[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 24.563733] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 26.320956] random: sshd: uninitialized urandom read (32 bytes read)
[ 26.672848] random: sshd: uninitialized urandom read (32 bytes read)
[ 27.279099] random: sshd: uninitialized urandom read (32 bytes read)
[ 27.495529] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts.
[ 33.237701] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 33.368510] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 33.395810] ==================================================================
[ 33.406122] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0
[ 33.412344] Read of size 8 at addr ffff8801c74c0058 by task syz-executor125/5327
[ 33.419864]
[ 33.421488] CPU: 0 PID: 5327 Comm: syz-executor125 Not tainted 4.19.0-rc3+ #232
[ 33.428924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 33.438266] Call Trace:
[ 33.440850] dump_stack+0x1c4/0x2b4
[ 33.444478] ? dump_stack_print_info.cold.2+0x52/0x52
[ 33.449665] ? printk+0xa7/0xcf
[ 33.452947] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 33.457706] print_address_description.cold.8+0x9/0x1ff
[ 33.463073] kasan_report.cold.9+0x242/0x309
[ 33.467476] ? __schedule+0xfc3/0x1ed0
[ 33.471362] __asan_report_load8_noabort+0x14/0x20
[ 33.476291] __schedule+0xfc3/0x1ed0
[ 33.480024] ? __sched_text_start+0x8/0x8
[ 33.484197] ? __lock_is_held+0xb5/0x140
[ 33.488255] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 33.493356] ? find_held_lock+0x36/0x1c0
[ 33.497418] ? __call_srcu+0x7f9/0x1070
[ 33.501393] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 33.506491] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 33.511590] ? lockdep_hardirqs_on+0x421/0x5c0
[ 33.516170] ? preempt_schedule+0x4d/0x60
[ 33.520337] preempt_schedule_common+0x1f/0xd0
[ 33.524919] preempt_schedule+0x4d/0x60
[ 33.528894] ___preempt_schedule+0x16/0x18
[ 33.533130] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 33.538070] __call_srcu+0x7f9/0x1070
[ 33.541880] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 33.546983] ? srcu_offline_cpu+0x120/0x120
[ 33.551306] ? debug_object_free+0x690/0x690
[ 33.555713] ? mark_held_locks+0x130/0x130
[ 33.559942] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 33.564526] ? lock_release+0x970/0x970
[ 33.568501] ? arch_local_save_flags+0x40/0x40
[ 33.573078] ? depot_save_stack+0x292/0x470
[ 33.577402] ? __lockdep_init_map+0x105/0x590
[ 33.581913] ? __init_waitqueue_head+0x9e/0x150
[ 33.586581] ? init_wait_entry+0x1c0/0x1c0
[ 33.590821] __synchronize_srcu+0x17b/0x230
[ 33.595137] ? call_srcu+0x10/0x10
[ 33.598673] ? rcu_unexpedite_gp+0x20/0x20
[ 33.602941] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 33.608486] ? check_preemption_disabled+0x48/0x200
[ 33.613500] synchronize_srcu+0x356/0x5ab
[ 33.617655] ? lock_downgrade+0x900/0x900
[ 33.621804] ? synchronize_srcu_expedited+0x20/0x20
[ 33.626820] ? kasan_check_read+0x11/0x20
[ 33.630970] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 33.635552] ? kasan_check_write+0x14/0x20
[ 33.639783] ? do_raw_spin_lock+0xc1/0x200
[ 33.644020] kvm_page_track_unregister_notifier+0x17d/0x250
[ 33.649731] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 33.655207] ? kvfree+0x61/0x70
[ 33.658503] ? rcu_read_lock_sched_held+0x108/0x120
[ 33.663528] kvm_mmu_uninit_vm+0x1c/0x20
[ 33.667588] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 33.671996] ? kvm_arch_sync_events+0x30/0x30
[ 33.676489] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 33.682037] ? mmu_notifier_unregister+0x474/0x600
[ 33.686961] ? kfree+0x107/0x230
[ 33.690326] ? __mmu_notifier_register+0x30/0x30
[ 33.695080] ? __free_pages+0x10a/0x190
[ 33.699051] ? free_unref_page+0x960/0x960
[ 33.703297] kvm_put_kvm+0x6c8/0xff0
[ 33.707018] ? kvm_write_guest_cached+0x40/0x40
[ 33.711686] ? kvm_irqfd_release+0xd1/0x120
[ 33.716007] ? _raw_spin_unlock_irq+0x27/0x80
[ 33.720496] ? _raw_spin_unlock_irq+0x27/0x80
[ 33.724999] ? kasan_check_write+0x14/0x20
[ 33.729229] ? do_raw_spin_lock+0xc1/0x200
[ 33.733461] ? kvm_irqfd_release+0xdd/0x120
[ 33.737781] ? kvm_irqfd_release+0xdd/0x120
[ 33.742099] ? kvm_put_kvm+0xff0/0xff0
[ 33.745984] kvm_vm_release+0x42/0x50
[ 33.749779] __fput+0x385/0xa30
[ 33.753063] ? get_max_files+0x20/0x20
[ 33.756947] ? trace_hardirqs_on+0xbd/0x310
[ 33.761274] ? ___might_sleep+0x1ed/0x300
[ 33.765417] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 33.770859] ? arch_local_save_flags+0x40/0x40
[ 33.775439] ? kasan_check_write+0x14/0x20
[ 33.779697] ? do_raw_spin_lock+0xc1/0x200
[ 33.783937] ____fput+0x15/0x20
[ 33.787232] task_work_run+0x1e8/0x2a0
[ 33.791118] ? task_work_cancel+0x240/0x240
[ 33.795438] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 33.800974] ? switch_task_namespaces+0x9d/0xd0
[ 33.805656] do_exit+0x1ad7/0x2610
[ 33.809224] ? mm_update_next_owner+0x990/0x990
[ 33.813894] ? kvm_vcpu_ioctl+0x29c/0x1150
[ 33.818123] ? rcu_read_lock_sched_held+0x108/0x120
[ 33.823168] ? kfree+0x1fa/0x230
[ 33.826584] ? kvm_vcpu_ioctl+0x2a1/0x1150
[ 33.830815] ? kvm_vcpu_block+0x1030/0x1030
[ 33.835134] ? is_bpf_text_address+0xd3/0x170
[ 33.839625] ? kernel_text_address+0x79/0xf0
[ 33.844031] ? __kernel_text_address+0xd/0x40
[ 33.848523] ? unwind_get_return_address+0x61/0xa0
[ 33.853449] ? __save_stack_trace+0x8d/0xf0
[ 33.857773] ? save_stack+0xa9/0xd0
[ 33.861394] ? save_stack+0x43/0xd0
[ 33.865020] ? __kasan_slab_free+0x102/0x150
[ 33.869422] ? kasan_slab_free+0xe/0x10
[ 33.873389] ? putname+0xf2/0x130
[ 33.876839] ? __x64_sys_openat+0x9d/0x100
[ 33.881084] ? do_syscall_64+0x1b9/0x820
[ 33.885140] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 33.890502] ? trace_hardirqs_off+0xb8/0x310
[ 33.894905] ? kasan_check_read+0x11/0x20
[ 33.899052] ? do_raw_spin_unlock+0xa7/0x2f0
[ 33.903457] ? trace_hardirqs_on+0x310/0x310
[ 33.907868] ? __bpf_trace_initcall_finish+0x2a/0x30
[ 33.912982] ? trace_hardirqs_off+0xb8/0x310
[ 33.917385] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 33.922916] ? check_preemption_disabled+0x48/0x200
[ 33.927926] ? check_preemption_disabled+0x48/0x200
[ 33.932939] ? kvm_vcpu_block+0x1030/0x1030
[ 33.937260] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 33.942796] ? do_vfs_ioctl+0x201/0x1720
[ 33.946857] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[ 33.952131] ? ioctl_preallocate+0x300/0x300
[ 33.956540] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 33.962078] ? __fget_light+0x2e9/0x430
[ 33.966048] ? fget_raw+0x20/0x20
[ 33.969493] ? putname+0xf2/0x130
[ 33.972940] ? rcu_read_lock_sched_held+0x108/0x120
[ 33.977954] ? kmem_cache_free+0x24f/0x290
[ 33.982197] ? putname+0xf7/0x130
[ 33.985655] do_group_exit+0x177/0x440
[ 33.989543] ? trace_hardirqs_on+0xbd/0x310
[ 33.993892] ? __ia32_sys_exit+0x50/0x50
[ 33.997950] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 34.003398] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.008932] ? ksys_ioctl+0x81/0xd0
[ 34.012557] __x64_sys_exit_group+0x3e/0x50
[ 34.016881] do_syscall_64+0x1b9/0x820
[ 34.020771] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 34.026138] ? syscall_return_slowpath+0x5e0/0x5e0
[ 34.031064] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.035904] ? trace_hardirqs_on_caller+0x310/0x310
[ 34.040918] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 34.045929] ? prepare_exit_to_usermode+0x291/0x3b0
[ 34.050946] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.055788] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.060974] RIP: 0033:0x43ecc8
[ 34.064163] Code: Bad RIP value.
[ 34.067528] RSP: 002b:00007ffe60cb6a18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 34.075231] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8
[ 34.082494] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 34.089757] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 34.097018] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 34.104279] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 34.111550]
[ 34.113209] Allocated by task 5327:
[ 34.116834] save_stack+0x43/0xd0
[ 34.120281] kasan_kmalloc+0xc7/0xe0
[ 34.123989] kasan_slab_alloc+0x12/0x20
[ 34.127958] kmem_cache_alloc+0x12e/0x730
[ 34.132097] vmx_create_vcpu+0xcf/0x25e0
[ 34.136153] kvm_arch_vcpu_create+0xe5/0x220
[ 34.140569] kvm_vm_ioctl+0x470/0x1d40
[ 34.144455] do_vfs_ioctl+0x1de/0x1720
[ 34.148334] ksys_ioctl+0xa9/0xd0
[ 34.151785] __x64_sys_ioctl+0x73/0xb0
[ 34.155670] do_syscall_64+0x1b9/0x820
[ 34.159558] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.164736]
[ 34.166352] Freed by task 5327:
[ 34.169644] save_stack+0x43/0xd0
[ 34.173102] __kasan_slab_free+0x102/0x150
[ 34.177328] kasan_slab_free+0xe/0x10
[ 34.181118] kmem_cache_free+0x83/0x290
[ 34.185085] vmx_free_vcpu+0x26b/0x300
[ 34.188962] kvm_arch_destroy_vm+0x365/0x7c0
[ 34.193364] kvm_put_kvm+0x6c8/0xff0
[ 34.197076] kvm_vm_release+0x42/0x50
[ 34.200867] __fput+0x385/0xa30
[ 34.204140] ____fput+0x15/0x20
[ 34.207413] task_work_run+0x1e8/0x2a0
[ 34.211294] do_exit+0x1ad7/0x2610
[ 34.214836] do_group_exit+0x177/0x440
[ 34.218724] __x64_sys_exit_group+0x3e/0x50
[ 34.223057] do_syscall_64+0x1b9/0x820
[ 34.226955] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.232129]
[ 34.233756] The buggy address belongs to the object at ffff8801c74c0040
[ 34.233756] which belongs to the cache kvm_vcpu of size 23872
[ 34.246323] The buggy address is located 24 bytes inside of
[ 34.246323] 23872-byte region [ffff8801c74c0040, ffff8801c74c5d80)
[ 34.258273] The buggy address belongs to the page:
[ 34.263217] page:ffffea00071d3000 count:1 mapcount:0 mapping:ffff8801d7278040 index:0x0 compound_mapcount: 0
[ 34.273234] flags: 0x2fffc0000008100(slab|head)
[ 34.277904] raw: 02fffc0000008100 ffff8801d5b96748 ffff8801d5b96748 ffff8801d7278040
[ 34.285783] raw: 0000000000000000 ffff8801c74c0040 0000000100000001 0000000000000000
[ 34.293648] page dumped because: kasan: bad access detected
[ 34.299356]
[ 34.300970] Memory state around the buggy address:
[ 34.305895] ffff8801c74bff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 34.313248] ffff8801c74bff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 34.320598] >ffff8801c74c0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 34.327947] ^
[ 34.334198] ffff8801c74c0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 34.341556] ffff8801c74c0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 34.348901] ==================================================================
[ 34.356249] Kernel panic - not syncing: panic_on_warn set ...
[ 34.356249]
[ 34.363613] CPU: 0 PID: 5327 Comm: syz-executor125 Tainted: G B 4.19.0-rc3+ #232
[ 34.372447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.381810] Call Trace:
[ 34.384733] dump_stack+0x1c4/0x2b4
[ 34.388360] ? dump_stack_print_info.cold.2+0x52/0x52
[ 34.393549] ? lock_downgrade+0x900/0x900
[ 34.397708] panic+0x238/0x4e7
[ 34.400897] ? add_taint.cold.5+0x16/0x16
[ 34.405079] ? print_shadow_for_address+0xb6/0x116
[ 34.410001] ? trace_hardirqs_off+0xaf/0x310
[ 34.414411] kasan_end_report+0x47/0x4f
[ 34.418382] kasan_report.cold.9+0x76/0x309
[ 34.422700] ? __schedule+0xfc3/0x1ed0
[ 34.426588] __asan_report_load8_noabort+0x14/0x20
[ 34.431519] __schedule+0xfc3/0x1ed0
[ 34.435239] ? __sched_text_start+0x8/0x8
[ 34.439389] ? __lock_is_held+0xb5/0x140
[ 34.443669] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 34.448801] ? find_held_lock+0x36/0x1c0
[ 34.452873] ? __call_srcu+0x7f9/0x1070
[ 34.456857] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 34.461955] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 34.467053] ? lockdep_hardirqs_on+0x421/0x5c0
[ 34.471630] ? preempt_schedule+0x4d/0x60
[ 34.475780] preempt_schedule_common+0x1f/0xd0
[ 34.480367] preempt_schedule+0x4d/0x60
[ 34.484343] ___preempt_schedule+0x16/0x18
[ 34.488578] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 34.493517] __call_srcu+0x7f9/0x1070
[ 34.497313] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 34.502419] ? srcu_offline_cpu+0x120/0x120
[ 34.506742] ? debug_object_free+0x690/0x690
[ 34.511146] ? mark_held_locks+0x130/0x130
[ 34.515389] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 34.519967] ? lock_release+0x970/0x970
[ 34.523936] ? arch_local_save_flags+0x40/0x40
[ 34.528513] ? depot_save_stack+0x292/0x470
[ 34.532841] ? __lockdep_init_map+0x105/0x590
[ 34.537336] ? __init_waitqueue_head+0x9e/0x150
[ 34.542004] ? init_wait_entry+0x1c0/0x1c0
[ 34.546246] __synchronize_srcu+0x17b/0x230
[ 34.550566] ? call_srcu+0x10/0x10
[ 34.554099] ? rcu_unexpedite_gp+0x20/0x20
[ 34.558337] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 34.563881] ? check_preemption_disabled+0x48/0x200
[ 34.568901] synchronize_srcu+0x356/0x5ab
[ 34.573044] ? lock_downgrade+0x900/0x900
[ 34.577205] ? synchronize_srcu_expedited+0x20/0x20
[ 34.582240] ? kasan_check_read+0x11/0x20
[ 34.586387] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 34.591019] ? kasan_check_write+0x14/0x20
[ 34.595268] ? do_raw_spin_lock+0xc1/0x200
[ 34.599504] kvm_page_track_unregister_notifier+0x17d/0x250
[ 34.605227] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 34.610674] ? kvfree+0x61/0x70
[ 34.613955] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.618983] kvm_mmu_uninit_vm+0x1c/0x20
[ 34.623039] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 34.627450] ? kvm_arch_sync_events+0x30/0x30
[ 34.631950] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 34.637482] ? mmu_notifier_unregister+0x474/0x600
[ 34.642405] ? kfree+0x107/0x230
[ 34.645780] ? __mmu_notifier_register+0x30/0x30
[ 34.650561] ? __free_pages+0x10a/0x190
[ 34.654533] ? free_unref_page+0x960/0x960
[ 34.658793] kvm_put_kvm+0x6c8/0xff0
[ 34.662510] ? kvm_write_guest_cached+0x40/0x40
[ 34.667194] ? kvm_irqfd_release+0xd1/0x120
[ 34.671519] ? _raw_spin_unlock_irq+0x27/0x80
[ 34.676013] ? _raw_spin_unlock_irq+0x27/0x80
[ 34.680522] ? kasan_check_write+0x14/0x20
[ 34.684755] ? do_raw_spin_lock+0xc1/0x200
[ 34.688989] ? kvm_irqfd_release+0xdd/0x120
[ 34.693306] ? kvm_irqfd_release+0xdd/0x120
[ 34.697628] ? kvm_put_kvm+0xff0/0xff0
[ 34.701511] kvm_vm_release+0x42/0x50
[ 34.705307] __fput+0x385/0xa30
[ 34.708586] ? get_max_files+0x20/0x20
[ 34.712474] ? trace_hardirqs_on+0xbd/0x310
[ 34.716794] ? ___might_sleep+0x1ed/0x300
[ 34.720938] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 34.726386] ? arch_local_save_flags+0x40/0x40
[ 34.730968] ? kasan_check_write+0x14/0x20
[ 34.735210] ? do_raw_spin_lock+0xc1/0x200
[ 34.739442] ____fput+0x15/0x20
[ 34.742747] task_work_run+0x1e8/0x2a0
[ 34.746690] ? task_work_cancel+0x240/0x240
[ 34.751011] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 34.756547] ? switch_task_namespaces+0x9d/0xd0
[ 34.761228] do_exit+0x1ad7/0x2610
[ 34.764773] ? mm_update_next_owner+0x990/0x990
[ 34.769443] ? kvm_vcpu_ioctl+0x29c/0x1150
[ 34.773687] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.778720] ? kfree+0x1fa/0x230
[ 34.782101] ? kvm_vcpu_ioctl+0x2a1/0x1150
[ 34.786339] ? kvm_vcpu_block+0x1030/0x1030
[ 34.790676] ? is_bpf_text_address+0xd3/0x170
[ 34.795197] ? kernel_text_address+0x79/0xf0
[ 34.799605] ? __kernel_text_address+0xd/0x40
[ 34.804096] ? unwind_get_return_address+0x61/0xa0
[ 34.809023] ? __save_stack_trace+0x8d/0xf0
[ 34.813350] ? save_stack+0xa9/0xd0
[ 34.816975] ? save_stack+0x43/0xd0
[ 34.820596] ? __kasan_slab_free+0x102/0x150
[ 34.824994] ? kasan_slab_free+0xe/0x10
[ 34.828963] ? putname+0xf2/0x130
[ 34.832415] ? __x64_sys_openat+0x9d/0x100
[ 34.836643] ? do_syscall_64+0x1b9/0x820
[ 34.840704] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.846061] ? trace_hardirqs_off+0xb8/0x310
[ 34.850462] ? kasan_check_read+0x11/0x20
[ 34.854610] ? do_raw_spin_unlock+0xa7/0x2f0
[ 34.859017] ? trace_hardirqs_on+0x310/0x310
[ 34.863440] ? __bpf_trace_initcall_finish+0x2a/0x30
[ 34.868542] ? trace_hardirqs_off+0xb8/0x310
[ 34.872946] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.878481] ? check_preemption_disabled+0x48/0x200
[ 34.883493] ? check_preemption_disabled+0x48/0x200
[ 34.888505] ? kvm_vcpu_block+0x1030/0x1030
[ 34.892842] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.898376] ? do_vfs_ioctl+0x201/0x1720
[ 34.902432] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[ 34.907710] ? ioctl_preallocate+0x300/0x300
[ 34.912125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.917663] ? __fget_light+0x2e9/0x430
[ 34.921635] ? fget_raw+0x20/0x20
[ 34.925093] ? putname+0xf2/0x130
[ 34.928542] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.933555] ? kmem_cache_free+0x24f/0x290
[ 34.937789] ? putname+0xf7/0x130
[ 34.941245] do_group_exit+0x177/0x440
[ 34.945140] ? trace_hardirqs_on+0xbd/0x310
[ 34.949458] ? __ia32_sys_exit+0x50/0x50
[ 34.953516] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 34.958962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.964510] ? ksys_ioctl+0x81/0xd0
[ 34.968137] __x64_sys_exit_group+0x3e/0x50
[ 34.972460] do_syscall_64+0x1b9/0x820
[ 34.976343] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 34.981704] ? syscall_return_slowpath+0x5e0/0x5e0
[ 34.986630] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.991473] ? trace_hardirqs_on_caller+0x310/0x310
[ 34.996504] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 35.001518] ? prepare_exit_to_usermode+0x291/0x3b0
[ 35.006537] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.011379] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.016562] RIP: 0033:0x43ecc8
[ 35.019753] Code: Bad RIP value.
[ 35.023108] RSP: 002b:00007ffe60cb6a18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 35.030808] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8
[ 35.038084] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 35.045349] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 35.052609] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 35.059869] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 35.067140]
[ 35.067146] ======================================================
[ 35.067152] WARNING: possible circular locking dependency detected
[ 35.067156] 4.19.0-rc3+ #232 Not tainted
[ 35.067162] ------------------------------------------------------
[ 35.067167] syz-executor125/5327 is trying to acquire lock:
[ 35.067171] 00000000d9ad50a0 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 35.067202]
[ 35.067206] but task is already holding lock:
[ 35.067210] 000000009c314dd7 (report_lock){....}, at: kasan_report+0x8b/0x110
[ 35.067225]
[ 35.067230] which lock already depends on the new lock.
[ 35.067233]
[ 35.067236]
[ 35.067241] the existing dependency chain (in reverse order) is:
[ 35.067244]
[ 35.067246] -> #3 (report_lock){....}:
[ 35.067262] _raw_spin_lock_irqsave+0x99/0xd0
[ 35.067267] kasan_report+0x8b/0x110
[ 35.067272] __asan_report_load8_noabort+0x14/0x20
[ 35.067276] __schedule+0xfc3/0x1ed0
[ 35.067281] preempt_schedule_common+0x1f/0xd0
[ 35.067285] preempt_schedule+0x4d/0x60
[ 35.067290] ___preempt_schedule+0x16/0x18
[ 35.067295] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 35.067299] __call_srcu+0x7f9/0x1070
[ 35.067304] __synchronize_srcu+0x17b/0x230
[ 35.067309] synchronize_srcu+0x356/0x5ab
[ 35.067314] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.067319] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.067323] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.067328] kvm_put_kvm+0x6c8/0xff0
[ 35.067332] kvm_vm_release+0x42/0x50
[ 35.067336] __fput+0x385/0xa30
[ 35.067340] ____fput+0x15/0x20
[ 35.067344] task_work_run+0x1e8/0x2a0
[ 35.067348] do_exit+0x1ad7/0x2610
[ 35.067352] do_group_exit+0x177/0x440
[ 35.067357] __x64_sys_exit_group+0x3e/0x50
[ 35.067361] do_syscall_64+0x1b9/0x820
[ 35.067366] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.067369]
[ 35.067372] -> #2 (&rq->lock){-.-.}:
[ 35.067387] _raw_spin_lock+0x2d/0x40
[ 35.067392] task_fork_fair+0xb0/0x6d0
[ 35.067396] sched_fork+0x443/0xba0
[ 35.067400] copy_process+0x2586/0x8780
[ 35.067404] _do_fork+0x1cb/0x11d0
[ 35.067409] kernel_thread+0x34/0x40
[ 35.067413] rest_init+0x22/0xe5
[ 35.067417] start_kernel+0x8f4/0x92f
[ 35.067422] x86_64_start_reservations+0x29/0x2b
[ 35.067427] x86_64_start_kernel+0x76/0x79
[ 35.067431] secondary_startup_64+0xa4/0xb0
[ 35.067434]
[ 35.067436] -> #1 (&p->pi_lock){-.-.}:
[ 35.067452] _raw_spin_lock_irqsave+0x99/0xd0
[ 35.067457] try_to_wake_up+0xd2/0x12f0
[ 35.067461] wake_up_process+0x10/0x20
[ 35.067465] __up.isra.1+0x1c0/0x2a0
[ 35.067469] up+0x13c/0x1c0
[ 35.067473] __up_console_sem+0xbe/0x1b0
[ 35.067478] console_unlock+0x524/0x11a0
[ 35.067482] vprintk_emit+0x33d/0x930
[ 35.067486] vprintk_default+0x28/0x30
[ 35.067490] vprintk_func+0x7e/0x181
[ 35.067494] printk+0xa7/0xcf
[ 35.067498] load_umh+0x51/0xbd
[ 35.067503] do_one_initcall+0x145/0x957
[ 35.067507] kernel_init_freeable+0x4bb/0x5ae
[ 35.067512] kernel_init+0x11/0x1b2
[ 35.067516] ret_from_fork+0x3a/0x50
[ 35.067519]
[ 35.067521] -> #0 ((console_sem).lock){-...}:
[ 35.067537] lock_acquire+0x1ed/0x520
[ 35.067542] _raw_spin_lock_irqsave+0x99/0xd0
[ 35.067546] down_trylock+0x13/0x70
[ 35.067551] __down_trylock_console_sem+0xae/0x200
[ 35.067555] console_trylock+0x15/0xa0
[ 35.067559] vprintk_emit+0x322/0x930
[ 35.067564] vprintk_default+0x28/0x30
[ 35.067568] vprintk_func+0x7e/0x181
[ 35.067572] printk+0xa7/0xcf
[ 35.067576] kasan_report+0x9b/0x110
[ 35.067581] __asan_report_load8_noabort+0x14/0x20
[ 35.067585] __schedule+0xfc3/0x1ed0
[ 35.067590] preempt_schedule_common+0x1f/0xd0
[ 35.067595] preempt_schedule+0x4d/0x60
[ 35.067599] ___preempt_schedule+0x16/0x18
[ 35.067604] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 35.067609] __call_srcu+0x7f9/0x1070
[ 35.067613] __synchronize_srcu+0x17b/0x230
[ 35.067618] synchronize_srcu+0x356/0x5ab
[ 35.067623] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.067628] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.067632] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.067636] kvm_put_kvm+0x6c8/0xff0
[ 35.067641] kvm_vm_release+0x42/0x50
[ 35.067645] __fput+0x385/0xa30
[ 35.067649] ____fput+0x15/0x20
[ 35.067653] task_work_run+0x1e8/0x2a0
[ 35.067657] do_exit+0x1ad7/0x2610
[ 35.067661] do_group_exit+0x177/0x440
[ 35.067666] __x64_sys_exit_group+0x3e/0x50
[ 35.067670] do_syscall_64+0x1b9/0x820
[ 35.067676] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.067678]
[ 35.067683] other info that might help us debug this:
[ 35.067685]
[ 35.067688] Chain exists of:
[ 35.067692] (console_sem).lock --> &rq->lock --> report_lock
[ 35.067726]
[ 35.067731] Possible unsafe locking scenario:
[ 35.067733]
[ 35.067753] CPU0 CPU1
[ 35.067758] ---- ----
[ 35.067760] lock(report_lock);
[ 35.067770] lock(&rq->lock);
[ 35.067781] lock(report_lock);
[ 35.067789] lock((console_sem).lock);
[ 35.067798]
[ 35.067802] *** DEADLOCK ***
[ 35.067804]
[ 35.067809] 2 locks held by syz-executor125/5327:
[ 35.067811] #0: 00000000cafbdf50 (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0
[ 35.067830] #1: 000000009c314dd7 (report_lock){....}, at: kasan_report+0x8b/0x110
[ 35.067849]
[ 35.067852] stack backtrace:
[ 35.067859] CPU: 0 PID: 5327 Comm: syz-executor125 Not tainted 4.19.0-rc3+ #232
[ 35.067866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 35.067870] Call Trace:
[ 35.067874] dump_stack+0x1c4/0x2b4
[ 35.067879] ? dump_stack_print_info.cold.2+0x52/0x52
[ 35.067883] ? vprintk_func+0x85/0x181
[ 35.067889] print_circular_bug.isra.33.cold.54+0x1bd/0x27d
[ 35.067893] ? save_trace+0xe0/0x290
[ 35.067898] __lock_acquire+0x33e4/0x4ec0
[ 35.067902] ? mark_held_locks+0x130/0x130
[ 35.067907] ? mark_held_locks+0x130/0x130
[ 35.067911] ? rcu_bh_qs+0xc0/0xc0
[ 35.067915] ? unwind_dump+0x190/0x190
[ 35.067920] ? is_bpf_text_address+0xd3/0x170
[ 35.067925] ? kernel_text_address+0x79/0xf0
[ 35.067929] ? __kernel_text_address+0xd/0x40
[ 35.067934] ? __save_stack_trace+0x8d/0xf0
[ 35.067939] ? add_lock_to_list.isra.26+0x1ec/0x4b0
[ 35.067943] ? save_trace+0x290/0x290
[ 35.067947] ? save_stack_trace+0x1a/0x20
[ 35.067951] ? save_trace+0xe0/0x290
[ 35.067956] ? kasan_check_read+0x11/0x20
[ 35.067960] ? graph_lock+0x170/0x170
[ 35.067965] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.067970] lock_acquire+0x1ed/0x520
[ 35.067974] ? down_trylock+0x13/0x70
[ 35.067978] ? find_held_lock+0x36/0x1c0
[ 35.067983] ? lock_release+0x970/0x970
[ 35.067987] ? trace_hardirqs_off+0xb8/0x310
[ 35.067992] ? vprintk_emit+0x1d3/0x930
[ 35.067996] ? trace_hardirqs_on+0x310/0x310
[ 35.068001] ? trace_hardirqs_off+0xb8/0x310
[ 35.068005] ? log_store+0x344/0x4c0
[ 35.068009] ? vprintk_emit+0x322/0x930
[ 35.068014] _raw_spin_lock_irqsave+0x99/0xd0
[ 35.068018] ? down_trylock+0x13/0x70
[ 35.068022] down_trylock+0x13/0x70
[ 35.068027] __down_trylock_console_sem+0xae/0x200
[ 35.068032] console_trylock+0x15/0xa0
[ 35.068036] vprintk_emit+0x322/0x930
[ 35.068040] ? wake_up_klogd+0x180/0x180
[ 35.068045] ? run_rebalance_domains+0x500/0x500
[ 35.068050] ? wake_up_worker+0x117/0x190
[ 35.068054] ? find_held_lock+0x36/0x1c0
[ 35.068058] ? __queue_work+0x6be/0x1440
[ 35.068063] ? lock_acquire+0x1ed/0x520
[ 35.068067] vprintk_default+0x28/0x30
[ 35.068071] vprintk_func+0x7e/0x181
[ 35.068075] printk+0xa7/0xcf
[ 35.068080] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 35.068084] ? kasan_check_write+0x14/0x20
[ 35.068089] ? do_raw_spin_lock+0xc1/0x200
[ 35.068093] ? do_raw_spin_lock+0xc1/0x200
[ 35.068098] kasan_report+0x9b/0x110
[ 35.068102] ? __schedule+0xfc3/0x1ed0
[ 35.068107] __asan_report_load8_noabort+0x14/0x20
[ 35.068111] __schedule+0xfc3/0x1ed0
[ 35.068115] ? __sched_text_start+0x8/0x8
[ 35.068120] ? __lock_is_held+0xb5/0x140
[ 35.068125] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 35.068129] ? find_held_lock+0x36/0x1c0
[ 35.068133] ? __call_srcu+0x7f9/0x1070
[ 35.068139] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 35.068144] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 35.068148] ? lockdep_hardirqs_on+0x421/0x5c0
[ 35.068153] ? preempt_schedule+0x4d/0x60
[ 35.068158] preempt_schedule_common+0x1f/0xd0
[ 35.068162] preempt_schedule+0x4d/0x60
[ 35.068166] ___preempt_schedule+0x16/0x18
[ 35.068171] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 35.068184] __call_srcu+0x7f9/0x1070
[ 35.068193] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 35.068197] ? srcu_offline_cpu+0x120/0x120
[ 35.068202] ? debug_object_free+0x690/0x690
[ 35.068206] ? mark_held_locks+0x130/0x130
[ 35.068211] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 35.068216] ? lock_release+0x970/0x970
[ 35.068220] ? arch_local_save_flags+0x40/0x40
[ 35.068225] ? depot_save_stack+0x292/0x470
[ 35.068229] ? __lockdep_init_map+0x105/0x590
[ 35.068234] ? __init_waitqueue_head+0x9e/0x150
[ 35.068239] ? init_wait_entry+0x1c0/0x1c0
[ 35.068243] __synchronize_srcu+0x17b/0x230
[ 35.068247] ? call_srcu+0x10/0x10
[ 35.068252] ? rcu_unexpedite_gp+0x20/0x20
[ 35.068257] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 35.068262] ? check_preemption_disabled+0x48/0x200
[ 35.068267] synchronize_srcu+0x356/0x5ab
[ 35.068271] ? lock_downgrade+0x900/0x900
[ 35.068276] ? synchronize_srcu_expedited+0x20/0x20
[ 35.068280] ? kasan_check_read+0x11/0x20
[ 35.068285] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 35.068290] ? kasan_check_write+0x14/0x20
[ 35.068294] ? do_raw_spin_lock+0xc1/0x200
[ 35.068300] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.068305] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 35.068309] ? kvfree+0x61/0x70
[ 35.068314] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.068318] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.068323] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.068327] ? kvm_arch_sync_events+0x30/0x30
[ 35.068332] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.068337] ? mmu_notifier_unregister+0x474/0x600
[ 35.068341] ? kfree+0x107/0x230
[ 35.068346] ? __mmu_notifier_register+0x30/0x30
[ 35.068351] ? __free_pages+0x10a/0x190
[ 35.068355] ? free_unref_page+0x960/0x960
[ 35.068359] kvm_put_kvm+0x6c8/0xff0
[ 35.068364] ? kvm_write_guest_cached+0x40/0x40
[ 35.068368] ? kvm_irqfd_release+0xd1/0x120
[ 35.068373] ? _raw_spin_unlock_irq+0x27/0x80
[ 35.068378] ? _raw_spin_unlock_irq+0x27/0x80
[ 35.068382] ? kasan_check_write+0x14/0x20
[ 35.068387] ? do_raw_spin_lock+0xc1/0x200
[ 35.068390] ? kvm_irqfd_release+0x
[ 35.068398] Lost 82 message(s)!
[ 36.257029] Shutting down cpus with NMI
[ 37.315759] Kernel Offset: disabled
[ 37.319400] Rebooting in 86400 seconds..