[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.024645] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.820908] random: sshd: uninitialized urandom read (32 bytes read) [ 25.149379] random: sshd: uninitialized urandom read (32 bytes read) [ 25.746709] random: sshd: uninitialized urandom read (32 bytes read) [ 42.207664] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts. [ 47.796570] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 47.889113] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 47.910896] ================================================================== [ 47.919733] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 47.925944] Read of size 8 at addr ffff8801af608058 by task syz-executor987/4445 [ 47.933455] [ 47.935153] CPU: 0 PID: 4445 Comm: syz-executor987 Not tainted 4.18.0+ #203 [ 47.942240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.951574] Call Trace: [ 47.954152] dump_stack+0x1c9/0x2b4 [ 47.957763] ? dump_stack_print_info.cold.2+0x52/0x52 [ 47.962948] ? printk+0xa7/0xcf [ 47.966217] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 47.970966] ? __schedule+0xf54/0x1df0 [ 47.974848] print_address_description+0x6c/0x20b [ 47.979674] ? __schedule+0xf54/0x1df0 [ 47.983604] kasan_report.cold.7+0x242/0x30d [ 47.988156] __asan_report_load8_noabort+0x14/0x20 [ 47.993159] __schedule+0xf54/0x1df0 [ 47.996863] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 48.001952] ? __sched_text_start+0x8/0x8 [ 48.006084] ? __call_srcu+0x7e7/0x1040 [ 48.010044] ? check_same_owner+0x340/0x340 [ 48.014358] ? mark_held_locks+0x160/0x160 [ 48.018582] ? find_held_lock+0x36/0x1c0 [ 48.022635] preempt_schedule_common+0x22/0x60 [ 48.027209] _cond_resched+0x1d/0x30 [ 48.030952] wait_for_completion+0xa5/0x8d0 [ 48.035376] ? wait_for_completion_interruptible+0x950/0x950 [ 48.041214] ? __lockdep_init_map+0x105/0x590 [ 48.045705] ? __init_waitqueue_head+0x9e/0x150 [ 48.050403] ? init_wait_entry+0x1c0/0x1c0 [ 48.054637] __synchronize_srcu+0x189/0x240 [ 48.058943] ? call_srcu+0x10/0x10 [ 48.062466] ? rcu_unexpedite_gp+0x20/0x20 [ 48.066690] synchronize_srcu+0x335/0x56f [ 48.070820] ? lock_downgrade+0x8f0/0x8f0 [ 48.075035] ? synchronize_srcu_expedited+0x20/0x20 [ 48.080055] ? kasan_check_read+0x11/0x20 [ 48.084264] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 48.088877] ? kasan_check_write+0x14/0x20 [ 48.093105] ? do_raw_spin_lock+0xc1/0x200 [ 48.097329] kvm_page_track_unregister_notifier+0x17d/0x250 [ 48.103035] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 48.108474] ? kvfree+0x61/0x70 [ 48.111787] ? rcu_read_lock_sched_held+0x108/0x120 [ 48.116800] kvm_mmu_uninit_vm+0x1c/0x20 [ 48.120858] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 48.125249] ? kvm_arch_sync_events+0x30/0x30 [ 48.129737] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.135266] ? mmu_notifier_unregister+0x474/0x600 [ 48.140185] ? trace_hardirqs_on+0x2c0/0x2c0 [ 48.144625] ? kfree+0x111/0x210 [ 48.147984] ? __mmu_notifier_register+0x30/0x30 [ 48.152737] ? __free_pages+0x10a/0x190 [ 48.156703] ? free_unref_page+0x930/0x930 [ 48.160933] kvm_put_kvm+0x73f/0x1060 [ 48.164724] ? kvm_write_guest_cached+0x40/0x40 [ 48.169382] ? _raw_spin_unlock_irq+0x27/0x70 [ 48.173858] ? _raw_spin_unlock_irq+0x27/0x70 [ 48.178334] ? lockdep_hardirqs_on+0x421/0x5c0 [ 48.182943] ? kasan_check_write+0x14/0x20 [ 48.187255] ? do_raw_spin_lock+0xc1/0x200 [ 48.191479] ? kvm_irqfd_release+0xdd/0x120 [ 48.195784] ? kvm_put_kvm+0x1060/0x1060 [ 48.199828] kvm_vm_release+0x42/0x50 [ 48.203618] __fput+0x36e/0x8c0 [ 48.206881] ? __alloc_file+0x400/0x400 [ 48.210839] ? check_same_owner+0x340/0x340 [ 48.215232] ? kasan_check_write+0x14/0x20 [ 48.219542] ? do_raw_spin_lock+0xc1/0x200 [ 48.223760] ____fput+0x15/0x20 [ 48.227028] task_work_run+0x1e8/0x2a0 [ 48.230899] ? task_work_cancel+0x240/0x240 [ 48.235209] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.240735] ? switch_task_namespaces+0xa2/0xd0 [ 48.245390] do_exit+0x1ae4/0x26e0 [ 48.248914] ? mm_update_next_owner+0x9a0/0x9a0 [ 48.253566] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 48.257782] ? rcu_read_lock_sched_held+0x108/0x120 [ 48.262782] ? kfree+0x1d7/0x210 [ 48.266139] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 48.270362] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 48.276059] ? is_bpf_text_address+0xd7/0x170 [ 48.280534] ? kernel_text_address+0x79/0xf0 [ 48.284923] ? __kernel_text_address+0xd/0x40 [ 48.289400] ? unwind_get_return_address+0x61/0xa0 [ 48.294313] ? __save_stack_trace+0x8d/0xf0 [ 48.298618] ? save_stack+0xa9/0xd0 [ 48.302231] ? save_stack+0x43/0xd0 [ 48.305844] ? __kasan_slab_free+0x11a/0x170 [ 48.310281] ? kasan_slab_free+0xe/0x10 [ 48.314241] ? putname+0xf2/0x130 [ 48.317776] ? __x64_sys_openat+0x9d/0x100 [ 48.322014] ? do_syscall_64+0x1b9/0x820 [ 48.326063] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.331414] ? trace_hardirqs_off+0xb8/0x2b0 [ 48.335870] ? kasan_check_read+0x11/0x20 [ 48.340019] ? do_raw_spin_unlock+0xa7/0x2f0 [ 48.344416] ? trace_hardirqs_on+0x2c0/0x2c0 [ 48.348811] ? initcall_blacklisted+0x9a/0x1e0 [ 48.353383] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 48.358473] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 48.364225] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.369751] ? do_vfs_ioctl+0x201/0x1720 [ 48.373796] ? rcu_is_watching+0x8c/0x150 [ 48.377925] ? trace_hardirqs_on+0xbd/0x2c0 [ 48.382234] ? ioctl_preallocate+0x300/0x300 [ 48.386628] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.392146] ? __fget_light+0x2f7/0x440 [ 48.396148] ? fget_raw+0x20/0x20 [ 48.399587] ? putname+0xf2/0x130 [ 48.403025] ? rcu_read_lock_sched_held+0x108/0x120 [ 48.408025] ? kmem_cache_free+0x246/0x280 [ 48.412240] ? putname+0xf7/0x130 [ 48.415687] do_group_exit+0x177/0x440 [ 48.419559] ? trace_hardirqs_on+0xbd/0x2c0 [ 48.423862] ? __ia32_sys_exit+0x50/0x50 [ 48.427907] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 48.433009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.438531] ? ksys_ioctl+0x81/0xd0 [ 48.442142] __x64_sys_exit_group+0x3e/0x50 [ 48.446446] do_syscall_64+0x1b9/0x820 [ 48.450327] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 48.455676] ? syscall_return_slowpath+0x5e0/0x5e0 [ 48.460647] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.465538] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 48.470543] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 48.475547] ? prepare_exit_to_usermode+0x291/0x3b0 [ 48.480549] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.485381] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.490554] RIP: 0033:0x43ef08 [ 48.493796] Code: Bad RIP value. [ 48.497148] RSP: 002b:00007fff9ad705e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 48.504839] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 48.512093] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 48.519349] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 48.526644] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 48.533903] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 48.541259] [ 48.542874] Allocated by task 4445: [ 48.546491] save_stack+0x43/0xd0 [ 48.549924] kasan_kmalloc+0xc4/0xe0 [ 48.553626] kasan_slab_alloc+0x12/0x20 [ 48.557580] kmem_cache_alloc+0x12e/0x710 [ 48.561714] vmx_create_vcpu+0xcf/0x2830 [ 48.565757] kvm_arch_vcpu_create+0xe5/0x220 [ 48.570150] kvm_vm_ioctl+0x488/0x1d80 [ 48.574021] do_vfs_ioctl+0x1de/0x1720 [ 48.577889] ksys_ioctl+0xa9/0xd0 [ 48.581321] __x64_sys_ioctl+0x73/0xb0 [ 48.585248] do_syscall_64+0x1b9/0x820 [ 48.589125] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.594288] [ 48.595899] Freed by task 4445: [ 48.599158] save_stack+0x43/0xd0 [ 48.602589] __kasan_slab_free+0x11a/0x170 [ 48.606808] kasan_slab_free+0xe/0x10 [ 48.610599] kmem_cache_free+0x86/0x280 [ 48.614555] vmx_free_vcpu+0x26b/0x300 [ 48.618425] kvm_arch_destroy_vm+0x365/0x7c0 [ 48.622810] kvm_put_kvm+0x73f/0x1060 [ 48.626593] kvm_vm_release+0x42/0x50 [ 48.630376] __fput+0x36e/0x8c0 [ 48.633638] ____fput+0x15/0x20 [ 48.636924] task_work_run+0x1e8/0x2a0 [ 48.640800] do_exit+0x1ae4/0x26e0 [ 48.644322] do_group_exit+0x177/0x440 [ 48.648187] __x64_sys_exit_group+0x3e/0x50 [ 48.652495] do_syscall_64+0x1b9/0x820 [ 48.656367] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.661530] [ 48.663138] The buggy address belongs to the object at ffff8801af608040 [ 48.663138] which belongs to the cache kvm_vcpu of size 23872 [ 48.675704] The buggy address is located 24 bytes inside of [ 48.675704] 23872-byte region [ffff8801af608040, ffff8801af60dd80) [ 48.687694] The buggy address belongs to the page: [ 48.692715] page:ffffea0006bd8200 count:1 mapcount:0 mapping:ffff8801d87e8040 index:0x0 compound_mapcount: 0 [ 48.702665] flags: 0x2fffc0000008100(slab|head) [ 48.707317] raw: 02fffc0000008100 ffff8801d5707348 ffff8801d5707348 ffff8801d87e8040 [ 48.715192] raw: 0000000000000000 ffff8801af608040 0000000100000001 0000000000000000 [ 48.723054] page dumped because: kasan: bad access detected [ 48.728860] [ 48.730470] Memory state around the buggy address: [ 48.735382] ffff8801af607f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.742733] ffff8801af607f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.750963] >ffff8801af608000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 48.758324] ^ [ 48.764553] ffff8801af608080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.771912] ffff8801af608100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.779262] ================================================================== [ 48.786611] Kernel panic - not syncing: panic_on_warn set ... [ 48.786611] [ 48.793982] CPU: 0 PID: 4445 Comm: syz-executor987 Tainted: G B 4.18.0+ #203 [ 48.802489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.811842] Call Trace: [ 48.814435] dump_stack+0x1c9/0x2b4 [ 48.818068] ? dump_stack_print_info.cold.2+0x52/0x52 [ 48.823255] ? lock_downgrade+0x8f0/0x8f0 [ 48.827399] ? __schedule+0xf54/0x1df0 [ 48.831281] panic+0x238/0x4e7 [ 48.834470] ? add_taint.cold.5+0x16/0x16 [ 48.838621] ? print_shadow_for_address+0xba/0x116 [ 48.843550] ? trace_hardirqs_off+0xaf/0x2b0 [ 48.847953] ? trace_hardirqs_off+0x77/0x2b0 [ 48.852356] ? __schedule+0xf54/0x1df0 [ 48.856244] kasan_end_report+0x47/0x4f [ 48.860242] kasan_report.cold.7+0x76/0x30d [ 48.864587] __asan_report_load8_noabort+0x14/0x20 [ 48.869512] __schedule+0xf54/0x1df0 [ 48.873230] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 48.878332] ? __sched_text_start+0x8/0x8 [ 48.882477] ? __call_srcu+0x7e7/0x1040 [ 48.886454] ? check_same_owner+0x340/0x340 [ 48.890768] ? mark_held_locks+0x160/0x160 [ 48.895006] ? find_held_lock+0x36/0x1c0 [ 48.899072] preempt_schedule_common+0x22/0x60 [ 48.903650] _cond_resched+0x1d/0x30 [ 48.907359] wait_for_completion+0xa5/0x8d0 [ 48.911678] ? wait_for_completion_interruptible+0x950/0x950 [ 48.917475] ? __lockdep_init_map+0x105/0x590 [ 48.921970] ? __init_waitqueue_head+0x9e/0x150 [ 48.926643] ? init_wait_entry+0x1c0/0x1c0 [ 48.930879] __synchronize_srcu+0x189/0x240 [ 48.935198] ? call_srcu+0x10/0x10 [ 48.938736] ? rcu_unexpedite_gp+0x20/0x20 [ 48.942971] synchronize_srcu+0x335/0x56f [ 48.947120] ? lock_downgrade+0x8f0/0x8f0 [ 48.951263] ? synchronize_srcu_expedited+0x20/0x20 [ 48.956275] ? kasan_check_read+0x11/0x20 [ 48.960421] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 48.965007] ? kasan_check_write+0x14/0x20 [ 48.969237] ? do_raw_spin_lock+0xc1/0x200 [ 48.973474] kvm_page_track_unregister_notifier+0x17d/0x250 [ 48.979179] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 48.984623] ? kvfree+0x61/0x70 [ 48.987920] ? rcu_read_lock_sched_held+0x108/0x120 [ 48.993031] kvm_mmu_uninit_vm+0x1c/0x20 [ 48.997087] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 49.001755] ? kvm_arch_sync_events+0x30/0x30 [ 49.006253] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 49.017433] ? mmu_notifier_unregister+0x474/0x600 [ 49.022358] ? trace_hardirqs_on+0x2c0/0x2c0 [ 49.026761] ? kfree+0x111/0x210 [ 49.030126] ? __mmu_notifier_register+0x30/0x30 [ 49.034880] ? __free_pages+0x10a/0x190 [ 49.038850] ? free_unref_page+0x930/0x930 [ 49.043089] kvm_put_kvm+0x73f/0x1060 [ 49.046890] ? kvm_write_guest_cached+0x40/0x40 [ 49.051562] ? _raw_spin_unlock_irq+0x27/0x70 [ 49.056052] ? _raw_spin_unlock_irq+0x27/0x70 [ 49.060548] ? lockdep_hardirqs_on+0x421/0x5c0 [ 49.065132] ? kasan_check_write+0x14/0x20 [ 49.069363] ? do_raw_spin_lock+0xc1/0x200 [ 49.073601] ? kvm_irqfd_release+0xdd/0x120 [ 49.077932] ? kvm_put_kvm+0x1060/0x1060 [ 49.081990] kvm_vm_release+0x42/0x50 [ 49.085797] __fput+0x36e/0x8c0 [ 49.089074] ? __alloc_file+0x400/0x400 [ 49.093046] ? check_same_owner+0x340/0x340 [ 49.097374] ? kasan_check_write+0x14/0x20 [ 49.101611] ? do_raw_spin_lock+0xc1/0x200 [ 49.105839] ____fput+0x15/0x20 [ 49.109116] task_work_run+0x1e8/0x2a0 [ 49.113088] ? task_work_cancel+0x240/0x240 [ 49.117408] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 49.122939] ? switch_task_namespaces+0xa2/0xd0 [ 49.127607] do_exit+0x1ae4/0x26e0 [ 49.131149] ? mm_update_next_owner+0x9a0/0x9a0 [ 49.135825] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 49.140062] ? rcu_read_lock_sched_held+0x108/0x120 [ 49.145075] ? kfree+0x1d7/0x210 [ 49.148438] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 49.152672] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 49.158406] ? is_bpf_text_address+0xd7/0x170 [ 49.162900] ? kernel_text_address+0x79/0xf0 [ 49.167308] ? __kernel_text_address+0xd/0x40 [ 49.171805] ? unwind_get_return_address+0x61/0xa0 [ 49.176733] ? __save_stack_trace+0x8d/0xf0 [ 49.181056] ? save_stack+0xa9/0xd0 [ 49.184680] ? save_stack+0x43/0xd0 [ 49.188316] ? __kasan_slab_free+0x11a/0x170 [ 49.192719] ? kasan_slab_free+0xe/0x10 [ 49.196689] ? putname+0xf2/0x130 [ 49.200142] ? __x64_sys_openat+0x9d/0x100 [ 49.204374] ? do_syscall_64+0x1b9/0x820 [ 49.208435] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.213807] ? trace_hardirqs_off+0xb8/0x2b0 [ 49.218209] ? kasan_check_read+0x11/0x20 [ 49.222353] ? do_raw_spin_unlock+0xa7/0x2f0 [ 49.226756] ? trace_hardirqs_on+0x2c0/0x2c0 [ 49.231165] ? initcall_blacklisted+0x9a/0x1e0 [ 49.235747] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 49.240852] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 49.246567] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.252102] ? do_vfs_ioctl+0x201/0x1720 [ 49.256158] ? rcu_is_watching+0x8c/0x150 [ 49.260298] ? trace_hardirqs_on+0xbd/0x2c0 [ 49.264617] ? ioctl_preallocate+0x300/0x300 [ 49.269032] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.274565] ? __fget_light+0x2f7/0x440 [ 49.278540] ? fget_raw+0x20/0x20 [ 49.281985] ? putname+0xf2/0x130 [ 49.285450] ? rcu_read_lock_sched_held+0x108/0x120 [ 49.290483] ? kmem_cache_free+0x246/0x280 [ 49.294714] ? putname+0xf7/0x130 [ 49.298170] do_group_exit+0x177/0x440 [ 49.302055] ? trace_hardirqs_on+0xbd/0x2c0 [ 49.306374] ? __ia32_sys_exit+0x50/0x50 [ 49.310430] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 49.315537] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.321074] ? ksys_ioctl+0x81/0xd0 [ 49.324701] __x64_sys_exit_group+0x3e/0x50 [ 49.329027] do_syscall_64+0x1b9/0x820 [ 49.332914] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 49.338277] ? syscall_return_slowpath+0x5e0/0x5e0 [ 49.343203] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.348045] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 49.353058] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 49.358076] ? prepare_exit_to_usermode+0x291/0x3b0 [ 49.363094] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.367937] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.373120] RIP: 0033:0x43ef08 [ 49.376329] Code: Bad RIP value. [ 49.379686] RSP: 002b:00007fff9ad705e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 49.387389] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 49.394653] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 49.401936] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 49.409198] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 49.416459] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 49.423729] [ 49.423734] ====================================================== [ 49.423739] WARNING: possible circular locking dependency detected [ 49.423743] 4.18.0+ #203 Not tainted [ 49.423748] ------------------------------------------------------ [ 49.423752] syz-executor987/4445 is trying to acquire lock: [ 49.423755] 00000000e1b98405 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 49.423770] [ 49.423774] but task is already holding lock: [ 49.423777] 00000000e342ac86 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 49.423791] [ 49.423795] which lock already depends on the new lock. [ 49.423797] [ 49.423800] [ 49.423804] the existing dependency chain (in reverse order) is: [ 49.423807] [ 49.423809] -> #3 (report_lock){....}: [ 49.423823] _raw_spin_lock_irqsave+0x96/0xc0 [ 49.423827] kasan_report+0x8e/0x110 [ 49.423831] __asan_report_load8_noabort+0x14/0x20 [ 49.423835] __schedule+0xf54/0x1df0 [ 49.423839] preempt_schedule_common+0x22/0x60 [ 49.423842] _cond_resched+0x1d/0x30 [ 49.423846] wait_for_completion+0xa5/0x8d0 [ 49.423850] __synchronize_srcu+0x189/0x240 [ 49.423864] synchronize_srcu+0x335/0x56f [ 49.423869] kvm_page_track_unregister_notifier+0x17d/0x250 [ 49.423873] kvm_mmu_uninit_vm+0x1c/0x20 [ 49.423877] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 49.423881] kvm_put_kvm+0x73f/0x1060 [ 49.423884] kvm_vm_release+0x42/0x50 [ 49.423888] __fput+0x36e/0x8c0 [ 49.423891] ____fput+0x15/0x20 [ 49.423895] task_work_run+0x1e8/0x2a0 [ 49.423899] do_exit+0x1ae4/0x26e0 [ 49.423902] do_group_exit+0x177/0x440 [ 49.423906] __x64_sys_exit_group+0x3e/0x50 [ 49.423910] do_syscall_64+0x1b9/0x820 [ 49.423915] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.423917] [ 49.423919] -> #2 (&rq->lock){-.-.}: [ 49.423933] _raw_spin_lock+0x2a/0x40 [ 49.423936] task_fork_fair+0x93/0x680 [ 49.423940] sched_fork+0x44b/0xbd0 [ 49.423944] copy_process+0x235e/0x7ad0 [ 49.423947] _do_fork+0x1ca/0x1170 [ 49.423951] kernel_thread+0x34/0x40 [ 49.423954] rest_init+0x22/0xe4 [ 49.423958] start_kernel+0x913/0x94e [ 49.423962] x86_64_start_reservations+0x29/0x2b [ 49.423966] x86_64_start_kernel+0x76/0x79 [ 49.423970] secondary_startup_64+0xa4/0xb0 [ 49.423972] [ 49.423974] -> #1 (&p->pi_lock){-.-.}: [ 49.423988] _raw_spin_lock_irqsave+0x96/0xc0 [ 49.424000] try_to_wake_up+0xd2/0x1250 [ 49.424004] wake_up_process+0x10/0x20 [ 49.424008] __up.isra.1+0x1c0/0x2a0 [ 49.424011] up+0x13c/0x1c0 [ 49.424015] __up_console_sem+0xbe/0x1b0 [ 49.424019] console_unlock+0x506/0x10d0 [ 49.424023] vprintk_emit+0x33a/0x910 [ 49.424026] vprintk_default+0x28/0x30 [ 49.424030] vprintk_func+0x7a/0x117 [ 49.424033] printk+0xa7/0xcf [ 49.424037] load_umh+0x51/0xbd [ 49.424041] do_one_initcall+0x127/0x838 [ 49.424045] kernel_init_freeable+0x4bb/0x5ae [ 49.424049] kernel_init+0x11/0x1b3 [ 49.424053] ret_from_fork+0x3a/0x50 [ 49.424055] [ 49.424057] -> #0 ((console_sem).lock){-...}: [ 49.424071] lock_acquire+0x1e4/0x4f0 [ 49.424075] _raw_spin_lock_irqsave+0x96/0xc0 [ 49.424079] down_trylock+0x13/0x70 [ 49.424083] __down_trylock_console_sem+0xae/0x200 [ 49.424087] console_trylock+0x15/0xa0 [ 49.424091] vprintk_emit+0x31f/0x910 [ 49.424094] vprintk_default+0x28/0x30 [ 49.424098] vprintk_func+0x7a/0x117 [ 49.424101] printk+0xa7/0xcf [ 49.424105] kasan_report+0x9e/0x110 [ 49.424109] __asan_report_load8_noabort+0x14/0x20 [ 49.424113] __schedule+0xf54/0x1df0 [ 49.424117] preempt_schedule_common+0x22/0x60 [ 49.424121] _cond_resched+0x1d/0x30 [ 49.424125] wait_for_completion+0xa5/0x8d0 [ 49.424129] __synchronize_srcu+0x189/0x240 [ 49.424133] synchronize_srcu+0x335/0x56f [ 49.424137] kvm_page_track_unregister_notifier+0x17d/0x250 [ 49.424141] kvm_mmu_uninit_vm+0x1c/0x20 [ 49.424145] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 49.424149] kvm_put_kvm+0x73f/0x1060 [ 49.424152] kvm_vm_release+0x42/0x50 [ 49.424156] __fput+0x36e/0x8c0 [ 49.424159] ____fput+0x15/0x20 [ 49.424163] task_work_run+0x1e8/0x2a0 [ 49.424167] do_exit+0x1ae4/0x26e0 [ 49.424170] do_group_exit+0x177/0x440 [ 49.424174] __x64_sys_exit_group+0x3e/0x50 [ 49.424178] do_syscall_64+0x1b9/0x820 [ 49.424182] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.424185] [ 49.424189] other info that might help us debug this: [ 49.424191] [ 49.424194] Chain exists of: [ 49.424196] (console_sem).lock --> &rq->lock --> report_lock [ 49.424214] [ 49.424217] Possible unsafe locking scenario: [ 49.424220] [ 49.424223] CPU0 CPU1 [ 49.424227] ---- ---- [ 49.424229] lock(report_lock); [ 49.424238] lock(&rq->lock); [ 49.424247] lock(report_lock); [ 49.424255] lock((console_sem).lock); [ 49.424263] [ 49.424266] *** DEADLOCK *** [ 49.424268] [ 49.424272] 2 locks held by syz-executor987/4445: [ 49.424274] #0: 00000000c6229e84 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 49.424290] #1: 00000000e342ac86 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 49.424307] [ 49.424310] stack backtrace: [ 49.424315] CPU: 0 PID: 4445 Comm: syz-executor987 Not tainted 4.18.0+ #203 [ 49.424322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.424325] Call Trace: [ 49.424328] dump_stack+0x1c9/0x2b4 [ 49.424333] ? dump_stack_print_info.cold.2+0x52/0x52 [ 49.424336] ? vprintk_func+0x100/0x117 [ 49.424341] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 49.424345] ? save_trace+0xe0/0x290 [ 49.424348] __lock_acquire+0x3449/0x5020 [ 49.424352] ? mark_held_locks+0x160/0x160 [ 49.424356] ? mark_held_locks+0x160/0x160 [ 49.424360] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 49.424364] ? is_bpf_text_address+0xd7/0x170 [ 49.424368] ? kernel_text_address+0x79/0xf0 [ 49.424372] ? __kernel_text_address+0xd/0x40 [ 49.424376] ? __save_stack_trace+0x8d/0xf0 [ 49.424380] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 49.424384] ? save_trace+0x290/0x290 [ 49.424388] ? save_stack_trace+0x1a/0x20 [ 49.424391] ? save_trace+0xe0/0x290 [ 49.424395] ? graph_lock+0x170/0x170 [ 49.424400] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 49.424403] lock_acquire+0x1e4/0x4f0 [ 49.424407] ? down_trylock+0x13/0x70 [ 49.424410] ? lock_release+0x9f0/0x9f0 [ 49.424415] ? trace_hardirqs_off+0xb8/0x2b0 [ 49.424418] ? trace_hardirqs_on+0x2c0/0x2c0 [ 49.424422] ? trace_hardirqs_off+0xb8/0x2b0 [ 49.424426] ? log_store+0x34f/0x4c0 [ 49.424430] ? vprintk_emit+0x31f/0x910 [ 49.424434] _raw_spin_lock_irqsave+0x96/0xc0 [ 49.424437] ? down_trylock+0x13/0x70 [ 49.424441] down_trylock+0x13/0x70 [ 49.424445] __down_trylock_console_sem+0xae/0x200 [ 49.424449] console_trylock+0x15/0xa0 [ 49.424452] vprintk_emit+0x31f/0x910 [ 49.424456] ? wake_up_klogd+0x110/0x110 [ 49.424460] ? run_rebalance_domains+0x4c0/0x4c0 [ 49.424464] ? kasan_check_read+0x11/0x20 [ 49.424468] ? rcu_is_watching+0x8c/0x150 [ 49.424471] ? rcu_pm_notify+0xc0/0xc0 [ 49.424475] ? lock_acquire+0x1e4/0x4f0 [ 49.424479] ? kasan_report+0x8e/0x110 [ 49.424482] ? __schedule+0xf54/0x1df0 [ 49.424486] vprintk_default+0x28/0x30 [ 49.424490] vprintk_func+0x7a/0x117 [ 49.424493] printk+0xa7/0xcf [ 49.424497] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 49.424501] ? kasan_check_write+0x14/0x20 [ 49.424505] ? do_raw_spin_lock+0xc1/0x200 [ 49.424509] ? do_raw_spin_lock+0xc1/0x200 [ 49.424512] kasan_report+0x9e/0x110 [ 49.424516] __asan_report_load8_noabort+0x14/0x20 [ 49.424520] __schedule+0xf54/0x1df0 [ 49.424524] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 49.424528] ? __sched_text_start+0x8/0x8 [ 49.424532] ? __call_srcu+0x7e7/0x1040 [ 49.424542] ? check_same_owner+0x340/0x340 [ 49.424546] ? mark_held_locks+0x160/0x160 [ 49.424549] ? find_held_lock+0x36/0x1c0 [ 49.424553] preempt_schedule_common+0x22/0x60 [ 49.424557] _cond_resched+0x1d/0x30 [ 49.424561] wait_for_completion+0xa5/0x8d0 [ 49.424566] ? wait_for_completion_interruptible+0x950/0x950 [ 49.424570] ? __lockdep_init_map+0x105/0x590 [ 49.424574] ? __init_waitqueue_head+0x9e/0x150 [ 49.424578] ? init_wait_entry+0x1c0/0x1c0 [ 49.424582] __synchronize_srcu+0x189/0x240 [ 49.424585] ? call_srcu+0x10/0x10 [ 49.424589] ? rcu_unexpedite_gp+0x20/0x20 [ 49.424593] synchronize_srcu+0x335/0x56f [ 49.424597] ? lock_downgrade+0x8f0/0x8f0 [ 49.424601] ? synchronize_srcu_expedited+0x20/0x20 [ 49.424605] ? kasan_check_read+0x11/0x20 [ 49.424609] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 49.424613] ? kasan_check_write+0x14/0x20 [ 49.424617] ? do_raw_spin_lock+0xc1/0x200 [ 49.424622] kvm_page_track_unregister_notifier+0x17d/0x250 [ 49.424626] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 49.424630] ? kvfree+0x61/0x70 [ 49.424634] ? rcu_read_lock_sched_held+0x108/0x120 [ 49.424638] kvm_mmu_uninit_vm+0x1c/0x20 [ 49.424642] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 49.424646] ? kvm_arch_sync_events+0x30/0x30 [ 49.424651] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 49.424655] ? mmu_notifier_unregister+0x474/0x600 [ 49.424659] ? trace_hardirqs_on+0x2c0/0x2c0 [ 49.424663] ? kfree+0x111/0x210 [ 49.424667] ? __mmu_notifier_register+0x30/0x30 [ 49.424671] ? __free_pages+0x10a/0x190 [ 49.424674] ? free_unref_page+0x930/0x930 [ 49.424678] kvm_put_kvm+0x73f/0x1060 [ 49.424682] ? kvm_write_guest_cached+0x40/0x40 [ 49.424686] ? _raw_spin_unlock_irq+0x27/0x70 [ 49.424690] ? _raw_spin_unlock_irq+0x27/0x70 [ 49.424694] ? lockdep_hardirqs_on+0x421/0x5c0 [ 49.424698] ? kasan_check_write+0x14/0x20 [ 49.424702] ? do_raw_spin_lock+0xc1/0x200 [ 49.424706] ? kvm_irqfd_release+0xdd/0x120 [ 49.424710] ? kvm_put_kvm+0x1060/0x1060 [ 49.424714] kvm_vm_release+0x42/0x50 [ 49.424717] __fput+0x36e/0x8c0 [ 49.424721] ? __alloc_file+0x400/0x400 [ 49.424725] ? check_same_owner+0x340/0x340 [ 49.424729] ? kasan_check_write+0x14/0x20 [ 49.424732] ? do_raw_spin_lock+0xc1/0x200 [ 49.424736] ____fput+0x15/0x20 [ 49.424739] task_work_run+0x1e8/0x2a0 [ 49.424743] ? task_work_cancel+0x240/0x240 [ 49.424748] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 49.424752] ? switch_task_namespaces+0xa2/0xd0 [ 49.424756] do_exit+0x1ae4/0x26e0 [ 49.424760] ? mm_update_next_owner+0x9a0/0x9a0 [ 49.424764] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 49.424768] ? rcu_read_lock_sched_held+0x108/0x120 [ 49.424771] ? kfree+0x1d7/0x210 [ 49.424775] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 49.424780] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 49.424784] ? is_bpf_text_address+0xd7/0x170 [ 49.424788] ? kernel_text_address+0x79/0xf0 [ 49.424791] ? __kern [ 49.424797] Lost 54 message(s)! [ 50.518023] Shutting down cpus with NMI [ 51.577994] Dumping ftrace buffer: [ 51.581522] (ftrace buffer empty) [ 51.585210] Kernel Offset: disabled [ 51.588816] Rebooting in 86400 seconds..