[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.043245] random: sshd: uninitialized urandom read (32 bytes read) [ 29.331005] audit: type=1400 audit(1536299440.161:6): avc: denied { map } for pid=4773 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 29.381325] random: sshd: uninitialized urandom read (32 bytes read) [ 29.930144] random: sshd: uninitialized urandom read (32 bytes read) [ 36.498283] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts. [ 42.126842] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 42.235366] audit: type=1400 audit(1536299453.065:7): avc: denied { map } for pid=4789 comm="syz-executor338" path="/root/syz-executor338958651" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 42.238931] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 42.288139] ================================================================== [ 42.297992] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 42.304221] Read of size 8 at addr ffff8801b5ba8058 by task syz-executor338/4789 [ 42.311747] [ 42.313374] CPU: 1 PID: 4789 Comm: syz-executor338 Not tainted 4.19.0-rc2+ #4 [ 42.320636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.329981] Call Trace: [ 42.332575] dump_stack+0x1c9/0x2b4 [ 42.336202] ? dump_stack_print_info.cold.2+0x52/0x52 [ 42.341392] ? printk+0xa7/0xcf [ 42.344667] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 42.349424] ? __schedule+0xf54/0x1df0 [ 42.353310] print_address_description+0x6c/0x20b [ 42.358149] ? __schedule+0xf54/0x1df0 [ 42.362034] kasan_report.cold.7+0x242/0x30d [ 42.366441] __asan_report_load8_noabort+0x14/0x20 [ 42.371372] __schedule+0xf54/0x1df0 [ 42.375081] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 42.380182] ? __sched_text_start+0x8/0x8 [ 42.384329] ? __call_srcu+0x7e7/0x1040 [ 42.388308] ? check_same_owner+0x340/0x340 [ 42.392635] ? mark_held_locks+0x160/0x160 [ 42.396867] ? find_held_lock+0x36/0x1c0 [ 42.400926] preempt_schedule_common+0x22/0x60 [ 42.405505] _cond_resched+0x1d/0x30 [ 42.409215] wait_for_completion+0xa5/0x8d0 [ 42.413909] ? wait_for_completion_interruptible+0x950/0x950 [ 42.419704] ? __lockdep_init_map+0x105/0x590 [ 42.424202] ? __init_waitqueue_head+0x9e/0x150 [ 42.428867] ? init_wait_entry+0x1c0/0x1c0 [ 42.433103] __synchronize_srcu+0x189/0x240 [ 42.437420] ? call_srcu+0x10/0x10 [ 42.440963] ? rcu_unexpedite_gp+0x20/0x20 [ 42.445205] synchronize_srcu+0x335/0x56f [ 42.449523] ? lock_downgrade+0x8f0/0x8f0 [ 42.453669] ? synchronize_srcu_expedited+0x20/0x20 [ 42.458684] ? kasan_check_read+0x11/0x20 [ 42.462827] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 42.467405] ? kasan_check_write+0x14/0x20 [ 42.471635] ? do_raw_spin_lock+0xc1/0x200 [ 42.475873] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.481587] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 42.487036] ? kvfree+0x61/0x70 [ 42.490312] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.495323] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.499380] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.503790] ? kvm_arch_sync_events+0x30/0x30 [ 42.508284] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.513818] ? mmu_notifier_unregister+0x474/0x600 [ 42.518743] ? trace_hardirqs_on+0x2c0/0x2c0 [ 42.523147] ? kfree+0x111/0x210 [ 42.526528] ? __mmu_notifier_register+0x30/0x30 [ 42.531302] ? __free_pages+0x10a/0x190 [ 42.535276] ? free_unref_page+0x930/0x930 [ 42.539523] kvm_put_kvm+0x73f/0x1060 [ 42.543323] ? kvm_write_guest_cached+0x40/0x40 [ 42.547990] ? _raw_spin_unlock_irq+0x27/0x70 [ 42.552493] ? _raw_spin_unlock_irq+0x27/0x70 [ 42.556985] ? lockdep_hardirqs_on+0x421/0x5c0 [ 42.561579] ? kasan_check_write+0x14/0x20 [ 42.565812] ? do_raw_spin_lock+0xc1/0x200 [ 42.570042] ? kvm_irqfd_release+0xdd/0x120 [ 42.574361] ? kvm_irqfd_release+0xdd/0x120 [ 42.578682] ? kvm_put_kvm+0x1060/0x1060 [ 42.582739] kvm_vm_release+0x42/0x50 [ 42.586536] __fput+0x38a/0xa40 [ 42.589818] ? __alloc_file+0x400/0x400 [ 42.593792] ? check_same_owner+0x340/0x340 [ 42.598109] ? kasan_check_write+0x14/0x20 [ 42.602338] ? do_raw_spin_lock+0xc1/0x200 [ 42.606577] ____fput+0x15/0x20 [ 42.609852] task_work_run+0x1e8/0x2a0 [ 42.613738] ? task_work_cancel+0x240/0x240 [ 42.618060] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.623599] ? switch_task_namespaces+0xa2/0xd0 [ 42.628266] do_exit+0x1ae4/0x26e0 [ 42.631807] ? mm_update_next_owner+0x9a0/0x9a0 [ 42.636485] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 42.640719] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.645729] ? kfree+0x1d7/0x210 [ 42.649091] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 42.653323] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 42.659034] ? avc_has_extended_perms+0xa97/0x15c0 [ 42.663956] ? kernel_text_address+0x9e/0xf0 [ 42.668368] ? ptrace_set_breakpoint_addr+0xbb/0x380 [ 42.673472] ? avc_ss_reset+0x190/0x190 [ 42.677451] ? save_stack+0xa9/0xd0 [ 42.681080] ? save_stack+0x43/0xd0 [ 42.684699] ? __kasan_slab_free+0x11a/0x170 [ 42.689101] ? kasan_slab_free+0xe/0x10 [ 42.693103] ? putname+0xf2/0x130 [ 42.696554] ? __x64_sys_openat+0x9d/0x100 [ 42.700791] ? do_syscall_64+0x1b9/0x820 [ 42.704849] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.710219] ? initcall_blacklisted+0x9a/0x1e0 [ 42.714799] ? rcu_note_context_switch+0x680/0x680 [ 42.719731] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 42.725445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.730988] ? do_vfs_ioctl+0x201/0x1720 [ 42.735049] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 42.740243] ? ioctl_preallocate+0x300/0x300 [ 42.744651] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.750185] ? selinux_capable+0x40/0x40 [ 42.754241] ? path_pts+0x9e/0x1f0 [ 42.757783] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.762793] ? kmem_cache_free+0x246/0x280 [ 42.767026] ? putname+0xf7/0x130 [ 42.770572] do_group_exit+0x177/0x440 [ 42.774455] ? trace_hardirqs_on+0xbd/0x2c0 [ 42.778786] ? __ia32_sys_exit+0x50/0x50 [ 42.782847] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 42.787949] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.793490] ? ksys_ioctl+0x81/0xd0 [ 42.797117] __x64_sys_exit_group+0x3e/0x50 [ 42.801437] do_syscall_64+0x1b9/0x820 [ 42.805327] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 42.810688] ? syscall_return_slowpath+0x5e0/0x5e0 [ 42.815613] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.820450] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 42.825478] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 42.830496] ? prepare_exit_to_usermode+0x291/0x3b0 [ 42.835510] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.840352] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.845535] RIP: 0033:0x43ef08 [ 42.848730] Code: Bad RIP value. [ 42.852087] RSP: 002b:00007ffd251da158 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 42.859795] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 42.867057] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 42.874320] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 42.881587] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 42.888850] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 42.896120] [ 42.897750] Allocated by task 4789: [ 42.901375] save_stack+0x43/0xd0 [ 42.904822] kasan_kmalloc+0xc4/0xe0 [ 42.908527] kasan_slab_alloc+0x12/0x20 [ 42.912494] kmem_cache_alloc+0x12e/0x710 [ 42.916636] vmx_create_vcpu+0xcf/0x2830 [ 42.920692] kvm_arch_vcpu_create+0xe5/0x220 [ 42.925100] kvm_vm_ioctl+0x488/0x1d80 [ 42.928981] do_vfs_ioctl+0x1de/0x1720 [ 42.932864] ksys_ioctl+0xa9/0xd0 [ 42.936316] __x64_sys_ioctl+0x73/0xb0 [ 42.940198] do_syscall_64+0x1b9/0x820 [ 42.944082] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.949255] [ 42.950871] Freed by task 4789: [ 42.954144] save_stack+0x43/0xd0 [ 42.957596] __kasan_slab_free+0x11a/0x170 [ 42.961823] kasan_slab_free+0xe/0x10 [ 42.965618] kmem_cache_free+0x86/0x280 [ 42.969593] vmx_free_vcpu+0x26b/0x300 [ 42.973483] kvm_arch_destroy_vm+0x365/0x7c0 [ 42.977889] kvm_put_kvm+0x73f/0x1060 [ 42.981683] kvm_vm_release+0x42/0x50 [ 42.985483] __fput+0x38a/0xa40 [ 42.988756] ____fput+0x15/0x20 [ 42.992032] task_work_run+0x1e8/0x2a0 [ 42.995915] do_exit+0x1ae4/0x26e0 [ 42.999446] do_group_exit+0x177/0x440 [ 43.003332] __x64_sys_exit_group+0x3e/0x50 [ 43.007668] do_syscall_64+0x1b9/0x820 [ 43.011554] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.016735] [ 43.018355] The buggy address belongs to the object at ffff8801b5ba8040 [ 43.018355] which belongs to the cache kvm_vcpu of size 23872 [ 43.030946] The buggy address is located 24 bytes inside of [ 43.030946] 23872-byte region [ffff8801b5ba8040, ffff8801b5badd80) [ 43.042900] The buggy address belongs to the page: [ 43.047825] page:ffffea0006d6ea00 count:1 mapcount:0 mapping:ffff8801d4d25900 index:0x0 compound_mapcount: 0 [ 43.057824] flags: 0x2fffc0000008100(slab|head) [ 43.062497] raw: 02fffc0000008100 ffff8801d4d2bd48 ffff8801d4d2bd48 ffff8801d4d25900 [ 43.070374] raw: 0000000000000000 ffff8801b5ba8040 0000000100000001 0000000000000000 [ 43.078239] page dumped because: kasan: bad access detected [ 43.083937] [ 43.085559] Memory state around the buggy address: [ 43.090494] ffff8801b5ba7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.097844] ffff8801b5ba7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.105199] >ffff8801b5ba8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 43.112547] ^ [ 43.118789] ffff8801b5ba8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.126158] ffff8801b5ba8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.133509] ================================================================== [ 43.140857] Kernel panic - not syncing: panic_on_warn set ... [ 43.140857] [ 43.148220] CPU: 1 PID: 4789 Comm: syz-executor338 Tainted: G B 4.19.0-rc2+ #4 [ 43.156872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.166216] Call Trace: [ 43.168807] dump_stack+0x1c9/0x2b4 [ 43.172437] ? dump_stack_print_info.cold.2+0x52/0x52 [ 43.177629] ? lock_downgrade+0x8f0/0x8f0 [ 43.181772] ? __schedule+0xf54/0x1df0 [ 43.185655] panic+0x238/0x4e7 [ 43.188842] ? add_taint.cold.5+0x16/0x16 [ 43.192993] ? print_shadow_for_address+0xba/0x116 [ 43.197917] ? trace_hardirqs_off+0xaf/0x2c0 [ 43.202322] ? trace_hardirqs_off+0x77/0x2c0 [ 43.206734] ? __schedule+0xf54/0x1df0 [ 43.210621] kasan_end_report+0x47/0x4f [ 43.214594] kasan_report.cold.7+0x76/0x30d [ 43.218912] __asan_report_load8_noabort+0x14/0x20 [ 43.223841] __schedule+0xf54/0x1df0 [ 43.227555] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 43.232661] ? __sched_text_start+0x8/0x8 [ 43.236809] ? __call_srcu+0x7e7/0x1040 [ 43.240788] ? check_same_owner+0x340/0x340 [ 43.245105] ? mark_held_locks+0x160/0x160 [ 43.249337] ? find_held_lock+0x36/0x1c0 [ 43.253398] preempt_schedule_common+0x22/0x60 [ 43.258387] _cond_resched+0x1d/0x30 [ 43.262101] wait_for_completion+0xa5/0x8d0 [ 43.266423] ? wait_for_completion_interruptible+0x950/0x950 [ 43.272220] ? __lockdep_init_map+0x105/0x590 [ 43.276712] ? __init_waitqueue_head+0x9e/0x150 [ 43.281380] ? init_wait_entry+0x1c0/0x1c0 [ 43.285618] __synchronize_srcu+0x189/0x240 [ 43.289937] ? call_srcu+0x10/0x10 [ 43.293485] ? rcu_unexpedite_gp+0x20/0x20 [ 43.297724] synchronize_srcu+0x335/0x56f [ 43.301869] ? lock_downgrade+0x8f0/0x8f0 [ 43.306043] ? synchronize_srcu_expedited+0x20/0x20 [ 43.311061] ? kasan_check_read+0x11/0x20 [ 43.315212] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 43.319797] ? kasan_check_write+0x14/0x20 [ 43.324029] ? do_raw_spin_lock+0xc1/0x200 [ 43.328275] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.333997] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 43.339486] ? kvfree+0x61/0x70 [ 43.342787] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.347819] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.351891] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.356410] ? kvm_arch_sync_events+0x30/0x30 [ 43.360892] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.366412] ? mmu_notifier_unregister+0x474/0x600 [ 43.371340] ? trace_hardirqs_on+0x2c0/0x2c0 [ 43.375749] ? kfree+0x111/0x210 [ 43.379117] ? __mmu_notifier_register+0x30/0x30 [ 43.383871] ? __free_pages+0x10a/0x190 [ 43.387845] ? free_unref_page+0x930/0x930 [ 43.392085] kvm_put_kvm+0x73f/0x1060 [ 43.396419] ? kvm_write_guest_cached+0x40/0x40 [ 43.401092] ? _raw_spin_unlock_irq+0x27/0x70 [ 43.405580] ? _raw_spin_unlock_irq+0x27/0x70 [ 43.410078] ? lockdep_hardirqs_on+0x421/0x5c0 [ 43.414662] ? kasan_check_write+0x14/0x20 [ 43.418896] ? do_raw_spin_lock+0xc1/0x200 [ 43.423128] ? kvm_irqfd_release+0xdd/0x120 [ 43.427442] ? kvm_irqfd_release+0xdd/0x120 [ 43.431769] ? kvm_put_kvm+0x1060/0x1060 [ 43.435828] kvm_vm_release+0x42/0x50 [ 43.439629] __fput+0x38a/0xa40 [ 43.442906] ? __alloc_file+0x400/0x400 [ 43.446886] ? check_same_owner+0x340/0x340 [ 43.451216] ? kasan_check_write+0x14/0x20 [ 43.455448] ? do_raw_spin_lock+0xc1/0x200 [ 43.459699] ____fput+0x15/0x20 [ 43.462976] task_work_run+0x1e8/0x2a0 [ 43.466859] ? task_work_cancel+0x240/0x240 [ 43.471194] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.476733] ? switch_task_namespaces+0xa2/0xd0 [ 43.481405] do_exit+0x1ae4/0x26e0 [ 43.484946] ? mm_update_next_owner+0x9a0/0x9a0 [ 43.489616] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 43.493850] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.498865] ? kfree+0x1d7/0x210 [ 43.502261] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 43.506506] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 43.512218] ? avc_has_extended_perms+0xa97/0x15c0 [ 43.517169] ? kernel_text_address+0x9e/0xf0 [ 43.521580] ? ptrace_set_breakpoint_addr+0xbb/0x380 [ 43.526700] ? avc_ss_reset+0x190/0x190 [ 43.530696] ? save_stack+0xa9/0xd0 [ 43.534320] ? save_stack+0x43/0xd0 [ 43.537942] ? __kasan_slab_free+0x11a/0x170 [ 43.542348] ? kasan_slab_free+0xe/0x10 [ 43.546319] ? putname+0xf2/0x130 [ 43.549772] ? __x64_sys_openat+0x9d/0x100 [ 43.554007] ? do_syscall_64+0x1b9/0x820 [ 43.558071] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.563439] ? initcall_blacklisted+0x9a/0x1e0 [ 43.568030] ? rcu_note_context_switch+0x680/0x680 [ 43.572970] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 43.578679] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.584216] ? do_vfs_ioctl+0x201/0x1720 [ 43.588274] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 43.593473] ? ioctl_preallocate+0x300/0x300 [ 43.597881] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.603417] ? selinux_capable+0x40/0x40 [ 43.607493] ? path_pts+0x9e/0x1f0 [ 43.611033] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.616057] ? kmem_cache_free+0x246/0x280 [ 43.620289] ? putname+0xf7/0x130 [ 43.623741] do_group_exit+0x177/0x440 [ 43.627628] ? trace_hardirqs_on+0xbd/0x2c0 [ 43.631944] ? __ia32_sys_exit+0x50/0x50 [ 43.636002] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 43.641102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.646634] ? ksys_ioctl+0x81/0xd0 [ 43.650258] __x64_sys_exit_group+0x3e/0x50 [ 43.654581] do_syscall_64+0x1b9/0x820 [ 43.658472] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 43.663834] ? syscall_return_slowpath+0x5e0/0x5e0 [ 43.668759] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.673619] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 43.678636] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 43.683650] ? prepare_exit_to_usermode+0x291/0x3b0 [ 43.688665] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.693509] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.698693] RIP: 0033:0x43ef08 [ 43.701882] Code: Bad RIP value. [ 43.705237] RSP: 002b:00007ffd251da158 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 43.712943] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 43.720207] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 43.727477] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 43.734742] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 43.742005] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 43.749281] [ 43.749286] ====================================================== [ 43.749292] WARNING: possible circular locking dependency detected [ 43.749296] 4.19.0-rc2+ #4 Not tainted [ 43.749301] ------------------------------------------------------ [ 43.749306] syz-executor338/4789 is trying to acquire lock: [ 43.749310] 0000000063e7c03f ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 43.749325] [ 43.749329] but task is already holding lock: [ 43.749332] 000000008d194a55 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 43.749346] [ 43.749351] which lock already depends on the new lock. [ 43.749353] [ 43.749355] [ 43.749361] the existing dependency chain (in reverse order) is: [ 43.749363] [ 43.749365] -> #3 (report_lock){....}: [ 43.749380] _raw_spin_lock_irqsave+0x96/0xc0 [ 43.749384] kasan_report+0x8e/0x110 [ 43.749388] __asan_report_load8_noabort+0x14/0x20 [ 43.749392] __schedule+0xf54/0x1df0 [ 43.749397] preempt_schedule_common+0x22/0x60 [ 43.749400] _cond_resched+0x1d/0x30 [ 43.749405] wait_for_completion+0xa5/0x8d0 [ 43.749409] __synchronize_srcu+0x189/0x240 [ 43.749413] synchronize_srcu+0x335/0x56f [ 43.749418] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.749422] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.749426] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.749430] kvm_put_kvm+0x73f/0x1060 [ 43.749434] kvm_vm_release+0x42/0x50 [ 43.749437] __fput+0x38a/0xa40 [ 43.749441] ____fput+0x15/0x20 [ 43.749445] task_work_run+0x1e8/0x2a0 [ 43.749449] do_exit+0x1ae4/0x26e0 [ 43.749453] do_group_exit+0x177/0x440 [ 43.749457] __x64_sys_exit_group+0x3e/0x50 [ 43.749461] do_syscall_64+0x1b9/0x820 [ 43.749473] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.749475] [ 43.749477] -> #2 (&rq->lock){-.-.}: [ 43.749491] _raw_spin_lock+0x2a/0x40 [ 43.749495] task_fork_fair+0x93/0x680 [ 43.749499] sched_fork+0x44b/0xbd0 [ 43.749503] copy_process+0x235e/0x7af0 [ 43.749507] _do_fork+0x1ca/0x1170 [ 43.749511] kernel_thread+0x34/0x40 [ 43.749514] rest_init+0x22/0xe4 [ 43.749518] start_kernel+0x913/0x94e [ 43.749522] x86_64_start_reservations+0x29/0x2b [ 43.749527] x86_64_start_kernel+0x76/0x79 [ 43.749531] secondary_startup_64+0xa4/0xb0 [ 43.749533] [ 43.749535] -> #1 (&p->pi_lock){-.-.}: [ 43.749550] _raw_spin_lock_irqsave+0x96/0xc0 [ 43.749554] try_to_wake_up+0xd2/0x1250 [ 43.749558] wake_up_process+0x10/0x20 [ 43.749562] __up.isra.1+0x1c0/0x2a0 [ 43.749566] up+0x13c/0x1c0 [ 43.749570] __up_console_sem+0xbe/0x1b0 [ 43.749574] console_unlock+0x506/0x10e0 [ 43.749578] vprintk_emit+0x33a/0x910 [ 43.749581] vprintk_default+0x28/0x30 [ 43.749585] vprintk_func+0x7a/0x117 [ 43.749589] printk+0xa7/0xcf [ 43.749592] load_umh+0x51/0xbd [ 43.749597] do_one_initcall+0x127/0x838 [ 43.749601] kernel_init_freeable+0x4bb/0x5ae [ 43.749605] kernel_init+0x11/0x1b3 [ 43.749609] ret_from_fork+0x3a/0x50 [ 43.749611] [ 43.749613] -> #0 ((console_sem).lock){-...}: [ 43.749628] lock_acquire+0x1e4/0x4f0 [ 43.749632] _raw_spin_lock_irqsave+0x96/0xc0 [ 43.749636] down_trylock+0x13/0x70 [ 43.749640] __down_trylock_console_sem+0xae/0x200 [ 43.749644] console_trylock+0x15/0xa0 [ 43.749648] vprintk_emit+0x31f/0x910 [ 43.749652] vprintk_default+0x28/0x30 [ 43.749656] vprintk_func+0x7a/0x117 [ 43.749659] printk+0xa7/0xcf [ 43.749663] kasan_report+0x9e/0x110 [ 43.749668] __asan_report_load8_noabort+0x14/0x20 [ 43.749672] __schedule+0xf54/0x1df0 [ 43.749676] preempt_schedule_common+0x22/0x60 [ 43.749680] _cond_resched+0x1d/0x30 [ 43.749684] wait_for_completion+0xa5/0x8d0 [ 43.749688] __synchronize_srcu+0x189/0x240 [ 43.749692] synchronize_srcu+0x335/0x56f [ 43.749697] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.749701] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.749706] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.749710] kvm_put_kvm+0x73f/0x1060 [ 43.749713] kvm_vm_release+0x42/0x50 [ 43.749717] __fput+0x38a/0xa40 [ 43.749721] ____fput+0x15/0x20 [ 43.749724] task_work_run+0x1e8/0x2a0 [ 43.749728] do_exit+0x1ae4/0x26e0 [ 43.749732] do_group_exit+0x177/0x440 [ 43.749736] __x64_sys_exit_group+0x3e/0x50 [ 43.749740] do_syscall_64+0x1b9/0x820 [ 43.749745] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.749747] [ 43.749751] other info that might help us debug this: [ 43.749754] [ 43.749757] Chain exists of: [ 43.749759] (console_sem).lock --> &rq->lock --> report_lock [ 43.749777] [ 43.749781] Possible unsafe locking scenario: [ 43.749783] [ 43.749787] CPU0 CPU1 [ 43.749791] ---- ---- [ 43.749794] lock(report_lock); [ 43.749803] lock(&rq->lock); [ 43.749812] lock(report_lock); [ 43.749820] lock((console_sem).lock); [ 43.749828] [ 43.749831] *** DEADLOCK *** [ 43.749834] [ 43.749838] 2 locks held by syz-executor338/4789: [ 43.749840] #0: 00000000c73f3ac6 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 43.749857] #1: 000000008d194a55 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 43.749874] [ 43.749877] stack backtrace: [ 43.749883] CPU: 1 PID: 4789 Comm: syz-executor338 Not tainted 4.19.0-rc2+ #4 [ 43.749890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.749893] Call Trace: [ 43.749897] dump_stack+0x1c9/0x2b4 [ 43.749902] ? dump_stack_print_info.cold.2+0x52/0x52 [ 43.749906] ? vprintk_func+0x100/0x117 [ 43.749911] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 43.749915] ? save_trace+0xe0/0x290 [ 43.749919] __lock_acquire+0x3449/0x5020 [ 43.749923] ? mark_held_locks+0x160/0x160 [ 43.749927] ? mark_held_locks+0x160/0x160 [ 43.749931] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 43.749935] ? is_bpf_text_address+0xd7/0x170 [ 43.749940] ? kernel_text_address+0x79/0xf0 [ 43.749944] ? __kernel_text_address+0xd/0x40 [ 43.749948] ? __save_stack_trace+0x8d/0xf0 [ 43.749952] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 43.749956] ? save_trace+0x290/0x290 [ 43.749960] ? save_stack_trace+0x1a/0x20 [ 43.749964] ? save_trace+0xe0/0x290 [ 43.749968] ? graph_lock+0x170/0x170 [ 43.749973] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.749976] lock_acquire+0x1e4/0x4f0 [ 43.749980] ? down_trylock+0x13/0x70 [ 43.749984] ? lock_release+0x9f0/0x9f0 [ 43.749988] ? trace_hardirqs_off+0xb8/0x2c0 [ 43.749993] ? trace_hardirqs_on+0x2c0/0x2c0 [ 43.749997] ? trace_hardirqs_off+0xb8/0x2c0 [ 43.750000] ? log_store+0x34f/0x4c0 [ 43.750004] ? vprintk_emit+0x31f/0x910 [ 43.750009] _raw_spin_lock_irqsave+0x96/0xc0 [ 43.750012] ? down_trylock+0x13/0x70 [ 43.750016] down_trylock+0x13/0x70 [ 43.750021] __down_trylock_console_sem+0xae/0x200 [ 43.750024] console_trylock+0x15/0xa0 [ 43.750028] vprintk_emit+0x31f/0x910 [ 43.750032] ? wake_up_klogd+0x110/0x110 [ 43.750037] ? run_rebalance_domains+0x4c0/0x4c0 [ 43.750041] ? kasan_check_read+0x11/0x20 [ 43.750050] ? rcu_is_watching+0x8c/0x150 [ 43.750054] ? rcu_pm_notify+0xc0/0xc0 [ 43.750058] ? lock_acquire+0x1e4/0x4f0 [ 43.750062] ? kasan_report+0x8e/0x110 [ 43.750065] ? __schedule+0xf54/0x1df0 [ 43.750069] vprintk_default+0x28/0x30 [ 43.750073] vprintk_func+0x7a/0x117 [ 43.750076] printk+0xa7/0xcf [ 43.750081] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 43.750085] ? kasan_check_write+0x14/0x20 [ 43.750089] ? do_raw_spin_lock+0xc1/0x200 [ 43.750093] ? do_raw_spin_lock+0xc1/0x200 [ 43.750097] kasan_report+0x9e/0x110 [ 43.750101] __asan_report_load8_noabort+0x14/0x20 [ 43.750105] __schedule+0xf54/0x1df0 [ 43.750110] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 43.750114] ? __sched_text_start+0x8/0x8 [ 43.750118] ? __call_srcu+0x7e7/0x1040 [ 43.750122] ? check_same_owner+0x340/0x340 [ 43.750126] ? mark_held_locks+0x160/0x160 [ 43.750130] ? find_held_lock+0x36/0x1c0 [ 43.750134] preempt_schedule_common+0x22/0x60 [ 43.750138] _cond_resched+0x1d/0x30 [ 43.750142] wait_for_completion+0xa5/0x8d0 [ 43.750147] ? wait_for_completion_interruptible+0x950/0x950 [ 43.750151] ? __lockdep_init_map+0x105/0x590 [ 43.750155] ? __init_waitqueue_head+0x9e/0x150 [ 43.750160] ? init_wait_entry+0x1c0/0x1c0 [ 43.750164] __synchronize_srcu+0x189/0x240 [ 43.750167] ? call_srcu+0x10/0x10 [ 43.750172] ? rcu_unexpedite_gp+0x20/0x20 [ 43.750176] synchronize_srcu+0x335/0x56f [ 43.750180] ? lock_downgrade+0x8f0/0x8f0 [ 43.750184] ? synchronize_srcu_expedited+0x20/0x20 [ 43.750188] ? kasan_check_read+0x11/0x20 [ 43.750193] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 43.750197] ? kasan_check_write+0x14/0x20 [ 43.750201] ? do_raw_spin_lock+0xc1/0x200 [ 43.750206] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.750211] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 43.750214] ? kvfree+0x61/0x70 [ 43.750219] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.750223] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.750227] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.750232] ? kvm_arch_sync_events+0x30/0x30 [ 43.750237] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.750241] ? mmu_notifier_unregister+0x474/0x600 [ 43.750245] ? trace_hardirqs_on+0x2c0/0x2c0 [ 43.750249] ? kfree+0x111/0x210 [ 43.750253] ? __mmu_notifier_register+0x30/0x30 [ 43.750257] ? __free_pages+0x10a/0x190 [ 43.750261] ? free_unref_page+0x930/0x930 [ 43.750265] kvm_put_kvm+0x73f/0x1060 [ 43.750270] ? kvm_write_guest_cached+0x40/0x40 [ 43.750274] ? _raw_spin_unlock_irq+0x27/0x70 [ 43.750278] ? _raw_spin_unlock_irq+0x27/0x70 [ 43.750282] ? lockdep_hardirqs_on+0x421/0x5c0 [ 43.750286] ? kasan_check_write+0x14/0x20 [ 43.750290] ? do_raw_spin_lock+0xc1/0x200 [ 43.750295] ? kvm_irqfd_release+0xdd/0x120 [ 43.750299] ? kvm_irqfd_release+0xdd/0x120 [ 43.750303] ? kvm_put_kvm+0x1060/0x1060 [ 43.750307] kvm_vm_release+0x42/0x50 [ 43.750310] __fput+0x38a/0xa40 [ 43.750314] ? __alloc_file+0x400/0x400 [ 43.750318] ? check_same_owner+0x340/0x340 [ 43.750322] ? kasan_check_write+0x14/0x20 [ 43.750326] ? do_raw_spin_lock+0xc1/0x200 [ 43.750330] ____fput+0x15/0x20 [ 43.750334] task_work_run+0x1e8/0x2a0 [ 43.750338] ? task_work_cancel+0x240/0x240 [ 43.750343] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.750347] ? switch_task_namespaces+0xa2/0xd0 [ 43.750351] do_exit+0x1ae4/0x26e0 [ 43.750355] ? mm_update_next_owner+0x9a0/0x9a0 [ 43.750359] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 43.750364] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.750367] ? kfree+0x1d7/0x210 [ 43.750371] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 43.750376] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 43.750381] ? avc_has_extended_perms+0xa97/0x15c0 [ 43.750383] [ 43.750391] Lost 48 message(s)! [ 44.813133] Shutting down cpus with NMI [ 45.872343] Dumping ftrace buffer: [ 45.875864] (ftrace buffer empty) [ 45.879555] Kernel Offset: disabled [ 45.883161] Rebooting in 86400 seconds..