[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.497214] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.165161] random: sshd: uninitialized urandom read (32 bytes read) [ 24.449284] random: sshd: uninitialized urandom read (32 bytes read) [ 24.982879] random: sshd: uninitialized urandom read (32 bytes read) [ 26.867908] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.58' (ECDSA) to the list of known hosts. [ 32.592668] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 32.688900] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 32.713447] ================================================================== [ 32.723243] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 32.729464] Read of size 8 at addr ffff8801ac978058 by task syz-executor332/4468 [ 32.736984] [ 32.738608] CPU: 0 PID: 4468 Comm: syz-executor332 Not tainted 4.18.0+ #205 [ 32.745693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.755033] Call Trace: [ 32.757616] dump_stack+0x1c9/0x2b4 [ 32.761245] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.766429] ? printk+0xa7/0xcf [ 32.769703] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.774454] ? __schedule+0xf54/0x1df0 [ 32.778340] print_address_description+0x6c/0x20b [ 32.783187] ? __schedule+0xf54/0x1df0 [ 32.787077] kasan_report.cold.7+0x242/0x30d [ 32.791483] __asan_report_load8_noabort+0x14/0x20 [ 32.796409] __schedule+0xf54/0x1df0 [ 32.800120] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.805226] ? __sched_text_start+0x8/0x8 [ 32.809374] ? __call_srcu+0x7e7/0x1040 [ 32.813351] ? check_same_owner+0x340/0x340 [ 32.817664] ? mark_held_locks+0x160/0x160 [ 32.821890] ? find_held_lock+0x36/0x1c0 [ 32.825961] preempt_schedule_common+0x22/0x60 [ 32.830535] _cond_resched+0x1d/0x30 [ 32.834242] wait_for_completion+0xa5/0x8d0 [ 32.838561] ? wait_for_completion_interruptible+0x950/0x950 [ 32.844352] ? __lockdep_init_map+0x105/0x590 [ 32.848844] ? __init_waitqueue_head+0x9e/0x150 [ 32.853506] ? init_wait_entry+0x1c0/0x1c0 [ 32.857744] __synchronize_srcu+0x189/0x240 [ 32.862061] ? call_srcu+0x10/0x10 [ 32.865610] ? rcu_unexpedite_gp+0x20/0x20 [ 32.869846] synchronize_srcu+0x335/0x56f [ 32.874000] ? lock_downgrade+0x8f0/0x8f0 [ 32.878155] ? synchronize_srcu_expedited+0x20/0x20 [ 32.883182] ? kasan_check_read+0x11/0x20 [ 32.887330] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.891911] ? kasan_check_write+0x14/0x20 [ 32.896149] ? do_raw_spin_lock+0xc1/0x200 [ 32.900389] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.906094] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.911538] ? kvfree+0x61/0x70 [ 32.914814] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.919838] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.923907] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.928313] ? kvm_arch_sync_events+0x30/0x30 [ 32.932806] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.938343] ? mmu_notifier_unregister+0x474/0x600 [ 32.943266] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.947665] ? kfree+0x111/0x210 [ 32.951026] ? __mmu_notifier_register+0x30/0x30 [ 32.955798] ? __free_pages+0x10a/0x190 [ 32.959773] ? free_unref_page+0x930/0x930 [ 32.964011] kvm_put_kvm+0x73f/0x1060 [ 32.967812] ? kvm_write_guest_cached+0x40/0x40 [ 32.972479] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.976969] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.981458] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.986063] ? kasan_check_write+0x14/0x20 [ 32.990300] ? do_raw_spin_lock+0xc1/0x200 [ 32.994543] ? kvm_irqfd_release+0xdd/0x120 [ 32.998859] ? kvm_put_kvm+0x1060/0x1060 [ 33.002917] kvm_vm_release+0x42/0x50 [ 33.006711] __fput+0x36e/0x8c0 [ 33.009986] ? __alloc_file+0x400/0x400 [ 33.013953] ? check_same_owner+0x340/0x340 [ 33.018269] ? kasan_check_write+0x14/0x20 [ 33.022496] ? do_raw_spin_lock+0xc1/0x200 [ 33.026723] ____fput+0x15/0x20 [ 33.029994] task_work_run+0x1e8/0x2a0 [ 33.033884] ? task_work_cancel+0x240/0x240 [ 33.038217] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.043752] ? switch_task_namespaces+0xa2/0xd0 [ 33.048417] do_exit+0x1ae4/0x26e0 [ 33.051954] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.056631] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.060861] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.065874] ? kfree+0x1d7/0x210 [ 33.069240] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.073470] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.079183] ? is_bpf_text_address+0xd7/0x170 [ 33.083687] ? kernel_text_address+0x79/0xf0 [ 33.088102] ? __kernel_text_address+0xd/0x40 [ 33.092594] ? unwind_get_return_address+0x61/0xa0 [ 33.097534] ? __save_stack_trace+0x8d/0xf0 [ 33.101872] ? save_stack+0xa9/0xd0 [ 33.105545] ? save_stack+0x43/0xd0 [ 33.109161] ? __kasan_slab_free+0x11a/0x170 [ 33.113575] ? kasan_slab_free+0xe/0x10 [ 33.117542] ? putname+0xf2/0x130 [ 33.120995] ? __x64_sys_openat+0x9d/0x100 [ 33.125228] ? do_syscall_64+0x1b9/0x820 [ 33.129285] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.134649] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.139051] ? kasan_check_read+0x11/0x20 [ 33.143204] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.147606] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.152010] ? initcall_blacklisted+0x9a/0x1e0 [ 33.156590] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.161704] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.167421] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.172951] ? do_vfs_ioctl+0x201/0x1720 [ 33.177023] ? rcu_is_watching+0x8c/0x150 [ 33.181161] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.185495] ? ioctl_preallocate+0x300/0x300 [ 33.189905] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.195437] ? __fget_light+0x2f7/0x440 [ 33.199407] ? fget_raw+0x20/0x20 [ 33.202862] ? putname+0xf2/0x130 [ 33.206334] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.211365] ? kmem_cache_free+0x246/0x280 [ 33.215607] ? putname+0xf7/0x130 [ 33.219060] do_group_exit+0x177/0x440 [ 33.222943] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.227259] ? __ia32_sys_exit+0x50/0x50 [ 33.231312] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.236409] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.241938] ? ksys_ioctl+0x81/0xd0 [ 33.245560] __x64_sys_exit_group+0x3e/0x50 [ 33.249879] do_syscall_64+0x1b9/0x820 [ 33.253760] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.259131] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.264053] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.268891] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.273901] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.278941] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.283805] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.288986] RIP: 0033:0x43ed68 [ 33.292185] Code: Bad RIP value. [ 33.295547] RSP: 002b:00007ffda1b701e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.303261] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed68 [ 33.310524] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.317786] RBP: 00000000004be628 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.325050] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.332313] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 33.339581] [ 33.341227] Allocated by task 4468: [ 33.344850] save_stack+0x43/0xd0 [ 33.348302] kasan_kmalloc+0xc4/0xe0 [ 33.352011] kasan_slab_alloc+0x12/0x20 [ 33.355979] kmem_cache_alloc+0x12e/0x710 [ 33.360119] vmx_create_vcpu+0xcf/0x2830 [ 33.364180] kvm_arch_vcpu_create+0xe5/0x220 [ 33.368587] kvm_vm_ioctl+0x488/0x1d80 [ 33.372469] do_vfs_ioctl+0x1de/0x1720 [ 33.376347] ksys_ioctl+0xa9/0xd0 [ 33.379816] __x64_sys_ioctl+0x73/0xb0 [ 33.383713] do_syscall_64+0x1b9/0x820 [ 33.387600] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.392776] [ 33.394393] Freed by task 4468: [ 33.397665] save_stack+0x43/0xd0 [ 33.401140] __kasan_slab_free+0x11a/0x170 [ 33.405372] kasan_slab_free+0xe/0x10 [ 33.409166] kmem_cache_free+0x86/0x280 [ 33.413147] vmx_free_vcpu+0x26b/0x300 [ 33.417038] kvm_arch_destroy_vm+0x365/0x7c0 [ 33.421441] kvm_put_kvm+0x73f/0x1060 [ 33.425236] kvm_vm_release+0x42/0x50 [ 33.429031] __fput+0x36e/0x8c0 [ 33.432300] ____fput+0x15/0x20 [ 33.435572] task_work_run+0x1e8/0x2a0 [ 33.439455] do_exit+0x1ae4/0x26e0 [ 33.442985] do_group_exit+0x177/0x440 [ 33.446868] __x64_sys_exit_group+0x3e/0x50 [ 33.451188] do_syscall_64+0x1b9/0x820 [ 33.455080] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.460261] [ 33.461880] The buggy address belongs to the object at ffff8801ac978040 [ 33.461880] which belongs to the cache kvm_vcpu of size 23872 [ 33.474444] The buggy address is located 24 bytes inside of [ 33.474444] 23872-byte region [ffff8801ac978040, ffff8801ac97dd80) [ 33.486396] The buggy address belongs to the page: [ 33.491323] page:ffffea0006b25e00 count:1 mapcount:0 mapping:ffff8801d9e6b000 index:0x0 compound_mapcount: 0 [ 33.501290] flags: 0x2fffc0000008100(slab|head) [ 33.505959] raw: 02fffc0000008100 ffff8801d57c1148 ffff8801d57c1148 ffff8801d9e6b000 [ 33.513837] raw: 0000000000000000 ffff8801ac978040 0000000100000001 0000000000000000 [ 33.521704] page dumped because: kasan: bad access detected [ 33.527398] [ 33.529011] Memory state around the buggy address: [ 33.533941] ffff8801ac977f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.541294] ffff8801ac977f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.548643] >ffff8801ac978000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 33.555989] ^ [ 33.562217] ffff8801ac978080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.569568] ffff8801ac978100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.577349] ================================================================== [ 33.584734] Kernel panic - not syncing: panic_on_warn set ... [ 33.584734] [ 33.592093] CPU: 0 PID: 4468 Comm: syz-executor332 Tainted: G B 4.18.0+ #205 [ 33.600569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.609910] Call Trace: [ 33.612500] dump_stack+0x1c9/0x2b4 [ 33.616127] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.621311] ? lock_downgrade+0x8f0/0x8f0 [ 33.625452] ? __schedule+0xf54/0x1df0 [ 33.629333] panic+0x238/0x4e7 [ 33.632517] ? add_taint.cold.5+0x16/0x16 [ 33.636667] ? print_shadow_for_address+0xba/0x116 [ 33.641590] ? trace_hardirqs_off+0xaf/0x2b0 [ 33.645991] ? trace_hardirqs_off+0x77/0x2b0 [ 33.650394] ? __schedule+0xf54/0x1df0 [ 33.654278] kasan_end_report+0x47/0x4f [ 33.658250] kasan_report.cold.7+0x76/0x30d [ 33.662567] __asan_report_load8_noabort+0x14/0x20 [ 33.667490] __schedule+0xf54/0x1df0 [ 33.671213] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.676316] ? __sched_text_start+0x8/0x8 [ 33.680460] ? __call_srcu+0x7e7/0x1040 [ 33.684438] ? check_same_owner+0x340/0x340 [ 33.688751] ? mark_held_locks+0x160/0x160 [ 33.692980] ? find_held_lock+0x36/0x1c0 [ 33.697039] preempt_schedule_common+0x22/0x60 [ 33.701614] _cond_resched+0x1d/0x30 [ 33.705320] wait_for_completion+0xa5/0x8d0 [ 33.709642] ? wait_for_completion_interruptible+0x950/0x950 [ 33.715434] ? __lockdep_init_map+0x105/0x590 [ 33.719925] ? __init_waitqueue_head+0x9e/0x150 [ 33.724588] ? init_wait_entry+0x1c0/0x1c0 [ 33.728821] __synchronize_srcu+0x189/0x240 [ 33.733134] ? call_srcu+0x10/0x10 [ 33.736673] ? rcu_unexpedite_gp+0x20/0x20 [ 33.740909] synchronize_srcu+0x335/0x56f [ 33.745066] ? lock_downgrade+0x8f0/0x8f0 [ 33.749226] ? synchronize_srcu_expedited+0x20/0x20 [ 33.754239] ? kasan_check_read+0x11/0x20 [ 33.758386] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.762960] ? kasan_check_write+0x14/0x20 [ 33.767204] ? do_raw_spin_lock+0xc1/0x200 [ 33.771438] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.777147] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.782627] ? kvfree+0x61/0x70 [ 33.785923] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.790934] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.794990] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.799393] ? kvm_arch_sync_events+0x30/0x30 [ 33.803885] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.809416] ? mmu_notifier_unregister+0x474/0x600 [ 33.814336] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.818736] ? kfree+0x111/0x210 [ 33.822097] ? __mmu_notifier_register+0x30/0x30 [ 33.826851] ? __free_pages+0x10a/0x190 [ 33.830822] ? free_unref_page+0x930/0x930 [ 33.835058] kvm_put_kvm+0x73f/0x1060 [ 33.838995] ? kvm_write_guest_cached+0x40/0x40 [ 33.843673] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.848181] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.852689] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.857280] ? kasan_check_write+0x14/0x20 [ 33.861518] ? do_raw_spin_lock+0xc1/0x200 [ 33.865760] ? kvm_irqfd_release+0xdd/0x120 [ 33.870102] ? kvm_put_kvm+0x1060/0x1060 [ 33.874187] kvm_vm_release+0x42/0x50 [ 33.878002] __fput+0x36e/0x8c0 [ 33.881288] ? __alloc_file+0x400/0x400 [ 33.885263] ? check_same_owner+0x340/0x340 [ 33.889588] ? kasan_check_write+0x14/0x20 [ 33.893833] ? do_raw_spin_lock+0xc1/0x200 [ 33.898075] ____fput+0x15/0x20 [ 33.901361] task_work_run+0x1e8/0x2a0 [ 33.905251] ? task_work_cancel+0x240/0x240 [ 33.909581] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.915123] ? switch_task_namespaces+0xa2/0xd0 [ 33.919796] do_exit+0x1ae4/0x26e0 [ 33.923344] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.928025] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 33.932264] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.937297] ? kfree+0x1d7/0x210 [ 33.940665] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 33.944901] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.950616] ? is_bpf_text_address+0xd7/0x170 [ 33.955111] ? kernel_text_address+0x79/0xf0 [ 33.959522] ? __kernel_text_address+0xd/0x40 [ 33.964024] ? unwind_get_return_address+0x61/0xa0 [ 33.968959] ? __save_stack_trace+0x8d/0xf0 [ 33.973291] ? save_stack+0xa9/0xd0 [ 33.976916] ? save_stack+0x43/0xd0 [ 33.980542] ? __kasan_slab_free+0x11a/0x170 [ 33.984952] ? kasan_slab_free+0xe/0x10 [ 33.988964] ? putname+0xf2/0x130 [ 33.992419] ? __x64_sys_openat+0x9d/0x100 [ 33.996656] ? do_syscall_64+0x1b9/0x820 [ 34.000722] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.006091] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.010500] ? kasan_check_read+0x11/0x20 [ 34.014651] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.019057] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.023466] ? initcall_blacklisted+0x9a/0x1e0 [ 34.028058] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.033186] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.038908] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.044456] ? do_vfs_ioctl+0x201/0x1720 [ 34.048522] ? rcu_is_watching+0x8c/0x150 [ 34.052675] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.057003] ? ioctl_preallocate+0x300/0x300 [ 34.061415] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.066956] ? __fget_light+0x2f7/0x440 [ 34.070933] ? fget_raw+0x20/0x20 [ 34.074383] ? putname+0xf2/0x130 [ 34.077839] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.082856] ? kmem_cache_free+0x246/0x280 [ 34.087094] ? putname+0xf7/0x130 [ 34.090552] do_group_exit+0x177/0x440 [ 34.094440] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.098761] ? __ia32_sys_exit+0x50/0x50 [ 34.102822] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.107923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.113460] ? ksys_ioctl+0x81/0xd0 [ 34.117094] __x64_sys_exit_group+0x3e/0x50 [ 34.121440] do_syscall_64+0x1b9/0x820 [ 34.125335] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.130701] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.135633] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.140491] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.145512] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.150535] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.155390] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.160582] RIP: 0033:0x43ed68 [ 34.163779] Code: Bad RIP value. [ 34.167138] RSP: 002b:00007ffda1b701e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.174862] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed68 [ 34.182144] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.189436] RBP: 00000000004be628 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.196718] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.203992] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.211287] [ 34.211293] ====================================================== [ 34.211298] WARNING: possible circular locking dependency detected [ 34.211301] 4.18.0+ #205 Not tainted [ 34.211306] ------------------------------------------------------ [ 34.211311] syz-executor332/4468 is trying to acquire lock: [ 34.211315] 00000000e330ec07 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 34.211329] [ 34.211333] but task is already holding lock: [ 34.211336] 000000002f7b0e6d (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.211350] [ 34.211354] which lock already depends on the new lock. [ 34.211356] [ 34.211359] [ 34.211364] the existing dependency chain (in reverse order) is: [ 34.211366] [ 34.211368] -> #3 (report_lock){....}: [ 34.211382] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.211386] kasan_report+0x8e/0x110 [ 34.211390] __asan_report_load8_noabort+0x14/0x20 [ 34.211394] __schedule+0xf54/0x1df0 [ 34.211398] preempt_schedule_common+0x22/0x60 [ 34.211402] _cond_resched+0x1d/0x30 [ 34.211406] wait_for_completion+0xa5/0x8d0 [ 34.211410] __synchronize_srcu+0x189/0x240 [ 34.211414] synchronize_srcu+0x335/0x56f [ 34.211419] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.211423] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.211427] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.211430] kvm_put_kvm+0x73f/0x1060 [ 34.211434] kvm_vm_release+0x42/0x50 [ 34.211438] __fput+0x36e/0x8c0 [ 34.211441] ____fput+0x15/0x20 [ 34.211445] task_work_run+0x1e8/0x2a0 [ 34.211448] do_exit+0x1ae4/0x26e0 [ 34.211452] do_group_exit+0x177/0x440 [ 34.211456] __x64_sys_exit_group+0x3e/0x50 [ 34.211459] do_syscall_64+0x1b9/0x820 [ 34.211464] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.211466] [ 34.211468] -> #2 (&rq->lock){-.-.}: [ 34.211482] _raw_spin_lock+0x2a/0x40 [ 34.211486] task_fork_fair+0x93/0x680 [ 34.211489] sched_fork+0x44b/0xbd0 [ 34.211493] copy_process+0x235e/0x7ad0 [ 34.211496] _do_fork+0x1ca/0x1170 [ 34.211500] kernel_thread+0x34/0x40 [ 34.211503] rest_init+0x22/0xe4 [ 34.211507] start_kernel+0x913/0x94e [ 34.211511] x86_64_start_reservations+0x29/0x2b [ 34.211515] x86_64_start_kernel+0x76/0x79 [ 34.211519] secondary_startup_64+0xa4/0xb0 [ 34.211522] [ 34.211524] -> #1 (&p->pi_lock){-.-.}: [ 34.211538] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.211542] try_to_wake_up+0xd2/0x1250 [ 34.211546] wake_up_process+0x10/0x20 [ 34.211550] __up.isra.1+0x1c0/0x2a0 [ 34.211553] up+0x13c/0x1c0 [ 34.211557] __up_console_sem+0xbe/0x1b0 [ 34.211561] console_unlock+0x506/0x10d0 [ 34.211564] vprintk_emit+0x33a/0x910 [ 34.211568] vprintk_default+0x28/0x30 [ 34.211571] vprintk_func+0x7a/0x117 [ 34.211575] printk+0xa7/0xcf [ 34.211578] load_umh+0x51/0xbd [ 34.211582] do_one_initcall+0x127/0x838 [ 34.211586] kernel_init_freeable+0x4bb/0x5ae [ 34.211589] kernel_init+0x11/0x1b3 [ 34.211593] ret_from_fork+0x3a/0x50 [ 34.211595] [ 34.211597] -> #0 ((console_sem).lock){-...}: [ 34.211611] lock_acquire+0x1e4/0x4f0 [ 34.211615] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.211619] down_trylock+0x13/0x70 [ 34.211623] __down_trylock_console_sem+0xae/0x200 [ 34.211627] console_trylock+0x15/0xa0 [ 34.211631] vprintk_emit+0x31f/0x910 [ 34.211634] vprintk_default+0x28/0x30 [ 34.211638] vprintk_func+0x7a/0x117 [ 34.211641] printk+0xa7/0xcf [ 34.211645] kasan_report+0x9e/0x110 [ 34.211649] __asan_report_load8_noabort+0x14/0x20 [ 34.211653] __schedule+0xf54/0x1df0 [ 34.211657] preempt_schedule_common+0x22/0x60 [ 34.211661] _cond_resched+0x1d/0x30 [ 34.211665] wait_for_completion+0xa5/0x8d0 [ 34.211669] __synchronize_srcu+0x189/0x240 [ 34.211673] synchronize_srcu+0x335/0x56f [ 34.211678] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.211681] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.211686] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.211689] kvm_put_kvm+0x73f/0x1060 [ 34.211693] kvm_vm_release+0x42/0x50 [ 34.211696] __fput+0x36e/0x8c0 [ 34.211700] ____fput+0x15/0x20 [ 34.211703] task_work_run+0x1e8/0x2a0 [ 34.211707] do_exit+0x1ae4/0x26e0 [ 34.211711] do_group_exit+0x177/0x440 [ 34.211714] __x64_sys_exit_group+0x3e/0x50 [ 34.211718] do_syscall_64+0x1b9/0x820 [ 34.211723] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.211725] [ 34.211729] other info that might help us debug this: [ 34.211731] [ 34.211734] Chain exists of: [ 34.211736] (console_sem).lock --> &rq->lock --> report_lock [ 34.211754] [ 34.211758] Possible unsafe locking scenario: [ 34.211760] [ 34.211764] CPU0 CPU1 [ 34.211767] ---- ---- [ 34.211770] lock(report_lock); [ 34.211779] lock(&rq->lock); [ 34.211788] lock(report_lock); [ 34.211795] lock((console_sem).lock); [ 34.211803] [ 34.211806] *** DEADLOCK *** [ 34.211808] [ 34.211812] 2 locks held by syz-executor332/4468: [ 34.211814] #0: 00000000101bc5cb (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 34.211831] #1: 000000002f7b0e6d (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.211847] [ 34.211850] stack backtrace: [ 34.211855] CPU: 0 PID: 4468 Comm: syz-executor332 Not tainted 4.18.0+ #205 [ 34.211862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.211865] Call Trace: [ 34.211869] dump_stack+0x1c9/0x2b4 [ 34.211873] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.211877] ? vprintk_func+0x100/0x117 [ 34.211881] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 34.211885] ? save_trace+0xe0/0x290 [ 34.211889] __lock_acquire+0x3449/0x5020 [ 34.211893] ? mark_held_locks+0x160/0x160 [ 34.211896] ? mark_held_locks+0x160/0x160 [ 34.211901] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.211905] ? is_bpf_text_address+0xd7/0x170 [ 34.211909] ? kernel_text_address+0x79/0xf0 [ 34.211912] ? __kernel_text_address+0xd/0x40 [ 34.211916] ? __save_stack_trace+0x8d/0xf0 [ 34.211921] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 34.211924] ? save_trace+0x290/0x290 [ 34.211928] ? save_stack_trace+0x1a/0x20 [ 34.211932] ? save_trace+0xe0/0x290 [ 34.211935] ? graph_lock+0x170/0x170 [ 34.211940] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.211943] lock_acquire+0x1e4/0x4f0 [ 34.211947] ? down_trylock+0x13/0x70 [ 34.211951] ? lock_release+0x9f0/0x9f0 [ 34.211955] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.211959] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.211963] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.211966] ? log_store+0x34f/0x4c0 [ 34.211970] ? vprintk_emit+0x31f/0x910 [ 34.211974] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.211978] ? down_trylock+0x13/0x70 [ 34.211981] down_trylock+0x13/0x70 [ 34.211985] __down_trylock_console_sem+0xae/0x200 [ 34.211989] console_trylock+0x15/0xa0 [ 34.211993] vprintk_emit+0x31f/0x910 [ 34.211996] ? wake_up_klogd+0x110/0x110 [ 34.212001] ? run_rebalance_domains+0x4c0/0x4c0 [ 34.212004] ? kasan_check_read+0x11/0x20 [ 34.212008] ? rcu_is_watching+0x8c/0x150 [ 34.212012] ? rcu_pm_notify+0xc0/0xc0 [ 34.212021] ? lock_acquire+0x1e4/0x4f0 [ 34.212025] ? kasan_report+0x8e/0x110 [ 34.212029] ? __schedule+0xf54/0x1df0 [ 34.212032] vprintk_default+0x28/0x30 [ 34.212036] vprintk_func+0x7a/0x117 [ 34.212039] printk+0xa7/0xcf [ 34.212043] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.212047] ? kasan_check_write+0x14/0x20 [ 34.212051] ? do_raw_spin_lock+0xc1/0x200 [ 34.212055] ? do_raw_spin_lock+0xc1/0x200 [ 34.212058] kasan_report+0x9e/0x110 [ 34.212062] __asan_report_load8_noabort+0x14/0x20 [ 34.212066] __schedule+0xf54/0x1df0 [ 34.212070] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.212074] ? __sched_text_start+0x8/0x8 [ 34.212078] ? __call_srcu+0x7e7/0x1040 [ 34.212082] ? check_same_owner+0x340/0x340 [ 34.212086] ? mark_held_locks+0x160/0x160 [ 34.212089] ? find_held_lock+0x36/0x1c0 [ 34.212093] preempt_schedule_common+0x22/0x60 [ 34.212097] _cond_resched+0x1d/0x30 [ 34.212101] wait_for_completion+0xa5/0x8d0 [ 34.212106] ? wait_for_completion_interruptible+0x950/0x950 [ 34.212110] ? __lockdep_init_map+0x105/0x590 [ 34.212114] ? __init_waitqueue_head+0x9e/0x150 [ 34.212118] ? init_wait_entry+0x1c0/0x1c0 [ 34.212122] __synchronize_srcu+0x189/0x240 [ 34.212125] ? call_srcu+0x10/0x10 [ 34.212129] ? rcu_unexpedite_gp+0x20/0x20 [ 34.212133] synchronize_srcu+0x335/0x56f [ 34.212137] ? lock_downgrade+0x8f0/0x8f0 [ 34.212141] ? synchronize_srcu_expedited+0x20/0x20 [ 34.212145] ? kasan_check_read+0x11/0x20 [ 34.212150] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.212153] ? kasan_check_write+0x14/0x20 [ 34.212157] ? do_raw_spin_lock+0xc1/0x200 [ 34.212162] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.212167] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.212178] ? kvfree+0x61/0x70 [ 34.212183] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.212187] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.212191] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.212195] ? kvm_arch_sync_events+0x30/0x30 [ 34.212199] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.212204] ? mmu_notifier_unregister+0x474/0x600 [ 34.212208] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.212211] ? kfree+0x111/0x210 [ 34.212216] ? __mmu_notifier_register+0x30/0x30 [ 34.212219] ? __free_pages+0x10a/0x190 [ 34.212223] ? free_unref_page+0x930/0x930 [ 34.212227] kvm_put_kvm+0x73f/0x1060 [ 34.212231] ? kvm_write_guest_cached+0x40/0x40 [ 34.212235] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.212239] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.212244] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.212247] ? kasan_check_write+0x14/0x20 [ 34.212251] ? do_raw_spin_lock+0xc1/0x200 [ 34.212255] ? kvm_irqfd_release+0xdd/0x120 [ 34.212259] ? kvm_put_kvm+0x1060/0x1060 [ 34.212263] kvm_vm_release+0x42/0x50 [ 34.212266] __fput+0x36e/0x8c0 [ 34.212270] ? __alloc_file+0x400/0x400 [ 34.212274] ? check_same_owner+0x340/0x340 [ 34.212278] ? kasan_check_write+0x14/0x20 [ 34.212281] ? do_raw_spin_lock+0xc1/0x200 [ 34.212285] ____fput+0x15/0x20 [ 34.212288] task_work_run+0x1e8/0x2a0 [ 34.212292] ? task_work_cancel+0x240/0x240 [ 34.212297] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.212301] ? switch_task_namespaces+0xa2/0xd0 [ 34.212304] do_exit+0x1ae4/0x26e0 [ 34.212308] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.212312] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.212317] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.212320] ? kfree+0x1d7/0x210 [ 34.212324] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.212328] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.212332] ? is_bpf_text_address+0xd7/0x170 [ 34.212336] ? kernel_text_address+0x79/0xf0 [ 34.212339] ? __kern [ 34.212347] Lost 53 message(s)! [ 35.298775] Shutting down cpus with NMI [ 36.357998] Dumping ftrace buffer: [ 36.361519] (ftrace buffer empty) [ 36.365223] Kernel Offset: disabled [ 36.368830] Rebooting in 86400 seconds..