[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   23.968598] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.
[   25.024202] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   25.375020] random: sshd: uninitialized urandom read (32 bytes read)
[   25.964590] random: sshd: uninitialized urandom read (32 bytes read)
[   26.164886] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts.
[   31.807881] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   31.906026] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[   31.931508] ==================================================================
[   31.941380] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[   31.947609] Read of size 8 at addr ffff8801bc3d0058 by task syz-executor417/4686
[   31.955128] 
[   31.956755] CPU: 0 PID: 4686 Comm: syz-executor417 Not tainted 4.19.0-rc1+ #217
[   31.964192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.973547] Call Trace:
[   31.976146]  dump_stack+0x1c9/0x2b4
[   31.979774]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.984976]  ? printk+0xa7/0xcf
[   31.988258]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   31.993018]  ? __schedule+0xf54/0x1df0
[   31.996912]  print_address_description+0x6c/0x20b
[   32.001757]  ? __schedule+0xf54/0x1df0
[   32.005651]  kasan_report.cold.7+0x242/0x30d
[   32.010067]  __asan_report_load8_noabort+0x14/0x20
[   32.015001]  __schedule+0xf54/0x1df0
[   32.018729]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   32.023846]  ? __sched_text_start+0x8/0x8
[   32.028007]  ? __call_srcu+0x7e7/0x1040
[   32.031989]  ? check_same_owner+0x340/0x340
[   32.036306]  ? mark_held_locks+0x160/0x160
[   32.040567]  ? find_held_lock+0x36/0x1c0
[   32.044633]  preempt_schedule_common+0x22/0x60
[   32.049216]  _cond_resched+0x1d/0x30
[   32.052931]  wait_for_completion+0xa5/0x8d0
[   32.057253]  ? wait_for_completion_interruptible+0x950/0x950
[   32.063056]  ? __lockdep_init_map+0x105/0x590
[   32.067574]  ? __init_waitqueue_head+0x9e/0x150
[   32.072239]  ? init_wait_entry+0x1c0/0x1c0
[   32.076491]  __synchronize_srcu+0x189/0x240
[   32.080831]  ? call_srcu+0x10/0x10
[   32.084375]  ? rcu_unexpedite_gp+0x20/0x20
[   32.088620]  synchronize_srcu+0x335/0x56f
[   32.092783]  ? lock_downgrade+0x8f0/0x8f0
[   32.096935]  ? synchronize_srcu_expedited+0x20/0x20
[   32.101960]  ? kasan_check_read+0x11/0x20
[   32.106115]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   32.110731]  ? kasan_check_write+0x14/0x20
[   32.114978]  ? do_raw_spin_lock+0xc1/0x200
[   32.119224]  kvm_page_track_unregister_notifier+0x17d/0x250
[   32.124941]  ? kvm_slot_page_track_remove_page+0x70/0x70
[   32.130395]  ? kvfree+0x61/0x70
[   32.133690]  ? rcu_read_lock_sched_held+0x108/0x120
[   32.138731]  kvm_mmu_uninit_vm+0x1c/0x20
[   32.142828]  kvm_arch_destroy_vm+0x5f2/0x7c0
[   32.147239]  ? kvm_arch_sync_events+0x30/0x30
[   32.151757]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   32.157295]  ? mmu_notifier_unregister+0x474/0x600
[   32.162231]  ? trace_hardirqs_on+0x2c0/0x2c0
[   32.166658]  ? kfree+0x111/0x210
[   32.170035]  ? __mmu_notifier_register+0x30/0x30
[   32.174808]  ? __free_pages+0x10a/0x190
[   32.178779]  ? free_unref_page+0x930/0x930
[   32.183018]  kvm_put_kvm+0x73f/0x1060
[   32.186846]  ? kvm_write_guest_cached+0x40/0x40
[   32.191536]  ? _raw_spin_unlock_irq+0x27/0x70
[   32.196047]  ? _raw_spin_unlock_irq+0x27/0x70
[   32.200553]  ? lockdep_hardirqs_on+0x421/0x5c0
[   32.205145]  ? kasan_check_write+0x14/0x20
[   32.209380]  ? do_raw_spin_lock+0xc1/0x200
[   32.213617]  ? kvm_irqfd_release+0xdd/0x120
[   32.217934]  ? kvm_irqfd_release+0xdd/0x120
[   32.222257]  ? kvm_put_kvm+0x1060/0x1060
[   32.226346]  kvm_vm_release+0x42/0x50
[   32.230166]  __fput+0x38a/0xa40
[   32.233448]  ? __alloc_file+0x400/0x400
[   32.237427]  ? check_same_owner+0x340/0x340
[   32.241749]  ? kasan_check_write+0x14/0x20
[   32.246022]  ? do_raw_spin_lock+0xc1/0x200
[   32.250254]  ____fput+0x15/0x20
[   32.253562]  task_work_run+0x1e8/0x2a0
[   32.257452]  ? task_work_cancel+0x240/0x240
[   32.261781]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   32.267326]  ? switch_task_namespaces+0xa2/0xd0
[   32.272004]  do_exit+0x1ae4/0x26e0
[   32.275576]  ? mm_update_next_owner+0x9a0/0x9a0
[   32.280259]  ? kvm_vcpu_ioctl+0x2b5/0x1280
[   32.284494]  ? rcu_read_lock_sched_held+0x108/0x120
[   32.289560]  ? kfree+0x1d7/0x210
[   32.292942]  ? kvm_vcpu_ioctl+0x2ba/0x1280
[   32.297177]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   32.302887]  ? is_bpf_text_address+0xd7/0x170
[   32.307377]  ? kernel_text_address+0x79/0xf0
[   32.311782]  ? __kernel_text_address+0xd/0x40
[   32.316274]  ? unwind_get_return_address+0x61/0xa0
[   32.321204]  ? __save_stack_trace+0x8d/0xf0
[   32.325559]  ? save_stack+0xa9/0xd0
[   32.329184]  ? save_stack+0x43/0xd0
[   32.332806]  ? __kasan_slab_free+0x11a/0x170
[   32.337210]  ? kasan_slab_free+0xe/0x10
[   32.341184]  ? putname+0xf2/0x130
[   32.344643]  ? __x64_sys_openat+0x9d/0x100
[   32.348891]  ? do_syscall_64+0x1b9/0x820
[   32.352953]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.358317]  ? trace_hardirqs_off+0xb8/0x2b0
[   32.362724]  ? kasan_check_read+0x11/0x20
[   32.366871]  ? do_raw_spin_unlock+0xa7/0x2f0
[   32.371277]  ? trace_hardirqs_on+0x2c0/0x2c0
[   32.375687]  ? initcall_blacklisted+0x9a/0x1e0
[   32.380273]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   32.385376]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   32.391112]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.396652]  ? do_vfs_ioctl+0x201/0x1720
[   32.400710]  ? rcu_is_watching+0x8c/0x150
[   32.404852]  ? trace_hardirqs_on+0xbd/0x2c0
[   32.409188]  ? ioctl_preallocate+0x300/0x300
[   32.413625]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.419174]  ? __fget_light+0x2f7/0x440
[   32.423147]  ? fget_raw+0x20/0x20
[   32.426597]  ? putname+0xf2/0x130
[   32.430056]  ? rcu_read_lock_sched_held+0x108/0x120
[   32.435074]  ? kmem_cache_free+0x246/0x280
[   32.439308]  ? putname+0xf7/0x130
[   32.442761]  do_group_exit+0x177/0x440
[   32.446656]  ? trace_hardirqs_on+0xbd/0x2c0
[   32.450983]  ? __ia32_sys_exit+0x50/0x50
[   32.455055]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   32.460168]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.465713]  ? ksys_ioctl+0x81/0xd0
[   32.469344]  __x64_sys_exit_group+0x3e/0x50
[   32.473690]  do_syscall_64+0x1b9/0x820
[   32.477579]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   32.482946]  ? syscall_return_slowpath+0x5e0/0x5e0
[   32.487877]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.493224]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[   32.498242]  ? prepare_exit_to_usermode+0x291/0x3b0
[   32.503258]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.508105]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.513290] RIP: 0033:0x43ecc8
[   32.516485] Code: Bad RIP value.
[   32.519841] RSP: 002b:00007ffdde2ce9d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   32.527571] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8
[   32.534846] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   32.542123] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0
[   32.549401] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[   32.556681] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[   32.564774] 
[   32.566439] Allocated by task 4686:
[   32.570071]  save_stack+0x43/0xd0
[   32.573521]  kasan_kmalloc+0xc4/0xe0
[   32.577267]  kasan_slab_alloc+0x12/0x20
[   32.581288]  kmem_cache_alloc+0x12e/0x710
[   32.585437]  vmx_create_vcpu+0xcf/0x2830
[   32.589505]  kvm_arch_vcpu_create+0xe5/0x220
[   32.593929]  kvm_vm_ioctl+0x488/0x1d80
[   32.598192]  do_vfs_ioctl+0x1de/0x1720
[   32.602087]  ksys_ioctl+0xa9/0xd0
[   32.605556]  __x64_sys_ioctl+0x73/0xb0
[   32.609444]  do_syscall_64+0x1b9/0x820
[   32.613337]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.618545] 
[   32.620169] Freed by task 4686:
[   32.623458]  save_stack+0x43/0xd0
[   32.626911]  __kasan_slab_free+0x11a/0x170
[   32.631169]  kasan_slab_free+0xe/0x10
[   32.634969]  kmem_cache_free+0x86/0x280
[   32.638942]  vmx_free_vcpu+0x26b/0x300
[   32.642830]  kvm_arch_destroy_vm+0x365/0x7c0
[   32.647241]  kvm_put_kvm+0x73f/0x1060
[   32.651042]  kvm_vm_release+0x42/0x50
[   32.654842]  __fput+0x38a/0xa40
[   32.658119]  ____fput+0x15/0x20
[   32.661406]  task_work_run+0x1e8/0x2a0
[   32.665291]  do_exit+0x1ae4/0x26e0
[   32.668827]  do_group_exit+0x177/0x440
[   32.672716]  __x64_sys_exit_group+0x3e/0x50
[   32.677038]  do_syscall_64+0x1b9/0x820
[   32.680929]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.686150] 
[   32.687780] The buggy address belongs to the object at ffff8801bc3d0040
[   32.687780]  which belongs to the cache kvm_vcpu of size 23872
[   32.700364] The buggy address is located 24 bytes inside of
[   32.700364]  23872-byte region [ffff8801bc3d0040, ffff8801bc3d5d80)
[   32.712331] The buggy address belongs to the page:
[   32.717300] page:ffffea0006f0f400 count:1 mapcount:0 mapping:ffff8801d6e99300 index:0x0 compound_mapcount: 0
[   32.727288] flags: 0x2fffc0000008100(slab|head)
[   32.731966] raw: 02fffc0000008100 ffff8801d534f848 ffff8801d534f848 ffff8801d6e99300
[   32.739851] raw: 0000000000000000 ffff8801bc3d0040 0000000100000001 0000000000000000
[   32.747728] page dumped because: kasan: bad access detected
[   32.753447] 
[   32.755066] Memory state around the buggy address:
[   32.760006]  ffff8801bc3cff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.767363]  ffff8801bc3cff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.774724] >ffff8801bc3d0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   32.782076]                                                     ^
[   32.788310]  ffff8801bc3d0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.795671]  ffff8801bc3d0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.803032] ==================================================================
[   32.810410] Kernel panic - not syncing: panic_on_warn set ...
[   32.810410] 
[   32.817789] CPU: 0 PID: 4686 Comm: syz-executor417 Tainted: G    B             4.19.0-rc1+ #217
[   32.826644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.836009] Call Trace:
[   32.838615]  dump_stack+0x1c9/0x2b4
[   32.842263]  ? dump_stack_print_info.cold.2+0x52/0x52
[   32.847465]  ? lock_downgrade+0x8f0/0x8f0
[   32.851616]  ? __schedule+0xf54/0x1df0
[   32.855521]  panic+0x238/0x4e7
[   32.858726]  ? add_taint.cold.5+0x16/0x16
[   32.862881]  ? print_shadow_for_address+0xba/0x116
[   32.867822]  ? trace_hardirqs_off+0xaf/0x2b0
[   32.872229]  ? trace_hardirqs_off+0x77/0x2b0
[   32.876664]  ? __schedule+0xf54/0x1df0
[   32.880591]  kasan_end_report+0x47/0x4f
[   32.884576]  kasan_report.cold.7+0x76/0x30d
[   32.888904]  __asan_report_load8_noabort+0x14/0x20
[   32.893834]  __schedule+0xf54/0x1df0
[   32.897559]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   32.902672]  ? __sched_text_start+0x8/0x8
[   32.906826]  ? __call_srcu+0x7e7/0x1040
[   32.910810]  ? check_same_owner+0x340/0x340
[   32.915129]  ? mark_held_locks+0x160/0x160
[   32.919361]  ? find_held_lock+0x36/0x1c0
[   32.923426]  preempt_schedule_common+0x22/0x60
[   32.928005]  _cond_resched+0x1d/0x30
[   32.931725]  wait_for_completion+0xa5/0x8d0
[   32.936048]  ? wait_for_completion_interruptible+0x950/0x950
[   32.941848]  ? __lockdep_init_map+0x105/0x590
[   32.946347]  ? __init_waitqueue_head+0x9e/0x150
[   32.951016]  ? init_wait_entry+0x1c0/0x1c0
[   32.955254]  __synchronize_srcu+0x189/0x240
[   32.959609]  ? call_srcu+0x10/0x10
[   32.963150]  ? rcu_unexpedite_gp+0x20/0x20
[   32.967391]  synchronize_srcu+0x335/0x56f
[   32.971550]  ? lock_downgrade+0x8f0/0x8f0
[   32.975700]  ? synchronize_srcu_expedited+0x20/0x20
[   32.980717]  ? kasan_check_read+0x11/0x20
[   32.984878]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   32.989488]  ? kasan_check_write+0x14/0x20
[   32.993733]  ? do_raw_spin_lock+0xc1/0x200
[   32.997974]  kvm_page_track_unregister_notifier+0x17d/0x250
[   33.003686]  ? kvm_slot_page_track_remove_page+0x70/0x70
[   33.009153]  ? kvfree+0x61/0x70
[   33.012435]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.017451]  kvm_mmu_uninit_vm+0x1c/0x20
[   33.021515]  kvm_arch_destroy_vm+0x5f2/0x7c0
[   33.025948]  ? kvm_arch_sync_events+0x30/0x30
[   33.030451]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.035993]  ? mmu_notifier_unregister+0x474/0x600
[   33.040925]  ? trace_hardirqs_on+0x2c0/0x2c0
[   33.045343]  ? kfree+0x111/0x210
[   33.048716]  ? __mmu_notifier_register+0x30/0x30
[   33.053478]  ? __free_pages+0x10a/0x190
[   33.057457]  ? free_unref_page+0x930/0x930
[   33.061703]  kvm_put_kvm+0x73f/0x1060
[   33.065514]  ? kvm_write_guest_cached+0x40/0x40
[   33.070201]  ? _raw_spin_unlock_irq+0x27/0x70
[   33.074695]  ? _raw_spin_unlock_irq+0x27/0x70
[   33.079192]  ? lockdep_hardirqs_on+0x421/0x5c0
[   33.083783]  ? kasan_check_write+0x14/0x20
[   33.088018]  ? do_raw_spin_lock+0xc1/0x200
[   33.092258]  ? kvm_irqfd_release+0xdd/0x120
[   33.096577]  ? kvm_irqfd_release+0xdd/0x120
[   33.100901]  ? kvm_put_kvm+0x1060/0x1060
[   33.104961]  kvm_vm_release+0x42/0x50
[   33.108761]  __fput+0x38a/0xa40
[   33.112040]  ? __alloc_file+0x400/0x400
[   33.116019]  ? check_same_owner+0x340/0x340
[   33.120340]  ? kasan_check_write+0x14/0x20
[   33.124578]  ? do_raw_spin_lock+0xc1/0x200
[   33.128812]  ____fput+0x15/0x20
[   33.132093]  task_work_run+0x1e8/0x2a0
[   33.135979]  ? task_work_cancel+0x240/0x240
[   33.140304]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.145841]  ? switch_task_namespaces+0xa2/0xd0
[   33.150510]  do_exit+0x1ae4/0x26e0
[   33.154068]  ? mm_update_next_owner+0x9a0/0x9a0
[   33.158741]  ? kvm_vcpu_ioctl+0x2b5/0x1280
[   33.162980]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.167997]  ? kfree+0x1d7/0x210
[   33.171363]  ? kvm_vcpu_ioctl+0x2ba/0x1280
[   33.175599]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   33.181312]  ? is_bpf_text_address+0xd7/0x170
[   33.185804]  ? kernel_text_address+0x79/0xf0
[   33.190210]  ? __kernel_text_address+0xd/0x40
[   33.194703]  ? unwind_get_return_address+0x61/0xa0
[   33.199636]  ? __save_stack_trace+0x8d/0xf0
[   33.203985]  ? save_stack+0xa9/0xd0
[   33.207611]  ? save_stack+0x43/0xd0
[   33.211235]  ? __kasan_slab_free+0x11a/0x170
[   33.215642]  ? kasan_slab_free+0xe/0x10
[   33.219615]  ? putname+0xf2/0x130
[   33.223067]  ? __x64_sys_openat+0x9d/0x100
[   33.227302]  ? do_syscall_64+0x1b9/0x820
[   33.231363]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.236729]  ? trace_hardirqs_off+0xb8/0x2b0
[   33.241134]  ? kasan_check_read+0x11/0x20
[   33.245280]  ? do_raw_spin_unlock+0xa7/0x2f0
[   33.249690]  ? trace_hardirqs_on+0x2c0/0x2c0
[   33.254101]  ? initcall_blacklisted+0x9a/0x1e0
[   33.258684]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   33.263791]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   33.269507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.275059]  ? do_vfs_ioctl+0x201/0x1720
[   33.279133]  ? rcu_is_watching+0x8c/0x150
[   33.283289]  ? trace_hardirqs_on+0xbd/0x2c0
[   33.287618]  ? ioctl_preallocate+0x300/0x300
[   33.292026]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.297575]  ? __fget_light+0x2f7/0x440
[   33.301573]  ? fget_raw+0x20/0x20
[   33.305043]  ? putname+0xf2/0x130
[   33.308502]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.313536]  ? kmem_cache_free+0x246/0x280
[   33.317777]  ? putname+0xf7/0x130
[   33.321234]  do_group_exit+0x177/0x440
[   33.325120]  ? trace_hardirqs_on+0xbd/0x2c0
[   33.329481]  ? __ia32_sys_exit+0x50/0x50
[   33.333555]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   33.338664]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.344203]  ? ksys_ioctl+0x81/0xd0
[   33.347833]  __x64_sys_exit_group+0x3e/0x50
[   33.352183]  do_syscall_64+0x1b9/0x820
[   33.356073]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   33.361443]  ? syscall_return_slowpath+0x5e0/0x5e0
[   33.366371]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.371216]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[   33.376247]  ? prepare_exit_to_usermode+0x291/0x3b0
[   33.381279]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.386137]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.391329] RIP: 0033:0x43ecc8
[   33.394532] Code: Bad RIP value.
[   33.397898] RSP: 002b:00007ffdde2ce9d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   33.405610] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8
[   33.412881] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   33.420148] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0
[   33.427421] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[   33.434701] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[   33.441994] 
[   33.442001] ======================================================
[   33.442006] WARNING: possible circular locking dependency detected
[   33.442010] 4.19.0-rc1+ #217 Not tainted
[   33.442015] ------------------------------------------------------
[   33.442020] syz-executor417/4686 is trying to acquire lock:
[   33.442023] 000000009b87df6c ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[   33.442038] 
[   33.442042] but task is already holding lock:
[   33.442045] 00000000ca63c1af (report_lock){....}, at: kasan_report+0x8e/0x110
[   33.442059] 
[   33.442064] which lock already depends on the new lock.
[   33.442066] 
[   33.442068] 
[   33.442073] the existing dependency chain (in reverse order) is:
[   33.442075] 
[   33.442078] -> #3 (report_lock){....}:
[   33.442092]        _raw_spin_lock_irqsave+0x96/0xc0
[   33.442096]        kasan_report+0x8e/0x110
[   33.442100]        __asan_report_load8_noabort+0x14/0x20
[   33.442104]        __schedule+0xf54/0x1df0
[   33.442108]        preempt_schedule_common+0x22/0x60
[   33.442112]        _cond_resched+0x1d/0x30
[   33.442116]        wait_for_completion+0xa5/0x8d0
[   33.442120]        __synchronize_srcu+0x189/0x240
[   33.442124]        synchronize_srcu+0x335/0x56f
[   33.442129]        kvm_page_track_unregister_notifier+0x17d/0x250
[   33.442133]        kvm_mmu_uninit_vm+0x1c/0x20
[   33.442137]        kvm_arch_destroy_vm+0x5f2/0x7c0
[   33.442141]        kvm_put_kvm+0x73f/0x1060
[   33.442145]        kvm_vm_release+0x42/0x50
[   33.442148]        __fput+0x38a/0xa40
[   33.442152]        ____fput+0x15/0x20
[   33.442156]        task_work_run+0x1e8/0x2a0
[   33.442159]        do_exit+0x1ae4/0x26e0
[   33.442163]        do_group_exit+0x177/0x440
[   33.442167]        __x64_sys_exit_group+0x3e/0x50
[   33.442171]        do_syscall_64+0x1b9/0x820
[   33.442176]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.442178] 
[   33.442180] -> #2 (&rq->lock){-.-.}:
[   33.442194]        _raw_spin_lock+0x2a/0x40
[   33.442197]        task_fork_fair+0x93/0x680
[   33.442201]        sched_fork+0x44b/0xbd0
[   33.442205]        copy_process+0x235e/0x7ad0
[   33.442208]        _do_fork+0x1ca/0x1170
[   33.442212]        kernel_thread+0x34/0x40
[   33.442215]        rest_init+0x22/0xe4
[   33.442219]        start_kernel+0x913/0x94e
[   33.442223]        x86_64_start_reservations+0x29/0x2b
[   33.442228]        x86_64_start_kernel+0x76/0x79
[   33.442232]        secondary_startup_64+0xa4/0xb0
[   33.442234] 
[   33.442236] -> #1 (&p->pi_lock){-.-.}:
[   33.442250]        _raw_spin_lock_irqsave+0x96/0xc0
[   33.442254]        try_to_wake_up+0xd2/0x1250
[   33.442258]        wake_up_process+0x10/0x20
[   33.442261]        __up.isra.1+0x1c0/0x2a0
[   33.442265]        up+0x13c/0x1c0
[   33.442269]        __up_console_sem+0xbe/0x1b0
[   33.442272]        console_unlock+0x506/0x10d0
[   33.442276]        vprintk_emit+0x33a/0x910
[   33.442280]        vprintk_default+0x28/0x30
[   33.442283]        vprintk_func+0x7a/0x117
[   33.442287]        printk+0xa7/0xcf
[   33.442290]        load_umh+0x51/0xbd
[   33.442294]        do_one_initcall+0x127/0x838
[   33.442298]        kernel_init_freeable+0x4bb/0x5ae
[   33.442302]        kernel_init+0x11/0x1b3
[   33.442306]        ret_from_fork+0x3a/0x50
[   33.442308] 
[   33.442310] -> #0 ((console_sem).lock){-...}:
[   33.442324]        lock_acquire+0x1e4/0x4f0
[   33.442328]        _raw_spin_lock_irqsave+0x96/0xc0
[   33.442332]        down_trylock+0x13/0x70
[   33.442336]        __down_trylock_console_sem+0xae/0x200
[   33.442340]        console_trylock+0x15/0xa0
[   33.442344]        vprintk_emit+0x31f/0x910
[   33.442347]        vprintk_default+0x28/0x30
[   33.442351]        vprintk_func+0x7a/0x117
[   33.442354]        printk+0xa7/0xcf
[   33.442358]        kasan_report+0x9e/0x110
[   33.442362]        __asan_report_load8_noabort+0x14/0x20
[   33.442366]        __schedule+0xf54/0x1df0
[   33.442370]        preempt_schedule_common+0x22/0x60
[   33.442374]        _cond_resched+0x1d/0x30
[   33.442378]        wait_for_completion+0xa5/0x8d0
[   33.442382]        __synchronize_srcu+0x189/0x240
[   33.442386]        synchronize_srcu+0x335/0x56f
[   33.442391]        kvm_page_track_unregister_notifier+0x17d/0x250
[   33.442395]        kvm_mmu_uninit_vm+0x1c/0x20
[   33.442399]        kvm_arch_destroy_vm+0x5f2/0x7c0
[   33.442403]        kvm_put_kvm+0x73f/0x1060
[   33.442407]        kvm_vm_release+0x42/0x50
[   33.442410]        __fput+0x38a/0xa40
[   33.442413]        ____fput+0x15/0x20
[   33.442417]        task_work_run+0x1e8/0x2a0
[   33.442421]        do_exit+0x1ae4/0x26e0
[   33.442424]        do_group_exit+0x177/0x440
[   33.442428]        __x64_sys_exit_group+0x3e/0x50
[   33.442432]        do_syscall_64+0x1b9/0x820
[   33.442437]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.442439] 
[   33.442443] other info that might help us debug this:
[   33.442445] 
[   33.442448] Chain exists of:
[   33.442450]   (console_sem).lock --> &rq->lock --> report_lock
[   33.442468] 
[   33.442472]  Possible unsafe locking scenario:
[   33.442474] 
[   33.442478]        CPU0                    CPU1
[   33.442482]        ----                    ----
[   33.442484]   lock(report_lock);
[   33.442493]                                lock(&rq->lock);
[   33.442503]                                lock(report_lock);
[   33.442511]   lock((console_sem).lock);
[   33.442518] 
[   33.442522]  *** DEADLOCK ***
[   33.442524] 
[   33.442536] 2 locks held by syz-executor417/4686:
[   33.442545]  #0: 00000000dd31586b (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[   33.442562]  #1: 00000000ca63c1af (report_lock){....}, at: kasan_report+0x8e/0x110
[   33.442578] 
[   33.442581] stack backtrace:
[   33.442587] CPU: 0 PID: 4686 Comm: syz-executor417 Not tainted 4.19.0-rc1+ #217
[   33.442594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.442597] Call Trace:
[   33.442601]  dump_stack+0x1c9/0x2b4
[   33.442605]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.442609]  ? vprintk_func+0x100/0x117
[   33.442614]  print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[   33.442617]  ? save_trace+0xe0/0x290
[   33.442621]  __lock_acquire+0x3449/0x5020
[   33.442625]  ? mark_held_locks+0x160/0x160
[   33.442629]  ? mark_held_locks+0x160/0x160
[   33.442633]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   33.442637]  ? is_bpf_text_address+0xd7/0x170
[   33.442641]  ? kernel_text_address+0x79/0xf0
[   33.442645]  ? __kernel_text_address+0xd/0x40
[   33.442649]  ? __save_stack_trace+0x8d/0xf0
[   33.442654]  ? add_lock_to_list.isra.27+0x1ec/0x4b0
[   33.442657]  ? save_trace+0x290/0x290
[   33.442661]  ? save_stack_trace+0x1a/0x20
[   33.442665]  ? save_trace+0xe0/0x290
[   33.442668]  ? graph_lock+0x170/0x170
[   33.442673]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.442676]  lock_acquire+0x1e4/0x4f0
[   33.442680]  ? down_trylock+0x13/0x70
[   33.442684]  ? lock_release+0x9f0/0x9f0
[   33.442688]  ? trace_hardirqs_off+0xb8/0x2b0
[   33.442692]  ? trace_hardirqs_on+0x2c0/0x2c0
[   33.442696]  ? trace_hardirqs_off+0xb8/0x2b0
[   33.442700]  ? log_store+0x34f/0x4c0
[   33.442703]  ? vprintk_emit+0x31f/0x910
[   33.442707]  _raw_spin_lock_irqsave+0x96/0xc0
[   33.442711]  ? down_trylock+0x13/0x70
[   33.442715]  down_trylock+0x13/0x70
[   33.442719]  __down_trylock_console_sem+0xae/0x200
[   33.442723]  console_trylock+0x15/0xa0
[   33.442727]  vprintk_emit+0x31f/0x910
[   33.442730]  ? wake_up_klogd+0x110/0x110
[   33.442735]  ? run_rebalance_domains+0x4c0/0x4c0
[   33.442739]  ? kasan_check_read+0x11/0x20
[   33.442743]  ? rcu_is_watching+0x8c/0x150
[   33.442746]  ? rcu_pm_notify+0xc0/0xc0
[   33.442750]  ? lock_acquire+0x1e4/0x4f0
[   33.442754]  ? kasan_report+0x8e/0x110
[   33.442758]  ? __schedule+0xf54/0x1df0
[   33.442761]  vprintk_default+0x28/0x30
[   33.442765]  vprintk_func+0x7a/0x117
[   33.442768]  printk+0xa7/0xcf
[   33.442772]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   33.442776]  ? kasan_check_write+0x14/0x20
[   33.442780]  ? do_raw_spin_lock+0xc1/0x200
[   33.442784]  ? do_raw_spin_lock+0xc1/0x200
[   33.442788]  kasan_report+0x9e/0x110
[   33.442792]  __asan_report_load8_noabort+0x14/0x20
[   33.442796]  __schedule+0xf54/0x1df0
[   33.442800]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   33.442804]  ? __sched_text_start+0x8/0x8
[   33.442808]  ? __call_srcu+0x7e7/0x1040
[   33.442812]  ? check_same_owner+0x340/0x340
[   33.442816]  ? mark_held_locks+0x160/0x160
[   33.442820]  ? find_held_lock+0x36/0x1c0
[   33.442824]  preempt_schedule_common+0x22/0x60
[   33.442827]  _cond_resched+0x1d/0x30
[   33.442831]  wait_for_completion+0xa5/0x8d0
[   33.442836]  ? wait_for_completion_interruptible+0x950/0x950
[   33.442840]  ? __lockdep_init_map+0x105/0x590
[   33.442844]  ? __init_waitqueue_head+0x9e/0x150
[   33.442848]  ? init_wait_entry+0x1c0/0x1c0
[   33.442852]  __synchronize_srcu+0x189/0x240
[   33.442856]  ? call_srcu+0x10/0x10
[   33.442859]  ? rcu_unexpedite_gp+0x20/0x20
[   33.442863]  synchronize_srcu+0x335/0x56f
[   33.442867]  ? lock_downgrade+0x8f0/0x8f0
[   33.442872]  ? synchronize_srcu_expedited+0x20/0x20
[   33.442876]  ? kasan_check_read+0x11/0x20
[   33.442880]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   33.442884]  ? kasan_check_write+0x14/0x20
[   33.442888]  ? do_raw_spin_lock+0xc1/0x200
[   33.442893]  kvm_page_track_unregister_notifier+0x17d/0x250
[   33.442898]  ? kvm_slot_page_track_remove_page+0x70/0x70
[   33.442901]  ? kvfree+0x61/0x70
[   33.442906]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.442909]  kvm_mmu_uninit_vm+0x1c/0x20
[   33.442913]  kvm_arch_destroy_vm+0x5f2/0x7c0
[   33.442918]  ? kvm_arch_sync_events+0x30/0x30
[   33.442922]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.442927]  ? mmu_notifier_unregister+0x474/0x600
[   33.442931]  ? trace_hardirqs_on+0x2c0/0x2c0
[   33.442934]  ? kfree+0x111/0x210
[   33.442939]  ? __mmu_notifier_register+0x30/0x30
[   33.442942]  ? __free_pages+0x10a/0x190
[   33.442946]  ? free_unref_page+0x930/0x930
[   33.442950]  kvm_put_kvm+0x73f/0x1060
[   33.442954]  ? kvm_write_guest_cached+0x40/0x40
[   33.442958]  ? _raw_spin_unlock_irq+0x27/0x70
[   33.442962]  ? _raw_spin_unlock_irq+0x27/0x70
[   33.442966]  ? lockdep_hardirqs_on+0x421/0x5c0
[   33.442970]  ? kasan_check_write+0x14/0x20
[   33.442974]  ? do_raw_spin_lock+0xc1/0x200
[   33.442978]  ? kvm_irqfd_release+0xdd/0x120
[   33.442982]  ? kvm_irqfd_release+0xdd/0x120
[   33.442986]  ? kvm_put_kvm+0x1060/0x1060
[   33.442990]  kvm_vm_release+0x42/0x50
[   33.442993]  __fput+0x38a/0xa40
[   33.442997]  ? __alloc_file+0x400/0x400
[   33.443001]  ? check_same_owner+0x340/0x340
[   33.443005]  ? kasan_check_write+0x14/0x20
[   33.443009]  ? do_raw_spin_lock+0xc1/0x200
[   33.443012]  ____fput+0x15/0x20
[   33.443016]  task_work_run+0x1e8/0x2a0
[   33.443020]  ? task_work_cancel+0x240/0x240
[   33.443024]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.443029]  ? switch_task_namespaces+0xa2/0xd0
[   33.443032]  do_exit+0x1ae4/0x26e0
[   33.443036]  ? mm_update_next_owner+0x9a0/0x9a0
[   33.443040]  ? kvm_vcpu_ioctl+0x2b5/0x1280
[   33.443045]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.443049]  ? kfree+0x1d7/0x210
[   33.443053]  ? kvm_vcpu_ioctl+0x2ba/0x1280
[   33.443057]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   33.443061]  ? is_bpf_text_address+0xd7/0x170
[   33.443064]  ?
[   33.443073] Lost 54 message(s)!
[   34.547005] Shutting down cpus with NMI
[   35.606795] Dumping ftrace buffer:
[   35.610323]    (ftrace buffer empty)
[   35.614015] Kernel Offset: disabled
[   35.617626] Rebooting in 86400 seconds..