[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.937966] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   25.607705] random: sshd: uninitialized urandom read (32 bytes read)
[   25.839063] random: sshd: uninitialized urandom read (32 bytes read)
[   26.392917] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts.
[   32.112693] urandom_read: 1 callbacks suppressed
[   32.112699] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   32.218134] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[   32.254144] ==================================================================
[   32.263995] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0
[   32.270223] Read of size 8 at addr ffff8801ca2f0058 by task syz-executor514/4292
[   32.277746] 
[   32.279388] CPU: 1 PID: 4292 Comm: syz-executor514 Not tainted 4.19.0-rc2+ #3
[   32.286660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.296000] Call Trace:
[   32.298596]  dump_stack+0x1c9/0x2b4
[   32.302251]  ? dump_stack_print_info.cold.2+0x52/0x52
[   32.307440]  ? printk+0xa7/0xcf
[   32.310713]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   32.315466]  ? __schedule+0xf54/0x1df0
[   32.319353]  print_address_description+0x6c/0x20b
[   32.325060]  ? __schedule+0xf54/0x1df0
[   32.328955]  kasan_report.cold.7+0x242/0x30d
[   32.333375]  __asan_report_load8_noabort+0x14/0x20
[   32.338297]  __schedule+0xf54/0x1df0
[   32.342008]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   32.347114]  ? __sched_text_start+0x8/0x8
[   32.351263]  ? __call_srcu+0x7e7/0x1040
[   32.355251]  ? check_same_owner+0x340/0x340
[   32.359564]  ? mark_held_locks+0x160/0x160
[   32.363791]  ? find_held_lock+0x36/0x1c0
[   32.367860]  preempt_schedule_common+0x22/0x60
[   32.372440]  _cond_resched+0x1d/0x30
[   32.376152]  wait_for_completion+0xa5/0x8d0
[   32.380470]  ? wait_for_completion_interruptible+0x950/0x950
[   32.386263]  ? __lockdep_init_map+0x105/0x590
[   32.390756]  ? __init_waitqueue_head+0x9e/0x150
[   32.395421]  ? init_wait_entry+0x1c0/0x1c0
[   32.399652]  __synchronize_srcu+0x189/0x240
[   32.403967]  ? call_srcu+0x10/0x10
[   32.407514]  ? rcu_unexpedite_gp+0x20/0x20
[   32.411750]  synchronize_srcu+0x335/0x56f
[   32.415897]  ? lock_downgrade+0x8f0/0x8f0
[   32.420043]  ? synchronize_srcu_expedited+0x20/0x20
[   32.425082]  ? kasan_check_read+0x11/0x20
[   32.429244]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   32.433827]  ? kasan_check_write+0x14/0x20
[   32.438057]  ? do_raw_spin_lock+0xc1/0x200
[   32.442296]  kvm_page_track_unregister_notifier+0x17d/0x250
[   32.448002]  ? kvm_slot_page_track_remove_page+0x70/0x70
[   32.453626]  ? kvfree+0x61/0x70
[   32.456905]  ? rcu_read_lock_sched_held+0x108/0x120
[   32.461923]  kvm_mmu_uninit_vm+0x1c/0x20
[   32.465986]  kvm_arch_destroy_vm+0x5f2/0x7c0
[   32.470394]  ? kvm_arch_sync_events+0x30/0x30
[   32.474899]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   32.480438]  ? mmu_notifier_unregister+0x474/0x600
[   32.485361]  ? trace_hardirqs_on+0x2c0/0x2c0
[   32.489768]  ? kfree+0x111/0x210
[   32.493135]  ? __mmu_notifier_register+0x30/0x30
[   32.497907]  ? __free_pages+0x10a/0x190
[   32.501877]  ? free_unref_page+0x930/0x930
[   32.506119]  kvm_put_kvm+0x73f/0x1060
[   32.509921]  ? kvm_write_guest_cached+0x40/0x40
[   32.514613]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   32.519372]  ? kvm_irqfd_release+0xdd/0x120
[   32.523695]  ? kvm_irqfd_release+0xdd/0x120
[   32.528024]  ? kvm_put_kvm+0x1060/0x1060
[   32.532080]  kvm_vm_release+0x42/0x50
[   32.535882]  __fput+0x38a/0xa40
[   32.539166]  ? __alloc_file+0x400/0x400
[   32.543141]  ? check_same_owner+0x340/0x340
[   32.547456]  ? kasan_check_write+0x14/0x20
[   32.551686]  ? do_raw_spin_lock+0xc1/0x200
[   32.555916]  ____fput+0x15/0x20
[   32.559191]  task_work_run+0x1e8/0x2a0
[   32.563079]  ? task_work_cancel+0x240/0x240
[   32.567403]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   32.572944]  ? switch_task_namespaces+0xa2/0xd0
[   32.577615]  do_exit+0x1ae4/0x26e0
[   32.581159]  ? mm_update_next_owner+0x9a0/0x9a0
[   32.585833]  ? sock_destroy_inode+0x51/0x60
[   32.590152]  ? sockfs_dname+0x90/0x90
[   32.593948]  ? destroy_inode+0x15e/0x200
[   32.598005]  ? __destroy_inode+0x7f0/0x7f0
[   32.602256]  ? kasan_check_write+0x14/0x20
[   32.606489]  ? do_raw_spin_lock+0xc1/0x200
[   32.610719]  ? evict+0x5d5/0x990
[   32.614084]  ? destroy_inode+0x200/0x200
[   32.618143]  ? lock_downgrade+0x8f0/0x8f0
[   32.622288]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   32.627839]  ? kasan_check_read+0x11/0x20
[   32.631985]  ? do_raw_spin_unlock+0xa7/0x2f0
[   32.636392]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   32.640973]  ? iput+0x5ff/0xa00
[   32.644256]  ? inode_add_lru+0x2a0/0x2a0
[   32.648314]  ? inet6_create+0xc03/0x1250
[   32.652375]  ? inet6_net_init+0x8e0/0x8e0
[   32.656522]  ? rcu_is_watching+0x8c/0x150
[   32.660668]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   32.665334]  ? __sock_release+0x1a0/0x250
[   32.669483]  ? __sock_create+0x126/0x940
[   32.673544]  ? kernel_sock_ip_overhead+0x570/0x570
[   32.678469]  ? kasan_check_read+0x11/0x20
[   32.682606]  ? rcu_is_watching+0x8c/0x150
[   32.686773]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   32.691447]  do_group_exit+0x177/0x440
[   32.695330]  ? trace_hardirqs_on+0xbd/0x2c0
[   32.699645]  ? __ia32_sys_exit+0x50/0x50
[   32.703700]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   32.708800]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.714344]  ? ksys_ioctl+0x81/0xd0
[   32.717968]  __x64_sys_exit_group+0x3e/0x50
[   32.722287]  do_syscall_64+0x1b9/0x820
[   32.726171]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   32.731816]  ? syscall_return_slowpath+0x5e0/0x5e0
[   32.736730]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.741614]  ? trace_hardirqs_on_caller+0x2c0/0x2c0
[   32.746651]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   32.751666]  ? prepare_exit_to_usermode+0x291/0x3b0
[   32.756681]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.761522]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.766705] RIP: 0033:0x43ed48
[   32.769902] Code: Bad RIP value.
[   32.773262] RSP: 002b:00007fffc3efc1b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   32.780967] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed48
[   32.788229] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   32.795497] RBP: 00000000004be608 R08: 00000000000000e7 R09: ffffffffffffffd0
[   32.802759] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[   32.810023] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[   32.817292] 
[   32.818914] Allocated by task 4292:
[   32.822554]  save_stack+0x43/0xd0
[   32.826026]  kasan_kmalloc+0xc4/0xe0
[   32.829736]  kasan_slab_alloc+0x12/0x20
[   32.833707]  kmem_cache_alloc+0x12e/0x710
[   32.837862]  vmx_create_vcpu+0xcf/0x2830
[   32.841922]  kvm_arch_vcpu_create+0xe5/0x220
[   32.846332]  kvm_vm_ioctl+0x488/0x1d80
[   32.850642]  do_vfs_ioctl+0x1de/0x1720
[   32.854521]  ksys_ioctl+0xa9/0xd0
[   32.857974]  __x64_sys_ioctl+0x73/0xb0
[   32.861858]  do_syscall_64+0x1b9/0x820
[   32.865746]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.870922] 
[   32.872543] Freed by task 4292:
[   32.875829]  save_stack+0x43/0xd0
[   32.879280]  __kasan_slab_free+0x11a/0x170
[   32.883505]  kasan_slab_free+0xe/0x10
[   32.887301]  kmem_cache_free+0x86/0x280
[   32.891274]  vmx_free_vcpu+0x26b/0x300
[   32.895153]  kvm_arch_destroy_vm+0x365/0x7c0
[   32.899573]  kvm_put_kvm+0x73f/0x1060
[   32.903369]  kvm_vm_release+0x42/0x50
[   32.907160]  __fput+0x38a/0xa40
[   32.910431]  ____fput+0x15/0x20
[   32.913706]  task_work_run+0x1e8/0x2a0
[   32.917598]  do_exit+0x1ae4/0x26e0
[   32.921126]  do_group_exit+0x177/0x440
[   32.925014]  __x64_sys_exit_group+0x3e/0x50
[   32.929331]  do_syscall_64+0x1b9/0x820
[   32.933241]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.938417] 
[   32.940053] The buggy address belongs to the object at ffff8801ca2f0040
[   32.940053]  which belongs to the cache kvm_vcpu of size 23872
[   32.952622] The buggy address is located 24 bytes inside of
[   32.952622]  23872-byte region [ffff8801ca2f0040, ffff8801ca2f5d80)
[   32.964571] The buggy address belongs to the page:
[   32.969505] page:ffffea000728bc00 count:1 mapcount:0 mapping:ffff8801d5b97240 index:0x0 compound_mapcount: 0
[   32.979472] flags: 0x2fffc0000008100(slab|head)
[   32.984138] raw: 02fffc0000008100 ffff8801d5ba3448 ffff8801d5ba3448 ffff8801d5b97240
[   32.992017] raw: 0000000000000000 ffff8801ca2f0040 0000000100000001 0000000000000000
[   32.999885] page dumped because: kasan: bad access detected
[   33.005603] 
[   33.007214] Memory state around the buggy address:
[   33.012134]  ffff8801ca2eff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.019494]  ffff8801ca2eff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.026847] >ffff8801ca2f0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   33.034197]                                                     ^
[   33.040421]  ffff8801ca2f0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.047789]  ffff8801ca2f0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.055144] ==================================================================
[   33.062494] Kernel panic - not syncing: panic_on_warn set ...
[   33.062494] 
[   33.069861] CPU: 1 PID: 4292 Comm: syz-executor514 Tainted: G    B             4.19.0-rc2+ #3
[   33.078511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.087869] Call Trace:
[   33.090462]  dump_stack+0x1c9/0x2b4
[   33.094088]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.099275]  ? lock_downgrade+0x8f0/0x8f0
[   33.103443]  ? __schedule+0xf54/0x1df0
[   33.107339]  panic+0x238/0x4e7
[   33.110525]  ? add_taint.cold.5+0x16/0x16
[   33.114671]  ? print_shadow_for_address+0xba/0x116
[   33.119597]  ? trace_hardirqs_off+0xaf/0x2c0
[   33.124002]  ? trace_hardirqs_off+0x77/0x2c0
[   33.128407]  ? __schedule+0xf54/0x1df0
[   33.132292]  kasan_end_report+0x47/0x4f
[   33.136263]  kasan_report.cold.7+0x76/0x30d
[   33.140583]  __asan_report_load8_noabort+0x14/0x20
[   33.145507]  __schedule+0xf54/0x1df0
[   33.149216]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   33.154314]  ? __sched_text_start+0x8/0x8
[   33.158464]  ? __call_srcu+0x7e7/0x1040
[   33.162446]  ? check_same_owner+0x340/0x340
[   33.166759]  ? mark_held_locks+0x160/0x160
[   33.170991]  ? find_held_lock+0x36/0x1c0
[   33.175050]  preempt_schedule_common+0x22/0x60
[   33.179631]  _cond_resched+0x1d/0x30
[   33.183340]  wait_for_completion+0xa5/0x8d0
[   33.187663]  ? wait_for_completion_interruptible+0x950/0x950
[   33.193459]  ? __lockdep_init_map+0x105/0x590
[   33.197953]  ? __init_waitqueue_head+0x9e/0x150
[   33.202630]  ? init_wait_entry+0x1c0/0x1c0
[   33.206875]  __synchronize_srcu+0x189/0x240
[   33.211189]  ? call_srcu+0x10/0x10
[   33.214765]  ? rcu_unexpedite_gp+0x20/0x20
[   33.219044]  synchronize_srcu+0x335/0x56f
[   33.223190]  ? lock_downgrade+0x8f0/0x8f0
[   33.227333]  ? synchronize_srcu_expedited+0x20/0x20
[   33.232348]  ? kasan_check_read+0x11/0x20
[   33.236491]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   33.241090]  ? kasan_check_write+0x14/0x20
[   33.245321]  ? do_raw_spin_lock+0xc1/0x200
[   33.249559]  kvm_page_track_unregister_notifier+0x17d/0x250
[   33.255293]  ? kvm_slot_page_track_remove_page+0x70/0x70
[   33.260741]  ? kvfree+0x61/0x70
[   33.264020]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.269032]  kvm_mmu_uninit_vm+0x1c/0x20
[   33.273091]  kvm_arch_destroy_vm+0x5f2/0x7c0
[   33.277501]  ? kvm_arch_sync_events+0x30/0x30
[   33.282000]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.287539]  ? mmu_notifier_unregister+0x474/0x600
[   33.292466]  ? trace_hardirqs_on+0x2c0/0x2c0
[   33.296871]  ? kfree+0x111/0x210
[   33.300259]  ? __mmu_notifier_register+0x30/0x30
[   33.305017]  ? __free_pages+0x10a/0x190
[   33.308988]  ? free_unref_page+0x930/0x930
[   33.313230]  kvm_put_kvm+0x73f/0x1060
[   33.317034]  ? kvm_write_guest_cached+0x40/0x40
[   33.321711]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   33.326474]  ? kvm_irqfd_release+0xdd/0x120
[   33.330790]  ? kvm_irqfd_release+0xdd/0x120
[   33.335147]  ? kvm_put_kvm+0x1060/0x1060
[   33.339212]  kvm_vm_release+0x42/0x50
[   33.343025]  __fput+0x38a/0xa40
[   33.346303]  ? __alloc_file+0x400/0x400
[   33.350278]  ? check_same_owner+0x340/0x340
[   33.354598]  ? kasan_check_write+0x14/0x20
[   33.358838]  ? do_raw_spin_lock+0xc1/0x200
[   33.363081]  ____fput+0x15/0x20
[   33.366356]  task_work_run+0x1e8/0x2a0
[   33.370237]  ? task_work_cancel+0x240/0x240
[   33.374560]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.380092]  ? switch_task_namespaces+0xa2/0xd0
[   33.384760]  do_exit+0x1ae4/0x26e0
[   33.388302]  ? mm_update_next_owner+0x9a0/0x9a0
[   33.392975]  ? sock_destroy_inode+0x51/0x60
[   33.397303]  ? sockfs_dname+0x90/0x90
[   33.401099]  ? destroy_inode+0x15e/0x200
[   33.405159]  ? __destroy_inode+0x7f0/0x7f0
[   33.409393]  ? kasan_check_write+0x14/0x20
[   33.413620]  ? do_raw_spin_lock+0xc1/0x200
[   33.417874]  ? evict+0x5d5/0x990
[   33.421238]  ? destroy_inode+0x200/0x200
[   33.425297]  ? lock_downgrade+0x8f0/0x8f0
[   33.429445]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.434974]  ? kasan_check_read+0x11/0x20
[   33.439126]  ? do_raw_spin_unlock+0xa7/0x2f0
[   33.443533]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   33.448116]  ? iput+0x5ff/0xa00
[   33.451391]  ? inode_add_lru+0x2a0/0x2a0
[   33.455450]  ? inet6_create+0xc03/0x1250
[   33.459510]  ? inet6_net_init+0x8e0/0x8e0
[   33.463660]  ? rcu_is_watching+0x8c/0x150
[   33.467813]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   33.472512]  ? __sock_release+0x1a0/0x250
[   33.476660]  ? __sock_create+0x126/0x940
[   33.480733]  ? kernel_sock_ip_overhead+0x570/0x570
[   33.485659]  ? kasan_check_read+0x11/0x20
[   33.489814]  ? rcu_is_watching+0x8c/0x150
[   33.493963]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   33.498633]  do_group_exit+0x177/0x440
[   33.502569]  ? trace_hardirqs_on+0xbd/0x2c0
[   33.506909]  ? __ia32_sys_exit+0x50/0x50
[   33.510962]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   33.516062]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.521594]  ? ksys_ioctl+0x81/0xd0
[   33.525228]  __x64_sys_exit_group+0x3e/0x50
[   33.529550]  do_syscall_64+0x1b9/0x820
[   33.533438]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   33.538799]  ? syscall_return_slowpath+0x5e0/0x5e0
[   33.543734]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.548572]  ? trace_hardirqs_on_caller+0x2c0/0x2c0
[   33.553588]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   33.558602]  ? prepare_exit_to_usermode+0x291/0x3b0
[   33.563613]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.568453]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.573638] RIP: 0033:0x43ed48
[   33.576840] Code: Bad RIP value.
[   33.580202] RSP: 002b:00007fffc3efc1b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   33.587908] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed48
[   33.595172] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   33.602433] RBP: 00000000004be608 R08: 00000000000000e7 R09: ffffffffffffffd0
[   33.609700] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
[   33.616962] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
[   33.624236] 
[   33.624241] ======================================================
[   33.624247] WARNING: possible circular locking dependency detected
[   33.624250] 4.19.0-rc2+ #3 Not tainted
[   33.624256] ------------------------------------------------------
[   33.624261] syz-executor514/4292 is trying to acquire lock:
[   33.624264] 00000000b400449c ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[   33.624279] 
[   33.624283] but task is already holding lock:
[   33.624286] 000000004d3ca920 (report_lock){....}, at: kasan_report+0x8e/0x110
[   33.624300] 
[   33.624304] which lock already depends on the new lock.
[   33.624306] 
[   33.624309] 
[   33.624314] the existing dependency chain (in reverse order) is:
[   33.624316] 
[   33.624319] -> #3 (report_lock){....}:
[   33.624333]        _raw_spin_lock_irqsave+0x96/0xc0
[   33.624337]        kasan_report+0x8e/0x110
[   33.624341]        __asan_report_load8_noabort+0x14/0x20
[   33.624345]        __schedule+0xf54/0x1df0
[   33.624349]        preempt_schedule_common+0x22/0x60
[   33.624353]        _cond_resched+0x1d/0x30
[   33.624357]        wait_for_completion+0xa5/0x8d0
[   33.624361]        __synchronize_srcu+0x189/0x240
[   33.624365]        synchronize_srcu+0x335/0x56f
[   33.624370]        kvm_page_track_unregister_notifier+0x17d/0x250
[   33.624374]        kvm_mmu_uninit_vm+0x1c/0x20
[   33.624378]        kvm_arch_destroy_vm+0x5f2/0x7c0
[   33.624381]        kvm_put_kvm+0x73f/0x1060
[   33.624385]        kvm_vm_release+0x42/0x50
[   33.624389]        __fput+0x38a/0xa40
[   33.624392]        ____fput+0x15/0x20
[   33.624396]        task_work_run+0x1e8/0x2a0
[   33.624399]        do_exit+0x1ae4/0x26e0
[   33.624403]        do_group_exit+0x177/0x440
[   33.624407]        __x64_sys_exit_group+0x3e/0x50
[   33.624411]        do_syscall_64+0x1b9/0x820
[   33.624416]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.624418] 
[   33.624420] -> #2 (&rq->lock){-.-.}:
[   33.624434]        _raw_spin_lock+0x2a/0x40
[   33.624437]        task_fork_fair+0x93/0x680
[   33.624441]        sched_fork+0x44b/0xbd0
[   33.624445]        copy_process+0x235e/0x7af0
[   33.624449]        _do_fork+0x1ca/0x1170
[   33.624452]        kernel_thread+0x34/0x40
[   33.624456]        rest_init+0x22/0xe4
[   33.624460]        start_kernel+0x913/0x94e
[   33.624464]        x86_64_start_reservations+0x29/0x2b
[   33.624468]        x86_64_start_kernel+0x76/0x79
[   33.624472]        secondary_startup_64+0xa4/0xb0
[   33.624474] 
[   33.624476] -> #1 (&p->pi_lock){-.-.}:
[   33.624491]        _raw_spin_lock_irqsave+0x96/0xc0
[   33.624495]        try_to_wake_up+0xd2/0x1250
[   33.624499]        wake_up_process+0x10/0x20
[   33.624502]        __up.isra.1+0x1c0/0x2a0
[   33.624506]        up+0x13c/0x1c0
[   33.624510]        __up_console_sem+0xbe/0x1b0
[   33.624513]        console_unlock+0x506/0x10e0
[   33.624517]        vprintk_emit+0x33a/0x910
[   33.624521]        vprintk_default+0x28/0x30
[   33.624525]        vprintk_func+0x7a/0x117
[   33.624528]        printk+0xa7/0xcf
[   33.624532]        do_exit.cold.22+0x120/0x21f
[   33.624536]        do_group_exit+0x177/0x440
[   33.624540]        __x64_sys_exit_group+0x3e/0x50
[   33.624543]        do_syscall_64+0x1b9/0x820
[   33.624548]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.624550] 
[   33.624552] -> #0 ((console_sem).lock){-...}:
[   33.624567]        lock_acquire+0x1e4/0x4f0
[   33.624571]        _raw_spin_lock_irqsave+0x96/0xc0
[   33.624574]        down_trylock+0x13/0x70
[   33.624579]        __down_trylock_console_sem+0xae/0x200
[   33.624583]        console_trylock+0x15/0xa0
[   33.624587]        vprintk_emit+0x31f/0x910
[   33.624590]        vprintk_default+0x28/0x30
[   33.624594]        vprintk_func+0x7a/0x117
[   33.624598]        printk+0xa7/0xcf
[   33.624601]        kasan_report+0x9e/0x110
[   33.624606]        __asan_report_load8_noabort+0x14/0x20
[   33.624609]        __schedule+0xf54/0x1df0
[   33.624614]        preempt_schedule_common+0x22/0x60
[   33.624617]        _cond_resched+0x1d/0x30
[   33.624622]        wait_for_completion+0xa5/0x8d0
[   33.624626]        __synchronize_srcu+0x189/0x240
[   33.624630]        synchronize_srcu+0x335/0x56f
[   33.624635]        kvm_page_track_unregister_notifier+0x17d/0x250
[   33.624639]        kvm_mmu_uninit_vm+0x1c/0x20
[   33.624643]        kvm_arch_destroy_vm+0x5f2/0x7c0
[   33.624646]        kvm_put_kvm+0x73f/0x1060
[   33.624650]        kvm_vm_release+0x42/0x50
[   33.624654]        __fput+0x38a/0xa40
[   33.624657]        ____fput+0x15/0x20
[   33.624661]        task_work_run+0x1e8/0x2a0
[   33.624664]        do_exit+0x1ae4/0x26e0
[   33.624668]        do_group_exit+0x177/0x440
[   33.624672]        __x64_sys_exit_group+0x3e/0x50
[   33.624676]        do_syscall_64+0x1b9/0x820
[   33.624687]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.624689] 
[   33.624693] other info that might help us debug this:
[   33.624695] 
[   33.624698] Chain exists of:
[   33.624700]   (console_sem).lock --> &rq->lock --> report_lock
[   33.624718] 
[   33.624722]  Possible unsafe locking scenario:
[   33.624724] 
[   33.624728]        CPU0                    CPU1
[   33.624732]        ----                    ----
[   33.624735]   lock(report_lock);
[   33.624744]                                lock(&rq->lock);
[   33.624753]                                lock(report_lock);
[   33.624761]   lock((console_sem).lock);
[   33.624768] 
[   33.624772]  *** DEADLOCK ***
[   33.624774] 
[   33.624778] 2 locks held by syz-executor514/4292:
[   33.624780]  #0: 0000000018f2e81e (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0
[   33.624797]  #1: 000000004d3ca920 (report_lock){....}, at: kasan_report+0x8e/0x110
[   33.624822] 
[   33.624825] stack backtrace:
[   33.624831] CPU: 1 PID: 4292 Comm: syz-executor514 Not tainted 4.19.0-rc2+ #3
[   33.624838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.624841] Call Trace:
[   33.624845]  dump_stack+0x1c9/0x2b4
[   33.624850]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.624853]  ? vprintk_func+0x100/0x117
[   33.624858]  print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[   33.624862]  ? save_trace+0xe0/0x290
[   33.624866]  __lock_acquire+0x3449/0x5020
[   33.624871]  ? mark_held_locks+0x160/0x160
[   33.624875]  ? mark_held_locks+0x160/0x160
[   33.624879]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   33.624883]  ? is_bpf_text_address+0xd7/0x170
[   33.624888]  ? kernel_text_address+0x79/0xf0
[   33.624892]  ? __kernel_text_address+0xd/0x40
[   33.624896]  ? __save_stack_trace+0x8d/0xf0
[   33.624901]  ? add_lock_to_list.isra.27+0x1ec/0x4b0
[   33.624904]  ? save_trace+0x290/0x290
[   33.624908]  ? save_stack_trace+0x1a/0x20
[   33.624912]  ? save_trace+0xe0/0x290
[   33.624916]  ? graph_lock+0x170/0x170
[   33.624921]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.624925]  lock_acquire+0x1e4/0x4f0
[   33.624928]  ? down_trylock+0x13/0x70
[   33.624932]  ? lock_release+0x9f0/0x9f0
[   33.624936]  ? trace_hardirqs_off+0xb8/0x2c0
[   33.624940]  ? trace_hardirqs_on+0x2c0/0x2c0
[   33.624944]  ? trace_hardirqs_off+0xb8/0x2c0
[   33.624948]  ? log_store+0x34f/0x4c0
[   33.624952]  ? vprintk_emit+0x31f/0x910
[   33.624956]  _raw_spin_lock_irqsave+0x96/0xc0
[   33.624960]  ? down_trylock+0x13/0x70
[   33.624964]  down_trylock+0x13/0x70
[   33.624968]  __down_trylock_console_sem+0xae/0x200
[   33.624972]  console_trylock+0x15/0xa0
[   33.624976]  vprintk_emit+0x31f/0x910
[   33.624979]  ? wake_up_klogd+0x110/0x110
[   33.624984]  ? run_rebalance_domains+0x4c0/0x4c0
[   33.624988]  ? kasan_check_read+0x11/0x20
[   33.624992]  ? rcu_is_watching+0x8c/0x150
[   33.624996]  ? rcu_pm_notify+0xc0/0xc0
[   33.624999]  ? lock_acquire+0x1e4/0x4f0
[   33.625003]  ? kasan_report+0x8e/0x110
[   33.625007]  ? __schedule+0xf54/0x1df0
[   33.625011]  vprintk_default+0x28/0x30
[   33.625014]  vprintk_func+0x7a/0x117
[   33.625018]  printk+0xa7/0xcf
[   33.625022]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   33.625026]  ? kasan_check_write+0x14/0x20
[   33.625030]  ? do_raw_spin_lock+0xc1/0x200
[   33.625034]  ? do_raw_spin_lock+0xc1/0x200
[   33.625038]  kasan_report+0x9e/0x110
[   33.625042]  __asan_report_load8_noabort+0x14/0x20
[   33.625046]  __schedule+0xf54/0x1df0
[   33.625051]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   33.625055]  ? __sched_text_start+0x8/0x8
[   33.625058]  ? __call_srcu+0x7e7/0x1040
[   33.625063]  ? check_same_owner+0x340/0x340
[   33.625067]  ? mark_held_locks+0x160/0x160
[   33.625070]  ? find_held_lock+0x36/0x1c0
[   33.625075]  preempt_schedule_common+0x22/0x60
[   33.625078]  _cond_resched+0x1d/0x30
[   33.625082]  wait_for_completion+0xa5/0x8d0
[   33.625087]  ? wait_for_completion_interruptible+0x950/0x950
[   33.625091]  ? __lockdep_init_map+0x105/0x590
[   33.625096]  ? __init_waitqueue_head+0x9e/0x150
[   33.625100]  ? init_wait_entry+0x1c0/0x1c0
[   33.625104]  __synchronize_srcu+0x189/0x240
[   33.625107]  ? call_srcu+0x10/0x10
[   33.625111]  ? rcu_unexpedite_gp+0x20/0x20
[   33.625115]  synchronize_srcu+0x335/0x56f
[   33.625119]  ? lock_downgrade+0x8f0/0x8f0
[   33.625124]  ? synchronize_srcu_expedited+0x20/0x20
[   33.625128]  ? kasan_check_read+0x11/0x20
[   33.625132]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   33.625136]  ? kasan_check_write+0x14/0x20
[   33.625140]  ? do_raw_spin_lock+0xc1/0x200
[   33.625145]  kvm_page_track_unregister_notifier+0x17d/0x250
[   33.625150]  ? kvm_slot_page_track_remove_page+0x70/0x70
[   33.625154]  ? kvfree+0x61/0x70
[   33.625158]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.625162]  kvm_mmu_uninit_vm+0x1c/0x20
[   33.625166]  kvm_arch_destroy_vm+0x5f2/0x7c0
[   33.625170]  ? kvm_arch_sync_events+0x30/0x30
[   33.625175]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.625180]  ? mmu_notifier_unregister+0x474/0x600
[   33.625185]  ? trace_hardirqs_on+0x2c0/0x2c0
[   33.625188]  ? kfree+0x111/0x210
[   33.625193]  ? __mmu_notifier_register+0x30/0x30
[   33.625197]  ? __free_pages+0x10a/0x190
[   33.625201]  ? free_unref_page+0x930/0x930
[   33.625205]  kvm_put_kvm+0x73f/0x1060
[   33.625209]  ? kvm_write_guest_cached+0x40/0x40
[   33.625213]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   33.625217]  ? kvm_irqfd_release+0xdd/0x120
[   33.625221]  ? kvm_irqfd_release+0xdd/0x120
[   33.625225]  ? kvm_put_kvm+0x1060/0x1060
[   33.625229]  kvm_vm_release+0x42/0x50
[   33.625233]  __fput+0x38a/0xa40
[   33.625236]  ? __alloc_file+0x400/0x400
[   33.625240]  ? check_same_owner+0x340/0x340
[   33.625245]  ? kasan_check_write+0x14/0x20
[   33.625249]  ? do_raw_spin_lock+0xc1/0x200
[   33.625252]  ____fput+0x15/0x20
[   33.625256]  task_work_run+0x1e8/0x2a0
[   33.625260]  ? task_work_cancel+0x240/0x240
[   33.625265]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.625269]  ? switch_task_namespaces+0xa2/0xd0
[   33.625273]  do_exit+0x1ae4/0x26e0
[   33.625277]  ? mm_update_next_owner+0x9a0/0x9a0
[   33.625281]  ? sock_destroy_inode+0x51/0x60
[   33.625285]  ? sockfs_dname+0x90/0x90
[   33.625289]  ? destroy_inode+0x15e/0x200
[   33.625293]  ? __destroy_inode+0x7f0/0x7f0
[   33.625297]  ? kasan_check_write+0x14/0x20
[   33.625301]  ? do_raw_spin_lock+0xc1/0x200
[   33.625304]  ? evict+0x5d5/0x990
[   33.625308]  ? destroy_inode+0x200/0x200
[   33.625312]  ? lock_downgrade+0x8f0/0x8f0
[   33.625317]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.625320]  ? kasan
[   33.625327] Lost 39 message(s)!
[   34.695790] Shutting down cpus with NMI
[   35.757363] Dumping ftrace buffer:
[   35.760913]    (ftrace buffer empty)
[   35.764604] Kernel Offset: disabled
[   35.768221] Rebooting in 86400 seconds..