[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 24.344554] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 30.485034] random: sshd: uninitialized urandom read (32 bytes read)
[ 30.854272] random: sshd: uninitialized urandom read (32 bytes read)
[ 31.414629] random: sshd: uninitialized urandom read (32 bytes read)
[ 31.597292] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts.
[ 37.122639] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 37.221582] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 37.247144] ==================================================================
[ 37.256892] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[ 37.263119] Read of size 8 at addr ffff8801d9b60058 by task syz-executor057/4691
[ 37.270640]
[ 37.272269] CPU: 0 PID: 4691 Comm: syz-executor057 Not tainted 4.19.0-rc2+ #220
[ 37.279706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 37.289051] Call Trace:
[ 37.291646] dump_stack+0x1c9/0x2b4
[ 37.295276] ? dump_stack_print_info.cold.2+0x52/0x52
[ 37.300461] ? printk+0xa7/0xcf
[ 37.303738] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 37.308492] ? __schedule+0xf54/0x1df0
[ 37.312380] print_address_description+0x6c/0x20b
[ 37.317235] ? __schedule+0xf54/0x1df0
[ 37.321123] kasan_report.cold.7+0x242/0x30d
[ 37.325907] __asan_report_load8_noabort+0x14/0x20
[ 37.330844] __schedule+0xf54/0x1df0
[ 37.334567] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 37.339674] ? __sched_text_start+0x8/0x8
[ 37.343820] ? __call_srcu+0x7e7/0x1040
[ 37.347811] ? check_same_owner+0x340/0x340
[ 37.352130] ? mark_held_locks+0x160/0x160
[ 37.356361] ? find_held_lock+0x36/0x1c0
[ 37.360426] preempt_schedule_common+0x22/0x60
[ 37.365006] _cond_resched+0x1d/0x30
[ 37.368720] wait_for_completion+0xa5/0x8d0
[ 37.373044] ? wait_for_completion_interruptible+0x950/0x950
[ 37.378846] ? __lockdep_init_map+0x105/0x590
[ 37.383353] ? __init_waitqueue_head+0x9e/0x150
[ 37.388023] ? init_wait_entry+0x1c0/0x1c0
[ 37.392264] __synchronize_srcu+0x189/0x240
[ 37.396579] ? call_srcu+0x10/0x10
[ 37.400115] ? rcu_unexpedite_gp+0x20/0x20
[ 37.404353] synchronize_srcu+0x335/0x56f
[ 37.408499] ? lock_downgrade+0x8f0/0x8f0
[ 37.412642] ? synchronize_srcu_expedited+0x20/0x20
[ 37.417659] ? kasan_check_read+0x11/0x20
[ 37.421802] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 37.426384] ? kasan_check_write+0x14/0x20
[ 37.430616] ? do_raw_spin_lock+0xc1/0x200
[ 37.434860] kvm_page_track_unregister_notifier+0x17d/0x250
[ 37.440575] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 37.446021] ? kvfree+0x61/0x70
[ 37.449296] ? rcu_read_lock_sched_held+0x108/0x120
[ 37.454310] kvm_mmu_uninit_vm+0x1c/0x20
[ 37.458367] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 37.462775] ? kvm_arch_sync_events+0x30/0x30
[ 37.467270] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 37.472862] ? mmu_notifier_unregister+0x474/0x600
[ 37.477791] ? trace_hardirqs_on+0x2c0/0x2c0
[ 37.482196] ? kfree+0x111/0x210
[ 37.485565] ? __mmu_notifier_register+0x30/0x30
[ 37.490319] ? __free_pages+0x10a/0x190
[ 37.494292] ? free_unref_page+0x930/0x930
[ 37.498535] kvm_put_kvm+0x73f/0x1060
[ 37.502361] ? kvm_write_guest_cached+0x40/0x40
[ 37.507037] ? _raw_spin_unlock_irq+0x27/0x70
[ 37.511531] ? _raw_spin_unlock_irq+0x27/0x70
[ 37.516021] ? lockdep_hardirqs_on+0x421/0x5c0
[ 37.520603] ? kasan_check_write+0x14/0x20
[ 37.524834] ? do_raw_spin_lock+0xc1/0x200
[ 37.529073] ? kvm_irqfd_release+0xdd/0x120
[ 37.533395] ? kvm_irqfd_release+0xdd/0x120
[ 37.537719] ? kvm_put_kvm+0x1060/0x1060
[ 37.541782] kvm_vm_release+0x42/0x50
[ 37.545591] __fput+0x38a/0xa40
[ 37.548877] ? __alloc_file+0x400/0x400
[ 37.552859] ? check_same_owner+0x340/0x340
[ 37.557186] ? kasan_check_write+0x14/0x20
[ 37.561424] ? do_raw_spin_lock+0xc1/0x200
[ 37.565663] ____fput+0x15/0x20
[ 37.568942] task_work_run+0x1e8/0x2a0
[ 37.572843] ? task_work_cancel+0x240/0x240
[ 37.577182] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 37.582718] ? switch_task_namespaces+0xa2/0xd0
[ 37.587407] do_exit+0x1ae4/0x26e0
[ 37.590951] ? mm_update_next_owner+0x9a0/0x9a0
[ 37.595623] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 37.599869] ? rcu_read_lock_sched_held+0x108/0x120
[ 37.604892] ? kfree+0x1d7/0x210
[ 37.608260] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 37.612497] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 37.618215] ? is_bpf_text_address+0xd7/0x170
[ 37.622711] ? kernel_text_address+0x79/0xf0
[ 37.627122] ? __kernel_text_address+0xd/0x40
[ 37.631618] ? unwind_get_return_address+0x61/0xa0
[ 37.636555] ? __save_stack_trace+0x8d/0xf0
[ 37.640898] ? save_stack+0xa9/0xd0
[ 37.644616] ? save_stack+0x43/0xd0
[ 37.648239] ? __kasan_slab_free+0x11a/0x170
[ 37.652645] ? kasan_slab_free+0xe/0x10
[ 37.656621] ? putname+0xf2/0x130
[ 37.660080] ? __x64_sys_openat+0x9d/0x100
[ 37.664322] ? do_syscall_64+0x1b9/0x820
[ 37.668386] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 37.673761] ? trace_hardirqs_off+0xb8/0x2b0
[ 37.678176] ? kasan_check_read+0x11/0x20
[ 37.682333] ? do_raw_spin_unlock+0xa7/0x2f0
[ 37.686746] ? trace_hardirqs_on+0x2c0/0x2c0
[ 37.691158] ? initcall_blacklisted+0x9a/0x1e0
[ 37.695748] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 37.700858] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 37.706572] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 37.712113] ? do_vfs_ioctl+0x201/0x1720
[ 37.716178] ? rcu_is_watching+0x8c/0x150
[ 37.720322] ? trace_hardirqs_on+0xbd/0x2c0
[ 37.724644] ? ioctl_preallocate+0x300/0x300
[ 37.729053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 37.734596] ? __fget_light+0x2f7/0x440
[ 37.738567] ? fget_raw+0x20/0x20
[ 37.742014] ? putname+0xf2/0x130
[ 37.745467] ? rcu_read_lock_sched_held+0x108/0x120
[ 37.750480] ? kmem_cache_free+0x246/0x280
[ 37.754716] ? putname+0xf7/0x130
[ 37.758168] do_group_exit+0x177/0x440
[ 37.762055] ? trace_hardirqs_on+0xbd/0x2c0
[ 37.766374] ? __ia32_sys_exit+0x50/0x50
[ 37.770434] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 37.775535] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 37.781075] ? ksys_ioctl+0x81/0xd0
[ 37.784706] __x64_sys_exit_group+0x3e/0x50
[ 37.789030] do_syscall_64+0x1b9/0x820
[ 37.792923] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 37.798294] ? syscall_return_slowpath+0x5e0/0x5e0
[ 37.803222] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 37.808069] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 37.813091] ? prepare_exit_to_usermode+0x291/0x3b0
[ 37.818401] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 37.823254] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 37.828452] RIP: 0033:0x43f028
[ 37.831648] Code: Bad RIP value.
[ 37.835014] RSP: 002b:00007fffa7ed27c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 37.842729] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028
[ 37.850003] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 37.857301] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 37.864572] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 37.871844] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[ 37.879125]
[ 37.880746] Allocated by task 4691:
[ 37.884376] save_stack+0x43/0xd0
[ 37.887833] kasan_kmalloc+0xc4/0xe0
[ 37.891551] kasan_slab_alloc+0x12/0x20
[ 37.895522] kmem_cache_alloc+0x12e/0x710
[ 37.899664] vmx_create_vcpu+0xcf/0x2830
[ 37.903719] kvm_arch_vcpu_create+0xe5/0x220
[ 37.908123] kvm_vm_ioctl+0x488/0x1d80
[ 37.912010] do_vfs_ioctl+0x1de/0x1720
[ 37.915892] ksys_ioctl+0xa9/0xd0
[ 37.919343] __x64_sys_ioctl+0x73/0xb0
[ 37.923232] do_syscall_64+0x1b9/0x820
[ 37.927114] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 37.932286]
[ 37.933908] Freed by task 4691:
[ 37.937188] save_stack+0x43/0xd0
[ 37.940640] __kasan_slab_free+0x11a/0x170
[ 37.944877] kasan_slab_free+0xe/0x10
[ 37.948675] kmem_cache_free+0x86/0x280
[ 37.952649] vmx_free_vcpu+0x26b/0x300
[ 37.956537] kvm_arch_destroy_vm+0x365/0x7c0
[ 37.960949] kvm_put_kvm+0x73f/0x1060
[ 37.964751] kvm_vm_release+0x42/0x50
[ 37.968557] __fput+0x38a/0xa40
[ 37.971835] ____fput+0x15/0x20
[ 37.975121] task_work_run+0x1e8/0x2a0
[ 37.979008] do_exit+0x1ae4/0x26e0
[ 37.982548] do_group_exit+0x177/0x440
[ 37.986436] __x64_sys_exit_group+0x3e/0x50
[ 37.990762] do_syscall_64+0x1b9/0x820
[ 37.994649] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 37.999828]
[ 38.001456] The buggy address belongs to the object at ffff8801d9b60040
[ 38.001456] which belongs to the cache kvm_vcpu of size 23872
[ 38.014032] The buggy address is located 24 bytes inside of
[ 38.014032] 23872-byte region [ffff8801d9b60040, ffff8801d9b65d80)
[ 38.026004] The buggy address belongs to the page:
[ 38.030939] page:ffffea000766d800 count:1 mapcount:0 mapping:ffff8801d51f9d80 index:0x0 compound_mapcount: 0
[ 38.040909] flags: 0x2fffc0000008100(slab|head)
[ 38.045578] raw: 02fffc0000008100 ffff8801d51f2b48 ffff8801d51f2b48 ffff8801d51f9d80
[ 38.053461] raw: 0000000000000000 ffff8801d9b60040 0000000100000001 0000000000000000
[ 38.061328] page dumped because: kasan: bad access detected
[ 38.067030]
[ 38.068644] Memory state around the buggy address:
[ 38.073579] ffff8801d9b5ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 38.080950] ffff8801d9b5ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 38.088307] >ffff8801d9b60000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 38.095655] ^
[ 38.101885] ffff8801d9b60080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.109237] ffff8801d9b60100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.116690] ==================================================================
[ 38.124044] Kernel panic - not syncing: panic_on_warn set ...
[ 38.124044]
[ 38.131419] CPU: 0 PID: 4691 Comm: syz-executor057 Tainted: G B 4.19.0-rc2+ #220
[ 38.140250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 38.149602] Call Trace:
[ 38.152194] dump_stack+0x1c9/0x2b4
[ 38.155820] ? dump_stack_print_info.cold.2+0x52/0x52
[ 38.161024] ? lock_downgrade+0x8f0/0x8f0
[ 38.165189] ? __schedule+0xf54/0x1df0
[ 38.169082] panic+0x238/0x4e7
[ 38.172272] ? add_taint.cold.5+0x16/0x16
[ 38.176426] ? print_shadow_for_address+0xba/0x116
[ 38.181355] ? trace_hardirqs_off+0xaf/0x2b0
[ 38.185764] ? trace_hardirqs_off+0x77/0x2b0
[ 38.190178] ? __schedule+0xf54/0x1df0
[ 38.194065] kasan_end_report+0x47/0x4f
[ 38.198047] kasan_report.cold.7+0x76/0x30d
[ 38.202372] __asan_report_load8_noabort+0x14/0x20
[ 38.207305] __schedule+0xf54/0x1df0
[ 38.211451] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 38.216553] ? __sched_text_start+0x8/0x8
[ 38.220700] ? __call_srcu+0x7e7/0x1040
[ 38.224680] ? check_same_owner+0x340/0x340
[ 38.228997] ? mark_held_locks+0x160/0x160
[ 38.233230] ? find_held_lock+0x36/0x1c0
[ 38.237292] preempt_schedule_common+0x22/0x60
[ 38.241886] _cond_resched+0x1d/0x30
[ 38.245599] wait_for_completion+0xa5/0x8d0
[ 38.249926] ? wait_for_completion_interruptible+0x950/0x950
[ 38.255723] ? __lockdep_init_map+0x105/0x590
[ 38.260222] ? __init_waitqueue_head+0x9e/0x150
[ 38.264890] ? init_wait_entry+0x1c0/0x1c0
[ 38.269126] __synchronize_srcu+0x189/0x240
[ 38.273443] ? call_srcu+0x10/0x10
[ 38.276982] ? rcu_unexpedite_gp+0x20/0x20
[ 38.281232] synchronize_srcu+0x335/0x56f
[ 38.285381] ? lock_downgrade+0x8f0/0x8f0
[ 38.289527] ? synchronize_srcu_expedited+0x20/0x20
[ 38.294541] ? kasan_check_read+0x11/0x20
[ 38.298685] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 38.303269] ? kasan_check_write+0x14/0x20
[ 38.307505] ? do_raw_spin_lock+0xc1/0x200
[ 38.311743] kvm_page_track_unregister_notifier+0x17d/0x250
[ 38.317453] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 38.322914] ? kvfree+0x61/0x70
[ 38.326705] ? rcu_read_lock_sched_held+0x108/0x120
[ 38.331722] kvm_mmu_uninit_vm+0x1c/0x20
[ 38.335783] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 38.340193] ? kvm_arch_sync_events+0x30/0x30
[ 38.344694] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 38.350233] ? mmu_notifier_unregister+0x474/0x600
[ 38.355158] ? trace_hardirqs_on+0x2c0/0x2c0
[ 38.359577] ? kfree+0x111/0x210
[ 38.362947] ? __mmu_notifier_register+0x30/0x30
[ 38.367708] ? __free_pages+0x10a/0x190
[ 38.371687] ? free_unref_page+0x930/0x930
[ 38.375937] kvm_put_kvm+0x73f/0x1060
[ 38.379746] ? kvm_write_guest_cached+0x40/0x40
[ 38.384425] ? _raw_spin_unlock_irq+0x27/0x70
[ 38.388928] ? _raw_spin_unlock_irq+0x27/0x70
[ 38.393427] ? lockdep_hardirqs_on+0x421/0x5c0
[ 38.398018] ? kasan_check_write+0x14/0x20
[ 38.402255] ? do_raw_spin_lock+0xc1/0x200
[ 38.406490] ? kvm_irqfd_release+0xdd/0x120
[ 38.410806] ? kvm_irqfd_release+0xdd/0x120
[ 38.415142] ? kvm_put_kvm+0x1060/0x1060
[ 38.419207] kvm_vm_release+0x42/0x50
[ 38.423033] __fput+0x38a/0xa40
[ 38.426310] ? __alloc_file+0x400/0x400
[ 38.430285] ? check_same_owner+0x340/0x340
[ 38.434893] ? kasan_check_write+0x14/0x20
[ 38.439127] ? do_raw_spin_lock+0xc1/0x200
[ 38.443362] ____fput+0x15/0x20
[ 38.446643] task_work_run+0x1e8/0x2a0
[ 38.450529] ? task_work_cancel+0x240/0x240
[ 38.454854] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 38.460390] ? switch_task_namespaces+0xa2/0xd0
[ 38.465055] do_exit+0x1ae4/0x26e0
[ 38.468595] ? mm_update_next_owner+0x9a0/0x9a0
[ 38.473272] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 38.477505] ? rcu_read_lock_sched_held+0x108/0x120
[ 38.482525] ? kfree+0x1d7/0x210
[ 38.485895] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 38.490128] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 38.495856] ? is_bpf_text_address+0xd7/0x170
[ 38.500351] ? kernel_text_address+0x79/0xf0
[ 38.504759] ? __kernel_text_address+0xd/0x40
[ 38.509255] ? unwind_get_return_address+0x61/0xa0
[ 38.514183] ? __save_stack_trace+0x8d/0xf0
[ 38.518509] ? save_stack+0xa9/0xd0
[ 38.522135] ? save_stack+0x43/0xd0
[ 38.525766] ? __kasan_slab_free+0x11a/0x170
[ 38.530953] ? kasan_slab_free+0xe/0x10
[ 38.534927] ? putname+0xf2/0x130
[ 38.538379] ? __x64_sys_openat+0x9d/0x100
[ 38.542614] ? do_syscall_64+0x1b9/0x820
[ 38.546676] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 38.552044] ? trace_hardirqs_off+0xb8/0x2b0
[ 38.556453] ? kasan_check_read+0x11/0x20
[ 38.560606] ? do_raw_spin_unlock+0xa7/0x2f0
[ 38.565011] ? trace_hardirqs_on+0x2c0/0x2c0
[ 38.569418] ? initcall_blacklisted+0x9a/0x1e0
[ 38.574003] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 38.579112] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 38.584827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 38.590373] ? do_vfs_ioctl+0x201/0x1720
[ 38.594438] ? rcu_is_watching+0x8c/0x150
[ 38.598586] ? trace_hardirqs_on+0xbd/0x2c0
[ 38.602910] ? ioctl_preallocate+0x300/0x300
[ 38.607348] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 38.612904] ? __fget_light+0x2f7/0x440
[ 38.616888] ? fget_raw+0x20/0x20
[ 38.620339] ? putname+0xf2/0x130
[ 38.623800] ? rcu_read_lock_sched_held+0x108/0x120
[ 38.628822] ? kmem_cache_free+0x246/0x280
[ 38.633059] ? putname+0xf7/0x130
[ 38.636517] do_group_exit+0x177/0x440
[ 38.640402] ? trace_hardirqs_on+0xbd/0x2c0
[ 38.644722] ? __ia32_sys_exit+0x50/0x50
[ 38.648781] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 38.653898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 38.659526] ? ksys_ioctl+0x81/0xd0
[ 38.663159] __x64_sys_exit_group+0x3e/0x50
[ 38.667484] do_syscall_64+0x1b9/0x820
[ 38.671376] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 38.676748] ? syscall_return_slowpath+0x5e0/0x5e0
[ 38.681676] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 38.686518] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 38.691532] ? prepare_exit_to_usermode+0x291/0x3b0
[ 38.696552] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 38.701396] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 38.706582] RIP: 0033:0x43f028
[ 38.709772] Code: Bad RIP value.
[ 38.713128] RSP: 002b:00007fffa7ed27c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 38.720835] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028
[ 38.728104] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 38.735371] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 38.742639] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 38.749905] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[ 38.757183]
[ 38.757189] ======================================================
[ 38.757194] WARNING: possible circular locking dependency detected
[ 38.757198] 4.19.0-rc2+ #220 Not tainted
[ 38.757204] ------------------------------------------------------
[ 38.757208] syz-executor057/4691 is trying to acquire lock:
[ 38.757212] 00000000e3f86942 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 38.757226]
[ 38.757230] but task is already holding lock:
[ 38.757233] 00000000ad4f18fa (report_lock){....}, at: kasan_report+0x8e/0x110
[ 38.757247]
[ 38.757251] which lock already depends on the new lock.
[ 38.757254]
[ 38.757256]
[ 38.757261] the existing dependency chain (in reverse order) is:
[ 38.757263]
[ 38.757265] -> #3 (report_lock){....}:
[ 38.757279] _raw_spin_lock_irqsave+0x96/0xc0
[ 38.757283] kasan_report+0x8e/0x110
[ 38.757287] __asan_report_load8_noabort+0x14/0x20
[ 38.757291] __schedule+0xf54/0x1df0
[ 38.757295] preempt_schedule_common+0x22/0x60
[ 38.757299] _cond_resched+0x1d/0x30
[ 38.757303] wait_for_completion+0xa5/0x8d0
[ 38.757307] __synchronize_srcu+0x189/0x240
[ 38.757311] synchronize_srcu+0x335/0x56f
[ 38.757316] kvm_page_track_unregister_notifier+0x17d/0x250
[ 38.757320] kvm_mmu_uninit_vm+0x1c/0x20
[ 38.757324] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 38.757328] kvm_put_kvm+0x73f/0x1060
[ 38.757332] kvm_vm_release+0x42/0x50
[ 38.757335] __fput+0x38a/0xa40
[ 38.757338] ____fput+0x15/0x20
[ 38.757342] task_work_run+0x1e8/0x2a0
[ 38.757346] do_exit+0x1ae4/0x26e0
[ 38.757349] do_group_exit+0x177/0x440
[ 38.757353] __x64_sys_exit_group+0x3e/0x50
[ 38.757358] do_syscall_64+0x1b9/0x820
[ 38.757363] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 38.757365]
[ 38.757367] -> #2 (&rq->lock){-.-.}:
[ 38.757381] _raw_spin_lock+0x2a/0x40
[ 38.757384] task_fork_fair+0x93/0x680
[ 38.757388] sched_fork+0x44b/0xbd0
[ 38.757392] copy_process+0x235e/0x7ad0
[ 38.757395] _do_fork+0x1ca/0x1170
[ 38.757399] kernel_thread+0x34/0x40
[ 38.757402] rest_init+0x22/0xe4
[ 38.757406] start_kernel+0x913/0x94e
[ 38.757411] x86_64_start_reservations+0x29/0x2b
[ 38.757415] x86_64_start_kernel+0x76/0x79
[ 38.757419] secondary_startup_64+0xa4/0xb0
[ 38.757421]
[ 38.757423] -> #1 (&p->pi_lock){-.-.}:
[ 38.757437] _raw_spin_lock_irqsave+0x96/0xc0
[ 38.757441] try_to_wake_up+0xd2/0x1250
[ 38.757445] wake_up_process+0x10/0x20
[ 38.757448] __up.isra.1+0x1c0/0x2a0
[ 38.757451] up+0x13c/0x1c0
[ 38.757455] __up_console_sem+0xbe/0x1b0
[ 38.757459] console_unlock+0x506/0x10d0
[ 38.757463] vprintk_emit+0x33a/0x910
[ 38.757467] vprintk_default+0x28/0x30
[ 38.757470] vprintk_func+0x7a/0x117
[ 38.757474] printk+0xa7/0xcf
[ 38.757477] load_umh+0x51/0xbd
[ 38.757481] do_one_initcall+0x127/0x838
[ 38.757485] kernel_init_freeable+0x4bb/0x5ae
[ 38.757489] kernel_init+0x11/0x1b3
[ 38.757492] ret_from_fork+0x3a/0x50
[ 38.757494]
[ 38.757497] -> #0 ((console_sem).lock){-...}:
[ 38.757511] lock_acquire+0x1e4/0x4f0
[ 38.757515] _raw_spin_lock_irqsave+0x96/0xc0
[ 38.757518] down_trylock+0x13/0x70
[ 38.757523] __down_trylock_console_sem+0xae/0x200
[ 38.757526] console_trylock+0x15/0xa0
[ 38.757530] vprintk_emit+0x31f/0x910
[ 38.757534] vprintk_default+0x28/0x30
[ 38.757538] vprintk_func+0x7a/0x117
[ 38.757541] printk+0xa7/0xcf
[ 38.757545] kasan_report+0x9e/0x110
[ 38.757549] __asan_report_load8_noabort+0x14/0x20
[ 38.757553] __schedule+0xf54/0x1df0
[ 38.757557] preempt_schedule_common+0x22/0x60
[ 38.757560] _cond_resched+0x1d/0x30
[ 38.757564] wait_for_completion+0xa5/0x8d0
[ 38.757568] __synchronize_srcu+0x189/0x240
[ 38.757572] synchronize_srcu+0x335/0x56f
[ 38.757577] kvm_page_track_unregister_notifier+0x17d/0x250
[ 38.757581] kvm_mmu_uninit_vm+0x1c/0x20
[ 38.757585] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 38.757589] kvm_put_kvm+0x73f/0x1060
[ 38.757593] kvm_vm_release+0x42/0x50
[ 38.757596] __fput+0x38a/0xa40
[ 38.757599] ____fput+0x15/0x20
[ 38.757603] task_work_run+0x1e8/0x2a0
[ 38.757607] do_exit+0x1ae4/0x26e0
[ 38.757611] do_group_exit+0x177/0x440
[ 38.757615] __x64_sys_exit_group+0x3e/0x50
[ 38.757618] do_syscall_64+0x1b9/0x820
[ 38.757623] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 38.757625]
[ 38.757629] other info that might help us debug this:
[ 38.757645]
[ 38.757648] Chain exists of:
[ 38.757650] (console_sem).lock --> &rq->lock --> report_lock
[ 38.757667]
[ 38.757670] Possible unsafe locking scenario:
[ 38.757672]
[ 38.757688] CPU0 CPU1
[ 38.757692] ---- ----
[ 38.757694] lock(report_lock);
[ 38.757702] lock(&rq->lock);
[ 38.757711] lock(report_lock);
[ 38.757730] lock((console_sem).lock);
[ 38.757749]
[ 38.757752] *** DEADLOCK ***
[ 38.757754]
[ 38.757758] 2 locks held by syz-executor057/4691:
[ 38.757760] #0: 00000000609df65a (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[ 38.757775] #1: 00000000ad4f18fa (report_lock){....}, at: kasan_report+0x8e/0x110
[ 38.757791]
[ 38.757793] stack backtrace:
[ 38.757799] CPU: 0 PID: 4691 Comm: syz-executor057 Not tainted 4.19.0-rc2+ #220
[ 38.757805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 38.757808] Call Trace:
[ 38.757812] dump_stack+0x1c9/0x2b4
[ 38.757816] ? dump_stack_print_info.cold.2+0x52/0x52
[ 38.757819] ? vprintk_func+0x100/0x117
[ 38.757824] print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[ 38.757839] ? save_trace+0xe0/0x290
[ 38.757843] __lock_acquire+0x3449/0x5020
[ 38.757847] ? mark_held_locks+0x160/0x160
[ 38.757856] ? mark_held_locks+0x160/0x160
[ 38.757861] ? rcu_cleanup_dead_rnp+0x200/0x200
[ 38.757865] ? is_bpf_text_address+0xd7/0x170
[ 38.757868] ? kernel_text_address+0x79/0xf0
[ 38.757872] ? __kernel_text_address+0xd/0x40
[ 38.757876] ? __save_stack_trace+0x8d/0xf0
[ 38.757892] ? add_lock_to_list.isra.27+0x1ec/0x4b0
[ 38.757896] ? save_trace+0x290/0x290
[ 38.757900] ? save_stack_trace+0x1a/0x20
[ 38.757904] ? save_trace+0xe0/0x290
[ 38.757907] ? graph_lock+0x170/0x170
[ 38.757912] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 38.757916] lock_acquire+0x1e4/0x4f0
[ 38.757919] ? down_trylock+0x13/0x70
[ 38.757923] ? lock_release+0x9f0/0x9f0
[ 38.757927] ? trace_hardirqs_off+0xb8/0x2b0
[ 38.757931] ? trace_hardirqs_on+0x2c0/0x2c0
[ 38.757935] ? trace_hardirqs_off+0xb8/0x2b0
[ 38.757939] ? log_store+0x34f/0x4c0
[ 38.757943] ? vprintk_emit+0x31f/0x910
[ 38.757947] _raw_spin_lock_irqsave+0x96/0xc0
[ 38.757951] ? down_trylock+0x13/0x70
[ 38.757954] down_trylock+0x13/0x70
[ 38.757959] __down_trylock_console_sem+0xae/0x200
[ 38.757962] console_trylock+0x15/0xa0
[ 38.757966] vprintk_emit+0x31f/0x910
[ 38.757970] ? wake_up_klogd+0x110/0x110
[ 38.757974] ? run_rebalance_domains+0x4c0/0x4c0
[ 38.757978] ? kasan_check_read+0x11/0x20
[ 38.757982] ? rcu_is_watching+0x8c/0x150
[ 38.757986] ? rcu_pm_notify+0xc0/0xc0
[ 38.757990] ? lock_acquire+0x1e4/0x4f0
[ 38.757994] ? kasan_report+0x8e/0x110
[ 38.757997] ? __schedule+0xf54/0x1df0
[ 38.758001] vprintk_default+0x28/0x30
[ 38.758005] vprintk_func+0x7a/0x117
[ 38.758008] printk+0xa7/0xcf
[ 38.758012] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 38.758016] ? kasan_check_write+0x14/0x20
[ 38.758020] ? do_raw_spin_lock+0xc1/0x200
[ 38.758024] ? do_raw_spin_lock+0xc1/0x200
[ 38.758028] kasan_report+0x9e/0x110
[ 38.758032] __asan_report_load8_noabort+0x14/0x20
[ 38.758036] __schedule+0xf54/0x1df0
[ 38.758040] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 38.758044] ? __sched_text_start+0x8/0x8
[ 38.758048] ? __call_srcu+0x7e7/0x1040
[ 38.758052] ? check_same_owner+0x340/0x340
[ 38.758056] ? mark_held_locks+0x160/0x160
[ 38.758060] ? find_held_lock+0x36/0x1c0
[ 38.758064] preempt_schedule_common+0x22/0x60
[ 38.758067] _cond_resched+0x1d/0x30
[ 38.758071] wait_for_completion+0xa5/0x8d0
[ 38.758076] ? wait_for_completion_interruptible+0x950/0x950
[ 38.758080] ? __lockdep_init_map+0x105/0x590
[ 38.758085] ? __init_waitqueue_head+0x9e/0x150
[ 38.758089] ? init_wait_entry+0x1c0/0x1c0
[ 38.758093] __synchronize_srcu+0x189/0x240
[ 38.758096] ? call_srcu+0x10/0x10
[ 38.758100] ? rcu_unexpedite_gp+0x20/0x20
[ 38.758104] synchronize_srcu+0x335/0x56f
[ 38.758108] ? lock_downgrade+0x8f0/0x8f0
[ 38.758113] ? synchronize_srcu_expedited+0x20/0x20
[ 38.758117] ? kasan_check_read+0x11/0x20
[ 38.758121] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 38.758125] ? kasan_check_write+0x14/0x20
[ 38.758129] ? do_raw_spin_lock+0xc1/0x200
[ 38.758134] kvm_page_track_unregister_notifier+0x17d/0x250
[ 38.758138] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 38.758142] ? kvfree+0x61/0x70
[ 38.758146] ? rcu_read_lock_sched_held+0x108/0x120
[ 38.758150] kvm_mmu_uninit_vm+0x1c/0x20
[ 38.758154] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 38.758158] ? kvm_arch_sync_events+0x30/0x30
[ 38.758163] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 38.758167] ? mmu_notifier_unregister+0x474/0x600
[ 38.758171] ? trace_hardirqs_on+0x2c0/0x2c0
[ 38.758175] ? kfree+0x111/0x210
[ 38.758179] ? __mmu_notifier_register+0x30/0x30
[ 38.758183] ? __free_pages+0x10a/0x190
[ 38.758187] ? free_unref_page+0x930/0x930
[ 38.758191] kvm_put_kvm+0x73f/0x1060
[ 38.758195] ? kvm_write_guest_cached+0x40/0x40
[ 38.758199] ? _raw_spin_unlock_irq+0x27/0x70
[ 38.758203] ? _raw_spin_unlock_irq+0x27/0x70
[ 38.758208] ? lockdep_hardirqs_on+0x421/0x5c0
[ 38.758211] ? kasan_check_write+0x14/0x20
[ 38.758216] ? do_raw_spin_lock+0xc1/0x200
[ 38.758220] ? kvm_irqfd_release+0xdd/0x120
[ 38.758224] ? kvm_irqfd_release+0xdd/0x120
[ 38.758227] ? kvm_put_kvm+0x1060/0x1060
[ 38.758231] kvm_vm_release+0x42/0x50
[ 38.758235] __fput+0x38a/0xa40
[ 38.758238] ? __alloc_file+0x400/0x400
[ 38.758242] ? check_same_owner+0x340/0x340
[ 38.758246] ? kasan_check_write+0x14/0x20
[ 38.758250] ? do_raw_spin_lock+0xc1/0x200
[ 38.758254] ____fput+0x15/0x20
[ 38.758257] task_work_run+0x1e8/0x2a0
[ 38.758261] ? task_work_cancel+0x240/0x240
[ 38.758266] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 38.758270] ? switch_task_namespaces+0xa2/0xd0
[ 38.758274] do_exit+0x1ae4/0x26e0
[ 38.758278] ? mm_update_next_owner+0x9a0/0x9a0
[ 38.758282] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 38.758286] ? rcu_read_lock_sched_held+0x108/0x120
[ 38.758290] ? kfree+0x1d7/0x210
[ 38.758294] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 38.758298] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 38.758303] ? is_bpf_text_address+0xd7/0x170
[ 38.758305] ?
[ 38.758312] Lost 54 message(s)!
[ 39.821714] Shutting down cpus with NMI
[ 40.881630] Dumping ftrace buffer:
[ 40.885156] (ftrace buffer empty)
[ 40.888841] Kernel Offset: disabled
[ 40.892455] Rebooting in 86400 seconds..