[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 32.971469] random: sshd: uninitialized urandom read (32 bytes read)
[ 33.238663] audit: type=1400 audit(1536693608.635:6): avc: denied { map } for pid=5481 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[ 33.293656] random: sshd: uninitialized urandom read (32 bytes read)
[ 33.992761] random: sshd: uninitialized urandom read (32 bytes read)
[ 34.228354] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.62' (ECDSA) to the list of known hosts.
[ 39.842724] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 39.977169] audit: type=1400 audit(1536693615.375:7): avc: denied { map } for pid=5495 comm="syz-executor108" path="/root/syz-executor108408635" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 39.981121] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 40.030928] ==================================================================
[ 40.040738] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0
[ 40.046974] Read of size 8 at addr ffff8801bbfd8058 by task syz-executor108/5495
[ 40.054509]
[ 40.056132] CPU: 0 PID: 5495 Comm: syz-executor108 Not tainted 4.19.0-rc3+ #10
[ 40.063492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 40.072839] Call Trace:
[ 40.075446] dump_stack+0x1c4/0x2b4
[ 40.079093] ? dump_stack_print_info.cold.2+0x52/0x52
[ 40.084285] ? printk+0xa7/0xcf
[ 40.087568] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 40.092337] print_address_description.cold.8+0x9/0x1ff
[ 40.097700] kasan_report.cold.9+0x242/0x309
[ 40.102117] ? __schedule+0xfc3/0x1ed0
[ 40.106005] __asan_report_load8_noabort+0x14/0x20
[ 40.111106] __schedule+0xfc3/0x1ed0
[ 40.114852] ? __sched_text_start+0x8/0x8
[ 40.119188] ? __lock_is_held+0xb5/0x140
[ 40.123242] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 40.128341] ? find_held_lock+0x36/0x1c0
[ 40.132399] ? __call_srcu+0x7f9/0x1070
[ 40.136373] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 40.141472] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 40.146603] ? lockdep_hardirqs_on+0x421/0x5c0
[ 40.151183] ? preempt_schedule+0x4d/0x60
[ 40.155327] preempt_schedule_common+0x1f/0xd0
[ 40.159905] preempt_schedule+0x4d/0x60
[ 40.163874] ___preempt_schedule+0x16/0x18
[ 40.168106] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 40.173031] __call_srcu+0x7f9/0x1070
[ 40.176854] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 40.181972] ? srcu_offline_cpu+0x120/0x120
[ 40.186293] ? debug_object_free+0x690/0x690
[ 40.190697] ? mark_held_locks+0x130/0x130
[ 40.194924] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 40.199518] ? lock_release+0x970/0x970
[ 40.203498] ? arch_local_save_flags+0x40/0x40
[ 40.208167] ? depot_save_stack+0x292/0x470
[ 40.212509] ? __lockdep_init_map+0x105/0x590
[ 40.217002] ? __init_waitqueue_head+0x9e/0x150
[ 40.221670] ? init_wait_entry+0x1c0/0x1c0
[ 40.225907] __synchronize_srcu+0x17b/0x230
[ 40.230233] ? call_srcu+0x10/0x10
[ 40.233786] ? rcu_unexpedite_gp+0x20/0x20
[ 40.238021] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 40.243551] ? check_preemption_disabled+0x48/0x200
[ 40.248567] synchronize_srcu+0x356/0x5ab
[ 40.252714] ? lock_downgrade+0x900/0x900
[ 40.256875] ? synchronize_srcu_expedited+0x20/0x20
[ 40.261892] ? kasan_check_read+0x11/0x20
[ 40.266036] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 40.270615] ? kasan_check_write+0x14/0x20
[ 40.274845] ? do_raw_spin_lock+0xc1/0x200
[ 40.279080] kvm_page_track_unregister_notifier+0x17d/0x250
[ 40.284785] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 40.290234] ? kvfree+0x61/0x70
[ 40.293529] ? rcu_read_lock_sched_held+0x108/0x120
[ 40.298546] kvm_mmu_uninit_vm+0x1c/0x20
[ 40.302609] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 40.307026] ? kvm_arch_sync_events+0x30/0x30
[ 40.311520] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 40.317072] ? mmu_notifier_unregister+0x474/0x600
[ 40.322005] ? kfree+0x107/0x230
[ 40.325366] ? __mmu_notifier_register+0x30/0x30
[ 40.330121] ? __free_pages+0x10a/0x190
[ 40.334090] ? free_unref_page+0x960/0x960
[ 40.338337] kvm_put_kvm+0x6c8/0xff0
[ 40.342057] ? kvm_write_guest_cached+0x40/0x40
[ 40.346734] ? kvm_irqfd_release+0xd1/0x120
[ 40.351059] ? _raw_spin_unlock_irq+0x27/0x80
[ 40.355555] ? _raw_spin_unlock_irq+0x27/0x80
[ 40.360057] ? kasan_check_write+0x14/0x20
[ 40.364291] ? do_raw_spin_lock+0xc1/0x200
[ 40.368526] ? kvm_irqfd_release+0xdd/0x120
[ 40.372868] ? kvm_irqfd_release+0xdd/0x120
[ 40.377184] ? kvm_put_kvm+0xff0/0xff0
[ 40.381075] kvm_vm_release+0x42/0x50
[ 40.384882] __fput+0x385/0xa30
[ 40.388157] ? get_max_files+0x20/0x20
[ 40.392056] ? trace_hardirqs_on+0xbd/0x310
[ 40.396395] ? ___might_sleep+0x1ed/0x300
[ 40.400552] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 40.406002] ? arch_local_save_flags+0x40/0x40
[ 40.410585] ? kasan_check_write+0x14/0x20
[ 40.414820] ? do_raw_spin_lock+0xc1/0x200
[ 40.419051] ____fput+0x15/0x20
[ 40.422332] task_work_run+0x1e8/0x2a0
[ 40.426235] ? task_work_cancel+0x240/0x240
[ 40.430557] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 40.436089] ? switch_task_namespaces+0x9d/0xd0
[ 40.440762] do_exit+0x1ad7/0x2610
[ 40.444303] ? mm_update_next_owner+0x990/0x990
[ 40.448972] ? kvm_vcpu_ioctl+0x29c/0x1150
[ 40.453202] ? rcu_read_lock_sched_held+0x108/0x120
[ 40.458213] ? kfree+0x1fa/0x230
[ 40.461579] ? kvm_vcpu_ioctl+0x2a1/0x1150
[ 40.465810] ? kvm_vcpu_block+0x1030/0x1030
[ 40.470130] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 40.475664] ? avc_has_extended_perms+0xab2/0x15a0
[ 40.480597] ? fpu__prepare_read+0x3b/0x750
[ 40.484916] ? avc_ss_reset+0x190/0x190
[ 40.488887] ? save_stack+0xa9/0xd0
[ 40.492534] ? save_stack+0x43/0xd0
[ 40.496153] ? __kasan_slab_free+0x102/0x150
[ 40.500568] ? kasan_slab_free+0xe/0x10
[ 40.504547] ? putname+0xf2/0x130
[ 40.508008] ? __x64_sys_openat+0x9d/0x100
[ 40.512241] ? do_syscall_64+0x1b9/0x820
[ 40.516302] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 40.521783] ? ___might_sleep+0x1ed/0x300
[ 40.525931] ? __bpf_trace_initcall_finish+0x2a/0x30
[ 40.531035] ? trace_hardirqs_off+0xb8/0x310
[ 40.535443] ? kvm_vcpu_block+0x1030/0x1030
[ 40.539764] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 40.545297] ? do_vfs_ioctl+0x201/0x1720
[ 40.549355] ? __sanitizer_cov_trace_switch+0x53/0x90
[ 40.554543] ? ioctl_preallocate+0x300/0x300
[ 40.558948] ? selinux_file_mprotect+0x620/0x620
[ 40.563699] ? path_mountpoint+0x34f/0x2190
[ 40.568017] ? rcu_read_lock_sched_held+0x108/0x120
[ 40.573043] ? kmem_cache_free+0x24f/0x290
[ 40.577278] ? putname+0xf7/0x130
[ 40.580735] do_group_exit+0x177/0x440
[ 40.584629] ? trace_hardirqs_on+0xbd/0x310
[ 40.588950] ? __ia32_sys_exit+0x50/0x50
[ 40.593015] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 40.598462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 40.604002] ? ksys_ioctl+0x81/0xd0
[ 40.607627] __x64_sys_exit_group+0x3e/0x50
[ 40.611945] do_syscall_64+0x1b9/0x820
[ 40.615862] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 40.621221] ? syscall_return_slowpath+0x5e0/0x5e0
[ 40.626158] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 40.631003] ? trace_hardirqs_on_caller+0x310/0x310
[ 40.636016] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 40.641028] ? prepare_exit_to_usermode+0x291/0x3b0
[ 40.646043] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 40.650885] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 40.656083] RIP: 0033:0x43ecc8
[ 40.659275] Code: Bad RIP value.
[ 40.662634] RSP: 002b:00007ffd150568d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 40.670336] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8
[ 40.677597] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 40.684880] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 40.692145] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 40.699407] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 40.706692]
[ 40.708322] Allocated by task 5495:
[ 40.711941] save_stack+0x43/0xd0
[ 40.715390] kasan_kmalloc+0xc7/0xe0
[ 40.719109] kasan_slab_alloc+0x12/0x20
[ 40.723099] kmem_cache_alloc+0x12e/0x730
[ 40.727251] vmx_create_vcpu+0xcf/0x25e0
[ 40.731309] kvm_arch_vcpu_create+0xe5/0x220
[ 40.735713] kvm_vm_ioctl+0x470/0x1d40
[ 40.739610] do_vfs_ioctl+0x1de/0x1720
[ 40.743496] ksys_ioctl+0xa9/0xd0
[ 40.746941] __x64_sys_ioctl+0x73/0xb0
[ 40.750821] do_syscall_64+0x1b9/0x820
[ 40.754706] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 40.759883]
[ 40.761507] Freed by task 5495:
[ 40.764781] save_stack+0x43/0xd0
[ 40.768226] __kasan_slab_free+0x102/0x150
[ 40.772454] kasan_slab_free+0xe/0x10
[ 40.776256] kmem_cache_free+0x83/0x290
[ 40.780229] vmx_free_vcpu+0x26b/0x300
[ 40.784115] kvm_arch_destroy_vm+0x365/0x7c0
[ 40.788523] kvm_put_kvm+0x6c8/0xff0
[ 40.792243] kvm_vm_release+0x42/0x50
[ 40.796036] __fput+0x385/0xa30
[ 40.799321] ____fput+0x15/0x20
[ 40.802596] task_work_run+0x1e8/0x2a0
[ 40.806483] do_exit+0x1ad7/0x2610
[ 40.810019] do_group_exit+0x177/0x440
[ 40.813912] __x64_sys_exit_group+0x3e/0x50
[ 40.818230] do_syscall_64+0x1b9/0x820
[ 40.822115] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 40.827298]
[ 40.828918] The buggy address belongs to the object at ffff8801bbfd8040
[ 40.828918] which belongs to the cache kvm_vcpu of size 23872
[ 40.841493] The buggy address is located 24 bytes inside of
[ 40.841493] 23872-byte region [ffff8801bbfd8040, ffff8801bbfddd80)
[ 40.853446] The buggy address belongs to the page:
[ 40.858376] page:ffffea0006eff600 count:1 mapcount:0 mapping:ffff8801d554ddc0 index:0x0 compound_mapcount: 0
[ 40.868338] flags: 0x2fffc0000008100(slab|head)
[ 40.873005] raw: 02fffc0000008100 ffff8801d554ef48 ffff8801d554ef48 ffff8801d554ddc0
[ 40.880885] raw: 0000000000000000 ffff8801bbfd8040 0000000100000001 0000000000000000
[ 40.888755] page dumped because: kasan: bad access detected
[ 40.894464]
[ 40.896097] Memory state around the buggy address:
[ 40.901019] ffff8801bbfd7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 40.908385] ffff8801bbfd7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 40.915751] >ffff8801bbfd8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 40.923152] ^
[ 40.929393] ffff8801bbfd8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.936749] ffff8801bbfd8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.944122] ==================================================================
[ 40.951488] Kernel panic - not syncing: panic_on_warn set ...
[ 40.951488]
[ 40.958866] CPU: 0 PID: 5495 Comm: syz-executor108 Tainted: G B 4.19.0-rc3+ #10
[ 40.967603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 40.976949] Call Trace:
[ 40.979540] dump_stack+0x1c4/0x2b4
[ 40.983164] ? dump_stack_print_info.cold.2+0x52/0x52
[ 40.988357] ? lock_downgrade+0x900/0x900
[ 40.992507] panic+0x238/0x4e7
[ 40.995707] ? add_taint.cold.5+0x16/0x16
[ 40.999870] ? print_shadow_for_address+0xb6/0x116
[ 41.005059] ? trace_hardirqs_off+0xaf/0x310
[ 41.009466] kasan_end_report+0x47/0x4f
[ 41.013462] kasan_report.cold.9+0x76/0x309
[ 41.017796] ? __schedule+0xfc3/0x1ed0
[ 41.021697] __asan_report_load8_noabort+0x14/0x20
[ 41.026625] __schedule+0xfc3/0x1ed0
[ 41.030340] ? __sched_text_start+0x8/0x8
[ 41.034502] ? __lock_is_held+0xb5/0x140
[ 41.038579] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 41.043691] ? find_held_lock+0x36/0x1c0
[ 41.047761] ? __call_srcu+0x7f9/0x1070
[ 41.051735] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 41.056841] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 41.061937] ? lockdep_hardirqs_on+0x421/0x5c0
[ 41.066524] ? preempt_schedule+0x4d/0x60
[ 41.070692] preempt_schedule_common+0x1f/0xd0
[ 41.075287] preempt_schedule+0x4d/0x60
[ 41.079255] ___preempt_schedule+0x16/0x18
[ 41.083506] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 41.088434] __call_srcu+0x7f9/0x1070
[ 41.092230] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 41.097338] ? srcu_offline_cpu+0x120/0x120
[ 41.101659] ? debug_object_free+0x690/0x690
[ 41.106063] ? mark_held_locks+0x130/0x130
[ 41.110294] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 41.114878] ? lock_release+0x970/0x970
[ 41.118849] ? arch_local_save_flags+0x40/0x40
[ 41.123428] ? depot_save_stack+0x292/0x470
[ 41.127763] ? __lockdep_init_map+0x105/0x590
[ 41.132259] ? __init_waitqueue_head+0x9e/0x150
[ 41.136923] ? init_wait_entry+0x1c0/0x1c0
[ 41.141158] __synchronize_srcu+0x17b/0x230
[ 41.145473] ? call_srcu+0x10/0x10
[ 41.149030] ? rcu_unexpedite_gp+0x20/0x20
[ 41.153267] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 41.158805] ? check_preemption_disabled+0x48/0x200
[ 41.163821] synchronize_srcu+0x356/0x5ab
[ 41.167966] ? lock_downgrade+0x900/0x900
[ 41.172111] ? synchronize_srcu_expedited+0x20/0x20
[ 41.177125] ? kasan_check_read+0x11/0x20
[ 41.181276] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 41.185858] ? kasan_check_write+0x14/0x20
[ 41.190087] ? do_raw_spin_lock+0xc1/0x200
[ 41.194343] kvm_page_track_unregister_notifier+0x17d/0x250
[ 41.200049] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 41.205512] ? kvfree+0x61/0x70
[ 41.208794] ? rcu_read_lock_sched_held+0x108/0x120
[ 41.213837] kvm_mmu_uninit_vm+0x1c/0x20
[ 41.217897] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 41.222332] ? kvm_arch_sync_events+0x30/0x30
[ 41.226840] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 41.232374] ? mmu_notifier_unregister+0x474/0x600
[ 41.237311] ? kfree+0x107/0x230
[ 41.240676] ? __mmu_notifier_register+0x30/0x30
[ 41.245427] ? __free_pages+0x10a/0x190
[ 41.249411] ? free_unref_page+0x960/0x960
[ 41.253655] kvm_put_kvm+0x6c8/0xff0
[ 41.257383] ? kvm_write_guest_cached+0x40/0x40
[ 41.262048] ? kvm_irqfd_release+0xd1/0x120
[ 41.266380] ? _raw_spin_unlock_irq+0x27/0x80
[ 41.270869] ? _raw_spin_unlock_irq+0x27/0x80
[ 41.275367] ? kasan_check_write+0x14/0x20
[ 41.279598] ? do_raw_spin_lock+0xc1/0x200
[ 41.283833] ? kvm_irqfd_release+0xdd/0x120
[ 41.288148] ? kvm_irqfd_release+0xdd/0x120
[ 41.292488] ? kvm_put_kvm+0xff0/0xff0
[ 41.296373] kvm_vm_release+0x42/0x50
[ 41.300180] __fput+0x385/0xa30
[ 41.303456] ? get_max_files+0x20/0x20
[ 41.307346] ? trace_hardirqs_on+0xbd/0x310
[ 41.311671] ? ___might_sleep+0x1ed/0x300
[ 41.315827] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 41.321278] ? arch_local_save_flags+0x40/0x40
[ 41.325858] ? kasan_check_write+0x14/0x20
[ 41.330095] ? do_raw_spin_lock+0xc1/0x200
[ 41.334325] ____fput+0x15/0x20
[ 41.337614] task_work_run+0x1e8/0x2a0
[ 41.341526] ? task_work_cancel+0x240/0x240
[ 41.345879] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 41.351414] ? switch_task_namespaces+0x9d/0xd0
[ 41.356079] do_exit+0x1ad7/0x2610
[ 41.359622] ? mm_update_next_owner+0x990/0x990
[ 41.364304] ? kvm_vcpu_ioctl+0x29c/0x1150
[ 41.368549] ? rcu_read_lock_sched_held+0x108/0x120
[ 41.373562] ? kfree+0x1fa/0x230
[ 41.376927] ? kvm_vcpu_ioctl+0x2a1/0x1150
[ 41.381154] ? kvm_vcpu_block+0x1030/0x1030
[ 41.385470] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 41.391010] ? avc_has_extended_perms+0xab2/0x15a0
[ 41.395950] ? fpu__prepare_read+0x3b/0x750
[ 41.400267] ? avc_ss_reset+0x190/0x190
[ 41.404242] ? save_stack+0xa9/0xd0
[ 41.407866] ? save_stack+0x43/0xd0
[ 41.411497] ? __kasan_slab_free+0x102/0x150
[ 41.415904] ? kasan_slab_free+0xe/0x10
[ 41.419869] ? putname+0xf2/0x130
[ 41.423316] ? __x64_sys_openat+0x9d/0x100
[ 41.427554] ? do_syscall_64+0x1b9/0x820
[ 41.431632] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 41.436998] ? ___might_sleep+0x1ed/0x300
[ 41.441145] ? __bpf_trace_initcall_finish+0x2a/0x30
[ 41.446242] ? trace_hardirqs_off+0xb8/0x310
[ 41.450651] ? kvm_vcpu_block+0x1030/0x1030
[ 41.454970] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 41.460528] ? do_vfs_ioctl+0x201/0x1720
[ 41.464588] ? __sanitizer_cov_trace_switch+0x53/0x90
[ 41.469775] ? ioctl_preallocate+0x300/0x300
[ 41.474207] ? selinux_file_mprotect+0x620/0x620
[ 41.478973] ? path_mountpoint+0x34f/0x2190
[ 41.483290] ? rcu_read_lock_sched_held+0x108/0x120
[ 41.488301] ? kmem_cache_free+0x24f/0x290
[ 41.492530] ? putname+0xf7/0x130
[ 41.495985] do_group_exit+0x177/0x440
[ 41.499871] ? trace_hardirqs_on+0xbd/0x310
[ 41.504190] ? __ia32_sys_exit+0x50/0x50
[ 41.508248] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 41.513705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 41.519240] ? ksys_ioctl+0x81/0xd0
[ 41.522872] __x64_sys_exit_group+0x3e/0x50
[ 41.527233] do_syscall_64+0x1b9/0x820
[ 41.531116] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 41.536486] ? syscall_return_slowpath+0x5e0/0x5e0
[ 41.541412] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 41.546252] ? trace_hardirqs_on_caller+0x310/0x310
[ 41.551267] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 41.556281] ? prepare_exit_to_usermode+0x291/0x3b0
[ 41.561297] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 41.566141] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 41.571333] RIP: 0033:0x43ecc8
[ 41.574535] Code: Bad RIP value.
[ 41.577897] RSP: 002b:00007ffd150568d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 41.585602] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8
[ 41.592868] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 41.600133] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 41.607428] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 41.614690] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 41.621962]
[ 41.621968] ======================================================
[ 41.621974] WARNING: possible circular locking dependency detected
[ 41.621978] 4.19.0-rc3+ #10 Not tainted
[ 41.621984] ------------------------------------------------------
[ 41.621989] syz-executor108/5495 is trying to acquire lock:
[ 41.621993] 00000000aa9c8478 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 41.622009]
[ 41.622013] but task is already holding lock:
[ 41.622017] 00000000d36754fb (report_lock){....}, at: kasan_report+0x8b/0x110
[ 41.622033]
[ 41.622038] which lock already depends on the new lock.
[ 41.622040]
[ 41.622043]
[ 41.622048] the existing dependency chain (in reverse order) is:
[ 41.622051]
[ 41.622053] -> #3 (report_lock){....}:
[ 41.622069] _raw_spin_lock_irqsave+0x99/0xd0
[ 41.622074] kasan_report+0x8b/0x110
[ 41.622079] __asan_report_load8_noabort+0x14/0x20
[ 41.622083] __schedule+0xfc3/0x1ed0
[ 41.622087] preempt_schedule_common+0x1f/0xd0
[ 41.622092] preempt_schedule+0x4d/0x60
[ 41.622096] ___preempt_schedule+0x16/0x18
[ 41.622101] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 41.622105] __call_srcu+0x7f9/0x1070
[ 41.622110] __synchronize_srcu+0x17b/0x230
[ 41.622114] synchronize_srcu+0x356/0x5ab
[ 41.622120] kvm_page_track_unregister_notifier+0x17d/0x250
[ 41.622124] kvm_mmu_uninit_vm+0x1c/0x20
[ 41.622128] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 41.622133] kvm_put_kvm+0x6c8/0xff0
[ 41.622137] kvm_vm_release+0x42/0x50
[ 41.622141] __fput+0x385/0xa30
[ 41.622144] ____fput+0x15/0x20
[ 41.622149] task_work_run+0x1e8/0x2a0
[ 41.622153] do_exit+0x1ad7/0x2610
[ 41.622157] do_group_exit+0x177/0x440
[ 41.622161] __x64_sys_exit_group+0x3e/0x50
[ 41.622166] do_syscall_64+0x1b9/0x820
[ 41.622171] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 41.622173]
[ 41.622176] -> #2 (&rq->lock){-.-.}:
[ 41.622191] _raw_spin_lock+0x2d/0x40
[ 41.622195] task_fork_fair+0xb0/0x6d0
[ 41.622199] sched_fork+0x443/0xba0
[ 41.622204] copy_process+0x2586/0x8780
[ 41.622208] _do_fork+0x1cb/0x11d0
[ 41.622212] kernel_thread+0x34/0x40
[ 41.622216] rest_init+0x22/0xe5
[ 41.622220] start_kernel+0x8f4/0x92f
[ 41.622225] x86_64_start_reservations+0x29/0x2b
[ 41.622229] x86_64_start_kernel+0x76/0x79
[ 41.622234] secondary_startup_64+0xa4/0xb0
[ 41.622236]
[ 41.622239] -> #1 (&p->pi_lock){-.-.}:
[ 41.622268] _raw_spin_lock_irqsave+0x99/0xd0
[ 41.622272] try_to_wake_up+0xd2/0x12f0
[ 41.622276] wake_up_process+0x10/0x20
[ 41.622280] __up.isra.1+0x1c0/0x2a0
[ 41.622284] up+0x13c/0x1c0
[ 41.622288] __up_console_sem+0xbe/0x1b0
[ 41.622292] console_unlock+0x524/0x11a0
[ 41.622296] vprintk_emit+0x33d/0x930
[ 41.622300] vprintk_default+0x28/0x30
[ 41.622304] vprintk_func+0x7e/0x181
[ 41.622308] printk+0xa7/0xcf
[ 41.622312] load_umh+0x51/0xbd
[ 41.622316] do_one_initcall+0x145/0x957
[ 41.622320] kernel_init_freeable+0x4bb/0x5ae
[ 41.622324] kernel_init+0x11/0x1b2
[ 41.622328] ret_from_fork+0x3a/0x50
[ 41.622331]
[ 41.622333] -> #0 ((console_sem).lock){-...}:
[ 41.622348] lock_acquire+0x1ed/0x520
[ 41.622353] _raw_spin_lock_irqsave+0x99/0xd0
[ 41.622357] down_trylock+0x13/0x70
[ 41.622361] __down_trylock_console_sem+0xae/0x200
[ 41.622366] console_trylock+0x15/0xa0
[ 41.622370] vprintk_emit+0x322/0x930
[ 41.622374] vprintk_default+0x28/0x30
[ 41.622378] vprintk_func+0x7e/0x181
[ 41.622381] printk+0xa7/0xcf
[ 41.622385] kasan_report+0x9b/0x110
[ 41.622390] __asan_report_load8_noabort+0x14/0x20
[ 41.622394] __schedule+0xfc3/0x1ed0
[ 41.622399] preempt_schedule_common+0x1f/0xd0
[ 41.622403] preempt_schedule+0x4d/0x60
[ 41.622407] ___preempt_schedule+0x16/0x18
[ 41.622412] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 41.622416] __call_srcu+0x7f9/0x1070
[ 41.622420] __synchronize_srcu+0x17b/0x230
[ 41.622436] synchronize_srcu+0x356/0x5ab
[ 41.622442] kvm_page_track_unregister_notifier+0x17d/0x250
[ 41.622446] kvm_mmu_uninit_vm+0x1c/0x20
[ 41.622450] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 41.622455] kvm_put_kvm+0x6c8/0xff0
[ 41.622459] kvm_vm_release+0x42/0x50
[ 41.622463] __fput+0x385/0xa30
[ 41.622467] ____fput+0x15/0x20
[ 41.622471] task_work_run+0x1e8/0x2a0
[ 41.622475] do_exit+0x1ad7/0x2610
[ 41.622487] do_group_exit+0x177/0x440
[ 41.622491] __x64_sys_exit_group+0x3e/0x50
[ 41.622495] do_syscall_64+0x1b9/0x820
[ 41.622501] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 41.622503]
[ 41.622508] other info that might help us debug this:
[ 41.622510]
[ 41.622514] Chain exists of:
[ 41.622516] (console_sem).lock --> &rq->lock --> report_lock
[ 41.622536]
[ 41.622540] Possible unsafe locking scenario:
[ 41.622543]
[ 41.622547] CPU0 CPU1
[ 41.622551] ---- ----
[ 41.622554] lock(report_lock);
[ 41.622564] lock(&rq->lock);
[ 41.622574] lock(report_lock);
[ 41.622582] lock((console_sem).lock);
[ 41.622591]
[ 41.622594] *** DEADLOCK ***
[ 41.622597]
[ 41.622601] 2 locks held by syz-executor108/5495:
[ 41.622604] #0: 00000000cabbcf02 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0
[ 41.622622] #1: 00000000d36754fb (report_lock){....}, at: kasan_report+0x8b/0x110
[ 41.622640]
[ 41.622644] stack backtrace:
[ 41.622650] CPU: 0 PID: 5495 Comm: syz-executor108 Not tainted 4.19.0-rc3+ #10
[ 41.622658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 41.622661] Call Trace:
[ 41.622665] dump_stack+0x1c4/0x2b4
[ 41.622670] ? dump_stack_print_info.cold.2+0x52/0x52
[ 41.622675] ? vprintk_func+0x85/0x181
[ 41.622680] print_circular_bug.isra.33.cold.54+0x1bd/0x27d
[ 41.622684] ? save_trace+0xe0/0x290
[ 41.622689] __lock_acquire+0x33e4/0x4ec0
[ 41.622693] ? mark_held_locks+0x130/0x130
[ 41.622697] ? mark_held_locks+0x130/0x130
[ 41.622702] ? rcu_bh_qs+0xc0/0xc0
[ 41.622706] ? unwind_dump+0x190/0x190
[ 41.622711] ? is_bpf_text_address+0xd3/0x170
[ 41.622715] ? kernel_text_address+0x79/0xf0
[ 41.622720] ? __kernel_text_address+0xd/0x40
[ 41.622724] ? __save_stack_trace+0x8d/0xf0
[ 41.622729] ? add_lock_to_list.isra.26+0x1ec/0x4b0
[ 41.622733] ? save_trace+0x290/0x290
[ 41.622738] ? save_stack_trace+0x1a/0x20
[ 41.622747] ? save_trace+0xe0/0x290
[ 41.622751] ? kasan_check_read+0x11/0x20
[ 41.622755] ? graph_lock+0x170/0x170
[ 41.622761] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 41.622765] lock_acquire+0x1ed/0x520
[ 41.622769] ? down_trylock+0x13/0x70
[ 41.622773] ? find_held_lock+0x36/0x1c0
[ 41.622778] ? lock_release+0x970/0x970
[ 41.622782] ? trace_hardirqs_off+0xb8/0x310
[ 41.622786] ? vprintk_emit+0x1d3/0x930
[ 41.622791] ? trace_hardirqs_on+0x310/0x310
[ 41.622796] ? trace_hardirqs_off+0xb8/0x310
[ 41.622800] ? log_store+0x344/0x4c0
[ 41.622804] ? vprintk_emit+0x322/0x930
[ 41.622808] _raw_spin_lock_irqsave+0x99/0xd0
[ 41.622813] ? down_trylock+0x13/0x70
[ 41.622817] down_trylock+0x13/0x70
[ 41.622821] __down_trylock_console_sem+0xae/0x200
[ 41.622826] console_trylock+0x15/0xa0
[ 41.622830] vprintk_emit+0x322/0x930
[ 41.622834] ? wake_up_klogd+0x180/0x180
[ 41.622839] ? run_rebalance_domains+0x500/0x500
[ 41.622843] ? wake_up_worker+0x117/0x190
[ 41.622847] ? find_held_lock+0x36/0x1c0
[ 41.622852] ? __queue_work+0x6be/0x1440
[ 41.622856] ? lock_acquire+0x1ed/0x520
[ 41.622860] vprintk_default+0x28/0x30
[ 41.622864] vprintk_func+0x7e/0x181
[ 41.622868] printk+0xa7/0xcf
[ 41.622872] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 41.622877] ? kasan_check_write+0x14/0x20
[ 41.622881] ? do_raw_spin_lock+0xc1/0x200
[ 41.622886] ? do_raw_spin_lock+0xc1/0x200
[ 41.622890] kasan_report+0x9b/0x110
[ 41.622894] ? __schedule+0xfc3/0x1ed0
[ 41.622899] __asan_report_load8_noabort+0x14/0x20
[ 41.622903] __schedule+0xfc3/0x1ed0
[ 41.622907] ? __sched_text_start+0x8/0x8
[ 41.622912] ? __lock_is_held+0xb5/0x140
[ 41.622916] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 41.622921] ? find_held_lock+0x36/0x1c0
[ 41.622925] ? __call_srcu+0x7f9/0x1070
[ 41.622930] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 41.622935] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 41.622940] ? lockdep_hardirqs_on+0x421/0x5c0
[ 41.622944] ? preempt_schedule+0x4d/0x60
[ 41.622949] preempt_schedule_common+0x1f/0xd0
[ 41.622953] preempt_schedule+0x4d/0x60
[ 41.622957] ___preempt_schedule+0x16/0x18
[ 41.622962] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 41.622966] __call_srcu+0x7f9/0x1070
[ 41.622971] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 41.622975] ? srcu_offline_cpu+0x120/0x120
[ 41.622980] ? debug_object_free+0x690/0x690
[ 41.622984] ? mark_held_locks+0x130/0x130
[ 41.622989] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 41.622993] ? lock_release+0x970/0x970
[ 41.622998] ? arch_local_save_flags+0x40/0x40
[ 41.623002] ? depot_save_stack+0x292/0x470
[ 41.623007] ? __lockdep_init_map+0x105/0x590
[ 41.623012] ? __init_waitqueue_head+0x9e/0x150
[ 41.623016] ? init_wait_entry+0x1c0/0x1c0
[ 41.623020] __synchronize_srcu+0x17b/0x230
[ 41.623024] ? call_srcu+0x10/0x10
[ 41.623029] ? rcu_unexpedite_gp+0x20/0x20
[ 41.623034] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 41.623039] ? check_preemption_disabled+0x48/0x200
[ 41.623055] synchronize_srcu+0x356/0x5ab
[ 41.623059] ? lock_downgrade+0x900/0x900
[ 41.623064] ? synchronize_srcu_expedited+0x20/0x20
[ 41.623080] ? kasan_check_read+0x11/0x20
[ 41.623085] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 41.623102] ? kasan_check_write+0x14/0x20
[ 41.623106] ? do_raw_spin_lock+0xc1/0x200
[ 41.623111] kvm_page_track_unregister_notifier+0x17d/0x250
[ 41.623116] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 41.623120] ? kvfree+0x61/0x70
[ 41.623125] ? rcu_read_lock_sched_held+0x108/0x120
[ 41.623129] kvm_mmu_uninit_vm+0x1c/0x20
[ 41.623133] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 41.623138] ? kvm_arch_sync_events+0x30/0x30
[ 41.623143] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 41.623147] ? mmu_notifier_unregister+0x474/0x600
[ 41.623151] ? kfree+0x107/0x230
[ 41.623156] ? __mmu_notifier_register+0x30/0x30
[ 41.623160] ? __free_pages+0x10a/0x190
[ 41.623164] ? free_unref_page+0x960/0x960
[ 41.623168] kvm_put_kvm+0x6c8/0xff0
[ 41.623173] ? kvm_write_guest_cached+0x40/0x40
[ 41.623177] ? kvm_irqfd_release+0xd1/0x120
[ 41.623181] ? _raw_spin_unlock_irq+0x27/0x80
[ 41.623186] ? _raw_spin_unlock_irq+0x27/0x80
[ 41.623190] ? kasan_check_write+0x14/0x20
[ 41.623194] ? do_raw_spin_lock+0xc1/0x200
[ 41.623198] ? kvm_irqfd_release+0xdd
[ 41.623205] Lost 73 message(s)!
[ 42.805377] Shutting down cpus with NMI
[ 43.862878] Dumping ftrace buffer:
[ 43.866402] (ftrace buffer empty)
[ 43.870706] Kernel Offset: disabled
[ 43.874346] Rebooting in 86400 seconds..