[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.725802] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.221689] random: sshd: uninitialized urandom read (32 bytes read) [ 25.457384] random: sshd: uninitialized urandom read (32 bytes read) [ 26.030582] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.196' (ECDSA) to the list of known hosts. [ 31.797773] urandom_read: 1 callbacks suppressed [ 31.797780] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 31.902952] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 31.935860] ================================================================== [ 31.945526] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 31.951752] Read of size 8 at addr ffff8801be1c8058 by task syz-executor181/4615 [ 31.959272] [ 31.960900] CPU: 0 PID: 4615 Comm: syz-executor181 Not tainted 4.19.0-rc2+ #220 [ 31.968334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.977693] Call Trace: [ 31.980284] dump_stack+0x1c9/0x2b4 [ 31.983911] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.989094] ? printk+0xa7/0xcf [ 31.992372] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 31.997125] ? __schedule+0xf54/0x1df0 [ 32.001022] print_address_description+0x6c/0x20b [ 32.005888] ? __schedule+0xf54/0x1df0 [ 32.009777] kasan_report.cold.7+0x242/0x30d [ 32.014212] __asan_report_load8_noabort+0x14/0x20 [ 32.019156] __schedule+0xf54/0x1df0 [ 32.022866] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.027963] ? __sched_text_start+0x8/0x8 [ 32.032118] ? __call_srcu+0x7e7/0x1040 [ 32.036098] ? check_same_owner+0x340/0x340 [ 32.040411] ? mark_held_locks+0x160/0x160 [ 32.044635] ? find_held_lock+0x36/0x1c0 [ 32.048691] preempt_schedule_common+0x22/0x60 [ 32.053280] _cond_resched+0x1d/0x30 [ 32.057005] wait_for_completion+0xa5/0x8d0 [ 32.061327] ? wait_for_completion_interruptible+0x950/0x950 [ 32.067136] ? __lockdep_init_map+0x105/0x590 [ 32.071633] ? __init_waitqueue_head+0x9e/0x150 [ 32.076304] ? init_wait_entry+0x1c0/0x1c0 [ 32.080549] __synchronize_srcu+0x189/0x240 [ 32.084868] ? call_srcu+0x10/0x10 [ 32.088409] ? rcu_unexpedite_gp+0x20/0x20 [ 32.092653] synchronize_srcu+0x335/0x56f [ 32.096804] ? lock_downgrade+0x8f0/0x8f0 [ 32.100952] ? synchronize_srcu_expedited+0x20/0x20 [ 32.105997] ? kasan_check_read+0x11/0x20 [ 32.110153] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.114737] ? kasan_check_write+0x14/0x20 [ 32.118989] ? do_raw_spin_lock+0xc1/0x200 [ 32.123363] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.129075] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.134523] ? kvfree+0x61/0x70 [ 32.137801] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.142816] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.146875] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.151283] ? kvm_arch_sync_events+0x30/0x30 [ 32.155782] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.161324] ? mmu_notifier_unregister+0x474/0x600 [ 32.166256] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.170664] ? kfree+0x111/0x210 [ 32.174034] ? __mmu_notifier_register+0x30/0x30 [ 32.179011] ? __free_pages+0x10a/0x190 [ 32.183012] ? free_unref_page+0x930/0x930 [ 32.187280] kvm_put_kvm+0x73f/0x1060 [ 32.191088] ? kvm_write_guest_cached+0x40/0x40 [ 32.195762] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.200262] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.204759] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.209349] ? kasan_check_write+0x14/0x20 [ 32.213585] ? do_raw_spin_lock+0xc1/0x200 [ 32.217821] ? kvm_irqfd_release+0xdd/0x120 [ 32.222139] ? kvm_irqfd_release+0xdd/0x120 [ 32.226463] ? kvm_put_kvm+0x1060/0x1060 [ 32.230523] kvm_vm_release+0x42/0x50 [ 32.234324] __fput+0x38a/0xa40 [ 32.237603] ? __alloc_file+0x400/0x400 [ 32.241579] ? check_same_owner+0x340/0x340 [ 32.245902] ? kasan_check_write+0x14/0x20 [ 32.250137] ? do_raw_spin_lock+0xc1/0x200 [ 32.254368] ____fput+0x15/0x20 [ 32.257645] task_work_run+0x1e8/0x2a0 [ 32.261529] ? task_work_cancel+0x240/0x240 [ 32.265856] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.271400] ? switch_task_namespaces+0xa2/0xd0 [ 32.276065] do_exit+0x1ae4/0x26e0 [ 32.279609] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.284507] ? __lock_acquire+0x7fc/0x5020 [ 32.288756] ? __lock_acquire+0x7fc/0x5020 [ 32.292999] ? mark_held_locks+0x160/0x160 [ 32.297239] ? kasan_check_write+0x14/0x20 [ 32.301483] ? mark_held_locks+0x160/0x160 [ 32.305716] ? rcu_is_watching+0x8c/0x150 [ 32.309863] ? call_rcu_sched+0x12/0x20 [ 32.313837] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.318936] ? kfree+0x111/0x210 [ 32.322307] ? kfree+0x111/0x210 [ 32.325675] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.330779] ? note_gp_changes+0x420/0x420 [ 32.335014] ? graph_lock+0x170/0x170 [ 32.338842] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 32.343854] ? __fget_light+0x2f7/0x440 [ 32.347826] ? graph_lock+0x170/0x170 [ 32.351629] ? fget_raw+0x20/0x20 [ 32.355080] ? blkcg_print_stat+0x1420/0x1420 [ 32.359585] ? find_held_lock+0x36/0x1c0 [ 32.363641] ? find_held_lock+0x36/0x1c0 [ 32.367705] ? lock_downgrade+0x8f0/0x8f0 [ 32.371874] ? check_same_owner+0x340/0x340 [ 32.376190] ? lock_release+0x9f0/0x9f0 [ 32.380158] ? check_same_owner+0x340/0x340 [ 32.384494] ? do_compat_pwritev64+0x1c0/0x1c0 [ 32.389228] do_group_exit+0x177/0x440 [ 32.393390] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.397718] ? __ia32_sys_exit+0x50/0x50 [ 32.401800] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.406908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 32.412445] __x64_sys_exit_group+0x3e/0x50 [ 32.416791] do_syscall_64+0x1b9/0x820 [ 32.420694] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.426069] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.431006] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.435852] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 32.440868] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 32.445883] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.450916] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.455773] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.460955] RIP: 0033:0x442f88 [ 32.464155] Code: Bad RIP value. [ 32.467515] RSP: 002b:00007fffaf664a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.475220] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442f88 [ 32.482488] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.489773] RBP: 00000000004c2ba8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.497061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 32.504323] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000 [ 32.511596] [ 32.513216] Allocated by task 4615: [ 32.516849] save_stack+0x43/0xd0 [ 32.520306] kasan_kmalloc+0xc4/0xe0 [ 32.524032] kasan_slab_alloc+0x12/0x20 [ 32.528006] kmem_cache_alloc+0x12e/0x710 [ 32.532149] vmx_create_vcpu+0xcf/0x2830 [ 32.536208] kvm_arch_vcpu_create+0xe5/0x220 [ 32.540623] kvm_vm_ioctl+0x488/0x1d80 [ 32.544525] do_vfs_ioctl+0x1de/0x1720 [ 32.548411] ksys_ioctl+0xa9/0xd0 [ 32.551862] __x64_sys_ioctl+0x73/0xb0 [ 32.555771] do_syscall_64+0x1b9/0x820 [ 32.559654] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.564828] [ 32.566442] Freed by task 4615: [ 32.569719] save_stack+0x43/0xd0 [ 32.573172] __kasan_slab_free+0x11a/0x170 [ 32.577402] kasan_slab_free+0xe/0x10 [ 32.581197] kmem_cache_free+0x86/0x280 [ 32.585170] vmx_free_vcpu+0x26b/0x300 [ 32.589050] kvm_arch_destroy_vm+0x365/0x7c0 [ 32.593464] kvm_put_kvm+0x73f/0x1060 [ 32.597264] kvm_vm_release+0x42/0x50 [ 32.601057] __fput+0x38a/0xa40 [ 32.604326] ____fput+0x15/0x20 [ 32.607601] task_work_run+0x1e8/0x2a0 [ 32.611483] do_exit+0x1ae4/0x26e0 [ 32.615032] do_group_exit+0x177/0x440 [ 32.618914] __x64_sys_exit_group+0x3e/0x50 [ 32.623239] do_syscall_64+0x1b9/0x820 [ 32.627123] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.632300] [ 32.633926] The buggy address belongs to the object at ffff8801be1c8040 [ 32.633926] which belongs to the cache kvm_vcpu of size 23872 [ 32.646494] The buggy address is located 24 bytes inside of [ 32.646494] 23872-byte region [ffff8801be1c8040, ffff8801be1cdd80) [ 32.658443] The buggy address belongs to the page: [ 32.663367] page:ffffea0006f87200 count:1 mapcount:0 mapping:ffff8801d525ec00 index:0x0 compound_mapcount: 0 [ 32.673331] flags: 0x2fffc0000008100(slab|head) [ 32.678011] raw: 02fffc0000008100 ffff8801d7320148 ffff8801d7320148 ffff8801d525ec00 [ 32.685892] raw: 0000000000000000 ffff8801be1c8040 0000000100000001 0000000000000000 [ 32.693761] page dumped because: kasan: bad access detected [ 32.699457] [ 32.701072] Memory state around the buggy address: [ 32.706006] ffff8801be1c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.713358] ffff8801be1c7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.720707] >ffff8801be1c8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 32.728052] ^ [ 32.734282] ffff8801be1c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.741633] ffff8801be1c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.748984] ================================================================== [ 32.756335] Kernel panic - not syncing: panic_on_warn set ... [ 32.756335] [ 32.763700] CPU: 0 PID: 4615 Comm: syz-executor181 Tainted: G B 4.19.0-rc2+ #220 [ 32.772527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.781868] Call Trace: [ 32.784467] dump_stack+0x1c9/0x2b4 [ 32.788095] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.793298] ? lock_downgrade+0x8f0/0x8f0 [ 32.797444] ? __schedule+0xf54/0x1df0 [ 32.801347] panic+0x238/0x4e7 [ 32.804536] ? add_taint.cold.5+0x16/0x16 [ 32.808700] ? print_shadow_for_address+0xba/0x116 [ 32.813637] ? trace_hardirqs_off+0xaf/0x2b0 [ 32.818043] ? trace_hardirqs_off+0x77/0x2b0 [ 32.822448] ? __schedule+0xf54/0x1df0 [ 32.826576] kasan_end_report+0x47/0x4f [ 32.830550] kasan_report.cold.7+0x76/0x30d [ 32.834876] __asan_report_load8_noabort+0x14/0x20 [ 32.839802] __schedule+0xf54/0x1df0 [ 32.844253] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.849358] ? __sched_text_start+0x8/0x8 [ 32.853504] ? __call_srcu+0x7e7/0x1040 [ 32.858316] ? check_same_owner+0x340/0x340 [ 32.862649] ? mark_held_locks+0x160/0x160 [ 32.866882] ? find_held_lock+0x36/0x1c0 [ 32.870947] preempt_schedule_common+0x22/0x60 [ 32.876251] _cond_resched+0x1d/0x30 [ 32.879978] wait_for_completion+0xa5/0x8d0 [ 32.884305] ? wait_for_completion_interruptible+0x950/0x950 [ 32.890101] ? __lockdep_init_map+0x105/0x590 [ 32.894598] ? __init_waitqueue_head+0x9e/0x150 [ 32.899280] ? init_wait_entry+0x1c0/0x1c0 [ 32.903516] __synchronize_srcu+0x189/0x240 [ 32.907849] ? call_srcu+0x10/0x10 [ 32.911401] ? rcu_unexpedite_gp+0x20/0x20 [ 32.915695] synchronize_srcu+0x335/0x56f [ 32.919838] ? lock_downgrade+0x8f0/0x8f0 [ 32.923992] ? synchronize_srcu_expedited+0x20/0x20 [ 32.929010] ? kasan_check_read+0x11/0x20 [ 32.933175] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.937754] ? kasan_check_write+0x14/0x20 [ 32.941989] ? do_raw_spin_lock+0xc1/0x200 [ 32.946227] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.951943] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.957411] ? kvfree+0x61/0x70 [ 32.960689] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.965701] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.969773] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.974178] ? kvm_arch_sync_events+0x30/0x30 [ 32.978677] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.984329] ? mmu_notifier_unregister+0x474/0x600 [ 32.989277] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.993682] ? kfree+0x111/0x210 [ 32.997047] ? __mmu_notifier_register+0x30/0x30 [ 33.001806] ? __free_pages+0x10a/0x190 [ 33.005775] ? free_unref_page+0x930/0x930 [ 33.010028] kvm_put_kvm+0x73f/0x1060 [ 33.013840] ? kvm_write_guest_cached+0x40/0x40 [ 33.018513] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.023008] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.027501] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.032097] ? kasan_check_write+0x14/0x20 [ 33.036329] ? do_raw_spin_lock+0xc1/0x200 [ 33.040563] ? kvm_irqfd_release+0xdd/0x120 [ 33.044880] ? kvm_irqfd_release+0xdd/0x120 [ 33.049202] ? kvm_put_kvm+0x1060/0x1060 [ 33.053279] kvm_vm_release+0x42/0x50 [ 33.057081] __fput+0x38a/0xa40 [ 33.060359] ? __alloc_file+0x400/0x400 [ 33.064338] ? check_same_owner+0x340/0x340 [ 33.068650] ? kasan_check_write+0x14/0x20 [ 33.072879] ? do_raw_spin_lock+0xc1/0x200 [ 33.077109] ____fput+0x15/0x20 [ 33.080391] task_work_run+0x1e8/0x2a0 [ 33.084278] ? task_work_cancel+0x240/0x240 [ 33.088603] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.094141] ? switch_task_namespaces+0xa2/0xd0 [ 33.098810] do_exit+0x1ae4/0x26e0 [ 33.102352] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.107022] ? __lock_acquire+0x7fc/0x5020 [ 33.111259] ? __lock_acquire+0x7fc/0x5020 [ 33.115488] ? mark_held_locks+0x160/0x160 [ 33.119723] ? kasan_check_write+0x14/0x20 [ 33.123996] ? mark_held_locks+0x160/0x160 [ 33.128254] ? rcu_is_watching+0x8c/0x150 [ 33.132396] ? call_rcu_sched+0x12/0x20 [ 33.136365] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.141462] ? kfree+0x111/0x210 [ 33.144819] ? kfree+0x111/0x210 [ 33.148204] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.153318] ? note_gp_changes+0x420/0x420 [ 33.157546] ? graph_lock+0x170/0x170 [ 33.161468] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 33.166483] ? __fget_light+0x2f7/0x440 [ 33.170450] ? graph_lock+0x170/0x170 [ 33.174253] ? fget_raw+0x20/0x20 [ 33.177725] ? blkcg_print_stat+0x1420/0x1420 [ 33.182223] ? find_held_lock+0x36/0x1c0 [ 33.186291] ? find_held_lock+0x36/0x1c0 [ 33.190355] ? lock_downgrade+0x8f0/0x8f0 [ 33.194497] ? check_same_owner+0x340/0x340 [ 33.198834] ? lock_release+0x9f0/0x9f0 [ 33.202819] ? check_same_owner+0x340/0x340 [ 33.207141] ? do_compat_pwritev64+0x1c0/0x1c0 [ 33.211735] do_group_exit+0x177/0x440 [ 33.215784] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.220102] ? __ia32_sys_exit+0x50/0x50 [ 33.224158] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.229268] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.234800] __x64_sys_exit_group+0x3e/0x50 [ 33.239119] do_syscall_64+0x1b9/0x820 [ 33.243006] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.248374] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.253298] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.258147] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.263171] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 33.268186] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.273217] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.278064] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.283745] RIP: 0033:0x442f88 [ 33.286936] Code: Bad RIP value. [ 33.290334] RSP: 002b:00007fffaf664a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.298043] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442f88 [ 33.305336] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.312702] RBP: 00000000004c2ba8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.319974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 33.327246] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000 [ 33.334518] [ 33.334524] ====================================================== [ 33.334529] WARNING: possible circular locking dependency detected [ 33.334533] 4.19.0-rc2+ #220 Not tainted [ 33.334538] ------------------------------------------------------ [ 33.334543] syz-executor181/4615 is trying to acquire lock: [ 33.334552] 000000001a340454 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 33.334567] [ 33.334571] but task is already holding lock: [ 33.334574] 00000000f790b4ab (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.334600] [ 33.334605] which lock already depends on the new lock. [ 33.334607] [ 33.334609] [ 33.334614] the existing dependency chain (in reverse order) is: [ 33.334616] [ 33.334618] -> #3 (report_lock){....}: [ 33.334632] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.334635] kasan_report+0x8e/0x110 [ 33.334640] __asan_report_load8_noabort+0x14/0x20 [ 33.334643] __schedule+0xf54/0x1df0 [ 33.334647] preempt_schedule_common+0x22/0x60 [ 33.334651] _cond_resched+0x1d/0x30 [ 33.334655] wait_for_completion+0xa5/0x8d0 [ 33.334659] __synchronize_srcu+0x189/0x240 [ 33.334662] synchronize_srcu+0x335/0x56f [ 33.334667] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.334671] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.334675] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.334678] kvm_put_kvm+0x73f/0x1060 [ 33.334682] kvm_vm_release+0x42/0x50 [ 33.334685] __fput+0x38a/0xa40 [ 33.334688] ____fput+0x15/0x20 [ 33.334692] task_work_run+0x1e8/0x2a0 [ 33.334695] do_exit+0x1ae4/0x26e0 [ 33.334699] do_group_exit+0x177/0x440 [ 33.334703] __x64_sys_exit_group+0x3e/0x50 [ 33.334707] do_syscall_64+0x1b9/0x820 [ 33.334723] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.334725] [ 33.334728] -> #2 (&rq->lock){-.-.}: [ 33.334742] _raw_spin_lock+0x2a/0x40 [ 33.334745] task_fork_fair+0x93/0x680 [ 33.334749] sched_fork+0x44b/0xbd0 [ 33.334753] copy_process+0x235e/0x7ad0 [ 33.334756] _do_fork+0x1ca/0x1170 [ 33.334760] kernel_thread+0x34/0x40 [ 33.334763] rest_init+0x22/0xe4 [ 33.334767] start_kernel+0x913/0x94e [ 33.334771] x86_64_start_reservations+0x29/0x2b [ 33.334775] x86_64_start_kernel+0x76/0x79 [ 33.334779] secondary_startup_64+0xa4/0xb0 [ 33.334782] [ 33.334784] -> #1 (&p->pi_lock){-.-.}: [ 33.334798] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.334802] try_to_wake_up+0xd2/0x1250 [ 33.334806] wake_up_process+0x10/0x20 [ 33.334809] __up.isra.1+0x1c0/0x2a0 [ 33.334813] up+0x13c/0x1c0 [ 33.334816] __up_console_sem+0xbe/0x1b0 [ 33.334820] console_unlock+0x506/0x10d0 [ 33.334824] vprintk_emit+0x33a/0x910 [ 33.334828] vprintk_default+0x28/0x30 [ 33.334832] vprintk_func+0x7a/0x117 [ 33.334835] printk+0xa7/0xcf [ 33.334839] load_umh+0x51/0xbd [ 33.334842] do_one_initcall+0x127/0x838 [ 33.334846] kernel_init_freeable+0x4bb/0x5ae [ 33.334850] kernel_init+0x11/0x1b3 [ 33.334854] ret_from_fork+0x3a/0x50 [ 33.334856] [ 33.334858] -> #0 ((console_sem).lock){-...}: [ 33.334872] lock_acquire+0x1e4/0x4f0 [ 33.334876] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.334880] down_trylock+0x13/0x70 [ 33.334884] __down_trylock_console_sem+0xae/0x200 [ 33.334888] console_trylock+0x15/0xa0 [ 33.334892] vprintk_emit+0x31f/0x910 [ 33.334896] vprintk_default+0x28/0x30 [ 33.334899] vprintk_func+0x7a/0x117 [ 33.334903] printk+0xa7/0xcf [ 33.334906] kasan_report+0x9e/0x110 [ 33.334911] __asan_report_load8_noabort+0x14/0x20 [ 33.334914] __schedule+0xf54/0x1df0 [ 33.334918] preempt_schedule_common+0x22/0x60 [ 33.334922] _cond_resched+0x1d/0x30 [ 33.334926] wait_for_completion+0xa5/0x8d0 [ 33.334930] __synchronize_srcu+0x189/0x240 [ 33.334934] synchronize_srcu+0x335/0x56f [ 33.334939] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.334943] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.334947] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.334951] kvm_put_kvm+0x73f/0x1060 [ 33.334955] kvm_vm_release+0x42/0x50 [ 33.334958] __fput+0x38a/0xa40 [ 33.334961] ____fput+0x15/0x20 [ 33.334965] task_work_run+0x1e8/0x2a0 [ 33.334977] do_exit+0x1ae4/0x26e0 [ 33.334981] do_group_exit+0x177/0x440 [ 33.334985] __x64_sys_exit_group+0x3e/0x50 [ 33.334989] do_syscall_64+0x1b9/0x820 [ 33.334993] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.334995] [ 33.335000] other info that might help us debug this: [ 33.335002] [ 33.335005] Chain exists of: [ 33.335007] (console_sem).lock --> &rq->lock --> report_lock [ 33.335034] [ 33.335049] Possible unsafe locking scenario: [ 33.335052] [ 33.335055] CPU0 CPU1 [ 33.335063] ---- ---- [ 33.335066] lock(report_lock); [ 33.335075] lock(&rq->lock); [ 33.335084] lock(report_lock); [ 33.335091] lock((console_sem).lock); [ 33.335099] [ 33.335102] *** DEADLOCK *** [ 33.335104] [ 33.335108] 2 locks held by syz-executor181/4615: [ 33.335111] #0: 00000000790991ef (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 33.335127] #1: 00000000f790b4ab (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.335143] [ 33.335146] stack backtrace: [ 33.335152] CPU: 0 PID: 4615 Comm: syz-executor181 Not tainted 4.19.0-rc2+ #220 [ 33.335159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.335162] Call Trace: [ 33.335166] dump_stack+0x1c9/0x2b4 [ 33.335171] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.335175] ? vprintk_func+0x100/0x117 [ 33.335179] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 33.335183] ? save_trace+0xe0/0x290 [ 33.335187] __lock_acquire+0x3449/0x5020 [ 33.335191] ? mark_held_locks+0x160/0x160 [ 33.335195] ? mark_held_locks+0x160/0x160 [ 33.335199] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 33.335204] ? is_bpf_text_address+0xd7/0x170 [ 33.335208] ? kernel_text_address+0x79/0xf0 [ 33.335212] ? __kernel_text_address+0xd/0x40 [ 33.335216] ? __save_stack_trace+0x8d/0xf0 [ 33.335221] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 33.335224] ? save_trace+0x290/0x290 [ 33.335228] ? save_stack_trace+0x1a/0x20 [ 33.335238] ? save_trace+0xe0/0x290 [ 33.335242] ? graph_lock+0x170/0x170 [ 33.335247] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.335250] lock_acquire+0x1e4/0x4f0 [ 33.335254] ? down_trylock+0x13/0x70 [ 33.335258] ? lock_release+0x9f0/0x9f0 [ 33.335262] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.335266] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.335270] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.335274] ? log_store+0x34f/0x4c0 [ 33.335278] ? vprintk_emit+0x31f/0x910 [ 33.335282] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.335286] ? down_trylock+0x13/0x70 [ 33.335289] down_trylock+0x13/0x70 [ 33.335294] __down_trylock_console_sem+0xae/0x200 [ 33.335298] console_trylock+0x15/0xa0 [ 33.335301] vprintk_emit+0x31f/0x910 [ 33.335305] ? wake_up_klogd+0x110/0x110 [ 33.335309] ? run_rebalance_domains+0x4c0/0x4c0 [ 33.335313] ? kasan_check_read+0x11/0x20 [ 33.335317] ? rcu_is_watching+0x8c/0x150 [ 33.335321] ? rcu_pm_notify+0xc0/0xc0 [ 33.335325] ? lock_acquire+0x1e4/0x4f0 [ 33.335328] ? kasan_report+0x8e/0x110 [ 33.335332] ? __schedule+0xf54/0x1df0 [ 33.335336] vprintk_default+0x28/0x30 [ 33.335340] vprintk_func+0x7a/0x117 [ 33.335343] printk+0xa7/0xcf [ 33.335347] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.335351] ? kasan_check_write+0x14/0x20 [ 33.335355] ? do_raw_spin_lock+0xc1/0x200 [ 33.335359] ? do_raw_spin_lock+0xc1/0x200 [ 33.335363] kasan_report+0x9e/0x110 [ 33.335367] __asan_report_load8_noabort+0x14/0x20 [ 33.335371] __schedule+0xf54/0x1df0 [ 33.335375] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.335379] ? __sched_text_start+0x8/0x8 [ 33.335383] ? __call_srcu+0x7e7/0x1040 [ 33.335387] ? check_same_owner+0x340/0x340 [ 33.335391] ? mark_held_locks+0x160/0x160 [ 33.335395] ? find_held_lock+0x36/0x1c0 [ 33.335399] preempt_schedule_common+0x22/0x60 [ 33.335403] _cond_resched+0x1d/0x30 [ 33.335407] wait_for_completion+0xa5/0x8d0 [ 33.335412] ? wait_for_completion_interruptible+0x950/0x950 [ 33.335416] ? __lockdep_init_map+0x105/0x590 [ 33.335420] ? __init_waitqueue_head+0x9e/0x150 [ 33.335424] ? init_wait_entry+0x1c0/0x1c0 [ 33.335428] __synchronize_srcu+0x189/0x240 [ 33.335431] ? call_srcu+0x10/0x10 [ 33.335435] ? rcu_unexpedite_gp+0x20/0x20 [ 33.335439] synchronize_srcu+0x335/0x56f [ 33.335443] ? lock_downgrade+0x8f0/0x8f0 [ 33.335448] ? synchronize_srcu_expedited+0x20/0x20 [ 33.335452] ? kasan_check_read+0x11/0x20 [ 33.335456] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.335460] ? kasan_check_write+0x14/0x20 [ 33.335464] ? do_raw_spin_lock+0xc1/0x200 [ 33.335469] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.335473] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.335477] ? kvfree+0x61/0x70 [ 33.335481] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.335485] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.335489] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.335493] ? kvm_arch_sync_events+0x30/0x30 [ 33.335498] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.335502] ? mmu_notifier_unregister+0x474/0x600 [ 33.335507] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.335510] ? kfree+0x111/0x210 [ 33.335514] ? __mmu_notifier_register+0x30/0x30 [ 33.335518] ? __free_pages+0x10a/0x190 [ 33.335522] ? free_unref_page+0x930/0x930 [ 33.335526] kvm_put_kvm+0x73f/0x1060 [ 33.335530] ? kvm_write_guest_cached+0x40/0x40 [ 33.335534] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.335538] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.335542] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.335546] ? kasan_check_write+0x14/0x20 [ 33.335550] ? do_raw_spin_lock+0xc1/0x200 [ 33.335554] ? kvm_irqfd_release+0xdd/0x120 [ 33.335558] ? kvm_irqfd_release+0xdd/0x120 [ 33.335562] ? kvm_put_kvm+0x1060/0x1060 [ 33.335566] kvm_vm_release+0x42/0x50 [ 33.335569] __fput+0x38a/0xa40 [ 33.335573] ? __alloc_file+0x400/0x400 [ 33.335577] ? check_same_owner+0x340/0x340 [ 33.335581] ? kasan_check_write+0x14/0x20 [ 33.335585] ? do_raw_spin_lock+0xc1/0x200 [ 33.335589] ____fput+0x15/0x20 [ 33.335592] task_work_run+0x1e8/0x2a0 [ 33.335596] ? task_work_cancel+0x240/0x240 [ 33.335601] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.335605] ? switch_task_namespaces+0xa2/0xd0 [ 33.335609] do_exit+0x1ae4/0x26e0 [ 33.335613] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.335617] ? __lock_acquire+0x7fc/0x5020 [ 33.335621] ? __lock_acquire+0x7fc/0x5020 [ 33.335625] ? mark_held_locks+0x160/0x160 [ 33.335629] ? kasan_check_write+0x14/0x20 [ 33.335633] ? mark_held_locks+0x160/0x160 [ 33.335637] ? rcu_is_watching+0x8c/0x150 [ 33.335640] ? call_rcu_sched+0x12 [ 33.335647] Lost 42 message(s)! [ 34.434955] Shutting down cpus with NMI [ 35.496980] Dumping ftrace buffer: [ 35.500504] (ftrace buffer empty) [ 35.504196] Kernel Offset: disabled [ 35.507808] Rebooting in 86400 seconds..