[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.412941] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.335505] random: sshd: uninitialized urandom read (32 bytes read) [ 26.613839] random: sshd: uninitialized urandom read (32 bytes read) [ 27.198930] random: sshd: uninitialized urandom read (32 bytes read) [ 27.383690] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.196' (ECDSA) to the list of known hosts. [ 33.151954] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.255730] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.281587] ================================================================== [ 33.291504] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.297944] Read of size 8 at addr ffff8801baa00058 by task syz-executor762/4678 [ 33.305481] [ 33.307128] CPU: 0 PID: 4678 Comm: syz-executor762 Not tainted 4.19.0-rc2+ #220 [ 33.314579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.324099] Call Trace: [ 33.326707] dump_stack+0x1c9/0x2b4 [ 33.330346] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.335548] ? printk+0xa7/0xcf [ 33.338836] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.343604] ? __schedule+0xf54/0x1df0 [ 33.347503] print_address_description+0x6c/0x20b [ 33.352418] ? __schedule+0xf54/0x1df0 [ 33.356315] kasan_report.cold.7+0x242/0x30d [ 33.360735] __asan_report_load8_noabort+0x14/0x20 [ 33.365716] __schedule+0xf54/0x1df0 [ 33.369503] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.374622] ? __sched_text_start+0x8/0x8 [ 33.378783] ? __call_srcu+0x7e7/0x1040 [ 33.382777] ? check_same_owner+0x340/0x340 [ 33.387249] ? mark_held_locks+0x160/0x160 [ 33.391491] ? find_held_lock+0x36/0x1c0 [ 33.395564] preempt_schedule_common+0x22/0x60 [ 33.400155] _cond_resched+0x1d/0x30 [ 33.403879] wait_for_completion+0xa5/0x8d0 [ 33.408303] ? wait_for_completion_interruptible+0x950/0x950 [ 33.414118] ? __lockdep_init_map+0x105/0x590 [ 33.418625] ? __init_waitqueue_head+0x9e/0x150 [ 33.423301] ? init_wait_entry+0x1c0/0x1c0 [ 33.427549] __synchronize_srcu+0x189/0x240 [ 33.431878] ? call_srcu+0x10/0x10 [ 33.435430] ? rcu_unexpedite_gp+0x20/0x20 [ 33.439681] synchronize_srcu+0x335/0x56f [ 33.443836] ? lock_downgrade+0x8f0/0x8f0 [ 33.448080] ? synchronize_srcu_expedited+0x20/0x20 [ 33.453126] ? kasan_check_read+0x11/0x20 [ 33.457283] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.461879] ? kasan_check_write+0x14/0x20 [ 33.466123] ? do_raw_spin_lock+0xc1/0x200 [ 33.470370] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.476107] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.481566] ? kvfree+0x61/0x70 [ 33.484856] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.489883] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.493954] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.498454] ? kvm_arch_sync_events+0x30/0x30 [ 33.502963] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.508511] ? mmu_notifier_unregister+0x474/0x600 [ 33.513450] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.517868] ? kfree+0x111/0x210 [ 33.521246] ? __mmu_notifier_register+0x30/0x30 [ 33.526019] ? __free_pages+0x10a/0x190 [ 33.530038] ? free_unref_page+0x930/0x930 [ 33.534321] kvm_put_kvm+0x73f/0x1060 [ 33.538139] ? kvm_write_guest_cached+0x40/0x40 [ 33.543136] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.547697] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.552204] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.556804] ? kasan_check_write+0x14/0x20 [ 33.561076] ? do_raw_spin_lock+0xc1/0x200 [ 33.565328] ? kvm_irqfd_release+0xdd/0x120 [ 33.569658] ? kvm_irqfd_release+0xdd/0x120 [ 33.574002] ? kvm_put_kvm+0x1060/0x1060 [ 33.578098] kvm_vm_release+0x42/0x50 [ 33.581909] __fput+0x38a/0xa40 [ 33.585202] ? __alloc_file+0x400/0x400 [ 33.589193] ? check_same_owner+0x340/0x340 [ 33.593524] ? kasan_check_write+0x14/0x20 [ 33.597768] ? do_raw_spin_lock+0xc1/0x200 [ 33.602009] ____fput+0x15/0x20 [ 33.605301] task_work_run+0x1e8/0x2a0 [ 33.609283] ? task_work_cancel+0x240/0x240 [ 33.613616] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.619162] ? switch_task_namespaces+0xa2/0xd0 [ 33.623842] do_exit+0x1ae4/0x26e0 [ 33.627400] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.632107] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.636354] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.641376] ? kfree+0x1d7/0x210 [ 33.644751] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.648994] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.654716] ? is_bpf_text_address+0xd7/0x170 [ 33.659219] ? kernel_text_address+0x79/0xf0 [ 33.663637] ? __kernel_text_address+0xd/0x40 [ 33.668144] ? unwind_get_return_address+0x61/0xa0 [ 33.673109] ? __save_stack_trace+0x8d/0xf0 [ 33.677445] ? save_stack+0xa9/0xd0 [ 33.681100] ? save_stack+0x43/0xd0 [ 33.684734] ? __kasan_slab_free+0x11a/0x170 [ 33.689151] ? kasan_slab_free+0xe/0x10 [ 33.693136] ? putname+0xf2/0x130 [ 33.696600] ? __x64_sys_openat+0x9d/0x100 [ 33.700845] ? do_syscall_64+0x1b9/0x820 [ 33.704916] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.710378] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.714793] ? kasan_check_read+0x11/0x20 [ 33.718950] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.723368] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.727786] ? initcall_blacklisted+0x9a/0x1e0 [ 33.732381] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.737513] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.743234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.748781] ? do_vfs_ioctl+0x201/0x1720 [ 33.752850] ? rcu_is_watching+0x8c/0x150 [ 33.757004] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.761398] ? ioctl_preallocate+0x300/0x300 [ 33.765817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.771363] ? __fget_light+0x2f7/0x440 [ 33.775352] ? fget_raw+0x20/0x20 [ 33.778815] ? putname+0xf2/0x130 [ 33.782279] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.787303] ? kmem_cache_free+0x246/0x280 [ 33.791551] ? putname+0xf7/0x130 [ 33.795023] do_group_exit+0x177/0x440 [ 33.798946] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.803275] ? __ia32_sys_exit+0x50/0x50 [ 33.807425] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.812627] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.818176] ? ksys_ioctl+0x81/0xd0 [ 33.821816] __x64_sys_exit_group+0x3e/0x50 [ 33.826149] do_syscall_64+0x1b9/0x820 [ 33.830186] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.835562] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.840634] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.845488] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.850515] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.855605] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.860460] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.865791] RIP: 0033:0x43f028 [ 33.868998] Code: Bad RIP value. [ 33.872367] RSP: 002b:00007ffe42944e78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.880104] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 33.887379] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.894656] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.901933] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.909300] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 33.916580] [ 33.918212] Allocated by task 4678: [ 33.921848] save_stack+0x43/0xd0 [ 33.925309] kasan_kmalloc+0xc4/0xe0 [ 33.929027] kasan_slab_alloc+0x12/0x20 [ 33.933033] kmem_cache_alloc+0x12e/0x710 [ 33.937218] vmx_create_vcpu+0xcf/0x2830 [ 33.941286] kvm_arch_vcpu_create+0xe5/0x220 [ 33.945703] kvm_vm_ioctl+0x488/0x1d80 [ 33.949600] do_vfs_ioctl+0x1de/0x1720 [ 33.953497] ksys_ioctl+0xa9/0xd0 [ 33.956957] __x64_sys_ioctl+0x73/0xb0 [ 33.960852] do_syscall_64+0x1b9/0x820 [ 33.964842] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.970031] [ 33.971689] Freed by task 4678: [ 33.974975] save_stack+0x43/0xd0 [ 33.978435] __kasan_slab_free+0x11a/0x170 [ 33.982676] kasan_slab_free+0xe/0x10 [ 33.987041] kmem_cache_free+0x86/0x280 [ 33.991080] vmx_free_vcpu+0x26b/0x300 [ 33.995089] kvm_arch_destroy_vm+0x365/0x7c0 [ 33.999510] kvm_put_kvm+0x73f/0x1060 [ 34.003320] kvm_vm_release+0x42/0x50 [ 34.007131] __fput+0x38a/0xa40 [ 34.010419] ____fput+0x15/0x20 [ 34.013706] task_work_run+0x1e8/0x2a0 [ 34.017601] do_exit+0x1ae4/0x26e0 [ 34.021149] do_group_exit+0x177/0x440 [ 34.025043] __x64_sys_exit_group+0x3e/0x50 [ 34.029479] do_syscall_64+0x1b9/0x820 [ 34.033378] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.038568] [ 34.040265] The buggy address belongs to the object at ffff8801baa00040 [ 34.040265] which belongs to the cache kvm_vcpu of size 23872 [ 34.053188] The buggy address is located 24 bytes inside of [ 34.053188] 23872-byte region [ffff8801baa00040, ffff8801baa05d80) [ 34.065318] The buggy address belongs to the page: [ 34.070257] page:ffffea0006ea8000 count:1 mapcount:0 mapping:ffff8801d523c6c0 index:0x0 compound_mapcount: 0 [ 34.080236] flags: 0x2fffc0000008100(slab|head) [ 34.084920] raw: 02fffc0000008100 ffff8801d523f848 ffff8801d523f848 ffff8801d523c6c0 [ 34.092812] raw: 0000000000000000 ffff8801baa00040 0000000100000001 0000000000000000 [ 34.100692] page dumped because: kasan: bad access detected [ 34.106456] [ 34.108099] Memory state around the buggy address: [ 34.113037] ffff8801ba9fff00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.120433] ffff8801ba9fff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.127800] >ffff8801baa00000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.135164] ^ [ 34.141399] ffff8801baa00080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.148763] ffff8801baa00100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.156121] ================================================================== [ 34.163483] Kernel panic - not syncing: panic_on_warn set ... [ 34.163483] [ 34.170865] CPU: 0 PID: 4678 Comm: syz-executor762 Tainted: G B 4.19.0-rc2+ #220 [ 34.179707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.189157] Call Trace: [ 34.191816] dump_stack+0x1c9/0x2b4 [ 34.195459] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.200772] ? lock_downgrade+0x8f0/0x8f0 [ 34.204933] ? __schedule+0xf54/0x1df0 [ 34.208834] panic+0x238/0x4e7 [ 34.212042] ? add_taint.cold.5+0x16/0x16 [ 34.216232] ? print_shadow_for_address+0xba/0x116 [ 34.221176] ? trace_hardirqs_off+0xaf/0x2b0 [ 34.225606] ? trace_hardirqs_off+0x77/0x2b0 [ 34.230038] ? __schedule+0xf54/0x1df0 [ 34.233970] kasan_end_report+0x47/0x4f [ 34.237963] kasan_report.cold.7+0x76/0x30d [ 34.242305] __asan_report_load8_noabort+0x14/0x20 [ 34.247260] __schedule+0xf54/0x1df0 [ 34.250987] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.256114] ? __sched_text_start+0x8/0x8 [ 34.260279] ? __call_srcu+0x7e7/0x1040 [ 34.264275] ? check_same_owner+0x340/0x340 [ 34.268691] ? mark_held_locks+0x160/0x160 [ 34.272934] ? find_held_lock+0x36/0x1c0 [ 34.277012] preempt_schedule_common+0x22/0x60 [ 34.281606] _cond_resched+0x1d/0x30 [ 34.285328] wait_for_completion+0xa5/0x8d0 [ 34.289665] ? wait_for_completion_interruptible+0x950/0x950 [ 34.295473] ? __lockdep_init_map+0x105/0x590 [ 34.299984] ? __init_waitqueue_head+0x9e/0x150 [ 34.304667] ? init_wait_entry+0x1c0/0x1c0 [ 34.308919] __synchronize_srcu+0x189/0x240 [ 34.313340] ? call_srcu+0x10/0x10 [ 34.317026] ? rcu_unexpedite_gp+0x20/0x20 [ 34.321303] synchronize_srcu+0x335/0x56f [ 34.325462] ? lock_downgrade+0x8f0/0x8f0 [ 34.329621] ? synchronize_srcu_expedited+0x20/0x20 [ 34.334663] ? kasan_check_read+0x11/0x20 [ 34.338923] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.343698] ? kasan_check_write+0x14/0x20 [ 34.347946] ? do_raw_spin_lock+0xc1/0x200 [ 34.352200] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.357932] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.363406] ? kvfree+0x61/0x70 [ 34.366701] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.371735] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.375821] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.380249] ? kvm_arch_sync_events+0x30/0x30 [ 34.384761] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.390311] ? mmu_notifier_unregister+0x474/0x600 [ 34.395250] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.399666] ? kfree+0x111/0x210 [ 34.403042] ? __mmu_notifier_register+0x30/0x30 [ 34.407841] ? __free_pages+0x10a/0x190 [ 34.411835] ? free_unref_page+0x930/0x930 [ 34.416113] kvm_put_kvm+0x73f/0x1060 [ 34.419941] ? kvm_write_guest_cached+0x40/0x40 [ 34.424624] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.429129] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.433635] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.438233] ? kasan_check_write+0x14/0x20 [ 34.442477] ? do_raw_spin_lock+0xc1/0x200 [ 34.446726] ? kvm_irqfd_release+0xdd/0x120 [ 34.451080] ? kvm_irqfd_release+0xdd/0x120 [ 34.455428] ? kvm_put_kvm+0x1060/0x1060 [ 34.459499] kvm_vm_release+0x42/0x50 [ 34.463313] __fput+0x38a/0xa40 [ 34.466604] ? __alloc_file+0x400/0x400 [ 34.470592] ? check_same_owner+0x340/0x340 [ 34.474925] ? kasan_check_write+0x14/0x20 [ 34.479175] ? do_raw_spin_lock+0xc1/0x200 [ 34.483422] ____fput+0x15/0x20 [ 34.486769] task_work_run+0x1e8/0x2a0 [ 34.490666] ? task_work_cancel+0x240/0x240 [ 34.495004] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.500551] ? switch_task_namespaces+0xa2/0xd0 [ 34.505233] do_exit+0x1ae4/0x26e0 [ 34.508790] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.513476] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.517724] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.522749] ? kfree+0x1d7/0x210 [ 34.526126] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.530373] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.536111] ? is_bpf_text_address+0xd7/0x170 [ 34.540616] ? kernel_text_address+0x79/0xf0 [ 34.545018] ? __kernel_text_address+0xd/0x40 [ 34.549548] ? unwind_get_return_address+0x61/0xa0 [ 34.554491] ? __save_stack_trace+0x8d/0xf0 [ 34.558834] ? save_stack+0xa9/0xd0 [ 34.562473] ? save_stack+0x43/0xd0 [ 34.566110] ? __kasan_slab_free+0x11a/0x170 [ 34.570525] ? kasan_slab_free+0xe/0x10 [ 34.574544] ? putname+0xf2/0x130 [ 34.578008] ? __x64_sys_openat+0x9d/0x100 [ 34.582253] ? do_syscall_64+0x1b9/0x820 [ 34.586326] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.591701] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.596117] ? kasan_check_read+0x11/0x20 [ 34.600277] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.604693] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.609114] ? initcall_blacklisted+0x9a/0x1e0 [ 34.613710] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.618829] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.624676] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.630222] ? do_vfs_ioctl+0x201/0x1720 [ 34.634294] ? rcu_is_watching+0x8c/0x150 [ 34.638510] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.642844] ? ioctl_preallocate+0x300/0x300 [ 34.647264] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.652811] ? __fget_light+0x2f7/0x440 [ 34.656793] ? fget_raw+0x20/0x20 [ 34.660252] ? putname+0xf2/0x130 [ 34.663718] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.668744] ? kmem_cache_free+0x246/0x280 [ 34.672988] ? putname+0xf7/0x130 [ 34.676453] do_group_exit+0x177/0x440 [ 34.680352] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.684682] ? __ia32_sys_exit+0x50/0x50 [ 34.688756] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.693870] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.699416] ? ksys_ioctl+0x81/0xd0 [ 34.703080] __x64_sys_exit_group+0x3e/0x50 [ 34.707417] do_syscall_64+0x1b9/0x820 [ 34.711313] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.716689] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.721629] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.726479] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.731506] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.736536] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.741392] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.746587] RIP: 0033:0x43f028 [ 34.749804] Code: Bad RIP value. [ 34.753237] RSP: 002b:00007ffe42944e78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.760956] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 34.768344] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.775625] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.782904] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.790326] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 34.797622] [ 34.797628] ====================================================== [ 34.797634] WARNING: possible circular locking dependency detected [ 34.797638] 4.19.0-rc2+ #220 Not tainted [ 34.797643] ------------------------------------------------------ [ 34.797648] syz-executor762/4678 is trying to acquire lock: [ 34.797652] 00000000b6bb9a2e ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 34.797667] [ 34.797671] but task is already holding lock: [ 34.797674] 000000000babc8d2 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.797689] [ 34.797693] which lock already depends on the new lock. [ 34.797695] [ 34.797698] [ 34.797703] the existing dependency chain (in reverse order) is: [ 34.797705] [ 34.797708] -> #3 (report_lock){....}: [ 34.797722] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.797726] kasan_report+0x8e/0x110 [ 34.797730] __asan_report_load8_noabort+0x14/0x20 [ 34.797734] __schedule+0xf54/0x1df0 [ 34.797738] preempt_schedule_common+0x22/0x60 [ 34.797742] _cond_resched+0x1d/0x30 [ 34.797747] wait_for_completion+0xa5/0x8d0 [ 34.797751] __synchronize_srcu+0x189/0x240 [ 34.797755] synchronize_srcu+0x335/0x56f [ 34.797760] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.797764] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.797768] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.797772] kvm_put_kvm+0x73f/0x1060 [ 34.797776] kvm_vm_release+0x42/0x50 [ 34.797780] __fput+0x38a/0xa40 [ 34.797784] ____fput+0x15/0x20 [ 34.797787] task_work_run+0x1e8/0x2a0 [ 34.797791] do_exit+0x1ae4/0x26e0 [ 34.797795] do_group_exit+0x177/0x440 [ 34.797799] __x64_sys_exit_group+0x3e/0x50 [ 34.797803] do_syscall_64+0x1b9/0x820 [ 34.797808] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.797810] [ 34.797813] -> #2 (&rq->lock){-.-.}: [ 34.797827] _raw_spin_lock+0x2a/0x40 [ 34.797830] task_fork_fair+0x93/0x680 [ 34.797834] sched_fork+0x44b/0xbd0 [ 34.797838] copy_process+0x235e/0x7ad0 [ 34.797842] _do_fork+0x1ca/0x1170 [ 34.797846] kernel_thread+0x34/0x40 [ 34.797849] rest_init+0x22/0xe4 [ 34.797853] start_kernel+0x913/0x94e [ 34.797857] x86_64_start_reservations+0x29/0x2b [ 34.797861] x86_64_start_kernel+0x76/0x79 [ 34.797866] secondary_startup_64+0xa4/0xb0 [ 34.797868] [ 34.797870] -> #1 (&p->pi_lock){-.-.}: [ 34.797885] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.797889] try_to_wake_up+0xd2/0x1250 [ 34.797893] wake_up_process+0x10/0x20 [ 34.797896] __up.isra.1+0x1c0/0x2a0 [ 34.797900] up+0x13c/0x1c0 [ 34.797904] __up_console_sem+0xbe/0x1b0 [ 34.797908] console_unlock+0x506/0x10d0 [ 34.797911] vprintk_emit+0x33a/0x910 [ 34.797915] vprintk_default+0x28/0x30 [ 34.797919] vprintk_func+0x7a/0x117 [ 34.797923] printk+0xa7/0xcf [ 34.797926] do_exit.cold.22+0x120/0x21f [ 34.797930] do_group_exit+0x177/0x440 [ 34.797935] __x64_sys_exit_group+0x3e/0x50 [ 34.797938] do_syscall_64+0x1b9/0x820 [ 34.797943] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.797945] [ 34.797948] -> #0 ((console_sem).lock){-...}: [ 34.797962] lock_acquire+0x1e4/0x4f0 [ 34.797966] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.797970] down_trylock+0x13/0x70 [ 34.797975] __down_trylock_console_sem+0xae/0x200 [ 34.797979] console_trylock+0x15/0xa0 [ 34.797982] vprintk_emit+0x31f/0x910 [ 34.797986] vprintk_default+0x28/0x30 [ 34.797990] vprintk_func+0x7a/0x117 [ 34.797994] printk+0xa7/0xcf [ 34.797997] kasan_report+0x9e/0x110 [ 34.798002] __asan_report_load8_noabort+0x14/0x20 [ 34.798006] __schedule+0xf54/0x1df0 [ 34.798010] preempt_schedule_common+0x22/0x60 [ 34.798014] _cond_resched+0x1d/0x30 [ 34.798018] wait_for_completion+0xa5/0x8d0 [ 34.798022] __synchronize_srcu+0x189/0x240 [ 34.798026] synchronize_srcu+0x335/0x56f [ 34.798031] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.798035] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.798040] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.798043] kvm_put_kvm+0x73f/0x1060 [ 34.798074] kvm_vm_release+0x42/0x50 [ 34.798078] __fput+0x38a/0xa40 [ 34.798081] ____fput+0x15/0x20 [ 34.798085] task_work_run+0x1e8/0x2a0 [ 34.798089] do_exit+0x1ae4/0x26e0 [ 34.798093] do_group_exit+0x177/0x440 [ 34.798097] __x64_sys_exit_group+0x3e/0x50 [ 34.798101] do_syscall_64+0x1b9/0x820 [ 34.798106] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.798108] [ 34.798112] other info that might help us debug this: [ 34.798114] [ 34.798117] Chain exists of: [ 34.798120] (console_sem).lock --> &rq->lock --> report_lock [ 34.798138] [ 34.798142] Possible unsafe locking scenario: [ 34.798144] [ 34.798148] CPU0 CPU1 [ 34.798152] ---- ---- [ 34.798155] lock(report_lock); [ 34.798164] lock(&rq->lock); [ 34.798174] lock(report_lock); [ 34.798181] lock((console_sem).lock); [ 34.798189] [ 34.798193] *** DEADLOCK *** [ 34.798195] [ 34.798199] 2 locks held by syz-executor762/4678: [ 34.798201] #0: 00000000ab5f6164 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 34.798219] #1: 000000000babc8d2 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.798235] [ 34.798239] stack backtrace: [ 34.798245] CPU: 0 PID: 4678 Comm: syz-executor762 Not tainted 4.19.0-rc2+ #220 [ 34.798252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.798255] Call Trace: [ 34.798259] dump_stack+0x1c9/0x2b4 [ 34.798263] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.798267] ? vprintk_func+0x100/0x117 [ 34.798272] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 34.798276] ? save_trace+0xe0/0x290 [ 34.798280] __lock_acquire+0x3449/0x5020 [ 34.798284] ? mark_held_locks+0x160/0x160 [ 34.798288] ? mark_held_locks+0x160/0x160 [ 34.798292] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.798297] ? is_bpf_text_address+0xd7/0x170 [ 34.798301] ? kernel_text_address+0x79/0xf0 [ 34.798305] ? __kernel_text_address+0xd/0x40 [ 34.798309] ? __save_stack_trace+0x8d/0xf0 [ 34.798314] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 34.798317] ? save_trace+0x290/0x290 [ 34.798321] ? save_stack_trace+0x1a/0x20 [ 34.798325] ? save_trace+0xe0/0x290 [ 34.798329] ? graph_lock+0x170/0x170 [ 34.798334] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.798338] lock_acquire+0x1e4/0x4f0 [ 34.798342] ? down_trylock+0x13/0x70 [ 34.798345] ? lock_release+0x9f0/0x9f0 [ 34.798350] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.798354] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.798358] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.798362] ? log_store+0x34f/0x4c0 [ 34.798366] ? vprintk_emit+0x31f/0x910 [ 34.798370] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.798374] ? down_trylock+0x13/0x70 [ 34.798377] down_trylock+0x13/0x70 [ 34.798382] __down_trylock_console_sem+0xae/0x200 [ 34.798386] console_trylock+0x15/0xa0 [ 34.798389] vprintk_emit+0x31f/0x910 [ 34.798393] ? wake_up_klogd+0x110/0x110 [ 34.798398] ? run_rebalance_domains+0x4c0/0x4c0 [ 34.798402] ? kasan_check_read+0x11/0x20 [ 34.798406] ? rcu_is_watching+0x8c/0x150 [ 34.798410] ? rcu_pm_notify+0xc0/0xc0 [ 34.798414] ? lock_acquire+0x1e4/0x4f0 [ 34.798418] ? kasan_report+0x8e/0x110 [ 34.798421] ? __schedule+0xf54/0x1df0 [ 34.798425] vprintk_default+0x28/0x30 [ 34.798429] vprintk_func+0x7a/0x117 [ 34.798432] printk+0xa7/0xcf [ 34.798437] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.798441] ? kasan_check_write+0x14/0x20 [ 34.798445] ? do_raw_spin_lock+0xc1/0x200 [ 34.798449] ? do_raw_spin_lock+0xc1/0x200 [ 34.798453] kasan_report+0x9e/0x110 [ 34.798457] __asan_report_load8_noabort+0x14/0x20 [ 34.798461] __schedule+0xf54/0x1df0 [ 34.798465] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.798470] ? __sched_text_start+0x8/0x8 [ 34.798473] ? __call_srcu+0x7e7/0x1040 [ 34.798478] ? check_same_owner+0x340/0x340 [ 34.798482] ? mark_held_locks+0x160/0x160 [ 34.798486] ? find_held_lock+0x36/0x1c0 [ 34.798490] preempt_schedule_common+0x22/0x60 [ 34.798494] _cond_resched+0x1d/0x30 [ 34.798498] wait_for_completion+0xa5/0x8d0 [ 34.798503] ? wait_for_completion_interruptible+0x950/0x950 [ 34.798507] ? __lockdep_init_map+0x105/0x590 [ 34.798511] ? __init_waitqueue_head+0x9e/0x150 [ 34.798515] ? init_wait_entry+0x1c0/0x1c0 [ 34.798519] __synchronize_srcu+0x189/0x240 [ 34.798523] ? call_srcu+0x10/0x10 [ 34.798527] ? rcu_unexpedite_gp+0x20/0x20 [ 34.798531] synchronize_srcu+0x335/0x56f [ 34.798536] ? lock_downgrade+0x8f0/0x8f0 [ 34.798540] ? synchronize_srcu_expedited+0x20/0x20 [ 34.798544] ? kasan_check_read+0x11/0x20 [ 34.798548] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.798553] ? kasan_check_write+0x14/0x20 [ 34.798557] ? do_raw_spin_lock+0xc1/0x200 [ 34.798562] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.798567] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.798571] ? kvfree+0x61/0x70 [ 34.798576] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.798580] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.798584] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.798588] ? kvm_arch_sync_events+0x30/0x30 [ 34.798593] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.798598] ? mmu_notifier_unregister+0x474/0x600 [ 34.798602] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.798606] ? kfree+0x111/0x210 [ 34.798610] ? __mmu_notifier_register+0x30/0x30 [ 34.798614] ? __free_pages+0x10a/0x190 [ 34.798618] ? free_unref_page+0x930/0x930 [ 34.798622] kvm_put_kvm+0x73f/0x1060 [ 34.798627] ? kvm_write_guest_cached+0x40/0x40 [ 34.798631] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.798635] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.798639] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.798644] ? kasan_check_write+0x14/0x20 [ 34.798648] ? do_raw_spin_lock+0xc1/0x200 [ 34.798652] ? kvm_irqfd_release+0xdd/0x120 [ 34.798656] ? kvm_irqfd_release+0xdd/0x120 [ 34.798660] ? kvm_put_kvm+0x1060/0x1060 [ 34.798664] kvm_vm_release+0x42/0x50 [ 34.798667] __fput+0x38a/0xa40 [ 34.798671] ? __alloc_file+0x400/0x400 [ 34.798675] ? check_same_owner+0x340/0x340 [ 34.798679] ? kasan_check_write+0x14/0x20 [ 34.798683] ? do_raw_spin_lock+0xc1/0x200 [ 34.798687] ____fput+0x15/0x20 [ 34.798691] task_work_run+0x1e8/0x2a0 [ 34.798695] ? task_work_cancel+0x240/0x240 [ 34.798700] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.798704] ? switch_task_namespaces+0xa2/0xd0 [ 34.798708] do_exit+0x1ae4/0x26e0 [ 34.798712] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.798716] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.798720] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.798724] ? kfree+0x1d7/0x210 [ 34.798728] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.798733] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.798736] ? is_bpf_tex [ 34.798744] Lost 55 message(s)! [ 35.869291] Shutting down cpus with NMI [ 36.936239] Dumping ftrace buffer: [ 36.939790] (ftrace buffer empty) [ 36.943553] Kernel Offset: disabled [ 36.947182] Rebooting in 86400 seconds..