[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.764947] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.902379] random: sshd: uninitialized urandom read (32 bytes read) [ 28.272103] random: sshd: uninitialized urandom read (32 bytes read) [ 28.831280] random: sshd: uninitialized urandom read (32 bytes read) [ 29.011358] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.45' (ECDSA) to the list of known hosts. [ 34.623586] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.721933] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.746884] ================================================================== [ 34.756797] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 34.763028] Read of size 8 at addr ffff8801b8638058 by task syz-executor916/4657 [ 34.770559] [ 34.772191] CPU: 1 PID: 4657 Comm: syz-executor916 Not tainted 4.19.0-rc1+ #217 [ 34.779630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.788981] Call Trace: [ 34.791583] dump_stack+0x1c9/0x2b4 [ 34.795211] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.800404] ? printk+0xa7/0xcf [ 34.803683] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.808444] ? __schedule+0xf54/0x1df0 [ 34.812331] print_address_description+0x6c/0x20b [ 34.817183] ? __schedule+0xf54/0x1df0 [ 34.821166] kasan_report.cold.7+0x242/0x30d [ 34.825580] __asan_report_load8_noabort+0x14/0x20 [ 34.830515] __schedule+0xf54/0x1df0 [ 34.834234] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.839340] ? __sched_text_start+0x8/0x8 [ 34.843490] ? __call_srcu+0x7e7/0x1040 [ 34.847480] ? check_same_owner+0x340/0x340 [ 34.851804] ? mark_held_locks+0x160/0x160 [ 34.856042] ? find_held_lock+0x36/0x1c0 [ 34.860109] preempt_schedule_common+0x22/0x60 [ 34.864712] _cond_resched+0x1d/0x30 [ 34.868434] wait_for_completion+0xa5/0x8d0 [ 34.872758] ? wait_for_completion_interruptible+0x950/0x950 [ 34.878558] ? __lockdep_init_map+0x105/0x590 [ 34.883066] ? __init_waitqueue_head+0x9e/0x150 [ 34.887731] ? init_wait_entry+0x1c0/0x1c0 [ 34.891965] __synchronize_srcu+0x189/0x240 [ 34.896280] ? call_srcu+0x10/0x10 [ 34.899828] ? rcu_unexpedite_gp+0x20/0x20 [ 34.904077] synchronize_srcu+0x335/0x56f [ 34.908222] ? lock_downgrade+0x8f0/0x8f0 [ 34.912370] ? synchronize_srcu_expedited+0x20/0x20 [ 34.917390] ? kasan_check_read+0x11/0x20 [ 34.921553] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.926136] ? kasan_check_write+0x14/0x20 [ 34.930379] ? do_raw_spin_lock+0xc1/0x200 [ 34.934624] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.940336] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.945785] ? kvfree+0x61/0x70 [ 34.949075] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.954090] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.958147] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.962555] ? kvm_arch_sync_events+0x30/0x30 [ 34.967061] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.972601] ? mmu_notifier_unregister+0x474/0x600 [ 34.977530] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.981933] ? kfree+0x111/0x210 [ 34.985299] ? __mmu_notifier_register+0x30/0x30 [ 34.990059] ? __free_pages+0x10a/0x190 [ 34.994051] ? free_unref_page+0x930/0x930 [ 34.998298] kvm_put_kvm+0x73f/0x1060 [ 35.002106] ? kvm_write_guest_cached+0x40/0x40 [ 35.006786] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.011284] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.015783] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.020371] ? kasan_check_write+0x14/0x20 [ 35.024613] ? do_raw_spin_lock+0xc1/0x200 [ 35.028847] ? kvm_irqfd_release+0xdd/0x120 [ 35.033164] ? kvm_irqfd_release+0xdd/0x120 [ 35.037494] ? kvm_put_kvm+0x1060/0x1060 [ 35.041553] kvm_vm_release+0x42/0x50 [ 35.045354] __fput+0x38a/0xa40 [ 35.048633] ? __alloc_file+0x400/0x400 [ 35.052614] ? check_same_owner+0x340/0x340 [ 35.056934] ? kasan_check_write+0x14/0x20 [ 35.061169] ? do_raw_spin_lock+0xc1/0x200 [ 35.065403] ____fput+0x15/0x20 [ 35.068696] task_work_run+0x1e8/0x2a0 [ 35.072580] ? task_work_cancel+0x240/0x240 [ 35.076914] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.082453] ? switch_task_namespaces+0xa2/0xd0 [ 35.087144] do_exit+0x1ae4/0x26e0 [ 35.090687] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.095358] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.099589] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.104630] ? kfree+0x1d7/0x210 [ 35.107998] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.112230] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.117971] ? is_bpf_text_address+0xd7/0x170 [ 35.122479] ? kernel_text_address+0x79/0xf0 [ 35.126886] ? __kernel_text_address+0xd/0x40 [ 35.131384] ? unwind_get_return_address+0x61/0xa0 [ 35.136316] ? __save_stack_trace+0x8d/0xf0 [ 35.140651] ? save_stack+0xa9/0xd0 [ 35.144287] ? save_stack+0x43/0xd0 [ 35.147912] ? __kasan_slab_free+0x11a/0x170 [ 35.152321] ? kasan_slab_free+0xe/0x10 [ 35.156290] ? putname+0xf2/0x130 [ 35.159749] ? __x64_sys_openat+0x9d/0x100 [ 35.163980] ? do_syscall_64+0x1b9/0x820 [ 35.168049] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.173412] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.177825] ? kasan_check_read+0x11/0x20 [ 35.181978] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.186392] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.190804] ? initcall_blacklisted+0x9a/0x1e0 [ 35.195397] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.200502] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.206217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.211759] ? do_vfs_ioctl+0x201/0x1720 [ 35.215825] ? rcu_is_watching+0x8c/0x150 [ 35.219971] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.224292] ? ioctl_preallocate+0x300/0x300 [ 35.228705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.234249] ? __fget_light+0x2f7/0x440 [ 35.238225] ? fget_raw+0x20/0x20 [ 35.241690] ? putname+0xf2/0x130 [ 35.245145] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.250164] ? kmem_cache_free+0x246/0x280 [ 35.254407] ? putname+0xf7/0x130 [ 35.257859] do_group_exit+0x177/0x440 [ 35.261743] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.266073] ? __ia32_sys_exit+0x50/0x50 [ 35.270132] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.275234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.280776] ? ksys_ioctl+0x81/0xd0 [ 35.284430] __x64_sys_exit_group+0x3e/0x50 [ 35.288771] do_syscall_64+0x1b9/0x820 [ 35.292661] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.298045] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.302988] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.307827] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.312853] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.317895] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.322739] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.327924] RIP: 0033:0x43ef08 [ 35.331117] Code: Bad RIP value. [ 35.334474] RSP: 002b:00007ffdb3649a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.342178] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 35.349453] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.356716] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.363986] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.371251] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.378532] [ 35.380156] Allocated by task 4657: [ 35.383796] save_stack+0x43/0xd0 [ 35.387247] kasan_kmalloc+0xc4/0xe0 [ 35.391131] kasan_slab_alloc+0x12/0x20 [ 35.395102] kmem_cache_alloc+0x12e/0x710 [ 35.399257] vmx_create_vcpu+0xcf/0x2830 [ 35.403314] kvm_arch_vcpu_create+0xe5/0x220 [ 35.407721] kvm_vm_ioctl+0x488/0x1d80 [ 35.411605] do_vfs_ioctl+0x1de/0x1720 [ 35.415489] ksys_ioctl+0xa9/0xd0 [ 35.418945] __x64_sys_ioctl+0x73/0xb0 [ 35.422829] do_syscall_64+0x1b9/0x820 [ 35.426714] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.432374] [ 35.433996] Freed by task 4657: [ 35.437279] save_stack+0x43/0xd0 [ 35.440730] __kasan_slab_free+0x11a/0x170 [ 35.444961] kasan_slab_free+0xe/0x10 [ 35.448754] kmem_cache_free+0x86/0x280 [ 35.452729] vmx_free_vcpu+0x26b/0x300 [ 35.456611] kvm_arch_destroy_vm+0x365/0x7c0 [ 35.461019] kvm_put_kvm+0x73f/0x1060 [ 35.464824] kvm_vm_release+0x42/0x50 [ 35.468635] __fput+0x38a/0xa40 [ 35.472012] ____fput+0x15/0x20 [ 35.475301] task_work_run+0x1e8/0x2a0 [ 35.479183] do_exit+0x1ae4/0x26e0 [ 35.482715] do_group_exit+0x177/0x440 [ 35.486603] __x64_sys_exit_group+0x3e/0x50 [ 35.490922] do_syscall_64+0x1b9/0x820 [ 35.494813] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.499990] [ 35.501614] The buggy address belongs to the object at ffff8801b8638040 [ 35.501614] which belongs to the cache kvm_vcpu of size 23872 [ 35.514192] The buggy address is located 24 bytes inside of [ 35.514192] 23872-byte region [ffff8801b8638040, ffff8801b863dd80) [ 35.526156] The buggy address belongs to the page: [ 35.531087] page:ffffea0006e18e00 count:1 mapcount:0 mapping:ffff8801d53de6c0 index:0x0 compound_mapcount: 0 [ 35.541068] flags: 0x2fffc0000008100(slab|head) [ 35.545740] raw: 02fffc0000008100 ffff8801d53e4a48 ffff8801d53e4a48 ffff8801d53de6c0 [ 35.553623] raw: 0000000000000000 ffff8801b8638040 0000000100000001 0000000000000000 [ 35.561502] page dumped because: kasan: bad access detected [ 35.567203] [ 35.568816] Memory state around the buggy address: [ 35.573763] ffff8801b8637f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc [ 35.581131] ffff8801b8637f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.588486] >ffff8801b8638000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 35.595839] ^ [ 35.602078] ffff8801b8638080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.609441] ffff8801b8638100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.616796] ================================================================== [ 35.624149] Kernel panic - not syncing: panic_on_warn set ... [ 35.624149] [ 35.631528] CPU: 1 PID: 4657 Comm: syz-executor916 Tainted: G B 4.19.0-rc1+ #217 [ 35.640361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.649741] Call Trace: [ 35.652352] dump_stack+0x1c9/0x2b4 [ 35.655984] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.661173] ? lock_downgrade+0x8f0/0x8f0 [ 35.665326] ? __schedule+0xf54/0x1df0 [ 35.669212] panic+0x238/0x4e7 [ 35.672403] ? add_taint.cold.5+0x16/0x16 [ 35.676559] ? print_shadow_for_address+0xba/0x116 [ 35.681490] ? trace_hardirqs_off+0xaf/0x2b0 [ 35.685904] ? trace_hardirqs_off+0x77/0x2b0 [ 35.690315] ? __schedule+0xf54/0x1df0 [ 35.694208] kasan_end_report+0x47/0x4f [ 35.698180] kasan_report.cold.7+0x76/0x30d [ 35.702522] __asan_report_load8_noabort+0x14/0x20 [ 35.707452] __schedule+0xf54/0x1df0 [ 35.711163] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.716265] ? __sched_text_start+0x8/0x8 [ 35.720438] ? __call_srcu+0x7e7/0x1040 [ 35.724423] ? check_same_owner+0x340/0x340 [ 35.728739] ? mark_held_locks+0x160/0x160 [ 35.732970] ? find_held_lock+0x36/0x1c0 [ 35.737049] preempt_schedule_common+0x22/0x60 [ 35.741632] _cond_resched+0x1d/0x30 [ 35.745344] wait_for_completion+0xa5/0x8d0 [ 35.749677] ? wait_for_completion_interruptible+0x950/0x950 [ 35.755485] ? __lockdep_init_map+0x105/0x590 [ 35.759984] ? __init_waitqueue_head+0x9e/0x150 [ 35.764651] ? init_wait_entry+0x1c0/0x1c0 [ 35.768891] __synchronize_srcu+0x189/0x240 [ 35.773231] ? call_srcu+0x10/0x10 [ 35.776773] ? rcu_unexpedite_gp+0x20/0x20 [ 35.781026] synchronize_srcu+0x335/0x56f [ 35.785183] ? lock_downgrade+0x8f0/0x8f0 [ 35.789328] ? synchronize_srcu_expedited+0x20/0x20 [ 35.794354] ? kasan_check_read+0x11/0x20 [ 35.798503] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.803082] ? kasan_check_write+0x14/0x20 [ 35.807316] ? do_raw_spin_lock+0xc1/0x200 [ 35.811560] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.817271] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.822737] ? kvfree+0x61/0x70 [ 35.826028] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.831070] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.835168] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.839581] ? kvm_arch_sync_events+0x30/0x30 [ 35.844969] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.850532] ? mmu_notifier_unregister+0x474/0x600 [ 35.855459] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.859863] ? kfree+0x111/0x210 [ 35.863230] ? __mmu_notifier_register+0x30/0x30 [ 35.867995] ? __free_pages+0x10a/0x190 [ 35.871973] ? free_unref_page+0x930/0x930 [ 35.876217] kvm_put_kvm+0x73f/0x1060 [ 35.880024] ? kvm_write_guest_cached+0x40/0x40 [ 35.884708] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.889212] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.894286] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.898876] ? kasan_check_write+0x14/0x20 [ 35.903111] ? do_raw_spin_lock+0xc1/0x200 [ 35.907356] ? kvm_irqfd_release+0xdd/0x120 [ 35.911679] ? kvm_irqfd_release+0xdd/0x120 [ 35.915999] ? kvm_put_kvm+0x1060/0x1060 [ 35.920067] kvm_vm_release+0x42/0x50 [ 35.923869] __fput+0x38a/0xa40 [ 35.927148] ? __alloc_file+0x400/0x400 [ 35.931128] ? check_same_owner+0x340/0x340 [ 35.935454] ? kasan_check_write+0x14/0x20 [ 35.939693] ? do_raw_spin_lock+0xc1/0x200 [ 35.943929] ____fput+0x15/0x20 [ 35.947216] task_work_run+0x1e8/0x2a0 [ 35.951109] ? task_work_cancel+0x240/0x240 [ 35.955436] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.960974] ? switch_task_namespaces+0xa2/0xd0 [ 35.965648] do_exit+0x1ae4/0x26e0 [ 35.969204] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.973878] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.978112] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.983129] ? kfree+0x1d7/0x210 [ 35.986499] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.990737] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.996492] ? is_bpf_text_address+0xd7/0x170 [ 36.000987] ? kernel_text_address+0x79/0xf0 [ 36.005397] ? __kernel_text_address+0xd/0x40 [ 36.009897] ? unwind_get_return_address+0x61/0xa0 [ 36.014838] ? __save_stack_trace+0x8d/0xf0 [ 36.019167] ? save_stack+0xa9/0xd0 [ 36.022788] ? save_stack+0x43/0xd0 [ 36.026425] ? __kasan_slab_free+0x11a/0x170 [ 36.030842] ? kasan_slab_free+0xe/0x10 [ 36.034816] ? putname+0xf2/0x130 [ 36.038271] ? __x64_sys_openat+0x9d/0x100 [ 36.042515] ? do_syscall_64+0x1b9/0x820 [ 36.046575] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.051950] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.056355] ? kasan_check_read+0x11/0x20 [ 36.060522] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.064935] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.069351] ? initcall_blacklisted+0x9a/0x1e0 [ 36.073936] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.079058] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.084787] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.090337] ? do_vfs_ioctl+0x201/0x1720 [ 36.094401] ? rcu_is_watching+0x8c/0x150 [ 36.098548] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.102877] ? ioctl_preallocate+0x300/0x300 [ 36.107300] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.112861] ? __fget_light+0x2f7/0x440 [ 36.116836] ? fget_raw+0x20/0x20 [ 36.120289] ? putname+0xf2/0x130 [ 36.123747] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.128776] ? kmem_cache_free+0x246/0x280 [ 36.133017] ? putname+0xf7/0x130 [ 36.136482] do_group_exit+0x177/0x440 [ 36.140376] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.144702] ? __ia32_sys_exit+0x50/0x50 [ 36.148769] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.153880] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.159420] ? ksys_ioctl+0x81/0xd0 [ 36.163058] __x64_sys_exit_group+0x3e/0x50 [ 36.167393] do_syscall_64+0x1b9/0x820 [ 36.171290] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.176663] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.181594] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.186460] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.191488] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.196503] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.201348] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.206541] RIP: 0033:0x43ef08 [ 36.209733] Code: Bad RIP value. [ 36.213090] RSP: 002b:00007ffdb3649a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.220822] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 36.228102] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.235460] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.242737] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.250013] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.257303] [ 36.257309] ====================================================== [ 36.257314] WARNING: possible circular locking dependency detected [ 36.257318] 4.19.0-rc1+ #217 Not tainted [ 36.257323] ------------------------------------------------------ [ 36.257328] syz-executor916/4657 is trying to acquire lock: [ 36.257331] 00000000ec69e08a ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 36.257346] [ 36.257350] but task is already holding lock: [ 36.257353] 00000000ea3ccc22 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.257368] [ 36.257372] which lock already depends on the new lock. [ 36.257374] [ 36.257376] [ 36.257381] the existing dependency chain (in reverse order) is: [ 36.257384] [ 36.257386] -> #3 (report_lock){....}: [ 36.257399] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.257403] kasan_report+0x8e/0x110 [ 36.257407] __asan_report_load8_noabort+0x14/0x20 [ 36.257411] __schedule+0xf54/0x1df0 [ 36.257415] preempt_schedule_common+0x22/0x60 [ 36.257419] _cond_resched+0x1d/0x30 [ 36.257423] wait_for_completion+0xa5/0x8d0 [ 36.257427] __synchronize_srcu+0x189/0x240 [ 36.257432] synchronize_srcu+0x335/0x56f [ 36.257437] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.257441] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.257445] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.257449] kvm_put_kvm+0x73f/0x1060 [ 36.257452] kvm_vm_release+0x42/0x50 [ 36.257456] __fput+0x38a/0xa40 [ 36.257460] ____fput+0x15/0x20 [ 36.257463] task_work_run+0x1e8/0x2a0 [ 36.257467] do_exit+0x1ae4/0x26e0 [ 36.257471] do_group_exit+0x177/0x440 [ 36.257475] __x64_sys_exit_group+0x3e/0x50 [ 36.257479] do_syscall_64+0x1b9/0x820 [ 36.257484] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.257486] [ 36.257488] -> #2 (&rq->lock){-.-.}: [ 36.257502] _raw_spin_lock+0x2a/0x40 [ 36.257506] task_fork_fair+0x93/0x680 [ 36.257510] sched_fork+0x44b/0xbd0 [ 36.257514] copy_process+0x235e/0x7ad0 [ 36.257517] _do_fork+0x1ca/0x1170 [ 36.257521] kernel_thread+0x34/0x40 [ 36.257525] rest_init+0x22/0xe4 [ 36.257529] start_kernel+0x913/0x94e [ 36.257533] x86_64_start_reservations+0x29/0x2b [ 36.257537] x86_64_start_kernel+0x76/0x79 [ 36.257541] secondary_startup_64+0xa4/0xb0 [ 36.257543] [ 36.257546] -> #1 (&p->pi_lock){-.-.}: [ 36.257560] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.257564] try_to_wake_up+0xd2/0x1250 [ 36.257568] wake_up_process+0x10/0x20 [ 36.257571] __up.isra.1+0x1c0/0x2a0 [ 36.257575] up+0x13c/0x1c0 [ 36.257579] __up_console_sem+0xbe/0x1b0 [ 36.257583] console_unlock+0x506/0x10d0 [ 36.257587] vprintk_emit+0x33a/0x910 [ 36.257590] vprintk_default+0x28/0x30 [ 36.257594] vprintk_func+0x7a/0x117 [ 36.257597] printk+0xa7/0xcf [ 36.257601] load_umh+0x51/0xbd [ 36.257605] do_one_initcall+0x127/0x838 [ 36.257609] kernel_init_freeable+0x4bb/0x5ae [ 36.257613] kernel_init+0x11/0x1b3 [ 36.257617] ret_from_fork+0x3a/0x50 [ 36.257619] [ 36.257621] -> #0 ((console_sem).lock){-...}: [ 36.257635] lock_acquire+0x1e4/0x4f0 [ 36.257640] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.257643] down_trylock+0x13/0x70 [ 36.257648] __down_trylock_console_sem+0xae/0x200 [ 36.257652] console_trylock+0x15/0xa0 [ 36.257655] vprintk_emit+0x31f/0x910 [ 36.257659] vprintk_default+0x28/0x30 [ 36.257663] vprintk_func+0x7a/0x117 [ 36.257667] printk+0xa7/0xcf [ 36.257670] kasan_report+0x9e/0x110 [ 36.257675] __asan_report_load8_noabort+0x14/0x20 [ 36.257679] __schedule+0xf54/0x1df0 [ 36.257683] preempt_schedule_common+0x22/0x60 [ 36.257687] _cond_resched+0x1d/0x30 [ 36.257691] wait_for_completion+0xa5/0x8d0 [ 36.257695] __synchronize_srcu+0x189/0x240 [ 36.257699] synchronize_srcu+0x335/0x56f [ 36.257704] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.257708] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.257712] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.257716] kvm_put_kvm+0x73f/0x1060 [ 36.257720] kvm_vm_release+0x42/0x50 [ 36.257723] __fput+0x38a/0xa40 [ 36.257727] ____fput+0x15/0x20 [ 36.257730] task_work_run+0x1e8/0x2a0 [ 36.257734] do_exit+0x1ae4/0x26e0 [ 36.257738] do_group_exit+0x177/0x440 [ 36.257742] __x64_sys_exit_group+0x3e/0x50 [ 36.257746] do_syscall_64+0x1b9/0x820 [ 36.257751] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.257753] [ 36.257757] other info that might help us debug this: [ 36.257759] [ 36.257762] Chain exists of: [ 36.257764] (console_sem).lock --> &rq->lock --> report_lock [ 36.257782] [ 36.257786] Possible unsafe locking scenario: [ 36.257789] [ 36.257798] CPU0 CPU1 [ 36.257802] ---- ---- [ 36.257805] lock(report_lock); [ 36.257814] lock(&rq->lock); [ 36.257823] lock(report_lock); [ 36.257831] lock((console_sem).lock); [ 36.257839] [ 36.257842] *** DEADLOCK *** [ 36.257845] [ 36.257849] 2 locks held by syz-executor916/4657: [ 36.257851] #0: 000000005ee6c7cc (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 36.257868] #1: 00000000ea3ccc22 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.257884] [ 36.257888] stack backtrace: [ 36.257894] CPU: 1 PID: 4657 Comm: syz-executor916 Not tainted 4.19.0-rc1+ #217 [ 36.257901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.257904] Call Trace: [ 36.257907] dump_stack+0x1c9/0x2b4 [ 36.257912] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.257916] ? vprintk_func+0x100/0x117 [ 36.257921] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 36.257924] ? save_trace+0xe0/0x290 [ 36.257929] __lock_acquire+0x3449/0x5020 [ 36.257933] ? mark_held_locks+0x160/0x160 [ 36.257937] ? mark_held_locks+0x160/0x160 [ 36.257941] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.257945] ? is_bpf_text_address+0xd7/0x170 [ 36.257949] ? kernel_text_address+0x79/0xf0 [ 36.257953] ? __kernel_text_address+0xd/0x40 [ 36.257957] ? __save_stack_trace+0x8d/0xf0 [ 36.257962] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 36.257966] ? save_trace+0x290/0x290 [ 36.257970] ? save_stack_trace+0x1a/0x20 [ 36.257973] ? save_trace+0xe0/0x290 [ 36.257977] ? graph_lock+0x170/0x170 [ 36.257982] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.257986] lock_acquire+0x1e4/0x4f0 [ 36.257990] ? down_trylock+0x13/0x70 [ 36.257993] ? lock_release+0x9f0/0x9f0 [ 36.257997] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.258002] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.258006] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.258009] ? log_store+0x34f/0x4c0 [ 36.258013] ? vprintk_emit+0x31f/0x910 [ 36.258017] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.258021] ? down_trylock+0x13/0x70 [ 36.258025] down_trylock+0x13/0x70 [ 36.258037] __down_trylock_console_sem+0xae/0x200 [ 36.258041] console_trylock+0x15/0xa0 [ 36.258045] vprintk_emit+0x31f/0x910 [ 36.258049] ? wake_up_klogd+0x110/0x110 [ 36.258053] ? run_rebalance_domains+0x4c0/0x4c0 [ 36.258057] ? kasan_check_read+0x11/0x20 [ 36.258061] ? rcu_is_watching+0x8c/0x150 [ 36.258065] ? rcu_pm_notify+0xc0/0xc0 [ 36.258069] ? lock_acquire+0x1e4/0x4f0 [ 36.258073] ? kasan_report+0x8e/0x110 [ 36.258076] ? __schedule+0xf54/0x1df0 [ 36.258080] vprintk_default+0x28/0x30 [ 36.258084] vprintk_func+0x7a/0x117 [ 36.258087] printk+0xa7/0xcf [ 36.258092] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.258096] ? kasan_check_write+0x14/0x20 [ 36.258100] ? do_raw_spin_lock+0xc1/0x200 [ 36.258104] ? do_raw_spin_lock+0xc1/0x200 [ 36.258107] kasan_report+0x9e/0x110 [ 36.258112] __asan_report_load8_noabort+0x14/0x20 [ 36.258115] __schedule+0xf54/0x1df0 [ 36.258120] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.258124] ? __sched_text_start+0x8/0x8 [ 36.258128] ? __call_srcu+0x7e7/0x1040 [ 36.258132] ? check_same_owner+0x340/0x340 [ 36.258136] ? mark_held_locks+0x160/0x160 [ 36.258140] ? find_held_lock+0x36/0x1c0 [ 36.258144] preempt_schedule_common+0x22/0x60 [ 36.258148] _cond_resched+0x1d/0x30 [ 36.258152] wait_for_completion+0xa5/0x8d0 [ 36.258157] ? wait_for_completion_interruptible+0x950/0x950 [ 36.258161] ? __lockdep_init_map+0x105/0x590 [ 36.258166] ? __init_waitqueue_head+0x9e/0x150 [ 36.258170] ? init_wait_entry+0x1c0/0x1c0 [ 36.258174] __synchronize_srcu+0x189/0x240 [ 36.258177] ? call_srcu+0x10/0x10 [ 36.258181] ? rcu_unexpedite_gp+0x20/0x20 [ 36.258186] synchronize_srcu+0x335/0x56f [ 36.258190] ? lock_downgrade+0x8f0/0x8f0 [ 36.258194] ? synchronize_srcu_expedited+0x20/0x20 [ 36.258198] ? kasan_check_read+0x11/0x20 [ 36.258203] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.258207] ? kasan_check_write+0x14/0x20 [ 36.258211] ? do_raw_spin_lock+0xc1/0x200 [ 36.258216] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.258220] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.258224] ? kvfree+0x61/0x70 [ 36.258229] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.258232] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.258237] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.258241] ? kvm_arch_sync_events+0x30/0x30 [ 36.258246] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.258250] ? mmu_notifier_unregister+0x474/0x600 [ 36.258254] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.258258] ? kfree+0x111/0x210 [ 36.258262] ? __mmu_notifier_register+0x30/0x30 [ 36.258266] ? __free_pages+0x10a/0x190 [ 36.258270] ? free_unref_page+0x930/0x930 [ 36.258274] kvm_put_kvm+0x73f/0x1060 [ 36.258278] ? kvm_write_guest_cached+0x40/0x40 [ 36.258282] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.258286] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.258290] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.258294] ? kasan_check_write+0x14/0x20 [ 36.258299] ? do_raw_spin_lock+0xc1/0x200 [ 36.258303] ? kvm_irqfd_release+0xdd/0x120 [ 36.258307] ? kvm_irqfd_release+0xdd/0x120 [ 36.258311] ? kvm_put_kvm+0x1060/0x1060 [ 36.258315] kvm_vm_release+0x42/0x50 [ 36.258318] __fput+0x38a/0xa40 [ 36.258322] ? __alloc_file+0x400/0x400 [ 36.258326] ? check_same_owner+0x340/0x340 [ 36.258330] ? kasan_check_write+0x14/0x20 [ 36.258334] ? do_raw_spin_lock+0xc1/0x200 [ 36.258338] ____fput+0x15/0x20 [ 36.258341] task_work_run+0x1e8/0x2a0 [ 36.258346] ? task_work_cancel+0x240/0x240 [ 36.258350] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.258355] ? switch_task_namespaces+0xa2/0xd0 [ 36.258358] do_exit+0x1ae4/0x26e0 [ 36.258362] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.258366] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.258371] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.258374] ? kfree+0x1d7/0x210 [ 36.258378] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.258383] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.258388] ? is_bpf_text_address+0xd7/0x170 [ 36.258390] ? [ 36.258399] Lost 54 message(s)! [ 37.331446] Shutting down cpus with NMI [ 38.391290] Dumping ftrace buffer: [ 38.394825] (ftrace buffer empty) [ 38.398520] Kernel Offset: disabled [ 38.402154] Rebooting in 86400 seconds..