[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.968598] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 25.024202] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.375020] random: sshd: uninitialized urandom read (32 bytes read) [ 25.964590] random: sshd: uninitialized urandom read (32 bytes read) [ 26.164886] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts. [ 31.807881] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 31.906026] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 31.931508] ================================================================== [ 31.941380] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 31.947609] Read of size 8 at addr ffff8801bc3d0058 by task syz-executor417/4686 [ 31.955128] [ 31.956755] CPU: 0 PID: 4686 Comm: syz-executor417 Not tainted 4.19.0-rc1+ #217 [ 31.964192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.973547] Call Trace: [ 31.976146] dump_stack+0x1c9/0x2b4 [ 31.979774] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.984976] ? printk+0xa7/0xcf [ 31.988258] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 31.993018] ? __schedule+0xf54/0x1df0 [ 31.996912] print_address_description+0x6c/0x20b [ 32.001757] ? __schedule+0xf54/0x1df0 [ 32.005651] kasan_report.cold.7+0x242/0x30d [ 32.010067] __asan_report_load8_noabort+0x14/0x20 [ 32.015001] __schedule+0xf54/0x1df0 [ 32.018729] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.023846] ? __sched_text_start+0x8/0x8 [ 32.028007] ? __call_srcu+0x7e7/0x1040 [ 32.031989] ? check_same_owner+0x340/0x340 [ 32.036306] ? mark_held_locks+0x160/0x160 [ 32.040567] ? find_held_lock+0x36/0x1c0 [ 32.044633] preempt_schedule_common+0x22/0x60 [ 32.049216] _cond_resched+0x1d/0x30 [ 32.052931] wait_for_completion+0xa5/0x8d0 [ 32.057253] ? wait_for_completion_interruptible+0x950/0x950 [ 32.063056] ? __lockdep_init_map+0x105/0x590 [ 32.067574] ? __init_waitqueue_head+0x9e/0x150 [ 32.072239] ? init_wait_entry+0x1c0/0x1c0 [ 32.076491] __synchronize_srcu+0x189/0x240 [ 32.080831] ? call_srcu+0x10/0x10 [ 32.084375] ? rcu_unexpedite_gp+0x20/0x20 [ 32.088620] synchronize_srcu+0x335/0x56f [ 32.092783] ? lock_downgrade+0x8f0/0x8f0 [ 32.096935] ? synchronize_srcu_expedited+0x20/0x20 [ 32.101960] ? kasan_check_read+0x11/0x20 [ 32.106115] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.110731] ? kasan_check_write+0x14/0x20 [ 32.114978] ? do_raw_spin_lock+0xc1/0x200 [ 32.119224] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.124941] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.130395] ? kvfree+0x61/0x70 [ 32.133690] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.138731] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.142828] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.147239] ? kvm_arch_sync_events+0x30/0x30 [ 32.151757] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.157295] ? mmu_notifier_unregister+0x474/0x600 [ 32.162231] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.166658] ? kfree+0x111/0x210 [ 32.170035] ? __mmu_notifier_register+0x30/0x30 [ 32.174808] ? __free_pages+0x10a/0x190 [ 32.178779] ? free_unref_page+0x930/0x930 [ 32.183018] kvm_put_kvm+0x73f/0x1060 [ 32.186846] ? kvm_write_guest_cached+0x40/0x40 [ 32.191536] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.196047] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.200553] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.205145] ? kasan_check_write+0x14/0x20 [ 32.209380] ? do_raw_spin_lock+0xc1/0x200 [ 32.213617] ? kvm_irqfd_release+0xdd/0x120 [ 32.217934] ? kvm_irqfd_release+0xdd/0x120 [ 32.222257] ? kvm_put_kvm+0x1060/0x1060 [ 32.226346] kvm_vm_release+0x42/0x50 [ 32.230166] __fput+0x38a/0xa40 [ 32.233448] ? __alloc_file+0x400/0x400 [ 32.237427] ? check_same_owner+0x340/0x340 [ 32.241749] ? kasan_check_write+0x14/0x20 [ 32.246022] ? do_raw_spin_lock+0xc1/0x200 [ 32.250254] ____fput+0x15/0x20 [ 32.253562] task_work_run+0x1e8/0x2a0 [ 32.257452] ? task_work_cancel+0x240/0x240 [ 32.261781] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.267326] ? switch_task_namespaces+0xa2/0xd0 [ 32.272004] do_exit+0x1ae4/0x26e0 [ 32.275576] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.280259] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.284494] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.289560] ? kfree+0x1d7/0x210 [ 32.292942] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.297177] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.302887] ? is_bpf_text_address+0xd7/0x170 [ 32.307377] ? kernel_text_address+0x79/0xf0 [ 32.311782] ? __kernel_text_address+0xd/0x40 [ 32.316274] ? unwind_get_return_address+0x61/0xa0 [ 32.321204] ? __save_stack_trace+0x8d/0xf0 [ 32.325559] ? save_stack+0xa9/0xd0 [ 32.329184] ? save_stack+0x43/0xd0 [ 32.332806] ? __kasan_slab_free+0x11a/0x170 [ 32.337210] ? kasan_slab_free+0xe/0x10 [ 32.341184] ? putname+0xf2/0x130 [ 32.344643] ? __x64_sys_openat+0x9d/0x100 [ 32.348891] ? do_syscall_64+0x1b9/0x820 [ 32.352953] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.358317] ? trace_hardirqs_off+0xb8/0x2b0 [ 32.362724] ? kasan_check_read+0x11/0x20 [ 32.366871] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.371277] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.375687] ? initcall_blacklisted+0x9a/0x1e0 [ 32.380273] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.385376] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.391112] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.396652] ? do_vfs_ioctl+0x201/0x1720 [ 32.400710] ? rcu_is_watching+0x8c/0x150 [ 32.404852] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.409188] ? ioctl_preallocate+0x300/0x300 [ 32.413625] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.419174] ? __fget_light+0x2f7/0x440 [ 32.423147] ? fget_raw+0x20/0x20 [ 32.426597] ? putname+0xf2/0x130 [ 32.430056] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.435074] ? kmem_cache_free+0x246/0x280 [ 32.439308] ? putname+0xf7/0x130 [ 32.442761] do_group_exit+0x177/0x440 [ 32.446656] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.450983] ? __ia32_sys_exit+0x50/0x50 [ 32.455055] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.460168] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.465713] ? ksys_ioctl+0x81/0xd0 [ 32.469344] __x64_sys_exit_group+0x3e/0x50 [ 32.473690] do_syscall_64+0x1b9/0x820 [ 32.477579] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.482946] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.487877] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.493224] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 32.498242] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.503258] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.508105] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.513290] RIP: 0033:0x43ecc8 [ 32.516485] Code: Bad RIP value. [ 32.519841] RSP: 002b:00007ffdde2ce9d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.527571] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 32.534846] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.542123] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.549401] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 32.556681] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 32.564774] [ 32.566439] Allocated by task 4686: [ 32.570071] save_stack+0x43/0xd0 [ 32.573521] kasan_kmalloc+0xc4/0xe0 [ 32.577267] kasan_slab_alloc+0x12/0x20 [ 32.581288] kmem_cache_alloc+0x12e/0x710 [ 32.585437] vmx_create_vcpu+0xcf/0x2830 [ 32.589505] kvm_arch_vcpu_create+0xe5/0x220 [ 32.593929] kvm_vm_ioctl+0x488/0x1d80 [ 32.598192] do_vfs_ioctl+0x1de/0x1720 [ 32.602087] ksys_ioctl+0xa9/0xd0 [ 32.605556] __x64_sys_ioctl+0x73/0xb0 [ 32.609444] do_syscall_64+0x1b9/0x820 [ 32.613337] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.618545] [ 32.620169] Freed by task 4686: [ 32.623458] save_stack+0x43/0xd0 [ 32.626911] __kasan_slab_free+0x11a/0x170 [ 32.631169] kasan_slab_free+0xe/0x10 [ 32.634969] kmem_cache_free+0x86/0x280 [ 32.638942] vmx_free_vcpu+0x26b/0x300 [ 32.642830] kvm_arch_destroy_vm+0x365/0x7c0 [ 32.647241] kvm_put_kvm+0x73f/0x1060 [ 32.651042] kvm_vm_release+0x42/0x50 [ 32.654842] __fput+0x38a/0xa40 [ 32.658119] ____fput+0x15/0x20 [ 32.661406] task_work_run+0x1e8/0x2a0 [ 32.665291] do_exit+0x1ae4/0x26e0 [ 32.668827] do_group_exit+0x177/0x440 [ 32.672716] __x64_sys_exit_group+0x3e/0x50 [ 32.677038] do_syscall_64+0x1b9/0x820 [ 32.680929] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.686150] [ 32.687780] The buggy address belongs to the object at ffff8801bc3d0040 [ 32.687780] which belongs to the cache kvm_vcpu of size 23872 [ 32.700364] The buggy address is located 24 bytes inside of [ 32.700364] 23872-byte region [ffff8801bc3d0040, ffff8801bc3d5d80) [ 32.712331] The buggy address belongs to the page: [ 32.717300] page:ffffea0006f0f400 count:1 mapcount:0 mapping:ffff8801d6e99300 index:0x0 compound_mapcount: 0 [ 32.727288] flags: 0x2fffc0000008100(slab|head) [ 32.731966] raw: 02fffc0000008100 ffff8801d534f848 ffff8801d534f848 ffff8801d6e99300 [ 32.739851] raw: 0000000000000000 ffff8801bc3d0040 0000000100000001 0000000000000000 [ 32.747728] page dumped because: kasan: bad access detected [ 32.753447] [ 32.755066] Memory state around the buggy address: [ 32.760006] ffff8801bc3cff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.767363] ffff8801bc3cff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.774724] >ffff8801bc3d0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 32.782076] ^ [ 32.788310] ffff8801bc3d0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.795671] ffff8801bc3d0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.803032] ================================================================== [ 32.810410] Kernel panic - not syncing: panic_on_warn set ... [ 32.810410] [ 32.817789] CPU: 0 PID: 4686 Comm: syz-executor417 Tainted: G B 4.19.0-rc1+ #217 [ 32.826644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.836009] Call Trace: [ 32.838615] dump_stack+0x1c9/0x2b4 [ 32.842263] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.847465] ? lock_downgrade+0x8f0/0x8f0 [ 32.851616] ? __schedule+0xf54/0x1df0 [ 32.855521] panic+0x238/0x4e7 [ 32.858726] ? add_taint.cold.5+0x16/0x16 [ 32.862881] ? print_shadow_for_address+0xba/0x116 [ 32.867822] ? trace_hardirqs_off+0xaf/0x2b0 [ 32.872229] ? trace_hardirqs_off+0x77/0x2b0 [ 32.876664] ? __schedule+0xf54/0x1df0 [ 32.880591] kasan_end_report+0x47/0x4f [ 32.884576] kasan_report.cold.7+0x76/0x30d [ 32.888904] __asan_report_load8_noabort+0x14/0x20 [ 32.893834] __schedule+0xf54/0x1df0 [ 32.897559] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.902672] ? __sched_text_start+0x8/0x8 [ 32.906826] ? __call_srcu+0x7e7/0x1040 [ 32.910810] ? check_same_owner+0x340/0x340 [ 32.915129] ? mark_held_locks+0x160/0x160 [ 32.919361] ? find_held_lock+0x36/0x1c0 [ 32.923426] preempt_schedule_common+0x22/0x60 [ 32.928005] _cond_resched+0x1d/0x30 [ 32.931725] wait_for_completion+0xa5/0x8d0 [ 32.936048] ? wait_for_completion_interruptible+0x950/0x950 [ 32.941848] ? __lockdep_init_map+0x105/0x590 [ 32.946347] ? __init_waitqueue_head+0x9e/0x150 [ 32.951016] ? init_wait_entry+0x1c0/0x1c0 [ 32.955254] __synchronize_srcu+0x189/0x240 [ 32.959609] ? call_srcu+0x10/0x10 [ 32.963150] ? rcu_unexpedite_gp+0x20/0x20 [ 32.967391] synchronize_srcu+0x335/0x56f [ 32.971550] ? lock_downgrade+0x8f0/0x8f0 [ 32.975700] ? synchronize_srcu_expedited+0x20/0x20 [ 32.980717] ? kasan_check_read+0x11/0x20 [ 32.984878] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.989488] ? kasan_check_write+0x14/0x20 [ 32.993733] ? do_raw_spin_lock+0xc1/0x200 [ 32.997974] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.003686] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.009153] ? kvfree+0x61/0x70 [ 33.012435] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.017451] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.021515] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.025948] ? kvm_arch_sync_events+0x30/0x30 [ 33.030451] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.035993] ? mmu_notifier_unregister+0x474/0x600 [ 33.040925] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.045343] ? kfree+0x111/0x210 [ 33.048716] ? __mmu_notifier_register+0x30/0x30 [ 33.053478] ? __free_pages+0x10a/0x190 [ 33.057457] ? free_unref_page+0x930/0x930 [ 33.061703] kvm_put_kvm+0x73f/0x1060 [ 33.065514] ? kvm_write_guest_cached+0x40/0x40 [ 33.070201] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.074695] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.079192] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.083783] ? kasan_check_write+0x14/0x20 [ 33.088018] ? do_raw_spin_lock+0xc1/0x200 [ 33.092258] ? kvm_irqfd_release+0xdd/0x120 [ 33.096577] ? kvm_irqfd_release+0xdd/0x120 [ 33.100901] ? kvm_put_kvm+0x1060/0x1060 [ 33.104961] kvm_vm_release+0x42/0x50 [ 33.108761] __fput+0x38a/0xa40 [ 33.112040] ? __alloc_file+0x400/0x400 [ 33.116019] ? check_same_owner+0x340/0x340 [ 33.120340] ? kasan_check_write+0x14/0x20 [ 33.124578] ? do_raw_spin_lock+0xc1/0x200 [ 33.128812] ____fput+0x15/0x20 [ 33.132093] task_work_run+0x1e8/0x2a0 [ 33.135979] ? task_work_cancel+0x240/0x240 [ 33.140304] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.145841] ? switch_task_namespaces+0xa2/0xd0 [ 33.150510] do_exit+0x1ae4/0x26e0 [ 33.154068] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.158741] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.162980] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.167997] ? kfree+0x1d7/0x210 [ 33.171363] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.175599] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.181312] ? is_bpf_text_address+0xd7/0x170 [ 33.185804] ? kernel_text_address+0x79/0xf0 [ 33.190210] ? __kernel_text_address+0xd/0x40 [ 33.194703] ? unwind_get_return_address+0x61/0xa0 [ 33.199636] ? __save_stack_trace+0x8d/0xf0 [ 33.203985] ? save_stack+0xa9/0xd0 [ 33.207611] ? save_stack+0x43/0xd0 [ 33.211235] ? __kasan_slab_free+0x11a/0x170 [ 33.215642] ? kasan_slab_free+0xe/0x10 [ 33.219615] ? putname+0xf2/0x130 [ 33.223067] ? __x64_sys_openat+0x9d/0x100 [ 33.227302] ? do_syscall_64+0x1b9/0x820 [ 33.231363] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.236729] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.241134] ? kasan_check_read+0x11/0x20 [ 33.245280] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.249690] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.254101] ? initcall_blacklisted+0x9a/0x1e0 [ 33.258684] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.263791] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.269507] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.275059] ? do_vfs_ioctl+0x201/0x1720 [ 33.279133] ? rcu_is_watching+0x8c/0x150 [ 33.283289] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.287618] ? ioctl_preallocate+0x300/0x300 [ 33.292026] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.297575] ? __fget_light+0x2f7/0x440 [ 33.301573] ? fget_raw+0x20/0x20 [ 33.305043] ? putname+0xf2/0x130 [ 33.308502] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.313536] ? kmem_cache_free+0x246/0x280 [ 33.317777] ? putname+0xf7/0x130 [ 33.321234] do_group_exit+0x177/0x440 [ 33.325120] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.329481] ? __ia32_sys_exit+0x50/0x50 [ 33.333555] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.338664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.344203] ? ksys_ioctl+0x81/0xd0 [ 33.347833] __x64_sys_exit_group+0x3e/0x50 [ 33.352183] do_syscall_64+0x1b9/0x820 [ 33.356073] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.361443] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.366371] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.371216] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.376247] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.381279] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.386137] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.391329] RIP: 0033:0x43ecc8 [ 33.394532] Code: Bad RIP value. [ 33.397898] RSP: 002b:00007ffdde2ce9d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.405610] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 33.412881] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.420148] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.427421] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.434701] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.441994] [ 33.442001] ====================================================== [ 33.442006] WARNING: possible circular locking dependency detected [ 33.442010] 4.19.0-rc1+ #217 Not tainted [ 33.442015] ------------------------------------------------------ [ 33.442020] syz-executor417/4686 is trying to acquire lock: [ 33.442023] 000000009b87df6c ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 33.442038] [ 33.442042] but task is already holding lock: [ 33.442045] 00000000ca63c1af (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.442059] [ 33.442064] which lock already depends on the new lock. [ 33.442066] [ 33.442068] [ 33.442073] the existing dependency chain (in reverse order) is: [ 33.442075] [ 33.442078] -> #3 (report_lock){....}: [ 33.442092] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.442096] kasan_report+0x8e/0x110 [ 33.442100] __asan_report_load8_noabort+0x14/0x20 [ 33.442104] __schedule+0xf54/0x1df0 [ 33.442108] preempt_schedule_common+0x22/0x60 [ 33.442112] _cond_resched+0x1d/0x30 [ 33.442116] wait_for_completion+0xa5/0x8d0 [ 33.442120] __synchronize_srcu+0x189/0x240 [ 33.442124] synchronize_srcu+0x335/0x56f [ 33.442129] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.442133] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.442137] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.442141] kvm_put_kvm+0x73f/0x1060 [ 33.442145] kvm_vm_release+0x42/0x50 [ 33.442148] __fput+0x38a/0xa40 [ 33.442152] ____fput+0x15/0x20 [ 33.442156] task_work_run+0x1e8/0x2a0 [ 33.442159] do_exit+0x1ae4/0x26e0 [ 33.442163] do_group_exit+0x177/0x440 [ 33.442167] __x64_sys_exit_group+0x3e/0x50 [ 33.442171] do_syscall_64+0x1b9/0x820 [ 33.442176] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.442178] [ 33.442180] -> #2 (&rq->lock){-.-.}: [ 33.442194] _raw_spin_lock+0x2a/0x40 [ 33.442197] task_fork_fair+0x93/0x680 [ 33.442201] sched_fork+0x44b/0xbd0 [ 33.442205] copy_process+0x235e/0x7ad0 [ 33.442208] _do_fork+0x1ca/0x1170 [ 33.442212] kernel_thread+0x34/0x40 [ 33.442215] rest_init+0x22/0xe4 [ 33.442219] start_kernel+0x913/0x94e [ 33.442223] x86_64_start_reservations+0x29/0x2b [ 33.442228] x86_64_start_kernel+0x76/0x79 [ 33.442232] secondary_startup_64+0xa4/0xb0 [ 33.442234] [ 33.442236] -> #1 (&p->pi_lock){-.-.}: [ 33.442250] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.442254] try_to_wake_up+0xd2/0x1250 [ 33.442258] wake_up_process+0x10/0x20 [ 33.442261] __up.isra.1+0x1c0/0x2a0 [ 33.442265] up+0x13c/0x1c0 [ 33.442269] __up_console_sem+0xbe/0x1b0 [ 33.442272] console_unlock+0x506/0x10d0 [ 33.442276] vprintk_emit+0x33a/0x910 [ 33.442280] vprintk_default+0x28/0x30 [ 33.442283] vprintk_func+0x7a/0x117 [ 33.442287] printk+0xa7/0xcf [ 33.442290] load_umh+0x51/0xbd [ 33.442294] do_one_initcall+0x127/0x838 [ 33.442298] kernel_init_freeable+0x4bb/0x5ae [ 33.442302] kernel_init+0x11/0x1b3 [ 33.442306] ret_from_fork+0x3a/0x50 [ 33.442308] [ 33.442310] -> #0 ((console_sem).lock){-...}: [ 33.442324] lock_acquire+0x1e4/0x4f0 [ 33.442328] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.442332] down_trylock+0x13/0x70 [ 33.442336] __down_trylock_console_sem+0xae/0x200 [ 33.442340] console_trylock+0x15/0xa0 [ 33.442344] vprintk_emit+0x31f/0x910 [ 33.442347] vprintk_default+0x28/0x30 [ 33.442351] vprintk_func+0x7a/0x117 [ 33.442354] printk+0xa7/0xcf [ 33.442358] kasan_report+0x9e/0x110 [ 33.442362] __asan_report_load8_noabort+0x14/0x20 [ 33.442366] __schedule+0xf54/0x1df0 [ 33.442370] preempt_schedule_common+0x22/0x60 [ 33.442374] _cond_resched+0x1d/0x30 [ 33.442378] wait_for_completion+0xa5/0x8d0 [ 33.442382] __synchronize_srcu+0x189/0x240 [ 33.442386] synchronize_srcu+0x335/0x56f [ 33.442391] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.442395] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.442399] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.442403] kvm_put_kvm+0x73f/0x1060 [ 33.442407] kvm_vm_release+0x42/0x50 [ 33.442410] __fput+0x38a/0xa40 [ 33.442413] ____fput+0x15/0x20 [ 33.442417] task_work_run+0x1e8/0x2a0 [ 33.442421] do_exit+0x1ae4/0x26e0 [ 33.442424] do_group_exit+0x177/0x440 [ 33.442428] __x64_sys_exit_group+0x3e/0x50 [ 33.442432] do_syscall_64+0x1b9/0x820 [ 33.442437] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.442439] [ 33.442443] other info that might help us debug this: [ 33.442445] [ 33.442448] Chain exists of: [ 33.442450] (console_sem).lock --> &rq->lock --> report_lock [ 33.442468] [ 33.442472] Possible unsafe locking scenario: [ 33.442474] [ 33.442478] CPU0 CPU1 [ 33.442482] ---- ---- [ 33.442484] lock(report_lock); [ 33.442493] lock(&rq->lock); [ 33.442503] lock(report_lock); [ 33.442511] lock((console_sem).lock); [ 33.442518] [ 33.442522] *** DEADLOCK *** [ 33.442524] [ 33.442536] 2 locks held by syz-executor417/4686: [ 33.442545] #0: 00000000dd31586b (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 33.442562] #1: 00000000ca63c1af (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.442578] [ 33.442581] stack backtrace: [ 33.442587] CPU: 0 PID: 4686 Comm: syz-executor417 Not tainted 4.19.0-rc1+ #217 [ 33.442594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.442597] Call Trace: [ 33.442601] dump_stack+0x1c9/0x2b4 [ 33.442605] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.442609] ? vprintk_func+0x100/0x117 [ 33.442614] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 33.442617] ? save_trace+0xe0/0x290 [ 33.442621] __lock_acquire+0x3449/0x5020 [ 33.442625] ? mark_held_locks+0x160/0x160 [ 33.442629] ? mark_held_locks+0x160/0x160 [ 33.442633] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 33.442637] ? is_bpf_text_address+0xd7/0x170 [ 33.442641] ? kernel_text_address+0x79/0xf0 [ 33.442645] ? __kernel_text_address+0xd/0x40 [ 33.442649] ? __save_stack_trace+0x8d/0xf0 [ 33.442654] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 33.442657] ? save_trace+0x290/0x290 [ 33.442661] ? save_stack_trace+0x1a/0x20 [ 33.442665] ? save_trace+0xe0/0x290 [ 33.442668] ? graph_lock+0x170/0x170 [ 33.442673] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.442676] lock_acquire+0x1e4/0x4f0 [ 33.442680] ? down_trylock+0x13/0x70 [ 33.442684] ? lock_release+0x9f0/0x9f0 [ 33.442688] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.442692] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.442696] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.442700] ? log_store+0x34f/0x4c0 [ 33.442703] ? vprintk_emit+0x31f/0x910 [ 33.442707] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.442711] ? down_trylock+0x13/0x70 [ 33.442715] down_trylock+0x13/0x70 [ 33.442719] __down_trylock_console_sem+0xae/0x200 [ 33.442723] console_trylock+0x15/0xa0 [ 33.442727] vprintk_emit+0x31f/0x910 [ 33.442730] ? wake_up_klogd+0x110/0x110 [ 33.442735] ? run_rebalance_domains+0x4c0/0x4c0 [ 33.442739] ? kasan_check_read+0x11/0x20 [ 33.442743] ? rcu_is_watching+0x8c/0x150 [ 33.442746] ? rcu_pm_notify+0xc0/0xc0 [ 33.442750] ? lock_acquire+0x1e4/0x4f0 [ 33.442754] ? kasan_report+0x8e/0x110 [ 33.442758] ? __schedule+0xf54/0x1df0 [ 33.442761] vprintk_default+0x28/0x30 [ 33.442765] vprintk_func+0x7a/0x117 [ 33.442768] printk+0xa7/0xcf [ 33.442772] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.442776] ? kasan_check_write+0x14/0x20 [ 33.442780] ? do_raw_spin_lock+0xc1/0x200 [ 33.442784] ? do_raw_spin_lock+0xc1/0x200 [ 33.442788] kasan_report+0x9e/0x110 [ 33.442792] __asan_report_load8_noabort+0x14/0x20 [ 33.442796] __schedule+0xf54/0x1df0 [ 33.442800] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.442804] ? __sched_text_start+0x8/0x8 [ 33.442808] ? __call_srcu+0x7e7/0x1040 [ 33.442812] ? check_same_owner+0x340/0x340 [ 33.442816] ? mark_held_locks+0x160/0x160 [ 33.442820] ? find_held_lock+0x36/0x1c0 [ 33.442824] preempt_schedule_common+0x22/0x60 [ 33.442827] _cond_resched+0x1d/0x30 [ 33.442831] wait_for_completion+0xa5/0x8d0 [ 33.442836] ? wait_for_completion_interruptible+0x950/0x950 [ 33.442840] ? __lockdep_init_map+0x105/0x590 [ 33.442844] ? __init_waitqueue_head+0x9e/0x150 [ 33.442848] ? init_wait_entry+0x1c0/0x1c0 [ 33.442852] __synchronize_srcu+0x189/0x240 [ 33.442856] ? call_srcu+0x10/0x10 [ 33.442859] ? rcu_unexpedite_gp+0x20/0x20 [ 33.442863] synchronize_srcu+0x335/0x56f [ 33.442867] ? lock_downgrade+0x8f0/0x8f0 [ 33.442872] ? synchronize_srcu_expedited+0x20/0x20 [ 33.442876] ? kasan_check_read+0x11/0x20 [ 33.442880] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.442884] ? kasan_check_write+0x14/0x20 [ 33.442888] ? do_raw_spin_lock+0xc1/0x200 [ 33.442893] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.442898] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.442901] ? kvfree+0x61/0x70 [ 33.442906] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.442909] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.442913] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.442918] ? kvm_arch_sync_events+0x30/0x30 [ 33.442922] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.442927] ? mmu_notifier_unregister+0x474/0x600 [ 33.442931] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.442934] ? kfree+0x111/0x210 [ 33.442939] ? __mmu_notifier_register+0x30/0x30 [ 33.442942] ? __free_pages+0x10a/0x190 [ 33.442946] ? free_unref_page+0x930/0x930 [ 33.442950] kvm_put_kvm+0x73f/0x1060 [ 33.442954] ? kvm_write_guest_cached+0x40/0x40 [ 33.442958] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.442962] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.442966] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.442970] ? kasan_check_write+0x14/0x20 [ 33.442974] ? do_raw_spin_lock+0xc1/0x200 [ 33.442978] ? kvm_irqfd_release+0xdd/0x120 [ 33.442982] ? kvm_irqfd_release+0xdd/0x120 [ 33.442986] ? kvm_put_kvm+0x1060/0x1060 [ 33.442990] kvm_vm_release+0x42/0x50 [ 33.442993] __fput+0x38a/0xa40 [ 33.442997] ? __alloc_file+0x400/0x400 [ 33.443001] ? check_same_owner+0x340/0x340 [ 33.443005] ? kasan_check_write+0x14/0x20 [ 33.443009] ? do_raw_spin_lock+0xc1/0x200 [ 33.443012] ____fput+0x15/0x20 [ 33.443016] task_work_run+0x1e8/0x2a0 [ 33.443020] ? task_work_cancel+0x240/0x240 [ 33.443024] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.443029] ? switch_task_namespaces+0xa2/0xd0 [ 33.443032] do_exit+0x1ae4/0x26e0 [ 33.443036] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.443040] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.443045] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.443049] ? kfree+0x1d7/0x210 [ 33.443053] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.443057] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.443061] ? is_bpf_text_address+0xd7/0x170 [ 33.443064] ? [ 33.443073] Lost 54 message(s)! [ 34.547005] Shutting down cpus with NMI [ 35.606795] Dumping ftrace buffer: [ 35.610323] (ftrace buffer empty) [ 35.614015] Kernel Offset: disabled [ 35.617626] Rebooting in 86400 seconds..