[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 22.874834] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 27.378012] random: sshd: uninitialized urandom read (32 bytes read)
[ 27.733921] random: sshd: uninitialized urandom read (32 bytes read)
[ 28.286074] random: sshd: uninitialized urandom read (32 bytes read)
[ 28.465131] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts.
[ 33.999197] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 34.096043] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 34.121018] ==================================================================
[ 34.130910] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[ 34.137137] Read of size 8 at addr ffff8801bac30058 by task syz-executor679/4632
[ 34.144655]
[ 34.146283] CPU: 1 PID: 4632 Comm: syz-executor679 Not tainted 4.19.0-rc1+ #217
[ 34.153730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.163078] Call Trace:
[ 34.165683] dump_stack+0x1c9/0x2b4
[ 34.169316] ? dump_stack_print_info.cold.2+0x52/0x52
[ 34.174506] ? printk+0xa7/0xcf
[ 34.177788] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 34.182548] ? __schedule+0xf54/0x1df0
[ 34.186431] print_address_description+0x6c/0x20b
[ 34.191283] ? __schedule+0xf54/0x1df0
[ 34.195172] kasan_report.cold.7+0x242/0x30d
[ 34.199583] __asan_report_load8_noabort+0x14/0x20
[ 34.204507] __schedule+0xf54/0x1df0
[ 34.208220] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 34.213322] ? __sched_text_start+0x8/0x8
[ 34.217477] ? __call_srcu+0x7e7/0x1040
[ 34.221466] ? check_same_owner+0x340/0x340
[ 34.225785] ? mark_held_locks+0x160/0x160
[ 34.230029] ? find_held_lock+0x36/0x1c0
[ 34.234107] preempt_schedule_common+0x22/0x60
[ 34.238690] _cond_resched+0x1d/0x30
[ 34.242401] wait_for_completion+0xa5/0x8d0
[ 34.246725] ? wait_for_completion_interruptible+0x950/0x950
[ 34.252519] ? __lockdep_init_map+0x105/0x590
[ 34.257011] ? __init_waitqueue_head+0x9e/0x150
[ 34.261679] ? init_wait_entry+0x1c0/0x1c0
[ 34.265912] __synchronize_srcu+0x189/0x240
[ 34.270228] ? call_srcu+0x10/0x10
[ 34.273765] ? rcu_unexpedite_gp+0x20/0x20
[ 34.278009] synchronize_srcu+0x335/0x56f
[ 34.282155] ? lock_downgrade+0x8f0/0x8f0
[ 34.286300] ? synchronize_srcu_expedited+0x20/0x20
[ 34.291315] ? kasan_check_read+0x11/0x20
[ 34.295503] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 34.300082] ? kasan_check_write+0x14/0x20
[ 34.304311] ? do_raw_spin_lock+0xc1/0x200
[ 34.308550] kvm_page_track_unregister_notifier+0x17d/0x250
[ 34.314259] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 34.319707] ? kvfree+0x61/0x70
[ 34.322988] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.328003] kvm_mmu_uninit_vm+0x1c/0x20
[ 34.332061] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 34.336476] ? kvm_arch_sync_events+0x30/0x30
[ 34.340980] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 34.346517] ? mmu_notifier_unregister+0x474/0x600
[ 34.351469] ? trace_hardirqs_on+0x2c0/0x2c0
[ 34.355875] ? kfree+0x111/0x210
[ 34.359252] ? __mmu_notifier_register+0x30/0x30
[ 34.364020] ? __free_pages+0x10a/0x190
[ 34.367996] ? free_unref_page+0x930/0x930
[ 34.372236] kvm_put_kvm+0x73f/0x1060
[ 34.376038] ? kvm_write_guest_cached+0x40/0x40
[ 34.380709] ? _raw_spin_unlock_irq+0x27/0x70
[ 34.385202] ? _raw_spin_unlock_irq+0x27/0x70
[ 34.389695] ? lockdep_hardirqs_on+0x421/0x5c0
[ 34.394277] ? kasan_check_write+0x14/0x20
[ 34.398511] ? do_raw_spin_lock+0xc1/0x200
[ 34.402754] ? kvm_irqfd_release+0xdd/0x120
[ 34.407071] ? kvm_irqfd_release+0xdd/0x120
[ 34.411405] ? kvm_put_kvm+0x1060/0x1060
[ 34.415468] kvm_vm_release+0x42/0x50
[ 34.419265] __fput+0x38a/0xa40
[ 34.422545] ? __alloc_file+0x400/0x400
[ 34.426540] ? check_same_owner+0x340/0x340
[ 34.430889] ? kasan_check_write+0x14/0x20
[ 34.435130] ? do_raw_spin_lock+0xc1/0x200
[ 34.439364] ____fput+0x15/0x20
[ 34.442637] task_work_run+0x1e8/0x2a0
[ 34.446524] ? task_work_cancel+0x240/0x240
[ 34.450847] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 34.456383] ? switch_task_namespaces+0xa2/0xd0
[ 34.461051] do_exit+0x1ae4/0x26e0
[ 34.464589] ? mm_update_next_owner+0x9a0/0x9a0
[ 34.469260] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 34.473492] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.478507] ? kfree+0x1d7/0x210
[ 34.481873] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 34.486105] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 34.491815] ? is_bpf_text_address+0xd7/0x170
[ 34.496306] ? kernel_text_address+0x79/0xf0
[ 34.500711] ? __kernel_text_address+0xd/0x40
[ 34.505217] ? unwind_get_return_address+0x61/0xa0
[ 34.510149] ? __save_stack_trace+0x8d/0xf0
[ 34.514481] ? save_stack+0xa9/0xd0
[ 34.518118] ? save_stack+0x43/0xd0
[ 34.521747] ? __kasan_slab_free+0x11a/0x170
[ 34.526148] ? kasan_slab_free+0xe/0x10
[ 34.530120] ? putname+0xf2/0x130
[ 34.533569] ? __x64_sys_openat+0x9d/0x100
[ 34.537801] ? do_syscall_64+0x1b9/0x820
[ 34.541862] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.547222] ? trace_hardirqs_off+0xb8/0x2b0
[ 34.551626] ? kasan_check_read+0x11/0x20
[ 34.555779] ? do_raw_spin_unlock+0xa7/0x2f0
[ 34.560184] ? trace_hardirqs_on+0x2c0/0x2c0
[ 34.564590] ? initcall_blacklisted+0x9a/0x1e0
[ 34.569171] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 34.574291] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 34.580023] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.585559] ? do_vfs_ioctl+0x201/0x1720
[ 34.589617] ? rcu_is_watching+0x8c/0x150
[ 34.593758] ? trace_hardirqs_on+0xbd/0x2c0
[ 34.598077] ? ioctl_preallocate+0x300/0x300
[ 34.602508] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.608052] ? __fget_light+0x2f7/0x440
[ 34.612022] ? fget_raw+0x20/0x20
[ 34.615470] ? putname+0xf2/0x130
[ 34.618923] ? rcu_read_lock_sched_held+0x108/0x120
[ 34.623934] ? kmem_cache_free+0x246/0x280
[ 34.628168] ? putname+0xf7/0x130
[ 34.631634] do_group_exit+0x177/0x440
[ 34.635521] ? trace_hardirqs_on+0xbd/0x2c0
[ 34.639838] ? __ia32_sys_exit+0x50/0x50
[ 34.643906] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 34.649009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.654545] ? ksys_ioctl+0x81/0xd0
[ 34.658174] __x64_sys_exit_group+0x3e/0x50
[ 34.662507] do_syscall_64+0x1b9/0x820
[ 34.666393] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 34.671753] ? syscall_return_slowpath+0x5e0/0x5e0
[ 34.676680] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.681744] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 34.686760] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 34.691774] ? prepare_exit_to_usermode+0x291/0x3b0
[ 34.696793] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.701652] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.706837] RIP: 0033:0x43ecf8
[ 34.710030] Code: Bad RIP value.
[ 34.713386] RSP: 002b:00007fffd90d99a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 34.721088] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8
[ 34.728348] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 34.735609] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 34.742882] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 34.750146] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 34.757414]
[ 34.759039] Allocated by task 4632:
[ 34.762662] save_stack+0x43/0xd0
[ 34.766112] kasan_kmalloc+0xc4/0xe0
[ 34.769821] kasan_slab_alloc+0x12/0x20
[ 34.773802] kmem_cache_alloc+0x12e/0x710
[ 34.777946] vmx_create_vcpu+0xcf/0x2830
[ 34.782021] kvm_arch_vcpu_create+0xe5/0x220
[ 34.786427] kvm_vm_ioctl+0x488/0x1d80
[ 34.790317] do_vfs_ioctl+0x1de/0x1720
[ 34.794200] ksys_ioctl+0xa9/0xd0
[ 34.797652] __x64_sys_ioctl+0x73/0xb0
[ 34.801555] do_syscall_64+0x1b9/0x820
[ 34.805448] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.811141]
[ 34.812758] Freed by task 4632:
[ 34.816032] save_stack+0x43/0xd0
[ 34.819479] __kasan_slab_free+0x11a/0x170
[ 34.823707] kasan_slab_free+0xe/0x10
[ 34.827502] kmem_cache_free+0x86/0x280
[ 34.831475] vmx_free_vcpu+0x26b/0x300
[ 34.835355] kvm_arch_destroy_vm+0x365/0x7c0
[ 34.839761] kvm_put_kvm+0x73f/0x1060
[ 34.843555] kvm_vm_release+0x42/0x50
[ 34.847348] __fput+0x38a/0xa40
[ 34.850620] ____fput+0x15/0x20
[ 34.853894] task_work_run+0x1e8/0x2a0
[ 34.857774] do_exit+0x1ae4/0x26e0
[ 34.861307] do_group_exit+0x177/0x440
[ 34.865186] __x64_sys_exit_group+0x3e/0x50
[ 34.869503] do_syscall_64+0x1b9/0x820
[ 34.873388] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.878571]
[ 34.880205] The buggy address belongs to the object at ffff8801bac30040
[ 34.880205] which belongs to the cache kvm_vcpu of size 23872
[ 34.892772] The buggy address is located 24 bytes inside of
[ 34.892772] 23872-byte region [ffff8801bac30040, ffff8801bac35d80)
[ 34.904722] The buggy address belongs to the page:
[ 34.909650] page:ffffea0006eb0c00 count:1 mapcount:0 mapping:ffff8801d5331840 index:0x0 compound_mapcount: 0
[ 34.919628] flags: 0x2fffc0000008100(slab|head)
[ 34.924299] raw: 02fffc0000008100 ffff8801d5332448 ffff8801d5332448 ffff8801d5331840
[ 34.932178] raw: 0000000000000000 ffff8801bac30040 0000000100000001 0000000000000000
[ 34.940053] page dumped because: kasan: bad access detected
[ 34.945755]
[ 34.947387] Memory state around the buggy address:
[ 34.952313] ffff8801bac2ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 34.959664] ffff8801bac2ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 34.967019] >ffff8801bac30000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 34.974365] ^
[ 34.980593] ffff8801bac30080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 34.987944] ffff8801bac30100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 34.995292] ==================================================================
[ 35.002644] Kernel panic - not syncing: panic_on_warn set ...
[ 35.002644]
[ 35.010011] CPU: 1 PID: 4632 Comm: syz-executor679 Tainted: G B 4.19.0-rc1+ #217
[ 35.018839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 35.028183] Call Trace:
[ 35.030776] dump_stack+0x1c9/0x2b4
[ 35.034403] ? dump_stack_print_info.cold.2+0x52/0x52
[ 35.039594] ? lock_downgrade+0x8f0/0x8f0
[ 35.043742] ? __schedule+0xf54/0x1df0
[ 35.047625] panic+0x238/0x4e7
[ 35.050813] ? add_taint.cold.5+0x16/0x16
[ 35.054961] ? print_shadow_for_address+0xba/0x116
[ 35.059891] ? trace_hardirqs_off+0xaf/0x2b0
[ 35.064293] ? trace_hardirqs_off+0x77/0x2b0
[ 35.068700] ? __schedule+0xf54/0x1df0
[ 35.072589] kasan_end_report+0x47/0x4f
[ 35.076561] kasan_report.cold.7+0x76/0x30d
[ 35.080882] __asan_report_load8_noabort+0x14/0x20
[ 35.085810] __schedule+0xf54/0x1df0
[ 35.089521] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 35.094625] ? __sched_text_start+0x8/0x8
[ 35.098774] ? __call_srcu+0x7e7/0x1040
[ 35.102752] ? check_same_owner+0x340/0x340
[ 35.107071] ? mark_held_locks+0x160/0x160
[ 35.111300] ? find_held_lock+0x36/0x1c0
[ 35.115365] preempt_schedule_common+0x22/0x60
[ 35.119945] _cond_resched+0x1d/0x30
[ 35.123659] wait_for_completion+0xa5/0x8d0
[ 35.127985] ? wait_for_completion_interruptible+0x950/0x950
[ 35.133779] ? __lockdep_init_map+0x105/0x590
[ 35.138274] ? __init_waitqueue_head+0x9e/0x150
[ 35.142940] ? init_wait_entry+0x1c0/0x1c0
[ 35.147177] __synchronize_srcu+0x189/0x240
[ 35.151498] ? call_srcu+0x10/0x10
[ 35.155035] ? rcu_unexpedite_gp+0x20/0x20
[ 35.159273] synchronize_srcu+0x335/0x56f
[ 35.163415] ? lock_downgrade+0x8f0/0x8f0
[ 35.167566] ? synchronize_srcu_expedited+0x20/0x20
[ 35.172582] ? kasan_check_read+0x11/0x20
[ 35.176729] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 35.181311] ? kasan_check_write+0x14/0x20
[ 35.185556] ? do_raw_spin_lock+0xc1/0x200
[ 35.189792] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.195502] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 35.200951] ? kvfree+0x61/0x70
[ 35.204234] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.209247] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.213304] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.217709] ? kvm_arch_sync_events+0x30/0x30
[ 35.222208] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.227743] ? mmu_notifier_unregister+0x474/0x600
[ 35.232666] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.237080] ? kfree+0x111/0x210
[ 35.240452] ? __mmu_notifier_register+0x30/0x30
[ 35.245210] ? __free_pages+0x10a/0x190
[ 35.249182] ? free_unref_page+0x930/0x930
[ 35.253422] kvm_put_kvm+0x73f/0x1060
[ 35.257237] ? kvm_write_guest_cached+0x40/0x40
[ 35.261906] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.266396] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.270889] ? lockdep_hardirqs_on+0x421/0x5c0
[ 35.275496] ? kasan_check_write+0x14/0x20
[ 35.279745] ? do_raw_spin_lock+0xc1/0x200
[ 35.283994] ? kvm_irqfd_release+0xdd/0x120
[ 35.288314] ? kvm_irqfd_release+0xdd/0x120
[ 35.292635] ? kvm_put_kvm+0x1060/0x1060
[ 35.296691] kvm_vm_release+0x42/0x50
[ 35.300488] __fput+0x38a/0xa40
[ 35.303767] ? __alloc_file+0x400/0x400
[ 35.307741] ? check_same_owner+0x340/0x340
[ 35.312061] ? kasan_check_write+0x14/0x20
[ 35.316309] ? do_raw_spin_lock+0xc1/0x200
[ 35.320540] ____fput+0x15/0x20
[ 35.323815] task_work_run+0x1e8/0x2a0
[ 35.327698] ? task_work_cancel+0x240/0x240
[ 35.332032] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.337569] ? switch_task_namespaces+0xa2/0xd0
[ 35.342239] do_exit+0x1ae4/0x26e0
[ 35.345779] ? mm_update_next_owner+0x9a0/0x9a0
[ 35.350457] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 35.354697] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.359709] ? kfree+0x1d7/0x210
[ 35.363074] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 35.367308] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 35.373017] ? is_bpf_text_address+0xd7/0x170
[ 35.377511] ? kernel_text_address+0x79/0xf0
[ 35.381916] ? __kernel_text_address+0xd/0x40
[ 35.386409] ? unwind_get_return_address+0x61/0xa0
[ 35.391347] ? __save_stack_trace+0x8d/0xf0
[ 35.395674] ? save_stack+0xa9/0xd0
[ 35.399296] ? save_stack+0x43/0xd0
[ 35.402919] ? __kasan_slab_free+0x11a/0x170
[ 35.407324] ? kasan_slab_free+0xe/0x10
[ 35.411294] ? putname+0xf2/0x130
[ 35.414747] ? __x64_sys_openat+0x9d/0x100
[ 35.418982] ? do_syscall_64+0x1b9/0x820
[ 35.423038] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.428402] ? trace_hardirqs_off+0xb8/0x2b0
[ 35.432808] ? kasan_check_read+0x11/0x20
[ 35.436954] ? do_raw_spin_unlock+0xa7/0x2f0
[ 35.441372] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.445778] ? initcall_blacklisted+0x9a/0x1e0
[ 35.450360] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 35.455475] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 35.461185] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.466720] ? do_vfs_ioctl+0x201/0x1720
[ 35.470781] ? rcu_is_watching+0x8c/0x150
[ 35.474923] ? trace_hardirqs_on+0xbd/0x2c0
[ 35.479245] ? ioctl_preallocate+0x300/0x300
[ 35.483653] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.489188] ? __fget_light+0x2f7/0x440
[ 35.493160] ? fget_raw+0x20/0x20
[ 35.496610] ? putname+0xf2/0x130
[ 35.500060] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.505077] ? kmem_cache_free+0x246/0x280
[ 35.509309] ? putname+0xf7/0x130
[ 35.512765] do_group_exit+0x177/0x440
[ 35.516647] ? trace_hardirqs_on+0xbd/0x2c0
[ 35.520964] ? __ia32_sys_exit+0x50/0x50
[ 35.525025] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 35.530191] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.535725] ? ksys_ioctl+0x81/0xd0
[ 35.539349] __x64_sys_exit_group+0x3e/0x50
[ 35.543667] do_syscall_64+0x1b9/0x820
[ 35.547554] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 35.552916] ? syscall_return_slowpath+0x5e0/0x5e0
[ 35.557844] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.562682] ? trace_hardirqs_on_caller+0x2b0/0x2b0
[ 35.567695] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 35.572707] ? prepare_exit_to_usermode+0x291/0x3b0
[ 35.577730] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.582575] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.587758] RIP: 0033:0x43ecf8
[ 35.590948] Code: Bad RIP value.
[ 35.594308] RSP: 002b:00007fffd90d99a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 35.602014] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecf8
[ 35.609276] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 35.616542] RBP: 00000000004be5a8 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 35.623809] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[ 35.631081] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[ 35.638357]
[ 35.638363] ======================================================
[ 35.638368] WARNING: possible circular locking dependency detected
[ 35.638372] 4.19.0-rc1+ #217 Not tainted
[ 35.638377] ------------------------------------------------------
[ 35.638382] syz-executor679/4632 is trying to acquire lock:
[ 35.638386] 00000000581a5819 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 35.638401]
[ 35.638405] but task is already holding lock:
[ 35.638408] 0000000012ff142e (report_lock){....}, at: kasan_report+0x8e/0x110
[ 35.638423]
[ 35.638427] which lock already depends on the new lock.
[ 35.638429]
[ 35.638432]
[ 35.638445] the existing dependency chain (in reverse order) is:
[ 35.638448]
[ 35.638450] -> #3 (report_lock){....}:
[ 35.638465] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.638469] kasan_report+0x8e/0x110
[ 35.638473] __asan_report_load8_noabort+0x14/0x20
[ 35.638478] __schedule+0xf54/0x1df0
[ 35.638482] preempt_schedule_common+0x22/0x60
[ 35.638486] _cond_resched+0x1d/0x30
[ 35.638490] wait_for_completion+0xa5/0x8d0
[ 35.638495] __synchronize_srcu+0x189/0x240
[ 35.638499] synchronize_srcu+0x335/0x56f
[ 35.638504] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.638508] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.638512] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.638516] kvm_put_kvm+0x73f/0x1060
[ 35.638520] kvm_vm_release+0x42/0x50
[ 35.638523] __fput+0x38a/0xa40
[ 35.638527] ____fput+0x15/0x20
[ 35.638531] task_work_run+0x1e8/0x2a0
[ 35.638534] do_exit+0x1ae4/0x26e0
[ 35.638538] do_group_exit+0x177/0x440
[ 35.638543] __x64_sys_exit_group+0x3e/0x50
[ 35.638547] do_syscall_64+0x1b9/0x820
[ 35.638554] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.638556]
[ 35.638558] -> #2 (&rq->lock){-.-.}:
[ 35.638573] _raw_spin_lock+0x2a/0x40
[ 35.638577] task_fork_fair+0x93/0x680
[ 35.638580] sched_fork+0x44b/0xbd0
[ 35.638584] copy_process+0x235e/0x7ad0
[ 35.638588] _do_fork+0x1ca/0x1170
[ 35.638592] kernel_thread+0x34/0x40
[ 35.638595] rest_init+0x22/0xe4
[ 35.638599] start_kernel+0x913/0x94e
[ 35.638604] x86_64_start_reservations+0x29/0x2b
[ 35.638608] x86_64_start_kernel+0x76/0x79
[ 35.638612] secondary_startup_64+0xa4/0xb0
[ 35.638614]
[ 35.638616] -> #1 (&p->pi_lock){-.-.}:
[ 35.638634] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.638638] try_to_wake_up+0xd2/0x1250
[ 35.638641] wake_up_process+0x10/0x20
[ 35.638645] __up.isra.1+0x1c0/0x2a0
[ 35.638649] up+0x13c/0x1c0
[ 35.638653] __up_console_sem+0xbe/0x1b0
[ 35.638657] console_unlock+0x506/0x10d0
[ 35.638660] vprintk_emit+0x33a/0x910
[ 35.638664] vprintk_default+0x28/0x30
[ 35.638668] vprintk_func+0x7a/0x117
[ 35.638672] printk+0xa7/0xcf
[ 35.638675] load_umh+0x51/0xbd
[ 35.638679] do_one_initcall+0x127/0x838
[ 35.638683] kernel_init_freeable+0x4bb/0x5ae
[ 35.638689] kernel_init+0x11/0x1b3
[ 35.638693] ret_from_fork+0x3a/0x50
[ 35.638696]
[ 35.638698] -> #0 ((console_sem).lock){-...}:
[ 35.638713] lock_acquire+0x1e4/0x4f0
[ 35.638717] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.638721] down_trylock+0x13/0x70
[ 35.638725] __down_trylock_console_sem+0xae/0x200
[ 35.638729] console_trylock+0x15/0xa0
[ 35.638733] vprintk_emit+0x31f/0x910
[ 35.638737] vprintk_default+0x28/0x30
[ 35.638741] vprintk_func+0x7a/0x117
[ 35.638744] printk+0xa7/0xcf
[ 35.638748] kasan_report+0x9e/0x110
[ 35.638752] __asan_report_load8_noabort+0x14/0x20
[ 35.638756] __schedule+0xf54/0x1df0
[ 35.638761] preempt_schedule_common+0x22/0x60
[ 35.638764] _cond_resched+0x1d/0x30
[ 35.638769] wait_for_completion+0xa5/0x8d0
[ 35.638773] __synchronize_srcu+0x189/0x240
[ 35.638777] synchronize_srcu+0x335/0x56f
[ 35.638782] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.638786] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.638790] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.638794] kvm_put_kvm+0x73f/0x1060
[ 35.638798] kvm_vm_release+0x42/0x50
[ 35.638801] __fput+0x38a/0xa40
[ 35.638805] ____fput+0x15/0x20
[ 35.638809] task_work_run+0x1e8/0x2a0
[ 35.638813] do_exit+0x1ae4/0x26e0
[ 35.638817] do_group_exit+0x177/0x440
[ 35.638821] __x64_sys_exit_group+0x3e/0x50
[ 35.638825] do_syscall_64+0x1b9/0x820
[ 35.638829] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.638832]
[ 35.638836] other info that might help us debug this:
[ 35.638838]
[ 35.638841] Chain exists of:
[ 35.638843] (console_sem).lock --> &rq->lock --> report_lock
[ 35.638862]
[ 35.638866] Possible unsafe locking scenario:
[ 35.638868]
[ 35.638872] CPU0 CPU1
[ 35.638876] ---- ----
[ 35.638879] lock(report_lock);
[ 35.638888] lock(&rq->lock);
[ 35.638898] lock(report_lock);
[ 35.638906] lock((console_sem).lock);
[ 35.638914]
[ 35.638917] *** DEADLOCK ***
[ 35.638919]
[ 35.638924] 2 locks held by syz-executor679/4632:
[ 35.638926] #0: 00000000084196db (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[ 35.638943] #1: 0000000012ff142e (report_lock){....}, at: kasan_report+0x8e/0x110
[ 35.638960]
[ 35.638963] stack backtrace:
[ 35.638969] CPU: 1 PID: 4632 Comm: syz-executor679 Not tainted 4.19.0-rc1+ #217
[ 35.638981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 35.638985] Call Trace:
[ 35.638988] dump_stack+0x1c9/0x2b4
[ 35.638993] ? dump_stack_print_info.cold.2+0x52/0x52
[ 35.638997] ? vprintk_func+0x100/0x117
[ 35.639002] print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[ 35.639006] ? save_trace+0xe0/0x290
[ 35.639010] __lock_acquire+0x3449/0x5020
[ 35.639014] ? mark_held_locks+0x160/0x160
[ 35.639018] ? mark_held_locks+0x160/0x160
[ 35.639022] ? rcu_cleanup_dead_rnp+0x200/0x200
[ 35.639026] ? is_bpf_text_address+0xd7/0x170
[ 35.639030] ? kernel_text_address+0x79/0xf0
[ 35.639035] ? __kernel_text_address+0xd/0x40
[ 35.639039] ? __save_stack_trace+0x8d/0xf0
[ 35.639043] ? add_lock_to_list.isra.27+0x1ec/0x4b0
[ 35.639047] ? save_trace+0x290/0x290
[ 35.639051] ? save_stack_trace+0x1a/0x20
[ 35.639055] ? save_trace+0xe0/0x290
[ 35.639059] ? graph_lock+0x170/0x170
[ 35.639064] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.639067] lock_acquire+0x1e4/0x4f0
[ 35.639071] ? down_trylock+0x13/0x70
[ 35.639075] ? lock_release+0x9f0/0x9f0
[ 35.639079] ? trace_hardirqs_off+0xb8/0x2b0
[ 35.639084] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.639088] ? trace_hardirqs_off+0xb8/0x2b0
[ 35.639091] ? log_store+0x34f/0x4c0
[ 35.639095] ? vprintk_emit+0x31f/0x910
[ 35.639100] _raw_spin_lock_irqsave+0x96/0xc0
[ 35.639103] ? down_trylock+0x13/0x70
[ 35.639107] down_trylock+0x13/0x70
[ 35.639112] __down_trylock_console_sem+0xae/0x200
[ 35.639115] console_trylock+0x15/0xa0
[ 35.639119] vprintk_emit+0x31f/0x910
[ 35.639123] ? wake_up_klogd+0x110/0x110
[ 35.639128] ? run_rebalance_domains+0x4c0/0x4c0
[ 35.639132] ? kasan_check_read+0x11/0x20
[ 35.639136] ? rcu_is_watching+0x8c/0x150
[ 35.639139] ? rcu_pm_notify+0xc0/0xc0
[ 35.639143] ? lock_acquire+0x1e4/0x4f0
[ 35.639147] ? kasan_report+0x8e/0x110
[ 35.639151] ? __schedule+0xf54/0x1df0
[ 35.639155] vprintk_default+0x28/0x30
[ 35.639159] vprintk_func+0x7a/0x117
[ 35.639162] printk+0xa7/0xcf
[ 35.639166] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 35.639171] ? kasan_check_write+0x14/0x20
[ 35.639175] ? do_raw_spin_lock+0xc1/0x200
[ 35.639179] ? do_raw_spin_lock+0xc1/0x200
[ 35.639182] kasan_report+0x9e/0x110
[ 35.639187] __asan_report_load8_noabort+0x14/0x20
[ 35.639191] __schedule+0xf54/0x1df0
[ 35.639195] ? trace_hardirqs_off_caller+0x2b0/0x2b0
[ 35.639199] ? __sched_text_start+0x8/0x8
[ 35.639203] ? __call_srcu+0x7e7/0x1040
[ 35.639207] ? check_same_owner+0x340/0x340
[ 35.639211] ? mark_held_locks+0x160/0x160
[ 35.639215] ? find_held_lock+0x36/0x1c0
[ 35.639220] preempt_schedule_common+0x22/0x60
[ 35.639223] _cond_resched+0x1d/0x30
[ 35.639228] wait_for_completion+0xa5/0x8d0
[ 35.639233] ? wait_for_completion_interruptible+0x950/0x950
[ 35.639237] ? __lockdep_init_map+0x105/0x590
[ 35.639241] ? __init_waitqueue_head+0x9e/0x150
[ 35.639245] ? init_wait_entry+0x1c0/0x1c0
[ 35.639249] __synchronize_srcu+0x189/0x240
[ 35.639253] ? call_srcu+0x10/0x10
[ 35.639257] ? rcu_unexpedite_gp+0x20/0x20
[ 35.639261] synchronize_srcu+0x335/0x56f
[ 35.639265] ? lock_downgrade+0x8f0/0x8f0
[ 35.639270] ? synchronize_srcu_expedited+0x20/0x20
[ 35.639274] ? kasan_check_read+0x11/0x20
[ 35.639278] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 35.639282] ? kasan_check_write+0x14/0x20
[ 35.639286] ? do_raw_spin_lock+0xc1/0x200
[ 35.639291] kvm_page_track_unregister_notifier+0x17d/0x250
[ 35.639296] ? kvm_slot_page_track_remove_page+0x70/0x70
[ 35.639300] ? kvfree+0x61/0x70
[ 35.639304] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.639308] kvm_mmu_uninit_vm+0x1c/0x20
[ 35.639313] kvm_arch_destroy_vm+0x5f2/0x7c0
[ 35.639317] ? kvm_arch_sync_events+0x30/0x30
[ 35.639322] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.639326] ? mmu_notifier_unregister+0x474/0x600
[ 35.639330] ? trace_hardirqs_on+0x2c0/0x2c0
[ 35.639334] ? kfree+0x111/0x210
[ 35.639338] ? __mmu_notifier_register+0x30/0x30
[ 35.639342] ? __free_pages+0x10a/0x190
[ 35.639346] ? free_unref_page+0x930/0x930
[ 35.639350] kvm_put_kvm+0x73f/0x1060
[ 35.639355] ? kvm_write_guest_cached+0x40/0x40
[ 35.639359] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.639363] ? _raw_spin_unlock_irq+0x27/0x70
[ 35.639367] ? lockdep_hardirqs_on+0x421/0x5c0
[ 35.639371] ? kasan_check_write+0x14/0x20
[ 35.639375] ? do_raw_spin_lock+0xc1/0x200
[ 35.639379] ? kvm_irqfd_release+0xdd/0x120
[ 35.639384] ? kvm_irqfd_release+0xdd/0x120
[ 35.639388] ? kvm_put_kvm+0x1060/0x1060
[ 35.639391] kvm_vm_release+0x42/0x50
[ 35.639395] __fput+0x38a/0xa40
[ 35.639399] ? __alloc_file+0x400/0x400
[ 35.639403] ? check_same_owner+0x340/0x340
[ 35.639407] ? kasan_check_write+0x14/0x20
[ 35.639411] ? do_raw_spin_lock+0xc1/0x200
[ 35.639415] ____fput+0x15/0x20
[ 35.639418] task_work_run+0x1e8/0x2a0
[ 35.639423] ? task_work_cancel+0x240/0x240
[ 35.639427] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.639432] ? switch_task_namespaces+0xa2/0xd0
[ 35.639435] do_exit+0x1ae4/0x26e0
[ 35.639446] ? mm_update_next_owner+0x9a0/0x9a0
[ 35.639450] ? kvm_vcpu_ioctl+0x2b5/0x1280
[ 35.639455] ? rcu_read_lock_sched_held+0x108/0x120
[ 35.639458] ? kfree+0x1d7/0x210
[ 35.639462] ? kvm_vcpu_ioctl+0x2ba/0x1280
[ 35.639467] ? kvm_uevent_notify_change.part.32+0x440/0x440
[ 35.639472] ? is_bpf_text_address+0xd7/0x170
[ 35.639474] ?
[ 35.639482] Lost 55 message(s)!
[ 36.711053] Shutting down cpus with NMI
[ 37.769856] Dumping ftrace buffer:
[ 37.773387] (ftrace buffer empty)
[ 37.777075] Kernel Offset: disabled
[ 37.780685] Rebooting in 86400 seconds..