[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 22.416756] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 26.987242] random: sshd: uninitialized urandom read (32 bytes read)
[ 27.217313] random: sshd: uninitialized urandom read (32 bytes read)
[ 27.748145] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts.
[ 33.743823] urandom_read: 1 callbacks suppressed
[ 33.743829] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 33.845295] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 33.869955] ==================================================================
[ 33.879849] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[ 33.886073] Read of size 8 at addr ffff8801b86d0058 by task syz-executor763/4654
[ 33.894141]
[ 33.895772] CPU: 0 PID: 4654 Comm: syz-executor763 Not tainted 4.19.0-rc1+ #216
[ 33.903208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 33.912554] Call Trace:
[ 33.915149] dump_stack+0x1c9/0x2b4
[ 33.918774] ? dump_stack_print_info.cold.2+0x52/0x52
[ 33.923961] ? printk+0xa7/0xcf
[ 33.927236] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 33.931991] ? __schedule+0xf54/0x1df0
[ 33.935880] print_address_description+0x6c/0x20b
[ 33.940720] ? __schedule+0xf54/0x1df0
[ 33.944604] kasan_report.cold.7+0x242/0x30d
[ 33.949017] __asan_report_load8_noabort+0x14/0x20
[ 33.953945] __schedule+0xf54/0x1df0
[ 33.957656] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 33.962761] ? __sched_text_start+0x8/0x8
[ 33.966906] ? __call_srcu+0x7e7/0x1040
[ 33.970886] ? check_same_owner+0x340/0x340
[ 33.975206] ? mark_held_locks+0x160/0x160
[ 33.979435] ? find_held_lock+0x36/0x1c0
[ 33.983497] preempt_schedule_common+0x22/0x60
[ 33.988075] _cond_resched+0x1d/0x30
[ 33.991785] wait_for_completion+0xa5/0x8d0
[ 33.996106] ? wait_for_completion_interruptible+0x950/0x950
[ 34.001902] ? __lockdep_init_map+0x105/0x590
[ 34.006396] ? __init_waitqueue_head+0x9e/0x150
[ 34.011058] ? init_wait_entry+0x1c0/0x1c0
[ 34.015301] __synchronize_srcu+0x189/0x240
[ 34.019621] ? call_srcu+0x10/0x10
[ 34.023163] ? rcu_unexpedite_gp+0x20/0x20
[ 34.027399] synchronize_srcu+0x335/0x56f
[ 34.031546] ? lock_downgrade+0x8f0/0x8f0
[ 34.035690] ? synchronize_srcu_expedited+0x20/0x20
[ 34.040705] ? kasan_check_read+0x11/0x20
[ 34.044848] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 34.049430] ? kasan_check_write+0x14/0x20
[ 34.053662] ? do_raw_spin_lock+0xc1/0x200
[ 34.057898] kvm_page_track_unregister_notifier+0x17d/0x250
[ 34.063606] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 34.069055] ? kvfree+0x61/0x70
[ 34.072343] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.077368] kvm_mmu_uninit_vm+0x1c/0x20
[ 34.081430] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 34.085835] ? kvm_arch_sync_events+0x30/0x30
[ 34.090333] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 34.095873] ? mmu_notifier_unregister+0x474/0x600
[ 34.100795] ? trace_hardirqs_on+0x2c0/0x2c0
[ 34.105197] ? kfree+0x111/0x210
[ 34.108570] ? __mmu_notifier_register+0x30/0x30
[ 34.113326] ? __free_pages+0x10a/0x190
[ 34.117311] ? free_unref_page+0x930/0x930
[ 34.121558] kvm_put_kvm+0x73f/0x1060
[ 34.125364] ? kvm_write_guest_cached+0x40/0x40
[ 34.130032] ? _raw_spin_unlock_irq+0x27/0x70
[ 34.134523] ? _raw_spin_unlock_irq+0x27/0x70
[ 34.139012] ? lockdep_hardirqs_on+0x421/0x5c0
[ 34.143594] ? kasan_check_write+0x14/0x20
[ 34.147822] ? do_raw_spin_lock+0xc1/0x200
[ 34.152055] ? kvm_irqfd_release+0xdd/0x120
[ 34.156369] ? kvm_irqfd_release+0xdd/0x120
[ 34.160689] ? kvm_put_kvm+0x1060/0x1060
[ 34.164745] kvm_vm_release+0x42/0x50
[ 34.168543] __fput+0x38a/0xa40
[ 34.171817] ? __alloc_file+0x400/0x400
[ 34.175790] ? check_same_owner+0x340/0x340
[ 34.180109] ? kasan_check_write+0x14/0x20
[ 34.184344] ? do_raw_spin_lock+0xc1/0x200
[ 34.188576] ____fput+0x15/0x20
[ 34.191852] task_work_run+0x1e8/0x2a0
[ 34.195739] ? task_work_cancel+0x240/0x240
[ 34.200062] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 34.205593] ? switch_task_namespaces+0xa2/0xd0
[ 34.210262] do_exit+0x1ae4/0x26e0
[ 34.213809] ? mm_update_next_owner+0x9a0/0x9a0
[ 34.218479] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 34.222711] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.227723] ? kfree+0x1d7/0x210
[ 34.231085] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 34.235321] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 34.241037] ? is_bpf_text_address+0xd7/0x170
[ 34.245527] ? kernel_text_address+0x79/0xf0
[ 34.249932] ? __kernel_text_address+0xd/0x40
[ 34.254423] ? unwind_get_return_address+0x61/0xa0
[ 34.259355] ? __save_stack_trace+0x8d/0xf0
[ 34.263681] ? save_stack+0xa9/0xd0
[ 34.267311] ? save_stack+0x43/0xd0
[ 34.270940] ? __kasan_slab_free+0x11a/0x170
[ 34.275351] ? kasan_slab_free+0xe/0x10
[ 34.279321] ? putname+0xf2/0x130
[ 34.282776] ? __x64_sys_openat+0x9d/0x100
[ 34.287010] ? do_syscall_64+0x1b9/0x820
[ 34.291070] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.296429] ? trace_hardirqs_off+0xb8/0x2b0
[ 34.300830] ? kasan_check_read+0x11/0x20
[ 34.304975] ? do_raw_spin_unlock+0xa7/0x2f0
[ 34.309380] ? trace_hardirqs_on+0x2c0/0x2c0
[ 34.313791] ? initcall_blacklisted+0x9a/0x1e0
[ 34.318374] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 34.323474] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 34.329183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.334715] ? do_vfs_ioctl+0x201/0x1720
[ 34.338773] ? rcu_is_watching+0x8c/0x150
[ 34.342917] ? trace_hardirqs_on+0xbd/0x2c0
[ 34.347239] ? ioctl_preallocate+0x300/0x300
[ 34.351646] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.357180] ? __fget_light+0x2f7/0x440
[ 34.361149] ? fget_raw+0x20/0x20
[ 34.364595] ? putname+0xf2/0x130
[ 34.368049] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.373060] ? kmem_cache_free+0x246/0x280
[ 34.377296] ? putname+0xf7/0x130
[ 34.380751] do_group_exit+0x177/0x440
[ 34.384637] ? trace_hardirqs_on+0xbd/0x2c0
[ 34.388952] ? __ia32_sys_exit+0x50/0x50
[ 34.393006] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 34.398105] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.403636] ? ksys_ioctl+0x81/0xd0
[ 34.407258] __x64_sys_exit_group+0x3e/0x50
[ 34.411585] do_syscall_64+0x1b9/0x820
[ 34.415474] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 34.420837] ? syscall_return_slowpath+0x5e0/0x5e0
[ 34.425763] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.430602] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 34.435615] ? prepare_exit_to_usermode+0x291/0x3b0
[ 34.440632] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.445476] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.450662] RIP: 0033:0x43ecf8
[ 34.453853] Code: Bad RIP value.
[ 34.457208] RSP: 002b:00007ffcd8fce208 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 34.464909] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8
[ 34.472168] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 34.479429] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 34.486691] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 34.493952] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 34.501219]
[ 34.502841] Allocated by task 4654:
[ 34.506470] save_stack+0x43/0xd0
[ 34.509915] kasan_kmalloc+0xc4/0xe0
[ 34.513627] kasan_slab_alloc+0x12/0x20
[ 34.517593] kmem_cache_alloc+0x12e/0x710
[ 34.521733] vmx_create_vcpu+0xcf/0x2830
[ 34.525786] kvm_arch_vcpu_create+0xe5/0x220
[ 34.530187] kvm_vm_ioctl+0x488/0x1d80
[ 34.534071] do_vfs_ioctl+0x1de/0x1720
[ 34.537949] ksys_ioctl+0xa9/0xd0
[ 34.541397] __x64_sys_ioctl+0x73/0xb0
[ 34.545291] do_syscall_64+0x1b9/0x820
[ 34.549179] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.554359]
[ 34.555974] Freed by task 4654:
[ 34.559247] save_stack+0x43/0xd0
[ 34.562694] __kasan_slab_free+0x11a/0x170
[ 34.566920] kasan_slab_free+0xe/0x10
[ 34.570711] kmem_cache_free+0x86/0x280
[ 34.574676] vmx_free_vcpu+0x26b/0x300
[ 34.578555] kvm_arch_destroy_vm+0x365/0x7c0
[ 34.582956] kvm_put_kvm+0x73f/0x1060
[ 34.586753] kvm_vm_release+0x42/0x50
[ 34.590553] __fput+0x38a/0xa40
[ 34.593830] ____fput+0x15/0x20
[ 34.597107] task_work_run+0x1e8/0x2a0
[ 34.600988] do_exit+0x1ae4/0x26e0
[ 34.604523] do_group_exit+0x177/0x440
[ 34.608411] __x64_sys_exit_group+0x3e/0x50
[ 34.612729] do_syscall_64+0x1b9/0x820
[ 34.616635] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.621810]
[ 34.623434] The buggy address belongs to the object at ffff8801b86d0040
[ 34.623434] which belongs to the cache kvm_vcpu of size 23872
[ 34.635999] The buggy address is located 24 bytes inside of
[ 34.635999] 23872-byte region [ffff8801b86d0040, ffff8801b86d5d80)
[ 34.647948] The buggy address belongs to the page:
[ 34.652874] page:ffffea0006e1b400 count:1 mapcount:0 mapping:ffff8801d52939c0 index:0x0 compound_mapcount: 0
[ 34.662839] flags: 0x2fffc0000008100(slab|head)
[ 34.667507] raw: 02fffc0000008100 ffff8801d528f248 ffff8801d528f248 ffff8801d52939c0
[ 34.675386] raw: 0000000000000000 ffff8801b86d0040 0000000100000001 0000000000000000
[ 34.683255] page dumped because: kasan: bad access detected
[ 34.688959]
[ 34.690575] Memory state around the buggy address:
[ 34.695497] ffff8801b86cff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 34.702846] ffff8801b86cff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 34.710196] >ffff8801b86d0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 34.717545] ^
[ 34.723766] ffff8801b86d0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 34.731120] ffff8801b86d0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 34.738468] ==================================================================
[ 34.745818] Kernel panic - not syncing: panic_on_warn set ...
[ 34.745818]
[ 34.753204] CPU: 0 PID: 4654 Comm: syz-executor763 Tainted: G B 4.19.0-rc1+ #216
[ 34.762027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.771370] Call Trace:
[ 34.773963] dump_stack+0x1c9/0x2b4
[ 34.777593] ? dump_stack_print_info.cold.2+0x52/0x52
[ 34.782783] ? lock_downgrade+0x8f0/0x8f0
[ 34.786926] ? __schedule+0xf54/0x1df0
[ 34.791264] panic+0x238/0x4e7
[ 34.794457] ? add_taint.cold.5+0x16/0x16
[ 34.798607] ? print_shadow_for_address+0xba/0x116
[ 34.803529] ? trace_hardirqs_off+0xaf/0x2b0
[ 34.807930] ? trace_hardirqs_off+0x77/0x2b0
[ 34.812342] ? __schedule+0xf54/0x1df0
[ 34.816226] kasan_end_report+0x47/0x4f
[ 34.820205] kasan_report.cold.7+0x76/0x30d
[ 34.824527] __asan_report_load8_noabort+0x14/0x20
[ 34.829452] __schedule+0xf54/0x1df0
[ 34.833158] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 34.838257] ? __sched_text_start+0x8/0x8
[ 34.842411] ? __call_srcu+0x7e7/0x1040
[ 34.846392] ? check_same_owner+0x340/0x340
[ 34.850707] ? mark_held_locks+0x160/0x160
[ 34.854936] ? find_held_lock+0x36/0x1c0
[ 34.858996] preempt_schedule_common+0x22/0x60
[ 34.863577] _cond_resched+0x1d/0x30
[ 34.867293] wait_for_completion+0xa5/0x8d0
[ 34.871618] ? wait_for_completion_interruptible+0x950/0x950
[ 34.877413] ? __lockdep_init_map+0x105/0x590
[ 34.881910] ? __init_waitqueue_head+0x9e/0x150
[ 34.886575] ? init_wait_entry+0x1c0/0x1c0
[ 34.890808] __synchronize_srcu+0x189/0x240
[ 34.895128] ? call_srcu+0x10/0x10
[ 34.898669] ? rcu_unexpedite_gp+0x20/0x20
[ 34.902905] synchronize_srcu+0x335/0x56f
[ 34.907046] ? lock_downgrade+0x8f0/0x8f0
[ 34.911190] ? synchronize_srcu_expedited+0x20/0x20
[ 34.916203] ? kasan_check_read+0x11/0x20
[ 34.920599] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 34.925180] ? kasan_check_write+0x14/0x20
[ 34.929407] ? do_raw_spin_lock+0xc1/0x200
[ 34.933641] kvm_page_track_unregister_notifier+0x17d/0x250
[ 34.939353] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 34.944801] ? kvfree+0x61/0x70
[ 34.948085] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.953100] kvm_mmu_uninit_vm+0x1c/0x20
[ 34.957155] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 34.961560] ? kvm_arch_sync_events+0x30/0x30
[ 34.966053] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 34.971589] ? mmu_notifier_unregister+0x474/0x600
[ 34.976514] ? trace_hardirqs_on+0x2c0/0x2c0
[ 34.980919] ? kfree+0x111/0x210
[ 34.984292] ? __mmu_notifier_register+0x30/0x30
[ 34.989048] ? __free_pages+0x10a/0x190
[ 34.993017] ? free_unref_page+0x930/0x930
[ 34.997255] kvm_put_kvm+0x73f/0x1060
[ 35.001066] ? kvm_write_guest_cached+0x40/0x40
[ 35.005733] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.010219] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.014708] ? lockdep_hardirqs_on+0x421/0x5c0
[ 35.019303] ? kasan_check_write+0x14/0x20
[ 35.023536] ? do_raw_spin_lock+0xc1/0x200
[ 35.027769] ? kvm_irqfd_release+0xdd/0x120
[ 35.032087] ? kvm_irqfd_release+0xdd/0x120
[ 35.036404] ? kvm_put_kvm+0x1060/0x1060
[ 35.040462] kvm_vm_release+0x42/0x50
[ 35.044257] __fput+0x38a/0xa40
[ 35.047543] ? __alloc_file+0x400/0x400
[ 35.051520] ? check_same_owner+0x340/0x340
[ 35.055834] ? kasan_check_write+0x14/0x20
[ 35.060066] ? do_raw_spin_lock+0xc1/0x200
[ 35.064305] ____fput+0x15/0x20
[ 35.067583] task_work_run+0x1e8/0x2a0
[ 35.071500] ? task_work_cancel+0x240/0x240
[ 35.075822] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.081358] ? switch_task_namespaces+0xa2/0xd0
[ 35.086026] do_exit+0x1ae4/0x26e0
[ 35.089565] ? mm_update_next_owner+0x9a0/0x9a0
[ 35.094237] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 35.098469] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.103482] ? kfree+0x1d7/0x210
[ 35.106846] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 35.111078] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 35.116788] ? is_bpf_text_address+0xd7/0x170
[ 35.121275] ? kernel_text_address+0x79/0xf0
[ 35.125687] ? __kernel_text_address+0xd/0x40
[ 35.130177] ? unwind_get_return_address+0x61/0xa0
[ 35.135107] ? __save_stack_trace+0x8d/0xf0
[ 35.139429] ? save_stack+0xa9/0xd0
[ 35.143051] ? save_stack+0x43/0xd0
[ 35.146670] ? __kasan_slab_free+0x11a/0x170
[ 35.151070] ? kasan_slab_free+0xe/0x10
[ 35.155037] ? putname+0xf2/0x130
[ 35.158487] ? __x64_sys_openat+0x9d/0x100
[ 35.162717] ? do_syscall_64+0x1b9/0x820
[ 35.166774] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.172134] ? trace_hardirqs_off+0xb8/0x2b0
[ 35.176534] ? kasan_check_read+0x11/0x20
[ 35.180677] ? do_raw_spin_unlock+0xa7/0x2f0
[ 35.185079] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.189485] ? initcall_blacklisted+0x9a/0x1e0
[ 35.194064] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 35.199166] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 35.204878] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.210414] ? do_vfs_ioctl+0x201/0x1720
[ 35.214471] ? rcu_is_watching+0x8c/0x150
[ 35.218610] ? trace_hardirqs_on+0xbd/0x2c0
[ 35.222932] ? ioctl_preallocate+0x300/0x300
[ 35.227341] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.232873] ? __fget_light+0x2f7/0x440
[ 35.236843] ? fget_raw+0x20/0x20
[ 35.240298] ? putname+0xf2/0x130
[ 35.243749] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.248762] ? kmem_cache_free+0x246/0x280
[ 35.252990] ? putname+0xf7/0x130
[ 35.256440] do_group_exit+0x177/0x440
[ 35.260326] ? trace_hardirqs_on+0xbd/0x2c0
[ 35.264652] ? __ia32_sys_exit+0x50/0x50
[ 35.268709] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 35.273808] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.279346] ? ksys_ioctl+0x81/0xd0
[ 35.282970] __x64_sys_exit_group+0x3e/0x50
[ 35.287298] do_syscall_64+0x1b9/0x820
[ 35.291183] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 35.296543] ? syscall_return_slowpath+0x5e0/0x5e0
[ 35.301466] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.306309] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 35.311326] ? prepare_exit_to_usermode+0x291/0x3b0
[ 35.316352] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.321202] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.326385] RIP: 0033:0x43ecf8
[ 35.329577] Code: Bad RIP value.
[ 35.332931] RSP: 002b:00007ffcd8fce208 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 35.340635] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8
[ 35.347898] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 35.355159] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 35.362421] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 35.369682] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 35.376956]
[ 35.376961] ======================================================
[ 35.376967] WARNING: possible circular locking dependency detected
[ 35.376970] 4.19.0-rc1+ #216 Not tainted
[ 35.376976] ------------------------------------------------------
[ 35.376981] syz-executor763/4654 is trying to acquire lock:
[ 35.376984] 00000000f9db3864 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 35.376999]
[ 35.377003] but task is already holding lock:
[ 35.377007] 00000000400e24dd (report_lock){....}, at: kasan_report+0x8e/0x110
[ 35.377021]
[ 35.377025] which lock already depends on the new lock.
[ 35.377028]
[ 35.377030]
[ 35.377035] the existing dependency chain (in reverse order) is:
[ 35.377038]
[ 35.377040] -> #3 (report_lock){....}:
[ 35.377055] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.377058] kasan_report+0x8e/0x110
[ 35.377063] __asan_report_load8_noabort+0x14/0x20
[ 35.377067] __schedule+0xf54/0x1df0
[ 35.377071] preempt_schedule_common+0x22/0x60
[ 35.377075] _cond_resched+0x1d/0x30
[ 35.377079] wait_for_completion+0xa5/0x8d0
[ 35.377083] __synchronize_srcu+0x189/0x240
[ 35.377087] synchronize_srcu+0x335/0x56f
[ 35.377092] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.377096] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.377101] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.377105] kvm_put_kvm+0x73f/0x1060
[ 35.377109] kvm_vm_release+0x42/0x50
[ 35.377112] __fput+0x38a/0xa40
[ 35.377116] ____fput+0x15/0x20
[ 35.377120] task_work_run+0x1e8/0x2a0
[ 35.377123] do_exit+0x1ae4/0x26e0
[ 35.377127] do_group_exit+0x177/0x440
[ 35.377132] __x64_sys_exit_group+0x3e/0x50
[ 35.377136] do_syscall_64+0x1b9/0x820
[ 35.377140] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.377143]
[ 35.377145] -> #2 (&rq->lock){-.-.}:
[ 35.377159] _raw_spin_lock+0x2a/0x40
[ 35.377163] task_fork_fair+0x93/0x680
[ 35.377167] sched_fork+0x44b/0xbd0
[ 35.377170] copy_process+0x235e/0x7ad0
[ 35.377174] _do_fork+0x1ca/0x1170
[ 35.377178] kernel_thread+0x34/0x40
[ 35.377182] rest_init+0x22/0xe4
[ 35.377185] start_kernel+0x913/0x94e
[ 35.377190] x86_64_start_reservations+0x29/0x2b
[ 35.377194] x86_64_start_kernel+0x76/0x79
[ 35.377198] secondary_startup_64+0xa4/0xb0
[ 35.377200]
[ 35.377203] -> #1 (&p->pi_lock){-.-.}:
[ 35.377217] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.377221] try_to_wake_up+0xd2/0x1250
[ 35.377225] wake_up_process+0x10/0x20
[ 35.377229] __up.isra.1+0x1c0/0x2a0
[ 35.377232] up+0x13c/0x1c0
[ 35.377236] __up_console_sem+0xbe/0x1b0
[ 35.377240] console_unlock+0x506/0x10d0
[ 35.377244] vprintk_emit+0x33a/0x910
[ 35.377248] vprintk_default+0x28/0x30
[ 35.377252] vprintk_func+0x7a/0x117
[ 35.377255] printk+0xa7/0xcf
[ 35.377259] load_umh+0x51/0xbd
[ 35.377263] do_one_initcall+0x127/0x838
[ 35.377267] kernel_init_freeable+0x4bb/0x5ae
[ 35.377271] kernel_init+0x11/0x1b3
[ 35.377274] ret_from_fork+0x3a/0x50
[ 35.377277]
[ 35.377288] -> #0 ((console_sem).lock){-...}:
[ 35.377303] lock_acquire+0x1e4/0x4f0
[ 35.377307] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.377311] down_trylock+0x13/0x70
[ 35.377315] __down_trylock_console_sem+0xae/0x200
[ 35.377319] console_trylock+0x15/0xa0
[ 35.377323] vprintk_emit+0x31f/0x910
[ 35.377327] vprintk_default+0x28/0x30
[ 35.377331] vprintk_func+0x7a/0x117
[ 35.377339] printk+0xa7/0xcf
[ 35.377343] kasan_report+0x9e/0x110
[ 35.377347] __asan_report_load8_noabort+0x14/0x20
[ 35.377351] __schedule+0xf54/0x1df0
[ 35.377355] preempt_schedule_common+0x22/0x60
[ 35.377359] _cond_resched+0x1d/0x30
[ 35.377363] wait_for_completion+0xa5/0x8d0
[ 35.377367] __synchronize_srcu+0x189/0x240
[ 35.377372] synchronize_srcu+0x335/0x56f
[ 35.377377] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.377380] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.377385] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.377389] kvm_put_kvm+0x73f/0x1060
[ 35.377392] kvm_vm_release+0x42/0x50
[ 35.377396] __fput+0x38a/0xa40
[ 35.377400] ____fput+0x15/0x20
[ 35.377403] task_work_run+0x1e8/0x2a0
[ 35.377407] do_exit+0x1ae4/0x26e0
[ 35.377411] do_group_exit+0x177/0x440
[ 35.377416] __x64_sys_exit_group+0x3e/0x50
[ 35.377420] do_syscall_64+0x1b9/0x820
[ 35.377424] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.377427]
[ 35.377431] other info that might help us debug this:
[ 35.377433]
[ 35.377436] Chain exists of:
[ 35.377439] (console_sem).lock --> &rq->lock --> report_lock
[ 35.377457]
[ 35.377461] Possible unsafe locking scenario:
[ 35.377463]
[ 35.377467] CPU0 CPU1
[ 35.377471] ---- ----
[ 35.377474] lock(report_lock);
[ 35.377483] lock(&rq->lock);
[ 35.377492] lock(report_lock);
[ 35.377501] lock((console_sem).lock);
[ 35.377509]
[ 35.377512] *** DEADLOCK ***
[ 35.377514]
[ 35.377518] 2 locks held by syz-executor763/4654:
[ 35.377521] #0: 000000000e26e870 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[ 35.377538] #1: 00000000400e24dd (report_lock){....}, at: kasan_report+0x8e/0x110
[ 35.377555]
[ 35.377558] stack backtrace:
[ 35.377564] CPU: 0 PID: 4654 Comm: syz-executor763 Not tainted 4.19.0-rc1+ #216
[ 35.377571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 35.377574] Call Trace:
[ 35.377578] dump_stack+0x1c9/0x2b4
[ 35.377583] ? dump_stack_print_info.cold.2+0x52/0x52
[ 35.377587] ? vprintk_func+0x100/0x117
[ 35.377591] print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[ 35.377595] ? save_trace+0xe0/0x290
[ 35.377599] __lock_acquire+0x3449/0x5020
[ 35.377603] ? mark_held_locks+0x160/0x160
[ 35.377607] ? mark_held_locks+0x160/0x160
[ 35.377612] ? rcu_cleanup_dead_rnp+0x200/0x200
[ 35.377616] ? is_bpf_text_address+0xd7/0x170
[ 35.377620] ? kernel_text_address+0x79/0xf0
[ 35.377624] ? __kernel_text_address+0xd/0x40
[ 35.377628] ? __save_stack_trace+0x8d/0xf0
[ 35.377633] ? add_lock_to_list.isra.27+0x1ec/0x4b0
[ 35.377637] ? save_trace+0x290/0x290
[ 35.377641] ? save_stack_trace+0x1a/0x20
[ 35.377644] ? save_trace+0xe0/0x290
[ 35.377648] ? graph_lock+0x170/0x170
[ 35.377653] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.377657] lock_acquire+0x1e4/0x4f0
[ 35.377661] ? down_trylock+0x13/0x70
[ 35.377665] ? lock_release+0x9f0/0x9f0
[ 35.377669] ? trace_hardirqs_off+0xb8/0x2b0
[ 35.377673] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.377677] ? trace_hardirqs_off+0xb8/0x2b0
[ 35.377681] ? log_store+0x34f/0x4c0
[ 35.377685] ? vprintk_emit+0x31f/0x910
[ 35.377689] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.377693] ? down_trylock+0x13/0x70
[ 35.377696] down_trylock+0x13/0x70
[ 35.377701] __down_trylock_console_sem+0xae/0x200
[ 35.377705] console_trylock+0x15/0xa0
[ 35.377708] vprintk_emit+0x31f/0x910
[ 35.377712] ? wake_up_klogd+0x110/0x110
[ 35.377717] ? run_rebalance_domains+0x4c0/0x4c0
[ 35.377721] ? kasan_check_read+0x11/0x20
[ 35.377725] ? rcu_is_watching+0x8c/0x150
[ 35.377729] ? rcu_pm_notify+0xc0/0xc0
[ 35.377732] ? lock_acquire+0x1e4/0x4f0
[ 35.377736] ? kasan_report+0x8e/0x110
[ 35.377740] ? __schedule+0xf54/0x1df0
[ 35.377744] vprintk_default+0x28/0x30
[ 35.377748] vprintk_func+0x7a/0x117
[ 35.377751] printk+0xa7/0xcf
[ 35.377755] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 35.377759] ? kasan_check_write+0x14/0x20
[ 35.377764] ? do_raw_spin_lock+0xc1/0x200
[ 35.377768] ? do_raw_spin_lock+0xc1/0x200
[ 35.377771] kasan_report+0x9e/0x110
[ 35.377776] __asan_report_load8_noabort+0x14/0x20
[ 35.377779] __schedule+0xf54/0x1df0
[ 35.377784] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 35.377788] ? __sched_text_start+0x8/0x8
[ 35.377792] ? __call_srcu+0x7e7/0x1040
[ 35.377796] ? check_same_owner+0x340/0x340
[ 35.377800] ? mark_held_locks+0x160/0x160
[ 35.377804] ? find_held_lock+0x36/0x1c0
[ 35.377808] preempt_schedule_common+0x22/0x60
[ 35.377812] _cond_resched+0x1d/0x30
[ 35.377816] wait_for_completion+0xa5/0x8d0
[ 35.377821] ? wait_for_completion_interruptible+0x950/0x950
[ 35.377825] ? __lockdep_init_map+0x105/0x590
[ 35.377830] ? __init_waitqueue_head+0x9e/0x150
[ 35.377834] ? init_wait_entry+0x1c0/0x1c0
[ 35.377838] __synchronize_srcu+0x189/0x240
[ 35.377842] ? call_srcu+0x10/0x10
[ 35.377846] ? rcu_unexpedite_gp+0x20/0x20
[ 35.377850] synchronize_srcu+0x335/0x56f
[ 35.377854] ? lock_downgrade+0x8f0/0x8f0
[ 35.377859] ? synchronize_srcu_expedited+0x20/0x20
[ 35.377863] ? kasan_check_read+0x11/0x20
[ 35.377867] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 35.377871] ? kasan_check_write+0x14/0x20
[ 35.377875] ? do_raw_spin_lock+0xc1/0x200
[ 35.377881] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.377885] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 35.377889] ? kvfree+0x61/0x70
[ 35.377894] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.377898] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.377902] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.377906] ? kvm_arch_sync_events+0x30/0x30
[ 35.377911] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.377915] ? mmu_notifier_unregister+0x474/0x600
[ 35.377919] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.377923] ? kfree+0x111/0x210
[ 35.377927] ? __mmu_notifier_register+0x30/0x30
[ 35.377931] ? __free_pages+0x10a/0x190
[ 35.377935] ? free_unref_page+0x930/0x930
[ 35.377939] kvm_put_kvm+0x73f/0x1060
[ 35.377943] ? kvm_write_guest_cached+0x40/0x40
[ 35.377948] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.377952] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.377956] ? lockdep_hardirqs_on+0x421/0x5c0
[ 35.377960] ? kasan_check_write+0x14/0x20
[ 35.377964] ? do_raw_spin_lock+0xc1/0x200
[ 35.377968] ? kvm_irqfd_release+0xdd/0x120
[ 35.377972] ? kvm_irqfd_release+0xdd/0x120
[ 35.377976] ? kvm_put_kvm+0x1060/0x1060
[ 35.377980] kvm_vm_release+0x42/0x50
[ 35.377984] __fput+0x38a/0xa40
[ 35.377988] ? __alloc_file+0x400/0x400
[ 35.377992] ? check_same_owner+0x340/0x340
[ 35.377996] ? kasan_check_write+0x14/0x20
[ 35.378000] ? do_raw_spin_lock+0xc1/0x200
[ 35.378003] ____fput+0x15/0x20
[ 35.378007] task_work_run+0x1e8/0x2a0
[ 35.378011] ? task_work_cancel+0x240/0x240
[ 35.378016] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.378020] ? switch_task_namespaces+0xa2/0xd0
[ 35.378024] do_exit+0x1ae4/0x26e0
[ 35.378028] ? mm_update_next_owner+0x9a0/0x9a0
[ 35.378032] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 35.378037] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.378040] ? kfree+0x1d7/0x210
[ 35.378044] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 35.378049] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 35.378053] ? is_bpf_text_address+0xd7/0x170
[ 35.378056] ?
[ 35.378063] Lost 54 message(s)!
[ 36.448225] Shutting down cpus with NMI
[ 37.507152] Dumping ftrace buffer:
[ 37.510676] (ftrace buffer empty)
[ 37.514362] Kernel Offset: disabled
[ 37.517971] Rebooting in 86400 seconds..