[....] Starting enhanced syslogd: rsyslogd[ 10.090994] audit: type=1400 audit(1513877915.153:5): avc: denied { syslog } for pid=2989 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 12.696535] audit: type=1400 audit(1513877917.759:6): avc: denied { map } for pid=3128 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-7,10.128.0.35' (ECDSA) to the list of known hosts. executing program [ 18.862295] audit: type=1400 audit(1513877923.925:7): avc: denied { map } for pid=3142 comm="syzkaller021929" path="/root/syzkaller021929070" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 18.894932] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 18.906894] ================================================================== [ 18.915359] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 18.921555] Read of size 8 at addr ffff8801c92d8058 by task syzkaller021929/3142 [ 18.929050] [ 18.930645] CPU: 1 PID: 3142 Comm: syzkaller021929 Not tainted 4.15.0-rc4-mm1+ #47 [ 18.938314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.947630] Call Trace: [ 18.950182] dump_stack+0x194/0x257 [ 18.953779] ? arch_local_irq_restore+0x53/0x53 [ 18.958414] ? show_regs_print_info+0x18/0x18 [ 18.962878] ? __schedule+0xda3/0x2060 [ 18.966735] print_address_description+0x73/0x250 [ 18.971544] ? __schedule+0xda3/0x2060 [ 18.975400] kasan_report+0x23b/0x360 [ 18.979170] __asan_report_load8_noabort+0x14/0x20 [ 18.984063] __schedule+0xda3/0x2060 [ 18.987747] ? __sched_text_start+0x8/0x8 [ 18.991861] ? trace_hardirqs_on+0xd/0x10 [ 18.995976] ? __call_srcu+0x7ee/0x1020 [ 18.999915] ? do_raw_spin_trylock+0x190/0x190 [ 19.004464] ? do_raw_spin_trylock+0x190/0x190 [ 19.009019] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 19.014869] ? __debug_object_init+0x235/0x1040 [ 19.019509] preempt_schedule_common+0x22/0x60 [ 19.024057] _cond_resched+0x1d/0x30 [ 19.027738] wait_for_completion+0xa5/0x770 [ 19.032025] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 19.037010] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 19.042773] ? __lockdep_init_map+0xe4/0x650 [ 19.047151] ? __init_waitqueue_head+0x97/0x140 [ 19.051787] ? init_wait_entry+0x1b0/0x1b0 [ 19.055997] __synchronize_srcu+0x1ad/0x260 [ 19.060285] ? call_srcu+0x10/0x10 [ 19.063790] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 19.069300] ? irq_matrix_allocated+0x80/0x80 [ 19.073760] ? synchronize_srcu+0x3c5/0x570 [ 19.078052] synchronize_srcu+0x1a3/0x570 [ 19.082166] ? synchronize_srcu+0x1a3/0x570 [ 19.086452] ? lock_downgrade+0x980/0x980 [ 19.090566] ? synchronize_srcu_expedited+0x20/0x20 [ 19.095546] ? lock_release+0xa40/0xa40 [ 19.099487] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 19.104295] ? do_raw_spin_trylock+0x190/0x190 [ 19.108853] kvm_page_track_unregister_notifier+0x186/0x270 [ 19.114530] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 19.119946] ? kvfree+0x36/0x60 [ 19.123193] ? rcu_read_lock_sched_held+0x108/0x120 [ 19.128179] kvm_mmu_uninit_vm+0x1c/0x20 [ 19.132204] kvm_arch_destroy_vm+0x73b/0x980 [ 19.136584] ? kvm_arch_sync_events+0x30/0x30 [ 19.141044] ? mmdrop+0x18/0x30 [ 19.144296] ? mmu_notifier_unregister+0x43c/0x5c0 [ 19.149189] ? kvm_put_kvm+0x47a/0xde0 [ 19.153047] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 19.158984] ? __free_pages+0x107/0x150 [ 19.162926] ? free_unref_page+0x9e0/0x9e0 [ 19.167127] ? quarantine_put+0xeb/0x190 [ 19.171153] ? kfree+0xf0/0x260 [ 19.174401] ? kvm_put_kvm+0x614/0xde0 [ 19.178256] ? free_pages+0x51/0x90 [ 19.181853] kvm_put_kvm+0x695/0xde0 [ 19.185537] ? kvm_clear_guest+0xb0/0xb0 [ 19.189568] ? kvm_irqfd_release+0xd1/0x120 [ 19.193858] ? lock_downgrade+0x980/0x980 [ 19.197981] ? _raw_spin_unlock_irq+0x27/0x70 [ 19.202447] ? kvm_irqfd_release+0xdd/0x120 [ 19.206732] ? kvm_irqfd_release+0xdd/0x120 [ 19.211019] ? kvm_put_kvm+0xde0/0xde0 [ 19.214874] kvm_vm_release+0x42/0x50 [ 19.218640] __fput+0x327/0x7e0 [ 19.221889] ? fput+0x140/0x140 [ 19.225134] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 19.230981] ? _raw_spin_unlock_irq+0x27/0x70 [ 19.235445] ____fput+0x15/0x20 [ 19.238691] task_work_run+0x199/0x270 [ 19.242549] ? task_work_cancel+0x210/0x210 [ 19.246835] ? _raw_spin_unlock+0x22/0x30 [ 19.250947] ? switch_task_namespaces+0x87/0xc0 [ 19.255584] do_exit+0x9bb/0x1ad0 [ 19.259001] ? kvm_vcpu_fault+0x520/0x520 [ 19.263119] ? mm_update_next_owner+0x930/0x930 [ 19.267752] ? find_held_lock+0x35/0x1d0 [ 19.271784] ? handle_mm_fault+0x2a0/0x930 [ 19.275985] ? find_held_lock+0x35/0x1d0 [ 19.280019] ? __do_page_fault+0x5f7/0xc90 [ 19.284219] ? lock_downgrade+0x980/0x980 [ 19.288338] ? down_read_trylock+0xdb/0x170 [ 19.292627] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 19.297173] ? vmacache_find+0x5f/0x280 [ 19.301112] ? vmacache_update+0xfe/0x130 [ 19.305229] ? up_read+0x1a/0x40 [ 19.308564] ? __do_page_fault+0x3d6/0xc90 [ 19.312769] ? kvm_vcpu_fault+0x520/0x520 [ 19.316881] ? do_vfs_ioctl+0x486/0x1520 [ 19.320908] ? _cond_resched+0x14/0x30 [ 19.324764] ? ioctl_preallocate+0x2b0/0x2b0 [ 19.329141] ? selinux_capable+0x40/0x40 [ 19.333170] ? putname+0xf3/0x130 [ 19.336606] do_group_exit+0x149/0x400 [ 19.340459] ? SyS_exit+0x30/0x30 [ 19.343880] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 19.348862] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 19.353586] SyS_exit_group+0x1d/0x20 [ 19.357353] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.362074] RIP: 0033:0x43ed88 [ 19.365230] RSP: 002b:00007ffdbab34868 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 19.372901] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ed88 [ 19.380138] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 19.387375] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 19.394609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 19.401845] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 19.409089] [ 19.410682] Allocated by task 3142: [ 19.414277] save_stack+0x43/0xd0 [ 19.417697] kasan_kmalloc+0xad/0xe0 [ 19.421374] kasan_slab_alloc+0x12/0x20 [ 19.425311] kmem_cache_alloc+0x12e/0x760 [ 19.429426] vmx_create_vcpu+0xc4/0x2f20 [ 19.433451] kvm_arch_vcpu_create+0x12c/0x1a0 [ 19.437910] kvm_vm_ioctl+0x48b/0x1c60 [ 19.441760] do_vfs_ioctl+0x1b1/0x1520 [ 19.445609] SyS_ioctl+0x8f/0xc0 [ 19.448942] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.453661] [ 19.455252] Freed by task 3142: [ 19.458495] save_stack+0x43/0xd0 [ 19.461912] kasan_slab_free+0x71/0xc0 [ 19.465850] kmem_cache_free+0x83/0x2a0 [ 19.469789] vmx_free_vcpu+0x1ee/0x260 [ 19.473640] kvm_arch_destroy_vm+0x4a2/0x980 [ 19.478010] kvm_put_kvm+0x695/0xde0 [ 19.481690] kvm_vm_release+0x42/0x50 [ 19.485458] __fput+0x327/0x7e0 [ 19.488704] ____fput+0x15/0x20 [ 19.491948] task_work_run+0x199/0x270 [ 19.495799] do_exit+0x9bb/0x1ad0 [ 19.499218] do_group_exit+0x149/0x400 [ 19.503070] SyS_exit_group+0x1d/0x20 [ 19.506835] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.511550] [ 19.513145] The buggy address belongs to the object at ffff8801c92d8040 [ 19.513145] which belongs to the cache kvm_vcpu of size 23872 [ 19.525677] The buggy address is located 24 bytes inside of [ 19.525677] 23872-byte region [ffff8801c92d8040, ffff8801c92ddd80) [ 19.537602] The buggy address belongs to the page: [ 19.542496] page:ffffea000724b600 count:1 mapcount:0 mapping:ffff8801c92d8040 index:0x0 compound_mapcount: 0 [ 19.552428] flags: 0x2fffc0000008100(slab|head) [ 19.557066] raw: 02fffc0000008100 ffff8801c92d8040 0000000000000000 0000000100000001 [ 19.564911] raw: ffff8801d6420448 ffff8801d6420448 ffff8801d641e3c0 0000000000000000 [ 19.572752] page dumped because: kasan: bad access detected [ 19.578422] [ 19.580017] Memory state around the buggy address: [ 19.584909] ffff8801c92d7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.592232] ffff8801c92d7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.599555] >ffff8801c92d8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 19.606885] ^ [ 19.613080] ffff8801c92d8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.620402] ffff8801c92d8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.627723] ================================================================== [ 19.635044] Kernel panic - not syncing: panic_on_warn set ... [ 19.635044] [ 19.642373] CPU: 1 PID: 3142 Comm: syzkaller021929 Tainted: G B 4.15.0-rc4-mm1+ #47 [ 19.651343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.660660] Call Trace: [ 19.663216] dump_stack+0x194/0x257 [ 19.666811] ? arch_local_irq_restore+0x53/0x53 [ 19.671444] ? kasan_end_report+0x32/0x50 [ 19.675557] ? lock_downgrade+0x980/0x980 [ 19.679673] ? vsnprintf+0x1ed/0x1900 [ 19.683440] ? __schedule+0xcf0/0x2060 [ 19.687293] panic+0x1e4/0x41c [ 19.690450] ? refcount_error_report+0x214/0x214 [ 19.695179] ? print_shadow_for_address+0xdc/0x1a0 [ 19.700075] ? add_taint+0x1c/0x50 [ 19.703582] ? __schedule+0xda3/0x2060 [ 19.707434] kasan_end_report+0x50/0x50 [ 19.711372] kasan_report+0x148/0x360 [ 19.715141] __asan_report_load8_noabort+0x14/0x20 [ 19.720034] __schedule+0xda3/0x2060 [ 19.723721] ? __sched_text_start+0x8/0x8 [ 19.727834] ? trace_hardirqs_on+0xd/0x10 [ 19.731952] ? __call_srcu+0x7ee/0x1020 [ 19.735891] ? do_raw_spin_trylock+0x190/0x190 [ 19.740439] ? do_raw_spin_trylock+0x190/0x190 [ 19.744999] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 19.750848] ? __debug_object_init+0x235/0x1040 [ 19.755491] preempt_schedule_common+0x22/0x60 [ 19.760041] _cond_resched+0x1d/0x30 [ 19.763719] wait_for_completion+0xa5/0x770 [ 19.768008] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 19.772992] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 19.778755] ? __lockdep_init_map+0xe4/0x650 [ 19.783135] ? __init_waitqueue_head+0x97/0x140 [ 19.787768] ? init_wait_entry+0x1b0/0x1b0 [ 19.791974] __synchronize_srcu+0x1ad/0x260 [ 19.796262] ? call_srcu+0x10/0x10 [ 19.799767] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 19.805276] ? irq_matrix_allocated+0x80/0x80 [ 19.809739] ? synchronize_srcu+0x3c5/0x570 [ 19.814028] synchronize_srcu+0x1a3/0x570 [ 19.818140] ? synchronize_srcu+0x1a3/0x570 [ 19.822434] ? lock_downgrade+0x980/0x980 [ 19.826546] ? synchronize_srcu_expedited+0x20/0x20 [ 19.831529] ? lock_release+0xa40/0xa40 [ 19.835470] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 19.840281] ? do_raw_spin_trylock+0x190/0x190 [ 19.844841] kvm_page_track_unregister_notifier+0x186/0x270 [ 19.850520] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 19.855938] ? kvfree+0x36/0x60 [ 19.859182] ? rcu_read_lock_sched_held+0x108/0x120 [ 19.864169] kvm_mmu_uninit_vm+0x1c/0x20 [ 19.868195] kvm_arch_destroy_vm+0x73b/0x980 [ 19.872572] ? kvm_arch_sync_events+0x30/0x30 [ 19.877034] ? mmdrop+0x18/0x30 [ 19.880282] ? mmu_notifier_unregister+0x43c/0x5c0 [ 19.885178] ? kvm_put_kvm+0x47a/0xde0 [ 19.889037] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 19.894976] ? __free_pages+0x107/0x150 [ 19.898918] ? free_unref_page+0x9e0/0x9e0 [ 19.903122] ? quarantine_put+0xeb/0x190 [ 19.907149] ? kfree+0xf0/0x260 [ 19.910396] ? kvm_put_kvm+0x614/0xde0 [ 19.914254] ? free_pages+0x51/0x90 [ 19.917851] kvm_put_kvm+0x695/0xde0 [ 19.921539] ? kvm_clear_guest+0xb0/0xb0 [ 19.925571] ? kvm_irqfd_release+0xd1/0x120 [ 19.929857] ? lock_downgrade+0x980/0x980 [ 19.933980] ? _raw_spin_unlock_irq+0x27/0x70 [ 19.938449] ? kvm_irqfd_release+0xdd/0x120 [ 19.942735] ? kvm_irqfd_release+0xdd/0x120 [ 19.947024] ? kvm_put_kvm+0xde0/0xde0 [ 19.950884] kvm_vm_release+0x42/0x50 [ 19.954654] __fput+0x327/0x7e0 [ 19.957903] ? fput+0x140/0x140 [ 19.961154] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 19.967001] ? _raw_spin_unlock_irq+0x27/0x70 [ 19.971467] ____fput+0x15/0x20 [ 19.974718] task_work_run+0x199/0x270 [ 19.978573] ? task_work_cancel+0x210/0x210 [ 19.982862] ? _raw_spin_unlock+0x22/0x30 [ 19.986978] ? switch_task_namespaces+0x87/0xc0 [ 19.991616] do_exit+0x9bb/0x1ad0 [ 19.995050] ? kvm_vcpu_fault+0x520/0x520 [ 19.999168] ? mm_update_next_owner+0x930/0x930 [ 20.003800] ? find_held_lock+0x35/0x1d0 [ 20.007840] ? handle_mm_fault+0x2a0/0x930 [ 20.012046] ? find_held_lock+0x35/0x1d0 [ 20.016082] ? __do_page_fault+0x5f7/0xc90 [ 20.020282] ? lock_downgrade+0x980/0x980 [ 20.024404] ? down_read_trylock+0xdb/0x170 [ 20.028692] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 20.033238] ? vmacache_find+0x5f/0x280 [ 20.037177] ? vmacache_update+0xfe/0x130 [ 20.041296] ? up_read+0x1a/0x40 [ 20.044630] ? __do_page_fault+0x3d6/0xc90 [ 20.048838] ? kvm_vcpu_fault+0x520/0x520 [ 20.052954] ? do_vfs_ioctl+0x486/0x1520 [ 20.056983] ? _cond_resched+0x14/0x30 [ 20.060838] ? ioctl_preallocate+0x2b0/0x2b0 [ 20.065218] ? selinux_capable+0x40/0x40 [ 20.069248] ? putname+0xf3/0x130 [ 20.072672] do_group_exit+0x149/0x400 [ 20.076528] ? SyS_exit+0x30/0x30 [ 20.079950] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 20.084932] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 20.089657] SyS_exit_group+0x1d/0x20 [ 20.093422] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 20.098143] RIP: 0033:0x43ed88 [ 20.101297] RSP: 002b:00007ffdbab34868 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 20.108970] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ed88 [ 20.116217] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 20.123451] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 20.130686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 20.137919] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 20.145183] [ 20.145185] ====================================================== [ 20.145188] WARNING: possible circular locking dependency detected [ 20.145190] 4.15.0-rc4-mm1+ #47 Not tainted [ 20.145192] ------------------------------------------------------ [ 20.145194] syzkaller021929/3142 is trying to acquire lock: [ 20.145195] ((console_sem).lock){..-.}, at: [<00000000d343ee87>] down_trylock+0x13/0x70 [ 20.145200] [ 20.145202] but task is already holding lock: [ 20.145203] (report_lock){....}, at: [<000000005c91de34>] kasan_report+0x6b/0x360 [ 20.145208] [ 20.145210] which lock already depends on the new lock. [ 20.145211] [ 20.145212] [ 20.145214] the existing dependency chain (in reverse order) is: [ 20.145215] [ 20.145216] -> #3 (report_lock){....}: [ 20.145221] _raw_spin_lock_irqsave+0x96/0xc0 [ 20.145223] kasan_report+0x6b/0x360 [ 20.145225] __asan_report_load8_noabort+0x14/0x20 [ 20.145226] __schedule+0xda3/0x2060 [ 20.145228] preempt_schedule_common+0x22/0x60 [ 20.145230] _cond_resched+0x1d/0x30 [ 20.145232] wait_for_completion+0xa5/0x770 [ 20.145233] __synchronize_srcu+0x1ad/0x260 [ 20.145235] synchronize_srcu+0x1a3/0x570 [ 20.145237] kvm_page_track_unregister_notifier+0x186/0x270 [ 20.145239] kvm_mmu_uninit_vm+0x1c/0x20 [ 20.145241] kvm_arch_destroy_vm+0x73b/0x980 [ 20.145242] kvm_put_kvm+0x695/0xde0 [ 20.145244] kvm_vm_release+0x42/0x50 [ 20.145245] __fput+0x327/0x7e0 [ 20.145247] ____fput+0x15/0x20 [ 20.145249] task_work_run+0x199/0x270 [ 20.145250] do_exit+0x9bb/0x1ad0 [ 20.145252] do_group_exit+0x149/0x400 [ 20.145253] SyS_exit_group+0x1d/0x20 [ 20.145255] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 20.145256] [ 20.145257] -> #2 (&rq->lock){-.-.}: [ 20.145262] _raw_spin_lock+0x2a/0x40 [ 20.145264] task_fork_fair+0x7a/0x690 [ 20.145265] sched_fork+0x435/0xc00 [ 20.145267] copy_process.part.37+0x1758/0x4b60 [ 20.145269] _do_fork+0x1f7/0xf70 [ 20.145270] kernel_thread+0x34/0x40 [ 20.145272] rest_init+0x22/0xf0 [ 20.145273] start_kernel+0x7f1/0x819 [ 20.145275] x86_64_start_reservations+0x2a/0x2c [ 20.145277] x86_64_start_kernel+0x77/0x7a [ 20.145279] secondary_startup_64+0xa5/0xb0 [ 20.145280] [ 20.145281] -> #1 (&p->pi_lock){-.-.}: [ 20.145286] _raw_spin_lock_irqsave+0x96/0xc0 [ 20.145288] try_to_wake_up+0xbc/0x1600 [ 20.145289] wake_up_process+0x10/0x20 [ 20.145291] __up.isra.0+0x1cc/0x2c0 [ 20.145292] up+0x13b/0x1d0 [ 20.145294] __up_console_sem+0xb2/0x1a0 [ 20.145296] console_unlock+0x538/0xd70 [ 20.145297] con_flush_chars+0x6e/0x80 [ 20.145299] n_tty_write+0x71b/0xec0 [ 20.145300] tty_write+0x3fa/0x840 [ 20.145302] __vfs_write+0xef/0x970 [ 20.145303] vfs_write+0x189/0x510 [ 20.145305] SyS_write+0xef/0x220 [ 20.145307] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 20.145308] [ 20.145309] -> #0 ((console_sem).lock){..-.}: [ 20.145314] lock_acquire+0x1d5/0x580 [ 20.145316] _raw_spin_lock_irqsave+0x96/0xc0 [ 20.145317] down_trylock+0x13/0x70 [ 20.145319] __down_trylock_console_sem+0xa2/0x1e0 [ 20.145321] console_trylock+0x15/0x100 [ 20.145323] vprintk_emit+0x49b/0x590 [ 20.145324] vprintk_default+0x28/0x30 [ 20.145326] vprintk_func+0x57/0xc0 [ 20.145327] printk+0xaa/0xca [ 20.145329] kasan_report+0x7b/0x360 [ 20.145331] __asan_report_load8_noabort+0x14/0x20 [ 20.145332] __schedule+0xda3/0x2060 [ 20.145334] preempt_schedule_common+0x22/0x60 [ 20.145336] _cond_resched+0x1d/0x30 [ 20.145338] wait_for_completion+0xa5/0x770 [ 20.145339] __synchronize_srcu+0x1ad/0x260 [ 20.145341] synchronize_srcu+0x1a3/0x570 [ 20.145343] kvm_page_track_unregister_notifier+0x186/0x270 [ 20.145345] kvm_mmu_uninit_vm+0x1c/0x20 [ 20.145347] kvm_arch_destroy_vm+0x73b/0x980 [ 20.145348] kvm_put_kvm+0x695/0xde0 [ 20.145350] kvm_vm_release+0x42/0x50 [ 20.145351] __fput+0x327/0x7e0 [ 20.145353] ____fput+0x15/0x20 [ 20.145354] task_work_run+0x199/0x270 [ 20.145356] do_exit+0x9bb/0x1ad0 [ 20.145358] do_group_exit+0x149/0x400 [ 20.145359] SyS_exit_group+0x1d/0x20 [ 20.145361] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 20.145362] [ 20.145364] other info that might help us debug this: [ 20.145365] [ 20.145366] Chain exists of: [ 20.145367] (console_sem).lock --> &rq->lock --> report_lock [ 20.145373] [ 20.145375] Possible unsafe locking scenario: [ 20.145376] [ 20.145378] CPU0 CPU1 [ 20.145379] ---- ---- [ 20.145380] lock(report_lock); [ 20.145384] lock(&rq->lock); [ 20.145388] lock(report_lock); [ 20.145391] lock((console_sem).lock); [ 20.145394] [ 20.145395] *** DEADLOCK *** [ 20.145396] [ 20.145398] 2 locks held by syzkaller021929/3142: [ 20.145398] #0: (&rq->lock){-.-.}, at: [<00000000cfc5b280>] __schedule+0x24e/0x2060 [ 20.145404] #1: (report_lock){....}, at: [<000000005c91de34>] kasan_report+0x6b/0x360 [ 20.145410] [ 20.145411] stack backtrace: [ 20.145414] CPU: 1 PID: 3142 Comm: syzkaller021929 Not tainted 4.15.0-rc4-mm1+ #47 [ 20.145417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.145418] Call Trace: [ 20.145420] dump_stack+0x194/0x257 [ 20.145422] ? arch_local_irq_restore+0x53/0x53 [ 20.145424] print_circular_bug.isra.37+0x2cd/0x2dc [ 20.145425] ? save_trace+0xe0/0x2b0 [ 20.145427] __lock_acquire+0x30a8/0x3e00 [ 20.145429] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 20.145431] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 20.145433] ? print_lockdep_cache.isra.31+0x109/0x109 [ 20.145434] ? save_stack_trace+0x1a/0x20 [ 20.145436] ? save_trace+0xe0/0x2b0 [ 20.145438] ? __lock_acquire+0x36c0/0x3e00 [ 20.145439] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 20.145441] ? __lock_is_held+0xb6/0x140 [ 20.145443] ? __lock_is_held+0xb6/0x140 [ 20.145444] lock_acquire+0x1d5/0x580 [ 20.145446] ? lock_acquire+0x1d5/0x580 [ 20.145447] ? down_trylock+0x13/0x70 [ 20.145449] ? find_held_lock+0x35/0x1d0 [ 20.145451] ? lock_release+0xa40/0xa40 [ 20.145452] ? vprintk_emit+0x379/0x590 [ 20.145454] ? lock_downgrade+0x980/0x980 [ 20.145456] ? kvm_sched_clock_read+0x25/0x40 [ 20.145457] ? sched_clock+0x31/0x40 [ 20.145459] ? sched_clock_cpu+0x1b/0x170 [ 20.145460] ? vprintk_emit+0x49b/0x590 [ 20.145462] _raw_spin_lock_irqsave+0x96/0xc0 [ 20.145464] ? down_trylock+0x13/0x70 [ 20.145465] down_trylock+0x13/0x70 [ 20.145467] ? vprintk_emit+0x49b/0x590 [ 20.145468] __down_trylock_console_sem+0xa2/0x1e0 [ 20.145470] console_trylock+0x15/0x100 [ 20.145472] vprintk_emit+0x49b/0x590 [ 20.145473] vprintk_default+0x28/0x30 [ 20.145475] vprintk_func+0x57/0xc0 [ 20.145476] printk+0xaa/0xca [ 20.145478] ? show_regs_print_info+0x18/0x18 [ 20.145479] ? __schedule+0xda3/0x2060 [ 20.145481] kasan_report+0x7b/0x360 [ 20.145483] __asan_report_load8_noabort+0x14/0x20 [ 20.145484] __schedule+0xda3/0x2060 [ 20.145486] ? __sched_text_start+0x8/0x8 [ 20.145487] ? trace_hardirqs_on+0xd/0x10 [ 20.145489] ? __call_srcu+0x7ee/0x1020 [ 20.145491] ? do_raw_spin_trylock+0x190/0x190 [ 20.145493] ? do_raw_spin_trylock+0x190/0x190 [ 20.145495] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 20.145496] ? __debug_object_init+0x235/0x1040 [ 20.145498] preempt_schedule_common+0x22/0x60 [ 20.145500] _cond_resched+0x1d/0x30 [ 20.145501] wait_for_completion+0xa5/0x770 [ 20.145503] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 20.145505] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 20.145507] ? __lockdep_init_map+0xe4/0x650 [ 20.145509] ? __init_waitqueue_head+0x97/0x140 [ 20.145511] ? init_wait_entry+0x1b0/0x1b0 [ 20.145512] __synchronize_srcu+0x1ad/0x260 [ 20.145514] ? call_srcu+0x10/0x10 [ 20.145516] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 20.145517] ? irq_matrix_allocated+0x80/0x80 [ 20.145519] ? synchronize_srcu+0x3c5/0x570 [ 20.145521] synchronize_srcu+0x1a3/0x570 [ 20.145522] ? synchronize_srcu+0x1a3/0x570 [ 20.145524] ? lock_downgrade+0x980/0x980 [ 20.145526] ? synchronize_srcu_expedited+0x20/0x20 [ 20.145528] ? lock_release+0xa40/0xa40 [ 20.145529] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 20.145531] ? do_raw_spin_trylock+0x190/0x190 [ 20.145533] kvm_page_track_unregister_notifier+0x186/0x270 [ 20.145535] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 20.145537] ? kvfree+0x36/0x60 [ 20.145538] ? rcu_read_lock_sched_held+0x108/0x120 [ 20.145541] kvm_mmu_uninit_vm+0x1c/0x20 [ 20.145542] kvm_arch_destroy_vm+0x73b/0x980 [ 20.145544] ? kvm_arch_sync_events+0x30/0x30 [ 20.145545] ? mmdrop+0x18/0x30 [ 20.145547] ? mmu_notifier_unregister+0x43c/0x5c0 [ 20.145549] ? kvm_put_kvm+0x47a/0xde0 [ 20.145551] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 20.145553] ? __free_pages+0x107/0x150 [ 20.145555] ? free_unref_page+0x9e0/0x9e0 [ 20.145556] ? quarantine_put+0xeb/0x190 [ 20.145558] ? kfree+0xf0/0x260 [ 20.145559] ? kvm_put_kvm+0x614/0xde0 [ 20.145561] ? free_pages+0x51/0x90 [ 20.145562] kvm_put_kvm+0x695/0xde0 [ 20.145564] ? kvm_clear_guest+0xb0/0xb0 [ 20.145566] ? kvm_irqfd_release+0xd1/0x120 [ 20.145567] ? lock_downgrade+0x980/0x980 [ 20.145569] ? _raw_spin_unlock_irq+0x27/0x70 [ 20.145571] ? kvm_irqfd_release+0xdd/0x120 [ 20.145573] ? kvm_irqfd_release+0xdd/0x120 [ 20.145574] ? kvm_put_kvm+0xde0/0xde0 [ 20.145576] kvm_vm_release+0x42/0x50 [ 20.145577] __fput+0x327/0x7e0 [ 20.145578] ? fput+0x140/0x140 [ 20.145581] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 20.145582] ? _raw_spin_unlock_irq+0x27/0x70 [ 20.145584] ____fput+0x15/0x20 [ 20.145585] task_work_run+0x199/0x270 [ 20.145587] ? task_work_cancel+0x210/0x210 [ 20.145589] ? _raw_spin_unlock+0x22/0x30 [ 20.145590] ? switch_task_namespaces+0x87/0xc0 [ 20.145592] do_exit+0x9bb/0x1ad0 [ 20.145593] ? kvm_vcpu_fault+0x520/0x520 [ 20.145595] ? mm_update_next_owner+0x930/0x930 [ 20.145597] ? find_held_lock+0x35/0x1d0 [ 20.145598] ? handle_mm_fault+0x2a0/0x930 [ 20.145600] ? find_held_lock+0x35/0x1d0 [ 20.145602] ? __do_page_fault+0x5f7/0xc90 [ 20.145603] ? lock_downgrade+0x980/0x980 [ 20.145605] ? down_read_trylock+0xdb/0x170 [ 20.145607] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 20.145608] ? vmacache_find+0x5f/0x280 [ 20.145610] ? vmacache_update+0xfe/0x130 [ 20.145611] ? up_read+0x1a/0x40 [ 20.145613] ? __do_page_fault+0x3d6/0xc90 [ 20.145615] ? kvm_vcpu_fault+0x520/0x520 [ 20.145616] ? do_vfs_ioctl+0x486/0x1520 [ 20.145618] ? _cond_resched+0x14/0x30 [ 20.145620] ? ioctl_preallocate+0x2b0/0x2b0 [ 20.145621] ? selinux_capable+0x40/0x40 [ 20.145623] ? putname+0xf3/0x130 [ 20.145628] do_group_exit+0x14 [ 20.145631] Lost 13 message(s)! [ 21.216059] Shutting down cpus with NMI [ 22.270407] Dumping ftrace buffer: [ 22.273919] (ftrace buffer empty) [ 22.277601] Kernel Offset: disabled [ 22.281200] Rebooting in 86400 seconds..