[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 25.969132] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 30.752846] random: sshd: uninitialized urandom read (32 bytes read)
[ 31.291323] random: sshd: uninitialized urandom read (32 bytes read)
[ 31.895971] random: sshd: uninitialized urandom read (32 bytes read)
[ 32.109764] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.89' (ECDSA) to the list of known hosts.
[ 37.815959] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 37.936238] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 37.965241] ==================================================================
[ 37.975266] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0
[ 37.981522] Read of size 8 at addr ffff8801d9318058 by task syz-executor929/5343
[ 37.989058]
[ 37.990702] CPU: 0 PID: 5343 Comm: syz-executor929 Not tainted 4.19.0-rc4+ #25
[ 37.998067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 38.007431] Call Trace:
[ 38.010037] dump_stack+0x1c4/0x2b4
[ 38.013678] ? dump_stack_print_info.cold.2+0x52/0x52
[ 38.018899] ? printk+0xa7/0xcf
[ 38.022186] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 38.026954] print_address_description.cold.8+0x9/0x1ff
[ 38.032347] kasan_report.cold.9+0x242/0x309
[ 38.036767] ? __schedule+0xfc3/0x1ed0
[ 38.040682] __asan_report_load8_noabort+0x14/0x20
[ 38.045638] __schedule+0xfc3/0x1ed0
[ 38.049381] ? __sched_text_start+0x8/0x8
[ 38.053554] ? __lock_is_held+0xb5/0x140
[ 38.057648] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 38.062769] ? find_held_lock+0x36/0x1c0
[ 38.066839] ? __call_srcu+0x7f9/0x1070
[ 38.070818] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 38.075926] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 38.081032] ? lockdep_hardirqs_on+0x421/0x5c0
[ 38.085620] ? preempt_schedule+0x4d/0x60
[ 38.089790] preempt_schedule_common+0x1f/0xd0
[ 38.094380] preempt_schedule+0x4d/0x60
[ 38.098365] ___preempt_schedule+0x16/0x18
[ 38.102608] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 38.107545] __call_srcu+0x7f9/0x1070
[ 38.111351] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 38.116464] ? srcu_offline_cpu+0x120/0x120
[ 38.120796] ? debug_object_free+0x690/0x690
[ 38.125208] ? mark_held_locks+0x130/0x130
[ 38.129442] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 38.134030] ? lock_release+0x970/0x970
[ 38.138003] ? arch_local_save_flags+0x40/0x40
[ 38.142612] ? depot_save_stack+0x292/0x470
[ 38.146954] ? __lockdep_init_map+0x105/0x590
[ 38.151451] ? __init_waitqueue_head+0x9e/0x150
[ 38.156125] ? init_wait_entry+0x1c0/0x1c0
[ 38.160367] __synchronize_srcu+0x17b/0x230
[ 38.164691] ? call_srcu+0x10/0x10
[ 38.168230] ? rcu_unexpedite_gp+0x20/0x20
[ 38.172474] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 38.178017] ? check_preemption_disabled+0x48/0x200
[ 38.183039] synchronize_srcu+0x356/0x5ab
[ 38.187193] ? lock_downgrade+0x900/0x900
[ 38.191344] ? synchronize_srcu_expedited+0x20/0x20
[ 38.196365] ? kasan_check_read+0x11/0x20
[ 38.200521] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 38.205108] ? kasan_check_write+0x14/0x20
[ 38.209342] ? do_raw_spin_lock+0xc1/0x200
[ 38.213599] kvm_page_track_unregister_notifier+0x17d/0x250
[ 38.219320] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 38.224774] ? kvfree+0x61/0x70
[ 38.228054] ? rcu_read_lock_sched_held+0x108/0x120
[ 38.233072] kvm_mmu_uninit_vm+0x1c/0x20
[ 38.237135] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 38.241545] ? kvm_arch_sync_events+0x30/0x30
[ 38.246046] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 38.251581] ? mmu_notifier_unregister+0x474/0x600
[ 38.256512] ? kfree+0x107/0x230
[ 38.259882] ? __mmu_notifier_register+0x30/0x30
[ 38.264654] ? __free_pages+0x10a/0x190
[ 38.268641] ? free_unref_page+0x960/0x960
[ 38.272888] kvm_put_kvm+0x6c8/0xff0
[ 38.276609] ? kvm_write_guest_cached+0x40/0x40
[ 38.281288] ? kvm_irqfd_release+0xd1/0x120
[ 38.285612] ? _raw_spin_unlock_irq+0x27/0x80
[ 38.290115] ? _raw_spin_unlock_irq+0x27/0x80
[ 38.294623] ? kasan_check_write+0x14/0x20
[ 38.298871] ? do_raw_spin_lock+0xc1/0x200
[ 38.303117] ? kvm_irqfd_release+0xdd/0x120
[ 38.307435] ? kvm_irqfd_release+0xdd/0x120
[ 38.312460] ? kvm_put_kvm+0xff0/0xff0
[ 38.316351] kvm_vm_release+0x42/0x50
[ 38.320173] __fput+0x385/0xa30
[ 38.323451] ? get_max_files+0x20/0x20
[ 38.327363] ? trace_hardirqs_on+0xbd/0x310
[ 38.331800] ? ___might_sleep+0x1ed/0x300
[ 38.336053] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 38.341492] ? arch_local_save_flags+0x40/0x40
[ 38.346059] ? kasan_check_write+0x14/0x20
[ 38.350283] ? do_raw_spin_lock+0xc1/0x200
[ 38.354501] ____fput+0x15/0x20
[ 38.357764] task_work_run+0x1e8/0x2a0
[ 38.361651] ? task_work_cancel+0x240/0x240
[ 38.365970] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 38.371597] ? switch_task_namespaces+0x9d/0xd0
[ 38.376374] do_exit+0x1ad7/0x2610
[ 38.379904] ? mm_update_next_owner+0x990/0x990
[ 38.384560] ? kvm_vcpu_ioctl+0x29c/0x1150
[ 38.388779] ? rcu_read_lock_sched_held+0x108/0x120
[ 38.393892] ? kfree+0x1fa/0x230
[ 38.397257] ? kvm_vcpu_ioctl+0x2a1/0x1150
[ 38.401497] ? kvm_vcpu_block+0x1030/0x1030
[ 38.405851] ? is_bpf_text_address+0xd3/0x170
[ 38.410336] ? kernel_text_address+0x79/0xf0
[ 38.414818] ? __kernel_text_address+0xd/0x40
[ 38.419347] ? unwind_get_return_address+0x61/0xa0
[ 38.424276] ? __save_stack_trace+0x8d/0xf0
[ 38.428590] ? save_stack+0xa9/0xd0
[ 38.432201] ? save_stack+0x43/0xd0
[ 38.435812] ? __kasan_slab_free+0x102/0x150
[ 38.440209] ? kasan_slab_free+0xe/0x10
[ 38.444174] ? putname+0xf2/0x130
[ 38.447611] ? __x64_sys_openat+0x9d/0x100
[ 38.451835] ? do_syscall_64+0x1b9/0x820
[ 38.455880] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 38.461240] ? trace_hardirqs_off+0xb8/0x310
[ 38.465770] ? kasan_check_read+0x11/0x20
[ 38.469912] ? do_raw_spin_unlock+0xa7/0x2f0
[ 38.474305] ? trace_hardirqs_on+0x310/0x310
[ 38.478701] ? __bpf_trace_initcall_finish+0x2a/0x30
[ 38.483805] ? trace_hardirqs_off+0xb8/0x310
[ 38.488204] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 38.493723] ? check_preemption_disabled+0x48/0x200
[ 38.498762] ? check_preemption_disabled+0x48/0x200
[ 38.503819] ? kvm_vcpu_block+0x1030/0x1030
[ 38.508128] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 38.513658] ? do_vfs_ioctl+0x201/0x1720
[ 38.517704] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[ 38.522969] ? ioctl_preallocate+0x300/0x300
[ 38.527362] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 38.532878] ? __fget_light+0x2e9/0x430
[ 38.536831] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 38.542354] ? smack_file_ioctl+0x210/0x3c0
[ 38.546658] ? fget_raw+0x20/0x20
[ 38.550091] ? smack_file_lock+0x2e0/0x2e0
[ 38.554310] do_group_exit+0x177/0x440
[ 38.558182] ? trace_hardirqs_on+0xbd/0x310
[ 38.562488] ? __ia32_sys_exit+0x50/0x50
[ 38.566530] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 38.572012] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 38.577541] ? ksys_ioctl+0x81/0xd0
[ 38.581152] __x64_sys_exit_group+0x3e/0x50
[ 38.585458] do_syscall_64+0x1b9/0x820
[ 38.589327] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 38.594738] ? syscall_return_slowpath+0x5e0/0x5e0
[ 38.599723] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 38.604558] ? trace_hardirqs_on_caller+0x310/0x310
[ 38.609561] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 38.614561] ? prepare_exit_to_usermode+0x291/0x3b0
[ 38.619559] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 38.624390] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 38.629563] RIP: 0033:0x43ef28
[ 38.632738] Code: fa 29 c2 8d 04 52 c1 e0 02 41 29 c1 49 63 c1 4c 8d 0d 8c 89 21 00 49 8b 04 c1 0f b6 00 88 06 44 0f be 57 01 41 83 ea 01 44 89 <d0> f7 e9 44 89 d0 c1 f8 1f d1 fa 29 c2 8d 04 52 c1 e0 02 41 29 c2
[ 38.651627] RSP: 002b:00007fff904ee808 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 38.659338] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef28
[ 38.666643] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 38.673905] RBP: 00000000004be7e8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 38.681158] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 38.688414] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 38.695700]
[ 38.697316] Allocated by task 5343:
[ 38.700929] save_stack+0x43/0xd0
[ 38.704363] kasan_kmalloc+0xc7/0xe0
[ 38.708160] kasan_slab_alloc+0x12/0x20
[ 38.712124] kmem_cache_alloc+0x12e/0x730
[ 38.716257] vmx_create_vcpu+0xcf/0x25e0
[ 38.720299] kvm_arch_vcpu_create+0xe5/0x220
[ 38.724687] kvm_vm_ioctl+0x470/0x1d40
[ 38.728553] do_vfs_ioctl+0x1de/0x1720
[ 38.732522] ksys_ioctl+0xa9/0xd0
[ 38.735958] __x64_sys_ioctl+0x73/0xb0
[ 38.739830] do_syscall_64+0x1b9/0x820
[ 38.743707] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 38.748875]
[ 38.750481] Freed by task 5343:
[ 38.753742] save_stack+0x43/0xd0
[ 38.757178] __kasan_slab_free+0x102/0x150
[ 38.761401] kasan_slab_free+0xe/0x10
[ 38.765188] kmem_cache_free+0x83/0x290
[ 38.769150] vmx_free_vcpu+0x26b/0x300
[ 38.773020] kvm_arch_destroy_vm+0x365/0x7c0
[ 38.777411] kvm_put_kvm+0x6c8/0xff0
[ 38.781102] kvm_vm_release+0x42/0x50
[ 38.784928] __fput+0x385/0xa30
[ 38.788195] ____fput+0x15/0x20
[ 38.791453] task_work_run+0x1e8/0x2a0
[ 38.795324] do_exit+0x1ad7/0x2610
[ 38.798845] do_group_exit+0x177/0x440
[ 38.802710] __x64_sys_exit_group+0x3e/0x50
[ 38.807012] do_syscall_64+0x1b9/0x820
[ 38.810885] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 38.816084]
[ 38.817694] The buggy address belongs to the object at ffff8801d9318040
[ 38.817694] which belongs to the cache kvm_vcpu of size 23872
[ 38.830320] The buggy address is located 24 bytes inside of
[ 38.830320] 23872-byte region [ffff8801d9318040, ffff8801d931dd80)
[ 38.842266] The buggy address belongs to the page:
[ 38.847178] page:ffffea000764c600 count:1 mapcount:0 mapping:ffff8801d4f4ec00 index:0x0 compound_mapcount: 0
[ 38.857131] flags: 0x2fffc0000008100(slab|head)
[ 38.861789] raw: 02fffc0000008100 ffff8801d55c2848 ffff8801d55c2848 ffff8801d4f4ec00
[ 38.869665] raw: 0000000000000000 ffff8801d9318040 0000000100000001 0000000000000000
[ 38.877558] page dumped because: kasan: bad access detected
[ 38.883295]
[ 38.884910] Memory state around the buggy address:
[ 38.889865] ffff8801d9317f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 38.897226] ffff8801d9317f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 38.904624] >ffff8801d9318000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 38.911986] ^
[ 38.918216] ffff8801d9318080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.925560] ffff8801d9318100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.932909] ==================================================================
[ 38.940250] Kernel panic - not syncing: panic_on_warn set ...
[ 38.940250]
[ 38.947596] CPU: 0 PID: 5343 Comm: syz-executor929 Tainted: G B 4.19.0-rc4+ #25
[ 38.956330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 38.965671] Call Trace:
[ 38.968333] dump_stack+0x1c4/0x2b4
[ 38.971951] ? dump_stack_print_info.cold.2+0x52/0x52
[ 38.977125] ? lock_downgrade+0x900/0x900
[ 38.981261] panic+0x238/0x4e7
[ 38.984435] ? add_taint.cold.5+0x16/0x16
[ 38.988575] ? print_shadow_for_address+0xb6/0x116
[ 38.993493] ? trace_hardirqs_off+0xaf/0x310
[ 38.997895] kasan_end_report+0x47/0x4f
[ 39.001858] kasan_report.cold.9+0x76/0x309
[ 39.006174] ? __schedule+0xfc3/0x1ed0
[ 39.010049] __asan_report_load8_noabort+0x14/0x20
[ 39.014967] __schedule+0xfc3/0x1ed0
[ 39.018715] ? __sched_text_start+0x8/0x8
[ 39.022863] ? __lock_is_held+0xb5/0x140
[ 39.026913] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 39.032008] ? find_held_lock+0x36/0x1c0
[ 39.036065] ? __call_srcu+0x7f9/0x1070
[ 39.040027] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 39.045115] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 39.050207] ? lockdep_hardirqs_on+0x421/0x5c0
[ 39.054783] ? preempt_schedule+0x4d/0x60
[ 39.058922] preempt_schedule_common+0x1f/0xd0
[ 39.063491] preempt_schedule+0x4d/0x60
[ 39.067450] ___preempt_schedule+0x16/0x18
[ 39.071673] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 39.076658] __call_srcu+0x7f9/0x1070
[ 39.080521] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 39.085639] ? srcu_offline_cpu+0x120/0x120
[ 39.090025] ? debug_object_free+0x690/0x690
[ 39.094432] ? mark_held_locks+0x130/0x130
[ 39.098660] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 39.103227] ? lock_release+0x970/0x970
[ 39.107191] ? arch_local_save_flags+0x40/0x40
[ 39.111883] ? depot_save_stack+0x292/0x470
[ 39.116193] ? __lockdep_init_map+0x105/0x590
[ 39.120741] ? __init_waitqueue_head+0x9e/0x150
[ 39.125397] ? init_wait_entry+0x1c0/0x1c0
[ 39.129615] __synchronize_srcu+0x17b/0x230
[ 39.133926] ? call_srcu+0x10/0x10
[ 39.137446] ? rcu_unexpedite_gp+0x20/0x20
[ 39.141671] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 39.147195] ? check_preemption_disabled+0x48/0x200
[ 39.152216] synchronize_srcu+0x356/0x5ab
[ 39.156351] ? lock_downgrade+0x900/0x900
[ 39.160479] ? synchronize_srcu_expedited+0x20/0x20
[ 39.165480] ? kasan_check_read+0x11/0x20
[ 39.169606] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 39.174171] ? kasan_check_write+0x14/0x20
[ 39.178385] ? do_raw_spin_lock+0xc1/0x200
[ 39.182604] kvm_page_track_unregister_notifier+0x17d/0x250
[ 39.188294] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 39.193727] ? kvfree+0x61/0x70
[ 39.196989] ? rcu_read_lock_sched_held+0x108/0x120
[ 39.201995] kvm_mmu_uninit_vm+0x1c/0x20
[ 39.206042] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 39.210440] ? kvm_arch_sync_events+0x30/0x30
[ 39.214922] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 39.220440] ? mmu_notifier_unregister+0x474/0x600
[ 39.225393] ? kfree+0x107/0x230
[ 39.228749] ? __mmu_notifier_register+0x30/0x30
[ 39.233486] ? __free_pages+0x10a/0x190
[ 39.237440] ? free_unref_page+0x960/0x960
[ 39.241663] kvm_put_kvm+0x6c8/0xff0
[ 39.245360] ? kvm_write_guest_cached+0x40/0x40
[ 39.250052] ? kvm_irqfd_release+0xd1/0x120
[ 39.254362] ? _raw_spin_unlock_irq+0x27/0x80
[ 39.258839] ? _raw_spin_unlock_irq+0x27/0x80
[ 39.263326] ? kasan_check_write+0x14/0x20
[ 39.267550] ? do_raw_spin_lock+0xc1/0x200
[ 39.271773] ? kvm_irqfd_release+0xdd/0x120
[ 39.276077] ? kvm_irqfd_release+0xdd/0x120
[ 39.280383] ? kvm_put_kvm+0xff0/0xff0
[ 39.284331] kvm_vm_release+0x42/0x50
[ 39.288119] __fput+0x385/0xa30
[ 39.291379] ? get_max_files+0x20/0x20
[ 39.295257] ? trace_hardirqs_on+0xbd/0x310
[ 39.299563] ? ___might_sleep+0x1ed/0x300
[ 39.303694] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 39.309129] ? arch_local_save_flags+0x40/0x40
[ 39.313693] ? kasan_check_write+0x14/0x20
[ 39.317911] ? do_raw_spin_lock+0xc1/0x200
[ 39.322128] ____fput+0x15/0x20
[ 39.325388] task_work_run+0x1e8/0x2a0
[ 39.329257] ? task_work_cancel+0x240/0x240
[ 39.333563] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 39.339082] ? switch_task_namespaces+0x9d/0xd0
[ 39.343737] do_exit+0x1ad7/0x2610
[ 39.347259] ? mm_update_next_owner+0x990/0x990
[ 39.351911] ? kvm_vcpu_ioctl+0x29c/0x1150
[ 39.356125] ? rcu_read_lock_sched_held+0x108/0x120
[ 39.361229] ? kfree+0x1fa/0x230
[ 39.364581] ? kvm_vcpu_ioctl+0x2a1/0x1150
[ 39.368796] ? kvm_vcpu_block+0x1030/0x1030
[ 39.373119] ? is_bpf_text_address+0xd3/0x170
[ 39.377614] ? kernel_text_address+0x79/0xf0
[ 39.382041] ? __kernel_text_address+0xd/0x40
[ 39.386526] ? unwind_get_return_address+0x61/0xa0
[ 39.391441] ? __save_stack_trace+0x8d/0xf0
[ 39.395747] ? save_stack+0xa9/0xd0
[ 39.399533] ? save_stack+0x43/0xd0
[ 39.403153] ? __kasan_slab_free+0x102/0x150
[ 39.407548] ? kasan_slab_free+0xe/0x10
[ 39.411594] ? putname+0xf2/0x130
[ 39.415039] ? __x64_sys_openat+0x9d/0x100
[ 39.419266] ? do_syscall_64+0x1b9/0x820
[ 39.423352] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 39.428706] ? trace_hardirqs_off+0xb8/0x310
[ 39.433104] ? kasan_check_read+0x11/0x20
[ 39.437243] ? do_raw_spin_unlock+0xa7/0x2f0
[ 39.441698] ? trace_hardirqs_on+0x310/0x310
[ 39.446100] ? __bpf_trace_initcall_finish+0x2a/0x30
[ 39.451188] ? trace_hardirqs_off+0xb8/0x310
[ 39.455585] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 39.461108] ? check_preemption_disabled+0x48/0x200
[ 39.466102] ? check_preemption_disabled+0x48/0x200
[ 39.471101] ? kvm_vcpu_block+0x1030/0x1030
[ 39.475409] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 39.480934] ? do_vfs_ioctl+0x201/0x1720
[ 39.487240] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[ 39.492499] ? ioctl_preallocate+0x300/0x300
[ 39.496896] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 39.502416] ? __fget_light+0x2e9/0x430
[ 39.506378] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 39.511946] ? smack_file_ioctl+0x210/0x3c0
[ 39.516348] ? fget_raw+0x20/0x20
[ 39.519793] ? smack_file_lock+0x2e0/0x2e0
[ 39.524020] do_group_exit+0x177/0x440
[ 39.527896] ? trace_hardirqs_on+0xbd/0x310
[ 39.532303] ? __ia32_sys_exit+0x50/0x50
[ 39.536350] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 39.541790] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 39.547321] ? ksys_ioctl+0x81/0xd0
[ 39.551041] __x64_sys_exit_group+0x3e/0x50
[ 39.555369] do_syscall_64+0x1b9/0x820
[ 39.559239] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 39.564588] ? syscall_return_slowpath+0x5e0/0x5e0
[ 39.569506] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 39.574338] ? trace_hardirqs_on_caller+0x310/0x310
[ 39.579338] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 39.584412] ? prepare_exit_to_usermode+0x291/0x3b0
[ 39.589449] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 39.594304] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 39.599491] RIP: 0033:0x43ef28
[ 39.602686] Code: fa 29 c2 8d 04 52 c1 e0 02 41 29 c1 49 63 c1 4c 8d 0d 8c 89 21 00 49 8b 04 c1 0f b6 00 88 06 44 0f be 57 01 41 83 ea 01 44 89 <d0> f7 e9 44 89 d0 c1 f8 1f d1 fa 29 c2 8d 04 52 c1 e0 02 41 29 c2
[ 39.621589] RSP: 002b:00007fff904ee808 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 39.629297] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef28
[ 39.636563] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 39.643828] RBP: 00000000004be7e8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 39.651182] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 39.658466] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 39.665744]
[ 39.665750] ======================================================
[ 39.665755] WARNING: possible circular locking dependency detected
[ 39.665759] 4.19.0-rc4+ #25 Not tainted
[ 39.665765] ------------------------------------------------------
[ 39.665770] syz-executor929/5343 is trying to acquire lock:
[ 39.665774] 000000002a1be66d ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 39.665790]
[ 39.665795] but task is already holding lock:
[ 39.665798] 0000000041c8781e (report_lock){....}, at: kasan_report+0x8b/0x110
[ 39.665814]
[ 39.665819] which lock already depends on the new lock.
[ 39.665821]
[ 39.665824]
[ 39.665829] the existing dependency chain (in reverse order) is:
[ 39.665832]
[ 39.665834] -> #3 (report_lock){....}:
[ 39.665850] _raw_spin_lock_irqsave+0x99/0xd0
[ 39.665854] kasan_report+0x8b/0x110
[ 39.665859] __asan_report_load8_noabort+0x14/0x20
[ 39.665863] __schedule+0xfc3/0x1ed0
[ 39.665868] preempt_schedule_common+0x1f/0xd0
[ 39.665872] preempt_schedule+0x4d/0x60
[ 39.665876] ___preempt_schedule+0x16/0x18
[ 39.665881] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 39.665885] __call_srcu+0x7f9/0x1070
[ 39.665890] __synchronize_srcu+0x17b/0x230
[ 39.665894] synchronize_srcu+0x356/0x5ab
[ 39.665900] kvm_page_track_unregister_notifier+0x17d/0x250
[ 39.665904] kvm_mmu_uninit_vm+0x1c/0x20
[ 39.665908] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 39.665913] kvm_put_kvm+0x6c8/0xff0
[ 39.665917] kvm_vm_release+0x42/0x50
[ 39.665920] __fput+0x385/0xa30
[ 39.665924] ____fput+0x15/0x20
[ 39.665929] task_work_run+0x1e8/0x2a0
[ 39.665933] do_exit+0x1ad7/0x2610
[ 39.665937] do_group_exit+0x177/0x440
[ 39.665941] __x64_sys_exit_group+0x3e/0x50
[ 39.665945] do_syscall_64+0x1b9/0x820
[ 39.665950] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 39.665953]
[ 39.665955] -> #2 (&rq->lock){-.-.}:
[ 39.665970] _raw_spin_lock+0x2d/0x40
[ 39.665975] task_fork_fair+0xb0/0x6d0
[ 39.665979] sched_fork+0x443/0xba0
[ 39.665983] copy_process+0x2586/0x8780
[ 39.665987] _do_fork+0x1cb/0x11d0
[ 39.665991] kernel_thread+0x34/0x40
[ 39.665995] rest_init+0x22/0xe5
[ 39.665999] start_kernel+0x8f4/0x92f
[ 39.666003] x86_64_start_reservations+0x29/0x2b
[ 39.666008] x86_64_start_kernel+0x76/0x79
[ 39.666012] secondary_startup_64+0xa4/0xb0
[ 39.666015]
[ 39.666017] -> #1 (&p->pi_lock){-.-.}:
[ 39.666033] _raw_spin_lock_irqsave+0x99/0xd0
[ 39.666037] try_to_wake_up+0xd2/0x12f0
[ 39.666041] wake_up_process+0x10/0x20
[ 39.666046] __up.isra.1+0x1c0/0x2a0
[ 39.666049] up+0x13c/0x1c0
[ 39.666053] __up_console_sem+0xbe/0x1b0
[ 39.666058] console_unlock+0x814/0x1160
[ 39.666062] vprintk_emit+0x33d/0x930
[ 39.666066] vprintk_default+0x28/0x30
[ 39.666070] vprintk_func+0x7e/0x181
[ 39.666074] printk+0xa7/0xcf
[ 39.666078] load_umh+0x51/0xbd
[ 39.666082] do_one_initcall+0x145/0x957
[ 39.666086] kernel_init_freeable+0x4bb/0x5ae
[ 39.666090] kernel_init+0x11/0x1b2
[ 39.666095] ret_from_fork+0x3a/0x50
[ 39.666097]
[ 39.666100] -> #0 ((console_sem).lock){-...}:
[ 39.666115] lock_acquire+0x1ed/0x520
[ 39.666120] _raw_spin_lock_irqsave+0x99/0xd0
[ 39.666124] down_trylock+0x13/0x70
[ 39.666128] __down_trylock_console_sem+0xae/0x200
[ 39.666133] console_trylock+0x15/0xa0
[ 39.666137] vprintk_emit+0x322/0x930
[ 39.666141] vprintk_default+0x28/0x30
[ 39.666145] vprintk_func+0x7e/0x181
[ 39.666149] printk+0xa7/0xcf
[ 39.666153] kasan_report+0x9b/0x110
[ 39.666158] __asan_report_load8_noabort+0x14/0x20
[ 39.666162] __schedule+0xfc3/0x1ed0
[ 39.666167] preempt_schedule_common+0x1f/0xd0
[ 39.666171] preempt_schedule+0x4d/0x60
[ 39.666176] ___preempt_schedule+0x16/0x18
[ 39.666180] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 39.666184] __call_srcu+0x7f9/0x1070
[ 39.666189] __synchronize_srcu+0x17b/0x230
[ 39.666193] synchronize_srcu+0x356/0x5ab
[ 39.666198] kvm_page_track_unregister_notifier+0x17d/0x250
[ 39.666203] kvm_mmu_uninit_vm+0x1c/0x20
[ 39.666207] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 39.666211] kvm_put_kvm+0x6c8/0xff0
[ 39.666216] kvm_vm_release+0x42/0x50
[ 39.666219] __fput+0x385/0xa30
[ 39.666223] ____fput+0x15/0x20
[ 39.666227] task_work_run+0x1e8/0x2a0
[ 39.666231] do_exit+0x1ad7/0x2610
[ 39.666236] do_group_exit+0x177/0x440
[ 39.666240] __x64_sys_exit_group+0x3e/0x50
[ 39.666244] do_syscall_64+0x1b9/0x820
[ 39.666249] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 39.666252]
[ 39.666256] other info that might help us debug this:
[ 39.666259]
[ 39.666262] Chain exists of:
[ 39.666265] (console_sem).lock --> &rq->lock --> report_lock
[ 39.666285]
[ 39.666289] Possible unsafe locking scenario:
[ 39.666291]
[ 39.666296] CPU0 CPU1
[ 39.666300] ---- ----
[ 39.666303] lock(report_lock);
[ 39.666313] lock(&rq->lock);
[ 39.666323] lock(report_lock);
[ 39.666332] lock((console_sem).lock);
[ 39.666340]
[ 39.666344] *** DEADLOCK ***
[ 39.666346]
[ 39.666351] 2 locks held by syz-executor929/5343:
[ 39.666353] #0: 00000000e4c3b711 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0
[ 39.666372] #1: 0000000041c8781e (report_lock){....}, at: kasan_report+0x8b/0x110
[ 39.666390]
[ 39.666393] stack backtrace:
[ 39.666400] CPU: 0 PID: 5343 Comm: syz-executor929 Not tainted 4.19.0-rc4+ #25
[ 39.666407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 39.666411] Call Trace:
[ 39.666415] dump_stack+0x1c4/0x2b4
[ 39.666420] ? dump_stack_print_info.cold.2+0x52/0x52
[ 39.666424] ? vprintk_func+0x85/0x181
[ 39.666429] print_circular_bug.isra.33.cold.54+0x1bd/0x27d
[ 39.666433] ? save_trace+0xe0/0x290
[ 39.666438] __lock_acquire+0x33e4/0x4ec0
[ 39.666442] ? mark_held_locks+0x130/0x130
[ 39.666446] ? mark_held_locks+0x130/0x130
[ 39.666450] ? rcu_bh_qs+0xc0/0xc0
[ 39.666454] ? unwind_dump+0x190/0x190
[ 39.666459] ? is_bpf_text_address+0xd3/0x170
[ 39.666463] ? kernel_text_address+0x79/0xf0
[ 39.666468] ? __kernel_text_address+0xd/0x40
[ 39.666472] ? __save_stack_trace+0x8d/0xf0
[ 39.666477] ? add_lock_to_list.isra.26+0x1ec/0x4b0
[ 39.666481] ? save_trace+0x290/0x290
[ 39.666486] ? save_stack_trace+0x1a/0x20
[ 39.666490] ? save_trace+0xe0/0x290
[ 39.666494] ? kasan_check_read+0x11/0x20
[ 39.666498] ? graph_lock+0x170/0x170
[ 39.666503] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 39.666507] lock_acquire+0x1ed/0x520
[ 39.666512] ? down_trylock+0x13/0x70
[ 39.666516] ? find_held_lock+0x36/0x1c0
[ 39.666520] ? lock_release+0x970/0x970
[ 39.666525] ? trace_hardirqs_off+0xb8/0x310
[ 39.666529] ? vprintk_emit+0x1d3/0x930
[ 39.666533] ? trace_hardirqs_on+0x310/0x310
[ 39.666538] ? trace_hardirqs_off+0xb8/0x310
[ 39.666542] ? log_store+0x344/0x4c0
[ 39.666546] ? vprintk_emit+0x322/0x930
[ 39.666551] _raw_spin_lock_irqsave+0x99/0xd0
[ 39.666555] ? down_trylock+0x13/0x70
[ 39.666559] down_trylock+0x13/0x70
[ 39.666564] __down_trylock_console_sem+0xae/0x200
[ 39.666568] console_trylock+0x15/0xa0
[ 39.666572] vprintk_emit+0x322/0x930
[ 39.666576] ? wake_up_klogd+0x180/0x180
[ 39.666581] ? run_rebalance_domains+0x500/0x500
[ 39.666585] ? find_held_lock+0x36/0x1c0
[ 39.666589] ? __queue_work+0x6be/0x1440
[ 39.666593] ? lock_acquire+0x1ed/0x520
[ 39.666598] vprintk_default+0x28/0x30
[ 39.666602] vprintk_func+0x7e/0x181
[ 39.666605] printk+0xa7/0xcf
[ 39.666610] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 39.666614] ? kasan_check_write+0x14/0x20
[ 39.666619] ? do_raw_spin_lock+0xc1/0x200
[ 39.666623] ? do_raw_spin_lock+0xc1/0x200
[ 39.666627] kasan_report+0x9b/0x110
[ 39.666639] ? __schedule+0xfc3/0x1ed0
[ 39.666644] __asan_report_load8_noabort+0x14/0x20
[ 39.666648] __schedule+0xfc3/0x1ed0
[ 39.666658] ? __sched_text_start+0x8/0x8
[ 39.666663] ? __lock_is_held+0xb5/0x140
[ 39.666668] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 39.666672] ? find_held_lock+0x36/0x1c0
[ 39.666676] ? __call_srcu+0x7f9/0x1070
[ 39.666681] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 39.666686] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 39.666691] ? lockdep_hardirqs_on+0x421/0x5c0
[ 39.666695] ? preempt_schedule+0x4d/0x60
[ 39.666700] preempt_schedule_common+0x1f/0xd0
[ 39.666704] preempt_schedule+0x4d/0x60
[ 39.666708] ___preempt_schedule+0x16/0x18
[ 39.666713] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 39.666717] __call_srcu+0x7f9/0x1070
[ 39.666722] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 39.666727] ? srcu_offline_cpu+0x120/0x120
[ 39.666731] ? debug_object_free+0x690/0x690
[ 39.666736] ? mark_held_locks+0x130/0x130
[ 39.666740] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 39.666745] ? lock_release+0x970/0x970
[ 39.666749] ? arch_local_save_flags+0x40/0x40
[ 39.666754] ? depot_save_stack+0x292/0x470
[ 39.666758] ? __lockdep_init_map+0x105/0x590
[ 39.666763] ? __init_waitqueue_head+0x9e/0x150
[ 39.666767] ? init_wait_entry+0x1c0/0x1c0
[ 39.666772] __synchronize_srcu+0x17b/0x230
[ 39.666776] ? call_srcu+0x10/0x10
[ 39.666780] ? rcu_unexpedite_gp+0x20/0x20
[ 39.666785] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 39.666790] ? check_preemption_disabled+0x48/0x200
[ 39.666795] synchronize_srcu+0x356/0x5ab
[ 39.666799] ? lock_downgrade+0x900/0x900
[ 39.666809] ? synchronize_srcu_expedited+0x20/0x20
[ 39.666813] ? kasan_check_read+0x11/0x20
[ 39.666818] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 39.666822] ? kasan_check_write+0x14/0x20
[ 39.666827] ? do_raw_spin_lock+0xc1/0x200
[ 39.666832] kvm_page_track_unregister_notifier+0x17d/0x250
[ 39.666837] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 39.666841] ? kvfree+0x61/0x70
[ 39.666846] ? rcu_read_lock_sched_held+0x108/0x120
[ 39.666850] kvm_mmu_uninit_vm+0x1c/0x20
[ 39.666855] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 39.666859] ? kvm_arch_sync_events+0x30/0x30
[ 39.666864] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 39.666869] ? mmu_notifier_unregister+0x474/0x600
[ 39.666873] ? kfree+0x107/0x230
[ 39.666878] ? __mmu_notifier_register+0x30/0x30
[ 39.666882] ? __free_pages+0x10a/0x190
[ 39.666886] ? free_unref_page+0x960/0x960
[ 39.666890] kvm_put_kvm+0x6c8/0xff0
[ 39.666895] ? kvm_write_guest_cached+0x40/0x40
[ 39.666899] ? kvm_irqfd_release+0xd1/0x120
[ 39.666904] ? _raw_spin_unlock_irq+0x27/0x80
[ 39.666909] ? _raw_spin_unlock_irq+0x27/0x80
[ 39.666913] ? kasan_check_write+0x14/0x20
[ 39.666917] ? do_raw_spin_lock+0xc1/0x200
[ 39.666922] ? kvm_irqfd_release+0xdd/0x120
[ 39.666925] ? kvm_irqfd_release+0x
[ 39.666934] Lost 80 message(s)!
[ 40.817316] Shutting down cpus with NMI
[ 41.875400] Kernel Offset: disabled
[ 41.879026] Rebooting in 86400 seconds..