[....] Starting enhanced syslogd: rsyslogd[ 10.073327] audit: type=1400 audit(1513784331.114:5): avc: denied { syslog } for pid=2993 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 12.346242] audit: type=1400 audit(1513784333.387:6): avc: denied { map } for pid=3131 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-next-kasan-gce-9,10.128.15.201' (ECDSA) to the list of known hosts. executing program [ 18.492059] audit: type=1400 audit(1513784339.532:7): avc: denied { map } for pid=3145 comm="syzkaller493342" path="/root/syzkaller493342791" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 18.524831] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 18.536976] ================================================================== [ 18.545503] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 18.551699] Read of size 8 at addr ffff8801c8ee0058 by task syzkaller493342/3145 [ 18.559195] [ 18.560811] CPU: 0 PID: 3145 Comm: syzkaller493342 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 18.569350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.578670] Call Trace: [ 18.581224] dump_stack+0x194/0x257 [ 18.584821] ? arch_local_irq_restore+0x53/0x53 [ 18.589456] ? show_regs_print_info+0x18/0x18 [ 18.593923] ? __schedule+0xda3/0x2060 [ 18.597779] print_address_description+0x73/0x250 [ 18.602590] ? __schedule+0xda3/0x2060 [ 18.606444] kasan_report+0x25b/0x340 [ 18.610214] __asan_report_load8_noabort+0x14/0x20 [ 18.615108] __schedule+0xda3/0x2060 [ 18.618796] ? __sched_text_start+0x8/0x8 [ 18.622914] ? trace_hardirqs_on+0xd/0x10 [ 18.627032] ? __call_srcu+0x7ee/0x1020 [ 18.630973] ? do_raw_spin_trylock+0x190/0x190 [ 18.635529] ? do_raw_spin_trylock+0x190/0x190 [ 18.640088] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 18.645938] ? __debug_object_init+0x235/0x1040 [ 18.650580] preempt_schedule_common+0x22/0x60 [ 18.655128] _cond_resched+0x1d/0x30 [ 18.658811] wait_for_completion+0xa5/0x770 [ 18.663101] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 18.668085] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 18.673853] ? __lockdep_init_map+0xe4/0x650 [ 18.678235] ? __init_waitqueue_head+0x97/0x140 [ 18.682869] ? init_wait_entry+0x1b0/0x1b0 [ 18.687078] __synchronize_srcu+0x1ad/0x260 [ 18.691368] ? call_srcu+0x10/0x10 [ 18.694874] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 18.700391] ? irq_matrix_allocated+0x80/0x80 [ 18.704866] ? synchronize_srcu+0x3c5/0x570 [ 18.709162] synchronize_srcu+0x1a3/0x570 [ 18.713279] ? synchronize_srcu+0x1a3/0x570 [ 18.717566] ? lock_downgrade+0x980/0x980 [ 18.721682] ? synchronize_srcu_expedited+0x20/0x20 [ 18.726665] ? lock_release+0xa40/0xa40 [ 18.730615] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 18.735514] ? do_raw_spin_trylock+0x190/0x190 [ 18.740073] kvm_page_track_unregister_notifier+0x186/0x270 [ 18.745753] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 18.751172] ? kvfree+0x36/0x60 [ 18.754422] ? rcu_read_lock_sched_held+0x108/0x120 [ 18.759408] kvm_mmu_uninit_vm+0x1c/0x20 [ 18.763435] kvm_arch_destroy_vm+0x73b/0x980 [ 18.767815] ? kvm_arch_sync_events+0x30/0x30 [ 18.772276] ? mmdrop+0x18/0x30 [ 18.775737] ? mmu_notifier_unregister+0x437/0x5c0 [ 18.780632] ? kvm_put_kvm+0x47a/0xde0 [ 18.784499] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 18.790349] ? __free_pages+0x107/0x150 [ 18.794291] ? free_unref_page+0x9e0/0x9e0 [ 18.798580] ? quarantine_put+0xeb/0x190 [ 18.802606] ? kfree+0xf0/0x260 [ 18.805851] ? kvm_put_kvm+0x614/0xde0 [ 18.809707] ? free_pages+0x51/0x90 [ 18.813303] kvm_put_kvm+0x695/0xde0 [ 18.816991] ? kvm_clear_guest+0xb0/0xb0 [ 18.821022] ? kvm_irqfd_release+0xd1/0x120 [ 18.825311] ? lock_downgrade+0x980/0x980 [ 18.829436] ? _raw_spin_unlock_irq+0x27/0x70 [ 18.834077] ? kvm_irqfd_release+0xdd/0x120 [ 18.838364] ? kvm_irqfd_release+0xdd/0x120 [ 18.842653] ? kvm_put_kvm+0xde0/0xde0 [ 18.846506] kvm_vm_release+0x42/0x50 [ 18.850275] __fput+0x327/0x7e0 [ 18.853526] ? fput+0x140/0x140 [ 18.856775] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 18.862626] ? _raw_spin_unlock_irq+0x27/0x70 [ 18.867093] ____fput+0x15/0x20 [ 18.870340] task_work_run+0x199/0x270 [ 18.874198] ? task_work_cancel+0x210/0x210 [ 18.878488] ? _raw_spin_unlock+0x22/0x30 [ 18.882601] ? switch_task_namespaces+0x87/0xc0 [ 18.887239] do_exit+0x9bb/0x1ad0 [ 18.890660] ? kvm_vcpu_fault+0x520/0x520 [ 18.894778] ? mm_update_next_owner+0x930/0x930 [ 18.899419] ? find_held_lock+0x35/0x1d0 [ 18.903451] ? handle_mm_fault+0x2a0/0x930 [ 18.907653] ? find_held_lock+0x35/0x1d0 [ 18.911686] ? __do_page_fault+0x5f7/0xc90 [ 18.915886] ? lock_downgrade+0x980/0x980 [ 18.920006] ? down_read_trylock+0xdb/0x170 [ 18.924294] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 18.928839] ? vmacache_find+0x5f/0x280 [ 18.932789] ? up_read+0x1a/0x40 [ 18.936123] ? __do_page_fault+0x3d6/0xc90 [ 18.940330] ? kvm_vcpu_fault+0x520/0x520 [ 18.944444] ? do_vfs_ioctl+0x486/0x1520 [ 18.948471] ? _cond_resched+0x14/0x30 [ 18.952326] ? ioctl_preallocate+0x2b0/0x2b0 [ 18.956704] ? selinux_capable+0x40/0x40 [ 18.960735] ? putname+0xf3/0x130 [ 18.964161] do_group_exit+0x149/0x400 [ 18.968016] ? SyS_exit+0x30/0x30 [ 18.971450] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 18.976444] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 18.981167] SyS_exit_group+0x1d/0x20 [ 18.984936] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 18.989658] RIP: 0033:0x43ed88 [ 18.992813] RSP: 002b:00007ffc073e6098 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 19.000488] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ed88 [ 19.007723] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 19.014958] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 19.022194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 19.029430] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 19.036676] [ 19.038272] Allocated by task 3145: [ 19.041865] save_stack+0x43/0xd0 [ 19.045283] kasan_kmalloc+0xad/0xe0 [ 19.048963] kasan_slab_alloc+0x12/0x20 [ 19.052903] kmem_cache_alloc+0x12e/0x760 [ 19.057027] vmx_create_vcpu+0xc4/0x2f20 [ 19.061054] kvm_arch_vcpu_create+0x12c/0x1a0 [ 19.065516] kvm_vm_ioctl+0x48b/0x1c60 [ 19.069366] do_vfs_ioctl+0x1b1/0x1520 [ 19.073216] SyS_ioctl+0x8f/0xc0 [ 19.076546] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.081264] [ 19.082855] Freed by task 3145: [ 19.086098] save_stack+0x43/0xd0 [ 19.089517] kasan_slab_free+0x71/0xc0 [ 19.093369] kmem_cache_free+0x83/0x2a0 [ 19.097308] vmx_free_vcpu+0x1ee/0x260 [ 19.101315] kvm_arch_destroy_vm+0x4a2/0x980 [ 19.105688] kvm_put_kvm+0x695/0xde0 [ 19.109366] kvm_vm_release+0x42/0x50 [ 19.113131] __fput+0x327/0x7e0 [ 19.116375] ____fput+0x15/0x20 [ 19.119621] task_work_run+0x199/0x270 [ 19.123478] do_exit+0x9bb/0x1ad0 [ 19.126898] do_group_exit+0x149/0x400 [ 19.130749] SyS_exit_group+0x1d/0x20 [ 19.134516] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.139233] [ 19.140827] The buggy address belongs to the object at ffff8801c8ee0040 [ 19.140827] which belongs to the cache kvm_vcpu of size 23872 [ 19.153360] The buggy address is located 24 bytes inside of [ 19.153360] 23872-byte region [ffff8801c8ee0040, ffff8801c8ee5d80) [ 19.165283] The buggy address belongs to the page: [ 19.170181] page:0000000030d2fa69 count:1 mapcount:0 mapping:00000000ace5bb87 index:0x0 compound_mapcount: 0 [ 19.180114] flags: 0x2fffc0000008100(slab|head) [ 19.184751] raw: 02fffc0000008100 ffff8801c8ee0040 0000000000000000 0000000100000001 [ 19.192599] raw: ffff8801d643f248 ffff8801d643f248 ffff8801d64416c0 0000000000000000 [ 19.200443] page dumped because: kasan: bad access detected [ 19.206115] [ 19.207707] Memory state around the buggy address: [ 19.212603] ffff8801c8edff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.220101] ffff8801c8edff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.227426] >ffff8801c8ee0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 19.234750] ^ [ 19.240948] ffff8801c8ee0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.248272] ffff8801c8ee0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.255594] ================================================================== [ 19.262919] Kernel panic - not syncing: panic_on_warn set ... [ 19.262919] [ 19.270246] CPU: 0 PID: 3145 Comm: syzkaller493342 Tainted: G B 4.15.0-rc4-next-20171220+ #77 [ 19.280086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.289404] Call Trace: [ 19.291958] dump_stack+0x194/0x257 [ 19.295553] ? arch_local_irq_restore+0x53/0x53 [ 19.300188] ? kasan_end_report+0x32/0x50 [ 19.304305] ? lock_downgrade+0x980/0x980 [ 19.309279] ? vsnprintf+0x1ed/0x1900 [ 19.313049] ? __schedule+0xcf0/0x2060 [ 19.316906] panic+0x1e4/0x41c [ 19.320065] ? refcount_error_report+0x214/0x214 [ 19.324808] ? print_shadow_for_address+0xdc/0x1a0 [ 19.329704] ? add_taint+0x1c/0x50 [ 19.333213] ? __schedule+0xda3/0x2060 [ 19.337065] kasan_end_report+0x50/0x50 [ 19.341008] kasan_report+0x144/0x340 [ 19.344786] __asan_report_load8_noabort+0x14/0x20 [ 19.349679] __schedule+0xda3/0x2060 [ 19.353365] ? __sched_text_start+0x8/0x8 [ 19.357479] ? trace_hardirqs_on+0xd/0x10 [ 19.361593] ? __call_srcu+0x7ee/0x1020 [ 19.365536] ? do_raw_spin_trylock+0x190/0x190 [ 19.370084] ? do_raw_spin_trylock+0x190/0x190 [ 19.374642] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 19.380492] ? __debug_object_init+0x235/0x1040 [ 19.385137] preempt_schedule_common+0x22/0x60 [ 19.389685] _cond_resched+0x1d/0x30 [ 19.393364] wait_for_completion+0xa5/0x770 [ 19.397655] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 19.402641] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 19.408407] ? __lockdep_init_map+0xe4/0x650 [ 19.412786] ? __init_waitqueue_head+0x97/0x140 [ 19.417422] ? init_wait_entry+0x1b0/0x1b0 [ 19.421632] __synchronize_srcu+0x1ad/0x260 [ 19.425918] ? call_srcu+0x10/0x10 [ 19.429425] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 19.434933] ? irq_matrix_allocated+0x80/0x80 [ 19.439395] ? synchronize_srcu+0x3c5/0x570 [ 19.443686] synchronize_srcu+0x1a3/0x570 [ 19.447804] ? synchronize_srcu+0x1a3/0x570 [ 19.452091] ? lock_downgrade+0x980/0x980 [ 19.456203] ? synchronize_srcu_expedited+0x20/0x20 [ 19.461185] ? lock_release+0xa40/0xa40 [ 19.465126] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 19.469938] ? do_raw_spin_trylock+0x190/0x190 [ 19.474498] kvm_page_track_unregister_notifier+0x186/0x270 [ 19.480178] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 19.485597] ? kvfree+0x36/0x60 [ 19.488857] ? rcu_read_lock_sched_held+0x108/0x120 [ 19.493842] kvm_mmu_uninit_vm+0x1c/0x20 [ 19.497870] kvm_arch_destroy_vm+0x73b/0x980 [ 19.502248] ? kvm_arch_sync_events+0x30/0x30 [ 19.506711] ? mmdrop+0x18/0x30 [ 19.509960] ? mmu_notifier_unregister+0x437/0x5c0 [ 19.514856] ? kvm_put_kvm+0x47a/0xde0 [ 19.518714] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 19.524564] ? __free_pages+0x107/0x150 [ 19.528507] ? free_unref_page+0x9e0/0x9e0 [ 19.532710] ? quarantine_put+0xeb/0x190 [ 19.536735] ? kfree+0xf0/0x260 [ 19.539981] ? kvm_put_kvm+0x614/0xde0 [ 19.543840] ? free_pages+0x51/0x90 [ 19.547444] kvm_put_kvm+0x695/0xde0 [ 19.551130] ? kvm_clear_guest+0xb0/0xb0 [ 19.555162] ? kvm_irqfd_release+0xd1/0x120 [ 19.559450] ? lock_downgrade+0x980/0x980 [ 19.563573] ? _raw_spin_unlock_irq+0x27/0x70 [ 19.568041] ? kvm_irqfd_release+0xdd/0x120 [ 19.572328] ? kvm_irqfd_release+0xdd/0x120 [ 19.576616] ? kvm_put_kvm+0xde0/0xde0 [ 19.580468] kvm_vm_release+0x42/0x50 [ 19.584235] __fput+0x327/0x7e0 [ 19.587486] ? fput+0x140/0x140 [ 19.590732] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 19.596584] ? _raw_spin_unlock_irq+0x27/0x70 [ 19.601049] ____fput+0x15/0x20 [ 19.604295] task_work_run+0x199/0x270 [ 19.608167] ? task_work_cancel+0x210/0x210 [ 19.612455] ? _raw_spin_unlock+0x22/0x30 [ 19.616570] ? switch_task_namespaces+0x87/0xc0 [ 19.621207] do_exit+0x9bb/0x1ad0 [ 19.624624] ? kvm_vcpu_fault+0x520/0x520 [ 19.628743] ? mm_update_next_owner+0x930/0x930 [ 19.633380] ? find_held_lock+0x35/0x1d0 [ 19.637414] ? handle_mm_fault+0x2a0/0x930 [ 19.641616] ? find_held_lock+0x35/0x1d0 [ 19.645650] ? __do_page_fault+0x5f7/0xc90 [ 19.649852] ? lock_downgrade+0x980/0x980 [ 19.653972] ? down_read_trylock+0xdb/0x170 [ 19.658261] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 19.662807] ? vmacache_find+0x5f/0x280 [ 19.666755] ? up_read+0x1a/0x40 [ 19.670261] ? __do_page_fault+0x3d6/0xc90 [ 19.674467] ? kvm_vcpu_fault+0x520/0x520 [ 19.678581] ? do_vfs_ioctl+0x486/0x1520 [ 19.682609] ? _cond_resched+0x14/0x30 [ 19.686465] ? ioctl_preallocate+0x2b0/0x2b0 [ 19.690843] ? selinux_capable+0x40/0x40 [ 19.694872] ? putname+0xf3/0x130 [ 19.698299] do_group_exit+0x149/0x400 [ 19.702155] ? SyS_exit+0x30/0x30 [ 19.705575] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 19.710560] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 19.715287] SyS_exit_group+0x1d/0x20 [ 19.719054] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.723776] RIP: 0033:0x43ed88 [ 19.726934] RSP: 002b:00007ffc073e6098 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 19.734607] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ed88 [ 19.741843] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 19.749080] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 19.756316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 19.763553] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 19.770819] [ 19.770821] ====================================================== [ 19.770824] WARNING: possible circular locking dependency detected [ 19.770825] 4.15.0-rc4-next-20171220+ #77 Not tainted [ 19.770828] ------------------------------------------------------ [ 19.770830] syzkaller493342/3145 is trying to acquire lock: [ 19.770831] ((console_sem).lock){..-.}, at: [<0000000019d60f71>] down_trylock+0x13/0x70 [ 19.770837] [ 19.770838] but task is already holding lock: [ 19.770839] (report_lock){....}, at: [<000000005f10f37d>] kasan_report+0x6b/0x340 [ 19.770844] [ 19.770846] which lock already depends on the new lock. [ 19.770847] [ 19.770848] [ 19.770850] the existing dependency chain (in reverse order) is: [ 19.770851] [ 19.770852] -> #3 (report_lock){....}: [ 19.770858] _raw_spin_lock_irqsave+0x96/0xc0 [ 19.770859] kasan_report+0x6b/0x340 [ 19.770861] __asan_report_load8_noabort+0x14/0x20 [ 19.770863] __schedule+0xda3/0x2060 [ 19.770865] preempt_schedule_common+0x22/0x60 [ 19.770866] _cond_resched+0x1d/0x30 [ 19.770868] wait_for_completion+0xa5/0x770 [ 19.770870] __synchronize_srcu+0x1ad/0x260 [ 19.770871] synchronize_srcu+0x1a3/0x570 [ 19.770874] kvm_page_track_unregister_notifier+0x186/0x270 [ 19.770875] kvm_mmu_uninit_vm+0x1c/0x20 [ 19.770877] kvm_arch_destroy_vm+0x73b/0x980 [ 19.770879] kvm_put_kvm+0x695/0xde0 [ 19.770880] kvm_vm_release+0x42/0x50 [ 19.770882] __fput+0x327/0x7e0 [ 19.770883] ____fput+0x15/0x20 [ 19.770885] task_work_run+0x199/0x270 [ 19.770886] do_exit+0x9bb/0x1ad0 [ 19.770888] do_group_exit+0x149/0x400 [ 19.770890] SyS_exit_group+0x1d/0x20 [ 19.770891] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.770892] [ 19.770893] -> #2 (&rq->lock){-.-.}: [ 19.770898] _raw_spin_lock+0x2a/0x40 [ 19.770900] task_fork_fair+0x7a/0x690 [ 19.770902] sched_fork+0x435/0xc00 [ 19.770903] copy_process.part.37+0x1758/0x4b60 [ 19.770905] _do_fork+0x1f7/0xf70 [ 19.770907] kernel_thread+0x34/0x40 [ 19.770908] rest_init+0x22/0xf0 [ 19.770910] start_kernel+0x7f1/0x819 [ 19.770912] x86_64_start_reservations+0x2a/0x2c [ 19.770913] x86_64_start_kernel+0x77/0x7a [ 19.770915] secondary_startup_64+0xa5/0xb0 [ 19.770916] [ 19.770917] -> #1 (&p->pi_lock){-.-.}: [ 19.770922] _raw_spin_lock_irqsave+0x96/0xc0 [ 19.770924] try_to_wake_up+0xbc/0x1600 [ 19.770926] wake_up_process+0x10/0x20 [ 19.770927] __up.isra.0+0x1cc/0x2c0 [ 19.770929] up+0x13b/0x1d0 [ 19.770930] __up_console_sem+0xb2/0x1a0 [ 19.770932] console_unlock+0x538/0xd70 [ 19.770933] con_install+0x33a/0x430 [ 19.770935] tty_init_dev+0xf6/0x4a0 [ 19.770937] tty_open+0x5fc/0xaa0 [ 19.770938] chrdev_open+0x257/0x730 [ 19.770940] do_dentry_open+0x667/0xd40 [ 19.770941] vfs_open+0x107/0x220 [ 19.770943] path_openat+0x1151/0x3530 [ 19.770944] do_filp_open+0x25b/0x3b0 [ 19.770946] do_sys_open+0x502/0x6d0 [ 19.770947] SyS_open+0x2d/0x40 [ 19.770949] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.770950] [ 19.770951] -> #0 ((console_sem).lock){..-.}: [ 19.770957] lock_acquire+0x1d5/0x580 [ 19.770958] _raw_spin_lock_irqsave+0x96/0xc0 [ 19.770960] down_trylock+0x13/0x70 [ 19.770962] __down_trylock_console_sem+0xa2/0x1e0 [ 19.770964] console_trylock+0x15/0x100 [ 19.770965] vprintk_emit+0x49b/0x590 [ 19.770967] vprintk_default+0x28/0x30 [ 19.770968] vprintk_func+0x57/0xc0 [ 19.770970] printk+0xaa/0xca [ 19.770971] kasan_report+0x7b/0x340 [ 19.770973] __asan_report_load8_noabort+0x14/0x20 [ 19.770975] __schedule+0xda3/0x2060 [ 19.770977] preempt_schedule_common+0x22/0x60 [ 19.770978] _cond_resched+0x1d/0x30 [ 19.770980] wait_for_completion+0xa5/0x770 [ 19.770982] __synchronize_srcu+0x1ad/0x260 [ 19.770983] synchronize_srcu+0x1a3/0x570 [ 19.770986] kvm_page_track_unregister_notifier+0x186/0x270 [ 19.770987] kvm_mmu_uninit_vm+0x1c/0x20 [ 19.770989] kvm_arch_destroy_vm+0x73b/0x980 [ 19.770991] kvm_put_kvm+0x695/0xde0 [ 19.770992] kvm_vm_release+0x42/0x50 [ 19.770994] __fput+0x327/0x7e0 [ 19.770995] ____fput+0x15/0x20 [ 19.770997] task_work_run+0x199/0x270 [ 19.770998] do_exit+0x9bb/0x1ad0 [ 19.771000] do_group_exit+0x149/0x400 [ 19.771001] SyS_exit_group+0x1d/0x20 [ 19.771003] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.771004] [ 19.771006] other info that might help us debug this: [ 19.771007] [ 19.771008] Chain exists of: [ 19.771009] (console_sem).lock --> &rq->lock --> report_lock [ 19.771016] [ 19.771017] Possible unsafe locking scenario: [ 19.771018] [ 19.771020] CPU0 CPU1 [ 19.771022] ---- ---- [ 19.771022] lock(report_lock); [ 19.771026] lock(&rq->lock); [ 19.771030] lock(report_lock); [ 19.771033] lock((console_sem).lock); [ 19.771036] [ 19.771037] *** DEADLOCK *** [ 19.771038] [ 19.771040] 2 locks held by syzkaller493342/3145: [ 19.771041] #0: (&rq->lock){-.-.}, at: [<000000009174ae1c>] __schedule+0x24e/0x2060 [ 19.771046] #1: (report_lock){....}, at: [<000000005f10f37d>] kasan_report+0x6b/0x340 [ 19.771052] [ 19.771053] stack backtrace: [ 19.771056] CPU: 0 PID: 3145 Comm: syzkaller493342 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 19.771059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.771061] Call Trace: [ 19.771062] dump_stack+0x194/0x257 [ 19.771064] ? arch_local_irq_restore+0x53/0x53 [ 19.771066] print_circular_bug.isra.37+0x2cd/0x2dc [ 19.771067] ? save_trace+0xe0/0x2b0 [ 19.771069] __lock_acquire+0x30a8/0x3e00 [ 19.771071] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 19.771073] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 19.771075] ? print_lockdep_cache.isra.31+0x109/0x109 [ 19.771076] ? save_stack_trace+0x1a/0x20 [ 19.771078] ? save_trace+0xe0/0x2b0 [ 19.771080] ? __lock_acquire+0x36c0/0x3e00 [ 19.771081] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 19.771083] ? __lock_is_held+0xb6/0x140 [ 19.771085] ? __lock_is_held+0xb6/0x140 [ 19.771086] lock_acquire+0x1d5/0x580 [ 19.771088] ? lock_acquire+0x1d5/0x580 [ 19.771089] ? down_trylock+0x13/0x70 [ 19.771091] ? find_held_lock+0x35/0x1d0 [ 19.771093] ? lock_release+0xa40/0xa40 [ 19.771094] ? vprintk_emit+0x379/0x590 [ 19.771096] ? lock_downgrade+0x980/0x980 [ 19.771098] ? kvm_sched_clock_read+0x25/0x40 [ 19.771099] ? sched_clock+0x31/0x40 [ 19.771101] ? sched_clock_cpu+0x1b/0x170 [ 19.771102] ? vprintk_emit+0x49b/0x590 [ 19.771104] _raw_spin_lock_irqsave+0x96/0xc0 [ 19.771105] ? down_trylock+0x13/0x70 [ 19.771107] down_trylock+0x13/0x70 [ 19.771109] ? vprintk_emit+0x49b/0x590 [ 19.771110] __down_trylock_console_sem+0xa2/0x1e0 [ 19.771112] console_trylock+0x15/0x100 [ 19.771113] vprintk_emit+0x49b/0x590 [ 19.771115] vprintk_default+0x28/0x30 [ 19.771117] vprintk_func+0x57/0xc0 [ 19.771118] printk+0xaa/0xca [ 19.771120] ? show_regs_print_info+0x18/0x18 [ 19.771121] ? __schedule+0xda3/0x2060 [ 19.771123] kasan_report+0x7b/0x340 [ 19.771124] __asan_report_load8_noabort+0x14/0x20 [ 19.771126] __schedule+0xda3/0x2060 [ 19.771128] ? __sched_text_start+0x8/0x8 [ 19.771129] ? trace_hardirqs_on+0xd/0x10 [ 19.771131] ? __call_srcu+0x7ee/0x1020 [ 19.771133] ? do_raw_spin_trylock+0x190/0x190 [ 19.771134] ? do_raw_spin_trylock+0x190/0x190 [ 19.771136] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 19.771138] ? __debug_object_init+0x235/0x1040 [ 19.771140] preempt_schedule_common+0x22/0x60 [ 19.771141] _cond_resched+0x1d/0x30 [ 19.771143] wait_for_completion+0xa5/0x770 [ 19.771145] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 19.771147] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 19.771149] ? __lockdep_init_map+0xe4/0x650 [ 19.771151] ? __init_waitqueue_head+0x97/0x140 [ 19.771152] ? init_wait_entry+0x1b0/0x1b0 [ 19.771154] __synchronize_srcu+0x1ad/0x260 [ 19.771155] ? call_srcu+0x10/0x10 [ 19.771157] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 19.771159] ? irq_matrix_allocated+0x80/0x80 [ 19.771161] ? synchronize_srcu+0x3c5/0x570 [ 19.771162] synchronize_srcu+0x1a3/0x570 [ 19.771164] ? synchronize_srcu+0x1a3/0x570 [ 19.771166] ? lock_downgrade+0x980/0x980 [ 19.771168] ? synchronize_srcu_expedited+0x20/0x20 [ 19.771169] ? lock_release+0xa40/0xa40 [ 19.771171] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 19.771173] ? do_raw_spin_trylock+0x190/0x190 [ 19.771175] kvm_page_track_unregister_notifier+0x186/0x270 [ 19.771177] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 19.771178] ? kvfree+0x36/0x60 [ 19.771180] ? rcu_read_lock_sched_held+0x108/0x120 [ 19.771182] kvm_mmu_uninit_vm+0x1c/0x20 [ 19.771184] kvm_arch_destroy_vm+0x73b/0x980 [ 19.771185] ? kvm_arch_sync_events+0x30/0x30 [ 19.771187] ? mmdrop+0x18/0x30 [ 19.771188] ? mmu_notifier_unregister+0x437/0x5c0 [ 19.771190] ? kvm_put_kvm+0x47a/0xde0 [ 19.771192] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 19.771194] ? __free_pages+0x107/0x150 [ 19.771195] ? free_unref_page+0x9e0/0x9e0 [ 19.771197] ? quarantine_put+0xeb/0x190 [ 19.771198] ? kfree+0xf0/0x260 [ 19.771200] ? kvm_put_kvm+0x614/0xde0 [ 19.771201] ? free_pages+0x51/0x90 [ 19.771203] kvm_put_kvm+0x695/0xde0 [ 19.771205] ? kvm_clear_guest+0xb0/0xb0 [ 19.771206] ? kvm_irqfd_release+0xd1/0x120 [ 19.771208] ? lock_downgrade+0x980/0x980 [ 19.771210] ? _raw_spin_unlock_irq+0x27/0x70 [ 19.771211] ? kvm_irqfd_release+0xdd/0x120 [ 19.771213] ? kvm_irqfd_release+0xdd/0x120 [ 19.771215] ? kvm_put_kvm+0xde0/0xde0 [ 19.771216] kvm_vm_release+0x42/0x50 [ 19.771217] __fput+0x327/0x7e0 [ 19.771219] ? fput+0x140/0x140 [ 19.771221] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 19.771223] ? _raw_spin_unlock_irq+0x27/0x70 [ 19.771224] ____fput+0x15/0x20 [ 19.771226] task_work_run+0x199/0x270 [ 19.771227] ? task_work_cancel+0x210/0x210 [ 19.771229] ? _raw_spin_unlock+0x22/0x30 [ 19.771231] ? switch_task_namespaces+0x87/0xc0 [ 19.771232] do_exit+0x9bb/0x1ad0 [ 19.771234] ? kvm_vcpu_fault+0x520/0x520 [ 19.771236] ? mm_update_next_owner+0x930/0x930 [ 19.771237] ? find_held_lock+0x35/0x1d0 [ 19.771239] ? handle_mm_fault+0x2a0/0x930 [ 19.771240] ? find_held_lock+0x35/0x1d0 [ 19.771242] ? __do_page_fault+0x5f7/0xc90 [ 19.771244] ? lock_downgrade+0x980/0x980 [ 19.771245] ? down_read_trylock+0xdb/0x170 [ 19.771247] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 19.771249] ? vmacache_find+0x5f/0x280 [ 19.771251] ? up_read+0x1a/0x40 [ 19.771252] ? __do_page_fault+0x3d6/0xc90 [ 19.771254] ? kvm_vcpu_fault+0x520/0x520 [ 19.771256] ? do_vfs_ioctl+0x486/0x1520 [ 19.771257] ? _cond_resched+0x14/0x30 [ 19.771260] Lost 17 message(s)! [ 20.842381] Shutting down cpus with NMI [ 21.897486] Dumping ftrace buffer: [ 21.900992] (ftrace buffer empty) [ 21.904668] Kernel Offset: disabled [ 21.908265] Rebooting in 86400 seconds..