[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   23.772192] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   27.041361] random: sshd: uninitialized urandom read (32 bytes read)
[   27.441460] random: sshd: uninitialized urandom read (32 bytes read)
[   28.007309] random: sshd: uninitialized urandom read (32 bytes read)
[   28.186275] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.15.203' (ECDSA) to the list of known hosts.
[   33.831896] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   33.936208] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[   33.961524] ==================================================================
[   33.971326] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[   33.977561] Read of size 8 at addr ffff8801b8bc8058 by task syz-executor393/4653
[   33.985171] 
[   33.986803] CPU: 1 PID: 4653 Comm: syz-executor393 Not tainted 4.19.0-rc1+ #216
[   33.994240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.003619] Call Trace:
[   34.006214]  dump_stack+0x1c9/0x2b4
[   34.009841]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.015032]  ? printk+0xa7/0xcf
[   34.018313]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   34.023075]  ? __schedule+0xf54/0x1df0
[   34.026978]  print_address_description+0x6c/0x20b
[   34.032002]  ? __schedule+0xf54/0x1df0
[   34.035892]  kasan_report.cold.7+0x242/0x30d
[   34.040308]  __asan_report_load8_noabort+0x14/0x20
[   34.045237]  __schedule+0xf54/0x1df0
[   34.048958]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   34.054074]  ? __sched_text_start+0x8/0x8
[   34.058230]  ? __call_srcu+0x7e7/0x1040
[   34.062211]  ? check_same_owner+0x340/0x340
[   34.066533]  ? mark_held_locks+0x160/0x160
[   34.070768]  ? find_held_lock+0x36/0x1c0
[   34.074839]  preempt_schedule_common+0x22/0x60
[   34.079435]  _cond_resched+0x1d/0x30
[   34.083158]  wait_for_completion+0xa5/0x8d0
[   34.087488]  ? wait_for_completion_interruptible+0x950/0x950
[   34.093290]  ? __lockdep_init_map+0x105/0x590
[   34.097788]  ? __init_waitqueue_head+0x9e/0x150
[   34.102490]  ? init_wait_entry+0x1c0/0x1c0
[   34.106736]  __synchronize_srcu+0x189/0x240
[   34.111057]  ? call_srcu+0x10/0x10
[   34.114596]  ? rcu_unexpedite_gp+0x20/0x20
[   34.118833]  synchronize_srcu+0x335/0x56f
[   34.122980]  ? lock_downgrade+0x8f0/0x8f0
[   34.127137]  ? synchronize_srcu_expedited+0x20/0x20
[   34.132154]  ? kasan_check_read+0x11/0x20
[   34.136299]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   34.140881]  ? kasan_check_write+0x14/0x20
[   34.145115]  ? do_raw_spin_lock+0xc1/0x200
[   34.149356]  kvm_page_track_unregister_notifier+0x17d/0x250
[   34.155078]  ? kvm_slot_page_track_remove_page+0x70/0x70
[   34.160535]  ? kvfree+0x61/0x70
[   34.163813]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.168828]  kvm_mmu_uninit_vm+0x1c/0x20
[   34.172884]  kvm_arch_destroy_vm+0x5f2/0x7c0
[   34.177307]  ? kvm_arch_sync_events+0x30/0x30
[   34.181807]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   34.187340]  ? mmu_notifier_unregister+0x474/0x600
[   34.192263]  ? trace_hardirqs_on+0x2c0/0x2c0
[   34.196668]  ? kfree+0x111/0x210
[   34.200038]  ? __mmu_notifier_register+0x30/0x30
[   34.204800]  ? __free_pages+0x10a/0x190
[   34.208774]  ? free_unref_page+0x930/0x930
[   34.213014]  kvm_put_kvm+0x73f/0x1060
[   34.216838]  ? kvm_write_guest_cached+0x40/0x40
[   34.221509]  ? _raw_spin_unlock_irq+0x27/0x70
[   34.226008]  ? _raw_spin_unlock_irq+0x27/0x70
[   34.230502]  ? lockdep_hardirqs_on+0x421/0x5c0
[   34.235088]  ? kasan_check_write+0x14/0x20
[   34.239324]  ? do_raw_spin_lock+0xc1/0x200
[   34.243563]  ? kvm_irqfd_release+0xdd/0x120
[   34.247884]  ? kvm_irqfd_release+0xdd/0x120
[   34.252210]  ? kvm_put_kvm+0x1060/0x1060
[   34.256283]  kvm_vm_release+0x42/0x50
[   34.260081]  __fput+0x38a/0xa40
[   34.263364]  ? __alloc_file+0x400/0x400
[   34.267343]  ? check_same_owner+0x340/0x340
[   34.271661]  ? kasan_check_write+0x14/0x20
[   34.275898]  ? do_raw_spin_lock+0xc1/0x200
[   34.280130]  ____fput+0x15/0x20
[   34.283404]  task_work_run+0x1e8/0x2a0
[   34.287287]  ? task_work_cancel+0x240/0x240
[   34.291610]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   34.297160]  ? switch_task_namespaces+0xa2/0xd0
[   34.301827]  do_exit+0x1ae4/0x26e0
[   34.305368]  ? mm_update_next_owner+0x9a0/0x9a0
[   34.310036]  ? kvm_vcpu_ioctl+0x2b5/0x1280
[   34.314273]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.319297]  ? kfree+0x1d7/0x210
[   34.322668]  ? kvm_vcpu_ioctl+0x2ba/0x1280
[   34.326903]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   34.332611]  ? is_bpf_text_address+0xd7/0x170
[   34.337108]  ? kernel_text_address+0x79/0xf0
[   34.341520]  ? __kernel_text_address+0xd/0x40
[   34.346030]  ? unwind_get_return_address+0x61/0xa0
[   34.350960]  ? __save_stack_trace+0x8d/0xf0
[   34.355285]  ? save_stack+0xa9/0xd0
[   34.358910]  ? save_stack+0x43/0xd0
[   34.362532]  ? __kasan_slab_free+0x11a/0x170
[   34.366942]  ? kasan_slab_free+0xe/0x10
[   34.370918]  ? putname+0xf2/0x130
[   34.374367]  ? __x64_sys_openat+0x9d/0x100
[   34.378609]  ? do_syscall_64+0x1b9/0x820
[   34.382674]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.388034]  ? trace_hardirqs_off+0xb8/0x2b0
[   34.392451]  ? kasan_check_read+0x11/0x20
[   34.396599]  ? do_raw_spin_unlock+0xa7/0x2f0
[   34.401007]  ? trace_hardirqs_on+0x2c0/0x2c0
[   34.405414]  ? initcall_blacklisted+0x9a/0x1e0
[   34.410004]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   34.415137]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   34.420868]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.426406]  ? do_vfs_ioctl+0x201/0x1720
[   34.430465]  ? rcu_is_watching+0x8c/0x150
[   34.434616]  ? trace_hardirqs_on+0xbd/0x2c0
[   34.438943]  ? ioctl_preallocate+0x300/0x300
[   34.443358]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.449432]  ? __fget_light+0x2f7/0x440
[   34.453406]  ? fget_raw+0x20/0x20
[   34.456857]  ? putname+0xf2/0x130
[   34.460309]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.465320]  ? kmem_cache_free+0x246/0x280
[   34.469566]  ? putname+0xf7/0x130
[   34.473024]  do_group_exit+0x177/0x440
[   34.476907]  ? trace_hardirqs_on+0xbd/0x2c0
[   34.481227]  ? __ia32_sys_exit+0x50/0x50
[   34.485284]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   34.490390]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.495932]  ? ksys_ioctl+0x81/0xd0
[   34.499559]  __x64_sys_exit_group+0x3e/0x50
[   34.503879]  do_syscall_64+0x1b9/0x820
[   34.507761]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   34.513133]  ? syscall_return_slowpath+0x5e0/0x5e0
[   34.518075]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.522920]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[   34.527935]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   34.532947]  ? prepare_exit_to_usermode+0x291/0x3b0
[   34.538052]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.542905]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.548090] RIP: 0033:0x43ef08
[   34.551288] Code: Bad RIP value.
[   34.554646] RSP: 002b:00007ffeac394368 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   34.562352] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08
[   34.569618] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   34.576887] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0
[   34.584151] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[   34.591419] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[   34.598692] 
[   34.600313] Allocated by task 4653:
[   34.603938]  save_stack+0x43/0xd0
[   34.607383]  kasan_kmalloc+0xc4/0xe0
[   34.611106]  kasan_slab_alloc+0x12/0x20
[   34.615077]  kmem_cache_alloc+0x12e/0x710
[   34.619223]  vmx_create_vcpu+0xcf/0x2830
[   34.623276]  kvm_arch_vcpu_create+0xe5/0x220
[   34.627681]  kvm_vm_ioctl+0x488/0x1d80
[   34.631567]  do_vfs_ioctl+0x1de/0x1720
[   34.635454]  ksys_ioctl+0xa9/0xd0
[   34.638904]  __x64_sys_ioctl+0x73/0xb0
[   34.642785]  do_syscall_64+0x1b9/0x820
[   34.646668]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.651839] 
[   34.653463] Freed by task 4653:
[   34.656744]  save_stack+0x43/0xd0
[   34.660191]  __kasan_slab_free+0x11a/0x170
[   34.664418]  kasan_slab_free+0xe/0x10
[   34.668211]  kmem_cache_free+0x86/0x280
[   34.672178]  vmx_free_vcpu+0x26b/0x300
[   34.676057]  kvm_arch_destroy_vm+0x365/0x7c0
[   34.680553]  kvm_put_kvm+0x73f/0x1060
[   34.684353]  kvm_vm_release+0x42/0x50
[   34.688147]  __fput+0x38a/0xa40
[   34.691418]  ____fput+0x15/0x20
[   34.694693]  task_work_run+0x1e8/0x2a0
[   34.698575]  do_exit+0x1ae4/0x26e0
[   34.702128]  do_group_exit+0x177/0x440
[   34.706026]  __x64_sys_exit_group+0x3e/0x50
[   34.710342]  do_syscall_64+0x1b9/0x820
[   34.714228]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.719401] 
[   34.721020] The buggy address belongs to the object at ffff8801b8bc8040
[   34.721020]  which belongs to the cache kvm_vcpu of size 23872
[   34.733600] The buggy address is located 24 bytes inside of
[   34.733600]  23872-byte region [ffff8801b8bc8040, ffff8801b8bcdd80)
[   34.745556] The buggy address belongs to the page:
[   34.750491] page:ffffea0006e2f200 count:1 mapcount:0 mapping:ffff8801d52b5b40 index:0x0 compound_mapcount: 0
[   34.760478] flags: 0x2fffc0000008100(slab|head)
[   34.765150] raw: 02fffc0000008100 ffff8801d52ae348 ffff8801d52ae348 ffff8801d52b5b40
[   34.773039] raw: 0000000000000000 ffff8801b8bc8040 0000000100000001 0000000000000000
[   34.780921] page dumped because: kasan: bad access detected
[   34.786619] 
[   34.788233] Memory state around the buggy address:
[   34.793162]  ffff8801b8bc7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.800536]  ffff8801b8bc7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.807899] >ffff8801b8bc8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   34.815255]                                                     ^
[   34.821495]  ffff8801b8bc8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.828866]  ffff8801b8bc8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.836216] ==================================================================
[   34.843569] Kernel panic - not syncing: panic_on_warn set ...
[   34.843569] 
[   34.851003] CPU: 1 PID: 4653 Comm: syz-executor393 Tainted: G    B             4.19.0-rc1+ #216
[   34.859842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.869191] Call Trace:
[   34.871779]  dump_stack+0x1c9/0x2b4
[   34.875415]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.880606]  ? lock_downgrade+0x8f0/0x8f0
[   34.884750]  ? __schedule+0xf54/0x1df0
[   34.888632]  panic+0x238/0x4e7
[   34.891819]  ? add_taint.cold.5+0x16/0x16
[   34.895970]  ? print_shadow_for_address+0xba/0x116
[   34.900900]  ? trace_hardirqs_off+0xaf/0x2b0
[   34.905305]  ? trace_hardirqs_off+0x77/0x2b0
[   34.909710]  ? __schedule+0xf54/0x1df0
[   34.913595]  kasan_end_report+0x47/0x4f
[   34.917577]  kasan_report.cold.7+0x76/0x30d
[   34.921913]  __asan_report_load8_noabort+0x14/0x20
[   34.926842]  __schedule+0xf54/0x1df0
[   34.930552]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   34.935655]  ? __sched_text_start+0x8/0x8
[   34.939798]  ? __call_srcu+0x7e7/0x1040
[   34.943788]  ? check_same_owner+0x340/0x340
[   34.948110]  ? mark_held_locks+0x160/0x160
[   34.952342]  ? find_held_lock+0x36/0x1c0
[   34.956402]  preempt_schedule_common+0x22/0x60
[   34.960980]  _cond_resched+0x1d/0x30
[   34.964704]  wait_for_completion+0xa5/0x8d0
[   34.969033]  ? wait_for_completion_interruptible+0x950/0x950
[   34.974831]  ? __lockdep_init_map+0x105/0x590
[   34.979331]  ? __init_waitqueue_head+0x9e/0x150
[   34.983994]  ? init_wait_entry+0x1c0/0x1c0
[   34.988232]  __synchronize_srcu+0x189/0x240
[   34.992559]  ? call_srcu+0x10/0x10
[   34.996107]  ? rcu_unexpedite_gp+0x20/0x20
[   35.000352]  synchronize_srcu+0x335/0x56f
[   35.004497]  ? lock_downgrade+0x8f0/0x8f0
[   35.008652]  ? synchronize_srcu_expedited+0x20/0x20
[   35.013684]  ? kasan_check_read+0x11/0x20
[   35.017838]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   35.022421]  ? kasan_check_write+0x14/0x20
[   35.026653]  ? do_raw_spin_lock+0xc1/0x200
[   35.030889]  kvm_page_track_unregister_notifier+0x17d/0x250
[   35.036599]  ? kvm_slot_page_track_remove_page+0x70/0x70
[   35.042064]  ? kvfree+0x61/0x70
[   35.045349]  ? rcu_read_lock_sched_held+0x108/0x120
[   35.050366]  kvm_mmu_uninit_vm+0x1c/0x20
[   35.054425]  kvm_arch_destroy_vm+0x5f2/0x7c0
[   35.058838]  ? kvm_arch_sync_events+0x30/0x30
[   35.063337]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   35.068878]  ? mmu_notifier_unregister+0x474/0x600
[   35.073803]  ? trace_hardirqs_on+0x2c0/0x2c0
[   35.078207]  ? kfree+0x111/0x210
[   35.081576]  ? __mmu_notifier_register+0x30/0x30
[   35.086335]  ? __free_pages+0x10a/0x190
[   35.090318]  ? free_unref_page+0x930/0x930
[   35.094566]  kvm_put_kvm+0x73f/0x1060
[   35.098367]  ? kvm_write_guest_cached+0x40/0x40
[   35.103040]  ? _raw_spin_unlock_irq+0x27/0x70
[   35.107542]  ? _raw_spin_unlock_irq+0x27/0x70
[   35.112071]  ? lockdep_hardirqs_on+0x421/0x5c0
[   35.116673]  ? kasan_check_write+0x14/0x20
[   35.120906]  ? do_raw_spin_lock+0xc1/0x200
[   35.125141]  ? kvm_irqfd_release+0xdd/0x120
[   35.129460]  ? kvm_irqfd_release+0xdd/0x120
[   35.133783]  ? kvm_put_kvm+0x1060/0x1060
[   35.137860]  kvm_vm_release+0x42/0x50
[   35.141664]  __fput+0x38a/0xa40
[   35.144947]  ? __alloc_file+0x400/0x400
[   35.148923]  ? check_same_owner+0x340/0x340
[   35.153245]  ? kasan_check_write+0x14/0x20
[   35.157480]  ? do_raw_spin_lock+0xc1/0x200
[   35.161729]  ____fput+0x15/0x20
[   35.165017]  task_work_run+0x1e8/0x2a0
[   35.168908]  ? task_work_cancel+0x240/0x240
[   35.173235]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   35.178771]  ? switch_task_namespaces+0xa2/0xd0
[   35.183447]  do_exit+0x1ae4/0x26e0
[   35.187000]  ? mm_update_next_owner+0x9a0/0x9a0
[   35.191674]  ? kvm_vcpu_ioctl+0x2b5/0x1280
[   35.195909]  ? rcu_read_lock_sched_held+0x108/0x120
[   35.200925]  ? kfree+0x1d7/0x210
[   35.204290]  ? kvm_vcpu_ioctl+0x2ba/0x1280
[   35.208549]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   35.214292]  ? is_bpf_text_address+0xd7/0x170
[   35.218789]  ? kernel_text_address+0x79/0xf0
[   35.223197]  ? __kernel_text_address+0xd/0x40
[   35.227689]  ? unwind_get_return_address+0x61/0xa0
[   35.232622]  ? __save_stack_trace+0x8d/0xf0
[   35.237045]  ? save_stack+0xa9/0xd0
[   35.240675]  ? save_stack+0x43/0xd0
[   35.244298]  ? __kasan_slab_free+0x11a/0x170
[   35.248706]  ? kasan_slab_free+0xe/0x10
[   35.252679]  ? putname+0xf2/0x130
[   35.256135]  ? __x64_sys_openat+0x9d/0x100
[   35.260380]  ? do_syscall_64+0x1b9/0x820
[   35.264458]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.269824]  ? trace_hardirqs_off+0xb8/0x2b0
[   35.274231]  ? kasan_check_read+0x11/0x20
[   35.278376]  ? do_raw_spin_unlock+0xa7/0x2f0
[   35.282789]  ? trace_hardirqs_on+0x2c0/0x2c0
[   35.287212]  ? initcall_blacklisted+0x9a/0x1e0
[   35.291813]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   35.296919]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   35.302633]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.308182]  ? do_vfs_ioctl+0x201/0x1720
[   35.312259]  ? rcu_is_watching+0x8c/0x150
[   35.316411]  ? trace_hardirqs_on+0xbd/0x2c0
[   35.320737]  ? ioctl_preallocate+0x300/0x300
[   35.325148]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.330695]  ? __fget_light+0x2f7/0x440
[   35.334677]  ? fget_raw+0x20/0x20
[   35.338138]  ? putname+0xf2/0x130
[   35.341821]  ? rcu_read_lock_sched_held+0x108/0x120
[   35.346837]  ? kmem_cache_free+0x246/0x280
[   35.351070]  ? putname+0xf7/0x130
[   35.354531]  do_group_exit+0x177/0x440
[   35.358426]  ? trace_hardirqs_on+0xbd/0x2c0
[   35.362754]  ? __ia32_sys_exit+0x50/0x50
[   35.366831]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   35.371948]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.377490]  ? ksys_ioctl+0x81/0xd0
[   35.381131]  __x64_sys_exit_group+0x3e/0x50
[   35.385471]  do_syscall_64+0x1b9/0x820
[   35.389372]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   35.394744]  ? syscall_return_slowpath+0x5e0/0x5e0
[   35.399675]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.404522]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[   35.409553]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   35.414588]  ? prepare_exit_to_usermode+0x291/0x3b0
[   35.419611]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.424466]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.429659] RIP: 0033:0x43ef08
[   35.432860] Code: Bad RIP value.
[   35.436244] RSP: 002b:00007ffeac394368 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   35.443954] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08
[   35.451223] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   35.458497] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0
[   35.465782] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[   35.473064] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[   35.480361] 
[   35.480367] ======================================================
[   35.480372] WARNING: possible circular locking dependency detected
[   35.480375] 4.19.0-rc1+ #216 Not tainted
[   35.480381] ------------------------------------------------------
[   35.480385] syz-executor393/4653 is trying to acquire lock:
[   35.480389] 00000000a47c3c42 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[   35.480403] 
[   35.480407] but task is already holding lock:
[   35.480410] 00000000e73ebc35 (report_lock){....}, at: kasan_report+0x8e/0x110
[   35.480424] 
[   35.480428] which lock already depends on the new lock.
[   35.480430] 
[   35.480433] 
[   35.480438] the existing dependency chain (in reverse order) is:
[   35.480440] 
[   35.480442] -> #3 (report_lock){....}:
[   35.480456]        _raw_spin_lock_irqsave+0x96/0xc0
[   35.480460]        kasan_report+0x8e/0x110
[   35.480464]        __asan_report_load8_noabort+0x14/0x20
[   35.480468]        __schedule+0xf54/0x1df0
[   35.480472]        preempt_schedule_common+0x22/0x60
[   35.480476]        _cond_resched+0x1d/0x30
[   35.480480]        wait_for_completion+0xa5/0x8d0
[   35.480484]        __synchronize_srcu+0x189/0x240
[   35.480488]        synchronize_srcu+0x335/0x56f
[   35.480493]        kvm_page_track_unregister_notifier+0x17d/0x250
[   35.480497]        kvm_mmu_uninit_vm+0x1c/0x20
[   35.480501]        kvm_arch_destroy_vm+0x5f2/0x7c0
[   35.480505]        kvm_put_kvm+0x73f/0x1060
[   35.480508]        kvm_vm_release+0x42/0x50
[   35.480521]        __fput+0x38a/0xa40
[   35.480524]        ____fput+0x15/0x20
[   35.480528]        task_work_run+0x1e8/0x2a0
[   35.480532]        do_exit+0x1ae4/0x26e0
[   35.480536]        do_group_exit+0x177/0x440
[   35.480540]        __x64_sys_exit_group+0x3e/0x50
[   35.480543]        do_syscall_64+0x1b9/0x820
[   35.480548]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.480550] 
[   35.480552] -> #2 (&rq->lock){-.-.}:
[   35.480566]        _raw_spin_lock+0x2a/0x40
[   35.480570]        task_fork_fair+0x93/0x680
[   35.480574]        sched_fork+0x44b/0xbd0
[   35.480577]        copy_process+0x235e/0x7ad0
[   35.480581]        _do_fork+0x1ca/0x1170
[   35.480585]        kernel_thread+0x34/0x40
[   35.480588]        rest_init+0x22/0xe4
[   35.480592]        start_kernel+0x913/0x94e
[   35.480596]        x86_64_start_reservations+0x29/0x2b
[   35.480601]        x86_64_start_kernel+0x76/0x79
[   35.480605]        secondary_startup_64+0xa4/0xb0
[   35.480607] 
[   35.480609] -> #1 (&p->pi_lock){-.-.}:
[   35.480623]        _raw_spin_lock_irqsave+0x96/0xc0
[   35.480627]        try_to_wake_up+0xd2/0x1250
[   35.480631]        wake_up_process+0x10/0x20
[   35.480635]        __up.isra.1+0x1c0/0x2a0
[   35.480638]        up+0x13c/0x1c0
[   35.480642]        __up_console_sem+0xbe/0x1b0
[   35.480646]        console_unlock+0x506/0x10d0
[   35.480650]        vprintk_emit+0x33a/0x910
[   35.480654]        vprintk_default+0x28/0x30
[   35.480657]        vprintk_func+0x7a/0x117
[   35.480661]        printk+0xa7/0xcf
[   35.480664]        load_umh+0x51/0xbd
[   35.480668]        do_one_initcall+0x127/0x838
[   35.480672]        kernel_init_freeable+0x4bb/0x5ae
[   35.480676]        kernel_init+0x11/0x1b3
[   35.480680]        ret_from_fork+0x3a/0x50
[   35.480682] 
[   35.480684] -> #0 ((console_sem).lock){-...}:
[   35.480698]        lock_acquire+0x1e4/0x4f0
[   35.480702]        _raw_spin_lock_irqsave+0x96/0xc0
[   35.480706]        down_trylock+0x13/0x70
[   35.480710]        __down_trylock_console_sem+0xae/0x200
[   35.480714]        console_trylock+0x15/0xa0
[   35.480718]        vprintk_emit+0x31f/0x910
[   35.480722]        vprintk_default+0x28/0x30
[   35.480725]        vprintk_func+0x7a/0x117
[   35.480729]        printk+0xa7/0xcf
[   35.480732]        kasan_report+0x9e/0x110
[   35.480737]        __asan_report_load8_noabort+0x14/0x20
[   35.480740]        __schedule+0xf54/0x1df0
[   35.480745]        preempt_schedule_common+0x22/0x60
[   35.480749]        _cond_resched+0x1d/0x30
[   35.480753]        wait_for_completion+0xa5/0x8d0
[   35.480757]        __synchronize_srcu+0x189/0x240
[   35.480761]        synchronize_srcu+0x335/0x56f
[   35.480766]        kvm_page_track_unregister_notifier+0x17d/0x250
[   35.480770]        kvm_mmu_uninit_vm+0x1c/0x20
[   35.480774]        kvm_arch_destroy_vm+0x5f2/0x7c0
[   35.480778]        kvm_put_kvm+0x73f/0x1060
[   35.480781]        kvm_vm_release+0x42/0x50
[   35.480785]        __fput+0x38a/0xa40
[   35.480788]        ____fput+0x15/0x20
[   35.480792]        task_work_run+0x1e8/0x2a0
[   35.480796]        do_exit+0x1ae4/0x26e0
[   35.480799]        do_group_exit+0x177/0x440
[   35.480803]        __x64_sys_exit_group+0x3e/0x50
[   35.480807]        do_syscall_64+0x1b9/0x820
[   35.480812]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.480814] 
[   35.480818] other info that might help us debug this:
[   35.480820] 
[   35.480823] Chain exists of:
[   35.480825]   (console_sem).lock --> &rq->lock --> report_lock
[   35.480843] 
[   35.480847]  Possible unsafe locking scenario:
[   35.480849] 
[   35.480853]        CPU0                    CPU1
[   35.480857]        ----                    ----
[   35.480860]   lock(report_lock);
[   35.480869]                                lock(&rq->lock);
[   35.480878]                                lock(report_lock);
[   35.480885]   lock((console_sem).lock);
[   35.480893] 
[   35.480896]  *** DEADLOCK ***
[   35.480899] 
[   35.480903] 2 locks held by syz-executor393/4653:
[   35.480905]  #0: 0000000042c30fb2 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[   35.480921]  #1: 00000000e73ebc35 (report_lock){....}, at: kasan_report+0x8e/0x110
[   35.480938] 
[   35.480941] stack backtrace:
[   35.480947] CPU: 1 PID: 4653 Comm: syz-executor393 Not tainted 4.19.0-rc1+ #216
[   35.480953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.480956] Call Trace:
[   35.480960]  dump_stack+0x1c9/0x2b4
[   35.480964]  ? dump_stack_print_info.cold.2+0x52/0x52
[   35.480968]  ? vprintk_func+0x100/0x117
[   35.480973]  print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[   35.480976]  ? save_trace+0xe0/0x290
[   35.480980]  __lock_acquire+0x3449/0x5020
[   35.480984]  ? mark_held_locks+0x160/0x160
[   35.480988]  ? mark_held_locks+0x160/0x160
[   35.480993]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   35.480997]  ? is_bpf_text_address+0xd7/0x170
[   35.481001]  ? kernel_text_address+0x79/0xf0
[   35.481005]  ? __kernel_text_address+0xd/0x40
[   35.481009]  ? __save_stack_trace+0x8d/0xf0
[   35.481013]  ? add_lock_to_list.isra.27+0x1ec/0x4b0
[   35.481017]  ? save_trace+0x290/0x290
[   35.481021]  ? save_stack_trace+0x1a/0x20
[   35.481024]  ? save_trace+0xe0/0x290
[   35.481028]  ? graph_lock+0x170/0x170
[   35.481033]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   35.481036]  lock_acquire+0x1e4/0x4f0
[   35.481040]  ? down_trylock+0x13/0x70
[   35.481044]  ? lock_release+0x9f0/0x9f0
[   35.481048]  ? trace_hardirqs_off+0xb8/0x2b0
[   35.481052]  ? trace_hardirqs_on+0x2c0/0x2c0
[   35.481056]  ? trace_hardirqs_off+0xb8/0x2b0
[   35.481059]  ? log_store+0x34f/0x4c0
[   35.481063]  ? vprintk_emit+0x31f/0x910
[   35.481067]  _raw_spin_lock_irqsave+0x96/0xc0
[   35.481071]  ? down_trylock+0x13/0x70
[   35.481074]  down_trylock+0x13/0x70
[   35.481079]  __down_trylock_console_sem+0xae/0x200
[   35.481083]  console_trylock+0x15/0xa0
[   35.481086]  vprintk_emit+0x31f/0x910
[   35.481090]  ? wake_up_klogd+0x110/0x110
[   35.481100]  ? run_rebalance_domains+0x4c0/0x4c0
[   35.481104]  ? kasan_check_read+0x11/0x20
[   35.481108]  ? rcu_is_watching+0x8c/0x150
[   35.481112]  ? rcu_pm_notify+0xc0/0xc0
[   35.481116]  ? lock_acquire+0x1e4/0x4f0
[   35.481119]  ? kasan_report+0x8e/0x110
[   35.481123]  ? __schedule+0xf54/0x1df0
[   35.481127]  vprintk_default+0x28/0x30
[   35.481131]  vprintk_func+0x7a/0x117
[   35.481134]  printk+0xa7/0xcf
[   35.481138]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   35.481142]  ? kasan_check_write+0x14/0x20
[   35.481146]  ? do_raw_spin_lock+0xc1/0x200
[   35.481150]  ? do_raw_spin_lock+0xc1/0x200
[   35.481153]  kasan_report+0x9e/0x110
[   35.481158]  __asan_report_load8_noabort+0x14/0x20
[   35.481161]  __schedule+0xf54/0x1df0
[   35.481166]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   35.481170]  ? __sched_text_start+0x8/0x8
[   35.481174]  ? __call_srcu+0x7e7/0x1040
[   35.481178]  ? check_same_owner+0x340/0x340
[   35.481181]  ? mark_held_locks+0x160/0x160
[   35.481194]  ? find_held_lock+0x36/0x1c0
[   35.481198]  preempt_schedule_common+0x22/0x60
[   35.481202]  _cond_resched+0x1d/0x30
[   35.481206]  wait_for_completion+0xa5/0x8d0
[   35.481210]  ? wait_for_completion_interruptible+0x950/0x950
[   35.481215]  ? __lockdep_init_map+0x105/0x590
[   35.481219]  ? __init_waitqueue_head+0x9e/0x150
[   35.481223]  ? init_wait_entry+0x1c0/0x1c0
[   35.481227]  __synchronize_srcu+0x189/0x240
[   35.481230]  ? call_srcu+0x10/0x10
[   35.481234]  ? rcu_unexpedite_gp+0x20/0x20
[   35.481238]  synchronize_srcu+0x335/0x56f
[   35.481242]  ? lock_downgrade+0x8f0/0x8f0
[   35.481247]  ? synchronize_srcu_expedited+0x20/0x20
[   35.481251]  ? kasan_check_read+0x11/0x20
[   35.481255]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   35.481259]  ? kasan_check_write+0x14/0x20
[   35.481262]  ? do_raw_spin_lock+0xc1/0x200
[   35.481267]  kvm_page_track_unregister_notifier+0x17d/0x250
[   35.481272]  ? kvm_slot_page_track_remove_page+0x70/0x70
[   35.481275]  ? kvfree+0x61/0x70
[   35.481280]  ? rcu_read_lock_sched_held+0x108/0x120
[   35.481284]  kvm_mmu_uninit_vm+0x1c/0x20
[   35.481288]  kvm_arch_destroy_vm+0x5f2/0x7c0
[   35.481292]  ? kvm_arch_sync_events+0x30/0x30
[   35.481296]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   35.481301]  ? mmu_notifier_unregister+0x474/0x600
[   35.481305]  ? trace_hardirqs_on+0x2c0/0x2c0
[   35.481308]  ? kfree+0x111/0x210
[   35.481312]  ? __mmu_notifier_register+0x30/0x30
[   35.481316]  ? __free_pages+0x10a/0x190
[   35.481320]  ? free_unref_page+0x930/0x930
[   35.481324]  kvm_put_kvm+0x73f/0x1060
[   35.481328]  ? kvm_write_guest_cached+0x40/0x40
[   35.481332]  ? _raw_spin_unlock_irq+0x27/0x70
[   35.481336]  ? _raw_spin_unlock_irq+0x27/0x70
[   35.481340]  ? lockdep_hardirqs_on+0x421/0x5c0
[   35.481344]  ? kasan_check_write+0x14/0x20
[   35.481348]  ? do_raw_spin_lock+0xc1/0x200
[   35.481352]  ? kvm_irqfd_release+0xdd/0x120
[   35.481356]  ? kvm_irqfd_release+0xdd/0x120
[   35.481360]  ? kvm_put_kvm+0x1060/0x1060
[   35.481364]  kvm_vm_release+0x42/0x50
[   35.481367]  __fput+0x38a/0xa40
[   35.481371]  ? __alloc_file+0x400/0x400
[   35.481375]  ? check_same_owner+0x340/0x340
[   35.481379]  ? kasan_check_write+0x14/0x20
[   35.481383]  ? do_raw_spin_lock+0xc1/0x200
[   35.481386]  ____fput+0x15/0x20
[   35.481390]  task_work_run+0x1e8/0x2a0
[   35.481394]  ? task_work_cancel+0x240/0x240
[   35.481398]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   35.481403]  ? switch_task_namespaces+0xa2/0xd0
[   35.481406]  do_exit+0x1ae4/0x26e0
[   35.481410]  ? mm_update_next_owner+0x9a0/0x9a0
[   35.481414]  ? kvm_vcpu_ioctl+0x2b5/0x1280
[   35.481418]  ? rcu_read_lock_sched_held+0x108/0x120
[   35.481422]  ? kfree+0x1d7/0x210
[   35.481426]  ? kvm_vcpu_ioctl+0x2ba/0x1280
[   35.481430]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[   35.481435]  ? is_bpf_text_address+0xd7/0x170
[   35.481437]  ?
[   35.481446] Lost 55 message(s)!
[   36.561922] Shutting down cpus with NMI
[   37.621832] Dumping ftrace buffer:
[   37.625358]    (ftrace buffer empty)
[   37.629048] Kernel Offset: disabled
[   37.632666] Rebooting in 86400 seconds..