[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.484851] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.333084] random: sshd: uninitialized urandom read (32 bytes read) [ 28.683921] random: sshd: uninitialized urandom read (32 bytes read) [ 29.221422] random: sshd: uninitialized urandom read (32 bytes read) [ 29.404425] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.46' (ECDSA) to the list of known hosts. [ 34.932121] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 35.030495] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 35.053679] ================================================================== [ 35.062567] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 35.068789] Read of size 8 at addr ffff8801b92f8058 by task syz-executor137/4656 [ 35.076300] [ 35.077912] CPU: 0 PID: 4656 Comm: syz-executor137 Not tainted 4.19.0-rc1+ #217 [ 35.085334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.094685] Call Trace: [ 35.097259] dump_stack+0x1c9/0x2b4 [ 35.100878] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.106162] ? printk+0xa7/0xcf [ 35.109428] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 35.114162] ? __schedule+0xf54/0x1df0 [ 35.118028] print_address_description+0x6c/0x20b [ 35.122855] ? __schedule+0xf54/0x1df0 [ 35.126723] kasan_report.cold.7+0x242/0x30d [ 35.131111] __asan_report_load8_noabort+0x14/0x20 [ 35.136211] __schedule+0xf54/0x1df0 [ 35.139949] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.145037] ? __sched_text_start+0x8/0x8 [ 35.149166] ? __call_srcu+0x7e7/0x1040 [ 35.153124] ? check_same_owner+0x340/0x340 [ 35.157421] ? mark_held_locks+0x160/0x160 [ 35.161633] ? find_held_lock+0x36/0x1c0 [ 35.165676] preempt_schedule_common+0x22/0x60 [ 35.170239] _cond_resched+0x1d/0x30 [ 35.173933] wait_for_completion+0xa5/0x8d0 [ 35.178231] ? wait_for_completion_interruptible+0x950/0x950 [ 35.184002] ? __lockdep_init_map+0x105/0x590 [ 35.188475] ? __init_waitqueue_head+0x9e/0x150 [ 35.193121] ? init_wait_entry+0x1c0/0x1c0 [ 35.197421] __synchronize_srcu+0x189/0x240 [ 35.201790] ? call_srcu+0x10/0x10 [ 35.205320] ? rcu_unexpedite_gp+0x20/0x20 [ 35.209536] synchronize_srcu+0x335/0x56f [ 35.213667] ? lock_downgrade+0x8f0/0x8f0 [ 35.217797] ? synchronize_srcu_expedited+0x20/0x20 [ 35.222806] ? kasan_check_read+0x11/0x20 [ 35.226935] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 35.231497] ? kasan_check_write+0x14/0x20 [ 35.235711] ? do_raw_spin_lock+0xc1/0x200 [ 35.239959] kvm_page_track_unregister_notifier+0x17d/0x250 [ 35.245653] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 35.251091] ? kvfree+0x61/0x70 [ 35.254353] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.259378] kvm_mmu_uninit_vm+0x1c/0x20 [ 35.263685] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 35.268077] ? kvm_arch_sync_events+0x30/0x30 [ 35.272554] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.278071] ? mmu_notifier_unregister+0x474/0x600 [ 35.282980] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.287366] ? kfree+0x111/0x210 [ 35.290712] ? __mmu_notifier_register+0x30/0x30 [ 35.295449] ? __free_pages+0x10a/0x190 [ 35.299401] ? free_unref_page+0x930/0x930 [ 35.303618] kvm_put_kvm+0x73f/0x1060 [ 35.307399] ? kvm_write_guest_cached+0x40/0x40 [ 35.312155] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.316638] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.321118] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.325686] ? kasan_check_write+0x14/0x20 [ 35.329911] ? do_raw_spin_lock+0xc1/0x200 [ 35.334130] ? kvm_irqfd_release+0xdd/0x120 [ 35.338442] ? kvm_irqfd_release+0xdd/0x120 [ 35.342929] ? kvm_put_kvm+0x1060/0x1060 [ 35.346980] kvm_vm_release+0x42/0x50 [ 35.350766] __fput+0x38a/0xa40 [ 35.354029] ? __alloc_file+0x400/0x400 [ 35.357988] ? check_same_owner+0x340/0x340 [ 35.362289] ? kasan_check_write+0x14/0x20 [ 35.366516] ? do_raw_spin_lock+0xc1/0x200 [ 35.370728] ____fput+0x15/0x20 [ 35.373988] task_work_run+0x1e8/0x2a0 [ 35.377855] ? task_work_cancel+0x240/0x240 [ 35.382158] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.387785] ? switch_task_namespaces+0xa2/0xd0 [ 35.392452] do_exit+0x1ae4/0x26e0 [ 35.395974] ? mm_update_next_owner+0x9a0/0x9a0 [ 35.400625] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 35.404841] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.409837] ? kfree+0x1d7/0x210 [ 35.413185] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 35.417403] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.423095] ? is_bpf_text_address+0xd7/0x170 [ 35.427577] ? kernel_text_address+0x79/0xf0 [ 35.431966] ? __kernel_text_address+0xd/0x40 [ 35.436446] ? unwind_get_return_address+0x61/0xa0 [ 35.441368] ? __save_stack_trace+0x8d/0xf0 [ 35.445685] ? save_stack+0xa9/0xd0 [ 35.449296] ? save_stack+0x43/0xd0 [ 35.452906] ? __kasan_slab_free+0x11a/0x170 [ 35.457293] ? kasan_slab_free+0xe/0x10 [ 35.461247] ? putname+0xf2/0x130 [ 35.464685] ? __x64_sys_openat+0x9d/0x100 [ 35.468906] ? do_syscall_64+0x1b9/0x820 [ 35.472948] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.478292] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.482680] ? kasan_check_read+0x11/0x20 [ 35.486809] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.491201] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.495593] ? initcall_blacklisted+0x9a/0x1e0 [ 35.500156] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 35.505246] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 35.510941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.516457] ? do_vfs_ioctl+0x201/0x1720 [ 35.520497] ? rcu_is_watching+0x8c/0x150 [ 35.524624] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.528924] ? ioctl_preallocate+0x300/0x300 [ 35.533315] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.538831] ? __fget_light+0x2f7/0x440 [ 35.542784] ? fget_raw+0x20/0x20 [ 35.546221] ? putname+0xf2/0x130 [ 35.549655] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.554658] ? kmem_cache_free+0x246/0x280 [ 35.558877] ? putname+0xf7/0x130 [ 35.562312] do_group_exit+0x177/0x440 [ 35.566193] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.570497] ? __ia32_sys_exit+0x50/0x50 [ 35.574538] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.579620] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.585136] ? ksys_ioctl+0x81/0xd0 [ 35.588744] __x64_sys_exit_group+0x3e/0x50 [ 35.593049] do_syscall_64+0x1b9/0x820 [ 35.596917] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.602259] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.607167] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.611988] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.616986] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.621981] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.626978] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.631808] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.636976] RIP: 0033:0x43ecc8 [ 35.640148] Code: Bad RIP value. [ 35.643575] RSP: 002b:00007ffe2ed5bc58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.651266] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 35.658541] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.665850] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.673149] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 35.680430] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 35.687685] [ 35.689295] Allocated by task 4656: [ 35.692905] save_stack+0x43/0xd0 [ 35.696339] kasan_kmalloc+0xc4/0xe0 [ 35.700032] kasan_slab_alloc+0x12/0x20 [ 35.704090] kmem_cache_alloc+0x12e/0x710 [ 35.708218] vmx_create_vcpu+0xcf/0x2830 [ 35.712272] kvm_arch_vcpu_create+0xe5/0x220 [ 35.716671] kvm_vm_ioctl+0x488/0x1d80 [ 35.720547] do_vfs_ioctl+0x1de/0x1720 [ 35.724470] ksys_ioctl+0xa9/0xd0 [ 35.727910] __x64_sys_ioctl+0x73/0xb0 [ 35.731789] do_syscall_64+0x1b9/0x820 [ 35.735657] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.740828] [ 35.742434] Freed by task 4656: [ 35.745706] save_stack+0x43/0xd0 [ 35.749149] __kasan_slab_free+0x11a/0x170 [ 35.753369] kasan_slab_free+0xe/0x10 [ 35.757153] kmem_cache_free+0x86/0x280 [ 35.761117] vmx_free_vcpu+0x26b/0x300 [ 35.764984] kvm_arch_destroy_vm+0x365/0x7c0 [ 35.769373] kvm_put_kvm+0x73f/0x1060 [ 35.773153] kvm_vm_release+0x42/0x50 [ 35.776934] __fput+0x38a/0xa40 [ 35.780197] ____fput+0x15/0x20 [ 35.783461] task_work_run+0x1e8/0x2a0 [ 35.787331] do_exit+0x1ae4/0x26e0 [ 35.790850] do_group_exit+0x177/0x440 [ 35.794719] __x64_sys_exit_group+0x3e/0x50 [ 35.799021] do_syscall_64+0x1b9/0x820 [ 35.802894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.808058] [ 35.809673] The buggy address belongs to the object at ffff8801b92f8040 [ 35.809673] which belongs to the cache kvm_vcpu of size 23872 [ 35.822286] The buggy address is located 24 bytes inside of [ 35.822286] 23872-byte region [ffff8801b92f8040, ffff8801b92fdd80) [ 35.834238] The buggy address belongs to the page: [ 35.839159] page:ffffea0006e4be00 count:1 mapcount:0 mapping:ffff8801d518b9c0 index:0x0 compound_mapcount: 0 [ 35.849111] flags: 0x2fffc0000008100(slab|head) [ 35.853776] raw: 02fffc0000008100 ffff8801d4a94848 ffff8801d4a94848 ffff8801d518b9c0 [ 35.861638] raw: 0000000000000000 ffff8801b92f8040 0000000100000001 0000000000000000 [ 35.869677] page dumped because: kasan: bad access detected [ 35.875364] [ 35.876967] Memory state around the buggy address: [ 35.881874] ffff8801b92f7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.889294] ffff8801b92f7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.896644] >ffff8801b92f8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 35.903990] ^ [ 35.910211] ffff8801b92f8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.917555] ffff8801b92f8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.924892] ================================================================== [ 35.932230] Kernel panic - not syncing: panic_on_warn set ... [ 35.932230] [ 35.939579] CPU: 0 PID: 4656 Comm: syz-executor137 Tainted: G B 4.19.0-rc1+ #217 [ 35.948438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.957773] Call Trace: [ 35.960348] dump_stack+0x1c9/0x2b4 [ 35.963965] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.969142] ? lock_downgrade+0x8f0/0x8f0 [ 35.973269] ? __schedule+0xf54/0x1df0 [ 35.977136] panic+0x238/0x4e7 [ 35.980305] ? add_taint.cold.5+0x16/0x16 [ 35.984435] ? print_shadow_for_address+0xba/0x116 [ 35.989341] ? trace_hardirqs_off+0xaf/0x2b0 [ 35.993736] ? trace_hardirqs_off+0x77/0x2b0 [ 35.998124] ? __schedule+0xf54/0x1df0 [ 36.001993] kasan_end_report+0x47/0x4f [ 36.005949] kasan_report.cold.7+0x76/0x30d [ 36.010257] __asan_report_load8_noabort+0x14/0x20 [ 36.015195] __schedule+0xf54/0x1df0 [ 36.018892] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.023979] ? __sched_text_start+0x8/0x8 [ 36.028112] ? __call_srcu+0x7e7/0x1040 [ 36.032079] ? check_same_owner+0x340/0x340 [ 36.036387] ? mark_held_locks+0x160/0x160 [ 36.040604] ? find_held_lock+0x36/0x1c0 [ 36.044648] preempt_schedule_common+0x22/0x60 [ 36.049219] _cond_resched+0x1d/0x30 [ 36.052912] wait_for_completion+0xa5/0x8d0 [ 36.057216] ? wait_for_completion_interruptible+0x950/0x950 [ 36.062993] ? __lockdep_init_map+0x105/0x590 [ 36.067471] ? __init_waitqueue_head+0x9e/0x150 [ 36.072119] ? init_wait_entry+0x1c0/0x1c0 [ 36.076342] __synchronize_srcu+0x189/0x240 [ 36.080648] ? call_srcu+0x10/0x10 [ 36.084182] ? rcu_unexpedite_gp+0x20/0x20 [ 36.088407] synchronize_srcu+0x335/0x56f [ 36.092539] ? lock_downgrade+0x8f0/0x8f0 [ 36.096673] ? synchronize_srcu_expedited+0x20/0x20 [ 36.101677] ? kasan_check_read+0x11/0x20 [ 36.105806] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.110374] ? kasan_check_write+0x14/0x20 [ 36.114606] ? do_raw_spin_lock+0xc1/0x200 [ 36.118830] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.124525] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.129968] ? kvfree+0x61/0x70 [ 36.133241] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.138247] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.142293] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.146696] ? kvm_arch_sync_events+0x30/0x30 [ 36.151178] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.156921] ? mmu_notifier_unregister+0x474/0x600 [ 36.161832] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.166218] ? kfree+0x111/0x210 [ 36.169568] ? __mmu_notifier_register+0x30/0x30 [ 36.174306] ? __free_pages+0x10a/0x190 [ 36.178259] ? free_unref_page+0x930/0x930 [ 36.182484] kvm_put_kvm+0x73f/0x1060 [ 36.186269] ? kvm_write_guest_cached+0x40/0x40 [ 36.190923] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.195395] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.199867] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.204430] ? kasan_check_write+0x14/0x20 [ 36.208645] ? do_raw_spin_lock+0xc1/0x200 [ 36.212867] ? kvm_irqfd_release+0xdd/0x120 [ 36.217169] ? kvm_irqfd_release+0xdd/0x120 [ 36.221473] ? kvm_put_kvm+0x1060/0x1060 [ 36.225514] kvm_vm_release+0x42/0x50 [ 36.229294] __fput+0x38a/0xa40 [ 36.232555] ? __alloc_file+0x400/0x400 [ 36.236510] ? check_same_owner+0x340/0x340 [ 36.240812] ? kasan_check_write+0x14/0x20 [ 36.245029] ? do_raw_spin_lock+0xc1/0x200 [ 36.249245] ____fput+0x15/0x20 [ 36.252508] task_work_run+0x1e8/0x2a0 [ 36.256375] ? task_work_cancel+0x240/0x240 [ 36.260687] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.266207] ? switch_task_namespaces+0xa2/0xd0 [ 36.270857] do_exit+0x1ae4/0x26e0 [ 36.274378] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.279030] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.283245] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.288237] ? kfree+0x1d7/0x210 [ 36.291583] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.295799] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.301490] ? is_bpf_text_address+0xd7/0x170 [ 36.306035] ? kernel_text_address+0x79/0xf0 [ 36.310430] ? __kernel_text_address+0xd/0x40 [ 36.314907] ? unwind_get_return_address+0x61/0xa0 [ 36.319818] ? __save_stack_trace+0x8d/0xf0 [ 36.324120] ? save_stack+0xa9/0xd0 [ 36.327728] ? save_stack+0x43/0xd0 [ 36.331334] ? __kasan_slab_free+0x11a/0x170 [ 36.335722] ? kasan_slab_free+0xe/0x10 [ 36.339685] ? putname+0xf2/0x130 [ 36.343190] ? __x64_sys_openat+0x9d/0x100 [ 36.347413] ? do_syscall_64+0x1b9/0x820 [ 36.351456] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.356806] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.361205] ? kasan_check_read+0x11/0x20 [ 36.365338] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.369726] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.374117] ? initcall_blacklisted+0x9a/0x1e0 [ 36.378685] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.383772] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.389463] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.394979] ? do_vfs_ioctl+0x201/0x1720 [ 36.399019] ? rcu_is_watching+0x8c/0x150 [ 36.403142] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.407461] ? ioctl_preallocate+0x300/0x300 [ 36.411856] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.417397] ? __fget_light+0x2f7/0x440 [ 36.421348] ? fget_raw+0x20/0x20 [ 36.424788] ? putname+0xf2/0x130 [ 36.428225] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.433218] ? kmem_cache_free+0x246/0x280 [ 36.437443] ? putname+0xf7/0x130 [ 36.440879] do_group_exit+0x177/0x440 [ 36.444747] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.449060] ? __ia32_sys_exit+0x50/0x50 [ 36.453160] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.458298] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.463823] ? ksys_ioctl+0x81/0xd0 [ 36.467433] __x64_sys_exit_group+0x3e/0x50 [ 36.471737] do_syscall_64+0x1b9/0x820 [ 36.475602] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.480945] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.485961] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.490790] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.495785] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.500795] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.505806] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.510632] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.515803] RIP: 0033:0x43ecc8 [ 36.518979] Code: Bad RIP value. [ 36.522319] RSP: 002b:00007ffe2ed5bc58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.530004] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8 [ 36.537251] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.544500] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.551755] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.559004] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 36.566261] [ 36.566264] ====================================================== [ 36.566267] WARNING: possible circular locking dependency detected [ 36.566269] 4.19.0-rc1+ #217 Not tainted [ 36.566272] ------------------------------------------------------ [ 36.566275] syz-executor137/4656 is trying to acquire lock: [ 36.566277] 00000000c46084b7 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 36.566285] [ 36.566287] but task is already holding lock: [ 36.566289] 00000000fab4ad9a (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.566296] [ 36.566298] which lock already depends on the new lock. [ 36.566299] [ 36.566300] [ 36.566303] the existing dependency chain (in reverse order) is: [ 36.566304] [ 36.566306] -> #3 (report_lock){....}: [ 36.566313] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.566315] kasan_report+0x8e/0x110 [ 36.566317] __asan_report_load8_noabort+0x14/0x20 [ 36.566320] __schedule+0xf54/0x1df0 [ 36.566322] preempt_schedule_common+0x22/0x60 [ 36.566324] _cond_resched+0x1d/0x30 [ 36.566326] wait_for_completion+0xa5/0x8d0 [ 36.566329] __synchronize_srcu+0x189/0x240 [ 36.566331] synchronize_srcu+0x335/0x56f [ 36.566334] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.566336] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.566350] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.566352] kvm_put_kvm+0x73f/0x1060 [ 36.566355] kvm_vm_release+0x42/0x50 [ 36.566357] __fput+0x38a/0xa40 [ 36.566371] ____fput+0x15/0x20 [ 36.566374] task_work_run+0x1e8/0x2a0 [ 36.566376] do_exit+0x1ae4/0x26e0 [ 36.566378] do_group_exit+0x177/0x440 [ 36.566380] __x64_sys_exit_group+0x3e/0x50 [ 36.566383] do_syscall_64+0x1b9/0x820 [ 36.566385] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.566387] [ 36.566388] -> #2 (&rq->lock){-.-.}: [ 36.566395] _raw_spin_lock+0x2a/0x40 [ 36.566397] task_fork_fair+0x93/0x680 [ 36.566399] sched_fork+0x44b/0xbd0 [ 36.566402] copy_process+0x235e/0x7ad0 [ 36.566404] _do_fork+0x1ca/0x1170 [ 36.566406] kernel_thread+0x34/0x40 [ 36.566408] rest_init+0x22/0xe4 [ 36.566410] start_kernel+0x913/0x94e [ 36.566413] x86_64_start_reservations+0x29/0x2b [ 36.566415] x86_64_start_kernel+0x76/0x79 [ 36.566418] secondary_startup_64+0xa4/0xb0 [ 36.566419] [ 36.566420] -> #1 (&p->pi_lock){-.-.}: [ 36.566428] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.566430] try_to_wake_up+0xd2/0x1250 [ 36.566432] wake_up_process+0x10/0x20 [ 36.566434] __up.isra.1+0x1c0/0x2a0 [ 36.566436] up+0x13c/0x1c0 [ 36.566439] __up_console_sem+0xbe/0x1b0 [ 36.566441] console_unlock+0x506/0x10d0 [ 36.566443] vprintk_emit+0x33a/0x910 [ 36.566445] dev_vprintk_emit+0x24c/0x540 [ 36.566448] dev_printk_emit+0xae/0xe0 [ 36.566450] __dev_printk+0xa7/0x110 [ 36.566452] _dev_warn+0x10c/0x170 [ 36.566454] _request_firmware+0xee4/0x14a0 [ 36.566457] request_firmware_work_func+0xeb/0x2e0 [ 36.566459] process_one_work+0xc73/0x1aa0 [ 36.566461] worker_thread+0x189/0x13c0 [ 36.566464] kthread+0x35a/0x420 [ 36.566466] ret_from_fork+0x3a/0x50 [ 36.566467] [ 36.566468] -> #0 ((console_sem).lock){-...}: [ 36.566476] lock_acquire+0x1e4/0x4f0 [ 36.566478] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.566480] down_trylock+0x13/0x70 [ 36.566483] __down_trylock_console_sem+0xae/0x200 [ 36.566485] console_trylock+0x15/0xa0 [ 36.566488] vprintk_emit+0x31f/0x910 [ 36.566490] vprintk_default+0x28/0x30 [ 36.566492] vprintk_func+0x7a/0x117 [ 36.566494] printk+0xa7/0xcf [ 36.566496] kasan_report+0x9e/0x110 [ 36.566499] __asan_report_load8_noabort+0x14/0x20 [ 36.566501] __schedule+0xf54/0x1df0 [ 36.566503] preempt_schedule_common+0x22/0x60 [ 36.566506] _cond_resched+0x1d/0x30 [ 36.566508] wait_for_completion+0xa5/0x8d0 [ 36.566510] __synchronize_srcu+0x189/0x240 [ 36.566513] synchronize_srcu+0x335/0x56f [ 36.566516] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.566518] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.566520] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.566523] kvm_put_kvm+0x73f/0x1060 [ 36.566525] kvm_vm_release+0x42/0x50 [ 36.566527] __fput+0x38a/0xa40 [ 36.566529] ____fput+0x15/0x20 [ 36.566531] task_work_run+0x1e8/0x2a0 [ 36.566533] do_exit+0x1ae4/0x26e0 [ 36.566535] do_group_exit+0x177/0x440 [ 36.566538] __x64_sys_exit_group+0x3e/0x50 [ 36.566540] do_syscall_64+0x1b9/0x820 [ 36.566543] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.566544] [ 36.566547] other info that might help us debug this: [ 36.566548] [ 36.566549] Chain exists of: [ 36.566551] (console_sem).lock --> &rq->lock --> report_lock [ 36.566560] [ 36.566563] Possible unsafe locking scenario: [ 36.566564] [ 36.566566] CPU0 CPU1 [ 36.566568] ---- ---- [ 36.566570] lock(report_lock); [ 36.566575] lock(&rq->lock); [ 36.566580] lock(report_lock); [ 36.566584] lock((console_sem).lock); [ 36.566588] [ 36.566590] *** DEADLOCK *** [ 36.566591] [ 36.566594] 2 locks held by syz-executor137/4656: [ 36.566595] #0: 00000000f9f3e04c (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 36.566604] #1: 00000000fab4ad9a (report_lock){....}, at: kasan_report+0x8e/0x110 [ 36.566613] [ 36.566615] stack backtrace: [ 36.566618] CPU: 0 PID: 4656 Comm: syz-executor137 Not tainted 4.19.0-rc1+ #217 [ 36.566622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.566624] Call Trace: [ 36.566626] dump_stack+0x1c9/0x2b4 [ 36.566629] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.566631] ? vprintk_func+0x100/0x117 [ 36.566634] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 36.566636] ? save_trace+0xe0/0x290 [ 36.566638] __lock_acquire+0x3449/0x5020 [ 36.566640] ? mark_held_locks+0x160/0x160 [ 36.566643] ? mark_held_locks+0x160/0x160 [ 36.566645] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.566647] ? is_bpf_text_address+0xd7/0x170 [ 36.566650] ? kernel_text_address+0x79/0xf0 [ 36.566652] ? __kernel_text_address+0xd/0x40 [ 36.566654] ? __save_stack_trace+0x8d/0xf0 [ 36.566657] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 36.566666] ? save_trace+0x290/0x290 [ 36.566668] ? save_stack_trace+0x1a/0x20 [ 36.566670] ? save_trace+0xe0/0x290 [ 36.566673] ? graph_lock+0x170/0x170 [ 36.566675] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.566678] lock_acquire+0x1e4/0x4f0 [ 36.566680] ? down_trylock+0x13/0x70 [ 36.566682] ? lock_release+0x9f0/0x9f0 [ 36.566684] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.566686] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.566702] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.566704] ? log_store+0x34f/0x4c0 [ 36.566706] ? vprintk_emit+0x31f/0x910 [ 36.566709] _raw_spin_lock_irqsave+0x96/0xc0 [ 36.566711] ? down_trylock+0x13/0x70 [ 36.566713] down_trylock+0x13/0x70 [ 36.566715] __down_trylock_console_sem+0xae/0x200 [ 36.566717] console_trylock+0x15/0xa0 [ 36.566719] vprintk_emit+0x31f/0x910 [ 36.566721] ? wake_up_klogd+0x110/0x110 [ 36.566724] ? run_rebalance_domains+0x4c0/0x4c0 [ 36.566726] ? kasan_check_read+0x11/0x20 [ 36.566728] ? rcu_is_watching+0x8c/0x150 [ 36.566730] ? rcu_pm_notify+0xc0/0xc0 [ 36.566732] ? lock_acquire+0x1e4/0x4f0 [ 36.566734] ? kasan_report+0x8e/0x110 [ 36.566736] ? __schedule+0xf54/0x1df0 [ 36.566738] vprintk_default+0x28/0x30 [ 36.566740] vprintk_func+0x7a/0x117 [ 36.566742] printk+0xa7/0xcf [ 36.566744] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.566747] ? kasan_check_write+0x14/0x20 [ 36.566749] ? do_raw_spin_lock+0xc1/0x200 [ 36.566751] ? do_raw_spin_lock+0xc1/0x200 [ 36.566753] kasan_report+0x9e/0x110 [ 36.566756] __asan_report_load8_noabort+0x14/0x20 [ 36.566762] __schedule+0xf54/0x1df0 [ 36.566765] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.566767] ? __sched_text_start+0x8/0x8 [ 36.566769] ? __call_srcu+0x7e7/0x1040 [ 36.566771] ? check_same_owner+0x340/0x340 [ 36.566774] ? mark_held_locks+0x160/0x160 [ 36.566776] ? find_held_lock+0x36/0x1c0 [ 36.566778] preempt_schedule_common+0x22/0x60 [ 36.566780] _cond_resched+0x1d/0x30 [ 36.566783] wait_for_completion+0xa5/0x8d0 [ 36.566785] ? wait_for_completion_interruptible+0x950/0x950 [ 36.566788] ? __lockdep_init_map+0x105/0x590 [ 36.566790] ? __init_waitqueue_head+0x9e/0x150 [ 36.566793] ? init_wait_entry+0x1c0/0x1c0 [ 36.566795] __synchronize_srcu+0x189/0x240 [ 36.566797] ? call_srcu+0x10/0x10 [ 36.566812] ? rcu_unexpedite_gp+0x20/0x20 [ 36.566814] synchronize_srcu+0x335/0x56f [ 36.566816] ? lock_downgrade+0x8f0/0x8f0 [ 36.566819] ? synchronize_srcu_expedited+0x20/0x20 [ 36.566821] ? kasan_check_read+0x11/0x20 [ 36.566824] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.566826] ? kasan_check_write+0x14/0x20 [ 36.566828] ? do_raw_spin_lock+0xc1/0x200 [ 36.566831] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.566834] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.566836] ? kvfree+0x61/0x70 [ 36.566838] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.566840] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.566843] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.566845] ? kvm_arch_sync_events+0x30/0x30 [ 36.566848] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.566851] ? mmu_notifier_unregister+0x474/0x600 [ 36.566853] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.566855] ? kfree+0x111/0x210 [ 36.566857] ? __mmu_notifier_register+0x30/0x30 [ 36.566859] ? __free_pages+0x10a/0x190 [ 36.566862] ? free_unref_page+0x930/0x930 [ 36.566864] kvm_put_kvm+0x73f/0x1060 [ 36.566866] ? kvm_write_guest_cached+0x40/0x40 [ 36.566869] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.566871] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.566873] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.566876] ? kasan_check_write+0x14/0x20 [ 36.566878] ? do_raw_spin_lock+0xc1/0x200 [ 36.566880] ? kvm_irqfd_release+0xdd/0x120 [ 36.566882] ? kvm_irqfd_release+0xdd/0x120 [ 36.566885] ? kvm_put_kvm+0x1060/0x1060 [ 36.566887] kvm_vm_release+0x42/0x50 [ 36.566889] __fput+0x38a/0xa40 [ 36.566891] ? __alloc_file+0x400/0x400 [ 36.566893] ? check_same_owner+0x340/0x340 [ 36.566895] ? kasan_check_write+0x14/0x20 [ 36.566898] ? do_raw_spin_lock+0xc1/0x200 [ 36.566899] ____fput+0x15/0x20 [ 36.566902] task_work_run+0x1e8/0x2a0 [ 36.566904] ? task_work_cancel+0x240/0x240 [ 36.566907] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.566909] ? switch_task_namespaces+0xa2/0xd0 [ 36.566911] do_exit+0x1ae4/0x26e0 [ 36.566913] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.566916] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.566918] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.566920] ? kfree+0x1d7/0x210 [ 36.566922] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.566927] Lost 58 message(s)! [ 37.664512] Shutting down cpus with NMI [ 38.722653] Dumping ftrace buffer: [ 38.726191] (ftrace buffer empty) [ 38.729879] Kernel Offset: disabled [ 38.733485] Rebooting in 86400 seconds..