[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 24.338978] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 25.200118] random: sshd: uninitialized urandom read (32 bytes read)
[ 25.578713] random: sshd: uninitialized urandom read (32 bytes read)
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 26.168755] random: sshd: uninitialized urandom read (32 bytes read)
[ 26.407346] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts.
[ 31.988230] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 32.121019] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 32.146360] ==================================================================
[ 32.156355] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0
[ 32.162587] Read of size 8 at addr ffff8801c7680058 by task syz-executor751/5324
[ 32.170110]
[ 32.171766] CPU: 0 PID: 5324 Comm: syz-executor751 Not tainted 4.19.0-rc2+ #228
[ 32.179201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 32.188544] Call Trace:
[ 32.191136] dump_stack+0x1c4/0x2b4
[ 32.194782] ? dump_stack_print_info.cold.2+0x52/0x52
[ 32.199970] ? printk+0xa7/0xcf
[ 32.203250] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 32.208013] print_address_description.cold.8+0x9/0x1ff
[ 32.213376] kasan_report.cold.9+0x242/0x309
[ 32.217783] ? __schedule+0xfc3/0x1ed0
[ 32.221669] __asan_report_load8_noabort+0x14/0x20
[ 32.226596] __schedule+0xfc3/0x1ed0
[ 32.230312] ? __sched_text_start+0x8/0x8
[ 32.234463] ? __lock_is_held+0xb5/0x140
[ 32.238521] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 32.243624] ? find_held_lock+0x36/0x1c0
[ 32.247691] ? __call_srcu+0x7f9/0x1070
[ 32.251667] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 32.256767] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 32.261874] ? lockdep_hardirqs_on+0x421/0x5c0
[ 32.266456] ? preempt_schedule+0x4d/0x60
[ 32.270606] preempt_schedule_common+0x1f/0xd0
[ 32.275188] preempt_schedule+0x4d/0x60
[ 32.279171] ___preempt_schedule+0x16/0x18
[ 32.283407] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 32.288340] __call_srcu+0x7f9/0x1070
[ 32.292146] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 32.297262] ? srcu_offline_cpu+0x120/0x120
[ 32.301587] ? debug_object_free+0x690/0x690
[ 32.306001] ? mark_held_locks+0x130/0x130
[ 32.310235] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 32.314818] ? lock_release+0x970/0x970
[ 32.318800] ? arch_local_save_flags+0x40/0x40
[ 32.323381] ? depot_save_stack+0x292/0x470
[ 32.327712] ? __lockdep_init_map+0x105/0x590
[ 32.332208] ? __init_waitqueue_head+0x9e/0x150
[ 32.336877] ? init_wait_entry+0x1c0/0x1c0
[ 32.341122] __synchronize_srcu+0x17b/0x230
[ 32.345444] ? call_srcu+0x10/0x10
[ 32.348980] ? rcu_unexpedite_gp+0x20/0x20
[ 32.353219] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 32.358766] ? check_preemption_disabled+0x48/0x200
[ 32.363792] synchronize_srcu+0x356/0x5ab
[ 32.367945] ? lock_downgrade+0x900/0x900
[ 32.372091] ? synchronize_srcu_expedited+0x20/0x20
[ 32.377124] ? kasan_check_read+0x11/0x20
[ 32.381275] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 32.385867] ? kasan_check_write+0x14/0x20
[ 32.390113] ? do_raw_spin_lock+0xc1/0x200
[ 32.394356] kvm_page_track_unregister_notifier+0x17d/0x250
[ 32.400069] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 32.405528] ? kvfree+0x61/0x70
[ 32.408809] ? rcu_read_lock_sched_held+0x108/0x120
[ 32.413835] kvm_mmu_uninit_vm+0x1c/0x20
[ 32.417906] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 32.422318] ? kvm_arch_sync_events+0x30/0x30
[ 32.426816] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 32.432364] ? mmu_notifier_unregister+0x474/0x600
[ 32.437293] ? kfree+0x107/0x230
[ 32.440662] ? __mmu_notifier_register+0x30/0x30
[ 32.445420] ? __free_pages+0x10a/0x190
[ 32.449401] ? free_unref_page+0x960/0x960
[ 32.453663] kvm_put_kvm+0x6c8/0xff0
[ 32.457398] ? kvm_write_guest_cached+0x40/0x40
[ 32.462074] ? kvm_irqfd_release+0xd1/0x120
[ 32.466405] ? _raw_spin_unlock_irq+0x27/0x80
[ 32.470900] ? _raw_spin_unlock_irq+0x27/0x80
[ 32.475405] ? kasan_check_write+0x14/0x20
[ 32.479642] ? do_raw_spin_lock+0xc1/0x200
[ 32.483882] ? kvm_irqfd_release+0xdd/0x120
[ 32.488201] ? kvm_irqfd_release+0xdd/0x120
[ 32.492527] ? kvm_put_kvm+0xff0/0xff0
[ 32.496415] kvm_vm_release+0x42/0x50
[ 32.500214] __fput+0x385/0xa30
[ 32.503495] ? get_max_files+0x20/0x20
[ 32.507383] ? trace_hardirqs_on+0xbd/0x310
[ 32.511719] ? ___might_sleep+0x1ed/0x300
[ 32.515880] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 32.521334] ? arch_local_save_flags+0x40/0x40
[ 32.525916] ? kasan_check_write+0x14/0x20
[ 32.530152] ? do_raw_spin_lock+0xc1/0x200
[ 32.534385] ____fput+0x15/0x20
[ 32.537664] task_work_run+0x1e8/0x2a0
[ 32.541552] ? task_work_cancel+0x240/0x240
[ 32.545891] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 32.551433] ? switch_task_namespaces+0x9d/0xd0
[ 32.556136] do_exit+0x1ad7/0x2610
[ 32.559688] ? mm_update_next_owner+0x990/0x990
[ 32.564364] ? kvm_vcpu_ioctl+0x29c/0x1150
[ 32.568598] ? rcu_read_lock_sched_held+0x108/0x120
[ 32.573618] ? kfree+0x1fa/0x230
[ 32.576988] ? kvm_vcpu_ioctl+0x2a1/0x1150
[ 32.581226] ? kvm_vcpu_block+0x1030/0x1030
[ 32.585553] ? is_bpf_text_address+0xd3/0x170
[ 32.590050] ? kernel_text_address+0x79/0xf0
[ 32.594456] ? __kernel_text_address+0xd/0x40
[ 32.598955] ? unwind_get_return_address+0x61/0xa0
[ 32.603899] ? __save_stack_trace+0x8d/0xf0
[ 32.608229] ? save_stack+0xa9/0xd0
[ 32.611861] ? save_stack+0x43/0xd0
[ 32.615485] ? __kasan_slab_free+0x102/0x150
[ 32.619890] ? kasan_slab_free+0xe/0x10
[ 32.623873] ? putname+0xf2/0x130
[ 32.627328] ? __x64_sys_openat+0x9d/0x100
[ 32.631562] ? do_syscall_64+0x1b9/0x820
[ 32.635624] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.640996] ? trace_hardirqs_off+0xb8/0x310
[ 32.645407] ? kasan_check_read+0x11/0x20
[ 32.649561] ? do_raw_spin_unlock+0xa7/0x2f0
[ 32.654496] ? trace_hardirqs_on+0x310/0x310
[ 32.658926] ? __bpf_trace_initcall_finish+0x2a/0x30
[ 32.664053] ? trace_hardirqs_off+0xb8/0x310
[ 32.668485] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.674045] ? check_preemption_disabled+0x48/0x200
[ 32.679079] ? check_preemption_disabled+0x48/0x200
[ 32.684127] ? kvm_vcpu_block+0x1030/0x1030
[ 32.688454] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.693992] ? do_vfs_ioctl+0x201/0x1720
[ 32.698055] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[ 32.703336] ? ioctl_preallocate+0x300/0x300
[ 32.707748] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.713289] ? __fget_light+0x2e9/0x430
[ 32.717263] ? fget_raw+0x20/0x20
[ 32.720715] ? putname+0xf2/0x130
[ 32.724200] ? rcu_read_lock_sched_held+0x108/0x120
[ 32.729218] ? kmem_cache_free+0x24f/0x290
[ 32.733454] ? putname+0xf7/0x130
[ 32.736915] do_group_exit+0x177/0x440
[ 32.740811] ? trace_hardirqs_on+0xbd/0x310
[ 32.745161] ? __ia32_sys_exit+0x50/0x50
[ 32.749230] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 32.754681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.760219] ? ksys_ioctl+0x81/0xd0
[ 32.763858] __x64_sys_exit_group+0x3e/0x50
[ 32.768185] do_syscall_64+0x1b9/0x820
[ 32.772077] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 32.777450] ? syscall_return_slowpath+0x5e0/0x5e0
[ 32.782585] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 32.787425] ? trace_hardirqs_on_caller+0x310/0x310
[ 32.792440] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 32.798117] ? prepare_exit_to_usermode+0x291/0x3b0
[ 32.803138] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 32.807988] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.813179] RIP: 0033:0x43ecd8
[ 32.816375] Code: Bad RIP value.
[ 32.819731] RSP: 002b:00007ffdf90a05c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 32.827439] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8
[ 32.834705] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 32.841971] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 32.849233] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 32.856498] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 32.863772]
[ 32.865394] Allocated by task 5324:
[ 32.869022] save_stack+0x43/0xd0
[ 32.872474] kasan_kmalloc+0xc7/0xe0
[ 32.876184] kasan_slab_alloc+0x12/0x20
[ 32.880155] kmem_cache_alloc+0x12e/0x730
[ 32.884304] vmx_create_vcpu+0xcf/0x25e0
[ 32.888361] kvm_arch_vcpu_create+0xe5/0x220
[ 32.892764] kvm_vm_ioctl+0x470/0x1d40
[ 32.896656] do_vfs_ioctl+0x1de/0x1720
[ 32.900540] ksys_ioctl+0xa9/0xd0
[ 32.903990] __x64_sys_ioctl+0x73/0xb0
[ 32.907879] do_syscall_64+0x1b9/0x820
[ 32.911767] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.916941]
[ 32.918558] Freed by task 5324:
[ 32.921833] save_stack+0x43/0xd0
[ 32.925295] __kasan_slab_free+0x102/0x150
[ 32.929524] kasan_slab_free+0xe/0x10
[ 32.933324] kmem_cache_free+0x83/0x290
[ 32.937295] vmx_free_vcpu+0x26b/0x300
[ 32.941180] kvm_arch_destroy_vm+0x365/0x7c0
[ 32.945587] kvm_put_kvm+0x6c8/0xff0
[ 32.949301] kvm_vm_release+0x42/0x50
[ 32.953096] __fput+0x385/0xa30
[ 32.956375] ____fput+0x15/0x20
[ 32.959652] task_work_run+0x1e8/0x2a0
[ 32.963537] do_exit+0x1ad7/0x2610
[ 32.967074] do_group_exit+0x177/0x440
[ 32.970964] __x64_sys_exit_group+0x3e/0x50
[ 32.975285] do_syscall_64+0x1b9/0x820
[ 32.979176] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.984369]
[ 32.985995] The buggy address belongs to the object at ffff8801c7680040
[ 32.985995] which belongs to the cache kvm_vcpu of size 23872
[ 32.998563] The buggy address is located 24 bytes inside of
[ 32.998563] 23872-byte region [ffff8801c7680040, ffff8801c7685d80)
[ 33.010515] The buggy address belongs to the page:
[ 33.015444] page:ffffea00071da000 count:1 mapcount:0 mapping:ffff8801d76594c0 index:0x0 compound_mapcount: 0
[ 33.025412] flags: 0x2fffc0000008100(slab|head)
[ 33.030083] raw: 02fffc0000008100 ffff8801d527ea48 ffff8801d527ea48 ffff8801d76594c0
[ 33.037970] raw: 0000000000000000 ffff8801c7680040 0000000100000001 0000000000000000
[ 33.045846] page dumped because: kasan: bad access detected
[ 33.051544]
[ 33.053162] Memory state around the buggy address:
[ 33.058087] ffff8801c767ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.065475] ffff8801c767ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.072832] >ffff8801c7680000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 33.080194] ^
[ 33.086420] ffff8801c7680080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 33.093772] ffff8801c7680100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 33.101151] ==================================================================
[ 33.108500] Kernel panic - not syncing: panic_on_warn set ...
[ 33.108500]
[ 33.115873] CPU: 0 PID: 5324 Comm: syz-executor751 Tainted: G B 4.19.0-rc2+ #228
[ 33.124702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 33.134043] Call Trace:
[ 33.136636] dump_stack+0x1c4/0x2b4
[ 33.140262] ? dump_stack_print_info.cold.2+0x52/0x52
[ 33.145453] ? lock_downgrade+0x900/0x900
[ 33.149605] panic+0x238/0x4e7
[ 33.152814] ? add_taint.cold.5+0x16/0x16
[ 33.156981] ? print_shadow_for_address+0xb6/0x116
[ 33.161909] ? trace_hardirqs_off+0xaf/0x310
[ 33.166319] kasan_end_report+0x47/0x4f
[ 33.170294] kasan_report.cold.9+0x76/0x309
[ 33.174616] ? __schedule+0xfc3/0x1ed0
[ 33.178504] __asan_report_load8_noabort+0x14/0x20
[ 33.183433] __schedule+0xfc3/0x1ed0
[ 33.187151] ? __sched_text_start+0x8/0x8
[ 33.191303] ? __lock_is_held+0xb5/0x140
[ 33.195363] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 33.200466] ? find_held_lock+0x36/0x1c0
[ 33.204534] ? __call_srcu+0x7f9/0x1070
[ 33.208509] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 33.213611] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 33.218715] ? lockdep_hardirqs_on+0x421/0x5c0
[ 33.223296] ? preempt_schedule+0x4d/0x60
[ 33.227445] preempt_schedule_common+0x1f/0xd0
[ 33.232028] preempt_schedule+0x4d/0x60
[ 33.236002] ___preempt_schedule+0x16/0x18
[ 33.240239] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 33.245169] __call_srcu+0x7f9/0x1070
[ 33.248967] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 33.254075] ? srcu_offline_cpu+0x120/0x120
[ 33.258401] ? debug_object_free+0x690/0x690
[ 33.262832] ? mark_held_locks+0x130/0x130
[ 33.267093] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 33.271681] ? lock_release+0x970/0x970
[ 33.275697] ? arch_local_save_flags+0x40/0x40
[ 33.280298] ? depot_save_stack+0x292/0x470
[ 33.284624] ? __lockdep_init_map+0x105/0x590
[ 33.289128] ? __init_waitqueue_head+0x9e/0x150
[ 33.293794] ? init_wait_entry+0x1c0/0x1c0
[ 33.298036] __synchronize_srcu+0x17b/0x230
[ 33.302357] ? call_srcu+0x10/0x10
[ 33.305895] ? rcu_unexpedite_gp+0x20/0x20
[ 33.310136] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 33.315688] ? check_preemption_disabled+0x48/0x200
[ 33.320707] synchronize_srcu+0x356/0x5ab
[ 33.324862] ? lock_downgrade+0x900/0x900
[ 33.329013] ? synchronize_srcu_expedited+0x20/0x20
[ 33.334033] ? kasan_check_read+0x11/0x20
[ 33.338182] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 33.342765] ? kasan_check_write+0x14/0x20
[ 33.346997] ? do_raw_spin_lock+0xc1/0x200
[ 33.351248] kvm_page_track_unregister_notifier+0x17d/0x250
[ 33.356960] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 33.362413] ? kvfree+0x61/0x70
[ 33.365693] ? rcu_read_lock_sched_held+0x108/0x120
[ 33.370726] kvm_mmu_uninit_vm+0x1c/0x20
[ 33.374787] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 33.379198] ? kvm_arch_sync_events+0x30/0x30
[ 33.383697] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 33.389231] ? mmu_notifier_unregister+0x474/0x600
[ 33.394157] ? kfree+0x107/0x230
[ 33.397523] ? __mmu_notifier_register+0x30/0x30
[ 33.402279] ? __free_pages+0x10a/0x190
[ 33.406276] ? free_unref_page+0x960/0x960
[ 33.410529] kvm_put_kvm+0x6c8/0xff0
[ 33.414250] ? kvm_write_guest_cached+0x40/0x40
[ 33.418921] ? kvm_irqfd_release+0xd1/0x120
[ 33.423245] ? _raw_spin_unlock_irq+0x27/0x80
[ 33.427740] ? _raw_spin_unlock_irq+0x27/0x80
[ 33.432242] ? kasan_check_write+0x14/0x20
[ 33.436477] ? do_raw_spin_lock+0xc1/0x200
[ 33.440715] ? kvm_irqfd_release+0xdd/0x120
[ 33.445034] ? kvm_irqfd_release+0xdd/0x120
[ 33.449358] ? kvm_put_kvm+0xff0/0xff0
[ 33.453248] kvm_vm_release+0x42/0x50
[ 33.457046] __fput+0x385/0xa30
[ 33.460324] ? get_max_files+0x20/0x20
[ 33.464210] ? trace_hardirqs_on+0xbd/0x310
[ 33.468533] ? ___might_sleep+0x1ed/0x300
[ 33.472720] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 33.478189] ? arch_local_save_flags+0x40/0x40
[ 33.482766] ? kasan_check_write+0x14/0x20
[ 33.487002] ? do_raw_spin_lock+0xc1/0x200
[ 33.491235] ____fput+0x15/0x20
[ 33.494554] task_work_run+0x1e8/0x2a0
[ 33.498469] ? task_work_cancel+0x240/0x240
[ 33.502790] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 33.508327] ? switch_task_namespaces+0x9d/0xd0
[ 33.512995] do_exit+0x1ad7/0x2610
[ 33.516536] ? mm_update_next_owner+0x990/0x990
[ 33.521210] ? kvm_vcpu_ioctl+0x29c/0x1150
[ 33.525495] ? rcu_read_lock_sched_held+0x108/0x120
[ 33.530515] ? kfree+0x1fa/0x230
[ 33.533886] ? kvm_vcpu_ioctl+0x2a1/0x1150
[ 33.538140] ? kvm_vcpu_block+0x1030/0x1030
[ 33.542571] ? is_bpf_text_address+0xd3/0x170
[ 33.547094] ? kernel_text_address+0x79/0xf0
[ 33.551507] ? __kernel_text_address+0xd/0x40
[ 33.556001] ? unwind_get_return_address+0x61/0xa0
[ 33.560944] ? __save_stack_trace+0x8d/0xf0
[ 33.565287] ? save_stack+0xa9/0xd0
[ 33.568911] ? save_stack+0x43/0xd0
[ 33.572538] ? __kasan_slab_free+0x102/0x150
[ 33.576941] ? kasan_slab_free+0xe/0x10
[ 33.580913] ? putname+0xf2/0x130
[ 33.584369] ? __x64_sys_openat+0x9d/0x100
[ 33.588612] ? do_syscall_64+0x1b9/0x820
[ 33.592686] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 33.598054] ? trace_hardirqs_off+0xb8/0x310
[ 33.602465] ? kasan_check_read+0x11/0x20
[ 33.606616] ? do_raw_spin_unlock+0xa7/0x2f0
[ 33.611025] ? trace_hardirqs_on+0x310/0x310
[ 33.615439] ? __bpf_trace_initcall_finish+0x2a/0x30
[ 33.620541] ? trace_hardirqs_off+0xb8/0x310
[ 33.624965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 33.630560] ? check_preemption_disabled+0x48/0x200
[ 33.635573] ? check_preemption_disabled+0x48/0x200
[ 33.640609] ? kvm_vcpu_block+0x1030/0x1030
[ 33.644932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 33.650488] ? do_vfs_ioctl+0x201/0x1720
[ 33.654598] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[ 33.659904] ? ioctl_preallocate+0x300/0x300
[ 33.664326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 33.669866] ? __fget_light+0x2e9/0x430
[ 33.673847] ? fget_raw+0x20/0x20
[ 33.677299] ? putname+0xf2/0x130
[ 33.680752] ? rcu_read_lock_sched_held+0x108/0x120
[ 33.685769] ? kmem_cache_free+0x24f/0x290
[ 33.690005] ? putname+0xf7/0x130
[ 33.693463] do_group_exit+0x177/0x440
[ 33.697354] ? trace_hardirqs_on+0xbd/0x310
[ 33.701678] ? __ia32_sys_exit+0x50/0x50
[ 33.705740] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 33.711202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 33.716736] ? ksys_ioctl+0x81/0xd0
[ 33.720387] __x64_sys_exit_group+0x3e/0x50
[ 33.724713] do_syscall_64+0x1b9/0x820
[ 33.728599] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 33.733962] ? syscall_return_slowpath+0x5e0/0x5e0
[ 33.738891] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 33.743795] ? trace_hardirqs_on_caller+0x310/0x310
[ 33.748809] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 33.753831] ? prepare_exit_to_usermode+0x291/0x3b0
[ 33.758868] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 33.763716] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 33.768905] RIP: 0033:0x43ecd8
[ 33.772107] Code: Bad RIP value.
[ 33.775466] RSP: 002b:00007ffdf90a05c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 33.783173] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecd8
[ 33.790438] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 33.797718] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 33.804995] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 33.812259] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 33.819538]
[ 33.819545] ======================================================
[ 33.819551] WARNING: possible circular locking dependency detected
[ 33.819555] 4.19.0-rc2+ #228 Not tainted
[ 33.819561] ------------------------------------------------------
[ 33.819566] syz-executor751/5324 is trying to acquire lock:
[ 33.819570] 0000000060e14547 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 33.819587]
[ 33.819591] but task is already holding lock:
[ 33.819595] 00000000553a3208 (report_lock){....}, at: kasan_report+0x8b/0x110
[ 33.819611]
[ 33.819616] which lock already depends on the new lock.
[ 33.819619]
[ 33.819621]
[ 33.819627] the existing dependency chain (in reverse order) is:
[ 33.819629]
[ 33.819632] -> #3 (report_lock){....}:
[ 33.819648] _raw_spin_lock_irqsave+0x99/0xd0
[ 33.819653] kasan_report+0x8b/0x110
[ 33.819658] __asan_report_load8_noabort+0x14/0x20
[ 33.819662] __schedule+0xfc3/0x1ed0
[ 33.819667] preempt_schedule_common+0x1f/0xd0
[ 33.819671] preempt_schedule+0x4d/0x60
[ 33.819676] ___preempt_schedule+0x16/0x18
[ 33.819681] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 33.819685] __call_srcu+0x7f9/0x1070
[ 33.819690] __synchronize_srcu+0x17b/0x230
[ 33.819694] synchronize_srcu+0x356/0x5ab
[ 33.819700] kvm_page_track_unregister_notifier+0x17d/0x250
[ 33.819704] kvm_mmu_uninit_vm+0x1c/0x20
[ 33.819709] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 33.819713] kvm_put_kvm+0x6c8/0xff0
[ 33.819718] kvm_vm_release+0x42/0x50
[ 33.819722] __fput+0x385/0xa30
[ 33.819725] ____fput+0x15/0x20
[ 33.819730] task_work_run+0x1e8/0x2a0
[ 33.819734] do_exit+0x1ad7/0x2610
[ 33.819738] do_group_exit+0x177/0x440
[ 33.819743] __x64_sys_exit_group+0x3e/0x50
[ 33.819747] do_syscall_64+0x1b9/0x820
[ 33.819753] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 33.819755]
[ 33.819758] -> #2 (&rq->lock){-.-.}:
[ 33.819773] _raw_spin_lock+0x2d/0x40
[ 33.819778] task_fork_fair+0xb0/0x6d0
[ 33.819782] sched_fork+0x443/0xba0
[ 33.819786] copy_process+0x2586/0x8780
[ 33.819790] _do_fork+0x1cb/0x11d0
[ 33.819795] kernel_thread+0x34/0x40
[ 33.819799] rest_init+0x22/0xe5
[ 33.819803] start_kernel+0x8f4/0x92f
[ 33.819808] x86_64_start_reservations+0x29/0x2b
[ 33.819813] x86_64_start_kernel+0x76/0x79
[ 33.819817] secondary_startup_64+0xa4/0xb0
[ 33.819820]
[ 33.819823] -> #1 (&p->pi_lock){-.-.}:
[ 33.819846] _raw_spin_lock_irqsave+0x99/0xd0
[ 33.819851] try_to_wake_up+0xd2/0x12f0
[ 33.819856] wake_up_process+0x10/0x20
[ 33.819860] __up.isra.1+0x1c0/0x2a0
[ 33.819864] up+0x13c/0x1c0
[ 33.819868] __up_console_sem+0xbe/0x1b0
[ 33.819873] console_unlock+0x524/0x11a0
[ 33.819877] vprintk_emit+0x33d/0x930
[ 33.819881] vprintk_default+0x28/0x30
[ 33.819886] vprintk_func+0x7e/0x181
[ 33.819890] printk+0xa7/0xcf
[ 33.819894] load_umh+0x51/0xbd
[ 33.819898] do_one_initcall+0x145/0x957
[ 33.819903] kernel_init_freeable+0x4bb/0x5ae
[ 33.819907] kernel_init+0x11/0x1b2
[ 33.819912] ret_from_fork+0x3a/0x50
[ 33.819914]
[ 33.819917] -> #0 ((console_sem).lock){-...}:
[ 33.819933] lock_acquire+0x1ed/0x520
[ 33.819938] _raw_spin_lock_irqsave+0x99/0xd0
[ 33.819942] down_trylock+0x13/0x70
[ 33.819947] __down_trylock_console_sem+0xae/0x200
[ 33.819951] console_trylock+0x15/0xa0
[ 33.819955] vprintk_emit+0x322/0x930
[ 33.819960] vprintk_default+0x28/0x30
[ 33.819964] vprintk_func+0x7e/0x181
[ 33.819968] printk+0xa7/0xcf
[ 33.819972] kasan_report+0x9b/0x110
[ 33.819977] __asan_report_load8_noabort+0x14/0x20
[ 33.819982] __schedule+0xfc3/0x1ed0
[ 33.819986] preempt_schedule_common+0x1f/0xd0
[ 33.819991] preempt_schedule+0x4d/0x60
[ 33.819995] ___preempt_schedule+0x16/0x18
[ 33.820000] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 33.820005] __call_srcu+0x7f9/0x1070
[ 33.820009] __synchronize_srcu+0x17b/0x230
[ 33.820014] synchronize_srcu+0x356/0x5ab
[ 33.820019] kvm_page_track_unregister_notifier+0x17d/0x250
[ 33.820024] kvm_mmu_uninit_vm+0x1c/0x20
[ 33.820028] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 33.820033] kvm_put_kvm+0x6c8/0xff0
[ 33.820037] kvm_vm_release+0x42/0x50
[ 33.820041] __fput+0x385/0xa30
[ 33.820045] ____fput+0x15/0x20
[ 33.820049] task_work_run+0x1e8/0x2a0
[ 33.820053] do_exit+0x1ad7/0x2610
[ 33.820057] do_group_exit+0x177/0x440
[ 33.820062] __x64_sys_exit_group+0x3e/0x50
[ 33.820066] do_syscall_64+0x1b9/0x820
[ 33.820071] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 33.820074]
[ 33.820079] other info that might help us debug this:
[ 33.820081]
[ 33.820085] Chain exists of:
[ 33.820087] (console_sem).lock --> &rq->lock --> report_lock
[ 33.820113]
[ 33.820118] Possible unsafe locking scenario:
[ 33.820120]
[ 33.820125] CPU0 CPU1
[ 33.820129] ---- ----
[ 33.820132] lock(report_lock);
[ 33.820142] lock(&rq->lock);
[ 33.820152] lock(report_lock);
[ 33.820161] lock((console_sem).lock);
[ 33.820170]
[ 33.820173] *** DEADLOCK ***
[ 33.820176]
[ 33.820180] 2 locks held by syz-executor751/5324:
[ 33.820183] #0: 00000000de5f3a8d (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0
[ 33.820201] #1: 00000000553a3208 (report_lock){....}, at: kasan_report+0x8b/0x110
[ 33.820220]
[ 33.820223] stack backtrace:
[ 33.820230] CPU: 0 PID: 5324 Comm: syz-executor751 Not tainted 4.19.0-rc2+ #228
[ 33.820238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 33.820241] Call Trace:
[ 33.820246] dump_stack+0x1c4/0x2b4
[ 33.820251] ? dump_stack_print_info.cold.2+0x52/0x52
[ 33.820255] ? vprintk_func+0x85/0x181
[ 33.820260] print_circular_bug.isra.33.cold.54+0x1bd/0x27d
[ 33.820265] ? save_trace+0xe0/0x290
[ 33.820269] __lock_acquire+0x33e4/0x4ec0
[ 33.820274] ? mark_held_locks+0x130/0x130
[ 33.820278] ? mark_held_locks+0x130/0x130
[ 33.820283] ? rcu_bh_qs+0xc0/0xc0
[ 33.820287] ? unwind_dump+0x190/0x190
[ 33.820292] ? is_bpf_text_address+0xd3/0x170
[ 33.820296] ? kernel_text_address+0x79/0xf0
[ 33.820301] ? __kernel_text_address+0xd/0x40
[ 33.820306] ? __save_stack_trace+0x8d/0xf0
[ 33.820310] ? add_lock_to_list.isra.26+0x1ec/0x4b0
[ 33.820315] ? save_trace+0x290/0x290
[ 33.820319] ? save_stack_trace+0x1a/0x20
[ 33.820323] ? save_trace+0xe0/0x290
[ 33.820328] ? kasan_check_read+0x11/0x20
[ 33.820332] ? graph_lock+0x170/0x170
[ 33.820337] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 33.820341] lock_acquire+0x1ed/0x520
[ 33.820346] ? down_trylock+0x13/0x70
[ 33.820350] ? find_held_lock+0x36/0x1c0
[ 33.820354] ? lock_release+0x970/0x970
[ 33.820359] ? trace_hardirqs_off+0xb8/0x310
[ 33.820363] ? vprintk_emit+0x1d3/0x930
[ 33.820368] ? trace_hardirqs_on+0x310/0x310
[ 33.820373] ? trace_hardirqs_off+0xb8/0x310
[ 33.820377] ? log_store+0x344/0x4c0
[ 33.820381] ? vprintk_emit+0x322/0x930
[ 33.820386] _raw_spin_lock_irqsave+0x99/0xd0
[ 33.820390] ? down_trylock+0x13/0x70
[ 33.820394] down_trylock+0x13/0x70
[ 33.820399] __down_trylock_console_sem+0xae/0x200
[ 33.820403] console_trylock+0x15/0xa0
[ 33.820408] vprintk_emit+0x322/0x930
[ 33.820412] ? wake_up_klogd+0x180/0x180
[ 33.820417] ? run_rebalance_domains+0x500/0x500
[ 33.820422] ? wake_up_worker+0x117/0x190
[ 33.820426] ? find_held_lock+0x36/0x1c0
[ 33.820431] ? __queue_work+0x6be/0x1440
[ 33.820435] ? lock_acquire+0x1ed/0x520
[ 33.820439] vprintk_default+0x28/0x30
[ 33.820444] vprintk_func+0x7e/0x181
[ 33.820447] printk+0xa7/0xcf
[ 33.820452] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 33.820457] ? kasan_check_write+0x14/0x20
[ 33.820461] ? do_raw_spin_lock+0xc1/0x200
[ 33.820466] ? do_raw_spin_lock+0xc1/0x200
[ 33.820470] kasan_report+0x9b/0x110
[ 33.820474] ? __schedule+0xfc3/0x1ed0
[ 33.820479] __asan_report_load8_noabort+0x14/0x20
[ 33.820483] __schedule+0xfc3/0x1ed0
[ 33.820488] ? __sched_text_start+0x8/0x8
[ 33.820492] ? __lock_is_held+0xb5/0x140
[ 33.820497] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 33.820501] ? find_held_lock+0x36/0x1c0
[ 33.820506] ? __call_srcu+0x7f9/0x1070
[ 33.820511] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 33.820516] ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 33.820521] ? lockdep_hardirqs_on+0x421/0x5c0
[ 33.820525] ? preempt_schedule+0x4d/0x60
[ 33.820530] preempt_schedule_common+0x1f/0xd0
[ 33.820534] preempt_schedule+0x4d/0x60
[ 33.820539] ___preempt_schedule+0x16/0x18
[ 33.820544] _raw_spin_unlock_irqrestore+0xbb/0xd0
[ 33.820548] __call_srcu+0x7f9/0x1070
[ 33.820553] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 33.820558] ? srcu_offline_cpu+0x120/0x120
[ 33.820562] ? debug_object_free+0x690/0x690
[ 33.820567] ? mark_held_locks+0x130/0x130
[ 33.820572] ? kvm_arch_destroy_vm+0x414/0x7c0
[ 33.820576] ? lock_release+0x970/0x970
[ 33.820581] ? arch_local_save_flags+0x40/0x40
[ 33.820585] ? depot_save_stack+0x292/0x470
[ 33.820590] ? __lockdep_init_map+0x105/0x590
[ 33.820595] ? __init_waitqueue_head+0x9e/0x150
[ 33.820599] ? init_wait_entry+0x1c0/0x1c0
[ 33.820604] __synchronize_srcu+0x17b/0x230
[ 33.820608] ? call_srcu+0x10/0x10
[ 33.820613] ? rcu_unexpedite_gp+0x20/0x20
[ 33.820618] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 33.820623] ? check_preemption_disabled+0x48/0x200
[ 33.820628] synchronize_srcu+0x356/0x5ab
[ 33.820632] ? lock_downgrade+0x900/0x900
[ 33.820638] ? synchronize_srcu_expedited+0x20/0x20
[ 33.820642] ? kasan_check_read+0x11/0x20
[ 33.820647] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 33.820652] ? kasan_check_write+0x14/0x20
[ 33.820656] ? do_raw_spin_lock+0xc1/0x200
[ 33.820662] kvm_page_track_unregister_notifier+0x17d/0x250
[ 33.820667] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 33.820671] ? kvfree+0x61/0x70
[ 33.820676] ? rcu_read_lock_sched_held+0x108/0x120
[ 33.820680] kvm_mmu_uninit_vm+0x1c/0x20
[ 33.820685] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 33.820689] ? kvm_arch_sync_events+0x30/0x30
[ 33.820695] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 33.820700] ? mmu_notifier_unregister+0x474/0x600
[ 33.820704] ? kfree+0x107/0x230
[ 33.820708] ? __mmu_notifier_register+0x30/0x30
[ 33.820713] ? __free_pages+0x10a/0x190
[ 33.820717] ? free_unref_page+0x960/0x960
[ 33.820721] kvm_put_kvm+0x6c8/0xff0
[ 33.820726] ? kvm_write_guest_cached+0x40/0x40
[ 33.820731] ? kvm_irqfd_release+0xd1/0x120
[ 33.820735] ? _raw_spin_unlock_irq+0x27/0x80
[ 33.820740] ? _raw_spin_unlock_irq+0x27/0x80
[ 33.820744] ? kasan_check_write+0x14/0x20
[ 33.820749] ? do_raw_spin_lock+0xc1/0x200
[ 33.820753] ? kvm_irqfd_release+0x
[ 33.820761] Lost 82 message(s)!
[ 34.985605] Shutting down cpus with NMI
[ 36.043192] Dumping ftrace buffer:
[ 36.046720] (ftrace buffer empty)
[ 36.051038] Kernel Offset: disabled
[ 36.054661] Rebooting in 86400 seconds..