[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.630992] random: sshd: uninitialized urandom read (32 bytes read) [ 29.887431] audit: type=1400 audit(1536453003.269:6): avc: denied { map } for pid=5476 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 29.944879] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.556544] random: sshd: uninitialized urandom read (32 bytes read) [ 30.793208] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.201' (ECDSA) to the list of known hosts. [ 36.380502] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 36.515342] audit: type=1400 audit(1536453009.899:7): avc: denied { map } for pid=5490 comm="syz-executor514" path="/root/syz-executor514302845" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 36.519023] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 36.568027] ================================================================== [ 36.577985] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 36.584211] Read of size 8 at addr ffff8801b30d8058 by task syz-executor514/5490 [ 36.591731] [ 36.593366] CPU: 1 PID: 5490 Comm: syz-executor514 Not tainted 4.19.0-rc2+ #7 [ 36.600631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.609976] Call Trace: [ 36.612568] dump_stack+0x1c4/0x2b4 [ 36.616195] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.621386] ? printk+0xa7/0xcf [ 36.624667] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.629429] print_address_description.cold.8+0x9/0x1ff [ 36.634793] kasan_report.cold.9+0x242/0x309 [ 36.639204] ? __schedule+0xfc3/0x1ed0 [ 36.643098] __asan_report_load8_noabort+0x14/0x20 [ 36.648029] __schedule+0xfc3/0x1ed0 [ 36.651749] ? __sched_text_start+0x8/0x8 [ 36.655901] ? __lock_is_held+0xb5/0x140 [ 36.659962] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.665068] ? find_held_lock+0x36/0x1c0 [ 36.669159] ? __call_srcu+0x7f9/0x1070 [ 36.673137] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.678235] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.683340] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.687922] ? preempt_schedule+0x4d/0x60 [ 36.692072] preempt_schedule_common+0x1f/0xd0 [ 36.696745] preempt_schedule+0x4d/0x60 [ 36.700723] ___preempt_schedule+0x16/0x18 [ 36.704962] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.709892] __call_srcu+0x7f9/0x1070 [ 36.713691] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 36.718797] ? srcu_offline_cpu+0x120/0x120 [ 36.723117] ? debug_object_free+0x690/0x690 [ 36.727524] ? mark_held_locks+0x130/0x130 [ 36.731761] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 36.736343] ? lock_release+0x970/0x970 [ 36.740321] ? arch_local_save_flags+0x40/0x40 [ 36.744901] ? depot_save_stack+0x292/0x470 [ 36.749229] ? __lockdep_init_map+0x105/0x590 [ 36.753728] ? __init_waitqueue_head+0x9e/0x150 [ 36.758395] ? init_wait_entry+0x1c0/0x1c0 [ 36.762639] __synchronize_srcu+0x17b/0x230 [ 36.766962] ? call_srcu+0x10/0x10 [ 36.770502] ? rcu_unexpedite_gp+0x20/0x20 [ 36.774742] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.780287] ? check_preemption_disabled+0x48/0x200 [ 36.785312] synchronize_srcu+0x356/0x5ab [ 36.789465] ? lock_downgrade+0x900/0x900 [ 36.793613] ? synchronize_srcu_expedited+0x20/0x20 [ 36.798635] ? kasan_check_read+0x11/0x20 [ 36.802787] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.807377] ? kasan_check_write+0x14/0x20 [ 36.811614] ? do_raw_spin_lock+0xc1/0x200 [ 36.815856] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.821576] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.827034] ? kvfree+0x61/0x70 [ 36.830322] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.835341] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.839404] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.843814] ? kvm_arch_sync_events+0x30/0x30 [ 36.848312] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.853850] ? mmu_notifier_unregister+0x474/0x600 [ 36.858783] ? kfree+0x107/0x230 [ 36.862155] ? __mmu_notifier_register+0x30/0x30 [ 36.866919] ? __free_pages+0x10a/0x190 [ 36.870902] ? free_unref_page+0x960/0x960 [ 36.875155] kvm_put_kvm+0x6c8/0xff0 [ 36.878874] ? kvm_write_guest_cached+0x40/0x40 [ 36.883547] ? kvm_irqfd_release+0xd1/0x120 [ 36.887871] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.892366] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.896873] ? kasan_check_write+0x14/0x20 [ 36.901113] ? do_raw_spin_lock+0xc1/0x200 [ 36.905350] ? kvm_irqfd_release+0xdd/0x120 [ 36.909670] ? kvm_irqfd_release+0xdd/0x120 [ 36.913996] ? kvm_put_kvm+0xff0/0xff0 [ 36.917885] kvm_vm_release+0x42/0x50 [ 36.921692] __fput+0x385/0xa30 [ 36.924981] ? get_max_files+0x20/0x20 [ 36.928873] ? trace_hardirqs_on+0xbd/0x310 [ 36.933198] ? ___might_sleep+0x1ed/0x300 [ 36.937346] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.942799] ? arch_local_save_flags+0x40/0x40 [ 36.947384] ? kasan_check_write+0x14/0x20 [ 36.951620] ? do_raw_spin_lock+0xc1/0x200 [ 36.955859] ____fput+0x15/0x20 [ 36.959145] task_work_run+0x1e8/0x2a0 [ 36.963039] ? task_work_cancel+0x240/0x240 [ 36.967370] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.972912] ? switch_task_namespaces+0x9d/0xd0 [ 36.977587] do_exit+0x1ad7/0x2610 [ 36.981139] ? mm_update_next_owner+0x990/0x990 [ 36.985823] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 36.990069] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.995093] ? kfree+0x1fa/0x230 [ 36.998465] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 37.002703] ? kvm_vcpu_block+0x1030/0x1030 [ 37.007034] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.012580] ? avc_has_extended_perms+0xab2/0x15a0 [ 37.017521] ? fpu__prepare_read+0x37b/0x750 [ 37.021931] ? avc_ss_reset+0x190/0x190 [ 37.025910] ? save_stack+0xa9/0xd0 [ 37.029535] ? save_stack+0x43/0xd0 [ 37.033162] ? __kasan_slab_free+0x102/0x150 [ 37.037578] ? kasan_slab_free+0xe/0x10 [ 37.041560] ? putname+0xf2/0x130 [ 37.045020] ? __x64_sys_openat+0x9d/0x100 [ 37.049261] ? do_syscall_64+0x1b9/0x820 [ 37.053337] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.058715] ? ___might_sleep+0x1ed/0x300 [ 37.062882] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 37.067996] ? trace_hardirqs_off+0xb8/0x310 [ 37.072412] ? kvm_vcpu_block+0x1030/0x1030 [ 37.076735] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.082298] ? do_vfs_ioctl+0x201/0x1720 [ 37.086384] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 37.091599] ? ioctl_preallocate+0x300/0x300 [ 37.096022] ? selinux_file_mprotect+0x620/0x620 [ 37.100789] ? path_mountpoint+0x52e/0x2190 [ 37.105134] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.110162] ? kmem_cache_free+0x24f/0x290 [ 37.114403] ? putname+0xf7/0x130 [ 37.117863] do_group_exit+0x177/0x440 [ 37.121755] ? trace_hardirqs_on+0xbd/0x310 [ 37.126093] ? __ia32_sys_exit+0x50/0x50 [ 37.130172] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.135634] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.141180] ? ksys_ioctl+0x81/0xd0 [ 37.144819] __x64_sys_exit_group+0x3e/0x50 [ 37.149149] do_syscall_64+0x1b9/0x820 [ 37.153053] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.158442] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.163390] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.169653] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.174681] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.179702] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.184723] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.189576] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.195028] RIP: 0033:0x43ecc8 [ 37.198229] Code: Bad RIP value. [ 37.201588] RSP: 002b:00007ffd208dcac8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.209310] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 37.216585] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.223856] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.231120] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.238382] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 37.245658] [ 37.247290] Allocated by task 5490: [ 37.250923] save_stack+0x43/0xd0 [ 37.254376] kasan_kmalloc+0xc7/0xe0 [ 37.258119] kasan_slab_alloc+0x12/0x20 [ 37.262091] kmem_cache_alloc+0x12e/0x730 [ 37.266241] vmx_create_vcpu+0xcf/0x25e0 [ 37.270310] kvm_arch_vcpu_create+0xe5/0x220 [ 37.274838] kvm_vm_ioctl+0x470/0x1d40 [ 37.278730] do_vfs_ioctl+0x1de/0x1720 [ 37.282615] ksys_ioctl+0xa9/0xd0 [ 37.286073] __x64_sys_ioctl+0x73/0xb0 [ 37.289958] do_syscall_64+0x1b9/0x820 [ 37.293847] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.299025] [ 37.300649] Freed by task 5490: [ 37.303925] save_stack+0x43/0xd0 [ 37.307373] __kasan_slab_free+0x102/0x150 [ 37.311600] kasan_slab_free+0xe/0x10 [ 37.315399] kmem_cache_free+0x83/0x290 [ 37.319371] vmx_free_vcpu+0x26b/0x300 [ 37.323257] kvm_arch_destroy_vm+0x365/0x7c0 [ 37.328157] kvm_put_kvm+0x6c8/0xff0 [ 37.331955] kvm_vm_release+0x42/0x50 [ 37.335753] __fput+0x385/0xa30 [ 37.339028] ____fput+0x15/0x20 [ 37.342308] task_work_run+0x1e8/0x2a0 [ 37.346192] do_exit+0x1ad7/0x2610 [ 37.349730] do_group_exit+0x177/0x440 [ 37.353615] __x64_sys_exit_group+0x3e/0x50 [ 37.357934] do_syscall_64+0x1b9/0x820 [ 37.361821] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.366998] [ 37.368620] The buggy address belongs to the object at ffff8801b30d8040 [ 37.368620] which belongs to the cache kvm_vcpu of size 23872 [ 37.381211] The buggy address is located 24 bytes inside of [ 37.381211] 23872-byte region [ffff8801b30d8040, ffff8801b30ddd80) [ 37.393165] The buggy address belongs to the page: [ 37.398092] page:ffffea0006cc3600 count:1 mapcount:0 mapping:ffff8801d546c940 index:0x0 compound_mapcount: 0 [ 37.408062] flags: 0x2fffc0000008100(slab|head) [ 37.412736] raw: 02fffc0000008100 ffff8801d5476f48 ffff8801d5476f48 ffff8801d546c940 [ 37.420618] raw: 0000000000000000 ffff8801b30d8040 0000000100000001 0000000000000000 [ 37.428487] page dumped because: kasan: bad access detected [ 37.434183] [ 37.435800] Memory state around the buggy address: [ 37.440727] ffff8801b30d7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.448080] ffff8801b30d7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.455437] >ffff8801b30d8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 37.462806] ^ [ 37.469031] ffff8801b30d8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.476392] ffff8801b30d8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.483741] ================================================================== [ 37.491099] Kernel panic - not syncing: panic_on_warn set ... [ 37.491099] [ 37.498466] CPU: 1 PID: 5490 Comm: syz-executor514 Tainted: G B 4.19.0-rc2+ #7 [ 37.507119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.516462] Call Trace: [ 37.519063] dump_stack+0x1c4/0x2b4 [ 37.522689] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.527880] ? lock_downgrade+0x900/0x900 [ 37.532030] panic+0x238/0x4e7 [ 37.535231] ? add_taint.cold.5+0x16/0x16 [ 37.539387] ? print_shadow_for_address+0xb6/0x116 [ 37.544317] ? trace_hardirqs_off+0xaf/0x310 [ 37.548727] kasan_end_report+0x47/0x4f [ 37.552701] kasan_report.cold.9+0x76/0x309 [ 37.557026] ? __schedule+0xfc3/0x1ed0 [ 37.560918] __asan_report_load8_noabort+0x14/0x20 [ 37.565848] __schedule+0xfc3/0x1ed0 [ 37.569566] ? __sched_text_start+0x8/0x8 [ 37.573717] ? __lock_is_held+0xb5/0x140 [ 37.577776] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.582876] ? find_held_lock+0x36/0x1c0 [ 37.586944] ? __call_srcu+0x7f9/0x1070 [ 37.590920] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.596018] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.601127] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.605710] ? preempt_schedule+0x4d/0x60 [ 37.609860] preempt_schedule_common+0x1f/0xd0 [ 37.614463] preempt_schedule+0x4d/0x60 [ 37.618442] ___preempt_schedule+0x16/0x18 [ 37.622684] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.627614] __call_srcu+0x7f9/0x1070 [ 37.631411] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.636516] ? srcu_offline_cpu+0x120/0x120 [ 37.640836] ? debug_object_free+0x690/0x690 [ 37.645243] ? mark_held_locks+0x130/0x130 [ 37.649485] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.654090] ? lock_release+0x970/0x970 [ 37.658071] ? arch_local_save_flags+0x40/0x40 [ 37.662657] ? depot_save_stack+0x292/0x470 [ 37.666990] ? __lockdep_init_map+0x105/0x590 [ 37.671489] ? __init_waitqueue_head+0x9e/0x150 [ 37.676155] ? init_wait_entry+0x1c0/0x1c0 [ 37.680398] __synchronize_srcu+0x17b/0x230 [ 37.684722] ? call_srcu+0x10/0x10 [ 37.688263] ? rcu_unexpedite_gp+0x20/0x20 [ 37.692514] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.698056] ? check_preemption_disabled+0x48/0x200 [ 37.703081] synchronize_srcu+0x356/0x5ab [ 37.707232] ? lock_downgrade+0x900/0x900 [ 37.711390] ? synchronize_srcu_expedited+0x20/0x20 [ 37.716418] ? kasan_check_read+0x11/0x20 [ 37.720577] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.725178] ? kasan_check_write+0x14/0x20 [ 37.729426] ? do_raw_spin_lock+0xc1/0x200 [ 37.733680] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.739399] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.744856] ? kvfree+0x61/0x70 [ 37.748137] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.753159] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.757225] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.761637] ? kvm_arch_sync_events+0x30/0x30 [ 37.766140] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.771680] ? mmu_notifier_unregister+0x474/0x600 [ 37.776607] ? kfree+0x107/0x230 [ 37.779973] ? __mmu_notifier_register+0x30/0x30 [ 37.784732] ? __free_pages+0x10a/0x190 [ 37.788703] ? free_unref_page+0x960/0x960 [ 37.792949] kvm_put_kvm+0x6c8/0xff0 [ 37.796674] ? kvm_write_guest_cached+0x40/0x40 [ 37.801344] ? kvm_irqfd_release+0xd1/0x120 [ 37.805666] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.810164] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.814669] ? kasan_check_write+0x14/0x20 [ 37.818909] ? do_raw_spin_lock+0xc1/0x200 [ 37.823144] ? kvm_irqfd_release+0xdd/0x120 [ 37.827463] ? kvm_irqfd_release+0xdd/0x120 [ 37.831789] ? kvm_put_kvm+0xff0/0xff0 [ 37.835676] kvm_vm_release+0x42/0x50 [ 37.839473] __fput+0x385/0xa30 [ 37.842754] ? get_max_files+0x20/0x20 [ 37.846644] ? trace_hardirqs_on+0xbd/0x310 [ 37.850968] ? ___might_sleep+0x1ed/0x300 [ 37.855119] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.860571] ? arch_local_save_flags+0x40/0x40 [ 37.865158] ? kasan_check_write+0x14/0x20 [ 37.869392] ? do_raw_spin_lock+0xc1/0x200 [ 37.873629] ____fput+0x15/0x20 [ 37.876913] task_work_run+0x1e8/0x2a0 [ 37.880804] ? task_work_cancel+0x240/0x240 [ 37.885130] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.890671] ? switch_task_namespaces+0x9d/0xd0 [ 37.895346] do_exit+0x1ad7/0x2610 [ 37.898893] ? mm_update_next_owner+0x990/0x990 [ 37.903572] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 37.907810] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.912826] ? kfree+0x1fa/0x230 [ 37.916194] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 37.920429] ? kvm_vcpu_block+0x1030/0x1030 [ 37.924753] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.930297] ? avc_has_extended_perms+0xab2/0x15a0 [ 37.935231] ? fpu__prepare_read+0x37b/0x750 [ 37.939638] ? avc_ss_reset+0x190/0x190 [ 37.943618] ? save_stack+0xa9/0xd0 [ 37.947240] ? save_stack+0x43/0xd0 [ 37.950871] ? __kasan_slab_free+0x102/0x150 [ 37.955282] ? kasan_slab_free+0xe/0x10 [ 37.959258] ? putname+0xf2/0x130 [ 37.962721] ? __x64_sys_openat+0x9d/0x100 [ 37.966953] ? do_syscall_64+0x1b9/0x820 [ 37.971015] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.976430] ? ___might_sleep+0x1ed/0x300 [ 37.980669] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 37.985772] ? trace_hardirqs_off+0xb8/0x310 [ 37.990186] ? kvm_vcpu_block+0x1030/0x1030 [ 37.994513] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.000060] ? do_vfs_ioctl+0x201/0x1720 [ 38.004129] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 38.009327] ? ioctl_preallocate+0x300/0x300 [ 38.013741] ? selinux_file_mprotect+0x620/0x620 [ 38.018497] ? path_mountpoint+0x52e/0x2190 [ 38.022821] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.027838] ? kmem_cache_free+0x24f/0x290 [ 38.032076] ? putname+0xf7/0x130 [ 38.035535] do_group_exit+0x177/0x440 [ 38.039427] ? trace_hardirqs_on+0xbd/0x310 [ 38.043749] ? __ia32_sys_exit+0x50/0x50 [ 38.047811] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.053264] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.058811] ? ksys_ioctl+0x81/0xd0 [ 38.062444] __x64_sys_exit_group+0x3e/0x50 [ 38.066770] do_syscall_64+0x1b9/0x820 [ 38.070664] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.076030] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.080960] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.085804] ? trace_hardirqs_on_caller+0x310/0x310 [ 38.090819] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.095840] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.100863] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.105715] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.110906] RIP: 0033:0x43ecc8 [ 38.114105] Code: Bad RIP value. [ 38.117468] RSP: 002b:00007ffd208dcac8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.125178] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 38.132440] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.139726] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.146993] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 38.154263] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 38.161570] [ 38.161576] ====================================================== [ 38.161582] WARNING: possible circular locking dependency detected [ 38.161586] 4.19.0-rc2+ #7 Not tainted [ 38.161592] ------------------------------------------------------ [ 38.161598] syz-executor514/5490 is trying to acquire lock: [ 38.161602] 000000001c7da3ed ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 38.161618] [ 38.161623] but task is already holding lock: [ 38.161626] 00000000f5dfc61d (report_lock){....}, at: kasan_report+0x8b/0x110 [ 38.161642] [ 38.161647] which lock already depends on the new lock. [ 38.161650] [ 38.161653] [ 38.161658] the existing dependency chain (in reverse order) is: [ 38.161661] [ 38.161663] -> #3 (report_lock){....}: [ 38.161679] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.161684] kasan_report+0x8b/0x110 [ 38.161689] __asan_report_load8_noabort+0x14/0x20 [ 38.161693] __schedule+0xfc3/0x1ed0 [ 38.161698] preempt_schedule_common+0x1f/0xd0 [ 38.161702] preempt_schedule+0x4d/0x60 [ 38.161707] ___preempt_schedule+0x16/0x18 [ 38.161712] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.161716] __call_srcu+0x7f9/0x1070 [ 38.161720] __synchronize_srcu+0x17b/0x230 [ 38.161725] synchronize_srcu+0x356/0x5ab [ 38.161730] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.161735] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.161739] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.161744] kvm_put_kvm+0x6c8/0xff0 [ 38.161748] kvm_vm_release+0x42/0x50 [ 38.161752] __fput+0x385/0xa30 [ 38.161755] ____fput+0x15/0x20 [ 38.161760] task_work_run+0x1e8/0x2a0 [ 38.161764] do_exit+0x1ad7/0x2610 [ 38.161768] do_group_exit+0x177/0x440 [ 38.161773] __x64_sys_exit_group+0x3e/0x50 [ 38.161777] do_syscall_64+0x1b9/0x820 [ 38.161782] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.161784] [ 38.161787] -> #2 (&rq->lock){-.-.}: [ 38.161802] _raw_spin_lock+0x2d/0x40 [ 38.161807] task_fork_fair+0xb0/0x6d0 [ 38.161811] sched_fork+0x443/0xba0 [ 38.161815] copy_process+0x2586/0x8780 [ 38.161819] _do_fork+0x1cb/0x11d0 [ 38.161823] kernel_thread+0x34/0x40 [ 38.161827] rest_init+0x22/0xe5 [ 38.161832] start_kernel+0x8f4/0x92f [ 38.161836] x86_64_start_reservations+0x29/0x2b [ 38.161841] x86_64_start_kernel+0x76/0x79 [ 38.161845] secondary_startup_64+0xa4/0xb0 [ 38.161848] [ 38.161850] -> #1 (&p->pi_lock){-.-.}: [ 38.161866] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.161871] try_to_wake_up+0xd2/0x12f0 [ 38.161875] wake_up_process+0x10/0x20 [ 38.161879] __up.isra.1+0x1c0/0x2a0 [ 38.161883] up+0x13c/0x1c0 [ 38.161887] __up_console_sem+0xbe/0x1b0 [ 38.161892] console_unlock+0x524/0x11a0 [ 38.161896] vprintk_emit+0x33d/0x930 [ 38.161901] vprintk_default+0x28/0x30 [ 38.161905] vprintk_func+0x7e/0x181 [ 38.161909] printk+0xa7/0xcf [ 38.161913] load_umh+0x51/0xbd [ 38.161917] do_one_initcall+0x145/0x957 [ 38.161922] kernel_init_freeable+0x4bb/0x5ae [ 38.161926] kernel_init+0x11/0x1b2 [ 38.161931] ret_from_fork+0x3a/0x50 [ 38.161933] [ 38.161936] -> #0 ((console_sem).lock){-...}: [ 38.161952] lock_acquire+0x1ed/0x520 [ 38.161957] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.161961] down_trylock+0x13/0x70 [ 38.161966] __down_trylock_console_sem+0xae/0x200 [ 38.161970] console_trylock+0x15/0xa0 [ 38.161974] vprintk_emit+0x322/0x930 [ 38.161979] vprintk_default+0x28/0x30 [ 38.161983] vprintk_func+0x7e/0x181 [ 38.161987] printk+0xa7/0xcf [ 38.161991] kasan_report+0x9b/0x110 [ 38.161996] __asan_report_load8_noabort+0x14/0x20 [ 38.162000] __schedule+0xfc3/0x1ed0 [ 38.162005] preempt_schedule_common+0x1f/0xd0 [ 38.162009] preempt_schedule+0x4d/0x60 [ 38.162014] ___preempt_schedule+0x16/0x18 [ 38.162019] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.162023] __call_srcu+0x7f9/0x1070 [ 38.162028] __synchronize_srcu+0x17b/0x230 [ 38.162032] synchronize_srcu+0x356/0x5ab [ 38.162037] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.162042] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.162052] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.162056] kvm_put_kvm+0x6c8/0xff0 [ 38.162061] kvm_vm_release+0x42/0x50 [ 38.162064] __fput+0x385/0xa30 [ 38.162068] ____fput+0x15/0x20 [ 38.162073] task_work_run+0x1e8/0x2a0 [ 38.162077] do_exit+0x1ad7/0x2610 [ 38.162081] do_group_exit+0x177/0x440 [ 38.162085] __x64_sys_exit_group+0x3e/0x50 [ 38.162090] do_syscall_64+0x1b9/0x820 [ 38.162095] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.162097] [ 38.162102] other info that might help us debug this: [ 38.162105] [ 38.162108] Chain exists of: [ 38.162110] (console_sem).lock --> &rq->lock --> report_lock [ 38.162130] [ 38.162135] Possible unsafe locking scenario: [ 38.162137] [ 38.162142] CPU0 CPU1 [ 38.162146] ---- ---- [ 38.162149] lock(report_lock); [ 38.162159] lock(&rq->lock); [ 38.162170] lock(report_lock); [ 38.162179] lock((console_sem).lock); [ 38.162187] [ 38.162191] *** DEADLOCK *** [ 38.162194] [ 38.162198] 2 locks held by syz-executor514/5490: [ 38.162201] #0: 00000000a83fdaff (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 38.162220] #1: 00000000f5dfc61d (report_lock){....}, at: kasan_report+0x8b/0x110 [ 38.162238] [ 38.162242] stack backtrace: [ 38.162249] CPU: 1 PID: 5490 Comm: syz-executor514 Not tainted 4.19.0-rc2+ #7 [ 38.162257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.162260] Call Trace: [ 38.162264] dump_stack+0x1c4/0x2b4 [ 38.162269] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.162281] ? vprintk_func+0x85/0x181 [ 38.162287] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 38.162291] ? save_trace+0xe0/0x290 [ 38.162296] __lock_acquire+0x33e4/0x4ec0 [ 38.162300] ? mark_held_locks+0x130/0x130 [ 38.162305] ? mark_held_locks+0x130/0x130 [ 38.162309] ? rcu_bh_qs+0xc0/0xc0 [ 38.162313] ? unwind_dump+0x190/0x190 [ 38.162318] ? is_bpf_text_address+0xd3/0x170 [ 38.162323] ? kernel_text_address+0x79/0xf0 [ 38.162328] ? __kernel_text_address+0xd/0x40 [ 38.162332] ? __save_stack_trace+0x8d/0xf0 [ 38.162337] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 38.162342] ? save_trace+0x290/0x290 [ 38.162346] ? save_stack_trace+0x1a/0x20 [ 38.162350] ? save_trace+0xe0/0x290 [ 38.162355] ? kasan_check_read+0x11/0x20 [ 38.162359] ? graph_lock+0x170/0x170 [ 38.162365] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.162369] lock_acquire+0x1ed/0x520 [ 38.162373] ? down_trylock+0x13/0x70 [ 38.162378] ? find_held_lock+0x36/0x1c0 [ 38.162383] ? lock_release+0x970/0x970 [ 38.162387] ? trace_hardirqs_off+0xb8/0x310 [ 38.162392] ? vprintk_emit+0x1d3/0x930 [ 38.162396] ? trace_hardirqs_on+0x310/0x310 [ 38.162401] ? trace_hardirqs_off+0xb8/0x310 [ 38.162405] ? log_store+0x344/0x4c0 [ 38.162410] ? vprintk_emit+0x322/0x930 [ 38.162414] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.162418] ? down_trylock+0x13/0x70 [ 38.162423] down_trylock+0x13/0x70 [ 38.162428] __down_trylock_console_sem+0xae/0x200 [ 38.162432] console_trylock+0x15/0xa0 [ 38.162436] vprintk_emit+0x322/0x930 [ 38.162440] ? wake_up_klogd+0x180/0x180 [ 38.162445] ? run_rebalance_domains+0x500/0x500 [ 38.162449] ? find_held_lock+0x36/0x1c0 [ 38.162454] ? __queue_work+0x6be/0x1440 [ 38.162458] ? lock_acquire+0x1ed/0x520 [ 38.162462] vprintk_default+0x28/0x30 [ 38.162467] vprintk_func+0x7e/0x181 [ 38.162470] printk+0xa7/0xcf [ 38.162475] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 38.162480] ? kasan_check_write+0x14/0x20 [ 38.162484] ? do_raw_spin_lock+0xc1/0x200 [ 38.162489] ? do_raw_spin_lock+0xc1/0x200 [ 38.162493] kasan_report+0x9b/0x110 [ 38.162497] ? __schedule+0xfc3/0x1ed0 [ 38.162502] __asan_report_load8_noabort+0x14/0x20 [ 38.162506] __schedule+0xfc3/0x1ed0 [ 38.162510] ? __sched_text_start+0x8/0x8 [ 38.162515] ? __lock_is_held+0xb5/0x140 [ 38.162520] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.162524] ? find_held_lock+0x36/0x1c0 [ 38.162528] ? __call_srcu+0x7f9/0x1070 [ 38.162534] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.162539] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.162543] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.162548] ? preempt_schedule+0x4d/0x60 [ 38.162553] preempt_schedule_common+0x1f/0xd0 [ 38.162557] preempt_schedule+0x4d/0x60 [ 38.162562] ___preempt_schedule+0x16/0x18 [ 38.162567] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.162571] __call_srcu+0x7f9/0x1070 [ 38.162576] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.162580] ? srcu_offline_cpu+0x120/0x120 [ 38.162585] ? debug_object_free+0x690/0x690 [ 38.162590] ? mark_held_locks+0x130/0x130 [ 38.162594] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.162599] ? lock_release+0x970/0x970 [ 38.162604] ? arch_local_save_flags+0x40/0x40 [ 38.162608] ? depot_save_stack+0x292/0x470 [ 38.162613] ? __lockdep_init_map+0x105/0x590 [ 38.162618] ? __init_waitqueue_head+0x9e/0x150 [ 38.162622] ? init_wait_entry+0x1c0/0x1c0 [ 38.162627] __synchronize_srcu+0x17b/0x230 [ 38.162631] ? call_srcu+0x10/0x10 [ 38.162635] ? rcu_unexpedite_gp+0x20/0x20 [ 38.162641] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.162646] ? check_preemption_disabled+0x48/0x200 [ 38.162650] synchronize_srcu+0x356/0x5ab [ 38.162655] ? lock_downgrade+0x900/0x900 [ 38.162660] ? synchronize_srcu_expedited+0x20/0x20 [ 38.162664] ? kasan_check_read+0x11/0x20 [ 38.162669] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.162673] ? kasan_check_write+0x14/0x20 [ 38.162678] ? do_raw_spin_lock+0xc1/0x200 [ 38.162683] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.162688] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.162692] ? kvfree+0x61/0x70 [ 38.162697] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.162701] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.162706] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.162711] ? kvm_arch_sync_events+0x30/0x30 [ 38.162716] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.162721] ? mmu_notifier_unregister+0x474/0x600 [ 38.162725] ? kfree+0x107/0x230 [ 38.162730] ? __mmu_notifier_register+0x30/0x30 [ 38.162734] ? __free_pages+0x10a/0x190 [ 38.162739] ? free_unref_page+0x960/0x960 [ 38.162743] kvm_put_kvm+0x6c8/0xff0 [ 38.162748] ? kvm_write_guest_cached+0x40/0x40 [ 38.162753] ? kvm_irqfd_release+0xd1/0x120 [ 38.162757] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.162762] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.162767] ? kasan_check_write+0x14/0x20 [ 38.162771] ? do_raw_spin_lock+0xc1/0x200 [ 38.162776] ? kvm_irqfd_release+0xdd/0x120 [ 38.162780] ? kvm_irqfd_release+0xdd [ 38.162788] Lost 72 message(s)! [ 39.299880] Shutting down cpus with NMI [ 40.360777] Dumping ftrace buffer: [ 40.364301] (ftrace buffer empty) [ 40.368614] Kernel Offset: disabled [ 40.372239] Rebooting in 86400 seconds..