[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.673553] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.050225] random: sshd: uninitialized urandom read (32 bytes read) [ 27.400640] random: sshd: uninitialized urandom read (32 bytes read) [ 27.940404] random: sshd: uninitialized urandom read (32 bytes read) [ 28.117923] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.23' (ECDSA) to the list of known hosts. [ 33.668114] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.764833] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 33.789787] ================================================================== [ 33.799661] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 33.805906] Read of size 8 at addr ffff8801b8ea8058 by task syz-executor471/4654 [ 33.813436] [ 33.815081] CPU: 0 PID: 4654 Comm: syz-executor471 Not tainted 4.19.0-rc2+ #220 [ 33.822527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.831880] Call Trace: [ 33.834494] dump_stack+0x1c9/0x2b4 [ 33.838127] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.843320] ? printk+0xa7/0xcf [ 33.846602] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.851362] ? __schedule+0xf54/0x1df0 [ 33.855258] print_address_description+0x6c/0x20b [ 33.860107] ? __schedule+0xf54/0x1df0 [ 33.863997] kasan_report.cold.7+0x242/0x30d [ 33.868413] __asan_report_load8_noabort+0x14/0x20 [ 33.873346] __schedule+0xf54/0x1df0 [ 33.877059] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.882168] ? __sched_text_start+0x8/0x8 [ 33.886321] ? __call_srcu+0x7e7/0x1040 [ 33.890303] ? check_same_owner+0x340/0x340 [ 33.894622] ? mark_held_locks+0x160/0x160 [ 33.898855] ? find_held_lock+0x36/0x1c0 [ 33.902926] preempt_schedule_common+0x22/0x60 [ 33.907510] _cond_resched+0x1d/0x30 [ 33.911223] wait_for_completion+0xa5/0x8d0 [ 33.915547] ? wait_for_completion_interruptible+0x950/0x950 [ 33.921346] ? __lockdep_init_map+0x105/0x590 [ 33.925841] ? __init_waitqueue_head+0x9e/0x150 [ 33.930534] ? init_wait_entry+0x1c0/0x1c0 [ 33.934771] __synchronize_srcu+0x189/0x240 [ 33.939090] ? call_srcu+0x10/0x10 [ 33.942629] ? rcu_unexpedite_gp+0x20/0x20 [ 33.946872] synchronize_srcu+0x335/0x56f [ 33.951018] ? lock_downgrade+0x8f0/0x8f0 [ 33.955166] ? synchronize_srcu_expedited+0x20/0x20 [ 33.960188] ? kasan_check_read+0x11/0x20 [ 33.964351] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.968933] ? kasan_check_write+0x14/0x20 [ 33.973167] ? do_raw_spin_lock+0xc1/0x200 [ 33.977404] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.983127] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.988579] ? kvfree+0x61/0x70 [ 33.991861] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.996877] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.000934] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.005362] ? kvm_arch_sync_events+0x30/0x30 [ 34.009864] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.015404] ? mmu_notifier_unregister+0x474/0x600 [ 34.020331] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.024741] ? kfree+0x111/0x210 [ 34.028141] ? __mmu_notifier_register+0x30/0x30 [ 34.032908] ? __free_pages+0x10a/0x190 [ 34.036881] ? free_unref_page+0x930/0x930 [ 34.041125] kvm_put_kvm+0x73f/0x1060 [ 34.044942] ? kvm_write_guest_cached+0x40/0x40 [ 34.049622] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.054393] ? kvm_irqfd_release+0xdd/0x120 [ 34.058715] ? kvm_irqfd_release+0xdd/0x120 [ 34.063046] ? kvm_put_kvm+0x1060/0x1060 [ 34.067114] kvm_vm_release+0x42/0x50 [ 34.070915] __fput+0x38a/0xa40 [ 34.074196] ? __alloc_file+0x400/0x400 [ 34.078181] ? check_same_owner+0x340/0x340 [ 34.082507] ? kasan_check_write+0x14/0x20 [ 34.086741] ? do_raw_spin_lock+0xc1/0x200 [ 34.090978] ____fput+0x15/0x20 [ 34.094258] task_work_run+0x1e8/0x2a0 [ 34.098144] ? task_work_cancel+0x240/0x240 [ 34.102488] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.108028] ? switch_task_namespaces+0xa2/0xd0 [ 34.112701] do_exit+0x1ae4/0x26e0 [ 34.116246] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.120923] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.125161] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.130178] ? kfree+0x1d7/0x210 [ 34.134044] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.138283] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.143999] ? is_bpf_text_address+0xd7/0x170 [ 34.148507] ? kernel_text_address+0x79/0xf0 [ 34.152914] ? __kernel_text_address+0xd/0x40 [ 34.157411] ? unwind_get_return_address+0x61/0xa0 [ 34.162377] ? __save_stack_trace+0x8d/0xf0 [ 34.166705] ? save_stack+0xa9/0xd0 [ 34.170335] ? save_stack+0x43/0xd0 [ 34.173961] ? __kasan_slab_free+0x11a/0x170 [ 34.178368] ? kasan_slab_free+0xe/0x10 [ 34.182344] ? putname+0xf2/0x130 [ 34.185796] ? __x64_sys_openat+0x9d/0x100 [ 34.190034] ? do_syscall_64+0x1b9/0x820 [ 34.194099] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.199482] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.203897] ? kasan_check_read+0x11/0x20 [ 34.208049] ? do_raw_spin_unlock+0xa7/0x2f0 [ 34.212462] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.216893] ? initcall_blacklisted+0x9a/0x1e0 [ 34.221496] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 34.226613] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 34.232337] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.237879] ? do_vfs_ioctl+0x201/0x1720 [ 34.241947] ? rcu_is_watching+0x8c/0x150 [ 34.246098] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.250430] ? ioctl_preallocate+0x300/0x300 [ 34.254852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.260395] ? __fget_light+0x2f7/0x440 [ 34.264632] ? fget_raw+0x20/0x20 [ 34.268082] ? putname+0xf2/0x130 [ 34.271538] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.276557] ? kmem_cache_free+0x246/0x280 [ 34.280792] ? putname+0xf7/0x130 [ 34.284266] do_group_exit+0x177/0x440 [ 34.288155] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.292488] ? __ia32_sys_exit+0x50/0x50 [ 34.296548] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.301653] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.307192] ? ksys_ioctl+0x81/0xd0 [ 34.310824] __x64_sys_exit_group+0x3e/0x50 [ 34.315154] do_syscall_64+0x1b9/0x820 [ 34.319043] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.324417] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.329349] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.334197] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.339220] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.344246] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.349102] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.354291] RIP: 0033:0x43ecd8 [ 34.357495] Code: Bad RIP value. [ 34.360855] RSP: 002b:00007ffc480d16d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.368576] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8 [ 34.375850] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 34.383131] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 34.390408] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 34.397686] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 34.404969] [ 34.406594] Allocated by task 4654: [ 34.410223] save_stack+0x43/0xd0 [ 34.413677] kasan_kmalloc+0xc4/0xe0 [ 34.417392] kasan_slab_alloc+0x12/0x20 [ 34.421365] kmem_cache_alloc+0x12e/0x710 [ 34.425514] vmx_create_vcpu+0xcf/0x2830 [ 34.429574] kvm_arch_vcpu_create+0xe5/0x220 [ 34.433989] kvm_vm_ioctl+0x488/0x1d80 [ 34.437879] do_vfs_ioctl+0x1de/0x1720 [ 34.441769] ksys_ioctl+0xa9/0xd0 [ 34.445221] __x64_sys_ioctl+0x73/0xb0 [ 34.449108] do_syscall_64+0x1b9/0x820 [ 34.452993] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.458170] [ 34.459792] Freed by task 4654: [ 34.463069] save_stack+0x43/0xd0 [ 34.466522] __kasan_slab_free+0x11a/0x170 [ 34.470751] kasan_slab_free+0xe/0x10 [ 34.474552] kmem_cache_free+0x86/0x280 [ 34.478525] vmx_free_vcpu+0x26b/0x300 [ 34.482410] kvm_arch_destroy_vm+0x365/0x7c0 [ 34.486816] kvm_put_kvm+0x73f/0x1060 [ 34.490614] kvm_vm_release+0x42/0x50 [ 34.494410] __fput+0x38a/0xa40 [ 34.497683] ____fput+0x15/0x20 [ 34.500979] task_work_run+0x1e8/0x2a0 [ 34.504862] do_exit+0x1ae4/0x26e0 [ 34.508406] do_group_exit+0x177/0x440 [ 34.512292] __x64_sys_exit_group+0x3e/0x50 [ 34.516613] do_syscall_64+0x1b9/0x820 [ 34.520504] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.525683] [ 34.527307] The buggy address belongs to the object at ffff8801b8ea8040 [ 34.527307] which belongs to the cache kvm_vcpu of size 23872 [ 34.539890] The buggy address is located 24 bytes inside of [ 34.539890] 23872-byte region [ffff8801b8ea8040, ffff8801b8eadd80) [ 34.551851] The buggy address belongs to the page: [ 34.556781] page:ffffea0006e3aa00 count:1 mapcount:0 mapping:ffff8801d5348b40 index:0x0 compound_mapcount: 0 [ 34.566754] flags: 0x2fffc0000008100(slab|head) [ 34.571425] raw: 02fffc0000008100 ffff8801d5343948 ffff8801d5343948 ffff8801d5348b40 [ 34.579311] raw: 0000000000000000 ffff8801b8ea8040 0000000100000001 0000000000000000 [ 34.587186] page dumped because: kasan: bad access detected [ 34.592894] [ 34.594512] Memory state around the buggy address: [ 34.599446] ffff8801b8ea7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.606826] ffff8801b8ea7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.614195] >ffff8801b8ea8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 34.621557] ^ [ 34.627797] ffff8801b8ea8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.635167] ffff8801b8ea8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.642530] ================================================================== [ 34.649900] Kernel panic - not syncing: panic_on_warn set ... [ 34.649900] [ 34.657280] CPU: 0 PID: 4654 Comm: syz-executor471 Tainted: G B 4.19.0-rc2+ #220 [ 34.666122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.675492] Call Trace: [ 34.678093] dump_stack+0x1c9/0x2b4 [ 34.681725] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.686917] ? lock_downgrade+0x8f0/0x8f0 [ 34.691069] ? __schedule+0xf54/0x1df0 [ 34.694957] panic+0x238/0x4e7 [ 34.698149] ? add_taint.cold.5+0x16/0x16 [ 34.702306] ? print_shadow_for_address+0xba/0x116 [ 34.707237] ? trace_hardirqs_off+0xaf/0x2b0 [ 34.711644] ? trace_hardirqs_off+0x77/0x2b0 [ 34.716055] ? __schedule+0xf54/0x1df0 [ 34.719946] kasan_end_report+0x47/0x4f [ 34.723926] kasan_report.cold.7+0x76/0x30d [ 34.728252] __asan_report_load8_noabort+0x14/0x20 [ 34.733190] __schedule+0xf54/0x1df0 [ 34.736905] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.742013] ? __sched_text_start+0x8/0x8 [ 34.746163] ? __call_srcu+0x7e7/0x1040 [ 34.750145] ? check_same_owner+0x340/0x340 [ 34.754472] ? mark_held_locks+0x160/0x160 [ 34.758716] ? find_held_lock+0x36/0x1c0 [ 34.762787] preempt_schedule_common+0x22/0x60 [ 34.767376] _cond_resched+0x1d/0x30 [ 34.771092] wait_for_completion+0xa5/0x8d0 [ 34.775422] ? wait_for_completion_interruptible+0x950/0x950 [ 34.781227] ? __lockdep_init_map+0x105/0x590 [ 34.785729] ? __init_waitqueue_head+0x9e/0x150 [ 34.790396] ? init_wait_entry+0x1c0/0x1c0 [ 34.794639] __synchronize_srcu+0x189/0x240 [ 34.798962] ? call_srcu+0x10/0x10 [ 34.802507] ? rcu_unexpedite_gp+0x20/0x20 [ 34.806749] synchronize_srcu+0x335/0x56f [ 34.810904] ? lock_downgrade+0x8f0/0x8f0 [ 34.815049] ? synchronize_srcu_expedited+0x20/0x20 [ 34.820069] ? kasan_check_read+0x11/0x20 [ 34.824218] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 34.828804] ? kasan_check_write+0x14/0x20 [ 34.833040] ? do_raw_spin_lock+0xc1/0x200 [ 34.837280] kvm_page_track_unregister_notifier+0x17d/0x250 [ 34.842994] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 34.848447] ? kvfree+0x61/0x70 [ 34.851762] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.856779] kvm_mmu_uninit_vm+0x1c/0x20 [ 34.860838] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 34.865246] ? kvm_arch_sync_events+0x30/0x30 [ 34.869744] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.875282] ? mmu_notifier_unregister+0x474/0x600 [ 34.880212] ? trace_hardirqs_on+0x2c0/0x2c0 [ 34.884620] ? kfree+0x111/0x210 [ 34.887989] ? __mmu_notifier_register+0x30/0x30 [ 34.892747] ? __free_pages+0x10a/0x190 [ 34.896728] ? free_unref_page+0x930/0x930 [ 34.900972] kvm_put_kvm+0x73f/0x1060 [ 34.904777] ? kvm_write_guest_cached+0x40/0x40 [ 34.909451] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.914233] ? kvm_irqfd_release+0xdd/0x120 [ 34.918554] ? kvm_irqfd_release+0xdd/0x120 [ 34.922883] ? kvm_put_kvm+0x1060/0x1060 [ 34.926942] kvm_vm_release+0x42/0x50 [ 34.930742] __fput+0x38a/0xa40 [ 34.934024] ? __alloc_file+0x400/0x400 [ 34.938023] ? check_same_owner+0x340/0x340 [ 34.942345] ? kasan_check_write+0x14/0x20 [ 34.946585] ? do_raw_spin_lock+0xc1/0x200 [ 34.950823] ____fput+0x15/0x20 [ 34.954102] task_work_run+0x1e8/0x2a0 [ 34.957990] ? task_work_cancel+0x240/0x240 [ 34.962315] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.967852] ? switch_task_namespaces+0xa2/0xd0 [ 34.972524] do_exit+0x1ae4/0x26e0 [ 34.976084] ? mm_update_next_owner+0x9a0/0x9a0 [ 34.980761] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 34.984996] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.990012] ? kfree+0x1d7/0x210 [ 34.993381] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 34.997641] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.003359] ? is_bpf_text_address+0xd7/0x170 [ 35.007857] ? kernel_text_address+0x79/0xf0 [ 35.012264] ? __kernel_text_address+0xd/0x40 [ 35.016759] ? unwind_get_return_address+0x61/0xa0 [ 35.021705] ? __save_stack_trace+0x8d/0xf0 [ 35.026043] ? save_stack+0xa9/0xd0 [ 35.029674] ? save_stack+0x43/0xd0 [ 35.033300] ? __kasan_slab_free+0x11a/0x170 [ 35.037706] ? kasan_slab_free+0xe/0x10 [ 35.041682] ? putname+0xf2/0x130 [ 35.045135] ? __x64_sys_openat+0x9d/0x100 [ 35.049372] ? do_syscall_64+0x1b9/0x820 [ 35.053434] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.058816] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.063233] ? kasan_check_read+0x11/0x20 [ 35.067387] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.071797] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.076207] ? initcall_blacklisted+0x9a/0x1e0 [ 35.080794] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.085915] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.091630] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.097193] ? do_vfs_ioctl+0x201/0x1720 [ 35.101258] ? rcu_is_watching+0x8c/0x150 [ 35.105404] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.109731] ? ioctl_preallocate+0x300/0x300 [ 35.114140] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.119679] ? __fget_light+0x2f7/0x440 [ 35.123652] ? fget_raw+0x20/0x20 [ 35.127101] ? putname+0xf2/0x130 [ 35.130560] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.136065] ? kmem_cache_free+0x246/0x280 [ 35.140299] ? putname+0xf7/0x130 [ 35.143754] do_group_exit+0x177/0x440 [ 35.147644] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.151963] ? __ia32_sys_exit+0x50/0x50 [ 35.156027] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.161137] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.166681] ? ksys_ioctl+0x81/0xd0 [ 35.170313] __x64_sys_exit_group+0x3e/0x50 [ 35.174643] do_syscall_64+0x1b9/0x820 [ 35.178535] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.183910] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.188844] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.193691] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.198716] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.203760] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.208610] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.213797] RIP: 0033:0x43ecd8 [ 35.216993] Code: Bad RIP value. [ 35.220355] RSP: 002b:00007ffc480d16d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.228067] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8 [ 35.235340] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.242636] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.249932] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.257208] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.264507] [ 35.264513] ====================================================== [ 35.264518] WARNING: possible circular locking dependency detected [ 35.264522] 4.19.0-rc2+ #220 Not tainted [ 35.264528] ------------------------------------------------------ [ 35.264533] syz-executor471/4654 is trying to acquire lock: [ 35.264536] 0000000013c8bb10 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 35.264551] [ 35.264555] but task is already holding lock: [ 35.264559] 0000000039316be2 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.264573] [ 35.264578] which lock already depends on the new lock. [ 35.264580] [ 35.264582] [ 35.264587] the existing dependency chain (in reverse order) is: [ 35.264590] [ 35.264592] -> #3 (report_lock){....}: [ 35.264607] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.264611] kasan_report+0x8e/0x110 [ 35.264615] __asan_report_load8_noabort+0x14/0x20 [ 35.264619] __schedule+0xf54/0x1df0 [ 35.264623] preempt_schedule_common+0x22/0x60 [ 35.264627] _cond_resched+0x1d/0x30 [ 35.264631] wait_for_completion+0xa5/0x8d0 [ 35.264636] __synchronize_srcu+0x189/0x240 [ 35.264640] synchronize_srcu+0x335/0x56f [ 35.264645] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.264649] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.264653] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.264657] kvm_put_kvm+0x73f/0x1060 [ 35.264661] kvm_vm_release+0x42/0x50 [ 35.264664] __fput+0x38a/0xa40 [ 35.264668] ____fput+0x15/0x20 [ 35.264672] task_work_run+0x1e8/0x2a0 [ 35.264675] do_exit+0x1ae4/0x26e0 [ 35.264679] do_group_exit+0x177/0x440 [ 35.264684] __x64_sys_exit_group+0x3e/0x50 [ 35.264688] do_syscall_64+0x1b9/0x820 [ 35.264692] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.264695] [ 35.264697] -> #2 (&rq->lock){-.-.}: [ 35.264711] _raw_spin_lock+0x2a/0x40 [ 35.264715] task_fork_fair+0x93/0x680 [ 35.264719] sched_fork+0x44b/0xbd0 [ 35.264723] copy_process+0x235e/0x7ad0 [ 35.264726] _do_fork+0x1ca/0x1170 [ 35.264730] kernel_thread+0x34/0x40 [ 35.264734] rest_init+0x22/0xe4 [ 35.264738] start_kernel+0x913/0x94e [ 35.264742] x86_64_start_reservations+0x29/0x2b [ 35.264746] x86_64_start_kernel+0x76/0x79 [ 35.264750] secondary_startup_64+0xa4/0xb0 [ 35.264753] [ 35.264755] -> #1 (&p->pi_lock){-.-.}: [ 35.264770] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.264774] try_to_wake_up+0xd2/0x1250 [ 35.264777] wake_up_process+0x10/0x20 [ 35.264781] __up.isra.1+0x1c0/0x2a0 [ 35.264785] up+0x13c/0x1c0 [ 35.264789] __up_console_sem+0xbe/0x1b0 [ 35.264793] console_unlock+0x506/0x10d0 [ 35.264797] vprintk_emit+0x33a/0x910 [ 35.264800] vprintk_default+0x28/0x30 [ 35.264804] vprintk_func+0x7a/0x117 [ 35.264808] printk+0xa7/0xcf [ 35.264812] do_exit.cold.22+0x120/0x21f [ 35.264816] do_group_exit+0x177/0x440 [ 35.264820] __x64_sys_exit_group+0x3e/0x50 [ 35.264824] do_syscall_64+0x1b9/0x820 [ 35.264828] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.264831] [ 35.264833] -> #0 ((console_sem).lock){-...}: [ 35.264848] lock_acquire+0x1e4/0x4f0 [ 35.264852] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.264856] down_trylock+0x13/0x70 [ 35.264860] __down_trylock_console_sem+0xae/0x200 [ 35.264864] console_trylock+0x15/0xa0 [ 35.264868] vprintk_emit+0x31f/0x910 [ 35.264872] vprintk_default+0x28/0x30 [ 35.264876] vprintk_func+0x7a/0x117 [ 35.264879] printk+0xa7/0xcf [ 35.264883] kasan_report+0x9e/0x110 [ 35.264888] __asan_report_load8_noabort+0x14/0x20 [ 35.264891] __schedule+0xf54/0x1df0 [ 35.264896] preempt_schedule_common+0x22/0x60 [ 35.264900] _cond_resched+0x1d/0x30 [ 35.264904] wait_for_completion+0xa5/0x8d0 [ 35.264908] __synchronize_srcu+0x189/0x240 [ 35.264912] synchronize_srcu+0x335/0x56f [ 35.264917] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.264921] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.264925] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.264929] kvm_put_kvm+0x73f/0x1060 [ 35.264933] kvm_vm_release+0x42/0x50 [ 35.264937] __fput+0x38a/0xa40 [ 35.264940] ____fput+0x15/0x20 [ 35.264944] task_work_run+0x1e8/0x2a0 [ 35.264948] do_exit+0x1ae4/0x26e0 [ 35.264952] do_group_exit+0x177/0x440 [ 35.264956] __x64_sys_exit_group+0x3e/0x50 [ 35.264960] do_syscall_64+0x1b9/0x820 [ 35.264965] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.264967] [ 35.264971] other info that might help us debug this: [ 35.264973] [ 35.264976] Chain exists of: [ 35.264979] (console_sem).lock --> &rq->lock --> report_lock [ 35.264997] [ 35.265001] Possible unsafe locking scenario: [ 35.265004] [ 35.265008] CPU0 CPU1 [ 35.265012] ---- ---- [ 35.265014] lock(report_lock); [ 35.265024] lock(&rq->lock); [ 35.265033] lock(report_lock); [ 35.265041] lock((console_sem).lock); [ 35.265049] [ 35.265052] *** DEADLOCK *** [ 35.265054] [ 35.265059] 2 locks held by syz-executor471/4654: [ 35.265061] #0: 0000000078290934 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 35.265078] #1: 0000000039316be2 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 35.265095] [ 35.265098] stack backtrace: [ 35.265104] CPU: 0 PID: 4654 Comm: syz-executor471 Not tainted 4.19.0-rc2+ #220 [ 35.265111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.265115] Call Trace: [ 35.265118] dump_stack+0x1c9/0x2b4 [ 35.265123] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.265127] ? vprintk_func+0x100/0x117 [ 35.265132] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 35.265136] ? save_trace+0xe0/0x290 [ 35.265140] __lock_acquire+0x3449/0x5020 [ 35.265144] ? mark_held_locks+0x160/0x160 [ 35.265148] ? mark_held_locks+0x160/0x160 [ 35.265152] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.265157] ? is_bpf_text_address+0xd7/0x170 [ 35.265161] ? kernel_text_address+0x79/0xf0 [ 35.265165] ? __kernel_text_address+0xd/0x40 [ 35.265169] ? __save_stack_trace+0x8d/0xf0 [ 35.265174] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 35.265178] ? save_trace+0x290/0x290 [ 35.265182] ? save_stack_trace+0x1a/0x20 [ 35.265186] ? save_trace+0xe0/0x290 [ 35.265190] ? graph_lock+0x170/0x170 [ 35.265194] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.265198] lock_acquire+0x1e4/0x4f0 [ 35.265202] ? down_trylock+0x13/0x70 [ 35.265206] ? lock_release+0x9f0/0x9f0 [ 35.265210] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.265214] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.265219] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.265223] ? log_store+0x34f/0x4c0 [ 35.265227] ? vprintk_emit+0x31f/0x910 [ 35.265231] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.265235] ? down_trylock+0x13/0x70 [ 35.265238] down_trylock+0x13/0x70 [ 35.265243] __down_trylock_console_sem+0xae/0x200 [ 35.265247] console_trylock+0x15/0xa0 [ 35.265251] vprintk_emit+0x31f/0x910 [ 35.265254] ? wake_up_klogd+0x110/0x110 [ 35.265259] ? run_rebalance_domains+0x4c0/0x4c0 [ 35.265263] ? kasan_check_read+0x11/0x20 [ 35.265267] ? rcu_is_watching+0x8c/0x150 [ 35.265271] ? rcu_pm_notify+0xc0/0xc0 [ 35.265275] ? lock_acquire+0x1e4/0x4f0 [ 35.265279] ? kasan_report+0x8e/0x110 [ 35.265283] ? __schedule+0xf54/0x1df0 [ 35.265286] vprintk_default+0x28/0x30 [ 35.265290] vprintk_func+0x7a/0x117 [ 35.265294] printk+0xa7/0xcf [ 35.265298] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.265302] ? kasan_check_write+0x14/0x20 [ 35.265306] ? do_raw_spin_lock+0xc1/0x200 [ 35.265310] ? do_raw_spin_lock+0xc1/0x200 [ 35.265314] kasan_report+0x9e/0x110 [ 35.265319] __asan_report_load8_noabort+0x14/0x20 [ 35.265322] __schedule+0xf54/0x1df0 [ 35.265327] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.265331] ? __sched_text_start+0x8/0x8 [ 35.265335] ? __call_srcu+0x7e7/0x1040 [ 35.265339] ? check_same_owner+0x340/0x340 [ 35.265343] ? mark_held_locks+0x160/0x160 [ 35.265347] ? find_held_lock+0x36/0x1c0 [ 35.265352] preempt_schedule_common+0x22/0x60 [ 35.265355] _cond_resched+0x1d/0x30 [ 35.265360] wait_for_completion+0xa5/0x8d0 [ 35.265365] ? wait_for_completion_interruptible+0x950/0x950 [ 35.265369] ? __lockdep_init_map+0x105/0x590 [ 35.265373] ? __init_waitqueue_head+0x9e/0x150 [ 35.265377] ? init_wait_entry+0x1c0/0x1c0 [ 35.265381] __synchronize_srcu+0x189/0x240 [ 35.265385] ? call_srcu+0x10/0x10 [ 35.265389] ? rcu_unexpedite_gp+0x20/0x20 [ 35.265393] synchronize_srcu+0x335/0x56f [ 35.265397] ? lock_downgrade+0x8f0/0x8f0 [ 35.265402] ? synchronize_srcu_expedited+0x20/0x20 [ 35.265406] ? kasan_check_read+0x11/0x20 [ 35.265410] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.265414] ? kasan_check_write+0x14/0x20 [ 35.265418] ? do_raw_spin_lock+0xc1/0x200 [ 35.265423] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.265428] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.265432] ? kvfree+0x61/0x70 [ 35.265436] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.265440] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.265445] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.265449] ? kvm_arch_sync_events+0x30/0x30 [ 35.265454] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.265458] ? mmu_notifier_unregister+0x474/0x600 [ 35.265471] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.265481] ? kfree+0x111/0x210 [ 35.265485] ? __mmu_notifier_register+0x30/0x30 [ 35.265489] ? __free_pages+0x10a/0x190 [ 35.265493] ? free_unref_page+0x930/0x930 [ 35.265497] kvm_put_kvm+0x73f/0x1060 [ 35.265501] ? kvm_write_guest_cached+0x40/0x40 [ 35.265506] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 35.265510] ? kvm_irqfd_release+0xdd/0x120 [ 35.265514] ? kvm_irqfd_release+0xdd/0x120 [ 35.265518] ? kvm_put_kvm+0x1060/0x1060 [ 35.265522] kvm_vm_release+0x42/0x50 [ 35.265526] __fput+0x38a/0xa40 [ 35.265530] ? __alloc_file+0x400/0x400 [ 35.265534] ? check_same_owner+0x340/0x340 [ 35.265538] ? kasan_check_write+0x14/0x20 [ 35.265542] ? do_raw_spin_lock+0xc1/0x200 [ 35.265546] ____fput+0x15/0x20 [ 35.265549] task_work_run+0x1e8/0x2a0 [ 35.265554] ? task_work_cancel+0x240/0x240 [ 35.265558] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.265563] ? switch_task_namespaces+0xa2/0xd0 [ 35.265566] do_exit+0x1ae4/0x26e0 [ 35.265571] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.265575] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.265579] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.265583] ? kfree+0x1d7/0x210 [ 35.265587] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.265592] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.265596] ? is_bpf_text_address+0xd7/0x170 [ 35.265601] ? kernel_text_address+0x79/0xf0 [ 35.265605] ? __kernel_text_address+0xd/0x40 [ 35.265609] ? unwind_get_return_address+0x61/0xa0 [ 35.265612] [ 35.265620] Lost 51 message(s)! [ 36.330807] Shutting down cpus with NMI [ 37.389905] Dumping ftrace buffer: [ 37.393433] (ftrace buffer empty) [ 37.397124] Kernel Offset: disabled [ 37.400736] Rebooting in 86400 seconds..