[....] Starting OpenBSD Secure Shell server: sshd[ 29.160166] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 30.097799] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.528910] audit: type=1400 audit(1536759522.920:6): avc: denied { map } for pid=5487 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 30.589153] random: sshd: uninitialized urandom read (32 bytes read) [ 31.201927] random: sshd: uninitialized urandom read (32 bytes read) [ 31.421733] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts. [ 37.022443] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 37.149891] audit: type=1400 audit(1536759529.540:7): avc: denied { map } for pid=5502 comm="syz-executor991" path="/root/syz-executor991806121" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 37.157629] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 37.201056] ================================================================== [ 37.210959] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 37.217191] Read of size 8 at addr ffff8801c4d38058 by task syz-executor991/5503 [ 37.224708] [ 37.226355] CPU: 1 PID: 5503 Comm: syz-executor991 Not tainted 4.19.0-rc3+ #11 [ 37.233708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.243055] Call Trace: [ 37.245647] dump_stack+0x1c4/0x2b4 [ 37.249271] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.254461] ? printk+0xa7/0xcf [ 37.257737] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.262499] print_address_description.cold.8+0x9/0x1ff [ 37.267867] kasan_report.cold.9+0x242/0x309 [ 37.272273] ? __schedule+0xfc3/0x1ed0 [ 37.276162] __asan_report_load8_noabort+0x14/0x20 [ 37.281096] __schedule+0xfc3/0x1ed0 [ 37.284814] ? __sched_text_start+0x8/0x8 [ 37.288964] ? __lock_is_held+0xb5/0x140 [ 37.293023] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.298129] ? find_held_lock+0x36/0x1c0 [ 37.302193] ? __call_srcu+0x7f9/0x1070 [ 37.306166] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.311287] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.316414] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.320997] ? preempt_schedule+0x4d/0x60 [ 37.325144] preempt_schedule_common+0x1f/0xd0 [ 37.329730] preempt_schedule+0x4d/0x60 [ 37.333704] ___preempt_schedule+0x16/0x18 [ 37.337942] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.342878] __call_srcu+0x7f9/0x1070 [ 37.346680] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.351785] ? srcu_offline_cpu+0x120/0x120 [ 37.356108] ? debug_object_free+0x690/0x690 [ 37.360516] ? mark_held_locks+0x130/0x130 [ 37.364754] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.369340] ? lock_release+0x970/0x970 [ 37.373318] ? arch_local_save_flags+0x40/0x40 [ 37.377903] ? depot_save_stack+0x292/0x470 [ 37.382229] ? __lockdep_init_map+0x105/0x590 [ 37.386727] ? __init_waitqueue_head+0x9e/0x150 [ 37.391392] ? init_wait_entry+0x1c0/0x1c0 [ 37.395643] __synchronize_srcu+0x17b/0x230 [ 37.399960] ? call_srcu+0x10/0x10 [ 37.403496] ? rcu_unexpedite_gp+0x20/0x20 [ 37.407738] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.413271] ? check_preemption_disabled+0x48/0x200 [ 37.418288] synchronize_srcu+0x356/0x5ab [ 37.422445] ? lock_downgrade+0x900/0x900 [ 37.426595] ? synchronize_srcu_expedited+0x20/0x20 [ 37.431612] ? kasan_check_read+0x11/0x20 [ 37.435762] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.440348] ? kasan_check_write+0x14/0x20 [ 37.444582] ? do_raw_spin_lock+0xc1/0x200 [ 37.448823] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.454538] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.459993] ? kvfree+0x61/0x70 [ 37.463274] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.468290] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.472356] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.476766] ? kvm_arch_sync_events+0x30/0x30 [ 37.481260] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.486820] ? mmu_notifier_unregister+0x474/0x600 [ 37.491765] ? __mmu_notifier_register+0x30/0x30 [ 37.496554] ? __free_pages+0x10a/0x190 [ 37.500539] ? free_unref_page+0x960/0x960 [ 37.504787] kvm_put_kvm+0x6c8/0xff0 [ 37.508507] ? kvm_write_guest_cached+0x40/0x40 [ 37.513179] ? up_write+0x7b/0x220 [ 37.516722] ? up_read+0x110/0x110 [ 37.520262] ? mntput+0x74/0xa0 [ 37.523550] ? debugfs_remove_recursive+0x40d/0x530 [ 37.528576] ? debugfs_remove+0x130/0x130 [ 37.532729] ? kvm_vm_release+0x50/0x50 [ 37.536707] kvm_vcpu_release+0x7b/0xa0 [ 37.540682] __fput+0x385/0xa30 [ 37.543964] ? get_max_files+0x20/0x20 [ 37.547858] ? trace_hardirqs_on+0xbd/0x310 [ 37.552176] ? kasan_check_read+0x11/0x20 [ 37.556333] ? task_work_run+0x1af/0x2a0 [ 37.560397] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.565855] ? kasan_check_write+0x14/0x20 [ 37.570088] ? do_raw_spin_lock+0xc1/0x200 [ 37.574327] ____fput+0x15/0x20 [ 37.577609] task_work_run+0x1e8/0x2a0 [ 37.581500] ? task_work_cancel+0x240/0x240 [ 37.585820] ? copy_fd_bitmaps+0x210/0x210 [ 37.590056] ? do_syscall_64+0x9a/0x820 [ 37.594034] exit_to_usermode_loop+0x318/0x380 [ 37.598614] ? syscall_slow_exit_work+0x520/0x520 [ 37.603455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.608989] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.614530] do_syscall_64+0x6be/0x820 [ 37.618420] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.623781] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.628708] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.633549] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.638563] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.643578] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.648594] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.653447] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.658630] RIP: 0033:0x401000 [ 37.661820] Code: 01 f0 ff ff 0f 83 b0 0a 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d cd 16 2d 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 84 0a 00 00 c3 48 83 ec 08 e8 3a 01 00 00 [ 37.680727] RSP: 002b:00007ffeaeae5d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 37.688442] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000401000 [ 37.695708] RDX: 00000000200000c0 RSI: 00000000c080aebe RDI: 0000000000000005 [ 37.702973] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8 [ 37.710241] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401f10 [ 37.717509] R13: 0000000000401fa0 R14: 0000000000000000 R15: 0000000000000000 [ 37.724780] [ 37.726405] Allocated by task 5503: [ 37.730029] save_stack+0x43/0xd0 [ 37.733477] kasan_kmalloc+0xc7/0xe0 [ 37.737185] kasan_slab_alloc+0x12/0x20 [ 37.741158] kmem_cache_alloc+0x12e/0x730 [ 37.745304] vmx_create_vcpu+0xcf/0x25e0 [ 37.749380] kvm_arch_vcpu_create+0xe5/0x220 [ 37.753790] kvm_vm_ioctl+0x470/0x1d40 [ 37.757673] do_vfs_ioctl+0x1de/0x1720 [ 37.761552] ksys_ioctl+0xa9/0xd0 [ 37.765000] __x64_sys_ioctl+0x73/0xb0 [ 37.768887] do_syscall_64+0x1b9/0x820 [ 37.772776] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.777951] [ 37.779569] Freed by task 5503: [ 37.782839] save_stack+0x43/0xd0 [ 37.786294] __kasan_slab_free+0x102/0x150 [ 37.790533] kasan_slab_free+0xe/0x10 [ 37.794346] kmem_cache_free+0x83/0x290 [ 37.798324] vmx_free_vcpu+0x26b/0x300 [ 37.802211] kvm_arch_destroy_vm+0x365/0x7c0 [ 37.806615] kvm_put_kvm+0x6c8/0xff0 [ 37.810332] kvm_vcpu_release+0x7b/0xa0 [ 37.814301] __fput+0x385/0xa30 [ 37.817583] ____fput+0x15/0x20 [ 37.820866] task_work_run+0x1e8/0x2a0 [ 37.824752] exit_to_usermode_loop+0x318/0x380 [ 37.829336] do_syscall_64+0x6be/0x820 [ 37.833223] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.838399] [ 37.840020] The buggy address belongs to the object at ffff8801c4d38040 [ 37.840020] which belongs to the cache kvm_vcpu of size 23872 [ 37.852588] The buggy address is located 24 bytes inside of [ 37.852588] 23872-byte region [ffff8801c4d38040, ffff8801c4d3dd80) [ 37.864540] The buggy address belongs to the page: [ 37.869465] page:ffffea0007134e00 count:1 mapcount:0 mapping:ffff8801d79da500 index:0x0 compound_mapcount: 0 [ 37.879453] flags: 0x2fffc0000008100(slab|head) [ 37.884125] raw: 02fffc0000008100 ffff8801d5503f48 ffff8801d5503f48 ffff8801d79da500 [ 37.892008] raw: 0000000000000000 ffff8801c4d38040 0000000100000001 0000000000000000 [ 37.899881] page dumped because: kasan: bad access detected [ 37.905579] [ 37.907195] Memory state around the buggy address: [ 37.912116] ffff8801c4d37f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.919469] ffff8801c4d37f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.926823] >ffff8801c4d38000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 37.934179] ^ [ 37.940408] ffff8801c4d38080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.947767] ffff8801c4d38100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.955118] ================================================================== [ 37.962478] Kernel panic - not syncing: panic_on_warn set ... [ 37.962478] [ 37.969858] CPU: 1 PID: 5503 Comm: syz-executor991 Tainted: G B 4.19.0-rc3+ #11 [ 37.978605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.987956] Call Trace: [ 37.990550] dump_stack+0x1c4/0x2b4 [ 37.994179] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.999371] ? lock_downgrade+0x900/0x900 [ 38.003524] panic+0x238/0x4e7 [ 38.006716] ? add_taint.cold.5+0x16/0x16 [ 38.010879] ? print_shadow_for_address+0xb6/0x116 [ 38.015806] ? trace_hardirqs_off+0xaf/0x310 [ 38.020215] kasan_end_report+0x47/0x4f [ 38.024204] kasan_report.cold.9+0x76/0x309 [ 38.028525] ? __schedule+0xfc3/0x1ed0 [ 38.032414] __asan_report_load8_noabort+0x14/0x20 [ 38.037349] __schedule+0xfc3/0x1ed0 [ 38.041068] ? __sched_text_start+0x8/0x8 [ 38.045218] ? __lock_is_held+0xb5/0x140 [ 38.049274] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.054377] ? find_held_lock+0x36/0x1c0 [ 38.058440] ? __call_srcu+0x7f9/0x1070 [ 38.062417] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.067602] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.072702] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.077285] ? preempt_schedule+0x4d/0x60 [ 38.081460] preempt_schedule_common+0x1f/0xd0 [ 38.086041] preempt_schedule+0x4d/0x60 [ 38.090013] ___preempt_schedule+0x16/0x18 [ 38.094250] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.099177] __call_srcu+0x7f9/0x1070 [ 38.102980] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.108084] ? srcu_offline_cpu+0x120/0x120 [ 38.112409] ? debug_object_free+0x690/0x690 [ 38.116817] ? mark_held_locks+0x130/0x130 [ 38.121053] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.125638] ? lock_release+0x970/0x970 [ 38.129610] ? arch_local_save_flags+0x40/0x40 [ 38.134192] ? depot_save_stack+0x292/0x470 [ 38.138522] ? __lockdep_init_map+0x105/0x590 [ 38.143016] ? __init_waitqueue_head+0x9e/0x150 [ 38.147687] ? init_wait_entry+0x1c0/0x1c0 [ 38.151932] __synchronize_srcu+0x17b/0x230 [ 38.156255] ? call_srcu+0x10/0x10 [ 38.159795] ? rcu_unexpedite_gp+0x20/0x20 [ 38.164036] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.170040] ? check_preemption_disabled+0x48/0x200 [ 38.175055] synchronize_srcu+0x356/0x5ab [ 38.179200] ? lock_downgrade+0x900/0x900 [ 38.183358] ? synchronize_srcu_expedited+0x20/0x20 [ 38.188377] ? kasan_check_read+0x11/0x20 [ 38.192529] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.197114] ? kasan_check_write+0x14/0x20 [ 38.201358] ? do_raw_spin_lock+0xc1/0x200 [ 38.205600] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.211324] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.216775] ? kvfree+0x61/0x70 [ 38.220064] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.225080] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.229138] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.233547] ? kvm_arch_sync_events+0x30/0x30 [ 38.238043] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.243582] ? mmu_notifier_unregister+0x474/0x600 [ 38.248512] ? __mmu_notifier_register+0x30/0x30 [ 38.253269] ? __free_pages+0x10a/0x190 [ 38.257238] ? free_unref_page+0x960/0x960 [ 38.261484] kvm_put_kvm+0x6c8/0xff0 [ 38.265203] ? kvm_write_guest_cached+0x40/0x40 [ 38.269882] ? up_write+0x7b/0x220 [ 38.273418] ? up_read+0x110/0x110 [ 38.276961] ? mntput+0x74/0xa0 [ 38.280243] ? debugfs_remove_recursive+0x40d/0x530 [ 38.285261] ? debugfs_remove+0x130/0x130 [ 38.289419] ? kvm_vm_release+0x50/0x50 [ 38.293396] kvm_vcpu_release+0x7b/0xa0 [ 38.297386] __fput+0x385/0xa30 [ 38.300665] ? get_max_files+0x20/0x20 [ 38.304559] ? trace_hardirqs_on+0xbd/0x310 [ 38.308883] ? kasan_check_read+0x11/0x20 [ 38.313028] ? task_work_run+0x1af/0x2a0 [ 38.317090] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.322545] ? kasan_check_write+0x14/0x20 [ 38.326780] ? do_raw_spin_lock+0xc1/0x200 [ 38.331014] ____fput+0x15/0x20 [ 38.334297] task_work_run+0x1e8/0x2a0 [ 38.338193] ? task_work_cancel+0x240/0x240 [ 38.342519] ? copy_fd_bitmaps+0x210/0x210 [ 38.346755] ? do_syscall_64+0x9a/0x820 [ 38.350731] exit_to_usermode_loop+0x318/0x380 [ 38.355323] ? syscall_slow_exit_work+0x520/0x520 [ 38.360168] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.365705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.371242] do_syscall_64+0x6be/0x820 [ 38.375131] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.380491] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.385420] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.390261] ? trace_hardirqs_on_caller+0x310/0x310 [ 38.395277] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.400294] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.405327] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.410173] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.415362] RIP: 0033:0x401000 [ 38.418555] Code: 01 f0 ff ff 0f 83 b0 0a 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d cd 16 2d 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 84 0a 00 00 c3 48 83 ec 08 e8 3a 01 00 00 [ 38.437454] RSP: 002b:00007ffeaeae5d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 38.445175] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000401000 [ 38.452443] RDX: 00000000200000c0 RSI: 00000000c080aebe RDI: 0000000000000005 [ 38.459705] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8 [ 38.466971] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401f10 [ 38.474252] R13: 0000000000401fa0 R14: 0000000000000000 R15: 0000000000000000 [ 38.481530] [ 38.481537] ====================================================== [ 38.481543] WARNING: possible circular locking dependency detected [ 38.481547] 4.19.0-rc3+ #11 Not tainted [ 38.481553] ------------------------------------------------------ [ 38.481558] syz-executor991/5503 is trying to acquire lock: [ 38.481562] 00000000da530b19 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 38.481578] [ 38.481583] but task is already holding lock: [ 38.481586] 00000000dec5f03a (report_lock){....}, at: kasan_report+0x8b/0x110 [ 38.481602] [ 38.481607] which lock already depends on the new lock. [ 38.481610] [ 38.481612] [ 38.481618] the existing dependency chain (in reverse order) is: [ 38.481621] [ 38.481623] -> #3 (report_lock){....}: [ 38.481639] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.481643] kasan_report+0x8b/0x110 [ 38.481648] __asan_report_load8_noabort+0x14/0x20 [ 38.481653] __schedule+0xfc3/0x1ed0 [ 38.481657] preempt_schedule_common+0x1f/0xd0 [ 38.481662] preempt_schedule+0x4d/0x60 [ 38.481666] ___preempt_schedule+0x16/0x18 [ 38.481671] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.481676] __call_srcu+0x7f9/0x1070 [ 38.481680] __synchronize_srcu+0x17b/0x230 [ 38.481685] synchronize_srcu+0x356/0x5ab [ 38.481690] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.481695] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.481699] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.481704] kvm_put_kvm+0x6c8/0xff0 [ 38.481708] kvm_vcpu_release+0x7b/0xa0 [ 38.481712] __fput+0x385/0xa30 [ 38.481716] ____fput+0x15/0x20 [ 38.481720] task_work_run+0x1e8/0x2a0 [ 38.481725] exit_to_usermode_loop+0x318/0x380 [ 38.481729] do_syscall_64+0x6be/0x820 [ 38.481735] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.481737] [ 38.481740] -> #2 (&rq->lock){-.-.}: [ 38.481755] _raw_spin_lock+0x2d/0x40 [ 38.481760] task_fork_fair+0xb0/0x6d0 [ 38.481764] sched_fork+0x443/0xba0 [ 38.481768] copy_process+0x2586/0x8780 [ 38.481772] _do_fork+0x1cb/0x11d0 [ 38.481776] kernel_thread+0x34/0x40 [ 38.481781] rest_init+0x22/0xe5 [ 38.481785] start_kernel+0x8f4/0x92f [ 38.481790] x86_64_start_reservations+0x29/0x2b [ 38.481795] x86_64_start_kernel+0x76/0x79 [ 38.481799] secondary_startup_64+0xa4/0xb0 [ 38.481802] [ 38.481805] -> #1 (&p->pi_lock){-.-.}: [ 38.481821] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.481825] try_to_wake_up+0xd2/0x12f0 [ 38.481830] wake_up_process+0x10/0x20 [ 38.481834] __up.isra.1+0x1c0/0x2a0 [ 38.481837] up+0x13c/0x1c0 [ 38.481842] __up_console_sem+0xbe/0x1b0 [ 38.481852] console_unlock+0x524/0x11a0 [ 38.481856] vprintk_emit+0x33d/0x930 [ 38.481861] vprintk_default+0x28/0x30 [ 38.481865] vprintk_func+0x7e/0x181 [ 38.481869] printk+0xa7/0xcf [ 38.481873] load_umh+0x51/0xbd [ 38.481877] do_one_initcall+0x145/0x957 [ 38.481882] kernel_init_freeable+0x4bb/0x5ae [ 38.481886] kernel_init+0x11/0x1b2 [ 38.481890] ret_from_fork+0x3a/0x50 [ 38.481893] [ 38.481896] -> #0 ((console_sem).lock){-...}: [ 38.481912] lock_acquire+0x1ed/0x520 [ 38.481916] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.481921] down_trylock+0x13/0x70 [ 38.481926] __down_trylock_console_sem+0xae/0x200 [ 38.481930] console_trylock+0x15/0xa0 [ 38.481934] vprintk_emit+0x322/0x930 [ 38.481939] vprintk_default+0x28/0x30 [ 38.481943] vprintk_func+0x7e/0x181 [ 38.481947] printk+0xa7/0xcf [ 38.481951] kasan_report+0x9b/0x110 [ 38.481957] __asan_report_load8_noabort+0x14/0x20 [ 38.481961] __schedule+0xfc3/0x1ed0 [ 38.481966] preempt_schedule_common+0x1f/0xd0 [ 38.481970] preempt_schedule+0x4d/0x60 [ 38.481975] ___preempt_schedule+0x16/0x18 [ 38.481980] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.481984] __call_srcu+0x7f9/0x1070 [ 38.481989] __synchronize_srcu+0x17b/0x230 [ 38.481993] synchronize_srcu+0x356/0x5ab [ 38.481999] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.482003] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.482008] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.482012] kvm_put_kvm+0x6c8/0xff0 [ 38.482016] kvm_vcpu_release+0x7b/0xa0 [ 38.482020] __fput+0x385/0xa30 [ 38.482024] ____fput+0x15/0x20 [ 38.482029] task_work_run+0x1e8/0x2a0 [ 38.482033] exit_to_usermode_loop+0x318/0x380 [ 38.482038] do_syscall_64+0x6be/0x820 [ 38.482043] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.482045] [ 38.482050] other info that might help us debug this: [ 38.482053] [ 38.482056] Chain exists of: [ 38.482059] (console_sem).lock --> &rq->lock --> report_lock [ 38.482078] [ 38.482083] Possible unsafe locking scenario: [ 38.482086] [ 38.482090] CPU0 CPU1 [ 38.482094] ---- ---- [ 38.482097] lock(report_lock); [ 38.482108] lock(&rq->lock); [ 38.482118] lock(report_lock); [ 38.482126] lock((console_sem).lock); [ 38.482135] [ 38.482139] *** DEADLOCK *** [ 38.482141] [ 38.482146] 2 locks held by syz-executor991/5503: [ 38.482149] #0: 00000000f110626e (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 38.482167] #1: 00000000dec5f03a (report_lock){....}, at: kasan_report+0x8b/0x110 [ 38.482186] [ 38.482189] stack backtrace: [ 38.482196] CPU: 1 PID: 5503 Comm: syz-executor991 Not tainted 4.19.0-rc3+ #11 [ 38.482204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.482207] Call Trace: [ 38.482211] dump_stack+0x1c4/0x2b4 [ 38.482216] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.482221] ? vprintk_func+0x85/0x181 [ 38.482226] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 38.482230] ? save_trace+0xe0/0x290 [ 38.482235] __lock_acquire+0x33e4/0x4ec0 [ 38.482239] ? mark_held_locks+0x130/0x130 [ 38.482244] ? mark_held_locks+0x130/0x130 [ 38.482248] ? rcu_bh_qs+0xc0/0xc0 [ 38.482252] ? unwind_dump+0x190/0x190 [ 38.482257] ? is_bpf_text_address+0xd3/0x170 [ 38.482261] ? kernel_text_address+0x79/0xf0 [ 38.482266] ? __kernel_text_address+0xd/0x40 [ 38.482270] ? __save_stack_trace+0x8d/0xf0 [ 38.482276] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 38.482280] ? save_trace+0x290/0x290 [ 38.482284] ? save_stack_trace+0x1a/0x20 [ 38.482288] ? save_trace+0xe0/0x290 [ 38.482293] ? kasan_check_read+0x11/0x20 [ 38.482297] ? graph_lock+0x170/0x170 [ 38.482302] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.482306] lock_acquire+0x1ed/0x520 [ 38.482318] ? down_trylock+0x13/0x70 [ 38.482323] ? find_held_lock+0x36/0x1c0 [ 38.482327] ? lock_release+0x970/0x970 [ 38.482332] ? trace_hardirqs_off+0xb8/0x310 [ 38.482336] ? vprintk_emit+0x1d3/0x930 [ 38.482341] ? trace_hardirqs_on+0x310/0x310 [ 38.482345] ? trace_hardirqs_off+0xb8/0x310 [ 38.482350] ? log_store+0x344/0x4c0 [ 38.482354] ? vprintk_emit+0x322/0x930 [ 38.482359] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.482363] ? down_trylock+0x13/0x70 [ 38.482367] down_trylock+0x13/0x70 [ 38.482372] __down_trylock_console_sem+0xae/0x200 [ 38.482376] console_trylock+0x15/0xa0 [ 38.482381] vprintk_emit+0x322/0x930 [ 38.482385] ? wake_up_klogd+0x180/0x180 [ 38.482390] ? run_rebalance_domains+0x500/0x500 [ 38.482394] ? find_held_lock+0x36/0x1c0 [ 38.482399] ? __queue_work+0x6be/0x1440 [ 38.482403] ? lock_acquire+0x1ed/0x520 [ 38.482407] vprintk_default+0x28/0x30 [ 38.482411] vprintk_func+0x7e/0x181 [ 38.482415] printk+0xa7/0xcf [ 38.482420] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 38.482424] ? kasan_check_write+0x14/0x20 [ 38.482429] ? do_raw_spin_lock+0xc1/0x200 [ 38.482433] ? do_raw_spin_lock+0xc1/0x200 [ 38.482437] kasan_report+0x9b/0x110 [ 38.482442] ? __schedule+0xfc3/0x1ed0 [ 38.482447] __asan_report_load8_noabort+0x14/0x20 [ 38.482451] __schedule+0xfc3/0x1ed0 [ 38.482455] ? __sched_text_start+0x8/0x8 [ 38.482460] ? __lock_is_held+0xb5/0x140 [ 38.482465] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.482469] ? find_held_lock+0x36/0x1c0 [ 38.482473] ? __call_srcu+0x7f9/0x1070 [ 38.482478] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.482483] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.482488] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.482493] ? preempt_schedule+0x4d/0x60 [ 38.482497] preempt_schedule_common+0x1f/0xd0 [ 38.482502] preempt_schedule+0x4d/0x60 [ 38.482506] ___preempt_schedule+0x16/0x18 [ 38.482511] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.482515] __call_srcu+0x7f9/0x1070 [ 38.482520] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.482525] ? srcu_offline_cpu+0x120/0x120 [ 38.482530] ? debug_object_free+0x690/0x690 [ 38.482534] ? mark_held_locks+0x130/0x130 [ 38.482539] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.482543] ? lock_release+0x970/0x970 [ 38.482548] ? arch_local_save_flags+0x40/0x40 [ 38.482553] ? depot_save_stack+0x292/0x470 [ 38.482557] ? __lockdep_init_map+0x105/0x590 [ 38.482562] ? __init_waitqueue_head+0x9e/0x150 [ 38.482566] ? init_wait_entry+0x1c0/0x1c0 [ 38.482571] __synchronize_srcu+0x17b/0x230 [ 38.482575] ? call_srcu+0x10/0x10 [ 38.482580] ? rcu_unexpedite_gp+0x20/0x20 [ 38.482585] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.482590] ? check_preemption_disabled+0x48/0x200 [ 38.482594] synchronize_srcu+0x356/0x5ab [ 38.482599] ? lock_downgrade+0x900/0x900 [ 38.482604] ? synchronize_srcu_expedited+0x20/0x20 [ 38.482608] ? kasan_check_read+0x11/0x20 [ 38.482613] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.482618] ? kasan_check_write+0x14/0x20 [ 38.482622] ? do_raw_spin_lock+0xc1/0x200 [ 38.482628] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.482633] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.482637] ? kvfree+0x61/0x70 [ 38.482642] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.482646] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.482651] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.482656] ? kvm_arch_sync_events+0x30/0x30 [ 38.482661] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.482666] ? mmu_notifier_unregister+0x474/0x600 [ 38.482671] ? __mmu_notifier_register+0x30/0x30 [ 38.482675] ? __free_pages+0x10a/0x190 [ 38.482680] ? free_unref_page+0x960/0x960 [ 38.482684] kvm_put_kvm+0x6c8/0xff0 [ 38.482689] ? kvm_write_guest_cached+0x40/0x40 [ 38.482693] ? up_write+0x7b/0x220 [ 38.482697] ? up_read+0x110/0x110 [ 38.482701] ? mntput+0x74/0xa0 [ 38.482706] ? debugfs_remove_recursive+0x40d/0x530 [ 38.482710] ? debugfs_remove+0x130/0x130 [ 38.482714] ? kvm_vm_release+0x50/0x50 [ 38.482719] kvm_vcpu_release+0x7b/0xa0 [ 38.482723] __fput+0x385/0xa30 [ 38.482727] ? get_max_files+0x20/0x20 [ 38.482731] ? trace_hardirqs_on+0xbd/0x310 [ 38.482736] ? kasan_check_read+0x11/0x20 [ 38.482740] ? task_work_run+0x1af/0x2a0 [ 38.482743] ? __bpf_tra [ 38.482751] Lost 29 message(s)! [ 39.634575] Shutting down cpus with NMI [ 40.693179] Kernel Offset: disabled [ 40.696804] Rebooting in 86400 seconds..