[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.381521] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 62.681051] random: sshd: uninitialized urandom read (32 bytes read) [ 63.056253] random: sshd: uninitialized urandom read (32 bytes read) [ 63.471511] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts. [ 69.282427] urandom_read: 1 callbacks suppressed [ 69.282433] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 69.382120] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 69.405437] ================================================================== [ 69.414142] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 69.420352] Read of size 8 at addr ffff8801c5d40058 by task syz-executor179/4498 [ 69.427862] [ 69.429476] CPU: 1 PID: 4498 Comm: syz-executor179 Not tainted 4.18.0+ #205 [ 69.436559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.445894] Call Trace: [ 69.448464] dump_stack+0x1c9/0x2b4 [ 69.452079] ? dump_stack_print_info.cold.2+0x52/0x52 [ 69.457256] ? printk+0xa7/0xcf [ 69.460534] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 69.465288] ? __schedule+0xf54/0x1df0 [ 69.469163] print_address_description+0x6c/0x20b [ 69.473998] ? __schedule+0xf54/0x1df0 [ 69.477925] kasan_report.cold.7+0x242/0x30d [ 69.482331] __asan_report_load8_noabort+0x14/0x20 [ 69.487239] __schedule+0xf54/0x1df0 [ 69.490954] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 69.496041] ? __sched_text_start+0x8/0x8 [ 69.500179] ? __call_srcu+0x7e7/0x1040 [ 69.504146] ? check_same_owner+0x340/0x340 [ 69.508447] ? mark_held_locks+0x160/0x160 [ 69.512665] ? find_held_lock+0x36/0x1c0 [ 69.516706] preempt_schedule_common+0x22/0x60 [ 69.521270] _cond_resched+0x1d/0x30 [ 69.525193] wait_for_completion+0xa5/0x8d0 [ 69.529503] ? wait_for_completion_interruptible+0x950/0x950 [ 69.535284] ? __lockdep_init_map+0x105/0x590 [ 69.539759] ? __init_waitqueue_head+0x9e/0x150 [ 69.544406] ? init_wait_entry+0x1c0/0x1c0 [ 69.548624] __synchronize_srcu+0x189/0x240 [ 69.552981] ? call_srcu+0x10/0x10 [ 69.556550] ? rcu_unexpedite_gp+0x20/0x20 [ 69.560775] synchronize_srcu+0x335/0x56f [ 69.564903] ? lock_downgrade+0x8f0/0x8f0 [ 69.569035] ? synchronize_srcu_expedited+0x20/0x20 [ 69.574045] ? kasan_check_read+0x11/0x20 [ 69.578194] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 69.582824] ? kasan_check_write+0x14/0x20 [ 69.587058] ? do_raw_spin_lock+0xc1/0x200 [ 69.591290] kvm_page_track_unregister_notifier+0x17d/0x250 [ 69.596992] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 69.602432] ? kvfree+0x61/0x70 [ 69.605704] ? rcu_read_lock_sched_held+0x108/0x120 [ 69.610710] kvm_mmu_uninit_vm+0x1c/0x20 [ 69.614758] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 69.619209] ? kvm_arch_sync_events+0x30/0x30 [ 69.623701] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 69.629378] ? mmu_notifier_unregister+0x474/0x600 [ 69.634295] ? trace_hardirqs_on+0x2c0/0x2c0 [ 69.638689] ? kfree+0x111/0x210 [ 69.642053] ? __mmu_notifier_register+0x30/0x30 [ 69.646800] ? __free_pages+0x10a/0x190 [ 69.650760] ? free_unref_page+0x930/0x930 [ 69.654984] kvm_put_kvm+0x73f/0x1060 [ 69.658777] ? kvm_write_guest_cached+0x40/0x40 [ 69.663439] ? _raw_spin_unlock_irq+0x27/0x70 [ 69.667927] ? _raw_spin_unlock_irq+0x27/0x70 [ 69.672410] ? lockdep_hardirqs_on+0x421/0x5c0 [ 69.677034] ? kasan_check_write+0x14/0x20 [ 69.681262] ? do_raw_spin_lock+0xc1/0x200 [ 69.685490] ? kvm_irqfd_release+0xdd/0x120 [ 69.689810] ? kvm_put_kvm+0x1060/0x1060 [ 69.693973] kvm_vm_release+0x42/0x50 [ 69.697769] __fput+0x36e/0x8c0 [ 69.701033] ? __alloc_file+0x400/0x400 [ 69.705004] ? check_same_owner+0x340/0x340 [ 69.709310] ? kasan_check_write+0x14/0x20 [ 69.713598] ? do_raw_spin_lock+0xc1/0x200 [ 69.717840] ____fput+0x15/0x20 [ 69.721115] task_work_run+0x1e8/0x2a0 [ 69.725011] ? task_work_cancel+0x240/0x240 [ 69.729327] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 69.734847] ? switch_task_namespaces+0xa2/0xd0 [ 69.739498] do_exit+0x1ae4/0x26e0 [ 69.743023] ? mm_update_next_owner+0x9a0/0x9a0 [ 69.747675] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 69.751929] ? rcu_read_lock_sched_held+0x108/0x120 [ 69.756935] ? kfree+0x1d7/0x210 [ 69.760289] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 69.764510] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 69.770210] ? is_bpf_text_address+0xd7/0x170 [ 69.774695] ? kernel_text_address+0x79/0xf0 [ 69.779092] ? pud_val+0x88/0x100 [ 69.782530] ? pmd_val+0x100/0x100 [ 69.786061] ? unwind_get_return_address+0x61/0xa0 [ 69.791095] ? __save_stack_trace+0x8d/0xf0 [ 69.795410] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.801021] ? __handle_mm_fault+0x945/0x4350 [ 69.805571] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 69.810472] ? graph_lock+0x170/0x170 [ 69.814273] ? find_held_lock+0x36/0x1c0 [ 69.818323] ? __do_page_fault+0x620/0xe50 [ 69.822551] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 69.828571] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.834100] ? do_vfs_ioctl+0x201/0x1720 [ 69.838143] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 69.843675] ? ioctl_preallocate+0x300/0x300 [ 69.848194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.853720] ? __fget_light+0x2f7/0x440 [ 69.857678] ? __handle_mm_fault+0x4350/0x4350 [ 69.862628] ? fget_raw+0x20/0x20 [ 69.866071] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.871599] ? __do_page_fault+0x449/0xe50 [ 69.875816] ? putname+0xf7/0x130 [ 69.879269] do_group_exit+0x177/0x440 [ 69.883157] ? trace_hardirqs_on+0xbd/0x2c0 [ 69.887760] ? __ia32_sys_exit+0x50/0x50 [ 69.891830] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 69.896934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.902471] ? ksys_ioctl+0x81/0xd0 [ 69.906108] __x64_sys_exit_group+0x3e/0x50 [ 69.910430] do_syscall_64+0x1b9/0x820 [ 69.914319] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 69.919685] ? syscall_return_slowpath+0x5e0/0x5e0 [ 69.924617] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 69.929461] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 69.934475] ? prepare_exit_to_usermode+0x291/0x3b0 [ 69.939519] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 69.944364] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.949552] RIP: 0033:0x43ecf8 [ 69.952742] Code: Bad RIP value. [ 69.956106] RSP: 002b:00007ffc0ea58c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 69.963816] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8 [ 69.971180] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 69.978445] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 69.985796] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 69.993060] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 70.000557] [ 70.002170] Allocated by task 4498: [ 70.005792] save_stack+0x43/0xd0 [ 70.009242] kasan_kmalloc+0xc4/0xe0 [ 70.012952] kasan_slab_alloc+0x12/0x20 [ 70.016922] kmem_cache_alloc+0x12e/0x710 [ 70.021066] vmx_create_vcpu+0xcf/0x2830 [ 70.025134] kvm_arch_vcpu_create+0xe5/0x220 [ 70.029538] kvm_vm_ioctl+0x488/0x1d80 [ 70.033430] do_vfs_ioctl+0x1de/0x1720 [ 70.037314] ksys_ioctl+0xa9/0xd0 [ 70.040765] __x64_sys_ioctl+0x73/0xb0 [ 70.044646] do_syscall_64+0x1b9/0x820 [ 70.048534] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.053709] [ 70.055330] Freed by task 4498: [ 70.058603] save_stack+0x43/0xd0 [ 70.062050] __kasan_slab_free+0x11a/0x170 [ 70.066278] kasan_slab_free+0xe/0x10 [ 70.070074] kmem_cache_free+0x86/0x280 [ 70.074055] vmx_free_vcpu+0x26b/0x300 [ 70.077949] kvm_arch_destroy_vm+0x365/0x7c0 [ 70.082356] kvm_put_kvm+0x73f/0x1060 [ 70.086152] kvm_vm_release+0x42/0x50 [ 70.089946] __fput+0x36e/0x8c0 [ 70.093220] ____fput+0x15/0x20 [ 70.096514] task_work_run+0x1e8/0x2a0 [ 70.100400] do_exit+0x1ae4/0x26e0 [ 70.103941] do_group_exit+0x177/0x440 [ 70.107822] __x64_sys_exit_group+0x3e/0x50 [ 70.112138] do_syscall_64+0x1b9/0x820 [ 70.116035] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.121211] [ 70.122833] The buggy address belongs to the object at ffff8801c5d40040 [ 70.122833] which belongs to the cache kvm_vcpu of size 23872 [ 70.135411] The buggy address is located 24 bytes inside of [ 70.135411] 23872-byte region [ffff8801c5d40040, ffff8801c5d45d80) [ 70.147381] The buggy address belongs to the page: [ 70.152309] page:ffffea0007175000 count:1 mapcount:0 mapping:ffff8801d53aea80 index:0x0 compound_mapcount: 0 [ 70.162275] flags: 0x2fffc0000008100(slab|head) [ 70.166946] raw: 02fffc0000008100 ffff8801d53aa948 ffff8801d53aa948 ffff8801d53aea80 [ 70.174827] raw: 0000000000000000 ffff8801c5d40040 0000000100000001 0000000000000000 [ 70.182695] page dumped because: kasan: bad access detected [ 70.188393] [ 70.190014] Memory state around the buggy address: [ 70.194938] ffff8801c5d3ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 70.202291] ffff8801c5d3ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 70.209646] >ffff8801c5d40000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 70.217004] ^ [ 70.223228] ffff8801c5d40080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.230584] ffff8801c5d40100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.237931] ================================================================== [ 70.245280] Kernel panic - not syncing: panic_on_warn set ... [ 70.245280] [ 70.252646] CPU: 1 PID: 4498 Comm: syz-executor179 Tainted: G B 4.18.0+ #205 [ 70.261126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.270470] Call Trace: [ 70.273066] dump_stack+0x1c9/0x2b4 [ 70.276699] ? dump_stack_print_info.cold.2+0x52/0x52 [ 70.281892] ? lock_downgrade+0x8f0/0x8f0 [ 70.286037] ? __schedule+0xf54/0x1df0 [ 70.289924] panic+0x238/0x4e7 [ 70.293116] ? add_taint.cold.5+0x16/0x16 [ 70.297268] ? print_shadow_for_address+0xba/0x116 [ 70.302192] ? trace_hardirqs_off+0xaf/0x2b0 [ 70.306593] ? trace_hardirqs_off+0x77/0x2b0 [ 70.310997] ? __schedule+0xf54/0x1df0 [ 70.314883] kasan_end_report+0x47/0x4f [ 70.318858] kasan_report.cold.7+0x76/0x30d [ 70.323183] __asan_report_load8_noabort+0x14/0x20 [ 70.328117] __schedule+0xf54/0x1df0 [ 70.331845] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 70.336950] ? __sched_text_start+0x8/0x8 [ 70.341102] ? __call_srcu+0x7e7/0x1040 [ 70.345093] ? check_same_owner+0x340/0x340 [ 70.349430] ? mark_held_locks+0x160/0x160 [ 70.353660] ? find_held_lock+0x36/0x1c0 [ 70.357718] preempt_schedule_common+0x22/0x60 [ 70.362296] _cond_resched+0x1d/0x30 [ 70.366004] wait_for_completion+0xa5/0x8d0 [ 70.370330] ? wait_for_completion_interruptible+0x950/0x950 [ 70.376128] ? __lockdep_init_map+0x105/0x590 [ 70.380622] ? __init_waitqueue_head+0x9e/0x150 [ 70.385288] ? init_wait_entry+0x1c0/0x1c0 [ 70.389523] __synchronize_srcu+0x189/0x240 [ 70.393841] ? call_srcu+0x10/0x10 [ 70.397381] ? rcu_unexpedite_gp+0x20/0x20 [ 70.401624] synchronize_srcu+0x335/0x56f [ 70.405765] ? lock_downgrade+0x8f0/0x8f0 [ 70.409907] ? synchronize_srcu_expedited+0x20/0x20 [ 70.414922] ? kasan_check_read+0x11/0x20 [ 70.419069] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 70.423655] ? kasan_check_write+0x14/0x20 [ 70.427885] ? do_raw_spin_lock+0xc1/0x200 [ 70.432124] kvm_page_track_unregister_notifier+0x17d/0x250 [ 70.437832] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 70.443282] ? kvfree+0x61/0x70 [ 70.446562] ? rcu_read_lock_sched_held+0x108/0x120 [ 70.451578] kvm_mmu_uninit_vm+0x1c/0x20 [ 70.455635] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 70.460041] ? kvm_arch_sync_events+0x30/0x30 [ 70.464539] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 70.470107] ? mmu_notifier_unregister+0x474/0x600 [ 70.475044] ? trace_hardirqs_on+0x2c0/0x2c0 [ 70.479449] ? kfree+0x111/0x210 [ 70.482813] ? __mmu_notifier_register+0x30/0x30 [ 70.487566] ? __free_pages+0x10a/0x190 [ 70.491540] ? free_unref_page+0x930/0x930 [ 70.495778] kvm_put_kvm+0x73f/0x1060 [ 70.499579] ? kvm_write_guest_cached+0x40/0x40 [ 70.504249] ? _raw_spin_unlock_irq+0x27/0x70 [ 70.508743] ? _raw_spin_unlock_irq+0x27/0x70 [ 70.513235] ? lockdep_hardirqs_on+0x421/0x5c0 [ 70.517824] ? kasan_check_write+0x14/0x20 [ 70.522055] ? do_raw_spin_lock+0xc1/0x200 [ 70.526299] ? kvm_irqfd_release+0xdd/0x120 [ 70.530621] ? kvm_put_kvm+0x1060/0x1060 [ 70.534681] kvm_vm_release+0x42/0x50 [ 70.538481] __fput+0x36e/0x8c0 [ 70.541756] ? __alloc_file+0x400/0x400 [ 70.545731] ? check_same_owner+0x340/0x340 [ 70.550048] ? kasan_check_write+0x14/0x20 [ 70.554279] ? do_raw_spin_lock+0xc1/0x200 [ 70.558511] ____fput+0x15/0x20 [ 70.561785] task_work_run+0x1e8/0x2a0 [ 70.565668] ? task_work_cancel+0x240/0x240 [ 70.569987] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 70.575521] ? switch_task_namespaces+0xa2/0xd0 [ 70.580192] do_exit+0x1ae4/0x26e0 [ 70.583732] ? mm_update_next_owner+0x9a0/0x9a0 [ 70.588403] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 70.592647] ? rcu_read_lock_sched_held+0x108/0x120 [ 70.597658] ? kfree+0x1d7/0x210 [ 70.601021] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 70.605257] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 70.610965] ? is_bpf_text_address+0xd7/0x170 [ 70.615454] ? kernel_text_address+0x79/0xf0 [ 70.619854] ? pud_val+0x88/0x100 [ 70.623300] ? pmd_val+0x100/0x100 [ 70.626836] ? unwind_get_return_address+0x61/0xa0 [ 70.631763] ? __save_stack_trace+0x8d/0xf0 [ 70.636109] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 70.641669] ? __handle_mm_fault+0x945/0x4350 [ 70.646160] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 70.651005] ? graph_lock+0x170/0x170 [ 70.654806] ? find_held_lock+0x36/0x1c0 [ 70.658868] ? __do_page_fault+0x620/0xe50 [ 70.663112] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 70.668820] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 70.674352] ? do_vfs_ioctl+0x201/0x1720 [ 70.678413] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 70.683952] ? ioctl_preallocate+0x300/0x300 [ 70.688357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 70.693904] ? __fget_light+0x2f7/0x440 [ 70.697872] ? __handle_mm_fault+0x4350/0x4350 [ 70.702453] ? fget_raw+0x20/0x20 [ 70.705922] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 70.711459] ? __do_page_fault+0x449/0xe50 [ 70.715685] ? putname+0xf7/0x130 [ 70.719143] do_group_exit+0x177/0x440 [ 70.723029] ? trace_hardirqs_on+0xbd/0x2c0 [ 70.727346] ? __ia32_sys_exit+0x50/0x50 [ 70.731403] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 70.736505] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 70.742037] ? ksys_ioctl+0x81/0xd0 [ 70.745661] __x64_sys_exit_group+0x3e/0x50 [ 70.749980] do_syscall_64+0x1b9/0x820 [ 70.753867] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 70.759227] ? syscall_return_slowpath+0x5e0/0x5e0 [ 70.764156] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 70.768996] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 70.774009] ? prepare_exit_to_usermode+0x291/0x3b0 [ 70.779023] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 70.783869] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.789050] RIP: 0033:0x43ecf8 [ 70.792245] Code: Bad RIP value. [ 70.795601] RSP: 002b:00007ffc0ea58c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 70.803342] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8 [ 70.810624] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 70.817888] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 70.825159] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 70.832424] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 70.839685] [ 70.839689] ====================================================== [ 70.839692] WARNING: possible circular locking dependency detected [ 70.839694] 4.18.0+ #205 Not tainted [ 70.839696] ------------------------------------------------------ [ 70.839699] syz-executor179/4498 is trying to acquire lock: [ 70.839701] 000000006addc8da ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 70.839709] [ 70.839711] but task is already holding lock: [ 70.839713] 00000000104265a4 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 70.839721] [ 70.839723] which lock already depends on the new lock. [ 70.839724] [ 70.839726] [ 70.839728] the existing dependency chain (in reverse order) is: [ 70.839730] [ 70.839731] -> #3 (report_lock){....}: [ 70.839738] _raw_spin_lock_irqsave+0x96/0xc0 [ 70.839740] kasan_report+0x8e/0x110 [ 70.839743] __asan_report_load8_noabort+0x14/0x20 [ 70.839745] __schedule+0xf54/0x1df0 [ 70.839747] preempt_schedule_common+0x22/0x60 [ 70.839749] _cond_resched+0x1d/0x30 [ 70.839752] wait_for_completion+0xa5/0x8d0 [ 70.839754] __synchronize_srcu+0x189/0x240 [ 70.839756] synchronize_srcu+0x335/0x56f [ 70.839759] kvm_page_track_unregister_notifier+0x17d/0x250 [ 70.839761] kvm_mmu_uninit_vm+0x1c/0x20 [ 70.839763] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 70.839765] kvm_put_kvm+0x73f/0x1060 [ 70.839767] kvm_vm_release+0x42/0x50 [ 70.839769] __fput+0x36e/0x8c0 [ 70.839771] ____fput+0x15/0x20 [ 70.839773] task_work_run+0x1e8/0x2a0 [ 70.839775] do_exit+0x1ae4/0x26e0 [ 70.839778] do_group_exit+0x177/0x440 [ 70.839780] __x64_sys_exit_group+0x3e/0x50 [ 70.839782] do_syscall_64+0x1b9/0x820 [ 70.839785] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.839786] [ 70.839787] -> #2 (&rq->lock){-.-.}: [ 70.839794] _raw_spin_lock+0x2a/0x40 [ 70.839797] task_fork_fair+0x93/0x680 [ 70.839799] sched_fork+0x44b/0xbd0 [ 70.839801] copy_process+0x235e/0x7ad0 [ 70.839803] _do_fork+0x1ca/0x1170 [ 70.839805] kernel_thread+0x34/0x40 [ 70.839807] rest_init+0x22/0xe4 [ 70.839809] start_kernel+0x913/0x94e [ 70.839811] x86_64_start_reservations+0x29/0x2b [ 70.839813] x86_64_start_kernel+0x76/0x79 [ 70.839816] secondary_startup_64+0xa4/0xb0 [ 70.839817] [ 70.839818] -> #1 (&p->pi_lock){-.-.}: [ 70.839826] _raw_spin_lock_irqsave+0x96/0xc0 [ 70.839828] try_to_wake_up+0xd2/0x1250 [ 70.839830] wake_up_process+0x10/0x20 [ 70.839832] __up.isra.1+0x1c0/0x2a0 [ 70.839834] up+0x13c/0x1c0 [ 70.839836] __up_console_sem+0xbe/0x1b0 [ 70.839838] console_unlock+0x506/0x10d0 [ 70.839840] vprintk_emit+0x33a/0x910 [ 70.839842] vprintk_default+0x28/0x30 [ 70.839844] vprintk_func+0x7a/0x117 [ 70.839846] printk+0xa7/0xcf [ 70.839848] load_umh+0x51/0xbd [ 70.839850] do_one_initcall+0x127/0x838 [ 70.839852] kernel_init_freeable+0x4bb/0x5ae [ 70.839854] kernel_init+0x11/0x1b3 [ 70.839857] ret_from_fork+0x3a/0x50 [ 70.839858] [ 70.839859] -> #0 ((console_sem).lock){-...}: [ 70.839866] lock_acquire+0x1e4/0x4f0 [ 70.839869] _raw_spin_lock_irqsave+0x96/0xc0 [ 70.839871] down_trylock+0x13/0x70 [ 70.839873] __down_trylock_console_sem+0xae/0x200 [ 70.839875] console_trylock+0x15/0xa0 [ 70.839877] vprintk_emit+0x31f/0x910 [ 70.839880] vprintk_default+0x28/0x30 [ 70.839882] vprintk_func+0x7a/0x117 [ 70.839883] printk+0xa7/0xcf [ 70.839885] kasan_report+0x9e/0x110 [ 70.839888] __asan_report_load8_noabort+0x14/0x20 [ 70.839890] __schedule+0xf54/0x1df0 [ 70.839892] preempt_schedule_common+0x22/0x60 [ 70.839894] _cond_resched+0x1d/0x30 [ 70.839897] wait_for_completion+0xa5/0x8d0 [ 70.839899] __synchronize_srcu+0x189/0x240 [ 70.839901] synchronize_srcu+0x335/0x56f [ 70.839905] kvm_page_track_unregister_notifier+0x17d/0x250 [ 70.839908] kvm_mmu_uninit_vm+0x1c/0x20 [ 70.839910] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 70.839912] kvm_put_kvm+0x73f/0x1060 [ 70.839914] kvm_vm_release+0x42/0x50 [ 70.839916] __fput+0x36e/0x8c0 [ 70.839918] ____fput+0x15/0x20 [ 70.839920] task_work_run+0x1e8/0x2a0 [ 70.839922] do_exit+0x1ae4/0x26e0 [ 70.839924] do_group_exit+0x177/0x440 [ 70.839927] __x64_sys_exit_group+0x3e/0x50 [ 70.839929] do_syscall_64+0x1b9/0x820 [ 70.839931] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.839932] [ 70.839935] other info that might help us debug this: [ 70.839936] [ 70.839938] Chain exists of: [ 70.839939] (console_sem).lock --> &rq->lock --> report_lock [ 70.839948] [ 70.839951] Possible unsafe locking scenario: [ 70.839952] [ 70.839954] CPU0 CPU1 [ 70.839956] ---- ---- [ 70.839957] lock(report_lock); [ 70.839962] lock(&rq->lock); [ 70.839967] lock(report_lock); [ 70.839971] lock((console_sem).lock); [ 70.839976] [ 70.839977] *** DEADLOCK *** [ 70.839978] [ 70.839981] 2 locks held by syz-executor179/4498: [ 70.839982] #0: 00000000132cc5f4 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 70.839991] #1: 00000000104265a4 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 70.840000] [ 70.840001] stack backtrace: [ 70.840005] CPU: 1 PID: 4498 Comm: syz-executor179 Not tainted 4.18.0+ #205 [ 70.840009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.840010] Call Trace: [ 70.840012] dump_stack+0x1c9/0x2b4 [ 70.840015] ? dump_stack_print_info.cold.2+0x52/0x52 [ 70.840017] ? vprintk_func+0x100/0x117 [ 70.840020] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 70.840022] ? save_trace+0xe0/0x290 [ 70.840024] __lock_acquire+0x3449/0x5020 [ 70.840026] ? mark_held_locks+0x160/0x160 [ 70.840028] ? mark_held_locks+0x160/0x160 [ 70.840031] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 70.840033] ? is_bpf_text_address+0xd7/0x170 [ 70.840035] ? kernel_text_address+0x79/0xf0 [ 70.840037] ? __kernel_text_address+0xd/0x40 [ 70.840040] ? __save_stack_trace+0x8d/0xf0 [ 70.840042] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 70.840044] ? save_trace+0x290/0x290 [ 70.840046] ? save_stack_trace+0x1a/0x20 [ 70.840048] ? save_trace+0xe0/0x290 [ 70.840050] ? graph_lock+0x170/0x170 [ 70.840053] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 70.840055] lock_acquire+0x1e4/0x4f0 [ 70.840057] ? down_trylock+0x13/0x70 [ 70.840059] ? lock_release+0x9f0/0x9f0 [ 70.840061] ? trace_hardirqs_off+0xb8/0x2b0 [ 70.840064] ? trace_hardirqs_on+0x2c0/0x2c0 [ 70.840066] ? trace_hardirqs_off+0xb8/0x2b0 [ 70.840068] ? log_store+0x34f/0x4c0 [ 70.840070] ? vprintk_emit+0x31f/0x910 [ 70.840072] _raw_spin_lock_irqsave+0x96/0xc0 [ 70.840074] ? down_trylock+0x13/0x70 [ 70.840076] down_trylock+0x13/0x70 [ 70.840079] __down_trylock_console_sem+0xae/0x200 [ 70.840081] console_trylock+0x15/0xa0 [ 70.840083] vprintk_emit+0x31f/0x910 [ 70.840092] ? wake_up_klogd+0x110/0x110 [ 70.840094] ? run_rebalance_domains+0x4c0/0x4c0 [ 70.840096] ? kasan_check_read+0x11/0x20 [ 70.840098] ? rcu_is_watching+0x8c/0x150 [ 70.840100] ? rcu_pm_notify+0xc0/0xc0 [ 70.840102] ? lock_acquire+0x1e4/0x4f0 [ 70.840104] ? kasan_report+0x8e/0x110 [ 70.840107] ? __schedule+0xf54/0x1df0 [ 70.840109] vprintk_default+0x28/0x30 [ 70.840111] vprintk_func+0x7a/0x117 [ 70.840112] printk+0xa7/0xcf [ 70.840115] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 70.840117] ? kasan_check_write+0x14/0x20 [ 70.840119] ? do_raw_spin_lock+0xc1/0x200 [ 70.840121] ? do_raw_spin_lock+0xc1/0x200 [ 70.840123] kasan_report+0x9e/0x110 [ 70.840126] __asan_report_load8_noabort+0x14/0x20 [ 70.840128] __schedule+0xf54/0x1df0 [ 70.840130] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 70.840132] ? __sched_text_start+0x8/0x8 [ 70.840134] ? __call_srcu+0x7e7/0x1040 [ 70.840137] ? check_same_owner+0x340/0x340 [ 70.840139] ? mark_held_locks+0x160/0x160 [ 70.840141] ? find_held_lock+0x36/0x1c0 [ 70.840143] preempt_schedule_common+0x22/0x60 [ 70.840145] _cond_resched+0x1d/0x30 [ 70.840147] wait_for_completion+0xa5/0x8d0 [ 70.840150] ? wait_for_completion_interruptible+0x950/0x950 [ 70.840152] ? __lockdep_init_map+0x105/0x590 [ 70.840155] ? __init_waitqueue_head+0x9e/0x150 [ 70.840157] ? init_wait_entry+0x1c0/0x1c0 [ 70.840159] __synchronize_srcu+0x189/0x240 [ 70.840161] ? call_srcu+0x10/0x10 [ 70.840163] ? rcu_unexpedite_gp+0x20/0x20 [ 70.840166] synchronize_srcu+0x335/0x56f [ 70.840168] ? lock_downgrade+0x8f0/0x8f0 [ 70.840170] ? synchronize_srcu_expedited+0x20/0x20 [ 70.840173] ? kasan_check_read+0x11/0x20 [ 70.840175] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 70.840177] ? kasan_check_write+0x14/0x20 [ 70.840179] ? do_raw_spin_lock+0xc1/0x200 [ 70.840182] kvm_page_track_unregister_notifier+0x17d/0x250 [ 70.840185] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 70.840187] ? kvfree+0x61/0x70 [ 70.840189] ? rcu_read_lock_sched_held+0x108/0x120 [ 70.840191] kvm_mmu_uninit_vm+0x1c/0x20 [ 70.840194] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 70.840196] ? kvm_arch_sync_events+0x30/0x30 [ 70.840199] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 70.840201] ? mmu_notifier_unregister+0x474/0x600 [ 70.840203] ? trace_hardirqs_on+0x2c0/0x2c0 [ 70.840205] ? kfree+0x111/0x210 [ 70.840208] ? __mmu_notifier_register+0x30/0x30 [ 70.840210] ? __free_pages+0x10a/0x190 [ 70.840212] ? free_unref_page+0x930/0x930 [ 70.840214] kvm_put_kvm+0x73f/0x1060 [ 70.840216] ? kvm_write_guest_cached+0x40/0x40 [ 70.840219] ? _raw_spin_unlock_irq+0x27/0x70 [ 70.840221] ? _raw_spin_unlock_irq+0x27/0x70 [ 70.840223] ? lockdep_hardirqs_on+0x421/0x5c0 [ 70.840225] ? kasan_check_write+0x14/0x20 [ 70.840227] ? do_raw_spin_lock+0xc1/0x200 [ 70.840230] ? kvm_irqfd_release+0xdd/0x120 [ 70.840232] ? kvm_put_kvm+0x1060/0x1060 [ 70.840234] kvm_vm_release+0x42/0x50 [ 70.840236] __fput+0x36e/0x8c0 [ 70.840238] ? __alloc_file+0x400/0x400 [ 70.840240] ? check_same_owner+0x340/0x340 [ 70.840242] ? kasan_check_write+0x14/0x20 [ 70.840244] ? do_raw_spin_lock+0xc1/0x200 [ 70.840246] ____fput+0x15/0x20 [ 70.840248] task_work_run+0x1e8/0x2a0 [ 70.840250] ? task_work_cancel+0x240/0x240 [ 70.840253] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 70.840255] ? switch_task_namespaces+0xa2/0xd0 [ 70.840257] do_exit+0x1ae4/0x26e0 [ 70.840260] ? mm_update_next_owner+0x9a0/0x9a0 [ 70.840262] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 70.840264] ? rcu_read_lock_sched_held+0x108/0x120 [ 70.840266] ? kfree+0x1d7/0x210 [ 70.840268] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 70.840271] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 70.840273] ? is_bpf_text_address+0xd7/0x170 [ 70.840275] ? kernel_text_address+0x79/0xf0 [ 70.840277] ? pud_va [ 70.840282] Lost 45 message(s)! [ 71.914390] Shutting down cpus with NMI [ 72.975401] Dumping ftrace buffer: [ 72.978930] (ftrace buffer empty) [ 72.982657] Kernel Offset: disabled [ 72.986272] Rebooting in 86400 seconds..