[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.959475] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.636787] random: sshd: uninitialized urandom read (32 bytes read) [ 25.962816] random: sshd: uninitialized urandom read (32 bytes read) [ 26.556566] random: sshd: uninitialized urandom read (32 bytes read) [ 26.732986] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts. [ 32.373662] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 32.468707] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 32.490703] ================================================================== [ 32.499397] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 32.505608] Read of size 8 at addr ffff8801aeb20058 by task syz-executor215/4460 [ 32.513248] [ 32.514858] CPU: 1 PID: 4460 Comm: syz-executor215 Not tainted 4.18.0+ #204 [ 32.521933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.531292] Call Trace: [ 32.533885] dump_stack+0x1c9/0x2b4 [ 32.537701] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.542887] ? printk+0xa7/0xcf [ 32.546166] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.550920] ? __schedule+0xf54/0x1df0 [ 32.554806] print_address_description+0x6c/0x20b [ 32.559657] ? __schedule+0xf54/0x1df0 [ 32.563631] kasan_report.cold.7+0x242/0x30d [ 32.568039] __asan_report_load8_noabort+0x14/0x20 [ 32.572978] __schedule+0xf54/0x1df0 [ 32.576690] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.581791] ? __sched_text_start+0x8/0x8 [ 32.585938] ? __call_srcu+0x7e7/0x1040 [ 32.589925] ? check_same_owner+0x340/0x340 [ 32.594239] ? mark_held_locks+0x160/0x160 [ 32.598471] ? find_held_lock+0x36/0x1c0 [ 32.602531] preempt_schedule_common+0x22/0x60 [ 32.607110] _cond_resched+0x1d/0x30 [ 32.610832] wait_for_completion+0xa5/0x8d0 [ 32.615163] ? wait_for_completion_interruptible+0x950/0x950 [ 32.620957] ? __lockdep_init_map+0x105/0x590 [ 32.625468] ? __init_waitqueue_head+0x9e/0x150 [ 32.630132] ? init_wait_entry+0x1c0/0x1c0 [ 32.634365] __synchronize_srcu+0x189/0x240 [ 32.638694] ? call_srcu+0x10/0x10 [ 32.642232] ? rcu_unexpedite_gp+0x20/0x20 [ 32.646762] synchronize_srcu+0x335/0x56f [ 32.650889] ? lock_downgrade+0x8f0/0x8f0 [ 32.655030] ? synchronize_srcu_expedited+0x20/0x20 [ 32.660090] ? kasan_check_read+0x11/0x20 [ 32.664229] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.668884] ? kasan_check_write+0x14/0x20 [ 32.673103] ? do_raw_spin_lock+0xc1/0x200 [ 32.677324] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.683023] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.688454] ? kvfree+0x61/0x70 [ 32.691717] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.696715] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.700760] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.705152] ? kvm_arch_sync_events+0x30/0x30 [ 32.709631] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.715153] ? mmu_notifier_unregister+0x474/0x600 [ 32.720066] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.724458] ? kfree+0x111/0x210 [ 32.727813] ? __mmu_notifier_register+0x30/0x30 [ 32.732560] ? __free_pages+0x10a/0x190 [ 32.736517] ? free_unref_page+0x930/0x930 [ 32.740747] kvm_put_kvm+0x73f/0x1060 [ 32.744542] ? kvm_write_guest_cached+0x40/0x40 [ 32.749196] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.753673] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.758150] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.762717] ? kasan_check_write+0x14/0x20 [ 32.766943] ? do_raw_spin_lock+0xc1/0x200 [ 32.771160] ? kvm_irqfd_release+0xdd/0x120 [ 32.775465] ? kvm_put_kvm+0x1060/0x1060 [ 32.779519] kvm_vm_release+0x42/0x50 [ 32.783300] __fput+0x36e/0x8c0 [ 32.786563] ? __alloc_file+0x400/0x400 [ 32.790633] ? check_same_owner+0x340/0x340 [ 32.794940] ? kasan_check_write+0x14/0x20 [ 32.799163] ? do_raw_spin_lock+0xc1/0x200 [ 32.803381] ____fput+0x15/0x20 [ 32.806644] task_work_run+0x1e8/0x2a0 [ 32.810517] ? task_work_cancel+0x240/0x240 [ 32.814822] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.820342] ? switch_task_namespaces+0xa2/0xd0 [ 32.824999] do_exit+0x1ae4/0x26e0 [ 32.828526] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.833184] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.837411] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.842411] ? kfree+0x1d7/0x210 [ 32.845762] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.849993] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.855691] ? is_bpf_text_address+0xd7/0x170 [ 32.860171] ? kernel_text_address+0x79/0xf0 [ 32.864566] ? __kernel_text_address+0xd/0x40 [ 32.869049] ? unwind_get_return_address+0x61/0xa0 [ 32.873961] ? __save_stack_trace+0x8d/0xf0 [ 32.878274] ? save_stack+0xa9/0xd0 [ 32.881881] ? save_stack+0x43/0xd0 [ 32.885488] ? __kasan_slab_free+0x11a/0x170 [ 32.889876] ? kasan_slab_free+0xe/0x10 [ 32.893831] ? putname+0xf2/0x130 [ 32.897270] ? __x64_sys_openat+0x9d/0x100 [ 32.901487] ? do_syscall_64+0x1b9/0x820 [ 32.905530] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.910878] ? trace_hardirqs_off+0xb8/0x2b0 [ 32.915269] ? kasan_check_read+0x11/0x20 [ 32.919398] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.923788] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.928184] ? initcall_blacklisted+0x9a/0x1e0 [ 32.932756] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.937849] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.943546] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.949130] ? do_vfs_ioctl+0x201/0x1720 [ 32.953187] ? rcu_is_watching+0x8c/0x150 [ 32.957316] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.961620] ? ioctl_preallocate+0x300/0x300 [ 32.966010] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.971528] ? __fget_light+0x2f7/0x440 [ 32.975483] ? fget_raw+0x20/0x20 [ 32.978914] ? putname+0xf2/0x130 [ 32.982347] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.987344] ? kmem_cache_free+0x246/0x280 [ 32.991559] ? putname+0xf7/0x130 [ 32.994994] do_group_exit+0x177/0x440 [ 32.998866] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.003171] ? __ia32_sys_exit+0x50/0x50 [ 33.007210] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.012296] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.017813] ? ksys_ioctl+0x81/0xd0 [ 33.021421] __x64_sys_exit_group+0x3e/0x50 [ 33.025725] do_syscall_64+0x1b9/0x820 [ 33.029595] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.034940] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.039851] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.044676] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.049686] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.054812] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.059650] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.064824] RIP: 0033:0x43ef08 [ 33.068001] Code: Bad RIP value. [ 33.071346] RSP: 002b:00007ffc2ff03a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.079039] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 33.086290] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.093541] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.100793] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.108042] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.115299] [ 33.116909] Allocated by task 4460: [ 33.120530] save_stack+0x43/0xd0 [ 33.123962] kasan_kmalloc+0xc4/0xe0 [ 33.127672] kasan_slab_alloc+0x12/0x20 [ 33.131623] kmem_cache_alloc+0x12e/0x710 [ 33.135753] vmx_create_vcpu+0xcf/0x2830 [ 33.139858] kvm_arch_vcpu_create+0xe5/0x220 [ 33.144256] kvm_vm_ioctl+0x488/0x1d80 [ 33.148135] do_vfs_ioctl+0x1de/0x1720 [ 33.152007] ksys_ioctl+0xa9/0xd0 [ 33.155440] __x64_sys_ioctl+0x73/0xb0 [ 33.159308] do_syscall_64+0x1b9/0x820 [ 33.163184] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.168349] [ 33.169952] Freed by task 4460: [ 33.173219] save_stack+0x43/0xd0 [ 33.176654] __kasan_slab_free+0x11a/0x170 [ 33.180867] kasan_slab_free+0xe/0x10 [ 33.184649] kmem_cache_free+0x86/0x280 [ 33.188606] vmx_free_vcpu+0x26b/0x300 [ 33.192578] kvm_arch_destroy_vm+0x365/0x7c0 [ 33.196977] kvm_put_kvm+0x73f/0x1060 [ 33.200760] kvm_vm_release+0x42/0x50 [ 33.204538] __fput+0x36e/0x8c0 [ 33.207795] ____fput+0x15/0x20 [ 33.211055] task_work_run+0x1e8/0x2a0 [ 33.214923] do_exit+0x1ae4/0x26e0 [ 33.218444] do_group_exit+0x177/0x440 [ 33.222310] __x64_sys_exit_group+0x3e/0x50 [ 33.226611] do_syscall_64+0x1b9/0x820 [ 33.230480] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.235711] [ 33.237328] The buggy address belongs to the object at ffff8801aeb20040 [ 33.237328] which belongs to the cache kvm_vcpu of size 23872 [ 33.249878] The buggy address is located 24 bytes inside of [ 33.249878] 23872-byte region [ffff8801aeb20040, ffff8801aeb25d80) [ 33.261924] The buggy address belongs to the page: [ 33.266842] page:ffffea0006bac800 count:1 mapcount:0 mapping:ffff8801d8592040 index:0x0 compound_mapcount: 0 [ 33.276795] flags: 0x2fffc0000008100(slab|head) [ 33.281448] raw: 02fffc0000008100 ffff8801d5746a48 ffff8801d5746a48 ffff8801d8592040 [ 33.289326] raw: 0000000000000000 ffff8801aeb20040 0000000100000001 0000000000000000 [ 33.297184] page dumped because: kasan: bad access detected [ 33.302867] [ 33.304469] Memory state around the buggy address: [ 33.309375] ffff8801aeb1ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.316716] ffff8801aeb1ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.324072] >ffff8801aeb20000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 33.331461] ^ [ 33.337684] ffff8801aeb20080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.345023] ffff8801aeb20100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.352451] ================================================================== [ 33.359791] Kernel panic - not syncing: panic_on_warn set ... [ 33.359791] [ 33.367136] CPU: 1 PID: 4460 Comm: syz-executor215 Tainted: G B 4.18.0+ #204 [ 33.375600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.384930] Call Trace: [ 33.387515] dump_stack+0x1c9/0x2b4 [ 33.391133] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.396319] ? lock_downgrade+0x8f0/0x8f0 [ 33.400451] ? __schedule+0xf54/0x1df0 [ 33.404320] panic+0x238/0x4e7 [ 33.407493] ? add_taint.cold.5+0x16/0x16 [ 33.411627] ? print_shadow_for_address+0xba/0x116 [ 33.416534] ? trace_hardirqs_off+0xaf/0x2b0 [ 33.420921] ? trace_hardirqs_off+0x77/0x2b0 [ 33.425416] ? __schedule+0xf54/0x1df0 [ 33.429288] kasan_end_report+0x47/0x4f [ 33.433243] kasan_report.cold.7+0x76/0x30d [ 33.437545] __asan_report_load8_noabort+0x14/0x20 [ 33.442453] __schedule+0xf54/0x1df0 [ 33.446152] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.451245] ? __sched_text_start+0x8/0x8 [ 33.455378] ? __call_srcu+0x7e7/0x1040 [ 33.459336] ? check_same_owner+0x340/0x340 [ 33.463636] ? mark_held_locks+0x160/0x160 [ 33.467852] ? find_held_lock+0x36/0x1c0 [ 33.471895] preempt_schedule_common+0x22/0x60 [ 33.476562] _cond_resched+0x1d/0x30 [ 33.480264] wait_for_completion+0xa5/0x8d0 [ 33.484569] ? wait_for_completion_interruptible+0x950/0x950 [ 33.490474] ? __lockdep_init_map+0x105/0x590 [ 33.494960] ? __init_waitqueue_head+0x9e/0x150 [ 33.499619] ? init_wait_entry+0x1c0/0x1c0 [ 33.503841] __synchronize_srcu+0x189/0x240 [ 33.508153] ? call_srcu+0x10/0x10 [ 33.511680] ? rcu_unexpedite_gp+0x20/0x20 [ 33.515905] synchronize_srcu+0x335/0x56f [ 33.520037] ? lock_downgrade+0x8f0/0x8f0 [ 33.524353] ? synchronize_srcu_expedited+0x20/0x20 [ 33.529357] ? kasan_check_read+0x11/0x20 [ 33.533487] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.538058] ? kasan_check_write+0x14/0x20 [ 33.542278] ? do_raw_spin_lock+0xc1/0x200 [ 33.546495] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.552188] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.557618] ? kvfree+0x61/0x70 [ 33.560882] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.565881] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.569925] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.574317] ? kvm_arch_sync_events+0x30/0x30 [ 33.578803] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.584375] ? mmu_notifier_unregister+0x474/0x600 [ 33.589345] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.593746] ? kfree+0x111/0x210 [ 33.597101] ? __mmu_notifier_register+0x30/0x30 [ 33.601838] ? __free_pages+0x10a/0x190 [ 33.605795] ? free_unref_page+0x930/0x930 [ 33.610018] kvm_put_kvm+0x73f/0x1060 [ 33.613808] ? kvm_write_guest_cached+0x40/0x40 [ 33.618463] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.622951] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.627431] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.632012] ? kasan_check_write+0x14/0x20 [ 33.636239] ? do_raw_spin_lock+0xc1/0x200 [ 33.640462] ? kvm_irqfd_release+0xdd/0x120 [ 33.644774] ? kvm_put_kvm+0x1060/0x1060 [ 33.648818] kvm_vm_release+0x42/0x50 [ 33.652600] __fput+0x36e/0x8c0 [ 33.655861] ? __alloc_file+0x400/0x400 [ 33.659816] ? check_same_owner+0x340/0x340 [ 33.664142] ? kasan_check_write+0x14/0x20 [ 33.668365] ? do_raw_spin_lock+0xc1/0x200 [ 33.672582] ____fput+0x15/0x20 [ 33.675947] task_work_run+0x1e8/0x2a0 [ 33.679834] ? task_work_cancel+0x240/0x240 [ 33.684138] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.689658] ? switch_task_namespaces+0xa2/0xd0 [ 33.694310] do_exit+0x1ae4/0x26e0 [ 33.697837] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.702487] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.706702] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.711697] ? kfree+0x1d7/0x210 [ 33.715044] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.719261] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.724956] ? is_bpf_text_address+0xd7/0x170 [ 33.729436] ? kernel_text_address+0x79/0xf0 [ 33.733827] ? __kernel_text_address+0xd/0x40 [ 33.738303] ? unwind_get_return_address+0x61/0xa0 [ 33.743215] ? __save_stack_trace+0x8d/0xf0 [ 33.747521] ? save_stack+0xa9/0xd0 [ 33.751126] ? save_stack+0x43/0xd0 [ 33.754732] ? __kasan_slab_free+0x11a/0x170 [ 33.759119] ? kasan_slab_free+0xe/0x10 [ 33.763075] ? putname+0xf2/0x130 [ 33.766509] ? __x64_sys_openat+0x9d/0x100 [ 33.770727] ? do_syscall_64+0x1b9/0x820 [ 33.774770] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.780118] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.784504] ? kasan_check_read+0x11/0x20 [ 33.788634] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.793088] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.797489] ? initcall_blacklisted+0x9a/0x1e0 [ 33.802055] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.807192] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.813098] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.818625] ? do_vfs_ioctl+0x201/0x1720 [ 33.822667] ? rcu_is_watching+0x8c/0x150 [ 33.826794] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.831097] ? ioctl_preallocate+0x300/0x300 [ 33.835493] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.841070] ? __fget_light+0x2f7/0x440 [ 33.845037] ? fget_raw+0x20/0x20 [ 33.848469] ? putname+0xf2/0x130 [ 33.851906] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.857281] ? kmem_cache_free+0x246/0x280 [ 33.861497] ? putname+0xf7/0x130 [ 33.864933] do_group_exit+0x177/0x440 [ 33.868872] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.873182] ? __ia32_sys_exit+0x50/0x50 [ 33.877229] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.882316] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.887834] ? ksys_ioctl+0x81/0xd0 [ 33.891442] __x64_sys_exit_group+0x3e/0x50 [ 33.895848] do_syscall_64+0x1b9/0x820 [ 33.899719] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.905070] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.909986] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.914809] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.919817] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.924813] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.929636] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.934815] RIP: 0033:0x43ef08 [ 33.937999] Code: Bad RIP value. [ 33.941341] RSP: 002b:00007ffc2ff03a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.949027] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 33.956275] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.963589] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.970844] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.978092] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.985346] [ 33.985349] ====================================================== [ 33.985352] WARNING: possible circular locking dependency detected [ 33.985354] 4.18.0+ #204 Not tainted [ 33.985358] ------------------------------------------------------ [ 33.985360] syz-executor215/4460 is trying to acquire lock: [ 33.985362] 0000000071f66e52 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 33.985371] [ 33.985373] but task is already holding lock: [ 33.985375] 00000000733e944c (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.985383] [ 33.985385] which lock already depends on the new lock. [ 33.985387] [ 33.985388] [ 33.985391] the existing dependency chain (in reverse order) is: [ 33.985392] [ 33.985394] -> #3 (report_lock){....}: [ 33.985402] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.985404] kasan_report+0x8e/0x110 [ 33.985406] __asan_report_load8_noabort+0x14/0x20 [ 33.985409] __schedule+0xf54/0x1df0 [ 33.985411] preempt_schedule_common+0x22/0x60 [ 33.985413] _cond_resched+0x1d/0x30 [ 33.985416] wait_for_completion+0xa5/0x8d0 [ 33.985418] __synchronize_srcu+0x189/0x240 [ 33.985421] synchronize_srcu+0x335/0x56f [ 33.985424] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.985426] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.985428] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.985430] kvm_put_kvm+0x73f/0x1060 [ 33.985433] kvm_vm_release+0x42/0x50 [ 33.985435] __fput+0x36e/0x8c0 [ 33.985437] ____fput+0x15/0x20 [ 33.985439] task_work_run+0x1e8/0x2a0 [ 33.985441] do_exit+0x1ae4/0x26e0 [ 33.985443] do_group_exit+0x177/0x440 [ 33.985445] __x64_sys_exit_group+0x3e/0x50 [ 33.985448] do_syscall_64+0x1b9/0x820 [ 33.985450] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.985452] [ 33.985453] -> #2 (&rq->lock){-.-.}: [ 33.985461] _raw_spin_lock+0x2a/0x40 [ 33.985463] task_fork_fair+0x93/0x680 [ 33.985465] sched_fork+0x44b/0xbd0 [ 33.985467] copy_process+0x235e/0x7ad0 [ 33.985469] _do_fork+0x1ca/0x1170 [ 33.985471] kernel_thread+0x34/0x40 [ 33.985473] rest_init+0x22/0xe4 [ 33.985476] start_kernel+0x913/0x94e [ 33.985478] x86_64_start_reservations+0x29/0x2b [ 33.985480] x86_64_start_kernel+0x76/0x79 [ 33.985483] secondary_startup_64+0xa4/0xb0 [ 33.985484] [ 33.985485] -> #1 (&p->pi_lock){-.-.}: [ 33.985493] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.985495] try_to_wake_up+0xd2/0x1250 [ 33.985498] wake_up_process+0x10/0x20 [ 33.985500] __up.isra.1+0x1c0/0x2a0 [ 33.985502] up+0x13c/0x1c0 [ 33.985504] __up_console_sem+0xbe/0x1b0 [ 33.985506] console_unlock+0x506/0x10d0 [ 33.985508] vprintk_emit+0x33a/0x910 [ 33.985511] vprintk_default+0x28/0x30 [ 33.985513] vprintk_func+0x7a/0x117 [ 33.985515] printk+0xa7/0xcf [ 33.985517] load_umh+0x51/0xbd [ 33.985519] do_one_initcall+0x127/0x838 [ 33.985521] kernel_init_freeable+0x4bb/0x5ae [ 33.985524] kernel_init+0x11/0x1b3 [ 33.985526] ret_from_fork+0x3a/0x50 [ 33.985527] [ 33.985528] -> #0 ((console_sem).lock){-...}: [ 33.985536] lock_acquire+0x1e4/0x4f0 [ 33.985539] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.985543] down_trylock+0x13/0x70 [ 33.985545] __down_trylock_console_sem+0xae/0x200 [ 33.985548] console_trylock+0x15/0xa0 [ 33.985550] vprintk_emit+0x31f/0x910 [ 33.985552] vprintk_default+0x28/0x30 [ 33.985554] vprintk_func+0x7a/0x117 [ 33.985556] printk+0xa7/0xcf [ 33.985558] kasan_report+0x9e/0x110 [ 33.985561] __asan_report_load8_noabort+0x14/0x20 [ 33.985563] __schedule+0xf54/0x1df0 [ 33.985565] preempt_schedule_common+0x22/0x60 [ 33.985568] _cond_resched+0x1d/0x30 [ 33.985570] wait_for_completion+0xa5/0x8d0 [ 33.985572] __synchronize_srcu+0x189/0x240 [ 33.985575] synchronize_srcu+0x335/0x56f [ 33.985578] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.985580] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.985582] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.985585] kvm_put_kvm+0x73f/0x1060 [ 33.985587] kvm_vm_release+0x42/0x50 [ 33.985589] __fput+0x36e/0x8c0 [ 33.985591] ____fput+0x15/0x20 [ 33.985593] task_work_run+0x1e8/0x2a0 [ 33.985595] do_exit+0x1ae4/0x26e0 [ 33.985597] do_group_exit+0x177/0x440 [ 33.985600] __x64_sys_exit_group+0x3e/0x50 [ 33.985602] do_syscall_64+0x1b9/0x820 [ 33.985605] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.985606] [ 33.985609] other info that might help us debug this: [ 33.985610] [ 33.985612] Chain exists of: [ 33.985613] (console_sem).lock --> &rq->lock --> report_lock [ 33.985623] [ 33.985625] Possible unsafe locking scenario: [ 33.985626] [ 33.985629] CPU0 CPU1 [ 33.985631] ---- ---- [ 33.985632] lock(report_lock); [ 33.985638] lock(&rq->lock); [ 33.985643] lock(report_lock); [ 33.985647] lock((console_sem).lock); [ 33.985652] [ 33.985653] *** DEADLOCK *** [ 33.985655] [ 33.985657] 2 locks held by syz-executor215/4460: [ 33.985658] #0: 000000008f4736c2 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 33.985667] #1: 00000000733e944c (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.985677] [ 33.985678] stack backtrace: [ 33.985682] CPU: 1 PID: 4460 Comm: syz-executor215 Not tainted 4.18.0+ #204 [ 33.985686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.985688] Call Trace: [ 33.985690] dump_stack+0x1c9/0x2b4 [ 33.985693] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.985695] ? vprintk_func+0x100/0x117 [ 33.985698] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 33.985700] ? save_trace+0xe0/0x290 [ 33.985702] __lock_acquire+0x3449/0x5020 [ 33.985704] ? mark_held_locks+0x160/0x160 [ 33.985706] ? mark_held_locks+0x160/0x160 [ 33.985709] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 33.985711] ? is_bpf_text_address+0xd7/0x170 [ 33.985714] ? kernel_text_address+0x79/0xf0 [ 33.985716] ? __kernel_text_address+0xd/0x40 [ 33.985718] ? __save_stack_trace+0x8d/0xf0 [ 33.985721] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 33.985723] ? save_trace+0x290/0x290 [ 33.985725] ? save_stack_trace+0x1a/0x20 [ 33.985727] ? save_trace+0xe0/0x290 [ 33.985730] ? graph_lock+0x170/0x170 [ 33.985732] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.985734] lock_acquire+0x1e4/0x4f0 [ 33.985737] ? down_trylock+0x13/0x70 [ 33.985739] ? lock_release+0x9f0/0x9f0 [ 33.985741] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.985744] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.985746] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.985748] ? log_store+0x34f/0x4c0 [ 33.985750] ? vprintk_emit+0x31f/0x910 [ 33.985752] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.985755] ? down_trylock+0x13/0x70 [ 33.985757] down_trylock+0x13/0x70 [ 33.985759] __down_trylock_console_sem+0xae/0x200 [ 33.985761] console_trylock+0x15/0xa0 [ 33.985763] vprintk_emit+0x31f/0x910 [ 33.985766] ? wake_up_klogd+0x110/0x110 [ 33.985768] ? run_rebalance_domains+0x4c0/0x4c0 [ 33.985770] ? kasan_check_read+0x11/0x20 [ 33.985773] ? rcu_is_watching+0x8c/0x150 [ 33.985775] ? rcu_pm_notify+0xc0/0xc0 [ 33.985777] ? lock_acquire+0x1e4/0x4f0 [ 33.985779] ? kasan_report+0x8e/0x110 [ 33.985781] ? __schedule+0xf54/0x1df0 [ 33.985783] vprintk_default+0x28/0x30 [ 33.985786] vprintk_func+0x7a/0x117 [ 33.985787] printk+0xa7/0xcf [ 33.985790] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.985792] ? kasan_check_write+0x14/0x20 [ 33.985794] ? do_raw_spin_lock+0xc1/0x200 [ 33.985797] ? do_raw_spin_lock+0xc1/0x200 [ 33.985799] kasan_report+0x9e/0x110 [ 33.985802] __asan_report_load8_noabort+0x14/0x20 [ 33.985804] __schedule+0xf54/0x1df0 [ 33.985806] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.985809] ? __sched_text_start+0x8/0x8 [ 33.985811] ? __call_srcu+0x7e7/0x1040 [ 33.985813] ? check_same_owner+0x340/0x340 [ 33.985815] ? mark_held_locks+0x160/0x160 [ 33.985818] ? find_held_lock+0x36/0x1c0 [ 33.985820] preempt_schedule_common+0x22/0x60 [ 33.985822] _cond_resched+0x1d/0x30 [ 33.985825] wait_for_completion+0xa5/0x8d0 [ 33.985827] ? wait_for_completion_interruptible+0x950/0x950 [ 33.985830] ? __lockdep_init_map+0x105/0x590 [ 33.985832] ? __init_waitqueue_head+0x9e/0x150 [ 33.985835] ? init_wait_entry+0x1c0/0x1c0 [ 33.985837] __synchronize_srcu+0x189/0x240 [ 33.985839] ? call_srcu+0x10/0x10 [ 33.985841] ? rcu_unexpedite_gp+0x20/0x20 [ 33.985844] synchronize_srcu+0x335/0x56f [ 33.985846] ? lock_downgrade+0x8f0/0x8f0 [ 33.985849] ? synchronize_srcu_expedited+0x20/0x20 [ 33.985851] ? kasan_check_read+0x11/0x20 [ 33.985853] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.985856] ? kasan_check_write+0x14/0x20 [ 33.985858] ? do_raw_spin_lock+0xc1/0x200 [ 33.985861] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.985864] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.985865] ? kvfree+0x61/0x70 [ 33.985868] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.985870] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.985873] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.985875] ? kvm_arch_sync_events+0x30/0x30 [ 33.985878] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.985880] ? mmu_notifier_unregister+0x474/0x600 [ 33.985883] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.985885] ? kfree+0x111/0x210 [ 33.985887] ? __mmu_notifier_register+0x30/0x30 [ 33.985889] ? __free_pages+0x10a/0x190 [ 33.985892] ? free_unref_page+0x930/0x930 [ 33.985894] kvm_put_kvm+0x73f/0x1060 [ 33.985896] ? kvm_write_guest_cached+0x40/0x40 [ 33.985899] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.985901] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.985903] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.985906] ? kasan_check_write+0x14/0x20 [ 33.985908] ? do_raw_spin_lock+0xc1/0x200 [ 33.985910] ? kvm_irqfd_release+0xdd/0x120 [ 33.985913] ? kvm_put_kvm+0x1060/0x1060 [ 33.985915] kvm_vm_release+0x42/0x50 [ 33.985917] __fput+0x36e/0x8c0 [ 33.985919] ? __alloc_file+0x400/0x400 [ 33.985921] ? check_same_owner+0x340/0x340 [ 33.985923] ? kasan_check_write+0x14/0x20 [ 33.985926] ? do_raw_spin_lock+0xc1/0x200 [ 33.985928] ____fput+0x15/0x20 [ 33.985930] task_work_run+0x1e8/0x2a0 [ 33.985932] ? task_work_cancel+0x240/0x240 [ 33.985935] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.985937] ? switch_task_namespaces+0xa2/0xd0 [ 33.985939] do_exit+0x1ae4/0x26e0 [ 33.985942] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.985944] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.985947] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.985949] ? kfree+0x1d7/0x210 [ 33.985951] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.985954] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.985956] ? is_bpf_text_address+0xd7/0x170 [ 33.985958] ? kernel_text_address+0x79/0xf0 [ 33.985960] ? __kern [ 33.985964] Lost 53 message(s)! [ 35.049777] Shutting down cpus with NMI [ 36.109392] Dumping ftrace buffer: [ 36.112921] (ftrace buffer empty) [ 36.116610] Kernel Offset: disabled [ 36.120217] Rebooting in 86400 seconds..