[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.274735] random: sshd: uninitialized urandom read (32 bytes read) [ 33.550902] audit: type=1400 audit(1537504759.422:6): avc: denied { map } for pid=5472 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 33.604232] random: sshd: uninitialized urandom read (32 bytes read) [ 34.219145] random: sshd: uninitialized urandom read (32 bytes read) [ 34.459521] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts. [ 40.060522] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 40.195247] audit: type=1400 audit(1537504766.072:7): avc: denied { map } for pid=5486 comm="syz-executor480" path="/root/syz-executor480971358" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.198820] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 40.252492] ================================================================== [ 40.262475] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 40.268703] Read of size 8 at addr ffff8801c50d8058 by task syz-executor480/5486 [ 40.276229] [ 40.277861] CPU: 0 PID: 5486 Comm: syz-executor480 Not tainted 4.19.0-rc4+ #26 [ 40.285216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.294559] Call Trace: [ 40.297147] dump_stack+0x1c4/0x2b4 [ 40.300789] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.305982] ? printk+0xa7/0xcf [ 40.309285] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 40.314046] print_address_description.cold.8+0x9/0x1ff [ 40.319414] kasan_report.cold.9+0x242/0x309 [ 40.323819] ? __schedule+0xfc3/0x1ed0 [ 40.327709] __asan_report_load8_noabort+0x14/0x20 [ 40.332639] __schedule+0xfc3/0x1ed0 [ 40.336360] ? __sched_text_start+0x8/0x8 [ 40.340513] ? __lock_is_held+0xb5/0x140 [ 40.344591] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.349697] ? find_held_lock+0x36/0x1c0 [ 40.354226] ? __call_srcu+0x7f9/0x1070 [ 40.358208] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.363309] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 40.368435] ? lockdep_hardirqs_on+0x421/0x5c0 [ 40.373021] ? preempt_schedule+0x4d/0x60 [ 40.377170] preempt_schedule_common+0x1f/0xd0 [ 40.381778] preempt_schedule+0x4d/0x60 [ 40.385757] ___preempt_schedule+0x16/0x18 [ 40.390005] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 40.394936] __call_srcu+0x7f9/0x1070 [ 40.398738] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 40.403848] ? srcu_offline_cpu+0x120/0x120 [ 40.408172] ? debug_object_free+0x690/0x690 [ 40.412583] ? mark_held_locks+0x130/0x130 [ 40.416818] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 40.421404] ? lock_release+0x970/0x970 [ 40.425378] ? arch_local_save_flags+0x40/0x40 [ 40.429964] ? depot_save_stack+0x292/0x470 [ 40.434291] ? __lockdep_init_map+0x105/0x590 [ 40.438790] ? __init_waitqueue_head+0x9e/0x150 [ 40.443466] ? init_wait_entry+0x1c0/0x1c0 [ 40.447710] __synchronize_srcu+0x17b/0x230 [ 40.452121] ? call_srcu+0x10/0x10 [ 40.455658] ? rcu_unexpedite_gp+0x20/0x20 [ 40.459901] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 40.465464] ? check_preemption_disabled+0x48/0x200 [ 40.470659] synchronize_srcu+0x356/0x5ab [ 40.474806] ? lock_downgrade+0x900/0x900 [ 40.479007] ? synchronize_srcu_expedited+0x20/0x20 [ 40.484025] ? kasan_check_read+0x11/0x20 [ 40.488175] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.492759] ? kasan_check_write+0x14/0x20 [ 40.496997] ? do_raw_spin_lock+0xc1/0x200 [ 40.501239] kvm_page_track_unregister_notifier+0x17d/0x250 [ 40.506950] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 40.512403] ? kvfree+0x61/0x70 [ 40.515700] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.520720] kvm_mmu_uninit_vm+0x1c/0x20 [ 40.524786] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 40.529196] ? kvm_arch_sync_events+0x30/0x30 [ 40.533694] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.539234] ? mmu_notifier_unregister+0x474/0x600 [ 40.544165] ? kfree+0x107/0x230 [ 40.547530] ? __mmu_notifier_register+0x30/0x30 [ 40.552289] ? __free_pages+0x10a/0x190 [ 40.556266] ? free_unref_page+0x960/0x960 [ 40.560511] kvm_put_kvm+0x6c8/0xff0 [ 40.564234] ? kvm_write_guest_cached+0x40/0x40 [ 40.568902] ? kvm_irqfd_release+0xd1/0x120 [ 40.573225] ? _raw_spin_unlock_irq+0x27/0x80 [ 40.577718] ? _raw_spin_unlock_irq+0x27/0x80 [ 40.582222] ? kasan_check_write+0x14/0x20 [ 40.586467] ? do_raw_spin_lock+0xc1/0x200 [ 40.590705] ? kvm_irqfd_release+0xdd/0x120 [ 40.595032] ? kvm_irqfd_release+0xdd/0x120 [ 40.599353] ? kvm_put_kvm+0xff0/0xff0 [ 40.603252] kvm_vm_release+0x42/0x50 [ 40.607051] __fput+0x385/0xa30 [ 40.610331] ? get_max_files+0x20/0x20 [ 40.614219] ? trace_hardirqs_on+0xbd/0x310 [ 40.618544] ? ___might_sleep+0x1ed/0x300 [ 40.622701] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 40.628153] ? arch_local_save_flags+0x40/0x40 [ 40.632736] ? kasan_check_write+0x14/0x20 [ 40.636984] ? do_raw_spin_lock+0xc1/0x200 [ 40.641219] ____fput+0x15/0x20 [ 40.644498] task_work_run+0x1e8/0x2a0 [ 40.648396] ? task_work_cancel+0x240/0x240 [ 40.652725] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 40.658262] ? switch_task_namespaces+0x9d/0xd0 [ 40.663000] do_exit+0x1ad7/0x2610 [ 40.666547] ? mm_update_next_owner+0x990/0x990 [ 40.671231] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 40.675473] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.680490] ? kfree+0x1fa/0x230 [ 40.683857] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 40.688091] ? kvm_vcpu_block+0x1030/0x1030 [ 40.692416] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.697955] ? avc_has_extended_perms+0xab2/0x15a0 [ 40.702890] ? save_stack_address+0x4b/0x60 [ 40.707213] ? avc_ss_reset+0x190/0x190 [ 40.711199] ? save_stack+0xa9/0xd0 [ 40.714824] ? save_stack+0x43/0xd0 [ 40.718449] ? __kasan_slab_free+0x102/0x150 [ 40.722872] ? kasan_slab_free+0xe/0x10 [ 40.726853] ? putname+0xf2/0x130 [ 40.730307] ? __x64_sys_openat+0x9d/0x100 [ 40.734539] ? do_syscall_64+0x1b9/0x820 [ 40.738597] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.743966] ? ___might_sleep+0x1ed/0x300 [ 40.748121] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 40.753227] ? trace_hardirqs_off+0xb8/0x310 [ 40.757638] ? kvm_vcpu_block+0x1030/0x1030 [ 40.761960] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.767494] ? do_vfs_ioctl+0x201/0x1720 [ 40.771554] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 40.776745] ? ioctl_preallocate+0x300/0x300 [ 40.781154] ? selinux_file_mprotect+0x620/0x620 [ 40.785911] ? path_mountpoint+0x57e/0x2190 [ 40.790237] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.795255] ? kmem_cache_free+0x24f/0x290 [ 40.799488] ? putname+0xf7/0x130 [ 40.802951] do_group_exit+0x177/0x440 [ 40.806852] ? trace_hardirqs_on+0xbd/0x310 [ 40.811174] ? __ia32_sys_exit+0x50/0x50 [ 40.815244] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 40.820693] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.826231] ? ksys_ioctl+0x81/0xd0 [ 40.829860] __x64_sys_exit_group+0x3e/0x50 [ 40.834195] do_syscall_64+0x1b9/0x820 [ 40.838095] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 40.843465] ? syscall_return_slowpath+0x5e0/0x5e0 [ 40.848391] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.853247] ? trace_hardirqs_on_caller+0x310/0x310 [ 40.858272] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 40.863287] ? prepare_exit_to_usermode+0x291/0x3b0 [ 40.868303] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.873149] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.878339] RIP: 0033:0x43ecd8 [ 40.881533] Code: Bad RIP value. [ 40.884917] RSP: 002b:00007ffc6dadd5c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 40.892621] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8 [ 40.899888] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 40.907153] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 40.914415] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 40.921681] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 40.928978] [ 40.930607] Allocated by task 5486: [ 40.934230] save_stack+0x43/0xd0 [ 40.937682] kasan_kmalloc+0xc7/0xe0 [ 40.941393] kasan_slab_alloc+0x12/0x20 [ 40.945360] kmem_cache_alloc+0x12e/0x730 [ 40.949504] vmx_create_vcpu+0xcf/0x25e0 [ 40.953571] kvm_arch_vcpu_create+0xe5/0x220 [ 40.957993] kvm_vm_ioctl+0x470/0x1d40 [ 40.961883] do_vfs_ioctl+0x1de/0x1720 [ 40.965765] ksys_ioctl+0xa9/0xd0 [ 40.969217] __x64_sys_ioctl+0x73/0xb0 [ 40.973100] do_syscall_64+0x1b9/0x820 [ 40.976987] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.982289] [ 40.983917] Freed by task 5486: [ 40.987215] save_stack+0x43/0xd0 [ 40.990679] __kasan_slab_free+0x102/0x150 [ 40.994908] kasan_slab_free+0xe/0x10 [ 40.998714] kmem_cache_free+0x83/0x290 [ 41.002685] vmx_free_vcpu+0x26b/0x300 [ 41.006571] kvm_arch_destroy_vm+0x365/0x7c0 [ 41.010986] kvm_put_kvm+0x6c8/0xff0 [ 41.014696] kvm_vm_release+0x42/0x50 [ 41.018490] __fput+0x385/0xa30 [ 41.021765] ____fput+0x15/0x20 [ 41.025042] task_work_run+0x1e8/0x2a0 [ 41.028926] do_exit+0x1ad7/0x2610 [ 41.032469] do_group_exit+0x177/0x440 [ 41.036357] __x64_sys_exit_group+0x3e/0x50 [ 41.040675] do_syscall_64+0x1b9/0x820 [ 41.044584] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.049761] [ 41.051386] The buggy address belongs to the object at ffff8801c50d8040 [ 41.051386] which belongs to the cache kvm_vcpu of size 23872 [ 41.063960] The buggy address is located 24 bytes inside of [ 41.063960] 23872-byte region [ffff8801c50d8040, ffff8801c50ddd80) [ 41.075916] The buggy address belongs to the page: [ 41.080846] page:ffffea0007143600 count:1 mapcount:0 mapping:ffff8801d7eea1c0 index:0x0 compound_mapcount: 0 [ 41.090813] flags: 0x2fffc0000008100(slab|head) [ 41.095487] raw: 02fffc0000008100 ffff8801d63ab548 ffff8801d63ab548 ffff8801d7eea1c0 [ 41.103372] raw: 0000000000000000 ffff8801c50d8040 0000000100000001 0000000000000000 [ 41.111243] page dumped because: kasan: bad access detected [ 41.116942] [ 41.118557] Memory state around the buggy address: [ 41.123485] ffff8801c50d7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.130840] ffff8801c50d7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.138200] >ffff8801c50d8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 41.145567] ^ [ 41.151821] ffff8801c50d8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.159179] ffff8801c50d8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.166534] ================================================================== [ 41.173890] Kernel panic - not syncing: panic_on_warn set ... [ 41.173890] [ 41.181384] CPU: 0 PID: 5486 Comm: syz-executor480 Tainted: G B 4.19.0-rc4+ #26 [ 41.190130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.199485] Call Trace: [ 41.202080] dump_stack+0x1c4/0x2b4 [ 41.205726] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.210915] ? lock_downgrade+0x900/0x900 [ 41.215080] panic+0x238/0x4e7 [ 41.218286] ? add_taint.cold.5+0x16/0x16 [ 41.222451] ? print_shadow_for_address+0xb6/0x116 [ 41.227387] ? trace_hardirqs_off+0xaf/0x310 [ 41.231816] kasan_end_report+0x47/0x4f [ 41.235798] kasan_report.cold.9+0x76/0x309 [ 41.240121] ? __schedule+0xfc3/0x1ed0 [ 41.244025] __asan_report_load8_noabort+0x14/0x20 [ 41.248957] __schedule+0xfc3/0x1ed0 [ 41.252681] ? __sched_text_start+0x8/0x8 [ 41.256831] ? __lock_is_held+0xb5/0x140 [ 41.260892] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.266002] ? find_held_lock+0x36/0x1c0 [ 41.270071] ? __call_srcu+0x7f9/0x1070 [ 41.274049] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.279154] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.284268] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.288856] ? preempt_schedule+0x4d/0x60 [ 41.294685] preempt_schedule_common+0x1f/0xd0 [ 41.299274] preempt_schedule+0x4d/0x60 [ 41.303252] ___preempt_schedule+0x16/0x18 [ 41.307498] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.312431] __call_srcu+0x7f9/0x1070 [ 41.316245] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.321358] ? srcu_offline_cpu+0x120/0x120 [ 41.325681] ? debug_object_free+0x690/0x690 [ 41.330090] ? mark_held_locks+0x130/0x130 [ 41.334325] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 41.338915] ? lock_release+0x970/0x970 [ 41.342888] ? arch_local_save_flags+0x40/0x40 [ 41.347491] ? depot_save_stack+0x292/0x470 [ 41.351822] ? __lockdep_init_map+0x105/0x590 [ 41.356460] ? __init_waitqueue_head+0x9e/0x150 [ 41.361143] ? init_wait_entry+0x1c0/0x1c0 [ 41.365390] __synchronize_srcu+0x17b/0x230 [ 41.369710] ? call_srcu+0x10/0x10 [ 41.373264] ? rcu_unexpedite_gp+0x20/0x20 [ 41.377519] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.383054] ? check_preemption_disabled+0x48/0x200 [ 41.388113] synchronize_srcu+0x356/0x5ab [ 41.392278] ? lock_downgrade+0x900/0x900 [ 41.396428] ? synchronize_srcu_expedited+0x20/0x20 [ 41.401452] ? kasan_check_read+0x11/0x20 [ 41.405609] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.410200] ? kasan_check_write+0x14/0x20 [ 41.414439] ? do_raw_spin_lock+0xc1/0x200 [ 41.418683] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.424396] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.429851] ? kvfree+0x61/0x70 [ 41.433134] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.438194] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.442363] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.446776] ? kvm_arch_sync_events+0x30/0x30 [ 41.451276] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.456824] ? mmu_notifier_unregister+0x474/0x600 [ 41.462023] ? kfree+0x107/0x230 [ 41.465404] ? __mmu_notifier_register+0x30/0x30 [ 41.470181] ? __free_pages+0x10a/0x190 [ 41.474163] ? free_unref_page+0x960/0x960 [ 41.478419] kvm_put_kvm+0x6c8/0xff0 [ 41.482141] ? kvm_write_guest_cached+0x40/0x40 [ 41.486824] ? kvm_irqfd_release+0xd1/0x120 [ 41.491180] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.495673] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.500193] ? kasan_check_write+0x14/0x20 [ 41.504449] ? do_raw_spin_lock+0xc1/0x200 [ 41.508705] ? kvm_irqfd_release+0xdd/0x120 [ 41.513029] ? kvm_irqfd_release+0xdd/0x120 [ 41.517357] ? kvm_put_kvm+0xff0/0xff0 [ 41.521248] kvm_vm_release+0x42/0x50 [ 41.525052] __fput+0x385/0xa30 [ 41.528333] ? get_max_files+0x20/0x20 [ 41.532229] ? trace_hardirqs_on+0xbd/0x310 [ 41.536552] ? ___might_sleep+0x1ed/0x300 [ 41.540703] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.546155] ? arch_local_save_flags+0x40/0x40 [ 41.550740] ? kasan_check_write+0x14/0x20 [ 41.555016] ? do_raw_spin_lock+0xc1/0x200 [ 41.559250] ____fput+0x15/0x20 [ 41.562529] task_work_run+0x1e8/0x2a0 [ 41.566418] ? task_work_cancel+0x240/0x240 [ 41.570739] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.576279] ? switch_task_namespaces+0x9d/0xd0 [ 41.580952] do_exit+0x1ad7/0x2610 [ 41.584497] ? mm_update_next_owner+0x990/0x990 [ 41.589171] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 41.593407] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.598423] ? kfree+0x1fa/0x230 [ 41.601796] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 41.606042] ? kvm_vcpu_block+0x1030/0x1030 [ 41.610373] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.615908] ? avc_has_extended_perms+0xab2/0x15a0 [ 41.620848] ? save_stack_address+0x4b/0x60 [ 41.625165] ? avc_ss_reset+0x190/0x190 [ 41.629213] ? save_stack+0xa9/0xd0 [ 41.632869] ? save_stack+0x43/0xd0 [ 41.636525] ? __kasan_slab_free+0x102/0x150 [ 41.640926] ? kasan_slab_free+0xe/0x10 [ 41.644941] ? putname+0xf2/0x130 [ 41.648391] ? __x64_sys_openat+0x9d/0x100 [ 41.652629] ? do_syscall_64+0x1b9/0x820 [ 41.656689] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.662084] ? ___might_sleep+0x1ed/0x300 [ 41.666233] ? __bpf_trace_initcall_finish+0x2a/0x30 [ 41.671357] ? trace_hardirqs_off+0xb8/0x310 [ 41.675784] ? kvm_vcpu_block+0x1030/0x1030 [ 41.680120] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.685656] ? do_vfs_ioctl+0x201/0x1720 [ 41.689717] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 41.694907] ? ioctl_preallocate+0x300/0x300 [ 41.699327] ? selinux_file_mprotect+0x620/0x620 [ 41.704105] ? path_mountpoint+0x57e/0x2190 [ 41.708425] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.713447] ? kmem_cache_free+0x24f/0x290 [ 41.717688] ? putname+0xf7/0x130 [ 41.721163] do_group_exit+0x177/0x440 [ 41.725076] ? trace_hardirqs_on+0xbd/0x310 [ 41.729419] ? __ia32_sys_exit+0x50/0x50 [ 41.733487] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.738935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.744477] ? ksys_ioctl+0x81/0xd0 [ 41.748111] __x64_sys_exit_group+0x3e/0x50 [ 41.752432] do_syscall_64+0x1b9/0x820 [ 41.756324] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.761692] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.766623] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.771477] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.776495] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.781510] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.786631] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.791481] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.796684] RIP: 0033:0x43ecd8 [ 41.799892] Code: Bad RIP value. [ 41.803279] RSP: 002b:00007ffc6dadd5c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 41.811006] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8 [ 41.818277] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 41.825550] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 41.832821] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 41.840106] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 41.847399] [ 41.847405] ====================================================== [ 41.847410] WARNING: possible circular locking dependency detected [ 41.847415] 4.19.0-rc4+ #26 Not tainted [ 41.847420] ------------------------------------------------------ [ 41.847425] syz-executor480/5486 is trying to acquire lock: [ 41.847429] 00000000972264eb ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 41.847445] [ 41.847449] but task is already holding lock: [ 41.847452] 00000000da72c593 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 41.847486] [ 41.847491] which lock already depends on the new lock. [ 41.847493] [ 41.847496] [ 41.847502] the existing dependency chain (in reverse order) is: [ 41.847504] [ 41.847507] -> #3 (report_lock){....}: [ 41.847523] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.847527] kasan_report+0x8b/0x110 [ 41.847532] __asan_report_load8_noabort+0x14/0x20 [ 41.847536] __schedule+0xfc3/0x1ed0 [ 41.847541] preempt_schedule_common+0x1f/0xd0 [ 41.847545] preempt_schedule+0x4d/0x60 [ 41.847550] ___preempt_schedule+0x16/0x18 [ 41.847555] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.847559] __call_srcu+0x7f9/0x1070 [ 41.847564] __synchronize_srcu+0x17b/0x230 [ 41.847568] synchronize_srcu+0x356/0x5ab [ 41.847574] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.847578] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.847583] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.847587] kvm_put_kvm+0x6c8/0xff0 [ 41.847591] kvm_vm_release+0x42/0x50 [ 41.847595] __fput+0x385/0xa30 [ 41.847599] ____fput+0x15/0x20 [ 41.847603] task_work_run+0x1e8/0x2a0 [ 41.847607] do_exit+0x1ad7/0x2610 [ 41.847612] do_group_exit+0x177/0x440 [ 41.847616] __x64_sys_exit_group+0x3e/0x50 [ 41.847620] do_syscall_64+0x1b9/0x820 [ 41.847625] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.847628] [ 41.847630] -> #2 (&rq->lock){-.-.}: [ 41.847646] _raw_spin_lock+0x2d/0x40 [ 41.847650] task_fork_fair+0xb0/0x6d0 [ 41.847654] sched_fork+0x443/0xba0 [ 41.847658] copy_process+0x2586/0x8780 [ 41.847663] _do_fork+0x1cb/0x11d0 [ 41.847667] kernel_thread+0x34/0x40 [ 41.847671] rest_init+0x22/0xe5 [ 41.847675] start_kernel+0x8f4/0x92f [ 41.847680] x86_64_start_reservations+0x29/0x2b [ 41.847684] x86_64_start_kernel+0x76/0x79 [ 41.847689] secondary_startup_64+0xa4/0xb0 [ 41.847691] [ 41.847694] -> #1 (&p->pi_lock){-.-.}: [ 41.847710] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.847714] try_to_wake_up+0xd2/0x12f0 [ 41.847718] wake_up_process+0x10/0x20 [ 41.847723] __up.isra.1+0x1c0/0x2a0 [ 41.847726] up+0x13c/0x1c0 [ 41.847731] __up_console_sem+0xbe/0x1b0 [ 41.847735] console_unlock+0x814/0x1160 [ 41.847739] vprintk_emit+0x33d/0x930 [ 41.847743] vprintk_default+0x28/0x30 [ 41.847748] vprintk_func+0x7e/0x181 [ 41.847751] printk+0xa7/0xcf [ 41.847755] load_umh+0x51/0xbd [ 41.847760] do_one_initcall+0x145/0x957 [ 41.847764] kernel_init_freeable+0x4bb/0x5ae [ 41.847768] kernel_init+0x11/0x1b2 [ 41.847773] ret_from_fork+0x3a/0x50 [ 41.847775] [ 41.847778] -> #0 ((console_sem).lock){-...}: [ 41.847793] lock_acquire+0x1ed/0x520 [ 41.847798] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.847802] down_trylock+0x13/0x70 [ 41.847807] __down_trylock_console_sem+0xae/0x200 [ 41.847811] console_trylock+0x15/0xa0 [ 41.847815] vprintk_emit+0x322/0x930 [ 41.847820] vprintk_default+0x28/0x30 [ 41.847824] vprintk_func+0x7e/0x181 [ 41.847827] printk+0xa7/0xcf [ 41.847831] kasan_report+0x9b/0x110 [ 41.847836] __asan_report_load8_noabort+0x14/0x20 [ 41.847840] __schedule+0xfc3/0x1ed0 [ 41.847845] preempt_schedule_common+0x1f/0xd0 [ 41.847849] preempt_schedule+0x4d/0x60 [ 41.847854] ___preempt_schedule+0x16/0x18 [ 41.847859] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.847863] __call_srcu+0x7f9/0x1070 [ 41.847867] __synchronize_srcu+0x17b/0x230 [ 41.847872] synchronize_srcu+0x356/0x5ab [ 41.847877] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.847881] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.847899] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.847903] kvm_put_kvm+0x6c8/0xff0 [ 41.847907] kvm_vm_release+0x42/0x50 [ 41.847911] __fput+0x385/0xa30 [ 41.847915] ____fput+0x15/0x20 [ 41.847919] task_work_run+0x1e8/0x2a0 [ 41.847922] do_exit+0x1ad7/0x2610 [ 41.847927] do_group_exit+0x177/0x440 [ 41.847931] __x64_sys_exit_group+0x3e/0x50 [ 41.847935] do_syscall_64+0x1b9/0x820 [ 41.847940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.847942] [ 41.847947] other info that might help us debug this: [ 41.847949] [ 41.847952] Chain exists of: [ 41.847955] (console_sem).lock --> &rq->lock --> report_lock [ 41.847974] [ 41.847978] Possible unsafe locking scenario: [ 41.847981] [ 41.847985] CPU0 CPU1 [ 41.847989] ---- ---- [ 41.847992] lock(report_lock); [ 41.848001] lock(&rq->lock); [ 41.848024] lock(report_lock); [ 41.848032] lock((console_sem).lock); [ 41.848041] [ 41.848045] *** DEADLOCK *** [ 41.848047] [ 41.848070] 2 locks held by syz-executor480/5486: [ 41.848073] #0: 00000000efd6c6e1 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 41.848090] #1: 00000000da72c593 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 41.848108] [ 41.848111] stack backtrace: [ 41.848117] CPU: 0 PID: 5486 Comm: syz-executor480 Not tainted 4.19.0-rc4+ #26 [ 41.848125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.848128] Call Trace: [ 41.848132] dump_stack+0x1c4/0x2b4 [ 41.848137] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.848141] ? vprintk_func+0x85/0x181 [ 41.848146] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 41.848150] ? save_trace+0xe0/0x290 [ 41.848154] __lock_acquire+0x33e4/0x4ec0 [ 41.848158] ? mark_held_locks+0x130/0x130 [ 41.848163] ? mark_held_locks+0x130/0x130 [ 41.848166] ? rcu_bh_qs+0xc0/0xc0 [ 41.848190] ? unwind_dump+0x190/0x190 [ 41.848195] ? is_bpf_text_address+0xd3/0x170 [ 41.848200] ? kernel_text_address+0x79/0xf0 [ 41.848204] ? __kernel_text_address+0xd/0x40 [ 41.848209] ? __save_stack_trace+0x8d/0xf0 [ 41.848214] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 41.848218] ? save_trace+0x290/0x290 [ 41.848222] ? save_stack_trace+0x1a/0x20 [ 41.848227] ? save_trace+0xe0/0x290 [ 41.848231] ? kasan_check_read+0x11/0x20 [ 41.848235] ? graph_lock+0x170/0x170 [ 41.848240] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.848245] lock_acquire+0x1ed/0x520 [ 41.848249] ? down_trylock+0x13/0x70 [ 41.848253] ? find_held_lock+0x36/0x1c0 [ 41.848257] ? lock_release+0x970/0x970 [ 41.848262] ? trace_hardirqs_off+0xb8/0x310 [ 41.848279] ? vprintk_emit+0x1d3/0x930 [ 41.848284] ? trace_hardirqs_on+0x310/0x310 [ 41.848300] ? trace_hardirqs_off+0xb8/0x310 [ 41.848304] ? log_store+0x344/0x4c0 [ 41.848309] ? vprintk_emit+0x322/0x930 [ 41.848313] _raw_spin_lock_irqsave+0x99/0xd0 [ 41.848317] ? down_trylock+0x13/0x70 [ 41.848321] down_trylock+0x13/0x70 [ 41.848326] __down_trylock_console_sem+0xae/0x200 [ 41.848330] console_trylock+0x15/0xa0 [ 41.848334] vprintk_emit+0x322/0x930 [ 41.848339] ? wake_up_klogd+0x180/0x180 [ 41.848343] ? run_rebalance_domains+0x500/0x500 [ 41.848348] ? find_held_lock+0x36/0x1c0 [ 41.848352] ? __queue_work+0x6be/0x1440 [ 41.848356] ? lock_acquire+0x1ed/0x520 [ 41.848361] vprintk_default+0x28/0x30 [ 41.848365] vprintk_func+0x7e/0x181 [ 41.848368] printk+0xa7/0xcf [ 41.848373] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 41.848377] ? kasan_check_write+0x14/0x20 [ 41.848382] ? do_raw_spin_lock+0xc1/0x200 [ 41.848386] ? do_raw_spin_lock+0xc1/0x200 [ 41.848390] kasan_report+0x9b/0x110 [ 41.848395] ? __schedule+0xfc3/0x1ed0 [ 41.848399] __asan_report_load8_noabort+0x14/0x20 [ 41.848403] __schedule+0xfc3/0x1ed0 [ 41.848408] ? __sched_text_start+0x8/0x8 [ 41.848412] ? __lock_is_held+0xb5/0x140 [ 41.848417] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.848421] ? find_held_lock+0x36/0x1c0 [ 41.848425] ? __call_srcu+0x7f9/0x1070 [ 41.848430] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.848435] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 41.848440] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.848444] ? preempt_schedule+0x4d/0x60 [ 41.848449] preempt_schedule_common+0x1f/0xd0 [ 41.848453] preempt_schedule+0x4d/0x60 [ 41.848463] ___preempt_schedule+0x16/0x18 [ 41.848468] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 41.848472] __call_srcu+0x7f9/0x1070 [ 41.848477] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 41.848481] ? srcu_offline_cpu+0x120/0x120 [ 41.848486] ? debug_object_free+0x690/0x690 [ 41.848490] ? mark_held_locks+0x130/0x130 [ 41.848495] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 41.848499] ? lock_release+0x970/0x970 [ 41.848504] ? arch_local_save_flags+0x40/0x40 [ 41.848508] ? depot_save_stack+0x292/0x470 [ 41.848513] ? __lockdep_init_map+0x105/0x590 [ 41.848518] ? __init_waitqueue_head+0x9e/0x150 [ 41.848522] ? init_wait_entry+0x1c0/0x1c0 [ 41.848527] __synchronize_srcu+0x17b/0x230 [ 41.848531] ? call_srcu+0x10/0x10 [ 41.848535] ? rcu_unexpedite_gp+0x20/0x20 [ 41.848540] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.848545] ? check_preemption_disabled+0x48/0x200 [ 41.848549] synchronize_srcu+0x356/0x5ab [ 41.848554] ? lock_downgrade+0x900/0x900 [ 41.848559] ? synchronize_srcu_expedited+0x20/0x20 [ 41.848563] ? kasan_check_read+0x11/0x20 [ 41.848568] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.848572] ? kasan_check_write+0x14/0x20 [ 41.848576] ? do_raw_spin_lock+0xc1/0x200 [ 41.848582] kvm_page_track_unregister_notifier+0x17d/0x250 [ 41.848587] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 41.848591] ? kvfree+0x61/0x70 [ 41.848596] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.848600] kvm_mmu_uninit_vm+0x1c/0x20 [ 41.848605] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 41.848609] ? kvm_arch_sync_events+0x30/0x30 [ 41.848615] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.848619] ? mmu_notifier_unregister+0x474/0x600 [ 41.848623] ? kfree+0x107/0x230 [ 41.848628] ? __mmu_notifier_register+0x30/0x30 [ 41.848632] ? __free_pages+0x10a/0x190 [ 41.848637] ? free_unref_page+0x960/0x960 [ 41.848641] kvm_put_kvm+0x6c8/0xff0 [ 41.848646] ? kvm_write_guest_cached+0x40/0x40 [ 41.848650] ? kvm_irqfd_release+0xd1/0x120 [ 41.848655] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.848659] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.848664] ? kasan_check_write+0x14/0x20 [ 41.848668] ? do_raw_spin_lock+0xc1/0x200 [ 41.848672] ? kvm_irqfd_release+0xdd/0x120 [ 41.848676] ? kvm_irqfd_release+0x [ 41.848685] Lost 72 message(s)! [ 43.027294] Shutting down cpus with NMI [ 44.085741] Kernel Offset: disabled [ 44.089387] Rebooting in 86400 seconds..