[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.647482] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.926691] random: sshd: uninitialized urandom read (32 bytes read) [ 26.209569] random: sshd: uninitialized urandom read (32 bytes read) [ 26.772529] random: sshd: uninitialized urandom read (32 bytes read) [ 26.948744] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.193' (ECDSA) to the list of known hosts. [ 32.608761] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 32.704665] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 32.730689] ================================================================== [ 32.740495] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 32.746720] Read of size 8 at addr ffff8801d93b8058 by task syz-executor046/4686 [ 32.754234] [ 32.755856] CPU: 1 PID: 4686 Comm: syz-executor046 Not tainted 4.19.0-rc2+ #1 [ 32.763116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.772455] Call Trace: [ 32.775047] dump_stack+0x1c9/0x2b4 [ 32.778673] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.783859] ? printk+0xa7/0xcf [ 32.787132] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.791882] ? __schedule+0xf54/0x1df0 [ 32.795768] print_address_description+0x6c/0x20b [ 32.800607] ? __schedule+0xf54/0x1df0 [ 32.804498] kasan_report.cold.7+0x242/0x30d [ 32.808903] __asan_report_load8_noabort+0x14/0x20 [ 32.813824] __schedule+0xf54/0x1df0 [ 32.817539] ? __sched_text_start+0x8/0x8 [ 32.821684] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 32.826784] ? __call_srcu+0x7e7/0x1040 [ 32.830762] ? check_same_owner+0x340/0x340 [ 32.835079] ? mark_held_locks+0x160/0x160 [ 32.839312] ? find_held_lock+0x36/0x1c0 [ 32.843374] preempt_schedule_common+0x22/0x60 [ 32.847965] _cond_resched+0x1d/0x30 [ 32.851681] wait_for_completion+0xa5/0x8d0 [ 32.856014] ? wait_for_completion_interruptible+0x950/0x950 [ 32.861817] ? __lockdep_init_map+0x105/0x590 [ 32.866314] ? __init_waitqueue_head+0x9e/0x150 [ 32.870983] ? init_wait_entry+0x1c0/0x1c0 [ 32.875224] __synchronize_srcu+0x189/0x240 [ 32.879541] ? call_srcu+0x10/0x10 [ 32.883080] ? rcu_unexpedite_gp+0x20/0x20 [ 32.887319] synchronize_srcu+0x335/0x56f [ 32.891463] ? lock_downgrade+0x8f0/0x8f0 [ 32.895607] ? synchronize_srcu_expedited+0x20/0x20 [ 32.900639] ? kasan_check_read+0x11/0x20 [ 32.904794] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.909373] ? kasan_check_write+0x14/0x20 [ 32.913601] ? do_raw_spin_lock+0xc1/0x200 [ 32.918150] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.923863] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.929307] ? kvfree+0x61/0x70 [ 32.932583] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.937605] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.941668] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.946075] ? kvm_arch_sync_events+0x30/0x30 [ 32.950572] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.956109] ? mmu_notifier_unregister+0x474/0x600 [ 32.961034] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.965435] ? kfree+0x111/0x210 [ 32.968796] ? __mmu_notifier_register+0x30/0x30 [ 32.973548] ? __free_pages+0x10a/0x190 [ 32.977519] ? free_unref_page+0x930/0x930 [ 32.981761] kvm_put_kvm+0x73f/0x1060 [ 32.985564] ? kvm_write_guest_cached+0x40/0x40 [ 32.990234] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.994724] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.999216] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.003796] ? kasan_check_write+0x14/0x20 [ 33.008023] ? do_raw_spin_lock+0xc1/0x200 [ 33.012252] ? kvm_irqfd_release+0xdd/0x120 [ 33.016567] ? kvm_irqfd_release+0xdd/0x120 [ 33.020886] ? kvm_put_kvm+0x1060/0x1060 [ 33.024961] kvm_vm_release+0x42/0x50 [ 33.028756] __fput+0x38a/0xa40 [ 33.032034] ? __alloc_file+0x400/0x400 [ 33.036011] ? check_same_owner+0x340/0x340 [ 33.040330] ? kasan_check_write+0x14/0x20 [ 33.044557] ? do_raw_spin_lock+0xc1/0x200 [ 33.048788] ____fput+0x15/0x20 [ 33.052063] task_work_run+0x1e8/0x2a0 [ 33.055943] ? task_work_cancel+0x240/0x240 [ 33.060265] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.065796] ? switch_task_namespaces+0xa2/0xd0 [ 33.070459] do_exit+0x1ae4/0x26e0 [ 33.074000] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.078678] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.082910] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.087922] ? kfree+0x1d7/0x210 [ 33.091284] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.095516] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.101227] ? is_bpf_text_address+0xd7/0x170 [ 33.105719] ? kernel_text_address+0x79/0xf0 [ 33.110121] ? __kernel_text_address+0xd/0x40 [ 33.114612] ? unwind_get_return_address+0x61/0xa0 [ 33.119543] ? __save_stack_trace+0x8d/0xf0 [ 33.123869] ? save_stack+0xa9/0xd0 [ 33.127491] ? save_stack+0x43/0xd0 [ 33.131118] ? __kasan_slab_free+0x11a/0x170 [ 33.135517] ? kasan_slab_free+0xe/0x10 [ 33.139486] ? putname+0xf2/0x130 [ 33.142947] ? __x64_sys_openat+0x9d/0x100 [ 33.147184] ? do_syscall_64+0x1b9/0x820 [ 33.151242] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.156602] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.161013] ? kasan_check_read+0x11/0x20 [ 33.165158] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.169569] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.173975] ? initcall_blacklisted+0x9a/0x1e0 [ 33.178555] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.183668] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.189385] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.194917] ? do_vfs_ioctl+0x201/0x1720 [ 33.198973] ? rcu_is_watching+0x8c/0x150 [ 33.203114] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.207430] ? ioctl_preallocate+0x300/0x300 [ 33.211835] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.217397] ? __fget_light+0x2f7/0x440 [ 33.221367] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.226899] ? smack_file_ioctl+0x210/0x3c0 [ 33.231213] ? fget_raw+0x20/0x20 [ 33.234664] ? smack_file_lock+0x2e0/0x2e0 [ 33.238903] do_group_exit+0x177/0x440 [ 33.242788] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.247118] ? __ia32_sys_exit+0x50/0x50 [ 33.251179] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.256277] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.261815] ? ksys_ioctl+0x81/0xd0 [ 33.265437] __x64_sys_exit_group+0x3e/0x50 [ 33.269762] do_syscall_64+0x1b9/0x820 [ 33.273653] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.279014] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.283937] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.288773] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.293786] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.298800] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.303652] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.308834] RIP: 0033:0x43ef08 [ 33.312026] Code: Bad RIP value. [ 33.315381] RSP: 002b:00007ffce8a4e168 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.323090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 33.330350] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.337611] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.344883] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.352141] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.359408] [ 33.361028] Allocated by task 4686: [ 33.364658] save_stack+0x43/0xd0 [ 33.368106] kasan_kmalloc+0xc4/0xe0 [ 33.371809] kasan_slab_alloc+0x12/0x20 [ 33.375775] kmem_cache_alloc+0x12e/0x710 [ 33.379919] vmx_create_vcpu+0xcf/0x2830 [ 33.383973] kvm_arch_vcpu_create+0xe5/0x220 [ 33.388381] kvm_vm_ioctl+0x488/0x1d80 [ 33.392263] do_vfs_ioctl+0x1de/0x1720 [ 33.396142] ksys_ioctl+0xa9/0xd0 [ 33.399591] __x64_sys_ioctl+0x73/0xb0 [ 33.403474] do_syscall_64+0x1b9/0x820 [ 33.407357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.412530] [ 33.414149] Freed by task 4686: [ 33.417432] save_stack+0x43/0xd0 [ 33.420878] __kasan_slab_free+0x11a/0x170 [ 33.425108] kasan_slab_free+0xe/0x10 [ 33.428901] kmem_cache_free+0x86/0x280 [ 33.432869] vmx_free_vcpu+0x26b/0x300 [ 33.436752] kvm_arch_destroy_vm+0x365/0x7c0 [ 33.441154] kvm_put_kvm+0x73f/0x1060 [ 33.444963] kvm_vm_release+0x42/0x50 [ 33.448756] __fput+0x38a/0xa40 [ 33.452031] ____fput+0x15/0x20 [ 33.455302] task_work_run+0x1e8/0x2a0 [ 33.459185] do_exit+0x1ae4/0x26e0 [ 33.462716] do_group_exit+0x177/0x440 [ 33.466597] __x64_sys_exit_group+0x3e/0x50 [ 33.470912] do_syscall_64+0x1b9/0x820 [ 33.474796] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.479970] [ 33.481590] The buggy address belongs to the object at ffff8801d93b8040 [ 33.481590] which belongs to the cache kvm_vcpu of size 23872 [ 33.494163] The buggy address is located 24 bytes inside of [ 33.494163] 23872-byte region [ffff8801d93b8040, ffff8801d93bdd80) [ 33.506121] The buggy address belongs to the page: [ 33.511046] page:ffffea000764ee00 count:1 mapcount:0 mapping:ffff8801d8740480 index:0x0 compound_mapcount: 0 [ 33.521010] flags: 0x2fffc0000008100(slab|head) [ 33.525680] raw: 02fffc0000008100 ffff8801d4f69b48 ffff8801d4f69b48 ffff8801d8740480 [ 33.533555] raw: 0000000000000000 ffff8801d93b8040 0000000100000001 0000000000000000 [ 33.541424] page dumped because: kasan: bad access detected [ 33.547120] [ 33.548738] Memory state around the buggy address: [ 33.553663] ffff8801d93b7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.561016] ffff8801d93b7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.568365] >ffff8801d93b8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 33.575711] ^ [ 33.581933] ffff8801d93b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.589281] ffff8801d93b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.596623] ================================================================== [ 33.603977] Kernel panic - not syncing: panic_on_warn set ... [ 33.603977] [ 33.611336] CPU: 1 PID: 4686 Comm: syz-executor046 Tainted: G B 4.19.0-rc2+ #1 [ 33.619989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.629330] Call Trace: [ 33.631921] dump_stack+0x1c9/0x2b4 [ 33.635544] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.640729] ? lock_downgrade+0x8f0/0x8f0 [ 33.644871] ? __schedule+0xf54/0x1df0 [ 33.648752] panic+0x238/0x4e7 [ 33.651938] ? add_taint.cold.5+0x16/0x16 [ 33.656084] ? print_shadow_for_address+0xba/0x116 [ 33.661005] ? trace_hardirqs_off+0xaf/0x2b0 [ 33.665407] ? trace_hardirqs_off+0x77/0x2b0 [ 33.669808] ? __schedule+0xf54/0x1df0 [ 33.673691] kasan_end_report+0x47/0x4f [ 33.677665] kasan_report.cold.7+0x76/0x30d [ 33.681987] __asan_report_load8_noabort+0x14/0x20 [ 33.686908] __schedule+0xf54/0x1df0 [ 33.690621] ? __sched_text_start+0x8/0x8 [ 33.694769] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 33.699869] ? __call_srcu+0x7e7/0x1040 [ 33.703847] ? check_same_owner+0x340/0x340 [ 33.708159] ? mark_held_locks+0x160/0x160 [ 33.712393] ? find_held_lock+0x36/0x1c0 [ 33.716450] preempt_schedule_common+0x22/0x60 [ 33.721028] _cond_resched+0x1d/0x30 [ 33.724739] wait_for_completion+0xa5/0x8d0 [ 33.729056] ? wait_for_completion_interruptible+0x950/0x950 [ 33.734850] ? __lockdep_init_map+0x105/0x590 [ 33.739342] ? __init_waitqueue_head+0x9e/0x150 [ 33.744007] ? init_wait_entry+0x1c0/0x1c0 [ 33.748243] __synchronize_srcu+0x189/0x240 [ 33.752556] ? call_srcu+0x10/0x10 [ 33.756095] ? rcu_unexpedite_gp+0x20/0x20 [ 33.760333] synchronize_srcu+0x335/0x56f [ 33.764475] ? lock_downgrade+0x8f0/0x8f0 [ 33.768620] ? synchronize_srcu_expedited+0x20/0x20 [ 33.773648] ? kasan_check_read+0x11/0x20 [ 33.777793] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.782371] ? kasan_check_write+0x14/0x20 [ 33.786833] ? do_raw_spin_lock+0xc1/0x200 [ 33.791069] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.796779] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.802224] ? kvfree+0x61/0x70 [ 33.805501] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.810513] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.814566] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.818977] ? kvm_arch_sync_events+0x30/0x30 [ 33.823475] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.829010] ? mmu_notifier_unregister+0x474/0x600 [ 33.833938] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.838359] ? kfree+0x111/0x210 [ 33.841723] ? __mmu_notifier_register+0x30/0x30 [ 33.846477] ? __free_pages+0x10a/0x190 [ 33.850453] ? free_unref_page+0x930/0x930 [ 33.854694] kvm_put_kvm+0x73f/0x1060 [ 33.858497] ? kvm_write_guest_cached+0x40/0x40 [ 33.863173] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.867667] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.872155] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.876741] ? kasan_check_write+0x14/0x20 [ 33.880968] ? do_raw_spin_lock+0xc1/0x200 [ 33.885199] ? kvm_irqfd_release+0xdd/0x120 [ 33.889515] ? kvm_irqfd_release+0xdd/0x120 [ 33.893832] ? kvm_put_kvm+0x1060/0x1060 [ 33.897889] kvm_vm_release+0x42/0x50 [ 33.901683] __fput+0x38a/0xa40 [ 33.904961] ? __alloc_file+0x400/0x400 [ 33.908935] ? check_same_owner+0x340/0x340 [ 33.913250] ? kasan_check_write+0x14/0x20 [ 33.918045] ? do_raw_spin_lock+0xc1/0x200 [ 33.922277] ____fput+0x15/0x20 [ 33.925552] task_work_run+0x1e8/0x2a0 [ 33.929435] ? task_work_cancel+0x240/0x240 [ 33.933756] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.939285] ? switch_task_namespaces+0xa2/0xd0 [ 33.943948] do_exit+0x1ae4/0x26e0 [ 33.947487] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.952156] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.956395] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.961405] ? kfree+0x1d7/0x210 [ 33.964768] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.968998] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.974709] ? is_bpf_text_address+0xd7/0x170 [ 33.979201] ? kernel_text_address+0x79/0xf0 [ 33.983606] ? __kernel_text_address+0xd/0x40 [ 33.988102] ? unwind_get_return_address+0x61/0xa0 [ 33.993025] ? __save_stack_trace+0x8d/0xf0 [ 33.997351] ? save_stack+0xa9/0xd0 [ 34.000975] ? save_stack+0x43/0xd0 [ 34.004600] ? __kasan_slab_free+0x11a/0x170 [ 34.009001] ? kasan_slab_free+0xe/0x10 [ 34.012974] ? putname+0xf2/0x130 [ 34.016427] ? __x64_sys_openat+0x9d/0x100 [ 34.020663] ? do_syscall_64+0x1b9/0x820 [ 34.024806] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.030181] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.034589] ? kasan_check_read+0x11/0x20 [ 34.038732] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.043133] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.047539] ? initcall_blacklisted+0x9a/0x1e0 [ 34.052120] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.057224] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.062930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.068464] ? do_vfs_ioctl+0x201/0x1720 [ 34.072520] ? rcu_is_watching+0x8c/0x150 [ 34.076668] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.080987] ? ioctl_preallocate+0x300/0x300 [ 34.085392] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.090926] ? __fget_light+0x2f7/0x440 [ 34.094898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.100443] ? smack_file_ioctl+0x210/0x3c0 [ 34.104763] ? fget_raw+0x20/0x20 [ 34.108208] ? smack_file_lock+0x2e0/0x2e0 [ 34.112444] do_group_exit+0x177/0x440 [ 34.116325] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.120646] ? __ia32_sys_exit+0x50/0x50 [ 34.124702] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.129805] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.135338] ? ksys_ioctl+0x81/0xd0 [ 34.138965] __x64_sys_exit_group+0x3e/0x50 [ 34.143280] do_syscall_64+0x1b9/0x820 [ 34.147162] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.152527] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.157452] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.162294] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.167306] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.172321] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.177164] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.182350] RIP: 0033:0x43ef08 [ 34.185542] Code: Bad RIP value. [ 34.188896] RSP: 002b:00007ffce8a4e168 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.196600] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 34.203862] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.211122] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.218386] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.225653] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.232925] [ 34.232930] ====================================================== [ 34.232935] WARNING: possible circular locking dependency detected [ 34.232939] 4.19.0-rc2+ #1 Not tainted [ 34.232944] ------------------------------------------------------ [ 34.232949] syz-executor046/4686 is trying to acquire lock: [ 34.232953] 0000000012d036d1 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 34.232967] [ 34.232971] but task is already holding lock: [ 34.232975] 00000000af3658fa (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.232989] [ 34.232993] which lock already depends on the new lock. [ 34.232995] [ 34.232998] [ 34.233003] the existing dependency chain (in reverse order) is: [ 34.233005] [ 34.233007] -> #3 (report_lock){....}: [ 34.233022] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.233025] kasan_report+0x8e/0x110 [ 34.233030] __asan_report_load8_noabort+0x14/0x20 [ 34.233034] __schedule+0xf54/0x1df0 [ 34.233038] preempt_schedule_common+0x22/0x60 [ 34.233042] _cond_resched+0x1d/0x30 [ 34.233046] wait_for_completion+0xa5/0x8d0 [ 34.233050] __synchronize_srcu+0x189/0x240 [ 34.233054] synchronize_srcu+0x335/0x56f [ 34.233059] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.233063] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.233067] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.233071] kvm_put_kvm+0x73f/0x1060 [ 34.233075] kvm_vm_release+0x42/0x50 [ 34.233078] __fput+0x38a/0xa40 [ 34.233082] ____fput+0x15/0x20 [ 34.233085] task_work_run+0x1e8/0x2a0 [ 34.233089] do_exit+0x1ae4/0x26e0 [ 34.233093] do_group_exit+0x177/0x440 [ 34.233097] __x64_sys_exit_group+0x3e/0x50 [ 34.233101] do_syscall_64+0x1b9/0x820 [ 34.233105] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.233108] [ 34.233110] -> #2 (&rq->lock){-.-.}: [ 34.233124] _raw_spin_lock+0x2a/0x40 [ 34.233128] task_fork_fair+0x93/0x680 [ 34.233131] sched_fork+0x44b/0xbd0 [ 34.233135] copy_process+0x235e/0x7af0 [ 34.233139] _do_fork+0x1ca/0x1170 [ 34.233143] kernel_thread+0x34/0x40 [ 34.233146] rest_init+0x22/0xe4 [ 34.233150] start_kernel+0x913/0x94e [ 34.233154] x86_64_start_reservations+0x29/0x2b [ 34.233158] x86_64_start_kernel+0x76/0x79 [ 34.233162] secondary_startup_64+0xa4/0xb0 [ 34.233165] [ 34.233173] -> #1 (&p->pi_lock){-.-.}: [ 34.233187] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.233191] try_to_wake_up+0xd2/0x1250 [ 34.233195] wake_up_process+0x10/0x20 [ 34.233199] __up.isra.1+0x1c0/0x2a0 [ 34.233202] up+0x13c/0x1c0 [ 34.233206] __up_console_sem+0xbe/0x1b0 [ 34.233210] console_unlock+0x506/0x10d0 [ 34.233214] vprintk_emit+0x33a/0x910 [ 34.233217] vprintk_default+0x28/0x30 [ 34.233221] vprintk_func+0x7a/0x117 [ 34.233224] printk+0xa7/0xcf [ 34.233228] load_umh+0x51/0xbd [ 34.233232] do_one_initcall+0x127/0x838 [ 34.233236] kernel_init_freeable+0x4bb/0x5ae [ 34.233240] kernel_init+0x11/0x1b3 [ 34.233244] ret_from_fork+0x3a/0x50 [ 34.233246] [ 34.233248] -> #0 ((console_sem).lock){-...}: [ 34.233262] lock_acquire+0x1e4/0x4f0 [ 34.233267] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.233270] down_trylock+0x13/0x70 [ 34.233275] __down_trylock_console_sem+0xae/0x200 [ 34.233278] console_trylock+0x15/0xa0 [ 34.233282] vprintk_emit+0x31f/0x910 [ 34.233286] vprintk_default+0x28/0x30 [ 34.233290] vprintk_func+0x7a/0x117 [ 34.233293] printk+0xa7/0xcf [ 34.233297] kasan_report+0x9e/0x110 [ 34.233302] __asan_report_load8_noabort+0x14/0x20 [ 34.233305] __schedule+0xf54/0x1df0 [ 34.233310] preempt_schedule_common+0x22/0x60 [ 34.233313] _cond_resched+0x1d/0x30 [ 34.233318] wait_for_completion+0xa5/0x8d0 [ 34.233322] __synchronize_srcu+0x189/0x240 [ 34.233326] synchronize_srcu+0x335/0x56f [ 34.233331] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.233335] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.233339] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.233343] kvm_put_kvm+0x73f/0x1060 [ 34.233346] kvm_vm_release+0x42/0x50 [ 34.233350] __fput+0x38a/0xa40 [ 34.233353] ____fput+0x15/0x20 [ 34.233357] task_work_run+0x1e8/0x2a0 [ 34.233361] do_exit+0x1ae4/0x26e0 [ 34.233365] do_group_exit+0x177/0x440 [ 34.233369] __x64_sys_exit_group+0x3e/0x50 [ 34.233373] do_syscall_64+0x1b9/0x820 [ 34.233377] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.233380] [ 34.233384] other info that might help us debug this: [ 34.233386] [ 34.233389] Chain exists of: [ 34.233391] (console_sem).lock --> &rq->lock --> report_lock [ 34.233410] [ 34.233413] Possible unsafe locking scenario: [ 34.233416] [ 34.233420] CPU0 CPU1 [ 34.233424] ---- ---- [ 34.233426] lock(report_lock); [ 34.233435] lock(&rq->lock); [ 34.233444] lock(report_lock); [ 34.233452] lock((console_sem).lock); [ 34.233460] [ 34.233463] *** DEADLOCK *** [ 34.233465] [ 34.233470] 2 locks held by syz-executor046/4686: [ 34.233472] #0: 000000005da3c1ee (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 34.233488] #1: 00000000af3658fa (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.233505] [ 34.233508] stack backtrace: [ 34.233514] CPU: 1 PID: 4686 Comm: syz-executor046 Not tainted 4.19.0-rc2+ #1 [ 34.233521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.233524] Call Trace: [ 34.233528] dump_stack+0x1c9/0x2b4 [ 34.233532] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.233536] ? vprintk_func+0x100/0x117 [ 34.233541] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 34.233545] ? save_trace+0xe0/0x290 [ 34.233549] __lock_acquire+0x3449/0x5020 [ 34.233553] ? mark_held_locks+0x160/0x160 [ 34.233557] ? mark_held_locks+0x160/0x160 [ 34.233561] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.233565] ? is_bpf_text_address+0xd7/0x170 [ 34.233569] ? kernel_text_address+0x79/0xf0 [ 34.233573] ? __kernel_text_address+0xd/0x40 [ 34.233577] ? __save_stack_trace+0x8d/0xf0 [ 34.233582] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 34.233586] ? save_trace+0x290/0x290 [ 34.233589] ? save_stack_trace+0x1a/0x20 [ 34.233593] ? save_trace+0xe0/0x290 [ 34.233597] ? graph_lock+0x170/0x170 [ 34.233602] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.233605] lock_acquire+0x1e4/0x4f0 [ 34.233609] ? down_trylock+0x13/0x70 [ 34.233613] ? lock_release+0x9f0/0x9f0 [ 34.233617] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.233621] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.233625] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.233629] ? log_store+0x34f/0x4c0 [ 34.233641] ? vprintk_emit+0x31f/0x910 [ 34.233645] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.233649] ? down_trylock+0x13/0x70 [ 34.233653] down_trylock+0x13/0x70 [ 34.233657] __down_trylock_console_sem+0xae/0x200 [ 34.233661] console_trylock+0x15/0xa0 [ 34.233664] vprintk_emit+0x31f/0x910 [ 34.233668] ? wake_up_klogd+0x110/0x110 [ 34.233673] ? run_rebalance_domains+0x4c0/0x4c0 [ 34.233677] ? kasan_check_read+0x11/0x20 [ 34.233681] ? rcu_is_watching+0x8c/0x150 [ 34.233685] ? rcu_pm_notify+0xc0/0xc0 [ 34.233689] ? lock_acquire+0x1e4/0x4f0 [ 34.233693] ? kasan_report+0x8e/0x110 [ 34.233696] ? __schedule+0xf54/0x1df0 [ 34.233700] vprintk_default+0x28/0x30 [ 34.233704] vprintk_func+0x7a/0x117 [ 34.233707] printk+0xa7/0xcf [ 34.233712] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.233716] ? kasan_check_write+0x14/0x20 [ 34.233720] ? do_raw_spin_lock+0xc1/0x200 [ 34.233724] ? do_raw_spin_lock+0xc1/0x200 [ 34.233727] kasan_report+0x9e/0x110 [ 34.233732] __asan_report_load8_noabort+0x14/0x20 [ 34.233735] __schedule+0xf54/0x1df0 [ 34.233739] ? __sched_text_start+0x8/0x8 [ 34.233744] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 34.233748] ? __call_srcu+0x7e7/0x1040 [ 34.233752] ? check_same_owner+0x340/0x340 [ 34.233756] ? mark_held_locks+0x160/0x160 [ 34.233760] ? find_held_lock+0x36/0x1c0 [ 34.233764] preempt_schedule_common+0x22/0x60 [ 34.233768] _cond_resched+0x1d/0x30 [ 34.233772] wait_for_completion+0xa5/0x8d0 [ 34.233777] ? wait_for_completion_interruptible+0x950/0x950 [ 34.233781] ? __lockdep_init_map+0x105/0x590 [ 34.233785] ? __init_waitqueue_head+0x9e/0x150 [ 34.233789] ? init_wait_entry+0x1c0/0x1c0 [ 34.233793] __synchronize_srcu+0x189/0x240 [ 34.233797] ? call_srcu+0x10/0x10 [ 34.233801] ? rcu_unexpedite_gp+0x20/0x20 [ 34.233805] synchronize_srcu+0x335/0x56f [ 34.233809] ? lock_downgrade+0x8f0/0x8f0 [ 34.233813] ? synchronize_srcu_expedited+0x20/0x20 [ 34.233817] ? kasan_check_read+0x11/0x20 [ 34.233821] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.233825] ? kasan_check_write+0x14/0x20 [ 34.233829] ? do_raw_spin_lock+0xc1/0x200 [ 34.233834] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.233839] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.233842] ? kvfree+0x61/0x70 [ 34.233847] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.233851] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.233855] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.233859] ? kvm_arch_sync_events+0x30/0x30 [ 34.233864] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.233868] ? mmu_notifier_unregister+0x474/0x600 [ 34.233872] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.233876] ? kfree+0x111/0x210 [ 34.233880] ? __mmu_notifier_register+0x30/0x30 [ 34.233884] ? __free_pages+0x10a/0x190 [ 34.233888] ? free_unref_page+0x930/0x930 [ 34.233892] kvm_put_kvm+0x73f/0x1060 [ 34.233896] ? kvm_write_guest_cached+0x40/0x40 [ 34.233900] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.233904] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.233909] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.233913] ? kasan_check_write+0x14/0x20 [ 34.233917] ? do_raw_spin_lock+0xc1/0x200 [ 34.233921] ? kvm_irqfd_release+0xdd/0x120 [ 34.233925] ? kvm_irqfd_release+0xdd/0x120 [ 34.233929] ? kvm_put_kvm+0x1060/0x1060 [ 34.233932] kvm_vm_release+0x42/0x50 [ 34.233936] __fput+0x38a/0xa40 [ 34.233940] ? __alloc_file+0x400/0x400 [ 34.233944] ? check_same_owner+0x340/0x340 [ 34.233948] ? kasan_check_write+0x14/0x20 [ 34.233952] ? do_raw_spin_lock+0xc1/0x200 [ 34.233955] ____fput+0x15/0x20 [ 34.233959] task_work_run+0x1e8/0x2a0 [ 34.233963] ? task_work_cancel+0x240/0x240 [ 34.233968] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.233972] ? switch_task_namespaces+0xa2/0xd0 [ 34.233975] do_exit+0x1ae4/0x26e0 [ 34.233980] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.233984] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.233988] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.233992] ? kfree+0x1d7/0x210 [ 34.233996] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.234000] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.234005] ? is_bpf_text_address+0xd7/0x170 [ 34.234007] ? ker [ 34.234014] Lost 53 message(s)! [ 35.304463] Shutting down cpus with NMI [ 36.363104] Dumping ftrace buffer: [ 36.366639] (ftrace buffer empty) [ 36.370327] Kernel Offset: disabled [ 36.373945] Rebooting in 86400 seconds..