[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.484811] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.643670] random: sshd: uninitialized urandom read (32 bytes read) [ 26.871153] random: sshd: uninitialized urandom read (32 bytes read) [ 27.430246] random: sshd: uninitialized urandom read (32 bytes read) [ 45.300162] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.193' (ECDSA) to the list of known hosts. [ 50.820837] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 50.920560] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 50.946160] ================================================================== [ 50.956017] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 50.962294] Read of size 8 at addr ffff8801bb4d8058 by task syz-executor459/4722 [ 50.969823] [ 50.971457] CPU: 0 PID: 4722 Comm: syz-executor459 Not tainted 4.19.0-rc1+ #217 [ 50.978904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.988264] Call Trace: [ 50.990865] dump_stack+0x1c9/0x2b4 [ 50.994498] ? dump_stack_print_info.cold.2+0x52/0x52 [ 50.999690] ? printk+0xa7/0xcf [ 51.002980] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 51.007744] ? __schedule+0xf54/0x1df0 [ 51.011647] print_address_description+0x6c/0x20b [ 51.016498] ? __schedule+0xf54/0x1df0 [ 51.020391] kasan_report.cold.7+0x242/0x30d [ 51.024809] __asan_report_load8_noabort+0x14/0x20 [ 51.029742] __schedule+0xf54/0x1df0 [ 51.033454] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 51.038570] ? __sched_text_start+0x8/0x8 [ 51.042725] ? __call_srcu+0x7e7/0x1040 [ 51.046710] ? check_same_owner+0x340/0x340 [ 51.051032] ? mark_held_locks+0x160/0x160 [ 51.055263] ? find_held_lock+0x36/0x1c0 [ 51.059333] preempt_schedule_common+0x22/0x60 [ 51.063923] _cond_resched+0x1d/0x30 [ 51.067648] wait_for_completion+0xa5/0x8d0 [ 51.071974] ? wait_for_completion_interruptible+0x950/0x950 [ 51.077769] ? __lockdep_init_map+0x105/0x590 [ 51.082273] ? __init_waitqueue_head+0x9e/0x150 [ 51.086936] ? init_wait_entry+0x1c0/0x1c0 [ 51.091182] __synchronize_srcu+0x189/0x240 [ 51.095504] ? call_srcu+0x10/0x10 [ 51.099043] ? rcu_unexpedite_gp+0x20/0x20 [ 51.103288] synchronize_srcu+0x335/0x56f [ 51.107440] ? lock_downgrade+0x8f0/0x8f0 [ 51.111586] ? synchronize_srcu_expedited+0x20/0x20 [ 51.116635] ? kasan_check_read+0x11/0x20 [ 51.120808] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 51.125398] ? kasan_check_write+0x14/0x20 [ 51.129630] ? do_raw_spin_lock+0xc1/0x200 [ 51.134742] kvm_page_track_unregister_notifier+0x17d/0x250 [ 51.140466] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 51.145914] ? kvfree+0x61/0x70 [ 51.149192] ? rcu_read_lock_sched_held+0x108/0x120 [ 51.154213] kvm_mmu_uninit_vm+0x1c/0x20 [ 51.158275] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 51.162685] ? kvm_arch_sync_events+0x30/0x30 [ 51.167183] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 51.172719] ? mmu_notifier_unregister+0x474/0x600 [ 51.177643] ? trace_hardirqs_on+0x2c0/0x2c0 [ 51.182051] ? kfree+0x111/0x210 [ 51.185420] ? __mmu_notifier_register+0x30/0x30 [ 51.190177] ? __free_pages+0x10a/0x190 [ 51.194172] ? free_unref_page+0x930/0x930 [ 51.198414] kvm_put_kvm+0x73f/0x1060 [ 51.202225] ? kvm_write_guest_cached+0x40/0x40 [ 51.206914] ? _raw_spin_unlock_irq+0x27/0x70 [ 51.211406] ? _raw_spin_unlock_irq+0x27/0x70 [ 51.215903] ? lockdep_hardirqs_on+0x421/0x5c0 [ 51.220506] ? kasan_check_write+0x14/0x20 [ 51.224764] ? do_raw_spin_lock+0xc1/0x200 [ 51.229013] ? kvm_irqfd_release+0xdd/0x120 [ 51.233332] ? kvm_irqfd_release+0xdd/0x120 [ 51.237663] ? kvm_put_kvm+0x1060/0x1060 [ 51.241725] kvm_vm_release+0x42/0x50 [ 51.245525] __fput+0x38a/0xa40 [ 51.248803] ? __alloc_file+0x400/0x400 [ 51.252782] ? check_same_owner+0x340/0x340 [ 51.257103] ? kasan_check_write+0x14/0x20 [ 51.261365] ? do_raw_spin_lock+0xc1/0x200 [ 51.265599] ____fput+0x15/0x20 [ 51.268875] task_work_run+0x1e8/0x2a0 [ 51.272765] ? task_work_cancel+0x240/0x240 [ 51.277093] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 51.282635] ? switch_task_namespaces+0xa2/0xd0 [ 51.287307] do_exit+0x1ae4/0x26e0 [ 51.290857] ? mm_update_next_owner+0x9a0/0x9a0 [ 51.295534] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 51.299772] ? rcu_read_lock_sched_held+0x108/0x120 [ 51.304789] ? kfree+0x1d7/0x210 [ 51.308161] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 51.312432] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 51.318175] ? _raw_spin_unlock_irq+0x27/0x70 [ 51.322678] ? _raw_spin_unlock_irq+0x27/0x70 [ 51.327171] ? lockdep_hardirqs_on+0x421/0x5c0 [ 51.331751] ? trace_hardirqs_on+0xbd/0x2c0 [ 51.336091] ? kasan_check_read+0x11/0x20 [ 51.340243] ? __schedule+0x14b6/0x1df0 [ 51.344216] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 51.349319] ? lock_repin_lock+0x430/0x430 [ 51.353567] ? _raw_spin_unlock_irq+0x27/0x70 [ 51.358164] ? __sched_text_start+0x8/0x8 [ 51.362315] ? trace_hardirqs_off+0xb8/0x2b0 [ 51.366750] ? kasan_check_read+0x11/0x20 [ 51.370897] ? do_raw_spin_unlock+0xa7/0x2f0 [ 51.375304] ? trace_hardirqs_on+0x2c0/0x2c0 [ 51.379717] ? initcall_blacklisted+0x9a/0x1e0 [ 51.384311] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 51.389447] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 51.395172] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.400727] ? do_vfs_ioctl+0x201/0x1720 [ 51.404821] ? ioctl_preallocate+0x300/0x300 [ 51.409252] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.414799] ? __fget_light+0x2f7/0x440 [ 51.418773] ? __schedule+0x1df0/0x1df0 [ 51.422750] ? fget_raw+0x20/0x20 [ 51.426204] ? trace_hardirqs_off+0xb8/0x2b0 [ 51.430611] ? kmem_cache_free+0x246/0x280 [ 51.434850] ? do_syscall_64+0x6be/0x820 [ 51.439000] ? trace_hardirqs_on+0x2c0/0x2c0 [ 51.443409] ? putname+0xf7/0x130 [ 51.446892] do_group_exit+0x177/0x440 [ 51.450782] ? trace_hardirqs_on+0xbd/0x2c0 [ 51.455108] ? __ia32_sys_exit+0x50/0x50 [ 51.459600] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 51.465299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.471012] ? ksys_ioctl+0x81/0xd0 [ 51.474759] __x64_sys_exit_group+0x3e/0x50 [ 51.479541] do_syscall_64+0x1b9/0x820 [ 51.483844] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 51.489746] ? syscall_return_slowpath+0x5e0/0x5e0 [ 51.495086] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.500387] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 51.505786] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 51.510909] ? prepare_exit_to_usermode+0x291/0x3b0 [ 51.515940] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.520799] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.526465] RIP: 0033:0x43ecf8 [ 51.529668] Code: Bad RIP value. [ 51.533034] RSP: 002b:00007ffc312238c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 51.540761] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8 [ 51.548046] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 51.555796] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 51.563082] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 51.570363] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 51.577633] [ 51.579242] Allocated by task 4722: [ 51.582854] save_stack+0x43/0xd0 [ 51.586420] kasan_kmalloc+0xc4/0xe0 [ 51.590136] kasan_slab_alloc+0x12/0x20 [ 51.594105] kmem_cache_alloc+0x12e/0x710 [ 51.598256] vmx_create_vcpu+0xcf/0x2830 [ 51.602312] kvm_arch_vcpu_create+0xe5/0x220 [ 51.606720] kvm_vm_ioctl+0x488/0x1d80 [ 51.610614] do_vfs_ioctl+0x1de/0x1720 [ 51.614496] ksys_ioctl+0xa9/0xd0 [ 51.617945] __x64_sys_ioctl+0x73/0xb0 [ 51.621829] do_syscall_64+0x1b9/0x820 [ 51.625711] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.630886] [ 51.632502] Freed by task 4722: [ 51.635780] save_stack+0x43/0xd0 [ 51.639235] __kasan_slab_free+0x11a/0x170 [ 51.643741] kasan_slab_free+0xe/0x10 [ 51.647554] kmem_cache_free+0x86/0x280 [ 51.651590] vmx_free_vcpu+0x26b/0x300 [ 51.655482] kvm_arch_destroy_vm+0x365/0x7c0 [ 51.659900] kvm_put_kvm+0x73f/0x1060 [ 51.663738] kvm_vm_release+0x42/0x50 [ 51.667549] __fput+0x38a/0xa40 [ 51.670842] ____fput+0x15/0x20 [ 51.674125] task_work_run+0x1e8/0x2a0 [ 51.678045] do_exit+0x1ae4/0x26e0 [ 51.681597] do_group_exit+0x177/0x440 [ 51.685487] __x64_sys_exit_group+0x3e/0x50 [ 51.689814] do_syscall_64+0x1b9/0x820 [ 51.693715] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.698901] [ 51.700532] The buggy address belongs to the object at ffff8801bb4d8040 [ 51.700532] which belongs to the cache kvm_vcpu of size 23872 [ 51.713715] The buggy address is located 24 bytes inside of [ 51.713715] 23872-byte region [ffff8801bb4d8040, ffff8801bb4ddd80) [ 51.725687] The buggy address belongs to the page: [ 51.730618] page:ffffea0006ed3600 count:1 mapcount:0 mapping:ffff8801d5134d80 index:0x0 compound_mapcount: 0 [ 51.740592] flags: 0x2fffc0000008100(slab|head) [ 51.745267] raw: 02fffc0000008100 ffff8801d512fe48 ffff8801d512fe48 ffff8801d5134d80 [ 51.753154] raw: 0000000000000000 ffff8801bb4d8040 0000000100000001 0000000000000000 [ 51.761030] page dumped because: kasan: bad access detected [ 51.766732] [ 51.768349] Memory state around the buggy address: [ 51.773283] ffff8801bb4d7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.780649] ffff8801bb4d7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.788019] >ffff8801bb4d8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 51.795390] ^ [ 51.801634] ffff8801bb4d8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.809004] ffff8801bb4d8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.816390] ================================================================== [ 51.823780] Kernel panic - not syncing: panic_on_warn set ... [ 51.823780] [ 51.831168] CPU: 0 PID: 4722 Comm: syz-executor459 Tainted: G B 4.19.0-rc1+ #217 [ 51.840010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.849374] Call Trace: [ 51.851981] dump_stack+0x1c9/0x2b4 [ 51.855621] ? dump_stack_print_info.cold.2+0x52/0x52 [ 51.860825] ? lock_downgrade+0x8f0/0x8f0 [ 51.864991] ? __schedule+0xf54/0x1df0 [ 51.868896] panic+0x238/0x4e7 [ 51.872101] ? add_taint.cold.5+0x16/0x16 [ 51.876263] ? print_shadow_for_address+0xba/0x116 [ 51.881199] ? trace_hardirqs_off+0xaf/0x2b0 [ 51.885614] ? trace_hardirqs_off+0x77/0x2b0 [ 51.890030] ? __schedule+0xf54/0x1df0 [ 51.893925] kasan_end_report+0x47/0x4f [ 51.897903] kasan_report.cold.7+0x76/0x30d [ 51.902244] __asan_report_load8_noabort+0x14/0x20 [ 51.907187] __schedule+0xf54/0x1df0 [ 51.910917] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 51.916042] ? __sched_text_start+0x8/0x8 [ 51.920214] ? __call_srcu+0x7e7/0x1040 [ 51.924214] ? check_same_owner+0x340/0x340 [ 51.928543] ? mark_held_locks+0x160/0x160 [ 51.932788] ? find_held_lock+0x36/0x1c0 [ 51.936886] preempt_schedule_common+0x22/0x60 [ 51.941491] _cond_resched+0x1d/0x30 [ 51.945230] wait_for_completion+0xa5/0x8d0 [ 51.949566] ? wait_for_completion_interruptible+0x950/0x950 [ 51.955391] ? __lockdep_init_map+0x105/0x590 [ 51.959895] ? __init_waitqueue_head+0x9e/0x150 [ 51.964561] ? init_wait_entry+0x1c0/0x1c0 [ 51.968803] __synchronize_srcu+0x189/0x240 [ 51.973123] ? call_srcu+0x10/0x10 [ 51.976680] ? rcu_unexpedite_gp+0x20/0x20 [ 51.980932] synchronize_srcu+0x335/0x56f [ 51.985091] ? lock_downgrade+0x8f0/0x8f0 [ 51.989248] ? synchronize_srcu_expedited+0x20/0x20 [ 51.994268] ? kasan_check_read+0x11/0x20 [ 51.998424] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 52.003013] ? kasan_check_write+0x14/0x20 [ 52.007248] ? do_raw_spin_lock+0xc1/0x200 [ 52.011486] kvm_page_track_unregister_notifier+0x17d/0x250 [ 52.017209] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 52.022683] ? kvfree+0x61/0x70 [ 52.025984] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.031134] kvm_mmu_uninit_vm+0x1c/0x20 [ 52.035219] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 52.039639] ? kvm_arch_sync_events+0x30/0x30 [ 52.044160] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.049714] ? mmu_notifier_unregister+0x474/0x600 [ 52.054663] ? trace_hardirqs_on+0x2c0/0x2c0 [ 52.059081] ? kfree+0x111/0x210 [ 52.062458] ? __mmu_notifier_register+0x30/0x30 [ 52.067235] ? __free_pages+0x10a/0x190 [ 52.071216] ? free_unref_page+0x930/0x930 [ 52.075465] kvm_put_kvm+0x73f/0x1060 [ 52.079279] ? kvm_write_guest_cached+0x40/0x40 [ 52.083992] ? _raw_spin_unlock_irq+0x27/0x70 [ 52.088512] ? _raw_spin_unlock_irq+0x27/0x70 [ 52.093013] ? lockdep_hardirqs_on+0x421/0x5c0 [ 52.097601] ? kasan_check_write+0x14/0x20 [ 52.101835] ? do_raw_spin_lock+0xc1/0x200 [ 52.106069] ? kvm_irqfd_release+0xdd/0x120 [ 52.110388] ? kvm_irqfd_release+0xdd/0x120 [ 52.114711] ? kvm_put_kvm+0x1060/0x1060 [ 52.118768] kvm_vm_release+0x42/0x50 [ 52.122566] __fput+0x38a/0xa40 [ 52.125854] ? __alloc_file+0x400/0x400 [ 52.129835] ? check_same_owner+0x340/0x340 [ 52.134158] ? kasan_check_write+0x14/0x20 [ 52.138391] ? do_raw_spin_lock+0xc1/0x200 [ 52.142625] ____fput+0x15/0x20 [ 52.145906] task_work_run+0x1e8/0x2a0 [ 52.149791] ? task_work_cancel+0x240/0x240 [ 52.154115] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.159663] ? switch_task_namespaces+0xa2/0xd0 [ 52.164339] do_exit+0x1ae4/0x26e0 [ 52.167886] ? mm_update_next_owner+0x9a0/0x9a0 [ 52.172558] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 52.176796] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.181806] ? kfree+0x1d7/0x210 [ 52.185170] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 52.189404] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 52.195117] ? _raw_spin_unlock_irq+0x27/0x70 [ 52.199619] ? _raw_spin_unlock_irq+0x27/0x70 [ 52.204108] ? lockdep_hardirqs_on+0x421/0x5c0 [ 52.208694] ? trace_hardirqs_on+0xbd/0x2c0 [ 52.213011] ? kasan_check_read+0x11/0x20 [ 52.217163] ? __schedule+0x14b6/0x1df0 [ 52.221141] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 52.226243] ? lock_repin_lock+0x430/0x430 [ 52.230478] ? _raw_spin_unlock_irq+0x27/0x70 [ 52.234976] ? __sched_text_start+0x8/0x8 [ 52.239141] ? trace_hardirqs_off+0xb8/0x2b0 [ 52.243557] ? kasan_check_read+0x11/0x20 [ 52.247710] ? do_raw_spin_unlock+0xa7/0x2f0 [ 52.252118] ? trace_hardirqs_on+0x2c0/0x2c0 [ 52.256552] ? initcall_blacklisted+0x9a/0x1e0 [ 52.261156] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 52.266268] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 52.272010] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.277544] ? do_vfs_ioctl+0x201/0x1720 [ 52.281612] ? ioctl_preallocate+0x300/0x300 [ 52.286017] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.291550] ? __fget_light+0x2f7/0x440 [ 52.295526] ? __schedule+0x1df0/0x1df0 [ 52.299500] ? fget_raw+0x20/0x20 [ 52.302951] ? trace_hardirqs_off+0xb8/0x2b0 [ 52.307357] ? kmem_cache_free+0x246/0x280 [ 52.311594] ? do_syscall_64+0x6be/0x820 [ 52.315651] ? trace_hardirqs_on+0x2c0/0x2c0 [ 52.320058] ? putname+0xf7/0x130 [ 52.323510] do_group_exit+0x177/0x440 [ 52.327400] ? trace_hardirqs_on+0xbd/0x2c0 [ 52.331721] ? __ia32_sys_exit+0x50/0x50 [ 52.335782] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 52.340890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.346435] ? ksys_ioctl+0x81/0xd0 [ 52.350074] __x64_sys_exit_group+0x3e/0x50 [ 52.354409] do_syscall_64+0x1b9/0x820 [ 52.358303] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 52.363689] ? syscall_return_slowpath+0x5e0/0x5e0 [ 52.368628] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.373479] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 52.378515] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 52.383544] ? prepare_exit_to_usermode+0x291/0x3b0 [ 52.388586] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.393469] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.398674] RIP: 0033:0x43ecf8 [ 52.401874] Code: Bad RIP value. [ 52.405243] RSP: 002b:00007ffc312238c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 52.412975] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8 [ 52.420787] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 52.428080] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 52.435375] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 52.442668] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 52.449967] [ 52.449972] ====================================================== [ 52.449978] WARNING: possible circular locking dependency detected [ 52.449981] 4.19.0-rc1+ #217 Not tainted [ 52.449986] ------------------------------------------------------ [ 52.449991] syz-executor459/4722 is trying to acquire lock: [ 52.449995] 00000000e3d632a7 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 52.450009] [ 52.450013] but task is already holding lock: [ 52.450016] 00000000ec24bf2a (report_lock){....}, at: kasan_report+0x8e/0x110 [ 52.450030] [ 52.450035] which lock already depends on the new lock. [ 52.450037] [ 52.450039] [ 52.450044] the existing dependency chain (in reverse order) is: [ 52.450046] [ 52.450049] -> #3 (report_lock){....}: [ 52.450063] _raw_spin_lock_irqsave+0x96/0xc0 [ 52.450066] kasan_report+0x8e/0x110 [ 52.450071] __asan_report_load8_noabort+0x14/0x20 [ 52.450074] __schedule+0xf54/0x1df0 [ 52.450079] preempt_schedule_common+0x22/0x60 [ 52.450083] _cond_resched+0x1d/0x30 [ 52.450087] wait_for_completion+0xa5/0x8d0 [ 52.450091] __synchronize_srcu+0x189/0x240 [ 52.450095] synchronize_srcu+0x335/0x56f [ 52.450100] kvm_page_track_unregister_notifier+0x17d/0x250 [ 52.450104] kvm_mmu_uninit_vm+0x1c/0x20 [ 52.450108] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 52.450112] kvm_put_kvm+0x73f/0x1060 [ 52.450116] kvm_vm_release+0x42/0x50 [ 52.450119] __fput+0x38a/0xa40 [ 52.450123] ____fput+0x15/0x20 [ 52.450126] task_work_run+0x1e8/0x2a0 [ 52.450138] do_exit+0x1ae4/0x26e0 [ 52.450142] do_group_exit+0x177/0x440 [ 52.450146] __x64_sys_exit_group+0x3e/0x50 [ 52.450150] do_syscall_64+0x1b9/0x820 [ 52.450155] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.450157] [ 52.450159] -> #2 (&rq->lock){-.-.}: [ 52.450173] _raw_spin_lock+0x2a/0x40 [ 52.450177] task_fork_fair+0x93/0x680 [ 52.450180] sched_fork+0x44b/0xbd0 [ 52.450184] copy_process+0x235e/0x7ad0 [ 52.450188] _do_fork+0x1ca/0x1170 [ 52.450191] kernel_thread+0x34/0x40 [ 52.450195] rest_init+0x22/0xe4 [ 52.450199] start_kernel+0x913/0x94e [ 52.450203] x86_64_start_reservations+0x29/0x2b [ 52.450207] x86_64_start_kernel+0x76/0x79 [ 52.450211] secondary_startup_64+0xa4/0xb0 [ 52.450213] [ 52.450215] -> #1 (&p->pi_lock){-.-.}: [ 52.450229] _raw_spin_lock_irqsave+0x96/0xc0 [ 52.450233] try_to_wake_up+0xd2/0x1250 [ 52.450237] wake_up_process+0x10/0x20 [ 52.450241] __up.isra.1+0x1c0/0x2a0 [ 52.450244] up+0x13c/0x1c0 [ 52.450248] __up_console_sem+0xbe/0x1b0 [ 52.450252] console_unlock+0x506/0x10d0 [ 52.450255] vprintk_emit+0x33a/0x910 [ 52.450259] vprintk_default+0x28/0x30 [ 52.450263] vprintk_func+0x7a/0x117 [ 52.450266] printk+0xa7/0xcf [ 52.450270] load_umh+0x51/0xbd [ 52.450273] do_one_initcall+0x127/0x838 [ 52.450278] kernel_init_freeable+0x4bb/0x5ae [ 52.450281] kernel_init+0x11/0x1b3 [ 52.450285] ret_from_fork+0x3a/0x50 [ 52.450287] [ 52.450289] -> #0 ((console_sem).lock){-...}: [ 52.450303] lock_acquire+0x1e4/0x4f0 [ 52.450307] _raw_spin_lock_irqsave+0x96/0xc0 [ 52.450311] down_trylock+0x13/0x70 [ 52.450315] __down_trylock_console_sem+0xae/0x200 [ 52.450319] console_trylock+0x15/0xa0 [ 52.450323] vprintk_emit+0x31f/0x910 [ 52.450327] vprintk_default+0x28/0x30 [ 52.450330] vprintk_func+0x7a/0x117 [ 52.450334] printk+0xa7/0xcf [ 52.450337] kasan_report+0x9e/0x110 [ 52.450342] __asan_report_load8_noabort+0x14/0x20 [ 52.450345] __schedule+0xf54/0x1df0 [ 52.450349] preempt_schedule_common+0x22/0x60 [ 52.450353] _cond_resched+0x1d/0x30 [ 52.450357] wait_for_completion+0xa5/0x8d0 [ 52.450361] __synchronize_srcu+0x189/0x240 [ 52.450365] synchronize_srcu+0x335/0x56f [ 52.450370] kvm_page_track_unregister_notifier+0x17d/0x250 [ 52.450374] kvm_mmu_uninit_vm+0x1c/0x20 [ 52.450378] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 52.450382] kvm_put_kvm+0x73f/0x1060 [ 52.450385] kvm_vm_release+0x42/0x50 [ 52.450389] __fput+0x38a/0xa40 [ 52.450392] ____fput+0x15/0x20 [ 52.450396] task_work_run+0x1e8/0x2a0 [ 52.450400] do_exit+0x1ae4/0x26e0 [ 52.450403] do_group_exit+0x177/0x440 [ 52.450407] __x64_sys_exit_group+0x3e/0x50 [ 52.450411] do_syscall_64+0x1b9/0x820 [ 52.450416] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.450418] [ 52.450422] other info that might help us debug this: [ 52.450424] [ 52.450427] Chain exists of: [ 52.450429] (console_sem).lock --> &rq->lock --> report_lock [ 52.450447] [ 52.450451] Possible unsafe locking scenario: [ 52.450453] [ 52.450457] CPU0 CPU1 [ 52.450461] ---- ---- [ 52.450463] lock(report_lock); [ 52.450472] lock(&rq->lock); [ 52.450481] lock(report_lock); [ 52.450489] lock((console_sem).lock); [ 52.450497] [ 52.450500] *** DEADLOCK *** [ 52.450502] [ 52.450506] 2 locks held by syz-executor459/4722: [ 52.450508] #0: 000000000ff775c1 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 52.450525] #1: 00000000ec24bf2a (report_lock){....}, at: kasan_report+0x8e/0x110 [ 52.450541] [ 52.450544] stack backtrace: [ 52.450550] CPU: 0 PID: 4722 Comm: syz-executor459 Not tainted 4.19.0-rc1+ #217 [ 52.450557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.450560] Call Trace: [ 52.450563] dump_stack+0x1c9/0x2b4 [ 52.450568] ? dump_stack_print_info.cold.2+0x52/0x52 [ 52.450572] ? vprintk_func+0x100/0x117 [ 52.450582] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 52.450585] ? save_trace+0xe0/0x290 [ 52.450588] __lock_acquire+0x3449/0x5020 [ 52.450592] ? mark_held_locks+0x160/0x160 [ 52.450596] ? mark_held_locks+0x160/0x160 [ 52.450600] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 52.450604] ? is_bpf_text_address+0xd7/0x170 [ 52.450608] ? kernel_text_address+0x79/0xf0 [ 52.450612] ? __kernel_text_address+0xd/0x40 [ 52.450616] ? __save_stack_trace+0x8d/0xf0 [ 52.450621] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 52.450624] ? save_trace+0x290/0x290 [ 52.450628] ? save_stack_trace+0x1a/0x20 [ 52.450632] ? save_trace+0xe0/0x290 [ 52.450635] ? graph_lock+0x170/0x170 [ 52.450640] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.450644] lock_acquire+0x1e4/0x4f0 [ 52.450647] ? down_trylock+0x13/0x70 [ 52.450651] ? lock_release+0x9f0/0x9f0 [ 52.450655] ? trace_hardirqs_off+0xb8/0x2b0 [ 52.450659] ? trace_hardirqs_on+0x2c0/0x2c0 [ 52.450663] ? trace_hardirqs_off+0xb8/0x2b0 [ 52.450667] ? log_store+0x34f/0x4c0 [ 52.450671] ? vprintk_emit+0x31f/0x910 [ 52.450675] _raw_spin_lock_irqsave+0x96/0xc0 [ 52.450678] ? down_trylock+0x13/0x70 [ 52.450682] down_trylock+0x13/0x70 [ 52.450686] __down_trylock_console_sem+0xae/0x200 [ 52.450690] console_trylock+0x15/0xa0 [ 52.450693] vprintk_emit+0x31f/0x910 [ 52.450697] ? wake_up_klogd+0x110/0x110 [ 52.450701] ? run_rebalance_domains+0x4c0/0x4c0 [ 52.450705] ? kasan_check_read+0x11/0x20 [ 52.450709] ? rcu_is_watching+0x8c/0x150 [ 52.450713] ? rcu_pm_notify+0xc0/0xc0 [ 52.450717] ? lock_acquire+0x1e4/0x4f0 [ 52.450720] ? kasan_report+0x8e/0x110 [ 52.450724] ? __schedule+0xf54/0x1df0 [ 52.450728] vprintk_default+0x28/0x30 [ 52.450731] vprintk_func+0x7a/0x117 [ 52.450735] printk+0xa7/0xcf [ 52.450739] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 52.450743] ? kasan_check_write+0x14/0x20 [ 52.450747] ? do_raw_spin_lock+0xc1/0x200 [ 52.450750] ? do_raw_spin_lock+0xc1/0x200 [ 52.450754] kasan_report+0x9e/0x110 [ 52.450758] __asan_report_load8_noabort+0x14/0x20 [ 52.450762] __schedule+0xf54/0x1df0 [ 52.450766] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 52.450770] ? __sched_text_start+0x8/0x8 [ 52.450774] ? __call_srcu+0x7e7/0x1040 [ 52.450778] ? check_same_owner+0x340/0x340 [ 52.450782] ? mark_held_locks+0x160/0x160 [ 52.450786] ? find_held_lock+0x36/0x1c0 [ 52.450790] preempt_schedule_common+0x22/0x60 [ 52.450794] _cond_resched+0x1d/0x30 [ 52.450798] wait_for_completion+0xa5/0x8d0 [ 52.450802] ? wait_for_completion_interruptible+0x950/0x950 [ 52.450806] ? __lockdep_init_map+0x105/0x590 [ 52.450811] ? __init_waitqueue_head+0x9e/0x150 [ 52.450814] ? init_wait_entry+0x1c0/0x1c0 [ 52.450818] __synchronize_srcu+0x189/0x240 [ 52.450822] ? call_srcu+0x10/0x10 [ 52.450826] ? rcu_unexpedite_gp+0x20/0x20 [ 52.450830] synchronize_srcu+0x335/0x56f [ 52.450834] ? lock_downgrade+0x8f0/0x8f0 [ 52.450838] ? synchronize_srcu_expedited+0x20/0x20 [ 52.450842] ? kasan_check_read+0x11/0x20 [ 52.450846] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 52.450850] ? kasan_check_write+0x14/0x20 [ 52.450854] ? do_raw_spin_lock+0xc1/0x200 [ 52.450859] kvm_page_track_unregister_notifier+0x17d/0x250 [ 52.450864] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 52.450867] ? kvfree+0x61/0x70 [ 52.450871] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.450875] kvm_mmu_uninit_vm+0x1c/0x20 [ 52.450879] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 52.450883] ? kvm_arch_sync_events+0x30/0x30 [ 52.450888] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.450892] ? mmu_notifier_unregister+0x474/0x600 [ 52.450897] ? trace_hardirqs_on+0x2c0/0x2c0 [ 52.450900] ? kfree+0x111/0x210 [ 52.450904] ? __mmu_notifier_register+0x30/0x30 [ 52.450908] ? __free_pages+0x10a/0x190 [ 52.450912] ? free_unref_page+0x930/0x930 [ 52.450915] kvm_put_kvm+0x73f/0x1060 [ 52.450920] ? kvm_write_guest_cached+0x40/0x40 [ 52.450924] ? _raw_spin_unlock_irq+0x27/0x70 [ 52.450928] ? _raw_spin_unlock_irq+0x27/0x70 [ 52.450932] ? lockdep_hardirqs_on+0x421/0x5c0 [ 52.450936] ? kasan_check_write+0x14/0x20 [ 52.450940] ? do_raw_spin_lock+0xc1/0x200 [ 52.450944] ? kvm_irqfd_release+0xdd/0x120 [ 52.450948] ? kvm_irqfd_release+0xdd/0x120 [ 52.450952] ? kvm_put_kvm+0x1060/0x1060 [ 52.450955] kvm_vm_release+0x42/0x50 [ 52.450959] __fput+0x38a/0xa40 [ 52.450962] ? __alloc_file+0x400/0x400 [ 52.450966] ? check_same_owner+0x340/0x340 [ 52.450970] ? kasan_check_write+0x14/0x20 [ 52.450974] ? do_raw_spin_lock+0xc1/0x200 [ 52.450977] ____fput+0x15/0x20 [ 52.450981] task_work_run+0x1e8/0x2a0 [ 52.450985] ? task_work_cancel+0x240/0x240 [ 52.450990] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.450994] ? switch_task_namespaces+0xa2/0xd0 [ 52.450997] do_exit+0x1ae4/0x26e0 [ 52.451001] ? mm_update_next_owner+0x9a0/0x9a0 [ 52.451005] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 52.451010] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.451013] ? kfree+0x1d7/0x210 [ 52.451017] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 52.451022] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 52.451026] ? _raw_spin_unlock_irq+0x27/0x70 [ 52.451028] ? [ 52.451037] Lost 52 message(s)! [ 53.510795] Shutting down cpus with NMI [ 54.570705] Dumping ftrace buffer: [ 54.574235] (ftrace buffer empty) [ 54.577924] Kernel Offset: disabled [ 54.581539] Rebooting in 86400 seconds..