [ 32.962020] ? [ 32.962027] Lost 55 message(s)! [ 34.022877] Shutting down cpus with NMI [ 35.082054] Dumping ftrace buffer: [ 35.085579] (ftrace buffer empty) [ 35.089267] Kernel Offset: disabled [ 35.092874] Rebooting in 86400 seconds..