[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.830437] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 25.159528] random: sshd: uninitialized urandom read (32 bytes read) [ 25.462359] random: sshd: uninitialized urandom read (32 bytes read) [ 26.026200] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.212584] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts. [ 31.842305] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 31.941164] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 31.968120] ================================================================== [ 31.977970] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 31.984194] Read of size 8 at addr ffff8801d9688058 by task syz-executor564/4733 [ 31.991711] [ 31.993331] CPU: 0 PID: 4733 Comm: syz-executor564 Not tainted 4.19.0-rc1+ #216 [ 32.000767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.010111] Call Trace: [ 32.012706] dump_stack+0x1c9/0x2b4 [ 32.016332] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.021518] ? printk+0xa7/0xcf [ 32.024793] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.029544] ? __schedule+0xf54/0x1df0 [ 32.033425] print_address_description+0x6c/0x20b [ 32.038275] ? __schedule+0xf54/0x1df0 [ 32.042159] kasan_report.cold.7+0x242/0x30d [ 32.046572] __asan_report_load8_noabort+0x14/0x20 [ 32.051499] __schedule+0xf54/0x1df0 [ 32.055205] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.060308] ? __sched_text_start+0x8/0x8 [ 32.064454] ? __call_srcu+0x7e7/0x1040 [ 32.068431] ? check_same_owner+0x340/0x340 [ 32.072744] ? mark_held_locks+0x160/0x160 [ 32.076971] ? find_held_lock+0x36/0x1c0 [ 32.081039] preempt_schedule_common+0x22/0x60 [ 32.085615] _cond_resched+0x1d/0x30 [ 32.089323] wait_for_completion+0xa5/0x8d0 [ 32.093646] ? wait_for_completion_interruptible+0x950/0x950 [ 32.099454] ? __lockdep_init_map+0x105/0x590 [ 32.103944] ? __init_waitqueue_head+0x9e/0x150 [ 32.108608] ? init_wait_entry+0x1c0/0x1c0 [ 32.112842] __synchronize_srcu+0x189/0x240 [ 32.117161] ? call_srcu+0x10/0x10 [ 32.120701] ? rcu_unexpedite_gp+0x20/0x20 [ 32.124940] synchronize_srcu+0x335/0x56f [ 32.129096] ? lock_downgrade+0x8f0/0x8f0 [ 32.133242] ? synchronize_srcu_expedited+0x20/0x20 [ 32.138253] ? kasan_check_read+0x11/0x20 [ 32.142402] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.146982] ? kasan_check_write+0x14/0x20 [ 32.151210] ? do_raw_spin_lock+0xc1/0x200 [ 32.155447] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.161155] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.166614] ? kvfree+0x61/0x70 [ 32.169893] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.174908] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.178995] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.183422] ? kvm_arch_sync_events+0x30/0x30 [ 32.187917] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.193450] ? mmu_notifier_unregister+0x474/0x600 [ 32.198375] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.202788] ? kfree+0x111/0x210 [ 32.206164] ? __mmu_notifier_register+0x30/0x30 [ 32.210931] ? __free_pages+0x10a/0x190 [ 32.214919] ? free_unref_page+0x930/0x930 [ 32.219162] kvm_put_kvm+0x73f/0x1060 [ 32.222964] ? kvm_write_guest_cached+0x40/0x40 [ 32.227633] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.232142] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.236878] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.241462] ? kasan_check_write+0x14/0x20 [ 32.245691] ? do_raw_spin_lock+0xc1/0x200 [ 32.249925] ? kvm_irqfd_release+0xdd/0x120 [ 32.254239] ? kvm_irqfd_release+0xdd/0x120 [ 32.258556] ? kvm_put_kvm+0x1060/0x1060 [ 32.262615] kvm_vm_release+0x42/0x50 [ 32.266421] __fput+0x38a/0xa40 [ 32.269696] ? __alloc_file+0x400/0x400 [ 32.273673] ? check_same_owner+0x340/0x340 [ 32.277991] ? kasan_check_write+0x14/0x20 [ 32.282223] ? do_raw_spin_lock+0xc1/0x200 [ 32.286453] ____fput+0x15/0x20 [ 32.289730] task_work_run+0x1e8/0x2a0 [ 32.293614] ? task_work_cancel+0x240/0x240 [ 32.297938] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.303470] ? switch_task_namespaces+0xa2/0xd0 [ 32.308136] do_exit+0x1ae4/0x26e0 [ 32.311681] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.316349] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.320585] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.325594] ? kfree+0x1d7/0x210 [ 32.328956] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.333201] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.338908] ? is_bpf_text_address+0xd7/0x170 [ 32.343407] ? kernel_text_address+0x79/0xf0 [ 32.348059] ? __kernel_text_address+0xd/0x40 [ 32.352553] ? unwind_get_return_address+0x61/0xa0 [ 32.357480] ? __save_stack_trace+0x8d/0xf0 [ 32.361821] ? save_stack+0xa9/0xd0 [ 32.365443] ? save_stack+0x43/0xd0 [ 32.369065] ? __kasan_slab_free+0x11a/0x170 [ 32.373463] ? kasan_slab_free+0xe/0x10 [ 32.377454] ? putname+0xf2/0x130 [ 32.380908] ? __x64_sys_openat+0x9d/0x100 [ 32.385163] ? do_syscall_64+0x1b9/0x820 [ 32.389222] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.394580] ? trace_hardirqs_off+0xb8/0x2b0 [ 32.398982] ? kasan_check_read+0x11/0x20 [ 32.403142] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.407547] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.411951] ? initcall_blacklisted+0x9a/0x1e0 [ 32.416530] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.421629] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.427341] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.432887] ? do_vfs_ioctl+0x201/0x1720 [ 32.436942] ? rcu_is_watching+0x8c/0x150 [ 32.441099] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.445438] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 32.450454] ? __fget_light+0x2f7/0x440 [ 32.454423] ? fget_raw+0x20/0x20 [ 32.457868] ? putname+0xf2/0x130 [ 32.461316] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.466325] ? kmem_cache_free+0x246/0x280 [ 32.470554] ? putname+0xf7/0x130 [ 32.474018] do_group_exit+0x177/0x440 [ 32.477919] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.482234] ? __ia32_sys_exit+0x50/0x50 [ 32.486287] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.491395] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 32.496929] ? ksys_ioctl+0x81/0xd0 [ 32.500562] __x64_sys_exit_group+0x3e/0x50 [ 32.504893] do_syscall_64+0x1b9/0x820 [ 32.508774] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.514134] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.519057] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.523925] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 32.528938] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.533954] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.538796] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.543978] RIP: 0033:0x43ed08 [ 32.547181] Code: Bad RIP value. [ 32.550537] RSP: 002b:00007fff7d61c3c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.558265] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed08 [ 32.565523] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.572783] RBP: 00000000004be5c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.580048] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 32.587308] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 32.594573] [ 32.596195] Allocated by task 4733: [ 32.599832] save_stack+0x43/0xd0 [ 32.603290] kasan_kmalloc+0xc4/0xe0 [ 32.607000] kasan_slab_alloc+0x12/0x20 [ 32.610971] kmem_cache_alloc+0x12e/0x710 [ 32.615115] vmx_create_vcpu+0xcf/0x2830 [ 32.619183] kvm_arch_vcpu_create+0xe5/0x220 [ 32.623588] kvm_vm_ioctl+0x488/0x1d80 [ 32.627481] do_vfs_ioctl+0x1de/0x1720 [ 32.631358] ksys_ioctl+0xa9/0xd0 [ 32.634810] __x64_sys_ioctl+0x73/0xb0 [ 32.638692] do_syscall_64+0x1b9/0x820 [ 32.642575] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.647748] [ 32.649362] Freed by task 4733: [ 32.652640] save_stack+0x43/0xd0 [ 32.656094] __kasan_slab_free+0x11a/0x170 [ 32.660319] kasan_slab_free+0xe/0x10 [ 32.664113] kmem_cache_free+0x86/0x280 [ 32.668080] vmx_free_vcpu+0x26b/0x300 [ 32.671961] kvm_arch_destroy_vm+0x365/0x7c0 [ 32.676360] kvm_put_kvm+0x73f/0x1060 [ 32.680187] kvm_vm_release+0x42/0x50 [ 32.683978] __fput+0x38a/0xa40 [ 32.687245] ____fput+0x15/0x20 [ 32.690515] task_work_run+0x1e8/0x2a0 [ 32.694400] do_exit+0x1ae4/0x26e0 [ 32.697933] do_group_exit+0x177/0x440 [ 32.701810] __x64_sys_exit_group+0x3e/0x50 [ 32.706128] do_syscall_64+0x1b9/0x820 [ 32.710027] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.715198] [ 32.716858] The buggy address belongs to the object at ffff8801d9688040 [ 32.716858] which belongs to the cache kvm_vcpu of size 23872 [ 32.729429] The buggy address is located 24 bytes inside of [ 32.729429] 23872-byte region [ffff8801d9688040, ffff8801d968dd80) [ 32.741419] The buggy address belongs to the page: [ 32.746339] page:ffffea000765a200 count:1 mapcount:0 mapping:ffff8801d5191b40 index:0x0 compound_mapcount: 0 [ 32.756302] flags: 0x2fffc0000008100(slab|head) [ 32.760968] raw: 02fffc0000008100 ffff8801d518b648 ffff8801d518b648 ffff8801d5191b40 [ 32.768861] raw: 0000000000000000 ffff8801d9688040 0000000100000001 0000000000000000 [ 32.776725] page dumped because: kasan: bad access detected [ 32.782422] [ 32.784034] Memory state around the buggy address: [ 32.788983] ffff8801d9687f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc [ 32.796335] ffff8801d9687f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.803683] >ffff8801d9688000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 32.811027] ^ [ 32.817248] ffff8801d9688080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.824612] ffff8801d9688100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.831956] ================================================================== [ 32.839305] Kernel panic - not syncing: panic_on_warn set ... [ 32.839305] [ 32.846673] CPU: 0 PID: 4733 Comm: syz-executor564 Tainted: G B 4.19.0-rc1+ #216 [ 32.855506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.864850] Call Trace: [ 32.867439] dump_stack+0x1c9/0x2b4 [ 32.871075] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.876261] ? lock_downgrade+0x8f0/0x8f0 [ 32.880421] ? __schedule+0xf54/0x1df0 [ 32.884303] panic+0x238/0x4e7 [ 32.887492] ? add_taint.cold.5+0x16/0x16 [ 32.891660] ? print_shadow_for_address+0xba/0x116 [ 32.896588] ? trace_hardirqs_off+0xaf/0x2b0 [ 32.900989] ? trace_hardirqs_off+0x77/0x2b0 [ 32.905402] ? __schedule+0xf54/0x1df0 [ 32.909286] kasan_end_report+0x47/0x4f [ 32.913254] kasan_report.cold.7+0x76/0x30d [ 32.917572] __asan_report_load8_noabort+0x14/0x20 [ 32.922500] __schedule+0xf54/0x1df0 [ 32.926212] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.931357] ? __sched_text_start+0x8/0x8 [ 32.935513] ? __call_srcu+0x7e7/0x1040 [ 32.939493] ? check_same_owner+0x340/0x340 [ 32.943809] ? mark_held_locks+0x160/0x160 [ 32.948052] ? find_held_lock+0x36/0x1c0 [ 32.952112] preempt_schedule_common+0x22/0x60 [ 32.956709] _cond_resched+0x1d/0x30 [ 32.960450] wait_for_completion+0xa5/0x8d0 [ 32.964779] ? wait_for_completion_interruptible+0x950/0x950 [ 32.970573] ? __lockdep_init_map+0x105/0x590 [ 32.975068] ? __init_waitqueue_head+0x9e/0x150 [ 32.979737] ? init_wait_entry+0x1c0/0x1c0 [ 32.983983] __synchronize_srcu+0x189/0x240 [ 32.988297] ? call_srcu+0x10/0x10 [ 32.991831] ? rcu_unexpedite_gp+0x20/0x20 [ 32.996068] synchronize_srcu+0x335/0x56f [ 33.000210] ? lock_downgrade+0x8f0/0x8f0 [ 33.004354] ? synchronize_srcu_expedited+0x20/0x20 [ 33.009365] ? kasan_check_read+0x11/0x20 [ 33.013519] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.018096] ? kasan_check_write+0x14/0x20 [ 33.022327] ? do_raw_spin_lock+0xc1/0x200 [ 33.026575] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.032280] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.037740] ? kvfree+0x61/0x70 [ 33.041016] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.046026] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.050096] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.054515] ? kvm_arch_sync_events+0x30/0x30 [ 33.059022] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.064557] ? mmu_notifier_unregister+0x474/0x600 [ 33.069482] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.073905] ? kfree+0x111/0x210 [ 33.077281] ? __mmu_notifier_register+0x30/0x30 [ 33.082034] ? __free_pages+0x10a/0x190 [ 33.086003] ? free_unref_page+0x930/0x930 [ 33.090240] kvm_put_kvm+0x73f/0x1060 [ 33.094057] ? kvm_write_guest_cached+0x40/0x40 [ 33.098730] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.103242] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.107735] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.112314] ? kasan_check_write+0x14/0x20 [ 33.116547] ? do_raw_spin_lock+0xc1/0x200 [ 33.120779] ? kvm_irqfd_release+0xdd/0x120 [ 33.125098] ? kvm_irqfd_release+0xdd/0x120 [ 33.129420] ? kvm_put_kvm+0x1060/0x1060 [ 33.133479] kvm_vm_release+0x42/0x50 [ 33.137274] __fput+0x38a/0xa40 [ 33.140552] ? __alloc_file+0x400/0x400 [ 33.144537] ? check_same_owner+0x340/0x340 [ 33.148879] ? kasan_check_write+0x14/0x20 [ 33.153108] ? do_raw_spin_lock+0xc1/0x200 [ 33.157340] ____fput+0x15/0x20 [ 33.160612] task_work_run+0x1e8/0x2a0 [ 33.164493] ? task_work_cancel+0x240/0x240 [ 33.168811] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.174344] ? switch_task_namespaces+0xa2/0xd0 [ 33.179022] do_exit+0x1ae4/0x26e0 [ 33.182562] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.187230] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.191477] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.196499] ? kfree+0x1d7/0x210 [ 33.199861] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.204091] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.209799] ? is_bpf_text_address+0xd7/0x170 [ 33.214286] ? kernel_text_address+0x79/0xf0 [ 33.218687] ? __kernel_text_address+0xd/0x40 [ 33.223181] ? unwind_get_return_address+0x61/0xa0 [ 33.228109] ? __save_stack_trace+0x8d/0xf0 [ 33.232436] ? save_stack+0xa9/0xd0 [ 33.236060] ? save_stack+0x43/0xd0 [ 33.239932] ? __kasan_slab_free+0x11a/0x170 [ 33.244360] ? kasan_slab_free+0xe/0x10 [ 33.248336] ? putname+0xf2/0x130 [ 33.251786] ? __x64_sys_openat+0x9d/0x100 [ 33.256029] ? do_syscall_64+0x1b9/0x820 [ 33.260154] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.265515] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.269916] ? kasan_check_read+0x11/0x20 [ 33.274063] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.278466] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.282878] ? initcall_blacklisted+0x9a/0x1e0 [ 33.287465] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.292584] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.298296] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.303832] ? do_vfs_ioctl+0x201/0x1720 [ 33.307888] ? rcu_is_watching+0x8c/0x150 [ 33.312045] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.316367] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 33.321382] ? __fget_light+0x2f7/0x440 [ 33.325371] ? fget_raw+0x20/0x20 [ 33.328824] ? putname+0xf2/0x130 [ 33.332275] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.337284] ? kmem_cache_free+0x246/0x280 [ 33.341518] ? putname+0xf7/0x130 [ 33.344978] do_group_exit+0x177/0x440 [ 33.348864] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.353183] ? __ia32_sys_exit+0x50/0x50 [ 33.357238] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.362335] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.367877] ? ksys_ioctl+0x81/0xd0 [ 33.371502] __x64_sys_exit_group+0x3e/0x50 [ 33.375835] do_syscall_64+0x1b9/0x820 [ 33.379718] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.385078] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.390013] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.394850] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.399864] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.404882] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.409723] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.414907] RIP: 0033:0x43ed08 [ 33.418098] Code: Bad RIP value. [ 33.421455] RSP: 002b:00007fff7d61c3c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.429156] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed08 [ 33.436423] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.443685] RBP: 00000000004be5c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.450958] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.458236] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.465536] [ 33.465541] ====================================================== [ 33.465547] WARNING: possible circular locking dependency detected [ 33.465550] 4.19.0-rc1+ #216 Not tainted [ 33.465555] ------------------------------------------------------ [ 33.465560] syz-executor564/4733 is trying to acquire lock: [ 33.465563] 0000000053c72a2b ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 33.465578] [ 33.465582] but task is already holding lock: [ 33.465585] 000000007bfef975 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.465599] [ 33.465604] which lock already depends on the new lock. [ 33.465606] [ 33.465608] [ 33.465613] the existing dependency chain (in reverse order) is: [ 33.465615] [ 33.465617] -> #3 (report_lock){....}: [ 33.465631] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.465635] kasan_report+0x8e/0x110 [ 33.465639] __asan_report_load8_noabort+0x14/0x20 [ 33.465643] __schedule+0xf54/0x1df0 [ 33.465647] preempt_schedule_common+0x22/0x60 [ 33.465657] _cond_resched+0x1d/0x30 [ 33.465662] wait_for_completion+0xa5/0x8d0 [ 33.465666] __synchronize_srcu+0x189/0x240 [ 33.465670] synchronize_srcu+0x335/0x56f [ 33.465674] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.465678] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.465682] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.465686] kvm_put_kvm+0x73f/0x1060 [ 33.465690] kvm_vm_release+0x42/0x50 [ 33.465693] __fput+0x38a/0xa40 [ 33.465697] ____fput+0x15/0x20 [ 33.465700] task_work_run+0x1e8/0x2a0 [ 33.465704] do_exit+0x1ae4/0x26e0 [ 33.465708] do_group_exit+0x177/0x440 [ 33.465712] __x64_sys_exit_group+0x3e/0x50 [ 33.465715] do_syscall_64+0x1b9/0x820 [ 33.465720] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.465722] [ 33.465725] -> #2 (&rq->lock){-.-.}: [ 33.465738] _raw_spin_lock+0x2a/0x40 [ 33.465742] task_fork_fair+0x93/0x680 [ 33.465745] sched_fork+0x44b/0xbd0 [ 33.465749] copy_process+0x235e/0x7ad0 [ 33.465753] _do_fork+0x1ca/0x1170 [ 33.465756] kernel_thread+0x34/0x40 [ 33.465760] rest_init+0x22/0xe4 [ 33.465763] start_kernel+0x913/0x94e [ 33.465768] x86_64_start_reservations+0x29/0x2b [ 33.465772] x86_64_start_kernel+0x76/0x79 [ 33.465776] secondary_startup_64+0xa4/0xb0 [ 33.465778] [ 33.465780] -> #1 (&p->pi_lock){-.-.}: [ 33.465794] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.465798] try_to_wake_up+0xd2/0x1250 [ 33.465802] wake_up_process+0x10/0x20 [ 33.465805] __up.isra.1+0x1c0/0x2a0 [ 33.465808] up+0x13c/0x1c0 [ 33.465812] __up_console_sem+0xbe/0x1b0 [ 33.465816] console_unlock+0x506/0x10d0 [ 33.465820] vprintk_emit+0x33a/0x910 [ 33.465823] vprintk_default+0x28/0x30 [ 33.465827] vprintk_func+0x7a/0x117 [ 33.465830] printk+0xa7/0xcf [ 33.465834] do_exit.cold.22+0x120/0x21f [ 33.465851] do_group_exit+0x177/0x440 [ 33.465855] __x64_sys_exit_group+0x3e/0x50 [ 33.465859] do_syscall_64+0x1b9/0x820 [ 33.465863] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.465865] [ 33.465867] -> #0 ((console_sem).lock){-...}: [ 33.465881] lock_acquire+0x1e4/0x4f0 [ 33.465885] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.465888] down_trylock+0x13/0x70 [ 33.465892] __down_trylock_console_sem+0xae/0x200 [ 33.465896] console_trylock+0x15/0xa0 [ 33.465899] vprintk_emit+0x31f/0x910 [ 33.465903] vprintk_default+0x28/0x30 [ 33.465907] vprintk_func+0x7a/0x117 [ 33.465910] printk+0xa7/0xcf [ 33.465913] kasan_report+0x9e/0x110 [ 33.465917] __asan_report_load8_noabort+0x14/0x20 [ 33.465921] __schedule+0xf54/0x1df0 [ 33.465925] preempt_schedule_common+0x22/0x60 [ 33.465929] _cond_resched+0x1d/0x30 [ 33.465945] wait_for_completion+0xa5/0x8d0 [ 33.465949] __synchronize_srcu+0x189/0x240 [ 33.465952] synchronize_srcu+0x335/0x56f [ 33.465957] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.465961] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.465965] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.465969] kvm_put_kvm+0x73f/0x1060 [ 33.465972] kvm_vm_release+0x42/0x50 [ 33.465976] __fput+0x38a/0xa40 [ 33.465979] ____fput+0x15/0x20 [ 33.465983] task_work_run+0x1e8/0x2a0 [ 33.465986] do_exit+0x1ae4/0x26e0 [ 33.465990] do_group_exit+0x177/0x440 [ 33.465994] __x64_sys_exit_group+0x3e/0x50 [ 33.465998] do_syscall_64+0x1b9/0x820 [ 33.466002] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.466004] [ 33.466009] other info that might help us debug this: [ 33.466011] [ 33.466014] Chain exists of: [ 33.466016] (console_sem).lock --> &rq->lock --> report_lock [ 33.466033] [ 33.466037] Possible unsafe locking scenario: [ 33.466039] [ 33.466057] CPU0 CPU1 [ 33.466061] ---- ---- [ 33.466063] lock(report_lock); [ 33.466084] lock(&rq->lock); [ 33.466093] lock(report_lock); [ 33.466100] lock((console_sem).lock); [ 33.466108] [ 33.466111] *** DEADLOCK *** [ 33.466113] [ 33.466117] 2 locks held by syz-executor564/4733: [ 33.466120] #0: 0000000027324743 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 33.466149] #1: 000000007bfef975 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.466166] [ 33.466169] stack backtrace: [ 33.466174] CPU: 0 PID: 4733 Comm: syz-executor564 Not tainted 4.19.0-rc1+ #216 [ 33.466181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.466183] Call Trace: [ 33.466187] dump_stack+0x1c9/0x2b4 [ 33.466191] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.466195] ? vprintk_func+0x100/0x117 [ 33.466199] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 33.466203] ? save_trace+0xe0/0x290 [ 33.466207] __lock_acquire+0x3449/0x5020 [ 33.466211] ? mark_held_locks+0x160/0x160 [ 33.466214] ? mark_held_locks+0x160/0x160 [ 33.466232] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 33.466235] ? is_bpf_text_address+0xd7/0x170 [ 33.466239] ? kernel_text_address+0x79/0xf0 [ 33.466243] ? __kernel_text_address+0xd/0x40 [ 33.466247] ? __save_stack_trace+0x8d/0xf0 [ 33.466251] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 33.466254] ? save_trace+0x290/0x290 [ 33.466258] ? save_stack_trace+0x1a/0x20 [ 33.466261] ? save_trace+0xe0/0x290 [ 33.466264] ? graph_lock+0x170/0x170 [ 33.466269] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.466272] lock_acquire+0x1e4/0x4f0 [ 33.466275] ? down_trylock+0x13/0x70 [ 33.466279] ? lock_release+0x9f0/0x9f0 [ 33.466283] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.466286] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.466290] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.466293] ? log_store+0x34f/0x4c0 [ 33.466297] ? vprintk_emit+0x31f/0x910 [ 33.466301] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.466304] ? down_trylock+0x13/0x70 [ 33.466307] down_trylock+0x13/0x70 [ 33.466311] __down_trylock_console_sem+0xae/0x200 [ 33.466315] console_trylock+0x15/0xa0 [ 33.466318] vprintk_emit+0x31f/0x910 [ 33.466322] ? wake_up_klogd+0x110/0x110 [ 33.466326] ? run_rebalance_domains+0x4c0/0x4c0 [ 33.466329] ? kasan_check_read+0x11/0x20 [ 33.466333] ? rcu_is_watching+0x8c/0x150 [ 33.466336] ? rcu_pm_notify+0xc0/0xc0 [ 33.466340] ? lock_acquire+0x1e4/0x4f0 [ 33.466343] ? kasan_report+0x8e/0x110 [ 33.466347] ? __schedule+0xf54/0x1df0 [ 33.466350] vprintk_default+0x28/0x30 [ 33.466353] vprintk_func+0x7a/0x117 [ 33.466356] printk+0xa7/0xcf [ 33.466360] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.466364] ? kasan_check_write+0x14/0x20 [ 33.466367] ? do_raw_spin_lock+0xc1/0x200 [ 33.466371] ? do_raw_spin_lock+0xc1/0x200 [ 33.466374] kasan_report+0x9e/0x110 [ 33.466378] __asan_report_load8_noabort+0x14/0x20 [ 33.466382] __schedule+0xf54/0x1df0 [ 33.466393] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.466397] ? __sched_text_start+0x8/0x8 [ 33.466401] ? __call_srcu+0x7e7/0x1040 [ 33.466404] ? check_same_owner+0x340/0x340 [ 33.466408] ? mark_held_locks+0x160/0x160 [ 33.466412] ? find_held_lock+0x36/0x1c0 [ 33.466415] preempt_schedule_common+0x22/0x60 [ 33.466419] _cond_resched+0x1d/0x30 [ 33.466422] wait_for_completion+0xa5/0x8d0 [ 33.466427] ? wait_for_completion_interruptible+0x950/0x950 [ 33.466430] ? __lockdep_init_map+0x105/0x590 [ 33.466434] ? __init_waitqueue_head+0x9e/0x150 [ 33.466438] ? init_wait_entry+0x1c0/0x1c0 [ 33.466442] __synchronize_srcu+0x189/0x240 [ 33.466445] ? call_srcu+0x10/0x10 [ 33.466449] ? rcu_unexpedite_gp+0x20/0x20 [ 33.466453] synchronize_srcu+0x335/0x56f [ 33.466456] ? lock_downgrade+0x8f0/0x8f0 [ 33.466460] ? synchronize_srcu_expedited+0x20/0x20 [ 33.466464] ? kasan_check_read+0x11/0x20 [ 33.466468] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.466471] ? kasan_check_write+0x14/0x20 [ 33.466475] ? do_raw_spin_lock+0xc1/0x200 [ 33.466480] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.466484] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.466487] ? kvfree+0x61/0x70 [ 33.466491] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.466495] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.466498] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.466502] ? kvm_arch_sync_events+0x30/0x30 [ 33.466506] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.466510] ? mmu_notifier_unregister+0x474/0x600 [ 33.466514] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.466517] ? kfree+0x111/0x210 [ 33.466521] ? __mmu_notifier_register+0x30/0x30 [ 33.466525] ? __free_pages+0x10a/0x190 [ 33.466528] ? free_unref_page+0x930/0x930 [ 33.466532] kvm_put_kvm+0x73f/0x1060 [ 33.466535] ? kvm_write_guest_cached+0x40/0x40 [ 33.466539] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.466543] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.466547] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.466550] ? kasan_check_write+0x14/0x20 [ 33.466554] ? do_raw_spin_lock+0xc1/0x200 [ 33.466558] ? kvm_irqfd_release+0xdd/0x120 [ 33.466561] ? kvm_irqfd_release+0xdd/0x120 [ 33.466565] ? kvm_put_kvm+0x1060/0x1060 [ 33.466568] kvm_vm_release+0x42/0x50 [ 33.466571] __fput+0x38a/0xa40 [ 33.466575] ? __alloc_file+0x400/0x400 [ 33.466578] ? check_same_owner+0x340/0x340 [ 33.466582] ? kasan_check_write+0x14/0x20 [ 33.466586] ? do_raw_spin_lock+0xc1/0x200 [ 33.466589] ____fput+0x15/0x20 [ 33.466592] task_work_run+0x1e8/0x2a0 [ 33.466596] ? task_work_cancel+0x240/0x240 [ 33.466600] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.466604] ? switch_task_namespaces+0xa2/0xd0 [ 33.466607] do_exit+0x1ae4/0x26e0 [ 33.466611] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.466615] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.466619] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.466622] ? kfree+0x1d7/0x210 [ 33.466626] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.466630] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.466633] ? is_bpf_tex [ 33.466639] Lost 54 message(s)! [ 34.571659] Shutting down cpus with NMI [ 35.630704] Dumping ftrace buffer: [ 35.634230] (ftrace buffer empty) [ 35.637918] Kernel Offset: disabled [ 35.641529] Rebooting in 86400 seconds..