[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.749100] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.310902] random: sshd: uninitialized urandom read (32 bytes read) [ 27.575769] random: sshd: uninitialized urandom read (32 bytes read) [ 28.105433] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.15' (ECDSA) to the list of known hosts. [ 33.813917] urandom_read: 1 callbacks suppressed [ 33.813922] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.918009] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.943368] ================================================================== [ 33.953081] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.959305] Read of size 8 at addr ffff8801b9230058 by task syz-executor294/4668 [ 33.966823] [ 33.968446] CPU: 0 PID: 4668 Comm: syz-executor294 Not tainted 4.19.0-rc2+ #225 [ 33.975880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.985736] Call Trace: [ 33.988322] dump_stack+0x1c9/0x2b4 [ 33.991953] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.997139] ? printk+0xa7/0xcf [ 34.000416] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.005172] ? __schedule+0xf54/0x1df0 [ 34.009062] print_address_description+0x6c/0x20b [ 34.013906] ? __schedule+0xf54/0x1df0 [ 34.017791] kasan_report.cold.7+0x242/0x30d [ 34.022202] __asan_report_load8_noabort+0x14/0x20 [ 34.027137] __schedule+0xf54/0x1df0 [ 34.030853] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.035956] ? __sched_text_start+0x8/0x8 [ 34.040101] ? __call_srcu+0x7e7/0x1040 [ 34.044080] ? check_same_owner+0x340/0x340 [ 34.048425] ? mark_held_locks+0x160/0x160 [ 34.052664] ? find_held_lock+0x36/0x1c0 [ 34.056731] preempt_schedule_common+0x22/0x60 [ 34.061319] _cond_resched+0x1d/0x30 [ 34.065054] wait_for_completion+0xa5/0x8d0 [ 34.069374] ? wait_for_completion_interruptible+0x950/0x950 [ 34.075182] ? __lockdep_init_map+0x105/0x590 [ 34.079676] ? __init_waitqueue_head+0x9e/0x150 [ 34.084337] ? init_wait_entry+0x1c0/0x1c0 [ 34.088859] __synchronize_srcu+0x189/0x240 [ 34.093175] ? call_srcu+0x10/0x10 [ 34.096741] ? rcu_unexpedite_gp+0x20/0x20 [ 34.100981] synchronize_srcu+0x335/0x56f [ 34.105122] ? lock_downgrade+0x8f0/0x8f0 [ 34.109276] ? synchronize_srcu_expedited+0x20/0x20 [ 34.114310] ? kasan_check_read+0x11/0x20 [ 34.118468] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.123044] ? kasan_check_write+0x14/0x20 [ 34.127287] ? do_raw_spin_lock+0xc1/0x200 [ 34.131547] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.137268] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.142715] ? kvfree+0x61/0x70 [ 34.145995] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.151032] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.155088] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.159498] ? kvm_arch_sync_events+0x30/0x30 [ 34.164001] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.169557] ? mmu_notifier_unregister+0x474/0x600 [ 34.174526] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.178936] ? kfree+0x111/0x210 [ 34.182299] ? __mmu_notifier_register+0x30/0x30 [ 34.187058] ? __free_pages+0x10a/0x190 [ 34.191027] ? free_unref_page+0x930/0x930 [ 34.195274] kvm_put_kvm+0x73f/0x1060 [ 34.199083] ? kvm_write_guest_cached+0x40/0x40 [ 34.203757] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.208264] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.212753] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.217347] ? kasan_check_write+0x14/0x20 [ 34.221576] ? do_raw_spin_lock+0xc1/0x200 [ 34.225814] ? kvm_irqfd_release+0xdd/0x120 [ 34.230131] ? kvm_irqfd_release+0xdd/0x120 [ 34.234456] ? kvm_put_kvm+0x1060/0x1060 [ 34.238512] kvm_vm_release+0x42/0x50 [ 34.242308] __fput+0x38a/0xa40 [ 34.245586] ? __alloc_file+0x400/0x400 [ 34.249568] ? check_same_owner+0x340/0x340 [ 34.253885] ? kasan_check_write+0x14/0x20 [ 34.258120] ? do_raw_spin_lock+0xc1/0x200 [ 34.262372] ____fput+0x15/0x20 [ 34.265662] task_work_run+0x1e8/0x2a0 [ 34.269552] ? task_work_cancel+0x240/0x240 [ 34.273875] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.279414] ? switch_task_namespaces+0xa2/0xd0 [ 34.284094] do_exit+0x1ae4/0x26e0 [ 34.287637] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.292303] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.296536] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.301560] ? kfree+0x1d7/0x210 [ 34.304926] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.309161] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.314870] ? is_bpf_text_address+0xd7/0x170 [ 34.319365] ? kernel_text_address+0x79/0xf0 [ 34.323792] ? __kernel_text_address+0xd/0x40 [ 34.328309] ? unwind_get_return_address+0x61/0xa0 [ 34.333239] ? __save_stack_trace+0x8d/0xf0 [ 34.337564] ? save_stack+0xa9/0xd0 [ 34.341200] ? save_stack+0x43/0xd0 [ 34.344820] ? __kasan_slab_free+0x11a/0x170 [ 34.349221] ? kasan_slab_free+0xe/0x10 [ 34.353188] ? putname+0xf2/0x130 [ 34.356637] ? __x64_sys_openat+0x9d/0x100 [ 34.360868] ? do_syscall_64+0x1b9/0x820 [ 34.364928] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.370286] ? trace_hardirqs_off+0xb8/0x2c0 [ 34.374689] ? kasan_check_read+0x11/0x20 [ 34.378833] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.383247] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.387651] ? initcall_blacklisted+0x9a/0x1e0 [ 34.392253] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.397353] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.403075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.408613] ? do_vfs_ioctl+0x201/0x1720 [ 34.412671] ? rcu_is_watching+0x8c/0x150 [ 34.416811] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.421144] ? ioctl_preallocate+0x300/0x300 [ 34.425545] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.431161] ? __fget_light+0x2f7/0x440 [ 34.435131] ? fget_raw+0x20/0x20 [ 34.438575] ? putname+0xf2/0x130 [ 34.442028] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.447039] ? kmem_cache_free+0x246/0x280 [ 34.451266] ? putname+0xf7/0x130 [ 34.454721] do_group_exit+0x177/0x440 [ 34.458620] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.462939] ? __ia32_sys_exit+0x50/0x50 [ 34.466997] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.472106] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.477688] ? ksys_ioctl+0x81/0xd0 [ 34.481320] __x64_sys_exit_group+0x3e/0x50 [ 34.485648] do_syscall_64+0x1b9/0x820 [ 34.489530] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.494889] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.499813] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.504648] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 34.509663] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.514680] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.519519] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.524709] RIP: 0033:0x43f028 [ 34.527899] Code: Bad RIP value. [ 34.531253] RSP: 002b:00007ffe280169e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.538957] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 34.546236] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.553496] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.560753] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.568026] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 34.575302] [ 34.576917] Allocated by task 4668: [ 34.580541] save_stack+0x43/0xd0 [ 34.583989] kasan_kmalloc+0xc4/0xe0 [ 34.587697] kasan_slab_alloc+0x12/0x20 [ 34.591662] kmem_cache_alloc+0x12e/0x710 [ 34.595819] vmx_create_vcpu+0xcf/0x2830 [ 34.599877] kvm_arch_vcpu_create+0xe5/0x220 [ 34.604284] kvm_vm_ioctl+0x488/0x1d80 [ 34.608172] do_vfs_ioctl+0x1de/0x1720 [ 34.612063] ksys_ioctl+0xa9/0xd0 [ 34.615525] __x64_sys_ioctl+0x73/0xb0 [ 34.619405] do_syscall_64+0x1b9/0x820 [ 34.623291] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.628463] [ 34.630078] Freed by task 4668: [ 34.633349] save_stack+0x43/0xd0 [ 34.636799] __kasan_slab_free+0x11a/0x170 [ 34.641037] kasan_slab_free+0xe/0x10 [ 34.644829] kmem_cache_free+0x86/0x280 [ 34.648794] vmx_free_vcpu+0x26b/0x300 [ 34.652672] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.657078] kvm_put_kvm+0x73f/0x1060 [ 34.660872] kvm_vm_release+0x42/0x50 [ 34.664662] __fput+0x38a/0xa40 [ 34.667932] ____fput+0x15/0x20 [ 34.671201] task_work_run+0x1e8/0x2a0 [ 34.675080] do_exit+0x1ae4/0x26e0 [ 34.678632] do_group_exit+0x177/0x440 [ 34.682515] __x64_sys_exit_group+0x3e/0x50 [ 34.686843] do_syscall_64+0x1b9/0x820 [ 34.690727] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.695898] [ 34.697521] The buggy address belongs to the object at ffff8801b9230040 [ 34.697521] which belongs to the cache kvm_vcpu of size 23872 [ 34.710096] The buggy address is located 24 bytes inside of [ 34.710096] 23872-byte region [ffff8801b9230040, ffff8801b9235d80) [ 34.722057] The buggy address belongs to the page: [ 34.727001] page:ffffea0006e48c00 count:1 mapcount:0 mapping:ffff8801d527fb40 index:0x0 compound_mapcount: 0 [ 34.736963] flags: 0x2fffc0000008100(slab|head) [ 34.741632] raw: 02fffc0000008100 ffff8801d732f048 ffff8801d732f048 ffff8801d527fb40 [ 34.749510] raw: 0000000000000000 ffff8801b9230040 0000000100000001 0000000000000000 [ 34.757374] page dumped because: kasan: bad access detected [ 34.763089] [ 34.764731] Memory state around the buggy address: [ 34.769827] ffff8801b922ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.777184] ffff8801b922ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.784537] >ffff8801b9230000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.791883] ^ [ 34.798103] ffff8801b9230080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.805453] ffff8801b9230100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.812796] ================================================================== [ 34.820147] Kernel panic - not syncing: panic_on_warn set ... [ 34.820147] [ 34.827517] CPU: 0 PID: 4668 Comm: syz-executor294 Tainted: G B 4.19.0-rc2+ #225 [ 34.836344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.845690] Call Trace: [ 34.848285] dump_stack+0x1c9/0x2b4 [ 34.851912] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.857112] ? lock_downgrade+0x8f0/0x8f0 [ 34.861277] ? __schedule+0xf54/0x1df0 [ 34.865161] panic+0x238/0x4e7 [ 34.868350] ? add_taint.cold.5+0x16/0x16 [ 34.872498] ? print_shadow_for_address+0xba/0x116 [ 34.877423] ? trace_hardirqs_off+0xaf/0x2c0 [ 34.881825] ? trace_hardirqs_off+0x77/0x2c0 [ 34.886232] ? __schedule+0xf54/0x1df0 [ 34.890115] kasan_end_report+0x47/0x4f [ 34.894088] kasan_report.cold.7+0x76/0x30d [ 34.898409] __asan_report_load8_noabort+0x14/0x20 [ 34.903334] __schedule+0xf54/0x1df0 [ 34.907049] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.912170] ? __sched_text_start+0x8/0x8 [ 34.916321] ? __call_srcu+0x7e7/0x1040 [ 34.920302] ? check_same_owner+0x340/0x340 [ 34.924619] ? mark_held_locks+0x160/0x160 [ 34.928860] ? find_held_lock+0x36/0x1c0 [ 34.932922] preempt_schedule_common+0x22/0x60 [ 34.937502] _cond_resched+0x1d/0x30 [ 34.941213] wait_for_completion+0xa5/0x8d0 [ 34.945534] ? wait_for_completion_interruptible+0x950/0x950 [ 34.951328] ? __lockdep_init_map+0x105/0x590 [ 34.955822] ? __init_waitqueue_head+0x9e/0x150 [ 34.960485] ? init_wait_entry+0x1c0/0x1c0 [ 34.964721] __synchronize_srcu+0x189/0x240 [ 34.969040] ? call_srcu+0x10/0x10 [ 34.972575] ? rcu_unexpedite_gp+0x20/0x20 [ 34.976817] synchronize_srcu+0x335/0x56f [ 34.981483] ? lock_downgrade+0x8f0/0x8f0 [ 34.985629] ? synchronize_srcu_expedited+0x20/0x20 [ 34.990647] ? kasan_check_read+0x11/0x20 [ 34.994792] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.999371] ? kasan_check_write+0x14/0x20 [ 35.003605] ? do_raw_spin_lock+0xc1/0x200 [ 35.007839] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.013544] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.018991] ? kvfree+0x61/0x70 [ 35.022271] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.027295] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.031349] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.035753] ? kvm_arch_sync_events+0x30/0x30 [ 35.040248] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.045787] ? mmu_notifier_unregister+0x474/0x600 [ 35.050826] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.055223] ? kfree+0x111/0x210 [ 35.058573] ? __mmu_notifier_register+0x30/0x30 [ 35.063460] ? __free_pages+0x10a/0x190 [ 35.067442] ? free_unref_page+0x930/0x930 [ 35.071690] kvm_put_kvm+0x73f/0x1060 [ 35.075498] ? kvm_write_guest_cached+0x40/0x40 [ 35.080170] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.084674] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.089168] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.093775] ? kasan_check_write+0x14/0x20 [ 35.098015] ? do_raw_spin_lock+0xc1/0x200 [ 35.102283] ? kvm_irqfd_release+0xdd/0x120 [ 35.106603] ? kvm_irqfd_release+0xdd/0x120 [ 35.110938] ? kvm_put_kvm+0x1060/0x1060 [ 35.115003] kvm_vm_release+0x42/0x50 [ 35.118802] __fput+0x38a/0xa40 [ 35.122081] ? __alloc_file+0x400/0x400 [ 35.126060] ? check_same_owner+0x340/0x340 [ 35.130886] ? kasan_check_write+0x14/0x20 [ 35.135130] ? do_raw_spin_lock+0xc1/0x200 [ 35.139365] ____fput+0x15/0x20 [ 35.142643] task_work_run+0x1e8/0x2a0 [ 35.146527] ? task_work_cancel+0x240/0x240 [ 35.150851] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.156390] ? switch_task_namespaces+0xa2/0xd0 [ 35.161060] do_exit+0x1ae4/0x26e0 [ 35.164606] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.169278] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.173514] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.178528] ? kfree+0x1d7/0x210 [ 35.181927] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.186179] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.191894] ? is_bpf_text_address+0xd7/0x170 [ 35.196394] ? kernel_text_address+0x79/0xf0 [ 35.200801] ? __kernel_text_address+0xd/0x40 [ 35.205294] ? unwind_get_return_address+0x61/0xa0 [ 35.210224] ? __save_stack_trace+0x8d/0xf0 [ 35.214550] ? save_stack+0xa9/0xd0 [ 35.218179] ? save_stack+0x43/0xd0 [ 35.221806] ? __kasan_slab_free+0x11a/0x170 [ 35.226213] ? kasan_slab_free+0xe/0x10 [ 35.230186] ? putname+0xf2/0x130 [ 35.233642] ? __x64_sys_openat+0x9d/0x100 [ 35.237877] ? do_syscall_64+0x1b9/0x820 [ 35.241946] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.247309] ? trace_hardirqs_off+0xb8/0x2c0 [ 35.251715] ? kasan_check_read+0x11/0x20 [ 35.255865] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.260290] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.264702] ? initcall_blacklisted+0x9a/0x1e0 [ 35.269289] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.274411] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.280127] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.285661] ? do_vfs_ioctl+0x201/0x1720 [ 35.289722] ? rcu_is_watching+0x8c/0x150 [ 35.293868] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.298200] ? ioctl_preallocate+0x300/0x300 [ 35.302613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.308151] ? __fget_light+0x2f7/0x440 [ 35.312124] ? fget_raw+0x20/0x20 [ 35.315576] ? putname+0xf2/0x130 [ 35.319034] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.324055] ? kmem_cache_free+0x246/0x280 [ 35.328325] ? putname+0xf7/0x130 [ 35.331786] do_group_exit+0x177/0x440 [ 35.335673] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.339994] ? __ia32_sys_exit+0x50/0x50 [ 35.344056] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.349158] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.354695] ? ksys_ioctl+0x81/0xd0 [ 35.358326] __x64_sys_exit_group+0x3e/0x50 [ 35.362649] do_syscall_64+0x1b9/0x820 [ 35.366541] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.371913] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.376840] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.381684] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 35.386700] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.391714] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.396560] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.401748] RIP: 0033:0x43f028 [ 35.404945] Code: Bad RIP value. [ 35.408301] RSP: 002b:00007ffe280169e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.416005] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 35.423268] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.430541] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.437803] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.445066] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 35.452339] [ 35.452345] ====================================================== [ 35.452350] WARNING: possible circular locking dependency detected [ 35.452354] 4.19.0-rc2+ #225 Not tainted [ 35.452359] ------------------------------------------------------ [ 35.452364] syz-executor294/4668 is trying to acquire lock: [ 35.452367] 000000002bc5fd18 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70 [ 35.452382] [ 35.452386] but task is already holding lock: [ 35.452389] 00000000460e77f3 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.452403] [ 35.452407] which lock already depends on the new lock. [ 35.452410] [ 35.452413] [ 35.452418] the existing dependency chain (in reverse order) is: [ 35.452420] [ 35.452422] -> #3 (report_lock){....}: [ 35.452437] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.452440] kasan_report+0x8e/0x110 [ 35.452445] __asan_report_load8_noabort+0x14/0x20 [ 35.452449] __schedule+0xf54/0x1df0 [ 35.452453] preempt_schedule_common+0x22/0x60 [ 35.452457] _cond_resched+0x1d/0x30 [ 35.452461] wait_for_completion+0xa5/0x8d0 [ 35.452465] __synchronize_srcu+0x189/0x240 [ 35.452469] synchronize_srcu+0x335/0x56f [ 35.452474] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.452478] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.452482] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.452485] kvm_put_kvm+0x73f/0x1060 [ 35.452489] kvm_vm_release+0x42/0x50 [ 35.452493] __fput+0x38a/0xa40 [ 35.452496] ____fput+0x15/0x20 [ 35.452500] task_work_run+0x1e8/0x2a0 [ 35.452504] do_exit+0x1ae4/0x26e0 [ 35.452507] do_group_exit+0x177/0x440 [ 35.452511] __x64_sys_exit_group+0x3e/0x50 [ 35.452515] do_syscall_64+0x1b9/0x820 [ 35.452520] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.452522] [ 35.452524] -> #2 (&rq->lock){-.-.}: [ 35.452538] _raw_spin_lock+0x2a/0x40 [ 35.452542] task_fork_fair+0x93/0x680 [ 35.452545] sched_fork+0x44b/0xbd0 [ 35.452549] copy_process+0x235e/0x7af0 [ 35.452553] _do_fork+0x1ca/0x1170 [ 35.452556] kernel_thread+0x34/0x40 [ 35.452560] rest_init+0x22/0xe4 [ 35.452564] start_kernel+0x913/0x94e [ 35.452568] x86_64_start_reservations+0x29/0x2b [ 35.452572] x86_64_start_kernel+0x76/0x79 [ 35.452576] secondary_startup_64+0xa4/0xb0 [ 35.452578] [ 35.452580] -> #1 (&p->pi_lock){-.-.}: [ 35.452594] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.452598] try_to_wake_up+0xd2/0x1250 [ 35.452602] wake_up_process+0x10/0x20 [ 35.452606] __up.isra.1+0x1c0/0x2a0 [ 35.452609] up+0x13c/0x1c0 [ 35.452613] __up_console_sem+0xbe/0x1b0 [ 35.452617] console_unlock+0x506/0x10e0 [ 35.452621] vprintk_emit+0x33a/0x910 [ 35.452624] vprintk_default+0x28/0x30 [ 35.452628] vprintk_func+0x7a/0x117 [ 35.452631] printk+0xa7/0xcf [ 35.452635] load_umh+0x51/0xbd [ 35.452639] do_one_initcall+0x127/0x838 [ 35.452643] kernel_init_freeable+0x4bb/0x5ae [ 35.452646] kernel_init+0x11/0x1b3 [ 35.452650] ret_from_fork+0x3a/0x50 [ 35.452652] [ 35.452654] -> #0 ((console_sem).lock){-.-.}: [ 35.452669] lock_acquire+0x1e4/0x4f0 [ 35.452673] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.452676] down_trylock+0x13/0x70 [ 35.452681] __down_trylock_console_sem+0xae/0x200 [ 35.452685] console_trylock+0x15/0xa0 [ 35.452688] vprintk_emit+0x31f/0x910 [ 35.452692] vprintk_default+0x28/0x30 [ 35.452696] vprintk_func+0x7a/0x117 [ 35.452699] printk+0xa7/0xcf [ 35.452703] kasan_report+0x9e/0x110 [ 35.452707] __asan_report_load8_noabort+0x14/0x20 [ 35.452711] __schedule+0xf54/0x1df0 [ 35.452715] preempt_schedule_common+0x22/0x60 [ 35.452719] _cond_resched+0x1d/0x30 [ 35.452723] wait_for_completion+0xa5/0x8d0 [ 35.452727] __synchronize_srcu+0x189/0x240 [ 35.452731] synchronize_srcu+0x335/0x56f [ 35.452736] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.452740] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.452744] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.452747] kvm_put_kvm+0x73f/0x1060 [ 35.452751] kvm_vm_release+0x42/0x50 [ 35.452755] __fput+0x38a/0xa40 [ 35.452758] ____fput+0x15/0x20 [ 35.452762] task_work_run+0x1e8/0x2a0 [ 35.452766] do_exit+0x1ae4/0x26e0 [ 35.452769] do_group_exit+0x177/0x440 [ 35.452773] __x64_sys_exit_group+0x3e/0x50 [ 35.452777] do_syscall_64+0x1b9/0x820 [ 35.452782] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.452784] [ 35.452789] other info that might help us debug this: [ 35.452791] [ 35.452794] Chain exists of: [ 35.452796] (console_sem).lock --> &rq->lock --> report_lock [ 35.452814] [ 35.452818] Possible unsafe locking scenario: [ 35.452820] [ 35.452824] CPU0 CPU1 [ 35.452828] ---- ---- [ 35.452830] lock(report_lock); [ 35.452851] lock(&rq->lock); [ 35.452872] lock(report_lock); [ 35.452879] lock((console_sem).lock); [ 35.452886] [ 35.452889] *** DEADLOCK *** [ 35.452891] [ 35.452895] 2 locks held by syz-executor294/4668: [ 35.452897] #0: 00000000d8cb4da8 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 35.452918] #1: 00000000460e77f3 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.452933] [ 35.452936] stack backtrace: [ 35.452942] CPU: 0 PID: 4668 Comm: syz-executor294 Not tainted 4.19.0-rc2+ #225 [ 35.452948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.452951] Call Trace: [ 35.452954] dump_stack+0x1c9/0x2b4 [ 35.452958] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.452962] ? vprintk_func+0x100/0x117 [ 35.452967] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 35.452970] ? save_trace+0xe0/0x290 [ 35.452974] __lock_acquire+0x3449/0x5020 [ 35.452978] ? mark_held_locks+0x160/0x160 [ 35.452981] ? mark_held_locks+0x160/0x160 [ 35.452985] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.452989] ? is_bpf_text_address+0xd7/0x170 [ 35.453005] ? kernel_text_address+0x79/0xf0 [ 35.453009] ? __kernel_text_address+0xd/0x40 [ 35.453013] ? __save_stack_trace+0x8d/0xf0 [ 35.453017] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 35.453021] ? save_trace+0x290/0x290 [ 35.453025] ? save_stack_trace+0x1a/0x20 [ 35.453028] ? save_trace+0xe0/0x290 [ 35.453032] ? graph_lock+0x170/0x170 [ 35.453036] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.453040] lock_acquire+0x1e4/0x4f0 [ 35.453044] ? down_trylock+0x13/0x70 [ 35.453047] ? lock_release+0x9f0/0x9f0 [ 35.453051] ? trace_hardirqs_off+0xb8/0x2c0 [ 35.453055] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.453059] ? trace_hardirqs_off+0xb8/0x2c0 [ 35.453075] ? log_store+0x34f/0x4c0 [ 35.453079] ? vprintk_emit+0x31f/0x910 [ 35.453083] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.453087] ? down_trylock+0x13/0x70 [ 35.453090] down_trylock+0x13/0x70 [ 35.453095] __down_trylock_console_sem+0xae/0x200 [ 35.453098] console_trylock+0x15/0xa0 [ 35.453102] vprintk_emit+0x31f/0x910 [ 35.453106] ? wake_up_klogd+0x110/0x110 [ 35.453110] ? run_rebalance_domains+0x4c0/0x4c0 [ 35.453126] ? kasan_check_read+0x11/0x20 [ 35.453129] ? rcu_is_watching+0x8c/0x150 [ 35.453133] ? rcu_pm_notify+0xc0/0xc0 [ 35.453137] ? lock_acquire+0x1e4/0x4f0 [ 35.453140] ? kasan_report+0x8e/0x110 [ 35.453144] ? __schedule+0xf54/0x1df0 [ 35.453147] vprintk_default+0x28/0x30 [ 35.453151] vprintk_func+0x7a/0x117 [ 35.453154] printk+0xa7/0xcf [ 35.453158] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.453162] ? kasan_check_write+0x14/0x20 [ 35.453166] ? do_raw_spin_lock+0xc1/0x200 [ 35.453170] ? do_raw_spin_lock+0xc1/0x200 [ 35.453173] kasan_report+0x9e/0x110 [ 35.453177] __asan_report_load8_noabort+0x14/0x20 [ 35.453181] __schedule+0xf54/0x1df0 [ 35.453197] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.453201] ? __sched_text_start+0x8/0x8 [ 35.453205] ? __call_srcu+0x7e7/0x1040 [ 35.453209] ? check_same_owner+0x340/0x340 [ 35.453213] ? mark_held_locks+0x160/0x160 [ 35.453217] ? find_held_lock+0x36/0x1c0 [ 35.453221] preempt_schedule_common+0x22/0x60 [ 35.453225] _cond_resched+0x1d/0x30 [ 35.453229] wait_for_completion+0xa5/0x8d0 [ 35.453234] ? wait_for_completion_interruptible+0x950/0x950 [ 35.453238] ? __lockdep_init_map+0x105/0x590 [ 35.453242] ? __init_waitqueue_head+0x9e/0x150 [ 35.453246] ? init_wait_entry+0x1c0/0x1c0 [ 35.453250] __synchronize_srcu+0x189/0x240 [ 35.453254] ? call_srcu+0x10/0x10 [ 35.453258] ? rcu_unexpedite_gp+0x20/0x20 [ 35.453262] synchronize_srcu+0x335/0x56f [ 35.453266] ? lock_downgrade+0x8f0/0x8f0 [ 35.453270] ? synchronize_srcu_expedited+0x20/0x20 [ 35.453274] ? kasan_check_read+0x11/0x20 [ 35.453278] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.453282] ? kasan_check_write+0x14/0x20 [ 35.453286] ? do_raw_spin_lock+0xc1/0x200 [ 35.453291] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.453296] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.453299] ? kvfree+0x61/0x70 [ 35.453303] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.453307] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.453311] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.453316] ? kvm_arch_sync_events+0x30/0x30 [ 35.453320] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.453325] ? mmu_notifier_unregister+0x474/0x600 [ 35.453329] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.453332] ? kfree+0x111/0x210 [ 35.453336] ? __mmu_notifier_register+0x30/0x30 [ 35.453340] ? __free_pages+0x10a/0x190 [ 35.453344] ? free_unref_page+0x930/0x930 [ 35.453348] kvm_put_kvm+0x73f/0x1060 [ 35.453352] ? kvm_write_guest_cached+0x40/0x40 [ 35.453356] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.453360] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.453364] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.453368] ? kasan_check_write+0x14/0x20 [ 35.453372] ? do_raw_spin_lock+0xc1/0x200 [ 35.453376] ? kvm_irqfd_release+0xdd/0x120 [ 35.453380] ? kvm_irqfd_release+0xdd/0x120 [ 35.453384] ? kvm_put_kvm+0x1060/0x1060 [ 35.453388] kvm_vm_release+0x42/0x50 [ 35.453391] __fput+0x38a/0xa40 [ 35.453395] ? __alloc_file+0x400/0x400 [ 35.453399] ? check_same_owner+0x340/0x340 [ 35.453403] ? kasan_check_write+0x14/0x20 [ 35.453408] ? do_raw_spin_lock+0xc1/0x200 [ 35.453411] ____fput+0x15/0x20 [ 35.453415] task_work_run+0x1e8/0x2a0 [ 35.453419] ? task_work_cancel+0x240/0x240 [ 35.453424] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.453428] ? switch_task_namespaces+0xa2/0xd0 [ 35.453432] do_exit+0x1ae4/0x26e0 [ 35.453436] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.453440] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.453444] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.453448] ? kfree+0x1d7/0x210 [ 35.453452] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.453456] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.453461] ? is_bpf_text_address+0xd7/0x170 [ 35.453463] ? [ 35.453470] Lost 54 message(s)! [ 36.532626] Shutting down cpus with NMI [ 37.591690] Dumping ftrace buffer: [ 37.595215] (ftrace buffer empty) [ 37.598906] Kernel Offset: disabled [ 37.602528] Rebooting in 86400 seconds..