[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.485825] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.557458] random: sshd: uninitialized urandom read (32 bytes read) [ 29.924918] random: sshd: uninitialized urandom read (32 bytes read) [ 30.452267] random: sshd: uninitialized urandom read (32 bytes read) [ 30.628669] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.59' (ECDSA) to the list of known hosts. [ 36.324598] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 36.423277] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 36.454826] ================================================================== [ 36.464700] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 36.470928] Read of size 8 at addr ffff8801d9708058 by task syz-executor202/4696 [ 36.478445] [ 36.480072] CPU: 1 PID: 4696 Comm: syz-executor202 Not tainted 4.19.0-rc1+ #215 [ 36.487508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.496853] Call Trace: [ 36.499444] dump_stack+0x1c9/0x2b4 [ 36.503073] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.508261] ? printk+0xa7/0xcf [ 36.511537] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.516295] ? __schedule+0xf54/0x1df0 [ 36.520189] print_address_description+0x6c/0x20b [ 36.525114] ? __schedule+0xf54/0x1df0 [ 36.528998] kasan_report.cold.7+0x242/0x30d [ 36.533404] __asan_report_load8_noabort+0x14/0x20 [ 36.538329] __schedule+0xf54/0x1df0 [ 36.542045] ? __sched_text_start+0x8/0x8 [ 36.546188] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 36.551289] ? __call_srcu+0x7e7/0x1040 [ 36.555273] ? check_same_owner+0x340/0x340 [ 36.559588] ? mark_held_locks+0x160/0x160 [ 36.563818] ? find_held_lock+0x36/0x1c0 [ 36.567880] preempt_schedule_common+0x22/0x60 [ 36.572471] _cond_resched+0x1d/0x30 [ 36.576185] wait_for_completion+0xa5/0x8d0 [ 36.580509] ? wait_for_completion_interruptible+0x950/0x950 [ 36.586310] ? __lockdep_init_map+0x105/0x590 [ 36.590808] ? __init_waitqueue_head+0x9e/0x150 [ 36.595475] ? init_wait_entry+0x1c0/0x1c0 [ 36.599716] __synchronize_srcu+0x189/0x240 [ 36.604036] ? call_srcu+0x10/0x10 [ 36.607576] ? rcu_unexpedite_gp+0x20/0x20 [ 36.611815] synchronize_srcu+0x335/0x56f [ 36.615958] ? lock_downgrade+0x8f0/0x8f0 [ 36.620105] ? synchronize_srcu_expedited+0x20/0x20 [ 36.625118] ? kasan_check_read+0x11/0x20 [ 36.629271] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.633850] ? kasan_check_write+0x14/0x20 [ 36.638080] ? do_raw_spin_lock+0xc1/0x200 [ 36.642319] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.648028] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.653483] ? kvfree+0x61/0x70 [ 36.656775] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.661790] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.665849] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.670265] ? kvm_arch_sync_events+0x30/0x30 [ 36.674761] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.680318] ? mmu_notifier_unregister+0x474/0x600 [ 36.685252] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.689659] ? kfree+0x111/0x210 [ 36.693031] ? __mmu_notifier_register+0x30/0x30 [ 36.697785] ? __free_pages+0x10a/0x190 [ 36.701756] ? free_unref_page+0x930/0x930 [ 36.705999] kvm_put_kvm+0x73f/0x1060 [ 36.709804] ? kvm_write_guest_cached+0x40/0x40 [ 36.714474] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.718962] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.723458] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.728045] ? kasan_check_write+0x14/0x20 [ 36.732301] ? do_raw_spin_lock+0xc1/0x200 [ 36.736536] ? kvm_irqfd_release+0xdd/0x120 [ 36.740849] ? kvm_irqfd_release+0xdd/0x120 [ 36.745177] ? kvm_put_kvm+0x1060/0x1060 [ 36.749243] kvm_vm_release+0x42/0x50 [ 36.753041] __fput+0x38a/0xa40 [ 36.756328] ? __alloc_file+0x400/0x400 [ 36.760320] ? check_same_owner+0x340/0x340 [ 36.764649] ? kasan_check_write+0x14/0x20 [ 36.768890] ? do_raw_spin_lock+0xc1/0x200 [ 36.773120] ____fput+0x15/0x20 [ 36.776393] task_work_run+0x1e8/0x2a0 [ 36.780277] ? task_work_cancel+0x240/0x240 [ 36.784599] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.790134] ? switch_task_namespaces+0xa2/0xd0 [ 36.794805] do_exit+0x1ae4/0x26e0 [ 36.798346] ? copy_user_handle_tail+0x54/0xb0 [ 36.802930] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.807600] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.813139] ? inet_gifconf+0x2f9/0x3f0 [ 36.817113] ? inet_netconf_get_devconf+0x5b0/0x5b0 [ 36.822132] ? inet_netconf_get_devconf+0x5b0/0x5b0 [ 36.827150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.832689] ? dev_ifconf+0x17b/0x240 [ 36.836494] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.842027] ? sock_do_ioctl+0x107/0x3e0 [ 36.846088] ? compat_ifr_data_ioctl+0x170/0x170 [ 36.850840] ? find_held_lock+0x36/0x1c0 [ 36.855168] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 36.860356] ? sock_ioctl+0x32e/0x680 [ 36.864152] ? rcu_is_watching+0x8c/0x150 [ 36.868311] ? dlci_ioctl_set+0x40/0x40 [ 36.872292] ? __fget_light+0x2f7/0x440 [ 36.876276] ? fget_raw+0x20/0x20 [ 36.879730] ? dlci_ioctl_set+0x40/0x40 [ 36.883708] ? do_vfs_ioctl+0x201/0x1720 [ 36.887770] ? alloc_file_pseudo+0x281/0x3f0 [ 36.892184] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 36.897203] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.902735] ? sockfd_lookup_light+0xc5/0x160 [ 36.907232] ? __sys_setsockopt+0x257/0x3b0 [ 36.911563] do_group_exit+0x177/0x440 [ 36.915449] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.919771] ? __ia32_sys_exit+0x50/0x50 [ 36.923829] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.928932] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.934470] __x64_sys_exit_group+0x3e/0x50 [ 36.938793] do_syscall_64+0x1b9/0x820 [ 36.942689] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.948051] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.952977] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.957816] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.962831] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.967845] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.972696] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.977883] RIP: 0033:0x4400b8 [ 36.981162] Code: Bad RIP value. [ 36.984518] RSP: 002b:00007ffe379efff8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.992223] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004400b8 [ 36.999498] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.006762] RBP: 00000000004bfba8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.014035] R10: 0000000020013e95 R11: 0000000000000246 R12: 0000000000000001 [ 37.021300] R13: 00000000006d11c0 R14: 0000000000000000 R15: 0000000000000000 [ 37.028566] [ 37.030184] Allocated by task 4696: [ 37.033813] save_stack+0x43/0xd0 [ 37.037269] kasan_kmalloc+0xc4/0xe0 [ 37.040984] kasan_slab_alloc+0x12/0x20 [ 37.044958] kmem_cache_alloc+0x12e/0x710 [ 37.049106] vmx_create_vcpu+0xcf/0x2830 [ 37.053165] kvm_arch_vcpu_create+0xe5/0x220 [ 37.057571] kvm_vm_ioctl+0x488/0x1d80 [ 37.061457] do_vfs_ioctl+0x1de/0x1720 [ 37.065338] ksys_ioctl+0xa9/0xd0 [ 37.068787] __x64_sys_ioctl+0x73/0xb0 [ 37.072671] do_syscall_64+0x1b9/0x820 [ 37.076566] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.081766] [ 37.083385] Freed by task 4696: [ 37.086661] save_stack+0x43/0xd0 [ 37.090117] __kasan_slab_free+0x11a/0x170 [ 37.094352] kasan_slab_free+0xe/0x10 [ 37.098147] kmem_cache_free+0x86/0x280 [ 37.102121] vmx_free_vcpu+0x26b/0x300 [ 37.106001] kvm_arch_destroy_vm+0x365/0x7c0 [ 37.110407] kvm_put_kvm+0x73f/0x1060 [ 37.114206] kvm_vm_release+0x42/0x50 [ 37.118011] __fput+0x38a/0xa40 [ 37.121292] ____fput+0x15/0x20 [ 37.124563] task_work_run+0x1e8/0x2a0 [ 37.128448] do_exit+0x1ae4/0x26e0 [ 37.131985] do_group_exit+0x177/0x440 [ 37.135874] __x64_sys_exit_group+0x3e/0x50 [ 37.140193] do_syscall_64+0x1b9/0x820 [ 37.144553] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.149729] [ 37.151375] The buggy address belongs to the object at ffff8801d9708040 [ 37.151375] which belongs to the cache kvm_vcpu of size 23872 [ 37.163948] The buggy address is located 24 bytes inside of [ 37.163948] 23872-byte region [ffff8801d9708040, ffff8801d970dd80) [ 37.175902] The buggy address belongs to the page: [ 37.180827] page:ffffea000765c200 count:1 mapcount:0 mapping:ffff8801d9fd8500 index:0x0 compound_mapcount: 0 [ 37.190797] flags: 0x2fffc0000008100(slab|head) [ 37.195471] raw: 02fffc0000008100 ffff8801d7356148 ffff8801d7356148 ffff8801d9fd8500 [ 37.203353] raw: 0000000000000000 ffff8801d9708040 0000000100000001 0000000000000000 [ 37.211221] page dumped because: kasan: bad access detected [ 37.216925] [ 37.218546] Memory state around the buggy address: [ 37.223470] ffff8801d9707f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.230834] ffff8801d9707f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.238211] >ffff8801d9708000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 37.245571] ^ [ 37.251795] ffff8801d9708080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.259150] ffff8801d9708100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.266504] ================================================================== [ 37.273854] Kernel panic - not syncing: panic_on_warn set ... [ 37.273854] [ 37.281223] CPU: 1 PID: 4696 Comm: syz-executor202 Tainted: G B 4.19.0-rc1+ #215 [ 37.290067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.299419] Call Trace: [ 37.302014] dump_stack+0x1c9/0x2b4 [ 37.305673] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.310889] ? lock_downgrade+0x8f0/0x8f0 [ 37.315040] ? __schedule+0xf54/0x1df0 [ 37.318925] panic+0x238/0x4e7 [ 37.322117] ? add_taint.cold.5+0x16/0x16 [ 37.326269] ? print_shadow_for_address+0xba/0x116 [ 37.331195] ? trace_hardirqs_off+0xaf/0x2b0 [ 37.335600] ? trace_hardirqs_off+0x77/0x2b0 [ 37.340012] ? __schedule+0xf54/0x1df0 [ 37.343905] kasan_end_report+0x47/0x4f [ 37.347883] kasan_report.cold.7+0x76/0x30d [ 37.352214] __asan_report_load8_noabort+0x14/0x20 [ 37.357150] __schedule+0xf54/0x1df0 [ 37.360863] ? __sched_text_start+0x8/0x8 [ 37.365008] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 37.370111] ? __call_srcu+0x7e7/0x1040 [ 37.374099] ? check_same_owner+0x340/0x340 [ 37.378424] ? mark_held_locks+0x160/0x160 [ 37.382659] ? find_held_lock+0x36/0x1c0 [ 37.386737] preempt_schedule_common+0x22/0x60 [ 37.391328] _cond_resched+0x1d/0x30 [ 37.395046] wait_for_completion+0xa5/0x8d0 [ 37.399378] ? wait_for_completion_interruptible+0x950/0x950 [ 37.405179] ? __lockdep_init_map+0x105/0x590 [ 37.409687] ? __init_waitqueue_head+0x9e/0x150 [ 37.414355] ? init_wait_entry+0x1c0/0x1c0 [ 37.418598] __synchronize_srcu+0x189/0x240 [ 37.422915] ? call_srcu+0x10/0x10 [ 37.426453] ? rcu_unexpedite_gp+0x20/0x20 [ 37.430702] synchronize_srcu+0x335/0x56f [ 37.434851] ? lock_downgrade+0x8f0/0x8f0 [ 37.438998] ? synchronize_srcu_expedited+0x20/0x20 [ 37.444034] ? kasan_check_read+0x11/0x20 [ 37.448191] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.452777] ? kasan_check_write+0x14/0x20 [ 37.457014] ? do_raw_spin_lock+0xc1/0x200 [ 37.461256] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.466967] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.472416] ? kvfree+0x61/0x70 [ 37.475711] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.480736] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.484799] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.489205] ? kvm_arch_sync_events+0x30/0x30 [ 37.493717] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.499266] ? mmu_notifier_unregister+0x474/0x600 [ 37.504192] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.508597] ? kfree+0x111/0x210 [ 37.511961] ? __mmu_notifier_register+0x30/0x30 [ 37.517247] ? __free_pages+0x10a/0x190 [ 37.521223] ? free_unref_page+0x930/0x930 [ 37.525472] kvm_put_kvm+0x73f/0x1060 [ 37.529278] ? kvm_write_guest_cached+0x40/0x40 [ 37.533947] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.538440] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.542930] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.547514] ? kasan_check_write+0x14/0x20 [ 37.551743] ? do_raw_spin_lock+0xc1/0x200 [ 37.555989] ? kvm_irqfd_release+0xdd/0x120 [ 37.560308] ? kvm_irqfd_release+0xdd/0x120 [ 37.564626] ? kvm_put_kvm+0x1060/0x1060 [ 37.568700] kvm_vm_release+0x42/0x50 [ 37.572498] __fput+0x38a/0xa40 [ 37.575775] ? __alloc_file+0x400/0x400 [ 37.579750] ? check_same_owner+0x340/0x340 [ 37.584071] ? kasan_check_write+0x14/0x20 [ 37.588310] ? do_raw_spin_lock+0xc1/0x200 [ 37.592540] ____fput+0x15/0x20 [ 37.595820] task_work_run+0x1e8/0x2a0 [ 37.599711] ? task_work_cancel+0x240/0x240 [ 37.604035] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.609573] ? switch_task_namespaces+0xa2/0xd0 [ 37.614244] do_exit+0x1ae4/0x26e0 [ 37.617785] ? copy_user_handle_tail+0x54/0xb0 [ 37.622368] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.627042] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.632580] ? inet_gifconf+0x2f9/0x3f0 [ 37.636555] ? inet_netconf_get_devconf+0x5b0/0x5b0 [ 37.641573] ? inet_netconf_get_devconf+0x5b0/0x5b0 [ 37.646599] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.652132] ? dev_ifconf+0x17b/0x240 [ 37.655932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.661468] ? sock_do_ioctl+0x107/0x3e0 [ 37.665526] ? compat_ifr_data_ioctl+0x170/0x170 [ 37.670366] ? find_held_lock+0x36/0x1c0 [ 37.674437] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 37.679631] ? sock_ioctl+0x32e/0x680 [ 37.683426] ? rcu_is_watching+0x8c/0x150 [ 37.687568] ? dlci_ioctl_set+0x40/0x40 [ 37.691541] ? __fget_light+0x2f7/0x440 [ 37.695513] ? fget_raw+0x20/0x20 [ 37.698963] ? dlci_ioctl_set+0x40/0x40 [ 37.702933] ? do_vfs_ioctl+0x201/0x1720 [ 37.706994] ? alloc_file_pseudo+0x281/0x3f0 [ 37.711410] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 37.716436] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.721971] ? sockfd_lookup_light+0xc5/0x160 [ 37.726463] ? __sys_setsockopt+0x257/0x3b0 [ 37.730794] do_group_exit+0x177/0x440 [ 37.734691] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.739015] ? __ia32_sys_exit+0x50/0x50 [ 37.743069] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.748170] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.753715] __x64_sys_exit_group+0x3e/0x50 [ 37.758040] do_syscall_64+0x1b9/0x820 [ 37.761927] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.767296] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.772221] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.777063] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 37.782078] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.787094] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.791940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.797126] RIP: 0033:0x4400b8 [ 37.800318] Code: Bad RIP value. [ 37.803673] RSP: 002b:00007ffe379efff8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.811390] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004400b8 [ 37.818651] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.825923] RBP: 00000000004bfba8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.833188] R10: 0000000020013e95 R11: 0000000000000246 R12: 0000000000000001 [ 37.840453] R13: 00000000006d11c0 R14: 0000000000000000 R15: 0000000000000000 [ 37.847726] [ 37.847731] ====================================================== [ 37.847737] WARNING: possible circular locking dependency detected [ 37.847740] 4.19.0-rc1+ #215 Not tainted [ 37.847746] ------------------------------------------------------ [ 37.847750] syz-executor202/4696 is trying to acquire lock: [ 37.847754] 000000002809e2fb ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 37.847768] [ 37.847772] but task is already holding lock: [ 37.847775] 0000000035156592 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.847789] [ 37.847794] which lock already depends on the new lock. [ 37.847796] [ 37.847799] [ 37.847804] the existing dependency chain (in reverse order) is: [ 37.847806] [ 37.847808] -> #3 (report_lock){....}: [ 37.847822] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.847826] kasan_report+0x8e/0x110 [ 37.847831] __asan_report_load8_noabort+0x14/0x20 [ 37.847834] __schedule+0xf54/0x1df0 [ 37.847839] preempt_schedule_common+0x22/0x60 [ 37.847842] _cond_resched+0x1d/0x30 [ 37.847847] wait_for_completion+0xa5/0x8d0 [ 37.847851] __synchronize_srcu+0x189/0x240 [ 37.847855] synchronize_srcu+0x335/0x56f [ 37.847859] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.847863] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.847867] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.847871] kvm_put_kvm+0x73f/0x1060 [ 37.847875] kvm_vm_release+0x42/0x50 [ 37.847878] __fput+0x38a/0xa40 [ 37.847882] ____fput+0x15/0x20 [ 37.847886] task_work_run+0x1e8/0x2a0 [ 37.847890] do_exit+0x1ae4/0x26e0 [ 37.847893] do_group_exit+0x177/0x440 [ 37.847897] __x64_sys_exit_group+0x3e/0x50 [ 37.847901] do_syscall_64+0x1b9/0x820 [ 37.847906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.847908] [ 37.847910] -> #2 (&rq->lock){-.-.}: [ 37.847924] _raw_spin_lock+0x2a/0x40 [ 37.847928] task_fork_fair+0x93/0x680 [ 37.847931] sched_fork+0x44b/0xbd0 [ 37.847935] copy_process+0x235e/0x7ad0 [ 37.847939] _do_fork+0x1ca/0x1170 [ 37.847943] kernel_thread+0x34/0x40 [ 37.847946] rest_init+0x22/0xe4 [ 37.847950] start_kernel+0x913/0x94e [ 37.847955] x86_64_start_reservations+0x29/0x2b [ 37.847959] x86_64_start_kernel+0x76/0x79 [ 37.847963] secondary_startup_64+0xa4/0xb0 [ 37.847965] [ 37.847967] -> #1 (&p->pi_lock){-.-.}: [ 37.847981] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.847985] try_to_wake_up+0xd2/0x1250 [ 37.847989] wake_up_process+0x10/0x20 [ 37.847993] __up.isra.1+0x1c0/0x2a0 [ 37.847996] up+0x13c/0x1c0 [ 37.848000] __up_console_sem+0xbe/0x1b0 [ 37.848004] console_unlock+0x506/0x10d0 [ 37.848008] vprintk_emit+0x33a/0x910 [ 37.848012] vprintk_default+0x28/0x30 [ 37.848016] vprintk_func+0x7a/0x117 [ 37.848019] printk+0xa7/0xcf [ 37.848023] load_umh+0x51/0xbd [ 37.848026] do_one_initcall+0x127/0x838 [ 37.848031] kernel_init_freeable+0x4bb/0x5ae [ 37.848034] kernel_init+0x11/0x1b3 [ 37.848038] ret_from_fork+0x3a/0x50 [ 37.848040] [ 37.848042] -> #0 ((console_sem).lock){-...}: [ 37.848057] lock_acquire+0x1e4/0x4f0 [ 37.848061] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.848065] down_trylock+0x13/0x70 [ 37.848069] __down_trylock_console_sem+0xae/0x200 [ 37.848073] console_trylock+0x15/0xa0 [ 37.848077] vprintk_emit+0x31f/0x910 [ 37.848080] vprintk_default+0x28/0x30 [ 37.848084] vprintk_func+0x7a/0x117 [ 37.848087] printk+0xa7/0xcf [ 37.848091] kasan_report+0x9e/0x110 [ 37.848096] __asan_report_load8_noabort+0x14/0x20 [ 37.848099] __schedule+0xf54/0x1df0 [ 37.848104] preempt_schedule_common+0x22/0x60 [ 37.848107] _cond_resched+0x1d/0x30 [ 37.848111] wait_for_completion+0xa5/0x8d0 [ 37.848116] __synchronize_srcu+0x189/0x240 [ 37.848120] synchronize_srcu+0x335/0x56f [ 37.848124] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.848128] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.848132] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.848136] kvm_put_kvm+0x73f/0x1060 [ 37.848140] kvm_vm_release+0x42/0x50 [ 37.848143] __fput+0x38a/0xa40 [ 37.848147] ____fput+0x15/0x20 [ 37.848151] task_work_run+0x1e8/0x2a0 [ 37.848154] do_exit+0x1ae4/0x26e0 [ 37.848158] do_group_exit+0x177/0x440 [ 37.848162] __x64_sys_exit_group+0x3e/0x50 [ 37.848166] do_syscall_64+0x1b9/0x820 [ 37.848171] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.848173] [ 37.848177] other info that might help us debug this: [ 37.848180] [ 37.848183] Chain exists of: [ 37.848185] (console_sem).lock --> &rq->lock --> report_lock [ 37.848203] [ 37.848207] Possible unsafe locking scenario: [ 37.848209] [ 37.848213] CPU0 CPU1 [ 37.848217] ---- ---- [ 37.848219] lock(report_lock); [ 37.848228] lock(&rq->lock); [ 37.848247] lock(report_lock); [ 37.848255] lock((console_sem).lock); [ 37.848263] [ 37.848266] *** DEADLOCK *** [ 37.848268] [ 37.848272] 2 locks held by syz-executor202/4696: [ 37.848275] #0: 00000000e804df66 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 37.848291] #1: 0000000035156592 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.848308] [ 37.848311] stack backtrace: [ 37.848317] CPU: 1 PID: 4696 Comm: syz-executor202 Not tainted 4.19.0-rc1+ #215 [ 37.848324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.848327] Call Trace: [ 37.848331] dump_stack+0x1c9/0x2b4 [ 37.848335] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.848339] ? vprintk_func+0x100/0x117 [ 37.848344] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 37.848347] ? save_trace+0xe0/0x290 [ 37.848351] __lock_acquire+0x3449/0x5020 [ 37.848355] ? mark_held_locks+0x160/0x160 [ 37.848359] ? mark_held_locks+0x160/0x160 [ 37.848363] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 37.848368] ? is_bpf_text_address+0xd7/0x170 [ 37.848372] ? kernel_text_address+0x79/0xf0 [ 37.848376] ? __kernel_text_address+0xd/0x40 [ 37.848380] ? __save_stack_trace+0x8d/0xf0 [ 37.848384] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 37.848388] ? save_trace+0x290/0x290 [ 37.848392] ? save_stack_trace+0x1a/0x20 [ 37.848396] ? save_trace+0xe0/0x290 [ 37.848400] ? graph_lock+0x170/0x170 [ 37.848405] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.848408] lock_acquire+0x1e4/0x4f0 [ 37.848412] ? down_trylock+0x13/0x70 [ 37.848416] ? lock_release+0x9f0/0x9f0 [ 37.848420] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.848424] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.848428] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.848432] ? log_store+0x34f/0x4c0 [ 37.848436] ? vprintk_emit+0x31f/0x910 [ 37.848440] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.848443] ? down_trylock+0x13/0x70 [ 37.848447] down_trylock+0x13/0x70 [ 37.848451] __down_trylock_console_sem+0xae/0x200 [ 37.848455] console_trylock+0x15/0xa0 [ 37.848459] vprintk_emit+0x31f/0x910 [ 37.848463] ? wake_up_klogd+0x110/0x110 [ 37.848467] ? run_rebalance_domains+0x4c0/0x4c0 [ 37.848471] ? kasan_check_read+0x11/0x20 [ 37.848475] ? rcu_is_watching+0x8c/0x150 [ 37.848479] ? rcu_pm_notify+0xc0/0xc0 [ 37.848483] ? lock_acquire+0x1e4/0x4f0 [ 37.848486] ? kasan_report+0x8e/0x110 [ 37.848490] ? __schedule+0xf54/0x1df0 [ 37.848494] vprintk_default+0x28/0x30 [ 37.848498] vprintk_func+0x7a/0x117 [ 37.848501] printk+0xa7/0xcf [ 37.848505] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.848509] ? kasan_check_write+0x14/0x20 [ 37.848513] ? do_raw_spin_lock+0xc1/0x200 [ 37.848517] ? do_raw_spin_lock+0xc1/0x200 [ 37.848521] kasan_report+0x9e/0x110 [ 37.848525] __asan_report_load8_noabort+0x14/0x20 [ 37.848529] __schedule+0xf54/0x1df0 [ 37.848533] ? __sched_text_start+0x8/0x8 [ 37.848537] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 37.848541] ? __call_srcu+0x7e7/0x1040 [ 37.848545] ? check_same_owner+0x340/0x340 [ 37.848549] ? mark_held_locks+0x160/0x160 [ 37.848553] ? find_held_lock+0x36/0x1c0 [ 37.848557] preempt_schedule_common+0x22/0x60 [ 37.848561] _cond_resched+0x1d/0x30 [ 37.848565] wait_for_completion+0xa5/0x8d0 [ 37.848570] ? wait_for_completion_interruptible+0x950/0x950 [ 37.848574] ? __lockdep_init_map+0x105/0x590 [ 37.848578] ? __init_waitqueue_head+0x9e/0x150 [ 37.848582] ? init_wait_entry+0x1c0/0x1c0 [ 37.848586] __synchronize_srcu+0x189/0x240 [ 37.848589] ? call_srcu+0x10/0x10 [ 37.848593] ? rcu_unexpedite_gp+0x20/0x20 [ 37.848597] synchronize_srcu+0x335/0x56f [ 37.848601] ? lock_downgrade+0x8f0/0x8f0 [ 37.848606] ? synchronize_srcu_expedited+0x20/0x20 [ 37.848610] ? kasan_check_read+0x11/0x20 [ 37.848614] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.848618] ? kasan_check_write+0x14/0x20 [ 37.848622] ? do_raw_spin_lock+0xc1/0x200 [ 37.848626] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.848631] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.848635] ? kvfree+0x61/0x70 [ 37.848639] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.848643] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.848647] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.848651] ? kvm_arch_sync_events+0x30/0x30 [ 37.848656] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.848666] ? mmu_notifier_unregister+0x474/0x600 [ 37.848670] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.848674] ? kfree+0x111/0x210 [ 37.848678] ? __mmu_notifier_register+0x30/0x30 [ 37.848691] ? __free_pages+0x10a/0x190 [ 37.848695] ? free_unref_page+0x930/0x930 [ 37.848699] kvm_put_kvm+0x73f/0x1060 [ 37.848703] ? kvm_write_guest_cached+0x40/0x40 [ 37.848707] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.848712] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.848716] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.848720] ? kasan_check_write+0x14/0x20 [ 37.848724] ? do_raw_spin_lock+0xc1/0x200 [ 37.848728] ? kvm_irqfd_release+0xdd/0x120 [ 37.848732] ? kvm_irqfd_release+0xdd/0x120 [ 37.848736] ? kvm_put_kvm+0x1060/0x1060 [ 37.848740] kvm_vm_release+0x42/0x50 [ 37.848744] __fput+0x38a/0xa40 [ 37.848747] ? __alloc_file+0x400/0x400 [ 37.848752] ? check_same_owner+0x340/0x340 [ 37.848756] ? kasan_check_write+0x14/0x20 [ 37.848760] ? do_raw_spin_lock+0xc1/0x200 [ 37.848763] ____fput+0x15/0x20 [ 37.848767] task_work_run+0x1e8/0x2a0 [ 37.848771] ? task_work_cancel+0x240/0x240 [ 37.848775] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.848780] ? switch_task_namespaces+0xa2/0xd0 [ 37.848783] do_exit+0x1ae4/0x26e0 [ 37.848787] ? copy_user_handle_tail+0x54/0xb0 [ 37.848791] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.848796] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.848800] ? inet_gifconf+0x2f9/0x3f0 [ 37.848804] ? inet_netconf_get_devconf+0x5b0/0x5b0 [ 37.848809] ? inet_netconf_get_devconf+0x5b0/0x5b0 [ 37.848812] ? __sanitizer_cov_t [ 37.848819] Lost 41 message(s)! [ 38.929443] Shutting down cpus with NMI [ 39.988252] Dumping ftrace buffer: [ 39.991778] (ftrace buffer empty) [ 39.995467] Kernel Offset: disabled [ 39.999075] Rebooting in 86400 seconds..