[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.180412] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.629219] random: sshd: uninitialized urandom read (32 bytes read) [ 28.059565] random: sshd: uninitialized urandom read (32 bytes read) [ 28.591770] random: sshd: uninitialized urandom read (32 bytes read) [ 28.774323] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. [ 34.427089] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.531227] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.556461] ================================================================== [ 34.566289] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 34.572808] Read of size 8 at addr ffff8801b9cf8058 by task syz-executor906/4640 [ 34.580348] [ 34.581990] CPU: 1 PID: 4640 Comm: syz-executor906 Not tainted 4.19.0-rc1+ #216 [ 34.589449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.598813] Call Trace: [ 34.601434] dump_stack+0x1c9/0x2b4 [ 34.605078] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.610284] ? printk+0xa7/0xcf [ 34.613579] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.618363] ? __schedule+0xf54/0x1df0 [ 34.622272] print_address_description+0x6c/0x20b [ 34.627167] ? __schedule+0xf54/0x1df0 [ 34.631075] kasan_report.cold.7+0x242/0x30d [ 34.635504] __asan_report_load8_noabort+0x14/0x20 [ 34.640447] __schedule+0xf54/0x1df0 [ 34.644170] ? __sched_text_start+0x8/0x8 [ 34.648320] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 34.653438] ? __call_srcu+0x7e7/0x1040 [ 34.657462] ? check_same_owner+0x340/0x340 [ 34.661811] ? mark_held_locks+0x160/0x160 [ 34.666070] ? find_held_lock+0x36/0x1c0 [ 34.670142] preempt_schedule_common+0x22/0x60 [ 34.674739] _cond_resched+0x1d/0x30 [ 34.678467] wait_for_completion+0xa5/0x8d0 [ 34.682794] ? wait_for_completion_interruptible+0x950/0x950 [ 34.688599] ? __lockdep_init_map+0x105/0x590 [ 34.693101] ? __init_waitqueue_head+0x9e/0x150 [ 34.697770] ? init_wait_entry+0x1c0/0x1c0 [ 34.702015] __synchronize_srcu+0x189/0x240 [ 34.706369] ? call_srcu+0x10/0x10 [ 34.709923] ? rcu_unexpedite_gp+0x20/0x20 [ 34.714168] synchronize_srcu+0x335/0x56f [ 34.718366] ? lock_downgrade+0x8f0/0x8f0 [ 34.722516] ? synchronize_srcu_expedited+0x20/0x20 [ 34.727544] ? kasan_check_read+0x11/0x20 [ 34.731704] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.736309] ? kasan_check_write+0x14/0x20 [ 34.741056] ? do_raw_spin_lock+0xc1/0x200 [ 34.745325] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.751072] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.756549] ? kvfree+0x61/0x70 [ 34.759880] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.764942] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.769069] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.773502] ? kvm_arch_sync_events+0x30/0x30 [ 34.778014] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.783571] ? mmu_notifier_unregister+0x474/0x600 [ 34.788511] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.792928] ? kfree+0x111/0x210 [ 34.796298] ? __mmu_notifier_register+0x30/0x30 [ 34.801071] ? __free_pages+0x10a/0x190 [ 34.805083] ? free_unref_page+0x930/0x930 [ 34.809339] kvm_put_kvm+0x73f/0x1060 [ 34.813158] ? kvm_write_guest_cached+0x40/0x40 [ 34.817883] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.822404] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.826920] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.831533] ? kasan_check_write+0x14/0x20 [ 34.835778] ? do_raw_spin_lock+0xc1/0x200 [ 34.840037] ? kvm_irqfd_release+0xdd/0x120 [ 34.844381] ? kvm_irqfd_release+0xdd/0x120 [ 34.849106] ? kvm_put_kvm+0x1060/0x1060 [ 34.853182] kvm_vm_release+0x42/0x50 [ 34.857004] __fput+0x38a/0xa40 [ 34.860320] ? __alloc_file+0x400/0x400 [ 34.864324] ? check_same_owner+0x340/0x340 [ 34.868664] ? kasan_check_write+0x14/0x20 [ 34.872925] ? do_raw_spin_lock+0xc1/0x200 [ 34.877175] ____fput+0x15/0x20 [ 34.880467] task_work_run+0x1e8/0x2a0 [ 34.884377] ? task_work_cancel+0x240/0x240 [ 34.888718] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.894789] ? switch_task_namespaces+0xa2/0xd0 [ 34.899495] do_exit+0x1ae4/0x26e0 [ 34.903078] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.907768] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.912022] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.917063] ? kfree+0x1d7/0x210 [ 34.920455] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.924702] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.930429] ? is_bpf_text_address+0xd7/0x170 [ 34.934960] ? kernel_text_address+0x79/0xf0 [ 34.939389] ? __kernel_text_address+0xd/0x40 [ 34.943896] ? unwind_get_return_address+0x61/0xa0 [ 34.948853] ? __save_stack_trace+0x8d/0xf0 [ 34.953250] ? save_stack+0xa9/0xd0 [ 34.956890] ? save_stack+0x43/0xd0 [ 34.960525] ? __kasan_slab_free+0x11a/0x170 [ 34.964984] ? kasan_slab_free+0xe/0x10 [ 34.968998] ? putname+0xf2/0x130 [ 34.972492] ? __x64_sys_openat+0x9d/0x100 [ 34.976771] ? do_syscall_64+0x1b9/0x820 [ 34.980873] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.986261] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.990681] ? kasan_check_read+0x11/0x20 [ 34.994864] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.999290] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.003720] ? initcall_blacklisted+0x9a/0x1e0 [ 35.008319] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.013445] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.019191] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.024748] ? do_vfs_ioctl+0x201/0x1720 [ 35.028833] ? rcu_is_watching+0x8c/0x150 [ 35.033006] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.037353] ? ioctl_preallocate+0x300/0x300 [ 35.041779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.047355] ? __fget_light+0x2f7/0x440 [ 35.051345] ? fget_raw+0x20/0x20 [ 35.054813] ? putname+0xf2/0x130 [ 35.058310] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.063349] ? kmem_cache_free+0x246/0x280 [ 35.067599] ? putname+0xf7/0x130 [ 35.071066] do_group_exit+0x177/0x440 [ 35.074959] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.079289] ? __ia32_sys_exit+0x50/0x50 [ 35.083358] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.088473] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.094044] ? ksys_ioctl+0x81/0xd0 [ 35.097684] __x64_sys_exit_group+0x3e/0x50 [ 35.102012] do_syscall_64+0x1b9/0x820 [ 35.105905] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.111272] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.116228] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.121077] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.126107] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.131142] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.135994] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.141193] RIP: 0033:0x43ef08 [ 35.144395] Code: Bad RIP value. [ 35.147780] RSP: 002b:00007ffc55944ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.155490] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 35.162756] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.170025] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.177299] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.184571] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.191860] [ 35.193486] Allocated by task 4640: [ 35.197140] save_stack+0x43/0xd0 [ 35.200593] kasan_kmalloc+0xc4/0xe0 [ 35.204308] kasan_slab_alloc+0x12/0x20 [ 35.208278] kmem_cache_alloc+0x12e/0x710 [ 35.212438] vmx_create_vcpu+0xcf/0x2830 [ 35.216495] kvm_arch_vcpu_create+0xe5/0x220 [ 35.220899] kvm_vm_ioctl+0x488/0x1d80 [ 35.224798] do_vfs_ioctl+0x1de/0x1720 [ 35.228702] ksys_ioctl+0xa9/0xd0 [ 35.232162] __x64_sys_ioctl+0x73/0xb0 [ 35.236055] do_syscall_64+0x1b9/0x820 [ 35.239939] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.245119] [ 35.246735] Freed by task 4640: [ 35.250011] save_stack+0x43/0xd0 [ 35.253468] __kasan_slab_free+0x11a/0x170 [ 35.257703] kasan_slab_free+0xe/0x10 [ 35.261500] kmem_cache_free+0x86/0x280 [ 35.265486] vmx_free_vcpu+0x26b/0x300 [ 35.269370] kvm_arch_destroy_vm+0x365/0x7c0 [ 35.273775] kvm_put_kvm+0x73f/0x1060 [ 35.277686] kvm_vm_release+0x42/0x50 [ 35.281570] __fput+0x38a/0xa40 [ 35.284851] ____fput+0x15/0x20 [ 35.288126] task_work_run+0x1e8/0x2a0 [ 35.292008] do_exit+0x1ae4/0x26e0 [ 35.295551] do_group_exit+0x177/0x440 [ 35.299438] __x64_sys_exit_group+0x3e/0x50 [ 35.303763] do_syscall_64+0x1b9/0x820 [ 35.307653] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.312832] [ 35.314497] The buggy address belongs to the object at ffff8801b9cf8040 [ 35.314497] which belongs to the cache kvm_vcpu of size 23872 [ 35.327090] The buggy address is located 24 bytes inside of [ 35.327090] 23872-byte region [ffff8801b9cf8040, ffff8801b9cfdd80) [ 35.339141] The buggy address belongs to the page: [ 35.344075] page:ffffea0006e73e00 count:1 mapcount:0 mapping:ffff8801d532fd80 index:0x0 compound_mapcount: 0 [ 35.354055] flags: 0x2fffc0000008100(slab|head) [ 35.358728] raw: 02fffc0000008100 ffff8801d5326348 ffff8801d5326348 ffff8801d532fd80 [ 35.366613] raw: 0000000000000000 ffff8801b9cf8040 0000000100000001 0000000000000000 [ 35.374483] page dumped because: kasan: bad access detected [ 35.380180] [ 35.381799] Memory state around the buggy address: [ 35.386724] ffff8801b9cf7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.394081] ffff8801b9cf7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.401454] >ffff8801b9cf8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 35.408809] ^ [ 35.415048] ffff8801b9cf8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.422527] ffff8801b9cf8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.429883] ================================================================== [ 35.437250] Kernel panic - not syncing: panic_on_warn set ... [ 35.437250] [ 35.444640] CPU: 1 PID: 4640 Comm: syz-executor906 Tainted: G B 4.19.0-rc1+ #216 [ 35.453485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.462856] Call Trace: [ 35.465452] dump_stack+0x1c9/0x2b4 [ 35.469088] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.474280] ? lock_downgrade+0x8f0/0x8f0 [ 35.478519] ? __schedule+0xf54/0x1df0 [ 35.482425] panic+0x238/0x4e7 [ 35.485646] ? add_taint.cold.5+0x16/0x16 [ 35.489803] ? print_shadow_for_address+0xba/0x116 [ 35.494751] ? trace_hardirqs_off+0xaf/0x2b0 [ 35.499160] ? trace_hardirqs_off+0x77/0x2b0 [ 35.503600] ? __schedule+0xf54/0x1df0 [ 35.507495] kasan_end_report+0x47/0x4f [ 35.511481] kasan_report.cold.7+0x76/0x30d [ 35.515807] __asan_report_load8_noabort+0x14/0x20 [ 35.520767] __schedule+0xf54/0x1df0 [ 35.524483] ? __sched_text_start+0x8/0x8 [ 35.528639] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 35.533747] ? __call_srcu+0x7e7/0x1040 [ 35.537728] ? check_same_owner+0x340/0x340 [ 35.542052] ? mark_held_locks+0x160/0x160 [ 35.546287] ? find_held_lock+0x36/0x1c0 [ 35.550359] preempt_schedule_common+0x22/0x60 [ 35.554949] _cond_resched+0x1d/0x30 [ 35.558664] wait_for_completion+0xa5/0x8d0 [ 35.562997] ? wait_for_completion_interruptible+0x950/0x950 [ 35.568825] ? __lockdep_init_map+0x105/0x590 [ 35.573344] ? __init_waitqueue_head+0x9e/0x150 [ 35.578023] ? init_wait_entry+0x1c0/0x1c0 [ 35.582271] __synchronize_srcu+0x189/0x240 [ 35.586601] ? call_srcu+0x10/0x10 [ 35.590145] ? rcu_unexpedite_gp+0x20/0x20 [ 35.594390] synchronize_srcu+0x335/0x56f [ 35.598542] ? lock_downgrade+0x8f0/0x8f0 [ 35.602700] ? synchronize_srcu_expedited+0x20/0x20 [ 35.607730] ? kasan_check_read+0x11/0x20 [ 35.611884] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.616490] ? kasan_check_write+0x14/0x20 [ 35.620730] ? do_raw_spin_lock+0xc1/0x200 [ 35.624979] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.630702] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.636156] ? kvfree+0x61/0x70 [ 35.639438] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.644461] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.648525] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.652942] ? kvm_arch_sync_events+0x30/0x30 [ 35.657448] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.662994] ? mmu_notifier_unregister+0x474/0x600 [ 35.667927] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.672340] ? kfree+0x111/0x210 [ 35.675711] ? __mmu_notifier_register+0x30/0x30 [ 35.680474] ? __free_pages+0x10a/0x190 [ 35.684493] ? free_unref_page+0x930/0x930 [ 35.688746] kvm_put_kvm+0x73f/0x1060 [ 35.692559] ? kvm_write_guest_cached+0x40/0x40 [ 35.697233] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.701740] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.706238] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.710829] ? kasan_check_write+0x14/0x20 [ 35.715094] ? do_raw_spin_lock+0xc1/0x200 [ 35.719344] ? kvm_irqfd_release+0xdd/0x120 [ 35.723663] ? kvm_irqfd_release+0xdd/0x120 [ 35.727988] ? kvm_put_kvm+0x1060/0x1060 [ 35.732053] kvm_vm_release+0x42/0x50 [ 35.735860] __fput+0x38a/0xa40 [ 35.739138] ? __alloc_file+0x400/0x400 [ 35.743121] ? check_same_owner+0x340/0x340 [ 35.747442] ? kasan_check_write+0x14/0x20 [ 35.751676] ? do_raw_spin_lock+0xc1/0x200 [ 35.755908] ____fput+0x15/0x20 [ 35.759466] task_work_run+0x1e8/0x2a0 [ 35.763353] ? task_work_cancel+0x240/0x240 [ 35.767673] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.773211] ? switch_task_namespaces+0xa2/0xd0 [ 35.777924] do_exit+0x1ae4/0x26e0 [ 35.781482] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.786174] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.790424] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.795448] ? kfree+0x1d7/0x210 [ 35.798826] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.803086] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.808810] ? is_bpf_text_address+0xd7/0x170 [ 35.813324] ? kernel_text_address+0x79/0xf0 [ 35.817736] ? __kernel_text_address+0xd/0x40 [ 35.822238] ? unwind_get_return_address+0x61/0xa0 [ 35.827182] ? __save_stack_trace+0x8d/0xf0 [ 35.831552] ? save_stack+0xa9/0xd0 [ 35.835295] ? save_stack+0x43/0xd0 [ 35.838930] ? __kasan_slab_free+0x11a/0x170 [ 35.843349] ? kasan_slab_free+0xe/0x10 [ 35.847354] ? putname+0xf2/0x130 [ 35.850818] ? __x64_sys_openat+0x9d/0x100 [ 35.855074] ? do_syscall_64+0x1b9/0x820 [ 35.859150] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.864613] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.869036] ? kasan_check_read+0x11/0x20 [ 35.873196] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.877615] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.882046] ? initcall_blacklisted+0x9a/0x1e0 [ 35.886667] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.891787] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.897515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.903079] ? do_vfs_ioctl+0x201/0x1720 [ 35.907157] ? rcu_is_watching+0x8c/0x150 [ 35.911314] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.915651] ? ioctl_preallocate+0x300/0x300 [ 35.920072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.925620] ? __fget_light+0x2f7/0x440 [ 35.929611] ? fget_raw+0x20/0x20 [ 35.933095] ? putname+0xf2/0x130 [ 35.936564] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.941596] ? kmem_cache_free+0x246/0x280 [ 35.945856] ? putname+0xf7/0x130 [ 35.949325] do_group_exit+0x177/0x440 [ 35.953224] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.957558] ? __ia32_sys_exit+0x50/0x50 [ 35.961632] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.966746] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.972296] ? ksys_ioctl+0x81/0xd0 [ 35.975933] __x64_sys_exit_group+0x3e/0x50 [ 35.980258] do_syscall_64+0x1b9/0x820 [ 35.984155] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.989527] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.994470] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.999334] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.004361] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.009385] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.014235] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.019420] RIP: 0033:0x43ef08 [ 36.022616] Code: Bad RIP value. [ 36.025991] RSP: 002b:00007ffc55944ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.033879] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 36.041151] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.048444] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.055738] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.063013] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.070318] [ 36.070323] ====================================================== [ 36.070329] WARNING: possible circular locking dependency detected [ 36.070332] 4.19.0-rc1+ #216 Not tainted [ 36.070337] ------------------------------------------------------ [ 36.070342] syz-executor906/4640 is trying to acquire lock: [ 36.070346] 000000003528d355 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 36.070360] [ 36.070364] but task is already holding lock: [ 36.070367] 000000007f42c269 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.070381] [ 36.070385] which lock already depends on the new lock. [ 36.070387] [ 36.070390] [ 36.070395] the existing dependency chain (in reverse order) is: [ 36.070397] [ 36.070399] -> #3 (report_lock){....}: [ 36.070413] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.070417] kasan_report+0x8e/0x110 [ 36.070421] __asan_report_load8_noabort+0x14/0x20 [ 36.070425] __schedule+0xf54/0x1df0 [ 36.070429] preempt_schedule_common+0x22/0x60 [ 36.070433] _cond_resched+0x1d/0x30 [ 36.070437] wait_for_completion+0xa5/0x8d0 [ 36.070441] __synchronize_srcu+0x189/0x240 [ 36.070445] synchronize_srcu+0x335/0x56f [ 36.070450] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.070454] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.070458] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.070461] kvm_put_kvm+0x73f/0x1060 [ 36.070465] kvm_vm_release+0x42/0x50 [ 36.070469] __fput+0x38a/0xa40 [ 36.070472] ____fput+0x15/0x20 [ 36.070476] task_work_run+0x1e8/0x2a0 [ 36.070479] do_exit+0x1ae4/0x26e0 [ 36.070483] do_group_exit+0x177/0x440 [ 36.070487] __x64_sys_exit_group+0x3e/0x50 [ 36.070491] do_syscall_64+0x1b9/0x820 [ 36.070495] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.070498] [ 36.070500] -> #2 (&rq->lock){-.-.}: [ 36.070513] _raw_spin_lock+0x2a/0x40 [ 36.070517] task_fork_fair+0x93/0x680 [ 36.070521] sched_fork+0x44b/0xbd0 [ 36.070525] copy_process+0x235e/0x7ad0 [ 36.070528] _do_fork+0x1ca/0x1170 [ 36.070532] kernel_thread+0x34/0x40 [ 36.070536] rest_init+0x22/0xe4 [ 36.070540] start_kernel+0x913/0x94e [ 36.070544] x86_64_start_reservations+0x29/0x2b [ 36.070548] x86_64_start_kernel+0x76/0x79 [ 36.070552] secondary_startup_64+0xa4/0xb0 [ 36.070554] [ 36.070556] -> #1 (&p->pi_lock){-.-.}: [ 36.070570] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.070574] try_to_wake_up+0xd2/0x1250 [ 36.070578] wake_up_process+0x10/0x20 [ 36.070582] __up.isra.1+0x1c0/0x2a0 [ 36.070585] up+0x13c/0x1c0 [ 36.070589] __up_console_sem+0xbe/0x1b0 [ 36.070593] console_unlock+0x506/0x10d0 [ 36.070596] vprintk_emit+0x33a/0x910 [ 36.070600] vprintk_default+0x28/0x30 [ 36.070604] vprintk_func+0x7a/0x117 [ 36.070607] printk+0xa7/0xcf [ 36.070611] load_umh+0x51/0xbd [ 36.070614] do_one_initcall+0x127/0x838 [ 36.070619] kernel_init_freeable+0x4bb/0x5ae [ 36.070622] kernel_init+0x11/0x1b3 [ 36.070626] ret_from_fork+0x3a/0x50 [ 36.070628] [ 36.070630] -> #0 ((console_sem).lock){-...}: [ 36.070644] lock_acquire+0x1e4/0x4f0 [ 36.070649] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.070652] down_trylock+0x13/0x70 [ 36.070657] __down_trylock_console_sem+0xae/0x200 [ 36.070660] console_trylock+0x15/0xa0 [ 36.070664] vprintk_emit+0x31f/0x910 [ 36.070668] vprintk_default+0x28/0x30 [ 36.070672] vprintk_func+0x7a/0x117 [ 36.070675] printk+0xa7/0xcf [ 36.070679] kasan_report+0x9e/0x110 [ 36.070683] __asan_report_load8_noabort+0x14/0x20 [ 36.070687] __schedule+0xf54/0x1df0 [ 36.070691] preempt_schedule_common+0x22/0x60 [ 36.070695] _cond_resched+0x1d/0x30 [ 36.070699] wait_for_completion+0xa5/0x8d0 [ 36.070703] __synchronize_srcu+0x189/0x240 [ 36.070707] synchronize_srcu+0x335/0x56f [ 36.070712] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.070715] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.070719] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.070723] kvm_put_kvm+0x73f/0x1060 [ 36.070727] kvm_vm_release+0x42/0x50 [ 36.070730] __fput+0x38a/0xa40 [ 36.070734] ____fput+0x15/0x20 [ 36.070737] task_work_run+0x1e8/0x2a0 [ 36.070741] do_exit+0x1ae4/0x26e0 [ 36.070745] do_group_exit+0x177/0x440 [ 36.070749] __x64_sys_exit_group+0x3e/0x50 [ 36.070753] do_syscall_64+0x1b9/0x820 [ 36.070757] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.070759] [ 36.070764] other info that might help us debug this: [ 36.070766] [ 36.070769] Chain exists of: [ 36.070771] (console_sem).lock --> &rq->lock --> report_lock [ 36.070788] [ 36.070792] Possible unsafe locking scenario: [ 36.070795] [ 36.070798] CPU0 CPU1 [ 36.070802] ---- ---- [ 36.070805] lock(report_lock); [ 36.070814] lock(&rq->lock); [ 36.070823] lock(report_lock); [ 36.070830] lock((console_sem).lock); [ 36.070847] [ 36.070851] *** DEADLOCK *** [ 36.070853] [ 36.070857] 2 locks held by syz-executor906/4640: [ 36.070859] #0: 0000000096b73851 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 36.070876] #1: 000000007f42c269 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.070892] [ 36.070895] stack backtrace: [ 36.070901] CPU: 1 PID: 4640 Comm: syz-executor906 Not tainted 4.19.0-rc1+ #216 [ 36.070908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.070911] Call Trace: [ 36.070915] dump_stack+0x1c9/0x2b4 [ 36.070919] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.070923] ? vprintk_func+0x100/0x117 [ 36.070928] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 36.070931] ? save_trace+0xe0/0x290 [ 36.070935] __lock_acquire+0x3449/0x5020 [ 36.070939] ? mark_held_locks+0x160/0x160 [ 36.070943] ? mark_held_locks+0x160/0x160 [ 36.070947] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.070951] ? is_bpf_text_address+0xd7/0x170 [ 36.070955] ? kernel_text_address+0x79/0xf0 [ 36.070959] ? __kernel_text_address+0xd/0x40 [ 36.070963] ? __save_stack_trace+0x8d/0xf0 [ 36.070968] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 36.070971] ? save_trace+0x290/0x290 [ 36.070975] ? save_stack_trace+0x1a/0x20 [ 36.070979] ? save_trace+0xe0/0x290 [ 36.070983] ? graph_lock+0x170/0x170 [ 36.070987] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.070991] lock_acquire+0x1e4/0x4f0 [ 36.070995] ? down_trylock+0x13/0x70 [ 36.070998] ? lock_release+0x9f0/0x9f0 [ 36.071002] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.071007] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.071011] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.071014] ? log_store+0x34f/0x4c0 [ 36.071018] ? vprintk_emit+0x31f/0x910 [ 36.071022] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.071026] ? down_trylock+0x13/0x70 [ 36.071035] down_trylock+0x13/0x70 [ 36.071039] __down_trylock_console_sem+0xae/0x200 [ 36.071043] console_trylock+0x15/0xa0 [ 36.071046] vprintk_emit+0x31f/0x910 [ 36.071050] ? wake_up_klogd+0x110/0x110 [ 36.071055] ? run_rebalance_domains+0x4c0/0x4c0 [ 36.071058] ? kasan_check_read+0x11/0x20 [ 36.071062] ? rcu_is_watching+0x8c/0x150 [ 36.071066] ? rcu_pm_notify+0xc0/0xc0 [ 36.071070] ? lock_acquire+0x1e4/0x4f0 [ 36.071074] ? kasan_report+0x8e/0x110 [ 36.071077] ? __schedule+0xf54/0x1df0 [ 36.071081] vprintk_default+0x28/0x30 [ 36.071085] vprintk_func+0x7a/0x117 [ 36.071088] printk+0xa7/0xcf [ 36.071092] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.071096] ? kasan_check_write+0x14/0x20 [ 36.071100] ? do_raw_spin_lock+0xc1/0x200 [ 36.071104] ? do_raw_spin_lock+0xc1/0x200 [ 36.071108] kasan_report+0x9e/0x110 [ 36.071112] __asan_report_load8_noabort+0x14/0x20 [ 36.071116] __schedule+0xf54/0x1df0 [ 36.071119] ? __sched_text_start+0x8/0x8 [ 36.071124] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 36.071128] ? __call_srcu+0x7e7/0x1040 [ 36.071132] ? check_same_owner+0x340/0x340 [ 36.071136] ? mark_held_locks+0x160/0x160 [ 36.071140] ? find_held_lock+0x36/0x1c0 [ 36.071144] preempt_schedule_common+0x22/0x60 [ 36.071147] _cond_resched+0x1d/0x30 [ 36.071151] wait_for_completion+0xa5/0x8d0 [ 36.071156] ? wait_for_completion_interruptible+0x950/0x950 [ 36.071160] ? __lockdep_init_map+0x105/0x590 [ 36.071164] ? __init_waitqueue_head+0x9e/0x150 [ 36.071168] ? init_wait_entry+0x1c0/0x1c0 [ 36.071172] __synchronize_srcu+0x189/0x240 [ 36.071176] ? call_srcu+0x10/0x10 [ 36.071180] ? rcu_unexpedite_gp+0x20/0x20 [ 36.071184] synchronize_srcu+0x335/0x56f [ 36.071187] ? lock_downgrade+0x8f0/0x8f0 [ 36.071192] ? synchronize_srcu_expedited+0x20/0x20 [ 36.071196] ? kasan_check_read+0x11/0x20 [ 36.071200] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.071204] ? kasan_check_write+0x14/0x20 [ 36.071208] ? do_raw_spin_lock+0xc1/0x200 [ 36.071213] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.071217] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.071221] ? kvfree+0x61/0x70 [ 36.071225] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.071229] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.071233] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.071237] ? kvm_arch_sync_events+0x30/0x30 [ 36.071242] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.071246] ? mmu_notifier_unregister+0x474/0x600 [ 36.071250] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.071254] ? kfree+0x111/0x210 [ 36.071258] ? __mmu_notifier_register+0x30/0x30 [ 36.071262] ? __free_pages+0x10a/0x190 [ 36.071266] ? free_unref_page+0x930/0x930 [ 36.071269] kvm_put_kvm+0x73f/0x1060 [ 36.071273] ? kvm_write_guest_cached+0x40/0x40 [ 36.071277] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.071281] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.071286] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.071289] ? kasan_check_write+0x14/0x20 [ 36.071293] ? do_raw_spin_lock+0xc1/0x200 [ 36.071297] ? kvm_irqfd_release+0xdd/0x120 [ 36.071301] ? kvm_irqfd_release+0xdd/0x120 [ 36.071305] ? kvm_put_kvm+0x1060/0x1060 [ 36.071309] kvm_vm_release+0x42/0x50 [ 36.071312] __fput+0x38a/0xa40 [ 36.071316] ? __alloc_file+0x400/0x400 [ 36.071320] ? check_same_owner+0x340/0x340 [ 36.071324] ? kasan_check_write+0x14/0x20 [ 36.071328] ? do_raw_spin_lock+0xc1/0x200 [ 36.071331] ____fput+0x15/0x20 [ 36.071335] task_work_run+0x1e8/0x2a0 [ 36.071339] ? task_work_cancel+0x240/0x240 [ 36.071344] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.071348] ? switch_task_namespaces+0xa2/0xd0 [ 36.071351] do_exit+0x1ae4/0x26e0 [ 36.071355] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.071359] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.071364] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.071367] ? kfree+0x1d7/0x210 [ 36.071371] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.071376] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.071380] ? is_bpf_text_address+0xd7/0x170 [ 36.071382] ? [ 36.071390] Lost 54 message(s)! [ 37.149721] Shutting down cpus with NMI [ 38.212544] Dumping ftrace buffer: [ 38.216079] (ftrace buffer empty) [ 38.219776] Kernel Offset: disabled [ 38.223394] Rebooting in 86400 seconds..