[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.011121] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.864965] random: sshd: uninitialized urandom read (32 bytes read) [ 26.116586] random: sshd: uninitialized urandom read (32 bytes read) [ 26.713615] random: sshd: uninitialized urandom read (32 bytes read) [ 26.892570] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts. [ 32.526621] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 32.626633] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 32.651849] ================================================================== [ 32.661613] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 32.667838] Read of size 8 at addr ffff8801bfe70058 by task syz-executor913/4666 [ 32.675355] [ 32.676985] CPU: 0 PID: 4666 Comm: syz-executor913 Not tainted 4.19.0-rc2+ #220 [ 32.684423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.693772] Call Trace: [ 32.696361] dump_stack+0x1c9/0x2b4 [ 32.699990] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.705177] ? printk+0xa7/0xcf [ 32.708452] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.713211] ? __schedule+0xf54/0x1df0 [ 32.717099] print_address_description+0x6c/0x20b [ 32.721955] ? __schedule+0xf54/0x1df0 [ 32.725843] kasan_report.cold.7+0x242/0x30d [ 32.730256] __asan_report_load8_noabort+0x14/0x20 [ 32.735179] __schedule+0xf54/0x1df0 [ 32.738889] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.744004] ? __sched_text_start+0x8/0x8 [ 32.748153] ? __call_srcu+0x7e7/0x1040 [ 32.752134] ? check_same_owner+0x340/0x340 [ 32.756448] ? mark_held_locks+0x160/0x160 [ 32.760678] ? find_held_lock+0x36/0x1c0 [ 32.764747] preempt_schedule_common+0x22/0x60 [ 32.769323] _cond_resched+0x1d/0x30 [ 32.773035] wait_for_completion+0xa5/0x8d0 [ 32.777358] ? wait_for_completion_interruptible+0x950/0x950 [ 32.783170] ? __lockdep_init_map+0x105/0x590 [ 32.787663] ? __init_waitqueue_head+0x9e/0x150 [ 32.792330] ? init_wait_entry+0x1c0/0x1c0 [ 32.796567] __synchronize_srcu+0x189/0x240 [ 32.800887] ? call_srcu+0x10/0x10 [ 32.804434] ? rcu_unexpedite_gp+0x20/0x20 [ 32.808672] synchronize_srcu+0x335/0x56f [ 32.812817] ? lock_downgrade+0x8f0/0x8f0 [ 32.816965] ? synchronize_srcu_expedited+0x20/0x20 [ 32.821982] ? kasan_check_read+0x11/0x20 [ 32.826127] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.830706] ? kasan_check_write+0x14/0x20 [ 32.834952] ? do_raw_spin_lock+0xc1/0x200 [ 32.839636] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.845444] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.850893] ? kvfree+0x61/0x70 [ 32.854183] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.859198] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.863253] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.867660] ? kvm_arch_sync_events+0x30/0x30 [ 32.872158] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.877690] ? mmu_notifier_unregister+0x474/0x600 [ 32.882613] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.887018] ? kfree+0x111/0x210 [ 32.890379] ? __mmu_notifier_register+0x30/0x30 [ 32.895134] ? __free_pages+0x10a/0x190 [ 32.899108] ? free_unref_page+0x930/0x930 [ 32.903355] kvm_put_kvm+0x73f/0x1060 [ 32.907155] ? kvm_write_guest_cached+0x40/0x40 [ 32.911823] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.916312] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.920803] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.925387] ? kasan_check_write+0x14/0x20 [ 32.929615] ? do_raw_spin_lock+0xc1/0x200 [ 32.933845] ? kvm_irqfd_release+0xdd/0x120 [ 32.938157] ? kvm_irqfd_release+0xdd/0x120 [ 32.942734] ? kvm_put_kvm+0x1060/0x1060 [ 32.946792] kvm_vm_release+0x42/0x50 [ 32.950587] __fput+0x38a/0xa40 [ 32.953860] ? __alloc_file+0x400/0x400 [ 32.957830] ? check_same_owner+0x340/0x340 [ 32.962147] ? kasan_check_write+0x14/0x20 [ 32.966377] ? do_raw_spin_lock+0xc1/0x200 [ 32.970620] ____fput+0x15/0x20 [ 32.973896] task_work_run+0x1e8/0x2a0 [ 32.977787] ? task_work_cancel+0x240/0x240 [ 32.982107] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.987637] ? switch_task_namespaces+0xa2/0xd0 [ 32.992309] do_exit+0x1ae4/0x26e0 [ 32.995884] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.000562] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.004818] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.009838] ? kfree+0x1d7/0x210 [ 33.013205] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.017441] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.023152] ? is_bpf_text_address+0xd7/0x170 [ 33.027642] ? kernel_text_address+0x79/0xf0 [ 33.032050] ? __kernel_text_address+0xd/0x40 [ 33.036543] ? unwind_get_return_address+0x61/0xa0 [ 33.041468] ? __save_stack_trace+0x8d/0xf0 [ 33.045792] ? save_stack+0xa9/0xd0 [ 33.049414] ? save_stack+0x43/0xd0 [ 33.053034] ? __kasan_slab_free+0x11a/0x170 [ 33.057437] ? kasan_slab_free+0xe/0x10 [ 33.061408] ? putname+0xf2/0x130 [ 33.064860] ? __x64_sys_openat+0x9d/0x100 [ 33.069089] ? do_syscall_64+0x1b9/0x820 [ 33.073146] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.078508] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.082947] ? kasan_check_read+0x11/0x20 [ 33.087094] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.091497] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.095905] ? initcall_blacklisted+0x9a/0x1e0 [ 33.100496] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.105597] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.111305] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.116835] ? do_vfs_ioctl+0x201/0x1720 [ 33.120890] ? rcu_is_watching+0x8c/0x150 [ 33.125076] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.129391] ? ioctl_preallocate+0x300/0x300 [ 33.133794] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.139328] ? __fget_light+0x2f7/0x440 [ 33.143298] ? fget_raw+0x20/0x20 [ 33.146744] ? putname+0xf2/0x130 [ 33.150193] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.155205] ? kmem_cache_free+0x246/0x280 [ 33.159436] ? putname+0xf7/0x130 [ 33.162890] do_group_exit+0x177/0x440 [ 33.166782] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.171103] ? __ia32_sys_exit+0x50/0x50 [ 33.175161] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.180265] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.185800] ? ksys_ioctl+0x81/0xd0 [ 33.189429] __x64_sys_exit_group+0x3e/0x50 [ 33.193750] do_syscall_64+0x1b9/0x820 [ 33.197632] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.202993] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.207928] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.212775] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.217788] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.222802] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.227647] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.232831] RIP: 0033:0x43ecc8 [ 33.236024] Code: Bad RIP value. [ 33.239383] RSP: 002b:00007ffd97e63b88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.247091] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 33.254359] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.261621] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.269268] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.276532] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.283801] [ 33.285422] Allocated by task 4666: [ 33.289063] save_stack+0x43/0xd0 [ 33.292514] kasan_kmalloc+0xc4/0xe0 [ 33.296221] kasan_slab_alloc+0x12/0x20 [ 33.300189] kmem_cache_alloc+0x12e/0x710 [ 33.304334] vmx_create_vcpu+0xcf/0x2830 [ 33.308392] kvm_arch_vcpu_create+0xe5/0x220 [ 33.312795] kvm_vm_ioctl+0x488/0x1d80 [ 33.316677] do_vfs_ioctl+0x1de/0x1720 [ 33.320556] ksys_ioctl+0xa9/0xd0 [ 33.324004] __x64_sys_ioctl+0x73/0xb0 [ 33.327884] do_syscall_64+0x1b9/0x820 [ 33.331776] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.336958] [ 33.338577] Freed by task 4666: [ 33.341848] save_stack+0x43/0xd0 [ 33.345294] __kasan_slab_free+0x11a/0x170 [ 33.349519] kasan_slab_free+0xe/0x10 [ 33.353314] kmem_cache_free+0x86/0x280 [ 33.357285] vmx_free_vcpu+0x26b/0x300 [ 33.361175] kvm_arch_destroy_vm+0x365/0x7c0 [ 33.365577] kvm_put_kvm+0x73f/0x1060 [ 33.369373] kvm_vm_release+0x42/0x50 [ 33.373167] __fput+0x38a/0xa40 [ 33.376437] ____fput+0x15/0x20 [ 33.379709] task_work_run+0x1e8/0x2a0 [ 33.383590] do_exit+0x1ae4/0x26e0 [ 33.387127] do_group_exit+0x177/0x440 [ 33.391017] __x64_sys_exit_group+0x3e/0x50 [ 33.395335] do_syscall_64+0x1b9/0x820 [ 33.399215] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.404389] [ 33.406009] The buggy address belongs to the object at ffff8801bfe70040 [ 33.406009] which belongs to the cache kvm_vcpu of size 23872 [ 33.418573] The buggy address is located 24 bytes inside of [ 33.418573] 23872-byte region [ffff8801bfe70040, ffff8801bfe75d80) [ 33.430521] The buggy address belongs to the page: [ 33.435443] page:ffffea0006ff9c00 count:1 mapcount:0 mapping:ffff8801d9fd8080 index:0x0 compound_mapcount: 0 [ 33.445407] flags: 0x2fffc0000008100(slab|head) [ 33.450077] raw: 02fffc0000008100 ffff8801d5341448 ffff8801d5341448 ffff8801d9fd8080 [ 33.457960] raw: 0000000000000000 ffff8801bfe70040 0000000100000001 0000000000000000 [ 33.465825] page dumped because: kasan: bad access detected [ 33.471541] [ 33.473171] Memory state around the buggy address: [ 33.478090] ffff8801bfe6ff00: fb fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb [ 33.485442] ffff8801bfe6ff80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 33.492792] >ffff8801bfe70000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 33.500134] ^ [ 33.506355] ffff8801bfe70080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.513709] ffff8801bfe70100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.521053] ================================================================== [ 33.528400] Kernel panic - not syncing: panic_on_warn set ... [ 33.528400] [ 33.535764] CPU: 0 PID: 4666 Comm: syz-executor913 Tainted: G B 4.19.0-rc2+ #220 [ 33.544587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.553940] Call Trace: [ 33.556540] dump_stack+0x1c9/0x2b4 [ 33.560173] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.565360] ? lock_downgrade+0x8f0/0x8f0 [ 33.569504] ? __schedule+0xf54/0x1df0 [ 33.573389] panic+0x238/0x4e7 [ 33.576577] ? add_taint.cold.5+0x16/0x16 [ 33.580728] ? print_shadow_for_address+0xba/0x116 [ 33.585651] ? trace_hardirqs_off+0xaf/0x2b0 [ 33.590051] ? trace_hardirqs_off+0x77/0x2b0 [ 33.594457] ? __schedule+0xf54/0x1df0 [ 33.598341] kasan_end_report+0x47/0x4f [ 33.602314] kasan_report.cold.7+0x76/0x30d [ 33.606633] __asan_report_load8_noabort+0x14/0x20 [ 33.611560] __schedule+0xf54/0x1df0 [ 33.615267] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.620366] ? __sched_text_start+0x8/0x8 [ 33.624509] ? __call_srcu+0x7e7/0x1040 [ 33.628490] ? check_same_owner+0x340/0x340 [ 33.632807] ? mark_held_locks+0x160/0x160 [ 33.637035] ? find_held_lock+0x36/0x1c0 [ 33.641102] preempt_schedule_common+0x22/0x60 [ 33.645682] _cond_resched+0x1d/0x30 [ 33.649393] wait_for_completion+0xa5/0x8d0 [ 33.653713] ? wait_for_completion_interruptible+0x950/0x950 [ 33.659508] ? __lockdep_init_map+0x105/0x590 [ 33.664001] ? __init_waitqueue_head+0x9e/0x150 [ 33.668663] ? init_wait_entry+0x1c0/0x1c0 [ 33.672899] __synchronize_srcu+0x189/0x240 [ 33.677221] ? call_srcu+0x10/0x10 [ 33.680761] ? rcu_unexpedite_gp+0x20/0x20 [ 33.684998] synchronize_srcu+0x335/0x56f [ 33.689142] ? lock_downgrade+0x8f0/0x8f0 [ 33.693285] ? synchronize_srcu_expedited+0x20/0x20 [ 33.698297] ? kasan_check_read+0x11/0x20 [ 33.702446] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.707029] ? kasan_check_write+0x14/0x20 [ 33.711260] ? do_raw_spin_lock+0xc1/0x200 [ 33.715496] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.721203] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.726651] ? kvfree+0x61/0x70 [ 33.729937] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.734964] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.739020] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.743424] ? kvm_arch_sync_events+0x30/0x30 [ 33.747930] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.753473] ? mmu_notifier_unregister+0x474/0x600 [ 33.758398] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.762804] ? kfree+0x111/0x210 [ 33.766167] ? __mmu_notifier_register+0x30/0x30 [ 33.770930] ? __free_pages+0x10a/0x190 [ 33.774908] ? free_unref_page+0x930/0x930 [ 33.779163] kvm_put_kvm+0x73f/0x1060 [ 33.782970] ? kvm_write_guest_cached+0x40/0x40 [ 33.787642] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.792130] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.796623] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.801209] ? kasan_check_write+0x14/0x20 [ 33.805440] ? do_raw_spin_lock+0xc1/0x200 [ 33.809676] ? kvm_irqfd_release+0xdd/0x120 [ 33.813992] ? kvm_irqfd_release+0xdd/0x120 [ 33.818310] ? kvm_put_kvm+0x1060/0x1060 [ 33.822377] kvm_vm_release+0x42/0x50 [ 33.826174] __fput+0x38a/0xa40 [ 33.829453] ? __alloc_file+0x400/0x400 [ 33.833427] ? check_same_owner+0x340/0x340 [ 33.838236] ? kasan_check_write+0x14/0x20 [ 33.842468] ? do_raw_spin_lock+0xc1/0x200 [ 33.846699] ____fput+0x15/0x20 [ 33.849977] task_work_run+0x1e8/0x2a0 [ 33.853859] ? task_work_cancel+0x240/0x240 [ 33.858182] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.863715] ? switch_task_namespaces+0xa2/0xd0 [ 33.868380] do_exit+0x1ae4/0x26e0 [ 33.871929] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.876621] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.880854] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.885865] ? kfree+0x1d7/0x210 [ 33.889227] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.893461] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.899171] ? is_bpf_text_address+0xd7/0x170 [ 33.903662] ? kernel_text_address+0x79/0xf0 [ 33.908065] ? __kernel_text_address+0xd/0x40 [ 33.912556] ? unwind_get_return_address+0x61/0xa0 [ 33.917480] ? __save_stack_trace+0x8d/0xf0 [ 33.921806] ? save_stack+0xa9/0xd0 [ 33.925426] ? save_stack+0x43/0xd0 [ 33.929048] ? __kasan_slab_free+0x11a/0x170 [ 33.933449] ? kasan_slab_free+0xe/0x10 [ 33.937422] ? putname+0xf2/0x130 [ 33.940875] ? __x64_sys_openat+0x9d/0x100 [ 33.945269] ? do_syscall_64+0x1b9/0x820 [ 33.949319] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.954680] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.959081] ? kasan_check_read+0x11/0x20 [ 33.963224] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.967629] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.972038] ? initcall_blacklisted+0x9a/0x1e0 [ 33.976621] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.981726] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.987444] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.992999] ? do_vfs_ioctl+0x201/0x1720 [ 33.997056] ? rcu_is_watching+0x8c/0x150 [ 34.001196] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.005516] ? ioctl_preallocate+0x300/0x300 [ 34.009929] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.015471] ? __fget_light+0x2f7/0x440 [ 34.019440] ? fget_raw+0x20/0x20 [ 34.022886] ? putname+0xf2/0x130 [ 34.026345] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.031355] ? kmem_cache_free+0x246/0x280 [ 34.035586] ? putname+0xf7/0x130 [ 34.039038] do_group_exit+0x177/0x440 [ 34.042928] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.047251] ? __ia32_sys_exit+0x50/0x50 [ 34.051306] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.056404] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.061950] ? ksys_ioctl+0x81/0xd0 [ 34.065577] __x64_sys_exit_group+0x3e/0x50 [ 34.069905] do_syscall_64+0x1b9/0x820 [ 34.073803] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.079164] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.084091] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.088937] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.093964] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.098981] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.103821] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.109179] RIP: 0033:0x43ecc8 [ 34.112369] Code: Bad RIP value. [ 34.115736] RSP: 002b:00007ffd97e63b88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.123454] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 34.130720] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.137984] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.145247] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.152509] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.159779] [ 34.159784] ====================================================== [ 34.159790] WARNING: possible circular locking dependency detected [ 34.159793] 4.19.0-rc2+ #220 Not tainted [ 34.159799] ------------------------------------------------------ [ 34.159804] syz-executor913/4666 is trying to acquire lock: [ 34.159807] 00000000424f939f ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 34.159821] [ 34.159825] but task is already holding lock: [ 34.159828] 00000000650c2e6b (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.159842] [ 34.159846] which lock already depends on the new lock. [ 34.159848] [ 34.159851] [ 34.159856] the existing dependency chain (in reverse order) is: [ 34.159858] [ 34.159860] -> #3 (report_lock){....}: [ 34.159874] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.159878] kasan_report+0x8e/0x110 [ 34.159882] __asan_report_load8_noabort+0x14/0x20 [ 34.159886] __schedule+0xf54/0x1df0 [ 34.159890] preempt_schedule_common+0x22/0x60 [ 34.159901] _cond_resched+0x1d/0x30 [ 34.159905] wait_for_completion+0xa5/0x8d0 [ 34.159909] __synchronize_srcu+0x189/0x240 [ 34.159922] synchronize_srcu+0x335/0x56f [ 34.159927] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.159931] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.159935] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.159939] kvm_put_kvm+0x73f/0x1060 [ 34.159949] kvm_vm_release+0x42/0x50 [ 34.159952] __fput+0x38a/0xa40 [ 34.159956] ____fput+0x15/0x20 [ 34.159960] task_work_run+0x1e8/0x2a0 [ 34.159963] do_exit+0x1ae4/0x26e0 [ 34.159967] do_group_exit+0x177/0x440 [ 34.159971] __x64_sys_exit_group+0x3e/0x50 [ 34.159975] do_syscall_64+0x1b9/0x820 [ 34.159979] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.159982] [ 34.159984] -> #2 (&rq->lock){-.-.}: [ 34.159997] _raw_spin_lock+0x2a/0x40 [ 34.160001] task_fork_fair+0x93/0x680 [ 34.160005] sched_fork+0x44b/0xbd0 [ 34.160009] copy_process+0x235e/0x7ad0 [ 34.160012] _do_fork+0x1ca/0x1170 [ 34.160016] kernel_thread+0x34/0x40 [ 34.160019] rest_init+0x22/0xe4 [ 34.160023] start_kernel+0x913/0x94e [ 34.160027] x86_64_start_reservations+0x29/0x2b [ 34.160031] x86_64_start_kernel+0x76/0x79 [ 34.160035] secondary_startup_64+0xa4/0xb0 [ 34.160037] [ 34.160040] -> #1 (&p->pi_lock){-.-.}: [ 34.160054] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.160058] try_to_wake_up+0xd2/0x1250 [ 34.160061] wake_up_process+0x10/0x20 [ 34.160065] __up.isra.1+0x1c0/0x2a0 [ 34.160068] up+0x13c/0x1c0 [ 34.160072] __up_console_sem+0xbe/0x1b0 [ 34.160076] console_unlock+0x506/0x10d0 [ 34.160080] vprintk_emit+0x33a/0x910 [ 34.160084] vprintk_default+0x28/0x30 [ 34.160087] vprintk_func+0x7a/0x117 [ 34.160091] printk+0xa7/0xcf [ 34.160095] do_exit.cold.22+0x120/0x21f [ 34.160098] do_group_exit+0x177/0x440 [ 34.160102] __x64_sys_exit_group+0x3e/0x50 [ 34.160106] do_syscall_64+0x1b9/0x820 [ 34.160111] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.160113] [ 34.160115] -> #0 ((console_sem).lock){-...}: [ 34.160129] lock_acquire+0x1e4/0x4f0 [ 34.160133] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.160137] down_trylock+0x13/0x70 [ 34.160141] __down_trylock_console_sem+0xae/0x200 [ 34.160145] console_trylock+0x15/0xa0 [ 34.160149] vprintk_emit+0x31f/0x910 [ 34.160152] vprintk_default+0x28/0x30 [ 34.160156] vprintk_func+0x7a/0x117 [ 34.160159] printk+0xa7/0xcf [ 34.160163] kasan_report+0x9e/0x110 [ 34.160167] __asan_report_load8_noabort+0x14/0x20 [ 34.160171] __schedule+0xf54/0x1df0 [ 34.160175] preempt_schedule_common+0x22/0x60 [ 34.160179] _cond_resched+0x1d/0x30 [ 34.160183] wait_for_completion+0xa5/0x8d0 [ 34.160187] __synchronize_srcu+0x189/0x240 [ 34.160191] synchronize_srcu+0x335/0x56f [ 34.160196] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.160200] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.160204] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.160208] kvm_put_kvm+0x73f/0x1060 [ 34.160211] kvm_vm_release+0x42/0x50 [ 34.160215] __fput+0x38a/0xa40 [ 34.160218] ____fput+0x15/0x20 [ 34.160222] task_work_run+0x1e8/0x2a0 [ 34.160225] do_exit+0x1ae4/0x26e0 [ 34.160229] do_group_exit+0x177/0x440 [ 34.160233] __x64_sys_exit_group+0x3e/0x50 [ 34.160237] do_syscall_64+0x1b9/0x820 [ 34.160241] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.160243] [ 34.160248] other info that might help us debug this: [ 34.160250] [ 34.160253] Chain exists of: [ 34.160255] (console_sem).lock --> &rq->lock --> report_lock [ 34.160272] [ 34.160276] Possible unsafe locking scenario: [ 34.160278] [ 34.160282] CPU0 CPU1 [ 34.160286] ---- ---- [ 34.160289] lock(report_lock); [ 34.160298] lock(&rq->lock); [ 34.160307] lock(report_lock); [ 34.160314] lock((console_sem).lock); [ 34.160322] [ 34.160325] *** DEADLOCK *** [ 34.160327] [ 34.160331] 2 locks held by syz-executor913/4666: [ 34.160334] #0: 000000004ff0fbd4 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 34.160350] #1: 00000000650c2e6b (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.160366] [ 34.160369] stack backtrace: [ 34.160375] CPU: 0 PID: 4666 Comm: syz-executor913 Not tainted 4.19.0-rc2+ #220 [ 34.160382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.160385] Call Trace: [ 34.160389] dump_stack+0x1c9/0x2b4 [ 34.160393] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.160397] ? vprintk_func+0x100/0x117 [ 34.160402] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 34.160406] ? save_trace+0xe0/0x290 [ 34.160409] __lock_acquire+0x3449/0x5020 [ 34.160413] ? mark_held_locks+0x160/0x160 [ 34.160417] ? mark_held_locks+0x160/0x160 [ 34.160422] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.160426] ? is_bpf_text_address+0xd7/0x170 [ 34.160430] ? kernel_text_address+0x79/0xf0 [ 34.160434] ? __kernel_text_address+0xd/0x40 [ 34.160438] ? __save_stack_trace+0x8d/0xf0 [ 34.160442] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 34.160446] ? save_trace+0x290/0x290 [ 34.160450] ? save_stack_trace+0x1a/0x20 [ 34.160454] ? save_trace+0xe0/0x290 [ 34.160458] ? graph_lock+0x170/0x170 [ 34.160462] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.160466] lock_acquire+0x1e4/0x4f0 [ 34.160470] ? down_trylock+0x13/0x70 [ 34.160473] ? lock_release+0x9f0/0x9f0 [ 34.160477] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.160482] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.160486] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.160489] ? log_store+0x34f/0x4c0 [ 34.160493] ? vprintk_emit+0x31f/0x910 [ 34.160497] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.160501] ? down_trylock+0x13/0x70 [ 34.160504] down_trylock+0x13/0x70 [ 34.160509] __down_trylock_console_sem+0xae/0x200 [ 34.160512] console_trylock+0x15/0xa0 [ 34.160516] vprintk_emit+0x31f/0x910 [ 34.160520] ? wake_up_klogd+0x110/0x110 [ 34.160524] ? run_rebalance_domains+0x4c0/0x4c0 [ 34.160528] ? kasan_check_read+0x11/0x20 [ 34.160532] ? rcu_is_watching+0x8c/0x150 [ 34.160536] ? rcu_pm_notify+0xc0/0xc0 [ 34.160540] ? lock_acquire+0x1e4/0x4f0 [ 34.160544] ? kasan_report+0x8e/0x110 [ 34.160547] ? __schedule+0xf54/0x1df0 [ 34.160551] vprintk_default+0x28/0x30 [ 34.160555] vprintk_func+0x7a/0x117 [ 34.160558] printk+0xa7/0xcf [ 34.160562] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.160566] ? kasan_check_write+0x14/0x20 [ 34.160570] ? do_raw_spin_lock+0xc1/0x200 [ 34.160574] ? do_raw_spin_lock+0xc1/0x200 [ 34.160578] kasan_report+0x9e/0x110 [ 34.160582] __asan_report_load8_noabort+0x14/0x20 [ 34.160586] __schedule+0xf54/0x1df0 [ 34.160591] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.160594] ? __sched_text_start+0x8/0x8 [ 34.160598] ? __call_srcu+0x7e7/0x1040 [ 34.160602] ? check_same_owner+0x340/0x340 [ 34.160606] ? mark_held_locks+0x160/0x160 [ 34.160610] ? find_held_lock+0x36/0x1c0 [ 34.160614] preempt_schedule_common+0x22/0x60 [ 34.160618] _cond_resched+0x1d/0x30 [ 34.160622] wait_for_completion+0xa5/0x8d0 [ 34.160627] ? wait_for_completion_interruptible+0x950/0x950 [ 34.160631] ? __lockdep_init_map+0x105/0x590 [ 34.160635] ? __init_waitqueue_head+0x9e/0x150 [ 34.160639] ? init_wait_entry+0x1c0/0x1c0 [ 34.160643] __synchronize_srcu+0x189/0x240 [ 34.160647] ? call_srcu+0x10/0x10 [ 34.160650] ? rcu_unexpedite_gp+0x20/0x20 [ 34.160654] synchronize_srcu+0x335/0x56f [ 34.160658] ? lock_downgrade+0x8f0/0x8f0 [ 34.160663] ? synchronize_srcu_expedited+0x20/0x20 [ 34.160667] ? kasan_check_read+0x11/0x20 [ 34.160671] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.160675] ? kasan_check_write+0x14/0x20 [ 34.160679] ? do_raw_spin_lock+0xc1/0x200 [ 34.160684] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.160688] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.160692] ? kvfree+0x61/0x70 [ 34.160696] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.160700] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.160704] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.160708] ? kvm_arch_sync_events+0x30/0x30 [ 34.160713] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.160717] ? mmu_notifier_unregister+0x474/0x600 [ 34.160721] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.160725] ? kfree+0x111/0x210 [ 34.160729] ? __mmu_notifier_register+0x30/0x30 [ 34.160733] ? __free_pages+0x10a/0x190 [ 34.160737] ? free_unref_page+0x930/0x930 [ 34.160741] kvm_put_kvm+0x73f/0x1060 [ 34.160745] ? kvm_write_guest_cached+0x40/0x40 [ 34.160749] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.160753] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.160757] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.160761] ? kasan_check_write+0x14/0x20 [ 34.160765] ? do_raw_spin_lock+0xc1/0x200 [ 34.160769] ? kvm_irqfd_release+0xdd/0x120 [ 34.160773] ? kvm_irqfd_release+0xdd/0x120 [ 34.160777] ? kvm_put_kvm+0x1060/0x1060 [ 34.160780] kvm_vm_release+0x42/0x50 [ 34.160784] __fput+0x38a/0xa40 [ 34.160788] ? __alloc_file+0x400/0x400 [ 34.160792] ? check_same_owner+0x340/0x340 [ 34.160796] ? kasan_check_write+0x14/0x20 [ 34.160799] ? do_raw_spin_lock+0xc1/0x200 [ 34.160803] ____fput+0x15/0x20 [ 34.160807] task_work_run+0x1e8/0x2a0 [ 34.160811] ? task_work_cancel+0x240/0x240 [ 34.160815] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.160819] ? switch_task_namespaces+0xa2/0xd0 [ 34.160823] do_exit+0x1ae4/0x26e0 [ 34.160827] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.160831] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.160836] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.160839] ? kfree+0x1d7/0x210 [ 34.160843] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.160848] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.160851] ? is_bpf_tex [ 34.160858] Lost 55 message(s)! [ 35.243142] Shutting down cpus with NMI [ 36.301433] Dumping ftrace buffer: [ 36.304959] (ftrace buffer empty) [ 36.308661] Kernel Offset: disabled [ 36.312270] Rebooting in 86400 seconds..