[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 23.901458] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.095288] audit: type=1400 audit(1536361000.967:6): avc: denied { map } for pid=4391 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 24.146134] random: sshd: uninitialized urandom read (32 bytes read) [ 24.717918] random: sshd: uninitialized urandom read (32 bytes read) [ 24.914990] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts. [ 30.444486] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 30.562343] audit: type=1400 audit(1536361007.434:7): avc: denied { map } for pid=4405 comm="syz-executor214" path="/root/syz-executor214979111" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 30.566532] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 30.614756] ================================================================== [ 30.624778] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 30.631038] Read of size 8 at addr ffff8801c03f8058 by task syz-executor214/4405 [ 30.638568] [ 30.640208] CPU: 1 PID: 4405 Comm: syz-executor214 Not tainted 4.19.0-rc2+ #5 [ 30.647483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.656836] Call Trace: [ 30.659433] dump_stack+0x1c9/0x2b4 [ 30.663070] ? dump_stack_print_info.cold.2+0x52/0x52 [ 30.668264] ? printk+0xa7/0xcf [ 30.671551] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 30.676320] ? __schedule+0xf54/0x1df0 [ 30.680227] print_address_description+0x6c/0x20b [ 30.685080] ? __schedule+0xf54/0x1df0 [ 30.688978] kasan_report.cold.7+0x242/0x30d [ 30.693397] __asan_report_load8_noabort+0x14/0x20 [ 30.698335] __schedule+0xf54/0x1df0 [ 30.702055] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 30.707169] ? __sched_text_start+0x8/0x8 [ 30.711329] ? __call_srcu+0x7e7/0x1040 [ 30.715318] ? check_same_owner+0x340/0x340 [ 30.719645] ? mark_held_locks+0x160/0x160 [ 30.723887] ? find_held_lock+0x36/0x1c0 [ 30.727960] preempt_schedule_common+0x22/0x60 [ 30.732548] _cond_resched+0x1d/0x30 [ 30.736268] wait_for_completion+0xa5/0x8d0 [ 30.740601] ? wait_for_completion_interruptible+0x950/0x950 [ 30.746406] ? __lockdep_init_map+0x105/0x590 [ 30.750913] ? __init_waitqueue_head+0x9e/0x150 [ 30.755598] ? init_wait_entry+0x1c0/0x1c0 [ 30.759856] __synchronize_srcu+0x189/0x240 [ 30.764183] ? call_srcu+0x10/0x10 [ 30.767730] ? rcu_unexpedite_gp+0x20/0x20 [ 30.771988] synchronize_srcu+0x335/0x56f [ 30.776144] ? lock_downgrade+0x8f0/0x8f0 [ 30.780413] ? synchronize_srcu_expedited+0x20/0x20 [ 30.785488] ? kasan_check_read+0x11/0x20 [ 30.789645] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 30.794234] ? kasan_check_write+0x14/0x20 [ 30.798477] ? do_raw_spin_lock+0xc1/0x200 [ 30.802866] kvm_page_track_unregister_notifier+0x17d/0x250 [ 30.808586] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 30.814046] ? kvfree+0x61/0x70 [ 30.817333] ? rcu_read_lock_sched_held+0x108/0x120 [ 30.822356] kvm_mmu_uninit_vm+0x1c/0x20 [ 30.826423] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 30.830864] ? kvm_arch_sync_events+0x30/0x30 [ 30.835368] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.840917] ? mmu_notifier_unregister+0x474/0x600 [ 30.846146] ? trace_hardirqs_on+0x2c0/0x2c0 [ 30.850560] ? kfree+0x111/0x210 [ 30.853939] ? __mmu_notifier_register+0x30/0x30 [ 30.858705] ? __free_pages+0x10a/0x190 [ 30.862744] ? free_unref_page+0x930/0x930 [ 30.866996] kvm_put_kvm+0x73f/0x1060 [ 30.870830] ? kvm_write_guest_cached+0x40/0x40 [ 30.875512] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.880013] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.884559] ? lockdep_hardirqs_on+0x421/0x5c0 [ 30.889152] ? kasan_check_write+0x14/0x20 [ 30.893394] ? do_raw_spin_lock+0xc1/0x200 [ 30.897637] ? kvm_irqfd_release+0xdd/0x120 [ 30.901965] ? kvm_irqfd_release+0xdd/0x120 [ 30.906295] ? kvm_put_kvm+0x1060/0x1060 [ 30.910372] kvm_vm_release+0x42/0x50 [ 30.914184] __fput+0x38a/0xa40 [ 30.917472] ? __alloc_file+0x400/0x400 [ 30.921460] ? check_same_owner+0x340/0x340 [ 30.925809] ? kasan_check_write+0x14/0x20 [ 30.930055] ? do_raw_spin_lock+0xc1/0x200 [ 30.934316] ____fput+0x15/0x20 [ 30.937599] task_work_run+0x1e8/0x2a0 [ 30.941494] ? task_work_cancel+0x240/0x240 [ 30.945912] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.951457] ? switch_task_namespaces+0xa2/0xd0 [ 30.956134] do_exit+0x1ae4/0x26e0 [ 30.959787] ? mm_update_next_owner+0x9a0/0x9a0 [ 30.964490] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 30.968741] ? rcu_read_lock_sched_held+0x108/0x120 [ 30.973763] ? kfree+0x1d7/0x210 [ 30.977669] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 30.982049] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 30.987891] ? avc_has_extended_perms+0xa97/0x15c0 [ 30.992893] ? kernel_text_address+0x9e/0xf0 [ 30.997318] ? ptrace_set_breakpoint_addr+0xbb/0x380 [ 31.002433] ? avc_ss_reset+0x190/0x190 [ 31.006470] ? save_stack+0xa9/0xd0 [ 31.010105] ? save_stack+0x43/0xd0 [ 31.013738] ? __kasan_slab_free+0x11a/0x170 [ 31.018154] ? kasan_slab_free+0xe/0x10 [ 31.022131] ? putname+0xf2/0x130 [ 31.025594] ? __x64_sys_openat+0x9d/0x100 [ 31.029850] ? do_syscall_64+0x1b9/0x820 [ 31.033929] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.039313] ? initcall_blacklisted+0x9a/0x1e0 [ 31.043908] ? rcu_note_context_switch+0x680/0x680 [ 31.048963] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 31.054684] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.060226] ? do_vfs_ioctl+0x201/0x1720 [ 31.064296] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 31.069499] ? ioctl_preallocate+0x300/0x300 [ 31.073916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.079458] ? selinux_capable+0x40/0x40 [ 31.083525] ? path_pts+0x9e/0x1f0 [ 31.087186] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.092358] ? kmem_cache_free+0x246/0x280 [ 31.096719] ? putname+0xf7/0x130 [ 31.100189] do_group_exit+0x177/0x440 [ 31.104083] ? trace_hardirqs_on+0xbd/0x2c0 [ 31.108518] ? __ia32_sys_exit+0x50/0x50 [ 31.112583] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.117695] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.123248] ? ksys_ioctl+0x81/0xd0 [ 31.126948] __x64_sys_exit_group+0x3e/0x50 [ 31.131282] do_syscall_64+0x1b9/0x820 [ 31.135191] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 31.140565] ? syscall_return_slowpath+0x5e0/0x5e0 [ 31.145501] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.150384] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 31.155409] ? prepare_exit_to_usermode+0x291/0x3b0 [ 31.160436] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.165291] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.170488] RIP: 0033:0x43ef08 [ 31.173691] Code: Bad RIP value. [ 31.177058] RSP: 002b:00007ffe21b6fa38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 31.184772] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 31.192068] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 31.199343] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 31.206614] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 31.213931] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 31.221334] [ 31.222964] Allocated by task 4405: [ 31.226600] save_stack+0x43/0xd0 [ 31.230057] kasan_kmalloc+0xc4/0xe0 [ 31.233880] kasan_slab_alloc+0x12/0x20 [ 31.237858] kmem_cache_alloc+0x12e/0x710 [ 31.242016] vmx_create_vcpu+0xcf/0x2830 [ 31.246082] kvm_arch_vcpu_create+0xe5/0x220 [ 31.250499] kvm_vm_ioctl+0x488/0x1d80 [ 31.254605] do_vfs_ioctl+0x1de/0x1720 [ 31.258499] ksys_ioctl+0xa9/0xd0 [ 31.261958] __x64_sys_ioctl+0x73/0xb0 [ 31.265863] do_syscall_64+0x1b9/0x820 [ 31.269755] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.275053] [ 31.276680] Freed by task 4405: [ 31.279962] save_stack+0x43/0xd0 [ 31.283417] __kasan_slab_free+0x11a/0x170 [ 31.287657] kasan_slab_free+0xe/0x10 [ 31.291618] kmem_cache_free+0x86/0x280 [ 31.295597] vmx_free_vcpu+0x26b/0x300 [ 31.299641] kvm_arch_destroy_vm+0x365/0x7c0 [ 31.304058] kvm_put_kvm+0x73f/0x1060 [ 31.307870] kvm_vm_release+0x42/0x50 [ 31.311673] __fput+0x38a/0xa40 [ 31.314957] ____fput+0x15/0x20 [ 31.318239] task_work_run+0x1e8/0x2a0 [ 31.322130] do_exit+0x1ae4/0x26e0 [ 31.325676] do_group_exit+0x177/0x440 [ 31.329675] __x64_sys_exit_group+0x3e/0x50 [ 31.334067] do_syscall_64+0x1b9/0x820 [ 31.337961] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.343157] [ 31.344811] The buggy address belongs to the object at ffff8801c03f8040 [ 31.344811] which belongs to the cache kvm_vcpu of size 23872 [ 31.357394] The buggy address is located 24 bytes inside of [ 31.357394] 23872-byte region [ffff8801c03f8040, ffff8801c03fdd80) [ 31.369353] The buggy address belongs to the page: [ 31.374286] page:ffffea000700fe00 count:1 mapcount:0 mapping:ffff8801d61fd900 index:0x0 compound_mapcount: 0 [ 31.384270] flags: 0x2fffc0000008100(slab|head) [ 31.388958] raw: 02fffc0000008100 ffff8801d6204c48 ffff8801d6204c48 ffff8801d61fd900 [ 31.396858] raw: 0000000000000000 ffff8801c03f8040 0000000100000001 0000000000000000 [ 31.404735] page dumped because: kasan: bad access detected [ 31.410459] [ 31.412118] Memory state around the buggy address: [ 31.417051] ffff8801c03f7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.424412] ffff8801c03f7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.431773] >ffff8801c03f8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 31.439152] ^ [ 31.445383] ffff8801c03f8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.452746] ffff8801c03f8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.460109] ================================================================== [ 31.467470] Kernel panic - not syncing: panic_on_warn set ... [ 31.467470] [ 31.474849] CPU: 1 PID: 4405 Comm: syz-executor214 Tainted: G B 4.19.0-rc2+ #5 [ 31.483510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.492863] Call Trace: [ 31.495463] dump_stack+0x1c9/0x2b4 [ 31.499103] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.504309] ? lock_downgrade+0x8f0/0x8f0 [ 31.508464] ? __schedule+0xf54/0x1df0 [ 31.512490] panic+0x238/0x4e7 [ 31.515691] ? add_taint.cold.5+0x16/0x16 [ 31.519857] ? print_shadow_for_address+0xba/0x116 [ 31.524808] ? trace_hardirqs_off+0xaf/0x2c0 [ 31.529241] ? trace_hardirqs_off+0x77/0x2c0 [ 31.533656] ? __schedule+0xf54/0x1df0 [ 31.537550] kasan_end_report+0x47/0x4f [ 31.541530] kasan_report.cold.7+0x76/0x30d [ 31.545972] __asan_report_load8_noabort+0x14/0x20 [ 31.550911] __schedule+0xf54/0x1df0 [ 31.554637] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.559751] ? __sched_text_start+0x8/0x8 [ 31.563909] ? __call_srcu+0x7e7/0x1040 [ 31.567971] ? check_same_owner+0x340/0x340 [ 31.572411] ? mark_held_locks+0x160/0x160 [ 31.576653] ? find_held_lock+0x36/0x1c0 [ 31.580727] preempt_schedule_common+0x22/0x60 [ 31.585320] _cond_resched+0x1d/0x30 [ 31.589041] wait_for_completion+0xa5/0x8d0 [ 31.593536] ? wait_for_completion_interruptible+0x950/0x950 [ 31.599340] ? __lockdep_init_map+0x105/0x590 [ 31.603874] ? __init_waitqueue_head+0x9e/0x150 [ 31.608550] ? init_wait_entry+0x1c0/0x1c0 [ 31.612815] __synchronize_srcu+0x189/0x240 [ 31.617144] ? call_srcu+0x10/0x10 [ 31.620697] ? rcu_unexpedite_gp+0x20/0x20 [ 31.624945] synchronize_srcu+0x335/0x56f [ 31.629105] ? lock_downgrade+0x8f0/0x8f0 [ 31.633260] ? synchronize_srcu_expedited+0x20/0x20 [ 31.638290] ? kasan_check_read+0x11/0x20 [ 31.642448] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 31.647036] ? kasan_check_write+0x14/0x20 [ 31.651291] ? do_raw_spin_lock+0xc1/0x200 [ 31.655544] kvm_page_track_unregister_notifier+0x17d/0x250 [ 31.661266] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 31.666721] ? kvfree+0x61/0x70 [ 31.670013] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.675040] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.679110] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 31.683544] ? kvm_arch_sync_events+0x30/0x30 [ 31.688138] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.693685] ? mmu_notifier_unregister+0x474/0x600 [ 31.698618] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.703035] ? kfree+0x111/0x210 [ 31.706412] ? __mmu_notifier_register+0x30/0x30 [ 31.711179] ? __free_pages+0x10a/0x190 [ 31.715164] ? free_unref_page+0x930/0x930 [ 31.719419] kvm_put_kvm+0x73f/0x1060 [ 31.723232] ? kvm_write_guest_cached+0x40/0x40 [ 31.728046] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.732545] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.737047] ? lockdep_hardirqs_on+0x421/0x5c0 [ 31.741642] ? kasan_check_write+0x14/0x20 [ 31.745886] ? do_raw_spin_lock+0xc1/0x200 [ 31.750129] ? kvm_irqfd_release+0xdd/0x120 [ 31.754651] ? kvm_irqfd_release+0xdd/0x120 [ 31.758986] ? kvm_put_kvm+0x1060/0x1060 [ 31.763054] kvm_vm_release+0x42/0x50 [ 31.766863] __fput+0x38a/0xa40 [ 31.770153] ? __alloc_file+0x400/0x400 [ 31.774137] ? check_same_owner+0x340/0x340 [ 31.778467] ? kasan_check_write+0x14/0x20 [ 31.782707] ? do_raw_spin_lock+0xc1/0x200 [ 31.786949] ____fput+0x15/0x20 [ 31.790235] task_work_run+0x1e8/0x2a0 [ 31.794130] ? task_work_cancel+0x240/0x240 [ 31.798465] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.804012] ? switch_task_namespaces+0xa2/0xd0 [ 31.808689] do_exit+0x1ae4/0x26e0 [ 31.812254] ? mm_update_next_owner+0x9a0/0x9a0 [ 31.816939] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 31.821182] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.826210] ? kfree+0x1d7/0x210 [ 31.829695] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 31.834117] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 31.839854] ? avc_has_extended_perms+0xa97/0x15c0 [ 31.844788] ? kernel_text_address+0x9e/0xf0 [ 31.849232] ? ptrace_set_breakpoint_addr+0xbb/0x380 [ 31.854352] ? avc_ss_reset+0x190/0x190 [ 31.858336] ? save_stack+0xa9/0xd0 [ 31.861968] ? save_stack+0x43/0xd0 [ 31.865599] ? __kasan_slab_free+0x11a/0x170 [ 31.870133] ? kasan_slab_free+0xe/0x10 [ 31.874140] ? putname+0xf2/0x130 [ 31.877601] ? __x64_sys_openat+0x9d/0x100 [ 31.881847] ? do_syscall_64+0x1b9/0x820 [ 31.885916] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.891442] ? initcall_blacklisted+0x9a/0x1e0 [ 31.896033] ? rcu_note_context_switch+0x680/0x680 [ 31.900977] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 31.906698] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.912242] ? do_vfs_ioctl+0x201/0x1720 [ 31.916451] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 31.921653] ? ioctl_preallocate+0x300/0x300 [ 31.926071] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.931614] ? selinux_capable+0x40/0x40 [ 31.935681] ? path_pts+0x9e/0x1f0 [ 31.939232] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.944253] ? kmem_cache_free+0x246/0x280 [ 31.948497] ? putname+0xf7/0x130 [ 31.951962] do_group_exit+0x177/0x440 [ 31.955928] ? trace_hardirqs_on+0xbd/0x2c0 [ 31.960257] ? __ia32_sys_exit+0x50/0x50 [ 31.964325] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.969459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.975090] ? ksys_ioctl+0x81/0xd0 [ 31.978725] __x64_sys_exit_group+0x3e/0x50 [ 31.983054] do_syscall_64+0x1b9/0x820 [ 31.986946] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 31.992430] ? syscall_return_slowpath+0x5e0/0x5e0 [ 31.997366] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.002224] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 32.007254] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.012283] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.017137] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.022331] RIP: 0033:0x43ef08 [ 32.025530] Code: Bad RIP value. [ 32.028949] RSP: 002b:00007ffe21b6fa38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.036669] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 32.043942] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.051335] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.058671] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 32.065949] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 32.073232] [ 32.073238] ====================================================== [ 32.073243] WARNING: possible circular locking dependency detected [ 32.073247] 4.19.0-rc2+ #5 Not tainted [ 32.073252] ------------------------------------------------------ [ 32.073257] syz-executor214/4405 is trying to acquire lock: [ 32.073261] 00000000568c486c ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 32.073276] [ 32.073280] but task is already holding lock: [ 32.073283] 00000000dda1e2fd (report_lock){....}, at: kasan_report+0x8e/0x110 [ 32.073298] [ 32.073309] which lock already depends on the new lock. [ 32.073311] [ 32.073314] [ 32.073319] the existing dependency chain (in reverse order) is: [ 32.073321] [ 32.073323] -> #3 (report_lock){....}: [ 32.073338] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.073342] kasan_report+0x8e/0x110 [ 32.073347] __asan_report_load8_noabort+0x14/0x20 [ 32.073351] __schedule+0xf54/0x1df0 [ 32.073355] preempt_schedule_common+0x22/0x60 [ 32.073359] _cond_resched+0x1d/0x30 [ 32.073364] wait_for_completion+0xa5/0x8d0 [ 32.073368] __synchronize_srcu+0x189/0x240 [ 32.073372] synchronize_srcu+0x335/0x56f [ 32.073377] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.073381] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.073386] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.073390] kvm_put_kvm+0x73f/0x1060 [ 32.073394] kvm_vm_release+0x42/0x50 [ 32.073397] __fput+0x38a/0xa40 [ 32.073401] ____fput+0x15/0x20 [ 32.073405] task_work_run+0x1e8/0x2a0 [ 32.073409] do_exit+0x1ae4/0x26e0 [ 32.073413] do_group_exit+0x177/0x440 [ 32.073417] __x64_sys_exit_group+0x3e/0x50 [ 32.073421] do_syscall_64+0x1b9/0x820 [ 32.073426] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.073428] [ 32.073430] -> #2 (&rq->lock){-.-.}: [ 32.073444] _raw_spin_lock+0x2a/0x40 [ 32.073448] task_fork_fair+0x93/0x680 [ 32.073452] sched_fork+0x44b/0xbd0 [ 32.073456] copy_process+0x235e/0x7af0 [ 32.073460] _do_fork+0x1ca/0x1170 [ 32.073464] kernel_thread+0x34/0x40 [ 32.073467] rest_init+0x22/0xe4 [ 32.073471] start_kernel+0x913/0x94e [ 32.073476] x86_64_start_reservations+0x29/0x2b [ 32.073480] x86_64_start_kernel+0x76/0x79 [ 32.073484] secondary_startup_64+0xa4/0xb0 [ 32.073487] [ 32.073489] -> #1 (&p->pi_lock){-.-.}: [ 32.073504] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.073508] try_to_wake_up+0xd2/0x1250 [ 32.073512] wake_up_process+0x10/0x20 [ 32.073515] __up.isra.1+0x1c0/0x2a0 [ 32.073519] up+0x13c/0x1c0 [ 32.073523] __up_console_sem+0xbe/0x1b0 [ 32.073527] console_unlock+0x506/0x10e0 [ 32.073531] vprintk_emit+0x33a/0x910 [ 32.073535] vprintk_default+0x28/0x30 [ 32.073539] vprintk_func+0x7a/0x117 [ 32.073542] printk+0xa7/0xcf [ 32.073546] load_umh+0x51/0xbd [ 32.073550] do_one_initcall+0x127/0x838 [ 32.073554] kernel_init_freeable+0x4bb/0x5ae [ 32.073558] kernel_init+0x11/0x1b3 [ 32.073562] ret_from_fork+0x3a/0x50 [ 32.073564] [ 32.073566] -> #0 ((console_sem).lock){-...}: [ 32.073581] lock_acquire+0x1e4/0x4f0 [ 32.073586] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.073589] down_trylock+0x13/0x70 [ 32.073594] __down_trylock_console_sem+0xae/0x200 [ 32.073598] console_trylock+0x15/0xa0 [ 32.073602] vprintk_emit+0x31f/0x910 [ 32.073606] vprintk_default+0x28/0x30 [ 32.073610] vprintk_func+0x7a/0x117 [ 32.073614] printk+0xa7/0xcf [ 32.073617] kasan_report+0x9e/0x110 [ 32.073622] __asan_report_load8_noabort+0x14/0x20 [ 32.073626] __schedule+0xf54/0x1df0 [ 32.073630] preempt_schedule_common+0x22/0x60 [ 32.073634] _cond_resched+0x1d/0x30 [ 32.073639] wait_for_completion+0xa5/0x8d0 [ 32.073643] __synchronize_srcu+0x189/0x240 [ 32.073647] synchronize_srcu+0x335/0x56f [ 32.073652] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.073656] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.073660] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.073664] kvm_put_kvm+0x73f/0x1060 [ 32.073668] kvm_vm_release+0x42/0x50 [ 32.073672] __fput+0x38a/0xa40 [ 32.073675] ____fput+0x15/0x20 [ 32.073679] task_work_run+0x1e8/0x2a0 [ 32.073683] do_exit+0x1ae4/0x26e0 [ 32.073687] do_group_exit+0x177/0x440 [ 32.073691] __x64_sys_exit_group+0x3e/0x50 [ 32.073695] do_syscall_64+0x1b9/0x820 [ 32.073700] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.073702] [ 32.073707] other info that might help us debug this: [ 32.073709] [ 32.073712] Chain exists of: [ 32.073714] (console_sem).lock --> &rq->lock --> report_lock [ 32.073733] [ 32.073737] Possible unsafe locking scenario: [ 32.073739] [ 32.073743] CPU0 CPU1 [ 32.073747] ---- ---- [ 32.073750] lock(report_lock); [ 32.073759] lock(&rq->lock); [ 32.073769] lock(report_lock); [ 32.073777] lock((console_sem).lock); [ 32.073785] [ 32.073788] *** DEADLOCK *** [ 32.073813] [ 32.073817] 2 locks held by syz-executor214/4405: [ 32.073820] #0: 000000009071bc78 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 32.073837] #1: 00000000dda1e2fd (report_lock){....}, at: kasan_report+0x8e/0x110 [ 32.073854] [ 32.073857] stack backtrace: [ 32.073863] CPU: 1 PID: 4405 Comm: syz-executor214 Not tainted 4.19.0-rc2+ #5 [ 32.073870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.073874] Call Trace: [ 32.073877] dump_stack+0x1c9/0x2b4 [ 32.073882] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.073886] ? vprintk_func+0x100/0x117 [ 32.073891] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 32.073895] ? save_trace+0xe0/0x290 [ 32.073899] __lock_acquire+0x3449/0x5020 [ 32.073903] ? mark_held_locks+0x160/0x160 [ 32.073907] ? mark_held_locks+0x160/0x160 [ 32.073912] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 32.073916] ? is_bpf_text_address+0xd7/0x170 [ 32.073920] ? kernel_text_address+0x79/0xf0 [ 32.073924] ? __kernel_text_address+0xd/0x40 [ 32.073929] ? __save_stack_trace+0x8d/0xf0 [ 32.073933] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 32.073937] ? save_trace+0x290/0x290 [ 32.073941] ? save_stack_trace+0x1a/0x20 [ 32.073945] ? save_trace+0xe0/0x290 [ 32.073949] ? graph_lock+0x170/0x170 [ 32.073954] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.073958] lock_acquire+0x1e4/0x4f0 [ 32.073962] ? down_trylock+0x13/0x70 [ 32.073966] ? lock_release+0x9f0/0x9f0 [ 32.073970] ? trace_hardirqs_off+0xb8/0x2c0 [ 32.073974] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.073978] ? trace_hardirqs_off+0xb8/0x2c0 [ 32.073982] ? log_store+0x34f/0x4c0 [ 32.073986] ? vprintk_emit+0x31f/0x910 [ 32.073991] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.073994] ? down_trylock+0x13/0x70 [ 32.073998] down_trylock+0x13/0x70 [ 32.074003] __down_trylock_console_sem+0xae/0x200 [ 32.074007] console_trylock+0x15/0xa0 [ 32.074011] vprintk_emit+0x31f/0x910 [ 32.074015] ? wake_up_klogd+0x110/0x110 [ 32.074019] ? run_rebalance_domains+0x4c0/0x4c0 [ 32.074023] ? kasan_check_read+0x11/0x20 [ 32.074027] ? rcu_is_watching+0x8c/0x150 [ 32.074031] ? rcu_pm_notify+0xc0/0xc0 [ 32.074035] ? lock_acquire+0x1e4/0x4f0 [ 32.074039] ? kasan_report+0x8e/0x110 [ 32.074043] ? __schedule+0xf54/0x1df0 [ 32.074047] vprintk_default+0x28/0x30 [ 32.074050] vprintk_func+0x7a/0x117 [ 32.074054] printk+0xa7/0xcf [ 32.074058] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.074062] ? kasan_check_write+0x14/0x20 [ 32.074067] ? do_raw_spin_lock+0xc1/0x200 [ 32.074071] ? do_raw_spin_lock+0xc1/0x200 [ 32.074074] kasan_report+0x9e/0x110 [ 32.074079] __asan_report_load8_noabort+0x14/0x20 [ 32.074083] __schedule+0xf54/0x1df0 [ 32.074087] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.074091] ? __sched_text_start+0x8/0x8 [ 32.074095] ? __call_srcu+0x7e7/0x1040 [ 32.074100] ? check_same_owner+0x340/0x340 [ 32.074104] ? mark_held_locks+0x160/0x160 [ 32.074108] ? find_held_lock+0x36/0x1c0 [ 32.074112] preempt_schedule_common+0x22/0x60 [ 32.074116] _cond_resched+0x1d/0x30 [ 32.074120] wait_for_completion+0xa5/0x8d0 [ 32.074125] ? wait_for_completion_interruptible+0x950/0x950 [ 32.074129] ? __lockdep_init_map+0x105/0x590 [ 32.074134] ? __init_waitqueue_head+0x9e/0x150 [ 32.074138] ? init_wait_entry+0x1c0/0x1c0 [ 32.074142] __synchronize_srcu+0x189/0x240 [ 32.074146] ? call_srcu+0x10/0x10 [ 32.074150] ? rcu_unexpedite_gp+0x20/0x20 [ 32.074154] synchronize_srcu+0x335/0x56f [ 32.074158] ? lock_downgrade+0x8f0/0x8f0 [ 32.074163] ? synchronize_srcu_expedited+0x20/0x20 [ 32.074167] ? kasan_check_read+0x11/0x20 [ 32.074171] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.074175] ? kasan_check_write+0x14/0x20 [ 32.074179] ? do_raw_spin_lock+0xc1/0x200 [ 32.074184] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.074189] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.074193] ? kvfree+0x61/0x70 [ 32.074198] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.074202] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.074206] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.074210] ? kvm_arch_sync_events+0x30/0x30 [ 32.074215] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.074220] ? mmu_notifier_unregister+0x474/0x600 [ 32.074224] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.074228] ? kfree+0x111/0x210 [ 32.074233] ? __mmu_notifier_register+0x30/0x30 [ 32.074237] ? __free_pages+0x10a/0x190 [ 32.074241] ? free_unref_page+0x930/0x930 [ 32.074245] kvm_put_kvm+0x73f/0x1060 [ 32.074249] ? kvm_write_guest_cached+0x40/0x40 [ 32.074254] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.074258] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.074262] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.074266] ? kasan_check_write+0x14/0x20 [ 32.074270] ? do_raw_spin_lock+0xc1/0x200 [ 32.074275] ? kvm_irqfd_release+0xdd/0x120 [ 32.074279] ? kvm_irqfd_release+0xdd/0x120 [ 32.074283] ? kvm_put_kvm+0x1060/0x1060 [ 32.074287] kvm_vm_release+0x42/0x50 [ 32.074290] __fput+0x38a/0xa40 [ 32.074294] ? __alloc_file+0x400/0x400 [ 32.074298] ? check_same_owner+0x340/0x340 [ 32.074308] ? kasan_check_write+0x14/0x20 [ 32.074312] ? do_raw_spin_lock+0xc1/0x200 [ 32.074316] ____fput+0x15/0x20 [ 32.074320] task_work_run+0x1e8/0x2a0 [ 32.074324] ? task_work_cancel+0x240/0x240 [ 32.074329] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.074333] ? switch_task_namespaces+0xa2/0xd0 [ 32.074337] do_exit+0x1ae4/0x26e0 [ 32.074341] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.074345] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 32.074350] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.074353] ? kfree+0x1d7/0x210 [ 32.074357] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 32.074363] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.074367] ? avc_has_extended_perms+0xa97/0x15c0 [ 32.074369] [ 32.074377] Lost 47 message(s)! [ 33.158231] Shutting down cpus with NMI [ 34.224087] Dumping ftrace buffer: [ 34.227624] (ftrace buffer empty) [ 34.231448] Kernel Offset: disabled [ 34.235074] Rebooting in 86400 seconds..