[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.660686] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.315840] random: sshd: uninitialized urandom read (32 bytes read) [ 27.704284] random: sshd: uninitialized urandom read (32 bytes read) [ 28.220367] random: sshd: uninitialized urandom read (32 bytes read) [ 28.393575] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. [ 33.902714] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.004725] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.030934] ================================================================== [ 34.041026] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 34.047252] Read of size 8 at addr ffff8801b08a8058 by task syz-executor734/4470 [ 34.054772] [ 34.056398] CPU: 0 PID: 4470 Comm: syz-executor734 Not tainted 4.18.0+ #209 [ 34.063497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.072837] Call Trace: [ 34.075428] dump_stack+0x1c9/0x2b4 [ 34.079051] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.084241] ? printk+0xa7/0xcf [ 34.087517] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.092271] ? __schedule+0xf54/0x1df0 [ 34.096156] print_address_description+0x6c/0x20b [ 34.101021] ? __schedule+0xf54/0x1df0 [ 34.104906] kasan_report.cold.7+0x242/0x30d [ 34.109314] __asan_report_load8_noabort+0x14/0x20 [ 34.114244] __schedule+0xf54/0x1df0 [ 34.117954] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.123054] ? __sched_text_start+0x8/0x8 [ 34.127233] ? __call_srcu+0x7e7/0x1040 [ 34.131224] ? check_same_owner+0x340/0x340 [ 34.135552] ? mark_held_locks+0x160/0x160 [ 34.139783] ? find_held_lock+0x36/0x1c0 [ 34.143850] preempt_schedule_common+0x22/0x60 [ 34.148430] _cond_resched+0x1d/0x30 [ 34.152148] wait_for_completion+0xa5/0x8d0 [ 34.156480] ? wait_for_completion_interruptible+0x950/0x950 [ 34.162301] ? __lockdep_init_map+0x105/0x590 [ 34.166800] ? __init_waitqueue_head+0x9e/0x150 [ 34.171468] ? init_wait_entry+0x1c0/0x1c0 [ 34.175704] __synchronize_srcu+0x189/0x240 [ 34.180022] ? call_srcu+0x10/0x10 [ 34.183563] ? rcu_unexpedite_gp+0x20/0x20 [ 34.187800] synchronize_srcu+0x335/0x56f [ 34.191948] ? lock_downgrade+0x8f0/0x8f0 [ 34.196092] ? synchronize_srcu_expedited+0x20/0x20 [ 34.201108] ? kasan_check_read+0x11/0x20 [ 34.205256] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.209838] ? kasan_check_write+0x14/0x20 [ 34.214078] ? do_raw_spin_lock+0xc1/0x200 [ 34.218310] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.224014] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.229478] ? kvfree+0x61/0x70 [ 34.232757] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.237770] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.241828] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.246234] ? kvm_arch_sync_events+0x30/0x30 [ 34.250731] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.256270] ? mmu_notifier_unregister+0x474/0x600 [ 34.261202] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.265607] ? kfree+0x111/0x210 [ 34.268982] ? __mmu_notifier_register+0x30/0x30 [ 34.273735] ? __free_pages+0x10a/0x190 [ 34.277707] ? free_unref_page+0x930/0x930 [ 34.281944] kvm_put_kvm+0x73f/0x1060 [ 34.285747] ? kvm_write_guest_cached+0x40/0x40 [ 34.290418] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.294911] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.299406] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.303986] ? kasan_check_write+0x14/0x20 [ 34.308223] ? do_raw_spin_lock+0xc1/0x200 [ 34.312455] ? kvm_irqfd_release+0xdd/0x120 [ 34.316772] ? kvm_irqfd_release+0xdd/0x120 [ 34.321091] ? kvm_put_kvm+0x1060/0x1060 [ 34.325147] kvm_vm_release+0x42/0x50 [ 34.328948] __fput+0x36e/0x8c0 [ 34.332224] ? __alloc_file+0x400/0x400 [ 34.336200] ? check_same_owner+0x340/0x340 [ 34.340520] ? kasan_check_write+0x14/0x20 [ 34.344752] ? do_raw_spin_lock+0xc1/0x200 [ 34.348979] ____fput+0x15/0x20 [ 34.352259] task_work_run+0x1e8/0x2a0 [ 34.356141] ? task_work_cancel+0x240/0x240 [ 34.360508] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.366052] ? switch_task_namespaces+0xa2/0xd0 [ 34.370736] do_exit+0x1ae4/0x26e0 [ 34.374274] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.378946] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.383198] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.388214] ? kfree+0x1d7/0x210 [ 34.391578] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.395811] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.401521] ? is_bpf_text_address+0xd7/0x170 [ 34.406009] ? kernel_text_address+0x79/0xf0 [ 34.410410] ? __kernel_text_address+0xd/0x40 [ 34.414904] ? unwind_get_return_address+0x61/0xa0 [ 34.419830] ? __save_stack_trace+0x8d/0xf0 [ 34.424152] ? save_stack+0xa9/0xd0 [ 34.427791] ? save_stack+0x43/0xd0 [ 34.431416] ? __kasan_slab_free+0x11a/0x170 [ 34.435816] ? kasan_slab_free+0xe/0x10 [ 34.439787] ? putname+0xf2/0x130 [ 34.443239] ? __x64_sys_openat+0x9d/0x100 [ 34.447468] ? do_syscall_64+0x1b9/0x820 [ 34.451530] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.456892] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.461297] ? kasan_check_read+0x11/0x20 [ 34.465443] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.469847] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.474251] ? initcall_blacklisted+0x9a/0x1e0 [ 34.478834] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.483936] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.489652] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.495193] ? do_vfs_ioctl+0x201/0x1720 [ 34.499290] ? rcu_is_watching+0x8c/0x150 [ 34.503437] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.507754] ? ioctl_preallocate+0x300/0x300 [ 34.512162] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.518025] ? __fget_light+0x2f7/0x440 [ 34.522004] ? fget_raw+0x20/0x20 [ 34.525450] ? putname+0xf2/0x130 [ 34.529214] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.534228] ? kmem_cache_free+0x246/0x280 [ 34.538458] ? putname+0xf7/0x130 [ 34.541922] do_group_exit+0x177/0x440 [ 34.545809] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.550139] ? __ia32_sys_exit+0x50/0x50 [ 34.554204] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.559306] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.564836] ? ksys_ioctl+0x81/0xd0 [ 34.568460] __x64_sys_exit_group+0x3e/0x50 [ 34.572781] do_syscall_64+0x1b9/0x820 [ 34.576678] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.582038] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.586963] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.591802] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.596832] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.601848] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.606695] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.611882] RIP: 0033:0x43ecc8 [ 34.615070] Code: Bad RIP value. [ 34.618442] RSP: 002b:00007ffc0e85ee08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.626145] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 34.633406] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.641024] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.648282] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.655544] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.662813] [ 34.664435] Allocated by task 4470: [ 34.668070] save_stack+0x43/0xd0 [ 34.671521] kasan_kmalloc+0xc4/0xe0 [ 34.675228] kasan_slab_alloc+0x12/0x20 [ 34.679206] kmem_cache_alloc+0x12e/0x710 [ 34.683351] vmx_create_vcpu+0xcf/0x2830 [ 34.687408] kvm_arch_vcpu_create+0xe5/0x220 [ 34.691807] kvm_vm_ioctl+0x488/0x1d80 [ 34.695675] do_vfs_ioctl+0x1de/0x1720 [ 34.699543] ksys_ioctl+0xa9/0xd0 [ 34.702973] __x64_sys_ioctl+0x73/0xb0 [ 34.706839] do_syscall_64+0x1b9/0x820 [ 34.710709] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.715871] [ 34.717475] Freed by task 4470: [ 34.720735] save_stack+0x43/0xd0 [ 34.724167] __kasan_slab_free+0x11a/0x170 [ 34.728389] kasan_slab_free+0xe/0x10 [ 34.732168] kmem_cache_free+0x86/0x280 [ 34.736127] vmx_free_vcpu+0x26b/0x300 [ 34.739994] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.744465] kvm_put_kvm+0x73f/0x1060 [ 34.748273] kvm_vm_release+0x42/0x50 [ 34.752083] __fput+0x36e/0x8c0 [ 34.755358] ____fput+0x15/0x20 [ 34.758633] task_work_run+0x1e8/0x2a0 [ 34.762515] do_exit+0x1ae4/0x26e0 [ 34.766049] do_group_exit+0x177/0x440 [ 34.769955] __x64_sys_exit_group+0x3e/0x50 [ 34.774292] do_syscall_64+0x1b9/0x820 [ 34.778193] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.783371] [ 34.784995] The buggy address belongs to the object at ffff8801b08a8040 [ 34.784995] which belongs to the cache kvm_vcpu of size 23872 [ 34.797568] The buggy address is located 24 bytes inside of [ 34.797568] 23872-byte region [ffff8801b08a8040, ffff8801b08add80) [ 34.809522] The buggy address belongs to the page: [ 34.814456] page:ffffea0006c22a00 count:1 mapcount:0 mapping:ffff8801d9ff03c0 index:0x0 compound_mapcount: 0 [ 34.824430] flags: 0x2fffc0000008100(slab|head) [ 34.829104] raw: 02fffc0000008100 ffff8801d4c18548 ffff8801d4c18548 ffff8801d9ff03c0 [ 34.836988] raw: 0000000000000000 ffff8801b08a8040 0000000100000001 0000000000000000 [ 34.844856] page dumped because: kasan: bad access detected [ 34.850551] [ 34.852166] Memory state around the buggy address: [ 34.857098] ffff8801b08a7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.864456] ffff8801b08a7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.871814] >ffff8801b08a8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.879162] ^ [ 34.885397] ffff8801b08a8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.892764] ffff8801b08a8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.900122] ================================================================== [ 34.907474] Kernel panic - not syncing: panic_on_warn set ... [ 34.907474] [ 34.914861] CPU: 0 PID: 4470 Comm: syz-executor734 Tainted: G B 4.18.0+ #209 [ 34.923352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.932694] Call Trace: [ 34.935286] dump_stack+0x1c9/0x2b4 [ 34.938910] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.944102] ? lock_downgrade+0x8f0/0x8f0 [ 34.948247] ? __schedule+0xf54/0x1df0 [ 34.952130] panic+0x238/0x4e7 [ 34.955321] ? add_taint.cold.5+0x16/0x16 [ 34.959473] ? print_shadow_for_address+0xba/0x116 [ 34.964401] ? trace_hardirqs_off+0xaf/0x2b0 [ 34.968809] ? trace_hardirqs_off+0x77/0x2b0 [ 34.973239] ? __schedule+0xf54/0x1df0 [ 34.977140] kasan_end_report+0x47/0x4f [ 34.981117] kasan_report.cold.7+0x76/0x30d [ 34.985440] __asan_report_load8_noabort+0x14/0x20 [ 34.990367] __schedule+0xf54/0x1df0 [ 34.994084] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.999204] ? __sched_text_start+0x8/0x8 [ 35.003357] ? __call_srcu+0x7e7/0x1040 [ 35.007341] ? check_same_owner+0x340/0x340 [ 35.011662] ? mark_held_locks+0x160/0x160 [ 35.015892] ? find_held_lock+0x36/0x1c0 [ 35.019975] preempt_schedule_common+0x22/0x60 [ 35.024557] _cond_resched+0x1d/0x30 [ 35.028267] wait_for_completion+0xa5/0x8d0 [ 35.032619] ? wait_for_completion_interruptible+0x950/0x950 [ 35.038421] ? __lockdep_init_map+0x105/0x590 [ 35.042945] ? __init_waitqueue_head+0x9e/0x150 [ 35.047620] ? init_wait_entry+0x1c0/0x1c0 [ 35.051857] __synchronize_srcu+0x189/0x240 [ 35.056173] ? call_srcu+0x10/0x10 [ 35.059722] ? rcu_unexpedite_gp+0x20/0x20 [ 35.063962] synchronize_srcu+0x335/0x56f [ 35.068109] ? lock_downgrade+0x8f0/0x8f0 [ 35.072254] ? synchronize_srcu_expedited+0x20/0x20 [ 35.077270] ? kasan_check_read+0x11/0x20 [ 35.081416] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.085995] ? kasan_check_write+0x14/0x20 [ 35.090223] ? do_raw_spin_lock+0xc1/0x200 [ 35.094457] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.100174] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.105636] ? kvfree+0x61/0x70 [ 35.108921] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.113953] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.118024] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.122431] ? kvm_arch_sync_events+0x30/0x30 [ 35.126932] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.132477] ? mmu_notifier_unregister+0x474/0x600 [ 35.137405] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.141815] ? kfree+0x111/0x210 [ 35.145193] ? __mmu_notifier_register+0x30/0x30 [ 35.149956] ? __free_pages+0x10a/0x190 [ 35.153927] ? free_unref_page+0x930/0x930 [ 35.158179] kvm_put_kvm+0x73f/0x1060 [ 35.161994] ? kvm_write_guest_cached+0x40/0x40 [ 35.166671] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.171162] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.175663] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.180253] ? kasan_check_write+0x14/0x20 [ 35.184486] ? do_raw_spin_lock+0xc1/0x200 [ 35.188717] ? kvm_irqfd_release+0xdd/0x120 [ 35.193033] ? kvm_irqfd_release+0xdd/0x120 [ 35.197351] ? kvm_put_kvm+0x1060/0x1060 [ 35.201410] kvm_vm_release+0x42/0x50 [ 35.205213] __fput+0x36e/0x8c0 [ 35.208492] ? __alloc_file+0x400/0x400 [ 35.212478] ? check_same_owner+0x340/0x340 [ 35.216798] ? kasan_check_write+0x14/0x20 [ 35.221031] ? do_raw_spin_lock+0xc1/0x200 [ 35.225262] ____fput+0x15/0x20 [ 35.228551] task_work_run+0x1e8/0x2a0 [ 35.232447] ? task_work_cancel+0x240/0x240 [ 35.236771] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.242304] ? switch_task_namespaces+0xa2/0xd0 [ 35.246972] do_exit+0x1ae4/0x26e0 [ 35.250528] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.255227] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.259461] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.264472] ? kfree+0x1d7/0x210 [ 35.267841] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.272081] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.277801] ? is_bpf_text_address+0xd7/0x170 [ 35.282294] ? kernel_text_address+0x79/0xf0 [ 35.286700] ? __kernel_text_address+0xd/0x40 [ 35.291204] ? unwind_get_return_address+0x61/0xa0 [ 35.296132] ? __save_stack_trace+0x8d/0xf0 [ 35.300456] ? save_stack+0xa9/0xd0 [ 35.304077] ? save_stack+0x43/0xd0 [ 35.307700] ? __kasan_slab_free+0x11a/0x170 [ 35.312106] ? kasan_slab_free+0xe/0x10 [ 35.316103] ? putname+0xf2/0x130 [ 35.319552] ? __x64_sys_openat+0x9d/0x100 [ 35.323787] ? do_syscall_64+0x1b9/0x820 [ 35.327873] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.333247] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.337660] ? kasan_check_read+0x11/0x20 [ 35.341804] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.346211] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.350621] ? initcall_blacklisted+0x9a/0x1e0 [ 35.355212] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.360344] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.366055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.371601] ? do_vfs_ioctl+0x201/0x1720 [ 35.375661] ? rcu_is_watching+0x8c/0x150 [ 35.379803] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.384122] ? ioctl_preallocate+0x300/0x300 [ 35.388528] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.394060] ? __fget_light+0x2f7/0x440 [ 35.398035] ? fget_raw+0x20/0x20 [ 35.401483] ? putname+0xf2/0x130 [ 35.404940] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.410001] ? kmem_cache_free+0x246/0x280 [ 35.414231] ? putname+0xf7/0x130 [ 35.417710] do_group_exit+0x177/0x440 [ 35.421594] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.425908] ? __ia32_sys_exit+0x50/0x50 [ 35.429978] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.435078] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.440609] ? ksys_ioctl+0x81/0xd0 [ 35.444235] __x64_sys_exit_group+0x3e/0x50 [ 35.448566] do_syscall_64+0x1b9/0x820 [ 35.452477] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.457836] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.462759] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.467599] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.472620] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.477633] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.482489] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.487670] RIP: 0033:0x43ecc8 [ 35.490863] Code: Bad RIP value. [ 35.494233] RSP: 002b:00007ffc0e85ee08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.501943] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 35.509214] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.516492] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.523771] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.531035] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.538307] [ 35.538313] ====================================================== [ 35.538318] WARNING: possible circular locking dependency detected [ 35.538322] 4.18.0+ #209 Not tainted [ 35.538327] ------------------------------------------------------ [ 35.538331] syz-executor734/4470 is trying to acquire lock: [ 35.538335] 000000008d157a27 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 35.538350] [ 35.538354] but task is already holding lock: [ 35.538357] 00000000c3e9cf93 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.538370] [ 35.538375] which lock already depends on the new lock. [ 35.538377] [ 35.538379] [ 35.538384] the existing dependency chain (in reverse order) is: [ 35.538386] [ 35.538388] -> #3 (report_lock){....}: [ 35.538403] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.538406] kasan_report+0x8e/0x110 [ 35.538411] __asan_report_load8_noabort+0x14/0x20 [ 35.538414] __schedule+0xf54/0x1df0 [ 35.538418] preempt_schedule_common+0x22/0x60 [ 35.538422] _cond_resched+0x1d/0x30 [ 35.538426] wait_for_completion+0xa5/0x8d0 [ 35.538430] __synchronize_srcu+0x189/0x240 [ 35.538434] synchronize_srcu+0x335/0x56f [ 35.538440] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.538444] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.538448] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.538452] kvm_put_kvm+0x73f/0x1060 [ 35.538455] kvm_vm_release+0x42/0x50 [ 35.538459] __fput+0x36e/0x8c0 [ 35.538462] ____fput+0x15/0x20 [ 35.538466] task_work_run+0x1e8/0x2a0 [ 35.538470] do_exit+0x1ae4/0x26e0 [ 35.538473] do_group_exit+0x177/0x440 [ 35.538477] __x64_sys_exit_group+0x3e/0x50 [ 35.538481] do_syscall_64+0x1b9/0x820 [ 35.538486] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.538488] [ 35.538490] -> #2 (&rq->lock){-.-.}: [ 35.538504] _raw_spin_lock+0x2a/0x40 [ 35.538507] task_fork_fair+0x93/0x680 [ 35.538511] sched_fork+0x44b/0xbd0 [ 35.538515] copy_process+0x235e/0x7ad0 [ 35.538518] _do_fork+0x1ca/0x1170 [ 35.538522] kernel_thread+0x34/0x40 [ 35.538525] rest_init+0x22/0xe4 [ 35.538529] start_kernel+0x913/0x94e [ 35.538533] x86_64_start_reservations+0x29/0x2b [ 35.538537] x86_64_start_kernel+0x76/0x79 [ 35.538541] secondary_startup_64+0xa4/0xb0 [ 35.538543] [ 35.538546] -> #1 (&p->pi_lock){-.-.}: [ 35.538559] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.538563] try_to_wake_up+0xd2/0x1250 [ 35.538567] wake_up_process+0x10/0x20 [ 35.538571] __up.isra.1+0x1c0/0x2a0 [ 35.538574] up+0x13c/0x1c0 [ 35.538578] __up_console_sem+0xbe/0x1b0 [ 35.538581] console_unlock+0x506/0x10d0 [ 35.538585] vprintk_emit+0x33a/0x910 [ 35.538589] vprintk_default+0x28/0x30 [ 35.538592] vprintk_func+0x7a/0x117 [ 35.538596] printk+0xa7/0xcf [ 35.538599] load_umh+0x51/0xbd [ 35.538603] do_one_initcall+0x127/0x838 [ 35.538607] kernel_init_freeable+0x4bb/0x5ae [ 35.538610] kernel_init+0x11/0x1b3 [ 35.538614] ret_from_fork+0x3a/0x50 [ 35.538616] [ 35.538618] -> #0 ((console_sem).lock){-...}: [ 35.538632] lock_acquire+0x1e4/0x4f0 [ 35.538636] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.538640] down_trylock+0x13/0x70 [ 35.538644] __down_trylock_console_sem+0xae/0x200 [ 35.538648] console_trylock+0x15/0xa0 [ 35.538652] vprintk_emit+0x31f/0x910 [ 35.538655] vprintk_default+0x28/0x30 [ 35.538659] vprintk_func+0x7a/0x117 [ 35.538662] printk+0xa7/0xcf [ 35.538666] kasan_report+0x9e/0x110 [ 35.538670] __asan_report_load8_noabort+0x14/0x20 [ 35.538674] __schedule+0xf54/0x1df0 [ 35.538678] preempt_schedule_common+0x22/0x60 [ 35.538681] _cond_resched+0x1d/0x30 [ 35.538685] wait_for_completion+0xa5/0x8d0 [ 35.538689] __synchronize_srcu+0x189/0x240 [ 35.538693] synchronize_srcu+0x335/0x56f [ 35.538698] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.538702] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.538706] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.538709] kvm_put_kvm+0x73f/0x1060 [ 35.538713] kvm_vm_release+0x42/0x50 [ 35.538717] __fput+0x36e/0x8c0 [ 35.538720] ____fput+0x15/0x20 [ 35.538724] task_work_run+0x1e8/0x2a0 [ 35.538727] do_exit+0x1ae4/0x26e0 [ 35.538731] do_group_exit+0x177/0x440 [ 35.538735] __x64_sys_exit_group+0x3e/0x50 [ 35.538739] do_syscall_64+0x1b9/0x820 [ 35.538743] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.538745] [ 35.538750] other info that might help us debug this: [ 35.538752] [ 35.538755] Chain exists of: [ 35.538757] (console_sem).lock --> &rq->lock --> report_lock [ 35.538774] [ 35.538778] Possible unsafe locking scenario: [ 35.538780] [ 35.538784] CPU0 CPU1 [ 35.538788] ---- ---- [ 35.538791] lock(report_lock); [ 35.538800] lock(&rq->lock); [ 35.538809] lock(report_lock); [ 35.538816] lock((console_sem).lock); [ 35.538824] [ 35.538827] *** DEADLOCK *** [ 35.538829] [ 35.538833] 2 locks held by syz-executor734/4470: [ 35.538835] #0: 00000000b23459e3 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 35.538851] #1: 00000000c3e9cf93 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.538868] [ 35.538871] stack backtrace: [ 35.538876] CPU: 0 PID: 4470 Comm: syz-executor734 Not tainted 4.18.0+ #209 [ 35.538883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.538886] Call Trace: [ 35.538889] dump_stack+0x1c9/0x2b4 [ 35.538894] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.538897] ? vprintk_func+0x100/0x117 [ 35.538902] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 35.538906] ? save_trace+0xe0/0x290 [ 35.538909] __lock_acquire+0x3449/0x5020 [ 35.538913] ? mark_held_locks+0x160/0x160 [ 35.538917] ? mark_held_locks+0x160/0x160 [ 35.538921] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.538925] ? is_bpf_text_address+0xd7/0x170 [ 35.538929] ? kernel_text_address+0x79/0xf0 [ 35.538939] ? __kernel_text_address+0xd/0x40 [ 35.538943] ? __save_stack_trace+0x8d/0xf0 [ 35.538947] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 35.538951] ? save_trace+0x290/0x290 [ 35.538955] ? save_stack_trace+0x1a/0x20 [ 35.538958] ? save_trace+0xe0/0x290 [ 35.538962] ? graph_lock+0x170/0x170 [ 35.538966] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.538970] lock_acquire+0x1e4/0x4f0 [ 35.538974] ? down_trylock+0x13/0x70 [ 35.538977] ? lock_release+0x9f0/0x9f0 [ 35.538981] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.538985] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.538989] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.538993] ? log_store+0x34f/0x4c0 [ 35.538996] ? vprintk_emit+0x31f/0x910 [ 35.539000] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.539004] ? down_trylock+0x13/0x70 [ 35.539008] down_trylock+0x13/0x70 [ 35.539012] __down_trylock_console_sem+0xae/0x200 [ 35.539015] console_trylock+0x15/0xa0 [ 35.539019] vprintk_emit+0x31f/0x910 [ 35.539023] ? wake_up_klogd+0x110/0x110 [ 35.539027] ? run_rebalance_domains+0x4c0/0x4c0 [ 35.539031] ? kasan_check_read+0x11/0x20 [ 35.539035] ? rcu_is_watching+0x8c/0x150 [ 35.539038] ? rcu_pm_notify+0xc0/0xc0 [ 35.539042] ? lock_acquire+0x1e4/0x4f0 [ 35.539046] ? kasan_report+0x8e/0x110 [ 35.539049] ? __schedule+0xf54/0x1df0 [ 35.539053] vprintk_default+0x28/0x30 [ 35.539057] vprintk_func+0x7a/0x117 [ 35.539060] printk+0xa7/0xcf [ 35.539064] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.539068] ? kasan_check_write+0x14/0x20 [ 35.539072] ? do_raw_spin_lock+0xc1/0x200 [ 35.539075] ? do_raw_spin_lock+0xc1/0x200 [ 35.539079] kasan_report+0x9e/0x110 [ 35.539083] __asan_report_load8_noabort+0x14/0x20 [ 35.539087] __schedule+0xf54/0x1df0 [ 35.539091] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.539095] ? __sched_text_start+0x8/0x8 [ 35.539099] ? __call_srcu+0x7e7/0x1040 [ 35.539102] ? check_same_owner+0x340/0x340 [ 35.539106] ? mark_held_locks+0x160/0x160 [ 35.539110] ? find_held_lock+0x36/0x1c0 [ 35.539114] preempt_schedule_common+0x22/0x60 [ 35.539118] _cond_resched+0x1d/0x30 [ 35.539122] wait_for_completion+0xa5/0x8d0 [ 35.539126] ? wait_for_completion_interruptible+0x950/0x950 [ 35.539130] ? __lockdep_init_map+0x105/0x590 [ 35.539134] ? __init_waitqueue_head+0x9e/0x150 [ 35.539138] ? init_wait_entry+0x1c0/0x1c0 [ 35.539142] __synchronize_srcu+0x189/0x240 [ 35.539146] ? call_srcu+0x10/0x10 [ 35.539149] ? rcu_unexpedite_gp+0x20/0x20 [ 35.539153] synchronize_srcu+0x335/0x56f [ 35.539157] ? lock_downgrade+0x8f0/0x8f0 [ 35.539161] ? synchronize_srcu_expedited+0x20/0x20 [ 35.539165] ? kasan_check_read+0x11/0x20 [ 35.539169] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.539173] ? kasan_check_write+0x14/0x20 [ 35.539177] ? do_raw_spin_lock+0xc1/0x200 [ 35.539182] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.539194] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.539198] ? kvfree+0x61/0x70 [ 35.539202] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.539206] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.539210] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.539214] ? kvm_arch_sync_events+0x30/0x30 [ 35.539218] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.539222] ? mmu_notifier_unregister+0x474/0x600 [ 35.539226] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.539230] ? kfree+0x111/0x210 [ 35.539234] ? __mmu_notifier_register+0x30/0x30 [ 35.539238] ? __free_pages+0x10a/0x190 [ 35.539241] ? free_unref_page+0x930/0x930 [ 35.539245] kvm_put_kvm+0x73f/0x1060 [ 35.539249] ? kvm_write_guest_cached+0x40/0x40 [ 35.539253] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.539257] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.539261] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.539265] ? kasan_check_write+0x14/0x20 [ 35.539269] ? do_raw_spin_lock+0xc1/0x200 [ 35.539273] ? kvm_irqfd_release+0xdd/0x120 [ 35.539277] ? kvm_irqfd_release+0xdd/0x120 [ 35.539280] ? kvm_put_kvm+0x1060/0x1060 [ 35.539284] kvm_vm_release+0x42/0x50 [ 35.539287] __fput+0x36e/0x8c0 [ 35.539291] ? __alloc_file+0x400/0x400 [ 35.539308] ? check_same_owner+0x340/0x340 [ 35.539312] ? kasan_check_write+0x14/0x20 [ 35.539316] ? do_raw_spin_lock+0xc1/0x200 [ 35.539319] ____fput+0x15/0x20 [ 35.539323] task_work_run+0x1e8/0x2a0 [ 35.539327] ? task_work_cancel+0x240/0x240 [ 35.539331] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.539335] ? switch_task_namespaces+0xa2/0xd0 [ 35.539339] do_exit+0x1ae4/0x26e0 [ 35.539343] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.539346] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.539351] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.539367] ? kfree+0x1d7/0x210 [ 35.539370] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.539375] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.539379] ? is_bpf_text_address+0xd7/0x170 [ 35.539382] ? kernel_ [ 35.539389] Lost 54 message(s)! [ 36.652844] Shutting down cpus with NMI [ 37.777089] Dumping ftrace buffer: [ 37.780613] (ftrace buffer empty) [ 37.784310] Kernel Offset: disabled [ 37.787914] Rebooting in 86400 seconds..