[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.247285] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.286742] random: sshd: uninitialized urandom read (32 bytes read) [ 28.684148] random: sshd: uninitialized urandom read (32 bytes read) [ 29.223846] random: sshd: uninitialized urandom read (32 bytes read) [ 29.408055] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts. [ 35.013762] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 35.112403] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 35.138006] ================================================================== [ 35.147939] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 35.154165] Read of size 8 at addr ffff8801d9510058 by task syz-executor867/4697 [ 35.161685] [ 35.163315] CPU: 1 PID: 4697 Comm: syz-executor867 Not tainted 4.19.0-rc1+ #217 [ 35.170755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.180100] Call Trace: [ 35.182695] dump_stack+0x1c9/0x2b4 [ 35.186323] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.191524] ? printk+0xa7/0xcf [ 35.194807] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.199566] ? __schedule+0xf54/0x1df0 [ 35.203455] print_address_description+0x6c/0x20b [ 35.208298] ? __schedule+0xf54/0x1df0 [ 35.212183] kasan_report.cold.7+0x242/0x30d [ 35.216594] __asan_report_load8_noabort+0x14/0x20 [ 35.221521] __schedule+0xf54/0x1df0 [ 35.225241] ? __sched_text_start+0x8/0x8 [ 35.229388] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 35.234492] ? __call_srcu+0x7e7/0x1040 [ 35.238471] ? check_same_owner+0x340/0x340 [ 35.242788] ? mark_held_locks+0x160/0x160 [ 35.247022] ? find_held_lock+0x36/0x1c0 [ 35.251084] preempt_schedule_common+0x22/0x60 [ 35.255669] _cond_resched+0x1d/0x30 [ 35.259383] wait_for_completion+0xa5/0x8d0 [ 35.263705] ? wait_for_completion_interruptible+0x950/0x950 [ 35.269503] ? __lockdep_init_map+0x105/0x590 [ 35.274000] ? __init_waitqueue_head+0x9e/0x150 [ 35.278665] ? init_wait_entry+0x1c0/0x1c0 [ 35.282902] __synchronize_srcu+0x189/0x240 [ 35.287221] ? call_srcu+0x10/0x10 [ 35.290784] ? rcu_unexpedite_gp+0x20/0x20 [ 35.295026] synchronize_srcu+0x335/0x56f [ 35.299172] ? lock_downgrade+0x8f0/0x8f0 [ 35.303320] ? synchronize_srcu_expedited+0x20/0x20 [ 35.308359] ? kasan_check_read+0x11/0x20 [ 35.312527] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.317109] ? kasan_check_write+0x14/0x20 [ 35.321347] ? do_raw_spin_lock+0xc1/0x200 [ 35.325600] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.331313] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.336765] ? kvfree+0x61/0x70 [ 35.340047] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.345066] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.349134] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.353550] ? kvm_arch_sync_events+0x30/0x30 [ 35.358048] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.363587] ? mmu_notifier_unregister+0x474/0x600 [ 35.368516] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.372923] ? kfree+0x111/0x210 [ 35.376288] ? __mmu_notifier_register+0x30/0x30 [ 35.381044] ? __free_pages+0x10a/0x190 [ 35.385017] ? free_unref_page+0x930/0x930 [ 35.389258] kvm_put_kvm+0x73f/0x1060 [ 35.393063] ? kvm_write_guest_cached+0x40/0x40 [ 35.397737] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.402231] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.406727] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.411316] ? kasan_check_write+0x14/0x20 [ 35.415553] ? do_raw_spin_lock+0xc1/0x200 [ 35.419791] ? kvm_irqfd_release+0xdd/0x120 [ 35.424112] ? kvm_irqfd_release+0xdd/0x120 [ 35.428440] ? kvm_put_kvm+0x1060/0x1060 [ 35.432509] kvm_vm_release+0x42/0x50 [ 35.436311] __fput+0x38a/0xa40 [ 35.439595] ? __alloc_file+0x400/0x400 [ 35.443573] ? check_same_owner+0x340/0x340 [ 35.447893] ? kasan_check_write+0x14/0x20 [ 35.452130] ? do_raw_spin_lock+0xc1/0x200 [ 35.456375] ____fput+0x15/0x20 [ 35.459656] task_work_run+0x1e8/0x2a0 [ 35.463547] ? task_work_cancel+0x240/0x240 [ 35.467872] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.473408] ? switch_task_namespaces+0xa2/0xd0 [ 35.478080] do_exit+0x1ae4/0x26e0 [ 35.481622] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.486295] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.490549] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.495580] ? kfree+0x1d7/0x210 [ 35.498947] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.503198] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.508911] ? is_bpf_text_address+0xd7/0x170 [ 35.513406] ? kernel_text_address+0x79/0xf0 [ 35.517811] ? __kernel_text_address+0xd/0x40 [ 35.522308] ? unwind_get_return_address+0x61/0xa0 [ 35.527244] ? __save_stack_trace+0x8d/0xf0 [ 35.531570] ? save_stack+0xa9/0xd0 [ 35.535196] ? save_stack+0x43/0xd0 [ 35.538823] ? __kasan_slab_free+0x11a/0x170 [ 35.543232] ? kasan_slab_free+0xe/0x10 [ 35.547202] ? putname+0xf2/0x130 [ 35.550664] ? __x64_sys_openat+0x9d/0x100 [ 35.554897] ? do_syscall_64+0x1b9/0x820 [ 35.558958] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.564323] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.568756] ? kasan_check_read+0x11/0x20 [ 35.572905] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.577315] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.581725] ? initcall_blacklisted+0x9a/0x1e0 [ 35.586310] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.591417] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.597137] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.602677] ? do_vfs_ioctl+0x201/0x1720 [ 35.606737] ? rcu_is_watching+0x8c/0x150 [ 35.610884] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.615214] ? ioctl_preallocate+0x300/0x300 [ 35.619627] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.625165] ? __fget_light+0x2f7/0x440 [ 35.629145] ? fget_raw+0x20/0x20 [ 35.632597] ? putname+0xf2/0x130 [ 35.636051] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.641067] ? kmem_cache_free+0x246/0x280 [ 35.645300] ? putname+0xf7/0x130 [ 35.648755] do_group_exit+0x177/0x440 [ 35.652649] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.656969] ? __ia32_sys_exit+0x50/0x50 [ 35.661029] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.666147] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.671680] ? ksys_ioctl+0x81/0xd0 [ 35.675307] __x64_sys_exit_group+0x3e/0x50 [ 35.679631] do_syscall_64+0x1b9/0x820 [ 35.683518] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.688880] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.693807] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.698646] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.703661] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.708675] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.713695] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.718540] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.723726] RIP: 0033:0x43ef08 [ 35.726922] Code: Bad RIP value. [ 35.730278] RSP: 002b:00007fff28ff6b98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.737982] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 35.745248] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.752513] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.759780] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.767047] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.774317] [ 35.775945] Allocated by task 4697: [ 35.779577] save_stack+0x43/0xd0 [ 35.783028] kasan_kmalloc+0xc4/0xe0 [ 35.786736] kasan_slab_alloc+0x12/0x20 [ 35.790709] kmem_cache_alloc+0x12e/0x710 [ 35.794855] vmx_create_vcpu+0xcf/0x2830 [ 35.798909] kvm_arch_vcpu_create+0xe5/0x220 [ 35.803316] kvm_vm_ioctl+0x488/0x1d80 [ 35.807202] do_vfs_ioctl+0x1de/0x1720 [ 35.811084] ksys_ioctl+0xa9/0xd0 [ 35.814540] __x64_sys_ioctl+0x73/0xb0 [ 35.818426] do_syscall_64+0x1b9/0x820 [ 35.822330] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.827514] [ 35.829137] Freed by task 4697: [ 35.832411] save_stack+0x43/0xd0 [ 35.835864] __kasan_slab_free+0x11a/0x170 [ 35.840097] kasan_slab_free+0xe/0x10 [ 35.843896] kmem_cache_free+0x86/0x280 [ 35.847865] vmx_free_vcpu+0x26b/0x300 [ 35.851746] kvm_arch_destroy_vm+0x365/0x7c0 [ 35.856150] kvm_put_kvm+0x73f/0x1060 [ 35.859948] kvm_vm_release+0x42/0x50 [ 35.863743] __fput+0x38a/0xa40 [ 35.867019] ____fput+0x15/0x20 [ 35.870295] task_work_run+0x1e8/0x2a0 [ 35.874176] do_exit+0x1ae4/0x26e0 [ 35.877711] do_group_exit+0x177/0x440 [ 35.881598] __x64_sys_exit_group+0x3e/0x50 [ 35.885919] do_syscall_64+0x1b9/0x820 [ 35.889810] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.894985] [ 35.896608] The buggy address belongs to the object at ffff8801d9510040 [ 35.896608] which belongs to the cache kvm_vcpu of size 23872 [ 35.909180] The buggy address is located 24 bytes inside of [ 35.909180] 23872-byte region [ffff8801d9510040, ffff8801d9515d80) [ 35.921137] The buggy address belongs to the page: [ 35.926061] page:ffffea0007654400 count:1 mapcount:0 mapping:ffff8801d5378c00 index:0x0 compound_mapcount: 0 [ 35.936056] flags: 0x2fffc0000008100(slab|head) [ 35.940733] raw: 02fffc0000008100 ffff8801d5376948 ffff8801d5376948 ffff8801d5378c00 [ 35.948620] raw: 0000000000000000 ffff8801d9510040 0000000100000001 0000000000000000 [ 35.956496] page dumped because: kasan: bad access detected [ 35.962189] [ 35.963804] Memory state around the buggy address: [ 35.968723] ffff8801d950ff00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.976072] ffff8801d950ff80: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 35.983440] >ffff8801d9510000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 35.990783] ^ [ 35.997007] ffff8801d9510080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.004367] ffff8801d9510100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.011713] ================================================================== [ 36.019092] Kernel panic - not syncing: panic_on_warn set ... [ 36.019092] [ 36.026461] CPU: 1 PID: 4697 Comm: syz-executor867 Tainted: G B 4.19.0-rc1+ #217 [ 36.035293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.044643] Call Trace: [ 36.047772] dump_stack+0x1c9/0x2b4 [ 36.051404] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.056590] ? lock_downgrade+0x8f0/0x8f0 [ 36.060733] ? __schedule+0xf54/0x1df0 [ 36.064619] panic+0x238/0x4e7 [ 36.067808] ? add_taint.cold.5+0x16/0x16 [ 36.071959] ? print_shadow_for_address+0xba/0x116 [ 36.076909] ? trace_hardirqs_off+0xaf/0x2b0 [ 36.081312] ? trace_hardirqs_off+0x77/0x2b0 [ 36.085719] ? __schedule+0xf54/0x1df0 [ 36.089602] kasan_end_report+0x47/0x4f [ 36.093582] kasan_report.cold.7+0x76/0x30d [ 36.097905] __asan_report_load8_noabort+0x14/0x20 [ 36.102835] __schedule+0xf54/0x1df0 [ 36.106569] ? __sched_text_start+0x8/0x8 [ 36.110713] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 36.115816] ? __call_srcu+0x7e7/0x1040 [ 36.119794] ? check_same_owner+0x340/0x340 [ 36.124126] ? mark_held_locks+0x160/0x160 [ 36.128363] ? find_held_lock+0x36/0x1c0 [ 36.132427] preempt_schedule_common+0x22/0x60 [ 36.137053] _cond_resched+0x1d/0x30 [ 36.140779] wait_for_completion+0xa5/0x8d0 [ 36.145100] ? wait_for_completion_interruptible+0x950/0x950 [ 36.150898] ? __lockdep_init_map+0x105/0x590 [ 36.155390] ? __init_waitqueue_head+0x9e/0x150 [ 36.160065] ? init_wait_entry+0x1c0/0x1c0 [ 36.164302] __synchronize_srcu+0x189/0x240 [ 36.168620] ? call_srcu+0x10/0x10 [ 36.172157] ? rcu_unexpedite_gp+0x20/0x20 [ 36.176408] synchronize_srcu+0x335/0x56f [ 36.180565] ? lock_downgrade+0x8f0/0x8f0 [ 36.184723] ? synchronize_srcu_expedited+0x20/0x20 [ 36.189740] ? kasan_check_read+0x11/0x20 [ 36.193883] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.198461] ? kasan_check_write+0x14/0x20 [ 36.202690] ? do_raw_spin_lock+0xc1/0x200 [ 36.206924] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.212634] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.218083] ? kvfree+0x61/0x70 [ 36.221387] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.226404] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.230464] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.234871] ? kvm_arch_sync_events+0x30/0x30 [ 36.239385] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.244921] ? mmu_notifier_unregister+0x474/0x600 [ 36.249848] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.254250] ? kfree+0x111/0x210 [ 36.257618] ? __mmu_notifier_register+0x30/0x30 [ 36.262387] ? __free_pages+0x10a/0x190 [ 36.266373] ? free_unref_page+0x930/0x930 [ 36.270631] kvm_put_kvm+0x73f/0x1060 [ 36.274439] ? kvm_write_guest_cached+0x40/0x40 [ 36.279141] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.283631] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.288126] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.292711] ? kasan_check_write+0x14/0x20 [ 36.296941] ? do_raw_spin_lock+0xc1/0x200 [ 36.301170] ? kvm_irqfd_release+0xdd/0x120 [ 36.305500] ? kvm_irqfd_release+0xdd/0x120 [ 36.309819] ? kvm_put_kvm+0x1060/0x1060 [ 36.313881] kvm_vm_release+0x42/0x50 [ 36.317681] __fput+0x38a/0xa40 [ 36.320958] ? __alloc_file+0x400/0x400 [ 36.324933] ? check_same_owner+0x340/0x340 [ 36.329249] ? kasan_check_write+0x14/0x20 [ 36.333481] ? do_raw_spin_lock+0xc1/0x200 [ 36.337710] ____fput+0x15/0x20 [ 36.340986] task_work_run+0x1e8/0x2a0 [ 36.344870] ? task_work_cancel+0x240/0x240 [ 36.349189] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.354723] ? switch_task_namespaces+0xa2/0xd0 [ 36.359387] do_exit+0x1ae4/0x26e0 [ 36.362940] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.367612] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.371853] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.376865] ? kfree+0x1d7/0x210 [ 36.380229] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.384465] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.390178] ? is_bpf_text_address+0xd7/0x170 [ 36.394688] ? kernel_text_address+0x79/0xf0 [ 36.399103] ? __kernel_text_address+0xd/0x40 [ 36.403610] ? unwind_get_return_address+0x61/0xa0 [ 36.408540] ? __save_stack_trace+0x8d/0xf0 [ 36.412865] ? save_stack+0xa9/0xd0 [ 36.416491] ? save_stack+0x43/0xd0 [ 36.420124] ? __kasan_slab_free+0x11a/0x170 [ 36.424526] ? kasan_slab_free+0xe/0x10 [ 36.428496] ? putname+0xf2/0x130 [ 36.431944] ? __x64_sys_openat+0x9d/0x100 [ 36.436172] ? do_syscall_64+0x1b9/0x820 [ 36.440235] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.445595] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.450008] ? kasan_check_read+0x11/0x20 [ 36.454150] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.458553] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.462957] ? initcall_blacklisted+0x9a/0x1e0 [ 36.467538] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.472640] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.478377] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.483909] ? do_vfs_ioctl+0x201/0x1720 [ 36.487968] ? rcu_is_watching+0x8c/0x150 [ 36.492129] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.496451] ? ioctl_preallocate+0x300/0x300 [ 36.500853] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.506390] ? __fget_light+0x2f7/0x440 [ 36.510392] ? fget_raw+0x20/0x20 [ 36.513850] ? putname+0xf2/0x130 [ 36.517306] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.522323] ? kmem_cache_free+0x246/0x280 [ 36.526570] ? putname+0xf7/0x130 [ 36.530018] do_group_exit+0x177/0x440 [ 36.533903] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.538217] ? __ia32_sys_exit+0x50/0x50 [ 36.542275] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.547388] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.552931] ? ksys_ioctl+0x81/0xd0 [ 36.556558] __x64_sys_exit_group+0x3e/0x50 [ 36.560884] do_syscall_64+0x1b9/0x820 [ 36.564767] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.570132] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.575054] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.579890] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.584911] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.589924] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.594938] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.599782] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.604964] RIP: 0033:0x43ef08 [ 36.608159] Code: Bad RIP value. [ 36.611527] RSP: 002b:00007fff28ff6b98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.619257] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 36.626517] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.633779] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.641040] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.648300] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.655605] [ 36.655610] ====================================================== [ 36.655615] WARNING: possible circular locking dependency detected [ 36.655619] 4.19.0-rc1+ #217 Not tainted [ 36.655624] ------------------------------------------------------ [ 36.655629] syz-executor867/4697 is trying to acquire lock: [ 36.655632] 0000000007a59e44 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 36.655647] [ 36.655651] but task is already holding lock: [ 36.655654] 000000001b8cdff5 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.655668] [ 36.655673] which lock already depends on the new lock. [ 36.655675] [ 36.655677] [ 36.655682] the existing dependency chain (in reverse order) is: [ 36.655684] [ 36.655687] -> #3 (report_lock){....}: [ 36.655701] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.655705] kasan_report+0x8e/0x110 [ 36.655709] __asan_report_load8_noabort+0x14/0x20 [ 36.655713] __schedule+0xf54/0x1df0 [ 36.655717] preempt_schedule_common+0x22/0x60 [ 36.655721] _cond_resched+0x1d/0x30 [ 36.655725] wait_for_completion+0xa5/0x8d0 [ 36.655729] __synchronize_srcu+0x189/0x240 [ 36.655733] synchronize_srcu+0x335/0x56f [ 36.655738] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.655742] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.655746] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.655750] kvm_put_kvm+0x73f/0x1060 [ 36.655754] kvm_vm_release+0x42/0x50 [ 36.655757] __fput+0x38a/0xa40 [ 36.655761] ____fput+0x15/0x20 [ 36.655764] task_work_run+0x1e8/0x2a0 [ 36.655768] do_exit+0x1ae4/0x26e0 [ 36.655772] do_group_exit+0x177/0x440 [ 36.655776] __x64_sys_exit_group+0x3e/0x50 [ 36.655780] do_syscall_64+0x1b9/0x820 [ 36.655784] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.655786] [ 36.655789] -> #2 (&rq->lock){-.-.}: [ 36.655802] _raw_spin_lock+0x2a/0x40 [ 36.655806] task_fork_fair+0x93/0x680 [ 36.655809] sched_fork+0x44b/0xbd0 [ 36.655813] copy_process+0x235e/0x7ad0 [ 36.655817] _do_fork+0x1ca/0x1170 [ 36.655821] kernel_thread+0x34/0x40 [ 36.655824] rest_init+0x22/0xe4 [ 36.655828] start_kernel+0x913/0x94e [ 36.655832] x86_64_start_reservations+0x29/0x2b [ 36.655836] x86_64_start_kernel+0x76/0x79 [ 36.655840] secondary_startup_64+0xa4/0xb0 [ 36.655842] [ 36.655844] -> #1 (&p->pi_lock){-.-.}: [ 36.655858] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.655862] try_to_wake_up+0xd2/0x1250 [ 36.655866] wake_up_process+0x10/0x20 [ 36.655870] __up.isra.1+0x1c0/0x2a0 [ 36.655873] up+0x13c/0x1c0 [ 36.655877] __up_console_sem+0xbe/0x1b0 [ 36.655881] console_unlock+0x506/0x10d0 [ 36.655885] vprintk_emit+0x33a/0x910 [ 36.655888] vprintk_default+0x28/0x30 [ 36.655892] vprintk_func+0x7a/0x117 [ 36.655895] printk+0xa7/0xcf [ 36.655899] load_umh+0x51/0xbd [ 36.655903] do_one_initcall+0x127/0x838 [ 36.655907] kernel_init_freeable+0x4bb/0x5ae [ 36.655910] kernel_init+0x11/0x1b3 [ 36.655914] ret_from_fork+0x3a/0x50 [ 36.655916] [ 36.655918] -> #0 ((console_sem).lock){-...}: [ 36.655933] lock_acquire+0x1e4/0x4f0 [ 36.655937] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.655940] down_trylock+0x13/0x70 [ 36.655945] __down_trylock_console_sem+0xae/0x200 [ 36.655949] console_trylock+0x15/0xa0 [ 36.655952] vprintk_emit+0x31f/0x910 [ 36.655956] vprintk_default+0x28/0x30 [ 36.655973] vprintk_func+0x7a/0x117 [ 36.655976] printk+0xa7/0xcf [ 36.655980] kasan_report+0x9e/0x110 [ 36.655996] __asan_report_load8_noabort+0x14/0x20 [ 36.656000] __schedule+0xf54/0x1df0 [ 36.656004] preempt_schedule_common+0x22/0x60 [ 36.656008] _cond_resched+0x1d/0x30 [ 36.656012] wait_for_completion+0xa5/0x8d0 [ 36.656016] __synchronize_srcu+0x189/0x240 [ 36.656020] synchronize_srcu+0x335/0x56f [ 36.656025] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.656029] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.656033] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.656037] kvm_put_kvm+0x73f/0x1060 [ 36.656040] kvm_vm_release+0x42/0x50 [ 36.656044] __fput+0x38a/0xa40 [ 36.656047] ____fput+0x15/0x20 [ 36.656051] task_work_run+0x1e8/0x2a0 [ 36.656054] do_exit+0x1ae4/0x26e0 [ 36.656058] do_group_exit+0x177/0x440 [ 36.656075] __x64_sys_exit_group+0x3e/0x50 [ 36.656078] do_syscall_64+0x1b9/0x820 [ 36.656083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.656085] [ 36.656089] other info that might help us debug this: [ 36.656091] [ 36.656106] Chain exists of: [ 36.656108] (console_sem).lock --> &rq->lock --> report_lock [ 36.656130] [ 36.656134] Possible unsafe locking scenario: [ 36.656136] [ 36.656140] CPU0 CPU1 [ 36.656144] ---- ---- [ 36.656146] lock(report_lock); [ 36.656154] lock(&rq->lock); [ 36.656163] lock(report_lock); [ 36.656170] lock((console_sem).lock); [ 36.656178] [ 36.656181] *** DEADLOCK *** [ 36.656183] [ 36.656187] 2 locks held by syz-executor867/4697: [ 36.656189] #0: 000000002a2e0301 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 36.656204] #1: 000000001b8cdff5 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.656232] [ 36.656235] stack backtrace: [ 36.656241] CPU: 1 PID: 4697 Comm: syz-executor867 Not tainted 4.19.0-rc1+ #217 [ 36.656247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.656250] Call Trace: [ 36.656254] dump_stack+0x1c9/0x2b4 [ 36.656258] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.656262] ? vprintk_func+0x100/0x117 [ 36.656267] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 36.656270] ? save_trace+0xe0/0x290 [ 36.656274] __lock_acquire+0x3449/0x5020 [ 36.656278] ? mark_held_locks+0x160/0x160 [ 36.656281] ? mark_held_locks+0x160/0x160 [ 36.656285] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.656290] ? is_bpf_text_address+0xd7/0x170 [ 36.656293] ? kernel_text_address+0x79/0xf0 [ 36.656297] ? __kernel_text_address+0xd/0x40 [ 36.656301] ? __save_stack_trace+0x8d/0xf0 [ 36.656305] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 36.656309] ? save_trace+0x290/0x290 [ 36.656313] ? save_stack_trace+0x1a/0x20 [ 36.656316] ? save_trace+0xe0/0x290 [ 36.656320] ? graph_lock+0x170/0x170 [ 36.656324] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.656328] lock_acquire+0x1e4/0x4f0 [ 36.656332] ? down_trylock+0x13/0x70 [ 36.656335] ? lock_release+0x9f0/0x9f0 [ 36.656339] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.656343] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.656347] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.656359] ? log_store+0x34f/0x4c0 [ 36.656363] ? vprintk_emit+0x31f/0x910 [ 36.656367] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.656371] ? down_trylock+0x13/0x70 [ 36.656374] down_trylock+0x13/0x70 [ 36.656378] __down_trylock_console_sem+0xae/0x200 [ 36.656382] console_trylock+0x15/0xa0 [ 36.656385] vprintk_emit+0x31f/0x910 [ 36.656389] ? wake_up_klogd+0x110/0x110 [ 36.656393] ? run_rebalance_domains+0x4c0/0x4c0 [ 36.656397] ? kasan_check_read+0x11/0x20 [ 36.656400] ? rcu_is_watching+0x8c/0x150 [ 36.656404] ? rcu_pm_notify+0xc0/0xc0 [ 36.656408] ? lock_acquire+0x1e4/0x4f0 [ 36.656411] ? kasan_report+0x8e/0x110 [ 36.656415] ? __schedule+0xf54/0x1df0 [ 36.656418] vprintk_default+0x28/0x30 [ 36.656434] vprintk_func+0x7a/0x117 [ 36.656437] printk+0xa7/0xcf [ 36.656442] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.656446] ? kasan_check_write+0x14/0x20 [ 36.656449] ? do_raw_spin_lock+0xc1/0x200 [ 36.656453] ? do_raw_spin_lock+0xc1/0x200 [ 36.656457] kasan_report+0x9e/0x110 [ 36.656461] __asan_report_load8_noabort+0x14/0x20 [ 36.656465] __schedule+0xf54/0x1df0 [ 36.656469] ? __sched_text_start+0x8/0x8 [ 36.656473] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 36.656477] ? __call_srcu+0x7e7/0x1040 [ 36.656481] ? check_same_owner+0x340/0x340 [ 36.656485] ? mark_held_locks+0x160/0x160 [ 36.656488] ? find_held_lock+0x36/0x1c0 [ 36.656493] preempt_schedule_common+0x22/0x60 [ 36.656496] _cond_resched+0x1d/0x30 [ 36.656500] wait_for_completion+0xa5/0x8d0 [ 36.656505] ? wait_for_completion_interruptible+0x950/0x950 [ 36.656509] ? __lockdep_init_map+0x105/0x590 [ 36.656513] ? __init_waitqueue_head+0x9e/0x150 [ 36.656517] ? init_wait_entry+0x1c0/0x1c0 [ 36.656521] __synchronize_srcu+0x189/0x240 [ 36.656525] ? call_srcu+0x10/0x10 [ 36.656529] ? rcu_unexpedite_gp+0x20/0x20 [ 36.656533] synchronize_srcu+0x335/0x56f [ 36.656537] ? lock_downgrade+0x8f0/0x8f0 [ 36.656541] ? synchronize_srcu_expedited+0x20/0x20 [ 36.656545] ? kasan_check_read+0x11/0x20 [ 36.656549] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.656553] ? kasan_check_write+0x14/0x20 [ 36.656557] ? do_raw_spin_lock+0xc1/0x200 [ 36.656562] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.656567] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.656570] ? kvfree+0x61/0x70 [ 36.656575] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.656578] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.656582] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.656586] ? kvm_arch_sync_events+0x30/0x30 [ 36.656591] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.656595] ? mmu_notifier_unregister+0x474/0x600 [ 36.656600] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.656603] ? kfree+0x111/0x210 [ 36.656607] ? __mmu_notifier_register+0x30/0x30 [ 36.656611] ? __free_pages+0x10a/0x190 [ 36.656615] ? free_unref_page+0x930/0x930 [ 36.656619] kvm_put_kvm+0x73f/0x1060 [ 36.656623] ? kvm_write_guest_cached+0x40/0x40 [ 36.656627] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.656632] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.656636] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.656640] ? kasan_check_write+0x14/0x20 [ 36.656643] ? do_raw_spin_lock+0xc1/0x200 [ 36.656647] ? kvm_irqfd_release+0xdd/0x120 [ 36.656651] ? kvm_irqfd_release+0xdd/0x120 [ 36.656655] ? kvm_put_kvm+0x1060/0x1060 [ 36.656659] kvm_vm_release+0x42/0x50 [ 36.656662] __fput+0x38a/0xa40 [ 36.656666] ? __alloc_file+0x400/0x400 [ 36.656670] ? check_same_owner+0x340/0x340 [ 36.656674] ? kasan_check_write+0x14/0x20 [ 36.656678] ? do_raw_spin_lock+0xc1/0x200 [ 36.656681] ____fput+0x15/0x20 [ 36.656685] task_work_run+0x1e8/0x2a0 [ 36.656689] ? task_work_cancel+0x240/0x240 [ 36.656694] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.656698] ? switch_task_namespaces+0xa2/0xd0 [ 36.656701] do_exit+0x1ae4/0x26e0 [ 36.656705] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.656709] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.656713] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.656717] ? kfree+0x1d7/0x210 [ 36.656721] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.656726] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.656730] ? is_bpf_text_address+0xd7/0x170 [ 36.656732] ? [ 36.656739] Lost 55 message(s)! [ 37.764591] Shutting down cpus with NMI [ 38.823644] Dumping ftrace buffer: [ 38.827173] (ftrace buffer empty) [ 38.830862] Kernel Offset: disabled [ 38.834483] Rebooting in 86400 seconds..