[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 21.590474] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.534399] random: sshd: uninitialized urandom read (32 bytes read) [ 25.752961] random: sshd: uninitialized urandom read (32 bytes read) [ 26.343279] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts. [ 32.206588] urandom_read: 1 callbacks suppressed [ 32.206593] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 32.310863] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 32.337222] ================================================================== [ 32.347036] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 32.353276] Read of size 8 at addr ffff8801b7120058 by task syz-executor456/4393 [ 32.360792] [ 32.362414] CPU: 0 PID: 4393 Comm: syz-executor456 Not tainted 4.19.0-rc1+ #212 [ 32.369848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.379190] Call Trace: [ 32.381771] dump_stack+0x1c9/0x2b4 [ 32.385394] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.390578] ? printk+0xa7/0xcf [ 32.393852] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.398608] ? __schedule+0xf54/0x1df0 [ 32.402494] print_address_description+0x6c/0x20b [ 32.407348] ? __schedule+0xf54/0x1df0 [ 32.411241] kasan_report.cold.7+0x242/0x30d [ 32.415649] __asan_report_load8_noabort+0x14/0x20 [ 32.420572] __schedule+0xf54/0x1df0 [ 32.424287] ? __sched_text_start+0x8/0x8 [ 32.428430] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 32.433531] ? __call_srcu+0x7e7/0x1040 [ 32.437517] ? check_same_owner+0x340/0x340 [ 32.441832] ? mark_held_locks+0x160/0x160 [ 32.446064] ? find_held_lock+0x36/0x1c0 [ 32.450124] preempt_schedule_common+0x22/0x60 [ 32.454700] _cond_resched+0x1d/0x30 [ 32.458417] wait_for_completion+0xa5/0x8d0 [ 32.462741] ? wait_for_completion_interruptible+0x950/0x950 [ 32.468533] ? __lockdep_init_map+0x105/0x590 [ 32.473037] ? __init_waitqueue_head+0x9e/0x150 [ 32.477702] ? init_wait_entry+0x1c0/0x1c0 [ 32.481938] __synchronize_srcu+0x189/0x240 [ 32.486253] ? call_srcu+0x10/0x10 [ 32.489791] ? rcu_unexpedite_gp+0x20/0x20 [ 32.494035] synchronize_srcu+0x335/0x56f [ 32.498177] ? lock_downgrade+0x8f0/0x8f0 [ 32.502335] ? synchronize_srcu_expedited+0x20/0x20 [ 32.507351] ? kasan_check_read+0x11/0x20 [ 32.511506] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.516085] ? kasan_check_write+0x14/0x20 [ 32.520316] ? do_raw_spin_lock+0xc1/0x200 [ 32.524553] kvm_page_track_unregister_notifier+0x17d/0x250 [ 32.530260] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 32.535703] ? kvfree+0x61/0x70 [ 32.538990] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.544015] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.548083] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 32.552486] ? kvm_arch_sync_events+0x30/0x30 [ 32.557006] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.562540] ? mmu_notifier_unregister+0x474/0x600 [ 32.567460] ? trace_hardirqs_on+0x2c0/0x2c0 [ 32.571859] ? kfree+0x111/0x210 [ 32.575223] ? __mmu_notifier_register+0x30/0x30 [ 32.579989] ? __free_pages+0x10a/0x190 [ 32.583968] ? free_unref_page+0x930/0x930 [ 32.588227] kvm_put_kvm+0x73f/0x1060 [ 32.592033] ? kvm_write_guest_cached+0x40/0x40 [ 32.596704] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.601192] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.605685] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.610269] ? kasan_check_write+0x14/0x20 [ 32.614500] ? do_raw_spin_lock+0xc1/0x200 [ 32.618735] ? kvm_irqfd_release+0xdd/0x120 [ 32.623071] ? kvm_irqfd_release+0xdd/0x120 [ 32.627395] ? kvm_put_kvm+0x1060/0x1060 [ 32.631466] kvm_vm_release+0x42/0x50 [ 32.635264] __fput+0x36e/0x8c0 [ 32.638543] ? __alloc_file+0x400/0x400 [ 32.642518] ? check_same_owner+0x340/0x340 [ 32.646838] ? kasan_check_write+0x14/0x20 [ 32.651069] ? do_raw_spin_lock+0xc1/0x200 [ 32.655303] ____fput+0x15/0x20 [ 32.658580] task_work_run+0x1e8/0x2a0 [ 32.662466] ? task_work_cancel+0x240/0x240 [ 32.666786] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.672318] ? switch_task_namespaces+0xa2/0xd0 [ 32.676989] do_exit+0x1ae4/0x26e0 [ 32.680536] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 32.685121] ? do_raw_spin_lock+0x1/0x200 [ 32.689722] ? mm_update_next_owner+0x9a0/0x9a0 [ 32.694388] ? _raw_spin_unlock+0x22/0x30 [ 32.698535] ? do_huge_pmd_anonymous_page+0x450/0x1bd0 [ 32.703824] ? __thp_get_unmapped_area+0x180/0x180 [ 32.708766] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 32.714474] ? is_bpf_text_address+0xd7/0x170 [ 32.718983] ? kernel_text_address+0x79/0xf0 [ 32.723390] ? pud_val+0x88/0x100 [ 32.726846] ? pmd_val+0x100/0x100 [ 32.730380] ? unwind_get_return_address+0x61/0xa0 [ 32.735310] ? __save_stack_trace+0x8d/0xf0 [ 32.739630] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.745162] ? __handle_mm_fault+0x945/0x4350 [ 32.749657] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 32.754495] ? graph_lock+0x170/0x170 [ 32.758298] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 32.763311] ? __fget_light+0x2f7/0x440 [ 32.767284] ? fget_raw+0x20/0x20 [ 32.770729] ? find_held_lock+0x36/0x1c0 [ 32.774791] ? __do_page_fault+0x620/0xe50 [ 32.779024] ? lock_downgrade+0x8f0/0x8f0 [ 32.783176] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 32.788709] ? sockfd_lookup_light+0xc5/0x160 [ 32.793205] ? __sys_sendmsg+0x1ba/0x290 [ 32.797606] ? __ia32_sys_shutdown+0x80/0x80 [ 32.802019] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.807550] ? __do_page_fault+0x449/0xe50 [ 32.811804] ? putname+0xf7/0x130 [ 32.815343] do_group_exit+0x177/0x440 [ 32.819226] ? trace_hardirqs_on+0xbd/0x2c0 [ 32.823540] ? __ia32_sys_exit+0x50/0x50 [ 32.827598] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 32.832703] __x64_sys_exit_group+0x3e/0x50 [ 32.837023] do_syscall_64+0x1b9/0x820 [ 32.840911] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.846269] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.851193] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.856031] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 32.861044] ? prepare_exit_to_usermode+0x291/0x3b0 [ 32.866060] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.870904] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.876095] RIP: 0033:0x43f158 [ 32.879286] Code: Bad RIP value. [ 32.882640] RSP: 002b:00007ffcc6afb428 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.890363] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f158 [ 32.897628] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 32.904888] RBP: 00000000004c0a08 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 32.912152] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 32.919412] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 32.926678] [ 32.928294] Allocated by task 4393: [ 32.931918] save_stack+0x43/0xd0 [ 32.935363] kasan_kmalloc+0xc4/0xe0 [ 32.939069] kasan_slab_alloc+0x12/0x20 [ 32.943035] kmem_cache_alloc+0x12e/0x710 [ 32.947181] vmx_create_vcpu+0xcf/0x2830 [ 32.951234] kvm_arch_vcpu_create+0xe5/0x220 [ 32.955638] kvm_vm_ioctl+0x488/0x1d80 [ 32.959521] do_vfs_ioctl+0x1de/0x1720 [ 32.963401] ksys_ioctl+0xa9/0xd0 [ 32.966851] __x64_sys_ioctl+0x73/0xb0 [ 32.970730] do_syscall_64+0x1b9/0x820 [ 32.974618] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.979823] [ 32.981438] Freed by task 4393: [ 32.984709] save_stack+0x43/0xd0 [ 32.988156] __kasan_slab_free+0x11a/0x170 [ 32.992382] kasan_slab_free+0xe/0x10 [ 32.996182] kmem_cache_free+0x86/0x280 [ 33.000149] vmx_free_vcpu+0x26b/0x300 [ 33.004033] kvm_arch_destroy_vm+0x365/0x7c0 [ 33.008434] kvm_put_kvm+0x73f/0x1060 [ 33.012233] kvm_vm_release+0x42/0x50 [ 33.016033] __fput+0x36e/0x8c0 [ 33.019301] ____fput+0x15/0x20 [ 33.022573] task_work_run+0x1e8/0x2a0 [ 33.026452] do_exit+0x1ae4/0x26e0 [ 33.029993] do_group_exit+0x177/0x440 [ 33.033889] __x64_sys_exit_group+0x3e/0x50 [ 33.038204] do_syscall_64+0x1b9/0x820 [ 33.042087] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.047260] [ 33.048879] The buggy address belongs to the object at ffff8801b7120040 [ 33.048879] which belongs to the cache kvm_vcpu of size 23872 [ 33.061444] The buggy address is located 24 bytes inside of [ 33.061444] 23872-byte region [ffff8801b7120040, ffff8801b7125d80) [ 33.073394] The buggy address belongs to the page: [ 33.078316] page:ffffea0006dc4800 count:1 mapcount:0 mapping:ffff8801d9e6a000 index:0x0 compound_mapcount: 0 [ 33.088280] flags: 0x2fffc0000008100(slab|head) [ 33.092946] raw: 02fffc0000008100 ffff8801d56bda48 ffff8801d56bda48 ffff8801d9e6a000 [ 33.100835] raw: 0000000000000000 ffff8801b7120040 0000000100000001 0000000000000000 [ 33.108700] page dumped because: kasan: bad access detected [ 33.114396] [ 33.116012] Memory state around the buggy address: [ 33.120935] ffff8801b711ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.128290] ffff8801b711ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.135654] >ffff8801b7120000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 33.143006] ^ [ 33.149230] ffff8801b7120080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.156579] ffff8801b7120100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.163925] ================================================================== [ 33.171271] Kernel panic - not syncing: panic_on_warn set ... [ 33.171271] [ 33.178634] CPU: 0 PID: 4393 Comm: syz-executor456 Tainted: G B 4.19.0-rc1+ #212 [ 33.187459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.196799] Call Trace: [ 33.199386] dump_stack+0x1c9/0x2b4 [ 33.203021] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.208208] ? lock_downgrade+0x8f0/0x8f0 [ 33.212356] ? __schedule+0xf54/0x1df0 [ 33.216265] panic+0x238/0x4e7 [ 33.219455] ? add_taint.cold.5+0x16/0x16 [ 33.223606] ? print_shadow_for_address+0xba/0x116 [ 33.228529] ? trace_hardirqs_off+0xaf/0x2b0 [ 33.232933] ? trace_hardirqs_off+0x77/0x2b0 [ 33.237339] ? __schedule+0xf54/0x1df0 [ 33.241404] kasan_end_report+0x47/0x4f [ 33.245379] kasan_report.cold.7+0x76/0x30d [ 33.249704] __asan_report_load8_noabort+0x14/0x20 [ 33.254626] __schedule+0xf54/0x1df0 [ 33.258339] ? __sched_text_start+0x8/0x8 [ 33.262483] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 33.267583] ? __call_srcu+0x7e7/0x1040 [ 33.271562] ? check_same_owner+0x340/0x340 [ 33.275876] ? mark_held_locks+0x160/0x160 [ 33.280116] ? find_held_lock+0x36/0x1c0 [ 33.284183] preempt_schedule_common+0x22/0x60 [ 33.288769] _cond_resched+0x1d/0x30 [ 33.292481] wait_for_completion+0xa5/0x8d0 [ 33.297413] ? wait_for_completion_interruptible+0x950/0x950 [ 33.303208] ? __lockdep_init_map+0x105/0x590 [ 33.307704] ? __init_waitqueue_head+0x9e/0x150 [ 33.312368] ? init_wait_entry+0x1c0/0x1c0 [ 33.316601] __synchronize_srcu+0x189/0x240 [ 33.320917] ? call_srcu+0x10/0x10 [ 33.324454] ? rcu_unexpedite_gp+0x20/0x20 [ 33.328693] synchronize_srcu+0x335/0x56f [ 33.332837] ? lock_downgrade+0x8f0/0x8f0 [ 33.336992] ? synchronize_srcu_expedited+0x20/0x20 [ 33.342019] ? kasan_check_read+0x11/0x20 [ 33.346163] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.350831] ? kasan_check_write+0x14/0x20 [ 33.355064] ? do_raw_spin_lock+0xc1/0x200 [ 33.359301] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.365016] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.370466] ? kvfree+0x61/0x70 [ 33.373743] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.378756] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.382813] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.387219] ? kvm_arch_sync_events+0x30/0x30 [ 33.391715] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.397253] ? mmu_notifier_unregister+0x474/0x600 [ 33.402176] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.406579] ? kfree+0x111/0x210 [ 33.409943] ? __mmu_notifier_register+0x30/0x30 [ 33.414718] ? __free_pages+0x10a/0x190 [ 33.418690] ? free_unref_page+0x930/0x930 [ 33.422931] kvm_put_kvm+0x73f/0x1060 [ 33.426736] ? kvm_write_guest_cached+0x40/0x40 [ 33.431410] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.435934] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.440426] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.445017] ? kasan_check_write+0x14/0x20 [ 33.449247] ? do_raw_spin_lock+0xc1/0x200 [ 33.453480] ? kvm_irqfd_release+0xdd/0x120 [ 33.457798] ? kvm_irqfd_release+0xdd/0x120 [ 33.462117] ? kvm_put_kvm+0x1060/0x1060 [ 33.466176] kvm_vm_release+0x42/0x50 [ 33.469981] __fput+0x36e/0x8c0 [ 33.473267] ? __alloc_file+0x400/0x400 [ 33.477242] ? check_same_owner+0x340/0x340 [ 33.481560] ? kasan_check_write+0x14/0x20 [ 33.485791] ? do_raw_spin_lock+0xc1/0x200 [ 33.490022] ____fput+0x15/0x20 [ 33.493297] task_work_run+0x1e8/0x2a0 [ 33.497179] ? task_work_cancel+0x240/0x240 [ 33.501501] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.507063] ? switch_task_namespaces+0xa2/0xd0 [ 33.511727] do_exit+0x1ae4/0x26e0 [ 33.515263] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.519845] ? do_raw_spin_lock+0x1/0x200 [ 33.523995] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.528668] ? _raw_spin_unlock+0x22/0x30 [ 33.532812] ? do_huge_pmd_anonymous_page+0x450/0x1bd0 [ 33.538088] ? __thp_get_unmapped_area+0x180/0x180 [ 33.543023] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 33.548730] ? is_bpf_text_address+0xd7/0x170 [ 33.553220] ? kernel_text_address+0x79/0xf0 [ 33.557620] ? pud_val+0x88/0x100 [ 33.561077] ? pmd_val+0x100/0x100 [ 33.564616] ? unwind_get_return_address+0x61/0xa0 [ 33.569545] ? __save_stack_trace+0x8d/0xf0 [ 33.573868] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.579400] ? __handle_mm_fault+0x945/0x4350 [ 33.583896] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 33.588734] ? graph_lock+0x170/0x170 [ 33.592537] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 33.597550] ? __fget_light+0x2f7/0x440 [ 33.601526] ? fget_raw+0x20/0x20 [ 33.604971] ? find_held_lock+0x36/0x1c0 [ 33.609050] ? __do_page_fault+0x620/0xe50 [ 33.613282] ? lock_downgrade+0x8f0/0x8f0 [ 33.617429] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.622963] ? sockfd_lookup_light+0xc5/0x160 [ 33.627470] ? __sys_sendmsg+0x1ba/0x290 [ 33.631529] ? __ia32_sys_shutdown+0x80/0x80 [ 33.635934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.641468] ? __do_page_fault+0x449/0xe50 [ 33.645696] ? putname+0xf7/0x130 [ 33.649155] do_group_exit+0x177/0x440 [ 33.653040] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.657355] ? __ia32_sys_exit+0x50/0x50 [ 33.661412] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.666513] __x64_sys_exit_group+0x3e/0x50 [ 33.670834] do_syscall_64+0x1b9/0x820 [ 33.674736] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.680098] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.685028] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.690341] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.695357] ? prepare_exit_to_usermode+0x291/0x3b0 [ 33.700372] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.705216] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.710399] RIP: 0033:0x43f158 [ 33.713590] Code: Bad RIP value. [ 33.716943] RSP: 002b:00007ffcc6afb428 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.724652] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f158 [ 33.731916] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.739179] RBP: 00000000004c0a08 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.746441] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 33.753702] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 33.760981] [ 33.760987] ====================================================== [ 33.760992] WARNING: possible circular locking dependency detected [ 33.760996] 4.19.0-rc1+ #212 Not tainted [ 33.761007] ------------------------------------------------------ [ 33.761012] syz-executor456/4393 is trying to acquire lock: [ 33.761015] 00000000d61aecbe ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 33.761030] [ 33.761034] but task is already holding lock: [ 33.761037] 00000000ecf2c3f6 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.761051] [ 33.761056] which lock already depends on the new lock. [ 33.761058] [ 33.761060] [ 33.761065] the existing dependency chain (in reverse order) is: [ 33.761067] [ 33.761070] -> #3 (report_lock){....}: [ 33.761084] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.761088] kasan_report+0x8e/0x110 [ 33.761092] __asan_report_load8_noabort+0x14/0x20 [ 33.761096] __schedule+0xf54/0x1df0 [ 33.761100] preempt_schedule_common+0x22/0x60 [ 33.761104] _cond_resched+0x1d/0x30 [ 33.761108] wait_for_completion+0xa5/0x8d0 [ 33.761112] __synchronize_srcu+0x189/0x240 [ 33.761116] synchronize_srcu+0x335/0x56f [ 33.761121] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.761125] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.761129] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.761133] kvm_put_kvm+0x73f/0x1060 [ 33.761136] kvm_vm_release+0x42/0x50 [ 33.761140] __fput+0x36e/0x8c0 [ 33.761143] ____fput+0x15/0x20 [ 33.761147] task_work_run+0x1e8/0x2a0 [ 33.761151] do_exit+0x1ae4/0x26e0 [ 33.761155] do_group_exit+0x177/0x440 [ 33.761159] __x64_sys_exit_group+0x3e/0x50 [ 33.761162] do_syscall_64+0x1b9/0x820 [ 33.761167] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.761169] [ 33.761171] -> #2 (&rq->lock){-.-.}: [ 33.761185] _raw_spin_lock+0x2a/0x40 [ 33.761189] task_fork_fair+0x93/0x680 [ 33.761193] sched_fork+0x44b/0xbd0 [ 33.761197] copy_process+0x235e/0x7ad0 [ 33.761200] _do_fork+0x1ca/0x1170 [ 33.761204] kernel_thread+0x34/0x40 [ 33.761207] rest_init+0x22/0xe4 [ 33.761211] start_kernel+0x913/0x94e [ 33.761215] x86_64_start_reservations+0x29/0x2b [ 33.761219] x86_64_start_kernel+0x76/0x79 [ 33.761223] secondary_startup_64+0xa4/0xb0 [ 33.761226] [ 33.761228] -> #1 (&p->pi_lock){-.-.}: [ 33.761242] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.761246] try_to_wake_up+0xd2/0x1250 [ 33.761250] wake_up_process+0x10/0x20 [ 33.761254] __up.isra.1+0x1c0/0x2a0 [ 33.761257] up+0x13c/0x1c0 [ 33.761261] __up_console_sem+0xbe/0x1b0 [ 33.761265] console_unlock+0x506/0x10d0 [ 33.761268] vprintk_emit+0x33a/0x910 [ 33.761272] vprintk_default+0x28/0x30 [ 33.761276] vprintk_func+0x7a/0x117 [ 33.761279] printk+0xa7/0xcf [ 33.761283] load_umh+0x51/0xbd [ 33.761287] do_one_initcall+0x127/0x838 [ 33.761291] kernel_init_freeable+0x4bb/0x5ae [ 33.761294] kernel_init+0x11/0x1b3 [ 33.761298] ret_from_fork+0x3a/0x50 [ 33.761300] [ 33.761302] -> #0 ((console_sem).lock){-...}: [ 33.761317] lock_acquire+0x1e4/0x4f0 [ 33.761321] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.761325] down_trylock+0x13/0x70 [ 33.761329] __down_trylock_console_sem+0xae/0x200 [ 33.761333] console_trylock+0x15/0xa0 [ 33.761336] vprintk_emit+0x31f/0x910 [ 33.761340] vprintk_default+0x28/0x30 [ 33.761344] vprintk_func+0x7a/0x117 [ 33.761347] printk+0xa7/0xcf [ 33.761351] kasan_report+0x9e/0x110 [ 33.761355] __asan_report_load8_noabort+0x14/0x20 [ 33.761359] __schedule+0xf54/0x1df0 [ 33.761363] preempt_schedule_common+0x22/0x60 [ 33.761367] _cond_resched+0x1d/0x30 [ 33.761371] wait_for_completion+0xa5/0x8d0 [ 33.761375] __synchronize_srcu+0x189/0x240 [ 33.761379] synchronize_srcu+0x335/0x56f [ 33.761384] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.761388] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.761392] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.761396] kvm_put_kvm+0x73f/0x1060 [ 33.761400] kvm_vm_release+0x42/0x50 [ 33.761403] __fput+0x36e/0x8c0 [ 33.761406] ____fput+0x15/0x20 [ 33.761410] task_work_run+0x1e8/0x2a0 [ 33.761414] do_exit+0x1ae4/0x26e0 [ 33.761418] do_group_exit+0x177/0x440 [ 33.761422] __x64_sys_exit_group+0x3e/0x50 [ 33.761425] do_syscall_64+0x1b9/0x820 [ 33.761430] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.761432] [ 33.761437] other info that might help us debug this: [ 33.761439] [ 33.761442] Chain exists of: [ 33.761444] (console_sem).lock --> &rq->lock --> report_lock [ 33.761462] [ 33.761466] Possible unsafe locking scenario: [ 33.761468] [ 33.761472] CPU0 CPU1 [ 33.761476] ---- ---- [ 33.761478] lock(report_lock); [ 33.761487] lock(&rq->lock); [ 33.761496] lock(report_lock); [ 33.761505] lock((console_sem).lock); [ 33.761513] [ 33.761516] *** DEADLOCK *** [ 33.761518] [ 33.761522] 2 locks held by syz-executor456/4393: [ 33.761524] #0: 000000001ae8352f (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 33.761541] #1: 00000000ecf2c3f6 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 33.761558] [ 33.761561] stack backtrace: [ 33.761567] CPU: 0 PID: 4393 Comm: syz-executor456 Not tainted 4.19.0-rc1+ #212 [ 33.761574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.761577] Call Trace: [ 33.761580] dump_stack+0x1c9/0x2b4 [ 33.761585] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.761589] ? vprintk_func+0x100/0x117 [ 33.761593] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 33.761597] ? save_trace+0xe0/0x290 [ 33.761601] __lock_acquire+0x3449/0x5020 [ 33.761605] ? mark_held_locks+0x160/0x160 [ 33.761609] ? mark_held_locks+0x160/0x160 [ 33.761613] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 33.761617] ? is_bpf_text_address+0xd7/0x170 [ 33.761621] ? kernel_text_address+0x79/0xf0 [ 33.761625] ? __kernel_text_address+0xd/0x40 [ 33.761629] ? __save_stack_trace+0x8d/0xf0 [ 33.761634] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 33.761638] ? save_trace+0x290/0x290 [ 33.761641] ? save_stack_trace+0x1a/0x20 [ 33.761645] ? save_trace+0xe0/0x290 [ 33.761649] ? graph_lock+0x170/0x170 [ 33.761654] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.761657] lock_acquire+0x1e4/0x4f0 [ 33.761661] ? down_trylock+0x13/0x70 [ 33.761665] ? lock_release+0x9f0/0x9f0 [ 33.761669] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.761673] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.761677] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.761681] ? log_store+0x34f/0x4c0 [ 33.761685] ? vprintk_emit+0x31f/0x910 [ 33.761689] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.761692] ? down_trylock+0x13/0x70 [ 33.761696] down_trylock+0x13/0x70 [ 33.761700] __down_trylock_console_sem+0xae/0x200 [ 33.761704] console_trylock+0x15/0xa0 [ 33.761708] vprintk_emit+0x31f/0x910 [ 33.761712] ? wake_up_klogd+0x110/0x110 [ 33.761716] ? run_rebalance_domains+0x4c0/0x4c0 [ 33.761720] ? kasan_check_read+0x11/0x20 [ 33.761724] ? rcu_is_watching+0x8c/0x150 [ 33.761727] ? rcu_pm_notify+0xc0/0xc0 [ 33.761731] ? lock_acquire+0x1e4/0x4f0 [ 33.761735] ? kasan_report+0x8e/0x110 [ 33.761739] ? __schedule+0xf54/0x1df0 [ 33.761742] vprintk_default+0x28/0x30 [ 33.761746] vprintk_func+0x7a/0x117 [ 33.761749] printk+0xa7/0xcf [ 33.761754] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 33.761758] ? kasan_check_write+0x14/0x20 [ 33.761762] ? do_raw_spin_lock+0xc1/0x200 [ 33.761766] ? do_raw_spin_lock+0xc1/0x200 [ 33.761769] kasan_report+0x9e/0x110 [ 33.761774] __asan_report_load8_noabort+0x14/0x20 [ 33.761777] __schedule+0xf54/0x1df0 [ 33.761781] ? __sched_text_start+0x8/0x8 [ 33.761786] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 33.761790] ? __call_srcu+0x7e7/0x1040 [ 33.761794] ? check_same_owner+0x340/0x340 [ 33.761797] ? mark_held_locks+0x160/0x160 [ 33.761801] ? find_held_lock+0x36/0x1c0 [ 33.761805] preempt_schedule_common+0x22/0x60 [ 33.761809] _cond_resched+0x1d/0x30 [ 33.761813] wait_for_completion+0xa5/0x8d0 [ 33.761818] ? wait_for_completion_interruptible+0x950/0x950 [ 33.761822] ? __lockdep_init_map+0x105/0x590 [ 33.761826] ? __init_waitqueue_head+0x9e/0x150 [ 33.761830] ? init_wait_entry+0x1c0/0x1c0 [ 33.761834] __synchronize_srcu+0x189/0x240 [ 33.761838] ? call_srcu+0x10/0x10 [ 33.761842] ? rcu_unexpedite_gp+0x20/0x20 [ 33.761846] synchronize_srcu+0x335/0x56f [ 33.761850] ? lock_downgrade+0x8f0/0x8f0 [ 33.761854] ? synchronize_srcu_expedited+0x20/0x20 [ 33.761858] ? kasan_check_read+0x11/0x20 [ 33.761862] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.761866] ? kasan_check_write+0x14/0x20 [ 33.761870] ? do_raw_spin_lock+0xc1/0x200 [ 33.761875] kvm_page_track_unregister_notifier+0x17d/0x250 [ 33.761880] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 33.761883] ? kvfree+0x61/0x70 [ 33.761888] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.761892] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.761896] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 33.761900] ? kvm_arch_sync_events+0x30/0x30 [ 33.761905] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.761909] ? mmu_notifier_unregister+0x474/0x600 [ 33.761913] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.761917] ? kfree+0x111/0x210 [ 33.761921] ? __mmu_notifier_register+0x30/0x30 [ 33.761925] ? __free_pages+0x10a/0x190 [ 33.761929] ? free_unref_page+0x930/0x930 [ 33.761932] kvm_put_kvm+0x73f/0x1060 [ 33.761937] ? kvm_write_guest_cached+0x40/0x40 [ 33.761941] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.761945] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.761949] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.761953] ? kasan_check_write+0x14/0x20 [ 33.761957] ? do_raw_spin_lock+0xc1/0x200 [ 33.761961] ? kvm_irqfd_release+0xdd/0x120 [ 33.761965] ? kvm_irqfd_release+0xdd/0x120 [ 33.761969] ? kvm_put_kvm+0x1060/0x1060 [ 33.761980] kvm_vm_release+0x42/0x50 [ 33.761984] __fput+0x36e/0x8c0 [ 33.761988] ? __alloc_file+0x400/0x400 [ 33.761992] ? check_same_owner+0x340/0x340 [ 33.761996] ? kasan_check_write+0x14/0x20 [ 33.762005] ? do_raw_spin_lock+0xc1/0x200 [ 33.762008] ____fput+0x15/0x20 [ 33.762012] task_work_run+0x1e8/0x2a0 [ 33.762016] ? task_work_cancel+0x240/0x240 [ 33.762021] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.762025] ? switch_task_namespaces+0xa2/0xd0 [ 33.762029] do_exit+0x1ae4/0x26e0 [ 33.762033] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 33.762037] ? do_raw_spin_lock+0x1/0x200 [ 33.762041] ? mm_update_next_owner+0x9a0/0x9a0 [ 33.762045] ? _raw_spin_unlock+0x22/0x30 [ 33.762049] ? do_huge_pmd_anonymous_page+0x450/0x1bd0 [ 33.762054] ? __thp_get_unmapped_area+0x180/0x180 [ 33.762058] ? kvm_uevent_notify_change.part [ 33.762065] Lost 45 message(s)! [ 34.834266] Shutting down cpus with NMI [ 35.892229] Dumping ftrace buffer: [ 35.895755] (ftrace buffer empty) [ 35.899443] Kernel Offset: disabled [ 35.903053] Rebooting in 86400 seconds..