[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.856544] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.251676] random: sshd: uninitialized urandom read (32 bytes read) [ 24.465881] random: sshd: uninitialized urandom read (32 bytes read) [ 25.053110] random: sshd: uninitialized urandom read (32 bytes read) [ 33.519166] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.204' (ECDSA) to the list of known hosts. [ 39.168101] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 39.273210] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 39.297895] ================================================================== [ 39.307584] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 39.313811] Read of size 8 at addr ffff8801b8080058 by task syz-executor828/4655 [ 39.321327] [ 39.322979] CPU: 0 PID: 4655 Comm: syz-executor828 Not tainted 4.19.0-rc1+ #214 [ 39.330420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.339762] Call Trace: [ 39.342352] dump_stack+0x1c9/0x2b4 [ 39.345988] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.351174] ? printk+0xa7/0xcf [ 39.354474] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 39.359241] ? __schedule+0xf54/0x1df0 [ 39.363126] print_address_description+0x6c/0x20b [ 39.367968] ? __schedule+0xf54/0x1df0 [ 39.371850] kasan_report.cold.7+0x242/0x30d [ 39.376264] __asan_report_load8_noabort+0x14/0x20 [ 39.381200] __schedule+0xf54/0x1df0 [ 39.384920] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 39.390021] ? __sched_text_start+0x8/0x8 [ 39.394169] ? __call_srcu+0x7e7/0x1040 [ 39.398169] ? check_same_owner+0x340/0x340 [ 39.402506] ? mark_held_locks+0x160/0x160 [ 39.406738] ? find_held_lock+0x36/0x1c0 [ 39.410799] preempt_schedule_common+0x22/0x60 [ 39.415367] _cond_resched+0x1d/0x30 [ 39.419061] wait_for_completion+0xa5/0x8d0 [ 39.423367] ? wait_for_completion_interruptible+0x950/0x950 [ 39.429197] ? __lockdep_init_map+0x105/0x590 [ 39.433695] ? __init_waitqueue_head+0x9e/0x150 [ 39.438365] ? init_wait_entry+0x1c0/0x1c0 [ 39.442607] __synchronize_srcu+0x189/0x240 [ 39.446939] ? call_srcu+0x10/0x10 [ 39.450490] ? rcu_unexpedite_gp+0x20/0x20 [ 39.454728] synchronize_srcu+0x335/0x56f [ 39.458875] ? lock_downgrade+0x8f0/0x8f0 [ 39.463032] ? synchronize_srcu_expedited+0x20/0x20 [ 39.468045] ? kasan_check_read+0x11/0x20 [ 39.472212] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.476808] ? kasan_check_write+0x14/0x20 [ 39.481042] ? do_raw_spin_lock+0xc1/0x200 [ 39.485277] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.490987] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.496438] ? kvfree+0x61/0x70 [ 39.499720] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.504741] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.508798] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.513214] ? kvm_arch_sync_events+0x30/0x30 [ 39.517711] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.523248] ? mmu_notifier_unregister+0x474/0x600 [ 39.528209] ? trace_hardirqs_on+0x2c0/0x2c0 [ 39.532621] ? kfree+0x111/0x210 [ 39.535988] ? __mmu_notifier_register+0x30/0x30 [ 39.540746] ? __free_pages+0x10a/0x190 [ 39.544719] ? free_unref_page+0x930/0x930 [ 39.548959] kvm_put_kvm+0x73f/0x1060 [ 39.552760] ? kvm_write_guest_cached+0x40/0x40 [ 39.557428] ? _raw_spin_unlock_irq+0x27/0x70 [ 39.561917] ? _raw_spin_unlock_irq+0x27/0x70 [ 39.566406] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.570988] ? kasan_check_write+0x14/0x20 [ 39.575230] ? do_raw_spin_lock+0xc1/0x200 [ 39.579461] ? kvm_irqfd_release+0xdd/0x120 [ 39.583776] ? kvm_irqfd_release+0xdd/0x120 [ 39.588109] ? kvm_put_kvm+0x1060/0x1060 [ 39.592168] kvm_vm_release+0x42/0x50 [ 39.595975] __fput+0x38a/0xa40 [ 39.599270] ? __alloc_file+0x400/0x400 [ 39.603276] ? check_same_owner+0x340/0x340 [ 39.607597] ? kasan_check_write+0x14/0x20 [ 39.611840] ? do_raw_spin_lock+0xc1/0x200 [ 39.616070] ____fput+0x15/0x20 [ 39.619353] task_work_run+0x1e8/0x2a0 [ 39.623238] ? task_work_cancel+0x240/0x240 [ 39.627584] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.633124] ? switch_task_namespaces+0xa2/0xd0 [ 39.637791] do_exit+0x1ae4/0x26e0 [ 39.641332] ? mm_update_next_owner+0x9a0/0x9a0 [ 39.646010] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 39.650243] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.655257] ? kfree+0x1d7/0x210 [ 39.658640] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 39.662878] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 39.668588] ? is_bpf_text_address+0xd7/0x170 [ 39.673100] ? kernel_text_address+0x79/0xf0 [ 39.677532] ? __kernel_text_address+0xd/0x40 [ 39.682026] ? unwind_get_return_address+0x61/0xa0 [ 39.686953] ? __save_stack_trace+0x8d/0xf0 [ 39.691281] ? save_stack+0xa9/0xd0 [ 39.694906] ? save_stack+0x43/0xd0 [ 39.698527] ? __kasan_slab_free+0x11a/0x170 [ 39.702932] ? kasan_slab_free+0xe/0x10 [ 39.706901] ? putname+0xf2/0x130 [ 39.710350] ? __x64_sys_openat+0x9d/0x100 [ 39.714593] ? do_syscall_64+0x1b9/0x820 [ 39.718679] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.724050] ? trace_hardirqs_off+0xb8/0x2b0 [ 39.728451] ? kasan_check_read+0x11/0x20 [ 39.732604] ? do_raw_spin_unlock+0xa7/0x2f0 [ 39.737010] ? trace_hardirqs_on+0x2c0/0x2c0 [ 39.741418] ? initcall_blacklisted+0x9a/0x1e0 [ 39.746002] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 39.751108] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 39.756825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.762360] ? do_vfs_ioctl+0x201/0x1720 [ 39.766431] ? rcu_is_watching+0x8c/0x150 [ 39.770581] ? trace_hardirqs_on+0xbd/0x2c0 [ 39.774904] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 39.779935] ? __fget_light+0x2f7/0x440 [ 39.783917] ? fget_raw+0x20/0x20 [ 39.787382] ? putname+0xf2/0x130 [ 39.790836] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.795851] ? kmem_cache_free+0x246/0x280 [ 39.800100] ? putname+0xf7/0x130 [ 39.803557] do_group_exit+0x177/0x440 [ 39.807460] ? trace_hardirqs_on+0xbd/0x2c0 [ 39.811781] ? __ia32_sys_exit+0x50/0x50 [ 39.815841] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 39.820946] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.826484] ? ksys_ioctl+0x81/0xd0 [ 39.830108] __x64_sys_exit_group+0x3e/0x50 [ 39.834428] do_syscall_64+0x1b9/0x820 [ 39.838315] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.843679] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.848622] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.853460] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 39.858472] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.863483] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.868500] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.873355] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.878538] RIP: 0033:0x43f3b8 [ 39.881725] Code: Bad RIP value. [ 39.885084] RSP: 002b:00007ffdd5b279b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 39.892798] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f3b8 [ 39.900057] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 39.907323] RBP: 00000000004c0c68 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 39.914606] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 39.921869] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 39.929132] [ 39.930749] Allocated by task 4655: [ 39.934397] save_stack+0x43/0xd0 [ 39.937847] kasan_kmalloc+0xc4/0xe0 [ 39.941561] kasan_slab_alloc+0x12/0x20 [ 39.945531] kmem_cache_alloc+0x12e/0x710 [ 39.949672] vmx_create_vcpu+0xcf/0x2830 [ 39.953729] kvm_arch_vcpu_create+0xe5/0x220 [ 39.958143] kvm_vm_ioctl+0x488/0x1d80 [ 39.962029] do_vfs_ioctl+0x1de/0x1720 [ 39.965911] ksys_ioctl+0xa9/0xd0 [ 39.969384] __x64_sys_ioctl+0x73/0xb0 [ 39.973289] do_syscall_64+0x1b9/0x820 [ 39.977171] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.982362] [ 39.983983] Freed by task 4655: [ 39.987253] save_stack+0x43/0xd0 [ 39.990697] __kasan_slab_free+0x11a/0x170 [ 39.994923] kasan_slab_free+0xe/0x10 [ 39.998714] kmem_cache_free+0x86/0x280 [ 40.002684] vmx_free_vcpu+0x26b/0x300 [ 40.006566] kvm_arch_destroy_vm+0x365/0x7c0 [ 40.010983] kvm_put_kvm+0x73f/0x1060 [ 40.014779] kvm_vm_release+0x42/0x50 [ 40.018579] __fput+0x38a/0xa40 [ 40.021854] ____fput+0x15/0x20 [ 40.025129] task_work_run+0x1e8/0x2a0 [ 40.029020] do_exit+0x1ae4/0x26e0 [ 40.032584] do_group_exit+0x177/0x440 [ 40.036478] __x64_sys_exit_group+0x3e/0x50 [ 40.040796] do_syscall_64+0x1b9/0x820 [ 40.044679] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.049851] [ 40.051474] The buggy address belongs to the object at ffff8801b8080040 [ 40.051474] which belongs to the cache kvm_vcpu of size 23872 [ 40.064041] The buggy address is located 24 bytes inside of [ 40.064041] 23872-byte region [ffff8801b8080040, ffff8801b8085d80) [ 40.075994] The buggy address belongs to the page: [ 40.080916] page:ffffea0006e02000 count:1 mapcount:0 mapping:ffff8801d516f9c0 index:0x0 compound_mapcount: 0 [ 40.090879] flags: 0x2fffc0000008100(slab|head) [ 40.095566] raw: 02fffc0000008100 ffff8801d6ff7148 ffff8801d6ff7148 ffff8801d516f9c0 [ 40.103448] raw: 0000000000000000 ffff8801b8080040 0000000100000001 0000000000000000 [ 40.111313] page dumped because: kasan: bad access detected [ 40.117008] [ 40.118625] Memory state around the buggy address: [ 40.123555] ffff8801b807ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.130912] ffff8801b807ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.138270] >ffff8801b8080000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 40.145619] ^ [ 40.151847] ffff8801b8080080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.159205] ffff8801b8080100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.166548] ================================================================== [ 40.173900] Kernel panic - not syncing: panic_on_warn set ... [ 40.173900] [ 40.181261] CPU: 0 PID: 4655 Comm: syz-executor828 Tainted: G B 4.19.0-rc1+ #214 [ 40.190088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.199432] Call Trace: [ 40.202051] dump_stack+0x1c9/0x2b4 [ 40.205676] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.210862] ? lock_downgrade+0x8f0/0x8f0 [ 40.215007] ? __schedule+0xf54/0x1df0 [ 40.218893] panic+0x238/0x4e7 [ 40.222080] ? add_taint.cold.5+0x16/0x16 [ 40.226234] ? print_shadow_for_address+0xba/0x116 [ 40.231158] ? trace_hardirqs_off+0xaf/0x2b0 [ 40.235584] ? trace_hardirqs_off+0x77/0x2b0 [ 40.239991] ? __schedule+0xf54/0x1df0 [ 40.243873] kasan_end_report+0x47/0x4f [ 40.247848] kasan_report.cold.7+0x76/0x30d [ 40.252166] __asan_report_load8_noabort+0x14/0x20 [ 40.257102] __schedule+0xf54/0x1df0 [ 40.260812] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 40.265941] ? __sched_text_start+0x8/0x8 [ 40.270099] ? __call_srcu+0x7e7/0x1040 [ 40.274079] ? check_same_owner+0x340/0x340 [ 40.278413] ? mark_held_locks+0x160/0x160 [ 40.282656] ? find_held_lock+0x36/0x1c0 [ 40.286718] preempt_schedule_common+0x22/0x60 [ 40.291299] _cond_resched+0x1d/0x30 [ 40.295023] wait_for_completion+0xa5/0x8d0 [ 40.299343] ? wait_for_completion_interruptible+0x950/0x950 [ 40.305158] ? __lockdep_init_map+0x105/0x590 [ 40.309658] ? __init_waitqueue_head+0x9e/0x150 [ 40.314320] ? init_wait_entry+0x1c0/0x1c0 [ 40.318553] __synchronize_srcu+0x189/0x240 [ 40.322873] ? call_srcu+0x10/0x10 [ 40.326414] ? rcu_unexpedite_gp+0x20/0x20 [ 40.330650] synchronize_srcu+0x335/0x56f [ 40.335013] ? lock_downgrade+0x8f0/0x8f0 [ 40.339156] ? synchronize_srcu_expedited+0x20/0x20 [ 40.344195] ? kasan_check_read+0x11/0x20 [ 40.348354] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.352932] ? kasan_check_write+0x14/0x20 [ 40.357163] ? do_raw_spin_lock+0xc1/0x200 [ 40.361408] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.367116] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 40.372560] ? kvfree+0x61/0x70 [ 40.375843] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.380857] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.384915] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.389318] ? kvm_arch_sync_events+0x30/0x30 [ 40.393815] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.399364] ? mmu_notifier_unregister+0x474/0x600 [ 40.404286] ? trace_hardirqs_on+0x2c0/0x2c0 [ 40.408700] ? kfree+0x111/0x210 [ 40.412049] ? __mmu_notifier_register+0x30/0x30 [ 40.416848] ? __free_pages+0x10a/0x190 [ 40.420830] ? free_unref_page+0x930/0x930 [ 40.425070] kvm_put_kvm+0x73f/0x1060 [ 40.428873] ? kvm_write_guest_cached+0x40/0x40 [ 40.433545] ? _raw_spin_unlock_irq+0x27/0x70 [ 40.438034] ? _raw_spin_unlock_irq+0x27/0x70 [ 40.442535] ? lockdep_hardirqs_on+0x421/0x5c0 [ 40.447126] ? kasan_check_write+0x14/0x20 [ 40.451357] ? do_raw_spin_lock+0xc1/0x200 [ 40.455592] ? kvm_irqfd_release+0xdd/0x120 [ 40.459926] ? kvm_irqfd_release+0xdd/0x120 [ 40.464256] ? kvm_put_kvm+0x1060/0x1060 [ 40.468311] kvm_vm_release+0x42/0x50 [ 40.472109] __fput+0x38a/0xa40 [ 40.475391] ? __alloc_file+0x400/0x400 [ 40.479372] ? check_same_owner+0x340/0x340 [ 40.483688] ? kasan_check_write+0x14/0x20 [ 40.487919] ? do_raw_spin_lock+0xc1/0x200 [ 40.492151] ____fput+0x15/0x20 [ 40.495466] task_work_run+0x1e8/0x2a0 [ 40.499350] ? task_work_cancel+0x240/0x240 [ 40.503683] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.509230] ? switch_task_namespaces+0xa2/0xd0 [ 40.513900] do_exit+0x1ae4/0x26e0 [ 40.517441] ? mm_update_next_owner+0x9a0/0x9a0 [ 40.522140] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 40.526385] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.531418] ? kfree+0x1d7/0x210 [ 40.534802] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 40.539039] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 40.544747] ? is_bpf_text_address+0xd7/0x170 [ 40.549242] ? kernel_text_address+0x79/0xf0 [ 40.553646] ? __kernel_text_address+0xd/0x40 [ 40.558136] ? unwind_get_return_address+0x61/0xa0 [ 40.563061] ? __save_stack_trace+0x8d/0xf0 [ 40.567384] ? save_stack+0xa9/0xd0 [ 40.571012] ? save_stack+0x43/0xd0 [ 40.574637] ? __kasan_slab_free+0x11a/0x170 [ 40.579042] ? kasan_slab_free+0xe/0x10 [ 40.583009] ? putname+0xf2/0x130 [ 40.586461] ? __x64_sys_openat+0x9d/0x100 [ 40.590694] ? do_syscall_64+0x1b9/0x820 [ 40.594751] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.600111] ? trace_hardirqs_off+0xb8/0x2b0 [ 40.604514] ? kasan_check_read+0x11/0x20 [ 40.608835] ? do_raw_spin_unlock+0xa7/0x2f0 [ 40.613237] ? trace_hardirqs_on+0x2c0/0x2c0 [ 40.617646] ? initcall_blacklisted+0x9a/0x1e0 [ 40.622238] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 40.627340] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 40.633068] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.638627] ? do_vfs_ioctl+0x201/0x1720 [ 40.642689] ? rcu_is_watching+0x8c/0x150 [ 40.646833] ? trace_hardirqs_on+0xbd/0x2c0 [ 40.651155] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 40.656177] ? __fget_light+0x2f7/0x440 [ 40.660163] ? fget_raw+0x20/0x20 [ 40.663616] ? putname+0xf2/0x130 [ 40.667068] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.672078] ? kmem_cache_free+0x246/0x280 [ 40.676308] ? putname+0xf7/0x130 [ 40.679762] do_group_exit+0x177/0x440 [ 40.683646] ? trace_hardirqs_on+0xbd/0x2c0 [ 40.687963] ? __ia32_sys_exit+0x50/0x50 [ 40.692020] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 40.697125] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 40.702661] ? ksys_ioctl+0x81/0xd0 [ 40.706300] __x64_sys_exit_group+0x3e/0x50 [ 40.710632] do_syscall_64+0x1b9/0x820 [ 40.714518] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 40.719881] ? syscall_return_slowpath+0x5e0/0x5e0 [ 40.724810] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.729650] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 40.734661] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 40.739674] ? prepare_exit_to_usermode+0x291/0x3b0 [ 40.744688] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.749540] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.754728] RIP: 0033:0x43f3b8 [ 40.757921] Code: Bad RIP value. [ 40.761288] RSP: 002b:00007ffdd5b279b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 40.768993] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f3b8 [ 40.776260] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 40.783527] RBP: 00000000004c0c68 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 40.790789] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 40.798053] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 40.805327] [ 40.805332] ====================================================== [ 40.805337] WARNING: possible circular locking dependency detected [ 40.805341] 4.19.0-rc1+ #214 Not tainted [ 40.805346] ------------------------------------------------------ [ 40.805350] syz-executor828/4655 is trying to acquire lock: [ 40.805353] 0000000010d2683e ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 40.805367] [ 40.805371] but task is already holding lock: [ 40.805374] 000000000de0e551 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 40.805387] [ 40.805392] which lock already depends on the new lock. [ 40.805394] [ 40.805396] [ 40.805401] the existing dependency chain (in reverse order) is: [ 40.805403] [ 40.805405] -> #3 (report_lock){....}: [ 40.805419] _raw_spin_lock_irqsave+0x96/0xc0 [ 40.805422] kasan_report+0x8e/0x110 [ 40.805426] __asan_report_load8_noabort+0x14/0x20 [ 40.805430] __schedule+0xf54/0x1df0 [ 40.805434] preempt_schedule_common+0x22/0x60 [ 40.805437] _cond_resched+0x1d/0x30 [ 40.805442] wait_for_completion+0xa5/0x8d0 [ 40.805446] __synchronize_srcu+0x189/0x240 [ 40.805456] synchronize_srcu+0x335/0x56f [ 40.805461] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.805464] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.805468] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.805472] kvm_put_kvm+0x73f/0x1060 [ 40.805475] kvm_vm_release+0x42/0x50 [ 40.805479] __fput+0x38a/0xa40 [ 40.805482] ____fput+0x15/0x20 [ 40.805486] task_work_run+0x1e8/0x2a0 [ 40.805501] do_exit+0x1ae4/0x26e0 [ 40.805505] do_group_exit+0x177/0x440 [ 40.805509] __x64_sys_exit_group+0x3e/0x50 [ 40.805513] do_syscall_64+0x1b9/0x820 [ 40.805517] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.805519] [ 40.805522] -> #2 (&rq->lock){-.-.}: [ 40.805535] _raw_spin_lock+0x2a/0x40 [ 40.805539] task_fork_fair+0x93/0x680 [ 40.805542] sched_fork+0x44b/0xbd0 [ 40.805546] copy_process+0x235e/0x7ad0 [ 40.805550] _do_fork+0x1ca/0x1170 [ 40.805554] kernel_thread+0x34/0x40 [ 40.805557] rest_init+0x22/0xe4 [ 40.805561] start_kernel+0x913/0x94e [ 40.805565] x86_64_start_reservations+0x29/0x2b [ 40.805569] x86_64_start_kernel+0x76/0x79 [ 40.805573] secondary_startup_64+0xa4/0xb0 [ 40.805575] [ 40.805577] -> #1 (&p->pi_lock){-.-.}: [ 40.805591] _raw_spin_lock_irqsave+0x96/0xc0 [ 40.805595] try_to_wake_up+0xd2/0x1250 [ 40.805599] wake_up_process+0x10/0x20 [ 40.805603] __up.isra.1+0x1c0/0x2a0 [ 40.805606] up+0x13c/0x1c0 [ 40.805610] __up_console_sem+0xbe/0x1b0 [ 40.805614] console_unlock+0x506/0x10d0 [ 40.805617] vprintk_emit+0x33a/0x910 [ 40.805621] vprintk_default+0x28/0x30 [ 40.805625] vprintk_func+0x7a/0x117 [ 40.805628] printk+0xa7/0xcf [ 40.805632] load_umh+0x51/0xbd [ 40.805635] do_one_initcall+0x127/0x838 [ 40.805640] kernel_init_freeable+0x4bb/0x5ae [ 40.805643] kernel_init+0x11/0x1b3 [ 40.805647] ret_from_fork+0x3a/0x50 [ 40.805649] [ 40.805651] -> #0 ((console_sem).lock){-...}: [ 40.805665] lock_acquire+0x1e4/0x4f0 [ 40.805669] _raw_spin_lock_irqsave+0x96/0xc0 [ 40.805673] down_trylock+0x13/0x70 [ 40.805677] __down_trylock_console_sem+0xae/0x200 [ 40.805681] console_trylock+0x15/0xa0 [ 40.805685] vprintk_emit+0x31f/0x910 [ 40.805689] vprintk_default+0x28/0x30 [ 40.805692] vprintk_func+0x7a/0x117 [ 40.805696] printk+0xa7/0xcf [ 40.805699] kasan_report+0x9e/0x110 [ 40.805704] __asan_report_load8_noabort+0x14/0x20 [ 40.805707] __schedule+0xf54/0x1df0 [ 40.805712] preempt_schedule_common+0x22/0x60 [ 40.805715] _cond_resched+0x1d/0x30 [ 40.805719] wait_for_completion+0xa5/0x8d0 [ 40.805723] __synchronize_srcu+0x189/0x240 [ 40.805727] synchronize_srcu+0x335/0x56f [ 40.805732] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.805736] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.805740] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.805744] kvm_put_kvm+0x73f/0x1060 [ 40.805747] kvm_vm_release+0x42/0x50 [ 40.805751] __fput+0x38a/0xa40 [ 40.805754] ____fput+0x15/0x20 [ 40.805758] task_work_run+0x1e8/0x2a0 [ 40.805762] do_exit+0x1ae4/0x26e0 [ 40.805765] do_group_exit+0x177/0x440 [ 40.805769] __x64_sys_exit_group+0x3e/0x50 [ 40.805773] do_syscall_64+0x1b9/0x820 [ 40.805778] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.805780] [ 40.805784] other info that might help us debug this: [ 40.805786] [ 40.805789] Chain exists of: [ 40.805791] (console_sem).lock --> &rq->lock --> report_lock [ 40.805809] [ 40.805813] Possible unsafe locking scenario: [ 40.805815] [ 40.805819] CPU0 CPU1 [ 40.805823] ---- ---- [ 40.805825] lock(report_lock); [ 40.805834] lock(&rq->lock); [ 40.805843] lock(report_lock); [ 40.805851] lock((console_sem).lock); [ 40.805859] [ 40.805862] *** DEADLOCK *** [ 40.805864] [ 40.805868] 2 locks held by syz-executor828/4655: [ 40.805870] #0: 00000000ba5ae03b (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 40.805887] #1: 000000000de0e551 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 40.805903] [ 40.805906] stack backtrace: [ 40.805912] CPU: 0 PID: 4655 Comm: syz-executor828 Not tainted 4.19.0-rc1+ #214 [ 40.805919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.805922] Call Trace: [ 40.805925] dump_stack+0x1c9/0x2b4 [ 40.805930] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.805933] ? vprintk_func+0x100/0x117 [ 40.805938] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 40.805942] ? save_trace+0xe0/0x290 [ 40.805946] __lock_acquire+0x3449/0x5020 [ 40.805949] ? mark_held_locks+0x160/0x160 [ 40.805954] ? mark_held_locks+0x160/0x160 [ 40.805958] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 40.805962] ? is_bpf_text_address+0xd7/0x170 [ 40.805966] ? kernel_text_address+0x79/0xf0 [ 40.805970] ? __kernel_text_address+0xd/0x40 [ 40.805974] ? __save_stack_trace+0x8d/0xf0 [ 40.805979] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 40.805982] ? save_trace+0x290/0x290 [ 40.805986] ? save_stack_trace+0x1a/0x20 [ 40.805990] ? save_trace+0xe0/0x290 [ 40.805994] ? graph_lock+0x170/0x170 [ 40.805998] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.806002] lock_acquire+0x1e4/0x4f0 [ 40.806006] ? down_trylock+0x13/0x70 [ 40.806009] ? lock_release+0x9f0/0x9f0 [ 40.806013] ? trace_hardirqs_off+0xb8/0x2b0 [ 40.806017] ? trace_hardirqs_on+0x2c0/0x2c0 [ 40.806021] ? trace_hardirqs_off+0xb8/0x2b0 [ 40.806025] ? log_store+0x34f/0x4c0 [ 40.806029] ? vprintk_emit+0x31f/0x910 [ 40.806033] _raw_spin_lock_irqsave+0x96/0xc0 [ 40.806037] ? down_trylock+0x13/0x70 [ 40.806040] down_trylock+0x13/0x70 [ 40.806045] __down_trylock_console_sem+0xae/0x200 [ 40.806048] console_trylock+0x15/0xa0 [ 40.806052] vprintk_emit+0x31f/0x910 [ 40.806056] ? wake_up_klogd+0x110/0x110 [ 40.806060] ? run_rebalance_domains+0x4c0/0x4c0 [ 40.806064] ? kasan_check_read+0x11/0x20 [ 40.806068] ? rcu_is_watching+0x8c/0x150 [ 40.806072] ? rcu_pm_notify+0xc0/0xc0 [ 40.806075] ? lock_acquire+0x1e4/0x4f0 [ 40.806079] ? kasan_report+0x8e/0x110 [ 40.806083] ? __schedule+0xf54/0x1df0 [ 40.806086] vprintk_default+0x28/0x30 [ 40.806090] vprintk_func+0x7a/0x117 [ 40.806093] printk+0xa7/0xcf [ 40.806098] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 40.806101] ? kasan_check_write+0x14/0x20 [ 40.806105] ? do_raw_spin_lock+0xc1/0x200 [ 40.806109] ? do_raw_spin_lock+0xc1/0x200 [ 40.806113] kasan_report+0x9e/0x110 [ 40.806117] __asan_report_load8_noabort+0x14/0x20 [ 40.806121] __schedule+0xf54/0x1df0 [ 40.806125] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 40.806129] ? __sched_text_start+0x8/0x8 [ 40.806133] ? __call_srcu+0x7e7/0x1040 [ 40.806137] ? check_same_owner+0x340/0x340 [ 40.806141] ? mark_held_locks+0x160/0x160 [ 40.806144] ? find_held_lock+0x36/0x1c0 [ 40.806149] preempt_schedule_common+0x22/0x60 [ 40.806152] _cond_resched+0x1d/0x30 [ 40.806156] wait_for_completion+0xa5/0x8d0 [ 40.806161] ? wait_for_completion_interruptible+0x950/0x950 [ 40.806165] ? __lockdep_init_map+0x105/0x590 [ 40.806169] ? __init_waitqueue_head+0x9e/0x150 [ 40.806173] ? init_wait_entry+0x1c0/0x1c0 [ 40.806177] __synchronize_srcu+0x189/0x240 [ 40.806181] ? call_srcu+0x10/0x10 [ 40.806194] ? rcu_unexpedite_gp+0x20/0x20 [ 40.806198] synchronize_srcu+0x335/0x56f [ 40.806202] ? lock_downgrade+0x8f0/0x8f0 [ 40.806206] ? synchronize_srcu_expedited+0x20/0x20 [ 40.806210] ? kasan_check_read+0x11/0x20 [ 40.806214] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.806218] ? kasan_check_write+0x14/0x20 [ 40.806222] ? do_raw_spin_lock+0xc1/0x200 [ 40.806227] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.806232] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 40.806235] ? kvfree+0x61/0x70 [ 40.806239] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.806243] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.806247] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.806251] ? kvm_arch_sync_events+0x30/0x30 [ 40.806256] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.806260] ? mmu_notifier_unregister+0x474/0x600 [ 40.806264] ? trace_hardirqs_on+0x2c0/0x2c0 [ 40.806268] ? kfree+0x111/0x210 [ 40.806272] ? __mmu_notifier_register+0x30/0x30 [ 40.806275] ? __free_pages+0x10a/0x190 [ 40.806279] ? free_unref_page+0x930/0x930 [ 40.806283] kvm_put_kvm+0x73f/0x1060 [ 40.806287] ? kvm_write_guest_cached+0x40/0x40 [ 40.806291] ? _raw_spin_unlock_irq+0x27/0x70 [ 40.806295] ? _raw_spin_unlock_irq+0x27/0x70 [ 40.806299] ? lockdep_hardirqs_on+0x421/0x5c0 [ 40.806303] ? kasan_check_write+0x14/0x20 [ 40.806307] ? do_raw_spin_lock+0xc1/0x200 [ 40.806311] ? kvm_irqfd_release+0xdd/0x120 [ 40.806315] ? kvm_irqfd_release+0xdd/0x120 [ 40.806319] ? kvm_put_kvm+0x1060/0x1060 [ 40.806322] kvm_vm_release+0x42/0x50 [ 40.806326] __fput+0x38a/0xa40 [ 40.806329] ? __alloc_file+0x400/0x400 [ 40.806333] ? check_same_owner+0x340/0x340 [ 40.806337] ? kasan_check_write+0x14/0x20 [ 40.806341] ? do_raw_spin_lock+0xc1/0x200 [ 40.806345] ____fput+0x15/0x20 [ 40.806348] task_work_run+0x1e8/0x2a0 [ 40.806352] ? task_work_cancel+0x240/0x240 [ 40.806357] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.806361] ? switch_task_namespaces+0xa2/0xd0 [ 40.806365] do_exit+0x1ae4/0x26e0 [ 40.806369] ? mm_update_next_owner+0x9a0/0x9a0 [ 40.806373] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 40.806377] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.806380] ? kfree+0x1d7/0x210 [ 40.806384] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 40.806389] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 40.806393] ? is_bpf_text_address+0xd7/0x170 [ 40.806395] ? [ 40.806402] Lost 54 message(s)! [ 41.916837] Shutting down cpus with NMI [ 42.975805] Dumping ftrace buffer: [ 42.979335] (ftrace buffer empty) [ 42.983021] Kernel Offset: disabled [ 42.986628] Rebooting in 86400 seconds..