[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 12.227448] audit: type=1400 audit(1513781987.769:6): avc: denied { map } for pid=3134 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-next-kasan-gce-8,10.128.0.23' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 18.476757] audit: type=1400 audit(1513781994.018:7): avc: denied { map } for pid=3148 comm="syzkaller462349" path="/root/syzkaller462349315" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 18.509360] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 18.526230] ================================================================== [ 18.534718] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 18.540916] Read of size 8 at addr ffff8801c85a8058 by task syzkaller462349/3148 [ 18.548419] [ 18.550017] CPU: 1 PID: 3148 Comm: syzkaller462349 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 18.558555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.567872] Call Trace: [ 18.570425] dump_stack+0x194/0x257 [ 18.574539] ? arch_local_irq_restore+0x53/0x53 [ 18.579175] ? show_regs_print_info+0x18/0x18 [ 18.583642] ? __schedule+0xda3/0x2060 [ 18.587495] print_address_description+0x73/0x250 [ 18.592307] ? __schedule+0xda3/0x2060 [ 18.596162] kasan_report+0x25b/0x340 [ 18.599931] __asan_report_load8_noabort+0x14/0x20 [ 18.604829] __schedule+0xda3/0x2060 [ 18.608512] ? __sched_text_start+0x8/0x8 [ 18.612889] ? _raw_spin_unlock_irqrestore+0x5e/0xba [ 18.617963] ? __call_srcu+0x7ee/0x1020 [ 18.621903] ? do_raw_spin_trylock+0x190/0x190 [ 18.626457] ? do_raw_spin_trylock+0x190/0x190 [ 18.631013] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 18.636866] ? __debug_object_init+0x235/0x1040 [ 18.641507] preempt_schedule_common+0x22/0x60 [ 18.646055] _cond_resched+0x1d/0x30 [ 18.649734] wait_for_completion+0xa5/0x770 [ 18.654023] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 18.659007] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 18.664771] ? __lockdep_init_map+0xe4/0x650 [ 18.669151] ? __init_waitqueue_head+0x97/0x140 [ 18.673785] ? init_wait_entry+0x1b0/0x1b0 [ 18.677992] __synchronize_srcu+0x1ad/0x260 [ 18.682279] ? call_srcu+0x10/0x10 [ 18.685787] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 18.691296] ? irq_matrix_allocated+0x80/0x80 [ 18.695758] ? synchronize_srcu+0x3c5/0x570 [ 18.700050] synchronize_srcu+0x1a3/0x570 [ 18.704163] ? synchronize_srcu+0x1a3/0x570 [ 18.708454] ? lock_downgrade+0x980/0x980 [ 18.712569] ? synchronize_srcu_expedited+0x20/0x20 [ 18.717549] ? lock_release+0xa40/0xa40 [ 18.721489] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 18.726301] ? do_raw_spin_trylock+0x190/0x190 [ 18.730860] kvm_page_track_unregister_notifier+0x186/0x270 [ 18.736538] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 18.741956] ? kvfree+0x36/0x60 [ 18.745202] ? rcu_read_lock_sched_held+0x108/0x120 [ 18.750187] kvm_mmu_uninit_vm+0x1c/0x20 [ 18.754216] kvm_arch_destroy_vm+0x73b/0x980 [ 18.758594] ? kvm_arch_sync_events+0x30/0x30 [ 18.763055] ? mmdrop+0x18/0x30 [ 18.766303] ? mmu_notifier_unregister+0x437/0x5c0 [ 18.771199] ? kvm_put_kvm+0x47a/0xde0 [ 18.775057] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 18.780911] ? __free_pages+0x107/0x150 [ 18.784851] ? free_unref_page+0x9e0/0x9e0 [ 18.789053] ? quarantine_put+0xeb/0x190 [ 18.793078] ? kfree+0xf0/0x260 [ 18.796323] ? kvm_put_kvm+0x614/0xde0 [ 18.800180] ? free_pages+0x51/0x90 [ 18.803776] kvm_put_kvm+0x695/0xde0 [ 18.807470] ? kvm_clear_guest+0xb0/0xb0 [ 18.811501] ? kvm_irqfd_release+0xd1/0x120 [ 18.815797] ? lock_downgrade+0x980/0x980 [ 18.819922] ? _raw_spin_unlock_irq+0x27/0x70 [ 18.824390] ? kvm_irqfd_release+0xdd/0x120 [ 18.828676] ? kvm_irqfd_release+0xdd/0x120 [ 18.832965] ? kvm_put_kvm+0xde0/0xde0 [ 18.836819] kvm_vm_release+0x42/0x50 [ 18.840588] __fput+0x327/0x7e0 [ 18.843838] ? fput+0x140/0x140 [ 18.847086] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 18.852940] ? _raw_spin_unlock_irq+0x27/0x70 [ 18.857404] ____fput+0x15/0x20 [ 18.860652] task_work_run+0x199/0x270 [ 18.864510] ? task_work_cancel+0x210/0x210 [ 18.868799] ? _raw_spin_unlock+0x22/0x30 [ 18.872912] ? switch_task_namespaces+0x87/0xc0 [ 18.877551] do_exit+0x9bb/0x1ad0 [ 18.880969] ? kvm_vcpu_fault+0x520/0x520 [ 18.885085] ? mm_update_next_owner+0x930/0x930 [ 18.889721] ? find_held_lock+0x35/0x1d0 [ 18.893753] ? handle_mm_fault+0x2a0/0x930 [ 18.897958] ? find_held_lock+0x35/0x1d0 [ 18.901993] ? __do_page_fault+0x5f7/0xc90 [ 18.906196] ? lock_downgrade+0x980/0x980 [ 18.910317] ? down_read_trylock+0xdb/0x170 [ 18.914606] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 18.919155] ? vmacache_find+0x5f/0x280 [ 18.923101] ? up_read+0x1a/0x40 [ 18.926436] ? __do_page_fault+0x3d6/0xc90 [ 18.930644] ? task_work_run+0x1f4/0x270 [ 18.934675] ? kvm_vcpu_fault+0x520/0x520 [ 18.938789] ? do_vfs_ioctl+0x486/0x1520 [ 18.942820] ? ioctl_preallocate+0x2b0/0x2b0 [ 18.947198] ? selinux_capable+0x40/0x40 [ 18.951228] ? __close_fd+0x222/0x360 [ 18.955000] do_group_exit+0x149/0x400 [ 18.958857] ? SyS_exit+0x30/0x30 [ 18.962280] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 18.967265] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 18.971987] SyS_exit_group+0x1d/0x20 [ 18.975755] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 18.980476] RIP: 0033:0x441c38 [ 18.983634] RSP: 002b:00007fff9aeed098 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 18.991307] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000441c38 [ 18.998541] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 19.005776] RBP: 0000000000000003 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 19.013013] R10: 00008c0000500000 R11: 0000000000000246 R12: 0000000000000010 [ 19.020251] R13: 000000002040300c R14: 0000000000000001 R15: 00000000000000ad [ 19.027496] [ 19.029090] Allocated by task 3148: [ 19.032682] save_stack+0x43/0xd0 [ 19.036749] kasan_kmalloc+0xad/0xe0 [ 19.040438] kasan_slab_alloc+0x12/0x20 [ 19.044378] kmem_cache_alloc+0x12e/0x760 [ 19.048490] vmx_create_vcpu+0xc4/0x2f20 [ 19.052516] kvm_arch_vcpu_create+0x12c/0x1a0 [ 19.056976] kvm_vm_ioctl+0x48b/0x1c60 [ 19.060829] do_vfs_ioctl+0x1b1/0x1520 [ 19.064678] SyS_ioctl+0x8f/0xc0 [ 19.068010] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.072726] [ 19.074320] Freed by task 3148: [ 19.077565] save_stack+0x43/0xd0 [ 19.080983] kasan_slab_free+0x71/0xc0 [ 19.084836] kmem_cache_free+0x83/0x2a0 [ 19.088775] vmx_free_vcpu+0x1ee/0x260 [ 19.092627] kvm_arch_destroy_vm+0x4a2/0x980 [ 19.097000] kvm_put_kvm+0x695/0xde0 [ 19.100678] kvm_vm_release+0x42/0x50 [ 19.104441] __fput+0x327/0x7e0 [ 19.107687] ____fput+0x15/0x20 [ 19.110936] task_work_run+0x199/0x270 [ 19.114787] do_exit+0x9bb/0x1ad0 [ 19.118205] do_group_exit+0x149/0x400 [ 19.122058] SyS_exit_group+0x1d/0x20 [ 19.125825] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.130540] [ 19.132135] The buggy address belongs to the object at ffff8801c85a8040 [ 19.132135] which belongs to the cache kvm_vcpu of size 23872 [ 19.144668] The buggy address is located 24 bytes inside of [ 19.144668] 23872-byte region [ffff8801c85a8040, ffff8801c85add80) [ 19.156593] The buggy address belongs to the page: [ 19.161489] page:0000000085934221 count:1 mapcount:0 mapping:00000000c2ec0e04 index:0x0 compound_mapcount: 0 [ 19.171421] flags: 0x2fffc0000008100(slab|head) [ 19.176057] raw: 02fffc0000008100 ffff8801c85a8040 0000000000000000 0000000100000001 [ 19.183904] raw: ffff8801d6d9e848 ffff8801d6d9e848 ffff8801d9844080 0000000000000000 [ 19.191747] page dumped because: kasan: bad access detected [ 19.197419] [ 19.199012] Memory state around the buggy address: [ 19.203911] ffff8801c85a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.211237] ffff8801c85a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.218561] >ffff8801c85a8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 19.225883] ^ [ 19.232254] ffff8801c85a8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.239579] ffff8801c85a8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.246903] ================================================================== [ 19.254225] Kernel panic - not syncing: panic_on_warn set ... [ 19.254225] [ 19.261554] CPU: 1 PID: 3148 Comm: syzkaller462349 Tainted: G B 4.15.0-rc4-next-20171220+ #77 [ 19.271394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.280716] Call Trace: [ 19.283275] dump_stack+0x194/0x257 [ 19.286872] ? arch_local_irq_restore+0x53/0x53 [ 19.291507] ? kasan_end_report+0x32/0x50 [ 19.295620] ? lock_downgrade+0x980/0x980 [ 19.299736] ? vsnprintf+0x1ed/0x1900 [ 19.303503] ? __schedule+0xcf0/0x2060 [ 19.307356] panic+0x1e4/0x41c [ 19.310514] ? refcount_error_report+0x214/0x214 [ 19.315238] ? print_shadow_for_address+0xdc/0x1a0 [ 19.320134] ? add_taint+0x1c/0x50 [ 19.323644] ? __schedule+0xda3/0x2060 [ 19.327501] kasan_end_report+0x50/0x50 [ 19.331440] kasan_report+0x144/0x340 [ 19.335210] __asan_report_load8_noabort+0x14/0x20 [ 19.340105] __schedule+0xda3/0x2060 [ 19.343789] ? __sched_text_start+0x8/0x8 [ 19.347907] ? _raw_spin_unlock_irqrestore+0x5e/0xba [ 19.352977] ? __call_srcu+0x7ee/0x1020 [ 19.356918] ? do_raw_spin_trylock+0x190/0x190 [ 19.361465] ? do_raw_spin_trylock+0x190/0x190 [ 19.366022] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 19.371874] ? __debug_object_init+0x235/0x1040 [ 19.376516] preempt_schedule_common+0x22/0x60 [ 19.381066] _cond_resched+0x1d/0x30 [ 19.384746] wait_for_completion+0xa5/0x770 [ 19.389036] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 19.394021] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 19.399788] ? __lockdep_init_map+0xe4/0x650 [ 19.404514] ? __init_waitqueue_head+0x97/0x140 [ 19.409151] ? init_wait_entry+0x1b0/0x1b0 [ 19.413359] __synchronize_srcu+0x1ad/0x260 [ 19.417648] ? call_srcu+0x10/0x10 [ 19.421155] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 19.426673] ? irq_matrix_allocated+0x80/0x80 [ 19.433211] ? synchronize_srcu+0x3c5/0x570 [ 19.438629] synchronize_srcu+0x1a3/0x570 [ 19.442743] ? synchronize_srcu+0x1a3/0x570 [ 19.447029] ? lock_downgrade+0x980/0x980 [ 19.451144] ? synchronize_srcu_expedited+0x20/0x20 [ 19.456132] ? lock_release+0xa40/0xa40 [ 19.460072] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 19.464883] ? do_raw_spin_trylock+0x190/0x190 [ 19.469442] kvm_page_track_unregister_notifier+0x186/0x270 [ 19.475120] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 19.480538] ? kvfree+0x36/0x60 [ 19.483784] ? rcu_read_lock_sched_held+0x108/0x120 [ 19.488771] kvm_mmu_uninit_vm+0x1c/0x20 [ 19.492800] kvm_arch_destroy_vm+0x73b/0x980 [ 19.497179] ? kvm_arch_sync_events+0x30/0x30 [ 19.501642] ? mmdrop+0x18/0x30 [ 19.504891] ? mmu_notifier_unregister+0x437/0x5c0 [ 19.509785] ? kvm_put_kvm+0x47a/0xde0 [ 19.513640] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 19.519495] ? __free_pages+0x107/0x150 [ 19.523435] ? free_unref_page+0x9e0/0x9e0 [ 19.527637] ? quarantine_put+0xeb/0x190 [ 19.531664] ? kfree+0xf0/0x260 [ 19.534910] ? kvm_put_kvm+0x614/0xde0 [ 19.538767] ? free_pages+0x51/0x90 [ 19.542360] kvm_put_kvm+0x695/0xde0 [ 19.546050] ? kvm_clear_guest+0xb0/0xb0 [ 19.550083] ? kvm_irqfd_release+0xd1/0x120 [ 19.554372] ? lock_downgrade+0x980/0x980 [ 19.558503] ? _raw_spin_unlock_irq+0x27/0x70 [ 19.562970] ? kvm_irqfd_release+0xdd/0x120 [ 19.567257] ? kvm_irqfd_release+0xdd/0x120 [ 19.571546] ? kvm_put_kvm+0xde0/0xde0 [ 19.575398] kvm_vm_release+0x42/0x50 [ 19.579168] __fput+0x327/0x7e0 [ 19.582418] ? fput+0x140/0x140 [ 19.585668] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 19.591518] ? _raw_spin_unlock_irq+0x27/0x70 [ 19.595998] ____fput+0x15/0x20 [ 19.599252] task_work_run+0x199/0x270 [ 19.603107] ? task_work_cancel+0x210/0x210 [ 19.607394] ? _raw_spin_unlock+0x22/0x30 [ 19.611509] ? switch_task_namespaces+0x87/0xc0 [ 19.616149] do_exit+0x9bb/0x1ad0 [ 19.619655] ? kvm_vcpu_fault+0x520/0x520 [ 19.623778] ? mm_update_next_owner+0x930/0x930 [ 19.628412] ? find_held_lock+0x35/0x1d0 [ 19.632444] ? handle_mm_fault+0x2a0/0x930 [ 19.636648] ? find_held_lock+0x35/0x1d0 [ 19.640684] ? __do_page_fault+0x5f7/0xc90 [ 19.644887] ? lock_downgrade+0x980/0x980 [ 19.649269] ? down_read_trylock+0xdb/0x170 [ 19.653559] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 19.658106] ? vmacache_find+0x5f/0x280 [ 19.662051] ? up_read+0x1a/0x40 [ 19.665387] ? __do_page_fault+0x3d6/0xc90 [ 19.669587] ? task_work_run+0x1f4/0x270 [ 19.673619] ? kvm_vcpu_fault+0x520/0x520 [ 19.677732] ? do_vfs_ioctl+0x486/0x1520 [ 19.681761] ? ioctl_preallocate+0x2b0/0x2b0 [ 19.686138] ? selinux_capable+0x40/0x40 [ 19.690168] ? __close_fd+0x222/0x360 [ 19.693941] do_group_exit+0x149/0x400 [ 19.697810] ? SyS_exit+0x30/0x30 [ 19.701233] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 19.706221] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 19.711291] SyS_exit_group+0x1d/0x20 [ 19.715061] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.719783] RIP: 0033:0x441c38 [ 19.722946] RSP: 002b:00007fff9aeed098 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 19.730622] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000441c38 [ 19.738551] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 19.747262] RBP: 0000000000000003 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 19.754499] R10: 00008c0000500000 R11: 0000000000000246 R12: 0000000000000010 [ 19.761735] R13: 000000002040300c R14: 0000000000000001 R15: 00000000000000ad [ 19.768986] [ 19.768989] ====================================================== [ 19.768991] WARNING: possible circular locking dependency detected [ 19.768993] 4.15.0-rc4-next-20171220+ #77 Not tainted [ 19.768996] ------------------------------------------------------ [ 19.768998] syzkaller462349/3148 is trying to acquire lock: [ 19.768999] ((console_sem).lock){..-.}, at: [<00000000633f961d>] down_trylock+0x13/0x70 [ 19.769004] [ 19.769006] but task is already holding lock: [ 19.769007] (report_lock){....}, at: [<00000000e09fee3d>] kasan_report+0x6b/0x340 [ 19.769012] [ 19.769014] which lock already depends on the new lock. [ 19.769015] [ 19.769015] [ 19.769018] the existing dependency chain (in reverse order) is: [ 19.769018] [ 19.769019] -> #3 (report_lock){....}: [ 19.769025] _raw_spin_lock_irqsave+0x96/0xc0 [ 19.769027] kasan_report+0x6b/0x340 [ 19.769028] __asan_report_load8_noabort+0x14/0x20 [ 19.769030] __schedule+0xda3/0x2060 [ 19.769032] preempt_schedule_common+0x22/0x60 [ 19.769034] _cond_resched+0x1d/0x30 [ 19.769035] wait_for_completion+0xa5/0x770 [ 19.769037] __synchronize_srcu+0x1ad/0x260 [ 19.769039] synchronize_srcu+0x1a3/0x570 [ 19.769041] kvm_page_track_unregister_notifier+0x186/0x270 [ 19.769043] kvm_mmu_uninit_vm+0x1c/0x20 [ 19.769044] kvm_arch_destroy_vm+0x73b/0x980 [ 19.769046] kvm_put_kvm+0x695/0xde0 [ 19.769048] kvm_vm_release+0x42/0x50 [ 19.769049] __fput+0x327/0x7e0 [ 19.769051] ____fput+0x15/0x20 [ 19.769052] task_work_run+0x199/0x270 [ 19.769054] do_exit+0x9bb/0x1ad0 [ 19.769055] do_group_exit+0x149/0x400 [ 19.769057] SyS_exit_group+0x1d/0x20 [ 19.769059] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.769060] [ 19.769061] -> #2 (&rq->lock){-.-.}: [ 19.769066] _raw_spin_lock+0x2a/0x40 [ 19.769067] task_fork_fair+0x7a/0x690 [ 19.769069] sched_fork+0x435/0xc00 [ 19.769071] copy_process.part.37+0x1758/0x4b60 [ 19.769072] _do_fork+0x1f7/0xf70 [ 19.769074] kernel_thread+0x34/0x40 [ 19.769075] rest_init+0x22/0xf0 [ 19.769077] start_kernel+0x7f1/0x819 [ 19.769079] x86_64_start_reservations+0x2a/0x2c [ 19.769081] x86_64_start_kernel+0x77/0x7a [ 19.769082] secondary_startup_64+0xa5/0xb0 [ 19.769083] [ 19.769084] -> #1 (&p->pi_lock){-.-.}: [ 19.769090] _raw_spin_lock_irqsave+0x96/0xc0 [ 19.769091] try_to_wake_up+0xbc/0x1600 [ 19.769093] wake_up_process+0x10/0x20 [ 19.769094] __up.isra.0+0x1cc/0x2c0 [ 19.769096] up+0x13b/0x1d0 [ 19.769098] __up_console_sem+0xb2/0x1a0 [ 19.769099] console_unlock+0x538/0xd70 [ 19.769101] con_install+0x33a/0x430 [ 19.769102] tty_init_dev+0xf6/0x4a0 [ 19.769104] tty_open+0x5fc/0xaa0 [ 19.769105] chrdev_open+0x257/0x730 [ 19.769107] do_dentry_open+0x667/0xd40 [ 19.769109] vfs_open+0x107/0x220 [ 19.769110] path_openat+0x1151/0x3530 [ 19.769112] do_filp_open+0x25b/0x3b0 [ 19.769113] do_sys_open+0x502/0x6d0 [ 19.769115] SyS_open+0x2d/0x40 [ 19.769117] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.769118] [ 19.769118] -> #0 ((console_sem).lock){..-.}: [ 19.769124] lock_acquire+0x1d5/0x580 [ 19.769126] _raw_spin_lock_irqsave+0x96/0xc0 [ 19.769127] down_trylock+0x13/0x70 [ 19.769129] __down_trylock_console_sem+0xa2/0x1e0 [ 19.769131] console_trylock+0x15/0x100 [ 19.769132] vprintk_emit+0x49b/0x590 [ 19.769134] vprintk_default+0x28/0x30 [ 19.769136] vprintk_func+0x57/0xc0 [ 19.769137] printk+0xaa/0xca [ 19.769139] kasan_report+0x7b/0x340 [ 19.769141] __asan_report_load8_noabort+0x14/0x20 [ 19.769142] __schedule+0xda3/0x2060 [ 19.769144] preempt_schedule_common+0x22/0x60 [ 19.769146] _cond_resched+0x1d/0x30 [ 19.769147] wait_for_completion+0xa5/0x770 [ 19.769149] __synchronize_srcu+0x1ad/0x260 [ 19.769151] synchronize_srcu+0x1a3/0x570 [ 19.769153] kvm_page_track_unregister_notifier+0x186/0x270 [ 19.769155] kvm_mmu_uninit_vm+0x1c/0x20 [ 19.769156] kvm_arch_destroy_vm+0x73b/0x980 [ 19.769158] kvm_put_kvm+0x695/0xde0 [ 19.769160] kvm_vm_release+0x42/0x50 [ 19.769161] __fput+0x327/0x7e0 [ 19.769162] ____fput+0x15/0x20 [ 19.769164] task_work_run+0x199/0x270 [ 19.769166] do_exit+0x9bb/0x1ad0 [ 19.769167] do_group_exit+0x149/0x400 [ 19.769169] SyS_exit_group+0x1d/0x20 [ 19.769171] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.769172] [ 19.769173] other info that might help us debug this: [ 19.769174] [ 19.769176] Chain exists of: [ 19.769176] (console_sem).lock --> &rq->lock --> report_lock [ 19.769183] [ 19.769185] Possible unsafe locking scenario: [ 19.769186] [ 19.769187] CPU0 CPU1 [ 19.769189] ---- ---- [ 19.769190] lock(report_lock); [ 19.769194] lock(&rq->lock); [ 19.769197] lock(report_lock); [ 19.769200] lock((console_sem).lock); [ 19.769203] [ 19.769204] *** DEADLOCK *** [ 19.769205] [ 19.769207] 2 locks held by syzkaller462349/3148: [ 19.769208] #0: (&rq->lock){-.-.}, at: [<0000000030392844>] __schedule+0x24e/0x2060 [ 19.769214] #1: (report_lock){....}, at: [<00000000e09fee3d>] kasan_report+0x6b/0x340 [ 19.769220] [ 19.769221] stack backtrace: [ 19.769224] CPU: 1 PID: 3148 Comm: syzkaller462349 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 19.769227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.769228] Call Trace: [ 19.769230] dump_stack+0x194/0x257 [ 19.769232] ? arch_local_irq_restore+0x53/0x53 [ 19.769233] print_circular_bug.isra.37+0x2cd/0x2dc [ 19.769235] ? save_trace+0xe0/0x2b0 [ 19.769237] __lock_acquire+0x30a8/0x3e00 [ 19.769239] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 19.769241] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 19.769243] ? print_lockdep_cache.isra.31+0x109/0x109 [ 19.769244] ? save_stack_trace+0x1a/0x20 [ 19.769246] ? save_trace+0xe0/0x2b0 [ 19.769248] ? __lock_acquire+0x36c0/0x3e00 [ 19.769249] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 19.769251] ? __lock_is_held+0xb6/0x140 [ 19.769253] ? __lock_is_held+0xb6/0x140 [ 19.769254] lock_acquire+0x1d5/0x580 [ 19.769256] ? lock_acquire+0x1d5/0x580 [ 19.769257] ? down_trylock+0x13/0x70 [ 19.769259] ? find_held_lock+0x35/0x1d0 [ 19.769261] ? lock_release+0xa40/0xa40 [ 19.769262] ? vprintk_emit+0x379/0x590 [ 19.769264] ? lock_downgrade+0x980/0x980 [ 19.769265] ? kvm_sched_clock_read+0x25/0x40 [ 19.769267] ? sched_clock+0x31/0x40 [ 19.769269] ? sched_clock_cpu+0x1b/0x170 [ 19.769270] ? vprintk_emit+0x49b/0x590 [ 19.769272] _raw_spin_lock_irqsave+0x96/0xc0 [ 19.769274] ? down_trylock+0x13/0x70 [ 19.769275] down_trylock+0x13/0x70 [ 19.769277] ? vprintk_emit+0x49b/0x590 [ 19.769279] __down_trylock_console_sem+0xa2/0x1e0 [ 19.769280] console_trylock+0x15/0x100 [ 19.769282] vprintk_emit+0x49b/0x590 [ 19.769283] vprintk_default+0x28/0x30 [ 19.769285] vprintk_func+0x57/0xc0 [ 19.769286] printk+0xaa/0xca [ 19.769288] ? show_regs_print_info+0x18/0x18 [ 19.769290] ? __schedule+0xda3/0x2060 [ 19.769291] kasan_report+0x7b/0x340 [ 19.769293] __asan_report_load8_noabort+0x14/0x20 [ 19.769295] __schedule+0xda3/0x2060 [ 19.769296] ? __sched_text_start+0x8/0x8 [ 19.769298] ? _raw_spin_unlock_irqrestore+0x5e/0xba [ 19.769300] ? __call_srcu+0x7ee/0x1020 [ 19.769302] ? do_raw_spin_trylock+0x190/0x190 [ 19.769304] ? do_raw_spin_trylock+0x190/0x190 [ 19.769306] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 19.769308] ? __debug_object_init+0x235/0x1040 [ 19.769309] preempt_schedule_common+0x22/0x60 [ 19.769311] _cond_resched+0x1d/0x30 [ 19.769313] wait_for_completion+0xa5/0x770 [ 19.769315] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 19.769317] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 19.769319] ? __lockdep_init_map+0xe4/0x650 [ 19.769321] ? __init_waitqueue_head+0x97/0x140 [ 19.769323] ? init_wait_entry+0x1b0/0x1b0 [ 19.769324] __synchronize_srcu+0x1ad/0x260 [ 19.769326] ? call_srcu+0x10/0x10 [ 19.769328] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 19.769330] ? irq_matrix_allocated+0x80/0x80 [ 19.769331] ? synchronize_srcu+0x3c5/0x570 [ 19.769333] synchronize_srcu+0x1a3/0x570 [ 19.769335] ? synchronize_srcu+0x1a3/0x570 [ 19.769336] ? lock_downgrade+0x980/0x980 [ 19.769338] ? synchronize_srcu_expedited+0x20/0x20 [ 19.769340] ? lock_release+0xa40/0xa40 [ 19.769342] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 19.769344] ? do_raw_spin_trylock+0x190/0x190 [ 19.769346] kvm_page_track_unregister_notifier+0x186/0x270 [ 19.769348] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 19.769349] ? kvfree+0x36/0x60 [ 19.769351] ? rcu_read_lock_sched_held+0x108/0x120 [ 19.769353] kvm_mmu_uninit_vm+0x1c/0x20 [ 19.769355] kvm_arch_destroy_vm+0x73b/0x980 [ 19.769357] ? kvm_arch_sync_events+0x30/0x30 [ 19.769358] ? mmdrop+0x18/0x30 [ 19.769363] ? mmu_notifier_unregister+0x437/0x5c0 [ 19.769365] ? kvm_put_kvm+0x47a/0xde0 [ 19.769367] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 19.769369] ? __free_pages+0x107/0x150 [ 19.769370] ? free_unref_page+0x9e0/0x9e0 [ 19.769372] ? quarantine_put+0xeb/0x190 [ 19.769373] ? kfree+0xf0/0x260 [ 19.769375] ? kvm_put_kvm+0x614/0xde0 [ 19.769376] ? free_pages+0x51/0x90 [ 19.769378] kvm_put_kvm+0x695/0xde0 [ 19.769380] ? kvm_clear_guest+0xb0/0xb0 [ 19.769381] ? kvm_irqfd_release+0xd1/0x120 [ 19.769383] ? lock_downgrade+0x980/0x980 [ 19.769385] ? _raw_spin_unlock_irq+0x27/0x70 [ 19.769386] ? kvm_irqfd_release+0xdd/0x120 [ 19.769388] ? kvm_irqfd_release+0xdd/0x120 [ 19.769390] ? kvm_put_kvm+0xde0/0xde0 [ 19.769391] kvm_vm_release+0x42/0x50 [ 19.769393] __fput+0x327/0x7e0 [ 19.769394] ? fput+0x140/0x140 [ 19.769396] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 19.769398] ? _raw_spin_unlock_irq+0x27/0x70 [ 19.769400] ____fput+0x15/0x20 [ 19.769401] task_work_run+0x199/0x270 [ 19.769403] ? task_work_cancel+0x210/0x210 [ 19.769405] ? _raw_spin_unlock+0x22/0x30 [ 19.769407] ? switch_task_namespaces+0x87/0xc0 [ 19.769408] do_exit+0x9bb/0x1ad0 [ 19.769410] ? kvm_vcpu_fault+0x520/0x520 [ 19.769411] ? mm_update_next_owner+0x930/0x930 [ 19.769413] ? find_held_lock+0x35/0x1d0 [ 19.769415] ? handle_mm_fault+0x2a0/0x930 [ 19.769416] ? find_held_lock+0x35/0x1d0 [ 19.769418] ? __do_page_fault+0x5f7/0xc90 [ 19.769420] ? lock_downgrade+0x980/0x980 [ 19.769421] ? down_read_trylock+0xdb/0x170 [ 19.769423] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 19.769425] ? vmacache_find+0x5f/0x280 [ 19.769426] ? up_read+0x1a/0x40 [ 19.769428] ? __do_page_fault+0x3d6/0xc90 [ 19.769429] ? task_work_run+0x1f4/0x270 [ 19.769431] ? kvm_vcpu_fault+0x520/0x520 [ 19.769432] ? do_vfs_ioctl [ 19.769435] Lost 17 message(s)! [ 20.839830] Shutting down cpus with NMI [ 21.895244] Dumping ftrace buffer: [ 21.898755] (ftrace buffer empty) [ 21.902434] Kernel Offset: disabled [ 21.906027] Rebooting in 86400 seconds..