[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 23.468736] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 27.560607] random: sshd: uninitialized urandom read (32 bytes read)
[ 27.982921] random: sshd: uninitialized urandom read (32 bytes read)
[ 28.527371] random: sshd: uninitialized urandom read (32 bytes read)
[ 28.702236] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts.
[ 34.435140] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 34.533191] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 34.558304] ==================================================================
[ 34.568151] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[ 34.574378] Read of size 8 at addr ffff8801b4560058 by task syz-executor619/4693
[ 34.581895]
[ 34.583520] CPU: 0 PID: 4693 Comm: syz-executor619 Not tainted 4.19.0-rc1+ #216
[ 34.590955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.600298] Call Trace:
[ 34.602897] dump_stack+0x1c9/0x2b4
[ 34.606522] ? dump_stack_print_info.cold.2+0x52/0x52
[ 34.611706] ? printk+0xa7/0xcf
[ 34.614990] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 34.619748] ? __schedule+0xf54/0x1df0
[ 34.623637] print_address_description+0x6c/0x20b
[ 34.628477] ? __schedule+0xf54/0x1df0
[ 34.632359] kasan_report.cold.7+0x242/0x30d
[ 34.636772] __asan_report_load8_noabort+0x14/0x20
[ 34.641695] __schedule+0xf54/0x1df0
[ 34.645416] ? __sched_text_start+0x8/0x8
[ 34.649560] ? _raw_spin_unlock_irqrestore+0xa1/0xc0
[ 34.654658] ? __call_srcu+0x7e7/0x1040
[ 34.658636] ? check_same_owner+0x340/0x340
[ 34.662953] ? mark_held_locks+0x160/0x160
[ 34.667184] ? find_held_lock+0x36/0x1c0
[ 34.671245] preempt_schedule_common+0x22/0x60
[ 34.675823] _cond_resched+0x1d/0x30
[ 34.679538] wait_for_completion+0xa5/0x8d0
[ 34.683861] ? wait_for_completion_interruptible+0x950/0x950
[ 34.689657] ? __lockdep_init_map+0x105/0x590
[ 34.694148] ? __init_waitqueue_head+0x9e/0x150
[ 34.698811] ? init_wait_entry+0x1c0/0x1c0
[ 34.703053] __synchronize_srcu+0x189/0x240
[ 34.707383] ? call_srcu+0x10/0x10
[ 34.710920] ? rcu_unexpedite_gp+0x20/0x20
[ 34.715156] synchronize_srcu+0x335/0x56f
[ 34.719298] ? lock_downgrade+0x8f0/0x8f0
[ 34.723440] ? synchronize_srcu_expedited+0x20/0x20
[ 34.728453] ? kasan_check_read+0x11/0x20
[ 34.732600] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 34.737178] ? kasan_check_write+0x14/0x20
[ 34.741409] ? do_raw_spin_lock+0xc1/0x200
[ 34.745647] kvm_page_track_unregister_notifier+0x17d/0x250
[ 34.751353] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 34.756804] ? kvfree+0x61/0x70
[ 34.760085] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.765114] kvm_mmu_uninit_vm+0x1c/0x20
[ 34.769190] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 34.773611] ? kvm_arch_sync_events+0x30/0x30
[ 34.778105] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 34.783647] ? mmu_notifier_unregister+0x474/0x600
[ 34.788571] ? trace_hardirqs_on+0x2c0/0x2c0
[ 34.792974] ? kfree+0x111/0x210
[ 34.796338] ? __mmu_notifier_register+0x30/0x30
[ 34.801096] ? __free_pages+0x10a/0x190
[ 34.805070] ? free_unref_page+0x930/0x930
[ 34.809308] kvm_put_kvm+0x73f/0x1060
[ 34.813109] ? kvm_write_guest_cached+0x40/0x40
[ 34.817776] ? _raw_spin_unlock_irq+0x27/0x70
[ 34.822263] ? _raw_spin_unlock_irq+0x27/0x70
[ 34.826757] ? lockdep_hardirqs_on+0x421/0x5c0
[ 34.831339] ? kasan_check_write+0x14/0x20
[ 34.835571] ? do_raw_spin_lock+0xc1/0x200
[ 34.839801] ? kvm_irqfd_release+0xdd/0x120
[ 34.844204] ? kvm_irqfd_release+0xdd/0x120
[ 34.848526] ? kvm_put_kvm+0x1060/0x1060
[ 34.852583] kvm_vm_release+0x42/0x50
[ 34.856382] __fput+0x38a/0xa40
[ 34.859674] ? __alloc_file+0x400/0x400
[ 34.863648] ? check_same_owner+0x340/0x340
[ 34.867969] ? kasan_check_write+0x14/0x20
[ 34.872198] ? do_raw_spin_lock+0xc1/0x200
[ 34.876429] ____fput+0x15/0x20
[ 34.879728] task_work_run+0x1e8/0x2a0
[ 34.883635] ? task_work_cancel+0x240/0x240
[ 34.888043] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 34.893576] ? switch_task_namespaces+0xa2/0xd0
[ 34.898243] do_exit+0x1ae4/0x26e0
[ 34.901780] ? mm_update_next_owner+0x9a0/0x9a0
[ 34.906448] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 34.910685] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.915709] ? kfree+0x1d7/0x210
[ 34.919084] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 34.923316] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 34.929028] ? is_bpf_text_address+0xd7/0x170
[ 34.933517] ? kernel_text_address+0x79/0xf0
[ 34.937918] ? __kernel_text_address+0xd/0x40
[ 34.942410] ? unwind_get_return_address+0x61/0xa0
[ 34.947341] ? __save_stack_trace+0x8d/0xf0
[ 34.951664] ? save_stack+0xa9/0xd0
[ 34.955292] ? save_stack+0x43/0xd0
[ 34.958913] ? __kasan_slab_free+0x11a/0x170
[ 34.963316] ? kasan_slab_free+0xe/0x10
[ 34.967283] ? putname+0xf2/0x130
[ 34.970741] ? __x64_sys_openat+0x9d/0x100
[ 34.974975] ? do_syscall_64+0x1b9/0x820
[ 34.979031] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.984389] ? trace_hardirqs_off+0xb8/0x2b0
[ 34.988792] ? kasan_check_read+0x11/0x20
[ 34.992938] ? do_raw_spin_unlock+0xa7/0x2f0
[ 34.997342] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.001754] ? initcall_blacklisted+0x9a/0x1e0
[ 35.006332] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 35.011464] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 35.017175] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.022708] ? do_vfs_ioctl+0x201/0x1720
[ 35.026773] ? rcu_is_watching+0x8c/0x150
[ 35.030999] ? trace_hardirqs_on+0xbd/0x2c0
[ 35.035320] ? ioctl_preallocate+0x300/0x300
[ 35.039737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.045358] ? __fget_light+0x2f7/0x440
[ 35.049328] ? fget_raw+0x20/0x20
[ 35.052778] ? putname+0xf2/0x130
[ 35.056230] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.061242] ? kmem_cache_free+0x246/0x280
[ 35.065485] ? putname+0xf7/0x130
[ 35.068937] do_group_exit+0x177/0x440
[ 35.072823] ? trace_hardirqs_on+0xbd/0x2c0
[ 35.077146] ? __ia32_sys_exit+0x50/0x50
[ 35.081204] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 35.086305] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.091843] ? ksys_ioctl+0x81/0xd0
[ 35.095474] __x64_sys_exit_group+0x3e/0x50
[ 35.099793] do_syscall_64+0x1b9/0x820
[ 35.103679] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 35.109040] ? syscall_return_slowpath+0x5e0/0x5e0
[ 35.113967] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.118804] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 35.123822] ? prepare_exit_to_usermode+0x291/0x3b0
[ 35.128851] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.133695] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.138886] RIP: 0033:0x43f028
[ 35.142077] Code: Bad RIP value.
[ 35.145432] RSP: 002b:00007fff64433de8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 35.153136] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028
[ 35.160397] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 35.167659] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 35.174920] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 35.182181] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[ 35.189451]
[ 35.191098] Allocated by task 4693:
[ 35.194734] save_stack+0x43/0xd0
[ 35.198187] kasan_kmalloc+0xc4/0xe0
[ 35.201895] kasan_slab_alloc+0x12/0x20
[ 35.205862] kmem_cache_alloc+0x12e/0x710
[ 35.210017] vmx_create_vcpu+0xcf/0x2830
[ 35.214069] kvm_arch_vcpu_create+0xe5/0x220
[ 35.218496] kvm_vm_ioctl+0x488/0x1d80
[ 35.222380] do_vfs_ioctl+0x1de/0x1720
[ 35.226259] ksys_ioctl+0xa9/0xd0
[ 35.229707] __x64_sys_ioctl+0x73/0xb0
[ 35.233597] do_syscall_64+0x1b9/0x820
[ 35.237482] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.242650]
[ 35.244256] Freed by task 4693:
[ 35.247518] save_stack+0x43/0xd0
[ 35.250999] __kasan_slab_free+0x11a/0x170
[ 35.255230] kasan_slab_free+0xe/0x10
[ 35.259022] kmem_cache_free+0x86/0x280
[ 35.262992] vmx_free_vcpu+0x26b/0x300
[ 35.266874] kvm_arch_destroy_vm+0x365/0x7c0
[ 35.271278] kvm_put_kvm+0x73f/0x1060
[ 35.275074] kvm_vm_release+0x42/0x50
[ 35.278867] __fput+0x38a/0xa40
[ 35.282139] ____fput+0x15/0x20
[ 35.285414] task_work_run+0x1e8/0x2a0
[ 35.289295] do_exit+0x1ae4/0x26e0
[ 35.292834] do_group_exit+0x177/0x440
[ 35.296721] __x64_sys_exit_group+0x3e/0x50
[ 35.301039] do_syscall_64+0x1b9/0x820
[ 35.304924] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.310101]
[ 35.311739] The buggy address belongs to the object at ffff8801b4560040
[ 35.311739] which belongs to the cache kvm_vcpu of size 23872
[ 35.324306] The buggy address is located 24 bytes inside of
[ 35.324306] 23872-byte region [ffff8801b4560040, ffff8801b4565d80)
[ 35.336261] The buggy address belongs to the page:
[ 35.341195] page:ffffea0006d15800 count:1 mapcount:0 mapping:ffff8801d51f1b40 index:0x0 compound_mapcount: 0
[ 35.351159] flags: 0x2fffc0000008100(slab|head)
[ 35.355836] raw: 02fffc0000008100 ffff8801d51eb848 ffff8801d51eb848 ffff8801d51f1b40
[ 35.363724] raw: 0000000000000000 ffff8801b4560040 0000000100000001 0000000000000000
[ 35.371593] page dumped because: kasan: bad access detected
[ 35.377289]
[ 35.378905] Memory state around the buggy address:
[ 35.383844] ffff8801b455ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 35.391198] ffff8801b455ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 35.398549] >ffff8801b4560000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 35.405893] ^
[ 35.412115] ffff8801b4560080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 35.419481] ffff8801b4560100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 35.426831] ==================================================================
[ 35.434182] Kernel panic - not syncing: panic_on_warn set ...
[ 35.434182]
[ 35.441544] CPU: 0 PID: 4693 Comm: syz-executor619 Tainted: G B 4.19.0-rc1+ #216
[ 35.450368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 35.459711] Call Trace:
[ 35.462311] dump_stack+0x1c9/0x2b4
[ 35.465937] ? dump_stack_print_info.cold.2+0x52/0x52
[ 35.471122] ? lock_downgrade+0x8f0/0x8f0
[ 35.475268] ? __schedule+0xf54/0x1df0
[ 35.479152] panic+0x238/0x4e7
[ 35.482340] ? add_taint.cold.5+0x16/0x16
[ 35.486492] ? print_shadow_for_address+0xba/0x116
[ 35.491504] ? trace_hardirqs_off+0xaf/0x2b0
[ 35.495906] ? trace_hardirqs_off+0x77/0x2b0
[ 35.500313] ? __schedule+0xf54/0x1df0
[ 35.504196] kasan_end_report+0x47/0x4f
[ 35.508165] kasan_report.cold.7+0x76/0x30d
[ 35.512488] __asan_report_load8_noabort+0x14/0x20
[ 35.517413] __schedule+0xf54/0x1df0
[ 35.521125] ? __sched_text_start+0x8/0x8
[ 35.525265] ? _raw_spin_unlock_irqrestore+0xa1/0xc0
[ 35.530366] ? __call_srcu+0x7e7/0x1040
[ 35.534343] ? check_same_owner+0x340/0x340
[ 35.538658] ? mark_held_locks+0x160/0x160
[ 35.542891] ? find_held_lock+0x36/0x1c0
[ 35.546951] preempt_schedule_common+0x22/0x60
[ 35.551529] _cond_resched+0x1d/0x30
[ 35.555239] wait_for_completion+0xa5/0x8d0
[ 35.559559] ? wait_for_completion_interruptible+0x950/0x950
[ 35.565352] ? __lockdep_init_map+0x105/0x590
[ 35.569850] ? __init_waitqueue_head+0x9e/0x150
[ 35.574519] ? init_wait_entry+0x1c0/0x1c0
[ 35.578756] __synchronize_srcu+0x189/0x240
[ 35.583074] ? call_srcu+0x10/0x10
[ 35.586613] ? rcu_unexpedite_gp+0x20/0x20
[ 35.590855] synchronize_srcu+0x335/0x56f
[ 35.594998] ? lock_downgrade+0x8f0/0x8f0
[ 35.599138] ? synchronize_srcu_expedited+0x20/0x20
[ 35.604156] ? kasan_check_read+0x11/0x20
[ 35.608303] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 35.612882] ? kasan_check_write+0x14/0x20
[ 35.617112] ? do_raw_spin_lock+0xc1/0x200
[ 35.621376] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.627084] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 35.632531] ? kvfree+0x61/0x70
[ 35.635835] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.640853] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.644911] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.649313] ? kvm_arch_sync_events+0x30/0x30
[ 35.653808] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.659344] ? mmu_notifier_unregister+0x474/0x600
[ 35.664269] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.668670] ? kfree+0x111/0x210
[ 35.672032] ? __mmu_notifier_register+0x30/0x30
[ 35.676784] ? __free_pages+0x10a/0x190
[ 35.680754] ? free_unref_page+0x930/0x930
[ 35.684994] kvm_put_kvm+0x73f/0x1060
[ 35.688798] ? kvm_write_guest_cached+0x40/0x40
[ 35.693482] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.697972] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.702462] ? lockdep_hardirqs_on+0x421/0x5c0
[ 35.707044] ? kasan_check_write+0x14/0x20
[ 35.711275] ? do_raw_spin_lock+0xc1/0x200
[ 35.715505] ? kvm_irqfd_release+0xdd/0x120
[ 35.719839] ? kvm_irqfd_release+0xdd/0x120
[ 35.724158] ? kvm_put_kvm+0x1060/0x1060
[ 35.728214] kvm_vm_release+0x42/0x50
[ 35.732008] __fput+0x38a/0xa40
[ 35.735282] ? __alloc_file+0x400/0x400
[ 35.739256] ? check_same_owner+0x340/0x340
[ 35.743575] ? kasan_check_write+0x14/0x20
[ 35.747807] ? do_raw_spin_lock+0xc1/0x200
[ 35.752042] ____fput+0x15/0x20
[ 35.755317] task_work_run+0x1e8/0x2a0
[ 35.759199] ? task_work_cancel+0x240/0x240
[ 35.763529] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.769061] ? switch_task_namespaces+0xa2/0xd0
[ 35.773733] do_exit+0x1ae4/0x26e0
[ 35.777272] ? mm_update_next_owner+0x9a0/0x9a0
[ 35.781956] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 35.786190] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.791197] ? kfree+0x1d7/0x210
[ 35.794559] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 35.798793] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 35.804500] ? is_bpf_text_address+0xd7/0x170
[ 35.808992] ? kernel_text_address+0x79/0xf0
[ 35.813399] ? __kernel_text_address+0xd/0x40
[ 35.817893] ? unwind_get_return_address+0x61/0xa0
[ 35.822820] ? __save_stack_trace+0x8d/0xf0
[ 35.827168] ? save_stack+0xa9/0xd0
[ 35.830789] ? save_stack+0x43/0xd0
[ 35.834409] ? __kasan_slab_free+0x11a/0x170
[ 35.838811] ? kasan_slab_free+0xe/0x10
[ 35.842785] ? putname+0xf2/0x130
[ 35.846237] ? __x64_sys_openat+0x9d/0x100
[ 35.850466] ? do_syscall_64+0x1b9/0x820
[ 35.854521] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.859887] ? trace_hardirqs_off+0xb8/0x2b0
[ 35.864313] ? kasan_check_read+0x11/0x20
[ 35.868458] ? do_raw_spin_unlock+0xa7/0x2f0
[ 35.872860] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.877265] ? initcall_blacklisted+0x9a/0x1e0
[ 35.881850] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 35.886953] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 35.892665] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.898195] ? do_vfs_ioctl+0x201/0x1720
[ 35.902250] ? rcu_is_watching+0x8c/0x150
[ 35.906410] ? trace_hardirqs_on+0xbd/0x2c0
[ 35.910752] ? ioctl_preallocate+0x300/0x300
[ 35.915157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.920707] ? __fget_light+0x2f7/0x440
[ 35.924707] ? fget_raw+0x20/0x20
[ 35.928168] ? putname+0xf2/0x130
[ 35.931642] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.936652] ? kmem_cache_free+0x246/0x280
[ 35.940880] ? putname+0xf7/0x130
[ 35.944331] do_group_exit+0x177/0x440
[ 35.948216] ? trace_hardirqs_on+0xbd/0x2c0
[ 35.952533] ? __ia32_sys_exit+0x50/0x50
[ 35.956605] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 35.961705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.967246] ? ksys_ioctl+0x81/0xd0
[ 35.970869] __x64_sys_exit_group+0x3e/0x50
[ 35.975188] do_syscall_64+0x1b9/0x820
[ 35.979071] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 35.984434] ? syscall_return_slowpath+0x5e0/0x5e0
[ 35.989358] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.994196] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 35.999213] ? prepare_exit_to_usermode+0x291/0x3b0
[ 36.004227] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 36.009067] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 36.014251] RIP: 0033:0x43f028
[ 36.017441] Code: Bad RIP value.
[ 36.020796] RSP: 002b:00007fff64433de8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 36.028502] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028
[ 36.035763] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 36.043025] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 36.050372] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 36.057632] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[ 36.064902]
[ 36.064908] ======================================================
[ 36.064913] WARNING: possible circular locking dependency detected
[ 36.064917] 4.19.0-rc1+ #216 Not tainted
[ 36.064922] ------------------------------------------------------
[ 36.064927] syz-executor619/4693 is trying to acquire lock:
[ 36.064931] 00000000faf1cb27 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 36.064946]
[ 36.064950] but task is already holding lock:
[ 36.064953] 00000000c84b562c (report_lock){....}, at: kasan_report+0x8e/0x110
[ 36.064967]
[ 36.064972] which lock already depends on the new lock.
[ 36.064974]
[ 36.064977]
[ 36.064982] the existing dependency chain (in reverse order) is:
[ 36.064984]
[ 36.064986] -> #3 (report_lock){....}:
[ 36.065001] _raw_spin_lock_irqsave+0x96/0xc0
[ 36.065005] kasan_report+0x8e/0x110
[ 36.065009] __asan_report_load8_noabort+0x14/0x20
[ 36.065013] __schedule+0xf54/0x1df0
[ 36.065017] preempt_schedule_common+0x22/0x60
[ 36.065021] _cond_resched+0x1d/0x30
[ 36.065026] wait_for_completion+0xa5/0x8d0
[ 36.065030] __synchronize_srcu+0x189/0x240
[ 36.065034] synchronize_srcu+0x335/0x56f
[ 36.065039] kvm_page_track_unregister_notifier+0x17d/0x250
[ 36.065043] kvm_mmu_uninit_vm+0x1c/0x20
[ 36.065047] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 36.065051] kvm_put_kvm+0x73f/0x1060
[ 36.065055] kvm_vm_release+0x42/0x50
[ 36.065058] __fput+0x38a/0xa40
[ 36.065062] ____fput+0x15/0x20
[ 36.065066] task_work_run+0x1e8/0x2a0
[ 36.065069] do_exit+0x1ae4/0x26e0
[ 36.065073] do_group_exit+0x177/0x440
[ 36.065077] __x64_sys_exit_group+0x3e/0x50
[ 36.065081] do_syscall_64+0x1b9/0x820
[ 36.065086] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 36.065088]
[ 36.065090] -> #2 (&rq->lock){-.-.}:
[ 36.065104] _raw_spin_lock+0x2a/0x40
[ 36.065108] task_fork_fair+0x93/0x680
[ 36.065112] sched_fork+0x44b/0xbd0
[ 36.065116] copy_process+0x235e/0x7ad0
[ 36.065120] _do_fork+0x1ca/0x1170
[ 36.065124] kernel_thread+0x34/0x40
[ 36.065127] rest_init+0x22/0xe4
[ 36.065131] start_kernel+0x913/0x94e
[ 36.065135] x86_64_start_reservations+0x29/0x2b
[ 36.065140] x86_64_start_kernel+0x76/0x79
[ 36.065144] secondary_startup_64+0xa4/0xb0
[ 36.065146]
[ 36.065148] -> #1 (&p->pi_lock){-.-.}:
[ 36.065163] _raw_spin_lock_irqsave+0x96/0xc0
[ 36.065167] try_to_wake_up+0xd2/0x1250
[ 36.065171] wake_up_process+0x10/0x20
[ 36.065174] __up.isra.1+0x1c0/0x2a0
[ 36.065178] up+0x13c/0x1c0
[ 36.065182] __up_console_sem+0xbe/0x1b0
[ 36.065186] console_unlock+0x506/0x10d0
[ 36.065190] vprintk_emit+0x33a/0x910
[ 36.065193] vprintk_default+0x28/0x30
[ 36.065197] vprintk_func+0x7a/0x117
[ 36.065201] printk+0xa7/0xcf
[ 36.065204] load_umh+0x51/0xbd
[ 36.065208] do_one_initcall+0x127/0x838
[ 36.065212] kernel_init_freeable+0x4bb/0x5ae
[ 36.065216] kernel_init+0x11/0x1b3
[ 36.065220] ret_from_fork+0x3a/0x50
[ 36.065222]
[ 36.065224] -> #0 ((console_sem).lock){-...}:
[ 36.065239] lock_acquire+0x1e4/0x4f0
[ 36.065243] _raw_spin_lock_irqsave+0x96/0xc0
[ 36.065247] down_trylock+0x13/0x70
[ 36.065252] __down_trylock_console_sem+0xae/0x200
[ 36.065256] console_trylock+0x15/0xa0
[ 36.065260] vprintk_emit+0x31f/0x910
[ 36.065263] vprintk_default+0x28/0x30
[ 36.065267] vprintk_func+0x7a/0x117
[ 36.065271] printk+0xa7/0xcf
[ 36.065275] kasan_report+0x9e/0x110
[ 36.065279] __asan_report_load8_noabort+0x14/0x20
[ 36.065283] __schedule+0xf54/0x1df0
[ 36.065287] preempt_schedule_common+0x22/0x60
[ 36.065291] _cond_resched+0x1d/0x30
[ 36.065295] wait_for_completion+0xa5/0x8d0
[ 36.065299] __synchronize_srcu+0x189/0x240
[ 36.065303] synchronize_srcu+0x335/0x56f
[ 36.065308] kvm_page_track_unregister_notifier+0x17d/0x250
[ 36.065312] kvm_mmu_uninit_vm+0x1c/0x20
[ 36.065317] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 36.065320] kvm_put_kvm+0x73f/0x1060
[ 36.065324] kvm_vm_release+0x42/0x50
[ 36.065328] __fput+0x38a/0xa40
[ 36.065332] ____fput+0x15/0x20
[ 36.065336] task_work_run+0x1e8/0x2a0
[ 36.065339] do_exit+0x1ae4/0x26e0
[ 36.065343] do_group_exit+0x177/0x440
[ 36.065347] __x64_sys_exit_group+0x3e/0x50
[ 36.065351] do_syscall_64+0x1b9/0x820
[ 36.065356] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 36.065358]
[ 36.065363] other info that might help us debug this:
[ 36.065365]
[ 36.065368] Chain exists of:
[ 36.065370] (console_sem).lock --> &rq->lock --> report_lock
[ 36.065389]
[ 36.065393] Possible unsafe locking scenario:
[ 36.065395]
[ 36.065399] CPU0 CPU1
[ 36.065403] ---- ----
[ 36.065405] lock(report_lock);
[ 36.065415] lock(&rq->lock);
[ 36.065424] lock(report_lock);
[ 36.065432] lock((console_sem).lock);
[ 36.065440]
[ 36.065443] *** DEADLOCK ***
[ 36.065445]
[ 36.065450] 2 locks held by syz-executor619/4693:
[ 36.065452] #0: 000000008944fa46 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[ 36.065469] #1: 00000000c84b562c (report_lock){....}, at: kasan_report+0x8e/0x110
[ 36.065486]
[ 36.065489] stack backtrace:
[ 36.065495] CPU: 0 PID: 4693 Comm: syz-executor619 Not tainted 4.19.0-rc1+ #216
[ 36.065502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 36.065505] Call Trace:
[ 36.065509] dump_stack+0x1c9/0x2b4
[ 36.065514] ? dump_stack_print_info.cold.2+0x52/0x52
[ 36.065518] ? vprintk_func+0x100/0x117
[ 36.065523] print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[ 36.065526] ? save_trace+0xe0/0x290
[ 36.065531] __lock_acquire+0x3449/0x5020
[ 36.065535] ? mark_held_locks+0x160/0x160
[ 36.065539] ? mark_held_locks+0x160/0x160
[ 36.065543] ? rcu_cleanup_dead_rnp+0x200/0x200
[ 36.065547] ? is_bpf_text_address+0xd7/0x170
[ 36.065551] ? kernel_text_address+0x79/0xf0
[ 36.065556] ? __kernel_text_address+0xd/0x40
[ 36.065560] ? __save_stack_trace+0x8d/0xf0
[ 36.065564] ? add_lock_to_list.isra.27+0x1ec/0x4b0
[ 36.065568] ? save_trace+0x290/0x290
[ 36.065572] ? save_stack_trace+0x1a/0x20
[ 36.065576] ? save_trace+0xe0/0x290
[ 36.065580] ? graph_lock+0x170/0x170
[ 36.065585] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 36.065588] lock_acquire+0x1e4/0x4f0
[ 36.065592] ? down_trylock+0x13/0x70
[ 36.065596] ? lock_release+0x9f0/0x9f0
[ 36.065600] ? trace_hardirqs_off+0xb8/0x2b0
[ 36.065605] ? trace_hardirqs_on+0x2c0/0x2c0
[ 36.065609] ? trace_hardirqs_off+0xb8/0x2b0
[ 36.065612] ? log_store+0x34f/0x4c0
[ 36.065616] ? vprintk_emit+0x31f/0x910
[ 36.065620] _raw_spin_lock_irqsave+0x96/0xc0
[ 36.065624] ? down_trylock+0x13/0x70
[ 36.065628] down_trylock+0x13/0x70
[ 36.065632] __down_trylock_console_sem+0xae/0x200
[ 36.065636] console_trylock+0x15/0xa0
[ 36.065640] vprintk_emit+0x31f/0x910
[ 36.065644] ? wake_up_klogd+0x110/0x110
[ 36.065648] ? run_rebalance_domains+0x4c0/0x4c0
[ 36.065652] ? kasan_check_read+0x11/0x20
[ 36.065656] ? rcu_is_watching+0x8c/0x150
[ 36.065660] ? rcu_pm_notify+0xc0/0xc0
[ 36.065664] ? lock_acquire+0x1e4/0x4f0
[ 36.065668] ? kasan_report+0x8e/0x110
[ 36.065672] ? __schedule+0xf54/0x1df0
[ 36.065676] vprintk_default+0x28/0x30
[ 36.065679] vprintk_func+0x7a/0x117
[ 36.065683] printk+0xa7/0xcf
[ 36.065687] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 36.065691] ? kasan_check_write+0x14/0x20
[ 36.065695] ? do_raw_spin_lock+0xc1/0x200
[ 36.065699] ? do_raw_spin_lock+0xc1/0x200
[ 36.065703] kasan_report+0x9e/0x110
[ 36.065707] __asan_report_load8_noabort+0x14/0x20
[ 36.065711] __schedule+0xf54/0x1df0
[ 36.065724] ? __sched_text_start+0x8/0x8
[ 36.065729] ? _raw_spin_unlock_irqrestore+0xa1/0xc0
[ 36.065733] ? __call_srcu+0x7e7/0x1040
[ 36.065737] ? check_same_owner+0x340/0x340
[ 36.065741] ? mark_held_locks+0x160/0x160
[ 36.065745] ? find_held_lock+0x36/0x1c0
[ 36.065749] preempt_schedule_common+0x22/0x60
[ 36.065753] _cond_resched+0x1d/0x30
[ 36.065757] wait_for_completion+0xa5/0x8d0
[ 36.065762] ? wait_for_completion_interruptible+0x950/0x950
[ 36.065766] ? __lockdep_init_map+0x105/0x590
[ 36.065770] ? __init_waitqueue_head+0x9e/0x150
[ 36.065774] ? init_wait_entry+0x1c0/0x1c0
[ 36.065778] __synchronize_srcu+0x189/0x240
[ 36.065782] ? call_srcu+0x10/0x10
[ 36.065786] ? rcu_unexpedite_gp+0x20/0x20
[ 36.065790] synchronize_srcu+0x335/0x56f
[ 36.065794] ? lock_downgrade+0x8f0/0x8f0
[ 36.065799] ? synchronize_srcu_expedited+0x20/0x20
[ 36.065803] ? kasan_check_read+0x11/0x20
[ 36.065807] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 36.065811] ? kasan_check_write+0x14/0x20
[ 36.065816] ? do_raw_spin_lock+0xc1/0x200
[ 36.065821] kvm_page_track_unregister_notifier+0x17d/0x250
[ 36.065825] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 36.065834] ? kvfree+0x61/0x70
[ 36.065839] ? rcu_read_lock_sched_held+0x108/0x120
[ 36.065843] kvm_mmu_uninit_vm+0x1c/0x20
[ 36.065847] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 36.065851] ? kvm_arch_sync_events+0x30/0x30
[ 36.065856] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 36.065861] ? mmu_notifier_unregister+0x474/0x600
[ 36.065865] ? trace_hardirqs_on+0x2c0/0x2c0
[ 36.065869] ? kfree+0x111/0x210
[ 36.065873] ? __mmu_notifier_register+0x30/0x30
[ 36.065877] ? __free_pages+0x10a/0x190
[ 36.065881] ? free_unref_page+0x930/0x930
[ 36.065885] kvm_put_kvm+0x73f/0x1060
[ 36.065889] ? kvm_write_guest_cached+0x40/0x40
[ 36.065894] ? _raw_spin_unlock_irq+0x27/0x70
[ 36.065898] ? _raw_spin_unlock_irq+0x27/0x70
[ 36.065902] ? lockdep_hardirqs_on+0x421/0x5c0
[ 36.065906] ? kasan_check_write+0x14/0x20
[ 36.065910] ? do_raw_spin_lock+0xc1/0x200
[ 36.065914] ? kvm_irqfd_release+0xdd/0x120
[ 36.065919] ? kvm_irqfd_release+0xdd/0x120
[ 36.065922] ? kvm_put_kvm+0x1060/0x1060
[ 36.065926] kvm_vm_release+0x42/0x50
[ 36.065930] __fput+0x38a/0xa40
[ 36.065934] ? __alloc_file+0x400/0x400
[ 36.065938] ? check_same_owner+0x340/0x340
[ 36.065942] ? kasan_check_write+0x14/0x20
[ 36.065946] ? do_raw_spin_lock+0xc1/0x200
[ 36.065950] ____fput+0x15/0x20
[ 36.065953] task_work_run+0x1e8/0x2a0
[ 36.065958] ? task_work_cancel+0x240/0x240
[ 36.065962] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 36.065967] ? switch_task_namespaces+0xa2/0xd0
[ 36.065970] do_exit+0x1ae4/0x26e0
[ 36.065975] ? mm_update_next_owner+0x9a0/0x9a0
[ 36.065979] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 36.065983] ? rcu_read_lock_sched_held+0x108/0x120
[ 36.065987] ? kfree+0x1d7/0x210
[ 36.065991] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 36.065996] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 36.066000] ? is_bpf_text_address+0xd7/0x170
[ 36.066002] ?
[ 36.066009] Lost 54 message(s)!
[ 37.137242] Shutting down cpus with NMI
[ 38.197142] Dumping ftrace buffer:
[ 38.200663] (ftrace buffer empty)
[ 38.204354] Kernel Offset: disabled
[ 38.207981] Rebooting in 86400 seconds..