[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   22.856544] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   24.251676] random: sshd: uninitialized urandom read (32 bytes read)
[   24.465881] random: sshd: uninitialized urandom read (32 bytes read)
[   25.053110] random: sshd: uninitialized urandom read (32 bytes read)
[   33.519166] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.15.204' (ECDSA) to the list of known hosts.
[   39.168101] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   39.273210] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[   39.297895] ==================================================================
[   39.307584] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[   39.313811] Read of size 8 at addr ffff8801b8080058 by task syz-executor828/4655
[   39.321327] 
[   39.322979] CPU: 0 PID: 4655 Comm: syz-executor828 Not tainted 4.19.0-rc1+ #214
[   39.330420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.339762] Call Trace:
[   39.342352]  dump_stack+0x1c9/0x2b4
[   39.345988]  ? dump_stack_print_info.cold.2+0x52/0x52
[   39.351174]  ? printk+0xa7/0xcf
[   39.354474]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   39.359241]  ? __schedule+0xf54/0x1df0
[   39.363126]  print_address_description+0x6c/0x20b
[   39.367968]  ? __schedule+0xf54/0x1df0
[   39.371850]  kasan_report.cold.7+0x242/0x30d
[   39.376264]  __asan_report_load8_noabort+0x14/0x20
[   39.381200]  __schedule+0xf54/0x1df0
[   39.384920]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   39.390021]  ? __sched_text_start+0x8/0x8
[   39.394169]  ? __call_srcu+0x7e7/0x1040
[   39.398169]  ? check_same_owner+0x340/0x340
[   39.402506]  ? mark_held_locks+0x160/0x160
[   39.406738]  ? find_held_lock+0x36/0x1c0
[   39.410799]  preempt_schedule_common+0x22/0x60
[   39.415367]  _cond_resched+0x1d/0x30
[   39.419061]  wait_for_completion+0xa5/0x8d0
[   39.423367]  ? wait_for_completion_interruptible+0x950/0x950
[   39.429197]  ? __lockdep_init_map+0x105/0x590
[   39.433695]  ? __init_waitqueue_head+0x9e/0x150
[   39.438365]  ? init_wait_entry+0x1c0/0x1c0
[   39.442607]  __synchronize_srcu+0x189/0x240
[   39.446939]  ? call_srcu+0x10/0x10
[   39.450490]  ? rcu_unexpedite_gp+0x20/0x20
[   39.454728]  synchronize_srcu+0x335/0x56f
[   39.458875]  ? lock_downgrade+0x8f0/0x8f0
[   39.463032]  ? synchronize_srcu_expedited+0x20/0x20
[   39.468045]  ? kasan_check_read+0x11/0x20
[   39.472212]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   39.476808]  ? kasan_check_write+0x14/0x20
[   39.481042]  ? do_raw_spin_lock+0xc1/0x200
[   39.485277]  kvm_page_track_unregister_notifier+0x17d/0x250
[   39.490987]  ? kvm_slot_page_track_remove_page+0x70/0x70
[   39.496438]  ? kvfree+0x61/0x70
[   39.499720]  ? rcu_read_lock_sched_held+0x108/0x120
[   39.504741]  kvm_mmu_uninit_vm+0x1c/0x20
[   39.508798]  kvm_arch_destroy_vm+0x5f2/0x7c0
[   39.513214]  ? kvm_arch_sync_events+0x30/0x30
[   39.517711]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   39.523248]  ? mmu_notifier_unregister+0x474/0x600
[   39.528209]  ? trace_hardirqs_on+0x2c0/0x2c0
[   39.532621]  ? kfree+0x111/0x210
[   39.535988]  ? __mmu_notifier_register+0x30/0x30
[   39.540746]  ? __free_pages+0x10a/0x190
[   39.544719]  ? free_unref_page+0x930/0x930
[   39.548959]  kvm_put_kvm+0x73f/0x1060
[   39.552760]  ? kvm_write_guest_cached+0x40/0x40
[   39.557428]  ? _raw_spin_unlock_irq+0x27/0x70
[   39.561917]  ? _raw_spin_unlock_irq+0x27/0x70
[   39.566406]  ? lockdep_hardirqs_on+0x421/0x5c0
[   39.570988]  ? kasan_check_write+0x14/0x20
[   39.575230]  ? do_raw_spin_lock+0xc1/0x200
[   39.579461]  ? kvm_irqfd_release+0xdd/0x120
[   39.583776]  ? kvm_irqfd_release+0xdd/0x120
[   39.588109]  ? kvm_put_kvm+0x1060/0x1060
[   39.592168]  kvm_vm_release+0x42/0x50
[   39.595975]  __fput+0x38a/0xa40
[   39.599270]  ? __alloc_file+0x400/0x400
[   39.603276]  ? check_same_owner+0x340/0x340
[   39.607597]  ? kasan_check_write+0x14/0x20
[   39.611840]  ? do_raw_spin_lock+0xc1/0x200
[   39.616070]  ____fput+0x15/0x20
[   39.619353]  task_work_run+0x1e8/0x2a0
[   39.623238]  ? task_work_cancel+0x240/0x240
[   39.627584]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   39.633124]  ? switch_task_namespaces+0xa2/0xd0
[   39.637791]  do_exit+0x1ae4/0x26e0
[   39.641332]  ? mm_update_next_owner+0x9a0/0x9a0
[   39.646010]  ? kvm_vcpu_ioctl+0x2b5/0x1280
[   39.650243]  ? rcu_read_lock_sched_held+0x108/0x120
[   39.655257]  ? kfree+0x1d7/0x210
[   39.658640]  ? kvm_vcpu_ioctl+0x2ba/0x1280
[   39.662878]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   39.668588]  ? is_bpf_text_address+0xd7/0x170
[   39.673100]  ? kernel_text_address+0x79/0xf0
[   39.677532]  ? __kernel_text_address+0xd/0x40
[   39.682026]  ? unwind_get_return_address+0x61/0xa0
[   39.686953]  ? __save_stack_trace+0x8d/0xf0
[   39.691281]  ? save_stack+0xa9/0xd0
[   39.694906]  ? save_stack+0x43/0xd0
[   39.698527]  ? __kasan_slab_free+0x11a/0x170
[   39.702932]  ? kasan_slab_free+0xe/0x10
[   39.706901]  ? putname+0xf2/0x130
[   39.710350]  ? __x64_sys_openat+0x9d/0x100
[   39.714593]  ? do_syscall_64+0x1b9/0x820
[   39.718679]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.724050]  ? trace_hardirqs_off+0xb8/0x2b0
[   39.728451]  ? kasan_check_read+0x11/0x20
[   39.732604]  ? do_raw_spin_unlock+0xa7/0x2f0
[   39.737010]  ? trace_hardirqs_on+0x2c0/0x2c0
[   39.741418]  ? initcall_blacklisted+0x9a/0x1e0
[   39.746002]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   39.751108]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   39.756825]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.762360]  ? do_vfs_ioctl+0x201/0x1720
[   39.766431]  ? rcu_is_watching+0x8c/0x150
[   39.770581]  ? trace_hardirqs_on+0xbd/0x2c0
[   39.774904]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   39.779935]  ? __fget_light+0x2f7/0x440
[   39.783917]  ? fget_raw+0x20/0x20
[   39.787382]  ? putname+0xf2/0x130
[   39.790836]  ? rcu_read_lock_sched_held+0x108/0x120
[   39.795851]  ? kmem_cache_free+0x246/0x280
[   39.800100]  ? putname+0xf7/0x130
[   39.803557]  do_group_exit+0x177/0x440
[   39.807460]  ? trace_hardirqs_on+0xbd/0x2c0
[   39.811781]  ? __ia32_sys_exit+0x50/0x50
[   39.815841]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   39.820946]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   39.826484]  ? ksys_ioctl+0x81/0xd0
[   39.830108]  __x64_sys_exit_group+0x3e/0x50
[   39.834428]  do_syscall_64+0x1b9/0x820
[   39.838315]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   39.843679]  ? syscall_return_slowpath+0x5e0/0x5e0
[   39.848622]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.853460]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[   39.858472]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   39.863483]  ? prepare_exit_to_usermode+0x291/0x3b0
[   39.868500]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.873355]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.878538] RIP: 0033:0x43f3b8
[   39.881725] Code: Bad RIP value.
[   39.885084] RSP: 002b:00007ffdd5b279b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   39.892798] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f3b8
[   39.900057] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   39.907323] RBP: 00000000004c0c68 R08: 00000000000000e7 R09: ffffffffffffffd0
[   39.914606] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[   39.921869] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[   39.929132] 
[   39.930749] Allocated by task 4655:
[   39.934397]  save_stack+0x43/0xd0
[   39.937847]  kasan_kmalloc+0xc4/0xe0
[   39.941561]  kasan_slab_alloc+0x12/0x20
[   39.945531]  kmem_cache_alloc+0x12e/0x710
[   39.949672]  vmx_create_vcpu+0xcf/0x2830
[   39.953729]  kvm_arch_vcpu_create+0xe5/0x220
[   39.958143]  kvm_vm_ioctl+0x488/0x1d80
[   39.962029]  do_vfs_ioctl+0x1de/0x1720
[   39.965911]  ksys_ioctl+0xa9/0xd0
[   39.969384]  __x64_sys_ioctl+0x73/0xb0
[   39.973289]  do_syscall_64+0x1b9/0x820
[   39.977171]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.982362] 
[   39.983983] Freed by task 4655:
[   39.987253]  save_stack+0x43/0xd0
[   39.990697]  __kasan_slab_free+0x11a/0x170
[   39.994923]  kasan_slab_free+0xe/0x10
[   39.998714]  kmem_cache_free+0x86/0x280
[   40.002684]  vmx_free_vcpu+0x26b/0x300
[   40.006566]  kvm_arch_destroy_vm+0x365/0x7c0
[   40.010983]  kvm_put_kvm+0x73f/0x1060
[   40.014779]  kvm_vm_release+0x42/0x50
[   40.018579]  __fput+0x38a/0xa40
[   40.021854]  ____fput+0x15/0x20
[   40.025129]  task_work_run+0x1e8/0x2a0
[   40.029020]  do_exit+0x1ae4/0x26e0
[   40.032584]  do_group_exit+0x177/0x440
[   40.036478]  __x64_sys_exit_group+0x3e/0x50
[   40.040796]  do_syscall_64+0x1b9/0x820
[   40.044679]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.049851] 
[   40.051474] The buggy address belongs to the object at ffff8801b8080040
[   40.051474]  which belongs to the cache kvm_vcpu of size 23872
[   40.064041] The buggy address is located 24 bytes inside of
[   40.064041]  23872-byte region [ffff8801b8080040, ffff8801b8085d80)
[   40.075994] The buggy address belongs to the page:
[   40.080916] page:ffffea0006e02000 count:1 mapcount:0 mapping:ffff8801d516f9c0 index:0x0 compound_mapcount: 0
[   40.090879] flags: 0x2fffc0000008100(slab|head)
[   40.095566] raw: 02fffc0000008100 ffff8801d6ff7148 ffff8801d6ff7148 ffff8801d516f9c0
[   40.103448] raw: 0000000000000000 ffff8801b8080040 0000000100000001 0000000000000000
[   40.111313] page dumped because: kasan: bad access detected
[   40.117008] 
[   40.118625] Memory state around the buggy address:
[   40.123555]  ffff8801b807ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.130912]  ffff8801b807ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.138270] >ffff8801b8080000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   40.145619]                                                     ^
[   40.151847]  ffff8801b8080080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.159205]  ffff8801b8080100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.166548] ==================================================================
[   40.173900] Kernel panic - not syncing: panic_on_warn set ...
[   40.173900] 
[   40.181261] CPU: 0 PID: 4655 Comm: syz-executor828 Tainted: G    B             4.19.0-rc1+ #214
[   40.190088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.199432] Call Trace:
[   40.202051]  dump_stack+0x1c9/0x2b4
[   40.205676]  ? dump_stack_print_info.cold.2+0x52/0x52
[   40.210862]  ? lock_downgrade+0x8f0/0x8f0
[   40.215007]  ? __schedule+0xf54/0x1df0
[   40.218893]  panic+0x238/0x4e7
[   40.222080]  ? add_taint.cold.5+0x16/0x16
[   40.226234]  ? print_shadow_for_address+0xba/0x116
[   40.231158]  ? trace_hardirqs_off+0xaf/0x2b0
[   40.235584]  ? trace_hardirqs_off+0x77/0x2b0
[   40.239991]  ? __schedule+0xf54/0x1df0
[   40.243873]  kasan_end_report+0x47/0x4f
[   40.247848]  kasan_report.cold.7+0x76/0x30d
[   40.252166]  __asan_report_load8_noabort+0x14/0x20
[   40.257102]  __schedule+0xf54/0x1df0
[   40.260812]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   40.265941]  ? __sched_text_start+0x8/0x8
[   40.270099]  ? __call_srcu+0x7e7/0x1040
[   40.274079]  ? check_same_owner+0x340/0x340
[   40.278413]  ? mark_held_locks+0x160/0x160
[   40.282656]  ? find_held_lock+0x36/0x1c0
[   40.286718]  preempt_schedule_common+0x22/0x60
[   40.291299]  _cond_resched+0x1d/0x30
[   40.295023]  wait_for_completion+0xa5/0x8d0
[   40.299343]  ? wait_for_completion_interruptible+0x950/0x950
[   40.305158]  ? __lockdep_init_map+0x105/0x590
[   40.309658]  ? __init_waitqueue_head+0x9e/0x150
[   40.314320]  ? init_wait_entry+0x1c0/0x1c0
[   40.318553]  __synchronize_srcu+0x189/0x240
[   40.322873]  ? call_srcu+0x10/0x10
[   40.326414]  ? rcu_unexpedite_gp+0x20/0x20
[   40.330650]  synchronize_srcu+0x335/0x56f
[   40.335013]  ? lock_downgrade+0x8f0/0x8f0
[   40.339156]  ? synchronize_srcu_expedited+0x20/0x20
[   40.344195]  ? kasan_check_read+0x11/0x20
[   40.348354]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   40.352932]  ? kasan_check_write+0x14/0x20
[   40.357163]  ? do_raw_spin_lock+0xc1/0x200
[   40.361408]  kvm_page_track_unregister_notifier+0x17d/0x250
[   40.367116]  ? kvm_slot_page_track_remove_page+0x70/0x70
[   40.372560]  ? kvfree+0x61/0x70
[   40.375843]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.380857]  kvm_mmu_uninit_vm+0x1c/0x20
[   40.384915]  kvm_arch_destroy_vm+0x5f2/0x7c0
[   40.389318]  ? kvm_arch_sync_events+0x30/0x30
[   40.393815]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   40.399364]  ? mmu_notifier_unregister+0x474/0x600
[   40.404286]  ? trace_hardirqs_on+0x2c0/0x2c0
[   40.408700]  ? kfree+0x111/0x210
[   40.412049]  ? __mmu_notifier_register+0x30/0x30
[   40.416848]  ? __free_pages+0x10a/0x190
[   40.420830]  ? free_unref_page+0x930/0x930
[   40.425070]  kvm_put_kvm+0x73f/0x1060
[   40.428873]  ? kvm_write_guest_cached+0x40/0x40
[   40.433545]  ? _raw_spin_unlock_irq+0x27/0x70
[   40.438034]  ? _raw_spin_unlock_irq+0x27/0x70
[   40.442535]  ? lockdep_hardirqs_on+0x421/0x5c0
[   40.447126]  ? kasan_check_write+0x14/0x20
[   40.451357]  ? do_raw_spin_lock+0xc1/0x200
[   40.455592]  ? kvm_irqfd_release+0xdd/0x120
[   40.459926]  ? kvm_irqfd_release+0xdd/0x120
[   40.464256]  ? kvm_put_kvm+0x1060/0x1060
[   40.468311]  kvm_vm_release+0x42/0x50
[   40.472109]  __fput+0x38a/0xa40
[   40.475391]  ? __alloc_file+0x400/0x400
[   40.479372]  ? check_same_owner+0x340/0x340
[   40.483688]  ? kasan_check_write+0x14/0x20
[   40.487919]  ? do_raw_spin_lock+0xc1/0x200
[   40.492151]  ____fput+0x15/0x20
[   40.495466]  task_work_run+0x1e8/0x2a0
[   40.499350]  ? task_work_cancel+0x240/0x240
[   40.503683]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   40.509230]  ? switch_task_namespaces+0xa2/0xd0
[   40.513900]  do_exit+0x1ae4/0x26e0
[   40.517441]  ? mm_update_next_owner+0x9a0/0x9a0
[   40.522140]  ? kvm_vcpu_ioctl+0x2b5/0x1280
[   40.526385]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.531418]  ? kfree+0x1d7/0x210
[   40.534802]  ? kvm_vcpu_ioctl+0x2ba/0x1280
[   40.539039]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   40.544747]  ? is_bpf_text_address+0xd7/0x170
[   40.549242]  ? kernel_text_address+0x79/0xf0
[   40.553646]  ? __kernel_text_address+0xd/0x40
[   40.558136]  ? unwind_get_return_address+0x61/0xa0
[   40.563061]  ? __save_stack_trace+0x8d/0xf0
[   40.567384]  ? save_stack+0xa9/0xd0
[   40.571012]  ? save_stack+0x43/0xd0
[   40.574637]  ? __kasan_slab_free+0x11a/0x170
[   40.579042]  ? kasan_slab_free+0xe/0x10
[   40.583009]  ? putname+0xf2/0x130
[   40.586461]  ? __x64_sys_openat+0x9d/0x100
[   40.590694]  ? do_syscall_64+0x1b9/0x820
[   40.594751]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.600111]  ? trace_hardirqs_off+0xb8/0x2b0
[   40.604514]  ? kasan_check_read+0x11/0x20
[   40.608835]  ? do_raw_spin_unlock+0xa7/0x2f0
[   40.613237]  ? trace_hardirqs_on+0x2c0/0x2c0
[   40.617646]  ? initcall_blacklisted+0x9a/0x1e0
[   40.622238]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   40.627340]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   40.633068]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.638627]  ? do_vfs_ioctl+0x201/0x1720
[   40.642689]  ? rcu_is_watching+0x8c/0x150
[   40.646833]  ? trace_hardirqs_on+0xbd/0x2c0
[   40.651155]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   40.656177]  ? __fget_light+0x2f7/0x440
[   40.660163]  ? fget_raw+0x20/0x20
[   40.663616]  ? putname+0xf2/0x130
[   40.667068]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.672078]  ? kmem_cache_free+0x246/0x280
[   40.676308]  ? putname+0xf7/0x130
[   40.679762]  do_group_exit+0x177/0x440
[   40.683646]  ? trace_hardirqs_on+0xbd/0x2c0
[   40.687963]  ? __ia32_sys_exit+0x50/0x50
[   40.692020]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   40.697125]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   40.702661]  ? ksys_ioctl+0x81/0xd0
[   40.706300]  __x64_sys_exit_group+0x3e/0x50
[   40.710632]  do_syscall_64+0x1b9/0x820
[   40.714518]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   40.719881]  ? syscall_return_slowpath+0x5e0/0x5e0
[   40.724810]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.729650]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[   40.734661]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   40.739674]  ? prepare_exit_to_usermode+0x291/0x3b0
[   40.744688]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.749540]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.754728] RIP: 0033:0x43f3b8
[   40.757921] Code: Bad RIP value.
[   40.761288] RSP: 002b:00007ffdd5b279b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   40.768993] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f3b8
[   40.776260] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   40.783527] RBP: 00000000004c0c68 R08: 00000000000000e7 R09: ffffffffffffffd0
[   40.790789] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[   40.798053] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[   40.805327] 
[   40.805332] ======================================================
[   40.805337] WARNING: possible circular locking dependency detected
[   40.805341] 4.19.0-rc1+ #214 Not tainted
[   40.805346] ------------------------------------------------------
[   40.805350] syz-executor828/4655 is trying to acquire lock:
[   40.805353] 0000000010d2683e ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[   40.805367] 
[   40.805371] but task is already holding lock:
[   40.805374] 000000000de0e551 (report_lock){....}, at: kasan_report+0x8e/0x110
[   40.805387] 
[   40.805392] which lock already depends on the new lock.
[   40.805394] 
[   40.805396] 
[   40.805401] the existing dependency chain (in reverse order) is:
[   40.805403] 
[   40.805405] -> #3 (report_lock){....}:
[   40.805419]        _raw_spin_lock_irqsave+0x96/0xc0
[   40.805422]        kasan_report+0x8e/0x110
[   40.805426]        __asan_report_load8_noabort+0x14/0x20
[   40.805430]        __schedule+0xf54/0x1df0
[   40.805434]        preempt_schedule_common+0x22/0x60
[   40.805437]        _cond_resched+0x1d/0x30
[   40.805442]        wait_for_completion+0xa5/0x8d0
[   40.805446]        __synchronize_srcu+0x189/0x240
[   40.805456]        synchronize_srcu+0x335/0x56f
[   40.805461]        kvm_page_track_unregister_notifier+0x17d/0x250
[   40.805464]        kvm_mmu_uninit_vm+0x1c/0x20
[   40.805468]        kvm_arch_destroy_vm+0x5f2/0x7c0
[   40.805472]        kvm_put_kvm+0x73f/0x1060
[   40.805475]        kvm_vm_release+0x42/0x50
[   40.805479]        __fput+0x38a/0xa40
[   40.805482]        ____fput+0x15/0x20
[   40.805486]        task_work_run+0x1e8/0x2a0
[   40.805501]        do_exit+0x1ae4/0x26e0
[   40.805505]        do_group_exit+0x177/0x440
[   40.805509]        __x64_sys_exit_group+0x3e/0x50
[   40.805513]        do_syscall_64+0x1b9/0x820
[   40.805517]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.805519] 
[   40.805522] -> #2 (&rq->lock){-.-.}:
[   40.805535]        _raw_spin_lock+0x2a/0x40
[   40.805539]        task_fork_fair+0x93/0x680
[   40.805542]        sched_fork+0x44b/0xbd0
[   40.805546]        copy_process+0x235e/0x7ad0
[   40.805550]        _do_fork+0x1ca/0x1170
[   40.805554]        kernel_thread+0x34/0x40
[   40.805557]        rest_init+0x22/0xe4
[   40.805561]        start_kernel+0x913/0x94e
[   40.805565]        x86_64_start_reservations+0x29/0x2b
[   40.805569]        x86_64_start_kernel+0x76/0x79
[   40.805573]        secondary_startup_64+0xa4/0xb0
[   40.805575] 
[   40.805577] -> #1 (&p->pi_lock){-.-.}:
[   40.805591]        _raw_spin_lock_irqsave+0x96/0xc0
[   40.805595]        try_to_wake_up+0xd2/0x1250
[   40.805599]        wake_up_process+0x10/0x20
[   40.805603]        __up.isra.1+0x1c0/0x2a0
[   40.805606]        up+0x13c/0x1c0
[   40.805610]        __up_console_sem+0xbe/0x1b0
[   40.805614]        console_unlock+0x506/0x10d0
[   40.805617]        vprintk_emit+0x33a/0x910
[   40.805621]        vprintk_default+0x28/0x30
[   40.805625]        vprintk_func+0x7a/0x117
[   40.805628]        printk+0xa7/0xcf
[   40.805632]        load_umh+0x51/0xbd
[   40.805635]        do_one_initcall+0x127/0x838
[   40.805640]        kernel_init_freeable+0x4bb/0x5ae
[   40.805643]        kernel_init+0x11/0x1b3
[   40.805647]        ret_from_fork+0x3a/0x50
[   40.805649] 
[   40.805651] -> #0 ((console_sem).lock){-...}:
[   40.805665]        lock_acquire+0x1e4/0x4f0
[   40.805669]        _raw_spin_lock_irqsave+0x96/0xc0
[   40.805673]        down_trylock+0x13/0x70
[   40.805677]        __down_trylock_console_sem+0xae/0x200
[   40.805681]        console_trylock+0x15/0xa0
[   40.805685]        vprintk_emit+0x31f/0x910
[   40.805689]        vprintk_default+0x28/0x30
[   40.805692]        vprintk_func+0x7a/0x117
[   40.805696]        printk+0xa7/0xcf
[   40.805699]        kasan_report+0x9e/0x110
[   40.805704]        __asan_report_load8_noabort+0x14/0x20
[   40.805707]        __schedule+0xf54/0x1df0
[   40.805712]        preempt_schedule_common+0x22/0x60
[   40.805715]        _cond_resched+0x1d/0x30
[   40.805719]        wait_for_completion+0xa5/0x8d0
[   40.805723]        __synchronize_srcu+0x189/0x240
[   40.805727]        synchronize_srcu+0x335/0x56f
[   40.805732]        kvm_page_track_unregister_notifier+0x17d/0x250
[   40.805736]        kvm_mmu_uninit_vm+0x1c/0x20
[   40.805740]        kvm_arch_destroy_vm+0x5f2/0x7c0
[   40.805744]        kvm_put_kvm+0x73f/0x1060
[   40.805747]        kvm_vm_release+0x42/0x50
[   40.805751]        __fput+0x38a/0xa40
[   40.805754]        ____fput+0x15/0x20
[   40.805758]        task_work_run+0x1e8/0x2a0
[   40.805762]        do_exit+0x1ae4/0x26e0
[   40.805765]        do_group_exit+0x177/0x440
[   40.805769]        __x64_sys_exit_group+0x3e/0x50
[   40.805773]        do_syscall_64+0x1b9/0x820
[   40.805778]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.805780] 
[   40.805784] other info that might help us debug this:
[   40.805786] 
[   40.805789] Chain exists of:
[   40.805791]   (console_sem).lock --> &rq->lock --> report_lock
[   40.805809] 
[   40.805813]  Possible unsafe locking scenario:
[   40.805815] 
[   40.805819]        CPU0                    CPU1
[   40.805823]        ----                    ----
[   40.805825]   lock(report_lock);
[   40.805834]                                lock(&rq->lock);
[   40.805843]                                lock(report_lock);
[   40.805851]   lock((console_sem).lock);
[   40.805859] 
[   40.805862]  *** DEADLOCK ***
[   40.805864] 
[   40.805868] 2 locks held by syz-executor828/4655:
[   40.805870]  #0: 00000000ba5ae03b (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[   40.805887]  #1: 000000000de0e551 (report_lock){....}, at: kasan_report+0x8e/0x110
[   40.805903] 
[   40.805906] stack backtrace:
[   40.805912] CPU: 0 PID: 4655 Comm: syz-executor828 Not tainted 4.19.0-rc1+ #214
[   40.805919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.805922] Call Trace:
[   40.805925]  dump_stack+0x1c9/0x2b4
[   40.805930]  ? dump_stack_print_info.cold.2+0x52/0x52
[   40.805933]  ? vprintk_func+0x100/0x117
[   40.805938]  print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[   40.805942]  ? save_trace+0xe0/0x290
[   40.805946]  __lock_acquire+0x3449/0x5020
[   40.805949]  ? mark_held_locks+0x160/0x160
[   40.805954]  ? mark_held_locks+0x160/0x160
[   40.805958]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   40.805962]  ? is_bpf_text_address+0xd7/0x170
[   40.805966]  ? kernel_text_address+0x79/0xf0
[   40.805970]  ? __kernel_text_address+0xd/0x40
[   40.805974]  ? __save_stack_trace+0x8d/0xf0
[   40.805979]  ? add_lock_to_list.isra.27+0x1ec/0x4b0
[   40.805982]  ? save_trace+0x290/0x290
[   40.805986]  ? save_stack_trace+0x1a/0x20
[   40.805990]  ? save_trace+0xe0/0x290
[   40.805994]  ? graph_lock+0x170/0x170
[   40.805998]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   40.806002]  lock_acquire+0x1e4/0x4f0
[   40.806006]  ? down_trylock+0x13/0x70
[   40.806009]  ? lock_release+0x9f0/0x9f0
[   40.806013]  ? trace_hardirqs_off+0xb8/0x2b0
[   40.806017]  ? trace_hardirqs_on+0x2c0/0x2c0
[   40.806021]  ? trace_hardirqs_off+0xb8/0x2b0
[   40.806025]  ? log_store+0x34f/0x4c0
[   40.806029]  ? vprintk_emit+0x31f/0x910
[   40.806033]  _raw_spin_lock_irqsave+0x96/0xc0
[   40.806037]  ? down_trylock+0x13/0x70
[   40.806040]  down_trylock+0x13/0x70
[   40.806045]  __down_trylock_console_sem+0xae/0x200
[   40.806048]  console_trylock+0x15/0xa0
[   40.806052]  vprintk_emit+0x31f/0x910
[   40.806056]  ? wake_up_klogd+0x110/0x110
[   40.806060]  ? run_rebalance_domains+0x4c0/0x4c0
[   40.806064]  ? kasan_check_read+0x11/0x20
[   40.806068]  ? rcu_is_watching+0x8c/0x150
[   40.806072]  ? rcu_pm_notify+0xc0/0xc0
[   40.806075]  ? lock_acquire+0x1e4/0x4f0
[   40.806079]  ? kasan_report+0x8e/0x110
[   40.806083]  ? __schedule+0xf54/0x1df0
[   40.806086]  vprintk_default+0x28/0x30
[   40.806090]  vprintk_func+0x7a/0x117
[   40.806093]  printk+0xa7/0xcf
[   40.806098]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   40.806101]  ? kasan_check_write+0x14/0x20
[   40.806105]  ? do_raw_spin_lock+0xc1/0x200
[   40.806109]  ? do_raw_spin_lock+0xc1/0x200
[   40.806113]  kasan_report+0x9e/0x110
[   40.806117]  __asan_report_load8_noabort+0x14/0x20
[   40.806121]  __schedule+0xf54/0x1df0
[   40.806125]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   40.806129]  ? __sched_text_start+0x8/0x8
[   40.806133]  ? __call_srcu+0x7e7/0x1040
[   40.806137]  ? check_same_owner+0x340/0x340
[   40.806141]  ? mark_held_locks+0x160/0x160
[   40.806144]  ? find_held_lock+0x36/0x1c0
[   40.806149]  preempt_schedule_common+0x22/0x60
[   40.806152]  _cond_resched+0x1d/0x30
[   40.806156]  wait_for_completion+0xa5/0x8d0
[   40.806161]  ? wait_for_completion_interruptible+0x950/0x950
[   40.806165]  ? __lockdep_init_map+0x105/0x590
[   40.806169]  ? __init_waitqueue_head+0x9e/0x150
[   40.806173]  ? init_wait_entry+0x1c0/0x1c0
[   40.806177]  __synchronize_srcu+0x189/0x240
[   40.806181]  ? call_srcu+0x10/0x10
[   40.806194]  ? rcu_unexpedite_gp+0x20/0x20
[   40.806198]  synchronize_srcu+0x335/0x56f
[   40.806202]  ? lock_downgrade+0x8f0/0x8f0
[   40.806206]  ? synchronize_srcu_expedited+0x20/0x20
[   40.806210]  ? kasan_check_read+0x11/0x20
[   40.806214]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   40.806218]  ? kasan_check_write+0x14/0x20
[   40.806222]  ? do_raw_spin_lock+0xc1/0x200
[   40.806227]  kvm_page_track_unregister_notifier+0x17d/0x250
[   40.806232]  ? kvm_slot_page_track_remove_page+0x70/0x70
[   40.806235]  ? kvfree+0x61/0x70
[   40.806239]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.806243]  kvm_mmu_uninit_vm+0x1c/0x20
[   40.806247]  kvm_arch_destroy_vm+0x5f2/0x7c0
[   40.806251]  ? kvm_arch_sync_events+0x30/0x30
[   40.806256]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   40.806260]  ? mmu_notifier_unregister+0x474/0x600
[   40.806264]  ? trace_hardirqs_on+0x2c0/0x2c0
[   40.806268]  ? kfree+0x111/0x210
[   40.806272]  ? __mmu_notifier_register+0x30/0x30
[   40.806275]  ? __free_pages+0x10a/0x190
[   40.806279]  ? free_unref_page+0x930/0x930
[   40.806283]  kvm_put_kvm+0x73f/0x1060
[   40.806287]  ? kvm_write_guest_cached+0x40/0x40
[   40.806291]  ? _raw_spin_unlock_irq+0x27/0x70
[   40.806295]  ? _raw_spin_unlock_irq+0x27/0x70
[   40.806299]  ? lockdep_hardirqs_on+0x421/0x5c0
[   40.806303]  ? kasan_check_write+0x14/0x20
[   40.806307]  ? do_raw_spin_lock+0xc1/0x200
[   40.806311]  ? kvm_irqfd_release+0xdd/0x120
[   40.806315]  ? kvm_irqfd_release+0xdd/0x120
[   40.806319]  ? kvm_put_kvm+0x1060/0x1060
[   40.806322]  kvm_vm_release+0x42/0x50
[   40.806326]  __fput+0x38a/0xa40
[   40.806329]  ? __alloc_file+0x400/0x400
[   40.806333]  ? check_same_owner+0x340/0x340
[   40.806337]  ? kasan_check_write+0x14/0x20
[   40.806341]  ? do_raw_spin_lock+0xc1/0x200
[   40.806345]  ____fput+0x15/0x20
[   40.806348]  task_work_run+0x1e8/0x2a0
[   40.806352]  ? task_work_cancel+0x240/0x240
[   40.806357]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   40.806361]  ? switch_task_namespaces+0xa2/0xd0
[   40.806365]  do_exit+0x1ae4/0x26e0
[   40.806369]  ? mm_update_next_owner+0x9a0/0x9a0
[   40.806373]  ? kvm_vcpu_ioctl+0x2b5/0x1280
[   40.806377]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.806380]  ? kfree+0x1d7/0x210
[   40.806384]  ? kvm_vcpu_ioctl+0x2ba/0x1280
[   40.806389]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   40.806393]  ? is_bpf_text_address+0xd7/0x170
[   40.806395]  ?
[   40.806402] Lost 54 message(s)!
[   41.916837] Shutting down cpus with NMI
[   42.975805] Dumping ftrace buffer:
[   42.979335]    (ftrace buffer empty)
[   42.983021] Kernel Offset: disabled
[   42.986628] Rebooting in 86400 seconds..