[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 33.441661] random: sshd: uninitialized urandom read (32 bytes read)
[ 33.831921] audit: type=1400 audit(1536454389.385:6): avc: denied { map } for pid=5457 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[ 33.881214] random: sshd: uninitialized urandom read (32 bytes read)
[ 34.496480] random: sshd: uninitialized urandom read (32 bytes read)
[ 34.730762] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts.
[ 40.323952] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 40.457808] audit: type=1400 audit(1536454396.015:7): avc: denied { map } for pid=5471 comm="syz-executor417" path="/root/syz-executor417540942" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 40.461447] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 40.510022] ==================================================================
[ 40.520005] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0
[ 40.526235] Read of size 8 at addr ffff8801b3558058 by task syz-executor417/5471
[ 40.533752]
[ 40.535379] CPU: 0 PID: 5471 Comm: syz-executor417 Not tainted 4.19.0-rc2+ #7
[ 40.542641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 40.551986] Call Trace:
[ 40.554567] dump_stack+0x1c4/0x2b4
[ 40.558193] ? dump_stack_print_info.cold.2+0x52/0x52
[ 40.563382] ? printk+0xa7/0xcf
[ 40.566660] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 40.571424] print_address_description.cold.8+0x9/0x1ff
[ 40.576785] kasan_report.cold.9+0x242/0x309
[ 40.581189] ? __schedule+0xfc3/0x1ed0
[ 40.585079] __asan_report_load8_noabort+0x14/0x20
[ 40.590006] __schedule+0xfc3/0x1ed0
[ 40.593720] ? __sched_text_start+0x8/0x8
[ 40.597869] ? __lock_is_held+0xb5/0x140
[ 40.601925] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 40.607023] ? find_held_lock+0x36/0x1c0
[ 40.611087] ? __call_srcu+0x7f9/0x1070
[ 40.615057] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 40.620153] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 40.625250] ? lockdep_hardirqs_on+0x421/0x5c0
[ 40.629832] ? preempt_schedule+0x4d/0x60
[ 40.633977] preempt_schedule_common+0x1f/0xd0
[ 40.638554] preempt_schedule+0x4d/0x60
[ 40.642525] ___preempt_schedule+0x16/0x18
[ 40.646760] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 40.651688] __call_srcu+0x7f9/0x1070
[ 40.655485] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 40.660591] ? srcu_offline_cpu+0x120/0x120
[ 40.664907] ? debug_object_free+0x690/0x690
[ 40.669340] ? mark_held_locks+0x130/0x130
[ 40.673573] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 40.678153] ? lock_release+0x970/0x970
[ 40.682123] ? arch_local_save_flags+0x40/0x40
[ 40.686698] ? depot_save_stack+0x292/0x470
[ 40.691022] ? __lockdep_init_map+0x105/0x590
[ 40.695515] ? __init_waitqueue_head+0x9e/0x150
[ 40.700179] ? init_wait_entry+0x1c0/0x1c0
[ 40.704416] __synchronize_srcu+0x17b/0x230
[ 40.708736] ? call_srcu+0x10/0x10
[ 40.712272] ? rcu_unexpedite_gp+0x20/0x20
[ 40.716532] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 40.722068] ? check_preemption_disabled+0x48/0x200
[ 40.727084] synchronize_srcu+0x356/0x5ab
[ 40.731226] ? lock_downgrade+0x900/0x900
[ 40.735369] ? synchronize_srcu_expedited+0x20/0x20
[ 40.740388] ? kasan_check_read+0x11/0x20
[ 40.744534] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 40.749115] ? kasan_check_write+0x14/0x20
[ 40.753348] ? do_raw_spin_lock+0xc1/0x200
[ 40.757585] kvm_page_track_unregister_notifier+0x17d/0x250
[ 40.763302] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 40.768757] ? kvfree+0x61/0x70
[ 40.772045] ? rcu_read_lock_sched_held+0x108/0x120
[ 40.777056] kvm_mmu_uninit_vm+0x1c/0x20
[ 40.781113] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 40.785518] ? kvm_arch_sync_events+0x30/0x30
[ 40.790015] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 40.795549] ? mmu_notifier_unregister+0x474/0x600
[ 40.800475] ? kfree+0x107/0x230
[ 40.803839] ? __mmu_notifier_register+0x30/0x30
[ 40.808591] ? __free_pages+0x10a/0x190
[ 40.812564] ? free_unref_page+0x960/0x960
[ 40.816822] kvm_put_kvm+0x6c8/0xff0
[ 40.820545] ? kvm_write_guest_cached+0x40/0x40
[ 40.825220] ? kvm_irqfd_release+0xd1/0x120
[ 40.829553] ? _raw_spin_unlock_irq+0x27/0x80
[ 40.834048] ? _raw_spin_unlock_irq+0x27/0x80
[ 40.838549] ? kasan_check_write+0x14/0x20
[ 40.842810] ? do_raw_spin_lock+0xc1/0x200
[ 40.847059] ? kvm_irqfd_release+0xdd/0x120
[ 40.851376] ? kvm_irqfd_release+0xdd/0x120
[ 40.855695] ? kvm_put_kvm+0xff0/0xff0
[ 40.859610] kvm_vm_release+0x42/0x50
[ 40.863403] __fput+0x385/0xa30
[ 40.866683] ? get_max_files+0x20/0x20
[ 40.870569] ? trace_hardirqs_on+0xbd/0x310
[ 40.874891] ? ___might_sleep+0x1ed/0x300
[ 40.879037] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 40.884487] ? arch_local_save_flags+0x40/0x40
[ 40.889067] ? kasan_check_write+0x14/0x20
[ 40.893302] ? do_raw_spin_lock+0xc1/0x200
[ 40.897538] ____fput+0x15/0x20
[ 40.900814] task_work_run+0x1e8/0x2a0
[ 40.904700] ? task_work_cancel+0x240/0x240
[ 40.909018] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 40.914550] ? switch_task_namespaces+0x9d/0xd0
[ 40.919216] do_exit+0x1ad7/0x2610
[ 40.922755] ? mm_update_next_owner+0x990/0x990
[ 40.927426] ? kvm_vcpu_ioctl+0x29c/0x1150
[ 40.931655] ? rcu_read_lock_sched_held+0x108/0x120
[ 40.936669] ? kfree+0x1fa/0x230
[ 40.940031] ? kvm_vcpu_ioctl+0x2a1/0x1150
[ 40.944267] ? kvm_vcpu_block+0x1030/0x1030
[ 40.948598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 40.954130] ? avc_has_extended_perms+0xab2/0x15a0
[ 40.959063] ? fpu__prepare_read+0x37b/0x750
[ 40.963481] ? avc_ss_reset+0x190/0x190
[ 40.967458] ? save_stack+0xa9/0xd0
[ 40.971077] ? save_stack+0x43/0xd0
[ 40.974701] ? __kasan_slab_free+0x102/0x150
[ 40.979105] ? kasan_slab_free+0xe/0x10
[ 40.983076] ? putname+0xf2/0x130
[ 40.986540] ? __x64_sys_openat+0x9d/0x100
[ 40.990773] ? do_syscall_64+0x1b9/0x820
[ 40.994861] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 41.000224] ? ___might_sleep+0x1ed/0x300
[ 41.004367] ? __bpf_trace_initcall_finish+0x2a/0x30
[ 41.009482] ? trace_hardirqs_off+0xb8/0x310
[ 41.013892] ? kvm_vcpu_block+0x1030/0x1030
[ 41.018212] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 41.023742] ? do_vfs_ioctl+0x201/0x1720
[ 41.027796] ? __sanitizer_cov_trace_switch+0x53/0x90
[ 41.032983] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 41.038009] ? __fget_light+0x2e9/0x430
[ 41.041979] ? fget_raw+0x20/0x20
[ 41.045426] ? path_mountpoint+0x52e/0x2190
[ 41.049742] ? rcu_read_lock_sched_held+0x108/0x120
[ 41.054763] ? kmem_cache_free+0x24f/0x290
[ 41.058994] ? putname+0xf7/0x130
[ 41.062459] do_group_exit+0x177/0x440
[ 41.066345] ? trace_hardirqs_on+0xbd/0x310
[ 41.070663] ? __ia32_sys_exit+0x50/0x50
[ 41.074719] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 41.080162] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 41.085705] ? ksys_ioctl+0x81/0xd0
[ 41.089341] __x64_sys_exit_group+0x3e/0x50
[ 41.093661] do_syscall_64+0x1b9/0x820
[ 41.097544] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 41.102919] ? syscall_return_slowpath+0x5e0/0x5e0
[ 41.107844] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 41.112683] ? trace_hardirqs_on_caller+0x310/0x310
[ 41.117697] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 41.122709] ? prepare_exit_to_usermode+0x291/0x3b0
[ 41.127724] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 41.132570] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 41.137754] RIP: 0033:0x43ef28
[ 41.140942] Code: Bad RIP value.
[ 41.144307] RSP: 002b:00007ffc1fa8e4d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 41.152811] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef28
[ 41.160074] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 41.167338] RBP: 00000000004be7e8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 41.174601] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 41.181864] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 41.189135]
[ 41.190755] Allocated by task 5471:
[ 41.194379] save_stack+0x43/0xd0
[ 41.197827] kasan_kmalloc+0xc7/0xe0
[ 41.201559] kasan_slab_alloc+0x12/0x20
[ 41.205551] kmem_cache_alloc+0x12e/0x730
[ 41.209693] vmx_create_vcpu+0xcf/0x25e0
[ 41.213748] kvm_arch_vcpu_create+0xe5/0x220
[ 41.218149] kvm_vm_ioctl+0x470/0x1d40
[ 41.222032] do_vfs_ioctl+0x1de/0x1720
[ 41.225910] ksys_ioctl+0xa9/0xd0
[ 41.229359] __x64_sys_ioctl+0x73/0xb0
[ 41.233241] do_syscall_64+0x1b9/0x820
[ 41.237122] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 41.242304]
[ 41.243928] Freed by task 5471:
[ 41.247201] save_stack+0x43/0xd0
[ 41.250645] __kasan_slab_free+0x102/0x150
[ 41.254875] kasan_slab_free+0xe/0x10
[ 41.258671] kmem_cache_free+0x83/0x290
[ 41.262641] vmx_free_vcpu+0x26b/0x300
[ 41.266520] kvm_arch_destroy_vm+0x365/0x7c0
[ 41.270928] kvm_put_kvm+0x6c8/0xff0
[ 41.274638] kvm_vm_release+0x42/0x50
[ 41.278428] __fput+0x385/0xa30
[ 41.281701] ____fput+0x15/0x20
[ 41.284974] task_work_run+0x1e8/0x2a0
[ 41.288856] do_exit+0x1ad7/0x2610
[ 41.292390] do_group_exit+0x177/0x440
[ 41.296276] __x64_sys_exit_group+0x3e/0x50
[ 41.300598] do_syscall_64+0x1b9/0x820
[ 41.304483] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 41.309655]
[ 41.311279] The buggy address belongs to the object at ffff8801b3558040
[ 41.311279] which belongs to the cache kvm_vcpu of size 23872
[ 41.323860] The buggy address is located 24 bytes inside of
[ 41.323860] 23872-byte region [ffff8801b3558040, ffff8801b355dd80)
[ 41.335834] The buggy address belongs to the page:
[ 41.340756] page:ffffea0006cd5600 count:1 mapcount:0 mapping:ffff8801d791e380 index:0x0 compound_mapcount: 0
[ 41.350718] flags: 0x2fffc0000008100(slab|head)
[ 41.355388] raw: 02fffc0000008100 ffff8801d5424348 ffff8801d5424348 ffff8801d791e380
[ 41.363273] raw: 0000000000000000 ffff8801b3558040 0000000100000001 0000000000000000
[ 41.371149] page dumped because: kasan: bad access detected
[ 41.376846]
[ 41.378461] Memory state around the buggy address:
[ 41.383380] ffff8801b3557f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 41.390729] ffff8801b3557f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 41.398077] >ffff8801b3558000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 41.405425] ^
[ 41.411644] ffff8801b3558080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.418994] ffff8801b3558100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.426342] ==================================================================
[ 41.433693] Kernel panic - not syncing: panic_on_warn set ...
[ 41.433693]
[ 41.441057] CPU: 0 PID: 5471 Comm: syz-executor417 Tainted: G B 4.19.0-rc2+ #7
[ 41.449709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 41.459048] Call Trace:
[ 41.461635] dump_stack+0x1c4/0x2b4
[ 41.465259] ? dump_stack_print_info.cold.2+0x52/0x52
[ 41.470444] ? lock_downgrade+0x900/0x900
[ 41.474590] panic+0x238/0x4e7
[ 41.477795] ? add_taint.cold.5+0x16/0x16
[ 41.481940] ? print_shadow_for_address+0xb6/0x116
[ 41.486862] ? trace_hardirqs_off+0xaf/0x310
[ 41.491266] kasan_end_report+0x47/0x4f
[ 41.495242] kasan_report.cold.9+0x76/0x309
[ 41.499560] ? __schedule+0xfc3/0x1ed0
[ 41.503449] __asan_report_load8_noabort+0x14/0x20
[ 41.508376] __schedule+0xfc3/0x1ed0
[ 41.512090] ? __sched_text_start+0x8/0x8
[ 41.516239] ? __lock_is_held+0xb5/0x140
[ 41.520319] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 41.525441] ? find_held_lock+0x36/0x1c0
[ 41.529505] ? __call_srcu+0x7f9/0x1070
[ 41.533474] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 41.538573] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 41.543674] ? lockdep_hardirqs_on+0x421/0x5c0
[ 41.548250] ? preempt_schedule+0x4d/0x60
[ 41.552394] preempt_schedule_common+0x1f/0xd0
[ 41.556975] preempt_schedule+0x4d/0x60
[ 41.560946] ___preempt_schedule+0x16/0x18
[ 41.565179] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 41.570105] __call_srcu+0x7f9/0x1070
[ 41.573901] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 41.579008] ? srcu_offline_cpu+0x120/0x120
[ 41.583334] ? debug_object_free+0x690/0x690
[ 41.587737] ? mark_held_locks+0x130/0x130
[ 41.591965] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 41.596548] ? lock_release+0x970/0x970
[ 41.600521] ? arch_local_save_flags+0x40/0x40
[ 41.605100] ? depot_save_stack+0x292/0x470
[ 41.609428] ? __lockdep_init_map+0x105/0x590
[ 41.613926] ? __init_waitqueue_head+0x9e/0x150
[ 41.618588] ? init_wait_entry+0x1c0/0x1c0
[ 41.622842] __synchronize_srcu+0x17b/0x230
[ 41.627160] ? call_srcu+0x10/0x10
[ 41.630693] ? rcu_unexpedite_gp+0x20/0x20
[ 41.634935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 41.640472] ? check_preemption_disabled+0x48/0x200
[ 41.645489] synchronize_srcu+0x356/0x5ab
[ 41.649638] ? lock_downgrade+0x900/0x900
[ 41.653781] ? synchronize_srcu_expedited+0x20/0x20
[ 41.658799] ? kasan_check_read+0x11/0x20
[ 41.662948] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 41.667533] ? kasan_check_write+0x14/0x20
[ 41.671764] ? do_raw_spin_lock+0xc1/0x200
[ 41.676001] kvm_page_track_unregister_notifier+0x17d/0x250
[ 41.681717] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 41.687177] ? kvfree+0x61/0x70
[ 41.690466] ? rcu_read_lock_sched_held+0x108/0x120
[ 41.695496] kvm_mmu_uninit_vm+0x1c/0x20
[ 41.699571] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 41.703990] ? kvm_arch_sync_events+0x30/0x30
[ 41.708499] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 41.714047] ? mmu_notifier_unregister+0x474/0x600
[ 41.718985] ? kfree+0x107/0x230
[ 41.722366] ? __mmu_notifier_register+0x30/0x30
[ 41.727122] ? __free_pages+0x10a/0x190
[ 41.731098] ? free_unref_page+0x960/0x960
[ 41.735352] kvm_put_kvm+0x6c8/0xff0
[ 41.739081] ? kvm_write_guest_cached+0x40/0x40
[ 41.743759] ? kvm_irqfd_release+0xd1/0x120
[ 41.748092] ? _raw_spin_unlock_irq+0x27/0x80
[ 41.752593] ? _raw_spin_unlock_irq+0x27/0x80
[ 41.757103] ? kasan_check_write+0x14/0x20
[ 41.761351] ? do_raw_spin_lock+0xc1/0x200
[ 41.765595] ? kvm_irqfd_release+0xdd/0x120
[ 41.769939] ? kvm_irqfd_release+0xdd/0x120
[ 41.774278] ? kvm_put_kvm+0xff0/0xff0
[ 41.778184] kvm_vm_release+0x42/0x50
[ 41.781992] __fput+0x385/0xa30
[ 41.785276] ? get_max_files+0x20/0x20
[ 41.789173] ? trace_hardirqs_on+0xbd/0x310
[ 41.793494] ? ___might_sleep+0x1ed/0x300
[ 41.797639] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 41.803090] ? arch_local_save_flags+0x40/0x40
[ 41.807674] ? kasan_check_write+0x14/0x20
[ 41.811910] ? do_raw_spin_lock+0xc1/0x200
[ 41.816150] ____fput+0x15/0x20
[ 41.819436] task_work_run+0x1e8/0x2a0
[ 41.823334] ? task_work_cancel+0x240/0x240
[ 41.827662] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 41.833204] ? switch_task_namespaces+0x9d/0xd0
[ 41.837873] do_exit+0x1ad7/0x2610
[ 41.841416] ? mm_update_next_owner+0x990/0x990
[ 41.846090] ? kvm_vcpu_ioctl+0x29c/0x1150
[ 41.850331] ? rcu_read_lock_sched_held+0x108/0x120
[ 41.855347] ? kfree+0x1fa/0x230
[ 41.858713] ? kvm_vcpu_ioctl+0x2a1/0x1150
[ 41.862948] ? kvm_vcpu_block+0x1030/0x1030
[ 41.867268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 41.872810] ? avc_has_extended_perms+0xab2/0x15a0
[ 41.877745] ? fpu__prepare_read+0x37b/0x750
[ 41.882150] ? avc_ss_reset+0x190/0x190
[ 41.886125] ? save_stack+0xa9/0xd0
[ 41.889747] ? save_stack+0x43/0xd0
[ 41.893365] ? __kasan_slab_free+0x102/0x150
[ 41.897767] ? kasan_slab_free+0xe/0x10
[ 41.901737] ? putname+0xf2/0x130
[ 41.905186] ? __x64_sys_openat+0x9d/0x100
[ 41.909418] ? do_syscall_64+0x1b9/0x820
[ 41.913480] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 41.918853] ? ___might_sleep+0x1ed/0x300
[ 41.923003] ? __bpf_trace_initcall_finish+0x2a/0x30
[ 41.928102] ? trace_hardirqs_off+0xb8/0x310
[ 41.932511] ? kvm_vcpu_block+0x1030/0x1030
[ 41.936827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 41.942375] ? do_vfs_ioctl+0x201/0x1720
[ 41.946434] ? __sanitizer_cov_trace_switch+0x53/0x90
[ 41.951621] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 41.956631] ? __fget_light+0x2e9/0x430
[ 41.960604] ? fget_raw+0x20/0x20
[ 41.964054] ? path_mountpoint+0x52e/0x2190
[ 41.968375] ? rcu_read_lock_sched_held+0x108/0x120
[ 41.973389] ? kmem_cache_free+0x24f/0x290
[ 41.977619] ? putname+0xf7/0x130
[ 41.981074] do_group_exit+0x177/0x440
[ 41.984963] ? trace_hardirqs_on+0xbd/0x310
[ 41.989283] ? __ia32_sys_exit+0x50/0x50
[ 41.993354] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 41.998801] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 42.004341] ? ksys_ioctl+0x81/0xd0
[ 42.007971] __x64_sys_exit_group+0x3e/0x50
[ 42.012288] do_syscall_64+0x1b9/0x820
[ 42.016199] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 42.021562] ? syscall_return_slowpath+0x5e0/0x5e0
[ 42.026488] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 42.031339] ? trace_hardirqs_on_caller+0x310/0x310
[ 42.036361] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 42.041407] ? prepare_exit_to_usermode+0x291/0x3b0
[ 42.046426] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 42.051749] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 42.056932] RIP: 0033:0x43ef28
[ 42.060125] Code: Bad RIP value.
[ 42.063483] RSP: 002b:00007ffc1fa8e4d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 42.071188] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef28
[ 42.078453] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 42.085713] RBP: 00000000004be7e8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 42.092984] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 42.100248] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 42.107523]
[ 42.107530] ======================================================
[ 42.107536] WARNING: possible circular locking dependency detected
[ 42.107540] 4.19.0-rc2+ #7 Not tainted
[ 42.107546] ------------------------------------------------------
[ 42.107551] syz-executor417/5471 is trying to acquire lock:
[ 42.107555] 00000000041a158b ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 42.107571]
[ 42.107576] but task is already holding lock:
[ 42.107579] 00000000b1cea3dc (report_lock){....}, at: kasan_report+0x8b/0x110
[ 42.107595]
[ 42.107600] which lock already depends on the new lock.
[ 42.107602]
[ 42.107605]
[ 42.107611] the existing dependency chain (in reverse order) is:
[ 42.107613]
[ 42.107616] -> #3 (report_lock){....}:
[ 42.107631] _raw_spin_lock_irqsave+0x99/0xd0
[ 42.107636] kasan_report+0x8b/0x110
[ 42.107641] __asan_report_load8_noabort+0x14/0x20
[ 42.107645] __schedule+0xfc3/0x1ed0
[ 42.107649] preempt_schedule_common+0x1f/0xd0
[ 42.107654] preempt_schedule+0x4d/0x60
[ 42.107658] ___preempt_schedule+0x16/0x18
[ 42.107663] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 42.107667] __call_srcu+0x7f9/0x1070
[ 42.107672] __synchronize_srcu+0x17b/0x230
[ 42.107676] synchronize_srcu+0x356/0x5ab
[ 42.107682] kvm_page_track_unregister_notifier+0x17d/0x250
[ 42.107686] kvm_mmu_uninit_vm+0x1c/0x20
[ 42.107691] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 42.107695] kvm_put_kvm+0x6c8/0xff0
[ 42.107699] kvm_vm_release+0x42/0x50
[ 42.107703] __fput+0x385/0xa30
[ 42.107707] ____fput+0x15/0x20
[ 42.107711] task_work_run+0x1e8/0x2a0
[ 42.107715] do_exit+0x1ad7/0x2610
[ 42.107720] do_group_exit+0x177/0x440
[ 42.107724] __x64_sys_exit_group+0x3e/0x50
[ 42.107728] do_syscall_64+0x1b9/0x820
[ 42.107733] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 42.107736]
[ 42.107738] -> #2 (&rq->lock){-.-.}:
[ 42.107754] _raw_spin_lock+0x2d/0x40
[ 42.107758] task_fork_fair+0xb0/0x6d0
[ 42.107762] sched_fork+0x443/0xba0
[ 42.107767] copy_process+0x2586/0x8780
[ 42.107771] _do_fork+0x1cb/0x11d0
[ 42.107775] kernel_thread+0x34/0x40
[ 42.107779] rest_init+0x22/0xe5
[ 42.107783] start_kernel+0x8f4/0x92f
[ 42.107788] x86_64_start_reservations+0x29/0x2b
[ 42.107792] x86_64_start_kernel+0x76/0x79
[ 42.107797] secondary_startup_64+0xa4/0xb0
[ 42.107799]
[ 42.107802] -> #1 (&p->pi_lock){-.-.}:
[ 42.107818] _raw_spin_lock_irqsave+0x99/0xd0
[ 42.107822] try_to_wake_up+0xd2/0x12f0
[ 42.107826] wake_up_process+0x10/0x20
[ 42.107831] __up.isra.1+0x1c0/0x2a0
[ 42.107834] up+0x13c/0x1c0
[ 42.107839] __up_console_sem+0xbe/0x1b0
[ 42.107843] console_unlock+0x524/0x11a0
[ 42.107847] vprintk_emit+0x33d/0x930
[ 42.107852] vprintk_default+0x28/0x30
[ 42.107856] vprintk_func+0x7e/0x181
[ 42.107860] printk+0xa7/0xcf
[ 42.107864] load_umh+0x51/0xbd
[ 42.107868] do_one_initcall+0x145/0x957
[ 42.107873] kernel_init_freeable+0x4bb/0x5ae
[ 42.107877] kernel_init+0x11/0x1b2
[ 42.107881] ret_from_fork+0x3a/0x50
[ 42.107884]
[ 42.107886] -> #0 ((console_sem).lock){-...}:
[ 42.107902] lock_acquire+0x1ed/0x520
[ 42.107907] _raw_spin_lock_irqsave+0x99/0xd0
[ 42.107911] down_trylock+0x13/0x70
[ 42.107916] __down_trylock_console_sem+0xae/0x200
[ 42.107920] console_trylock+0x15/0xa0
[ 42.107924] vprintk_emit+0x322/0x930
[ 42.107929] vprintk_default+0x28/0x30
[ 42.107933] vprintk_func+0x7e/0x181
[ 42.107937] printk+0xa7/0xcf
[ 42.107941] kasan_report+0x9b/0x110
[ 42.107946] __asan_report_load8_noabort+0x14/0x20
[ 42.107950] __schedule+0xfc3/0x1ed0
[ 42.107954] preempt_schedule_common+0x1f/0xd0
[ 42.107959] preempt_schedule+0x4d/0x60
[ 42.107963] ___preempt_schedule+0x16/0x18
[ 42.107968] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 42.107972] __call_srcu+0x7f9/0x1070
[ 42.107977] __synchronize_srcu+0x17b/0x230
[ 42.107981] synchronize_srcu+0x356/0x5ab
[ 42.107987] kvm_page_track_unregister_notifier+0x17d/0x250
[ 42.107991] kvm_mmu_uninit_vm+0x1c/0x20
[ 42.107996] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 42.108000] kvm_put_kvm+0x6c8/0xff0
[ 42.108004] kvm_vm_release+0x42/0x50
[ 42.108008] __fput+0x385/0xa30
[ 42.108012] ____fput+0x15/0x20
[ 42.108016] task_work_run+0x1e8/0x2a0
[ 42.108020] do_exit+0x1ad7/0x2610
[ 42.108025] do_group_exit+0x177/0x440
[ 42.108029] __x64_sys_exit_group+0x3e/0x50
[ 42.108033] do_syscall_64+0x1b9/0x820
[ 42.108038] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 42.108041]
[ 42.108046] other info that might help us debug this:
[ 42.108048]
[ 42.108051] Chain exists of:
[ 42.108054] (console_sem).lock --> &rq->lock --> report_lock
[ 42.108074]
[ 42.108078] Possible unsafe locking scenario:
[ 42.108080]
[ 42.108085] CPU0 CPU1
[ 42.108089] ---- ----
[ 42.108092] lock(report_lock);
[ 42.108102] lock(&rq->lock);
[ 42.108112] lock(report_lock);
[ 42.108121] lock((console_sem).lock);
[ 42.108129]
[ 42.108133] *** DEADLOCK ***
[ 42.108135]
[ 42.108140] 2 locks held by syz-executor417/5471:
[ 42.108142] #0: 00000000cc7eb9d7 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0
[ 42.108161] #1: 00000000b1cea3dc (report_lock){....}, at: kasan_report+0x8b/0x110
[ 42.108179]
[ 42.108182] stack backtrace:
[ 42.108189] CPU: 0 PID: 5471 Comm: syz-executor417 Not tainted 4.19.0-rc2+ #7
[ 42.108197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 42.108200] Call Trace:
[ 42.108204] dump_stack+0x1c4/0x2b4
[ 42.108209] ? dump_stack_print_info.cold.2+0x52/0x52
[ 42.108213] ? vprintk_func+0x85/0x181
[ 42.108219] print_circular_bug.isra.33.cold.54+0x1bd/0x27d
[ 42.108223] ? save_trace+0xe0/0x290
[ 42.108227] __lock_acquire+0x33e4/0x4ec0
[ 42.108232] ? mark_held_locks+0x130/0x130
[ 42.108236] ? mark_held_locks+0x130/0x130
[ 42.108240] ? rcu_bh_qs+0xc0/0xc0
[ 42.108244] ? unwind_dump+0x190/0x190
[ 42.108249] ? is_bpf_text_address+0xd3/0x170
[ 42.108254] ? kernel_text_address+0x79/0xf0
[ 42.108258] ? __kernel_text_address+0xd/0x40
[ 42.108263] ? __save_stack_trace+0x8d/0xf0
[ 42.108268] ? add_lock_to_list.isra.26+0x1ec/0x4b0
[ 42.108272] ? save_trace+0x290/0x290
[ 42.108276] ? save_stack_trace+0x1a/0x20
[ 42.108280] ? save_trace+0xe0/0x290
[ 42.108285] ? kasan_check_read+0x11/0x20
[ 42.108289] ? graph_lock+0x170/0x170
[ 42.108302] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 42.108306] lock_acquire+0x1ed/0x520
[ 42.108310] ? down_trylock+0x13/0x70
[ 42.108315] ? find_held_lock+0x36/0x1c0
[ 42.108319] ? lock_release+0x970/0x970
[ 42.108324] ? trace_hardirqs_off+0xb8/0x310
[ 42.108334] ? vprintk_emit+0x1d3/0x930
[ 42.108338] ? trace_hardirqs_on+0x310/0x310
[ 42.108343] ? trace_hardirqs_off+0xb8/0x310
[ 42.108347] ? log_store+0x344/0x4c0
[ 42.108351] ? vprintk_emit+0x322/0x930
[ 42.108356] _raw_spin_lock_irqsave+0x99/0xd0
[ 42.108360] ? down_trylock+0x13/0x70
[ 42.108364] down_trylock+0x13/0x70
[ 42.108369] __down_trylock_console_sem+0xae/0x200
[ 42.108373] console_trylock+0x15/0xa0
[ 42.108377] vprintk_emit+0x322/0x930
[ 42.108382] ? wake_up_klogd+0x180/0x180
[ 42.108386] ? run_rebalance_domains+0x500/0x500
[ 42.108391] ? wake_up_worker+0x117/0x190
[ 42.108395] ? find_held_lock+0x36/0x1c0
[ 42.108400] ? __queue_work+0x6be/0x1440
[ 42.108404] ? lock_acquire+0x1ed/0x520
[ 42.108408] vprintk_default+0x28/0x30
[ 42.108412] vprintk_func+0x7e/0x181
[ 42.108416] printk+0xa7/0xcf
[ 42.108421] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 42.108425] ? kasan_check_write+0x14/0x20
[ 42.108430] ? do_raw_spin_lock+0xc1/0x200
[ 42.108434] ? do_raw_spin_lock+0xc1/0x200
[ 42.108438] kasan_report+0x9b/0x110
[ 42.108443] ? __schedule+0xfc3/0x1ed0
[ 42.108447] __asan_report_load8_noabort+0x14/0x20
[ 42.108452] __schedule+0xfc3/0x1ed0
[ 42.108456] ? __sched_text_start+0x8/0x8
[ 42.108460] ? __lock_is_held+0xb5/0x140
[ 42.108465] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 42.108470] ? find_held_lock+0x36/0x1c0
[ 42.108474] ? __call_srcu+0x7f9/0x1070
[ 42.108479] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 42.108484] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 42.108489] ? lockdep_hardirqs_on+0x421/0x5c0
[ 42.108493] ? preempt_schedule+0x4d/0x60
[ 42.108498] preempt_schedule_common+0x1f/0xd0
[ 42.108502] preempt_schedule+0x4d/0x60
[ 42.108506] ___preempt_schedule+0x16/0x18
[ 42.108511] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 42.108515] __call_srcu+0x7f9/0x1070
[ 42.108520] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 42.108525] ? srcu_offline_cpu+0x120/0x120
[ 42.108529] ? debug_object_free+0x690/0x690
[ 42.108534] ? mark_held_locks+0x130/0x130
[ 42.108539] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 42.108543] ? lock_release+0x970/0x970
[ 42.108548] ? arch_local_save_flags+0x40/0x40
[ 42.108552] ? depot_save_stack+0x292/0x470
[ 42.108557] ? __lockdep_init_map+0x105/0x590
[ 42.108562] ? __init_waitqueue_head+0x9e/0x150
[ 42.108566] ? init_wait_entry+0x1c0/0x1c0
[ 42.108571] __synchronize_srcu+0x17b/0x230
[ 42.108575] ? call_srcu+0x10/0x10
[ 42.108579] ? rcu_unexpedite_gp+0x20/0x20
[ 42.108584] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 42.108589] ? check_preemption_disabled+0x48/0x200
[ 42.108594] synchronize_srcu+0x356/0x5ab
[ 42.108598] ? lock_downgrade+0x900/0x900
[ 42.108603] ? synchronize_srcu_expedited+0x20/0x20
[ 42.108608] ? kasan_check_read+0x11/0x20
[ 42.108613] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 42.108617] ? kasan_check_write+0x14/0x20
[ 42.108621] ? do_raw_spin_lock+0xc1/0x200
[ 42.108627] kvm_page_track_unregister_notifier+0x17d/0x250
[ 42.108632] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 42.108636] ? kvfree+0x61/0x70
[ 42.108641] ? rcu_read_lock_sched_held+0x108/0x120
[ 42.108645] kvm_mmu_uninit_vm+0x1c/0x20
[ 42.108650] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 42.108655] ? kvm_arch_sync_events+0x30/0x30
[ 42.108660] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 42.108665] ? mmu_notifier_unregister+0x474/0x600
[ 42.108669] ? kfree+0x107/0x230
[ 42.108673] ? __mmu_notifier_register+0x30/0x30
[ 42.108678] ? __free_pages+0x10a/0x190
[ 42.108682] ? free_unref_page+0x960/0x960
[ 42.108686] kvm_put_kvm+0x6c8/0xff0
[ 42.108691] ? kvm_write_guest_cached+0x40/0x40
[ 42.108696] ? kvm_irqfd_release+0xd1/0x120
[ 42.108700] ? _raw_spin_unlock_irq+0x27/0x80
[ 42.108705] ? _raw_spin_unlock_irq+0x27/0x80
[ 42.108709] ? kasan_check_write+0x14/0x20
[ 42.108714] ? do_raw_spin_lock+0xc1/0x200
[ 42.108718] ? kvm_irqfd_release+0xdd/0
[ 42.108726] Lost 74 message(s)!
[ 43.292221] Shutting down cpus with NMI
[ 44.350340] Dumping ftrace buffer:
[ 44.353863] (ftrace buffer empty)
[ 44.358111] Kernel Offset: disabled
[ 44.361729] Rebooting in 86400 seconds..