[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.745851] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.707359] random: sshd: uninitialized urandom read (32 bytes read) [ 23.202419] random: sshd: uninitialized urandom read (32 bytes read) [ 23.753590] random: sshd: uninitialized urandom read (32 bytes read) [ 23.929924] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. [ 29.617770] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 29.714997] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 29.741224] ================================================================== [ 29.751018] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 29.757243] Read of size 8 at addr ffff8801cac20058 by task syz-executor179/4289 [ 29.764762] [ 29.766397] CPU: 0 PID: 4289 Comm: syz-executor179 Not tainted 4.19.0-rc2+ #226 [ 29.773835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.783178] Call Trace: [ 29.785771] dump_stack+0x1c9/0x2b4 [ 29.789410] ? dump_stack_print_info.cold.2+0x52/0x52 [ 29.794600] ? printk+0xa7/0xcf [ 29.797879] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 29.802640] ? __schedule+0xf54/0x1df0 [ 29.806529] print_address_description+0x6c/0x20b [ 29.811388] ? __schedule+0xf54/0x1df0 [ 29.815280] kasan_report.cold.7+0x242/0x30d [ 29.819697] __asan_report_load8_noabort+0x14/0x20 [ 29.824631] __schedule+0xf54/0x1df0 [ 29.828354] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 29.833473] ? __sched_text_start+0x8/0x8 [ 29.837625] ? __call_srcu+0x7e7/0x1040 [ 29.841607] ? check_same_owner+0x340/0x340 [ 29.845932] ? mark_held_locks+0x160/0x160 [ 29.850163] ? find_held_lock+0x36/0x1c0 [ 29.854227] preempt_schedule_common+0x22/0x60 [ 29.858809] _cond_resched+0x1d/0x30 [ 29.862526] wait_for_completion+0xa5/0x8d0 [ 29.866854] ? wait_for_completion_interruptible+0x950/0x950 [ 29.872651] ? __lockdep_init_map+0x105/0x590 [ 29.877146] ? __init_waitqueue_head+0x9e/0x150 [ 29.881811] ? init_wait_entry+0x1c0/0x1c0 [ 29.886050] __synchronize_srcu+0x189/0x240 [ 29.890377] ? call_srcu+0x10/0x10 [ 29.893921] ? rcu_unexpedite_gp+0x20/0x20 [ 29.898165] synchronize_srcu+0x335/0x56f [ 29.902309] ? lock_downgrade+0x8f0/0x8f0 [ 29.906461] ? synchronize_srcu_expedited+0x20/0x20 [ 29.911487] ? kasan_check_read+0x11/0x20 [ 29.915639] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 29.920226] ? kasan_check_write+0x14/0x20 [ 29.924460] ? do_raw_spin_lock+0xc1/0x200 [ 29.928696] kvm_page_track_unregister_notifier+0x17d/0x250 [ 29.934430] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 29.939894] ? kvfree+0x61/0x70 [ 29.943180] ? rcu_read_lock_sched_held+0x108/0x120 [ 29.948195] kvm_mmu_uninit_vm+0x1c/0x20 [ 29.952253] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 29.956661] ? kvm_arch_sync_events+0x30/0x30 [ 29.961160] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 29.966695] ? mmu_notifier_unregister+0x474/0x600 [ 29.971619] ? trace_hardirqs_on+0x2c0/0x2c0 [ 29.976026] ? kfree+0x111/0x210 [ 29.979398] ? __mmu_notifier_register+0x30/0x30 [ 29.984157] ? __free_pages+0x10a/0x190 [ 29.988135] ? free_unref_page+0x930/0x930 [ 29.992383] kvm_put_kvm+0x73f/0x1060 [ 29.996191] ? kvm_write_guest_cached+0x40/0x40 [ 30.000866] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.005362] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.009859] ? lockdep_hardirqs_on+0x421/0x5c0 [ 30.014461] ? kasan_check_write+0x14/0x20 [ 30.018703] ? do_raw_spin_lock+0xc1/0x200 [ 30.022938] ? kvm_irqfd_release+0xdd/0x120 [ 30.027257] ? kvm_irqfd_release+0xdd/0x120 [ 30.031593] ? kvm_put_kvm+0x1060/0x1060 [ 30.035654] kvm_vm_release+0x42/0x50 [ 30.039627] __fput+0x38a/0xa40 [ 30.042902] ? __alloc_file+0x400/0x400 [ 30.046879] ? check_same_owner+0x340/0x340 [ 30.051214] ? kasan_check_write+0x14/0x20 [ 30.055448] ? do_raw_spin_lock+0xc1/0x200 [ 30.059683] ____fput+0x15/0x20 [ 30.062964] task_work_run+0x1e8/0x2a0 [ 30.066853] ? task_work_cancel+0x240/0x240 [ 30.071178] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.076714] ? switch_task_namespaces+0xa2/0xd0 [ 30.081387] do_exit+0x1ae4/0x26e0 [ 30.084924] ? find_held_lock+0x36/0x1c0 [ 30.088983] ? mm_update_next_owner+0x9a0/0x9a0 [ 30.093651] ? lock_downgrade+0x8f0/0x8f0 [ 30.097802] ? kasan_check_read+0x11/0x20 [ 30.101945] ? rcu_is_watching+0x8c/0x150 [ 30.106091] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 30.110759] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 30.115431] ? is_bpf_text_address+0xd7/0x170 [ 30.119923] ? kernel_text_address+0x79/0xf0 [ 30.124329] ? __kernel_text_address+0xd/0x40 [ 30.128837] ? unwind_get_return_address+0x61/0xa0 [ 30.133766] ? __save_stack_trace+0x8d/0xf0 [ 30.138091] ? save_stack+0xa9/0xd0 [ 30.141713] ? save_stack+0x43/0xd0 [ 30.145342] ? __kasan_slab_free+0x11a/0x170 [ 30.149755] ? kasan_slab_free+0xe/0x10 [ 30.153723] ? kmem_cache_free+0x86/0x280 [ 30.157865] ? putname+0xf2/0x130 [ 30.161315] ? __x64_sys_openat+0x9d/0x100 [ 30.165555] ? do_syscall_64+0x1b9/0x820 [ 30.169620] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.174983] ? trace_hardirqs_off+0xb8/0x2c0 [ 30.179393] ? kasan_check_read+0x11/0x20 [ 30.183538] ? do_raw_spin_unlock+0xa7/0x2f0 [ 30.187969] ? trace_hardirqs_on+0x2c0/0x2c0 [ 30.192381] ? kasan_check_write+0x14/0x20 [ 30.196620] ? trace_hardirqs_off+0xb8/0x2c0 [ 30.201024] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 30.206124] ? trace_hardirqs_on+0x2c0/0x2c0 [ 30.210527] ? kmem_cache_free+0xa0/0x280 [ 30.214675] ? kasan_check_read+0x11/0x20 [ 30.218905] ? rcu_is_watching+0x8c/0x150 [ 30.223049] ? trace_hardirqs_on+0xbd/0x2c0 [ 30.227373] ? rcu_pm_notify+0xc0/0xc0 [ 30.231259] ? putname+0xf2/0x130 [ 30.234712] ? putname+0xf2/0x130 [ 30.238164] ? rcu_read_lock_sched_held+0x108/0x120 [ 30.243177] ? kmem_cache_free+0x246/0x280 [ 30.247407] ? putname+0xf7/0x130 [ 30.250860] do_group_exit+0x177/0x440 [ 30.254746] ? trace_hardirqs_on+0xbd/0x2c0 [ 30.259063] ? __ia32_sys_exit+0x50/0x50 [ 30.263125] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 30.268246] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 30.273783] __x64_sys_exit_group+0x3e/0x50 [ 30.278101] do_syscall_64+0x1b9/0x820 [ 30.281986] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 30.287355] ? syscall_return_slowpath+0x5e0/0x5e0 [ 30.292288] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.297127] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 30.302150] ? prepare_exit_to_usermode+0x291/0x3b0 [ 30.307167] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.312012] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.317197] RIP: 0033:0x43ed98 [ 30.320390] Code: Bad RIP value. [ 30.323745] RSP: 002b:00007fff368872f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 30.331450] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed98 [ 30.338711] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 30.345974] RBP: 00000000004be648 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 30.353236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 30.360503] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 30.367772] [ 30.369399] Allocated by task 4289: [ 30.373028] save_stack+0x43/0xd0 [ 30.376477] kasan_kmalloc+0xc4/0xe0 [ 30.380182] kasan_slab_alloc+0x12/0x20 [ 30.384152] kmem_cache_alloc+0x12e/0x710 [ 30.388296] vmx_create_vcpu+0xcf/0x2830 [ 30.392358] kvm_arch_vcpu_create+0xe5/0x220 [ 30.396766] kvm_vm_ioctl+0x488/0x1d80 [ 30.400646] do_vfs_ioctl+0x1de/0x1720 [ 30.404528] ksys_ioctl+0xa9/0xd0 [ 30.407978] __x64_sys_ioctl+0x73/0xb0 [ 30.411859] do_syscall_64+0x1b9/0x820 [ 30.415749] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.420922] [ 30.422540] Freed by task 4289: [ 30.425847] save_stack+0x43/0xd0 [ 30.429293] __kasan_slab_free+0x11a/0x170 [ 30.433521] kasan_slab_free+0xe/0x10 [ 30.437316] kmem_cache_free+0x86/0x280 [ 30.441294] vmx_free_vcpu+0x26b/0x300 [ 30.445174] kvm_arch_destroy_vm+0x365/0x7c0 [ 30.449575] kvm_put_kvm+0x73f/0x1060 [ 30.453377] kvm_vm_release+0x42/0x50 [ 30.457171] __fput+0x38a/0xa40 [ 30.460446] ____fput+0x15/0x20 [ 30.463718] task_work_run+0x1e8/0x2a0 [ 30.467602] do_exit+0x1ae4/0x26e0 [ 30.471137] do_group_exit+0x177/0x440 [ 30.475016] __x64_sys_exit_group+0x3e/0x50 [ 30.479342] do_syscall_64+0x1b9/0x820 [ 30.483231] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.488408] [ 30.490032] The buggy address belongs to the object at ffff8801cac20040 [ 30.490032] which belongs to the cache kvm_vcpu of size 23872 [ 30.502605] The buggy address is located 24 bytes inside of [ 30.502605] 23872-byte region [ffff8801cac20040, ffff8801cac25d80) [ 30.514560] The buggy address belongs to the page: [ 30.519484] page:ffffea00072b0800 count:1 mapcount:0 mapping:ffff8801d73a39c0 index:0x0 compound_mapcount: 0 [ 30.529450] flags: 0x2fffc0000008100(slab|head) [ 30.534117] raw: 02fffc0000008100 ffff8801d73a4748 ffff8801d73a4748 ffff8801d73a39c0 [ 30.541998] raw: 0000000000000000 ffff8801cac20040 0000000100000001 0000000000000000 [ 30.549883] page dumped because: kasan: bad access detected [ 30.555577] [ 30.557196] Memory state around the buggy address: [ 30.562115] ffff8801cac1ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.569467] ffff8801cac1ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.576818] >ffff8801cac20000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 30.584167] ^ [ 30.590395] ffff8801cac20080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.597747] ffff8801cac20100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.605091] ================================================================== [ 30.612439] Kernel panic - not syncing: panic_on_warn set ... [ 30.612439] [ 30.619801] CPU: 0 PID: 4289 Comm: syz-executor179 Tainted: G B 4.19.0-rc2+ #226 [ 30.628627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.637972] Call Trace: [ 30.640579] dump_stack+0x1c9/0x2b4 [ 30.644207] ? dump_stack_print_info.cold.2+0x52/0x52 [ 30.649403] ? lock_downgrade+0x8f0/0x8f0 [ 30.653548] ? __schedule+0xf54/0x1df0 [ 30.657432] panic+0x238/0x4e7 [ 30.660620] ? add_taint.cold.5+0x16/0x16 [ 30.664768] ? print_shadow_for_address+0xba/0x116 [ 30.669780] ? trace_hardirqs_off+0xaf/0x2c0 [ 30.674182] ? trace_hardirqs_off+0x77/0x2c0 [ 30.678589] ? __schedule+0xf54/0x1df0 [ 30.682476] kasan_end_report+0x47/0x4f [ 30.686451] kasan_report.cold.7+0x76/0x30d [ 30.690773] __asan_report_load8_noabort+0x14/0x20 [ 30.695700] __schedule+0xf54/0x1df0 [ 30.699412] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 30.704513] ? __sched_text_start+0x8/0x8 [ 30.708661] ? __call_srcu+0x7e7/0x1040 [ 30.712641] ? check_same_owner+0x340/0x340 [ 30.716958] ? mark_held_locks+0x160/0x160 [ 30.721186] ? find_held_lock+0x36/0x1c0 [ 30.725249] preempt_schedule_common+0x22/0x60 [ 30.729831] _cond_resched+0x1d/0x30 [ 30.733544] wait_for_completion+0xa5/0x8d0 [ 30.737870] ? wait_for_completion_interruptible+0x950/0x950 [ 30.743667] ? __lockdep_init_map+0x105/0x590 [ 30.748161] ? __init_waitqueue_head+0x9e/0x150 [ 30.752828] ? init_wait_entry+0x1c0/0x1c0 [ 30.757066] __synchronize_srcu+0x189/0x240 [ 30.761386] ? call_srcu+0x10/0x10 [ 30.764925] ? rcu_unexpedite_gp+0x20/0x20 [ 30.769161] synchronize_srcu+0x335/0x56f [ 30.773307] ? lock_downgrade+0x8f0/0x8f0 [ 30.777456] ? synchronize_srcu_expedited+0x20/0x20 [ 30.782472] ? kasan_check_read+0x11/0x20 [ 30.786618] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 30.791195] ? kasan_check_write+0x14/0x20 [ 30.795426] ? do_raw_spin_lock+0xc1/0x200 [ 30.799664] kvm_page_track_unregister_notifier+0x17d/0x250 [ 30.805376] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 30.810823] ? kvfree+0x61/0x70 [ 30.814104] ? rcu_read_lock_sched_held+0x108/0x120 [ 30.819121] kvm_mmu_uninit_vm+0x1c/0x20 [ 30.823181] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 30.827589] ? kvm_arch_sync_events+0x30/0x30 [ 30.832086] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.837631] ? mmu_notifier_unregister+0x474/0x600 [ 30.842554] ? trace_hardirqs_on+0x2c0/0x2c0 [ 30.846962] ? kfree+0x111/0x210 [ 30.850324] ? __mmu_notifier_register+0x30/0x30 [ 30.855088] ? __free_pages+0x10a/0x190 [ 30.859063] ? free_unref_page+0x930/0x930 [ 30.863307] kvm_put_kvm+0x73f/0x1060 [ 30.867118] ? kvm_write_guest_cached+0x40/0x40 [ 30.871788] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.876276] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.880766] ? lockdep_hardirqs_on+0x421/0x5c0 [ 30.885359] ? kasan_check_write+0x14/0x20 [ 30.889599] ? do_raw_spin_lock+0xc1/0x200 [ 30.893835] ? kvm_irqfd_release+0xdd/0x120 [ 30.898149] ? kvm_irqfd_release+0xdd/0x120 [ 30.902477] ? kvm_put_kvm+0x1060/0x1060 [ 30.906537] kvm_vm_release+0x42/0x50 [ 30.910333] __fput+0x38a/0xa40 [ 30.914050] ? __alloc_file+0x400/0x400 [ 30.918027] ? check_same_owner+0x340/0x340 [ 30.922352] ? kasan_check_write+0x14/0x20 [ 30.926591] ? do_raw_spin_lock+0xc1/0x200 [ 30.930823] ____fput+0x15/0x20 [ 30.934096] task_work_run+0x1e8/0x2a0 [ 30.937979] ? task_work_cancel+0x240/0x240 [ 30.942303] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.947841] ? switch_task_namespaces+0xa2/0xd0 [ 30.952507] do_exit+0x1ae4/0x26e0 [ 30.956042] ? find_held_lock+0x36/0x1c0 [ 30.960102] ? mm_update_next_owner+0x9a0/0x9a0 [ 30.964770] ? lock_downgrade+0x8f0/0x8f0 [ 30.968921] ? kasan_check_read+0x11/0x20 [ 30.973066] ? rcu_is_watching+0x8c/0x150 [ 30.977210] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 30.981879] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 30.986549] ? is_bpf_text_address+0xd7/0x170 [ 30.991041] ? kernel_text_address+0x79/0xf0 [ 30.995449] ? __kernel_text_address+0xd/0x40 [ 30.999942] ? unwind_get_return_address+0x61/0xa0 [ 31.004871] ? __save_stack_trace+0x8d/0xf0 [ 31.009197] ? save_stack+0xa9/0xd0 [ 31.012818] ? save_stack+0x43/0xd0 [ 31.016439] ? __kasan_slab_free+0x11a/0x170 [ 31.020844] ? kasan_slab_free+0xe/0x10 [ 31.024816] ? kmem_cache_free+0x86/0x280 [ 31.028959] ? putname+0xf2/0x130 [ 31.032409] ? __x64_sys_openat+0x9d/0x100 [ 31.036639] ? do_syscall_64+0x1b9/0x820 [ 31.040696] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.046626] ? trace_hardirqs_off+0xb8/0x2c0 [ 31.051030] ? kasan_check_read+0x11/0x20 [ 31.055174] ? do_raw_spin_unlock+0xa7/0x2f0 [ 31.059581] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.063992] ? kasan_check_write+0x14/0x20 [ 31.068224] ? trace_hardirqs_off+0xb8/0x2c0 [ 31.072629] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 31.077730] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.082135] ? kmem_cache_free+0xa0/0x280 [ 31.086290] ? kasan_check_read+0x11/0x20 [ 31.090444] ? rcu_is_watching+0x8c/0x150 [ 31.094588] ? trace_hardirqs_on+0xbd/0x2c0 [ 31.098904] ? rcu_pm_notify+0xc0/0xc0 [ 31.102813] ? putname+0xf2/0x130 [ 31.106285] ? putname+0xf2/0x130 [ 31.109735] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.114746] ? kmem_cache_free+0x246/0x280 [ 31.118976] ? putname+0xf7/0x130 [ 31.122436] do_group_exit+0x177/0x440 [ 31.126324] ? trace_hardirqs_on+0xbd/0x2c0 [ 31.130652] ? __ia32_sys_exit+0x50/0x50 [ 31.134715] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.139842] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.145386] __x64_sys_exit_group+0x3e/0x50 [ 31.149711] do_syscall_64+0x1b9/0x820 [ 31.153597] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 31.158971] ? syscall_return_slowpath+0x5e0/0x5e0 [ 31.163897] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.168738] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 31.173751] ? prepare_exit_to_usermode+0x291/0x3b0 [ 31.178770] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.183613] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.188799] RIP: 0033:0x43ed98 [ 31.191989] Code: Bad RIP value. [ 31.195351] RSP: 002b:00007fff368872f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 31.203058] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed98 [ 31.210320] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 31.217590] RBP: 00000000004be648 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 31.224853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 31.232120] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 31.239409] [ 31.239414] ====================================================== [ 31.239420] WARNING: possible circular locking dependency detected [ 31.239424] 4.19.0-rc2+ #226 Not tainted [ 31.239429] ------------------------------------------------------ [ 31.239434] syz-executor179/4289 is trying to acquire lock: [ 31.239438] 00000000f4d67dc0 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 31.239453] [ 31.239457] but task is already holding lock: [ 31.239460] 000000009b8a14b7 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 31.239474] [ 31.239479] which lock already depends on the new lock. [ 31.239481] [ 31.239484] [ 31.239489] the existing dependency chain (in reverse order) is: [ 31.239491] [ 31.239493] -> #3 (report_lock){....}: [ 31.239508] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.239512] kasan_report+0x8e/0x110 [ 31.239516] __asan_report_load8_noabort+0x14/0x20 [ 31.239520] __schedule+0xf54/0x1df0 [ 31.239524] preempt_schedule_common+0x22/0x60 [ 31.239528] _cond_resched+0x1d/0x30 [ 31.239532] wait_for_completion+0xa5/0x8d0 [ 31.239537] __synchronize_srcu+0x189/0x240 [ 31.239541] synchronize_srcu+0x335/0x56f [ 31.239546] kvm_page_track_unregister_notifier+0x17d/0x250 [ 31.239550] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.239554] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 31.239558] kvm_put_kvm+0x73f/0x1060 [ 31.239562] kvm_vm_release+0x42/0x50 [ 31.239565] __fput+0x38a/0xa40 [ 31.239569] ____fput+0x15/0x20 [ 31.239572] task_work_run+0x1e8/0x2a0 [ 31.239576] do_exit+0x1ae4/0x26e0 [ 31.239580] do_group_exit+0x177/0x440 [ 31.239584] __x64_sys_exit_group+0x3e/0x50 [ 31.239588] do_syscall_64+0x1b9/0x820 [ 31.239593] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.239595] [ 31.239597] -> #2 (&rq->lock){-.-.}: [ 31.239611] _raw_spin_lock+0x2a/0x40 [ 31.239615] task_fork_fair+0x93/0x680 [ 31.239619] sched_fork+0x44b/0xbd0 [ 31.239623] copy_process+0x235e/0x7af0 [ 31.239626] _do_fork+0x1ca/0x1170 [ 31.239630] kernel_thread+0x34/0x40 [ 31.239634] rest_init+0x22/0xe4 [ 31.239638] start_kernel+0x913/0x94e [ 31.239642] x86_64_start_reservations+0x29/0x2b [ 31.239646] x86_64_start_kernel+0x76/0x79 [ 31.239650] secondary_startup_64+0xa4/0xb0 [ 31.239652] [ 31.239655] -> #1 (&p->pi_lock){-.-.}: [ 31.239669] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.239673] try_to_wake_up+0xd2/0x1250 [ 31.239677] wake_up_process+0x10/0x20 [ 31.239681] __up.isra.1+0x1c0/0x2a0 [ 31.239684] up+0x13c/0x1c0 [ 31.239688] __up_console_sem+0xbe/0x1b0 [ 31.239692] console_unlock+0x506/0x10e0 [ 31.239696] vprintk_emit+0x33a/0x910 [ 31.239700] vprintk_default+0x28/0x30 [ 31.239704] vprintk_func+0x7a/0x117 [ 31.239707] printk+0xa7/0xcf [ 31.239711] do_exit.cold.22+0x120/0x21f [ 31.239715] do_group_exit+0x177/0x440 [ 31.239719] __x64_sys_exit_group+0x3e/0x50 [ 31.239723] do_syscall_64+0x1b9/0x820 [ 31.239728] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.239730] [ 31.239732] -> #0 ((console_sem).lock){-...}: [ 31.239746] lock_acquire+0x1e4/0x4f0 [ 31.239751] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.239755] down_trylock+0x13/0x70 [ 31.239759] __down_trylock_console_sem+0xae/0x200 [ 31.239763] console_trylock+0x15/0xa0 [ 31.239767] vprintk_emit+0x31f/0x910 [ 31.239771] vprintk_default+0x28/0x30 [ 31.239775] vprintk_func+0x7a/0x117 [ 31.239778] printk+0xa7/0xcf [ 31.239782] kasan_report+0x9e/0x110 [ 31.239787] __asan_report_load8_noabort+0x14/0x20 [ 31.239790] __schedule+0xf54/0x1df0 [ 31.239795] preempt_schedule_common+0x22/0x60 [ 31.239799] _cond_resched+0x1d/0x30 [ 31.239803] wait_for_completion+0xa5/0x8d0 [ 31.239807] __synchronize_srcu+0x189/0x240 [ 31.239811] synchronize_srcu+0x335/0x56f [ 31.239816] kvm_page_track_unregister_notifier+0x17d/0x250 [ 31.239820] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.239825] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 31.239829] kvm_put_kvm+0x73f/0x1060 [ 31.239832] kvm_vm_release+0x42/0x50 [ 31.239836] __fput+0x38a/0xa40 [ 31.239839] ____fput+0x15/0x20 [ 31.239843] task_work_run+0x1e8/0x2a0 [ 31.239847] do_exit+0x1ae4/0x26e0 [ 31.239851] do_group_exit+0x177/0x440 [ 31.239855] __x64_sys_exit_group+0x3e/0x50 [ 31.239859] do_syscall_64+0x1b9/0x820 [ 31.239864] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.239866] [ 31.239870] other info that might help us debug this: [ 31.239873] [ 31.239876] Chain exists of: [ 31.239878] (console_sem).lock --> &rq->lock --> report_lock [ 31.239896] [ 31.239900] Possible unsafe locking scenario: [ 31.239903] [ 31.239907] CPU0 CPU1 [ 31.239911] ---- ---- [ 31.239913] lock(report_lock); [ 31.239922] lock(&rq->lock); [ 31.239932] lock(report_lock); [ 31.239940] lock((console_sem).lock); [ 31.239947] [ 31.239951] *** DEADLOCK *** [ 31.239953] [ 31.239957] 2 locks held by syz-executor179/4289: [ 31.239959] #0: 00000000eae18a07 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 31.239976] #1: 000000009b8a14b7 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 31.239993] [ 31.239996] stack backtrace: [ 31.240002] CPU: 0 PID: 4289 Comm: syz-executor179 Not tainted 4.19.0-rc2+ #226 [ 31.240009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.240012] Call Trace: [ 31.240016] dump_stack+0x1c9/0x2b4 [ 31.240021] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.240025] ? vprintk_func+0x100/0x117 [ 31.240030] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 31.240033] ? save_trace+0xe0/0x290 [ 31.240037] __lock_acquire+0x3449/0x5020 [ 31.240041] ? mark_held_locks+0x160/0x160 [ 31.240046] ? mark_held_locks+0x160/0x160 [ 31.240050] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 31.240054] ? is_bpf_text_address+0xd7/0x170 [ 31.240058] ? kernel_text_address+0x79/0xf0 [ 31.240063] ? __kernel_text_address+0xd/0x40 [ 31.240067] ? __save_stack_trace+0x8d/0xf0 [ 31.240071] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 31.240075] ? save_trace+0x290/0x290 [ 31.240079] ? save_stack_trace+0x1a/0x20 [ 31.240083] ? save_trace+0xe0/0x290 [ 31.240087] ? graph_lock+0x170/0x170 [ 31.240092] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.240096] lock_acquire+0x1e4/0x4f0 [ 31.240099] ? down_trylock+0x13/0x70 [ 31.240103] ? lock_release+0x9f0/0x9f0 [ 31.240108] ? trace_hardirqs_off+0xb8/0x2c0 [ 31.240112] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.240116] ? trace_hardirqs_off+0xb8/0x2c0 [ 31.240120] ? log_store+0x34f/0x4c0 [ 31.240124] ? vprintk_emit+0x31f/0x910 [ 31.240128] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.240132] ? down_trylock+0x13/0x70 [ 31.240135] down_trylock+0x13/0x70 [ 31.240140] __down_trylock_console_sem+0xae/0x200 [ 31.240143] console_trylock+0x15/0xa0 [ 31.240147] vprintk_emit+0x31f/0x910 [ 31.240151] ? wake_up_klogd+0x110/0x110 [ 31.240156] ? run_rebalance_domains+0x4c0/0x4c0 [ 31.240160] ? kasan_check_read+0x11/0x20 [ 31.240164] ? rcu_is_watching+0x8c/0x150 [ 31.240167] ? rcu_pm_notify+0xc0/0xc0 [ 31.240171] ? lock_acquire+0x1e4/0x4f0 [ 31.240175] ? kasan_report+0x8e/0x110 [ 31.240179] ? __schedule+0xf54/0x1df0 [ 31.240183] vprintk_default+0x28/0x30 [ 31.240187] vprintk_func+0x7a/0x117 [ 31.240190] printk+0xa7/0xcf [ 31.240194] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 31.240198] ? kasan_check_write+0x14/0x20 [ 31.240202] ? do_raw_spin_lock+0xc1/0x200 [ 31.240206] ? do_raw_spin_lock+0xc1/0x200 [ 31.240210] kasan_report+0x9e/0x110 [ 31.240215] __asan_report_load8_noabort+0x14/0x20 [ 31.240218] __schedule+0xf54/0x1df0 [ 31.240223] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.240227] ? __sched_text_start+0x8/0x8 [ 31.240231] ? __call_srcu+0x7e7/0x1040 [ 31.240235] ? check_same_owner+0x340/0x340 [ 31.240239] ? mark_held_locks+0x160/0x160 [ 31.240243] ? find_held_lock+0x36/0x1c0 [ 31.240247] preempt_schedule_common+0x22/0x60 [ 31.240251] _cond_resched+0x1d/0x30 [ 31.240255] wait_for_completion+0xa5/0x8d0 [ 31.240260] ? wait_for_completion_interruptible+0x950/0x950 [ 31.240264] ? __lockdep_init_map+0x105/0x590 [ 31.240269] ? __init_waitqueue_head+0x9e/0x150 [ 31.240273] ? init_wait_entry+0x1c0/0x1c0 [ 31.240277] __synchronize_srcu+0x189/0x240 [ 31.240280] ? call_srcu+0x10/0x10 [ 31.240285] ? rcu_unexpedite_gp+0x20/0x20 [ 31.240289] synchronize_srcu+0x335/0x56f [ 31.240293] ? lock_downgrade+0x8f0/0x8f0 [ 31.240297] ? synchronize_srcu_expedited+0x20/0x20 [ 31.240302] ? kasan_check_read+0x11/0x20 [ 31.240306] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 31.240310] ? kasan_check_write+0x14/0x20 [ 31.240314] ? do_raw_spin_lock+0xc1/0x200 [ 31.240319] kvm_page_track_unregister_notifier+0x17d/0x250 [ 31.240324] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 31.240327] ? kvfree+0x61/0x70 [ 31.240332] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.240344] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.240349] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 31.240353] ? kvm_arch_sync_events+0x30/0x30 [ 31.240358] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.240362] ? mmu_notifier_unregister+0x474/0x600 [ 31.240366] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.240375] ? kfree+0x111/0x210 [ 31.240380] ? __mmu_notifier_register+0x30/0x30 [ 31.240384] ? __free_pages+0x10a/0x190 [ 31.240388] ? free_unref_page+0x930/0x930 [ 31.240392] kvm_put_kvm+0x73f/0x1060 [ 31.240396] ? kvm_write_guest_cached+0x40/0x40 [ 31.240400] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.240405] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.240409] ? lockdep_hardirqs_on+0x421/0x5c0 [ 31.240413] ? kasan_check_write+0x14/0x20 [ 31.240417] ? do_raw_spin_lock+0xc1/0x200 [ 31.240421] ? kvm_irqfd_release+0xdd/0x120 [ 31.240426] ? kvm_irqfd_release+0xdd/0x120 [ 31.240430] ? kvm_put_kvm+0x1060/0x1060 [ 31.240433] kvm_vm_release+0x42/0x50 [ 31.240437] __fput+0x38a/0xa40 [ 31.240441] ? __alloc_file+0x400/0x400 [ 31.240445] ? check_same_owner+0x340/0x340 [ 31.240449] ? kasan_check_write+0x14/0x20 [ 31.240453] ? do_raw_spin_lock+0xc1/0x200 [ 31.240457] ____fput+0x15/0x20 [ 31.240461] task_work_run+0x1e8/0x2a0 [ 31.240465] ? task_work_cancel+0x240/0x240 [ 31.240470] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.240474] ? switch_task_namespaces+0xa2/0xd0 [ 31.240478] do_exit+0x1ae4/0x26e0 [ 31.240482] ? find_held_lock+0x36/0x1c0 [ 31.240486] ? mm_update_next_owner+0x9a0/0x9a0 [ 31.240490] ? lock_downgrade+0x8f0/0x8f0 [ 31.240494] ? kasan_check_read+0x11/0x20 [ 31.240498] ? rcu_is_watching+0x8c/0x150 [ 31.240502] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 31.240506] ? rcu_cleanup_dead_rnp+0x200 [ 31.240513] Lost 55 message(s)! [ 32.316099] Shutting down cpus with NMI [ 33.375075] Dumping ftrace buffer: [ 33.378603] (ftrace buffer empty) [ 33.382292] Kernel Offset: disabled [ 33.385901] Rebooting in 86400 seconds..