[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 25.035339] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 29.473809] random: sshd: uninitialized urandom read (32 bytes read)
[ 29.871355] random: sshd: uninitialized urandom read (32 bytes read)
[ 30.442894] random: sshd: uninitialized urandom read (32 bytes read)
[ 30.620390] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.15.206' (ECDSA) to the list of known hosts.
[ 36.204998] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 36.303729] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 36.329959] ==================================================================
[ 36.340822] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[ 36.347044] Read of size 8 at addr ffff8801b5668058 by task syz-executor288/4690
[ 36.354561]
[ 36.356184] CPU: 0 PID: 4690 Comm: syz-executor288 Not tainted 4.19.0-rc1+ #219
[ 36.363643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 36.372984] Call Trace:
[ 36.375567] dump_stack+0x1c9/0x2b4
[ 36.379195] ? dump_stack_print_info.cold.2+0x52/0x52
[ 36.384384] ? printk+0xa7/0xcf
[ 36.387663] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 36.392416] ? __schedule+0xf54/0x1df0
[ 36.396303] print_address_description+0x6c/0x20b
[ 36.401167] ? __schedule+0xf54/0x1df0
[ 36.405055] kasan_report.cold.7+0x242/0x30d
[ 36.409469] __asan_report_load8_noabort+0x14/0x20
[ 36.414400] __schedule+0xf54/0x1df0
[ 36.418108] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 36.423209] ? __sched_text_start+0x8/0x8
[ 36.427369] ? __call_srcu+0x7e7/0x1040
[ 36.431345] ? check_same_owner+0x340/0x340
[ 36.435662] ? mark_held_locks+0x160/0x160
[ 36.439901] ? find_held_lock+0x36/0x1c0
[ 36.443963] preempt_schedule_common+0x22/0x60
[ 36.448542] _cond_resched+0x1d/0x30
[ 36.452279] wait_for_completion+0xa5/0x8d0
[ 36.456602] ? wait_for_completion_interruptible+0x950/0x950
[ 36.462405] ? __lockdep_init_map+0x105/0x590
[ 36.466912] ? __init_waitqueue_head+0x9e/0x150
[ 36.471577] ? init_wait_entry+0x1c0/0x1c0
[ 36.475812] __synchronize_srcu+0x189/0x240
[ 36.480132] ? call_srcu+0x10/0x10
[ 36.483668] ? rcu_unexpedite_gp+0x20/0x20
[ 36.487927] synchronize_srcu+0x335/0x56f
[ 36.492070] ? lock_downgrade+0x8f0/0x8f0
[ 36.496236] ? synchronize_srcu_expedited+0x20/0x20
[ 36.501253] ? kasan_check_read+0x11/0x20
[ 36.505395] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 36.509972] ? kasan_check_write+0x14/0x20
[ 36.514211] ? do_raw_spin_lock+0xc1/0x200
[ 36.518454] kvm_page_track_unregister_notifier+0x17d/0x250
[ 36.524162] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 36.529607] ? kvfree+0x61/0x70
[ 36.532885] ? rcu_read_lock_sched_held+0x108/0x120
[ 36.537898] kvm_mmu_uninit_vm+0x1c/0x20
[ 36.541968] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 36.546378] ? kvm_arch_sync_events+0x30/0x30
[ 36.550877] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 36.556408] ? mmu_notifier_unregister+0x474/0x600
[ 36.561329] ? trace_hardirqs_on+0x2c0/0x2c0
[ 36.565729] ? kfree+0x111/0x210
[ 36.569089] ? __mmu_notifier_register+0x30/0x30
[ 36.573842] ? __free_pages+0x10a/0x190
[ 36.577805] ? free_unref_page+0x930/0x930
[ 36.582045] kvm_put_kvm+0x73f/0x1060
[ 36.585878] ? kvm_write_guest_cached+0x40/0x40
[ 36.590559] ? _raw_spin_unlock_irq+0x27/0x70
[ 36.595051] ? _raw_spin_unlock_irq+0x27/0x70
[ 36.599537] ? lockdep_hardirqs_on+0x421/0x5c0
[ 36.604120] ? kasan_check_write+0x14/0x20
[ 36.608350] ? do_raw_spin_lock+0xc1/0x200
[ 36.612585] ? kvm_irqfd_release+0xdd/0x120
[ 36.616901] ? kvm_irqfd_release+0xdd/0x120
[ 36.621218] ? kvm_put_kvm+0x1060/0x1060
[ 36.625301] kvm_vm_release+0x42/0x50
[ 36.629098] __fput+0x38a/0xa40
[ 36.632374] ? __alloc_file+0x400/0x400
[ 36.636350] ? check_same_owner+0x340/0x340
[ 36.640665] ? kasan_check_write+0x14/0x20
[ 36.644894] ? do_raw_spin_lock+0xc1/0x200
[ 36.649124] ____fput+0x15/0x20
[ 36.652411] task_work_run+0x1e8/0x2a0
[ 36.656332] ? task_work_cancel+0x240/0x240
[ 36.660655] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 36.666197] ? switch_task_namespaces+0xa2/0xd0
[ 36.670863] do_exit+0x1ae4/0x26e0
[ 36.674411] ? mm_update_next_owner+0x9a0/0x9a0
[ 36.679079] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 36.683310] ? rcu_read_lock_sched_held+0x108/0x120
[ 36.688321] ? kfree+0x1d7/0x210
[ 36.691681] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 36.695915] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 36.701641] ? is_bpf_text_address+0xd7/0x170
[ 36.706131] ? kernel_text_address+0x79/0xf0
[ 36.710534] ? __kernel_text_address+0xd/0x40
[ 36.715023] ? unwind_get_return_address+0x61/0xa0
[ 36.719951] ? __save_stack_trace+0x8d/0xf0
[ 36.724272] ? save_stack+0xa9/0xd0
[ 36.727910] ? save_stack+0x43/0xd0
[ 36.731536] ? __kasan_slab_free+0x11a/0x170
[ 36.735940] ? kasan_slab_free+0xe/0x10
[ 36.739913] ? putname+0xf2/0x130
[ 36.743361] ? __x64_sys_openat+0x9d/0x100
[ 36.747593] ? do_syscall_64+0x1b9/0x820
[ 36.751648] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 36.757006] ? trace_hardirqs_off+0xb8/0x2b0
[ 36.761418] ? kasan_check_read+0x11/0x20
[ 36.765580] ? do_raw_spin_unlock+0xa7/0x2f0
[ 36.769994] ? trace_hardirqs_on+0x2c0/0x2c0
[ 36.774406] ? initcall_blacklisted+0x9a/0x1e0
[ 36.778994] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 36.784108] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 36.789816] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 36.795353] ? do_vfs_ioctl+0x201/0x1720
[ 36.799408] ? rcu_is_watching+0x8c/0x150
[ 36.803550] ? trace_hardirqs_on+0xbd/0x2c0
[ 36.807880] ? ioctl_preallocate+0x300/0x300
[ 36.812331] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 36.817864] ? __fget_light+0x2f7/0x440
[ 36.821831] ? fget_raw+0x20/0x20
[ 36.825277] ? putname+0xf2/0x130
[ 36.828731] ? rcu_read_lock_sched_held+0x108/0x120
[ 36.833741] ? kmem_cache_free+0x246/0x280
[ 36.837970] ? putname+0xf7/0x130
[ 36.841425] do_group_exit+0x177/0x440
[ 36.845313] ? trace_hardirqs_on+0xbd/0x2c0
[ 36.849627] ? __ia32_sys_exit+0x50/0x50
[ 36.853684] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 36.858807] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 36.864345] ? ksys_ioctl+0x81/0xd0
[ 36.867983] __x64_sys_exit_group+0x3e/0x50
[ 36.872301] do_syscall_64+0x1b9/0x820
[ 36.876182] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 36.881552] ? syscall_return_slowpath+0x5e0/0x5e0
[ 36.886480] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 36.891326] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 36.896335] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 36.901348] ? prepare_exit_to_usermode+0x291/0x3b0
[ 36.906362] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 36.911203] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 36.916388] RIP: 0033:0x43f028
[ 36.919580] Code: Bad RIP value.
[ 36.922937] RSP: 002b:00007fffcfc12a98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 36.930642] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028
[ 36.937901] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 36.945160] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 36.952420] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 36.959687] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[ 36.966952]
[ 36.968582] Allocated by task 4690:
[ 36.972205] save_stack+0x43/0xd0
[ 36.975652] kasan_kmalloc+0xc4/0xe0
[ 36.979357] kasan_slab_alloc+0x12/0x20
[ 36.983338] kmem_cache_alloc+0x12e/0x710
[ 36.987479] vmx_create_vcpu+0xcf/0x2830
[ 36.991533] kvm_arch_vcpu_create+0xe5/0x220
[ 36.995937] kvm_vm_ioctl+0x488/0x1d80
[ 36.999820] do_vfs_ioctl+0x1de/0x1720
[ 37.003703] ksys_ioctl+0xa9/0xd0
[ 37.007152] __x64_sys_ioctl+0x73/0xb0
[ 37.011032] do_syscall_64+0x1b9/0x820
[ 37.014912] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 37.020085]
[ 37.021699] Freed by task 4690:
[ 37.024971] save_stack+0x43/0xd0
[ 37.028417] __kasan_slab_free+0x11a/0x170
[ 37.032658] kasan_slab_free+0xe/0x10
[ 37.036466] kmem_cache_free+0x86/0x280
[ 37.040436] vmx_free_vcpu+0x26b/0x300
[ 37.044320] kvm_arch_destroy_vm+0x365/0x7c0
[ 37.048720] kvm_put_kvm+0x73f/0x1060
[ 37.052526] kvm_vm_release+0x42/0x50
[ 37.056316] __fput+0x38a/0xa40
[ 37.059585] ____fput+0x15/0x20
[ 37.062858] task_work_run+0x1e8/0x2a0
[ 37.066735] do_exit+0x1ae4/0x26e0
[ 37.070262] do_group_exit+0x177/0x440
[ 37.074143] __x64_sys_exit_group+0x3e/0x50
[ 37.078473] do_syscall_64+0x1b9/0x820
[ 37.082358] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 37.087529]
[ 37.089149] The buggy address belongs to the object at ffff8801b5668040
[ 37.089149] which belongs to the cache kvm_vcpu of size 23872
[ 37.101715] The buggy address is located 24 bytes inside of
[ 37.101715] 23872-byte region [ffff8801b5668040, ffff8801b566dd80)
[ 37.113701] The buggy address belongs to the page:
[ 37.118624] page:ffffea0006d59a00 count:1 mapcount:0 mapping:ffff8801d5230b40 index:0x0 compound_mapcount: 0
[ 37.128583] flags: 0x2fffc0000008100(slab|head)
[ 37.133253] raw: 02fffc0000008100 ffff8801d522e948 ffff8801d522e948 ffff8801d5230b40
[ 37.141129] raw: 0000000000000000 ffff8801b5668040 0000000100000001 0000000000000000
[ 37.148997] page dumped because: kasan: bad access detected
[ 37.154689]
[ 37.156308] Memory state around the buggy address:
[ 37.161228] ffff8801b5667f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 37.168578] ffff8801b5667f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 37.175928] >ffff8801b5668000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 37.183280] ^
[ 37.189511] ffff8801b5668080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 37.196859] ffff8801b5668100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 37.204205] ==================================================================
[ 37.211554] Kernel panic - not syncing: panic_on_warn set ...
[ 37.211554]
[ 37.218917] CPU: 0 PID: 4690 Comm: syz-executor288 Tainted: G B 4.19.0-rc1+ #219
[ 37.227741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 37.237082] Call Trace:
[ 37.239670] dump_stack+0x1c9/0x2b4
[ 37.243298] ? dump_stack_print_info.cold.2+0x52/0x52
[ 37.248491] ? lock_downgrade+0x8f0/0x8f0
[ 37.252637] ? __schedule+0xf54/0x1df0
[ 37.256518] panic+0x238/0x4e7
[ 37.259706] ? add_taint.cold.5+0x16/0x16
[ 37.263853] ? print_shadow_for_address+0xba/0x116
[ 37.268776] ? trace_hardirqs_off+0xaf/0x2b0
[ 37.273178] ? trace_hardirqs_off+0x77/0x2b0
[ 37.277606] ? __schedule+0xf54/0x1df0
[ 37.281482] kasan_end_report+0x47/0x4f
[ 37.285462] kasan_report.cold.7+0x76/0x30d
[ 37.289797] __asan_report_load8_noabort+0x14/0x20
[ 37.294735] __schedule+0xf54/0x1df0
[ 37.298452] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 37.303554] ? __sched_text_start+0x8/0x8
[ 37.307705] ? __call_srcu+0x7e7/0x1040
[ 37.311683] ? check_same_owner+0x340/0x340
[ 37.316000] ? mark_held_locks+0x160/0x160
[ 37.320228] ? find_held_lock+0x36/0x1c0
[ 37.324299] preempt_schedule_common+0x22/0x60
[ 37.328881] _cond_resched+0x1d/0x30
[ 37.332584] wait_for_completion+0xa5/0x8d0
[ 37.336902] ? wait_for_completion_interruptible+0x950/0x950
[ 37.342706] ? __lockdep_init_map+0x105/0x590
[ 37.347201] ? __init_waitqueue_head+0x9e/0x150
[ 37.351876] ? init_wait_entry+0x1c0/0x1c0
[ 37.356131] __synchronize_srcu+0x189/0x240
[ 37.360465] ? call_srcu+0x10/0x10
[ 37.364003] ? rcu_unexpedite_gp+0x20/0x20
[ 37.368240] synchronize_srcu+0x335/0x56f
[ 37.372379] ? lock_downgrade+0x8f0/0x8f0
[ 37.376546] ? synchronize_srcu_expedited+0x20/0x20
[ 37.381559] ? kasan_check_read+0x11/0x20
[ 37.385704] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 37.390284] ? kasan_check_write+0x14/0x20
[ 37.394514] ? do_raw_spin_lock+0xc1/0x200
[ 37.398748] kvm_page_track_unregister_notifier+0x17d/0x250
[ 37.404482] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 37.409964] ? kvfree+0x61/0x70
[ 37.413238] ? rcu_read_lock_sched_held+0x108/0x120
[ 37.418248] kvm_mmu_uninit_vm+0x1c/0x20
[ 37.422303] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 37.426707] ? kvm_arch_sync_events+0x30/0x30
[ 37.431205] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 37.436740] ? mmu_notifier_unregister+0x474/0x600
[ 37.441675] ? trace_hardirqs_on+0x2c0/0x2c0
[ 37.446076] ? kfree+0x111/0x210
[ 37.449435] ? __mmu_notifier_register+0x30/0x30
[ 37.454217] ? __free_pages+0x10a/0x190
[ 37.458185] ? free_unref_page+0x930/0x930
[ 37.462421] kvm_put_kvm+0x73f/0x1060
[ 37.466226] ? kvm_write_guest_cached+0x40/0x40
[ 37.470907] ? _raw_spin_unlock_irq+0x27/0x70
[ 37.475393] ? _raw_spin_unlock_irq+0x27/0x70
[ 37.479883] ? lockdep_hardirqs_on+0x421/0x5c0
[ 37.484475] ? kasan_check_write+0x14/0x20
[ 37.488721] ? do_raw_spin_lock+0xc1/0x200
[ 37.492957] ? kvm_irqfd_release+0xdd/0x120
[ 37.497276] ? kvm_irqfd_release+0xdd/0x120
[ 37.501591] ? kvm_put_kvm+0x1060/0x1060
[ 37.505647] kvm_vm_release+0x42/0x50
[ 37.509437] __fput+0x38a/0xa40
[ 37.512716] ? __alloc_file+0x400/0x400
[ 37.516687] ? check_same_owner+0x340/0x340
[ 37.520999] ? kasan_check_write+0x14/0x20
[ 37.525229] ? do_raw_spin_lock+0xc1/0x200
[ 37.529464] ____fput+0x15/0x20
[ 37.532740] task_work_run+0x1e8/0x2a0
[ 37.536623] ? task_work_cancel+0x240/0x240
[ 37.540940] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 37.546474] ? switch_task_namespaces+0xa2/0xd0
[ 37.551136] do_exit+0x1ae4/0x26e0
[ 37.554674] ? mm_update_next_owner+0x9a0/0x9a0
[ 37.559342] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 37.563573] ? rcu_read_lock_sched_held+0x108/0x120
[ 37.568580] ? kfree+0x1d7/0x210
[ 37.571952] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 37.576201] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 37.581911] ? is_bpf_text_address+0xd7/0x170
[ 37.586402] ? kernel_text_address+0x79/0xf0
[ 37.590813] ? __kernel_text_address+0xd/0x40
[ 37.595315] ? unwind_get_return_address+0x61/0xa0
[ 37.600241] ? __save_stack_trace+0x8d/0xf0
[ 37.604565] ? save_stack+0xa9/0xd0
[ 37.608187] ? save_stack+0x43/0xd0
[ 37.611823] ? __kasan_slab_free+0x11a/0x170
[ 37.616237] ? kasan_slab_free+0xe/0x10
[ 37.620203] ? putname+0xf2/0x130
[ 37.623649] ? __x64_sys_openat+0x9d/0x100
[ 37.627889] ? do_syscall_64+0x1b9/0x820
[ 37.631941] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 37.637299] ? trace_hardirqs_off+0xb8/0x2b0
[ 37.641699] ? kasan_check_read+0x11/0x20
[ 37.645843] ? do_raw_spin_unlock+0xa7/0x2f0
[ 37.650245] ? trace_hardirqs_on+0x2c0/0x2c0
[ 37.654661] ? initcall_blacklisted+0x9a/0x1e0
[ 37.659238] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 37.664340] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 37.670049] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 37.675582] ? do_vfs_ioctl+0x201/0x1720
[ 37.679637] ? rcu_is_watching+0x8c/0x150
[ 37.683776] ? trace_hardirqs_on+0xbd/0x2c0
[ 37.688094] ? ioctl_preallocate+0x300/0x300
[ 37.692498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 37.698030] ? __fget_light+0x2f7/0x440
[ 37.702005] ? fget_raw+0x20/0x20
[ 37.705460] ? putname+0xf2/0x130
[ 37.708912] ? rcu_read_lock_sched_held+0x108/0x120
[ 37.713923] ? kmem_cache_free+0x246/0x280
[ 37.718168] ? putname+0xf7/0x130
[ 37.721619] do_group_exit+0x177/0x440
[ 37.725500] ? trace_hardirqs_on+0xbd/0x2c0
[ 37.729814] ? __ia32_sys_exit+0x50/0x50
[ 37.733867] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 37.738974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 37.744506] ? ksys_ioctl+0x81/0xd0
[ 37.748127] __x64_sys_exit_group+0x3e/0x50
[ 37.752461] do_syscall_64+0x1b9/0x820
[ 37.756345] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 37.761704] ? syscall_return_slowpath+0x5e0/0x5e0
[ 37.766629] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 37.771472] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 37.776482] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 37.781490] ? prepare_exit_to_usermode+0x291/0x3b0
[ 37.786523] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 37.791362] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 37.796555] RIP: 0033:0x43f028
[ 37.799748] Code: Bad RIP value.
[ 37.803102] RSP: 002b:00007fffcfc12a98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 37.810802] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028
[ 37.818062] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 37.825335] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 37.832595] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 37.839857] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[ 37.847130]
[ 37.847135] ======================================================
[ 37.847141] WARNING: possible circular locking dependency detected
[ 37.847144] 4.19.0-rc1+ #219 Not tainted
[ 37.847150] ------------------------------------------------------
[ 37.847154] syz-executor288/4690 is trying to acquire lock:
[ 37.847158] 00000000a8d465b7 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 37.847172]
[ 37.847176] but task is already holding lock:
[ 37.847179] 00000000bea9f28e (report_lock){....}, at: kasan_report+0x8e/0x110
[ 37.847193]
[ 37.847197] which lock already depends on the new lock.
[ 37.847199]
[ 37.847202]
[ 37.847207] the existing dependency chain (in reverse order) is:
[ 37.847209]
[ 37.847211] -> #3 (report_lock){....}:
[ 37.847225] _raw_spin_lock_irqsave+0x96/0xc0
[ 37.847229] kasan_report+0x8e/0x110
[ 37.847233] __asan_report_load8_noabort+0x14/0x20
[ 37.847237] __schedule+0xf54/0x1df0
[ 37.847241] preempt_schedule_common+0x22/0x60
[ 37.847245] _cond_resched+0x1d/0x30
[ 37.847249] wait_for_completion+0xa5/0x8d0
[ 37.847253] __synchronize_srcu+0x189/0x240
[ 37.847257] synchronize_srcu+0x335/0x56f
[ 37.847262] kvm_page_track_unregister_notifier+0x17d/0x250
[ 37.847266] kvm_mmu_uninit_vm+0x1c/0x20
[ 37.847271] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 37.847274] kvm_put_kvm+0x73f/0x1060
[ 37.847278] kvm_vm_release+0x42/0x50
[ 37.847282] __fput+0x38a/0xa40
[ 37.847285] ____fput+0x15/0x20
[ 37.847289] task_work_run+0x1e8/0x2a0
[ 37.847293] do_exit+0x1ae4/0x26e0
[ 37.847296] do_group_exit+0x177/0x440
[ 37.847300] __x64_sys_exit_group+0x3e/0x50
[ 37.847304] do_syscall_64+0x1b9/0x820
[ 37.847309] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 37.847311]
[ 37.847313] -> #2 (&rq->lock){-.-.}:
[ 37.847327] _raw_spin_lock+0x2a/0x40
[ 37.847330] task_fork_fair+0x93/0x680
[ 37.847334] sched_fork+0x44b/0xbd0
[ 37.847338] copy_process+0x235e/0x7ad0
[ 37.847341] _do_fork+0x1ca/0x1170
[ 37.847345] kernel_thread+0x34/0x40
[ 37.847348] rest_init+0x22/0xe4
[ 37.847352] start_kernel+0x913/0x94e
[ 37.847356] x86_64_start_reservations+0x29/0x2b
[ 37.847360] x86_64_start_kernel+0x76/0x79
[ 37.847364] secondary_startup_64+0xa4/0xb0
[ 37.847366]
[ 37.847369] -> #1 (&p->pi_lock){-.-.}:
[ 37.847383] _raw_spin_lock_irqsave+0x96/0xc0
[ 37.847387] try_to_wake_up+0xd2/0x1250
[ 37.847390] wake_up_process+0x10/0x20
[ 37.847394] __up.isra.1+0x1c0/0x2a0
[ 37.847397] up+0x13c/0x1c0
[ 37.847401] __up_console_sem+0xbe/0x1b0
[ 37.847405] console_unlock+0x506/0x10d0
[ 37.847409] vprintk_emit+0x33a/0x910
[ 37.847412] vprintk_default+0x28/0x30
[ 37.847416] vprintk_func+0x7a/0x117
[ 37.847419] printk+0xa7/0xcf
[ 37.847423] load_umh+0x51/0xbd
[ 37.847426] do_one_initcall+0x127/0x838
[ 37.847431] kernel_init_freeable+0x4bb/0x5ae
[ 37.847434] kernel_init+0x11/0x1b3
[ 37.847438] ret_from_fork+0x3a/0x50
[ 37.847440]
[ 37.847442] -> #0 ((console_sem).lock){-...}:
[ 37.847463] lock_acquire+0x1e4/0x4f0
[ 37.847467] _raw_spin_lock_irqsave+0x96/0xc0
[ 37.847471] down_trylock+0x13/0x70
[ 37.847475] __down_trylock_console_sem+0xae/0x200
[ 37.847479] console_trylock+0x15/0xa0
[ 37.847483] vprintk_emit+0x31f/0x910
[ 37.847487] vprintk_default+0x28/0x30
[ 37.847490] vprintk_func+0x7a/0x117
[ 37.847494] printk+0xa7/0xcf
[ 37.847497] kasan_report+0x9e/0x110
[ 37.847501] __asan_report_load8_noabort+0x14/0x20
[ 37.847505] __schedule+0xf54/0x1df0
[ 37.847509] preempt_schedule_common+0x22/0x60
[ 37.847513] _cond_resched+0x1d/0x30
[ 37.847517] wait_for_completion+0xa5/0x8d0
[ 37.847521] __synchronize_srcu+0x189/0x240
[ 37.847525] synchronize_srcu+0x335/0x56f
[ 37.847530] kvm_page_track_unregister_notifier+0x17d/0x250
[ 37.847534] kvm_mmu_uninit_vm+0x1c/0x20
[ 37.847538] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 37.847542] kvm_put_kvm+0x73f/0x1060
[ 37.847545] kvm_vm_release+0x42/0x50
[ 37.847549] __fput+0x38a/0xa40
[ 37.847552] ____fput+0x15/0x20
[ 37.847556] task_work_run+0x1e8/0x2a0
[ 37.847559] do_exit+0x1ae4/0x26e0
[ 37.847563] do_group_exit+0x177/0x440
[ 37.847567] __x64_sys_exit_group+0x3e/0x50
[ 37.847571] do_syscall_64+0x1b9/0x820
[ 37.847576] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 37.847578]
[ 37.847582] other info that might help us debug this:
[ 37.847584]
[ 37.847587] Chain exists of:
[ 37.847589] (console_sem).lock --> &rq->lock --> report_lock
[ 37.847607]
[ 37.847611] Possible unsafe locking scenario:
[ 37.847613]
[ 37.847617] CPU0 CPU1
[ 37.847621] ---- ----
[ 37.847623] lock(report_lock);
[ 37.847632] lock(&rq->lock);
[ 37.847641] lock(report_lock);
[ 37.847649] lock((console_sem).lock);
[ 37.847657]
[ 37.847660] *** DEADLOCK ***
[ 37.847662]
[ 37.847666] 2 locks held by syz-executor288/4690:
[ 37.847668] #0: 00000000c482f2ee (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[ 37.847685] #1: 00000000bea9f28e (report_lock){....}, at: kasan_report+0x8e/0x110
[ 37.847701]
[ 37.847704] stack backtrace:
[ 37.847710] CPU: 0 PID: 4690 Comm: syz-executor288 Not tainted 4.19.0-rc1+ #219
[ 37.847717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 37.847720] Call Trace:
[ 37.847723] dump_stack+0x1c9/0x2b4
[ 37.847728] ? dump_stack_print_info.cold.2+0x52/0x52
[ 37.847732] ? vprintk_func+0x100/0x117
[ 37.847736] print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[ 37.847740] ? save_trace+0xe0/0x290
[ 37.847744] __lock_acquire+0x3449/0x5020
[ 37.847748] ? mark_held_locks+0x160/0x160
[ 37.847752] ? mark_held_locks+0x160/0x160
[ 37.847756] ? rcu_cleanup_dead_rnp+0x200/0x200
[ 37.847760] ? is_bpf_text_address+0xd7/0x170
[ 37.847764] ? kernel_text_address+0x79/0xf0
[ 37.847768] ? __kernel_text_address+0xd/0x40
[ 37.847772] ? __save_stack_trace+0x8d/0xf0
[ 37.847776] ? add_lock_to_list.isra.27+0x1ec/0x4b0
[ 37.847780] ? save_trace+0x290/0x290
[ 37.847784] ? save_stack_trace+0x1a/0x20
[ 37.847787] ? save_trace+0xe0/0x290
[ 37.847791] ? graph_lock+0x170/0x170
[ 37.847796] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 37.847799] lock_acquire+0x1e4/0x4f0
[ 37.847803] ? down_trylock+0x13/0x70
[ 37.847807] ? lock_release+0x9f0/0x9f0
[ 37.847811] ? trace_hardirqs_off+0xb8/0x2b0
[ 37.847815] ? trace_hardirqs_on+0x2c0/0x2c0
[ 37.847819] ? trace_hardirqs_off+0xb8/0x2b0
[ 37.847823] ? log_store+0x34f/0x4c0
[ 37.847826] ? vprintk_emit+0x31f/0x910
[ 37.847830] _raw_spin_lock_irqsave+0x96/0xc0
[ 37.847834] ? down_trylock+0x13/0x70
[ 37.847838] down_trylock+0x13/0x70
[ 37.847842] __down_trylock_console_sem+0xae/0x200
[ 37.847846] console_trylock+0x15/0xa0
[ 37.847849] vprintk_emit+0x31f/0x910
[ 37.847853] ? wake_up_klogd+0x110/0x110
[ 37.847857] ? run_rebalance_domains+0x4c0/0x4c0
[ 37.847861] ? kasan_check_read+0x11/0x20
[ 37.847865] ? rcu_is_watching+0x8c/0x150
[ 37.847869] ? rcu_pm_notify+0xc0/0xc0
[ 37.847884] ? lock_acquire+0x1e4/0x4f0
[ 37.847888] ? kasan_report+0x8e/0x110
[ 37.847892] ? __schedule+0xf54/0x1df0
[ 37.847895] vprintk_default+0x28/0x30
[ 37.847899] vprintk_func+0x7a/0x117
[ 37.847902] printk+0xa7/0xcf
[ 37.847906] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 37.847910] ? kasan_check_write+0x14/0x20
[ 37.847931] ? do_raw_spin_lock+0xc1/0x200
[ 37.847934] ? do_raw_spin_lock+0xc1/0x200
[ 37.847951] kasan_report+0x9e/0x110
[ 37.847956] __asan_report_load8_noabort+0x14/0x20
[ 37.847959] __schedule+0xf54/0x1df0
[ 37.847963] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 37.847967] ? __sched_text_start+0x8/0x8
[ 37.847970] ? __call_srcu+0x7e7/0x1040
[ 37.847974] ? check_same_owner+0x340/0x340
[ 37.847977] ? mark_held_locks+0x160/0x160
[ 37.847981] ? find_held_lock+0x36/0x1c0
[ 37.847984] preempt_schedule_common+0x22/0x60
[ 37.847988] _cond_resched+0x1d/0x30
[ 37.847991] wait_for_completion+0xa5/0x8d0
[ 37.847995] ? wait_for_completion_interruptible+0x950/0x950
[ 37.847999] ? __lockdep_init_map+0x105/0x590
[ 37.848003] ? __init_waitqueue_head+0x9e/0x150
[ 37.848006] ? init_wait_entry+0x1c0/0x1c0
[ 37.848010] __synchronize_srcu+0x189/0x240
[ 37.848013] ? call_srcu+0x10/0x10
[ 37.848017] ? rcu_unexpedite_gp+0x20/0x20
[ 37.848020] synchronize_srcu+0x335/0x56f
[ 37.848024] ? lock_downgrade+0x8f0/0x8f0
[ 37.848028] ? synchronize_srcu_expedited+0x20/0x20
[ 37.848032] ? kasan_check_read+0x11/0x20
[ 37.848035] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 37.848039] ? kasan_check_write+0x14/0x20
[ 37.848042] ? do_raw_spin_lock+0xc1/0x200
[ 37.848047] kvm_page_track_unregister_notifier+0x17d/0x250
[ 37.848051] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 37.848054] ? kvfree+0x61/0x70
[ 37.848058] ? rcu_read_lock_sched_held+0x108/0x120
[ 37.848074] kvm_mmu_uninit_vm+0x1c/0x20
[ 37.848077] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 37.848081] ? kvm_arch_sync_events+0x30/0x30
[ 37.848085] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 37.848089] ? mmu_notifier_unregister+0x474/0x600
[ 37.848092] ? trace_hardirqs_on+0x2c0/0x2c0
[ 37.848095] ? kfree+0x111/0x210
[ 37.848099] ? __mmu_notifier_register+0x30/0x30
[ 37.848102] ? __free_pages+0x10a/0x190
[ 37.848105] ? free_unref_page+0x930/0x930
[ 37.848109] kvm_put_kvm+0x73f/0x1060
[ 37.848112] ? kvm_write_guest_cached+0x40/0x40
[ 37.848128] ? _raw_spin_unlock_irq+0x27/0x70
[ 37.848132] ? _raw_spin_unlock_irq+0x27/0x70
[ 37.848147] ? lockdep_hardirqs_on+0x421/0x5c0
[ 37.848151] ? kasan_check_write+0x14/0x20
[ 37.848154] ? do_raw_spin_lock+0xc1/0x200
[ 37.848170] ? kvm_irqfd_release+0xdd/0x120
[ 37.848174] ? kvm_irqfd_release+0xdd/0x120
[ 37.848178] ? kvm_put_kvm+0x1060/0x1060
[ 37.848181] kvm_vm_release+0x42/0x50
[ 37.848185] __fput+0x38a/0xa40
[ 37.848188] ? __alloc_file+0x400/0x400
[ 37.848192] ? check_same_owner+0x340/0x340
[ 37.848196] ? kasan_check_write+0x14/0x20
[ 37.848213] ? do_raw_spin_lock+0xc1/0x200
[ 37.848216] ____fput+0x15/0x20
[ 37.848219] task_work_run+0x1e8/0x2a0
[ 37.848223] ? task_work_cancel+0x240/0x240
[ 37.848227] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 37.848231] ? switch_task_namespaces+0xa2/0xd0
[ 37.848235] do_exit+0x1ae4/0x26e0
[ 37.848238] ? mm_update_next_owner+0x9a0/0x9a0
[ 37.848242] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 37.848246] ? rcu_read_lock_sched_held+0x108/0x120
[ 37.848249] ? kfree+0x1d7/0x210
[ 37.848265] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 37.848270] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 37.848273] ? is_bpf_text_address+0xd7/0x170
[ 37.848288] ?
[ 37.848294] Lost 55 message(s)!
[ 38.947321] Shutting down cpus with NMI
[ 40.005908] Dumping ftrace buffer:
[ 40.009431] (ftrace buffer empty)
[ 40.013122] Kernel Offset: disabled
[ 40.016732] Rebooting in 86400 seconds..