[....] Starting enhanced syslogd: rsyslogd[ 10.490968] audit: type=1400 audit(1513855353.605:5): avc: denied { syslog } for pid=2990 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.665168] audit: type=1400 audit(1513855359.779:6): avc: denied { map } for pid=3130 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-1,10.128.0.45' (ECDSA) to the list of known hosts. executing program [ 23.312631] audit: type=1400 audit(1513855366.427:7): avc: denied { map } for pid=3144 comm="syzkaller115946" path="/root/syzkaller115946067" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 23.346181] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 23.363040] ================================================================== [ 23.371151] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 23.377351] Read of size 8 at addr ffff8801c9db0058 by task syzkaller115946/3144 [ 23.384845] [ 23.386443] CPU: 0 PID: 3144 Comm: syzkaller115946 Not tainted 4.15.0-rc4-mm1+ #47 [ 23.394111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.403428] Call Trace: [ 23.405983] dump_stack+0x194/0x257 [ 23.409575] ? arch_local_irq_restore+0x53/0x53 [ 23.414208] ? show_regs_print_info+0x18/0x18 [ 23.418671] ? __schedule+0xda3/0x2060 [ 23.422523] print_address_description+0x73/0x250 [ 23.427337] ? __schedule+0xda3/0x2060 [ 23.431191] kasan_report+0x23b/0x360 [ 23.434962] __asan_report_load8_noabort+0x14/0x20 [ 23.439856] __schedule+0xda3/0x2060 [ 23.443539] ? __sched_text_start+0x8/0x8 [ 23.447651] ? trace_hardirqs_on+0xd/0x10 [ 23.451763] ? __call_srcu+0x7ee/0x1020 [ 23.455703] ? do_raw_spin_trylock+0x190/0x190 [ 23.460248] ? do_raw_spin_trylock+0x190/0x190 [ 23.464802] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.470656] ? __debug_object_init+0x235/0x1040 [ 23.475293] preempt_schedule_common+0x22/0x60 [ 23.479839] _cond_resched+0x1d/0x30 [ 23.483517] wait_for_completion+0xa5/0x770 [ 23.487802] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.492789] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 23.498550] ? __lockdep_init_map+0xe4/0x650 [ 23.502925] ? __init_waitqueue_head+0x97/0x140 [ 23.507556] ? init_wait_entry+0x1b0/0x1b0 [ 23.511761] __synchronize_srcu+0x1ad/0x260 [ 23.516045] ? call_srcu+0x10/0x10 [ 23.519548] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 23.525052] ? irq_matrix_allocated+0x80/0x80 [ 23.529509] ? synchronize_srcu+0x3c5/0x570 [ 23.533795] synchronize_srcu+0x1a3/0x570 [ 23.537905] ? synchronize_srcu+0x1a3/0x570 [ 23.542191] ? lock_downgrade+0x980/0x980 [ 23.546304] ? synchronize_srcu_expedited+0x20/0x20 [ 23.551288] ? lock_release+0xa40/0xa40 [ 23.555234] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 23.560042] ? do_raw_spin_trylock+0x190/0x190 [ 23.564594] kvm_page_track_unregister_notifier+0x186/0x270 [ 23.570269] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 23.575690] ? kvfree+0x36/0x60 [ 23.578930] ? rcu_read_lock_sched_held+0x108/0x120 [ 23.583913] kvm_mmu_uninit_vm+0x1c/0x20 [ 23.587938] kvm_arch_destroy_vm+0x73b/0x980 [ 23.592312] ? kvm_arch_sync_events+0x30/0x30 [ 23.596769] ? mmdrop+0x18/0x30 [ 23.600013] ? mmu_notifier_unregister+0x43c/0x5c0 [ 23.604904] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 23.609624] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 23.615557] ? __free_pages+0x107/0x150 [ 23.619496] ? free_unref_page+0x9e0/0x9e0 [ 23.623695] ? quarantine_put+0xeb/0x190 [ 23.627718] ? kfree+0xf0/0x260 [ 23.630961] ? kvm_put_kvm+0x614/0xde0 [ 23.634814] ? free_pages+0x51/0x90 [ 23.638415] kvm_put_kvm+0x695/0xde0 [ 23.642099] ? kvm_clear_guest+0xb0/0xb0 [ 23.646128] ? kvm_irqfd_release+0xd1/0x120 [ 23.650415] ? lock_downgrade+0x980/0x980 [ 23.654537] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.658998] ? kvm_irqfd_release+0xdd/0x120 [ 23.663288] ? kvm_irqfd_release+0xdd/0x120 [ 23.667572] ? kvm_put_kvm+0xde0/0xde0 [ 23.671426] kvm_vm_release+0x42/0x50 [ 23.675193] __fput+0x327/0x7e0 [ 23.678449] ? fput+0x140/0x140 [ 23.681693] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.687540] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.692001] ____fput+0x15/0x20 [ 23.695245] task_work_run+0x199/0x270 [ 23.699098] ? task_work_cancel+0x210/0x210 [ 23.703384] ? _raw_spin_unlock+0x22/0x30 [ 23.707496] ? switch_task_namespaces+0x87/0xc0 [ 23.712133] do_exit+0x9bb/0x1ad0 [ 23.715550] ? kvm_vcpu_fault+0x520/0x520 [ 23.719664] ? mm_update_next_owner+0x930/0x930 [ 23.724299] ? find_held_lock+0x35/0x1d0 [ 23.728328] ? handle_mm_fault+0x2a0/0x930 [ 23.732535] ? find_held_lock+0x35/0x1d0 [ 23.736573] ? __do_page_fault+0x5f7/0xc90 [ 23.740772] ? lock_downgrade+0x980/0x980 [ 23.744889] ? down_read_trylock+0xdb/0x170 [ 23.749175] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 23.753719] ? vmacache_find+0x5f/0x280 [ 23.757658] ? up_read+0x1a/0x40 [ 23.760987] ? __do_page_fault+0x3d6/0xc90 [ 23.765192] ? task_work_run+0x1f4/0x270 [ 23.769225] ? kvm_vcpu_fault+0x520/0x520 [ 23.773340] ? do_vfs_ioctl+0x486/0x1520 [ 23.777368] ? ioctl_preallocate+0x2b0/0x2b0 [ 23.781748] ? selinux_capable+0x40/0x40 [ 23.785777] ? __close_fd+0x222/0x360 [ 23.789545] do_group_exit+0x149/0x400 [ 23.793401] ? SyS_exit+0x30/0x30 [ 23.796821] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.801803] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 23.806526] SyS_exit_group+0x1d/0x20 [ 23.810298] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.815016] RIP: 0033:0x441c38 [ 23.818169] RSP: 002b:00007ffc89bd9978 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 23.825853] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000441c38 [ 23.833088] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 23.840331] RBP: 0000000000000003 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 23.847659] R10: 00008c0000500000 R11: 0000000000000246 R12: 0000000000000010 [ 23.854895] R13: 000000002040300c R14: 0000000000000001 R15: 00000000000000ad [ 23.862142] [ 23.863736] Allocated by task 3144: [ 23.867330] save_stack+0x43/0xd0 [ 23.870747] kasan_kmalloc+0xad/0xe0 [ 23.874424] kasan_slab_alloc+0x12/0x20 [ 23.878360] kmem_cache_alloc+0x12e/0x760 [ 23.882471] vmx_create_vcpu+0xc4/0x2f20 [ 23.886497] kvm_arch_vcpu_create+0x12c/0x1a0 [ 23.890957] kvm_vm_ioctl+0x48b/0x1c60 [ 23.894808] do_vfs_ioctl+0x1b1/0x1520 [ 23.898659] SyS_ioctl+0x8f/0xc0 [ 23.901990] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.906707] [ 23.908298] Freed by task 3144: [ 23.911543] save_stack+0x43/0xd0 [ 23.914962] kasan_slab_free+0x71/0xc0 [ 23.918814] kmem_cache_free+0x83/0x2a0 [ 23.922765] vmx_free_vcpu+0x1ee/0x260 [ 23.926616] kvm_arch_destroy_vm+0x4a2/0x980 [ 23.930986] kvm_put_kvm+0x695/0xde0 [ 23.934667] kvm_vm_release+0x42/0x50 [ 23.938433] __fput+0x327/0x7e0 [ 23.941681] ____fput+0x15/0x20 [ 23.944923] task_work_run+0x199/0x270 [ 23.948774] do_exit+0x9bb/0x1ad0 [ 23.952188] do_group_exit+0x149/0x400 [ 23.956044] SyS_exit_group+0x1d/0x20 [ 23.959808] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.964522] [ 23.966115] The buggy address belongs to the object at ffff8801c9db0040 [ 23.966115] which belongs to the cache kvm_vcpu of size 23872 [ 23.978646] The buggy address is located 24 bytes inside of [ 23.978646] 23872-byte region [ffff8801c9db0040, ffff8801c9db5d80) [ 23.990566] The buggy address belongs to the page: [ 23.995460] page:ffffea0007276c00 count:1 mapcount:0 mapping:ffff8801c9db0040 index:0x0 compound_mapcount: 0 [ 24.005398] flags: 0x2fffc0000008100(slab|head) [ 24.010035] raw: 02fffc0000008100 ffff8801c9db0040 0000000000000000 0000000100000001 [ 24.017878] raw: ffff8801d648ae48 ffff8801d648ae48 ffff8801d8508240 0000000000000000 [ 24.025725] page dumped because: kasan: bad access detected [ 24.031402] [ 24.032997] Memory state around the buggy address: [ 24.037888] ffff8801c9daff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.045208] ffff8801c9daff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.052531] >ffff8801c9db0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 24.059850] ^ [ 24.066043] ffff8801c9db0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.073366] ffff8801c9db0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.080687] ================================================================== [ 24.088009] Kernel panic - not syncing: panic_on_warn set ... [ 24.088009] [ 24.095337] CPU: 0 PID: 3144 Comm: syzkaller115946 Tainted: G B 4.15.0-rc4-mm1+ #47 [ 24.104312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.113639] Call Trace: [ 24.116195] dump_stack+0x194/0x257 [ 24.119789] ? arch_local_irq_restore+0x53/0x53 [ 24.124426] ? kasan_end_report+0x32/0x50 [ 24.128542] ? lock_downgrade+0x980/0x980 [ 24.132659] ? vsnprintf+0x1ed/0x1900 [ 24.136424] ? __schedule+0xcf0/0x2060 [ 24.140274] panic+0x1e4/0x41c [ 24.143430] ? refcount_error_report+0x214/0x214 [ 24.148152] ? print_shadow_for_address+0xdc/0x1a0 [ 24.153044] ? add_taint+0x1c/0x50 [ 24.156549] ? __schedule+0xda3/0x2060 [ 24.160401] kasan_end_report+0x50/0x50 [ 24.164342] kasan_report+0x148/0x360 [ 24.168110] __asan_report_load8_noabort+0x14/0x20 [ 24.173004] __schedule+0xda3/0x2060 [ 24.176685] ? __sched_text_start+0x8/0x8 [ 24.180798] ? trace_hardirqs_on+0xd/0x10 [ 24.184909] ? __call_srcu+0x7ee/0x1020 [ 24.188847] ? do_raw_spin_trylock+0x190/0x190 [ 24.193419] ? do_raw_spin_trylock+0x190/0x190 [ 24.197974] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.203824] ? __debug_object_init+0x235/0x1040 [ 24.208464] preempt_schedule_common+0x22/0x60 [ 24.213014] _cond_resched+0x1d/0x30 [ 24.216690] wait_for_completion+0xa5/0x770 [ 24.220974] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.225961] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 24.231724] ? __lockdep_init_map+0xe4/0x650 [ 24.236099] ? __init_waitqueue_head+0x97/0x140 [ 24.240731] ? init_wait_entry+0x1b0/0x1b0 [ 24.244934] __synchronize_srcu+0x1ad/0x260 [ 24.249220] ? call_srcu+0x10/0x10 [ 24.252724] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 24.258226] ? irq_matrix_allocated+0x80/0x80 [ 24.262684] ? synchronize_srcu+0x3c5/0x570 [ 24.266970] synchronize_srcu+0x1a3/0x570 [ 24.271080] ? synchronize_srcu+0x1a3/0x570 [ 24.275362] ? lock_downgrade+0x980/0x980 [ 24.279473] ? synchronize_srcu_expedited+0x20/0x20 [ 24.284453] ? lock_release+0xa40/0xa40 [ 24.288391] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 24.293200] ? do_raw_spin_trylock+0x190/0x190 [ 24.297752] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.303429] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 24.308847] ? kvfree+0x36/0x60 [ 24.312097] ? rcu_read_lock_sched_held+0x108/0x120 [ 24.317081] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.321107] kvm_arch_destroy_vm+0x73b/0x980 [ 24.325483] ? kvm_arch_sync_events+0x30/0x30 [ 24.329943] ? mmdrop+0x18/0x30 [ 24.333187] ? mmu_notifier_unregister+0x43c/0x5c0 [ 24.338080] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.342801] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 24.348737] ? __free_pages+0x107/0x150 [ 24.352673] ? free_unref_page+0x9e0/0x9e0 [ 24.356871] ? quarantine_put+0xeb/0x190 [ 24.360895] ? kfree+0xf0/0x260 [ 24.364138] ? kvm_put_kvm+0x614/0xde0 [ 24.367992] ? free_pages+0x51/0x90 [ 24.371583] kvm_put_kvm+0x695/0xde0 [ 24.375264] ? kvm_clear_guest+0xb0/0xb0 [ 24.379292] ? kvm_irqfd_release+0xd1/0x120 [ 24.383581] ? lock_downgrade+0x980/0x980 [ 24.387700] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.392164] ? kvm_irqfd_release+0xdd/0x120 [ 24.396447] ? kvm_irqfd_release+0xdd/0x120 [ 24.400733] ? kvm_put_kvm+0xde0/0xde0 [ 24.404582] kvm_vm_release+0x42/0x50 [ 24.408348] __fput+0x327/0x7e0 [ 24.411594] ? fput+0x140/0x140 [ 24.414844] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.420690] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.425151] ____fput+0x15/0x20 [ 24.428394] task_work_run+0x199/0x270 [ 24.432246] ? task_work_cancel+0x210/0x210 [ 24.436531] ? _raw_spin_unlock+0x22/0x30 [ 24.440643] ? switch_task_namespaces+0x87/0xc0 [ 24.445278] do_exit+0x9bb/0x1ad0 [ 24.448701] ? kvm_vcpu_fault+0x520/0x520 [ 24.452813] ? mm_update_next_owner+0x930/0x930 [ 24.457532] ? find_held_lock+0x35/0x1d0 [ 24.461563] ? handle_mm_fault+0x2a0/0x930 [ 24.465762] ? find_held_lock+0x35/0x1d0 [ 24.469790] ? __do_page_fault+0x5f7/0xc90 [ 24.473986] ? lock_downgrade+0x980/0x980 [ 24.478100] ? down_read_trylock+0xdb/0x170 [ 24.482391] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 24.486935] ? vmacache_find+0x5f/0x280 [ 24.490875] ? up_read+0x1a/0x40 [ 24.494204] ? __do_page_fault+0x3d6/0xc90 [ 24.498401] ? task_work_run+0x1f4/0x270 [ 24.502429] ? kvm_vcpu_fault+0x520/0x520 [ 24.506543] ? do_vfs_ioctl+0x486/0x1520 [ 24.510572] ? ioctl_preallocate+0x2b0/0x2b0 [ 24.514947] ? selinux_capable+0x40/0x40 [ 24.518973] ? __close_fd+0x222/0x360 [ 24.522740] do_group_exit+0x149/0x400 [ 24.526593] ? SyS_exit+0x30/0x30 [ 24.530010] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.534990] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.539712] SyS_exit_group+0x1d/0x20 [ 24.543475] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.548192] RIP: 0033:0x441c38 [ 24.551346] RSP: 002b:00007ffc89bd9978 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 24.559035] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000441c38 [ 24.566270] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 24.573502] RBP: 0000000000000003 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 24.580735] R10: 00008c0000500000 R11: 0000000000000246 R12: 0000000000000010 [ 24.588055] R13: 000000002040300c R14: 0000000000000001 R15: 00000000000000ad [ 24.595296] [ 24.595298] ====================================================== [ 24.595299] WARNING: possible circular locking dependency detected [ 24.595301] 4.15.0-rc4-mm1+ #47 Not tainted [ 24.595302] ------------------------------------------------------ [ 24.595304] syzkaller115946/3144 is trying to acquire lock: [ 24.595304] ((console_sem).lock){..-.}, at: [<0000000003708c2e>] down_trylock+0x13/0x70 [ 24.595308] [ 24.595310] but task is already holding lock: [ 24.595310] (report_lock){....}, at: [<0000000021736ddf>] kasan_report+0x6b/0x360 [ 24.595314] [ 24.595315] which lock already depends on the new lock. [ 24.595316] [ 24.595317] [ 24.595318] the existing dependency chain (in reverse order) is: [ 24.595319] [ 24.595319] -> #3 (report_lock){....}: [ 24.595324] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.595325] kasan_report+0x6b/0x360 [ 24.595326] __asan_report_load8_noabort+0x14/0x20 [ 24.595327] __schedule+0xda3/0x2060 [ 24.595329] preempt_schedule_common+0x22/0x60 [ 24.595330] _cond_resched+0x1d/0x30 [ 24.595331] wait_for_completion+0xa5/0x770 [ 24.595332] __synchronize_srcu+0x1ad/0x260 [ 24.595333] synchronize_srcu+0x1a3/0x570 [ 24.595335] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.595336] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.595337] kvm_arch_destroy_vm+0x73b/0x980 [ 24.595338] kvm_put_kvm+0x695/0xde0 [ 24.595340] kvm_vm_release+0x42/0x50 [ 24.595341] __fput+0x327/0x7e0 [ 24.595342] ____fput+0x15/0x20 [ 24.595343] task_work_run+0x199/0x270 [ 24.595344] do_exit+0x9bb/0x1ad0 [ 24.595345] do_group_exit+0x149/0x400 [ 24.595346] SyS_exit_group+0x1d/0x20 [ 24.595348] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.595348] [ 24.595349] -> #2 (&rq->lock){-.-.}: [ 24.595353] _raw_spin_lock+0x2a/0x40 [ 24.595357] task_fork_fair+0x7a/0x690 [ 24.595358] sched_fork+0x435/0xc00 [ 24.595359] copy_process.part.37+0x1758/0x4b60 [ 24.595360] _do_fork+0x1f7/0xf70 [ 24.595361] kernel_thread+0x34/0x40 [ 24.595362] rest_init+0x22/0xf0 [ 24.595364] start_kernel+0x7f1/0x819 [ 24.595365] x86_64_start_reservations+0x2a/0x2c [ 24.595366] x86_64_start_kernel+0x77/0x7a [ 24.595367] secondary_startup_64+0xa5/0xb0 [ 24.595368] [ 24.595369] -> #1 (&p->pi_lock){-.-.}: [ 24.595373] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.595374] try_to_wake_up+0xbc/0x1600 [ 24.595375] wake_up_process+0x10/0x20 [ 24.595376] __up.isra.0+0x1cc/0x2c0 [ 24.595377] up+0x13b/0x1d0 [ 24.595379] __up_console_sem+0xb2/0x1a0 [ 24.595380] console_unlock+0x538/0xd70 [ 24.595381] con_flush_chars+0x6e/0x80 [ 24.595382] n_tty_write+0x71b/0xec0 [ 24.595383] tty_write+0x3fa/0x840 [ 24.595384] __vfs_write+0xef/0x970 [ 24.595385] vfs_write+0x189/0x510 [ 24.595386] SyS_write+0xef/0x220 [ 24.595388] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.595388] [ 24.595389] -> #0 ((console_sem).lock){..-.}: [ 24.595393] lock_acquire+0x1d5/0x580 [ 24.595395] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.595396] down_trylock+0x13/0x70 [ 24.595397] __down_trylock_console_sem+0xa2/0x1e0 [ 24.595398] console_trylock+0x15/0x100 [ 24.595399] vprintk_emit+0x49b/0x590 [ 24.595401] vprintk_default+0x28/0x30 [ 24.595402] vprintk_func+0x57/0xc0 [ 24.595403] printk+0xaa/0xca [ 24.595404] kasan_report+0x7b/0x360 [ 24.595405] __asan_report_load8_noabort+0x14/0x20 [ 24.595406] __schedule+0xda3/0x2060 [ 24.595408] preempt_schedule_common+0x22/0x60 [ 24.595409] _cond_resched+0x1d/0x30 [ 24.595410] wait_for_completion+0xa5/0x770 [ 24.595411] __synchronize_srcu+0x1ad/0x260 [ 24.595412] synchronize_srcu+0x1a3/0x570 [ 24.595414] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.595415] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.595416] kvm_arch_destroy_vm+0x73b/0x980 [ 24.595417] kvm_put_kvm+0x695/0xde0 [ 24.595419] kvm_vm_release+0x42/0x50 [ 24.595420] __fput+0x327/0x7e0 [ 24.595421] ____fput+0x15/0x20 [ 24.595422] task_work_run+0x199/0x270 [ 24.595423] do_exit+0x9bb/0x1ad0 [ 24.595424] do_group_exit+0x149/0x400 [ 24.595425] SyS_exit_group+0x1d/0x20 [ 24.595426] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.595427] [ 24.595428] other info that might help us debug this: [ 24.595429] [ 24.595430] Chain exists of: [ 24.595431] (console_sem).lock --> &rq->lock --> report_lock [ 24.595435] [ 24.595437] Possible unsafe locking scenario: [ 24.595437] [ 24.595439] CPU0 CPU1 [ 24.595440] ---- ---- [ 24.595440] lock(report_lock); [ 24.595443] lock(&rq->lock); [ 24.595446] lock(report_lock); [ 24.595448] lock((console_sem).lock); [ 24.595450] [ 24.595451] *** DEADLOCK *** [ 24.595452] [ 24.595453] 2 locks held by syzkaller115946/3144: [ 24.595453] #0: (&rq->lock){-.-.}, at: [<0000000049ef1df3>] __schedule+0x24e/0x2060 [ 24.595458] #1: (report_lock){....}, at: [<0000000021736ddf>] kasan_report+0x6b/0x360 [ 24.595462] [ 24.595463] stack backtrace: [ 24.595464] CPU: 0 PID: 3144 Comm: syzkaller115946 Not tainted 4.15.0-rc4-mm1+ #47 [ 24.595467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.595468] Call Trace: [ 24.595469] dump_stack+0x194/0x257 [ 24.595470] ? arch_local_irq_restore+0x53/0x53 [ 24.595471] print_circular_bug.isra.37+0x2cd/0x2dc [ 24.595472] ? save_trace+0xe0/0x2b0 [ 24.595474] __lock_acquire+0x30a8/0x3e00 [ 24.595475] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.595476] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.595478] ? print_lockdep_cache.isra.31+0x109/0x109 [ 24.595479] ? save_stack_trace+0x1a/0x20 [ 24.595480] ? save_trace+0xe0/0x2b0 [ 24.595481] ? __lock_acquire+0x36c0/0x3e00 [ 24.595482] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.595484] ? __lock_is_held+0xb6/0x140 [ 24.595485] ? __lock_is_held+0xb6/0x140 [ 24.595486] lock_acquire+0x1d5/0x580 [ 24.595487] ? lock_acquire+0x1d5/0x580 [ 24.595488] ? down_trylock+0x13/0x70 [ 24.595489] ? find_held_lock+0x35/0x1d0 [ 24.595490] ? lock_release+0xa40/0xa40 [ 24.595491] ? vprintk_emit+0x379/0x590 [ 24.595493] ? lock_downgrade+0x980/0x980 [ 24.595494] ? kvm_sched_clock_read+0x25/0x40 [ 24.595495] ? sched_clock+0x31/0x40 [ 24.595496] ? sched_clock_cpu+0x1b/0x170 [ 24.595497] ? vprintk_emit+0x49b/0x590 [ 24.595498] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.595500] ? down_trylock+0x13/0x70 [ 24.595501] down_trylock+0x13/0x70 [ 24.595502] ? vprintk_emit+0x49b/0x590 [ 24.595503] __down_trylock_console_sem+0xa2/0x1e0 [ 24.595504] console_trylock+0x15/0x100 [ 24.595505] vprintk_emit+0x49b/0x590 [ 24.595506] vprintk_default+0x28/0x30 [ 24.595507] vprintk_func+0x57/0xc0 [ 24.595508] printk+0xaa/0xca [ 24.595509] ? show_regs_print_info+0x18/0x18 [ 24.595511] ? __schedule+0xda3/0x2060 [ 24.595512] kasan_report+0x7b/0x360 [ 24.595513] __asan_report_load8_noabort+0x14/0x20 [ 24.595514] __schedule+0xda3/0x2060 [ 24.595515] ? __sched_text_start+0x8/0x8 [ 24.595516] ? trace_hardirqs_on+0xd/0x10 [ 24.595517] ? __call_srcu+0x7ee/0x1020 [ 24.595519] ? do_raw_spin_trylock+0x190/0x190 [ 24.595520] ? do_raw_spin_trylock+0x190/0x190 [ 24.595521] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.595523] ? __debug_object_init+0x235/0x1040 [ 24.595524] preempt_schedule_common+0x22/0x60 [ 24.595525] _cond_resched+0x1d/0x30 [ 24.595526] wait_for_completion+0xa5/0x770 [ 24.595527] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.595529] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 24.595530] ? __lockdep_init_map+0xe4/0x650 [ 24.595531] ? __init_waitqueue_head+0x97/0x140 [ 24.595533] ? init_wait_entry+0x1b0/0x1b0 [ 24.595534] __synchronize_srcu+0x1ad/0x260 [ 24.595535] ? call_srcu+0x10/0x10 [ 24.595536] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 24.595537] ? irq_matrix_allocated+0x80/0x80 [ 24.595539] ? synchronize_srcu+0x3c5/0x570 [ 24.595540] synchronize_srcu+0x1a3/0x570 [ 24.595541] ? synchronize_srcu+0x1a3/0x570 [ 24.595542] ? lock_downgrade+0x980/0x980 [ 24.595544] ? synchronize_srcu_expedited+0x20/0x20 [ 24.595545] ? lock_release+0xa40/0xa40 [ 24.595546] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 24.595547] ? do_raw_spin_trylock+0x190/0x190 [ 24.595549] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.595550] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 24.595551] ? kvfree+0x36/0x60 [ 24.595553] ? rcu_read_lock_sched_held+0x108/0x120 [ 24.595554] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.595555] kvm_arch_destroy_vm+0x73b/0x980 [ 24.595556] ? kvm_arch_sync_events+0x30/0x30 [ 24.595557] ? mmdrop+0x18/0x30 [ 24.595559] ? mmu_notifier_unregister+0x43c/0x5c0 [ 24.595560] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.595561] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 24.595563] ? __free_pages+0x107/0x150 [ 24.595564] ? free_unref_page+0x9e0/0x9e0 [ 24.595565] ? quarantine_put+0xeb/0x190 [ 24.595566] ? kfree+0xf0/0x260 [ 24.595567] ? kvm_put_kvm+0x614/0xde0 [ 24.595568] ? free_pages+0x51/0x90 [ 24.595569] kvm_put_kvm+0x695/0xde0 [ 24.595570] ? kvm_clear_guest+0xb0/0xb0 [ 24.595571] ? kvm_irqfd_release+0xd1/0x120 [ 24.595573] ? lock_downgrade+0x980/0x980 [ 24.595574] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.595575] ? kvm_irqfd_release+0xdd/0x120 [ 24.595576] ? kvm_irqfd_release+0xdd/0x120 [ 24.595577] ? kvm_put_kvm+0xde0/0xde0 [ 24.595578] kvm_vm_release+0x42/0x50 [ 24.595579] __fput+0x327/0x7e0 [ 24.595580] ? fput+0x140/0x140 [ 24.595582] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.595583] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.595584] ____fput+0x15/0x20 [ 24.595585] task_work_run+0x199/0x270 [ 24.595586] ? task_work_cancel+0x210/0x210 [ 24.595587] ? _raw_spin_unlock+0x22/0x30 [ 24.595589] ? switch_task_namespaces+0x87/0xc0 [ 24.595590] do_exit+0x9bb/0x1ad0 [ 24.595591] ? kvm_vcpu_fault+0x520/0x520 [ 24.595592] ? mm_update_next_owner+0x930/0x930 [ 24.595593] ? find_held_lock+0x35/0x1d0 [ 24.595594] ? handle_mm_fault+0x2a0/0x930 [ 24.595596] ? find_held_lock+0x35/0x1d0 [ 24.595597] ? __do_page_fault+0x5f7/0xc90 [ 24.595598] ? lock_downgrade+0x980/0x980 [ 24.595599] ? down_read_trylock+0xdb/0x170 [ 24.595600] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 24.595602] ? vmacache_find+0x5f/0x280 [ 24.595603] ? up_read+0x1a/0x40 [ 24.595604] ? __do_page_fault+0x3d6/0xc90 [ 24.595605] ? task_work_run+0x1f4/0x270 [ 24.595606] ? kvm_vcpu_fault+0x520/0x520 [ 24.595607] ? do_vfs_ioctl+0x486/0x1520 [ 24.595608] ? ioctl_preallocate+0x2b0/0x2b0 [ 24.595610] ? selinux_capable+0x40/0x40 [ 24.595611] ? __close_fd+0x222/0x360 [ 24.595612] do_group_exit+0x149/0x400 [ 24.595612] ? SyS [ 24.595615] Lost 12 message(s)! [ 25.671053] Shutting down cpus with NMI [ 26.727361] Dumping ftrace buffer: [ 26.730873] (ftrace buffer empty) [ 26.734547] Kernel Offset: disabled [ 26.738144] Rebooting in 86400 seconds..