[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.880810] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.881026] random: sshd: uninitialized urandom read (32 bytes read) [ 27.143319] random: sshd: uninitialized urandom read (32 bytes read) [ 27.707759] random: sshd: uninitialized urandom read (32 bytes read) [ 27.885329] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts. [ 33.452093] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.549017] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.574022] ================================================================== [ 33.583951] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.590177] Read of size 8 at addr ffff8801ac310058 by task syz-executor809/4466 [ 33.597694] [ 33.599334] CPU: 0 PID: 4466 Comm: syz-executor809 Not tainted 4.18.0+ #206 [ 33.606422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.615764] Call Trace: [ 33.618364] dump_stack+0x1c9/0x2b4 [ 33.621991] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.627189] ? printk+0xa7/0xcf [ 33.630468] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.635223] ? __schedule+0xf54/0x1df0 [ 33.639107] print_address_description+0x6c/0x20b [ 33.643944] ? __schedule+0xf54/0x1df0 [ 33.647827] kasan_report.cold.7+0x242/0x30d [ 33.652236] __asan_report_load8_noabort+0x14/0x20 [ 33.657180] __schedule+0xf54/0x1df0 [ 33.660889] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.666015] ? __sched_text_start+0x8/0x8 [ 33.670185] ? __call_srcu+0x7e7/0x1040 [ 33.674162] ? check_same_owner+0x340/0x340 [ 33.678484] ? mark_held_locks+0x160/0x160 [ 33.682711] ? find_held_lock+0x36/0x1c0 [ 33.686772] preempt_schedule_common+0x22/0x60 [ 33.691352] _cond_resched+0x1d/0x30 [ 33.695065] wait_for_completion+0xa5/0x8d0 [ 33.699387] ? wait_for_completion_interruptible+0x950/0x950 [ 33.705198] ? __lockdep_init_map+0x105/0x590 [ 33.709695] ? __init_waitqueue_head+0x9e/0x150 [ 33.714363] ? init_wait_entry+0x1c0/0x1c0 [ 33.718598] __synchronize_srcu+0x189/0x240 [ 33.722933] ? call_srcu+0x10/0x10 [ 33.726471] ? rcu_unexpedite_gp+0x20/0x20 [ 33.730709] synchronize_srcu+0x335/0x56f [ 33.734855] ? lock_downgrade+0x8f0/0x8f0 [ 33.738997] ? synchronize_srcu_expedited+0x20/0x20 [ 33.744012] ? kasan_check_read+0x11/0x20 [ 33.748161] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.752746] ? kasan_check_write+0x14/0x20 [ 33.756982] ? do_raw_spin_lock+0xc1/0x200 [ 33.761225] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.766937] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.772384] ? kvfree+0x61/0x70 [ 33.775669] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.780716] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.784775] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.789185] ? kvm_arch_sync_events+0x30/0x30 [ 33.793684] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.799218] ? mmu_notifier_unregister+0x474/0x600 [ 33.804142] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.808551] ? kfree+0x111/0x210 [ 33.811930] ? __mmu_notifier_register+0x30/0x30 [ 33.816690] ? __free_pages+0x10a/0x190 [ 33.820669] ? free_unref_page+0x930/0x930 [ 33.824917] kvm_put_kvm+0x73f/0x1060 [ 33.828743] ? kvm_write_guest_cached+0x40/0x40 [ 33.833415] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.837941] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.842462] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.847047] ? kasan_check_write+0x14/0x20 [ 33.851280] ? do_raw_spin_lock+0xc1/0x200 [ 33.855511] ? kvm_irqfd_release+0xdd/0x120 [ 33.859842] ? kvm_put_kvm+0x1060/0x1060 [ 33.863905] kvm_vm_release+0x42/0x50 [ 33.867728] __fput+0x36e/0x8c0 [ 33.871017] ? __alloc_file+0x400/0x400 [ 33.875005] ? check_same_owner+0x340/0x340 [ 33.879334] ? kasan_check_write+0x14/0x20 [ 33.883566] ? do_raw_spin_lock+0xc1/0x200 [ 33.887794] ____fput+0x15/0x20 [ 33.891067] task_work_run+0x1e8/0x2a0 [ 33.894966] ? task_work_cancel+0x240/0x240 [ 33.899285] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.904833] ? switch_task_namespaces+0xa2/0xd0 [ 33.909496] do_exit+0x1ae4/0x26e0 [ 33.913050] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.917715] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.921946] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.926958] ? kfree+0x1d7/0x210 [ 33.930320] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.934551] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.940290] ? is_bpf_text_address+0xd7/0x170 [ 33.944775] ? kernel_text_address+0x79/0xf0 [ 33.949182] ? __kernel_text_address+0xd/0x40 [ 33.953701] ? unwind_get_return_address+0x61/0xa0 [ 33.958644] ? __save_stack_trace+0x8d/0xf0 [ 33.962989] ? save_stack+0xa9/0xd0 [ 33.966628] ? save_stack+0x43/0xd0 [ 33.970265] ? __kasan_slab_free+0x11a/0x170 [ 33.974669] ? kasan_slab_free+0xe/0x10 [ 33.978655] ? putname+0xf2/0x130 [ 33.982148] ? __x64_sys_openat+0x9d/0x100 [ 33.986386] ? do_syscall_64+0x1b9/0x820 [ 33.990446] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.995803] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.000204] ? kasan_check_read+0x11/0x20 [ 34.004345] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.008766] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.013180] ? initcall_blacklisted+0x9a/0x1e0 [ 34.017760] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.022858] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.028569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.034105] ? do_vfs_ioctl+0x201/0x1720 [ 34.038161] ? rcu_is_watching+0x8c/0x150 [ 34.042309] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.046629] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 34.051639] ? __fget_light+0x2f7/0x440 [ 34.055607] ? fget_raw+0x20/0x20 [ 34.059052] ? putname+0xf2/0x130 [ 34.062500] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.067540] ? kmem_cache_free+0x246/0x280 [ 34.071771] ? putname+0xf7/0x130 [ 34.075223] do_group_exit+0x177/0x440 [ 34.079131] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.083496] ? __ia32_sys_exit+0x50/0x50 [ 34.087551] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.092654] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.098194] ? ksys_ioctl+0x81/0xd0 [ 34.101834] __x64_sys_exit_group+0x3e/0x50 [ 34.106156] do_syscall_64+0x1b9/0x820 [ 34.110053] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.115416] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.120336] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.125194] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.130206] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.135219] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.140251] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.145108] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.150290] RIP: 0033:0x43ece8 [ 34.153489] Code: Bad RIP value. [ 34.156844] RSP: 002b:00007ffdbeb73a58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.164543] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ece8 [ 34.171807] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.179067] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.186329] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.193602] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.200865] [ 34.202481] Allocated by task 4466: [ 34.206106] save_stack+0x43/0xd0 [ 34.209551] kasan_kmalloc+0xc4/0xe0 [ 34.213255] kasan_slab_alloc+0x12/0x20 [ 34.217239] kmem_cache_alloc+0x12e/0x710 [ 34.221379] vmx_create_vcpu+0xcf/0x2830 [ 34.225432] kvm_arch_vcpu_create+0xe5/0x220 [ 34.229839] kvm_vm_ioctl+0x488/0x1d80 [ 34.233723] do_vfs_ioctl+0x1de/0x1720 [ 34.237616] ksys_ioctl+0xa9/0xd0 [ 34.241063] __x64_sys_ioctl+0x73/0xb0 [ 34.244946] do_syscall_64+0x1b9/0x820 [ 34.248880] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.254065] [ 34.255680] Freed by task 4466: [ 34.258965] save_stack+0x43/0xd0 [ 34.262414] __kasan_slab_free+0x11a/0x170 [ 34.266640] kasan_slab_free+0xe/0x10 [ 34.270430] kmem_cache_free+0x86/0x280 [ 34.274570] vmx_free_vcpu+0x26b/0x300 [ 34.278449] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.282853] kvm_put_kvm+0x73f/0x1060 [ 34.286655] kvm_vm_release+0x42/0x50 [ 34.290446] __fput+0x36e/0x8c0 [ 34.293719] ____fput+0x15/0x20 [ 34.296992] task_work_run+0x1e8/0x2a0 [ 34.300874] do_exit+0x1ae4/0x26e0 [ 34.304413] do_group_exit+0x177/0x440 [ 34.308292] __x64_sys_exit_group+0x3e/0x50 [ 34.312606] do_syscall_64+0x1b9/0x820 [ 34.316488] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.321676] [ 34.323296] The buggy address belongs to the object at ffff8801ac310040 [ 34.323296] which belongs to the cache kvm_vcpu of size 23872 [ 34.335862] The buggy address is located 24 bytes inside of [ 34.335862] 23872-byte region [ffff8801ac310040, ffff8801ac315d80) [ 34.347809] The buggy address belongs to the page: [ 34.352731] page:ffffea0006b0c400 count:1 mapcount:0 mapping:ffff8801d9ff00c0 index:0x0 compound_mapcount: 0 [ 34.362701] flags: 0x2fffc0000008100(slab|head) [ 34.367368] raw: 02fffc0000008100 ffff8801d4c45748 ffff8801d4c45748 ffff8801d9ff00c0 [ 34.375249] raw: 0000000000000000 ffff8801ac310040 0000000100000001 0000000000000000 [ 34.383133] page dumped because: kasan: bad access detected [ 34.388846] [ 34.390497] Memory state around the buggy address: [ 34.395427] ffff8801ac30ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.402782] ffff8801ac30ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.410282] >ffff8801ac310000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.417630] ^ [ 34.423873] ffff8801ac310080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.431233] ffff8801ac310100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.438580] ================================================================== [ 34.445934] Kernel panic - not syncing: panic_on_warn set ... [ 34.445934] [ 34.453304] CPU: 0 PID: 4466 Comm: syz-executor809 Tainted: G B 4.18.0+ #206 [ 34.461789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.471141] Call Trace: [ 34.473739] dump_stack+0x1c9/0x2b4 [ 34.477370] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.482558] ? lock_downgrade+0x8f0/0x8f0 [ 34.486721] ? __schedule+0xf54/0x1df0 [ 34.490618] panic+0x238/0x4e7 [ 34.493822] ? add_taint.cold.5+0x16/0x16 [ 34.497971] ? print_shadow_for_address+0xba/0x116 [ 34.502899] ? trace_hardirqs_off+0xaf/0x2b0 [ 34.507315] ? trace_hardirqs_off+0x77/0x2b0 [ 34.511724] ? __schedule+0xf54/0x1df0 [ 34.515605] kasan_end_report+0x47/0x4f [ 34.519573] kasan_report.cold.7+0x76/0x30d [ 34.523891] __asan_report_load8_noabort+0x14/0x20 [ 34.528827] __schedule+0xf54/0x1df0 [ 34.532534] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.537638] ? __sched_text_start+0x8/0x8 [ 34.541785] ? __call_srcu+0x7e7/0x1040 [ 34.545792] ? check_same_owner+0x340/0x340 [ 34.550106] ? mark_held_locks+0x160/0x160 [ 34.554341] ? find_held_lock+0x36/0x1c0 [ 34.558404] preempt_schedule_common+0x22/0x60 [ 34.562982] _cond_resched+0x1d/0x30 [ 34.566691] wait_for_completion+0xa5/0x8d0 [ 34.571044] ? wait_for_completion_interruptible+0x950/0x950 [ 34.576840] ? __lockdep_init_map+0x105/0x590 [ 34.581331] ? __init_waitqueue_head+0x9e/0x150 [ 34.585999] ? init_wait_entry+0x1c0/0x1c0 [ 34.590234] __synchronize_srcu+0x189/0x240 [ 34.594550] ? call_srcu+0x10/0x10 [ 34.598084] ? rcu_unexpedite_gp+0x20/0x20 [ 34.602317] synchronize_srcu+0x335/0x56f [ 34.606458] ? lock_downgrade+0x8f0/0x8f0 [ 34.610626] ? synchronize_srcu_expedited+0x20/0x20 [ 34.615634] ? kasan_check_read+0x11/0x20 [ 34.619777] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.624356] ? kasan_check_write+0x14/0x20 [ 34.628590] ? do_raw_spin_lock+0xc1/0x200 [ 34.632822] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.638533] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.643976] ? kvfree+0x61/0x70 [ 34.647255] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.652270] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.656330] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.660770] ? kvm_arch_sync_events+0x30/0x30 [ 34.665265] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.670832] ? mmu_notifier_unregister+0x474/0x600 [ 34.675753] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.680158] ? kfree+0x111/0x210 [ 34.683530] ? __mmu_notifier_register+0x30/0x30 [ 34.688284] ? __free_pages+0x10a/0x190 [ 34.692256] ? free_unref_page+0x930/0x930 [ 34.696522] kvm_put_kvm+0x73f/0x1060 [ 34.700326] ? kvm_write_guest_cached+0x40/0x40 [ 34.704996] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.709485] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.713979] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.718561] ? kasan_check_write+0x14/0x20 [ 34.722791] ? do_raw_spin_lock+0xc1/0x200 [ 34.727026] ? kvm_irqfd_release+0xdd/0x120 [ 34.731351] ? kvm_put_kvm+0x1060/0x1060 [ 34.735412] kvm_vm_release+0x42/0x50 [ 34.739208] __fput+0x36e/0x8c0 [ 34.742500] ? __alloc_file+0x400/0x400 [ 34.746472] ? check_same_owner+0x340/0x340 [ 34.750793] ? kasan_check_write+0x14/0x20 [ 34.755027] ? do_raw_spin_lock+0xc1/0x200 [ 34.759257] ____fput+0x15/0x20 [ 34.762537] task_work_run+0x1e8/0x2a0 [ 34.766417] ? task_work_cancel+0x240/0x240 [ 34.770739] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.777491] ? switch_task_namespaces+0xa2/0xd0 [ 34.782161] do_exit+0x1ae4/0x26e0 [ 34.785710] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.790382] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.794615] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.799624] ? kfree+0x1d7/0x210 [ 34.802990] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.807229] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.812942] ? is_bpf_text_address+0xd7/0x170 [ 34.817441] ? kernel_text_address+0x79/0xf0 [ 34.821853] ? __kernel_text_address+0xd/0x40 [ 34.826355] ? unwind_get_return_address+0x61/0xa0 [ 34.831292] ? __save_stack_trace+0x8d/0xf0 [ 34.835618] ? save_stack+0xa9/0xd0 [ 34.839237] ? save_stack+0x43/0xd0 [ 34.842858] ? __kasan_slab_free+0x11a/0x170 [ 34.847260] ? kasan_slab_free+0xe/0x10 [ 34.851227] ? putname+0xf2/0x130 [ 34.854675] ? __x64_sys_openat+0x9d/0x100 [ 34.858914] ? do_syscall_64+0x1b9/0x820 [ 34.862975] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.868351] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.872758] ? kasan_check_read+0x11/0x20 [ 34.876927] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.881366] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.885771] ? initcall_blacklisted+0x9a/0x1e0 [ 34.890358] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.895460] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.901164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.906718] ? do_vfs_ioctl+0x201/0x1720 [ 34.910777] ? rcu_is_watching+0x8c/0x150 [ 34.914933] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.919255] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 34.924271] ? __fget_light+0x2f7/0x440 [ 34.928240] ? fget_raw+0x20/0x20 [ 34.931693] ? putname+0xf2/0x130 [ 34.935145] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.940182] ? kmem_cache_free+0x246/0x280 [ 34.944410] ? putname+0xf7/0x130 [ 34.947865] do_group_exit+0x177/0x440 [ 34.951746] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.956062] ? __ia32_sys_exit+0x50/0x50 [ 34.960117] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.965219] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.970753] ? ksys_ioctl+0x81/0xd0 [ 34.974381] __x64_sys_exit_group+0x3e/0x50 [ 34.978701] do_syscall_64+0x1b9/0x820 [ 34.982590] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.987947] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.992870] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.997702] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.002715] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.007727] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.012739] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.017582] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.022764] RIP: 0033:0x43ece8 [ 35.025953] Code: Bad RIP value. [ 35.029307] RSP: 002b:00007ffdbeb73a58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.037027] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ece8 [ 35.044291] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.051560] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.058836] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.066101] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.073369] [ 35.073375] ====================================================== [ 35.073380] WARNING: possible circular locking dependency detected [ 35.073383] 4.18.0+ #206 Not tainted [ 35.073389] ------------------------------------------------------ [ 35.073393] syz-executor809/4466 is trying to acquire lock: [ 35.073397] 00000000340c016b ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 35.073411] [ 35.073415] but task is already holding lock: [ 35.073418] 000000009378dcb3 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.073432] [ 35.073437] which lock already depends on the new lock. [ 35.073439] [ 35.073441] [ 35.073446] the existing dependency chain (in reverse order) is: [ 35.073448] [ 35.073451] -> #3 (report_lock){....}: [ 35.073465] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.073469] kasan_report+0x8e/0x110 [ 35.073473] __asan_report_load8_noabort+0x14/0x20 [ 35.073477] __schedule+0xf54/0x1df0 [ 35.073481] preempt_schedule_common+0x22/0x60 [ 35.073485] _cond_resched+0x1d/0x30 [ 35.073489] wait_for_completion+0xa5/0x8d0 [ 35.073493] __synchronize_srcu+0x189/0x240 [ 35.073497] synchronize_srcu+0x335/0x56f [ 35.073502] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.073506] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.073510] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.073514] kvm_put_kvm+0x73f/0x1060 [ 35.073517] kvm_vm_release+0x42/0x50 [ 35.073521] __fput+0x36e/0x8c0 [ 35.073524] ____fput+0x15/0x20 [ 35.073528] task_work_run+0x1e8/0x2a0 [ 35.073532] do_exit+0x1ae4/0x26e0 [ 35.073535] do_group_exit+0x177/0x440 [ 35.073540] __x64_sys_exit_group+0x3e/0x50 [ 35.073543] do_syscall_64+0x1b9/0x820 [ 35.073548] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.073550] [ 35.073552] -> #2 (&rq->lock){-.-.}: [ 35.073566] _raw_spin_lock+0x2a/0x40 [ 35.073570] task_fork_fair+0x93/0x680 [ 35.073574] sched_fork+0x44b/0xbd0 [ 35.073577] copy_process+0x235e/0x7ad0 [ 35.073581] _do_fork+0x1ca/0x1170 [ 35.073585] kernel_thread+0x34/0x40 [ 35.073588] rest_init+0x22/0xe4 [ 35.073592] start_kernel+0x913/0x94e [ 35.073596] x86_64_start_reservations+0x29/0x2b [ 35.073600] x86_64_start_kernel+0x76/0x79 [ 35.073604] secondary_startup_64+0xa4/0xb0 [ 35.073607] [ 35.073609] -> #1 (&p->pi_lock){-.-.}: [ 35.073623] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.073627] try_to_wake_up+0xd2/0x1250 [ 35.073631] wake_up_process+0x10/0x20 [ 35.073634] __up.isra.1+0x1c0/0x2a0 [ 35.073638] up+0x13c/0x1c0 [ 35.073641] __up_console_sem+0xbe/0x1b0 [ 35.073645] console_unlock+0x506/0x10d0 [ 35.073649] vprintk_emit+0x33a/0x910 [ 35.073653] vprintk_default+0x28/0x30 [ 35.073657] vprintk_func+0x7a/0x117 [ 35.073660] printk+0xa7/0xcf [ 35.073663] load_umh+0x51/0xbd [ 35.073667] do_one_initcall+0x127/0x838 [ 35.073671] kernel_init_freeable+0x4bb/0x5ae [ 35.073675] kernel_init+0x11/0x1b3 [ 35.073679] ret_from_fork+0x3a/0x50 [ 35.073681] [ 35.073684] -> #0 ((console_sem).lock){-...}: [ 35.073698] lock_acquire+0x1e4/0x4f0 [ 35.073702] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.073706] down_trylock+0x13/0x70 [ 35.073710] __down_trylock_console_sem+0xae/0x200 [ 35.073714] console_trylock+0x15/0xa0 [ 35.073718] vprintk_emit+0x31f/0x910 [ 35.073721] vprintk_default+0x28/0x30 [ 35.073725] vprintk_func+0x7a/0x117 [ 35.073729] printk+0xa7/0xcf [ 35.073732] kasan_report+0x9e/0x110 [ 35.073737] __asan_report_load8_noabort+0x14/0x20 [ 35.073740] __schedule+0xf54/0x1df0 [ 35.073745] preempt_schedule_common+0x22/0x60 [ 35.073748] _cond_resched+0x1d/0x30 [ 35.073753] wait_for_completion+0xa5/0x8d0 [ 35.073757] __synchronize_srcu+0x189/0x240 [ 35.073761] synchronize_srcu+0x335/0x56f [ 35.073766] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.073769] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.073774] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.073777] kvm_put_kvm+0x73f/0x1060 [ 35.073781] kvm_vm_release+0x42/0x50 [ 35.073785] __fput+0x36e/0x8c0 [ 35.073788] ____fput+0x15/0x20 [ 35.073792] task_work_run+0x1e8/0x2a0 [ 35.073795] do_exit+0x1ae4/0x26e0 [ 35.073799] do_group_exit+0x177/0x440 [ 35.073803] __x64_sys_exit_group+0x3e/0x50 [ 35.073807] do_syscall_64+0x1b9/0x820 [ 35.073812] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.073814] [ 35.073818] other info that might help us debug this: [ 35.073821] [ 35.073824] Chain exists of: [ 35.073826] (console_sem).lock --> &rq->lock --> report_lock [ 35.073844] [ 35.073848] Possible unsafe locking scenario: [ 35.073850] [ 35.073854] CPU0 CPU1 [ 35.073858] ---- ---- [ 35.073860] lock(report_lock); [ 35.073869] lock(&rq->lock); [ 35.073878] lock(report_lock); [ 35.073886] lock((console_sem).lock); [ 35.073894] [ 35.073897] *** DEADLOCK *** [ 35.073899] [ 35.073911] 2 locks held by syz-executor809/4466: [ 35.073914] #0: 00000000b12b52bb (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 35.073930] #1: 000000009378dcb3 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.073947] [ 35.073950] stack backtrace: [ 35.073956] CPU: 0 PID: 4466 Comm: syz-executor809 Not tainted 4.18.0+ #206 [ 35.073963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.073966] Call Trace: [ 35.073969] dump_stack+0x1c9/0x2b4 [ 35.073974] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.073978] ? vprintk_func+0x100/0x117 [ 35.073983] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 35.073986] ? save_trace+0xe0/0x290 [ 35.073990] __lock_acquire+0x3449/0x5020 [ 35.073994] ? mark_held_locks+0x160/0x160 [ 35.073998] ? mark_held_locks+0x160/0x160 [ 35.074003] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.074007] ? is_bpf_text_address+0xd7/0x170 [ 35.074011] ? kernel_text_address+0x79/0xf0 [ 35.074015] ? __kernel_text_address+0xd/0x40 [ 35.074019] ? __save_stack_trace+0x8d/0xf0 [ 35.074024] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 35.074027] ? save_trace+0x290/0x290 [ 35.074031] ? save_stack_trace+0x1a/0x20 [ 35.074035] ? save_trace+0xe0/0x290 [ 35.074039] ? graph_lock+0x170/0x170 [ 35.074043] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.074047] lock_acquire+0x1e4/0x4f0 [ 35.074051] ? down_trylock+0x13/0x70 [ 35.074055] ? lock_release+0x9f0/0x9f0 [ 35.074059] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.074063] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.074067] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.074071] ? log_store+0x34f/0x4c0 [ 35.074075] ? vprintk_emit+0x31f/0x910 [ 35.074079] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.074083] ? down_trylock+0x13/0x70 [ 35.074086] down_trylock+0x13/0x70 [ 35.074091] __down_trylock_console_sem+0xae/0x200 [ 35.074095] console_trylock+0x15/0xa0 [ 35.074098] vprintk_emit+0x31f/0x910 [ 35.074102] ? wake_up_klogd+0x110/0x110 [ 35.074106] ? run_rebalance_domains+0x4c0/0x4c0 [ 35.074125] ? kasan_check_read+0x11/0x20 [ 35.074129] ? rcu_is_watching+0x8c/0x150 [ 35.074132] ? rcu_pm_notify+0xc0/0xc0 [ 35.074136] ? lock_acquire+0x1e4/0x4f0 [ 35.074140] ? kasan_report+0x8e/0x110 [ 35.074143] ? __schedule+0xf54/0x1df0 [ 35.074147] vprintk_default+0x28/0x30 [ 35.074151] vprintk_func+0x7a/0x117 [ 35.074154] printk+0xa7/0xcf [ 35.074158] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.074162] ? kasan_check_write+0x14/0x20 [ 35.074166] ? do_raw_spin_lock+0xc1/0x200 [ 35.074170] ? do_raw_spin_lock+0xc1/0x200 [ 35.074173] kasan_report+0x9e/0x110 [ 35.074197] __asan_report_load8_noabort+0x14/0x20 [ 35.074201] __schedule+0xf54/0x1df0 [ 35.074205] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.074209] ? __sched_text_start+0x8/0x8 [ 35.074212] ? __call_srcu+0x7e7/0x1040 [ 35.074216] ? check_same_owner+0x340/0x340 [ 35.074220] ? mark_held_locks+0x160/0x160 [ 35.074223] ? find_held_lock+0x36/0x1c0 [ 35.074227] preempt_schedule_common+0x22/0x60 [ 35.074231] _cond_resched+0x1d/0x30 [ 35.074235] wait_for_completion+0xa5/0x8d0 [ 35.074239] ? wait_for_completion_interruptible+0x950/0x950 [ 35.074243] ? __lockdep_init_map+0x105/0x590 [ 35.074262] ? __init_waitqueue_head+0x9e/0x150 [ 35.074266] ? init_wait_entry+0x1c0/0x1c0 [ 35.074270] __synchronize_srcu+0x189/0x240 [ 35.074274] ? call_srcu+0x10/0x10 [ 35.074277] ? rcu_unexpedite_gp+0x20/0x20 [ 35.074281] synchronize_srcu+0x335/0x56f [ 35.074300] ? lock_downgrade+0x8f0/0x8f0 [ 35.074305] ? synchronize_srcu_expedited+0x20/0x20 [ 35.074309] ? kasan_check_read+0x11/0x20 [ 35.074313] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.074317] ? kasan_check_write+0x14/0x20 [ 35.074321] ? do_raw_spin_lock+0xc1/0x200 [ 35.074326] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.074330] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.074334] ? kvfree+0x61/0x70 [ 35.074338] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.074342] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.074346] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.074350] ? kvm_arch_sync_events+0x30/0x30 [ 35.074355] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.074359] ? mmu_notifier_unregister+0x474/0x600 [ 35.074364] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.074367] ? kfree+0x111/0x210 [ 35.074372] ? __mmu_notifier_register+0x30/0x30 [ 35.074375] ? __free_pages+0x10a/0x190 [ 35.074379] ? free_unref_page+0x930/0x930 [ 35.074383] kvm_put_kvm+0x73f/0x1060 [ 35.074387] ? kvm_write_guest_cached+0x40/0x40 [ 35.074391] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.074396] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.074400] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.074404] ? kasan_check_write+0x14/0x20 [ 35.074408] ? do_raw_spin_lock+0xc1/0x200 [ 35.074412] ? kvm_irqfd_release+0xdd/0x120 [ 35.074416] ? kvm_put_kvm+0x1060/0x1060 [ 35.074419] kvm_vm_release+0x42/0x50 [ 35.074423] __fput+0x36e/0x8c0 [ 35.074427] ? __alloc_file+0x400/0x400 [ 35.074431] ? check_same_owner+0x340/0x340 [ 35.074435] ? kasan_check_write+0x14/0x20 [ 35.074439] ? do_raw_spin_lock+0xc1/0x200 [ 35.074442] ____fput+0x15/0x20 [ 35.074446] task_work_run+0x1e8/0x2a0 [ 35.074450] ? task_work_cancel+0x240/0x240 [ 35.074455] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.074459] ? switch_task_namespaces+0xa2/0xd0 [ 35.074462] do_exit+0x1ae4/0x26e0 [ 35.074467] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.074471] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.074475] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.074479] ? kfree+0x1d7/0x210 [ 35.074483] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.074487] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.074491] ? is_bpf_text_address+0xd7/0x170 [ 35.074496] ? kernel_text_address+0x79/0xf0 [ 35.074498] ? __kern [ 35.074505] Lost 53 message(s)! [ 36.184762] Shutting down cpus with NMI [ 37.243588] Dumping ftrace buffer: [ 37.247112] (ftrace buffer empty) [ 37.250800] Kernel Offset: disabled [ 37.254409] Rebooting in 86400 seconds..