[....] Starting OpenBSD Secure Shell server: sshd[ 29.868180] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.963297] random: sshd: uninitialized urandom read (32 bytes read) [ 34.295416] audit: type=1400 audit(1536412880.515:6): avc: denied { map } for pid=5490 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 34.355747] random: sshd: uninitialized urandom read (32 bytes read) [ 34.976493] random: sshd: uninitialized urandom read (32 bytes read) [ 35.224032] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.18' (ECDSA) to the list of known hosts. [ 40.804906] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 40.942027] audit: type=1400 audit(1536412887.155:7): avc: denied { map } for pid=5504 comm="syz-executor851" path="/root/syz-executor851553422" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.944306] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 40.991936] ================================================================== [ 41.000895] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 41.007170] Read of size 8 at addr ffff8801bc050058 by task syz-executor851/5504 [ 41.014684] [ 41.016347] CPU: 1 PID: 5504 Comm: syz-executor851 Not tainted 4.19.0-rc2+ #6 [ 41.023603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.032933] Call Trace: [ 41.035559] dump_stack+0x1c4/0x2b4 [ 41.039182] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.044361] ? printk+0xa7/0xcf [ 41.047625] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 41.052368] print_address_description.cold.8+0x9/0x1ff [ 41.057712] kasan_report.cold.9+0x242/0x309 [ 41.062101] ? __schedule+0xfc3/0x1ed0 [ 41.065969] __asan_report_load8_noabort+0x14/0x20 [ 41.070879] __schedule+0xfc3/0x1ed0 [ 41.074575] ? __sched_text_start+0x8/0x8 [ 41.078705] ? __lock_is_held+0xb5/0x140 [ 41.082874] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.087970] ? find_held_lock+0x36/0x1c0 [ 41.092017] ? __call_srcu+0x7f9/0x1070 [ 41.095970] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.101053] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.106133] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.110695] ? preempt_schedule+0x4d/0x60 [ 41.114822] preempt_schedule_common+0x1f/0xd0 [ 41.119385] preempt_schedule+0x4d/0x60 [ 41.123343] ___preempt_schedule+0x16/0x18 [ 41.127559] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.132466] __call_srcu+0x7f9/0x1070 [ 41.136245] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.141326] ? srcu_offline_cpu+0x120/0x120 [ 41.145684] ? debug_object_free+0x690/0x690 [ 41.150079] ? mark_held_locks+0x130/0x130 [ 41.154292] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 41.158880] ? lock_release+0x970/0x970 [ 41.162838] ? arch_local_save_flags+0x40/0x40 [ 41.167404] ? depot_save_stack+0x292/0x470 [ 41.171710] ? __lockdep_init_map+0x105/0x590 [ 41.176184] ? __init_waitqueue_head+0x9e/0x150 [ 41.180831] ? init_wait_entry+0x1c0/0x1c0 [ 41.185050] __synchronize_srcu+0x17b/0x230 [ 41.189350] ? call_srcu+0x10/0x10 [ 41.192870] ? rcu_unexpedite_gp+0x20/0x20 [ 41.197090] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.207350] ? check_preemption_disabled+0x48/0x200 [ 41.212349] synchronize_srcu+0x356/0x5ab [ 41.216480] ? lock_downgrade+0x900/0x900 [ 41.220607] ? synchronize_srcu_expedited+0x20/0x20 [ 41.225604] ? kasan_check_read+0x11/0x20 [ 41.229731] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.234405] ? kasan_check_write+0x14/0x20 [ 41.238627] ? do_raw_spin_lock+0xc1/0x200 [ 41.242936] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.248633] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.254095] ? kvfree+0x61/0x70 [ 41.257356] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.262353] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.266402] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.270790] ? kvm_arch_sync_events+0x30/0x30 [ 41.275265] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.280825] ? mmu_notifier_unregister+0x474/0x600 [ 41.285742] ? kfree+0x107/0x230 [ 41.289088] ? __mmu_notifier_register+0x30/0x30 [ 41.293822] ? __free_pages+0x10a/0x190 [ 41.297772] ? free_unref_page+0x960/0x960 [ 41.301995] kvm_put_kvm+0x6c8/0xff0 [ 41.305694] ? kvm_write_guest_cached+0x40/0x40 [ 41.310343] ? kvm_irqfd_release+0xd1/0x120 [ 41.314642] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.319116] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.323602] ? kasan_check_write+0x14/0x20 [ 41.327815] ? do_raw_spin_lock+0xc1/0x200 [ 41.332031] ? kvm_irqfd_release+0xdd/0x120 [ 41.336332] ? kvm_irqfd_release+0xdd/0x120 [ 41.340632] ? kvm_put_kvm+0xff0/0xff0 [ 41.344498] kvm_vm_release+0x42/0x50 [ 41.348278] __fput+0x385/0xa30 [ 41.351546] ? get_max_files+0x20/0x20 [ 41.355414] ? trace_hardirqs_on+0xbd/0x310 [ 41.359715] ? ___might_sleep+0x1ed/0x300 [ 41.363840] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.369269] ? arch_local_save_flags+0x40/0x40 [ 41.373831] ? kasan_check_write+0x14/0x20 [ 41.378044] ? do_raw_spin_lock+0xc1/0x200 [ 41.382256] ____fput+0x15/0x20 [ 41.385587] task_work_run+0x1e8/0x2a0 [ 41.389462] ? task_work_cancel+0x240/0x240 [ 41.393768] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.399339] ? switch_task_namespaces+0x9d/0xd0 [ 41.403998] do_exit+0x1ad7/0x2610 [ 41.407524] ? mm_update_next_owner+0x990/0x990 [ 41.412247] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 41.416469] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.421464] ? kfree+0x1fa/0x230 [ 41.424811] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 41.429072] ? kvm_vcpu_block+0x1030/0x1030 [ 41.433384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.438899] ? avc_has_extended_perms+0xab2/0x15a0 [ 41.443809] ? fpu__prepare_read+0x37b/0x750 [ 41.448204] ? avc_ss_reset+0x190/0x190 [ 41.452164] ? save_stack+0xa9/0xd0 [ 41.455770] ? save_stack+0x43/0xd0 [ 41.459465] ? __kasan_slab_free+0x102/0x150 [ 41.463860] ? kasan_slab_free+0xe/0x10 [ 41.467815] ? putname+0xf2/0x130 [ 41.471259] ? __x64_sys_openat+0x9d/0x100 [ 41.475494] ? do_syscall_64+0x1b9/0x820 [ 41.479543] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.484888] ? ___might_sleep+0x1ed/0x300 [ 41.489015] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 41.494009] ? __fget_light+0x2e9/0x430 [ 41.497963] ? fget_raw+0x20/0x20 [ 41.501400] ? kvm_vcpu_block+0x1030/0x1030 [ 41.505700] ? do_vfs_ioctl+0x201/0x1720 [ 41.509911] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 41.515195] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 41.520216] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.525730] ? sockfd_lookup_light+0xc5/0x160 [ 41.530215] ? __sys_setsockopt+0x254/0x3c0 [ 41.534525] ? putname+0xf7/0x130 [ 41.537958] do_group_exit+0x177/0x440 [ 41.541825] ? trace_hardirqs_on+0xbd/0x310 [ 41.546122] ? __ia32_sys_exit+0x50/0x50 [ 41.550176] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.555658] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.561185] __x64_sys_exit_group+0x3e/0x50 [ 41.565489] do_syscall_64+0x1b9/0x820 [ 41.569356] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.574700] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.579615] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.584442] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.589447] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.594448] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.599452] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.604283] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.609452] RIP: 0033:0x43f028 [ 41.612628] Code: Bad RIP value. [ 41.615968] RSP: 002b:00007ffe261ca758 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 41.623657] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 41.630904] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 41.638157] RBP: 00000000004be8e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 41.645473] R10: 00000000200007c0 R11: 0000000000000246 R12: 0000000000000001 [ 41.652792] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 41.660052] [ 41.661658] Allocated by task 5504: [ 41.665264] save_stack+0x43/0xd0 [ 41.668694] kasan_kmalloc+0xc7/0xe0 [ 41.672384] kasan_slab_alloc+0x12/0x20 [ 41.676338] kmem_cache_alloc+0x12e/0x730 [ 41.680471] vmx_create_vcpu+0xcf/0x25e0 [ 41.684509] kvm_arch_vcpu_create+0xe5/0x220 [ 41.688893] kvm_vm_ioctl+0x470/0x1d40 [ 41.692762] do_vfs_ioctl+0x1de/0x1720 [ 41.696626] ksys_ioctl+0xa9/0xd0 [ 41.700055] __x64_sys_ioctl+0x73/0xb0 [ 41.703932] do_syscall_64+0x1b9/0x820 [ 41.707805] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.712966] [ 41.714568] Freed by task 5504: [ 41.717836] save_stack+0x43/0xd0 [ 41.721269] __kasan_slab_free+0x102/0x150 [ 41.725482] kasan_slab_free+0xe/0x10 [ 41.729261] kmem_cache_free+0x83/0x290 [ 41.733334] vmx_free_vcpu+0x26b/0x300 [ 41.737248] kvm_arch_destroy_vm+0x365/0x7c0 [ 41.741646] kvm_put_kvm+0x6c8/0xff0 [ 41.745338] kvm_vm_release+0x42/0x50 [ 41.749116] __fput+0x385/0xa30 [ 41.752372] ____fput+0x15/0x20 [ 41.755633] task_work_run+0x1e8/0x2a0 [ 41.759502] do_exit+0x1ad7/0x2610 [ 41.763022] do_group_exit+0x177/0x440 [ 41.766892] __x64_sys_exit_group+0x3e/0x50 [ 41.771204] do_syscall_64+0x1b9/0x820 [ 41.775083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.780243] [ 41.781849] The buggy address belongs to the object at ffff8801bc050040 [ 41.781849] which belongs to the cache kvm_vcpu of size 23872 [ 41.794404] The buggy address is located 24 bytes inside of [ 41.794404] 23872-byte region [ffff8801bc050040, ffff8801bc055d80) [ 41.806340] The buggy address belongs to the page: [ 41.811249] page:ffffea0006f01400 count:1 mapcount:0 mapping:ffff8801d7670500 index:0x0 compound_mapcount: 0 [ 41.821195] flags: 0x2fffc0000008100(slab|head) [ 41.825841] raw: 02fffc0000008100 ffff8801d5516f48 ffff8801d5516f48 ffff8801d7670500 [ 41.833698] raw: 0000000000000000 ffff8801bc050040 0000000100000001 0000000000000000 [ 41.841562] page dumped because: kasan: bad access detected [ 41.847243] [ 41.848870] Memory state around the buggy address: [ 41.853777] ffff8801bc04ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 41.861115] ffff8801bc04ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 41.868453] >ffff8801bc050000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 41.875785] ^ [ 41.881995] ffff8801bc050080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.889411] ffff8801bc050100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.896752] ================================================================== [ 41.904093] Kernel panic - not syncing: panic_on_warn set ... [ 41.904093] [ 41.911434] CPU: 1 PID: 5504 Comm: syz-executor851 Tainted: G B 4.19.0-rc2+ #6 [ 41.920120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.929460] Call Trace: [ 41.932045] dump_stack+0x1c4/0x2b4 [ 41.935666] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.940835] ? lock_downgrade+0x900/0x900 [ 41.944961] panic+0x238/0x4e7 [ 41.948133] ? add_taint.cold.5+0x16/0x16 [ 41.952261] ? print_shadow_for_address+0xb6/0x116 [ 41.957360] ? trace_hardirqs_off+0xaf/0x310 [ 41.961754] kasan_end_report+0x47/0x4f [ 41.965709] kasan_report.cold.9+0x76/0x309 [ 41.970011] ? __schedule+0xfc3/0x1ed0 [ 41.973951] __asan_report_load8_noabort+0x14/0x20 [ 41.978872] __schedule+0xfc3/0x1ed0 [ 41.982571] ? __sched_text_start+0x8/0x8 [ 41.986702] ? __lock_is_held+0xb5/0x140 [ 41.990741] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.995825] ? find_held_lock+0x36/0x1c0 [ 41.999894] ? __call_srcu+0x7f9/0x1070 [ 42.003859] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.008940] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.014025] ? lockdep_hardirqs_on+0x421/0x5c0 [ 42.018698] ? preempt_schedule+0x4d/0x60 [ 42.022854] preempt_schedule_common+0x1f/0xd0 [ 42.027438] preempt_schedule+0x4d/0x60 [ 42.031394] ___preempt_schedule+0x16/0x18 [ 42.035613] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.040527] __call_srcu+0x7f9/0x1070 [ 42.044306] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 42.049412] ? srcu_offline_cpu+0x120/0x120 [ 42.053716] ? debug_object_free+0x690/0x690 [ 42.058103] ? mark_held_locks+0x130/0x130 [ 42.062316] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 42.066963] ? lock_release+0x970/0x970 [ 42.070917] ? arch_local_save_flags+0x40/0x40 [ 42.075481] ? depot_save_stack+0x292/0x470 [ 42.079790] ? __lockdep_init_map+0x105/0x590 [ 42.084268] ? __init_waitqueue_head+0x9e/0x150 [ 42.088917] ? init_wait_entry+0x1c0/0x1c0 [ 42.093137] __synchronize_srcu+0x17b/0x230 [ 42.097442] ? call_srcu+0x10/0x10 [ 42.100959] ? rcu_unexpedite_gp+0x20/0x20 [ 42.105175] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.110769] ? check_preemption_disabled+0x48/0x200 [ 42.115819] synchronize_srcu+0x356/0x5ab [ 42.119953] ? lock_downgrade+0x900/0x900 [ 42.124080] ? synchronize_srcu_expedited+0x20/0x20 [ 42.129193] ? kasan_check_read+0x11/0x20 [ 42.133328] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 42.137890] ? kasan_check_write+0x14/0x20 [ 42.142464] ? do_raw_spin_lock+0xc1/0x200 [ 42.146681] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.152370] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 42.157856] ? kvfree+0x61/0x70 [ 42.161125] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.166129] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.170169] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.174556] ? kvm_arch_sync_events+0x30/0x30 [ 42.179031] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.184545] ? mmu_notifier_unregister+0x474/0x600 [ 42.189452] ? kfree+0x107/0x230 [ 42.192796] ? __mmu_notifier_register+0x30/0x30 [ 42.197533] ? __free_pages+0x10a/0x190 [ 42.201488] ? free_unref_page+0x960/0x960 [ 42.205711] kvm_put_kvm+0x6c8/0xff0 [ 42.209407] ? kvm_write_guest_cached+0x40/0x40 [ 42.214054] ? kvm_irqfd_release+0xd1/0x120 [ 42.218353] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.222826] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.227301] ? kasan_check_write+0x14/0x20 [ 42.231512] ? do_raw_spin_lock+0xc1/0x200 [ 42.235728] ? kvm_irqfd_release+0xdd/0x120 [ 42.240026] ? kvm_irqfd_release+0xdd/0x120 [ 42.244326] ? kvm_put_kvm+0xff0/0xff0 [ 42.248194] kvm_vm_release+0x42/0x50 [ 42.251972] __fput+0x385/0xa30 [ 42.255229] ? get_max_files+0x20/0x20 [ 42.259096] ? trace_hardirqs_on+0xbd/0x310 [ 42.263398] ? ___might_sleep+0x1ed/0x300 [ 42.267579] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.273086] ? arch_local_save_flags+0x40/0x40 [ 42.277660] ? kasan_check_write+0x14/0x20 [ 42.281876] ? do_raw_spin_lock+0xc1/0x200 [ 42.286087] ____fput+0x15/0x20 [ 42.289346] task_work_run+0x1e8/0x2a0 [ 42.293212] ? task_work_cancel+0x240/0x240 [ 42.297517] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.303035] ? switch_task_namespaces+0x9d/0xd0 [ 42.307688] do_exit+0x1ad7/0x2610 [ 42.311225] ? mm_update_next_owner+0x990/0x990 [ 42.315882] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 42.320101] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.325097] ? kfree+0x1fa/0x230 [ 42.328444] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 42.332660] ? kvm_vcpu_block+0x1030/0x1030 [ 42.336969] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.342488] ? avc_has_extended_perms+0xab2/0x15a0 [ 42.347406] ? fpu__prepare_read+0x37b/0x750 [ 42.351793] ? avc_ss_reset+0x190/0x190 [ 42.355802] ? save_stack+0xa9/0xd0 [ 42.359417] ? save_stack+0x43/0xd0 [ 42.363047] ? __kasan_slab_free+0x102/0x150 [ 42.367438] ? kasan_slab_free+0xe/0x10 [ 42.371392] ? putname+0xf2/0x130 [ 42.374825] ? __x64_sys_openat+0x9d/0x100 [ 42.379037] ? do_syscall_64+0x1b9/0x820 [ 42.383086] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.388611] ? ___might_sleep+0x1ed/0x300 [ 42.392744] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 42.397740] ? __fget_light+0x2e9/0x430 [ 42.401692] ? fget_raw+0x20/0x20 [ 42.405128] ? kvm_vcpu_block+0x1030/0x1030 [ 42.409432] ? do_vfs_ioctl+0x201/0x1720 [ 42.413472] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 42.418650] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 42.423644] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.429237] ? sockfd_lookup_light+0xc5/0x160 [ 42.433787] ? __sys_setsockopt+0x254/0x3c0 [ 42.438095] ? putname+0xf7/0x130 [ 42.441532] do_group_exit+0x177/0x440 [ 42.445452] ? trace_hardirqs_on+0xbd/0x310 [ 42.449763] ? __ia32_sys_exit+0x50/0x50 [ 42.453804] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 42.459232] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.464759] __x64_sys_exit_group+0x3e/0x50 [ 42.469067] do_syscall_64+0x1b9/0x820 [ 42.472942] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 42.478294] ? syscall_return_slowpath+0x5e0/0x5e0 [ 42.483205] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.488030] ? trace_hardirqs_on_caller+0x310/0x310 [ 42.493026] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 42.498037] ? prepare_exit_to_usermode+0x291/0x3b0 [ 42.503035] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.507859] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.513027] RIP: 0033:0x43f028 [ 42.516203] Code: Bad RIP value. [ 42.519545] RSP: 002b:00007ffe261ca758 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 42.527237] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 42.534486] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 42.541739] RBP: 00000000004be8e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 42.548991] R10: 00000000200007c0 R11: 0000000000000246 R12: 0000000000000001 [ 42.556238] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 42.563498] [ 42.563501] ====================================================== [ 42.563505] WARNING: possible circular locking dependency detected [ 42.563507] 4.19.0-rc2+ #6 Not tainted [ 42.563510] ------------------------------------------------------ [ 42.563513] syz-executor851/5504 is trying to acquire lock: [ 42.563516] 0000000078148c15 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 42.563524] [ 42.563527] but task is already holding lock: [ 42.563529] 000000004df79150 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 42.563542] [ 42.563545] which lock already depends on the new lock. [ 42.563546] [ 42.563547] [ 42.563550] the existing dependency chain (in reverse order) is: [ 42.563552] [ 42.563553] -> #3 (report_lock){....}: [ 42.563561] _raw_spin_lock_irqsave+0x99/0xd0 [ 42.563564] kasan_report+0x8b/0x110 [ 42.563566] __asan_report_load8_noabort+0x14/0x20 [ 42.563569] __schedule+0xfc3/0x1ed0 [ 42.563572] preempt_schedule_common+0x1f/0xd0 [ 42.563574] preempt_schedule+0x4d/0x60 [ 42.563577] ___preempt_schedule+0x16/0x18 [ 42.563579] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.563582] __call_srcu+0x7f9/0x1070 [ 42.563584] __synchronize_srcu+0x17b/0x230 [ 42.563587] synchronize_srcu+0x356/0x5ab [ 42.563590] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.563592] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.563594] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.563597] kvm_put_kvm+0x6c8/0xff0 [ 42.563599] kvm_vm_release+0x42/0x50 [ 42.563601] __fput+0x385/0xa30 [ 42.563603] ____fput+0x15/0x20 [ 42.563605] task_work_run+0x1e8/0x2a0 [ 42.563608] do_exit+0x1ad7/0x2610 [ 42.563610] do_group_exit+0x177/0x440 [ 42.563612] __x64_sys_exit_group+0x3e/0x50 [ 42.563615] do_syscall_64+0x1b9/0x820 [ 42.563617] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.563619] [ 42.563620] -> #2 (&rq->lock){-.-.}: [ 42.563628] _raw_spin_lock+0x2d/0x40 [ 42.563630] task_fork_fair+0xb0/0x6d0 [ 42.563632] sched_fork+0x443/0xba0 [ 42.563635] copy_process+0x2586/0x8780 [ 42.563637] _do_fork+0x1cb/0x11d0 [ 42.563639] kernel_thread+0x34/0x40 [ 42.563641] rest_init+0x22/0xe5 [ 42.563643] start_kernel+0x8f4/0x92f [ 42.563646] x86_64_start_reservations+0x29/0x2b [ 42.563648] x86_64_start_kernel+0x76/0x79 [ 42.563651] secondary_startup_64+0xa4/0xb0 [ 42.563652] [ 42.563653] -> #1 (&p->pi_lock){-.-.}: [ 42.563662] _raw_spin_lock_irqsave+0x99/0xd0 [ 42.563664] try_to_wake_up+0xd2/0x12f0 [ 42.563666] wake_up_process+0x10/0x20 [ 42.563669] __up.isra.1+0x1c0/0x2a0 [ 42.563671] up+0x13c/0x1c0 [ 42.563673] __up_console_sem+0xbe/0x1b0 [ 42.563675] console_unlock+0x524/0x11a0 [ 42.563678] vprintk_emit+0x33d/0x930 [ 42.563680] vprintk_default+0x28/0x30 [ 42.563682] vprintk_func+0x7e/0x181 [ 42.563685] printk+0xa7/0xcf [ 42.563687] load_umh+0x51/0xbd [ 42.563689] do_one_initcall+0x145/0x957 [ 42.563692] kernel_init_freeable+0x4bb/0x5ae [ 42.563694] kernel_init+0x11/0x1b2 [ 42.563696] ret_from_fork+0x3a/0x50 [ 42.563697] [ 42.563699] -> #0 ((console_sem).lock){-...}: [ 42.563707] lock_acquire+0x1ed/0x520 [ 42.563709] _raw_spin_lock_irqsave+0x99/0xd0 [ 42.563711] down_trylock+0x13/0x70 [ 42.563714] __down_trylock_console_sem+0xae/0x200 [ 42.563716] console_trylock+0x15/0xa0 [ 42.563719] vprintk_emit+0x322/0x930 [ 42.563721] vprintk_default+0x28/0x30 [ 42.563723] vprintk_func+0x7e/0x181 [ 42.563725] printk+0xa7/0xcf [ 42.563728] kasan_report+0x9b/0x110 [ 42.563730] __asan_report_load8_noabort+0x14/0x20 [ 42.563733] __schedule+0xfc3/0x1ed0 [ 42.563735] preempt_schedule_common+0x1f/0xd0 [ 42.563737] preempt_schedule+0x4d/0x60 [ 42.563740] ___preempt_schedule+0x16/0x18 [ 42.563742] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.563745] __call_srcu+0x7f9/0x1070 [ 42.563747] __synchronize_srcu+0x17b/0x230 [ 42.563750] synchronize_srcu+0x356/0x5ab [ 42.563753] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.563755] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.563757] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.563760] kvm_put_kvm+0x6c8/0xff0 [ 42.563762] kvm_vm_release+0x42/0x50 [ 42.563764] __fput+0x385/0xa30 [ 42.563766] ____fput+0x15/0x20 [ 42.563768] task_work_run+0x1e8/0x2a0 [ 42.563770] do_exit+0x1ad7/0x2610 [ 42.563773] do_group_exit+0x177/0x440 [ 42.563775] __x64_sys_exit_group+0x3e/0x50 [ 42.563777] do_syscall_64+0x1b9/0x820 [ 42.563780] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.563782] [ 42.563784] other info that might help us debug this: [ 42.563785] [ 42.563787] Chain exists of: [ 42.563788] (console_sem).lock --> &rq->lock --> report_lock [ 42.563798] [ 42.563801] Possible unsafe locking scenario: [ 42.563802] [ 42.563804] CPU0 CPU1 [ 42.563807] ---- ---- [ 42.563808] lock(report_lock); [ 42.563813] lock(&rq->lock); [ 42.563819] lock(report_lock); [ 42.563823] lock((console_sem).lock); [ 42.563827] [ 42.563829] *** DEADLOCK *** [ 42.563831] [ 42.563833] 2 locks held by syz-executor851/5504: [ 42.563834] #0: 00000000bfdb4b78 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 42.563844] #1: 000000004df79150 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 42.563853] [ 42.563855] stack backtrace: [ 42.563858] CPU: 1 PID: 5504 Comm: syz-executor851 Not tainted 4.19.0-rc2+ #6 [ 42.563863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.563865] Call Trace: [ 42.563867] dump_stack+0x1c4/0x2b4 [ 42.563869] ? dump_stack_print_info.cold.2+0x52/0x52 [ 42.563872] ? vprintk_func+0x85/0x181 [ 42.563875] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 42.563877] ? save_trace+0xe0/0x290 [ 42.563879] __lock_acquire+0x33e4/0x4ec0 [ 42.563881] ? mark_held_locks+0x130/0x130 [ 42.563884] ? mark_held_locks+0x130/0x130 [ 42.563886] ? rcu_bh_qs+0xc0/0xc0 [ 42.563888] ? unwind_dump+0x190/0x190 [ 42.563891] ? is_bpf_text_address+0xd3/0x170 [ 42.563893] ? kernel_text_address+0x79/0xf0 [ 42.563896] ? __kernel_text_address+0xd/0x40 [ 42.563898] ? __save_stack_trace+0x8d/0xf0 [ 42.563901] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 42.563903] ? save_trace+0x290/0x290 [ 42.563906] ? save_stack_trace+0x1a/0x20 [ 42.563908] ? save_trace+0xe0/0x290 [ 42.563910] ? kasan_check_read+0x11/0x20 [ 42.563912] ? graph_lock+0x170/0x170 [ 42.563915] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.563917] lock_acquire+0x1ed/0x520 [ 42.563920] ? down_trylock+0x13/0x70 [ 42.563922] ? find_held_lock+0x36/0x1c0 [ 42.563924] ? lock_release+0x970/0x970 [ 42.563927] ? trace_hardirqs_off+0xb8/0x310 [ 42.563929] ? vprintk_emit+0x1d3/0x930 [ 42.563931] ? trace_hardirqs_on+0x310/0x310 [ 42.563934] ? trace_hardirqs_off+0xb8/0x310 [ 42.563936] ? log_store+0x344/0x4c0 [ 42.563938] ? vprintk_emit+0x322/0x930 [ 42.563941] _raw_spin_lock_irqsave+0x99/0xd0 [ 42.563943] ? down_trylock+0x13/0x70 [ 42.563945] down_trylock+0x13/0x70 [ 42.563948] __down_trylock_console_sem+0xae/0x200 [ 42.563950] console_trylock+0x15/0xa0 [ 42.563952] vprintk_emit+0x322/0x930 [ 42.563954] ? wake_up_klogd+0x180/0x180 [ 42.563957] ? run_rebalance_domains+0x500/0x500 [ 42.563959] ? wake_up_worker+0x117/0x190 [ 42.563961] ? find_held_lock+0x36/0x1c0 [ 42.563964] ? __queue_work+0x6be/0x1440 [ 42.563966] ? lock_acquire+0x1ed/0x520 [ 42.563968] vprintk_default+0x28/0x30 [ 42.563970] vprintk_func+0x7e/0x181 [ 42.563972] printk+0xa7/0xcf [ 42.563975] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 42.563977] ? kasan_check_write+0x14/0x20 [ 42.563980] ? do_raw_spin_lock+0xc1/0x200 [ 42.563982] ? do_raw_spin_lock+0xc1/0x200 [ 42.563984] kasan_report+0x9b/0x110 [ 42.563986] ? __schedule+0xfc3/0x1ed0 [ 42.563989] __asan_report_load8_noabort+0x14/0x20 [ 42.563991] __schedule+0xfc3/0x1ed0 [ 42.563993] ? __sched_text_start+0x8/0x8 [ 42.563996] ? __lock_is_held+0xb5/0x140 [ 42.563998] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.564001] ? find_held_lock+0x36/0x1c0 [ 42.564003] ? __call_srcu+0x7f9/0x1070 [ 42.564006] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.564008] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 42.564011] ? lockdep_hardirqs_on+0x421/0x5c0 [ 42.564013] ? preempt_schedule+0x4d/0x60 [ 42.564016] preempt_schedule_common+0x1f/0xd0 [ 42.564018] preempt_schedule+0x4d/0x60 [ 42.564020] ___preempt_schedule+0x16/0x18 [ 42.564023] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 42.564025] __call_srcu+0x7f9/0x1070 [ 42.564028] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 42.564030] ? srcu_offline_cpu+0x120/0x120 [ 42.564034] ? debug_object_free+0x690/0x690 [ 42.564037] ? mark_held_locks+0x130/0x130 [ 42.564040] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 42.564042] ? lock_release+0x970/0x970 [ 42.564044] ? arch_local_save_flags+0x40/0x40 [ 42.564047] ? depot_save_stack+0x292/0x470 [ 42.564049] ? __lockdep_init_map+0x105/0x590 [ 42.564052] ? __init_waitqueue_head+0x9e/0x150 [ 42.564054] ? init_wait_entry+0x1c0/0x1c0 [ 42.564056] __synchronize_srcu+0x17b/0x230 [ 42.564059] ? call_srcu+0x10/0x10 [ 42.564061] ? rcu_unexpedite_gp+0x20/0x20 [ 42.564064] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.564067] ? check_preemption_disabled+0x48/0x200 [ 42.564069] synchronize_srcu+0x356/0x5ab [ 42.564071] ? lock_downgrade+0x900/0x900 [ 42.564074] ? synchronize_srcu_expedited+0x20/0x20 [ 42.564076] ? kasan_check_read+0x11/0x20 [ 42.564079] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 42.564081] ? kasan_check_write+0x14/0x20 [ 42.564083] ? do_raw_spin_lock+0xc1/0x200 [ 42.564086] kvm_page_track_unregister_notifier+0x17d/0x250 [ 42.564089] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 42.564091] ? kvfree+0x61/0x70 [ 42.564094] ? rcu_read_lock_sched_held+0x108/0x120 [ 42.564096] kvm_mmu_uninit_vm+0x1c/0x20 [ 42.564099] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 42.564101] ? kvm_arch_sync_events+0x30/0x30 [ 42.564104] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.564107] ? mmu_notifier_unregister+0x474/0x600 [ 42.564109] ? kfree+0x107/0x230 [ 42.564112] ? __mmu_notifier_register+0x30/0x30 [ 42.564114] ? __free_pages+0x10a/0x190 [ 42.564116] ? free_unref_page+0x960/0x960 [ 42.564119] kvm_put_kvm+0x6c8/0xff0 [ 42.564121] ? kvm_write_guest_cached+0x40/0x40 [ 42.564124] ? kvm_irqfd_release+0xd1/0x120 [ 42.564126] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.564129] ? _raw_spin_unlock_irq+0x27/0x80 [ 42.564131] ? kasan_check_write+0x14/0x20 [ 42.564133] ? do_raw_spin_lock+0xc1/0x200 [ 42.564135] ? kvm_irqfd_release+0xdd/0 [ 42.564140] Lost 71 message(s)! [ 43.715601] Shutting down cpus with NMI [ 44.772842] Dumping ftrace buffer: [ 44.776371] (ftrace buffer empty) [ 44.780602] Kernel Offset: disabled [ 44.784223] Rebooting in 86400 seconds..