[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.449919] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 25.303392] random: sshd: uninitialized urandom read (32 bytes read) [ 25.584541] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.147804] random: sshd: uninitialized urandom read (32 bytes read) [ 26.328156] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts. [ 32.054122] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 32.155454] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 32.180662] ================================================================== [ 32.190486] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 32.196721] Read of size 8 at addr ffff8801d84c8058 by task syz-executor288/4711 [ 32.204247] [ 32.205884] CPU: 0 PID: 4711 Comm: syz-executor288 Not tainted 4.19.0-rc2+ #220 [ 32.213416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.222774] Call Trace: [ 32.225378] dump_stack+0x1c9/0x2b4 [ 32.229016] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.234219] ? printk+0xa7/0xcf [ 32.237501] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.242261] ? __schedule+0xf54/0x1df0 [ 32.246152] print_address_description+0x6c/0x20b [ 32.251004] ? __schedule+0xf54/0x1df0 [ 32.254908] kasan_report.cold.7+0x242/0x30d [ 32.259337] __asan_report_load8_noabort+0x14/0x20 [ 32.264272] __schedule+0xf54/0x1df0 [ 32.267997] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.273105] ? __sched_text_start+0x8/0x8 [ 32.277258] ? __call_srcu+0x7e7/0x1040 [ 32.281244] ? check_same_owner+0x340/0x340 [ 32.285568] ? mark_held_locks+0x160/0x160 [ 32.289805] ? find_held_lock+0x36/0x1c0 [ 32.293872] preempt_schedule_common+0x22/0x60 [ 32.298457] _cond_resched+0x1d/0x30 [ 32.302172] wait_for_completion+0xa5/0x8d0 [ 32.306498] ? wait_for_completion_interruptible+0x950/0x950 [ 32.312294] ? __lockdep_init_map+0x105/0x590 [ 32.316808] ? __init_waitqueue_head+0x9e/0x150 [ 32.321472] ? init_wait_entry+0x1c0/0x1c0 [ 32.325711] __synchronize_srcu+0x189/0x240 [ 32.330031] ? call_srcu+0x10/0x10 [ 32.333581] ? rcu_unexpedite_gp+0x20/0x20 [ 32.337829] synchronize_srcu+0x335/0x56f [ 32.341987] ? lock_downgrade+0x8f0/0x8f0 [ 32.346132] ? synchronize_srcu_expedited+0x20/0x20 [ 32.351148] ? kasan_check_read+0x11/0x20 [ 32.355295] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.359883] ? kasan_check_write+0x14/0x20 [ 32.364117] ? do_raw_spin_lock+0xc1/0x200 [ 32.368355] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.374075] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.379523] ? kvfree+0x61/0x70 [ 32.382800] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.387814] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.391884] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.396297] ? kvm_arch_sync_events+0x30/0x30 [ 32.400804] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.406345] ? mmu_notifier_unregister+0x474/0x600 [ 32.411274] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.415688] ? kfree+0x111/0x210 [ 32.419064] ? __mmu_notifier_register+0x30/0x30 [ 32.423829] ? __free_pages+0x10a/0x190 [ 32.427803] ? free_unref_page+0x930/0x930 [ 32.432067] kvm_put_kvm+0x73f/0x1060 [ 32.435872] ? kvm_write_guest_cached+0x40/0x40 [ 32.440545] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.445046] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.449541] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.454128] ? kasan_check_write+0x14/0x20 [ 32.458378] ? do_raw_spin_lock+0xc1/0x200 [ 32.462614] ? kvm_irqfd_release+0xdd/0x120 [ 32.466934] ? kvm_irqfd_release+0xdd/0x120 [ 32.471259] ? kvm_put_kvm+0x1060/0x1060 [ 32.475325] kvm_vm_release+0x42/0x50 [ 32.479130] __fput+0x38a/0xa40 [ 32.482413] ? __alloc_file+0x400/0x400 [ 32.486396] ? check_same_owner+0x340/0x340 [ 32.490720] ? kasan_check_write+0x14/0x20 [ 32.494957] ? do_raw_spin_lock+0xc1/0x200 [ 32.499193] ____fput+0x15/0x20 [ 32.502489] task_work_run+0x1e8/0x2a0 [ 32.506381] ? task_work_cancel+0x240/0x240 [ 32.510711] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.516251] ? switch_task_namespaces+0xa2/0xd0 [ 32.520922] do_exit+0x1ae4/0x26e0 [ 32.524467] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.529137] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.533375] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.538388] ? kfree+0x1d7/0x210 [ 32.541768] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.546023] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.551746] ? is_bpf_text_address+0xd7/0x170 [ 32.556242] ? kernel_text_address+0x79/0xf0 [ 32.560651] ? __kernel_text_address+0xd/0x40 [ 32.565166] ? unwind_get_return_address+0x61/0xa0 [ 32.570104] ? __save_stack_trace+0x8d/0xf0 [ 32.574432] ? save_stack+0xa9/0xd0 [ 32.578066] ? save_stack+0x43/0xd0 [ 32.581689] ? __kasan_slab_free+0x11a/0x170 [ 32.586096] ? kasan_slab_free+0xe/0x10 [ 32.590071] ? putname+0xf2/0x130 [ 32.593544] ? __x64_sys_openat+0x9d/0x100 [ 32.597780] ? do_syscall_64+0x1b9/0x820 [ 32.601839] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.607205] ? trace_hardirqs_off+0xb8/0x2b0 [ 32.611612] ? kasan_check_read+0x11/0x20 [ 32.615764] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.620628] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.625049] ? initcall_blacklisted+0x9a/0x1e0 [ 32.629634] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.634740] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.640453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.645988] ? do_vfs_ioctl+0x201/0x1720 [ 32.650056] ? rcu_is_watching+0x8c/0x150 [ 32.654206] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.658529] ? ioctl_preallocate+0x300/0x300 [ 32.662938] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.668478] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 32.673493] ? __fget_light+0x2f7/0x440 [ 32.677468] ? fget_raw+0x20/0x20 [ 32.680932] ? fget_raw+0x20/0x20 [ 32.684405] ? kmem_cache_free+0x246/0x280 [ 32.688655] ? putname+0xf7/0x130 [ 32.692118] do_group_exit+0x177/0x440 [ 32.696005] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.700333] ? __ia32_sys_exit+0x50/0x50 [ 32.704389] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.709490] __x64_sys_exit_group+0x3e/0x50 [ 32.713834] do_syscall_64+0x1b9/0x820 [ 32.717718] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.723075] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.728021] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.732869] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 32.737886] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.742901] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.747742] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.752927] RIP: 0033:0x43ef28 [ 32.756124] Code: Bad RIP value. [ 32.759484] RSP: 002b:00007ffce5082208 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.767193] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef28 [ 32.774462] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.781749] RBP: 00000000004be7e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.789010] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 32.796282] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 32.803562] [ 32.805185] Allocated by task 4711: [ 32.808828] save_stack+0x43/0xd0 [ 32.812277] kasan_kmalloc+0xc4/0xe0 [ 32.816050] kasan_slab_alloc+0x12/0x20 [ 32.820023] kmem_cache_alloc+0x12e/0x710 [ 32.824179] vmx_create_vcpu+0xcf/0x2830 [ 32.828239] kvm_arch_vcpu_create+0xe5/0x220 [ 32.832647] kvm_vm_ioctl+0x488/0x1d80 [ 32.836533] do_vfs_ioctl+0x1de/0x1720 [ 32.840414] ksys_ioctl+0xa9/0xd0 [ 32.843861] __x64_sys_ioctl+0x73/0xb0 [ 32.847745] do_syscall_64+0x1b9/0x820 [ 32.851631] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.856807] [ 32.858429] Freed by task 4711: [ 32.861702] save_stack+0x43/0xd0 [ 32.865175] __kasan_slab_free+0x11a/0x170 [ 32.869400] kasan_slab_free+0xe/0x10 [ 32.873204] kmem_cache_free+0x86/0x280 [ 32.877173] vmx_free_vcpu+0x26b/0x300 [ 32.881066] kvm_arch_destroy_vm+0x365/0x7c0 [ 32.885486] kvm_put_kvm+0x73f/0x1060 [ 32.889293] kvm_vm_release+0x42/0x50 [ 32.893100] __fput+0x38a/0xa40 [ 32.896372] ____fput+0x15/0x20 [ 32.899645] task_work_run+0x1e8/0x2a0 [ 32.903526] do_exit+0x1ae4/0x26e0 [ 32.907082] do_group_exit+0x177/0x440 [ 32.910975] __x64_sys_exit_group+0x3e/0x50 [ 32.915294] do_syscall_64+0x1b9/0x820 [ 32.919200] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.924380] [ 32.926012] The buggy address belongs to the object at ffff8801d84c8040 [ 32.926012] which belongs to the cache kvm_vcpu of size 23872 [ 32.938588] The buggy address is located 24 bytes inside of [ 32.938588] 23872-byte region [ffff8801d84c8040, ffff8801d84cdd80) [ 32.950547] The buggy address belongs to the page: [ 32.955491] page:ffffea0007613200 count:1 mapcount:0 mapping:ffff8801d5357c00 index:0x0 compound_mapcount: 0 [ 32.965464] flags: 0x2fffc0000008100(slab|head) [ 32.970152] raw: 02fffc0000008100 ffff8801d535cf48 ffff8801d535cf48 ffff8801d5357c00 [ 32.978058] raw: 0000000000000000 ffff8801d84c8040 0000000100000001 0000000000000000 [ 32.985935] page dumped because: kasan: bad access detected [ 32.991636] [ 32.993254] Memory state around the buggy address: [ 32.998183] ffff8801d84c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.005543] ffff8801d84c7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.012933] >ffff8801d84c8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 33.020306] ^ [ 33.026539] ffff8801d84c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.033899] ffff8801d84c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.041252] ================================================================== [ 33.048606] Kernel panic - not syncing: panic_on_warn set ... [ 33.048606] [ 33.055977] CPU: 0 PID: 4711 Comm: syz-executor288 Tainted: G B 4.19.0-rc2+ #220 [ 33.064815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.074176] Call Trace: [ 33.076798] dump_stack+0x1c9/0x2b4 [ 33.080455] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.085642] ? lock_downgrade+0x8f0/0x8f0 [ 33.089788] ? __schedule+0xf54/0x1df0 [ 33.093675] panic+0x238/0x4e7 [ 33.096893] ? add_taint.cold.5+0x16/0x16 [ 33.101090] ? print_shadow_for_address+0xba/0x116 [ 33.106014] ? trace_hardirqs_off+0xaf/0x2b0 [ 33.110430] ? trace_hardirqs_off+0x77/0x2b0 [ 33.114841] ? __schedule+0xf54/0x1df0 [ 33.118726] kasan_end_report+0x47/0x4f [ 33.122702] kasan_report.cold.7+0x76/0x30d [ 33.127042] __asan_report_load8_noabort+0x14/0x20 [ 33.131974] __schedule+0xf54/0x1df0 [ 33.135692] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.140806] ? __sched_text_start+0x8/0x8 [ 33.144963] ? __call_srcu+0x7e7/0x1040 [ 33.148937] ? check_same_owner+0x340/0x340 [ 33.153251] ? mark_held_locks+0x160/0x160 [ 33.157486] ? find_held_lock+0x36/0x1c0 [ 33.161549] preempt_schedule_common+0x22/0x60 [ 33.166130] _cond_resched+0x1d/0x30 [ 33.169839] wait_for_completion+0xa5/0x8d0 [ 33.174159] ? wait_for_completion_interruptible+0x950/0x950 [ 33.179960] ? __lockdep_init_map+0x105/0x590 [ 33.184459] ? __init_waitqueue_head+0x9e/0x150 [ 33.189125] ? init_wait_entry+0x1c0/0x1c0 [ 33.193365] __synchronize_srcu+0x189/0x240 [ 33.197687] ? call_srcu+0x10/0x10 [ 33.201230] ? rcu_unexpedite_gp+0x20/0x20 [ 33.205473] synchronize_srcu+0x335/0x56f [ 33.209619] ? lock_downgrade+0x8f0/0x8f0 [ 33.213770] ? synchronize_srcu_expedited+0x20/0x20 [ 33.218795] ? kasan_check_read+0x11/0x20 [ 33.222943] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.227522] ? kasan_check_write+0x14/0x20 [ 33.231755] ? do_raw_spin_lock+0xc1/0x200 [ 33.235992] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.241701] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.247160] ? kvfree+0x61/0x70 [ 33.250439] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.255458] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.259519] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.263926] ? kvm_arch_sync_events+0x30/0x30 [ 33.268430] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.274001] ? mmu_notifier_unregister+0x474/0x600 [ 33.278923] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.283339] ? kfree+0x111/0x210 [ 33.286716] ? __mmu_notifier_register+0x30/0x30 [ 33.291486] ? __free_pages+0x10a/0x190 [ 33.295466] ? free_unref_page+0x930/0x930 [ 33.299743] kvm_put_kvm+0x73f/0x1060 [ 33.303564] ? kvm_write_guest_cached+0x40/0x40 [ 33.308235] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.312728] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.317223] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.321807] ? kasan_check_write+0x14/0x20 [ 33.326059] ? do_raw_spin_lock+0xc1/0x200 [ 33.330305] ? kvm_irqfd_release+0xdd/0x120 [ 33.334624] ? kvm_irqfd_release+0xdd/0x120 [ 33.338946] ? kvm_put_kvm+0x1060/0x1060 [ 33.343005] kvm_vm_release+0x42/0x50 [ 33.346822] __fput+0x38a/0xa40 [ 33.350111] ? __alloc_file+0x400/0x400 [ 33.354086] ? check_same_owner+0x340/0x340 [ 33.358408] ? kasan_check_write+0x14/0x20 [ 33.362657] ? do_raw_spin_lock+0xc1/0x200 [ 33.366885] ____fput+0x15/0x20 [ 33.370164] task_work_run+0x1e8/0x2a0 [ 33.374056] ? task_work_cancel+0x240/0x240 [ 33.378384] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.383921] ? switch_task_namespaces+0xa2/0xd0 [ 33.388590] do_exit+0x1ae4/0x26e0 [ 33.392134] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.396829] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.401074] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.406095] ? kfree+0x1d7/0x210 [ 33.409489] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.413722] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.419457] ? is_bpf_text_address+0xd7/0x170 [ 33.423949] ? kernel_text_address+0x79/0xf0 [ 33.428354] ? __kernel_text_address+0xd/0x40 [ 33.432845] ? unwind_get_return_address+0x61/0xa0 [ 33.437772] ? __save_stack_trace+0x8d/0xf0 [ 33.442108] ? save_stack+0xa9/0xd0 [ 33.445742] ? save_stack+0x43/0xd0 [ 33.449385] ? __kasan_slab_free+0x11a/0x170 [ 33.453792] ? kasan_slab_free+0xe/0x10 [ 33.457767] ? putname+0xf2/0x130 [ 33.461221] ? __x64_sys_openat+0x9d/0x100 [ 33.465453] ? do_syscall_64+0x1b9/0x820 [ 33.469514] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.474875] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.479279] ? kasan_check_read+0x11/0x20 [ 33.483452] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.487862] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.492270] ? initcall_blacklisted+0x9a/0x1e0 [ 33.496861] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.501979] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.507687] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.513223] ? do_vfs_ioctl+0x201/0x1720 [ 33.517292] ? rcu_is_watching+0x8c/0x150 [ 33.521450] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.525771] ? ioctl_preallocate+0x300/0x300 [ 33.530204] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.535774] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 33.540787] ? __fget_light+0x2f7/0x440 [ 33.544775] ? fget_raw+0x20/0x20 [ 33.548222] ? fget_raw+0x20/0x20 [ 33.551670] ? kmem_cache_free+0x246/0x280 [ 33.555926] ? putname+0xf7/0x130 [ 33.559383] do_group_exit+0x177/0x440 [ 33.563271] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.567593] ? __ia32_sys_exit+0x50/0x50 [ 33.571650] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.576751] __x64_sys_exit_group+0x3e/0x50 [ 33.581075] do_syscall_64+0x1b9/0x820 [ 33.584961] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.590330] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.595255] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.600098] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.605125] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.610144] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.614988] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.620364] RIP: 0033:0x43ef28 [ 33.623565] Code: Bad RIP value. [ 33.626923] RSP: 002b:00007ffce5082208 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.634633] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef28 [ 33.641905] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.649180] RBP: 00000000004be7e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.656474] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.663759] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.671048] [ 33.671054] ====================================================== [ 33.671059] WARNING: possible circular locking dependency detected [ 33.671063] 4.19.0-rc2+ #220 Not tainted [ 33.671068] ------------------------------------------------------ [ 33.671073] syz-executor288/4711 is trying to acquire lock: [ 33.671076] 00000000b7238efa ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 33.671091] [ 33.671095] but task is already holding lock: [ 33.671098] 00000000d45c107e (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.671112] [ 33.671117] which lock already depends on the new lock. [ 33.671119] [ 33.671121] [ 33.671126] the existing dependency chain (in reverse order) is: [ 33.671128] [ 33.671131] -> #3 (report_lock){....}: [ 33.671145] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.671149] kasan_report+0x8e/0x110 [ 33.671153] __asan_report_load8_noabort+0x14/0x20 [ 33.671157] __schedule+0xf54/0x1df0 [ 33.671161] preempt_schedule_common+0x22/0x60 [ 33.671165] _cond_resched+0x1d/0x30 [ 33.671169] wait_for_completion+0xa5/0x8d0 [ 33.671173] __synchronize_srcu+0x189/0x240 [ 33.671177] synchronize_srcu+0x335/0x56f [ 33.671181] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.671185] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.671190] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.671193] kvm_put_kvm+0x73f/0x1060 [ 33.671197] kvm_vm_release+0x42/0x50 [ 33.671201] __fput+0x38a/0xa40 [ 33.671204] ____fput+0x15/0x20 [ 33.671208] task_work_run+0x1e8/0x2a0 [ 33.671211] do_exit+0x1ae4/0x26e0 [ 33.671215] do_group_exit+0x177/0x440 [ 33.671219] __x64_sys_exit_group+0x3e/0x50 [ 33.671223] do_syscall_64+0x1b9/0x820 [ 33.671228] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.671230] [ 33.671232] -> #2 (&rq->lock){-.-.}: [ 33.671246] _raw_spin_lock+0x2a/0x40 [ 33.671250] task_fork_fair+0x93/0x680 [ 33.671253] sched_fork+0x44b/0xbd0 [ 33.671257] copy_process+0x235e/0x7ad0 [ 33.671261] _do_fork+0x1ca/0x1170 [ 33.671264] kernel_thread+0x34/0x40 [ 33.671268] rest_init+0x22/0xe4 [ 33.671272] start_kernel+0x913/0x94e [ 33.671276] x86_64_start_reservations+0x29/0x2b [ 33.671280] x86_64_start_kernel+0x76/0x79 [ 33.671284] secondary_startup_64+0xa4/0xb0 [ 33.671286] [ 33.671288] -> #1 (&p->pi_lock){-.-.}: [ 33.671308] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.671312] try_to_wake_up+0xd2/0x1250 [ 33.671316] wake_up_process+0x10/0x20 [ 33.671320] __up.isra.1+0x1c0/0x2a0 [ 33.671323] up+0x13c/0x1c0 [ 33.671327] __up_console_sem+0xbe/0x1b0 [ 33.671331] console_unlock+0x506/0x10d0 [ 33.671334] vprintk_emit+0x33a/0x910 [ 33.671338] vprintk_default+0x28/0x30 [ 33.671342] vprintk_func+0x7a/0x117 [ 33.671345] printk+0xa7/0xcf [ 33.671349] do_exit.cold.22+0x120/0x21f [ 33.671353] do_group_exit+0x177/0x440 [ 33.671357] __x64_sys_exit_group+0x3e/0x50 [ 33.671360] do_syscall_64+0x1b9/0x820 [ 33.671365] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.671367] [ 33.671369] -> #0 ((console_sem).lock){-...}: [ 33.671384] lock_acquire+0x1e4/0x4f0 [ 33.671388] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.671391] down_trylock+0x13/0x70 [ 33.671396] __down_trylock_console_sem+0xae/0x200 [ 33.671400] console_trylock+0x15/0xa0 [ 33.671404] vprintk_emit+0x31f/0x910 [ 33.671407] vprintk_default+0x28/0x30 [ 33.671411] vprintk_func+0x7a/0x117 [ 33.671414] printk+0xa7/0xcf [ 33.671418] kasan_report+0x9e/0x110 [ 33.671423] __asan_report_load8_noabort+0x14/0x20 [ 33.671426] __schedule+0xf54/0x1df0 [ 33.671431] preempt_schedule_common+0x22/0x60 [ 33.671434] _cond_resched+0x1d/0x30 [ 33.671438] wait_for_completion+0xa5/0x8d0 [ 33.671442] __synchronize_srcu+0x189/0x240 [ 33.671446] synchronize_srcu+0x335/0x56f [ 33.671451] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.671455] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.671459] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.671463] kvm_put_kvm+0x73f/0x1060 [ 33.671467] kvm_vm_release+0x42/0x50 [ 33.671470] __fput+0x38a/0xa40 [ 33.671474] ____fput+0x15/0x20 [ 33.671477] task_work_run+0x1e8/0x2a0 [ 33.671481] do_exit+0x1ae4/0x26e0 [ 33.671485] do_group_exit+0x177/0x440 [ 33.671489] __x64_sys_exit_group+0x3e/0x50 [ 33.671493] do_syscall_64+0x1b9/0x820 [ 33.671497] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.671499] [ 33.671503] other info that might help us debug this: [ 33.671506] [ 33.671509] Chain exists of: [ 33.671511] (console_sem).lock --> &rq->lock --> report_lock [ 33.671528] [ 33.671532] Possible unsafe locking scenario: [ 33.671534] [ 33.671538] CPU0 CPU1 [ 33.671542] ---- ---- [ 33.671544] lock(report_lock); [ 33.671553] lock(&rq->lock); [ 33.671562] lock(report_lock); [ 33.671570] lock((console_sem).lock); [ 33.671578] [ 33.671581] *** DEADLOCK *** [ 33.671583] [ 33.671587] 2 locks held by syz-executor288/4711: [ 33.671589] #0: 00000000ea015c12 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 33.671606] #1: 00000000d45c107e (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.671622] [ 33.671626] stack backtrace: [ 33.671631] CPU: 0 PID: 4711 Comm: syz-executor288 Not tainted 4.19.0-rc2+ #220 [ 33.671639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.671641] Call Trace: [ 33.671645] dump_stack+0x1c9/0x2b4 [ 33.671650] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.671654] ? vprintk_func+0x100/0x117 [ 33.671658] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 33.671662] ? save_trace+0xe0/0x290 [ 33.671666] __lock_acquire+0x3449/0x5020 [ 33.671670] ? mark_held_locks+0x160/0x160 [ 33.671674] ? mark_held_locks+0x160/0x160 [ 33.671678] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 33.671682] ? is_bpf_text_address+0xd7/0x170 [ 33.671686] ? kernel_text_address+0x79/0xf0 [ 33.671690] ? __kernel_text_address+0xd/0x40 [ 33.671694] ? __save_stack_trace+0x8d/0xf0 [ 33.671699] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 33.671702] ? save_trace+0x290/0x290 [ 33.671706] ? save_stack_trace+0x1a/0x20 [ 33.671710] ? save_trace+0xe0/0x290 [ 33.671714] ? graph_lock+0x170/0x170 [ 33.671718] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.671722] lock_acquire+0x1e4/0x4f0 [ 33.671726] ? down_trylock+0x13/0x70 [ 33.671730] ? lock_release+0x9f0/0x9f0 [ 33.671734] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.671738] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.671742] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.671745] ? log_store+0x34f/0x4c0 [ 33.671749] ? vprintk_emit+0x31f/0x910 [ 33.671753] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.671757] ? down_trylock+0x13/0x70 [ 33.671761] down_trylock+0x13/0x70 [ 33.671765] __down_trylock_console_sem+0xae/0x200 [ 33.671769] console_trylock+0x15/0xa0 [ 33.671772] vprintk_emit+0x31f/0x910 [ 33.671776] ? wake_up_klogd+0x110/0x110 [ 33.671780] ? run_rebalance_domains+0x4c0/0x4c0 [ 33.671785] ? kasan_check_read+0x11/0x20 [ 33.671788] ? rcu_is_watching+0x8c/0x150 [ 33.671792] ? rcu_pm_notify+0xc0/0xc0 [ 33.671796] ? lock_acquire+0x1e4/0x4f0 [ 33.671800] ? kasan_report+0x8e/0x110 [ 33.671804] ? __schedule+0xf54/0x1df0 [ 33.671808] vprintk_default+0x28/0x30 [ 33.671811] vprintk_func+0x7a/0x117 [ 33.671815] printk+0xa7/0xcf [ 33.671819] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.671823] ? kasan_check_write+0x14/0x20 [ 33.671827] ? do_raw_spin_lock+0xc1/0x200 [ 33.671831] ? do_raw_spin_lock+0xc1/0x200 [ 33.671834] kasan_report+0x9e/0x110 [ 33.671839] __asan_report_load8_noabort+0x14/0x20 [ 33.671842] __schedule+0xf54/0x1df0 [ 33.671847] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.671851] ? __sched_text_start+0x8/0x8 [ 33.671855] ? __call_srcu+0x7e7/0x1040 [ 33.671859] ? check_same_owner+0x340/0x340 [ 33.671863] ? mark_held_locks+0x160/0x160 [ 33.671866] ? find_held_lock+0x36/0x1c0 [ 33.671871] preempt_schedule_common+0x22/0x60 [ 33.671874] _cond_resched+0x1d/0x30 [ 33.671878] wait_for_completion+0xa5/0x8d0 [ 33.671883] ? wait_for_completion_interruptible+0x950/0x950 [ 33.671887] ? __lockdep_init_map+0x105/0x590 [ 33.671891] ? __init_waitqueue_head+0x9e/0x150 [ 33.671895] ? init_wait_entry+0x1c0/0x1c0 [ 33.671899] __synchronize_srcu+0x189/0x240 [ 33.671903] ? call_srcu+0x10/0x10 [ 33.671907] ? rcu_unexpedite_gp+0x20/0x20 [ 33.671911] synchronize_srcu+0x335/0x56f [ 33.671915] ? lock_downgrade+0x8f0/0x8f0 [ 33.671919] ? synchronize_srcu_expedited+0x20/0x20 [ 33.671923] ? kasan_check_read+0x11/0x20 [ 33.671927] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.671931] ? kasan_check_write+0x14/0x20 [ 33.671935] ? do_raw_spin_lock+0xc1/0x200 [ 33.671940] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.671945] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.671948] ? kvfree+0x61/0x70 [ 33.671953] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.671957] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.671961] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.671965] ? kvm_arch_sync_events+0x30/0x30 [ 33.671970] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.671974] ? mmu_notifier_unregister+0x474/0x600 [ 33.671978] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.671982] ? kfree+0x111/0x210 [ 33.671986] ? __mmu_notifier_register+0x30/0x30 [ 33.671990] ? __free_pages+0x10a/0x190 [ 33.671994] ? free_unref_page+0x930/0x930 [ 33.671998] kvm_put_kvm+0x73f/0x1060 [ 33.672002] ? kvm_write_guest_cached+0x40/0x40 [ 33.672006] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.672010] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.672014] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.672018] ? kasan_check_write+0x14/0x20 [ 33.672022] ? do_raw_spin_lock+0xc1/0x200 [ 33.672026] ? kvm_irqfd_release+0xdd/0x120 [ 33.672030] ? kvm_irqfd_release+0xdd/0x120 [ 33.672034] ? kvm_put_kvm+0x1060/0x1060 [ 33.672045] kvm_vm_release+0x42/0x50 [ 33.672049] __fput+0x38a/0xa40 [ 33.672052] ? __alloc_file+0x400/0x400 [ 33.672056] ? check_same_owner+0x340/0x340 [ 33.672060] ? kasan_check_write+0x14/0x20 [ 33.672064] ? do_raw_spin_lock+0xc1/0x200 [ 33.672068] ____fput+0x15/0x20 [ 33.672071] task_work_run+0x1e8/0x2a0 [ 33.672075] ? task_work_cancel+0x240/0x240 [ 33.672080] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.672084] ? switch_task_namespaces+0xa2/0xd0 [ 33.672088] do_exit+0x1ae4/0x26e0 [ 33.672092] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.672096] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.672100] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.672104] ? kfree+0x1d7/0x210 [ 33.672108] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.672113] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.672115] ? is_bpf_tex [ 33.672123] Lost 53 message(s)! [ 34.779934] Shutting down cpus with NMI [ 35.838714] Dumping ftrace buffer: [ 35.842246] (ftrace buffer empty) [ 35.845940] Kernel Offset: disabled [ 35.849550] Rebooting in 86400 seconds..