[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.057864] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.411468] random: sshd: uninitialized urandom read (32 bytes read) [ 26.671801] random: sshd: uninitialized urandom read (32 bytes read) [ 27.213088] random: sshd: uninitialized urandom read (32 bytes read) [ 45.569671] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.62' (ECDSA) to the list of known hosts. [ 51.227827] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 51.322512] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 51.345155] ================================================================== [ 51.353870] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 51.360114] Read of size 8 at addr ffff8801aee88058 by task syz-executor020/4444 [ 51.367617] [ 51.369227] CPU: 0 PID: 4444 Comm: syz-executor020 Not tainted 4.18.0+ #203 [ 51.376300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.385631] Call Trace: [ 51.388203] dump_stack+0x1c9/0x2b4 [ 51.391808] ? dump_stack_print_info.cold.2+0x52/0x52 [ 51.396977] ? printk+0xa7/0xcf [ 51.400237] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 51.404972] ? __schedule+0xf54/0x1df0 [ 51.408978] print_address_description+0x6c/0x20b [ 51.413810] ? __schedule+0xf54/0x1df0 [ 51.417725] kasan_report.cold.7+0x242/0x30d [ 51.422122] __asan_report_load8_noabort+0x14/0x20 [ 51.427032] __schedule+0xf54/0x1df0 [ 51.430732] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 51.435813] ? __sched_text_start+0x8/0x8 [ 51.439941] ? __call_srcu+0x7e7/0x1040 [ 51.443896] ? check_same_owner+0x340/0x340 [ 51.448197] ? mark_held_locks+0x160/0x160 [ 51.452408] ? find_held_lock+0x36/0x1c0 [ 51.456456] preempt_schedule_common+0x22/0x60 [ 51.461015] _cond_resched+0x1d/0x30 [ 51.464705] wait_for_completion+0xa5/0x8d0 [ 51.469005] ? wait_for_completion_interruptible+0x950/0x950 [ 51.474782] ? __lockdep_init_map+0x105/0x590 [ 51.479257] ? __init_waitqueue_head+0x9e/0x150 [ 51.483905] ? init_wait_entry+0x1c0/0x1c0 [ 51.488121] __synchronize_srcu+0x189/0x240 [ 51.492425] ? call_srcu+0x10/0x10 [ 51.495945] ? rcu_unexpedite_gp+0x20/0x20 [ 51.500161] synchronize_srcu+0x335/0x56f [ 51.504297] ? lock_downgrade+0x8f0/0x8f0 [ 51.508435] ? synchronize_srcu_expedited+0x20/0x20 [ 51.513569] ? kasan_check_read+0x11/0x20 [ 51.517703] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 51.522266] ? kasan_check_write+0x14/0x20 [ 51.526480] ? do_raw_spin_lock+0xc1/0x200 [ 51.530698] kvm_page_track_unregister_notifier+0x17d/0x250 [ 51.536392] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 51.541960] ? kvfree+0x61/0x70 [ 51.545246] ? rcu_read_lock_sched_held+0x108/0x120 [ 51.550264] kvm_mmu_uninit_vm+0x1c/0x20 [ 51.554325] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 51.558741] ? kvm_arch_sync_events+0x30/0x30 [ 51.563238] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 51.568777] ? mmu_notifier_unregister+0x474/0x600 [ 51.573706] ? trace_hardirqs_on+0x2c0/0x2c0 [ 51.578117] ? kfree+0x111/0x210 [ 51.581486] ? __mmu_notifier_register+0x30/0x30 [ 51.586241] ? __free_pages+0x10a/0x190 [ 51.590214] ? free_unref_page+0x930/0x930 [ 51.594481] kvm_put_kvm+0x73f/0x1060 [ 51.598301] ? kvm_write_guest_cached+0x40/0x40 [ 51.602982] ? _raw_spin_unlock_irq+0x27/0x70 [ 51.607481] ? _raw_spin_unlock_irq+0x27/0x70 [ 51.611979] ? lockdep_hardirqs_on+0x421/0x5c0 [ 51.616566] ? kasan_check_write+0x14/0x20 [ 51.620797] ? do_raw_spin_lock+0xc1/0x200 [ 51.625033] ? kvm_irqfd_release+0xdd/0x120 [ 51.629355] ? kvm_put_kvm+0x1060/0x1060 [ 51.633411] kvm_vm_release+0x42/0x50 [ 51.637220] __fput+0x36e/0x8c0 [ 51.640498] ? __alloc_file+0x400/0x400 [ 51.644471] ? check_same_owner+0x340/0x340 [ 51.648788] ? kasan_check_write+0x14/0x20 [ 51.653018] ? do_raw_spin_lock+0xc1/0x200 [ 51.657247] ____fput+0x15/0x20 [ 51.660521] task_work_run+0x1e8/0x2a0 [ 51.664405] ? task_work_cancel+0x240/0x240 [ 51.668739] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 51.674275] ? switch_task_namespaces+0xa2/0xd0 [ 51.678941] do_exit+0x1ae4/0x26e0 [ 51.682482] ? mm_update_next_owner+0x9a0/0x9a0 [ 51.687152] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 51.691390] ? rcu_read_lock_sched_held+0x108/0x120 [ 51.696411] ? kfree+0x1d7/0x210 [ 51.699782] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 51.704018] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 51.709731] ? is_bpf_text_address+0xd7/0x170 [ 51.714221] ? kernel_text_address+0x79/0xf0 [ 51.718624] ? __kernel_text_address+0xd/0x40 [ 51.723115] ? unwind_get_return_address+0x61/0xa0 [ 51.728047] ? __save_stack_trace+0x8d/0xf0 [ 51.732372] ? save_stack+0xa9/0xd0 [ 51.735998] ? save_stack+0x43/0xd0 [ 51.739737] ? __kasan_slab_free+0x11a/0x170 [ 51.744146] ? kasan_slab_free+0xe/0x10 [ 51.748123] ? putname+0xf2/0x130 [ 51.751578] ? __x64_sys_openat+0x9d/0x100 [ 51.755813] ? do_syscall_64+0x1b9/0x820 [ 51.759874] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.765259] ? trace_hardirqs_off+0xb8/0x2b0 [ 51.769663] ? kasan_check_read+0x11/0x20 [ 51.773830] ? do_raw_spin_unlock+0xa7/0x2f0 [ 51.778239] ? trace_hardirqs_on+0x2c0/0x2c0 [ 51.782646] ? initcall_blacklisted+0x9a/0x1e0 [ 51.787233] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 51.792337] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 51.798051] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.803593] ? do_vfs_ioctl+0x201/0x1720 [ 51.807654] ? rcu_is_watching+0x8c/0x150 [ 51.811800] ? trace_hardirqs_on+0xbd/0x2c0 [ 51.816129] ? ioctl_preallocate+0x300/0x300 [ 51.820536] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.826075] ? __fget_light+0x2f7/0x440 [ 51.830054] ? fget_raw+0x20/0x20 [ 51.833511] ? putname+0xf2/0x130 [ 51.836969] ? rcu_read_lock_sched_held+0x108/0x120 [ 51.841983] ? kmem_cache_free+0x246/0x280 [ 51.846214] ? putname+0xf7/0x130 [ 51.849668] do_group_exit+0x177/0x440 [ 51.853552] ? trace_hardirqs_on+0xbd/0x2c0 [ 51.857875] ? __ia32_sys_exit+0x50/0x50 [ 51.861941] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 51.867048] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.872588] ? ksys_ioctl+0x81/0xd0 [ 51.876223] __x64_sys_exit_group+0x3e/0x50 [ 51.880555] do_syscall_64+0x1b9/0x820 [ 51.884459] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 51.889836] ? syscall_return_slowpath+0x5e0/0x5e0 [ 51.894753] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.899579] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 51.904590] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 51.909607] ? prepare_exit_to_usermode+0x291/0x3b0 [ 51.914741] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.919584] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.924807] RIP: 0033:0x43ef08 [ 51.928010] Code: Bad RIP value. [ 51.931504] RSP: 002b:00007ffcb310d9d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 51.939222] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 51.946479] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 51.953730] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 51.960978] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 51.968229] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 51.975481] [ 51.977094] Allocated by task 4444: [ 51.980709] save_stack+0x43/0xd0 [ 51.984142] kasan_kmalloc+0xc4/0xe0 [ 51.987836] kasan_slab_alloc+0x12/0x20 [ 51.991798] kmem_cache_alloc+0x12e/0x710 [ 51.995935] vmx_create_vcpu+0xcf/0x2830 [ 51.999981] kvm_arch_vcpu_create+0xe5/0x220 [ 52.004373] kvm_vm_ioctl+0x488/0x1d80 [ 52.008238] do_vfs_ioctl+0x1de/0x1720 [ 52.012102] ksys_ioctl+0xa9/0xd0 [ 52.015542] __x64_sys_ioctl+0x73/0xb0 [ 52.019426] do_syscall_64+0x1b9/0x820 [ 52.023295] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.028457] [ 52.030064] Freed by task 4444: [ 52.033430] save_stack+0x43/0xd0 [ 52.036874] __kasan_slab_free+0x11a/0x170 [ 52.041090] kasan_slab_free+0xe/0x10 [ 52.044876] kmem_cache_free+0x86/0x280 [ 52.048832] vmx_free_vcpu+0x26b/0x300 [ 52.052699] kvm_arch_destroy_vm+0x365/0x7c0 [ 52.057084] kvm_put_kvm+0x73f/0x1060 [ 52.060861] kvm_vm_release+0x42/0x50 [ 52.064636] __fput+0x36e/0x8c0 [ 52.067892] ____fput+0x15/0x20 [ 52.071149] task_work_run+0x1e8/0x2a0 [ 52.075014] do_exit+0x1ae4/0x26e0 [ 52.078534] do_group_exit+0x177/0x440 [ 52.082400] __x64_sys_exit_group+0x3e/0x50 [ 52.086778] do_syscall_64+0x1b9/0x820 [ 52.090657] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.095822] [ 52.097434] The buggy address belongs to the object at ffff8801aee88040 [ 52.097434] which belongs to the cache kvm_vcpu of size 23872 [ 52.109981] The buggy address is located 24 bytes inside of [ 52.109981] 23872-byte region [ffff8801aee88040, ffff8801aee8dd80) [ 52.121921] The buggy address belongs to the page: [ 52.126832] page:ffffea0006bba200 count:1 mapcount:0 mapping:ffff8801d9e69000 index:0x0 compound_mapcount: 0 [ 52.136784] flags: 0x2fffc0000008100(slab|head) [ 52.141443] raw: 02fffc0000008100 ffff8801d4cdcf48 ffff8801d4cdcf48 ffff8801d9e69000 [ 52.149302] raw: 0000000000000000 ffff8801aee88040 0000000100000001 0000000000000000 [ 52.157157] page dumped because: kasan: bad access detected [ 52.162837] [ 52.164453] Memory state around the buggy address: [ 52.169359] ffff8801aee87f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.176694] ffff8801aee87f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.184035] >ffff8801aee88000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 52.191372] ^ [ 52.197580] ffff8801aee88080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 52.204916] ffff8801aee88100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 52.212250] ================================================================== [ 52.219588] Kernel panic - not syncing: panic_on_warn set ... [ 52.219588] [ 52.226933] CPU: 0 PID: 4444 Comm: syz-executor020 Tainted: G B 4.18.0+ #203 [ 52.235397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.244733] Call Trace: [ 52.247305] dump_stack+0x1c9/0x2b4 [ 52.250915] ? dump_stack_print_info.cold.2+0x52/0x52 [ 52.256082] ? lock_downgrade+0x8f0/0x8f0 [ 52.260352] ? __schedule+0xf54/0x1df0 [ 52.264227] panic+0x238/0x4e7 [ 52.267404] ? add_taint.cold.5+0x16/0x16 [ 52.271544] ? print_shadow_for_address+0xba/0x116 [ 52.276452] ? trace_hardirqs_off+0xaf/0x2b0 [ 52.280913] ? trace_hardirqs_off+0x77/0x2b0 [ 52.285308] ? __schedule+0xf54/0x1df0 [ 52.289175] kasan_end_report+0x47/0x4f [ 52.293127] kasan_report.cold.7+0x76/0x30d [ 52.297438] __asan_report_load8_noabort+0x14/0x20 [ 52.302451] __schedule+0xf54/0x1df0 [ 52.306151] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 52.311242] ? __sched_text_start+0x8/0x8 [ 52.315371] ? __call_srcu+0x7e7/0x1040 [ 52.319327] ? check_same_owner+0x340/0x340 [ 52.323632] ? mark_held_locks+0x160/0x160 [ 52.327849] ? find_held_lock+0x36/0x1c0 [ 52.331891] preempt_schedule_common+0x22/0x60 [ 52.336451] _cond_resched+0x1d/0x30 [ 52.340144] wait_for_completion+0xa5/0x8d0 [ 52.344446] ? wait_for_completion_interruptible+0x950/0x950 [ 52.350307] ? __lockdep_init_map+0x105/0x590 [ 52.354791] ? __init_waitqueue_head+0x9e/0x150 [ 52.359441] ? init_wait_entry+0x1c0/0x1c0 [ 52.363661] __synchronize_srcu+0x189/0x240 [ 52.368027] ? call_srcu+0x10/0x10 [ 52.371553] ? rcu_unexpedite_gp+0x20/0x20 [ 52.375776] synchronize_srcu+0x335/0x56f [ 52.380034] ? lock_downgrade+0x8f0/0x8f0 [ 52.384161] ? synchronize_srcu_expedited+0x20/0x20 [ 52.389157] ? kasan_check_read+0x11/0x20 [ 52.393285] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 52.397847] ? kasan_check_write+0x14/0x20 [ 52.402061] ? do_raw_spin_lock+0xc1/0x200 [ 52.406278] kvm_page_track_unregister_notifier+0x17d/0x250 [ 52.411969] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 52.417398] ? kvfree+0x61/0x70 [ 52.420663] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.425670] kvm_mmu_uninit_vm+0x1c/0x20 [ 52.429715] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 52.434104] ? kvm_arch_sync_events+0x30/0x30 [ 52.438682] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.444211] ? mmu_notifier_unregister+0x474/0x600 [ 52.449121] ? trace_hardirqs_on+0x2c0/0x2c0 [ 52.453508] ? kfree+0x111/0x210 [ 52.456852] ? __mmu_notifier_register+0x30/0x30 [ 52.461592] ? __free_pages+0x10a/0x190 [ 52.465547] ? free_unref_page+0x930/0x930 [ 52.469768] kvm_put_kvm+0x73f/0x1060 [ 52.473550] ? kvm_write_guest_cached+0x40/0x40 [ 52.478318] ? _raw_spin_unlock_irq+0x27/0x70 [ 52.482842] ? _raw_spin_unlock_irq+0x27/0x70 [ 52.487385] ? lockdep_hardirqs_on+0x421/0x5c0 [ 52.492129] ? kasan_check_write+0x14/0x20 [ 52.496341] ? do_raw_spin_lock+0xc1/0x200 [ 52.500559] ? kvm_irqfd_release+0xdd/0x120 [ 52.504857] ? kvm_put_kvm+0x1060/0x1060 [ 52.508903] kvm_vm_release+0x42/0x50 [ 52.512686] __fput+0x36e/0x8c0 [ 52.515974] ? __alloc_file+0x400/0x400 [ 52.519930] ? check_same_owner+0x340/0x340 [ 52.524232] ? kasan_check_write+0x14/0x20 [ 52.528447] ? do_raw_spin_lock+0xc1/0x200 [ 52.532747] ____fput+0x15/0x20 [ 52.536012] task_work_run+0x1e8/0x2a0 [ 52.539877] ? task_work_cancel+0x240/0x240 [ 52.544181] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.549696] ? switch_task_namespaces+0xa2/0xd0 [ 52.554345] do_exit+0x1ae4/0x26e0 [ 52.557869] ? mm_update_next_owner+0x9a0/0x9a0 [ 52.562527] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 52.566744] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.571740] ? kfree+0x1d7/0x210 [ 52.575088] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 52.579305] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 52.584999] ? is_bpf_text_address+0xd7/0x170 [ 52.589476] ? kernel_text_address+0x79/0xf0 [ 52.593873] ? __kernel_text_address+0xd/0x40 [ 52.598349] ? unwind_get_return_address+0x61/0xa0 [ 52.603340] ? __save_stack_trace+0x8d/0xf0 [ 52.607651] ? save_stack+0xa9/0xd0 [ 52.611255] ? save_stack+0x43/0xd0 [ 52.614857] ? __kasan_slab_free+0x11a/0x170 [ 52.619243] ? kasan_slab_free+0xe/0x10 [ 52.623195] ? putname+0xf2/0x130 [ 52.626629] ? __x64_sys_openat+0x9d/0x100 [ 52.631036] ? do_syscall_64+0x1b9/0x820 [ 52.635086] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.640437] ? trace_hardirqs_off+0xb8/0x2b0 [ 52.644823] ? kasan_check_read+0x11/0x20 [ 52.648949] ? do_raw_spin_unlock+0xa7/0x2f0 [ 52.653406] ? trace_hardirqs_on+0x2c0/0x2c0 [ 52.657854] ? initcall_blacklisted+0x9a/0x1e0 [ 52.662434] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 52.667521] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 52.673211] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.678795] ? do_vfs_ioctl+0x201/0x1720 [ 52.682846] ? rcu_is_watching+0x8c/0x150 [ 52.686972] ? trace_hardirqs_on+0xbd/0x2c0 [ 52.691274] ? ioctl_preallocate+0x300/0x300 [ 52.695663] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.701181] ? __fget_light+0x2f7/0x440 [ 52.705134] ? fget_raw+0x20/0x20 [ 52.708569] ? putname+0xf2/0x130 [ 52.712002] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.717000] ? kmem_cache_free+0x246/0x280 [ 52.721221] ? putname+0xf7/0x130 [ 52.724662] do_group_exit+0x177/0x440 [ 52.728544] ? trace_hardirqs_on+0xbd/0x2c0 [ 52.732843] ? __ia32_sys_exit+0x50/0x50 [ 52.736884] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 52.741969] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.747486] ? ksys_ioctl+0x81/0xd0 [ 52.751167] __x64_sys_exit_group+0x3e/0x50 [ 52.755480] do_syscall_64+0x1b9/0x820 [ 52.759356] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 52.764708] ? syscall_return_slowpath+0x5e0/0x5e0 [ 52.769669] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.774503] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 52.779501] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 52.784501] ? prepare_exit_to_usermode+0x291/0x3b0 [ 52.789505] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.794329] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.799545] RIP: 0033:0x43ef08 [ 52.802836] Code: Bad RIP value. [ 52.806179] RSP: 002b:00007ffcb310d9d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 52.813866] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 52.821128] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 52.828376] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 52.835623] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 52.842876] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 52.850395] [ 52.850398] ====================================================== [ 52.850402] WARNING: possible circular locking dependency detected [ 52.850404] 4.18.0+ #203 Not tainted [ 52.850407] ------------------------------------------------------ [ 52.850410] syz-executor020/4444 is trying to acquire lock: [ 52.850411] 0000000009ddc7f1 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 52.850428] [ 52.850430] but task is already holding lock: [ 52.850432] 00000000d76243b9 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 52.850440] [ 52.850442] which lock already depends on the new lock. [ 52.850443] [ 52.850445] [ 52.850448] the existing dependency chain (in reverse order) is: [ 52.850449] [ 52.850450] -> #3 (report_lock){....}: [ 52.850458] _raw_spin_lock_irqsave+0x96/0xc0 [ 52.850460] kasan_report+0x8e/0x110 [ 52.850463] __asan_report_load8_noabort+0x14/0x20 [ 52.850465] __schedule+0xf54/0x1df0 [ 52.850467] preempt_schedule_common+0x22/0x60 [ 52.850470] _cond_resched+0x1d/0x30 [ 52.850472] wait_for_completion+0xa5/0x8d0 [ 52.850474] __synchronize_srcu+0x189/0x240 [ 52.850477] synchronize_srcu+0x335/0x56f [ 52.850480] kvm_page_track_unregister_notifier+0x17d/0x250 [ 52.850482] kvm_mmu_uninit_vm+0x1c/0x20 [ 52.850484] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 52.850486] kvm_put_kvm+0x73f/0x1060 [ 52.850488] kvm_vm_release+0x42/0x50 [ 52.850490] __fput+0x36e/0x8c0 [ 52.850492] ____fput+0x15/0x20 [ 52.850494] task_work_run+0x1e8/0x2a0 [ 52.850497] do_exit+0x1ae4/0x26e0 [ 52.850499] do_group_exit+0x177/0x440 [ 52.850501] __x64_sys_exit_group+0x3e/0x50 [ 52.850503] do_syscall_64+0x1b9/0x820 [ 52.850506] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.850507] [ 52.850508] -> #2 (&rq->lock){-.-.}: [ 52.850520] _raw_spin_lock+0x2a/0x40 [ 52.850522] task_fork_fair+0x93/0x680 [ 52.850524] sched_fork+0x44b/0xbd0 [ 52.850526] copy_process+0x235e/0x7ad0 [ 52.850529] _do_fork+0x1ca/0x1170 [ 52.850531] kernel_thread+0x34/0x40 [ 52.850533] rest_init+0x22/0xe4 [ 52.850535] start_kernel+0x913/0x94e [ 52.850537] x86_64_start_reservations+0x29/0x2b [ 52.850540] x86_64_start_kernel+0x76/0x79 [ 52.850542] secondary_startup_64+0xa4/0xb0 [ 52.850543] [ 52.850544] -> #1 (&p->pi_lock){-.-.}: [ 52.850552] _raw_spin_lock_irqsave+0x96/0xc0 [ 52.850554] try_to_wake_up+0xd2/0x1250 [ 52.850557] wake_up_process+0x10/0x20 [ 52.850559] __up.isra.1+0x1c0/0x2a0 [ 52.850561] up+0x13c/0x1c0 [ 52.850563] __up_console_sem+0xbe/0x1b0 [ 52.850565] console_unlock+0x506/0x10d0 [ 52.850567] vprintk_emit+0x33a/0x910 [ 52.850570] vprintk_default+0x28/0x30 [ 52.850572] vprintk_func+0x7a/0x117 [ 52.850574] printk+0xa7/0xcf [ 52.850576] load_umh+0x51/0xbd [ 52.850578] do_one_initcall+0x127/0x838 [ 52.850580] kernel_init_freeable+0x4bb/0x5ae [ 52.850583] kernel_init+0x11/0x1b3 [ 52.850585] ret_from_fork+0x3a/0x50 [ 52.850586] [ 52.850587] -> #0 ((console_sem).lock){-...}: [ 52.850595] lock_acquire+0x1e4/0x4f0 [ 52.850597] _raw_spin_lock_irqsave+0x96/0xc0 [ 52.850600] down_trylock+0x13/0x70 [ 52.850602] __down_trylock_console_sem+0xae/0x200 [ 52.850604] console_trylock+0x15/0xa0 [ 52.850606] vprintk_emit+0x31f/0x910 [ 52.850609] vprintk_default+0x28/0x30 [ 52.850611] vprintk_func+0x7a/0x117 [ 52.850613] printk+0xa7/0xcf [ 52.850615] kasan_report+0x9e/0x110 [ 52.850617] __asan_report_load8_noabort+0x14/0x20 [ 52.850619] __schedule+0xf54/0x1df0 [ 52.850622] preempt_schedule_common+0x22/0x60 [ 52.850624] _cond_resched+0x1d/0x30 [ 52.850626] wait_for_completion+0xa5/0x8d0 [ 52.850628] __synchronize_srcu+0x189/0x240 [ 52.850631] synchronize_srcu+0x335/0x56f [ 52.850634] kvm_page_track_unregister_notifier+0x17d/0x250 [ 52.850636] kvm_mmu_uninit_vm+0x1c/0x20 [ 52.850638] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 52.850640] kvm_put_kvm+0x73f/0x1060 [ 52.850642] kvm_vm_release+0x42/0x50 [ 52.850644] __fput+0x36e/0x8c0 [ 52.850646] ____fput+0x15/0x20 [ 52.850648] task_work_run+0x1e8/0x2a0 [ 52.850650] do_exit+0x1ae4/0x26e0 [ 52.850653] do_group_exit+0x177/0x440 [ 52.850655] __x64_sys_exit_group+0x3e/0x50 [ 52.850657] do_syscall_64+0x1b9/0x820 [ 52.850660] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.850661] [ 52.850664] other info that might help us debug this: [ 52.850665] [ 52.850667] Chain exists of: [ 52.850668] (console_sem).lock --> &rq->lock --> report_lock [ 52.850677] [ 52.850680] Possible unsafe locking scenario: [ 52.850681] [ 52.850683] CPU0 CPU1 [ 52.850685] ---- ---- [ 52.850687] lock(report_lock); [ 52.850692] lock(&rq->lock); [ 52.850697] lock(report_lock); [ 52.850701] lock((console_sem).lock); [ 52.850705] [ 52.850707] *** DEADLOCK *** [ 52.850708] [ 52.850710] 2 locks held by syz-executor020/4444: [ 52.850712] #0: 00000000c68166bc (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 52.850721] #1: 00000000d76243b9 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 52.850730] [ 52.850731] stack backtrace: [ 52.850735] CPU: 0 PID: 4444 Comm: syz-executor020 Not tainted 4.18.0+ #203 [ 52.850739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.850741] Call Trace: [ 52.850743] dump_stack+0x1c9/0x2b4 [ 52.850745] ? dump_stack_print_info.cold.2+0x52/0x52 [ 52.850747] ? vprintk_func+0x100/0x117 [ 52.850750] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 52.850752] ? save_trace+0xe0/0x290 [ 52.850754] __lock_acquire+0x3449/0x5020 [ 52.850757] ? mark_held_locks+0x160/0x160 [ 52.850759] ? mark_held_locks+0x160/0x160 [ 52.850761] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 52.850764] ? is_bpf_text_address+0xd7/0x170 [ 52.850766] ? kernel_text_address+0x79/0xf0 [ 52.850768] ? __kernel_text_address+0xd/0x40 [ 52.850771] ? __save_stack_trace+0x8d/0xf0 [ 52.850773] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 52.850775] ? save_trace+0x290/0x290 [ 52.850777] ? save_stack_trace+0x1a/0x20 [ 52.850779] ? save_trace+0xe0/0x290 [ 52.850782] ? graph_lock+0x170/0x170 [ 52.850784] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.850786] lock_acquire+0x1e4/0x4f0 [ 52.850788] ? down_trylock+0x13/0x70 [ 52.850790] ? lock_release+0x9f0/0x9f0 [ 52.850793] ? trace_hardirqs_off+0xb8/0x2b0 [ 52.850795] ? trace_hardirqs_on+0x2c0/0x2c0 [ 52.850797] ? trace_hardirqs_off+0xb8/0x2b0 [ 52.850799] ? log_store+0x34f/0x4c0 [ 52.850802] ? vprintk_emit+0x31f/0x910 [ 52.850804] _raw_spin_lock_irqsave+0x96/0xc0 [ 52.850806] ? down_trylock+0x13/0x70 [ 52.850808] down_trylock+0x13/0x70 [ 52.850810] __down_trylock_console_sem+0xae/0x200 [ 52.850813] console_trylock+0x15/0xa0 [ 52.850815] vprintk_emit+0x31f/0x910 [ 52.850817] ? wake_up_klogd+0x110/0x110 [ 52.850819] ? run_rebalance_domains+0x4c0/0x4c0 [ 52.850821] ? kasan_check_read+0x11/0x20 [ 52.850824] ? rcu_is_watching+0x8c/0x150 [ 52.850826] ? rcu_pm_notify+0xc0/0xc0 [ 52.850828] ? lock_acquire+0x1e4/0x4f0 [ 52.850830] ? kasan_report+0x8e/0x110 [ 52.850832] ? __schedule+0xf54/0x1df0 [ 52.850834] vprintk_default+0x28/0x30 [ 52.850836] vprintk_func+0x7a/0x117 [ 52.850838] printk+0xa7/0xcf [ 52.850840] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 52.850843] ? kasan_check_write+0x14/0x20 [ 52.850845] ? do_raw_spin_lock+0xc1/0x200 [ 52.850847] ? do_raw_spin_lock+0xc1/0x200 [ 52.850849] kasan_report+0x9e/0x110 [ 52.850852] __asan_report_load8_noabort+0x14/0x20 [ 52.850854] __schedule+0xf54/0x1df0 [ 52.850856] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 52.850858] ? __sched_text_start+0x8/0x8 [ 52.850861] ? __call_srcu+0x7e7/0x1040 [ 52.850863] ? check_same_owner+0x340/0x340 [ 52.850865] ? mark_held_locks+0x160/0x160 [ 52.850867] ? find_held_lock+0x36/0x1c0 [ 52.850870] preempt_schedule_common+0x22/0x60 [ 52.850872] _cond_resched+0x1d/0x30 [ 52.850874] wait_for_completion+0xa5/0x8d0 [ 52.850877] ? wait_for_completion_interruptible+0x950/0x950 [ 52.850879] ? __lockdep_init_map+0x105/0x590 [ 52.850882] ? __init_waitqueue_head+0x9e/0x150 [ 52.850884] ? init_wait_entry+0x1c0/0x1c0 [ 52.850886] __synchronize_srcu+0x189/0x240 [ 52.850888] ? call_srcu+0x10/0x10 [ 52.850891] ? rcu_unexpedite_gp+0x20/0x20 [ 52.850893] synchronize_srcu+0x335/0x56f [ 52.850895] ? lock_downgrade+0x8f0/0x8f0 [ 52.850898] ? synchronize_srcu_expedited+0x20/0x20 [ 52.850900] ? kasan_check_read+0x11/0x20 [ 52.850902] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 52.850905] ? kasan_check_write+0x14/0x20 [ 52.850907] ? do_raw_spin_lock+0xc1/0x200 [ 52.850910] kvm_page_track_unregister_notifier+0x17d/0x250 [ 52.850912] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 52.850914] ? kvfree+0x61/0x70 [ 52.850917] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.850919] kvm_mmu_uninit_vm+0x1c/0x20 [ 52.850921] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 52.850923] ? kvm_arch_sync_events+0x30/0x30 [ 52.850926] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.850929] ? mmu_notifier_unregister+0x474/0x600 [ 52.850931] ? trace_hardirqs_on+0x2c0/0x2c0 [ 52.850933] ? kfree+0x111/0x210 [ 52.850935] ? __mmu_notifier_register+0x30/0x30 [ 52.850937] ? __free_pages+0x10a/0x190 [ 52.850940] ? free_unref_page+0x930/0x930 [ 52.850942] kvm_put_kvm+0x73f/0x1060 [ 52.850944] ? kvm_write_guest_cached+0x40/0x40 [ 52.850946] ? _raw_spin_unlock_irq+0x27/0x70 [ 52.850949] ? _raw_spin_unlock_irq+0x27/0x70 [ 52.850951] ? lockdep_hardirqs_on+0x421/0x5c0 [ 52.850953] ? kasan_check_write+0x14/0x20 [ 52.850956] ? do_raw_spin_lock+0xc1/0x200 [ 52.850958] ? kvm_irqfd_release+0xdd/0x120 [ 52.850960] ? kvm_put_kvm+0x1060/0x1060 [ 52.850962] kvm_vm_release+0x42/0x50 [ 52.850964] __fput+0x36e/0x8c0 [ 52.850966] ? __alloc_file+0x400/0x400 [ 52.850968] ? check_same_owner+0x340/0x340 [ 52.850971] ? kasan_check_write+0x14/0x20 [ 52.850973] ? do_raw_spin_lock+0xc1/0x200 [ 52.850975] ____fput+0x15/0x20 [ 52.850977] task_work_run+0x1e8/0x2a0 [ 52.850979] ? task_work_cancel+0x240/0x240 [ 52.850982] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.850984] ? switch_task_namespaces+0xa2/0xd0 [ 52.850986] do_exit+0x1ae4/0x26e0 [ 52.850988] ? mm_update_next_owner+0x9a0/0x9a0 [ 52.850991] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 52.850993] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.850995] ? kfree+0x1d7/0x210 [ 52.850997] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 52.851000] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 52.851002] ? is_bpf_text_address+0xd7/0x170 [ 52.851005] ? kernel_text_address+0x79/0xf0 [ 52.851006] ? __kern [ 52.851011] Lost 54 message(s)! [ 53.910463] Shutting down cpus with NMI [ 54.969838] Dumping ftrace buffer: [ 54.973365] (ftrace buffer empty) [ 54.977056] Kernel Offset: disabled [ 54.980667] Rebooting in 86400 seconds..