[....] Starting OpenBSD Secure Shell server: sshd[ 26.826003] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.878255] random: sshd: uninitialized urandom read (32 bytes read) [ 31.104503] audit: type=1400 audit(1536311800.100:6): avc: denied { map } for pid=4831 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 31.151152] random: sshd: uninitialized urandom read (32 bytes read) [ 31.701333] random: sshd: uninitialized urandom read (32 bytes read) [ 33.493959] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. [ 39.038931] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 39.146860] audit: type=1400 audit(1536311808.142:7): avc: denied { map } for pid=4845 comm="syz-executor114" path="/root/syz-executor114484981" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 39.150420] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 39.199345] ================================================================== [ 39.209164] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 39.215393] Read of size 8 at addr ffff8801c73a0058 by task syz-executor114/4845 [ 39.222910] [ 39.224537] CPU: 0 PID: 4845 Comm: syz-executor114 Not tainted 4.19.0-rc2+ #4 [ 39.231800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.241142] Call Trace: [ 39.243732] dump_stack+0x1c9/0x2b4 [ 39.247359] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.252549] ? printk+0xa7/0xcf [ 39.255830] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 39.260594] ? __schedule+0xf54/0x1df0 [ 39.264491] print_address_description+0x6c/0x20b [ 39.269345] ? __schedule+0xf54/0x1df0 [ 39.273233] kasan_report.cold.7+0x242/0x30d [ 39.277640] __asan_report_load8_noabort+0x14/0x20 [ 39.282587] __schedule+0xf54/0x1df0 [ 39.286310] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 39.291434] ? __sched_text_start+0x8/0x8 [ 39.295585] ? __call_srcu+0x7e7/0x1040 [ 39.299563] ? check_same_owner+0x340/0x340 [ 39.303879] ? mark_held_locks+0x160/0x160 [ 39.308534] ? find_held_lock+0x36/0x1c0 [ 39.312596] preempt_schedule_common+0x22/0x60 [ 39.317180] _cond_resched+0x1d/0x30 [ 39.320892] wait_for_completion+0xa5/0x8d0 [ 39.325215] ? wait_for_completion_interruptible+0x950/0x950 [ 39.331015] ? __lockdep_init_map+0x105/0x590 [ 39.335526] ? __init_waitqueue_head+0x9e/0x150 [ 39.340195] ? init_wait_entry+0x1c0/0x1c0 [ 39.344431] __synchronize_srcu+0x189/0x240 [ 39.348751] ? call_srcu+0x10/0x10 [ 39.352291] ? rcu_unexpedite_gp+0x20/0x20 [ 39.356543] synchronize_srcu+0x335/0x56f [ 39.360690] ? lock_downgrade+0x8f0/0x8f0 [ 39.364838] ? synchronize_srcu_expedited+0x20/0x20 [ 39.369853] ? kasan_check_read+0x11/0x20 [ 39.374002] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.378586] ? kasan_check_write+0x14/0x20 [ 39.382815] ? do_raw_spin_lock+0xc1/0x200 [ 39.387050] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.392756] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.398203] ? kvfree+0x61/0x70 [ 39.401480] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.406515] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.410578] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.414983] ? kvm_arch_sync_events+0x30/0x30 [ 39.419491] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.425033] ? mmu_notifier_unregister+0x474/0x600 [ 39.429958] ? trace_hardirqs_on+0x2c0/0x2c0 [ 39.434360] ? kfree+0x111/0x210 [ 39.437724] ? __mmu_notifier_register+0x30/0x30 [ 39.442793] ? __free_pages+0x10a/0x190 [ 39.446766] ? free_unref_page+0x930/0x930 [ 39.451015] kvm_put_kvm+0x73f/0x1060 [ 39.454823] ? kvm_write_guest_cached+0x40/0x40 [ 39.459500] ? _raw_spin_unlock_irq+0x27/0x70 [ 39.464000] ? _raw_spin_unlock_irq+0x27/0x70 [ 39.468503] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.473091] ? kasan_check_write+0x14/0x20 [ 39.477324] ? do_raw_spin_lock+0xc1/0x200 [ 39.481569] ? kvm_irqfd_release+0xdd/0x120 [ 39.485884] ? kvm_irqfd_release+0xdd/0x120 [ 39.490210] ? kvm_put_kvm+0x1060/0x1060 [ 39.494269] kvm_vm_release+0x42/0x50 [ 39.498078] __fput+0x38a/0xa40 [ 39.501355] ? __alloc_file+0x400/0x400 [ 39.505329] ? check_same_owner+0x340/0x340 [ 39.509650] ? kasan_check_write+0x14/0x20 [ 39.513881] ? do_raw_spin_lock+0xc1/0x200 [ 39.518116] ____fput+0x15/0x20 [ 39.521392] task_work_run+0x1e8/0x2a0 [ 39.525276] ? task_work_cancel+0x240/0x240 [ 39.529603] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.535140] ? switch_task_namespaces+0xa2/0xd0 [ 39.539811] do_exit+0x1ae4/0x26e0 [ 39.543356] ? mm_update_next_owner+0x9a0/0x9a0 [ 39.548035] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 39.552269] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.557282] ? kfree+0x1d7/0x210 [ 39.560647] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 39.564882] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 39.570605] ? avc_has_extended_perms+0xa97/0x15c0 [ 39.575535] ? kernel_text_address+0x9e/0xf0 [ 39.579943] ? ptrace_set_breakpoint_addr+0xbb/0x380 [ 39.585045] ? avc_ss_reset+0x190/0x190 [ 39.589018] ? save_stack+0xa9/0xd0 [ 39.592645] ? save_stack+0x43/0xd0 [ 39.596267] ? __kasan_slab_free+0x11a/0x170 [ 39.600670] ? kasan_slab_free+0xe/0x10 [ 39.604642] ? putname+0xf2/0x130 [ 39.608092] ? __x64_sys_openat+0x9d/0x100 [ 39.612321] ? do_syscall_64+0x1b9/0x820 [ 39.616378] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.621749] ? initcall_blacklisted+0x9a/0x1e0 [ 39.626332] ? rcu_note_context_switch+0x680/0x680 [ 39.631262] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 39.636976] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.642523] ? do_vfs_ioctl+0x201/0x1720 [ 39.646591] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 39.651783] ? ioctl_preallocate+0x300/0x300 [ 39.656189] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.661722] ? selinux_capable+0x40/0x40 [ 39.665778] ? path_pts+0x9f/0x1f0 [ 39.669317] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.674329] ? kmem_cache_free+0x246/0x280 [ 39.678562] ? putname+0xf7/0x130 [ 39.682015] do_group_exit+0x177/0x440 [ 39.685902] ? trace_hardirqs_on+0xbd/0x2c0 [ 39.690220] ? __ia32_sys_exit+0x50/0x50 [ 39.694279] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 39.699383] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.704916] ? ksys_ioctl+0x81/0xd0 [ 39.708546] __x64_sys_exit_group+0x3e/0x50 [ 39.712875] do_syscall_64+0x1b9/0x820 [ 39.716759] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.722125] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.727054] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.731895] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 39.736907] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.741920] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.746940] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.751785] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.756973] RIP: 0033:0x43f028 [ 39.760167] Code: Bad RIP value. [ 39.763531] RSP: 002b:00007ffd23b16698 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 39.771240] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 39.778510] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 39.785782] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 39.793050] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 39.800313] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 39.807584] [ 39.809203] Allocated by task 4845: [ 39.812829] save_stack+0x43/0xd0 [ 39.816279] kasan_kmalloc+0xc4/0xe0 [ 39.819996] kasan_slab_alloc+0x12/0x20 [ 39.823991] kmem_cache_alloc+0x12e/0x710 [ 39.828138] vmx_create_vcpu+0xcf/0x2830 [ 39.832194] kvm_arch_vcpu_create+0xe5/0x220 [ 39.836600] kvm_vm_ioctl+0x488/0x1d80 [ 39.840492] do_vfs_ioctl+0x1de/0x1720 [ 39.844378] ksys_ioctl+0xa9/0xd0 [ 39.847848] __x64_sys_ioctl+0x73/0xb0 [ 39.851731] do_syscall_64+0x1b9/0x820 [ 39.855618] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.860792] [ 39.862413] Freed by task 4845: [ 39.865688] save_stack+0x43/0xd0 [ 39.869132] __kasan_slab_free+0x11a/0x170 [ 39.873385] kasan_slab_free+0xe/0x10 [ 39.877180] kmem_cache_free+0x86/0x280 [ 39.881149] vmx_free_vcpu+0x26b/0x300 [ 39.885029] kvm_arch_destroy_vm+0x365/0x7c0 [ 39.889437] kvm_put_kvm+0x73f/0x1060 [ 39.893230] kvm_vm_release+0x42/0x50 [ 39.897040] __fput+0x38a/0xa40 [ 39.900328] ____fput+0x15/0x20 [ 39.903600] task_work_run+0x1e8/0x2a0 [ 39.907491] do_exit+0x1ae4/0x26e0 [ 39.911029] do_group_exit+0x177/0x440 [ 39.914909] __x64_sys_exit_group+0x3e/0x50 [ 39.919228] do_syscall_64+0x1b9/0x820 [ 39.923116] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.928287] [ 39.929907] The buggy address belongs to the object at ffff8801c73a0040 [ 39.929907] which belongs to the cache kvm_vcpu of size 23872 [ 39.942493] The buggy address is located 24 bytes inside of [ 39.942493] 23872-byte region [ffff8801c73a0040, ffff8801c73a5d80) [ 39.954460] The buggy address belongs to the page: [ 39.959402] page:ffffea00071ce800 count:1 mapcount:0 mapping:ffff8801d8799040 index:0x0 compound_mapcount: 0 [ 39.969375] flags: 0x2fffc0000008100(slab|head) [ 39.974051] raw: 02fffc0000008100 ffff8801d573a848 ffff8801d573a848 ffff8801d8799040 [ 39.981940] raw: 0000000000000000 ffff8801c73a0040 0000000100000001 0000000000000000 [ 39.989815] page dumped because: kasan: bad access detected [ 39.995515] [ 39.997138] Memory state around the buggy address: [ 40.002062] ffff8801c739ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 40.009422] ffff8801c739ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 40.016788] >ffff8801c73a0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 40.024140] ^ [ 40.030367] ffff8801c73a0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.037723] ffff8801c73a0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.045067] ================================================================== [ 40.052416] Kernel panic - not syncing: panic_on_warn set ... [ 40.052416] [ 40.059777] CPU: 0 PID: 4845 Comm: syz-executor114 Tainted: G B 4.19.0-rc2+ #4 [ 40.068427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.077775] Call Trace: [ 40.080367] dump_stack+0x1c9/0x2b4 [ 40.083994] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.089181] ? lock_downgrade+0x8f0/0x8f0 [ 40.093325] ? __schedule+0xf54/0x1df0 [ 40.097213] panic+0x238/0x4e7 [ 40.100401] ? add_taint.cold.5+0x16/0x16 [ 40.104570] ? print_shadow_for_address+0xba/0x116 [ 40.109503] ? trace_hardirqs_off+0xaf/0x2c0 [ 40.113912] ? trace_hardirqs_off+0x77/0x2c0 [ 40.118320] ? __schedule+0xf54/0x1df0 [ 40.122203] kasan_end_report+0x47/0x4f [ 40.126176] kasan_report.cold.7+0x76/0x30d [ 40.130505] __asan_report_load8_noabort+0x14/0x20 [ 40.135435] __schedule+0xf54/0x1df0 [ 40.139148] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 40.144250] ? __sched_text_start+0x8/0x8 [ 40.148397] ? __call_srcu+0x7e7/0x1040 [ 40.152375] ? check_same_owner+0x340/0x340 [ 40.156691] ? mark_held_locks+0x160/0x160 [ 40.160922] ? find_held_lock+0x36/0x1c0 [ 40.164982] preempt_schedule_common+0x22/0x60 [ 40.169564] _cond_resched+0x1d/0x30 [ 40.173283] wait_for_completion+0xa5/0x8d0 [ 40.177622] ? wait_for_completion_interruptible+0x950/0x950 [ 40.183430] ? __lockdep_init_map+0x105/0x590 [ 40.187925] ? __init_waitqueue_head+0x9e/0x150 [ 40.192604] ? init_wait_entry+0x1c0/0x1c0 [ 40.196846] __synchronize_srcu+0x189/0x240 [ 40.201165] ? call_srcu+0x10/0x10 [ 40.204715] ? rcu_unexpedite_gp+0x20/0x20 [ 40.208961] synchronize_srcu+0x335/0x56f [ 40.213108] ? lock_downgrade+0x8f0/0x8f0 [ 40.217253] ? synchronize_srcu_expedited+0x20/0x20 [ 40.222272] ? kasan_check_read+0x11/0x20 [ 40.226417] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.230998] ? kasan_check_write+0x14/0x20 [ 40.235233] ? do_raw_spin_lock+0xc1/0x200 [ 40.239470] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.245191] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 40.250641] ? kvfree+0x61/0x70 [ 40.253919] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.258936] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.262995] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.267406] ? kvm_arch_sync_events+0x30/0x30 [ 40.271903] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.277444] ? mmu_notifier_unregister+0x474/0x600 [ 40.282375] ? trace_hardirqs_on+0x2c0/0x2c0 [ 40.286784] ? kfree+0x111/0x210 [ 40.290151] ? __mmu_notifier_register+0x30/0x30 [ 40.294910] ? __free_pages+0x10a/0x190 [ 40.298884] ? free_unref_page+0x930/0x930 [ 40.303129] kvm_put_kvm+0x73f/0x1060 [ 40.306935] ? kvm_write_guest_cached+0x40/0x40 [ 40.312023] ? _raw_spin_unlock_irq+0x27/0x70 [ 40.316515] ? _raw_spin_unlock_irq+0x27/0x70 [ 40.321033] ? lockdep_hardirqs_on+0x421/0x5c0 [ 40.325618] ? kasan_check_write+0x14/0x20 [ 40.329847] ? do_raw_spin_lock+0xc1/0x200 [ 40.334106] ? kvm_irqfd_release+0xdd/0x120 [ 40.338458] ? kvm_irqfd_release+0xdd/0x120 [ 40.342806] ? kvm_put_kvm+0x1060/0x1060 [ 40.346864] kvm_vm_release+0x42/0x50 [ 40.350662] __fput+0x38a/0xa40 [ 40.353939] ? __alloc_file+0x400/0x400 [ 40.357913] ? check_same_owner+0x340/0x340 [ 40.362236] ? kasan_check_write+0x14/0x20 [ 40.366498] ? do_raw_spin_lock+0xc1/0x200 [ 40.370735] ____fput+0x15/0x20 [ 40.374011] task_work_run+0x1e8/0x2a0 [ 40.377897] ? task_work_cancel+0x240/0x240 [ 40.382224] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.387758] ? switch_task_namespaces+0xa2/0xd0 [ 40.392423] do_exit+0x1ae4/0x26e0 [ 40.395967] ? mm_update_next_owner+0x9a0/0x9a0 [ 40.400638] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 40.404884] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.409898] ? kfree+0x1d7/0x210 [ 40.413279] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 40.417525] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 40.423268] ? avc_has_extended_perms+0xa97/0x15c0 [ 40.428198] ? kernel_text_address+0x9e/0xf0 [ 40.432611] ? ptrace_set_breakpoint_addr+0xbb/0x380 [ 40.437714] ? avc_ss_reset+0x190/0x190 [ 40.441691] ? save_stack+0xa9/0xd0 [ 40.445315] ? save_stack+0x43/0xd0 [ 40.448940] ? __kasan_slab_free+0x11a/0x170 [ 40.453341] ? kasan_slab_free+0xe/0x10 [ 40.457311] ? putname+0xf2/0x130 [ 40.460761] ? __x64_sys_openat+0x9d/0x100 [ 40.464995] ? do_syscall_64+0x1b9/0x820 [ 40.469054] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.474421] ? initcall_blacklisted+0x9a/0x1e0 [ 40.479001] ? rcu_note_context_switch+0x680/0x680 [ 40.483935] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 40.489645] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.495180] ? do_vfs_ioctl+0x201/0x1720 [ 40.499244] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 40.504432] ? ioctl_preallocate+0x300/0x300 [ 40.508841] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.514376] ? selinux_capable+0x40/0x40 [ 40.518434] ? path_pts+0x9f/0x1f0 [ 40.521974] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.526988] ? kmem_cache_free+0x246/0x280 [ 40.531248] ? putname+0xf7/0x130 [ 40.534700] do_group_exit+0x177/0x440 [ 40.538584] ? trace_hardirqs_on+0xbd/0x2c0 [ 40.542903] ? __ia32_sys_exit+0x50/0x50 [ 40.546963] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 40.552075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.557613] ? ksys_ioctl+0x81/0xd0 [ 40.561242] __x64_sys_exit_group+0x3e/0x50 [ 40.565583] do_syscall_64+0x1b9/0x820 [ 40.569492] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 40.574872] ? syscall_return_slowpath+0x5e0/0x5e0 [ 40.579799] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.584637] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 40.589655] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 40.594672] ? prepare_exit_to_usermode+0x291/0x3b0 [ 40.599690] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.604539] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.609727] RIP: 0033:0x43f028 [ 40.612918] Code: Bad RIP value. [ 40.616274] RSP: 002b:00007ffd23b16698 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 40.623981] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 40.631246] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 40.638512] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 40.645793] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 40.653055] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 40.660334] [ 40.660340] ====================================================== [ 40.660345] WARNING: possible circular locking dependency detected [ 40.660349] 4.19.0-rc2+ #4 Not tainted [ 40.660354] ------------------------------------------------------ [ 40.660359] syz-executor114/4845 is trying to acquire lock: [ 40.660363] 000000007e82076f ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 40.660378] [ 40.660382] but task is already holding lock: [ 40.660385] 000000006eca1faa (report_lock){....}, at: kasan_report+0x8e/0x110 [ 40.660399] [ 40.660404] which lock already depends on the new lock. [ 40.660406] [ 40.660408] [ 40.660413] the existing dependency chain (in reverse order) is: [ 40.660416] [ 40.660418] -> #3 (report_lock){....}: [ 40.660432] _raw_spin_lock_irqsave+0x96/0xc0 [ 40.660436] kasan_report+0x8e/0x110 [ 40.660440] __asan_report_load8_noabort+0x14/0x20 [ 40.660444] __schedule+0xf54/0x1df0 [ 40.660449] preempt_schedule_common+0x22/0x60 [ 40.660452] _cond_resched+0x1d/0x30 [ 40.660456] wait_for_completion+0xa5/0x8d0 [ 40.660461] __synchronize_srcu+0x189/0x240 [ 40.660465] synchronize_srcu+0x335/0x56f [ 40.660470] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.660474] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.660478] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.660482] kvm_put_kvm+0x73f/0x1060 [ 40.660494] kvm_vm_release+0x42/0x50 [ 40.660498] __fput+0x38a/0xa40 [ 40.660502] ____fput+0x15/0x20 [ 40.660505] task_work_run+0x1e8/0x2a0 [ 40.660509] do_exit+0x1ae4/0x26e0 [ 40.660513] do_group_exit+0x177/0x440 [ 40.660523] __x64_sys_exit_group+0x3e/0x50 [ 40.660527] do_syscall_64+0x1b9/0x820 [ 40.660531] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.660534] [ 40.660536] -> #2 (&rq->lock){-.-.}: [ 40.660550] _raw_spin_lock+0x2a/0x40 [ 40.660554] task_fork_fair+0x93/0x680 [ 40.660557] sched_fork+0x44b/0xbd0 [ 40.660561] copy_process+0x235e/0x7af0 [ 40.660565] _do_fork+0x1ca/0x1170 [ 40.660569] kernel_thread+0x34/0x40 [ 40.660572] rest_init+0x22/0xe4 [ 40.660576] start_kernel+0x913/0x94e [ 40.660580] x86_64_start_reservations+0x29/0x2b [ 40.660585] x86_64_start_kernel+0x76/0x79 [ 40.660589] secondary_startup_64+0xa4/0xb0 [ 40.660591] [ 40.660593] -> #1 (&p->pi_lock){-.-.}: [ 40.660608] _raw_spin_lock_irqsave+0x96/0xc0 [ 40.660612] try_to_wake_up+0xd2/0x1250 [ 40.660616] wake_up_process+0x10/0x20 [ 40.660619] __up.isra.1+0x1c0/0x2a0 [ 40.660623] up+0x13c/0x1c0 [ 40.660627] __up_console_sem+0xbe/0x1b0 [ 40.660631] console_unlock+0x506/0x10e0 [ 40.660635] vprintk_emit+0x33a/0x910 [ 40.660638] vprintk_default+0x28/0x30 [ 40.660642] vprintk_func+0x7a/0x117 [ 40.660646] printk+0xa7/0xcf [ 40.660649] load_umh+0x51/0xbd [ 40.660653] do_one_initcall+0x127/0x838 [ 40.660657] kernel_init_freeable+0x4bb/0x5ae [ 40.660661] kernel_init+0x11/0x1b3 [ 40.660665] ret_from_fork+0x3a/0x50 [ 40.660667] [ 40.660669] -> #0 ((console_sem).lock){-...}: [ 40.660684] lock_acquire+0x1e4/0x4f0 [ 40.660688] _raw_spin_lock_irqsave+0x96/0xc0 [ 40.660692] down_trylock+0x13/0x70 [ 40.660696] __down_trylock_console_sem+0xae/0x200 [ 40.660700] console_trylock+0x15/0xa0 [ 40.660704] vprintk_emit+0x31f/0x910 [ 40.660708] vprintk_default+0x28/0x30 [ 40.660711] vprintk_func+0x7a/0x117 [ 40.660715] printk+0xa7/0xcf [ 40.660718] kasan_report+0x9e/0x110 [ 40.660723] __asan_report_load8_noabort+0x14/0x20 [ 40.660727] __schedule+0xf54/0x1df0 [ 40.660731] preempt_schedule_common+0x22/0x60 [ 40.660735] _cond_resched+0x1d/0x30 [ 40.660739] wait_for_completion+0xa5/0x8d0 [ 40.660743] __synchronize_srcu+0x189/0x240 [ 40.660747] synchronize_srcu+0x335/0x56f [ 40.660752] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.660756] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.660760] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.660764] kvm_put_kvm+0x73f/0x1060 [ 40.660768] kvm_vm_release+0x42/0x50 [ 40.660772] __fput+0x38a/0xa40 [ 40.660775] ____fput+0x15/0x20 [ 40.660779] task_work_run+0x1e8/0x2a0 [ 40.660783] do_exit+0x1ae4/0x26e0 [ 40.660786] do_group_exit+0x177/0x440 [ 40.660791] __x64_sys_exit_group+0x3e/0x50 [ 40.660794] do_syscall_64+0x1b9/0x820 [ 40.660799] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.660801] [ 40.660806] other info that might help us debug this: [ 40.660808] [ 40.660811] Chain exists of: [ 40.660813] (console_sem).lock --> &rq->lock --> report_lock [ 40.660831] [ 40.660835] Possible unsafe locking scenario: [ 40.660837] [ 40.660841] CPU0 CPU1 [ 40.660845] ---- ---- [ 40.660847] lock(report_lock); [ 40.660857] lock(&rq->lock); [ 40.660866] lock(report_lock); [ 40.660874] lock((console_sem).lock); [ 40.660882] [ 40.660885] *** DEADLOCK *** [ 40.660887] [ 40.660891] 2 locks held by syz-executor114/4845: [ 40.660893] #0: 00000000eda4137d (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 40.660910] #1: 000000006eca1faa (report_lock){....}, at: kasan_report+0x8e/0x110 [ 40.660927] [ 40.660930] stack backtrace: [ 40.660936] CPU: 0 PID: 4845 Comm: syz-executor114 Not tainted 4.19.0-rc2+ #4 [ 40.660943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.660946] Call Trace: [ 40.660950] dump_stack+0x1c9/0x2b4 [ 40.660955] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.660958] ? vprintk_func+0x100/0x117 [ 40.660963] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 40.660967] ? save_trace+0xe0/0x290 [ 40.660971] __lock_acquire+0x3449/0x5020 [ 40.660975] ? mark_held_locks+0x160/0x160 [ 40.660979] ? mark_held_locks+0x160/0x160 [ 40.660984] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 40.660988] ? is_bpf_text_address+0xd7/0x170 [ 40.660992] ? kernel_text_address+0x79/0xf0 [ 40.660996] ? __kernel_text_address+0xd/0x40 [ 40.661000] ? __save_stack_trace+0x8d/0xf0 [ 40.661005] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 40.661008] ? save_trace+0x290/0x290 [ 40.661012] ? save_stack_trace+0x1a/0x20 [ 40.661016] ? save_trace+0xe0/0x290 [ 40.661020] ? graph_lock+0x170/0x170 [ 40.661025] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.661029] lock_acquire+0x1e4/0x4f0 [ 40.661033] ? down_trylock+0x13/0x70 [ 40.661037] ? lock_release+0x9f0/0x9f0 [ 40.661041] ? trace_hardirqs_off+0xb8/0x2c0 [ 40.661045] ? trace_hardirqs_on+0x2c0/0x2c0 [ 40.661049] ? trace_hardirqs_off+0xb8/0x2c0 [ 40.661053] ? log_store+0x34f/0x4c0 [ 40.661057] ? vprintk_emit+0x31f/0x910 [ 40.661061] _raw_spin_lock_irqsave+0x96/0xc0 [ 40.661065] ? down_trylock+0x13/0x70 [ 40.661068] down_trylock+0x13/0x70 [ 40.661073] __down_trylock_console_sem+0xae/0x200 [ 40.661077] console_trylock+0x15/0xa0 [ 40.661080] vprintk_emit+0x31f/0x910 [ 40.661084] ? wake_up_klogd+0x110/0x110 [ 40.661089] ? run_rebalance_domains+0x4c0/0x4c0 [ 40.661093] ? kasan_check_read+0x11/0x20 [ 40.661097] ? rcu_is_watching+0x8c/0x150 [ 40.661100] ? rcu_pm_notify+0xc0/0xc0 [ 40.661104] ? lock_acquire+0x1e4/0x4f0 [ 40.661108] ? kasan_report+0x8e/0x110 [ 40.661112] ? __schedule+0xf54/0x1df0 [ 40.661116] vprintk_default+0x28/0x30 [ 40.661119] vprintk_func+0x7a/0x117 [ 40.661123] printk+0xa7/0xcf [ 40.661127] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 40.661131] ? kasan_check_write+0x14/0x20 [ 40.661135] ? do_raw_spin_lock+0xc1/0x200 [ 40.661139] ? do_raw_spin_lock+0xc1/0x200 [ 40.661143] kasan_report+0x9e/0x110 [ 40.661147] __asan_report_load8_noabort+0x14/0x20 [ 40.661151] __schedule+0xf54/0x1df0 [ 40.661156] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 40.661159] ? __sched_text_start+0x8/0x8 [ 40.661163] ? __call_srcu+0x7e7/0x1040 [ 40.661167] ? check_same_owner+0x340/0x340 [ 40.661171] ? mark_held_locks+0x160/0x160 [ 40.661175] ? find_held_lock+0x36/0x1c0 [ 40.661180] preempt_schedule_common+0x22/0x60 [ 40.661183] _cond_resched+0x1d/0x30 [ 40.661187] wait_for_completion+0xa5/0x8d0 [ 40.661192] ? wait_for_completion_interruptible+0x950/0x950 [ 40.661197] ? __lockdep_init_map+0x105/0x590 [ 40.661201] ? __init_waitqueue_head+0x9e/0x150 [ 40.661205] ? init_wait_entry+0x1c0/0x1c0 [ 40.661209] __synchronize_srcu+0x189/0x240 [ 40.661213] ? call_srcu+0x10/0x10 [ 40.661217] ? rcu_unexpedite_gp+0x20/0x20 [ 40.661220] synchronize_srcu+0x335/0x56f [ 40.661225] ? lock_downgrade+0x8f0/0x8f0 [ 40.661229] ? synchronize_srcu_expedited+0x20/0x20 [ 40.661233] ? kasan_check_read+0x11/0x20 [ 40.661237] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.661241] ? kasan_check_write+0x14/0x20 [ 40.661246] ? do_raw_spin_lock+0xc1/0x200 [ 40.661250] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.661255] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 40.661259] ? kvfree+0x61/0x70 [ 40.661263] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.661267] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.661271] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.661276] ? kvm_arch_sync_events+0x30/0x30 [ 40.661280] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.661285] ? mmu_notifier_unregister+0x474/0x600 [ 40.661289] ? trace_hardirqs_on+0x2c0/0x2c0 [ 40.661293] ? kfree+0x111/0x210 [ 40.661297] ? __mmu_notifier_register+0x30/0x30 [ 40.661301] ? __free_pages+0x10a/0x190 [ 40.661305] ? free_unref_page+0x930/0x930 [ 40.661309] kvm_put_kvm+0x73f/0x1060 [ 40.661313] ? kvm_write_guest_cached+0x40/0x40 [ 40.661317] ? _raw_spin_unlock_irq+0x27/0x70 [ 40.661321] ? _raw_spin_unlock_irq+0x27/0x70 [ 40.661325] ? lockdep_hardirqs_on+0x421/0x5c0 [ 40.661330] ? kasan_check_write+0x14/0x20 [ 40.661334] ? do_raw_spin_lock+0xc1/0x200 [ 40.661338] ? kvm_irqfd_release+0xdd/0x120 [ 40.661342] ? kvm_irqfd_release+0xdd/0x120 [ 40.661346] ? kvm_put_kvm+0x1060/0x1060 [ 40.661349] kvm_vm_release+0x42/0x50 [ 40.661353] __fput+0x38a/0xa40 [ 40.661357] ? __alloc_file+0x400/0x400 [ 40.661361] ? check_same_owner+0x340/0x340 [ 40.661365] ? kasan_check_write+0x14/0x20 [ 40.661369] ? do_raw_spin_lock+0xc1/0x200 [ 40.661372] ____fput+0x15/0x20 [ 40.661376] task_work_run+0x1e8/0x2a0 [ 40.661380] ? task_work_cancel+0x240/0x240 [ 40.661385] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.661389] ? switch_task_namespaces+0xa2/0xd0 [ 40.661393] do_exit+0x1ae4/0x26e0 [ 40.661397] ? mm_update_next_owner+0x9a0/0x9a0 [ 40.661401] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 40.661406] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.661409] ? kfree+0x1d7/0x210 [ 40.661413] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 40.661418] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 40.661423] ? avc_has_extended_perms+0xa97/0x15c0 [ 40.661425] [ 40.661433] Lost 48 message(s)! [ 41.729042] Shutting down cpus with NMI [ 42.788855] Dumping ftrace buffer: [ 42.792377] (ftrace buffer empty) [ 42.796068] Kernel Offset: disabled [ 42.799678] Rebooting in 86400 seconds..