[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [ 12.219517] sshd (3050) used greatest stack depth: 15488 bytes left [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.942958] audit: type=1400 audit(1513858040.719:6): avc: denied { map } for pid=3140 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-6,10.128.0.38' (ECDSA) to the list of known hosts. executing program [ 24.099879] audit: type=1400 audit(1513858046.876:7): avc: denied { map } for pid=3154 comm="syzkaller081408" path="/root/syzkaller081408659" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 24.131194] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 24.149428] ================================================================== [ 24.157550] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 24.163757] Read of size 8 at addr ffff8801c8528058 by task syzkaller081408/3154 [ 24.171254] [ 24.172851] CPU: 0 PID: 3154 Comm: syzkaller081408 Not tainted 4.15.0-rc4-mm1+ #47 [ 24.180522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.189842] Call Trace: [ 24.192397] dump_stack+0x194/0x257 [ 24.195988] ? arch_local_irq_restore+0x53/0x53 [ 24.200622] ? show_regs_print_info+0x18/0x18 [ 24.205085] ? __schedule+0xda3/0x2060 [ 24.208947] print_address_description+0x73/0x250 [ 24.213772] ? __schedule+0xda3/0x2060 [ 24.217626] kasan_report+0x23b/0x360 [ 24.221395] __asan_report_load8_noabort+0x14/0x20 [ 24.226288] __schedule+0xda3/0x2060 [ 24.229970] ? __sched_text_start+0x8/0x8 [ 24.234084] ? trace_hardirqs_on+0xd/0x10 [ 24.238206] ? __call_srcu+0x7ee/0x1020 [ 24.242148] ? do_raw_spin_trylock+0x190/0x190 [ 24.246702] ? do_raw_spin_trylock+0x190/0x190 [ 24.251256] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.257104] ? __debug_object_init+0x235/0x1040 [ 24.261743] preempt_schedule_common+0x22/0x60 [ 24.266289] _cond_resched+0x1d/0x30 [ 24.269966] wait_for_completion+0xa5/0x770 [ 24.274252] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.279237] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 24.284998] ? __lockdep_init_map+0xe4/0x650 [ 24.289374] ? __init_waitqueue_head+0x97/0x140 [ 24.294007] ? init_wait_entry+0x1b0/0x1b0 [ 24.298210] __synchronize_srcu+0x1ad/0x260 [ 24.302495] ? call_srcu+0x10/0x10 [ 24.305999] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 24.311505] ? irq_matrix_allocated+0x80/0x80 [ 24.315963] ? synchronize_srcu+0x3c5/0x570 [ 24.320250] synchronize_srcu+0x1a3/0x570 [ 24.324360] ? synchronize_srcu+0x1a3/0x570 [ 24.328644] ? lock_downgrade+0x980/0x980 [ 24.332756] ? synchronize_srcu_expedited+0x20/0x20 [ 24.337738] ? lock_release+0xa40/0xa40 [ 24.341678] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 24.346488] ? do_raw_spin_trylock+0x190/0x190 [ 24.351045] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.356721] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 24.362139] ? kvfree+0x36/0x60 [ 24.365393] ? rcu_read_lock_sched_held+0x108/0x120 [ 24.370377] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.374404] kvm_arch_destroy_vm+0x73b/0x980 [ 24.378781] ? kvm_arch_sync_events+0x30/0x30 [ 24.383241] ? mmdrop+0x18/0x30 [ 24.386485] ? mmu_notifier_unregister+0x43c/0x5c0 [ 24.391379] ? kvm_put_kvm+0x47a/0xde0 [ 24.395232] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 24.401170] ? __free_pages+0x107/0x150 [ 24.405108] ? free_unref_page+0x9e0/0x9e0 [ 24.409309] ? quarantine_put+0xeb/0x190 [ 24.413334] ? kfree+0xf0/0x260 [ 24.416578] ? kvm_put_kvm+0x614/0xde0 [ 24.420433] ? free_pages+0x51/0x90 [ 24.424026] kvm_put_kvm+0x695/0xde0 [ 24.427719] ? kvm_clear_guest+0xb0/0xb0 [ 24.431749] ? kvm_irqfd_release+0xd1/0x120 [ 24.436040] ? lock_downgrade+0x980/0x980 [ 24.440162] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.444633] ? kvm_irqfd_release+0xdd/0x120 [ 24.448936] ? kvm_irqfd_release+0xdd/0x120 [ 24.453224] ? kvm_put_kvm+0xde0/0xde0 [ 24.457077] kvm_vm_release+0x42/0x50 [ 24.460843] __fput+0x327/0x7e0 [ 24.464091] ? fput+0x140/0x140 [ 24.467338] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.473187] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.477652] ____fput+0x15/0x20 [ 24.480897] task_work_run+0x199/0x270 [ 24.484751] ? task_work_cancel+0x210/0x210 [ 24.489039] ? _raw_spin_unlock+0x22/0x30 [ 24.493151] ? switch_task_namespaces+0x87/0xc0 [ 24.497798] do_exit+0x9bb/0x1ad0 [ 24.501248] ? kvm_vcpu_fault+0x520/0x520 [ 24.505383] ? mm_update_next_owner+0x930/0x930 [ 24.510019] ? find_held_lock+0x35/0x1d0 [ 24.514052] ? handle_mm_fault+0x2a0/0x930 [ 24.518253] ? find_held_lock+0x35/0x1d0 [ 24.522284] ? __do_page_fault+0x5f7/0xc90 [ 24.526483] ? lock_downgrade+0x980/0x980 [ 24.530599] ? down_read_trylock+0xdb/0x170 [ 24.534885] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 24.539429] ? vmacache_find+0x5f/0x280 [ 24.543370] ? up_read+0x1a/0x40 [ 24.546701] ? __do_page_fault+0x3d6/0xc90 [ 24.550910] ? task_work_run+0x1f4/0x270 [ 24.554942] ? kvm_vcpu_fault+0x520/0x520 [ 24.559056] ? do_vfs_ioctl+0x486/0x1520 [ 24.563084] ? ioctl_preallocate+0x2b0/0x2b0 [ 24.567460] ? selinux_capable+0x40/0x40 [ 24.571491] ? __close_fd+0x222/0x360 [ 24.575258] do_group_exit+0x149/0x400 [ 24.579112] ? SyS_exit+0x30/0x30 [ 24.582531] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.587512] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.592234] SyS_exit_group+0x1d/0x20 [ 24.596004] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.600723] RIP: 0033:0x441c58 [ 24.604228] RSP: 002b:00007ffda92b0fb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 24.611903] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000441c58 [ 24.619137] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 24.626382] RBP: 0000000000000003 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 24.633618] R10: 00008c0000500000 R11: 0000000000000246 R12: 000000000000004a [ 24.640863] R13: 000000002084400c R14: 0000000000000001 R15: 00000000000000ad [ 24.648116] [ 24.649712] Allocated by task 3154: [ 24.653372] save_stack+0x43/0xd0 [ 24.656791] kasan_kmalloc+0xad/0xe0 [ 24.660469] kasan_slab_alloc+0x12/0x20 [ 24.664407] kmem_cache_alloc+0x12e/0x760 [ 24.668520] vmx_create_vcpu+0xc4/0x2f20 [ 24.672546] kvm_arch_vcpu_create+0x12c/0x1a0 [ 24.677005] kvm_vm_ioctl+0x48b/0x1c60 [ 24.680856] do_vfs_ioctl+0x1b1/0x1520 [ 24.684707] SyS_ioctl+0x8f/0xc0 [ 24.688039] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.692760] [ 24.694353] Freed by task 3154: [ 24.697597] save_stack+0x43/0xd0 [ 24.701012] kasan_slab_free+0x71/0xc0 [ 24.704862] kmem_cache_free+0x83/0x2a0 [ 24.708800] vmx_free_vcpu+0x1ee/0x260 [ 24.712737] kvm_arch_destroy_vm+0x4a2/0x980 [ 24.717108] kvm_put_kvm+0x695/0xde0 [ 24.720789] kvm_vm_release+0x42/0x50 [ 24.724553] __fput+0x327/0x7e0 [ 24.727798] ____fput+0x15/0x20 [ 24.731042] task_work_run+0x199/0x270 [ 24.734896] do_exit+0x9bb/0x1ad0 [ 24.738314] do_group_exit+0x149/0x400 [ 24.742165] SyS_exit_group+0x1d/0x20 [ 24.745940] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.750657] [ 24.752260] The buggy address belongs to the object at ffff8801c8528040 [ 24.752260] which belongs to the cache kvm_vcpu of size 23872 [ 24.764791] The buggy address is located 24 bytes inside of [ 24.764791] 23872-byte region [ffff8801c8528040, ffff8801c852dd80) [ 24.776714] The buggy address belongs to the page: [ 24.781608] page:ffffea0007214a00 count:1 mapcount:0 mapping:ffff8801c8528040 index:0x0 compound_mapcount: 0 [ 24.791539] flags: 0x2fffc0000008100(slab|head) [ 24.796174] raw: 02fffc0000008100 ffff8801c8528040 0000000000000000 0000000100000001 [ 24.804019] raw: ffff8801d6437a48 ffff8801d6437a48 ffff8801d6443d80 0000000000000000 [ 24.811867] page dumped because: kasan: bad access detected [ 24.817539] [ 24.819131] Memory state around the buggy address: [ 24.824023] ffff8801c8527f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.831346] ffff8801c8527f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.838669] >ffff8801c8528000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 24.845992] ^ [ 24.852187] ffff8801c8528080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.859522] ffff8801c8528100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.866852] ================================================================== [ 24.874174] Kernel panic - not syncing: panic_on_warn set ... [ 24.874174] [ 24.881500] CPU: 0 PID: 3154 Comm: syzkaller081408 Tainted: G B 4.15.0-rc4-mm1+ #47 [ 24.890472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.899790] Call Trace: [ 24.902344] dump_stack+0x194/0x257 [ 24.905936] ? arch_local_irq_restore+0x53/0x53 [ 24.910569] ? kasan_end_report+0x32/0x50 [ 24.914684] ? lock_downgrade+0x980/0x980 [ 24.918815] ? vsnprintf+0x1ed/0x1900 [ 24.922583] ? __schedule+0xcf0/0x2060 [ 24.926437] panic+0x1e4/0x41c [ 24.929596] ? refcount_error_report+0x214/0x214 [ 24.934320] ? print_shadow_for_address+0xdc/0x1a0 [ 24.939214] ? add_taint+0x1c/0x50 [ 24.942723] ? __schedule+0xda3/0x2060 [ 24.946577] kasan_end_report+0x50/0x50 [ 24.950516] kasan_report+0x148/0x360 [ 24.954283] __asan_report_load8_noabort+0x14/0x20 [ 24.959178] __schedule+0xda3/0x2060 [ 24.962880] ? __sched_text_start+0x8/0x8 [ 24.966993] ? trace_hardirqs_on+0xd/0x10 [ 24.971116] ? __call_srcu+0x7ee/0x1020 [ 24.975056] ? do_raw_spin_trylock+0x190/0x190 [ 24.979603] ? do_raw_spin_trylock+0x190/0x190 [ 24.984155] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.990005] ? __debug_object_init+0x235/0x1040 [ 24.994644] preempt_schedule_common+0x22/0x60 [ 24.999191] _cond_resched+0x1d/0x30 [ 25.002869] wait_for_completion+0xa5/0x770 [ 25.007157] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.012137] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 25.017902] ? __lockdep_init_map+0xe4/0x650 [ 25.022279] ? __init_waitqueue_head+0x97/0x140 [ 25.026923] ? init_wait_entry+0x1b0/0x1b0 [ 25.031129] __synchronize_srcu+0x1ad/0x260 [ 25.035415] ? call_srcu+0x10/0x10 [ 25.038922] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 25.044428] ? irq_matrix_allocated+0x80/0x80 [ 25.048897] ? synchronize_srcu+0x3c5/0x570 [ 25.053192] synchronize_srcu+0x1a3/0x570 [ 25.057304] ? synchronize_srcu+0x1a3/0x570 [ 25.061590] ? lock_downgrade+0x980/0x980 [ 25.065701] ? synchronize_srcu_expedited+0x20/0x20 [ 25.070684] ? lock_release+0xa40/0xa40 [ 25.074623] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 25.079432] ? do_raw_spin_trylock+0x190/0x190 [ 25.083987] kvm_page_track_unregister_notifier+0x186/0x270 [ 25.089665] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 25.095082] ? kvfree+0x36/0x60 [ 25.098328] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.103320] kvm_mmu_uninit_vm+0x1c/0x20 [ 25.107348] kvm_arch_destroy_vm+0x73b/0x980 [ 25.111726] ? kvm_arch_sync_events+0x30/0x30 [ 25.116184] ? mmdrop+0x18/0x30 [ 25.119518] ? mmu_notifier_unregister+0x43c/0x5c0 [ 25.124411] ? kvm_put_kvm+0x47a/0xde0 [ 25.128267] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 25.134203] ? __free_pages+0x107/0x150 [ 25.138143] ? free_unref_page+0x9e0/0x9e0 [ 25.142344] ? quarantine_put+0xeb/0x190 [ 25.146370] ? kfree+0xf0/0x260 [ 25.149615] ? kvm_put_kvm+0x614/0xde0 [ 25.153474] ? free_pages+0x51/0x90 [ 25.157067] kvm_put_kvm+0x695/0xde0 [ 25.160751] ? kvm_clear_guest+0xb0/0xb0 [ 25.164779] ? kvm_irqfd_release+0xd1/0x120 [ 25.169065] ? lock_downgrade+0x980/0x980 [ 25.173185] ? _raw_spin_unlock_irq+0x27/0x70 [ 25.177660] ? kvm_irqfd_release+0xdd/0x120 [ 25.181946] ? kvm_irqfd_release+0xdd/0x120 [ 25.186233] ? kvm_put_kvm+0xde0/0xde0 [ 25.190085] kvm_vm_release+0x42/0x50 [ 25.193849] __fput+0x327/0x7e0 [ 25.197096] ? fput+0x140/0x140 [ 25.200343] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 25.206190] ? _raw_spin_unlock_irq+0x27/0x70 [ 25.210653] ____fput+0x15/0x20 [ 25.213898] task_work_run+0x199/0x270 [ 25.217753] ? task_work_cancel+0x210/0x210 [ 25.222045] ? _raw_spin_unlock+0x22/0x30 [ 25.226157] ? switch_task_namespaces+0x87/0xc0 [ 25.230793] do_exit+0x9bb/0x1ad0 [ 25.234211] ? kvm_vcpu_fault+0x520/0x520 [ 25.238326] ? mm_update_next_owner+0x930/0x930 [ 25.242964] ? find_held_lock+0x35/0x1d0 [ 25.246993] ? handle_mm_fault+0x2a0/0x930 [ 25.251193] ? find_held_lock+0x35/0x1d0 [ 25.255222] ? __do_page_fault+0x5f7/0xc90 [ 25.259421] ? lock_downgrade+0x980/0x980 [ 25.263538] ? down_read_trylock+0xdb/0x170 [ 25.267825] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 25.272371] ? vmacache_find+0x5f/0x280 [ 25.276313] ? up_read+0x1a/0x40 [ 25.279645] ? __do_page_fault+0x3d6/0xc90 [ 25.283841] ? task_work_run+0x1f4/0x270 [ 25.287870] ? kvm_vcpu_fault+0x520/0x520 [ 25.291980] ? do_vfs_ioctl+0x486/0x1520 [ 25.296009] ? ioctl_preallocate+0x2b0/0x2b0 [ 25.300385] ? selinux_capable+0x40/0x40 [ 25.304412] ? __close_fd+0x222/0x360 [ 25.308180] do_group_exit+0x149/0x400 [ 25.312034] ? SyS_exit+0x30/0x30 [ 25.315452] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.320434] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.325156] SyS_exit_group+0x1d/0x20 [ 25.328923] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 25.333651] RIP: 0033:0x441c58 [ 25.336807] RSP: 002b:00007ffda92b0fb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 25.344489] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000441c58 [ 25.351741] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 25.359068] RBP: 0000000000000003 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 25.366303] R10: 00008c0000500000 R11: 0000000000000246 R12: 000000000000004a [ 25.373537] R13: 000000002084400c R14: 0000000000000001 R15: 00000000000000ad [ 25.380781] [ 25.380783] ====================================================== [ 25.380785] WARNING: possible circular locking dependency detected [ 25.380786] 4.15.0-rc4-mm1+ #47 Not tainted [ 25.380787] ------------------------------------------------------ [ 25.380789] syzkaller081408/3154 is trying to acquire lock: [ 25.380790] ((console_sem).lock){..-.}, at: [<00000000514fa4cb>] down_trylock+0x13/0x70 [ 25.380794] [ 25.380795] but task is already holding lock: [ 25.380795] (report_lock){....}, at: [<00000000e6eb9f95>] kasan_report+0x6b/0x360 [ 25.380799] [ 25.380800] which lock already depends on the new lock. [ 25.380801] [ 25.380802] [ 25.380803] the existing dependency chain (in reverse order) is: [ 25.380804] [ 25.380805] -> #3 (report_lock){....}: [ 25.380809] _raw_spin_lock_irqsave+0x96/0xc0 [ 25.380810] kasan_report+0x6b/0x360 [ 25.380811] __asan_report_load8_noabort+0x14/0x20 [ 25.380812] __schedule+0xda3/0x2060 [ 25.380814] preempt_schedule_common+0x22/0x60 [ 25.380815] _cond_resched+0x1d/0x30 [ 25.380816] wait_for_completion+0xa5/0x770 [ 25.380817] __synchronize_srcu+0x1ad/0x260 [ 25.380819] synchronize_srcu+0x1a3/0x570 [ 25.380820] kvm_page_track_unregister_notifier+0x186/0x270 [ 25.380821] kvm_mmu_uninit_vm+0x1c/0x20 [ 25.380823] kvm_arch_destroy_vm+0x73b/0x980 [ 25.380824] kvm_put_kvm+0x695/0xde0 [ 25.380825] kvm_vm_release+0x42/0x50 [ 25.380826] __fput+0x327/0x7e0 [ 25.380827] ____fput+0x15/0x20 [ 25.380828] task_work_run+0x199/0x270 [ 25.380829] do_exit+0x9bb/0x1ad0 [ 25.380830] do_group_exit+0x149/0x400 [ 25.380832] SyS_exit_group+0x1d/0x20 [ 25.380833] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 25.380833] [ 25.380834] -> #2 (&rq->lock){-.-.}: [ 25.380838] _raw_spin_lock+0x2a/0x40 [ 25.380839] task_fork_fair+0x7a/0x690 [ 25.380840] sched_fork+0x435/0xc00 [ 25.380842] copy_process.part.37+0x1758/0x4b60 [ 25.380843] _do_fork+0x1f7/0xf70 [ 25.380844] kernel_thread+0x34/0x40 [ 25.380845] rest_init+0x22/0xf0 [ 25.380846] start_kernel+0x7f1/0x819 [ 25.380847] x86_64_start_reservations+0x2a/0x2c [ 25.380848] x86_64_start_kernel+0x77/0x7a [ 25.380850] secondary_startup_64+0xa5/0xb0 [ 25.380850] [ 25.380851] -> #1 (&p->pi_lock){-.-.}: [ 25.380855] _raw_spin_lock_irqsave+0x96/0xc0 [ 25.380856] try_to_wake_up+0xbc/0x1600 [ 25.380857] wake_up_process+0x10/0x20 [ 25.380858] __up.isra.0+0x1cc/0x2c0 [ 25.380859] up+0x13b/0x1d0 [ 25.380861] __up_console_sem+0xb2/0x1a0 [ 25.380862] console_unlock+0x538/0xd70 [ 25.380863] vprintk_emit+0x4ad/0x590 [ 25.380864] vprintk_default+0x28/0x30 [ 25.380865] vprintk_func+0x57/0xc0 [ 25.380866] printk+0xaa/0xca [ 25.380867] regdb_fw_cb+0x1d7/0x220 [ 25.380869] request_firmware_work_func+0x151/0x2c0 [ 25.380870] process_one_work+0xbbf/0x1af0 [ 25.380871] worker_thread+0x223/0x1990 [ 25.380872] kthread+0x33c/0x400 [ 25.380873] ret_from_fork+0x24/0x30 [ 25.380874] [ 25.380875] -> #0 ((console_sem).lock){..-.}: [ 25.380879] lock_acquire+0x1d5/0x580 [ 25.380880] _raw_spin_lock_irqsave+0x96/0xc0 [ 25.380881] down_trylock+0x13/0x70 [ 25.380882] __down_trylock_console_sem+0xa2/0x1e0 [ 25.380884] console_trylock+0x15/0x100 [ 25.380885] vprintk_emit+0x49b/0x590 [ 25.380886] vprintk_default+0x28/0x30 [ 25.380887] vprintk_func+0x57/0xc0 [ 25.380888] printk+0xaa/0xca [ 25.380889] kasan_report+0x7b/0x360 [ 25.380891] __asan_report_load8_noabort+0x14/0x20 [ 25.380892] __schedule+0xda3/0x2060 [ 25.380893] preempt_schedule_common+0x22/0x60 [ 25.380894] _cond_resched+0x1d/0x30 [ 25.380895] wait_for_completion+0xa5/0x770 [ 25.380897] __synchronize_srcu+0x1ad/0x260 [ 25.380898] synchronize_srcu+0x1a3/0x570 [ 25.380899] kvm_page_track_unregister_notifier+0x186/0x270 [ 25.380900] kvm_mmu_uninit_vm+0x1c/0x20 [ 25.380902] kvm_arch_destroy_vm+0x73b/0x980 [ 25.380903] kvm_put_kvm+0x695/0xde0 [ 25.380904] kvm_vm_release+0x42/0x50 [ 25.380905] __fput+0x327/0x7e0 [ 25.380906] ____fput+0x15/0x20 [ 25.380907] task_work_run+0x199/0x270 [ 25.380908] do_exit+0x9bb/0x1ad0 [ 25.380909] do_group_exit+0x149/0x400 [ 25.380911] SyS_exit_group+0x1d/0x20 [ 25.380912] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 25.380913] [ 25.380914] other info that might help us debug this: [ 25.380915] [ 25.380916] Chain exists of: [ 25.380916] (console_sem).lock --> &rq->lock --> report_lock [ 25.380921] [ 25.380922] Possible unsafe locking scenario: [ 25.380923] [ 25.380924] CPU0 CPU1 [ 25.380925] ---- ---- [ 25.380926] lock(report_lock); [ 25.380929] lock(&rq->lock); [ 25.380931] lock(report_lock); [ 25.380933] lock((console_sem).lock); [ 25.380936] [ 25.380937] *** DEADLOCK *** [ 25.380937] [ 25.380938] 2 locks held by syzkaller081408/3154: [ 25.380939] #0: (&rq->lock){-.-.}, at: [<00000000cb3bd5ec>] __schedule+0x24e/0x2060 [ 25.380943] #1: (report_lock){....}, at: [<00000000e6eb9f95>] kasan_report+0x6b/0x360 [ 25.380947] [ 25.380948] stack backtrace: [ 25.380950] CPU: 0 PID: 3154 Comm: syzkaller081408 Not tainted 4.15.0-rc4-mm1+ #47 [ 25.380952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.380953] Call Trace: [ 25.380954] dump_stack+0x194/0x257 [ 25.380956] ? arch_local_irq_restore+0x53/0x53 [ 25.380957] print_circular_bug.isra.37+0x2cd/0x2dc [ 25.380958] ? save_trace+0xe0/0x2b0 [ 25.380959] __lock_acquire+0x30a8/0x3e00 [ 25.380961] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.380962] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.380963] ? print_lockdep_cache.isra.31+0x109/0x109 [ 25.380964] ? save_stack_trace+0x1a/0x20 [ 25.380965] ? save_trace+0xe0/0x2b0 [ 25.380967] ? __lock_acquire+0x36c0/0x3e00 [ 25.380968] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.380969] ? __lock_is_held+0xb6/0x140 [ 25.380970] ? __lock_is_held+0xb6/0x140 [ 25.380971] lock_acquire+0x1d5/0x580 [ 25.380973] ? lock_acquire+0x1d5/0x580 [ 25.380974] ? down_trylock+0x13/0x70 [ 25.380975] ? find_held_lock+0x35/0x1d0 [ 25.380976] ? lock_release+0xa40/0xa40 [ 25.380977] ? vprintk_emit+0x379/0x590 [ 25.380978] ? lock_downgrade+0x980/0x980 [ 25.380979] ? kvm_sched_clock_read+0x25/0x40 [ 25.380981] ? sched_clock+0x31/0x40 [ 25.380982] ? sched_clock_cpu+0x1b/0x170 [ 25.380983] ? vprintk_emit+0x49b/0x590 [ 25.380984] _raw_spin_lock_irqsave+0x96/0xc0 [ 25.380985] ? down_trylock+0x13/0x70 [ 25.380986] down_trylock+0x13/0x70 [ 25.380987] ? vprintk_emit+0x49b/0x590 [ 25.380989] __down_trylock_console_sem+0xa2/0x1e0 [ 25.380990] console_trylock+0x15/0x100 [ 25.380991] vprintk_emit+0x49b/0x590 [ 25.380992] vprintk_default+0x28/0x30 [ 25.380993] vprintk_func+0x57/0xc0 [ 25.380994] printk+0xaa/0xca [ 25.380995] ? show_regs_print_info+0x18/0x18 [ 25.380996] ? __schedule+0xda3/0x2060 [ 25.380997] kasan_report+0x7b/0x360 [ 25.380999] __asan_report_load8_noabort+0x14/0x20 [ 25.381000] __schedule+0xda3/0x2060 [ 25.381001] ? __sched_text_start+0x8/0x8 [ 25.381002] ? trace_hardirqs_on+0xd/0x10 [ 25.381003] ? __call_srcu+0x7ee/0x1020 [ 25.381004] ? do_raw_spin_trylock+0x190/0x190 [ 25.381006] ? do_raw_spin_trylock+0x190/0x190 [ 25.381007] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 25.381008] ? __debug_object_init+0x235/0x1040 [ 25.381010] preempt_schedule_common+0x22/0x60 [ 25.381011] _cond_resched+0x1d/0x30 [ 25.381012] wait_for_completion+0xa5/0x770 [ 25.381013] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.381015] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 25.381016] ? __lockdep_init_map+0xe4/0x650 [ 25.381017] ? __init_waitqueue_head+0x97/0x140 [ 25.381018] ? init_wait_entry+0x1b0/0x1b0 [ 25.381020] __synchronize_srcu+0x1ad/0x260 [ 25.381021] ? call_srcu+0x10/0x10 [ 25.381022] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 25.381023] ? irq_matrix_allocated+0x80/0x80 [ 25.381025] ? synchronize_srcu+0x3c5/0x570 [ 25.381026] synchronize_srcu+0x1a3/0x570 [ 25.381027] ? synchronize_srcu+0x1a3/0x570 [ 25.381028] ? lock_downgrade+0x980/0x980 [ 25.381030] ? synchronize_srcu_expedited+0x20/0x20 [ 25.381031] ? lock_release+0xa40/0xa40 [ 25.381032] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 25.381033] ? do_raw_spin_trylock+0x190/0x190 [ 25.381035] kvm_page_track_unregister_notifier+0x186/0x270 [ 25.381036] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 25.381037] ? kvfree+0x36/0x60 [ 25.381039] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.381040] kvm_mmu_uninit_vm+0x1c/0x20 [ 25.381041] kvm_arch_destroy_vm+0x73b/0x980 [ 25.381042] ? kvm_arch_sync_events+0x30/0x30 [ 25.381043] ? mmdrop+0x18/0x30 [ 25.381044] ? mmu_notifier_unregister+0x43c/0x5c0 [ 25.381046] ? kvm_put_kvm+0x47a/0xde0 [ 25.381047] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 25.381048] ? __free_pages+0x107/0x150 [ 25.381049] ? free_unref_page+0x9e0/0x9e0 [ 25.381051] ? quarantine_put+0xeb/0x190 [ 25.381052] ? kfree+0xf0/0x260 [ 25.381053] ? kvm_put_kvm+0x614/0xde0 [ 25.381054] ? free_pages+0x51/0x90 [ 25.381055] kvm_put_kvm+0x695/0xde0 [ 25.381056] ? kvm_clear_guest+0xb0/0xb0 [ 25.381057] ? kvm_irqfd_release+0xd1/0x120 [ 25.381058] ? lock_downgrade+0x980/0x980 [ 25.381060] ? _raw_spin_unlock_irq+0x27/0x70 [ 25.381061] ? kvm_irqfd_release+0xdd/0x120 [ 25.381062] ? kvm_irqfd_release+0xdd/0x120 [ 25.381063] ? kvm_put_kvm+0xde0/0xde0 [ 25.381064] kvm_vm_release+0x42/0x50 [ 25.381065] __fput+0x327/0x7e0 [ 25.381066] ? fput+0x140/0x140 [ 25.381068] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 25.381069] ? _raw_spin_unlock_irq+0x27/0x70 [ 25.381070] ____fput+0x15/0x20 [ 25.381071] task_work_run+0x199/0x270 [ 25.381072] ? task_work_cancel+0x210/0x210 [ 25.381073] ? _raw_spin_unlock+0x22/0x30 [ 25.381075] ? switch_task_namespaces+0x87/0xc0 [ 25.381076] do_exit+0x9bb/0x1ad0 [ 25.381077] ? kvm_vcpu_fault+0x520/0x520 [ 25.381078] ? mm_update_next_owner+0x930/0x930 [ 25.381079] ? find_held_lock+0x35/0x1d0 [ 25.381080] ? handle_mm_fault+0x2a0/0x930 [ 25.381082] ? find_held_lock+0x35/0x1d0 [ 25.381083] ? __do_page_fault+0x5f7/0xc90 [ 25.381084] ? lock_downgrade+0x980/0x980 [ 25.381085] ? down_read_trylock+0xdb/0x170 [ 25.381086] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 25.381087] ? vmacache_find+0x5f/0x280 [ 25.381088] ? up_read+0x1a/0x40 [ 25.381090] ? __do_page_fault+0x3d6/0xc90 [ 25.381091] ? task_work_run+0x1f4/0x270 [ 25.381092] ? kvm_vcpu_fault+0x520/0x520 [ 25.381093] ? do_vfs_ioctl+0x486/0x1520 [ 25.381094] ? ioctl_preallocate+0x2b0/0x2b0 [ 25.381095] ? [ 25.381097] Lost 15 message(s)! [ 26.456087] Shutting down cpus with NMI [ 27.511948] Dumping ftrace buffer: [ 27.515463] (ftrace buffer empty) [ 27.519158] Kernel Offset: disabled [ 27.522755] Rebooting in 86400 seconds..