[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.324854] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 23.627101] random: sshd: uninitialized urandom read (32 bytes read) [ 23.972569] random: sshd: uninitialized urandom read (32 bytes read) [ 24.512559] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.686845] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts. [ 30.243037] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 30.337970] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 30.365222] ================================================================== [ 30.375138] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 30.381368] Read of size 8 at addr ffff8801b6fe0058 by task syz-executor058/4456 [ 30.388889] [ 30.390529] CPU: 1 PID: 4456 Comm: syz-executor058 Not tainted 4.19.0-rc1+ #212 [ 30.397972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.407345] Call Trace: [ 30.409948] dump_stack+0x1c9/0x2b4 [ 30.413574] ? dump_stack_print_info.cold.2+0x52/0x52 [ 30.418762] ? printk+0xa7/0xcf [ 30.422043] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 30.426805] ? __schedule+0xf54/0x1df0 [ 30.430698] print_address_description+0x6c/0x20b [ 30.435542] ? __schedule+0xf54/0x1df0 [ 30.439431] kasan_report.cold.7+0x242/0x30d [ 30.443843] __asan_report_load8_noabort+0x14/0x20 [ 30.448773] __schedule+0xf54/0x1df0 [ 30.452489] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 30.457595] ? __sched_text_start+0x8/0x8 [ 30.461745] ? __call_srcu+0x7e7/0x1040 [ 30.465733] ? check_same_owner+0x340/0x340 [ 30.470074] ? mark_held_locks+0x160/0x160 [ 30.474310] ? find_held_lock+0x36/0x1c0 [ 30.478373] preempt_schedule_common+0x22/0x60 [ 30.482960] _cond_resched+0x1d/0x30 [ 30.486674] wait_for_completion+0xa5/0x8d0 [ 30.490995] ? wait_for_completion_interruptible+0x950/0x950 [ 30.496794] ? __lockdep_init_map+0x105/0x590 [ 30.501399] ? __init_waitqueue_head+0x9e/0x150 [ 30.506067] ? init_wait_entry+0x1c0/0x1c0 [ 30.510306] __synchronize_srcu+0x189/0x240 [ 30.514628] ? call_srcu+0x10/0x10 [ 30.518175] ? rcu_unexpedite_gp+0x20/0x20 [ 30.522417] synchronize_srcu+0x335/0x56f [ 30.526566] ? lock_downgrade+0x8f0/0x8f0 [ 30.530712] ? synchronize_srcu_expedited+0x20/0x20 [ 30.535731] ? kasan_check_read+0x11/0x20 [ 30.539879] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 30.544467] ? kasan_check_write+0x14/0x20 [ 30.548704] ? do_raw_spin_lock+0xc1/0x200 [ 30.552946] kvm_page_track_unregister_notifier+0x17d/0x250 [ 30.558660] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 30.564110] ? kvfree+0x61/0x70 [ 30.567391] ? rcu_read_lock_sched_held+0x108/0x120 [ 30.572410] kvm_mmu_uninit_vm+0x1c/0x20 [ 30.576469] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 30.580893] ? kvm_arch_sync_events+0x30/0x30 [ 30.585400] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.590944] ? mmu_notifier_unregister+0x474/0x600 [ 30.595877] ? trace_hardirqs_on+0x2c0/0x2c0 [ 30.600294] ? kfree+0x111/0x210 [ 30.603666] ? __mmu_notifier_register+0x30/0x30 [ 30.608427] ? __free_pages+0x10a/0x190 [ 30.612416] ? free_unref_page+0x930/0x930 [ 30.616660] kvm_put_kvm+0x73f/0x1060 [ 30.620484] ? kvm_write_guest_cached+0x40/0x40 [ 30.625160] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.629659] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.634152] ? lockdep_hardirqs_on+0x421/0x5c0 [ 30.638752] ? kasan_check_write+0x14/0x20 [ 30.642982] ? do_raw_spin_lock+0xc1/0x200 [ 30.647218] ? kvm_irqfd_release+0xdd/0x120 [ 30.651534] ? kvm_irqfd_release+0xdd/0x120 [ 30.655862] ? kvm_put_kvm+0x1060/0x1060 [ 30.659929] kvm_vm_release+0x42/0x50 [ 30.663731] __fput+0x36e/0x8c0 [ 30.667011] ? __alloc_file+0x400/0x400 [ 30.670988] ? check_same_owner+0x340/0x340 [ 30.675309] ? kasan_check_write+0x14/0x20 [ 30.679550] ? do_raw_spin_lock+0xc1/0x200 [ 30.683784] ____fput+0x15/0x20 [ 30.687061] task_work_run+0x1e8/0x2a0 [ 30.690950] ? task_work_cancel+0x240/0x240 [ 30.695286] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.700823] ? switch_task_namespaces+0xa2/0xd0 [ 30.705491] do_exit+0x1ae4/0x26e0 [ 30.709035] ? mm_update_next_owner+0x9a0/0x9a0 [ 30.713703] ? lock_downgrade+0x8f0/0x8f0 [ 30.717853] ? kasan_check_read+0x11/0x20 [ 30.722000] ? rcu_is_watching+0x8c/0x150 [ 30.726151] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 30.730818] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 30.735579] ? is_bpf_text_address+0xd7/0x170 [ 30.740072] ? kernel_text_address+0x79/0xf0 [ 30.744477] ? __kernel_text_address+0xd/0x40 [ 30.748974] ? unwind_get_return_address+0x61/0xa0 [ 30.753919] ? __save_stack_trace+0x8d/0xf0 [ 30.758284] ? save_stack+0x43/0xd0 [ 30.761924] ? __kasan_slab_free+0x11a/0x170 [ 30.766343] ? kasan_slab_free+0xe/0x10 [ 30.770327] ? kmem_cache_free+0x86/0x280 [ 30.774490] ? do_sys_open+0x569/0x720 [ 30.778383] ? __x64_sys_open+0x7e/0xc0 [ 30.782370] ? do_syscall_64+0x1b9/0x820 [ 30.786453] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.791837] ? trace_hardirqs_off+0xb8/0x2b0 [ 30.796267] ? kasan_check_read+0x11/0x20 [ 30.800432] ? do_raw_spin_unlock+0xa7/0x2f0 [ 30.804857] ? trace_hardirqs_on+0x2c0/0x2c0 [ 30.809301] ? trace_hardirqs_off+0xb8/0x2b0 [ 30.813732] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 30.818854] ? trace_hardirqs_on+0x2c0/0x2c0 [ 30.823285] ? kmem_cache_free+0xa0/0x280 [ 30.827453] ? kasan_check_read+0x11/0x20 [ 30.831615] ? rcu_is_watching+0x8c/0x150 [ 30.835770] ? trace_hardirqs_on+0xbd/0x2c0 [ 30.840106] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 30.845164] ? __fget_light+0x2f7/0x440 [ 30.849144] ? putname+0xf2/0x130 [ 30.852604] ? fget_raw+0x20/0x20 [ 30.856067] ? rcu_read_lock_sched_held+0x108/0x120 [ 30.861097] ? kmem_cache_free+0x246/0x280 [ 30.865345] do_group_exit+0x177/0x440 [ 30.869243] ? trace_hardirqs_on+0xbd/0x2c0 [ 30.873584] ? __ia32_sys_exit+0x50/0x50 [ 30.877654] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 30.882776] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 30.888327] ? ksys_ioctl+0x81/0xd0 [ 30.891967] __x64_sys_exit_group+0x3e/0x50 [ 30.896307] do_syscall_64+0x1b9/0x820 [ 30.900205] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 30.905593] ? syscall_return_slowpath+0x5e0/0x5e0 [ 30.910546] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.915404] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 30.920437] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 30.925471] ? prepare_exit_to_usermode+0x291/0x3b0 [ 30.930512] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.935372] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.940571] RIP: 0033:0x443288 [ 30.943775] Code: Bad RIP value. [ 30.947137] RSP: 002b:00007ffee2d6d8c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 30.954858] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000443288 [ 30.962137] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 30.969414] RBP: 00000000004c2ec8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 30.976694] R10: 00000000004002e0 R11: 0000000000000246 R12: 0000000000000001 [ 30.983979] R13: 00000000006d5180 R14: 0000000000000000 R15: 0000000000000000 [ 30.991271] [ 30.992901] Allocated by task 4456: [ 30.996546] save_stack+0x43/0xd0 [ 31.000019] kasan_kmalloc+0xc4/0xe0 [ 31.003735] kasan_slab_alloc+0x12/0x20 [ 31.007704] kmem_cache_alloc+0x12e/0x710 [ 31.011849] vmx_create_vcpu+0xcf/0x2830 [ 31.015915] kvm_arch_vcpu_create+0xe5/0x220 [ 31.020323] kvm_vm_ioctl+0x488/0x1d80 [ 31.024210] do_vfs_ioctl+0x1de/0x1720 [ 31.028096] ksys_ioctl+0xa9/0xd0 [ 31.031544] __x64_sys_ioctl+0x73/0xb0 [ 31.035429] do_syscall_64+0x1b9/0x820 [ 31.039324] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.044500] [ 31.046118] Freed by task 4456: [ 31.049397] save_stack+0x43/0xd0 [ 31.052866] __kasan_slab_free+0x11a/0x170 [ 31.057098] kasan_slab_free+0xe/0x10 [ 31.060893] kmem_cache_free+0x86/0x280 [ 31.064868] vmx_free_vcpu+0x26b/0x300 [ 31.068752] kvm_arch_destroy_vm+0x365/0x7c0 [ 31.073159] kvm_put_kvm+0x73f/0x1060 [ 31.076958] kvm_vm_release+0x42/0x50 [ 31.080757] __fput+0x36e/0x8c0 [ 31.084049] ____fput+0x15/0x20 [ 31.087324] task_work_run+0x1e8/0x2a0 [ 31.091227] do_exit+0x1ae4/0x26e0 [ 31.094767] do_group_exit+0x177/0x440 [ 31.098652] __x64_sys_exit_group+0x3e/0x50 [ 31.102973] do_syscall_64+0x1b9/0x820 [ 31.107151] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.112327] [ 31.113954] The buggy address belongs to the object at ffff8801b6fe0040 [ 31.113954] which belongs to the cache kvm_vcpu of size 23872 [ 31.126532] The buggy address is located 24 bytes inside of [ 31.126532] 23872-byte region [ffff8801b6fe0040, ffff8801b6fe5d80) [ 31.138490] The buggy address belongs to the page: [ 31.143422] page:ffffea0006dbf800 count:1 mapcount:0 mapping:ffff8801d9e6a180 index:0x0 compound_mapcount: 0 [ 31.153400] flags: 0x2fffc0000008100(slab|head) [ 31.158074] raw: 02fffc0000008100 ffff8801d4ccb648 ffff8801d4ccb648 ffff8801d9e6a180 [ 31.165956] raw: 0000000000000000 ffff8801b6fe0040 0000000100000001 0000000000000000 [ 31.173831] page dumped because: kasan: bad access detected [ 31.179534] [ 31.181156] Memory state around the buggy address: [ 31.186082] ffff8801b6fdff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.193442] ffff8801b6fdff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.200797] >ffff8801b6fe0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 31.208148] ^ [ 31.214376] ffff8801b6fe0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.221732] ffff8801b6fe0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.229089] ================================================================== [ 31.236946] Kernel panic - not syncing: panic_on_warn set ... [ 31.236946] [ 31.244316] CPU: 1 PID: 4456 Comm: syz-executor058 Tainted: G B 4.19.0-rc1+ #212 [ 31.253149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.262496] Call Trace: [ 31.265099] dump_stack+0x1c9/0x2b4 [ 31.268728] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.273923] ? lock_downgrade+0x8f0/0x8f0 [ 31.278069] ? __schedule+0xf54/0x1df0 [ 31.281960] panic+0x238/0x4e7 [ 31.285178] ? add_taint.cold.5+0x16/0x16 [ 31.289342] ? print_shadow_for_address+0xba/0x116 [ 31.294280] ? trace_hardirqs_off+0xaf/0x2b0 [ 31.298692] ? trace_hardirqs_off+0x77/0x2b0 [ 31.303102] ? __schedule+0xf54/0x1df0 [ 31.306991] kasan_end_report+0x47/0x4f [ 31.310965] kasan_report.cold.7+0x76/0x30d [ 31.315297] __asan_report_load8_noabort+0x14/0x20 [ 31.320226] __schedule+0xf54/0x1df0 [ 31.323944] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.329050] ? __sched_text_start+0x8/0x8 [ 31.333200] ? __call_srcu+0x7e7/0x1040 [ 31.337185] ? check_same_owner+0x340/0x340 [ 31.341507] ? mark_held_locks+0x160/0x160 [ 31.345740] ? find_held_lock+0x36/0x1c0 [ 31.349805] preempt_schedule_common+0x22/0x60 [ 31.354387] _cond_resched+0x1d/0x30 [ 31.358100] wait_for_completion+0xa5/0x8d0 [ 31.362423] ? wait_for_completion_interruptible+0x950/0x950 [ 31.368222] ? __lockdep_init_map+0x105/0x590 [ 31.372718] ? __init_waitqueue_head+0x9e/0x150 [ 31.377386] ? init_wait_entry+0x1c0/0x1c0 [ 31.381627] __synchronize_srcu+0x189/0x240 [ 31.385946] ? call_srcu+0x10/0x10 [ 31.389491] ? rcu_unexpedite_gp+0x20/0x20 [ 31.393734] synchronize_srcu+0x335/0x56f [ 31.397882] ? lock_downgrade+0x8f0/0x8f0 [ 31.402031] ? synchronize_srcu_expedited+0x20/0x20 [ 31.407052] ? kasan_check_read+0x11/0x20 [ 31.411201] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 31.415784] ? kasan_check_write+0x14/0x20 [ 31.420018] ? do_raw_spin_lock+0xc1/0x200 [ 31.424257] kvm_page_track_unregister_notifier+0x17d/0x250 [ 31.429978] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 31.435427] ? kvfree+0x61/0x70 [ 31.438710] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.443727] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.447788] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 31.452194] ? kvm_arch_sync_events+0x30/0x30 [ 31.456715] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.462267] ? mmu_notifier_unregister+0x474/0x600 [ 31.467194] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.471603] ? kfree+0x111/0x210 [ 31.474975] ? __mmu_notifier_register+0x30/0x30 [ 31.479736] ? __free_pages+0x10a/0x190 [ 31.483710] ? free_unref_page+0x930/0x930 [ 31.487955] kvm_put_kvm+0x73f/0x1060 [ 31.491761] ? kvm_write_guest_cached+0x40/0x40 [ 31.496439] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.500940] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.505436] ? lockdep_hardirqs_on+0x421/0x5c0 [ 31.510047] ? kasan_check_write+0x14/0x20 [ 31.514306] ? do_raw_spin_lock+0xc1/0x200 [ 31.518557] ? kvm_irqfd_release+0xdd/0x120 [ 31.522895] ? kvm_irqfd_release+0xdd/0x120 [ 31.527243] ? kvm_put_kvm+0x1060/0x1060 [ 31.531329] kvm_vm_release+0x42/0x50 [ 31.535146] __fput+0x36e/0x8c0 [ 31.538436] ? __alloc_file+0x400/0x400 [ 31.542428] ? check_same_owner+0x340/0x340 [ 31.546763] ? kasan_check_write+0x14/0x20 [ 31.551015] ? do_raw_spin_lock+0xc1/0x200 [ 31.555275] ____fput+0x15/0x20 [ 31.558574] task_work_run+0x1e8/0x2a0 [ 31.562479] ? task_work_cancel+0x240/0x240 [ 31.566823] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.572383] ? switch_task_namespaces+0xa2/0xd0 [ 31.577072] do_exit+0x1ae4/0x26e0 [ 31.580630] ? mm_update_next_owner+0x9a0/0x9a0 [ 31.585322] ? lock_downgrade+0x8f0/0x8f0 [ 31.589491] ? kasan_check_read+0x11/0x20 [ 31.593654] ? rcu_is_watching+0x8c/0x150 [ 31.597822] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 31.602513] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 31.607210] ? is_bpf_text_address+0xd7/0x170 [ 31.611727] ? kernel_text_address+0x79/0xf0 [ 31.616153] ? __kernel_text_address+0xd/0x40 [ 31.620668] ? unwind_get_return_address+0x61/0xa0 [ 31.625631] ? __save_stack_trace+0x8d/0xf0 [ 31.629985] ? save_stack+0x43/0xd0 [ 31.633627] ? __kasan_slab_free+0x11a/0x170 [ 31.638051] ? kasan_slab_free+0xe/0x10 [ 31.642039] ? kmem_cache_free+0x86/0x280 [ 31.646207] ? do_sys_open+0x569/0x720 [ 31.650114] ? __x64_sys_open+0x7e/0xc0 [ 31.654107] ? do_syscall_64+0x1b9/0x820 [ 31.658186] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.663572] ? trace_hardirqs_off+0xb8/0x2b0 [ 31.667997] ? kasan_check_read+0x11/0x20 [ 31.672166] ? do_raw_spin_unlock+0xa7/0x2f0 [ 31.676600] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.681060] ? trace_hardirqs_off+0xb8/0x2b0 [ 31.685524] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 31.690646] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.695074] ? kmem_cache_free+0xa0/0x280 [ 31.699239] ? kasan_check_read+0x11/0x20 [ 31.703409] ? rcu_is_watching+0x8c/0x150 [ 31.707573] ? trace_hardirqs_on+0xbd/0x2c0 [ 31.711925] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 31.716966] ? __fget_light+0x2f7/0x440 [ 31.720958] ? putname+0xf2/0x130 [ 31.724430] ? fget_raw+0x20/0x20 [ 31.727913] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.732956] ? kmem_cache_free+0x246/0x280 [ 31.737221] do_group_exit+0x177/0x440 [ 31.741128] ? trace_hardirqs_on+0xbd/0x2c0 [ 31.745463] ? __ia32_sys_exit+0x50/0x50 [ 31.749541] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.754664] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 31.760227] ? ksys_ioctl+0x81/0xd0 [ 31.763882] __x64_sys_exit_group+0x3e/0x50 [ 31.768228] do_syscall_64+0x1b9/0x820 [ 31.772136] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 31.777519] ? syscall_return_slowpath+0x5e0/0x5e0 [ 31.782471] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.787334] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 31.792370] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 31.797413] ? prepare_exit_to_usermode+0x291/0x3b0 [ 31.802457] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.807332] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.812539] RIP: 0033:0x443288 [ 31.815741] Code: Bad RIP value. [ 31.819112] RSP: 002b:00007ffee2d6d8c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 31.826844] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000443288 [ 31.834132] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 31.841420] RBP: 00000000004c2ec8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 31.848710] R10: 00000000004002e0 R11: 0000000000000246 R12: 0000000000000001 [ 31.855998] R13: 00000000006d5180 R14: 0000000000000000 R15: 0000000000000000 [ 31.863300] [ 31.863307] ====================================================== [ 31.863312] WARNING: possible circular locking dependency detected [ 31.863316] 4.19.0-rc1+ #212 Not tainted [ 31.863321] ------------------------------------------------------ [ 31.863326] syz-executor058/4456 is trying to acquire lock: [ 31.863330] 000000004b492b1d ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 31.863346] [ 31.863350] but task is already holding lock: [ 31.863353] 0000000041b65283 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 31.863367] [ 31.863372] which lock already depends on the new lock. [ 31.863374] [ 31.863377] [ 31.863382] the existing dependency chain (in reverse order) is: [ 31.863384] [ 31.863387] -> #3 (report_lock){....}: [ 31.863401] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.863405] kasan_report+0x8e/0x110 [ 31.863409] __asan_report_load8_noabort+0x14/0x20 [ 31.863413] __schedule+0xf54/0x1df0 [ 31.863418] preempt_schedule_common+0x22/0x60 [ 31.863422] _cond_resched+0x1d/0x30 [ 31.863426] wait_for_completion+0xa5/0x8d0 [ 31.863430] __synchronize_srcu+0x189/0x240 [ 31.863434] synchronize_srcu+0x335/0x56f [ 31.863439] kvm_page_track_unregister_notifier+0x17d/0x250 [ 31.863444] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.863448] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 31.863452] kvm_put_kvm+0x73f/0x1060 [ 31.863455] kvm_vm_release+0x42/0x50 [ 31.863459] __fput+0x36e/0x8c0 [ 31.863463] ____fput+0x15/0x20 [ 31.863466] task_work_run+0x1e8/0x2a0 [ 31.863470] do_exit+0x1ae4/0x26e0 [ 31.863474] do_group_exit+0x177/0x440 [ 31.863478] __x64_sys_exit_group+0x3e/0x50 [ 31.863482] do_syscall_64+0x1b9/0x820 [ 31.863487] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.863489] [ 31.863492] -> #2 (&rq->lock){-.-.}: [ 31.863506] _raw_spin_lock+0x2a/0x40 [ 31.863509] task_fork_fair+0x93/0x680 [ 31.863513] sched_fork+0x44b/0xbd0 [ 31.863517] copy_process+0x235e/0x7ad0 [ 31.863521] _do_fork+0x1ca/0x1170 [ 31.863525] kernel_thread+0x34/0x40 [ 31.863528] rest_init+0x22/0xe4 [ 31.863532] start_kernel+0x913/0x94e [ 31.863537] x86_64_start_reservations+0x29/0x2b [ 31.863541] x86_64_start_kernel+0x76/0x79 [ 31.863545] secondary_startup_64+0xa4/0xb0 [ 31.863547] [ 31.863549] -> #1 (&p->pi_lock){-.-.}: [ 31.863564] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.863568] try_to_wake_up+0xd2/0x1250 [ 31.863572] wake_up_process+0x10/0x20 [ 31.863576] __up.isra.1+0x1c0/0x2a0 [ 31.863579] up+0x13c/0x1c0 [ 31.863583] __up_console_sem+0xbe/0x1b0 [ 31.863587] console_unlock+0x506/0x10d0 [ 31.863591] vprintk_emit+0x33a/0x910 [ 31.863595] vprintk_default+0x28/0x30 [ 31.863599] vprintk_func+0x7a/0x117 [ 31.863602] printk+0xa7/0xcf [ 31.863606] load_umh+0x51/0xbd [ 31.863610] do_one_initcall+0x127/0x838 [ 31.863614] kernel_init_freeable+0x4bb/0x5ae [ 31.863618] kernel_init+0x11/0x1b3 [ 31.863621] ret_from_fork+0x3a/0x50 [ 31.863624] [ 31.863626] -> #0 ((console_sem).lock){-...}: [ 31.863641] lock_acquire+0x1e4/0x4f0 [ 31.863645] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.863649] down_trylock+0x13/0x70 [ 31.863653] __down_trylock_console_sem+0xae/0x200 [ 31.863657] console_trylock+0x15/0xa0 [ 31.863661] vprintk_emit+0x31f/0x910 [ 31.863665] vprintk_default+0x28/0x30 [ 31.863669] vprintk_func+0x7a/0x117 [ 31.863672] printk+0xa7/0xcf [ 31.863676] kasan_report+0x9e/0x110 [ 31.863681] __asan_report_load8_noabort+0x14/0x20 [ 31.863684] __schedule+0xf54/0x1df0 [ 31.863689] preempt_schedule_common+0x22/0x60 [ 31.863693] _cond_resched+0x1d/0x30 [ 31.863697] wait_for_completion+0xa5/0x8d0 [ 31.863701] __synchronize_srcu+0x189/0x240 [ 31.863705] synchronize_srcu+0x335/0x56f [ 31.863710] kvm_page_track_unregister_notifier+0x17d/0x250 [ 31.863714] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.863718] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 31.863722] kvm_put_kvm+0x73f/0x1060 [ 31.863726] kvm_vm_release+0x42/0x50 [ 31.863730] __fput+0x36e/0x8c0 [ 31.863733] ____fput+0x15/0x20 [ 31.863737] task_work_run+0x1e8/0x2a0 [ 31.863741] do_exit+0x1ae4/0x26e0 [ 31.863745] do_group_exit+0x177/0x440 [ 31.863749] __x64_sys_exit_group+0x3e/0x50 [ 31.863753] do_syscall_64+0x1b9/0x820 [ 31.863758] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.863760] [ 31.863765] other info that might help us debug this: [ 31.863767] [ 31.863770] Chain exists of: [ 31.863772] (console_sem).lock --> &rq->lock --> report_lock [ 31.863790] [ 31.863794] Possible unsafe locking scenario: [ 31.863797] [ 31.863801] CPU0 CPU1 [ 31.863805] ---- ---- [ 31.863807] lock(report_lock); [ 31.863817] lock(&rq->lock); [ 31.863826] lock(report_lock); [ 31.863834] lock((console_sem).lock); [ 31.863842] [ 31.863845] *** DEADLOCK *** [ 31.863848] [ 31.863852] 2 locks held by syz-executor058/4456: [ 31.863854] #0: 00000000ed50e43c (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 31.863871] #1: 0000000041b65283 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 31.863888] [ 31.863891] stack backtrace: [ 31.863897] CPU: 1 PID: 4456 Comm: syz-executor058 Not tainted 4.19.0-rc1+ #212 [ 31.863905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.863913] Call Trace: [ 31.863917] dump_stack+0x1c9/0x2b4 [ 31.863922] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.863926] ? vprintk_func+0x100/0x117 [ 31.863931] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 31.863934] ? save_trace+0xe0/0x290 [ 31.863938] __lock_acquire+0x3449/0x5020 [ 31.863943] ? mark_held_locks+0x160/0x160 [ 31.863947] ? mark_held_locks+0x160/0x160 [ 31.863951] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 31.863955] ? is_bpf_text_address+0xd7/0x170 [ 31.863959] ? kernel_text_address+0x79/0xf0 [ 31.863964] ? __kernel_text_address+0xd/0x40 [ 31.863968] ? __save_stack_trace+0x8d/0xf0 [ 31.863972] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 31.863976] ? save_trace+0x290/0x290 [ 31.863980] ? save_stack_trace+0x1a/0x20 [ 31.863984] ? save_trace+0xe0/0x290 [ 31.863988] ? graph_lock+0x170/0x170 [ 31.863993] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.863997] lock_acquire+0x1e4/0x4f0 [ 31.864001] ? down_trylock+0x13/0x70 [ 31.864005] ? lock_release+0x9f0/0x9f0 [ 31.864009] ? trace_hardirqs_off+0xb8/0x2b0 [ 31.864013] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.864018] ? trace_hardirqs_off+0xb8/0x2b0 [ 31.864021] ? log_store+0x34f/0x4c0 [ 31.864025] ? vprintk_emit+0x31f/0x910 [ 31.864030] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.864034] ? down_trylock+0x13/0x70 [ 31.864037] down_trylock+0x13/0x70 [ 31.864042] __down_trylock_console_sem+0xae/0x200 [ 31.864046] console_trylock+0x15/0xa0 [ 31.864050] vprintk_emit+0x31f/0x910 [ 31.864054] ? wake_up_klogd+0x110/0x110 [ 31.864058] ? run_rebalance_domains+0x4c0/0x4c0 [ 31.864062] ? kasan_check_read+0x11/0x20 [ 31.864066] ? rcu_is_watching+0x8c/0x150 [ 31.864070] ? rcu_pm_notify+0xc0/0xc0 [ 31.864074] ? lock_acquire+0x1e4/0x4f0 [ 31.864078] ? kasan_report+0x8e/0x110 [ 31.864082] ? __schedule+0xf54/0x1df0 [ 31.864086] vprintk_default+0x28/0x30 [ 31.864089] vprintk_func+0x7a/0x117 [ 31.864093] printk+0xa7/0xcf [ 31.864097] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 31.864102] ? kasan_check_write+0x14/0x20 [ 31.864106] ? do_raw_spin_lock+0xc1/0x200 [ 31.864110] ? do_raw_spin_lock+0xc1/0x200 [ 31.864114] kasan_report+0x9e/0x110 [ 31.864118] __asan_report_load8_noabort+0x14/0x20 [ 31.864122] __schedule+0xf54/0x1df0 [ 31.864126] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.864131] ? __sched_text_start+0x8/0x8 [ 31.864135] ? __call_srcu+0x7e7/0x1040 [ 31.864139] ? check_same_owner+0x340/0x340 [ 31.864143] ? mark_held_locks+0x160/0x160 [ 31.864147] ? find_held_lock+0x36/0x1c0 [ 31.864151] preempt_schedule_common+0x22/0x60 [ 31.864155] _cond_resched+0x1d/0x30 [ 31.864159] wait_for_completion+0xa5/0x8d0 [ 31.864164] ? wait_for_completion_interruptible+0x950/0x950 [ 31.864169] ? __lockdep_init_map+0x105/0x590 [ 31.864173] ? __init_waitqueue_head+0x9e/0x150 [ 31.864177] ? init_wait_entry+0x1c0/0x1c0 [ 31.864181] __synchronize_srcu+0x189/0x240 [ 31.864185] ? call_srcu+0x10/0x10 [ 31.864189] ? rcu_unexpedite_gp+0x20/0x20 [ 31.864193] synchronize_srcu+0x335/0x56f [ 31.864198] ? lock_downgrade+0x8f0/0x8f0 [ 31.864202] ? synchronize_srcu_expedited+0x20/0x20 [ 31.864207] ? kasan_check_read+0x11/0x20 [ 31.864211] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 31.864215] ? kasan_check_write+0x14/0x20 [ 31.864219] ? do_raw_spin_lock+0xc1/0x200 [ 31.864224] kvm_page_track_unregister_notifier+0x17d/0x250 [ 31.864229] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 31.864233] ? kvfree+0x61/0x70 [ 31.864237] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.864241] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.864246] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 31.864250] ? kvm_arch_sync_events+0x30/0x30 [ 31.864255] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.864267] ? mmu_notifier_unregister+0x474/0x600 [ 31.864272] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.864275] ? kfree+0x111/0x210 [ 31.864280] ? __mmu_notifier_register+0x30/0x30 [ 31.864284] ? __free_pages+0x10a/0x190 [ 31.864288] ? free_unref_page+0x930/0x930 [ 31.864292] kvm_put_kvm+0x73f/0x1060 [ 31.864296] ? kvm_write_guest_cached+0x40/0x40 [ 31.864300] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.864305] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.864309] ? lockdep_hardirqs_on+0x421/0x5c0 [ 31.864313] ? kasan_check_write+0x14/0x20 [ 31.864317] ? do_raw_spin_lock+0xc1/0x200 [ 31.864321] ? kvm_irqfd_release+0xdd/0x120 [ 31.864326] ? kvm_irqfd_release+0xdd/0x120 [ 31.864330] ? kvm_put_kvm+0x1060/0x1060 [ 31.864334] kvm_vm_release+0x42/0x50 [ 31.864337] __fput+0x36e/0x8c0 [ 31.864341] ? __alloc_file+0x400/0x400 [ 31.864345] ? check_same_owner+0x340/0x340 [ 31.864349] ? kasan_check_write+0x14/0x20 [ 31.864354] ? do_raw_spin_lock+0xc1/0x200 [ 31.864357] ____fput+0x15/0x20 [ 31.864361] task_work_run+0x1e8/0x2a0 [ 31.864365] ? task_work_cancel+0x240/0x240 [ 31.864371] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.864375] ? switch_task_namespaces+0xa2/0xd0 [ 31.864379] do_exit+0x1ae4/0x26e0 [ 31.864383] ? mm_update_next_owner+0x9a0/0x9a0 [ 31.864387] ? lock_downgrade+0x8f0/0x8f0 [ 31.864391] ? kasan_check_read+0x11/0x20 [ 31.864395] ? rcu_is_watching+0x8c/0x150 [ 31.864400] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 31.864404] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 31.864408] ? is_bpf_text_address+0xd7/0x170 [ 31.864412] ? kernel_t [ 31.864422] Lost 53 message(s)! [ 32.944399] Shutting down cpus with NMI [ 34.006156] Dumping ftrace buffer: [ 34.009685] (ftrace buffer empty) [ 34.013375] Kernel Offset: disabled [ 34.016990] Rebooting in 86400 seconds..