[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.201001] random: sshd: uninitialized urandom read (32 bytes read) [ 34.556498] audit: type=1400 audit(1536656543.916:6): avc: denied { map } for pid=5498 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 34.598464] sshd (5496) used greatest stack depth: 16232 bytes left [ 34.622526] random: sshd: uninitialized urandom read (32 bytes read) [ 35.242664] random: sshd: uninitialized urandom read (32 bytes read) [ 35.473007] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.43' (ECDSA) to the list of known hosts. [ 41.171749] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 41.309864] audit: type=1400 audit(1536656550.666:7): avc: denied { map } for pid=5512 comm="syz-executor690" path="/root/syz-executor690735382" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 41.313393] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 41.362010] ================================================================== [ 41.372089] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 41.378328] Read of size 8 at addr ffff8801c4a18058 by task syz-executor690/5512 [ 41.385841] [ 41.387474] CPU: 1 PID: 5512 Comm: syz-executor690 Not tainted 4.19.0-rc3+ #10 [ 41.394826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.404180] Call Trace: [ 41.406764] dump_stack+0x1c4/0x2b4 [ 41.410396] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.415601] ? printk+0xa7/0xcf [ 41.418892] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 41.423672] print_address_description.cold.8+0x9/0x1ff [ 41.429048] kasan_report.cold.9+0x242/0x309 [ 41.433451] ? __schedule+0xfc3/0x1ed0 [ 41.437336] __asan_report_load8_noabort+0x14/0x20 [ 41.442296] __schedule+0xfc3/0x1ed0 [ 41.446029] ? __sched_text_start+0x8/0x8 [ 41.450179] ? __lock_is_held+0xb5/0x140 [ 41.454234] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.459347] ? find_held_lock+0x36/0x1c0 [ 41.463410] ? __call_srcu+0x7f9/0x1070 [ 41.467381] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.472497] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.477593] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.482171] ? preempt_schedule+0x4d/0x60 [ 41.486324] preempt_schedule_common+0x1f/0xd0 [ 41.490905] preempt_schedule+0x4d/0x60 [ 41.494889] ___preempt_schedule+0x16/0x18 [ 41.499121] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.504045] __call_srcu+0x7f9/0x1070 [ 41.507888] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.513092] ? srcu_offline_cpu+0x120/0x120 [ 41.517414] ? debug_object_free+0x690/0x690 [ 41.521820] ? mark_held_locks+0x130/0x130 [ 41.526052] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 41.530632] ? lock_release+0x970/0x970 [ 41.534605] ? arch_local_save_flags+0x40/0x40 [ 41.539184] ? depot_save_stack+0x292/0x470 [ 41.543510] ? __lockdep_init_map+0x105/0x590 [ 41.548005] ? __init_waitqueue_head+0x9e/0x150 [ 41.552671] ? init_wait_entry+0x1c0/0x1c0 [ 41.556924] __synchronize_srcu+0x17b/0x230 [ 41.561349] ? call_srcu+0x10/0x10 [ 41.564869] ? rcu_unexpedite_gp+0x20/0x20 [ 41.569083] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.574598] ? check_preemption_disabled+0x48/0x200 [ 41.579593] synchronize_srcu+0x356/0x5ab [ 41.583720] ? lock_downgrade+0x900/0x900 [ 41.587927] ? synchronize_srcu_expedited+0x20/0x20 [ 41.592954] ? kasan_check_read+0x11/0x20 [ 41.597122] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.601705] ? kasan_check_write+0x14/0x20 [ 41.605978] ? do_raw_spin_lock+0xc1/0x200 [ 41.610275] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.616009] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.621463] ? kvfree+0x61/0x70 [ 41.624740] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.629759] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.633818] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.638228] ? kvm_arch_sync_events+0x30/0x30 [ 41.642724] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.648257] ? mmu_notifier_unregister+0x474/0x600 [ 41.653189] ? kfree+0x107/0x230 [ 41.656553] ? __mmu_notifier_register+0x30/0x30 [ 41.661312] ? __free_pages+0x10a/0x190 [ 41.665308] ? free_unref_page+0x960/0x960 [ 41.669555] kvm_put_kvm+0x6c8/0xff0 [ 41.673269] ? kvm_write_guest_cached+0x40/0x40 [ 41.677959] ? kvm_irqfd_release+0xd1/0x120 [ 41.682281] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.686785] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.691295] ? kasan_check_write+0x14/0x20 [ 41.695533] ? do_raw_spin_lock+0xc1/0x200 [ 41.699800] ? kvm_irqfd_release+0xdd/0x120 [ 41.704120] ? kvm_irqfd_release+0xdd/0x120 [ 41.708440] ? kvm_put_kvm+0xff0/0xff0 [ 41.712325] kvm_vm_release+0x42/0x50 [ 41.716126] __fput+0x385/0xa30 [ 41.719408] ? get_max_files+0x20/0x20 [ 41.723303] ? trace_hardirqs_on+0xbd/0x310 [ 41.727631] ? ___might_sleep+0x1ed/0x300 [ 41.731775] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.737222] ? arch_local_save_flags+0x40/0x40 [ 41.741804] ? kasan_check_write+0x14/0x20 [ 41.746040] ? do_raw_spin_lock+0xc1/0x200 [ 41.750294] ____fput+0x15/0x20 [ 41.753577] task_work_run+0x1e8/0x2a0 [ 41.757470] ? task_work_cancel+0x240/0x240 [ 41.761793] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.767329] ? switch_task_namespaces+0x9d/0xd0 [ 41.772002] do_exit+0x1ad7/0x2610 [ 41.775543] ? mm_update_next_owner+0x990/0x990 [ 41.780218] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 41.784451] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.789552] ? kfree+0x1fa/0x230 [ 41.792918] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 41.797181] ? kvm_vcpu_block+0x1030/0x1030 [ 41.801511] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.807043] ? avc_has_extended_perms+0xab2/0x15a0 [ 41.812005] ? fpu__prepare_read+0x3b/0x750 [ 41.816325] ? avc_ss_reset+0x190/0x190 [ 41.820327] ? save_stack+0xa9/0xd0 [ 41.823947] ? save_stack+0x43/0xd0 [ 41.827568] ? __kasan_slab_free+0x102/0x150 [ 41.831974] ? kasan_slab_free+0xe/0x10 [ 41.835941] ? putname+0xf2/0x130 [ 41.839392] ? __x64_sys_openat+0x9d/0x100 [ 41.843627] ? do_syscall_64+0x1b9/0x820 [ 41.847700] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.853067] ? ___might_sleep+0x1ed/0x300 [ 41.857213] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 41.862318] ? trace_hardirqs_off+0xb8/0x310 [ 41.866728] ? kvm_vcpu_block+0x1030/0x1030 [ 41.871047] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.876596] ? do_vfs_ioctl+0x201/0x1720 [ 41.880684] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 41.885919] ? ioctl_preallocate+0x300/0x300 [ 41.890354] ? selinux_file_mprotect+0x620/0x620 [ 41.895106] ? path_mountpoint+0x34e/0x2190 [ 41.899424] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.904436] ? kmem_cache_free+0x24f/0x290 [ 41.908680] ? putname+0xf7/0x130 [ 41.912140] do_group_exit+0x177/0x440 [ 41.916025] ? trace_hardirqs_on+0xbd/0x310 [ 41.920373] ? __ia32_sys_exit+0x50/0x50 [ 41.924432] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.929877] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.935410] ? ksys_ioctl+0x81/0xd0 [ 41.939040] __x64_sys_exit_group+0x3e/0x50 [ 41.943362] do_syscall_64+0x1b9/0x820 [ 41.947246] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.952616] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.957562] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.962418] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.967435] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.972449] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.977465] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.982314] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.987501] RIP: 0033:0x43ecc8 [ 41.990694] Code: Bad RIP value. [ 41.994068] RSP: 002b:00007ffdf88cc368 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 42.001770] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 42.009036] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 42.016301] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 42.023564] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 42.030824] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 42.038088] [ 42.039707] Allocated by task 5512: [ 42.043342] save_stack+0x43/0xd0 [ 42.046794] kasan_kmalloc+0xc7/0xe0 [ 42.050498] kasan_slab_alloc+0x12/0x20 [ 42.054470] kmem_cache_alloc+0x12e/0x730 [ 42.058618] vmx_create_vcpu+0xcf/0x25e0 [ 42.062675] kvm_arch_vcpu_create+0xe5/0x220 [ 42.067072] kvm_vm_ioctl+0x470/0x1d40 [ 42.070955] do_vfs_ioctl+0x1de/0x1720 [ 42.074838] ksys_ioctl+0xa9/0xd0 [ 42.078324] __x64_sys_ioctl+0x73/0xb0 [ 42.082207] do_syscall_64+0x1b9/0x820 [ 42.086089] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.091260] [ 42.092884] Freed by task 5512: [ 42.096166] save_stack+0x43/0xd0 [ 42.099616] __kasan_slab_free+0x102/0x150 [ 42.103842] kasan_slab_free+0xe/0x10 [ 42.107638] kmem_cache_free+0x83/0x290 [ 42.111612] vmx_free_vcpu+0x26b/0x300 [ 42.115495] kvm_arch_destroy_vm+0x365/0x7c0 [ 42.119896] kvm_put_kvm+0x6c8/0xff0 [ 42.123624] kvm_vm_release+0x42/0x50 [ 42.127430] __fput+0x385/0xa30 [ 42.130702] ____fput+0x15/0x20 [ 42.133977] task_work_run+0x1e8/0x2a0 [ 42.137864] do_exit+0x1ad7/0x2610 [ 42.141412] do_group_exit+0x177/0x440 [ 42.145304] __x64_sys_exit_group+0x3e/0x50 [ 42.149624] do_syscall_64+0x1b9/0x820 [ 42.153505] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.158679] [ 42.160306] The buggy address belongs to the object at ffff8801c4a18040 [ 42.160306] which belongs to the cache kvm_vcpu of size 23872 [ 42.172874] The buggy address is located 24 bytes inside of [ 42.172874] 23872-byte region [ffff8801c4a18040, ffff8801c4a1dd80) [ 42.184822] The buggy address belongs to the page: [ 42.189772] page:ffffea0007128600 count:1 mapcount:0 mapping:ffff8801d78e5300 index:0x0 compound_mapcount: 0 [ 42.199750] flags: 0x2fffc0000008100(slab|head) [ 42.204419] raw: 02fffc0000008100 ffff8801d553ed48 ffff8801d553ed48 ffff8801d78e5300 [ 42.212309] raw: 0000000000000000 ffff8801c4a18040 0000000100000001 0000000000000000 [ 42.220176] page dumped because: kasan: bad access detected [ 42.225873] [ 42.227487] Memory state around the buggy address: [ 42.232408] ffff8801c4a17f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.239758] ffff8801c4a17f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.247126] >ffff8801c4a18000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 42.254486] ^ [ 42.260708] ffff8801c4a18080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.268061] ffff8801c4a18100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.275409] ================================================================== [ 42.282773] Kernel panic - not syncing: panic_on_warn set ... [ 42.282773] [ 42.290156] CPU: 1 PID: 5512 Comm: syz-executor690 Tainted: G B 4.19.0-rc3+ #10 [ 42.298907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.308253] Call Trace: [ 42.310839] dump_stack+0x1c4/0x2b4 [ 42.314464] ? dump_stack_print_info.cold.2+0x52/0x52 [ 42.319657] ? lock_downgrade+0x900/0x900 [ 42.323804] panic+0x238/0x4e7 [ 42.326994] ? add_taint.cold.5+0x16/0x16 [ 42.331142] ? print_shadow_for_address+0xb6/0x116 [ 42.336068] ? trace_hardirqs_off+0xaf/0x310 [ 42.340477] kasan_end_report+0x47/0x4f [ 42.344465] kasan_report.cold.9+0x76/0x309 [ 42.348783] ? __schedule+0xfc3/0x1ed0 [ 42.352669] __asan_report_load8_noabort+0x14/0x20 [ 42.357593] __schedule+0xfc3/0x1ed0 [ 42.361333] ? __sched_text_start+0x8/0x8 [ 42.365481] ? __lock_is_held+0xb5/0x140 [ 42.369539] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.374645] ? find_held_lock+0x36/0x1c0 [ 42.378716] ? __call_srcu+0x7f9/0x1070 [ 42.382688] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.387787] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.392888] ? lockdep_hardirqs_on+0x421/0x5c0 [ 42.397469] ? preempt_schedule+0x4d/0x60 [ 42.401624] preempt_schedule_common+0x1f/0xd0 [ 42.406204] preempt_schedule+0x4d/0x60 [ 42.410220] ___preempt_schedule+0x16/0x18 [ 42.414753] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.419685] __call_srcu+0x7f9/0x1070 [ 42.423487] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 42.428592] ? srcu_offline_cpu+0x120/0x120 [ 42.432918] ? debug_object_free+0x690/0x690 [ 42.437328] ? mark_held_locks+0x130/0x130 [ 42.441560] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 42.446142] ? lock_release+0x970/0x970 [ 42.450114] ? arch_local_save_flags+0x40/0x40 [ 42.454698] ? depot_save_stack+0x292/0x470 [ 42.459024] ? __lockdep_init_map+0x105/0x590 [ 42.463525] ? __init_waitqueue_head+0x9e/0x150 [ 42.468193] ? init_wait_entry+0x1c0/0x1c0 [ 42.472436] __synchronize_srcu+0x17b/0x230 [ 42.476758] ? call_srcu+0x10/0x10 [ 42.480304] ? rcu_unexpedite_gp+0x20/0x20 [ 42.484544] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.490074] ? check_preemption_disabled+0x48/0x200 [ 42.495089] synchronize_srcu+0x356/0x5ab [ 42.499232] ? lock_downgrade+0x900/0x900 [ 42.503392] ? synchronize_srcu_expedited+0x20/0x20 [ 42.508411] ? kasan_check_read+0x11/0x20 [ 42.512563] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 42.517142] ? kasan_check_write+0x14/0x20 [ 42.521371] ? do_raw_spin_lock+0xc1/0x200 [ 42.525617] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.531333] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 42.536783] ? kvfree+0x61/0x70 [ 42.540062] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.545080] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.549202] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.553634] ? kvm_arch_sync_events+0x30/0x30 [ 42.558127] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.563659] ? mmu_notifier_unregister+0x474/0x600 [ 42.568577] ? kfree+0x107/0x230 [ 42.571959] ? __mmu_notifier_register+0x30/0x30 [ 42.576862] ? __free_pages+0x10a/0x190 [ 42.580819] ? free_unref_page+0x960/0x960 [ 42.585044] kvm_put_kvm+0x6c8/0xff0 [ 42.588742] ? kvm_write_guest_cached+0x40/0x40 [ 42.593393] ? kvm_irqfd_release+0xd1/0x120 [ 42.597697] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.602169] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.606651] ? kasan_check_write+0x14/0x20 [ 42.610867] ? do_raw_spin_lock+0xc1/0x200 [ 42.615080] ? kvm_irqfd_release+0xdd/0x120 [ 42.619380] ? kvm_irqfd_release+0xdd/0x120 [ 42.623677] ? kvm_put_kvm+0xff0/0xff0 [ 42.627562] kvm_vm_release+0x42/0x50 [ 42.631356] __fput+0x385/0xa30 [ 42.634650] ? get_max_files+0x20/0x20 [ 42.638538] ? trace_hardirqs_on+0xbd/0x310 [ 42.642841] ? ___might_sleep+0x1ed/0x300 [ 42.646965] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.652408] ? arch_local_save_flags+0x40/0x40 [ 42.656969] ? kasan_check_write+0x14/0x20 [ 42.661179] ? do_raw_spin_lock+0xc1/0x200 [ 42.665390] ____fput+0x15/0x20 [ 42.668651] task_work_run+0x1e8/0x2a0 [ 42.672521] ? task_work_cancel+0x240/0x240 [ 42.676825] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.682340] ? switch_task_namespaces+0x9d/0xd0 [ 42.686989] do_exit+0x1ad7/0x2610 [ 42.690511] ? mm_update_next_owner+0x990/0x990 [ 42.695163] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 42.699376] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.704398] ? kfree+0x1fa/0x230 [ 42.707758] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 42.711970] ? kvm_vcpu_block+0x1030/0x1030 [ 42.716272] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.721792] ? avc_has_extended_perms+0xab2/0x15a0 [ 42.726705] ? fpu__prepare_read+0x3b/0x750 [ 42.731019] ? avc_ss_reset+0x190/0x190 [ 42.734974] ? save_stack+0xa9/0xd0 [ 42.738593] ? save_stack+0x43/0xd0 [ 42.742238] ? __kasan_slab_free+0x102/0x150 [ 42.746646] ? kasan_slab_free+0xe/0x10 [ 42.750620] ? putname+0xf2/0x130 [ 42.754076] ? __x64_sys_openat+0x9d/0x100 [ 42.758311] ? do_syscall_64+0x1b9/0x820 [ 42.762369] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.767738] ? ___might_sleep+0x1ed/0x300 [ 42.771885] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 42.776991] ? trace_hardirqs_off+0xb8/0x310 [ 42.781417] ? kvm_vcpu_block+0x1030/0x1030 [ 42.785750] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.791293] ? do_vfs_ioctl+0x201/0x1720 [ 42.795349] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 42.800538] ? ioctl_preallocate+0x300/0x300 [ 42.804963] ? selinux_file_mprotect+0x620/0x620 [ 42.809710] ? path_mountpoint+0x34e/0x2190 [ 42.814044] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.819069] ? kmem_cache_free+0x24f/0x290 [ 42.823310] ? putname+0xf7/0x130 [ 42.826767] do_group_exit+0x177/0x440 [ 42.830651] ? trace_hardirqs_on+0xbd/0x310 [ 42.834971] ? __ia32_sys_exit+0x50/0x50 [ 42.839028] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.844479] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.850010] ? ksys_ioctl+0x81/0xd0 [ 42.853652] __x64_sys_exit_group+0x3e/0x50 [ 42.857970] do_syscall_64+0x1b9/0x820 [ 42.861856] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 42.867221] ? syscall_return_slowpath+0x5e0/0x5e0 [ 42.872147] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.876984] ? trace_hardirqs_on_caller+0x310/0x310 [ 42.882014] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 42.887029] ? prepare_exit_to_usermode+0x291/0x3b0 [ 42.892085] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.896960] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.902144] RIP: 0033:0x43ecc8 [ 42.905335] Code: Bad RIP value. [ 42.908694] RSP: 002b:00007ffdf88cc368 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 42.916400] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 42.923661] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 42.931028] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 42.938305] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 42.945569] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 42.952845] [ 42.952851] ====================================================== [ 42.952857] WARNING: possible circular locking dependency detected [ 42.952861] 4.19.0-rc3+ #10 Not tainted [ 42.952867] ------------------------------------------------------ [ 42.952873] syz-executor690/5512 is trying to acquire lock: [ 42.952877] 0000000059a94d91 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 42.952893] [ 42.952897] but task is already holding lock: [ 42.952901] 000000007fb80bf1 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 42.952917] [ 42.952922] which lock already depends on the new lock. [ 42.952924] [ 42.952927] [ 42.952933] the existing dependency chain (in reverse order) is: [ 42.952935] [ 42.952938] -> #3 (report_lock){....}: [ 42.952954] _raw_spin_lock_irqsave+0x99/0xd0 [ 42.952959] kasan_report+0x8b/0x110 [ 42.952964] __asan_report_load8_noabort+0x14/0x20 [ 42.952968] __schedule+0xfc3/0x1ed0 [ 42.952973] preempt_schedule_common+0x1f/0xd0 [ 42.952977] preempt_schedule+0x4d/0x60 [ 42.952982] ___preempt_schedule+0x16/0x18 [ 42.952987] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.952991] __call_srcu+0x7f9/0x1070 [ 42.952995] __synchronize_srcu+0x17b/0x230 [ 42.953000] synchronize_srcu+0x356/0x5ab [ 42.953005] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.953010] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.953014] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.953019] kvm_put_kvm+0x6c8/0xff0 [ 42.953023] kvm_vm_release+0x42/0x50 [ 42.953027] __fput+0x385/0xa30 [ 42.953031] ____fput+0x15/0x20 [ 42.953035] task_work_run+0x1e8/0x2a0 [ 42.953039] do_exit+0x1ad7/0x2610 [ 42.953043] do_group_exit+0x177/0x440 [ 42.953054] __x64_sys_exit_group+0x3e/0x50 [ 42.953059] do_syscall_64+0x1b9/0x820 [ 42.953064] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.953066] [ 42.953069] -> #2 (&rq->lock){-.-.}: [ 42.953084] _raw_spin_lock+0x2d/0x40 [ 42.953089] task_fork_fair+0xb0/0x6d0 [ 42.953093] sched_fork+0x443/0xba0 [ 42.953097] copy_process+0x2586/0x8780 [ 42.953101] _do_fork+0x1cb/0x11d0 [ 42.953106] kernel_thread+0x34/0x40 [ 42.953110] rest_init+0x22/0xe5 [ 42.953114] start_kernel+0x8f4/0x92f [ 42.953119] x86_64_start_reservations+0x29/0x2b [ 42.953124] x86_64_start_kernel+0x76/0x79 [ 42.953128] secondary_startup_64+0xa4/0xb0 [ 42.953131] [ 42.953133] -> #1 (&p->pi_lock){-.-.}: [ 42.953164] _raw_spin_lock_irqsave+0x99/0xd0 [ 42.953168] try_to_wake_up+0xd2/0x12f0 [ 42.953187] wake_up_process+0x10/0x20 [ 42.953191] __up.isra.1+0x1c0/0x2a0 [ 42.953195] up+0x13c/0x1c0 [ 42.953200] __up_console_sem+0xbe/0x1b0 [ 42.953204] console_unlock+0x524/0x11a0 [ 42.953208] vprintk_emit+0x33d/0x930 [ 42.953213] vprintk_default+0x28/0x30 [ 42.953217] vprintk_func+0x7e/0x181 [ 42.953221] printk+0xa7/0xcf [ 42.953225] load_umh+0x51/0xbd [ 42.953229] do_one_initcall+0x145/0x957 [ 42.953234] kernel_init_freeable+0x4bb/0x5ae [ 42.953238] kernel_init+0x11/0x1b2 [ 42.953242] ret_from_fork+0x3a/0x50 [ 42.953245] [ 42.953247] -> #0 ((console_sem).lock){-...}: [ 42.953263] lock_acquire+0x1ed/0x520 [ 42.953268] _raw_spin_lock_irqsave+0x99/0xd0 [ 42.953272] down_trylock+0x13/0x70 [ 42.953277] __down_trylock_console_sem+0xae/0x200 [ 42.953282] console_trylock+0x15/0xa0 [ 42.953294] vprintk_emit+0x322/0x930 [ 42.953298] vprintk_default+0x28/0x30 [ 42.953303] vprintk_func+0x7e/0x181 [ 42.953306] printk+0xa7/0xcf [ 42.953311] kasan_report+0x9b/0x110 [ 42.953316] __asan_report_load8_noabort+0x14/0x20 [ 42.953320] __schedule+0xfc3/0x1ed0 [ 42.953325] preempt_schedule_common+0x1f/0xd0 [ 42.953329] preempt_schedule+0x4d/0x60 [ 42.953333] ___preempt_schedule+0x16/0x18 [ 42.953339] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.953343] __call_srcu+0x7f9/0x1070 [ 42.953347] __synchronize_srcu+0x17b/0x230 [ 42.953352] synchronize_srcu+0x356/0x5ab [ 42.953357] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.953362] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.953366] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.953371] kvm_put_kvm+0x6c8/0xff0 [ 42.953375] kvm_vm_release+0x42/0x50 [ 42.953379] __fput+0x385/0xa30 [ 42.953383] ____fput+0x15/0x20 [ 42.953387] task_work_run+0x1e8/0x2a0 [ 42.953391] do_exit+0x1ad7/0x2610 [ 42.953396] do_group_exit+0x177/0x440 [ 42.953400] __x64_sys_exit_group+0x3e/0x50 [ 42.953404] do_syscall_64+0x1b9/0x820 [ 42.953410] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.953412] [ 42.953417] other info that might help us debug this: [ 42.953420] [ 42.953423] Chain exists of: [ 42.953425] (console_sem).lock --> &rq->lock --> report_lock [ 42.953446] [ 42.953450] Possible unsafe locking scenario: [ 42.953453] [ 42.953457] CPU0 CPU1 [ 42.953462] ---- ---- [ 42.953464] lock(report_lock); [ 42.953474] lock(&rq->lock); [ 42.953485] lock(report_lock); [ 42.953493] lock((console_sem).lock); [ 42.953503] [ 42.953506] *** DEADLOCK *** [ 42.953509] [ 42.953513] 2 locks held by syz-executor690/5512: [ 42.953516] #0: 0000000062fe0f36 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 42.953534] #1: 000000007fb80bf1 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 42.953553] [ 42.953557] stack backtrace: [ 42.953563] CPU: 1 PID: 5512 Comm: syz-executor690 Not tainted 4.19.0-rc3+ #10 [ 42.953571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.953575] Call Trace: [ 42.953579] dump_stack+0x1c4/0x2b4 [ 42.953584] ? dump_stack_print_info.cold.2+0x52/0x52 [ 42.953588] ? vprintk_func+0x85/0x181 [ 42.953594] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 42.953598] ? save_trace+0xe0/0x290 [ 42.953602] __lock_acquire+0x33e4/0x4ec0 [ 42.953607] ? mark_held_locks+0x130/0x130 [ 42.953611] ? mark_held_locks+0x130/0x130 [ 42.953615] ? rcu_bh_qs+0xc0/0xc0 [ 42.953620] ? unwind_dump+0x190/0x190 [ 42.953624] ? is_bpf_text_address+0xd3/0x170 [ 42.953629] ? kernel_text_address+0x79/0xf0 [ 42.953634] ? __kernel_text_address+0xd/0x40 [ 42.953638] ? __save_stack_trace+0x8d/0xf0 [ 42.953643] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 42.953647] ? save_trace+0x290/0x290 [ 42.953652] ? save_stack_trace+0x1a/0x20 [ 42.953656] ? save_trace+0xe0/0x290 [ 42.953661] ? kasan_check_read+0x11/0x20 [ 42.953665] ? graph_lock+0x170/0x170 [ 42.953670] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.953674] lock_acquire+0x1ed/0x520 [ 42.953679] ? down_trylock+0x13/0x70 [ 42.953683] ? find_held_lock+0x36/0x1c0 [ 42.953687] ? lock_release+0x970/0x970 [ 42.953692] ? trace_hardirqs_off+0xb8/0x310 [ 42.953696] ? vprintk_emit+0x1d3/0x930 [ 42.953701] ? trace_hardirqs_on+0x310/0x310 [ 42.953705] ? trace_hardirqs_off+0xb8/0x310 [ 42.953709] ? log_store+0x344/0x4c0 [ 42.953714] ? vprintk_emit+0x322/0x930 [ 42.953718] _raw_spin_lock_irqsave+0x99/0xd0 [ 42.953723] ? down_trylock+0x13/0x70 [ 42.953727] down_trylock+0x13/0x70 [ 42.953732] __down_trylock_console_sem+0xae/0x200 [ 42.953736] console_trylock+0x15/0xa0 [ 42.953740] vprintk_emit+0x322/0x930 [ 42.953744] ? wake_up_klogd+0x180/0x180 [ 42.953749] ? run_rebalance_domains+0x500/0x500 [ 42.953754] ? wake_up_worker+0x117/0x190 [ 42.953758] ? find_held_lock+0x36/0x1c0 [ 42.953762] ? __queue_work+0x6be/0x1440 [ 42.953767] ? lock_acquire+0x1ed/0x520 [ 42.953771] vprintk_default+0x28/0x30 [ 42.953775] vprintk_func+0x7e/0x181 [ 42.953779] printk+0xa7/0xcf [ 42.953784] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 42.953788] ? kasan_check_write+0x14/0x20 [ 42.953793] ? do_raw_spin_lock+0xc1/0x200 [ 42.953797] ? do_raw_spin_lock+0xc1/0x200 [ 42.953801] kasan_report+0x9b/0x110 [ 42.953806] ? __schedule+0xfc3/0x1ed0 [ 42.953811] __asan_report_load8_noabort+0x14/0x20 [ 42.953815] __schedule+0xfc3/0x1ed0 [ 42.953819] ? __sched_text_start+0x8/0x8 [ 42.953824] ? __lock_is_held+0xb5/0x140 [ 42.953829] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.953833] ? find_held_lock+0x36/0x1c0 [ 42.953837] ? __call_srcu+0x7f9/0x1070 [ 42.953842] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.953847] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.953852] ? lockdep_hardirqs_on+0x421/0x5c0 [ 42.953856] ? preempt_schedule+0x4d/0x60 [ 42.953861] preempt_schedule_common+0x1f/0xd0 [ 42.953866] preempt_schedule+0x4d/0x60 [ 42.953870] ___preempt_schedule+0x16/0x18 [ 42.953875] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.953879] __call_srcu+0x7f9/0x1070 [ 42.953884] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 42.953889] ? srcu_offline_cpu+0x120/0x120 [ 42.953893] ? debug_object_free+0x690/0x690 [ 42.953898] ? mark_held_locks+0x130/0x130 [ 42.953903] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 42.953907] ? lock_release+0x970/0x970 [ 42.953912] ? arch_local_save_flags+0x40/0x40 [ 42.953916] ? depot_save_stack+0x292/0x470 [ 42.953937] ? __lockdep_init_map+0x105/0x590 [ 42.953941] ? __init_waitqueue_head+0x9e/0x150 [ 42.953946] ? init_wait_entry+0x1c0/0x1c0 [ 42.953950] __synchronize_srcu+0x17b/0x230 [ 42.953954] ? call_srcu+0x10/0x10 [ 42.953972] ? rcu_unexpedite_gp+0x20/0x20 [ 42.953977] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.953997] ? check_preemption_disabled+0x48/0x200 [ 42.954001] synchronize_srcu+0x356/0x5ab [ 42.954020] ? lock_downgrade+0x900/0x900 [ 42.954024] ? synchronize_srcu_expedited+0x20/0x20 [ 42.954028] ? kasan_check_read+0x11/0x20 [ 42.954032] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 42.954036] ? kasan_check_write+0x14/0x20 [ 42.954059] ? do_raw_spin_lock+0xc1/0x200 [ 42.954064] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.954069] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 42.954072] ? kvfree+0x61/0x70 [ 42.954077] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.954096] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.954100] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.954118] ? kvm_arch_sync_events+0x30/0x30 [ 42.954124] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.954143] ? mmu_notifier_unregister+0x474/0x600 [ 42.954147] ? kfree+0x107/0x230 [ 42.954151] ? __mmu_notifier_register+0x30/0x30 [ 42.954156] ? __free_pages+0x10a/0x190 [ 42.954160] ? free_unref_page+0x960/0x960 [ 42.954178] kvm_put_kvm+0x6c8/0xff0 [ 42.954183] ? kvm_write_guest_cached+0x40/0x40 [ 42.954187] ? kvm_irqfd_release+0xd1/0x120 [ 42.954191] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.954195] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.954200] ? kasan_check_write+0x14/0x20 [ 42.954204] ? do_raw_spin_lock+0xc1/0x200 [ 42.954207] ? kvm_irqfd_release+0xdd [ 42.954215] Lost 73 message(s)! [ 44.150693] Shutting down cpus with NMI [ 45.208206] Dumping ftrace buffer: [ 45.211728] (ftrace buffer empty) [ 45.215922] Kernel Offset: disabled [ 45.219544] Rebooting in 86400 seconds..