[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.470457] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.430227] random: sshd: uninitialized urandom read (32 bytes read) [ 26.834404] random: sshd: uninitialized urandom read (32 bytes read) [ 27.378460] random: sshd: uninitialized urandom read (32 bytes read) [ 38.372280] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. [ 44.039620] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 44.139946] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 44.166264] ================================================================== [ 44.176236] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 44.182505] Read of size 8 at addr ffff8801ad8c0058 by task syz-executor031/4449 [ 44.190017] [ 44.191633] CPU: 1 PID: 4449 Comm: syz-executor031 Not tainted 4.19.0-rc1+ #211 [ 44.199059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.208491] Call Trace: [ 44.211072] dump_stack+0x1c9/0x2b4 [ 44.214688] ? dump_stack_print_info.cold.2+0x52/0x52 [ 44.219985] ? printk+0xa7/0xcf [ 44.223266] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 44.228005] ? __schedule+0xf54/0x1df0 [ 44.231933] print_address_description+0x6c/0x20b [ 44.236780] ? __schedule+0xf54/0x1df0 [ 44.240663] kasan_report.cold.7+0x242/0x30d [ 44.245067] __asan_report_load8_noabort+0x14/0x20 [ 44.249979] __schedule+0xf54/0x1df0 [ 44.253789] ? __sched_text_start+0x8/0x8 [ 44.257922] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 44.263027] ? __call_srcu+0x7e7/0x1040 [ 44.267001] ? check_same_owner+0x340/0x340 [ 44.271310] ? mark_held_locks+0x160/0x160 [ 44.275615] ? find_held_lock+0x36/0x1c0 [ 44.279675] preempt_schedule_common+0x22/0x60 [ 44.284239] _cond_resched+0x1d/0x30 [ 44.287936] wait_for_completion+0xa5/0x8d0 [ 44.292242] ? wait_for_completion_interruptible+0x950/0x950 [ 44.298035] ? __lockdep_init_map+0x105/0x590 [ 44.302619] ? __init_waitqueue_head+0x9e/0x150 [ 44.307274] ? init_wait_entry+0x1c0/0x1c0 [ 44.311492] __synchronize_srcu+0x189/0x240 [ 44.315862] ? call_srcu+0x10/0x10 [ 44.319393] ? rcu_unexpedite_gp+0x20/0x20 [ 44.323614] synchronize_srcu+0x335/0x56f [ 44.327742] ? lock_downgrade+0x8f0/0x8f0 [ 44.331996] ? synchronize_srcu_expedited+0x20/0x20 [ 44.336999] ? kasan_check_read+0x11/0x20 [ 44.341133] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 44.345704] ? kasan_check_write+0x14/0x20 [ 44.349924] ? do_raw_spin_lock+0xc1/0x200 [ 44.354153] kvm_page_track_unregister_notifier+0x17d/0x250 [ 44.359862] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 44.365309] ? kvfree+0x61/0x70 [ 44.368592] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.373700] kvm_mmu_uninit_vm+0x1c/0x20 [ 44.377758] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 44.382159] ? kvm_arch_sync_events+0x30/0x30 [ 44.386644] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 44.392169] ? mmu_notifier_unregister+0x474/0x600 [ 44.397087] ? trace_hardirqs_on+0x2c0/0x2c0 [ 44.401490] ? kfree+0x111/0x210 [ 44.404852] ? __mmu_notifier_register+0x30/0x30 [ 44.409602] ? __free_pages+0x10a/0x190 [ 44.413564] ? free_unref_page+0x930/0x930 [ 44.417792] kvm_put_kvm+0x73f/0x1060 [ 44.421585] ? kvm_write_guest_cached+0x40/0x40 [ 44.426248] ? _raw_spin_unlock_irq+0x27/0x70 [ 44.430733] ? _raw_spin_unlock_irq+0x27/0x70 [ 44.435315] ? lockdep_hardirqs_on+0x421/0x5c0 [ 44.439898] ? kasan_check_write+0x14/0x20 [ 44.444120] ? do_raw_spin_lock+0xc1/0x200 [ 44.448349] ? kvm_irqfd_release+0xdd/0x120 [ 44.452717] ? kvm_irqfd_release+0xdd/0x120 [ 44.457091] ? kvm_put_kvm+0x1060/0x1060 [ 44.461147] kvm_vm_release+0x42/0x50 [ 44.464950] __fput+0x36e/0x8c0 [ 44.468225] ? __alloc_file+0x400/0x400 [ 44.472190] ? check_same_owner+0x340/0x340 [ 44.476498] ? kasan_check_write+0x14/0x20 [ 44.480716] ? do_raw_spin_lock+0xc1/0x200 [ 44.484938] ____fput+0x15/0x20 [ 44.488205] task_work_run+0x1e8/0x2a0 [ 44.492083] ? task_work_cancel+0x240/0x240 [ 44.496394] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 44.501922] ? switch_task_namespaces+0xa2/0xd0 [ 44.506575] do_exit+0x1ae4/0x26e0 [ 44.510098] ? mm_update_next_owner+0x9a0/0x9a0 [ 44.514753] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 44.518979] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.523988] ? kfree+0x1d7/0x210 [ 44.527359] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 44.531583] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 44.537324] ? is_bpf_text_address+0xd7/0x170 [ 44.541815] ? kernel_text_address+0x79/0xf0 [ 44.546203] ? __kernel_text_address+0xd/0x40 [ 44.550687] ? unwind_get_return_address+0x61/0xa0 [ 44.555625] ? __save_stack_trace+0x8d/0xf0 [ 44.559929] ? save_stack+0xa9/0xd0 [ 44.563537] ? save_stack+0x43/0xd0 [ 44.567148] ? __kasan_slab_free+0x11a/0x170 [ 44.571564] ? kasan_slab_free+0xe/0x10 [ 44.575587] ? putname+0xf2/0x130 [ 44.579042] ? __x64_sys_openat+0x9d/0x100 [ 44.583258] ? do_syscall_64+0x1b9/0x820 [ 44.587350] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.592716] ? trace_hardirqs_off+0xb8/0x2b0 [ 44.597132] ? kasan_check_read+0x11/0x20 [ 44.601268] ? do_raw_spin_unlock+0xa7/0x2f0 [ 44.605656] ? trace_hardirqs_on+0x2c0/0x2c0 [ 44.610047] ? initcall_blacklisted+0x9a/0x1e0 [ 44.614622] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 44.619714] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 44.625410] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.630927] ? do_vfs_ioctl+0x201/0x1720 [ 44.634966] ? rcu_is_watching+0x8c/0x150 [ 44.639097] ? trace_hardirqs_on+0xbd/0x2c0 [ 44.643407] ? ioctl_preallocate+0x300/0x300 [ 44.647800] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.653374] ? __fget_light+0x2f7/0x440 [ 44.657359] ? fget_raw+0x20/0x20 [ 44.660829] ? putname+0xf2/0x130 [ 44.664269] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.669307] ? kmem_cache_free+0x246/0x280 [ 44.673631] ? putname+0xf7/0x130 [ 44.677073] do_group_exit+0x177/0x440 [ 44.680945] ? trace_hardirqs_on+0xbd/0x2c0 [ 44.685260] ? __ia32_sys_exit+0x50/0x50 [ 44.689319] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 44.694444] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.699968] ? ksys_ioctl+0x81/0xd0 [ 44.703586] __x64_sys_exit_group+0x3e/0x50 [ 44.707894] do_syscall_64+0x1b9/0x820 [ 44.711767] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 44.717114] ? syscall_return_slowpath+0x5e0/0x5e0 [ 44.722026] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.726856] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 44.731858] ? prepare_exit_to_usermode+0x291/0x3b0 [ 44.736866] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.741713] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.746996] RIP: 0033:0x43ef08 [ 44.750180] Code: Bad RIP value. [ 44.753539] RSP: 002b:00007fff5aad8468 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 44.761327] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 44.768592] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 44.775844] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 44.783097] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 44.790360] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 44.797616] [ 44.799226] Allocated by task 4449: [ 44.802844] save_stack+0x43/0xd0 [ 44.806285] kasan_kmalloc+0xc4/0xe0 [ 44.809983] kasan_slab_alloc+0x12/0x20 [ 44.813946] kmem_cache_alloc+0x12e/0x710 [ 44.818145] vmx_create_vcpu+0xcf/0x2830 [ 44.822198] kvm_arch_vcpu_create+0xe5/0x220 [ 44.826590] kvm_vm_ioctl+0x488/0x1d80 [ 44.830459] do_vfs_ioctl+0x1de/0x1720 [ 44.834399] ksys_ioctl+0xa9/0xd0 [ 44.837847] __x64_sys_ioctl+0x73/0xb0 [ 44.841729] do_syscall_64+0x1b9/0x820 [ 44.845616] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.850806] [ 44.852420] Freed by task 4449: [ 44.855687] save_stack+0x43/0xd0 [ 44.859122] __kasan_slab_free+0x11a/0x170 [ 44.863526] kasan_slab_free+0xe/0x10 [ 44.867434] kmem_cache_free+0x86/0x280 [ 44.871450] vmx_free_vcpu+0x26b/0x300 [ 44.875324] kvm_arch_destroy_vm+0x365/0x7c0 [ 44.879724] kvm_put_kvm+0x73f/0x1060 [ 44.883505] kvm_vm_release+0x42/0x50 [ 44.887290] __fput+0x36e/0x8c0 [ 44.890562] ____fput+0x15/0x20 [ 44.893827] task_work_run+0x1e8/0x2a0 [ 44.897799] do_exit+0x1ae4/0x26e0 [ 44.901327] do_group_exit+0x177/0x440 [ 44.905438] __x64_sys_exit_group+0x3e/0x50 [ 44.909755] do_syscall_64+0x1b9/0x820 [ 44.913657] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.918828] [ 44.920440] The buggy address belongs to the object at ffff8801ad8c0040 [ 44.920440] which belongs to the cache kvm_vcpu of size 23872 [ 44.933081] The buggy address is located 24 bytes inside of [ 44.933081] 23872-byte region [ffff8801ad8c0040, ffff8801ad8c5d80) [ 44.945037] The buggy address belongs to the page: [ 44.949961] page:ffffea0006b63000 count:1 mapcount:0 mapping:ffff8801d865a480 index:0x0 compound_mapcount: 0 [ 44.959917] flags: 0x2fffc0000008100(slab|head) [ 44.964580] raw: 02fffc0000008100 ffff8801d6f96148 ffff8801d6f96148 ffff8801d865a480 [ 44.972545] raw: 0000000000000000 ffff8801ad8c0040 0000000100000001 0000000000000000 [ 44.980401] page dumped because: kasan: bad access detected [ 44.986091] [ 44.987700] Memory state around the buggy address: [ 44.992615] ffff8801ad8bff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.999958] ffff8801ad8bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.007307] >ffff8801ad8c0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 45.014663] ^ [ 45.020871] ffff8801ad8c0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.028219] ffff8801ad8c0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.035556] ================================================================== [ 45.042896] Kernel panic - not syncing: panic_on_warn set ... [ 45.042896] [ 45.050240] CPU: 1 PID: 4449 Comm: syz-executor031 Tainted: G B 4.19.0-rc1+ #211 [ 45.059050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.068385] Call Trace: [ 45.071010] dump_stack+0x1c9/0x2b4 [ 45.074634] ? dump_stack_print_info.cold.2+0x52/0x52 [ 45.079909] ? lock_downgrade+0x8f0/0x8f0 [ 45.084039] ? __schedule+0xf54/0x1df0 [ 45.087910] panic+0x238/0x4e7 [ 45.091083] ? add_taint.cold.5+0x16/0x16 [ 45.095213] ? print_shadow_for_address+0xba/0x116 [ 45.100126] ? trace_hardirqs_off+0xaf/0x2b0 [ 45.104522] ? trace_hardirqs_off+0x77/0x2b0 [ 45.108918] ? __schedule+0xf54/0x1df0 [ 45.112791] kasan_end_report+0x47/0x4f [ 45.116765] kasan_report.cold.7+0x76/0x30d [ 45.121080] __asan_report_load8_noabort+0x14/0x20 [ 45.125993] __schedule+0xf54/0x1df0 [ 45.129692] ? __sched_text_start+0x8/0x8 [ 45.133821] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 45.138926] ? __call_srcu+0x7e7/0x1040 [ 45.142894] ? check_same_owner+0x340/0x340 [ 45.147197] ? mark_held_locks+0x160/0x160 [ 45.151413] ? find_held_lock+0x36/0x1c0 [ 45.155459] preempt_schedule_common+0x22/0x60 [ 45.160096] _cond_resched+0x1d/0x30 [ 45.163802] wait_for_completion+0xa5/0x8d0 [ 45.168112] ? wait_for_completion_interruptible+0x950/0x950 [ 45.173911] ? __lockdep_init_map+0x105/0x590 [ 45.178436] ? __init_waitqueue_head+0x9e/0x150 [ 45.183105] ? init_wait_entry+0x1c0/0x1c0 [ 45.187330] __synchronize_srcu+0x189/0x240 [ 45.191646] ? call_srcu+0x10/0x10 [ 45.195169] ? rcu_unexpedite_gp+0x20/0x20 [ 45.199388] synchronize_srcu+0x335/0x56f [ 45.203520] ? lock_downgrade+0x8f0/0x8f0 [ 45.207652] ? synchronize_srcu_expedited+0x20/0x20 [ 45.212658] ? kasan_check_read+0x11/0x20 [ 45.216796] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 45.221368] ? kasan_check_write+0x14/0x20 [ 45.225587] ? do_raw_spin_lock+0xc1/0x200 [ 45.229816] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.235517] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 45.240955] ? kvfree+0x61/0x70 [ 45.244222] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.249231] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.253391] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.257803] ? kvm_arch_sync_events+0x30/0x30 [ 45.262285] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.267805] ? mmu_notifier_unregister+0x474/0x600 [ 45.272826] ? trace_hardirqs_on+0x2c0/0x2c0 [ 45.277234] ? kfree+0x111/0x210 [ 45.280605] ? __mmu_notifier_register+0x30/0x30 [ 45.285415] ? __free_pages+0x10a/0x190 [ 45.289553] ? free_unref_page+0x930/0x930 [ 45.293777] kvm_put_kvm+0x73f/0x1060 [ 45.297566] ? kvm_write_guest_cached+0x40/0x40 [ 45.302220] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.306698] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.311175] ? lockdep_hardirqs_on+0x421/0x5c0 [ 45.315740] ? kasan_check_write+0x14/0x20 [ 45.319961] ? do_raw_spin_lock+0xc1/0x200 [ 45.324179] ? kvm_irqfd_release+0xdd/0x120 [ 45.328487] ? kvm_irqfd_release+0xdd/0x120 [ 45.332799] ? kvm_put_kvm+0x1060/0x1060 [ 45.336843] kvm_vm_release+0x42/0x50 [ 45.340622] __fput+0x36e/0x8c0 [ 45.343881] ? __alloc_file+0x400/0x400 [ 45.347836] ? check_same_owner+0x340/0x340 [ 45.352139] ? kasan_check_write+0x14/0x20 [ 45.356380] ? do_raw_spin_lock+0xc1/0x200 [ 45.360616] ____fput+0x15/0x20 [ 45.363894] task_work_run+0x1e8/0x2a0 [ 45.367904] ? task_work_cancel+0x240/0x240 [ 45.372264] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.377827] ? switch_task_namespaces+0xa2/0xd0 [ 45.382519] do_exit+0x1ae4/0x26e0 [ 45.386085] ? mm_update_next_owner+0x9a0/0x9a0 [ 45.390785] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 45.395064] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.400099] ? kfree+0x1d7/0x210 [ 45.403508] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 45.407765] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 45.413484] ? is_bpf_text_address+0xd7/0x170 [ 45.418018] ? kernel_text_address+0x79/0xf0 [ 45.422423] ? __kernel_text_address+0xd/0x40 [ 45.426921] ? unwind_get_return_address+0x61/0xa0 [ 45.431927] ? __save_stack_trace+0x8d/0xf0 [ 45.436256] ? save_stack+0xa9/0xd0 [ 45.439888] ? save_stack+0x43/0xd0 [ 45.443526] ? __kasan_slab_free+0x11a/0x170 [ 45.447940] ? kasan_slab_free+0xe/0x10 [ 45.451924] ? putname+0xf2/0x130 [ 45.455375] ? __x64_sys_openat+0x9d/0x100 [ 45.459609] ? do_syscall_64+0x1b9/0x820 [ 45.463674] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.469042] ? trace_hardirqs_off+0xb8/0x2b0 [ 45.473472] ? kasan_check_read+0x11/0x20 [ 45.477623] ? do_raw_spin_unlock+0xa7/0x2f0 [ 45.482031] ? trace_hardirqs_on+0x2c0/0x2c0 [ 45.486462] ? initcall_blacklisted+0x9a/0x1e0 [ 45.491055] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 45.496162] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 45.501876] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.507420] ? do_vfs_ioctl+0x201/0x1720 [ 45.511496] ? rcu_is_watching+0x8c/0x150 [ 45.515682] ? trace_hardirqs_on+0xbd/0x2c0 [ 45.520043] ? ioctl_preallocate+0x300/0x300 [ 45.524456] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.529994] ? __fget_light+0x2f7/0x440 [ 45.533990] ? fget_raw+0x20/0x20 [ 45.537578] ? putname+0xf2/0x130 [ 45.541033] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.546061] ? kmem_cache_free+0x246/0x280 [ 45.550291] ? putname+0xf7/0x130 [ 45.553749] do_group_exit+0x177/0x440 [ 45.557634] ? trace_hardirqs_on+0xbd/0x2c0 [ 45.561959] ? __ia32_sys_exit+0x50/0x50 [ 45.566038] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 45.571147] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.576709] ? ksys_ioctl+0x81/0xd0 [ 45.580363] __x64_sys_exit_group+0x3e/0x50 [ 45.584696] do_syscall_64+0x1b9/0x820 [ 45.588615] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 45.593995] ? syscall_return_slowpath+0x5e0/0x5e0 [ 45.598929] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.603796] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 45.608814] ? prepare_exit_to_usermode+0x291/0x3b0 [ 45.613836] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.618685] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.623877] RIP: 0033:0x43ef08 [ 45.627097] Code: Bad RIP value. [ 45.630461] RSP: 002b:00007fff5aad8468 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 45.638179] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 45.645449] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 45.652715] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 45.659985] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 45.667250] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 45.674565] [ 45.674571] ====================================================== [ 45.674576] WARNING: possible circular locking dependency detected [ 45.674580] 4.19.0-rc1+ #211 Not tainted [ 45.674585] ------------------------------------------------------ [ 45.674590] syz-executor031/4449 is trying to acquire lock: [ 45.674594] 0000000066a63478 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 45.674609] [ 45.674613] but task is already holding lock: [ 45.674616] 00000000d9d308bf (report_lock){....}, at: kasan_report+0x8e/0x110 [ 45.674630] [ 45.674634] which lock already depends on the new lock. [ 45.674636] [ 45.674639] [ 45.674644] the existing dependency chain (in reverse order) is: [ 45.674646] [ 45.674648] -> #3 (report_lock){....}: [ 45.674662] _raw_spin_lock_irqsave+0x96/0xc0 [ 45.674666] kasan_report+0x8e/0x110 [ 45.674671] __asan_report_load8_noabort+0x14/0x20 [ 45.674674] __schedule+0xf54/0x1df0 [ 45.674679] preempt_schedule_common+0x22/0x60 [ 45.674682] _cond_resched+0x1d/0x30 [ 45.674687] wait_for_completion+0xa5/0x8d0 [ 45.674691] __synchronize_srcu+0x189/0x240 [ 45.674695] synchronize_srcu+0x335/0x56f [ 45.674699] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.674703] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.674707] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.674711] kvm_put_kvm+0x73f/0x1060 [ 45.674715] kvm_vm_release+0x42/0x50 [ 45.674718] __fput+0x36e/0x8c0 [ 45.674722] ____fput+0x15/0x20 [ 45.674726] task_work_run+0x1e8/0x2a0 [ 45.674729] do_exit+0x1ae4/0x26e0 [ 45.674733] do_group_exit+0x177/0x440 [ 45.674737] __x64_sys_exit_group+0x3e/0x50 [ 45.674741] do_syscall_64+0x1b9/0x820 [ 45.674745] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.674748] [ 45.674750] -> #2 (&rq->lock){-.-.}: [ 45.674763] _raw_spin_lock+0x2a/0x40 [ 45.674767] task_fork_fair+0x93/0x680 [ 45.674771] sched_fork+0x44b/0xbd0 [ 45.674775] copy_process+0x235e/0x7ad0 [ 45.674778] _do_fork+0x1ca/0x1170 [ 45.674789] kernel_thread+0x34/0x40 [ 45.674793] rest_init+0x22/0xe4 [ 45.674797] start_kernel+0x913/0x94e [ 45.674801] x86_64_start_reservations+0x29/0x2b [ 45.674805] x86_64_start_kernel+0x76/0x79 [ 45.674809] secondary_startup_64+0xa4/0xb0 [ 45.674811] [ 45.674813] -> #1 (&p->pi_lock){-.-.}: [ 45.674827] _raw_spin_lock_irqsave+0x96/0xc0 [ 45.674831] try_to_wake_up+0xd2/0x1250 [ 45.674835] wake_up_process+0x10/0x20 [ 45.674839] __up.isra.1+0x1c0/0x2a0 [ 45.674842] up+0x13c/0x1c0 [ 45.674846] __up_console_sem+0xbe/0x1b0 [ 45.674850] console_unlock+0x506/0x10d0 [ 45.674853] vprintk_emit+0x33a/0x910 [ 45.674857] vprintk_default+0x28/0x30 [ 45.674861] vprintk_func+0x7a/0x117 [ 45.674864] printk+0xa7/0xcf [ 45.674868] load_umh+0x51/0xbd [ 45.674872] do_one_initcall+0x127/0x838 [ 45.674876] kernel_init_freeable+0x4bb/0x5ae [ 45.674879] kernel_init+0x11/0x1b3 [ 45.674883] ret_from_fork+0x3a/0x50 [ 45.674885] [ 45.674887] -> #0 ((console_sem).lock){-...}: [ 45.674901] lock_acquire+0x1e4/0x4f0 [ 45.674906] _raw_spin_lock_irqsave+0x96/0xc0 [ 45.674909] down_trylock+0x13/0x70 [ 45.674914] __down_trylock_console_sem+0xae/0x200 [ 45.674917] console_trylock+0x15/0xa0 [ 45.674921] vprintk_emit+0x31f/0x910 [ 45.674925] vprintk_default+0x28/0x30 [ 45.674929] vprintk_func+0x7a/0x117 [ 45.674932] printk+0xa7/0xcf [ 45.674936] kasan_report+0x9e/0x110 [ 45.674940] __asan_report_load8_noabort+0x14/0x20 [ 45.674944] __schedule+0xf54/0x1df0 [ 45.674948] preempt_schedule_common+0x22/0x60 [ 45.674952] _cond_resched+0x1d/0x30 [ 45.674956] wait_for_completion+0xa5/0x8d0 [ 45.674960] __synchronize_srcu+0x189/0x240 [ 45.674964] synchronize_srcu+0x335/0x56f [ 45.674969] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.674979] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.674983] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.674987] kvm_put_kvm+0x73f/0x1060 [ 45.674991] kvm_vm_release+0x42/0x50 [ 45.674994] __fput+0x36e/0x8c0 [ 45.674997] ____fput+0x15/0x20 [ 45.675001] task_work_run+0x1e8/0x2a0 [ 45.675005] do_exit+0x1ae4/0x26e0 [ 45.675009] do_group_exit+0x177/0x440 [ 45.675013] __x64_sys_exit_group+0x3e/0x50 [ 45.675016] do_syscall_64+0x1b9/0x820 [ 45.675021] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.675023] [ 45.675028] other info that might help us debug this: [ 45.675030] [ 45.675033] Chain exists of: [ 45.675035] (console_sem).lock --> &rq->lock --> report_lock [ 45.675053] [ 45.675057] Possible unsafe locking scenario: [ 45.675059] [ 45.675063] CPU0 CPU1 [ 45.675067] ---- ---- [ 45.675069] lock(report_lock); [ 45.675079] lock(&rq->lock); [ 45.675088] lock(report_lock); [ 45.675095] lock((console_sem).lock); [ 45.675103] [ 45.675106] *** DEADLOCK *** [ 45.675108] [ 45.675112] 2 locks held by syz-executor031/4449: [ 45.675115] #0: 00000000898c5ea2 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 45.675131] #1: 00000000d9d308bf (report_lock){....}, at: kasan_report+0x8e/0x110 [ 45.675147] [ 45.675150] stack backtrace: [ 45.675156] CPU: 1 PID: 4449 Comm: syz-executor031 Not tainted 4.19.0-rc1+ #211 [ 45.675163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.675166] Call Trace: [ 45.675170] dump_stack+0x1c9/0x2b4 [ 45.675174] ? dump_stack_print_info.cold.2+0x52/0x52 [ 45.675178] ? vprintk_func+0x100/0x117 [ 45.675183] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 45.675186] ? save_trace+0xe0/0x290 [ 45.675190] __lock_acquire+0x3449/0x5020 [ 45.675194] ? mark_held_locks+0x160/0x160 [ 45.675198] ? mark_held_locks+0x160/0x160 [ 45.675202] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 45.675207] ? is_bpf_text_address+0xd7/0x170 [ 45.675211] ? kernel_text_address+0x79/0xf0 [ 45.675215] ? __kernel_text_address+0xd/0x40 [ 45.675219] ? __save_stack_trace+0x8d/0xf0 [ 45.675223] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 45.675227] ? save_trace+0x290/0x290 [ 45.675231] ? save_stack_trace+0x1a/0x20 [ 45.675234] ? save_trace+0xe0/0x290 [ 45.675238] ? graph_lock+0x170/0x170 [ 45.675243] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.675246] lock_acquire+0x1e4/0x4f0 [ 45.675250] ? down_trylock+0x13/0x70 [ 45.675254] ? lock_release+0x9f0/0x9f0 [ 45.675258] ? trace_hardirqs_off+0xb8/0x2b0 [ 45.675262] ? trace_hardirqs_on+0x2c0/0x2c0 [ 45.675266] ? trace_hardirqs_off+0xb8/0x2b0 [ 45.675270] ? log_store+0x34f/0x4c0 [ 45.675273] ? vprintk_emit+0x31f/0x910 [ 45.675277] _raw_spin_lock_irqsave+0x96/0xc0 [ 45.675281] ? down_trylock+0x13/0x70 [ 45.675285] down_trylock+0x13/0x70 [ 45.675289] __down_trylock_console_sem+0xae/0x200 [ 45.675293] console_trylock+0x15/0xa0 [ 45.675296] vprintk_emit+0x31f/0x910 [ 45.675300] ? wake_up_klogd+0x110/0x110 [ 45.675304] ? run_rebalance_domains+0x4c0/0x4c0 [ 45.675308] ? kasan_check_read+0x11/0x20 [ 45.675312] ? rcu_is_watching+0x8c/0x150 [ 45.675316] ? rcu_pm_notify+0xc0/0xc0 [ 45.675320] ? lock_acquire+0x1e4/0x4f0 [ 45.675323] ? kasan_report+0x8e/0x110 [ 45.675327] ? __schedule+0xf54/0x1df0 [ 45.675331] vprintk_default+0x28/0x30 [ 45.675343] vprintk_func+0x7a/0x117 [ 45.675346] printk+0xa7/0xcf [ 45.675351] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 45.675355] ? kasan_check_write+0x14/0x20 [ 45.675359] ? do_raw_spin_lock+0xc1/0x200 [ 45.675362] ? do_raw_spin_lock+0xc1/0x200 [ 45.675366] kasan_report+0x9e/0x110 [ 45.675370] __asan_report_load8_noabort+0x14/0x20 [ 45.675374] __schedule+0xf54/0x1df0 [ 45.675378] ? __sched_text_start+0x8/0x8 [ 45.675382] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 45.675386] ? __call_srcu+0x7e7/0x1040 [ 45.675390] ? check_same_owner+0x340/0x340 [ 45.675394] ? mark_held_locks+0x160/0x160 [ 45.675398] ? find_held_lock+0x36/0x1c0 [ 45.675402] preempt_schedule_common+0x22/0x60 [ 45.675406] _cond_resched+0x1d/0x30 [ 45.675410] wait_for_completion+0xa5/0x8d0 [ 45.675415] ? wait_for_completion_interruptible+0x950/0x950 [ 45.675419] ? __lockdep_init_map+0x105/0x590 [ 45.675423] ? __init_waitqueue_head+0x9e/0x150 [ 45.675427] ? init_wait_entry+0x1c0/0x1c0 [ 45.675431] __synchronize_srcu+0x189/0x240 [ 45.675435] ? call_srcu+0x10/0x10 [ 45.675439] ? rcu_unexpedite_gp+0x20/0x20 [ 45.675443] synchronize_srcu+0x335/0x56f [ 45.675447] ? lock_downgrade+0x8f0/0x8f0 [ 45.675452] ? synchronize_srcu_expedited+0x20/0x20 [ 45.675456] ? kasan_check_read+0x11/0x20 [ 45.675460] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 45.675464] ? kasan_check_write+0x14/0x20 [ 45.675468] ? do_raw_spin_lock+0xc1/0x200 [ 45.675472] kvm_page_track_unregister_notifier+0x17d/0x250 [ 45.675478] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 45.675481] ? kvfree+0x61/0x70 [ 45.675486] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.675489] kvm_mmu_uninit_vm+0x1c/0x20 [ 45.675493] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 45.675498] ? kvm_arch_sync_events+0x30/0x30 [ 45.675502] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.675507] ? mmu_notifier_unregister+0x474/0x600 [ 45.675511] ? trace_hardirqs_on+0x2c0/0x2c0 [ 45.675514] ? kfree+0x111/0x210 [ 45.675518] ? __mmu_notifier_register+0x30/0x30 [ 45.675522] ? __free_pages+0x10a/0x190 [ 45.675526] ? free_unref_page+0x930/0x930 [ 45.675530] kvm_put_kvm+0x73f/0x1060 [ 45.675534] ? kvm_write_guest_cached+0x40/0x40 [ 45.675539] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.675543] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.675547] ? lockdep_hardirqs_on+0x421/0x5c0 [ 45.675551] ? kasan_check_write+0x14/0x20 [ 45.675555] ? do_raw_spin_lock+0xc1/0x200 [ 45.675559] ? kvm_irqfd_release+0xdd/0x120 [ 45.675563] ? kvm_irqfd_release+0xdd/0x120 [ 45.675567] ? kvm_put_kvm+0x1060/0x1060 [ 45.675571] kvm_vm_release+0x42/0x50 [ 45.675574] __fput+0x36e/0x8c0 [ 45.675578] ? __alloc_file+0x400/0x400 [ 45.675582] ? check_same_owner+0x340/0x340 [ 45.675586] ? kasan_check_write+0x14/0x20 [ 45.675590] ? do_raw_spin_lock+0xc1/0x200 [ 45.675593] ____fput+0x15/0x20 [ 45.675597] task_work_run+0x1e8/0x2a0 [ 45.675601] ? task_work_cancel+0x240/0x240 [ 45.675605] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.675610] ? switch_task_namespaces+0xa2/0xd0 [ 45.675613] do_exit+0x1ae4/0x26e0 [ 45.675617] ? mm_update_next_owner+0x9a0/0x9a0 [ 45.675621] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 45.675626] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.675629] ? kfree+0x1d7/0x210 [ 45.675633] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 45.675638] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 45.675642] ? is_bpf_text_address+0xd7/0x170 [ 45.675644] ? [ 45.675653] Lost 54 message(s)! [ 46.765684] Shutting down cpus with NMI [ 47.826304] Dumping ftrace buffer: [ 47.829828] (ftrace buffer empty) [ 47.833564] Kernel Offset: disabled [ 47.837174] Rebooting in 86400 seconds..