[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.108639] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.502435] random: sshd: uninitialized urandom read (32 bytes read) [ 29.774027] random: sshd: uninitialized urandom read (32 bytes read) [ 30.287895] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts. [ 36.040900] urandom_read: 1 callbacks suppressed [ 36.040907] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 36.142646] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 36.168594] ================================================================== [ 36.178377] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 36.184605] Read of size 8 at addr ffff8801ac428058 by task syz-executor761/4461 [ 36.192126] [ 36.193754] CPU: 0 PID: 4461 Comm: syz-executor761 Not tainted 4.18.0+ #204 [ 36.200852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.210194] Call Trace: [ 36.212794] dump_stack+0x1c9/0x2b4 [ 36.216420] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.221614] ? printk+0xa7/0xcf [ 36.224895] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.229651] ? __schedule+0xf54/0x1df0 [ 36.233541] print_address_description+0x6c/0x20b [ 36.238391] ? __schedule+0xf54/0x1df0 [ 36.242287] kasan_report.cold.7+0x242/0x30d [ 36.246702] __asan_report_load8_noabort+0x14/0x20 [ 36.251635] __schedule+0xf54/0x1df0 [ 36.255350] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.260455] ? __sched_text_start+0x8/0x8 [ 36.264610] ? __call_srcu+0x7e7/0x1040 [ 36.268590] ? check_same_owner+0x340/0x340 [ 36.272907] ? mark_held_locks+0x160/0x160 [ 36.277138] ? find_held_lock+0x36/0x1c0 [ 36.281204] preempt_schedule_common+0x22/0x60 [ 36.285798] _cond_resched+0x1d/0x30 [ 36.289517] wait_for_completion+0xa5/0x8d0 [ 36.293842] ? wait_for_completion_interruptible+0x950/0x950 [ 36.299660] ? __lockdep_init_map+0x105/0x590 [ 36.304179] ? __init_waitqueue_head+0x9e/0x150 [ 36.308861] ? init_wait_entry+0x1c0/0x1c0 [ 36.313099] __synchronize_srcu+0x189/0x240 [ 36.317419] ? call_srcu+0x10/0x10 [ 36.320973] ? rcu_unexpedite_gp+0x20/0x20 [ 36.325227] synchronize_srcu+0x335/0x56f [ 36.329377] ? lock_downgrade+0x8f0/0x8f0 [ 36.333526] ? synchronize_srcu_expedited+0x20/0x20 [ 36.338541] ? kasan_check_read+0x11/0x20 [ 36.342880] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.347462] ? kasan_check_write+0x14/0x20 [ 36.351705] ? do_raw_spin_lock+0xc1/0x200 [ 36.355945] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.361661] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.367113] ? kvfree+0x61/0x70 [ 36.370396] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.375414] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.379486] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.383897] ? kvm_arch_sync_events+0x30/0x30 [ 36.388414] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.393951] ? mmu_notifier_unregister+0x474/0x600 [ 36.398881] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.403286] ? kfree+0x111/0x210 [ 36.406650] ? __mmu_notifier_register+0x30/0x30 [ 36.411406] ? __free_pages+0x10a/0x190 [ 36.415378] ? free_unref_page+0x930/0x930 [ 36.419622] kvm_put_kvm+0x73f/0x1060 [ 36.423430] ? kvm_write_guest_cached+0x40/0x40 [ 36.428102] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.432606] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.437108] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.441697] ? kasan_check_write+0x14/0x20 [ 36.445929] ? do_raw_spin_lock+0xc1/0x200 [ 36.450392] ? kvm_irqfd_release+0xdd/0x120 [ 36.454712] ? kvm_put_kvm+0x1060/0x1060 [ 36.458780] kvm_vm_release+0x42/0x50 [ 36.462584] __fput+0x36e/0x8c0 [ 36.465865] ? __alloc_file+0x400/0x400 [ 36.469841] ? check_same_owner+0x340/0x340 [ 36.474162] ? kasan_check_write+0x14/0x20 [ 36.478395] ? do_raw_spin_lock+0xc1/0x200 [ 36.482638] ____fput+0x15/0x20 [ 36.485918] task_work_run+0x1e8/0x2a0 [ 36.489805] ? task_work_cancel+0x240/0x240 [ 36.494129] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.499663] ? switch_task_namespaces+0xa2/0xd0 [ 36.504339] do_exit+0x1ae4/0x26e0 [ 36.507884] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.512559] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.516797] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.521813] ? kfree+0x1d7/0x210 [ 36.525180] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.529416] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.535127] ? is_bpf_text_address+0xd7/0x170 [ 36.539618] ? kernel_text_address+0x79/0xf0 [ 36.544053] ? __kernel_text_address+0xd/0x40 [ 36.548573] ? unwind_get_return_address+0x61/0xa0 [ 36.553510] ? __save_stack_trace+0x8d/0xf0 [ 36.557854] ? save_stack+0xa9/0xd0 [ 36.561484] ? save_stack+0x43/0xd0 [ 36.565129] ? __kasan_slab_free+0x11a/0x170 [ 36.569558] ? kasan_slab_free+0xe/0x10 [ 36.573544] ? putname+0xf2/0x130 [ 36.577024] ? __x64_sys_openat+0x9d/0x100 [ 36.581258] ? do_syscall_64+0x1b9/0x820 [ 36.585337] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.590703] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.595110] ? kasan_check_read+0x11/0x20 [ 36.599256] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.603662] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.608073] ? initcall_blacklisted+0x9a/0x1e0 [ 36.612659] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.617807] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.623535] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.629075] ? do_vfs_ioctl+0x201/0x1720 [ 36.633136] ? rcu_is_watching+0x8c/0x150 [ 36.637277] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.641595] ? ioctl_preallocate+0x300/0x300 [ 36.646001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.651538] ? __fget_light+0x2f7/0x440 [ 36.655514] ? fget_raw+0x20/0x20 [ 36.658969] ? putname+0xf2/0x130 [ 36.662429] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.667448] ? kmem_cache_free+0x246/0x280 [ 36.671686] ? putname+0xf7/0x130 [ 36.675148] do_group_exit+0x177/0x440 [ 36.679036] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.683356] ? __ia32_sys_exit+0x50/0x50 [ 36.687415] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.692522] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.698059] ? ksys_ioctl+0x81/0xd0 [ 36.701690] __x64_sys_exit_group+0x3e/0x50 [ 36.706534] do_syscall_64+0x1b9/0x820 [ 36.710424] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.715787] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.720715] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.725558] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.730579] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.735596] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.740617] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.745467] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.750661] RIP: 0033:0x43ef08 [ 36.753859] Code: Bad RIP value. [ 36.757227] RSP: 002b:00007ffc685085c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.764938] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 36.772207] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.779492] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.786761] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.794031] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.801309] [ 36.802944] Allocated by task 4461: [ 36.806580] save_stack+0x43/0xd0 [ 36.810061] kasan_kmalloc+0xc4/0xe0 [ 36.813772] kasan_slab_alloc+0x12/0x20 [ 36.817743] kmem_cache_alloc+0x12e/0x710 [ 36.821890] vmx_create_vcpu+0xcf/0x2830 [ 36.825949] kvm_arch_vcpu_create+0xe5/0x220 [ 36.830357] kvm_vm_ioctl+0x488/0x1d80 [ 36.834251] do_vfs_ioctl+0x1de/0x1720 [ 36.838134] ksys_ioctl+0xa9/0xd0 [ 36.841585] __x64_sys_ioctl+0x73/0xb0 [ 36.845492] do_syscall_64+0x1b9/0x820 [ 36.849383] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.854566] [ 36.856186] Freed by task 4461: [ 36.859472] save_stack+0x43/0xd0 [ 36.862930] __kasan_slab_free+0x11a/0x170 [ 36.867162] kasan_slab_free+0xe/0x10 [ 36.870959] kmem_cache_free+0x86/0x280 [ 36.874934] vmx_free_vcpu+0x26b/0x300 [ 36.878819] kvm_arch_destroy_vm+0x365/0x7c0 [ 36.883232] kvm_put_kvm+0x73f/0x1060 [ 36.887029] kvm_vm_release+0x42/0x50 [ 36.890828] __fput+0x36e/0x8c0 [ 36.894104] ____fput+0x15/0x20 [ 36.897377] task_work_run+0x1e8/0x2a0 [ 36.901263] do_exit+0x1ae4/0x26e0 [ 36.904800] do_group_exit+0x177/0x440 [ 36.908685] __x64_sys_exit_group+0x3e/0x50 [ 36.913008] do_syscall_64+0x1b9/0x820 [ 36.916895] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.922074] [ 36.923697] The buggy address belongs to the object at ffff8801ac428040 [ 36.923697] which belongs to the cache kvm_vcpu of size 23872 [ 36.936279] The buggy address is located 24 bytes inside of [ 36.936279] 23872-byte region [ffff8801ac428040, ffff8801ac42dd80) [ 36.948253] The buggy address belongs to the page: [ 36.953195] page:ffffea0006b10a00 count:1 mapcount:0 mapping:ffff8801d52df780 index:0x0 compound_mapcount: 0 [ 36.963187] flags: 0x2fffc0000008100(slab|head) [ 36.967879] raw: 02fffc0000008100 ffff8801d4ba7848 ffff8801d4ba7848 ffff8801d52df780 [ 36.975772] raw: 0000000000000000 ffff8801ac428040 0000000100000001 0000000000000000 [ 36.983654] page dumped because: kasan: bad access detected [ 36.989370] [ 36.990995] Memory state around the buggy address: [ 36.995928] ffff8801ac427f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.003297] ffff8801ac427f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.010664] >ffff8801ac428000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 37.018030] ^ [ 37.024273] ffff8801ac428080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.031651] ffff8801ac428100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.039013] ================================================================== [ 37.046378] Kernel panic - not syncing: panic_on_warn set ... [ 37.046378] [ 37.053757] CPU: 0 PID: 4461 Comm: syz-executor761 Tainted: G B 4.18.0+ #204 [ 37.062258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.071614] Call Trace: [ 37.074212] dump_stack+0x1c9/0x2b4 [ 37.077852] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.083041] ? lock_downgrade+0x8f0/0x8f0 [ 37.087192] ? __schedule+0xf54/0x1df0 [ 37.091089] panic+0x238/0x4e7 [ 37.094280] ? add_taint.cold.5+0x16/0x16 [ 37.098433] ? print_shadow_for_address+0xba/0x116 [ 37.103361] ? trace_hardirqs_off+0xaf/0x2b0 [ 37.107767] ? trace_hardirqs_off+0x77/0x2b0 [ 37.112174] ? __schedule+0xf54/0x1df0 [ 37.116062] kasan_end_report+0x47/0x4f [ 37.120038] kasan_report.cold.7+0x76/0x30d [ 37.124361] __asan_report_load8_noabort+0x14/0x20 [ 37.129289] __schedule+0xf54/0x1df0 [ 37.133005] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.138109] ? __sched_text_start+0x8/0x8 [ 37.142261] ? __call_srcu+0x7e7/0x1040 [ 37.146250] ? check_same_owner+0x340/0x340 [ 37.150573] ? mark_held_locks+0x160/0x160 [ 37.154809] ? find_held_lock+0x36/0x1c0 [ 37.158874] preempt_schedule_common+0x22/0x60 [ 37.163459] _cond_resched+0x1d/0x30 [ 37.167182] wait_for_completion+0xa5/0x8d0 [ 37.171524] ? wait_for_completion_interruptible+0x950/0x950 [ 37.177329] ? __lockdep_init_map+0x105/0x590 [ 37.181835] ? __init_waitqueue_head+0x9e/0x150 [ 37.186506] ? init_wait_entry+0x1c0/0x1c0 [ 37.190743] __synchronize_srcu+0x189/0x240 [ 37.195060] ? call_srcu+0x10/0x10 [ 37.198604] ? rcu_unexpedite_gp+0x20/0x20 [ 37.202846] synchronize_srcu+0x335/0x56f [ 37.206993] ? lock_downgrade+0x8f0/0x8f0 [ 37.211137] ? synchronize_srcu_expedited+0x20/0x20 [ 37.216155] ? kasan_check_read+0x11/0x20 [ 37.220303] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.224884] ? kasan_check_write+0x14/0x20 [ 37.229114] ? do_raw_spin_lock+0xc1/0x200 [ 37.233353] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.239068] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.244517] ? kvfree+0x61/0x70 [ 37.247802] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.252819] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.256881] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.261291] ? kvm_arch_sync_events+0x30/0x30 [ 37.265790] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.271329] ? mmu_notifier_unregister+0x474/0x600 [ 37.276260] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.280668] ? kfree+0x111/0x210 [ 37.284035] ? __mmu_notifier_register+0x30/0x30 [ 37.288794] ? __free_pages+0x10a/0x190 [ 37.292770] ? free_unref_page+0x930/0x930 [ 37.297016] kvm_put_kvm+0x73f/0x1060 [ 37.300850] ? kvm_write_guest_cached+0x40/0x40 [ 37.305543] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.310042] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.314537] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.319125] ? kasan_check_write+0x14/0x20 [ 37.323360] ? do_raw_spin_lock+0xc1/0x200 [ 37.327603] ? kvm_irqfd_release+0xdd/0x120 [ 37.331942] ? kvm_put_kvm+0x1060/0x1060 [ 37.336003] kvm_vm_release+0x42/0x50 [ 37.339811] __fput+0x36e/0x8c0 [ 37.343330] ? __alloc_file+0x400/0x400 [ 37.347312] ? check_same_owner+0x340/0x340 [ 37.351635] ? kasan_check_write+0x14/0x20 [ 37.355868] ? do_raw_spin_lock+0xc1/0x200 [ 37.360115] ____fput+0x15/0x20 [ 37.363398] task_work_run+0x1e8/0x2a0 [ 37.367285] ? task_work_cancel+0x240/0x240 [ 37.371613] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.377150] ? switch_task_namespaces+0xa2/0xd0 [ 37.381820] do_exit+0x1ae4/0x26e0 [ 37.385366] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.390041] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 37.394278] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.399298] ? kfree+0x1d7/0x210 [ 37.402664] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 37.406902] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.412615] ? is_bpf_text_address+0xd7/0x170 [ 37.417110] ? kernel_text_address+0x79/0xf0 [ 37.421520] ? __kernel_text_address+0xd/0x40 [ 37.426016] ? unwind_get_return_address+0x61/0xa0 [ 37.430947] ? __save_stack_trace+0x8d/0xf0 [ 37.435281] ? save_stack+0xa9/0xd0 [ 37.438909] ? save_stack+0x43/0xd0 [ 37.442538] ? __kasan_slab_free+0x11a/0x170 [ 37.446945] ? kasan_slab_free+0xe/0x10 [ 37.450927] ? putname+0xf2/0x130 [ 37.454382] ? __x64_sys_openat+0x9d/0x100 [ 37.458620] ? do_syscall_64+0x1b9/0x820 [ 37.462681] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.468046] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.472453] ? kasan_check_read+0x11/0x20 [ 37.476610] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.481016] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.485428] ? initcall_blacklisted+0x9a/0x1e0 [ 37.490035] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 37.495139] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.500851] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.506414] ? do_vfs_ioctl+0x201/0x1720 [ 37.510486] ? rcu_is_watching+0x8c/0x150 [ 37.514634] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.518955] ? ioctl_preallocate+0x300/0x300 [ 37.523370] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.528918] ? __fget_light+0x2f7/0x440 [ 37.532892] ? fget_raw+0x20/0x20 [ 37.536344] ? putname+0xf2/0x130 [ 37.539799] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.544818] ? kmem_cache_free+0x246/0x280 [ 37.549049] ? putname+0xf7/0x130 [ 37.552509] do_group_exit+0x177/0x440 [ 37.556397] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.560720] ? __ia32_sys_exit+0x50/0x50 [ 37.564801] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.569911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.575445] ? ksys_ioctl+0x81/0xd0 [ 37.579073] __x64_sys_exit_group+0x3e/0x50 [ 37.583396] do_syscall_64+0x1b9/0x820 [ 37.587288] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.592650] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.597580] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.602420] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 37.607452] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.612473] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.617501] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.622349] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.627540] RIP: 0033:0x43ef08 [ 37.630735] Code: Bad RIP value. [ 37.634093] RSP: 002b:00007ffc685085c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.641816] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 37.649081] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.656352] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.663618] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.670890] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 37.678171] [ 37.678176] ====================================================== [ 37.678181] WARNING: possible circular locking dependency detected [ 37.678185] 4.18.0+ #204 Not tainted [ 37.678190] ------------------------------------------------------ [ 37.678195] syz-executor761/4461 is trying to acquire lock: [ 37.678198] 00000000de6fc94d ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 37.678223] [ 37.678227] but task is already holding lock: [ 37.678230] 00000000def8d2ef (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.678244] [ 37.678248] which lock already depends on the new lock. [ 37.678250] [ 37.678253] [ 37.678258] the existing dependency chain (in reverse order) is: [ 37.678260] [ 37.678262] -> #3 (report_lock){....}: [ 37.678276] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.678280] kasan_report+0x8e/0x110 [ 37.678284] __asan_report_load8_noabort+0x14/0x20 [ 37.678288] __schedule+0xf54/0x1df0 [ 37.678292] preempt_schedule_common+0x22/0x60 [ 37.678296] _cond_resched+0x1d/0x30 [ 37.678300] wait_for_completion+0xa5/0x8d0 [ 37.678304] __synchronize_srcu+0x189/0x240 [ 37.678308] synchronize_srcu+0x335/0x56f [ 37.678313] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.678316] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.678320] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.678324] kvm_put_kvm+0x73f/0x1060 [ 37.678328] kvm_vm_release+0x42/0x50 [ 37.678331] __fput+0x36e/0x8c0 [ 37.678335] ____fput+0x15/0x20 [ 37.678338] task_work_run+0x1e8/0x2a0 [ 37.678342] do_exit+0x1ae4/0x26e0 [ 37.678345] do_group_exit+0x177/0x440 [ 37.678349] __x64_sys_exit_group+0x3e/0x50 [ 37.678353] do_syscall_64+0x1b9/0x820 [ 37.678358] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.678360] [ 37.678362] -> #2 (&rq->lock){-.-.}: [ 37.678375] _raw_spin_lock+0x2a/0x40 [ 37.678379] task_fork_fair+0x93/0x680 [ 37.678383] sched_fork+0x44b/0xbd0 [ 37.678386] copy_process+0x235e/0x7ad0 [ 37.678390] _do_fork+0x1ca/0x1170 [ 37.678394] kernel_thread+0x34/0x40 [ 37.678397] rest_init+0x22/0xe4 [ 37.678401] start_kernel+0x913/0x94e [ 37.678405] x86_64_start_reservations+0x29/0x2b [ 37.678409] x86_64_start_kernel+0x76/0x79 [ 37.678413] secondary_startup_64+0xa4/0xb0 [ 37.678415] [ 37.678417] -> #1 (&p->pi_lock){-.-.}: [ 37.678431] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.678435] try_to_wake_up+0xd2/0x1250 [ 37.678438] wake_up_process+0x10/0x20 [ 37.678442] __up.isra.1+0x1c0/0x2a0 [ 37.678445] up+0x13c/0x1c0 [ 37.678449] __up_console_sem+0xbe/0x1b0 [ 37.678453] console_unlock+0x506/0x10d0 [ 37.678456] vprintk_emit+0x33a/0x910 [ 37.678460] vprintk_default+0x28/0x30 [ 37.678463] vprintk_func+0x7a/0x117 [ 37.678467] printk+0xa7/0xcf [ 37.678470] load_umh+0x51/0xbd [ 37.678474] do_one_initcall+0x127/0x838 [ 37.678484] kernel_init_freeable+0x4bb/0x5ae [ 37.678488] kernel_init+0x11/0x1b3 [ 37.678491] ret_from_fork+0x3a/0x50 [ 37.678494] [ 37.678496] -> #0 ((console_sem).lock){-...}: [ 37.678510] lock_acquire+0x1e4/0x4f0 [ 37.678514] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.678517] down_trylock+0x13/0x70 [ 37.678522] __down_trylock_console_sem+0xae/0x200 [ 37.678525] console_trylock+0x15/0xa0 [ 37.678529] vprintk_emit+0x31f/0x910 [ 37.678533] vprintk_default+0x28/0x30 [ 37.678536] vprintk_func+0x7a/0x117 [ 37.678539] printk+0xa7/0xcf [ 37.678543] kasan_report+0x9e/0x110 [ 37.678547] __asan_report_load8_noabort+0x14/0x20 [ 37.678551] __schedule+0xf54/0x1df0 [ 37.678555] preempt_schedule_common+0x22/0x60 [ 37.678559] _cond_resched+0x1d/0x30 [ 37.678563] wait_for_completion+0xa5/0x8d0 [ 37.678566] __synchronize_srcu+0x189/0x240 [ 37.678570] synchronize_srcu+0x335/0x56f [ 37.678575] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.678579] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.678583] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.678587] kvm_put_kvm+0x73f/0x1060 [ 37.678590] kvm_vm_release+0x42/0x50 [ 37.678594] __fput+0x36e/0x8c0 [ 37.678597] ____fput+0x15/0x20 [ 37.678601] task_work_run+0x1e8/0x2a0 [ 37.678605] do_exit+0x1ae4/0x26e0 [ 37.678608] do_group_exit+0x177/0x440 [ 37.678612] __x64_sys_exit_group+0x3e/0x50 [ 37.678616] do_syscall_64+0x1b9/0x820 [ 37.678620] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.678623] [ 37.678627] other info that might help us debug this: [ 37.678629] [ 37.678632] Chain exists of: [ 37.678634] (console_sem).lock --> &rq->lock --> report_lock [ 37.678652] [ 37.678655] Possible unsafe locking scenario: [ 37.678658] [ 37.678662] CPU0 CPU1 [ 37.678665] ---- ---- [ 37.678668] lock(report_lock); [ 37.678677] lock(&rq->lock); [ 37.678686] lock(report_lock); [ 37.678693] lock((console_sem).lock); [ 37.678701] [ 37.678704] *** DEADLOCK *** [ 37.678706] [ 37.678710] 2 locks held by syz-executor761/4461: [ 37.678712] #0: 000000008d40acf7 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 37.678728] #1: 00000000def8d2ef (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.678745] [ 37.678748] stack backtrace: [ 37.678753] CPU: 0 PID: 4461 Comm: syz-executor761 Not tainted 4.18.0+ #204 [ 37.678760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.678763] Call Trace: [ 37.678766] dump_stack+0x1c9/0x2b4 [ 37.678771] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.678774] ? vprintk_func+0x100/0x117 [ 37.678779] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 37.678782] ? save_trace+0xe0/0x290 [ 37.678786] __lock_acquire+0x3449/0x5020 [ 37.678790] ? mark_held_locks+0x160/0x160 [ 37.678794] ? mark_held_locks+0x160/0x160 [ 37.678798] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 37.678802] ? is_bpf_text_address+0xd7/0x170 [ 37.678806] ? kernel_text_address+0x79/0xf0 [ 37.678810] ? __kernel_text_address+0xd/0x40 [ 37.678814] ? __save_stack_trace+0x8d/0xf0 [ 37.678818] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 37.678822] ? save_trace+0x290/0x290 [ 37.678826] ? save_stack_trace+0x1a/0x20 [ 37.678829] ? save_trace+0xe0/0x290 [ 37.678833] ? graph_lock+0x170/0x170 [ 37.678837] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.678841] lock_acquire+0x1e4/0x4f0 [ 37.678845] ? down_trylock+0x13/0x70 [ 37.678848] ? lock_release+0x9f0/0x9f0 [ 37.678852] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.678856] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.678860] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.678864] ? log_store+0x34f/0x4c0 [ 37.678867] ? vprintk_emit+0x31f/0x910 [ 37.678871] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.678875] ? down_trylock+0x13/0x70 [ 37.678879] down_trylock+0x13/0x70 [ 37.678883] __down_trylock_console_sem+0xae/0x200 [ 37.678886] console_trylock+0x15/0xa0 [ 37.678890] vprintk_emit+0x31f/0x910 [ 37.678894] ? wake_up_klogd+0x110/0x110 [ 37.678898] ? run_rebalance_domains+0x4c0/0x4c0 [ 37.678902] ? kasan_check_read+0x11/0x20 [ 37.678905] ? rcu_is_watching+0x8c/0x150 [ 37.678909] ? rcu_pm_notify+0xc0/0xc0 [ 37.678913] ? lock_acquire+0x1e4/0x4f0 [ 37.678916] ? kasan_report+0x8e/0x110 [ 37.678920] ? __schedule+0xf54/0x1df0 [ 37.678924] vprintk_default+0x28/0x30 [ 37.678927] vprintk_func+0x7a/0x117 [ 37.678931] printk+0xa7/0xcf [ 37.678935] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.678939] ? kasan_check_write+0x14/0x20 [ 37.678942] ? do_raw_spin_lock+0xc1/0x200 [ 37.678946] ? do_raw_spin_lock+0xc1/0x200 [ 37.678950] kasan_report+0x9e/0x110 [ 37.678954] __asan_report_load8_noabort+0x14/0x20 [ 37.678958] __schedule+0xf54/0x1df0 [ 37.678962] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.678966] ? __sched_text_start+0x8/0x8 [ 37.678969] ? __call_srcu+0x7e7/0x1040 [ 37.678973] ? check_same_owner+0x340/0x340 [ 37.678977] ? mark_held_locks+0x160/0x160 [ 37.678982] ? find_held_lock+0x36/0x1c0 [ 37.678986] preempt_schedule_common+0x22/0x60 [ 37.678990] _cond_resched+0x1d/0x30 [ 37.678994] wait_for_completion+0xa5/0x8d0 [ 37.678998] ? wait_for_completion_interruptible+0x950/0x950 [ 37.679002] ? __lockdep_init_map+0x105/0x590 [ 37.679007] ? __init_waitqueue_head+0x9e/0x150 [ 37.679010] ? init_wait_entry+0x1c0/0x1c0 [ 37.679014] __synchronize_srcu+0x189/0x240 [ 37.679018] ? call_srcu+0x10/0x10 [ 37.679022] ? rcu_unexpedite_gp+0x20/0x20 [ 37.679026] synchronize_srcu+0x335/0x56f [ 37.679029] ? lock_downgrade+0x8f0/0x8f0 [ 37.679034] ? synchronize_srcu_expedited+0x20/0x20 [ 37.679038] ? kasan_check_read+0x11/0x20 [ 37.679042] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.679046] ? kasan_check_write+0x14/0x20 [ 37.679049] ? do_raw_spin_lock+0xc1/0x200 [ 37.679054] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.679059] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.679062] ? kvfree+0x61/0x70 [ 37.679066] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.679070] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.679074] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.679078] ? kvm_arch_sync_events+0x30/0x30 [ 37.679083] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.679087] ? mmu_notifier_unregister+0x474/0x600 [ 37.679091] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.679095] ? kfree+0x111/0x210 [ 37.679099] ? __mmu_notifier_register+0x30/0x30 [ 37.679103] ? __free_pages+0x10a/0x190 [ 37.679107] ? free_unref_page+0x930/0x930 [ 37.679110] kvm_put_kvm+0x73f/0x1060 [ 37.679115] ? kvm_write_guest_cached+0x40/0x40 [ 37.679119] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.679123] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.679127] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.679131] ? kasan_check_write+0x14/0x20 [ 37.679134] ? do_raw_spin_lock+0xc1/0x200 [ 37.679138] ? kvm_irqfd_release+0xdd/0x120 [ 37.679142] ? kvm_put_kvm+0x1060/0x1060 [ 37.679146] kvm_vm_release+0x42/0x50 [ 37.679149] __fput+0x36e/0x8c0 [ 37.679153] ? __alloc_file+0x400/0x400 [ 37.679156] ? check_same_owner+0x340/0x340 [ 37.679160] ? kasan_check_write+0x14/0x20 [ 37.679164] ? do_raw_spin_lock+0xc1/0x200 [ 37.679167] ____fput+0x15/0x20 [ 37.679171] task_work_run+0x1e8/0x2a0 [ 37.679175] ? task_work_cancel+0x240/0x240 [ 37.679180] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.679184] ? switch_task_namespaces+0xa2/0xd0 [ 37.679187] do_exit+0x1ae4/0x26e0 [ 37.679191] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.679195] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 37.679199] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.679203] ? kfree+0x1d7/0x210 [ 37.679206] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 37.679211] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.679222] ? is_bpf_text_address+0xd7/0x170 [ 37.679226] ? kernel_text_address+0x79/0xf0 [ 37.679229] ? __kern [ 37.679236] Lost 54 message(s)! [ 38.751045] Shutting down cpus with NMI [ 39.810445] Dumping ftrace buffer: [ 39.813993] (ftrace buffer empty) [ 39.817702] Kernel Offset: disabled [ 39.821329] Rebooting in 86400 seconds..