[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.917028] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.564613] random: sshd: uninitialized urandom read (32 bytes read) [ 25.925080] random: sshd: uninitialized urandom read (32 bytes read) [ 26.499272] random: sshd: uninitialized urandom read (32 bytes read) [ 27.538377] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. [ 33.373561] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.467970] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.493009] ================================================================== [ 33.502941] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.509168] Read of size 8 at addr ffff8801ad340058 by task syz-executor264/4453 [ 33.516688] [ 33.518325] CPU: 0 PID: 4453 Comm: syz-executor264 Not tainted 4.19.0-rc1+ #212 [ 33.525778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.535122] Call Trace: [ 33.537724] dump_stack+0x1c9/0x2b4 [ 33.541357] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.546546] ? printk+0xa7/0xcf [ 33.549828] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.554589] ? __schedule+0xf54/0x1df0 [ 33.558478] print_address_description+0x6c/0x20b [ 33.563332] ? __schedule+0xf54/0x1df0 [ 33.567218] kasan_report.cold.7+0x242/0x30d [ 33.571626] __asan_report_load8_noabort+0x14/0x20 [ 33.576554] __schedule+0xf54/0x1df0 [ 33.580267] ? __sched_text_start+0x8/0x8 [ 33.584417] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 33.589532] ? __call_srcu+0x7e7/0x1040 [ 33.593523] ? check_same_owner+0x340/0x340 [ 33.597853] ? mark_held_locks+0x160/0x160 [ 33.602084] ? find_held_lock+0x36/0x1c0 [ 33.606148] preempt_schedule_common+0x22/0x60 [ 33.610732] _cond_resched+0x1d/0x30 [ 33.614479] wait_for_completion+0xa5/0x8d0 [ 33.618799] ? wait_for_completion_interruptible+0x950/0x950 [ 33.624596] ? __lockdep_init_map+0x105/0x590 [ 33.629093] ? __init_waitqueue_head+0x9e/0x150 [ 33.633764] ? init_wait_entry+0x1c0/0x1c0 [ 33.638005] __synchronize_srcu+0x189/0x240 [ 33.642321] ? call_srcu+0x10/0x10 [ 33.645877] ? rcu_unexpedite_gp+0x20/0x20 [ 33.650118] synchronize_srcu+0x335/0x56f [ 33.654261] ? lock_downgrade+0x8f0/0x8f0 [ 33.658406] ? synchronize_srcu_expedited+0x20/0x20 [ 33.663423] ? kasan_check_read+0x11/0x20 [ 33.667583] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.672163] ? kasan_check_write+0x14/0x20 [ 33.676396] ? do_raw_spin_lock+0xc1/0x200 [ 33.680636] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.686359] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.691822] ? kvfree+0x61/0x70 [ 33.695126] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.700146] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.704208] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.708617] ? kvm_arch_sync_events+0x30/0x30 [ 33.713115] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.718656] ? mmu_notifier_unregister+0x474/0x600 [ 33.723584] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.727994] ? kfree+0x111/0x210 [ 33.731361] ? __mmu_notifier_register+0x30/0x30 [ 33.736117] ? __free_pages+0x10a/0x190 [ 33.740088] ? free_unref_page+0x930/0x930 [ 33.744331] kvm_put_kvm+0x73f/0x1060 [ 33.748136] ? kvm_write_guest_cached+0x40/0x40 [ 33.752825] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.757318] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.761813] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.766397] ? kasan_check_write+0x14/0x20 [ 33.770670] ? do_raw_spin_lock+0xc1/0x200 [ 33.774906] ? kvm_irqfd_release+0xdd/0x120 [ 33.779220] ? kvm_irqfd_release+0xdd/0x120 [ 33.783544] ? kvm_put_kvm+0x1060/0x1060 [ 33.787603] kvm_vm_release+0x42/0x50 [ 33.791400] __fput+0x36e/0x8c0 [ 33.794678] ? __alloc_file+0x400/0x400 [ 33.798660] ? check_same_owner+0x340/0x340 [ 33.802988] ? kasan_check_write+0x14/0x20 [ 33.807222] ? do_raw_spin_lock+0xc1/0x200 [ 33.811455] ____fput+0x15/0x20 [ 33.814740] task_work_run+0x1e8/0x2a0 [ 33.818625] ? task_work_cancel+0x240/0x240 [ 33.822948] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.828484] ? switch_task_namespaces+0xa2/0xd0 [ 33.833150] do_exit+0x1ae4/0x26e0 [ 33.836687] ? kmem_cache_alloc+0x12e/0x710 [ 33.841021] ? __alloc_file+0xac/0x400 [ 33.844910] ? native_usergs_sysret64+0x1/0x10 [ 33.849488] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.854154] ? find_held_lock+0x36/0x1c0 [ 33.858225] ? __lockdep_init_map+0x105/0x590 [ 33.862728] ? lockdep_init_map+0x9/0x10 [ 33.866793] ? debug_mutex_init+0x2d/0x60 [ 33.870938] ? graph_lock+0x170/0x170 [ 33.874744] ? __ia32_sys_membarrier+0x150/0x150 [ 33.879500] ? find_held_lock+0x36/0x1c0 [ 33.883565] ? kasan_check_read+0x11/0x20 [ 33.887721] ? rcu_is_watching+0x8c/0x150 [ 33.892324] ? __lock_is_held+0xb5/0x140 [ 33.896380] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 33.901078] ? __fd_install+0x2db/0x880 [ 33.905048] ? get_unused_fd_flags+0x1a0/0x1a0 [ 33.909633] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.915165] ? alloc_file_pseudo+0x281/0x3f0 [ 33.919570] ? alloc_file+0x430/0x430 [ 33.923381] ? __alloc_fd+0x710/0x710 [ 33.927187] do_group_exit+0x177/0x440 [ 33.931071] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.935388] ? __ia32_sys_exit+0x50/0x50 [ 33.939446] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.944546] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.950081] ? ksys_ioctl+0x81/0xd0 [ 33.953712] __x64_sys_exit_group+0x3e/0x50 [ 33.958040] do_syscall_64+0x1b9/0x820 [ 33.961930] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.967472] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.972401] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.977241] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.982255] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 33.987272] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.992288] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.997134] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.002317] RIP: 0033:0x43ed48 [ 34.005523] Code: Bad RIP value. [ 34.008879] RSP: 002b:00007ffdffd3ac18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.016584] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed48 [ 34.023861] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.031126] RBP: 00000000004be608 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.038392] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.045653] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.052954] [ 34.054606] Allocated by task 4453: [ 34.058236] save_stack+0x43/0xd0 [ 34.061682] kasan_kmalloc+0xc4/0xe0 [ 34.065399] kasan_slab_alloc+0x12/0x20 [ 34.069367] kmem_cache_alloc+0x12e/0x710 [ 34.073509] vmx_create_vcpu+0xcf/0x2830 [ 34.077566] kvm_arch_vcpu_create+0xe5/0x220 [ 34.081972] kvm_vm_ioctl+0x488/0x1d80 [ 34.085855] do_vfs_ioctl+0x1de/0x1720 [ 34.089754] ksys_ioctl+0xa9/0xd0 [ 34.093207] __x64_sys_ioctl+0x73/0xb0 [ 34.097091] do_syscall_64+0x1b9/0x820 [ 34.100976] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.106151] [ 34.107768] Freed by task 4453: [ 34.111040] save_stack+0x43/0xd0 [ 34.114514] __kasan_slab_free+0x11a/0x170 [ 34.118741] kasan_slab_free+0xe/0x10 [ 34.122535] kmem_cache_free+0x86/0x280 [ 34.126507] vmx_free_vcpu+0x26b/0x300 [ 34.130386] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.134790] kvm_put_kvm+0x73f/0x1060 [ 34.138583] kvm_vm_release+0x42/0x50 [ 34.142375] __fput+0x36e/0x8c0 [ 34.145645] ____fput+0x15/0x20 [ 34.148917] task_work_run+0x1e8/0x2a0 [ 34.152804] do_exit+0x1ae4/0x26e0 [ 34.156376] do_group_exit+0x177/0x440 [ 34.160258] __x64_sys_exit_group+0x3e/0x50 [ 34.164573] do_syscall_64+0x1b9/0x820 [ 34.168457] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.173630] [ 34.175263] The buggy address belongs to the object at ffff8801ad340040 [ 34.175263] which belongs to the cache kvm_vcpu of size 23872 [ 34.187834] The buggy address is located 24 bytes inside of [ 34.187834] 23872-byte region [ffff8801ad340040, ffff8801ad345d80) [ 34.199785] The buggy address belongs to the page: [ 34.204716] page:ffffea0006b4d000 count:1 mapcount:0 mapping:ffff8801d9fef240 index:0x0 compound_mapcount: 0 [ 34.214679] flags: 0x2fffc0000008100(slab|head) [ 34.219359] raw: 02fffc0000008100 ffff8801d53ce848 ffff8801d53ce848 ffff8801d9fef240 [ 34.227238] raw: 0000000000000000 ffff8801ad340040 0000000100000001 0000000000000000 [ 34.235103] page dumped because: kasan: bad access detected [ 34.240841] [ 34.242473] Memory state around the buggy address: [ 34.247394] ffff8801ad33ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.254745] ffff8801ad33ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.262096] >ffff8801ad340000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.269444] ^ [ 34.275669] ffff8801ad340080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.283023] ffff8801ad340100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.290368] ================================================================== [ 34.297725] Kernel panic - not syncing: panic_on_warn set ... [ 34.297725] [ 34.305091] CPU: 0 PID: 4453 Comm: syz-executor264 Tainted: G B 4.19.0-rc1+ #212 [ 34.313920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.323265] Call Trace: [ 34.325857] dump_stack+0x1c9/0x2b4 [ 34.329484] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.334670] ? lock_downgrade+0x8f0/0x8f0 [ 34.338833] ? __schedule+0xf54/0x1df0 [ 34.342728] panic+0x238/0x4e7 [ 34.345920] ? add_taint.cold.5+0x16/0x16 [ 34.350071] ? print_shadow_for_address+0xba/0x116 [ 34.354994] ? trace_hardirqs_off+0xaf/0x2b0 [ 34.359395] ? trace_hardirqs_off+0x77/0x2b0 [ 34.363801] ? __schedule+0xf54/0x1df0 [ 34.367690] kasan_end_report+0x47/0x4f [ 34.371673] kasan_report.cold.7+0x76/0x30d [ 34.376507] __asan_report_load8_noabort+0x14/0x20 [ 34.381435] __schedule+0xf54/0x1df0 [ 34.385149] ? __sched_text_start+0x8/0x8 [ 34.389296] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 34.394406] ? __call_srcu+0x7e7/0x1040 [ 34.398407] ? check_same_owner+0x340/0x340 [ 34.402730] ? mark_held_locks+0x160/0x160 [ 34.406977] ? find_held_lock+0x36/0x1c0 [ 34.411040] preempt_schedule_common+0x22/0x60 [ 34.415623] _cond_resched+0x1d/0x30 [ 34.419333] wait_for_completion+0xa5/0x8d0 [ 34.423652] ? wait_for_completion_interruptible+0x950/0x950 [ 34.429449] ? __lockdep_init_map+0x105/0x590 [ 34.433943] ? __init_waitqueue_head+0x9e/0x150 [ 34.438611] ? init_wait_entry+0x1c0/0x1c0 [ 34.442852] __synchronize_srcu+0x189/0x240 [ 34.447166] ? call_srcu+0x10/0x10 [ 34.450711] ? rcu_unexpedite_gp+0x20/0x20 [ 34.455434] synchronize_srcu+0x335/0x56f [ 34.459581] ? lock_downgrade+0x8f0/0x8f0 [ 34.463734] ? synchronize_srcu_expedited+0x20/0x20 [ 34.468770] ? kasan_check_read+0x11/0x20 [ 34.472932] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.477509] ? kasan_check_write+0x14/0x20 [ 34.481739] ? do_raw_spin_lock+0xc1/0x200 [ 34.485983] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.491695] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.497150] ? kvfree+0x61/0x70 [ 34.500429] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.505441] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.509512] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.513919] ? kvm_arch_sync_events+0x30/0x30 [ 34.518415] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.523953] ? mmu_notifier_unregister+0x474/0x600 [ 34.528880] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.533282] ? kfree+0x111/0x210 [ 34.536649] ? __mmu_notifier_register+0x30/0x30 [ 34.541407] ? __free_pages+0x10a/0x190 [ 34.545378] ? free_unref_page+0x930/0x930 [ 34.549620] kvm_put_kvm+0x73f/0x1060 [ 34.553882] ? kvm_write_guest_cached+0x40/0x40 [ 34.558557] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.563053] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.567546] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.572132] ? kasan_check_write+0x14/0x20 [ 34.576364] ? do_raw_spin_lock+0xc1/0x200 [ 34.580606] ? kvm_irqfd_release+0xdd/0x120 [ 34.584922] ? kvm_irqfd_release+0xdd/0x120 [ 34.589241] ? kvm_put_kvm+0x1060/0x1060 [ 34.593302] kvm_vm_release+0x42/0x50 [ 34.597115] __fput+0x36e/0x8c0 [ 34.600390] ? __alloc_file+0x400/0x400 [ 34.604378] ? check_same_owner+0x340/0x340 [ 34.608726] ? kasan_check_write+0x14/0x20 [ 34.612962] ? do_raw_spin_lock+0xc1/0x200 [ 34.617193] ____fput+0x15/0x20 [ 34.620473] task_work_run+0x1e8/0x2a0 [ 34.624360] ? task_work_cancel+0x240/0x240 [ 34.628681] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.634240] ? switch_task_namespaces+0xa2/0xd0 [ 34.638920] do_exit+0x1ae4/0x26e0 [ 34.642456] ? kmem_cache_alloc+0x12e/0x710 [ 34.646773] ? __alloc_file+0xac/0x400 [ 34.650663] ? native_usergs_sysret64+0x1/0x10 [ 34.655711] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.660362] ? find_held_lock+0x36/0x1c0 [ 34.664436] ? __lockdep_init_map+0x105/0x590 [ 34.668931] ? lockdep_init_map+0x9/0x10 [ 34.672989] ? debug_mutex_init+0x2d/0x60 [ 34.677135] ? graph_lock+0x170/0x170 [ 34.680954] ? __ia32_sys_membarrier+0x150/0x150 [ 34.685718] ? find_held_lock+0x36/0x1c0 [ 34.689789] ? kasan_check_read+0x11/0x20 [ 34.693935] ? rcu_is_watching+0x8c/0x150 [ 34.698075] ? __lock_is_held+0xb5/0x140 [ 34.702152] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.706873] ? __fd_install+0x2db/0x880 [ 34.710857] ? get_unused_fd_flags+0x1a0/0x1a0 [ 34.715442] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.720976] ? alloc_file_pseudo+0x281/0x3f0 [ 34.725379] ? alloc_file+0x430/0x430 [ 34.729183] ? __alloc_fd+0x710/0x710 [ 34.732994] do_group_exit+0x177/0x440 [ 34.736889] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.741206] ? __ia32_sys_exit+0x50/0x50 [ 34.745268] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.750369] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.755902] ? ksys_ioctl+0x81/0xd0 [ 34.759527] __x64_sys_exit_group+0x3e/0x50 [ 34.763847] do_syscall_64+0x1b9/0x820 [ 34.767742] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.773103] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.778026] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.782865] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.787877] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.792900] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.797915] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.802761] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.807945] RIP: 0033:0x43ed48 [ 34.811138] Code: Bad RIP value. [ 34.814499] RSP: 002b:00007ffdffd3ac18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.822205] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed48 [ 34.829468] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.836732] RBP: 00000000004be608 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.844000] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.851268] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.858541] [ 34.858547] ====================================================== [ 34.858553] WARNING: possible circular locking dependency detected [ 34.858556] 4.19.0-rc1+ #212 Not tainted [ 34.858562] ------------------------------------------------------ [ 34.858567] syz-executor264/4453 is trying to acquire lock: [ 34.858570] 000000009646b33b ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 34.858585] [ 34.858589] but task is already holding lock: [ 34.858593] 00000000cb2b257e (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.858607] [ 34.858611] which lock already depends on the new lock. [ 34.858614] [ 34.858616] [ 34.858621] the existing dependency chain (in reverse order) is: [ 34.858623] [ 34.858626] -> #3 (report_lock){....}: [ 34.858640] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.858644] kasan_report+0x8e/0x110 [ 34.858648] __asan_report_load8_noabort+0x14/0x20 [ 34.858652] __schedule+0xf54/0x1df0 [ 34.858657] preempt_schedule_common+0x22/0x60 [ 34.858660] _cond_resched+0x1d/0x30 [ 34.858665] wait_for_completion+0xa5/0x8d0 [ 34.858669] __synchronize_srcu+0x189/0x240 [ 34.858673] synchronize_srcu+0x335/0x56f [ 34.858678] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.858682] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.858686] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.858690] kvm_put_kvm+0x73f/0x1060 [ 34.858694] kvm_vm_release+0x42/0x50 [ 34.858697] __fput+0x36e/0x8c0 [ 34.858710] ____fput+0x15/0x20 [ 34.858714] task_work_run+0x1e8/0x2a0 [ 34.858718] do_exit+0x1ae4/0x26e0 [ 34.858722] do_group_exit+0x177/0x440 [ 34.858726] __x64_sys_exit_group+0x3e/0x50 [ 34.858730] do_syscall_64+0x1b9/0x820 [ 34.858735] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.858737] [ 34.858739] -> #2 (&rq->lock){-.-.}: [ 34.858753] _raw_spin_lock+0x2a/0x40 [ 34.858757] task_fork_fair+0x93/0x680 [ 34.858761] sched_fork+0x44b/0xbd0 [ 34.858765] copy_process+0x235e/0x7ad0 [ 34.858768] _do_fork+0x1ca/0x1170 [ 34.858772] kernel_thread+0x34/0x40 [ 34.858776] rest_init+0x22/0xe4 [ 34.858780] start_kernel+0x913/0x94e [ 34.858784] x86_64_start_reservations+0x29/0x2b [ 34.858788] x86_64_start_kernel+0x76/0x79 [ 34.858793] secondary_startup_64+0xa4/0xb0 [ 34.858795] [ 34.858797] -> #1 (&p->pi_lock){-.-.}: [ 34.858812] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.858816] try_to_wake_up+0xd2/0x1250 [ 34.858820] wake_up_process+0x10/0x20 [ 34.858824] __up.isra.1+0x1c0/0x2a0 [ 34.858827] up+0x13c/0x1c0 [ 34.858831] __up_console_sem+0xbe/0x1b0 [ 34.858836] console_unlock+0x506/0x10d0 [ 34.858840] vprintk_emit+0x33a/0x910 [ 34.858844] vprintk_default+0x28/0x30 [ 34.858847] vprintk_func+0x7a/0x117 [ 34.858851] printk+0xa7/0xcf [ 34.858854] load_umh+0x51/0xbd [ 34.858858] do_one_initcall+0x127/0x838 [ 34.858863] kernel_init_freeable+0x4bb/0x5ae [ 34.858867] kernel_init+0x11/0x1b3 [ 34.858870] ret_from_fork+0x3a/0x50 [ 34.858873] [ 34.858875] -> #0 ((console_sem).lock){-...}: [ 34.858890] lock_acquire+0x1e4/0x4f0 [ 34.858894] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.858898] down_trylock+0x13/0x70 [ 34.858902] __down_trylock_console_sem+0xae/0x200 [ 34.858906] console_trylock+0x15/0xa0 [ 34.858910] vprintk_emit+0x31f/0x910 [ 34.858914] vprintk_default+0x28/0x30 [ 34.858918] vprintk_func+0x7a/0x117 [ 34.858921] printk+0xa7/0xcf [ 34.858925] kasan_report+0x9e/0x110 [ 34.858930] __asan_report_load8_noabort+0x14/0x20 [ 34.858934] __schedule+0xf54/0x1df0 [ 34.858938] preempt_schedule_common+0x22/0x60 [ 34.858942] _cond_resched+0x1d/0x30 [ 34.858946] wait_for_completion+0xa5/0x8d0 [ 34.858950] __synchronize_srcu+0x189/0x240 [ 34.858954] synchronize_srcu+0x335/0x56f [ 34.858959] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.858963] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.858968] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.858971] kvm_put_kvm+0x73f/0x1060 [ 34.858975] kvm_vm_release+0x42/0x50 [ 34.858979] __fput+0x36e/0x8c0 [ 34.858982] ____fput+0x15/0x20 [ 34.858986] task_work_run+0x1e8/0x2a0 [ 34.858990] do_exit+0x1ae4/0x26e0 [ 34.858994] do_group_exit+0x177/0x440 [ 34.858998] __x64_sys_exit_group+0x3e/0x50 [ 34.859002] do_syscall_64+0x1b9/0x820 [ 34.859007] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.859009] [ 34.859014] other info that might help us debug this: [ 34.859016] [ 34.859019] Chain exists of: [ 34.859021] (console_sem).lock --> &rq->lock --> report_lock [ 34.859040] [ 34.859044] Possible unsafe locking scenario: [ 34.859046] [ 34.859050] CPU0 CPU1 [ 34.859054] ---- ---- [ 34.859057] lock(report_lock); [ 34.859066] lock(&rq->lock); [ 34.859075] lock(report_lock); [ 34.859083] lock((console_sem).lock); [ 34.859091] [ 34.859095] *** DEADLOCK *** [ 34.859097] [ 34.859101] 2 locks held by syz-executor264/4453: [ 34.859103] #0: 00000000ff7b60ea (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 34.859121] #1: 00000000cb2b257e (report_lock){....}, at: kasan_report+0x8e/0x110 [ 34.859138] [ 34.859141] stack backtrace: [ 34.859147] CPU: 0 PID: 4453 Comm: syz-executor264 Not tainted 4.19.0-rc1+ #212 [ 34.859154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.859157] Call Trace: [ 34.859161] dump_stack+0x1c9/0x2b4 [ 34.859165] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.859169] ? vprintk_func+0x100/0x117 [ 34.859174] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 34.859178] ? save_trace+0xe0/0x290 [ 34.859183] __lock_acquire+0x3449/0x5020 [ 34.859187] ? mark_held_locks+0x160/0x160 [ 34.859191] ? mark_held_locks+0x160/0x160 [ 34.859195] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.859200] ? is_bpf_text_address+0xd7/0x170 [ 34.859204] ? kernel_text_address+0x79/0xf0 [ 34.859208] ? __kernel_text_address+0xd/0x40 [ 34.859212] ? __save_stack_trace+0x8d/0xf0 [ 34.859217] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 34.859221] ? save_trace+0x290/0x290 [ 34.859225] ? save_stack_trace+0x1a/0x20 [ 34.859229] ? save_trace+0xe0/0x290 [ 34.859233] ? graph_lock+0x170/0x170 [ 34.859238] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.859241] lock_acquire+0x1e4/0x4f0 [ 34.859251] ? down_trylock+0x13/0x70 [ 34.859255] ? lock_release+0x9f0/0x9f0 [ 34.859259] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.859263] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.859267] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.859271] ? log_store+0x34f/0x4c0 [ 34.859275] ? vprintk_emit+0x31f/0x910 [ 34.859279] _raw_spin_lock_irqsave+0x96/0xc0 [ 34.859283] ? down_trylock+0x13/0x70 [ 34.859287] down_trylock+0x13/0x70 [ 34.859291] __down_trylock_console_sem+0xae/0x200 [ 34.859295] console_trylock+0x15/0xa0 [ 34.859299] vprintk_emit+0x31f/0x910 [ 34.859303] ? wake_up_klogd+0x110/0x110 [ 34.859307] ? run_rebalance_domains+0x4c0/0x4c0 [ 34.859311] ? kasan_check_read+0x11/0x20 [ 34.859316] ? rcu_is_watching+0x8c/0x150 [ 34.859320] ? rcu_pm_notify+0xc0/0xc0 [ 34.859324] ? lock_acquire+0x1e4/0x4f0 [ 34.859328] ? kasan_report+0x8e/0x110 [ 34.859331] ? __schedule+0xf54/0x1df0 [ 34.859335] vprintk_default+0x28/0x30 [ 34.859339] vprintk_func+0x7a/0x117 [ 34.859343] printk+0xa7/0xcf [ 34.859347] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.859351] ? kasan_check_write+0x14/0x20 [ 34.859355] ? do_raw_spin_lock+0xc1/0x200 [ 34.859359] ? do_raw_spin_lock+0xc1/0x200 [ 34.859363] kasan_report+0x9e/0x110 [ 34.859368] __asan_report_load8_noabort+0x14/0x20 [ 34.859372] __schedule+0xf54/0x1df0 [ 34.859376] ? __sched_text_start+0x8/0x8 [ 34.859380] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 34.859384] ? __call_srcu+0x7e7/0x1040 [ 34.859388] ? check_same_owner+0x340/0x340 [ 34.859393] ? mark_held_locks+0x160/0x160 [ 34.859396] ? find_held_lock+0x36/0x1c0 [ 34.859401] preempt_schedule_common+0x22/0x60 [ 34.859405] _cond_resched+0x1d/0x30 [ 34.859409] wait_for_completion+0xa5/0x8d0 [ 34.859414] ? wait_for_completion_interruptible+0x950/0x950 [ 34.859418] ? __lockdep_init_map+0x105/0x590 [ 34.859422] ? __init_waitqueue_head+0x9e/0x150 [ 34.859426] ? init_wait_entry+0x1c0/0x1c0 [ 34.859430] __synchronize_srcu+0x189/0x240 [ 34.859434] ? call_srcu+0x10/0x10 [ 34.859438] ? rcu_unexpedite_gp+0x20/0x20 [ 34.859442] synchronize_srcu+0x335/0x56f [ 34.859446] ? lock_downgrade+0x8f0/0x8f0 [ 34.859451] ? synchronize_srcu_expedited+0x20/0x20 [ 34.859455] ? kasan_check_read+0x11/0x20 [ 34.859459] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.859463] ? kasan_check_write+0x14/0x20 [ 34.859468] ? do_raw_spin_lock+0xc1/0x200 [ 34.859473] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.859477] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.859481] ? kvfree+0x61/0x70 [ 34.859485] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.859489] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.859494] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.859498] ? kvm_arch_sync_events+0x30/0x30 [ 34.859503] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.859507] ? mmu_notifier_unregister+0x474/0x600 [ 34.859512] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.859515] ? kfree+0x111/0x210 [ 34.859520] ? __mmu_notifier_register+0x30/0x30 [ 34.859523] ? __free_pages+0x10a/0x190 [ 34.859528] ? free_unref_page+0x930/0x930 [ 34.859532] kvm_put_kvm+0x73f/0x1060 [ 34.859536] ? kvm_write_guest_cached+0x40/0x40 [ 34.859540] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.859544] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.859549] ? lockdep_hardirqs_on+0x421/0x5c0 [ 34.859553] ? kasan_check_write+0x14/0x20 [ 34.859557] ? do_raw_spin_lock+0xc1/0x200 [ 34.859561] ? kvm_irqfd_release+0xdd/0x120 [ 34.859565] ? kvm_irqfd_release+0xdd/0x120 [ 34.859570] ? kvm_put_kvm+0x1060/0x1060 [ 34.859573] kvm_vm_release+0x42/0x50 [ 34.859577] __fput+0x36e/0x8c0 [ 34.859581] ? __alloc_file+0x400/0x400 [ 34.859585] ? check_same_owner+0x340/0x340 [ 34.859589] ? kasan_check_write+0x14/0x20 [ 34.859593] ? do_raw_spin_lock+0xc1/0x200 [ 34.859597] ____fput+0x15/0x20 [ 34.859601] task_work_run+0x1e8/0x2a0 [ 34.859605] ? task_work_cancel+0x240/0x240 [ 34.859610] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.859614] ? switch_task_namespaces+0xa2/0xd0 [ 34.859618] do_exit+0x1ae4/0x26e0 [ 34.859622] ? kmem_cache_alloc+0x12e/0x710 [ 34.859626] ? __alloc_file+0xac/0x400 [ 34.859630] ? native_usergs_sysret64+0x1/0x10 [ 34.859634] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.859638] ? find_held_lock+0x36/0x1c0 [ 34.859643] ? __lockdep_init_map+0x105/0x590 [ 34.859647] ? lockdep_init_map+0x9/0x10 [ 34.859650] ? debug_mutex_init+0 [ 34.859657] Lost 38 message(s)! [ 35.954774] Shutting down cpus with NMI [ 37.013577] Dumping ftrace buffer: [ 37.017100] (ftrace buffer empty) [ 37.020786] Kernel Offset: disabled [ 37.024393] Rebooting in 86400 seconds..