[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.436365] random: sshd: uninitialized urandom read (32 bytes read) [ 34.793731] audit: type=1400 audit(1536405215.532:6): avc: denied { map } for pid=5504 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 34.852420] random: sshd: uninitialized urandom read (32 bytes read) [ 35.454596] random: sshd: uninitialized urandom read (32 bytes read) [ 35.699322] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts. [ 41.622332] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 41.771442] audit: type=1400 audit(1536405222.502:7): avc: denied { map } for pid=5518 comm="syz-executor543" path="/root/syz-executor543780486" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 41.775365] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 41.826774] ================================================================== [ 41.837195] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 41.843422] Read of size 8 at addr ffff8801b5330058 by task syz-executor543/5518 [ 41.850944] [ 41.852575] CPU: 0 PID: 5518 Comm: syz-executor543 Not tainted 4.19.0-rc2+ #6 [ 41.859849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.869199] Call Trace: [ 41.871792] dump_stack+0x1c4/0x2b4 [ 41.875423] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.880619] ? printk+0xa7/0xcf [ 41.883910] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 41.888671] print_address_description.cold.8+0x9/0x1ff [ 41.894037] kasan_report.cold.9+0x242/0x309 [ 41.898458] ? __schedule+0xfc3/0x1ed0 [ 41.902349] __asan_report_load8_noabort+0x14/0x20 [ 41.907281] __schedule+0xfc3/0x1ed0 [ 41.911003] ? __sched_text_start+0x8/0x8 [ 41.915155] ? __lock_is_held+0xb5/0x140 [ 41.919491] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.924623] ? find_held_lock+0x36/0x1c0 [ 41.928691] ? __call_srcu+0x7f9/0x1070 [ 41.932668] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.937778] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.942885] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.947466] ? preempt_schedule+0x4d/0x60 [ 41.951625] preempt_schedule_common+0x1f/0xd0 [ 41.956212] preempt_schedule+0x4d/0x60 [ 41.960186] ___preempt_schedule+0x16/0x18 [ 41.964426] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.969376] __call_srcu+0x7f9/0x1070 [ 41.973183] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.978295] ? srcu_offline_cpu+0x120/0x120 [ 41.982622] ? debug_object_free+0x690/0x690 [ 41.987046] ? mark_held_locks+0x130/0x130 [ 41.991281] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 41.995868] ? lock_release+0x970/0x970 [ 41.999850] ? arch_local_save_flags+0x40/0x40 [ 42.004469] ? __lockdep_init_map+0x105/0x590 [ 42.008968] ? __init_waitqueue_head+0x9e/0x150 [ 42.013649] ? init_wait_entry+0x1c0/0x1c0 [ 42.017898] __synchronize_srcu+0x17b/0x230 [ 42.022221] ? call_srcu+0x10/0x10 [ 42.025764] ? rcu_unexpedite_gp+0x20/0x20 [ 42.030023] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.035578] ? check_preemption_disabled+0x48/0x200 [ 42.040617] synchronize_srcu+0x356/0x5ab [ 42.044771] ? lock_downgrade+0x900/0x900 [ 42.048920] ? synchronize_srcu_expedited+0x20/0x20 [ 42.053938] ? kasan_check_read+0x11/0x20 [ 42.058089] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 42.062698] ? kasan_check_write+0x14/0x20 [ 42.066932] ? do_raw_spin_lock+0xc1/0x200 [ 42.071174] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.076908] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 42.082373] ? kvfree+0x61/0x70 [ 42.085656] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.090677] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.094742] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.099164] ? kvm_arch_sync_events+0x30/0x30 [ 42.103674] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.109218] ? mmu_notifier_unregister+0x474/0x600 [ 42.114158] ? kfree+0x107/0x230 [ 42.117529] ? __mmu_notifier_register+0x30/0x30 [ 42.122283] ? __free_pages+0x10a/0x190 [ 42.126260] ? free_unref_page+0x960/0x960 [ 42.130513] kvm_put_kvm+0x6c8/0xff0 [ 42.134232] ? kvm_write_guest_cached+0x40/0x40 [ 42.138911] ? kvm_irqfd_release+0xd1/0x120 [ 42.143236] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.147759] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.152256] ? lockdep_hardirqs_on+0x421/0x5c0 [ 42.156844] ? kasan_check_write+0x14/0x20 [ 42.161088] ? do_raw_spin_lock+0xc1/0x200 [ 42.165326] ? kvm_irqfd_release+0xdd/0x120 [ 42.169669] ? kvm_irqfd_release+0xdd/0x120 [ 42.173992] ? kvm_put_kvm+0xff0/0xff0 [ 42.177890] kvm_vm_release+0x42/0x50 [ 42.181691] __fput+0x385/0xa30 [ 42.184971] ? get_max_files+0x20/0x20 [ 42.188864] ? ___might_sleep+0x1ed/0x300 [ 42.193024] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.198478] ? arch_local_save_flags+0x40/0x40 [ 42.203060] ? kasan_check_write+0x14/0x20 [ 42.207303] ? do_raw_spin_lock+0xc1/0x200 [ 42.211538] ____fput+0x15/0x20 [ 42.214817] task_work_run+0x1e8/0x2a0 [ 42.218711] ? task_work_cancel+0x240/0x240 [ 42.223035] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.228574] ? switch_task_namespaces+0x9d/0xd0 [ 42.233252] do_exit+0x1ad7/0x2610 [ 42.236790] ? __put_cred+0x28c/0x360 [ 42.240602] ? mm_update_next_owner+0x990/0x990 [ 42.245286] ? prepare_creds+0x4d0/0x4d0 [ 42.249358] ? kasan_check_write+0x14/0x20 [ 42.253591] ? do_raw_spin_lock+0xc1/0x200 [ 42.257838] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.263397] ? do_coredump+0x477/0x4001 [ 42.267407] ? kasan_check_write+0x14/0x20 [ 42.271656] ? do_raw_spin_lock+0xc1/0x200 [ 42.275911] ? _raw_read_unlock_irqrestore+0xb0/0xd0 [ 42.281020] ? dump_align+0xa0/0xa0 [ 42.284644] ? save_stack+0xa9/0xd0 [ 42.288267] ? save_stack+0x43/0xd0 [ 42.291908] ? __kasan_slab_free+0x102/0x150 [ 42.296314] ? kasan_slab_free+0xe/0x10 [ 42.300287] ? kmem_cache_free+0x83/0x290 [ 42.304437] ? __sigqueue_free.part.27+0x7d/0xa0 [ 42.309203] ? __dequeue_signal+0x530/0x7d0 [ 42.313522] ? dequeue_signal+0xbd/0x630 [ 42.317579] ? get_signal+0x3ec/0x1980 [ 42.321470] ? do_signal+0x9c/0x21e0 [ 42.325187] ? exit_to_usermode_loop+0x2e5/0x380 [ 42.329950] ? prepare_exit_to_usermode+0x342/0x3b0 [ 42.334978] ? trace_hardirqs_off+0xb8/0x310 [ 42.339395] ? kasan_check_read+0x11/0x20 [ 42.343553] ? do_raw_spin_unlock+0xa7/0x2f0 [ 42.347970] ? trace_hardirqs_on+0x310/0x310 [ 42.352408] ? kasan_check_write+0x14/0x20 [ 42.356659] ? graph_lock+0x170/0x170 [ 42.360464] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.366007] ? __lock_is_held+0xb5/0x140 [ 42.370081] ? __sigqueue_free.part.27+0x7d/0xa0 [ 42.374847] ? graph_lock+0x170/0x170 [ 42.378710] ? __sigqueue_free.part.27+0x7d/0xa0 [ 42.383472] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.388489] ? kmem_cache_free+0x24f/0x290 [ 42.392738] ? __sigqueue_free.part.27+0x7d/0xa0 [ 42.397526] ? find_held_lock+0x36/0x1c0 [ 42.401593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.407142] ? proc_coredump_connector+0x4f8/0x630 [ 42.412099] ? proc_comm_connector+0x520/0x520 [ 42.416689] do_group_exit+0x177/0x440 [ 42.420582] ? __ia32_sys_exit+0x50/0x50 [ 42.424661] get_signal+0x8b0/0x1980 [ 42.428381] ? ptrace_notify+0x130/0x130 [ 42.432453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.437990] ? check_preemption_disabled+0x48/0x200 [ 42.443002] ? check_preemption_disabled+0x48/0x200 [ 42.448030] do_signal+0x9c/0x21e0 [ 42.451572] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.457111] ? __send_signal+0xbe5/0x1a00 [ 42.461264] ? graph_lock+0x170/0x170 [ 42.465062] ? setup_sigcontext+0x7d0/0x7d0 [ 42.469389] ? prepare_signal+0xcf0/0xcf0 [ 42.473541] ? __handle_mm_fault+0x53e0/0x53e0 [ 42.478134] ? exit_to_usermode_loop+0x8c/0x380 [ 42.482812] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.487915] ? lockdep_hardirqs_on+0x421/0x5c0 [ 42.492500] exit_to_usermode_loop+0x2e5/0x380 [ 42.497086] ? syscall_slow_exit_work+0x520/0x520 [ 42.501931] ? trace_hardirqs_off_caller+0xbb/0x310 [ 42.506947] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.511796] prepare_exit_to_usermode+0x342/0x3b0 [ 42.516648] ? trace_event_raw_event_sys_enter+0x700/0x700 [ 42.522276] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.527123] ? general_protection+0x8/0x30 [ 42.531358] retint_user+0x8/0x18 [ 42.534810] RIP: 0033:0x4003a0 [ 42.538007] Code: Bad RIP value. [ 42.541366] RSP: 002b:00007ffe069cd138 EFLAGS: 00010206 [ 42.546729] RAX: 00007ffe069cd140 RBX: 0000000000000000 RCX: 000000000043f830 [ 42.553993] RDX: 0000000000000000 RSI: 0000000000000023 RDI: 00007ffe069cd140 [ 42.561260] RBP: 6666666666666667 R08: 000000000000000f R09: 00000000004002e0 [ 42.568524] R10: 0000000000000000 R11: 00000000004a8360 R12: 0000000000000000 [ 42.575800] R13: 0000000000401fb0 R14: 0000000000000000 R15: 0000000000000000 [ 42.583069] [ 42.584692] Allocated by task 5518: [ 42.588314] save_stack+0x43/0xd0 [ 42.591762] kasan_kmalloc+0xc7/0xe0 [ 42.595469] kasan_slab_alloc+0x12/0x20 [ 42.599442] kmem_cache_alloc+0x12e/0x730 [ 42.603587] vmx_create_vcpu+0xcf/0x25e0 [ 42.607655] kvm_arch_vcpu_create+0xe5/0x220 [ 42.612061] kvm_vm_ioctl+0x470/0x1d40 [ 42.615952] do_vfs_ioctl+0x1de/0x1720 [ 42.619838] ksys_ioctl+0xa9/0xd0 [ 42.623295] __x64_sys_ioctl+0x73/0xb0 [ 42.627183] do_syscall_64+0x1b9/0x820 [ 42.631070] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.636261] [ 42.637897] Freed by task 5518: [ 42.641175] save_stack+0x43/0xd0 [ 42.644636] __kasan_slab_free+0x102/0x150 [ 42.648865] kasan_slab_free+0xe/0x10 [ 42.652671] kmem_cache_free+0x83/0x290 [ 42.656640] vmx_free_vcpu+0x26b/0x300 [ 42.660527] kvm_arch_destroy_vm+0x365/0x7c0 [ 42.664938] kvm_put_kvm+0x6c8/0xff0 [ 42.668656] kvm_vm_release+0x42/0x50 [ 42.672475] __fput+0x385/0xa30 [ 42.675746] ____fput+0x15/0x20 [ 42.679022] task_work_run+0x1e8/0x2a0 [ 42.682905] do_exit+0x1ad7/0x2610 [ 42.686444] do_group_exit+0x177/0x440 [ 42.690342] get_signal+0x8b0/0x1980 [ 42.694068] do_signal+0x9c/0x21e0 [ 42.697616] exit_to_usermode_loop+0x2e5/0x380 [ 42.702201] prepare_exit_to_usermode+0x342/0x3b0 [ 42.707043] retint_user+0x8/0x18 [ 42.710509] [ 42.712132] The buggy address belongs to the object at ffff8801b5330040 [ 42.712132] which belongs to the cache kvm_vcpu of size 23872 [ 42.724709] The buggy address is located 24 bytes inside of [ 42.724709] 23872-byte region [ffff8801b5330040, ffff8801b5335d80) [ 42.736665] The buggy address belongs to the page: [ 42.741625] page:ffffea0006d4cc00 count:1 mapcount:0 mapping:ffff8801d5f3d940 index:0x0 compound_mapcount: 0 [ 42.751595] flags: 0x2fffc0000008100(slab|head) [ 42.756279] raw: 02fffc0000008100 ffff8801d5f39248 ffff8801d5f39248 ffff8801d5f3d940 [ 42.764179] raw: 0000000000000000 ffff8801b5330040 0000000100000001 0000000000000000 [ 42.772049] page dumped because: kasan: bad access detected [ 42.777747] [ 42.779365] Memory state around the buggy address: [ 42.784304] ffff8801b532ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.791659] ffff8801b532ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.799015] >ffff8801b5330000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 42.806363] ^ [ 42.812799] ffff8801b5330080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.820254] ffff8801b5330100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.827603] ================================================================== [ 42.834963] Kernel panic - not syncing: panic_on_warn set ... [ 42.834963] [ 42.842370] CPU: 0 PID: 5518 Comm: syz-executor543 Tainted: G B 4.19.0-rc2+ #6 [ 42.851044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.860399] Call Trace: [ 42.862989] dump_stack+0x1c4/0x2b4 [ 42.866630] ? dump_stack_print_info.cold.2+0x52/0x52 [ 42.871824] ? lock_downgrade+0x900/0x900 [ 42.875993] panic+0x238/0x4e7 [ 42.879190] ? add_taint.cold.5+0x16/0x16 [ 42.883346] ? print_shadow_for_address+0xb6/0x116 [ 42.888273] ? trace_hardirqs_off+0xaf/0x310 [ 42.892699] kasan_end_report+0x47/0x4f [ 42.896677] kasan_report.cold.9+0x76/0x309 [ 42.901005] ? __schedule+0xfc3/0x1ed0 [ 42.904898] __asan_report_load8_noabort+0x14/0x20 [ 42.909828] __schedule+0xfc3/0x1ed0 [ 42.913551] ? __sched_text_start+0x8/0x8 [ 42.917704] ? __lock_is_held+0xb5/0x140 [ 42.921776] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.926894] ? find_held_lock+0x36/0x1c0 [ 42.930965] ? __call_srcu+0x7f9/0x1070 [ 42.934943] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.940046] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.945152] ? lockdep_hardirqs_on+0x421/0x5c0 [ 42.949736] ? preempt_schedule+0x4d/0x60 [ 42.953893] preempt_schedule_common+0x1f/0xd0 [ 42.958501] preempt_schedule+0x4d/0x60 [ 42.962477] ___preempt_schedule+0x16/0x18 [ 42.966729] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.971669] __call_srcu+0x7f9/0x1070 [ 42.975471] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 42.980576] ? srcu_offline_cpu+0x120/0x120 [ 42.984909] ? debug_object_free+0x690/0x690 [ 42.989317] ? mark_held_locks+0x130/0x130 [ 42.993555] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 42.998143] ? lock_release+0x970/0x970 [ 43.002120] ? arch_local_save_flags+0x40/0x40 [ 43.006715] ? __lockdep_init_map+0x105/0x590 [ 43.011220] ? __init_waitqueue_head+0x9e/0x150 [ 43.015893] ? init_wait_entry+0x1c0/0x1c0 [ 43.020135] __synchronize_srcu+0x17b/0x230 [ 43.024458] ? call_srcu+0x10/0x10 [ 43.027998] ? rcu_unexpedite_gp+0x20/0x20 [ 43.032242] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 43.037780] ? check_preemption_disabled+0x48/0x200 [ 43.042812] synchronize_srcu+0x356/0x5ab [ 43.046959] ? lock_downgrade+0x900/0x900 [ 43.051110] ? synchronize_srcu_expedited+0x20/0x20 [ 43.056128] ? kasan_check_read+0x11/0x20 [ 43.060280] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 43.064862] ? kasan_check_write+0x14/0x20 [ 43.069152] ? do_raw_spin_lock+0xc1/0x200 [ 43.073408] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.079122] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 43.084574] ? kvfree+0x61/0x70 [ 43.087859] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.092900] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.096964] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.101374] ? kvm_arch_sync_events+0x30/0x30 [ 43.105878] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.111416] ? mmu_notifier_unregister+0x474/0x600 [ 43.116345] ? kfree+0x107/0x230 [ 43.119717] ? __mmu_notifier_register+0x30/0x30 [ 43.124473] ? __free_pages+0x10a/0x190 [ 43.128447] ? free_unref_page+0x960/0x960 [ 43.132693] kvm_put_kvm+0x6c8/0xff0 [ 43.136417] ? kvm_write_guest_cached+0x40/0x40 [ 43.141089] ? kvm_irqfd_release+0xd1/0x120 [ 43.145411] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.149903] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.154417] ? lockdep_hardirqs_on+0x421/0x5c0 [ 43.159013] ? kasan_check_write+0x14/0x20 [ 43.163250] ? do_raw_spin_lock+0xc1/0x200 [ 43.167519] ? kvm_irqfd_release+0xdd/0x120 [ 43.171836] ? kvm_irqfd_release+0xdd/0x120 [ 43.176161] ? kvm_put_kvm+0xff0/0xff0 [ 43.180048] kvm_vm_release+0x42/0x50 [ 43.183867] __fput+0x385/0xa30 [ 43.187192] ? get_max_files+0x20/0x20 [ 43.191087] ? ___might_sleep+0x1ed/0x300 [ 43.195237] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 43.200689] ? arch_local_save_flags+0x40/0x40 [ 43.205274] ? kasan_check_write+0x14/0x20 [ 43.209511] ? do_raw_spin_lock+0xc1/0x200 [ 43.213761] ____fput+0x15/0x20 [ 43.217043] task_work_run+0x1e8/0x2a0 [ 43.220933] ? task_work_cancel+0x240/0x240 [ 43.225257] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.230801] ? switch_task_namespaces+0x9d/0xd0 [ 43.235473] do_exit+0x1ad7/0x2610 [ 43.239021] ? __put_cred+0x28c/0x360 [ 43.242828] ? mm_update_next_owner+0x990/0x990 [ 43.247494] ? prepare_creds+0x4d0/0x4d0 [ 43.251561] ? kasan_check_write+0x14/0x20 [ 43.255802] ? do_raw_spin_lock+0xc1/0x200 [ 43.260036] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.265592] ? do_coredump+0x477/0x4001 [ 43.269576] ? kasan_check_write+0x14/0x20 [ 43.273823] ? do_raw_spin_lock+0xc1/0x200 [ 43.278062] ? _raw_read_unlock_irqrestore+0xb0/0xd0 [ 43.283171] ? dump_align+0xa0/0xa0 [ 43.286796] ? save_stack+0xa9/0xd0 [ 43.290432] ? save_stack+0x43/0xd0 [ 43.294066] ? __kasan_slab_free+0x102/0x150 [ 43.298472] ? kasan_slab_free+0xe/0x10 [ 43.302446] ? kmem_cache_free+0x83/0x290 [ 43.306590] ? __sigqueue_free.part.27+0x7d/0xa0 [ 43.311352] ? __dequeue_signal+0x530/0x7d0 [ 43.315675] ? dequeue_signal+0xbd/0x630 [ 43.319739] ? get_signal+0x3ec/0x1980 [ 43.323633] ? do_signal+0x9c/0x21e0 [ 43.327349] ? exit_to_usermode_loop+0x2e5/0x380 [ 43.332103] ? prepare_exit_to_usermode+0x342/0x3b0 [ 43.337124] ? trace_hardirqs_off+0xb8/0x310 [ 43.341534] ? kasan_check_read+0x11/0x20 [ 43.345683] ? do_raw_spin_unlock+0xa7/0x2f0 [ 43.350094] ? trace_hardirqs_on+0x310/0x310 [ 43.354502] ? kasan_check_write+0x14/0x20 [ 43.358737] ? graph_lock+0x170/0x170 [ 43.362542] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.368082] ? __lock_is_held+0xb5/0x140 [ 43.372155] ? __sigqueue_free.part.27+0x7d/0xa0 [ 43.376922] ? graph_lock+0x170/0x170 [ 43.380727] ? __sigqueue_free.part.27+0x7d/0xa0 [ 43.385483] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.390501] ? kmem_cache_free+0x24f/0x290 [ 43.394740] ? __sigqueue_free.part.27+0x7d/0xa0 [ 43.399498] ? find_held_lock+0x36/0x1c0 [ 43.403563] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.409100] ? proc_coredump_connector+0x4f8/0x630 [ 43.414032] ? proc_comm_connector+0x520/0x520 [ 43.418636] do_group_exit+0x177/0x440 [ 43.422528] ? __ia32_sys_exit+0x50/0x50 [ 43.426600] get_signal+0x8b0/0x1980 [ 43.430330] ? ptrace_notify+0x130/0x130 [ 43.434397] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.439936] ? check_preemption_disabled+0x48/0x200 [ 43.444948] ? check_preemption_disabled+0x48/0x200 [ 43.449979] do_signal+0x9c/0x21e0 [ 43.453520] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.459058] ? __send_signal+0xbe5/0x1a00 [ 43.463206] ? graph_lock+0x170/0x170 [ 43.467007] ? setup_sigcontext+0x7d0/0x7d0 [ 43.471328] ? prepare_signal+0xcf0/0xcf0 [ 43.475478] ? __handle_mm_fault+0x53e0/0x53e0 [ 43.480068] ? exit_to_usermode_loop+0x8c/0x380 [ 43.484745] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.489847] ? lockdep_hardirqs_on+0x421/0x5c0 [ 43.494440] exit_to_usermode_loop+0x2e5/0x380 [ 43.499023] ? syscall_slow_exit_work+0x520/0x520 [ 43.503868] ? trace_hardirqs_off_caller+0xbb/0x310 [ 43.508895] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.513740] prepare_exit_to_usermode+0x342/0x3b0 [ 43.518587] ? trace_event_raw_event_sys_enter+0x700/0x700 [ 43.524219] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.529062] ? general_protection+0x8/0x30 [ 43.533298] retint_user+0x8/0x18 [ 43.536748] RIP: 0033:0x4003a0 [ 43.539940] Code: Bad RIP value. [ 43.543309] RSP: 002b:00007ffe069cd138 EFLAGS: 00010206 [ 43.548671] RAX: 00007ffe069cd140 RBX: 0000000000000000 RCX: 000000000043f830 [ 43.555937] RDX: 0000000000000000 RSI: 0000000000000023 RDI: 00007ffe069cd140 [ 43.563217] RBP: 6666666666666667 R08: 000000000000000f R09: 00000000004002e0 [ 43.570482] R10: 0000000000000000 R11: 00000000004a8360 R12: 0000000000000000 [ 43.577749] R13: 0000000000401fb0 R14: 0000000000000000 R15: 0000000000000000 [ 43.585023] [ 43.585029] ====================================================== [ 43.585035] WARNING: possible circular locking dependency detected [ 43.585039] 4.19.0-rc2+ #6 Not tainted [ 43.585045] ------------------------------------------------------ [ 43.585050] syz-executor543/5518 is trying to acquire lock: [ 43.585054] 000000007f99ffd0 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 43.585070] [ 43.585074] but task is already holding lock: [ 43.585077] 0000000049252fea (report_lock){....}, at: kasan_report+0x8b/0x110 [ 43.585093] [ 43.585098] which lock already depends on the new lock. [ 43.585100] [ 43.585103] [ 43.585108] the existing dependency chain (in reverse order) is: [ 43.585111] [ 43.585113] -> #3 (report_lock){....}: [ 43.585129] _raw_spin_lock_irqsave+0x99/0xd0 [ 43.585133] kasan_report+0x8b/0x110 [ 43.585138] __asan_report_load8_noabort+0x14/0x20 [ 43.585142] __schedule+0xfc3/0x1ed0 [ 43.585147] preempt_schedule_common+0x1f/0xd0 [ 43.585151] preempt_schedule+0x4d/0x60 [ 43.585155] ___preempt_schedule+0x16/0x18 [ 43.585160] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 43.585164] __call_srcu+0x7f9/0x1070 [ 43.585169] __synchronize_srcu+0x17b/0x230 [ 43.585173] synchronize_srcu+0x356/0x5ab [ 43.585178] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.585183] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.585187] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.585191] kvm_put_kvm+0x6c8/0xff0 [ 43.585196] kvm_vm_release+0x42/0x50 [ 43.585199] __fput+0x385/0xa30 [ 43.585203] ____fput+0x15/0x20 [ 43.585207] task_work_run+0x1e8/0x2a0 [ 43.585211] do_exit+0x1ad7/0x2610 [ 43.585215] do_group_exit+0x177/0x440 [ 43.585220] get_signal+0x8b0/0x1980 [ 43.585224] do_signal+0x9c/0x21e0 [ 43.585228] exit_to_usermode_loop+0x2e5/0x380 [ 43.585233] prepare_exit_to_usermode+0x342/0x3b0 [ 43.585237] retint_user+0x8/0x18 [ 43.585239] [ 43.585242] -> #2 (&rq->lock){-.-.}: [ 43.585257] _raw_spin_lock+0x2d/0x40 [ 43.585261] task_fork_fair+0xb0/0x6d0 [ 43.585265] sched_fork+0x443/0xba0 [ 43.585269] copy_process+0x2586/0x8780 [ 43.585273] _do_fork+0x1cb/0x11d0 [ 43.585277] kernel_thread+0x34/0x40 [ 43.585281] rest_init+0x22/0xe5 [ 43.585286] start_kernel+0x8f4/0x92f [ 43.585290] x86_64_start_reservations+0x29/0x2b [ 43.585295] x86_64_start_kernel+0x76/0x79 [ 43.585299] secondary_startup_64+0xa4/0xb0 [ 43.585302] [ 43.585304] -> #1 (&p->pi_lock){-.-.}: [ 43.585319] _raw_spin_lock_irqsave+0x99/0xd0 [ 43.585324] try_to_wake_up+0xd2/0x12f0 [ 43.585328] wake_up_process+0x10/0x20 [ 43.585332] __up.isra.1+0x1c0/0x2a0 [ 43.585336] up+0x13c/0x1c0 [ 43.585340] __up_console_sem+0xbe/0x1b0 [ 43.585344] console_unlock+0x524/0x11a0 [ 43.585349] vprintk_emit+0x33d/0x930 [ 43.585353] vprintk_default+0x28/0x30 [ 43.585357] vprintk_func+0x7e/0x181 [ 43.585361] printk+0xa7/0xcf [ 43.585365] load_umh+0x51/0xbd [ 43.585369] do_one_initcall+0x145/0x957 [ 43.585373] kernel_init_freeable+0x4bb/0x5ae [ 43.585378] kernel_init+0x11/0x1b2 [ 43.585382] ret_from_fork+0x3a/0x50 [ 43.585385] [ 43.585387] -> #0 ((console_sem).lock){-...}: [ 43.585403] lock_acquire+0x1ed/0x520 [ 43.585407] _raw_spin_lock_irqsave+0x99/0xd0 [ 43.585411] down_trylock+0x13/0x70 [ 43.585416] __down_trylock_console_sem+0xae/0x200 [ 43.585420] console_trylock+0x15/0xa0 [ 43.585425] vprintk_emit+0x322/0x930 [ 43.585429] vprintk_default+0x28/0x30 [ 43.585433] vprintk_func+0x7e/0x181 [ 43.585437] printk+0xa7/0xcf [ 43.585441] kasan_report+0x9b/0x110 [ 43.585446] __asan_report_load8_noabort+0x14/0x20 [ 43.585450] __schedule+0xfc3/0x1ed0 [ 43.585454] preempt_schedule_common+0x1f/0xd0 [ 43.585459] preempt_schedule+0x4d/0x60 [ 43.585463] ___preempt_schedule+0x16/0x18 [ 43.585468] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 43.585472] __call_srcu+0x7f9/0x1070 [ 43.585477] __synchronize_srcu+0x17b/0x230 [ 43.585481] synchronize_srcu+0x356/0x5ab [ 43.585487] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.585491] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.585495] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.585499] kvm_put_kvm+0x6c8/0xff0 [ 43.585504] kvm_vm_release+0x42/0x50 [ 43.585508] __fput+0x385/0xa30 [ 43.585511] ____fput+0x15/0x20 [ 43.585516] task_work_run+0x1e8/0x2a0 [ 43.585520] do_exit+0x1ad7/0x2610 [ 43.585524] do_group_exit+0x177/0x440 [ 43.585528] get_signal+0x8b0/0x1980 [ 43.585532] do_signal+0x9c/0x21e0 [ 43.585537] exit_to_usermode_loop+0x2e5/0x380 [ 43.585541] prepare_exit_to_usermode+0x342/0x3b0 [ 43.585545] retint_user+0x8/0x18 [ 43.585548] [ 43.585553] other info that might help us debug this: [ 43.585555] [ 43.585558] Chain exists of: [ 43.585561] (console_sem).lock --> &rq->lock --> report_lock [ 43.585580] [ 43.585585] Possible unsafe locking scenario: [ 43.585587] [ 43.585592] CPU0 CPU1 [ 43.585596] ---- ---- [ 43.585599] lock(report_lock); [ 43.585617] lock(&rq->lock); [ 43.585627] lock(report_lock); [ 43.585636] lock((console_sem).lock); [ 43.585644] [ 43.585648] *** DEADLOCK *** [ 43.585650] [ 43.585655] 2 locks held by syz-executor543/5518: [ 43.585657] #0: 00000000b06ea23a (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 43.585675] #1: 0000000049252fea (report_lock){....}, at: kasan_report+0x8b/0x110 [ 43.585693] [ 43.585697] stack backtrace: [ 43.585703] CPU: 0 PID: 5518 Comm: syz-executor543 Not tainted 4.19.0-rc2+ #6 [ 43.585710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.585714] Call Trace: [ 43.585717] dump_stack+0x1c4/0x2b4 [ 43.585722] ? dump_stack_print_info.cold.2+0x52/0x52 [ 43.585727] ? vprintk_func+0x85/0x181 [ 43.585732] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 43.585736] ? save_trace+0xe0/0x290 [ 43.585740] __lock_acquire+0x33e4/0x4ec0 [ 43.585745] ? mark_held_locks+0x130/0x130 [ 43.585749] ? mark_held_locks+0x130/0x130 [ 43.585753] ? rcu_bh_qs+0xc0/0xc0 [ 43.585757] ? unwind_dump+0x190/0x190 [ 43.585762] ? is_bpf_text_address+0xd3/0x170 [ 43.585766] ? kernel_text_address+0x79/0xf0 [ 43.585771] ? __kernel_text_address+0xd/0x40 [ 43.585775] ? __save_stack_trace+0x8d/0xf0 [ 43.585780] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 43.585784] ? save_trace+0x290/0x290 [ 43.585788] ? save_stack_trace+0x1a/0x20 [ 43.585792] ? save_trace+0xe0/0x290 [ 43.585797] ? kasan_check_read+0x11/0x20 [ 43.585801] ? graph_lock+0x170/0x170 [ 43.585806] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.585810] lock_acquire+0x1ed/0x520 [ 43.585814] ? down_trylock+0x13/0x70 [ 43.585818] ? find_held_lock+0x36/0x1c0 [ 43.585823] ? lock_release+0x970/0x970 [ 43.585827] ? trace_hardirqs_off+0xb8/0x310 [ 43.585831] ? vprintk_emit+0x1d3/0x930 [ 43.585836] ? trace_hardirqs_on+0x310/0x310 [ 43.585840] ? trace_hardirqs_off+0xb8/0x310 [ 43.585844] ? log_store+0x344/0x4c0 [ 43.585848] ? vprintk_emit+0x322/0x930 [ 43.585853] _raw_spin_lock_irqsave+0x99/0xd0 [ 43.585857] ? down_trylock+0x13/0x70 [ 43.585861] down_trylock+0x13/0x70 [ 43.585866] __down_trylock_console_sem+0xae/0x200 [ 43.585876] console_trylock+0x15/0xa0 [ 43.585880] vprintk_emit+0x322/0x930 [ 43.585884] ? wake_up_klogd+0x180/0x180 [ 43.585889] ? run_rebalance_domains+0x500/0x500 [ 43.585893] ? wake_up_worker+0x117/0x190 [ 43.585898] ? find_held_lock+0x36/0x1c0 [ 43.585902] ? __queue_work+0x6be/0x1440 [ 43.585906] ? lock_acquire+0x1ed/0x520 [ 43.585910] vprintk_default+0x28/0x30 [ 43.585914] vprintk_func+0x7e/0x181 [ 43.585918] printk+0xa7/0xcf [ 43.585923] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 43.585927] ? kasan_check_write+0x14/0x20 [ 43.585932] ? do_raw_spin_lock+0xc1/0x200 [ 43.585936] ? do_raw_spin_lock+0xc1/0x200 [ 43.585940] kasan_report+0x9b/0x110 [ 43.585944] ? __schedule+0xfc3/0x1ed0 [ 43.585949] __asan_report_load8_noabort+0x14/0x20 [ 43.585953] __schedule+0xfc3/0x1ed0 [ 43.585958] ? __sched_text_start+0x8/0x8 [ 43.585962] ? __lock_is_held+0xb5/0x140 [ 43.585967] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.585971] ? find_held_lock+0x36/0x1c0 [ 43.585976] ? __call_srcu+0x7f9/0x1070 [ 43.585981] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.585986] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.585990] ? lockdep_hardirqs_on+0x421/0x5c0 [ 43.585995] ? preempt_schedule+0x4d/0x60 [ 43.585999] preempt_schedule_common+0x1f/0xd0 [ 43.586004] preempt_schedule+0x4d/0x60 [ 43.586008] ___preempt_schedule+0x16/0x18 [ 43.586013] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 43.586017] __call_srcu+0x7f9/0x1070 [ 43.586022] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 43.586027] ? srcu_offline_cpu+0x120/0x120 [ 43.586031] ? debug_object_free+0x690/0x690 [ 43.586035] ? mark_held_locks+0x130/0x130 [ 43.586040] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 43.586044] ? lock_release+0x970/0x970 [ 43.586049] ? arch_local_save_flags+0x40/0x40 [ 43.586054] ? __lockdep_init_map+0x105/0x590 [ 43.586058] ? __init_waitqueue_head+0x9e/0x150 [ 43.586063] ? init_wait_entry+0x1c0/0x1c0 [ 43.586067] __synchronize_srcu+0x17b/0x230 [ 43.586071] ? call_srcu+0x10/0x10 [ 43.586075] ? rcu_unexpedite_gp+0x20/0x20 [ 43.586081] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 43.586085] ? check_preemption_disabled+0x48/0x200 [ 43.586090] synchronize_srcu+0x356/0x5ab [ 43.586094] ? lock_downgrade+0x900/0x900 [ 43.586099] ? synchronize_srcu_expedited+0x20/0x20 [ 43.586103] ? kasan_check_read+0x11/0x20 [ 43.586108] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 43.586112] ? kasan_check_write+0x14/0x20 [ 43.586117] ? do_raw_spin_lock+0xc1/0x200 [ 43.586122] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.586127] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 43.586131] ? kvfree+0x61/0x70 [ 43.586136] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.586140] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.586144] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.586149] ? kvm_arch_sync_events+0x30/0x30 [ 43.586154] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.586159] ? mmu_notifier_unregister+0x474/0x600 [ 43.586163] ? kfree+0x107/0x230 [ 43.586168] ? __mmu_notifier_register+0x30/0x30 [ 43.586172] ? __free_pages+0x10a/0x190 [ 43.586176] ? free_unref_page+0x960/0x960 [ 43.586180] kvm_put_kvm+0x6c8/0xff0 [ 43.586185] ? kvm_write_guest_cached+0x40/0x40 [ 43.586189] ? kvm_irqfd_release+0xd1/0x120 [ 43.586194] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.586198] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.586202] ? lockdep_hardirqs [ 43.586210] Lost 95 message(s)! [ 44.747061] Shutting down cpus with NMI [ 45.806628] Dumping ftrace buffer: [ 45.810157] (ftrace buffer empty) [ 45.814480] Kernel Offset: disabled [ 45.818102] Rebooting in 86400 seconds..