[....] Starting OpenBSD Secure Shell server: sshd[ 21.873521] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.419771] random: sshd: uninitialized urandom read (32 bytes read) [ 29.760471] audit: type=1400 audit(1536342960.121:6): avc: denied { map } for pid=4361 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 29.801179] random: sshd: uninitialized urandom read (32 bytes read) [ 30.374924] random: sshd: uninitialized urandom read (32 bytes read) [ 30.566556] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts. [ 36.156013] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 36.264084] audit: type=1400 audit(1536342966.625:7): avc: denied { map } for pid=4375 comm="syz-executor043" path="/root/syz-executor043778598" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 36.267768] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 36.316464] ================================================================== [ 36.326358] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 36.332585] Read of size 8 at addr ffff8801c1818058 by task syz-executor043/4375 [ 36.340104] [ 36.341731] CPU: 1 PID: 4375 Comm: syz-executor043 Not tainted 4.19.0-rc2+ #5 [ 36.348992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.358341] Call Trace: [ 36.360937] dump_stack+0x1c9/0x2b4 [ 36.364566] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.369753] ? printk+0xa7/0xcf [ 36.373035] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.377796] ? __schedule+0xf54/0x1df0 [ 36.381688] print_address_description+0x6c/0x20b [ 36.386532] ? __schedule+0xf54/0x1df0 [ 36.390418] kasan_report.cold.7+0x242/0x30d [ 36.394831] __asan_report_load8_noabort+0x14/0x20 [ 36.399761] __schedule+0xf54/0x1df0 [ 36.403475] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.408576] ? __sched_text_start+0x8/0x8 [ 36.412726] ? __call_srcu+0x7e7/0x1040 [ 36.416709] ? check_same_owner+0x340/0x340 [ 36.421030] ? mark_held_locks+0x160/0x160 [ 36.425261] ? find_held_lock+0x36/0x1c0 [ 36.429334] preempt_schedule_common+0x22/0x60 [ 36.433914] _cond_resched+0x1d/0x30 [ 36.437626] wait_for_completion+0xa5/0x8d0 [ 36.441959] ? wait_for_completion_interruptible+0x950/0x950 [ 36.447755] ? __lockdep_init_map+0x105/0x590 [ 36.452250] ? __init_waitqueue_head+0x9e/0x150 [ 36.456919] ? init_wait_entry+0x1c0/0x1c0 [ 36.461158] __synchronize_srcu+0x189/0x240 [ 36.465478] ? call_srcu+0x10/0x10 [ 36.469015] ? rcu_unexpedite_gp+0x20/0x20 [ 36.473253] synchronize_srcu+0x335/0x56f [ 36.477398] ? lock_downgrade+0x8f0/0x8f0 [ 36.481548] ? synchronize_srcu_expedited+0x20/0x20 [ 36.486566] ? kasan_check_read+0x11/0x20 [ 36.490717] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.495295] ? kasan_check_write+0x14/0x20 [ 36.499529] ? do_raw_spin_lock+0xc1/0x200 [ 36.503766] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.509485] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.514937] ? kvfree+0x61/0x70 [ 36.518218] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.523237] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.527297] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.531708] ? kvm_arch_sync_events+0x30/0x30 [ 36.536207] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.541748] ? mmu_notifier_unregister+0x474/0x600 [ 36.546677] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.551088] ? kfree+0x111/0x210 [ 36.554458] ? __mmu_notifier_register+0x30/0x30 [ 36.559217] ? __free_pages+0x10a/0x190 [ 36.563189] ? free_unref_page+0x930/0x930 [ 36.567432] kvm_put_kvm+0x73f/0x1060 [ 36.571246] ? kvm_write_guest_cached+0x40/0x40 [ 36.575918] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.580411] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.584906] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.589496] ? kasan_check_write+0x14/0x20 [ 36.593730] ? do_raw_spin_lock+0xc1/0x200 [ 36.597967] ? kvm_irqfd_release+0xdd/0x120 [ 36.602288] ? kvm_irqfd_release+0xdd/0x120 [ 36.606612] ? kvm_put_kvm+0x1060/0x1060 [ 36.610685] kvm_vm_release+0x42/0x50 [ 36.614488] __fput+0x38a/0xa40 [ 36.617770] ? __alloc_file+0x400/0x400 [ 36.622085] ? check_same_owner+0x340/0x340 [ 36.626410] ? kasan_check_write+0x14/0x20 [ 36.630653] ? do_raw_spin_lock+0xc1/0x200 [ 36.634889] ____fput+0x15/0x20 [ 36.638166] task_work_run+0x1e8/0x2a0 [ 36.642054] ? task_work_cancel+0x240/0x240 [ 36.646378] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.651915] ? switch_task_namespaces+0xa2/0xd0 [ 36.656592] do_exit+0x1ae4/0x26e0 [ 36.660134] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.664806] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.669042] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.674058] ? kfree+0x1d7/0x210 [ 36.677426] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.681675] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.687388] ? avc_has_extended_perms+0xa97/0x15c0 [ 36.692317] ? kernel_text_address+0x9e/0xf0 [ 36.696734] ? ptrace_set_breakpoint_addr+0xbb/0x380 [ 36.701836] ? avc_ss_reset+0x190/0x190 [ 36.705815] ? save_stack+0xa9/0xd0 [ 36.709440] ? save_stack+0x43/0xd0 [ 36.713068] ? __kasan_slab_free+0x11a/0x170 [ 36.717476] ? kasan_slab_free+0xe/0x10 [ 36.721457] ? putname+0xf2/0x130 [ 36.724915] ? __x64_sys_openat+0x9d/0x100 [ 36.729154] ? do_syscall_64+0x1b9/0x820 [ 36.733219] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.738599] ? initcall_blacklisted+0x9a/0x1e0 [ 36.743196] ? rcu_note_context_switch+0x680/0x680 [ 36.748135] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.754300] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.759840] ? do_vfs_ioctl+0x201/0x1720 [ 36.763904] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 36.769100] ? ioctl_preallocate+0x300/0x300 [ 36.773515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.779056] ? selinux_capable+0x40/0x40 [ 36.783119] ? path_pts+0x9f/0x1f0 [ 36.786673] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.791690] ? kmem_cache_free+0x246/0x280 [ 36.795927] ? putname+0xf7/0x130 [ 36.799382] do_group_exit+0x177/0x440 [ 36.803270] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.807596] ? __ia32_sys_exit+0x50/0x50 [ 36.811663] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.816771] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.822314] ? ksys_ioctl+0x81/0xd0 [ 36.825948] __x64_sys_exit_group+0x3e/0x50 [ 36.830273] do_syscall_64+0x1b9/0x820 [ 36.834161] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.839527] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.844459] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.849304] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 36.854326] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.859349] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.864199] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.869391] RIP: 0033:0x43ecc8 [ 36.872591] Code: Bad RIP value. [ 36.875951] RSP: 002b:00007ffed10c9ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.883670] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 36.890946] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.898220] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.905487] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.912754] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.920026] [ 36.921658] Allocated by task 4375: [ 36.925291] save_stack+0x43/0xd0 [ 36.928740] kasan_kmalloc+0xc4/0xe0 [ 36.932447] kasan_slab_alloc+0x12/0x20 [ 36.936424] kmem_cache_alloc+0x12e/0x710 [ 36.940570] vmx_create_vcpu+0xcf/0x2830 [ 36.944628] kvm_arch_vcpu_create+0xe5/0x220 [ 36.949045] kvm_vm_ioctl+0x488/0x1d80 [ 36.952931] do_vfs_ioctl+0x1de/0x1720 [ 36.956813] ksys_ioctl+0xa9/0xd0 [ 36.960264] __x64_sys_ioctl+0x73/0xb0 [ 36.964152] do_syscall_64+0x1b9/0x820 [ 36.968040] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.973217] [ 36.974838] Freed by task 4375: [ 36.978120] save_stack+0x43/0xd0 [ 36.981572] __kasan_slab_free+0x11a/0x170 [ 36.985809] kasan_slab_free+0xe/0x10 [ 36.989605] kmem_cache_free+0x86/0x280 [ 36.993584] vmx_free_vcpu+0x26b/0x300 [ 36.997474] kvm_arch_destroy_vm+0x365/0x7c0 [ 37.001886] kvm_put_kvm+0x73f/0x1060 [ 37.005689] kvm_vm_release+0x42/0x50 [ 37.009488] __fput+0x38a/0xa40 [ 37.012764] ____fput+0x15/0x20 [ 37.016042] task_work_run+0x1e8/0x2a0 [ 37.019931] do_exit+0x1ae4/0x26e0 [ 37.023474] do_group_exit+0x177/0x440 [ 37.027356] __x64_sys_exit_group+0x3e/0x50 [ 37.031678] do_syscall_64+0x1b9/0x820 [ 37.035563] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.040741] [ 37.042366] The buggy address belongs to the object at ffff8801c1818040 [ 37.042366] which belongs to the cache kvm_vcpu of size 23872 [ 37.054947] The buggy address is located 24 bytes inside of [ 37.054947] 23872-byte region [ffff8801c1818040, ffff8801c181dd80) [ 37.066911] The buggy address belongs to the page: [ 37.071853] page:ffffea0007060600 count:1 mapcount:0 mapping:ffff8801d6226dc0 index:0x0 compound_mapcount: 0 [ 37.081831] flags: 0x2fffc0000008100(slab|head) [ 37.086513] raw: 02fffc0000008100 ffff8801d6219648 ffff8801d6219648 ffff8801d6226dc0 [ 37.094403] raw: 0000000000000000 ffff8801c1818040 0000000100000001 0000000000000000 [ 37.102281] page dumped because: kasan: bad access detected [ 37.107991] [ 37.109612] Memory state around the buggy address: [ 37.114551] ffff8801c1817f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.121917] ffff8801c1817f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.129283] >ffff8801c1818000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 37.136649] ^ [ 37.142881] ffff8801c1818080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.150239] ffff8801c1818100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.157587] ================================================================== [ 37.164939] Kernel panic - not syncing: panic_on_warn set ... [ 37.164939] [ 37.172314] CPU: 1 PID: 4375 Comm: syz-executor043 Tainted: G B 4.19.0-rc2+ #5 [ 37.180975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.190325] Call Trace: [ 37.192927] dump_stack+0x1c9/0x2b4 [ 37.196568] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.201765] ? lock_downgrade+0x8f0/0x8f0 [ 37.205917] ? __schedule+0xf54/0x1df0 [ 37.209807] panic+0x238/0x4e7 [ 37.213003] ? add_taint.cold.5+0x16/0x16 [ 37.217158] ? print_shadow_for_address+0xba/0x116 [ 37.222090] ? trace_hardirqs_off+0xaf/0x2c0 [ 37.226496] ? trace_hardirqs_off+0x77/0x2c0 [ 37.230905] ? __schedule+0xf54/0x1df0 [ 37.234793] kasan_end_report+0x47/0x4f [ 37.238769] kasan_report.cold.7+0x76/0x30d [ 37.243095] __asan_report_load8_noabort+0x14/0x20 [ 37.248033] __schedule+0xf54/0x1df0 [ 37.251751] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.256861] ? __sched_text_start+0x8/0x8 [ 37.261011] ? __call_srcu+0x7e7/0x1040 [ 37.264995] ? check_same_owner+0x340/0x340 [ 37.269315] ? mark_held_locks+0x160/0x160 [ 37.273549] ? find_held_lock+0x36/0x1c0 [ 37.277614] preempt_schedule_common+0x22/0x60 [ 37.282205] _cond_resched+0x1d/0x30 [ 37.285919] wait_for_completion+0xa5/0x8d0 [ 37.290243] ? wait_for_completion_interruptible+0x950/0x950 [ 37.296039] ? __lockdep_init_map+0x105/0x590 [ 37.300541] ? __init_waitqueue_head+0x9e/0x150 [ 37.305208] ? init_wait_entry+0x1c0/0x1c0 [ 37.309445] __synchronize_srcu+0x189/0x240 [ 37.313777] ? call_srcu+0x10/0x10 [ 37.317317] ? rcu_unexpedite_gp+0x20/0x20 [ 37.321557] synchronize_srcu+0x335/0x56f [ 37.325704] ? lock_downgrade+0x8f0/0x8f0 [ 37.329852] ? synchronize_srcu_expedited+0x20/0x20 [ 37.334877] ? kasan_check_read+0x11/0x20 [ 37.339032] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.343617] ? kasan_check_write+0x14/0x20 [ 37.347858] ? do_raw_spin_lock+0xc1/0x200 [ 37.352101] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.357817] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.363269] ? kvfree+0x61/0x70 [ 37.366555] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.371577] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.375651] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.380061] ? kvm_arch_sync_events+0x30/0x30 [ 37.384559] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.390098] ? mmu_notifier_unregister+0x474/0x600 [ 37.395026] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.399436] ? kfree+0x111/0x210 [ 37.402813] ? __mmu_notifier_register+0x30/0x30 [ 37.407574] ? __free_pages+0x10a/0x190 [ 37.411548] ? free_unref_page+0x930/0x930 [ 37.415794] kvm_put_kvm+0x73f/0x1060 [ 37.419606] ? kvm_write_guest_cached+0x40/0x40 [ 37.424284] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.428779] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.433281] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.437872] ? kasan_check_write+0x14/0x20 [ 37.442113] ? do_raw_spin_lock+0xc1/0x200 [ 37.446351] ? kvm_irqfd_release+0xdd/0x120 [ 37.450668] ? kvm_irqfd_release+0xdd/0x120 [ 37.454991] ? kvm_put_kvm+0x1060/0x1060 [ 37.459050] kvm_vm_release+0x42/0x50 [ 37.462850] __fput+0x38a/0xa40 [ 37.466129] ? __alloc_file+0x400/0x400 [ 37.470108] ? check_same_owner+0x340/0x340 [ 37.474429] ? kasan_check_write+0x14/0x20 [ 37.478672] ? do_raw_spin_lock+0xc1/0x200 [ 37.482908] ____fput+0x15/0x20 [ 37.486186] task_work_run+0x1e8/0x2a0 [ 37.490073] ? task_work_cancel+0x240/0x240 [ 37.494404] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.499945] ? switch_task_namespaces+0xa2/0xd0 [ 37.504619] do_exit+0x1ae4/0x26e0 [ 37.508171] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.512849] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 37.517087] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.522103] ? kfree+0x1d7/0x210 [ 37.525475] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 37.529711] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.535426] ? avc_has_extended_perms+0xa97/0x15c0 [ 37.540358] ? kernel_text_address+0x9e/0xf0 [ 37.544772] ? ptrace_set_breakpoint_addr+0xbb/0x380 [ 37.549880] ? avc_ss_reset+0x190/0x190 [ 37.553861] ? save_stack+0xa9/0xd0 [ 37.557485] ? save_stack+0x43/0xd0 [ 37.561110] ? __kasan_slab_free+0x11a/0x170 [ 37.565516] ? kasan_slab_free+0xe/0x10 [ 37.569493] ? putname+0xf2/0x130 [ 37.572950] ? __x64_sys_openat+0x9d/0x100 [ 37.577184] ? do_syscall_64+0x1b9/0x820 [ 37.581243] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.586617] ? initcall_blacklisted+0x9a/0x1e0 [ 37.591210] ? rcu_note_context_switch+0x680/0x680 [ 37.596145] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.601862] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.607401] ? do_vfs_ioctl+0x201/0x1720 [ 37.611467] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 37.616670] ? ioctl_preallocate+0x300/0x300 [ 37.621082] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.626618] ? selinux_capable+0x40/0x40 [ 37.630687] ? path_pts+0x9f/0x1f0 [ 37.634232] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.639248] ? kmem_cache_free+0x246/0x280 [ 37.643488] ? putname+0xf7/0x130 [ 37.646947] do_group_exit+0x177/0x440 [ 37.650835] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.655154] ? __ia32_sys_exit+0x50/0x50 [ 37.659217] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.664324] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.669863] ? ksys_ioctl+0x81/0xd0 [ 37.673496] __x64_sys_exit_group+0x3e/0x50 [ 37.677819] do_syscall_64+0x1b9/0x820 [ 37.681703] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.687070] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.691999] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.696842] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 37.701866] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.706887] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.711734] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.716924] RIP: 0033:0x43ecc8 [ 37.720119] Code: Bad RIP value. [ 37.723480] RSP: 002b:00007ffed10c9ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.731189] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 37.738462] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.745729] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.753513] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.760781] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 37.768062] [ 37.768067] ====================================================== [ 37.768073] WARNING: possible circular locking dependency detected [ 37.768077] 4.19.0-rc2+ #5 Not tainted [ 37.768082] ------------------------------------------------------ [ 37.768087] syz-executor043/4375 is trying to acquire lock: [ 37.768091] 00000000c7deaa5d ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 37.768106] [ 37.768110] but task is already holding lock: [ 37.768114] 00000000b0163253 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.768128] [ 37.768132] which lock already depends on the new lock. [ 37.768135] [ 37.768137] [ 37.768142] the existing dependency chain (in reverse order) is: [ 37.768144] [ 37.768147] -> #3 (report_lock){....}: [ 37.768161] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.768165] kasan_report+0x8e/0x110 [ 37.768170] __asan_report_load8_noabort+0x14/0x20 [ 37.768174] __schedule+0xf54/0x1df0 [ 37.768178] preempt_schedule_common+0x22/0x60 [ 37.768182] _cond_resched+0x1d/0x30 [ 37.768186] wait_for_completion+0xa5/0x8d0 [ 37.768190] __synchronize_srcu+0x189/0x240 [ 37.768194] synchronize_srcu+0x335/0x56f [ 37.768199] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.768203] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.768208] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.768212] kvm_put_kvm+0x73f/0x1060 [ 37.768215] kvm_vm_release+0x42/0x50 [ 37.768219] __fput+0x38a/0xa40 [ 37.768223] ____fput+0x15/0x20 [ 37.768227] task_work_run+0x1e8/0x2a0 [ 37.768230] do_exit+0x1ae4/0x26e0 [ 37.768234] do_group_exit+0x177/0x440 [ 37.768239] __x64_sys_exit_group+0x3e/0x50 [ 37.768243] do_syscall_64+0x1b9/0x820 [ 37.768247] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.768250] [ 37.768252] -> #2 (&rq->lock){-.-.}: [ 37.768266] _raw_spin_lock+0x2a/0x40 [ 37.768270] task_fork_fair+0x93/0x680 [ 37.768274] sched_fork+0x44b/0xbd0 [ 37.768278] copy_process+0x235e/0x7af0 [ 37.768281] _do_fork+0x1ca/0x1170 [ 37.768285] kernel_thread+0x34/0x40 [ 37.768289] rest_init+0x22/0xe4 [ 37.768293] start_kernel+0x913/0x94e [ 37.768297] x86_64_start_reservations+0x29/0x2b [ 37.768301] x86_64_start_kernel+0x76/0x79 [ 37.768305] secondary_startup_64+0xa4/0xb0 [ 37.768308] [ 37.768310] -> #1 (&p->pi_lock){-.-.}: [ 37.768324] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.768328] try_to_wake_up+0xd2/0x1250 [ 37.768332] wake_up_process+0x10/0x20 [ 37.768336] __up.isra.1+0x1c0/0x2a0 [ 37.768339] up+0x13c/0x1c0 [ 37.768343] __up_console_sem+0xbe/0x1b0 [ 37.768348] console_unlock+0x506/0x10e0 [ 37.768352] do_con_write+0x1375/0x23d0 [ 37.768355] con_write+0x25/0xc0 [ 37.768359] n_tty_write+0x6c1/0x11a0 [ 37.768363] tty_write+0x3f1/0x880 [ 37.768367] __vfs_write+0x117/0x9d0 [ 37.768370] vfs_write+0x1fc/0x560 [ 37.768374] ksys_write+0x101/0x260 [ 37.768378] __x64_sys_write+0x73/0xb0 [ 37.768382] do_syscall_64+0x1b9/0x820 [ 37.768386] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.768389] [ 37.768391] -> #0 ((console_sem).lock){-...}: [ 37.768406] lock_acquire+0x1e4/0x4f0 [ 37.768410] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.768414] down_trylock+0x13/0x70 [ 37.768418] __down_trylock_console_sem+0xae/0x200 [ 37.768422] console_trylock+0x15/0xa0 [ 37.768426] vprintk_emit+0x31f/0x910 [ 37.768430] vprintk_default+0x28/0x30 [ 37.768434] vprintk_func+0x7a/0x117 [ 37.768437] printk+0xa7/0xcf [ 37.768441] kasan_report+0x9e/0x110 [ 37.768446] __asan_report_load8_noabort+0x14/0x20 [ 37.768455] __schedule+0xf54/0x1df0 [ 37.768460] preempt_schedule_common+0x22/0x60 [ 37.768464] _cond_resched+0x1d/0x30 [ 37.768468] wait_for_completion+0xa5/0x8d0 [ 37.768472] __synchronize_srcu+0x189/0x240 [ 37.768477] synchronize_srcu+0x335/0x56f [ 37.768482] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.768486] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.768490] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.768494] kvm_put_kvm+0x73f/0x1060 [ 37.768498] kvm_vm_release+0x42/0x50 [ 37.768502] __fput+0x38a/0xa40 [ 37.768506] ____fput+0x15/0x20 [ 37.768510] task_work_run+0x1e8/0x2a0 [ 37.768513] do_exit+0x1ae4/0x26e0 [ 37.768517] do_group_exit+0x177/0x440 [ 37.768522] __x64_sys_exit_group+0x3e/0x50 [ 37.768526] do_syscall_64+0x1b9/0x820 [ 37.768530] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.768533] [ 37.768537] other info that might help us debug this: [ 37.768539] [ 37.768543] Chain exists of: [ 37.768545] (console_sem).lock --> &rq->lock --> report_lock [ 37.768563] [ 37.768567] Possible unsafe locking scenario: [ 37.768570] [ 37.768574] CPU0 CPU1 [ 37.768578] ---- ---- [ 37.768580] lock(report_lock); [ 37.768590] lock(&rq->lock); [ 37.768599] lock(report_lock); [ 37.768608] lock((console_sem).lock); [ 37.768616] [ 37.768619] *** DEADLOCK *** [ 37.768621] [ 37.768626] 2 locks held by syz-executor043/4375: [ 37.768628] #0: 00000000112e8d9a (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 37.768653] #1: 00000000b0163253 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.768670] [ 37.768674] stack backtrace: [ 37.768680] CPU: 1 PID: 4375 Comm: syz-executor043 Not tainted 4.19.0-rc2+ #5 [ 37.768687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.768690] Call Trace: [ 37.768694] dump_stack+0x1c9/0x2b4 [ 37.768699] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.768703] ? vprintk_func+0x100/0x117 [ 37.768708] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 37.768712] ? save_trace+0xe0/0x290 [ 37.768716] __lock_acquire+0x3449/0x5020 [ 37.768720] ? mark_held_locks+0x160/0x160 [ 37.768724] ? mark_held_locks+0x160/0x160 [ 37.768729] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 37.768733] ? is_bpf_text_address+0xd7/0x170 [ 37.768737] ? kernel_text_address+0x79/0xf0 [ 37.768742] ? __kernel_text_address+0xd/0x40 [ 37.768746] ? __save_stack_trace+0x8d/0xf0 [ 37.768750] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 37.768754] ? save_trace+0x290/0x290 [ 37.768758] ? save_stack_trace+0x1a/0x20 [ 37.768762] ? save_trace+0xe0/0x290 [ 37.768766] ? graph_lock+0x170/0x170 [ 37.768771] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.768775] lock_acquire+0x1e4/0x4f0 [ 37.768779] ? down_trylock+0x13/0x70 [ 37.768783] ? lock_release+0x9f0/0x9f0 [ 37.768787] ? trace_hardirqs_off+0xb8/0x2c0 [ 37.768792] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.768796] ? trace_hardirqs_off+0xb8/0x2c0 [ 37.768800] ? log_store+0x34f/0x4c0 [ 37.768804] ? vprintk_emit+0x31f/0x910 [ 37.768808] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.768812] ? down_trylock+0x13/0x70 [ 37.768816] down_trylock+0x13/0x70 [ 37.768820] __down_trylock_console_sem+0xae/0x200 [ 37.768824] console_trylock+0x15/0xa0 [ 37.768828] vprintk_emit+0x31f/0x910 [ 37.768832] ? wake_up_klogd+0x110/0x110 [ 37.768836] ? run_rebalance_domains+0x4c0/0x4c0 [ 37.768840] ? kasan_check_read+0x11/0x20 [ 37.768844] ? rcu_is_watching+0x8c/0x150 [ 37.768848] ? rcu_pm_notify+0xc0/0xc0 [ 37.768852] ? lock_acquire+0x1e4/0x4f0 [ 37.768856] ? kasan_report+0x8e/0x110 [ 37.768860] ? __schedule+0xf54/0x1df0 [ 37.768864] vprintk_default+0x28/0x30 [ 37.768868] vprintk_func+0x7a/0x117 [ 37.768871] printk+0xa7/0xcf [ 37.768876] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.768880] ? kasan_check_write+0x14/0x20 [ 37.768884] ? do_raw_spin_lock+0xc1/0x200 [ 37.768888] ? do_raw_spin_lock+0xc1/0x200 [ 37.768892] kasan_report+0x9e/0x110 [ 37.768896] __asan_report_load8_noabort+0x14/0x20 [ 37.768900] __schedule+0xf54/0x1df0 [ 37.768905] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.768909] ? __sched_text_start+0x8/0x8 [ 37.768913] ? __call_srcu+0x7e7/0x1040 [ 37.768917] ? check_same_owner+0x340/0x340 [ 37.768921] ? mark_held_locks+0x160/0x160 [ 37.768925] ? find_held_lock+0x36/0x1c0 [ 37.768929] preempt_schedule_common+0x22/0x60 [ 37.768933] _cond_resched+0x1d/0x30 [ 37.768937] wait_for_completion+0xa5/0x8d0 [ 37.768942] ? wait_for_completion_interruptible+0x950/0x950 [ 37.768947] ? __lockdep_init_map+0x105/0x590 [ 37.768951] ? __init_waitqueue_head+0x9e/0x150 [ 37.768956] ? init_wait_entry+0x1c0/0x1c0 [ 37.768960] __synchronize_srcu+0x189/0x240 [ 37.768964] ? call_srcu+0x10/0x10 [ 37.768968] ? rcu_unexpedite_gp+0x20/0x20 [ 37.768972] synchronize_srcu+0x335/0x56f [ 37.768976] ? lock_downgrade+0x8f0/0x8f0 [ 37.768981] ? synchronize_srcu_expedited+0x20/0x20 [ 37.768985] ? kasan_check_read+0x11/0x20 [ 37.768989] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.768994] ? kasan_check_write+0x14/0x20 [ 37.768998] ? do_raw_spin_lock+0xc1/0x200 [ 37.769003] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.769008] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.769022] ? kvfree+0x61/0x70 [ 37.769027] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.769031] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.769035] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.769040] ? kvm_arch_sync_events+0x30/0x30 [ 37.769045] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.769050] ? mmu_notifier_unregister+0x474/0x600 [ 37.769054] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.769058] ? kfree+0x111/0x210 [ 37.769062] ? __mmu_notifier_register+0x30/0x30 [ 37.769066] ? __free_pages+0x10a/0x190 [ 37.769070] ? free_unref_page+0x930/0x930 [ 37.769074] kvm_put_kvm+0x73f/0x1060 [ 37.769079] ? kvm_write_guest_cached+0x40/0x40 [ 37.769083] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.769087] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.769092] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.769096] ? kasan_check_write+0x14/0x20 [ 37.769100] ? do_raw_spin_lock+0xc1/0x200 [ 37.769104] ? kvm_irqfd_release+0xdd/0x120 [ 37.769109] ? kvm_irqfd_release+0xdd/0x120 [ 37.769113] ? kvm_put_kvm+0x1060/0x1060 [ 37.769117] kvm_vm_release+0x42/0x50 [ 37.769120] __fput+0x38a/0xa40 [ 37.769124] ? __alloc_file+0x400/0x400 [ 37.769128] ? check_same_owner+0x340/0x340 [ 37.769132] ? kasan_check_write+0x14/0x20 [ 37.769136] ? do_raw_spin_lock+0xc1/0x200 [ 37.769140] ____fput+0x15/0x20 [ 37.769144] task_work_run+0x1e8/0x2a0 [ 37.769148] ? task_work_cancel+0x240/0x240 [ 37.769153] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.769157] ? switch_task_namespaces+0xa2/0xd0 [ 37.769161] do_exit+0x1ae4/0x26e0 [ 37.769165] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.769170] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 37.769174] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.769178] ? kfree+0x1d7/0x210 [ 37.769182] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 37.769187] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.769192] Lost 49 message(s)! [ 38.842806] Shutting down cpus with NMI [ 39.901720] Dumping ftrace buffer: [ 39.905251] (ftrace buffer empty) [ 39.908943] Kernel Offset: disabled [ 39.912557] Rebooting in 86400 seconds..