[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.473937] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.089149] random: sshd: uninitialized urandom read (32 bytes read) [ 29.333795] random: sshd: uninitialized urandom read (32 bytes read) [ 29.883892] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts. [ 35.702167] urandom_read: 1 callbacks suppressed [ 35.702173] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 35.804082] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 35.829039] ================================================================== [ 35.838948] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 35.845172] Read of size 8 at addr ffff8801b6438058 by task syz-executor090/4667 [ 35.852693] [ 35.854329] CPU: 0 PID: 4667 Comm: syz-executor090 Not tainted 4.19.0-rc2+ #220 [ 35.861766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.871110] Call Trace: [ 35.873725] dump_stack+0x1c9/0x2b4 [ 35.877349] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.882557] ? printk+0xa7/0xcf [ 35.885833] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.890587] ? __schedule+0xf54/0x1df0 [ 35.894472] print_address_description+0x6c/0x20b [ 35.899332] ? __schedule+0xf54/0x1df0 [ 35.903215] kasan_report.cold.7+0x242/0x30d [ 35.907625] __asan_report_load8_noabort+0x14/0x20 [ 35.912568] __schedule+0xf54/0x1df0 [ 35.916296] ? __sched_text_start+0x8/0x8 [ 35.920452] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 35.925556] ? __call_srcu+0x7e7/0x1040 [ 35.929540] ? check_same_owner+0x340/0x340 [ 35.933854] ? mark_held_locks+0x160/0x160 [ 35.938081] ? find_held_lock+0x36/0x1c0 [ 35.942142] preempt_schedule_common+0x22/0x60 [ 35.946719] _cond_resched+0x1d/0x30 [ 35.950428] wait_for_completion+0xa5/0x8d0 [ 35.954749] ? wait_for_completion_interruptible+0x950/0x950 [ 35.960549] ? __lockdep_init_map+0x105/0x590 [ 35.965041] ? __init_waitqueue_head+0x9e/0x150 [ 35.969703] ? init_wait_entry+0x1c0/0x1c0 [ 35.973937] __synchronize_srcu+0x189/0x240 [ 35.978268] ? call_srcu+0x10/0x10 [ 35.981809] ? rcu_unexpedite_gp+0x20/0x20 [ 35.986043] synchronize_srcu+0x335/0x56f [ 35.990185] ? lock_downgrade+0x8f0/0x8f0 [ 35.994324] ? synchronize_srcu_expedited+0x20/0x20 [ 35.999342] ? kasan_check_read+0x11/0x20 [ 36.003494] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.008078] ? kasan_check_write+0x14/0x20 [ 36.012310] ? do_raw_spin_lock+0xc1/0x200 [ 36.016564] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.022273] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.027717] ? kvfree+0x61/0x70 [ 36.030992] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.036021] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.040076] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.044481] ? kvm_arch_sync_events+0x30/0x30 [ 36.048977] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.054508] ? mmu_notifier_unregister+0x474/0x600 [ 36.059433] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.063831] ? kfree+0x111/0x210 [ 36.067191] ? __mmu_notifier_register+0x30/0x30 [ 36.071946] ? __free_pages+0x10a/0x190 [ 36.075915] ? free_unref_page+0x930/0x930 [ 36.080152] kvm_put_kvm+0x73f/0x1060 [ 36.083951] ? kvm_write_guest_cached+0x40/0x40 [ 36.088617] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.093104] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.097592] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.102172] ? kasan_check_write+0x14/0x20 [ 36.106398] ? do_raw_spin_lock+0xc1/0x200 [ 36.110627] ? kvm_irqfd_release+0xdd/0x120 [ 36.114939] ? kvm_irqfd_release+0xdd/0x120 [ 36.119260] ? kvm_put_kvm+0x1060/0x1060 [ 36.123321] kvm_vm_release+0x42/0x50 [ 36.127117] __fput+0x38a/0xa40 [ 36.130388] ? __alloc_file+0x400/0x400 [ 36.134359] ? check_same_owner+0x340/0x340 [ 36.138672] ? kasan_check_write+0x14/0x20 [ 36.142903] ? do_raw_spin_lock+0xc1/0x200 [ 36.147134] ____fput+0x15/0x20 [ 36.150405] task_work_run+0x1e8/0x2a0 [ 36.154283] ? task_work_cancel+0x240/0x240 [ 36.158602] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.164133] ? switch_task_namespaces+0xa2/0xd0 [ 36.168801] do_exit+0x1ae4/0x26e0 [ 36.172335] ? graph_lock+0xd1/0x170 [ 36.176056] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.180727] ? find_held_lock+0x36/0x1c0 [ 36.184793] ? lock_downgrade+0x8f0/0x8f0 [ 36.188936] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.193347] ? kasan_check_read+0x11/0x20 [ 36.197490] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.201903] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.206305] ? kasan_check_write+0x14/0x20 [ 36.210541] ? do_raw_spin_lock+0xc1/0x200 [ 36.214773] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.219883] ? save_stack+0xa9/0xd0 [ 36.223501] ? save_stack+0x43/0xd0 [ 36.227130] ? __kasan_slab_free+0x11a/0x170 [ 36.231558] ? kasan_slab_free+0xe/0x10 [ 36.235553] ? __x64_sys_add_key+0x2b7/0x4e0 [ 36.239957] ? do_syscall_64+0x1b9/0x820 [ 36.244013] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.249371] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.253775] ? kasan_check_read+0x11/0x20 [ 36.257922] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.262323] ? kasan_check_write+0x14/0x20 [ 36.266570] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.270972] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.276072] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.280492] ? kfree+0x111/0x210 [ 36.283851] ? kfree+0x111/0x210 [ 36.287220] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 36.292242] ? __fget_light+0x2f7/0x440 [ 36.296207] ? fget_raw+0x20/0x20 [ 36.299654] ? __kasan_slab_free+0x131/0x170 [ 36.304068] do_group_exit+0x177/0x440 [ 36.307952] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.312281] ? __ia32_sys_exit+0x50/0x50 [ 36.316347] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.321442] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.326972] ? ksys_ioctl+0x81/0xd0 [ 36.330597] __x64_sys_exit_group+0x3e/0x50 [ 36.334915] do_syscall_64+0x1b9/0x820 [ 36.338801] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.344159] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.349079] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.353930] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.358940] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.363950] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.368977] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.373834] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.379027] RIP: 0033:0x43f048 [ 36.382218] Code: Bad RIP value. [ 36.385572] RSP: 002b:00007ffcbb796d58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.393290] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f048 [ 36.400566] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.407831] RBP: 00000000004be908 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.415121] R10: 00000000fffffffe R11: 0000000000000246 R12: 0000000000000001 [ 36.422377] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.429871] [ 36.431490] Allocated by task 4667: [ 36.435153] save_stack+0x43/0xd0 [ 36.438601] kasan_kmalloc+0xc4/0xe0 [ 36.442305] kasan_slab_alloc+0x12/0x20 [ 36.446269] kmem_cache_alloc+0x12e/0x710 [ 36.450413] vmx_create_vcpu+0xcf/0x2830 [ 36.454465] kvm_arch_vcpu_create+0xe5/0x220 [ 36.458882] kvm_vm_ioctl+0x488/0x1d80 [ 36.462760] do_vfs_ioctl+0x1de/0x1720 [ 36.466642] ksys_ioctl+0xa9/0xd0 [ 36.470092] __x64_sys_ioctl+0x73/0xb0 [ 36.473971] do_syscall_64+0x1b9/0x820 [ 36.477853] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.483020] [ 36.484648] Freed by task 4667: [ 36.487917] save_stack+0x43/0xd0 [ 36.491358] __kasan_slab_free+0x11a/0x170 [ 36.495588] kasan_slab_free+0xe/0x10 [ 36.499378] kmem_cache_free+0x86/0x280 [ 36.503339] vmx_free_vcpu+0x26b/0x300 [ 36.507213] kvm_arch_destroy_vm+0x365/0x7c0 [ 36.511608] kvm_put_kvm+0x73f/0x1060 [ 36.515399] kvm_vm_release+0x42/0x50 [ 36.519185] __fput+0x38a/0xa40 [ 36.522453] ____fput+0x15/0x20 [ 36.525724] task_work_run+0x1e8/0x2a0 [ 36.529601] do_exit+0x1ae4/0x26e0 [ 36.533162] do_group_exit+0x177/0x440 [ 36.537054] __x64_sys_exit_group+0x3e/0x50 [ 36.541363] do_syscall_64+0x1b9/0x820 [ 36.545241] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.550409] [ 36.552025] The buggy address belongs to the object at ffff8801b6438040 [ 36.552025] which belongs to the cache kvm_vcpu of size 23872 [ 36.564765] The buggy address is located 24 bytes inside of [ 36.564765] 23872-byte region [ffff8801b6438040, ffff8801b643dd80) [ 36.576713] The buggy address belongs to the page: [ 36.581644] page:ffffea0006d90e00 count:1 mapcount:0 mapping:ffff8801d52e5d80 index:0x0 compound_mapcount: 0 [ 36.591815] flags: 0x2fffc0000008100(slab|head) [ 36.596482] raw: 02fffc0000008100 ffff8801d52d2248 ffff8801d52d2248 ffff8801d52e5d80 [ 36.604356] raw: 0000000000000000 ffff8801b6438040 0000000100000001 0000000000000000 [ 36.612219] page dumped because: kasan: bad access detected [ 36.617921] [ 36.619547] Memory state around the buggy address: [ 36.624458] ffff8801b6437f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.631804] ffff8801b6437f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.639193] >ffff8801b6438000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 36.646539] ^ [ 36.652754] ffff8801b6438080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.660137] ffff8801b6438100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.667497] ================================================================== [ 36.674869] Kernel panic - not syncing: panic_on_warn set ... [ 36.674869] [ 36.682237] CPU: 0 PID: 4667 Comm: syz-executor090 Tainted: G B 4.19.0-rc2+ #220 [ 36.691076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.700442] Call Trace: [ 36.703033] dump_stack+0x1c9/0x2b4 [ 36.706664] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.711850] ? lock_downgrade+0x8f0/0x8f0 [ 36.715994] ? __schedule+0xf54/0x1df0 [ 36.719876] panic+0x238/0x4e7 [ 36.723077] ? add_taint.cold.5+0x16/0x16 [ 36.727239] ? print_shadow_for_address+0xba/0x116 [ 36.732159] ? trace_hardirqs_off+0xaf/0x2b0 [ 36.736560] ? trace_hardirqs_off+0x77/0x2b0 [ 36.740967] ? __schedule+0xf54/0x1df0 [ 36.744852] kasan_end_report+0x47/0x4f [ 36.748836] kasan_report.cold.7+0x76/0x30d [ 36.753154] __asan_report_load8_noabort+0x14/0x20 [ 36.758079] __schedule+0xf54/0x1df0 [ 36.761798] ? __sched_text_start+0x8/0x8 [ 36.765969] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 36.771071] ? __call_srcu+0x7e7/0x1040 [ 36.775048] ? check_same_owner+0x340/0x340 [ 36.779361] ? mark_held_locks+0x160/0x160 [ 36.783588] ? find_held_lock+0x36/0x1c0 [ 36.787645] preempt_schedule_common+0x22/0x60 [ 36.792222] _cond_resched+0x1d/0x30 [ 36.795931] wait_for_completion+0xa5/0x8d0 [ 36.800250] ? wait_for_completion_interruptible+0x950/0x950 [ 36.806056] ? __lockdep_init_map+0x105/0x590 [ 36.810553] ? __init_waitqueue_head+0x9e/0x150 [ 36.815214] ? init_wait_entry+0x1c0/0x1c0 [ 36.819443] __synchronize_srcu+0x189/0x240 [ 36.823774] ? call_srcu+0x10/0x10 [ 36.827318] ? rcu_unexpedite_gp+0x20/0x20 [ 36.831603] synchronize_srcu+0x335/0x56f [ 36.835750] ? lock_downgrade+0x8f0/0x8f0 [ 36.839892] ? synchronize_srcu_expedited+0x20/0x20 [ 36.844921] ? kasan_check_read+0x11/0x20 [ 36.849064] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.853642] ? kasan_check_write+0x14/0x20 [ 36.857880] ? do_raw_spin_lock+0xc1/0x200 [ 36.862116] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.867827] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.873272] ? kvfree+0x61/0x70 [ 36.876559] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.881572] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.885634] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.890039] ? kvm_arch_sync_events+0x30/0x30 [ 36.894540] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.900073] ? mmu_notifier_unregister+0x474/0x600 [ 36.905012] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.909414] ? kfree+0x111/0x210 [ 36.912813] ? __mmu_notifier_register+0x30/0x30 [ 36.917568] ? __free_pages+0x10a/0x190 [ 36.921545] ? free_unref_page+0x930/0x930 [ 36.925791] kvm_put_kvm+0x73f/0x1060 [ 36.929610] ? kvm_write_guest_cached+0x40/0x40 [ 36.934276] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.938778] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.943289] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.947874] ? kasan_check_write+0x14/0x20 [ 36.952106] ? do_raw_spin_lock+0xc1/0x200 [ 36.956340] ? kvm_irqfd_release+0xdd/0x120 [ 36.960652] ? kvm_irqfd_release+0xdd/0x120 [ 36.964970] ? kvm_put_kvm+0x1060/0x1060 [ 36.969043] kvm_vm_release+0x42/0x50 [ 36.972837] __fput+0x38a/0xa40 [ 36.976140] ? __alloc_file+0x400/0x400 [ 36.980126] ? check_same_owner+0x340/0x340 [ 36.984447] ? kasan_check_write+0x14/0x20 [ 36.988676] ? do_raw_spin_lock+0xc1/0x200 [ 36.992903] ____fput+0x15/0x20 [ 36.996175] task_work_run+0x1e8/0x2a0 [ 37.000061] ? task_work_cancel+0x240/0x240 [ 37.004381] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.009914] ? switch_task_namespaces+0xa2/0xd0 [ 37.014584] do_exit+0x1ae4/0x26e0 [ 37.018118] ? graph_lock+0xd1/0x170 [ 37.021826] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.026510] ? find_held_lock+0x36/0x1c0 [ 37.030578] ? lock_downgrade+0x8f0/0x8f0 [ 37.034718] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.039115] ? kasan_check_read+0x11/0x20 [ 37.043251] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.047648] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.052050] ? kasan_check_write+0x14/0x20 [ 37.056291] ? do_raw_spin_lock+0xc1/0x200 [ 37.060520] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 37.065625] ? save_stack+0xa9/0xd0 [ 37.069241] ? save_stack+0x43/0xd0 [ 37.072856] ? __kasan_slab_free+0x11a/0x170 [ 37.077256] ? kasan_slab_free+0xe/0x10 [ 37.081223] ? __x64_sys_add_key+0x2b7/0x4e0 [ 37.085646] ? do_syscall_64+0x1b9/0x820 [ 37.089712] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.095067] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.099484] ? kasan_check_read+0x11/0x20 [ 37.103626] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.108049] ? kasan_check_write+0x14/0x20 [ 37.112275] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.116677] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 37.121771] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.126174] ? kfree+0x111/0x210 [ 37.129549] ? kfree+0x111/0x210 [ 37.132937] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 37.137966] ? __fget_light+0x2f7/0x440 [ 37.141934] ? fget_raw+0x20/0x20 [ 37.145390] ? __kasan_slab_free+0x131/0x170 [ 37.149803] do_group_exit+0x177/0x440 [ 37.153683] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.157999] ? __ia32_sys_exit+0x50/0x50 [ 37.162048] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.167143] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.172679] ? ksys_ioctl+0x81/0xd0 [ 37.176300] __x64_sys_exit_group+0x3e/0x50 [ 37.180618] do_syscall_64+0x1b9/0x820 [ 37.184499] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.189863] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.194782] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.199619] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 37.204626] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.209636] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.214649] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.219501] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.224685] RIP: 0033:0x43f048 [ 37.227876] Code: Bad RIP value. [ 37.231229] RSP: 002b:00007ffcbb796d58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.238932] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f048 [ 37.246191] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.253455] RBP: 00000000004be908 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.260714] R10: 00000000fffffffe R11: 0000000000000246 R12: 0000000000000001 [ 37.267974] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 37.275253] [ 37.275258] ====================================================== [ 37.275263] WARNING: possible circular locking dependency detected [ 37.275267] 4.19.0-rc2+ #220 Not tainted [ 37.275272] ------------------------------------------------------ [ 37.275277] syz-executor090/4667 is trying to acquire lock: [ 37.275280] 0000000004eec552 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 37.275294] [ 37.275298] but task is already holding lock: [ 37.275301] 000000006e9fd9ba (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.275314] [ 37.275319] which lock already depends on the new lock. [ 37.275321] [ 37.275323] [ 37.275328] the existing dependency chain (in reverse order) is: [ 37.275330] [ 37.275332] -> #3 (report_lock){....}: [ 37.275346] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.275349] kasan_report+0x8e/0x110 [ 37.275354] __asan_report_load8_noabort+0x14/0x20 [ 37.275357] __schedule+0xf54/0x1df0 [ 37.275361] preempt_schedule_common+0x22/0x60 [ 37.275365] _cond_resched+0x1d/0x30 [ 37.275369] wait_for_completion+0xa5/0x8d0 [ 37.275373] __synchronize_srcu+0x189/0x240 [ 37.275377] synchronize_srcu+0x335/0x56f [ 37.275381] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.275385] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.275389] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.275392] kvm_put_kvm+0x73f/0x1060 [ 37.275396] kvm_vm_release+0x42/0x50 [ 37.275399] __fput+0x38a/0xa40 [ 37.275403] ____fput+0x15/0x20 [ 37.275406] task_work_run+0x1e8/0x2a0 [ 37.275410] do_exit+0x1ae4/0x26e0 [ 37.275413] do_group_exit+0x177/0x440 [ 37.275417] __x64_sys_exit_group+0x3e/0x50 [ 37.275421] do_syscall_64+0x1b9/0x820 [ 37.275426] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.275428] [ 37.275430] -> #2 (&rq->lock){-.-.}: [ 37.275443] _raw_spin_lock+0x2a/0x40 [ 37.275446] task_fork_fair+0x93/0x680 [ 37.275450] sched_fork+0x44b/0xbd0 [ 37.275454] copy_process+0x235e/0x7ad0 [ 37.275457] _do_fork+0x1ca/0x1170 [ 37.275461] kernel_thread+0x34/0x40 [ 37.275464] rest_init+0x22/0xe4 [ 37.275468] start_kernel+0x913/0x94e [ 37.275472] x86_64_start_reservations+0x29/0x2b [ 37.275476] x86_64_start_kernel+0x76/0x79 [ 37.275480] secondary_startup_64+0xa4/0xb0 [ 37.275482] [ 37.275484] -> #1 (&p->pi_lock){-.-.}: [ 37.275497] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.275501] try_to_wake_up+0xd2/0x1250 [ 37.275505] wake_up_process+0x10/0x20 [ 37.275508] __up.isra.1+0x1c0/0x2a0 [ 37.275511] up+0x13c/0x1c0 [ 37.275515] __up_console_sem+0xbe/0x1b0 [ 37.275519] console_unlock+0x506/0x10d0 [ 37.275530] vprintk_emit+0x33a/0x910 [ 37.275533] vprintk_default+0x28/0x30 [ 37.275537] vprintk_func+0x7a/0x117 [ 37.275540] printk+0xa7/0xcf [ 37.275544] load_umh+0x51/0xbd [ 37.275547] do_one_initcall+0x127/0x838 [ 37.275551] kernel_init_freeable+0x4bb/0x5ae [ 37.275555] kernel_init+0x11/0x1b3 [ 37.275558] ret_from_fork+0x3a/0x50 [ 37.275560] [ 37.275562] -> #0 ((console_sem).lock){-...}: [ 37.275576] lock_acquire+0x1e4/0x4f0 [ 37.275580] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.275583] down_trylock+0x13/0x70 [ 37.275602] __down_trylock_console_sem+0xae/0x200 [ 37.275605] console_trylock+0x15/0xa0 [ 37.275609] vprintk_emit+0x31f/0x910 [ 37.275613] vprintk_default+0x28/0x30 [ 37.275617] vprintk_func+0x7a/0x117 [ 37.275620] printk+0xa7/0xcf [ 37.275623] kasan_report+0x9e/0x110 [ 37.275628] __asan_report_load8_noabort+0x14/0x20 [ 37.275631] __schedule+0xf54/0x1df0 [ 37.275636] preempt_schedule_common+0x22/0x60 [ 37.275639] _cond_resched+0x1d/0x30 [ 37.275643] wait_for_completion+0xa5/0x8d0 [ 37.275647] __synchronize_srcu+0x189/0x240 [ 37.275651] synchronize_srcu+0x335/0x56f [ 37.275656] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.275660] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.275664] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.275667] kvm_put_kvm+0x73f/0x1060 [ 37.275671] kvm_vm_release+0x42/0x50 [ 37.275674] __fput+0x38a/0xa40 [ 37.275678] ____fput+0x15/0x20 [ 37.275682] task_work_run+0x1e8/0x2a0 [ 37.275685] do_exit+0x1ae4/0x26e0 [ 37.275689] do_group_exit+0x177/0x440 [ 37.275693] __x64_sys_exit_group+0x3e/0x50 [ 37.275696] do_syscall_64+0x1b9/0x820 [ 37.275701] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.275703] [ 37.275707] other info that might help us debug this: [ 37.275709] [ 37.275712] Chain exists of: [ 37.275714] (console_sem).lock --> &rq->lock --> report_lock [ 37.275732] [ 37.275736] Possible unsafe locking scenario: [ 37.275738] [ 37.275742] CPU0 CPU1 [ 37.275746] ---- ---- [ 37.275748] lock(report_lock); [ 37.275757] lock(&rq->lock); [ 37.275766] lock(report_lock); [ 37.275773] lock((console_sem).lock); [ 37.275781] [ 37.275789] *** DEADLOCK *** [ 37.275791] [ 37.275795] 2 locks held by syz-executor090/4667: [ 37.275798] #0: 00000000edf46182 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 37.275814] #1: 000000006e9fd9ba (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.275830] [ 37.275833] stack backtrace: [ 37.275839] CPU: 0 PID: 4667 Comm: syz-executor090 Not tainted 4.19.0-rc2+ #220 [ 37.275846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.275849] Call Trace: [ 37.275852] dump_stack+0x1c9/0x2b4 [ 37.275857] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.275860] ? vprintk_func+0x100/0x117 [ 37.275865] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 37.275869] ? save_trace+0xe0/0x290 [ 37.275888] __lock_acquire+0x3449/0x5020 [ 37.275892] ? mark_held_locks+0x160/0x160 [ 37.275897] ? mark_held_locks+0x160/0x160 [ 37.275901] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 37.275905] ? is_bpf_text_address+0xd7/0x170 [ 37.275909] ? kernel_text_address+0x79/0xf0 [ 37.275913] ? __kernel_text_address+0xd/0x40 [ 37.275918] ? __save_stack_trace+0x8d/0xf0 [ 37.275922] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 37.275926] ? save_trace+0x290/0x290 [ 37.275930] ? save_stack_trace+0x1a/0x20 [ 37.275934] ? save_trace+0xe0/0x290 [ 37.275938] ? graph_lock+0x170/0x170 [ 37.275943] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.275946] lock_acquire+0x1e4/0x4f0 [ 37.275950] ? down_trylock+0x13/0x70 [ 37.275954] ? lock_release+0x9f0/0x9f0 [ 37.275958] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.275977] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.275981] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.275985] ? log_store+0x34f/0x4c0 [ 37.276004] ? vprintk_emit+0x31f/0x910 [ 37.276008] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.276012] ? down_trylock+0x13/0x70 [ 37.276016] down_trylock+0x13/0x70 [ 37.276020] __down_trylock_console_sem+0xae/0x200 [ 37.276024] console_trylock+0x15/0xa0 [ 37.276028] vprintk_emit+0x31f/0x910 [ 37.276032] ? wake_up_klogd+0x110/0x110 [ 37.276036] ? run_rebalance_domains+0x4c0/0x4c0 [ 37.276040] ? kasan_check_read+0x11/0x20 [ 37.276044] ? rcu_is_watching+0x8c/0x150 [ 37.276048] ? rcu_pm_notify+0xc0/0xc0 [ 37.276052] ? lock_acquire+0x1e4/0x4f0 [ 37.276056] ? kasan_report+0x8e/0x110 [ 37.276060] ? __schedule+0xf54/0x1df0 [ 37.276064] vprintk_default+0x28/0x30 [ 37.276068] vprintk_func+0x7a/0x117 [ 37.276071] printk+0xa7/0xcf [ 37.276075] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.276079] ? kasan_check_write+0x14/0x20 [ 37.276083] ? do_raw_spin_lock+0xc1/0x200 [ 37.276087] ? do_raw_spin_lock+0xc1/0x200 [ 37.276091] kasan_report+0x9e/0x110 [ 37.276096] __asan_report_load8_noabort+0x14/0x20 [ 37.276099] __schedule+0xf54/0x1df0 [ 37.276103] ? __sched_text_start+0x8/0x8 [ 37.276108] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 37.276112] ? __call_srcu+0x7e7/0x1040 [ 37.276116] ? check_same_owner+0x340/0x340 [ 37.276120] ? mark_held_locks+0x160/0x160 [ 37.276124] ? find_held_lock+0x36/0x1c0 [ 37.276128] preempt_schedule_common+0x22/0x60 [ 37.276147] _cond_resched+0x1d/0x30 [ 37.276151] wait_for_completion+0xa5/0x8d0 [ 37.276155] ? wait_for_completion_interruptible+0x950/0x950 [ 37.276160] ? __lockdep_init_map+0x105/0x590 [ 37.276164] ? __init_waitqueue_head+0x9e/0x150 [ 37.276168] ? init_wait_entry+0x1c0/0x1c0 [ 37.276172] __synchronize_srcu+0x189/0x240 [ 37.276175] ? call_srcu+0x10/0x10 [ 37.276179] ? rcu_unexpedite_gp+0x20/0x20 [ 37.276183] synchronize_srcu+0x335/0x56f [ 37.276187] ? lock_downgrade+0x8f0/0x8f0 [ 37.276191] ? synchronize_srcu_expedited+0x20/0x20 [ 37.276195] ? kasan_check_read+0x11/0x20 [ 37.276199] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.276203] ? kasan_check_write+0x14/0x20 [ 37.276207] ? do_raw_spin_lock+0xc1/0x200 [ 37.276212] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.276217] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.276220] ? kvfree+0x61/0x70 [ 37.276224] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.276228] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.276232] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.276237] ? kvm_arch_sync_events+0x30/0x30 [ 37.276241] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.276246] ? mmu_notifier_unregister+0x474/0x600 [ 37.276250] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.276253] ? kfree+0x111/0x210 [ 37.276258] ? __mmu_notifier_register+0x30/0x30 [ 37.276261] ? __free_pages+0x10a/0x190 [ 37.276265] ? free_unref_page+0x930/0x930 [ 37.276269] kvm_put_kvm+0x73f/0x1060 [ 37.276274] ? kvm_write_guest_cached+0x40/0x40 [ 37.276278] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.276282] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.276286] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.276293] ? kasan_check_write+0x14/0x20 [ 37.276297] ? do_raw_spin_lock+0xc1/0x200 [ 37.276301] ? kvm_irqfd_release+0xdd/0x120 [ 37.276305] ? kvm_irqfd_release+0xdd/0x120 [ 37.276309] ? kvm_put_kvm+0x1060/0x1060 [ 37.276313] kvm_vm_release+0x42/0x50 [ 37.276316] __fput+0x38a/0xa40 [ 37.276320] ? __alloc_file+0x400/0x400 [ 37.276324] ? check_same_owner+0x340/0x340 [ 37.276328] ? kasan_check_write+0x14/0x20 [ 37.276332] ? do_raw_spin_lock+0xc1/0x200 [ 37.276335] ____fput+0x15/0x20 [ 37.276339] task_work_run+0x1e8/0x2a0 [ 37.276343] ? task_work_cancel+0x240/0x240 [ 37.276348] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.276352] ? switch_task_namespaces+0xa2/0xd0 [ 37.276355] do_exit+0x1ae4/0x26e0 [ 37.276359] ? graph_lock+0xd1/0x170 [ 37.276363] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.276367] ? find_held_lock+0x36/0x1c0 [ 37.276371] ? lock_downgrade+0x8f0/0x8f0 [ 37.276375] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.276379] ? kasan_check_read+0x11/0x20 [ 37.276383] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.276386] ? trace_hardirqs_on+0x2c0/ [ 37.276393] Lost 48 message(s)! [ 38.407398] Shutting down cpus with NMI [ 39.466841] Dumping ftrace buffer: [ 39.470366] (ftrace buffer empty) [ 39.474056] Kernel Offset: disabled [ 39.477665] Rebooting in 86400 seconds..