[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 21.831227] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 23.016476] random: sshd: uninitialized urandom read (32 bytes read)
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 23.268313] random: sshd: uninitialized urandom read (32 bytes read)
[ 23.849622] random: sshd: uninitialized urandom read (32 bytes read)
[ 24.025859] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts.
[ 29.752213] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 29.846875] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 29.873194] ==================================================================
[ 29.883031] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[ 29.889259] Read of size 8 at addr ffff8801ad260058 by task syz-executor838/4410
[ 29.896775]
[ 29.898398] CPU: 1 PID: 4410 Comm: syz-executor838 Not tainted 4.18.0+ #209
[ 29.905490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.914836] Call Trace:
[ 29.917422] dump_stack+0x1c9/0x2b4
[ 29.921049] ? dump_stack_print_info.cold.2+0x52/0x52
[ 29.926333] ? printk+0xa7/0xcf
[ 29.929609] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 29.934365] ? __schedule+0xf54/0x1df0
[ 29.938250] print_address_description+0x6c/0x20b
[ 29.943093] ? __schedule+0xf54/0x1df0
[ 29.946978] kasan_report.cold.7+0x242/0x30d
[ 29.951384] __asan_report_load8_noabort+0x14/0x20
[ 29.956309] __schedule+0xf54/0x1df0
[ 29.960024] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 29.965131] ? __sched_text_start+0x8/0x8
[ 29.969279] ? __call_srcu+0x7e7/0x1040
[ 29.973260] ? check_same_owner+0x340/0x340
[ 29.977583] ? mark_held_locks+0x160/0x160
[ 29.981812] ? find_held_lock+0x36/0x1c0
[ 29.985870] preempt_schedule_common+0x22/0x60
[ 29.990454] _cond_resched+0x1d/0x30
[ 29.994167] wait_for_completion+0xa5/0x8d0
[ 29.998487] ? wait_for_completion_interruptible+0x950/0x950
[ 30.004283] ? __lockdep_init_map+0x105/0x590
[ 30.008779] ? __init_waitqueue_head+0x9e/0x150
[ 30.013441] ? init_wait_entry+0x1c0/0x1c0
[ 30.017675] __synchronize_srcu+0x189/0x240
[ 30.021993] ? call_srcu+0x10/0x10
[ 30.025536] ? rcu_unexpedite_gp+0x20/0x20
[ 30.029785] synchronize_srcu+0x335/0x56f
[ 30.033934] ? lock_downgrade+0x8f0/0x8f0
[ 30.038082] ? synchronize_srcu_expedited+0x20/0x20
[ 30.043103] ? kasan_check_read+0x11/0x20
[ 30.047251] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 30.051830] ? kasan_check_write+0x14/0x20
[ 30.056064] ? do_raw_spin_lock+0xc1/0x200
[ 30.060303] kvm_page_track_unregister_notifier+0x17d/0x250
[ 30.066014] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 30.071463] ? kvfree+0x61/0x70
[ 30.074745] ? rcu_read_lock_sched_held+0x108/0x120
[ 30.079762] kvm_mmu_uninit_vm+0x1c/0x20
[ 30.083817] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 30.088220] ? kvm_arch_sync_events+0x30/0x30
[ 30.092714] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 30.098247] ? mmu_notifier_unregister+0x474/0x600
[ 30.103174] ? trace_hardirqs_on+0x2c0/0x2c0
[ 30.107585] ? kfree+0x111/0x210
[ 30.110958] ? __mmu_notifier_register+0x30/0x30
[ 30.115717] ? __free_pages+0x10a/0x190
[ 30.119692] ? free_unref_page+0x930/0x930
[ 30.123929] kvm_put_kvm+0x73f/0x1060
[ 30.127729] ? kvm_write_guest_cached+0x40/0x40
[ 30.132401] ? _raw_spin_unlock_irq+0x27/0x70
[ 30.136921] ? _raw_spin_unlock_irq+0x27/0x70
[ 30.141411] ? lockdep_hardirqs_on+0x421/0x5c0
[ 30.145995] ? kasan_check_write+0x14/0x20
[ 30.150223] ? do_raw_spin_lock+0xc1/0x200
[ 30.154455] ? kvm_irqfd_release+0xdd/0x120
[ 30.158772] ? kvm_irqfd_release+0xdd/0x120
[ 30.163132] ? kvm_put_kvm+0x1060/0x1060
[ 30.167190] kvm_vm_release+0x42/0x50
[ 30.170994] __fput+0x36e/0x8c0
[ 30.174271] ? __alloc_file+0x400/0x400
[ 30.178241] ? check_same_owner+0x340/0x340
[ 30.182568] ? kasan_check_write+0x14/0x20
[ 30.186818] ? do_raw_spin_lock+0xc1/0x200
[ 30.191050] ____fput+0x15/0x20
[ 30.194344] task_work_run+0x1e8/0x2a0
[ 30.198226] ? task_work_cancel+0x240/0x240
[ 30.202552] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 30.208101] ? switch_task_namespaces+0xa2/0xd0
[ 30.212769] do_exit+0x1ae4/0x26e0
[ 30.216305] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 30.220885] ? mm_update_next_owner+0x9a0/0x9a0
[ 30.225551] ? _raw_spin_unlock+0x22/0x30
[ 30.229708] ? do_huge_pmd_anonymous_page+0x450/0x1bd0
[ 30.234983] ? mark_held_locks+0x160/0x160
[ 30.239217] ? __sanitizer_cov_trace_switch+0x53/0x90
[ 30.244404] ? __check_object_size+0xa3/0x5d7
[ 30.248896] ? usercopy_warn+0x120/0x120
[ 30.252948] ? pmd_val+0x100/0x100
[ 30.256488] ? __save_stack_trace+0x8d/0xf0
[ 30.260807] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 30.266341] ? __handle_mm_fault+0x945/0x4350
[ 30.270836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 30.276372] ? strncpy_from_user+0x3be/0x510
[ 30.280780] ? mpi_free.cold.1+0x19/0x19
[ 30.284843] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 30.290409] ? bpf_prog_load+0x656/0x1c80
[ 30.294551] ? find_held_lock+0x36/0x1c0
[ 30.298619] ? bpf_prog_new_fd+0x60/0x60
[ 30.302700] ? lock_downgrade+0x8f0/0x8f0
[ 30.306844] ? lock_downgrade+0x8f0/0x8f0
[ 30.310991] ? lock_release+0x9f0/0x9f0
[ 30.314964] ? check_same_owner+0x340/0x340
[ 30.319285] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 30.324298] ? __fget_light+0x2f7/0x440
[ 30.328269] ? fget_raw+0x20/0x20
[ 30.331725] do_group_exit+0x177/0x440
[ 30.335609] ? trace_hardirqs_on+0xbd/0x2c0
[ 30.339925] ? __ia32_sys_exit+0x50/0x50
[ 30.343984] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 30.349088] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 30.354637] ? ksys_ioctl+0x81/0xd0
[ 30.358264] __x64_sys_exit_group+0x3e/0x50
[ 30.362592] do_syscall_64+0x1b9/0x820
[ 30.366483] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 30.371842] ? syscall_return_slowpath+0x5e0/0x5e0
[ 30.376769] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 30.381616] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 30.386641] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 30.391657] ? prepare_exit_to_usermode+0x291/0x3b0
[ 30.396670] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 30.401515] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 30.406708] RIP: 0033:0x43ee78
[ 30.409898] Code: Bad RIP value.
[ 30.413256] RSP: 002b:00007ffeaf566e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 30.420960] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ee78
[ 30.428227] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 30.435493] RBP: 00000000004be728 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 30.442756] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 30.450020] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 30.457294]
[ 30.458912] Allocated by task 4410:
[ 30.462537] save_stack+0x43/0xd0
[ 30.465992] kasan_kmalloc+0xc4/0xe0
[ 30.469699] kasan_slab_alloc+0x12/0x20
[ 30.473669] kmem_cache_alloc+0x12e/0x710
[ 30.477813] vmx_create_vcpu+0xcf/0x2830
[ 30.481870] kvm_arch_vcpu_create+0xe5/0x220
[ 30.486273] kvm_vm_ioctl+0x488/0x1d80
[ 30.490154] do_vfs_ioctl+0x1de/0x1720
[ 30.494033] ksys_ioctl+0xa9/0xd0
[ 30.497484] __x64_sys_ioctl+0x73/0xb0
[ 30.501365] do_syscall_64+0x1b9/0x820
[ 30.505255] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 30.510430]
[ 30.512048] Freed by task 4410:
[ 30.515331] save_stack+0x43/0xd0
[ 30.518780] __kasan_slab_free+0x11a/0x170
[ 30.523033] kasan_slab_free+0xe/0x10
[ 30.526828] kmem_cache_free+0x86/0x280
[ 30.530795] vmx_free_vcpu+0x26b/0x300
[ 30.534698] kvm_arch_destroy_vm+0x365/0x7c0
[ 30.539108] kvm_put_kvm+0x73f/0x1060
[ 30.542902] kvm_vm_release+0x42/0x50
[ 30.546704] __fput+0x36e/0x8c0
[ 30.549980] ____fput+0x15/0x20
[ 30.553255] task_work_run+0x1e8/0x2a0
[ 30.557137] do_exit+0x1ae4/0x26e0
[ 30.560690] do_group_exit+0x177/0x440
[ 30.564583] __x64_sys_exit_group+0x3e/0x50
[ 30.568908] do_syscall_64+0x1b9/0x820
[ 30.572798] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 30.577970]
[ 30.579591] The buggy address belongs to the object at ffff8801ad260040
[ 30.579591] which belongs to the cache kvm_vcpu of size 23872
[ 30.592159] The buggy address is located 24 bytes inside of
[ 30.592159] 23872-byte region [ffff8801ad260040, ffff8801ad265d80)
[ 30.604112] The buggy address belongs to the page:
[ 30.609034] page:ffffea0006b49800 count:1 mapcount:0 mapping:ffff8801d8734000 index:0x0 compound_mapcount: 0
[ 30.619000] flags: 0x2fffc0000008100(slab|head)
[ 30.623667] raw: 02fffc0000008100 ffff8801d5655348 ffff8801d5655348 ffff8801d8734000
[ 30.631543] raw: 0000000000000000 ffff8801ad260040 0000000100000001 0000000000000000
[ 30.639420] page dumped because: kasan: bad access detected
[ 30.645401]
[ 30.647021] Memory state around the buggy address:
[ 30.651971] ffff8801ad25ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 30.659334] ffff8801ad25ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 30.666709] >ffff8801ad260000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 30.674067] ^
[ 30.680310] ffff8801ad260080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 30.687710] ffff8801ad260100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 30.695060] ==================================================================
[ 30.702423] Kernel panic - not syncing: panic_on_warn set ...
[ 30.702423]
[ 30.709800] CPU: 1 PID: 4410 Comm: syz-executor838 Tainted: G B 4.18.0+ #209
[ 30.718312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 30.727672] Call Trace:
[ 30.730284] dump_stack+0x1c9/0x2b4
[ 30.733926] ? dump_stack_print_info.cold.2+0x52/0x52
[ 30.739128] ? lock_downgrade+0x8f0/0x8f0
[ 30.743284] ? __schedule+0xf54/0x1df0
[ 30.747176] panic+0x238/0x4e7
[ 30.750370] ? add_taint.cold.5+0x16/0x16
[ 30.754518] ? print_shadow_for_address+0xba/0x116
[ 30.759448] ? trace_hardirqs_off+0xaf/0x2b0
[ 30.763849] ? trace_hardirqs_off+0x77/0x2b0
[ 30.768728] ? __schedule+0xf54/0x1df0
[ 30.772612] kasan_end_report+0x47/0x4f
[ 30.777056] kasan_report.cold.7+0x76/0x30d
[ 30.781371] __asan_report_load8_noabort+0x14/0x20
[ 30.786307] __schedule+0xf54/0x1df0
[ 30.790018] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 30.795118] ? __sched_text_start+0x8/0x8
[ 30.799265] ? __call_srcu+0x7e7/0x1040
[ 30.803244] ? check_same_owner+0x340/0x340
[ 30.807570] ? mark_held_locks+0x160/0x160
[ 30.811803] ? find_held_lock+0x36/0x1c0
[ 30.815866] preempt_schedule_common+0x22/0x60
[ 30.820453] _cond_resched+0x1d/0x30
[ 30.824163] wait_for_completion+0xa5/0x8d0
[ 30.828482] ? wait_for_completion_interruptible+0x950/0x950
[ 30.834279] ? __lockdep_init_map+0x105/0x590
[ 30.838772] ? __init_waitqueue_head+0x9e/0x150
[ 30.843436] ? init_wait_entry+0x1c0/0x1c0
[ 30.847668] __synchronize_srcu+0x189/0x240
[ 30.851985] ? call_srcu+0x10/0x10
[ 30.855522] ? rcu_unexpedite_gp+0x20/0x20
[ 30.859763] synchronize_srcu+0x335/0x56f
[ 30.863905] ? lock_downgrade+0x8f0/0x8f0
[ 30.868052] ? synchronize_srcu_expedited+0x20/0x20
[ 30.873071] ? kasan_check_read+0x11/0x20
[ 30.877223] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 30.881827] ? kasan_check_write+0x14/0x20
[ 30.886079] ? do_raw_spin_lock+0xc1/0x200
[ 30.890323] kvm_page_track_unregister_notifier+0x17d/0x250
[ 30.896037] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 30.901491] ? kvfree+0x61/0x70
[ 30.904772] ? rcu_read_lock_sched_held+0x108/0x120
[ 30.909789] kvm_mmu_uninit_vm+0x1c/0x20
[ 30.913846] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 30.918255] ? kvm_arch_sync_events+0x30/0x30
[ 30.922751] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 30.928285] ? mmu_notifier_unregister+0x474/0x600
[ 30.933207] ? trace_hardirqs_on+0x2c0/0x2c0
[ 30.937612] ? kfree+0x111/0x210
[ 30.940976] ? __mmu_notifier_register+0x30/0x30
[ 30.945733] ? __free_pages+0x10a/0x190
[ 30.949706] ? free_unref_page+0x930/0x930
[ 30.953950] kvm_put_kvm+0x73f/0x1060
[ 30.957755] ? kvm_write_guest_cached+0x40/0x40
[ 30.962428] ? _raw_spin_unlock_irq+0x27/0x70
[ 30.966924] ? _raw_spin_unlock_irq+0x27/0x70
[ 30.971412] ? lockdep_hardirqs_on+0x421/0x5c0
[ 30.975998] ? kasan_check_write+0x14/0x20
[ 30.980229] ? do_raw_spin_lock+0xc1/0x200
[ 30.984463] ? kvm_irqfd_release+0xdd/0x120
[ 30.988779] ? kvm_irqfd_release+0xdd/0x120
[ 30.993100] ? kvm_put_kvm+0x1060/0x1060
[ 30.997156] kvm_vm_release+0x42/0x50
[ 31.000951] __fput+0x36e/0x8c0
[ 31.004229] ? __alloc_file+0x400/0x400
[ 31.008204] ? check_same_owner+0x340/0x340
[ 31.012521] ? kasan_check_write+0x14/0x20
[ 31.016753] ? do_raw_spin_lock+0xc1/0x200
[ 31.020990] ____fput+0x15/0x20
[ 31.024268] task_work_run+0x1e8/0x2a0
[ 31.028152] ? task_work_cancel+0x240/0x240
[ 31.032475] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 31.038011] ? switch_task_namespaces+0xa2/0xd0
[ 31.042681] do_exit+0x1ae4/0x26e0
[ 31.046219] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 31.050799] ? mm_update_next_owner+0x9a0/0x9a0
[ 31.055469] ? _raw_spin_unlock+0x22/0x30
[ 31.059614] ? do_huge_pmd_anonymous_page+0x450/0x1bd0
[ 31.064889] ? mark_held_locks+0x160/0x160
[ 31.069122] ? __sanitizer_cov_trace_switch+0x53/0x90
[ 31.074309] ? __check_object_size+0xa3/0x5d7
[ 31.078802] ? usercopy_warn+0x120/0x120
[ 31.082856] ? pmd_val+0x100/0x100
[ 31.086394] ? __save_stack_trace+0x8d/0xf0
[ 31.090748] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 31.096281] ? __handle_mm_fault+0x945/0x4350
[ 31.100775] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 31.106310] ? strncpy_from_user+0x3be/0x510
[ 31.110719] ? mpi_free.cold.1+0x19/0x19
[ 31.114780] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 31.120315] ? bpf_prog_load+0x656/0x1c80
[ 31.124460] ? find_held_lock+0x36/0x1c0
[ 31.128516] ? bpf_prog_new_fd+0x60/0x60
[ 31.132582] ? lock_downgrade+0x8f0/0x8f0
[ 31.136724] ? lock_downgrade+0x8f0/0x8f0
[ 31.140865] ? lock_release+0x9f0/0x9f0
[ 31.144840] ? check_same_owner+0x340/0x340
[ 31.149163] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 31.154180] ? __fget_light+0x2f7/0x440
[ 31.158153] ? fget_raw+0x20/0x20
[ 31.161614] do_group_exit+0x177/0x440
[ 31.165499] ? trace_hardirqs_on+0xbd/0x2c0
[ 31.169816] ? __ia32_sys_exit+0x50/0x50
[ 31.173872] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 31.178972] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 31.184502] ? ksys_ioctl+0x81/0xd0
[ 31.188130] __x64_sys_exit_group+0x3e/0x50
[ 31.192450] do_syscall_64+0x1b9/0x820
[ 31.196337] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 31.201696] ? syscall_return_slowpath+0x5e0/0x5e0
[ 31.206620] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 31.211466] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 31.216477] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 31.221494] ? prepare_exit_to_usermode+0x291/0x3b0
[ 31.226511] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 31.231354] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 31.236537] RIP: 0033:0x43ee78
[ 31.239733] Code: Bad RIP value.
[ 31.243094] RSP: 002b:00007ffeaf566e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 31.250798] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ee78
[ 31.258062] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 31.265340] RBP: 00000000004be728 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 31.272611] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 31.279874] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 31.287162]
[ 31.287167] ======================================================
[ 31.287172] WARNING: possible circular locking dependency detected
[ 31.287176] 4.18.0+ #209 Not tainted
[ 31.287181] ------------------------------------------------------
[ 31.287186] syz-executor838/4410 is trying to acquire lock:
[ 31.287190] 00000000a5b29c87 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 31.287204]
[ 31.287208] but task is already holding lock:
[ 31.287211] 0000000070b738f1 (report_lock){....}, at: kasan_report+0x8e/0x110
[ 31.287225]
[ 31.287230] which lock already depends on the new lock.
[ 31.287232]
[ 31.287235]
[ 31.287239] the existing dependency chain (in reverse order) is:
[ 31.287242]
[ 31.287244] -> #3 (report_lock){....}:
[ 31.287258] _raw_spin_lock_irqsave+0x96/0xc0
[ 31.287262] kasan_report+0x8e/0x110
[ 31.287266] __asan_report_load8_noabort+0x14/0x20
[ 31.287270] __schedule+0xf54/0x1df0
[ 31.287275] preempt_schedule_common+0x22/0x60
[ 31.287278] _cond_resched+0x1d/0x30
[ 31.287283] wait_for_completion+0xa5/0x8d0
[ 31.287287] __synchronize_srcu+0x189/0x240
[ 31.287291] synchronize_srcu+0x335/0x56f
[ 31.287296] kvm_page_track_unregister_notifier+0x17d/0x250
[ 31.287299] kvm_mmu_uninit_vm+0x1c/0x20
[ 31.287304] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 31.287307] kvm_put_kvm+0x73f/0x1060
[ 31.287311] kvm_vm_release+0x42/0x50
[ 31.287315] __fput+0x36e/0x8c0
[ 31.287318] ____fput+0x15/0x20
[ 31.287322] task_work_run+0x1e8/0x2a0
[ 31.287326] do_exit+0x1ae4/0x26e0
[ 31.287330] do_group_exit+0x177/0x440
[ 31.287334] __x64_sys_exit_group+0x3e/0x50
[ 31.287337] do_syscall_64+0x1b9/0x820
[ 31.287342] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 31.287344]
[ 31.287347] -> #2 (&rq->lock){-.-.}:
[ 31.287360] _raw_spin_lock+0x2a/0x40
[ 31.287364] task_fork_fair+0x93/0x680
[ 31.287368] sched_fork+0x44b/0xbd0
[ 31.287372] copy_process+0x235e/0x7ad0
[ 31.287375] _do_fork+0x1ca/0x1170
[ 31.287379] kernel_thread+0x34/0x40
[ 31.287383] rest_init+0x22/0xe4
[ 31.287386] start_kernel+0x913/0x94e
[ 31.287391] x86_64_start_reservations+0x29/0x2b
[ 31.287395] x86_64_start_kernel+0x76/0x79
[ 31.287399] secondary_startup_64+0xa4/0xb0
[ 31.287401]
[ 31.287403] -> #1 (&p->pi_lock){-.-.}:
[ 31.287418] _raw_spin_lock_irqsave+0x96/0xc0
[ 31.287421] try_to_wake_up+0xd2/0x1250
[ 31.287425] wake_up_process+0x10/0x20
[ 31.287429] __up.isra.1+0x1c0/0x2a0
[ 31.287432] up+0x13c/0x1c0
[ 31.287436] __up_console_sem+0xbe/0x1b0
[ 31.287440] console_unlock+0x506/0x10d0
[ 31.287444] vprintk_emit+0x33a/0x910
[ 31.287448] vprintk_default+0x28/0x30
[ 31.287451] vprintk_func+0x7a/0x117
[ 31.287455] printk+0xa7/0xcf
[ 31.287458] load_umh+0x51/0xbd
[ 31.287462] do_one_initcall+0x127/0x838
[ 31.287466] kernel_init_freeable+0x4bb/0x5ae
[ 31.287470] kernel_init+0x11/0x1b3
[ 31.287474] ret_from_fork+0x3a/0x50
[ 31.287476]
[ 31.287478] -> #0 ((console_sem).lock){-...}:
[ 31.287492] lock_acquire+0x1e4/0x4f0
[ 31.287497] _raw_spin_lock_irqsave+0x96/0xc0
[ 31.287500] down_trylock+0x13/0x70
[ 31.287505] __down_trylock_console_sem+0xae/0x200
[ 31.287509] console_trylock+0x15/0xa0
[ 31.287512] vprintk_emit+0x31f/0x910
[ 31.287516] vprintk_default+0x28/0x30
[ 31.287520] vprintk_func+0x7a/0x117
[ 31.287523] printk+0xa7/0xcf
[ 31.287527] kasan_report+0x9e/0x110
[ 31.287532] __asan_report_load8_noabort+0x14/0x20
[ 31.287535] __schedule+0xf54/0x1df0
[ 31.287540] preempt_schedule_common+0x22/0x60
[ 31.287543] _cond_resched+0x1d/0x30
[ 31.287548] wait_for_completion+0xa5/0x8d0
[ 31.287552] __synchronize_srcu+0x189/0x240
[ 31.287556] synchronize_srcu+0x335/0x56f
[ 31.287569] kvm_page_track_unregister_notifier+0x17d/0x250
[ 31.287573] kvm_mmu_uninit_vm+0x1c/0x20
[ 31.287578] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 31.287582] kvm_put_kvm+0x73f/0x1060
[ 31.287586] kvm_vm_release+0x42/0x50
[ 31.287589] __fput+0x36e/0x8c0
[ 31.287593] ____fput+0x15/0x20
[ 31.287596] task_work_run+0x1e8/0x2a0
[ 31.287600] do_exit+0x1ae4/0x26e0
[ 31.287604] do_group_exit+0x177/0x440
[ 31.287608] __x64_sys_exit_group+0x3e/0x50
[ 31.287612] do_syscall_64+0x1b9/0x820
[ 31.287617] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 31.287619]
[ 31.287623] other info that might help us debug this:
[ 31.287625]
[ 31.287628] Chain exists of:
[ 31.287630] (console_sem).lock --> &rq->lock --> report_lock
[ 31.287648]
[ 31.287652] Possible unsafe locking scenario:
[ 31.287654]
[ 31.287659] CPU0 CPU1
[ 31.287663] ---- ----
[ 31.287665] lock(report_lock);
[ 31.287674] lock(&rq->lock);
[ 31.287683] lock(report_lock);
[ 31.287691] lock((console_sem).lock);
[ 31.287699]
[ 31.287702] *** DEADLOCK ***
[ 31.287704]
[ 31.287709] 2 locks held by syz-executor838/4410:
[ 31.287711] #0: 000000000246a684 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[ 31.287728] #1: 0000000070b738f1 (report_lock){....}, at: kasan_report+0x8e/0x110
[ 31.287744]
[ 31.287747] stack backtrace:
[ 31.287753] CPU: 1 PID: 4410 Comm: syz-executor838 Not tainted 4.18.0+ #209
[ 31.287760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 31.287763] Call Trace:
[ 31.287767] dump_stack+0x1c9/0x2b4
[ 31.287771] ? dump_stack_print_info.cold.2+0x52/0x52
[ 31.287775] ? vprintk_func+0x100/0x117
[ 31.287780] print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[ 31.287784] ? save_trace+0xe0/0x290
[ 31.287788] __lock_acquire+0x3449/0x5020
[ 31.287792] ? mark_held_locks+0x160/0x160
[ 31.287796] ? mark_held_locks+0x160/0x160
[ 31.287800] ? rcu_cleanup_dead_rnp+0x200/0x200
[ 31.287804] ? is_bpf_text_address+0xd7/0x170
[ 31.287808] ? kernel_text_address+0x79/0xf0
[ 31.287812] ? __kernel_text_address+0xd/0x40
[ 31.287816] ? __save_stack_trace+0x8d/0xf0
[ 31.287821] ? add_lock_to_list.isra.27+0x1ec/0x4b0
[ 31.287824] ? save_trace+0x290/0x290
[ 31.287828] ? save_stack_trace+0x1a/0x20
[ 31.287832] ? save_trace+0xe0/0x290
[ 31.287836] ? graph_lock+0x170/0x170
[ 31.287840] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 31.287844] lock_acquire+0x1e4/0x4f0
[ 31.287848] ? down_trylock+0x13/0x70
[ 31.287852] ? lock_release+0x9f0/0x9f0
[ 31.287856] ? trace_hardirqs_off+0xb8/0x2b0
[ 31.287860] ? trace_hardirqs_on+0x2c0/0x2c0
[ 31.287864] ? trace_hardirqs_off+0xb8/0x2b0
[ 31.287868] ? log_store+0x34f/0x4c0
[ 31.287872] ? vprintk_emit+0x31f/0x910
[ 31.287876] _raw_spin_lock_irqsave+0x96/0xc0
[ 31.287879] ? down_trylock+0x13/0x70
[ 31.287883] down_trylock+0x13/0x70
[ 31.287887] __down_trylock_console_sem+0xae/0x200
[ 31.287891] console_trylock+0x15/0xa0
[ 31.287895] vprintk_emit+0x31f/0x910
[ 31.287899] ? wake_up_klogd+0x110/0x110
[ 31.287903] ? run_rebalance_domains+0x4c0/0x4c0
[ 31.287907] ? kasan_check_read+0x11/0x20
[ 31.287911] ? rcu_is_watching+0x8c/0x150
[ 31.287915] ? rcu_pm_notify+0xc0/0xc0
[ 31.287918] ? lock_acquire+0x1e4/0x4f0
[ 31.287922] ? kasan_report+0x8e/0x110
[ 31.287926] ? __schedule+0xf54/0x1df0
[ 31.287930] vprintk_default+0x28/0x30
[ 31.287933] vprintk_func+0x7a/0x117
[ 31.287937] printk+0xa7/0xcf
[ 31.287941] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 31.287945] ? kasan_check_write+0x14/0x20
[ 31.287949] ? do_raw_spin_lock+0xc1/0x200
[ 31.287953] ? do_raw_spin_lock+0xc1/0x200
[ 31.287957] kasan_report+0x9e/0x110
[ 31.287961] __asan_report_load8_noabort+0x14/0x20
[ 31.287965] __schedule+0xf54/0x1df0
[ 31.287969] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 31.287973] ? __sched_text_start+0x8/0x8
[ 31.287977] ? __call_srcu+0x7e7/0x1040
[ 31.287981] ? check_same_owner+0x340/0x340
[ 31.287985] ? mark_held_locks+0x160/0x160
[ 31.287989] ? find_held_lock+0x36/0x1c0
[ 31.287993] preempt_schedule_common+0x22/0x60
[ 31.287997] _cond_resched+0x1d/0x30
[ 31.288001] wait_for_completion+0xa5/0x8d0
[ 31.288006] ? wait_for_completion_interruptible+0x950/0x950
[ 31.288010] ? __lockdep_init_map+0x105/0x590
[ 31.288014] ? __init_waitqueue_head+0x9e/0x150
[ 31.288018] ? init_wait_entry+0x1c0/0x1c0
[ 31.288022] __synchronize_srcu+0x189/0x240
[ 31.288026] ? call_srcu+0x10/0x10
[ 31.288030] ? rcu_unexpedite_gp+0x20/0x20
[ 31.288034] synchronize_srcu+0x335/0x56f
[ 31.288037] ? lock_downgrade+0x8f0/0x8f0
[ 31.288042] ? synchronize_srcu_expedited+0x20/0x20
[ 31.288046] ? kasan_check_read+0x11/0x20
[ 31.288050] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 31.288054] ? kasan_check_write+0x14/0x20
[ 31.288058] ? do_raw_spin_lock+0xc1/0x200
[ 31.288063] kvm_page_track_unregister_notifier+0x17d/0x250
[ 31.288068] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 31.288071] ? kvfree+0x61/0x70
[ 31.288091] ? rcu_read_lock_sched_held+0x108/0x120
[ 31.288095] kvm_mmu_uninit_vm+0x1c/0x20
[ 31.288099] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 31.288103] ? kvm_arch_sync_events+0x30/0x30
[ 31.288108] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 31.288113] ? mmu_notifier_unregister+0x474/0x600
[ 31.288117] ? trace_hardirqs_on+0x2c0/0x2c0
[ 31.288120] ? kfree+0x111/0x210
[ 31.288125] ? __mmu_notifier_register+0x30/0x30
[ 31.288129] ? __free_pages+0x10a/0x190
[ 31.288133] ? free_unref_page+0x930/0x930
[ 31.288136] kvm_put_kvm+0x73f/0x1060
[ 31.288141] ? kvm_write_guest_cached+0x40/0x40
[ 31.288145] ? _raw_spin_unlock_irq+0x27/0x70
[ 31.288149] ? _raw_spin_unlock_irq+0x27/0x70
[ 31.288153] ? lockdep_hardirqs_on+0x421/0x5c0
[ 31.288157] ? kasan_check_write+0x14/0x20
[ 31.288161] ? do_raw_spin_lock+0xc1/0x200
[ 31.288165] ? kvm_irqfd_release+0xdd/0x120
[ 31.288169] ? kvm_irqfd_release+0xdd/0x120
[ 31.288173] ? kvm_put_kvm+0x1060/0x1060
[ 31.288177] kvm_vm_release+0x42/0x50
[ 31.288181] __fput+0x36e/0x8c0
[ 31.288184] ? __alloc_file+0x400/0x400
[ 31.288188] ? check_same_owner+0x340/0x340
[ 31.288192] ? kasan_check_write+0x14/0x20
[ 31.288196] ? do_raw_spin_lock+0xc1/0x200
[ 31.288200] ____fput+0x15/0x20
[ 31.288204] task_work_run+0x1e8/0x2a0
[ 31.288208] ? task_work_cancel+0x240/0x240
[ 31.288212] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 31.288216] ? switch_task_namespaces+0xa2/0xd0
[ 31.288220] do_exit+0x1ae4/0x26e0
[ 31.288224] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 31.288228] ? mm_update_next_owner+0x9a0/0x9a0
[ 31.288232] ? _raw_spin_unlock+0x22/0x30
[ 31.288237] ? do_huge_pmd_anonymous_page+0x450/0x1bd0
[ 31.288241] ? mark_held_locks+0x160/0x160
[ 31.288245] ? __sanitizer_cov_trace_switch+0x53/0x90
[ 31.288249] ? __check_object_size+0xa3/0x5d7
[ 31.288254] Lost 43 message(s)!
[ 32.365905] Shutting down cpus with NMI
[ 33.423492] Dumping ftrace buffer:
[ 33.427035] (ftrace buffer empty)
[ 33.430726] Kernel Offset: disabled
[ 33.434334] Rebooting in 86400 seconds..