[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 23.172288] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 24.742980] random: sshd: uninitialized urandom read (32 bytes read)
[ 25.085078] random: sshd: uninitialized urandom read (32 bytes read)
[ 25.618433] random: sshd: uninitialized urandom read (32 bytes read)
[ 25.799354] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts.
[ 31.361433] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 31.455315] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 31.479217] ==================================================================
[ 31.487978] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[ 31.494188] Read of size 8 at addr ffff8801b1bd0058 by task syz-executor657/4455
[ 31.501693]
[ 31.503300] CPU: 0 PID: 4455 Comm: syz-executor657 Not tainted 4.18.0+ #204
[ 31.510373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 31.519712] Call Trace:
[ 31.522283] dump_stack+0x1c9/0x2b4
[ 31.525891] ? dump_stack_print_info.cold.2+0x52/0x52
[ 31.531060] ? printk+0xa7/0xcf
[ 31.534361] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 31.539112] ? __schedule+0xf54/0x1df0
[ 31.542982] print_address_description+0x6c/0x20b
[ 31.547810] ? __schedule+0xf54/0x1df0
[ 31.551678] kasan_report.cold.7+0x242/0x30d
[ 31.556069] __asan_report_load8_noabort+0x14/0x20
[ 31.560974] __schedule+0xf54/0x1df0
[ 31.564665] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 31.569833] ? __sched_text_start+0x8/0x8
[ 31.573970] ? __call_srcu+0x7e7/0x1040
[ 31.577937] ? check_same_owner+0x340/0x340
[ 31.582244] ? mark_held_locks+0x160/0x160
[ 31.586510] ? find_held_lock+0x36/0x1c0
[ 31.590569] preempt_schedule_common+0x22/0x60
[ 31.595135] _cond_resched+0x1d/0x30
[ 31.598827] wait_for_completion+0xa5/0x8d0
[ 31.603138] ? wait_for_completion_interruptible+0x950/0x950
[ 31.608956] ? __lockdep_init_map+0x105/0x590
[ 31.613438] ? __init_waitqueue_head+0x9e/0x150
[ 31.618087] ? init_wait_entry+0x1c0/0x1c0
[ 31.622315] __synchronize_srcu+0x189/0x240
[ 31.626619] ? call_srcu+0x10/0x10
[ 31.630147] ? rcu_unexpedite_gp+0x20/0x20
[ 31.634373] synchronize_srcu+0x335/0x56f
[ 31.638547] ? lock_downgrade+0x8f0/0x8f0
[ 31.642680] ? synchronize_srcu_expedited+0x20/0x20
[ 31.647678] ? kasan_check_read+0x11/0x20
[ 31.651803] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 31.656370] ? kasan_check_write+0x14/0x20
[ 31.660585] ? do_raw_spin_lock+0xc1/0x200
[ 31.664864] kvm_page_track_unregister_notifier+0x17d/0x250
[ 31.670560] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 31.675991] ? kvfree+0x61/0x70
[ 31.679250] ? rcu_read_lock_sched_held+0x108/0x120
[ 31.684246] kvm_mmu_uninit_vm+0x1c/0x20
[ 31.688285] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 31.692675] ? kvm_arch_sync_events+0x30/0x30
[ 31.697153] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 31.702670] ? mmu_notifier_unregister+0x474/0x600
[ 31.707575] ? trace_hardirqs_on+0x2c0/0x2c0
[ 31.711959] ? kfree+0x111/0x210
[ 31.715306] ? __mmu_notifier_register+0x30/0x30
[ 31.720042] ? __free_pages+0x10a/0x190
[ 31.723996] ? free_unref_page+0x930/0x930
[ 31.728216] kvm_put_kvm+0x73f/0x1060
[ 31.732001] ? kvm_write_guest_cached+0x40/0x40
[ 31.736652] ? _raw_spin_unlock_irq+0x27/0x70
[ 31.741125] ? _raw_spin_unlock_irq+0x27/0x70
[ 31.745599] ? lockdep_hardirqs_on+0x421/0x5c0
[ 31.750201] ? kasan_check_write+0x14/0x20
[ 31.754422] ? do_raw_spin_lock+0xc1/0x200
[ 31.758642] ? kvm_irqfd_release+0xdd/0x120
[ 31.762945] ? kvm_put_kvm+0x1060/0x1060
[ 31.766983] kvm_vm_release+0x42/0x50
[ 31.770772] __fput+0x36e/0x8c0
[ 31.774028] ? __alloc_file+0x400/0x400
[ 31.777980] ? check_same_owner+0x340/0x340
[ 31.782278] ? kasan_check_write+0x14/0x20
[ 31.786488] ? do_raw_spin_lock+0xc1/0x200
[ 31.790700] ____fput+0x15/0x20
[ 31.793959] task_work_run+0x1e8/0x2a0
[ 31.797822] ? task_work_cancel+0x240/0x240
[ 31.802125] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 31.807640] ? switch_task_namespaces+0xa2/0xd0
[ 31.812290] do_exit+0x1ae4/0x26e0
[ 31.815810] ? mm_update_next_owner+0x9a0/0x9a0
[ 31.820464] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 31.824687] ? rcu_read_lock_sched_held+0x108/0x120
[ 31.829678] ? kfree+0x1d7/0x210
[ 31.833022] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 31.837243] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 31.842942] ? is_bpf_text_address+0xd7/0x170
[ 31.847420] ? kernel_text_address+0x79/0xf0
[ 31.851811] ? __kernel_text_address+0xd/0x40
[ 31.856287] ? unwind_get_return_address+0x61/0xa0
[ 31.861198] ? __save_stack_trace+0x8d/0xf0
[ 31.865506] ? save_stack+0xa9/0xd0
[ 31.869126] ? save_stack+0x43/0xd0
[ 31.872733] ? __kasan_slab_free+0x11a/0x170
[ 31.877125] ? kasan_slab_free+0xe/0x10
[ 31.881084] ? putname+0xf2/0x130
[ 31.884527] ? __x64_sys_openat+0x9d/0x100
[ 31.888746] ? do_syscall_64+0x1b9/0x820
[ 31.892788] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 31.898131] ? trace_hardirqs_off+0xb8/0x2b0
[ 31.902523] ? kasan_check_read+0x11/0x20
[ 31.906657] ? do_raw_spin_unlock+0xa7/0x2f0
[ 31.911044] ? trace_hardirqs_on+0x2c0/0x2c0
[ 31.915440] ? initcall_blacklisted+0x9a/0x1e0
[ 31.920006] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 31.925091] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 31.930796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 31.936318] ? do_vfs_ioctl+0x201/0x1720
[ 31.940360] ? rcu_is_watching+0x8c/0x150
[ 31.944485] ? trace_hardirqs_on+0xbd/0x2c0
[ 31.948825] ? ioctl_preallocate+0x300/0x300
[ 31.953223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 31.958740] ? __fget_light+0x2f7/0x440
[ 31.962694] ? fget_raw+0x20/0x20
[ 31.966124] ? putname+0xf2/0x130
[ 31.969557] ? rcu_read_lock_sched_held+0x108/0x120
[ 31.974561] ? kmem_cache_free+0x246/0x280
[ 31.978785] ? putname+0xf7/0x130
[ 31.982227] do_group_exit+0x177/0x440
[ 31.986093] ? trace_hardirqs_on+0xbd/0x2c0
[ 31.990399] ? __ia32_sys_exit+0x50/0x50
[ 31.994435] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 31.999523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.005053] ? ksys_ioctl+0x81/0xd0
[ 32.008662] __x64_sys_exit_group+0x3e/0x50
[ 32.012968] do_syscall_64+0x1b9/0x820
[ 32.016836] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 32.022183] ? syscall_return_slowpath+0x5e0/0x5e0
[ 32.027091] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 32.031916] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 32.036911] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 32.041905] ? prepare_exit_to_usermode+0x291/0x3b0
[ 32.046898] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 32.051762] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.056975] RIP: 0033:0x43ed68
[ 32.060167] Code: Bad RIP value.
[ 32.063511] RSP: 002b:00007ffe4e319df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 32.071196] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed68
[ 32.078442] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 32.085688] RBP: 00000000004be628 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 32.092940] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 32.100205] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 32.107462]
[ 32.109069] Allocated by task 4455:
[ 32.112676] save_stack+0x43/0xd0
[ 32.116112] kasan_kmalloc+0xc4/0xe0
[ 32.119804] kasan_slab_alloc+0x12/0x20
[ 32.123762] kmem_cache_alloc+0x12e/0x710
[ 32.127894] vmx_create_vcpu+0xcf/0x2830
[ 32.131932] kvm_arch_vcpu_create+0xe5/0x220
[ 32.136375] kvm_vm_ioctl+0x488/0x1d80
[ 32.140254] do_vfs_ioctl+0x1de/0x1720
[ 32.144126] ksys_ioctl+0xa9/0xd0
[ 32.147558] __x64_sys_ioctl+0x73/0xb0
[ 32.151423] do_syscall_64+0x1b9/0x820
[ 32.155292] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.160452]
[ 32.162054] Freed by task 4455:
[ 32.165309] save_stack+0x43/0xd0
[ 32.168741] __kasan_slab_free+0x11a/0x170
[ 32.172950] kasan_slab_free+0xe/0x10
[ 32.176726] kmem_cache_free+0x86/0x280
[ 32.180674] vmx_free_vcpu+0x26b/0x300
[ 32.184540] kvm_arch_destroy_vm+0x365/0x7c0
[ 32.188926] kvm_put_kvm+0x73f/0x1060
[ 32.192706] kvm_vm_release+0x42/0x50
[ 32.196585] __fput+0x36e/0x8c0
[ 32.199843] ____fput+0x15/0x20
[ 32.203110] task_work_run+0x1e8/0x2a0
[ 32.206981] do_exit+0x1ae4/0x26e0
[ 32.210572] do_group_exit+0x177/0x440
[ 32.214451] __x64_sys_exit_group+0x3e/0x50
[ 32.218754] do_syscall_64+0x1b9/0x820
[ 32.222621] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.227783]
[ 32.229391] The buggy address belongs to the object at ffff8801b1bd0040
[ 32.229391] which belongs to the cache kvm_vcpu of size 23872
[ 32.241940] The buggy address is located 24 bytes inside of
[ 32.241940] 23872-byte region [ffff8801b1bd0040, ffff8801b1bd5d80)
[ 32.253878] The buggy address belongs to the page:
[ 32.258791] page:ffffea0006c6f400 count:1 mapcount:0 mapping:ffff8801d9ff0240 index:0x0 compound_mapcount: 0
[ 32.269002] flags: 0x2fffc0000008100(slab|head)
[ 32.273655] raw: 02fffc0000008100 ffff8801d53fac48 ffff8801d53fac48 ffff8801d9ff0240
[ 32.281513] raw: 0000000000000000 ffff8801b1bd0040 0000000100000001 0000000000000000
[ 32.289467] page dumped because: kasan: bad access detected
[ 32.295153]
[ 32.296753] Memory state around the buggy address:
[ 32.301665] ffff8801b1bcff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 32.309068] ffff8801b1bcff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 32.316411] >ffff8801b1bd0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 32.323783] ^
[ 32.329997] ffff8801b1bd0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 32.337332] ffff8801b1bd0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 32.344665] ==================================================================
[ 32.352003] Kernel panic - not syncing: panic_on_warn set ...
[ 32.352003]
[ 32.359349] CPU: 0 PID: 4455 Comm: syz-executor657 Tainted: G B 4.18.0+ #204
[ 32.367816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 32.377149] Call Trace:
[ 32.379730] dump_stack+0x1c9/0x2b4
[ 32.383339] ? dump_stack_print_info.cold.2+0x52/0x52
[ 32.388557] ? lock_downgrade+0x8f0/0x8f0
[ 32.392693] ? __schedule+0xf54/0x1df0
[ 32.396565] panic+0x238/0x4e7
[ 32.399747] ? add_taint.cold.5+0x16/0x16
[ 32.403881] ? print_shadow_for_address+0xba/0x116
[ 32.408830] ? trace_hardirqs_off+0xaf/0x2b0
[ 32.413222] ? trace_hardirqs_off+0x77/0x2b0
[ 32.417608] ? __schedule+0xf54/0x1df0
[ 32.421473] kasan_end_report+0x47/0x4f
[ 32.425465] kasan_report.cold.7+0x76/0x30d
[ 32.429777] __asan_report_load8_noabort+0x14/0x20
[ 32.434690] __schedule+0xf54/0x1df0
[ 32.438392] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 32.443479] ? __sched_text_start+0x8/0x8
[ 32.447607] ? __call_srcu+0x7e7/0x1040
[ 32.451621] ? check_same_owner+0x340/0x340
[ 32.455928] ? mark_held_locks+0x160/0x160
[ 32.460140] ? find_held_lock+0x36/0x1c0
[ 32.464244] preempt_schedule_common+0x22/0x60
[ 32.468809] _cond_resched+0x1d/0x30
[ 32.472508] wait_for_completion+0xa5/0x8d0
[ 32.476819] ? wait_for_completion_interruptible+0x950/0x950
[ 32.482594] ? __lockdep_init_map+0x105/0x590
[ 32.487071] ? __init_waitqueue_head+0x9e/0x150
[ 32.491719] ? init_wait_entry+0x1c0/0x1c0
[ 32.495937] __synchronize_srcu+0x189/0x240
[ 32.500236] ? call_srcu+0x10/0x10
[ 32.503757] ? rcu_unexpedite_gp+0x20/0x20
[ 32.507974] synchronize_srcu+0x335/0x56f
[ 32.512099] ? lock_downgrade+0x8f0/0x8f0
[ 32.516292] ? synchronize_srcu_expedited+0x20/0x20
[ 32.521295] ? kasan_check_read+0x11/0x20
[ 32.525425] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 32.529983] ? kasan_check_write+0x14/0x20
[ 32.534202] ? do_raw_spin_lock+0xc1/0x200
[ 32.538419] kvm_page_track_unregister_notifier+0x17d/0x250
[ 32.544175] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 32.549617] ? kvfree+0x61/0x70
[ 32.552886] ? rcu_read_lock_sched_held+0x108/0x120
[ 32.557884] kvm_mmu_uninit_vm+0x1c/0x20
[ 32.561924] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 32.566309] ? kvm_arch_sync_events+0x30/0x30
[ 32.570791] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 32.576316] ? mmu_notifier_unregister+0x474/0x600
[ 32.581271] ? trace_hardirqs_on+0x2c0/0x2c0
[ 32.585681] ? kfree+0x111/0x210
[ 32.589031] ? __mmu_notifier_register+0x30/0x30
[ 32.593767] ? __free_pages+0x10a/0x190
[ 32.597718] ? free_unref_page+0x930/0x930
[ 32.601944] kvm_put_kvm+0x73f/0x1060
[ 32.605729] ? kvm_write_guest_cached+0x40/0x40
[ 32.610385] ? _raw_spin_unlock_irq+0x27/0x70
[ 32.614860] ? _raw_spin_unlock_irq+0x27/0x70
[ 32.619338] ? lockdep_hardirqs_on+0x421/0x5c0
[ 32.623906] ? kasan_check_write+0x14/0x20
[ 32.628128] ? do_raw_spin_lock+0xc1/0x200
[ 32.632343] ? kvm_irqfd_release+0xdd/0x120
[ 32.636710] ? kvm_put_kvm+0x1060/0x1060
[ 32.640761] kvm_vm_release+0x42/0x50
[ 32.644547] __fput+0x36e/0x8c0
[ 32.647805] ? __alloc_file+0x400/0x400
[ 32.651761] ? check_same_owner+0x340/0x340
[ 32.656059] ? kasan_check_write+0x14/0x20
[ 32.660271] ? do_raw_spin_lock+0xc1/0x200
[ 32.664483] ____fput+0x15/0x20
[ 32.667740] task_work_run+0x1e8/0x2a0
[ 32.671606] ? task_work_cancel+0x240/0x240
[ 32.675910] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 32.681424] ? switch_task_namespaces+0xa2/0xd0
[ 32.686074] do_exit+0x1ae4/0x26e0
[ 32.689594] ? mm_update_next_owner+0x9a0/0x9a0
[ 32.694246] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 32.698470] ? rcu_read_lock_sched_held+0x108/0x120
[ 32.703467] ? kfree+0x1d7/0x210
[ 32.706816] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 32.711031] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 32.716743] ? is_bpf_text_address+0xd7/0x170
[ 32.721229] ? kernel_text_address+0x79/0xf0
[ 32.725758] ? __kernel_text_address+0xd/0x40
[ 32.730238] ? unwind_get_return_address+0x61/0xa0
[ 32.735149] ? __save_stack_trace+0x8d/0xf0
[ 32.739455] ? save_stack+0xa9/0xd0
[ 32.743149] ? save_stack+0x43/0xd0
[ 32.746760] ? __kasan_slab_free+0x11a/0x170
[ 32.751148] ? kasan_slab_free+0xe/0x10
[ 32.755110] ? putname+0xf2/0x130
[ 32.758546] ? __x64_sys_openat+0x9d/0x100
[ 32.762770] ? do_syscall_64+0x1b9/0x820
[ 32.766816] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.772158] ? trace_hardirqs_off+0xb8/0x2b0
[ 32.776565] ? kasan_check_read+0x11/0x20
[ 32.780712] ? do_raw_spin_unlock+0xa7/0x2f0
[ 32.785209] ? trace_hardirqs_on+0x2c0/0x2c0
[ 32.789620] ? initcall_blacklisted+0x9a/0x1e0
[ 32.794204] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 32.799337] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 32.805052] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.810587] ? do_vfs_ioctl+0x201/0x1720
[ 32.814648] ? rcu_is_watching+0x8c/0x150
[ 32.818796] ? trace_hardirqs_on+0xbd/0x2c0
[ 32.823123] ? ioctl_preallocate+0x300/0x300
[ 32.827531] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.833065] ? __fget_light+0x2f7/0x440
[ 32.837036] ? fget_raw+0x20/0x20
[ 32.840483] ? putname+0xf2/0x130
[ 32.843934] ? rcu_read_lock_sched_held+0x108/0x120
[ 32.848948] ? kmem_cache_free+0x246/0x280
[ 32.853183] ? putname+0xf7/0x130
[ 32.856638] do_group_exit+0x177/0x440
[ 32.860524] ? trace_hardirqs_on+0xbd/0x2c0
[ 32.864846] ? __ia32_sys_exit+0x50/0x50
[ 32.868904] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 32.874007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.879716] ? ksys_ioctl+0x81/0xd0
[ 32.883344] __x64_sys_exit_group+0x3e/0x50
[ 32.887667] do_syscall_64+0x1b9/0x820
[ 32.891554] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 32.896913] ? syscall_return_slowpath+0x5e0/0x5e0
[ 32.901840] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 32.906683] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 32.911698] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 32.916714] ? prepare_exit_to_usermode+0x291/0x3b0
[ 32.921730] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 32.926578] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.931765] RIP: 0033:0x43ed68
[ 32.934959] Code: Bad RIP value.
[ 32.938314] RSP: 002b:00007ffe4e319df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 32.946020] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed68
[ 32.953282] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 32.960548] RBP: 00000000004be628 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 32.967812] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 32.975077] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 32.982354]
[ 32.982360] ======================================================
[ 32.982365] WARNING: possible circular locking dependency detected
[ 32.982369] 4.18.0+ #204 Not tainted
[ 32.982374] ------------------------------------------------------
[ 32.982379] syz-executor657/4455 is trying to acquire lock:
[ 32.982383] 000000009bc2547c ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 32.982398]
[ 32.982402] but task is already holding lock:
[ 32.982405] 000000003ad737e7 (report_lock){....}, at: kasan_report+0x8e/0x110
[ 32.982419]
[ 32.982424] which lock already depends on the new lock.
[ 32.982426]
[ 32.982429]
[ 32.982434] the existing dependency chain (in reverse order) is:
[ 32.982436]
[ 32.982438] -> #3 (report_lock){....}:
[ 32.982453] _raw_spin_lock_irqsave+0x96/0xc0
[ 32.982457] kasan_report+0x8e/0x110
[ 32.982462] __asan_report_load8_noabort+0x14/0x20
[ 32.982465] __schedule+0xf54/0x1df0
[ 32.982470] preempt_schedule_common+0x22/0x60
[ 32.982474] _cond_resched+0x1d/0x30
[ 32.982478] wait_for_completion+0xa5/0x8d0
[ 32.982482] __synchronize_srcu+0x189/0x240
[ 32.982486] synchronize_srcu+0x335/0x56f
[ 32.982491] kvm_page_track_unregister_notifier+0x17d/0x250
[ 32.982495] kvm_mmu_uninit_vm+0x1c/0x20
[ 32.982499] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 32.982503] kvm_put_kvm+0x73f/0x1060
[ 32.982507] kvm_vm_release+0x42/0x50
[ 32.982511] __fput+0x36e/0x8c0
[ 32.982514] ____fput+0x15/0x20
[ 32.982518] task_work_run+0x1e8/0x2a0
[ 32.982522] do_exit+0x1ae4/0x26e0
[ 32.982526] do_group_exit+0x177/0x440
[ 32.982530] __x64_sys_exit_group+0x3e/0x50
[ 32.982534] do_syscall_64+0x1b9/0x820
[ 32.982539] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.982541]
[ 32.982543] -> #2 (&rq->lock){-.-.}:
[ 32.982558] _raw_spin_lock+0x2a/0x40
[ 32.982561] task_fork_fair+0x93/0x680
[ 32.982565] sched_fork+0x44b/0xbd0
[ 32.982569] copy_process+0x235e/0x7ad0
[ 32.982573] _do_fork+0x1ca/0x1170
[ 32.982577] kernel_thread+0x34/0x40
[ 32.982580] rest_init+0x22/0xe4
[ 32.982584] start_kernel+0x913/0x94e
[ 32.982589] x86_64_start_reservations+0x29/0x2b
[ 32.982593] x86_64_start_kernel+0x76/0x79
[ 32.982597] secondary_startup_64+0xa4/0xb0
[ 32.982599]
[ 32.982601] -> #1 (&p->pi_lock){-.-.}:
[ 32.982631] _raw_spin_lock_irqsave+0x96/0xc0
[ 32.982635] try_to_wake_up+0xd2/0x1250
[ 32.982639] wake_up_process+0x10/0x20
[ 32.982642] __up.isra.1+0x1c0/0x2a0
[ 32.982646] up+0x13c/0x1c0
[ 32.982649] __up_console_sem+0xbe/0x1b0
[ 32.982653] console_unlock+0x506/0x10d0
[ 32.982657] do_con_write+0x1375/0x23d0
[ 32.982676] con_write+0x25/0xc0
[ 32.982680] n_tty_write+0x6c1/0x11a0
[ 32.982684] tty_write+0x3f1/0x880
[ 32.982703] __vfs_write+0x117/0x9d0
[ 32.982706] vfs_write+0x1fc/0x560
[ 32.982710] ksys_write+0x101/0x260
[ 32.982714] __x64_sys_write+0x73/0xb0
[ 32.982718] do_syscall_64+0x1b9/0x820
[ 32.982722] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.982724]
[ 32.982727] -> #0 ((console_sem).lock){-...}:
[ 32.982756] lock_acquire+0x1e4/0x4f0
[ 32.982760] _raw_spin_lock_irqsave+0x96/0xc0
[ 32.982763] down_trylock+0x13/0x70
[ 32.982767] __down_trylock_console_sem+0xae/0x200
[ 32.982771] console_trylock+0x15/0xa0
[ 32.982775] vprintk_emit+0x31f/0x910
[ 32.982778] vprintk_default+0x28/0x30
[ 32.982804] vprintk_func+0x7a/0x117
[ 32.982807] printk+0xa7/0xcf
[ 32.982811] kasan_report+0x9e/0x110
[ 32.982831] __asan_report_load8_noabort+0x14/0x20
[ 32.982834] __schedule+0xf54/0x1df0
[ 32.982838] preempt_schedule_common+0x22/0x60
[ 32.982842] _cond_resched+0x1d/0x30
[ 32.982846] wait_for_completion+0xa5/0x8d0
[ 32.982850] __synchronize_srcu+0x189/0x240
[ 32.982854] synchronize_srcu+0x335/0x56f
[ 32.982858] kvm_page_track_unregister_notifier+0x17d/0x250
[ 32.982862] kvm_mmu_uninit_vm+0x1c/0x20
[ 32.982866] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 32.982870] kvm_put_kvm+0x73f/0x1060
[ 32.982873] kvm_vm_release+0x42/0x50
[ 32.982877] __fput+0x36e/0x8c0
[ 32.982880] ____fput+0x15/0x20
[ 32.982899] task_work_run+0x1e8/0x2a0
[ 32.982902] do_exit+0x1ae4/0x26e0
[ 32.982906] do_group_exit+0x177/0x440
[ 32.982911] __x64_sys_exit_group+0x3e/0x50
[ 32.982914] do_syscall_64+0x1b9/0x820
[ 32.982919] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.982921]
[ 32.982941] other info that might help us debug this:
[ 32.982944]
[ 32.982947] Chain exists of:
[ 32.982949] (console_sem).lock --> &rq->lock --> report_lock
[ 32.982968]
[ 32.982972] Possible unsafe locking scenario:
[ 32.982974]
[ 32.982978] CPU0 CPU1
[ 32.982982] ---- ----
[ 32.982985] lock(report_lock);
[ 32.982994] lock(&rq->lock);
[ 32.983003] lock(report_lock);
[ 32.983011] lock((console_sem).lock);
[ 32.983020]
[ 32.983023] *** DEADLOCK ***
[ 32.983025]
[ 32.983029] 2 locks held by syz-executor657/4455:
[ 32.983031] #0: 000000007126fb3f (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[ 32.983049] #1: 000000003ad737e7 (report_lock){....}, at: kasan_report+0x8e/0x110
[ 32.983066]
[ 32.983069] stack backtrace:
[ 32.983075] CPU: 0 PID: 4455 Comm: syz-executor657 Not tainted 4.18.0+ #204
[ 32.983082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 32.983085] Call Trace:
[ 32.983089] dump_stack+0x1c9/0x2b4
[ 32.983093] ? dump_stack_print_info.cold.2+0x52/0x52
[ 32.983097] ? vprintk_func+0x100/0x117
[ 32.983111] print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[ 32.983115] ? save_trace+0xe0/0x290
[ 32.983119] __lock_acquire+0x3449/0x5020
[ 32.983123] ? mark_held_locks+0x160/0x160
[ 32.983127] ? mark_held_locks+0x160/0x160
[ 32.983132] ? rcu_cleanup_dead_rnp+0x200/0x200
[ 32.983136] ? is_bpf_text_address+0xd7/0x170
[ 32.983140] ? kernel_text_address+0x79/0xf0
[ 32.983144] ? __kernel_text_address+0xd/0x40
[ 32.983149] ? __save_stack_trace+0x8d/0xf0
[ 32.983153] ? add_lock_to_list.isra.27+0x1ec/0x4b0
[ 32.983157] ? save_trace+0x290/0x290
[ 32.983161] ? save_stack_trace+0x1a/0x20
[ 32.983165] ? save_trace+0xe0/0x290
[ 32.983169] ? graph_lock+0x170/0x170
[ 32.983174] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 32.983178] lock_acquire+0x1e4/0x4f0
[ 32.983181] ? down_trylock+0x13/0x70
[ 32.983185] ? lock_release+0x9f0/0x9f0
[ 32.983190] ? trace_hardirqs_off+0xb8/0x2b0
[ 32.983194] ? trace_hardirqs_on+0x2c0/0x2c0
[ 32.983198] ? trace_hardirqs_off+0xb8/0x2b0
[ 32.983202] ? log_store+0x34f/0x4c0
[ 32.983206] ? vprintk_emit+0x31f/0x910
[ 32.983210] _raw_spin_lock_irqsave+0x96/0xc0
[ 32.983214] ? down_trylock+0x13/0x70
[ 32.983218] down_trylock+0x13/0x70
[ 32.983223] __down_trylock_console_sem+0xae/0x200
[ 32.983227] console_trylock+0x15/0xa0
[ 32.983230] vprintk_emit+0x31f/0x910
[ 32.983234] ? wake_up_klogd+0x110/0x110
[ 32.983239] ? run_rebalance_domains+0x4c0/0x4c0
[ 32.983243] ? kasan_check_read+0x11/0x20
[ 32.983247] ? rcu_is_watching+0x8c/0x150
[ 32.983251] ? rcu_pm_notify+0xc0/0xc0
[ 32.983255] ? lock_acquire+0x1e4/0x4f0
[ 32.983259] ? kasan_report+0x8e/0x110
[ 32.983263] ? __schedule+0xf54/0x1df0
[ 32.983267] vprintk_default+0x28/0x30
[ 32.983271] vprintk_func+0x7a/0x117
[ 32.983274] printk+0xa7/0xcf
[ 32.983279] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 32.983283] ? kasan_check_write+0x14/0x20
[ 32.983288] ? do_raw_spin_lock+0xc1/0x200
[ 32.983292] ? do_raw_spin_lock+0xc1/0x200
[ 32.983295] kasan_report+0x9e/0x110
[ 32.983300] __asan_report_load8_noabort+0x14/0x20
[ 32.983304] __schedule+0xf54/0x1df0
[ 32.983308] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 32.983313] ? __sched_text_start+0x8/0x8
[ 32.983317] ? __call_srcu+0x7e7/0x1040
[ 32.983321] ? check_same_owner+0x340/0x340
[ 32.983325] ? mark_held_locks+0x160/0x160
[ 32.983329] ? find_held_lock+0x36/0x1c0
[ 32.983333] preempt_schedule_common+0x22/0x60
[ 32.983337] _cond_resched+0x1d/0x30
[ 32.983341] wait_for_completion+0xa5/0x8d0
[ 32.983346] ? wait_for_completion_interruptible+0x950/0x950
[ 32.983351] ? __lockdep_init_map+0x105/0x590
[ 32.983355] ? __init_waitqueue_head+0x9e/0x150
[ 32.983359] ? init_wait_entry+0x1c0/0x1c0
[ 32.983363] __synchronize_srcu+0x189/0x240
[ 32.983367] ? call_srcu+0x10/0x10
[ 32.983371] ? rcu_unexpedite_gp+0x20/0x20
[ 32.983375] synchronize_srcu+0x335/0x56f
[ 32.983379] ? lock_downgrade+0x8f0/0x8f0
[ 32.983384] ? synchronize_srcu_expedited+0x20/0x20
[ 32.983388] ? kasan_check_read+0x11/0x20
[ 32.983392] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 32.983397] ? kasan_check_write+0x14/0x20
[ 32.983401] ? do_raw_spin_lock+0xc1/0x200
[ 32.983406] kvm_page_track_unregister_notifier+0x17d/0x250
[ 32.983411] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 32.983414] ? kvfree+0x61/0x70
[ 32.983419] ? rcu_read_lock_sched_held+0x108/0x120
[ 32.983423] kvm_mmu_uninit_vm+0x1c/0x20
[ 32.983427] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 32.983431] ? kvm_arch_sync_events+0x30/0x30
[ 32.983436] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 32.983441] ? mmu_notifier_unregister+0x474/0x600
[ 32.983445] ? trace_hardirqs_on+0x2c0/0x2c0
[ 32.983449] ? kfree+0x111/0x210
[ 32.983453] ? __mmu_notifier_register+0x30/0x30
[ 32.983457] ? __free_pages+0x10a/0x190
[ 32.983461] ? free_unref_page+0x930/0x930
[ 32.983465] kvm_put_kvm+0x73f/0x1060
[ 32.983470] ? kvm_write_guest_cached+0x40/0x40
[ 32.983474] ? _raw_spin_unlock_irq+0x27/0x70
[ 32.983478] ? _raw_spin_unlock_irq+0x27/0x70
[ 32.983482] ? lockdep_hardirqs_on+0x421/0x5c0
[ 32.983487] ? kasan_check_write+0x14/0x20
[ 32.983491] ? do_raw_spin_lock+0xc1/0x200
[ 32.983495] ? kvm_irqfd_release+0xdd/0x120
[ 32.983499] ? kvm_put_kvm+0x1060/0x1060
[ 32.983503] kvm_vm_release+0x42/0x50
[ 32.983506] __fput+0x36e/0x8c0
[ 32.983510] ? __alloc_file+0x400/0x400
[ 32.983514] ? check_same_owner+0x340/0x340
[ 32.983518] ? kasan_check_write+0x14/0x20
[ 32.983523] ? do_raw_spin_lock+0xc1/0x200
[ 32.983526] ____fput+0x15/0x20
[ 32.983530] task_work_run+0x1e8/0x2a0
[ 32.983534] ? task_work_cancel+0x240/0x240
[ 32.983539] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 32.983544] ? switch_task_namespaces+0xa2/0xd0
[ 32.983547] do_exit+0x1ae4/0x26e0
[ 32.983552] ? mm_update_next_owner+0x9a0/0x9a0
[ 32.983556] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 32.983560] ? rcu_read_lock_sched_held+0x108/0x120
[ 32.983564] ? kfree+0x1d7/0x210
[ 32.983568] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 32.983573] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 32.983577] ? is_bpf_text_address+0xd7/0x170
[ 32.983582] Lost 55 message(s)!
[ 34.051911] Shutting down cpus with NMI
[ 35.109138] Dumping ftrace buffer:
[ 35.112662] (ftrace buffer empty)
[ 35.116352] Kernel Offset: disabled
[ 35.119961] Rebooting in 86400 seconds..