[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.556635] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.434660] random: sshd: uninitialized urandom read (32 bytes read) [ 27.790933] random: sshd: uninitialized urandom read (32 bytes read) [ 28.301541] random: sshd: uninitialized urandom read (32 bytes read) [ 48.632632] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.214' (ECDSA) to the list of known hosts. [ 54.333469] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 54.433427] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 54.455604] ================================================================== [ 54.464333] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 54.470624] Read of size 8 at addr ffff8801d94e0058 by task syz-executor203/4674 [ 54.478142] [ 54.479750] CPU: 0 PID: 4674 Comm: syz-executor203 Not tainted 4.19.0-rc2+ #225 [ 54.487175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.496503] Call Trace: [ 54.499074] dump_stack+0x1c9/0x2b4 [ 54.502682] ? dump_stack_print_info.cold.2+0x52/0x52 [ 54.507850] ? printk+0xa7/0xcf [ 54.511117] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 54.515858] ? __schedule+0xf54/0x1df0 [ 54.519728] print_address_description+0x6c/0x20b [ 54.524553] ? __schedule+0xf54/0x1df0 [ 54.528420] kasan_report.cold.7+0x242/0x30d [ 54.532807] __asan_report_load8_noabort+0x14/0x20 [ 54.537723] __schedule+0xf54/0x1df0 [ 54.541423] ? __sched_text_start+0x8/0x8 [ 54.545549] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 54.550639] ? __call_srcu+0x7e7/0x1040 [ 54.554609] ? check_same_owner+0x340/0x340 [ 54.558913] ? mark_held_locks+0x160/0x160 [ 54.563128] ? find_held_lock+0x36/0x1c0 [ 54.567177] preempt_schedule_common+0x22/0x60 [ 54.571750] _cond_resched+0x1d/0x30 [ 54.575469] wait_for_completion+0xa5/0x8d0 [ 54.579777] ? wait_for_completion_interruptible+0x950/0x950 [ 54.585659] ? __lockdep_init_map+0x105/0x590 [ 54.590144] ? __init_waitqueue_head+0x9e/0x150 [ 54.594900] ? init_wait_entry+0x1c0/0x1c0 [ 54.599128] __synchronize_srcu+0x189/0x240 [ 54.603442] ? call_srcu+0x10/0x10 [ 54.606966] ? rcu_unexpedite_gp+0x20/0x20 [ 54.611193] synchronize_srcu+0x335/0x56f [ 54.615333] ? lock_downgrade+0x8f0/0x8f0 [ 54.619472] ? synchronize_srcu_expedited+0x20/0x20 [ 54.624585] ? kasan_check_read+0x11/0x20 [ 54.628724] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 54.633287] ? kasan_check_write+0x14/0x20 [ 54.637503] ? do_raw_spin_lock+0xc1/0x200 [ 54.641726] kvm_page_track_unregister_notifier+0x17d/0x250 [ 54.647420] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 54.652854] ? kvfree+0x61/0x70 [ 54.656115] ? rcu_read_lock_sched_held+0x108/0x120 [ 54.661109] kvm_mmu_uninit_vm+0x1c/0x20 [ 54.665152] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 54.669545] ? kvm_arch_sync_events+0x30/0x30 [ 54.674028] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 54.679551] ? mmu_notifier_unregister+0x474/0x600 [ 54.684460] ? trace_hardirqs_on+0x2c0/0x2c0 [ 54.688853] ? kfree+0x111/0x210 [ 54.692206] ? __mmu_notifier_register+0x30/0x30 [ 54.696945] ? __free_pages+0x10a/0x190 [ 54.701057] ? free_unref_page+0x930/0x930 [ 54.705281] kvm_put_kvm+0x73f/0x1060 [ 54.709066] ? kvm_write_guest_cached+0x40/0x40 [ 54.713717] ? _raw_spin_unlock_irq+0x27/0x70 [ 54.718193] ? _raw_spin_unlock_irq+0x27/0x70 [ 54.722682] ? lockdep_hardirqs_on+0x421/0x5c0 [ 54.727248] ? kasan_check_write+0x14/0x20 [ 54.731615] ? do_raw_spin_lock+0xc1/0x200 [ 54.735834] ? kvm_irqfd_release+0xdd/0x120 [ 54.740135] ? kvm_irqfd_release+0xdd/0x120 [ 54.744439] ? kvm_put_kvm+0x1060/0x1060 [ 54.748616] kvm_vm_release+0x42/0x50 [ 54.752476] __fput+0x38a/0xa40 [ 54.755742] ? __alloc_file+0x400/0x400 [ 54.759701] ? check_same_owner+0x340/0x340 [ 54.764003] ? kasan_check_write+0x14/0x20 [ 54.768216] ? do_raw_spin_lock+0xc1/0x200 [ 54.772432] ____fput+0x15/0x20 [ 54.775694] task_work_run+0x1e8/0x2a0 [ 54.779562] ? task_work_cancel+0x240/0x240 [ 54.783865] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 54.789382] ? switch_task_namespaces+0xa2/0xd0 [ 54.794034] do_exit+0x1ae4/0x26e0 [ 54.797559] ? mm_update_next_owner+0x9a0/0x9a0 [ 54.802214] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 54.806635] ? rcu_read_lock_sched_held+0x108/0x120 [ 54.811649] ? kfree+0x1d7/0x210 [ 54.815002] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 54.819222] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 54.824921] ? is_bpf_text_address+0xd7/0x170 [ 54.829397] ? kernel_text_address+0x79/0xf0 [ 54.833785] ? __kernel_text_address+0xd/0x40 [ 54.838262] ? unwind_get_return_address+0x61/0xa0 [ 54.843192] ? __save_stack_trace+0x8d/0xf0 [ 54.847520] ? save_stack+0xa9/0xd0 [ 54.851150] ? save_stack+0x43/0xd0 [ 54.854775] ? __kasan_slab_free+0x11a/0x170 [ 54.859177] ? kasan_slab_free+0xe/0x10 [ 54.863152] ? putname+0xf2/0x130 [ 54.866603] ? __x64_sys_openat+0x9d/0x100 [ 54.870837] ? do_syscall_64+0x1b9/0x820 [ 54.874897] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.880260] ? trace_hardirqs_off+0xb8/0x2c0 [ 54.884672] ? kasan_check_read+0x11/0x20 [ 54.888821] ? do_raw_spin_unlock+0xa7/0x2f0 [ 54.893226] ? trace_hardirqs_on+0x2c0/0x2c0 [ 54.897637] ? initcall_blacklisted+0x9a/0x1e0 [ 54.902229] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 54.907336] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 54.913049] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.918591] ? do_vfs_ioctl+0x201/0x1720 [ 54.922670] ? rcu_is_watching+0x8c/0x150 [ 54.926814] ? trace_hardirqs_on+0xbd/0x2c0 [ 54.931141] ? ioctl_preallocate+0x300/0x300 [ 54.935551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.941085] ? __fget_light+0x2f7/0x440 [ 54.945060] ? fget_raw+0x20/0x20 [ 54.948508] ? putname+0xf2/0x130 [ 54.951960] ? rcu_read_lock_sched_held+0x108/0x120 [ 54.956989] ? kmem_cache_free+0x246/0x280 [ 54.961221] ? putname+0xf7/0x130 [ 54.964681] do_group_exit+0x177/0x440 [ 54.968570] ? trace_hardirqs_on+0xbd/0x2c0 [ 54.972886] ? __ia32_sys_exit+0x50/0x50 [ 54.976942] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 54.982046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.987582] ? ksys_ioctl+0x81/0xd0 [ 54.991211] __x64_sys_exit_group+0x3e/0x50 [ 54.995530] do_syscall_64+0x1b9/0x820 [ 54.999418] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 55.004778] ? syscall_return_slowpath+0x5e0/0x5e0 [ 55.009705] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.014546] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 55.019564] ? prepare_exit_to_usermode+0x291/0x3b0 [ 55.024582] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.029428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.034617] RIP: 0033:0x43f028 [ 55.037815] Code: Bad RIP value. [ 55.041173] RSP: 002b:00007fffcb3b95b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 55.048876] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 55.056141] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 55.063418] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 55.070694] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 55.077955] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 55.085220] [ 55.086841] Allocated by task 4674: [ 55.090472] save_stack+0x43/0xd0 [ 55.093921] kasan_kmalloc+0xc4/0xe0 [ 55.097631] kasan_slab_alloc+0x12/0x20 [ 55.101609] kmem_cache_alloc+0x12e/0x710 [ 55.105753] vmx_create_vcpu+0xcf/0x2830 [ 55.109812] kvm_arch_vcpu_create+0xe5/0x220 [ 55.114216] kvm_vm_ioctl+0x488/0x1d80 [ 55.118098] do_vfs_ioctl+0x1de/0x1720 [ 55.121987] ksys_ioctl+0xa9/0xd0 [ 55.125439] __x64_sys_ioctl+0x73/0xb0 [ 55.129321] do_syscall_64+0x1b9/0x820 [ 55.133205] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.138382] [ 55.140002] Freed by task 4674: [ 55.143279] save_stack+0x43/0xd0 [ 55.146726] __kasan_slab_free+0x11a/0x170 [ 55.150960] kasan_slab_free+0xe/0x10 [ 55.154752] kmem_cache_free+0x86/0x280 [ 55.158720] vmx_free_vcpu+0x26b/0x300 [ 55.162600] kvm_arch_destroy_vm+0x365/0x7c0 [ 55.167008] kvm_put_kvm+0x73f/0x1060 [ 55.170807] kvm_vm_release+0x42/0x50 [ 55.174603] __fput+0x38a/0xa40 [ 55.177874] ____fput+0x15/0x20 [ 55.181149] task_work_run+0x1e8/0x2a0 [ 55.185032] do_exit+0x1ae4/0x26e0 [ 55.188569] do_group_exit+0x177/0x440 [ 55.192448] __x64_sys_exit_group+0x3e/0x50 [ 55.196764] do_syscall_64+0x1b9/0x820 [ 55.200657] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.205834] [ 55.207455] The buggy address belongs to the object at ffff8801d94e0040 [ 55.207455] which belongs to the cache kvm_vcpu of size 23872 [ 55.220025] The buggy address is located 24 bytes inside of [ 55.220025] 23872-byte region [ffff8801d94e0040, ffff8801d94e5d80) [ 55.231975] The buggy address belongs to the page: [ 55.236901] page:ffffea0007653800 count:1 mapcount:0 mapping:ffff8801d8683000 index:0x0 compound_mapcount: 0 [ 55.246866] flags: 0x2fffc0000008100(slab|head) [ 55.251537] raw: 02fffc0000008100 ffff8801d5157d48 ffff8801d5157d48 ffff8801d8683000 [ 55.259414] raw: 0000000000000000 ffff8801d94e0040 0000000100000001 0000000000000000 [ 55.267285] page dumped because: kasan: bad access detected [ 55.272981] [ 55.274600] Memory state around the buggy address: [ 55.279521] ffff8801d94dff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.286874] ffff8801d94dff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.294224] >ffff8801d94e0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 55.301570] ^ [ 55.307798] ffff8801d94e0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.315154] ffff8801d94e0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.322502] ================================================================== [ 55.329855] Kernel panic - not syncing: panic_on_warn set ... [ 55.329855] [ 55.337218] CPU: 0 PID: 4674 Comm: syz-executor203 Tainted: G B 4.19.0-rc2+ #225 [ 55.346041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.355385] Call Trace: [ 55.357978] dump_stack+0x1c9/0x2b4 [ 55.361606] ? dump_stack_print_info.cold.2+0x52/0x52 [ 55.366792] ? lock_downgrade+0x8f0/0x8f0 [ 55.370935] ? __schedule+0xf54/0x1df0 [ 55.374852] panic+0x238/0x4e7 [ 55.378039] ? add_taint.cold.5+0x16/0x16 [ 55.382192] ? print_shadow_for_address+0xba/0x116 [ 55.387115] ? trace_hardirqs_off+0xaf/0x2c0 [ 55.391522] ? trace_hardirqs_off+0x77/0x2c0 [ 55.395925] ? __schedule+0xf54/0x1df0 [ 55.399807] kasan_end_report+0x47/0x4f [ 55.403779] kasan_report.cold.7+0x76/0x30d [ 55.408101] __asan_report_load8_noabort+0x14/0x20 [ 55.413031] __schedule+0xf54/0x1df0 [ 55.416745] ? __sched_text_start+0x8/0x8 [ 55.420891] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 55.426025] ? __call_srcu+0x7e7/0x1040 [ 55.430008] ? check_same_owner+0x340/0x340 [ 55.434327] ? mark_held_locks+0x160/0x160 [ 55.438560] ? find_held_lock+0x36/0x1c0 [ 55.442622] preempt_schedule_common+0x22/0x60 [ 55.447212] _cond_resched+0x1d/0x30 [ 55.450925] wait_for_completion+0xa5/0x8d0 [ 55.455247] ? wait_for_completion_interruptible+0x950/0x950 [ 55.461042] ? __lockdep_init_map+0x105/0x590 [ 55.465537] ? __init_waitqueue_head+0x9e/0x150 [ 55.470215] ? init_wait_entry+0x1c0/0x1c0 [ 55.474452] __synchronize_srcu+0x189/0x240 [ 55.478773] ? call_srcu+0x10/0x10 [ 55.482312] ? rcu_unexpedite_gp+0x20/0x20 [ 55.486549] synchronize_srcu+0x335/0x56f [ 55.490692] ? lock_downgrade+0x8f0/0x8f0 [ 55.494840] ? synchronize_srcu_expedited+0x20/0x20 [ 55.499856] ? kasan_check_read+0x11/0x20 [ 55.504002] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 55.508581] ? kasan_check_write+0x14/0x20 [ 55.512814] ? do_raw_spin_lock+0xc1/0x200 [ 55.517050] kvm_page_track_unregister_notifier+0x17d/0x250 [ 55.522761] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 55.528211] ? kvfree+0x61/0x70 [ 55.531488] ? rcu_read_lock_sched_held+0x108/0x120 [ 55.536504] kvm_mmu_uninit_vm+0x1c/0x20 [ 55.540878] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 55.545284] ? kvm_arch_sync_events+0x30/0x30 [ 55.549784] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 55.555319] ? mmu_notifier_unregister+0x474/0x600 [ 55.560241] ? trace_hardirqs_on+0x2c0/0x2c0 [ 55.564643] ? kfree+0x111/0x210 [ 55.568019] ? __mmu_notifier_register+0x30/0x30 [ 55.572773] ? __free_pages+0x10a/0x190 [ 55.576746] ? free_unref_page+0x930/0x930 [ 55.580985] kvm_put_kvm+0x73f/0x1060 [ 55.584792] ? kvm_write_guest_cached+0x40/0x40 [ 55.589464] ? _raw_spin_unlock_irq+0x27/0x70 [ 55.593958] ? _raw_spin_unlock_irq+0x27/0x70 [ 55.598453] ? lockdep_hardirqs_on+0x421/0x5c0 [ 55.603036] ? kasan_check_write+0x14/0x20 [ 55.607267] ? do_raw_spin_lock+0xc1/0x200 [ 55.611502] ? kvm_irqfd_release+0xdd/0x120 [ 55.615817] ? kvm_irqfd_release+0xdd/0x120 [ 55.620143] ? kvm_put_kvm+0x1060/0x1060 [ 55.624199] kvm_vm_release+0x42/0x50 [ 55.627996] __fput+0x38a/0xa40 [ 55.631275] ? __alloc_file+0x400/0x400 [ 55.635253] ? check_same_owner+0x340/0x340 [ 55.639572] ? kasan_check_write+0x14/0x20 [ 55.643802] ? do_raw_spin_lock+0xc1/0x200 [ 55.648032] ____fput+0x15/0x20 [ 55.651308] task_work_run+0x1e8/0x2a0 [ 55.655192] ? task_work_cancel+0x240/0x240 [ 55.659517] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 55.665049] ? switch_task_namespaces+0xa2/0xd0 [ 55.669718] do_exit+0x1ae4/0x26e0 [ 55.673780] ? mm_update_next_owner+0x9a0/0x9a0 [ 55.678464] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 55.682715] ? rcu_read_lock_sched_held+0x108/0x120 [ 55.687738] ? kfree+0x1d7/0x210 [ 55.691104] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 55.695342] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 55.701049] ? is_bpf_text_address+0xd7/0x170 [ 55.705539] ? kernel_text_address+0x79/0xf0 [ 55.709945] ? __kernel_text_address+0xd/0x40 [ 55.714435] ? unwind_get_return_address+0x61/0xa0 [ 55.719366] ? __save_stack_trace+0x8d/0xf0 [ 55.723688] ? save_stack+0xa9/0xd0 [ 55.727310] ? save_stack+0x43/0xd0 [ 55.730930] ? __kasan_slab_free+0x11a/0x170 [ 55.735335] ? kasan_slab_free+0xe/0x10 [ 55.739305] ? putname+0xf2/0x130 [ 55.742772] ? __x64_sys_openat+0x9d/0x100 [ 55.747003] ? do_syscall_64+0x1b9/0x820 [ 55.751060] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.756419] ? trace_hardirqs_off+0xb8/0x2c0 [ 55.760821] ? kasan_check_read+0x11/0x20 [ 55.764969] ? do_raw_spin_unlock+0xa7/0x2f0 [ 55.769372] ? trace_hardirqs_on+0x2c0/0x2c0 [ 55.773779] ? initcall_blacklisted+0x9a/0x1e0 [ 55.778360] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 55.783462] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 55.789175] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.794709] ? do_vfs_ioctl+0x201/0x1720 [ 55.798764] ? rcu_is_watching+0x8c/0x150 [ 55.802908] ? trace_hardirqs_on+0xbd/0x2c0 [ 55.807230] ? ioctl_preallocate+0x300/0x300 [ 55.811636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.817198] ? __fget_light+0x2f7/0x440 [ 55.821170] ? fget_raw+0x20/0x20 [ 55.824617] ? putname+0xf2/0x130 [ 55.828075] ? rcu_read_lock_sched_held+0x108/0x120 [ 55.833085] ? kmem_cache_free+0x246/0x280 [ 55.837317] ? putname+0xf7/0x130 [ 55.840774] do_group_exit+0x177/0x440 [ 55.844668] ? trace_hardirqs_on+0xbd/0x2c0 [ 55.848985] ? __ia32_sys_exit+0x50/0x50 [ 55.853041] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 55.858146] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.863682] ? ksys_ioctl+0x81/0xd0 [ 55.867309] __x64_sys_exit_group+0x3e/0x50 [ 55.871632] do_syscall_64+0x1b9/0x820 [ 55.875523] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 55.880882] ? syscall_return_slowpath+0x5e0/0x5e0 [ 55.885808] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.890656] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 55.895680] ? prepare_exit_to_usermode+0x291/0x3b0 [ 55.900696] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.905537] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.910722] RIP: 0033:0x43f028 [ 55.913913] Code: Bad RIP value. [ 55.917269] RSP: 002b:00007fffcb3b95b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 55.924974] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 55.932238] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 55.939504] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 55.946768] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 55.954034] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 55.961306] [ 55.961312] ====================================================== [ 55.961317] WARNING: possible circular locking dependency detected [ 55.961321] 4.19.0-rc2+ #225 Not tainted [ 55.961327] ------------------------------------------------------ [ 55.961331] syz-executor203/4674 is trying to acquire lock: [ 55.961335] 0000000032fb1656 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 55.961350] [ 55.961354] but task is already holding lock: [ 55.961357] 000000008657fbb6 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 55.961371] [ 55.961376] which lock already depends on the new lock. [ 55.961378] [ 55.961381] [ 55.961386] the existing dependency chain (in reverse order) is: [ 55.961388] [ 55.961390] -> #3 (report_lock){....}: [ 55.961405] _raw_spin_lock_irqsave+0x96/0xc0 [ 55.961408] kasan_report+0x8e/0x110 [ 55.961413] __asan_report_load8_noabort+0x14/0x20 [ 55.961417] __schedule+0xf54/0x1df0 [ 55.961421] preempt_schedule_common+0x22/0x60 [ 55.961425] _cond_resched+0x1d/0x30 [ 55.961429] wait_for_completion+0xa5/0x8d0 [ 55.961434] __synchronize_srcu+0x189/0x240 [ 55.961438] synchronize_srcu+0x335/0x56f [ 55.961443] kvm_page_track_unregister_notifier+0x17d/0x250 [ 55.961447] kvm_mmu_uninit_vm+0x1c/0x20 [ 55.961451] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 55.961455] kvm_put_kvm+0x73f/0x1060 [ 55.961459] kvm_vm_release+0x42/0x50 [ 55.961462] __fput+0x38a/0xa40 [ 55.961466] ____fput+0x15/0x20 [ 55.961470] task_work_run+0x1e8/0x2a0 [ 55.961473] do_exit+0x1ae4/0x26e0 [ 55.961477] do_group_exit+0x177/0x440 [ 55.961481] __x64_sys_exit_group+0x3e/0x50 [ 55.961485] do_syscall_64+0x1b9/0x820 [ 55.961490] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.961492] [ 55.961495] -> #2 (&rq->lock){-.-.}: [ 55.961508] _raw_spin_lock+0x2a/0x40 [ 55.961512] task_fork_fair+0x93/0x680 [ 55.961516] sched_fork+0x44b/0xbd0 [ 55.961520] copy_process+0x235e/0x7af0 [ 55.961524] _do_fork+0x1ca/0x1170 [ 55.961528] kernel_thread+0x34/0x40 [ 55.961531] rest_init+0x22/0xe4 [ 55.961535] start_kernel+0x913/0x94e [ 55.961539] x86_64_start_reservations+0x29/0x2b [ 55.961544] x86_64_start_kernel+0x76/0x79 [ 55.961548] secondary_startup_64+0xa4/0xb0 [ 55.961550] [ 55.961552] -> #1 (&p->pi_lock){-.-.}: [ 55.961567] _raw_spin_lock_irqsave+0x96/0xc0 [ 55.961571] try_to_wake_up+0xd2/0x1250 [ 55.961575] wake_up_process+0x10/0x20 [ 55.961578] __up.isra.1+0x1c0/0x2a0 [ 55.961582] up+0x13c/0x1c0 [ 55.961586] __up_console_sem+0xbe/0x1b0 [ 55.961590] console_unlock+0x506/0x10e0 [ 55.961594] vprintk_emit+0x33a/0x910 [ 55.961597] vprintk_default+0x28/0x30 [ 55.961601] vprintk_func+0x7a/0x117 [ 55.961605] printk+0xa7/0xcf [ 55.961608] load_umh+0x51/0xbd [ 55.961612] do_one_initcall+0x127/0x838 [ 55.961616] kernel_init_freeable+0x4bb/0x5ae [ 55.961620] kernel_init+0x11/0x1b3 [ 55.961624] ret_from_fork+0x3a/0x50 [ 55.961627] [ 55.961629] -> #0 ((console_sem).lock){-...}: [ 55.961643] lock_acquire+0x1e4/0x4f0 [ 55.961655] _raw_spin_lock_irqsave+0x96/0xc0 [ 55.961659] down_trylock+0x13/0x70 [ 55.961663] __down_trylock_console_sem+0xae/0x200 [ 55.961667] console_trylock+0x15/0xa0 [ 55.961671] vprintk_emit+0x31f/0x910 [ 55.961675] vprintk_default+0x28/0x30 [ 55.961679] vprintk_func+0x7a/0x117 [ 55.961682] printk+0xa7/0xcf [ 55.961686] kasan_report+0x9e/0x110 [ 55.961691] __asan_report_load8_noabort+0x14/0x20 [ 55.961695] __schedule+0xf54/0x1df0 [ 55.961699] preempt_schedule_common+0x22/0x60 [ 55.961703] _cond_resched+0x1d/0x30 [ 55.961707] wait_for_completion+0xa5/0x8d0 [ 55.961711] __synchronize_srcu+0x189/0x240 [ 55.961715] synchronize_srcu+0x335/0x56f [ 55.961720] kvm_page_track_unregister_notifier+0x17d/0x250 [ 55.961724] kvm_mmu_uninit_vm+0x1c/0x20 [ 55.961729] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 55.961733] kvm_put_kvm+0x73f/0x1060 [ 55.961736] kvm_vm_release+0x42/0x50 [ 55.961740] __fput+0x38a/0xa40 [ 55.961744] ____fput+0x15/0x20 [ 55.961747] task_work_run+0x1e8/0x2a0 [ 55.961751] do_exit+0x1ae4/0x26e0 [ 55.961755] do_group_exit+0x177/0x440 [ 55.961759] __x64_sys_exit_group+0x3e/0x50 [ 55.961763] do_syscall_64+0x1b9/0x820 [ 55.961768] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.961770] [ 55.961774] other info that might help us debug this: [ 55.961777] [ 55.961780] Chain exists of: [ 55.961782] (console_sem).lock --> &rq->lock --> report_lock [ 55.961800] [ 55.961804] Possible unsafe locking scenario: [ 55.961806] [ 55.961810] CPU0 CPU1 [ 55.961814] ---- ---- [ 55.961817] lock(report_lock); [ 55.961826] lock(&rq->lock); [ 55.961835] lock(report_lock); [ 55.961843] lock((console_sem).lock); [ 55.961851] [ 55.961855] *** DEADLOCK *** [ 55.961857] [ 55.961861] 2 locks held by syz-executor203/4674: [ 55.961863] #0: 0000000052c07bc4 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 55.961880] #1: 000000008657fbb6 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 55.961897] [ 55.961900] stack backtrace: [ 55.961906] CPU: 0 PID: 4674 Comm: syz-executor203 Not tainted 4.19.0-rc2+ #225 [ 55.961913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.961917] Call Trace: [ 55.961920] dump_stack+0x1c9/0x2b4 [ 55.961925] ? dump_stack_print_info.cold.2+0x52/0x52 [ 55.961929] ? vprintk_func+0x100/0x117 [ 55.961934] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 55.961937] ? save_trace+0xe0/0x290 [ 55.961942] __lock_acquire+0x3449/0x5020 [ 55.961946] ? mark_held_locks+0x160/0x160 [ 55.961950] ? mark_held_locks+0x160/0x160 [ 55.961954] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 55.961958] ? is_bpf_text_address+0xd7/0x170 [ 55.961962] ? kernel_text_address+0x79/0xf0 [ 55.961967] ? __kernel_text_address+0xd/0x40 [ 55.961971] ? __save_stack_trace+0x8d/0xf0 [ 55.961975] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 55.961979] ? save_trace+0x290/0x290 [ 55.961983] ? save_stack_trace+0x1a/0x20 [ 55.961987] ? save_trace+0xe0/0x290 [ 55.961991] ? graph_lock+0x170/0x170 [ 55.961995] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 55.961999] lock_acquire+0x1e4/0x4f0 [ 55.962003] ? down_trylock+0x13/0x70 [ 55.962007] ? lock_release+0x9f0/0x9f0 [ 55.962011] ? trace_hardirqs_off+0xb8/0x2c0 [ 55.962015] ? trace_hardirqs_on+0x2c0/0x2c0 [ 55.962020] ? trace_hardirqs_off+0xb8/0x2c0 [ 55.962023] ? log_store+0x34f/0x4c0 [ 55.962027] ? vprintk_emit+0x31f/0x910 [ 55.962031] _raw_spin_lock_irqsave+0x96/0xc0 [ 55.962035] ? down_trylock+0x13/0x70 [ 55.962039] down_trylock+0x13/0x70 [ 55.962043] __down_trylock_console_sem+0xae/0x200 [ 55.962047] console_trylock+0x15/0xa0 [ 55.962051] vprintk_emit+0x31f/0x910 [ 55.962055] ? wake_up_klogd+0x110/0x110 [ 55.962059] ? run_rebalance_domains+0x4c0/0x4c0 [ 55.962063] ? kasan_check_read+0x11/0x20 [ 55.962067] ? rcu_is_watching+0x8c/0x150 [ 55.962071] ? rcu_pm_notify+0xc0/0xc0 [ 55.962075] ? lock_acquire+0x1e4/0x4f0 [ 55.962079] ? kasan_report+0x8e/0x110 [ 55.962083] ? __schedule+0xf54/0x1df0 [ 55.962087] vprintk_default+0x28/0x30 [ 55.962090] vprintk_func+0x7a/0x117 [ 55.962094] printk+0xa7/0xcf [ 55.962098] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 55.962102] ? kasan_check_write+0x14/0x20 [ 55.962106] ? do_raw_spin_lock+0xc1/0x200 [ 55.962110] ? do_raw_spin_lock+0xc1/0x200 [ 55.962114] kasan_report+0x9e/0x110 [ 55.962118] __asan_report_load8_noabort+0x14/0x20 [ 55.962127] __schedule+0xf54/0x1df0 [ 55.962131] ? __sched_text_start+0x8/0x8 [ 55.962136] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 55.962140] ? __call_srcu+0x7e7/0x1040 [ 55.962144] ? check_same_owner+0x340/0x340 [ 55.962148] ? mark_held_locks+0x160/0x160 [ 55.962152] ? find_held_lock+0x36/0x1c0 [ 55.962156] preempt_schedule_common+0x22/0x60 [ 55.962160] _cond_resched+0x1d/0x30 [ 55.962164] wait_for_completion+0xa5/0x8d0 [ 55.962169] ? wait_for_completion_interruptible+0x950/0x950 [ 55.962173] ? __lockdep_init_map+0x105/0x590 [ 55.962178] ? __init_waitqueue_head+0x9e/0x150 [ 55.962182] ? init_wait_entry+0x1c0/0x1c0 [ 55.962186] __synchronize_srcu+0x189/0x240 [ 55.962190] ? call_srcu+0x10/0x10 [ 55.962194] ? rcu_unexpedite_gp+0x20/0x20 [ 55.962198] synchronize_srcu+0x335/0x56f [ 55.962202] ? lock_downgrade+0x8f0/0x8f0 [ 55.962207] ? synchronize_srcu_expedited+0x20/0x20 [ 55.962211] ? kasan_check_read+0x11/0x20 [ 55.962215] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 55.962219] ? kasan_check_write+0x14/0x20 [ 55.962223] ? do_raw_spin_lock+0xc1/0x200 [ 55.962228] kvm_page_track_unregister_notifier+0x17d/0x250 [ 55.962233] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 55.962236] ? kvfree+0x61/0x70 [ 55.962241] ? rcu_read_lock_sched_held+0x108/0x120 [ 55.962245] kvm_mmu_uninit_vm+0x1c/0x20 [ 55.962249] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 55.962253] ? kvm_arch_sync_events+0x30/0x30 [ 55.962258] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 55.962263] ? mmu_notifier_unregister+0x474/0x600 [ 55.962267] ? trace_hardirqs_on+0x2c0/0x2c0 [ 55.962271] ? kfree+0x111/0x210 [ 55.962275] ? __mmu_notifier_register+0x30/0x30 [ 55.962279] ? __free_pages+0x10a/0x190 [ 55.962283] ? free_unref_page+0x930/0x930 [ 55.962287] kvm_put_kvm+0x73f/0x1060 [ 55.962291] ? kvm_write_guest_cached+0x40/0x40 [ 55.962295] ? _raw_spin_unlock_irq+0x27/0x70 [ 55.962299] ? _raw_spin_unlock_irq+0x27/0x70 [ 55.962304] ? lockdep_hardirqs_on+0x421/0x5c0 [ 55.962308] ? kasan_check_write+0x14/0x20 [ 55.962312] ? do_raw_spin_lock+0xc1/0x200 [ 55.962316] ? kvm_irqfd_release+0xdd/0x120 [ 55.962320] ? kvm_irqfd_release+0xdd/0x120 [ 55.962324] ? kvm_put_kvm+0x1060/0x1060 [ 55.962328] kvm_vm_release+0x42/0x50 [ 55.962331] __fput+0x38a/0xa40 [ 55.962335] ? __alloc_file+0x400/0x400 [ 55.962339] ? check_same_owner+0x340/0x340 [ 55.962343] ? kasan_check_write+0x14/0x20 [ 55.962347] ? do_raw_spin_lock+0xc1/0x200 [ 55.962351] ____fput+0x15/0x20 [ 55.962355] task_work_run+0x1e8/0x2a0 [ 55.962359] ? task_work_cancel+0x240/0x240 [ 55.962364] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 55.962368] ? switch_task_namespaces+0xa2/0xd0 [ 55.962372] do_exit+0x1ae4/0x26e0 [ 55.962376] ? mm_update_next_owner+0x9a0/0x9a0 [ 55.962380] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 55.962384] ? rcu_read_lock_sched_held+0x108/0x120 [ 55.962388] ? kfree+0x1d7/0x210 [ 55.962392] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 55.962397] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 55.962401] ? is_bpf_text_address+0xd7/0x170 [ 55.962404] ? [ 55.962411] Lost 54 message(s)! [ 57.039079] Shutting down cpus with NMI [ 58.098867] Dumping ftrace buffer: [ 58.102394] (ftrace buffer empty) [ 58.106084] Kernel Offset: disabled [ 58.109693] Rebooting in 86400 seconds..