[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.009903] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.496891] random: sshd: uninitialized urandom read (32 bytes read) [ 26.774700] random: sshd: uninitialized urandom read (32 bytes read) [ 27.352087] random: sshd: uninitialized urandom read (32 bytes read) [ 27.532185] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. [ 33.246883] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.345231] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.369963] ================================================================== [ 33.379806] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.386550] Read of size 8 at addr ffff8801ac850058 by task syz-executor051/4487 [ 33.394078] [ 33.395719] CPU: 1 PID: 4487 Comm: syz-executor051 Not tainted 4.18.0+ #205 [ 33.402809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.412152] Call Trace: [ 33.414735] dump_stack+0x1c9/0x2b4 [ 33.418365] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.423552] ? printk+0xa7/0xcf [ 33.426829] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.431585] ? __schedule+0xf54/0x1df0 [ 33.435487] print_address_description+0x6c/0x20b [ 33.440327] ? __schedule+0xf54/0x1df0 [ 33.444213] kasan_report.cold.7+0x242/0x30d [ 33.448629] __asan_report_load8_noabort+0x14/0x20 [ 33.453559] __schedule+0xf54/0x1df0 [ 33.457269] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.462371] ? __sched_text_start+0x8/0x8 [ 33.466517] ? __call_srcu+0x7e7/0x1040 [ 33.470495] ? check_same_owner+0x340/0x340 [ 33.474814] ? mark_held_locks+0x160/0x160 [ 33.479043] ? find_held_lock+0x36/0x1c0 [ 33.483104] preempt_schedule_common+0x22/0x60 [ 33.487693] _cond_resched+0x1d/0x30 [ 33.491403] wait_for_completion+0xa5/0x8d0 [ 33.495725] ? wait_for_completion_interruptible+0x950/0x950 [ 33.501519] ? __lockdep_init_map+0x105/0x590 [ 33.506014] ? __init_waitqueue_head+0x9e/0x150 [ 33.510681] ? init_wait_entry+0x1c0/0x1c0 [ 33.514915] __synchronize_srcu+0x189/0x240 [ 33.519237] ? call_srcu+0x10/0x10 [ 33.522776] ? rcu_unexpedite_gp+0x20/0x20 [ 33.527014] synchronize_srcu+0x335/0x56f [ 33.531173] ? lock_downgrade+0x8f0/0x8f0 [ 33.535317] ? synchronize_srcu_expedited+0x20/0x20 [ 33.540336] ? kasan_check_read+0x11/0x20 [ 33.544483] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.549063] ? kasan_check_write+0x14/0x20 [ 33.553294] ? do_raw_spin_lock+0xc1/0x200 [ 33.557530] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.563241] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.568703] ? kvfree+0x61/0x70 [ 33.571984] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.577002] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.581058] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.585467] ? kvm_arch_sync_events+0x30/0x30 [ 33.589964] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.595503] ? mmu_notifier_unregister+0x474/0x600 [ 33.600431] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.604838] ? kfree+0x111/0x210 [ 33.608204] ? __mmu_notifier_register+0x30/0x30 [ 33.612960] ? __free_pages+0x10a/0x190 [ 33.616947] ? free_unref_page+0x930/0x930 [ 33.621191] kvm_put_kvm+0x73f/0x1060 [ 33.624997] ? kvm_write_guest_cached+0x40/0x40 [ 33.629669] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.634163] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.638655] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.643244] ? kasan_check_write+0x14/0x20 [ 33.647475] ? do_raw_spin_lock+0xc1/0x200 [ 33.651711] ? kvm_irqfd_release+0xdd/0x120 [ 33.656033] ? kvm_put_kvm+0x1060/0x1060 [ 33.660092] kvm_vm_release+0x42/0x50 [ 33.663896] __fput+0x36e/0x8c0 [ 33.667176] ? __alloc_file+0x400/0x400 [ 33.671156] ? check_same_owner+0x340/0x340 [ 33.675473] ? kasan_check_write+0x14/0x20 [ 33.679718] ? do_raw_spin_lock+0xc1/0x200 [ 33.683950] ____fput+0x15/0x20 [ 33.687235] task_work_run+0x1e8/0x2a0 [ 33.691143] ? task_work_cancel+0x240/0x240 [ 33.695467] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.701002] ? switch_task_namespaces+0xa2/0xd0 [ 33.705672] do_exit+0x1ae4/0x26e0 [ 33.709212] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.713882] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.718135] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.723145] ? kfree+0x1d7/0x210 [ 33.726519] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.730758] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.736475] ? is_bpf_text_address+0xd7/0x170 [ 33.740967] ? kernel_text_address+0x79/0xf0 [ 33.745373] ? __kernel_text_address+0xd/0x40 [ 33.749866] ? unwind_get_return_address+0x61/0xa0 [ 33.754798] ? __save_stack_trace+0x8d/0xf0 [ 33.759127] ? save_stack+0xa9/0xd0 [ 33.762754] ? save_stack+0x43/0xd0 [ 33.766377] ? __kasan_slab_free+0x11a/0x170 [ 33.770782] ? kasan_slab_free+0xe/0x10 [ 33.774759] ? putname+0xf2/0x130 [ 33.778212] ? __x64_sys_openat+0x9d/0x100 [ 33.782446] ? do_syscall_64+0x1b9/0x820 [ 33.786509] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.791875] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.796278] ? kasan_check_read+0x11/0x20 [ 33.800425] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.804830] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.809238] ? initcall_blacklisted+0x9a/0x1e0 [ 33.813822] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.818926] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.824643] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.830181] ? do_vfs_ioctl+0x201/0x1720 [ 33.834238] ? rcu_is_watching+0x8c/0x150 [ 33.838382] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.842731] ? ioctl_preallocate+0x300/0x300 [ 33.847146] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.852681] ? __fget_light+0x2f7/0x440 [ 33.856657] ? fget_raw+0x20/0x20 [ 33.860109] ? putname+0xf2/0x130 [ 33.863571] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.868593] ? kmem_cache_free+0x246/0x280 [ 33.872838] ? putname+0xf7/0x130 [ 33.876294] do_group_exit+0x177/0x440 [ 33.880179] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.884497] ? __ia32_sys_exit+0x50/0x50 [ 33.888556] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.893659] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.899193] ? ksys_ioctl+0x81/0xd0 [ 33.902821] __x64_sys_exit_group+0x3e/0x50 [ 33.907144] do_syscall_64+0x1b9/0x820 [ 33.911033] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.916395] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.921321] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.926184] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.931203] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 33.936220] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.941236] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.946083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.951267] RIP: 0033:0x43ef08 [ 33.954459] Code: Bad RIP value. [ 33.957818] RSP: 002b:00007ffed215ffb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.965523] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 33.972788] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.980052] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.987315] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.994579] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.001855] [ 34.003475] Allocated by task 4487: [ 34.007102] save_stack+0x43/0xd0 [ 34.010558] kasan_kmalloc+0xc4/0xe0 [ 34.014268] kasan_slab_alloc+0x12/0x20 [ 34.018244] kmem_cache_alloc+0x12e/0x710 [ 34.022386] vmx_create_vcpu+0xcf/0x2830 [ 34.026444] kvm_arch_vcpu_create+0xe5/0x220 [ 34.030852] kvm_vm_ioctl+0x488/0x1d80 [ 34.034738] do_vfs_ioctl+0x1de/0x1720 [ 34.038628] ksys_ioctl+0xa9/0xd0 [ 34.042079] __x64_sys_ioctl+0x73/0xb0 [ 34.045965] do_syscall_64+0x1b9/0x820 [ 34.049851] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.055026] [ 34.056646] Freed by task 4487: [ 34.059923] save_stack+0x43/0xd0 [ 34.063373] __kasan_slab_free+0x11a/0x170 [ 34.067612] kasan_slab_free+0xe/0x10 [ 34.071416] kmem_cache_free+0x86/0x280 [ 34.075389] vmx_free_vcpu+0x26b/0x300 [ 34.079273] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.083679] kvm_put_kvm+0x73f/0x1060 [ 34.087481] kvm_vm_release+0x42/0x50 [ 34.091276] __fput+0x36e/0x8c0 [ 34.094550] ____fput+0x15/0x20 [ 34.097826] task_work_run+0x1e8/0x2a0 [ 34.101715] do_exit+0x1ae4/0x26e0 [ 34.105249] do_group_exit+0x177/0x440 [ 34.109135] __x64_sys_exit_group+0x3e/0x50 [ 34.113454] do_syscall_64+0x1b9/0x820 [ 34.117340] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.122514] [ 34.124164] The buggy address belongs to the object at ffff8801ac850040 [ 34.124164] which belongs to the cache kvm_vcpu of size 23872 [ 34.136732] The buggy address is located 24 bytes inside of [ 34.136732] 23872-byte region [ffff8801ac850040, ffff8801ac855d80) [ 34.148686] The buggy address belongs to the page: [ 34.153617] page:ffffea0006b21400 count:1 mapcount:0 mapping:ffff8801d4c0ba80 index:0x0 compound_mapcount: 0 [ 34.163598] flags: 0x2fffc0000008100(slab|head) [ 34.168284] raw: 02fffc0000008100 ffff8801d72fd048 ffff8801d72fd048 ffff8801d4c0ba80 [ 34.176163] raw: 0000000000000000 ffff8801ac850040 0000000100000001 0000000000000000 [ 34.184030] page dumped because: kasan: bad access detected [ 34.189729] [ 34.191347] Memory state around the buggy address: [ 34.196274] ffff8801ac84ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.203638] ffff8801ac84ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.210996] >ffff8801ac850000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.218347] ^ [ 34.224572] ffff8801ac850080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.231933] ffff8801ac850100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.239281] ================================================================== [ 34.246652] Kernel panic - not syncing: panic_on_warn set ... [ 34.246652] [ 34.254017] CPU: 1 PID: 4487 Comm: syz-executor051 Tainted: G B 4.18.0+ #205 [ 34.262682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.272050] Call Trace: [ 34.274655] dump_stack+0x1c9/0x2b4 [ 34.278283] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.283485] ? lock_downgrade+0x8f0/0x8f0 [ 34.287633] ? __schedule+0xf54/0x1df0 [ 34.291519] panic+0x238/0x4e7 [ 34.294710] ? add_taint.cold.5+0x16/0x16 [ 34.298860] ? print_shadow_for_address+0xba/0x116 [ 34.303784] ? trace_hardirqs_off+0xaf/0x2b0 [ 34.308205] ? trace_hardirqs_off+0x77/0x2b0 [ 34.312621] ? __schedule+0xf54/0x1df0 [ 34.316511] kasan_end_report+0x47/0x4f [ 34.320486] kasan_report.cold.7+0x76/0x30d [ 34.324811] __asan_report_load8_noabort+0x14/0x20 [ 34.329737] __schedule+0xf54/0x1df0 [ 34.333447] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.338556] ? __sched_text_start+0x8/0x8 [ 34.342725] ? __call_srcu+0x7e7/0x1040 [ 34.346704] ? check_same_owner+0x340/0x340 [ 34.351021] ? mark_held_locks+0x160/0x160 [ 34.355254] ? find_held_lock+0x36/0x1c0 [ 34.359319] preempt_schedule_common+0x22/0x60 [ 34.363900] _cond_resched+0x1d/0x30 [ 34.368104] wait_for_completion+0xa5/0x8d0 [ 34.372436] ? wait_for_completion_interruptible+0x950/0x950 [ 34.378232] ? __lockdep_init_map+0x105/0x590 [ 34.382727] ? __init_waitqueue_head+0x9e/0x150 [ 34.387393] ? init_wait_entry+0x1c0/0x1c0 [ 34.391640] __synchronize_srcu+0x189/0x240 [ 34.395962] ? call_srcu+0x10/0x10 [ 34.399503] ? rcu_unexpedite_gp+0x20/0x20 [ 34.403744] synchronize_srcu+0x335/0x56f [ 34.407888] ? lock_downgrade+0x8f0/0x8f0 [ 34.412053] ? synchronize_srcu_expedited+0x20/0x20 [ 34.417069] ? kasan_check_read+0x11/0x20 [ 34.421216] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.425796] ? kasan_check_write+0x14/0x20 [ 34.430033] ? do_raw_spin_lock+0xc1/0x200 [ 34.434271] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.439981] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.445429] ? kvfree+0x61/0x70 [ 34.448712] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.453726] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.457785] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.462196] ? kvm_arch_sync_events+0x30/0x30 [ 34.466715] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.472273] ? mmu_notifier_unregister+0x474/0x600 [ 34.477217] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.481639] ? kfree+0x111/0x210 [ 34.485004] ? __mmu_notifier_register+0x30/0x30 [ 34.489764] ? __free_pages+0x10a/0x190 [ 34.493737] ? free_unref_page+0x930/0x930 [ 34.497996] kvm_put_kvm+0x73f/0x1060 [ 34.501805] ? kvm_write_guest_cached+0x40/0x40 [ 34.506480] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.510976] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.515471] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.520055] ? kasan_check_write+0x14/0x20 [ 34.524291] ? do_raw_spin_lock+0xc1/0x200 [ 34.528526] ? kvm_irqfd_release+0xdd/0x120 [ 34.532872] ? kvm_put_kvm+0x1060/0x1060 [ 34.536933] kvm_vm_release+0x42/0x50 [ 34.540736] __fput+0x36e/0x8c0 [ 34.544014] ? __alloc_file+0x400/0x400 [ 34.547987] ? check_same_owner+0x340/0x340 [ 34.552308] ? kasan_check_write+0x14/0x20 [ 34.556541] ? do_raw_spin_lock+0xc1/0x200 [ 34.560774] ____fput+0x15/0x20 [ 34.564054] task_work_run+0x1e8/0x2a0 [ 34.567939] ? task_work_cancel+0x240/0x240 [ 34.572265] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.577799] ? switch_task_namespaces+0xa2/0xd0 [ 34.582471] do_exit+0x1ae4/0x26e0 [ 34.586015] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.590690] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.594930] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.599943] ? kfree+0x1d7/0x210 [ 34.603309] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.607543] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.613279] ? is_bpf_text_address+0xd7/0x170 [ 34.617771] ? kernel_text_address+0x79/0xf0 [ 34.622177] ? __kernel_text_address+0xd/0x40 [ 34.626674] ? unwind_get_return_address+0x61/0xa0 [ 34.631618] ? __save_stack_trace+0x8d/0xf0 [ 34.635962] ? save_stack+0xa9/0xd0 [ 34.639586] ? save_stack+0x43/0xd0 [ 34.643216] ? __kasan_slab_free+0x11a/0x170 [ 34.647644] ? kasan_slab_free+0xe/0x10 [ 34.651627] ? putname+0xf2/0x130 [ 34.655081] ? __x64_sys_openat+0x9d/0x100 [ 34.659313] ? do_syscall_64+0x1b9/0x820 [ 34.663378] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.668741] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.673151] ? kasan_check_read+0x11/0x20 [ 34.677300] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.681706] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.686114] ? initcall_blacklisted+0x9a/0x1e0 [ 34.690706] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.695815] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.701525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.707061] ? do_vfs_ioctl+0x201/0x1720 [ 34.711134] ? rcu_is_watching+0x8c/0x150 [ 34.715279] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.719613] ? ioctl_preallocate+0x300/0x300 [ 34.724027] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.729563] ? __fget_light+0x2f7/0x440 [ 34.733534] ? fget_raw+0x20/0x20 [ 34.736984] ? putname+0xf2/0x130 [ 34.740438] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.745463] ? kmem_cache_free+0x246/0x280 [ 34.749702] ? putname+0xf7/0x130 [ 34.753155] do_group_exit+0x177/0x440 [ 34.757056] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.761376] ? __ia32_sys_exit+0x50/0x50 [ 34.765432] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.770534] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.776068] ? ksys_ioctl+0x81/0xd0 [ 34.779698] __x64_sys_exit_group+0x3e/0x50 [ 34.784020] do_syscall_64+0x1b9/0x820 [ 34.787911] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.793281] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.798208] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.803050] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.808064] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.813090] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.818109] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.822961] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.828156] RIP: 0033:0x43ef08 [ 34.831349] Code: Bad RIP value. [ 34.834708] RSP: 002b:00007ffed215ffb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.842416] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 34.849681] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.856948] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.864214] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.871481] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.878759] [ 34.878764] ====================================================== [ 34.878770] WARNING: possible circular locking dependency detected [ 34.878773] 4.18.0+ #205 Not tainted [ 34.878778] ------------------------------------------------------ [ 34.878783] syz-executor051/4487 is trying to acquire lock: [ 34.878787] 00000000523f4a48 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 34.878801] [ 34.878805] but task is already holding lock: [ 34.878809] 0000000072fd7d9c (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.878823] [ 34.878827] which lock already depends on the new lock. [ 34.878830] [ 34.878832] [ 34.878837] the existing dependency chain (in reverse order) is: [ 34.878839] [ 34.878842] -> #3 (report_lock){....}: [ 34.878856] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.878860] kasan_report+0x8e/0x110 [ 34.878865] __asan_report_load8_noabort+0x14/0x20 [ 34.878868] __schedule+0xf54/0x1df0 [ 34.878873] preempt_schedule_common+0x22/0x60 [ 34.878876] _cond_resched+0x1d/0x30 [ 34.878881] wait_for_completion+0xa5/0x8d0 [ 34.878885] __synchronize_srcu+0x189/0x240 [ 34.878889] synchronize_srcu+0x335/0x56f [ 34.878894] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.878898] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.878902] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.878906] kvm_put_kvm+0x73f/0x1060 [ 34.878909] kvm_vm_release+0x42/0x50 [ 34.878913] __fput+0x36e/0x8c0 [ 34.878916] ____fput+0x15/0x20 [ 34.878920] task_work_run+0x1e8/0x2a0 [ 34.878924] do_exit+0x1ae4/0x26e0 [ 34.878928] do_group_exit+0x177/0x440 [ 34.878932] __x64_sys_exit_group+0x3e/0x50 [ 34.878936] do_syscall_64+0x1b9/0x820 [ 34.878940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.878943] [ 34.878945] -> #2 (&rq->lock){-.-.}: [ 34.878959] _raw_spin_lock+0x2a/0x40 [ 34.878963] task_fork_fair+0x93/0x680 [ 34.878966] sched_fork+0x44b/0xbd0 [ 34.878970] copy_process+0x235e/0x7ad0 [ 34.878974] _do_fork+0x1ca/0x1170 [ 34.878977] kernel_thread+0x34/0x40 [ 34.878981] rest_init+0x22/0xe4 [ 34.878985] start_kernel+0x913/0x94e [ 34.878989] x86_64_start_reservations+0x29/0x2b [ 34.878993] x86_64_start_kernel+0x76/0x79 [ 34.878997] secondary_startup_64+0xa4/0xb0 [ 34.879000] [ 34.879002] -> #1 (&p->pi_lock){-.-.}: [ 34.879016] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.879020] try_to_wake_up+0xd2/0x1250 [ 34.879024] wake_up_process+0x10/0x20 [ 34.879028] __up.isra.1+0x1c0/0x2a0 [ 34.879031] up+0x13c/0x1c0 [ 34.879035] __up_console_sem+0xbe/0x1b0 [ 34.879039] console_unlock+0x506/0x10d0 [ 34.879043] vprintk_emit+0x33a/0x910 [ 34.879047] vprintk_default+0x28/0x30 [ 34.879050] vprintk_func+0x7a/0x117 [ 34.879054] printk+0xa7/0xcf [ 34.879057] load_umh+0x51/0xbd [ 34.879061] do_one_initcall+0x127/0x838 [ 34.879065] kernel_init_freeable+0x4bb/0x5ae [ 34.879069] kernel_init+0x11/0x1b3 [ 34.879073] ret_from_fork+0x3a/0x50 [ 34.879075] [ 34.879077] -> #0 ((console_sem).lock){-...}: [ 34.879092] lock_acquire+0x1e4/0x4f0 [ 34.879096] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.879100] down_trylock+0x13/0x70 [ 34.879104] __down_trylock_console_sem+0xae/0x200 [ 34.879108] console_trylock+0x15/0xa0 [ 34.879112] vprintk_emit+0x31f/0x910 [ 34.879122] vprintk_default+0x28/0x30 [ 34.879126] vprintk_func+0x7a/0x117 [ 34.879129] printk+0xa7/0xcf [ 34.879133] kasan_report+0x9e/0x110 [ 34.879137] __asan_report_load8_noabort+0x14/0x20 [ 34.879141] __schedule+0xf54/0x1df0 [ 34.879145] preempt_schedule_common+0x22/0x60 [ 34.879149] _cond_resched+0x1d/0x30 [ 34.879153] wait_for_completion+0xa5/0x8d0 [ 34.879157] __synchronize_srcu+0x189/0x240 [ 34.879161] synchronize_srcu+0x335/0x56f [ 34.879166] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.879170] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.879174] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.879178] kvm_put_kvm+0x73f/0x1060 [ 34.879182] kvm_vm_release+0x42/0x50 [ 34.879185] __fput+0x36e/0x8c0 [ 34.879189] ____fput+0x15/0x20 [ 34.879193] task_work_run+0x1e8/0x2a0 [ 34.879196] do_exit+0x1ae4/0x26e0 [ 34.879200] do_group_exit+0x177/0x440 [ 34.879204] __x64_sys_exit_group+0x3e/0x50 [ 34.879208] do_syscall_64+0x1b9/0x820 [ 34.879213] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.879215] [ 34.879220] other info that might help us debug this: [ 34.879222] [ 34.879225] Chain exists of: [ 34.879227] (console_sem).lock --> &rq->lock --> report_lock [ 34.879246] [ 34.879250] Possible unsafe locking scenario: [ 34.879252] [ 34.879256] CPU0 CPU1 [ 34.879260] ---- ---- [ 34.879262] lock(report_lock); [ 34.879271] lock(&rq->lock); [ 34.879281] lock(report_lock); [ 34.879288] lock((console_sem).lock); [ 34.879296] [ 34.879300] *** DEADLOCK *** [ 34.879302] [ 34.879306] 2 locks held by syz-executor051/4487: [ 34.879308] #0: 00000000f7e2e3bb (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 34.879325] #1: 0000000072fd7d9c (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.879342] [ 34.879345] stack backtrace: [ 34.879350] CPU: 1 PID: 4487 Comm: syz-executor051 Not tainted 4.18.0+ #205 [ 34.879357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.879360] Call Trace: [ 34.879364] dump_stack+0x1c9/0x2b4 [ 34.879369] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.879373] ? vprintk_func+0x100/0x117 [ 34.879377] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 34.879381] ? save_trace+0xe0/0x290 [ 34.879385] __lock_acquire+0x3449/0x5020 [ 34.879389] ? mark_held_locks+0x160/0x160 [ 34.879393] ? mark_held_locks+0x160/0x160 [ 34.879397] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.879402] ? is_bpf_text_address+0xd7/0x170 [ 34.879406] ? kernel_text_address+0x79/0xf0 [ 34.879410] ? __kernel_text_address+0xd/0x40 [ 34.879414] ? __save_stack_trace+0x8d/0xf0 [ 34.879418] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 34.879422] ? save_trace+0x290/0x290 [ 34.879426] ? save_stack_trace+0x1a/0x20 [ 34.879430] ? save_trace+0xe0/0x290 [ 34.879433] ? graph_lock+0x170/0x170 [ 34.879438] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.879442] lock_acquire+0x1e4/0x4f0 [ 34.879446] ? down_trylock+0x13/0x70 [ 34.879450] ? lock_release+0x9f0/0x9f0 [ 34.879454] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.879458] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.879462] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.879465] ? log_store+0x34f/0x4c0 [ 34.879469] ? vprintk_emit+0x31f/0x910 [ 34.879473] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.879477] ? down_trylock+0x13/0x70 [ 34.879481] down_trylock+0x13/0x70 [ 34.879485] __down_trylock_console_sem+0xae/0x200 [ 34.879489] console_trylock+0x15/0xa0 [ 34.879493] vprintk_emit+0x31f/0x910 [ 34.879497] ? wake_up_klogd+0x110/0x110 [ 34.879501] ? run_rebalance_domains+0x4c0/0x4c0 [ 34.879505] ? kasan_check_read+0x11/0x20 [ 34.879509] ? rcu_is_watching+0x8c/0x150 [ 34.879513] ? rcu_pm_notify+0xc0/0xc0 [ 34.879517] ? lock_acquire+0x1e4/0x4f0 [ 34.879520] ? kasan_report+0x8e/0x110 [ 34.879524] ? __schedule+0xf54/0x1df0 [ 34.879528] vprintk_default+0x28/0x30 [ 34.879532] vprintk_func+0x7a/0x117 [ 34.879535] printk+0xa7/0xcf [ 34.879539] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.879543] ? kasan_check_write+0x14/0x20 [ 34.879547] ? do_raw_spin_lock+0xc1/0x200 [ 34.879551] ? do_raw_spin_lock+0xc1/0x200 [ 34.879555] kasan_report+0x9e/0x110 [ 34.879559] __asan_report_load8_noabort+0x14/0x20 [ 34.879563] __schedule+0xf54/0x1df0 [ 34.879568] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.879572] ? __sched_text_start+0x8/0x8 [ 34.879575] ? __call_srcu+0x7e7/0x1040 [ 34.879579] ? check_same_owner+0x340/0x340 [ 34.879584] ? mark_held_locks+0x160/0x160 [ 34.879587] ? find_held_lock+0x36/0x1c0 [ 34.879592] preempt_schedule_common+0x22/0x60 [ 34.879595] _cond_resched+0x1d/0x30 [ 34.879599] wait_for_completion+0xa5/0x8d0 [ 34.879614] ? wait_for_completion_interruptible+0x950/0x950 [ 34.879618] ? __lockdep_init_map+0x105/0x590 [ 34.879624] ? __init_waitqueue_head+0x9e/0x150 [ 34.879628] ? init_wait_entry+0x1c0/0x1c0 [ 34.879632] __synchronize_srcu+0x189/0x240 [ 34.879635] ? call_srcu+0x10/0x10 [ 34.879639] ? rcu_unexpedite_gp+0x20/0x20 [ 34.879643] synchronize_srcu+0x335/0x56f [ 34.879647] ? lock_downgrade+0x8f0/0x8f0 [ 34.879652] ? synchronize_srcu_expedited+0x20/0x20 [ 34.879656] ? kasan_check_read+0x11/0x20 [ 34.879660] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.879664] ? kasan_check_write+0x14/0x20 [ 34.879668] ? do_raw_spin_lock+0xc1/0x200 [ 34.879673] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.879678] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.879681] ? kvfree+0x61/0x70 [ 34.879686] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.879690] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.879694] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.879698] ? kvm_arch_sync_events+0x30/0x30 [ 34.879703] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.879707] ? mmu_notifier_unregister+0x474/0x600 [ 34.879711] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.879715] ? kfree+0x111/0x210 [ 34.879719] ? __mmu_notifier_register+0x30/0x30 [ 34.879723] ? __free_pages+0x10a/0x190 [ 34.879727] ? free_unref_page+0x930/0x930 [ 34.879731] kvm_put_kvm+0x73f/0x1060 [ 34.879735] ? kvm_write_guest_cached+0x40/0x40 [ 34.879739] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.879743] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.879747] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.879751] ? kasan_check_write+0x14/0x20 [ 34.879755] ? do_raw_spin_lock+0xc1/0x200 [ 34.879759] ? kvm_irqfd_release+0xdd/0x120 [ 34.879763] ? kvm_put_kvm+0x1060/0x1060 [ 34.879767] kvm_vm_release+0x42/0x50 [ 34.879771] __fput+0x36e/0x8c0 [ 34.879774] ? __alloc_file+0x400/0x400 [ 34.879778] ? check_same_owner+0x340/0x340 [ 34.879782] ? kasan_check_write+0x14/0x20 [ 34.879786] ? do_raw_spin_lock+0xc1/0x200 [ 34.879790] ____fput+0x15/0x20 [ 34.879794] task_work_run+0x1e8/0x2a0 [ 34.879798] ? task_work_cancel+0x240/0x240 [ 34.879802] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.879807] ? switch_task_namespaces+0xa2/0xd0 [ 34.879810] do_exit+0x1ae4/0x26e0 [ 34.879815] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.879819] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.879823] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.879826] ? kfree+0x1d7/0x210 [ 34.879830] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.879835] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.879839] ? is_bpf_text_address+0xd7/0x170 [ 34.879844] ? kernel_text_address+0x79/0xf0 [ 34.879846] ? __kern [ 34.879854] Lost 54 message(s)! [ 35.963926] Shutting down cpus with NMI [ 37.023942] Dumping ftrace buffer: [ 37.027476] (ftrace buffer empty) [ 37.031168] Kernel Offset: disabled [ 37.034780] Rebooting in 86400 seconds..