[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.161531] random: sshd: uninitialized urandom read (32 bytes read) [ 34.448572] audit: type=1400 audit(1537525078.412:6): avc: denied { map } for pid=5472 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 34.505947] random: sshd: uninitialized urandom read (32 bytes read) [ 35.142546] random: sshd: uninitialized urandom read (32 bytes read) [ 35.367881] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts. [ 46.880313] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 47.013228] audit: type=1400 audit(1537525090.982:7): avc: denied { map } for pid=5486 comm="syz-executor703" path="/root/syz-executor703991471" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.016043] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 47.078440] ================================================================== [ 47.087375] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 47.093671] Read of size 8 at addr ffff8801c4da8058 by task syz-executor703/5486 [ 47.101298] [ 47.102923] CPU: 0 PID: 5486 Comm: syz-executor703 Not tainted 4.19.0-rc4+ #27 [ 47.110275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.119610] Call Trace: [ 47.122181] dump_stack+0x1c4/0x2b4 [ 47.125790] ? dump_stack_print_info.cold.2+0x52/0x52 [ 47.131077] ? printk+0xa7/0xcf [ 47.134340] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 47.139082] print_address_description.cold.8+0x9/0x1ff [ 47.144427] kasan_report.cold.9+0x242/0x309 [ 47.148822] ? __schedule+0xfc3/0x1ed0 [ 47.152740] __asan_report_load8_noabort+0x14/0x20 [ 47.157672] __schedule+0xfc3/0x1ed0 [ 47.161371] ? __sched_text_start+0x8/0x8 [ 47.165500] ? __lock_is_held+0xb5/0x140 [ 47.169542] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.174627] ? find_held_lock+0x36/0x1c0 [ 47.178670] ? __call_srcu+0x7f9/0x1070 [ 47.182626] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.187708] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 47.192793] ? lockdep_hardirqs_on+0x421/0x5c0 [ 47.197354] ? preempt_schedule+0x4d/0x60 [ 47.201486] preempt_schedule_common+0x1f/0xd0 [ 47.206048] preempt_schedule+0x4d/0x60 [ 47.210015] ___preempt_schedule+0x16/0x18 [ 47.214243] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 47.219167] __call_srcu+0x7f9/0x1070 [ 47.222949] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 47.228034] ? srcu_offline_cpu+0x120/0x120 [ 47.232333] ? debug_object_free+0x690/0x690 [ 47.236720] ? mark_held_locks+0x130/0x130 [ 47.240955] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 47.245669] ? lock_release+0x970/0x970 [ 47.249630] ? arch_local_save_flags+0x40/0x40 [ 47.254203] ? depot_save_stack+0x292/0x470 [ 47.258518] ? __lockdep_init_map+0x105/0x590 [ 47.262998] ? __init_waitqueue_head+0x9e/0x150 [ 47.267651] ? init_wait_entry+0x1c0/0x1c0 [ 47.271917] __synchronize_srcu+0x17b/0x230 [ 47.276244] ? call_srcu+0x10/0x10 [ 47.279782] ? rcu_unexpedite_gp+0x20/0x20 [ 47.284001] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.289516] ? check_preemption_disabled+0x48/0x200 [ 47.294513] synchronize_srcu+0x356/0x5ab [ 47.298642] ? lock_downgrade+0x900/0x900 [ 47.302771] ? synchronize_srcu_expedited+0x20/0x20 [ 47.307769] ? kasan_check_read+0x11/0x20 [ 47.311910] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 47.316479] ? kasan_check_write+0x14/0x20 [ 47.320808] ? do_raw_spin_lock+0xc1/0x200 [ 47.325038] kvm_page_track_unregister_notifier+0x17d/0x250 [ 47.330745] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 47.336309] ? kvfree+0x61/0x70 [ 47.339582] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.344712] kvm_mmu_uninit_vm+0x1c/0x20 [ 47.348760] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 47.353153] ? kvm_arch_sync_events+0x30/0x30 [ 47.357633] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.363165] ? mmu_notifier_unregister+0x474/0x600 [ 47.368073] ? kfree+0x107/0x230 [ 47.371419] ? __mmu_notifier_register+0x30/0x30 [ 47.376157] ? __free_pages+0x10a/0x190 [ 47.380111] ? free_unref_page+0x960/0x960 [ 47.384333] kvm_put_kvm+0x6c8/0xff0 [ 47.388168] ? kvm_write_guest_cached+0x40/0x40 [ 47.392825] ? kvm_irqfd_release+0xd1/0x120 [ 47.397129] ? _raw_spin_unlock_irq+0x27/0x80 [ 47.401616] ? _raw_spin_unlock_irq+0x27/0x80 [ 47.406188] ? kasan_check_write+0x14/0x20 [ 47.410427] ? do_raw_spin_lock+0xc1/0x200 [ 47.414794] ? kvm_irqfd_release+0xdd/0x120 [ 47.419097] ? kvm_irqfd_release+0xdd/0x120 [ 47.423403] ? kvm_put_kvm+0xff0/0xff0 [ 47.427405] kvm_vm_release+0x42/0x50 [ 47.431339] __fput+0x385/0xa30 [ 47.434607] ? get_max_files+0x20/0x20 [ 47.438476] ? trace_hardirqs_on+0xbd/0x310 [ 47.442831] ? ___might_sleep+0x1ed/0x300 [ 47.446970] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 47.452405] ? arch_local_save_flags+0x40/0x40 [ 47.456977] ? kasan_check_write+0x14/0x20 [ 47.461200] ? do_raw_spin_lock+0xc1/0x200 [ 47.465414] ____fput+0x15/0x20 [ 47.468696] task_work_run+0x1e8/0x2a0 [ 47.472570] ? task_work_cancel+0x240/0x240 [ 47.476896] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.482413] ? switch_task_namespaces+0x9d/0xd0 [ 47.487069] do_exit+0x1ad7/0x2610 [ 47.490605] ? mm_update_next_owner+0x990/0x990 [ 47.495262] ? is_bpf_text_address+0xac/0x170 [ 47.499747] ? find_held_lock+0x36/0x1c0 [ 47.503792] ? depot_save_stack+0x292/0x470 [ 47.508102] ? lock_downgrade+0x900/0x900 [ 47.512246] ? trace_hardirqs_off+0xb8/0x310 [ 47.516643] ? kasan_check_read+0x11/0x20 [ 47.520776] ? do_raw_spin_unlock+0xa7/0x2f0 [ 47.525163] ? trace_hardirqs_on+0x310/0x310 [ 47.529552] ? kasan_check_write+0x14/0x20 [ 47.533768] ? do_raw_spin_lock+0xc1/0x200 [ 47.537989] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 47.543074] ? save_stack+0xa9/0xd0 [ 47.546677] ? save_stack+0x43/0xd0 [ 47.550284] ? __kasan_slab_free+0x102/0x150 [ 47.554672] ? kasan_slab_free+0xe/0x10 [ 47.558666] ? __x64_sys_add_key+0x2c1/0x4f0 [ 47.563078] ? do_syscall_64+0x1b9/0x820 [ 47.567122] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.572468] ? trace_hardirqs_off+0xb8/0x310 [ 47.576855] ? kasan_check_read+0x11/0x20 [ 47.580981] ? trace_hardirqs_on+0x310/0x310 [ 47.585369] ? kasan_check_write+0x14/0x20 [ 47.589596] ? trace_hardirqs_off+0xb8/0x310 [ 47.593995] ? kfree+0x107/0x230 [ 47.597345] ? kfree+0x107/0x230 [ 47.600693] ? lockdep_hardirqs_on+0x421/0x5c0 [ 47.605263] ? trace_hardirqs_on+0xbd/0x310 [ 47.609565] ? __x64_sys_add_key+0x2c1/0x4f0 [ 47.613953] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 47.619458] ? __kasan_slab_free+0x119/0x150 [ 47.623862] ? __x64_sys_add_key+0x2c1/0x4f0 [ 47.628258] do_group_exit+0x177/0x440 [ 47.632129] ? trace_hardirqs_on+0xbd/0x310 [ 47.636431] ? __ia32_sys_exit+0x50/0x50 [ 47.640471] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 47.645904] __x64_sys_exit_group+0x3e/0x50 [ 47.650206] do_syscall_64+0x1b9/0x820 [ 47.654077] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 47.659428] ? syscall_return_slowpath+0x5e0/0x5e0 [ 47.664339] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.669168] ? trace_hardirqs_on_caller+0x310/0x310 [ 47.674166] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 47.679170] ? prepare_exit_to_usermode+0x291/0x3b0 [ 47.684170] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.688998] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.694165] RIP: 0033:0x43f348 [ 47.697340] Code: Bad RIP value. [ 47.700681] RSP: 002b:00007ffdc0f6f3a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 47.708423] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f348 [ 47.715679] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 47.722926] RBP: 00000000004c0c08 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 47.730249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 47.737506] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 47.744775] [ 47.746427] Allocated by task 5486: [ 47.750039] save_stack+0x43/0xd0 [ 47.753540] kasan_kmalloc+0xc7/0xe0 [ 47.757350] kasan_slab_alloc+0x12/0x20 [ 47.761317] kmem_cache_alloc+0x12e/0x730 [ 47.765444] vmx_create_vcpu+0xcf/0x25e0 [ 47.769495] kvm_arch_vcpu_create+0xe5/0x220 [ 47.773883] kvm_vm_ioctl+0x470/0x1d40 [ 47.777862] do_vfs_ioctl+0x1de/0x1720 [ 47.781734] ksys_ioctl+0xa9/0xd0 [ 47.785171] __x64_sys_ioctl+0x73/0xb0 [ 47.789039] do_syscall_64+0x1b9/0x820 [ 47.793033] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.798264] [ 47.799882] Freed by task 5486: [ 47.803140] save_stack+0x43/0xd0 [ 47.806569] __kasan_slab_free+0x102/0x150 [ 47.810836] kasan_slab_free+0xe/0x10 [ 47.814627] kmem_cache_free+0x83/0x290 [ 47.818581] vmx_free_vcpu+0x26b/0x300 [ 47.822456] kvm_arch_destroy_vm+0x365/0x7c0 [ 47.826891] kvm_put_kvm+0x6c8/0xff0 [ 47.830605] kvm_vm_release+0x42/0x50 [ 47.834408] __fput+0x385/0xa30 [ 47.837775] ____fput+0x15/0x20 [ 47.841057] task_work_run+0x1e8/0x2a0 [ 47.844939] do_exit+0x1ad7/0x2610 [ 47.848509] do_group_exit+0x177/0x440 [ 47.852381] __x64_sys_exit_group+0x3e/0x50 [ 47.856683] do_syscall_64+0x1b9/0x820 [ 47.860553] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.865719] [ 47.867327] The buggy address belongs to the object at ffff8801c4da8040 [ 47.867327] which belongs to the cache kvm_vcpu of size 23872 [ 47.879985] The buggy address is located 24 bytes inside of [ 47.879985] 23872-byte region [ffff8801c4da8040, ffff8801c4dadd80) [ 47.892021] The buggy address belongs to the page: [ 47.896940] page:ffffea0007136a00 count:1 mapcount:0 mapping:ffff8801d55747c0 index:0x0 compound_mapcount: 0 [ 47.906900] flags: 0x2fffc0000008100(slab|head) [ 47.911553] raw: 02fffc0000008100 ffff8801d557ae48 ffff8801d557ae48 ffff8801d55747c0 [ 47.919850] raw: 0000000000000000 ffff8801c4da8040 0000000100000001 0000000000000000 [ 47.927705] page dumped because: kasan: bad access detected [ 47.933395] [ 47.934998] Memory state around the buggy address: [ 47.939903] ffff8801c4da7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.947238] ffff8801c4da7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.954578] >ffff8801c4da8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 47.961939] ^ [ 47.968199] ffff8801c4da8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.975546] ffff8801c4da8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.982881] ================================================================== [ 47.990215] Kernel panic - not syncing: panic_on_warn set ... [ 47.990215] [ 47.997560] CPU: 0 PID: 5486 Comm: syz-executor703 Tainted: G B 4.19.0-rc4+ #27 [ 48.006982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.016414] Call Trace: [ 48.019008] dump_stack+0x1c4/0x2b4 [ 48.022617] ? dump_stack_print_info.cold.2+0x52/0x52 [ 48.027795] ? lock_downgrade+0x900/0x900 [ 48.031929] panic+0x238/0x4e7 [ 48.035100] ? add_taint.cold.5+0x16/0x16 [ 48.039249] ? print_shadow_for_address+0xb6/0x116 [ 48.044158] ? trace_hardirqs_off+0xaf/0x310 [ 48.048552] kasan_end_report+0x47/0x4f [ 48.052509] kasan_report.cold.9+0x76/0x309 [ 48.056813] ? __schedule+0xfc3/0x1ed0 [ 48.060743] __asan_report_load8_noabort+0x14/0x20 [ 48.065674] __schedule+0xfc3/0x1ed0 [ 48.069376] ? __sched_text_start+0x8/0x8 [ 48.073512] ? __lock_is_held+0xb5/0x140 [ 48.077563] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 48.082652] ? find_held_lock+0x36/0x1c0 [ 48.086705] ? __call_srcu+0x7f9/0x1070 [ 48.090672] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 48.095759] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 48.100842] ? lockdep_hardirqs_on+0x421/0x5c0 [ 48.105516] ? preempt_schedule+0x4d/0x60 [ 48.109706] preempt_schedule_common+0x1f/0xd0 [ 48.114286] preempt_schedule+0x4d/0x60 [ 48.118246] ___preempt_schedule+0x16/0x18 [ 48.122464] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 48.127389] __call_srcu+0x7f9/0x1070 [ 48.131169] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 48.136259] ? srcu_offline_cpu+0x120/0x120 [ 48.140580] ? debug_object_free+0x690/0x690 [ 48.145089] ? mark_held_locks+0x130/0x130 [ 48.149308] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 48.153880] ? lock_release+0x970/0x970 [ 48.157840] ? arch_local_save_flags+0x40/0x40 [ 48.162402] ? depot_save_stack+0x292/0x470 [ 48.166808] ? __lockdep_init_map+0x105/0x590 [ 48.171290] ? __init_waitqueue_head+0x9e/0x150 [ 48.175953] ? init_wait_entry+0x1c0/0x1c0 [ 48.180173] __synchronize_srcu+0x17b/0x230 [ 48.184482] ? call_srcu+0x10/0x10 [ 48.188008] ? rcu_unexpedite_gp+0x20/0x20 [ 48.192227] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 48.197764] ? check_preemption_disabled+0x48/0x200 [ 48.202767] synchronize_srcu+0x356/0x5ab [ 48.206900] ? lock_downgrade+0x900/0x900 [ 48.211032] ? synchronize_srcu_expedited+0x20/0x20 [ 48.216039] ? kasan_check_read+0x11/0x20 [ 48.220189] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 48.224752] ? kasan_check_write+0x14/0x20 [ 48.229014] ? do_raw_spin_lock+0xc1/0x200 [ 48.233315] kvm_page_track_unregister_notifier+0x17d/0x250 [ 48.239014] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 48.244709] ? kvfree+0x61/0x70 [ 48.247973] ? rcu_read_lock_sched_held+0x108/0x120 [ 48.252970] kvm_mmu_uninit_vm+0x1c/0x20 [ 48.257014] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 48.261402] ? kvm_arch_sync_events+0x30/0x30 [ 48.265880] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.271399] ? mmu_notifier_unregister+0x474/0x600 [ 48.276317] ? kfree+0x107/0x230 [ 48.279666] ? __mmu_notifier_register+0x30/0x30 [ 48.284403] ? __free_pages+0x10a/0x190 [ 48.288355] ? free_unref_page+0x960/0x960 [ 48.292575] kvm_put_kvm+0x6c8/0xff0 [ 48.296352] ? kvm_write_guest_cached+0x40/0x40 [ 48.301008] ? kvm_irqfd_release+0xd1/0x120 [ 48.305429] ? _raw_spin_unlock_irq+0x27/0x80 [ 48.309910] ? _raw_spin_unlock_irq+0x27/0x80 [ 48.314397] ? kasan_check_write+0x14/0x20 [ 48.318617] ? do_raw_spin_lock+0xc1/0x200 [ 48.322885] ? kvm_irqfd_release+0xdd/0x120 [ 48.327286] ? kvm_irqfd_release+0xdd/0x120 [ 48.331613] ? kvm_put_kvm+0xff0/0xff0 [ 48.335531] kvm_vm_release+0x42/0x50 [ 48.339398] __fput+0x385/0xa30 [ 48.342667] ? get_max_files+0x20/0x20 [ 48.346549] ? trace_hardirqs_on+0xbd/0x310 [ 48.351005] ? ___might_sleep+0x1ed/0x300 [ 48.355133] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 48.360562] ? arch_local_save_flags+0x40/0x40 [ 48.365145] ? kasan_check_write+0x14/0x20 [ 48.369364] ? do_raw_spin_lock+0xc1/0x200 [ 48.373691] ____fput+0x15/0x20 [ 48.376960] task_work_run+0x1e8/0x2a0 [ 48.380829] ? task_work_cancel+0x240/0x240 [ 48.385134] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.390656] ? switch_task_namespaces+0x9d/0xd0 [ 48.395318] do_exit+0x1ad7/0x2610 [ 48.398858] ? mm_update_next_owner+0x990/0x990 [ 48.403515] ? is_bpf_text_address+0xac/0x170 [ 48.408117] ? find_held_lock+0x36/0x1c0 [ 48.412364] ? depot_save_stack+0x292/0x470 [ 48.416668] ? lock_downgrade+0x900/0x900 [ 48.420798] ? trace_hardirqs_off+0xb8/0x310 [ 48.425188] ? kasan_check_read+0x11/0x20 [ 48.429317] ? do_raw_spin_unlock+0xa7/0x2f0 [ 48.433713] ? trace_hardirqs_on+0x310/0x310 [ 48.438105] ? kasan_check_write+0x14/0x20 [ 48.442320] ? do_raw_spin_lock+0xc1/0x200 [ 48.446545] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 48.451644] ? save_stack+0xa9/0xd0 [ 48.455249] ? save_stack+0x43/0xd0 [ 48.458853] ? __kasan_slab_free+0x102/0x150 [ 48.463239] ? kasan_slab_free+0xe/0x10 [ 48.467193] ? __x64_sys_add_key+0x2c1/0x4f0 [ 48.471587] ? do_syscall_64+0x1b9/0x820 [ 48.475651] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.481000] ? trace_hardirqs_off+0xb8/0x310 [ 48.485388] ? kasan_check_read+0x11/0x20 [ 48.489515] ? trace_hardirqs_on+0x310/0x310 [ 48.493907] ? kasan_check_write+0x14/0x20 [ 48.498126] ? trace_hardirqs_off+0xb8/0x310 [ 48.502531] ? kfree+0x107/0x230 [ 48.505882] ? kfree+0x107/0x230 [ 48.509378] ? lockdep_hardirqs_on+0x421/0x5c0 [ 48.513947] ? trace_hardirqs_on+0xbd/0x310 [ 48.518383] ? __x64_sys_add_key+0x2c1/0x4f0 [ 48.522781] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 48.528211] ? __kasan_slab_free+0x119/0x150 [ 48.532606] ? __x64_sys_add_key+0x2c1/0x4f0 [ 48.537000] do_group_exit+0x177/0x440 [ 48.540867] ? trace_hardirqs_on+0xbd/0x310 [ 48.545167] ? __ia32_sys_exit+0x50/0x50 [ 48.549208] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 48.554727] __x64_sys_exit_group+0x3e/0x50 [ 48.559181] do_syscall_64+0x1b9/0x820 [ 48.563121] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 48.568611] ? syscall_return_slowpath+0x5e0/0x5e0 [ 48.573751] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.578576] ? trace_hardirqs_on_caller+0x310/0x310 [ 48.583587] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 48.588606] ? prepare_exit_to_usermode+0x291/0x3b0 [ 48.593627] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.598460] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.603637] RIP: 0033:0x43f348 [ 48.606817] Code: Bad RIP value. [ 48.610164] RSP: 002b:00007ffdc0f6f3a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 48.617857] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f348 [ 48.625114] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 48.632380] RBP: 00000000004c0c08 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 48.639647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 48.646912] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 48.654184] [ 48.654190] ====================================================== [ 48.654195] WARNING: possible circular locking dependency detected [ 48.654199] 4.19.0-rc4+ #27 Not tainted [ 48.654205] ------------------------------------------------------ [ 48.654210] syz-executor703/5486 is trying to acquire lock: [ 48.654214] 00000000834f6963 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 48.654229] [ 48.654234] but task is already holding lock: [ 48.654237] 000000003b14c4f9 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 48.654252] [ 48.654257] which lock already depends on the new lock. [ 48.654259] [ 48.654262] [ 48.654267] the existing dependency chain (in reverse order) is: [ 48.654270] [ 48.654272] -> #3 (report_lock){....}: [ 48.654287] _raw_spin_lock_irqsave+0x99/0xd0 [ 48.654291] kasan_report+0x8b/0x110 [ 48.654296] __asan_report_load8_noabort+0x14/0x20 [ 48.654300] __schedule+0xfc3/0x1ed0 [ 48.654305] preempt_schedule_common+0x1f/0xd0 [ 48.654309] preempt_schedule+0x4d/0x60 [ 48.654313] ___preempt_schedule+0x16/0x18 [ 48.654318] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 48.654322] __call_srcu+0x7f9/0x1070 [ 48.654326] __synchronize_srcu+0x17b/0x230 [ 48.654330] synchronize_srcu+0x356/0x5ab [ 48.654336] kvm_page_track_unregister_notifier+0x17d/0x250 [ 48.654340] kvm_mmu_uninit_vm+0x1c/0x20 [ 48.654344] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 48.654348] kvm_put_kvm+0x6c8/0xff0 [ 48.654352] kvm_vm_release+0x42/0x50 [ 48.654356] __fput+0x385/0xa30 [ 48.654360] ____fput+0x15/0x20 [ 48.654364] task_work_run+0x1e8/0x2a0 [ 48.654368] do_exit+0x1ad7/0x2610 [ 48.654372] do_group_exit+0x177/0x440 [ 48.654376] __x64_sys_exit_group+0x3e/0x50 [ 48.654380] do_syscall_64+0x1b9/0x820 [ 48.654385] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.654387] [ 48.654390] -> #2 (&rq->lock){-.-.}: [ 48.654405] _raw_spin_lock+0x2d/0x40 [ 48.654409] task_fork_fair+0xb0/0x6d0 [ 48.654413] sched_fork+0x443/0xba0 [ 48.654417] copy_process+0x2586/0x8780 [ 48.654421] _do_fork+0x1cb/0x11d0 [ 48.654425] kernel_thread+0x34/0x40 [ 48.654428] rest_init+0x22/0xe5 [ 48.654432] start_kernel+0x8f4/0x92f [ 48.654437] x86_64_start_reservations+0x29/0x2b [ 48.654441] x86_64_start_kernel+0x76/0x79 [ 48.654446] secondary_startup_64+0xa4/0xb0 [ 48.654448] [ 48.654451] -> #1 (&p->pi_lock){-.-.}: [ 48.654466] _raw_spin_lock_irqsave+0x99/0xd0 [ 48.654470] try_to_wake_up+0xd2/0x12f0 [ 48.654474] wake_up_process+0x10/0x20 [ 48.654478] __up.isra.1+0x1c0/0x2a0 [ 48.654482] up+0x13c/0x1c0 [ 48.654486] __up_console_sem+0xbe/0x1b0 [ 48.654490] console_unlock+0x814/0x1160 [ 48.654494] vprintk_emit+0x33d/0x930 [ 48.654498] vprintk_default+0x28/0x30 [ 48.654502] vprintk_func+0x7e/0x181 [ 48.654506] printk+0xa7/0xcf [ 48.654509] load_umh+0x51/0xbd [ 48.654513] do_one_initcall+0x145/0x957 [ 48.654518] kernel_init_freeable+0x4bb/0x5ae [ 48.654522] kernel_init+0x11/0x1b2 [ 48.654526] ret_from_fork+0x3a/0x50 [ 48.654528] [ 48.654531] -> #0 ((console_sem).lock){-...}: [ 48.654546] lock_acquire+0x1ed/0x520 [ 48.654550] _raw_spin_lock_irqsave+0x99/0xd0 [ 48.654554] down_trylock+0x13/0x70 [ 48.654559] __down_trylock_console_sem+0xae/0x200 [ 48.654563] console_trylock+0x15/0xa0 [ 48.654567] vprintk_emit+0x322/0x930 [ 48.654571] vprintk_default+0x28/0x30 [ 48.654575] vprintk_func+0x7e/0x181 [ 48.654578] printk+0xa7/0xcf [ 48.654582] kasan_report+0x9b/0x110 [ 48.654587] __asan_report_load8_noabort+0x14/0x20 [ 48.654605] __schedule+0xfc3/0x1ed0 [ 48.654610] preempt_schedule_common+0x1f/0xd0 [ 48.654614] preempt_schedule+0x4d/0x60 [ 48.654618] ___preempt_schedule+0x16/0x18 [ 48.654623] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 48.654627] __call_srcu+0x7f9/0x1070 [ 48.654631] __synchronize_srcu+0x17b/0x230 [ 48.654635] synchronize_srcu+0x356/0x5ab [ 48.654640] kvm_page_track_unregister_notifier+0x17d/0x250 [ 48.654645] kvm_mmu_uninit_vm+0x1c/0x20 [ 48.654649] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 48.654653] kvm_put_kvm+0x6c8/0xff0 [ 48.654657] kvm_vm_release+0x42/0x50 [ 48.654661] __fput+0x385/0xa30 [ 48.654665] ____fput+0x15/0x20 [ 48.654669] task_work_run+0x1e8/0x2a0 [ 48.654673] do_exit+0x1ad7/0x2610 [ 48.654677] do_group_exit+0x177/0x440 [ 48.654681] __x64_sys_exit_group+0x3e/0x50 [ 48.654685] do_syscall_64+0x1b9/0x820 [ 48.654690] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.654692] [ 48.654697] other info that might help us debug this: [ 48.654699] [ 48.654703] Chain exists of: [ 48.654705] (console_sem).lock --> &rq->lock --> report_lock [ 48.654724] [ 48.654728] Possible unsafe locking scenario: [ 48.654731] [ 48.654735] CPU0 CPU1 [ 48.654739] ---- ---- [ 48.654742] lock(report_lock); [ 48.654752] lock(&rq->lock); [ 48.654761] lock(report_lock); [ 48.654770] lock((console_sem).lock); [ 48.654778] [ 48.654782] *** DEADLOCK *** [ 48.654784] [ 48.654788] 2 locks held by syz-executor703/5486: [ 48.654791] #0: 00000000dabe6b68 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 48.654809] #1: 000000003b14c4f9 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 48.654826] [ 48.654829] stack backtrace: [ 48.654836] CPU: 0 PID: 5486 Comm: syz-executor703 Not tainted 4.19.0-rc4+ #27 [ 48.654843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.654846] Call Trace: [ 48.654850] dump_stack+0x1c4/0x2b4 [ 48.654855] ? dump_stack_print_info.cold.2+0x52/0x52 [ 48.654859] ? vprintk_func+0x85/0x181 [ 48.654864] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 48.654868] ? save_trace+0xe0/0x290 [ 48.654873] __lock_acquire+0x33e4/0x4ec0 [ 48.654877] ? mark_held_locks+0x130/0x130 [ 48.654881] ? mark_held_locks+0x130/0x130 [ 48.654885] ? rcu_bh_qs+0xc0/0xc0 [ 48.654889] ? unwind_dump+0x190/0x190 [ 48.654894] ? is_bpf_text_address+0xd3/0x170 [ 48.654898] ? kernel_text_address+0x79/0xf0 [ 48.654903] ? __kernel_text_address+0xd/0x40 [ 48.654907] ? __save_stack_trace+0x8d/0xf0 [ 48.654912] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 48.654916] ? save_trace+0x290/0x290 [ 48.654920] ? save_stack_trace+0x1a/0x20 [ 48.654924] ? save_trace+0xe0/0x290 [ 48.654929] ? kasan_check_read+0x11/0x20 [ 48.654933] ? graph_lock+0x170/0x170 [ 48.654938] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.654942] lock_acquire+0x1ed/0x520 [ 48.654946] ? down_trylock+0x13/0x70 [ 48.654950] ? find_held_lock+0x36/0x1c0 [ 48.654954] ? lock_release+0x970/0x970 [ 48.654958] ? trace_hardirqs_off+0xb8/0x310 [ 48.654962] ? vprintk_emit+0x1d3/0x930 [ 48.654967] ? trace_hardirqs_on+0x310/0x310 [ 48.654971] ? trace_hardirqs_off+0xb8/0x310 [ 48.654975] ? log_store+0x344/0x4c0 [ 48.654979] ? vprintk_emit+0x322/0x930 [ 48.654984] _raw_spin_lock_irqsave+0x99/0xd0 [ 48.654988] ? down_trylock+0x13/0x70 [ 48.654991] down_trylock+0x13/0x70 [ 48.654996] __down_trylock_console_sem+0xae/0x200 [ 48.655000] console_trylock+0x15/0xa0 [ 48.655004] vprintk_emit+0x322/0x930 [ 48.655008] ? wake_up_klogd+0x180/0x180 [ 48.655013] ? run_rebalance_domains+0x500/0x500 [ 48.655017] ? find_held_lock+0x36/0x1c0 [ 48.655021] ? __queue_work+0x6be/0x1440 [ 48.655025] ? lock_acquire+0x1ed/0x520 [ 48.655029] vprintk_default+0x28/0x30 [ 48.655033] vprintk_func+0x7e/0x181 [ 48.655037] printk+0xa7/0xcf [ 48.655041] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 48.655046] ? kasan_check_write+0x14/0x20 [ 48.655050] ? do_raw_spin_lock+0xc1/0x200 [ 48.655054] ? do_raw_spin_lock+0xc1/0x200 [ 48.655058] kasan_report+0x9b/0x110 [ 48.655062] ? __schedule+0xfc3/0x1ed0 [ 48.655067] __asan_report_load8_noabort+0x14/0x20 [ 48.655071] __schedule+0xfc3/0x1ed0 [ 48.655075] ? __sched_text_start+0x8/0x8 [ 48.655079] ? __lock_is_held+0xb5/0x140 [ 48.655084] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 48.655088] ? find_held_lock+0x36/0x1c0 [ 48.655092] ? __call_srcu+0x7f9/0x1070 [ 48.655097] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 48.655101] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 48.655107] ? lockdep_hardirqs_on+0x421/0x5c0 [ 48.655111] ? preempt_schedule+0x4d/0x60 [ 48.655115] preempt_schedule_common+0x1f/0xd0 [ 48.655119] preempt_schedule+0x4d/0x60 [ 48.655124] ___preempt_schedule+0x16/0x18 [ 48.655128] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 48.655132] __call_srcu+0x7f9/0x1070 [ 48.655137] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 48.655142] ? srcu_offline_cpu+0x120/0x120 [ 48.655146] ? debug_object_free+0x690/0x690 [ 48.655150] ? mark_held_locks+0x130/0x130 [ 48.655155] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 48.655159] ? lock_release+0x970/0x970 [ 48.655163] ? arch_local_save_flags+0x40/0x40 [ 48.655167] ? depot_save_stack+0x292/0x470 [ 48.655172] ? __lockdep_init_map+0x105/0x590 [ 48.655176] ? __init_waitqueue_head+0x9e/0x150 [ 48.655181] ? init_wait_entry+0x1c0/0x1c0 [ 48.655185] __synchronize_srcu+0x17b/0x230 [ 48.655189] ? call_srcu+0x10/0x10 [ 48.655193] ? rcu_unexpedite_gp+0x20/0x20 [ 48.655198] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 48.655203] ? check_preemption_disabled+0x48/0x200 [ 48.655207] synchronize_srcu+0x356/0x5ab [ 48.655211] ? lock_downgrade+0x900/0x900 [ 48.655216] ? synchronize_srcu_expedited+0x20/0x20 [ 48.655220] ? kasan_check_read+0x11/0x20 [ 48.655224] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 48.655229] ? kasan_check_write+0x14/0x20 [ 48.655233] ? do_raw_spin_lock+0xc1/0x200 [ 48.655238] kvm_page_track_unregister_notifier+0x17d/0x250 [ 48.655243] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 48.655247] ? kvfree+0x61/0x70 [ 48.655252] ? rcu_read_lock_sched_held+0x108/0x120 [ 48.655256] kvm_mmu_uninit_vm+0x1c/0x20 [ 48.655260] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 48.655265] ? kvm_arch_sync_events+0x30/0x30 [ 48.655270] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.655275] ? mmu_notifier_unregister+0x474/0x600 [ 48.655278] ? kfree+0x107/0x230 [ 48.655283] ? __mmu_notifier_register+0x30/0x30 [ 48.655287] ? __free_pages+0x10a/0x190 [ 48.655292] ? free_unref_page+0x960/0x960 [ 48.655296] kvm_put_kvm+0x6c8/0xff0 [ 48.655300] ? kvm_write_guest_cached+0x40/0x40 [ 48.655304] ? kvm_irqfd_release+0xd1/0x120 [ 48.655309] ? _raw_spin_unlock_irq+0x27/0x80 [ 48.655313] ? _raw_spin_unlock_irq+0x27/0x80 [ 48.655317] ? kasan_check_write+0x14/0x20 [ 48.655322] ? do_raw_spin_lock+0xc1/0x200 [ 48.655326] ? kvm_irqfd_release+0xdd/0x120 [ 48.655329] ? kvm_irqfd_release+0x [ 48.655337] Lost 71 message(s)! [ 48.656257] Kernel Offset: disabled [ 49.710335] Rebooting in 86400 seconds..