[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.571569] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.714865] random: sshd: uninitialized urandom read (32 bytes read) [ 26.003241] random: sshd: uninitialized urandom read (32 bytes read) [ 26.555865] random: sshd: uninitialized urandom read (32 bytes read) [ 26.741476] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts. [ 32.388421] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 32.486242] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 32.510939] ================================================================== [ 32.520775] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 32.527004] Read of size 8 at addr ffff8801c9730058 by task syz-executor644/4652 [ 32.534521] [ 32.536152] CPU: 1 PID: 4652 Comm: syz-executor644 Not tainted 4.19.0-rc2+ #220 [ 32.543588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.552933] Call Trace: [ 32.555521] dump_stack+0x1c9/0x2b4 [ 32.559146] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.564335] ? printk+0xa7/0xcf [ 32.567615] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.572378] ? __schedule+0xf54/0x1df0 [ 32.576268] print_address_description+0x6c/0x20b [ 32.581107] ? __schedule+0xf54/0x1df0 [ 32.584995] kasan_report.cold.7+0x242/0x30d [ 32.589402] __asan_report_load8_noabort+0x14/0x20 [ 32.594329] __schedule+0xf54/0x1df0 [ 32.598037] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.603148] ? __sched_text_start+0x8/0x8 [ 32.607294] ? __call_srcu+0x7e7/0x1040 [ 32.611271] ? check_same_owner+0x340/0x340 [ 32.615587] ? mark_held_locks+0x160/0x160 [ 32.619817] ? find_held_lock+0x36/0x1c0 [ 32.623882] preempt_schedule_common+0x22/0x60 [ 32.628464] _cond_resched+0x1d/0x30 [ 32.632180] wait_for_completion+0xa5/0x8d0 [ 32.636506] ? wait_for_completion_interruptible+0x950/0x950 [ 32.642303] ? __lockdep_init_map+0x105/0x590 [ 32.646799] ? __init_waitqueue_head+0x9e/0x150 [ 32.651468] ? init_wait_entry+0x1c0/0x1c0 [ 32.655708] __synchronize_srcu+0x189/0x240 [ 32.660025] ? call_srcu+0x10/0x10 [ 32.663571] ? rcu_unexpedite_gp+0x20/0x20 [ 32.667815] synchronize_srcu+0x335/0x56f [ 32.671960] ? lock_downgrade+0x8f0/0x8f0 [ 32.676103] ? synchronize_srcu_expedited+0x20/0x20 [ 32.681121] ? kasan_check_read+0x11/0x20 [ 32.685269] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.689848] ? kasan_check_write+0x14/0x20 [ 32.694083] ? do_raw_spin_lock+0xc1/0x200 [ 32.698322] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.704035] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.709488] ? kvfree+0x61/0x70 [ 32.712771] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.717788] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.721847] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.726257] ? kvm_arch_sync_events+0x30/0x30 [ 32.730754] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.736290] ? mmu_notifier_unregister+0x474/0x600 [ 32.741216] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.745621] ? kfree+0x111/0x210 [ 32.748994] ? __mmu_notifier_register+0x30/0x30 [ 32.753753] ? __free_pages+0x10a/0x190 [ 32.757725] ? free_unref_page+0x930/0x930 [ 32.761968] kvm_put_kvm+0x73f/0x1060 [ 32.765771] ? kvm_write_guest_cached+0x40/0x40 [ 32.770442] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.774935] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.779429] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.784014] ? kasan_check_write+0x14/0x20 [ 32.788251] ? do_raw_spin_lock+0xc1/0x200 [ 32.792488] ? kvm_irqfd_release+0xdd/0x120 [ 32.796807] ? kvm_irqfd_release+0xdd/0x120 [ 32.801126] ? kvm_put_kvm+0x1060/0x1060 [ 32.805187] kvm_vm_release+0x42/0x50 [ 32.808982] __fput+0x38a/0xa40 [ 32.812260] ? __alloc_file+0x400/0x400 [ 32.816240] ? check_same_owner+0x340/0x340 [ 32.820557] ? kasan_check_write+0x14/0x20 [ 32.824791] ? do_raw_spin_lock+0xc1/0x200 [ 32.829020] ____fput+0x15/0x20 [ 32.832297] task_work_run+0x1e8/0x2a0 [ 32.836186] ? task_work_cancel+0x240/0x240 [ 32.840507] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.846040] ? switch_task_namespaces+0xa2/0xd0 [ 32.850713] do_exit+0x1ae4/0x26e0 [ 32.854253] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.858927] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.863163] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.868176] ? kfree+0x1d7/0x210 [ 32.871541] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.875793] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.881501] ? is_bpf_text_address+0xd7/0x170 [ 32.885991] ? kernel_text_address+0x79/0xf0 [ 32.890393] ? __kernel_text_address+0xd/0x40 [ 32.894902] ? unwind_get_return_address+0x61/0xa0 [ 32.899849] ? __save_stack_trace+0x8d/0xf0 [ 32.904176] ? save_stack+0xa9/0xd0 [ 32.907799] ? save_stack+0x43/0xd0 [ 32.911423] ? __kasan_slab_free+0x11a/0x170 [ 32.915829] ? kasan_slab_free+0xe/0x10 [ 32.919799] ? putname+0xf2/0x130 [ 32.923253] ? __x64_sys_openat+0x9d/0x100 [ 32.927484] ? do_syscall_64+0x1b9/0x820 [ 32.931558] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.936922] ? trace_hardirqs_off+0xb8/0x2b0 [ 32.941328] ? kasan_check_read+0x11/0x20 [ 32.945513] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.949920] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.954326] ? initcall_blacklisted+0x9a/0x1e0 [ 32.958907] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.964014] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.969724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.975261] ? do_vfs_ioctl+0x201/0x1720 [ 32.979322] ? rcu_is_watching+0x8c/0x150 [ 32.983468] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.987823] ? ioctl_preallocate+0x300/0x300 [ 32.992246] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.997780] ? __fget_light+0x2f7/0x440 [ 33.001771] ? fget_raw+0x20/0x20 [ 33.005233] ? putname+0xf2/0x130 [ 33.008685] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.013703] ? kmem_cache_free+0x246/0x280 [ 33.017939] ? putname+0xf7/0x130 [ 33.021399] do_group_exit+0x177/0x440 [ 33.025287] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.029607] ? __ia32_sys_exit+0x50/0x50 [ 33.033674] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.038780] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.044317] ? ksys_ioctl+0x81/0xd0 [ 33.047946] __x64_sys_exit_group+0x3e/0x50 [ 33.052269] do_syscall_64+0x1b9/0x820 [ 33.056157] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.061520] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.066451] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.071293] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.076349] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.081362] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.086237] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.091422] RIP: 0033:0x43ecc8 [ 33.094658] Code: Bad RIP value. [ 33.098015] RSP: 002b:00007ffda616c418 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.105724] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 33.112990] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.120254] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.127516] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.134780] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.142049] [ 33.143678] Allocated by task 4652: [ 33.147308] save_stack+0x43/0xd0 [ 33.150760] kasan_kmalloc+0xc4/0xe0 [ 33.154470] kasan_slab_alloc+0x12/0x20 [ 33.158441] kmem_cache_alloc+0x12e/0x710 [ 33.162585] vmx_create_vcpu+0xcf/0x2830 [ 33.166669] kvm_arch_vcpu_create+0xe5/0x220 [ 33.171091] kvm_vm_ioctl+0x488/0x1d80 [ 33.174975] do_vfs_ioctl+0x1de/0x1720 [ 33.178858] ksys_ioctl+0xa9/0xd0 [ 33.182308] __x64_sys_ioctl+0x73/0xb0 [ 33.186194] do_syscall_64+0x1b9/0x820 [ 33.190082] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.195260] [ 33.196878] Freed by task 4652: [ 33.200154] save_stack+0x43/0xd0 [ 33.203604] __kasan_slab_free+0x11a/0x170 [ 33.207840] kasan_slab_free+0xe/0x10 [ 33.211642] kmem_cache_free+0x86/0x280 [ 33.215612] vmx_free_vcpu+0x26b/0x300 [ 33.219502] kvm_arch_destroy_vm+0x365/0x7c0 [ 33.223906] kvm_put_kvm+0x73f/0x1060 [ 33.227702] kvm_vm_release+0x42/0x50 [ 33.231529] __fput+0x38a/0xa40 [ 33.234817] ____fput+0x15/0x20 [ 33.238095] task_work_run+0x1e8/0x2a0 [ 33.241979] do_exit+0x1ae4/0x26e0 [ 33.245514] do_group_exit+0x177/0x440 [ 33.249393] __x64_sys_exit_group+0x3e/0x50 [ 33.253712] do_syscall_64+0x1b9/0x820 [ 33.257597] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.262817] [ 33.264438] The buggy address belongs to the object at ffff8801c9730040 [ 33.264438] which belongs to the cache kvm_vcpu of size 23872 [ 33.277006] The buggy address is located 24 bytes inside of [ 33.277006] 23872-byte region [ffff8801c9730040, ffff8801c9735d80) [ 33.288956] The buggy address belongs to the page: [ 33.293884] page:ffffea000725cc00 count:1 mapcount:0 mapping:ffff8801d530dd80 index:0x0 compound_mapcount: 0 [ 33.304370] flags: 0x2fffc0000008100(slab|head) [ 33.309043] raw: 02fffc0000008100 ffff8801d5305948 ffff8801d5305948 ffff8801d530dd80 [ 33.316928] raw: 0000000000000000 ffff8801c9730040 0000000100000001 0000000000000000 [ 33.324798] page dumped because: kasan: bad access detected [ 33.330509] [ 33.332140] Memory state around the buggy address: [ 33.337070] ffff8801c972ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.344431] ffff8801c972ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.351786] >ffff8801c9730000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 33.359132] ^ [ 33.365359] ffff8801c9730080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.372713] ffff8801c9730100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.380064] ================================================================== [ 33.387417] Kernel panic - not syncing: panic_on_warn set ... [ 33.387417] [ 33.394790] CPU: 1 PID: 4652 Comm: syz-executor644 Tainted: G B 4.19.0-rc2+ #220 [ 33.403621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.412973] Call Trace: [ 33.415574] dump_stack+0x1c9/0x2b4 [ 33.419206] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.424395] ? lock_downgrade+0x8f0/0x8f0 [ 33.428547] ? __schedule+0xf54/0x1df0 [ 33.432437] panic+0x238/0x4e7 [ 33.435625] ? add_taint.cold.5+0x16/0x16 [ 33.439784] ? print_shadow_for_address+0xba/0x116 [ 33.444709] ? trace_hardirqs_off+0xaf/0x2b0 [ 33.449111] ? trace_hardirqs_off+0x77/0x2b0 [ 33.453539] ? __schedule+0xf54/0x1df0 [ 33.457456] kasan_end_report+0x47/0x4f [ 33.461431] kasan_report.cold.7+0x76/0x30d [ 33.465757] __asan_report_load8_noabort+0x14/0x20 [ 33.470693] __schedule+0xf54/0x1df0 [ 33.474411] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.479615] ? __sched_text_start+0x8/0x8 [ 33.483785] ? __call_srcu+0x7e7/0x1040 [ 33.487770] ? check_same_owner+0x340/0x340 [ 33.492097] ? mark_held_locks+0x160/0x160 [ 33.496332] ? find_held_lock+0x36/0x1c0 [ 33.500402] preempt_schedule_common+0x22/0x60 [ 33.505005] _cond_resched+0x1d/0x30 [ 33.508724] wait_for_completion+0xa5/0x8d0 [ 33.513047] ? wait_for_completion_interruptible+0x950/0x950 [ 33.518857] ? __lockdep_init_map+0x105/0x590 [ 33.523353] ? __init_waitqueue_head+0x9e/0x150 [ 33.528022] ? init_wait_entry+0x1c0/0x1c0 [ 33.532264] __synchronize_srcu+0x189/0x240 [ 33.536581] ? call_srcu+0x10/0x10 [ 33.540124] ? rcu_unexpedite_gp+0x20/0x20 [ 33.544369] synchronize_srcu+0x335/0x56f [ 33.548519] ? lock_downgrade+0x8f0/0x8f0 [ 33.552672] ? synchronize_srcu_expedited+0x20/0x20 [ 33.557699] ? kasan_check_read+0x11/0x20 [ 33.561856] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.566441] ? kasan_check_write+0x14/0x20 [ 33.570671] ? do_raw_spin_lock+0xc1/0x200 [ 33.574907] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.580706] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.586156] ? kvfree+0x61/0x70 [ 33.589435] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.594454] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.598514] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.602921] ? kvm_arch_sync_events+0x30/0x30 [ 33.607419] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.612960] ? mmu_notifier_unregister+0x474/0x600 [ 33.617889] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.622295] ? kfree+0x111/0x210 [ 33.625671] ? __mmu_notifier_register+0x30/0x30 [ 33.630434] ? __free_pages+0x10a/0x190 [ 33.634422] ? free_unref_page+0x930/0x930 [ 33.638669] kvm_put_kvm+0x73f/0x1060 [ 33.642477] ? kvm_write_guest_cached+0x40/0x40 [ 33.647148] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.651652] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.656152] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.660743] ? kasan_check_write+0x14/0x20 [ 33.664981] ? do_raw_spin_lock+0xc1/0x200 [ 33.669221] ? kvm_irqfd_release+0xdd/0x120 [ 33.673539] ? kvm_irqfd_release+0xdd/0x120 [ 33.677860] ? kvm_put_kvm+0x1060/0x1060 [ 33.681924] kvm_vm_release+0x42/0x50 [ 33.685728] __fput+0x38a/0xa40 [ 33.689007] ? __alloc_file+0x400/0x400 [ 33.692988] ? check_same_owner+0x340/0x340 [ 33.697308] ? kasan_check_write+0x14/0x20 [ 33.701541] ? do_raw_spin_lock+0xc1/0x200 [ 33.705779] ____fput+0x15/0x20 [ 33.709065] task_work_run+0x1e8/0x2a0 [ 33.712956] ? task_work_cancel+0x240/0x240 [ 33.717280] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.722816] ? switch_task_namespaces+0xa2/0xd0 [ 33.727484] do_exit+0x1ae4/0x26e0 [ 33.731031] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.735710] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.739949] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.744963] ? kfree+0x1d7/0x210 [ 33.748330] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.752568] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.758282] ? is_bpf_text_address+0xd7/0x170 [ 33.762779] ? kernel_text_address+0x79/0xf0 [ 33.767190] ? __kernel_text_address+0xd/0x40 [ 33.771688] ? unwind_get_return_address+0x61/0xa0 [ 33.776621] ? __save_stack_trace+0x8d/0xf0 [ 33.780957] ? save_stack+0xa9/0xd0 [ 33.784583] ? save_stack+0x43/0xd0 [ 33.788207] ? __kasan_slab_free+0x11a/0x170 [ 33.792612] ? kasan_slab_free+0xe/0x10 [ 33.796596] ? putname+0xf2/0x130 [ 33.800046] ? __x64_sys_openat+0x9d/0x100 [ 33.804287] ? do_syscall_64+0x1b9/0x820 [ 33.808347] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.813714] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.818120] ? kasan_check_read+0x11/0x20 [ 33.822266] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.826675] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.831097] ? initcall_blacklisted+0x9a/0x1e0 [ 33.835701] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.840809] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.846523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.852065] ? do_vfs_ioctl+0x201/0x1720 [ 33.856131] ? rcu_is_watching+0x8c/0x150 [ 33.860277] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.864600] ? ioctl_preallocate+0x300/0x300 [ 33.869009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.874545] ? __fget_light+0x2f7/0x440 [ 33.878518] ? fget_raw+0x20/0x20 [ 33.881976] ? putname+0xf2/0x130 [ 33.885436] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.890451] ? kmem_cache_free+0x246/0x280 [ 33.894688] ? putname+0xf7/0x130 [ 33.898142] do_group_exit+0x177/0x440 [ 33.902031] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.906356] ? __ia32_sys_exit+0x50/0x50 [ 33.910416] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.915522] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.921064] ? ksys_ioctl+0x81/0xd0 [ 33.924697] __x64_sys_exit_group+0x3e/0x50 [ 33.929020] do_syscall_64+0x1b9/0x820 [ 33.932907] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.938284] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.943216] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.948062] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.953081] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.958100] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.962943] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.968127] RIP: 0033:0x43ecc8 [ 33.971324] Code: Bad RIP value. [ 33.974695] RSP: 002b:00007ffda616c418 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.982398] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 33.989667] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.996929] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.004191] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.011454] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.018736] [ 34.018742] ====================================================== [ 34.018747] WARNING: possible circular locking dependency detected [ 34.018751] 4.19.0-rc2+ #220 Not tainted [ 34.018756] ------------------------------------------------------ [ 34.018761] syz-executor644/4652 is trying to acquire lock: [ 34.018765] 00000000cc66cbf3 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 34.018780] [ 34.018784] but task is already holding lock: [ 34.018788] 000000005e4a2251 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.018802] [ 34.018807] which lock already depends on the new lock. [ 34.018809] [ 34.018811] [ 34.018816] the existing dependency chain (in reverse order) is: [ 34.018819] [ 34.018821] -> #3 (report_lock){....}: [ 34.018836] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.018840] kasan_report+0x8e/0x110 [ 34.018844] __asan_report_load8_noabort+0x14/0x20 [ 34.018848] __schedule+0xf54/0x1df0 [ 34.018852] preempt_schedule_common+0x22/0x60 [ 34.018856] _cond_resched+0x1d/0x30 [ 34.018861] wait_for_completion+0xa5/0x8d0 [ 34.018865] __synchronize_srcu+0x189/0x240 [ 34.018869] synchronize_srcu+0x335/0x56f [ 34.018874] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.018878] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.018882] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.018886] kvm_put_kvm+0x73f/0x1060 [ 34.018890] kvm_vm_release+0x42/0x50 [ 34.018894] __fput+0x38a/0xa40 [ 34.018897] ____fput+0x15/0x20 [ 34.018901] task_work_run+0x1e8/0x2a0 [ 34.018905] do_exit+0x1ae4/0x26e0 [ 34.018909] do_group_exit+0x177/0x440 [ 34.018913] __x64_sys_exit_group+0x3e/0x50 [ 34.018917] do_syscall_64+0x1b9/0x820 [ 34.018922] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.018924] [ 34.018926] -> #2 (&rq->lock){-.-.}: [ 34.018940] _raw_spin_lock+0x2a/0x40 [ 34.018944] task_fork_fair+0x93/0x680 [ 34.018948] sched_fork+0x44b/0xbd0 [ 34.018952] copy_process+0x235e/0x7ad0 [ 34.018955] _do_fork+0x1ca/0x1170 [ 34.018959] kernel_thread+0x34/0x40 [ 34.018963] rest_init+0x22/0xe4 [ 34.018966] start_kernel+0x913/0x94e [ 34.018971] x86_64_start_reservations+0x29/0x2b [ 34.018975] x86_64_start_kernel+0x76/0x79 [ 34.018979] secondary_startup_64+0xa4/0xb0 [ 34.018981] [ 34.018983] -> #1 (&p->pi_lock){-.-.}: [ 34.018998] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.019002] try_to_wake_up+0xd2/0x1250 [ 34.019006] wake_up_process+0x10/0x20 [ 34.019010] __up.isra.1+0x1c0/0x2a0 [ 34.019013] up+0x13c/0x1c0 [ 34.019017] __up_console_sem+0xbe/0x1b0 [ 34.019021] console_unlock+0x506/0x10d0 [ 34.019025] vprintk_emit+0x33a/0x910 [ 34.019028] vprintk_default+0x28/0x30 [ 34.019032] vprintk_func+0x7a/0x117 [ 34.019036] printk+0xa7/0xcf [ 34.019039] load_umh+0x51/0xbd [ 34.019043] do_one_initcall+0x127/0x838 [ 34.019047] kernel_init_freeable+0x4bb/0x5ae [ 34.019051] kernel_init+0x11/0x1b3 [ 34.019061] ret_from_fork+0x3a/0x50 [ 34.019064] [ 34.019066] -> #0 ((console_sem).lock){-...}: [ 34.019081] lock_acquire+0x1e4/0x4f0 [ 34.019085] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.019089] down_trylock+0x13/0x70 [ 34.019093] __down_trylock_console_sem+0xae/0x200 [ 34.019097] console_trylock+0x15/0xa0 [ 34.019101] vprintk_emit+0x31f/0x910 [ 34.019105] vprintk_default+0x28/0x30 [ 34.019109] vprintk_func+0x7a/0x117 [ 34.019112] printk+0xa7/0xcf [ 34.019116] kasan_report+0x9e/0x110 [ 34.019121] __asan_report_load8_noabort+0x14/0x20 [ 34.019124] __schedule+0xf54/0x1df0 [ 34.019129] preempt_schedule_common+0x22/0x60 [ 34.019132] _cond_resched+0x1d/0x30 [ 34.019137] wait_for_completion+0xa5/0x8d0 [ 34.019141] __synchronize_srcu+0x189/0x240 [ 34.019145] synchronize_srcu+0x335/0x56f [ 34.019150] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.019154] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.019158] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.019162] kvm_put_kvm+0x73f/0x1060 [ 34.019166] kvm_vm_release+0x42/0x50 [ 34.019169] __fput+0x38a/0xa40 [ 34.019173] ____fput+0x15/0x20 [ 34.019177] task_work_run+0x1e8/0x2a0 [ 34.019181] do_exit+0x1ae4/0x26e0 [ 34.019185] do_group_exit+0x177/0x440 [ 34.019189] __x64_sys_exit_group+0x3e/0x50 [ 34.019193] do_syscall_64+0x1b9/0x820 [ 34.019198] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.019200] [ 34.019204] other info that might help us debug this: [ 34.019207] [ 34.019210] Chain exists of: [ 34.019212] (console_sem).lock --> &rq->lock --> report_lock [ 34.019230] [ 34.019234] Possible unsafe locking scenario: [ 34.019236] [ 34.019240] CPU0 CPU1 [ 34.019244] ---- ---- [ 34.019247] lock(report_lock); [ 34.019256] lock(&rq->lock); [ 34.019266] lock(report_lock); [ 34.019274] lock((console_sem).lock); [ 34.019282] [ 34.019285] *** DEADLOCK *** [ 34.019287] [ 34.019291] 2 locks held by syz-executor644/4652: [ 34.019294] #0: 00000000cfad259c (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 34.019311] #1: 000000005e4a2251 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.019327] [ 34.019330] stack backtrace: [ 34.019337] CPU: 1 PID: 4652 Comm: syz-executor644 Not tainted 4.19.0-rc2+ #220 [ 34.019344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.019347] Call Trace: [ 34.019350] dump_stack+0x1c9/0x2b4 [ 34.019355] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.019359] ? vprintk_func+0x100/0x117 [ 34.019364] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 34.019368] ? save_trace+0xe0/0x290 [ 34.019372] __lock_acquire+0x3449/0x5020 [ 34.019376] ? mark_held_locks+0x160/0x160 [ 34.019380] ? mark_held_locks+0x160/0x160 [ 34.019385] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.019389] ? is_bpf_text_address+0xd7/0x170 [ 34.019393] ? kernel_text_address+0x79/0xf0 [ 34.019397] ? __kernel_text_address+0xd/0x40 [ 34.019401] ? __save_stack_trace+0x8d/0xf0 [ 34.019406] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 34.019410] ? save_trace+0x290/0x290 [ 34.019414] ? save_stack_trace+0x1a/0x20 [ 34.019417] ? save_trace+0xe0/0x290 [ 34.019421] ? graph_lock+0x170/0x170 [ 34.019426] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.019430] lock_acquire+0x1e4/0x4f0 [ 34.019434] ? down_trylock+0x13/0x70 [ 34.019438] ? lock_release+0x9f0/0x9f0 [ 34.019442] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.019446] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.019450] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.019454] ? log_store+0x34f/0x4c0 [ 34.019458] ? vprintk_emit+0x31f/0x910 [ 34.019462] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.019466] ? down_trylock+0x13/0x70 [ 34.019470] down_trylock+0x13/0x70 [ 34.019474] __down_trylock_console_sem+0xae/0x200 [ 34.019478] console_trylock+0x15/0xa0 [ 34.019482] vprintk_emit+0x31f/0x910 [ 34.019486] ? wake_up_klogd+0x110/0x110 [ 34.019490] ? run_rebalance_domains+0x4c0/0x4c0 [ 34.019494] ? kasan_check_read+0x11/0x20 [ 34.019498] ? rcu_is_watching+0x8c/0x150 [ 34.019502] ? rcu_pm_notify+0xc0/0xc0 [ 34.019506] ? lock_acquire+0x1e4/0x4f0 [ 34.019510] ? kasan_report+0x8e/0x110 [ 34.019514] ? __schedule+0xf54/0x1df0 [ 34.019518] vprintk_default+0x28/0x30 [ 34.019521] vprintk_func+0x7a/0x117 [ 34.019525] printk+0xa7/0xcf [ 34.019529] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.019533] ? kasan_check_write+0x14/0x20 [ 34.019537] ? do_raw_spin_lock+0xc1/0x200 [ 34.019541] ? do_raw_spin_lock+0xc1/0x200 [ 34.019545] kasan_report+0x9e/0x110 [ 34.019549] __asan_report_load8_noabort+0x14/0x20 [ 34.019553] __schedule+0xf54/0x1df0 [ 34.019558] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.019563] ? __sched_text_start+0x8/0x8 [ 34.019566] ? __call_srcu+0x7e7/0x1040 [ 34.019571] ? check_same_owner+0x340/0x340 [ 34.019575] ? mark_held_locks+0x160/0x160 [ 34.019579] ? find_held_lock+0x36/0x1c0 [ 34.019583] preempt_schedule_common+0x22/0x60 [ 34.019587] _cond_resched+0x1d/0x30 [ 34.019591] wait_for_completion+0xa5/0x8d0 [ 34.019596] ? wait_for_completion_interruptible+0x950/0x950 [ 34.019600] ? __lockdep_init_map+0x105/0x590 [ 34.019604] ? __init_waitqueue_head+0x9e/0x150 [ 34.019608] ? init_wait_entry+0x1c0/0x1c0 [ 34.019612] __synchronize_srcu+0x189/0x240 [ 34.019616] ? call_srcu+0x10/0x10 [ 34.019620] ? rcu_unexpedite_gp+0x20/0x20 [ 34.019624] synchronize_srcu+0x335/0x56f [ 34.019628] ? lock_downgrade+0x8f0/0x8f0 [ 34.019641] ? synchronize_srcu_expedited+0x20/0x20 [ 34.019645] ? kasan_check_read+0x11/0x20 [ 34.019649] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.019654] ? kasan_check_write+0x14/0x20 [ 34.019658] ? do_raw_spin_lock+0xc1/0x200 [ 34.019663] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.019668] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.019671] ? kvfree+0x61/0x70 [ 34.019676] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.019680] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.019684] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.019688] ? kvm_arch_sync_events+0x30/0x30 [ 34.019694] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.019698] ? mmu_notifier_unregister+0x474/0x600 [ 34.019702] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.019706] ? kfree+0x111/0x210 [ 34.019710] ? __mmu_notifier_register+0x30/0x30 [ 34.019714] ? __free_pages+0x10a/0x190 [ 34.019718] ? free_unref_page+0x930/0x930 [ 34.019722] kvm_put_kvm+0x73f/0x1060 [ 34.019727] ? kvm_write_guest_cached+0x40/0x40 [ 34.019731] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.019735] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.019739] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.019743] ? kasan_check_write+0x14/0x20 [ 34.019747] ? do_raw_spin_lock+0xc1/0x200 [ 34.019752] ? kvm_irqfd_release+0xdd/0x120 [ 34.019756] ? kvm_irqfd_release+0xdd/0x120 [ 34.019760] ? kvm_put_kvm+0x1060/0x1060 [ 34.019763] kvm_vm_release+0x42/0x50 [ 34.019767] __fput+0x38a/0xa40 [ 34.019771] ? __alloc_file+0x400/0x400 [ 34.019775] ? check_same_owner+0x340/0x340 [ 34.019779] ? kasan_check_write+0x14/0x20 [ 34.019783] ? do_raw_spin_lock+0xc1/0x200 [ 34.019787] ____fput+0x15/0x20 [ 34.019790] task_work_run+0x1e8/0x2a0 [ 34.019795] ? task_work_cancel+0x240/0x240 [ 34.019799] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.019804] ? switch_task_namespaces+0xa2/0xd0 [ 34.019807] do_exit+0x1ae4/0x26e0 [ 34.019812] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.019816] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.019820] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.019824] ? kfree+0x1d7/0x210 [ 34.019828] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.019833] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.019837] ? is_bpf_text_address+0xd7/0x170 [ 34.019839] ? [ 34.019847] Lost 54 message(s)! [ 35.091523] Shutting down cpus with NMI [ 36.151842] Dumping ftrace buffer: [ 36.155373] (ftrace buffer empty) [ 36.159063] Kernel Offset: disabled [ 36.162678] Rebooting in 86400 seconds..