[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.041822] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   25.227843] random: sshd: uninitialized urandom read (32 bytes read)
[   25.535361] random: sshd: uninitialized urandom read (32 bytes read)
[   26.123407] random: sshd: uninitialized urandom read (32 bytes read)
[   26.302993] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts.
[   32.298720] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   32.396151] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[   32.420929] ==================================================================
[   32.430764] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[   32.436994] Read of size 8 at addr ffff8801c5a30058 by task syz-executor298/4289
[   32.444521] 
[   32.446155] CPU: 1 PID: 4289 Comm: syz-executor298 Not tainted 4.19.0-rc2+ #226
[   32.453596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.462944] Call Trace:
[   32.465538]  dump_stack+0x1c9/0x2b4
[   32.469168]  ? dump_stack_print_info.cold.2+0x52/0x52
[   32.474358]  ? printk+0xa7/0xcf
[   32.477647]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   32.482409]  ? __schedule+0xf54/0x1df0
[   32.486297]  print_address_description+0x6c/0x20b
[   32.491140]  ? __schedule+0xf54/0x1df0
[   32.495026]  kasan_report.cold.7+0x242/0x30d
[   32.499436]  __asan_report_load8_noabort+0x14/0x20
[   32.504366]  __schedule+0xf54/0x1df0
[   32.508081]  ? __sched_text_start+0x8/0x8
[   32.512230]  ? _raw_spin_unlock_irqrestore+0xa1/0xc0
[   32.517362]  ? __call_srcu+0x7e7/0x1040
[   32.521347]  ? check_same_owner+0x340/0x340
[   32.525670]  ? mark_held_locks+0x160/0x160
[   32.529905]  ? find_held_lock+0x36/0x1c0
[   32.533970]  preempt_schedule_common+0x22/0x60
[   32.538552]  _cond_resched+0x1d/0x30
[   32.542267]  wait_for_completion+0xa5/0x8d0
[   32.546768]  ? wait_for_completion_interruptible+0x950/0x950
[   32.552568]  ? __lockdep_init_map+0x105/0x590
[   32.557073]  ? __init_waitqueue_head+0x9e/0x150
[   32.561739]  ? init_wait_entry+0x1c0/0x1c0
[   32.565977]  __synchronize_srcu+0x189/0x240
[   32.570301]  ? call_srcu+0x10/0x10
[   32.573847]  ? rcu_unexpedite_gp+0x20/0x20
[   32.578092]  synchronize_srcu+0x335/0x56f
[   32.582241]  ? lock_downgrade+0x8f0/0x8f0
[   32.586385]  ? synchronize_srcu_expedited+0x20/0x20
[   32.591423]  ? kasan_check_read+0x11/0x20
[   32.595572]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   32.600155]  ? kasan_check_write+0x14/0x20
[   32.604385]  ? do_raw_spin_lock+0xc1/0x200
[   32.608657]  kvm_page_track_unregister_notifier+0x17d/0x250
[   32.614381]  ? kvm_slot_page_track_remove_page+0x70/0x70
[   32.619839]  ? kvfree+0x61/0x70
[   32.623125]  ? rcu_read_lock_sched_held+0x108/0x120
[   32.628144]  kvm_mmu_uninit_vm+0x1c/0x20
[   32.632202]  kvm_arch_destroy_vm+0x5f2/0x7c0
[   32.636615]  ? kvm_arch_sync_events+0x30/0x30
[   32.641137]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   32.646679]  ? mmu_notifier_unregister+0x474/0x600
[   32.651609]  ? trace_hardirqs_on+0x2c0/0x2c0
[   32.656014]  ? kfree+0x111/0x210
[   32.659383]  ? __mmu_notifier_register+0x30/0x30
[   32.664140]  ? __free_pages+0x10a/0x190
[   32.668115]  ? free_unref_page+0x930/0x930
[   32.672359]  kvm_put_kvm+0x73f/0x1060
[   32.676164]  ? kvm_write_guest_cached+0x40/0x40
[   32.681339]  ? _raw_spin_unlock_irq+0x27/0x70
[   32.685837]  ? _raw_spin_unlock_irq+0x27/0x70
[   32.690329]  ? lockdep_hardirqs_on+0x421/0x5c0
[   32.694919]  ? kasan_check_write+0x14/0x20
[   32.699155]  ? do_raw_spin_lock+0xc1/0x200
[   32.703396]  ? kvm_irqfd_release+0xdd/0x120
[   32.707721]  ? kvm_irqfd_release+0xdd/0x120
[   32.712047]  ? kvm_put_kvm+0x1060/0x1060
[   32.716110]  kvm_vm_release+0x42/0x50
[   32.719913]  __fput+0x38a/0xa40
[   32.723195]  ? __alloc_file+0x400/0x400
[   32.727175]  ? check_same_owner+0x340/0x340
[   32.731496]  ? kasan_check_write+0x14/0x20
[   32.735733]  ? do_raw_spin_lock+0xc1/0x200
[   32.739967]  ____fput+0x15/0x20
[   32.743249]  task_work_run+0x1e8/0x2a0
[   32.747140]  ? task_work_cancel+0x240/0x240
[   32.751466]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   32.757002]  ? switch_task_namespaces+0xa2/0xd0
[   32.761671]  do_exit+0x1ae4/0x26e0
[   32.765218]  ? mm_update_next_owner+0x9a0/0x9a0
[   32.769891]  ? kvm_vcpu_ioctl+0x2b5/0x1280
[   32.774129]  ? rcu_read_lock_sched_held+0x108/0x120
[   32.779145]  ? kfree+0x1d7/0x210
[   32.782513]  ? kvm_vcpu_ioctl+0x2ba/0x1280
[   32.786755]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   32.792470]  ? is_bpf_text_address+0xd7/0x170
[   32.796965]  ? kernel_text_address+0x79/0xf0
[   32.801372]  ? __kernel_text_address+0xd/0x40
[   32.805868]  ? unwind_get_return_address+0x61/0xa0
[   32.810799]  ? __save_stack_trace+0x8d/0xf0
[   32.815132]  ? save_stack+0xa9/0xd0
[   32.818758]  ? save_stack+0x43/0xd0
[   32.822383]  ? __kasan_slab_free+0x11a/0x170
[   32.826795]  ? kasan_slab_free+0xe/0x10
[   32.830769]  ? putname+0xf2/0x130
[   32.834221]  ? __x64_sys_openat+0x9d/0x100
[   32.838457]  ? do_syscall_64+0x1b9/0x820
[   32.842516]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.847882]  ? trace_hardirqs_off+0xb8/0x2c0
[   32.852287]  ? kasan_check_read+0x11/0x20
[   32.856435]  ? do_raw_spin_unlock+0xa7/0x2f0
[   32.860846]  ? trace_hardirqs_on+0x2c0/0x2c0
[   32.865257]  ? initcall_blacklisted+0x9a/0x1e0
[   32.869848]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   32.874955]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   32.880669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.886207]  ? do_vfs_ioctl+0x201/0x1720
[   32.890269]  ? rcu_is_watching+0x8c/0x150
[   32.894412]  ? trace_hardirqs_on+0xbd/0x2c0
[   32.898739]  ? ioctl_preallocate+0x300/0x300
[   32.903149]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.908687]  ? __fget_light+0x2f7/0x440
[   32.912663]  ? fget_raw+0x20/0x20
[   32.916111]  ? putname+0xf2/0x130
[   32.919570]  ? rcu_read_lock_sched_held+0x108/0x120
[   32.924585]  ? kmem_cache_free+0x246/0x280
[   32.928822]  ? putname+0xf7/0x130
[   32.932284]  do_group_exit+0x177/0x440
[   32.936169]  ? trace_hardirqs_on+0xbd/0x2c0
[   32.940516]  ? __ia32_sys_exit+0x50/0x50
[   32.944584]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   32.949691]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.955354]  ? ksys_ioctl+0x81/0xd0
[   32.958989]  __x64_sys_exit_group+0x3e/0x50
[   32.963332]  do_syscall_64+0x1b9/0x820
[   32.967223]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   32.972591]  ? syscall_return_slowpath+0x5e0/0x5e0
[   32.977525]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.982384]  ? trace_hardirqs_on_caller+0x2c0/0x2c0
[   32.987403]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   32.992422]  ? prepare_exit_to_usermode+0x291/0x3b0
[   32.997443]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.002295]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.007487] RIP: 0033:0x43ecc8
[   33.010683] Code: Bad RIP value.
[   33.014046] RSP: 002b:00007ffc6d796f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   33.021760] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8
[   33.029031] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   33.036300] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0
[   33.043573] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[   33.050851] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[   33.058125] 
[   33.059748] Allocated by task 4289:
[   33.063378]  save_stack+0x43/0xd0
[   33.066836]  kasan_kmalloc+0xc4/0xe0
[   33.070547]  kasan_slab_alloc+0x12/0x20
[   33.074524]  kmem_cache_alloc+0x12e/0x710
[   33.078681]  vmx_create_vcpu+0xcf/0x2830
[   33.082741]  kvm_arch_vcpu_create+0xe5/0x220
[   33.087151]  kvm_vm_ioctl+0x488/0x1d80
[   33.091039]  do_vfs_ioctl+0x1de/0x1720
[   33.094926]  ksys_ioctl+0xa9/0xd0
[   33.098379]  __x64_sys_ioctl+0x73/0xb0
[   33.102268]  do_syscall_64+0x1b9/0x820
[   33.106155]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.111335] 
[   33.112956] Freed by task 4289:
[   33.116238]  save_stack+0x43/0xd0
[   33.119698]  __kasan_slab_free+0x11a/0x170
[   33.123937]  kasan_slab_free+0xe/0x10
[   33.127736]  kmem_cache_free+0x86/0x280
[   33.131712]  vmx_free_vcpu+0x26b/0x300
[   33.135600]  kvm_arch_destroy_vm+0x365/0x7c0
[   33.140009]  kvm_put_kvm+0x73f/0x1060
[   33.143813]  kvm_vm_release+0x42/0x50
[   33.147615]  __fput+0x38a/0xa40
[   33.150894]  ____fput+0x15/0x20
[   33.154173]  task_work_run+0x1e8/0x2a0
[   33.158060]  do_exit+0x1ae4/0x26e0
[   33.161599]  do_group_exit+0x177/0x440
[   33.165488]  __x64_sys_exit_group+0x3e/0x50
[   33.169815]  do_syscall_64+0x1b9/0x820
[   33.173702]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.178880] 
[   33.180515] The buggy address belongs to the object at ffff8801c5a30040
[   33.180515]  which belongs to the cache kvm_vcpu of size 23872
[   33.193091] The buggy address is located 24 bytes inside of
[   33.193091]  23872-byte region [ffff8801c5a30040, ffff8801c5a35d80)
[   33.205055] The buggy address belongs to the page:
[   33.209994] page:ffffea0007168c00 count:1 mapcount:0 mapping:ffff8801d9f0b240 index:0x0 compound_mapcount: 0
[   33.219971] flags: 0x2fffc0000008100(slab|head)
[   33.224648] raw: 02fffc0000008100 ffff8801d6175a48 ffff8801d6175a48 ffff8801d9f0b240
[   33.232538] raw: 0000000000000000 ffff8801c5a30040 0000000100000001 0000000000000000
[   33.240415] page dumped because: kasan: bad access detected
[   33.246140] 
[   33.247764] Memory state around the buggy address:
[   33.252694]  ffff8801c5a2ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.260055]  ffff8801c5a2ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.267418] >ffff8801c5a30000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   33.274775]                                                     ^
[   33.281026]  ffff8801c5a30080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.288405]  ffff8801c5a30100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.295780] ==================================================================
[   33.303134] Kernel panic - not syncing: panic_on_warn set ...
[   33.303134] 
[   33.310517] CPU: 1 PID: 4289 Comm: syz-executor298 Tainted: G    B             4.19.0-rc2+ #226
[   33.319372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.328719] Call Trace:
[   33.331315]  dump_stack+0x1c9/0x2b4
[   33.334946]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.340140]  ? lock_downgrade+0x8f0/0x8f0
[   33.344289]  ? __schedule+0xf54/0x1df0
[   33.348179]  panic+0x238/0x4e7
[   33.351373]  ? add_taint.cold.5+0x16/0x16
[   33.355529]  ? print_shadow_for_address+0xba/0x116
[   33.360455]  ? trace_hardirqs_off+0xaf/0x2c0
[   33.364859]  ? trace_hardirqs_off+0x77/0x2c0
[   33.369269]  ? __schedule+0xf54/0x1df0
[   33.373159]  kasan_end_report+0x47/0x4f
[   33.377136]  kasan_report.cold.7+0x76/0x30d
[   33.381460]  __asan_report_load8_noabort+0x14/0x20
[   33.386389]  __schedule+0xf54/0x1df0
[   33.390104]  ? __sched_text_start+0x8/0x8
[   33.394248]  ? _raw_spin_unlock_irqrestore+0xa1/0xc0
[   33.399352]  ? __call_srcu+0x7e7/0x1040
[   33.403339]  ? check_same_owner+0x340/0x340
[   33.407659]  ? mark_held_locks+0x160/0x160
[   33.411895]  ? find_held_lock+0x36/0x1c0
[   33.415958]  preempt_schedule_common+0x22/0x60
[   33.420544]  _cond_resched+0x1d/0x30
[   33.424256]  wait_for_completion+0xa5/0x8d0
[   33.428580]  ? wait_for_completion_interruptible+0x950/0x950
[   33.434375]  ? __lockdep_init_map+0x105/0x590
[   33.438873]  ? __init_waitqueue_head+0x9e/0x150
[   33.443540]  ? init_wait_entry+0x1c0/0x1c0
[   33.447782]  __synchronize_srcu+0x189/0x240
[   33.452104]  ? call_srcu+0x10/0x10
[   33.455646]  ? rcu_unexpedite_gp+0x20/0x20
[   33.459890]  synchronize_srcu+0x335/0x56f
[   33.464037]  ? lock_downgrade+0x8f0/0x8f0
[   33.468181]  ? synchronize_srcu_expedited+0x20/0x20
[   33.473201]  ? kasan_check_read+0x11/0x20
[   33.477350]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   33.481932]  ? kasan_check_write+0x14/0x20
[   33.486184]  ? do_raw_spin_lock+0xc1/0x200
[   33.490426]  kvm_page_track_unregister_notifier+0x17d/0x250
[   33.496164]  ? kvm_slot_page_track_remove_page+0x70/0x70
[   33.501623]  ? kvfree+0x61/0x70
[   33.504904]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.509919]  kvm_mmu_uninit_vm+0x1c/0x20
[   33.513979]  kvm_arch_destroy_vm+0x5f2/0x7c0
[   33.518389]  ? kvm_arch_sync_events+0x30/0x30
[   33.522890]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.528431]  ? mmu_notifier_unregister+0x474/0x600
[   33.533358]  ? trace_hardirqs_on+0x2c0/0x2c0
[   33.537766]  ? kfree+0x111/0x210
[   33.541135]  ? __mmu_notifier_register+0x30/0x30
[   33.545891]  ? __free_pages+0x10a/0x190
[   33.549868]  ? free_unref_page+0x930/0x930
[   33.554111]  kvm_put_kvm+0x73f/0x1060
[   33.557917]  ? kvm_write_guest_cached+0x40/0x40
[   33.562591]  ? _raw_spin_unlock_irq+0x27/0x70
[   33.567084]  ? _raw_spin_unlock_irq+0x27/0x70
[   33.571580]  ? lockdep_hardirqs_on+0x421/0x5c0
[   33.576194]  ? kasan_check_write+0x14/0x20
[   33.580430]  ? do_raw_spin_lock+0xc1/0x200
[   33.584667]  ? kvm_irqfd_release+0xdd/0x120
[   33.589006]  ? kvm_irqfd_release+0xdd/0x120
[   33.593329]  ? kvm_put_kvm+0x1060/0x1060
[   33.597418]  kvm_vm_release+0x42/0x50
[   33.601216]  __fput+0x38a/0xa40
[   33.604496]  ? __alloc_file+0x400/0x400
[   33.608475]  ? check_same_owner+0x340/0x340
[   33.612798]  ? kasan_check_write+0x14/0x20
[   33.617034]  ? do_raw_spin_lock+0xc1/0x200
[   33.621272]  ____fput+0x15/0x20
[   33.624550]  task_work_run+0x1e8/0x2a0
[   33.628438]  ? task_work_cancel+0x240/0x240
[   33.632772]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.638334]  ? switch_task_namespaces+0xa2/0xd0
[   33.643007]  do_exit+0x1ae4/0x26e0
[   33.646549]  ? mm_update_next_owner+0x9a0/0x9a0
[   33.651246]  ? kvm_vcpu_ioctl+0x2b5/0x1280
[   33.655590]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.660606]  ? kfree+0x1d7/0x210
[   33.663973]  ? kvm_vcpu_ioctl+0x2ba/0x1280
[   33.668210]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   33.673923]  ? is_bpf_text_address+0xd7/0x170
[   33.678421]  ? kernel_text_address+0x79/0xf0
[   33.682834]  ? __kernel_text_address+0xd/0x40
[   33.687331]  ? unwind_get_return_address+0x61/0xa0
[   33.692279]  ? __save_stack_trace+0x8d/0xf0
[   33.696609]  ? save_stack+0xa9/0xd0
[   33.700233]  ? save_stack+0x43/0xd0
[   33.703862]  ? __kasan_slab_free+0x11a/0x170
[   33.708269]  ? kasan_slab_free+0xe/0x10
[   33.712244]  ? putname+0xf2/0x130
[   33.715700]  ? __x64_sys_openat+0x9d/0x100
[   33.719945]  ? do_syscall_64+0x1b9/0x820
[   33.724007]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.729375]  ? trace_hardirqs_off+0xb8/0x2c0
[   33.733784]  ? kasan_check_read+0x11/0x20
[   33.737937]  ? do_raw_spin_unlock+0xa7/0x2f0
[   33.742348]  ? trace_hardirqs_on+0x2c0/0x2c0
[   33.746759]  ? initcall_blacklisted+0x9a/0x1e0
[   33.751344]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   33.756485]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   33.762203]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.767743]  ? do_vfs_ioctl+0x201/0x1720
[   33.771801]  ? rcu_is_watching+0x8c/0x150
[   33.775955]  ? trace_hardirqs_on+0xbd/0x2c0
[   33.780279]  ? ioctl_preallocate+0x300/0x300
[   33.785009]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.790549]  ? __fget_light+0x2f7/0x440
[   33.794522]  ? fget_raw+0x20/0x20
[   33.797970]  ? putname+0xf2/0x130
[   33.801426]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.806443]  ? kmem_cache_free+0x246/0x280
[   33.810677]  ? putname+0xf7/0x130
[   33.814134]  do_group_exit+0x177/0x440
[   33.818022]  ? trace_hardirqs_on+0xbd/0x2c0
[   33.822342]  ? __ia32_sys_exit+0x50/0x50
[   33.826402]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   33.831507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.837044]  ? ksys_ioctl+0x81/0xd0
[   33.840674]  __x64_sys_exit_group+0x3e/0x50
[   33.845009]  do_syscall_64+0x1b9/0x820
[   33.848895]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   33.854259]  ? syscall_return_slowpath+0x5e0/0x5e0
[   33.859190]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.864057]  ? trace_hardirqs_on_caller+0x2c0/0x2c0
[   33.869077]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   33.874093]  ? prepare_exit_to_usermode+0x291/0x3b0
[   33.879112]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.883956]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.889145] RIP: 0033:0x43ecc8
[   33.892338] Code: Bad RIP value.
[   33.895698] RSP: 002b:00007ffc6d796f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   33.903408] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ecc8
[   33.910694] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   33.917964] RBP: 00000000004be588 R08: 00000000000000e7 R09: ffffffffffffffd0
[   33.925253] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[   33.932522] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[   33.939820] 
[   33.939826] ======================================================
[   33.939837] WARNING: possible circular locking dependency detected
[   33.939841] 4.19.0-rc2+ #226 Not tainted
[   33.939847] ------------------------------------------------------
[   33.939852] syz-executor298/4289 is trying to acquire lock:
[   33.939855] 000000005679d647 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[   33.939870] 
[   33.939874] but task is already holding lock:
[   33.939878] 000000001f9083f4 (report_lock){....}, at: kasan_report+0x8e/0x110
[   33.939892] 
[   33.939897] which lock already depends on the new lock.
[   33.939899] 
[   33.939901] 
[   33.939906] the existing dependency chain (in reverse order) is:
[   33.939909] 
[   33.939911] -> #3 (report_lock){....}:
[   33.939926]        _raw_spin_lock_irqsave+0x96/0xc0
[   33.939930]        kasan_report+0x8e/0x110
[   33.939934]        __asan_report_load8_noabort+0x14/0x20
[   33.939938]        __schedule+0xf54/0x1df0
[   33.939942]        preempt_schedule_common+0x22/0x60
[   33.939946]        _cond_resched+0x1d/0x30
[   33.939951]        wait_for_completion+0xa5/0x8d0
[   33.939955]        __synchronize_srcu+0x189/0x240
[   33.939959]        synchronize_srcu+0x335/0x56f
[   33.939964]        kvm_page_track_unregister_notifier+0x17d/0x250
[   33.939968]        kvm_mmu_uninit_vm+0x1c/0x20
[   33.939972]        kvm_arch_destroy_vm+0x5f2/0x7c0
[   33.939976]        kvm_put_kvm+0x73f/0x1060
[   33.939980]        kvm_vm_release+0x42/0x50
[   33.939984]        __fput+0x38a/0xa40
[   33.939987]        ____fput+0x15/0x20
[   33.939991]        task_work_run+0x1e8/0x2a0
[   33.939995]        do_exit+0x1ae4/0x26e0
[   33.939999]        do_group_exit+0x177/0x440
[   33.940003]        __x64_sys_exit_group+0x3e/0x50
[   33.940007]        do_syscall_64+0x1b9/0x820
[   33.940012]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.940014] 
[   33.940016] -> #2 (&rq->lock){-.-.}:
[   33.940030]        _raw_spin_lock+0x2a/0x40
[   33.940034]        task_fork_fair+0x93/0x680
[   33.940038]        sched_fork+0x44b/0xbd0
[   33.940042]        copy_process+0x235e/0x7af0
[   33.940046]        _do_fork+0x1ca/0x1170
[   33.940049]        kernel_thread+0x34/0x40
[   33.940053]        rest_init+0x22/0xe4
[   33.940057]        start_kernel+0x913/0x94e
[   33.940061]        x86_64_start_reservations+0x29/0x2b
[   33.940065]        x86_64_start_kernel+0x76/0x79
[   33.940070]        secondary_startup_64+0xa4/0xb0
[   33.940072] 
[   33.940074] -> #1 (&p->pi_lock){-.-.}:
[   33.940089]        _raw_spin_lock_irqsave+0x96/0xc0
[   33.940093]        try_to_wake_up+0xd2/0x1250
[   33.940097]        wake_up_process+0x10/0x20
[   33.940101]        __up.isra.1+0x1c0/0x2a0
[   33.940104]        up+0x13c/0x1c0
[   33.940108]        __up_console_sem+0xbe/0x1b0
[   33.940112]        console_unlock+0x506/0x10e0
[   33.940116]        vprintk_emit+0x33a/0x910
[   33.940120]        vprintk_default+0x28/0x30
[   33.940124]        vprintk_func+0x7a/0x117
[   33.940127]        printk+0xa7/0xcf
[   33.940130]        load_umh+0x51/0xbd
[   33.940135]        do_one_initcall+0x127/0x838
[   33.940139]        kernel_init_freeable+0x4bb/0x5ae
[   33.940143]        kernel_init+0x11/0x1b3
[   33.940146]        ret_from_fork+0x3a/0x50
[   33.940149] 
[   33.940151] -> #0 ((console_sem).lock){-...}:
[   33.940166]        lock_acquire+0x1e4/0x4f0
[   33.940170]        _raw_spin_lock_irqsave+0x96/0xc0
[   33.940174]        down_trylock+0x13/0x70
[   33.940178]        __down_trylock_console_sem+0xae/0x200
[   33.940182]        console_trylock+0x15/0xa0
[   33.940186]        vprintk_emit+0x31f/0x910
[   33.940190]        vprintk_default+0x28/0x30
[   33.940194]        vprintk_func+0x7a/0x117
[   33.940197]        printk+0xa7/0xcf
[   33.940201]        kasan_report+0x9e/0x110
[   33.940206]        __asan_report_load8_noabort+0x14/0x20
[   33.940209]        __schedule+0xf54/0x1df0
[   33.940214]        preempt_schedule_common+0x22/0x60
[   33.940218]        _cond_resched+0x1d/0x30
[   33.940222]        wait_for_completion+0xa5/0x8d0
[   33.940226]        __synchronize_srcu+0x189/0x240
[   33.940230]        synchronize_srcu+0x335/0x56f
[   33.940235]        kvm_page_track_unregister_notifier+0x17d/0x250
[   33.940239]        kvm_mmu_uninit_vm+0x1c/0x20
[   33.940243]        kvm_arch_destroy_vm+0x5f2/0x7c0
[   33.940247]        kvm_put_kvm+0x73f/0x1060
[   33.940251]        kvm_vm_release+0x42/0x50
[   33.940255]        __fput+0x38a/0xa40
[   33.940258]        ____fput+0x15/0x20
[   33.940262]        task_work_run+0x1e8/0x2a0
[   33.940266]        do_exit+0x1ae4/0x26e0
[   33.940270]        do_group_exit+0x177/0x440
[   33.940274]        __x64_sys_exit_group+0x3e/0x50
[   33.940278]        do_syscall_64+0x1b9/0x820
[   33.940283]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.940285] 
[   33.940289] other info that might help us debug this:
[   33.940292] 
[   33.940295] Chain exists of:
[   33.940297]   (console_sem).lock --> &rq->lock --> report_lock
[   33.940315] 
[   33.940319]  Possible unsafe locking scenario:
[   33.940321] 
[   33.940326]        CPU0                    CPU1
[   33.940330]        ----                    ----
[   33.940332]   lock(report_lock);
[   33.940342]                                lock(&rq->lock);
[   33.940352]                                lock(report_lock);
[   33.940360]   lock((console_sem).lock);
[   33.940368] 
[   33.940371]  *** DEADLOCK ***
[   33.940373] 
[   33.940377] 2 locks held by syz-executor298/4289:
[   33.940380]  #0: 00000000c1d1dcfd (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[   33.940397]  #1: 000000001f9083f4 (report_lock){....}, at: kasan_report+0x8e/0x110
[   33.940414] 
[   33.940417] stack backtrace:
[   33.940423] CPU: 1 PID: 4289 Comm: syz-executor298 Not tainted 4.19.0-rc2+ #226
[   33.940430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.940433] Call Trace:
[   33.940437]  dump_stack+0x1c9/0x2b4
[   33.940441]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.940445]  ? vprintk_func+0x100/0x117
[   33.940450]  print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[   33.940454]  ? save_trace+0xe0/0x290
[   33.940458]  __lock_acquire+0x3449/0x5020
[   33.940462]  ? mark_held_locks+0x160/0x160
[   33.940466]  ? mark_held_locks+0x160/0x160
[   33.940471]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   33.940475]  ? is_bpf_text_address+0xd7/0x170
[   33.940479]  ? kernel_text_address+0x79/0xf0
[   33.940483]  ? __kernel_text_address+0xd/0x40
[   33.940487]  ? __save_stack_trace+0x8d/0xf0
[   33.940492]  ? add_lock_to_list.isra.27+0x1ec/0x4b0
[   33.940496]  ? save_trace+0x290/0x290
[   33.940500]  ? save_stack_trace+0x1a/0x20
[   33.940504]  ? save_trace+0xe0/0x290
[   33.940507]  ? graph_lock+0x170/0x170
[   33.940512]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.940516]  lock_acquire+0x1e4/0x4f0
[   33.940520]  ? down_trylock+0x13/0x70
[   33.940524]  ? lock_release+0x9f0/0x9f0
[   33.940528]  ? trace_hardirqs_off+0xb8/0x2c0
[   33.940532]  ? trace_hardirqs_on+0x2c0/0x2c0
[   33.940537]  ? trace_hardirqs_off+0xb8/0x2c0
[   33.940541]  ? log_store+0x34f/0x4c0
[   33.940544]  ? vprintk_emit+0x31f/0x910
[   33.940549]  _raw_spin_lock_irqsave+0x96/0xc0
[   33.940553]  ? down_trylock+0x13/0x70
[   33.940556]  down_trylock+0x13/0x70
[   33.940561]  __down_trylock_console_sem+0xae/0x200
[   33.940565]  console_trylock+0x15/0xa0
[   33.940568]  vprintk_emit+0x31f/0x910
[   33.940572]  ? wake_up_klogd+0x110/0x110
[   33.940577]  ? run_rebalance_domains+0x4c0/0x4c0
[   33.940581]  ? kasan_check_read+0x11/0x20
[   33.940585]  ? rcu_is_watching+0x8c/0x150
[   33.940589]  ? rcu_pm_notify+0xc0/0xc0
[   33.940593]  ? lock_acquire+0x1e4/0x4f0
[   33.940597]  ? kasan_report+0x8e/0x110
[   33.940600]  ? __schedule+0xf54/0x1df0
[   33.940604]  vprintk_default+0x28/0x30
[   33.940608]  vprintk_func+0x7a/0x117
[   33.940611]  printk+0xa7/0xcf
[   33.940616]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   33.940620]  ? kasan_check_write+0x14/0x20
[   33.940624]  ? do_raw_spin_lock+0xc1/0x200
[   33.940628]  ? do_raw_spin_lock+0xc1/0x200
[   33.940632]  kasan_report+0x9e/0x110
[   33.940636]  __asan_report_load8_noabort+0x14/0x20
[   33.940640]  __schedule+0xf54/0x1df0
[   33.940644]  ? __sched_text_start+0x8/0x8
[   33.940649]  ? _raw_spin_unlock_irqrestore+0xa1/0xc0
[   33.940653]  ? __call_srcu+0x7e7/0x1040
[   33.940657]  ? check_same_owner+0x340/0x340
[   33.940661]  ? mark_held_locks+0x160/0x160
[   33.940665]  ? find_held_lock+0x36/0x1c0
[   33.940669]  preempt_schedule_common+0x22/0x60
[   33.940673]  _cond_resched+0x1d/0x30
[   33.940677]  wait_for_completion+0xa5/0x8d0
[   33.940682]  ? wait_for_completion_interruptible+0x950/0x950
[   33.940686]  ? __lockdep_init_map+0x105/0x590
[   33.940691]  ? __init_waitqueue_head+0x9e/0x150
[   33.940695]  ? init_wait_entry+0x1c0/0x1c0
[   33.940699]  __synchronize_srcu+0x189/0x240
[   33.940703]  ? call_srcu+0x10/0x10
[   33.940707]  ? rcu_unexpedite_gp+0x20/0x20
[   33.940711]  synchronize_srcu+0x335/0x56f
[   33.940715]  ? lock_downgrade+0x8f0/0x8f0
[   33.940719]  ? synchronize_srcu_expedited+0x20/0x20
[   33.940724]  ? kasan_check_read+0x11/0x20
[   33.940728]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   33.940732]  ? kasan_check_write+0x14/0x20
[   33.940736]  ? do_raw_spin_lock+0xc1/0x200
[   33.940741]  kvm_page_track_unregister_notifier+0x17d/0x250
[   33.940746]  ? kvm_slot_page_track_remove_page+0x70/0x70
[   33.940749]  ? kvfree+0x61/0x70
[   33.940754]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.940758]  kvm_mmu_uninit_vm+0x1c/0x20
[   33.940762]  kvm_arch_destroy_vm+0x5f2/0x7c0
[   33.940766]  ? kvm_arch_sync_events+0x30/0x30
[   33.940771]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.940776]  ? mmu_notifier_unregister+0x474/0x600
[   33.940780]  ? trace_hardirqs_on+0x2c0/0x2c0
[   33.940784]  ? kfree+0x111/0x210
[   33.940788]  ? __mmu_notifier_register+0x30/0x30
[   33.940792]  ? __free_pages+0x10a/0x190
[   33.940796]  ? free_unref_page+0x930/0x930
[   33.940800]  kvm_put_kvm+0x73f/0x1060
[   33.940804]  ? kvm_write_guest_cached+0x40/0x40
[   33.940808]  ? _raw_spin_unlock_irq+0x27/0x70
[   33.940813]  ? _raw_spin_unlock_irq+0x27/0x70
[   33.940817]  ? lockdep_hardirqs_on+0x421/0x5c0
[   33.940821]  ? kasan_check_write+0x14/0x20
[   33.940825]  ? do_raw_spin_lock+0xc1/0x200
[   33.940835]  ? kvm_irqfd_release+0xdd/0x120
[   33.940840]  ? kvm_irqfd_release+0xdd/0x120
[   33.940844]  ? kvm_put_kvm+0x1060/0x1060
[   33.940848]  kvm_vm_release+0x42/0x50
[   33.940851]  __fput+0x38a/0xa40
[   33.940855]  ? __alloc_file+0x400/0x400
[   33.940859]  ? check_same_owner+0x340/0x340
[   33.940863]  ? kasan_check_write+0x14/0x20
[   33.940867]  ? do_raw_spin_lock+0xc1/0x200
[   33.940871]  ____fput+0x15/0x20
[   33.940875]  task_work_run+0x1e8/0x2a0
[   33.940879]  ? task_work_cancel+0x240/0x240
[   33.940884]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.940888]  ? switch_task_namespaces+0xa2/0xd0
[   33.940892]  do_exit+0x1ae4/0x26e0
[   33.940896]  ? mm_update_next_owner+0x9a0/0x9a0
[   33.940900]  ? kvm_vcpu_ioctl+0x2b5/0x1280
[   33.940905]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.940908]  ? kfree+0x1d7/0x210
[   33.940912]  ? kvm_vcpu_ioctl+0x2ba/0x1280
[   33.940917]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   33.940922]  ? is_bpf_text_address+0xd7/0x170
[   33.940924]  ?
[   33.940931] Lost 55 message(s)!
[   34.998524] Shutting down cpus with NMI
[   36.057912] Dumping ftrace buffer:
[   36.061476]    (ftrace buffer empty)
[   36.065171] Kernel Offset: disabled
[   36.068783] Rebooting in 86400 seconds..