[....] Starting enhanced syslogd: rsyslogd[ 11.992999] audit: type=1400 audit(1513809281.750:5): avc: denied { syslog } for pid=2996 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.751542] audit: type=1400 audit(1513809286.509:6): avc: denied { map } for pid=3136 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-next-kasan-gce-6,10.128.15.243' (ECDSA) to the list of known hosts. executing program [ 27.486658] audit: type=1400 audit(1513809297.244:7): avc: denied { map } for pid=3152 comm="syzkaller518961" path="/root/syzkaller518961707" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 27.519575] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 27.530500] ================================================================== [ 27.538967] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 27.545171] Read of size 8 at addr ffff8801c7988058 by task syzkaller518961/3152 [ 27.552666] [ 27.554267] CPU: 0 PID: 3152 Comm: syzkaller518961 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 27.562807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.572127] Call Trace: [ 27.574679] dump_stack+0x194/0x257 [ 27.578277] ? arch_local_irq_restore+0x53/0x53 [ 27.582912] ? show_regs_print_info+0x18/0x18 [ 27.587381] ? __schedule+0xda3/0x2060 [ 27.591236] print_address_description+0x73/0x250 [ 27.596046] ? __schedule+0xda3/0x2060 [ 27.599902] kasan_report+0x25b/0x340 [ 27.603673] __asan_report_load8_noabort+0x14/0x20 [ 27.608571] __schedule+0xda3/0x2060 [ 27.612266] ? __sched_text_start+0x8/0x8 [ 27.616384] ? trace_hardirqs_on+0xd/0x10 [ 27.620501] ? __call_srcu+0x7ee/0x1020 [ 27.624442] ? do_raw_spin_trylock+0x190/0x190 [ 27.628991] ? do_raw_spin_trylock+0x190/0x190 [ 27.633553] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 27.639406] ? __debug_object_init+0x235/0x1040 [ 27.644050] preempt_schedule_common+0x22/0x60 [ 27.648603] _cond_resched+0x1d/0x30 [ 27.652294] wait_for_completion+0xa5/0x770 [ 27.656587] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.661571] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 27.667338] ? __lockdep_init_map+0xe4/0x650 [ 27.671718] ? __init_waitqueue_head+0x97/0x140 [ 27.676354] ? init_wait_entry+0x1b0/0x1b0 [ 27.680564] __synchronize_srcu+0x1ad/0x260 [ 27.684853] ? call_srcu+0x10/0x10 [ 27.688361] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 27.693872] ? irq_matrix_allocated+0x80/0x80 [ 27.698335] ? synchronize_srcu+0x3c5/0x570 [ 27.702627] synchronize_srcu+0x1a3/0x570 [ 27.706742] ? synchronize_srcu+0x1a3/0x570 [ 27.711030] ? lock_downgrade+0x980/0x980 [ 27.715144] ? synchronize_srcu_expedited+0x20/0x20 [ 27.720127] ? lock_release+0xa40/0xa40 [ 27.724073] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 27.728886] ? do_raw_spin_trylock+0x190/0x190 [ 27.733445] kvm_page_track_unregister_notifier+0x186/0x270 [ 27.739124] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 27.744547] ? kvfree+0x36/0x60 [ 27.747794] ? rcu_read_lock_sched_held+0x108/0x120 [ 27.752783] kvm_mmu_uninit_vm+0x1c/0x20 [ 27.756812] kvm_arch_destroy_vm+0x73b/0x980 [ 27.761191] ? kvm_arch_sync_events+0x30/0x30 [ 27.765658] ? mmdrop+0x18/0x30 [ 27.768908] ? mmu_notifier_unregister+0x437/0x5c0 [ 27.773813] ? kvm_put_kvm+0x47a/0xde0 [ 27.777671] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 27.783526] ? __free_pages+0x107/0x150 [ 27.787473] ? free_unref_page+0x9e0/0x9e0 [ 27.791677] ? quarantine_put+0xeb/0x190 [ 27.795705] ? kfree+0xf0/0x260 [ 27.798953] ? kvm_put_kvm+0x614/0xde0 [ 27.802809] ? free_pages+0x51/0x90 [ 27.806406] kvm_put_kvm+0x695/0xde0 [ 27.810094] ? kvm_clear_guest+0xb0/0xb0 [ 27.814128] ? kvm_irqfd_release+0xd1/0x120 [ 27.818418] ? lock_downgrade+0x980/0x980 [ 27.822545] ? _raw_spin_unlock_irq+0x27/0x70 [ 27.827014] ? kvm_irqfd_release+0xdd/0x120 [ 27.831301] ? kvm_irqfd_release+0xdd/0x120 [ 27.835589] ? kvm_put_kvm+0xde0/0xde0 [ 27.839445] kvm_vm_release+0x42/0x50 [ 27.843214] __fput+0x327/0x7e0 [ 27.846466] ? fput+0x140/0x140 [ 27.849711] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 27.855563] ? _raw_spin_unlock_irq+0x27/0x70 [ 27.860033] ____fput+0x15/0x20 [ 27.863297] task_work_run+0x199/0x270 [ 27.867156] ? task_work_cancel+0x210/0x210 [ 27.871460] ? _raw_spin_unlock+0x22/0x30 [ 27.875575] ? switch_task_namespaces+0x87/0xc0 [ 27.880215] do_exit+0x9bb/0x1ad0 [ 27.883636] ? kvm_vcpu_fault+0x520/0x520 [ 27.887754] ? mm_update_next_owner+0x930/0x930 [ 27.892390] ? avc_has_extended_perms+0x7fa/0x12c0 [ 27.897286] ? unwind_get_return_address+0x61/0xa0 [ 27.902189] ? avc_ss_reset+0x110/0x110 [ 27.906133] ? putname+0xee/0x130 [ 27.909553] ? save_stack+0xa3/0xd0 [ 27.913148] ? save_stack+0x43/0xd0 [ 27.916743] ? kasan_slab_free+0x71/0xc0 [ 27.920772] ? putname+0xee/0x130 [ 27.924191] ? do_sys_open+0x31b/0x6d0 [ 27.928043] ? SyS_openat+0x30/0x40 [ 27.931640] ? debug_check_no_obj_freed+0x3da/0xf1f [ 27.936624] ? __lock_is_held+0xb6/0x140 [ 27.940663] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 27.946512] ? get_unused_fd_flags+0x190/0x190 [ 27.951072] ? kvm_vcpu_fault+0x520/0x520 [ 27.955187] ? do_vfs_ioctl+0x486/0x1520 [ 27.959216] ? _cond_resched+0x14/0x30 [ 27.963075] ? ioctl_preallocate+0x2b0/0x2b0 [ 27.967453] ? selinux_capable+0x40/0x40 [ 27.971481] ? putname+0xf3/0x130 [ 27.974907] do_group_exit+0x149/0x400 [ 27.978765] ? SyS_exit+0x30/0x30 [ 27.982189] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.987174] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.991900] SyS_exit_group+0x1d/0x20 [ 27.995668] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 28.000390] RIP: 0033:0x43ed88 [ 28.003548] RSP: 002b:00007fff6f16b3a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 28.011223] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ed88 [ 28.018462] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 28.025700] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 28.032940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 28.040179] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 28.047427] [ 28.049025] Allocated by task 3152: [ 28.052619] save_stack+0x43/0xd0 [ 28.056039] kasan_kmalloc+0xad/0xe0 [ 28.059717] kasan_slab_alloc+0x12/0x20 [ 28.063660] kmem_cache_alloc+0x12e/0x760 [ 28.067777] vmx_create_vcpu+0xc4/0x2f20 [ 28.071805] kvm_arch_vcpu_create+0x12c/0x1a0 [ 28.076268] kvm_vm_ioctl+0x48b/0x1c60 [ 28.080120] do_vfs_ioctl+0x1b1/0x1520 [ 28.083976] SyS_ioctl+0x8f/0xc0 [ 28.087310] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 28.092030] [ 28.093625] Freed by task 3152: [ 28.096872] save_stack+0x43/0xd0 [ 28.100292] kasan_slab_free+0x71/0xc0 [ 28.104143] kmem_cache_free+0x83/0x2a0 [ 28.108087] vmx_free_vcpu+0x1ee/0x260 [ 28.111943] kvm_arch_destroy_vm+0x4a2/0x980 [ 28.116318] kvm_put_kvm+0x695/0xde0 [ 28.119999] kvm_vm_release+0x42/0x50 [ 28.123767] __fput+0x327/0x7e0 [ 28.127013] ____fput+0x15/0x20 [ 28.130260] task_work_run+0x199/0x270 [ 28.134113] do_exit+0x9bb/0x1ad0 [ 28.137536] do_group_exit+0x149/0x400 [ 28.141390] SyS_exit_group+0x1d/0x20 [ 28.145157] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 28.149876] [ 28.151474] The buggy address belongs to the object at ffff8801c7988040 [ 28.151474] which belongs to the cache kvm_vcpu of size 23872 [ 28.164010] The buggy address is located 24 bytes inside of [ 28.164010] 23872-byte region [ffff8801c7988040, ffff8801c798dd80) [ 28.175936] The buggy address belongs to the page: [ 28.180835] page:00000000893d839d count:1 mapcount:0 mapping:0000000034c18203 index:0x0 compound_mapcount: 0 [ 28.190768] flags: 0x2fffc0000008100(slab|head) [ 28.195407] raw: 02fffc0000008100 ffff8801c7988040 0000000000000000 0000000100000001 [ 28.203256] raw: ffff8801d6d8e748 ffff8801d6d8e748 ffff8801d6d8d840 0000000000000000 [ 28.211100] page dumped because: kasan: bad access detected [ 28.216774] [ 28.218367] Memory state around the buggy address: [ 28.223261] ffff8801c7987f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.230586] ffff8801c7987f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.237912] >ffff8801c7988000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 28.245236] ^ [ 28.251433] ffff8801c7988080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.258759] ffff8801c7988100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.266084] ================================================================== [ 28.273407] Kernel panic - not syncing: panic_on_warn set ... [ 28.273407] [ 28.280737] CPU: 0 PID: 3152 Comm: syzkaller518961 Tainted: G B 4.15.0-rc4-next-20171220+ #77 [ 28.290581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.299900] Call Trace: [ 28.302456] dump_stack+0x194/0x257 [ 28.306053] ? arch_local_irq_restore+0x53/0x53 [ 28.310688] ? kasan_end_report+0x32/0x50 [ 28.314804] ? lock_downgrade+0x980/0x980 [ 28.318922] ? vsnprintf+0x1ed/0x1900 [ 28.322694] ? __schedule+0xcf0/0x2060 [ 28.326549] panic+0x1e4/0x41c [ 28.329711] ? refcount_error_report+0x214/0x214 [ 28.334440] ? print_shadow_for_address+0xdc/0x1a0 [ 28.339334] ? add_taint+0x1c/0x50 [ 28.342851] ? __schedule+0xda3/0x2060 [ 28.346708] kasan_end_report+0x50/0x50 [ 28.350653] kasan_report+0x144/0x340 [ 28.354424] __asan_report_load8_noabort+0x14/0x20 [ 28.359320] __schedule+0xda3/0x2060 [ 28.363022] ? __sched_text_start+0x8/0x8 [ 28.367140] ? trace_hardirqs_on+0xd/0x10 [ 28.371259] ? __call_srcu+0x7ee/0x1020 [ 28.375204] ? do_raw_spin_trylock+0x190/0x190 [ 28.379755] ? do_raw_spin_trylock+0x190/0x190 [ 28.384314] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 28.390166] ? __debug_object_init+0x235/0x1040 [ 28.394813] preempt_schedule_common+0x22/0x60 [ 28.399373] _cond_resched+0x1d/0x30 [ 28.403054] wait_for_completion+0xa5/0x770 [ 28.407346] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.412331] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 28.418098] ? __lockdep_init_map+0xe4/0x650 [ 28.422478] ? __init_waitqueue_head+0x97/0x140 [ 28.427116] ? init_wait_entry+0x1b0/0x1b0 [ 28.431326] __synchronize_srcu+0x1ad/0x260 [ 28.435615] ? call_srcu+0x10/0x10 [ 28.439123] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 28.444634] ? irq_matrix_allocated+0x80/0x80 [ 28.449098] ? synchronize_srcu+0x3c5/0x570 [ 28.453390] synchronize_srcu+0x1a3/0x570 [ 28.457507] ? synchronize_srcu+0x1a3/0x570 [ 28.461798] ? lock_downgrade+0x980/0x980 [ 28.465939] ? synchronize_srcu_expedited+0x20/0x20 [ 28.470929] ? lock_release+0xa40/0xa40 [ 28.474882] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 28.479715] ? do_raw_spin_trylock+0x190/0x190 [ 28.484286] kvm_page_track_unregister_notifier+0x186/0x270 [ 28.489974] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 28.495401] ? kvfree+0x36/0x60 [ 28.498649] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.503641] kvm_mmu_uninit_vm+0x1c/0x20 [ 28.507675] kvm_arch_destroy_vm+0x73b/0x980 [ 28.512050] ? kvm_arch_sync_events+0x30/0x30 [ 28.516514] ? mmdrop+0x18/0x30 [ 28.519766] ? mmu_notifier_unregister+0x437/0x5c0 [ 28.524660] ? kvm_put_kvm+0x47a/0xde0 [ 28.528515] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 28.534365] ? __free_pages+0x107/0x150 [ 28.538305] ? free_unref_page+0x9e0/0x9e0 [ 28.542507] ? quarantine_put+0xeb/0x190 [ 28.546532] ? kfree+0xf0/0x260 [ 28.549775] ? kvm_put_kvm+0x614/0xde0 [ 28.553627] ? free_pages+0x51/0x90 [ 28.557219] kvm_put_kvm+0x695/0xde0 [ 28.560906] ? kvm_clear_guest+0xb0/0xb0 [ 28.564946] ? kvm_irqfd_release+0xd1/0x120 [ 28.569235] ? lock_downgrade+0x980/0x980 [ 28.573356] ? _raw_spin_unlock_irq+0x27/0x70 [ 28.577817] ? kvm_irqfd_release+0xdd/0x120 [ 28.582108] ? kvm_irqfd_release+0xdd/0x120 [ 28.586395] ? kvm_put_kvm+0xde0/0xde0 [ 28.590251] kvm_vm_release+0x42/0x50 [ 28.594019] __fput+0x327/0x7e0 [ 28.597273] ? fput+0x140/0x140 [ 28.600527] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 28.606384] ? _raw_spin_unlock_irq+0x27/0x70 [ 28.610852] ____fput+0x15/0x20 [ 28.614099] task_work_run+0x199/0x270 [ 28.617953] ? task_work_cancel+0x210/0x210 [ 28.622238] ? _raw_spin_unlock+0x22/0x30 [ 28.626352] ? switch_task_namespaces+0x87/0xc0 [ 28.630990] do_exit+0x9bb/0x1ad0 [ 28.634411] ? kvm_vcpu_fault+0x520/0x520 [ 28.638525] ? mm_update_next_owner+0x930/0x930 [ 28.643161] ? avc_has_extended_perms+0x7fa/0x12c0 [ 28.648055] ? unwind_get_return_address+0x61/0xa0 [ 28.652950] ? avc_ss_reset+0x110/0x110 [ 28.656905] ? putname+0xee/0x130 [ 28.660325] ? save_stack+0xa3/0xd0 [ 28.663915] ? save_stack+0x43/0xd0 [ 28.667504] ? kasan_slab_free+0x71/0xc0 [ 28.671527] ? putname+0xee/0x130 [ 28.674944] ? do_sys_open+0x31b/0x6d0 [ 28.678793] ? SyS_openat+0x30/0x40 [ 28.682387] ? debug_check_no_obj_freed+0x3da/0xf1f [ 28.687376] ? __lock_is_held+0xb6/0x140 [ 28.691411] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 28.697259] ? get_unused_fd_flags+0x190/0x190 [ 28.701811] ? kvm_vcpu_fault+0x520/0x520 [ 28.705924] ? do_vfs_ioctl+0x486/0x1520 [ 28.709949] ? _cond_resched+0x14/0x30 [ 28.713803] ? ioctl_preallocate+0x2b0/0x2b0 [ 28.718178] ? selinux_capable+0x40/0x40 [ 28.722201] ? putname+0xf3/0x130 [ 28.725624] do_group_exit+0x149/0x400 [ 28.729478] ? SyS_exit+0x30/0x30 [ 28.732897] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.737880] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.742603] SyS_exit_group+0x1d/0x20 [ 28.746366] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 28.751084] RIP: 0033:0x43ed88 [ 28.754238] RSP: 002b:00007fff6f16b3a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 28.761910] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ed88 [ 28.769145] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 28.776379] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 28.783612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 28.790845] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 28.798091] [ 28.798093] ====================================================== [ 28.798095] WARNING: possible circular locking dependency detected [ 28.798096] 4.15.0-rc4-next-20171220+ #77 Not tainted [ 28.798098] ------------------------------------------------------ [ 28.798099] syzkaller518961/3152 is trying to acquire lock: [ 28.798100] ((console_sem).lock){..-.}, at: [<00000000850a6214>] down_trylock+0x13/0x70 [ 28.798104] [ 28.798105] but task is already holding lock: [ 28.798105] (report_lock){....}, at: [<00000000acef1aaf>] kasan_report+0x6b/0x340 [ 28.798109] [ 28.798110] which lock already depends on the new lock. [ 28.798111] [ 28.798112] [ 28.798113] the existing dependency chain (in reverse order) is: [ 28.798114] [ 28.798115] -> #3 (report_lock){....}: [ 28.798119] _raw_spin_lock_irqsave+0x96/0xc0 [ 28.798120] kasan_report+0x6b/0x340 [ 28.798121] __asan_report_load8_noabort+0x14/0x20 [ 28.798122] __schedule+0xda3/0x2060 [ 28.798124] preempt_schedule_common+0x22/0x60 [ 28.798125] _cond_resched+0x1d/0x30 [ 28.798126] wait_for_completion+0xa5/0x770 [ 28.798127] __synchronize_srcu+0x1ad/0x260 [ 28.798128] synchronize_srcu+0x1a3/0x570 [ 28.798130] kvm_page_track_unregister_notifier+0x186/0x270 [ 28.798131] kvm_mmu_uninit_vm+0x1c/0x20 [ 28.798132] kvm_arch_destroy_vm+0x73b/0x980 [ 28.798133] kvm_put_kvm+0x695/0xde0 [ 28.798134] kvm_vm_release+0x42/0x50 [ 28.798136] __fput+0x327/0x7e0 [ 28.798137] ____fput+0x15/0x20 [ 28.798138] task_work_run+0x199/0x270 [ 28.798139] do_exit+0x9bb/0x1ad0 [ 28.798140] do_group_exit+0x149/0x400 [ 28.798141] SyS_exit_group+0x1d/0x20 [ 28.798142] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 28.798143] [ 28.798144] -> #2 (&rq->lock){-.-.}: [ 28.798148] _raw_spin_lock+0x2a/0x40 [ 28.798149] task_fork_fair+0x7a/0x690 [ 28.798150] sched_fork+0x435/0xc00 [ 28.798151] copy_process.part.37+0x1758/0x4b60 [ 28.798152] _do_fork+0x1f7/0xf70 [ 28.798153] kernel_thread+0x34/0x40 [ 28.798154] rest_init+0x22/0xf0 [ 28.798155] start_kernel+0x7f1/0x819 [ 28.798157] x86_64_start_reservations+0x2a/0x2c [ 28.798158] x86_64_start_kernel+0x77/0x7a [ 28.798159] secondary_startup_64+0xa5/0xb0 [ 28.798160] [ 28.798160] -> #1 (&p->pi_lock){-.-.}: [ 28.798164] _raw_spin_lock_irqsave+0x96/0xc0 [ 28.798166] try_to_wake_up+0xbc/0x1600 [ 28.798167] wake_up_process+0x10/0x20 [ 28.798168] __up.isra.0+0x1cc/0x2c0 [ 28.798169] up+0x13b/0x1d0 [ 28.798170] __up_console_sem+0xb2/0x1a0 [ 28.798171] console_unlock+0x538/0xd70 [ 28.798172] vprintk_emit+0x4ad/0x590 [ 28.798173] vprintk_default+0x28/0x30 [ 28.798174] vprintk_func+0x57/0xc0 [ 28.798175] printk+0xaa/0xca [ 28.798176] regdb_fw_cb+0x1d7/0x220 [ 28.798178] request_firmware_work_func+0x151/0x2c0 [ 28.798179] process_one_work+0xbbf/0x1af0 [ 28.798180] worker_thread+0x223/0x1990 [ 28.798181] kthread+0x33c/0x400 [ 28.798182] ret_from_fork+0x24/0x30 [ 28.798183] [ 28.798183] -> #0 ((console_sem).lock){..-.}: [ 28.798187] lock_acquire+0x1d5/0x580 [ 28.798189] _raw_spin_lock_irqsave+0x96/0xc0 [ 28.798190] down_trylock+0x13/0x70 [ 28.798191] __down_trylock_console_sem+0xa2/0x1e0 [ 28.798192] console_trylock+0x15/0x100 [ 28.798193] vprintk_emit+0x49b/0x590 [ 28.798195] vprintk_default+0x28/0x30 [ 28.798196] vprintk_func+0x57/0xc0 [ 28.798197] printk+0xaa/0xca [ 28.798198] kasan_report+0x7b/0x340 [ 28.798199] __asan_report_load8_noabort+0x14/0x20 [ 28.798200] __schedule+0xda3/0x2060 [ 28.798201] preempt_schedule_common+0x22/0x60 [ 28.798203] _cond_resched+0x1d/0x30 [ 28.798204] wait_for_completion+0xa5/0x770 [ 28.798205] __synchronize_srcu+0x1ad/0x260 [ 28.798206] synchronize_srcu+0x1a3/0x570 [ 28.798208] kvm_page_track_unregister_notifier+0x186/0x270 [ 28.798209] kvm_mmu_uninit_vm+0x1c/0x20 [ 28.798210] kvm_arch_destroy_vm+0x73b/0x980 [ 28.798211] kvm_put_kvm+0x695/0xde0 [ 28.798212] kvm_vm_release+0x42/0x50 [ 28.798213] __fput+0x327/0x7e0 [ 28.798214] ____fput+0x15/0x20 [ 28.798215] task_work_run+0x199/0x270 [ 28.798217] do_exit+0x9bb/0x1ad0 [ 28.798218] do_group_exit+0x149/0x400 [ 28.798219] SyS_exit_group+0x1d/0x20 [ 28.798220] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 28.798221] [ 28.798222] other info that might help us debug this: [ 28.798223] [ 28.798224] Chain exists of: [ 28.798224] (console_sem).lock --> &rq->lock --> report_lock [ 28.798229] [ 28.798230] Possible unsafe locking scenario: [ 28.798231] [ 28.798232] CPU0 CPU1 [ 28.798233] ---- ---- [ 28.798234] lock(report_lock); [ 28.798237] lock(&rq->lock); [ 28.798239] lock(report_lock); [ 28.798241] lock((console_sem).lock); [ 28.798244] [ 28.798245] *** DEADLOCK *** [ 28.798245] [ 28.798246] 2 locks held by syzkaller518961/3152: [ 28.798247] #0: (&rq->lock){-.-.}, at: [<000000005eb826fe>] __schedule+0x24e/0x2060 [ 28.798251] #1: (report_lock){....}, at: [<00000000acef1aaf>] kasan_report+0x6b/0x340 [ 28.798255] [ 28.798256] stack backtrace: [ 28.798258] CPU: 0 PID: 3152 Comm: syzkaller518961 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 28.798260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.798261] Call Trace: [ 28.798262] dump_stack+0x194/0x257 [ 28.798264] ? arch_local_irq_restore+0x53/0x53 [ 28.798265] print_circular_bug.isra.37+0x2cd/0x2dc [ 28.798266] ? save_trace+0xe0/0x2b0 [ 28.798267] __lock_acquire+0x30a8/0x3e00 [ 28.798268] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 28.798270] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 28.798271] ? print_lockdep_cache.isra.31+0x109/0x109 [ 28.798272] ? save_stack_trace+0x1a/0x20 [ 28.798273] ? save_trace+0xe0/0x2b0 [ 28.798275] ? __lock_acquire+0x36c0/0x3e00 [ 28.798276] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 28.798277] ? __lock_is_held+0xb6/0x140 [ 28.798278] ? __lock_is_held+0xb6/0x140 [ 28.798279] lock_acquire+0x1d5/0x580 [ 28.798280] ? lock_acquire+0x1d5/0x580 [ 28.798281] ? down_trylock+0x13/0x70 [ 28.798282] ? find_held_lock+0x35/0x1d0 [ 28.798284] ? lock_release+0xa40/0xa40 [ 28.798285] ? vprintk_emit+0x379/0x590 [ 28.798286] ? lock_downgrade+0x980/0x980 [ 28.798287] ? kvm_sched_clock_read+0x25/0x40 [ 28.798288] ? sched_clock+0x31/0x40 [ 28.798289] ? sched_clock_cpu+0x1b/0x170 [ 28.798290] ? vprintk_emit+0x49b/0x590 [ 28.798291] _raw_spin_lock_irqsave+0x96/0xc0 [ 28.798293] ? down_trylock+0x13/0x70 [ 28.798294] down_trylock+0x13/0x70 [ 28.798295] ? vprintk_emit+0x49b/0x590 [ 28.798296] __down_trylock_console_sem+0xa2/0x1e0 [ 28.798297] console_trylock+0x15/0x100 [ 28.798298] vprintk_emit+0x49b/0x590 [ 28.798299] vprintk_default+0x28/0x30 [ 28.798300] vprintk_func+0x57/0xc0 [ 28.798301] printk+0xaa/0xca [ 28.798302] ? show_regs_print_info+0x18/0x18 [ 28.798303] ? __schedule+0xda3/0x2060 [ 28.798305] kasan_report+0x7b/0x340 [ 28.798306] __asan_report_load8_noabort+0x14/0x20 [ 28.798307] __schedule+0xda3/0x2060 [ 28.798308] ? __sched_text_start+0x8/0x8 [ 28.798309] ? trace_hardirqs_on+0xd/0x10 [ 28.798310] ? __call_srcu+0x7ee/0x1020 [ 28.798312] ? do_raw_spin_trylock+0x190/0x190 [ 28.798313] ? do_raw_spin_trylock+0x190/0x190 [ 28.798314] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 28.798315] ? __debug_object_init+0x235/0x1040 [ 28.798317] preempt_schedule_common+0x22/0x60 [ 28.798318] _cond_resched+0x1d/0x30 [ 28.798319] wait_for_completion+0xa5/0x770 [ 28.798320] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.798322] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 28.798323] ? __lockdep_init_map+0xe4/0x650 [ 28.798324] ? __init_waitqueue_head+0x97/0x140 [ 28.798325] ? init_wait_entry+0x1b0/0x1b0 [ 28.798326] __synchronize_srcu+0x1ad/0x260 [ 28.798327] ? call_srcu+0x10/0x10 [ 28.798329] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 28.798330] ? irq_matrix_allocated+0x80/0x80 [ 28.798331] ? synchronize_srcu+0x3c5/0x570 [ 28.798332] synchronize_srcu+0x1a3/0x570 [ 28.798333] ? synchronize_srcu+0x1a3/0x570 [ 28.798335] ? lock_downgrade+0x980/0x980 [ 28.798336] ? synchronize_srcu_expedited+0x20/0x20 [ 28.798337] ? lock_release+0xa40/0xa40 [ 28.798338] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 28.798340] ? do_raw_spin_trylock+0x190/0x190 [ 28.798341] kvm_page_track_unregister_notifier+0x186/0x270 [ 28.798342] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 28.798343] ? kvfree+0x36/0x60 [ 28.798345] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.798346] kvm_mmu_uninit_vm+0x1c/0x20 [ 28.798347] kvm_arch_destroy_vm+0x73b/0x980 [ 28.798348] ? kvm_arch_sync_events+0x30/0x30 [ 28.798349] ? mmdrop+0x18/0x30 [ 28.798351] ? mmu_notifier_unregister+0x437/0x5c0 [ 28.798352] ? kvm_put_kvm+0x47a/0xde0 [ 28.798353] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 28.798354] ? __free_pages+0x107/0x150 [ 28.798355] ? free_unref_page+0x9e0/0x9e0 [ 28.798356] ? quarantine_put+0xeb/0x190 [ 28.798357] ? kfree+0xf0/0x260 [ 28.798359] ? kvm_put_kvm+0x614/0xde0 [ 28.798360] ? free_pages+0x51/0x90 [ 28.798361] kvm_put_kvm+0x695/0xde0 [ 28.798362] ? kvm_clear_guest+0xb0/0xb0 [ 28.798363] ? kvm_irqfd_release+0xd1/0x120 [ 28.798364] ? lock_downgrade+0x980/0x980 [ 28.798365] ? _raw_spin_unlock_irq+0x27/0x70 [ 28.798366] ? kvm_irqfd_release+0xdd/0x120 [ 28.798368] ? kvm_irqfd_release+0xdd/0x120 [ 28.798369] ? kvm_put_kvm+0xde0/0xde0 [ 28.798370] kvm_vm_release+0x42/0x50 [ 28.798371] __fput+0x327/0x7e0 [ 28.798372] ? fput+0x140/0x140 [ 28.798373] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 28.798374] ? _raw_spin_unlock_irq+0x27/0x70 [ 28.798375] ____fput+0x15/0x20 [ 28.798376] task_work_run+0x199/0x270 [ 28.798378] ? task_work_cancel+0x210/0x210 [ 28.798379] ? _raw_spin_unlock+0x22/0x30 [ 28.798380] ? switch_task_namespaces+0x87/0xc0 [ 28.798381] do_exit+0x9bb/0x1ad0 [ 28.798382] ? kvm_vcpu_fault+0x520/0x520 [ 28.798383] ? mm_update_next_owner+0x930/0x930 [ 28.798385] ? avc_has_extended_perms+0x7fa/0x12c0 [ 28.798386] ? unwind_get_return_address+0x61/0xa0 [ 28.798387] ? avc_ss_reset+0x110/0x110 [ 28.798388] ? putname+0xee/0x130 [ 28.798389] ? save_stack+0xa3/0xd0 [ 28.798390] ? save_stack+0x43/0xd0 [ 28.798391] ? kasan_slab_free+0x71/0xc0 [ 28.798392] ? putname+0xee/0x130 [ 28.798393] ? do_sys_open+0x31b/0x6d0 [ 28.798394] ? SyS_openat+0x30/0x40 [ 28.798396] ? debug_check_no_obj_freed+0x3da/0xf1f [ 28.798397] ? __lock_is_held+0xb6/0x140 [ 28.798398] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 28.798399] ? get [ 28.798401] Lost 20 message(s)! [ 29.872923] Shutting down cpus with NMI [ 30.927300] Dumping ftrace buffer: [ 30.930814] (ftrace buffer empty) [ 30.934492] Kernel Offset: disabled [ 30.938095] Rebooting in 86400 seconds..