[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.554780] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.561115] random: sshd: uninitialized urandom read (32 bytes read) [ 28.859925] random: sshd: uninitialized urandom read (32 bytes read) [ 29.402296] random: sshd: uninitialized urandom read (32 bytes read) [ 29.582972] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts. [ 35.217250] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 35.316863] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 35.342305] ================================================================== [ 35.352106] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 35.358333] Read of size 8 at addr ffff8801b7bb8058 by task syz-executor024/4658 [ 35.365851] [ 35.367481] CPU: 0 PID: 4658 Comm: syz-executor024 Not tainted 4.19.0-rc1+ #217 [ 35.374919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.384263] Call Trace: [ 35.386849] dump_stack+0x1c9/0x2b4 [ 35.390478] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.395665] ? printk+0xa7/0xcf [ 35.398941] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.403694] ? __schedule+0xf54/0x1df0 [ 35.407578] print_address_description+0x6c/0x20b [ 35.412419] ? __schedule+0xf54/0x1df0 [ 35.416303] kasan_report.cold.7+0x242/0x30d [ 35.420709] __asan_report_load8_noabort+0x14/0x20 [ 35.425639] __schedule+0xf54/0x1df0 [ 35.429360] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.434472] ? __sched_text_start+0x8/0x8 [ 35.438619] ? __call_srcu+0x7e7/0x1040 [ 35.442604] ? check_same_owner+0x340/0x340 [ 35.446928] ? mark_held_locks+0x160/0x160 [ 35.451170] ? find_held_lock+0x36/0x1c0 [ 35.455238] preempt_schedule_common+0x22/0x60 [ 35.459816] _cond_resched+0x1d/0x30 [ 35.463537] wait_for_completion+0xa5/0x8d0 [ 35.467860] ? wait_for_completion_interruptible+0x950/0x950 [ 35.473655] ? __lockdep_init_map+0x105/0x590 [ 35.478160] ? __init_waitqueue_head+0x9e/0x150 [ 35.482823] ? init_wait_entry+0x1c0/0x1c0 [ 35.487057] __synchronize_srcu+0x189/0x240 [ 35.491397] ? call_srcu+0x10/0x10 [ 35.494941] ? rcu_unexpedite_gp+0x20/0x20 [ 35.499181] synchronize_srcu+0x335/0x56f [ 35.503328] ? lock_downgrade+0x8f0/0x8f0 [ 35.507507] ? synchronize_srcu_expedited+0x20/0x20 [ 35.512525] ? kasan_check_read+0x11/0x20 [ 35.516668] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.521246] ? kasan_check_write+0x14/0x20 [ 35.525479] ? do_raw_spin_lock+0xc1/0x200 [ 35.529718] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.535432] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.540880] ? kvfree+0x61/0x70 [ 35.544158] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.549170] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.553227] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.557642] ? kvm_arch_sync_events+0x30/0x30 [ 35.562138] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.567673] ? mmu_notifier_unregister+0x474/0x600 [ 35.572596] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.577008] ? kfree+0x111/0x210 [ 35.580381] ? __mmu_notifier_register+0x30/0x30 [ 35.585138] ? __free_pages+0x10a/0x190 [ 35.589113] ? free_unref_page+0x930/0x930 [ 35.593353] kvm_put_kvm+0x73f/0x1060 [ 35.597165] ? kvm_write_guest_cached+0x40/0x40 [ 35.601834] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.606324] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.610844] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.615694] ? kasan_check_write+0x14/0x20 [ 35.619929] ? do_raw_spin_lock+0xc1/0x200 [ 35.624174] ? kvm_irqfd_release+0xdd/0x120 [ 35.628499] ? kvm_irqfd_release+0xdd/0x120 [ 35.632816] ? kvm_put_kvm+0x1060/0x1060 [ 35.636874] kvm_vm_release+0x42/0x50 [ 35.640668] __fput+0x38a/0xa40 [ 35.643951] ? __alloc_file+0x400/0x400 [ 35.647924] ? check_same_owner+0x340/0x340 [ 35.652243] ? kasan_check_write+0x14/0x20 [ 35.656476] ? do_raw_spin_lock+0xc1/0x200 [ 35.660706] ____fput+0x15/0x20 [ 35.663984] task_work_run+0x1e8/0x2a0 [ 35.667866] ? task_work_cancel+0x240/0x240 [ 35.672189] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.677736] ? switch_task_namespaces+0xa2/0xd0 [ 35.682437] do_exit+0x1ae4/0x26e0 [ 35.685976] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.690651] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.694884] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.700070] ? kfree+0x1d7/0x210 [ 35.703441] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.707676] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.713394] ? kasan_check_write+0x14/0x20 [ 35.717626] ? finish_task_switch+0x2ca/0x870 [ 35.722125] ? preempt_notifier_register+0x200/0x200 [ 35.727222] ? __switch_to_asm+0x34/0x70 [ 35.731275] ? __switch_to_asm+0x34/0x70 [ 35.735328] ? __switch_to_asm+0x40/0x70 [ 35.739404] ? __switch_to_asm+0x34/0x70 [ 35.743463] ? __switch_to_asm+0x40/0x70 [ 35.747519] ? __switch_to_asm+0x34/0x70 [ 35.751572] ? __switch_to_asm+0x40/0x70 [ 35.755625] ? __switch_to_asm+0x34/0x70 [ 35.759690] ? __switch_to_asm+0x34/0x70 [ 35.763743] ? __switch_to_asm+0x40/0x70 [ 35.767800] ? __switch_to_asm+0x34/0x70 [ 35.771855] ? __switch_to_asm+0x40/0x70 [ 35.775912] ? __switch_to_asm+0x34/0x70 [ 35.779990] ? __switch_to_asm+0x40/0x70 [ 35.784092] ? __sched_text_start+0x8/0x8 [ 35.788239] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.792648] ? kasan_check_read+0x11/0x20 [ 35.796797] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.801202] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.805607] ? initcall_blacklisted+0x9a/0x1e0 [ 35.810192] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.815293] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.821002] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.826540] ? do_vfs_ioctl+0x201/0x1720 [ 35.830604] ? ioctl_preallocate+0x300/0x300 [ 35.835013] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.840551] ? __fget_light+0x2f7/0x440 [ 35.844522] ? __schedule+0x1df0/0x1df0 [ 35.848496] ? fget_raw+0x20/0x20 [ 35.851947] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.856349] ? kmem_cache_free+0x246/0x280 [ 35.860592] ? do_syscall_64+0x6be/0x820 [ 35.864687] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.869092] ? putname+0xf7/0x130 [ 35.872544] do_group_exit+0x177/0x440 [ 35.876427] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.880744] ? __ia32_sys_exit+0x50/0x50 [ 35.884805] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.889907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.895454] ? ksys_ioctl+0x81/0xd0 [ 35.899083] __x64_sys_exit_group+0x3e/0x50 [ 35.903408] do_syscall_64+0x1b9/0x820 [ 35.907293] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.912659] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.917588] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.922425] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.927441] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.932488] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.937508] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.942354] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.947549] RIP: 0033:0x43ef08 [ 35.950743] Code: Bad RIP value. [ 35.954099] RSP: 002b:00007ffe1253d6f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.961804] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 35.969066] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.976339] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.983615] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.990896] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.998168] [ 35.999796] Allocated by task 4658: [ 36.003421] save_stack+0x43/0xd0 [ 36.006872] kasan_kmalloc+0xc4/0xe0 [ 36.010590] kasan_slab_alloc+0x12/0x20 [ 36.014558] kmem_cache_alloc+0x12e/0x710 [ 36.018705] vmx_create_vcpu+0xcf/0x2830 [ 36.022760] kvm_arch_vcpu_create+0xe5/0x220 [ 36.027168] kvm_vm_ioctl+0x488/0x1d80 [ 36.031056] do_vfs_ioctl+0x1de/0x1720 [ 36.034954] ksys_ioctl+0xa9/0xd0 [ 36.038405] __x64_sys_ioctl+0x73/0xb0 [ 36.042292] do_syscall_64+0x1b9/0x820 [ 36.046178] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.051355] [ 36.052989] Freed by task 4658: [ 36.056266] save_stack+0x43/0xd0 [ 36.059718] __kasan_slab_free+0x11a/0x170 [ 36.063958] kasan_slab_free+0xe/0x10 [ 36.067757] kmem_cache_free+0x86/0x280 [ 36.071733] vmx_free_vcpu+0x26b/0x300 [ 36.075621] kvm_arch_destroy_vm+0x365/0x7c0 [ 36.080041] kvm_put_kvm+0x73f/0x1060 [ 36.083848] kvm_vm_release+0x42/0x50 [ 36.087652] __fput+0x38a/0xa40 [ 36.090928] ____fput+0x15/0x20 [ 36.094205] task_work_run+0x1e8/0x2a0 [ 36.098088] do_exit+0x1ae4/0x26e0 [ 36.101624] do_group_exit+0x177/0x440 [ 36.105513] __x64_sys_exit_group+0x3e/0x50 [ 36.109831] do_syscall_64+0x1b9/0x820 [ 36.113714] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.118889] [ 36.120513] The buggy address belongs to the object at ffff8801b7bb8040 [ 36.120513] which belongs to the cache kvm_vcpu of size 23872 [ 36.133084] The buggy address is located 24 bytes inside of [ 36.133084] 23872-byte region [ffff8801b7bb8040, ffff8801b7bbdd80) [ 36.145040] The buggy address belongs to the page: [ 36.149970] page:ffffea0006deee00 count:1 mapcount:0 mapping:ffff8801d9fd8080 index:0x0 compound_mapcount: 0 [ 36.159940] flags: 0x2fffc0000008100(slab|head) [ 36.164622] raw: 02fffc0000008100 ffff8801d526d448 ffff8801d526d448 ffff8801d9fd8080 [ 36.172513] raw: 0000000000000000 ffff8801b7bb8040 0000000100000001 0000000000000000 [ 36.180392] page dumped because: kasan: bad access detected [ 36.186093] [ 36.187709] Memory state around the buggy address: [ 36.192642] ffff8801b7bb7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.199995] ffff8801b7bb7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.207349] >ffff8801b7bb8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 36.214708] ^ [ 36.220931] ffff8801b7bb8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.228281] ffff8801b7bb8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.235630] ================================================================== [ 36.243006] Kernel panic - not syncing: panic_on_warn set ... [ 36.243006] [ 36.250375] CPU: 0 PID: 4658 Comm: syz-executor024 Tainted: G B 4.19.0-rc1+ #217 [ 36.259213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.268554] Call Trace: [ 36.271145] dump_stack+0x1c9/0x2b4 [ 36.274772] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.279959] ? lock_downgrade+0x8f0/0x8f0 [ 36.284100] ? __schedule+0xf54/0x1df0 [ 36.287983] panic+0x238/0x4e7 [ 36.291170] ? add_taint.cold.5+0x16/0x16 [ 36.295321] ? print_shadow_for_address+0xba/0x116 [ 36.300245] ? trace_hardirqs_off+0xaf/0x2b0 [ 36.304652] ? trace_hardirqs_off+0x77/0x2b0 [ 36.309058] ? __schedule+0xf54/0x1df0 [ 36.312942] kasan_end_report+0x47/0x4f [ 36.316915] kasan_report.cold.7+0x76/0x30d [ 36.321237] __asan_report_load8_noabort+0x14/0x20 [ 36.326160] __schedule+0xf54/0x1df0 [ 36.329871] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.334975] ? __sched_text_start+0x8/0x8 [ 36.339142] ? __call_srcu+0x7e7/0x1040 [ 36.343117] ? check_same_owner+0x340/0x340 [ 36.347438] ? mark_held_locks+0x160/0x160 [ 36.351664] ? find_held_lock+0x36/0x1c0 [ 36.355722] preempt_schedule_common+0x22/0x60 [ 36.360314] _cond_resched+0x1d/0x30 [ 36.364032] wait_for_completion+0xa5/0x8d0 [ 36.368362] ? wait_for_completion_interruptible+0x950/0x950 [ 36.374181] ? __lockdep_init_map+0x105/0x590 [ 36.378673] ? __init_waitqueue_head+0x9e/0x150 [ 36.383335] ? init_wait_entry+0x1c0/0x1c0 [ 36.387568] __synchronize_srcu+0x189/0x240 [ 36.391880] ? call_srcu+0x10/0x10 [ 36.395417] ? rcu_unexpedite_gp+0x20/0x20 [ 36.399661] synchronize_srcu+0x335/0x56f [ 36.403816] ? lock_downgrade+0x8f0/0x8f0 [ 36.407981] ? synchronize_srcu_expedited+0x20/0x20 [ 36.412993] ? kasan_check_read+0x11/0x20 [ 36.417140] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.421745] ? kasan_check_write+0x14/0x20 [ 36.425976] ? do_raw_spin_lock+0xc1/0x200 [ 36.430212] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.435932] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.441388] ? kvfree+0x61/0x70 [ 36.444666] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.449683] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.453739] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.458177] ? kvm_arch_sync_events+0x30/0x30 [ 36.462674] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.468208] ? mmu_notifier_unregister+0x474/0x600 [ 36.473129] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.477531] ? kfree+0x111/0x210 [ 36.480896] ? __mmu_notifier_register+0x30/0x30 [ 36.485655] ? __free_pages+0x10a/0x190 [ 36.489629] ? free_unref_page+0x930/0x930 [ 36.493877] kvm_put_kvm+0x73f/0x1060 [ 36.497681] ? kvm_write_guest_cached+0x40/0x40 [ 36.502351] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.506851] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.511340] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.515927] ? kasan_check_write+0x14/0x20 [ 36.520159] ? do_raw_spin_lock+0xc1/0x200 [ 36.524396] ? kvm_irqfd_release+0xdd/0x120 [ 36.528729] ? kvm_irqfd_release+0xdd/0x120 [ 36.533052] ? kvm_put_kvm+0x1060/0x1060 [ 36.537109] kvm_vm_release+0x42/0x50 [ 36.540906] __fput+0x38a/0xa40 [ 36.544182] ? __alloc_file+0x400/0x400 [ 36.548155] ? check_same_owner+0x340/0x340 [ 36.552482] ? kasan_check_write+0x14/0x20 [ 36.556722] ? do_raw_spin_lock+0xc1/0x200 [ 36.560954] ____fput+0x15/0x20 [ 36.564233] task_work_run+0x1e8/0x2a0 [ 36.568118] ? task_work_cancel+0x240/0x240 [ 36.572436] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.577971] ? switch_task_namespaces+0xa2/0xd0 [ 36.582646] do_exit+0x1ae4/0x26e0 [ 36.586201] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.590880] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.595119] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.600130] ? kfree+0x1d7/0x210 [ 36.603498] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.607747] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.613710] ? kasan_check_write+0x14/0x20 [ 36.617941] ? finish_task_switch+0x2ca/0x870 [ 36.622434] ? preempt_notifier_register+0x200/0x200 [ 36.627535] ? __switch_to_asm+0x34/0x70 [ 36.631592] ? __switch_to_asm+0x34/0x70 [ 36.635651] ? __switch_to_asm+0x40/0x70 [ 36.639706] ? __switch_to_asm+0x34/0x70 [ 36.643763] ? __switch_to_asm+0x40/0x70 [ 36.647817] ? __switch_to_asm+0x34/0x70 [ 36.651954] ? __switch_to_asm+0x40/0x70 [ 36.656008] ? __switch_to_asm+0x34/0x70 [ 36.660069] ? __switch_to_asm+0x34/0x70 [ 36.664158] ? __switch_to_asm+0x40/0x70 [ 36.668225] ? __switch_to_asm+0x34/0x70 [ 36.672293] ? __switch_to_asm+0x40/0x70 [ 36.676346] ? __switch_to_asm+0x34/0x70 [ 36.680421] ? __switch_to_asm+0x40/0x70 [ 36.684492] ? __sched_text_start+0x8/0x8 [ 36.688656] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.693082] ? kasan_check_read+0x11/0x20 [ 36.697225] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.701625] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.706040] ? initcall_blacklisted+0x9a/0x1e0 [ 36.710622] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.715731] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.721684] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.727221] ? do_vfs_ioctl+0x201/0x1720 [ 36.731279] ? ioctl_preallocate+0x300/0x300 [ 36.735681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.741228] ? __fget_light+0x2f7/0x440 [ 36.745198] ? __schedule+0x1df0/0x1df0 [ 36.749166] ? fget_raw+0x20/0x20 [ 36.752615] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.757024] ? kmem_cache_free+0x246/0x280 [ 36.761254] ? do_syscall_64+0x6be/0x820 [ 36.765308] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.769708] ? putname+0xf7/0x130 [ 36.773163] do_group_exit+0x177/0x440 [ 36.777057] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.781395] ? __ia32_sys_exit+0x50/0x50 [ 36.785456] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.790663] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.796195] ? ksys_ioctl+0x81/0xd0 [ 36.799834] __x64_sys_exit_group+0x3e/0x50 [ 36.804159] do_syscall_64+0x1b9/0x820 [ 36.808043] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.813408] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.818338] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.823197] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.828212] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.833226] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.838242] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.843097] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.848300] RIP: 0033:0x43ef08 [ 36.851493] Code: Bad RIP value. [ 36.854850] RSP: 002b:00007ffe1253d6f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.862571] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 36.869847] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.877110] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.884382] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.891648] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.898922] [ 36.898927] ====================================================== [ 36.898932] WARNING: possible circular locking dependency detected [ 36.898936] 4.19.0-rc1+ #217 Not tainted [ 36.898941] ------------------------------------------------------ [ 36.898945] syz-executor024/4658 is trying to acquire lock: [ 36.898948] 0000000036732cad ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 36.898962] [ 36.898966] but task is already holding lock: [ 36.898969] 00000000462ff362 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.898982] [ 36.898987] which lock already depends on the new lock. [ 36.898989] [ 36.898991] [ 36.898996] the existing dependency chain (in reverse order) is: [ 36.898998] [ 36.899000] -> #3 (report_lock){....}: [ 36.899014] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.899017] kasan_report+0x8e/0x110 [ 36.899022] __asan_report_load8_noabort+0x14/0x20 [ 36.899025] __schedule+0xf54/0x1df0 [ 36.899029] preempt_schedule_common+0x22/0x60 [ 36.899033] _cond_resched+0x1d/0x30 [ 36.899037] wait_for_completion+0xa5/0x8d0 [ 36.899041] __synchronize_srcu+0x189/0x240 [ 36.899044] synchronize_srcu+0x335/0x56f [ 36.899049] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.899053] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.899057] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.899060] kvm_put_kvm+0x73f/0x1060 [ 36.899064] kvm_vm_release+0x42/0x50 [ 36.899067] __fput+0x38a/0xa40 [ 36.899070] ____fput+0x15/0x20 [ 36.899074] task_work_run+0x1e8/0x2a0 [ 36.899078] do_exit+0x1ae4/0x26e0 [ 36.899081] do_group_exit+0x177/0x440 [ 36.899085] __x64_sys_exit_group+0x3e/0x50 [ 36.899089] do_syscall_64+0x1b9/0x820 [ 36.899093] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.899095] [ 36.899097] -> #2 (&rq->lock){-.-.}: [ 36.899110] _raw_spin_lock+0x2a/0x40 [ 36.899114] task_fork_fair+0x93/0x680 [ 36.899118] sched_fork+0x44b/0xbd0 [ 36.899121] copy_process+0x235e/0x7ad0 [ 36.899125] _do_fork+0x1ca/0x1170 [ 36.899128] kernel_thread+0x34/0x40 [ 36.899131] rest_init+0x22/0xe4 [ 36.899135] start_kernel+0x913/0x94e [ 36.899140] x86_64_start_reservations+0x29/0x2b [ 36.899144] x86_64_start_kernel+0x76/0x79 [ 36.899148] secondary_startup_64+0xa4/0xb0 [ 36.899150] [ 36.899152] -> #1 (&p->pi_lock){-.-.}: [ 36.899165] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.899169] try_to_wake_up+0xd2/0x1250 [ 36.899173] wake_up_process+0x10/0x20 [ 36.899176] __up.isra.1+0x1c0/0x2a0 [ 36.899179] up+0x13c/0x1c0 [ 36.899183] __up_console_sem+0xbe/0x1b0 [ 36.899187] console_unlock+0x506/0x10d0 [ 36.899191] vprintk_emit+0x33a/0x910 [ 36.899194] vprintk_default+0x28/0x30 [ 36.899198] vprintk_func+0x7a/0x117 [ 36.899201] printk+0xa7/0xcf [ 36.899204] load_umh+0x51/0xbd [ 36.899208] do_one_initcall+0x127/0x838 [ 36.899212] kernel_init_freeable+0x4bb/0x5ae [ 36.899215] kernel_init+0x11/0x1b3 [ 36.899219] ret_from_fork+0x3a/0x50 [ 36.899221] [ 36.899223] -> #0 ((console_sem).lock){-...}: [ 36.899237] lock_acquire+0x1e4/0x4f0 [ 36.899241] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.899244] down_trylock+0x13/0x70 [ 36.899249] __down_trylock_console_sem+0xae/0x200 [ 36.899252] console_trylock+0x15/0xa0 [ 36.899256] vprintk_emit+0x31f/0x910 [ 36.899259] vprintk_default+0x28/0x30 [ 36.899263] vprintk_func+0x7a/0x117 [ 36.899266] printk+0xa7/0xcf [ 36.899270] kasan_report+0x9e/0x110 [ 36.899274] __asan_report_load8_noabort+0x14/0x20 [ 36.899278] __schedule+0xf54/0x1df0 [ 36.899282] preempt_schedule_common+0x22/0x60 [ 36.899285] _cond_resched+0x1d/0x30 [ 36.899289] wait_for_completion+0xa5/0x8d0 [ 36.899293] __synchronize_srcu+0x189/0x240 [ 36.899297] synchronize_srcu+0x335/0x56f [ 36.899302] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.899305] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.899309] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.899313] kvm_put_kvm+0x73f/0x1060 [ 36.899316] kvm_vm_release+0x42/0x50 [ 36.899320] __fput+0x38a/0xa40 [ 36.899323] ____fput+0x15/0x20 [ 36.899327] task_work_run+0x1e8/0x2a0 [ 36.899330] do_exit+0x1ae4/0x26e0 [ 36.899334] do_group_exit+0x177/0x440 [ 36.899338] __x64_sys_exit_group+0x3e/0x50 [ 36.899341] do_syscall_64+0x1b9/0x820 [ 36.899346] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.899348] [ 36.899352] other info that might help us debug this: [ 36.899354] [ 36.899357] Chain exists of: [ 36.899359] (console_sem).lock --> &rq->lock --> report_lock [ 36.899396] [ 36.899400] Possible unsafe locking scenario: [ 36.899402] [ 36.899406] CPU0 CPU1 [ 36.899423] ---- ---- [ 36.899425] lock(report_lock); [ 36.899434] lock(&rq->lock); [ 36.899443] lock(report_lock); [ 36.899450] lock((console_sem).lock); [ 36.899458] [ 36.899461] *** DEADLOCK *** [ 36.899463] [ 36.899467] 2 locks held by syz-executor024/4658: [ 36.899469] #0: 00000000a1534701 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 36.899485] #1: 00000000462ff362 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.899501] [ 36.899504] stack backtrace: [ 36.899509] CPU: 0 PID: 4658 Comm: syz-executor024 Not tainted 4.19.0-rc1+ #217 [ 36.899516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.899519] Call Trace: [ 36.899522] dump_stack+0x1c9/0x2b4 [ 36.899526] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.899530] ? vprintk_func+0x100/0x117 [ 36.899535] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 36.899538] ? save_trace+0xe0/0x290 [ 36.899542] __lock_acquire+0x3449/0x5020 [ 36.899546] ? mark_held_locks+0x160/0x160 [ 36.899549] ? mark_held_locks+0x160/0x160 [ 36.899553] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.899557] ? is_bpf_text_address+0xd7/0x170 [ 36.899561] ? kernel_text_address+0x79/0xf0 [ 36.899565] ? __kernel_text_address+0xd/0x40 [ 36.899569] ? __save_stack_trace+0x8d/0xf0 [ 36.899573] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 36.899577] ? save_trace+0x290/0x290 [ 36.899581] ? save_stack_trace+0x1a/0x20 [ 36.899584] ? save_trace+0xe0/0x290 [ 36.899588] ? graph_lock+0x170/0x170 [ 36.899592] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.899596] lock_acquire+0x1e4/0x4f0 [ 36.899599] ? down_trylock+0x13/0x70 [ 36.899603] ? lock_release+0x9f0/0x9f0 [ 36.899607] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.899611] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.899615] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.899618] ? log_store+0x34f/0x4c0 [ 36.899622] ? vprintk_emit+0x31f/0x910 [ 36.899626] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.899629] ? down_trylock+0x13/0x70 [ 36.899638] down_trylock+0x13/0x70 [ 36.899643] __down_trylock_console_sem+0xae/0x200 [ 36.899646] console_trylock+0x15/0xa0 [ 36.899650] vprintk_emit+0x31f/0x910 [ 36.899654] ? wake_up_klogd+0x110/0x110 [ 36.899658] ? run_rebalance_domains+0x4c0/0x4c0 [ 36.899661] ? kasan_check_read+0x11/0x20 [ 36.899665] ? rcu_is_watching+0x8c/0x150 [ 36.899669] ? rcu_pm_notify+0xc0/0xc0 [ 36.899673] ? lock_acquire+0x1e4/0x4f0 [ 36.899676] ? kasan_report+0x8e/0x110 [ 36.899680] ? __schedule+0xf54/0x1df0 [ 36.899683] vprintk_default+0x28/0x30 [ 36.899687] vprintk_func+0x7a/0x117 [ 36.899690] printk+0xa7/0xcf [ 36.899694] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.899698] ? kasan_check_write+0x14/0x20 [ 36.899701] ? do_raw_spin_lock+0xc1/0x200 [ 36.899705] ? do_raw_spin_lock+0xc1/0x200 [ 36.899709] kasan_report+0x9e/0x110 [ 36.899713] __asan_report_load8_noabort+0x14/0x20 [ 36.899716] __schedule+0xf54/0x1df0 [ 36.899720] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.899724] ? __sched_text_start+0x8/0x8 [ 36.899728] ? __call_srcu+0x7e7/0x1040 [ 36.899732] ? check_same_owner+0x340/0x340 [ 36.899736] ? mark_held_locks+0x160/0x160 [ 36.899739] ? find_held_lock+0x36/0x1c0 [ 36.899743] preempt_schedule_common+0x22/0x60 [ 36.899747] _cond_resched+0x1d/0x30 [ 36.899751] wait_for_completion+0xa5/0x8d0 [ 36.899755] ? wait_for_completion_interruptible+0x950/0x950 [ 36.899759] ? __lockdep_init_map+0x105/0x590 [ 36.899763] ? __init_waitqueue_head+0x9e/0x150 [ 36.899767] ? init_wait_entry+0x1c0/0x1c0 [ 36.899771] __synchronize_srcu+0x189/0x240 [ 36.899774] ? call_srcu+0x10/0x10 [ 36.899778] ? rcu_unexpedite_gp+0x20/0x20 [ 36.899782] synchronize_srcu+0x335/0x56f [ 36.899786] ? lock_downgrade+0x8f0/0x8f0 [ 36.899790] ? synchronize_srcu_expedited+0x20/0x20 [ 36.899794] ? kasan_check_read+0x11/0x20 [ 36.899798] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.899801] ? kasan_check_write+0x14/0x20 [ 36.899805] ? do_raw_spin_lock+0xc1/0x200 [ 36.899810] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.899814] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.899818] ? kvfree+0x61/0x70 [ 36.899822] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.899825] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.899829] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.899833] ? kvm_arch_sync_events+0x30/0x30 [ 36.899838] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.899842] ? mmu_notifier_unregister+0x474/0x600 [ 36.899858] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.899862] ? kfree+0x111/0x210 [ 36.899866] ? __mmu_notifier_register+0x30/0x30 [ 36.899870] ? __free_pages+0x10a/0x190 [ 36.899874] ? free_unref_page+0x930/0x930 [ 36.899877] kvm_put_kvm+0x73f/0x1060 [ 36.899881] ? kvm_write_guest_cached+0x40/0x40 [ 36.899885] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.899889] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.899894] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.899897] ? kasan_check_write+0x14/0x20 [ 36.899901] ? do_raw_spin_lock+0xc1/0x200 [ 36.899905] ? kvm_irqfd_release+0xdd/0x120 [ 36.899909] ? kvm_irqfd_release+0xdd/0x120 [ 36.899913] ? kvm_put_kvm+0x1060/0x1060 [ 36.899917] kvm_vm_release+0x42/0x50 [ 36.899920] __fput+0x38a/0xa40 [ 36.899924] ? __alloc_file+0x400/0x400 [ 36.899928] ? check_same_owner+0x340/0x340 [ 36.899932] ? kasan_check_write+0x14/0x20 [ 36.899935] ? do_raw_spin_lock+0xc1/0x200 [ 36.899939] ____fput+0x15/0x20 [ 36.899943] task_work_run+0x1e8/0x2a0 [ 36.899947] ? task_work_cancel+0x240/0x240 [ 36.899951] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.899955] ? switch_task_namespaces+0xa2/0xd0 [ 36.899959] do_exit+0x1ae4/0x26e0 [ 36.899963] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.899967] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.899971] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.899975] ? kfree+0x1d7/0x210 [ 36.899978] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.899983] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.899987] ? kasan_check_write+0x14/0x20 [ 36.899990] ? fi [ 36.900010] Lost 60 message(s)! [ 38.004688] Shutting down cpus with NMI [ 39.064271] Dumping ftrace buffer: [ 39.067800] (ftrace buffer empty) [ 39.071491] Kernel Offset: disabled [ 39.075102] Rebooting in 86400 seconds..