[....] Starting enhanced syslogd: rsyslogd[ 10.126910] audit: type=1400 audit(1513856683.833:5): avc: denied { syslog } for pid=2991 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 15.344307] audit: type=1400 audit(1513856689.051:6): avc: denied { map } for pid=3132 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-2,10.128.0.35' (ECDSA) to the list of known hosts. executing program [ 37.399814] audit: type=1400 audit(1513856711.106:7): avc: denied { map } for pid=3150 comm="syzkaller664134" path="/root/syzkaller664134966" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 37.431544] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 37.446014] ================================================================== [ 37.454126] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 37.460322] Read of size 8 at addr ffff8801c8770058 by task syzkaller664134/3150 [ 37.467817] [ 37.469411] CPU: 1 PID: 3150 Comm: syzkaller664134 Not tainted 4.15.0-rc4-mm1+ #47 [ 37.477079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.486397] Call Trace: [ 37.488960] dump_stack+0x194/0x257 [ 37.492551] ? arch_local_irq_restore+0x53/0x53 [ 37.497185] ? show_regs_print_info+0x18/0x18 [ 37.501647] ? __schedule+0xda3/0x2060 [ 37.505500] print_address_description+0x73/0x250 [ 37.510306] ? __schedule+0xda3/0x2060 [ 37.514158] kasan_report+0x23b/0x360 [ 37.517925] __asan_report_load8_noabort+0x14/0x20 [ 37.522822] __schedule+0xda3/0x2060 [ 37.526505] ? __sched_text_start+0x8/0x8 [ 37.530616] ? trace_hardirqs_on+0xd/0x10 [ 37.534726] ? __call_srcu+0x7ee/0x1020 [ 37.538665] ? do_raw_spin_trylock+0x190/0x190 [ 37.543211] ? do_raw_spin_trylock+0x190/0x190 [ 37.547764] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 37.553613] ? __debug_object_init+0x235/0x1040 [ 37.558251] preempt_schedule_common+0x22/0x60 [ 37.562804] _cond_resched+0x1d/0x30 [ 37.566483] wait_for_completion+0xa5/0x770 [ 37.570769] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 37.575753] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 37.581516] ? __lockdep_init_map+0xe4/0x650 [ 37.585893] ? __init_waitqueue_head+0x97/0x140 [ 37.590527] ? init_wait_entry+0x1b0/0x1b0 [ 37.594730] __synchronize_srcu+0x1ad/0x260 [ 37.599016] ? call_srcu+0x10/0x10 [ 37.602522] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 37.608025] ? irq_matrix_allocated+0x80/0x80 [ 37.612485] ? synchronize_srcu+0x3c5/0x570 [ 37.616770] synchronize_srcu+0x1a3/0x570 [ 37.620888] ? synchronize_srcu+0x1a3/0x570 [ 37.625171] ? lock_downgrade+0x980/0x980 [ 37.629283] ? synchronize_srcu_expedited+0x20/0x20 [ 37.634269] ? lock_release+0xa40/0xa40 [ 37.638207] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 37.643012] ? do_raw_spin_trylock+0x190/0x190 [ 37.647566] kvm_page_track_unregister_notifier+0x186/0x270 [ 37.653242] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 37.658656] ? kvfree+0x36/0x60 [ 37.661899] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.666879] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.670907] kvm_arch_destroy_vm+0x73b/0x980 [ 37.675279] ? kvm_arch_sync_events+0x30/0x30 [ 37.679738] ? mmdrop+0x18/0x30 [ 37.682982] ? mmu_notifier_unregister+0x43c/0x5c0 [ 37.687874] ? kvm_put_kvm+0x47a/0xde0 [ 37.691728] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 37.697672] ? __free_pages+0x107/0x150 [ 37.701610] ? free_unref_page+0x9e0/0x9e0 [ 37.705807] ? quarantine_put+0xeb/0x190 [ 37.709828] ? kfree+0xf0/0x260 [ 37.713072] ? kvm_put_kvm+0x614/0xde0 [ 37.716923] ? free_pages+0x51/0x90 [ 37.720522] kvm_put_kvm+0x695/0xde0 [ 37.724203] ? kvm_clear_guest+0xb0/0xb0 [ 37.728238] ? kvm_irqfd_release+0xd1/0x120 [ 37.732536] ? lock_downgrade+0x980/0x980 [ 37.736655] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.741118] ? kvm_irqfd_release+0xdd/0x120 [ 37.745409] ? kvm_irqfd_release+0xdd/0x120 [ 37.749696] ? kvm_put_kvm+0xde0/0xde0 [ 37.753545] kvm_vm_release+0x42/0x50 [ 37.757310] __fput+0x327/0x7e0 [ 37.760560] ? fput+0x140/0x140 [ 37.763813] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 37.769660] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.774128] ____fput+0x15/0x20 [ 37.777372] task_work_run+0x199/0x270 [ 37.781225] ? task_work_cancel+0x210/0x210 [ 37.785509] ? _raw_spin_unlock+0x22/0x30 [ 37.789621] ? switch_task_namespaces+0x87/0xc0 [ 37.794256] do_exit+0x9bb/0x1ad0 [ 37.797673] ? kvm_vcpu_fault+0x520/0x520 [ 37.801787] ? mm_update_next_owner+0x930/0x930 [ 37.806420] ? find_held_lock+0x35/0x1d0 [ 37.810448] ? handle_mm_fault+0x2a0/0x930 [ 37.814647] ? find_held_lock+0x35/0x1d0 [ 37.818676] ? __do_page_fault+0x5f7/0xc90 [ 37.822874] ? lock_downgrade+0x980/0x980 [ 37.826988] ? down_read_trylock+0xdb/0x170 [ 37.831274] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 37.835819] ? vmacache_find+0x5f/0x280 [ 37.839756] ? vmacache_update+0xfe/0x130 [ 37.843868] ? up_read+0x1a/0x40 [ 37.847198] ? __do_page_fault+0x3d6/0xc90 [ 37.851394] ? task_work_run+0x1f4/0x270 [ 37.855423] ? kvm_vcpu_fault+0x520/0x520 [ 37.859535] ? do_vfs_ioctl+0x486/0x1520 [ 37.863562] ? ioctl_preallocate+0x2b0/0x2b0 [ 37.867936] ? selinux_capable+0x40/0x40 [ 37.871979] ? __close_fd+0x222/0x360 [ 37.875749] do_group_exit+0x149/0x400 [ 37.879608] ? SyS_exit+0x30/0x30 [ 37.883026] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 37.888015] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 37.892737] SyS_exit_group+0x1d/0x20 [ 37.896503] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 37.901223] RIP: 0033:0x441c48 [ 37.904378] RSP: 002b:00007ffcdb6ac928 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.912050] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000441c48 [ 37.919284] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.926519] RBP: 0000000000000003 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.933751] R10: 00008c0000500000 R11: 0000000000000246 R12: 0000000000000010 [ 37.940984] R13: 00000000206a200c R14: 0000000000000001 R15: 00000000000000ad [ 37.948226] [ 37.949817] Allocated by task 3150: [ 37.953407] save_stack+0x43/0xd0 [ 37.956823] kasan_kmalloc+0xad/0xe0 [ 37.960502] kasan_slab_alloc+0x12/0x20 [ 37.964439] kmem_cache_alloc+0x12e/0x760 [ 37.968552] vmx_create_vcpu+0xc4/0x2f20 [ 37.972576] kvm_arch_vcpu_create+0x12c/0x1a0 [ 37.977032] kvm_vm_ioctl+0x48b/0x1c60 [ 37.980887] do_vfs_ioctl+0x1b1/0x1520 [ 37.984735] SyS_ioctl+0x8f/0xc0 [ 37.988062] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 37.992776] [ 37.994365] Freed by task 3150: [ 37.997608] save_stack+0x43/0xd0 [ 38.001023] kasan_slab_free+0x71/0xc0 [ 38.004871] kmem_cache_free+0x83/0x2a0 [ 38.008823] vmx_free_vcpu+0x1ee/0x260 [ 38.012681] kvm_arch_destroy_vm+0x4a2/0x980 [ 38.017054] kvm_put_kvm+0x695/0xde0 [ 38.020728] kvm_vm_release+0x42/0x50 [ 38.024495] __fput+0x327/0x7e0 [ 38.027736] ____fput+0x15/0x20 [ 38.030979] task_work_run+0x199/0x270 [ 38.034828] do_exit+0x9bb/0x1ad0 [ 38.038243] do_group_exit+0x149/0x400 [ 38.042093] SyS_exit_group+0x1d/0x20 [ 38.045858] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 38.050572] [ 38.052167] The buggy address belongs to the object at ffff8801c8770040 [ 38.052167] which belongs to the cache kvm_vcpu of size 23872 [ 38.064697] The buggy address is located 24 bytes inside of [ 38.064697] 23872-byte region [ffff8801c8770040, ffff8801c8775d80) [ 38.076619] The buggy address belongs to the page: [ 38.081510] page:ffffea000721dc00 count:1 mapcount:0 mapping:ffff8801c8770040 index:0x0 compound_mapcount: 0 [ 38.091451] flags: 0x2fffc0000008100(slab|head) [ 38.096084] raw: 02fffc0000008100 ffff8801c8770040 0000000000000000 0000000100000001 [ 38.103927] raw: ffff8801d8a15148 ffff8801d8a15148 ffff8801d8a13300 0000000000000000 [ 38.111768] page dumped because: kasan: bad access detected [ 38.117439] [ 38.119028] Memory state around the buggy address: [ 38.123918] ffff8801c876ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.131241] ffff8801c876ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.138563] >ffff8801c8770000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 38.145888] ^ [ 38.152082] ffff8801c8770080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.159404] ffff8801c8770100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.166723] ================================================================== [ 38.174045] Kernel panic - not syncing: panic_on_warn set ... [ 38.174045] [ 38.181371] CPU: 1 PID: 3150 Comm: syzkaller664134 Tainted: G B 4.15.0-rc4-mm1+ #47 [ 38.190341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.199657] Call Trace: [ 38.202211] dump_stack+0x194/0x257 [ 38.205803] ? arch_local_irq_restore+0x53/0x53 [ 38.210438] ? kasan_end_report+0x32/0x50 [ 38.214551] ? lock_downgrade+0x980/0x980 [ 38.218662] ? vsnprintf+0x1ed/0x1900 [ 38.222428] ? __schedule+0xcf0/0x2060 [ 38.226280] panic+0x1e4/0x41c [ 38.229436] ? refcount_error_report+0x214/0x214 [ 38.234163] ? print_shadow_for_address+0xdc/0x1a0 [ 38.239056] ? add_taint+0x1c/0x50 [ 38.242561] ? __schedule+0xda3/0x2060 [ 38.246412] kasan_end_report+0x50/0x50 [ 38.250356] kasan_report+0x148/0x360 [ 38.254123] __asan_report_load8_noabort+0x14/0x20 [ 38.259023] __schedule+0xda3/0x2060 [ 38.262702] ? __sched_text_start+0x8/0x8 [ 38.266813] ? trace_hardirqs_on+0xd/0x10 [ 38.270925] ? __call_srcu+0x7ee/0x1020 [ 38.274864] ? do_raw_spin_trylock+0x190/0x190 [ 38.279409] ? do_raw_spin_trylock+0x190/0x190 [ 38.283960] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 38.289807] ? __debug_object_init+0x235/0x1040 [ 38.294444] preempt_schedule_common+0x22/0x60 [ 38.298990] _cond_resched+0x1d/0x30 [ 38.302665] wait_for_completion+0xa5/0x770 [ 38.306962] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.311942] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 38.317703] ? __lockdep_init_map+0xe4/0x650 [ 38.322079] ? __init_waitqueue_head+0x97/0x140 [ 38.326711] ? init_wait_entry+0x1b0/0x1b0 [ 38.330912] __synchronize_srcu+0x1ad/0x260 [ 38.335197] ? call_srcu+0x10/0x10 [ 38.338700] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 38.344203] ? irq_matrix_allocated+0x80/0x80 [ 38.348661] ? synchronize_srcu+0x3c5/0x570 [ 38.352950] synchronize_srcu+0x1a3/0x570 [ 38.357060] ? synchronize_srcu+0x1a3/0x570 [ 38.361344] ? lock_downgrade+0x980/0x980 [ 38.365453] ? synchronize_srcu_expedited+0x20/0x20 [ 38.370432] ? lock_release+0xa40/0xa40 [ 38.374369] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 38.379177] ? do_raw_spin_trylock+0x190/0x190 [ 38.383730] kvm_page_track_unregister_notifier+0x186/0x270 [ 38.389404] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 38.394818] ? kvfree+0x36/0x60 [ 38.398061] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.403045] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.407070] kvm_arch_destroy_vm+0x73b/0x980 [ 38.411441] ? kvm_arch_sync_events+0x30/0x30 [ 38.415903] ? mmdrop+0x18/0x30 [ 38.419150] ? mmu_notifier_unregister+0x43c/0x5c0 [ 38.424045] ? kvm_put_kvm+0x47a/0xde0 [ 38.427898] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 38.433832] ? __free_pages+0x107/0x150 [ 38.437769] ? free_unref_page+0x9e0/0x9e0 [ 38.441969] ? quarantine_put+0xeb/0x190 [ 38.445993] ? kfree+0xf0/0x260 [ 38.449238] ? kvm_put_kvm+0x614/0xde0 [ 38.453090] ? free_pages+0x51/0x90 [ 38.456680] kvm_put_kvm+0x695/0xde0 [ 38.460363] ? kvm_clear_guest+0xb0/0xb0 [ 38.464389] ? kvm_irqfd_release+0xd1/0x120 [ 38.468687] ? lock_downgrade+0x980/0x980 [ 38.472804] ? _raw_spin_unlock_irq+0x27/0x70 [ 38.477266] ? kvm_irqfd_release+0xdd/0x120 [ 38.481550] ? kvm_irqfd_release+0xdd/0x120 [ 38.485834] ? kvm_put_kvm+0xde0/0xde0 [ 38.489686] kvm_vm_release+0x42/0x50 [ 38.493450] __fput+0x327/0x7e0 [ 38.496695] ? fput+0x140/0x140 [ 38.499941] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 38.505788] ? _raw_spin_unlock_irq+0x27/0x70 [ 38.510249] ____fput+0x15/0x20 [ 38.513491] task_work_run+0x199/0x270 [ 38.517343] ? task_work_cancel+0x210/0x210 [ 38.521629] ? _raw_spin_unlock+0x22/0x30 [ 38.525741] ? switch_task_namespaces+0x87/0xc0 [ 38.530375] do_exit+0x9bb/0x1ad0 [ 38.533790] ? kvm_vcpu_fault+0x520/0x520 [ 38.537904] ? mm_update_next_owner+0x930/0x930 [ 38.542537] ? find_held_lock+0x35/0x1d0 [ 38.546565] ? handle_mm_fault+0x2a0/0x930 [ 38.550764] ? find_held_lock+0x35/0x1d0 [ 38.554792] ? __do_page_fault+0x5f7/0xc90 [ 38.558988] ? lock_downgrade+0x980/0x980 [ 38.563109] ? down_read_trylock+0xdb/0x170 [ 38.567395] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 38.571948] ? vmacache_find+0x5f/0x280 [ 38.575885] ? vmacache_update+0xfe/0x130 [ 38.579998] ? up_read+0x1a/0x40 [ 38.583327] ? __do_page_fault+0x3d6/0xc90 [ 38.587524] ? task_work_run+0x1f4/0x270 [ 38.591554] ? kvm_vcpu_fault+0x520/0x520 [ 38.595665] ? do_vfs_ioctl+0x486/0x1520 [ 38.599691] ? ioctl_preallocate+0x2b0/0x2b0 [ 38.604064] ? selinux_capable+0x40/0x40 [ 38.608089] ? __close_fd+0x222/0x360 [ 38.611857] do_group_exit+0x149/0x400 [ 38.615710] ? SyS_exit+0x30/0x30 [ 38.619127] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.624108] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 38.628830] SyS_exit_group+0x1d/0x20 [ 38.632593] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 38.637309] RIP: 0033:0x441c48 [ 38.640464] RSP: 002b:00007ffcdb6ac928 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.648136] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000441c48 [ 38.655377] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.662611] RBP: 0000000000000003 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.669844] R10: 00008c0000500000 R11: 0000000000000246 R12: 0000000000000010 [ 38.677085] R13: 00000000206a200c R14: 0000000000000001 R15: 00000000000000ad [ 38.684334] [ 38.684336] ====================================================== [ 38.684338] WARNING: possible circular locking dependency detected [ 38.684339] 4.15.0-rc4-mm1+ #47 Not tainted [ 38.684340] ------------------------------------------------------ [ 38.684342] syzkaller664134/3150 is trying to acquire lock: [ 38.684343] ((console_sem).lock){..-.}, at: [<00000000ce7e68f3>] down_trylock+0x13/0x70 [ 38.684347] [ 38.684348] but task is already holding lock: [ 38.684348] (report_lock){....}, at: [<00000000e30241d6>] kasan_report+0x6b/0x360 [ 38.684352] [ 38.684354] which lock already depends on the new lock. [ 38.684354] [ 38.684355] [ 38.684357] the existing dependency chain (in reverse order) is: [ 38.684357] [ 38.684358] -> #3 (report_lock){....}: [ 38.684362] _raw_spin_lock_irqsave+0x96/0xc0 [ 38.684363] kasan_report+0x6b/0x360 [ 38.684364] __asan_report_load8_noabort+0x14/0x20 [ 38.684366] __schedule+0xda3/0x2060 [ 38.684367] preempt_schedule_common+0x22/0x60 [ 38.684368] _cond_resched+0x1d/0x30 [ 38.684369] wait_for_completion+0xa5/0x770 [ 38.684371] __synchronize_srcu+0x1ad/0x260 [ 38.684372] synchronize_srcu+0x1a3/0x570 [ 38.684373] kvm_page_track_unregister_notifier+0x186/0x270 [ 38.684374] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.684376] kvm_arch_destroy_vm+0x73b/0x980 [ 38.684377] kvm_put_kvm+0x695/0xde0 [ 38.684378] kvm_vm_release+0x42/0x50 [ 38.684379] __fput+0x327/0x7e0 [ 38.684380] ____fput+0x15/0x20 [ 38.684381] task_work_run+0x199/0x270 [ 38.684382] do_exit+0x9bb/0x1ad0 [ 38.684384] do_group_exit+0x149/0x400 [ 38.684385] SyS_exit_group+0x1d/0x20 [ 38.684386] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 38.684387] [ 38.684387] -> #2 (&rq->lock){-.-.}: [ 38.684391] _raw_spin_lock+0x2a/0x40 [ 38.684392] task_fork_fair+0x7a/0x690 [ 38.684394] sched_fork+0x435/0xc00 [ 38.684395] copy_process.part.37+0x1758/0x4b60 [ 38.684396] _do_fork+0x1f7/0xf70 [ 38.684397] kernel_thread+0x34/0x40 [ 38.684398] rest_init+0x22/0xf0 [ 38.684399] start_kernel+0x7f1/0x819 [ 38.684401] x86_64_start_reservations+0x2a/0x2c [ 38.684402] x86_64_start_kernel+0x77/0x7a [ 38.684403] secondary_startup_64+0xa5/0xb0 [ 38.684404] [ 38.684404] -> #1 (&p->pi_lock){-.-.}: [ 38.684408] _raw_spin_lock_irqsave+0x96/0xc0 [ 38.684409] try_to_wake_up+0xbc/0x1600 [ 38.684411] wake_up_process+0x10/0x20 [ 38.684412] __up.isra.0+0x1cc/0x2c0 [ 38.684413] up+0x13b/0x1d0 [ 38.684414] __up_console_sem+0xb2/0x1a0 [ 38.684415] console_unlock+0x538/0xd70 [ 38.684416] do_con_write+0x106e/0x1f70 [ 38.684417] con_write+0x25/0xb0 [ 38.684418] n_tty_write+0x5ef/0xec0 [ 38.684419] tty_write+0x3fa/0x840 [ 38.684421] __vfs_write+0xef/0x970 [ 38.684422] vfs_write+0x189/0x510 [ 38.684423] SyS_write+0xef/0x220 [ 38.684424] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 38.684425] [ 38.684425] -> #0 ((console_sem).lock){..-.}: [ 38.684429] lock_acquire+0x1d5/0x580 [ 38.684431] _raw_spin_lock_irqsave+0x96/0xc0 [ 38.684432] down_trylock+0x13/0x70 [ 38.684433] __down_trylock_console_sem+0xa2/0x1e0 [ 38.684434] console_trylock+0x15/0x100 [ 38.684436] vprintk_emit+0x49b/0x590 [ 38.684437] vprintk_default+0x28/0x30 [ 38.684438] vprintk_func+0x57/0xc0 [ 38.684439] printk+0xaa/0xca [ 38.684440] kasan_report+0x7b/0x360 [ 38.684441] __asan_report_load8_noabort+0x14/0x20 [ 38.684442] __schedule+0xda3/0x2060 [ 38.684444] preempt_schedule_common+0x22/0x60 [ 38.684445] _cond_resched+0x1d/0x30 [ 38.684446] wait_for_completion+0xa5/0x770 [ 38.684447] __synchronize_srcu+0x1ad/0x260 [ 38.684448] synchronize_srcu+0x1a3/0x570 [ 38.684450] kvm_page_track_unregister_notifier+0x186/0x270 [ 38.684451] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.684452] kvm_arch_destroy_vm+0x73b/0x980 [ 38.684453] kvm_put_kvm+0x695/0xde0 [ 38.684455] kvm_vm_release+0x42/0x50 [ 38.684456] __fput+0x327/0x7e0 [ 38.684457] ____fput+0x15/0x20 [ 38.684458] task_work_run+0x199/0x270 [ 38.684459] do_exit+0x9bb/0x1ad0 [ 38.684460] do_group_exit+0x149/0x400 [ 38.684461] SyS_exit_group+0x1d/0x20 [ 38.684463] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 38.684463] [ 38.684464] other info that might help us debug this: [ 38.684465] [ 38.684466] Chain exists of: [ 38.684467] (console_sem).lock --> &rq->lock --> report_lock [ 38.684472] [ 38.684473] Possible unsafe locking scenario: [ 38.684473] [ 38.684475] CPU0 CPU1 [ 38.684476] ---- ---- [ 38.684476] lock(report_lock); [ 38.684479] lock(&rq->lock); [ 38.684482] lock(report_lock); [ 38.684484] lock((console_sem).lock); [ 38.684486] [ 38.684487] *** DEADLOCK *** [ 38.684488] [ 38.684489] 2 locks held by syzkaller664134/3150: [ 38.684489] #0: (&rq->lock){-.-.}, at: [<000000001e44f53e>] __schedule+0x24e/0x2060 [ 38.684494] #1: (report_lock){....}, at: [<00000000e30241d6>] kasan_report+0x6b/0x360 [ 38.684498] [ 38.684499] stack backtrace: [ 38.684501] CPU: 1 PID: 3150 Comm: syzkaller664134 Not tainted 4.15.0-rc4-mm1+ #47 [ 38.684503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.684504] Call Trace: [ 38.684505] dump_stack+0x194/0x257 [ 38.684506] ? arch_local_irq_restore+0x53/0x53 [ 38.684508] print_circular_bug.isra.37+0x2cd/0x2dc [ 38.684509] ? save_trace+0xe0/0x2b0 [ 38.684510] __lock_acquire+0x30a8/0x3e00 [ 38.684511] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 38.684513] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 38.684514] ? print_lockdep_cache.isra.31+0x109/0x109 [ 38.684515] ? save_stack_trace+0x1a/0x20 [ 38.684516] ? save_trace+0xe0/0x2b0 [ 38.684517] ? __lock_acquire+0x36c0/0x3e00 [ 38.684519] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 38.684520] ? __lock_is_held+0xb6/0x140 [ 38.684521] ? __lock_is_held+0xb6/0x140 [ 38.684522] lock_acquire+0x1d5/0x580 [ 38.684523] ? lock_acquire+0x1d5/0x580 [ 38.684524] ? down_trylock+0x13/0x70 [ 38.684526] ? find_held_lock+0x35/0x1d0 [ 38.684527] ? lock_release+0xa40/0xa40 [ 38.684528] ? vprintk_emit+0x379/0x590 [ 38.684529] ? lock_downgrade+0x980/0x980 [ 38.684530] ? kvm_sched_clock_read+0x25/0x40 [ 38.684531] ? sched_clock+0x31/0x40 [ 38.684532] ? sched_clock_cpu+0x1b/0x170 [ 38.684534] ? vprintk_emit+0x49b/0x590 [ 38.684535] _raw_spin_lock_irqsave+0x96/0xc0 [ 38.684536] ? down_trylock+0x13/0x70 [ 38.684537] down_trylock+0x13/0x70 [ 38.684538] ? vprintk_emit+0x49b/0x590 [ 38.684539] __down_trylock_console_sem+0xa2/0x1e0 [ 38.684541] console_trylock+0x15/0x100 [ 38.684542] vprintk_emit+0x49b/0x590 [ 38.684543] vprintk_default+0x28/0x30 [ 38.684544] vprintk_func+0x57/0xc0 [ 38.684545] printk+0xaa/0xca [ 38.684546] ? show_regs_print_info+0x18/0x18 [ 38.684547] ? __schedule+0xda3/0x2060 [ 38.684548] kasan_report+0x7b/0x360 [ 38.684550] __asan_report_load8_noabort+0x14/0x20 [ 38.684551] __schedule+0xda3/0x2060 [ 38.684552] ? __sched_text_start+0x8/0x8 [ 38.684553] ? trace_hardirqs_on+0xd/0x10 [ 38.684554] ? __call_srcu+0x7ee/0x1020 [ 38.684555] ? do_raw_spin_trylock+0x190/0x190 [ 38.684557] ? do_raw_spin_trylock+0x190/0x190 [ 38.684558] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 38.684559] ? __debug_object_init+0x235/0x1040 [ 38.684561] preempt_schedule_common+0x22/0x60 [ 38.684562] _cond_resched+0x1d/0x30 [ 38.684563] wait_for_completion+0xa5/0x770 [ 38.684564] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.684566] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 38.684567] ? __lockdep_init_map+0xe4/0x650 [ 38.684568] ? __init_waitqueue_head+0x97/0x140 [ 38.684569] ? init_wait_entry+0x1b0/0x1b0 [ 38.684570] __synchronize_srcu+0x1ad/0x260 [ 38.684571] ? call_srcu+0x10/0x10 [ 38.684573] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 38.684574] ? irq_matrix_allocated+0x80/0x80 [ 38.684575] ? synchronize_srcu+0x3c5/0x570 [ 38.684576] synchronize_srcu+0x1a3/0x570 [ 38.684578] ? synchronize_srcu+0x1a3/0x570 [ 38.684579] ? lock_downgrade+0x980/0x980 [ 38.684580] ? synchronize_srcu_expedited+0x20/0x20 [ 38.684581] ? lock_release+0xa40/0xa40 [ 38.684582] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 38.684584] ? do_raw_spin_trylock+0x190/0x190 [ 38.684585] kvm_page_track_unregister_notifier+0x186/0x270 [ 38.684587] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 38.684588] ? kvfree+0x36/0x60 [ 38.684589] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.684590] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.684591] kvm_arch_destroy_vm+0x73b/0x980 [ 38.684593] ? kvm_arch_sync_events+0x30/0x30 [ 38.684594] ? mmdrop+0x18/0x30 [ 38.684595] ? mmu_notifier_unregister+0x43c/0x5c0 [ 38.684596] ? kvm_put_kvm+0x47a/0xde0 [ 38.684598] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 38.684599] ? __free_pages+0x107/0x150 [ 38.684600] ? free_unref_page+0x9e0/0x9e0 [ 38.684601] ? quarantine_put+0xeb/0x190 [ 38.684602] ? kfree+0xf0/0x260 [ 38.684603] ? kvm_put_kvm+0x614/0xde0 [ 38.684604] ? free_pages+0x51/0x90 [ 38.684605] kvm_put_kvm+0x695/0xde0 [ 38.684606] ? kvm_clear_guest+0xb0/0xb0 [ 38.684608] ? kvm_irqfd_release+0xd1/0x120 [ 38.684609] ? lock_downgrade+0x980/0x980 [ 38.684610] ? _raw_spin_unlock_irq+0x27/0x70 [ 38.684611] ? kvm_irqfd_release+0xdd/0x120 [ 38.684612] ? kvm_irqfd_release+0xdd/0x120 [ 38.684613] ? kvm_put_kvm+0xde0/0xde0 [ 38.684615] kvm_vm_release+0x42/0x50 [ 38.684616] __fput+0x327/0x7e0 [ 38.684617] ? fput+0x140/0x140 [ 38.684618] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 38.684619] ? _raw_spin_unlock_irq+0x27/0x70 [ 38.684620] ____fput+0x15/0x20 [ 38.684621] task_work_run+0x199/0x270 [ 38.684623] ? task_work_cancel+0x210/0x210 [ 38.684624] ? _raw_spin_unlock+0x22/0x30 [ 38.684625] ? switch_task_namespaces+0x87/0xc0 [ 38.684626] do_exit+0x9bb/0x1ad0 [ 38.684627] ? kvm_vcpu_fault+0x520/0x520 [ 38.684628] ? mm_update_next_owner+0x930/0x930 [ 38.684630] ? find_held_lock+0x35/0x1d0 [ 38.684631] ? handle_mm_fault+0x2a0/0x930 [ 38.684632] ? find_held_lock+0x35/0x1d0 [ 38.684633] ? __do_page_fault+0x5f7/0xc90 [ 38.684634] ? lock_downgrade+0x980/0x980 [ 38.684635] ? down_read_trylock+0xdb/0x170 [ 38.684637] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 38.684638] ? vmacache_find+0x5f/0x280 [ 38.684639] ? vmacache_update+0xfe/0x130 [ 38.684640] ? up_read+0x1a/0x40 [ 38.684641] ? __do_page_fault+0x3d6/0xc90 [ 38.684642] ? task_work_run+0x1f4/0x270 [ 38.684643] ? kvm_vcpu_fault+0x520/0x520 [ 38.684644] ? do_vfs_ioctl+0x486/0x1520 [ 38.684646] ? ioctl_preallocate+0x2b0/0x2b0 [ 38.684647] ? selinux_capable+0x40/0x40 [ 38.684648] ? __close_fd [ 38.684650] Lost 14 message(s)! [ 39.759892] Shutting down cpus with NMI [ 40.815674] Dumping ftrace buffer: [ 40.819195] (ftrace buffer empty) [ 40.822882] Kernel Offset: disabled [ 40.826477] Rebooting in 86400 seconds..