[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.750299] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 24.580969] random: sshd: uninitialized urandom read (32 bytes read) [ 24.944713] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.530254] random: sshd: uninitialized urandom read (32 bytes read) [ 25.729901] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts. [ 31.307213] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 31.407676] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 31.433081] ================================================================== [ 31.442918] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 31.449144] Read of size 8 at addr ffff8801d92c0058 by task syz-executor366/4689 [ 31.456676] [ 31.458302] CPU: 1 PID: 4689 Comm: syz-executor366 Not tainted 4.19.0-rc2+ #225 [ 31.465737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.475083] Call Trace: [ 31.477668] dump_stack+0x1c9/0x2b4 [ 31.481295] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.486488] ? printk+0xa7/0xcf [ 31.489765] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 31.494519] ? __schedule+0xf54/0x1df0 [ 31.498404] print_address_description+0x6c/0x20b [ 31.503249] ? __schedule+0xf54/0x1df0 [ 31.507137] kasan_report.cold.7+0x242/0x30d [ 31.511547] __asan_report_load8_noabort+0x14/0x20 [ 31.516492] __schedule+0xf54/0x1df0 [ 31.520204] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.525303] ? __sched_text_start+0x8/0x8 [ 31.529458] ? __call_srcu+0x7e7/0x1040 [ 31.533447] ? check_same_owner+0x340/0x340 [ 31.537776] ? mark_held_locks+0x160/0x160 [ 31.542007] ? find_held_lock+0x36/0x1c0 [ 31.546066] preempt_schedule_common+0x22/0x60 [ 31.550645] _cond_resched+0x1d/0x30 [ 31.554374] wait_for_completion+0xa5/0x8d0 [ 31.558706] ? wait_for_completion_interruptible+0x950/0x950 [ 31.564498] ? __lockdep_init_map+0x105/0x590 [ 31.569032] ? __init_waitqueue_head+0x9e/0x150 [ 31.573694] ? init_wait_entry+0x1c0/0x1c0 [ 31.577929] __synchronize_srcu+0x189/0x240 [ 31.582249] ? call_srcu+0x10/0x10 [ 31.585791] ? rcu_unexpedite_gp+0x20/0x20 [ 31.590034] synchronize_srcu+0x335/0x56f [ 31.594179] ? lock_downgrade+0x8f0/0x8f0 [ 31.598352] ? synchronize_srcu_expedited+0x20/0x20 [ 31.603374] ? kasan_check_read+0x11/0x20 [ 31.607519] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 31.612096] ? kasan_check_write+0x14/0x20 [ 31.616326] ? do_raw_spin_lock+0xc1/0x200 [ 31.620564] kvm_page_track_unregister_notifier+0x17d/0x250 [ 31.626272] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 31.631718] ? kvfree+0x61/0x70 [ 31.634996] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.640010] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.644066] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 31.648472] ? kvm_arch_sync_events+0x30/0x30 [ 31.652974] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.658512] ? mmu_notifier_unregister+0x474/0x600 [ 31.663461] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.667868] ? kfree+0x111/0x210 [ 31.671232] ? __mmu_notifier_register+0x30/0x30 [ 31.675991] ? __free_pages+0x10a/0x190 [ 31.679975] ? free_unref_page+0x930/0x930 [ 31.684218] kvm_put_kvm+0x73f/0x1060 [ 31.688026] ? kvm_write_guest_cached+0x40/0x40 [ 31.692695] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.697184] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.701676] ? lockdep_hardirqs_on+0x421/0x5c0 [ 31.706263] ? kasan_check_write+0x14/0x20 [ 31.710496] ? do_raw_spin_lock+0xc1/0x200 [ 31.714730] ? kvm_irqfd_release+0xdd/0x120 [ 31.719047] ? kvm_irqfd_release+0xdd/0x120 [ 31.723366] ? kvm_put_kvm+0x1060/0x1060 [ 31.727424] kvm_vm_release+0x42/0x50 [ 31.731230] __fput+0x38a/0xa40 [ 31.734507] ? __alloc_file+0x400/0x400 [ 31.738484] ? check_same_owner+0x340/0x340 [ 31.742801] ? kasan_check_write+0x14/0x20 [ 31.747034] ? do_raw_spin_lock+0xc1/0x200 [ 31.751267] ____fput+0x15/0x20 [ 31.754543] task_work_run+0x1e8/0x2a0 [ 31.758427] ? task_work_cancel+0x240/0x240 [ 31.764233] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.769787] ? switch_task_namespaces+0xa2/0xd0 [ 31.774462] do_exit+0x1ae4/0x26e0 [ 31.778003] ? mm_update_next_owner+0x9a0/0x9a0 [ 31.782667] ? lock_downgrade+0x8f0/0x8f0 [ 31.786813] ? kasan_check_read+0x11/0x20 [ 31.790960] ? rcu_is_watching+0x8c/0x150 [ 31.795117] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 31.799784] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 31.804460] ? is_bpf_text_address+0xd7/0x170 [ 31.808961] ? kernel_text_address+0x79/0xf0 [ 31.813364] ? __kernel_text_address+0xd/0x40 [ 31.817856] ? unwind_get_return_address+0x61/0xa0 [ 31.822785] ? __save_stack_trace+0x8d/0xf0 [ 31.827131] ? save_stack+0x43/0xd0 [ 31.830751] ? __kasan_slab_free+0x11a/0x170 [ 31.835153] ? kasan_slab_free+0xe/0x10 [ 31.839123] ? kmem_cache_free+0x86/0x280 [ 31.843267] ? do_sys_open+0x569/0x720 [ 31.847147] ? __x64_sys_open+0x7e/0xc0 [ 31.851139] ? do_syscall_64+0x1b9/0x820 [ 31.855198] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.860562] ? trace_hardirqs_off+0xb8/0x2c0 [ 31.864969] ? kasan_check_read+0x11/0x20 [ 31.869113] ? do_raw_spin_unlock+0xa7/0x2f0 [ 31.873518] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.877926] ? trace_hardirqs_off+0xb8/0x2c0 [ 31.882332] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 31.887429] ? trace_hardirqs_on+0x2c0/0x2c0 [ 31.891841] ? kmem_cache_free+0xa0/0x280 [ 31.895991] ? kasan_check_read+0x11/0x20 [ 31.900134] ? rcu_is_watching+0x8c/0x150 [ 31.904276] ? trace_hardirqs_on+0xbd/0x2c0 [ 31.908592] ? rcu_pm_notify+0xc0/0xc0 [ 31.912476] ? putname+0xf2/0x130 [ 31.915930] ? putname+0xf2/0x130 [ 31.919387] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.924399] ? kmem_cache_free+0x246/0x280 [ 31.928635] do_group_exit+0x177/0x440 [ 31.932518] ? trace_hardirqs_on+0xbd/0x2c0 [ 31.936835] ? __ia32_sys_exit+0x50/0x50 [ 31.940895] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 31.945996] __x64_sys_exit_group+0x3e/0x50 [ 31.950324] do_syscall_64+0x1b9/0x820 [ 31.954223] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 31.959582] ? syscall_return_slowpath+0x5e0/0x5e0 [ 31.964509] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.969346] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 31.974359] ? prepare_exit_to_usermode+0x291/0x3b0 [ 31.979373] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.984213] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.989396] RIP: 0033:0x43f038 [ 31.992590] Code: Bad RIP value. [ 31.995950] RSP: 002b:00007ffd876f79e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.003659] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f038 [ 32.010920] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.018185] RBP: 00000000004bec08 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.025454] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000001 [ 32.032716] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 32.039984] [ 32.041601] Allocated by task 4689: [ 32.045715] save_stack+0x43/0xd0 [ 32.049162] kasan_kmalloc+0xc4/0xe0 [ 32.052869] kasan_slab_alloc+0x12/0x20 [ 32.056836] kmem_cache_alloc+0x12e/0x710 [ 32.060982] vmx_create_vcpu+0xcf/0x2830 [ 32.065039] kvm_arch_vcpu_create+0xe5/0x220 [ 32.069453] kvm_vm_ioctl+0x488/0x1d80 [ 32.073339] do_vfs_ioctl+0x1de/0x1720 [ 32.077219] ksys_ioctl+0xa9/0xd0 [ 32.080671] __x64_sys_ioctl+0x73/0xb0 [ 32.084555] do_syscall_64+0x1b9/0x820 [ 32.088445] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.093623] [ 32.095245] Freed by task 4689: [ 32.098518] save_stack+0x43/0xd0 [ 32.101970] __kasan_slab_free+0x11a/0x170 [ 32.106214] kasan_slab_free+0xe/0x10 [ 32.110010] kmem_cache_free+0x86/0x280 [ 32.113983] vmx_free_vcpu+0x26b/0x300 [ 32.117863] kvm_arch_destroy_vm+0x365/0x7c0 [ 32.122269] kvm_put_kvm+0x73f/0x1060 [ 32.126066] kvm_vm_release+0x42/0x50 [ 32.129864] __fput+0x38a/0xa40 [ 32.133140] ____fput+0x15/0x20 [ 32.136416] task_work_run+0x1e8/0x2a0 [ 32.140305] do_exit+0x1ae4/0x26e0 [ 32.143841] do_group_exit+0x177/0x440 [ 32.147725] __x64_sys_exit_group+0x3e/0x50 [ 32.152046] do_syscall_64+0x1b9/0x820 [ 32.155932] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.161110] [ 32.162731] The buggy address belongs to the object at ffff8801d92c0040 [ 32.162731] which belongs to the cache kvm_vcpu of size 23872 [ 32.175298] The buggy address is located 24 bytes inside of [ 32.175298] 23872-byte region [ffff8801d92c0040, ffff8801d92c5d80) [ 32.187253] The buggy address belongs to the page: [ 32.192175] page:ffffea000764b000 count:1 mapcount:0 mapping:ffff8801d86f3480 index:0x0 compound_mapcount: 0 [ 32.202139] flags: 0x2fffc0000008100(slab|head) [ 32.206809] raw: 02fffc0000008100 ffff8801d6ff3148 ffff8801d6ff3148 ffff8801d86f3480 [ 32.214690] raw: 0000000000000000 ffff8801d92c0040 0000000100000001 0000000000000000 [ 32.222559] page dumped because: kasan: bad access detected [ 32.228255] [ 32.229871] Memory state around the buggy address: [ 32.234795] ffff8801d92bff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.242155] ffff8801d92bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.249512] >ffff8801d92c0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 32.256860] ^ [ 32.263083] ffff8801d92c0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.270443] ffff8801d92c0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.277795] ================================================================== [ 32.285146] Kernel panic - not syncing: panic_on_warn set ... [ 32.285146] [ 32.292525] CPU: 1 PID: 4689 Comm: syz-executor366 Tainted: G B 4.19.0-rc2+ #225 [ 32.301368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.310711] Call Trace: [ 32.313305] dump_stack+0x1c9/0x2b4 [ 32.316931] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.322122] ? lock_downgrade+0x8f0/0x8f0 [ 32.326266] ? __schedule+0xf54/0x1df0 [ 32.330151] panic+0x238/0x4e7 [ 32.333337] ? add_taint.cold.5+0x16/0x16 [ 32.337490] ? print_shadow_for_address+0xba/0x116 [ 32.342418] ? trace_hardirqs_off+0xaf/0x2c0 [ 32.346830] ? trace_hardirqs_off+0x77/0x2c0 [ 32.351234] ? __schedule+0xf54/0x1df0 [ 32.355117] kasan_end_report+0x47/0x4f [ 32.359093] kasan_report.cold.7+0x76/0x30d [ 32.363423] __asan_report_load8_noabort+0x14/0x20 [ 32.368359] __schedule+0xf54/0x1df0 [ 32.372072] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.377176] ? __sched_text_start+0x8/0x8 [ 32.381325] ? __call_srcu+0x7e7/0x1040 [ 32.385306] ? check_same_owner+0x340/0x340 [ 32.389623] ? mark_held_locks+0x160/0x160 [ 32.393852] ? find_held_lock+0x36/0x1c0 [ 32.397917] preempt_schedule_common+0x22/0x60 [ 32.402496] _cond_resched+0x1d/0x30 [ 32.406206] wait_for_completion+0xa5/0x8d0 [ 32.410529] ? wait_for_completion_interruptible+0x950/0x950 [ 32.416325] ? __lockdep_init_map+0x105/0x590 [ 32.420823] ? __init_waitqueue_head+0x9e/0x150 [ 32.425488] ? init_wait_entry+0x1c0/0x1c0 [ 32.429736] __synchronize_srcu+0x189/0x240 [ 32.434051] ? call_srcu+0x10/0x10 [ 32.437593] ? rcu_unexpedite_gp+0x20/0x20 [ 32.441833] synchronize_srcu+0x335/0x56f [ 32.445977] ? lock_downgrade+0x8f0/0x8f0 [ 32.450123] ? synchronize_srcu_expedited+0x20/0x20 [ 32.455140] ? kasan_check_read+0x11/0x20 [ 32.459288] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.463879] ? kasan_check_write+0x14/0x20 [ 32.468111] ? do_raw_spin_lock+0xc1/0x200 [ 32.472346] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.478057] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.483505] ? kvfree+0x61/0x70 [ 32.486784] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.491812] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.495867] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.500277] ? kvm_arch_sync_events+0x30/0x30 [ 32.504773] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.510307] ? mmu_notifier_unregister+0x474/0x600 [ 32.515231] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.519638] ? kfree+0x111/0x210 [ 32.523003] ? __mmu_notifier_register+0x30/0x30 [ 32.527758] ? __free_pages+0x10a/0x190 [ 32.531729] ? free_unref_page+0x930/0x930 [ 32.536004] kvm_put_kvm+0x73f/0x1060 [ 32.539829] ? kvm_write_guest_cached+0x40/0x40 [ 32.544503] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.548994] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.553483] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.558068] ? kasan_check_write+0x14/0x20 [ 32.562299] ? do_raw_spin_lock+0xc1/0x200 [ 32.566566] ? kvm_irqfd_release+0xdd/0x120 [ 32.570884] ? kvm_irqfd_release+0xdd/0x120 [ 32.575202] ? kvm_put_kvm+0x1060/0x1060 [ 32.579264] kvm_vm_release+0x42/0x50 [ 32.583063] __fput+0x38a/0xa40 [ 32.586340] ? __alloc_file+0x400/0x400 [ 32.590319] ? check_same_owner+0x340/0x340 [ 32.594644] ? kasan_check_write+0x14/0x20 [ 32.598878] ? do_raw_spin_lock+0xc1/0x200 [ 32.603107] ____fput+0x15/0x20 [ 32.606380] task_work_run+0x1e8/0x2a0 [ 32.610262] ? task_work_cancel+0x240/0x240 [ 32.614586] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.620123] ? switch_task_namespaces+0xa2/0xd0 [ 32.624789] do_exit+0x1ae4/0x26e0 [ 32.628329] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.632992] ? lock_downgrade+0x8f0/0x8f0 [ 32.637139] ? kasan_check_read+0x11/0x20 [ 32.641286] ? rcu_is_watching+0x8c/0x150 [ 32.645430] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 32.650106] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 32.654776] ? is_bpf_text_address+0xd7/0x170 [ 32.659269] ? kernel_text_address+0x79/0xf0 [ 32.663673] ? __kernel_text_address+0xd/0x40 [ 32.668177] ? unwind_get_return_address+0x61/0xa0 [ 32.673114] ? __save_stack_trace+0x8d/0xf0 [ 32.677449] ? save_stack+0x43/0xd0 [ 32.681113] ? __kasan_slab_free+0x11a/0x170 [ 32.685531] ? kasan_slab_free+0xe/0x10 [ 32.689500] ? kmem_cache_free+0x86/0x280 [ 32.693656] ? do_sys_open+0x569/0x720 [ 32.697538] ? __x64_sys_open+0x7e/0xc0 [ 32.701510] ? do_syscall_64+0x1b9/0x820 [ 32.705568] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.710944] ? trace_hardirqs_off+0xb8/0x2c0 [ 32.715349] ? kasan_check_read+0x11/0x20 [ 32.719509] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.723927] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.728358] ? trace_hardirqs_off+0xb8/0x2c0 [ 32.732763] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.737860] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.742279] ? kmem_cache_free+0xa0/0x280 [ 32.746447] ? kasan_check_read+0x11/0x20 [ 32.750594] ? rcu_is_watching+0x8c/0x150 [ 32.754738] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.759055] ? rcu_pm_notify+0xc0/0xc0 [ 32.762943] ? putname+0xf2/0x130 [ 32.766395] ? putname+0xf2/0x130 [ 32.769854] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.774866] ? kmem_cache_free+0x246/0x280 [ 32.779102] do_group_exit+0x177/0x440 [ 32.782987] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.787303] ? __ia32_sys_exit+0x50/0x50 [ 32.791361] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.796474] __x64_sys_exit_group+0x3e/0x50 [ 32.800794] do_syscall_64+0x1b9/0x820 [ 32.804686] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.810046] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.814974] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.819810] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 32.824824] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.829839] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.834682] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.839864] RIP: 0033:0x43f038 [ 32.843061] Code: Bad RIP value. [ 32.846464] RSP: 002b:00007ffd876f79e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.854186] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f038 [ 32.861460] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.868727] RBP: 00000000004bec08 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.875989] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000001 [ 32.883254] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 32.890538] [ 32.890544] ====================================================== [ 32.890549] WARNING: possible circular locking dependency detected [ 32.890553] 4.19.0-rc2+ #225 Not tainted [ 32.890559] ------------------------------------------------------ [ 32.890564] syz-executor366/4689 is trying to acquire lock: [ 32.890567] 00000000048b1aba ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 32.890582] [ 32.890586] but task is already holding lock: [ 32.890589] 0000000033ba3a9c (report_lock){....}, at: kasan_report+0x8e/0x110 [ 32.890604] [ 32.890608] which lock already depends on the new lock. [ 32.890610] [ 32.890613] [ 32.890618] the existing dependency chain (in reverse order) is: [ 32.890620] [ 32.890623] -> #3 (report_lock){....}: [ 32.890637] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.890641] kasan_report+0x8e/0x110 [ 32.890646] __asan_report_load8_noabort+0x14/0x20 [ 32.890649] __schedule+0xf54/0x1df0 [ 32.890654] preempt_schedule_common+0x22/0x60 [ 32.890658] _cond_resched+0x1d/0x30 [ 32.890662] wait_for_completion+0xa5/0x8d0 [ 32.890666] __synchronize_srcu+0x189/0x240 [ 32.890670] synchronize_srcu+0x335/0x56f [ 32.890675] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.890679] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.890683] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.890687] kvm_put_kvm+0x73f/0x1060 [ 32.890691] kvm_vm_release+0x42/0x50 [ 32.890695] __fput+0x38a/0xa40 [ 32.890698] ____fput+0x15/0x20 [ 32.890702] task_work_run+0x1e8/0x2a0 [ 32.890706] do_exit+0x1ae4/0x26e0 [ 32.890710] do_group_exit+0x177/0x440 [ 32.890714] __x64_sys_exit_group+0x3e/0x50 [ 32.890718] do_syscall_64+0x1b9/0x820 [ 32.890723] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.890725] [ 32.890727] -> #2 (&rq->lock){-.-.}: [ 32.890742] _raw_spin_lock+0x2a/0x40 [ 32.890746] task_fork_fair+0x93/0x680 [ 32.890749] sched_fork+0x44b/0xbd0 [ 32.890753] copy_process+0x235e/0x7af0 [ 32.890757] _do_fork+0x1ca/0x1170 [ 32.890761] kernel_thread+0x34/0x40 [ 32.890765] rest_init+0x22/0xe4 [ 32.890769] start_kernel+0x913/0x94e [ 32.890773] x86_64_start_reservations+0x29/0x2b [ 32.890777] x86_64_start_kernel+0x76/0x79 [ 32.890781] secondary_startup_64+0xa4/0xb0 [ 32.890784] [ 32.890786] -> #1 (&p->pi_lock){-.-.}: [ 32.890800] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.890804] try_to_wake_up+0xd2/0x1250 [ 32.890808] wake_up_process+0x10/0x20 [ 32.890812] __up.isra.1+0x1c0/0x2a0 [ 32.890815] up+0x13c/0x1c0 [ 32.890820] __up_console_sem+0xbe/0x1b0 [ 32.890824] console_unlock+0x506/0x10e0 [ 32.890827] vprintk_emit+0x33a/0x910 [ 32.890831] vprintk_default+0x28/0x30 [ 32.890835] vprintk_func+0x7a/0x117 [ 32.890839] printk+0xa7/0xcf [ 32.890843] do_exit.cold.22+0x120/0x21f [ 32.890846] do_group_exit+0x177/0x440 [ 32.890851] __x64_sys_exit_group+0x3e/0x50 [ 32.890855] do_syscall_64+0x1b9/0x820 [ 32.890859] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.890861] [ 32.890864] -> #0 ((console_sem).lock){-...}: [ 32.890878] lock_acquire+0x1e4/0x4f0 [ 32.890883] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.890886] down_trylock+0x13/0x70 [ 32.890891] __down_trylock_console_sem+0xae/0x200 [ 32.890895] console_trylock+0x15/0xa0 [ 32.890899] vprintk_emit+0x31f/0x910 [ 32.890903] vprintk_default+0x28/0x30 [ 32.890906] vprintk_func+0x7a/0x117 [ 32.890910] printk+0xa7/0xcf [ 32.890914] kasan_report+0x9e/0x110 [ 32.890918] __asan_report_load8_noabort+0x14/0x20 [ 32.890922] __schedule+0xf54/0x1df0 [ 32.890926] preempt_schedule_common+0x22/0x60 [ 32.890930] _cond_resched+0x1d/0x30 [ 32.890934] wait_for_completion+0xa5/0x8d0 [ 32.890939] __synchronize_srcu+0x189/0x240 [ 32.890943] synchronize_srcu+0x335/0x56f [ 32.890948] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.890952] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.890961] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.890965] kvm_put_kvm+0x73f/0x1060 [ 32.890969] kvm_vm_release+0x42/0x50 [ 32.890973] __fput+0x38a/0xa40 [ 32.890976] ____fput+0x15/0x20 [ 32.890980] task_work_run+0x1e8/0x2a0 [ 32.890984] do_exit+0x1ae4/0x26e0 [ 32.890988] do_group_exit+0x177/0x440 [ 32.890992] __x64_sys_exit_group+0x3e/0x50 [ 32.890996] do_syscall_64+0x1b9/0x820 [ 32.891001] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.891003] [ 32.891008] other info that might help us debug this: [ 32.891010] [ 32.891013] Chain exists of: [ 32.891015] (console_sem).lock --> &rq->lock --> report_lock [ 32.891034] [ 32.891038] Possible unsafe locking scenario: [ 32.891040] [ 32.891044] CPU0 CPU1 [ 32.891048] ---- ---- [ 32.891051] lock(report_lock); [ 32.891061] lock(&rq->lock); [ 32.891070] lock(report_lock); [ 32.891078] lock((console_sem).lock); [ 32.891086] [ 32.891089] *** DEADLOCK *** [ 32.891092] [ 32.891096] 2 locks held by syz-executor366/4689: [ 32.891098] #0: 000000006a1e2cb0 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 32.891115] #1: 0000000033ba3a9c (report_lock){....}, at: kasan_report+0x8e/0x110 [ 32.891133] [ 32.891136] stack backtrace: [ 32.891142] CPU: 1 PID: 4689 Comm: syz-executor366 Not tainted 4.19.0-rc2+ #225 [ 32.891149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.891153] Call Trace: [ 32.891156] dump_stack+0x1c9/0x2b4 [ 32.891161] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.891165] ? vprintk_func+0x100/0x117 [ 32.891170] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 32.891174] ? save_trace+0xe0/0x290 [ 32.891178] __lock_acquire+0x3449/0x5020 [ 32.891182] ? mark_held_locks+0x160/0x160 [ 32.891186] ? mark_held_locks+0x160/0x160 [ 32.891191] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 32.891195] ? is_bpf_text_address+0xd7/0x170 [ 32.891199] ? kernel_text_address+0x79/0xf0 [ 32.891204] ? __kernel_text_address+0xd/0x40 [ 32.891208] ? __save_stack_trace+0x8d/0xf0 [ 32.891212] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 32.891216] ? save_trace+0x290/0x290 [ 32.891220] ? save_stack_trace+0x1a/0x20 [ 32.891224] ? save_trace+0xe0/0x290 [ 32.891228] ? graph_lock+0x170/0x170 [ 32.891233] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.891237] lock_acquire+0x1e4/0x4f0 [ 32.891241] ? down_trylock+0x13/0x70 [ 32.891245] ? lock_release+0x9f0/0x9f0 [ 32.891249] ? trace_hardirqs_off+0xb8/0x2c0 [ 32.891253] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.891257] ? trace_hardirqs_off+0xb8/0x2c0 [ 32.891261] ? log_store+0x34f/0x4c0 [ 32.891265] ? vprintk_emit+0x31f/0x910 [ 32.891269] _raw_spin_lock_irqsave+0x96/0xc0 [ 32.891273] ? down_trylock+0x13/0x70 [ 32.891277] down_trylock+0x13/0x70 [ 32.891281] __down_trylock_console_sem+0xae/0x200 [ 32.891285] console_trylock+0x15/0xa0 [ 32.891289] vprintk_emit+0x31f/0x910 [ 32.891293] ? wake_up_klogd+0x110/0x110 [ 32.891298] ? run_rebalance_domains+0x4c0/0x4c0 [ 32.891302] ? kasan_check_read+0x11/0x20 [ 32.891306] ? rcu_is_watching+0x8c/0x150 [ 32.891310] ? rcu_pm_notify+0xc0/0xc0 [ 32.891314] ? lock_acquire+0x1e4/0x4f0 [ 32.891318] ? kasan_report+0x8e/0x110 [ 32.891322] ? __schedule+0xf54/0x1df0 [ 32.891325] vprintk_default+0x28/0x30 [ 32.891329] vprintk_func+0x7a/0x117 [ 32.891333] printk+0xa7/0xcf [ 32.891337] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.891341] ? kasan_check_write+0x14/0x20 [ 32.891345] ? do_raw_spin_lock+0xc1/0x200 [ 32.891349] ? do_raw_spin_lock+0xc1/0x200 [ 32.891353] kasan_report+0x9e/0x110 [ 32.891358] __asan_report_load8_noabort+0x14/0x20 [ 32.891361] __schedule+0xf54/0x1df0 [ 32.891366] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.891370] ? __sched_text_start+0x8/0x8 [ 32.891374] ? __call_srcu+0x7e7/0x1040 [ 32.891378] ? check_same_owner+0x340/0x340 [ 32.891382] ? mark_held_locks+0x160/0x160 [ 32.891386] ? find_held_lock+0x36/0x1c0 [ 32.891391] preempt_schedule_common+0x22/0x60 [ 32.891395] _cond_resched+0x1d/0x30 [ 32.891399] wait_for_completion+0xa5/0x8d0 [ 32.891404] ? wait_for_completion_interruptible+0x950/0x950 [ 32.891408] ? __lockdep_init_map+0x105/0x590 [ 32.891412] ? __init_waitqueue_head+0x9e/0x150 [ 32.891417] ? init_wait_entry+0x1c0/0x1c0 [ 32.891421] __synchronize_srcu+0x189/0x240 [ 32.891425] ? call_srcu+0x10/0x10 [ 32.891429] ? rcu_unexpedite_gp+0x20/0x20 [ 32.891441] synchronize_srcu+0x335/0x56f [ 32.891445] ? lock_downgrade+0x8f0/0x8f0 [ 32.891450] ? synchronize_srcu_expedited+0x20/0x20 [ 32.891454] ? kasan_check_read+0x11/0x20 [ 32.891458] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.891463] ? kasan_check_write+0x14/0x20 [ 32.891468] ? do_raw_spin_lock+0xc1/0x200 [ 32.891473] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.891477] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.891481] ? kvfree+0x61/0x70 [ 32.891486] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.891490] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.891494] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.891498] ? kvm_arch_sync_events+0x30/0x30 [ 32.891504] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.891508] ? mmu_notifier_unregister+0x474/0x600 [ 32.891513] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.891516] ? kfree+0x111/0x210 [ 32.891521] ? __mmu_notifier_register+0x30/0x30 [ 32.891525] ? __free_pages+0x10a/0x190 [ 32.891529] ? free_unref_page+0x930/0x930 [ 32.891533] kvm_put_kvm+0x73f/0x1060 [ 32.891537] ? kvm_write_guest_cached+0x40/0x40 [ 32.891542] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.891546] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.891550] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.891554] ? kasan_check_write+0x14/0x20 [ 32.891558] ? do_raw_spin_lock+0xc1/0x200 [ 32.891562] ? kvm_irqfd_release+0xdd/0x120 [ 32.891567] ? kvm_irqfd_release+0xdd/0x120 [ 32.891571] ? kvm_put_kvm+0x1060/0x1060 [ 32.891575] kvm_vm_release+0x42/0x50 [ 32.891578] __fput+0x38a/0xa40 [ 32.891582] ? __alloc_file+0x400/0x400 [ 32.891586] ? check_same_owner+0x340/0x340 [ 32.891590] ? kasan_check_write+0x14/0x20 [ 32.891594] ? do_raw_spin_lock+0xc1/0x200 [ 32.891598] ____fput+0x15/0x20 [ 32.891602] task_work_run+0x1e8/0x2a0 [ 32.891606] ? task_work_cancel+0x240/0x240 [ 32.891611] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.891615] ? switch_task_namespaces+0xa2/0xd0 [ 32.891619] do_exit+0x1ae4/0x26e0 [ 32.891623] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.891628] ? lock_downgrade+0x8f0/0x8f0 [ 32.891632] ? kasan_check_read+0x11/0x20 [ 32.891636] ? rcu_is_watching+0x8c/0x150 [ 32.891640] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 32.891644] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 32.891648] ? is_bpf_text_address [ 32.891655] Lost 50 message(s)! [ 33.960703] Shutting down cpus with NMI [ 35.019120] Dumping ftrace buffer: [ 35.022645] (ftrace buffer empty) [ 35.026333] Kernel Offset: disabled [ 35.029941] Rebooting in 86400 seconds..