
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   27.061772] audit: type=1800 audit(1543286148.006:21): pid=5838 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.201' (ECDSA) to the list of known hosts.
2018/11/27 02:49:07 parsed 1 programs
syzkaller login: [  827.689857] ld (6003) used greatest stack depth: 15328 bytes left
2018/11/27 02:49:09 executed programs: 0
[  828.153482] IPVS: ftp: loaded support on port[0] = 21
[  828.154005] IPVS: ftp: loaded support on port[0] = 21
[  828.166168] IPVS: ftp: loaded support on port[0] = 21
[  828.176439] IPVS: ftp: loaded support on port[0] = 21
[  828.178679] IPVS: ftp: loaded support on port[0] = 21
[  828.211170] IPVS: ftp: loaded support on port[0] = 21
[  828.955089] bridge0: port 1(bridge_slave_0) entered blocking state
[  828.961990] bridge0: port 1(bridge_slave_0) entered disabled state
[  828.977282] device bridge_slave_0 entered promiscuous mode
[  828.997618] bridge0: port 1(bridge_slave_0) entered blocking state
[  829.010226] bridge0: port 1(bridge_slave_0) entered disabled state
[  829.017474] device bridge_slave_0 entered promiscuous mode
[  829.024202] bridge0: port 1(bridge_slave_0) entered blocking state
[  829.030533] bridge0: port 1(bridge_slave_0) entered disabled state
[  829.038125] device bridge_slave_0 entered promiscuous mode
[  829.065489] bridge0: port 2(bridge_slave_1) entered blocking state
[  829.071832] bridge0: port 2(bridge_slave_1) entered disabled state
[  829.084316] device bridge_slave_1 entered promiscuous mode
[  829.092171] bridge0: port 2(bridge_slave_1) entered blocking state
[  829.098847] bridge0: port 2(bridge_slave_1) entered disabled state
[  829.106797] device bridge_slave_1 entered promiscuous mode
[  829.114460] bridge0: port 1(bridge_slave_0) entered blocking state
[  829.120799] bridge0: port 1(bridge_slave_0) entered disabled state
[  829.128758] device bridge_slave_0 entered promiscuous mode
[  829.136426] bridge0: port 2(bridge_slave_1) entered blocking state
[  829.146717] bridge0: port 2(bridge_slave_1) entered disabled state
[  829.154122] device bridge_slave_1 entered promiscuous mode
[  829.166517] bridge0: port 1(bridge_slave_0) entered blocking state
[  829.172853] bridge0: port 1(bridge_slave_0) entered disabled state
[  829.182034] device bridge_slave_0 entered promiscuous mode
[  829.190125] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  829.201448] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  829.210669] bridge0: port 2(bridge_slave_1) entered blocking state
[  829.220628] bridge0: port 2(bridge_slave_1) entered disabled state
[  829.231083] device bridge_slave_1 entered promiscuous mode
[  829.237896] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  829.247249] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  829.256637] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  829.264190] bridge0: port 2(bridge_slave_1) entered blocking state
[  829.270539] bridge0: port 2(bridge_slave_1) entered disabled state
[  829.285810] device bridge_slave_1 entered promiscuous mode
[  829.292158] bridge0: port 1(bridge_slave_0) entered blocking state
[  829.302196] bridge0: port 1(bridge_slave_0) entered disabled state
[  829.309323] device bridge_slave_0 entered promiscuous mode
[  829.317052] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  829.325514] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  829.344937] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  829.352664] bridge0: port 2(bridge_slave_1) entered blocking state
[  829.369512] bridge0: port 2(bridge_slave_1) entered disabled state
[  829.377058] device bridge_slave_1 entered promiscuous mode
[  829.385133] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  829.392457] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  829.447919] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  829.460578] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  829.471122] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  829.501416] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  829.520674] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  829.534723] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  829.551359] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  829.567531] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  829.576928] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  829.587705] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  829.627456] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  829.645142] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  829.658816] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  829.725219] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  829.785150] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  829.792069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  829.811077] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  829.822692] team0: Port device team_slave_0 added
[  829.836471] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  829.843559] team0: Port device team_slave_0 added
[  829.853441] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  829.865060] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  829.899625] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  829.908816] team0: Port device team_slave_0 added
[  829.915537] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  829.922865] team0: Port device team_slave_0 added
[  829.932113] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  829.943165] team0: Port device team_slave_1 added
[  829.958131] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  829.970157] team0: Port device team_slave_0 added
[  829.979013] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  829.988138] team0: Port device team_slave_1 added
[  829.994497] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  830.001816] team0: Port device team_slave_1 added
[  830.026264] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  830.049089] team0: Port device team_slave_1 added
[  830.056796] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  830.067257] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  830.078424] team0: Port device team_slave_0 added
[  830.091675] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  830.099710] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  830.112631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  830.122454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  830.130518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  830.138779] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  830.146792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  830.154615] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  830.162440] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  830.170159] team0: Port device team_slave_1 added
[  830.175519] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  830.184358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  830.194405] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  830.206316] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  830.213680] team0: Port device team_slave_1 added
[  830.239424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  830.267671] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  830.290050] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  830.297778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  830.309565] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  830.320251] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  830.336242] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  830.345283] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  830.352542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  830.363331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  830.378897] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  830.392722] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  830.400783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  830.408761] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  830.416622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  830.425996] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  830.436557] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  830.444367] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  830.460108] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  830.485018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  830.496438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  830.504345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  830.512042] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  830.519924] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  830.527756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  830.546937] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  830.565404] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  830.572693] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  830.586298] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  830.594868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  830.604984] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  830.612854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  830.628800] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  830.638459] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  830.646743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  830.660391] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  830.675674] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  830.687210] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  830.701147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  830.721182] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  830.735214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  830.747838] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  830.764320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  830.772261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  831.342723] bridge0: port 2(bridge_slave_1) entered blocking state
[  831.349252] bridge0: port 2(bridge_slave_1) entered forwarding state
[  831.356282] bridge0: port 1(bridge_slave_0) entered blocking state
[  831.362659] bridge0: port 1(bridge_slave_0) entered forwarding state
[  831.395328] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  831.410192] bridge0: port 2(bridge_slave_1) entered blocking state
[  831.416620] bridge0: port 2(bridge_slave_1) entered forwarding state
[  831.423277] bridge0: port 1(bridge_slave_0) entered blocking state
[  831.429723] bridge0: port 1(bridge_slave_0) entered forwarding state
[  831.437752] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  831.447662] bridge0: port 2(bridge_slave_1) entered blocking state
[  831.454076] bridge0: port 2(bridge_slave_1) entered forwarding state
[  831.460731] bridge0: port 1(bridge_slave_0) entered blocking state
[  831.467132] bridge0: port 1(bridge_slave_0) entered forwarding state
[  831.476428] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  831.483674] bridge0: port 2(bridge_slave_1) entered blocking state
[  831.490080] bridge0: port 2(bridge_slave_1) entered forwarding state
[  831.496784] bridge0: port 1(bridge_slave_0) entered blocking state
[  831.503167] bridge0: port 1(bridge_slave_0) entered forwarding state
[  831.518826] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  831.538105] bridge0: port 2(bridge_slave_1) entered blocking state
[  831.544520] bridge0: port 2(bridge_slave_1) entered forwarding state
[  831.551184] bridge0: port 1(bridge_slave_0) entered blocking state
[  831.557634] bridge0: port 1(bridge_slave_0) entered forwarding state
[  831.567569] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  831.715635] bridge0: port 2(bridge_slave_1) entered blocking state
[  831.722020] bridge0: port 2(bridge_slave_1) entered forwarding state
[  831.728742] bridge0: port 1(bridge_slave_0) entered blocking state
[  831.735144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  831.746004] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  831.773820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  831.781343] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  831.808902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  831.816654] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  831.823865] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  831.830864] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  834.201507] 8021q: adding VLAN 0 to HW filter on device bond0
[  834.215261] 8021q: adding VLAN 0 to HW filter on device bond0
[  834.235879] 8021q: adding VLAN 0 to HW filter on device bond0
[  834.292534] 8021q: adding VLAN 0 to HW filter on device bond0
[  834.430483] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  834.448318] 8021q: adding VLAN 0 to HW filter on device bond0
[  834.470352] 8021q: adding VLAN 0 to HW filter on device bond0
[  834.489560] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  834.539756] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  834.552996] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  834.668036] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  834.684893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  834.695089] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  834.734889] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  834.768277] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  834.775781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  834.782868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  834.794066] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  834.812811] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  834.825702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  834.832751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  834.860643] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  834.871767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  834.880125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  834.934450] 8021q: adding VLAN 0 to HW filter on device team0
[  835.025139] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  835.031446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  835.039587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  835.080462] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  835.092181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  835.105363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  835.130773] 8021q: adding VLAN 0 to HW filter on device team0
[  835.148369] 8021q: adding VLAN 0 to HW filter on device team0
[  835.167639] 8021q: adding VLAN 0 to HW filter on device team0
[  835.315022] 8021q: adding VLAN 0 to HW filter on device team0
[  835.351698] 8021q: adding VLAN 0 to HW filter on device team0
[  836.492100] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
2018/11/27 02:49:17 executed programs: 6
2018/11/27 02:49:22 executed programs: 123
2018/11/27 02:49:27 executed programs: 254
2018/11/27 02:49:32 executed programs: 380
2018/11/27 02:49:37 executed programs: 514
2018/11/27 02:49:42 executed programs: 640
2018/11/27 02:49:48 executed programs: 770
2018/11/27 02:49:53 executed programs: 901
2018/11/27 02:49:58 executed programs: 1027
2018/11/27 02:50:03 executed programs: 1155
2018/11/27 02:50:08 executed programs: 1285
2018/11/27 02:50:13 executed programs: 1412
2018/11/27 02:50:18 executed programs: 1539
2018/11/27 02:50:23 executed programs: 1662
2018/11/27 02:50:28 executed programs: 1784
2018/11/27 02:50:33 executed programs: 1912
2018/11/27 02:50:38 executed programs: 2037
2018/11/27 02:50:43 executed programs: 2163
2018/11/27 02:50:48 executed programs: 2292
2018/11/27 02:50:53 executed programs: 2418
2018/11/27 02:50:58 executed programs: 2543
2018/11/27 02:51:03 executed programs: 2665
2018/11/27 02:51:08 executed programs: 2793
2018/11/27 02:51:13 executed programs: 2920
2018/11/27 02:51:18 executed programs: 3046
2018/11/27 02:51:23 executed programs: 3168
2018/11/27 02:51:28 executed programs: 3289
2018/11/27 02:51:33 executed programs: 3413
2018/11/27 02:51:38 executed programs: 3538
2018/11/27 02:51:43 executed programs: 3657
2018/11/27 02:51:48 executed programs: 3781
2018/11/27 02:51:53 executed programs: 3904
2018/11/27 02:51:58 executed programs: 4024
2018/11/27 02:52:03 executed programs: 4145
2018/11/27 02:52:09 executed programs: 4265
2018/11/27 02:52:14 executed programs: 4391
2018/11/27 02:52:19 executed programs: 4516
2018/11/27 02:52:24 executed programs: 4639
[ 1024.547975] ==================================================================
[ 1024.558768] BUG: KASAN: use-after-free in kvm_write_guest_offset_cached+0x693/0x6b0
[ 1024.566563] Read of size 8 at addr ffff8801b9363778 by task syz-executor1/30438
[ 1024.573994] 
[ 1024.575637] CPU: 1 PID: 30438 Comm: syz-executor1 Not tainted 4.20.0-rc1-next-20181109+ #110
[ 1024.584203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1024.593549] Call Trace:
[ 1024.596134]  dump_stack+0x244/0x39d
[ 1024.599764]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 1024.604950]  ? printk+0xa7/0xcf
[ 1024.608227]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 1024.612995]  print_address_description.cold.7+0x9/0x1ff
[ 1024.618358]  kasan_report.cold.8+0x242/0x309
[ 1024.622772]  ? kvm_write_guest_offset_cached+0x693/0x6b0
[ 1024.628221]  __asan_report_load8_noabort+0x14/0x20
[ 1024.633154]  kvm_write_guest_offset_cached+0x693/0x6b0
[ 1024.638435]  ? kvm_get_dirty_log_protect+0x780/0x780
[ 1024.643541]  ? check_preemption_disabled+0x48/0x280
[ 1024.648567]  ? vmx_read_guest_seg_ar+0x21c/0x270
[ 1024.653331]  kvm_arch_vcpu_put+0x365/0x420
[ 1024.657573]  kvm_sched_out+0x91/0xb0
[ 1024.661289]  __schedule+0x11ca/0x21d0
[ 1024.665095]  ? __sched_text_start+0x8/0x8
[ 1024.669257]  ? mark_held_locks+0xc7/0x130
[ 1024.673410]  ? preempt_schedule_irq+0x90/0x140
[ 1024.677991]  ? preempt_schedule_irq+0x90/0x140
[ 1024.682573]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1024.687153]  ? trace_hardirqs_on+0xbd/0x310
[ 1024.691474]  ? retint_kernel+0x1b/0x2d
[ 1024.695359]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1024.700468]  preempt_schedule_irq+0xb9/0x140
[ 1024.704878]  retint_kernel+0x1b/0x2d
[ 1024.708599] RIP: 0010:__kvm_gfn_to_hva_cache_init+0x2ed/0xd10
[ 1024.714484] Code: 3c 02 00 0f 85 0d 0a 00 00 4d 03 6c 24 08 48 89 df 4c 89 ee e8 04 16 78 00 4c 39 eb 0f 82 6e 01 00 00 45 31 ed e8 43 15 78 00 <44> 89 fe 44 89 ef e8 c8 15 78 00 45 39 fd 0f 8d cf 00 00 00 e8 2a
[ 1024.733382] RSP: 0018:ffff8801cbfee970 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 1024.741088] RAX: ffff8801b9a4c280 RBX: 0000000000000000 RCX: ffffffff8107942f
[ 1024.748351] RDX: 0000000000000000 RSI: ffffffff8107936d RDI: 0000000000000006
[ 1024.755618] RBP: ffff8801cbfeeb60 R08: ffff8801b9a4c280 R09: ffffed00342bb209
[ 1024.762885] R10: ffffed00342bb209 R11: ffff8801a15d904b R12: 0000000000000017
[ 1024.770148] R13: 0000000000000017 R14: 0000000000000016 R15: 0000000000000017
[ 1024.777429]  ? __kvm_gfn_to_hva_cache_init+0x3af/0xd10
[ 1024.782714]  ? __kvm_gfn_to_hva_cache_init+0x2ed/0xd10
[ 1024.788001]  ? install_new_memslots+0x4b0/0x4b0
[ 1024.792672]  ? graph_lock+0x270/0x270
[ 1024.796489]  ? mark_held_locks+0x130/0x130
[ 1024.800735]  ? __lock_is_held+0xb5/0x140
[ 1024.804805]  kvm_gfn_to_hva_cache_init+0x15a/0x340
[ 1024.809739]  ? __kvm_gfn_to_hva_cache_init+0xd10/0xd10
[ 1024.815025]  ? save_stack+0xa9/0xd0
[ 1024.818649]  ? save_stack+0x43/0xd0
[ 1024.822281]  kvm_set_msr_common+0x1a0c/0x2670
[ 1024.826773]  ? graph_lock+0x270/0x270
[ 1024.830577]  ? kvm_write_tsc+0x1480/0x1480
[ 1024.834809]  ? find_held_lock+0x36/0x1c0
[ 1024.838869]  ? find_held_lock+0x36/0x1c0
[ 1024.842936]  ? __might_fault+0x12b/0x1e0
[ 1024.846996]  ? lock_downgrade+0x900/0x900
[ 1024.851146]  vmx_set_msr+0x759/0x1f90
[ 1024.854950]  kvm_set_msr+0x18a/0x370
[ 1024.858662]  do_set_msr+0x10d/0x1a0
[ 1024.862294]  ? do_get_msr+0x1e0/0x1e0
[ 1024.866095]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1024.871637]  msr_io+0x222/0x380
[ 1024.874916]  ? do_get_msr+0x1e0/0x1e0
[ 1024.878728]  ? kvm_get_msr_common+0x13b0/0x13b0
[ 1024.883398]  ? check_preemption_disabled+0x48/0x280
[ 1024.888420]  kvm_arch_vcpu_ioctl+0x961/0x3b00
[ 1024.892917]  ? kvm_arch_vcpu_ioctl+0x90f/0x3b00
[ 1024.897591]  ? kvm_arch_vcpu_put+0x420/0x420
[ 1024.902008]  ? mark_held_locks+0x130/0x130
[ 1024.906292]  ? lock_acquire+0x1ed/0x520
[ 1024.910268]  ? kvm_vcpu_ioctl+0x1e5/0x1150
[ 1024.914508]  ? lock_release+0xa10/0xa10
[ 1024.918478]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1024.923942]  ? __mutex_lock+0x85e/0x16f0
[ 1024.928031]  ? kvm_vcpu_ioctl+0x1e5/0x1150
[ 1024.932270]  ? mutex_trylock+0x2b0/0x2b0
[ 1024.936335]  ? __lock_acquire+0x62f/0x4c20
[ 1024.940593]  ? __lock_acquire+0x62f/0x4c20
[ 1024.944834]  ? mark_held_locks+0x130/0x130
[ 1024.949071]  kvm_vcpu_ioctl+0x278/0x1150
[ 1024.953263]  ? kvm_uevent_notify_change.part.32+0x450/0x450
[ 1024.958976]  ? find_held_lock+0x36/0x1c0
[ 1024.963078]  ? __fget+0x4aa/0x740
[ 1024.966541]  ? lock_downgrade+0x900/0x900
[ 1024.970688]  ? check_preemption_disabled+0x48/0x280
[ 1024.975727]  ? kasan_check_read+0x11/0x20
[ 1024.979874]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1024.985152]  ? rcu_read_unlock_special+0x370/0x370
[ 1024.990084]  ? __fget+0x4d1/0x740
[ 1024.993541]  ? ksys_dup3+0x680/0x680
[ 1024.997257]  ? __might_fault+0x12b/0x1e0
[ 1025.001321]  ? lock_downgrade+0x900/0x900
[ 1025.005474]  ? lock_release+0xa10/0xa10
[ 1025.009445]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1025.014897]  ? kvm_uevent_notify_change.part.32+0x450/0x450
[ 1025.020604]  do_vfs_ioctl+0x1de/0x1790
[ 1025.024532]  ? ioctl_preallocate+0x300/0x300
[ 1025.028943]  ? __fget_light+0x2e9/0x430
[ 1025.032916]  ? fget_raw+0x20/0x20
[ 1025.036364]  ? _copy_to_user+0xc8/0x110
[ 1025.040355]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1025.045935]  ? put_timespec64+0x10f/0x1b0
[ 1025.050090]  ? finish_task_switch+0x1f4/0x920
[ 1025.054588]  ? nsecs_to_jiffies+0x30/0x30
[ 1025.058737]  ? do_syscall_64+0x9a/0x820
[ 1025.062719]  ? do_syscall_64+0x9a/0x820
[ 1025.066706]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1025.071341]  ? security_file_ioctl+0x94/0xc0
[ 1025.075755]  ksys_ioctl+0xa9/0xd0
[ 1025.079212]  __x64_sys_ioctl+0x73/0xb0
[ 1025.083572]  do_syscall_64+0x1b9/0x820
[ 1025.087466]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 1025.092828]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1025.097762]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1025.102783]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 1025.107839]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[ 1025.114508]  ? __switch_to_asm+0x40/0x70
[ 1025.118568]  ? __switch_to_asm+0x34/0x70
[ 1025.122631]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1025.127479]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1025.132664] RIP: 0033:0x457569
[ 1025.135867] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1025.154763] RSP: 002b:00007fc292e62c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1025.162466] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[ 1025.169736] RDX: 0000000020000280 RSI: 000000004008ae89 RDI: 0000000000000005
[ 1025.177000] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000
[ 1025.184267] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc292e636d4
[ 1025.191532] R13: 00000000004bff9d R14: 00000000004d0970 R15: 00000000ffffffff
[ 1025.198804] 
[ 1025.200498] Allocated by task 30427:
[ 1025.204223]  save_stack+0x43/0xd0
[ 1025.207678]  kasan_kmalloc+0xc7/0xe0
[ 1025.211400]  __kmalloc_node+0x50/0x70
[ 1025.215241]  kvmalloc_node+0xb9/0xf0
[ 1025.218958]  __kvm_set_memory_region+0x116e/0x2d50
[ 1025.223886]  kvm_set_memory_region+0x2e/0x50
[ 1025.228296]  kvm_vm_ioctl+0x652/0x1d60
[ 1025.232180]  do_vfs_ioctl+0x1de/0x1790
[ 1025.236062]  ksys_ioctl+0xa9/0xd0
[ 1025.239514]  __x64_sys_ioctl+0x73/0xb0
[ 1025.243398]  do_syscall_64+0x1b9/0x820
[ 1025.247287]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1025.252465] 
[ 1025.254086] Freed by task 30427:
[ 1025.257450]  save_stack+0x43/0xd0
[ 1025.260900]  __kasan_slab_free+0x102/0x150
[ 1025.265140]  kasan_slab_free+0xe/0x10
[ 1025.268938]  kfree+0xcf/0x230
[ 1025.272043]  kvfree+0x61/0x70
[ 1025.275151]  __kvm_set_memory_region+0x1cb3/0x2d50
[ 1025.280078]  kvm_set_memory_region+0x2e/0x50
[ 1025.284482]  kvm_vm_ioctl+0x652/0x1d60
[ 1025.288364]  do_vfs_ioctl+0x1de/0x1790
[ 1025.292251]  ksys_ioctl+0xa9/0xd0
[ 1025.295706]  __x64_sys_ioctl+0x73/0xb0
[ 1025.299591]  do_syscall_64+0x1b9/0x820
[ 1025.303477]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1025.308666] 
[ 1025.310298] The buggy address belongs to the object at ffff8801b9363080
[ 1025.310298]  which belongs to the cache kmalloc-64k of size 65536
[ 1025.323131] The buggy address is located 1784 bytes inside of
[ 1025.323131]  65536-byte region [ffff8801b9363080, ffff8801b9373080)
[ 1025.335258] The buggy address belongs to the page:
[ 1025.340183] page:ffffea0006e4d800 count:1 mapcount:0 mapping:ffff8801da802500 index:0x0 compound_mapcount: 0
[ 1025.350145] flags: 0x2fffc0000010200(slab|head)
[ 1025.354820] raw: 02fffc0000010200 ffffea0006906808 ffffea0007034808 ffff8801da802500
[ 1025.362709] raw: 0000000000000000 ffff8801b9363080 0000000100000001 0000000000000000
[ 1025.370579] page dumped because: kasan: bad access detected
[ 1025.376281] 
[ 1025.377903] Memory state around the buggy address:
[ 1025.382831]  ffff8801b9363600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1025.390190]  ffff8801b9363680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1025.397546] >ffff8801b9363700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1025.404898]                                                                 ^
[ 1025.412165]  ffff8801b9363780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1025.419519]  ffff8801b9363800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1025.426867] ==================================================================
[ 1025.434216] Kernel panic - not syncing: panic_on_warn set ...
[ 1025.440109] CPU: 1 PID: 30438 Comm: syz-executor1 Tainted: G    B             4.20.0-rc1-next-20181109+ #110
[ 1025.450063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1025.459407] Call Trace:
[ 1025.462002]  dump_stack+0x244/0x39d
[ 1025.465636]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 1025.470836]  panic+0x2ad/0x55c
[ 1025.474029]  ? add_taint.cold.5+0x16/0x16
[ 1025.478182]  ? print_shadow_for_address+0xb6/0x116
[ 1025.483113]  ? trace_hardirqs_off+0xaf/0x310
[ 1025.487529]  kasan_end_report+0x47/0x4f
[ 1025.491501]  kasan_report.cold.8+0x76/0x309
[ 1025.495827]  ? kvm_write_guest_offset_cached+0x693/0x6b0
[ 1025.501277]  __asan_report_load8_noabort+0x14/0x20
[ 1025.506207]  kvm_write_guest_offset_cached+0x693/0x6b0
[ 1025.511491]  ? kvm_get_dirty_log_protect+0x780/0x780
[ 1025.516609]  ? check_preemption_disabled+0x48/0x280
[ 1025.521629]  ? vmx_read_guest_seg_ar+0x21c/0x270
[ 1025.526391]  kvm_arch_vcpu_put+0x365/0x420
[ 1025.530631]  kvm_sched_out+0x91/0xb0
[ 1025.534348]  __schedule+0x11ca/0x21d0
[ 1025.538156]  ? __sched_text_start+0x8/0x8
[ 1025.542307]  ? mark_held_locks+0xc7/0x130
[ 1025.546453]  ? preempt_schedule_irq+0x90/0x140
[ 1025.551031]  ? preempt_schedule_irq+0x90/0x140
[ 1025.555612]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1025.560195]  ? trace_hardirqs_on+0xbd/0x310
[ 1025.564520]  ? retint_kernel+0x1b/0x2d
[ 1025.568411]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1025.573521]  preempt_schedule_irq+0xb9/0x140
[ 1025.577931]  retint_kernel+0x1b/0x2d
[ 1025.581645] RIP: 0010:__kvm_gfn_to_hva_cache_init+0x2ed/0xd10
[ 1025.587530] Code: 3c 02 00 0f 85 0d 0a 00 00 4d 03 6c 24 08 48 89 df 4c 89 ee e8 04 16 78 00 4c 39 eb 0f 82 6e 01 00 00 45 31 ed e8 43 15 78 00 <44> 89 fe 44 89 ef e8 c8 15 78 00 45 39 fd 0f 8d cf 00 00 00 e8 2a
[ 1025.606425] RSP: 0018:ffff8801cbfee970 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 1025.614130] RAX: ffff8801b9a4c280 RBX: 0000000000000000 RCX: ffffffff8107942f
[ 1025.621394] RDX: 0000000000000000 RSI: ffffffff8107936d RDI: 0000000000000006
[ 1025.628658] RBP: ffff8801cbfeeb60 R08: ffff8801b9a4c280 R09: ffffed00342bb209
[ 1025.635928] R10: ffffed00342bb209 R11: ffff8801a15d904b R12: 0000000000000017
[ 1025.643196] R13: 0000000000000017 R14: 0000000000000016 R15: 0000000000000017
[ 1025.650477]  ? __kvm_gfn_to_hva_cache_init+0x3af/0xd10
[ 1025.655755]  ? __kvm_gfn_to_hva_cache_init+0x2ed/0xd10
[ 1025.661042]  ? install_new_memslots+0x4b0/0x4b0
[ 1025.665718]  ? graph_lock+0x270/0x270
[ 1025.669522]  ? mark_held_locks+0x130/0x130
[ 1025.673760]  ? __lock_is_held+0xb5/0x140
[ 1025.677829]  kvm_gfn_to_hva_cache_init+0x15a/0x340
[ 1025.682760]  ? __kvm_gfn_to_hva_cache_init+0xd10/0xd10
[ 1025.688043]  ? save_stack+0xa9/0xd0
[ 1025.691670]  ? save_stack+0x43/0xd0
[ 1025.695308]  kvm_set_msr_common+0x1a0c/0x2670
[ 1025.699803]  ? graph_lock+0x270/0x270
[ 1025.703604]  ? kvm_write_tsc+0x1480/0x1480
[ 1025.707839]  ? find_held_lock+0x36/0x1c0
[ 1025.711902]  ? find_held_lock+0x36/0x1c0
[ 1025.715971]  ? __might_fault+0x12b/0x1e0
[ 1025.720035]  ? lock_downgrade+0x900/0x900
[ 1025.724190]  vmx_set_msr+0x759/0x1f90
[ 1025.727997]  kvm_set_msr+0x18a/0x370
[ 1025.731716]  do_set_msr+0x10d/0x1a0
[ 1025.735345]  ? do_get_msr+0x1e0/0x1e0
[ 1025.739148]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1025.744690]  msr_io+0x222/0x380
[ 1025.747993]  ? do_get_msr+0x1e0/0x1e0
[ 1025.751793]  ? kvm_get_msr_common+0x13b0/0x13b0
[ 1025.756482]  ? check_preemption_disabled+0x48/0x280
[ 1025.761503]  kvm_arch_vcpu_ioctl+0x961/0x3b00
[ 1025.766001]  ? kvm_arch_vcpu_ioctl+0x90f/0x3b00
[ 1025.770680]  ? kvm_arch_vcpu_put+0x420/0x420
[ 1025.775103]  ? mark_held_locks+0x130/0x130
[ 1025.779379]  ? lock_acquire+0x1ed/0x520
[ 1025.783354]  ? kvm_vcpu_ioctl+0x1e5/0x1150
[ 1025.787594]  ? lock_release+0xa10/0xa10
[ 1025.791569]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1025.797027]  ? __mutex_lock+0x85e/0x16f0
[ 1025.801092]  ? kvm_vcpu_ioctl+0x1e5/0x1150
[ 1025.805334]  ? mutex_trylock+0x2b0/0x2b0
[ 1025.809405]  ? __lock_acquire+0x62f/0x4c20
[ 1025.813664]  ? __lock_acquire+0x62f/0x4c20
[ 1025.817913]  ? mark_held_locks+0x130/0x130
[ 1025.822151]  kvm_vcpu_ioctl+0x278/0x1150
[ 1025.826215]  ? kvm_uevent_notify_change.part.32+0x450/0x450
[ 1025.831934]  ? find_held_lock+0x36/0x1c0
[ 1025.835996]  ? __fget+0x4aa/0x740
[ 1025.839454]  ? lock_downgrade+0x900/0x900
[ 1025.843600]  ? check_preemption_disabled+0x48/0x280
[ 1025.848620]  ? kasan_check_read+0x11/0x20
[ 1025.852772]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1025.858048]  ? rcu_read_unlock_special+0x370/0x370
[ 1025.862983]  ? __fget+0x4d1/0x740
[ 1025.866441]  ? ksys_dup3+0x680/0x680
[ 1025.870158]  ? __might_fault+0x12b/0x1e0
[ 1025.874219]  ? lock_downgrade+0x900/0x900
[ 1025.878370]  ? lock_release+0xa10/0xa10
[ 1025.882342]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1025.887801]  ? kvm_uevent_notify_change.part.32+0x450/0x450
[ 1025.893514]  do_vfs_ioctl+0x1de/0x1790
[ 1025.897405]  ? ioctl_preallocate+0x300/0x300
[ 1025.901811]  ? __fget_light+0x2e9/0x430
[ 1025.905785]  ? fget_raw+0x20/0x20
[ 1025.909235]  ? _copy_to_user+0xc8/0x110
[ 1025.913224]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1025.918802]  ? put_timespec64+0x10f/0x1b0
[ 1025.922952]  ? finish_task_switch+0x1f4/0x920
[ 1025.927449]  ? nsecs_to_jiffies+0x30/0x30
[ 1025.931601]  ? do_syscall_64+0x9a/0x820
[ 1025.935579]  ? do_syscall_64+0x9a/0x820
[ 1025.939556]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1025.944144]  ? security_file_ioctl+0x94/0xc0
[ 1025.948555]  ksys_ioctl+0xa9/0xd0
[ 1025.952010]  __x64_sys_ioctl+0x73/0xb0
[ 1025.955901]  do_syscall_64+0x1b9/0x820
[ 1025.959792]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 1025.965155]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1025.970085]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1025.975105]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 1025.980122]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[ 1025.986794]  ? __switch_to_asm+0x40/0x70
[ 1025.990852]  ? __switch_to_asm+0x34/0x70
[ 1025.994916]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1025.999763]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1026.004952] RIP: 0033:0x457569
[ 1026.008146] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1026.027042] RSP: 002b:00007fc292e62c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1026.034747] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[ 1026.042011] RDX: 0000000020000280 RSI: 000000004008ae89 RDI: 0000000000000005
[ 1026.049281] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000
[ 1026.056547] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc292e636d4
[ 1026.063819] R13: 00000000004bff9d R14: 00000000004d0970 R15: 00000000ffffffff
[ 1026.071100] 
[ 1026.071107] ======================================================
[ 1026.071113] WARNING: possible circular locking dependency detected
[ 1026.071118] 4.20.0-rc1-next-20181109+ #110 Not tainted
[ 1026.071124] ------------------------------------------------------
[ 1026.071130] syz-executor1/30438 is trying to acquire lock:
[ 1026.071134] 0000000092caf87b ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70
[ 1026.071150] 
[ 1026.071155] but task is already holding lock:
[ 1026.071159] 00000000ba4aee37 (report_lock){....}, at: kasan_report+0x8b/0x110
[ 1026.071175] 
[ 1026.071180] which lock already depends on the new lock.
[ 1026.071183] 
[ 1026.071186] 
[ 1026.071191] the existing dependency chain (in reverse order) is:
[ 1026.071194] 
[ 1026.071197] -> #3 (report_lock){....}:
[ 1026.071213]        _raw_spin_lock_irqsave+0x99/0xd0
[ 1026.071217]        kasan_report+0x8b/0x110
[ 1026.071223]        __asan_report_load8_noabort+0x14/0x20
[ 1026.071228]        kvm_write_guest_offset_cached+0x693/0x6b0
[ 1026.071233]        kvm_arch_vcpu_put+0x365/0x420
[ 1026.071242]        kvm_sched_out+0x91/0xb0
[ 1026.071247]        __schedule+0x11ca/0x21d0
[ 1026.071251]        preempt_schedule_irq+0xb9/0x140
[ 1026.071256]        retint_kernel+0x1b/0x2d
[ 1026.071261]        __kvm_gfn_to_hva_cache_init+0x2ed/0xd10
[ 1026.071266]        kvm_gfn_to_hva_cache_init+0x15a/0x340
[ 1026.071271]        kvm_set_msr_common+0x1a0c/0x2670
[ 1026.071276]        vmx_set_msr+0x759/0x1f90
[ 1026.071280]        kvm_set_msr+0x18a/0x370
[ 1026.071285]        do_set_msr+0x10d/0x1a0
[ 1026.071289]        msr_io+0x222/0x380
[ 1026.071294]        kvm_arch_vcpu_ioctl+0x961/0x3b00
[ 1026.071298]        kvm_vcpu_ioctl+0x278/0x1150
[ 1026.071303]        do_vfs_ioctl+0x1de/0x1790
[ 1026.071307]        ksys_ioctl+0xa9/0xd0
[ 1026.071312]        __x64_sys_ioctl+0x73/0xb0
[ 1026.071316]        do_syscall_64+0x1b9/0x820
[ 1026.071322]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1026.071324] 
[ 1026.071327] -> #2 (&rq->lock){-.-.}:
[ 1026.071343]        _raw_spin_lock+0x2d/0x40
[ 1026.071347]        task_fork_fair+0xb0/0x6d0
[ 1026.071352]        sched_fork+0x443/0xba0
[ 1026.071356]        copy_process+0x25b9/0x8790
[ 1026.071361]        _do_fork+0x1cb/0x11c0
[ 1026.071365]        kernel_thread+0x34/0x40
[ 1026.071369]        rest_init+0x28/0x372
[ 1026.071374]        arch_call_rest_init+0xe/0x1b
[ 1026.071379]        start_kernel+0x9f0/0xa2b
[ 1026.071384]        x86_64_start_reservations+0x2e/0x30
[ 1026.071388]        x86_64_start_kernel+0x76/0x79
[ 1026.071393]        secondary_startup_64+0xa4/0xb0
[ 1026.071396] 
[ 1026.071399] -> #1 (&p->pi_lock){-.-.}:
[ 1026.071415]        _raw_spin_lock_irqsave+0x99/0xd0
[ 1026.071419]        try_to_wake_up+0xdc/0x1490
[ 1026.071424]        wake_up_process+0x10/0x20
[ 1026.071429]        __up.isra.1+0x1c0/0x2a0
[ 1026.071433]        up+0x13c/0x1c0
[ 1026.071437]        __up_console_sem+0xbe/0x1b0
[ 1026.071442]        console_unlock+0x80c/0x1190
[ 1026.071447]        vprintk_emit+0x391/0x990
[ 1026.071451]        vprintk_default+0x28/0x30
[ 1026.071456]        vprintk_func+0x7e/0x181
[ 1026.071460]        printk+0xa7/0xcf
[ 1026.071464]        do_exit.cold.18+0x71/0x16f
[ 1026.071469]        do_group_exit+0x177/0x440
[ 1026.071474]        __x64_sys_exit_group+0x3e/0x50
[ 1026.071478]        do_syscall_64+0x1b9/0x820
[ 1026.071484]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1026.071486] 
[ 1026.071489] -> #0 ((console_sem).lock){-.-.}:
[ 1026.071505]        lock_acquire+0x1ed/0x520
[ 1026.071510]        _raw_spin_lock_irqsave+0x99/0xd0
[ 1026.071514]        down_trylock+0x13/0x70
[ 1026.071520]        __down_trylock_console_sem+0xae/0x1f0
[ 1026.071524]        console_trylock+0x15/0xa0
[ 1026.071529]        vprintk_emit+0x372/0x990
[ 1026.071533]        vprintk_default+0x28/0x30
[ 1026.071538]        vprintk_func+0x7e/0x181
[ 1026.071542]        printk+0xa7/0xcf
[ 1026.071546]        kasan_report+0x9b/0x110
[ 1026.071551]        __asan_report_load8_noabort+0x14/0x20
[ 1026.071557]        kvm_write_guest_offset_cached+0x693/0x6b0
[ 1026.071561]        kvm_arch_vcpu_put+0x365/0x420
[ 1026.071566]        kvm_sched_out+0x91/0xb0
[ 1026.071570]        __schedule+0x11ca/0x21d0
[ 1026.071575]        preempt_schedule_irq+0xb9/0x140
[ 1026.071580]        retint_kernel+0x1b/0x2d
[ 1026.071585]        __kvm_gfn_to_hva_cache_init+0x2ed/0xd10
[ 1026.071590]        kvm_gfn_to_hva_cache_init+0x15a/0x340
[ 1026.071595]        kvm_set_msr_common+0x1a0c/0x2670
[ 1026.071600]        vmx_set_msr+0x759/0x1f90
[ 1026.071604]        kvm_set_msr+0x18a/0x370
[ 1026.071608]        do_set_msr+0x10d/0x1a0
[ 1026.071613]        msr_io+0x222/0x380
[ 1026.071618]        kvm_arch_vcpu_ioctl+0x961/0x3b00
[ 1026.071622]        kvm_vcpu_ioctl+0x278/0x1150
[ 1026.071627]        do_vfs_ioctl+0x1de/0x1790
[ 1026.071631]        ksys_ioctl+0xa9/0xd0
[ 1026.071636]        __x64_sys_ioctl+0x73/0xb0
[ 1026.071640]        do_syscall_64+0x1b9/0x820
[ 1026.071646]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1026.071648] 
[ 1026.071653] other info that might help us debug this:
[ 1026.071656] 
[ 1026.071660] Chain exists of:
[ 1026.071662]   (console_sem).lock --> &rq->lock --> report_lock
[ 1026.071682] 
[ 1026.071687]  Possible unsafe locking scenario:
[ 1026.071689] 
[ 1026.071703]        CPU0                    CPU1
[ 1026.071707]        ----                    ----
[ 1026.071710]   lock(report_lock);
[ 1026.071721]                                lock(&rq->lock);
[ 1026.071731]                                lock(report_lock);
[ 1026.071739]   lock((console_sem).lock);
[ 1026.071748] 
[ 1026.071752]  *** DEADLOCK ***
[ 1026.071754] 
[ 1026.071759] 5 locks held by syz-executor1/30438:
[ 1026.071762]  #0: 0000000026c76cec (&vcpu->mutex){+.+.}, at: kvm_vcpu_ioctl+0x1e5/0x1150
[ 1026.071781]  #1: 00000000ccc20bcc (&kvm->srcu){....}, at: kvm_arch_vcpu_ioctl+0x90f/0x3b00
[ 1026.071800]  #2: 00000000464a9437 (&rq->lock){-.-.}, at: __schedule+0x236/0x21d0
[ 1026.071819]  #3: 00000000ccc20bcc (&kvm->srcu){....}, at: kvm_arch_vcpu_put+0x136/0x420
[ 1026.071838]  #4: 00000000ba4aee37 (report_lock){....}, at: kasan_report+0x8b/0x110
[ 1026.071856] 
[ 1026.071860] stack backtrace:
[ 1026.071868] CPU: 1 PID: 30438 Comm: syz-executor1 Not tainted 4.20.0-rc1-next-20181109+ #110
[ 1026.071876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1026.071879] Call Trace:
[ 1026.071884]  dump_stack+0x244/0x39d
[ 1026.071889]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 1026.071894]  ? vprintk_func+0x85/0x181
[ 1026.071899]  print_circular_bug.isra.35.cold.56+0x1bd/0x27d
[ 1026.071904]  ? save_trace+0xe0/0x290
[ 1026.071908]  __lock_acquire+0x3399/0x4c20
[ 1026.071913]  ? mark_held_locks+0x130/0x130
[ 1026.071918]  ? mark_held_locks+0x130/0x130
[ 1026.071922]  ? rcu_softirq_qs+0x20/0x20
[ 1026.071927]  ? unwind_dump+0x190/0x190
[ 1026.071932]  ? is_bpf_text_address+0xd3/0x170
[ 1026.071937]  ? kernel_text_address+0x79/0xf0
[ 1026.071942]  ? __kernel_text_address+0xd/0x40
[ 1026.071946]  ? __save_stack_trace+0x8d/0xf0
[ 1026.071952]  ? add_lock_to_list.isra.28+0x1ec/0x4c0
[ 1026.071956]  ? save_trace+0x290/0x290
[ 1026.071961]  ? save_stack_trace+0x1a/0x20
[ 1026.071965]  ? save_trace+0xe0/0x290
[ 1026.071970]  ? graph_lock+0x270/0x270
[ 1026.071975]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1026.071980]  lock_acquire+0x1ed/0x520
[ 1026.071984]  ? down_trylock+0x13/0x70
[ 1026.071989]  ? lock_release+0xa10/0xa10
[ 1026.071994]  ? trace_hardirqs_off+0xb8/0x310
[ 1026.071998]  ? vprintk_emit+0x1de/0x990
[ 1026.072003]  ? trace_hardirqs_on+0x310/0x310
[ 1026.072008]  ? trace_hardirqs_off+0xb8/0x310
[ 1026.072012]  ? log_store+0x344/0x4c0
[ 1026.072017]  ? vprintk_emit+0x372/0x990
[ 1026.072022]  _raw_spin_lock_irqsave+0x99/0xd0
[ 1026.072026]  ? down_trylock+0x13/0x70
[ 1026.072030]  down_trylock+0x13/0x70
[ 1026.072036]  __down_trylock_console_sem+0xae/0x1f0
[ 1026.072040]  console_trylock+0x15/0xa0
[ 1026.072044]  vprintk_emit+0x372/0x990
[ 1026.072049]  ? wake_up_klogd+0x180/0x180
[ 1026.072054]  ? pick_next_task_fair+0xa35/0x1c90
[ 1026.072059]  ? rcu_read_lock_sched_held+0x14f/0x180
[ 1026.072065]  ? rcu_note_context_switch+0x12e0/0x2150
[ 1026.072069]  ? lock_acquire+0x1ed/0x520
[ 1026.072074]  vprintk_default+0x28/0x30
[ 1026.072078]  vprintk_func+0x7e/0x181
[ 1026.072082]  printk+0xa7/0xcf
[ 1026.072087]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 1026.072091]  kasan_report+0x9b/0x110
[ 1026.072097]  ? kvm_write_guest_offset_cached+0x693/0x6b0
[ 1026.072102]  __asan_report_load8_noabort+0x14/0x20
[ 1026.072107]  kvm_write_guest_offset_cached+0x693/0x6b0
[ 1026.072113]  ? kvm_get_dirty_log_protect+0x780/0x780
[ 1026.072118]  ? check_preemption_disabled+0x48/0x280
[ 1026.072123]  ? vmx_read_guest_seg_ar+0x21c/0x270
[ 1026.072128]  kvm_arch_vcpu_put+0x365/0x420
[ 1026.072132]  kvm_sched_out+0x91/0xb0
[ 1026.072137]  __schedule+0x11ca/0x21d0
[ 1026.072141]  ? __sched_text_start+0x8/0x8
[ 1026.072146]  ? mark_held_locks+0xc7/0x130
[ 1026.072151]  ? preempt_schedule_irq+0x90/0x140
[ 1026.072156]  ? preempt_schedule_irq+0x90/0x140
[ 1026.072161]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1026.072165]  ? trace_hardirqs_on+0xbd/0x310
[ 1026.072170]  ? retint_kernel+0x1b/0x2d
[ 1026.072175]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1026.072180]  preempt_schedule_irq+0xb9/0x140
[ 1026.072184]  retint_kernel+0x1b/0x2d
[ 1026.072190] RIP: 0010:__kvm_gfn_to_hva_cache_init+0x2ed/0xd10
[ 1026.072205] Code: 3c 02 00 0f 85 0d 0a 00 00 4d 03 6c 24 08 48 89 df 4c 89 ee e8 04 16 78 00 4c 39 eb 0f 82 6e 01 00 00 45 31 ed e8 43 15 78 00 <44> 89 fe 44 89 ef e8 c8 15 78 00 45 39 fd 0f 8d cf 00 00 00 e8 2a
[ 1026.072210] RSP: 0018:ffff8801cbfee970 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 1026.072221] RAX: ffff8801b9a4c280 RBX: 0000000000000000 RCX: ffffffff8107942f
[ 1026.072228] RDX: 0000000000000000 RSI: ffffffff8107936d RDI: 0000000000000006
[ 1026.072234] RBP: ffff8801cbfeeb60 R08: ffff8801b9a4c280 R09: ffffed00342bb209
[ 1026.072247] R10: ffffed00342bb209 R11: ffff8801a15d904b R12: 0000000000000017
[ 1026.072253] R13: 0000000000000017 R14: 0000000000000016 R15: 0000000000000017
[ 1026.072259]  ? __kvm_gfn_to_hva_cache_init+0x3af/0xd10
[ 1026.072264]  ? __kvm_gfn_to_hva_cache_init+0x2ed/0xd10
[ 1026.072269]  ? install_new_memslots+0x4b0/0x4b0
[ 1026.072274]  ? graph_lock+0x270/0x270
[ 1026.072278]  ? mark_held_locks+0x130/0x130
[ 1026.072283]  ? __lock_is_held+0xb5/0x140
[ 1026.072288]  kvm_gfn_to_hva_cache_init+0x15a/0x340
[ 1026.072293]  ? __kvm_gfn_to_hva_cache_init+0xd10/0xd10
[ 1026.072298]  ? save_stack+0xa9/0xd0
[ 1026.072302]  ? save_stack+0x43/0xd0
[ 1026.072307]  kvm_set_msr_common+0x1a0c/0x2670
[ 1026.072311]  ? graph_lock+0x270/0x270
[ 1026.072316]  ? kvm_write_tsc+0x1480/0x1480
[ 1026.072321]  ? find_held_lock+0x36/0x1c0
[ 1026.072326]  ? find_held_lock+0x36/0x1c0
[ 1026.072330]  ? __might_fault+0x12b/0x1e0
[ 1026.072335]  ? lock_downgrade+0x900/0x900
[ 1026.072339]  vmx_set_msr+0x759/0x1f90
[ 1026.072344]  kvm_set_msr+0x18a/0x370
[ 1026.072348]  do_set_msr+0x10d/0x1a0
[ 1026.072351]  ?
[ 1026.072358] Lost 69 message(s)!
[ 1027.248341] Shutting down cpus with NMI
[ 1028.280180] Kernel Offset: disabled
[ 1028.283804] Rebooting in 86400 seconds..