[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 32.490333] random: sshd: uninitialized urandom read (32 bytes read)
[ 32.754345] audit: type=1400 audit(1536542300.091:6): avc: denied { map } for pid=5500 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[ 32.802546] random: sshd: uninitialized urandom read (32 bytes read)
[ 33.464478] random: sshd: uninitialized urandom read (32 bytes read)
[ 33.714076] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts.
[ 39.429779] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 39.572830] audit: type=1400 audit(1536542306.911:7): avc: denied { map } for pid=5514 comm="syz-executor934" path="/root/syz-executor934316800" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 39.600954] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 39.628032] ==================================================================
[ 39.637904] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0
[ 39.644121] Read of size 8 at addr ffff8801c4658058 by task syz-executor934/5515
[ 39.651630]
[ 39.653246] CPU: 0 PID: 5515 Comm: syz-executor934 Not tainted 4.19.0-rc2+ #9
[ 39.660511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 39.669846] Call Trace:
[ 39.672420] dump_stack+0x1c4/0x2b4
[ 39.676037] ? dump_stack_print_info.cold.2+0x52/0x52
[ 39.681223] ? printk+0xa7/0xcf
[ 39.684489] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 39.689240] print_address_description.cold.8+0x9/0x1ff
[ 39.694589] kasan_report.cold.9+0x242/0x309
[ 39.698981] ? __schedule+0xfc3/0x1ed0
[ 39.702878] __asan_report_load8_noabort+0x14/0x20
[ 39.707796] __schedule+0xfc3/0x1ed0
[ 39.711496] ? __sched_text_start+0x8/0x8
[ 39.715642] ? __lock_is_held+0xb5/0x140
[ 39.719685] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 39.724776] ? find_held_lock+0x36/0x1c0
[ 39.728828] ? __call_srcu+0x7f9/0x1070
[ 39.732799] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 39.737893] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 39.742982] ? lockdep_hardirqs_on+0x421/0x5c0
[ 39.747548] ? preempt_schedule+0x4d/0x60
[ 39.751683] preempt_schedule_common+0x1f/0xd0
[ 39.756253] preempt_schedule+0x4d/0x60
[ 39.760217] ___preempt_schedule+0x16/0x18
[ 39.764439] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 39.769376] __call_srcu+0x7f9/0x1070
[ 39.773162] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 39.778252] ? srcu_offline_cpu+0x120/0x120
[ 39.782562] ? debug_object_free+0x690/0x690
[ 39.786955] ? mark_held_locks+0x130/0x130
[ 39.791173] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 39.795739] ? lock_release+0x970/0x970
[ 39.799700] ? arch_local_save_flags+0x40/0x40
[ 39.804267] ? depot_save_stack+0x292/0x470
[ 39.808581] ? __lockdep_init_map+0x105/0x590
[ 39.813065] ? __init_waitqueue_head+0x9e/0x150
[ 39.817731] ? init_wait_entry+0x1c0/0x1c0
[ 39.821979] __synchronize_srcu+0x17b/0x230
[ 39.826294] ? call_srcu+0x10/0x10
[ 39.829820] ? rcu_unexpedite_gp+0x20/0x20
[ 39.834047] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 39.839569] ? check_preemption_disabled+0x48/0x200
[ 39.844582] synchronize_srcu+0x356/0x5ab
[ 39.848730] ? lock_downgrade+0x900/0x900
[ 39.852861] ? synchronize_srcu_expedited+0x20/0x20
[ 39.857865] ? kasan_check_read+0x11/0x20
[ 39.861999] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 39.866575] ? kasan_check_write+0x14/0x20
[ 39.870796] ? do_raw_spin_lock+0xc1/0x200
[ 39.875018] kvm_page_track_unregister_notifier+0x17d/0x250
[ 39.880713] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 39.886148] ? kvfree+0x61/0x70
[ 39.889413] ? rcu_read_lock_sched_held+0x108/0x120
[ 39.894433] kvm_mmu_uninit_vm+0x1c/0x20
[ 39.898480] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 39.902884] ? kvm_arch_sync_events+0x30/0x30
[ 39.907383] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 39.912907] ? mmu_notifier_unregister+0x474/0x600
[ 39.917839] ? __mmu_notifier_register+0x30/0x30
[ 39.922582] ? __free_pages+0x10a/0x190
[ 39.926554] ? free_unref_page+0x960/0x960
[ 39.930784] kvm_put_kvm+0x6c8/0xff0
[ 39.934486] ? kvm_write_guest_cached+0x40/0x40
[ 39.939148] ? up_write+0x7b/0x220
[ 39.942668] ? up_read+0x110/0x110
[ 39.946193] ? mntput+0x74/0xa0
[ 39.949461] ? debugfs_remove_recursive+0x40d/0x530
[ 39.954481] ? debugfs_remove+0x130/0x130
[ 39.958625] ? kvm_vm_release+0x50/0x50
[ 39.962585] kvm_vcpu_release+0x7b/0xa0
[ 39.966546] __fput+0x385/0xa30
[ 39.969810] ? get_max_files+0x20/0x20
[ 39.973683] ? trace_hardirqs_on+0xbd/0x310
[ 39.977990] ? kasan_check_read+0x11/0x20
[ 39.982122] ? task_work_run+0x1af/0x2a0
[ 39.986172] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 39.991621] ? kasan_check_write+0x14/0x20
[ 39.995845] ? do_raw_spin_lock+0xc1/0x200
[ 40.000065] ____fput+0x15/0x20
[ 40.003331] task_work_run+0x1e8/0x2a0
[ 40.007203] ? task_work_cancel+0x240/0x240
[ 40.011520] ? copy_fd_bitmaps+0x210/0x210
[ 40.015746] ? do_syscall_64+0x9a/0x820
[ 40.019715] exit_to_usermode_loop+0x318/0x380
[ 40.024284] ? syscall_slow_exit_work+0x520/0x520
[ 40.029129] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 40.034650] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 40.040190] do_syscall_64+0x6be/0x820
[ 40.044063] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 40.049410] ? syscall_return_slowpath+0x5e0/0x5e0
[ 40.054325] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 40.059151] ? trace_hardirqs_on_caller+0x310/0x310
[ 40.064155] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 40.069157] ? prepare_exit_to_usermode+0x291/0x3b0
[ 40.074160] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 40.078988] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 40.084159] RIP: 0033:0x400f40
[ 40.087336] Code: 01 f0 ff ff 0f 83 b0 0a 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 8d 17 2d 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 84 0a 00 00 c3 48 83 ec 08 e8 3a 01 00 00
[ 40.106219] RSP: 002b:00007ffcda847f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 40.113912] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000400f40
[ 40.121171] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000005
[ 40.128429] RBP: 0000000000746576 R08: 00000000ffffffff R09: 00000000004002c8
[ 40.135683] R10: 0000000020000640 R11: 0000000000000246 R12: 0000000000401e50
[ 40.142936] R13: 0000000000401ee0 R14: 0000000000000000 R15: 0000000000000000
[ 40.150190]
[ 40.151799] Allocated by task 5515:
[ 40.155428] save_stack+0x43/0xd0
[ 40.158863] kasan_kmalloc+0xc7/0xe0
[ 40.162567] kasan_slab_alloc+0x12/0x20
[ 40.166534] kmem_cache_alloc+0x12e/0x730
[ 40.170665] vmx_create_vcpu+0xcf/0x25e0
[ 40.174708] kvm_arch_vcpu_create+0xe5/0x220
[ 40.179101] kvm_vm_ioctl+0x470/0x1d40
[ 40.182971] do_vfs_ioctl+0x1de/0x1720
[ 40.186842] ksys_ioctl+0xa9/0xd0
[ 40.190285] __x64_sys_ioctl+0x73/0xb0
[ 40.194166] do_syscall_64+0x1b9/0x820
[ 40.198044] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 40.203231]
[ 40.204841] Freed by task 5515:
[ 40.208103] save_stack+0x43/0xd0
[ 40.211537] __kasan_slab_free+0x102/0x150
[ 40.215754] kasan_slab_free+0xe/0x10
[ 40.219544] kmem_cache_free+0x83/0x290
[ 40.223500] vmx_free_vcpu+0x26b/0x300
[ 40.227381] kvm_arch_destroy_vm+0x365/0x7c0
[ 40.231778] kvm_put_kvm+0x6c8/0xff0
[ 40.235477] kvm_vcpu_release+0x7b/0xa0
[ 40.239432] __fput+0x385/0xa30
[ 40.242692] ____fput+0x15/0x20
[ 40.245956] task_work_run+0x1e8/0x2a0
[ 40.249829] exit_to_usermode_loop+0x318/0x380
[ 40.254460] do_syscall_64+0x6be/0x820
[ 40.258332] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 40.263529]
[ 40.265140] The buggy address belongs to the object at ffff8801c4658040
[ 40.265140] which belongs to the cache kvm_vcpu of size 23872
[ 40.277713] The buggy address is located 24 bytes inside of
[ 40.277713] 23872-byte region [ffff8801c4658040, ffff8801c465dd80)
[ 40.289672] The buggy address belongs to the page:
[ 40.294592] page:ffffea0007119600 count:1 mapcount:0 mapping:ffff8801d5d11540 index:0x0 compound_mapcount: 0
[ 40.304556] flags: 0x2fffc0000008100(slab|head)
[ 40.309212] raw: 02fffc0000008100 ffff8801d5dd5148 ffff8801d5dd5148 ffff8801d5d11540
[ 40.317076] raw: 0000000000000000 ffff8801c4658040 0000000100000001 0000000000000000
[ 40.324933] page dumped because: kasan: bad access detected
[ 40.330621]
[ 40.332228] Memory state around the buggy address:
[ 40.337156] ffff8801c4657f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 40.344518] ffff8801c4657f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 40.351876] >ffff8801c4658000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 40.359351] ^
[ 40.365572] ffff8801c4658080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.372919] ffff8801c4658100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.380258] ==================================================================
[ 40.387602] Kernel panic - not syncing: panic_on_warn set ...
[ 40.387602]
[ 40.394956] CPU: 0 PID: 5515 Comm: syz-executor934 Tainted: G B 4.19.0-rc2+ #9
[ 40.403598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 40.413045] Call Trace:
[ 40.415631] dump_stack+0x1c4/0x2b4
[ 40.419256] ? dump_stack_print_info.cold.2+0x52/0x52
[ 40.424436] ? lock_downgrade+0x900/0x900
[ 40.428574] panic+0x238/0x4e7
[ 40.431752] ? add_taint.cold.5+0x16/0x16
[ 40.435889] ? print_shadow_for_address+0xb6/0x116
[ 40.440803] ? trace_hardirqs_off+0xaf/0x310
[ 40.445208] kasan_end_report+0x47/0x4f
[ 40.449183] kasan_report.cold.9+0x76/0x309
[ 40.453497] ? __schedule+0xfc3/0x1ed0
[ 40.457421] __asan_report_load8_noabort+0x14/0x20
[ 40.462346] __schedule+0xfc3/0x1ed0
[ 40.466045] ? __sched_text_start+0x8/0x8
[ 40.470181] ? __lock_is_held+0xb5/0x140
[ 40.474396] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 40.479583] ? find_held_lock+0x36/0x1c0
[ 40.483642] ? __call_srcu+0x7f9/0x1070
[ 40.487603] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 40.492688] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 40.497785] ? lockdep_hardirqs_on+0x421/0x5c0
[ 40.502356] ? preempt_schedule+0x4d/0x60
[ 40.506523] preempt_schedule_common+0x1f/0xd0
[ 40.511092] preempt_schedule+0x4d/0x60
[ 40.515050] ___preempt_schedule+0x16/0x18
[ 40.519327] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 40.524255] __call_srcu+0x7f9/0x1070
[ 40.528043] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 40.533133] ? srcu_offline_cpu+0x120/0x120
[ 40.537588] ? debug_object_free+0x690/0x690
[ 40.542005] ? mark_held_locks+0x130/0x130
[ 40.546230] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 40.550826] ? lock_release+0x970/0x970
[ 40.554819] ? arch_local_save_flags+0x40/0x40
[ 40.559390] ? depot_save_stack+0x292/0x470
[ 40.563699] ? __lockdep_init_map+0x105/0x590
[ 40.568185] ? __init_waitqueue_head+0x9e/0x150
[ 40.572849] ? init_wait_entry+0x1c0/0x1c0
[ 40.577090] __synchronize_srcu+0x17b/0x230
[ 40.581398] ? call_srcu+0x10/0x10
[ 40.584930] ? rcu_unexpedite_gp+0x20/0x20
[ 40.589171] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 40.594693] ? check_preemption_disabled+0x48/0x200
[ 40.599696] synchronize_srcu+0x356/0x5ab
[ 40.603828] ? lock_downgrade+0x900/0x900
[ 40.607966] ? synchronize_srcu_expedited+0x20/0x20
[ 40.612978] ? kasan_check_read+0x11/0x20
[ 40.617123] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 40.621774] ? kasan_check_write+0x14/0x20
[ 40.626004] ? do_raw_spin_lock+0xc1/0x200
[ 40.630349] kvm_page_track_unregister_notifier+0x17d/0x250
[ 40.636055] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 40.641499] ? kvfree+0x61/0x70
[ 40.644780] ? rcu_read_lock_sched_held+0x108/0x120
[ 40.649835] kvm_mmu_uninit_vm+0x1c/0x20
[ 40.653890] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 40.658351] ? kvm_arch_sync_events+0x30/0x30
[ 40.662985] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 40.668518] ? mmu_notifier_unregister+0x474/0x600
[ 40.673437] ? __mmu_notifier_register+0x30/0x30
[ 40.678220] ? __free_pages+0x10a/0x190
[ 40.682188] ? free_unref_page+0x960/0x960
[ 40.686427] kvm_put_kvm+0x6c8/0xff0
[ 40.690130] ? kvm_write_guest_cached+0x40/0x40
[ 40.694785] ? up_write+0x7b/0x220
[ 40.698381] ? up_read+0x110/0x110
[ 40.701915] ? mntput+0x74/0xa0
[ 40.705184] ? debugfs_remove_recursive+0x40d/0x530
[ 40.710190] ? debugfs_remove+0x130/0x130
[ 40.714330] ? kvm_vm_release+0x50/0x50
[ 40.718290] kvm_vcpu_release+0x7b/0xa0
[ 40.722534] __fput+0x385/0xa30
[ 40.725864] ? get_max_files+0x20/0x20
[ 40.729744] ? trace_hardirqs_on+0xbd/0x310
[ 40.734065] ? kasan_check_read+0x11/0x20
[ 40.738202] ? task_work_run+0x1af/0x2a0
[ 40.742247] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 40.747686] ? kasan_check_write+0x14/0x20
[ 40.751911] ? do_raw_spin_lock+0xc1/0x200
[ 40.756140] ____fput+0x15/0x20
[ 40.759409] task_work_run+0x1e8/0x2a0
[ 40.763290] ? task_work_cancel+0x240/0x240
[ 40.767603] ? copy_fd_bitmaps+0x210/0x210
[ 40.771825] ? do_syscall_64+0x9a/0x820
[ 40.775788] exit_to_usermode_loop+0x318/0x380
[ 40.780355] ? syscall_slow_exit_work+0x520/0x520
[ 40.785265] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 40.790805] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 40.796329] do_syscall_64+0x6be/0x820
[ 40.800203] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 40.805553] ? syscall_return_slowpath+0x5e0/0x5e0
[ 40.810566] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 40.815400] ? trace_hardirqs_on_caller+0x310/0x310
[ 40.820417] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 40.825431] ? prepare_exit_to_usermode+0x291/0x3b0
[ 40.830459] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 40.835365] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 40.840542] RIP: 0033:0x400f40
[ 40.843763] Code: 01 f0 ff ff 0f 83 b0 0a 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 8d 17 2d 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 84 0a 00 00 c3 48 83 ec 08 e8 3a 01 00 00
[ 40.862662] RSP: 002b:00007ffcda847f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 40.870355] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000400f40
[ 40.877710] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000005
[ 40.885061] RBP: 0000000000746576 R08: 00000000ffffffff R09: 00000000004002c8
[ 40.892323] R10: 0000000020000640 R11: 0000000000000246 R12: 0000000000401e50
[ 40.899577] R13: 0000000000401ee0 R14: 0000000000000000 R15: 0000000000000000
[ 40.906845]
[ 40.906848] ======================================================
[ 40.906852] WARNING: possible circular locking dependency detected
[ 40.906854] 4.19.0-rc2+ #9 Not tainted
[ 40.906858] ------------------------------------------------------
[ 40.906861] syz-executor934/5515 is trying to acquire lock:
[ 40.906863] 00000000aee110e8 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 40.906871]
[ 40.906874] but task is already holding lock:
[ 40.906876] 0000000081d1cb32 (report_lock){....}, at: kasan_report+0x8b/0x110
[ 40.906884]
[ 40.906887] which lock already depends on the new lock.
[ 40.906888]
[ 40.906889]
[ 40.906893] the existing dependency chain (in reverse order) is:
[ 40.906894]
[ 40.906895] -> #3 (report_lock){....}:
[ 40.906911] _raw_spin_lock_irqsave+0x99/0xd0
[ 40.906914] kasan_report+0x8b/0x110
[ 40.906916] __asan_report_load8_noabort+0x14/0x20
[ 40.906919] __schedule+0xfc3/0x1ed0
[ 40.906921] preempt_schedule_common+0x1f/0xd0
[ 40.906924] preempt_schedule+0x4d/0x60
[ 40.906927] ___preempt_schedule+0x16/0x18
[ 40.906929] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 40.906932] __call_srcu+0x7f9/0x1070
[ 40.906934] __synchronize_srcu+0x17b/0x230
[ 40.906937] synchronize_srcu+0x356/0x5ab
[ 40.906940] kvm_page_track_unregister_notifier+0x17d/0x250
[ 40.906942] kvm_mmu_uninit_vm+0x1c/0x20
[ 40.906945] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 40.906947] kvm_put_kvm+0x6c8/0xff0
[ 40.906950] kvm_vcpu_release+0x7b/0xa0
[ 40.906952] __fput+0x385/0xa30
[ 40.906954] ____fput+0x15/0x20
[ 40.906957] task_work_run+0x1e8/0x2a0
[ 40.906959] exit_to_usermode_loop+0x318/0x380
[ 40.906962] do_syscall_64+0x6be/0x820
[ 40.906964] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 40.906966]
[ 40.906967] -> #2 (&rq->lock){-.-.}:
[ 40.906975] _raw_spin_lock+0x2d/0x40
[ 40.906977] task_fork_fair+0xb0/0x6d0
[ 40.906980] sched_fork+0x443/0xba0
[ 40.906982] copy_process+0x2586/0x8780
[ 40.906984] _do_fork+0x1cb/0x11d0
[ 40.906987] kernel_thread+0x34/0x40
[ 40.906989] rest_init+0x22/0xe5
[ 40.906992] start_kernel+0x8f4/0x92f
[ 40.906994] x86_64_start_reservations+0x29/0x2b
[ 40.906997] x86_64_start_kernel+0x76/0x79
[ 40.906999] secondary_startup_64+0xa4/0xb0
[ 40.907001]
[ 40.907002] -> #1 (&p->pi_lock){-.-.}:
[ 40.907010] _raw_spin_lock_irqsave+0x99/0xd0
[ 40.907013] try_to_wake_up+0xd2/0x12f0
[ 40.907015] wake_up_process+0x10/0x20
[ 40.907018] __up.isra.1+0x1c0/0x2a0
[ 40.907020] up+0x13c/0x1c0
[ 40.907022] __up_console_sem+0xbe/0x1b0
[ 40.907024] console_unlock+0x524/0x11a0
[ 40.907027] vprintk_emit+0x33d/0x930
[ 40.907029] vprintk_default+0x28/0x30
[ 40.907031] vprintk_func+0x7e/0x181
[ 40.907034] printk+0xa7/0xcf
[ 40.907036] load_umh+0x51/0xbd
[ 40.907038] do_one_initcall+0x145/0x957
[ 40.907041] kernel_init_freeable+0x4bb/0x5ae
[ 40.907043] kernel_init+0x11/0x1b2
[ 40.907045] ret_from_fork+0x3a/0x50
[ 40.907046]
[ 40.907048] -> #0 ((console_sem).lock){-...}:
[ 40.907056] lock_acquire+0x1ed/0x520
[ 40.907059] _raw_spin_lock_irqsave+0x99/0xd0
[ 40.907061] down_trylock+0x13/0x70
[ 40.907064] __down_trylock_console_sem+0xae/0x200
[ 40.907066] console_trylock+0x15/0xa0
[ 40.907068] vprintk_emit+0x322/0x930
[ 40.907071] vprintk_default+0x28/0x30
[ 40.907073] vprintk_func+0x7e/0x181
[ 40.907075] printk+0xa7/0xcf
[ 40.907077] kasan_report+0x9b/0x110
[ 40.907080] __asan_report_load8_noabort+0x14/0x20
[ 40.907083] __schedule+0xfc3/0x1ed0
[ 40.907085] preempt_schedule_common+0x1f/0xd0
[ 40.907088] preempt_schedule+0x4d/0x60
[ 40.907090] ___preempt_schedule+0x16/0x18
[ 40.907093] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 40.907095] __call_srcu+0x7f9/0x1070
[ 40.907098] __synchronize_srcu+0x17b/0x230
[ 40.907100] synchronize_srcu+0x356/0x5ab
[ 40.907103] kvm_page_track_unregister_notifier+0x17d/0x250
[ 40.907106] kvm_mmu_uninit_vm+0x1c/0x20
[ 40.907108] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 40.907111] kvm_put_kvm+0x6c8/0xff0
[ 40.907113] kvm_vcpu_release+0x7b/0xa0
[ 40.907115] __fput+0x385/0xa30
[ 40.907117] ____fput+0x15/0x20
[ 40.907120] task_work_run+0x1e8/0x2a0
[ 40.907122] exit_to_usermode_loop+0x318/0x380
[ 40.907125] do_syscall_64+0x6be/0x820
[ 40.907128] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 40.907129]
[ 40.907132] other info that might help us debug this:
[ 40.907133]
[ 40.907135] Chain exists of:
[ 40.907136] (console_sem).lock --> &rq->lock --> report_lock
[ 40.907146]
[ 40.907149] Possible unsafe locking scenario:
[ 40.907150]
[ 40.907152] CPU0 CPU1
[ 40.907155] ---- ----
[ 40.907156] lock(report_lock);
[ 40.907162] lock(&rq->lock);
[ 40.907167] lock(report_lock);
[ 40.907171] lock((console_sem).lock);
[ 40.907176]
[ 40.907178] *** DEADLOCK ***
[ 40.907179]
[ 40.907181] 2 locks held by syz-executor934/5515:
[ 40.907183] #0: 00000000de7d60a2 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0
[ 40.907192] #1: 0000000081d1cb32 (report_lock){....}, at: kasan_report+0x8b/0x110
[ 40.907202]
[ 40.907204] stack backtrace:
[ 40.907207] CPU: 0 PID: 5515 Comm: syz-executor934 Not tainted 4.19.0-rc2+ #9
[ 40.907212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 40.907214] Call Trace:
[ 40.907216] dump_stack+0x1c4/0x2b4
[ 40.907219] ? dump_stack_print_info.cold.2+0x52/0x52
[ 40.907221] ? vprintk_func+0x85/0x181
[ 40.907224] print_circular_bug.isra.33.cold.54+0x1bd/0x27d
[ 40.907227] ? save_trace+0xe0/0x290
[ 40.907229] __lock_acquire+0x33e4/0x4ec0
[ 40.907231] ? mark_held_locks+0x130/0x130
[ 40.907234] ? mark_held_locks+0x130/0x130
[ 40.907236] ? rcu_bh_qs+0xc0/0xc0
[ 40.907238] ? unwind_dump+0x190/0x190
[ 40.907241] ? is_bpf_text_address+0xd3/0x170
[ 40.907243] ? kernel_text_address+0x79/0xf0
[ 40.907246] ? __kernel_text_address+0xd/0x40
[ 40.907249] ? __save_stack_trace+0x8d/0xf0
[ 40.907251] ? add_lock_to_list.isra.26+0x1ec/0x4b0
[ 40.907254] ? save_trace+0x290/0x290
[ 40.907256] ? save_stack_trace+0x1a/0x20
[ 40.907258] ? save_trace+0xe0/0x290
[ 40.907261] ? kasan_check_read+0x11/0x20
[ 40.907263] ? graph_lock+0x170/0x170
[ 40.907266] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 40.907268] lock_acquire+0x1ed/0x520
[ 40.907270] ? down_trylock+0x13/0x70
[ 40.907273] ? find_held_lock+0x36/0x1c0
[ 40.907275] ? lock_release+0x970/0x970
[ 40.907278] ? trace_hardirqs_off+0xb8/0x310
[ 40.907280] ? vprintk_emit+0x1d3/0x930
[ 40.907282] ? trace_hardirqs_on+0x310/0x310
[ 40.907285] ? trace_hardirqs_off+0xb8/0x310
[ 40.907287] ? log_store+0x344/0x4c0
[ 40.907289] ? vprintk_emit+0x322/0x930
[ 40.907292] _raw_spin_lock_irqsave+0x99/0xd0
[ 40.907294] ? down_trylock+0x13/0x70
[ 40.907296] down_trylock+0x13/0x70
[ 40.907299] __down_trylock_console_sem+0xae/0x200
[ 40.907301] console_trylock+0x15/0xa0
[ 40.907304] vprintk_emit+0x322/0x930
[ 40.907306] ? wake_up_klogd+0x180/0x180
[ 40.907309] ? run_rebalance_domains+0x500/0x500
[ 40.907311] ? wake_up_worker+0x117/0x190
[ 40.907313] ? find_held_lock+0x36/0x1c0
[ 40.907316] ? __queue_work+0x6be/0x1440
[ 40.907318] ? lock_acquire+0x1ed/0x520
[ 40.907320] vprintk_default+0x28/0x30
[ 40.907322] vprintk_func+0x7e/0x181
[ 40.907324] printk+0xa7/0xcf
[ 40.907327] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 40.907330] ? kasan_check_write+0x14/0x20
[ 40.907332] ? do_raw_spin_lock+0xc1/0x200
[ 40.907334] ? do_raw_spin_lock+0xc1/0x200
[ 40.907337] kasan_report+0x9b/0x110
[ 40.907339] ? __schedule+0xfc3/0x1ed0
[ 40.907341] __asan_report_load8_noabort+0x14/0x20
[ 40.907344] __schedule+0xfc3/0x1ed0
[ 40.907346] ? __sched_text_start+0x8/0x8
[ 40.907348] ? __lock_is_held+0xb5/0x140
[ 40.907351] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 40.907354] ? find_held_lock+0x36/0x1c0
[ 40.907356] ? __call_srcu+0x7f9/0x1070
[ 40.907359] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 40.907361] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 40.907365] ? lockdep_hardirqs_on+0x421/0x5c0
[ 40.907369] ? preempt_schedule+0x4d/0x60
[ 40.907373] preempt_schedule_common+0x1f/0xd0
[ 40.907377] preempt_schedule+0x4d/0x60
[ 40.907380] ___preempt_schedule+0x16/0x18
[ 40.907385] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 40.907389] __call_srcu+0x7f9/0x1070
[ 40.907394] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 40.907398] ? srcu_offline_cpu+0x120/0x120
[ 40.907402] ? debug_object_free+0x690/0x690
[ 40.907406] ? mark_held_locks+0x130/0x130
[ 40.907410] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 40.907414] ? lock_release+0x970/0x970
[ 40.907418] ? arch_local_save_flags+0x40/0x40
[ 40.907422] ? depot_save_stack+0x292/0x470
[ 40.907430] ? __lockdep_init_map+0x105/0x590
[ 40.907435] ? __init_waitqueue_head+0x9e/0x150
[ 40.907439] ? init_wait_entry+0x1c0/0x1c0
[ 40.907443] __synchronize_srcu+0x17b/0x230
[ 40.907447] ? call_srcu+0x10/0x10
[ 40.907451] ? rcu_unexpedite_gp+0x20/0x20
[ 40.907456] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 40.907461] ? check_preemption_disabled+0x48/0x200
[ 40.907465] synchronize_srcu+0x356/0x5ab
[ 40.907469] ? lock_downgrade+0x900/0x900
[ 40.907473] ? synchronize_srcu_expedited+0x20/0x20
[ 40.907476] ? kasan_check_read+0x11/0x20
[ 40.907479] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 40.907481] ? kasan_check_write+0x14/0x20
[ 40.907484] ? do_raw_spin_lock+0xc1/0x200
[ 40.907487] kvm_page_track_unregister_notifier+0x17d/0x250
[ 40.907490] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 40.907492] ? kvfree+0x61/0x70
[ 40.907495] ? rcu_read_lock_sched_held+0x108/0x120
[ 40.907497] kvm_mmu_uninit_vm+0x1c/0x20
[ 40.907500] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 40.907512] ? kvm_arch_sync_events+0x30/0x30
[ 40.907515] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 40.907518] ? mmu_notifier_unregister+0x474/0x600
[ 40.907521] ? __mmu_notifier_register+0x30/0x30
[ 40.907523] ? __free_pages+0x10a/0x190
[ 40.907526] ? free_unref_page+0x960/0x960
[ 40.907528] kvm_put_kvm+0x6c8/0xff0
[ 40.907531] ? kvm_write_guest_cached+0x40/0x40
[ 40.907533] ? up_write+0x7b/0x220
[ 40.907535] ? up_read+0x110/0x110
[ 40.907537] ? mntput+0x74/0xa0
[ 40.907540] ? debugfs_remove_recursive+0x40d/0x530
[ 40.907542] ? debugfs_remove+0x130/0x130
[ 40.907545] ? kvm_vm_release+0x50/0x50
[ 40.907547] kvm_vcpu_release+0x7b/0xa0
[ 40.907549] __fput+0x385/0xa30
[ 40.907551] ? get_max_files+0x20/0x20
[ 40.907554] ? trace_hardirqs_on+0xbd/0x310
[ 40.907556] ? kasan_check_read+0x11/0x20
[ 40.907558] ? task_work_
[ 40.907563] Lost 30 message(s)!
[ 40.907988] Dumping ftrace buffer:
[ 41.964437] (ftrace buffer empty)
[ 41.968750] Kernel Offset: disabled
[ 41.972374] Rebooting in 86400 seconds..