[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 22.370987] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 26.995123] random: sshd: uninitialized urandom read (32 bytes read)
[ 27.437984] random: sshd: uninitialized urandom read (32 bytes read)
[ 28.012915] random: sshd: uninitialized urandom read (32 bytes read)
[ 28.194011] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.21' (ECDSA) to the list of known hosts.
[ 33.881374] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 33.979213] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 34.004465] ==================================================================
[ 34.014338] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[ 34.020563] Read of size 8 at addr ffff8801b5680058 by task syz-executor457/4629
[ 34.028083]
[ 34.029713] CPU: 1 PID: 4629 Comm: syz-executor457 Not tainted 4.19.0-rc1+ #219
[ 34.037151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.046496] Call Trace:
[ 34.049115] dump_stack+0x1c9/0x2b4
[ 34.052743] ? dump_stack_print_info.cold.2+0x52/0x52
[ 34.057952] ? printk+0xa7/0xcf
[ 34.061230] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 34.065986] ? __schedule+0xf54/0x1df0
[ 34.069873] print_address_description+0x6c/0x20b
[ 34.074713] ? __schedule+0xf54/0x1df0
[ 34.078599] kasan_report.cold.7+0x242/0x30d
[ 34.083006] __asan_report_load8_noabort+0x14/0x20
[ 34.087943] __schedule+0xf54/0x1df0
[ 34.091656] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 34.096773] ? __sched_text_start+0x8/0x8
[ 34.100933] ? __call_srcu+0x7e7/0x1040
[ 34.104916] ? check_same_owner+0x340/0x340
[ 34.109245] ? mark_held_locks+0x160/0x160
[ 34.113479] ? find_held_lock+0x36/0x1c0
[ 34.117539] preempt_schedule_common+0x22/0x60
[ 34.122117] _cond_resched+0x1d/0x30
[ 34.125828] wait_for_completion+0xa5/0x8d0
[ 34.130149] ? wait_for_completion_interruptible+0x950/0x950
[ 34.135950] ? __lockdep_init_map+0x105/0x590
[ 34.140452] ? __init_waitqueue_head+0x9e/0x150
[ 34.145118] ? init_wait_entry+0x1c0/0x1c0
[ 34.149357] __synchronize_srcu+0x189/0x240
[ 34.153681] ? call_srcu+0x10/0x10
[ 34.157222] ? rcu_unexpedite_gp+0x20/0x20
[ 34.161464] synchronize_srcu+0x335/0x56f
[ 34.165608] ? lock_downgrade+0x8f0/0x8f0
[ 34.169755] ? synchronize_srcu_expedited+0x20/0x20
[ 34.174771] ? kasan_check_read+0x11/0x20
[ 34.178917] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 34.183510] ? kasan_check_write+0x14/0x20
[ 34.187745] ? do_raw_spin_lock+0xc1/0x200
[ 34.191982] kvm_page_track_unregister_notifier+0x17d/0x250
[ 34.197694] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 34.203142] ? kvfree+0x61/0x70
[ 34.206427] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.211455] kvm_mmu_uninit_vm+0x1c/0x20
[ 34.215518] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 34.219930] ? kvm_arch_sync_events+0x30/0x30
[ 34.224430] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 34.229975] ? mmu_notifier_unregister+0x474/0x600
[ 34.234899] ? trace_hardirqs_on+0x2c0/0x2c0
[ 34.239308] ? kfree+0x111/0x210
[ 34.242671] ? __mmu_notifier_register+0x30/0x30
[ 34.247426] ? __free_pages+0x10a/0x190
[ 34.251441] ? free_unref_page+0x930/0x930
[ 34.255698] kvm_put_kvm+0x73f/0x1060
[ 34.259502] ? kvm_write_guest_cached+0x40/0x40
[ 34.264173] ? _raw_spin_unlock_irq+0x27/0x70
[ 34.268663] ? _raw_spin_unlock_irq+0x27/0x70
[ 34.273169] ? lockdep_hardirqs_on+0x421/0x5c0
[ 34.277754] ? kasan_check_write+0x14/0x20
[ 34.281986] ? do_raw_spin_lock+0xc1/0x200
[ 34.286218] ? kvm_irqfd_release+0xdd/0x120
[ 34.290537] ? kvm_irqfd_release+0xdd/0x120
[ 34.294870] ? kvm_put_kvm+0x1060/0x1060
[ 34.298937] kvm_vm_release+0x42/0x50
[ 34.302733] __fput+0x38a/0xa40
[ 34.306010] ? __alloc_file+0x400/0x400
[ 34.309986] ? check_same_owner+0x340/0x340
[ 34.314302] ? kasan_check_write+0x14/0x20
[ 34.318535] ? do_raw_spin_lock+0xc1/0x200
[ 34.322798] ____fput+0x15/0x20
[ 34.326076] task_work_run+0x1e8/0x2a0
[ 34.329974] ? task_work_cancel+0x240/0x240
[ 34.334303] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 34.339841] ? switch_task_namespaces+0xa2/0xd0
[ 34.344508] do_exit+0x1ae4/0x26e0
[ 34.348048] ? mm_update_next_owner+0x9a0/0x9a0
[ 34.352716] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 34.357165] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.362177] ? kfree+0x1d7/0x210
[ 34.365542] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 34.369786] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 34.375510] ? is_bpf_text_address+0xd7/0x170
[ 34.380000] ? kernel_text_address+0x79/0xf0
[ 34.384408] ? __kernel_text_address+0xd/0x40
[ 34.388902] ? unwind_get_return_address+0x61/0xa0
[ 34.393839] ? __save_stack_trace+0x8d/0xf0
[ 34.398161] ? save_stack+0xa9/0xd0
[ 34.401785] ? save_stack+0x43/0xd0
[ 34.405440] ? __kasan_slab_free+0x11a/0x170
[ 34.409871] ? kasan_slab_free+0xe/0x10
[ 34.413853] ? putname+0xf2/0x130
[ 34.417302] ? __x64_sys_openat+0x9d/0x100
[ 34.421535] ? do_syscall_64+0x1b9/0x820
[ 34.425592] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.430963] ? trace_hardirqs_off+0xb8/0x2b0
[ 34.435369] ? kasan_check_read+0x11/0x20
[ 34.439515] ? do_raw_spin_unlock+0xa7/0x2f0
[ 34.443920] ? trace_hardirqs_on+0x2c0/0x2c0
[ 34.448334] ? initcall_blacklisted+0x9a/0x1e0
[ 34.452917] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 34.458091] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 34.463816] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.469354] ? do_vfs_ioctl+0x201/0x1720
[ 34.473429] ? rcu_is_watching+0x8c/0x150
[ 34.477627] ? trace_hardirqs_on+0xbd/0x2c0
[ 34.481958] ? ioctl_preallocate+0x300/0x300
[ 34.486883] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.492416] ? __fget_light+0x2f7/0x440
[ 34.496394] ? fget_raw+0x20/0x20
[ 34.499842] ? putname+0xf2/0x130
[ 34.503296] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.508308] ? kmem_cache_free+0x246/0x280
[ 34.512538] ? putname+0xf7/0x130
[ 34.515995] do_group_exit+0x177/0x440
[ 34.519882] ? trace_hardirqs_on+0xbd/0x2c0
[ 34.524198] ? __ia32_sys_exit+0x50/0x50
[ 34.528257] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 34.533361] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.538894] ? ksys_ioctl+0x81/0xd0
[ 34.542525] __x64_sys_exit_group+0x3e/0x50
[ 34.546852] do_syscall_64+0x1b9/0x820
[ 34.550738] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 34.556103] ? syscall_return_slowpath+0x5e0/0x5e0
[ 34.561031] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.565897] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 34.570920] ? prepare_exit_to_usermode+0x291/0x3b0
[ 34.575958] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.580808] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.586007] RIP: 0033:0x43ecd8
[ 34.589205] Code: Bad RIP value.
[ 34.592582] RSP: 002b:00007ffd82a11bc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 34.600290] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8
[ 34.607552] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 34.614815] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 34.622078] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 34.629340] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 34.636609]
[ 34.638240] Allocated by task 4629:
[ 34.641870] save_stack+0x43/0xd0
[ 34.645321] kasan_kmalloc+0xc4/0xe0
[ 34.649030] kasan_slab_alloc+0x12/0x20
[ 34.652998] kmem_cache_alloc+0x12e/0x710
[ 34.657142] vmx_create_vcpu+0xcf/0x2830
[ 34.661228] kvm_arch_vcpu_create+0xe5/0x220
[ 34.665634] kvm_vm_ioctl+0x488/0x1d80
[ 34.669521] do_vfs_ioctl+0x1de/0x1720
[ 34.673402] ksys_ioctl+0xa9/0xd0
[ 34.676850] __x64_sys_ioctl+0x73/0xb0
[ 34.680748] do_syscall_64+0x1b9/0x820
[ 34.684657] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.689837]
[ 34.691462] Freed by task 4629:
[ 34.694754] save_stack+0x43/0xd0
[ 34.698201] __kasan_slab_free+0x11a/0x170
[ 34.702430] kasan_slab_free+0xe/0x10
[ 34.706233] kmem_cache_free+0x86/0x280
[ 34.710231] vmx_free_vcpu+0x26b/0x300
[ 34.714118] kvm_arch_destroy_vm+0x365/0x7c0
[ 34.718522] kvm_put_kvm+0x73f/0x1060
[ 34.722322] kvm_vm_release+0x42/0x50
[ 34.726116] __fput+0x38a/0xa40
[ 34.729388] ____fput+0x15/0x20
[ 34.732660] task_work_run+0x1e8/0x2a0
[ 34.736554] do_exit+0x1ae4/0x26e0
[ 34.740087] do_group_exit+0x177/0x440
[ 34.743972] __x64_sys_exit_group+0x3e/0x50
[ 34.748297] do_syscall_64+0x1b9/0x820
[ 34.752184] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.757363]
[ 34.758990] The buggy address belongs to the object at ffff8801b5680040
[ 34.758990] which belongs to the cache kvm_vcpu of size 23872
[ 34.771565] The buggy address is located 24 bytes inside of
[ 34.771565] 23872-byte region [ffff8801b5680040, ffff8801b5685d80)
[ 34.783526] The buggy address belongs to the page:
[ 34.788465] page:ffffea0006d5a000 count:1 mapcount:0 mapping:ffff8801d4a8bc00 index:0x0 compound_mapcount: 0
[ 34.798452] flags: 0x2fffc0000008100(slab|head)
[ 34.803133] raw: 02fffc0000008100 ffff8801d4a8aa48 ffff8801d4a8aa48 ffff8801d4a8bc00
[ 34.811021] raw: 0000000000000000 ffff8801b5680040 0000000100000001 0000000000000000
[ 34.818893] page dumped because: kasan: bad access detected
[ 34.824596]
[ 34.826217] Memory state around the buggy address:
[ 34.831142] ffff8801b567ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 34.838497] ffff8801b567ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 34.845852] >ffff8801b5680000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 34.853204] ^
[ 34.859433] ffff8801b5680080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 34.866796] ffff8801b5680100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 34.874146] ==================================================================
[ 34.881499] Kernel panic - not syncing: panic_on_warn set ...
[ 34.881499]
[ 34.888867] CPU: 1 PID: 4629 Comm: syz-executor457 Tainted: G B 4.19.0-rc1+ #219
[ 34.897697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.907048] Call Trace:
[ 34.909649] dump_stack+0x1c9/0x2b4
[ 34.913281] ? dump_stack_print_info.cold.2+0x52/0x52
[ 34.918473] ? lock_downgrade+0x8f0/0x8f0
[ 34.922618] ? __schedule+0xf54/0x1df0
[ 34.926502] panic+0x238/0x4e7
[ 34.929690] ? add_taint.cold.5+0x16/0x16
[ 34.933844] ? print_shadow_for_address+0xba/0x116
[ 34.938770] ? trace_hardirqs_off+0xaf/0x2b0
[ 34.943177] ? trace_hardirqs_off+0x77/0x2b0
[ 34.947586] ? __schedule+0xf54/0x1df0
[ 34.951476] kasan_end_report+0x47/0x4f
[ 34.955453] kasan_report.cold.7+0x76/0x30d
[ 34.959775] __asan_report_load8_noabort+0x14/0x20
[ 34.964703] __schedule+0xf54/0x1df0
[ 34.968414] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 34.973522] ? __sched_text_start+0x8/0x8
[ 34.977672] ? __call_srcu+0x7e7/0x1040
[ 34.981651] ? check_same_owner+0x340/0x340
[ 34.985969] ? mark_held_locks+0x160/0x160
[ 34.990202] ? find_held_lock+0x36/0x1c0
[ 34.994266] preempt_schedule_common+0x22/0x60
[ 34.998849] _cond_resched+0x1d/0x30
[ 35.002566] wait_for_completion+0xa5/0x8d0
[ 35.006890] ? wait_for_completion_interruptible+0x950/0x950
[ 35.012692] ? __lockdep_init_map+0x105/0x590
[ 35.017190] ? __init_waitqueue_head+0x9e/0x150
[ 35.021858] ? init_wait_entry+0x1c0/0x1c0
[ 35.026100] __synchronize_srcu+0x189/0x240
[ 35.030420] ? call_srcu+0x10/0x10
[ 35.033964] ? rcu_unexpedite_gp+0x20/0x20
[ 35.038206] synchronize_srcu+0x335/0x56f
[ 35.042351] ? lock_downgrade+0x8f0/0x8f0
[ 35.046510] ? synchronize_srcu_expedited+0x20/0x20
[ 35.051526] ? kasan_check_read+0x11/0x20
[ 35.055673] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 35.060273] ? kasan_check_write+0x14/0x20
[ 35.064506] ? do_raw_spin_lock+0xc1/0x200
[ 35.068747] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.074474] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 35.079945] ? kvfree+0x61/0x70
[ 35.083228] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.088337] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.092395] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.096805] ? kvm_arch_sync_events+0x30/0x30
[ 35.101325] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.106863] ? mmu_notifier_unregister+0x474/0x600
[ 35.111790] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.116194] ? kfree+0x111/0x210
[ 35.119579] ? __mmu_notifier_register+0x30/0x30
[ 35.124336] ? __free_pages+0x10a/0x190
[ 35.128312] ? free_unref_page+0x930/0x930
[ 35.132554] kvm_put_kvm+0x73f/0x1060
[ 35.136365] ? kvm_write_guest_cached+0x40/0x40
[ 35.141058] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.145550] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.150046] ? lockdep_hardirqs_on+0x421/0x5c0
[ 35.154631] ? kasan_check_write+0x14/0x20
[ 35.158862] ? do_raw_spin_lock+0xc1/0x200
[ 35.163100] ? kvm_irqfd_release+0xdd/0x120
[ 35.167416] ? kvm_irqfd_release+0xdd/0x120
[ 35.171740] ? kvm_put_kvm+0x1060/0x1060
[ 35.175799] kvm_vm_release+0x42/0x50
[ 35.179603] __fput+0x38a/0xa40
[ 35.182885] ? __alloc_file+0x400/0x400
[ 35.186861] ? check_same_owner+0x340/0x340
[ 35.191180] ? kasan_check_write+0x14/0x20
[ 35.195414] ? do_raw_spin_lock+0xc1/0x200
[ 35.199711] ____fput+0x15/0x20
[ 35.203023] task_work_run+0x1e8/0x2a0
[ 35.206906] ? task_work_cancel+0x240/0x240
[ 35.211240] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.216777] ? switch_task_namespaces+0xa2/0xd0
[ 35.221450] do_exit+0x1ae4/0x26e0
[ 35.224992] ? mm_update_next_owner+0x9a0/0x9a0
[ 35.229662] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 35.233897] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.238916] ? kfree+0x1d7/0x210
[ 35.242290] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 35.246522] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 35.252237] ? is_bpf_text_address+0xd7/0x170
[ 35.256730] ? kernel_text_address+0x79/0xf0
[ 35.261149] ? __kernel_text_address+0xd/0x40
[ 35.265684] ? unwind_get_return_address+0x61/0xa0
[ 35.270619] ? __save_stack_trace+0x8d/0xf0
[ 35.274954] ? save_stack+0xa9/0xd0
[ 35.278605] ? save_stack+0x43/0xd0
[ 35.282244] ? __kasan_slab_free+0x11a/0x170
[ 35.286648] ? kasan_slab_free+0xe/0x10
[ 35.290622] ? putname+0xf2/0x130
[ 35.294073] ? __x64_sys_openat+0x9d/0x100
[ 35.298307] ? do_syscall_64+0x1b9/0x820
[ 35.302365] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.307727] ? trace_hardirqs_off+0xb8/0x2b0
[ 35.312129] ? kasan_check_read+0x11/0x20
[ 35.316273] ? do_raw_spin_unlock+0xa7/0x2f0
[ 35.320708] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.325132] ? initcall_blacklisted+0x9a/0x1e0
[ 35.329712] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 35.334826] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 35.340564] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.346098] ? do_vfs_ioctl+0x201/0x1720
[ 35.350158] ? rcu_is_watching+0x8c/0x150
[ 35.354303] ? trace_hardirqs_on+0xbd/0x2c0
[ 35.358625] ? ioctl_preallocate+0x300/0x300
[ 35.363030] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.368566] ? __fget_light+0x2f7/0x440
[ 35.372538] ? fget_raw+0x20/0x20
[ 35.375987] ? putname+0xf2/0x130
[ 35.379446] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.384467] ? kmem_cache_free+0x246/0x280
[ 35.388702] ? putname+0xf7/0x130
[ 35.392160] do_group_exit+0x177/0x440
[ 35.396046] ? trace_hardirqs_on+0xbd/0x2c0
[ 35.400365] ? __ia32_sys_exit+0x50/0x50
[ 35.404425] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 35.409534] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.415086] ? ksys_ioctl+0x81/0xd0
[ 35.418715] __x64_sys_exit_group+0x3e/0x50
[ 35.423041] do_syscall_64+0x1b9/0x820
[ 35.426940] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 35.432306] ? syscall_return_slowpath+0x5e0/0x5e0
[ 35.437233] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.442076] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 35.447093] ? prepare_exit_to_usermode+0x291/0x3b0
[ 35.452114] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.456967] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.462154] RIP: 0033:0x43ecd8
[ 35.465351] Code: Bad RIP value.
[ 35.468709] RSP: 002b:00007ffd82a11bc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 35.476414] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8
[ 35.483684] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 35.491397] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 35.498659] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 35.505931] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 35.513208]
[ 35.513214] ======================================================
[ 35.513219] WARNING: possible circular locking dependency detected
[ 35.513223] 4.19.0-rc1+ #219 Not tainted
[ 35.513229] ------------------------------------------------------
[ 35.513234] syz-executor457/4629 is trying to acquire lock:
[ 35.513237] 0000000022f01b28 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 35.513253]
[ 35.513257] but task is already holding lock:
[ 35.513260] 00000000e3e749f5 (report_lock){....}, at: kasan_report+0x8e/0x110
[ 35.513274]
[ 35.513279] which lock already depends on the new lock.
[ 35.513281]
[ 35.513283]
[ 35.513288] the existing dependency chain (in reverse order) is:
[ 35.513291]
[ 35.513293] -> #3 (report_lock){....}:
[ 35.513308] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.513311] kasan_report+0x8e/0x110
[ 35.513316] __asan_report_load8_noabort+0x14/0x20
[ 35.513320] __schedule+0xf54/0x1df0
[ 35.513324] preempt_schedule_common+0x22/0x60
[ 35.513328] _cond_resched+0x1d/0x30
[ 35.513332] wait_for_completion+0xa5/0x8d0
[ 35.513336] __synchronize_srcu+0x189/0x240
[ 35.513340] synchronize_srcu+0x335/0x56f
[ 35.513345] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.513349] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.513354] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.513358] kvm_put_kvm+0x73f/0x1060
[ 35.513362] kvm_vm_release+0x42/0x50
[ 35.513365] __fput+0x38a/0xa40
[ 35.513369] ____fput+0x15/0x20
[ 35.513373] task_work_run+0x1e8/0x2a0
[ 35.513376] do_exit+0x1ae4/0x26e0
[ 35.513380] do_group_exit+0x177/0x440
[ 35.513385] __x64_sys_exit_group+0x3e/0x50
[ 35.513389] do_syscall_64+0x1b9/0x820
[ 35.513393] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.513395]
[ 35.513398] -> #2 (&rq->lock){-.-.}:
[ 35.513412] _raw_spin_lock+0x2a/0x40
[ 35.513416] task_fork_fair+0x93/0x680
[ 35.513419] sched_fork+0x44b/0xbd0
[ 35.513423] copy_process+0x235e/0x7ad0
[ 35.513427] _do_fork+0x1ca/0x1170
[ 35.513431] kernel_thread+0x34/0x40
[ 35.513440] rest_init+0x22/0xe4
[ 35.513444] start_kernel+0x913/0x94e
[ 35.513449] x86_64_start_reservations+0x29/0x2b
[ 35.513453] x86_64_start_kernel+0x76/0x79
[ 35.513457] secondary_startup_64+0xa4/0xb0
[ 35.513459]
[ 35.513461] -> #1 (&p->pi_lock){-.-.}:
[ 35.513476] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.513480] try_to_wake_up+0xd2/0x1250
[ 35.513484] wake_up_process+0x10/0x20
[ 35.513488] __up.isra.1+0x1c0/0x2a0
[ 35.513491] up+0x13c/0x1c0
[ 35.513495] __up_console_sem+0xbe/0x1b0
[ 35.513499] console_unlock+0x506/0x10d0
[ 35.513503] vprintk_emit+0x33a/0x910
[ 35.513507] vprintk_default+0x28/0x30
[ 35.513511] vprintk_func+0x7a/0x117
[ 35.513514] printk+0xa7/0xcf
[ 35.513518] do_exit.cold.22+0x120/0x21f
[ 35.513522] do_group_exit+0x177/0x440
[ 35.513527] __x64_sys_exit_group+0x3e/0x50
[ 35.513531] do_syscall_64+0x1b9/0x820
[ 35.513535] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.513538]
[ 35.513540] -> #0 ((console_sem).lock){-...}:
[ 35.513554] lock_acquire+0x1e4/0x4f0
[ 35.513559] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.513562] down_trylock+0x13/0x70
[ 35.513567] __down_trylock_console_sem+0xae/0x200
[ 35.513571] console_trylock+0x15/0xa0
[ 35.513575] vprintk_emit+0x31f/0x910
[ 35.513579] vprintk_default+0x28/0x30
[ 35.513582] vprintk_func+0x7a/0x117
[ 35.513586] printk+0xa7/0xcf
[ 35.513590] kasan_report+0x9e/0x110
[ 35.513594] __asan_report_load8_noabort+0x14/0x20
[ 35.513598] __schedule+0xf54/0x1df0
[ 35.513602] preempt_schedule_common+0x22/0x60
[ 35.513606] _cond_resched+0x1d/0x30
[ 35.513610] wait_for_completion+0xa5/0x8d0
[ 35.513614] __synchronize_srcu+0x189/0x240
[ 35.513618] synchronize_srcu+0x335/0x56f
[ 35.513623] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.513627] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.513632] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.513635] kvm_put_kvm+0x73f/0x1060
[ 35.513639] kvm_vm_release+0x42/0x50
[ 35.513643] __fput+0x38a/0xa40
[ 35.513646] ____fput+0x15/0x20
[ 35.513650] task_work_run+0x1e8/0x2a0
[ 35.513654] do_exit+0x1ae4/0x26e0
[ 35.513658] do_group_exit+0x177/0x440
[ 35.513662] __x64_sys_exit_group+0x3e/0x50
[ 35.513666] do_syscall_64+0x1b9/0x820
[ 35.513671] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.513673]
[ 35.513677] other info that might help us debug this:
[ 35.513679]
[ 35.513682] Chain exists of:
[ 35.513685] (console_sem).lock --> &rq->lock --> report_lock
[ 35.513703]
[ 35.513707] Possible unsafe locking scenario:
[ 35.513709]
[ 35.513713] CPU0 CPU1
[ 35.513717] ---- ----
[ 35.513720] lock(report_lock);
[ 35.513729] lock(&rq->lock);
[ 35.513738] lock(report_lock);
[ 35.513746] lock((console_sem).lock);
[ 35.513754]
[ 35.513758] *** DEADLOCK ***
[ 35.513760]
[ 35.513764] 2 locks held by syz-executor457/4629:
[ 35.513766] #0: 00000000275163c9 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[ 35.513783] #1: 00000000e3e749f5 (report_lock){....}, at: kasan_report+0x8e/0x110
[ 35.513800]
[ 35.513803] stack backtrace:
[ 35.513809] CPU: 1 PID: 4629 Comm: syz-executor457 Not tainted 4.19.0-rc1+ #219
[ 35.513817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 35.513820] Call Trace:
[ 35.513823] dump_stack+0x1c9/0x2b4
[ 35.513828] ? dump_stack_print_info.cold.2+0x52/0x52
[ 35.513832] ? vprintk_func+0x100/0x117
[ 35.513837] print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[ 35.513841] ? save_trace+0xe0/0x290
[ 35.513845] __lock_acquire+0x3449/0x5020
[ 35.513849] ? mark_held_locks+0x160/0x160
[ 35.513853] ? mark_held_locks+0x160/0x160
[ 35.513857] ? rcu_cleanup_dead_rnp+0x200/0x200
[ 35.513861] ? is_bpf_text_address+0xd7/0x170
[ 35.513866] ? kernel_text_address+0x79/0xf0
[ 35.513870] ? __kernel_text_address+0xd/0x40
[ 35.513874] ? __save_stack_trace+0x8d/0xf0
[ 35.513879] ? add_lock_to_list.isra.27+0x1ec/0x4b0
[ 35.513882] ? save_trace+0x290/0x290
[ 35.513886] ? save_stack_trace+0x1a/0x20
[ 35.513890] ? save_trace+0xe0/0x290
[ 35.513894] ? graph_lock+0x170/0x170
[ 35.513899] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.513903] lock_acquire+0x1e4/0x4f0
[ 35.513906] ? down_trylock+0x13/0x70
[ 35.513910] ? lock_release+0x9f0/0x9f0
[ 35.513914] ? trace_hardirqs_off+0xb8/0x2b0
[ 35.513919] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.513930] ? trace_hardirqs_off+0xb8/0x2b0
[ 35.513934] ? log_store+0x34f/0x4c0
[ 35.513937] ? vprintk_emit+0x31f/0x910
[ 35.513942] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.513946] ? down_trylock+0x13/0x70
[ 35.513950] down_trylock+0x13/0x70
[ 35.513954] __down_trylock_console_sem+0xae/0x200
[ 35.513958] console_trylock+0x15/0xa0
[ 35.513962] vprintk_emit+0x31f/0x910
[ 35.513966] ? wake_up_klogd+0x110/0x110
[ 35.513970] ? run_rebalance_domains+0x4c0/0x4c0
[ 35.513974] ? kasan_check_read+0x11/0x20
[ 35.513978] ? rcu_is_watching+0x8c/0x150
[ 35.513982] ? rcu_pm_notify+0xc0/0xc0
[ 35.513986] ? lock_acquire+0x1e4/0x4f0
[ 35.513990] ? kasan_report+0x8e/0x110
[ 35.513994] ? __schedule+0xf54/0x1df0
[ 35.513998] vprintk_default+0x28/0x30
[ 35.514001] vprintk_func+0x7a/0x117
[ 35.514005] printk+0xa7/0xcf
[ 35.514009] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 35.514013] ? kasan_check_write+0x14/0x20
[ 35.514017] ? do_raw_spin_lock+0xc1/0x200
[ 35.514021] ? do_raw_spin_lock+0xc1/0x200
[ 35.514025] kasan_report+0x9e/0x110
[ 35.514029] __asan_report_load8_noabort+0x14/0x20
[ 35.514033] __schedule+0xf54/0x1df0
[ 35.514038] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 35.514042] ? __sched_text_start+0x8/0x8
[ 35.514046] ? __call_srcu+0x7e7/0x1040
[ 35.514050] ? check_same_owner+0x340/0x340
[ 35.514054] ? mark_held_locks+0x160/0x160
[ 35.514058] ? find_held_lock+0x36/0x1c0
[ 35.514062] preempt_schedule_common+0x22/0x60
[ 35.514066] _cond_resched+0x1d/0x30
[ 35.514070] wait_for_completion+0xa5/0x8d0
[ 35.514075] ? wait_for_completion_interruptible+0x950/0x950
[ 35.514079] ? __lockdep_init_map+0x105/0x590
[ 35.514083] ? __init_waitqueue_head+0x9e/0x150
[ 35.514087] ? init_wait_entry+0x1c0/0x1c0
[ 35.514092] __synchronize_srcu+0x189/0x240
[ 35.514095] ? call_srcu+0x10/0x10
[ 35.514099] ? rcu_unexpedite_gp+0x20/0x20
[ 35.514103] synchronize_srcu+0x335/0x56f
[ 35.514107] ? lock_downgrade+0x8f0/0x8f0
[ 35.514112] ? synchronize_srcu_expedited+0x20/0x20
[ 35.514116] ? kasan_check_read+0x11/0x20
[ 35.514120] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 35.514125] ? kasan_check_write+0x14/0x20
[ 35.514129] ? do_raw_spin_lock+0xc1/0x200
[ 35.514134] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.514139] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 35.514142] ? kvfree+0x61/0x70
[ 35.514147] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.514151] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.514155] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.514159] ? kvm_arch_sync_events+0x30/0x30
[ 35.514164] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.514169] ? mmu_notifier_unregister+0x474/0x600
[ 35.514173] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.514177] ? kfree+0x111/0x210
[ 35.514181] ? __mmu_notifier_register+0x30/0x30
[ 35.514185] ? __free_pages+0x10a/0x190
[ 35.514189] ? free_unref_page+0x930/0x930
[ 35.514193] kvm_put_kvm+0x73f/0x1060
[ 35.514197] ? kvm_write_guest_cached+0x40/0x40
[ 35.514201] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.514206] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.514210] ? lockdep_hardirqs_on+0x421/0x5c0
[ 35.514214] ? kasan_check_write+0x14/0x20
[ 35.514218] ? do_raw_spin_lock+0xc1/0x200
[ 35.514222] ? kvm_irqfd_release+0xdd/0x120
[ 35.514226] ? kvm_irqfd_release+0xdd/0x120
[ 35.514230] ? kvm_put_kvm+0x1060/0x1060
[ 35.514234] kvm_vm_release+0x42/0x50
[ 35.514238] __fput+0x38a/0xa40
[ 35.514241] ? __alloc_file+0x400/0x400
[ 35.514246] ? check_same_owner+0x340/0x340
[ 35.514250] ? kasan_check_write+0x14/0x20
[ 35.514254] ? do_raw_spin_lock+0xc1/0x200
[ 35.514257] ____fput+0x15/0x20
[ 35.514261] task_work_run+0x1e8/0x2a0
[ 35.514265] ? task_work_cancel+0x240/0x240
[ 35.514270] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.514274] ? switch_task_namespaces+0xa2/0xd0
[ 35.514278] do_exit+0x1ae4/0x26e0
[ 35.514282] ? mm_update_next_owner+0x9a0/0x9a0
[ 35.514286] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 35.514291] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.514294] ? kfree+0x1d7/0x210
[ 35.514298] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 35.514303] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 35.514306] ? is_bpf_tex
[ 35.514314] Lost 55 message(s)!
[ 36.579882] Shutting down cpus with NMI
[ 37.638345] Dumping ftrace buffer:
[ 37.641871] (ftrace buffer empty)
[ 37.645560] Kernel Offset: disabled
[ 37.649173] Rebooting in 86400 seconds..