[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 24.187717] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 29.729742] random: sshd: uninitialized urandom read (32 bytes read)
[ 29.995602] random: sshd: uninitialized urandom read (32 bytes read)
[ 30.581822] random: sshd: uninitialized urandom read (32 bytes read)
[ 30.759054] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts.
[ 36.562695] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 36.661616] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 36.688254] ==================================================================
[ 36.698135] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[ 36.704383] Read of size 8 at addr ffff8801b8ed8058 by task syz-executor452/4647
[ 36.711902]
[ 36.713529] CPU: 0 PID: 4647 Comm: syz-executor452 Not tainted 4.19.0-rc2+ #2
[ 36.720795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 36.730140] Call Trace:
[ 36.732733] dump_stack+0x1c9/0x2b4
[ 36.736360] ? dump_stack_print_info.cold.2+0x52/0x52
[ 36.741550] ? printk+0xa7/0xcf
[ 36.744831] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 36.749583] ? __schedule+0xf54/0x1df0
[ 36.753465] print_address_description+0x6c/0x20b
[ 36.758304] ? __schedule+0xf54/0x1df0
[ 36.762200] kasan_report.cold.7+0x242/0x30d
[ 36.766608] __asan_report_load8_noabort+0x14/0x20
[ 36.771539] __schedule+0xf54/0x1df0
[ 36.775276] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 36.780377] ? __sched_text_start+0x8/0x8
[ 36.784536] ? __call_srcu+0x7e7/0x1040
[ 36.788514] ? check_same_owner+0x340/0x340
[ 36.792834] ? mark_held_locks+0x160/0x160
[ 36.797068] ? find_held_lock+0x36/0x1c0
[ 36.801140] preempt_schedule_common+0x22/0x60
[ 36.805720] _cond_resched+0x1d/0x30
[ 36.809431] wait_for_completion+0xa5/0x8d0
[ 36.813750] ? wait_for_completion_interruptible+0x950/0x950
[ 36.819546] ? __lockdep_init_map+0x105/0x590
[ 36.824051] ? __init_waitqueue_head+0x9e/0x150
[ 36.828742] ? init_wait_entry+0x1c0/0x1c0
[ 36.833002] __synchronize_srcu+0x189/0x240
[ 36.837332] ? call_srcu+0x10/0x10
[ 36.840872] ? rcu_unexpedite_gp+0x20/0x20
[ 36.845110] synchronize_srcu+0x335/0x56f
[ 36.849251] ? lock_downgrade+0x8f0/0x8f0
[ 36.853393] ? synchronize_srcu_expedited+0x20/0x20
[ 36.858409] ? kasan_check_read+0x11/0x20
[ 36.862554] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 36.867145] ? kasan_check_write+0x14/0x20
[ 36.871375] ? do_raw_spin_lock+0xc1/0x200
[ 36.875612] kvm_page_track_unregister_notifier+0x17d/0x250
[ 36.881332] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 36.886810] ? kvfree+0x61/0x70
[ 36.890101] ? rcu_read_lock_sched_held+0x108/0x120
[ 36.895117] kvm_mmu_uninit_vm+0x1c/0x20
[ 36.899172] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 36.903579] ? kvm_arch_sync_events+0x30/0x30
[ 36.908076] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 36.913610] ? mmu_notifier_unregister+0x474/0x600
[ 36.918543] ? trace_hardirqs_on+0x2c0/0x2c0
[ 36.922947] ? kfree+0x111/0x210
[ 36.926314] ? __mmu_notifier_register+0x30/0x30
[ 36.931071] ? __free_pages+0x10a/0x190
[ 36.935215] ? free_unref_page+0x930/0x930
[ 36.939453] kvm_put_kvm+0x73f/0x1060
[ 36.943256] ? kvm_write_guest_cached+0x40/0x40
[ 36.947929] ? _raw_spin_unlock_irq+0x27/0x70
[ 36.952422] ? _raw_spin_unlock_irq+0x27/0x70
[ 36.956912] ? lockdep_hardirqs_on+0x421/0x5c0
[ 36.961495] ? kasan_check_write+0x14/0x20
[ 36.965784] ? do_raw_spin_lock+0xc1/0x200
[ 36.970024] ? kvm_irqfd_release+0xdd/0x120
[ 36.974341] ? kvm_irqfd_release+0xdd/0x120
[ 36.978677] ? kvm_put_kvm+0x1060/0x1060
[ 36.982741] kvm_vm_release+0x42/0x50
[ 36.986539] __fput+0x38a/0xa40
[ 36.989837] ? __alloc_file+0x400/0x400
[ 36.993816] ? check_same_owner+0x340/0x340
[ 36.998139] ? kasan_check_write+0x14/0x20
[ 37.002372] ? do_raw_spin_lock+0xc1/0x200
[ 37.006638] ____fput+0x15/0x20
[ 37.009920] task_work_run+0x1e8/0x2a0
[ 37.013803] ? task_work_cancel+0x240/0x240
[ 37.018133] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 37.023667] ? switch_task_namespaces+0xa2/0xd0
[ 37.028333] do_exit+0x1ae4/0x26e0
[ 37.031874] ? mm_update_next_owner+0x9a0/0x9a0
[ 37.036545] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 37.040781] ? rcu_read_lock_sched_held+0x108/0x120
[ 37.045806] ? kfree+0x1d7/0x210
[ 37.049201] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 37.053437] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 37.059162] ? is_bpf_text_address+0xd7/0x170
[ 37.063684] ? kernel_text_address+0x79/0xf0
[ 37.068088] ? __kernel_text_address+0xd/0x40
[ 37.072581] ? unwind_get_return_address+0x61/0xa0
[ 37.077513] ? __save_stack_trace+0x8d/0xf0
[ 37.081842] ? save_stack+0xa9/0xd0
[ 37.085466] ? save_stack+0x43/0xd0
[ 37.089092] ? __kasan_slab_free+0x11a/0x170
[ 37.093494] ? kasan_slab_free+0xe/0x10
[ 37.097463] ? putname+0xf2/0x130
[ 37.100911] ? __x64_sys_openat+0x9d/0x100
[ 37.105168] ? do_syscall_64+0x1b9/0x820
[ 37.109225] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 37.114603] ? trace_hardirqs_off+0xb8/0x2c0
[ 37.119012] ? kasan_check_read+0x11/0x20
[ 37.123199] ? do_raw_spin_unlock+0xa7/0x2f0
[ 37.127603] ? trace_hardirqs_on+0x2c0/0x2c0
[ 37.132016] ? initcall_blacklisted+0x9a/0x1e0
[ 37.136611] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 37.141722] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 37.147437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 37.152970] ? do_vfs_ioctl+0x201/0x1720
[ 37.157045] ? rcu_is_watching+0x8c/0x150
[ 37.161187] ? trace_hardirqs_on+0xbd/0x2c0
[ 37.165507] ? ioctl_preallocate+0x300/0x300
[ 37.169913] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 37.175463] ? __fget_light+0x2f7/0x440
[ 37.179455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 37.184989] ? smack_file_ioctl+0x210/0x3c0
[ 37.189308] ? fget_raw+0x20/0x20
[ 37.192792] ? smack_file_lock+0x2e0/0x2e0
[ 37.197033] do_group_exit+0x177/0x440
[ 37.200918] ? trace_hardirqs_on+0xbd/0x2c0
[ 37.205392] ? __ia32_sys_exit+0x50/0x50
[ 37.209436] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 37.214522] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 37.220069] ? ksys_ioctl+0x81/0xd0
[ 37.223746] __x64_sys_exit_group+0x3e/0x50
[ 37.228071] do_syscall_64+0x1b9/0x820
[ 37.231969] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 37.237338] ? syscall_return_slowpath+0x5e0/0x5e0
[ 37.242273] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 37.247128] ? trace_hardirqs_on_caller+0x2c0/0x2c0
[ 37.252147] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 37.257184] ? prepare_exit_to_usermode+0x291/0x3b0
[ 37.262270] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 37.267131] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 37.272314] RIP: 0033:0x43f028
[ 37.275504] Code: Bad RIP value.
[ 37.278859] RSP: 002b:00007fff2773f3d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 37.286563] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028
[ 37.293828] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 37.301094] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 37.308364] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 37.315658] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[ 37.322945]
[ 37.324577] Allocated by task 4647:
[ 37.328223] save_stack+0x43/0xd0
[ 37.331673] kasan_kmalloc+0xc4/0xe0
[ 37.335385] kasan_slab_alloc+0x12/0x20
[ 37.339357] kmem_cache_alloc+0x12e/0x710
[ 37.344010] vmx_create_vcpu+0xcf/0x2830
[ 37.348086] kvm_arch_vcpu_create+0xe5/0x220
[ 37.352493] kvm_vm_ioctl+0x488/0x1d80
[ 37.356376] do_vfs_ioctl+0x1de/0x1720
[ 37.360274] ksys_ioctl+0xa9/0xd0
[ 37.363732] __x64_sys_ioctl+0x73/0xb0
[ 37.367642] do_syscall_64+0x1b9/0x820
[ 37.371526] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 37.376703]
[ 37.378326] Freed by task 4647:
[ 37.381613] save_stack+0x43/0xd0
[ 37.385084] __kasan_slab_free+0x11a/0x170
[ 37.389330] kasan_slab_free+0xe/0x10
[ 37.393126] kmem_cache_free+0x86/0x280
[ 37.397095] vmx_free_vcpu+0x26b/0x300
[ 37.400978] kvm_arch_destroy_vm+0x365/0x7c0
[ 37.405391] kvm_put_kvm+0x73f/0x1060
[ 37.409191] kvm_vm_release+0x42/0x50
[ 37.412994] __fput+0x38a/0xa40
[ 37.416275] ____fput+0x15/0x20
[ 37.419560] task_work_run+0x1e8/0x2a0
[ 37.423439] do_exit+0x1ae4/0x26e0
[ 37.426973] do_group_exit+0x177/0x440
[ 37.430856] __x64_sys_exit_group+0x3e/0x50
[ 37.435180] do_syscall_64+0x1b9/0x820
[ 37.439079] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 37.444272]
[ 37.445900] The buggy address belongs to the object at ffff8801b8ed8040
[ 37.445900] which belongs to the cache kvm_vcpu of size 23872
[ 37.458485] The buggy address is located 24 bytes inside of
[ 37.458485] 23872-byte region [ffff8801b8ed8040, ffff8801b8eddd80)
[ 37.470575] The buggy address belongs to the page:
[ 37.475513] page:ffffea0006e3b600 count:1 mapcount:0 mapping:ffff8801d6f37340 index:0x0 compound_mapcount: 0
[ 37.485480] flags: 0x2fffc0000008100(slab|head)
[ 37.490147] raw: 02fffc0000008100 ffff8801d4e1f048 ffff8801d4e1f048 ffff8801d6f37340
[ 37.498026] raw: 0000000000000000 ffff8801b8ed8040 0000000100000001 0000000000000000
[ 37.505897] page dumped because: kasan: bad access detected
[ 37.511595]
[ 37.513217] Memory state around the buggy address:
[ 37.518141] ffff8801b8ed7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 37.525496] ffff8801b8ed7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 37.532851] >ffff8801b8ed8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 37.540196] ^
[ 37.546423] ffff8801b8ed8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 37.553775] ffff8801b8ed8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 37.561139] ==================================================================
[ 37.568489] Kernel panic - not syncing: panic_on_warn set ...
[ 37.568489]
[ 37.575869] CPU: 0 PID: 4647 Comm: syz-executor452 Tainted: G B 4.19.0-rc2+ #2
[ 37.584567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 37.593914] Call Trace:
[ 37.596508] dump_stack+0x1c9/0x2b4
[ 37.600148] ? dump_stack_print_info.cold.2+0x52/0x52
[ 37.605334] ? lock_downgrade+0x8f0/0x8f0
[ 37.609477] ? __schedule+0xf54/0x1df0
[ 37.613364] panic+0x238/0x4e7
[ 37.616551] ? add_taint.cold.5+0x16/0x16
[ 37.620700] ? print_shadow_for_address+0xba/0x116
[ 37.625650] ? trace_hardirqs_off+0xaf/0x2c0
[ 37.630057] ? trace_hardirqs_off+0x77/0x2c0
[ 37.634464] ? __schedule+0xf54/0x1df0
[ 37.638353] kasan_end_report+0x47/0x4f
[ 37.642389] kasan_report.cold.7+0x76/0x30d
[ 37.646716] __asan_report_load8_noabort+0x14/0x20
[ 37.651653] __schedule+0xf54/0x1df0
[ 37.655368] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 37.660473] ? __sched_text_start+0x8/0x8
[ 37.664622] ? __call_srcu+0x7e7/0x1040
[ 37.668614] ? check_same_owner+0x340/0x340
[ 37.672945] ? mark_held_locks+0x160/0x160
[ 37.677180] ? find_held_lock+0x36/0x1c0
[ 37.681246] preempt_schedule_common+0x22/0x60
[ 37.685927] _cond_resched+0x1d/0x30
[ 37.689650] wait_for_completion+0xa5/0x8d0
[ 37.693974] ? wait_for_completion_interruptible+0x950/0x950
[ 37.699771] ? __lockdep_init_map+0x105/0x590
[ 37.704266] ? __init_waitqueue_head+0x9e/0x150
[ 37.708931] ? init_wait_entry+0x1c0/0x1c0
[ 37.713173] __synchronize_srcu+0x189/0x240
[ 37.717493] ? call_srcu+0x10/0x10
[ 37.721031] ? rcu_unexpedite_gp+0x20/0x20
[ 37.725266] synchronize_srcu+0x335/0x56f
[ 37.729406] ? lock_downgrade+0x8f0/0x8f0
[ 37.733550] ? synchronize_srcu_expedited+0x20/0x20
[ 37.738564] ? kasan_check_read+0x11/0x20
[ 37.742724] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 37.747307] ? kasan_check_write+0x14/0x20
[ 37.751540] ? do_raw_spin_lock+0xc1/0x200
[ 37.755785] kvm_page_track_unregister_notifier+0x17d/0x250
[ 37.761498] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 37.766948] ? kvfree+0x61/0x70
[ 37.770233] ? rcu_read_lock_sched_held+0x108/0x120
[ 37.775248] kvm_mmu_uninit_vm+0x1c/0x20
[ 37.779308] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 37.783713] ? kvm_arch_sync_events+0x30/0x30
[ 37.788217] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 37.793757] ? mmu_notifier_unregister+0x474/0x600
[ 37.798680] ? trace_hardirqs_on+0x2c0/0x2c0
[ 37.803082] ? kfree+0x111/0x210
[ 37.806447] ? __mmu_notifier_register+0x30/0x30
[ 37.811234] ? __free_pages+0x10a/0x190
[ 37.815208] ? free_unref_page+0x930/0x930
[ 37.819457] kvm_put_kvm+0x73f/0x1060
[ 37.823282] ? kvm_write_guest_cached+0x40/0x40
[ 37.827953] ? _raw_spin_unlock_irq+0x27/0x70
[ 37.832443] ? _raw_spin_unlock_irq+0x27/0x70
[ 37.836936] ? lockdep_hardirqs_on+0x421/0x5c0
[ 37.841525] ? kasan_check_write+0x14/0x20
[ 37.845759] ? do_raw_spin_lock+0xc1/0x200
[ 37.849993] ? kvm_irqfd_release+0xdd/0x120
[ 37.854310] ? kvm_irqfd_release+0xdd/0x120
[ 37.858639] ? kvm_put_kvm+0x1060/0x1060
[ 37.862705] kvm_vm_release+0x42/0x50
[ 37.866504] __fput+0x38a/0xa40
[ 37.869783] ? __alloc_file+0x400/0x400
[ 37.873766] ? check_same_owner+0x340/0x340
[ 37.878089] ? kasan_check_write+0x14/0x20
[ 37.882349] ? do_raw_spin_lock+0xc1/0x200
[ 37.886583] ____fput+0x15/0x20
[ 37.889861] task_work_run+0x1e8/0x2a0
[ 37.893748] ? task_work_cancel+0x240/0x240
[ 37.898075] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 37.903610] ? switch_task_namespaces+0xa2/0xd0
[ 37.908285] do_exit+0x1ae4/0x26e0
[ 37.911829] ? mm_update_next_owner+0x9a0/0x9a0
[ 37.916502] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 37.920738] ? rcu_read_lock_sched_held+0x108/0x120
[ 37.925754] ? kfree+0x1d7/0x210
[ 37.929120] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 37.933354] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 37.939066] ? is_bpf_text_address+0xd7/0x170
[ 37.943574] ? kernel_text_address+0x79/0xf0
[ 37.947979] ? __kernel_text_address+0xd/0x40
[ 37.952473] ? unwind_get_return_address+0x61/0xa0
[ 37.957404] ? __save_stack_trace+0x8d/0xf0
[ 37.961731] ? save_stack+0xa9/0xd0
[ 37.965356] ? save_stack+0x43/0xd0
[ 37.968979] ? __kasan_slab_free+0x11a/0x170
[ 37.973382] ? kasan_slab_free+0xe/0x10
[ 37.977356] ? putname+0xf2/0x130
[ 37.980810] ? __x64_sys_openat+0x9d/0x100
[ 37.985044] ? do_syscall_64+0x1b9/0x820
[ 37.989103] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 37.994471] ? trace_hardirqs_off+0xb8/0x2c0
[ 37.998879] ? kasan_check_read+0x11/0x20
[ 38.003027] ? do_raw_spin_unlock+0xa7/0x2f0
[ 38.007432] ? trace_hardirqs_on+0x2c0/0x2c0
[ 38.011843] ? initcall_blacklisted+0x9a/0x1e0
[ 38.016429] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 38.021539] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 38.027272] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 38.032809] ? do_vfs_ioctl+0x201/0x1720
[ 38.036868] ? rcu_is_watching+0x8c/0x150
[ 38.041011] ? trace_hardirqs_on+0xbd/0x2c0
[ 38.045348] ? ioctl_preallocate+0x300/0x300
[ 38.049754] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 38.055290] ? __fget_light+0x2f7/0x440
[ 38.059267] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 38.064801] ? smack_file_ioctl+0x210/0x3c0
[ 38.069118] ? fget_raw+0x20/0x20
[ 38.072570] ? smack_file_lock+0x2e0/0x2e0
[ 38.076985] do_group_exit+0x177/0x440
[ 38.080871] ? trace_hardirqs_on+0xbd/0x2c0
[ 38.085192] ? __ia32_sys_exit+0x50/0x50
[ 38.089257] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 38.094364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 38.099898] ? ksys_ioctl+0x81/0xd0
[ 38.103534] __x64_sys_exit_group+0x3e/0x50
[ 38.107857] do_syscall_64+0x1b9/0x820
[ 38.111753] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 38.117118] ? syscall_return_slowpath+0x5e0/0x5e0
[ 38.122047] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 38.126890] ? trace_hardirqs_on_caller+0x2c0/0x2c0
[ 38.131904] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 38.136922] ? prepare_exit_to_usermode+0x291/0x3b0
[ 38.141937] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 38.146806] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 38.151990] RIP: 0033:0x43f028
[ 38.155180] Code: Bad RIP value.
[ 38.158578] RSP: 002b:00007fff2773f3d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 38.166284] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028
[ 38.173546] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 38.180818] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 38.188087] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 38.195354] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[ 38.202650]
[ 38.202655] ======================================================
[ 38.202661] WARNING: possible circular locking dependency detected
[ 38.202664] 4.19.0-rc2+ #2 Not tainted
[ 38.202669] ------------------------------------------------------
[ 38.202674] syz-executor452/4647 is trying to acquire lock:
[ 38.202677] 00000000250df7c2 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 38.202704]
[ 38.202708] but task is already holding lock:
[ 38.202711] 0000000086a69c04 (report_lock){....}, at: kasan_report+0x8e/0x110
[ 38.202725]
[ 38.202730] which lock already depends on the new lock.
[ 38.202732]
[ 38.202734]
[ 38.202739] the existing dependency chain (in reverse order) is:
[ 38.202741]
[ 38.202744] -> #3 (report_lock){....}:
[ 38.202758] _raw_spin_lock_irqsave+0x96/0xc0
[ 38.202762] kasan_report+0x8e/0x110
[ 38.202766] __asan_report_load8_noabort+0x14/0x20
[ 38.202770] __schedule+0xf54/0x1df0
[ 38.202774] preempt_schedule_common+0x22/0x60
[ 38.202778] _cond_resched+0x1d/0x30
[ 38.202782] wait_for_completion+0xa5/0x8d0
[ 38.202786] __synchronize_srcu+0x189/0x240
[ 38.202790] synchronize_srcu+0x335/0x56f
[ 38.202795] kvm_page_track_unregister_notifier+0x17d/0x250
[ 38.202799] kvm_mmu_uninit_vm+0x1c/0x20
[ 38.202803] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 38.202807] kvm_put_kvm+0x73f/0x1060
[ 38.202810] kvm_vm_release+0x42/0x50
[ 38.202814] __fput+0x38a/0xa40
[ 38.202817] ____fput+0x15/0x20
[ 38.202821] task_work_run+0x1e8/0x2a0
[ 38.202825] do_exit+0x1ae4/0x26e0
[ 38.202828] do_group_exit+0x177/0x440
[ 38.202832] __x64_sys_exit_group+0x3e/0x50
[ 38.202836] do_syscall_64+0x1b9/0x820
[ 38.202841] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 38.202843]
[ 38.202845] -> #2 (&rq->lock){-.-.}:
[ 38.202859] _raw_spin_lock+0x2a/0x40
[ 38.202863] task_fork_fair+0x93/0x680
[ 38.202866] sched_fork+0x44b/0xbd0
[ 38.202870] copy_process+0x235e/0x7af0
[ 38.202874] _do_fork+0x1ca/0x1170
[ 38.202877] kernel_thread+0x34/0x40
[ 38.202881] rest_init+0x22/0xe4
[ 38.202885] start_kernel+0x913/0x94e
[ 38.202889] x86_64_start_reservations+0x29/0x2b
[ 38.202893] x86_64_start_kernel+0x76/0x79
[ 38.202897] secondary_startup_64+0xa4/0xb0
[ 38.202899]
[ 38.202901] -> #1 (&p->pi_lock){-.-.}:
[ 38.202915] _raw_spin_lock_irqsave+0x96/0xc0
[ 38.202919] try_to_wake_up+0xd2/0x1250
[ 38.202923] wake_up_process+0x10/0x20
[ 38.202927] __up.isra.1+0x1c0/0x2a0
[ 38.202930] up+0x13c/0x1c0
[ 38.202934] __up_console_sem+0xbe/0x1b0
[ 38.202938] console_unlock+0x506/0x10e0
[ 38.202942] vprintk_emit+0x33a/0x910
[ 38.202945] vprintk_default+0x28/0x30
[ 38.202949] vprintk_func+0x7a/0x117
[ 38.202952] printk+0xa7/0xcf
[ 38.202956] load_umh+0x51/0xbd
[ 38.202960] do_one_initcall+0x127/0x838
[ 38.202964] kernel_init_freeable+0x4bb/0x5ae
[ 38.202967] kernel_init+0x11/0x1b3
[ 38.202971] ret_from_fork+0x3a/0x50
[ 38.202973]
[ 38.202975] -> #0 ((console_sem).lock){-...}:
[ 38.202990] lock_acquire+0x1e4/0x4f0
[ 38.202994] _raw_spin_lock_irqsave+0x96/0xc0
[ 38.202998] down_trylock+0x13/0x70
[ 38.203002] __down_trylock_console_sem+0xae/0x200
[ 38.203006] console_trylock+0x15/0xa0
[ 38.203009] vprintk_emit+0x31f/0x910
[ 38.203013] vprintk_default+0x28/0x30
[ 38.203017] vprintk_func+0x7a/0x117
[ 38.203020] printk+0xa7/0xcf
[ 38.203024] kasan_report+0x9e/0x110
[ 38.203028] __asan_report_load8_noabort+0x14/0x20
[ 38.203032] __schedule+0xf54/0x1df0
[ 38.203036] preempt_schedule_common+0x22/0x60
[ 38.203040] _cond_resched+0x1d/0x30
[ 38.203044] wait_for_completion+0xa5/0x8d0
[ 38.203048] __synchronize_srcu+0x189/0x240
[ 38.203052] synchronize_srcu+0x335/0x56f
[ 38.203057] kvm_page_track_unregister_notifier+0x17d/0x250
[ 38.203061] kvm_mmu_uninit_vm+0x1c/0x20
[ 38.203065] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 38.203069] kvm_put_kvm+0x73f/0x1060
[ 38.203072] kvm_vm_release+0x42/0x50
[ 38.203076] __fput+0x38a/0xa40
[ 38.203079] ____fput+0x15/0x20
[ 38.203083] task_work_run+0x1e8/0x2a0
[ 38.203087] do_exit+0x1ae4/0x26e0
[ 38.203090] do_group_exit+0x177/0x440
[ 38.203094] __x64_sys_exit_group+0x3e/0x50
[ 38.203098] do_syscall_64+0x1b9/0x820
[ 38.203103] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 38.203105]
[ 38.203109] other info that might help us debug this:
[ 38.203112]
[ 38.203115] Chain exists of:
[ 38.203117] (console_sem).lock --> &rq->lock --> report_lock
[ 38.203135]
[ 38.203138] Possible unsafe locking scenario:
[ 38.203141]
[ 38.203145] CPU0 CPU1
[ 38.203149] ---- ----
[ 38.203151] lock(report_lock);
[ 38.203160] lock(&rq->lock);
[ 38.203169] lock(report_lock);
[ 38.203177] lock((console_sem).lock);
[ 38.203185]
[ 38.203188] *** DEADLOCK ***
[ 38.203190]
[ 38.203194] 2 locks held by syz-executor452/4647:
[ 38.203196] #0: 00000000f15c9187 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[ 38.203218] #1: 0000000086a69c04 (report_lock){....}, at: kasan_report+0x8e/0x110
[ 38.203235]
[ 38.203238] stack backtrace:
[ 38.203244] CPU: 0 PID: 4647 Comm: syz-executor452 Not tainted 4.19.0-rc2+ #2
[ 38.203250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 38.203253] Call Trace:
[ 38.203257] dump_stack+0x1c9/0x2b4
[ 38.203262] ? dump_stack_print_info.cold.2+0x52/0x52
[ 38.203265] ? vprintk_func+0x100/0x117
[ 38.203270] print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[ 38.203274] ? save_trace+0xe0/0x290
[ 38.203278] __lock_acquire+0x3449/0x5020
[ 38.203282] ? mark_held_locks+0x160/0x160
[ 38.203286] ? mark_held_locks+0x160/0x160
[ 38.203290] ? rcu_cleanup_dead_rnp+0x200/0x200
[ 38.203294] ? is_bpf_text_address+0xd7/0x170
[ 38.203298] ? kernel_text_address+0x79/0xf0
[ 38.203302] ? __kernel_text_address+0xd/0x40
[ 38.203307] ? __save_stack_trace+0x8d/0xf0
[ 38.203311] ? add_lock_to_list.isra.27+0x1ec/0x4b0
[ 38.203315] ? save_trace+0x290/0x290
[ 38.203319] ? save_stack_trace+0x1a/0x20
[ 38.203322] ? save_trace+0xe0/0x290
[ 38.203326] ? graph_lock+0x170/0x170
[ 38.203331] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 38.203334] lock_acquire+0x1e4/0x4f0
[ 38.203338] ? down_trylock+0x13/0x70
[ 38.203342] ? lock_release+0x9f0/0x9f0
[ 38.203346] ? trace_hardirqs_off+0xb8/0x2c0
[ 38.203350] ? trace_hardirqs_on+0x2c0/0x2c0
[ 38.203354] ? trace_hardirqs_off+0xb8/0x2c0
[ 38.203358] ? log_store+0x34f/0x4c0
[ 38.203362] ? vprintk_emit+0x31f/0x910
[ 38.203366] _raw_spin_lock_irqsave+0x96/0xc0
[ 38.203369] ? down_trylock+0x13/0x70
[ 38.203373] down_trylock+0x13/0x70
[ 38.203377] __down_trylock_console_sem+0xae/0x200
[ 38.203381] console_trylock+0x15/0xa0
[ 38.203385] vprintk_emit+0x31f/0x910
[ 38.203389] ? wake_up_klogd+0x110/0x110
[ 38.203393] ? run_rebalance_domains+0x4c0/0x4c0
[ 38.203397] ? kasan_check_read+0x11/0x20
[ 38.203401] ? rcu_is_watching+0x8c/0x150
[ 38.203405] ? rcu_pm_notify+0xc0/0xc0
[ 38.203408] ? lock_acquire+0x1e4/0x4f0
[ 38.203412] ? kasan_report+0x8e/0x110
[ 38.203416] ? __schedule+0xf54/0x1df0
[ 38.203420] vprintk_default+0x28/0x30
[ 38.203423] vprintk_func+0x7a/0x117
[ 38.203426] printk+0xa7/0xcf
[ 38.203431] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 38.203435] ? kasan_check_write+0x14/0x20
[ 38.203439] ? do_raw_spin_lock+0xc1/0x200
[ 38.203443] ? do_raw_spin_lock+0xc1/0x200
[ 38.203446] kasan_report+0x9e/0x110
[ 38.203450] __asan_report_load8_noabort+0x14/0x20
[ 38.203454] __schedule+0xf54/0x1df0
[ 38.203459] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 38.203476] ? __sched_text_start+0x8/0x8
[ 38.203480] ? __call_srcu+0x7e7/0x1040
[ 38.203483] ? check_same_owner+0x340/0x340
[ 38.203487] ? mark_held_locks+0x160/0x160
[ 38.203491] ? find_held_lock+0x36/0x1c0
[ 38.203495] preempt_schedule_common+0x22/0x60
[ 38.203499] _cond_resched+0x1d/0x30
[ 38.203502] wait_for_completion+0xa5/0x8d0
[ 38.203507] ? wait_for_completion_interruptible+0x950/0x950
[ 38.203511] ? __lockdep_init_map+0x105/0x590
[ 38.203515] ? __init_waitqueue_head+0x9e/0x150
[ 38.203519] ? init_wait_entry+0x1c0/0x1c0
[ 38.203523] __synchronize_srcu+0x189/0x240
[ 38.203526] ? call_srcu+0x10/0x10
[ 38.203530] ? rcu_unexpedite_gp+0x20/0x20
[ 38.203548] synchronize_srcu+0x335/0x56f
[ 38.203551] ? lock_downgrade+0x8f0/0x8f0
[ 38.203555] ? synchronize_srcu_expedited+0x20/0x20
[ 38.203559] ? kasan_check_read+0x11/0x20
[ 38.203563] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 38.203567] ? kasan_check_write+0x14/0x20
[ 38.203570] ? do_raw_spin_lock+0xc1/0x200
[ 38.203575] kvm_page_track_unregister_notifier+0x17d/0x250
[ 38.203579] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 38.203582] ? kvfree+0x61/0x70
[ 38.203586] ? rcu_read_lock_sched_held+0x108/0x120
[ 38.203590] kvm_mmu_uninit_vm+0x1c/0x20
[ 38.203594] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 38.203598] ? kvm_arch_sync_events+0x30/0x30
[ 38.203602] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 38.203606] ? mmu_notifier_unregister+0x474/0x600
[ 38.203610] ? trace_hardirqs_on+0x2c0/0x2c0
[ 38.203613] ? kfree+0x111/0x210
[ 38.203617] ? __mmu_notifier_register+0x30/0x30
[ 38.203621] ? __free_pages+0x10a/0x190
[ 38.203624] ? free_unref_page+0x930/0x930
[ 38.203628] kvm_put_kvm+0x73f/0x1060
[ 38.203639] ? kvm_write_guest_cached+0x40/0x40
[ 38.203643] ? _raw_spin_unlock_irq+0x27/0x70
[ 38.203647] ? _raw_spin_unlock_irq+0x27/0x70
[ 38.203650] ? lockdep_hardirqs_on+0x421/0x5c0
[ 38.203654] ? kasan_check_write+0x14/0x20
[ 38.203658] ? do_raw_spin_lock+0xc1/0x200
[ 38.203662] ? kvm_irqfd_release+0xdd/0x120
[ 38.203665] ? kvm_irqfd_release+0xdd/0x120
[ 38.203669] ? kvm_put_kvm+0x1060/0x1060
[ 38.203672] kvm_vm_release+0x42/0x50
[ 38.203676] __fput+0x38a/0xa40
[ 38.203679] ? __alloc_file+0x400/0x400
[ 38.203683] ? check_same_owner+0x340/0x340
[ 38.203687] ? kasan_check_write+0x14/0x20
[ 38.203690] ? do_raw_spin_lock+0xc1/0x200
[ 38.203694] ____fput+0x15/0x20
[ 38.203709] task_work_run+0x1e8/0x2a0
[ 38.203713] ? task_work_cancel+0x240/0x240
[ 38.203719] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 38.203723] ? switch_task_namespaces+0xa2/0xd0
[ 38.203727] do_exit+0x1ae4/0x26e0
[ 38.203731] ? mm_update_next_owner+0x9a0/0x9a0
[ 38.203735] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 38.203739] ? rcu_read_lock_sched_held+0x108/0x120
[ 38.203743] ? kfree+0x1d7/0x210
[ 38.203747] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 38.203751] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 38.203756] ? is_bpf_text_address+0xd7/0x170
[ 38.203758] ? ker
[ 38.203765] Lost 54 message(s)!
[ 39.304701] Shutting down cpus with NMI
[ 40.364211] Dumping ftrace buffer:
[ 40.367736] (ftrace buffer empty)
[ 40.371427] Kernel Offset: disabled
[ 40.375034] Rebooting in 86400 seconds..