[....] Starting enhanced syslogd: rsyslogd[   11.039747] audit: type=1400 audit(1513851716.989:5): avc:  denied  { syslog } for  pid=2999 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   16.093875] audit: type=1400 audit(1513851722.043:6): avc:  denied  { map } for  pid=3137 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-mmots-kasan-gce-0,10.128.15.194' (ECDSA) to the list of known hosts.
executing program
[   23.656482] audit: type=1400 audit(1513851729.606:7): avc:  denied  { map } for  pid=3151 comm="syzkaller793708" path="/root/syzkaller793708921" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   23.687469] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu
[   23.698442] ==================================================================
[   23.706779] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060
[   23.712978] Read of size 8 at addr ffff8801c86a0058 by task syzkaller793708/3151
[   23.720474] 
[   23.722089] CPU: 1 PID: 3151 Comm: syzkaller793708 Not tainted 4.15.0-rc4-mm1+ #47
[   23.729756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.739430] Call Trace:
[   23.741988]  dump_stack+0x194/0x257
[   23.745587]  ? arch_local_irq_restore+0x53/0x53
[   23.750224]  ? show_regs_print_info+0x18/0x18
[   23.754696]  ? __schedule+0xda3/0x2060
[   23.758554]  print_address_description+0x73/0x250
[   23.763369]  ? __schedule+0xda3/0x2060
[   23.767230]  kasan_report+0x23b/0x360
[   23.770998]  __asan_report_load8_noabort+0x14/0x20
[   23.775894]  __schedule+0xda3/0x2060
[   23.779579]  ? __sched_text_start+0x8/0x8
[   23.783690]  ? trace_hardirqs_on+0xd/0x10
[   23.787809]  ? __call_srcu+0x7ee/0x1020
[   23.791755]  ? do_raw_spin_trylock+0x190/0x190
[   23.796305]  ? do_raw_spin_trylock+0x190/0x190
[   23.800865]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   23.806723]  ? __debug_object_init+0x235/0x1040
[   23.811368]  preempt_schedule_common+0x22/0x60
[   23.815916]  _cond_resched+0x1d/0x30
[   23.819596]  wait_for_completion+0xa5/0x770
[   23.823893]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.828875]  ? wait_for_completion_interruptible+0x7e0/0x7e0
[   23.834639]  ? __lockdep_init_map+0xe4/0x650
[   23.839015]  ? __init_waitqueue_head+0x97/0x140
[   23.843649]  ? init_wait_entry+0x1b0/0x1b0
[   23.847853]  __synchronize_srcu+0x1ad/0x260
[   23.852140]  ? call_srcu+0x10/0x10
[   23.855646]  ? trace_raw_output_rcu_utilization+0xb0/0xb0
[   23.861158]  ? irq_matrix_allocated+0x80/0x80
[   23.865623]  ? synchronize_srcu+0x3c5/0x570
[   23.869914]  synchronize_srcu+0x1a3/0x570
[   23.874027]  ? synchronize_srcu+0x1a3/0x570
[   23.878314]  ? lock_downgrade+0x980/0x980
[   23.882434]  ? synchronize_srcu_expedited+0x20/0x20
[   23.887413]  ? lock_release+0xa40/0xa40
[   23.891362]  ? __mutex_unlock_slowpath+0xe9/0xac0
[   23.896178]  ? do_raw_spin_trylock+0x190/0x190
[   23.900733]  kvm_page_track_unregister_notifier+0x186/0x270
[   23.906415]  ? kvm_slot_page_track_remove_page+0x60/0x60
[   23.911832]  ? kvfree+0x36/0x60
[   23.915076]  ? rcu_read_lock_sched_held+0x108/0x120
[   23.920059]  kvm_mmu_uninit_vm+0x1c/0x20
[   23.924085]  kvm_arch_destroy_vm+0x73b/0x980
[   23.928457]  ? kvm_arch_sync_events+0x30/0x30
[   23.932916]  ? mmdrop+0x18/0x30
[   23.936160]  ? mmu_notifier_unregister+0x43c/0x5c0
[   23.941054]  ? kvm_put_kvm+0x47a/0xde0
[   23.944907]  ? __mmu_notifier_invalidate_range_end+0x360/0x360
[   23.950855]  ? __free_pages+0x107/0x150
[   23.954808]  ? free_unref_page+0x9e0/0x9e0
[   23.959023]  ? quarantine_put+0xeb/0x190
[   23.963062]  ? kfree+0xf0/0x260
[   23.966320]  ? kvm_put_kvm+0x614/0xde0
[   23.970176]  ? free_pages+0x51/0x90
[   23.973772]  kvm_put_kvm+0x695/0xde0
[   23.977456]  ? kvm_clear_guest+0xb0/0xb0
[   23.981487]  ? kvm_irqfd_release+0xd1/0x120
[   23.985775]  ? lock_downgrade+0x980/0x980
[   23.989896]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.994358]  ? kvm_irqfd_release+0xdd/0x120
[   23.998648]  ? kvm_irqfd_release+0xdd/0x120
[   24.003733]  ? kvm_put_kvm+0xde0/0xde0
[   24.009408]  kvm_vm_release+0x42/0x50
[   24.013702]  __fput+0x327/0x7e0
[   24.016950]  ? fput+0x140/0x140
[   24.020197]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   24.026044]  ? _raw_spin_unlock_irq+0x27/0x70
[   24.030508]  ____fput+0x15/0x20
[   24.033754]  task_work_run+0x199/0x270
[   24.037606]  ? task_work_cancel+0x210/0x210
[   24.041891]  ? _raw_spin_unlock+0x22/0x30
[   24.046004]  ? switch_task_namespaces+0x87/0xc0
[   24.050641]  do_exit+0x9bb/0x1ad0
[   24.054057]  ? kvm_vcpu_fault+0x520/0x520
[   24.058171]  ? mm_update_next_owner+0x930/0x930
[   24.062808]  ? find_held_lock+0x35/0x1d0
[   24.066839]  ? handle_mm_fault+0x2a0/0x930
[   24.071042]  ? find_held_lock+0x35/0x1d0
[   24.075075]  ? __do_page_fault+0x5f7/0xc90
[   24.079276]  ? lock_downgrade+0x980/0x980
[   24.083392]  ? down_read_trylock+0xdb/0x170
[   24.087682]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   24.092227]  ? vmacache_find+0x5f/0x280
[   24.096170]  ? up_read+0x1a/0x40
[   24.099501]  ? __do_page_fault+0x3d6/0xc90
[   24.103714]  ? kvm_vcpu_fault+0x520/0x520
[   24.107827]  ? do_vfs_ioctl+0x486/0x1520
[   24.111853]  ? _cond_resched+0x14/0x30
[   24.115711]  ? ioctl_preallocate+0x2b0/0x2b0
[   24.120089]  ? selinux_capable+0x40/0x40
[   24.124116]  ? putname+0xf3/0x130
[   24.127541]  do_group_exit+0x149/0x400
[   24.131394]  ? SyS_exit+0x30/0x30
[   24.134814]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   24.139796]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   24.144516]  SyS_exit_group+0x1d/0x20
[   24.148281]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   24.153000] RIP: 0033:0x43ed88
[   24.156155] RSP: 002b:00007ffe7f8d2e48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   24.163826] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ed88
[   24.171063] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   24.178298] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0
[   24.186228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0
[   24.194156] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000
[   24.201397] 
[   24.202990] Allocated by task 3151:
[   24.206582]  save_stack+0x43/0xd0
[   24.209996]  kasan_kmalloc+0xad/0xe0
[   24.213676]  kasan_slab_alloc+0x12/0x20
[   24.217615]  kmem_cache_alloc+0x12e/0x760
[   24.221730]  vmx_create_vcpu+0xc4/0x2f20
[   24.225758]  kvm_arch_vcpu_create+0x12c/0x1a0
[   24.230475]  kvm_vm_ioctl+0x48b/0x1c60
[   24.235021]  do_vfs_ioctl+0x1b1/0x1520
[   24.238870]  SyS_ioctl+0x8f/0xc0
[   24.242198]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   24.246914] 
[   24.248503] Freed by task 3151:
[   24.251744]  save_stack+0x43/0xd0
[   24.255160]  kasan_slab_free+0x71/0xc0
[   24.259009]  kmem_cache_free+0x83/0x2a0
[   24.262944]  vmx_free_vcpu+0x1ee/0x260
[   24.266793]  kvm_arch_destroy_vm+0x4a2/0x980
[   24.271163]  kvm_put_kvm+0x695/0xde0
[   24.274839]  kvm_vm_release+0x42/0x50
[   24.278609]  __fput+0x327/0x7e0
[   24.281851]  ____fput+0x15/0x20
[   24.285099]  task_work_run+0x199/0x270
[   24.288949]  do_exit+0x9bb/0x1ad0
[   24.292366]  do_group_exit+0x149/0x400
[   24.296217]  SyS_exit_group+0x1d/0x20
[   24.299980]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   24.304694] 
[   24.306291] The buggy address belongs to the object at ffff8801c86a0040
[   24.306291]  which belongs to the cache kvm_vcpu of size 23872
[   24.318823] The buggy address is located 24 bytes inside of
[   24.318823]  23872-byte region [ffff8801c86a0040, ffff8801c86a5d80)
[   24.330746] The buggy address belongs to the page:
[   24.336336] page:ffffea000721a800 count:1 mapcount:0 mapping:ffff8801c86a0040 index:0x0 compound_mapcount: 0
[   24.348007] flags: 0x2fffc0000008100(slab|head)
[   24.352645] raw: 02fffc0000008100 ffff8801c86a0040 0000000000000000 0000000100000001
[   24.360502] raw: ffff8801d6dd5748 ffff8801d6dd5748 ffff8801d8151340 0000000000000000
[   24.368350] page dumped because: kasan: bad access detected
[   24.374022] 
[   24.375611] Memory state around the buggy address:
[   24.380504]  ffff8801c869ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.387824]  ffff8801c869ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.395146] >ffff8801c86a0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   24.402465]                                                     ^
[   24.408658]  ffff8801c86a0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.415980]  ffff8801c86a0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.423300] ==================================================================
[   24.430620] Kernel panic - not syncing: panic_on_warn set ...
[   24.430620] 
[   24.437945] CPU: 1 PID: 3151 Comm: syzkaller793708 Tainted: G    B            4.15.0-rc4-mm1+ #47
[   24.446926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.456246] Call Trace:
[   24.458808]  dump_stack+0x194/0x257
[   24.462402]  ? arch_local_irq_restore+0x53/0x53
[   24.467035]  ? kasan_end_report+0x32/0x50
[   24.471157]  ? lock_downgrade+0x980/0x980
[   24.475281]  ? vsnprintf+0x1ed/0x1900
[   24.479047]  ? __schedule+0xcf0/0x2060
[   24.482899]  panic+0x1e4/0x41c
[   24.486054]  ? refcount_error_report+0x214/0x214
[   24.490777]  ? print_shadow_for_address+0xdc/0x1a0
[   24.495669]  ? add_taint+0x1c/0x50
[   24.499181]  ? __schedule+0xda3/0x2060
[   24.503033]  kasan_end_report+0x50/0x50
[   24.506972]  kasan_report+0x148/0x360
[   24.510741]  __asan_report_load8_noabort+0x14/0x20
[   24.515635]  __schedule+0xda3/0x2060
[   24.519329]  ? __sched_text_start+0x8/0x8
[   24.523442]  ? trace_hardirqs_on+0xd/0x10
[   24.527559]  ? __call_srcu+0x7ee/0x1020
[   24.531506]  ? do_raw_spin_trylock+0x190/0x190
[   24.536057]  ? do_raw_spin_trylock+0x190/0x190
[   24.540610]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   24.546459]  ? __debug_object_init+0x235/0x1040
[   24.551098]  preempt_schedule_common+0x22/0x60
[   24.555645]  _cond_resched+0x1d/0x30
[   24.559330]  wait_for_completion+0xa5/0x770
[   24.563617]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   24.568603]  ? wait_for_completion_interruptible+0x7e0/0x7e0
[   24.574365]  ? __lockdep_init_map+0xe4/0x650
[   24.578740]  ? __init_waitqueue_head+0x97/0x140
[   24.583374]  ? init_wait_entry+0x1b0/0x1b0
[   24.587583]  __synchronize_srcu+0x1ad/0x260
[   24.591870]  ? call_srcu+0x10/0x10
[   24.595374]  ? trace_raw_output_rcu_utilization+0xb0/0xb0
[   24.600878]  ? irq_matrix_allocated+0x80/0x80
[   24.605344]  ? synchronize_srcu+0x3c5/0x570
[   24.609633]  synchronize_srcu+0x1a3/0x570
[   24.613744]  ? synchronize_srcu+0x1a3/0x570
[   24.618040]  ? lock_downgrade+0x980/0x980
[   24.622154]  ? synchronize_srcu_expedited+0x20/0x20
[   24.627134]  ? lock_release+0xa40/0xa40
[   24.631074]  ? __mutex_unlock_slowpath+0xe9/0xac0
[   24.635883]  ? do_raw_spin_trylock+0x190/0x190
[   24.640437]  kvm_page_track_unregister_notifier+0x186/0x270
[   24.646113]  ? kvm_slot_page_track_remove_page+0x60/0x60
[   24.651546]  ? kvfree+0x36/0x60
[   24.655309]  ? rcu_read_lock_sched_held+0x108/0x120
[   24.660291]  kvm_mmu_uninit_vm+0x1c/0x20
[   24.664316]  kvm_arch_destroy_vm+0x73b/0x980
[   24.668691]  ? kvm_arch_sync_events+0x30/0x30
[   24.673153]  ? mmdrop+0x18/0x30
[   24.676399]  ? mmu_notifier_unregister+0x43c/0x5c0
[   24.681291]  ? kvm_put_kvm+0x47a/0xde0
[   24.685144]  ? __mmu_notifier_invalidate_range_end+0x360/0x360
[   24.691081]  ? __free_pages+0x107/0x150
[   24.695019]  ? free_unref_page+0x9e0/0x9e0
[   24.699220]  ? quarantine_put+0xeb/0x190
[   24.703244]  ? kfree+0xf0/0x260
[   24.706488]  ? kvm_put_kvm+0x614/0xde0
[   24.710339]  ? free_pages+0x51/0x90
[   24.713931]  kvm_put_kvm+0x695/0xde0
[   24.717615]  ? kvm_clear_guest+0xb0/0xb0
[   24.721647]  ? kvm_irqfd_release+0xd1/0x120
[   24.725944]  ? lock_downgrade+0x980/0x980
[   24.730081]  ? _raw_spin_unlock_irq+0x27/0x70
[   24.734557]  ? kvm_irqfd_release+0xdd/0x120
[   24.738852]  ? kvm_irqfd_release+0xdd/0x120
[   24.743146]  ? kvm_put_kvm+0xde0/0xde0
[   24.746997]  kvm_vm_release+0x42/0x50
[   24.750763]  __fput+0x327/0x7e0
[   24.754007]  ? fput+0x140/0x140
[   24.757257]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   24.763105]  ? _raw_spin_unlock_irq+0x27/0x70
[   24.767567]  ____fput+0x15/0x20
[   24.770811]  task_work_run+0x199/0x270
[   24.774664]  ? task_work_cancel+0x210/0x210
[   24.778949]  ? _raw_spin_unlock+0x22/0x30
[   24.783060]  ? switch_task_namespaces+0x87/0xc0
[   24.787696]  do_exit+0x9bb/0x1ad0
[   24.791113]  ? kvm_vcpu_fault+0x520/0x520
[   24.795233]  ? mm_update_next_owner+0x930/0x930
[   24.799868]  ? find_held_lock+0x35/0x1d0
[   24.803899]  ? handle_mm_fault+0x2a0/0x930
[   24.808096]  ? find_held_lock+0x35/0x1d0
[   24.812128]  ? __do_page_fault+0x5f7/0xc90
[   24.816326]  ? lock_downgrade+0x980/0x980
[   24.820441]  ? down_read_trylock+0xdb/0x170
[   24.824733]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   24.829283]  ? vmacache_find+0x5f/0x280
[   24.833233]  ? up_read+0x1a/0x40
[   24.836574]  ? __do_page_fault+0x3d6/0xc90
[   24.840782]  ? kvm_vcpu_fault+0x520/0x520
[   24.844904]  ? do_vfs_ioctl+0x486/0x1520
[   24.848931]  ? _cond_resched+0x14/0x30
[   24.853044]  ? ioctl_preallocate+0x2b0/0x2b0
[   24.857417]  ? selinux_capable+0x40/0x40
[   24.861443]  ? putname+0xf3/0x130
[   24.864863]  do_group_exit+0x149/0x400
[   24.869670]  ? SyS_exit+0x30/0x30
[   24.873090]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   24.878073]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   24.882793]  SyS_exit_group+0x1d/0x20
[   24.886557]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   24.891274] RIP: 0033:0x43ed88
[   24.894426] RSP: 002b:00007ffe7f8d2e48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   24.902097] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ed88
[   24.909853] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   24.917085] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0
[   24.924319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0
[   24.931552] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000
[   24.938794] 
[   24.938796] ======================================================
[   24.938797] WARNING: possible circular locking dependency detected
[   24.938799] 4.15.0-rc4-mm1+ #47 Not tainted
[   24.938800] ------------------------------------------------------
[   24.938802] syzkaller793708/3151 is trying to acquire lock:
[   24.938802]  ((console_sem).lock){..-.}, at: [<00000000ab3eb64b>] down_trylock+0x13/0x70
[   24.938807] 
[   24.938808] but task is already holding lock:
[   24.938808]  (report_lock){....}, at: [<00000000a8491cab>] kasan_report+0x6b/0x360
[   24.938812] 
[   24.938814] which lock already depends on the new lock.
[   24.938814] 
[   24.938815] 
[   24.938816] the existing dependency chain (in reverse order) is:
[   24.938817] 
[   24.938818] -> #3 (report_lock){....}:
[   24.938822]        _raw_spin_lock_irqsave+0x96/0xc0
[   24.938823]        kasan_report+0x6b/0x360
[   24.938824]        __asan_report_load8_noabort+0x14/0x20
[   24.938826]        __schedule+0xda3/0x2060
[   24.938827]        preempt_schedule_common+0x22/0x60
[   24.938828]        _cond_resched+0x1d/0x30
[   24.938829]        wait_for_completion+0xa5/0x770
[   24.938831]        __synchronize_srcu+0x1ad/0x260
[   24.938832]        synchronize_srcu+0x1a3/0x570
[   24.938833]        kvm_page_track_unregister_notifier+0x186/0x270
[   24.938834]        kvm_mmu_uninit_vm+0x1c/0x20
[   24.938836]        kvm_arch_destroy_vm+0x73b/0x980
[   24.938837]        kvm_put_kvm+0x695/0xde0
[   24.938838]        kvm_vm_release+0x42/0x50
[   24.938839]        __fput+0x327/0x7e0
[   24.938840]        ____fput+0x15/0x20
[   24.938841]        task_work_run+0x199/0x270
[   24.938842]        do_exit+0x9bb/0x1ad0
[   24.938844]        do_group_exit+0x149/0x400
[   24.938845]        SyS_exit_group+0x1d/0x20
[   24.938846]        entry_SYSCALL_64_fastpath+0x1f/0x96
[   24.938847] 
[   24.938847] -> #2 (&rq->lock){-.-.}:
[   24.938851]        _raw_spin_lock+0x2a/0x40
[   24.938852]        task_fork_fair+0x7a/0x690
[   24.938853]        sched_fork+0x435/0xc00
[   24.938855]        copy_process.part.37+0x1758/0x4b60
[   24.938856]        _do_fork+0x1f7/0xf70
[   24.938857]        kernel_thread+0x34/0x40
[   24.938858]        rest_init+0x22/0xf0
[   24.938859]        start_kernel+0x7f1/0x819
[   24.938860]        x86_64_start_reservations+0x2a/0x2c
[   24.938862]        x86_64_start_kernel+0x77/0x7a
[   24.938863]        secondary_startup_64+0xa5/0xb0
[   24.938864] 
[   24.938864] -> #1 (&p->pi_lock){-.-.}:
[   24.938868]        _raw_spin_lock_irqsave+0x96/0xc0
[   24.938869]        try_to_wake_up+0xbc/0x1600
[   24.938871]        wake_up_process+0x10/0x20
[   24.938872]        __up.isra.0+0x1cc/0x2c0
[   24.938873]        up+0x13b/0x1d0
[   24.938874]        __up_console_sem+0xb2/0x1a0
[   24.938875]        console_unlock+0x538/0xd70
[   24.938876]        do_con_write+0x106e/0x1f70
[   24.938877]        con_write+0x25/0xb0
[   24.938878]        n_tty_write+0x5ef/0xec0
[   24.938880]        tty_write+0x3fa/0x840
[   24.938881]        __vfs_write+0xef/0x970
[   24.938882]        vfs_write+0x189/0x510
[   24.938883]        SyS_write+0xef/0x220
[   24.938884]        entry_SYSCALL_64_fastpath+0x1f/0x96
[   24.938885] 
[   24.938885] -> #0 ((console_sem).lock){..-.}:
[   24.938889]        lock_acquire+0x1d5/0x580
[   24.938891]        _raw_spin_lock_irqsave+0x96/0xc0
[   24.938892]        down_trylock+0x13/0x70
[   24.938893]        __down_trylock_console_sem+0xa2/0x1e0
[   24.938894]        console_trylock+0x15/0x100
[   24.938896]        vprintk_emit+0x49b/0x590
[   24.938897]        vprintk_default+0x28/0x30
[   24.938898]        vprintk_func+0x57/0xc0
[   24.938899]        printk+0xaa/0xca
[   24.938900]        kasan_report+0x7b/0x360
[   24.938901]        __asan_report_load8_noabort+0x14/0x20
[   24.938902]        __schedule+0xda3/0x2060
[   24.938904]        preempt_schedule_common+0x22/0x60
[   24.938905]        _cond_resched+0x1d/0x30
[   24.938906]        wait_for_completion+0xa5/0x770
[   24.938907]        __synchronize_srcu+0x1ad/0x260
[   24.938909]        synchronize_srcu+0x1a3/0x570
[   24.938910]        kvm_page_track_unregister_notifier+0x186/0x270
[   24.938911]        kvm_mmu_uninit_vm+0x1c/0x20
[   24.938912]        kvm_arch_destroy_vm+0x73b/0x980
[   24.938914]        kvm_put_kvm+0x695/0xde0
[   24.938915]        kvm_vm_release+0x42/0x50
[   24.938916]        __fput+0x327/0x7e0
[   24.938917]        ____fput+0x15/0x20
[   24.938918]        task_work_run+0x199/0x270
[   24.938919]        do_exit+0x9bb/0x1ad0
[   24.938920]        do_group_exit+0x149/0x400
[   24.938921]        SyS_exit_group+0x1d/0x20
[   24.938923]        entry_SYSCALL_64_fastpath+0x1f/0x96
[   24.938923] 
[   24.938925] other info that might help us debug this:
[   24.938925] 
[   24.938926] Chain exists of:
[   24.938927]   (console_sem).lock --> &rq->lock --> report_lock
[   24.938932] 
[   24.938933]  Possible unsafe locking scenario:
[   24.938934] 
[   24.938935]        CPU0                    CPU1
[   24.938936]        ----                    ----
[   24.938937]   lock(report_lock);
[   24.938939]                                lock(&rq->lock);
[   24.938942]                                lock(report_lock);
[   24.938944]   lock((console_sem).lock);
[   24.938946] 
[   24.938947]  *** DEADLOCK ***
[   24.938948] 
[   24.938949] 2 locks held by syzkaller793708/3151:
[   24.938950]  #0:  (&rq->lock){-.-.}, at: [<0000000064a8a52b>] __schedule+0x24e/0x2060
[   24.938954]  #1:  (report_lock){....}, at: [<00000000a8491cab>] kasan_report+0x6b/0x360
[   24.938958] 
[   24.938959] stack backtrace:
[   24.938961] CPU: 1 PID: 3151 Comm: syzkaller793708 Not tainted 4.15.0-rc4-mm1+ #47
[   24.938963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.938964] Call Trace:
[   24.938965]  dump_stack+0x194/0x257
[   24.938967]  ? arch_local_irq_restore+0x53/0x53
[   24.938968]  print_circular_bug.isra.37+0x2cd/0x2dc
[   24.938969]  ? save_trace+0xe0/0x2b0
[   24.938970]  __lock_acquire+0x30a8/0x3e00
[   24.938972]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.938973]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.938974]  ? print_lockdep_cache.isra.31+0x109/0x109
[   24.938976]  ? save_stack_trace+0x1a/0x20
[   24.938977]  ? save_trace+0xe0/0x2b0
[   24.938978]  ? __lock_acquire+0x36c0/0x3e00
[   24.938979]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.938980]  ? __lock_is_held+0xb6/0x140
[   24.938982]  ? __lock_is_held+0xb6/0x140
[   24.938983]  lock_acquire+0x1d5/0x580
[   24.938984]  ? lock_acquire+0x1d5/0x580
[   24.938985]  ? down_trylock+0x13/0x70
[   24.938986]  ? find_held_lock+0x35/0x1d0
[   24.938987]  ? lock_release+0xa40/0xa40
[   24.938988]  ? vprintk_emit+0x379/0x590
[   24.938989]  ? lock_downgrade+0x980/0x980
[   24.938991]  ? kvm_sched_clock_read+0x25/0x40
[   24.938992]  ? sched_clock+0x31/0x40
[   24.938993]  ? sched_clock_cpu+0x1b/0x170
[   24.938994]  ? vprintk_emit+0x49b/0x590
[   24.938995]  _raw_spin_lock_irqsave+0x96/0xc0
[   24.938996]  ? down_trylock+0x13/0x70
[   24.938997]  down_trylock+0x13/0x70
[   24.938998]  ? vprintk_emit+0x49b/0x590
[   24.939000]  __down_trylock_console_sem+0xa2/0x1e0
[   24.939001]  console_trylock+0x15/0x100
[   24.939002]  vprintk_emit+0x49b/0x590
[   24.939003]  vprintk_default+0x28/0x30
[   24.939004]  vprintk_func+0x57/0xc0
[   24.939005]  printk+0xaa/0xca
[   24.939006]  ? show_regs_print_info+0x18/0x18
[   24.939007]  ? __schedule+0xda3/0x2060
[   24.939008]  kasan_report+0x7b/0x360
[   24.939010]  __asan_report_load8_noabort+0x14/0x20
[   24.939011]  __schedule+0xda3/0x2060
[   24.939012]  ? __sched_text_start+0x8/0x8
[   24.939013]  ? trace_hardirqs_on+0xd/0x10
[   24.939014]  ? __call_srcu+0x7ee/0x1020
[   24.939016]  ? do_raw_spin_trylock+0x190/0x190
[   24.939017]  ? do_raw_spin_trylock+0x190/0x190
[   24.939018]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   24.939020]  ? __debug_object_init+0x235/0x1040
[   24.939021]  preempt_schedule_common+0x22/0x60
[   24.939022]  _cond_resched+0x1d/0x30
[   24.939023]  wait_for_completion+0xa5/0x770
[   24.939024]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   24.939026]  ? wait_for_completion_interruptible+0x7e0/0x7e0
[   24.939027]  ? __lockdep_init_map+0xe4/0x650
[   24.939028]  ? __init_waitqueue_head+0x97/0x140
[   24.939029]  ? init_wait_entry+0x1b0/0x1b0
[   24.939031]  __synchronize_srcu+0x1ad/0x260
[   24.939032]  ? call_srcu+0x10/0x10
[   24.939033]  ? trace_raw_output_rcu_utilization+0xb0/0xb0
[   24.939034]  ? irq_matrix_allocated+0x80/0x80
[   24.939035]  ? synchronize_srcu+0x3c5/0x570
[   24.939037]  synchronize_srcu+0x1a3/0x570
[   24.939038]  ? synchronize_srcu+0x1a3/0x570
[   24.939039]  ? lock_downgrade+0x980/0x980
[   24.939040]  ? synchronize_srcu_expedited+0x20/0x20
[   24.939041]  ? lock_release+0xa40/0xa40
[   24.939043]  ? __mutex_unlock_slowpath+0xe9/0xac0
[   24.939044]  ? do_raw_spin_trylock+0x190/0x190
[   24.939045]  kvm_page_track_unregister_notifier+0x186/0x270
[   24.939047]  ? kvm_slot_page_track_remove_page+0x60/0x60
[   24.939048]  ? kvfree+0x36/0x60
[   24.939049]  ? rcu_read_lock_sched_held+0x108/0x120
[   24.939050]  kvm_mmu_uninit_vm+0x1c/0x20
[   24.939051]  kvm_arch_destroy_vm+0x73b/0x980
[   24.939053]  ? kvm_arch_sync_events+0x30/0x30
[   24.939054]  ? mmdrop+0x18/0x30
[   24.939055]  ? mmu_notifier_unregister+0x43c/0x5c0
[   24.939056]  ? kvm_put_kvm+0x47a/0xde0
[   24.939058]  ? __mmu_notifier_invalidate_range_end+0x360/0x360
[   24.939059]  ? __free_pages+0x107/0x150
[   24.939060]  ? free_unref_page+0x9e0/0x9e0
[   24.939061]  ? quarantine_put+0xeb/0x190
[   24.939062]  ? kfree+0xf0/0x260
[   24.939063]  ? kvm_put_kvm+0x614/0xde0
[   24.939064]  ? free_pages+0x51/0x90
[   24.939066]  kvm_put_kvm+0x695/0xde0
[   24.939067]  ? kvm_clear_guest+0xb0/0xb0
[   24.939068]  ? kvm_irqfd_release+0xd1/0x120
[   24.939069]  ? lock_downgrade+0x980/0x980
[   24.939070]  ? _raw_spin_unlock_irq+0x27/0x70
[   24.939072]  ? kvm_irqfd_release+0xdd/0x120
[   24.939073]  ? kvm_irqfd_release+0xdd/0x120
[   24.939074]  ? kvm_put_kvm+0xde0/0xde0
[   24.939075]  kvm_vm_release+0x42/0x50
[   24.939076]  __fput+0x327/0x7e0
[   24.939077]  ? fput+0x140/0x140
[   24.939078]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   24.939080]  ? _raw_spin_unlock_irq+0x27/0x70
[   24.939081]  ____fput+0x15/0x20
[   24.939082]  task_work_run+0x199/0x270
[   24.939083]  ? task_work_cancel+0x210/0x210
[   24.939084]  ? _raw_spin_unlock+0x22/0x30
[   24.939085]  ? switch_task_namespaces+0x87/0xc0
[   24.939086]  do_exit+0x9bb/0x1ad0
[   24.939088]  ? kvm_vcpu_fault+0x520/0x520
[   24.939089]  ? mm_update_next_owner+0x930/0x930
[   24.939090]  ? find_held_lock+0x35/0x1d0
[   24.939091]  ? handle_mm_fault+0x2a0/0x930
[   24.939092]  ? find_held_lock+0x35/0x1d0
[   24.939093]  ? __do_page_fault+0x5f7/0xc90
[   24.939095]  ? lock_downgrade+0x980/0x980
[   24.939096]  ? down_read_trylock+0xdb/0x170
[   24.939097]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   24.939098]  ? vmacache_find+0x5f/0x280
[   24.939099]  ? up_read+0x1a/0x40
[   24.939100]  ? __do_page_fault+0x3d6/0xc90
[   24.939102]  ? kvm_vcpu_fault+0x520/0x520
[   24.939103]  ? do_vfs_ioctl+0x486/0x1520
[   24.939104]  ? _cond_resched+0x14/0x30
[   24.939105]  ? ioctl_preallocate+0x2b0/0x2b0
[   24.939106]  ? selinux_capable+0x40/0x40
[   24.939107]  ? putname+0xf3/0x130
[   24.939108]  do_group_exit+0x149/0x
[   24.939110] Lost 13 message(s)!
[   26.014787] Shutting down cpus with NMI
[   27.079003] Dumping ftrace buffer:
[   27.082511]    (ftrace buffer empty)
[   27.086185] Kernel Offset: disabled
[   27.089776] Rebooting in 86400 seconds..