[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 31.625006] random: sshd: uninitialized urandom read (32 bytes read) [ 31.937636] audit: type=1400 audit(1536580627.718:6): avc: denied { map } for pid=5481 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 31.989989] random: sshd: uninitialized urandom read (32 bytes read) [ 32.621662] random: sshd: uninitialized urandom read (32 bytes read) [ 34.078791] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. [ 39.636255] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 39.774042] audit: type=1400 audit(1536580635.558:7): avc: denied { map } for pid=5495 comm="syz-executor998" path="/root/syz-executor998996877" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 39.777802] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 39.827461] ================================================================== [ 39.837563] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 39.843792] Read of size 8 at addr ffff8801b3568058 by task syz-executor998/5495 [ 39.851314] [ 39.852946] CPU: 0 PID: 5495 Comm: syz-executor998 Not tainted 4.19.0-rc3+ #10 [ 39.860297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.869643] Call Trace: [ 39.872241] dump_stack+0x1c4/0x2b4 [ 39.875871] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.881060] ? printk+0xa7/0xcf [ 39.884338] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 39.889099] print_address_description.cold.8+0x9/0x1ff [ 39.894466] kasan_report.cold.9+0x242/0x309 [ 39.898878] ? __schedule+0xfc3/0x1ed0 [ 39.902769] __asan_report_load8_noabort+0x14/0x20 [ 39.907702] __schedule+0xfc3/0x1ed0 [ 39.911420] ? __sched_text_start+0x8/0x8 [ 39.915572] ? __lock_is_held+0xb5/0x140 [ 39.919630] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.924731] ? find_held_lock+0x36/0x1c0 [ 39.928800] ? __call_srcu+0x7f9/0x1070 [ 39.932778] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.937878] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 39.942982] ? lockdep_hardirqs_on+0x421/0x5c0 [ 39.947569] ? preempt_schedule+0x4d/0x60 [ 39.951726] preempt_schedule_common+0x1f/0xd0 [ 39.956314] preempt_schedule+0x4d/0x60 [ 39.960291] ___preempt_schedule+0x16/0x18 [ 39.964526] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 39.969459] __call_srcu+0x7f9/0x1070 [ 39.973261] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 39.978396] ? srcu_offline_cpu+0x120/0x120 [ 39.982726] ? debug_object_free+0x690/0x690 [ 39.987152] ? mark_held_locks+0x130/0x130 [ 39.991395] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 39.995981] ? lock_release+0x970/0x970 [ 39.999955] ? arch_local_save_flags+0x40/0x40 [ 40.004553] ? depot_save_stack+0x292/0x470 [ 40.008884] ? __lockdep_init_map+0x105/0x590 [ 40.013382] ? __init_waitqueue_head+0x9e/0x150 [ 40.018050] ? init_wait_entry+0x1c0/0x1c0 [ 40.022292] __synchronize_srcu+0x17b/0x230 [ 40.026612] ? call_srcu+0x10/0x10 [ 40.030167] ? rcu_unexpedite_gp+0x20/0x20 [ 40.034418] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 40.039959] ? check_preemption_disabled+0x48/0x200 [ 40.044978] synchronize_srcu+0x356/0x5ab [ 40.049127] ? lock_downgrade+0x900/0x900 [ 40.053272] ? synchronize_srcu_expedited+0x20/0x20 [ 40.058291] ? kasan_check_read+0x11/0x20 [ 40.062443] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.067044] ? kasan_check_write+0x14/0x20 [ 40.071286] ? do_raw_spin_lock+0xc1/0x200 [ 40.075532] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.081248] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 40.086706] ? kvfree+0x61/0x70 [ 40.089996] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.095025] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.099092] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.103504] ? kvm_arch_sync_events+0x30/0x30 [ 40.108013] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.113562] ? mmu_notifier_unregister+0x474/0x600 [ 40.118502] ? kfree+0x107/0x230 [ 40.121870] ? __mmu_notifier_register+0x30/0x30 [ 40.126627] ? __free_pages+0x10a/0x190 [ 40.130597] ? free_unref_page+0x960/0x960 [ 40.134848] kvm_put_kvm+0x6c8/0xff0 [ 40.138566] ? kvm_write_guest_cached+0x40/0x40 [ 40.143234] ? kvm_irqfd_release+0xd1/0x120 [ 40.147560] ? _raw_spin_unlock_irq+0x27/0x80 [ 40.152052] ? _raw_spin_unlock_irq+0x27/0x80 [ 40.156556] ? kasan_check_write+0x14/0x20 [ 40.160792] ? do_raw_spin_lock+0xc1/0x200 [ 40.165027] ? kvm_irqfd_release+0xdd/0x120 [ 40.169345] ? kvm_irqfd_release+0xdd/0x120 [ 40.173669] ? kvm_put_kvm+0xff0/0xff0 [ 40.177826] kvm_vm_release+0x42/0x50 [ 40.181626] __fput+0x385/0xa30 [ 40.184910] ? get_max_files+0x20/0x20 [ 40.188798] ? trace_hardirqs_on+0xbd/0x310 [ 40.193136] ? ___might_sleep+0x1ed/0x300 [ 40.197284] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 40.202737] ? arch_local_save_flags+0x40/0x40 [ 40.207322] ? kasan_check_write+0x14/0x20 [ 40.211557] ? do_raw_spin_lock+0xc1/0x200 [ 40.215791] ____fput+0x15/0x20 [ 40.219075] task_work_run+0x1e8/0x2a0 [ 40.222962] ? task_work_cancel+0x240/0x240 [ 40.227288] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.232836] ? switch_task_namespaces+0x9d/0xd0 [ 40.237519] do_exit+0x1ad7/0x2610 [ 40.241065] ? mm_update_next_owner+0x990/0x990 [ 40.245761] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 40.249997] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.255144] ? kfree+0x1fa/0x230 [ 40.258551] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 40.262796] ? kvm_vcpu_block+0x1030/0x1030 [ 40.267121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.272671] ? avc_has_extended_perms+0xab2/0x15a0 [ 40.277614] ? fpu__prepare_read+0x3b/0x750 [ 40.281945] ? avc_ss_reset+0x190/0x190 [ 40.285923] ? save_stack+0xa9/0xd0 [ 40.289546] ? save_stack+0x43/0xd0 [ 40.293167] ? __kasan_slab_free+0x102/0x150 [ 40.297584] ? kasan_slab_free+0xe/0x10 [ 40.301554] ? putname+0xf2/0x130 [ 40.305004] ? __x64_sys_openat+0x9d/0x100 [ 40.309254] ? do_syscall_64+0x1b9/0x820 [ 40.313315] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.318686] ? ___might_sleep+0x1ed/0x300 [ 40.322832] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 40.327935] ? trace_hardirqs_off+0xb8/0x310 [ 40.332348] ? kvm_vcpu_block+0x1030/0x1030 [ 40.336675] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.342215] ? do_vfs_ioctl+0x201/0x1720 [ 40.346274] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 40.351465] ? ioctl_preallocate+0x300/0x300 [ 40.355874] ? selinux_file_mprotect+0x620/0x620 [ 40.360632] ? path_mountpoint+0x34e/0x2190 [ 40.364953] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.369974] ? kmem_cache_free+0x24f/0x290 [ 40.374220] ? putname+0xf7/0x130 [ 40.377684] do_group_exit+0x177/0x440 [ 40.381577] ? trace_hardirqs_on+0xbd/0x310 [ 40.385906] ? __ia32_sys_exit+0x50/0x50 [ 40.389973] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 40.395518] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.401055] ? ksys_ioctl+0x81/0xd0 [ 40.404686] __x64_sys_exit_group+0x3e/0x50 [ 40.409013] do_syscall_64+0x1b9/0x820 [ 40.412906] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 40.418289] ? syscall_return_slowpath+0x5e0/0x5e0 [ 40.423223] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.428067] ? trace_hardirqs_on_caller+0x310/0x310 [ 40.433088] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 40.438103] ? prepare_exit_to_usermode+0x291/0x3b0 [ 40.443124] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.447974] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.453158] RIP: 0033:0x43ecc8 [ 40.456366] Code: cb f6 ea c0 fb 07 41 89 d8 66 c1 e8 08 c0 f8 02 44 29 c0 8d 04 80 01 c0 29 c1 83 c1 30 88 4e 11 0f b6 4f 05 89 c8 f6 ea 66 c1 08 89 c2 89 c8 c0 fa 02 c0 f8 07 29 c2 8d 14 92 01 d2 29 d1 83 [ 40.475884] RSP: 002b:00007ffd4c7c9b48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 40.483612] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 40.490895] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 40.498163] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 40.505440] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 40.512705] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 40.519981] [ 40.521611] Allocated by task 5495: [ 40.525242] save_stack+0x43/0xd0 [ 40.528691] kasan_kmalloc+0xc7/0xe0 [ 40.532404] kasan_slab_alloc+0x12/0x20 [ 40.536377] kmem_cache_alloc+0x12e/0x730 [ 40.540520] vmx_create_vcpu+0xcf/0x25e0 [ 40.544577] kvm_arch_vcpu_create+0xe5/0x220 [ 40.548979] kvm_vm_ioctl+0x470/0x1d40 [ 40.552868] do_vfs_ioctl+0x1de/0x1720 [ 40.556750] ksys_ioctl+0xa9/0xd0 [ 40.560210] __x64_sys_ioctl+0x73/0xb0 [ 40.564098] do_syscall_64+0x1b9/0x820 [ 40.568014] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.573204] [ 40.574826] Freed by task 5495: [ 40.578106] save_stack+0x43/0xd0 [ 40.581554] __kasan_slab_free+0x102/0x150 [ 40.585783] kasan_slab_free+0xe/0x10 [ 40.589586] kmem_cache_free+0x83/0x290 [ 40.593559] vmx_free_vcpu+0x26b/0x300 [ 40.597443] kvm_arch_destroy_vm+0x365/0x7c0 [ 40.601851] kvm_put_kvm+0x6c8/0xff0 [ 40.605561] kvm_vm_release+0x42/0x50 [ 40.609357] __fput+0x385/0xa30 [ 40.612628] ____fput+0x15/0x20 [ 40.615903] task_work_run+0x1e8/0x2a0 [ 40.619785] do_exit+0x1ad7/0x2610 [ 40.623319] do_group_exit+0x177/0x440 [ 40.627207] __x64_sys_exit_group+0x3e/0x50 [ 40.631529] do_syscall_64+0x1b9/0x820 [ 40.635419] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.640598] [ 40.642225] The buggy address belongs to the object at ffff8801b3568040 [ 40.642225] which belongs to the cache kvm_vcpu of size 23872 [ 40.654792] The buggy address is located 24 bytes inside of [ 40.654792] 23872-byte region [ffff8801b3568040, ffff8801b356dd80) [ 40.666752] The buggy address belongs to the page: [ 40.671689] page:ffffea0006cd5a00 count:1 mapcount:0 mapping:ffff8801d4c87dc0 index:0x0 compound_mapcount: 0 [ 40.681675] flags: 0x2fffc0000008100(slab|head) [ 40.686367] raw: 02fffc0000008100 ffff8801d5fd0248 ffff8801d5fd0248 ffff8801d4c87dc0 [ 40.694262] raw: 0000000000000000 ffff8801b3568040 0000000100000001 0000000000000000 [ 40.702485] page dumped because: kasan: bad access detected [ 40.708201] [ 40.709820] Memory state around the buggy address: [ 40.714747] ffff8801b3567f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.722100] ffff8801b3567f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.729457] >ffff8801b3568000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 40.736805] ^ [ 40.743029] ffff8801b3568080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.750473] ffff8801b3568100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.757822] ================================================================== [ 40.765186] Kernel panic - not syncing: panic_on_warn set ... [ 40.765186] [ 40.772560] CPU: 0 PID: 5495 Comm: syz-executor998 Tainted: G B 4.19.0-rc3+ #10 [ 40.781303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.790662] Call Trace: [ 40.793268] dump_stack+0x1c4/0x2b4 [ 40.796896] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.802091] ? lock_downgrade+0x900/0x900 [ 40.806239] panic+0x238/0x4e7 [ 40.809447] ? add_taint.cold.5+0x16/0x16 [ 40.813599] ? print_shadow_for_address+0xb6/0x116 [ 40.819224] ? trace_hardirqs_off+0xaf/0x310 [ 40.823635] kasan_end_report+0x47/0x4f [ 40.827611] kasan_report.cold.9+0x76/0x309 [ 40.831936] ? __schedule+0xfc3/0x1ed0 [ 40.835827] __asan_report_load8_noabort+0x14/0x20 [ 40.840760] __schedule+0xfc3/0x1ed0 [ 40.844478] ? __sched_text_start+0x8/0x8 [ 40.848630] ? __lock_is_held+0xb5/0x140 [ 40.852689] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.857792] ? find_held_lock+0x36/0x1c0 [ 40.861856] ? __call_srcu+0x7f9/0x1070 [ 40.865830] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.870930] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.876033] ? lockdep_hardirqs_on+0x421/0x5c0 [ 40.880615] ? preempt_schedule+0x4d/0x60 [ 40.884763] preempt_schedule_common+0x1f/0xd0 [ 40.889350] preempt_schedule+0x4d/0x60 [ 40.893329] ___preempt_schedule+0x16/0x18 [ 40.897570] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 40.902501] __call_srcu+0x7f9/0x1070 [ 40.906303] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 40.911408] ? srcu_offline_cpu+0x120/0x120 [ 40.915728] ? debug_object_free+0x690/0x690 [ 40.920136] ? mark_held_locks+0x130/0x130 [ 40.924374] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 40.928957] ? lock_release+0x970/0x970 [ 40.932930] ? arch_local_save_flags+0x40/0x40 [ 40.937515] ? depot_save_stack+0x292/0x470 [ 40.941841] ? __lockdep_init_map+0x105/0x590 [ 40.946337] ? __init_waitqueue_head+0x9e/0x150 [ 40.951004] ? init_wait_entry+0x1c0/0x1c0 [ 40.955248] __synchronize_srcu+0x17b/0x230 [ 40.959569] ? call_srcu+0x10/0x10 [ 40.963105] ? rcu_unexpedite_gp+0x20/0x20 [ 40.967346] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 40.972882] ? check_preemption_disabled+0x48/0x200 [ 40.977906] synchronize_srcu+0x356/0x5ab [ 40.982055] ? lock_downgrade+0x900/0x900 [ 40.986216] ? synchronize_srcu_expedited+0x20/0x20 [ 40.991235] ? kasan_check_read+0x11/0x20 [ 40.995383] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.999968] ? kasan_check_write+0x14/0x20 [ 41.004214] ? do_raw_spin_lock+0xc1/0x200 [ 41.008459] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.014183] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.019652] ? kvfree+0x61/0x70 [ 41.022937] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.027963] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.032039] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.036448] ? kvm_arch_sync_events+0x30/0x30 [ 41.040962] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.046502] ? mmu_notifier_unregister+0x474/0x600 [ 41.051433] ? kfree+0x107/0x230 [ 41.054799] ? __mmu_notifier_register+0x30/0x30 [ 41.059555] ? __free_pages+0x10a/0x190 [ 41.063529] ? free_unref_page+0x960/0x960 [ 41.067775] kvm_put_kvm+0x6c8/0xff0 [ 41.071520] ? kvm_write_guest_cached+0x40/0x40 [ 41.076207] ? kvm_irqfd_release+0xd1/0x120 [ 41.080531] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.085046] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.089552] ? kasan_check_write+0x14/0x20 [ 41.093788] ? do_raw_spin_lock+0xc1/0x200 [ 41.098024] ? kvm_irqfd_release+0xdd/0x120 [ 41.102344] ? kvm_irqfd_release+0xdd/0x120 [ 41.106691] ? kvm_put_kvm+0xff0/0xff0 [ 41.110577] kvm_vm_release+0x42/0x50 [ 41.114380] __fput+0x385/0xa30 [ 41.117659] ? get_max_files+0x20/0x20 [ 41.121892] ? trace_hardirqs_on+0xbd/0x310 [ 41.126204] ? ___might_sleep+0x1ed/0x300 [ 41.130350] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.135797] ? arch_local_save_flags+0x40/0x40 [ 41.140385] ? kasan_check_write+0x14/0x20 [ 41.144624] ? do_raw_spin_lock+0xc1/0x200 [ 41.148858] ____fput+0x15/0x20 [ 41.152142] task_work_run+0x1e8/0x2a0 [ 41.156035] ? task_work_cancel+0x240/0x240 [ 41.160367] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.165903] ? switch_task_namespaces+0x9d/0xd0 [ 41.170588] do_exit+0x1ad7/0x2610 [ 41.174158] ? mm_update_next_owner+0x990/0x990 [ 41.178849] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 41.183087] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.188113] ? kfree+0x1fa/0x230 [ 41.191486] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 41.195718] ? kvm_vcpu_block+0x1030/0x1030 [ 41.200181] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.205721] ? avc_has_extended_perms+0xab2/0x15a0 [ 41.210689] ? fpu__prepare_read+0x3b/0x750 [ 41.215230] ? avc_ss_reset+0x190/0x190 [ 41.219205] ? save_stack+0xa9/0xd0 [ 41.222825] ? save_stack+0x43/0xd0 [ 41.226473] ? __kasan_slab_free+0x102/0x150 [ 41.230878] ? kasan_slab_free+0xe/0x10 [ 41.234856] ? putname+0xf2/0x130 [ 41.238308] ? __x64_sys_openat+0x9d/0x100 [ 41.242546] ? do_syscall_64+0x1b9/0x820 [ 41.246608] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.251973] ? ___might_sleep+0x1ed/0x300 [ 41.256269] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 41.261388] ? trace_hardirqs_off+0xb8/0x310 [ 41.265801] ? kvm_vcpu_block+0x1030/0x1030 [ 41.270123] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.275661] ? do_vfs_ioctl+0x201/0x1720 [ 41.279740] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 41.284980] ? ioctl_preallocate+0x300/0x300 [ 41.289439] ? selinux_file_mprotect+0x620/0x620 [ 41.294204] ? path_mountpoint+0x34e/0x2190 [ 41.298527] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.303547] ? kmem_cache_free+0x24f/0x290 [ 41.307782] ? putname+0xf7/0x130 [ 41.311252] do_group_exit+0x177/0x440 [ 41.315142] ? trace_hardirqs_on+0xbd/0x310 [ 41.319472] ? __ia32_sys_exit+0x50/0x50 [ 41.323531] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.328996] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.334529] ? ksys_ioctl+0x81/0xd0 [ 41.338157] __x64_sys_exit_group+0x3e/0x50 [ 41.342491] do_syscall_64+0x1b9/0x820 [ 41.346386] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.351750] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.356678] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.361523] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.366539] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.371555] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.376579] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.381427] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.386613] RIP: 0033:0x43ecc8 [ 41.389806] Code: cb f6 ea c0 fb 07 41 89 d8 66 c1 e8 08 c0 f8 02 44 29 c0 8d 04 80 01 c0 29 c1 83 c1 30 88 4e 11 0f b6 4f 05 89 c8 f6 ea 66 c1 08 89 c2 89 c8 c0 fa 02 c0 f8 07 29 c2 8d 14 92 01 d2 29 d1 83 [ 41.408712] RSP: 002b:00007ffd4c7c9b48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 41.416426] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 41.423694] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 41.430961] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 41.438233] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 41.445500] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 41.452780] [ 41.452786] ====================================================== [ 41.452792] WARNING: possible circular locking dependency detected [ 41.452796] 4.19.0-rc3+ #10 Not tainted [ 41.452802] ------------------------------------------------------ [ 41.452808] syz-executor998/5495 is trying to acquire lock: [ 41.452812] 00000000710442d8 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 41.452828] [ 41.452833] but task is already holding lock: [ 41.452836] 00000000979a5b29 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 41.452852] [ 41.452857] which lock already depends on the new lock. [ 41.452860] [ 41.452863] [ 41.452868] the existing dependency chain (in reverse order) is: [ 41.452871] [ 41.452873] -> #3 (report_lock){....}: [ 41.452889] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.452894] kasan_report+0x8b/0x110 [ 41.452899] __asan_report_load8_noabort+0x14/0x20 [ 41.452903] __schedule+0xfc3/0x1ed0 [ 41.452908] preempt_schedule_common+0x1f/0xd0 [ 41.452912] preempt_schedule+0x4d/0x60 [ 41.452917] ___preempt_schedule+0x16/0x18 [ 41.452922] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.452926] __call_srcu+0x7f9/0x1070 [ 41.452930] __synchronize_srcu+0x17b/0x230 [ 41.452935] synchronize_srcu+0x356/0x5ab [ 41.452940] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.452945] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.452949] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.452954] kvm_put_kvm+0x6c8/0xff0 [ 41.452958] kvm_vm_release+0x42/0x50 [ 41.452962] __fput+0x385/0xa30 [ 41.452966] ____fput+0x15/0x20 [ 41.452970] task_work_run+0x1e8/0x2a0 [ 41.452974] do_exit+0x1ad7/0x2610 [ 41.452978] do_group_exit+0x177/0x440 [ 41.452983] __x64_sys_exit_group+0x3e/0x50 [ 41.452987] do_syscall_64+0x1b9/0x820 [ 41.452992] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.452995] [ 41.452997] -> #2 (&rq->lock){-.-.}: [ 41.453013] _raw_spin_lock+0x2d/0x40 [ 41.453017] task_fork_fair+0xb0/0x6d0 [ 41.453021] sched_fork+0x443/0xba0 [ 41.453026] copy_process+0x2586/0x8780 [ 41.453030] _do_fork+0x1cb/0x11d0 [ 41.453034] kernel_thread+0x34/0x40 [ 41.453038] rest_init+0x22/0xe5 [ 41.453042] start_kernel+0x8f4/0x92f [ 41.453047] x86_64_start_reservations+0x29/0x2b [ 41.453052] x86_64_start_kernel+0x76/0x79 [ 41.453057] secondary_startup_64+0xa4/0xb0 [ 41.453059] [ 41.453062] -> #1 (&p->pi_lock){-.-.}: [ 41.453078] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.453082] try_to_wake_up+0xd2/0x12f0 [ 41.453087] wake_up_process+0x10/0x20 [ 41.453091] __up.isra.1+0x1c0/0x2a0 [ 41.453094] up+0x13c/0x1c0 [ 41.453099] __up_console_sem+0xbe/0x1b0 [ 41.453103] console_unlock+0x524/0x11a0 [ 41.453108] vprintk_emit+0x33d/0x930 [ 41.453112] vprintk_default+0x28/0x30 [ 41.453116] vprintk_func+0x7e/0x181 [ 41.453120] printk+0xa7/0xcf [ 41.453124] load_umh+0x51/0xbd [ 41.453128] do_one_initcall+0x145/0x957 [ 41.453133] kernel_init_freeable+0x4bb/0x5ae [ 41.453137] kernel_init+0x11/0x1b2 [ 41.453141] ret_from_fork+0x3a/0x50 [ 41.453144] [ 41.453146] -> #0 ((console_sem).lock){-...}: [ 41.453162] lock_acquire+0x1ed/0x520 [ 41.453167] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.453179] down_trylock+0x13/0x70 [ 41.453184] __down_trylock_console_sem+0xae/0x200 [ 41.453188] console_trylock+0x15/0xa0 [ 41.453204] vprintk_emit+0x322/0x930 [ 41.453208] vprintk_default+0x28/0x30 [ 41.453212] vprintk_func+0x7e/0x181 [ 41.453216] printk+0xa7/0xcf [ 41.453220] kasan_report+0x9b/0x110 [ 41.453225] __asan_report_load8_noabort+0x14/0x20 [ 41.453229] __schedule+0xfc3/0x1ed0 [ 41.453234] preempt_schedule_common+0x1f/0xd0 [ 41.453238] preempt_schedule+0x4d/0x60 [ 41.453243] ___preempt_schedule+0x16/0x18 [ 41.453248] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.453252] __call_srcu+0x7f9/0x1070 [ 41.453257] __synchronize_srcu+0x17b/0x230 [ 41.453261] synchronize_srcu+0x356/0x5ab [ 41.453267] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.453271] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.453276] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.453280] kvm_put_kvm+0x6c8/0xff0 [ 41.453284] kvm_vm_release+0x42/0x50 [ 41.453288] __fput+0x385/0xa30 [ 41.453292] ____fput+0x15/0x20 [ 41.453297] task_work_run+0x1e8/0x2a0 [ 41.453301] do_exit+0x1ad7/0x2610 [ 41.453305] do_group_exit+0x177/0x440 [ 41.453310] __x64_sys_exit_group+0x3e/0x50 [ 41.453314] do_syscall_64+0x1b9/0x820 [ 41.453319] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.453321] [ 41.453326] other info that might help us debug this: [ 41.453329] [ 41.453332] Chain exists of: [ 41.453335] (console_sem).lock --> &rq->lock --> report_lock [ 41.453355] [ 41.453359] Possible unsafe locking scenario: [ 41.453362] [ 41.453366] CPU0 CPU1 [ 41.453370] ---- ---- [ 41.453373] lock(report_lock); [ 41.453383] lock(&rq->lock); [ 41.453394] lock(report_lock); [ 41.453402] lock((console_sem).lock); [ 41.453411] [ 41.453415] *** DEADLOCK *** [ 41.453417] [ 41.453422] 2 locks held by syz-executor998/5495: [ 41.453424] #0: 000000009ef664bb (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 41.453443] #1: 00000000979a5b29 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 41.453461] [ 41.453465] stack backtrace: [ 41.453471] CPU: 0 PID: 5495 Comm: syz-executor998 Not tainted 4.19.0-rc3+ #10 [ 41.453479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.453483] Call Trace: [ 41.453487] dump_stack+0x1c4/0x2b4 [ 41.453492] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.453496] ? vprintk_func+0x85/0x181 [ 41.453502] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 41.453506] ? save_trace+0xe0/0x290 [ 41.453510] __lock_acquire+0x33e4/0x4ec0 [ 41.453515] ? mark_held_locks+0x130/0x130 [ 41.453520] ? mark_held_locks+0x130/0x130 [ 41.453524] ? rcu_bh_qs+0xc0/0xc0 [ 41.453528] ? unwind_dump+0x190/0x190 [ 41.453533] ? is_bpf_text_address+0xd3/0x170 [ 41.453537] ? kernel_text_address+0x79/0xf0 [ 41.453542] ? __kernel_text_address+0xd/0x40 [ 41.453546] ? __save_stack_trace+0x8d/0xf0 [ 41.453551] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 41.453556] ? save_trace+0x290/0x290 [ 41.453560] ? save_stack_trace+0x1a/0x20 [ 41.453564] ? save_trace+0xe0/0x290 [ 41.453569] ? kasan_check_read+0x11/0x20 [ 41.453573] ? graph_lock+0x170/0x170 [ 41.453578] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.453582] lock_acquire+0x1ed/0x520 [ 41.453586] ? down_trylock+0x13/0x70 [ 41.453591] ? find_held_lock+0x36/0x1c0 [ 41.453595] ? lock_release+0x970/0x970 [ 41.453600] ? trace_hardirqs_off+0xb8/0x310 [ 41.453604] ? vprintk_emit+0x1d3/0x930 [ 41.453609] ? trace_hardirqs_on+0x310/0x310 [ 41.453613] ? trace_hardirqs_off+0xb8/0x310 [ 41.453617] ? log_store+0x344/0x4c0 [ 41.453622] ? vprintk_emit+0x322/0x930 [ 41.453626] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.453630] ? down_trylock+0x13/0x70 [ 41.453634] down_trylock+0x13/0x70 [ 41.453639] __down_trylock_console_sem+0xae/0x200 [ 41.453643] console_trylock+0x15/0xa0 [ 41.453648] vprintk_emit+0x322/0x930 [ 41.453652] ? wake_up_klogd+0x180/0x180 [ 41.453657] ? run_rebalance_domains+0x500/0x500 [ 41.453661] ? wake_up_worker+0x117/0x190 [ 41.453665] ? find_held_lock+0x36/0x1c0 [ 41.453670] ? __queue_work+0x6be/0x1440 [ 41.453674] ? lock_acquire+0x1ed/0x520 [ 41.453678] vprintk_default+0x28/0x30 [ 41.453683] vprintk_func+0x7e/0x181 [ 41.453686] printk+0xa7/0xcf [ 41.453691] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 41.453696] ? kasan_check_write+0x14/0x20 [ 41.453700] ? do_raw_spin_lock+0xc1/0x200 [ 41.453705] ? do_raw_spin_lock+0xc1/0x200 [ 41.453709] kasan_report+0x9b/0x110 [ 41.453713] ? __schedule+0xfc3/0x1ed0 [ 41.453718] __asan_report_load8_noabort+0x14/0x20 [ 41.453722] __schedule+0xfc3/0x1ed0 [ 41.453727] ? __sched_text_start+0x8/0x8 [ 41.453731] ? __lock_is_held+0xb5/0x140 [ 41.453736] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.453740] ? find_held_lock+0x36/0x1c0 [ 41.453745] ? __call_srcu+0x7f9/0x1070 [ 41.453750] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.453755] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.453759] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.453764] ? preempt_schedule+0x4d/0x60 [ 41.453768] preempt_schedule_common+0x1f/0xd0 [ 41.453773] preempt_schedule+0x4d/0x60 [ 41.453777] ___preempt_schedule+0x16/0x18 [ 41.453782] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.453786] __call_srcu+0x7f9/0x1070 [ 41.453791] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.453796] ? srcu_offline_cpu+0x120/0x120 [ 41.453800] ? debug_object_free+0x690/0x690 [ 41.453805] ? mark_held_locks+0x130/0x130 [ 41.453809] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 41.453814] ? lock_release+0x970/0x970 [ 41.453818] ? arch_local_save_flags+0x40/0x40 [ 41.453823] ? depot_save_stack+0x292/0x470 [ 41.453828] ? __lockdep_init_map+0x105/0x590 [ 41.453832] ? __init_waitqueue_head+0x9e/0x150 [ 41.453837] ? init_wait_entry+0x1c0/0x1c0 [ 41.453841] __synchronize_srcu+0x17b/0x230 [ 41.453845] ? call_srcu+0x10/0x10 [ 41.453850] ? rcu_unexpedite_gp+0x20/0x20 [ 41.453855] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.453860] ? check_preemption_disabled+0x48/0x200 [ 41.453865] synchronize_srcu+0x356/0x5ab [ 41.453869] ? lock_downgrade+0x900/0x900 [ 41.453874] ? synchronize_srcu_expedited+0x20/0x20 [ 41.453879] ? kasan_check_read+0x11/0x20 [ 41.453883] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.453888] ? kasan_check_write+0x14/0x20 [ 41.453892] ? do_raw_spin_lock+0xc1/0x200 [ 41.453898] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.453903] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.453907] ? kvfree+0x61/0x70 [ 41.453912] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.453917] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.453921] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.453926] ? kvm_arch_sync_events+0x30/0x30 [ 41.453931] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.453936] ? mmu_notifier_unregister+0x474/0x600 [ 41.453940] ? kfree+0x107/0x230 [ 41.453945] ? __mmu_notifier_register+0x30/0x30 [ 41.453949] ? __free_pages+0x10a/0x190 [ 41.453954] ? free_unref_page+0x960/0x960 [ 41.453958] kvm_put_kvm+0x6c8/0xff0 [ 41.453962] ? kvm_write_guest_cached+0x40/0x40 [ 41.453967] ? kvm_irqfd_release+0xd1/0x120 [ 41.453971] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.453976] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.453981] ? kasan_check_write+0x14/0x20 [ 41.453985] ? do_raw_spin_lock+0xc1/0x200 [ 41.453989] ? kvm_irqfd_release+0xdd [ 41.453998] Lost 73 message(s)! [ 42.634971] Shutting down cpus with NMI [ 43.692601] Dumping ftrace buffer: [ 43.696130] (ftrace buffer empty) [ 43.700397] Kernel Offset: disabled [ 43.704019] Rebooting in 86400 seconds..