[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.051182] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.419494] random: sshd: uninitialized urandom read (32 bytes read) [ 24.678486] random: sshd: uninitialized urandom read (32 bytes read) [ 25.205252] random: sshd: uninitialized urandom read (32 bytes read) [ 30.550262] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.196' (ECDSA) to the list of known hosts. [ 36.099728] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 36.194821] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 36.219480] ================================================================== [ 36.229264] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 36.235490] Read of size 8 at addr ffff8801b1a10058 by task syz-executor549/4456 [ 36.243071] [ 36.244699] CPU: 0 PID: 4456 Comm: syz-executor549 Not tainted 4.19.0-rc1+ #212 [ 36.252142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.261485] Call Trace: [ 36.264081] dump_stack+0x1c9/0x2b4 [ 36.267707] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.272892] ? printk+0xa7/0xcf [ 36.276173] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.280926] ? __schedule+0xf54/0x1df0 [ 36.284812] print_address_description+0x6c/0x20b [ 36.289655] ? __schedule+0xf54/0x1df0 [ 36.293542] kasan_report.cold.7+0x242/0x30d [ 36.297952] __asan_report_load8_noabort+0x14/0x20 [ 36.302882] __schedule+0xf54/0x1df0 [ 36.306598] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.311707] ? __sched_text_start+0x8/0x8 [ 36.315853] ? __call_srcu+0x7e7/0x1040 [ 36.319833] ? check_same_owner+0x340/0x340 [ 36.324155] ? mark_held_locks+0x160/0x160 [ 36.328387] ? find_held_lock+0x36/0x1c0 [ 36.332449] preempt_schedule_common+0x22/0x60 [ 36.337040] _cond_resched+0x1d/0x30 [ 36.340753] wait_for_completion+0xa5/0x8d0 [ 36.345080] ? wait_for_completion_interruptible+0x950/0x950 [ 36.350877] ? __lockdep_init_map+0x105/0x590 [ 36.355386] ? __init_waitqueue_head+0x9e/0x150 [ 36.360055] ? init_wait_entry+0x1c0/0x1c0 [ 36.364302] __synchronize_srcu+0x189/0x240 [ 36.368630] ? call_srcu+0x10/0x10 [ 36.372181] ? rcu_unexpedite_gp+0x20/0x20 [ 36.376421] synchronize_srcu+0x335/0x56f [ 36.380574] ? lock_downgrade+0x8f0/0x8f0 [ 36.384726] ? synchronize_srcu_expedited+0x20/0x20 [ 36.389749] ? kasan_check_read+0x11/0x20 [ 36.393905] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.398486] ? kasan_check_write+0x14/0x20 [ 36.402716] ? do_raw_spin_lock+0xc1/0x200 [ 36.406952] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.412667] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.418118] ? kvfree+0x61/0x70 [ 36.421401] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.426416] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.430476] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.434885] ? kvm_arch_sync_events+0x30/0x30 [ 36.439384] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.444921] ? mmu_notifier_unregister+0x474/0x600 [ 36.449848] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.454269] ? kfree+0x111/0x210 [ 36.457639] ? __mmu_notifier_register+0x30/0x30 [ 36.462400] ? __free_pages+0x10a/0x190 [ 36.466379] ? free_unref_page+0x930/0x930 [ 36.470625] kvm_put_kvm+0x73f/0x1060 [ 36.474448] ? kvm_write_guest_cached+0x40/0x40 [ 36.479138] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.483639] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.488138] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.493194] ? kasan_check_write+0x14/0x20 [ 36.497432] ? do_raw_spin_lock+0xc1/0x200 [ 36.501673] ? kvm_irqfd_release+0xdd/0x120 [ 36.505993] ? kvm_irqfd_release+0xdd/0x120 [ 36.510328] ? kvm_put_kvm+0x1060/0x1060 [ 36.514389] kvm_vm_release+0x42/0x50 [ 36.518189] __fput+0x36e/0x8c0 [ 36.521466] ? __alloc_file+0x400/0x400 [ 36.525504] ? check_same_owner+0x340/0x340 [ 36.529827] ? kasan_check_write+0x14/0x20 [ 36.534067] ? do_raw_spin_lock+0xc1/0x200 [ 36.538300] ____fput+0x15/0x20 [ 36.541580] task_work_run+0x1e8/0x2a0 [ 36.545473] ? task_work_cancel+0x240/0x240 [ 36.549802] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.555349] ? switch_task_namespaces+0xa2/0xd0 [ 36.560034] do_exit+0x1ae4/0x26e0 [ 36.563589] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.568273] ? lock_downgrade+0x8f0/0x8f0 [ 36.572982] ? kasan_check_read+0x11/0x20 [ 36.577140] ? rcu_is_watching+0x8c/0x150 [ 36.581285] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.585954] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.590620] ? is_bpf_text_address+0xd7/0x170 [ 36.595113] ? kernel_text_address+0x79/0xf0 [ 36.599808] ? __kernel_text_address+0xd/0x40 [ 36.604298] ? unwind_get_return_address+0x61/0xa0 [ 36.609225] ? __save_stack_trace+0x8d/0xf0 [ 36.613554] ? save_stack+0x43/0xd0 [ 36.617178] ? __kasan_slab_free+0x11a/0x170 [ 36.621584] ? kasan_slab_free+0xe/0x10 [ 36.625550] ? kmem_cache_free+0x86/0x280 [ 36.629698] ? do_sys_open+0x569/0x720 [ 36.633583] ? __x64_sys_open+0x7e/0xc0 [ 36.637555] ? do_syscall_64+0x1b9/0x820 [ 36.641621] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.646980] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.651396] ? kasan_check_read+0x11/0x20 [ 36.655544] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.659949] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.664355] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.668772] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.673875] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.678298] ? kmem_cache_free+0xa0/0x280 [ 36.682446] ? kasan_check_read+0x11/0x20 [ 36.686593] ? rcu_is_watching+0x8c/0x150 [ 36.690737] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.695064] ? rcu_pm_notify+0xc0/0xc0 [ 36.698955] ? putname+0xf2/0x130 [ 36.702406] ? putname+0xf2/0x130 [ 36.705862] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.710875] ? kmem_cache_free+0x246/0x280 [ 36.715111] do_group_exit+0x177/0x440 [ 36.718998] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.723329] ? __ia32_sys_exit+0x50/0x50 [ 36.727387] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.732489] __x64_sys_exit_group+0x3e/0x50 [ 36.736811] do_syscall_64+0x1b9/0x820 [ 36.740701] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.746071] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.750999] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.755849] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.760865] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.765880] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.770898] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.775745] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.780918] RIP: 0033:0x442cc8 [ 36.784095] Code: Bad RIP value. [ 36.787440] RSP: 002b:00007fffeca089e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.795131] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cc8 [ 36.802389] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.809662] RBP: 00000000004c2888 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.816946] R10: 00000000004002e0 R11: 0000000000000246 R12: 0000000000000001 [ 36.824231] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000 [ 36.831509] [ 36.833136] Allocated by task 4456: [ 36.836768] save_stack+0x43/0xd0 [ 36.840219] kasan_kmalloc+0xc4/0xe0 [ 36.843944] kasan_slab_alloc+0x12/0x20 [ 36.847914] kmem_cache_alloc+0x12e/0x710 [ 36.852067] vmx_create_vcpu+0xcf/0x2830 [ 36.856129] kvm_arch_vcpu_create+0xe5/0x220 [ 36.860536] kvm_vm_ioctl+0x488/0x1d80 [ 36.864455] do_vfs_ioctl+0x1de/0x1720 [ 36.868339] ksys_ioctl+0xa9/0xd0 [ 36.871812] __x64_sys_ioctl+0x73/0xb0 [ 36.875716] do_syscall_64+0x1b9/0x820 [ 36.879613] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.884792] [ 36.886429] Freed by task 4456: [ 36.889715] save_stack+0x43/0xd0 [ 36.893173] __kasan_slab_free+0x11a/0x170 [ 36.897410] kasan_slab_free+0xe/0x10 [ 36.901211] kmem_cache_free+0x86/0x280 [ 36.905185] vmx_free_vcpu+0x26b/0x300 [ 36.909070] kvm_arch_destroy_vm+0x365/0x7c0 [ 36.913483] kvm_put_kvm+0x73f/0x1060 [ 36.917284] kvm_vm_release+0x42/0x50 [ 36.921082] __fput+0x36e/0x8c0 [ 36.924361] ____fput+0x15/0x20 [ 36.927636] task_work_run+0x1e8/0x2a0 [ 36.931520] do_exit+0x1ae4/0x26e0 [ 36.935058] do_group_exit+0x177/0x440 [ 36.938946] __x64_sys_exit_group+0x3e/0x50 [ 36.943269] do_syscall_64+0x1b9/0x820 [ 36.947159] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.952334] [ 36.953962] The buggy address belongs to the object at ffff8801b1a10040 [ 36.953962] which belongs to the cache kvm_vcpu of size 23872 [ 36.966541] The buggy address is located 24 bytes inside of [ 36.966541] 23872-byte region [ffff8801b1a10040, ffff8801b1a15d80) [ 36.978510] The buggy address belongs to the page: [ 36.983447] page:ffffea0006c68400 count:1 mapcount:0 mapping:ffff8801d9ff8000 index:0x0 compound_mapcount: 0 [ 36.993429] flags: 0x2fffc0000008100(slab|head) [ 36.998111] raw: 02fffc0000008100 ffff8801d4415e48 ffff8801d4415e48 ffff8801d9ff8000 [ 37.006016] raw: 0000000000000000 ffff8801b1a10040 0000000100000001 0000000000000000 [ 37.013894] page dumped because: kasan: bad access detected [ 37.019601] [ 37.021218] Memory state around the buggy address: [ 37.026147] ffff8801b1a0ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.033505] ffff8801b1a0ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.040864] >ffff8801b1a10000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 37.048223] ^ [ 37.054459] ffff8801b1a10080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.061822] ffff8801b1a10100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.069179] ================================================================== [ 37.076539] Kernel panic - not syncing: panic_on_warn set ... [ 37.076539] [ 37.083921] CPU: 0 PID: 4456 Comm: syz-executor549 Tainted: G B 4.19.0-rc1+ #212 [ 37.092758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.102117] Call Trace: [ 37.104714] dump_stack+0x1c9/0x2b4 [ 37.108348] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.113544] ? lock_downgrade+0x8f0/0x8f0 [ 37.117698] ? __schedule+0xf54/0x1df0 [ 37.121588] panic+0x238/0x4e7 [ 37.124780] ? add_taint.cold.5+0x16/0x16 [ 37.128933] ? print_shadow_for_address+0xba/0x116 [ 37.133862] ? trace_hardirqs_off+0xaf/0x2b0 [ 37.138269] ? trace_hardirqs_off+0x77/0x2b0 [ 37.142679] ? __schedule+0xf54/0x1df0 [ 37.146576] kasan_end_report+0x47/0x4f [ 37.150562] kasan_report.cold.7+0x76/0x30d [ 37.154892] __asan_report_load8_noabort+0x14/0x20 [ 37.159829] __schedule+0xf54/0x1df0 [ 37.163549] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.168665] ? __sched_text_start+0x8/0x8 [ 37.172817] ? __call_srcu+0x7e7/0x1040 [ 37.176803] ? check_same_owner+0x340/0x340 [ 37.181125] ? mark_held_locks+0x160/0x160 [ 37.185357] ? find_held_lock+0x36/0x1c0 [ 37.189420] preempt_schedule_common+0x22/0x60 [ 37.194017] _cond_resched+0x1d/0x30 [ 37.197736] wait_for_completion+0xa5/0x8d0 [ 37.202062] ? wait_for_completion_interruptible+0x950/0x950 [ 37.207868] ? __lockdep_init_map+0x105/0x590 [ 37.212373] ? __init_waitqueue_head+0x9e/0x150 [ 37.217045] ? init_wait_entry+0x1c0/0x1c0 [ 37.221292] __synchronize_srcu+0x189/0x240 [ 37.225620] ? call_srcu+0x10/0x10 [ 37.229175] ? rcu_unexpedite_gp+0x20/0x20 [ 37.233431] synchronize_srcu+0x335/0x56f [ 37.237589] ? lock_downgrade+0x8f0/0x8f0 [ 37.241744] ? synchronize_srcu_expedited+0x20/0x20 [ 37.246770] ? kasan_check_read+0x11/0x20 [ 37.250926] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.255517] ? kasan_check_write+0x14/0x20 [ 37.259764] ? do_raw_spin_lock+0xc1/0x200 [ 37.264015] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.269738] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.275194] ? kvfree+0x61/0x70 [ 37.278481] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.283505] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.287577] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.291997] ? kvm_arch_sync_events+0x30/0x30 [ 37.296514] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.302090] ? mmu_notifier_unregister+0x474/0x600 [ 37.307031] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.311456] ? kfree+0x111/0x210 [ 37.314831] ? __mmu_notifier_register+0x30/0x30 [ 37.319598] ? __free_pages+0x10a/0x190 [ 37.323586] ? free_unref_page+0x930/0x930 [ 37.327860] kvm_put_kvm+0x73f/0x1060 [ 37.331676] ? kvm_write_guest_cached+0x40/0x40 [ 37.336358] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.340862] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.345363] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.349957] ? kasan_check_write+0x14/0x20 [ 37.354199] ? do_raw_spin_lock+0xc1/0x200 [ 37.358437] ? kvm_irqfd_release+0xdd/0x120 [ 37.362759] ? kvm_irqfd_release+0xdd/0x120 [ 37.367083] ? kvm_put_kvm+0x1060/0x1060 [ 37.371150] kvm_vm_release+0x42/0x50 [ 37.374956] __fput+0x36e/0x8c0 [ 37.378239] ? __alloc_file+0x400/0x400 [ 37.382215] ? check_same_owner+0x340/0x340 [ 37.386538] ? kasan_check_write+0x14/0x20 [ 37.390786] ? do_raw_spin_lock+0xc1/0x200 [ 37.395035] ____fput+0x15/0x20 [ 37.398321] task_work_run+0x1e8/0x2a0 [ 37.402212] ? task_work_cancel+0x240/0x240 [ 37.406537] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.412085] ? switch_task_namespaces+0xa2/0xd0 [ 37.416759] do_exit+0x1ae4/0x26e0 [ 37.420314] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.424985] ? lock_downgrade+0x8f0/0x8f0 [ 37.429150] ? kasan_check_read+0x11/0x20 [ 37.433298] ? rcu_is_watching+0x8c/0x150 [ 37.437467] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 37.442146] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 37.446822] ? is_bpf_text_address+0xd7/0x170 [ 37.451319] ? kernel_text_address+0x79/0xf0 [ 37.455727] ? __kernel_text_address+0xd/0x40 [ 37.460226] ? unwind_get_return_address+0x61/0xa0 [ 37.465167] ? __save_stack_trace+0x8d/0xf0 [ 37.469499] ? save_stack+0x43/0xd0 [ 37.473131] ? __kasan_slab_free+0x11a/0x170 [ 37.477549] ? kasan_slab_free+0xe/0x10 [ 37.481536] ? kmem_cache_free+0x86/0x280 [ 37.485703] ? do_sys_open+0x569/0x720 [ 37.489633] ? __x64_sys_open+0x7e/0xc0 [ 37.493624] ? do_syscall_64+0x1b9/0x820 [ 37.497703] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.503091] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.507518] ? kasan_check_read+0x11/0x20 [ 37.511677] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.516097] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.520523] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.524946] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 37.530071] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.534496] ? kmem_cache_free+0xa0/0x280 [ 37.538654] ? kasan_check_read+0x11/0x20 [ 37.542809] ? rcu_is_watching+0x8c/0x150 [ 37.546960] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.551291] ? rcu_pm_notify+0xc0/0xc0 [ 37.555190] ? putname+0xf2/0x130 [ 37.558656] ? putname+0xf2/0x130 [ 37.562126] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.567154] ? kmem_cache_free+0x246/0x280 [ 37.571413] do_group_exit+0x177/0x440 [ 37.575316] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.579651] ? __ia32_sys_exit+0x50/0x50 [ 37.583731] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.588859] __x64_sys_exit_group+0x3e/0x50 [ 37.593199] do_syscall_64+0x1b9/0x820 [ 37.597176] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.602572] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.607517] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.612390] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 37.617433] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.622466] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.627501] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.632367] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.637567] RIP: 0033:0x442cc8 [ 37.640767] Code: Bad RIP value. [ 37.644137] RSP: 002b:00007fffeca089e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.651852] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cc8 [ 37.659136] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.666416] RBP: 00000000004c2888 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.674085] R10: 00000000004002e0 R11: 0000000000000246 R12: 0000000000000001 [ 37.681367] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000 [ 37.688655] [ 37.688661] ====================================================== [ 37.688666] WARNING: possible circular locking dependency detected [ 37.688670] 4.19.0-rc1+ #212 Not tainted [ 37.688675] ------------------------------------------------------ [ 37.688680] syz-executor549/4456 is trying to acquire lock: [ 37.688683] 00000000c491bd0d ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 37.688698] [ 37.688702] but task is already holding lock: [ 37.688705] 0000000091bcd6a9 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.688719] [ 37.688723] which lock already depends on the new lock. [ 37.688725] [ 37.688728] [ 37.688733] the existing dependency chain (in reverse order) is: [ 37.688735] [ 37.688737] -> #3 (report_lock){....}: [ 37.688751] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.688755] kasan_report+0x8e/0x110 [ 37.688759] __asan_report_load8_noabort+0x14/0x20 [ 37.688763] __schedule+0xf54/0x1df0 [ 37.688767] preempt_schedule_common+0x22/0x60 [ 37.688771] _cond_resched+0x1d/0x30 [ 37.688775] wait_for_completion+0xa5/0x8d0 [ 37.688779] __synchronize_srcu+0x189/0x240 [ 37.688783] synchronize_srcu+0x335/0x56f [ 37.688788] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.688792] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.688796] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.688800] kvm_put_kvm+0x73f/0x1060 [ 37.688803] kvm_vm_release+0x42/0x50 [ 37.688807] __fput+0x36e/0x8c0 [ 37.688810] ____fput+0x15/0x20 [ 37.688814] task_work_run+0x1e8/0x2a0 [ 37.688817] do_exit+0x1ae4/0x26e0 [ 37.688821] do_group_exit+0x177/0x440 [ 37.688825] __x64_sys_exit_group+0x3e/0x50 [ 37.688829] do_syscall_64+0x1b9/0x820 [ 37.688834] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.688836] [ 37.688838] -> #2 (&rq->lock){-.-.}: [ 37.688852] _raw_spin_lock+0x2a/0x40 [ 37.688855] task_fork_fair+0x93/0x680 [ 37.688859] sched_fork+0x44b/0xbd0 [ 37.688863] copy_process+0x235e/0x7ad0 [ 37.688866] _do_fork+0x1ca/0x1170 [ 37.688870] kernel_thread+0x34/0x40 [ 37.688873] rest_init+0x22/0xe4 [ 37.688877] start_kernel+0x913/0x94e [ 37.688881] x86_64_start_reservations+0x29/0x2b [ 37.688885] x86_64_start_kernel+0x76/0x79 [ 37.688889] secondary_startup_64+0xa4/0xb0 [ 37.688892] [ 37.688894] -> #1 (&p->pi_lock){-.-.}: [ 37.688908] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.688912] try_to_wake_up+0xd2/0x1250 [ 37.688916] wake_up_process+0x10/0x20 [ 37.688919] __up.isra.1+0x1c0/0x2a0 [ 37.688922] up+0x13c/0x1c0 [ 37.688926] __up_console_sem+0xbe/0x1b0 [ 37.688930] console_unlock+0x506/0x10d0 [ 37.688934] vprintk_emit+0x33a/0x910 [ 37.688938] vprintk_default+0x28/0x30 [ 37.688941] vprintk_func+0x7a/0x117 [ 37.688945] printk+0xa7/0xcf [ 37.688948] load_umh+0x51/0xbd [ 37.688952] do_one_initcall+0x127/0x838 [ 37.688956] kernel_init_freeable+0x4bb/0x5ae [ 37.688960] kernel_init+0x11/0x1b3 [ 37.688963] ret_from_fork+0x3a/0x50 [ 37.688965] [ 37.688968] -> #0 ((console_sem).lock){-...}: [ 37.688982] lock_acquire+0x1e4/0x4f0 [ 37.688986] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.688990] down_trylock+0x13/0x70 [ 37.688994] __down_trylock_console_sem+0xae/0x200 [ 37.688998] console_trylock+0x15/0xa0 [ 37.689012] vprintk_emit+0x31f/0x910 [ 37.689016] vprintk_default+0x28/0x30 [ 37.689020] vprintk_func+0x7a/0x117 [ 37.689023] printk+0xa7/0xcf [ 37.689027] kasan_report+0x9e/0x110 [ 37.689031] __asan_report_load8_noabort+0x14/0x20 [ 37.689035] __schedule+0xf54/0x1df0 [ 37.689039] preempt_schedule_common+0x22/0x60 [ 37.689043] _cond_resched+0x1d/0x30 [ 37.689047] wait_for_completion+0xa5/0x8d0 [ 37.689051] __synchronize_srcu+0x189/0x240 [ 37.689055] synchronize_srcu+0x335/0x56f [ 37.689060] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.689065] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.689069] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.689072] kvm_put_kvm+0x73f/0x1060 [ 37.689076] kvm_vm_release+0x42/0x50 [ 37.689080] __fput+0x36e/0x8c0 [ 37.689083] ____fput+0x15/0x20 [ 37.689087] task_work_run+0x1e8/0x2a0 [ 37.689091] do_exit+0x1ae4/0x26e0 [ 37.689094] do_group_exit+0x177/0x440 [ 37.689099] __x64_sys_exit_group+0x3e/0x50 [ 37.689102] do_syscall_64+0x1b9/0x820 [ 37.689107] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.689109] [ 37.689114] other info that might help us debug this: [ 37.689116] [ 37.689119] Chain exists of: [ 37.689121] (console_sem).lock --> &rq->lock --> report_lock [ 37.689139] [ 37.689143] Possible unsafe locking scenario: [ 37.689145] [ 37.689149] CPU0 CPU1 [ 37.689153] ---- ---- [ 37.689156] lock(report_lock); [ 37.689165] lock(&rq->lock); [ 37.689174] lock(report_lock); [ 37.689182] lock((console_sem).lock); [ 37.689190] [ 37.689193] *** DEADLOCK *** [ 37.689195] [ 37.689200] 2 locks held by syz-executor549/4456: [ 37.689202] #0: 00000000e6f70750 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 37.689218] #1: 0000000091bcd6a9 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.689235] [ 37.689238] stack backtrace: [ 37.689244] CPU: 0 PID: 4456 Comm: syz-executor549 Not tainted 4.19.0-rc1+ #212 [ 37.689251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.689254] Call Trace: [ 37.689258] dump_stack+0x1c9/0x2b4 [ 37.689262] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.689266] ? vprintk_func+0x100/0x117 [ 37.689271] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 37.689275] ? save_trace+0xe0/0x290 [ 37.689279] __lock_acquire+0x3449/0x5020 [ 37.689282] ? mark_held_locks+0x160/0x160 [ 37.689286] ? mark_held_locks+0x160/0x160 [ 37.689291] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 37.689295] ? is_bpf_text_address+0xd7/0x170 [ 37.689299] ? kernel_text_address+0x79/0xf0 [ 37.689303] ? __kernel_text_address+0xd/0x40 [ 37.689307] ? __save_stack_trace+0x8d/0xf0 [ 37.689311] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 37.689315] ? save_trace+0x290/0x290 [ 37.689319] ? save_stack_trace+0x1a/0x20 [ 37.689323] ? save_trace+0xe0/0x290 [ 37.689326] ? graph_lock+0x170/0x170 [ 37.689331] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.689335] lock_acquire+0x1e4/0x4f0 [ 37.689339] ? down_trylock+0x13/0x70 [ 37.689342] ? lock_release+0x9f0/0x9f0 [ 37.689347] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.689351] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.689355] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.689358] ? log_store+0x34f/0x4c0 [ 37.689362] ? vprintk_emit+0x31f/0x910 [ 37.689366] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.689370] ? down_trylock+0x13/0x70 [ 37.689374] down_trylock+0x13/0x70 [ 37.689378] __down_trylock_console_sem+0xae/0x200 [ 37.689382] console_trylock+0x15/0xa0 [ 37.689385] vprintk_emit+0x31f/0x910 [ 37.689389] ? wake_up_klogd+0x110/0x110 [ 37.689394] ? run_rebalance_domains+0x4c0/0x4c0 [ 37.689397] ? kasan_check_read+0x11/0x20 [ 37.689401] ? rcu_is_watching+0x8c/0x150 [ 37.689411] ? rcu_pm_notify+0xc0/0xc0 [ 37.689415] ? lock_acquire+0x1e4/0x4f0 [ 37.689419] ? kasan_report+0x8e/0x110 [ 37.689422] ? __schedule+0xf54/0x1df0 [ 37.689426] vprintk_default+0x28/0x30 [ 37.689430] vprintk_func+0x7a/0x117 [ 37.689433] printk+0xa7/0xcf [ 37.689437] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.689441] ? kasan_check_write+0x14/0x20 [ 37.689445] ? do_raw_spin_lock+0xc1/0x200 [ 37.689449] ? do_raw_spin_lock+0xc1/0x200 [ 37.689453] kasan_report+0x9e/0x110 [ 37.689460] __asan_report_load8_noabort+0x14/0x20 [ 37.689464] __schedule+0xf54/0x1df0 [ 37.689469] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.689473] ? __sched_text_start+0x8/0x8 [ 37.689477] ? __call_srcu+0x7e7/0x1040 [ 37.689481] ? check_same_owner+0x340/0x340 [ 37.689485] ? mark_held_locks+0x160/0x160 [ 37.689488] ? find_held_lock+0x36/0x1c0 [ 37.689493] preempt_schedule_common+0x22/0x60 [ 37.689496] _cond_resched+0x1d/0x30 [ 37.689500] wait_for_completion+0xa5/0x8d0 [ 37.689505] ? wait_for_completion_interruptible+0x950/0x950 [ 37.689509] ? __lockdep_init_map+0x105/0x590 [ 37.689517] ? __init_waitqueue_head+0x9e/0x150 [ 37.689521] ? init_wait_entry+0x1c0/0x1c0 [ 37.689525] __synchronize_srcu+0x189/0x240 [ 37.689529] ? call_srcu+0x10/0x10 [ 37.689533] ? rcu_unexpedite_gp+0x20/0x20 [ 37.689537] synchronize_srcu+0x335/0x56f [ 37.689541] ? lock_downgrade+0x8f0/0x8f0 [ 37.689545] ? synchronize_srcu_expedited+0x20/0x20 [ 37.689549] ? kasan_check_read+0x11/0x20 [ 37.689553] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.689563] ? kasan_check_write+0x14/0x20 [ 37.689567] ? do_raw_spin_lock+0xc1/0x200 [ 37.689572] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.689577] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.689580] ? kvfree+0x61/0x70 [ 37.689590] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.689594] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.689598] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.689602] ? kvm_arch_sync_events+0x30/0x30 [ 37.689607] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.689611] ? mmu_notifier_unregister+0x474/0x600 [ 37.689615] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.689619] ? kfree+0x111/0x210 [ 37.689623] ? __mmu_notifier_register+0x30/0x30 [ 37.689627] ? __free_pages+0x10a/0x190 [ 37.689631] ? free_unref_page+0x930/0x930 [ 37.689635] kvm_put_kvm+0x73f/0x1060 [ 37.689639] ? kvm_write_guest_cached+0x40/0x40 [ 37.689643] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.689647] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.689652] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.689655] ? kasan_check_write+0x14/0x20 [ 37.689660] ? do_raw_spin_lock+0xc1/0x200 [ 37.689664] ? kvm_irqfd_release+0xdd/0x120 [ 37.689668] ? kvm_irqfd_release+0xdd/0x120 [ 37.689671] ? kvm_put_kvm+0x1060/0x1060 [ 37.689675] kvm_vm_release+0x42/0x50 [ 37.689679] __fput+0x36e/0x8c0 [ 37.689682] ? __alloc_file+0x400/0x400 [ 37.689686] ? check_same_owner+0x340/0x340 [ 37.689690] ? kasan_check_write+0x14/0x20 [ 37.689694] ? do_raw_spin_lock+0xc1/0x200 [ 37.689698] ____fput+0x15/0x20 [ 37.689702] task_work_run+0x1e8/0x2a0 [ 37.689706] ? task_work_cancel+0x240/0x240 [ 37.689710] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.689714] ? switch_task_namespaces+0xa2/0xd0 [ 37.689718] do_exit+0x1ae4/0x26e0 [ 37.689722] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.689726] ? lock_downgrade+0x8f0/0x8f0 [ 37.689730] ? kasan_check_read+0x11/0x20 [ 37.689734] ? rcu_is_watching+0x8c/0x150 [ 37.689738] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 37.689742] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 37.689747] ? is_bpf_text_address+0xd7/0x170 [ 37.689749] ? kernel_t [ 37.689757] Lost 50 message(s)! [ 38.753183] Shutting down cpus with NMI [ 39.812535] Dumping ftrace buffer: [ 39.816081] (ftrace buffer empty) [ 39.819775] Kernel Offset: disabled [ 39.823389] Rebooting in 86400 seconds..