[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.325796] random: sshd: uninitialized urandom read (32 bytes read) [ 34.610467] audit: type=1400 audit(1536744410.964:6): avc: denied { map } for pid=5501 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 34.668142] random: sshd: uninitialized urandom read (32 bytes read) [ 35.343176] random: sshd: uninitialized urandom read (32 bytes read) [ 35.578331] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts. [ 41.311312] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 41.447374] audit: type=1400 audit(1536744417.804:7): avc: denied { map } for pid=5516 comm="syz-executor439" path="/root/syz-executor439413967" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 41.451199] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 41.501203] ================================================================== [ 41.511193] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 41.517419] Read of size 8 at addr ffff8801bc970058 by task syz-executor439/5516 [ 41.524941] [ 41.526580] CPU: 1 PID: 5516 Comm: syz-executor439 Not tainted 4.19.0-rc3+ #11 [ 41.533932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.543281] Call Trace: [ 41.545876] dump_stack+0x1c4/0x2b4 [ 41.549505] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.554696] ? printk+0xa7/0xcf [ 41.557979] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 41.562739] print_address_description.cold.8+0x9/0x1ff [ 41.568108] kasan_report.cold.9+0x242/0x309 [ 41.572531] ? __schedule+0xfc3/0x1ed0 [ 41.576431] __asan_report_load8_noabort+0x14/0x20 [ 41.581370] __schedule+0xfc3/0x1ed0 [ 41.585103] ? __sched_text_start+0x8/0x8 [ 41.589732] ? __lock_is_held+0xb5/0x140 [ 41.593790] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.598899] ? find_held_lock+0x36/0x1c0 [ 41.602958] ? __call_srcu+0x7f9/0x1070 [ 41.606942] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.612050] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.617182] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.621762] ? preempt_schedule+0x4d/0x60 [ 41.625936] preempt_schedule_common+0x1f/0xd0 [ 41.630527] preempt_schedule+0x4d/0x60 [ 41.634505] ___preempt_schedule+0x16/0x18 [ 41.638746] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.643703] __call_srcu+0x7f9/0x1070 [ 41.647524] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.652632] ? srcu_offline_cpu+0x120/0x120 [ 41.656967] ? debug_object_free+0x690/0x690 [ 41.661373] ? mark_held_locks+0x130/0x130 [ 41.665610] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 41.670192] ? lock_release+0x970/0x970 [ 41.674172] ? arch_local_save_flags+0x40/0x40 [ 41.678755] ? depot_save_stack+0x292/0x470 [ 41.683091] ? __lockdep_init_map+0x105/0x590 [ 41.687592] ? __init_waitqueue_head+0x9e/0x150 [ 41.692261] ? init_wait_entry+0x1c0/0x1c0 [ 41.696501] __synchronize_srcu+0x17b/0x230 [ 41.700831] ? call_srcu+0x10/0x10 [ 41.704381] ? rcu_unexpedite_gp+0x20/0x20 [ 41.708619] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.714155] ? check_preemption_disabled+0x48/0x200 [ 41.719178] synchronize_srcu+0x356/0x5ab [ 41.723326] ? lock_downgrade+0x900/0x900 [ 41.727477] ? synchronize_srcu_expedited+0x20/0x20 [ 41.732496] ? kasan_check_read+0x11/0x20 [ 41.736645] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.741228] ? kasan_check_write+0x14/0x20 [ 41.745466] ? do_raw_spin_lock+0xc1/0x200 [ 41.749706] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.755443] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.760901] ? kvfree+0x61/0x70 [ 41.764186] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.769222] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.773296] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.777718] ? kvm_arch_sync_events+0x30/0x30 [ 41.782215] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.787762] ? mmu_notifier_unregister+0x474/0x600 [ 41.792687] ? kfree+0x107/0x230 [ 41.796078] ? __mmu_notifier_register+0x30/0x30 [ 41.800841] ? __free_pages+0x10a/0x190 [ 41.804813] ? free_unref_page+0x960/0x960 [ 41.809098] kvm_put_kvm+0x6c8/0xff0 [ 41.812819] ? kvm_write_guest_cached+0x40/0x40 [ 41.817497] ? kvm_irqfd_release+0xd1/0x120 [ 41.821826] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.826318] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.830828] ? kasan_check_write+0x14/0x20 [ 41.835071] ? do_raw_spin_lock+0xc1/0x200 [ 41.839309] ? kvm_irqfd_release+0xdd/0x120 [ 41.843630] ? kvm_irqfd_release+0xdd/0x120 [ 41.847956] ? kvm_put_kvm+0xff0/0xff0 [ 41.851843] kvm_vm_release+0x42/0x50 [ 41.855646] __fput+0x385/0xa30 [ 41.858927] ? get_max_files+0x20/0x20 [ 41.862839] ? trace_hardirqs_on+0xbd/0x310 [ 41.867164] ? ___might_sleep+0x1ed/0x300 [ 41.871309] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.876769] ? arch_local_save_flags+0x40/0x40 [ 41.881373] ? kasan_check_write+0x14/0x20 [ 41.885610] ? do_raw_spin_lock+0xc1/0x200 [ 41.889848] ____fput+0x15/0x20 [ 41.893133] task_work_run+0x1e8/0x2a0 [ 41.897024] ? task_work_cancel+0x240/0x240 [ 41.901347] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.906906] ? switch_task_namespaces+0x9d/0xd0 [ 41.911580] do_exit+0x1ad7/0x2610 [ 41.915127] ? mm_update_next_owner+0x990/0x990 [ 41.919807] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 41.924051] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.929084] ? kfree+0x1fa/0x230 [ 41.932461] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 41.936702] ? kvm_vcpu_block+0x1030/0x1030 [ 41.941029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.946577] ? avc_has_extended_perms+0xab2/0x15a0 [ 41.951510] ? fpu__prepare_read+0x3b/0x750 [ 41.955850] ? avc_ss_reset+0x190/0x190 [ 41.959837] ? save_stack+0xa9/0xd0 [ 41.963460] ? save_stack+0x43/0xd0 [ 41.967091] ? __kasan_slab_free+0x102/0x150 [ 41.971498] ? kasan_slab_free+0xe/0x10 [ 41.975468] ? putname+0xf2/0x130 [ 41.978918] ? __x64_sys_openat+0x9d/0x100 [ 41.983150] ? do_syscall_64+0x1b9/0x820 [ 41.987211] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.992583] ? ___might_sleep+0x1ed/0x300 [ 41.996734] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 42.001844] ? trace_hardirqs_off+0xb8/0x310 [ 42.006256] ? kvm_vcpu_block+0x1030/0x1030 [ 42.010580] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.016116] ? do_vfs_ioctl+0x201/0x1720 [ 42.020174] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 42.025372] ? ioctl_preallocate+0x300/0x300 [ 42.029791] ? selinux_file_mprotect+0x620/0x620 [ 42.034552] ? path_mountpoint+0x34e/0x2190 [ 42.038880] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.043899] ? kmem_cache_free+0x24f/0x290 [ 42.048138] ? putname+0xf7/0x130 [ 42.051619] do_group_exit+0x177/0x440 [ 42.055510] ? trace_hardirqs_on+0xbd/0x310 [ 42.059846] ? __ia32_sys_exit+0x50/0x50 [ 42.063914] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.069365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.074903] ? ksys_ioctl+0x81/0xd0 [ 42.078535] __x64_sys_exit_group+0x3e/0x50 [ 42.082863] do_syscall_64+0x1b9/0x820 [ 42.086753] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 42.092120] ? syscall_return_slowpath+0x5e0/0x5e0 [ 42.097079] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.101928] ? trace_hardirqs_on_caller+0x310/0x310 [ 42.106968] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 42.112010] ? prepare_exit_to_usermode+0x291/0x3b0 [ 42.117030] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.121880] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.127073] RIP: 0033:0x43ed58 [ 42.130271] Code: Bad RIP value. [ 42.133629] RSP: 002b:00007ffcf0b59b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 42.141341] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed58 [ 42.148609] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 42.155880] RBP: 00000000004be608 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 42.163150] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 42.170418] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 42.177695] [ 42.179320] Allocated by task 5516: [ 42.182948] save_stack+0x43/0xd0 [ 42.186407] kasan_kmalloc+0xc7/0xe0 [ 42.190117] kasan_slab_alloc+0x12/0x20 [ 42.194096] kmem_cache_alloc+0x12e/0x730 [ 42.198252] vmx_create_vcpu+0xcf/0x25e0 [ 42.202312] kvm_arch_vcpu_create+0xe5/0x220 [ 42.206720] kvm_vm_ioctl+0x470/0x1d40 [ 42.210605] do_vfs_ioctl+0x1de/0x1720 [ 42.214486] ksys_ioctl+0xa9/0xd0 [ 42.217942] __x64_sys_ioctl+0x73/0xb0 [ 42.221842] do_syscall_64+0x1b9/0x820 [ 42.225741] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.230916] [ 42.232537] Freed by task 5516: [ 42.235849] save_stack+0x43/0xd0 [ 42.239315] __kasan_slab_free+0x102/0x150 [ 42.243546] kasan_slab_free+0xe/0x10 [ 42.247353] kmem_cache_free+0x83/0x290 [ 42.251324] vmx_free_vcpu+0x26b/0x300 [ 42.255212] kvm_arch_destroy_vm+0x365/0x7c0 [ 42.259617] kvm_put_kvm+0x6c8/0xff0 [ 42.263332] kvm_vm_release+0x42/0x50 [ 42.267130] __fput+0x385/0xa30 [ 42.270404] ____fput+0x15/0x20 [ 42.273693] task_work_run+0x1e8/0x2a0 [ 42.277582] do_exit+0x1ad7/0x2610 [ 42.281116] do_group_exit+0x177/0x440 [ 42.284998] __x64_sys_exit_group+0x3e/0x50 [ 42.289321] do_syscall_64+0x1b9/0x820 [ 42.293208] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.298382] [ 42.300008] The buggy address belongs to the object at ffff8801bc970040 [ 42.300008] which belongs to the cache kvm_vcpu of size 23872 [ 42.312588] The buggy address is located 24 bytes inside of [ 42.312588] 23872-byte region [ffff8801bc970040, ffff8801bc975d80) [ 42.324552] The buggy address belongs to the page: [ 42.329483] page:ffffea0006f25c00 count:1 mapcount:0 mapping:ffff8801d54e0600 index:0x0 compound_mapcount: 0 [ 42.339457] flags: 0x2fffc0000008100(slab|head) [ 42.344132] raw: 02fffc0000008100 ffff8801d54e8e48 ffff8801d54e8e48 ffff8801d54e0600 [ 42.352017] raw: 0000000000000000 ffff8801bc970040 0000000100000001 0000000000000000 [ 42.359888] page dumped because: kasan: bad access detected [ 42.365587] [ 42.367207] Memory state around the buggy address: [ 42.372137] ffff8801bc96ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.379499] ffff8801bc96ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.386859] >ffff8801bc970000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 42.394210] ^ [ 42.400443] ffff8801bc970080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.407805] ffff8801bc970100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.415162] ================================================================== [ 42.422516] Kernel panic - not syncing: panic_on_warn set ... [ 42.422516] [ 42.429883] CPU: 1 PID: 5516 Comm: syz-executor439 Tainted: G B 4.19.0-rc3+ #11 [ 42.438629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.447975] Call Trace: [ 42.450567] dump_stack+0x1c4/0x2b4 [ 42.454196] ? dump_stack_print_info.cold.2+0x52/0x52 [ 42.459386] ? lock_downgrade+0x900/0x900 [ 42.463536] panic+0x238/0x4e7 [ 42.466729] ? add_taint.cold.5+0x16/0x16 [ 42.470879] ? print_shadow_for_address+0xb6/0x116 [ 42.475828] ? trace_hardirqs_off+0xaf/0x310 [ 42.480244] kasan_end_report+0x47/0x4f [ 42.484218] kasan_report.cold.9+0x76/0x309 [ 42.488538] ? __schedule+0xfc3/0x1ed0 [ 42.492430] __asan_report_load8_noabort+0x14/0x20 [ 42.497361] __schedule+0xfc3/0x1ed0 [ 42.501085] ? __sched_text_start+0x8/0x8 [ 42.505241] ? __lock_is_held+0xb5/0x140 [ 42.509300] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.514422] ? find_held_lock+0x36/0x1c0 [ 42.518489] ? __call_srcu+0x7f9/0x1070 [ 42.522475] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.527577] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.532678] ? lockdep_hardirqs_on+0x421/0x5c0 [ 42.537260] ? preempt_schedule+0x4d/0x60 [ 42.541411] preempt_schedule_common+0x1f/0xd0 [ 42.545994] preempt_schedule+0x4d/0x60 [ 42.549968] ___preempt_schedule+0x16/0x18 [ 42.554218] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.559160] __call_srcu+0x7f9/0x1070 [ 42.562963] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 42.568087] ? srcu_offline_cpu+0x120/0x120 [ 42.572412] ? debug_object_free+0x690/0x690 [ 42.576819] ? mark_held_locks+0x130/0x130 [ 42.581069] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 42.586158] ? lock_release+0x970/0x970 [ 42.590139] ? arch_local_save_flags+0x40/0x40 [ 42.594716] ? depot_save_stack+0x292/0x470 [ 42.599040] ? __lockdep_init_map+0x105/0x590 [ 42.603549] ? __init_waitqueue_head+0x9e/0x150 [ 42.608218] ? init_wait_entry+0x1c0/0x1c0 [ 42.612457] __synchronize_srcu+0x17b/0x230 [ 42.616775] ? call_srcu+0x10/0x10 [ 42.620314] ? rcu_unexpedite_gp+0x20/0x20 [ 42.624561] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.630098] ? check_preemption_disabled+0x48/0x200 [ 42.635118] synchronize_srcu+0x356/0x5ab [ 42.639286] ? lock_downgrade+0x900/0x900 [ 42.643438] ? synchronize_srcu_expedited+0x20/0x20 [ 42.648457] ? kasan_check_read+0x11/0x20 [ 42.652608] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 42.657193] ? kasan_check_write+0x14/0x20 [ 42.661431] ? do_raw_spin_lock+0xc1/0x200 [ 42.665670] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.671386] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 42.676843] ? kvfree+0x61/0x70 [ 42.680124] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.685144] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.689209] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.693620] ? kvm_arch_sync_events+0x30/0x30 [ 42.698118] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.703653] ? mmu_notifier_unregister+0x474/0x600 [ 42.708580] ? kfree+0x107/0x230 [ 42.711945] ? __mmu_notifier_register+0x30/0x30 [ 42.716701] ? __free_pages+0x10a/0x190 [ 42.720675] ? free_unref_page+0x960/0x960 [ 42.724923] kvm_put_kvm+0x6c8/0xff0 [ 42.728640] ? kvm_write_guest_cached+0x40/0x40 [ 42.733313] ? kvm_irqfd_release+0xd1/0x120 [ 42.737641] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.742133] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.746640] ? kasan_check_write+0x14/0x20 [ 42.750876] ? do_raw_spin_lock+0xc1/0x200 [ 42.755133] ? kvm_irqfd_release+0xdd/0x120 [ 42.759466] ? kvm_irqfd_release+0xdd/0x120 [ 42.763790] ? kvm_put_kvm+0xff0/0xff0 [ 42.767685] kvm_vm_release+0x42/0x50 [ 42.771483] __fput+0x385/0xa30 [ 42.774763] ? get_max_files+0x20/0x20 [ 42.778647] ? trace_hardirqs_on+0xbd/0x310 [ 42.782973] ? ___might_sleep+0x1ed/0x300 [ 42.787134] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.792592] ? arch_local_save_flags+0x40/0x40 [ 42.797182] ? kasan_check_write+0x14/0x20 [ 42.801417] ? do_raw_spin_lock+0xc1/0x200 [ 42.805675] ____fput+0x15/0x20 [ 42.808960] task_work_run+0x1e8/0x2a0 [ 42.812857] ? task_work_cancel+0x240/0x240 [ 42.817183] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.822724] ? switch_task_namespaces+0x9d/0xd0 [ 42.827397] do_exit+0x1ad7/0x2610 [ 42.830953] ? mm_update_next_owner+0x990/0x990 [ 42.835645] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 42.839881] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.844910] ? kfree+0x1fa/0x230 [ 42.848281] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 42.852514] ? kvm_vcpu_block+0x1030/0x1030 [ 42.856846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.862385] ? avc_has_extended_perms+0xab2/0x15a0 [ 42.867319] ? fpu__prepare_read+0x3b/0x750 [ 42.871638] ? avc_ss_reset+0x190/0x190 [ 42.875618] ? save_stack+0xa9/0xd0 [ 42.879243] ? save_stack+0x43/0xd0 [ 42.882868] ? __kasan_slab_free+0x102/0x150 [ 42.887275] ? kasan_slab_free+0xe/0x10 [ 42.891244] ? putname+0xf2/0x130 [ 42.894696] ? __x64_sys_openat+0x9d/0x100 [ 42.898930] ? do_syscall_64+0x1b9/0x820 [ 42.902987] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.908355] ? ___might_sleep+0x1ed/0x300 [ 42.912506] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 42.917609] ? trace_hardirqs_off+0xb8/0x310 [ 42.922023] ? kvm_vcpu_block+0x1030/0x1030 [ 42.926346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.931882] ? do_vfs_ioctl+0x201/0x1720 [ 42.935942] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 42.941146] ? ioctl_preallocate+0x300/0x300 [ 42.945558] ? selinux_file_mprotect+0x620/0x620 [ 42.950311] ? path_mountpoint+0x34e/0x2190 [ 42.954637] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.959652] ? kmem_cache_free+0x24f/0x290 [ 42.963889] ? putname+0xf7/0x130 [ 42.967347] do_group_exit+0x177/0x440 [ 42.971236] ? trace_hardirqs_on+0xbd/0x310 [ 42.975557] ? __ia32_sys_exit+0x50/0x50 [ 42.979620] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.985078] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.990613] ? ksys_ioctl+0x81/0xd0 [ 42.994240] __x64_sys_exit_group+0x3e/0x50 [ 42.998563] do_syscall_64+0x1b9/0x820 [ 43.002449] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 43.007814] ? syscall_return_slowpath+0x5e0/0x5e0 [ 43.012748] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.017603] ? trace_hardirqs_on_caller+0x310/0x310 [ 43.022620] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 43.027639] ? prepare_exit_to_usermode+0x291/0x3b0 [ 43.032658] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.037514] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.042711] RIP: 0033:0x43ed58 [ 43.045905] Code: Bad RIP value. [ 43.049262] RSP: 002b:00007ffcf0b59b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 43.056965] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed58 [ 43.064245] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 43.071511] RBP: 00000000004be608 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 43.078777] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 43.086041] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 43.093324] [ 43.093331] ====================================================== [ 43.093336] WARNING: possible circular locking dependency detected [ 43.093340] 4.19.0-rc3+ #11 Not tainted [ 43.093346] ------------------------------------------------------ [ 43.093351] syz-executor439/5516 is trying to acquire lock: [ 43.093354] 00000000a1239022 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 43.093383] [ 43.093387] but task is already holding lock: [ 43.093390] 00000000403a5a69 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 43.093406] [ 43.093411] which lock already depends on the new lock. [ 43.093413] [ 43.093416] [ 43.093421] the existing dependency chain (in reverse order) is: [ 43.093424] [ 43.093426] -> #3 (report_lock){....}: [ 43.093442] _raw_spin_lock_irqsave+0x99/0xd0 [ 43.093446] kasan_report+0x8b/0x110 [ 43.093451] __asan_report_load8_noabort+0x14/0x20 [ 43.093456] __schedule+0xfc3/0x1ed0 [ 43.093460] preempt_schedule_common+0x1f/0xd0 [ 43.093464] preempt_schedule+0x4d/0x60 [ 43.093469] ___preempt_schedule+0x16/0x18 [ 43.093474] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 43.093478] __call_srcu+0x7f9/0x1070 [ 43.093482] __synchronize_srcu+0x17b/0x230 [ 43.093487] synchronize_srcu+0x356/0x5ab [ 43.093492] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.093496] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.093501] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.093505] kvm_put_kvm+0x6c8/0xff0 [ 43.093509] kvm_vm_release+0x42/0x50 [ 43.093513] __fput+0x385/0xa30 [ 43.093517] ____fput+0x15/0x20 [ 43.093521] task_work_run+0x1e8/0x2a0 [ 43.093525] do_exit+0x1ad7/0x2610 [ 43.093529] do_group_exit+0x177/0x440 [ 43.093534] __x64_sys_exit_group+0x3e/0x50 [ 43.093538] do_syscall_64+0x1b9/0x820 [ 43.093543] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.093545] [ 43.093548] -> #2 (&rq->lock){-.-.}: [ 43.093563] _raw_spin_lock+0x2d/0x40 [ 43.093567] task_fork_fair+0xb0/0x6d0 [ 43.093571] sched_fork+0x443/0xba0 [ 43.093576] copy_process+0x2586/0x8780 [ 43.093580] _do_fork+0x1cb/0x11d0 [ 43.093584] kernel_thread+0x34/0x40 [ 43.093588] rest_init+0x22/0xe5 [ 43.093592] start_kernel+0x8f4/0x92f [ 43.093596] x86_64_start_reservations+0x29/0x2b [ 43.093601] x86_64_start_kernel+0x76/0x79 [ 43.093605] secondary_startup_64+0xa4/0xb0 [ 43.093608] [ 43.093610] -> #1 (&p->pi_lock){-.-.}: [ 43.093626] _raw_spin_lock_irqsave+0x99/0xd0 [ 43.093630] try_to_wake_up+0xd2/0x12f0 [ 43.093634] wake_up_process+0x10/0x20 [ 43.093639] __up.isra.1+0x1c0/0x2a0 [ 43.093642] up+0x13c/0x1c0 [ 43.093647] __up_console_sem+0xbe/0x1b0 [ 43.093651] console_unlock+0x524/0x11a0 [ 43.093655] vprintk_emit+0x33d/0x930 [ 43.093660] vprintk_default+0x28/0x30 [ 43.093664] vprintk_func+0x7e/0x181 [ 43.093667] printk+0xa7/0xcf [ 43.093671] load_umh+0x51/0xbd [ 43.093676] do_one_initcall+0x145/0x957 [ 43.093680] kernel_init_freeable+0x4bb/0x5ae [ 43.093684] kernel_init+0x11/0x1b2 [ 43.093688] ret_from_fork+0x3a/0x50 [ 43.093691] [ 43.093693] -> #0 ((console_sem).lock){-...}: [ 43.093709] lock_acquire+0x1ed/0x520 [ 43.093714] _raw_spin_lock_irqsave+0x99/0xd0 [ 43.093718] down_trylock+0x13/0x70 [ 43.093722] __down_trylock_console_sem+0xae/0x200 [ 43.093727] console_trylock+0x15/0xa0 [ 43.093731] vprintk_emit+0x322/0x930 [ 43.093735] vprintk_default+0x28/0x30 [ 43.093739] vprintk_func+0x7e/0x181 [ 43.093743] printk+0xa7/0xcf [ 43.093747] kasan_report+0x9b/0x110 [ 43.093752] __asan_report_load8_noabort+0x14/0x20 [ 43.093756] __schedule+0xfc3/0x1ed0 [ 43.093760] preempt_schedule_common+0x1f/0xd0 [ 43.093765] preempt_schedule+0x4d/0x60 [ 43.093769] ___preempt_schedule+0x16/0x18 [ 43.093774] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 43.093778] __call_srcu+0x7f9/0x1070 [ 43.093782] __synchronize_srcu+0x17b/0x230 [ 43.093787] synchronize_srcu+0x356/0x5ab [ 43.093792] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.093797] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.093801] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.093805] kvm_put_kvm+0x6c8/0xff0 [ 43.093809] kvm_vm_release+0x42/0x50 [ 43.093813] __fput+0x385/0xa30 [ 43.093817] ____fput+0x15/0x20 [ 43.093827] task_work_run+0x1e8/0x2a0 [ 43.093831] do_exit+0x1ad7/0x2610 [ 43.093835] do_group_exit+0x177/0x440 [ 43.093840] __x64_sys_exit_group+0x3e/0x50 [ 43.093844] do_syscall_64+0x1b9/0x820 [ 43.093849] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.093852] [ 43.093856] other info that might help us debug this: [ 43.093859] [ 43.093862] Chain exists of: [ 43.093864] (console_sem).lock --> &rq->lock --> report_lock [ 43.093884] [ 43.093889] Possible unsafe locking scenario: [ 43.093891] [ 43.093896] CPU0 CPU1 [ 43.093900] ---- ---- [ 43.093902] lock(report_lock); [ 43.093912] lock(&rq->lock); [ 43.093923] lock(report_lock); [ 43.093945] lock((console_sem).lock); [ 43.093953] [ 43.093968] *** DEADLOCK *** [ 43.093971] [ 43.093975] 2 locks held by syz-executor439/5516: [ 43.093978] #0: 0000000073be60c1 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 43.093996] #1: 00000000403a5a69 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 43.094027] [ 43.094031] stack backtrace: [ 43.094037] CPU: 1 PID: 5516 Comm: syz-executor439 Not tainted 4.19.0-rc3+ #11 [ 43.094066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.094069] Call Trace: [ 43.094074] dump_stack+0x1c4/0x2b4 [ 43.094079] ? dump_stack_print_info.cold.2+0x52/0x52 [ 43.094083] ? vprintk_func+0x85/0x181 [ 43.094088] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 43.094092] ? save_trace+0xe0/0x290 [ 43.094097] __lock_acquire+0x33e4/0x4ec0 [ 43.094101] ? mark_held_locks+0x130/0x130 [ 43.094106] ? mark_held_locks+0x130/0x130 [ 43.094110] ? rcu_bh_qs+0xc0/0xc0 [ 43.094114] ? unwind_dump+0x190/0x190 [ 43.094119] ? is_bpf_text_address+0xd3/0x170 [ 43.094123] ? kernel_text_address+0x79/0xf0 [ 43.094128] ? __kernel_text_address+0xd/0x40 [ 43.094133] ? __save_stack_trace+0x8d/0xf0 [ 43.094138] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 43.094142] ? save_trace+0x290/0x290 [ 43.094146] ? save_stack_trace+0x1a/0x20 [ 43.094150] ? save_trace+0xe0/0x290 [ 43.094155] ? kasan_check_read+0x11/0x20 [ 43.094159] ? graph_lock+0x170/0x170 [ 43.094164] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.094169] lock_acquire+0x1ed/0x520 [ 43.094173] ? down_trylock+0x13/0x70 [ 43.094177] ? find_held_lock+0x36/0x1c0 [ 43.094182] ? lock_release+0x970/0x970 [ 43.094186] ? trace_hardirqs_off+0xb8/0x310 [ 43.094191] ? vprintk_emit+0x1d3/0x930 [ 43.094195] ? trace_hardirqs_on+0x310/0x310 [ 43.094200] ? trace_hardirqs_off+0xb8/0x310 [ 43.094204] ? log_store+0x344/0x4c0 [ 43.094208] ? vprintk_emit+0x322/0x930 [ 43.094213] _raw_spin_lock_irqsave+0x99/0xd0 [ 43.094217] ? down_trylock+0x13/0x70 [ 43.094221] down_trylock+0x13/0x70 [ 43.094226] __down_trylock_console_sem+0xae/0x200 [ 43.094230] console_trylock+0x15/0xa0 [ 43.094247] vprintk_emit+0x322/0x930 [ 43.094251] ? wake_up_klogd+0x180/0x180 [ 43.094256] ? run_rebalance_domains+0x500/0x500 [ 43.094260] ? wake_up_worker+0x117/0x190 [ 43.094264] ? find_held_lock+0x36/0x1c0 [ 43.094269] ? __queue_work+0x6be/0x1440 [ 43.094273] ? lock_acquire+0x1ed/0x520 [ 43.094277] vprintk_default+0x28/0x30 [ 43.094281] vprintk_func+0x7e/0x181 [ 43.094285] printk+0xa7/0xcf [ 43.094289] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 43.094293] ? kasan_check_write+0x14/0x20 [ 43.094310] ? do_raw_spin_lock+0xc1/0x200 [ 43.094314] ? do_raw_spin_lock+0xc1/0x200 [ 43.094319] kasan_report+0x9b/0x110 [ 43.094322] ? __schedule+0xfc3/0x1ed0 [ 43.094328] __asan_report_load8_noabort+0x14/0x20 [ 43.094345] __schedule+0xfc3/0x1ed0 [ 43.094350] ? __sched_text_start+0x8/0x8 [ 43.094354] ? __lock_is_held+0xb5/0x140 [ 43.094359] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.094363] ? find_held_lock+0x36/0x1c0 [ 43.094379] ? __call_srcu+0x7f9/0x1070 [ 43.094384] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.094403] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.094407] ? lockdep_hardirqs_on+0x421/0x5c0 [ 43.094411] ? preempt_schedule+0x4d/0x60 [ 43.094416] preempt_schedule_common+0x1f/0xd0 [ 43.094420] preempt_schedule+0x4d/0x60 [ 43.094424] ___preempt_schedule+0x16/0x18 [ 43.094429] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 43.094433] __call_srcu+0x7f9/0x1070 [ 43.094438] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 43.094442] ? srcu_offline_cpu+0x120/0x120 [ 43.094447] ? debug_object_free+0x690/0x690 [ 43.094451] ? mark_held_locks+0x130/0x130 [ 43.094456] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 43.094460] ? lock_release+0x970/0x970 [ 43.094464] ? arch_local_save_flags+0x40/0x40 [ 43.094469] ? depot_save_stack+0x292/0x470 [ 43.094473] ? __lockdep_init_map+0x105/0x590 [ 43.094478] ? __init_waitqueue_head+0x9e/0x150 [ 43.094482] ? init_wait_entry+0x1c0/0x1c0 [ 43.094486] __synchronize_srcu+0x17b/0x230 [ 43.094490] ? call_srcu+0x10/0x10 [ 43.094494] ? rcu_unexpedite_gp+0x20/0x20 [ 43.094500] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 43.094504] ? check_preemption_disabled+0x48/0x200 [ 43.094509] synchronize_srcu+0x356/0x5ab [ 43.094513] ? lock_downgrade+0x900/0x900 [ 43.094518] ? synchronize_srcu_expedited+0x20/0x20 [ 43.094522] ? kasan_check_read+0x11/0x20 [ 43.094527] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 43.094531] ? kasan_check_write+0x14/0x20 [ 43.094535] ? do_raw_spin_lock+0xc1/0x200 [ 43.094541] kvm_page_track_unregister_notifier+0x17d/0x250 [ 43.094545] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 43.094549] ? kvfree+0x61/0x70 [ 43.094554] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.094558] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.094563] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 43.094567] ? kvm_arch_sync_events+0x30/0x30 [ 43.094572] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 43.094577] ? mmu_notifier_unregister+0x474/0x600 [ 43.094581] ? kfree+0x107/0x230 [ 43.094586] ? __mmu_notifier_register+0x30/0x30 [ 43.094590] ? __free_pages+0x10a/0x190 [ 43.094594] ? free_unref_page+0x960/0x960 [ 43.094598] kvm_put_kvm+0x6c8/0xff0 [ 43.094603] ? kvm_write_guest_cached+0x40/0x40 [ 43.094607] ? kvm_irqfd_release+0xd1/0x120 [ 43.094611] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.094616] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.094620] ? kasan_check_write+0x14/0x20 [ 43.094625] ? do_raw_spin_lock+0xc1/0x200 [ 43.094628] ? kvm_irqfd_release+0xdd [ 43.094636] Lost 73 message(s)! [ 44.273830] Shutting down cpus with NMI [ 45.331930] Kernel Offset: disabled [ 45.335573] Rebooting in 86400 seconds..