[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.344554] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.485034] random: sshd: uninitialized urandom read (32 bytes read) [ 30.854272] random: sshd: uninitialized urandom read (32 bytes read) [ 31.414629] random: sshd: uninitialized urandom read (32 bytes read) [ 31.597292] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts. [ 37.122639] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 37.221582] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 37.247144] ================================================================== [ 37.256892] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 37.263119] Read of size 8 at addr ffff8801d9b60058 by task syz-executor057/4691 [ 37.270640] [ 37.272269] CPU: 0 PID: 4691 Comm: syz-executor057 Not tainted 4.19.0-rc2+ #220 [ 37.279706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.289051] Call Trace: [ 37.291646] dump_stack+0x1c9/0x2b4 [ 37.295276] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.300461] ? printk+0xa7/0xcf [ 37.303738] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.308492] ? __schedule+0xf54/0x1df0 [ 37.312380] print_address_description+0x6c/0x20b [ 37.317235] ? __schedule+0xf54/0x1df0 [ 37.321123] kasan_report.cold.7+0x242/0x30d [ 37.325907] __asan_report_load8_noabort+0x14/0x20 [ 37.330844] __schedule+0xf54/0x1df0 [ 37.334567] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.339674] ? __sched_text_start+0x8/0x8 [ 37.343820] ? __call_srcu+0x7e7/0x1040 [ 37.347811] ? check_same_owner+0x340/0x340 [ 37.352130] ? mark_held_locks+0x160/0x160 [ 37.356361] ? find_held_lock+0x36/0x1c0 [ 37.360426] preempt_schedule_common+0x22/0x60 [ 37.365006] _cond_resched+0x1d/0x30 [ 37.368720] wait_for_completion+0xa5/0x8d0 [ 37.373044] ? wait_for_completion_interruptible+0x950/0x950 [ 37.378846] ? __lockdep_init_map+0x105/0x590 [ 37.383353] ? __init_waitqueue_head+0x9e/0x150 [ 37.388023] ? init_wait_entry+0x1c0/0x1c0 [ 37.392264] __synchronize_srcu+0x189/0x240 [ 37.396579] ? call_srcu+0x10/0x10 [ 37.400115] ? rcu_unexpedite_gp+0x20/0x20 [ 37.404353] synchronize_srcu+0x335/0x56f [ 37.408499] ? lock_downgrade+0x8f0/0x8f0 [ 37.412642] ? synchronize_srcu_expedited+0x20/0x20 [ 37.417659] ? kasan_check_read+0x11/0x20 [ 37.421802] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.426384] ? kasan_check_write+0x14/0x20 [ 37.430616] ? do_raw_spin_lock+0xc1/0x200 [ 37.434860] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.440575] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.446021] ? kvfree+0x61/0x70 [ 37.449296] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.454310] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.458367] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.462775] ? kvm_arch_sync_events+0x30/0x30 [ 37.467270] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.472862] ? mmu_notifier_unregister+0x474/0x600 [ 37.477791] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.482196] ? kfree+0x111/0x210 [ 37.485565] ? __mmu_notifier_register+0x30/0x30 [ 37.490319] ? __free_pages+0x10a/0x190 [ 37.494292] ? free_unref_page+0x930/0x930 [ 37.498535] kvm_put_kvm+0x73f/0x1060 [ 37.502361] ? kvm_write_guest_cached+0x40/0x40 [ 37.507037] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.511531] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.516021] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.520603] ? kasan_check_write+0x14/0x20 [ 37.524834] ? do_raw_spin_lock+0xc1/0x200 [ 37.529073] ? kvm_irqfd_release+0xdd/0x120 [ 37.533395] ? kvm_irqfd_release+0xdd/0x120 [ 37.537719] ? kvm_put_kvm+0x1060/0x1060 [ 37.541782] kvm_vm_release+0x42/0x50 [ 37.545591] __fput+0x38a/0xa40 [ 37.548877] ? __alloc_file+0x400/0x400 [ 37.552859] ? check_same_owner+0x340/0x340 [ 37.557186] ? kasan_check_write+0x14/0x20 [ 37.561424] ? do_raw_spin_lock+0xc1/0x200 [ 37.565663] ____fput+0x15/0x20 [ 37.568942] task_work_run+0x1e8/0x2a0 [ 37.572843] ? task_work_cancel+0x240/0x240 [ 37.577182] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.582718] ? switch_task_namespaces+0xa2/0xd0 [ 37.587407] do_exit+0x1ae4/0x26e0 [ 37.590951] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.595623] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 37.599869] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.604892] ? kfree+0x1d7/0x210 [ 37.608260] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 37.612497] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.618215] ? is_bpf_text_address+0xd7/0x170 [ 37.622711] ? kernel_text_address+0x79/0xf0 [ 37.627122] ? __kernel_text_address+0xd/0x40 [ 37.631618] ? unwind_get_return_address+0x61/0xa0 [ 37.636555] ? __save_stack_trace+0x8d/0xf0 [ 37.640898] ? save_stack+0xa9/0xd0 [ 37.644616] ? save_stack+0x43/0xd0 [ 37.648239] ? __kasan_slab_free+0x11a/0x170 [ 37.652645] ? kasan_slab_free+0xe/0x10 [ 37.656621] ? putname+0xf2/0x130 [ 37.660080] ? __x64_sys_openat+0x9d/0x100 [ 37.664322] ? do_syscall_64+0x1b9/0x820 [ 37.668386] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.673761] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.678176] ? kasan_check_read+0x11/0x20 [ 37.682333] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.686746] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.691158] ? initcall_blacklisted+0x9a/0x1e0 [ 37.695748] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 37.700858] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.706572] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.712113] ? do_vfs_ioctl+0x201/0x1720 [ 37.716178] ? rcu_is_watching+0x8c/0x150 [ 37.720322] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.724644] ? ioctl_preallocate+0x300/0x300 [ 37.729053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.734596] ? __fget_light+0x2f7/0x440 [ 37.738567] ? fget_raw+0x20/0x20 [ 37.742014] ? putname+0xf2/0x130 [ 37.745467] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.750480] ? kmem_cache_free+0x246/0x280 [ 37.754716] ? putname+0xf7/0x130 [ 37.758168] do_group_exit+0x177/0x440 [ 37.762055] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.766374] ? __ia32_sys_exit+0x50/0x50 [ 37.770434] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.775535] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.781075] ? ksys_ioctl+0x81/0xd0 [ 37.784706] __x64_sys_exit_group+0x3e/0x50 [ 37.789030] do_syscall_64+0x1b9/0x820 [ 37.792923] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.798294] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.803222] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.808069] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 37.813091] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.818401] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.823254] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.828452] RIP: 0033:0x43f028 [ 37.831648] Code: Bad RIP value. [ 37.835014] RSP: 002b:00007fffa7ed27c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.842729] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 37.850003] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.857301] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.864572] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.871844] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 37.879125] [ 37.880746] Allocated by task 4691: [ 37.884376] save_stack+0x43/0xd0 [ 37.887833] kasan_kmalloc+0xc4/0xe0 [ 37.891551] kasan_slab_alloc+0x12/0x20 [ 37.895522] kmem_cache_alloc+0x12e/0x710 [ 37.899664] vmx_create_vcpu+0xcf/0x2830 [ 37.903719] kvm_arch_vcpu_create+0xe5/0x220 [ 37.908123] kvm_vm_ioctl+0x488/0x1d80 [ 37.912010] do_vfs_ioctl+0x1de/0x1720 [ 37.915892] ksys_ioctl+0xa9/0xd0 [ 37.919343] __x64_sys_ioctl+0x73/0xb0 [ 37.923232] do_syscall_64+0x1b9/0x820 [ 37.927114] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.932286] [ 37.933908] Freed by task 4691: [ 37.937188] save_stack+0x43/0xd0 [ 37.940640] __kasan_slab_free+0x11a/0x170 [ 37.944877] kasan_slab_free+0xe/0x10 [ 37.948675] kmem_cache_free+0x86/0x280 [ 37.952649] vmx_free_vcpu+0x26b/0x300 [ 37.956537] kvm_arch_destroy_vm+0x365/0x7c0 [ 37.960949] kvm_put_kvm+0x73f/0x1060 [ 37.964751] kvm_vm_release+0x42/0x50 [ 37.968557] __fput+0x38a/0xa40 [ 37.971835] ____fput+0x15/0x20 [ 37.975121] task_work_run+0x1e8/0x2a0 [ 37.979008] do_exit+0x1ae4/0x26e0 [ 37.982548] do_group_exit+0x177/0x440 [ 37.986436] __x64_sys_exit_group+0x3e/0x50 [ 37.990762] do_syscall_64+0x1b9/0x820 [ 37.994649] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.999828] [ 38.001456] The buggy address belongs to the object at ffff8801d9b60040 [ 38.001456] which belongs to the cache kvm_vcpu of size 23872 [ 38.014032] The buggy address is located 24 bytes inside of [ 38.014032] 23872-byte region [ffff8801d9b60040, ffff8801d9b65d80) [ 38.026004] The buggy address belongs to the page: [ 38.030939] page:ffffea000766d800 count:1 mapcount:0 mapping:ffff8801d51f9d80 index:0x0 compound_mapcount: 0 [ 38.040909] flags: 0x2fffc0000008100(slab|head) [ 38.045578] raw: 02fffc0000008100 ffff8801d51f2b48 ffff8801d51f2b48 ffff8801d51f9d80 [ 38.053461] raw: 0000000000000000 ffff8801d9b60040 0000000100000001 0000000000000000 [ 38.061328] page dumped because: kasan: bad access detected [ 38.067030] [ 38.068644] Memory state around the buggy address: [ 38.073579] ffff8801d9b5ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.080950] ffff8801d9b5ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.088307] >ffff8801d9b60000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 38.095655] ^ [ 38.101885] ffff8801d9b60080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.109237] ffff8801d9b60100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.116690] ================================================================== [ 38.124044] Kernel panic - not syncing: panic_on_warn set ... [ 38.124044] [ 38.131419] CPU: 0 PID: 4691 Comm: syz-executor057 Tainted: G B 4.19.0-rc2+ #220 [ 38.140250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.149602] Call Trace: [ 38.152194] dump_stack+0x1c9/0x2b4 [ 38.155820] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.161024] ? lock_downgrade+0x8f0/0x8f0 [ 38.165189] ? __schedule+0xf54/0x1df0 [ 38.169082] panic+0x238/0x4e7 [ 38.172272] ? add_taint.cold.5+0x16/0x16 [ 38.176426] ? print_shadow_for_address+0xba/0x116 [ 38.181355] ? trace_hardirqs_off+0xaf/0x2b0 [ 38.185764] ? trace_hardirqs_off+0x77/0x2b0 [ 38.190178] ? __schedule+0xf54/0x1df0 [ 38.194065] kasan_end_report+0x47/0x4f [ 38.198047] kasan_report.cold.7+0x76/0x30d [ 38.202372] __asan_report_load8_noabort+0x14/0x20 [ 38.207305] __schedule+0xf54/0x1df0 [ 38.211451] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 38.216553] ? __sched_text_start+0x8/0x8 [ 38.220700] ? __call_srcu+0x7e7/0x1040 [ 38.224680] ? check_same_owner+0x340/0x340 [ 38.228997] ? mark_held_locks+0x160/0x160 [ 38.233230] ? find_held_lock+0x36/0x1c0 [ 38.237292] preempt_schedule_common+0x22/0x60 [ 38.241886] _cond_resched+0x1d/0x30 [ 38.245599] wait_for_completion+0xa5/0x8d0 [ 38.249926] ? wait_for_completion_interruptible+0x950/0x950 [ 38.255723] ? __lockdep_init_map+0x105/0x590 [ 38.260222] ? __init_waitqueue_head+0x9e/0x150 [ 38.264890] ? init_wait_entry+0x1c0/0x1c0 [ 38.269126] __synchronize_srcu+0x189/0x240 [ 38.273443] ? call_srcu+0x10/0x10 [ 38.276982] ? rcu_unexpedite_gp+0x20/0x20 [ 38.281232] synchronize_srcu+0x335/0x56f [ 38.285381] ? lock_downgrade+0x8f0/0x8f0 [ 38.289527] ? synchronize_srcu_expedited+0x20/0x20 [ 38.294541] ? kasan_check_read+0x11/0x20 [ 38.298685] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.303269] ? kasan_check_write+0x14/0x20 [ 38.307505] ? do_raw_spin_lock+0xc1/0x200 [ 38.311743] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.317453] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.322914] ? kvfree+0x61/0x70 [ 38.326705] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.331722] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.335783] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.340193] ? kvm_arch_sync_events+0x30/0x30 [ 38.344694] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.350233] ? mmu_notifier_unregister+0x474/0x600 [ 38.355158] ? trace_hardirqs_on+0x2c0/0x2c0 [ 38.359577] ? kfree+0x111/0x210 [ 38.362947] ? __mmu_notifier_register+0x30/0x30 [ 38.367708] ? __free_pages+0x10a/0x190 [ 38.371687] ? free_unref_page+0x930/0x930 [ 38.375937] kvm_put_kvm+0x73f/0x1060 [ 38.379746] ? kvm_write_guest_cached+0x40/0x40 [ 38.384425] ? _raw_spin_unlock_irq+0x27/0x70 [ 38.388928] ? _raw_spin_unlock_irq+0x27/0x70 [ 38.393427] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.398018] ? kasan_check_write+0x14/0x20 [ 38.402255] ? do_raw_spin_lock+0xc1/0x200 [ 38.406490] ? kvm_irqfd_release+0xdd/0x120 [ 38.410806] ? kvm_irqfd_release+0xdd/0x120 [ 38.415142] ? kvm_put_kvm+0x1060/0x1060 [ 38.419207] kvm_vm_release+0x42/0x50 [ 38.423033] __fput+0x38a/0xa40 [ 38.426310] ? __alloc_file+0x400/0x400 [ 38.430285] ? check_same_owner+0x340/0x340 [ 38.434893] ? kasan_check_write+0x14/0x20 [ 38.439127] ? do_raw_spin_lock+0xc1/0x200 [ 38.443362] ____fput+0x15/0x20 [ 38.446643] task_work_run+0x1e8/0x2a0 [ 38.450529] ? task_work_cancel+0x240/0x240 [ 38.454854] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.460390] ? switch_task_namespaces+0xa2/0xd0 [ 38.465055] do_exit+0x1ae4/0x26e0 [ 38.468595] ? mm_update_next_owner+0x9a0/0x9a0 [ 38.473272] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 38.477505] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.482525] ? kfree+0x1d7/0x210 [ 38.485895] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 38.490128] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 38.495856] ? is_bpf_text_address+0xd7/0x170 [ 38.500351] ? kernel_text_address+0x79/0xf0 [ 38.504759] ? __kernel_text_address+0xd/0x40 [ 38.509255] ? unwind_get_return_address+0x61/0xa0 [ 38.514183] ? __save_stack_trace+0x8d/0xf0 [ 38.518509] ? save_stack+0xa9/0xd0 [ 38.522135] ? save_stack+0x43/0xd0 [ 38.525766] ? __kasan_slab_free+0x11a/0x170 [ 38.530953] ? kasan_slab_free+0xe/0x10 [ 38.534927] ? putname+0xf2/0x130 [ 38.538379] ? __x64_sys_openat+0x9d/0x100 [ 38.542614] ? do_syscall_64+0x1b9/0x820 [ 38.546676] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.552044] ? trace_hardirqs_off+0xb8/0x2b0 [ 38.556453] ? kasan_check_read+0x11/0x20 [ 38.560606] ? do_raw_spin_unlock+0xa7/0x2f0 [ 38.565011] ? trace_hardirqs_on+0x2c0/0x2c0 [ 38.569418] ? initcall_blacklisted+0x9a/0x1e0 [ 38.574003] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 38.579112] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 38.584827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.590373] ? do_vfs_ioctl+0x201/0x1720 [ 38.594438] ? rcu_is_watching+0x8c/0x150 [ 38.598586] ? trace_hardirqs_on+0xbd/0x2c0 [ 38.602910] ? ioctl_preallocate+0x300/0x300 [ 38.607348] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.612904] ? __fget_light+0x2f7/0x440 [ 38.616888] ? fget_raw+0x20/0x20 [ 38.620339] ? putname+0xf2/0x130 [ 38.623800] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.628822] ? kmem_cache_free+0x246/0x280 [ 38.633059] ? putname+0xf7/0x130 [ 38.636517] do_group_exit+0x177/0x440 [ 38.640402] ? trace_hardirqs_on+0xbd/0x2c0 [ 38.644722] ? __ia32_sys_exit+0x50/0x50 [ 38.648781] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 38.653898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.659526] ? ksys_ioctl+0x81/0xd0 [ 38.663159] __x64_sys_exit_group+0x3e/0x50 [ 38.667484] do_syscall_64+0x1b9/0x820 [ 38.671376] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.676748] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.681676] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.686518] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 38.691532] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.696552] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.701396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.706582] RIP: 0033:0x43f028 [ 38.709772] Code: Bad RIP value. [ 38.713128] RSP: 002b:00007fffa7ed27c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.720835] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 38.728104] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.735371] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.742639] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 38.749905] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 38.757183] [ 38.757189] ====================================================== [ 38.757194] WARNING: possible circular locking dependency detected [ 38.757198] 4.19.0-rc2+ #220 Not tainted [ 38.757204] ------------------------------------------------------ [ 38.757208] syz-executor057/4691 is trying to acquire lock: [ 38.757212] 00000000e3f86942 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 38.757226] [ 38.757230] but task is already holding lock: [ 38.757233] 00000000ad4f18fa (report_lock){....}, at: kasan_report+0x8e/0x110 [ 38.757247] [ 38.757251] which lock already depends on the new lock. [ 38.757254] [ 38.757256] [ 38.757261] the existing dependency chain (in reverse order) is: [ 38.757263] [ 38.757265] -> #3 (report_lock){....}: [ 38.757279] _raw_spin_lock_irqsave+0x96/0xc0 [ 38.757283] kasan_report+0x8e/0x110 [ 38.757287] __asan_report_load8_noabort+0x14/0x20 [ 38.757291] __schedule+0xf54/0x1df0 [ 38.757295] preempt_schedule_common+0x22/0x60 [ 38.757299] _cond_resched+0x1d/0x30 [ 38.757303] wait_for_completion+0xa5/0x8d0 [ 38.757307] __synchronize_srcu+0x189/0x240 [ 38.757311] synchronize_srcu+0x335/0x56f [ 38.757316] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.757320] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.757324] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.757328] kvm_put_kvm+0x73f/0x1060 [ 38.757332] kvm_vm_release+0x42/0x50 [ 38.757335] __fput+0x38a/0xa40 [ 38.757338] ____fput+0x15/0x20 [ 38.757342] task_work_run+0x1e8/0x2a0 [ 38.757346] do_exit+0x1ae4/0x26e0 [ 38.757349] do_group_exit+0x177/0x440 [ 38.757353] __x64_sys_exit_group+0x3e/0x50 [ 38.757358] do_syscall_64+0x1b9/0x820 [ 38.757363] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.757365] [ 38.757367] -> #2 (&rq->lock){-.-.}: [ 38.757381] _raw_spin_lock+0x2a/0x40 [ 38.757384] task_fork_fair+0x93/0x680 [ 38.757388] sched_fork+0x44b/0xbd0 [ 38.757392] copy_process+0x235e/0x7ad0 [ 38.757395] _do_fork+0x1ca/0x1170 [ 38.757399] kernel_thread+0x34/0x40 [ 38.757402] rest_init+0x22/0xe4 [ 38.757406] start_kernel+0x913/0x94e [ 38.757411] x86_64_start_reservations+0x29/0x2b [ 38.757415] x86_64_start_kernel+0x76/0x79 [ 38.757419] secondary_startup_64+0xa4/0xb0 [ 38.757421] [ 38.757423] -> #1 (&p->pi_lock){-.-.}: [ 38.757437] _raw_spin_lock_irqsave+0x96/0xc0 [ 38.757441] try_to_wake_up+0xd2/0x1250 [ 38.757445] wake_up_process+0x10/0x20 [ 38.757448] __up.isra.1+0x1c0/0x2a0 [ 38.757451] up+0x13c/0x1c0 [ 38.757455] __up_console_sem+0xbe/0x1b0 [ 38.757459] console_unlock+0x506/0x10d0 [ 38.757463] vprintk_emit+0x33a/0x910 [ 38.757467] vprintk_default+0x28/0x30 [ 38.757470] vprintk_func+0x7a/0x117 [ 38.757474] printk+0xa7/0xcf [ 38.757477] load_umh+0x51/0xbd [ 38.757481] do_one_initcall+0x127/0x838 [ 38.757485] kernel_init_freeable+0x4bb/0x5ae [ 38.757489] kernel_init+0x11/0x1b3 [ 38.757492] ret_from_fork+0x3a/0x50 [ 38.757494] [ 38.757497] -> #0 ((console_sem).lock){-...}: [ 38.757511] lock_acquire+0x1e4/0x4f0 [ 38.757515] _raw_spin_lock_irqsave+0x96/0xc0 [ 38.757518] down_trylock+0x13/0x70 [ 38.757523] __down_trylock_console_sem+0xae/0x200 [ 38.757526] console_trylock+0x15/0xa0 [ 38.757530] vprintk_emit+0x31f/0x910 [ 38.757534] vprintk_default+0x28/0x30 [ 38.757538] vprintk_func+0x7a/0x117 [ 38.757541] printk+0xa7/0xcf [ 38.757545] kasan_report+0x9e/0x110 [ 38.757549] __asan_report_load8_noabort+0x14/0x20 [ 38.757553] __schedule+0xf54/0x1df0 [ 38.757557] preempt_schedule_common+0x22/0x60 [ 38.757560] _cond_resched+0x1d/0x30 [ 38.757564] wait_for_completion+0xa5/0x8d0 [ 38.757568] __synchronize_srcu+0x189/0x240 [ 38.757572] synchronize_srcu+0x335/0x56f [ 38.757577] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.757581] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.757585] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.757589] kvm_put_kvm+0x73f/0x1060 [ 38.757593] kvm_vm_release+0x42/0x50 [ 38.757596] __fput+0x38a/0xa40 [ 38.757599] ____fput+0x15/0x20 [ 38.757603] task_work_run+0x1e8/0x2a0 [ 38.757607] do_exit+0x1ae4/0x26e0 [ 38.757611] do_group_exit+0x177/0x440 [ 38.757615] __x64_sys_exit_group+0x3e/0x50 [ 38.757618] do_syscall_64+0x1b9/0x820 [ 38.757623] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.757625] [ 38.757629] other info that might help us debug this: [ 38.757645] [ 38.757648] Chain exists of: [ 38.757650] (console_sem).lock --> &rq->lock --> report_lock [ 38.757667] [ 38.757670] Possible unsafe locking scenario: [ 38.757672] [ 38.757688] CPU0 CPU1 [ 38.757692] ---- ---- [ 38.757694] lock(report_lock); [ 38.757702] lock(&rq->lock); [ 38.757711] lock(report_lock); [ 38.757730] lock((console_sem).lock); [ 38.757749] [ 38.757752] *** DEADLOCK *** [ 38.757754] [ 38.757758] 2 locks held by syz-executor057/4691: [ 38.757760] #0: 00000000609df65a (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 38.757775] #1: 00000000ad4f18fa (report_lock){....}, at: kasan_report+0x8e/0x110 [ 38.757791] [ 38.757793] stack backtrace: [ 38.757799] CPU: 0 PID: 4691 Comm: syz-executor057 Not tainted 4.19.0-rc2+ #220 [ 38.757805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.757808] Call Trace: [ 38.757812] dump_stack+0x1c9/0x2b4 [ 38.757816] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.757819] ? vprintk_func+0x100/0x117 [ 38.757824] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 38.757839] ? save_trace+0xe0/0x290 [ 38.757843] __lock_acquire+0x3449/0x5020 [ 38.757847] ? mark_held_locks+0x160/0x160 [ 38.757856] ? mark_held_locks+0x160/0x160 [ 38.757861] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 38.757865] ? is_bpf_text_address+0xd7/0x170 [ 38.757868] ? kernel_text_address+0x79/0xf0 [ 38.757872] ? __kernel_text_address+0xd/0x40 [ 38.757876] ? __save_stack_trace+0x8d/0xf0 [ 38.757892] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 38.757896] ? save_trace+0x290/0x290 [ 38.757900] ? save_stack_trace+0x1a/0x20 [ 38.757904] ? save_trace+0xe0/0x290 [ 38.757907] ? graph_lock+0x170/0x170 [ 38.757912] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.757916] lock_acquire+0x1e4/0x4f0 [ 38.757919] ? down_trylock+0x13/0x70 [ 38.757923] ? lock_release+0x9f0/0x9f0 [ 38.757927] ? trace_hardirqs_off+0xb8/0x2b0 [ 38.757931] ? trace_hardirqs_on+0x2c0/0x2c0 [ 38.757935] ? trace_hardirqs_off+0xb8/0x2b0 [ 38.757939] ? log_store+0x34f/0x4c0 [ 38.757943] ? vprintk_emit+0x31f/0x910 [ 38.757947] _raw_spin_lock_irqsave+0x96/0xc0 [ 38.757951] ? down_trylock+0x13/0x70 [ 38.757954] down_trylock+0x13/0x70 [ 38.757959] __down_trylock_console_sem+0xae/0x200 [ 38.757962] console_trylock+0x15/0xa0 [ 38.757966] vprintk_emit+0x31f/0x910 [ 38.757970] ? wake_up_klogd+0x110/0x110 [ 38.757974] ? run_rebalance_domains+0x4c0/0x4c0 [ 38.757978] ? kasan_check_read+0x11/0x20 [ 38.757982] ? rcu_is_watching+0x8c/0x150 [ 38.757986] ? rcu_pm_notify+0xc0/0xc0 [ 38.757990] ? lock_acquire+0x1e4/0x4f0 [ 38.757994] ? kasan_report+0x8e/0x110 [ 38.757997] ? __schedule+0xf54/0x1df0 [ 38.758001] vprintk_default+0x28/0x30 [ 38.758005] vprintk_func+0x7a/0x117 [ 38.758008] printk+0xa7/0xcf [ 38.758012] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 38.758016] ? kasan_check_write+0x14/0x20 [ 38.758020] ? do_raw_spin_lock+0xc1/0x200 [ 38.758024] ? do_raw_spin_lock+0xc1/0x200 [ 38.758028] kasan_report+0x9e/0x110 [ 38.758032] __asan_report_load8_noabort+0x14/0x20 [ 38.758036] __schedule+0xf54/0x1df0 [ 38.758040] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 38.758044] ? __sched_text_start+0x8/0x8 [ 38.758048] ? __call_srcu+0x7e7/0x1040 [ 38.758052] ? check_same_owner+0x340/0x340 [ 38.758056] ? mark_held_locks+0x160/0x160 [ 38.758060] ? find_held_lock+0x36/0x1c0 [ 38.758064] preempt_schedule_common+0x22/0x60 [ 38.758067] _cond_resched+0x1d/0x30 [ 38.758071] wait_for_completion+0xa5/0x8d0 [ 38.758076] ? wait_for_completion_interruptible+0x950/0x950 [ 38.758080] ? __lockdep_init_map+0x105/0x590 [ 38.758085] ? __init_waitqueue_head+0x9e/0x150 [ 38.758089] ? init_wait_entry+0x1c0/0x1c0 [ 38.758093] __synchronize_srcu+0x189/0x240 [ 38.758096] ? call_srcu+0x10/0x10 [ 38.758100] ? rcu_unexpedite_gp+0x20/0x20 [ 38.758104] synchronize_srcu+0x335/0x56f [ 38.758108] ? lock_downgrade+0x8f0/0x8f0 [ 38.758113] ? synchronize_srcu_expedited+0x20/0x20 [ 38.758117] ? kasan_check_read+0x11/0x20 [ 38.758121] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.758125] ? kasan_check_write+0x14/0x20 [ 38.758129] ? do_raw_spin_lock+0xc1/0x200 [ 38.758134] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.758138] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.758142] ? kvfree+0x61/0x70 [ 38.758146] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.758150] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.758154] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.758158] ? kvm_arch_sync_events+0x30/0x30 [ 38.758163] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.758167] ? mmu_notifier_unregister+0x474/0x600 [ 38.758171] ? trace_hardirqs_on+0x2c0/0x2c0 [ 38.758175] ? kfree+0x111/0x210 [ 38.758179] ? __mmu_notifier_register+0x30/0x30 [ 38.758183] ? __free_pages+0x10a/0x190 [ 38.758187] ? free_unref_page+0x930/0x930 [ 38.758191] kvm_put_kvm+0x73f/0x1060 [ 38.758195] ? kvm_write_guest_cached+0x40/0x40 [ 38.758199] ? _raw_spin_unlock_irq+0x27/0x70 [ 38.758203] ? _raw_spin_unlock_irq+0x27/0x70 [ 38.758208] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.758211] ? kasan_check_write+0x14/0x20 [ 38.758216] ? do_raw_spin_lock+0xc1/0x200 [ 38.758220] ? kvm_irqfd_release+0xdd/0x120 [ 38.758224] ? kvm_irqfd_release+0xdd/0x120 [ 38.758227] ? kvm_put_kvm+0x1060/0x1060 [ 38.758231] kvm_vm_release+0x42/0x50 [ 38.758235] __fput+0x38a/0xa40 [ 38.758238] ? __alloc_file+0x400/0x400 [ 38.758242] ? check_same_owner+0x340/0x340 [ 38.758246] ? kasan_check_write+0x14/0x20 [ 38.758250] ? do_raw_spin_lock+0xc1/0x200 [ 38.758254] ____fput+0x15/0x20 [ 38.758257] task_work_run+0x1e8/0x2a0 [ 38.758261] ? task_work_cancel+0x240/0x240 [ 38.758266] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.758270] ? switch_task_namespaces+0xa2/0xd0 [ 38.758274] do_exit+0x1ae4/0x26e0 [ 38.758278] ? mm_update_next_owner+0x9a0/0x9a0 [ 38.758282] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 38.758286] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.758290] ? kfree+0x1d7/0x210 [ 38.758294] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 38.758298] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 38.758303] ? is_bpf_text_address+0xd7/0x170 [ 38.758305] ? [ 38.758312] Lost 54 message(s)! [ 39.821714] Shutting down cpus with NMI [ 40.881630] Dumping ftrace buffer: [ 40.885156] (ftrace buffer empty) [ 40.888841] Kernel Offset: disabled [ 40.892455] Rebooting in 86400 seconds..