[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.778428] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 24.336962] random: sshd: uninitialized urandom read (32 bytes read) [ 24.642113] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.191659] random: sshd: uninitialized urandom read (32 bytes read) [ 25.377399] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. [ 31.000905] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 31.098805] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 31.124086] ================================================================== [ 31.134057] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 31.140297] Read of size 8 at addr ffff8801b8450058 by task syz-executor776/4663 [ 31.147829] [ 31.149456] CPU: 1 PID: 4663 Comm: syz-executor776 Not tainted 4.19.0-rc2+ #220 [ 31.156893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.166243] Call Trace: [ 31.168826] dump_stack+0x1c9/0x2b4 [ 31.172488] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.177700] ? printk+0xa7/0xcf [ 31.180976] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 31.185770] ? __schedule+0xf54/0x1df0 [ 31.189658] print_address_description+0x6c/0x20b [ 31.194500] ? __schedule+0xf54/0x1df0 [ 31.198425] kasan_report.cold.7+0x242/0x30d [ 31.202840] __asan_report_load8_noabort+0x14/0x20 [ 31.207792] __schedule+0xf54/0x1df0 [ 31.211501] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.216617] ? __sched_text_start+0x8/0x8 [ 31.220765] ? __call_srcu+0x7e7/0x1040 [ 31.224768] ? check_same_owner+0x340/0x340 [ 31.229086] ? mark_held_locks+0x160/0x160 [ 31.233328] ? find_held_lock+0x36/0x1c0 [ 31.237421] preempt_schedule_common+0x22/0x60 [ 31.242014] _cond_resched+0x1d/0x30 [ 31.245741] wait_for_completion+0xa5/0x8d0 [ 31.250074] ? wait_for_completion_interruptible+0x950/0x950 [ 31.255880] ? __lockdep_init_map+0x105/0x590 [ 31.260394] ? __init_waitqueue_head+0x9e/0x150 [ 31.265071] ? init_wait_entry+0x1c0/0x1c0 [ 31.269302] __synchronize_srcu+0x189/0x240 [ 31.273636] ? call_srcu+0x10/0x10 [ 31.277185] ? rcu_unexpedite_gp+0x20/0x20 [ 31.281436] synchronize_srcu+0x335/0x56f [ 31.285575] ? lock_downgrade+0x8f0/0x8f0 [ 31.289728] ? synchronize_srcu_expedited+0x20/0x20 [ 31.294754] ? kasan_check_read+0x11/0x20 [ 31.298920] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 31.303515] ? kasan_check_write+0x14/0x20 [ 31.307750] ? do_raw_spin_lock+0xc1/0x200 [ 31.311985] kvm_page_track_unregister_notifier+0x17d/0x250 [ 31.317695] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 31.323144] ? kvfree+0x61/0x70 [ 31.326435] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.331462] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.335542] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 31.339986] ? kvm_arch_sync_events+0x30/0x30 [ 31.344485] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.350025] ? mmu_notifier_unregister+0x474/0x600 [ 31.354968] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.359385] ? kfree+0x111/0x210 [ 31.362755] ? __mmu_notifier_register+0x30/0x30 [ 31.367518] ? __free_pages+0x10a/0x190 [ 31.371497] ? free_unref_page+0x930/0x930 [ 31.375760] kvm_put_kvm+0x73f/0x1060 [ 31.379565] ? kvm_write_guest_cached+0x40/0x40 [ 31.384252] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.388770] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.393275] ? lockdep_hardirqs_on+0x421/0x5c0 [ 31.397879] ? kasan_check_write+0x14/0x20 [ 31.402122] ? do_raw_spin_lock+0xc1/0x200 [ 31.406354] ? kvm_irqfd_release+0xdd/0x120 [ 31.410706] ? kvm_irqfd_release+0xdd/0x120 [ 31.415052] ? kvm_put_kvm+0x1060/0x1060 [ 31.419109] kvm_vm_release+0x42/0x50 [ 31.422906] __fput+0x38a/0xa40 [ 31.426182] ? __alloc_file+0x400/0x400 [ 31.430161] ? check_same_owner+0x340/0x340 [ 31.434476] ? kasan_check_write+0x14/0x20 [ 31.438762] ? do_raw_spin_lock+0xc1/0x200 [ 31.442993] ____fput+0x15/0x20 [ 31.446294] task_work_run+0x1e8/0x2a0 [ 31.450196] ? task_work_cancel+0x240/0x240 [ 31.454533] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.460066] ? switch_task_namespaces+0xa2/0xd0 [ 31.464760] do_exit+0x1ae4/0x26e0 [ 31.468333] ? mm_update_next_owner+0x9a0/0x9a0 [ 31.473015] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 31.477248] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.482258] ? kfree+0x1d7/0x210 [ 31.485627] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 31.489864] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 31.495572] ? is_bpf_text_address+0xd7/0x170 [ 31.500083] ? kernel_text_address+0x79/0xf0 [ 31.504490] ? __kernel_text_address+0xd/0x40 [ 31.509007] ? unwind_get_return_address+0x61/0xa0 [ 31.513967] ? __save_stack_trace+0x8d/0xf0 [ 31.518312] ? save_stack+0xa9/0xd0 [ 31.521933] ? save_stack+0x43/0xd0 [ 31.525578] ? __kasan_slab_free+0x11a/0x170 [ 31.529979] ? kasan_slab_free+0xe/0x10 [ 31.533950] ? putname+0xf2/0x130 [ 31.537400] ? __x64_sys_openat+0x9d/0x100 [ 31.541633] ? do_syscall_64+0x1b9/0x820 [ 31.545692] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.551099] ? trace_hardirqs_off+0xb8/0x2b0 [ 31.555538] ? kasan_check_read+0x11/0x20 [ 31.559694] ? do_raw_spin_unlock+0xa7/0x2f0 [ 31.564110] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.568534] ? initcall_blacklisted+0x9a/0x1e0 [ 31.573118] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 31.578225] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 31.583935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.589473] ? do_vfs_ioctl+0x201/0x1720 [ 31.593558] ? rcu_is_watching+0x8c/0x150 [ 31.597700] ? trace_hardirqs_on+0xbd/0x2c0 [ 31.602023] ? ioctl_preallocate+0x300/0x300 [ 31.606454] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.611987] ? __fget_light+0x2f7/0x440 [ 31.615963] ? fget_raw+0x20/0x20 [ 31.619437] ? putname+0xf2/0x130 [ 31.622913] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.627925] ? kmem_cache_free+0x246/0x280 [ 31.632157] ? putname+0xf7/0x130 [ 31.635615] do_group_exit+0x177/0x440 [ 31.639505] ? trace_hardirqs_on+0xbd/0x2c0 [ 31.643830] ? __ia32_sys_exit+0x50/0x50 [ 31.647886] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.653083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.658643] ? ksys_ioctl+0x81/0xd0 [ 31.662275] __x64_sys_exit_group+0x3e/0x50 [ 31.666601] do_syscall_64+0x1b9/0x820 [ 31.670490] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 31.675881] ? syscall_return_slowpath+0x5e0/0x5e0 [ 31.680853] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.685690] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 31.690705] ? prepare_exit_to_usermode+0x291/0x3b0 [ 31.695752] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.700608] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.705793] RIP: 0033:0x43ef08 [ 31.708989] Code: Bad RIP value. [ 31.712352] RSP: 002b:00007ffe028cad98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 31.720083] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 31.727345] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 31.734605] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 31.741865] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 31.749134] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 31.756427] [ 31.758061] Allocated by task 4663: [ 31.761688] save_stack+0x43/0xd0 [ 31.765139] kasan_kmalloc+0xc4/0xe0 [ 31.768865] kasan_slab_alloc+0x12/0x20 [ 31.772835] kmem_cache_alloc+0x12e/0x710 [ 31.776978] vmx_create_vcpu+0xcf/0x2830 [ 31.781034] kvm_arch_vcpu_create+0xe5/0x220 [ 31.785441] kvm_vm_ioctl+0x488/0x1d80 [ 31.789324] do_vfs_ioctl+0x1de/0x1720 [ 31.793205] ksys_ioctl+0xa9/0xd0 [ 31.796653] __x64_sys_ioctl+0x73/0xb0 [ 31.800559] do_syscall_64+0x1b9/0x820 [ 31.804471] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.809646] [ 31.811266] Freed by task 4663: [ 31.814539] save_stack+0x43/0xd0 [ 31.818004] __kasan_slab_free+0x11a/0x170 [ 31.822243] kasan_slab_free+0xe/0x10 [ 31.826061] kmem_cache_free+0x86/0x280 [ 31.830028] vmx_free_vcpu+0x26b/0x300 [ 31.833930] kvm_arch_destroy_vm+0x365/0x7c0 [ 31.838334] kvm_put_kvm+0x73f/0x1060 [ 31.842151] kvm_vm_release+0x42/0x50 [ 31.845945] __fput+0x38a/0xa40 [ 31.849215] ____fput+0x15/0x20 [ 31.852486] task_work_run+0x1e8/0x2a0 [ 31.856392] do_exit+0x1ae4/0x26e0 [ 31.859924] do_group_exit+0x177/0x440 [ 31.863801] __x64_sys_exit_group+0x3e/0x50 [ 31.868119] do_syscall_64+0x1b9/0x820 [ 31.872006] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.877181] [ 31.878827] The buggy address belongs to the object at ffff8801b8450040 [ 31.878827] which belongs to the cache kvm_vcpu of size 23872 [ 31.891393] The buggy address is located 24 bytes inside of [ 31.891393] 23872-byte region [ffff8801b8450040, ffff8801b8455d80) [ 31.903343] The buggy address belongs to the page: [ 31.908268] page:ffffea0006e11400 count:1 mapcount:0 mapping:ffff8801d5354b40 index:0x0 compound_mapcount: 0 [ 31.918234] flags: 0x2fffc0000008100(slab|head) [ 31.922902] raw: 02fffc0000008100 ffff8801d534c248 ffff8801d534c248 ffff8801d5354b40 [ 31.931308] raw: 0000000000000000 ffff8801b8450040 0000000100000001 0000000000000000 [ 31.939198] page dumped because: kasan: bad access detected [ 31.944915] [ 31.946552] Memory state around the buggy address: [ 31.951474] ffff8801b844ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.958827] ffff8801b844ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.966182] >ffff8801b8450000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 31.973529] ^ [ 31.979760] ffff8801b8450080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.987113] ffff8801b8450100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.994460] ================================================================== [ 32.001819] Kernel panic - not syncing: panic_on_warn set ... [ 32.001819] [ 32.009226] CPU: 1 PID: 4663 Comm: syz-executor776 Tainted: G B 4.19.0-rc2+ #220 [ 32.018071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.027440] Call Trace: [ 32.030040] dump_stack+0x1c9/0x2b4 [ 32.033666] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.038868] ? lock_downgrade+0x8f0/0x8f0 [ 32.043027] ? __schedule+0xf54/0x1df0 [ 32.046923] panic+0x238/0x4e7 [ 32.050132] ? add_taint.cold.5+0x16/0x16 [ 32.054280] ? print_shadow_for_address+0xba/0x116 [ 32.059214] ? trace_hardirqs_off+0xaf/0x2b0 [ 32.063631] ? trace_hardirqs_off+0x77/0x2b0 [ 32.068049] ? __schedule+0xf54/0x1df0 [ 32.071936] kasan_end_report+0x47/0x4f [ 32.075952] kasan_report.cold.7+0x76/0x30d [ 32.080273] __asan_report_load8_noabort+0x14/0x20 [ 32.085202] __schedule+0xf54/0x1df0 [ 32.088912] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.094029] ? __sched_text_start+0x8/0x8 [ 32.098199] ? __call_srcu+0x7e7/0x1040 [ 32.102181] ? check_same_owner+0x340/0x340 [ 32.106524] ? mark_held_locks+0x160/0x160 [ 32.110792] ? find_held_lock+0x36/0x1c0 [ 32.114857] preempt_schedule_common+0x22/0x60 [ 32.119436] _cond_resched+0x1d/0x30 [ 32.123150] wait_for_completion+0xa5/0x8d0 [ 32.127471] ? wait_for_completion_interruptible+0x950/0x950 [ 32.133265] ? __lockdep_init_map+0x105/0x590 [ 32.137766] ? __init_waitqueue_head+0x9e/0x150 [ 32.142435] ? init_wait_entry+0x1c0/0x1c0 [ 32.146681] __synchronize_srcu+0x189/0x240 [ 32.151000] ? call_srcu+0x10/0x10 [ 32.154560] ? rcu_unexpedite_gp+0x20/0x20 [ 32.158808] synchronize_srcu+0x335/0x56f [ 32.162972] ? lock_downgrade+0x8f0/0x8f0 [ 32.167147] ? synchronize_srcu_expedited+0x20/0x20 [ 32.172162] ? kasan_check_read+0x11/0x20 [ 32.176312] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.180892] ? kasan_check_write+0x14/0x20 [ 32.185147] ? do_raw_spin_lock+0xc1/0x200 [ 32.189388] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.195110] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.200560] ? kvfree+0x61/0x70 [ 32.203839] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.208867] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.212945] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.217354] ? kvm_arch_sync_events+0x30/0x30 [ 32.221850] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.227388] ? mmu_notifier_unregister+0x474/0x600 [ 32.232312] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.236720] ? kfree+0x111/0x210 [ 32.240111] ? __mmu_notifier_register+0x30/0x30 [ 32.244874] ? __free_pages+0x10a/0x190 [ 32.248845] ? free_unref_page+0x930/0x930 [ 32.253085] kvm_put_kvm+0x73f/0x1060 [ 32.256901] ? kvm_write_guest_cached+0x40/0x40 [ 32.261573] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.266090] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.270585] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.275194] ? kasan_check_write+0x14/0x20 [ 32.279449] ? do_raw_spin_lock+0xc1/0x200 [ 32.283685] ? kvm_irqfd_release+0xdd/0x120 [ 32.288021] ? kvm_irqfd_release+0xdd/0x120 [ 32.292366] ? kvm_put_kvm+0x1060/0x1060 [ 32.296446] kvm_vm_release+0x42/0x50 [ 32.300244] __fput+0x38a/0xa40 [ 32.303526] ? __alloc_file+0x400/0x400 [ 32.307504] ? check_same_owner+0x340/0x340 [ 32.311827] ? kasan_check_write+0x14/0x20 [ 32.316078] ? do_raw_spin_lock+0xc1/0x200 [ 32.320312] ____fput+0x15/0x20 [ 32.323592] task_work_run+0x1e8/0x2a0 [ 32.327476] ? task_work_cancel+0x240/0x240 [ 32.331805] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.337356] ? switch_task_namespaces+0xa2/0xd0 [ 32.342025] do_exit+0x1ae4/0x26e0 [ 32.345568] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.350239] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.354472] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.359482] ? kfree+0x1d7/0x210 [ 32.362885] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.367130] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.372851] ? is_bpf_text_address+0xd7/0x170 [ 32.377340] ? kernel_text_address+0x79/0xf0 [ 32.381742] ? __kernel_text_address+0xd/0x40 [ 32.386240] ? unwind_get_return_address+0x61/0xa0 [ 32.391173] ? __save_stack_trace+0x8d/0xf0 [ 32.395499] ? save_stack+0xa9/0xd0 [ 32.399130] ? save_stack+0x43/0xd0 [ 32.402764] ? __kasan_slab_free+0x11a/0x170 [ 32.407173] ? kasan_slab_free+0xe/0x10 [ 32.411144] ? putname+0xf2/0x130 [ 32.414623] ? __x64_sys_openat+0x9d/0x100 [ 32.418852] ? do_syscall_64+0x1b9/0x820 [ 32.422912] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.428269] ? trace_hardirqs_off+0xb8/0x2b0 [ 32.432709] ? kasan_check_read+0x11/0x20 [ 32.436873] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.441298] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.445724] ? initcall_blacklisted+0x9a/0x1e0 [ 32.450310] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.455428] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.461139] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.466691] ? do_vfs_ioctl+0x201/0x1720 [ 32.470755] ? rcu_is_watching+0x8c/0x150 [ 32.474900] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.479225] ? ioctl_preallocate+0x300/0x300 [ 32.483651] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.489227] ? __fget_light+0x2f7/0x440 [ 32.493198] ? fget_raw+0x20/0x20 [ 32.496643] ? putname+0xf2/0x130 [ 32.500106] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.505121] ? kmem_cache_free+0x246/0x280 [ 32.509355] ? putname+0xf7/0x130 [ 32.512818] do_group_exit+0x177/0x440 [ 32.516712] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.521057] ? __ia32_sys_exit+0x50/0x50 [ 32.525136] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.530236] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.535778] ? ksys_ioctl+0x81/0xd0 [ 32.539431] __x64_sys_exit_group+0x3e/0x50 [ 32.543768] do_syscall_64+0x1b9/0x820 [ 32.547657] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.553063] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.557986] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.562845] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 32.567862] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.572896] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.577752] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.582934] RIP: 0033:0x43ef08 [ 32.586124] Code: Bad RIP value. [ 32.589499] RSP: 002b:00007ffe028cad98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.597221] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 32.604486] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.611763] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.619027] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 32.626290] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 32.633592] [ 32.633598] ====================================================== [ 32.633603] WARNING: possible circular locking dependency detected [ 32.633606] 4.19.0-rc2+ #220 Not tainted [ 32.633611] ------------------------------------------------------ [ 32.633616] syz-executor776/4663 is trying to acquire lock: [ 32.633619] 0000000052043069 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 32.633645] [ 32.633662] but task is already holding lock: [ 32.633665] 000000009f6ec426 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 32.633691] [ 32.633707] which lock already depends on the new lock. [ 32.633709] [ 32.633711] [ 32.633716] the existing dependency chain (in reverse order) is: [ 32.633718] [ 32.633720] -> #3 (report_lock){....}: [ 32.633750] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.633766] kasan_report+0x8e/0x110 [ 32.633771] __asan_report_load8_noabort+0x14/0x20 [ 32.633774] __schedule+0xf54/0x1df0 [ 32.633778] preempt_schedule_common+0x22/0x60 [ 32.633782] _cond_resched+0x1d/0x30 [ 32.633786] wait_for_completion+0xa5/0x8d0 [ 32.633790] __synchronize_srcu+0x189/0x240 [ 32.633794] synchronize_srcu+0x335/0x56f [ 32.633798] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.633802] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.633806] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.633810] kvm_put_kvm+0x73f/0x1060 [ 32.633813] kvm_vm_release+0x42/0x50 [ 32.633817] __fput+0x38a/0xa40 [ 32.633820] ____fput+0x15/0x20 [ 32.633824] task_work_run+0x1e8/0x2a0 [ 32.633827] do_exit+0x1ae4/0x26e0 [ 32.633831] do_group_exit+0x177/0x440 [ 32.633835] __x64_sys_exit_group+0x3e/0x50 [ 32.633838] do_syscall_64+0x1b9/0x820 [ 32.633843] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.633845] [ 32.633847] -> #2 (&rq->lock){-.-.}: [ 32.633860] _raw_spin_lock+0x2a/0x40 [ 32.633864] task_fork_fair+0x93/0x680 [ 32.633867] sched_fork+0x44b/0xbd0 [ 32.633871] copy_process+0x235e/0x7ad0 [ 32.633874] _do_fork+0x1ca/0x1170 [ 32.633878] kernel_thread+0x34/0x40 [ 32.633881] rest_init+0x22/0xe4 [ 32.633885] start_kernel+0x913/0x94e [ 32.633889] x86_64_start_reservations+0x29/0x2b [ 32.633893] x86_64_start_kernel+0x76/0x79 [ 32.633897] secondary_startup_64+0xa4/0xb0 [ 32.633899] [ 32.633901] -> #1 (&p->pi_lock){-.-.}: [ 32.633928] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.633932] try_to_wake_up+0xd2/0x1250 [ 32.633935] wake_up_process+0x10/0x20 [ 32.633939] __up.isra.1+0x1c0/0x2a0 [ 32.633942] up+0x13c/0x1c0 [ 32.633945] __up_console_sem+0xbe/0x1b0 [ 32.633949] console_unlock+0x506/0x10d0 [ 32.633952] vprintk_emit+0x33a/0x910 [ 32.633956] vprintk_default+0x28/0x30 [ 32.633959] vprintk_func+0x7a/0x117 [ 32.633962] printk+0xa7/0xcf [ 32.633965] load_umh+0x51/0xbd [ 32.633969] do_one_initcall+0x127/0x838 [ 32.633973] kernel_init_freeable+0x4bb/0x5ae [ 32.633988] kernel_init+0x11/0x1b3 [ 32.633992] ret_from_fork+0x3a/0x50 [ 32.633994] [ 32.633996] -> #0 ((console_sem).lock){-...}: [ 32.634009] lock_acquire+0x1e4/0x4f0 [ 32.634014] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.634018] down_trylock+0x13/0x70 [ 32.634022] __down_trylock_console_sem+0xae/0x200 [ 32.634026] console_trylock+0x15/0xa0 [ 32.634029] vprintk_emit+0x31f/0x910 [ 32.634033] vprintk_default+0x28/0x30 [ 32.634048] vprintk_func+0x7a/0x117 [ 32.634052] printk+0xa7/0xcf [ 32.634056] kasan_report+0x9e/0x110 [ 32.634060] __asan_report_load8_noabort+0x14/0x20 [ 32.634064] __schedule+0xf54/0x1df0 [ 32.634068] preempt_schedule_common+0x22/0x60 [ 32.634072] _cond_resched+0x1d/0x30 [ 32.634076] wait_for_completion+0xa5/0x8d0 [ 32.634080] __synchronize_srcu+0x189/0x240 [ 32.634084] synchronize_srcu+0x335/0x56f [ 32.634089] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.634093] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.634097] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.634100] kvm_put_kvm+0x73f/0x1060 [ 32.634104] kvm_vm_release+0x42/0x50 [ 32.634108] __fput+0x38a/0xa40 [ 32.634111] ____fput+0x15/0x20 [ 32.634115] task_work_run+0x1e8/0x2a0 [ 32.634118] do_exit+0x1ae4/0x26e0 [ 32.634122] do_group_exit+0x177/0x440 [ 32.634126] __x64_sys_exit_group+0x3e/0x50 [ 32.634130] do_syscall_64+0x1b9/0x820 [ 32.634135] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.634137] [ 32.634141] other info that might help us debug this: [ 32.634143] [ 32.634146] Chain exists of: [ 32.634148] (console_sem).lock --> &rq->lock --> report_lock [ 32.634166] [ 32.634170] Possible unsafe locking scenario: [ 32.634172] [ 32.634176] CPU0 CPU1 [ 32.634180] ---- ---- [ 32.634182] lock(report_lock); [ 32.634191] lock(&rq->lock); [ 32.634200] lock(report_lock); [ 32.634208] lock((console_sem).lock); [ 32.634216] [ 32.634219] *** DEADLOCK *** [ 32.634221] [ 32.634225] 2 locks held by syz-executor776/4663: [ 32.634227] #0: 00000000a44cb0c4 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 32.634244] #1: 000000009f6ec426 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 32.634260] [ 32.634263] stack backtrace: [ 32.634269] CPU: 1 PID: 4663 Comm: syz-executor776 Not tainted 4.19.0-rc2+ #220 [ 32.634276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.634279] Call Trace: [ 32.634282] dump_stack+0x1c9/0x2b4 [ 32.634287] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.634291] ? vprintk_func+0x100/0x117 [ 32.634295] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 32.634299] ? save_trace+0xe0/0x290 [ 32.634303] __lock_acquire+0x3449/0x5020 [ 32.634307] ? mark_held_locks+0x160/0x160 [ 32.634311] ? mark_held_locks+0x160/0x160 [ 32.634315] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 32.634319] ? is_bpf_text_address+0xd7/0x170 [ 32.634323] ? kernel_text_address+0x79/0xf0 [ 32.634327] ? __kernel_text_address+0xd/0x40 [ 32.634331] ? __save_stack_trace+0x8d/0xf0 [ 32.634336] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 32.634339] ? save_trace+0x290/0x290 [ 32.634343] ? save_stack_trace+0x1a/0x20 [ 32.634347] ? save_trace+0xe0/0x290 [ 32.634351] ? graph_lock+0x170/0x170 [ 32.634355] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.634359] lock_acquire+0x1e4/0x4f0 [ 32.634363] ? down_trylock+0x13/0x70 [ 32.634367] ? lock_release+0x9f0/0x9f0 [ 32.634371] ? trace_hardirqs_off+0xb8/0x2b0 [ 32.634375] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.634379] ? trace_hardirqs_off+0xb8/0x2b0 [ 32.634383] ? log_store+0x34f/0x4c0 [ 32.634386] ? vprintk_emit+0x31f/0x910 [ 32.634390] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.634394] ? down_trylock+0x13/0x70 [ 32.634398] down_trylock+0x13/0x70 [ 32.634402] __down_trylock_console_sem+0xae/0x200 [ 32.634406] console_trylock+0x15/0xa0 [ 32.634410] vprintk_emit+0x31f/0x910 [ 32.634414] ? wake_up_klogd+0x110/0x110 [ 32.634418] ? run_rebalance_domains+0x4c0/0x4c0 [ 32.634422] ? kasan_check_read+0x11/0x20 [ 32.634426] ? rcu_is_watching+0x8c/0x150 [ 32.634429] ? rcu_pm_notify+0xc0/0xc0 [ 32.634433] ? lock_acquire+0x1e4/0x4f0 [ 32.634437] ? kasan_report+0x8e/0x110 [ 32.634441] ? __schedule+0xf54/0x1df0 [ 32.634444] vprintk_default+0x28/0x30 [ 32.634448] vprintk_func+0x7a/0x117 [ 32.634451] printk+0xa7/0xcf [ 32.634469] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.634473] ? kasan_check_write+0x14/0x20 [ 32.634477] ? do_raw_spin_lock+0xc1/0x200 [ 32.634480] ? do_raw_spin_lock+0xc1/0x200 [ 32.634484] kasan_report+0x9e/0x110 [ 32.634488] __asan_report_load8_noabort+0x14/0x20 [ 32.634491] __schedule+0xf54/0x1df0 [ 32.634495] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.634499] ? __sched_text_start+0x8/0x8 [ 32.634503] ? __call_srcu+0x7e7/0x1040 [ 32.634524] ? check_same_owner+0x340/0x340 [ 32.634528] ? mark_held_locks+0x160/0x160 [ 32.634531] ? find_held_lock+0x36/0x1c0 [ 32.634535] preempt_schedule_common+0x22/0x60 [ 32.634538] _cond_resched+0x1d/0x30 [ 32.634542] wait_for_completion+0xa5/0x8d0 [ 32.634546] ? wait_for_completion_interruptible+0x950/0x950 [ 32.634550] ? __lockdep_init_map+0x105/0x590 [ 32.634554] ? __init_waitqueue_head+0x9e/0x150 [ 32.634557] ? init_wait_entry+0x1c0/0x1c0 [ 32.634561] __synchronize_srcu+0x189/0x240 [ 32.634564] ? call_srcu+0x10/0x10 [ 32.634568] ? rcu_unexpedite_gp+0x20/0x20 [ 32.634572] synchronize_srcu+0x335/0x56f [ 32.634575] ? lock_downgrade+0x8f0/0x8f0 [ 32.634579] ? synchronize_srcu_expedited+0x20/0x20 [ 32.634583] ? kasan_check_read+0x11/0x20 [ 32.634586] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.634590] ? kasan_check_write+0x14/0x20 [ 32.634593] ? do_raw_spin_lock+0xc1/0x200 [ 32.634598] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.634602] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.634605] ? kvfree+0x61/0x70 [ 32.634609] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.634624] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.634628] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.634632] ? kvm_arch_sync_events+0x30/0x30 [ 32.634636] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.634652] ? mmu_notifier_unregister+0x474/0x600 [ 32.634656] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.634659] ? kfree+0x111/0x210 [ 32.634663] ? __mmu_notifier_register+0x30/0x30 [ 32.634667] ? __free_pages+0x10a/0x190 [ 32.634671] ? free_unref_page+0x930/0x930 [ 32.634674] kvm_put_kvm+0x73f/0x1060 [ 32.634678] ? kvm_write_guest_cached+0x40/0x40 [ 32.634682] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.634686] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.634690] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.634694] ? kasan_check_write+0x14/0x20 [ 32.634698] ? do_raw_spin_lock+0xc1/0x200 [ 32.634702] ? kvm_irqfd_release+0xdd/0x120 [ 32.634718] ? kvm_irqfd_release+0xdd/0x120 [ 32.634722] ? kvm_put_kvm+0x1060/0x1060 [ 32.634725] kvm_vm_release+0x42/0x50 [ 32.634729] __fput+0x38a/0xa40 [ 32.634733] ? __alloc_file+0x400/0x400 [ 32.634737] ? check_same_owner+0x340/0x340 [ 32.634740] ? kasan_check_write+0x14/0x20 [ 32.634752] ? do_raw_spin_lock+0xc1/0x200 [ 32.634755] ____fput+0x15/0x20 [ 32.634759] task_work_run+0x1e8/0x2a0 [ 32.634763] ? task_work_cancel+0x240/0x240 [ 32.634768] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.634772] ? switch_task_namespaces+0xa2/0xd0 [ 32.634776] do_exit+0x1ae4/0x26e0 [ 32.634780] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.634784] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.634788] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.634792] ? kfree+0x1d7/0x210 [ 32.634796] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.634800] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.634804] ? is_bpf_text_address+0xd7/0x170 [ 32.634807] ? [ 32.634814] Lost 54 message(s)! [ 33.741436] Shutting down cpus with NMI [ 34.802818] Dumping ftrace buffer: [ 34.806349] (ftrace buffer empty) [ 34.810036] Kernel Offset: disabled [ 34.813643] Rebooting in 86400 seconds..