[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.961921] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.144835] random: sshd: uninitialized urandom read (32 bytes read) [ 25.563746] random: sshd: uninitialized urandom read (32 bytes read) [ 26.099951] random: sshd: uninitialized urandom read (32 bytes read) [ 34.548697] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts. [ 40.237750] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 40.335336] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 40.359884] ================================================================== [ 40.368693] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 40.374917] Read of size 8 at addr ffff8801b7590098 by task syz-executor559/4688 [ 40.382428] [ 40.384048] CPU: 0 PID: 4688 Comm: syz-executor559 Not tainted 4.19.0-rc1+ #217 [ 40.391477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.400942] Call Trace: [ 40.403524] dump_stack+0x1c9/0x2b4 [ 40.407137] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.412321] ? printk+0xa7/0xcf [ 40.415743] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 40.420491] ? __schedule+0xf54/0x1df0 [ 40.424467] print_address_description+0x6c/0x20b [ 40.429304] ? __schedule+0xf54/0x1df0 [ 40.433249] kasan_report.cold.7+0x242/0x30d [ 40.437652] __asan_report_load8_noabort+0x14/0x20 [ 40.442567] __schedule+0xf54/0x1df0 [ 40.446270] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 40.451476] ? __sched_text_start+0x8/0x8 [ 40.455614] ? __call_srcu+0x7e7/0x1040 [ 40.459581] ? check_same_owner+0x340/0x340 [ 40.463887] ? mark_held_locks+0x160/0x160 [ 40.468210] ? find_held_lock+0x36/0x1c0 [ 40.472262] preempt_schedule_common+0x22/0x60 [ 40.476827] _cond_resched+0x1d/0x30 [ 40.480571] wait_for_completion+0xa5/0x8d0 [ 40.484889] ? wait_for_completion_interruptible+0x950/0x950 [ 40.490670] ? __lockdep_init_map+0x105/0x590 [ 40.495152] ? __init_waitqueue_head+0x9e/0x150 [ 40.499801] ? init_wait_entry+0x1c0/0x1c0 [ 40.504019] __synchronize_srcu+0x189/0x240 [ 40.508686] ? call_srcu+0x10/0x10 [ 40.512217] ? rcu_unexpedite_gp+0x20/0x20 [ 40.516439] synchronize_srcu+0x335/0x56f [ 40.520567] ? lock_downgrade+0x8f0/0x8f0 [ 40.524747] ? synchronize_srcu_expedited+0x20/0x20 [ 40.529759] ? kasan_check_read+0x11/0x20 [ 40.533902] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.538478] ? kasan_check_write+0x14/0x20 [ 40.542701] ? do_raw_spin_lock+0xc1/0x200 [ 40.546923] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.552630] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 40.558071] ? kvfree+0x61/0x70 [ 40.561344] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.566351] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.570404] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.574809] ? kvm_arch_sync_events+0x30/0x30 [ 40.579295] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.584822] ? mmu_notifier_unregister+0x474/0x600 [ 40.589741] ? trace_hardirqs_on+0x2c0/0x2c0 [ 40.594144] ? kfree+0x111/0x210 [ 40.597499] ? __mmu_notifier_register+0x30/0x30 [ 40.602247] ? __free_pages+0x10a/0x190 [ 40.606210] ? free_unref_page+0x930/0x930 [ 40.610446] kvm_put_kvm+0x73f/0x1060 [ 40.614246] ? kvm_write_guest_cached+0x40/0x40 [ 40.618910] ? _raw_spin_unlock_irq+0x27/0x70 [ 40.623405] ? _raw_spin_unlock_irq+0x27/0x70 [ 40.627897] ? lockdep_hardirqs_on+0x421/0x5c0 [ 40.632469] ? kasan_check_write+0x14/0x20 [ 40.636688] ? do_raw_spin_lock+0xc1/0x200 [ 40.640907] ? kvm_irqfd_release+0xdd/0x120 [ 40.645210] ? kvm_irqfd_release+0xdd/0x120 [ 40.649515] ? kvm_put_kvm+0x1060/0x1060 [ 40.653562] kvm_vm_release+0x42/0x50 [ 40.657347] __fput+0x38a/0xa40 [ 40.660716] ? __alloc_file+0x400/0x400 [ 40.664682] ? check_same_owner+0x340/0x340 [ 40.668992] ? kasan_check_write+0x14/0x20 [ 40.673214] ? do_raw_spin_lock+0xc1/0x200 [ 40.677433] ____fput+0x15/0x20 [ 40.680699] task_work_run+0x1e8/0x2a0 [ 40.684579] ? task_work_cancel+0x240/0x240 [ 40.688890] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.694413] ? switch_task_namespaces+0xa2/0xd0 [ 40.699069] do_exit+0x1ae4/0x26e0 [ 40.702592] ? find_held_lock+0x36/0x1c0 [ 40.706643] ? mm_update_next_owner+0x9a0/0x9a0 [ 40.711301] ? print_usage_bug+0xc0/0xc0 [ 40.715355] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 40.720452] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 40.725545] ? __lock_acquire+0x7fc/0x5020 [ 40.729761] ? graph_lock+0x170/0x170 [ 40.733624] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 40.738763] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.743337] ? __lock_acquire+0x7fc/0x5020 [ 40.747553] ? mark_held_locks+0x160/0x160 [ 40.751777] ? graph_lock+0x170/0x170 [ 40.755566] ? mark_held_locks+0x160/0x160 [ 40.759794] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.765316] ? vmcs_load+0x144/0x1a0 [ 40.769119] ? crash_vmclear_local_loaded_vmcss+0x170/0x170 [ 40.774830] ? graph_lock+0x170/0x170 [ 40.778620] ? graph_lock+0x170/0x170 [ 40.782404] ? find_held_lock+0x36/0x1c0 [ 40.786447] ? memset+0x31/0x40 [ 40.789711] ? find_held_lock+0x36/0x1c0 [ 40.793758] ? _raw_spin_unlock_irq+0x27/0x70 [ 40.798237] ? _raw_spin_unlock_irq+0x27/0x70 [ 40.802723] do_group_exit+0x177/0x440 [ 40.806677] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 40.811892] ? __ia32_sys_exit+0x50/0x50 [ 40.815949] get_signal+0x851/0x18e0 [ 40.819657] ? ptrace_notify+0x130/0x130 [ 40.823707] ? __switch_to_asm+0x34/0x70 [ 40.827754] ? __schedule+0x884/0x1df0 [ 40.831623] ? __sched_text_start+0x8/0x8 [ 40.835750] ? __fget+0x4d5/0x740 [ 40.839194] do_signal+0x9c/0x21c0 [ 40.842721] ? setup_sigcontext+0x7d0/0x7d0 [ 40.847040] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 40.852747] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.858275] ? do_vfs_ioctl+0x201/0x1720 [ 40.862322] ? schedule+0xfb/0x450 [ 40.865845] ? ioctl_preallocate+0x300/0x300 [ 40.870245] ? exit_to_usermode_loop+0x8c/0x380 [ 40.875044] ? __x64_sys_futex+0x47f/0x6a0 [ 40.879272] exit_to_usermode_loop+0x2e5/0x380 [ 40.883838] ? syscall_slow_exit_work+0x490/0x490 [ 40.888663] ? ksys_ioctl+0x81/0xd0 [ 40.892323] do_syscall_64+0x6be/0x820 [ 40.896204] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 40.901556] ? syscall_return_slowpath+0x5e0/0x5e0 [ 40.906466] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 40.911464] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 40.916464] ? recalc_sigpending_tsk+0x180/0x180 [ 40.921264] ? kasan_check_write+0x14/0x20 [ 40.925562] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.930402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.935575] RIP: 0033:0x4459e9 [ 40.938750] Code: Bad RIP value. [ 40.942094] RSP: 002b:00007f7f5db58d98 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 40.949787] RAX: 0000000000000001 RBX: 00000000006dcc58 RCX: 00000000004459e9 [ 40.957053] RDX: 00000000004459e9 RSI: 0000000000000081 RDI: 00000000006dcc5c [ 40.964304] RBP: 00000000006dcc50 R08: 0000000000000000 R09: 0000000000000000 [ 40.971554] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc5c [ 40.978882] R13: 0000000020000300 R14: 6d766b2f7665642f R15: 00000000006dcd4c [ 40.986145] [ 40.987760] Allocated by task 4687: [ 40.991372] save_stack+0x43/0xd0 [ 40.994805] kasan_kmalloc+0xc4/0xe0 [ 40.998499] kasan_slab_alloc+0x12/0x20 [ 41.002452] kmem_cache_alloc+0x12e/0x710 [ 41.006640] vmx_create_vcpu+0xcf/0x2830 [ 41.010689] kvm_arch_vcpu_create+0xe5/0x220 [ 41.015079] kvm_vm_ioctl+0x488/0x1d80 [ 41.018953] do_vfs_ioctl+0x1de/0x1720 [ 41.022826] ksys_ioctl+0xa9/0xd0 [ 41.026263] __x64_sys_ioctl+0x73/0xb0 [ 41.030188] do_syscall_64+0x1b9/0x820 [ 41.034064] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.039231] [ 41.040888] Freed by task 4688: [ 41.044157] save_stack+0x43/0xd0 [ 41.047589] __kasan_slab_free+0x11a/0x170 [ 41.051804] kasan_slab_free+0xe/0x10 [ 41.055695] kmem_cache_free+0x86/0x280 [ 41.059654] vmx_free_vcpu+0x26b/0x300 [ 41.063531] kvm_arch_destroy_vm+0x365/0x7c0 [ 41.067930] kvm_put_kvm+0x73f/0x1060 [ 41.071717] kvm_vm_release+0x42/0x50 [ 41.075500] __fput+0x38a/0xa40 [ 41.078760] ____fput+0x15/0x20 [ 41.082018] task_work_run+0x1e8/0x2a0 [ 41.085892] do_exit+0x1ae4/0x26e0 [ 41.089412] do_group_exit+0x177/0x440 [ 41.093278] get_signal+0x851/0x18e0 [ 41.096973] do_signal+0x9c/0x21c0 [ 41.100503] exit_to_usermode_loop+0x2e5/0x380 [ 41.105070] do_syscall_64+0x6be/0x820 [ 41.108940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.114103] [ 41.115761] The buggy address belongs to the object at ffff8801b7590080 [ 41.115761] which belongs to the cache kvm_vcpu of size 23872 [ 41.128382] The buggy address is located 24 bytes inside of [ 41.128382] 23872-byte region [ffff8801b7590080, ffff8801b7595dc0) [ 41.140329] The buggy address belongs to the page: [ 41.145241] page:ffffea0006dd6400 count:1 mapcount:0 mapping:ffff8801d5281d80 index:0x0 compound_mapcount: 0 [ 41.155194] flags: 0x2fffc0000008100(slab|head) [ 41.159851] raw: 02fffc0000008100 ffffea000727e208 ffff8801d5278348 ffff8801d5281d80 [ 41.167719] raw: 0000000000000000 ffff8801b7590080 0000000100000001 0000000000000000 [ 41.175581] page dumped because: kasan: bad access detected [ 41.181382] [ 41.182988] Memory state around the buggy address: [ 41.187899] ffff8801b758ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.195251] ffff8801b7590000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.202599] >ffff8801b7590080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.209940] ^ [ 41.214072] ffff8801b7590100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.221424] ffff8801b7590180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.228769] ================================================================== [ 41.236112] Kernel panic - not syncing: panic_on_warn set ... [ 41.236112] [ 41.243470] CPU: 0 PID: 4688 Comm: syz-executor559 Tainted: G B 4.19.0-rc1+ #217 [ 41.252347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.261697] Call Trace: [ 41.264279] dump_stack+0x1c9/0x2b4 [ 41.267897] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.273185] ? lock_downgrade+0x8f0/0x8f0 [ 41.277315] ? __schedule+0xf54/0x1df0 [ 41.281187] panic+0x238/0x4e7 [ 41.284361] ? add_taint.cold.5+0x16/0x16 [ 41.288495] ? print_shadow_for_address+0xba/0x116 [ 41.293420] ? trace_hardirqs_off+0xaf/0x2b0 [ 41.297811] ? trace_hardirqs_off+0x77/0x2b0 [ 41.302202] ? __schedule+0xf54/0x1df0 [ 41.306074] kasan_end_report+0x47/0x4f [ 41.310036] kasan_report.cold.7+0x76/0x30d [ 41.314400] __asan_report_load8_noabort+0x14/0x20 [ 41.319320] __schedule+0xf54/0x1df0 [ 41.323015] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 41.328162] ? __sched_text_start+0x8/0x8 [ 41.332299] ? __call_srcu+0x7e7/0x1040 [ 41.336257] ? check_same_owner+0x340/0x340 [ 41.340567] ? mark_held_locks+0x160/0x160 [ 41.344834] ? find_held_lock+0x36/0x1c0 [ 41.348891] preempt_schedule_common+0x22/0x60 [ 41.353728] _cond_resched+0x1d/0x30 [ 41.357434] wait_for_completion+0xa5/0x8d0 [ 41.361747] ? wait_for_completion_interruptible+0x950/0x950 [ 41.367596] ? __lockdep_init_map+0x105/0x590 [ 41.372082] ? __init_waitqueue_head+0x9e/0x150 [ 41.376732] ? init_wait_entry+0x1c0/0x1c0 [ 41.380951] __synchronize_srcu+0x189/0x240 [ 41.385330] ? call_srcu+0x10/0x10 [ 41.388860] ? rcu_unexpedite_gp+0x20/0x20 [ 41.393143] synchronize_srcu+0x335/0x56f [ 41.397280] ? lock_downgrade+0x8f0/0x8f0 [ 41.401504] ? synchronize_srcu_expedited+0x20/0x20 [ 41.406544] ? kasan_check_read+0x11/0x20 [ 41.410678] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.415249] ? kasan_check_write+0x14/0x20 [ 41.419467] ? do_raw_spin_lock+0xc1/0x200 [ 41.423771] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.429477] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.434921] ? kvfree+0x61/0x70 [ 41.438190] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.443195] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.447692] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.452093] ? kvm_arch_sync_events+0x30/0x30 [ 41.456578] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.462117] ? mmu_notifier_unregister+0x474/0x600 [ 41.467065] ? trace_hardirqs_on+0x2c0/0x2c0 [ 41.471464] ? kfree+0x111/0x210 [ 41.474821] ? __mmu_notifier_register+0x30/0x30 [ 41.479569] ? __free_pages+0x10a/0x190 [ 41.483531] ? free_unref_page+0x930/0x930 [ 41.487759] kvm_put_kvm+0x73f/0x1060 [ 41.491550] ? kvm_write_guest_cached+0x40/0x40 [ 41.496214] ? _raw_spin_unlock_irq+0x27/0x70 [ 41.500738] ? _raw_spin_unlock_irq+0x27/0x70 [ 41.505238] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.509814] ? kasan_check_write+0x14/0x20 [ 41.514046] ? do_raw_spin_lock+0xc1/0x200 [ 41.518277] ? kvm_irqfd_release+0xdd/0x120 [ 41.522585] ? kvm_irqfd_release+0xdd/0x120 [ 41.526893] ? kvm_put_kvm+0x1060/0x1060 [ 41.531002] kvm_vm_release+0x42/0x50 [ 41.534805] __fput+0x38a/0xa40 [ 41.538068] ? __alloc_file+0x400/0x400 [ 41.542039] ? check_same_owner+0x340/0x340 [ 41.546399] ? kasan_check_write+0x14/0x20 [ 41.550633] ? do_raw_spin_lock+0xc1/0x200 [ 41.554858] ____fput+0x15/0x20 [ 41.558131] task_work_run+0x1e8/0x2a0 [ 41.562008] ? task_work_cancel+0x240/0x240 [ 41.566324] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.571849] ? switch_task_namespaces+0xa2/0xd0 [ 41.576506] do_exit+0x1ae4/0x26e0 [ 41.580043] ? find_held_lock+0x36/0x1c0 [ 41.584096] ? mm_update_next_owner+0x9a0/0x9a0 [ 41.588750] ? print_usage_bug+0xc0/0xc0 [ 41.592798] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 41.597889] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 41.602981] ? __lock_acquire+0x7fc/0x5020 [ 41.607199] ? graph_lock+0x170/0x170 [ 41.610979] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 41.616063] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.620693] ? __lock_acquire+0x7fc/0x5020 [ 41.624963] ? mark_held_locks+0x160/0x160 [ 41.629207] ? graph_lock+0x170/0x170 [ 41.633003] ? mark_held_locks+0x160/0x160 [ 41.637238] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.642806] ? vmcs_load+0x144/0x1a0 [ 41.646554] ? crash_vmclear_local_loaded_vmcss+0x170/0x170 [ 41.652257] ? graph_lock+0x170/0x170 [ 41.656043] ? graph_lock+0x170/0x170 [ 41.659832] ? find_held_lock+0x36/0x1c0 [ 41.663881] ? memset+0x31/0x40 [ 41.667150] ? find_held_lock+0x36/0x1c0 [ 41.671199] ? _raw_spin_unlock_irq+0x27/0x70 [ 41.675681] ? _raw_spin_unlock_irq+0x27/0x70 [ 41.680163] do_group_exit+0x177/0x440 [ 41.684052] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 41.689142] ? __ia32_sys_exit+0x50/0x50 [ 41.693189] get_signal+0x851/0x18e0 [ 41.696885] ? ptrace_notify+0x130/0x130 [ 41.700928] ? __switch_to_asm+0x34/0x70 [ 41.704972] ? __schedule+0x884/0x1df0 [ 41.708843] ? __sched_text_start+0x8/0x8 [ 41.712972] ? __fget+0x4d5/0x740 [ 41.716419] do_signal+0x9c/0x21c0 [ 41.720013] ? setup_sigcontext+0x7d0/0x7d0 [ 41.724338] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 41.730043] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.735563] ? do_vfs_ioctl+0x201/0x1720 [ 41.739617] ? schedule+0xfb/0x450 [ 41.743148] ? ioctl_preallocate+0x300/0x300 [ 41.747547] ? exit_to_usermode_loop+0x8c/0x380 [ 41.752200] ? __x64_sys_futex+0x47f/0x6a0 [ 41.756424] exit_to_usermode_loop+0x2e5/0x380 [ 41.760987] ? syscall_slow_exit_work+0x490/0x490 [ 41.765816] ? ksys_ioctl+0x81/0xd0 [ 41.769430] do_syscall_64+0x6be/0x820 [ 41.773306] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.778666] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.783581] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 41.788582] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.793579] ? recalc_sigpending_tsk+0x180/0x180 [ 41.798369] ? kasan_check_write+0x14/0x20 [ 41.802642] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.807485] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.812659] RIP: 0033:0x4459e9 [ 41.815836] Code: Bad RIP value. [ 41.819181] RSP: 002b:00007f7f5db58d98 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 41.826872] RAX: 0000000000000001 RBX: 00000000006dcc58 RCX: 00000000004459e9 [ 41.834135] RDX: 00000000004459e9 RSI: 0000000000000081 RDI: 00000000006dcc5c [ 41.841390] RBP: 00000000006dcc50 R08: 0000000000000000 R09: 0000000000000000 [ 41.848687] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc5c [ 41.855942] R13: 0000000020000300 R14: 6d766b2f7665642f R15: 00000000006dcd4c [ 41.863219] [ 41.863222] ====================================================== [ 41.863226] WARNING: possible circular locking dependency detected [ 41.863228] 4.19.0-rc1+ #217 Not tainted [ 41.863231] ------------------------------------------------------ [ 41.863234] syz-executor559/4688 is trying to acquire lock: [ 41.863236] 000000009e40cbb7 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 41.863244] [ 41.863247] but task is already holding lock: [ 41.863248] 0000000079815274 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 41.863256] [ 41.863259] which lock already depends on the new lock. [ 41.863260] [ 41.863261] [ 41.863264] the existing dependency chain (in reverse order) is: [ 41.863265] [ 41.863267] -> #3 (report_lock){....}: [ 41.863275] _raw_spin_lock_irqsave+0x96/0xc0 [ 41.863277] kasan_report+0x8e/0x110 [ 41.863279] __asan_report_load8_noabort+0x14/0x20 [ 41.863282] __schedule+0xf54/0x1df0 [ 41.863284] preempt_schedule_common+0x22/0x60 [ 41.863286] _cond_resched+0x1d/0x30 [ 41.863289] wait_for_completion+0xa5/0x8d0 [ 41.863291] __synchronize_srcu+0x189/0x240 [ 41.863294] synchronize_srcu+0x335/0x56f [ 41.863297] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.863299] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.863301] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.863304] kvm_put_kvm+0x73f/0x1060 [ 41.863306] kvm_vm_release+0x42/0x50 [ 41.863308] __fput+0x38a/0xa40 [ 41.863310] ____fput+0x15/0x20 [ 41.863312] task_work_run+0x1e8/0x2a0 [ 41.863314] do_exit+0x1ae4/0x26e0 [ 41.863317] do_group_exit+0x177/0x440 [ 41.863319] get_signal+0x851/0x18e0 [ 41.863321] do_signal+0x9c/0x21c0 [ 41.863324] exit_to_usermode_loop+0x2e5/0x380 [ 41.863326] do_syscall_64+0x6be/0x820 [ 41.863329] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.863330] [ 41.863331] -> #2 (&rq->lock){-.-.}: [ 41.863338] _raw_spin_lock+0x2a/0x40 [ 41.863341] task_fork_fair+0x93/0x680 [ 41.863343] sched_fork+0x44b/0xbd0 [ 41.863345] copy_process+0x235e/0x7ad0 [ 41.863347] _do_fork+0x1ca/0x1170 [ 41.863349] kernel_thread+0x34/0x40 [ 41.863351] rest_init+0x22/0xe4 [ 41.863354] start_kernel+0x913/0x94e [ 41.863356] x86_64_start_reservations+0x29/0x2b [ 41.863359] x86_64_start_kernel+0x76/0x79 [ 41.863361] secondary_startup_64+0xa4/0xb0 [ 41.863362] [ 41.863363] -> #1 (&p->pi_lock){-.-.}: [ 41.863371] _raw_spin_lock_irqsave+0x96/0xc0 [ 41.863373] try_to_wake_up+0xd2/0x1250 [ 41.863376] wake_up_process+0x10/0x20 [ 41.863378] __up.isra.1+0x1c0/0x2a0 [ 41.863380] up+0x13c/0x1c0 [ 41.863382] __up_console_sem+0xbe/0x1b0 [ 41.863384] console_unlock+0x506/0x10d0 [ 41.863386] vprintk_emit+0x33a/0x910 [ 41.863389] vprintk_default+0x28/0x30 [ 41.863391] vprintk_func+0x7a/0x117 [ 41.863393] printk+0xa7/0xcf [ 41.863395] do_exit.cold.22+0x120/0x21f [ 41.863397] do_group_exit+0x177/0x440 [ 41.863400] __x64_sys_exit_group+0x3e/0x50 [ 41.863402] do_syscall_64+0x1b9/0x820 [ 41.863405] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.863406] [ 41.863407] -> #0 ((console_sem).lock){-...}: [ 41.863415] lock_acquire+0x1e4/0x4f0 [ 41.863418] _raw_spin_lock_irqsave+0x96/0xc0 [ 41.863420] down_trylock+0x13/0x70 [ 41.863422] __down_trylock_console_sem+0xae/0x200 [ 41.863425] console_trylock+0x15/0xa0 [ 41.863427] vprintk_emit+0x31f/0x910 [ 41.863429] vprintk_default+0x28/0x30 [ 41.863431] vprintk_func+0x7a/0x117 [ 41.863433] printk+0xa7/0xcf [ 41.863435] kasan_report+0x9e/0x110 [ 41.863438] __asan_report_load8_noabort+0x14/0x20 [ 41.863440] __schedule+0xf54/0x1df0 [ 41.863443] preempt_schedule_common+0x22/0x60 [ 41.863445] _cond_resched+0x1d/0x30 [ 41.863447] wait_for_completion+0xa5/0x8d0 [ 41.863450] __synchronize_srcu+0x189/0x240 [ 41.863452] synchronize_srcu+0x335/0x56f [ 41.863455] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.863457] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.863460] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.863462] kvm_put_kvm+0x73f/0x1060 [ 41.863464] kvm_vm_release+0x42/0x50 [ 41.863466] __fput+0x38a/0xa40 [ 41.863468] ____fput+0x15/0x20 [ 41.863470] task_work_run+0x1e8/0x2a0 [ 41.863472] do_exit+0x1ae4/0x26e0 [ 41.863475] do_group_exit+0x177/0x440 [ 41.863477] get_signal+0x851/0x18e0 [ 41.863479] do_signal+0x9c/0x21c0 [ 41.863482] exit_to_usermode_loop+0x2e5/0x380 [ 41.863484] do_syscall_64+0x6be/0x820 [ 41.863487] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.863488] [ 41.863490] other info that might help us debug this: [ 41.863491] [ 41.863493] Chain exists of: [ 41.863494] (console_sem).lock --> &rq->lock --> report_lock [ 41.863504] [ 41.863506] Possible unsafe locking scenario: [ 41.863507] [ 41.863510] CPU0 CPU1 [ 41.863512] ---- ---- [ 41.863513] lock(report_lock); [ 41.863518] lock(&rq->lock); [ 41.863524] lock(report_lock); [ 41.863528] lock((console_sem).lock); [ 41.863532] [ 41.863534] *** DEADLOCK *** [ 41.863535] [ 41.863537] 2 locks held by syz-executor559/4688: [ 41.863539] #0: 00000000a23b4f0a (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 41.863548] #1: 0000000079815274 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 41.863557] [ 41.863559] stack backtrace: [ 41.863562] CPU: 0 PID: 4688 Comm: syz-executor559 Not tainted 4.19.0-rc1+ #217 [ 41.863567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.863568] Call Trace: [ 41.863570] dump_stack+0x1c9/0x2b4 [ 41.863573] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.863575] ? vprintk_func+0x100/0x117 [ 41.863578] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 41.863580] ? save_trace+0xe0/0x290 [ 41.863583] __lock_acquire+0x3449/0x5020 [ 41.863585] ? mark_held_locks+0x160/0x160 [ 41.863587] ? mark_held_locks+0x160/0x160 [ 41.863594] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 41.863596] ? is_bpf_text_address+0xd7/0x170 [ 41.863599] ? kernel_text_address+0x79/0xf0 [ 41.863601] ? __kernel_text_address+0xd/0x40 [ 41.863604] ? __save_stack_trace+0x8d/0xf0 [ 41.863606] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 41.863608] ? save_trace+0x290/0x290 [ 41.863611] ? save_stack_trace+0x1a/0x20 [ 41.863613] ? save_trace+0xe0/0x290 [ 41.863615] ? graph_lock+0x170/0x170 [ 41.863618] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.863620] lock_acquire+0x1e4/0x4f0 [ 41.863622] ? down_trylock+0x13/0x70 [ 41.863624] ? lock_release+0x9f0/0x9f0 [ 41.863627] ? trace_hardirqs_off+0xb8/0x2b0 [ 41.863629] ? trace_hardirqs_on+0x2c0/0x2c0 [ 41.863632] ? trace_hardirqs_off+0xb8/0x2b0 [ 41.863634] ? log_store+0x34f/0x4c0 [ 41.863636] ? vprintk_emit+0x31f/0x910 [ 41.863639] _raw_spin_lock_irqsave+0x96/0xc0 [ 41.863641] ? down_trylock+0x13/0x70 [ 41.863643] down_trylock+0x13/0x70 [ 41.863646] __down_trylock_console_sem+0xae/0x200 [ 41.863648] console_trylock+0x15/0xa0 [ 41.863650] vprintk_emit+0x31f/0x910 [ 41.863652] ? wake_up_klogd+0x110/0x110 [ 41.863655] ? run_rebalance_domains+0x4c0/0x4c0 [ 41.863657] ? kasan_check_read+0x11/0x20 [ 41.863660] ? rcu_is_watching+0x8c/0x150 [ 41.863662] ? rcu_pm_notify+0xc0/0xc0 [ 41.863664] ? lock_acquire+0x1e4/0x4f0 [ 41.863666] ? kasan_report+0x8e/0x110 [ 41.863669] ? __schedule+0xf54/0x1df0 [ 41.863671] vprintk_default+0x28/0x30 [ 41.863673] vprintk_func+0x7a/0x117 [ 41.863675] printk+0xa7/0xcf [ 41.863677] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 41.863680] ? kasan_check_write+0x14/0x20 [ 41.863682] ? do_raw_spin_lock+0xc1/0x200 [ 41.863684] ? do_raw_spin_lock+0xc1/0x200 [ 41.863687] kasan_report+0x9e/0x110 [ 41.863689] __asan_report_load8_noabort+0x14/0x20 [ 41.863691] __schedule+0xf54/0x1df0 [ 41.863694] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 41.863698] ? __sched_text_start+0x8/0x8 [ 41.863700] ? __call_srcu+0x7e7/0x1040 [ 41.863703] ? check_same_owner+0x340/0x340 [ 41.863705] ? mark_held_locks+0x160/0x160 [ 41.863707] ? find_held_lock+0x36/0x1c0 [ 41.863710] preempt_schedule_common+0x22/0x60 [ 41.863712] _cond_resched+0x1d/0x30 [ 41.863714] wait_for_completion+0xa5/0x8d0 [ 41.863717] ? wait_for_completion_interruptible+0x950/0x950 [ 41.863719] ? __lockdep_init_map+0x105/0x590 [ 41.863722] ? __init_waitqueue_head+0x9e/0x150 [ 41.863724] ? init_wait_entry+0x1c0/0x1c0 [ 41.863727] __synchronize_srcu+0x189/0x240 [ 41.863729] ? call_srcu+0x10/0x10 [ 41.863731] ? rcu_unexpedite_gp+0x20/0x20 [ 41.863733] synchronize_srcu+0x335/0x56f [ 41.863735] ? lock_downgrade+0x8f0/0x8f0 [ 41.863738] ? synchronize_srcu_expedited+0x20/0x20 [ 41.863741] ? kasan_check_read+0x11/0x20 [ 41.863744] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.863748] ? kasan_check_write+0x14/0x20 [ 41.863750] ? do_raw_spin_lock+0xc1/0x200 [ 41.863754] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.863758] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.863760] ? kvfree+0x61/0x70 [ 41.863763] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.863765] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.863768] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.863770] ? kvm_arch_sync_events+0x30/0x30 [ 41.863773] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.863776] ? mmu_notifier_unregister+0x474/0x600 [ 41.863778] ? trace_hardirqs_on+0x2c0/0x2c0 [ 41.863780] ? kfree+0x111/0x210 [ 41.863783] ? __mmu_notifier_register+0x30/0x30 [ 41.863785] ? __free_pages+0x10a/0x190 [ 41.863787] ? free_unref_page+0x930/0x930 [ 41.863790] kvm_put_kvm+0x73f/0x1060 [ 41.863792] ? kvm_write_guest_cached+0x40/0x40 [ 41.863794] ? _raw_spin_unlock_irq+0x27/0x70 [ 41.863797] ? _raw_spin_unlock_irq+0x27/0x70 [ 41.863799] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.863802] ? kasan_check_write+0x14/0x20 [ 41.863804] ? do_raw_spin_lock+0xc1/0x200 [ 41.863806] ? kvm_irqfd_release+0xdd/0x120 [ 41.863809] ? kvm_irqfd_release+0xdd/0x120 [ 41.863811] ? kvm_put_kvm+0x1060/0x1060 [ 41.863813] kvm_vm_release+0x42/0x50 [ 41.863815] __fput+0x38a/0xa40 [ 41.863817] ? __alloc_file+0x400/0x400 [ 41.863819] ? check_same_owner+0x340/0x340 [ 41.863822] ? kasan_check_write+0x14/0x20 [ 41.863824] ? do_raw_spin_lock+0xc1/0x200 [ 41.863826] ____fput+0x15/0x20 [ 41.863828] task_work_run+0x1e8/0x2a0 [ 41.863830] ? task_work_cancel+0x240/0x240 [ 41.863833] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.863836] ? switch_task_namespaces+0xa2/0xd0 [ 41.863838] do_exit+0x1ae4/0x26e0 [ 41.863840] ? find_held_lock+0x36/0x1c0 [ 41.863842] ? mm_update_next_owner+0x9a0/0x9a0 [ 41.863845] ? print_usage_bug+0xc0/0xc0 [ 41.863846] ? _ra [ 41.863851] Lost 58 message(s)! [ 42.929035] Shutting down cpus with NMI [ 43.989416] Dumping ftrace buffer: [ 43.992941] (ftrace buffer empty) [ 43.996628] Kernel Offset: disabled [ 44.000238] Rebooting in 86400 seconds..