[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.428173] random: sshd: uninitialized urandom read (32 bytes read) [ 34.787380] audit: type=1400 audit(1537508959.313:6): avc: denied { map } for pid=5511 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 34.844770] random: sshd: uninitialized urandom read (32 bytes read) [ 35.458482] random: sshd: uninitialized urandom read (32 bytes read) [ 35.688882] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.106' (ECDSA) to the list of known hosts. [ 41.490814] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 41.620620] audit: type=1400 audit(1537508966.143:7): avc: denied { map } for pid=5525 comm="syz-executor054" path="/root/syz-executor054425961" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 41.624338] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 41.674652] ================================================================== [ 41.684800] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 41.691041] Read of size 8 at addr ffff8801d8668058 by task syz-executor054/5525 [ 41.698565] [ 41.700196] CPU: 0 PID: 5525 Comm: syz-executor054 Not tainted 4.19.0-rc4+ #26 [ 41.707546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.716900] Call Trace: [ 41.719580] dump_stack+0x1c4/0x2b4 [ 41.723211] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.728404] ? printk+0xa7/0xcf [ 41.731683] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 41.736443] print_address_description.cold.8+0x9/0x1ff [ 41.741839] kasan_report.cold.9+0x242/0x309 [ 41.746246] ? __schedule+0xfc3/0x1ed0 [ 41.750138] __asan_report_load8_noabort+0x14/0x20 [ 41.755072] __schedule+0xfc3/0x1ed0 [ 41.758790] ? __sched_text_start+0x8/0x8 [ 41.762995] ? __lock_is_held+0xb5/0x140 [ 41.767073] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.772188] ? find_held_lock+0x36/0x1c0 [ 41.776258] ? __call_srcu+0x7f9/0x1070 [ 41.780235] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.785334] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.790438] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.795028] ? preempt_schedule+0x4d/0x60 [ 41.799175] preempt_schedule_common+0x1f/0xd0 [ 41.803763] preempt_schedule+0x4d/0x60 [ 41.807768] ___preempt_schedule+0x16/0x18 [ 41.812030] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.816966] __call_srcu+0x7f9/0x1070 [ 41.820766] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.825872] ? srcu_offline_cpu+0x120/0x120 [ 41.830198] ? debug_object_free+0x690/0x690 [ 41.834606] ? mark_held_locks+0x130/0x130 [ 41.838840] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 41.843421] ? lock_release+0x970/0x970 [ 41.847399] ? arch_local_save_flags+0x40/0x40 [ 41.851981] ? depot_save_stack+0x292/0x470 [ 41.856312] ? __lockdep_init_map+0x105/0x590 [ 41.860809] ? __init_waitqueue_head+0x9e/0x150 [ 41.865482] ? init_wait_entry+0x1c0/0x1c0 [ 41.869808] __synchronize_srcu+0x17b/0x230 [ 41.874130] ? call_srcu+0x10/0x10 [ 41.877669] ? rcu_unexpedite_gp+0x20/0x20 [ 41.881909] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.887446] ? check_preemption_disabled+0x48/0x200 [ 41.892460] synchronize_srcu+0x356/0x5ab [ 41.896631] ? lock_downgrade+0x900/0x900 [ 41.900776] ? synchronize_srcu_expedited+0x20/0x20 [ 41.905794] ? kasan_check_read+0x11/0x20 [ 41.909945] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.914614] ? kasan_check_write+0x14/0x20 [ 41.918846] ? do_raw_spin_lock+0xc1/0x200 [ 41.923088] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.928801] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.934250] ? kvfree+0x61/0x70 [ 41.937529] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.942571] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.946632] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.951043] ? kvm_arch_sync_events+0x30/0x30 [ 41.955541] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.961102] ? mmu_notifier_unregister+0x474/0x600 [ 41.966036] ? kfree+0x107/0x230 [ 41.969399] ? __mmu_notifier_register+0x30/0x30 [ 41.974158] ? __free_pages+0x10a/0x190 [ 41.978133] ? free_unref_page+0x960/0x960 [ 41.982379] kvm_put_kvm+0x6c8/0xff0 [ 41.986100] ? kvm_write_guest_cached+0x40/0x40 [ 41.990770] ? kvm_irqfd_release+0xd1/0x120 [ 41.995094] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.999586] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.004090] ? kasan_check_write+0x14/0x20 [ 42.008326] ? do_raw_spin_lock+0xc1/0x200 [ 42.012561] ? kvm_irqfd_release+0xdd/0x120 [ 42.016884] ? kvm_irqfd_release+0xdd/0x120 [ 42.021208] ? kvm_put_kvm+0xff0/0xff0 [ 42.025093] kvm_vm_release+0x42/0x50 [ 42.028890] __fput+0x385/0xa30 [ 42.032167] ? get_max_files+0x20/0x20 [ 42.036052] ? trace_hardirqs_on+0xbd/0x310 [ 42.040376] ? ___might_sleep+0x1ed/0x300 [ 42.044523] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.049971] ? arch_local_save_flags+0x40/0x40 [ 42.054558] ? kasan_check_write+0x14/0x20 [ 42.058792] ? do_raw_spin_lock+0xc1/0x200 [ 42.063031] ____fput+0x15/0x20 [ 42.066312] task_work_run+0x1e8/0x2a0 [ 42.070198] ? task_work_cancel+0x240/0x240 [ 42.074541] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.080378] ? switch_task_namespaces+0x9d/0xd0 [ 42.085089] do_exit+0x1ad7/0x2610 [ 42.088640] ? mm_update_next_owner+0x990/0x990 [ 42.093318] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 42.097553] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.102567] ? kfree+0x1fa/0x230 [ 42.105933] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 42.110169] ? kvm_vcpu_block+0x1030/0x1030 [ 42.114491] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.120036] ? avc_has_extended_perms+0xab2/0x15a0 [ 42.124969] ? save_stack_address+0x4b/0x60 [ 42.129291] ? avc_ss_reset+0x190/0x190 [ 42.133268] ? save_stack+0xa9/0xd0 [ 42.136890] ? save_stack+0x43/0xd0 [ 42.140511] ? __kasan_slab_free+0x102/0x150 [ 42.144916] ? kasan_slab_free+0xe/0x10 [ 42.148891] ? putname+0xf2/0x130 [ 42.152344] ? __x64_sys_openat+0x9d/0x100 [ 42.156578] ? do_syscall_64+0x1b9/0x820 [ 42.160639] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.166021] ? ___might_sleep+0x1ed/0x300 [ 42.170173] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 42.175279] ? trace_hardirqs_off+0xb8/0x310 [ 42.179692] ? kvm_vcpu_block+0x1030/0x1030 [ 42.184018] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.189558] ? do_vfs_ioctl+0x201/0x1720 [ 42.193621] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 42.198814] ? ioctl_preallocate+0x300/0x300 [ 42.203228] ? selinux_file_mprotect+0x620/0x620 [ 42.207987] ? path_mountpoint+0x57e/0x2190 [ 42.212323] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.217341] ? kmem_cache_free+0x24f/0x290 [ 42.221600] ? putname+0xf7/0x130 [ 42.225057] do_group_exit+0x177/0x440 [ 42.228945] ? trace_hardirqs_on+0xbd/0x310 [ 42.233265] ? __ia32_sys_exit+0x50/0x50 [ 42.237327] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.242780] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.248313] ? ksys_ioctl+0x81/0xd0 [ 42.251946] __x64_sys_exit_group+0x3e/0x50 [ 42.256269] do_syscall_64+0x1b9/0x820 [ 42.260155] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 42.265523] ? syscall_return_slowpath+0x5e0/0x5e0 [ 42.270455] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.275299] ? trace_hardirqs_on_caller+0x310/0x310 [ 42.280319] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 42.285339] ? prepare_exit_to_usermode+0x291/0x3b0 [ 42.290356] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.295203] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.300386] RIP: 0033:0x43ef08 [ 42.303578] Code: Bad RIP value. [ 42.306933] RSP: 002b:00007ffedee587c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 42.314654] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 42.321918] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 42.329207] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 42.336472] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 42.343740] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 42.351037] [ 42.352660] Allocated by task 5525: [ 42.356289] save_stack+0x43/0xd0 [ 42.359737] kasan_kmalloc+0xc7/0xe0 [ 42.363446] kasan_slab_alloc+0x12/0x20 [ 42.367418] kmem_cache_alloc+0x12e/0x730 [ 42.371560] vmx_create_vcpu+0xcf/0x25e0 [ 42.375618] kvm_arch_vcpu_create+0xe5/0x220 [ 42.380024] kvm_vm_ioctl+0x470/0x1d40 [ 42.383905] do_vfs_ioctl+0x1de/0x1720 [ 42.387791] ksys_ioctl+0xa9/0xd0 [ 42.391242] __x64_sys_ioctl+0x73/0xb0 [ 42.395125] do_syscall_64+0x1b9/0x820 [ 42.399016] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.404189] [ 42.405812] Freed by task 5525: [ 42.409087] save_stack+0x43/0xd0 [ 42.412541] __kasan_slab_free+0x102/0x150 [ 42.416775] kasan_slab_free+0xe/0x10 [ 42.420574] kmem_cache_free+0x83/0x290 [ 42.424545] vmx_free_vcpu+0x26b/0x300 [ 42.428426] kvm_arch_destroy_vm+0x365/0x7c0 [ 42.432838] kvm_put_kvm+0x6c8/0xff0 [ 42.436551] kvm_vm_release+0x42/0x50 [ 42.440344] __fput+0x385/0xa30 [ 42.443619] ____fput+0x15/0x20 [ 42.446895] task_work_run+0x1e8/0x2a0 [ 42.450778] do_exit+0x1ad7/0x2610 [ 42.454315] do_group_exit+0x177/0x440 [ 42.458200] __x64_sys_exit_group+0x3e/0x50 [ 42.462519] do_syscall_64+0x1b9/0x820 [ 42.466407] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.471585] [ 42.473210] The buggy address belongs to the object at ffff8801d8668040 [ 42.473210] which belongs to the cache kvm_vcpu of size 23872 [ 42.485780] The buggy address is located 24 bytes inside of [ 42.485780] 23872-byte region [ffff8801d8668040, ffff8801d866dd80) [ 42.497733] The buggy address belongs to the page: [ 42.502664] page:ffffea0007619a00 count:1 mapcount:0 mapping:ffff8801d78584c0 index:0x0 compound_mapcount: 0 [ 42.512631] flags: 0x2fffc0000008100(slab|head) [ 42.517305] raw: 02fffc0000008100 ffff8801d5419648 ffff8801d5419648 ffff8801d78584c0 [ 42.525184] raw: 0000000000000000 ffff8801d8668040 0000000100000001 0000000000000000 [ 42.533052] page dumped because: kasan: bad access detected [ 42.538748] [ 42.540365] Memory state around the buggy address: [ 42.545291] ffff8801d8667f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.552646] ffff8801d8667f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.560025] >ffff8801d8668000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 42.567376] ^ [ 42.573599] ffff8801d8668080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.580953] ffff8801d8668100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.588302] ================================================================== [ 42.595661] Kernel panic - not syncing: panic_on_warn set ... [ 42.595661] [ 42.603025] CPU: 0 PID: 5525 Comm: syz-executor054 Tainted: G B 4.19.0-rc4+ #26 [ 42.611775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.621125] Call Trace: [ 42.623722] dump_stack+0x1c4/0x2b4 [ 42.627356] ? dump_stack_print_info.cold.2+0x52/0x52 [ 42.632550] ? lock_downgrade+0x900/0x900 [ 42.636702] panic+0x238/0x4e7 [ 42.639894] ? add_taint.cold.5+0x16/0x16 [ 42.644053] ? print_shadow_for_address+0xb6/0x116 [ 42.648977] ? trace_hardirqs_off+0xaf/0x310 [ 42.653392] kasan_end_report+0x47/0x4f [ 42.657365] kasan_report.cold.9+0x76/0x309 [ 42.661688] ? __schedule+0xfc3/0x1ed0 [ 42.665573] __asan_report_load8_noabort+0x14/0x20 [ 42.670538] __schedule+0xfc3/0x1ed0 [ 42.674254] ? __sched_text_start+0x8/0x8 [ 42.678407] ? __lock_is_held+0xb5/0x140 [ 42.682477] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.687601] ? find_held_lock+0x36/0x1c0 [ 42.691661] ? __call_srcu+0x7f9/0x1070 [ 42.695635] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.700734] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.705842] ? lockdep_hardirqs_on+0x421/0x5c0 [ 42.710426] ? preempt_schedule+0x4d/0x60 [ 42.714596] preempt_schedule_common+0x1f/0xd0 [ 42.719190] preempt_schedule+0x4d/0x60 [ 42.723175] ___preempt_schedule+0x16/0x18 [ 42.727414] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.732341] __call_srcu+0x7f9/0x1070 [ 42.736138] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 42.741250] ? srcu_offline_cpu+0x120/0x120 [ 42.745584] ? debug_object_free+0x690/0x690 [ 42.749989] ? mark_held_locks+0x130/0x130 [ 42.754231] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 42.758813] ? lock_release+0x970/0x970 [ 42.762788] ? arch_local_save_flags+0x40/0x40 [ 42.767371] ? depot_save_stack+0x292/0x470 [ 42.771709] ? __lockdep_init_map+0x105/0x590 [ 42.776220] ? __init_waitqueue_head+0x9e/0x150 [ 42.780885] ? init_wait_entry+0x1c0/0x1c0 [ 42.785125] __synchronize_srcu+0x17b/0x230 [ 42.789449] ? call_srcu+0x10/0x10 [ 42.792986] ? rcu_unexpedite_gp+0x20/0x20 [ 42.797234] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.802791] ? check_preemption_disabled+0x48/0x200 [ 42.807818] synchronize_srcu+0x356/0x5ab [ 42.811966] ? lock_downgrade+0x900/0x900 [ 42.816117] ? synchronize_srcu_expedited+0x20/0x20 [ 42.821137] ? kasan_check_read+0x11/0x20 [ 42.825289] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 42.829881] ? kasan_check_write+0x14/0x20 [ 42.834126] ? do_raw_spin_lock+0xc1/0x200 [ 42.838368] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.844077] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 42.849531] ? kvfree+0x61/0x70 [ 42.852822] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.857844] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.861907] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.866318] ? kvm_arch_sync_events+0x30/0x30 [ 42.870814] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.876350] ? mmu_notifier_unregister+0x474/0x600 [ 42.881276] ? kfree+0x107/0x230 [ 42.884640] ? __mmu_notifier_register+0x30/0x30 [ 42.889396] ? __free_pages+0x10a/0x190 [ 42.893366] ? free_unref_page+0x960/0x960 [ 42.897611] kvm_put_kvm+0x6c8/0xff0 [ 42.901330] ? kvm_write_guest_cached+0x40/0x40 [ 42.906259] ? kvm_irqfd_release+0xd1/0x120 [ 42.910581] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.915072] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.919576] ? kasan_check_write+0x14/0x20 [ 42.923811] ? do_raw_spin_lock+0xc1/0x200 [ 42.928050] ? kvm_irqfd_release+0xdd/0x120 [ 42.932367] ? kvm_irqfd_release+0xdd/0x120 [ 42.936692] ? kvm_put_kvm+0xff0/0xff0 [ 42.940579] kvm_vm_release+0x42/0x50 [ 42.944377] __fput+0x385/0xa30 [ 42.947657] ? get_max_files+0x20/0x20 [ 42.951545] ? trace_hardirqs_on+0xbd/0x310 [ 42.955866] ? ___might_sleep+0x1ed/0x300 [ 42.960021] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.965471] ? arch_local_save_flags+0x40/0x40 [ 42.970051] ? kasan_check_write+0x14/0x20 [ 42.974284] ? do_raw_spin_lock+0xc1/0x200 [ 42.978516] ____fput+0x15/0x20 [ 42.981800] task_work_run+0x1e8/0x2a0 [ 42.985689] ? task_work_cancel+0x240/0x240 [ 42.990014] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.995565] ? switch_task_namespaces+0x9d/0xd0 [ 43.000236] do_exit+0x1ad7/0x2610 [ 43.003798] ? mm_update_next_owner+0x990/0x990 [ 43.008471] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 43.012704] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.017719] ? kfree+0x1fa/0x230 [ 43.021089] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 43.025327] ? kvm_vcpu_block+0x1030/0x1030 [ 43.029651] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.035189] ? avc_has_extended_perms+0xab2/0x15a0 [ 43.040124] ? save_stack_address+0x4b/0x60 [ 43.044447] ? avc_ss_reset+0x190/0x190 [ 43.048426] ? save_stack+0xa9/0xd0 [ 43.052052] ? save_stack+0x43/0xd0 [ 43.055672] ? __kasan_slab_free+0x102/0x150 [ 43.060074] ? kasan_slab_free+0xe/0x10 [ 43.064043] ? putname+0xf2/0x130 [ 43.067492] ? __x64_sys_openat+0x9d/0x100 [ 43.071726] ? do_syscall_64+0x1b9/0x820 [ 43.075795] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.081171] ? ___might_sleep+0x1ed/0x300 [ 43.085325] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 43.090427] ? trace_hardirqs_off+0xb8/0x310 [ 43.094845] ? kvm_vcpu_block+0x1030/0x1030 [ 43.099164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.104697] ? do_vfs_ioctl+0x201/0x1720 [ 43.108762] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 43.113954] ? ioctl_preallocate+0x300/0x300 [ 43.118367] ? selinux_file_mprotect+0x620/0x620 [ 43.123143] ? path_mountpoint+0x57e/0x2190 [ 43.127475] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.132493] ? kmem_cache_free+0x24f/0x290 [ 43.136727] ? putname+0xf7/0x130 [ 43.140198] do_group_exit+0x177/0x440 [ 43.144088] ? trace_hardirqs_on+0xbd/0x310 [ 43.148406] ? __ia32_sys_exit+0x50/0x50 [ 43.152469] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 43.157921] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.163459] ? ksys_ioctl+0x81/0xd0 [ 43.167089] __x64_sys_exit_group+0x3e/0x50 [ 43.171411] do_syscall_64+0x1b9/0x820 [ 43.175300] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 43.180662] ? syscall_return_slowpath+0x5e0/0x5e0 [ 43.185594] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.190734] ? trace_hardirqs_on_caller+0x310/0x310 [ 43.195748] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 43.200767] ? prepare_exit_to_usermode+0x291/0x3b0 [ 43.205792] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.210638] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.215825] RIP: 0033:0x43ef08 [ 43.219028] Code: Bad RIP value. [ 43.222387] RSP: 002b:00007ffedee587c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 43.230097] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 43.237359] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 43.244648] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 43.251918] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 43.259196] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 43.266472] [ 43.266478] ====================================================== [ 43.266484] WARNING: possible circular locking dependency detected [ 43.266488] 4.19.0-rc4+ #26 Not tainted [ 43.266494] ------------------------------------------------------ [ 43.266499] syz-executor054/5525 is trying to acquire lock: [ 43.266503] 000000009e03833e ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 43.266520] [ 43.266524] but task is already holding lock: [ 43.266528] 0000000002b158f5 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 43.266544] [ 43.266549] which lock already depends on the new lock. [ 43.266551] [ 43.266554] [ 43.266559] the existing dependency chain (in reverse order) is: [ 43.266562] [ 43.266565] -> #3 (report_lock){....}: [ 43.266581] _raw_spin_lock_irqsave+0x99/0xd0 [ 43.266585] kasan_report+0x8b/0x110 [ 43.266590] __asan_report_load8_noabort+0x14/0x20 [ 43.266594] __schedule+0xfc3/0x1ed0 [ 43.266599] preempt_schedule_common+0x1f/0xd0 [ 43.266604] preempt_schedule+0x4d/0x60 [ 43.266608] ___preempt_schedule+0x16/0x18 [ 43.266613] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 43.266617] __call_srcu+0x7f9/0x1070 [ 43.266622] __synchronize_srcu+0x17b/0x230 [ 43.266626] synchronize_srcu+0x356/0x5ab [ 43.266632] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.266636] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.266641] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.266645] kvm_put_kvm+0x6c8/0xff0 [ 43.266649] kvm_vm_release+0x42/0x50 [ 43.266653] __fput+0x385/0xa30 [ 43.266657] ____fput+0x15/0x20 [ 43.266661] task_work_run+0x1e8/0x2a0 [ 43.266665] do_exit+0x1ad7/0x2610 [ 43.266669] do_group_exit+0x177/0x440 [ 43.266674] __x64_sys_exit_group+0x3e/0x50 [ 43.266678] do_syscall_64+0x1b9/0x820 [ 43.266683] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.266686] [ 43.266688] -> #2 (&rq->lock){-.-.}: [ 43.266704] _raw_spin_lock+0x2d/0x40 [ 43.266708] task_fork_fair+0xb0/0x6d0 [ 43.266712] sched_fork+0x443/0xba0 [ 43.266716] copy_process+0x2586/0x8780 [ 43.266720] _do_fork+0x1cb/0x11d0 [ 43.266725] kernel_thread+0x34/0x40 [ 43.266729] rest_init+0x22/0xe5 [ 43.266733] start_kernel+0x8f4/0x92f [ 43.266738] x86_64_start_reservations+0x29/0x2b [ 43.266742] x86_64_start_kernel+0x76/0x79 [ 43.266746] secondary_startup_64+0xa4/0xb0 [ 43.266749] [ 43.266752] -> #1 (&p->pi_lock){-.-.}: [ 43.266767] _raw_spin_lock_irqsave+0x99/0xd0 [ 43.266772] try_to_wake_up+0xd2/0x12f0 [ 43.266776] wake_up_process+0x10/0x20 [ 43.266780] __up.isra.1+0x1c0/0x2a0 [ 43.266784] up+0x13c/0x1c0 [ 43.266788] __up_console_sem+0xbe/0x1b0 [ 43.266793] console_unlock+0x814/0x1160 [ 43.266797] vprintk_emit+0x33d/0x930 [ 43.266801] vprintk_default+0x28/0x30 [ 43.266805] vprintk_func+0x7e/0x181 [ 43.266809] printk+0xa7/0xcf [ 43.266813] load_umh+0x51/0xbd [ 43.266817] do_one_initcall+0x145/0x957 [ 43.266822] kernel_init_freeable+0x4bb/0x5ae [ 43.266826] kernel_init+0x11/0x1b2 [ 43.266830] ret_from_fork+0x3a/0x50 [ 43.266833] [ 43.266835] -> #0 ((console_sem).lock){-...}: [ 43.266851] lock_acquire+0x1ed/0x520 [ 43.266856] _raw_spin_lock_irqsave+0x99/0xd0 [ 43.266860] down_trylock+0x13/0x70 [ 43.266865] __down_trylock_console_sem+0xae/0x200 [ 43.266869] console_trylock+0x15/0xa0 [ 43.266874] vprintk_emit+0x322/0x930 [ 43.266878] vprintk_default+0x28/0x30 [ 43.266882] vprintk_func+0x7e/0x181 [ 43.266886] printk+0xa7/0xcf [ 43.266890] kasan_report+0x9b/0x110 [ 43.266895] __asan_report_load8_noabort+0x14/0x20 [ 43.266899] __schedule+0xfc3/0x1ed0 [ 43.266904] preempt_schedule_common+0x1f/0xd0 [ 43.266908] preempt_schedule+0x4d/0x60 [ 43.266912] ___preempt_schedule+0x16/0x18 [ 43.266917] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 43.266921] __call_srcu+0x7f9/0x1070 [ 43.266926] __synchronize_srcu+0x17b/0x230 [ 43.266930] synchronize_srcu+0x356/0x5ab [ 43.266936] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.266940] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.266945] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.266949] kvm_put_kvm+0x6c8/0xff0 [ 43.266953] kvm_vm_release+0x42/0x50 [ 43.266957] __fput+0x385/0xa30 [ 43.266961] ____fput+0x15/0x20 [ 43.266965] task_work_run+0x1e8/0x2a0 [ 43.266969] do_exit+0x1ad7/0x2610 [ 43.266973] do_group_exit+0x177/0x440 [ 43.266978] __x64_sys_exit_group+0x3e/0x50 [ 43.266982] do_syscall_64+0x1b9/0x820 [ 43.266987] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.266990] [ 43.266994] other info that might help us debug this: [ 43.266997] [ 43.267000] Chain exists of: [ 43.267009] (console_sem).lock --> &rq->lock --> report_lock [ 43.267029] [ 43.267034] Possible unsafe locking scenario: [ 43.267037] [ 43.267041] CPU0 CPU1 [ 43.267045] ---- ---- [ 43.267048] lock(report_lock); [ 43.267058] lock(&rq->lock); [ 43.267068] lock(report_lock); [ 43.267077] lock((console_sem).lock); [ 43.267086] [ 43.267089] *** DEADLOCK *** [ 43.267092] [ 43.267096] 2 locks held by syz-executor054/5525: [ 43.267099] #0: 00000000cc66dce4 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 43.267117] #1: 0000000002b158f5 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 43.267135] [ 43.267138] stack backtrace: [ 43.267145] CPU: 0 PID: 5525 Comm: syz-executor054 Not tainted 4.19.0-rc4+ #26 [ 43.267152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.267156] Call Trace: [ 43.267160] dump_stack+0x1c4/0x2b4 [ 43.267165] ? dump_stack_print_info.cold.2+0x52/0x52 [ 43.267169] ? vprintk_func+0x85/0x181 [ 43.267174] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 43.267178] ? save_trace+0xe0/0x290 [ 43.267183] __lock_acquire+0x33e4/0x4ec0 [ 43.267187] ? mark_held_locks+0x130/0x130 [ 43.267192] ? mark_held_locks+0x130/0x130 [ 43.267196] ? rcu_bh_qs+0xc0/0xc0 [ 43.267200] ? unwind_dump+0x190/0x190 [ 43.267205] ? is_bpf_text_address+0xd3/0x170 [ 43.267209] ? kernel_text_address+0x79/0xf0 [ 43.267214] ? __kernel_text_address+0xd/0x40 [ 43.267218] ? __save_stack_trace+0x8d/0xf0 [ 43.267223] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 43.267227] ? save_trace+0x290/0x290 [ 43.267232] ? save_stack_trace+0x1a/0x20 [ 43.267236] ? save_trace+0xe0/0x290 [ 43.267240] ? kasan_check_read+0x11/0x20 [ 43.267244] ? graph_lock+0x170/0x170 [ 43.267250] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.267254] lock_acquire+0x1ed/0x520 [ 43.267258] ? down_trylock+0x13/0x70 [ 43.267262] ? find_held_lock+0x36/0x1c0 [ 43.267267] ? lock_release+0x970/0x970 [ 43.267271] ? trace_hardirqs_off+0xb8/0x310 [ 43.267276] ? vprintk_emit+0x1d3/0x930 [ 43.267280] ? trace_hardirqs_on+0x310/0x310 [ 43.267284] ? trace_hardirqs_off+0xb8/0x310 [ 43.267289] ? log_store+0x344/0x4c0 [ 43.267293] ? vprintk_emit+0x322/0x930 [ 43.267297] _raw_spin_lock_irqsave+0x99/0xd0 [ 43.267301] ? down_trylock+0x13/0x70 [ 43.267306] down_trylock+0x13/0x70 [ 43.267310] __down_trylock_console_sem+0xae/0x200 [ 43.267315] console_trylock+0x15/0xa0 [ 43.267319] vprintk_emit+0x322/0x930 [ 43.267323] ? wake_up_klogd+0x180/0x180 [ 43.267328] ? run_rebalance_domains+0x500/0x500 [ 43.267332] ? wake_up_worker+0x117/0x190 [ 43.267336] ? find_held_lock+0x36/0x1c0 [ 43.267341] ? __queue_work+0x6be/0x1440 [ 43.267345] ? lock_acquire+0x1ed/0x520 [ 43.267349] vprintk_default+0x28/0x30 [ 43.267353] vprintk_func+0x7e/0x181 [ 43.267357] printk+0xa7/0xcf [ 43.267362] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 43.267366] ? kasan_check_write+0x14/0x20 [ 43.267370] ? do_raw_spin_lock+0xc1/0x200 [ 43.267375] ? do_raw_spin_lock+0xc1/0x200 [ 43.267379] kasan_report+0x9b/0x110 [ 43.267383] ? __schedule+0xfc3/0x1ed0 [ 43.267388] __asan_report_load8_noabort+0x14/0x20 [ 43.267392] __schedule+0xfc3/0x1ed0 [ 43.267396] ? __sched_text_start+0x8/0x8 [ 43.267400] ? __lock_is_held+0xb5/0x140 [ 43.267405] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.267410] ? find_held_lock+0x36/0x1c0 [ 43.267414] ? __call_srcu+0x7f9/0x1070 [ 43.267419] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.267424] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.267429] ? lockdep_hardirqs_on+0x421/0x5c0 [ 43.267433] ? preempt_schedule+0x4d/0x60 [ 43.267438] preempt_schedule_common+0x1f/0xd0 [ 43.267442] preempt_schedule+0x4d/0x60 [ 43.267446] ___preempt_schedule+0x16/0x18 [ 43.267451] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 43.267455] __call_srcu+0x7f9/0x1070 [ 43.267460] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 43.267465] ? srcu_offline_cpu+0x120/0x120 [ 43.267469] ? debug_object_free+0x690/0x690 [ 43.267474] ? mark_held_locks+0x130/0x130 [ 43.267478] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 43.267482] ? lock_release+0x970/0x970 [ 43.267487] ? arch_local_save_flags+0x40/0x40 [ 43.267491] ? depot_save_stack+0x292/0x470 [ 43.267496] ? __lockdep_init_map+0x105/0x590 [ 43.267501] ? __init_waitqueue_head+0x9e/0x150 [ 43.267505] ? init_wait_entry+0x1c0/0x1c0 [ 43.267510] __synchronize_srcu+0x17b/0x230 [ 43.267514] ? call_srcu+0x10/0x10 [ 43.267519] ? rcu_unexpedite_gp+0x20/0x20 [ 43.267524] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 43.267529] ? check_preemption_disabled+0x48/0x200 [ 43.267533] synchronize_srcu+0x356/0x5ab [ 43.267537] ? lock_downgrade+0x900/0x900 [ 43.267542] ? synchronize_srcu_expedited+0x20/0x20 [ 43.267547] ? kasan_check_read+0x11/0x20 [ 43.267552] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 43.267556] ? kasan_check_write+0x14/0x20 [ 43.267560] ? do_raw_spin_lock+0xc1/0x200 [ 43.267566] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.267571] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 43.267575] ? kvfree+0x61/0x70 [ 43.267580] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.267584] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.267588] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.267593] ? kvm_arch_sync_events+0x30/0x30 [ 43.267598] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.267603] ? mmu_notifier_unregister+0x474/0x600 [ 43.267607] ? kfree+0x107/0x230 [ 43.267612] ? __mmu_notifier_register+0x30/0x30 [ 43.267616] ? __free_pages+0x10a/0x190 [ 43.267621] ? free_unref_page+0x960/0x960 [ 43.267625] kvm_put_kvm+0x6c8/0xff0 [ 43.267629] ? kvm_write_guest_cached+0x40/0x40 [ 43.267634] ? kvm_irqfd_release+0xd1/0x120 [ 43.267638] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.267643] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.267647] ? kasan_check_write+0x14/0x20 [ 43.267652] ? do_raw_spin_lock+0xc1/0x200 [ 43.267656] ? kvm_irqfd_release+0xdd [ 43.267664] Lost 73 message(s)! [ 44.408145] Shutting down cpus with NMI [ 45.467338] Kernel Offset: disabled [ 45.471096] Rebooting in 86400 seconds..