[?25l[?1c7[ ok 8[?25h[?0c. [ 11.686379] mcstransd (3045) used greatest stack depth: 14944 bytes left Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.670367] audit: type=1400 audit(1513778729.720:6): avc: denied { map } for pid=3132 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-next-kasan-gce-8,10.128.15.212' (ECDSA) to the list of known hosts. executing program [ 30.411649] audit: type=1400 audit(1513778743.461:7): avc: denied { map } for pid=3149 comm="syzkaller893004" path="/root/syzkaller893004417" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 30.442802] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 30.453312] ================================================================== [ 30.461400] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 30.467612] Read of size 8 at addr ffff8801c8aa0058 by task syzkaller893004/3149 [ 30.475112] [ 30.476707] CPU: 1 PID: 3149 Comm: syzkaller893004 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 30.485254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.494576] Call Trace: [ 30.497135] dump_stack+0x194/0x257 [ 30.500733] ? arch_local_irq_restore+0x53/0x53 [ 30.505372] ? show_regs_print_info+0x18/0x18 [ 30.509836] ? __schedule+0xda3/0x2060 [ 30.513689] print_address_description+0x73/0x250 [ 30.518508] ? __schedule+0xda3/0x2060 [ 30.522360] kasan_report+0x25b/0x340 [ 30.526132] __asan_report_load8_noabort+0x14/0x20 [ 30.531023] __schedule+0xda3/0x2060 [ 30.534704] ? __sched_text_start+0x8/0x8 [ 30.538817] ? trace_hardirqs_on+0xd/0x10 [ 30.542928] ? __call_srcu+0x7ee/0x1020 [ 30.546876] ? do_raw_spin_trylock+0x190/0x190 [ 30.551420] ? do_raw_spin_trylock+0x190/0x190 [ 30.555972] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 30.561821] ? __debug_object_init+0x235/0x1040 [ 30.566456] preempt_schedule_common+0x22/0x60 [ 30.571003] _cond_resched+0x1d/0x30 [ 30.574683] wait_for_completion+0xa5/0x770 [ 30.578970] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.583949] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 30.589709] ? __lockdep_init_map+0xe4/0x650 [ 30.594084] ? __init_waitqueue_head+0x97/0x140 [ 30.598715] ? init_wait_entry+0x1b0/0x1b0 [ 30.602917] __synchronize_srcu+0x1ad/0x260 [ 30.607200] ? call_srcu+0x10/0x10 [ 30.610701] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 30.616290] ? irq_matrix_allocated+0x80/0x80 [ 30.620748] ? synchronize_srcu+0x3c5/0x570 [ 30.625033] synchronize_srcu+0x1a3/0x570 [ 30.629142] ? synchronize_srcu+0x1a3/0x570 [ 30.633425] ? lock_downgrade+0x980/0x980 [ 30.637564] ? synchronize_srcu_expedited+0x20/0x20 [ 30.642544] ? lock_release+0xa40/0xa40 [ 30.646481] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 30.651289] ? do_raw_spin_trylock+0x190/0x190 [ 30.655842] kvm_page_track_unregister_notifier+0x186/0x270 [ 30.661518] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 30.666934] ? kvfree+0x36/0x60 [ 30.670175] ? rcu_read_lock_sched_held+0x108/0x120 [ 30.675155] kvm_mmu_uninit_vm+0x1c/0x20 [ 30.679179] kvm_arch_destroy_vm+0x73b/0x980 [ 30.683551] ? kvm_arch_sync_events+0x30/0x30 [ 30.688011] ? mmdrop+0x18/0x30 [ 30.691257] ? mmu_notifier_unregister+0x437/0x5c0 [ 30.696146] ? kvm_put_kvm+0x47a/0xde0 [ 30.699999] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 30.705849] ? __free_pages+0x107/0x150 [ 30.709788] ? free_unref_page+0x9e0/0x9e0 [ 30.713989] ? quarantine_put+0xeb/0x190 [ 30.718021] ? kfree+0xf0/0x260 [ 30.721272] ? kvm_put_kvm+0x614/0xde0 [ 30.725124] ? free_pages+0x51/0x90 [ 30.728716] kvm_put_kvm+0x695/0xde0 [ 30.732395] ? kvm_clear_guest+0xb0/0xb0 [ 30.736422] ? kvm_irqfd_release+0xd1/0x120 [ 30.740705] ? lock_downgrade+0x980/0x980 [ 30.744822] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.749283] ? kvm_irqfd_release+0xdd/0x120 [ 30.753570] ? kvm_irqfd_release+0xdd/0x120 [ 30.757854] ? kvm_put_kvm+0xde0/0xde0 [ 30.761712] kvm_vm_release+0x42/0x50 [ 30.765476] __fput+0x327/0x7e0 [ 30.768721] ? fput+0x140/0x140 [ 30.771963] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 30.777808] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.782268] ____fput+0x15/0x20 [ 30.785511] task_work_run+0x199/0x270 [ 30.789364] ? task_work_cancel+0x210/0x210 [ 30.793648] ? _raw_spin_unlock+0x22/0x30 [ 30.797758] ? switch_task_namespaces+0x87/0xc0 [ 30.802393] do_exit+0x9bb/0x1ad0 [ 30.805808] ? kvm_vcpu_fault+0x520/0x520 [ 30.809920] ? mm_update_next_owner+0x930/0x930 [ 30.814551] ? avc_has_extended_perms+0x7fa/0x12c0 [ 30.819452] ? unwind_get_return_address+0x61/0xa0 [ 30.824921] ? avc_ss_reset+0x110/0x110 [ 30.828861] ? putname+0xee/0x130 [ 30.832282] ? save_stack+0xa3/0xd0 [ 30.835883] ? save_stack+0x43/0xd0 [ 30.839478] ? kasan_slab_free+0x71/0xc0 [ 30.843502] ? putname+0xee/0x130 [ 30.846915] ? do_sys_open+0x31b/0x6d0 [ 30.850763] ? SyS_openat+0x30/0x40 [ 30.854356] ? debug_check_no_obj_freed+0x3da/0xf1f [ 30.860338] ? __lock_is_held+0xb6/0x140 [ 30.864380] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 30.870232] ? get_unused_fd_flags+0x190/0x190 [ 30.874788] ? kvm_vcpu_fault+0x520/0x520 [ 30.878903] ? do_vfs_ioctl+0x486/0x1520 [ 30.882932] ? _cond_resched+0x14/0x30 [ 30.886789] ? ioctl_preallocate+0x2b0/0x2b0 [ 30.891163] ? selinux_capable+0x40/0x40 [ 30.895196] ? putname+0xf3/0x130 [ 30.898617] do_group_exit+0x149/0x400 [ 30.902471] ? SyS_exit+0x30/0x30 [ 30.905890] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.910872] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 30.915592] SyS_exit_group+0x1d/0x20 [ 30.919356] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 30.924082] RIP: 0033:0x43ed98 [ 30.927237] RSP: 002b:00007ffde923ecd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 30.934909] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ed98 [ 30.942150] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 30.949728] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 30.956964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ac0 [ 30.964197] R13: 0000000000401b50 R14: 0000000000000000 R15: 0000000000000000 [ 30.971467] [ 30.973061] Allocated by task 3149: [ 30.976654] save_stack+0x43/0xd0 [ 30.980068] kasan_kmalloc+0xad/0xe0 [ 30.983744] kasan_slab_alloc+0x12/0x20 [ 30.987680] kmem_cache_alloc+0x12e/0x760 [ 30.991797] vmx_create_vcpu+0xc4/0x2f20 [ 30.995828] kvm_arch_vcpu_create+0x12c/0x1a0 [ 31.000290] kvm_vm_ioctl+0x48b/0x1c60 [ 31.004144] do_vfs_ioctl+0x1b1/0x1520 [ 31.007993] SyS_ioctl+0x8f/0xc0 [ 31.011323] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 31.016036] [ 31.017627] Freed by task 3149: [ 31.020869] save_stack+0x43/0xd0 [ 31.024285] kasan_slab_free+0x71/0xc0 [ 31.028133] kmem_cache_free+0x83/0x2a0 [ 31.032069] vmx_free_vcpu+0x1ee/0x260 [ 31.035918] kvm_arch_destroy_vm+0x4a2/0x980 [ 31.040286] kvm_put_kvm+0x695/0xde0 [ 31.043961] kvm_vm_release+0x42/0x50 [ 31.047725] __fput+0x327/0x7e0 [ 31.050974] ____fput+0x15/0x20 [ 31.054218] task_work_run+0x199/0x270 [ 31.058066] do_exit+0x9bb/0x1ad0 [ 31.061481] do_group_exit+0x149/0x400 [ 31.065329] SyS_exit_group+0x1d/0x20 [ 31.069103] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 31.073816] [ 31.075407] The buggy address belongs to the object at ffff8801c8aa0040 [ 31.075407] which belongs to the cache kvm_vcpu of size 23872 [ 31.087937] The buggy address is located 24 bytes inside of [ 31.087937] 23872-byte region [ffff8801c8aa0040, ffff8801c8aa5d80) [ 31.099857] The buggy address belongs to the page: [ 31.104749] page:000000005e45bfc9 count:1 mapcount:0 mapping:00000000c16ef125 index:0x0 compound_mapcount: 0 [ 31.114678] flags: 0x2fffc0000008100(slab|head) [ 31.119312] raw: 02fffc0000008100 ffff8801c8aa0040 0000000000000000 0000000100000001 [ 31.127157] raw: ffff8801d6441848 ffff8801d6441848 ffff8801d6448c00 0000000000000000 [ 31.134996] page dumped because: kasan: bad access detected [ 31.140671] [ 31.142261] Memory state around the buggy address: [ 31.147154] ffff8801c8a9ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.154473] ffff8801c8a9ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.161793] >ffff8801c8aa0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 31.169111] ^ [ 31.175304] ffff8801c8aa0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.182625] ffff8801c8aa0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.189944] ================================================================== [ 31.197264] Kernel panic - not syncing: panic_on_warn set ... [ 31.197264] [ 31.204590] CPU: 1 PID: 3149 Comm: syzkaller893004 Tainted: G B 4.15.0-rc4-next-20171220+ #77 [ 31.214428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.223757] Call Trace: [ 31.226313] dump_stack+0x194/0x257 [ 31.229908] ? arch_local_irq_restore+0x53/0x53 [ 31.234538] ? kasan_end_report+0x32/0x50 [ 31.238650] ? lock_downgrade+0x980/0x980 [ 31.242761] ? vsnprintf+0x1ed/0x1900 [ 31.246524] ? __schedule+0xcf0/0x2060 [ 31.250377] panic+0x1e4/0x41c [ 31.253531] ? refcount_error_report+0x214/0x214 [ 31.258252] ? print_shadow_for_address+0xdc/0x1a0 [ 31.263143] ? add_taint+0x1c/0x50 [ 31.266646] ? __schedule+0xda3/0x2060 [ 31.270496] kasan_end_report+0x50/0x50 [ 31.274436] kasan_report+0x144/0x340 [ 31.278209] __asan_report_load8_noabort+0x14/0x20 [ 31.283100] __schedule+0xda3/0x2060 [ 31.286781] ? __sched_text_start+0x8/0x8 [ 31.290892] ? trace_hardirqs_on+0xd/0x10 [ 31.295012] ? __call_srcu+0x7ee/0x1020 [ 31.298947] ? do_raw_spin_trylock+0x190/0x190 [ 31.303489] ? do_raw_spin_trylock+0x190/0x190 [ 31.308048] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 31.313908] ? __debug_object_init+0x235/0x1040 [ 31.318546] preempt_schedule_common+0x22/0x60 [ 31.323093] _cond_resched+0x1d/0x30 [ 31.326768] wait_for_completion+0xa5/0x770 [ 31.331055] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.336037] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 31.341799] ? __lockdep_init_map+0xe4/0x650 [ 31.346174] ? __init_waitqueue_head+0x97/0x140 [ 31.350806] ? init_wait_entry+0x1b0/0x1b0 [ 31.355010] __synchronize_srcu+0x1ad/0x260 [ 31.359294] ? call_srcu+0x10/0x10 [ 31.362797] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 31.368300] ? irq_matrix_allocated+0x80/0x80 [ 31.372771] ? synchronize_srcu+0x3c5/0x570 [ 31.377059] synchronize_srcu+0x1a3/0x570 [ 31.381170] ? synchronize_srcu+0x1a3/0x570 [ 31.385456] ? lock_downgrade+0x980/0x980 [ 31.389568] ? synchronize_srcu_expedited+0x20/0x20 [ 31.394546] ? lock_release+0xa40/0xa40 [ 31.398482] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 31.403287] ? do_raw_spin_trylock+0x190/0x190 [ 31.407837] kvm_page_track_unregister_notifier+0x186/0x270 [ 31.413513] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 31.418927] ? kvfree+0x36/0x60 [ 31.422169] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.427151] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.431177] kvm_arch_destroy_vm+0x73b/0x980 [ 31.435551] ? kvm_arch_sync_events+0x30/0x30 [ 31.440010] ? mmdrop+0x18/0x30 [ 31.443254] ? mmu_notifier_unregister+0x437/0x5c0 [ 31.448145] ? kvm_put_kvm+0x47a/0xde0 [ 31.451998] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 31.457847] ? __free_pages+0x107/0x150 [ 31.461784] ? free_unref_page+0x9e0/0x9e0 [ 31.465984] ? quarantine_put+0xeb/0x190 [ 31.470005] ? kfree+0xf0/0x260 [ 31.473248] ? kvm_put_kvm+0x614/0xde0 [ 31.477097] ? free_pages+0x51/0x90 [ 31.480688] kvm_put_kvm+0x695/0xde0 [ 31.484368] ? kvm_clear_guest+0xb0/0xb0 [ 31.488394] ? kvm_irqfd_release+0xd1/0x120 [ 31.492677] ? lock_downgrade+0x980/0x980 [ 31.496794] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.501256] ? kvm_irqfd_release+0xdd/0x120 [ 31.505541] ? kvm_irqfd_release+0xdd/0x120 [ 31.509826] ? kvm_put_kvm+0xde0/0xde0 [ 31.513676] kvm_vm_release+0x42/0x50 [ 31.517441] __fput+0x327/0x7e0 [ 31.520686] ? fput+0x140/0x140 [ 31.523932] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 31.529777] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.534239] ____fput+0x15/0x20 [ 31.537482] task_work_run+0x199/0x270 [ 31.541334] ? task_work_cancel+0x210/0x210 [ 31.545619] ? _raw_spin_unlock+0x22/0x30 [ 31.549730] ? switch_task_namespaces+0x87/0xc0 [ 31.554364] do_exit+0x9bb/0x1ad0 [ 31.557778] ? kvm_vcpu_fault+0x520/0x520 [ 31.561892] ? mm_update_next_owner+0x930/0x930 [ 31.566525] ? avc_has_extended_perms+0x7fa/0x12c0 [ 31.571418] ? unwind_get_return_address+0x61/0xa0 [ 31.576314] ? avc_ss_reset+0x110/0x110 [ 31.580251] ? putname+0xee/0x130 [ 31.583667] ? save_stack+0xa3/0xd0 [ 31.587255] ? save_stack+0x43/0xd0 [ 31.590842] ? kasan_slab_free+0x71/0xc0 [ 31.594863] ? putname+0xee/0x130 [ 31.598277] ? do_sys_open+0x31b/0x6d0 [ 31.602137] ? SyS_openat+0x30/0x40 [ 31.605731] ? debug_check_no_obj_freed+0x3da/0xf1f [ 31.610711] ? __lock_is_held+0xb6/0x140 [ 31.614745] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 31.620592] ? get_unused_fd_flags+0x190/0x190 [ 31.625142] ? kvm_vcpu_fault+0x520/0x520 [ 31.629253] ? do_vfs_ioctl+0x486/0x1520 [ 31.633277] ? _cond_resched+0x14/0x30 [ 31.637129] ? ioctl_preallocate+0x2b0/0x2b0 [ 31.641503] ? selinux_capable+0x40/0x40 [ 31.645527] ? putname+0xf3/0x130 [ 31.648949] do_group_exit+0x149/0x400 [ 31.652800] ? SyS_exit+0x30/0x30 [ 31.656217] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.661199] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.665922] SyS_exit_group+0x1d/0x20 [ 31.669687] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 31.674405] RIP: 0033:0x43ed98 [ 31.677560] RSP: 002b:00007ffde923ecd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 31.685231] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ed98 [ 31.692462] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 31.699702] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 31.706935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ac0 [ 31.714169] R13: 0000000000401b50 R14: 0000000000000000 R15: 0000000000000000 [ 31.721414] [ 31.721415] ====================================================== [ 31.721418] WARNING: possible circular locking dependency detected [ 31.721420] 4.15.0-rc4-next-20171220+ #77 Not tainted [ 31.721421] ------------------------------------------------------ [ 31.721423] syzkaller893004/3149 is trying to acquire lock: [ 31.721424] ((console_sem).lock){..-.}, at: [<00000000347bba41>] down_trylock+0x13/0x70 [ 31.721428] [ 31.721429] but task is already holding lock: [ 31.721430] (report_lock){....}, at: [<00000000b8905578>] kasan_report+0x6b/0x340 [ 31.721433] [ 31.721435] which lock already depends on the new lock. [ 31.721435] [ 31.721436] [ 31.721437] the existing dependency chain (in reverse order) is: [ 31.721438] [ 31.721439] -> #3 (report_lock){....}: [ 31.721443] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.721444] kasan_report+0x6b/0x340 [ 31.721445] __asan_report_load8_noabort+0x14/0x20 [ 31.721446] __schedule+0xda3/0x2060 [ 31.721448] preempt_schedule_common+0x22/0x60 [ 31.721449] _cond_resched+0x1d/0x30 [ 31.721450] wait_for_completion+0xa5/0x770 [ 31.721451] __synchronize_srcu+0x1ad/0x260 [ 31.721452] synchronize_srcu+0x1a3/0x570 [ 31.721454] kvm_page_track_unregister_notifier+0x186/0x270 [ 31.721455] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.721456] kvm_arch_destroy_vm+0x73b/0x980 [ 31.721457] kvm_put_kvm+0x695/0xde0 [ 31.721459] kvm_vm_release+0x42/0x50 [ 31.721460] __fput+0x327/0x7e0 [ 31.721461] ____fput+0x15/0x20 [ 31.721462] task_work_run+0x199/0x270 [ 31.721463] do_exit+0x9bb/0x1ad0 [ 31.721464] do_group_exit+0x149/0x400 [ 31.721465] SyS_exit_group+0x1d/0x20 [ 31.721466] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 31.721467] [ 31.721468] -> #2 (&rq->lock){-.-.}: [ 31.721471] _raw_spin_lock+0x2a/0x40 [ 31.721473] task_fork_fair+0x7a/0x690 [ 31.721474] sched_fork+0x435/0xc00 [ 31.721475] copy_process.part.37+0x1758/0x4b60 [ 31.721476] _do_fork+0x1f7/0xf70 [ 31.721477] kernel_thread+0x34/0x40 [ 31.721478] rest_init+0x22/0xf0 [ 31.721479] start_kernel+0x7f1/0x819 [ 31.721481] x86_64_start_reservations+0x2a/0x2c [ 31.721482] x86_64_start_kernel+0x77/0x7a [ 31.721483] secondary_startup_64+0xa5/0xb0 [ 31.721484] [ 31.721484] -> #1 (&p->pi_lock){-.-.}: [ 31.721488] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.721489] try_to_wake_up+0xbc/0x1600 [ 31.721490] wake_up_process+0x10/0x20 [ 31.721492] __up.isra.0+0x1cc/0x2c0 [ 31.721493] up+0x13b/0x1d0 [ 31.721494] __up_console_sem+0xb2/0x1a0 [ 31.721495] console_unlock+0x538/0xd70 [ 31.721496] do_con_write+0x106e/0x1f70 [ 31.721497] con_write+0x25/0xb0 [ 31.721498] n_tty_write+0x5ef/0xec0 [ 31.721499] tty_write+0x3fa/0x840 [ 31.721500] __vfs_write+0xef/0x970 [ 31.721501] vfs_write+0x189/0x510 [ 31.721502] SyS_write+0xef/0x220 [ 31.721504] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 31.721504] [ 31.721505] -> #0 ((console_sem).lock){..-.}: [ 31.721509] lock_acquire+0x1d5/0x580 [ 31.721510] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.721511] down_trylock+0x13/0x70 [ 31.721512] __down_trylock_console_sem+0xa2/0x1e0 [ 31.721514] console_trylock+0x15/0x100 [ 31.721515] vprintk_emit+0x49b/0x590 [ 31.721516] vprintk_default+0x28/0x30 [ 31.721517] vprintk_func+0x57/0xc0 [ 31.721518] printk+0xaa/0xca [ 31.721519] kasan_report+0x7b/0x340 [ 31.721520] __asan_report_load8_noabort+0x14/0x20 [ 31.721522] __schedule+0xda3/0x2060 [ 31.721523] preempt_schedule_common+0x22/0x60 [ 31.721524] _cond_resched+0x1d/0x30 [ 31.721525] wait_for_completion+0xa5/0x770 [ 31.721526] __synchronize_srcu+0x1ad/0x260 [ 31.721528] synchronize_srcu+0x1a3/0x570 [ 31.721529] kvm_page_track_unregister_notifier+0x186/0x270 [ 31.721530] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.721531] kvm_arch_destroy_vm+0x73b/0x980 [ 31.721533] kvm_put_kvm+0x695/0xde0 [ 31.721534] kvm_vm_release+0x42/0x50 [ 31.721535] __fput+0x327/0x7e0 [ 31.721536] ____fput+0x15/0x20 [ 31.721537] task_work_run+0x199/0x270 [ 31.721538] do_exit+0x9bb/0x1ad0 [ 31.721539] do_group_exit+0x149/0x400 [ 31.721540] SyS_exit_group+0x1d/0x20 [ 31.721541] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 31.721542] [ 31.721543] other info that might help us debug this: [ 31.721544] [ 31.721545] Chain exists of: [ 31.721546] (console_sem).lock --> &rq->lock --> report_lock [ 31.721551] [ 31.721552] Possible unsafe locking scenario: [ 31.721552] [ 31.721554] CPU0 CPU1 [ 31.721555] ---- ---- [ 31.721555] lock(report_lock); [ 31.721558] lock(&rq->lock); [ 31.721560] lock(report_lock); [ 31.721563] lock((console_sem).lock); [ 31.721565] [ 31.721566] *** DEADLOCK *** [ 31.721566] [ 31.721568] 2 locks held by syzkaller893004/3149: [ 31.721568] #0: (&rq->lock){-.-.}, at: [<0000000057593ff9>] __schedule+0x24e/0x2060 [ 31.721572] #1: (report_lock){....}, at: [<00000000b8905578>] kasan_report+0x6b/0x340 [ 31.721576] [ 31.721577] stack backtrace: [ 31.721579] CPU: 1 PID: 3149 Comm: syzkaller893004 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 31.721582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.721582] Call Trace: [ 31.721584] dump_stack+0x194/0x257 [ 31.721585] ? arch_local_irq_restore+0x53/0x53 [ 31.721586] print_circular_bug.isra.37+0x2cd/0x2dc [ 31.721587] ? save_trace+0xe0/0x2b0 [ 31.721588] __lock_acquire+0x30a8/0x3e00 [ 31.721590] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 31.721591] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 31.721592] ? print_lockdep_cache.isra.31+0x109/0x109 [ 31.721593] ? save_stack_trace+0x1a/0x20 [ 31.721595] ? save_trace+0xe0/0x2b0 [ 31.721596] ? __lock_acquire+0x36c0/0x3e00 [ 31.721597] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 31.721598] ? __lock_is_held+0xb6/0x140 [ 31.721599] ? __lock_is_held+0xb6/0x140 [ 31.721600] lock_acquire+0x1d5/0x580 [ 31.721602] ? lock_acquire+0x1d5/0x580 [ 31.721603] ? down_trylock+0x13/0x70 [ 31.721604] ? find_held_lock+0x35/0x1d0 [ 31.721605] ? lock_release+0xa40/0xa40 [ 31.721606] ? vprintk_emit+0x379/0x590 [ 31.721607] ? lock_downgrade+0x980/0x980 [ 31.721608] ? kvm_sched_clock_read+0x25/0x40 [ 31.721609] ? sched_clock+0x31/0x40 [ 31.721610] ? sched_clock_cpu+0x1b/0x170 [ 31.721612] ? vprintk_emit+0x49b/0x590 [ 31.721613] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.721614] ? down_trylock+0x13/0x70 [ 31.721615] down_trylock+0x13/0x70 [ 31.721616] ? vprintk_emit+0x49b/0x590 [ 31.721617] __down_trylock_console_sem+0xa2/0x1e0 [ 31.721618] console_trylock+0x15/0x100 [ 31.721619] vprintk_emit+0x49b/0x590 [ 31.721621] vprintk_default+0x28/0x30 [ 31.721622] vprintk_func+0x57/0xc0 [ 31.721623] printk+0xaa/0xca [ 31.721624] ? show_regs_print_info+0x18/0x18 [ 31.721625] ? __schedule+0xda3/0x2060 [ 31.721626] kasan_report+0x7b/0x340 [ 31.721627] __asan_report_load8_noabort+0x14/0x20 [ 31.721628] __schedule+0xda3/0x2060 [ 31.721629] ? __sched_text_start+0x8/0x8 [ 31.721631] ? trace_hardirqs_on+0xd/0x10 [ 31.721632] ? __call_srcu+0x7ee/0x1020 [ 31.721633] ? do_raw_spin_trylock+0x190/0x190 [ 31.721634] ? do_raw_spin_trylock+0x190/0x190 [ 31.721636] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 31.721637] ? __debug_object_init+0x235/0x1040 [ 31.721638] preempt_schedule_common+0x22/0x60 [ 31.721639] _cond_resched+0x1d/0x30 [ 31.721640] wait_for_completion+0xa5/0x770 [ 31.721641] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.721643] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 31.721644] ? __lockdep_init_map+0xe4/0x650 [ 31.721645] ? __init_waitqueue_head+0x97/0x140 [ 31.721646] ? init_wait_entry+0x1b0/0x1b0 [ 31.721648] __synchronize_srcu+0x1ad/0x260 [ 31.721649] ? call_srcu+0x10/0x10 [ 31.721650] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 31.721651] ? irq_matrix_allocated+0x80/0x80 [ 31.721652] ? synchronize_srcu+0x3c5/0x570 [ 31.721654] synchronize_srcu+0x1a3/0x570 [ 31.721655] ? synchronize_srcu+0x1a3/0x570 [ 31.721656] ? lock_downgrade+0x980/0x980 [ 31.721657] ? synchronize_srcu_expedited+0x20/0x20 [ 31.721658] ? lock_release+0xa40/0xa40 [ 31.721660] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 31.721661] ? do_raw_spin_trylock+0x190/0x190 [ 31.721662] kvm_page_track_unregister_notifier+0x186/0x270 [ 31.721664] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 31.721665] ? kvfree+0x36/0x60 [ 31.721666] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.721667] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.721668] kvm_arch_destroy_vm+0x73b/0x980 [ 31.721670] ? kvm_arch_sync_events+0x30/0x30 [ 31.721671] ? mmdrop+0x18/0x30 [ 31.721672] ? mmu_notifier_unregister+0x437/0x5c0 [ 31.721673] ? kvm_put_kvm+0x47a/0xde0 [ 31.721674] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 31.721676] ? __free_pages+0x107/0x150 [ 31.721677] ? free_unref_page+0x9e0/0x9e0 [ 31.721678] ? quarantine_put+0xeb/0x190 [ 31.721679] ? kfree+0xf0/0x260 [ 31.721680] ? kvm_put_kvm+0x614/0xde0 [ 31.721681] ? free_pages+0x51/0x90 [ 31.721682] kvm_put_kvm+0x695/0xde0 [ 31.721683] ? kvm_clear_guest+0xb0/0xb0 [ 31.721684] ? kvm_irqfd_release+0xd1/0x120 [ 31.721685] ? lock_downgrade+0x980/0x980 [ 31.721687] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.721688] ? kvm_irqfd_release+0xdd/0x120 [ 31.721689] ? kvm_irqfd_release+0xdd/0x120 [ 31.721690] ? kvm_put_kvm+0xde0/0xde0 [ 31.721691] kvm_vm_release+0x42/0x50 [ 31.721692] __fput+0x327/0x7e0 [ 31.721693] ? fput+0x140/0x140 [ 31.721695] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 31.721696] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.721697] ____fput+0x15/0x20 [ 31.721698] task_work_run+0x199/0x270 [ 31.721699] ? task_work_cancel+0x210/0x210 [ 31.721700] ? _raw_spin_unlock+0x22/0x30 [ 31.721701] ? switch_task_namespaces+0x87/0xc0 [ 31.721702] do_exit+0x9bb/0x1ad0 [ 31.721703] ? kvm_vcpu_fault+0x520/0x520 [ 31.721705] ? mm_update_next_owner+0x930/0x930 [ 31.721706] ? avc_has_extended_perms+0x7fa/0x12c0 [ 31.721707] ? unwind_get_return_address+0x61/0xa0 [ 31.721708] ? avc_ss_reset+0x110/0x110 [ 31.721709] ? putname+0xee/0x130 [ 31.721710] ? save_stack+0xa3/0xd0 [ 31.721711] ? save_stack+0x43/0xd0 [ 31.721713] ? kasan_slab_free+0x71/0xc0 [ 31.721714] ? putname+0xee/0x130 [ 31.721715] ? do_sys_open+0x31b/0x6d0 [ 31.721716] ? SyS_openat+0x30/0x40 [ 31.721717] ? debug_check_no_obj_freed+0x3da/0xf1f [ 31.721718] ? __lock_is_held+0xb6/0x140 [ 31.721720] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 31.721721] ? get_unused_fd_flags+0x190/0x190 [ 31.721722] ? kvm_vcpu_fault+0x520/0x520 [ 31.721723] ? do_vfs_i [ 31.721725] Lost 18 message(s)! [ 32.796264] Shutting down cpus with NMI [ 33.850214] Dumping ftrace buffer: [ 33.853721] (ftrace buffer empty) [ 33.857400] Kernel Offset: disabled [ 33.860992] Rebooting in 86400 seconds..