[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.733312] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.166387] random: sshd: uninitialized urandom read (32 bytes read) [ 28.419538] sshd (4635) used greatest stack depth: 16856 bytes left [ 28.443843] random: sshd: uninitialized urandom read (32 bytes read) [ 28.980632] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts. [ 34.831966] urandom_read: 1 callbacks suppressed [ 34.831972] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 34.938330] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 34.965035] ================================================================== [ 34.974868] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 34.981111] Read of size 8 at addr ffff8801b9a58058 by task syz-executor067/4651 [ 34.988632] [ 34.990261] CPU: 0 PID: 4651 Comm: syz-executor067 Not tainted 4.19.0-rc1+ #215 [ 34.997697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.007041] Call Trace: [ 35.009655] dump_stack+0x1c9/0x2b4 [ 35.013371] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.018556] ? printk+0xa7/0xcf [ 35.021848] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.026663] ? __schedule+0xf54/0x1df0 [ 35.030568] print_address_description+0x6c/0x20b [ 35.035409] ? __schedule+0xf54/0x1df0 [ 35.039295] kasan_report.cold.7+0x242/0x30d [ 35.043688] __asan_report_load8_noabort+0x14/0x20 [ 35.048602] __schedule+0xf54/0x1df0 [ 35.052394] ? __sched_text_start+0x8/0x8 [ 35.056551] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 35.061663] ? __call_srcu+0x7e7/0x1040 [ 35.065642] ? check_same_owner+0x340/0x340 [ 35.069964] ? mark_held_locks+0x160/0x160 [ 35.074197] ? find_held_lock+0x36/0x1c0 [ 35.078269] preempt_schedule_common+0x22/0x60 [ 35.083040] _cond_resched+0x1d/0x30 [ 35.086756] wait_for_completion+0xa5/0x8d0 [ 35.091085] ? wait_for_completion_interruptible+0x950/0x950 [ 35.096881] ? __lockdep_init_map+0x105/0x590 [ 35.101374] ? __init_waitqueue_head+0x9e/0x150 [ 35.106646] ? init_wait_entry+0x1c0/0x1c0 [ 35.110880] __synchronize_srcu+0x189/0x240 [ 35.115200] ? call_srcu+0x10/0x10 [ 35.118737] ? rcu_unexpedite_gp+0x20/0x20 [ 35.122975] synchronize_srcu+0x335/0x56f [ 35.127170] ? lock_downgrade+0x8f0/0x8f0 [ 35.131313] ? synchronize_srcu_expedited+0x20/0x20 [ 35.136318] ? kasan_check_read+0x11/0x20 [ 35.140456] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.145027] ? kasan_check_write+0x14/0x20 [ 35.149253] ? do_raw_spin_lock+0xc1/0x200 [ 35.153479] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.159183] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.164637] ? kvfree+0x61/0x70 [ 35.167905] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.172914] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.176970] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.182159] ? kvm_arch_sync_events+0x30/0x30 [ 35.186658] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.192287] ? mmu_notifier_unregister+0x474/0x600 [ 35.197218] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.201613] ? kfree+0x111/0x210 [ 35.204976] ? __mmu_notifier_register+0x30/0x30 [ 35.209730] ? __free_pages+0x10a/0x190 [ 35.213779] ? free_unref_page+0x930/0x930 [ 35.218022] kvm_put_kvm+0x73f/0x1060 [ 35.221820] ? kvm_write_guest_cached+0x40/0x40 [ 35.226480] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.230966] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.235444] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.240016] ? kasan_check_write+0x14/0x20 [ 35.244232] ? do_raw_spin_lock+0xc1/0x200 [ 35.248453] ? kvm_irqfd_release+0xdd/0x120 [ 35.252759] ? kvm_irqfd_release+0xdd/0x120 [ 35.257191] ? kvm_put_kvm+0x1060/0x1060 [ 35.261239] kvm_vm_release+0x42/0x50 [ 35.265035] __fput+0x38a/0xa40 [ 35.268304] ? __alloc_file+0x400/0x400 [ 35.272263] ? check_same_owner+0x340/0x340 [ 35.276666] ? kasan_check_write+0x14/0x20 [ 35.280968] ? do_raw_spin_lock+0xc1/0x200 [ 35.285287] ____fput+0x15/0x20 [ 35.288561] task_work_run+0x1e8/0x2a0 [ 35.292438] ? task_work_cancel+0x240/0x240 [ 35.296885] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.302510] ? switch_task_namespaces+0xa2/0xd0 [ 35.307171] do_exit+0x1ae4/0x26e0 [ 35.310699] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.315359] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.319579] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.324583] ? kfree+0x1d7/0x210 [ 35.327937] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.332165] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.337863] ? is_bpf_text_address+0xd7/0x170 [ 35.342339] ? kernel_text_address+0x79/0xf0 [ 35.346736] ? __kernel_text_address+0xd/0x40 [ 35.351216] ? unwind_get_return_address+0x61/0xa0 [ 35.356133] ? __save_stack_trace+0x8d/0xf0 [ 35.360442] ? save_stack+0xa9/0xd0 [ 35.364058] ? save_stack+0x43/0xd0 [ 35.367667] ? __kasan_slab_free+0x11a/0x170 [ 35.372176] ? kasan_slab_free+0xe/0x10 [ 35.376144] ? putname+0xf2/0x130 [ 35.379582] ? __x64_sys_openat+0x9d/0x100 [ 35.383798] ? do_syscall_64+0x1b9/0x820 [ 35.387864] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.393228] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.397622] ? kasan_check_read+0x11/0x20 [ 35.401770] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.406165] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.410558] ? initcall_blacklisted+0x9a/0x1e0 [ 35.415261] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.420353] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.426045] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.431565] ? do_vfs_ioctl+0x201/0x1720 [ 35.435610] ? rcu_is_watching+0x8c/0x150 [ 35.439737] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.444041] ? ioctl_preallocate+0x300/0x300 [ 35.448430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.454086] ? __fget_light+0x2f7/0x440 [ 35.458061] ? fget_raw+0x20/0x20 [ 35.461497] ? putname+0xf2/0x130 [ 35.464941] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.469942] ? kmem_cache_free+0x246/0x280 [ 35.474161] ? putname+0xf7/0x130 [ 35.477612] do_group_exit+0x177/0x440 [ 35.481500] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.485842] ? __ia32_sys_exit+0x50/0x50 [ 35.490011] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.495103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.500686] ? ksys_ioctl+0x81/0xd0 [ 35.504300] __x64_sys_exit_group+0x3e/0x50 [ 35.508608] do_syscall_64+0x1b9/0x820 [ 35.512485] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.517840] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.522760] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.527589] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.532638] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.537643] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.542474] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.547648] RIP: 0033:0x43ef08 [ 35.550830] Code: Bad RIP value. [ 35.554173] RSP: 002b:00007fff6b5fa148 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.561870] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 35.569198] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.576450] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.583697] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.590948] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.598198] [ 35.599811] Allocated by task 4651: [ 35.603425] save_stack+0x43/0xd0 [ 35.606868] kasan_kmalloc+0xc4/0xe0 [ 35.610574] kasan_slab_alloc+0x12/0x20 [ 35.614531] kmem_cache_alloc+0x12e/0x710 [ 35.618707] vmx_create_vcpu+0xcf/0x2830 [ 35.622761] kvm_arch_vcpu_create+0xe5/0x220 [ 35.627291] kvm_vm_ioctl+0x488/0x1d80 [ 35.631184] do_vfs_ioctl+0x1de/0x1720 [ 35.635205] ksys_ioctl+0xa9/0xd0 [ 35.638647] __x64_sys_ioctl+0x73/0xb0 [ 35.642521] do_syscall_64+0x1b9/0x820 [ 35.646392] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.651559] [ 35.653168] Freed by task 4651: [ 35.656432] save_stack+0x43/0xd0 [ 35.659939] __kasan_slab_free+0x11a/0x170 [ 35.664163] kasan_slab_free+0xe/0x10 [ 35.667994] kmem_cache_free+0x86/0x280 [ 35.671955] vmx_free_vcpu+0x26b/0x300 [ 35.675825] kvm_arch_destroy_vm+0x365/0x7c0 [ 35.680219] kvm_put_kvm+0x73f/0x1060 [ 35.684006] kvm_vm_release+0x42/0x50 [ 35.687790] __fput+0x38a/0xa40 [ 35.691060] ____fput+0x15/0x20 [ 35.694406] task_work_run+0x1e8/0x2a0 [ 35.698271] do_exit+0x1ae4/0x26e0 [ 35.701789] do_group_exit+0x177/0x440 [ 35.705733] __x64_sys_exit_group+0x3e/0x50 [ 35.710056] do_syscall_64+0x1b9/0x820 [ 35.713947] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.719113] [ 35.720719] The buggy address belongs to the object at ffff8801b9a58040 [ 35.720719] which belongs to the cache kvm_vcpu of size 23872 [ 35.733270] The buggy address is located 24 bytes inside of [ 35.733270] 23872-byte region [ffff8801b9a58040, ffff8801b9a5dd80) [ 35.745210] The buggy address belongs to the page: [ 35.750119] page:ffffea0006e69600 count:1 mapcount:0 mapping:ffff8801d524d6c0 index:0x0 compound_mapcount: 0 [ 35.760071] flags: 0x2fffc0000008100(slab|head) [ 35.764725] raw: 02fffc0000008100 ffff8801d524e548 ffff8801d524e548 ffff8801d524d6c0 [ 35.772592] raw: 0000000000000000 ffff8801b9a58040 0000000100000001 0000000000000000 [ 35.780517] page dumped because: kasan: bad access detected [ 35.786209] [ 35.787817] Memory state around the buggy address: [ 35.792728] ffff8801b9a57f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.800069] ffff8801b9a57f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.807519] >ffff8801b9a58000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 35.814855] ^ [ 35.821060] ffff8801b9a58080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.828400] ffff8801b9a58100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.835750] ================================================================== [ 35.843085] Kernel panic - not syncing: panic_on_warn set ... [ 35.843085] [ 35.850454] CPU: 0 PID: 4651 Comm: syz-executor067 Tainted: G B 4.19.0-rc1+ #215 [ 35.859267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.868617] Call Trace: [ 35.871195] dump_stack+0x1c9/0x2b4 [ 35.874811] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.879990] ? lock_downgrade+0x8f0/0x8f0 [ 35.884169] ? __schedule+0xf54/0x1df0 [ 35.888046] panic+0x238/0x4e7 [ 35.891218] ? add_taint.cold.5+0x16/0x16 [ 35.895355] ? print_shadow_for_address+0xba/0x116 [ 35.900286] ? trace_hardirqs_off+0xaf/0x2b0 [ 35.904684] ? trace_hardirqs_off+0x77/0x2b0 [ 35.909080] ? __schedule+0xf54/0x1df0 [ 35.912952] kasan_end_report+0x47/0x4f [ 35.916917] kasan_report.cold.7+0x76/0x30d [ 35.921220] __asan_report_load8_noabort+0x14/0x20 [ 35.926178] __schedule+0xf54/0x1df0 [ 35.929881] ? __sched_text_start+0x8/0x8 [ 35.934013] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 35.939153] ? __call_srcu+0x7e7/0x1040 [ 35.943120] ? check_same_owner+0x340/0x340 [ 35.947423] ? mark_held_locks+0x160/0x160 [ 35.951638] ? find_held_lock+0x36/0x1c0 [ 35.955724] preempt_schedule_common+0x22/0x60 [ 35.960304] _cond_resched+0x1d/0x30 [ 35.964013] wait_for_completion+0xa5/0x8d0 [ 35.968316] ? wait_for_completion_interruptible+0x950/0x950 [ 35.974140] ? __lockdep_init_map+0x105/0x590 [ 35.978838] ? __init_waitqueue_head+0x9e/0x150 [ 35.983522] ? init_wait_entry+0x1c0/0x1c0 [ 35.987827] __synchronize_srcu+0x189/0x240 [ 35.992151] ? call_srcu+0x10/0x10 [ 35.995675] ? rcu_unexpedite_gp+0x20/0x20 [ 35.999918] synchronize_srcu+0x335/0x56f [ 36.004170] ? lock_downgrade+0x8f0/0x8f0 [ 36.008312] ? synchronize_srcu_expedited+0x20/0x20 [ 36.013427] ? kasan_check_read+0x11/0x20 [ 36.017564] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.022132] ? kasan_check_write+0x14/0x20 [ 36.026353] ? do_raw_spin_lock+0xc1/0x200 [ 36.030797] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.036514] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.042122] ? kvfree+0x61/0x70 [ 36.045394] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.050394] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.054437] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.058830] ? kvm_arch_sync_events+0x30/0x30 [ 36.063430] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.068955] ? mmu_notifier_unregister+0x474/0x600 [ 36.073867] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.078254] ? kfree+0x111/0x210 [ 36.081612] ? __mmu_notifier_register+0x30/0x30 [ 36.086366] ? __free_pages+0x10a/0x190 [ 36.090339] ? free_unref_page+0x930/0x930 [ 36.094584] kvm_put_kvm+0x73f/0x1060 [ 36.098392] ? kvm_write_guest_cached+0x40/0x40 [ 36.103066] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.107559] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.112058] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.116647] ? kasan_check_write+0x14/0x20 [ 36.120883] ? do_raw_spin_lock+0xc1/0x200 [ 36.125117] ? kvm_irqfd_release+0xdd/0x120 [ 36.129433] ? kvm_irqfd_release+0xdd/0x120 [ 36.133765] ? kvm_put_kvm+0x1060/0x1060 [ 36.137876] kvm_vm_release+0x42/0x50 [ 36.141698] __fput+0x38a/0xa40 [ 36.144990] ? __alloc_file+0x400/0x400 [ 36.148962] ? check_same_owner+0x340/0x340 [ 36.153281] ? kasan_check_write+0x14/0x20 [ 36.157516] ? do_raw_spin_lock+0xc1/0x200 [ 36.161761] ____fput+0x15/0x20 [ 36.165044] task_work_run+0x1e8/0x2a0 [ 36.168930] ? task_work_cancel+0x240/0x240 [ 36.173257] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.178800] ? switch_task_namespaces+0xa2/0xd0 [ 36.183486] do_exit+0x1ae4/0x26e0 [ 36.187026] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.191696] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.195931] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.200973] ? kfree+0x1d7/0x210 [ 36.204337] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.208573] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.214280] ? is_bpf_text_address+0xd7/0x170 [ 36.218776] ? kernel_text_address+0x79/0xf0 [ 36.223197] ? __kernel_text_address+0xd/0x40 [ 36.227686] ? unwind_get_return_address+0x61/0xa0 [ 36.232623] ? __save_stack_trace+0x8d/0xf0 [ 36.236945] ? save_stack+0xa9/0xd0 [ 36.240566] ? save_stack+0x43/0xd0 [ 36.244187] ? __kasan_slab_free+0x11a/0x170 [ 36.248593] ? kasan_slab_free+0xe/0x10 [ 36.252572] ? putname+0xf2/0x130 [ 36.256043] ? __x64_sys_openat+0x9d/0x100 [ 36.260277] ? do_syscall_64+0x1b9/0x820 [ 36.264342] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.269717] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.274124] ? kasan_check_read+0x11/0x20 [ 36.278272] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.282675] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.287083] ? initcall_blacklisted+0x9a/0x1e0 [ 36.291657] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.296785] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.302505] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.308050] ? do_vfs_ioctl+0x201/0x1720 [ 36.312109] ? rcu_is_watching+0x8c/0x150 [ 36.316259] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.320579] ? ioctl_preallocate+0x300/0x300 [ 36.325013] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.330547] ? __fget_light+0x2f7/0x440 [ 36.334517] ? fget_raw+0x20/0x20 [ 36.337966] ? putname+0xf2/0x130 [ 36.341415] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.346425] ? kmem_cache_free+0x246/0x280 [ 36.350681] ? putname+0xf7/0x130 [ 36.354134] do_group_exit+0x177/0x440 [ 36.358018] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.362337] ? __ia32_sys_exit+0x50/0x50 [ 36.366391] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.371496] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.377031] ? ksys_ioctl+0x81/0xd0 [ 36.380663] __x64_sys_exit_group+0x3e/0x50 [ 36.384987] do_syscall_64+0x1b9/0x820 [ 36.388875] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.394239] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.399167] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.404007] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.409023] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.414045] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.418895] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.424081] RIP: 0033:0x43ef08 [ 36.427271] Code: Bad RIP value. [ 36.430642] RSP: 002b:00007fff6b5fa148 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.438344] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 36.445612] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.452873] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.460138] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.467400] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.474683] [ 36.474689] ====================================================== [ 36.474694] WARNING: possible circular locking dependency detected [ 36.474697] 4.19.0-rc1+ #215 Not tainted [ 36.474702] ------------------------------------------------------ [ 36.474707] syz-executor067/4651 is trying to acquire lock: [ 36.474710] 00000000281db0d8 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 36.474724] [ 36.474740] but task is already holding lock: [ 36.474743] 00000000ab50058e (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.474757] [ 36.474761] which lock already depends on the new lock. [ 36.474764] [ 36.474766] [ 36.474771] the existing dependency chain (in reverse order) is: [ 36.474773] [ 36.474775] -> #3 (report_lock){....}: [ 36.474794] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.474798] kasan_report+0x8e/0x110 [ 36.474810] __asan_report_load8_noabort+0x14/0x20 [ 36.474814] __schedule+0xf54/0x1df0 [ 36.474819] preempt_schedule_common+0x22/0x60 [ 36.474822] _cond_resched+0x1d/0x30 [ 36.474826] wait_for_completion+0xa5/0x8d0 [ 36.474830] __synchronize_srcu+0x189/0x240 [ 36.474834] synchronize_srcu+0x335/0x56f [ 36.474839] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.474843] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.474847] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.474851] kvm_put_kvm+0x73f/0x1060 [ 36.474855] kvm_vm_release+0x42/0x50 [ 36.474858] __fput+0x38a/0xa40 [ 36.474862] ____fput+0x15/0x20 [ 36.474865] task_work_run+0x1e8/0x2a0 [ 36.474869] do_exit+0x1ae4/0x26e0 [ 36.474873] do_group_exit+0x177/0x440 [ 36.474877] __x64_sys_exit_group+0x3e/0x50 [ 36.474881] do_syscall_64+0x1b9/0x820 [ 36.474885] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.474887] [ 36.474890] -> #2 (&rq->lock){-.-.}: [ 36.474903] _raw_spin_lock+0x2a/0x40 [ 36.474907] task_fork_fair+0x93/0x680 [ 36.474911] sched_fork+0x44b/0xbd0 [ 36.474915] copy_process+0x235e/0x7ad0 [ 36.474918] _do_fork+0x1ca/0x1170 [ 36.474922] kernel_thread+0x34/0x40 [ 36.474925] rest_init+0x22/0xe4 [ 36.474929] start_kernel+0x913/0x94e [ 36.474933] x86_64_start_reservations+0x29/0x2b [ 36.474937] x86_64_start_kernel+0x76/0x79 [ 36.474941] secondary_startup_64+0xa4/0xb0 [ 36.474943] [ 36.474946] -> #1 (&p->pi_lock){-.-.}: [ 36.474960] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.474964] try_to_wake_up+0xd2/0x1250 [ 36.474967] wake_up_process+0x10/0x20 [ 36.474971] __up.isra.1+0x1c0/0x2a0 [ 36.474974] up+0x13c/0x1c0 [ 36.474978] __up_console_sem+0xbe/0x1b0 [ 36.474982] console_unlock+0x506/0x10d0 [ 36.474986] vprintk_emit+0x33a/0x910 [ 36.474989] vprintk_default+0x28/0x30 [ 36.474993] vprintk_func+0x7a/0x117 [ 36.474996] printk+0xa7/0xcf [ 36.475000] load_umh+0x51/0xbd [ 36.475004] do_one_initcall+0x127/0x838 [ 36.475008] kernel_init_freeable+0x4bb/0x5ae [ 36.475012] kernel_init+0x11/0x1b3 [ 36.475015] ret_from_fork+0x3a/0x50 [ 36.475017] [ 36.475020] -> #0 ((console_sem).lock){-...}: [ 36.475034] lock_acquire+0x1e4/0x4f0 [ 36.475038] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.475042] down_trylock+0x13/0x70 [ 36.475046] __down_trylock_console_sem+0xae/0x200 [ 36.475050] console_trylock+0x15/0xa0 [ 36.475053] vprintk_emit+0x31f/0x910 [ 36.475057] vprintk_default+0x28/0x30 [ 36.475061] vprintk_func+0x7a/0x117 [ 36.475064] printk+0xa7/0xcf [ 36.475068] kasan_report+0x9e/0x110 [ 36.475072] __asan_report_load8_noabort+0x14/0x20 [ 36.475076] __schedule+0xf54/0x1df0 [ 36.475080] preempt_schedule_common+0x22/0x60 [ 36.475084] _cond_resched+0x1d/0x30 [ 36.475088] wait_for_completion+0xa5/0x8d0 [ 36.475092] __synchronize_srcu+0x189/0x240 [ 36.475096] synchronize_srcu+0x335/0x56f [ 36.475100] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.475104] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.475108] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.475112] kvm_put_kvm+0x73f/0x1060 [ 36.475116] kvm_vm_release+0x42/0x50 [ 36.475119] __fput+0x38a/0xa40 [ 36.475123] ____fput+0x15/0x20 [ 36.475127] task_work_run+0x1e8/0x2a0 [ 36.475130] do_exit+0x1ae4/0x26e0 [ 36.475134] do_group_exit+0x177/0x440 [ 36.475138] __x64_sys_exit_group+0x3e/0x50 [ 36.475142] do_syscall_64+0x1b9/0x820 [ 36.475146] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.475148] [ 36.475153] other info that might help us debug this: [ 36.475155] [ 36.475158] Chain exists of: [ 36.475160] (console_sem).lock --> &rq->lock --> report_lock [ 36.475178] [ 36.475182] Possible unsafe locking scenario: [ 36.475184] [ 36.475188] CPU0 CPU1 [ 36.475192] ---- ---- [ 36.475194] lock(report_lock); [ 36.475203] lock(&rq->lock); [ 36.475212] lock(report_lock); [ 36.475220] lock((console_sem).lock); [ 36.475228] [ 36.475231] *** DEADLOCK *** [ 36.475233] [ 36.475237] 2 locks held by syz-executor067/4651: [ 36.475239] #0: 000000006192ef66 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 36.475256] #1: 00000000ab50058e (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.475272] [ 36.475275] stack backtrace: [ 36.475281] CPU: 0 PID: 4651 Comm: syz-executor067 Not tainted 4.19.0-rc1+ #215 [ 36.475288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.475291] Call Trace: [ 36.475295] dump_stack+0x1c9/0x2b4 [ 36.475300] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.475303] ? vprintk_func+0x100/0x117 [ 36.475308] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 36.475312] ? save_trace+0xe0/0x290 [ 36.475316] __lock_acquire+0x3449/0x5020 [ 36.475320] ? mark_held_locks+0x160/0x160 [ 36.475324] ? mark_held_locks+0x160/0x160 [ 36.475328] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.475332] ? is_bpf_text_address+0xd7/0x170 [ 36.475336] ? kernel_text_address+0x79/0xf0 [ 36.475340] ? __kernel_text_address+0xd/0x40 [ 36.475344] ? __save_stack_trace+0x8d/0xf0 [ 36.475348] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 36.475352] ? save_trace+0x290/0x290 [ 36.475356] ? save_stack_trace+0x1a/0x20 [ 36.475359] ? save_trace+0xe0/0x290 [ 36.475363] ? graph_lock+0x170/0x170 [ 36.475368] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.475371] lock_acquire+0x1e4/0x4f0 [ 36.475375] ? down_trylock+0x13/0x70 [ 36.475379] ? lock_release+0x9f0/0x9f0 [ 36.475383] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.475387] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.475391] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.475394] ? log_store+0x34f/0x4c0 [ 36.475398] ? vprintk_emit+0x31f/0x910 [ 36.475402] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.475406] ? down_trylock+0x13/0x70 [ 36.475409] down_trylock+0x13/0x70 [ 36.475414] __down_trylock_console_sem+0xae/0x200 [ 36.475417] console_trylock+0x15/0xa0 [ 36.475421] vprintk_emit+0x31f/0x910 [ 36.475425] ? wake_up_klogd+0x110/0x110 [ 36.475429] ? run_rebalance_domains+0x4c0/0x4c0 [ 36.475433] ? kasan_check_read+0x11/0x20 [ 36.475437] ? rcu_is_watching+0x8c/0x150 [ 36.475440] ? rcu_pm_notify+0xc0/0xc0 [ 36.475444] ? lock_acquire+0x1e4/0x4f0 [ 36.475448] ? kasan_report+0x8e/0x110 [ 36.475451] ? __schedule+0xf54/0x1df0 [ 36.475455] vprintk_default+0x28/0x30 [ 36.475459] vprintk_func+0x7a/0x117 [ 36.475462] printk+0xa7/0xcf [ 36.475466] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.475470] ? kasan_check_write+0x14/0x20 [ 36.475474] ? do_raw_spin_lock+0xc1/0x200 [ 36.475478] ? do_raw_spin_lock+0xc1/0x200 [ 36.475482] kasan_report+0x9e/0x110 [ 36.475486] __asan_report_load8_noabort+0x14/0x20 [ 36.475490] __schedule+0xf54/0x1df0 [ 36.475494] ? __sched_text_start+0x8/0x8 [ 36.475498] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 36.475502] ? __call_srcu+0x7e7/0x1040 [ 36.475506] ? check_same_owner+0x340/0x340 [ 36.475510] ? mark_held_locks+0x160/0x160 [ 36.475513] ? find_held_lock+0x36/0x1c0 [ 36.475517] preempt_schedule_common+0x22/0x60 [ 36.475521] _cond_resched+0x1d/0x30 [ 36.475525] wait_for_completion+0xa5/0x8d0 [ 36.475530] ? wait_for_completion_interruptible+0x950/0x950 [ 36.475534] ? __lockdep_init_map+0x105/0x590 [ 36.475538] ? __init_waitqueue_head+0x9e/0x150 [ 36.475542] ? init_wait_entry+0x1c0/0x1c0 [ 36.475546] __synchronize_srcu+0x189/0x240 [ 36.475549] ? call_srcu+0x10/0x10 [ 36.475553] ? rcu_unexpedite_gp+0x20/0x20 [ 36.475557] synchronize_srcu+0x335/0x56f [ 36.475561] ? lock_downgrade+0x8f0/0x8f0 [ 36.475565] ? synchronize_srcu_expedited+0x20/0x20 [ 36.475569] ? kasan_check_read+0x11/0x20 [ 36.475573] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.475577] ? kasan_check_write+0x14/0x20 [ 36.475581] ? do_raw_spin_lock+0xc1/0x200 [ 36.475586] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.475591] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.475594] ? kvfree+0x61/0x70 [ 36.475598] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.475602] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.475606] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.475610] ? kvm_arch_sync_events+0x30/0x30 [ 36.475615] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.475619] ? mmu_notifier_unregister+0x474/0x600 [ 36.475623] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.475627] ? kfree+0x111/0x210 [ 36.475631] ? __mmu_notifier_register+0x30/0x30 [ 36.475635] ? __free_pages+0x10a/0x190 [ 36.475639] ? free_unref_page+0x930/0x930 [ 36.475642] kvm_put_kvm+0x73f/0x1060 [ 36.475646] ? kvm_write_guest_cached+0x40/0x40 [ 36.475650] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.475654] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.475658] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.475662] ? kasan_check_write+0x14/0x20 [ 36.475666] ? do_raw_spin_lock+0xc1/0x200 [ 36.475670] ? kvm_irqfd_release+0xdd/0x120 [ 36.475674] ? kvm_irqfd_release+0xdd/0x120 [ 36.475678] ? kvm_put_kvm+0x1060/0x1060 [ 36.475682] kvm_vm_release+0x42/0x50 [ 36.475685] __fput+0x38a/0xa40 [ 36.475689] ? __alloc_file+0x400/0x400 [ 36.475693] ? check_same_owner+0x340/0x340 [ 36.475697] ? kasan_check_write+0x14/0x20 [ 36.475701] ? do_raw_spin_lock+0xc1/0x200 [ 36.475704] ____fput+0x15/0x20 [ 36.475708] task_work_run+0x1e8/0x2a0 [ 36.475712] ? task_work_cancel+0x240/0x240 [ 36.475716] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.475720] ? switch_task_namespaces+0xa2/0xd0 [ 36.475724] do_exit+0x1ae4/0x26e0 [ 36.475728] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.475732] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.475736] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.475740] ? kfree+0x1d7/0x210 [ 36.475744] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.475748] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.475752] ? is_bpf_text_address+0xd7/0x170 [ 36.475755] ? [ 36.475762] Lost 54 message(s)! [ 37.565464] Shutting down cpus with NMI [ 38.625675] Dumping ftrace buffer: [ 38.629202] (ftrace buffer empty) [ 38.632931] Kernel Offset: disabled [ 38.636559] Rebooting in 86400 seconds..