[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.515702] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.272185] random: sshd: uninitialized urandom read (32 bytes read) [ 25.571663] random: sshd: uninitialized urandom read (32 bytes read) [ 26.127322] random: sshd: uninitialized urandom read (32 bytes read) [ 26.306476] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts. [ 31.871379] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 31.971476] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 31.997019] ================================================================== [ 32.006844] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 32.013085] Read of size 8 at addr ffff8801b99e8058 by task syz-executor741/4654 [ 32.020621] [ 32.022261] CPU: 0 PID: 4654 Comm: syz-executor741 Not tainted 4.19.0-rc1+ #219 [ 32.029710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.039071] Call Trace: [ 32.041676] dump_stack+0x1c9/0x2b4 [ 32.045327] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.050532] ? printk+0xa7/0xcf [ 32.053829] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.058603] ? __schedule+0xf54/0x1df0 [ 32.062500] print_address_description+0x6c/0x20b [ 32.067348] ? __schedule+0xf54/0x1df0 [ 32.071241] kasan_report.cold.7+0x242/0x30d [ 32.075668] __asan_report_load8_noabort+0x14/0x20 [ 32.080617] __schedule+0xf54/0x1df0 [ 32.084374] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.089516] ? __sched_text_start+0x8/0x8 [ 32.093685] ? __call_srcu+0x7e7/0x1040 [ 32.097682] ? check_same_owner+0x340/0x340 [ 32.102010] ? mark_held_locks+0x160/0x160 [ 32.106250] ? find_held_lock+0x36/0x1c0 [ 32.110321] preempt_schedule_common+0x22/0x60 [ 32.114910] _cond_resched+0x1d/0x30 [ 32.118634] wait_for_completion+0xa5/0x8d0 [ 32.122975] ? wait_for_completion_interruptible+0x950/0x950 [ 32.128779] ? __lockdep_init_map+0x105/0x590 [ 32.133283] ? __init_waitqueue_head+0x9e/0x150 [ 32.137955] ? init_wait_entry+0x1c0/0x1c0 [ 32.142194] __synchronize_srcu+0x189/0x240 [ 32.146516] ? call_srcu+0x10/0x10 [ 32.150057] ? rcu_unexpedite_gp+0x20/0x20 [ 32.154300] synchronize_srcu+0x335/0x56f [ 32.158451] ? lock_downgrade+0x8f0/0x8f0 [ 32.162602] ? synchronize_srcu_expedited+0x20/0x20 [ 32.167620] ? kasan_check_read+0x11/0x20 [ 32.171771] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.176355] ? kasan_check_write+0x14/0x20 [ 32.180588] ? do_raw_spin_lock+0xc1/0x200 [ 32.184829] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.190541] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.195992] ? kvfree+0x61/0x70 [ 32.199790] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.204809] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.208888] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.213301] ? kvm_arch_sync_events+0x30/0x30 [ 32.217799] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.223335] ? mmu_notifier_unregister+0x474/0x600 [ 32.228261] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.232671] ? kfree+0x111/0x210 [ 32.236038] ? __mmu_notifier_register+0x30/0x30 [ 32.240799] ? __free_pages+0x10a/0x190 [ 32.244775] ? free_unref_page+0x930/0x930 [ 32.249019] kvm_put_kvm+0x73f/0x1060 [ 32.252831] ? kvm_write_guest_cached+0x40/0x40 [ 32.257506] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.261999] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.266494] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.271078] ? kasan_check_write+0x14/0x20 [ 32.275326] ? do_raw_spin_lock+0xc1/0x200 [ 32.279580] ? kvm_irqfd_release+0xdd/0x120 [ 32.283899] ? kvm_irqfd_release+0xdd/0x120 [ 32.288225] ? kvm_put_kvm+0x1060/0x1060 [ 32.292287] kvm_vm_release+0x42/0x50 [ 32.296086] __fput+0x38a/0xa40 [ 32.299363] ? __alloc_file+0x400/0x400 [ 32.303339] ? check_same_owner+0x340/0x340 [ 32.307662] ? kasan_check_write+0x14/0x20 [ 32.311898] ? do_raw_spin_lock+0xc1/0x200 [ 32.316136] ____fput+0x15/0x20 [ 32.319428] task_work_run+0x1e8/0x2a0 [ 32.323333] ? task_work_cancel+0x240/0x240 [ 32.327657] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.333193] ? switch_task_namespaces+0xa2/0xd0 [ 32.337900] do_exit+0x1ae4/0x26e0 [ 32.341452] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.346124] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.350369] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.355378] ? kfree+0x1d7/0x210 [ 32.358760] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.362993] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.368702] ? is_bpf_text_address+0xd7/0x170 [ 32.373195] ? kernel_text_address+0x79/0xf0 [ 32.377598] ? __kernel_text_address+0xd/0x40 [ 32.382091] ? unwind_get_return_address+0x61/0xa0 [ 32.387019] ? __save_stack_trace+0x8d/0xf0 [ 32.391344] ? save_stack+0xa9/0xd0 [ 32.394968] ? save_stack+0x43/0xd0 [ 32.398591] ? __kasan_slab_free+0x11a/0x170 [ 32.402998] ? kasan_slab_free+0xe/0x10 [ 32.406970] ? putname+0xf2/0x130 [ 32.410436] ? __x64_sys_openat+0x9d/0x100 [ 32.414671] ? do_syscall_64+0x1b9/0x820 [ 32.418731] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.424095] ? trace_hardirqs_off+0xb8/0x2b0 [ 32.428505] ? kasan_check_read+0x11/0x20 [ 32.432658] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.437063] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.441472] ? initcall_blacklisted+0x9a/0x1e0 [ 32.446053] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.451175] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.456886] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.462436] ? do_vfs_ioctl+0x201/0x1720 [ 32.466497] ? rcu_is_watching+0x8c/0x150 [ 32.470639] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.474960] ? ioctl_preallocate+0x300/0x300 [ 32.479372] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.484945] ? __fget_light+0x2f7/0x440 [ 32.488940] ? fget_raw+0x20/0x20 [ 32.492391] ? putname+0xf2/0x130 [ 32.495859] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.500874] ? kmem_cache_free+0x246/0x280 [ 32.505106] ? putname+0xf7/0x130 [ 32.508585] do_group_exit+0x177/0x440 [ 32.512475] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.516795] ? __ia32_sys_exit+0x50/0x50 [ 32.520855] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.525956] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.531509] ? ksys_ioctl+0x81/0xd0 [ 32.535138] __x64_sys_exit_group+0x3e/0x50 [ 32.539460] do_syscall_64+0x1b9/0x820 [ 32.543351] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.548712] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.553643] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.558483] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 32.563497] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 32.568511] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.573532] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.578379] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.583586] RIP: 0033:0x43f028 [ 32.586781] Code: Bad RIP value. [ 32.590140] RSP: 002b:00007ffcdb754c98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.597845] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 32.605139] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.612424] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.619690] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 32.626959] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 32.634231] [ 32.635856] Allocated by task 4654: [ 32.639485] save_stack+0x43/0xd0 [ 32.642935] kasan_kmalloc+0xc4/0xe0 [ 32.646644] kasan_slab_alloc+0x12/0x20 [ 32.650613] kmem_cache_alloc+0x12e/0x710 [ 32.654783] vmx_create_vcpu+0xcf/0x2830 [ 32.658839] kvm_arch_vcpu_create+0xe5/0x220 [ 32.663246] kvm_vm_ioctl+0x488/0x1d80 [ 32.667129] do_vfs_ioctl+0x1de/0x1720 [ 32.671015] ksys_ioctl+0xa9/0xd0 [ 32.674484] __x64_sys_ioctl+0x73/0xb0 [ 32.678371] do_syscall_64+0x1b9/0x820 [ 32.682264] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.687442] [ 32.689063] Freed by task 4654: [ 32.692340] save_stack+0x43/0xd0 [ 32.695784] __kasan_slab_free+0x11a/0x170 [ 32.700011] kasan_slab_free+0xe/0x10 [ 32.703826] kmem_cache_free+0x86/0x280 [ 32.707800] vmx_free_vcpu+0x26b/0x300 [ 32.711685] kvm_arch_destroy_vm+0x365/0x7c0 [ 32.716091] kvm_put_kvm+0x73f/0x1060 [ 32.719886] kvm_vm_release+0x42/0x50 [ 32.723682] __fput+0x38a/0xa40 [ 32.726955] ____fput+0x15/0x20 [ 32.730229] task_work_run+0x1e8/0x2a0 [ 32.734111] do_exit+0x1ae4/0x26e0 [ 32.737646] do_group_exit+0x177/0x440 [ 32.741531] __x64_sys_exit_group+0x3e/0x50 [ 32.745866] do_syscall_64+0x1b9/0x820 [ 32.749752] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.754932] [ 32.756565] The buggy address belongs to the object at ffff8801b99e8040 [ 32.756565] which belongs to the cache kvm_vcpu of size 23872 [ 32.769136] The buggy address is located 24 bytes inside of [ 32.769136] 23872-byte region [ffff8801b99e8040, ffff8801b99edd80) [ 32.781092] The buggy address belongs to the page: [ 32.786030] page:ffffea0006e67a00 count:1 mapcount:0 mapping:ffff8801d5271d80 index:0x0 compound_mapcount: 0 [ 32.796000] flags: 0x2fffc0000008100(slab|head) [ 32.800670] raw: 02fffc0000008100 ffff8801d5272f48 ffff8801d5272f48 ffff8801d5271d80 [ 32.808564] raw: 0000000000000000 ffff8801b99e8040 0000000100000001 0000000000000000 [ 32.816438] page dumped because: kasan: bad access detected [ 32.822139] [ 32.823772] Memory state around the buggy address: [ 32.828698] ffff8801b99e7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.836050] ffff8801b99e7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.843412] >ffff8801b99e8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 32.850775] ^ [ 32.856999] ffff8801b99e8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.864354] ffff8801b99e8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.871787] ================================================================== [ 32.879138] Kernel panic - not syncing: panic_on_warn set ... [ 32.879138] [ 32.886513] CPU: 0 PID: 4654 Comm: syz-executor741 Tainted: G B 4.19.0-rc1+ #219 [ 32.895340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.904687] Call Trace: [ 32.907276] dump_stack+0x1c9/0x2b4 [ 32.910902] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.916117] ? lock_downgrade+0x8f0/0x8f0 [ 32.920263] ? __schedule+0xf54/0x1df0 [ 32.924152] panic+0x238/0x4e7 [ 32.927343] ? add_taint.cold.5+0x16/0x16 [ 32.931495] ? print_shadow_for_address+0xba/0x116 [ 32.936435] ? trace_hardirqs_off+0xaf/0x2b0 [ 32.940840] ? trace_hardirqs_off+0x77/0x2b0 [ 32.945246] ? __schedule+0xf54/0x1df0 [ 32.949156] kasan_end_report+0x47/0x4f [ 32.953129] kasan_report.cold.7+0x76/0x30d [ 32.957454] __asan_report_load8_noabort+0x14/0x20 [ 32.962381] __schedule+0xf54/0x1df0 [ 32.966105] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.971222] ? __sched_text_start+0x8/0x8 [ 32.975371] ? __call_srcu+0x7e7/0x1040 [ 32.979385] ? check_same_owner+0x340/0x340 [ 32.983714] ? mark_held_locks+0x160/0x160 [ 32.987978] ? find_held_lock+0x36/0x1c0 [ 32.992037] preempt_schedule_common+0x22/0x60 [ 32.996619] _cond_resched+0x1d/0x30 [ 33.000332] wait_for_completion+0xa5/0x8d0 [ 33.004655] ? wait_for_completion_interruptible+0x950/0x950 [ 33.010453] ? __lockdep_init_map+0x105/0x590 [ 33.014968] ? __init_waitqueue_head+0x9e/0x150 [ 33.019637] ? init_wait_entry+0x1c0/0x1c0 [ 33.023881] __synchronize_srcu+0x189/0x240 [ 33.028204] ? call_srcu+0x10/0x10 [ 33.031744] ? rcu_unexpedite_gp+0x20/0x20 [ 33.036003] synchronize_srcu+0x335/0x56f [ 33.040149] ? lock_downgrade+0x8f0/0x8f0 [ 33.044294] ? synchronize_srcu_expedited+0x20/0x20 [ 33.049309] ? kasan_check_read+0x11/0x20 [ 33.053456] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.058037] ? kasan_check_write+0x14/0x20 [ 33.062267] ? do_raw_spin_lock+0xc1/0x200 [ 33.066506] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.072216] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.077663] ? kvfree+0x61/0x70 [ 33.080944] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.085958] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.090022] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.094438] ? kvm_arch_sync_events+0x30/0x30 [ 33.098939] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.104477] ? mmu_notifier_unregister+0x474/0x600 [ 33.109419] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.113830] ? kfree+0x111/0x210 [ 33.117195] ? __mmu_notifier_register+0x30/0x30 [ 33.121949] ? __free_pages+0x10a/0x190 [ 33.125972] ? free_unref_page+0x930/0x930 [ 33.130211] kvm_put_kvm+0x73f/0x1060 [ 33.134015] ? kvm_write_guest_cached+0x40/0x40 [ 33.138682] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.143173] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.147665] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.152254] ? kasan_check_write+0x14/0x20 [ 33.156490] ? do_raw_spin_lock+0xc1/0x200 [ 33.160737] ? kvm_irqfd_release+0xdd/0x120 [ 33.165067] ? kvm_irqfd_release+0xdd/0x120 [ 33.169388] ? kvm_put_kvm+0x1060/0x1060 [ 33.173469] kvm_vm_release+0x42/0x50 [ 33.177263] __fput+0x38a/0xa40 [ 33.180541] ? __alloc_file+0x400/0x400 [ 33.184522] ? check_same_owner+0x340/0x340 [ 33.188847] ? kasan_check_write+0x14/0x20 [ 33.193082] ? do_raw_spin_lock+0xc1/0x200 [ 33.199444] ____fput+0x15/0x20 [ 33.202732] task_work_run+0x1e8/0x2a0 [ 33.206649] ? task_work_cancel+0x240/0x240 [ 33.210976] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.216515] ? switch_task_namespaces+0xa2/0xd0 [ 33.221182] do_exit+0x1ae4/0x26e0 [ 33.224724] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.229396] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.233648] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.238663] ? kfree+0x1d7/0x210 [ 33.242030] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.246263] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.251976] ? is_bpf_text_address+0xd7/0x170 [ 33.256468] ? kernel_text_address+0x79/0xf0 [ 33.260874] ? __kernel_text_address+0xd/0x40 [ 33.265367] ? unwind_get_return_address+0x61/0xa0 [ 33.270331] ? __save_stack_trace+0x8d/0xf0 [ 33.274659] ? save_stack+0xa9/0xd0 [ 33.278284] ? save_stack+0x43/0xd0 [ 33.281907] ? __kasan_slab_free+0x11a/0x170 [ 33.286311] ? kasan_slab_free+0xe/0x10 [ 33.290283] ? putname+0xf2/0x130 [ 33.293737] ? __x64_sys_openat+0x9d/0x100 [ 33.297972] ? do_syscall_64+0x1b9/0x820 [ 33.302032] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.307699] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.312107] ? kasan_check_read+0x11/0x20 [ 33.316254] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.320663] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.325075] ? initcall_blacklisted+0x9a/0x1e0 [ 33.329656] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.334762] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.340477] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.346013] ? do_vfs_ioctl+0x201/0x1720 [ 33.350076] ? rcu_is_watching+0x8c/0x150 [ 33.354222] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.358546] ? ioctl_preallocate+0x300/0x300 [ 33.362958] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.368495] ? __fget_light+0x2f7/0x440 [ 33.372468] ? fget_raw+0x20/0x20 [ 33.375920] ? putname+0xf2/0x130 [ 33.379375] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.384436] ? kmem_cache_free+0x246/0x280 [ 33.388671] ? putname+0xf7/0x130 [ 33.392124] do_group_exit+0x177/0x440 [ 33.396011] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.400330] ? __ia32_sys_exit+0x50/0x50 [ 33.404427] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.409533] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.415068] ? ksys_ioctl+0x81/0xd0 [ 33.418702] __x64_sys_exit_group+0x3e/0x50 [ 33.423029] do_syscall_64+0x1b9/0x820 [ 33.426915] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.432280] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.437210] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.442055] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.447100] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 33.452115] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.457133] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.461979] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.467163] RIP: 0033:0x43f028 [ 33.470356] Code: Bad RIP value. [ 33.473726] RSP: 002b:00007ffcdb754c98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.481439] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 33.488702] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.495987] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.503253] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.510517] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 33.517792] [ 33.517798] ====================================================== [ 33.517803] WARNING: possible circular locking dependency detected [ 33.517807] 4.19.0-rc1+ #219 Not tainted [ 33.517812] ------------------------------------------------------ [ 33.517817] syz-executor741/4654 is trying to acquire lock: [ 33.517820] 00000000de79b277 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 33.517834] [ 33.517838] but task is already holding lock: [ 33.517841] 000000004c91c345 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.517855] [ 33.517859] which lock already depends on the new lock. [ 33.517861] [ 33.517864] [ 33.517869] the existing dependency chain (in reverse order) is: [ 33.517871] [ 33.517873] -> #3 (report_lock){....}: [ 33.517887] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.517891] kasan_report+0x8e/0x110 [ 33.517895] __asan_report_load8_noabort+0x14/0x20 [ 33.517899] __schedule+0xf54/0x1df0 [ 33.517903] preempt_schedule_common+0x22/0x60 [ 33.517907] _cond_resched+0x1d/0x30 [ 33.517911] wait_for_completion+0xa5/0x8d0 [ 33.517915] __synchronize_srcu+0x189/0x240 [ 33.517920] synchronize_srcu+0x335/0x56f [ 33.517924] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.517928] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.517932] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.517936] kvm_put_kvm+0x73f/0x1060 [ 33.517940] kvm_vm_release+0x42/0x50 [ 33.517943] __fput+0x38a/0xa40 [ 33.517947] ____fput+0x15/0x20 [ 33.517950] task_work_run+0x1e8/0x2a0 [ 33.517954] do_exit+0x1ae4/0x26e0 [ 33.517958] do_group_exit+0x177/0x440 [ 33.517962] __x64_sys_exit_group+0x3e/0x50 [ 33.517966] do_syscall_64+0x1b9/0x820 [ 33.517970] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.517972] [ 33.517975] -> #2 (&rq->lock){-.-.}: [ 33.517988] _raw_spin_lock+0x2a/0x40 [ 33.517992] task_fork_fair+0x93/0x680 [ 33.517995] sched_fork+0x44b/0xbd0 [ 33.517999] copy_process+0x235e/0x7ad0 [ 33.518003] _do_fork+0x1ca/0x1170 [ 33.518007] kernel_thread+0x34/0x40 [ 33.518010] rest_init+0x22/0xe4 [ 33.518014] start_kernel+0x913/0x94e [ 33.518018] x86_64_start_reservations+0x29/0x2b [ 33.518022] x86_64_start_kernel+0x76/0x79 [ 33.518026] secondary_startup_64+0xa4/0xb0 [ 33.518028] [ 33.518030] -> #1 (&p->pi_lock){-.-.}: [ 33.518044] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.518048] try_to_wake_up+0xd2/0x1250 [ 33.518052] wake_up_process+0x10/0x20 [ 33.518056] __up.isra.1+0x1c0/0x2a0 [ 33.518059] up+0x13c/0x1c0 [ 33.518063] __up_console_sem+0xbe/0x1b0 [ 33.518066] console_unlock+0x506/0x10d0 [ 33.518070] vprintk_emit+0x33a/0x910 [ 33.518074] vprintk_default+0x28/0x30 [ 33.518078] vprintk_func+0x7a/0x117 [ 33.518081] printk+0xa7/0xcf [ 33.518084] load_umh+0x51/0xbd [ 33.518088] do_one_initcall+0x127/0x838 [ 33.518092] kernel_init_freeable+0x4bb/0x5ae [ 33.518096] kernel_init+0x11/0x1b3 [ 33.518099] ret_from_fork+0x3a/0x50 [ 33.518102] [ 33.518104] -> #0 ((console_sem).lock){-...}: [ 33.518118] lock_acquire+0x1e4/0x4f0 [ 33.518122] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.518126] down_trylock+0x13/0x70 [ 33.518130] __down_trylock_console_sem+0xae/0x200 [ 33.518134] console_trylock+0x15/0xa0 [ 33.518138] vprintk_emit+0x31f/0x910 [ 33.518141] vprintk_default+0x28/0x30 [ 33.518145] vprintk_func+0x7a/0x117 [ 33.518148] printk+0xa7/0xcf [ 33.518152] kasan_report+0x9e/0x110 [ 33.518156] __asan_report_load8_noabort+0x14/0x20 [ 33.518160] __schedule+0xf54/0x1df0 [ 33.518164] preempt_schedule_common+0x22/0x60 [ 33.518168] _cond_resched+0x1d/0x30 [ 33.518172] wait_for_completion+0xa5/0x8d0 [ 33.518176] __synchronize_srcu+0x189/0x240 [ 33.518180] synchronize_srcu+0x335/0x56f [ 33.518185] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.518189] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.518193] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.518196] kvm_put_kvm+0x73f/0x1060 [ 33.518200] kvm_vm_release+0x42/0x50 [ 33.518204] __fput+0x38a/0xa40 [ 33.518207] ____fput+0x15/0x20 [ 33.518211] task_work_run+0x1e8/0x2a0 [ 33.518214] do_exit+0x1ae4/0x26e0 [ 33.518218] do_group_exit+0x177/0x440 [ 33.518222] __x64_sys_exit_group+0x3e/0x50 [ 33.518226] do_syscall_64+0x1b9/0x820 [ 33.518230] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.518232] [ 33.518237] other info that might help us debug this: [ 33.518239] [ 33.518242] Chain exists of: [ 33.518244] (console_sem).lock --> &rq->lock --> report_lock [ 33.518262] [ 33.518266] Possible unsafe locking scenario: [ 33.518268] [ 33.518272] CPU0 CPU1 [ 33.518276] ---- ---- [ 33.518278] lock(report_lock); [ 33.518287] lock(&rq->lock); [ 33.518296] lock(report_lock); [ 33.518303] lock((console_sem).lock); [ 33.518311] [ 33.518314] *** DEADLOCK *** [ 33.518316] [ 33.518320] 2 locks held by syz-executor741/4654: [ 33.518323] #0: 000000009924e3cf (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 33.518339] #1: 000000004c91c345 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.518355] [ 33.518358] stack backtrace: [ 33.518364] CPU: 0 PID: 4654 Comm: syz-executor741 Not tainted 4.19.0-rc1+ #219 [ 33.518371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.518374] Call Trace: [ 33.518377] dump_stack+0x1c9/0x2b4 [ 33.518382] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.518386] ? vprintk_func+0x100/0x117 [ 33.518390] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 33.518394] ? save_trace+0xe0/0x290 [ 33.518398] __lock_acquire+0x3449/0x5020 [ 33.518410] ? mark_held_locks+0x160/0x160 [ 33.518420] ? mark_held_locks+0x160/0x160 [ 33.518424] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 33.518428] ? is_bpf_text_address+0xd7/0x170 [ 33.518432] ? kernel_text_address+0x79/0xf0 [ 33.518436] ? __kernel_text_address+0xd/0x40 [ 33.518440] ? __save_stack_trace+0x8d/0xf0 [ 33.518445] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 33.518448] ? save_trace+0x290/0x290 [ 33.518452] ? save_stack_trace+0x1a/0x20 [ 33.518456] ? save_trace+0xe0/0x290 [ 33.518459] ? graph_lock+0x170/0x170 [ 33.518464] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.518468] lock_acquire+0x1e4/0x4f0 [ 33.518471] ? down_trylock+0x13/0x70 [ 33.518475] ? lock_release+0x9f0/0x9f0 [ 33.518479] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.518483] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.518487] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.518491] ? log_store+0x34f/0x4c0 [ 33.518495] ? vprintk_emit+0x31f/0x910 [ 33.518499] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.518503] ? down_trylock+0x13/0x70 [ 33.518506] down_trylock+0x13/0x70 [ 33.518510] __down_trylock_console_sem+0xae/0x200 [ 33.518514] console_trylock+0x15/0xa0 [ 33.518518] vprintk_emit+0x31f/0x910 [ 33.518522] ? wake_up_klogd+0x110/0x110 [ 33.518526] ? run_rebalance_domains+0x4c0/0x4c0 [ 33.518530] ? kasan_check_read+0x11/0x20 [ 33.518534] ? rcu_is_watching+0x8c/0x150 [ 33.518537] ? rcu_pm_notify+0xc0/0xc0 [ 33.518541] ? lock_acquire+0x1e4/0x4f0 [ 33.518545] ? kasan_report+0x8e/0x110 [ 33.518549] ? __schedule+0xf54/0x1df0 [ 33.518552] vprintk_default+0x28/0x30 [ 33.518556] vprintk_func+0x7a/0x117 [ 33.518559] printk+0xa7/0xcf [ 33.518563] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.518567] ? kasan_check_write+0x14/0x20 [ 33.518571] ? do_raw_spin_lock+0xc1/0x200 [ 33.518575] ? do_raw_spin_lock+0xc1/0x200 [ 33.518579] kasan_report+0x9e/0x110 [ 33.518583] __asan_report_load8_noabort+0x14/0x20 [ 33.518587] __schedule+0xf54/0x1df0 [ 33.518591] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.518595] ? __sched_text_start+0x8/0x8 [ 33.518599] ? __call_srcu+0x7e7/0x1040 [ 33.518603] ? check_same_owner+0x340/0x340 [ 33.518607] ? mark_held_locks+0x160/0x160 [ 33.518611] ? find_held_lock+0x36/0x1c0 [ 33.518615] preempt_schedule_common+0x22/0x60 [ 33.518618] _cond_resched+0x1d/0x30 [ 33.518622] wait_for_completion+0xa5/0x8d0 [ 33.518627] ? wait_for_completion_interruptible+0x950/0x950 [ 33.518631] ? __lockdep_init_map+0x105/0x590 [ 33.518635] ? __init_waitqueue_head+0x9e/0x150 [ 33.518639] ? init_wait_entry+0x1c0/0x1c0 [ 33.518643] __synchronize_srcu+0x189/0x240 [ 33.518647] ? call_srcu+0x10/0x10 [ 33.518651] ? rcu_unexpedite_gp+0x20/0x20 [ 33.518655] synchronize_srcu+0x335/0x56f [ 33.518659] ? lock_downgrade+0x8f0/0x8f0 [ 33.518663] ? synchronize_srcu_expedited+0x20/0x20 [ 33.518667] ? kasan_check_read+0x11/0x20 [ 33.518671] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.518675] ? kasan_check_write+0x14/0x20 [ 33.518679] ? do_raw_spin_lock+0xc1/0x200 [ 33.518684] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.518689] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.518692] ? kvfree+0x61/0x70 [ 33.518697] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.518700] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.518704] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.518708] ? kvm_arch_sync_events+0x30/0x30 [ 33.518713] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.518718] ? mmu_notifier_unregister+0x474/0x600 [ 33.518722] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.518725] ? kfree+0x111/0x210 [ 33.518729] ? __mmu_notifier_register+0x30/0x30 [ 33.518733] ? __free_pages+0x10a/0x190 [ 33.518737] ? free_unref_page+0x930/0x930 [ 33.518741] kvm_put_kvm+0x73f/0x1060 [ 33.518745] ? kvm_write_guest_cached+0x40/0x40 [ 33.518749] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.518753] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.518757] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.518761] ? kasan_check_write+0x14/0x20 [ 33.518765] ? do_raw_spin_lock+0xc1/0x200 [ 33.518769] ? kvm_irqfd_release+0xdd/0x120 [ 33.518773] ? kvm_irqfd_release+0xdd/0x120 [ 33.518777] ? kvm_put_kvm+0x1060/0x1060 [ 33.518780] kvm_vm_release+0x42/0x50 [ 33.518784] __fput+0x38a/0xa40 [ 33.518787] ? __alloc_file+0x400/0x400 [ 33.518791] ? check_same_owner+0x340/0x340 [ 33.518795] ? kasan_check_write+0x14/0x20 [ 33.518799] ? do_raw_spin_lock+0xc1/0x200 [ 33.518802] ____fput+0x15/0x20 [ 33.518806] task_work_run+0x1e8/0x2a0 [ 33.518810] ? task_work_cancel+0x240/0x240 [ 33.518815] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.518819] ? switch_task_namespaces+0xa2/0xd0 [ 33.518822] do_exit+0x1ae4/0x26e0 [ 33.518827] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.518830] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.518835] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.518838] ? kfree+0x1d7/0x210 [ 33.518842] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.518847] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.518851] ? is_bpf_text_address+0xd7/0x170 [ 33.518853] ? [ 33.518860] Lost 55 message(s)! [ 34.604112] Shutting down cpus with NMI [ 35.664036] Dumping ftrace buffer: [ 35.667570] (ftrace buffer empty) [ 35.671260] Kernel Offset: disabled [ 35.674870] Rebooting in 86400 seconds..