[....] Starting OpenBSD Secure Shell server: sshd[ 21.844994] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 22.115314] random: sshd: uninitialized urandom read (32 bytes read) [ 22.310814] random: sshd: uninitialized urandom read (32 bytes read) [ 23.017282] urandom_read: 1 callbacks suppressed [ 23.017288] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts. syzkaller login: [ 28.850459] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 28.945269] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 28.970015] ================================================================== [ 28.979895] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 28.986137] Read of size 8 at addr ffff8801c9a98058 by task syz-executor139/4409 [ 28.993659] [ 28.995289] CPU: 1 PID: 4409 Comm: syz-executor139 Not tainted 4.18.0+ #210 [ 29.002378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.011723] Call Trace: [ 29.014312] dump_stack+0x1c9/0x2b4 [ 29.017939] ? dump_stack_print_info.cold.2+0x52/0x52 [ 29.023132] ? printk+0xa7/0xcf [ 29.026413] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 29.031173] ? __schedule+0xf54/0x1df0 [ 29.035063] print_address_description+0x6c/0x20b [ 29.039918] ? __schedule+0xf54/0x1df0 [ 29.043807] kasan_report.cold.7+0x242/0x30d [ 29.048216] __asan_report_load8_noabort+0x14/0x20 [ 29.053142] __schedule+0xf54/0x1df0 [ 29.056869] ? __sched_text_start+0x8/0x8 [ 29.061018] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 29.066133] ? __call_srcu+0x7e7/0x1040 [ 29.070141] ? check_same_owner+0x340/0x340 [ 29.074463] ? mark_held_locks+0x160/0x160 [ 29.078698] ? find_held_lock+0x36/0x1c0 [ 29.082765] preempt_schedule_common+0x22/0x60 [ 29.087345] _cond_resched+0x1d/0x30 [ 29.091064] wait_for_completion+0xa5/0x8d0 [ 29.095394] ? wait_for_completion_interruptible+0x950/0x950 [ 29.101195] ? __lockdep_init_map+0x105/0x590 [ 29.105695] ? __init_waitqueue_head+0x9e/0x150 [ 29.110363] ? init_wait_entry+0x1c0/0x1c0 [ 29.114608] __synchronize_srcu+0x189/0x240 [ 29.118928] ? call_srcu+0x10/0x10 [ 29.122467] ? rcu_unexpedite_gp+0x20/0x20 [ 29.126707] synchronize_srcu+0x335/0x56f [ 29.130854] ? lock_downgrade+0x8f0/0x8f0 [ 29.135000] ? synchronize_srcu_expedited+0x20/0x20 [ 29.140019] ? kasan_check_read+0x11/0x20 [ 29.144166] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 29.148748] ? kasan_check_write+0x14/0x20 [ 29.152982] ? do_raw_spin_lock+0xc1/0x200 [ 29.157222] kvm_page_track_unregister_notifier+0x17d/0x250 [ 29.162932] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 29.168383] ? kvfree+0x61/0x70 [ 29.171663] ? rcu_read_lock_sched_held+0x108/0x120 [ 29.176679] kvm_mmu_uninit_vm+0x1c/0x20 [ 29.180736] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 29.185143] ? kvm_arch_sync_events+0x30/0x30 [ 29.189640] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 29.195177] ? mmu_notifier_unregister+0x474/0x600 [ 29.200112] ? trace_hardirqs_on+0x2c0/0x2c0 [ 29.204523] ? kfree+0x111/0x210 [ 29.207893] ? __mmu_notifier_register+0x30/0x30 [ 29.212666] ? __free_pages+0x10a/0x190 [ 29.216640] ? free_unref_page+0x930/0x930 [ 29.220883] kvm_put_kvm+0x73f/0x1060 [ 29.224692] ? kvm_write_guest_cached+0x40/0x40 [ 29.229368] ? _raw_spin_unlock_irq+0x27/0x70 [ 29.233867] ? _raw_spin_unlock_irq+0x27/0x70 [ 29.238360] ? lockdep_hardirqs_on+0x421/0x5c0 [ 29.242945] ? kasan_check_write+0x14/0x20 [ 29.247195] ? do_raw_spin_lock+0xc1/0x200 [ 29.251436] ? kvm_irqfd_release+0xdd/0x120 [ 29.255753] ? kvm_irqfd_release+0xdd/0x120 [ 29.260069] ? kvm_put_kvm+0x1060/0x1060 [ 29.264131] kvm_vm_release+0x42/0x50 [ 29.267934] __fput+0x36e/0x8c0 [ 29.271210] ? __alloc_file+0x400/0x400 [ 29.275188] ? check_same_owner+0x340/0x340 [ 29.279513] ? kasan_check_write+0x14/0x20 [ 29.283748] ? do_raw_spin_lock+0xc1/0x200 [ 29.287980] ____fput+0x15/0x20 [ 29.291255] task_work_run+0x1e8/0x2a0 [ 29.295140] ? task_work_cancel+0x240/0x240 [ 29.299468] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 29.305004] ? switch_task_namespaces+0xa2/0xd0 [ 29.309673] do_exit+0x1ae4/0x26e0 [ 29.313214] ? mm_update_next_owner+0x9a0/0x9a0 [ 29.317889] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 29.322137] ? rcu_read_lock_sched_held+0x108/0x120 [ 29.327153] ? kfree+0x1d7/0x210 [ 29.330522] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 29.334758] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 29.340469] ? kasan_check_write+0x14/0x20 [ 29.344705] ? finish_task_switch+0x2ca/0x870 [ 29.349200] ? preempt_notifier_register+0x200/0x200 [ 29.354309] ? __switch_to_asm+0x34/0x70 [ 29.358370] ? __switch_to_asm+0x34/0x70 [ 29.362430] ? __switch_to_asm+0x40/0x70 [ 29.366491] ? __switch_to_asm+0x34/0x70 [ 29.370551] ? __switch_to_asm+0x40/0x70 [ 29.374614] ? __switch_to_asm+0x34/0x70 [ 29.378676] ? __switch_to_asm+0x34/0x70 [ 29.382738] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.387492] ? lockdep_hardirqs_on+0x421/0x5c0 [ 29.392534] ? retint_kernel+0x10/0x10 [ 29.396419] ? trace_hardirqs_on_caller+0xc0/0x2b0 [ 29.401350] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 29.406812] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.411578] ? kvm_set_memory_region+0x50/0x50 [ 29.416170] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 29.421882] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.427419] ? do_vfs_ioctl+0x201/0x1720 [ 29.431490] ? ioctl_preallocate+0x300/0x300 [ 29.435902] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.441441] ? __fget_light+0x2f7/0x440 [ 29.445416] ? __schedule+0x1df0/0x1df0 [ 29.449387] ? fget_raw+0x20/0x20 [ 29.452838] ? trace_hardirqs_off+0xb8/0x2b0 [ 29.457248] ? kmem_cache_free+0x246/0x280 [ 29.461485] ? do_syscall_64+0x6be/0x820 [ 29.465545] ? trace_hardirqs_on+0x2c0/0x2c0 [ 29.469950] ? putname+0xf7/0x130 [ 29.473407] do_group_exit+0x177/0x440 [ 29.477294] ? trace_hardirqs_on+0xbd/0x2c0 [ 29.481621] ? __ia32_sys_exit+0x50/0x50 [ 29.485682] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 29.490786] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.496325] ? ksys_ioctl+0x81/0xd0 [ 29.499955] __x64_sys_exit_group+0x3e/0x50 [ 29.504278] do_syscall_64+0x1b9/0x820 [ 29.508172] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 29.513535] ? syscall_return_slowpath+0x5e0/0x5e0 [ 29.518462] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.523307] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 29.528324] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 29.533337] ? prepare_exit_to_usermode+0x291/0x3b0 [ 29.538356] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.543207] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.548393] RIP: 0033:0x43ef08 [ 29.551589] Code: Bad RIP value. [ 29.554978] RSP: 002b:00007ffd3cd7a638 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 29.562686] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 29.569952] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 29.577215] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 29.584476] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 29.591740] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 29.599009] [ 29.600627] Allocated by task 4409: [ 29.604254] save_stack+0x43/0xd0 [ 29.607701] kasan_kmalloc+0xc4/0xe0 [ 29.611413] kasan_slab_alloc+0x12/0x20 [ 29.615380] kmem_cache_alloc+0x12e/0x710 [ 29.619526] vmx_create_vcpu+0xcf/0x2830 [ 29.623673] kvm_arch_vcpu_create+0xe5/0x220 [ 29.628078] kvm_vm_ioctl+0x488/0x1d80 [ 29.631970] do_vfs_ioctl+0x1de/0x1720 [ 29.635854] ksys_ioctl+0xa9/0xd0 [ 29.639302] __x64_sys_ioctl+0x73/0xb0 [ 29.643186] do_syscall_64+0x1b9/0x820 [ 29.647072] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.652259] [ 29.653877] Freed by task 4409: [ 29.657154] save_stack+0x43/0xd0 [ 29.660606] __kasan_slab_free+0x11a/0x170 [ 29.664838] kasan_slab_free+0xe/0x10 [ 29.668634] kmem_cache_free+0x86/0x280 [ 29.672609] vmx_free_vcpu+0x26b/0x300 [ 29.676492] kvm_arch_destroy_vm+0x365/0x7c0 [ 29.680898] kvm_put_kvm+0x73f/0x1060 [ 29.684693] kvm_vm_release+0x42/0x50 [ 29.688488] __fput+0x36e/0x8c0 [ 29.691759] ____fput+0x15/0x20 [ 29.695034] task_work_run+0x1e8/0x2a0 [ 29.698918] do_exit+0x1ae4/0x26e0 [ 29.702450] do_group_exit+0x177/0x440 [ 29.706333] __x64_sys_exit_group+0x3e/0x50 [ 29.710651] do_syscall_64+0x1b9/0x820 [ 29.714539] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.719712] [ 29.721336] The buggy address belongs to the object at ffff8801c9a98040 [ 29.721336] which belongs to the cache kvm_vcpu of size 23872 [ 29.733911] The buggy address is located 24 bytes inside of [ 29.733911] 23872-byte region [ffff8801c9a98040, ffff8801c9a9dd80) [ 29.745862] The buggy address belongs to the page: [ 29.750790] page:ffffea000726a600 count:1 mapcount:0 mapping:ffff8801d9ffa300 index:0x0 compound_mapcount: 0 [ 29.760752] flags: 0x2fffc0000008100(slab|head) [ 29.765425] raw: 02fffc0000008100 ffff8801d5678448 ffff8801d5678448 ffff8801d9ffa300 [ 29.773306] raw: 0000000000000000 ffff8801c9a98040 0000000100000001 0000000000000000 [ 29.781173] page dumped because: kasan: bad access detected [ 29.786870] [ 29.788489] Memory state around the buggy address: [ 29.793413] ffff8801c9a97f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.800766] ffff8801c9a97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.808121] >ffff8801c9a98000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 29.815472] ^ [ 29.821716] ffff8801c9a98080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.829069] ffff8801c9a98100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.836423] ================================================================== [ 29.843773] Kernel panic - not syncing: panic_on_warn set ... [ 29.843773] [ 29.851140] CPU: 1 PID: 4409 Comm: syz-executor139 Tainted: G B 4.18.0+ #210 [ 29.859625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.868970] Call Trace: [ 29.871564] dump_stack+0x1c9/0x2b4 [ 29.875191] ? dump_stack_print_info.cold.2+0x52/0x52 [ 29.880386] ? lock_downgrade+0x8f0/0x8f0 [ 29.884533] ? __schedule+0xf54/0x1df0 [ 29.888422] panic+0x238/0x4e7 [ 29.891613] ? add_taint.cold.5+0x16/0x16 [ 29.895762] ? print_shadow_for_address+0xba/0x116 [ 29.900775] ? trace_hardirqs_off+0xaf/0x2b0 [ 29.905177] ? trace_hardirqs_off+0x77/0x2b0 [ 29.909587] ? __schedule+0xf54/0x1df0 [ 29.913476] kasan_end_report+0x47/0x4f [ 29.917449] kasan_report.cold.7+0x76/0x30d [ 29.921771] __asan_report_load8_noabort+0x14/0x20 [ 29.926700] __schedule+0xf54/0x1df0 [ 29.930428] ? __sched_text_start+0x8/0x8 [ 29.934577] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 29.939686] ? __call_srcu+0x7e7/0x1040 [ 29.943670] ? check_same_owner+0x340/0x340 [ 29.948076] ? mark_held_locks+0x160/0x160 [ 29.952313] ? find_held_lock+0x36/0x1c0 [ 29.956373] preempt_schedule_common+0x22/0x60 [ 29.960950] _cond_resched+0x1d/0x30 [ 29.964663] wait_for_completion+0xa5/0x8d0 [ 29.968984] ? wait_for_completion_interruptible+0x950/0x950 [ 29.974784] ? __lockdep_init_map+0x105/0x590 [ 29.979284] ? __init_waitqueue_head+0x9e/0x150 [ 29.983947] ? init_wait_entry+0x1c0/0x1c0 [ 29.988185] __synchronize_srcu+0x189/0x240 [ 29.992506] ? call_srcu+0x10/0x10 [ 29.996045] ? rcu_unexpedite_gp+0x20/0x20 [ 30.000284] synchronize_srcu+0x335/0x56f [ 30.004432] ? lock_downgrade+0x8f0/0x8f0 [ 30.008578] ? synchronize_srcu_expedited+0x20/0x20 [ 30.013605] ? kasan_check_read+0x11/0x20 [ 30.017752] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 30.022331] ? kasan_check_write+0x14/0x20 [ 30.026620] ? do_raw_spin_lock+0xc1/0x200 [ 30.030873] kvm_page_track_unregister_notifier+0x17d/0x250 [ 30.036610] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 30.042072] ? kvfree+0x61/0x70 [ 30.045400] ? rcu_read_lock_sched_held+0x108/0x120 [ 30.050426] kvm_mmu_uninit_vm+0x1c/0x20 [ 30.054493] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 30.058909] ? kvm_arch_sync_events+0x30/0x30 [ 30.063416] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.068967] ? mmu_notifier_unregister+0x474/0x600 [ 30.073906] ? trace_hardirqs_on+0x2c0/0x2c0 [ 30.078326] ? kfree+0x111/0x210 [ 30.081707] ? __mmu_notifier_register+0x30/0x30 [ 30.086484] ? __free_pages+0x10a/0x190 [ 30.090470] ? free_unref_page+0x930/0x930 [ 30.094723] kvm_put_kvm+0x73f/0x1060 [ 30.098534] ? kvm_write_guest_cached+0x40/0x40 [ 30.103211] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.107709] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.112207] ? lockdep_hardirqs_on+0x421/0x5c0 [ 30.116796] ? kasan_check_write+0x14/0x20 [ 30.121030] ? do_raw_spin_lock+0xc1/0x200 [ 30.125270] ? kvm_irqfd_release+0xdd/0x120 [ 30.129740] ? kvm_irqfd_release+0xdd/0x120 [ 30.134069] ? kvm_put_kvm+0x1060/0x1060 [ 30.138134] kvm_vm_release+0x42/0x50 [ 30.141937] __fput+0x36e/0x8c0 [ 30.145221] ? __alloc_file+0x400/0x400 [ 30.149225] ? check_same_owner+0x340/0x340 [ 30.153547] ? kasan_check_write+0x14/0x20 [ 30.157782] ? do_raw_spin_lock+0xc1/0x200 [ 30.162018] ____fput+0x15/0x20 [ 30.165301] task_work_run+0x1e8/0x2a0 [ 30.169192] ? task_work_cancel+0x240/0x240 [ 30.173520] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.179058] ? switch_task_namespaces+0xa2/0xd0 [ 30.183727] do_exit+0x1ae4/0x26e0 [ 30.187269] ? mm_update_next_owner+0x9a0/0x9a0 [ 30.191945] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 30.196182] ? rcu_read_lock_sched_held+0x108/0x120 [ 30.201202] ? kfree+0x1d7/0x210 [ 30.204573] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 30.208810] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 30.214521] ? kasan_check_write+0x14/0x20 [ 30.218756] ? finish_task_switch+0x2ca/0x870 [ 30.223256] ? preempt_notifier_register+0x200/0x200 [ 30.228362] ? __switch_to_asm+0x34/0x70 [ 30.232427] ? __switch_to_asm+0x34/0x70 [ 30.236485] ? __switch_to_asm+0x40/0x70 [ 30.240549] ? __switch_to_asm+0x34/0x70 [ 30.244614] ? __switch_to_asm+0x40/0x70 [ 30.248673] ? __switch_to_asm+0x34/0x70 [ 30.252740] ? __switch_to_asm+0x34/0x70 [ 30.256896] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 30.262074] ? lockdep_hardirqs_on+0x421/0x5c0 [ 30.266675] ? retint_kernel+0x10/0x10 [ 30.270566] ? trace_hardirqs_on_caller+0xc0/0x2b0 [ 30.275497] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 30.280957] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 30.285723] ? kvm_set_memory_region+0x50/0x50 [ 30.290315] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 30.296031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 30.301573] ? do_vfs_ioctl+0x201/0x1720 [ 30.305644] ? ioctl_preallocate+0x300/0x300 [ 30.310056] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 30.315611] ? __fget_light+0x2f7/0x440 [ 30.319589] ? __schedule+0x1df0/0x1df0 [ 30.323573] ? fget_raw+0x20/0x20 [ 30.327033] ? trace_hardirqs_off+0xb8/0x2b0 [ 30.331444] ? kmem_cache_free+0x246/0x280 [ 30.335684] ? do_syscall_64+0x6be/0x820 [ 30.339749] ? trace_hardirqs_on+0x2c0/0x2c0 [ 30.344161] ? putname+0xf7/0x130 [ 30.347626] do_group_exit+0x177/0x440 [ 30.351516] ? trace_hardirqs_on+0xbd/0x2c0 [ 30.355839] ? __ia32_sys_exit+0x50/0x50 [ 30.359900] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 30.365009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 30.370553] ? ksys_ioctl+0x81/0xd0 [ 30.374184] __x64_sys_exit_group+0x3e/0x50 [ 30.378506] do_syscall_64+0x1b9/0x820 [ 30.382400] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 30.387765] ? syscall_return_slowpath+0x5e0/0x5e0 [ 30.393147] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.397990] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 30.403005] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 30.408053] ? prepare_exit_to_usermode+0x291/0x3b0 [ 30.413077] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.417939] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.423125] RIP: 0033:0x43ef08 [ 30.426322] Code: Bad RIP value. [ 30.429683] RSP: 002b:00007ffd3cd7a638 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 30.437392] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 30.444667] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 30.451940] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 30.459211] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 30.466482] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 30.473763] [ 30.473769] ====================================================== [ 30.473775] WARNING: possible circular locking dependency detected [ 30.473778] 4.18.0+ #210 Not tainted [ 30.473784] ------------------------------------------------------ [ 30.473789] syz-executor139/4409 is trying to acquire lock: [ 30.473792] 000000008eafec26 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 30.473808] [ 30.473812] but task is already holding lock: [ 30.473815] 00000000ae42b0aa (report_lock){....}, at: kasan_report+0x8e/0x110 [ 30.473830] [ 30.473834] which lock already depends on the new lock. [ 30.473836] [ 30.473839] [ 30.473844] the existing dependency chain (in reverse order) is: [ 30.473846] [ 30.473849] -> #3 (report_lock){....}: [ 30.473863] _raw_spin_lock_irqsave+0x96/0xc0 [ 30.473867] kasan_report+0x8e/0x110 [ 30.473872] __asan_report_load8_noabort+0x14/0x20 [ 30.473876] __schedule+0xf54/0x1df0 [ 30.473880] preempt_schedule_common+0x22/0x60 [ 30.473884] _cond_resched+0x1d/0x30 [ 30.473888] wait_for_completion+0xa5/0x8d0 [ 30.473893] __synchronize_srcu+0x189/0x240 [ 30.473897] synchronize_srcu+0x335/0x56f [ 30.473902] kvm_page_track_unregister_notifier+0x17d/0x250 [ 30.473906] kvm_mmu_uninit_vm+0x1c/0x20 [ 30.473910] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 30.473914] kvm_put_kvm+0x73f/0x1060 [ 30.473918] kvm_vm_release+0x42/0x50 [ 30.473922] __fput+0x36e/0x8c0 [ 30.473925] ____fput+0x15/0x20 [ 30.473929] task_work_run+0x1e8/0x2a0 [ 30.473933] do_exit+0x1ae4/0x26e0 [ 30.473937] do_group_exit+0x177/0x440 [ 30.473941] __x64_sys_exit_group+0x3e/0x50 [ 30.473945] do_syscall_64+0x1b9/0x820 [ 30.473950] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.473952] [ 30.473954] -> #2 (&rq->lock){-.-.}: [ 30.473969] _raw_spin_lock+0x2a/0x40 [ 30.473973] task_fork_fair+0x93/0x680 [ 30.473976] sched_fork+0x44b/0xbd0 [ 30.473980] copy_process+0x235e/0x7ad0 [ 30.473984] _do_fork+0x1ca/0x1170 [ 30.473988] kernel_thread+0x34/0x40 [ 30.473991] rest_init+0x22/0xe4 [ 30.473995] start_kernel+0x913/0x94e [ 30.474000] x86_64_start_reservations+0x29/0x2b [ 30.474004] x86_64_start_kernel+0x76/0x79 [ 30.474008] secondary_startup_64+0xa4/0xb0 [ 30.474010] [ 30.474013] -> #1 (&p->pi_lock){-.-.}: [ 30.474027] _raw_spin_lock_irqsave+0x96/0xc0 [ 30.474031] try_to_wake_up+0xd2/0x1250 [ 30.474035] wake_up_process+0x10/0x20 [ 30.474039] __up.isra.1+0x1c0/0x2a0 [ 30.474042] up+0x13c/0x1c0 [ 30.474046] __up_console_sem+0xbe/0x1b0 [ 30.474050] console_unlock+0x506/0x10d0 [ 30.474054] vprintk_emit+0x33a/0x910 [ 30.474058] vprintk_default+0x28/0x30 [ 30.474062] vprintk_func+0x7a/0x117 [ 30.474065] printk+0xa7/0xcf [ 30.474069] load_umh+0x51/0xbd [ 30.474073] do_one_initcall+0x127/0x838 [ 30.474077] kernel_init_freeable+0x4bb/0x5ae [ 30.474081] kernel_init+0x11/0x1b3 [ 30.474085] ret_from_fork+0x3a/0x50 [ 30.474087] [ 30.474097] -> #0 ((console_sem).lock){-...}: [ 30.474113] lock_acquire+0x1e4/0x4f0 [ 30.474118] _raw_spin_lock_irqsave+0x96/0xc0 [ 30.474121] down_trylock+0x13/0x70 [ 30.474126] __down_trylock_console_sem+0xae/0x200 [ 30.474130] console_trylock+0x15/0xa0 [ 30.474134] vprintk_emit+0x31f/0x910 [ 30.474138] vprintk_default+0x28/0x30 [ 30.474141] vprintk_func+0x7a/0x117 [ 30.474145] printk+0xa7/0xcf [ 30.474149] kasan_report+0x9e/0x110 [ 30.474153] __asan_report_load8_noabort+0x14/0x20 [ 30.474157] __schedule+0xf54/0x1df0 [ 30.474162] preempt_schedule_common+0x22/0x60 [ 30.474165] _cond_resched+0x1d/0x30 [ 30.474170] wait_for_completion+0xa5/0x8d0 [ 30.474174] __synchronize_srcu+0x189/0x240 [ 30.474178] synchronize_srcu+0x335/0x56f [ 30.474183] kvm_page_track_unregister_notifier+0x17d/0x250 [ 30.474187] kvm_mmu_uninit_vm+0x1c/0x20 [ 30.474191] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 30.474195] kvm_put_kvm+0x73f/0x1060 [ 30.474199] kvm_vm_release+0x42/0x50 [ 30.474203] __fput+0x36e/0x8c0 [ 30.474206] ____fput+0x15/0x20 [ 30.474210] task_work_run+0x1e8/0x2a0 [ 30.474214] do_exit+0x1ae4/0x26e0 [ 30.474218] do_group_exit+0x177/0x440 [ 30.474222] __x64_sys_exit_group+0x3e/0x50 [ 30.474226] do_syscall_64+0x1b9/0x820 [ 30.474231] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.474234] [ 30.474238] other info that might help us debug this: [ 30.474240] [ 30.474244] Chain exists of: [ 30.474246] (console_sem).lock --> &rq->lock --> report_lock [ 30.474264] [ 30.474268] Possible unsafe locking scenario: [ 30.474271] [ 30.474275] CPU0 CPU1 [ 30.474279] ---- ---- [ 30.474281] lock(report_lock); [ 30.474291] lock(&rq->lock); [ 30.474300] lock(report_lock); [ 30.474308] lock((console_sem).lock); [ 30.474316] [ 30.474320] *** DEADLOCK *** [ 30.474322] [ 30.474326] 2 locks held by syz-executor139/4409: [ 30.474328] #0: 00000000da8da758 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 30.474346] #1: 00000000ae42b0aa (report_lock){....}, at: kasan_report+0x8e/0x110 [ 30.474363] [ 30.474366] stack backtrace: [ 30.474372] CPU: 1 PID: 4409 Comm: syz-executor139 Not tainted 4.18.0+ #210 [ 30.474379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.474382] Call Trace: [ 30.474386] dump_stack+0x1c9/0x2b4 [ 30.474391] ? dump_stack_print_info.cold.2+0x52/0x52 [ 30.474394] ? vprintk_func+0x100/0x117 [ 30.474399] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 30.474403] ? save_trace+0xe0/0x290 [ 30.474408] __lock_acquire+0x3449/0x5020 [ 30.474412] ? mark_held_locks+0x160/0x160 [ 30.474416] ? mark_held_locks+0x160/0x160 [ 30.474420] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 30.474424] ? is_bpf_text_address+0xd7/0x170 [ 30.474428] ? kernel_text_address+0x79/0xf0 [ 30.474433] ? __kernel_text_address+0xd/0x40 [ 30.474437] ? __save_stack_trace+0x8d/0xf0 [ 30.474441] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 30.474445] ? save_trace+0x290/0x290 [ 30.474449] ? save_stack_trace+0x1a/0x20 [ 30.474453] ? save_trace+0xe0/0x290 [ 30.474457] ? graph_lock+0x170/0x170 [ 30.474462] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.474466] lock_acquire+0x1e4/0x4f0 [ 30.474470] ? down_trylock+0x13/0x70 [ 30.474474] ? lock_release+0x9f0/0x9f0 [ 30.474478] ? trace_hardirqs_off+0xb8/0x2b0 [ 30.474482] ? trace_hardirqs_on+0x2c0/0x2c0 [ 30.474486] ? trace_hardirqs_off+0xb8/0x2b0 [ 30.474490] ? log_store+0x34f/0x4c0 [ 30.474494] ? vprintk_emit+0x31f/0x910 [ 30.474498] _raw_spin_lock_irqsave+0x96/0xc0 [ 30.474502] ? down_trylock+0x13/0x70 [ 30.474506] down_trylock+0x13/0x70 [ 30.474510] __down_trylock_console_sem+0xae/0x200 [ 30.474514] console_trylock+0x15/0xa0 [ 30.474518] vprintk_emit+0x31f/0x910 [ 30.474522] ? wake_up_klogd+0x110/0x110 [ 30.474526] ? run_rebalance_domains+0x4c0/0x4c0 [ 30.474530] ? kasan_check_read+0x11/0x20 [ 30.474535] ? rcu_is_watching+0x8c/0x150 [ 30.474538] ? rcu_pm_notify+0xc0/0xc0 [ 30.474542] ? lock_acquire+0x1e4/0x4f0 [ 30.474546] ? kasan_report+0x8e/0x110 [ 30.474550] ? __schedule+0xf54/0x1df0 [ 30.474554] vprintk_default+0x28/0x30 [ 30.474558] vprintk_func+0x7a/0x117 [ 30.474561] printk+0xa7/0xcf [ 30.474566] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 30.474570] ? kasan_check_write+0x14/0x20 [ 30.474574] ? do_raw_spin_lock+0xc1/0x200 [ 30.474578] ? do_raw_spin_lock+0xc1/0x200 [ 30.474582] kasan_report+0x9e/0x110 [ 30.474586] __asan_report_load8_noabort+0x14/0x20 [ 30.474590] __schedule+0xf54/0x1df0 [ 30.474594] ? __sched_text_start+0x8/0x8 [ 30.474599] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 30.474608] ? __call_srcu+0x7e7/0x1040 [ 30.474612] ? check_same_owner+0x340/0x340 [ 30.474616] ? mark_held_locks+0x160/0x160 [ 30.474620] ? find_held_lock+0x36/0x1c0 [ 30.474624] preempt_schedule_common+0x22/0x60 [ 30.474628] _cond_resched+0x1d/0x30 [ 30.474632] wait_for_completion+0xa5/0x8d0 [ 30.474637] ? wait_for_completion_interruptible+0x950/0x950 [ 30.474642] ? __lockdep_init_map+0x105/0x590 [ 30.474646] ? __init_waitqueue_head+0x9e/0x150 [ 30.474650] ? init_wait_entry+0x1c0/0x1c0 [ 30.474654] __synchronize_srcu+0x189/0x240 [ 30.474658] ? call_srcu+0x10/0x10 [ 30.474662] ? rcu_unexpedite_gp+0x20/0x20 [ 30.474666] synchronize_srcu+0x335/0x56f [ 30.474670] ? lock_downgrade+0x8f0/0x8f0 [ 30.474675] ? synchronize_srcu_expedited+0x20/0x20 [ 30.474679] ? kasan_check_read+0x11/0x20 [ 30.474683] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 30.474687] ? kasan_check_write+0x14/0x20 [ 30.474691] ? do_raw_spin_lock+0xc1/0x200 [ 30.474696] kvm_page_track_unregister_notifier+0x17d/0x250 [ 30.474701] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 30.474705] ? kvfree+0x61/0x70 [ 30.474709] ? rcu_read_lock_sched_held+0x108/0x120 [ 30.474713] kvm_mmu_uninit_vm+0x1c/0x20 [ 30.474718] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 30.474722] ? kvm_arch_sync_events+0x30/0x30 [ 30.474727] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.474731] ? mmu_notifier_unregister+0x474/0x600 [ 30.474735] ? trace_hardirqs_on+0x2c0/0x2c0 [ 30.474739] ? kfree+0x111/0x210 [ 30.474743] ? __mmu_notifier_register+0x30/0x30 [ 30.474747] ? __free_pages+0x10a/0x190 [ 30.474751] ? free_unref_page+0x930/0x930 [ 30.474755] kvm_put_kvm+0x73f/0x1060 [ 30.474760] ? kvm_write_guest_cached+0x40/0x40 [ 30.474764] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.474768] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.474772] ? lockdep_hardirqs_on+0x421/0x5c0 [ 30.474776] ? kasan_check_write+0x14/0x20 [ 30.474781] ? do_raw_spin_lock+0xc1/0x200 [ 30.474785] ? kvm_irqfd_release+0xdd/0x120 [ 30.474789] ? kvm_irqfd_release+0xdd/0x120 [ 30.474793] ? kvm_put_kvm+0x1060/0x1060 [ 30.474797] kvm_vm_release+0x42/0x50 [ 30.474800] __fput+0x36e/0x8c0 [ 30.474804] ? __alloc_file+0x400/0x400 [ 30.474808] ? check_same_owner+0x340/0x340 [ 30.474812] ? kasan_check_write+0x14/0x20 [ 30.474817] ? do_raw_spin_lock+0xc1/0x200 [ 30.474820] ____fput+0x15/0x20 [ 30.474824] task_work_run+0x1e8/0x2a0 [ 30.474828] ? task_work_cancel+0x240/0x240 [ 30.474833] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.474837] ? switch_task_namespaces+0xa2/0xd0 [ 30.474841] do_exit+0x1ae4/0x26e0 [ 30.474845] ? mm_update_next_owner+0x9a0/0x9a0 [ 30.474849] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 30.474854] ? rcu_read_lock_sched_held+0x108/0x120 [ 30.474858] ? kfree+0x1d7/0x210 [ 30.474862] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 30.474867] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 30.474871] ? kasan_check_write+0x14/0x20 [ 30.474874] ? finish_tas [ 30.474881] Lost 53 message(s)! [ 31.548027] Shutting down cpus with NMI [ 32.608071] Dumping ftrace buffer: [ 32.611610] (ftrace buffer empty) [ 32.615304] Kernel Offset: disabled [ 32.618915] Rebooting in 86400 seconds..