[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.111204] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.503659] random: sshd: uninitialized urandom read (32 bytes read) [ 24.761218] random: sshd: uninitialized urandom read (32 bytes read) [ 25.251049] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. [ 31.083648] urandom_read: 1 callbacks suppressed [ 31.083653] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 31.191615] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 31.215622] ================================================================== [ 31.225400] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 31.231624] Read of size 8 at addr ffff8801d9be0058 by task syz-executor344/4471 [ 31.239137] [ 31.240759] CPU: 0 PID: 4471 Comm: syz-executor344 Not tainted 4.18.0+ #206 [ 31.247845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.257188] Call Trace: [ 31.259772] dump_stack+0x1c9/0x2b4 [ 31.263398] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.268579] ? printk+0xa7/0xcf [ 31.271852] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 31.276601] ? __schedule+0xf54/0x1df0 [ 31.280479] print_address_description+0x6c/0x20b [ 31.285317] ? __schedule+0xf54/0x1df0 [ 31.289201] kasan_report.cold.7+0x242/0x30d [ 31.293606] __asan_report_load8_noabort+0x14/0x20 [ 31.298529] __schedule+0xf54/0x1df0 [ 31.302235] ? __sched_text_start+0x8/0x8 [ 31.306387] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 31.311497] ? __call_srcu+0x7e7/0x1040 [ 31.315470] ? check_same_owner+0x340/0x340 [ 31.319781] ? mark_held_locks+0x160/0x160 [ 31.324021] ? find_held_lock+0x36/0x1c0 [ 31.328096] preempt_schedule_common+0x22/0x60 [ 31.332682] _cond_resched+0x1d/0x30 [ 31.336385] wait_for_completion+0xa5/0x8d0 [ 31.340699] ? wait_for_completion_interruptible+0x950/0x950 [ 31.346502] ? __lockdep_init_map+0x105/0x590 [ 31.350991] ? __init_waitqueue_head+0x9e/0x150 [ 31.355652] ? init_wait_entry+0x1c0/0x1c0 [ 31.359879] __synchronize_srcu+0x189/0x240 [ 31.364190] ? call_srcu+0x10/0x10 [ 31.367734] ? rcu_unexpedite_gp+0x20/0x20 [ 31.371967] synchronize_srcu+0x335/0x56f [ 31.376116] ? lock_downgrade+0x8f0/0x8f0 [ 31.380253] ? synchronize_srcu_expedited+0x20/0x20 [ 31.385274] ? kasan_check_read+0x11/0x20 [ 31.389426] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 31.394010] ? kasan_check_write+0x14/0x20 [ 31.398261] ? do_raw_spin_lock+0xc1/0x200 [ 31.402511] kvm_page_track_unregister_notifier+0x17d/0x250 [ 31.408246] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 31.413699] ? kvfree+0x61/0x70 [ 31.416974] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.421981] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.426044] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 31.430912] ? kvm_arch_sync_events+0x30/0x30 [ 31.435406] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.440939] ? mmu_notifier_unregister+0x474/0x600 [ 31.445867] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.450276] ? kfree+0x111/0x210 [ 31.453635] ? __mmu_notifier_register+0x30/0x30 [ 31.458391] ? __free_pages+0x10a/0x190 [ 31.462358] ? free_unref_page+0x930/0x930 [ 31.466589] kvm_put_kvm+0x73f/0x1060 [ 31.470394] ? kvm_write_guest_cached+0x40/0x40 [ 31.475070] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.479568] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.484056] ? lockdep_hardirqs_on+0x421/0x5c0 [ 31.488639] ? kasan_check_write+0x14/0x20 [ 31.492863] ? do_raw_spin_lock+0xc1/0x200 [ 31.497098] ? kvm_irqfd_release+0xdd/0x120 [ 31.501411] ? kvm_put_kvm+0x1060/0x1060 [ 31.505462] kvm_vm_release+0x42/0x50 [ 31.509270] __fput+0x36e/0x8c0 [ 31.512544] ? __alloc_file+0x400/0x400 [ 31.516516] ? check_same_owner+0x340/0x340 [ 31.520842] ? kasan_check_write+0x14/0x20 [ 31.525080] ? do_raw_spin_lock+0xc1/0x200 [ 31.529318] ____fput+0x15/0x20 [ 31.532612] task_work_run+0x1e8/0x2a0 [ 31.536518] ? task_work_cancel+0x240/0x240 [ 31.540842] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.546381] ? switch_task_namespaces+0xa2/0xd0 [ 31.551111] do_exit+0x1ae4/0x26e0 [ 31.554652] ? mm_update_next_owner+0x9a0/0x9a0 [ 31.559321] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 31.563546] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.568551] ? kfree+0x1d7/0x210 [ 31.571919] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 31.576149] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 31.581854] ? is_bpf_text_address+0xd7/0x170 [ 31.586338] ? kernel_text_address+0x79/0xf0 [ 31.590737] ? __kernel_text_address+0xd/0x40 [ 31.595238] ? unwind_get_return_address+0x61/0xa0 [ 31.600193] ? __save_stack_trace+0x8d/0xf0 [ 31.604514] ? save_stack+0xa9/0xd0 [ 31.608145] ? save_stack+0x43/0xd0 [ 31.611771] ? __kasan_slab_free+0x11a/0x170 [ 31.616166] ? kasan_slab_free+0xe/0x10 [ 31.620131] ? putname+0xf2/0x130 [ 31.623576] ? __x64_sys_openat+0x9d/0x100 [ 31.627805] ? do_syscall_64+0x1b9/0x820 [ 31.631859] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.637228] ? trace_hardirqs_off+0xb8/0x2b0 [ 31.641623] ? kasan_check_read+0x11/0x20 [ 31.645761] ? do_raw_spin_unlock+0xa7/0x2f0 [ 31.650158] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.654559] ? initcall_blacklisted+0x9a/0x1e0 [ 31.659150] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 31.664286] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 31.670045] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.675596] ? do_vfs_ioctl+0x201/0x1720 [ 31.679661] ? rcu_is_watching+0x8c/0x150 [ 31.683827] ? trace_hardirqs_on+0xbd/0x2c0 [ 31.688149] ? ioctl_preallocate+0x300/0x300 [ 31.692548] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.698093] ? __fget_light+0x2f7/0x440 [ 31.702083] ? fget_raw+0x20/0x20 [ 31.705538] ? putname+0xf2/0x130 [ 31.708981] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.713983] ? kmem_cache_free+0x246/0x280 [ 31.718218] ? putname+0xf7/0x130 [ 31.721666] do_group_exit+0x177/0x440 [ 31.725548] ? trace_hardirqs_on+0xbd/0x2c0 [ 31.729865] ? __ia32_sys_exit+0x50/0x50 [ 31.733914] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.739021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.744554] ? ksys_ioctl+0x81/0xd0 [ 31.748196] __x64_sys_exit_group+0x3e/0x50 [ 31.752514] do_syscall_64+0x1b9/0x820 [ 31.756395] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 31.761754] ? syscall_return_slowpath+0x5e0/0x5e0 [ 31.766680] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.771517] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 31.776526] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 31.781533] ? prepare_exit_to_usermode+0x291/0x3b0 [ 31.786568] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.791437] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.796631] RIP: 0033:0x43ecc8 [ 31.799818] Code: Bad RIP value. [ 31.803178] RSP: 002b:00007ffcf03fe318 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 31.810887] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 31.818159] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 31.825451] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 31.832751] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 31.840013] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 31.847281] [ 31.848907] Allocated by task 4471: [ 31.852545] save_stack+0x43/0xd0 [ 31.855985] kasan_kmalloc+0xc4/0xe0 [ 31.859688] kasan_slab_alloc+0x12/0x20 [ 31.863648] kmem_cache_alloc+0x12e/0x710 [ 31.867781] vmx_create_vcpu+0xcf/0x2830 [ 31.871832] kvm_arch_vcpu_create+0xe5/0x220 [ 31.876242] kvm_vm_ioctl+0x488/0x1d80 [ 31.880120] do_vfs_ioctl+0x1de/0x1720 [ 31.883994] ksys_ioctl+0xa9/0xd0 [ 31.887444] __x64_sys_ioctl+0x73/0xb0 [ 31.891318] do_syscall_64+0x1b9/0x820 [ 31.895204] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.900382] [ 31.901994] Freed by task 4471: [ 31.905260] save_stack+0x43/0xd0 [ 31.908713] __kasan_slab_free+0x11a/0x170 [ 31.912968] kasan_slab_free+0xe/0x10 [ 31.916755] kmem_cache_free+0x86/0x280 [ 31.920718] vmx_free_vcpu+0x26b/0x300 [ 31.924593] kvm_arch_destroy_vm+0x365/0x7c0 [ 31.928991] kvm_put_kvm+0x73f/0x1060 [ 31.932803] kvm_vm_release+0x42/0x50 [ 31.936598] __fput+0x36e/0x8c0 [ 31.939873] ____fput+0x15/0x20 [ 31.943151] task_work_run+0x1e8/0x2a0 [ 31.947046] do_exit+0x1ae4/0x26e0 [ 31.950589] do_group_exit+0x177/0x440 [ 31.954492] __x64_sys_exit_group+0x3e/0x50 [ 31.958811] do_syscall_64+0x1b9/0x820 [ 31.962698] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.967868] [ 31.969497] The buggy address belongs to the object at ffff8801d9be0040 [ 31.969497] which belongs to the cache kvm_vcpu of size 23872 [ 31.982081] The buggy address is located 24 bytes inside of [ 31.982081] 23872-byte region [ffff8801d9be0040, ffff8801d9be5d80) [ 31.994043] The buggy address belongs to the page: [ 31.998999] page:ffffea000766f800 count:1 mapcount:0 mapping:ffff8801d56eadc0 index:0x0 compound_mapcount: 0 [ 32.008969] flags: 0x2fffc0000008100(slab|head) [ 32.013631] raw: 02fffc0000008100 ffff8801d56de448 ffff8801d56de448 ffff8801d56eadc0 [ 32.021508] raw: 0000000000000000 ffff8801d9be0040 0000000100000001 0000000000000000 [ 32.029386] page dumped because: kasan: bad access detected [ 32.035078] [ 32.036690] Memory state around the buggy address: [ 32.041609] ffff8801d9bdff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.048957] ffff8801d9bdff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.056307] >ffff8801d9be0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 32.063651] ^ [ 32.069877] ffff8801d9be0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.077270] ffff8801d9be0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.084625] ================================================================== [ 32.091982] Kernel panic - not syncing: panic_on_warn set ... [ 32.091982] [ 32.099353] CPU: 0 PID: 4471 Comm: syz-executor344 Tainted: G B 4.18.0+ #206 [ 32.107851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.117200] Call Trace: [ 32.119788] dump_stack+0x1c9/0x2b4 [ 32.123412] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.128601] ? lock_downgrade+0x8f0/0x8f0 [ 32.132741] ? __schedule+0xf54/0x1df0 [ 32.136619] panic+0x238/0x4e7 [ 32.139804] ? add_taint.cold.5+0x16/0x16 [ 32.143945] ? print_shadow_for_address+0xba/0x116 [ 32.148889] ? trace_hardirqs_off+0xaf/0x2b0 [ 32.153286] ? trace_hardirqs_off+0x77/0x2b0 [ 32.157699] ? __schedule+0xf54/0x1df0 [ 32.161579] kasan_end_report+0x47/0x4f [ 32.165549] kasan_report.cold.7+0x76/0x30d [ 32.169866] __asan_report_load8_noabort+0x14/0x20 [ 32.174790] __schedule+0xf54/0x1df0 [ 32.178499] ? __sched_text_start+0x8/0x8 [ 32.182651] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 32.187751] ? __call_srcu+0x7e7/0x1040 [ 32.191726] ? check_same_owner+0x340/0x340 [ 32.196050] ? mark_held_locks+0x160/0x160 [ 32.200300] ? find_held_lock+0x36/0x1c0 [ 32.204354] preempt_schedule_common+0x22/0x60 [ 32.208934] _cond_resched+0x1d/0x30 [ 32.212656] wait_for_completion+0xa5/0x8d0 [ 32.216978] ? wait_for_completion_interruptible+0x950/0x950 [ 32.222784] ? __lockdep_init_map+0x105/0x590 [ 32.227312] ? __init_waitqueue_head+0x9e/0x150 [ 32.231995] ? init_wait_entry+0x1c0/0x1c0 [ 32.236236] __synchronize_srcu+0x189/0x240 [ 32.240557] ? call_srcu+0x10/0x10 [ 32.244094] ? rcu_unexpedite_gp+0x20/0x20 [ 32.248327] synchronize_srcu+0x335/0x56f [ 32.252467] ? lock_downgrade+0x8f0/0x8f0 [ 32.256607] ? synchronize_srcu_expedited+0x20/0x20 [ 32.261619] ? kasan_check_read+0x11/0x20 [ 32.265760] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.270361] ? kasan_check_write+0x14/0x20 [ 32.274593] ? do_raw_spin_lock+0xc1/0x200 [ 32.278827] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.284551] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.289995] ? kvfree+0x61/0x70 [ 32.293279] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.298304] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.302361] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.306764] ? kvm_arch_sync_events+0x30/0x30 [ 32.311255] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.316791] ? mmu_notifier_unregister+0x474/0x600 [ 32.321735] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.326132] ? kfree+0x111/0x210 [ 32.329498] ? __mmu_notifier_register+0x30/0x30 [ 32.334253] ? __free_pages+0x10a/0x190 [ 32.338224] ? free_unref_page+0x930/0x930 [ 32.342461] kvm_put_kvm+0x73f/0x1060 [ 32.346265] ? kvm_write_guest_cached+0x40/0x40 [ 32.350936] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.355434] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.359927] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.364556] ? kasan_check_write+0x14/0x20 [ 32.368795] ? do_raw_spin_lock+0xc1/0x200 [ 32.373043] ? kvm_irqfd_release+0xdd/0x120 [ 32.377399] ? kvm_put_kvm+0x1060/0x1060 [ 32.381453] kvm_vm_release+0x42/0x50 [ 32.385247] __fput+0x36e/0x8c0 [ 32.388517] ? __alloc_file+0x400/0x400 [ 32.392492] ? check_same_owner+0x340/0x340 [ 32.396801] ? kasan_check_write+0x14/0x20 [ 32.401024] ? do_raw_spin_lock+0xc1/0x200 [ 32.405280] ____fput+0x15/0x20 [ 32.408551] task_work_run+0x1e8/0x2a0 [ 32.412443] ? task_work_cancel+0x240/0x240 [ 32.416767] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.422291] ? switch_task_namespaces+0xa2/0xd0 [ 32.427436] do_exit+0x1ae4/0x26e0 [ 32.430964] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.435631] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.439860] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.444890] ? kfree+0x1d7/0x210 [ 32.448243] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.452478] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.458180] ? is_bpf_text_address+0xd7/0x170 [ 32.462659] ? kernel_text_address+0x79/0xf0 [ 32.467062] ? __kernel_text_address+0xd/0x40 [ 32.471544] ? unwind_get_return_address+0x61/0xa0 [ 32.476472] ? __save_stack_trace+0x8d/0xf0 [ 32.480792] ? save_stack+0xa9/0xd0 [ 32.484406] ? save_stack+0x43/0xd0 [ 32.488025] ? __kasan_slab_free+0x11a/0x170 [ 32.492451] ? kasan_slab_free+0xe/0x10 [ 32.496417] ? putname+0xf2/0x130 [ 32.499875] ? __x64_sys_openat+0x9d/0x100 [ 32.504100] ? do_syscall_64+0x1b9/0x820 [ 32.508155] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.513512] ? trace_hardirqs_off+0xb8/0x2b0 [ 32.517909] ? kasan_check_read+0x11/0x20 [ 32.522053] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.526460] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.530867] ? initcall_blacklisted+0x9a/0x1e0 [ 32.535585] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.540691] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.546397] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.551932] ? do_vfs_ioctl+0x201/0x1720 [ 32.555985] ? rcu_is_watching+0x8c/0x150 [ 32.560133] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.564447] ? ioctl_preallocate+0x300/0x300 [ 32.568849] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.574379] ? __fget_light+0x2f7/0x440 [ 32.578346] ? fget_raw+0x20/0x20 [ 32.581791] ? putname+0xf2/0x130 [ 32.585250] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.590259] ? kmem_cache_free+0x246/0x280 [ 32.594498] ? putname+0xf7/0x130 [ 32.597948] do_group_exit+0x177/0x440 [ 32.601833] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.606147] ? __ia32_sys_exit+0x50/0x50 [ 32.610200] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.615303] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.620842] ? ksys_ioctl+0x81/0xd0 [ 32.624476] __x64_sys_exit_group+0x3e/0x50 [ 32.628789] do_syscall_64+0x1b9/0x820 [ 32.632847] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.638220] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.643139] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.647973] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 32.652980] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 32.657989] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.662998] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.667848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.673045] RIP: 0033:0x43ecc8 [ 32.676244] Code: Bad RIP value. [ 32.679595] RSP: 002b:00007ffcf03fe318 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.687298] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 32.694562] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.701823] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.709093] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 32.716355] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 32.723629] [ 32.723635] ====================================================== [ 32.723640] WARNING: possible circular locking dependency detected [ 32.723643] 4.18.0+ #206 Not tainted [ 32.723648] ------------------------------------------------------ [ 32.723653] syz-executor344/4471 is trying to acquire lock: [ 32.723656] 000000000c9752cc ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 32.723671] [ 32.723675] but task is already holding lock: [ 32.723678] 000000000abade9f (report_lock){....}, at: kasan_report+0x8e/0x110 [ 32.723691] [ 32.723696] which lock already depends on the new lock. [ 32.723698] [ 32.723700] [ 32.723705] the existing dependency chain (in reverse order) is: [ 32.723707] [ 32.723709] -> #3 (report_lock){....}: [ 32.723723] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.723727] kasan_report+0x8e/0x110 [ 32.723732] __asan_report_load8_noabort+0x14/0x20 [ 32.723735] __schedule+0xf54/0x1df0 [ 32.723739] preempt_schedule_common+0x22/0x60 [ 32.723743] _cond_resched+0x1d/0x30 [ 32.723747] wait_for_completion+0xa5/0x8d0 [ 32.723751] __synchronize_srcu+0x189/0x240 [ 32.723755] synchronize_srcu+0x335/0x56f [ 32.723760] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.723764] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.723768] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.723771] kvm_put_kvm+0x73f/0x1060 [ 32.723775] kvm_vm_release+0x42/0x50 [ 32.723778] __fput+0x36e/0x8c0 [ 32.723782] ____fput+0x15/0x20 [ 32.723785] task_work_run+0x1e8/0x2a0 [ 32.723789] do_exit+0x1ae4/0x26e0 [ 32.723793] do_group_exit+0x177/0x440 [ 32.723796] __x64_sys_exit_group+0x3e/0x50 [ 32.723800] do_syscall_64+0x1b9/0x820 [ 32.723805] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.723807] [ 32.723809] -> #2 (&rq->lock){-.-.}: [ 32.723822] _raw_spin_lock+0x2a/0x40 [ 32.723826] task_fork_fair+0x93/0x680 [ 32.723830] sched_fork+0x44b/0xbd0 [ 32.723833] copy_process+0x235e/0x7ad0 [ 32.723837] _do_fork+0x1ca/0x1170 [ 32.723841] kernel_thread+0x34/0x40 [ 32.723844] rest_init+0x22/0xe4 [ 32.723848] start_kernel+0x913/0x94e [ 32.723852] x86_64_start_reservations+0x29/0x2b [ 32.723856] x86_64_start_kernel+0x76/0x79 [ 32.723860] secondary_startup_64+0xa4/0xb0 [ 32.723862] [ 32.723864] -> #1 (&p->pi_lock){-.-.}: [ 32.723878] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.723882] try_to_wake_up+0xd2/0x1250 [ 32.723886] wake_up_process+0x10/0x20 [ 32.723889] __up.isra.1+0x1c0/0x2a0 [ 32.723892] up+0x13c/0x1c0 [ 32.723896] __up_console_sem+0xbe/0x1b0 [ 32.723900] console_unlock+0x506/0x10d0 [ 32.723904] vprintk_emit+0x33a/0x910 [ 32.723907] vprintk_default+0x28/0x30 [ 32.723911] vprintk_func+0x7a/0x117 [ 32.723914] printk+0xa7/0xcf [ 32.723918] load_umh+0x51/0xbd [ 32.723921] do_one_initcall+0x127/0x838 [ 32.723925] kernel_init_freeable+0x4bb/0x5ae [ 32.723929] kernel_init+0x11/0x1b3 [ 32.723933] ret_from_fork+0x3a/0x50 [ 32.723935] [ 32.723937] -> #0 ((console_sem).lock){-...}: [ 32.723951] lock_acquire+0x1e4/0x4f0 [ 32.723955] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.723959] down_trylock+0x13/0x70 [ 32.723963] __down_trylock_console_sem+0xae/0x200 [ 32.723967] console_trylock+0x15/0xa0 [ 32.723970] vprintk_emit+0x31f/0x910 [ 32.723974] vprintk_default+0x28/0x30 [ 32.723978] vprintk_func+0x7a/0x117 [ 32.723981] printk+0xa7/0xcf [ 32.723985] kasan_report+0x9e/0x110 [ 32.723989] __asan_report_load8_noabort+0x14/0x20 [ 32.723992] __schedule+0xf54/0x1df0 [ 32.723996] preempt_schedule_common+0x22/0x60 [ 32.724000] _cond_resched+0x1d/0x30 [ 32.724004] wait_for_completion+0xa5/0x8d0 [ 32.724008] __synchronize_srcu+0x189/0x240 [ 32.724012] synchronize_srcu+0x335/0x56f [ 32.724017] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.724021] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.724025] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.724028] kvm_put_kvm+0x73f/0x1060 [ 32.724040] kvm_vm_release+0x42/0x50 [ 32.724044] __fput+0x36e/0x8c0 [ 32.724047] ____fput+0x15/0x20 [ 32.724051] task_work_run+0x1e8/0x2a0 [ 32.724054] do_exit+0x1ae4/0x26e0 [ 32.724063] do_group_exit+0x177/0x440 [ 32.724068] __x64_sys_exit_group+0x3e/0x50 [ 32.724072] do_syscall_64+0x1b9/0x820 [ 32.724076] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.724078] [ 32.724083] other info that might help us debug this: [ 32.724085] [ 32.724088] Chain exists of: [ 32.724090] (console_sem).lock --> &rq->lock --> report_lock [ 32.724108] [ 32.724112] Possible unsafe locking scenario: [ 32.724114] [ 32.724118] CPU0 CPU1 [ 32.724122] ---- ---- [ 32.724124] lock(report_lock); [ 32.724133] lock(&rq->lock); [ 32.724142] lock(report_lock); [ 32.724150] lock((console_sem).lock); [ 32.724158] [ 32.724161] *** DEADLOCK *** [ 32.724163] [ 32.724167] 2 locks held by syz-executor344/4471: [ 32.724169] #0: 000000009f462573 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 32.724186] #1: 000000000abade9f (report_lock){....}, at: kasan_report+0x8e/0x110 [ 32.724202] [ 32.724205] stack backtrace: [ 32.724211] CPU: 0 PID: 4471 Comm: syz-executor344 Not tainted 4.18.0+ #206 [ 32.724218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.724221] Call Trace: [ 32.724224] dump_stack+0x1c9/0x2b4 [ 32.724229] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.724232] ? vprintk_func+0x100/0x117 [ 32.724237] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 32.724241] ? save_trace+0xe0/0x290 [ 32.724244] __lock_acquire+0x3449/0x5020 [ 32.724248] ? mark_held_locks+0x160/0x160 [ 32.724252] ? mark_held_locks+0x160/0x160 [ 32.724256] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 32.724260] ? is_bpf_text_address+0xd7/0x170 [ 32.724264] ? kernel_text_address+0x79/0xf0 [ 32.724268] ? __kernel_text_address+0xd/0x40 [ 32.724272] ? __save_stack_trace+0x8d/0xf0 [ 32.724277] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 32.724280] ? save_trace+0x290/0x290 [ 32.724284] ? save_stack_trace+0x1a/0x20 [ 32.724288] ? save_trace+0xe0/0x290 [ 32.724291] ? graph_lock+0x170/0x170 [ 32.724296] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.724300] lock_acquire+0x1e4/0x4f0 [ 32.724303] ? down_trylock+0x13/0x70 [ 32.724307] ? lock_release+0x9f0/0x9f0 [ 32.724311] ? trace_hardirqs_off+0xb8/0x2b0 [ 32.724315] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.724319] ? trace_hardirqs_off+0xb8/0x2b0 [ 32.724323] ? log_store+0x34f/0x4c0 [ 32.724326] ? vprintk_emit+0x31f/0x910 [ 32.724331] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.724334] ? down_trylock+0x13/0x70 [ 32.724338] down_trylock+0x13/0x70 [ 32.724342] __down_trylock_console_sem+0xae/0x200 [ 32.724346] console_trylock+0x15/0xa0 [ 32.724349] vprintk_emit+0x31f/0x910 [ 32.724353] ? wake_up_klogd+0x110/0x110 [ 32.724357] ? run_rebalance_domains+0x4c0/0x4c0 [ 32.724361] ? kasan_check_read+0x11/0x20 [ 32.724365] ? rcu_is_watching+0x8c/0x150 [ 32.724369] ? rcu_pm_notify+0xc0/0xc0 [ 32.724372] ? lock_acquire+0x1e4/0x4f0 [ 32.724376] ? kasan_report+0x8e/0x110 [ 32.724380] ? __schedule+0xf54/0x1df0 [ 32.724383] vprintk_default+0x28/0x30 [ 32.724387] vprintk_func+0x7a/0x117 [ 32.724390] printk+0xa7/0xcf [ 32.724395] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.724398] ? kasan_check_write+0x14/0x20 [ 32.724402] ? do_raw_spin_lock+0xc1/0x200 [ 32.724406] ? do_raw_spin_lock+0xc1/0x200 [ 32.724410] kasan_report+0x9e/0x110 [ 32.724414] __asan_report_load8_noabort+0x14/0x20 [ 32.724418] __schedule+0xf54/0x1df0 [ 32.724421] ? __sched_text_start+0x8/0x8 [ 32.724426] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 32.724430] ? __call_srcu+0x7e7/0x1040 [ 32.724433] ? check_same_owner+0x340/0x340 [ 32.724438] ? mark_held_locks+0x160/0x160 [ 32.724441] ? find_held_lock+0x36/0x1c0 [ 32.724445] preempt_schedule_common+0x22/0x60 [ 32.724449] _cond_resched+0x1d/0x30 [ 32.724453] wait_for_completion+0xa5/0x8d0 [ 32.724458] ? wait_for_completion_interruptible+0x950/0x950 [ 32.724462] ? __lockdep_init_map+0x105/0x590 [ 32.724466] ? __init_waitqueue_head+0x9e/0x150 [ 32.724470] ? init_wait_entry+0x1c0/0x1c0 [ 32.724474] __synchronize_srcu+0x189/0x240 [ 32.724477] ? call_srcu+0x10/0x10 [ 32.724481] ? rcu_unexpedite_gp+0x20/0x20 [ 32.724485] synchronize_srcu+0x335/0x56f [ 32.724489] ? lock_downgrade+0x8f0/0x8f0 [ 32.724493] ? synchronize_srcu_expedited+0x20/0x20 [ 32.724497] ? kasan_check_read+0x11/0x20 [ 32.724501] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.724505] ? kasan_check_write+0x14/0x20 [ 32.724509] ? do_raw_spin_lock+0xc1/0x200 [ 32.724514] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.724518] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.724522] ? kvfree+0x61/0x70 [ 32.724526] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.724530] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.724534] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.724538] ? kvm_arch_sync_events+0x30/0x30 [ 32.724543] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.724547] ? mmu_notifier_unregister+0x474/0x600 [ 32.724551] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.724554] ? kfree+0x111/0x210 [ 32.724559] ? __mmu_notifier_register+0x30/0x30 [ 32.724562] ? __free_pages+0x10a/0x190 [ 32.724565] ? free_unref_page+0x930/0x930 [ 32.724570] kvm_put_kvm+0x73f/0x1060 [ 32.724575] ? kvm_write_guest_cached+0x40/0x40 [ 32.724579] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.724583] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.724587] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.724590] ? kasan_check_write+0x14/0x20 [ 32.724594] ? do_raw_spin_lock+0xc1/0x200 [ 32.724598] ? kvm_irqfd_release+0xdd/0x120 [ 32.724602] ? kvm_put_kvm+0x1060/0x1060 [ 32.724606] kvm_vm_release+0x42/0x50 [ 32.724609] __fput+0x36e/0x8c0 [ 32.724613] ? __alloc_file+0x400/0x400 [ 32.724617] ? check_same_owner+0x340/0x340 [ 32.724621] ? kasan_check_write+0x14/0x20 [ 32.724625] ? do_raw_spin_lock+0xc1/0x200 [ 32.724628] ____fput+0x15/0x20 [ 32.724632] task_work_run+0x1e8/0x2a0 [ 32.724636] ? task_work_cancel+0x240/0x240 [ 32.724640] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.724644] ? switch_task_namespaces+0xa2/0xd0 [ 32.724648] do_exit+0x1ae4/0x26e0 [ 32.724652] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.724656] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.724660] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.724664] ? kfree+0x1d7/0x210 [ 32.724668] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.724672] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.724676] ? is_bpf_text_address+0xd7/0x170 [ 32.724680] ? kernel_text_address+0x79/0xf0 [ 32.724683] ? __kern [ 32.724690] Lost 54 message(s)! [ 33.834930] Shutting down cpus with NMI [ 34.893049] Dumping ftrace buffer: [ 34.896580] (ftrace buffer empty) [ 34.900266] Kernel Offset: disabled [ 34.903875] Rebooting in 86400 seconds..