[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.255280] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.423851] random: sshd: uninitialized urandom read (32 bytes read) [ 26.706127] random: sshd: uninitialized urandom read (32 bytes read) [ 27.286809] random: sshd: uninitialized urandom read (32 bytes read) [ 27.462590] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.31' (ECDSA) to the list of known hosts. [ 33.158340] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.264884] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.290051] ================================================================== [ 33.299971] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.306199] Read of size 8 at addr ffff8801d0008058 by task syz-executor109/4289 [ 33.313719] [ 33.315343] CPU: 0 PID: 4289 Comm: syz-executor109 Not tainted 4.19.0-rc2+ #226 [ 33.322782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.332126] Call Trace: [ 33.334717] dump_stack+0x1c9/0x2b4 [ 33.338801] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.343987] ? printk+0xa7/0xcf [ 33.347396] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.352157] ? __schedule+0xf54/0x1df0 [ 33.356048] print_address_description+0x6c/0x20b [ 33.360889] ? __schedule+0xf54/0x1df0 [ 33.364777] kasan_report.cold.7+0x242/0x30d [ 33.369183] __asan_report_load8_noabort+0x14/0x20 [ 33.374108] __schedule+0xf54/0x1df0 [ 33.377823] ? __sched_text_start+0x8/0x8 [ 33.381968] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 33.387072] ? __call_srcu+0x7e7/0x1040 [ 33.391050] ? check_same_owner+0x340/0x340 [ 33.395364] ? mark_held_locks+0x160/0x160 [ 33.399600] ? find_held_lock+0x36/0x1c0 [ 33.403671] preempt_schedule_common+0x22/0x60 [ 33.408256] _cond_resched+0x1d/0x30 [ 33.411969] wait_for_completion+0xa5/0x8d0 [ 33.416289] ? wait_for_completion_interruptible+0x950/0x950 [ 33.422083] ? __lockdep_init_map+0x105/0x590 [ 33.426583] ? __init_waitqueue_head+0x9e/0x150 [ 33.431263] ? init_wait_entry+0x1c0/0x1c0 [ 33.435501] __synchronize_srcu+0x189/0x240 [ 33.439818] ? call_srcu+0x10/0x10 [ 33.443376] ? rcu_unexpedite_gp+0x20/0x20 [ 33.447615] synchronize_srcu+0x335/0x56f [ 33.451758] ? lock_downgrade+0x8f0/0x8f0 [ 33.455902] ? synchronize_srcu_expedited+0x20/0x20 [ 33.460916] ? kasan_check_read+0x11/0x20 [ 33.465077] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.469664] ? kasan_check_write+0x14/0x20 [ 33.473894] ? do_raw_spin_lock+0xc1/0x200 [ 33.478133] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.483878] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.489327] ? kvfree+0x61/0x70 [ 33.492601] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.497612] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.501676] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.506081] ? kvm_arch_sync_events+0x30/0x30 [ 33.510622] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.516157] ? mmu_notifier_unregister+0x474/0x600 [ 33.521094] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.525508] ? kfree+0x111/0x210 [ 33.528872] ? __mmu_notifier_register+0x30/0x30 [ 33.533626] ? __free_pages+0x10a/0x190 [ 33.537620] ? free_unref_page+0x930/0x930 [ 33.541863] kvm_put_kvm+0x73f/0x1060 [ 33.545675] ? kvm_write_guest_cached+0x40/0x40 [ 33.550349] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.554841] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.559330] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.563912] ? kasan_check_write+0x14/0x20 [ 33.568143] ? do_raw_spin_lock+0xc1/0x200 [ 33.572382] ? kvm_irqfd_release+0xdd/0x120 [ 33.576697] ? kvm_irqfd_release+0xdd/0x120 [ 33.581018] ? kvm_put_kvm+0x1060/0x1060 [ 33.585079] kvm_vm_release+0x42/0x50 [ 33.588874] __fput+0x38a/0xa40 [ 33.592155] ? __alloc_file+0x400/0x400 [ 33.596167] ? check_same_owner+0x340/0x340 [ 33.600520] ? kasan_check_write+0x14/0x20 [ 33.604754] ? do_raw_spin_lock+0xc1/0x200 [ 33.608987] ____fput+0x15/0x20 [ 33.612264] task_work_run+0x1e8/0x2a0 [ 33.616146] ? task_work_cancel+0x240/0x240 [ 33.620471] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.626005] ? switch_task_namespaces+0xa2/0xd0 [ 33.630709] do_exit+0x1ae4/0x26e0 [ 33.634254] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.638926] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.643161] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.648175] ? kfree+0x1d7/0x210 [ 33.651542] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.655775] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.661484] ? is_bpf_text_address+0xd7/0x170 [ 33.665976] ? kernel_text_address+0x79/0xf0 [ 33.670388] ? __kernel_text_address+0xd/0x40 [ 33.674883] ? unwind_get_return_address+0x61/0xa0 [ 33.679809] ? __save_stack_trace+0x8d/0xf0 [ 33.684134] ? save_stack+0xa9/0xd0 [ 33.687755] ? save_stack+0x43/0xd0 [ 33.691380] ? __kasan_slab_free+0x11a/0x170 [ 33.695784] ? kasan_slab_free+0xe/0x10 [ 33.699754] ? putname+0xf2/0x130 [ 33.703208] ? __x64_sys_openat+0x9d/0x100 [ 33.707446] ? do_syscall_64+0x1b9/0x820 [ 33.711510] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.716873] ? trace_hardirqs_off+0xb8/0x2c0 [ 33.721278] ? kasan_check_read+0x11/0x20 [ 33.725424] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.729832] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.734240] ? initcall_blacklisted+0x9a/0x1e0 [ 33.738822] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.743929] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.749642] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.755187] ? do_vfs_ioctl+0x201/0x1720 [ 33.759268] ? rcu_is_watching+0x8c/0x150 [ 33.763410] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.767749] ? ioctl_preallocate+0x300/0x300 [ 33.772168] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.777702] ? __fget_light+0x2f7/0x440 [ 33.781681] ? fget_raw+0x20/0x20 [ 33.785130] ? putname+0xf2/0x130 [ 33.788584] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.793597] ? kmem_cache_free+0x246/0x280 [ 33.797828] ? putname+0xf7/0x130 [ 33.801282] do_group_exit+0x177/0x440 [ 33.805165] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.809485] ? __ia32_sys_exit+0x50/0x50 [ 33.813544] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.818647] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.824186] ? ksys_ioctl+0x81/0xd0 [ 33.827824] __x64_sys_exit_group+0x3e/0x50 [ 33.832148] do_syscall_64+0x1b9/0x820 [ 33.836048] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.841409] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.846334] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.851173] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 33.856187] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.861204] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.866046] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.871226] RIP: 0033:0x43ecc8 [ 33.874428] Code: Bad RIP value. [ 33.877783] RSP: 002b:00007fff72740e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.885490] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 33.892753] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.900021] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.907311] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.914573] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.921840] [ 33.923457] Allocated by task 4289: [ 33.927113] save_stack+0x43/0xd0 [ 33.930558] kasan_kmalloc+0xc4/0xe0 [ 33.934267] kasan_slab_alloc+0x12/0x20 [ 33.938237] kmem_cache_alloc+0x12e/0x710 [ 33.942413] vmx_create_vcpu+0xcf/0x2830 [ 33.946483] kvm_arch_vcpu_create+0xe5/0x220 [ 33.950902] kvm_vm_ioctl+0x488/0x1d80 [ 33.954795] do_vfs_ioctl+0x1de/0x1720 [ 33.958684] ksys_ioctl+0xa9/0xd0 [ 33.962133] __x64_sys_ioctl+0x73/0xb0 [ 33.966015] do_syscall_64+0x1b9/0x820 [ 33.969902] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.975077] [ 33.976696] Freed by task 4289: [ 33.979968] save_stack+0x43/0xd0 [ 33.983414] __kasan_slab_free+0x11a/0x170 [ 33.987642] kasan_slab_free+0xe/0x10 [ 33.991445] kmem_cache_free+0x86/0x280 [ 33.995433] vmx_free_vcpu+0x26b/0x300 [ 33.999314] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.003721] kvm_put_kvm+0x73f/0x1060 [ 34.007517] kvm_vm_release+0x42/0x50 [ 34.011312] __fput+0x38a/0xa40 [ 34.014585] ____fput+0x15/0x20 [ 34.017860] task_work_run+0x1e8/0x2a0 [ 34.021743] do_exit+0x1ae4/0x26e0 [ 34.025277] do_group_exit+0x177/0x440 [ 34.029160] __x64_sys_exit_group+0x3e/0x50 [ 34.033481] do_syscall_64+0x1b9/0x820 [ 34.037368] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.042551] [ 34.044173] The buggy address belongs to the object at ffff8801d0008040 [ 34.044173] which belongs to the cache kvm_vcpu of size 23872 [ 34.056745] The buggy address is located 24 bytes inside of [ 34.056745] 23872-byte region [ffff8801d0008040, ffff8801d000dd80) [ 34.068700] The buggy address belongs to the page: [ 34.073626] page:ffffea0007400200 count:1 mapcount:0 mapping:ffff8801d8004300 index:0x0 compound_mapcount: 0 [ 34.083604] flags: 0x2fffc0000008100(slab|head) [ 34.088275] raw: 02fffc0000008100 ffff8801d6114348 ffff8801d6114348 ffff8801d8004300 [ 34.096155] raw: 0000000000000000 ffff8801d0008040 0000000100000001 0000000000000000 [ 34.104047] page dumped because: kasan: bad access detected [ 34.109746] [ 34.111364] Memory state around the buggy address: [ 34.116294] ffff8801d0007f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.123650] ffff8801d0007f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.131013] >ffff8801d0008000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.138480] ^ [ 34.144704] ffff8801d0008080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.152056] ffff8801d0008100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.159406] ================================================================== [ 34.166757] Kernel panic - not syncing: panic_on_warn set ... [ 34.166757] [ 34.174104] CPU: 0 PID: 4289 Comm: syz-executor109 Tainted: G B 4.19.0-rc2+ #226 [ 34.182915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.192255] Call Trace: [ 34.194854] dump_stack+0x1c9/0x2b4 [ 34.198487] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.203685] ? lock_downgrade+0x8f0/0x8f0 [ 34.207832] ? __schedule+0xf54/0x1df0 [ 34.211721] panic+0x238/0x4e7 [ 34.214913] ? add_taint.cold.5+0x16/0x16 [ 34.219063] ? print_shadow_for_address+0xba/0x116 [ 34.223989] ? trace_hardirqs_off+0xaf/0x2c0 [ 34.228395] ? trace_hardirqs_off+0x77/0x2c0 [ 34.232800] ? __schedule+0xf54/0x1df0 [ 34.236691] kasan_end_report+0x47/0x4f [ 34.240669] kasan_report.cold.7+0x76/0x30d [ 34.244992] __asan_report_load8_noabort+0x14/0x20 [ 34.249918] __schedule+0xf54/0x1df0 [ 34.253630] ? __sched_text_start+0x8/0x8 [ 34.257781] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 34.262889] ? __call_srcu+0x7e7/0x1040 [ 34.266869] ? check_same_owner+0x340/0x340 [ 34.271189] ? mark_held_locks+0x160/0x160 [ 34.275420] ? find_held_lock+0x36/0x1c0 [ 34.279478] preempt_schedule_common+0x22/0x60 [ 34.284056] _cond_resched+0x1d/0x30 [ 34.287886] wait_for_completion+0xa5/0x8d0 [ 34.292189] ? wait_for_completion_interruptible+0x950/0x950 [ 34.298160] ? __lockdep_init_map+0x105/0x590 [ 34.302668] ? __init_waitqueue_head+0x9e/0x150 [ 34.307364] ? init_wait_entry+0x1c0/0x1c0 [ 34.311630] __synchronize_srcu+0x189/0x240 [ 34.315958] ? call_srcu+0x10/0x10 [ 34.319498] ? rcu_unexpedite_gp+0x20/0x20 [ 34.323754] synchronize_srcu+0x335/0x56f [ 34.327902] ? lock_downgrade+0x8f0/0x8f0 [ 34.332047] ? synchronize_srcu_expedited+0x20/0x20 [ 34.337073] ? kasan_check_read+0x11/0x20 [ 34.341220] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.345800] ? kasan_check_write+0x14/0x20 [ 34.350031] ? do_raw_spin_lock+0xc1/0x200 [ 34.354270] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.359981] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.365429] ? kvfree+0x61/0x70 [ 34.368708] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.373724] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.377789] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.382195] ? kvm_arch_sync_events+0x30/0x30 [ 34.386699] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.392236] ? mmu_notifier_unregister+0x474/0x600 [ 34.397162] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.401566] ? kfree+0x111/0x210 [ 34.404932] ? __mmu_notifier_register+0x30/0x30 [ 34.409694] ? __free_pages+0x10a/0x190 [ 34.413675] ? free_unref_page+0x930/0x930 [ 34.417919] kvm_put_kvm+0x73f/0x1060 [ 34.421722] ? kvm_write_guest_cached+0x40/0x40 [ 34.426394] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.430884] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.435376] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.439960] ? kasan_check_write+0x14/0x20 [ 34.444191] ? do_raw_spin_lock+0xc1/0x200 [ 34.448447] ? kvm_irqfd_release+0xdd/0x120 [ 34.452765] ? kvm_irqfd_release+0xdd/0x120 [ 34.457090] ? kvm_put_kvm+0x1060/0x1060 [ 34.461147] kvm_vm_release+0x42/0x50 [ 34.464945] __fput+0x38a/0xa40 [ 34.468235] ? __alloc_file+0x400/0x400 [ 34.472210] ? check_same_owner+0x340/0x340 [ 34.476527] ? kasan_check_write+0x14/0x20 [ 34.480758] ? do_raw_spin_lock+0xc1/0x200 [ 34.484996] ____fput+0x15/0x20 [ 34.488270] task_work_run+0x1e8/0x2a0 [ 34.492157] ? task_work_cancel+0x240/0x240 [ 34.496478] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.502015] ? switch_task_namespaces+0xa2/0xd0 [ 34.506687] do_exit+0x1ae4/0x26e0 [ 34.510227] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.515227] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.519477] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.524488] ? kfree+0x1d7/0x210 [ 34.527853] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.532091] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.537806] ? is_bpf_text_address+0xd7/0x170 [ 34.542310] ? kernel_text_address+0x79/0xf0 [ 34.546714] ? __kernel_text_address+0xd/0x40 [ 34.551210] ? unwind_get_return_address+0x61/0xa0 [ 34.556146] ? __save_stack_trace+0x8d/0xf0 [ 34.560470] ? save_stack+0xa9/0xd0 [ 34.564093] ? save_stack+0x43/0xd0 [ 34.567715] ? __kasan_slab_free+0x11a/0x170 [ 34.572117] ? kasan_slab_free+0xe/0x10 [ 34.576089] ? putname+0xf2/0x130 [ 34.579539] ? __x64_sys_openat+0x9d/0x100 [ 34.583775] ? do_syscall_64+0x1b9/0x820 [ 34.587835] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.593195] ? trace_hardirqs_off+0xb8/0x2c0 [ 34.597599] ? kasan_check_read+0x11/0x20 [ 34.601747] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.606155] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.610561] ? initcall_blacklisted+0x9a/0x1e0 [ 34.615141] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.620245] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.625983] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.631529] ? do_vfs_ioctl+0x201/0x1720 [ 34.635590] ? rcu_is_watching+0x8c/0x150 [ 34.639734] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.644144] ? ioctl_preallocate+0x300/0x300 [ 34.648561] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.654118] ? __fget_light+0x2f7/0x440 [ 34.658093] ? fget_raw+0x20/0x20 [ 34.661542] ? putname+0xf2/0x130 [ 34.664998] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.670020] ? kmem_cache_free+0x246/0x280 [ 34.674251] ? putname+0xf7/0x130 [ 34.677704] do_group_exit+0x177/0x440 [ 34.681589] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.685908] ? __ia32_sys_exit+0x50/0x50 [ 34.689962] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.695068] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.700601] ? ksys_ioctl+0x81/0xd0 [ 34.704231] __x64_sys_exit_group+0x3e/0x50 [ 34.708549] do_syscall_64+0x1b9/0x820 [ 34.712436] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.717827] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.722757] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.727603] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 34.732619] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.737633] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.742483] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.747674] RIP: 0033:0x43ecc8 [ 34.750870] Code: Bad RIP value. [ 34.754226] RSP: 002b:00007fff72740e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.761932] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 34.769196] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.776460] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.783724] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.790986] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.798259] [ 34.798265] ====================================================== [ 34.798270] WARNING: possible circular locking dependency detected [ 34.798274] 4.19.0-rc2+ #226 Not tainted [ 34.798279] ------------------------------------------------------ [ 34.798284] syz-executor109/4289 is trying to acquire lock: [ 34.798288] 00000000284ec0ab ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 34.798302] [ 34.798307] but task is already holding lock: [ 34.798310] 000000008f2752f7 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.798324] [ 34.798328] which lock already depends on the new lock. [ 34.798331] [ 34.798333] [ 34.798338] the existing dependency chain (in reverse order) is: [ 34.798341] [ 34.798343] -> #3 (report_lock){....}: [ 34.798357] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.798361] kasan_report+0x8e/0x110 [ 34.798366] __asan_report_load8_noabort+0x14/0x20 [ 34.798370] __schedule+0xf54/0x1df0 [ 34.798375] preempt_schedule_common+0x22/0x60 [ 34.798378] _cond_resched+0x1d/0x30 [ 34.798383] wait_for_completion+0xa5/0x8d0 [ 34.798387] __synchronize_srcu+0x189/0x240 [ 34.798391] synchronize_srcu+0x335/0x56f [ 34.798396] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.798400] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.798404] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.798408] kvm_put_kvm+0x73f/0x1060 [ 34.798412] kvm_vm_release+0x42/0x50 [ 34.798416] __fput+0x38a/0xa40 [ 34.798419] ____fput+0x15/0x20 [ 34.798423] task_work_run+0x1e8/0x2a0 [ 34.798427] do_exit+0x1ae4/0x26e0 [ 34.798431] do_group_exit+0x177/0x440 [ 34.798435] __x64_sys_exit_group+0x3e/0x50 [ 34.798439] do_syscall_64+0x1b9/0x820 [ 34.798444] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.798446] [ 34.798448] -> #2 (&rq->lock){-.-.}: [ 34.798462] _raw_spin_lock+0x2a/0x40 [ 34.798466] task_fork_fair+0x93/0x680 [ 34.798469] sched_fork+0x44b/0xbd0 [ 34.798473] copy_process+0x235e/0x7af0 [ 34.798477] _do_fork+0x1ca/0x1170 [ 34.798481] kernel_thread+0x34/0x40 [ 34.798484] rest_init+0x22/0xe4 [ 34.798488] start_kernel+0x913/0x94e [ 34.798493] x86_64_start_reservations+0x29/0x2b [ 34.798497] x86_64_start_kernel+0x76/0x79 [ 34.798501] secondary_startup_64+0xa4/0xb0 [ 34.798503] [ 34.798505] -> #1 (&p->pi_lock){-.-.}: [ 34.798520] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.798524] try_to_wake_up+0xd2/0x1250 [ 34.798528] wake_up_process+0x10/0x20 [ 34.798532] __up.isra.1+0x1c0/0x2a0 [ 34.798535] up+0x13c/0x1c0 [ 34.798539] __up_console_sem+0xbe/0x1b0 [ 34.798543] console_unlock+0x506/0x10e0 [ 34.798547] vprintk_emit+0x33a/0x910 [ 34.798551] vprintk_default+0x28/0x30 [ 34.798555] vprintk_func+0x7a/0x117 [ 34.798558] printk+0xa7/0xcf [ 34.798562] load_umh+0x51/0xbd [ 34.798566] do_one_initcall+0x127/0x838 [ 34.798570] kernel_init_freeable+0x4bb/0x5ae [ 34.798574] kernel_init+0x11/0x1b3 [ 34.798577] ret_from_fork+0x3a/0x50 [ 34.798579] [ 34.798582] -> #0 ((console_sem).lock){-...}: [ 34.798596] lock_acquire+0x1e4/0x4f0 [ 34.798601] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.798604] down_trylock+0x13/0x70 [ 34.798609] __down_trylock_console_sem+0xae/0x200 [ 34.798613] console_trylock+0x15/0xa0 [ 34.798617] vprintk_emit+0x31f/0x910 [ 34.798620] vprintk_default+0x28/0x30 [ 34.798624] vprintk_func+0x7a/0x117 [ 34.798628] printk+0xa7/0xcf [ 34.798632] kasan_report+0x9e/0x110 [ 34.798636] __asan_report_load8_noabort+0x14/0x20 [ 34.798640] __schedule+0xf54/0x1df0 [ 34.798644] preempt_schedule_common+0x22/0x60 [ 34.798648] _cond_resched+0x1d/0x30 [ 34.798652] wait_for_completion+0xa5/0x8d0 [ 34.798665] __synchronize_srcu+0x189/0x240 [ 34.798669] synchronize_srcu+0x335/0x56f [ 34.798674] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.798678] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.798682] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.798686] kvm_put_kvm+0x73f/0x1060 [ 34.798690] kvm_vm_release+0x42/0x50 [ 34.798694] __fput+0x38a/0xa40 [ 34.798697] ____fput+0x15/0x20 [ 34.798701] task_work_run+0x1e8/0x2a0 [ 34.798705] do_exit+0x1ae4/0x26e0 [ 34.798709] do_group_exit+0x177/0x440 [ 34.798713] __x64_sys_exit_group+0x3e/0x50 [ 34.798717] do_syscall_64+0x1b9/0x820 [ 34.798721] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.798724] [ 34.798728] other info that might help us debug this: [ 34.798730] [ 34.798733] Chain exists of: [ 34.798735] (console_sem).lock --> &rq->lock --> report_lock [ 34.798753] [ 34.798757] Possible unsafe locking scenario: [ 34.798760] [ 34.798764] CPU0 CPU1 [ 34.798773] ---- ---- [ 34.798776] lock(report_lock); [ 34.798785] lock(&rq->lock); [ 34.798794] lock(report_lock); [ 34.798802] lock((console_sem).lock); [ 34.798810] [ 34.798814] *** DEADLOCK *** [ 34.798816] [ 34.798820] 2 locks held by syz-executor109/4289: [ 34.798822] #0: 00000000593149c6 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 34.798839] #1: 000000008f2752f7 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.798856] [ 34.798860] stack backtrace: [ 34.798866] CPU: 0 PID: 4289 Comm: syz-executor109 Not tainted 4.19.0-rc2+ #226 [ 34.798873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.798876] Call Trace: [ 34.798880] dump_stack+0x1c9/0x2b4 [ 34.798884] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.798888] ? vprintk_func+0x100/0x117 [ 34.798893] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 34.798897] ? save_trace+0xe0/0x290 [ 34.798901] __lock_acquire+0x3449/0x5020 [ 34.798906] ? mark_held_locks+0x160/0x160 [ 34.798910] ? mark_held_locks+0x160/0x160 [ 34.798914] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.798919] ? is_bpf_text_address+0xd7/0x170 [ 34.798923] ? kernel_text_address+0x79/0xf0 [ 34.798927] ? __kernel_text_address+0xd/0x40 [ 34.798932] ? __save_stack_trace+0x8d/0xf0 [ 34.798936] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 34.798940] ? save_trace+0x290/0x290 [ 34.798944] ? save_stack_trace+0x1a/0x20 [ 34.798948] ? save_trace+0xe0/0x290 [ 34.798952] ? graph_lock+0x170/0x170 [ 34.798957] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.798961] lock_acquire+0x1e4/0x4f0 [ 34.798965] ? down_trylock+0x13/0x70 [ 34.798969] ? lock_release+0x9f0/0x9f0 [ 34.798973] ? trace_hardirqs_off+0xb8/0x2c0 [ 34.798977] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.798982] ? trace_hardirqs_off+0xb8/0x2c0 [ 34.798985] ? log_store+0x34f/0x4c0 [ 34.798990] ? vprintk_emit+0x31f/0x910 [ 34.798994] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.798998] ? down_trylock+0x13/0x70 [ 34.799001] down_trylock+0x13/0x70 [ 34.799006] __down_trylock_console_sem+0xae/0x200 [ 34.799010] console_trylock+0x15/0xa0 [ 34.799013] vprintk_emit+0x31f/0x910 [ 34.799017] ? wake_up_klogd+0x110/0x110 [ 34.799022] ? run_rebalance_domains+0x4c0/0x4c0 [ 34.799026] ? kasan_check_read+0x11/0x20 [ 34.799030] ? rcu_is_watching+0x8c/0x150 [ 34.799034] ? rcu_pm_notify+0xc0/0xc0 [ 34.799038] ? lock_acquire+0x1e4/0x4f0 [ 34.799042] ? kasan_report+0x8e/0x110 [ 34.799046] ? __schedule+0xf54/0x1df0 [ 34.799049] vprintk_default+0x28/0x30 [ 34.799053] vprintk_func+0x7a/0x117 [ 34.799057] printk+0xa7/0xcf [ 34.799061] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.799065] ? kasan_check_write+0x14/0x20 [ 34.799069] ? do_raw_spin_lock+0xc1/0x200 [ 34.799073] ? do_raw_spin_lock+0xc1/0x200 [ 34.799077] kasan_report+0x9e/0x110 [ 34.799082] __asan_report_load8_noabort+0x14/0x20 [ 34.799085] __schedule+0xf54/0x1df0 [ 34.799090] ? __sched_text_start+0x8/0x8 [ 34.799094] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 34.799098] ? __call_srcu+0x7e7/0x1040 [ 34.799102] ? check_same_owner+0x340/0x340 [ 34.799106] ? mark_held_locks+0x160/0x160 [ 34.799110] ? find_held_lock+0x36/0x1c0 [ 34.799115] preempt_schedule_common+0x22/0x60 [ 34.799119] _cond_resched+0x1d/0x30 [ 34.799123] wait_for_completion+0xa5/0x8d0 [ 34.799128] ? wait_for_completion_interruptible+0x950/0x950 [ 34.799132] ? __lockdep_init_map+0x105/0x590 [ 34.799137] ? __init_waitqueue_head+0x9e/0x150 [ 34.799141] ? init_wait_entry+0x1c0/0x1c0 [ 34.799145] __synchronize_srcu+0x189/0x240 [ 34.799149] ? call_srcu+0x10/0x10 [ 34.799153] ? rcu_unexpedite_gp+0x20/0x20 [ 34.799157] synchronize_srcu+0x335/0x56f [ 34.799161] ? lock_downgrade+0x8f0/0x8f0 [ 34.799166] ? synchronize_srcu_expedited+0x20/0x20 [ 34.799170] ? kasan_check_read+0x11/0x20 [ 34.799174] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.799178] ? kasan_check_write+0x14/0x20 [ 34.799183] ? do_raw_spin_lock+0xc1/0x200 [ 34.799188] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.799193] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.799196] ? kvfree+0x61/0x70 [ 34.799201] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.799205] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.799209] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.799214] ? kvm_arch_sync_events+0x30/0x30 [ 34.799219] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.799223] ? mmu_notifier_unregister+0x474/0x600 [ 34.799227] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.799231] ? kfree+0x111/0x210 [ 34.799236] ? __mmu_notifier_register+0x30/0x30 [ 34.799240] ? __free_pages+0x10a/0x190 [ 34.799244] ? free_unref_page+0x930/0x930 [ 34.799248] kvm_put_kvm+0x73f/0x1060 [ 34.799252] ? kvm_write_guest_cached+0x40/0x40 [ 34.799256] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.799260] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.799265] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.799269] ? kasan_check_write+0x14/0x20 [ 34.799274] ? do_raw_spin_lock+0xc1/0x200 [ 34.799278] ? kvm_irqfd_release+0xdd/0x120 [ 34.799282] ? kvm_irqfd_release+0xdd/0x120 [ 34.799286] ? kvm_put_kvm+0x1060/0x1060 [ 34.799290] kvm_vm_release+0x42/0x50 [ 34.799293] __fput+0x38a/0xa40 [ 34.799297] ? __alloc_file+0x400/0x400 [ 34.799301] ? check_same_owner+0x340/0x340 [ 34.799305] ? kasan_check_write+0x14/0x20 [ 34.799310] ? do_raw_spin_lock+0xc1/0x200 [ 34.799313] ____fput+0x15/0x20 [ 34.799317] task_work_run+0x1e8/0x2a0 [ 34.799321] ? task_work_cancel+0x240/0x240 [ 34.799326] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.799330] ? switch_task_namespaces+0xa2/0xd0 [ 34.799334] do_exit+0x1ae4/0x26e0 [ 34.799338] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.799342] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.799347] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.799351] ? kfree+0x1d7/0x210 [ 34.799355] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.799360] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.799364] ? is_bpf_text_address+0xd7/0x170 [ 34.799366] ? [ 34.799374] Lost 54 message(s)! [ 35.865961] Shutting down cpus with NMI [ 36.925981] Dumping ftrace buffer: [ 36.929506] (ftrace buffer empty) [ 36.933195] Kernel Offset: disabled [ 36.936802] Rebooting in 86400 seconds..