[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.441661] random: sshd: uninitialized urandom read (32 bytes read) [ 33.831921] audit: type=1400 audit(1536454389.385:6): avc: denied { map } for pid=5457 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 33.881214] random: sshd: uninitialized urandom read (32 bytes read) [ 34.496480] random: sshd: uninitialized urandom read (32 bytes read) [ 34.730762] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts. [ 40.323952] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 40.457808] audit: type=1400 audit(1536454396.015:7): avc: denied { map } for pid=5471 comm="syz-executor417" path="/root/syz-executor417540942" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.461447] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 40.510022] ================================================================== [ 40.520005] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 40.526235] Read of size 8 at addr ffff8801b3558058 by task syz-executor417/5471 [ 40.533752] [ 40.535379] CPU: 0 PID: 5471 Comm: syz-executor417 Not tainted 4.19.0-rc2+ #7 [ 40.542641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.551986] Call Trace: [ 40.554567] dump_stack+0x1c4/0x2b4 [ 40.558193] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.563382] ? printk+0xa7/0xcf [ 40.566660] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 40.571424] print_address_description.cold.8+0x9/0x1ff [ 40.576785] kasan_report.cold.9+0x242/0x309 [ 40.581189] ? __schedule+0xfc3/0x1ed0 [ 40.585079] __asan_report_load8_noabort+0x14/0x20 [ 40.590006] __schedule+0xfc3/0x1ed0 [ 40.593720] ? __sched_text_start+0x8/0x8 [ 40.597869] ? __lock_is_held+0xb5/0x140 [ 40.601925] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.607023] ? find_held_lock+0x36/0x1c0 [ 40.611087] ? __call_srcu+0x7f9/0x1070 [ 40.615057] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.620153] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.625250] ? lockdep_hardirqs_on+0x421/0x5c0 [ 40.629832] ? preempt_schedule+0x4d/0x60 [ 40.633977] preempt_schedule_common+0x1f/0xd0 [ 40.638554] preempt_schedule+0x4d/0x60 [ 40.642525] ___preempt_schedule+0x16/0x18 [ 40.646760] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 40.651688] __call_srcu+0x7f9/0x1070 [ 40.655485] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 40.660591] ? srcu_offline_cpu+0x120/0x120 [ 40.664907] ? debug_object_free+0x690/0x690 [ 40.669340] ? mark_held_locks+0x130/0x130 [ 40.673573] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 40.678153] ? lock_release+0x970/0x970 [ 40.682123] ? arch_local_save_flags+0x40/0x40 [ 40.686698] ? depot_save_stack+0x292/0x470 [ 40.691022] ? __lockdep_init_map+0x105/0x590 [ 40.695515] ? __init_waitqueue_head+0x9e/0x150 [ 40.700179] ? init_wait_entry+0x1c0/0x1c0 [ 40.704416] __synchronize_srcu+0x17b/0x230 [ 40.708736] ? call_srcu+0x10/0x10 [ 40.712272] ? rcu_unexpedite_gp+0x20/0x20 [ 40.716532] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 40.722068] ? check_preemption_disabled+0x48/0x200 [ 40.727084] synchronize_srcu+0x356/0x5ab [ 40.731226] ? lock_downgrade+0x900/0x900 [ 40.735369] ? synchronize_srcu_expedited+0x20/0x20 [ 40.740388] ? kasan_check_read+0x11/0x20 [ 40.744534] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.749115] ? kasan_check_write+0x14/0x20 [ 40.753348] ? do_raw_spin_lock+0xc1/0x200 [ 40.757585] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.763302] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 40.768757] ? kvfree+0x61/0x70 [ 40.772045] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.777056] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.781113] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.785518] ? kvm_arch_sync_events+0x30/0x30 [ 40.790015] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.795549] ? mmu_notifier_unregister+0x474/0x600 [ 40.800475] ? kfree+0x107/0x230 [ 40.803839] ? __mmu_notifier_register+0x30/0x30 [ 40.808591] ? __free_pages+0x10a/0x190 [ 40.812564] ? free_unref_page+0x960/0x960 [ 40.816822] kvm_put_kvm+0x6c8/0xff0 [ 40.820545] ? kvm_write_guest_cached+0x40/0x40 [ 40.825220] ? kvm_irqfd_release+0xd1/0x120 [ 40.829553] ? _raw_spin_unlock_irq+0x27/0x80 [ 40.834048] ? _raw_spin_unlock_irq+0x27/0x80 [ 40.838549] ? kasan_check_write+0x14/0x20 [ 40.842810] ? do_raw_spin_lock+0xc1/0x200 [ 40.847059] ? kvm_irqfd_release+0xdd/0x120 [ 40.851376] ? kvm_irqfd_release+0xdd/0x120 [ 40.855695] ? kvm_put_kvm+0xff0/0xff0 [ 40.859610] kvm_vm_release+0x42/0x50 [ 40.863403] __fput+0x385/0xa30 [ 40.866683] ? get_max_files+0x20/0x20 [ 40.870569] ? trace_hardirqs_on+0xbd/0x310 [ 40.874891] ? ___might_sleep+0x1ed/0x300 [ 40.879037] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 40.884487] ? arch_local_save_flags+0x40/0x40 [ 40.889067] ? kasan_check_write+0x14/0x20 [ 40.893302] ? do_raw_spin_lock+0xc1/0x200 [ 40.897538] ____fput+0x15/0x20 [ 40.900814] task_work_run+0x1e8/0x2a0 [ 40.904700] ? task_work_cancel+0x240/0x240 [ 40.909018] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.914550] ? switch_task_namespaces+0x9d/0xd0 [ 40.919216] do_exit+0x1ad7/0x2610 [ 40.922755] ? mm_update_next_owner+0x990/0x990 [ 40.927426] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 40.931655] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.936669] ? kfree+0x1fa/0x230 [ 40.940031] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 40.944267] ? kvm_vcpu_block+0x1030/0x1030 [ 40.948598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.954130] ? avc_has_extended_perms+0xab2/0x15a0 [ 40.959063] ? fpu__prepare_read+0x37b/0x750 [ 40.963481] ? avc_ss_reset+0x190/0x190 [ 40.967458] ? save_stack+0xa9/0xd0 [ 40.971077] ? save_stack+0x43/0xd0 [ 40.974701] ? __kasan_slab_free+0x102/0x150 [ 40.979105] ? kasan_slab_free+0xe/0x10 [ 40.983076] ? putname+0xf2/0x130 [ 40.986540] ? __x64_sys_openat+0x9d/0x100 [ 40.990773] ? do_syscall_64+0x1b9/0x820 [ 40.994861] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.000224] ? ___might_sleep+0x1ed/0x300 [ 41.004367] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 41.009482] ? trace_hardirqs_off+0xb8/0x310 [ 41.013892] ? kvm_vcpu_block+0x1030/0x1030 [ 41.018212] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.023742] ? do_vfs_ioctl+0x201/0x1720 [ 41.027796] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 41.032983] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 41.038009] ? __fget_light+0x2e9/0x430 [ 41.041979] ? fget_raw+0x20/0x20 [ 41.045426] ? path_mountpoint+0x52e/0x2190 [ 41.049742] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.054763] ? kmem_cache_free+0x24f/0x290 [ 41.058994] ? putname+0xf7/0x130 [ 41.062459] do_group_exit+0x177/0x440 [ 41.066345] ? trace_hardirqs_on+0xbd/0x310 [ 41.070663] ? __ia32_sys_exit+0x50/0x50 [ 41.074719] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.080162] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.085705] ? ksys_ioctl+0x81/0xd0 [ 41.089341] __x64_sys_exit_group+0x3e/0x50 [ 41.093661] do_syscall_64+0x1b9/0x820 [ 41.097544] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.102919] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.107844] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.112683] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.117697] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.122709] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.127724] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.132570] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.137754] RIP: 0033:0x43ef28 [ 41.140942] Code: Bad RIP value. [ 41.144307] RSP: 002b:00007ffc1fa8e4d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 41.152811] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef28 [ 41.160074] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 41.167338] RBP: 00000000004be7e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 41.174601] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 41.181864] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 41.189135] [ 41.190755] Allocated by task 5471: [ 41.194379] save_stack+0x43/0xd0 [ 41.197827] kasan_kmalloc+0xc7/0xe0 [ 41.201559] kasan_slab_alloc+0x12/0x20 [ 41.205551] kmem_cache_alloc+0x12e/0x730 [ 41.209693] vmx_create_vcpu+0xcf/0x25e0 [ 41.213748] kvm_arch_vcpu_create+0xe5/0x220 [ 41.218149] kvm_vm_ioctl+0x470/0x1d40 [ 41.222032] do_vfs_ioctl+0x1de/0x1720 [ 41.225910] ksys_ioctl+0xa9/0xd0 [ 41.229359] __x64_sys_ioctl+0x73/0xb0 [ 41.233241] do_syscall_64+0x1b9/0x820 [ 41.237122] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.242304] [ 41.243928] Freed by task 5471: [ 41.247201] save_stack+0x43/0xd0 [ 41.250645] __kasan_slab_free+0x102/0x150 [ 41.254875] kasan_slab_free+0xe/0x10 [ 41.258671] kmem_cache_free+0x83/0x290 [ 41.262641] vmx_free_vcpu+0x26b/0x300 [ 41.266520] kvm_arch_destroy_vm+0x365/0x7c0 [ 41.270928] kvm_put_kvm+0x6c8/0xff0 [ 41.274638] kvm_vm_release+0x42/0x50 [ 41.278428] __fput+0x385/0xa30 [ 41.281701] ____fput+0x15/0x20 [ 41.284974] task_work_run+0x1e8/0x2a0 [ 41.288856] do_exit+0x1ad7/0x2610 [ 41.292390] do_group_exit+0x177/0x440 [ 41.296276] __x64_sys_exit_group+0x3e/0x50 [ 41.300598] do_syscall_64+0x1b9/0x820 [ 41.304483] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.309655] [ 41.311279] The buggy address belongs to the object at ffff8801b3558040 [ 41.311279] which belongs to the cache kvm_vcpu of size 23872 [ 41.323860] The buggy address is located 24 bytes inside of [ 41.323860] 23872-byte region [ffff8801b3558040, ffff8801b355dd80) [ 41.335834] The buggy address belongs to the page: [ 41.340756] page:ffffea0006cd5600 count:1 mapcount:0 mapping:ffff8801d791e380 index:0x0 compound_mapcount: 0 [ 41.350718] flags: 0x2fffc0000008100(slab|head) [ 41.355388] raw: 02fffc0000008100 ffff8801d5424348 ffff8801d5424348 ffff8801d791e380 [ 41.363273] raw: 0000000000000000 ffff8801b3558040 0000000100000001 0000000000000000 [ 41.371149] page dumped because: kasan: bad access detected [ 41.376846] [ 41.378461] Memory state around the buggy address: [ 41.383380] ffff8801b3557f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.390729] ffff8801b3557f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.398077] >ffff8801b3558000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 41.405425] ^ [ 41.411644] ffff8801b3558080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.418994] ffff8801b3558100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.426342] ================================================================== [ 41.433693] Kernel panic - not syncing: panic_on_warn set ... [ 41.433693] [ 41.441057] CPU: 0 PID: 5471 Comm: syz-executor417 Tainted: G B 4.19.0-rc2+ #7 [ 41.449709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.459048] Call Trace: [ 41.461635] dump_stack+0x1c4/0x2b4 [ 41.465259] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.470444] ? lock_downgrade+0x900/0x900 [ 41.474590] panic+0x238/0x4e7 [ 41.477795] ? add_taint.cold.5+0x16/0x16 [ 41.481940] ? print_shadow_for_address+0xb6/0x116 [ 41.486862] ? trace_hardirqs_off+0xaf/0x310 [ 41.491266] kasan_end_report+0x47/0x4f [ 41.495242] kasan_report.cold.9+0x76/0x309 [ 41.499560] ? __schedule+0xfc3/0x1ed0 [ 41.503449] __asan_report_load8_noabort+0x14/0x20 [ 41.508376] __schedule+0xfc3/0x1ed0 [ 41.512090] ? __sched_text_start+0x8/0x8 [ 41.516239] ? __lock_is_held+0xb5/0x140 [ 41.520319] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.525441] ? find_held_lock+0x36/0x1c0 [ 41.529505] ? __call_srcu+0x7f9/0x1070 [ 41.533474] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.538573] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.543674] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.548250] ? preempt_schedule+0x4d/0x60 [ 41.552394] preempt_schedule_common+0x1f/0xd0 [ 41.556975] preempt_schedule+0x4d/0x60 [ 41.560946] ___preempt_schedule+0x16/0x18 [ 41.565179] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.570105] __call_srcu+0x7f9/0x1070 [ 41.573901] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.579008] ? srcu_offline_cpu+0x120/0x120 [ 41.583334] ? debug_object_free+0x690/0x690 [ 41.587737] ? mark_held_locks+0x130/0x130 [ 41.591965] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 41.596548] ? lock_release+0x970/0x970 [ 41.600521] ? arch_local_save_flags+0x40/0x40 [ 41.605100] ? depot_save_stack+0x292/0x470 [ 41.609428] ? __lockdep_init_map+0x105/0x590 [ 41.613926] ? __init_waitqueue_head+0x9e/0x150 [ 41.618588] ? init_wait_entry+0x1c0/0x1c0 [ 41.622842] __synchronize_srcu+0x17b/0x230 [ 41.627160] ? call_srcu+0x10/0x10 [ 41.630693] ? rcu_unexpedite_gp+0x20/0x20 [ 41.634935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.640472] ? check_preemption_disabled+0x48/0x200 [ 41.645489] synchronize_srcu+0x356/0x5ab [ 41.649638] ? lock_downgrade+0x900/0x900 [ 41.653781] ? synchronize_srcu_expedited+0x20/0x20 [ 41.658799] ? kasan_check_read+0x11/0x20 [ 41.662948] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.667533] ? kasan_check_write+0x14/0x20 [ 41.671764] ? do_raw_spin_lock+0xc1/0x200 [ 41.676001] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.681717] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.687177] ? kvfree+0x61/0x70 [ 41.690466] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.695496] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.699571] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.703990] ? kvm_arch_sync_events+0x30/0x30 [ 41.708499] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.714047] ? mmu_notifier_unregister+0x474/0x600 [ 41.718985] ? kfree+0x107/0x230 [ 41.722366] ? __mmu_notifier_register+0x30/0x30 [ 41.727122] ? __free_pages+0x10a/0x190 [ 41.731098] ? free_unref_page+0x960/0x960 [ 41.735352] kvm_put_kvm+0x6c8/0xff0 [ 41.739081] ? kvm_write_guest_cached+0x40/0x40 [ 41.743759] ? kvm_irqfd_release+0xd1/0x120 [ 41.748092] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.752593] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.757103] ? kasan_check_write+0x14/0x20 [ 41.761351] ? do_raw_spin_lock+0xc1/0x200 [ 41.765595] ? kvm_irqfd_release+0xdd/0x120 [ 41.769939] ? kvm_irqfd_release+0xdd/0x120 [ 41.774278] ? kvm_put_kvm+0xff0/0xff0 [ 41.778184] kvm_vm_release+0x42/0x50 [ 41.781992] __fput+0x385/0xa30 [ 41.785276] ? get_max_files+0x20/0x20 [ 41.789173] ? trace_hardirqs_on+0xbd/0x310 [ 41.793494] ? ___might_sleep+0x1ed/0x300 [ 41.797639] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.803090] ? arch_local_save_flags+0x40/0x40 [ 41.807674] ? kasan_check_write+0x14/0x20 [ 41.811910] ? do_raw_spin_lock+0xc1/0x200 [ 41.816150] ____fput+0x15/0x20 [ 41.819436] task_work_run+0x1e8/0x2a0 [ 41.823334] ? task_work_cancel+0x240/0x240 [ 41.827662] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.833204] ? switch_task_namespaces+0x9d/0xd0 [ 41.837873] do_exit+0x1ad7/0x2610 [ 41.841416] ? mm_update_next_owner+0x990/0x990 [ 41.846090] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 41.850331] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.855347] ? kfree+0x1fa/0x230 [ 41.858713] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 41.862948] ? kvm_vcpu_block+0x1030/0x1030 [ 41.867268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.872810] ? avc_has_extended_perms+0xab2/0x15a0 [ 41.877745] ? fpu__prepare_read+0x37b/0x750 [ 41.882150] ? avc_ss_reset+0x190/0x190 [ 41.886125] ? save_stack+0xa9/0xd0 [ 41.889747] ? save_stack+0x43/0xd0 [ 41.893365] ? __kasan_slab_free+0x102/0x150 [ 41.897767] ? kasan_slab_free+0xe/0x10 [ 41.901737] ? putname+0xf2/0x130 [ 41.905186] ? __x64_sys_openat+0x9d/0x100 [ 41.909418] ? do_syscall_64+0x1b9/0x820 [ 41.913480] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.918853] ? ___might_sleep+0x1ed/0x300 [ 41.923003] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 41.928102] ? trace_hardirqs_off+0xb8/0x310 [ 41.932511] ? kvm_vcpu_block+0x1030/0x1030 [ 41.936827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.942375] ? do_vfs_ioctl+0x201/0x1720 [ 41.946434] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 41.951621] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 41.956631] ? __fget_light+0x2e9/0x430 [ 41.960604] ? fget_raw+0x20/0x20 [ 41.964054] ? path_mountpoint+0x52e/0x2190 [ 41.968375] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.973389] ? kmem_cache_free+0x24f/0x290 [ 41.977619] ? putname+0xf7/0x130 [ 41.981074] do_group_exit+0x177/0x440 [ 41.984963] ? trace_hardirqs_on+0xbd/0x310 [ 41.989283] ? __ia32_sys_exit+0x50/0x50 [ 41.993354] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.998801] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.004341] ? ksys_ioctl+0x81/0xd0 [ 42.007971] __x64_sys_exit_group+0x3e/0x50 [ 42.012288] do_syscall_64+0x1b9/0x820 [ 42.016199] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 42.021562] ? syscall_return_slowpath+0x5e0/0x5e0 [ 42.026488] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.031339] ? trace_hardirqs_on_caller+0x310/0x310 [ 42.036361] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 42.041407] ? prepare_exit_to_usermode+0x291/0x3b0 [ 42.046426] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.051749] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.056932] RIP: 0033:0x43ef28 [ 42.060125] Code: Bad RIP value. [ 42.063483] RSP: 002b:00007ffc1fa8e4d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 42.071188] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef28 [ 42.078453] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 42.085713] RBP: 00000000004be7e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 42.092984] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 42.100248] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 42.107523] [ 42.107530] ====================================================== [ 42.107536] WARNING: possible circular locking dependency detected [ 42.107540] 4.19.0-rc2+ #7 Not tainted [ 42.107546] ------------------------------------------------------ [ 42.107551] syz-executor417/5471 is trying to acquire lock: [ 42.107555] 00000000041a158b ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 42.107571] [ 42.107576] but task is already holding lock: [ 42.107579] 00000000b1cea3dc (report_lock){....}, at: kasan_report+0x8b/0x110 [ 42.107595] [ 42.107600] which lock already depends on the new lock. [ 42.107602] [ 42.107605] [ 42.107611] the existing dependency chain (in reverse order) is: [ 42.107613] [ 42.107616] -> #3 (report_lock){....}: [ 42.107631] _raw_spin_lock_irqsave+0x99/0xd0 [ 42.107636] kasan_report+0x8b/0x110 [ 42.107641] __asan_report_load8_noabort+0x14/0x20 [ 42.107645] __schedule+0xfc3/0x1ed0 [ 42.107649] preempt_schedule_common+0x1f/0xd0 [ 42.107654] preempt_schedule+0x4d/0x60 [ 42.107658] ___preempt_schedule+0x16/0x18 [ 42.107663] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.107667] __call_srcu+0x7f9/0x1070 [ 42.107672] __synchronize_srcu+0x17b/0x230 [ 42.107676] synchronize_srcu+0x356/0x5ab [ 42.107682] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.107686] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.107691] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.107695] kvm_put_kvm+0x6c8/0xff0 [ 42.107699] kvm_vm_release+0x42/0x50 [ 42.107703] __fput+0x385/0xa30 [ 42.107707] ____fput+0x15/0x20 [ 42.107711] task_work_run+0x1e8/0x2a0 [ 42.107715] do_exit+0x1ad7/0x2610 [ 42.107720] do_group_exit+0x177/0x440 [ 42.107724] __x64_sys_exit_group+0x3e/0x50 [ 42.107728] do_syscall_64+0x1b9/0x820 [ 42.107733] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.107736] [ 42.107738] -> #2 (&rq->lock){-.-.}: [ 42.107754] _raw_spin_lock+0x2d/0x40 [ 42.107758] task_fork_fair+0xb0/0x6d0 [ 42.107762] sched_fork+0x443/0xba0 [ 42.107767] copy_process+0x2586/0x8780 [ 42.107771] _do_fork+0x1cb/0x11d0 [ 42.107775] kernel_thread+0x34/0x40 [ 42.107779] rest_init+0x22/0xe5 [ 42.107783] start_kernel+0x8f4/0x92f [ 42.107788] x86_64_start_reservations+0x29/0x2b [ 42.107792] x86_64_start_kernel+0x76/0x79 [ 42.107797] secondary_startup_64+0xa4/0xb0 [ 42.107799] [ 42.107802] -> #1 (&p->pi_lock){-.-.}: [ 42.107818] _raw_spin_lock_irqsave+0x99/0xd0 [ 42.107822] try_to_wake_up+0xd2/0x12f0 [ 42.107826] wake_up_process+0x10/0x20 [ 42.107831] __up.isra.1+0x1c0/0x2a0 [ 42.107834] up+0x13c/0x1c0 [ 42.107839] __up_console_sem+0xbe/0x1b0 [ 42.107843] console_unlock+0x524/0x11a0 [ 42.107847] vprintk_emit+0x33d/0x930 [ 42.107852] vprintk_default+0x28/0x30 [ 42.107856] vprintk_func+0x7e/0x181 [ 42.107860] printk+0xa7/0xcf [ 42.107864] load_umh+0x51/0xbd [ 42.107868] do_one_initcall+0x145/0x957 [ 42.107873] kernel_init_freeable+0x4bb/0x5ae [ 42.107877] kernel_init+0x11/0x1b2 [ 42.107881] ret_from_fork+0x3a/0x50 [ 42.107884] [ 42.107886] -> #0 ((console_sem).lock){-...}: [ 42.107902] lock_acquire+0x1ed/0x520 [ 42.107907] _raw_spin_lock_irqsave+0x99/0xd0 [ 42.107911] down_trylock+0x13/0x70 [ 42.107916] __down_trylock_console_sem+0xae/0x200 [ 42.107920] console_trylock+0x15/0xa0 [ 42.107924] vprintk_emit+0x322/0x930 [ 42.107929] vprintk_default+0x28/0x30 [ 42.107933] vprintk_func+0x7e/0x181 [ 42.107937] printk+0xa7/0xcf [ 42.107941] kasan_report+0x9b/0x110 [ 42.107946] __asan_report_load8_noabort+0x14/0x20 [ 42.107950] __schedule+0xfc3/0x1ed0 [ 42.107954] preempt_schedule_common+0x1f/0xd0 [ 42.107959] preempt_schedule+0x4d/0x60 [ 42.107963] ___preempt_schedule+0x16/0x18 [ 42.107968] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.107972] __call_srcu+0x7f9/0x1070 [ 42.107977] __synchronize_srcu+0x17b/0x230 [ 42.107981] synchronize_srcu+0x356/0x5ab [ 42.107987] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.107991] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.107996] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.108000] kvm_put_kvm+0x6c8/0xff0 [ 42.108004] kvm_vm_release+0x42/0x50 [ 42.108008] __fput+0x385/0xa30 [ 42.108012] ____fput+0x15/0x20 [ 42.108016] task_work_run+0x1e8/0x2a0 [ 42.108020] do_exit+0x1ad7/0x2610 [ 42.108025] do_group_exit+0x177/0x440 [ 42.108029] __x64_sys_exit_group+0x3e/0x50 [ 42.108033] do_syscall_64+0x1b9/0x820 [ 42.108038] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.108041] [ 42.108046] other info that might help us debug this: [ 42.108048] [ 42.108051] Chain exists of: [ 42.108054] (console_sem).lock --> &rq->lock --> report_lock [ 42.108074] [ 42.108078] Possible unsafe locking scenario: [ 42.108080] [ 42.108085] CPU0 CPU1 [ 42.108089] ---- ---- [ 42.108092] lock(report_lock); [ 42.108102] lock(&rq->lock); [ 42.108112] lock(report_lock); [ 42.108121] lock((console_sem).lock); [ 42.108129] [ 42.108133] *** DEADLOCK *** [ 42.108135] [ 42.108140] 2 locks held by syz-executor417/5471: [ 42.108142] #0: 00000000cc7eb9d7 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 42.108161] #1: 00000000b1cea3dc (report_lock){....}, at: kasan_report+0x8b/0x110 [ 42.108179] [ 42.108182] stack backtrace: [ 42.108189] CPU: 0 PID: 5471 Comm: syz-executor417 Not tainted 4.19.0-rc2+ #7 [ 42.108197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.108200] Call Trace: [ 42.108204] dump_stack+0x1c4/0x2b4 [ 42.108209] ? dump_stack_print_info.cold.2+0x52/0x52 [ 42.108213] ? vprintk_func+0x85/0x181 [ 42.108219] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 42.108223] ? save_trace+0xe0/0x290 [ 42.108227] __lock_acquire+0x33e4/0x4ec0 [ 42.108232] ? mark_held_locks+0x130/0x130 [ 42.108236] ? mark_held_locks+0x130/0x130 [ 42.108240] ? rcu_bh_qs+0xc0/0xc0 [ 42.108244] ? unwind_dump+0x190/0x190 [ 42.108249] ? is_bpf_text_address+0xd3/0x170 [ 42.108254] ? kernel_text_address+0x79/0xf0 [ 42.108258] ? __kernel_text_address+0xd/0x40 [ 42.108263] ? __save_stack_trace+0x8d/0xf0 [ 42.108268] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 42.108272] ? save_trace+0x290/0x290 [ 42.108276] ? save_stack_trace+0x1a/0x20 [ 42.108280] ? save_trace+0xe0/0x290 [ 42.108285] ? kasan_check_read+0x11/0x20 [ 42.108289] ? graph_lock+0x170/0x170 [ 42.108302] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.108306] lock_acquire+0x1ed/0x520 [ 42.108310] ? down_trylock+0x13/0x70 [ 42.108315] ? find_held_lock+0x36/0x1c0 [ 42.108319] ? lock_release+0x970/0x970 [ 42.108324] ? trace_hardirqs_off+0xb8/0x310 [ 42.108334] ? vprintk_emit+0x1d3/0x930 [ 42.108338] ? trace_hardirqs_on+0x310/0x310 [ 42.108343] ? trace_hardirqs_off+0xb8/0x310 [ 42.108347] ? log_store+0x344/0x4c0 [ 42.108351] ? vprintk_emit+0x322/0x930 [ 42.108356] _raw_spin_lock_irqsave+0x99/0xd0 [ 42.108360] ? down_trylock+0x13/0x70 [ 42.108364] down_trylock+0x13/0x70 [ 42.108369] __down_trylock_console_sem+0xae/0x200 [ 42.108373] console_trylock+0x15/0xa0 [ 42.108377] vprintk_emit+0x322/0x930 [ 42.108382] ? wake_up_klogd+0x180/0x180 [ 42.108386] ? run_rebalance_domains+0x500/0x500 [ 42.108391] ? wake_up_worker+0x117/0x190 [ 42.108395] ? find_held_lock+0x36/0x1c0 [ 42.108400] ? __queue_work+0x6be/0x1440 [ 42.108404] ? lock_acquire+0x1ed/0x520 [ 42.108408] vprintk_default+0x28/0x30 [ 42.108412] vprintk_func+0x7e/0x181 [ 42.108416] printk+0xa7/0xcf [ 42.108421] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 42.108425] ? kasan_check_write+0x14/0x20 [ 42.108430] ? do_raw_spin_lock+0xc1/0x200 [ 42.108434] ? do_raw_spin_lock+0xc1/0x200 [ 42.108438] kasan_report+0x9b/0x110 [ 42.108443] ? __schedule+0xfc3/0x1ed0 [ 42.108447] __asan_report_load8_noabort+0x14/0x20 [ 42.108452] __schedule+0xfc3/0x1ed0 [ 42.108456] ? __sched_text_start+0x8/0x8 [ 42.108460] ? __lock_is_held+0xb5/0x140 [ 42.108465] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.108470] ? find_held_lock+0x36/0x1c0 [ 42.108474] ? __call_srcu+0x7f9/0x1070 [ 42.108479] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.108484] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.108489] ? lockdep_hardirqs_on+0x421/0x5c0 [ 42.108493] ? preempt_schedule+0x4d/0x60 [ 42.108498] preempt_schedule_common+0x1f/0xd0 [ 42.108502] preempt_schedule+0x4d/0x60 [ 42.108506] ___preempt_schedule+0x16/0x18 [ 42.108511] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.108515] __call_srcu+0x7f9/0x1070 [ 42.108520] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 42.108525] ? srcu_offline_cpu+0x120/0x120 [ 42.108529] ? debug_object_free+0x690/0x690 [ 42.108534] ? mark_held_locks+0x130/0x130 [ 42.108539] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 42.108543] ? lock_release+0x970/0x970 [ 42.108548] ? arch_local_save_flags+0x40/0x40 [ 42.108552] ? depot_save_stack+0x292/0x470 [ 42.108557] ? __lockdep_init_map+0x105/0x590 [ 42.108562] ? __init_waitqueue_head+0x9e/0x150 [ 42.108566] ? init_wait_entry+0x1c0/0x1c0 [ 42.108571] __synchronize_srcu+0x17b/0x230 [ 42.108575] ? call_srcu+0x10/0x10 [ 42.108579] ? rcu_unexpedite_gp+0x20/0x20 [ 42.108584] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.108589] ? check_preemption_disabled+0x48/0x200 [ 42.108594] synchronize_srcu+0x356/0x5ab [ 42.108598] ? lock_downgrade+0x900/0x900 [ 42.108603] ? synchronize_srcu_expedited+0x20/0x20 [ 42.108608] ? kasan_check_read+0x11/0x20 [ 42.108613] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 42.108617] ? kasan_check_write+0x14/0x20 [ 42.108621] ? do_raw_spin_lock+0xc1/0x200 [ 42.108627] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.108632] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 42.108636] ? kvfree+0x61/0x70 [ 42.108641] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.108645] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.108650] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.108655] ? kvm_arch_sync_events+0x30/0x30 [ 42.108660] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.108665] ? mmu_notifier_unregister+0x474/0x600 [ 42.108669] ? kfree+0x107/0x230 [ 42.108673] ? __mmu_notifier_register+0x30/0x30 [ 42.108678] ? __free_pages+0x10a/0x190 [ 42.108682] ? free_unref_page+0x960/0x960 [ 42.108686] kvm_put_kvm+0x6c8/0xff0 [ 42.108691] ? kvm_write_guest_cached+0x40/0x40 [ 42.108696] ? kvm_irqfd_release+0xd1/0x120 [ 42.108700] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.108705] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.108709] ? kasan_check_write+0x14/0x20 [ 42.108714] ? do_raw_spin_lock+0xc1/0x200 [ 42.108718] ? kvm_irqfd_release+0xdd/0 [ 42.108726] Lost 74 message(s)! [ 43.292221] Shutting down cpus with NMI [ 44.350340] Dumping ftrace buffer: [ 44.353863] (ftrace buffer empty) [ 44.358111] Kernel Offset: disabled [ 44.361729] Rebooting in 86400 seconds..