[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 23.880810] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 26.881026] random: sshd: uninitialized urandom read (32 bytes read)
[ 27.143319] random: sshd: uninitialized urandom read (32 bytes read)
[ 27.707759] random: sshd: uninitialized urandom read (32 bytes read)
[ 27.885329] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts.
[ 33.452093] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 33.549017] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 33.574022] ==================================================================
[ 33.583951] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[ 33.590177] Read of size 8 at addr ffff8801ac310058 by task syz-executor809/4466
[ 33.597694]
[ 33.599334] CPU: 0 PID: 4466 Comm: syz-executor809 Not tainted 4.18.0+ #206
[ 33.606422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 33.615764] Call Trace:
[ 33.618364] dump_stack+0x1c9/0x2b4
[ 33.621991] ? dump_stack_print_info.cold.2+0x52/0x52
[ 33.627189] ? printk+0xa7/0xcf
[ 33.630468] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 33.635223] ? __schedule+0xf54/0x1df0
[ 33.639107] print_address_description+0x6c/0x20b
[ 33.643944] ? __schedule+0xf54/0x1df0
[ 33.647827] kasan_report.cold.7+0x242/0x30d
[ 33.652236] __asan_report_load8_noabort+0x14/0x20
[ 33.657180] __schedule+0xf54/0x1df0
[ 33.660889] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 33.666015] ? __sched_text_start+0x8/0x8
[ 33.670185] ? __call_srcu+0x7e7/0x1040
[ 33.674162] ? check_same_owner+0x340/0x340
[ 33.678484] ? mark_held_locks+0x160/0x160
[ 33.682711] ? find_held_lock+0x36/0x1c0
[ 33.686772] preempt_schedule_common+0x22/0x60
[ 33.691352] _cond_resched+0x1d/0x30
[ 33.695065] wait_for_completion+0xa5/0x8d0
[ 33.699387] ? wait_for_completion_interruptible+0x950/0x950
[ 33.705198] ? __lockdep_init_map+0x105/0x590
[ 33.709695] ? __init_waitqueue_head+0x9e/0x150
[ 33.714363] ? init_wait_entry+0x1c0/0x1c0
[ 33.718598] __synchronize_srcu+0x189/0x240
[ 33.722933] ? call_srcu+0x10/0x10
[ 33.726471] ? rcu_unexpedite_gp+0x20/0x20
[ 33.730709] synchronize_srcu+0x335/0x56f
[ 33.734855] ? lock_downgrade+0x8f0/0x8f0
[ 33.738997] ? synchronize_srcu_expedited+0x20/0x20
[ 33.744012] ? kasan_check_read+0x11/0x20
[ 33.748161] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 33.752746] ? kasan_check_write+0x14/0x20
[ 33.756982] ? do_raw_spin_lock+0xc1/0x200
[ 33.761225] kvm_page_track_unregister_notifier+0x17d/0x250
[ 33.766937] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 33.772384] ? kvfree+0x61/0x70
[ 33.775669] ? rcu_read_lock_sched_held+0x108/0x120
[ 33.780716] kvm_mmu_uninit_vm+0x1c/0x20
[ 33.784775] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 33.789185] ? kvm_arch_sync_events+0x30/0x30
[ 33.793684] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 33.799218] ? mmu_notifier_unregister+0x474/0x600
[ 33.804142] ? trace_hardirqs_on+0x2c0/0x2c0
[ 33.808551] ? kfree+0x111/0x210
[ 33.811930] ? __mmu_notifier_register+0x30/0x30
[ 33.816690] ? __free_pages+0x10a/0x190
[ 33.820669] ? free_unref_page+0x930/0x930
[ 33.824917] kvm_put_kvm+0x73f/0x1060
[ 33.828743] ? kvm_write_guest_cached+0x40/0x40
[ 33.833415] ? _raw_spin_unlock_irq+0x27/0x70
[ 33.837941] ? _raw_spin_unlock_irq+0x27/0x70
[ 33.842462] ? lockdep_hardirqs_on+0x421/0x5c0
[ 33.847047] ? kasan_check_write+0x14/0x20
[ 33.851280] ? do_raw_spin_lock+0xc1/0x200
[ 33.855511] ? kvm_irqfd_release+0xdd/0x120
[ 33.859842] ? kvm_put_kvm+0x1060/0x1060
[ 33.863905] kvm_vm_release+0x42/0x50
[ 33.867728] __fput+0x36e/0x8c0
[ 33.871017] ? __alloc_file+0x400/0x400
[ 33.875005] ? check_same_owner+0x340/0x340
[ 33.879334] ? kasan_check_write+0x14/0x20
[ 33.883566] ? do_raw_spin_lock+0xc1/0x200
[ 33.887794] ____fput+0x15/0x20
[ 33.891067] task_work_run+0x1e8/0x2a0
[ 33.894966] ? task_work_cancel+0x240/0x240
[ 33.899285] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 33.904833] ? switch_task_namespaces+0xa2/0xd0
[ 33.909496] do_exit+0x1ae4/0x26e0
[ 33.913050] ? mm_update_next_owner+0x9a0/0x9a0
[ 33.917715] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 33.921946] ? rcu_read_lock_sched_held+0x108/0x120
[ 33.926958] ? kfree+0x1d7/0x210
[ 33.930320] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 33.934551] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 33.940290] ? is_bpf_text_address+0xd7/0x170
[ 33.944775] ? kernel_text_address+0x79/0xf0
[ 33.949182] ? __kernel_text_address+0xd/0x40
[ 33.953701] ? unwind_get_return_address+0x61/0xa0
[ 33.958644] ? __save_stack_trace+0x8d/0xf0
[ 33.962989] ? save_stack+0xa9/0xd0
[ 33.966628] ? save_stack+0x43/0xd0
[ 33.970265] ? __kasan_slab_free+0x11a/0x170
[ 33.974669] ? kasan_slab_free+0xe/0x10
[ 33.978655] ? putname+0xf2/0x130
[ 33.982148] ? __x64_sys_openat+0x9d/0x100
[ 33.986386] ? do_syscall_64+0x1b9/0x820
[ 33.990446] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 33.995803] ? trace_hardirqs_off+0xb8/0x2b0
[ 34.000204] ? kasan_check_read+0x11/0x20
[ 34.004345] ? do_raw_spin_unlock+0xa7/0x2f0
[ 34.008766] ? trace_hardirqs_on+0x2c0/0x2c0
[ 34.013180] ? initcall_blacklisted+0x9a/0x1e0
[ 34.017760] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 34.022858] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 34.028569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.034105] ? do_vfs_ioctl+0x201/0x1720
[ 34.038161] ? rcu_is_watching+0x8c/0x150
[ 34.042309] ? trace_hardirqs_on+0xbd/0x2c0
[ 34.046629] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 34.051639] ? __fget_light+0x2f7/0x440
[ 34.055607] ? fget_raw+0x20/0x20
[ 34.059052] ? putname+0xf2/0x130
[ 34.062500] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.067540] ? kmem_cache_free+0x246/0x280
[ 34.071771] ? putname+0xf7/0x130
[ 34.075223] do_group_exit+0x177/0x440
[ 34.079131] ? trace_hardirqs_on+0xbd/0x2c0
[ 34.083496] ? __ia32_sys_exit+0x50/0x50
[ 34.087551] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 34.092654] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 34.098194] ? ksys_ioctl+0x81/0xd0
[ 34.101834] __x64_sys_exit_group+0x3e/0x50
[ 34.106156] do_syscall_64+0x1b9/0x820
[ 34.110053] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 34.115416] ? syscall_return_slowpath+0x5e0/0x5e0
[ 34.120336] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.125194] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 34.130206] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 34.135219] ? prepare_exit_to_usermode+0x291/0x3b0
[ 34.140251] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.145108] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.150290] RIP: 0033:0x43ece8
[ 34.153489] Code: Bad RIP value.
[ 34.156844] RSP: 002b:00007ffdbeb73a58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 34.164543] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ece8
[ 34.171807] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 34.179067] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 34.186329] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 34.193602] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 34.200865]
[ 34.202481] Allocated by task 4466:
[ 34.206106] save_stack+0x43/0xd0
[ 34.209551] kasan_kmalloc+0xc4/0xe0
[ 34.213255] kasan_slab_alloc+0x12/0x20
[ 34.217239] kmem_cache_alloc+0x12e/0x710
[ 34.221379] vmx_create_vcpu+0xcf/0x2830
[ 34.225432] kvm_arch_vcpu_create+0xe5/0x220
[ 34.229839] kvm_vm_ioctl+0x488/0x1d80
[ 34.233723] do_vfs_ioctl+0x1de/0x1720
[ 34.237616] ksys_ioctl+0xa9/0xd0
[ 34.241063] __x64_sys_ioctl+0x73/0xb0
[ 34.244946] do_syscall_64+0x1b9/0x820
[ 34.248880] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.254065]
[ 34.255680] Freed by task 4466:
[ 34.258965] save_stack+0x43/0xd0
[ 34.262414] __kasan_slab_free+0x11a/0x170
[ 34.266640] kasan_slab_free+0xe/0x10
[ 34.270430] kmem_cache_free+0x86/0x280
[ 34.274570] vmx_free_vcpu+0x26b/0x300
[ 34.278449] kvm_arch_destroy_vm+0x365/0x7c0
[ 34.282853] kvm_put_kvm+0x73f/0x1060
[ 34.286655] kvm_vm_release+0x42/0x50
[ 34.290446] __fput+0x36e/0x8c0
[ 34.293719] ____fput+0x15/0x20
[ 34.296992] task_work_run+0x1e8/0x2a0
[ 34.300874] do_exit+0x1ae4/0x26e0
[ 34.304413] do_group_exit+0x177/0x440
[ 34.308292] __x64_sys_exit_group+0x3e/0x50
[ 34.312606] do_syscall_64+0x1b9/0x820
[ 34.316488] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.321676]
[ 34.323296] The buggy address belongs to the object at ffff8801ac310040
[ 34.323296] which belongs to the cache kvm_vcpu of size 23872
[ 34.335862] The buggy address is located 24 bytes inside of
[ 34.335862] 23872-byte region [ffff8801ac310040, ffff8801ac315d80)
[ 34.347809] The buggy address belongs to the page:
[ 34.352731] page:ffffea0006b0c400 count:1 mapcount:0 mapping:ffff8801d9ff00c0 index:0x0 compound_mapcount: 0
[ 34.362701] flags: 0x2fffc0000008100(slab|head)
[ 34.367368] raw: 02fffc0000008100 ffff8801d4c45748 ffff8801d4c45748 ffff8801d9ff00c0
[ 34.375249] raw: 0000000000000000 ffff8801ac310040 0000000100000001 0000000000000000
[ 34.383133] page dumped because: kasan: bad access detected
[ 34.388846]
[ 34.390497] Memory state around the buggy address:
[ 34.395427] ffff8801ac30ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 34.402782] ffff8801ac30ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 34.410282] >ffff8801ac310000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 34.417630] ^
[ 34.423873] ffff8801ac310080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 34.431233] ffff8801ac310100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 34.438580] ==================================================================
[ 34.445934] Kernel panic - not syncing: panic_on_warn set ...
[ 34.445934]
[ 34.453304] CPU: 0 PID: 4466 Comm: syz-executor809 Tainted: G B 4.18.0+ #206
[ 34.461789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.471141] Call Trace:
[ 34.473739] dump_stack+0x1c9/0x2b4
[ 34.477370] ? dump_stack_print_info.cold.2+0x52/0x52
[ 34.482558] ? lock_downgrade+0x8f0/0x8f0
[ 34.486721] ? __schedule+0xf54/0x1df0
[ 34.490618] panic+0x238/0x4e7
[ 34.493822] ? add_taint.cold.5+0x16/0x16
[ 34.497971] ? print_shadow_for_address+0xba/0x116
[ 34.502899] ? trace_hardirqs_off+0xaf/0x2b0
[ 34.507315] ? trace_hardirqs_off+0x77/0x2b0
[ 34.511724] ? __schedule+0xf54/0x1df0
[ 34.515605] kasan_end_report+0x47/0x4f
[ 34.519573] kasan_report.cold.7+0x76/0x30d
[ 34.523891] __asan_report_load8_noabort+0x14/0x20
[ 34.528827] __schedule+0xf54/0x1df0
[ 34.532534] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 34.537638] ? __sched_text_start+0x8/0x8
[ 34.541785] ? __call_srcu+0x7e7/0x1040
[ 34.545792] ? check_same_owner+0x340/0x340
[ 34.550106] ? mark_held_locks+0x160/0x160
[ 34.554341] ? find_held_lock+0x36/0x1c0
[ 34.558404] preempt_schedule_common+0x22/0x60
[ 34.562982] _cond_resched+0x1d/0x30
[ 34.566691] wait_for_completion+0xa5/0x8d0
[ 34.571044] ? wait_for_completion_interruptible+0x950/0x950
[ 34.576840] ? __lockdep_init_map+0x105/0x590
[ 34.581331] ? __init_waitqueue_head+0x9e/0x150
[ 34.585999] ? init_wait_entry+0x1c0/0x1c0
[ 34.590234] __synchronize_srcu+0x189/0x240
[ 34.594550] ? call_srcu+0x10/0x10
[ 34.598084] ? rcu_unexpedite_gp+0x20/0x20
[ 34.602317] synchronize_srcu+0x335/0x56f
[ 34.606458] ? lock_downgrade+0x8f0/0x8f0
[ 34.610626] ? synchronize_srcu_expedited+0x20/0x20
[ 34.615634] ? kasan_check_read+0x11/0x20
[ 34.619777] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 34.624356] ? kasan_check_write+0x14/0x20
[ 34.628590] ? do_raw_spin_lock+0xc1/0x200
[ 34.632822] kvm_page_track_unregister_notifier+0x17d/0x250
[ 34.638533] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 34.643976] ? kvfree+0x61/0x70
[ 34.647255] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.652270] kvm_mmu_uninit_vm+0x1c/0x20
[ 34.656330] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 34.660770] ? kvm_arch_sync_events+0x30/0x30
[ 34.665265] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 34.670832] ? mmu_notifier_unregister+0x474/0x600
[ 34.675753] ? trace_hardirqs_on+0x2c0/0x2c0
[ 34.680158] ? kfree+0x111/0x210
[ 34.683530] ? __mmu_notifier_register+0x30/0x30
[ 34.688284] ? __free_pages+0x10a/0x190
[ 34.692256] ? free_unref_page+0x930/0x930
[ 34.696522] kvm_put_kvm+0x73f/0x1060
[ 34.700326] ? kvm_write_guest_cached+0x40/0x40
[ 34.704996] ? _raw_spin_unlock_irq+0x27/0x70
[ 34.709485] ? _raw_spin_unlock_irq+0x27/0x70
[ 34.713979] ? lockdep_hardirqs_on+0x421/0x5c0
[ 34.718561] ? kasan_check_write+0x14/0x20
[ 34.722791] ? do_raw_spin_lock+0xc1/0x200
[ 34.727026] ? kvm_irqfd_release+0xdd/0x120
[ 34.731351] ? kvm_put_kvm+0x1060/0x1060
[ 34.735412] kvm_vm_release+0x42/0x50
[ 34.739208] __fput+0x36e/0x8c0
[ 34.742500] ? __alloc_file+0x400/0x400
[ 34.746472] ? check_same_owner+0x340/0x340
[ 34.750793] ? kasan_check_write+0x14/0x20
[ 34.755027] ? do_raw_spin_lock+0xc1/0x200
[ 34.759257] ____fput+0x15/0x20
[ 34.762537] task_work_run+0x1e8/0x2a0
[ 34.766417] ? task_work_cancel+0x240/0x240
[ 34.770739] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 34.777491] ? switch_task_namespaces+0xa2/0xd0
[ 34.782161] do_exit+0x1ae4/0x26e0
[ 34.785710] ? mm_update_next_owner+0x9a0/0x9a0
[ 34.790382] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 34.794615] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.799624] ? kfree+0x1d7/0x210
[ 34.802990] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 34.807229] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 34.812942] ? is_bpf_text_address+0xd7/0x170
[ 34.817441] ? kernel_text_address+0x79/0xf0
[ 34.821853] ? __kernel_text_address+0xd/0x40
[ 34.826355] ? unwind_get_return_address+0x61/0xa0
[ 34.831292] ? __save_stack_trace+0x8d/0xf0
[ 34.835618] ? save_stack+0xa9/0xd0
[ 34.839237] ? save_stack+0x43/0xd0
[ 34.842858] ? __kasan_slab_free+0x11a/0x170
[ 34.847260] ? kasan_slab_free+0xe/0x10
[ 34.851227] ? putname+0xf2/0x130
[ 34.854675] ? __x64_sys_openat+0x9d/0x100
[ 34.858914] ? do_syscall_64+0x1b9/0x820
[ 34.862975] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.868351] ? trace_hardirqs_off+0xb8/0x2b0
[ 34.872758] ? kasan_check_read+0x11/0x20
[ 34.876927] ? do_raw_spin_unlock+0xa7/0x2f0
[ 34.881366] ? trace_hardirqs_on+0x2c0/0x2c0
[ 34.885771] ? initcall_blacklisted+0x9a/0x1e0
[ 34.890358] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 34.895460] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 34.901164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.906718] ? do_vfs_ioctl+0x201/0x1720
[ 34.910777] ? rcu_is_watching+0x8c/0x150
[ 34.914933] ? trace_hardirqs_on+0xbd/0x2c0
[ 34.919255] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 34.924271] ? __fget_light+0x2f7/0x440
[ 34.928240] ? fget_raw+0x20/0x20
[ 34.931693] ? putname+0xf2/0x130
[ 34.935145] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.940182] ? kmem_cache_free+0x246/0x280
[ 34.944410] ? putname+0xf7/0x130
[ 34.947865] do_group_exit+0x177/0x440
[ 34.951746] ? trace_hardirqs_on+0xbd/0x2c0
[ 34.956062] ? __ia32_sys_exit+0x50/0x50
[ 34.960117] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 34.965219] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 34.970753] ? ksys_ioctl+0x81/0xd0
[ 34.974381] __x64_sys_exit_group+0x3e/0x50
[ 34.978701] do_syscall_64+0x1b9/0x820
[ 34.982590] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 34.987947] ? syscall_return_slowpath+0x5e0/0x5e0
[ 34.992870] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.997702] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 35.002715] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 35.007727] ? prepare_exit_to_usermode+0x291/0x3b0
[ 35.012739] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.017582] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.022764] RIP: 0033:0x43ece8
[ 35.025953] Code: Bad RIP value.
[ 35.029307] RSP: 002b:00007ffdbeb73a58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 35.037027] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ece8
[ 35.044291] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 35.051560] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 35.058836] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 35.066101] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 35.073369]
[ 35.073375] ======================================================
[ 35.073380] WARNING: possible circular locking dependency detected
[ 35.073383] 4.18.0+ #206 Not tainted
[ 35.073389] ------------------------------------------------------
[ 35.073393] syz-executor809/4466 is trying to acquire lock:
[ 35.073397] 00000000340c016b ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 35.073411]
[ 35.073415] but task is already holding lock:
[ 35.073418] 000000009378dcb3 (report_lock){....}, at: kasan_report+0x8e/0x110
[ 35.073432]
[ 35.073437] which lock already depends on the new lock.
[ 35.073439]
[ 35.073441]
[ 35.073446] the existing dependency chain (in reverse order) is:
[ 35.073448]
[ 35.073451] -> #3 (report_lock){....}:
[ 35.073465] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.073469] kasan_report+0x8e/0x110
[ 35.073473] __asan_report_load8_noabort+0x14/0x20
[ 35.073477] __schedule+0xf54/0x1df0
[ 35.073481] preempt_schedule_common+0x22/0x60
[ 35.073485] _cond_resched+0x1d/0x30
[ 35.073489] wait_for_completion+0xa5/0x8d0
[ 35.073493] __synchronize_srcu+0x189/0x240
[ 35.073497] synchronize_srcu+0x335/0x56f
[ 35.073502] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.073506] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.073510] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.073514] kvm_put_kvm+0x73f/0x1060
[ 35.073517] kvm_vm_release+0x42/0x50
[ 35.073521] __fput+0x36e/0x8c0
[ 35.073524] ____fput+0x15/0x20
[ 35.073528] task_work_run+0x1e8/0x2a0
[ 35.073532] do_exit+0x1ae4/0x26e0
[ 35.073535] do_group_exit+0x177/0x440
[ 35.073540] __x64_sys_exit_group+0x3e/0x50
[ 35.073543] do_syscall_64+0x1b9/0x820
[ 35.073548] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.073550]
[ 35.073552] -> #2 (&rq->lock){-.-.}:
[ 35.073566] _raw_spin_lock+0x2a/0x40
[ 35.073570] task_fork_fair+0x93/0x680
[ 35.073574] sched_fork+0x44b/0xbd0
[ 35.073577] copy_process+0x235e/0x7ad0
[ 35.073581] _do_fork+0x1ca/0x1170
[ 35.073585] kernel_thread+0x34/0x40
[ 35.073588] rest_init+0x22/0xe4
[ 35.073592] start_kernel+0x913/0x94e
[ 35.073596] x86_64_start_reservations+0x29/0x2b
[ 35.073600] x86_64_start_kernel+0x76/0x79
[ 35.073604] secondary_startup_64+0xa4/0xb0
[ 35.073607]
[ 35.073609] -> #1 (&p->pi_lock){-.-.}:
[ 35.073623] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.073627] try_to_wake_up+0xd2/0x1250
[ 35.073631] wake_up_process+0x10/0x20
[ 35.073634] __up.isra.1+0x1c0/0x2a0
[ 35.073638] up+0x13c/0x1c0
[ 35.073641] __up_console_sem+0xbe/0x1b0
[ 35.073645] console_unlock+0x506/0x10d0
[ 35.073649] vprintk_emit+0x33a/0x910
[ 35.073653] vprintk_default+0x28/0x30
[ 35.073657] vprintk_func+0x7a/0x117
[ 35.073660] printk+0xa7/0xcf
[ 35.073663] load_umh+0x51/0xbd
[ 35.073667] do_one_initcall+0x127/0x838
[ 35.073671] kernel_init_freeable+0x4bb/0x5ae
[ 35.073675] kernel_init+0x11/0x1b3
[ 35.073679] ret_from_fork+0x3a/0x50
[ 35.073681]
[ 35.073684] -> #0 ((console_sem).lock){-...}:
[ 35.073698] lock_acquire+0x1e4/0x4f0
[ 35.073702] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.073706] down_trylock+0x13/0x70
[ 35.073710] __down_trylock_console_sem+0xae/0x200
[ 35.073714] console_trylock+0x15/0xa0
[ 35.073718] vprintk_emit+0x31f/0x910
[ 35.073721] vprintk_default+0x28/0x30
[ 35.073725] vprintk_func+0x7a/0x117
[ 35.073729] printk+0xa7/0xcf
[ 35.073732] kasan_report+0x9e/0x110
[ 35.073737] __asan_report_load8_noabort+0x14/0x20
[ 35.073740] __schedule+0xf54/0x1df0
[ 35.073745] preempt_schedule_common+0x22/0x60
[ 35.073748] _cond_resched+0x1d/0x30
[ 35.073753] wait_for_completion+0xa5/0x8d0
[ 35.073757] __synchronize_srcu+0x189/0x240
[ 35.073761] synchronize_srcu+0x335/0x56f
[ 35.073766] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.073769] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.073774] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.073777] kvm_put_kvm+0x73f/0x1060
[ 35.073781] kvm_vm_release+0x42/0x50
[ 35.073785] __fput+0x36e/0x8c0
[ 35.073788] ____fput+0x15/0x20
[ 35.073792] task_work_run+0x1e8/0x2a0
[ 35.073795] do_exit+0x1ae4/0x26e0
[ 35.073799] do_group_exit+0x177/0x440
[ 35.073803] __x64_sys_exit_group+0x3e/0x50
[ 35.073807] do_syscall_64+0x1b9/0x820
[ 35.073812] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.073814]
[ 35.073818] other info that might help us debug this:
[ 35.073821]
[ 35.073824] Chain exists of:
[ 35.073826] (console_sem).lock --> &rq->lock --> report_lock
[ 35.073844]
[ 35.073848] Possible unsafe locking scenario:
[ 35.073850]
[ 35.073854] CPU0 CPU1
[ 35.073858] ---- ----
[ 35.073860] lock(report_lock);
[ 35.073869] lock(&rq->lock);
[ 35.073878] lock(report_lock);
[ 35.073886] lock((console_sem).lock);
[ 35.073894]
[ 35.073897] *** DEADLOCK ***
[ 35.073899]
[ 35.073911] 2 locks held by syz-executor809/4466:
[ 35.073914] #0: 00000000b12b52bb (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[ 35.073930] #1: 000000009378dcb3 (report_lock){....}, at: kasan_report+0x8e/0x110
[ 35.073947]
[ 35.073950] stack backtrace:
[ 35.073956] CPU: 0 PID: 4466 Comm: syz-executor809 Not tainted 4.18.0+ #206
[ 35.073963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 35.073966] Call Trace:
[ 35.073969] dump_stack+0x1c9/0x2b4
[ 35.073974] ? dump_stack_print_info.cold.2+0x52/0x52
[ 35.073978] ? vprintk_func+0x100/0x117
[ 35.073983] print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[ 35.073986] ? save_trace+0xe0/0x290
[ 35.073990] __lock_acquire+0x3449/0x5020
[ 35.073994] ? mark_held_locks+0x160/0x160
[ 35.073998] ? mark_held_locks+0x160/0x160
[ 35.074003] ? rcu_cleanup_dead_rnp+0x200/0x200
[ 35.074007] ? is_bpf_text_address+0xd7/0x170
[ 35.074011] ? kernel_text_address+0x79/0xf0
[ 35.074015] ? __kernel_text_address+0xd/0x40
[ 35.074019] ? __save_stack_trace+0x8d/0xf0
[ 35.074024] ? add_lock_to_list.isra.27+0x1ec/0x4b0
[ 35.074027] ? save_trace+0x290/0x290
[ 35.074031] ? save_stack_trace+0x1a/0x20
[ 35.074035] ? save_trace+0xe0/0x290
[ 35.074039] ? graph_lock+0x170/0x170
[ 35.074043] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.074047] lock_acquire+0x1e4/0x4f0
[ 35.074051] ? down_trylock+0x13/0x70
[ 35.074055] ? lock_release+0x9f0/0x9f0
[ 35.074059] ? trace_hardirqs_off+0xb8/0x2b0
[ 35.074063] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.074067] ? trace_hardirqs_off+0xb8/0x2b0
[ 35.074071] ? log_store+0x34f/0x4c0
[ 35.074075] ? vprintk_emit+0x31f/0x910
[ 35.074079] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.074083] ? down_trylock+0x13/0x70
[ 35.074086] down_trylock+0x13/0x70
[ 35.074091] __down_trylock_console_sem+0xae/0x200
[ 35.074095] console_trylock+0x15/0xa0
[ 35.074098] vprintk_emit+0x31f/0x910
[ 35.074102] ? wake_up_klogd+0x110/0x110
[ 35.074106] ? run_rebalance_domains+0x4c0/0x4c0
[ 35.074125] ? kasan_check_read+0x11/0x20
[ 35.074129] ? rcu_is_watching+0x8c/0x150
[ 35.074132] ? rcu_pm_notify+0xc0/0xc0
[ 35.074136] ? lock_acquire+0x1e4/0x4f0
[ 35.074140] ? kasan_report+0x8e/0x110
[ 35.074143] ? __schedule+0xf54/0x1df0
[ 35.074147] vprintk_default+0x28/0x30
[ 35.074151] vprintk_func+0x7a/0x117
[ 35.074154] printk+0xa7/0xcf
[ 35.074158] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 35.074162] ? kasan_check_write+0x14/0x20
[ 35.074166] ? do_raw_spin_lock+0xc1/0x200
[ 35.074170] ? do_raw_spin_lock+0xc1/0x200
[ 35.074173] kasan_report+0x9e/0x110
[ 35.074197] __asan_report_load8_noabort+0x14/0x20
[ 35.074201] __schedule+0xf54/0x1df0
[ 35.074205] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 35.074209] ? __sched_text_start+0x8/0x8
[ 35.074212] ? __call_srcu+0x7e7/0x1040
[ 35.074216] ? check_same_owner+0x340/0x340
[ 35.074220] ? mark_held_locks+0x160/0x160
[ 35.074223] ? find_held_lock+0x36/0x1c0
[ 35.074227] preempt_schedule_common+0x22/0x60
[ 35.074231] _cond_resched+0x1d/0x30
[ 35.074235] wait_for_completion+0xa5/0x8d0
[ 35.074239] ? wait_for_completion_interruptible+0x950/0x950
[ 35.074243] ? __lockdep_init_map+0x105/0x590
[ 35.074262] ? __init_waitqueue_head+0x9e/0x150
[ 35.074266] ? init_wait_entry+0x1c0/0x1c0
[ 35.074270] __synchronize_srcu+0x189/0x240
[ 35.074274] ? call_srcu+0x10/0x10
[ 35.074277] ? rcu_unexpedite_gp+0x20/0x20
[ 35.074281] synchronize_srcu+0x335/0x56f
[ 35.074300] ? lock_downgrade+0x8f0/0x8f0
[ 35.074305] ? synchronize_srcu_expedited+0x20/0x20
[ 35.074309] ? kasan_check_read+0x11/0x20
[ 35.074313] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 35.074317] ? kasan_check_write+0x14/0x20
[ 35.074321] ? do_raw_spin_lock+0xc1/0x200
[ 35.074326] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.074330] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 35.074334] ? kvfree+0x61/0x70
[ 35.074338] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.074342] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.074346] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.074350] ? kvm_arch_sync_events+0x30/0x30
[ 35.074355] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.074359] ? mmu_notifier_unregister+0x474/0x600
[ 35.074364] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.074367] ? kfree+0x111/0x210
[ 35.074372] ? __mmu_notifier_register+0x30/0x30
[ 35.074375] ? __free_pages+0x10a/0x190
[ 35.074379] ? free_unref_page+0x930/0x930
[ 35.074383] kvm_put_kvm+0x73f/0x1060
[ 35.074387] ? kvm_write_guest_cached+0x40/0x40
[ 35.074391] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.074396] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.074400] ? lockdep_hardirqs_on+0x421/0x5c0
[ 35.074404] ? kasan_check_write+0x14/0x20
[ 35.074408] ? do_raw_spin_lock+0xc1/0x200
[ 35.074412] ? kvm_irqfd_release+0xdd/0x120
[ 35.074416] ? kvm_put_kvm+0x1060/0x1060
[ 35.074419] kvm_vm_release+0x42/0x50
[ 35.074423] __fput+0x36e/0x8c0
[ 35.074427] ? __alloc_file+0x400/0x400
[ 35.074431] ? check_same_owner+0x340/0x340
[ 35.074435] ? kasan_check_write+0x14/0x20
[ 35.074439] ? do_raw_spin_lock+0xc1/0x200
[ 35.074442] ____fput+0x15/0x20
[ 35.074446] task_work_run+0x1e8/0x2a0
[ 35.074450] ? task_work_cancel+0x240/0x240
[ 35.074455] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.074459] ? switch_task_namespaces+0xa2/0xd0
[ 35.074462] do_exit+0x1ae4/0x26e0
[ 35.074467] ? mm_update_next_owner+0x9a0/0x9a0
[ 35.074471] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 35.074475] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.074479] ? kfree+0x1d7/0x210
[ 35.074483] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 35.074487] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 35.074491] ? is_bpf_text_address+0xd7/0x170
[ 35.074496] ? kernel_text_address+0x79/0xf0
[ 35.074498] ? __kern
[ 35.074505] Lost 53 message(s)!
[ 36.184762] Shutting down cpus with NMI
[ 37.243588] Dumping ftrace buffer:
[ 37.247112] (ftrace buffer empty)
[ 37.250800] Kernel Offset: disabled
[ 37.254409] Rebooting in 86400 seconds..