[....] Starting OpenBSD Secure Shell server: sshd[ 26.509782] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 30.330164] random: sshd: uninitialized urandom read (32 bytes read)
[ 30.740580] sshd (5366) used greatest stack depth: 16760 bytes left
[ 30.764009] random: sshd: uninitialized urandom read (32 bytes read)
[ 31.412688] random: sshd: uninitialized urandom read (32 bytes read)
[ 31.635842] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts.
[ 37.190525] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 37.328402] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 37.354027] ==================================================================
[ 37.364183] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0
[ 37.374789] Read of size 8 at addr ffff8801bacd0058 by task syz-executor664/5383
[ 37.382318]
[ 37.383955] CPU: 1 PID: 5383 Comm: syz-executor664 Not tainted 4.19.0-rc3+ #231
[ 37.391395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 37.400744] Call Trace:
[ 37.403338] dump_stack+0x1c4/0x2b4
[ 37.406981] ? dump_stack_print_info.cold.2+0x52/0x52
[ 37.412185] ? printk+0xa7/0xcf
[ 37.415474] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 37.420255] print_address_description.cold.8+0x9/0x1ff
[ 37.425620] kasan_report.cold.9+0x242/0x309
[ 37.430033] ? __schedule+0xfc3/0x1ed0
[ 37.433927] __asan_report_load8_noabort+0x14/0x20
[ 37.438869] __schedule+0xfc3/0x1ed0
[ 37.442593] ? __sched_text_start+0x8/0x8
[ 37.446747] ? __lock_is_held+0xb5/0x140
[ 37.450808] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 37.455913] ? find_held_lock+0x36/0x1c0
[ 37.459984] ? __call_srcu+0x7f9/0x1070
[ 37.463975] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 37.469178] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 37.474304] ? lockdep_hardirqs_on+0x421/0x5c0
[ 37.482696] ? preempt_schedule+0x4d/0x60
[ 37.486853] preempt_schedule_common+0x1f/0xd0
[ 37.491443] preempt_schedule+0x4d/0x60
[ 37.495416] ___preempt_schedule+0x16/0x18
[ 37.499657] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 37.504615] __call_srcu+0x7f9/0x1070
[ 37.508421] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 37.513530] ? srcu_offline_cpu+0x120/0x120
[ 37.517854] ? debug_object_free+0x690/0x690
[ 37.522348] ? mark_held_locks+0x130/0x130
[ 37.530959] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 37.535547] ? lock_release+0x970/0x970
[ 37.539526] ? arch_local_save_flags+0x40/0x40
[ 37.544107] ? depot_save_stack+0x292/0x470
[ 37.548433] ? __lockdep_init_map+0x105/0x590
[ 37.552941] ? __init_waitqueue_head+0x9e/0x150
[ 37.557629] ? init_wait_entry+0x1c0/0x1c0
[ 37.561884] __synchronize_srcu+0x17b/0x230
[ 37.566232] ? call_srcu+0x10/0x10
[ 37.569786] ? rcu_unexpedite_gp+0x20/0x20
[ 37.574047] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 37.579586] ? check_preemption_disabled+0x48/0x200
[ 37.584603] synchronize_srcu+0x356/0x5ab
[ 37.589249] ? lock_downgrade+0x900/0x900
[ 37.593396] ? synchronize_srcu_expedited+0x20/0x20
[ 37.598416] ? kasan_check_read+0x11/0x20
[ 37.602563] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 37.607146] ? kasan_check_write+0x14/0x20
[ 37.611377] ? do_raw_spin_lock+0xc1/0x200
[ 37.616076] kvm_page_track_unregister_notifier+0x17d/0x250
[ 37.621875] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 37.627324] ? kvfree+0x61/0x70
[ 37.630599] ? rcu_read_lock_sched_held+0x108/0x120
[ 37.635612] kvm_mmu_uninit_vm+0x1c/0x20
[ 37.639679] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 37.644793] ? kvm_arch_sync_events+0x30/0x30
[ 37.653536] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 37.659088] ? mmu_notifier_unregister+0x474/0x600
[ 37.664070] ? kfree+0x107/0x230
[ 37.667451] ? __mmu_notifier_register+0x30/0x30
[ 37.672218] ? __free_pages+0x10a/0x190
[ 37.676191] ? free_unref_page+0x960/0x960
[ 37.680448] kvm_put_kvm+0x6c8/0xff0
[ 37.684166] ? kvm_write_guest_cached+0x40/0x40
[ 37.688834] ? kvm_irqfd_release+0xd1/0x120
[ 37.693155] ? _raw_spin_unlock_irq+0x27/0x80
[ 37.697647] ? _raw_spin_unlock_irq+0x27/0x80
[ 37.702159] ? kasan_check_write+0x14/0x20
[ 37.706387] ? do_raw_spin_lock+0xc1/0x200
[ 37.715226] ? kvm_irqfd_release+0xdd/0x120
[ 37.719549] ? kvm_irqfd_release+0xdd/0x120
[ 37.723872] ? kvm_put_kvm+0xff0/0xff0
[ 37.727754] kvm_vm_release+0x42/0x50
[ 37.731552] __fput+0x385/0xa30
[ 37.734833] ? get_max_files+0x20/0x20
[ 37.738717] ? trace_hardirqs_on+0xbd/0x310
[ 37.743045] ? ___might_sleep+0x1ed/0x300
[ 37.747188] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 37.752646] ? arch_local_save_flags+0x40/0x40
[ 37.757236] ? kasan_check_write+0x14/0x20
[ 37.761476] ? do_raw_spin_lock+0xc1/0x200
[ 37.765707] ____fput+0x15/0x20
[ 37.768987] task_work_run+0x1e8/0x2a0
[ 37.772880] ? task_work_cancel+0x240/0x240
[ 37.777204] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 37.782754] ? switch_task_namespaces+0x9d/0xd0
[ 37.787425] do_exit+0x1ad7/0x2610
[ 37.790978] ? mm_update_next_owner+0x990/0x990
[ 37.795659] ? kvm_vcpu_ioctl+0x29c/0x1150
[ 37.799897] ? rcu_read_lock_sched_held+0x108/0x120
[ 37.804913] ? kfree+0x1fa/0x230
[ 37.808283] ? kvm_vcpu_ioctl+0x2a1/0x1150
[ 37.812518] ? kvm_vcpu_block+0x1030/0x1030
[ 37.816843] ? is_bpf_text_address+0xd3/0x170
[ 37.821358] ? kernel_text_address+0x79/0xf0
[ 37.825771] ? __kernel_text_address+0xd/0x40
[ 37.834293] ? unwind_get_return_address+0x61/0xa0
[ 37.839233] ? __save_stack_trace+0x8d/0xf0
[ 37.843566] ? save_stack+0xa9/0xd0
[ 37.847189] ? save_stack+0x43/0xd0
[ 37.850823] ? __kasan_slab_free+0x102/0x150
[ 37.855233] ? kasan_slab_free+0xe/0x10
[ 37.859205] ? putname+0xf2/0x130
[ 37.862673] ? __x64_sys_openat+0x9d/0x100
[ 37.866906] ? do_syscall_64+0x1b9/0x820
[ 37.870970] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 37.876339] ? trace_hardirqs_off+0xb8/0x310
[ 37.880748] ? kasan_check_read+0x11/0x20
[ 37.884907] ? do_raw_spin_unlock+0xa7/0x2f0
[ 37.892745] ? trace_hardirqs_on+0x310/0x310
[ 37.897156] ? __bpf_trace_initcall_finish+0x2a/0x30
[ 37.902259] ? trace_hardirqs_off+0xb8/0x310
[ 37.906669] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 37.912216] ? check_preemption_disabled+0x48/0x200
[ 37.917238] ? check_preemption_disabled+0x48/0x200
[ 37.922260] ? kvm_vcpu_block+0x1030/0x1030
[ 37.926587] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 37.932126] ? do_vfs_ioctl+0x201/0x1720
[ 37.936188] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[ 37.941479] ? ioctl_preallocate+0x300/0x300
[ 37.945889] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 37.954890] ? __fget_light+0x2e9/0x430
[ 37.958864] ? fget_raw+0x20/0x20
[ 37.962316] ? putname+0xf2/0x130
[ 37.965769] ? rcu_read_lock_sched_held+0x108/0x120
[ 37.970785] ? kmem_cache_free+0x24f/0x290
[ 37.975023] ? putname+0xf7/0x130
[ 37.978484] do_group_exit+0x177/0x440
[ 37.982378] ? trace_hardirqs_on+0xbd/0x310
[ 37.986702] ? __ia32_sys_exit+0x50/0x50
[ 37.990761] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 37.996219] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 38.001755] ? ksys_ioctl+0x81/0xd0
[ 38.005385] __x64_sys_exit_group+0x3e/0x50
[ 38.009707] do_syscall_64+0x1b9/0x820
[ 38.013594] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 38.018962] ? syscall_return_slowpath+0x5e0/0x5e0
[ 38.023890] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 38.028737] ? trace_hardirqs_on_caller+0x310/0x310
[ 38.033959] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 38.038979] ? prepare_exit_to_usermode+0x291/0x3b0
[ 38.048075] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 38.052925] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 38.058113] RIP: 0033:0x43f028
[ 38.061308] Code: Bad RIP value.
[ 38.064666] RSP: 002b:00007ffdcd44de48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 38.072376] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028
[ 38.079668] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 38.086936] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 38.094202] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 38.101477] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[ 38.108751]
[ 38.110379] Allocated by task 5383:
[ 38.115530] save_stack+0x43/0xd0
[ 38.118982] kasan_kmalloc+0xc7/0xe0
[ 38.122698] kasan_slab_alloc+0x12/0x20
[ 38.126669] kmem_cache_alloc+0x12e/0x730
[ 38.131342] vmx_create_vcpu+0xcf/0x25e0
[ 38.135423] kvm_arch_vcpu_create+0xe5/0x220
[ 38.139825] kvm_vm_ioctl+0x470/0x1d40
[ 38.143714] do_vfs_ioctl+0x1de/0x1720
[ 38.148323] ksys_ioctl+0xa9/0xd0
[ 38.151775] __x64_sys_ioctl+0x73/0xb0
[ 38.155662] do_syscall_64+0x1b9/0x820
[ 38.159548] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 38.165270]
[ 38.166890] Freed by task 5383:
[ 38.170165] save_stack+0x43/0xd0
[ 38.173617] __kasan_slab_free+0x102/0x150
[ 38.179269] kasan_slab_free+0xe/0x10
[ 38.183068] kmem_cache_free+0x83/0x290
[ 38.187048] vmx_free_vcpu+0x26b/0x300
[ 38.190936] kvm_arch_destroy_vm+0x365/0x7c0
[ 38.198607] kvm_put_kvm+0x6c8/0xff0
[ 38.203520] kvm_vm_release+0x42/0x50
[ 38.207321] __fput+0x385/0xa30
[ 38.210600] ____fput+0x15/0x20
[ 38.213880] task_work_run+0x1e8/0x2a0
[ 38.217768] do_exit+0x1ad7/0x2610
[ 38.221309] do_group_exit+0x177/0x440
[ 38.225200] __x64_sys_exit_group+0x3e/0x50
[ 38.229535] do_syscall_64+0x1b9/0x820
[ 38.233895] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 38.239072]
[ 38.240700] The buggy address belongs to the object at ffff8801bacd0040
[ 38.240700] which belongs to the cache kvm_vcpu of size 23872
[ 38.255901] The buggy address is located 24 bytes inside of
[ 38.255901] 23872-byte region [ffff8801bacd0040, ffff8801bacd5d80)
[ 38.268617] The buggy address belongs to the page:
[ 38.274044] page:ffffea0006eb3400 count:1 mapcount:0 mapping:ffff8801d78a4480 index:0x0 compound_mapcount: 0
[ 38.284856] flags: 0x2fffc0000008100(slab|head)
[ 38.290040] raw: 02fffc0000008100 ffff8801d5a8bb48 ffff8801d5a8bb48 ffff8801d78a4480
[ 38.301873] raw: 0000000000000000 ffff8801bacd0040 0000000100000001 0000000000000000
[ 38.309744] page dumped because: kasan: bad access detected
[ 38.315445]
[ 38.317062] Memory state around the buggy address:
[ 38.321990] ffff8801baccff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 38.329357] ffff8801baccff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 38.336714] >ffff8801bacd0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 38.344065] ^
[ 38.350292] ffff8801bacd0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.358068] ffff8801bacd0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.369389] ==================================================================
[ 38.376772] Kernel panic - not syncing: panic_on_warn set ...
[ 38.376772]
[ 38.384165] CPU: 1 PID: 5383 Comm: syz-executor664 Tainted: G B 4.19.0-rc3+ #231
[ 38.393003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 38.402805] Call Trace:
[ 38.405403] dump_stack+0x1c4/0x2b4
[ 38.409052] ? dump_stack_print_info.cold.2+0x52/0x52
[ 38.414254] ? lock_downgrade+0x900/0x900
[ 38.418406] panic+0x238/0x4e7
[ 38.421622] ? add_taint.cold.5+0x16/0x16
[ 38.425776] ? print_shadow_for_address+0xb6/0x116
[ 38.430707] ? trace_hardirqs_off+0xaf/0x310
[ 38.435123] kasan_end_report+0x47/0x4f
[ 38.439117] kasan_report.cold.9+0x76/0x309
[ 38.443445] ? __schedule+0xfc3/0x1ed0
[ 38.447339] __asan_report_load8_noabort+0x14/0x20
[ 38.452268] __schedule+0xfc3/0x1ed0
[ 38.455992] ? __sched_text_start+0x8/0x8
[ 38.460148] ? __lock_is_held+0xb5/0x140
[ 38.464220] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 38.469333] ? find_held_lock+0x36/0x1c0
[ 38.473403] ? __call_srcu+0x7f9/0x1070
[ 38.477389] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 38.482506] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 38.487878] ? lockdep_hardirqs_on+0x421/0x5c0
[ 38.496068] ? preempt_schedule+0x4d/0x60
[ 38.500902] preempt_schedule_common+0x1f/0xd0
[ 38.505503] preempt_schedule+0x4d/0x60
[ 38.509486] ___preempt_schedule+0x16/0x18
[ 38.513742] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 38.518679] __call_srcu+0x7f9/0x1070
[ 38.522488] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 38.527609] ? srcu_offline_cpu+0x120/0x120
[ 38.531941] ? debug_object_free+0x690/0x690
[ 38.536359] ? mark_held_locks+0x130/0x130
[ 38.540596] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 38.545181] ? lock_release+0x970/0x970
[ 38.549163] ? arch_local_save_flags+0x40/0x40
[ 38.553746] ? depot_save_stack+0x292/0x470
[ 38.558074] ? __lockdep_init_map+0x105/0x590
[ 38.562578] ? __init_waitqueue_head+0x9e/0x150
[ 38.567249] ? init_wait_entry+0x1c0/0x1c0
[ 38.571998] __synchronize_srcu+0x17b/0x230
[ 38.576341] ? call_srcu+0x10/0x10
[ 38.579895] ? rcu_unexpedite_gp+0x20/0x20
[ 38.584151] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 38.589707] ? check_preemption_disabled+0x48/0x200
[ 38.594744] synchronize_srcu+0x356/0x5ab
[ 38.598902] ? lock_downgrade+0x900/0x900
[ 38.603057] ? synchronize_srcu_expedited+0x20/0x20
[ 38.608083] ? kasan_check_read+0x11/0x20
[ 38.612256] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 38.616842] ? kasan_check_write+0x14/0x20
[ 38.621095] ? do_raw_spin_lock+0xc1/0x200
[ 38.625336] kvm_page_track_unregister_notifier+0x17d/0x250
[ 38.631055] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 38.640340] ? kvfree+0x61/0x70
[ 38.643627] ? rcu_read_lock_sched_held+0x108/0x120
[ 38.648648] kvm_mmu_uninit_vm+0x1c/0x20
[ 38.652710] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 38.657120] ? kvm_arch_sync_events+0x30/0x30
[ 38.661892] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 38.667432] ? mmu_notifier_unregister+0x474/0x600
[ 38.672361] ? kfree+0x107/0x230
[ 38.675731] ? __mmu_notifier_register+0x30/0x30
[ 38.680499] ? __free_pages+0x10a/0x190
[ 38.684480] ? free_unref_page+0x960/0x960
[ 38.688726] kvm_put_kvm+0x6c8/0xff0
[ 38.692451] ? kvm_write_guest_cached+0x40/0x40
[ 38.697124] ? kvm_irqfd_release+0xd1/0x120
[ 38.701446] ? _raw_spin_unlock_irq+0x27/0x80
[ 38.705942] ? _raw_spin_unlock_irq+0x27/0x80
[ 38.710448] ? kasan_check_write+0x14/0x20
[ 38.714683] ? do_raw_spin_lock+0xc1/0x200
[ 38.718925] ? kvm_irqfd_release+0xdd/0x120
[ 38.723250] ? kvm_irqfd_release+0xdd/0x120
[ 38.727572] ? kvm_put_kvm+0xff0/0xff0
[ 38.731461] kvm_vm_release+0x42/0x50
[ 38.735261] __fput+0x385/0xa30
[ 38.738543] ? get_max_files+0x20/0x20
[ 38.742430] ? trace_hardirqs_on+0xbd/0x310
[ 38.746751] ? ___might_sleep+0x1ed/0x300
[ 38.750896] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 38.756346] ? arch_local_save_flags+0x40/0x40
[ 38.760930] ? kasan_check_write+0x14/0x20
[ 38.765176] ? do_raw_spin_lock+0xc1/0x200
[ 38.769422] ____fput+0x15/0x20
[ 38.772703] task_work_run+0x1e8/0x2a0
[ 38.776592] ? task_work_cancel+0x240/0x240
[ 38.780919] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 38.786456] ? switch_task_namespaces+0x9d/0xd0
[ 38.795599] do_exit+0x1ad7/0x2610
[ 38.799148] ? mm_update_next_owner+0x990/0x990
[ 38.803825] ? kvm_vcpu_ioctl+0x29c/0x1150
[ 38.808062] ? rcu_read_lock_sched_held+0x108/0x120
[ 38.813078] ? kfree+0x1fa/0x230
[ 38.816446] ? kvm_vcpu_ioctl+0x2a1/0x1150
[ 38.820688] ? kvm_vcpu_block+0x1030/0x1030
[ 38.825022] ? is_bpf_text_address+0xd3/0x170
[ 38.829519] ? kernel_text_address+0x79/0xf0
[ 38.833931] ? __kernel_text_address+0xd/0x40
[ 38.838426] ? unwind_get_return_address+0x61/0xa0
[ 38.843355] ? __save_stack_trace+0x8d/0xf0
[ 38.847683] ? save_stack+0xa9/0xd0
[ 38.851310] ? save_stack+0x43/0xd0
[ 38.854934] ? __kasan_slab_free+0x102/0x150
[ 38.859340] ? kasan_slab_free+0xe/0x10
[ 38.865659] ? putname+0xf2/0x130
[ 38.869115] ? __x64_sys_openat+0x9d/0x100
[ 38.873351] ? do_syscall_64+0x1b9/0x820
[ 38.881071] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 38.886441] ? trace_hardirqs_off+0xb8/0x310
[ 38.890854] ? kasan_check_read+0x11/0x20
[ 38.895001] ? do_raw_spin_unlock+0xa7/0x2f0
[ 38.899413] ? trace_hardirqs_on+0x310/0x310
[ 38.903823] ? __bpf_trace_initcall_finish+0x2a/0x30
[ 38.908931] ? trace_hardirqs_off+0xb8/0x310
[ 38.913339] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 38.918884] ? check_preemption_disabled+0x48/0x200
[ 38.923896] ? check_preemption_disabled+0x48/0x200
[ 38.928914] ? kvm_vcpu_block+0x1030/0x1030
[ 38.933247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 38.938783] ? do_vfs_ioctl+0x201/0x1720
[ 38.942849] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[ 38.948132] ? ioctl_preallocate+0x300/0x300
[ 38.952540] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 38.958078] ? __fget_light+0x2e9/0x430
[ 38.962051] ? fget_raw+0x20/0x20
[ 38.965502] ? putname+0xf2/0x130
[ 38.968959] ? rcu_read_lock_sched_held+0x108/0x120
[ 38.973979] ? kmem_cache_free+0x24f/0x290
[ 38.978223] ? putname+0xf7/0x130
[ 38.981681] do_group_exit+0x177/0x440
[ 38.985568] ? trace_hardirqs_on+0xbd/0x310
[ 38.989892] ? __ia32_sys_exit+0x50/0x50
[ 38.993953] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 39.004001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 39.009542] ? ksys_ioctl+0x81/0xd0
[ 39.013178] __x64_sys_exit_group+0x3e/0x50
[ 39.017513] do_syscall_64+0x1b9/0x820
[ 39.021406] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 39.026771] ? syscall_return_slowpath+0x5e0/0x5e0
[ 39.031699] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 39.041236] ? trace_hardirqs_on_caller+0x310/0x310
[ 39.046260] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 39.051283] ? prepare_exit_to_usermode+0x291/0x3b0
[ 39.056305] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 39.061157] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 39.066342] RIP: 0033:0x43f028
[ 39.069533] Code: Bad RIP value.
[ 39.072896] RSP: 002b:00007ffdcd44de48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 39.081064] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028
[ 39.088333] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 39.095755] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 39.103027] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 39.110293] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[ 39.125466]
[ 39.125473] ======================================================
[ 39.125479] WARNING: possible circular locking dependency detected
[ 39.125483] 4.19.0-rc3+ #231 Not tainted
[ 39.125489] ------------------------------------------------------
[ 39.125494] syz-executor664/5383 is trying to acquire lock:
[ 39.125498] 000000002df89c56 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 39.125514]
[ 39.125519] but task is already holding lock:
[ 39.125522] 0000000007629e21 (report_lock){....}, at: kasan_report+0x8b/0x110
[ 39.125538]
[ 39.125543] which lock already depends on the new lock.
[ 39.125546]
[ 39.125549]
[ 39.125554] the existing dependency chain (in reverse order) is:
[ 39.125556]
[ 39.125559] -> #3 (report_lock){....}:
[ 39.125575] _raw_spin_lock_irqsave+0x99/0xd0
[ 39.125580] kasan_report+0x8b/0x110
[ 39.125585] __asan_report_load8_noabort+0x14/0x20
[ 39.125589] __schedule+0xfc3/0x1ed0
[ 39.125594] preempt_schedule_common+0x1f/0xd0
[ 39.125598] preempt_schedule+0x4d/0x60
[ 39.125603] ___preempt_schedule+0x16/0x18
[ 39.125607] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 39.125612] __call_srcu+0x7f9/0x1070
[ 39.125617] __synchronize_srcu+0x17b/0x230
[ 39.125621] synchronize_srcu+0x356/0x5ab
[ 39.125626] kvm_page_track_unregister_notifier+0x17d/0x250
[ 39.125631] kvm_mmu_uninit_vm+0x1c/0x20
[ 39.125636] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 39.125640] kvm_put_kvm+0x6c8/0xff0
[ 39.125644] kvm_vm_release+0x42/0x50
[ 39.125648] __fput+0x385/0xa30
[ 39.125652] ____fput+0x15/0x20
[ 39.125656] task_work_run+0x1e8/0x2a0
[ 39.125660] do_exit+0x1ad7/0x2610
[ 39.125665] do_group_exit+0x177/0x440
[ 39.125669] __x64_sys_exit_group+0x3e/0x50
[ 39.125674] do_syscall_64+0x1b9/0x820
[ 39.125679] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 39.125681]
[ 39.125684] -> #2 (&rq->lock){-.-.}:
[ 39.125699] _raw_spin_lock+0x2d/0x40
[ 39.125704] task_fork_fair+0xb0/0x6d0
[ 39.125708] sched_fork+0x443/0xba0
[ 39.125712] copy_process+0x2586/0x8780
[ 39.125716] _do_fork+0x1cb/0x11d0
[ 39.125721] kernel_thread+0x34/0x40
[ 39.125725] rest_init+0x22/0xe5
[ 39.125729] start_kernel+0x8f4/0x92f
[ 39.125734] x86_64_start_reservations+0x29/0x2b
[ 39.125738] x86_64_start_kernel+0x76/0x79
[ 39.125743] secondary_startup_64+0xa4/0xb0
[ 39.125745]
[ 39.125748] -> #1 (&p->pi_lock){-.-.}:
[ 39.125764] _raw_spin_lock_irqsave+0x99/0xd0
[ 39.125768] try_to_wake_up+0xd2/0x12f0
[ 39.125773] wake_up_process+0x10/0x20
[ 39.125777] __up.isra.1+0x1c0/0x2a0
[ 39.125781] up+0x13c/0x1c0
[ 39.125785] __up_console_sem+0xbe/0x1b0
[ 39.125790] console_unlock+0x524/0x11a0
[ 39.125794] vprintk_emit+0x33d/0x930
[ 39.125798] vprintk_default+0x28/0x30
[ 39.125802] vprintk_func+0x7e/0x181
[ 39.125806] printk+0xa7/0xcf
[ 39.125810] load_umh+0x51/0xbd
[ 39.125814] do_one_initcall+0x145/0x957
[ 39.125819] kernel_init_freeable+0x4bb/0x5ae
[ 39.125823] kernel_init+0x11/0x1b2
[ 39.125828] ret_from_fork+0x3a/0x50
[ 39.125830]
[ 39.125838] -> #0 ((console_sem).lock){-...}:
[ 39.125854] lock_acquire+0x1ed/0x520
[ 39.125859] _raw_spin_lock_irqsave+0x99/0xd0
[ 39.125863] down_trylock+0x13/0x70
[ 39.125868] __down_trylock_console_sem+0xae/0x200
[ 39.125873] console_trylock+0x15/0xa0
[ 39.125877] vprintk_emit+0x322/0x930
[ 39.125881] vprintk_default+0x28/0x30
[ 39.125886] vprintk_func+0x7e/0x181
[ 39.125890] printk+0xa7/0xcf
[ 39.125894] kasan_report+0x9b/0x110
[ 39.125899] __asan_report_load8_noabort+0x14/0x20
[ 39.125903] __schedule+0xfc3/0x1ed0
[ 39.125908] preempt_schedule_common+0x1f/0xd0
[ 39.125913] preempt_schedule+0x4d/0x60
[ 39.125917] ___preempt_schedule+0x16/0x18
[ 39.125922] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 39.125927] __call_srcu+0x7f9/0x1070
[ 39.125931] __synchronize_srcu+0x17b/0x230
[ 39.125936] synchronize_srcu+0x356/0x5ab
[ 39.125942] kvm_page_track_unregister_notifier+0x17d/0x250
[ 39.125946] kvm_mmu_uninit_vm+0x1c/0x20
[ 39.125951] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 39.125955] kvm_put_kvm+0x6c8/0xff0
[ 39.125960] kvm_vm_release+0x42/0x50
[ 39.125964] __fput+0x385/0xa30
[ 39.125968] ____fput+0x15/0x20
[ 39.125978] task_work_run+0x1e8/0x2a0
[ 39.125983] do_exit+0x1ad7/0x2610
[ 39.125987] do_group_exit+0x177/0x440
[ 39.125992] __x64_sys_exit_group+0x3e/0x50
[ 39.125996] do_syscall_64+0x1b9/0x820
[ 39.126005] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 39.126008]
[ 39.126021] other info that might help us debug this:
[ 39.126024]
[ 39.126027] Chain exists of:
[ 39.126030] (console_sem).lock --> &rq->lock --> report_lock
[ 39.126050]
[ 39.126055] Possible unsafe locking scenario:
[ 39.126058]
[ 39.126062] CPU0 CPU1
[ 39.126067] ---- ----
[ 39.126073] lock(report_lock);
[ 39.126083] lock(&rq->lock);
[ 39.126094] lock(report_lock);
[ 39.126103] lock((console_sem).lock);
[ 39.126112]
[ 39.126115] *** DEADLOCK ***
[ 39.126118]
[ 39.126123] 2 locks held by syz-executor664/5383:
[ 39.126126] #0: 00000000b7a59fc9 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0
[ 39.126145] #1: 0000000007629e21 (report_lock){....}, at: kasan_report+0x8b/0x110
[ 39.126164]
[ 39.126167] stack backtrace:
[ 39.126174] CPU: 1 PID: 5383 Comm: syz-executor664 Not tainted 4.19.0-rc3+ #231
[ 39.126182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 39.126186] Call Trace:
[ 39.126190] dump_stack+0x1c4/0x2b4
[ 39.126195] ? dump_stack_print_info.cold.2+0x52/0x52
[ 39.126200] ? vprintk_func+0x85/0x181
[ 39.126205] print_circular_bug.isra.33.cold.54+0x1bd/0x27d
[ 39.126220] ? save_trace+0xe0/0x290
[ 39.126224] __lock_acquire+0x33e4/0x4ec0
[ 39.126229] ? mark_held_locks+0x130/0x130
[ 39.126233] ? mark_held_locks+0x130/0x130
[ 39.126237] ? rcu_bh_qs+0xc0/0xc0
[ 39.126241] ? unwind_dump+0x190/0x190
[ 39.126246] ? is_bpf_text_address+0xd3/0x170
[ 39.126251] ? kernel_text_address+0x79/0xf0
[ 39.126255] ? __kernel_text_address+0xd/0x40
[ 39.126273] ? __save_stack_trace+0x8d/0xf0
[ 39.126278] ? add_lock_to_list.isra.26+0x1ec/0x4b0
[ 39.126282] ? save_trace+0x290/0x290
[ 39.126287] ? save_stack_trace+0x1a/0x20
[ 39.126291] ? save_trace+0xe0/0x290
[ 39.126296] ? kasan_check_read+0x11/0x20
[ 39.126300] ? graph_lock+0x170/0x170
[ 39.126305] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 39.126310] lock_acquire+0x1ed/0x520
[ 39.126314] ? down_trylock+0x13/0x70
[ 39.126319] ? find_held_lock+0x36/0x1c0
[ 39.126323] ? lock_release+0x970/0x970
[ 39.126328] ? trace_hardirqs_off+0xb8/0x310
[ 39.126332] ? vprintk_emit+0x1d3/0x930
[ 39.126337] ? trace_hardirqs_on+0x310/0x310
[ 39.126342] ? trace_hardirqs_off+0xb8/0x310
[ 39.126346] ? log_store+0x344/0x4c0
[ 39.126350] ? vprintk_emit+0x322/0x930
[ 39.126355] _raw_spin_lock_irqsave+0x99/0xd0
[ 39.126360] ? down_trylock+0x13/0x70
[ 39.126364] down_trylock+0x13/0x70
[ 39.126369] __down_trylock_console_sem+0xae/0x200
[ 39.126373] console_trylock+0x15/0xa0
[ 39.126378] vprintk_emit+0x322/0x930
[ 39.126382] ? wake_up_klogd+0x180/0x180
[ 39.126387] ? run_rebalance_domains+0x500/0x500
[ 39.126392] ? wake_up_worker+0x117/0x190
[ 39.126396] ? find_held_lock+0x36/0x1c0
[ 39.126400] ? __queue_work+0x6be/0x1440
[ 39.126405] ? lock_acquire+0x1ed/0x520
[ 39.126409] vprintk_default+0x28/0x30
[ 39.126413] vprintk_func+0x7e/0x181
[ 39.126417] printk+0xa7/0xcf
[ 39.126422] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 39.126427] ? kasan_check_write+0x14/0x20
[ 39.126431] ? do_raw_spin_lock+0xc1/0x200
[ 39.126436] ? do_raw_spin_lock+0xc1/0x200
[ 39.126440] kasan_report+0x9b/0x110
[ 39.126445] ? __schedule+0xfc3/0x1ed0
[ 39.126450] __asan_report_load8_noabort+0x14/0x20
[ 39.126454] __schedule+0xfc3/0x1ed0
[ 39.126458] ? __sched_text_start+0x8/0x8
[ 39.126463] ? __lock_is_held+0xb5/0x140
[ 39.126468] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 39.126472] ? find_held_lock+0x36/0x1c0
[ 39.126477] ? __call_srcu+0x7f9/0x1070
[ 39.126482] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 39.126487] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 39.126492] ? lockdep_hardirqs_on+0x421/0x5c0
[ 39.126497] ? preempt_schedule+0x4d/0x60
[ 39.126501] preempt_schedule_common+0x1f/0xd0
[ 39.126506] preempt_schedule+0x4d/0x60
[ 39.126510] ___preempt_schedule+0x16/0x18
[ 39.126515] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 39.126520] __call_srcu+0x7f9/0x1070
[ 39.126525] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 39.126530] ? srcu_offline_cpu+0x120/0x120
[ 39.126535] ? debug_object_free+0x690/0x690
[ 39.126539] ? mark_held_locks+0x130/0x130
[ 39.126544] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 39.126549] ? lock_release+0x970/0x970
[ 39.126553] ? arch_local_save_flags+0x40/0x40
[ 39.126558] ? depot_save_stack+0x292/0x470
[ 39.126563] ? __lockdep_init_map+0x105/0x590
[ 39.126568] ? __init_waitqueue_head+0x9e/0x150
[ 39.126572] ? init_wait_entry+0x1c0/0x1c0
[ 39.126577] __synchronize_srcu+0x17b/0x230
[ 39.126581] ? call_srcu+0x10/0x10
[ 39.126586] ? rcu_unexpedite_gp+0x20/0x20
[ 39.126591] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 39.126596] ? check_preemption_disabled+0x48/0x200
[ 39.126601] synchronize_srcu+0x356/0x5ab
[ 39.126605] ? lock_downgrade+0x900/0x900
[ 39.126610] ? synchronize_srcu_expedited+0x20/0x20
[ 39.126615] ? kasan_check_read+0x11/0x20
[ 39.126620] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 39.126624] ? kasan_check_write+0x14/0x20
[ 39.126629] ? do_raw_spin_lock+0xc1/0x200
[ 39.126634] kvm_page_track_unregister_notifier+0x17d/0x250
[ 39.126640] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 39.126644] ? kvfree+0x61/0x70
[ 39.126649] ? rcu_read_lock_sched_held+0x108/0x120
[ 39.126653] kvm_mmu_uninit_vm+0x1c/0x20
[ 39.126658] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 39.126663] ? kvm_arch_sync_events+0x30/0x30
[ 39.126668] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 39.126673] ? mmu_notifier_unregister+0x474/0x600
[ 39.126677] ? kfree+0x107/0x230
[ 39.126682] ? __mmu_notifier_register+0x30/0x30
[ 39.126686] ? __free_pages+0x10a/0x190
[ 39.126691] ? free_unref_page+0x960/0x960
[ 39.126695] kvm_put_kvm+0x6c8/0xff0
[ 39.126700] ? kvm_write_guest_cached+0x40/0x40
[ 39.126705] ? kvm_irqfd_release+0xd1/0x120
[ 39.126709] ? _raw_spin_unlock_irq+0x27/0x80
[ 39.126714] ? _raw_spin_unlock_irq+0x27/0x80
[ 39.126719] ? kasan_check_write+0x14/0x20
[ 39.126723] ? do_raw_spin_lock+0xc1/0x200
[ 39.126727] ? kvm_irqfd_release+0x
[ 39.126736] Lost 82 message(s)!
[ 40.303900] Shutting down cpus with NMI
[ 41.425299] Dumping ftrace buffer:
[ 41.428826] (ftrace buffer empty)
[ 41.433078] Kernel Offset: disabled
[ 41.436845] Rebooting in 86400 seconds..