[[ 30.237816] random: sshd: uninitialized urandom read (32 bytes read) ....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.196830] random: sshd: uninitialized urandom read (32 bytes read) [ 34.532804] audit: type=1400 audit(1537484654.331:6): avc: denied { map } for pid=5495 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 34.591307] random: sshd: uninitialized urandom read (32 bytes read) [ 35.282637] random: sshd: uninitialized urandom read (32 bytes read) [ 35.522169] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.40' (ECDSA) to the list of known hosts. [ 41.295699] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 41.428883] audit: type=1400 audit(1537484661.231:7): avc: denied { map } for pid=5509 comm="syz-executor163" path="/root/syz-executor163659983" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 41.432787] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 41.488188] ================================================================== [ 41.498306] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 41.504538] Read of size 8 at addr ffff8801d74b0058 by task syz-executor163/5509 [ 41.512069] [ 41.513698] CPU: 1 PID: 5509 Comm: syz-executor163 Not tainted 4.19.0-rc4+ #26 [ 41.521049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.530401] Call Trace: [ 41.532994] dump_stack+0x1c4/0x2b4 [ 41.536620] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.541804] ? printk+0xa7/0xcf [ 41.545094] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 41.549859] print_address_description.cold.8+0x9/0x1ff [ 41.555242] kasan_report.cold.9+0x242/0x309 [ 41.559649] ? __schedule+0xfc3/0x1ed0 [ 41.563547] __asan_report_load8_noabort+0x14/0x20 [ 41.568475] __schedule+0xfc3/0x1ed0 [ 41.572193] ? __sched_text_start+0x8/0x8 [ 41.576343] ? __lock_is_held+0xb5/0x140 [ 41.580405] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.585510] ? find_held_lock+0x36/0x1c0 [ 41.589586] ? __call_srcu+0x7f9/0x1070 [ 41.593583] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.598688] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.603809] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.608402] ? preempt_schedule+0x4d/0x60 [ 41.612551] preempt_schedule_common+0x1f/0xd0 [ 41.617132] preempt_schedule+0x4d/0x60 [ 41.621109] ___preempt_schedule+0x16/0x18 [ 41.625349] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.630276] __call_srcu+0x7f9/0x1070 [ 41.634077] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.639185] ? srcu_offline_cpu+0x120/0x120 [ 41.643508] ? debug_object_free+0x690/0x690 [ 41.647934] ? mark_held_locks+0x130/0x130 [ 41.652173] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 41.656759] ? lock_release+0x970/0x970 [ 41.660737] ? arch_local_save_flags+0x40/0x40 [ 41.665322] ? depot_save_stack+0x292/0x470 [ 41.669652] ? __lockdep_init_map+0x105/0x590 [ 41.674153] ? __init_waitqueue_head+0x9e/0x150 [ 41.678848] ? init_wait_entry+0x1c0/0x1c0 [ 41.683093] __synchronize_srcu+0x17b/0x230 [ 41.687437] ? call_srcu+0x10/0x10 [ 41.691062] ? rcu_unexpedite_gp+0x20/0x20 [ 41.695306] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.700845] ? check_preemption_disabled+0x48/0x200 [ 41.705883] synchronize_srcu+0x356/0x5ab [ 41.710048] ? lock_downgrade+0x900/0x900 [ 41.714195] ? synchronize_srcu_expedited+0x20/0x20 [ 41.719215] ? kasan_check_read+0x11/0x20 [ 41.723368] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.727952] ? kasan_check_write+0x14/0x20 [ 41.732186] ? do_raw_spin_lock+0xc1/0x200 [ 41.736430] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.742141] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.747602] ? kvfree+0x61/0x70 [ 41.750894] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.755927] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.759991] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.764408] ? kvm_arch_sync_events+0x30/0x30 [ 41.768906] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.774528] ? mmu_notifier_unregister+0x474/0x600 [ 41.779457] ? kfree+0x107/0x230 [ 41.782831] ? __mmu_notifier_register+0x30/0x30 [ 41.787634] ? __free_pages+0x10a/0x190 [ 41.791634] ? free_unref_page+0x960/0x960 [ 41.795899] kvm_put_kvm+0x6c8/0xff0 [ 41.799628] ? kvm_write_guest_cached+0x40/0x40 [ 41.804326] ? kvm_irqfd_release+0xd1/0x120 [ 41.808656] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.813150] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.817654] ? kasan_check_write+0x14/0x20 [ 41.821895] ? do_raw_spin_lock+0xc1/0x200 [ 41.826128] ? kvm_irqfd_release+0xdd/0x120 [ 41.830443] ? kvm_irqfd_release+0xdd/0x120 [ 41.834768] ? kvm_put_kvm+0xff0/0xff0 [ 41.838664] kvm_vm_release+0x42/0x50 [ 41.842464] __fput+0x385/0xa30 [ 41.845762] ? get_max_files+0x20/0x20 [ 41.849667] ? ___might_sleep+0x1ed/0x300 [ 41.853830] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.859289] ? arch_local_save_flags+0x40/0x40 [ 41.863871] ? kasan_check_write+0x14/0x20 [ 41.868105] ? do_raw_spin_lock+0xc1/0x200 [ 41.872349] ____fput+0x15/0x20 [ 41.875632] task_work_run+0x1e8/0x2a0 [ 41.879521] ? task_work_cancel+0x240/0x240 [ 41.883850] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.889401] ? switch_task_namespaces+0x9d/0xd0 [ 41.894072] do_exit+0x1ad7/0x2610 [ 41.897620] ? mm_update_next_owner+0x990/0x990 [ 41.902288] ? kvm_dev_ioctl+0x18a/0x1b10 [ 41.906524] ? kvm_debugfs_release+0x90/0x90 [ 41.910928] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 41.916729] ? kasan_check_read+0x11/0x20 [ 41.920875] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 41.926150] ? rcu_bh_qs+0xc0/0xc0 [ 41.929695] ? unwind_dump+0x190/0x190 [ 41.933584] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.939128] ? avc_has_extended_perms+0xab2/0x15a0 [ 41.944067] ? save_stack_address+0x4b/0x60 [ 41.948424] ? avc_ss_reset+0x190/0x190 [ 41.952414] ? save_stack+0xa9/0xd0 [ 41.956036] ? save_stack+0x43/0xd0 [ 41.959659] ? __kasan_slab_free+0x102/0x150 [ 41.964062] ? kasan_slab_free+0xe/0x10 [ 41.968037] ? putname+0xf2/0x130 [ 41.971487] ? __x64_sys_openat+0x9d/0x100 [ 41.975722] ? do_syscall_64+0x1b9/0x820 [ 41.979781] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.985176] ? ___might_sleep+0x1ed/0x300 [ 41.989325] ? arch_local_save_flags+0x40/0x40 [ 41.993908] ? kasan_check_write+0x14/0x20 [ 41.998146] ? trace_hardirqs_off+0xb8/0x310 [ 42.002561] ? kvm_debugfs_release+0x90/0x90 [ 42.006974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.012521] ? do_vfs_ioctl+0x201/0x1720 [ 42.016592] ? ioctl_preallocate+0x300/0x300 [ 42.021030] ? selinux_file_mprotect+0x620/0x620 [ 42.025785] ? path_mountpoint+0x4c1/0x2190 [ 42.030122] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.035144] ? kmem_cache_free+0x24f/0x290 [ 42.039842] ? putname+0xf7/0x130 [ 42.043305] do_group_exit+0x177/0x440 [ 42.047197] ? trace_hardirqs_on+0xbd/0x310 [ 42.051518] ? __ia32_sys_exit+0x50/0x50 [ 42.055581] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.061059] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.066591] ? ksys_ioctl+0x81/0xd0 [ 42.070262] __x64_sys_exit_group+0x3e/0x50 [ 42.074588] do_syscall_64+0x1b9/0x820 [ 42.078536] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 42.083910] ? syscall_return_slowpath+0x5e0/0x5e0 [ 42.088845] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.093687] ? trace_hardirqs_on_caller+0x310/0x310 [ 42.098701] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 42.103714] ? prepare_exit_to_usermode+0x291/0x3b0 [ 42.108731] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.113589] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.118783] RIP: 0033:0x43eea8 [ 42.121977] Code: Bad RIP value. [ 42.125345] RSP: 002b:00007ffed1119ad8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 42.133050] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043eea8 [ 42.140337] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 42.147608] RBP: 00000000004be7a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 42.154876] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 42.162143] R13: 00000000006d01a0 R14: 0000000000000000 R15: 0000000000000000 [ 42.169414] [ 42.171038] Allocated by task 5509: [ 42.174691] save_stack+0x43/0xd0 [ 42.178143] kasan_kmalloc+0xc7/0xe0 [ 42.181853] kasan_slab_alloc+0x12/0x20 [ 42.185837] kmem_cache_alloc+0x12e/0x730 [ 42.189992] vmx_create_vcpu+0xcf/0x25e0 [ 42.194050] kvm_arch_vcpu_create+0xe5/0x220 [ 42.198452] kvm_vm_ioctl+0x470/0x1d40 [ 42.202340] do_vfs_ioctl+0x1de/0x1720 [ 42.206226] ksys_ioctl+0xa9/0xd0 [ 42.209683] __x64_sys_ioctl+0x73/0xb0 [ 42.213568] do_syscall_64+0x1b9/0x820 [ 42.217463] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.222656] [ 42.224279] Freed by task 5509: [ 42.227567] save_stack+0x43/0xd0 [ 42.231033] __kasan_slab_free+0x102/0x150 [ 42.235273] kasan_slab_free+0xe/0x10 [ 42.239073] kmem_cache_free+0x83/0x290 [ 42.243052] vmx_free_vcpu+0x26b/0x300 [ 42.246939] kvm_arch_destroy_vm+0x365/0x7c0 [ 42.251344] kvm_put_kvm+0x6c8/0xff0 [ 42.255058] kvm_vm_release+0x42/0x50 [ 42.258854] __fput+0x385/0xa30 [ 42.262130] ____fput+0x15/0x20 [ 42.265410] task_work_run+0x1e8/0x2a0 [ 42.269299] do_exit+0x1ad7/0x2610 [ 42.272845] do_group_exit+0x177/0x440 [ 42.276735] __x64_sys_exit_group+0x3e/0x50 [ 42.281060] do_syscall_64+0x1b9/0x820 [ 42.284949] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.290125] [ 42.291748] The buggy address belongs to the object at ffff8801d74b0040 [ 42.291748] which belongs to the cache kvm_vcpu of size 23872 [ 42.304338] The buggy address is located 24 bytes inside of [ 42.304338] 23872-byte region [ffff8801d74b0040, ffff8801d74b5d80) [ 42.316297] The buggy address belongs to the page: [ 42.321225] page:ffffea00075d2c00 count:1 mapcount:0 mapping:ffff8801d5633dc0 index:0x0 compound_mapcount: 0 [ 42.331194] flags: 0x2fffc0000008100(slab|head) [ 42.335871] raw: 02fffc0000008100 ffff8801d562a648 ffff8801d562a648 ffff8801d5633dc0 [ 42.344012] raw: 0000000000000000 ffff8801d74b0040 0000000100000001 0000000000000000 [ 42.351888] page dumped because: kasan: bad access detected [ 42.357584] [ 42.359209] Memory state around the buggy address: [ 42.364147] ffff8801d74aff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.371499] ffff8801d74aff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.378895] >ffff8801d74b0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 42.386260] ^ [ 42.392487] ffff8801d74b0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.399849] ffff8801d74b0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.407199] ================================================================== [ 42.414564] Kernel panic - not syncing: panic_on_warn set ... [ 42.414564] [ 42.421958] CPU: 1 PID: 5509 Comm: syz-executor163 Tainted: G B 4.19.0-rc4+ #26 [ 42.430701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.440074] Call Trace: [ 42.442677] dump_stack+0x1c4/0x2b4 [ 42.446307] ? dump_stack_print_info.cold.2+0x52/0x52 [ 42.451503] ? lock_downgrade+0x900/0x900 [ 42.455656] panic+0x238/0x4e7 [ 42.458874] ? add_taint.cold.5+0x16/0x16 [ 42.463049] ? print_shadow_for_address+0xb6/0x116 [ 42.467982] ? trace_hardirqs_off+0xaf/0x310 [ 42.472393] kasan_end_report+0x47/0x4f [ 42.476367] kasan_report.cold.9+0x76/0x309 [ 42.480690] ? __schedule+0xfc3/0x1ed0 [ 42.484631] __asan_report_load8_noabort+0x14/0x20 [ 42.489561] __schedule+0xfc3/0x1ed0 [ 42.493315] ? __sched_text_start+0x8/0x8 [ 42.497466] ? __lock_is_held+0xb5/0x140 [ 42.501537] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.506640] ? find_held_lock+0x36/0x1c0 [ 42.510706] ? __call_srcu+0x7f9/0x1070 [ 42.514679] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.519790] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.524899] ? lockdep_hardirqs_on+0x421/0x5c0 [ 42.529482] ? preempt_schedule+0x4d/0x60 [ 42.533636] preempt_schedule_common+0x1f/0xd0 [ 42.538222] preempt_schedule+0x4d/0x60 [ 42.542203] ___preempt_schedule+0x16/0x18 [ 42.546445] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.551377] __call_srcu+0x7f9/0x1070 [ 42.555176] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 42.560285] ? srcu_offline_cpu+0x120/0x120 [ 42.564638] ? debug_object_free+0x690/0x690 [ 42.569056] ? mark_held_locks+0x130/0x130 [ 42.573294] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 42.577880] ? lock_release+0x970/0x970 [ 42.581860] ? arch_local_save_flags+0x40/0x40 [ 42.586443] ? depot_save_stack+0x292/0x470 [ 42.590771] ? __lockdep_init_map+0x105/0x590 [ 42.595272] ? __init_waitqueue_head+0x9e/0x150 [ 42.599950] ? init_wait_entry+0x1c0/0x1c0 [ 42.604206] __synchronize_srcu+0x17b/0x230 [ 42.608528] ? call_srcu+0x10/0x10 [ 42.612071] ? rcu_unexpedite_gp+0x20/0x20 [ 42.616315] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.621855] ? check_preemption_disabled+0x48/0x200 [ 42.626885] synchronize_srcu+0x356/0x5ab [ 42.631037] ? lock_downgrade+0x900/0x900 [ 42.635184] ? synchronize_srcu_expedited+0x20/0x20 [ 42.640219] ? kasan_check_read+0x11/0x20 [ 42.644368] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 42.648973] ? kasan_check_write+0x14/0x20 [ 42.653208] ? do_raw_spin_lock+0xc1/0x200 [ 42.657451] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.663164] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 42.668620] ? kvfree+0x61/0x70 [ 42.671927] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.676945] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.681009] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.685418] ? kvm_arch_sync_events+0x30/0x30 [ 42.689917] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.695452] ? mmu_notifier_unregister+0x474/0x600 [ 42.700384] ? kfree+0x107/0x230 [ 42.703751] ? __mmu_notifier_register+0x30/0x30 [ 42.708509] ? __free_pages+0x10a/0x190 [ 42.712655] ? free_unref_page+0x960/0x960 [ 42.716897] kvm_put_kvm+0x6c8/0xff0 [ 42.720638] ? kvm_write_guest_cached+0x40/0x40 [ 42.725306] ? kvm_irqfd_release+0xd1/0x120 [ 42.729635] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.734131] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.738640] ? kasan_check_write+0x14/0x20 [ 42.742905] ? do_raw_spin_lock+0xc1/0x200 [ 42.747142] ? kvm_irqfd_release+0xdd/0x120 [ 42.751472] ? kvm_irqfd_release+0xdd/0x120 [ 42.755795] ? kvm_put_kvm+0xff0/0xff0 [ 42.759686] kvm_vm_release+0x42/0x50 [ 42.763487] __fput+0x385/0xa30 [ 42.766767] ? get_max_files+0x20/0x20 [ 42.770657] ? ___might_sleep+0x1ed/0x300 [ 42.774803] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.780262] ? arch_local_save_flags+0x40/0x40 [ 42.784851] ? kasan_check_write+0x14/0x20 [ 42.789091] ? do_raw_spin_lock+0xc1/0x200 [ 42.793325] ____fput+0x15/0x20 [ 42.796612] task_work_run+0x1e8/0x2a0 [ 42.800499] ? task_work_cancel+0x240/0x240 [ 42.804831] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.810368] ? switch_task_namespaces+0x9d/0xd0 [ 42.815041] do_exit+0x1ad7/0x2610 [ 42.818585] ? mm_update_next_owner+0x990/0x990 [ 42.823258] ? kvm_dev_ioctl+0x18a/0x1b10 [ 42.827409] ? kvm_debugfs_release+0x90/0x90 [ 42.831829] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 42.837642] ? kasan_check_read+0x11/0x20 [ 42.841793] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 42.847074] ? rcu_bh_qs+0xc0/0xc0 [ 42.850618] ? unwind_dump+0x190/0x190 [ 42.854511] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.860062] ? avc_has_extended_perms+0xab2/0x15a0 [ 42.864999] ? save_stack_address+0x4b/0x60 [ 42.869322] ? avc_ss_reset+0x190/0x190 [ 42.873303] ? save_stack+0xa9/0xd0 [ 42.876927] ? save_stack+0x43/0xd0 [ 42.880548] ? __kasan_slab_free+0x102/0x150 [ 42.884953] ? kasan_slab_free+0xe/0x10 [ 42.888931] ? putname+0xf2/0x130 [ 42.892405] ? __x64_sys_openat+0x9d/0x100 [ 42.896654] ? do_syscall_64+0x1b9/0x820 [ 42.900717] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.906101] ? ___might_sleep+0x1ed/0x300 [ 42.910250] ? arch_local_save_flags+0x40/0x40 [ 42.914869] ? kasan_check_write+0x14/0x20 [ 42.919111] ? trace_hardirqs_off+0xb8/0x310 [ 42.923526] ? kvm_debugfs_release+0x90/0x90 [ 42.927939] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.933850] ? do_vfs_ioctl+0x201/0x1720 [ 42.937916] ? ioctl_preallocate+0x300/0x300 [ 42.942334] ? selinux_file_mprotect+0x620/0x620 [ 42.947089] ? path_mountpoint+0x4c1/0x2190 [ 42.951415] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.956441] ? kmem_cache_free+0x24f/0x290 [ 42.960676] ? putname+0xf7/0x130 [ 42.964142] do_group_exit+0x177/0x440 [ 42.968046] ? trace_hardirqs_on+0xbd/0x310 [ 42.972369] ? __ia32_sys_exit+0x50/0x50 [ 42.976445] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.981909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.987471] ? ksys_ioctl+0x81/0xd0 [ 42.991125] __x64_sys_exit_group+0x3e/0x50 [ 42.995450] do_syscall_64+0x1b9/0x820 [ 42.999337] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 43.004701] ? syscall_return_slowpath+0x5e0/0x5e0 [ 43.009630] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.014471] ? trace_hardirqs_on_caller+0x310/0x310 [ 43.019487] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 43.024505] ? prepare_exit_to_usermode+0x291/0x3b0 [ 43.029521] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.034371] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.040019] RIP: 0033:0x43eea8 [ 43.043215] Code: Bad RIP value. [ 43.046575] RSP: 002b:00007ffed1119ad8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 43.054288] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043eea8 [ 43.061568] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 43.068852] RBP: 00000000004be7a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 43.076115] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 43.083380] R13: 00000000006d01a0 R14: 0000000000000000 R15: 0000000000000000 [ 43.090655] [ 43.090661] ====================================================== [ 43.090667] WARNING: possible circular locking dependency detected [ 43.090671] 4.19.0-rc4+ #26 Not tainted [ 43.090676] ------------------------------------------------------ [ 43.090682] syz-executor163/5509 is trying to acquire lock: [ 43.090685] 0000000044d1d0f3 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 43.090701] [ 43.090705] but task is already holding lock: [ 43.090708] 0000000053600215 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 43.090724] [ 43.090729] which lock already depends on the new lock. [ 43.090731] [ 43.090734] [ 43.090739] the existing dependency chain (in reverse order) is: [ 43.090741] [ 43.090744] -> #3 (report_lock){....}: [ 43.090760] _raw_spin_lock_irqsave+0x99/0xd0 [ 43.090764] kasan_report+0x8b/0x110 [ 43.090769] __asan_report_load8_noabort+0x14/0x20 [ 43.090773] __schedule+0xfc3/0x1ed0 [ 43.090777] preempt_schedule_common+0x1f/0xd0 [ 43.090782] preempt_schedule+0x4d/0x60 [ 43.090804] ___preempt_schedule+0x16/0x18 [ 43.090809] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 43.090813] __call_srcu+0x7f9/0x1070 [ 43.090828] __synchronize_srcu+0x17b/0x230 [ 43.090833] synchronize_srcu+0x356/0x5ab [ 43.090838] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.090843] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.090847] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.090851] kvm_put_kvm+0x6c8/0xff0 [ 43.090856] kvm_vm_release+0x42/0x50 [ 43.090860] __fput+0x385/0xa30 [ 43.090864] ____fput+0x15/0x20 [ 43.090868] task_work_run+0x1e8/0x2a0 [ 43.090872] do_exit+0x1ad7/0x2610 [ 43.090877] do_group_exit+0x177/0x440 [ 43.090881] __x64_sys_exit_group+0x3e/0x50 [ 43.090886] do_syscall_64+0x1b9/0x820 [ 43.090891] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.090893] [ 43.090896] -> #2 (&rq->lock){-.-.}: [ 43.090912] _raw_spin_lock+0x2d/0x40 [ 43.090916] task_fork_fair+0xb0/0x6d0 [ 43.090920] sched_fork+0x443/0xba0 [ 43.090924] copy_process+0x2586/0x8780 [ 43.090928] _do_fork+0x1cb/0x11d0 [ 43.090933] kernel_thread+0x34/0x40 [ 43.090937] rest_init+0x22/0xe5 [ 43.090941] start_kernel+0x8f4/0x92f [ 43.090946] x86_64_start_reservations+0x29/0x2b [ 43.090951] x86_64_start_kernel+0x76/0x79 [ 43.090955] secondary_startup_64+0xa4/0xb0 [ 43.090958] [ 43.090960] -> #1 (&p->pi_lock){-.-.}: [ 43.090976] _raw_spin_lock_irqsave+0x99/0xd0 [ 43.090980] try_to_wake_up+0xd2/0x12f0 [ 43.090985] wake_up_process+0x10/0x20 [ 43.090989] __up.isra.1+0x1c0/0x2a0 [ 43.090993] up+0x13c/0x1c0 [ 43.090997] __up_console_sem+0xbe/0x1b0 [ 43.091001] console_unlock+0x814/0x1160 [ 43.091006] vprintk_emit+0x33d/0x930 [ 43.091010] vprintk_default+0x28/0x30 [ 43.091014] vprintk_func+0x7e/0x181 [ 43.091018] printk+0xa7/0xcf [ 43.091022] load_umh+0x51/0xbd [ 43.091026] do_one_initcall+0x145/0x957 [ 43.091031] kernel_init_freeable+0x4bb/0x5ae [ 43.091035] kernel_init+0x11/0x1b2 [ 43.091039] ret_from_fork+0x3a/0x50 [ 43.091041] [ 43.091044] -> #0 ((console_sem).lock){-...}: [ 43.091064] lock_acquire+0x1ed/0x520 [ 43.091068] _raw_spin_lock_irqsave+0x99/0xd0 [ 43.091072] down_trylock+0x13/0x70 [ 43.091077] __down_trylock_console_sem+0xae/0x200 [ 43.091082] console_trylock+0x15/0xa0 [ 43.091086] vprintk_emit+0x322/0x930 [ 43.091090] vprintk_default+0x28/0x30 [ 43.091094] vprintk_func+0x7e/0x181 [ 43.091098] printk+0xa7/0xcf [ 43.091103] kasan_report+0x9b/0x110 [ 43.091107] __asan_report_load8_noabort+0x14/0x20 [ 43.091112] __schedule+0xfc3/0x1ed0 [ 43.091116] preempt_schedule_common+0x1f/0xd0 [ 43.091121] preempt_schedule+0x4d/0x60 [ 43.091125] ___preempt_schedule+0x16/0x18 [ 43.091130] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 43.091134] __call_srcu+0x7f9/0x1070 [ 43.091139] __synchronize_srcu+0x17b/0x230 [ 43.091144] synchronize_srcu+0x356/0x5ab [ 43.091149] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.091153] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.091158] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.091162] kvm_put_kvm+0x6c8/0xff0 [ 43.091167] kvm_vm_release+0x42/0x50 [ 43.091171] __fput+0x385/0xa30 [ 43.091174] ____fput+0x15/0x20 [ 43.091179] task_work_run+0x1e8/0x2a0 [ 43.091183] do_exit+0x1ad7/0x2610 [ 43.091187] do_group_exit+0x177/0x440 [ 43.091192] __x64_sys_exit_group+0x3e/0x50 [ 43.091196] do_syscall_64+0x1b9/0x820 [ 43.091201] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.091203] [ 43.091208] other info that might help us debug this: [ 43.091211] [ 43.091214] Chain exists of: [ 43.091216] (console_sem).lock --> &rq->lock --> report_lock [ 43.091236] [ 43.091241] Possible unsafe locking scenario: [ 43.091243] [ 43.091247] CPU0 CPU1 [ 43.091252] ---- ---- [ 43.091255] lock(report_lock); [ 43.091265] lock(&rq->lock); [ 43.091275] lock(report_lock); [ 43.091283] lock((console_sem).lock); [ 43.091292] [ 43.091296] *** DEADLOCK *** [ 43.091298] [ 43.091303] 2 locks held by syz-executor163/5509: [ 43.091305] #0: 00000000255c2132 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 43.091324] #1: 0000000053600215 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 43.091342] [ 43.091345] stack backtrace: [ 43.091352] CPU: 1 PID: 5509 Comm: syz-executor163 Not tainted 4.19.0-rc4+ #26 [ 43.091359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.091363] Call Trace: [ 43.091380] dump_stack+0x1c4/0x2b4 [ 43.091385] ? dump_stack_print_info.cold.2+0x52/0x52 [ 43.091389] ? vprintk_func+0x85/0x181 [ 43.091394] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 43.091398] ? save_trace+0xe0/0x290 [ 43.091402] __lock_acquire+0x33e4/0x4ec0 [ 43.091407] ? mark_held_locks+0x130/0x130 [ 43.091411] ? mark_held_locks+0x130/0x130 [ 43.091415] ? rcu_bh_qs+0xc0/0xc0 [ 43.091419] ? unwind_dump+0x190/0x190 [ 43.091424] ? is_bpf_text_address+0xd3/0x170 [ 43.091428] ? kernel_text_address+0x79/0xf0 [ 43.091433] ? __kernel_text_address+0xd/0x40 [ 43.091437] ? __save_stack_trace+0x8d/0xf0 [ 43.091442] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 43.091446] ? save_trace+0x290/0x290 [ 43.091450] ? save_stack_trace+0x1a/0x20 [ 43.091454] ? save_trace+0xe0/0x290 [ 43.091458] ? kasan_check_read+0x11/0x20 [ 43.091462] ? graph_lock+0x170/0x170 [ 43.091467] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.091471] lock_acquire+0x1ed/0x520 [ 43.091475] ? down_trylock+0x13/0x70 [ 43.091479] ? find_held_lock+0x36/0x1c0 [ 43.091483] ? lock_release+0x970/0x970 [ 43.091488] ? trace_hardirqs_off+0xb8/0x310 [ 43.091492] ? vprintk_emit+0x1d3/0x930 [ 43.091496] ? trace_hardirqs_on+0x310/0x310 [ 43.091500] ? trace_hardirqs_off+0xb8/0x310 [ 43.091504] ? log_store+0x344/0x4c0 [ 43.091508] ? vprintk_emit+0x322/0x930 [ 43.091513] _raw_spin_lock_irqsave+0x99/0xd0 [ 43.091517] ? down_trylock+0x13/0x70 [ 43.091521] down_trylock+0x13/0x70 [ 43.091525] __down_trylock_console_sem+0xae/0x200 [ 43.091529] console_trylock+0x15/0xa0 [ 43.091534] vprintk_emit+0x322/0x930 [ 43.091538] ? wake_up_klogd+0x180/0x180 [ 43.091542] ? run_rebalance_domains+0x500/0x500 [ 43.091546] ? find_held_lock+0x36/0x1c0 [ 43.091550] ? __queue_work+0x6be/0x1440 [ 43.091555] ? lock_acquire+0x1ed/0x520 [ 43.091559] vprintk_default+0x28/0x30 [ 43.091562] vprintk_func+0x7e/0x181 [ 43.091566] printk+0xa7/0xcf [ 43.091571] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 43.091575] ? kasan_check_write+0x14/0x20 [ 43.091579] ? do_raw_spin_lock+0xc1/0x200 [ 43.091583] ? do_raw_spin_lock+0xc1/0x200 [ 43.091587] kasan_report+0x9b/0x110 [ 43.091591] ? __schedule+0xfc3/0x1ed0 [ 43.091602] __asan_report_load8_noabort+0x14/0x20 [ 43.091606] __schedule+0xfc3/0x1ed0 [ 43.091610] ? __sched_text_start+0x8/0x8 [ 43.091614] ? __lock_is_held+0xb5/0x140 [ 43.091619] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.091623] ? find_held_lock+0x36/0x1c0 [ 43.091627] ? __call_srcu+0x7f9/0x1070 [ 43.091632] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.091637] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.091641] ? lockdep_hardirqs_on+0x421/0x5c0 [ 43.091645] ? preempt_schedule+0x4d/0x60 [ 43.091650] preempt_schedule_common+0x1f/0xd0 [ 43.091654] preempt_schedule+0x4d/0x60 [ 43.091658] ___preempt_schedule+0x16/0x18 [ 43.091663] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 43.091667] __call_srcu+0x7f9/0x1070 [ 43.091672] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 43.091676] ? srcu_offline_cpu+0x120/0x120 [ 43.091680] ? debug_object_free+0x690/0x690 [ 43.091684] ? mark_held_locks+0x130/0x130 [ 43.091689] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 43.091693] ? lock_release+0x970/0x970 [ 43.091698] ? arch_local_save_flags+0x40/0x40 [ 43.091702] ? depot_save_stack+0x292/0x470 [ 43.091706] ? __lockdep_init_map+0x105/0x590 [ 43.091711] ? __init_waitqueue_head+0x9e/0x150 [ 43.091715] ? init_wait_entry+0x1c0/0x1c0 [ 43.091720] __synchronize_srcu+0x17b/0x230 [ 43.091724] ? call_srcu+0x10/0x10 [ 43.091728] ? rcu_unexpedite_gp+0x20/0x20 [ 43.091733] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 43.091738] ? check_preemption_disabled+0x48/0x200 [ 43.091742] synchronize_srcu+0x356/0x5ab [ 43.091746] ? lock_downgrade+0x900/0x900 [ 43.091751] ? synchronize_srcu_expedited+0x20/0x20 [ 43.091756] ? kasan_check_read+0x11/0x20 [ 43.091760] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 43.091764] ? kasan_check_write+0x14/0x20 [ 43.091772] ? do_raw_spin_lock+0xc1/0x200 [ 43.091777] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.091782] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 43.091786] ? kvfree+0x61/0x70 [ 43.091791] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.091795] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.091799] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.091804] ? kvm_arch_sync_events+0x30/0x30 [ 43.091809] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.091814] ? mmu_notifier_unregister+0x474/0x600 [ 43.091824] ? kfree+0x107/0x230 [ 43.091829] ? __mmu_notifier_register+0x30/0x30 [ 43.091833] ? __free_pages+0x10a/0x190 [ 43.091838] ? free_unref_page+0x960/0x960 [ 43.091842] kvm_put_kvm+0x6c8/0xff0 [ 43.091846] ? kvm_write_guest_cached+0x40/0x40 [ 43.091851] ? kvm_irqfd_release+0xd1/0x120 [ 43.091855] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.091859] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.091864] ? kasan_check_write+0x14/0x20 [ 43.091868] ? do_raw_spin_lock+0xc1/0x200 [ 43.091872] ? kvm_irqfd_release+0xdd/0x120 [ 43.091876] ? kvm_irqfd_release+0x [ 43.091884] Lost 73 message(s)! [ 44.270066] Shutting down cpus with NMI [ 45.329149] Kernel Offset: disabled [ 45.332773] Rebooting in 86400 seconds..