Warning: Permanently added '10.128.0.122' (ECDSA) to the list of known hosts. [ 39.906588] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 40.027528] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 40.054011] ================================================================== [ 40.064114] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 40.070348] Read of size 8 at addr ffff8801ba860058 by task syz-executor542/5370 [ 40.077866] [ 40.079491] CPU: 1 PID: 5370 Comm: syz-executor542 Not tainted 4.19.0-rc4+ #24 [ 40.086841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.096188] Call Trace: [ 40.098773] dump_stack+0x1c4/0x2b4 [ 40.102404] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.107596] ? printk+0xa7/0xcf [ 40.110879] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 40.115638] print_address_description.cold.8+0x9/0x1ff [ 40.120999] kasan_report.cold.9+0x242/0x309 [ 40.125409] ? __schedule+0xfc3/0x1ed0 [ 40.129298] __asan_report_load8_noabort+0x14/0x20 [ 40.134228] __schedule+0xfc3/0x1ed0 [ 40.137948] ? __sched_text_start+0x8/0x8 [ 40.142098] ? __lock_is_held+0xb5/0x140 [ 40.146168] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.151275] ? find_held_lock+0x36/0x1c0 [ 40.155338] ? __call_srcu+0x7f9/0x1070 [ 40.159314] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.164412] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.169516] ? lockdep_hardirqs_on+0x421/0x5c0 [ 40.174098] ? preempt_schedule+0x4d/0x60 [ 40.178256] preempt_schedule_common+0x1f/0xd0 [ 40.182838] preempt_schedule+0x4d/0x60 [ 40.186815] ___preempt_schedule+0x16/0x18 [ 40.191050] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 40.195978] __call_srcu+0x7f9/0x1070 [ 40.199780] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 40.204890] ? srcu_offline_cpu+0x120/0x120 [ 40.209214] ? debug_object_free+0x690/0x690 [ 40.213622] ? mark_held_locks+0x130/0x130 [ 40.217857] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 40.222440] ? lock_release+0x970/0x970 [ 40.226411] ? arch_local_save_flags+0x40/0x40 [ 40.230996] ? depot_save_stack+0x292/0x470 [ 40.235325] ? __lockdep_init_map+0x105/0x590 [ 40.239819] ? __init_waitqueue_head+0x9e/0x150 [ 40.244484] ? init_wait_entry+0x1c0/0x1c0 [ 40.248726] __synchronize_srcu+0x17b/0x230 [ 40.253047] ? call_srcu+0x10/0x10 [ 40.256584] ? rcu_unexpedite_gp+0x20/0x20 [ 40.260823] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 40.266354] ? check_preemption_disabled+0x48/0x200 [ 40.271375] synchronize_srcu+0x356/0x5ab [ 40.275525] ? lock_downgrade+0x900/0x900 [ 40.279681] ? synchronize_srcu_expedited+0x20/0x20 [ 40.284704] ? kasan_check_read+0x11/0x20 [ 40.288852] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.293437] ? kasan_check_write+0x14/0x20 [ 40.297670] ? do_raw_spin_lock+0xc1/0x200 [ 40.301914] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.307624] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 40.313077] ? kvfree+0x61/0x70 [ 40.316355] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.321374] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.325433] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.330310] ? kvm_arch_sync_events+0x30/0x30 [ 40.334805] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.340341] ? mmu_notifier_unregister+0x474/0x600 [ 40.345266] ? kfree+0x107/0x230 [ 40.348630] ? __mmu_notifier_register+0x30/0x30 [ 40.353384] ? __free_pages+0x10a/0x190 [ 40.357360] ? free_unref_page+0x960/0x960 [ 40.361604] kvm_put_kvm+0x6c8/0xff0 [ 40.365330] ? kvm_write_guest_cached+0x40/0x40 [ 40.369999] ? kvm_irqfd_release+0xd1/0x120 [ 40.374319] ? _raw_spin_unlock_irq+0x27/0x80 [ 40.378812] ? _raw_spin_unlock_irq+0x27/0x80 [ 40.383314] ? kasan_check_write+0x14/0x20 [ 40.387547] ? do_raw_spin_lock+0xc1/0x200 [ 40.391784] ? kvm_irqfd_release+0xdd/0x120 [ 40.396103] ? kvm_irqfd_release+0xdd/0x120 [ 40.400442] ? kvm_put_kvm+0xff0/0xff0 [ 40.404330] kvm_vm_release+0x42/0x50 [ 40.408137] __fput+0x385/0xa30 [ 40.411423] ? get_max_files+0x20/0x20 [ 40.415310] ? ___might_sleep+0x1ed/0x300 [ 40.419455] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 40.424908] ? arch_local_save_flags+0x40/0x40 [ 40.429489] ? kasan_check_write+0x14/0x20 [ 40.433722] ? do_raw_spin_lock+0xc1/0x200 [ 40.437954] ____fput+0x15/0x20 [ 40.441230] task_work_run+0x1e8/0x2a0 [ 40.445116] ? task_work_cancel+0x240/0x240 [ 40.449449] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.454987] ? switch_task_namespaces+0x9d/0xd0 [ 40.459658] do_exit+0x1ad7/0x2610 [ 40.463210] ? mm_update_next_owner+0x990/0x990 [ 40.467884] ? is_bpf_text_address+0xac/0x170 [ 40.472380] ? find_held_lock+0x36/0x1c0 [ 40.476443] ? depot_save_stack+0x292/0x470 [ 40.480767] ? lock_downgrade+0x900/0x900 [ 40.484921] ? trace_hardirqs_off+0xb8/0x310 [ 40.489329] ? kasan_check_read+0x11/0x20 [ 40.493478] ? do_raw_spin_unlock+0xa7/0x2f0 [ 40.497882] ? trace_hardirqs_on+0x310/0x310 [ 40.502289] ? kasan_check_write+0x14/0x20 [ 40.506525] ? do_raw_spin_lock+0xc1/0x200 [ 40.510762] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 40.515868] ? save_stack+0xa9/0xd0 [ 40.519491] ? save_stack+0x43/0xd0 [ 40.523113] ? __kasan_slab_free+0x102/0x150 [ 40.527524] ? kasan_slab_free+0xe/0x10 [ 40.531499] ? __x64_sys_add_key+0x2c1/0x4f0 [ 40.535906] ? do_syscall_64+0x1b9/0x820 [ 40.539965] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.545329] ? trace_hardirqs_off+0xb8/0x310 [ 40.549737] ? kasan_check_read+0x11/0x20 [ 40.553887] ? trace_hardirqs_on+0x310/0x310 [ 40.558295] ? kasan_check_write+0x14/0x20 [ 40.562528] ? trace_hardirqs_off+0xb8/0x310 [ 40.566937] ? kfree+0x107/0x230 [ 40.570303] ? kfree+0x107/0x230 [ 40.573666] ? lockdep_hardirqs_on+0x421/0x5c0 [ 40.578259] ? trace_hardirqs_on+0xbd/0x310 [ 40.582583] ? __x64_sys_add_key+0x2c1/0x4f0 [ 40.586988] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 40.592438] ? __kasan_slab_free+0x119/0x150 [ 40.596848] ? __x64_sys_add_key+0x2c1/0x4f0 [ 40.601259] do_group_exit+0x177/0x440 [ 40.605152] ? trace_hardirqs_on+0xbd/0x310 [ 40.609475] ? __ia32_sys_exit+0x50/0x50 [ 40.613538] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 40.619000] ? ksys_ioctl+0x81/0xd0 [ 40.622628] __x64_sys_exit_group+0x3e/0x50 [ 40.626949] do_syscall_64+0x1b9/0x820 [ 40.630834] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 40.636195] ? syscall_return_slowpath+0x5e0/0x5e0 [ 40.641121] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.645974] ? trace_hardirqs_on_caller+0x310/0x310 [ 40.650991] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 40.656006] ? prepare_exit_to_usermode+0x291/0x3b0 [ 40.661024] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.665869] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.671053] RIP: 0033:0x43f118 [ 40.674244] Code: Bad RIP value. [ 40.677605] RSP: 002b:00007ffdeba053f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 40.685328] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f118 [ 40.692596] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 40.699869] RBP: 00000000004c09c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 40.707145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 40.714425] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 40.721704] [ 40.723336] Allocated by task 5370: [ 40.726962] save_stack+0x43/0xd0 [ 40.730410] kasan_kmalloc+0xc7/0xe0 [ 40.734119] kasan_slab_alloc+0x12/0x20 [ 40.738101] kmem_cache_alloc+0x12e/0x730 [ 40.742256] vmx_create_vcpu+0xcf/0x25e0 [ 40.746316] kvm_arch_vcpu_create+0xe5/0x220 [ 40.750723] kvm_vm_ioctl+0x470/0x1d40 [ 40.754606] do_vfs_ioctl+0x1de/0x1720 [ 40.758494] ksys_ioctl+0xa9/0xd0 [ 40.761947] __x64_sys_ioctl+0x73/0xb0 [ 40.765832] do_syscall_64+0x1b9/0x820 [ 40.769723] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.774915] [ 40.776539] Freed by task 5370: [ 40.779815] save_stack+0x43/0xd0 [ 40.783264] __kasan_slab_free+0x102/0x150 [ 40.787492] kasan_slab_free+0xe/0x10 [ 40.791294] kmem_cache_free+0x83/0x290 [ 40.795268] vmx_free_vcpu+0x26b/0x300 [ 40.799162] kvm_arch_destroy_vm+0x365/0x7c0 [ 40.803573] kvm_put_kvm+0x6c8/0xff0 [ 40.807286] kvm_vm_release+0x42/0x50 [ 40.811090] __fput+0x385/0xa30 [ 40.814367] ____fput+0x15/0x20 [ 40.817648] task_work_run+0x1e8/0x2a0 [ 40.821538] do_exit+0x1ad7/0x2610 [ 40.825074] do_group_exit+0x177/0x440 [ 40.828959] __x64_sys_exit_group+0x3e/0x50 [ 40.833284] do_syscall_64+0x1b9/0x820 [ 40.837173] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.842352] [ 40.843978] The buggy address belongs to the object at ffff8801ba860040 [ 40.843978] which belongs to the cache kvm_vcpu of size 23872 [ 40.856573] The buggy address is located 24 bytes inside of [ 40.856573] 23872-byte region [ffff8801ba860040, ffff8801ba865d80) [ 40.868535] The buggy address belongs to the page: [ 40.873472] page:ffffea0006ea1800 count:1 mapcount:0 mapping:ffff8801d57550c0 index:0x0 compound_mapcount: 0 [ 40.883446] flags: 0x2fffc0000008100(slab|head) [ 40.888119] raw: 02fffc0000008100 ffff8801d4e79148 ffff8801d4e79148 ffff8801d57550c0 [ 40.896015] raw: 0000000000000000 ffff8801ba860040 0000000100000001 0000000000000000 [ 40.903892] page dumped because: kasan: bad access detected [ 40.909591] [ 40.911211] Memory state around the buggy address: [ 40.916146] ffff8801ba85ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.923507] ffff8801ba85ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.930871] >ffff8801ba860000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 40.938226] ^ [ 40.944456] ffff8801ba860080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.951811] ffff8801ba860100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.959173] ================================================================== [ 40.966530] Kernel panic - not syncing: panic_on_warn set ... [ 40.966530] [ 40.973913] CPU: 1 PID: 5370 Comm: syz-executor542 Tainted: G B 4.19.0-rc4+ #24 [ 40.982658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.992008] Call Trace: [ 40.994599] dump_stack+0x1c4/0x2b4 [ 40.998229] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.003428] ? lock_downgrade+0x900/0x900 [ 41.007581] panic+0x238/0x4e7 [ 41.010776] ? add_taint.cold.5+0x16/0x16 [ 41.014934] ? print_shadow_for_address+0xb6/0x116 [ 41.019867] ? trace_hardirqs_off+0xaf/0x310 [ 41.024280] kasan_end_report+0x47/0x4f [ 41.028260] kasan_report.cold.9+0x76/0x309 [ 41.032604] ? __schedule+0xfc3/0x1ed0 [ 41.036493] __asan_report_load8_noabort+0x14/0x20 [ 41.041422] __schedule+0xfc3/0x1ed0 [ 41.045147] ? __sched_text_start+0x8/0x8 [ 41.049332] ? __lock_is_held+0xb5/0x140 [ 41.053391] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.058501] ? find_held_lock+0x36/0x1c0 [ 41.062569] ? __call_srcu+0x7f9/0x1070 [ 41.066545] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.071647] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.076756] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.081343] ? preempt_schedule+0x4d/0x60 [ 41.085492] preempt_schedule_common+0x1f/0xd0 [ 41.090076] preempt_schedule+0x4d/0x60 [ 41.094054] ___preempt_schedule+0x16/0x18 [ 41.098297] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.103232] __call_srcu+0x7f9/0x1070 [ 41.107034] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.112150] ? srcu_offline_cpu+0x120/0x120 [ 41.116472] ? debug_object_free+0x690/0x690 [ 41.120880] ? mark_held_locks+0x130/0x130 [ 41.125137] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 41.129725] ? lock_release+0x970/0x970 [ 41.133707] ? arch_local_save_flags+0x40/0x40 [ 41.138299] ? depot_save_stack+0x292/0x470 [ 41.142630] ? __lockdep_init_map+0x105/0x590 [ 41.147139] ? __init_waitqueue_head+0x9e/0x150 [ 41.151807] ? init_wait_entry+0x1c0/0x1c0 [ 41.156046] __synchronize_srcu+0x17b/0x230 [ 41.160369] ? call_srcu+0x10/0x10 [ 41.163908] ? rcu_unexpedite_gp+0x20/0x20 [ 41.168159] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.173705] ? check_preemption_disabled+0x48/0x200 [ 41.178725] synchronize_srcu+0x356/0x5ab [ 41.182871] ? lock_downgrade+0x900/0x900 [ 41.187021] ? synchronize_srcu_expedited+0x20/0x20 [ 41.192044] ? kasan_check_read+0x11/0x20 [ 41.196199] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.201042] ? kasan_check_write+0x14/0x20 [ 41.205278] ? do_raw_spin_lock+0xc1/0x200 [ 41.209522] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.215236] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.220694] ? kvfree+0x61/0x70 [ 41.223972] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.228988] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.233046] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.237455] ? kvm_arch_sync_events+0x30/0x30 [ 41.241956] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.247491] ? mmu_notifier_unregister+0x474/0x600 [ 41.252417] ? kfree+0x107/0x230 [ 41.255783] ? __mmu_notifier_register+0x30/0x30 [ 41.260537] ? __free_pages+0x10a/0x190 [ 41.264507] ? free_unref_page+0x960/0x960 [ 41.268753] kvm_put_kvm+0x6c8/0xff0 [ 41.272476] ? kvm_write_guest_cached+0x40/0x40 [ 41.277158] ? kvm_irqfd_release+0xd1/0x120 [ 41.281482] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.285974] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.290477] ? kasan_check_write+0x14/0x20 [ 41.294712] ? do_raw_spin_lock+0xc1/0x200 [ 41.298952] ? kvm_irqfd_release+0xdd/0x120 [ 41.303273] ? kvm_irqfd_release+0xdd/0x120 [ 41.307596] ? kvm_put_kvm+0xff0/0xff0 [ 41.311481] kvm_vm_release+0x42/0x50 [ 41.315286] __fput+0x385/0xa30 [ 41.318564] ? get_max_files+0x20/0x20 [ 41.322452] ? ___might_sleep+0x1ed/0x300 [ 41.326598] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.332561] ? arch_local_save_flags+0x40/0x40 [ 41.337150] ? kasan_check_write+0x14/0x20 [ 41.341388] ? do_raw_spin_lock+0xc1/0x200 [ 41.345620] ____fput+0x15/0x20 [ 41.348897] task_work_run+0x1e8/0x2a0 [ 41.352786] ? task_work_cancel+0x240/0x240 [ 41.357110] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.362655] ? switch_task_namespaces+0x9d/0xd0 [ 41.367330] do_exit+0x1ad7/0x2610 [ 41.370875] ? mm_update_next_owner+0x990/0x990 [ 41.375550] ? is_bpf_text_address+0xac/0x170 [ 41.380047] ? find_held_lock+0x36/0x1c0 [ 41.384113] ? depot_save_stack+0x292/0x470 [ 41.388439] ? lock_downgrade+0x900/0x900 [ 41.392592] ? trace_hardirqs_off+0xb8/0x310 [ 41.396998] ? kasan_check_read+0x11/0x20 [ 41.401153] ? do_raw_spin_unlock+0xa7/0x2f0 [ 41.405564] ? trace_hardirqs_on+0x310/0x310 [ 41.409976] ? kasan_check_write+0x14/0x20 [ 41.414209] ? do_raw_spin_lock+0xc1/0x200 [ 41.418450] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.423551] ? save_stack+0xa9/0xd0 [ 41.427175] ? save_stack+0x43/0xd0 [ 41.430800] ? __kasan_slab_free+0x102/0x150 [ 41.435208] ? kasan_slab_free+0xe/0x10 [ 41.439183] ? __x64_sys_add_key+0x2c1/0x4f0 [ 41.443592] ? do_syscall_64+0x1b9/0x820 [ 41.447653] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.453025] ? trace_hardirqs_off+0xb8/0x310 [ 41.457431] ? kasan_check_read+0x11/0x20 [ 41.461579] ? trace_hardirqs_on+0x310/0x310 [ 41.465988] ? kasan_check_write+0x14/0x20 [ 41.470225] ? trace_hardirqs_off+0xb8/0x310 [ 41.474634] ? kfree+0x107/0x230 [ 41.478002] ? kfree+0x107/0x230 [ 41.481371] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.485956] ? trace_hardirqs_on+0xbd/0x310 [ 41.490279] ? __x64_sys_add_key+0x2c1/0x4f0 [ 41.494690] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.500146] ? __kasan_slab_free+0x119/0x150 [ 41.504558] ? __x64_sys_add_key+0x2c1/0x4f0 [ 41.508969] do_group_exit+0x177/0x440 [ 41.512860] ? trace_hardirqs_on+0xbd/0x310 [ 41.517183] ? __ia32_sys_exit+0x50/0x50 [ 41.521247] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.526698] ? ksys_ioctl+0x81/0xd0 [ 41.530328] __x64_sys_exit_group+0x3e/0x50 [ 41.534652] do_syscall_64+0x1b9/0x820 [ 41.538544] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.543909] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.548835] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.553680] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.558699] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.563719] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.568739] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.573585] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.578773] RIP: 0033:0x43f118 [ 41.581963] Code: Bad RIP value. [ 41.585319] RSP: 002b:00007ffdeba053f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 41.593022] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f118 [ 41.600283] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 41.607545] RBP: 00000000004c09c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 41.614808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 41.622071] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 41.629346] [ 41.629352] ====================================================== [ 41.629358] WARNING: possible circular locking dependency detected [ 41.629363] 4.19.0-rc4+ #24 Not tainted [ 41.629369] ------------------------------------------------------ [ 41.629374] syz-executor542/5370 is trying to acquire lock: [ 41.629378] 000000009e44314a ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 41.629395] [ 41.629400] but task is already holding lock: [ 41.629404] 000000008ef685b0 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 41.629420] [ 41.629425] which lock already depends on the new lock. [ 41.629428] [ 41.629431] [ 41.629436] the existing dependency chain (in reverse order) is: [ 41.629439] [ 41.629441] -> #3 (report_lock){....}: [ 41.629458] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.629463] kasan_report+0x8b/0x110 [ 41.629468] __asan_report_load8_noabort+0x14/0x20 [ 41.629472] __schedule+0xfc3/0x1ed0 [ 41.629477] preempt_schedule_common+0x1f/0xd0 [ 41.629481] preempt_schedule+0x4d/0x60 [ 41.629486] ___preempt_schedule+0x16/0x18 [ 41.629491] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.629495] __call_srcu+0x7f9/0x1070 [ 41.629500] __synchronize_srcu+0x17b/0x230 [ 41.629505] synchronize_srcu+0x356/0x5ab [ 41.629510] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.629515] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.629519] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.629524] kvm_put_kvm+0x6c8/0xff0 [ 41.629528] kvm_vm_release+0x42/0x50 [ 41.629532] __fput+0x385/0xa30 [ 41.629536] ____fput+0x15/0x20 [ 41.629541] task_work_run+0x1e8/0x2a0 [ 41.629545] do_exit+0x1ad7/0x2610 [ 41.629549] do_group_exit+0x177/0x440 [ 41.629554] __x64_sys_exit_group+0x3e/0x50 [ 41.629558] do_syscall_64+0x1b9/0x820 [ 41.629564] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.629566] [ 41.629569] -> #2 (&rq->lock){-.-.}: [ 41.629585] _raw_spin_lock+0x2d/0x40 [ 41.629589] task_fork_fair+0xb0/0x6d0 [ 41.629593] sched_fork+0x443/0xba0 [ 41.629598] copy_process+0x2586/0x8780 [ 41.629602] _do_fork+0x1cb/0x11d0 [ 41.629607] kernel_thread+0x34/0x40 [ 41.629611] rest_init+0x22/0xe5 [ 41.629615] start_kernel+0x8f4/0x92f [ 41.629620] x86_64_start_reservations+0x29/0x2b [ 41.629625] x86_64_start_kernel+0x76/0x79 [ 41.629629] secondary_startup_64+0xa4/0xb0 [ 41.629632] [ 41.629635] -> #1 (&p->pi_lock){-.-.}: [ 41.629651] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.629656] try_to_wake_up+0xd2/0x12f0 [ 41.629660] wake_up_process+0x10/0x20 [ 41.629665] __up.isra.1+0x1c0/0x2a0 [ 41.629668] up+0x13c/0x1c0 [ 41.629673] __up_console_sem+0xbe/0x1b0 [ 41.629682] console_unlock+0x814/0x1160 [ 41.629687] vprintk_emit+0x33d/0x930 [ 41.629691] vprintk_default+0x28/0x30 [ 41.629696] vprintk_func+0x7e/0x181 [ 41.629700] printk+0xa7/0xcf [ 41.629704] load_umh+0x51/0xbd [ 41.629708] do_one_initcall+0x145/0x957 [ 41.629713] kernel_init_freeable+0x4bb/0x5ae [ 41.629717] kernel_init+0x11/0x1b2 [ 41.629722] ret_from_fork+0x3a/0x50 [ 41.629724] [ 41.629727] -> #0 ((console_sem).lock){-...}: [ 41.629744] lock_acquire+0x1ed/0x520 [ 41.629749] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.629753] down_trylock+0x13/0x70 [ 41.629758] __down_trylock_console_sem+0xae/0x200 [ 41.629763] console_trylock+0x15/0xa0 [ 41.629767] vprintk_emit+0x322/0x930 [ 41.629771] vprintk_default+0x28/0x30 [ 41.629776] vprintk_func+0x7e/0x181 [ 41.629780] printk+0xa7/0xcf [ 41.629784] kasan_report+0x9b/0x110 [ 41.629789] __asan_report_load8_noabort+0x14/0x20 [ 41.629793] __schedule+0xfc3/0x1ed0 [ 41.629798] preempt_schedule_common+0x1f/0xd0 [ 41.629803] preempt_schedule+0x4d/0x60 [ 41.629807] ___preempt_schedule+0x16/0x18 [ 41.629812] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.629817] __call_srcu+0x7f9/0x1070 [ 41.629821] __synchronize_srcu+0x17b/0x230 [ 41.629826] synchronize_srcu+0x356/0x5ab [ 41.629832] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.629836] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.629841] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.629845] kvm_put_kvm+0x6c8/0xff0 [ 41.629849] kvm_vm_release+0x42/0x50 [ 41.629854] __fput+0x385/0xa30 [ 41.629858] ____fput+0x15/0x20 [ 41.629862] task_work_run+0x1e8/0x2a0 [ 41.629866] do_exit+0x1ad7/0x2610 [ 41.629871] do_group_exit+0x177/0x440 [ 41.629875] __x64_sys_exit_group+0x3e/0x50 [ 41.629880] do_syscall_64+0x1b9/0x820 [ 41.629885] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.629887] [ 41.629892] other info that might help us debug this: [ 41.629895] [ 41.629898] Chain exists of: [ 41.629901] (console_sem).lock --> &rq->lock --> report_lock [ 41.629922] [ 41.629926] Possible unsafe locking scenario: [ 41.629929] [ 41.629934] CPU0 CPU1 [ 41.629938] ---- ---- [ 41.629941] lock(report_lock); [ 41.629951] lock(&rq->lock); [ 41.629962] lock(report_lock); [ 41.629971] lock((console_sem).lock); [ 41.629980] [ 41.629984] *** DEADLOCK *** [ 41.629986] [ 41.629991] 2 locks held by syz-executor542/5370: [ 41.629994] #0: 0000000014cefb44 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 41.630013] #1: 000000008ef685b0 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 41.630032] [ 41.630036] stack backtrace: [ 41.630043] CPU: 1 PID: 5370 Comm: syz-executor542 Not tainted 4.19.0-rc4+ #24 [ 41.630051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.630054] Call Trace: [ 41.630058] dump_stack+0x1c4/0x2b4 [ 41.630064] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.630068] ? vprintk_func+0x85/0x181 [ 41.630074] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 41.630078] ? save_trace+0xe0/0x290 [ 41.630082] __lock_acquire+0x33e4/0x4ec0 [ 41.630087] ? mark_held_locks+0x130/0x130 [ 41.630092] ? mark_held_locks+0x130/0x130 [ 41.630096] ? rcu_bh_qs+0xc0/0xc0 [ 41.630100] ? unwind_dump+0x190/0x190 [ 41.630105] ? is_bpf_text_address+0xd3/0x170 [ 41.630110] ? kernel_text_address+0x79/0xf0 [ 41.630115] ? __kernel_text_address+0xd/0x40 [ 41.630119] ? __save_stack_trace+0x8d/0xf0 [ 41.630125] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 41.630136] ? save_trace+0x290/0x290 [ 41.630141] ? save_stack_trace+0x1a/0x20 [ 41.630145] ? save_trace+0xe0/0x290 [ 41.630149] ? kasan_check_read+0x11/0x20 [ 41.630154] ? graph_lock+0x170/0x170 [ 41.630159] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.630164] lock_acquire+0x1ed/0x520 [ 41.630168] ? down_trylock+0x13/0x70 [ 41.630173] ? find_held_lock+0x36/0x1c0 [ 41.630177] ? lock_release+0x970/0x970 [ 41.630182] ? trace_hardirqs_off+0xb8/0x310 [ 41.630187] ? vprintk_emit+0x1d3/0x930 [ 41.630191] ? trace_hardirqs_on+0x310/0x310 [ 41.630196] ? trace_hardirqs_off+0xb8/0x310 [ 41.630200] ? log_store+0x344/0x4c0 [ 41.630205] ? vprintk_emit+0x322/0x930 [ 41.630210] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.630214] ? down_trylock+0x13/0x70 [ 41.630218] down_trylock+0x13/0x70 [ 41.630223] __down_trylock_console_sem+0xae/0x200 [ 41.630228] console_trylock+0x15/0xa0 [ 41.630232] vprintk_emit+0x322/0x930 [ 41.630236] ? wake_up_klogd+0x180/0x180 [ 41.630241] ? run_rebalance_domains+0x500/0x500 [ 41.630246] ? wake_up_worker+0x117/0x190 [ 41.630250] ? find_held_lock+0x36/0x1c0 [ 41.630255] ? __queue_work+0x6be/0x1440 [ 41.630259] ? lock_acquire+0x1ed/0x520 [ 41.630264] vprintk_default+0x28/0x30 [ 41.630268] vprintk_func+0x7e/0x181 [ 41.630272] printk+0xa7/0xcf [ 41.630277] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 41.630281] ? kasan_check_write+0x14/0x20 [ 41.630286] ? do_raw_spin_lock+0xc1/0x200 [ 41.630291] ? do_raw_spin_lock+0xc1/0x200 [ 41.630295] kasan_report+0x9b/0x110 [ 41.630299] ? __schedule+0xfc3/0x1ed0 [ 41.630304] __asan_report_load8_noabort+0x14/0x20 [ 41.630309] __schedule+0xfc3/0x1ed0 [ 41.630313] ? __sched_text_start+0x8/0x8 [ 41.630318] ? __lock_is_held+0xb5/0x140 [ 41.630323] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.630327] ? find_held_lock+0x36/0x1c0 [ 41.630332] ? __call_srcu+0x7f9/0x1070 [ 41.630337] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.630342] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.630347] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.630352] ? preempt_schedule+0x4d/0x60 [ 41.630356] preempt_schedule_common+0x1f/0xd0 [ 41.630361] preempt_schedule+0x4d/0x60 [ 41.630365] ___preempt_schedule+0x16/0x18 [ 41.630371] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.630375] __call_srcu+0x7f9/0x1070 [ 41.630380] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.630385] ? srcu_offline_cpu+0x120/0x120 [ 41.630389] ? debug_object_free+0x690/0x690 [ 41.630394] ? mark_held_locks+0x130/0x130 [ 41.630399] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 41.630403] ? lock_release+0x970/0x970 [ 41.630408] ? arch_local_save_flags+0x40/0x40 [ 41.630413] ? depot_save_stack+0x292/0x470 [ 41.630417] ? __lockdep_init_map+0x105/0x590 [ 41.630422] ? __init_waitqueue_head+0x9e/0x150 [ 41.630427] ? init_wait_entry+0x1c0/0x1c0 [ 41.630432] __synchronize_srcu+0x17b/0x230 [ 41.630436] ? call_srcu+0x10/0x10 [ 41.630440] ? rcu_unexpedite_gp+0x20/0x20 [ 41.630446] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.630451] ? check_preemption_disabled+0x48/0x200 [ 41.630455] synchronize_srcu+0x356/0x5ab [ 41.630460] ? lock_downgrade+0x900/0x900 [ 41.630465] ? synchronize_srcu_expedited+0x20/0x20 [ 41.630470] ? kasan_check_read+0x11/0x20 [ 41.630474] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.630479] ? kasan_check_write+0x14/0x20 [ 41.630484] ? do_raw_spin_lock+0xc1/0x200 [ 41.630489] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.630495] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.630499] ? kvfree+0x61/0x70 [ 41.630504] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.630508] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.630513] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.630518] ? kvm_arch_sync_events+0x30/0x30 [ 41.630523] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.630528] ? mmu_notifier_unregister+0x474/0x600 [ 41.630532] ? kfree+0x107/0x230 [ 41.630537] ? __mmu_notifier_register+0x30/0x30 [ 41.630542] ? __free_pages+0x10a/0x190 [ 41.630546] ? free_unref_page+0x960/0x960 [ 41.630550] kvm_put_kvm+0x6c8/0xff0 [ 41.630555] ? kvm_write_guest_cached+0x40/0x40 [ 41.630560] ? kvm_irqfd_release+0xd1/0x120 [ 41.630565] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.630569] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.630574] ? kasan_check_write+0x14/0x20 [ 41.630579] ? do_raw_spin_lock+0xc1/0x200 [ 41.630583] ? kvm_irqfd_release+0xdd [ 41.630591] Lost 72 message(s)! [ 42.757621] Shutting down cpus with NMI [ 43.815971] Kernel Offset: disabled [ 43.819596] Rebooting in 86400 seconds..