[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.847041] random: sshd: uninitialized urandom read (32 bytes read) [ 33.198833] audit: type=1400 audit(1537497943.370:6): avc: denied { map } for pid=5440 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 33.255615] random: sshd: uninitialized urandom read (32 bytes read) [ 33.907209] random: sshd: uninitialized urandom read (32 bytes read) [ 34.136271] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.16' (ECDSA) to the list of known hosts. [ 39.957590] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 40.097509] audit: type=1400 audit(1537497950.270:7): avc: denied { map } for pid=5454 comm="syz-executor627" path="/root/syz-executor627935510" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.101428] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 40.151673] ================================================================== [ 40.152834] kobject: 'regulatory.0' (00000000f4175206): kobject_uevent_env [ 40.161344] kobject: 'regulatory.0' (00000000f4175206): fill_kobj_path: path = '/devices/platform/regulatory.0' [ 40.167234] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 40.183661] Read of size 8 at addr ffff8801bd4c8058 by task syz-executor627/5454 [ 40.191184] [ 40.192817] CPU: 0 PID: 5454 Comm: syz-executor627 Not tainted 4.19.0-rc4+ #26 [ 40.200190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.209535] Call Trace: [ 40.212124] dump_stack+0x1c4/0x2b4 [ 40.215775] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.220970] ? printk+0xa7/0xcf [ 40.224251] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 40.229009] print_address_description.cold.8+0x9/0x1ff [ 40.234378] kasan_report.cold.9+0x242/0x309 [ 40.238786] ? __schedule+0xfc3/0x1ed0 [ 40.242674] __asan_report_load8_noabort+0x14/0x20 [ 40.247610] __schedule+0xfc3/0x1ed0 [ 40.251328] ? __sched_text_start+0x8/0x8 [ 40.255475] ? __lock_is_held+0xb5/0x140 [ 40.259535] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.264636] ? find_held_lock+0x36/0x1c0 [ 40.268698] ? __call_srcu+0x7f9/0x1070 [ 40.272684] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.277790] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.282889] ? lockdep_hardirqs_on+0x421/0x5c0 [ 40.287470] ? preempt_schedule+0x4d/0x60 [ 40.291645] preempt_schedule_common+0x1f/0xd0 [ 40.296234] preempt_schedule+0x4d/0x60 [ 40.300209] ___preempt_schedule+0x16/0x18 [ 40.304445] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 40.309393] __call_srcu+0x7f9/0x1070 [ 40.313192] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 40.318297] ? srcu_offline_cpu+0x120/0x120 [ 40.322619] ? debug_object_free+0x690/0x690 [ 40.327027] ? mark_held_locks+0x130/0x130 [ 40.331259] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 40.335845] ? lock_release+0x970/0x970 [ 40.339817] ? arch_local_save_flags+0x40/0x40 [ 40.344398] ? depot_save_stack+0x292/0x470 [ 40.348744] ? __lockdep_init_map+0x105/0x590 [ 40.353247] ? __init_waitqueue_head+0x9e/0x150 [ 40.357915] ? init_wait_entry+0x1c0/0x1c0 [ 40.362152] __synchronize_srcu+0x17b/0x230 [ 40.366487] ? call_srcu+0x10/0x10 [ 40.370038] ? rcu_unexpedite_gp+0x20/0x20 [ 40.374275] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 40.379813] ? check_preemption_disabled+0x48/0x200 [ 40.384828] synchronize_srcu+0x356/0x5ab [ 40.388984] ? lock_downgrade+0x900/0x900 [ 40.393129] ? synchronize_srcu_expedited+0x20/0x20 [ 40.398146] ? kasan_check_read+0x11/0x20 [ 40.402292] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.406874] ? kasan_check_write+0x14/0x20 [ 40.411111] ? do_raw_spin_lock+0xc1/0x200 [ 40.415348] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.421060] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 40.426515] ? kvfree+0x61/0x70 [ 40.429796] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.434814] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.438872] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.443278] ? kvm_arch_sync_events+0x30/0x30 [ 40.447773] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.453311] ? mmu_notifier_unregister+0x474/0x600 [ 40.458236] ? kfree+0x107/0x230 [ 40.461599] ? __mmu_notifier_register+0x30/0x30 [ 40.466353] ? __free_pages+0x10a/0x190 [ 40.470324] ? free_unref_page+0x960/0x960 [ 40.474567] kvm_put_kvm+0x6c8/0xff0 [ 40.478302] ? kvm_write_guest_cached+0x40/0x40 [ 40.482976] ? kvm_irqfd_release+0xd1/0x120 [ 40.487297] ? _raw_spin_unlock_irq+0x27/0x80 [ 40.491788] ? _raw_spin_unlock_irq+0x27/0x80 [ 40.496291] ? kasan_check_write+0x14/0x20 [ 40.500526] ? do_raw_spin_lock+0xc1/0x200 [ 40.504763] ? kvm_irqfd_release+0xdd/0x120 [ 40.509078] ? kvm_irqfd_release+0xdd/0x120 [ 40.513628] ? kvm_put_kvm+0xff0/0xff0 [ 40.517514] kvm_vm_release+0x42/0x50 [ 40.521309] __fput+0x385/0xa30 [ 40.524588] ? get_max_files+0x20/0x20 [ 40.528472] ? trace_hardirqs_on+0xbd/0x310 [ 40.532796] ? ___might_sleep+0x1ed/0x300 [ 40.536942] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 40.542394] ? arch_local_save_flags+0x40/0x40 [ 40.546983] ? kasan_check_write+0x14/0x20 [ 40.551215] ? do_raw_spin_lock+0xc1/0x200 [ 40.555449] ____fput+0x15/0x20 [ 40.558733] task_work_run+0x1e8/0x2a0 [ 40.562623] ? task_work_cancel+0x240/0x240 [ 40.566941] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.572484] ? switch_task_namespaces+0x9d/0xd0 [ 40.577156] do_exit+0x1ad7/0x2610 [ 40.580699] ? mm_update_next_owner+0x990/0x990 [ 40.585381] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 40.589613] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.594626] ? kfree+0x1fa/0x230 [ 40.597997] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 40.602238] ? kvm_vcpu_block+0x1030/0x1030 [ 40.606585] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.612128] ? avc_has_extended_perms+0xab2/0x15a0 [ 40.617061] ? save_stack_address+0x4b/0x60 [ 40.621378] ? avc_ss_reset+0x190/0x190 [ 40.625355] ? save_stack+0xa9/0xd0 [ 40.628981] ? save_stack+0x43/0xd0 [ 40.632602] ? __kasan_slab_free+0x102/0x150 [ 40.637005] ? kasan_slab_free+0xe/0x10 [ 40.640981] ? putname+0xf2/0x130 [ 40.644423] ? __x64_sys_openat+0x9d/0x100 [ 40.648650] ? do_syscall_64+0x1b9/0x820 [ 40.652787] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.658161] ? ___might_sleep+0x1ed/0x300 [ 40.662307] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 40.667412] ? trace_hardirqs_off+0xb8/0x310 [ 40.671824] ? kvm_vcpu_block+0x1030/0x1030 [ 40.676144] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.681681] ? do_vfs_ioctl+0x201/0x1720 [ 40.685751] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 40.690942] ? ioctl_preallocate+0x300/0x300 [ 40.695358] ? selinux_file_mprotect+0x620/0x620 [ 40.700109] ? path_mountpoint+0x57e/0x2190 [ 40.704431] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.709444] ? kmem_cache_free+0x24f/0x290 [ 40.713678] ? putname+0xf7/0x130 [ 40.717141] do_group_exit+0x177/0x440 [ 40.721035] ? trace_hardirqs_on+0xbd/0x310 [ 40.725367] ? __ia32_sys_exit+0x50/0x50 [ 40.729425] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 40.734888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.740438] ? ksys_ioctl+0x81/0xd0 [ 40.744072] __x64_sys_exit_group+0x3e/0x50 [ 40.748395] do_syscall_64+0x1b9/0x820 [ 40.752282] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 40.757646] ? syscall_return_slowpath+0x5e0/0x5e0 [ 40.762573] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.767429] ? trace_hardirqs_on_caller+0x310/0x310 [ 40.772444] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 40.777458] ? prepare_exit_to_usermode+0x291/0x3b0 [ 40.782488] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.787332] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.792519] RIP: 0033:0x43ef08 [ 40.795724] Code: Bad RIP value. [ 40.799084] RSP: 002b:00007ffe6a556218 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 40.806789] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 40.814055] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 40.821317] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 40.828583] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 40.835849] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 40.843118] [ 40.844740] Allocated by task 5454: [ 40.848365] save_stack+0x43/0xd0 [ 40.851811] kasan_kmalloc+0xc7/0xe0 [ 40.855521] kasan_slab_alloc+0x12/0x20 [ 40.859503] kmem_cache_alloc+0x12e/0x730 [ 40.863642] vmx_create_vcpu+0xcf/0x25e0 [ 40.867697] kvm_arch_vcpu_create+0xe5/0x220 [ 40.872106] kvm_vm_ioctl+0x470/0x1d40 [ 40.875996] do_vfs_ioctl+0x1de/0x1720 [ 40.879878] ksys_ioctl+0xa9/0xd0 [ 40.883326] __x64_sys_ioctl+0x73/0xb0 [ 40.887212] do_syscall_64+0x1b9/0x820 [ 40.891099] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.896273] [ 40.897895] Freed by task 5454: [ 40.901172] save_stack+0x43/0xd0 [ 40.904622] __kasan_slab_free+0x102/0x150 [ 40.908851] kasan_slab_free+0xe/0x10 [ 40.912650] kmem_cache_free+0x83/0x290 [ 40.916624] vmx_free_vcpu+0x26b/0x300 [ 40.920505] kvm_arch_destroy_vm+0x365/0x7c0 [ 40.924911] kvm_put_kvm+0x6c8/0xff0 [ 40.928639] kvm_vm_release+0x42/0x50 [ 40.932433] __fput+0x385/0xa30 [ 40.935713] ____fput+0x15/0x20 [ 40.938991] task_work_run+0x1e8/0x2a0 [ 40.942876] do_exit+0x1ad7/0x2610 [ 40.946412] do_group_exit+0x177/0x440 [ 40.950298] __x64_sys_exit_group+0x3e/0x50 [ 40.954634] do_syscall_64+0x1b9/0x820 [ 40.958537] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.963721] [ 40.965349] The buggy address belongs to the object at ffff8801bd4c8040 [ 40.965349] which belongs to the cache kvm_vcpu of size 23872 [ 40.977917] The buggy address is located 24 bytes inside of [ 40.977917] 23872-byte region [ffff8801bd4c8040, ffff8801bd4cdd80) [ 40.989872] The buggy address belongs to the page: [ 40.994800] page:ffffea0006f53200 count:1 mapcount:0 mapping:ffff8801d4cc2c40 index:0x0 compound_mapcount: 0 [ 41.004765] flags: 0x2fffc0000008100(slab|head) [ 41.009435] raw: 02fffc0000008100 ffff8801d4cc7f48 ffff8801d4cc7f48 ffff8801d4cc2c40 [ 41.017313] raw: 0000000000000000 ffff8801bd4c8040 0000000100000001 0000000000000000 [ 41.025181] page dumped because: kasan: bad access detected [ 41.030876] [ 41.032496] Memory state around the buggy address: [ 41.037423] ffff8801bd4c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.044774] ffff8801bd4c7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.052126] >ffff8801bd4c8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 41.059473] ^ [ 41.065696] ffff8801bd4c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.073057] ffff8801bd4c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.080406] ================================================================== [ 41.087759] Kernel panic - not syncing: panic_on_warn set ... [ 41.087759] [ 41.095127] CPU: 0 PID: 5454 Comm: syz-executor627 Tainted: G B 4.19.0-rc4+ #26 [ 41.103864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.113206] Call Trace: [ 41.115817] dump_stack+0x1c4/0x2b4 [ 41.119447] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.124639] ? lock_downgrade+0x900/0x900 [ 41.128785] panic+0x238/0x4e7 [ 41.131992] ? add_taint.cold.5+0x16/0x16 [ 41.136142] ? print_shadow_for_address+0xb6/0x116 [ 41.141072] ? trace_hardirqs_off+0xaf/0x310 [ 41.145478] kasan_end_report+0x47/0x4f [ 41.149459] kasan_report.cold.9+0x76/0x309 [ 41.153779] ? __schedule+0xfc3/0x1ed0 [ 41.157669] __asan_report_load8_noabort+0x14/0x20 [ 41.162596] __schedule+0xfc3/0x1ed0 [ 41.166313] ? __sched_text_start+0x8/0x8 [ 41.170461] ? __lock_is_held+0xb5/0x140 [ 41.174517] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.179622] ? find_held_lock+0x36/0x1c0 [ 41.183687] ? __call_srcu+0x7f9/0x1070 [ 41.187669] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.192771] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.197871] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.202455] ? preempt_schedule+0x4d/0x60 [ 41.206605] preempt_schedule_common+0x1f/0xd0 [ 41.211188] preempt_schedule+0x4d/0x60 [ 41.215161] ___preempt_schedule+0x16/0x18 [ 41.219395] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.224325] __call_srcu+0x7f9/0x1070 [ 41.228122] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.233228] ? srcu_offline_cpu+0x120/0x120 [ 41.237546] ? debug_object_free+0x690/0x690 [ 41.241955] ? mark_held_locks+0x130/0x130 [ 41.246192] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 41.250775] ? lock_release+0x970/0x970 [ 41.254750] ? arch_local_save_flags+0x40/0x40 [ 41.259330] ? depot_save_stack+0x292/0x470 [ 41.263655] ? __lockdep_init_map+0x105/0x590 [ 41.268155] ? __init_waitqueue_head+0x9e/0x150 [ 41.272819] ? init_wait_entry+0x1c0/0x1c0 [ 41.277060] __synchronize_srcu+0x17b/0x230 [ 41.281378] ? call_srcu+0x10/0x10 [ 41.284919] ? rcu_unexpedite_gp+0x20/0x20 [ 41.289160] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.294693] ? check_preemption_disabled+0x48/0x200 [ 41.299725] synchronize_srcu+0x356/0x5ab [ 41.303872] ? lock_downgrade+0x900/0x900 [ 41.308019] ? synchronize_srcu_expedited+0x20/0x20 [ 41.313037] ? kasan_check_read+0x11/0x20 [ 41.317190] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.321773] ? kasan_check_write+0x14/0x20 [ 41.326011] ? do_raw_spin_lock+0xc1/0x200 [ 41.330339] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.336048] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.341501] ? kvfree+0x61/0x70 [ 41.344781] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.349797] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.353857] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.358279] ? kvm_arch_sync_events+0x30/0x30 [ 41.362781] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.368317] ? mmu_notifier_unregister+0x474/0x600 [ 41.373243] ? kfree+0x107/0x230 [ 41.376610] ? __mmu_notifier_register+0x30/0x30 [ 41.381366] ? __free_pages+0x10a/0x190 [ 41.385342] ? free_unref_page+0x960/0x960 [ 41.389585] kvm_put_kvm+0x6c8/0xff0 [ 41.393305] ? kvm_write_guest_cached+0x40/0x40 [ 41.397980] ? kvm_irqfd_release+0xd1/0x120 [ 41.402302] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.406793] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.411295] ? kasan_check_write+0x14/0x20 [ 41.415525] ? do_raw_spin_lock+0xc1/0x200 [ 41.419762] ? kvm_irqfd_release+0xdd/0x120 [ 41.424078] ? kvm_irqfd_release+0xdd/0x120 [ 41.428401] ? kvm_put_kvm+0xff0/0xff0 [ 41.432286] kvm_vm_release+0x42/0x50 [ 41.436082] __fput+0x385/0xa30 [ 41.439361] ? get_max_files+0x20/0x20 [ 41.443249] ? trace_hardirqs_on+0xbd/0x310 [ 41.447568] ? ___might_sleep+0x1ed/0x300 [ 41.451723] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.457172] ? arch_local_save_flags+0x40/0x40 [ 41.461752] ? kasan_check_write+0x14/0x20 [ 41.465987] ? do_raw_spin_lock+0xc1/0x200 [ 41.470227] ____fput+0x15/0x20 [ 41.473501] task_work_run+0x1e8/0x2a0 [ 41.477401] ? task_work_cancel+0x240/0x240 [ 41.481728] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.487264] ? switch_task_namespaces+0x9d/0xd0 [ 41.491933] do_exit+0x1ad7/0x2610 [ 41.495480] ? mm_update_next_owner+0x990/0x990 [ 41.500152] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 41.504386] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.509401] ? kfree+0x1fa/0x230 [ 41.513290] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 41.517531] ? kvm_vcpu_block+0x1030/0x1030 [ 41.521860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.527393] ? avc_has_extended_perms+0xab2/0x15a0 [ 41.532333] ? save_stack_address+0x4b/0x60 [ 41.536652] ? avc_ss_reset+0x190/0x190 [ 41.540627] ? save_stack+0xa9/0xd0 [ 41.544253] ? save_stack+0x43/0xd0 [ 41.547875] ? __kasan_slab_free+0x102/0x150 [ 41.552279] ? kasan_slab_free+0xe/0x10 [ 41.556247] ? putname+0xf2/0x130 [ 41.559696] ? __x64_sys_openat+0x9d/0x100 [ 41.563935] ? do_syscall_64+0x1b9/0x820 [ 41.567996] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.573365] ? ___might_sleep+0x1ed/0x300 [ 41.577512] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 41.582616] ? trace_hardirqs_off+0xb8/0x310 [ 41.587058] ? kvm_vcpu_block+0x1030/0x1030 [ 41.591379] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.596913] ? do_vfs_ioctl+0x201/0x1720 [ 41.600986] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 41.606182] ? ioctl_preallocate+0x300/0x300 [ 41.610592] ? selinux_file_mprotect+0x620/0x620 [ 41.615343] ? path_mountpoint+0x57e/0x2190 [ 41.619666] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.624683] ? kmem_cache_free+0x24f/0x290 [ 41.628923] ? putname+0xf7/0x130 [ 41.632379] do_group_exit+0x177/0x440 [ 41.636266] ? trace_hardirqs_on+0xbd/0x310 [ 41.640587] ? __ia32_sys_exit+0x50/0x50 [ 41.644970] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.650424] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.655969] ? ksys_ioctl+0x81/0xd0 [ 41.659598] __x64_sys_exit_group+0x3e/0x50 [ 41.663920] do_syscall_64+0x1b9/0x820 [ 41.667807] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.673169] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.678094] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.682937] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.687955] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.692979] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.697999] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.702846] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.708032] RIP: 0033:0x43ef08 [ 41.711227] Code: Bad RIP value. [ 41.714602] RSP: 002b:00007ffe6a556218 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 41.722337] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 41.729599] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 41.736869] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 41.744135] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 41.751396] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 41.758673] [ 41.758679] ====================================================== [ 41.758685] WARNING: possible circular locking dependency detected [ 41.758690] 4.19.0-rc4+ #26 Not tainted [ 41.758696] ------------------------------------------------------ [ 41.758701] syz-executor627/5454 is trying to acquire lock: [ 41.758713] 0000000083539fde ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 41.758730] [ 41.758735] but task is already holding lock: [ 41.758738] 000000008a3bf21a (report_lock){....}, at: kasan_report+0x8b/0x110 [ 41.758755] [ 41.758760] which lock already depends on the new lock. [ 41.758763] [ 41.758766] [ 41.758771] the existing dependency chain (in reverse order) is: [ 41.758774] [ 41.758777] -> #3 (report_lock){....}: [ 41.758793] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.758798] kasan_report+0x8b/0x110 [ 41.758803] __asan_report_load8_noabort+0x14/0x20 [ 41.758807] __schedule+0xfc3/0x1ed0 [ 41.758812] preempt_schedule_common+0x1f/0xd0 [ 41.758817] preempt_schedule+0x4d/0x60 [ 41.758821] ___preempt_schedule+0x16/0x18 [ 41.758826] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.758831] __call_srcu+0x7f9/0x1070 [ 41.758836] __synchronize_srcu+0x17b/0x230 [ 41.758840] synchronize_srcu+0x356/0x5ab [ 41.758846] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.758850] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.758855] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.758860] kvm_put_kvm+0x6c8/0xff0 [ 41.758864] kvm_vm_release+0x42/0x50 [ 41.758868] __fput+0x385/0xa30 [ 41.758872] ____fput+0x15/0x20 [ 41.758876] task_work_run+0x1e8/0x2a0 [ 41.758881] do_exit+0x1ad7/0x2610 [ 41.758885] do_group_exit+0x177/0x440 [ 41.758890] __x64_sys_exit_group+0x3e/0x50 [ 41.758894] do_syscall_64+0x1b9/0x820 [ 41.758899] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.758902] [ 41.758905] -> #2 (&rq->lock){-.-.}: [ 41.758921] _raw_spin_lock+0x2d/0x40 [ 41.758925] task_fork_fair+0xb0/0x6d0 [ 41.758929] sched_fork+0x443/0xba0 [ 41.758934] copy_process+0x2586/0x8780 [ 41.758938] _do_fork+0x1cb/0x11d0 [ 41.758942] kernel_thread+0x34/0x40 [ 41.758946] rest_init+0x22/0xe5 [ 41.758951] start_kernel+0x8f4/0x92f [ 41.758956] x86_64_start_reservations+0x29/0x2b [ 41.758961] x86_64_start_kernel+0x76/0x79 [ 41.758971] secondary_startup_64+0xa4/0xb0 [ 41.758974] [ 41.758976] -> #1 (&p->pi_lock){-.-.}: [ 41.758993] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.758997] try_to_wake_up+0xd2/0x12f0 [ 41.759002] wake_up_process+0x10/0x20 [ 41.759006] __up.isra.1+0x1c0/0x2a0 [ 41.759010] up+0x13c/0x1c0 [ 41.759015] __up_console_sem+0xbe/0x1b0 [ 41.759019] console_unlock+0x814/0x1160 [ 41.759023] vprintk_emit+0x33d/0x930 [ 41.759028] vprintk_default+0x28/0x30 [ 41.759032] vprintk_func+0x7e/0x181 [ 41.759036] printk+0xa7/0xcf [ 41.759040] load_umh+0x51/0xbd [ 41.759045] do_one_initcall+0x145/0x957 [ 41.759050] kernel_init_freeable+0x4bb/0x5ae [ 41.759054] kernel_init+0x11/0x1b2 [ 41.759058] ret_from_fork+0x3a/0x50 [ 41.759061] [ 41.759063] -> #0 ((console_sem).lock){-...}: [ 41.759080] lock_acquire+0x1ed/0x520 [ 41.759085] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.759089] down_trylock+0x13/0x70 [ 41.759094] __down_trylock_console_sem+0xae/0x200 [ 41.759099] console_trylock+0x15/0xa0 [ 41.759103] vprintk_emit+0x322/0x930 [ 41.759107] vprintk_default+0x28/0x30 [ 41.759112] vprintk_func+0x7e/0x181 [ 41.759115] printk+0xa7/0xcf [ 41.759120] kasan_report+0x9b/0x110 [ 41.759125] __asan_report_load8_noabort+0x14/0x20 [ 41.759129] __schedule+0xfc3/0x1ed0 [ 41.759134] preempt_schedule_common+0x1f/0xd0 [ 41.759138] preempt_schedule+0x4d/0x60 [ 41.759143] ___preempt_schedule+0x16/0x18 [ 41.759148] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.759152] __call_srcu+0x7f9/0x1070 [ 41.759157] __synchronize_srcu+0x17b/0x230 [ 41.759162] synchronize_srcu+0x356/0x5ab [ 41.759167] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.759172] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.759177] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.759181] kvm_put_kvm+0x6c8/0xff0 [ 41.759185] kvm_vm_release+0x42/0x50 [ 41.759189] __fput+0x385/0xa30 [ 41.759193] ____fput+0x15/0x20 [ 41.759198] task_work_run+0x1e8/0x2a0 [ 41.759202] do_exit+0x1ad7/0x2610 [ 41.759206] do_group_exit+0x177/0x440 [ 41.759211] __x64_sys_exit_group+0x3e/0x50 [ 41.759215] do_syscall_64+0x1b9/0x820 [ 41.759220] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.759223] [ 41.759228] other info that might help us debug this: [ 41.759231] [ 41.759234] Chain exists of: [ 41.759237] (console_sem).lock --> &rq->lock --> report_lock [ 41.759257] [ 41.759262] Possible unsafe locking scenario: [ 41.759264] [ 41.759269] CPU0 CPU1 [ 41.759274] ---- ---- [ 41.759276] lock(report_lock); [ 41.759287] lock(&rq->lock); [ 41.759297] lock(report_lock); [ 41.759306] lock((console_sem).lock); [ 41.759316] [ 41.759319] *** DEADLOCK *** [ 41.759322] [ 41.759326] 2 locks held by syz-executor627/5454: [ 41.759329] #0: 00000000193da2cc (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 41.759348] #1: 000000008a3bf21a (report_lock){....}, at: kasan_report+0x8b/0x110 [ 41.759367] [ 41.759371] stack backtrace: [ 41.759377] CPU: 0 PID: 5454 Comm: syz-executor627 Not tainted 4.19.0-rc4+ #26 [ 41.759385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.759389] Call Trace: [ 41.759393] dump_stack+0x1c4/0x2b4 [ 41.759398] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.759403] ? vprintk_func+0x85/0x181 [ 41.759408] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 41.759413] ? save_trace+0xe0/0x290 [ 41.759417] __lock_acquire+0x33e4/0x4ec0 [ 41.759422] ? mark_held_locks+0x130/0x130 [ 41.759426] ? mark_held_locks+0x130/0x130 [ 41.759431] ? rcu_bh_qs+0xc0/0xc0 [ 41.759435] ? unwind_dump+0x190/0x190 [ 41.759440] ? is_bpf_text_address+0xd3/0x170 [ 41.759444] ? kernel_text_address+0x79/0xf0 [ 41.759449] ? __kernel_text_address+0xd/0x40 [ 41.759454] ? __save_stack_trace+0x8d/0xf0 [ 41.759459] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 41.759463] ? save_trace+0x290/0x290 [ 41.759468] ? save_stack_trace+0x1a/0x20 [ 41.759473] ? save_trace+0xe0/0x290 [ 41.759477] ? kasan_check_read+0x11/0x20 [ 41.759481] ? graph_lock+0x170/0x170 [ 41.759487] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.759491] lock_acquire+0x1ed/0x520 [ 41.759496] ? down_trylock+0x13/0x70 [ 41.759500] ? find_held_lock+0x36/0x1c0 [ 41.759504] ? lock_release+0x970/0x970 [ 41.759509] ? trace_hardirqs_off+0xb8/0x310 [ 41.759514] ? vprintk_emit+0x1d3/0x930 [ 41.759518] ? trace_hardirqs_on+0x310/0x310 [ 41.759523] ? trace_hardirqs_off+0xb8/0x310 [ 41.759527] ? log_store+0x344/0x4c0 [ 41.759532] ? vprintk_emit+0x322/0x930 [ 41.759536] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.759541] ? down_trylock+0x13/0x70 [ 41.759545] down_trylock+0x13/0x70 [ 41.759550] __down_trylock_console_sem+0xae/0x200 [ 41.759554] console_trylock+0x15/0xa0 [ 41.759559] vprintk_emit+0x322/0x930 [ 41.759563] ? wake_up_klogd+0x180/0x180 [ 41.759568] ? run_rebalance_domains+0x500/0x500 [ 41.759572] ? wake_up_worker+0x117/0x190 [ 41.759577] ? find_held_lock+0x36/0x1c0 [ 41.759581] ? __queue_work+0x6be/0x1440 [ 41.759586] ? lock_acquire+0x1ed/0x520 [ 41.759590] vprintk_default+0x28/0x30 [ 41.759594] vprintk_func+0x7e/0x181 [ 41.759598] printk+0xa7/0xcf [ 41.759603] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 41.759608] ? kasan_check_write+0x14/0x20 [ 41.759613] ? do_raw_spin_lock+0xc1/0x200 [ 41.759617] ? do_raw_spin_lock+0xc1/0x200 [ 41.759621] kasan_report+0x9b/0x110 [ 41.759626] ? __schedule+0xfc3/0x1ed0 [ 41.759631] __asan_report_load8_noabort+0x14/0x20 [ 41.759635] __schedule+0xfc3/0x1ed0 [ 41.759640] ? __sched_text_start+0x8/0x8 [ 41.759644] ? __lock_is_held+0xb5/0x140 [ 41.759649] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.759653] ? find_held_lock+0x36/0x1c0 [ 41.759658] ? __call_srcu+0x7f9/0x1070 [ 41.759663] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.759668] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.759673] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.759678] ? preempt_schedule+0x4d/0x60 [ 41.759683] preempt_schedule_common+0x1f/0xd0 [ 41.759687] preempt_schedule+0x4d/0x60 [ 41.759691] ___preempt_schedule+0x16/0x18 [ 41.759696] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.759701] __call_srcu+0x7f9/0x1070 [ 41.759712] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.759717] ? srcu_offline_cpu+0x120/0x120 [ 41.759722] ? debug_object_free+0x690/0x690 [ 41.759726] ? mark_held_locks+0x130/0x130 [ 41.759731] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 41.759736] ? lock_release+0x970/0x970 [ 41.759740] ? arch_local_save_flags+0x40/0x40 [ 41.759745] ? depot_save_stack+0x292/0x470 [ 41.759750] ? __lockdep_init_map+0x105/0x590 [ 41.759755] ? __init_waitqueue_head+0x9e/0x150 [ 41.759759] ? init_wait_entry+0x1c0/0x1c0 [ 41.759764] __synchronize_srcu+0x17b/0x230 [ 41.759768] ? call_srcu+0x10/0x10 [ 41.759773] ? rcu_unexpedite_gp+0x20/0x20 [ 41.759778] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.759783] ? check_preemption_disabled+0x48/0x200 [ 41.759788] synchronize_srcu+0x356/0x5ab [ 41.759792] ? lock_downgrade+0x900/0x900 [ 41.759797] ? synchronize_srcu_expedited+0x20/0x20 [ 41.759802] ? kasan_check_read+0x11/0x20 [ 41.759807] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.759812] ? kasan_check_write+0x14/0x20 [ 41.759816] ? do_raw_spin_lock+0xc1/0x200 [ 41.759822] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.759827] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.759831] ? kvfree+0x61/0x70 [ 41.759836] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.759841] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.759845] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.759850] ? kvm_arch_sync_events+0x30/0x30 [ 41.759856] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.759861] ? mmu_notifier_unregister+0x474/0x600 [ 41.759879] ? kfree+0x107/0x230 [ 41.759884] ? __mmu_notifier_register+0x30/0x30 [ 41.759888] ? __free_pages+0x10a/0x190 [ 41.759893] ? free_unref_page+0x960/0x960 [ 41.759897] kvm_put_kvm+0x6c8/0xff0 [ 41.759901] ? kvm_write_guest_cached+0x40/0x40 [ 41.759906] ? kvm_irqfd_release+0xd1/0x120 [ 41.759910] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.759915] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.759919] ? kasan_check_write+0x14/0x20 [ 41.759924] ? do_raw_spin_lock+0xc1/0x200 [ 41.759943] ? kvm_irqfd_release+0xdd [ 41.759951] Lost 73 message(s)! [ 42.916471] Shutting down cpus with NMI [ 43.975899] Kernel Offset: disabled [ 43.979519] Rebooting in 86400 seconds..