[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 21.749428] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 23.293233] random: sshd: uninitialized urandom read (32 bytes read)
[ 23.505895] random: sshd: uninitialized urandom read (32 bytes read)
[ 24.075060] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts.
[ 29.909520] urandom_read: 1 callbacks suppressed
[ 29.909526] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 30.015481] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 30.041913] ==================================================================
[ 30.051794] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[ 30.058034] Read of size 8 at addr ffff8801bc500058 by task syz-executor239/4621
[ 30.065567]
[ 30.067199] CPU: 0 PID: 4621 Comm: syz-executor239 Not tainted 4.19.0-rc1+ #219
[ 30.074641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 30.083986] Call Trace:
[ 30.087054] dump_stack+0x1c9/0x2b4
[ 30.090687] ? dump_stack_print_info.cold.2+0x52/0x52
[ 30.095876] ? printk+0xa7/0xcf
[ 30.099163] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 30.103926] ? __schedule+0xf54/0x1df0
[ 30.107818] print_address_description+0x6c/0x20b
[ 30.112660] ? __schedule+0xf54/0x1df0
[ 30.116556] kasan_report.cold.7+0x242/0x30d
[ 30.120975] __asan_report_load8_noabort+0x14/0x20
[ 30.125905] __schedule+0xf54/0x1df0
[ 30.129620] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 30.134732] ? __sched_text_start+0x8/0x8
[ 30.138887] ? __call_srcu+0x7e7/0x1040
[ 30.142871] ? check_same_owner+0x340/0x340
[ 30.147193] ? mark_held_locks+0x160/0x160
[ 30.151426] ? find_held_lock+0x36/0x1c0
[ 30.155493] preempt_schedule_common+0x22/0x60
[ 30.160076] _cond_resched+0x1d/0x30
[ 30.163789] wait_for_completion+0xa5/0x8d0
[ 30.168123] ? wait_for_completion_interruptible+0x950/0x950
[ 30.173924] ? __lockdep_init_map+0x105/0x590
[ 30.178426] ? __init_waitqueue_head+0x9e/0x150
[ 30.183095] ? init_wait_entry+0x1c0/0x1c0
[ 30.187338] __synchronize_srcu+0x189/0x240
[ 30.191702] ? call_srcu+0x10/0x10
[ 30.195246] ? rcu_unexpedite_gp+0x20/0x20
[ 30.199490] synchronize_srcu+0x335/0x56f
[ 30.203641] ? lock_downgrade+0x8f0/0x8f0
[ 30.207803] ? synchronize_srcu_expedited+0x20/0x20
[ 30.212823] ? kasan_check_read+0x11/0x20
[ 30.216974] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 30.221555] ? kasan_check_write+0x14/0x20
[ 30.225803] ? do_raw_spin_lock+0xc1/0x200
[ 30.230058] kvm_page_track_unregister_notifier+0x17d/0x250
[ 30.235776] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 30.241225] ? kvfree+0x61/0x70
[ 30.244512] ? rcu_read_lock_sched_held+0x108/0x120
[ 30.249531] kvm_mmu_uninit_vm+0x1c/0x20
[ 30.253596] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 30.258006] ? kvm_arch_sync_events+0x30/0x30
[ 30.262526] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 30.268068] ? mmu_notifier_unregister+0x474/0x600
[ 30.272998] ? trace_hardirqs_on+0x2c0/0x2c0
[ 30.277417] ? kfree+0x111/0x210
[ 30.280790] ? __mmu_notifier_register+0x30/0x30
[ 30.285551] ? __free_pages+0x10a/0x190
[ 30.289528] ? free_unref_page+0x930/0x930
[ 30.293794] kvm_put_kvm+0x73f/0x1060
[ 30.297607] ? kvm_write_guest_cached+0x40/0x40
[ 30.302281] ? _raw_spin_unlock_irq+0x27/0x70
[ 30.306783] ? _raw_spin_unlock_irq+0x27/0x70
[ 30.311277] ? lockdep_hardirqs_on+0x421/0x5c0
[ 30.315862] ? kasan_check_write+0x14/0x20
[ 30.320098] ? do_raw_spin_lock+0xc1/0x200
[ 30.324357] ? kvm_irqfd_release+0xdd/0x120
[ 30.328706] ? kvm_irqfd_release+0xdd/0x120
[ 30.333047] ? kvm_put_kvm+0x1060/0x1060
[ 30.337111] kvm_vm_release+0x42/0x50
[ 30.340912] __fput+0x38a/0xa40
[ 30.344193] ? __alloc_file+0x400/0x400
[ 30.348173] ? check_same_owner+0x340/0x340
[ 30.352497] ? kasan_check_write+0x14/0x20
[ 30.356735] ? do_raw_spin_lock+0xc1/0x200
[ 30.360979] ____fput+0x15/0x20
[ 30.364259] task_work_run+0x1e8/0x2a0
[ 30.368150] ? task_work_cancel+0x240/0x240
[ 30.372477] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 30.378027] ? switch_task_namespaces+0xa2/0xd0
[ 30.382703] do_exit+0x1ae4/0x26e0
[ 30.386249] ? mm_update_next_owner+0x9a0/0x9a0
[ 30.390934] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 30.395175] ? rcu_read_lock_sched_held+0x108/0x120
[ 30.400198] ? kfree+0x1d7/0x210
[ 30.403573] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 30.407814] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 30.413530] ? is_bpf_text_address+0xd7/0x170
[ 30.418034] ? kernel_text_address+0x79/0xf0
[ 30.422447] ? __kernel_text_address+0xd/0x40
[ 30.426943] ? unwind_get_return_address+0x61/0xa0
[ 30.431872] ? __save_stack_trace+0x8d/0xf0
[ 30.436200] ? save_stack+0xa9/0xd0
[ 30.439823] ? save_stack+0x43/0xd0
[ 30.443452] ? __kasan_slab_free+0x11a/0x170
[ 30.447859] ? kasan_slab_free+0xe/0x10
[ 30.451832] ? putname+0xf2/0x130
[ 30.455294] ? __x64_sys_openat+0x9d/0x100
[ 30.459529] ? do_syscall_64+0x1b9/0x820
[ 30.463600] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 30.468968] ? trace_hardirqs_off+0xb8/0x2b0
[ 30.473374] ? kasan_check_read+0x11/0x20
[ 30.477525] ? do_raw_spin_unlock+0xa7/0x2f0
[ 30.481931] ? trace_hardirqs_on+0x2c0/0x2c0
[ 30.486342] ? initcall_blacklisted+0x9a/0x1e0
[ 30.490931] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 30.496067] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 30.501781] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 30.507316] ? do_vfs_ioctl+0x201/0x1720
[ 30.511385] ? rcu_is_watching+0x8c/0x150
[ 30.515536] ? trace_hardirqs_on+0xbd/0x2c0
[ 30.519870] ? ioctl_preallocate+0x300/0x300
[ 30.524285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 30.529831] ? __fget_light+0x2f7/0x440
[ 30.533822] ? fget_raw+0x20/0x20
[ 30.537279] ? putname+0xf2/0x130
[ 30.540733] ? rcu_read_lock_sched_held+0x108/0x120
[ 30.545764] ? kmem_cache_free+0x246/0x280
[ 30.549999] ? putname+0xf7/0x130
[ 30.553462] do_group_exit+0x177/0x440
[ 30.557350] ? trace_hardirqs_on+0xbd/0x2c0
[ 30.561687] ? __ia32_sys_exit+0x50/0x50
[ 30.565746] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 30.570854] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 30.576392] ? ksys_ioctl+0x81/0xd0
[ 30.580033] __x64_sys_exit_group+0x3e/0x50
[ 30.584367] do_syscall_64+0x1b9/0x820
[ 30.588255] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 30.593623] ? syscall_return_slowpath+0x5e0/0x5e0
[ 30.598557] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 30.603404] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 30.608426] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 30.613439] ? prepare_exit_to_usermode+0x291/0x3b0
[ 30.618458] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 30.623305] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 30.628491] RIP: 0033:0x43ecd8
[ 30.631686] Code: Bad RIP value.
[ 30.635053] RSP: 002b:00007ffecf1b0ae8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 30.642760] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8
[ 30.650046] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 30.657318] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 30.664602] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 30.671872] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 30.679149]
[ 30.680772] Allocated by task 4621:
[ 30.684400] save_stack+0x43/0xd0
[ 30.687863] kasan_kmalloc+0xc4/0xe0
[ 30.691579] kasan_slab_alloc+0x12/0x20
[ 30.695554] kmem_cache_alloc+0x12e/0x710
[ 30.699701] vmx_create_vcpu+0xcf/0x2830
[ 30.703770] kvm_arch_vcpu_create+0xe5/0x220
[ 30.708182] kvm_vm_ioctl+0x488/0x1d80
[ 30.712073] do_vfs_ioctl+0x1de/0x1720
[ 30.715959] ksys_ioctl+0xa9/0xd0
[ 30.719410] __x64_sys_ioctl+0x73/0xb0
[ 30.723297] do_syscall_64+0x1b9/0x820
[ 30.727189] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 30.732369]
[ 30.733991] Freed by task 4621:
[ 30.737279] save_stack+0x43/0xd0
[ 30.740729] __kasan_slab_free+0x11a/0x170
[ 30.744961] kasan_slab_free+0xe/0x10
[ 30.748762] kmem_cache_free+0x86/0x280
[ 30.752733] vmx_free_vcpu+0x26b/0x300
[ 30.756619] kvm_arch_destroy_vm+0x365/0x7c0
[ 30.761068] kvm_put_kvm+0x73f/0x1060
[ 30.764868] kvm_vm_release+0x42/0x50
[ 30.768668] __fput+0x38a/0xa40
[ 30.771963] ____fput+0x15/0x20
[ 30.775236] task_work_run+0x1e8/0x2a0
[ 30.779119] do_exit+0x1ae4/0x26e0
[ 30.782656] do_group_exit+0x177/0x440
[ 30.786539] __x64_sys_exit_group+0x3e/0x50
[ 30.790864] do_syscall_64+0x1b9/0x820
[ 30.794751] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 30.799929]
[ 30.801556] The buggy address belongs to the object at ffff8801bc500040
[ 30.801556] which belongs to the cache kvm_vcpu of size 23872
[ 30.814144] The buggy address is located 24 bytes inside of
[ 30.814144] 23872-byte region [ffff8801bc500040, ffff8801bc505d80)
[ 30.826098] The buggy address belongs to the page:
[ 30.831034] page:ffffea0006f14000 count:1 mapcount:0 mapping:ffff8801d86d1000 index:0x0 compound_mapcount: 0
[ 30.841023] flags: 0x2fffc0000008100(slab|head)
[ 30.845707] raw: 02fffc0000008100 ffff8801d5367e48 ffff8801d5367e48 ffff8801d86d1000
[ 30.853595] raw: 0000000000000000 ffff8801bc500040 0000000100000001 0000000000000000
[ 30.861465] page dumped because: kasan: bad access detected
[ 30.867167]
[ 30.868784] Memory state around the buggy address:
[ 30.873708] ffff8801bc4fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 30.881071] ffff8801bc4fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 30.888431] >ffff8801bc500000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 30.895790] ^
[ 30.902026] ffff8801bc500080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 30.909402] ffff8801bc500100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 30.916754] ==================================================================
[ 30.924105] Kernel panic - not syncing: panic_on_warn set ...
[ 30.924105]
[ 30.931475] CPU: 0 PID: 4621 Comm: syz-executor239 Tainted: G B 4.19.0-rc1+ #219
[ 30.940301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 30.949649] Call Trace:
[ 30.952240] dump_stack+0x1c9/0x2b4
[ 30.955870] ? dump_stack_print_info.cold.2+0x52/0x52
[ 30.961077] ? lock_downgrade+0x8f0/0x8f0
[ 30.965700] ? __schedule+0xf54/0x1df0
[ 30.969587] panic+0x238/0x4e7
[ 30.972778] ? add_taint.cold.5+0x16/0x16
[ 30.976930] ? print_shadow_for_address+0xba/0x116
[ 30.981860] ? trace_hardirqs_off+0xaf/0x2b0
[ 30.986267] ? trace_hardirqs_off+0x77/0x2b0
[ 30.990678] ? __schedule+0xf54/0x1df0
[ 30.994565] kasan_end_report+0x47/0x4f
[ 30.998539] kasan_report.cold.7+0x76/0x30d
[ 31.002866] __asan_report_load8_noabort+0x14/0x20
[ 31.007797] __schedule+0xf54/0x1df0
[ 31.011512] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 31.016618] ? __sched_text_start+0x8/0x8
[ 31.020768] ? __call_srcu+0x7e7/0x1040
[ 31.024753] ? check_same_owner+0x340/0x340
[ 31.029077] ? mark_held_locks+0x160/0x160
[ 31.033320] ? find_held_lock+0x36/0x1c0
[ 31.037395] preempt_schedule_common+0x22/0x60
[ 31.041980] _cond_resched+0x1d/0x30
[ 31.045703] wait_for_completion+0xa5/0x8d0
[ 31.050037] ? wait_for_completion_interruptible+0x950/0x950
[ 31.055844] ? __lockdep_init_map+0x105/0x590
[ 31.060344] ? __init_waitqueue_head+0x9e/0x150
[ 31.065010] ? init_wait_entry+0x1c0/0x1c0
[ 31.069272] __synchronize_srcu+0x189/0x240
[ 31.073840] ? call_srcu+0x10/0x10
[ 31.077386] ? rcu_unexpedite_gp+0x20/0x20
[ 31.081638] synchronize_srcu+0x335/0x56f
[ 31.085786] ? lock_downgrade+0x8f0/0x8f0
[ 31.089940] ? synchronize_srcu_expedited+0x20/0x20
[ 31.094960] ? kasan_check_read+0x11/0x20
[ 31.099111] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 31.103693] ? kasan_check_write+0x14/0x20
[ 31.107930] ? do_raw_spin_lock+0xc1/0x200
[ 31.112168] kvm_page_track_unregister_notifier+0x17d/0x250
[ 31.117879] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 31.123331] ? kvfree+0x61/0x70
[ 31.126612] ? rcu_read_lock_sched_held+0x108/0x120
[ 31.131628] kvm_mmu_uninit_vm+0x1c/0x20
[ 31.135686] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 31.140095] ? kvm_arch_sync_events+0x30/0x30
[ 31.144594] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 31.150131] ? mmu_notifier_unregister+0x474/0x600
[ 31.155063] ? trace_hardirqs_on+0x2c0/0x2c0
[ 31.159474] ? kfree+0x111/0x210
[ 31.162844] ? __mmu_notifier_register+0x30/0x30
[ 31.167605] ? __free_pages+0x10a/0x190
[ 31.171579] ? free_unref_page+0x930/0x930
[ 31.175827] kvm_put_kvm+0x73f/0x1060
[ 31.179636] ? kvm_write_guest_cached+0x40/0x40
[ 31.184314] ? _raw_spin_unlock_irq+0x27/0x70
[ 31.188807] ? _raw_spin_unlock_irq+0x27/0x70
[ 31.193301] ? lockdep_hardirqs_on+0x421/0x5c0
[ 31.197893] ? kasan_check_write+0x14/0x20
[ 31.202159] ? do_raw_spin_lock+0xc1/0x200
[ 31.206395] ? kvm_irqfd_release+0xdd/0x120
[ 31.210718] ? kvm_irqfd_release+0xdd/0x120
[ 31.215063] ? kvm_put_kvm+0x1060/0x1060
[ 31.219122] kvm_vm_release+0x42/0x50
[ 31.222922] __fput+0x38a/0xa40
[ 31.226201] ? __alloc_file+0x400/0x400
[ 31.230180] ? check_same_owner+0x340/0x340
[ 31.234504] ? kasan_check_write+0x14/0x20
[ 31.238741] ? do_raw_spin_lock+0xc1/0x200
[ 31.242975] ____fput+0x15/0x20
[ 31.246257] task_work_run+0x1e8/0x2a0
[ 31.250144] ? task_work_cancel+0x240/0x240
[ 31.254472] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 31.260012] ? switch_task_namespaces+0xa2/0xd0
[ 31.264703] do_exit+0x1ae4/0x26e0
[ 31.268262] ? mm_update_next_owner+0x9a0/0x9a0
[ 31.272936] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 31.277207] ? rcu_read_lock_sched_held+0x108/0x120
[ 31.282222] ? kfree+0x1d7/0x210
[ 31.285614] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 31.289857] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 31.295570] ? is_bpf_text_address+0xd7/0x170
[ 31.300073] ? kernel_text_address+0x79/0xf0
[ 31.304489] ? __kernel_text_address+0xd/0x40
[ 31.308986] ? unwind_get_return_address+0x61/0xa0
[ 31.313925] ? __save_stack_trace+0x8d/0xf0
[ 31.318252] ? save_stack+0xa9/0xd0
[ 31.321875] ? save_stack+0x43/0xd0
[ 31.325515] ? __kasan_slab_free+0x11a/0x170
[ 31.329925] ? kasan_slab_free+0xe/0x10
[ 31.333900] ? putname+0xf2/0x130
[ 31.337356] ? __x64_sys_openat+0x9d/0x100
[ 31.341592] ? do_syscall_64+0x1b9/0x820
[ 31.345657] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 31.351032] ? trace_hardirqs_off+0xb8/0x2b0
[ 31.355455] ? kasan_check_read+0x11/0x20
[ 31.359604] ? do_raw_spin_unlock+0xa7/0x2f0
[ 31.364013] ? trace_hardirqs_on+0x2c0/0x2c0
[ 31.368440] ? initcall_blacklisted+0x9a/0x1e0
[ 31.373034] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 31.378146] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 31.383857] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 31.389399] ? do_vfs_ioctl+0x201/0x1720
[ 31.393462] ? rcu_is_watching+0x8c/0x150
[ 31.397605] ? trace_hardirqs_on+0xbd/0x2c0
[ 31.401927] ? ioctl_preallocate+0x300/0x300
[ 31.406335] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 31.411873] ? __fget_light+0x2f7/0x440
[ 31.415852] ? fget_raw+0x20/0x20
[ 31.419302] ? putname+0xf2/0x130
[ 31.422757] ? rcu_read_lock_sched_held+0x108/0x120
[ 31.427774] ? kmem_cache_free+0x246/0x280
[ 31.432010] ? putname+0xf7/0x130
[ 31.435484] do_group_exit+0x177/0x440
[ 31.439373] ? trace_hardirqs_on+0xbd/0x2c0
[ 31.443705] ? __ia32_sys_exit+0x50/0x50
[ 31.447777] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 31.452882] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 31.458420] ? ksys_ioctl+0x81/0xd0
[ 31.462060] __x64_sys_exit_group+0x3e/0x50
[ 31.466383] do_syscall_64+0x1b9/0x820
[ 31.470270] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 31.475633] ? syscall_return_slowpath+0x5e0/0x5e0
[ 31.480559] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 31.485404] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 31.490427] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 31.495445] ? prepare_exit_to_usermode+0x291/0x3b0
[ 31.500490] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 31.505337] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 31.510541] RIP: 0033:0x43ecd8
[ 31.513739] Code: Bad RIP value.
[ 31.517100] RSP: 002b:00007ffecf1b0ae8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 31.524805] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8
[ 31.532068] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 31.539332] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 31.546600] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 31.553865] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 31.561172]
[ 31.561178] ======================================================
[ 31.561183] WARNING: possible circular locking dependency detected
[ 31.561187] 4.19.0-rc1+ #219 Not tainted
[ 31.561192] ------------------------------------------------------
[ 31.561197] syz-executor239/4621 is trying to acquire lock:
[ 31.561201] 000000009fbfb299 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 31.561216]
[ 31.561220] but task is already holding lock:
[ 31.561223] 00000000e77c4469 (report_lock){....}, at: kasan_report+0x8e/0x110
[ 31.561237]
[ 31.561241] which lock already depends on the new lock.
[ 31.561244]
[ 31.561246]
[ 31.561251] the existing dependency chain (in reverse order) is:
[ 31.561254]
[ 31.561256] -> #3 (report_lock){....}:
[ 31.561270] _raw_spin_lock_irqsave+0x96/0xc0
[ 31.561274] kasan_report+0x8e/0x110
[ 31.561279] __asan_report_load8_noabort+0x14/0x20
[ 31.561283] __schedule+0xf54/0x1df0
[ 31.561287] preempt_schedule_common+0x22/0x60
[ 31.561291] _cond_resched+0x1d/0x30
[ 31.561295] wait_for_completion+0xa5/0x8d0
[ 31.561299] __synchronize_srcu+0x189/0x240
[ 31.561303] synchronize_srcu+0x335/0x56f
[ 31.561308] kvm_page_track_unregister_notifier+0x17d/0x250
[ 31.561312] kvm_mmu_uninit_vm+0x1c/0x20
[ 31.561317] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 31.561320] kvm_put_kvm+0x73f/0x1060
[ 31.561324] kvm_vm_release+0x42/0x50
[ 31.561328] __fput+0x38a/0xa40
[ 31.561331] ____fput+0x15/0x20
[ 31.561335] task_work_run+0x1e8/0x2a0
[ 31.561339] do_exit+0x1ae4/0x26e0
[ 31.561343] do_group_exit+0x177/0x440
[ 31.561347] __x64_sys_exit_group+0x3e/0x50
[ 31.561351] do_syscall_64+0x1b9/0x820
[ 31.561356] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 31.561358]
[ 31.561360] -> #2 (&rq->lock){-.-.}:
[ 31.561374] _raw_spin_lock+0x2a/0x40
[ 31.561378] task_fork_fair+0x93/0x680
[ 31.561382] sched_fork+0x44b/0xbd0
[ 31.561386] copy_process+0x235e/0x7ad0
[ 31.561389] _do_fork+0x1ca/0x1170
[ 31.561393] kernel_thread+0x34/0x40
[ 31.561397] rest_init+0x22/0xe4
[ 31.561400] start_kernel+0x913/0x94e
[ 31.561405] x86_64_start_reservations+0x29/0x2b
[ 31.561409] x86_64_start_kernel+0x76/0x79
[ 31.561413] secondary_startup_64+0xa4/0xb0
[ 31.561415]
[ 31.561418] -> #1 (&p->pi_lock){-.-.}:
[ 31.561432] _raw_spin_lock_irqsave+0x96/0xc0
[ 31.561436] try_to_wake_up+0xd2/0x1250
[ 31.561440] wake_up_process+0x10/0x20
[ 31.561444] __up.isra.1+0x1c0/0x2a0
[ 31.561447] up+0x13c/0x1c0
[ 31.561451] __up_console_sem+0xbe/0x1b0
[ 31.561455] console_unlock+0x506/0x10d0
[ 31.561459] vprintk_emit+0x33a/0x910
[ 31.561463] vprintk_default+0x28/0x30
[ 31.561466] vprintk_func+0x7a/0x117
[ 31.561470] printk+0xa7/0xcf
[ 31.561473] load_umh+0x51/0xbd
[ 31.561477] do_one_initcall+0x127/0x838
[ 31.561482] kernel_init_freeable+0x4bb/0x5ae
[ 31.561485] kernel_init+0x11/0x1b3
[ 31.561489] ret_from_fork+0x3a/0x50
[ 31.561491]
[ 31.561494] -> #0 ((console_sem).lock){-...}:
[ 31.561508] lock_acquire+0x1e4/0x4f0
[ 31.561512] _raw_spin_lock_irqsave+0x96/0xc0
[ 31.561516] down_trylock+0x13/0x70
[ 31.561521] __down_trylock_console_sem+0xae/0x200
[ 31.561524] console_trylock+0x15/0xa0
[ 31.561528] vprintk_emit+0x31f/0x910
[ 31.561532] vprintk_default+0x28/0x30
[ 31.561536] vprintk_func+0x7a/0x117
[ 31.561540] printk+0xa7/0xcf
[ 31.561543] kasan_report+0x9e/0x110
[ 31.561549] __asan_report_load8_noabort+0x14/0x20
[ 31.561553] __schedule+0xf54/0x1df0
[ 31.561557] preempt_schedule_common+0x22/0x60
[ 31.561561] _cond_resched+0x1d/0x30
[ 31.561565] wait_for_completion+0xa5/0x8d0
[ 31.561569] __synchronize_srcu+0x189/0x240
[ 31.561573] synchronize_srcu+0x335/0x56f
[ 31.561578] kvm_page_track_unregister_notifier+0x17d/0x250
[ 31.561582] kvm_mmu_uninit_vm+0x1c/0x20
[ 31.561587] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 31.561590] kvm_put_kvm+0x73f/0x1060
[ 31.561594] kvm_vm_release+0x42/0x50
[ 31.561598] __fput+0x38a/0xa40
[ 31.561602] ____fput+0x15/0x20
[ 31.561605] task_work_run+0x1e8/0x2a0
[ 31.561609] do_exit+0x1ae4/0x26e0
[ 31.561613] do_group_exit+0x177/0x440
[ 31.561617] __x64_sys_exit_group+0x3e/0x50
[ 31.561621] do_syscall_64+0x1b9/0x820
[ 31.561626] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 31.561628]
[ 31.561632] other info that might help us debug this:
[ 31.561635]
[ 31.561638] Chain exists of:
[ 31.561640] (console_sem).lock --> &rq->lock --> report_lock
[ 31.561658]
[ 31.561662] Possible unsafe locking scenario:
[ 31.561664]
[ 31.561669] CPU0 CPU1
[ 31.561673] ---- ----
[ 31.561675] lock(report_lock);
[ 31.561684] lock(&rq->lock);
[ 31.561694] lock(report_lock);
[ 31.561702] lock((console_sem).lock);
[ 31.561709]
[ 31.561713] *** DEADLOCK ***
[ 31.561715]
[ 31.561719] 2 locks held by syz-executor239/4621:
[ 31.561721] #0: 00000000660ba09d (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[ 31.561738] #1: 00000000e77c4469 (report_lock){....}, at: kasan_report+0x8e/0x110
[ 31.561755]
[ 31.561758] stack backtrace:
[ 31.561764] CPU: 0 PID: 4621 Comm: syz-executor239 Not tainted 4.19.0-rc1+ #219
[ 31.561771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 31.561775] Call Trace:
[ 31.561778] dump_stack+0x1c9/0x2b4
[ 31.561783] ? dump_stack_print_info.cold.2+0x52/0x52
[ 31.561787] ? vprintk_func+0x100/0x117
[ 31.561792] print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[ 31.561795] ? save_trace+0xe0/0x290
[ 31.561800] __lock_acquire+0x3449/0x5020
[ 31.561804] ? mark_held_locks+0x160/0x160
[ 31.561808] ? mark_held_locks+0x160/0x160
[ 31.561812] ? rcu_cleanup_dead_rnp+0x200/0x200
[ 31.561816] ? is_bpf_text_address+0xd7/0x170
[ 31.561820] ? kernel_text_address+0x79/0xf0
[ 31.561825] ? __kernel_text_address+0xd/0x40
[ 31.561829] ? __save_stack_trace+0x8d/0xf0
[ 31.561833] ? add_lock_to_list.isra.27+0x1ec/0x4b0
[ 31.561837] ? save_trace+0x290/0x290
[ 31.561841] ? save_stack_trace+0x1a/0x20
[ 31.561845] ? save_trace+0xe0/0x290
[ 31.561849] ? graph_lock+0x170/0x170
[ 31.561853] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 31.561857] lock_acquire+0x1e4/0x4f0
[ 31.561861] ? down_trylock+0x13/0x70
[ 31.561865] ? lock_release+0x9f0/0x9f0
[ 31.561869] ? trace_hardirqs_off+0xb8/0x2b0
[ 31.561873] ? trace_hardirqs_on+0x2c0/0x2c0
[ 31.561877] ? trace_hardirqs_off+0xb8/0x2b0
[ 31.561881] ? log_store+0x34f/0x4c0
[ 31.561885] ? vprintk_emit+0x31f/0x910
[ 31.561889] _raw_spin_lock_irqsave+0x96/0xc0
[ 31.561893] ? down_trylock+0x13/0x70
[ 31.561897] down_trylock+0x13/0x70
[ 31.561901] __down_trylock_console_sem+0xae/0x200
[ 31.561905] console_trylock+0x15/0xa0
[ 31.561909] vprintk_emit+0x31f/0x910
[ 31.561913] ? wake_up_klogd+0x110/0x110
[ 31.561917] ? run_rebalance_domains+0x4c0/0x4c0
[ 31.561921] ? kasan_check_read+0x11/0x20
[ 31.561925] ? rcu_is_watching+0x8c/0x150
[ 31.561929] ? rcu_pm_notify+0xc0/0xc0
[ 31.561933] ? lock_acquire+0x1e4/0x4f0
[ 31.561937] ? kasan_report+0x8e/0x110
[ 31.561940] ? __schedule+0xf54/0x1df0
[ 31.561944] vprintk_default+0x28/0x30
[ 31.561948] vprintk_func+0x7a/0x117
[ 31.561951] printk+0xa7/0xcf
[ 31.561956] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 31.561960] ? kasan_check_write+0x14/0x20
[ 31.561964] ? do_raw_spin_lock+0xc1/0x200
[ 31.561968] ? do_raw_spin_lock+0xc1/0x200
[ 31.561972] kasan_report+0x9e/0x110
[ 31.561976] __asan_report_load8_noabort+0x14/0x20
[ 31.561980] __schedule+0xf54/0x1df0
[ 31.561984] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 31.561989] ? __sched_text_start+0x8/0x8
[ 31.561992] ? __call_srcu+0x7e7/0x1040
[ 31.561997] ? check_same_owner+0x340/0x340
[ 31.562001] ? mark_held_locks+0x160/0x160
[ 31.562004] ? find_held_lock+0x36/0x1c0
[ 31.562009] preempt_schedule_common+0x22/0x60
[ 31.562013] _cond_resched+0x1d/0x30
[ 31.562025] wait_for_completion+0xa5/0x8d0
[ 31.562030] ? wait_for_completion_interruptible+0x950/0x950
[ 31.562035] ? __lockdep_init_map+0x105/0x590
[ 31.562039] ? __init_waitqueue_head+0x9e/0x150
[ 31.562049] ? init_wait_entry+0x1c0/0x1c0
[ 31.562053] __synchronize_srcu+0x189/0x240
[ 31.562057] ? call_srcu+0x10/0x10
[ 31.562061] ? rcu_unexpedite_gp+0x20/0x20
[ 31.562065] synchronize_srcu+0x335/0x56f
[ 31.562069] ? lock_downgrade+0x8f0/0x8f0
[ 31.562074] ? synchronize_srcu_expedited+0x20/0x20
[ 31.562078] ? kasan_check_read+0x11/0x20
[ 31.562082] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 31.562086] ? kasan_check_write+0x14/0x20
[ 31.562090] ? do_raw_spin_lock+0xc1/0x200
[ 31.562095] kvm_page_track_unregister_notifier+0x17d/0x250
[ 31.562100] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 31.562104] ? kvfree+0x61/0x70
[ 31.562108] ? rcu_read_lock_sched_held+0x108/0x120
[ 31.562112] kvm_mmu_uninit_vm+0x1c/0x20
[ 31.562117] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 31.562121] ? kvm_arch_sync_events+0x30/0x30
[ 31.562126] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 31.562130] ? mmu_notifier_unregister+0x474/0x600
[ 31.562134] ? trace_hardirqs_on+0x2c0/0x2c0
[ 31.562138] ? kfree+0x111/0x210
[ 31.562142] ? __mmu_notifier_register+0x30/0x30
[ 31.562146] ? __free_pages+0x10a/0x190
[ 31.562150] ? free_unref_page+0x930/0x930
[ 31.562154] kvm_put_kvm+0x73f/0x1060
[ 31.562159] ? kvm_write_guest_cached+0x40/0x40
[ 31.562163] ? _raw_spin_unlock_irq+0x27/0x70
[ 31.562167] ? _raw_spin_unlock_irq+0x27/0x70
[ 31.562171] ? lockdep_hardirqs_on+0x421/0x5c0
[ 31.562176] ? kasan_check_write+0x14/0x20
[ 31.562180] ? do_raw_spin_lock+0xc1/0x200
[ 31.562184] ? kvm_irqfd_release+0xdd/0x120
[ 31.562188] ? kvm_irqfd_release+0xdd/0x120
[ 31.562192] ? kvm_put_kvm+0x1060/0x1060
[ 31.562196] kvm_vm_release+0x42/0x50
[ 31.562199] __fput+0x38a/0xa40
[ 31.562203] ? __alloc_file+0x400/0x400
[ 31.562207] ? check_same_owner+0x340/0x340
[ 31.562211] ? kasan_check_write+0x14/0x20
[ 31.562216] ? do_raw_spin_lock+0xc1/0x200
[ 31.562219] ____fput+0x15/0x20
[ 31.562223] task_work_run+0x1e8/0x2a0
[ 31.562227] ? task_work_cancel+0x240/0x240
[ 31.562232] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 31.562236] ? switch_task_namespaces+0xa2/0xd0
[ 31.562240] do_exit+0x1ae4/0x26e0
[ 31.562244] ? mm_update_next_owner+0x9a0/0x9a0
[ 31.562248] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 31.562253] ? rcu_read_lock_sched_held+0x108/0x120
[ 31.562257] ? kfree+0x1d7/0x210
[ 31.562261] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 31.562266] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 31.562270] ? is_bpf_text_address+0xd7/0x170
[ 31.562272] ?
[ 31.562280] Lost 55 message(s)!
[ 32.626391] Shutting down cpus with NMI
[ 33.686751] Dumping ftrace buffer:
[ 33.690273] (ftrace buffer empty)
[ 33.693963] Kernel Offset: disabled
[ 33.697591] Rebooting in 86400 seconds..