[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.080441] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.969695] random: sshd: uninitialized urandom read (32 bytes read) [ 29.357461] random: sshd: uninitialized urandom read (32 bytes read) [ 29.931352] random: sshd: uninitialized urandom read (32 bytes read) [ 30.110433] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.24' (ECDSA) to the list of known hosts. [ 35.663681] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 35.758960] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 35.781810] ================================================================== [ 35.791036] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 35.797346] Read of size 8 at addr ffff8801d9990058 by task syz-executor264/4476 [ 35.804992] [ 35.806618] CPU: 1 PID: 4476 Comm: syz-executor264 Not tainted 4.18.0+ #209 [ 35.814030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.823476] Call Trace: [ 35.826066] dump_stack+0x1c9/0x2b4 [ 35.829694] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.834881] ? printk+0xa7/0xcf [ 35.838160] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.842910] ? __schedule+0xf54/0x1df0 [ 35.846794] print_address_description+0x6c/0x20b [ 35.851805] ? __schedule+0xf54/0x1df0 [ 35.855691] kasan_report.cold.7+0x242/0x30d [ 35.860099] __asan_report_load8_noabort+0x14/0x20 [ 35.865022] __schedule+0xf54/0x1df0 [ 35.868884] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.874159] ? __sched_text_start+0x8/0x8 [ 35.878303] ? __call_srcu+0x7e7/0x1040 [ 35.882278] ? check_same_owner+0x340/0x340 [ 35.886592] ? mark_held_locks+0x160/0x160 [ 35.890825] ? find_held_lock+0x36/0x1c0 [ 35.895022] preempt_schedule_common+0x22/0x60 [ 35.899711] _cond_resched+0x1d/0x30 [ 35.903426] wait_for_completion+0xa5/0x8d0 [ 35.907889] ? wait_for_completion_interruptible+0x950/0x950 [ 35.913701] ? __lockdep_init_map+0x105/0x590 [ 35.918212] ? __init_waitqueue_head+0x9e/0x150 [ 35.922875] ? init_wait_entry+0x1c0/0x1c0 [ 35.927110] __synchronize_srcu+0x189/0x240 [ 35.931426] ? call_srcu+0x10/0x10 [ 35.935121] ? rcu_unexpedite_gp+0x20/0x20 [ 35.939357] synchronize_srcu+0x335/0x56f [ 35.943499] ? lock_downgrade+0x8f0/0x8f0 [ 35.947805] ? synchronize_srcu_expedited+0x20/0x20 [ 35.952820] ? kasan_check_read+0x11/0x20 [ 35.957118] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.961698] ? kasan_check_write+0x14/0x20 [ 35.966091] ? do_raw_spin_lock+0xc1/0x200 [ 35.970329] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.976038] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.981492] ? kvfree+0x61/0x70 [ 35.984768] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.989781] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.993950] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.998489] ? kvm_arch_sync_events+0x30/0x30 [ 36.003078] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.008615] ? mmu_notifier_unregister+0x474/0x600 [ 36.013740] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.018149] ? kfree+0x111/0x210 [ 36.021511] ? __mmu_notifier_register+0x30/0x30 [ 36.026395] ? __free_pages+0x10a/0x190 [ 36.030369] ? free_unref_page+0x930/0x930 [ 36.034606] kvm_put_kvm+0x73f/0x1060 [ 36.038547] ? kvm_write_guest_cached+0x40/0x40 [ 36.043222] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.047919] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.052414] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.057090] ? kasan_check_write+0x14/0x20 [ 36.061333] ? do_raw_spin_lock+0xc1/0x200 [ 36.065565] ? kvm_irqfd_release+0xdd/0x120 [ 36.070000] ? kvm_irqfd_release+0xdd/0x120 [ 36.074325] ? kvm_put_kvm+0x1060/0x1060 [ 36.078384] kvm_vm_release+0x42/0x50 [ 36.082180] __fput+0x36e/0x8c0 [ 36.085457] ? __alloc_file+0x400/0x400 [ 36.089428] ? check_same_owner+0x340/0x340 [ 36.093744] ? kasan_check_write+0x14/0x20 [ 36.097972] ? do_raw_spin_lock+0xc1/0x200 [ 36.102204] ____fput+0x15/0x20 [ 36.105477] task_work_run+0x1e8/0x2a0 [ 36.109359] ? task_work_cancel+0x240/0x240 [ 36.113684] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.119219] ? switch_task_namespaces+0xa2/0xd0 [ 36.123885] do_exit+0x1ae4/0x26e0 [ 36.127423] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.132116] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.136349] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.141357] ? kfree+0x1d7/0x210 [ 36.144827] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.149188] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.155205] ? is_bpf_text_address+0xd7/0x170 [ 36.159865] ? kernel_text_address+0x79/0xf0 [ 36.164272] ? __kernel_text_address+0xd/0x40 [ 36.168765] ? unwind_get_return_address+0x61/0xa0 [ 36.173700] ? __save_stack_trace+0x8d/0xf0 [ 36.178021] ? save_stack+0xa9/0xd0 [ 36.181664] ? save_stack+0x43/0xd0 [ 36.185282] ? __kasan_slab_free+0x11a/0x170 [ 36.189690] ? kasan_slab_free+0xe/0x10 [ 36.193680] ? putname+0xf2/0x130 [ 36.197131] ? __x64_sys_openat+0x9d/0x100 [ 36.201373] ? do_syscall_64+0x1b9/0x820 [ 36.205432] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.210793] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.215317] ? kasan_check_read+0x11/0x20 [ 36.219470] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.223876] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.228284] ? initcall_blacklisted+0x9a/0x1e0 [ 36.233201] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.238316] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.244476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.250134] ? do_vfs_ioctl+0x201/0x1720 [ 36.254194] ? rcu_is_watching+0x8c/0x150 [ 36.258335] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.262680] ? ioctl_preallocate+0x300/0x300 [ 36.267088] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.272645] ? __fget_light+0x2f7/0x440 [ 36.276728] ? fget_raw+0x20/0x20 [ 36.280182] ? putname+0xf2/0x130 [ 36.283660] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.288762] ? kmem_cache_free+0x246/0x280 [ 36.293271] ? putname+0xf7/0x130 [ 36.296727] do_group_exit+0x177/0x440 [ 36.300616] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.304961] ? __ia32_sys_exit+0x50/0x50 [ 36.309020] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.314397] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.319933] ? ksys_ioctl+0x81/0xd0 [ 36.323564] __x64_sys_exit_group+0x3e/0x50 [ 36.327882] do_syscall_64+0x1b9/0x820 [ 36.331895] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.337477] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.342692] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.347667] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.352688] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.357703] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.363049] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.367909] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.373176] RIP: 0033:0x43f028 [ 36.376374] Code: Bad RIP value. [ 36.379732] RSP: 002b:00007ffce7298258 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.387433] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 36.394698] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.401961] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.409224] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.416487] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 36.423752] [ 36.425384] Allocated by task 4476: [ 36.429007] save_stack+0x43/0xd0 [ 36.432454] kasan_kmalloc+0xc4/0xe0 [ 36.436160] kasan_slab_alloc+0x12/0x20 [ 36.440128] kmem_cache_alloc+0x12e/0x710 [ 36.444273] vmx_create_vcpu+0xcf/0x2830 [ 36.448535] kvm_arch_vcpu_create+0xe5/0x220 [ 36.452959] kvm_vm_ioctl+0x488/0x1d80 [ 36.456857] do_vfs_ioctl+0x1de/0x1720 [ 36.460752] ksys_ioctl+0xa9/0xd0 [ 36.464214] __x64_sys_ioctl+0x73/0xb0 [ 36.468111] do_syscall_64+0x1b9/0x820 [ 36.472013] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.477212] [ 36.478847] Freed by task 4476: [ 36.482132] save_stack+0x43/0xd0 [ 36.485591] __kasan_slab_free+0x11a/0x170 [ 36.489833] kasan_slab_free+0xe/0x10 [ 36.493675] kmem_cache_free+0x86/0x280 [ 36.497684] vmx_free_vcpu+0x26b/0x300 [ 36.501581] kvm_arch_destroy_vm+0x365/0x7c0 [ 36.505999] kvm_put_kvm+0x73f/0x1060 [ 36.509807] kvm_vm_release+0x42/0x50 [ 36.513615] __fput+0x36e/0x8c0 [ 36.516930] ____fput+0x15/0x20 [ 36.520215] task_work_run+0x1e8/0x2a0 [ 36.524109] do_exit+0x1ae4/0x26e0 [ 36.527682] do_group_exit+0x177/0x440 [ 36.531577] __x64_sys_exit_group+0x3e/0x50 [ 36.535911] do_syscall_64+0x1b9/0x820 [ 36.539811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.545000] [ 36.546660] The buggy address belongs to the object at ffff8801d9990040 [ 36.546660] which belongs to the cache kvm_vcpu of size 23872 [ 36.559242] The buggy address is located 24 bytes inside of [ 36.559242] 23872-byte region [ffff8801d9990040, ffff8801d9995d80) [ 36.571208] The buggy address belongs to the page: [ 36.576145] page:ffffea0007666400 count:1 mapcount:0 mapping:ffff8801d53c5900 index:0x0 compound_mapcount: 0 [ 36.586126] flags: 0x2fffc0000008100(slab|head) [ 36.590808] raw: 02fffc0000008100 ffff8801d53c2348 ffff8801d53c2348 ffff8801d53c5900 [ 36.598888] raw: 0000000000000000 ffff8801d9990040 0000000100000001 0000000000000000 [ 36.606774] page dumped because: kasan: bad access detected [ 36.612481] [ 36.614111] Memory state around the buggy address: [ 36.619045] ffff8801d998ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.626409] ffff8801d998ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.633781] >ffff8801d9990000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 36.641142] ^ [ 36.647379] ffff8801d9990080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.654746] ffff8801d9990100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.662107] ================================================================== [ 36.669470] Kernel panic - not syncing: panic_on_warn set ... [ 36.669470] [ 36.676845] CPU: 1 PID: 4476 Comm: syz-executor264 Tainted: G B 4.18.0+ #209 [ 36.685342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.694698] Call Trace: [ 36.697300] dump_stack+0x1c9/0x2b4 [ 36.700945] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.706146] ? lock_downgrade+0x8f0/0x8f0 [ 36.710303] ? __schedule+0xf54/0x1df0 [ 36.714207] panic+0x238/0x4e7 [ 36.717407] ? add_taint.cold.5+0x16/0x16 [ 36.721570] ? print_shadow_for_address+0xba/0x116 [ 36.726506] ? trace_hardirqs_off+0xaf/0x2b0 [ 36.730925] ? trace_hardirqs_off+0x77/0x2b0 [ 36.735344] ? __schedule+0xf54/0x1df0 [ 36.739239] kasan_end_report+0x47/0x4f [ 36.743225] kasan_report.cold.7+0x76/0x30d [ 36.747558] __asan_report_load8_noabort+0x14/0x20 [ 36.752498] __schedule+0xf54/0x1df0 [ 36.756225] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.761338] ? __sched_text_start+0x8/0x8 [ 36.765497] ? __call_srcu+0x7e7/0x1040 [ 36.769488] ? check_same_owner+0x340/0x340 [ 36.773855] ? mark_held_locks+0x160/0x160 [ 36.778098] ? find_held_lock+0x36/0x1c0 [ 36.782173] preempt_schedule_common+0x22/0x60 [ 36.786767] _cond_resched+0x1d/0x30 [ 36.790494] wait_for_completion+0xa5/0x8d0 [ 36.794860] ? wait_for_completion_interruptible+0x950/0x950 [ 36.800683] ? __lockdep_init_map+0x105/0x590 [ 36.805188] ? __init_waitqueue_head+0x9e/0x150 [ 36.809940] ? init_wait_entry+0x1c0/0x1c0 [ 36.814192] __synchronize_srcu+0x189/0x240 [ 36.818524] ? call_srcu+0x10/0x10 [ 36.822157] ? rcu_unexpedite_gp+0x20/0x20 [ 36.826585] synchronize_srcu+0x335/0x56f [ 36.830760] ? lock_downgrade+0x8f0/0x8f0 [ 36.834923] ? synchronize_srcu_expedited+0x20/0x20 [ 36.839955] ? kasan_check_read+0x11/0x20 [ 36.844116] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.848711] ? kasan_check_write+0x14/0x20 [ 36.852954] ? do_raw_spin_lock+0xc1/0x200 [ 36.857220] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.862945] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.868407] ? kvfree+0x61/0x70 [ 36.871702] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.876731] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.880813] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.885239] ? kvm_arch_sync_events+0x30/0x30 [ 36.889750] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.895302] ? mmu_notifier_unregister+0x474/0x600 [ 36.900306] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.904810] ? kfree+0x111/0x210 [ 36.908191] ? __mmu_notifier_register+0x30/0x30 [ 36.912964] ? __free_pages+0x10a/0x190 [ 36.916949] ? free_unref_page+0x930/0x930 [ 36.921202] kvm_put_kvm+0x73f/0x1060 [ 36.925018] ? kvm_write_guest_cached+0x40/0x40 [ 36.929710] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.934227] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.938801] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.943399] ? kasan_check_write+0x14/0x20 [ 36.947678] ? do_raw_spin_lock+0xc1/0x200 [ 36.951931] ? kvm_irqfd_release+0xdd/0x120 [ 36.956258] ? kvm_irqfd_release+0xdd/0x120 [ 36.960595] ? kvm_put_kvm+0x1060/0x1060 [ 36.964704] kvm_vm_release+0x42/0x50 [ 36.968517] __fput+0x36e/0x8c0 [ 36.971813] ? __alloc_file+0x400/0x400 [ 36.975802] ? check_same_owner+0x340/0x340 [ 36.980204] ? kasan_check_write+0x14/0x20 [ 36.984452] ? do_raw_spin_lock+0xc1/0x200 [ 36.988700] ____fput+0x15/0x20 [ 36.991992] task_work_run+0x1e8/0x2a0 [ 36.995892] ? task_work_cancel+0x240/0x240 [ 37.000235] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.005869] ? switch_task_namespaces+0xa2/0xd0 [ 37.010556] do_exit+0x1ae4/0x26e0 [ 37.014111] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.018796] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 37.023044] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.028074] ? kfree+0x1d7/0x210 [ 37.031453] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 37.035703] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.041431] ? is_bpf_text_address+0xd7/0x170 [ 37.045938] ? kernel_text_address+0x79/0xf0 [ 37.050356] ? __kernel_text_address+0xd/0x40 [ 37.054864] ? unwind_get_return_address+0x61/0xa0 [ 37.059808] ? __save_stack_trace+0x8d/0xf0 [ 37.064145] ? save_stack+0xa9/0xd0 [ 37.067789] ? save_stack+0x43/0xd0 [ 37.071426] ? __kasan_slab_free+0x11a/0x170 [ 37.075845] ? kasan_slab_free+0xe/0x10 [ 37.079835] ? putname+0xf2/0x130 [ 37.083306] ? __x64_sys_openat+0x9d/0x100 [ 37.087550] ? do_syscall_64+0x1b9/0x820 [ 37.091654] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.097033] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.101451] ? kasan_check_read+0x11/0x20 [ 37.105609] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.110055] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.114479] ? initcall_blacklisted+0x9a/0x1e0 [ 37.119086] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 37.124205] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.129937] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.135483] ? do_vfs_ioctl+0x201/0x1720 [ 37.139555] ? rcu_is_watching+0x8c/0x150 [ 37.143712] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.148046] ? ioctl_preallocate+0x300/0x300 [ 37.152467] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.158162] ? __fget_light+0x2f7/0x440 [ 37.162150] ? fget_raw+0x20/0x20 [ 37.165608] ? putname+0xf2/0x130 [ 37.169101] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.174226] ? kmem_cache_free+0x246/0x280 [ 37.178485] ? putname+0xf7/0x130 [ 37.181952] do_group_exit+0x177/0x440 [ 37.185849] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.190179] ? __ia32_sys_exit+0x50/0x50 [ 37.194255] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.199370] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.204927] ? ksys_ioctl+0x81/0xd0 [ 37.208570] __x64_sys_exit_group+0x3e/0x50 [ 37.212907] do_syscall_64+0x1b9/0x820 [ 37.216807] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.222181] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.227120] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.232045] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 37.237246] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.242274] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.247305] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.252158] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.257551] RIP: 0033:0x43f028 [ 37.260749] Code: Bad RIP value. [ 37.264118] RSP: 002b:00007ffce7298258 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.271839] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 37.279118] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.286398] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.293699] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.300976] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 37.308260] [ 37.308265] ====================================================== [ 37.308274] WARNING: possible circular locking dependency detected [ 37.308277] 4.18.0+ #209 Not tainted [ 37.308282] ------------------------------------------------------ [ 37.308287] syz-executor264/4476 is trying to acquire lock: [ 37.308290] 00000000e055feee ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 37.308304] [ 37.308308] but task is already holding lock: [ 37.308311] 000000005f046f6c (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.308325] [ 37.308330] which lock already depends on the new lock. [ 37.308332] [ 37.308334] [ 37.308339] the existing dependency chain (in reverse order) is: [ 37.308341] [ 37.308343] -> #3 (report_lock){....}: [ 37.308358] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.308361] kasan_report+0x8e/0x110 [ 37.308366] __asan_report_load8_noabort+0x14/0x20 [ 37.308369] __schedule+0xf54/0x1df0 [ 37.308379] preempt_schedule_common+0x22/0x60 [ 37.308382] _cond_resched+0x1d/0x30 [ 37.308387] wait_for_completion+0xa5/0x8d0 [ 37.308391] __synchronize_srcu+0x189/0x240 [ 37.308394] synchronize_srcu+0x335/0x56f [ 37.308399] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.308403] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.308407] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.308411] kvm_put_kvm+0x73f/0x1060 [ 37.308415] kvm_vm_release+0x42/0x50 [ 37.308418] __fput+0x36e/0x8c0 [ 37.308421] ____fput+0x15/0x20 [ 37.308425] task_work_run+0x1e8/0x2a0 [ 37.308429] do_exit+0x1ae4/0x26e0 [ 37.308432] do_group_exit+0x177/0x440 [ 37.308436] __x64_sys_exit_group+0x3e/0x50 [ 37.308440] do_syscall_64+0x1b9/0x820 [ 37.308445] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.308447] [ 37.308449] -> #2 (&rq->lock){-.-.}: [ 37.308462] _raw_spin_lock+0x2a/0x40 [ 37.308466] task_fork_fair+0x93/0x680 [ 37.308470] sched_fork+0x44b/0xbd0 [ 37.308473] copy_process+0x235e/0x7ad0 [ 37.308477] _do_fork+0x1ca/0x1170 [ 37.308481] kernel_thread+0x34/0x40 [ 37.308484] rest_init+0x22/0xe4 [ 37.308488] start_kernel+0x913/0x94e [ 37.308492] x86_64_start_reservations+0x29/0x2b [ 37.308496] x86_64_start_kernel+0x76/0x79 [ 37.308500] secondary_startup_64+0xa4/0xb0 [ 37.308502] [ 37.308504] -> #1 (&p->pi_lock){-.-.}: [ 37.308518] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.308522] try_to_wake_up+0xd2/0x1250 [ 37.308525] wake_up_process+0x10/0x20 [ 37.308529] __up.isra.1+0x1c0/0x2a0 [ 37.308532] up+0x13c/0x1c0 [ 37.308536] __up_console_sem+0xbe/0x1b0 [ 37.308540] console_unlock+0x506/0x10d0 [ 37.308544] vprintk_emit+0x33a/0x910 [ 37.308547] vprintk_default+0x28/0x30 [ 37.308551] vprintk_func+0x7a/0x117 [ 37.308554] printk+0xa7/0xcf [ 37.308558] load_umh+0x51/0xbd [ 37.308561] do_one_initcall+0x127/0x838 [ 37.308565] kernel_init_freeable+0x4bb/0x5ae [ 37.308569] kernel_init+0x11/0x1b3 [ 37.308573] ret_from_fork+0x3a/0x50 [ 37.308575] [ 37.308577] -> #0 ((console_sem).lock){-...}: [ 37.308591] lock_acquire+0x1e4/0x4f0 [ 37.308595] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.308598] down_trylock+0x13/0x70 [ 37.308603] __down_trylock_console_sem+0xae/0x200 [ 37.308607] console_trylock+0x15/0xa0 [ 37.308610] vprintk_emit+0x31f/0x910 [ 37.308614] vprintk_default+0x28/0x30 [ 37.308617] vprintk_func+0x7a/0x117 [ 37.308649] printk+0xa7/0xcf [ 37.308654] kasan_report+0x9e/0x110 [ 37.308658] __asan_report_load8_noabort+0x14/0x20 [ 37.308662] __schedule+0xf54/0x1df0 [ 37.308666] preempt_schedule_common+0x22/0x60 [ 37.308669] _cond_resched+0x1d/0x30 [ 37.308673] wait_for_completion+0xa5/0x8d0 [ 37.308677] __synchronize_srcu+0x189/0x240 [ 37.308681] synchronize_srcu+0x335/0x56f [ 37.308686] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.308690] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.308694] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.308698] kvm_put_kvm+0x73f/0x1060 [ 37.308701] kvm_vm_release+0x42/0x50 [ 37.308705] __fput+0x36e/0x8c0 [ 37.308708] ____fput+0x15/0x20 [ 37.308712] task_work_run+0x1e8/0x2a0 [ 37.308715] do_exit+0x1ae4/0x26e0 [ 37.308719] do_group_exit+0x177/0x440 [ 37.308723] __x64_sys_exit_group+0x3e/0x50 [ 37.308727] do_syscall_64+0x1b9/0x820 [ 37.308732] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.308734] [ 37.308738] other info that might help us debug this: [ 37.308740] [ 37.308743] Chain exists of: [ 37.308745] (console_sem).lock --> &rq->lock --> report_lock [ 37.308763] [ 37.308767] Possible unsafe locking scenario: [ 37.308769] [ 37.308773] CPU0 CPU1 [ 37.308777] ---- ---- [ 37.308779] lock(report_lock); [ 37.308788] lock(&rq->lock); [ 37.308797] lock(report_lock); [ 37.308804] lock((console_sem).lock); [ 37.308812] [ 37.308815] *** DEADLOCK *** [ 37.308817] [ 37.308821] 2 locks held by syz-executor264/4476: [ 37.308823] #0: 000000006a51746f (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 37.308840] #1: 000000005f046f6c (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.308856] [ 37.308859] stack backtrace: [ 37.308864] CPU: 1 PID: 4476 Comm: syz-executor264 Not tainted 4.18.0+ #209 [ 37.308871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.308873] Call Trace: [ 37.308878] dump_stack+0x1c9/0x2b4 [ 37.308882] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.308886] ? vprintk_func+0x100/0x117 [ 37.308891] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 37.308894] ? save_trace+0xe0/0x290 [ 37.308898] __lock_acquire+0x3449/0x5020 [ 37.308902] ? mark_held_locks+0x160/0x160 [ 37.308906] ? mark_held_locks+0x160/0x160 [ 37.308910] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 37.308914] ? is_bpf_text_address+0xd7/0x170 [ 37.308918] ? kernel_text_address+0x79/0xf0 [ 37.308922] ? __kernel_text_address+0xd/0x40 [ 37.308926] ? __save_stack_trace+0x8d/0xf0 [ 37.308930] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 37.308934] ? save_trace+0x290/0x290 [ 37.308938] ? save_stack_trace+0x1a/0x20 [ 37.308941] ? save_trace+0xe0/0x290 [ 37.308945] ? graph_lock+0x170/0x170 [ 37.308950] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.308953] lock_acquire+0x1e4/0x4f0 [ 37.308957] ? down_trylock+0x13/0x70 [ 37.308961] ? lock_release+0x9f0/0x9f0 [ 37.308965] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.308969] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.308973] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.308976] ? log_store+0x34f/0x4c0 [ 37.308980] ? vprintk_emit+0x31f/0x910 [ 37.308984] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.308988] ? down_trylock+0x13/0x70 [ 37.308991] down_trylock+0x13/0x70 [ 37.308996] __down_trylock_console_sem+0xae/0x200 [ 37.308999] console_trylock+0x15/0xa0 [ 37.309003] vprintk_emit+0x31f/0x910 [ 37.309007] ? wake_up_klogd+0x110/0x110 [ 37.309011] ? run_rebalance_domains+0x4c0/0x4c0 [ 37.309015] ? kasan_check_read+0x11/0x20 [ 37.309018] ? rcu_is_watching+0x8c/0x150 [ 37.309022] ? rcu_pm_notify+0xc0/0xc0 [ 37.309026] ? lock_acquire+0x1e4/0x4f0 [ 37.309029] ? kasan_report+0x8e/0x110 [ 37.309033] ? __schedule+0xf54/0x1df0 [ 37.309037] vprintk_default+0x28/0x30 [ 37.309040] vprintk_func+0x7a/0x117 [ 37.309044] printk+0xa7/0xcf [ 37.309048] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.309052] ? kasan_check_write+0x14/0x20 [ 37.309055] ? do_raw_spin_lock+0xc1/0x200 [ 37.309059] ? do_raw_spin_lock+0xc1/0x200 [ 37.309063] kasan_report+0x9e/0x110 [ 37.309067] __asan_report_load8_noabort+0x14/0x20 [ 37.309071] __schedule+0xf54/0x1df0 [ 37.309075] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.309079] ? __sched_text_start+0x8/0x8 [ 37.309082] ? __call_srcu+0x7e7/0x1040 [ 37.309086] ? check_same_owner+0x340/0x340 [ 37.309090] ? mark_held_locks+0x160/0x160 [ 37.309094] ? find_held_lock+0x36/0x1c0 [ 37.309098] preempt_schedule_common+0x22/0x60 [ 37.309102] _cond_resched+0x1d/0x30 [ 37.309106] wait_for_completion+0xa5/0x8d0 [ 37.309111] ? wait_for_completion_interruptible+0x950/0x950 [ 37.309115] ? __lockdep_init_map+0x105/0x590 [ 37.309119] ? __init_waitqueue_head+0x9e/0x150 [ 37.309123] ? init_wait_entry+0x1c0/0x1c0 [ 37.309127] __synchronize_srcu+0x189/0x240 [ 37.309130] ? call_srcu+0x10/0x10 [ 37.309134] ? rcu_unexpedite_gp+0x20/0x20 [ 37.309138] synchronize_srcu+0x335/0x56f [ 37.309142] ? lock_downgrade+0x8f0/0x8f0 [ 37.309146] ? synchronize_srcu_expedited+0x20/0x20 [ 37.309150] ? kasan_check_read+0x11/0x20 [ 37.309154] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.309158] ? kasan_check_write+0x14/0x20 [ 37.309162] ? do_raw_spin_lock+0xc1/0x200 [ 37.309167] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.309171] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.309175] ? kvfree+0x61/0x70 [ 37.309179] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.309183] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.309187] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.309191] ? kvm_arch_sync_events+0x30/0x30 [ 37.309195] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.309200] ? mmu_notifier_unregister+0x474/0x600 [ 37.309204] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.309207] ? kfree+0x111/0x210 [ 37.309211] ? __mmu_notifier_register+0x30/0x30 [ 37.309215] ? __free_pages+0x10a/0x190 [ 37.309219] ? free_unref_page+0x930/0x930 [ 37.309222] kvm_put_kvm+0x73f/0x1060 [ 37.309226] ? kvm_write_guest_cached+0x40/0x40 [ 37.309230] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.309234] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.309238] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.309242] ? kasan_check_write+0x14/0x20 [ 37.309246] ? do_raw_spin_lock+0xc1/0x200 [ 37.309250] ? kvm_irqfd_release+0xdd/0x120 [ 37.309254] ? kvm_irqfd_release+0xdd/0x120 [ 37.309258] ? kvm_put_kvm+0x1060/0x1060 [ 37.309261] kvm_vm_release+0x42/0x50 [ 37.309265] __fput+0x36e/0x8c0 [ 37.309268] ? __alloc_file+0x400/0x400 [ 37.309272] ? check_same_owner+0x340/0x340 [ 37.309276] ? kasan_check_write+0x14/0x20 [ 37.309280] ? do_raw_spin_lock+0xc1/0x200 [ 37.309283] ____fput+0x15/0x20 [ 37.309287] task_work_run+0x1e8/0x2a0 [ 37.309291] ? task_work_cancel+0x240/0x240 [ 37.309295] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.309300] ? switch_task_namespaces+0xa2/0xd0 [ 37.309303] do_exit+0x1ae4/0x26e0 [ 37.309307] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.309311] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 37.309315] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.309319] ? kfree+0x1d7/0x210 [ 37.309323] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 37.309327] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.309331] ? is_bpf_text_address+0xd7/0x170 [ 37.309334] ? kernel_ [ 37.309341] Lost 55 message(s)! [ 38.400527] Shutting down cpus with NMI [ 39.466331] Dumping ftrace buffer: [ 39.470013] (ftrace buffer empty) [ 39.473785] Kernel Offset: disabled [ 39.477413] Rebooting in 86400 seconds..