[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 23.040089] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 27.683666] random: sshd: uninitialized urandom read (32 bytes read)
[ 28.069526] random: sshd: uninitialized urandom read (32 bytes read)
[ 28.595551] random: sshd: uninitialized urandom read (32 bytes read)
[ 28.784265] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts.
[ 34.346432] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 34.449106] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 34.474678] ==================================================================
[ 34.484585] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[ 34.490826] Read of size 8 at addr ffff8801b59a0058 by task syz-executor552/4673
[ 34.498386]
[ 34.500029] CPU: 0 PID: 4673 Comm: syz-executor552 Not tainted 4.19.0-rc1+ #218
[ 34.507482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.516844] Call Trace:
[ 34.519454] dump_stack+0x1c9/0x2b4
[ 34.523099] ? dump_stack_print_info.cold.2+0x52/0x52
[ 34.528312] ? printk+0xa7/0xcf
[ 34.531611] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 34.536415] ? __schedule+0xf54/0x1df0
[ 34.540318] print_address_description+0x6c/0x20b
[ 34.545190] ? __schedule+0xf54/0x1df0
[ 34.549095] kasan_report.cold.7+0x242/0x30d
[ 34.553520] __asan_report_load8_noabort+0x14/0x20
[ 34.558464] __schedule+0xf54/0x1df0
[ 34.562191] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 34.567308] ? __sched_text_start+0x8/0x8
[ 34.571469] ? __call_srcu+0x7e7/0x1040
[ 34.575467] ? check_same_owner+0x340/0x340
[ 34.579807] ? mark_held_locks+0x160/0x160
[ 34.584065] ? find_held_lock+0x36/0x1c0
[ 34.588142] preempt_schedule_common+0x22/0x60
[ 34.592746] _cond_resched+0x1d/0x30
[ 34.596474] wait_for_completion+0xa5/0x8d0
[ 34.600825] ? wait_for_completion_interruptible+0x950/0x950
[ 34.606638] ? __lockdep_init_map+0x105/0x590
[ 34.611147] ? __init_waitqueue_head+0x9e/0x150
[ 34.615824] ? init_wait_entry+0x1c0/0x1c0
[ 34.620072] __synchronize_srcu+0x189/0x240
[ 34.624414] ? call_srcu+0x10/0x10
[ 34.627964] ? rcu_unexpedite_gp+0x20/0x20
[ 34.632285] synchronize_srcu+0x335/0x56f
[ 34.636456] ? lock_downgrade+0x8f0/0x8f0
[ 34.640613] ? synchronize_srcu_expedited+0x20/0x20
[ 34.645711] ? kasan_check_read+0x11/0x20
[ 34.650087] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 34.654679] ? kasan_check_write+0x14/0x20
[ 34.658923] ? do_raw_spin_lock+0xc1/0x200
[ 34.663172] kvm_page_track_unregister_notifier+0x17d/0x250
[ 34.669029] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 34.674489] ? kvfree+0x61/0x70
[ 34.677784] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.682815] kvm_mmu_uninit_vm+0x1c/0x20
[ 34.686889] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 34.691312] ? kvm_arch_sync_events+0x30/0x30
[ 34.695822] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 34.701400] ? mmu_notifier_unregister+0x474/0x600
[ 34.706427] ? trace_hardirqs_on+0x2c0/0x2c0
[ 34.710850] ? kfree+0x111/0x210
[ 34.714237] ? __mmu_notifier_register+0x30/0x30
[ 34.719006] ? __free_pages+0x10a/0x190
[ 34.722996] ? free_unref_page+0x930/0x930
[ 34.727255] kvm_put_kvm+0x73f/0x1060
[ 34.731080] ? kvm_write_guest_cached+0x40/0x40
[ 34.735766] ? _raw_spin_unlock_irq+0x27/0x70
[ 34.740270] ? _raw_spin_unlock_irq+0x27/0x70
[ 34.744777] ? lockdep_hardirqs_on+0x421/0x5c0
[ 34.749465] ? kasan_check_write+0x14/0x20
[ 34.753710] ? do_raw_spin_lock+0xc1/0x200
[ 34.757965] ? kvm_irqfd_release+0xdd/0x120
[ 34.762292] ? kvm_irqfd_release+0xdd/0x120
[ 34.766624] ? kvm_put_kvm+0x1060/0x1060
[ 34.770698] kvm_vm_release+0x42/0x50
[ 34.774508] __fput+0x38a/0xa40
[ 34.777801] ? __alloc_file+0x400/0x400
[ 34.781791] ? check_same_owner+0x340/0x340
[ 34.786121] ? kasan_check_write+0x14/0x20
[ 34.790395] ? do_raw_spin_lock+0xc1/0x200
[ 34.794643] ____fput+0x15/0x20
[ 34.797932] task_work_run+0x1e8/0x2a0
[ 34.801828] ? task_work_cancel+0x240/0x240
[ 34.806162] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 34.811744] ? switch_task_namespaces+0xa2/0xd0
[ 34.816427] do_exit+0x1ae4/0x26e0
[ 34.819983] ? mm_update_next_owner+0x9a0/0x9a0
[ 34.824666] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 34.828912] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.833938] ? kfree+0x1d7/0x210
[ 34.837318] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 34.841690] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 34.847420] ? is_bpf_text_address+0xd7/0x170
[ 34.851924] ? kernel_text_address+0x79/0xf0
[ 34.856340] ? __kernel_text_address+0xd/0x40
[ 34.860943] ? unwind_get_return_address+0x61/0xa0
[ 34.865888] ? __save_stack_trace+0x8d/0xf0
[ 34.870229] ? save_stack+0xa9/0xd0
[ 34.873865] ? save_stack+0x43/0xd0
[ 34.877506] ? __kasan_slab_free+0x11a/0x170
[ 34.881925] ? kasan_slab_free+0xe/0x10
[ 34.885908] ? putname+0xf2/0x130
[ 34.889396] ? __x64_sys_openat+0x9d/0x100
[ 34.893655] ? do_syscall_64+0x1b9/0x820
[ 34.897735] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.903118] ? trace_hardirqs_off+0xb8/0x2b0
[ 34.907538] ? kasan_check_read+0x11/0x20
[ 34.911694] ? do_raw_spin_unlock+0xa7/0x2f0
[ 34.916112] ? trace_hardirqs_on+0x2c0/0x2c0
[ 34.920533] ? initcall_blacklisted+0x9a/0x1e0
[ 34.925168] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 34.930299] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 34.936023] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.941575] ? do_vfs_ioctl+0x201/0x1720
[ 34.945643] ? rcu_is_watching+0x8c/0x150
[ 34.949799] ? trace_hardirqs_on+0xbd/0x2c0
[ 34.954214] ? ioctl_preallocate+0x300/0x300
[ 34.958639] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.964188] ? __fget_light+0x2f7/0x440
[ 34.968175] ? fget_raw+0x20/0x20
[ 34.971637] ? putname+0xf2/0x130
[ 34.975102] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.980126] ? kmem_cache_free+0x246/0x280
[ 34.984396] ? putname+0xf7/0x130
[ 34.987867] do_group_exit+0x177/0x440
[ 34.991780] ? trace_hardirqs_on+0xbd/0x2c0
[ 34.996192] ? __ia32_sys_exit+0x50/0x50
[ 35.000262] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 35.005404] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.010956] ? ksys_ioctl+0x81/0xd0
[ 35.014607] __x64_sys_exit_group+0x3e/0x50
[ 35.018941] do_syscall_64+0x1b9/0x820
[ 35.022840] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 35.028306] ? syscall_return_slowpath+0x5e0/0x5e0
[ 35.033249] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.038102] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 35.043130] ? prepare_exit_to_usermode+0x291/0x3b0
[ 35.048218] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.053076] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.058271] RIP: 0033:0x43ecc8
[ 35.061475] Code: Bad RIP value.
[ 35.064844] RSP: 002b:00007fff5cb769e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 35.073084] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8
[ 35.080388] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 35.087668] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 35.095032] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 35.102307] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 35.109584]
[ 35.111215] Allocated by task 4673:
[ 35.114858] save_stack+0x43/0xd0
[ 35.118324] kasan_kmalloc+0xc4/0xe0
[ 35.122072] kasan_slab_alloc+0x12/0x20
[ 35.126064] kmem_cache_alloc+0x12e/0x710
[ 35.130219] vmx_create_vcpu+0xcf/0x2830
[ 35.134289] kvm_arch_vcpu_create+0xe5/0x220
[ 35.138717] kvm_vm_ioctl+0x488/0x1d80
[ 35.142617] do_vfs_ioctl+0x1de/0x1720
[ 35.146512] ksys_ioctl+0xa9/0xd0
[ 35.149974] __x64_sys_ioctl+0x73/0xb0
[ 35.154008] do_syscall_64+0x1b9/0x820
[ 35.157904] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.163092]
[ 35.164723] Freed by task 4673:
[ 35.168008] save_stack+0x43/0xd0
[ 35.171468] __kasan_slab_free+0x11a/0x170
[ 35.175718] kasan_slab_free+0xe/0x10
[ 35.179527] kmem_cache_free+0x86/0x280
[ 35.183512] vmx_free_vcpu+0x26b/0x300
[ 35.187414] kvm_arch_destroy_vm+0x365/0x7c0
[ 35.191829] kvm_put_kvm+0x73f/0x1060
[ 35.195636] kvm_vm_release+0x42/0x50
[ 35.199443] __fput+0x38a/0xa40
[ 35.202729] ____fput+0x15/0x20
[ 35.206013] task_work_run+0x1e8/0x2a0
[ 35.209911] do_exit+0x1ae4/0x26e0
[ 35.213461] do_group_exit+0x177/0x440
[ 35.217385] __x64_sys_exit_group+0x3e/0x50
[ 35.221719] do_syscall_64+0x1b9/0x820
[ 35.225619] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.230808]
[ 35.232444] The buggy address belongs to the object at ffff8801b59a0040
[ 35.232444] which belongs to the cache kvm_vcpu of size 23872
[ 35.245025] The buggy address is located 24 bytes inside of
[ 35.245025] 23872-byte region [ffff8801b59a0040, ffff8801b59a5d80)
[ 35.256987] The buggy address belongs to the page:
[ 35.261924] page:ffffea0006d66800 count:1 mapcount:0 mapping:ffff8801d5226d80 index:0x0 compound_mapcount: 0
[ 35.271904] flags: 0x2fffc0000008100(slab|head)
[ 35.276584] raw: 02fffc0000008100 ffff8801d5221e48 ffff8801d5221e48 ffff8801d5226d80
[ 35.284473] raw: 0000000000000000 ffff8801b59a0040 0000000100000001 0000000000000000
[ 35.292383] page dumped because: kasan: bad access detected
[ 35.298093]
[ 35.299720] Memory state around the buggy address:
[ 35.304655] ffff8801b599ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 35.312017] ffff8801b599ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 35.319396] >ffff8801b59a0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 35.326749] ^
[ 35.332980] ffff8801b59a0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 35.340335] ffff8801b59a0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 35.347695] ==================================================================
[ 35.355069] Kernel panic - not syncing: panic_on_warn set ...
[ 35.355069]
[ 35.362434] CPU: 0 PID: 4673 Comm: syz-executor552 Tainted: G B 4.19.0-rc1+ #218
[ 35.371261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 35.380603] Call Trace:
[ 35.383194] dump_stack+0x1c9/0x2b4
[ 35.386824] ? dump_stack_print_info.cold.2+0x52/0x52
[ 35.392018] ? lock_downgrade+0x8f0/0x8f0
[ 35.396163] ? __schedule+0xf54/0x1df0
[ 35.400050] panic+0x238/0x4e7
[ 35.403237] ? add_taint.cold.5+0x16/0x16
[ 35.407404] ? print_shadow_for_address+0xba/0x116
[ 35.412331] ? trace_hardirqs_off+0xaf/0x2b0
[ 35.416761] ? trace_hardirqs_off+0x77/0x2b0
[ 35.421167] ? __schedule+0xf54/0x1df0
[ 35.425063] kasan_end_report+0x47/0x4f
[ 35.429038] kasan_report.cold.7+0x76/0x30d
[ 35.433375] __asan_report_load8_noabort+0x14/0x20
[ 35.438317] __schedule+0xf54/0x1df0
[ 35.442033] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 35.447142] ? __sched_text_start+0x8/0x8
[ 35.451295] ? __call_srcu+0x7e7/0x1040
[ 35.455282] ? check_same_owner+0x340/0x340
[ 35.459612] ? mark_held_locks+0x160/0x160
[ 35.463849] ? find_held_lock+0x36/0x1c0
[ 35.467915] preempt_schedule_common+0x22/0x60
[ 35.472500] _cond_resched+0x1d/0x30
[ 35.476215] wait_for_completion+0xa5/0x8d0
[ 35.480545] ? wait_for_completion_interruptible+0x950/0x950
[ 35.486365] ? __lockdep_init_map+0x105/0x590
[ 35.490880] ? __init_waitqueue_head+0x9e/0x150
[ 35.495553] ? init_wait_entry+0x1c0/0x1c0
[ 35.499797] __synchronize_srcu+0x189/0x240
[ 35.504123] ? call_srcu+0x10/0x10
[ 35.507672] ? rcu_unexpedite_gp+0x20/0x20
[ 35.511917] synchronize_srcu+0x335/0x56f
[ 35.516082] ? lock_downgrade+0x8f0/0x8f0
[ 35.520234] ? synchronize_srcu_expedited+0x20/0x20
[ 35.525256] ? kasan_check_read+0x11/0x20
[ 35.529416] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 35.534005] ? kasan_check_write+0x14/0x20
[ 35.538246] ? do_raw_spin_lock+0xc1/0x200
[ 35.542494] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.548214] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 35.553673] ? kvfree+0x61/0x70
[ 35.556963] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.561991] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.566059] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.570476] ? kvm_arch_sync_events+0x30/0x30
[ 35.574983] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.580535] ? mmu_notifier_unregister+0x474/0x600
[ 35.585478] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.589895] ? kfree+0x111/0x210
[ 35.593274] ? __mmu_notifier_register+0x30/0x30
[ 35.598041] ? __free_pages+0x10a/0x190
[ 35.602034] ? free_unref_page+0x930/0x930
[ 35.606286] kvm_put_kvm+0x73f/0x1060
[ 35.610109] ? kvm_write_guest_cached+0x40/0x40
[ 35.614792] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.619300] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.623804] ? lockdep_hardirqs_on+0x421/0x5c0
[ 35.628423] ? kasan_check_write+0x14/0x20
[ 35.632671] ? do_raw_spin_lock+0xc1/0x200
[ 35.636922] ? kvm_irqfd_release+0xdd/0x120
[ 35.641253] ? kvm_irqfd_release+0xdd/0x120
[ 35.645588] ? kvm_put_kvm+0x1060/0x1060
[ 35.649661] kvm_vm_release+0x42/0x50
[ 35.653474] __fput+0x38a/0xa40
[ 35.656767] ? __alloc_file+0x400/0x400
[ 35.660769] ? check_same_owner+0x340/0x340
[ 35.665102] ? kasan_check_write+0x14/0x20
[ 35.669345] ? do_raw_spin_lock+0xc1/0x200
[ 35.673621] ____fput+0x15/0x20
[ 35.676909] task_work_run+0x1e8/0x2a0
[ 35.680810] ? task_work_cancel+0x240/0x240
[ 35.685146] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.690693] ? switch_task_namespaces+0xa2/0xd0
[ 35.695400] do_exit+0x1ae4/0x26e0
[ 35.698953] ? mm_update_next_owner+0x9a0/0x9a0
[ 35.703632] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 35.707878] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.712905] ? kfree+0x1d7/0x210
[ 35.716293] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 35.720539] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 35.726264] ? is_bpf_text_address+0xd7/0x170
[ 35.730768] ? kernel_text_address+0x79/0xf0
[ 35.735216] ? __kernel_text_address+0xd/0x40
[ 35.739722] ? unwind_get_return_address+0x61/0xa0
[ 35.744666] ? __save_stack_trace+0x8d/0xf0
[ 35.749002] ? save_stack+0xa9/0xd0
[ 35.752641] ? save_stack+0x43/0xd0
[ 35.756287] ? __kasan_slab_free+0x11a/0x170
[ 35.760706] ? kasan_slab_free+0xe/0x10
[ 35.764690] ? putname+0xf2/0x130
[ 35.768157] ? __x64_sys_openat+0x9d/0x100
[ 35.772541] ? do_syscall_64+0x1b9/0x820
[ 35.776616] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.782133] ? trace_hardirqs_off+0xb8/0x2b0
[ 35.786551] ? kasan_check_read+0x11/0x20
[ 35.790710] ? do_raw_spin_unlock+0xa7/0x2f0
[ 35.795131] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.799554] ? initcall_blacklisted+0x9a/0x1e0
[ 35.804152] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 35.809273] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 35.814994] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.820546] ? do_vfs_ioctl+0x201/0x1720
[ 35.824622] ? rcu_is_watching+0x8c/0x150
[ 35.828789] ? trace_hardirqs_on+0xbd/0x2c0
[ 35.833121] ? ioctl_preallocate+0x300/0x300
[ 35.837539] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.843090] ? __fget_light+0x2f7/0x440
[ 35.847077] ? fget_raw+0x20/0x20
[ 35.850541] ? putname+0xf2/0x130
[ 35.854008] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.859034] ? kmem_cache_free+0x246/0x280
[ 35.863280] ? putname+0xf7/0x130
[ 35.866745] do_group_exit+0x177/0x440
[ 35.870642] ? trace_hardirqs_on+0xbd/0x2c0
[ 35.874977] ? __ia32_sys_exit+0x50/0x50
[ 35.879062] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 35.884178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.889732] ? ksys_ioctl+0x81/0xd0
[ 35.893400] __x64_sys_exit_group+0x3e/0x50
[ 35.897736] do_syscall_64+0x1b9/0x820
[ 35.901716] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 35.907094] ? syscall_return_slowpath+0x5e0/0x5e0
[ 35.912033] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.916890] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 35.921930] ? prepare_exit_to_usermode+0x291/0x3b0
[ 35.926960] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.931825] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.937032] RIP: 0033:0x43ecc8
[ 35.940242] Code: Bad RIP value.
[ 35.943614] RSP: 002b:00007fff5cb769e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 35.951334] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8
[ 35.958641] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 35.965919] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 35.973196] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 35.980474] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 35.987764]
[ 35.987769] ======================================================
[ 35.987775] WARNING: possible circular locking dependency detected
[ 35.987778] 4.19.0-rc1+ #218 Not tainted
[ 35.987783] ------------------------------------------------------
[ 35.987801] syz-executor552/4673 is trying to acquire lock:
[ 35.987805] 00000000ee639b1d ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 35.987831]
[ 35.987835] but task is already holding lock:
[ 35.987838] 00000000a23d9e12 (report_lock){....}, at: kasan_report+0x8e/0x110
[ 35.987852]
[ 35.987856] which lock already depends on the new lock.
[ 35.987858]
[ 35.987861]
[ 35.987866] the existing dependency chain (in reverse order) is:
[ 35.987868]
[ 35.987870] -> #3 (report_lock){....}:
[ 35.987885] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.987888] kasan_report+0x8e/0x110
[ 35.987893] __asan_report_load8_noabort+0x14/0x20
[ 35.987896] __schedule+0xf54/0x1df0
[ 35.987901] preempt_schedule_common+0x22/0x60
[ 35.987904] _cond_resched+0x1d/0x30
[ 35.987908] wait_for_completion+0xa5/0x8d0
[ 35.987913] __synchronize_srcu+0x189/0x240
[ 35.987917] synchronize_srcu+0x335/0x56f
[ 35.987921] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.987925] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.987929] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.987933] kvm_put_kvm+0x73f/0x1060
[ 35.987937] kvm_vm_release+0x42/0x50
[ 35.987940] __fput+0x38a/0xa40
[ 35.987944] ____fput+0x15/0x20
[ 35.987947] task_work_run+0x1e8/0x2a0
[ 35.987951] do_exit+0x1ae4/0x26e0
[ 35.987955] do_group_exit+0x177/0x440
[ 35.987959] __x64_sys_exit_group+0x3e/0x50
[ 35.987963] do_syscall_64+0x1b9/0x820
[ 35.987967] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.987969]
[ 35.987972] -> #2 (&rq->lock){-.-.}:
[ 35.987985] _raw_spin_lock+0x2a/0x40
[ 35.987989] task_fork_fair+0x93/0x680
[ 35.987992] sched_fork+0x44b/0xbd0
[ 35.987996] copy_process+0x235e/0x7ad0
[ 35.988000] _do_fork+0x1ca/0x1170
[ 35.988003] kernel_thread+0x34/0x40
[ 35.988007] rest_init+0x22/0xe4
[ 35.988011] start_kernel+0x913/0x94e
[ 35.988015] x86_64_start_reservations+0x29/0x2b
[ 35.988019] x86_64_start_kernel+0x76/0x79
[ 35.988023] secondary_startup_64+0xa4/0xb0
[ 35.988025]
[ 35.988027] -> #1 (&p->pi_lock){-.-.}:
[ 35.988041] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.988045] try_to_wake_up+0xd2/0x1250
[ 35.988049] wake_up_process+0x10/0x20
[ 35.988052] __up.isra.1+0x1c0/0x2a0
[ 35.988056] up+0x13c/0x1c0
[ 35.988060] __up_console_sem+0xbe/0x1b0
[ 35.988063] console_unlock+0x506/0x10d0
[ 35.988067] vprintk_emit+0x33a/0x910
[ 35.988071] vprintk_default+0x28/0x30
[ 35.988075] vprintk_func+0x7a/0x117
[ 35.988078] printk+0xa7/0xcf
[ 35.988081] load_umh+0x51/0xbd
[ 35.988085] do_one_initcall+0x127/0x838
[ 35.988089] kernel_init_freeable+0x4bb/0x5ae
[ 35.988093] kernel_init+0x11/0x1b3
[ 35.988097] ret_from_fork+0x3a/0x50
[ 35.988099]
[ 35.988101] -> #0 ((console_sem).lock){-...}:
[ 35.988115] lock_acquire+0x1e4/0x4f0
[ 35.988119] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.988123] down_trylock+0x13/0x70
[ 35.988127] __down_trylock_console_sem+0xae/0x200
[ 35.988131] console_trylock+0x15/0xa0
[ 35.988134] vprintk_emit+0x31f/0x910
[ 35.988138] vprintk_default+0x28/0x30
[ 35.988142] vprintk_func+0x7a/0x117
[ 35.988145] printk+0xa7/0xcf
[ 35.988149] kasan_report+0x9e/0x110
[ 35.988153] __asan_report_load8_noabort+0x14/0x20
[ 35.988157] __schedule+0xf54/0x1df0
[ 35.988161] preempt_schedule_common+0x22/0x60
[ 35.988165] _cond_resched+0x1d/0x30
[ 35.988169] wait_for_completion+0xa5/0x8d0
[ 35.988173] __synchronize_srcu+0x189/0x240
[ 35.988177] synchronize_srcu+0x335/0x56f
[ 35.988181] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.988185] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.988189] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.988193] kvm_put_kvm+0x73f/0x1060
[ 35.988197] kvm_vm_release+0x42/0x50
[ 35.988200] __fput+0x38a/0xa40
[ 35.988204] ____fput+0x15/0x20
[ 35.988207] task_work_run+0x1e8/0x2a0
[ 35.988211] do_exit+0x1ae4/0x26e0
[ 35.988215] do_group_exit+0x177/0x440
[ 35.988219] __x64_sys_exit_group+0x3e/0x50
[ 35.988222] do_syscall_64+0x1b9/0x820
[ 35.988227] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.988229]
[ 35.988233] other info that might help us debug this:
[ 35.988236]
[ 35.988239] Chain exists of:
[ 35.988241] (console_sem).lock --> &rq->lock --> report_lock
[ 35.988258]
[ 35.988262] Possible unsafe locking scenario:
[ 35.988265]
[ 35.988269] CPU0 CPU1
[ 35.988272] ---- ----
[ 35.988275] lock(report_lock);
[ 35.988284] lock(&rq->lock);
[ 35.988293] lock(report_lock);
[ 35.988300] lock((console_sem).lock);
[ 35.988308]
[ 35.988311] *** DEADLOCK ***
[ 35.988314]
[ 35.988318] 2 locks held by syz-executor552/4673:
[ 35.988320] #0: 000000000e407bd4 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[ 35.988336] #1: 00000000a23d9e12 (report_lock){....}, at: kasan_report+0x8e/0x110
[ 35.988353]
[ 35.988385] stack backtrace:
[ 35.988391] CPU: 0 PID: 4673 Comm: syz-executor552 Not tainted 4.19.0-rc1+ #218
[ 35.988398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 35.988401] Call Trace:
[ 35.988404] dump_stack+0x1c9/0x2b4
[ 35.988409] ? dump_stack_print_info.cold.2+0x52/0x52
[ 35.988412] ? vprintk_func+0x100/0x117
[ 35.988417] print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[ 35.988421] ? save_trace+0xe0/0x290
[ 35.988425] __lock_acquire+0x3449/0x5020
[ 35.988429] ? mark_held_locks+0x160/0x160
[ 35.988432] ? mark_held_locks+0x160/0x160
[ 35.988437] ? rcu_cleanup_dead_rnp+0x200/0x200
[ 35.988441] ? is_bpf_text_address+0xd7/0x170
[ 35.988445] ? kernel_text_address+0x79/0xf0
[ 35.988449] ? __kernel_text_address+0xd/0x40
[ 35.988453] ? __save_stack_trace+0x8d/0xf0
[ 35.988457] ? add_lock_to_list.isra.27+0x1ec/0x4b0
[ 35.988461] ? save_trace+0x290/0x290
[ 35.988465] ? save_stack_trace+0x1a/0x20
[ 35.988468] ? save_trace+0xe0/0x290
[ 35.988472] ? graph_lock+0x170/0x170
[ 35.988477] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.988480] lock_acquire+0x1e4/0x4f0
[ 35.988484] ? down_trylock+0x13/0x70
[ 35.988488] ? lock_release+0x9f0/0x9f0
[ 35.988492] ? trace_hardirqs_off+0xb8/0x2b0
[ 35.988496] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.988500] ? trace_hardirqs_off+0xb8/0x2b0
[ 35.988503] ? log_store+0x34f/0x4c0
[ 35.988507] ? vprintk_emit+0x31f/0x910
[ 35.988511] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.988515] ? down_trylock+0x13/0x70
[ 35.988518] down_trylock+0x13/0x70
[ 35.988522] __down_trylock_console_sem+0xae/0x200
[ 35.988526] console_trylock+0x15/0xa0
[ 35.988530] vprintk_emit+0x31f/0x910
[ 35.988534] ? wake_up_klogd+0x110/0x110
[ 35.988538] ? run_rebalance_domains+0x4c0/0x4c0
[ 35.988542] ? kasan_check_read+0x11/0x20
[ 35.988545] ? rcu_is_watching+0x8c/0x150
[ 35.988549] ? rcu_pm_notify+0xc0/0xc0
[ 35.988553] ? lock_acquire+0x1e4/0x4f0
[ 35.988556] ? kasan_report+0x8e/0x110
[ 35.988560] ? __schedule+0xf54/0x1df0
[ 35.988564] vprintk_default+0x28/0x30
[ 35.988567] vprintk_func+0x7a/0x117
[ 35.988571] printk+0xa7/0xcf
[ 35.988575] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 35.988579] ? kasan_check_write+0x14/0x20
[ 35.988582] ? do_raw_spin_lock+0xc1/0x200
[ 35.988586] ? do_raw_spin_lock+0xc1/0x200
[ 35.988590] kasan_report+0x9e/0x110
[ 35.988594] __asan_report_load8_noabort+0x14/0x20
[ 35.988598] __schedule+0xf54/0x1df0
[ 35.988602] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 35.988606] ? __sched_text_start+0x8/0x8
[ 35.988610] ? __call_srcu+0x7e7/0x1040
[ 35.988614] ? check_same_owner+0x340/0x340
[ 35.988618] ? mark_held_locks+0x160/0x160
[ 35.988621] ? find_held_lock+0x36/0x1c0
[ 35.988626] preempt_schedule_common+0x22/0x60
[ 35.988629] _cond_resched+0x1d/0x30
[ 35.988633] wait_for_completion+0xa5/0x8d0
[ 35.988638] ? wait_for_completion_interruptible+0x950/0x950
[ 35.988642] ? __lockdep_init_map+0x105/0x590
[ 35.988646] ? __init_waitqueue_head+0x9e/0x150
[ 35.988650] ? init_wait_entry+0x1c0/0x1c0
[ 35.988654] __synchronize_srcu+0x189/0x240
[ 35.988657] ? call_srcu+0x10/0x10
[ 35.988661] ? rcu_unexpedite_gp+0x20/0x20
[ 35.988665] synchronize_srcu+0x335/0x56f
[ 35.988669] ? lock_downgrade+0x8f0/0x8f0
[ 35.988674] ? synchronize_srcu_expedited+0x20/0x20
[ 35.988678] ? kasan_check_read+0x11/0x20
[ 35.988682] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 35.988686] ? kasan_check_write+0x14/0x20
[ 35.988690] ? do_raw_spin_lock+0xc1/0x200
[ 35.988694] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.988699] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 35.988702] ? kvfree+0x61/0x70
[ 35.988707] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.988710] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.988714] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.988719] ? kvm_arch_sync_events+0x30/0x30
[ 35.988723] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.988727] ? mmu_notifier_unregister+0x474/0x600
[ 35.988731] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.988735] ? kfree+0x111/0x210
[ 35.988739] ? __mmu_notifier_register+0x30/0x30
[ 35.988743] ? __free_pages+0x10a/0x190
[ 35.988747] ? free_unref_page+0x930/0x930
[ 35.988750] kvm_put_kvm+0x73f/0x1060
[ 35.988754] ? kvm_write_guest_cached+0x40/0x40
[ 35.988758] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.988762] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.988766] ? lockdep_hardirqs_on+0x421/0x5c0
[ 35.988770] ? kasan_check_write+0x14/0x20
[ 35.988774] ? do_raw_spin_lock+0xc1/0x200
[ 35.988778] ? kvm_irqfd_release+0xdd/0x120
[ 35.988782] ? kvm_irqfd_release+0xdd/0x120
[ 35.988786] ? kvm_put_kvm+0x1060/0x1060
[ 35.988789] kvm_vm_release+0x42/0x50
[ 35.988793] __fput+0x38a/0xa40
[ 35.988796] ? __alloc_file+0x400/0x400
[ 35.988800] ? check_same_owner+0x340/0x340
[ 35.988804] ? kasan_check_write+0x14/0x20
[ 35.988808] ? do_raw_spin_lock+0xc1/0x200
[ 35.988812] ____fput+0x15/0x20
[ 35.988815] task_work_run+0x1e8/0x2a0
[ 35.988819] ? task_work_cancel+0x240/0x240
[ 35.988824] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.988828] ? switch_task_namespaces+0xa2/0xd0
[ 35.988831] do_exit+0x1ae4/0x26e0
[ 35.988836] ? mm_update_next_owner+0x9a0/0x9a0
[ 35.988840] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 35.988844] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.988847] ? kfree+0x1d7/0x210
[ 35.988851] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 35.988856] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 35.988860] ? is_bpf_text_address+0xd7/0x170
[ 35.988862] ?
[ 35.988870] Lost 54 message(s)!
[ 37.080193] Shutting down cpus with NMI
[ 38.143945] Dumping ftrace buffer:
[ 38.147619] (ftrace buffer empty)
[ 38.151324] Kernel Offset: disabled
[ 38.154946] Rebooting in 86400 seconds..