[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 31.584527] random: sshd: uninitialized urandom read (32 bytes read) [ 31.921175] audit: type=1400 audit(1537494824.494:6): avc: denied { map } for pid=5467 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 31.971486] random: sshd: uninitialized urandom read (32 bytes read) [ 32.588034] random: sshd: uninitialized urandom read (32 bytes read) [ 32.815461] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.101' (ECDSA) to the list of known hosts. [ 38.415310] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 38.546158] audit: type=1400 audit(1537494831.124:7): avc: denied { map } for pid=5481 comm="syz-executor221" path="/root/syz-executor221000855" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 38.549832] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 38.598124] ================================================================== [ 38.608094] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 38.614320] Read of size 8 at addr ffff8801d82e8058 by task syz-executor221/5481 [ 38.621839] [ 38.623477] CPU: 0 PID: 5481 Comm: syz-executor221 Not tainted 4.19.0-rc4+ #26 [ 38.630824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.640170] Call Trace: [ 38.642760] dump_stack+0x1c4/0x2b4 [ 38.646387] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.651577] ? printk+0xa7/0xcf [ 38.654856] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 38.659631] print_address_description.cold.8+0x9/0x1ff [ 38.665000] kasan_report.cold.9+0x242/0x309 [ 38.669414] ? __schedule+0xfc3/0x1ed0 [ 38.673308] __asan_report_load8_noabort+0x14/0x20 [ 38.678242] __schedule+0xfc3/0x1ed0 [ 38.681965] ? __sched_text_start+0x8/0x8 [ 38.686116] ? __lock_is_held+0xb5/0x140 [ 38.690179] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.695288] ? find_held_lock+0x36/0x1c0 [ 38.699357] ? __call_srcu+0x7f9/0x1070 [ 38.703337] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.708448] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.713568] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.718165] ? preempt_schedule+0x4d/0x60 [ 38.722325] preempt_schedule_common+0x1f/0xd0 [ 38.726921] preempt_schedule+0x4d/0x60 [ 38.730915] ___preempt_schedule+0x16/0x18 [ 38.735162] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.740105] __call_srcu+0x7f9/0x1070 [ 38.743921] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.749042] ? srcu_offline_cpu+0x120/0x120 [ 38.753373] ? debug_object_free+0x690/0x690 [ 38.757791] ? mark_held_locks+0x130/0x130 [ 38.762032] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.766622] ? lock_release+0x970/0x970 [ 38.770602] ? arch_local_save_flags+0x40/0x40 [ 38.775196] ? depot_save_stack+0x292/0x470 [ 38.779538] ? __lockdep_init_map+0x105/0x590 [ 38.784053] ? __init_waitqueue_head+0x9e/0x150 [ 38.788733] ? init_wait_entry+0x1c0/0x1c0 [ 38.792990] __synchronize_srcu+0x17b/0x230 [ 38.797329] ? call_srcu+0x10/0x10 [ 38.801369] ? rcu_unexpedite_gp+0x20/0x20 [ 38.805626] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.811181] ? check_preemption_disabled+0x48/0x200 [ 38.816216] synchronize_srcu+0x356/0x5ab [ 38.820377] ? lock_downgrade+0x900/0x900 [ 38.824538] ? synchronize_srcu_expedited+0x20/0x20 [ 38.829573] ? kasan_check_read+0x11/0x20 [ 38.833738] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.838341] ? kasan_check_write+0x14/0x20 [ 38.842588] ? do_raw_spin_lock+0xc1/0x200 [ 38.846831] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.852555] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.858015] ? kvfree+0x61/0x70 [ 38.861301] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.866324] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.870388] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.874798] ? kvm_arch_sync_events+0x30/0x30 [ 38.879296] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.884832] ? mmu_notifier_unregister+0x474/0x600 [ 38.889767] ? kfree+0x107/0x230 [ 38.893136] ? __mmu_notifier_register+0x30/0x30 [ 38.897907] ? __free_pages+0x10a/0x190 [ 38.901889] ? free_unref_page+0x960/0x960 [ 38.906981] kvm_put_kvm+0x6c8/0xff0 [ 38.910706] ? kvm_write_guest_cached+0x40/0x40 [ 38.915378] ? kvm_irqfd_release+0xd1/0x120 [ 38.919700] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.924191] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.928695] ? kasan_check_write+0x14/0x20 [ 38.933157] ? do_raw_spin_lock+0xc1/0x200 [ 38.937393] ? kvm_irqfd_release+0xdd/0x120 [ 38.941715] ? kvm_irqfd_release+0xdd/0x120 [ 38.946035] ? kvm_put_kvm+0xff0/0xff0 [ 38.949926] kvm_vm_release+0x42/0x50 [ 38.953724] __fput+0x385/0xa30 [ 38.957002] ? get_max_files+0x20/0x20 [ 38.960901] ? trace_hardirqs_on+0xbd/0x310 [ 38.965222] ? ___might_sleep+0x1ed/0x300 [ 38.969367] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.974836] ? arch_local_save_flags+0x40/0x40 [ 38.979433] ? kasan_check_write+0x14/0x20 [ 38.983667] ? do_raw_spin_lock+0xc1/0x200 [ 38.987905] ____fput+0x15/0x20 [ 38.991188] task_work_run+0x1e8/0x2a0 [ 38.995075] ? task_work_cancel+0x240/0x240 [ 38.999395] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.004930] ? switch_task_namespaces+0x9d/0xd0 [ 39.009603] do_exit+0x1ad7/0x2610 [ 39.013145] ? mm_update_next_owner+0x990/0x990 [ 39.017818] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 39.022058] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.027073] ? kfree+0x1fa/0x230 [ 39.030438] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 39.034673] ? kvm_vcpu_block+0x1030/0x1030 [ 39.038994] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.044531] ? avc_has_extended_perms+0xab2/0x15a0 [ 39.049465] ? save_stack_address+0x4b/0x60 [ 39.053784] ? avc_ss_reset+0x190/0x190 [ 39.057760] ? save_stack+0xa9/0xd0 [ 39.061397] ? save_stack+0x43/0xd0 [ 39.065019] ? __kasan_slab_free+0x102/0x150 [ 39.069427] ? kasan_slab_free+0xe/0x10 [ 39.073410] ? putname+0xf2/0x130 [ 39.076859] ? __x64_sys_openat+0x9d/0x100 [ 39.081106] ? do_syscall_64+0x1b9/0x820 [ 39.085168] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.090542] ? ___might_sleep+0x1ed/0x300 [ 39.094687] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 39.099789] ? trace_hardirqs_off+0xb8/0x310 [ 39.104199] ? kvm_vcpu_block+0x1030/0x1030 [ 39.108520] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.114053] ? do_vfs_ioctl+0x201/0x1720 [ 39.118114] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 39.123307] ? ioctl_preallocate+0x300/0x300 [ 39.127717] ? selinux_file_mprotect+0x620/0x620 [ 39.132471] ? path_mountpoint+0x57e/0x2190 [ 39.136793] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.141812] ? kmem_cache_free+0x24f/0x290 [ 39.146050] ? putname+0xf7/0x130 [ 39.149508] do_group_exit+0x177/0x440 [ 39.153397] ? trace_hardirqs_on+0xbd/0x310 [ 39.157714] ? __ia32_sys_exit+0x50/0x50 [ 39.161776] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.167223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.172755] ? ksys_ioctl+0x81/0xd0 [ 39.176383] __x64_sys_exit_group+0x3e/0x50 [ 39.180709] do_syscall_64+0x1b9/0x820 [ 39.184611] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.189989] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.194920] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.199761] ? trace_hardirqs_on_caller+0x310/0x310 [ 39.204773] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.209789] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.214807] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.219654] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.224836] RIP: 0033:0x43ef08 [ 39.228036] Code: Bad RIP value. [ 39.231392] RSP: 002b:00007fff63b75da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 39.239096] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 39.246357] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 39.253617] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 39.260890] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 39.268158] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 39.275426] [ 39.277044] Allocated by task 5481: [ 39.280668] save_stack+0x43/0xd0 [ 39.284117] kasan_kmalloc+0xc7/0xe0 [ 39.287825] kasan_slab_alloc+0x12/0x20 [ 39.291799] kmem_cache_alloc+0x12e/0x730 [ 39.295947] vmx_create_vcpu+0xcf/0x25e0 [ 39.300008] kvm_arch_vcpu_create+0xe5/0x220 [ 39.304414] kvm_vm_ioctl+0x470/0x1d40 [ 39.308302] do_vfs_ioctl+0x1de/0x1720 [ 39.312182] ksys_ioctl+0xa9/0xd0 [ 39.315631] __x64_sys_ioctl+0x73/0xb0 [ 39.319519] do_syscall_64+0x1b9/0x820 [ 39.323405] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.328580] [ 39.330202] Freed by task 5481: [ 39.333474] save_stack+0x43/0xd0 [ 39.336923] __kasan_slab_free+0x102/0x150 [ 39.341151] kasan_slab_free+0xe/0x10 [ 39.344946] kmem_cache_free+0x83/0x290 [ 39.348927] vmx_free_vcpu+0x26b/0x300 [ 39.352815] kvm_arch_destroy_vm+0x365/0x7c0 [ 39.357224] kvm_put_kvm+0x6c8/0xff0 [ 39.360934] kvm_vm_release+0x42/0x50 [ 39.364739] __fput+0x385/0xa30 [ 39.368011] ____fput+0x15/0x20 [ 39.371284] task_work_run+0x1e8/0x2a0 [ 39.375173] do_exit+0x1ad7/0x2610 [ 39.378710] do_group_exit+0x177/0x440 [ 39.382594] __x64_sys_exit_group+0x3e/0x50 [ 39.386919] do_syscall_64+0x1b9/0x820 [ 39.390810] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.395988] [ 39.397611] The buggy address belongs to the object at ffff8801d82e8040 [ 39.397611] which belongs to the cache kvm_vcpu of size 23872 [ 39.410178] The buggy address is located 24 bytes inside of [ 39.410178] 23872-byte region [ffff8801d82e8040, ffff8801d82edd80) [ 39.422128] The buggy address belongs to the page: [ 39.427052] page:ffffea000760ba00 count:1 mapcount:0 mapping:ffff8801d5d17200 index:0x0 compound_mapcount: 0 [ 39.437018] flags: 0x2fffc0000008100(slab|head) [ 39.441686] raw: 02fffc0000008100 ffff8801d553df48 ffff8801d553df48 ffff8801d5d17200 [ 39.449569] raw: 0000000000000000 ffff8801d82e8040 0000000100000001 0000000000000000 [ 39.457438] page dumped because: kasan: bad access detected [ 39.463132] [ 39.464750] Memory state around the buggy address: [ 39.469671] ffff8801d82e7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.477024] ffff8801d82e7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.484376] >ffff8801d82e8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 39.491726] ^ [ 39.497953] ffff8801d82e8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.505326] ffff8801d82e8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.512674] ================================================================== [ 39.520024] Kernel panic - not syncing: panic_on_warn set ... [ 39.520024] [ 39.527393] CPU: 0 PID: 5481 Comm: syz-executor221 Tainted: G B 4.19.0-rc4+ #26 [ 39.536136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.545483] Call Trace: [ 39.548077] dump_stack+0x1c4/0x2b4 [ 39.551708] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.556904] ? lock_downgrade+0x900/0x900 [ 39.561052] panic+0x238/0x4e7 [ 39.564244] ? add_taint.cold.5+0x16/0x16 [ 39.568393] ? print_shadow_for_address+0xb6/0x116 [ 39.573321] ? trace_hardirqs_off+0xaf/0x310 [ 39.577732] kasan_end_report+0x47/0x4f [ 39.581708] kasan_report.cold.9+0x76/0x309 [ 39.586032] ? __schedule+0xfc3/0x1ed0 [ 39.589925] __asan_report_load8_noabort+0x14/0x20 [ 39.594860] __schedule+0xfc3/0x1ed0 [ 39.598591] ? __sched_text_start+0x8/0x8 [ 39.602746] ? __lock_is_held+0xb5/0x140 [ 39.606806] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.611932] ? find_held_lock+0x36/0x1c0 [ 39.616007] ? __call_srcu+0x7f9/0x1070 [ 39.619998] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.625102] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.630203] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.634789] ? preempt_schedule+0x4d/0x60 [ 39.638945] preempt_schedule_common+0x1f/0xd0 [ 39.643537] preempt_schedule+0x4d/0x60 [ 39.647516] ___preempt_schedule+0x16/0x18 [ 39.651753] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.656686] __call_srcu+0x7f9/0x1070 [ 39.660488] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.665595] ? srcu_offline_cpu+0x120/0x120 [ 39.669919] ? debug_object_free+0x690/0x690 [ 39.674327] ? mark_held_locks+0x130/0x130 [ 39.678564] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.683154] ? lock_release+0x970/0x970 [ 39.687129] ? arch_local_save_flags+0x40/0x40 [ 39.691714] ? depot_save_stack+0x292/0x470 [ 39.696045] ? __lockdep_init_map+0x105/0x590 [ 39.700542] ? __init_waitqueue_head+0x9e/0x150 [ 39.705211] ? init_wait_entry+0x1c0/0x1c0 [ 39.709450] __synchronize_srcu+0x17b/0x230 [ 39.713769] ? call_srcu+0x10/0x10 [ 39.717306] ? rcu_unexpedite_gp+0x20/0x20 [ 39.721549] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 39.727084] ? check_preemption_disabled+0x48/0x200 [ 39.732101] synchronize_srcu+0x356/0x5ab [ 39.736250] ? lock_downgrade+0x900/0x900 [ 39.740397] ? synchronize_srcu_expedited+0x20/0x20 [ 39.745420] ? kasan_check_read+0x11/0x20 [ 39.749572] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 39.754157] ? kasan_check_write+0x14/0x20 [ 39.758397] ? do_raw_spin_lock+0xc1/0x200 [ 39.762641] kvm_page_track_unregister_notifier+0x17d/0x250 [ 39.768530] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 39.773988] ? kvfree+0x61/0x70 [ 39.777271] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.782289] kvm_mmu_uninit_vm+0x1c/0x20 [ 39.786349] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 39.790758] ? kvm_arch_sync_events+0x30/0x30 [ 39.795258] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.801271] ? mmu_notifier_unregister+0x474/0x600 [ 39.806200] ? kfree+0x107/0x230 [ 39.809571] ? __mmu_notifier_register+0x30/0x30 [ 39.814327] ? __free_pages+0x10a/0x190 [ 39.818300] ? free_unref_page+0x960/0x960 [ 39.822549] kvm_put_kvm+0x6c8/0xff0 [ 39.826268] ? kvm_write_guest_cached+0x40/0x40 [ 39.830938] ? kvm_irqfd_release+0xd1/0x120 [ 39.835263] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.839757] ? _raw_spin_unlock_irq+0x27/0x80 [ 39.844263] ? kasan_check_write+0x14/0x20 [ 39.848501] ? do_raw_spin_lock+0xc1/0x200 [ 39.852739] ? kvm_irqfd_release+0xdd/0x120 [ 39.857057] ? kvm_irqfd_release+0xdd/0x120 [ 39.861385] ? kvm_put_kvm+0xff0/0xff0 [ 39.865271] kvm_vm_release+0x42/0x50 [ 39.869069] __fput+0x385/0xa30 [ 39.872354] ? get_max_files+0x20/0x20 [ 39.876242] ? trace_hardirqs_on+0xbd/0x310 [ 39.880565] ? ___might_sleep+0x1ed/0x300 [ 39.884716] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 39.890170] ? arch_local_save_flags+0x40/0x40 [ 39.894757] ? kasan_check_write+0x14/0x20 [ 39.898994] ? do_raw_spin_lock+0xc1/0x200 [ 39.903231] ____fput+0x15/0x20 [ 39.906511] task_work_run+0x1e8/0x2a0 [ 39.910397] ? task_work_cancel+0x240/0x240 [ 39.914723] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.920263] ? switch_task_namespaces+0x9d/0xd0 [ 39.924934] do_exit+0x1ad7/0x2610 [ 39.928481] ? mm_update_next_owner+0x990/0x990 [ 39.933162] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 39.937396] ? rcu_read_lock_sched_held+0x108/0x120 [ 39.942413] ? kfree+0x1fa/0x230 [ 39.945795] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 39.950030] ? kvm_vcpu_block+0x1030/0x1030 [ 39.954354] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.959904] ? avc_has_extended_perms+0xab2/0x15a0 [ 39.964842] ? save_stack_address+0x4b/0x60 [ 39.969175] ? avc_ss_reset+0x190/0x190 [ 39.973156] ? save_stack+0xa9/0xd0 [ 39.976779] ? save_stack+0x43/0xd0 [ 39.980399] ? __kasan_slab_free+0x102/0x150 [ 39.984802] ? kasan_slab_free+0xe/0x10 [ 39.988771] ? putname+0xf2/0x130 [ 39.992238] ? __x64_sys_openat+0x9d/0x100 [ 39.996475] ? do_syscall_64+0x1b9/0x820 [ 40.000534] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.005916] ? ___might_sleep+0x1ed/0x300 [ 40.010067] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 40.015168] ? trace_hardirqs_off+0xb8/0x310 [ 40.019583] ? kvm_vcpu_block+0x1030/0x1030 [ 40.023928] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.029460] ? do_vfs_ioctl+0x201/0x1720 [ 40.033522] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 40.038712] ? ioctl_preallocate+0x300/0x300 [ 40.043122] ? selinux_file_mprotect+0x620/0x620 [ 40.047880] ? path_mountpoint+0x57e/0x2190 [ 40.052208] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.057224] ? kmem_cache_free+0x24f/0x290 [ 40.061460] ? putname+0xf7/0x130 [ 40.064922] do_group_exit+0x177/0x440 [ 40.068825] ? trace_hardirqs_on+0xbd/0x310 [ 40.073149] ? __ia32_sys_exit+0x50/0x50 [ 40.077215] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 40.082670] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.088207] ? ksys_ioctl+0x81/0xd0 [ 40.091840] __x64_sys_exit_group+0x3e/0x50 [ 40.096171] do_syscall_64+0x1b9/0x820 [ 40.100062] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 40.105431] ? syscall_return_slowpath+0x5e0/0x5e0 [ 40.110364] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.115209] ? trace_hardirqs_on_caller+0x310/0x310 [ 40.120228] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 40.125248] ? prepare_exit_to_usermode+0x291/0x3b0 [ 40.130269] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.135120] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.140307] RIP: 0033:0x43ef08 [ 40.143498] Code: Bad RIP value. [ 40.146859] RSP: 002b:00007fff63b75da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 40.154584] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 40.161851] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 40.169125] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 40.176389] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 40.183661] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 40.190944] [ 40.190950] ====================================================== [ 40.190956] WARNING: possible circular locking dependency detected [ 40.190961] 4.19.0-rc4+ #26 Not tainted [ 40.190967] ------------------------------------------------------ [ 40.190972] syz-executor221/5481 is trying to acquire lock: [ 40.190976] 000000007ea70ad5 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 40.190993] [ 40.190998] but task is already holding lock: [ 40.191001] 000000007b058c5a (report_lock){....}, at: kasan_report+0x8b/0x110 [ 40.191017] [ 40.191023] which lock already depends on the new lock. [ 40.191025] [ 40.191028] [ 40.191034] the existing dependency chain (in reverse order) is: [ 40.191037] [ 40.191039] -> #3 (report_lock){....}: [ 40.191056] _raw_spin_lock_irqsave+0x99/0xd0 [ 40.191060] kasan_report+0x8b/0x110 [ 40.191065] __asan_report_load8_noabort+0x14/0x20 [ 40.191070] __schedule+0xfc3/0x1ed0 [ 40.191075] preempt_schedule_common+0x1f/0xd0 [ 40.191079] preempt_schedule+0x4d/0x60 [ 40.191084] ___preempt_schedule+0x16/0x18 [ 40.191089] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 40.191093] __call_srcu+0x7f9/0x1070 [ 40.191098] __synchronize_srcu+0x17b/0x230 [ 40.191103] synchronize_srcu+0x356/0x5ab [ 40.191108] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.191113] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.191117] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.191122] kvm_put_kvm+0x6c8/0xff0 [ 40.191126] kvm_vm_release+0x42/0x50 [ 40.191130] __fput+0x385/0xa30 [ 40.191134] ____fput+0x15/0x20 [ 40.191139] task_work_run+0x1e8/0x2a0 [ 40.191143] do_exit+0x1ad7/0x2610 [ 40.191147] do_group_exit+0x177/0x440 [ 40.191152] __x64_sys_exit_group+0x3e/0x50 [ 40.191156] do_syscall_64+0x1b9/0x820 [ 40.191162] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.191164] [ 40.191167] -> #2 (&rq->lock){-.-.}: [ 40.191183] _raw_spin_lock+0x2d/0x40 [ 40.191187] task_fork_fair+0xb0/0x6d0 [ 40.191191] sched_fork+0x443/0xba0 [ 40.191196] copy_process+0x2586/0x8780 [ 40.191200] _do_fork+0x1cb/0x11d0 [ 40.191204] kernel_thread+0x34/0x40 [ 40.191208] rest_init+0x22/0xe5 [ 40.191213] start_kernel+0x8f4/0x92f [ 40.191218] x86_64_start_reservations+0x29/0x2b [ 40.191222] x86_64_start_kernel+0x76/0x79 [ 40.191227] secondary_startup_64+0xa4/0xb0 [ 40.191230] [ 40.191232] -> #1 (&p->pi_lock){-.-.}: [ 40.191249] _raw_spin_lock_irqsave+0x99/0xd0 [ 40.191253] try_to_wake_up+0xd2/0x12f0 [ 40.191258] wake_up_process+0x10/0x20 [ 40.191262] __up.isra.1+0x1c0/0x2a0 [ 40.191266] up+0x13c/0x1c0 [ 40.191270] __up_console_sem+0xbe/0x1b0 [ 40.191275] console_unlock+0x814/0x1160 [ 40.191279] vprintk_emit+0x33d/0x930 [ 40.191284] vprintk_default+0x28/0x30 [ 40.191288] vprintk_func+0x7e/0x181 [ 40.191292] printk+0xa7/0xcf [ 40.191296] load_umh+0x51/0xbd [ 40.191301] do_one_initcall+0x145/0x957 [ 40.191305] kernel_init_freeable+0x4bb/0x5ae [ 40.191310] kernel_init+0x11/0x1b2 [ 40.191314] ret_from_fork+0x3a/0x50 [ 40.191317] [ 40.191319] -> #0 ((console_sem).lock){-...}: [ 40.191336] lock_acquire+0x1ed/0x520 [ 40.191340] _raw_spin_lock_irqsave+0x99/0xd0 [ 40.191345] down_trylock+0x13/0x70 [ 40.191350] __down_trylock_console_sem+0xae/0x200 [ 40.191354] console_trylock+0x15/0xa0 [ 40.191359] vprintk_emit+0x322/0x930 [ 40.191363] vprintk_default+0x28/0x30 [ 40.191367] vprintk_func+0x7e/0x181 [ 40.191371] printk+0xa7/0xcf [ 40.191375] kasan_report+0x9b/0x110 [ 40.191381] __asan_report_load8_noabort+0x14/0x20 [ 40.191385] __schedule+0xfc3/0x1ed0 [ 40.191390] preempt_schedule_common+0x1f/0xd0 [ 40.191394] preempt_schedule+0x4d/0x60 [ 40.191399] ___preempt_schedule+0x16/0x18 [ 40.191404] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 40.191409] __call_srcu+0x7f9/0x1070 [ 40.191413] __synchronize_srcu+0x17b/0x230 [ 40.191418] synchronize_srcu+0x356/0x5ab [ 40.191423] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.191428] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.191433] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.191437] kvm_put_kvm+0x6c8/0xff0 [ 40.191441] kvm_vm_release+0x42/0x50 [ 40.191445] __fput+0x385/0xa30 [ 40.191449] ____fput+0x15/0x20 [ 40.191454] task_work_run+0x1e8/0x2a0 [ 40.191458] do_exit+0x1ad7/0x2610 [ 40.191462] do_group_exit+0x177/0x440 [ 40.191467] __x64_sys_exit_group+0x3e/0x50 [ 40.191472] do_syscall_64+0x1b9/0x820 [ 40.191477] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.191479] [ 40.191484] other info that might help us debug this: [ 40.191487] [ 40.191490] Chain exists of: [ 40.191493] (console_sem).lock --> &rq->lock --> report_lock [ 40.191514] [ 40.191518] Possible unsafe locking scenario: [ 40.191521] [ 40.191525] CPU0 CPU1 [ 40.191530] ---- ---- [ 40.191533] lock(report_lock); [ 40.191543] lock(&rq->lock); [ 40.191554] lock(report_lock); [ 40.191563] lock((console_sem).lock); [ 40.191572] [ 40.191576] *** DEADLOCK *** [ 40.191578] [ 40.191583] 2 locks held by syz-executor221/5481: [ 40.191586] #0: 0000000008d6d321 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 40.191605] #1: 000000007b058c5a (report_lock){....}, at: kasan_report+0x8b/0x110 [ 40.191624] [ 40.191628] stack backtrace: [ 40.191634] CPU: 0 PID: 5481 Comm: syz-executor221 Not tainted 4.19.0-rc4+ #26 [ 40.191642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.191646] Call Trace: [ 40.191650] dump_stack+0x1c4/0x2b4 [ 40.191655] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.191660] ? vprintk_func+0x85/0x181 [ 40.191665] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 40.191670] ? save_trace+0xe0/0x290 [ 40.191674] __lock_acquire+0x33e4/0x4ec0 [ 40.191679] ? mark_held_locks+0x130/0x130 [ 40.191683] ? mark_held_locks+0x130/0x130 [ 40.191687] ? rcu_bh_qs+0xc0/0xc0 [ 40.191692] ? unwind_dump+0x190/0x190 [ 40.191697] ? is_bpf_text_address+0xd3/0x170 [ 40.191701] ? kernel_text_address+0x79/0xf0 [ 40.191706] ? __kernel_text_address+0xd/0x40 [ 40.191711] ? __save_stack_trace+0x8d/0xf0 [ 40.191716] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 40.191720] ? save_trace+0x290/0x290 [ 40.191725] ? save_stack_trace+0x1a/0x20 [ 40.191729] ? save_trace+0xe0/0x290 [ 40.191734] ? kasan_check_read+0x11/0x20 [ 40.191738] ? graph_lock+0x170/0x170 [ 40.191743] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.191748] lock_acquire+0x1ed/0x520 [ 40.191752] ? down_trylock+0x13/0x70 [ 40.191757] ? find_held_lock+0x36/0x1c0 [ 40.191761] ? lock_release+0x970/0x970 [ 40.191766] ? trace_hardirqs_off+0xb8/0x310 [ 40.191770] ? vprintk_emit+0x1d3/0x930 [ 40.191775] ? trace_hardirqs_on+0x310/0x310 [ 40.191780] ? trace_hardirqs_off+0xb8/0x310 [ 40.191784] ? log_store+0x344/0x4c0 [ 40.191788] ? vprintk_emit+0x322/0x930 [ 40.191793] _raw_spin_lock_irqsave+0x99/0xd0 [ 40.191797] ? down_trylock+0x13/0x70 [ 40.191802] down_trylock+0x13/0x70 [ 40.191807] __down_trylock_console_sem+0xae/0x200 [ 40.191811] console_trylock+0x15/0xa0 [ 40.191815] vprintk_emit+0x322/0x930 [ 40.191820] ? wake_up_klogd+0x180/0x180 [ 40.191825] ? run_rebalance_domains+0x500/0x500 [ 40.191829] ? find_held_lock+0x36/0x1c0 [ 40.191834] ? __queue_work+0x6be/0x1440 [ 40.191838] ? lock_acquire+0x1ed/0x520 [ 40.191842] vprintk_default+0x28/0x30 [ 40.191847] vprintk_func+0x7e/0x181 [ 40.191850] printk+0xa7/0xcf [ 40.191855] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 40.191860] ? kasan_check_write+0x14/0x20 [ 40.191872] ? do_raw_spin_lock+0xc1/0x200 [ 40.191877] ? do_raw_spin_lock+0xc1/0x200 [ 40.191881] kasan_report+0x9b/0x110 [ 40.191886] ? __schedule+0xfc3/0x1ed0 [ 40.191891] __asan_report_load8_noabort+0x14/0x20 [ 40.191895] __schedule+0xfc3/0x1ed0 [ 40.191905] ? __sched_text_start+0x8/0x8 [ 40.191909] ? __lock_is_held+0xb5/0x140 [ 40.191914] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.191919] ? find_held_lock+0x36/0x1c0 [ 40.191923] ? __call_srcu+0x7f9/0x1070 [ 40.191928] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.191934] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.191938] ? lockdep_hardirqs_on+0x421/0x5c0 [ 40.191943] ? preempt_schedule+0x4d/0x60 [ 40.191948] preempt_schedule_common+0x1f/0xd0 [ 40.191952] preempt_schedule+0x4d/0x60 [ 40.191957] ___preempt_schedule+0x16/0x18 [ 40.191962] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 40.191966] __call_srcu+0x7f9/0x1070 [ 40.191971] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 40.191976] ? srcu_offline_cpu+0x120/0x120 [ 40.191981] ? debug_object_free+0x690/0x690 [ 40.191985] ? mark_held_locks+0x130/0x130 [ 40.191990] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 40.191994] ? lock_release+0x970/0x970 [ 40.191999] ? arch_local_save_flags+0x40/0x40 [ 40.192004] ? depot_save_stack+0x292/0x470 [ 40.192009] ? __lockdep_init_map+0x105/0x590 [ 40.192014] ? __init_waitqueue_head+0x9e/0x150 [ 40.192018] ? init_wait_entry+0x1c0/0x1c0 [ 40.192023] __synchronize_srcu+0x17b/0x230 [ 40.192027] ? call_srcu+0x10/0x10 [ 40.192032] ? rcu_unexpedite_gp+0x20/0x20 [ 40.192037] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 40.192043] ? check_preemption_disabled+0x48/0x200 [ 40.192047] synchronize_srcu+0x356/0x5ab [ 40.192052] ? lock_downgrade+0x900/0x900 [ 40.192057] ? synchronize_srcu_expedited+0x20/0x20 [ 40.192061] ? kasan_check_read+0x11/0x20 [ 40.192066] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.192079] ? kasan_check_write+0x14/0x20 [ 40.192084] ? do_raw_spin_lock+0xc1/0x200 [ 40.192090] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.192095] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 40.192099] ? kvfree+0x61/0x70 [ 40.192104] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.192109] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.192113] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.192118] ? kvm_arch_sync_events+0x30/0x30 [ 40.192124] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.192129] ? mmu_notifier_unregister+0x474/0x600 [ 40.192133] ? kfree+0x107/0x230 [ 40.192138] ? __mmu_notifier_register+0x30/0x30 [ 40.192142] ? __free_pages+0x10a/0x190 [ 40.192147] ? free_unref_page+0x960/0x960 [ 40.192151] kvm_put_kvm+0x6c8/0xff0 [ 40.192156] ? kvm_write_guest_cached+0x40/0x40 [ 40.192161] ? kvm_irqfd_release+0xd1/0x120 [ 40.192165] ? _raw_spin_unlock_irq+0x27/0x80 [ 40.192170] ? _raw_spin_unlock_irq+0x27/0x80 [ 40.192175] ? kasan_check_write+0x14/0x20 [ 40.192179] ? do_raw_spin_lock+0xc1/0x200 [ 40.192184] ? kvm_irqfd_release+0xdd/0x120 [ 40.192188] ? kvm_irqfd_release+0x [ 40.192196] Lost 72 message(s)! [ 41.323099] Shutting down cpus with NMI [ 42.379817] Kernel Offset: disabled [ 42.383439] Rebooting in 86400 seconds..