[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.641539] random: sshd: uninitialized urandom read (32 bytes read) [ 32.989880] audit: type=1400 audit(1537505833.483:6): avc: denied { map } for pid=5477 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 33.042680] random: sshd: uninitialized urandom read (32 bytes read) [ 33.699385] random: sshd: uninitialized urandom read (32 bytes read) [ 33.942400] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts. [ 39.591723] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 39.730130] audit: type=1400 audit(1537505840.223:7): avc: denied { map } for pid=5491 comm="syz-executor302" path="/root/syz-executor302121969" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 39.733961] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 39.782422] ================================================================== [ 39.792653] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 39.798893] Read of size 8 at addr ffff8801cbe08058 by task syz-executor302/5491 [ 39.806416] [ 39.808044] CPU: 1 PID: 5491 Comm: syz-executor302 Not tainted 4.19.0-rc4+ #26 [ 39.815397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.824742] Call Trace: [ 39.827338] dump_stack+0x1c4/0x2b4 [ 39.830969] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.836159] ? printk+0xa7/0xcf [ 39.839446] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 39.844211] print_address_description.cold.8+0x9/0x1ff [ 39.849575] kasan_report.cold.9+0x242/0x309 [ 39.853986] ? __schedule+0xfc3/0x1ed0 [ 39.857874] __asan_report_load8_noabort+0x14/0x20 [ 39.862803] __schedule+0xfc3/0x1ed0 [ 39.866523] ? __sched_text_start+0x8/0x8 [ 39.870684] ? __lock_is_held+0xb5/0x140 [ 39.874745] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.879849] ? find_held_lock+0x36/0x1c0 [ 39.883914] ? __call_srcu+0x7f9/0x1070 [ 39.887891] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.892995] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.898101] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.902692] ? preempt_schedule+0x4d/0x60 [ 39.906845] preempt_schedule_common+0x1f/0xd0 [ 39.911430] preempt_schedule+0x4d/0x60 [ 39.915404] ___preempt_schedule+0x16/0x18 [ 39.919644] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.924586] __call_srcu+0x7f9/0x1070 [ 39.928387] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.933499] ? srcu_offline_cpu+0x120/0x120 [ 39.937819] ? debug_object_free+0x690/0x690 [ 39.942226] ? mark_held_locks+0x130/0x130 [ 39.946460] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.951044] ? lock_release+0x970/0x970 [ 39.955018] ? arch_local_save_flags+0x40/0x40 [ 39.959602] ? depot_save_stack+0x292/0x470 [ 39.963929] ? __lockdep_init_map+0x105/0x590 [ 39.968428] ? __init_waitqueue_head+0x9e/0x150 [ 39.973095] ? init_wait_entry+0x1c0/0x1c0 [ 39.977336] __synchronize_srcu+0x17b/0x230 [ 39.981658] ? call_srcu+0x10/0x10 [ 39.985209] ? rcu_unexpedite_gp+0x20/0x20 [ 39.989446] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.994978] ? check_preemption_disabled+0x48/0x200 [ 39.999996] synchronize_srcu+0x356/0x5ab [ 40.004143] ? lock_downgrade+0x900/0x900 [ 40.008291] ? synchronize_srcu_expedited+0x20/0x20 [ 40.013314] ? kasan_check_read+0x11/0x20 [ 40.017467] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.022053] ? kasan_check_write+0x14/0x20 [ 40.026284] ? do_raw_spin_lock+0xc1/0x200 [ 40.030523] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.036233] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 40.041692] ? kvfree+0x61/0x70 [ 40.044972] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.049992] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.054050] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.058459] ? kvm_arch_sync_events+0x30/0x30 [ 40.062958] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.068493] ? mmu_notifier_unregister+0x474/0x600 [ 40.073425] ? kfree+0x107/0x230 [ 40.076796] ? __mmu_notifier_register+0x30/0x30 [ 40.081555] ? __free_pages+0x10a/0x190 [ 40.085529] ? free_unref_page+0x960/0x960 [ 40.089778] kvm_put_kvm+0x6c8/0xff0 [ 40.093497] ? kvm_write_guest_cached+0x40/0x40 [ 40.098169] ? kvm_irqfd_release+0xd1/0x120 [ 40.102499] ? _raw_spin_unlock_irq+0x27/0x80 [ 40.106991] ? _raw_spin_unlock_irq+0x27/0x80 [ 40.111495] ? kasan_check_write+0x14/0x20 [ 40.115733] ? do_raw_spin_lock+0xc1/0x200 [ 40.119971] ? kvm_irqfd_release+0xdd/0x120 [ 40.124289] ? kvm_irqfd_release+0xdd/0x120 [ 40.128615] ? kvm_put_kvm+0xff0/0xff0 [ 40.132501] kvm_vm_release+0x42/0x50 [ 40.136302] __fput+0x385/0xa30 [ 40.139583] ? get_max_files+0x20/0x20 [ 40.143469] ? trace_hardirqs_on+0xbd/0x310 [ 40.147792] ? ___might_sleep+0x1ed/0x300 [ 40.151941] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 40.157391] ? arch_local_save_flags+0x40/0x40 [ 40.161972] ? kasan_check_write+0x14/0x20 [ 40.166213] ? do_raw_spin_lock+0xc1/0x200 [ 40.170451] ____fput+0x15/0x20 [ 40.173733] task_work_run+0x1e8/0x2a0 [ 40.177621] ? task_work_cancel+0x240/0x240 [ 40.181946] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.187486] ? switch_task_namespaces+0x9d/0xd0 [ 40.192161] do_exit+0x1ad7/0x2610 [ 40.195714] ? mm_update_next_owner+0x990/0x990 [ 40.200397] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 40.204634] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.209672] ? kfree+0x1fa/0x230 [ 40.213043] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 40.217287] ? kvm_vcpu_block+0x1030/0x1030 [ 40.221610] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.227148] ? avc_has_extended_perms+0xab2/0x15a0 [ 40.232089] ? save_stack_address+0x4b/0x60 [ 40.236410] ? avc_ss_reset+0x190/0x190 [ 40.240391] ? save_stack+0xa9/0xd0 [ 40.244016] ? save_stack+0x43/0xd0 [ 40.247641] ? __kasan_slab_free+0x102/0x150 [ 40.252053] ? kasan_slab_free+0xe/0x10 [ 40.256026] ? putname+0xf2/0x130 [ 40.259480] ? __x64_sys_openat+0x9d/0x100 [ 40.263715] ? do_syscall_64+0x1b9/0x820 [ 40.267774] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.273150] ? ___might_sleep+0x1ed/0x300 [ 40.277311] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 40.282418] ? trace_hardirqs_off+0xb8/0x310 [ 40.286835] ? kvm_vcpu_block+0x1030/0x1030 [ 40.291160] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.296706] ? do_vfs_ioctl+0x201/0x1720 [ 40.300769] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 40.305962] ? ioctl_preallocate+0x300/0x300 [ 40.310376] ? selinux_file_mprotect+0x620/0x620 [ 40.315135] ? path_mountpoint+0x57f/0x2190 [ 40.319457] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.324479] ? kmem_cache_free+0x24f/0x290 [ 40.328715] ? putname+0xf7/0x130 [ 40.332182] do_group_exit+0x177/0x440 [ 40.336075] ? trace_hardirqs_on+0xbd/0x310 [ 40.340399] ? __ia32_sys_exit+0x50/0x50 [ 40.344462] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 40.349911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.355451] ? ksys_ioctl+0x81/0xd0 [ 40.359083] __x64_sys_exit_group+0x3e/0x50 [ 40.363410] do_syscall_64+0x1b9/0x820 [ 40.367297] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 40.372674] ? syscall_return_slowpath+0x5e0/0x5e0 [ 40.377607] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.382453] ? trace_hardirqs_on_caller+0x310/0x310 [ 40.387468] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 40.392488] ? prepare_exit_to_usermode+0x291/0x3b0 [ 40.397507] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.402353] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.407543] RIP: 0033:0x43f028 [ 40.410737] Code: Bad RIP value. [ 40.414099] RSP: 002b:00007ffcc6e99368 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 40.421811] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 40.429077] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 40.436341] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 40.443609] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 40.450875] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 40.458148] [ 40.459777] Allocated by task 5491: [ 40.463408] save_stack+0x43/0xd0 [ 40.466855] kasan_kmalloc+0xc7/0xe0 [ 40.470563] kasan_slab_alloc+0x12/0x20 [ 40.474536] kmem_cache_alloc+0x12e/0x730 [ 40.478691] vmx_create_vcpu+0xcf/0x25e0 [ 40.482755] kvm_arch_vcpu_create+0xe5/0x220 [ 40.487162] kvm_vm_ioctl+0x470/0x1d40 [ 40.491051] do_vfs_ioctl+0x1de/0x1720 [ 40.494943] ksys_ioctl+0xa9/0xd0 [ 40.498397] __x64_sys_ioctl+0x73/0xb0 [ 40.502291] do_syscall_64+0x1b9/0x820 [ 40.506190] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.511373] [ 40.513005] Freed by task 5491: [ 40.516292] save_stack+0x43/0xd0 [ 40.519747] __kasan_slab_free+0x102/0x150 [ 40.523985] kasan_slab_free+0xe/0x10 [ 40.527790] kmem_cache_free+0x83/0x290 [ 40.531768] vmx_free_vcpu+0x26b/0x300 [ 40.535656] kvm_arch_destroy_vm+0x365/0x7c0 [ 40.540077] kvm_put_kvm+0x6c8/0xff0 [ 40.543796] kvm_vm_release+0x42/0x50 [ 40.547603] __fput+0x385/0xa30 [ 40.550884] ____fput+0x15/0x20 [ 40.554164] task_work_run+0x1e8/0x2a0 [ 40.558058] do_exit+0x1ad7/0x2610 [ 40.561602] do_group_exit+0x177/0x440 [ 40.565493] __x64_sys_exit_group+0x3e/0x50 [ 40.569820] do_syscall_64+0x1b9/0x820 [ 40.573712] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.578889] [ 40.580518] The buggy address belongs to the object at ffff8801cbe08040 [ 40.580518] which belongs to the cache kvm_vcpu of size 23872 [ 40.593102] The buggy address is located 24 bytes inside of [ 40.593102] 23872-byte region [ffff8801cbe08040, ffff8801cbe0dd80) [ 40.605069] The buggy address belongs to the page: [ 40.610006] page:ffffea00072f8200 count:1 mapcount:0 mapping:ffff8801d7988040 index:0x0 compound_mapcount: 0 [ 40.619990] flags: 0x2fffc0000008100(slab|head) [ 40.624674] raw: 02fffc0000008100 ffff8801d54e0548 ffff8801d54e0548 ffff8801d7988040 [ 40.632567] raw: 0000000000000000 ffff8801cbe08040 0000000100000001 0000000000000000 [ 40.640445] page dumped because: kasan: bad access detected [ 40.646155] [ 40.647784] Memory state around the buggy address: [ 40.652718] ffff8801cbe07f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.660088] ffff8801cbe07f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.667456] >ffff8801cbe08000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 40.674817] ^ [ 40.681056] ffff8801cbe08080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.688424] ffff8801cbe08100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.695781] ================================================================== [ 40.703142] Kernel panic - not syncing: panic_on_warn set ... [ 40.703142] [ 40.710521] CPU: 1 PID: 5491 Comm: syz-executor302 Tainted: G B 4.19.0-rc4+ #26 [ 40.719270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.728625] Call Trace: [ 40.731226] dump_stack+0x1c4/0x2b4 [ 40.734862] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.740061] ? lock_downgrade+0x900/0x900 [ 40.744217] panic+0x238/0x4e7 [ 40.747416] ? add_taint.cold.5+0x16/0x16 [ 40.751570] ? print_shadow_for_address+0xb6/0x116 [ 40.756504] ? trace_hardirqs_off+0xaf/0x310 [ 40.760919] kasan_end_report+0x47/0x4f [ 40.764898] kasan_report.cold.9+0x76/0x309 [ 40.769743] ? __schedule+0xfc3/0x1ed0 [ 40.773639] __asan_report_load8_noabort+0x14/0x20 [ 40.778579] __schedule+0xfc3/0x1ed0 [ 40.782300] ? __sched_text_start+0x8/0x8 [ 40.786457] ? __lock_is_held+0xb5/0x140 [ 40.790523] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.795632] ? find_held_lock+0x36/0x1c0 [ 40.799716] ? __call_srcu+0x7f9/0x1070 [ 40.803708] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.808817] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.813927] ? lockdep_hardirqs_on+0x421/0x5c0 [ 40.818513] ? preempt_schedule+0x4d/0x60 [ 40.822682] preempt_schedule_common+0x1f/0xd0 [ 40.827279] preempt_schedule+0x4d/0x60 [ 40.831261] ___preempt_schedule+0x16/0x18 [ 40.835504] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 40.840437] __call_srcu+0x7f9/0x1070 [ 40.844239] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 40.849350] ? srcu_offline_cpu+0x120/0x120 [ 40.853683] ? debug_object_free+0x690/0x690 [ 40.858095] ? mark_held_locks+0x130/0x130 [ 40.862331] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 40.866917] ? lock_release+0x970/0x970 [ 40.870893] ? arch_local_save_flags+0x40/0x40 [ 40.875476] ? depot_save_stack+0x292/0x470 [ 40.879808] ? __lockdep_init_map+0x105/0x590 [ 40.884314] ? __init_waitqueue_head+0x9e/0x150 [ 40.888992] ? init_wait_entry+0x1c0/0x1c0 [ 40.893239] __synchronize_srcu+0x17b/0x230 [ 40.897569] ? call_srcu+0x10/0x10 [ 40.901115] ? rcu_unexpedite_gp+0x20/0x20 [ 40.905358] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 40.910900] ? check_preemption_disabled+0x48/0x200 [ 40.915920] synchronize_srcu+0x356/0x5ab [ 40.920071] ? lock_downgrade+0x900/0x900 [ 40.924222] ? synchronize_srcu_expedited+0x20/0x20 [ 40.929241] ? kasan_check_read+0x11/0x20 [ 40.933394] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.937980] ? kasan_check_write+0x14/0x20 [ 40.942215] ? do_raw_spin_lock+0xc1/0x200 [ 40.946454] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.952182] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 40.957643] ? kvfree+0x61/0x70 [ 40.960935] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.965955] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.970019] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.974431] ? kvm_arch_sync_events+0x30/0x30 [ 40.978932] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.984497] ? mmu_notifier_unregister+0x474/0x600 [ 40.989430] ? kfree+0x107/0x230 [ 40.992797] ? __mmu_notifier_register+0x30/0x30 [ 40.997556] ? __free_pages+0x10a/0x190 [ 41.001531] ? free_unref_page+0x960/0x960 [ 41.005778] kvm_put_kvm+0x6c8/0xff0 [ 41.009502] ? kvm_write_guest_cached+0x40/0x40 [ 41.014179] ? kvm_irqfd_release+0xd1/0x120 [ 41.018505] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.023001] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.027506] ? kasan_check_write+0x14/0x20 [ 41.031743] ? do_raw_spin_lock+0xc1/0x200 [ 41.035982] ? kvm_irqfd_release+0xdd/0x120 [ 41.040301] ? kvm_irqfd_release+0xdd/0x120 [ 41.044631] ? kvm_put_kvm+0xff0/0xff0 [ 41.048520] kvm_vm_release+0x42/0x50 [ 41.052322] __fput+0x385/0xa30 [ 41.055605] ? get_max_files+0x20/0x20 [ 41.059491] ? trace_hardirqs_on+0xbd/0x310 [ 41.063819] ? ___might_sleep+0x1ed/0x300 [ 41.067965] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.073421] ? arch_local_save_flags+0x40/0x40 [ 41.078003] ? kasan_check_write+0x14/0x20 [ 41.082239] ? do_raw_spin_lock+0xc1/0x200 [ 41.086476] ____fput+0x15/0x20 [ 41.089757] task_work_run+0x1e8/0x2a0 [ 41.093647] ? task_work_cancel+0x240/0x240 [ 41.097976] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.103515] ? switch_task_namespaces+0x9d/0xd0 [ 41.108192] do_exit+0x1ad7/0x2610 [ 41.111740] ? mm_update_next_owner+0x990/0x990 [ 41.116418] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 41.120652] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.125687] ? kfree+0x1fa/0x230 [ 41.129060] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 41.133298] ? kvm_vcpu_block+0x1030/0x1030 [ 41.137623] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.143157] ? avc_has_extended_perms+0xab2/0x15a0 [ 41.148100] ? save_stack_address+0x4b/0x60 [ 41.152422] ? avc_ss_reset+0x190/0x190 [ 41.156404] ? save_stack+0xa9/0xd0 [ 41.160027] ? save_stack+0x43/0xd0 [ 41.163650] ? __kasan_slab_free+0x102/0x150 [ 41.168061] ? kasan_slab_free+0xe/0x10 [ 41.172032] ? putname+0xf2/0x130 [ 41.175487] ? __x64_sys_openat+0x9d/0x100 [ 41.179720] ? do_syscall_64+0x1b9/0x820 [ 41.183781] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.189152] ? ___might_sleep+0x1ed/0x300 [ 41.193302] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 41.198405] ? trace_hardirqs_off+0xb8/0x310 [ 41.202818] ? kvm_vcpu_block+0x1030/0x1030 [ 41.207141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.212689] ? do_vfs_ioctl+0x201/0x1720 [ 41.216750] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 41.221943] ? ioctl_preallocate+0x300/0x300 [ 41.226354] ? selinux_file_mprotect+0x620/0x620 [ 41.231109] ? path_mountpoint+0x57f/0x2190 [ 41.235431] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.240450] ? kmem_cache_free+0x24f/0x290 [ 41.244689] ? putname+0xf7/0x130 [ 41.248151] do_group_exit+0x177/0x440 [ 41.252046] ? trace_hardirqs_on+0xbd/0x310 [ 41.256369] ? __ia32_sys_exit+0x50/0x50 [ 41.260429] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.265879] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.271414] ? ksys_ioctl+0x81/0xd0 [ 41.275045] __x64_sys_exit_group+0x3e/0x50 [ 41.279371] do_syscall_64+0x1b9/0x820 [ 41.283258] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.288627] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.293560] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.298408] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.303427] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.308447] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.313470] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.318319] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.323511] RIP: 0033:0x43f028 [ 41.326708] Code: Bad RIP value. [ 41.330073] RSP: 002b:00007ffcc6e99368 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 41.337785] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 41.345055] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 41.352328] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 41.359604] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 41.366879] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 41.374166] [ 41.374173] ====================================================== [ 41.374184] WARNING: possible circular locking dependency detected [ 41.374189] 4.19.0-rc4+ #26 Not tainted [ 41.374195] ------------------------------------------------------ [ 41.374200] syz-executor302/5491 is trying to acquire lock: [ 41.374204] 00000000b05183f7 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 41.374221] [ 41.374226] but task is already holding lock: [ 41.374229] 000000003c224f29 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 41.374246] [ 41.374251] which lock already depends on the new lock. [ 41.374253] [ 41.374256] [ 41.374262] the existing dependency chain (in reverse order) is: [ 41.374265] [ 41.374267] -> #3 (report_lock){....}: [ 41.374284] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.374288] kasan_report+0x8b/0x110 [ 41.374294] __asan_report_load8_noabort+0x14/0x20 [ 41.374298] __schedule+0xfc3/0x1ed0 [ 41.374303] preempt_schedule_common+0x1f/0xd0 [ 41.374307] preempt_schedule+0x4d/0x60 [ 41.374312] ___preempt_schedule+0x16/0x18 [ 41.374317] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.374322] __call_srcu+0x7f9/0x1070 [ 41.374327] __synchronize_srcu+0x17b/0x230 [ 41.374331] synchronize_srcu+0x356/0x5ab [ 41.374337] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.374341] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.374346] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.374351] kvm_put_kvm+0x6c8/0xff0 [ 41.374355] kvm_vm_release+0x42/0x50 [ 41.374359] __fput+0x385/0xa30 [ 41.374363] ____fput+0x15/0x20 [ 41.374368] task_work_run+0x1e8/0x2a0 [ 41.374372] do_exit+0x1ad7/0x2610 [ 41.374376] do_group_exit+0x177/0x440 [ 41.374381] __x64_sys_exit_group+0x3e/0x50 [ 41.374385] do_syscall_64+0x1b9/0x820 [ 41.374391] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.374393] [ 41.374396] -> #2 (&rq->lock){-.-.}: [ 41.374412] _raw_spin_lock+0x2d/0x40 [ 41.374416] task_fork_fair+0xb0/0x6d0 [ 41.374421] sched_fork+0x443/0xba0 [ 41.374425] copy_process+0x2586/0x8780 [ 41.374429] _do_fork+0x1cb/0x11d0 [ 41.374434] kernel_thread+0x34/0x40 [ 41.374438] rest_init+0x22/0xe5 [ 41.374442] start_kernel+0x8f4/0x92f [ 41.374447] x86_64_start_reservations+0x29/0x2b [ 41.374452] x86_64_start_kernel+0x76/0x79 [ 41.374456] secondary_startup_64+0xa4/0xb0 [ 41.374459] [ 41.374462] -> #1 (&p->pi_lock){-.-.}: [ 41.374478] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.374483] try_to_wake_up+0xd2/0x12f0 [ 41.374487] wake_up_process+0x10/0x20 [ 41.374491] __up.isra.1+0x1c0/0x2a0 [ 41.374495] up+0x13c/0x1c0 [ 41.374500] __up_console_sem+0xbe/0x1b0 [ 41.374504] console_unlock+0x814/0x1160 [ 41.374509] do_con_write+0x1356/0x23b0 [ 41.374513] con_write+0x25/0xc0 [ 41.374517] n_tty_write+0x6c1/0x11a0 [ 41.374522] tty_write+0x3f1/0x880 [ 41.374526] __vfs_write+0x119/0x9f0 [ 41.374530] vfs_write+0x1fc/0x560 [ 41.374534] ksys_write+0x101/0x260 [ 41.374539] __x64_sys_write+0x73/0xb0 [ 41.374543] do_syscall_64+0x1b9/0x820 [ 41.374548] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.374551] [ 41.374554] -> #0 ((console_sem).lock){-...}: [ 41.374570] lock_acquire+0x1ed/0x520 [ 41.374575] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.374579] down_trylock+0x13/0x70 [ 41.374585] __down_trylock_console_sem+0xae/0x200 [ 41.374589] console_trylock+0x15/0xa0 [ 41.374593] vprintk_emit+0x322/0x930 [ 41.374598] vprintk_default+0x28/0x30 [ 41.374602] vprintk_func+0x7e/0x181 [ 41.374606] printk+0xa7/0xcf [ 41.374610] kasan_report+0x9b/0x110 [ 41.374615] __asan_report_load8_noabort+0x14/0x20 [ 41.374619] __schedule+0xfc3/0x1ed0 [ 41.374624] preempt_schedule_common+0x1f/0xd0 [ 41.374629] preempt_schedule+0x4d/0x60 [ 41.374633] ___preempt_schedule+0x16/0x18 [ 41.374639] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.374643] __call_srcu+0x7f9/0x1070 [ 41.374648] __synchronize_srcu+0x17b/0x230 [ 41.374652] synchronize_srcu+0x356/0x5ab [ 41.374658] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.374662] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.374674] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.374678] kvm_put_kvm+0x6c8/0xff0 [ 41.374683] kvm_vm_release+0x42/0x50 [ 41.374687] __fput+0x385/0xa30 [ 41.374691] ____fput+0x15/0x20 [ 41.374695] task_work_run+0x1e8/0x2a0 [ 41.374700] do_exit+0x1ad7/0x2610 [ 41.374704] do_group_exit+0x177/0x440 [ 41.374709] __x64_sys_exit_group+0x3e/0x50 [ 41.374713] do_syscall_64+0x1b9/0x820 [ 41.374718] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.374721] [ 41.374726] other info that might help us debug this: [ 41.374729] [ 41.374732] Chain exists of: [ 41.374735] (console_sem).lock --> &rq->lock --> report_lock [ 41.374755] [ 41.374760] Possible unsafe locking scenario: [ 41.374763] [ 41.374767] CPU0 CPU1 [ 41.374772] ---- ---- [ 41.374775] lock(report_lock); [ 41.374785] lock(&rq->lock); [ 41.374796] lock(report_lock); [ 41.374805] lock((console_sem).lock); [ 41.374814] [ 41.374818] *** DEADLOCK *** [ 41.374820] [ 41.374825] 2 locks held by syz-executor302/5491: [ 41.374828] #0: 00000000f09e5167 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 41.374847] #1: 000000003c224f29 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 41.374866] [ 41.374870] stack backtrace: [ 41.374876] CPU: 1 PID: 5491 Comm: syz-executor302 Not tainted 4.19.0-rc4+ #26 [ 41.374884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.374888] Call Trace: [ 41.374892] dump_stack+0x1c4/0x2b4 [ 41.374897] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.374902] ? vprintk_func+0x85/0x181 [ 41.374907] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 41.374912] ? save_trace+0xe0/0x290 [ 41.374916] __lock_acquire+0x33e4/0x4ec0 [ 41.374921] ? mark_held_locks+0x130/0x130 [ 41.374925] ? mark_held_locks+0x130/0x130 [ 41.374929] ? rcu_bh_qs+0xc0/0xc0 [ 41.374934] ? unwind_dump+0x190/0x190 [ 41.374939] ? is_bpf_text_address+0xd3/0x170 [ 41.374943] ? kernel_text_address+0x79/0xf0 [ 41.374948] ? __kernel_text_address+0xd/0x40 [ 41.374953] ? __save_stack_trace+0x8d/0xf0 [ 41.374958] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 41.374962] ? save_trace+0x290/0x290 [ 41.374967] ? save_stack_trace+0x1a/0x20 [ 41.374971] ? save_trace+0xe0/0x290 [ 41.374976] ? kasan_check_read+0x11/0x20 [ 41.374980] ? graph_lock+0x170/0x170 [ 41.374986] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.374990] lock_acquire+0x1ed/0x520 [ 41.374994] ? down_trylock+0x13/0x70 [ 41.374999] ? find_held_lock+0x36/0x1c0 [ 41.375003] ? lock_release+0x970/0x970 [ 41.375008] ? trace_hardirqs_off+0xb8/0x310 [ 41.375013] ? vprintk_emit+0x1d3/0x930 [ 41.375017] ? trace_hardirqs_on+0x310/0x310 [ 41.375022] ? trace_hardirqs_off+0xb8/0x310 [ 41.375027] ? log_store+0x344/0x4c0 [ 41.375031] ? vprintk_emit+0x322/0x930 [ 41.375036] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.375040] ? down_trylock+0x13/0x70 [ 41.375044] down_trylock+0x13/0x70 [ 41.375049] __down_trylock_console_sem+0xae/0x200 [ 41.375054] console_trylock+0x15/0xa0 [ 41.375058] vprintk_emit+0x322/0x930 [ 41.375062] ? wake_up_klogd+0x180/0x180 [ 41.375067] ? run_rebalance_domains+0x500/0x500 [ 41.375072] ? wake_up_worker+0x117/0x190 [ 41.375076] ? find_held_lock+0x36/0x1c0 [ 41.375081] ? __queue_work+0x6be/0x1440 [ 41.375085] ? lock_acquire+0x1ed/0x520 [ 41.375090] vprintk_default+0x28/0x30 [ 41.375094] vprintk_func+0x7e/0x181 [ 41.375098] printk+0xa7/0xcf [ 41.375103] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 41.375107] ? kasan_check_write+0x14/0x20 [ 41.375112] ? do_raw_spin_lock+0xc1/0x200 [ 41.375116] ? do_raw_spin_lock+0xc1/0x200 [ 41.375121] kasan_report+0x9b/0x110 [ 41.375125] ? __schedule+0xfc3/0x1ed0 [ 41.375130] __asan_report_load8_noabort+0x14/0x20 [ 41.375134] __schedule+0xfc3/0x1ed0 [ 41.375139] ? __sched_text_start+0x8/0x8 [ 41.375143] ? __lock_is_held+0xb5/0x140 [ 41.375149] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.375153] ? find_held_lock+0x36/0x1c0 [ 41.375158] ? __call_srcu+0x7f9/0x1070 [ 41.375163] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.375168] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.375173] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.375183] ? preempt_schedule+0x4d/0x60 [ 41.375188] preempt_schedule_common+0x1f/0xd0 [ 41.375192] preempt_schedule+0x4d/0x60 [ 41.375197] ___preempt_schedule+0x16/0x18 [ 41.375202] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.375206] __call_srcu+0x7f9/0x1070 [ 41.375211] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.375216] ? srcu_offline_cpu+0x120/0x120 [ 41.375221] ? debug_object_free+0x690/0x690 [ 41.375225] ? mark_held_locks+0x130/0x130 [ 41.375230] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 41.375235] ? lock_release+0x970/0x970 [ 41.375239] ? arch_local_save_flags+0x40/0x40 [ 41.375244] ? depot_save_stack+0x292/0x470 [ 41.375249] ? __lockdep_init_map+0x105/0x590 [ 41.375254] ? __init_waitqueue_head+0x9e/0x150 [ 41.375258] ? init_wait_entry+0x1c0/0x1c0 [ 41.375263] __synchronize_srcu+0x17b/0x230 [ 41.375267] ? call_srcu+0x10/0x10 [ 41.375272] ? rcu_unexpedite_gp+0x20/0x20 [ 41.375277] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.375282] ? check_preemption_disabled+0x48/0x200 [ 41.375287] synchronize_srcu+0x356/0x5ab [ 41.375291] ? lock_downgrade+0x900/0x900 [ 41.375297] ? synchronize_srcu_expedited+0x20/0x20 [ 41.375301] ? kasan_check_read+0x11/0x20 [ 41.375306] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.375311] ? kasan_check_write+0x14/0x20 [ 41.375315] ? do_raw_spin_lock+0xc1/0x200 [ 41.375321] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.375326] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.375330] ? kvfree+0x61/0x70 [ 41.375335] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.375340] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.375345] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.375349] ? kvm_arch_sync_events+0x30/0x30 [ 41.375355] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.375360] ? mmu_notifier_unregister+0x474/0x600 [ 41.375364] ? kfree+0x107/0x230 [ 41.375369] ? __mmu_notifier_register+0x30/0x30 [ 41.375374] ? __free_pages+0x10a/0x190 [ 41.375378] ? free_unref_page+0x960/0x960 [ 41.375383] kvm_put_kvm+0x6c8/0xff0 [ 41.375388] ? kvm_write_guest_cached+0x40/0x40 [ 41.375392] ? kvm_irqfd_release+0xd1/0x120 [ 41.375397] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.375402] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.375406] ? kasan_check_write+0x14/0x20 [ 41.375410] ? do_raw_spin [ 41.375419] Lost 74 message(s)! [ 42.503706] Shutting down cpus with NMI [ 43.561870] Kernel Offset: disabled [ 43.565495] Rebooting in 86400 seconds..