[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 12.588696] audit: type=1400 audit(1513886451.339:6): avc: denied { map } for pid=3129 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-7,10.128.0.52' (ECDSA) to the list of known hosts. syzkaller login: [ 21.202888] audit: type=1400 audit(1513886459.953:7): avc: denied { map } for pid=3144 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2017/12/21 20:01:00 parsed 1 programs 2017/12/21 20:01:00 executed programs: 0 [ 21.319733] audit: type=1400 audit(1513886460.070:8): avc: denied { map } for pid=3144 comm="syz-execprog" path="/root/syzkaller-shm187924527" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 21.356332] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 21.386127] ================================================================== [ 21.394877] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 21.401076] Read of size 8 at addr ffff8801c9880058 by task syz-executor0/3154 [ 21.408398] [ 21.409994] CPU: 0 PID: 3154 Comm: syz-executor0 Not tainted 4.15.0-rc4-mm1+ #47 [ 21.417490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.426808] Call Trace: [ 21.429363] dump_stack+0x194/0x257 [ 21.432960] ? arch_local_irq_restore+0x53/0x53 [ 21.437610] ? show_regs_print_info+0x18/0x18 [ 21.442093] ? __schedule+0xda3/0x2060 [ 21.445949] print_address_description+0x73/0x250 [ 21.450758] ? __schedule+0xda3/0x2060 [ 21.454611] kasan_report+0x23b/0x360 [ 21.458383] __asan_report_load8_noabort+0x14/0x20 [ 21.463277] __schedule+0xda3/0x2060 [ 21.466964] ? __sched_text_start+0x8/0x8 [ 21.471079] ? trace_hardirqs_on+0xd/0x10 [ 21.475194] ? __call_srcu+0x7ee/0x1020 [ 21.479136] ? do_raw_spin_trylock+0x190/0x190 [ 21.483683] ? do_raw_spin_trylock+0x190/0x190 [ 21.488240] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 21.494094] ? __debug_object_init+0x235/0x1040 [ 21.498736] preempt_schedule_common+0x22/0x60 [ 21.503287] _cond_resched+0x1d/0x30 [ 21.506971] wait_for_completion+0xa5/0x770 [ 21.511263] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 21.516246] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 21.522013] ? __lockdep_init_map+0xe4/0x650 [ 21.526392] ? __init_waitqueue_head+0x97/0x140 [ 21.531027] ? init_wait_entry+0x1b0/0x1b0 [ 21.535234] __synchronize_srcu+0x1ad/0x260 [ 21.539520] ? call_srcu+0x10/0x10 [ 21.543026] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 21.548534] ? irq_matrix_allocated+0x80/0x80 [ 21.552996] ? synchronize_srcu+0x3c5/0x570 [ 21.557298] synchronize_srcu+0x1a3/0x570 [ 21.561411] ? synchronize_srcu+0x1a3/0x570 [ 21.565707] ? lock_downgrade+0x980/0x980 [ 21.569820] ? synchronize_srcu_expedited+0x20/0x20 [ 21.574802] ? lock_release+0xa40/0xa40 [ 21.578768] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 21.583582] ? do_raw_spin_trylock+0x190/0x190 [ 21.588150] kvm_page_track_unregister_notifier+0x186/0x270 [ 21.593827] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 21.599244] ? kvfree+0x36/0x60 [ 21.602489] ? rcu_read_lock_sched_held+0x108/0x120 [ 21.607474] kvm_mmu_uninit_vm+0x1c/0x20 [ 21.611501] kvm_arch_destroy_vm+0x73b/0x980 [ 21.615878] ? kvm_arch_sync_events+0x30/0x30 [ 21.620339] ? mmdrop+0x18/0x30 [ 21.623586] ? mmu_notifier_unregister+0x43c/0x5c0 [ 21.628480] ? kvm_put_kvm+0x47a/0xde0 [ 21.632337] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 21.638276] ? __free_pages+0x107/0x150 [ 21.642219] ? free_unref_page+0x9e0/0x9e0 [ 21.646424] ? quarantine_put+0xeb/0x190 [ 21.650450] ? kfree+0xf0/0x260 [ 21.653695] ? kvm_put_kvm+0x614/0xde0 [ 21.657553] ? free_pages+0x51/0x90 [ 21.661149] kvm_put_kvm+0x695/0xde0 [ 21.664837] ? kvm_clear_guest+0xb0/0xb0 [ 21.668868] ? kvm_irqfd_release+0xd1/0x120 [ 21.673156] ? lock_downgrade+0x980/0x980 [ 21.677287] ? _raw_spin_unlock_irq+0x27/0x70 [ 21.681756] ? kvm_irqfd_release+0xdd/0x120 [ 21.686042] ? kvm_irqfd_release+0xdd/0x120 [ 21.690332] ? kvm_put_kvm+0xde0/0xde0 [ 21.694188] kvm_vm_release+0x42/0x50 [ 21.697956] __fput+0x327/0x7e0 [ 21.701206] ? fput+0x140/0x140 [ 21.704455] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 21.710305] ? _raw_spin_unlock_irq+0x27/0x70 [ 21.714770] ____fput+0x15/0x20 [ 21.718017] task_work_run+0x199/0x270 [ 21.721873] ? task_work_cancel+0x210/0x210 [ 21.726161] ? _raw_spin_unlock+0x22/0x30 [ 21.730278] ? switch_task_namespaces+0x87/0xc0 [ 21.734919] do_exit+0x9bb/0x1ad0 [ 21.738339] ? check_noncircular+0x20/0x20 [ 21.742546] ? mm_update_next_owner+0x930/0x930 [ 21.747183] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 21.752340] ? __might_sleep+0x95/0x190 [ 21.756289] ? find_held_lock+0x35/0x1d0 [ 21.760324] ? futex_wait+0x402/0x9a0 [ 21.764093] ? lock_downgrade+0x980/0x980 [ 21.768207] ? __unqueue_futex+0x1c0/0x290 [ 21.772406] ? lock_release+0xa40/0xa40 [ 21.776346] ? fault_in_user_writeable+0x90/0x90 [ 21.781071] ? do_raw_spin_trylock+0x190/0x190 [ 21.785621] ? check_noncircular+0x20/0x20 [ 21.789826] ? drop_futex_key_refs.isra.12+0x63/0xa0 [ 21.794893] ? futex_wait+0x6a9/0x9a0 [ 21.798670] ? find_held_lock+0x35/0x1d0 [ 21.802704] ? get_signal+0x7ae/0x16c0 [ 21.806558] ? lock_downgrade+0x980/0x980 [ 21.810677] do_group_exit+0x149/0x400 [ 21.814534] ? do_raw_spin_trylock+0x190/0x190 [ 21.819094] ? SyS_exit+0x30/0x30 [ 21.822513] ? _raw_spin_unlock_irq+0x27/0x70 [ 21.826975] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 21.831959] get_signal+0x73f/0x16c0 [ 21.835645] ? ptrace_notify+0x130/0x130 [ 21.839676] ? kvm_vcpu_fault+0x520/0x520 [ 21.843793] ? exit_robust_list+0x240/0x240 [ 21.848080] ? find_held_lock+0x35/0x1d0 [ 21.852120] ? __fget+0x333/0x570 [ 21.855540] ? lock_downgrade+0x980/0x980 [ 21.859658] do_signal+0x94/0x1ee0 [ 21.863165] ? __lock_is_held+0xb6/0x140 [ 21.867198] ? setup_sigcontext+0x7d0/0x7d0 [ 21.871487] ? __fget+0x35c/0x570 [ 21.874912] ? iterate_fd+0x3f0/0x3f0 [ 21.878679] ? up_read+0x1a/0x40 [ 21.882013] ? __do_page_fault+0x3d6/0xc90 [ 21.886221] ? exit_to_usermode_loop+0x8c/0x2f0 [ 21.890860] exit_to_usermode_loop+0x258/0x2f0 [ 21.895409] ? ioctl_preallocate+0x2b0/0x2b0 [ 21.899788] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 21.905291] ? selinux_capable+0x40/0x40 [ 21.909324] syscall_return_slowpath+0x490/0x550 [ 21.914046] ? prepare_exit_to_usermode+0x340/0x340 [ 21.919029] ? entry_SYSCALL_64_fastpath+0x69/0x96 [ 21.923925] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 21.929873] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 21.934603] entry_SYSCALL_64_fastpath+0x94/0x96 [ 21.939324] RIP: 0033:0x452a09 [ 21.942478] RSP: 002b:00007fab2535bce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 21.950153] RAX: fffffffffffffe00 RBX: 000000000071bf80 RCX: 0000000000452a09 [ 21.957391] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000071bf80 [ 21.964628] RBP: 000000000071bf80 R08: 0000000000000000 R09: 000000000071bf58 [ 21.971862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 21.979097] R13: 00007ffead6bb0ff R14: 00007fab2535c9c0 R15: 0000000000000002 [ 21.986347] [ 21.987942] Allocated by task 3153: [ 21.991537] save_stack+0x43/0xd0 [ 21.994954] kasan_kmalloc+0xad/0xe0 [ 21.998632] kasan_slab_alloc+0x12/0x20 [ 22.002570] kmem_cache_alloc+0x12e/0x760 [ 22.006683] vmx_create_vcpu+0xc4/0x2f20 [ 22.010708] kvm_arch_vcpu_create+0x12c/0x1a0 [ 22.015170] kvm_vm_ioctl+0x48b/0x1c60 [ 22.019022] do_vfs_ioctl+0x1b1/0x1520 [ 22.022872] SyS_ioctl+0x8f/0xc0 [ 22.026205] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 22.030922] [ 22.032517] Freed by task 3154: [ 22.035761] save_stack+0x43/0xd0 [ 22.039179] kasan_slab_free+0x71/0xc0 [ 22.043031] kmem_cache_free+0x83/0x2a0 [ 22.046969] vmx_free_vcpu+0x1ee/0x260 [ 22.050822] kvm_arch_destroy_vm+0x4a2/0x980 [ 22.055197] kvm_put_kvm+0x695/0xde0 [ 22.058874] kvm_vm_release+0x42/0x50 [ 22.062643] __fput+0x327/0x7e0 [ 22.065887] ____fput+0x15/0x20 [ 22.069136] task_work_run+0x199/0x270 [ 22.072987] do_exit+0x9bb/0x1ad0 [ 22.076406] do_group_exit+0x149/0x400 [ 22.080265] get_signal+0x73f/0x16c0 [ 22.083945] do_signal+0x94/0x1ee0 [ 22.087453] exit_to_usermode_loop+0x258/0x2f0 [ 22.092001] syscall_return_slowpath+0x490/0x550 [ 22.096723] entry_SYSCALL_64_fastpath+0x94/0x96 [ 22.101440] [ 22.103036] The buggy address belongs to the object at ffff8801c9880040 [ 22.103036] which belongs to the cache kvm_vcpu of size 23872 [ 22.115570] The buggy address is located 24 bytes inside of [ 22.115570] 23872-byte region [ffff8801c9880040, ffff8801c9885d80) [ 22.127493] The buggy address belongs to the page: [ 22.132386] page:ffffea0007262000 count:1 mapcount:0 mapping:ffff8801c9880040 index:0x0 compound_mapcount: 0 [ 22.142319] flags: 0x2fffc0000008100(slab|head) [ 22.146954] raw: 02fffc0000008100 ffff8801c9880040 0000000000000000 0000000100000001 [ 22.154803] raw: ffff8801d644df48 ffffea0007263020 ffff8801d6442b40 0000000000000000 [ 22.162647] page dumped because: kasan: bad access detected [ 22.168325] [ 22.169917] Memory state around the buggy address: [ 22.174810] ffff8801c987ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.182133] ffff8801c987ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.189467] >ffff8801c9880000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 22.196789] ^ [ 22.202984] ffff8801c9880080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.210308] ffff8801c9880100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.217629] ================================================================== [ 22.224952] Kernel panic - not syncing: panic_on_warn set ... [ 22.224952] [ 22.232282] CPU: 0 PID: 3154 Comm: syz-executor0 Tainted: G B 4.15.0-rc4-mm1+ #47 [ 22.241080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.250401] Call Trace: [ 22.252954] dump_stack+0x194/0x257 [ 22.256551] ? arch_local_irq_restore+0x53/0x53 [ 22.261187] ? kasan_end_report+0x32/0x50 [ 22.265305] ? lock_downgrade+0x980/0x980 [ 22.269417] ? vsnprintf+0x1ed/0x1900 [ 22.273183] ? __schedule+0xcf0/0x2060 [ 22.277036] panic+0x1e4/0x41c [ 22.280194] ? refcount_error_report+0x214/0x214 [ 22.284921] ? print_shadow_for_address+0xdc/0x1a0 [ 22.289815] ? add_taint+0x1c/0x50 [ 22.293325] ? __schedule+0xda3/0x2060 [ 22.297179] kasan_end_report+0x50/0x50 [ 22.301120] kasan_report+0x148/0x360 [ 22.304888] __asan_report_load8_noabort+0x14/0x20 [ 22.309784] __schedule+0xda3/0x2060 [ 22.313469] ? __sched_text_start+0x8/0x8 [ 22.317583] ? trace_hardirqs_on+0xd/0x10 [ 22.321698] ? __call_srcu+0x7ee/0x1020 [ 22.325641] ? do_raw_spin_trylock+0x190/0x190 [ 22.330189] ? do_raw_spin_trylock+0x190/0x190 [ 22.334749] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 22.340600] ? __debug_object_init+0x235/0x1040 [ 22.345247] preempt_schedule_common+0x22/0x60 [ 22.349797] _cond_resched+0x1d/0x30 [ 22.353479] wait_for_completion+0xa5/0x770 [ 22.357766] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 22.362749] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 22.368515] ? __lockdep_init_map+0xe4/0x650 [ 22.372895] ? __init_waitqueue_head+0x97/0x140 [ 22.377530] ? init_wait_entry+0x1b0/0x1b0 [ 22.381738] __synchronize_srcu+0x1ad/0x260 [ 22.386024] ? call_srcu+0x10/0x10 [ 22.389529] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 22.395036] ? irq_matrix_allocated+0x80/0x80 [ 22.399499] ? synchronize_srcu+0x3c5/0x570 [ 22.403789] synchronize_srcu+0x1a3/0x570 [ 22.407901] ? synchronize_srcu+0x1a3/0x570 [ 22.412198] ? lock_downgrade+0x980/0x980 [ 22.416314] ? synchronize_srcu_expedited+0x20/0x20 [ 22.421297] ? lock_release+0xa40/0xa40 [ 22.425241] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 22.430050] ? do_raw_spin_trylock+0x190/0x190 [ 22.434609] kvm_page_track_unregister_notifier+0x186/0x270 [ 22.440288] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 22.445704] ? kvfree+0x36/0x60 [ 22.448951] ? rcu_read_lock_sched_held+0x108/0x120 [ 22.453940] kvm_mmu_uninit_vm+0x1c/0x20 [ 22.457969] kvm_arch_destroy_vm+0x73b/0x980 [ 22.462350] ? kvm_arch_sync_events+0x30/0x30 [ 22.466812] ? mmdrop+0x18/0x30 [ 22.470060] ? mmu_notifier_unregister+0x43c/0x5c0 [ 22.474955] ? kvm_put_kvm+0x47a/0xde0 [ 22.478812] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 22.484750] ? __free_pages+0x107/0x150 [ 22.488691] ? free_unref_page+0x9e0/0x9e0 [ 22.492892] ? quarantine_put+0xeb/0x190 [ 22.496925] ? kfree+0xf0/0x260 [ 22.500170] ? kvm_put_kvm+0x614/0xde0 [ 22.504461] ? free_pages+0x51/0x90 [ 22.508057] kvm_put_kvm+0x695/0xde0 [ 22.511742] ? kvm_clear_guest+0xb0/0xb0 [ 22.515773] ? kvm_irqfd_release+0xd1/0x120 [ 22.520061] ? lock_downgrade+0x980/0x980 [ 22.524187] ? _raw_spin_unlock_irq+0x27/0x70 [ 22.528655] ? kvm_irqfd_release+0xdd/0x120 [ 22.532942] ? kvm_irqfd_release+0xdd/0x120 [ 22.537232] ? kvm_put_kvm+0xde0/0xde0 [ 22.541088] kvm_vm_release+0x42/0x50 [ 22.544856] __fput+0x327/0x7e0 [ 22.548106] ? fput+0x140/0x140 [ 22.551353] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 22.557201] ? _raw_spin_unlock_irq+0x27/0x70 [ 22.561668] ____fput+0x15/0x20 [ 22.564916] task_work_run+0x199/0x270 [ 22.568770] ? task_work_cancel+0x210/0x210 [ 22.573058] ? _raw_spin_unlock+0x22/0x30 [ 22.577175] ? switch_task_namespaces+0x87/0xc0 [ 22.581813] do_exit+0x9bb/0x1ad0 [ 22.585232] ? check_noncircular+0x20/0x20 [ 22.589438] ? mm_update_next_owner+0x930/0x930 [ 22.594073] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 22.599231] ? __might_sleep+0x95/0x190 [ 22.603175] ? find_held_lock+0x35/0x1d0 [ 22.607212] ? futex_wait+0x402/0x9a0 [ 22.610981] ? lock_downgrade+0x980/0x980 [ 22.615095] ? __unqueue_futex+0x1c0/0x290 [ 22.619297] ? lock_release+0xa40/0xa40 [ 22.623239] ? fault_in_user_writeable+0x90/0x90 [ 22.627962] ? do_raw_spin_trylock+0x190/0x190 [ 22.632510] ? check_noncircular+0x20/0x20 [ 22.636716] ? drop_futex_key_refs.isra.12+0x63/0xa0 [ 22.641786] ? futex_wait+0x6a9/0x9a0 [ 22.645561] ? find_held_lock+0x35/0x1d0 [ 22.649598] ? get_signal+0x7ae/0x16c0 [ 22.653451] ? lock_downgrade+0x980/0x980 [ 22.657570] do_group_exit+0x149/0x400 [ 22.661426] ? do_raw_spin_trylock+0x190/0x190 [ 22.665976] ? SyS_exit+0x30/0x30 [ 22.669397] ? _raw_spin_unlock_irq+0x27/0x70 [ 22.673858] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 22.678856] get_signal+0x73f/0x16c0 [ 22.682555] ? ptrace_notify+0x130/0x130 [ 22.686583] ? kvm_vcpu_fault+0x520/0x520 [ 22.690704] ? exit_robust_list+0x240/0x240 [ 22.694994] ? find_held_lock+0x35/0x1d0 [ 22.699040] ? __fget+0x333/0x570 [ 22.702463] ? lock_downgrade+0x980/0x980 [ 22.706587] do_signal+0x94/0x1ee0 [ 22.710098] ? __lock_is_held+0xb6/0x140 [ 22.714130] ? setup_sigcontext+0x7d0/0x7d0 [ 22.718423] ? __fget+0x35c/0x570 [ 22.721848] ? iterate_fd+0x3f0/0x3f0 [ 22.725616] ? up_read+0x1a/0x40 [ 22.728951] ? __do_page_fault+0x3d6/0xc90 [ 22.733157] ? exit_to_usermode_loop+0x8c/0x2f0 [ 22.737797] exit_to_usermode_loop+0x258/0x2f0 [ 22.742344] ? ioctl_preallocate+0x2b0/0x2b0 [ 22.746719] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 22.752223] ? selinux_capable+0x40/0x40 [ 22.756256] syscall_return_slowpath+0x490/0x550 [ 22.760978] ? prepare_exit_to_usermode+0x340/0x340 [ 22.765962] ? entry_SYSCALL_64_fastpath+0x69/0x96 [ 22.770859] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 22.775843] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 22.780570] entry_SYSCALL_64_fastpath+0x94/0x96 [ 22.785292] RIP: 0033:0x452a09 [ 22.788451] RSP: 002b:00007fab2535bce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 22.796128] RAX: fffffffffffffe00 RBX: 000000000071bf80 RCX: 0000000000452a09 [ 22.803362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000071bf80 [ 22.810602] RBP: 000000000071bf80 R08: 0000000000000000 R09: 000000000071bf58 [ 22.817838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 22.825075] R13: 00007ffead6bb0ff R14: 00007fab2535c9c0 R15: 0000000000000002 [ 22.832324] [ 22.832326] ====================================================== [ 22.832329] WARNING: possible circular locking dependency detected [ 22.832330] 4.15.0-rc4-mm1+ #47 Not tainted [ 22.832333] ------------------------------------------------------ [ 22.832335] syz-executor0/3154 is trying to acquire lock: [ 22.832336] ((console_sem).lock){..-.}, at: [<00000000548bbc8f>] down_trylock+0x13/0x70 [ 22.832341] [ 22.832343] but task is already holding lock: [ 22.832344] (report_lock){....}, at: [<000000003e89e710>] kasan_report+0x6b/0x360 [ 22.832349] [ 22.832351] which lock already depends on the new lock. [ 22.832352] [ 22.832353] [ 22.832355] the existing dependency chain (in reverse order) is: [ 22.832356] [ 22.832357] -> #3 (report_lock){....}: [ 22.832362] _raw_spin_lock_irqsave+0x96/0xc0 [ 22.832364] kasan_report+0x6b/0x360 [ 22.832366] __asan_report_load8_noabort+0x14/0x20 [ 22.832367] __schedule+0xda3/0x2060 [ 22.832369] preempt_schedule_common+0x22/0x60 [ 22.832371] _cond_resched+0x1d/0x30 [ 22.832373] wait_for_completion+0xa5/0x770 [ 22.832374] __synchronize_srcu+0x1ad/0x260 [ 22.832376] synchronize_srcu+0x1a3/0x570 [ 22.832378] kvm_page_track_unregister_notifier+0x186/0x270 [ 22.832380] kvm_mmu_uninit_vm+0x1c/0x20 [ 22.832382] kvm_arch_destroy_vm+0x73b/0x980 [ 22.832383] kvm_put_kvm+0x695/0xde0 [ 22.832385] kvm_vm_release+0x42/0x50 [ 22.832386] __fput+0x327/0x7e0 [ 22.832388] ____fput+0x15/0x20 [ 22.832389] task_work_run+0x199/0x270 [ 22.832391] do_exit+0x9bb/0x1ad0 [ 22.832393] do_group_exit+0x149/0x400 [ 22.832394] get_signal+0x73f/0x16c0 [ 22.832396] do_signal+0x94/0x1ee0 [ 22.832398] exit_to_usermode_loop+0x258/0x2f0 [ 22.832400] syscall_return_slowpath+0x490/0x550 [ 22.832402] entry_SYSCALL_64_fastpath+0x94/0x96 [ 22.832402] [ 22.832403] -> #2 (&rq->lock){-.-.}: [ 22.832409] _raw_spin_lock+0x2a/0x40 [ 22.832410] task_fork_fair+0x7a/0x690 [ 22.832412] sched_fork+0x435/0xc00 [ 22.832414] copy_process.part.37+0x1758/0x4b60 [ 22.832415] _do_fork+0x1f7/0xf70 [ 22.832417] kernel_thread+0x34/0x40 [ 22.832418] rest_init+0x22/0xf0 [ 22.832420] start_kernel+0x7f1/0x819 [ 22.832422] x86_64_start_reservations+0x2a/0x2c [ 22.832423] x86_64_start_kernel+0x77/0x7a [ 22.832425] secondary_startup_64+0xa5/0xb0 [ 22.832426] [ 22.832427] -> #1 (&p->pi_lock){-.-.}: [ 22.832432] _raw_spin_lock_irqsave+0x96/0xc0 [ 22.832434] try_to_wake_up+0xbc/0x1600 [ 22.832436] wake_up_process+0x10/0x20 [ 22.832437] __up.isra.0+0x1cc/0x2c0 [ 22.832439] up+0x13b/0x1d0 [ 22.832440] __up_console_sem+0xb2/0x1a0 [ 22.832442] console_unlock+0x538/0xd70 [ 22.832443] con_write+0x90/0xb0 [ 22.832445] do_output_char+0x4d9/0x7a0 [ 22.832447] n_tty_write+0x68d/0xec0 [ 22.832448] tty_write+0x3fa/0x840 [ 22.832450] __vfs_write+0xef/0x970 [ 22.832451] vfs_write+0x189/0x510 [ 22.832453] SyS_write+0xef/0x220 [ 22.832455] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 22.832456] [ 22.832456] -> #0 ((console_sem).lock){..-.}: [ 22.832462] lock_acquire+0x1d5/0x580 [ 22.832464] _raw_spin_lock_irqsave+0x96/0xc0 [ 22.832465] down_trylock+0x13/0x70 [ 22.832467] __down_trylock_console_sem+0xa2/0x1e0 [ 22.832469] console_trylock+0x15/0x100 [ 22.832471] vprintk_emit+0x49b/0x590 [ 22.832472] vprintk_default+0x28/0x30 [ 22.832474] vprintk_func+0x57/0xc0 [ 22.832475] printk+0xaa/0xca [ 22.832477] kasan_report+0x7b/0x360 [ 22.832479] __asan_report_load8_noabort+0x14/0x20 [ 22.832480] __schedule+0xda3/0x2060 [ 22.832482] preempt_schedule_common+0x22/0x60 [ 22.832484] _cond_resched+0x1d/0x30 [ 22.832485] wait_for_completion+0xa5/0x770 [ 22.832487] __synchronize_srcu+0x1ad/0x260 [ 22.832489] synchronize_srcu+0x1a3/0x570 [ 22.832491] kvm_page_track_unregister_notifier+0x186/0x270 [ 22.832493] kvm_mmu_uninit_vm+0x1c/0x20 [ 22.832495] kvm_arch_destroy_vm+0x73b/0x980 [ 22.832496] kvm_put_kvm+0x695/0xde0 [ 22.832498] kvm_vm_release+0x42/0x50 [ 22.832499] __fput+0x327/0x7e0 [ 22.832501] ____fput+0x15/0x20 [ 22.832502] task_work_run+0x199/0x270 [ 22.832504] do_exit+0x9bb/0x1ad0 [ 22.832505] do_group_exit+0x149/0x400 [ 22.832507] get_signal+0x73f/0x16c0 [ 22.832509] do_signal+0x94/0x1ee0 [ 22.832510] exit_to_usermode_loop+0x258/0x2f0 [ 22.832512] syscall_return_slowpath+0x490/0x550 [ 22.832514] entry_SYSCALL_64_fastpath+0x94/0x96 [ 22.832515] [ 22.832517] other info that might help us debug this: [ 22.832518] [ 22.832519] Chain exists of: [ 22.832520] (console_sem).lock --> &rq->lock --> report_lock [ 22.832527] [ 22.832528] Possible unsafe locking scenario: [ 22.832529] [ 22.832531] CPU0 CPU1 [ 22.832532] ---- ---- [ 22.832533] lock(report_lock); [ 22.832537] lock(&rq->lock); [ 22.832541] lock(report_lock); [ 22.832544] lock((console_sem).lock); [ 22.832547] [ 22.832548] *** DEADLOCK *** [ 22.832549] [ 22.832551] 2 locks held by syz-executor0/3154: [ 22.832551] #0: (&rq->lock){-.-.}, at: [<00000000a2321ecf>] __schedule+0x24e/0x2060 [ 22.832557] #1: (report_lock){....}, at: [<000000003e89e710>] kasan_report+0x6b/0x360 [ 22.832563] [ 22.832564] stack backtrace: [ 22.832567] CPU: 0 PID: 3154 Comm: syz-executor0 Not tainted 4.15.0-rc4-mm1+ #47 [ 22.832570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.832571] Call Trace: [ 22.832573] dump_stack+0x194/0x257 [ 22.832574] ? arch_local_irq_restore+0x53/0x53 [ 22.832576] print_circular_bug.isra.37+0x2cd/0x2dc [ 22.832578] ? save_trace+0xe0/0x2b0 [ 22.832580] __lock_acquire+0x30a8/0x3e00 [ 22.832581] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 22.832583] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 22.832585] ? print_lockdep_cache.isra.31+0x109/0x109 [ 22.832587] ? save_stack_trace+0x1a/0x20 [ 22.832589] ? save_trace+0xe0/0x2b0 [ 22.832590] ? __lock_acquire+0x36c0/0x3e00 [ 22.832592] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 22.832594] ? __lock_is_held+0xb6/0x140 [ 22.832595] ? __lock_is_held+0xb6/0x140 [ 22.832597] lock_acquire+0x1d5/0x580 [ 22.832599] ? lock_acquire+0x1d5/0x580 [ 22.832600] ? down_trylock+0x13/0x70 [ 22.832602] ? find_held_lock+0x35/0x1d0 [ 22.832603] ? lock_release+0xa40/0xa40 [ 22.832605] ? vprintk_emit+0x379/0x590 [ 22.832607] ? lock_downgrade+0x980/0x980 [ 22.832608] ? kvm_sched_clock_read+0x25/0x40 [ 22.832610] ? sched_clock+0x31/0x40 [ 22.832611] ? sched_clock_cpu+0x1b/0x170 [ 22.832613] ? vprintk_emit+0x49b/0x590 [ 22.832615] _raw_spin_lock_irqsave+0x96/0xc0 [ 22.832616] ? down_trylock+0x13/0x70 [ 22.832618] down_trylock+0x13/0x70 [ 22.832619] ? vprintk_emit+0x49b/0x590 [ 22.832621] __down_trylock_console_sem+0xa2/0x1e0 [ 22.832623] console_trylock+0x15/0x100 [ 22.832624] vprintk_emit+0x49b/0x590 [ 22.832626] vprintk_default+0x28/0x30 [ 22.832627] vprintk_func+0x57/0xc0 [ 22.832629] printk+0xaa/0xca [ 22.832630] ? show_regs_print_info+0x18/0x18 [ 22.832632] ? __schedule+0xda3/0x2060 [ 22.832633] kasan_report+0x7b/0x360 [ 22.832635] __asan_report_load8_noabort+0x14/0x20 [ 22.832637] __schedule+0xda3/0x2060 [ 22.832638] ? __sched_text_start+0x8/0x8 [ 22.832640] ? trace_hardirqs_on+0xd/0x10 [ 22.832642] ? __call_srcu+0x7ee/0x1020 [ 22.832643] ? do_raw_spin_trylock+0x190/0x190 [ 22.832645] ? do_raw_spin_trylock+0x190/0x190 [ 22.832647] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 22.832649] ? __debug_object_init+0x235/0x1040 [ 22.832651] preempt_schedule_common+0x22/0x60 [ 22.832652] _cond_resched+0x1d/0x30 [ 22.832654] wait_for_completion+0xa5/0x770 [ 22.832656] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 22.832658] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 22.832660] ? __lockdep_init_map+0xe4/0x650 [ 22.832662] ? __init_waitqueue_head+0x97/0x140 [ 22.832663] ? init_wait_entry+0x1b0/0x1b0 [ 22.832665] __synchronize_srcu+0x1ad/0x260 [ 22.832666] ? call_srcu+0x10/0x10 [ 22.832668] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 22.832670] ? irq_matrix_allocated+0x80/0x80 [ 22.832672] ? synchronize_srcu+0x3c5/0x570 [ 22.832674] synchronize_srcu+0x1a3/0x570 [ 22.832675] ? synchronize_srcu+0x1a3/0x570 [ 22.832677] ? lock_downgrade+0x980/0x980 [ 22.832679] ? synchronize_srcu_expedited+0x20/0x20 [ 22.832681] ? lock_release+0xa40/0xa40 [ 22.832683] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 22.832684] ? do_raw_spin_trylock+0x190/0x190 [ 22.832686] kvm_page_track_unregister_notifier+0x186/0x270 [ 22.832688] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 22.832690] ? kvfree+0x36/0x60 [ 22.832692] ? rcu_read_lock_sched_held+0x108/0x120 [ 22.832693] kvm_mmu_uninit_vm+0x1c/0x20 [ 22.832695] kvm_arch_destroy_vm+0x73b/0x980 [ 22.832697] ? kvm_arch_sync_events+0x30/0x30 [ 22.832698] ? mmdrop+0x18/0x30 [ 22.832700] ? mmu_notifier_unregister+0x43c/0x5c0 [ 22.832702] ? kvm_put_kvm+0x47a/0xde0 [ 22.832704] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 22.832705] ? __free_pages+0x107/0x150 [ 22.832707] ? free_unref_page+0x9e0/0x9e0 [ 22.832709] ? quarantine_put+0xeb/0x190 [ 22.832710] ? kfree+0xf0/0x260 [ 22.832712] ? kvm_put_kvm+0x614/0xde0 [ 22.832713] ? free_pages+0x51/0x90 [ 22.832715] kvm_put_kvm+0x695/0xde0 [ 22.832716] ? kvm_clear_guest+0xb0/0xb0 [ 22.832718] ? kvm_irqfd_release+0xd1/0x120 [ 22.832720] ? lock_downgrade+0x980/0x980 [ 22.832721] ? _raw_spin_unlock_irq+0x27/0x70 [ 22.832723] ? kvm_irqfd_release+0xdd/0x120 [ 22.832725] ? kvm_irqfd_release+0xdd/0x120 [ 22.832726] ? kvm_put_kvm+0xde0/0xde0 [ 22.832728] kvm_vm_release+0x42/0x50 [ 22.832729] __fput+0x327/0x7e0 [ 22.832731] ? fput+0x140/0x140 [ 22.832733] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 22.832735] ? _raw_spin_unlock_irq+0x27/0x70 [ 22.832736] ____fput+0x15/0x20 [ 22.832737] task_work_run+0x199/0x270 [ 22.832739] ? task_work_cancel+0x210/0x210 [ 22.832741] ? _raw_spin_unlock+0x22/0x30 [ 22.832743] ? switch_task_namespaces+0x87/0xc0 [ 22.832744] do_exit+0x9bb/0x1ad0 [ 22.832746] ? check_noncircular+0x20/0x20 [ 22.832748] ? mm_update_next_owner+0x930/0x930 [ 22.832749] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 22.832751] ? __might_sleep+0x95/0x190 [ 22.832753] ? find_held_lock+0x35/0x1d0 [ 22.832754] ? futex_wait+0x402/0x9a0 [ 22.832756] ? lock_downgrade+0x980/0x980 [ 22.832758] ? __unqueue_futex+0x1c0/0x290 [ 22.832759] ? lock_release+0xa40/0xa40 [ 22.832761] ? fault_in_user_writeable+0x90/0x90 [ 22.832763] ? do_raw_spin_trylock+0x190/0x190 [ 22.832763]  [ 22.832767] Lost 43 message(s)! [ 23.905662] Shutting down cpus with NMI [ 24.960660] Dumping ftrace buffer: [ 24.964174] (ftrace buffer empty) [ 24.967848] Kernel Offset: disabled [ 24.971446] Rebooting in 86400 seconds..