[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.884808] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.522256] random: sshd: uninitialized urandom read (32 bytes read) [ 25.956000] random: sshd: uninitialized urandom read (32 bytes read) [ 26.502931] random: sshd: uninitialized urandom read (32 bytes read) [ 49.040857] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. [ 54.716851] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 54.818152] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 54.845261] ================================================================== [ 54.855191] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 54.861433] Read of size 8 at addr ffff8801baa90058 by task syz-executor770/4296 [ 54.868968] [ 54.870608] CPU: 1 PID: 4296 Comm: syz-executor770 Not tainted 4.19.0-rc2+ #226 [ 54.878060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.887417] Call Trace: [ 54.890027] dump_stack+0x1c9/0x2b4 [ 54.893668] ? dump_stack_print_info.cold.2+0x52/0x52 [ 54.898877] ? printk+0xa7/0xcf [ 54.902172] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 54.906940] ? __schedule+0xf54/0x1df0 [ 54.910847] print_address_description+0x6c/0x20b [ 54.915707] ? __schedule+0xf54/0x1df0 [ 54.919607] kasan_report.cold.7+0x242/0x30d [ 54.924029] __asan_report_load8_noabort+0x14/0x20 [ 54.928971] __schedule+0xf54/0x1df0 [ 54.932807] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 54.937923] ? __sched_text_start+0x8/0x8 [ 54.942083] ? __call_srcu+0x7e7/0x1040 [ 54.946078] ? check_same_owner+0x340/0x340 [ 54.950414] ? mark_held_locks+0x160/0x160 [ 54.954659] ? find_held_lock+0x36/0x1c0 [ 54.958739] preempt_schedule_common+0x22/0x60 [ 54.963368] _cond_resched+0x1d/0x30 [ 54.967094] wait_for_completion+0xa5/0x8d0 [ 54.971444] ? wait_for_completion_interruptible+0x950/0x950 [ 54.977254] ? __lockdep_init_map+0x105/0x590 [ 54.981788] ? __init_waitqueue_head+0x9e/0x150 [ 54.986471] ? init_wait_entry+0x1c0/0x1c0 [ 54.990722] __synchronize_srcu+0x189/0x240 [ 54.995097] ? call_srcu+0x10/0x10 [ 54.998653] ? rcu_unexpedite_gp+0x20/0x20 [ 55.002907] synchronize_srcu+0x335/0x56f [ 55.007065] ? lock_downgrade+0x8f0/0x8f0 [ 55.011228] ? synchronize_srcu_expedited+0x20/0x20 [ 55.016260] ? kasan_check_read+0x11/0x20 [ 55.020435] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 55.025030] ? kasan_check_write+0x14/0x20 [ 55.029285] ? do_raw_spin_lock+0xc1/0x200 [ 55.033538] kvm_page_track_unregister_notifier+0x17d/0x250 [ 55.039670] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 55.045137] ? kvfree+0x61/0x70 [ 55.048518] ? rcu_read_lock_sched_held+0x108/0x120 [ 55.053546] kvm_mmu_uninit_vm+0x1c/0x20 [ 55.057620] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 55.062042] ? kvm_arch_sync_events+0x30/0x30 [ 55.066552] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 55.072106] ? mmu_notifier_unregister+0x474/0x600 [ 55.077189] ? trace_hardirqs_on+0x2c0/0x2c0 [ 55.081605] ? kfree+0x111/0x210 [ 55.084990] ? __mmu_notifier_register+0x30/0x30 [ 55.089786] ? __free_pages+0x10a/0x190 [ 55.093805] ? free_unref_page+0x930/0x930 [ 55.098076] kvm_put_kvm+0x73f/0x1060 [ 55.101899] ? kvm_write_guest_cached+0x40/0x40 [ 55.106656] ? _raw_spin_unlock_irq+0x27/0x70 [ 55.111159] ? _raw_spin_unlock_irq+0x27/0x70 [ 55.115663] ? lockdep_hardirqs_on+0x421/0x5c0 [ 55.120260] ? kasan_check_write+0x14/0x20 [ 55.124505] ? do_raw_spin_lock+0xc1/0x200 [ 55.128777] ? kvm_irqfd_release+0xdd/0x120 [ 55.133116] ? kvm_irqfd_release+0xdd/0x120 [ 55.137562] ? kvm_put_kvm+0x1060/0x1060 [ 55.141633] kvm_vm_release+0x42/0x50 [ 55.146026] __fput+0x38a/0xa40 [ 55.149323] ? __alloc_file+0x400/0x400 [ 55.153425] ? check_same_owner+0x340/0x340 [ 55.158154] ? kasan_check_write+0x14/0x20 [ 55.162417] ? do_raw_spin_lock+0xc1/0x200 [ 55.166664] ____fput+0x15/0x20 [ 55.169958] task_work_run+0x1e8/0x2a0 [ 55.173860] ? task_work_cancel+0x240/0x240 [ 55.178197] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 55.183772] ? switch_task_namespaces+0xa2/0xd0 [ 55.188459] do_exit+0x1ae4/0x26e0 [ 55.192018] ? mm_update_next_owner+0x9a0/0x9a0 [ 55.196698] ? lock_downgrade+0x8f0/0x8f0 [ 55.200864] ? kasan_check_read+0x11/0x20 [ 55.205028] ? rcu_is_watching+0x8c/0x150 [ 55.209189] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 55.213966] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 55.218653] ? is_bpf_text_address+0xd7/0x170 [ 55.223168] ? kernel_text_address+0x79/0xf0 [ 55.227670] ? __kernel_text_address+0xd/0x40 [ 55.232411] ? unwind_get_return_address+0x61/0xa0 [ 55.237356] ? __save_stack_trace+0x8d/0xf0 [ 55.241698] ? save_stack+0x43/0xd0 [ 55.245337] ? __kasan_slab_free+0x11a/0x170 [ 55.249782] ? kasan_slab_free+0xe/0x10 [ 55.253812] ? kmem_cache_free+0x86/0x280 [ 55.257982] ? do_sys_open+0x569/0x720 [ 55.261881] ? __x64_sys_open+0x7e/0xc0 [ 55.265872] ? do_syscall_64+0x1b9/0x820 [ 55.269969] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.275351] ? trace_hardirqs_off+0xb8/0x2c0 [ 55.279798] ? kasan_check_read+0x11/0x20 [ 55.283965] ? do_raw_spin_unlock+0xa7/0x2f0 [ 55.288384] ? trace_hardirqs_on+0x2c0/0x2c0 [ 55.292833] ? trace_hardirqs_off+0xb8/0x2c0 [ 55.297254] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 55.302367] ? trace_hardirqs_on+0x2c0/0x2c0 [ 55.306811] ? kmem_cache_free+0xa0/0x280 [ 55.310983] ? kasan_check_read+0x11/0x20 [ 55.315148] ? rcu_is_watching+0x8c/0x150 [ 55.319309] ? trace_hardirqs_on+0xbd/0x2c0 [ 55.323643] ? rcu_pm_notify+0xc0/0xc0 [ 55.327720] ? putname+0xf2/0x130 [ 55.331217] ? putname+0xf2/0x130 [ 55.334684] ? rcu_read_lock_sched_held+0x108/0x120 [ 55.339713] ? kmem_cache_free+0x246/0x280 [ 55.343991] do_group_exit+0x177/0x440 [ 55.347897] ? trace_hardirqs_on+0xbd/0x2c0 [ 55.352242] ? __ia32_sys_exit+0x50/0x50 [ 55.356315] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 55.361449] __x64_sys_exit_group+0x3e/0x50 [ 55.365812] do_syscall_64+0x1b9/0x820 [ 55.369719] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 55.375125] ? syscall_return_slowpath+0x5e0/0x5e0 [ 55.380070] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.385000] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 55.390032] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 55.395067] ? prepare_exit_to_usermode+0x291/0x3b0 [ 55.400104] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.404966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.410191] RIP: 0033:0x442b28 [ 55.413413] Code: Bad RIP value. [ 55.416807] RSP: 002b:00007fffb0eb9d08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 55.424536] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442b28 [ 55.431822] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 55.439103] RBP: 00000000004c26e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 55.446388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 55.453673] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000 [ 55.460961] [ 55.462781] Allocated by task 4296: [ 55.466442] save_stack+0x43/0xd0 [ 55.469910] kasan_kmalloc+0xc4/0xe0 [ 55.473633] kasan_slab_alloc+0x12/0x20 [ 55.477616] kmem_cache_alloc+0x12e/0x710 [ 55.481803] vmx_create_vcpu+0xcf/0x2830 [ 55.485880] kvm_arch_vcpu_create+0xe5/0x220 [ 55.490302] kvm_vm_ioctl+0x488/0x1d80 [ 55.494202] do_vfs_ioctl+0x1de/0x1720 [ 55.498098] ksys_ioctl+0xa9/0xd0 [ 55.501561] __x64_sys_ioctl+0x73/0xb0 [ 55.505460] do_syscall_64+0x1b9/0x820 [ 55.509360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.514561] [ 55.516194] Freed by task 4296: [ 55.519484] save_stack+0x43/0xd0 [ 55.522952] __kasan_slab_free+0x11a/0x170 [ 55.527198] kasan_slab_free+0xe/0x10 [ 55.531084] kmem_cache_free+0x86/0x280 [ 55.535074] vmx_free_vcpu+0x26b/0x300 [ 55.538976] kvm_arch_destroy_vm+0x365/0x7c0 [ 55.543426] kvm_put_kvm+0x73f/0x1060 [ 55.547239] kvm_vm_release+0x42/0x50 [ 55.551118] __fput+0x38a/0xa40 [ 55.554410] ____fput+0x15/0x20 [ 55.557701] task_work_run+0x1e8/0x2a0 [ 55.561593] do_exit+0x1ae4/0x26e0 [ 55.565146] do_group_exit+0x177/0x440 [ 55.569044] __x64_sys_exit_group+0x3e/0x50 [ 55.573379] do_syscall_64+0x1b9/0x820 [ 55.577420] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.582680] [ 55.584322] The buggy address belongs to the object at ffff8801baa90040 [ 55.584322] which belongs to the cache kvm_vcpu of size 23872 [ 55.597070] The buggy address is located 24 bytes inside of [ 55.597070] 23872-byte region [ffff8801baa90040, ffff8801baa95d80) [ 55.609124] The buggy address belongs to the page: [ 55.614065] page:ffffea0006eaa400 count:1 mapcount:0 mapping:ffff8801d58103c0 index:0x0 compound_mapcount: 0 [ 55.624046] flags: 0x2fffc0000008100(slab|head) [ 55.628732] raw: 02fffc0000008100 ffff8801d5821b48 ffff8801d5821b48 ffff8801d58103c0 [ 55.636654] raw: 0000000000000000 ffff8801baa90040 0000000100000001 0000000000000000 [ 55.644539] page dumped because: kasan: bad access detected [ 55.650248] [ 55.651884] Memory state around the buggy address: [ 55.656830] ffff8801baa8ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.664265] ffff8801baa8ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.671634] >ffff8801baa90000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 55.678997] ^ [ 55.685238] ffff8801baa90080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.692609] ffff8801baa90100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.699972] ================================================================== [ 55.707422] Kernel panic - not syncing: panic_on_warn set ... [ 55.707422] [ 55.714835] CPU: 1 PID: 4296 Comm: syz-executor770 Tainted: G B 4.19.0-rc2+ #226 [ 55.723676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.733197] Call Trace: [ 55.735841] dump_stack+0x1c9/0x2b4 [ 55.739488] ? dump_stack_print_info.cold.2+0x52/0x52 [ 55.744691] ? lock_downgrade+0x8f0/0x8f0 [ 55.748853] ? __schedule+0xf54/0x1df0 [ 55.752780] panic+0x238/0x4e7 [ 55.755993] ? add_taint.cold.5+0x16/0x16 [ 55.760157] ? print_shadow_for_address+0xba/0x116 [ 55.765224] ? trace_hardirqs_off+0xaf/0x2c0 [ 55.769647] ? trace_hardirqs_off+0x77/0x2c0 [ 55.774073] ? __schedule+0xf54/0x1df0 [ 55.777973] kasan_end_report+0x47/0x4f [ 55.781960] kasan_report.cold.7+0x76/0x30d [ 55.786297] __asan_report_load8_noabort+0x14/0x20 [ 55.791254] __schedule+0xf54/0x1df0 [ 55.794978] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 55.800096] ? __sched_text_start+0x8/0x8 [ 55.804260] ? __call_srcu+0x7e7/0x1040 [ 55.808262] ? check_same_owner+0x340/0x340 [ 55.812594] ? mark_held_locks+0x160/0x160 [ 55.816844] ? find_held_lock+0x36/0x1c0 [ 55.820925] preempt_schedule_common+0x22/0x60 [ 55.825519] _cond_resched+0x1d/0x30 [ 55.829269] wait_for_completion+0xa5/0x8d0 [ 55.833609] ? wait_for_completion_interruptible+0x950/0x950 [ 55.839419] ? __lockdep_init_map+0x105/0x590 [ 55.843930] ? __init_waitqueue_head+0x9e/0x150 [ 55.848610] ? init_wait_entry+0x1c0/0x1c0 [ 55.852867] __synchronize_srcu+0x189/0x240 [ 55.857217] ? call_srcu+0x10/0x10 [ 55.860836] ? rcu_unexpedite_gp+0x20/0x20 [ 55.865093] synchronize_srcu+0x335/0x56f [ 55.869257] ? lock_downgrade+0x8f0/0x8f0 [ 55.873416] ? synchronize_srcu_expedited+0x20/0x20 [ 55.878449] ? kasan_check_read+0x11/0x20 [ 55.882614] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 55.887238] ? kasan_check_write+0x14/0x20 [ 55.891485] ? do_raw_spin_lock+0xc1/0x200 [ 55.895739] kvm_page_track_unregister_notifier+0x17d/0x250 [ 55.901500] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 55.906967] ? kvfree+0x61/0x70 [ 55.910266] ? rcu_read_lock_sched_held+0x108/0x120 [ 55.915298] kvm_mmu_uninit_vm+0x1c/0x20 [ 55.919373] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 55.923827] ? kvm_arch_sync_events+0x30/0x30 [ 55.928340] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 55.933900] ? mmu_notifier_unregister+0x474/0x600 [ 55.938847] ? trace_hardirqs_on+0x2c0/0x2c0 [ 55.943270] ? kfree+0x111/0x210 [ 55.946653] ? __mmu_notifier_register+0x30/0x30 [ 55.951431] ? __free_pages+0x10a/0x190 [ 55.955424] ? free_unref_page+0x930/0x930 [ 55.959681] kvm_put_kvm+0x73f/0x1060 [ 55.963631] ? kvm_write_guest_cached+0x40/0x40 [ 55.968318] ? _raw_spin_unlock_irq+0x27/0x70 [ 55.972835] ? _raw_spin_unlock_irq+0x27/0x70 [ 55.977360] ? lockdep_hardirqs_on+0x421/0x5c0 [ 55.981964] ? kasan_check_write+0x14/0x20 [ 55.986214] ? do_raw_spin_lock+0xc1/0x200 [ 55.990640] ? kvm_irqfd_release+0xdd/0x120 [ 55.994976] ? kvm_irqfd_release+0xdd/0x120 [ 55.999314] ? kvm_put_kvm+0x1060/0x1060 [ 56.003394] kvm_vm_release+0x42/0x50 [ 56.007210] __fput+0x38a/0xa40 [ 56.010504] ? __alloc_file+0x400/0x400 [ 56.014732] ? check_same_owner+0x340/0x340 [ 56.019090] ? kasan_check_write+0x14/0x20 [ 56.023647] ? do_raw_spin_lock+0xc1/0x200 [ 56.027907] ____fput+0x15/0x20 [ 56.031213] task_work_run+0x1e8/0x2a0 [ 56.035126] ? task_work_cancel+0x240/0x240 [ 56.039468] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 56.045021] ? switch_task_namespaces+0xa2/0xd0 [ 56.049707] do_exit+0x1ae4/0x26e0 [ 56.053266] ? mm_update_next_owner+0x9a0/0x9a0 [ 56.057951] ? lock_downgrade+0x8f0/0x8f0 [ 56.062114] ? kasan_check_read+0x11/0x20 [ 56.066275] ? rcu_is_watching+0x8c/0x150 [ 56.070451] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 56.075137] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 56.079837] ? is_bpf_text_address+0xd7/0x170 [ 56.084697] ? kernel_text_address+0x79/0xf0 [ 56.089273] ? __kernel_text_address+0xd/0x40 [ 56.093798] ? unwind_get_return_address+0x61/0xa0 [ 56.098875] ? __save_stack_trace+0x8d/0xf0 [ 56.103343] ? save_stack+0x43/0xd0 [ 56.106989] ? __kasan_slab_free+0x11a/0x170 [ 56.111397] ? kasan_slab_free+0xe/0x10 [ 56.115493] ? kmem_cache_free+0x86/0x280 [ 56.119643] ? do_sys_open+0x569/0x720 [ 56.123665] ? __x64_sys_open+0x7e/0xc0 [ 56.127875] ? do_syscall_64+0x1b9/0x820 [ 56.131936] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.137297] ? trace_hardirqs_off+0xb8/0x2c0 [ 56.141701] ? kasan_check_read+0x11/0x20 [ 56.146010] ? do_raw_spin_unlock+0xa7/0x2f0 [ 56.150419] ? trace_hardirqs_on+0x2c0/0x2c0 [ 56.154829] ? trace_hardirqs_off+0xb8/0x2c0 [ 56.159237] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 56.164503] ? trace_hardirqs_on+0x2c0/0x2c0 [ 56.169070] ? kmem_cache_free+0xa0/0x280 [ 56.173227] ? kasan_check_read+0x11/0x20 [ 56.177374] ? rcu_is_watching+0x8c/0x150 [ 56.181516] ? trace_hardirqs_on+0xbd/0x2c0 [ 56.185838] ? rcu_pm_notify+0xc0/0xc0 [ 56.189724] ? putname+0xf2/0x130 [ 56.193203] ? putname+0xf2/0x130 [ 56.196659] ? rcu_read_lock_sched_held+0x108/0x120 [ 56.201681] ? kmem_cache_free+0x246/0x280 [ 56.205919] do_group_exit+0x177/0x440 [ 56.209973] ? trace_hardirqs_on+0xbd/0x2c0 [ 56.214296] ? __ia32_sys_exit+0x50/0x50 [ 56.218447] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 56.223550] __x64_sys_exit_group+0x3e/0x50 [ 56.227996] do_syscall_64+0x1b9/0x820 [ 56.231884] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 56.237332] ? syscall_return_slowpath+0x5e0/0x5e0 [ 56.242264] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.247105] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 56.252118] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 56.257149] ? prepare_exit_to_usermode+0x291/0x3b0 [ 56.262164] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.267004] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.272190] RIP: 0033:0x442b28 [ 56.275387] Code: Bad RIP value. [ 56.278941] RSP: 002b:00007fffb0eb9d08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 56.286647] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442b28 [ 56.293912] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 56.301178] RBP: 00000000004c26e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 56.308442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 56.315708] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000 [ 56.322980] [ 56.322983] ====================================================== [ 56.322987] WARNING: possible circular locking dependency detected [ 56.322989] 4.19.0-rc2+ #226 Not tainted [ 56.322992] ------------------------------------------------------ [ 56.322995] syz-executor770/4296 is trying to acquire lock: [ 56.322997] 0000000082596bb1 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 56.323005] [ 56.323008] but task is already holding lock: [ 56.323009] 000000004e202247 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 56.323017] [ 56.323020] which lock already depends on the new lock. [ 56.323021] [ 56.323023] [ 56.323025] the existing dependency chain (in reverse order) is: [ 56.323027] [ 56.323028] -> #3 (report_lock){....}: [ 56.323036] _raw_spin_lock_irqsave+0x96/0xc0 [ 56.323038] kasan_report+0x8e/0x110 [ 56.323041] __asan_report_load8_noabort+0x14/0x20 [ 56.323043] __schedule+0xf54/0x1df0 [ 56.323045] preempt_schedule_common+0x22/0x60 [ 56.323048] _cond_resched+0x1d/0x30 [ 56.323050] wait_for_completion+0xa5/0x8d0 [ 56.323052] __synchronize_srcu+0x189/0x240 [ 56.323055] synchronize_srcu+0x335/0x56f [ 56.323058] kvm_page_track_unregister_notifier+0x17d/0x250 [ 56.323060] kvm_mmu_uninit_vm+0x1c/0x20 [ 56.323063] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 56.323065] kvm_put_kvm+0x73f/0x1060 [ 56.323067] kvm_vm_release+0x42/0x50 [ 56.323069] __fput+0x38a/0xa40 [ 56.323071] ____fput+0x15/0x20 [ 56.323074] task_work_run+0x1e8/0x2a0 [ 56.323076] do_exit+0x1ae4/0x26e0 [ 56.323078] do_group_exit+0x177/0x440 [ 56.323081] __x64_sys_exit_group+0x3e/0x50 [ 56.323083] do_syscall_64+0x1b9/0x820 [ 56.323086] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.323087] [ 56.323088] -> #2 (&rq->lock){-.-.}: [ 56.323096] _raw_spin_lock+0x2a/0x40 [ 56.323098] task_fork_fair+0x93/0x680 [ 56.323100] sched_fork+0x44b/0xbd0 [ 56.323102] copy_process+0x235e/0x7af0 [ 56.323105] _do_fork+0x1ca/0x1170 [ 56.323107] kernel_thread+0x34/0x40 [ 56.323109] rest_init+0x22/0xe4 [ 56.323111] start_kernel+0x913/0x94e [ 56.323114] x86_64_start_reservations+0x29/0x2b [ 56.323116] x86_64_start_kernel+0x76/0x79 [ 56.323118] secondary_startup_64+0xa4/0xb0 [ 56.323125] [ 56.323126] -> #1 (&p->pi_lock){-.-.}: [ 56.323134] _raw_spin_lock_irqsave+0x96/0xc0 [ 56.323137] try_to_wake_up+0xd2/0x1250 [ 56.323139] wake_up_process+0x10/0x20 [ 56.323141] __up.isra.1+0x1c0/0x2a0 [ 56.323143] up+0x13c/0x1c0 [ 56.323145] __up_console_sem+0xbe/0x1b0 [ 56.323148] console_unlock+0x506/0x10e0 [ 56.323150] vprintk_emit+0x33a/0x910 [ 56.323152] vprintk_default+0x28/0x30 [ 56.323154] vprintk_func+0x7a/0x117 [ 56.323156] printk+0xa7/0xcf [ 56.323158] load_umh+0x51/0xbd [ 56.323161] do_one_initcall+0x127/0x838 [ 56.323163] kernel_init_freeable+0x4bb/0x5ae [ 56.323166] kernel_init+0x11/0x1b3 [ 56.323168] ret_from_fork+0x3a/0x50 [ 56.323169] [ 56.323170] -> #0 ((console_sem).lock){-...}: [ 56.323179] lock_acquire+0x1e4/0x4f0 [ 56.323181] _raw_spin_lock_irqsave+0x96/0xc0 [ 56.323184] down_trylock+0x13/0x70 [ 56.323186] __down_trylock_console_sem+0xae/0x200 [ 56.323189] console_trylock+0x15/0xa0 [ 56.323191] vprintk_emit+0x31f/0x910 [ 56.323193] vprintk_default+0x28/0x30 [ 56.323195] vprintk_func+0x7a/0x117 [ 56.323197] printk+0xa7/0xcf [ 56.323200] kasan_report+0x9e/0x110 [ 56.323202] __asan_report_load8_noabort+0x14/0x20 [ 56.323205] __schedule+0xf54/0x1df0 [ 56.323207] preempt_schedule_common+0x22/0x60 [ 56.323209] _cond_resched+0x1d/0x30 [ 56.323212] wait_for_completion+0xa5/0x8d0 [ 56.323214] __synchronize_srcu+0x189/0x240 [ 56.323217] synchronize_srcu+0x335/0x56f [ 56.323220] kvm_page_track_unregister_notifier+0x17d/0x250 [ 56.323222] kvm_mmu_uninit_vm+0x1c/0x20 [ 56.323224] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 56.323227] kvm_put_kvm+0x73f/0x1060 [ 56.323229] kvm_vm_release+0x42/0x50 [ 56.323231] __fput+0x38a/0xa40 [ 56.323233] ____fput+0x15/0x20 [ 56.323235] task_work_run+0x1e8/0x2a0 [ 56.323237] do_exit+0x1ae4/0x26e0 [ 56.323240] do_group_exit+0x177/0x440 [ 56.323242] __x64_sys_exit_group+0x3e/0x50 [ 56.323244] do_syscall_64+0x1b9/0x820 [ 56.323247] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.323248] [ 56.323251] other info that might help us debug this: [ 56.323252] [ 56.323254] Chain exists of: [ 56.323255] (console_sem).lock --> &rq->lock --> report_lock [ 56.323265] [ 56.323268] Possible unsafe locking scenario: [ 56.323269] [ 56.323271] CPU0 CPU1 [ 56.323274] ---- ---- [ 56.323275] lock(report_lock); [ 56.323280] lock(&rq->lock); [ 56.323286] lock(report_lock); [ 56.323290] lock((console_sem).lock); [ 56.323295] [ 56.323297] *** DEADLOCK *** [ 56.323298] [ 56.323301] 2 locks held by syz-executor770/4296: [ 56.323302] #0: 00000000db6fc3f9 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 56.323312] #1: 000000004e202247 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 56.323321] [ 56.323323] stack backtrace: [ 56.323327] CPU: 1 PID: 4296 Comm: syz-executor770 Not tainted 4.19.0-rc2+ #226 [ 56.323331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.323333] Call Trace: [ 56.323335] dump_stack+0x1c9/0x2b4 [ 56.323338] ? dump_stack_print_info.cold.2+0x52/0x52 [ 56.323340] ? vprintk_func+0x100/0x117 [ 56.323343] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 56.323345] ? save_trace+0xe0/0x290 [ 56.323347] __lock_acquire+0x3449/0x5020 [ 56.323350] ? mark_held_locks+0x160/0x160 [ 56.323352] ? mark_held_locks+0x160/0x160 [ 56.323355] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 56.323357] ? is_bpf_text_address+0xd7/0x170 [ 56.323359] ? kernel_text_address+0x79/0xf0 [ 56.323362] ? __kernel_text_address+0xd/0x40 [ 56.323364] ? __save_stack_trace+0x8d/0xf0 [ 56.323367] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 56.323369] ? save_trace+0x290/0x290 [ 56.323371] ? save_stack_trace+0x1a/0x20 [ 56.323374] ? save_trace+0xe0/0x290 [ 56.323376] ? graph_lock+0x170/0x170 [ 56.323379] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 56.323381] lock_acquire+0x1e4/0x4f0 [ 56.323383] ? down_trylock+0x13/0x70 [ 56.323385] ? lock_release+0x9f0/0x9f0 [ 56.323388] ? trace_hardirqs_off+0xb8/0x2c0 [ 56.323390] ? trace_hardirqs_on+0x2c0/0x2c0 [ 56.323393] ? trace_hardirqs_off+0xb8/0x2c0 [ 56.323395] ? log_store+0x34f/0x4c0 [ 56.323397] ? vprintk_emit+0x31f/0x910 [ 56.323399] _raw_spin_lock_irqsave+0x96/0xc0 [ 56.323402] ? down_trylock+0x13/0x70 [ 56.323404] down_trylock+0x13/0x70 [ 56.323406] __down_trylock_console_sem+0xae/0x200 [ 56.323409] console_trylock+0x15/0xa0 [ 56.323411] vprintk_emit+0x31f/0x910 [ 56.323413] ? wake_up_klogd+0x110/0x110 [ 56.323416] ? run_rebalance_domains+0x4c0/0x4c0 [ 56.323418] ? kasan_check_read+0x11/0x20 [ 56.323420] ? rcu_is_watching+0x8c/0x150 [ 56.323422] ? rcu_pm_notify+0xc0/0xc0 [ 56.323425] ? lock_acquire+0x1e4/0x4f0 [ 56.323427] ? kasan_report+0x8e/0x110 [ 56.323429] ? __schedule+0xf54/0x1df0 [ 56.323431] vprintk_default+0x28/0x30 [ 56.323433] vprintk_func+0x7a/0x117 [ 56.323435] printk+0xa7/0xcf [ 56.323438] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 56.323440] ? kasan_check_write+0x14/0x20 [ 56.323443] ? do_raw_spin_lock+0xc1/0x200 [ 56.323445] ? do_raw_spin_lock+0xc1/0x200 [ 56.323447] kasan_report+0x9e/0x110 [ 56.323450] __asan_report_load8_noabort+0x14/0x20 [ 56.323452] __schedule+0xf54/0x1df0 [ 56.323455] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 56.323457] ? __sched_text_start+0x8/0x8 [ 56.323459] ? __call_srcu+0x7e7/0x1040 [ 56.323462] ? check_same_owner+0x340/0x340 [ 56.323464] ? mark_held_locks+0x160/0x160 [ 56.323466] ? find_held_lock+0x36/0x1c0 [ 56.323469] preempt_schedule_common+0x22/0x60 [ 56.323471] _cond_resched+0x1d/0x30 [ 56.323473] wait_for_completion+0xa5/0x8d0 [ 56.323476] ? wait_for_completion_interruptible+0x950/0x950 [ 56.323479] ? __lockdep_init_map+0x105/0x590 [ 56.323481] ? __init_waitqueue_head+0x9e/0x150 [ 56.323483] ? init_wait_entry+0x1c0/0x1c0 [ 56.323486] __synchronize_srcu+0x189/0x240 [ 56.323488] ? call_srcu+0x10/0x10 [ 56.323490] ? rcu_unexpedite_gp+0x20/0x20 [ 56.323493] synchronize_srcu+0x335/0x56f [ 56.323495] ? lock_downgrade+0x8f0/0x8f0 [ 56.323498] ? synchronize_srcu_expedited+0x20/0x20 [ 56.323500] ? kasan_check_read+0x11/0x20 [ 56.323503] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 56.323505] ? kasan_check_write+0x14/0x20 [ 56.323508] ? do_raw_spin_lock+0xc1/0x200 [ 56.323511] kvm_page_track_unregister_notifier+0x17d/0x250 [ 56.323513] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 56.323515] ? kvfree+0x61/0x70 [ 56.323518] ? rcu_read_lock_sched_held+0x108/0x120 [ 56.323521] kvm_mmu_uninit_vm+0x1c/0x20 [ 56.323523] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 56.323526] ? kvm_arch_sync_events+0x30/0x30 [ 56.323529] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 56.323531] ? mmu_notifier_unregister+0x474/0x600 [ 56.323534] ? trace_hardirqs_on+0x2c0/0x2c0 [ 56.323536] ? kfree+0x111/0x210 [ 56.323538] ? __mmu_notifier_register+0x30/0x30 [ 56.323540] ? __free_pages+0x10a/0x190 [ 56.323543] ? free_unref_page+0x930/0x930 [ 56.323545] kvm_put_kvm+0x73f/0x1060 [ 56.323547] ? kvm_write_guest_cached+0x40/0x40 [ 56.323550] ? _raw_spin_unlock_irq+0x27/0x70 [ 56.323552] ? _raw_spin_unlock_irq+0x27/0x70 [ 56.323555] ? lockdep_hardirqs_on+0x421/0x5c0 [ 56.323557] ? kasan_check_write+0x14/0x20 [ 56.323559] ? do_raw_spin_lock+0xc1/0x200 [ 56.323562] ? kvm_irqfd_release+0xdd/0x120 [ 56.323564] ? kvm_irqfd_release+0xdd/0x120 [ 56.323567] ? kvm_put_kvm+0x1060/0x1060 [ 56.323569] kvm_vm_release+0x42/0x50 [ 56.323571] __fput+0x38a/0xa40 [ 56.323573] ? __alloc_file+0x400/0x400 [ 56.323575] ? check_same_owner+0x340/0x340 [ 56.323578] ? kasan_check_write+0x14/0x20 [ 56.323580] ? do_raw_spin_lock+0xc1/0x200 [ 56.323582] ____fput+0x15/0x20 [ 56.323584] task_work_run+0x1e8/0x2a0 [ 56.323587] ? task_work_cancel+0x240/0x240 [ 56.323590] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 56.323592] ? switch_task_namespaces+0xa2/0xd0 [ 56.323594] do_exit+0x1ae4/0x26e0 [ 56.323597] ? mm_update_next_owner+0x9a0/0x9a0 [ 56.323599] ? lock_downgrade+0x8f0/0x8f0 [ 56.323601] ? kasan_check_read+0x11/0x20 [ 56.323604] ? rcu_is_watching+0x8c/0x150 [ 56.323606] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 56.323609] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 56.323611] ? is_bpf_text_address+0xd7/0x170 [ 56.323613] ? kernel_t [ 56.323617] Lost 50 message(s)! [ 57.417175] Shutting down cpus with NMI [ 58.486052] Dumping ftrace buffer: [ 58.489622] (ftrace buffer empty) [ 58.493412] Kernel Offset: disabled [ 58.497167] Rebooting in 86400 seconds..