[....] Starting enhanced syslogd: rsyslogd[ 11.078000] audit: type=1400 audit(1513779451.074:5): avc: denied { syslog } for pid=2988 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 15.963864] audit: type=1400 audit(1513779455.960:6): avc: denied { map } for pid=3128 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-next-kasan-gce-5,10.128.15.221' (ECDSA) to the list of known hosts. executing program [ 22.127941] audit: type=1400 audit(1513779462.124:7): avc: denied { map } for pid=3142 comm="syzkaller863713" path="/root/syzkaller863713143" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 22.160858] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 22.171646] ================================================================== [ 22.180154] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 22.186356] Read of size 8 at addr ffff8801c8e40058 by task syzkaller863713/3142 [ 22.193852] [ 22.195451] CPU: 1 PID: 3142 Comm: syzkaller863713 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 22.203992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.213333] Call Trace: [ 22.215886] dump_stack+0x194/0x257 [ 22.219480] ? arch_local_irq_restore+0x53/0x53 [ 22.224119] ? show_regs_print_info+0x18/0x18 [ 22.228588] ? __schedule+0xda3/0x2060 [ 22.232445] print_address_description+0x73/0x250 [ 22.237253] ? __schedule+0xda3/0x2060 [ 22.241109] kasan_report+0x25b/0x340 [ 22.244882] __asan_report_load8_noabort+0x14/0x20 [ 22.249780] __schedule+0xda3/0x2060 [ 22.253467] ? __sched_text_start+0x8/0x8 [ 22.257583] ? trace_hardirqs_on+0xd/0x10 [ 22.261698] ? __call_srcu+0x7ee/0x1020 [ 22.265641] ? do_raw_spin_trylock+0x190/0x190 [ 22.270189] ? do_raw_spin_trylock+0x190/0x190 [ 22.274750] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 22.280605] ? __debug_object_init+0x235/0x1040 [ 22.285251] preempt_schedule_common+0x22/0x60 [ 22.289803] _cond_resched+0x1d/0x30 [ 22.293488] wait_for_completion+0xa5/0x770 [ 22.297780] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 22.302763] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 22.308533] ? __lockdep_init_map+0xe4/0x650 [ 22.312914] ? __init_waitqueue_head+0x97/0x140 [ 22.317560] ? init_wait_entry+0x1b0/0x1b0 [ 22.321770] __synchronize_srcu+0x1ad/0x260 [ 22.326070] ? call_srcu+0x10/0x10 [ 22.329584] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 22.335094] ? irq_matrix_allocated+0x80/0x80 [ 22.339558] ? synchronize_srcu+0x3c5/0x570 [ 22.343850] synchronize_srcu+0x1a3/0x570 [ 22.347965] ? synchronize_srcu+0x1a3/0x570 [ 22.352252] ? lock_downgrade+0x980/0x980 [ 22.356366] ? synchronize_srcu_expedited+0x20/0x20 [ 22.361348] ? lock_release+0xa40/0xa40 [ 22.365291] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 22.370104] ? do_raw_spin_trylock+0x190/0x190 [ 22.374667] kvm_page_track_unregister_notifier+0x186/0x270 [ 22.380350] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 22.385772] ? kvfree+0x36/0x60 [ 22.389019] ? rcu_read_lock_sched_held+0x108/0x120 [ 22.394007] kvm_mmu_uninit_vm+0x1c/0x20 [ 22.398037] kvm_arch_destroy_vm+0x73b/0x980 [ 22.402417] ? kvm_arch_sync_events+0x30/0x30 [ 22.406882] ? mmdrop+0x18/0x30 [ 22.410130] ? mmu_notifier_unregister+0x437/0x5c0 [ 22.415026] ? kvm_put_kvm+0x47a/0xde0 [ 22.418886] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 22.424739] ? __free_pages+0x107/0x150 [ 22.428683] ? free_unref_page+0x9e0/0x9e0 [ 22.432886] ? quarantine_put+0xeb/0x190 [ 22.436922] ? kfree+0xf0/0x260 [ 22.440168] ? kvm_put_kvm+0x614/0xde0 [ 22.444026] ? free_pages+0x51/0x90 [ 22.447624] kvm_put_kvm+0x695/0xde0 [ 22.451311] ? kvm_clear_guest+0xb0/0xb0 [ 22.455354] ? kvm_irqfd_release+0xd1/0x120 [ 22.459643] ? lock_downgrade+0x980/0x980 [ 22.463770] ? _raw_spin_unlock_irq+0x27/0x70 [ 22.468238] ? kvm_irqfd_release+0xdd/0x120 [ 22.472528] ? kvm_irqfd_release+0xdd/0x120 [ 22.476827] ? kvm_put_kvm+0xde0/0xde0 [ 22.480682] kvm_vm_release+0x42/0x50 [ 22.484455] __fput+0x327/0x7e0 [ 22.487707] ? fput+0x140/0x140 [ 22.490958] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 22.496809] ? _raw_spin_unlock_irq+0x27/0x70 [ 22.501275] ____fput+0x15/0x20 [ 22.504527] task_work_run+0x199/0x270 [ 22.508387] ? task_work_cancel+0x210/0x210 [ 22.512679] ? _raw_spin_unlock+0x22/0x30 [ 22.516812] ? switch_task_namespaces+0x87/0xc0 [ 22.521455] do_exit+0x9bb/0x1ad0 [ 22.524876] ? kvm_vcpu_fault+0x520/0x520 [ 22.529014] ? mm_update_next_owner+0x930/0x930 [ 22.533651] ? find_held_lock+0x35/0x1d0 [ 22.537689] ? handle_mm_fault+0x2a0/0x930 [ 22.541894] ? find_held_lock+0x35/0x1d0 [ 22.545930] ? __do_page_fault+0x5f7/0xc90 [ 22.550133] ? lock_downgrade+0x980/0x980 [ 22.554254] ? down_read_trylock+0xdb/0x170 [ 22.558554] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 22.563102] ? vmacache_find+0x5f/0x280 [ 22.567044] ? vmacache_update+0xfe/0x130 [ 22.571163] ? up_read+0x1a/0x40 [ 22.574497] ? __do_page_fault+0x3d6/0xc90 [ 22.578713] ? kvm_vcpu_fault+0x520/0x520 [ 22.582830] ? do_vfs_ioctl+0x486/0x1520 [ 22.586859] ? _cond_resched+0x14/0x30 [ 22.590719] ? ioctl_preallocate+0x2b0/0x2b0 [ 22.595097] ? selinux_capable+0x40/0x40 [ 22.599138] ? putname+0xf3/0x130 [ 22.602564] do_group_exit+0x149/0x400 [ 22.606422] ? SyS_exit+0x30/0x30 [ 22.609845] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 22.614829] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 22.619557] SyS_exit_group+0x1d/0x20 [ 22.623325] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 22.628049] RIP: 0033:0x43ed98 [ 22.631205] RSP: 002b:00007ffec7b55868 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 22.638882] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ed98 [ 22.646118] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 22.653357] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 22.660605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ac0 [ 22.667844] R13: 0000000000401b50 R14: 0000000000000000 R15: 0000000000000000 [ 22.675094] [ 22.676691] Allocated by task 3142: [ 22.680288] save_stack+0x43/0xd0 [ 22.683707] kasan_kmalloc+0xad/0xe0 [ 22.687388] kasan_slab_alloc+0x12/0x20 [ 22.691330] kmem_cache_alloc+0x12e/0x760 [ 22.695444] vmx_create_vcpu+0xc4/0x2f20 [ 22.699475] kvm_arch_vcpu_create+0x12c/0x1a0 [ 22.703938] kvm_vm_ioctl+0x48b/0x1c60 [ 22.707791] do_vfs_ioctl+0x1b1/0x1520 [ 22.711643] SyS_ioctl+0x8f/0xc0 [ 22.714982] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 22.719709] [ 22.721305] Freed by task 3142: [ 22.724551] save_stack+0x43/0xd0 [ 22.727972] kasan_slab_free+0x71/0xc0 [ 22.731827] kmem_cache_free+0x83/0x2a0 [ 22.735770] vmx_free_vcpu+0x1ee/0x260 [ 22.739633] kvm_arch_destroy_vm+0x4a2/0x980 [ 22.744009] kvm_put_kvm+0x695/0xde0 [ 22.747702] kvm_vm_release+0x42/0x50 [ 22.751471] __fput+0x327/0x7e0 [ 22.754728] ____fput+0x15/0x20 [ 22.757980] task_work_run+0x199/0x270 [ 22.761833] do_exit+0x9bb/0x1ad0 [ 22.765261] do_group_exit+0x149/0x400 [ 22.769115] SyS_exit_group+0x1d/0x20 [ 22.772884] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 22.777606] [ 22.779205] The buggy address belongs to the object at ffff8801c8e40040 [ 22.779205] which belongs to the cache kvm_vcpu of size 23872 [ 22.791743] The buggy address is located 24 bytes inside of [ 22.791743] 23872-byte region [ffff8801c8e40040, ffff8801c8e45d80) [ 22.803677] The buggy address belongs to the page: [ 22.808583] page:000000009af42af0 count:1 mapcount:0 mapping:0000000031ff6653 index:0x0 compound_mapcount: 0 [ 22.818519] flags: 0x2fffc0000008100(slab|head) [ 22.823159] raw: 02fffc0000008100 ffff8801c8e40040 0000000000000000 0000000100000001 [ 22.831008] raw: ffff8801d6438d48 ffff8801d6438d48 ffff8801d6437b40 0000000000000000 [ 22.838852] page dumped because: kasan: bad access detected [ 22.844527] [ 22.846121] Memory state around the buggy address: [ 22.851018] ffff8801c8e3ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.858353] ffff8801c8e3ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.865677] >ffff8801c8e40000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 22.873002] ^ [ 22.879200] ffff8801c8e40080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.886525] ffff8801c8e40100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.893851] ================================================================== [ 22.901175] Kernel panic - not syncing: panic_on_warn set ... [ 22.901175] [ 22.908507] CPU: 1 PID: 3142 Comm: syzkaller863713 Tainted: G B 4.15.0-rc4-next-20171220+ #77 [ 22.918350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.927671] Call Trace: [ 22.930230] dump_stack+0x194/0x257 [ 22.933829] ? arch_local_irq_restore+0x53/0x53 [ 22.938467] ? kasan_end_report+0x32/0x50 [ 22.942583] ? lock_downgrade+0x980/0x980 [ 22.946699] ? vsnprintf+0x1ed/0x1900 [ 22.950469] ? __schedule+0xcf0/0x2060 [ 22.954326] panic+0x1e4/0x41c [ 22.957486] ? refcount_error_report+0x214/0x214 [ 22.962215] ? print_shadow_for_address+0xdc/0x1a0 [ 22.967120] ? add_taint+0x1c/0x50 [ 22.970629] ? __schedule+0xda3/0x2060 [ 22.974497] kasan_end_report+0x50/0x50 [ 22.978437] kasan_report+0x144/0x340 [ 22.982207] __asan_report_load8_noabort+0x14/0x20 [ 22.987107] __schedule+0xda3/0x2060 [ 22.990971] ? __sched_text_start+0x8/0x8 [ 22.995087] ? trace_hardirqs_on+0xd/0x10 [ 22.999204] ? __call_srcu+0x7ee/0x1020 [ 23.003145] ? do_raw_spin_trylock+0x190/0x190 [ 23.007695] ? do_raw_spin_trylock+0x190/0x190 [ 23.012254] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.018107] ? __debug_object_init+0x235/0x1040 [ 23.022750] preempt_schedule_common+0x22/0x60 [ 23.027300] _cond_resched+0x1d/0x30 [ 23.030982] wait_for_completion+0xa5/0x770 [ 23.035271] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.040257] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 23.046025] ? __lockdep_init_map+0xe4/0x650 [ 23.050405] ? __init_waitqueue_head+0x97/0x140 [ 23.055042] ? init_wait_entry+0x1b0/0x1b0 [ 23.059253] __synchronize_srcu+0x1ad/0x260 [ 23.063544] ? call_srcu+0x10/0x10 [ 23.067052] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 23.072562] ? irq_matrix_allocated+0x80/0x80 [ 23.077027] ? synchronize_srcu+0x3c5/0x570 [ 23.081318] synchronize_srcu+0x1a3/0x570 [ 23.085434] ? synchronize_srcu+0x1a3/0x570 [ 23.089724] ? lock_downgrade+0x980/0x980 [ 23.093840] ? synchronize_srcu_expedited+0x20/0x20 [ 23.098826] ? lock_release+0xa40/0xa40 [ 23.102768] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 23.107582] ? do_raw_spin_trylock+0x190/0x190 [ 23.112142] kvm_page_track_unregister_notifier+0x186/0x270 [ 23.117822] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 23.123241] ? kvfree+0x36/0x60 [ 23.126487] ? rcu_read_lock_sched_held+0x108/0x120 [ 23.131475] kvm_mmu_uninit_vm+0x1c/0x20 [ 23.135504] kvm_arch_destroy_vm+0x73b/0x980 [ 23.139886] ? kvm_arch_sync_events+0x30/0x30 [ 23.144350] ? mmdrop+0x18/0x30 [ 23.147601] ? mmu_notifier_unregister+0x437/0x5c0 [ 23.152499] ? kvm_put_kvm+0x47a/0xde0 [ 23.156359] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 23.162212] ? __free_pages+0x107/0x150 [ 23.166154] ? free_unref_page+0x9e0/0x9e0 [ 23.170361] ? quarantine_put+0xeb/0x190 [ 23.174391] ? kfree+0xf0/0x260 [ 23.177636] ? kvm_put_kvm+0x614/0xde0 [ 23.181496] ? free_pages+0x51/0x90 [ 23.185095] kvm_put_kvm+0x695/0xde0 [ 23.188782] ? kvm_clear_guest+0xb0/0xb0 [ 23.192815] ? kvm_irqfd_release+0xd1/0x120 [ 23.197104] ? lock_downgrade+0x980/0x980 [ 23.201232] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.205703] ? kvm_irqfd_release+0xdd/0x120 [ 23.209993] ? kvm_irqfd_release+0xdd/0x120 [ 23.214284] ? kvm_put_kvm+0xde0/0xde0 [ 23.218139] kvm_vm_release+0x42/0x50 [ 23.221910] __fput+0x327/0x7e0 [ 23.225162] ? fput+0x140/0x140 [ 23.228413] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.234264] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.238731] ____fput+0x15/0x20 [ 23.241981] task_work_run+0x199/0x270 [ 23.245839] ? task_work_cancel+0x210/0x210 [ 23.250129] ? _raw_spin_unlock+0x22/0x30 [ 23.254242] ? switch_task_namespaces+0x87/0xc0 [ 23.258882] do_exit+0x9bb/0x1ad0 [ 23.262303] ? kvm_vcpu_fault+0x520/0x520 [ 23.266424] ? mm_update_next_owner+0x930/0x930 [ 23.271060] ? find_held_lock+0x35/0x1d0 [ 23.275095] ? handle_mm_fault+0x2a0/0x930 [ 23.279300] ? find_held_lock+0x35/0x1d0 [ 23.283335] ? __do_page_fault+0x5f7/0xc90 [ 23.287537] ? lock_downgrade+0x980/0x980 [ 23.291661] ? down_read_trylock+0xdb/0x170 [ 23.295951] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 23.300504] ? vmacache_find+0x5f/0x280 [ 23.304444] ? vmacache_update+0xfe/0x130 [ 23.308572] ? up_read+0x1a/0x40 [ 23.311908] ? __do_page_fault+0x3d6/0xc90 [ 23.316116] ? kvm_vcpu_fault+0x520/0x520 [ 23.320230] ? do_vfs_ioctl+0x486/0x1520 [ 23.324259] ? _cond_resched+0x14/0x30 [ 23.328115] ? ioctl_preallocate+0x2b0/0x2b0 [ 23.332495] ? selinux_capable+0x40/0x40 [ 23.336526] ? putname+0xf3/0x130 [ 23.339953] do_group_exit+0x149/0x400 [ 23.343815] ? SyS_exit+0x30/0x30 [ 23.347238] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.352704] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 23.357433] SyS_exit_group+0x1d/0x20 [ 23.361203] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.365928] RIP: 0033:0x43ed98 [ 23.369086] RSP: 002b:00007ffec7b55868 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 23.376763] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ed98 [ 23.384002] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 23.391240] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 23.398493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ac0 [ 23.405732] R13: 0000000000401b50 R14: 0000000000000000 R15: 0000000000000000 [ 23.412985] [ 23.412987] ====================================================== [ 23.412990] WARNING: possible circular locking dependency detected [ 23.412992] 4.15.0-rc4-next-20171220+ #77 Not tainted [ 23.412994] ------------------------------------------------------ [ 23.412996] syzkaller863713/3142 is trying to acquire lock: [ 23.412997] (&port_lock_key){-.-.}, at: [<0000000065e28b9e>] serial8250_console_write+0x7b1/0xa40 [ 23.413003] [ 23.413004] but task is already holding lock: [ 23.413005] (report_lock){....}, at: [<0000000046fc9cf0>] kasan_report+0x6b/0x340 [ 23.413010] [ 23.413012] which lock already depends on the new lock. [ 23.413013] [ 23.413014] [ 23.413016] the existing dependency chain (in reverse order) is: [ 23.413017] [ 23.413018] -> #4 (report_lock){....}: [ 23.413023] _raw_spin_lock_irqsave+0x96/0xc0 [ 23.413025] kasan_report+0x6b/0x340 [ 23.413027] __asan_report_load8_noabort+0x14/0x20 [ 23.413029] __schedule+0xda3/0x2060 [ 23.413030] preempt_schedule_common+0x22/0x60 [ 23.413032] _cond_resched+0x1d/0x30 [ 23.413034] wait_for_completion+0xa5/0x770 [ 23.413036] __synchronize_srcu+0x1ad/0x260 [ 23.413037] synchronize_srcu+0x1a3/0x570 [ 23.413039] kvm_page_track_unregister_notifier+0x186/0x270 [ 23.413041] kvm_mmu_uninit_vm+0x1c/0x20 [ 23.413043] kvm_arch_destroy_vm+0x73b/0x980 [ 23.413045] kvm_put_kvm+0x695/0xde0 [ 23.413046] kvm_vm_release+0x42/0x50 [ 23.413048] __fput+0x327/0x7e0 [ 23.413049] ____fput+0x15/0x20 [ 23.413051] task_work_run+0x199/0x270 [ 23.413052] do_exit+0x9bb/0x1ad0 [ 23.413054] do_group_exit+0x149/0x400 [ 23.413055] SyS_exit_group+0x1d/0x20 [ 23.413057] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.413058] [ 23.413059] -> #3 (&rq->lock){-.-.}: [ 23.413064] _raw_spin_lock+0x2a/0x40 [ 23.413066] task_fork_fair+0x7a/0x690 [ 23.413067] sched_fork+0x435/0xc00 [ 23.413069] copy_process.part.37+0x1758/0x4b60 [ 23.413071] _do_fork+0x1f7/0xf70 [ 23.413072] kernel_thread+0x34/0x40 [ 23.413074] rest_init+0x22/0xf0 [ 23.413075] start_kernel+0x7f1/0x819 [ 23.413077] x86_64_start_reservations+0x2a/0x2c [ 23.413079] x86_64_start_kernel+0x77/0x7a [ 23.413081] secondary_startup_64+0xa5/0xb0 [ 23.413082] [ 23.413083] -> #2 (&p->pi_lock){-.-.}: [ 23.413088] _raw_spin_lock_irqsave+0x96/0xc0 [ 23.413090] try_to_wake_up+0xbc/0x1600 [ 23.413091] default_wake_function+0x30/0x50 [ 23.413093] autoremove_wake_function+0x78/0x350 [ 23.413095] __wake_up_common+0x18e/0x780 [ 23.413097] __wake_up_common_lock+0x1b4/0x310 [ 23.413098] __wake_up+0xe/0x10 [ 23.413100] tty_wakeup+0x5e/0x100 [ 23.413102] tty_port_default_wakeup+0x2a/0x40 [ 23.413103] tty_port_tty_wakeup+0x58/0x70 [ 23.413105] uart_write_wakeup+0x44/0x60 [ 23.413107] serial8250_tx_chars+0x4a4/0x9e0 [ 23.413109] serial8250_handle_irq.part.23+0x1a3/0x210 [ 23.413111] serial8250_default_handle_irq+0xf2/0x120 [ 23.413113] serial8250_interrupt+0xe9/0x1b0 [ 23.413115] __handle_irq_event_percpu+0x1ad/0x9d0 [ 23.413116] handle_irq_event_percpu+0x98/0x1b0 [ 23.413118] handle_irq_event+0xa7/0x140 [ 23.413120] handle_edge_irq+0x1d5/0x7c0 [ 23.413121] handle_irq+0x17a/0x300 [ 23.413123] do_IRQ+0x78/0x190 [ 23.413124] ret_from_intr+0x0/0x1e [ 23.413126] native_safe_halt+0x6/0x10 [ 23.413128] default_idle+0xbf/0x430 [ 23.413129] arch_cpu_idle+0xa/0x10 [ 23.413131] default_idle_call+0x36/0x90 [ 23.413132] do_idle+0x24a/0x3b0 [ 23.413134] cpu_startup_entry+0x104/0x120 [ 23.413136] rest_init+0xed/0xf0 [ 23.413137] start_kernel+0x7f1/0x819 [ 23.413139] x86_64_start_reservations+0x2a/0x2c [ 23.413141] x86_64_start_kernel+0x77/0x7a [ 23.413143] secondary_startup_64+0xa5/0xb0 [ 23.413143] [ 23.413144] -> #1 (&tty->write_wait){-.-.}: [ 23.413150] _raw_spin_lock_irqsave+0x96/0xc0 [ 23.413152] __wake_up_common_lock+0x190/0x310 [ 23.413153] __wake_up+0xe/0x10 [ 23.413155] tty_wakeup+0x5e/0x100 [ 23.413157] tty_port_default_wakeup+0x2a/0x40 [ 23.413158] tty_port_tty_wakeup+0x58/0x70 [ 23.413160] uart_write_wakeup+0x44/0x60 [ 23.413162] serial8250_tx_chars+0x4a4/0x9e0 [ 23.413164] serial8250_handle_irq.part.23+0x1a3/0x210 [ 23.413166] serial8250_default_handle_irq+0xf2/0x120 [ 23.413168] serial8250_interrupt+0xe9/0x1b0 [ 23.413169] __handle_irq_event_percpu+0x1ad/0x9d0 [ 23.413171] handle_irq_event_percpu+0x98/0x1b0 [ 23.413173] handle_irq_event+0xa7/0x140 [ 23.413175] handle_edge_irq+0x1d5/0x7c0 [ 23.413176] handle_irq+0x17a/0x300 [ 23.413178] do_IRQ+0x78/0x190 [ 23.413179] ret_from_intr+0x0/0x1e [ 23.413181] native_safe_halt+0x6/0x10 [ 23.413183] default_idle+0xbf/0x430 [ 23.413184] arch_cpu_idle+0xa/0x10 [ 23.413186] default_idle_call+0x36/0x90 [ 23.413187] do_idle+0x24a/0x3b0 [ 23.413189] cpu_startup_entry+0x104/0x120 [ 23.413190] rest_init+0xed/0xf0 [ 23.413192] start_kernel+0x7f1/0x819 [ 23.413194] x86_64_start_reservations+0x2a/0x2c [ 23.413196] x86_64_start_kernel+0x77/0x7a [ 23.413197] secondary_startup_64+0xa5/0xb0 [ 23.413198] [ 23.413199] -> #0 (&port_lock_key){-.-.}: [ 23.413205] lock_acquire+0x1d5/0x580 [ 23.413206] _raw_spin_lock_irqsave+0x96/0xc0 [ 23.413208] serial8250_console_write+0x7b1/0xa40 [ 23.413210] univ8250_console_write+0x5f/0x70 [ 23.413212] console_unlock+0x788/0xd70 [ 23.413213] vprintk_emit+0x4ad/0x590 [ 23.413215] vprintk_default+0x28/0x30 [ 23.413217] vprintk_func+0x57/0xc0 [ 23.413218] printk+0xaa/0xca [ 23.413220] kasan_report+0x7b/0x340 [ 23.413221] __asan_report_load8_noabort+0x14/0x20 [ 23.413223] __schedule+0xda3/0x2060 [ 23.413225] preempt_schedule_common+0x22/0x60 [ 23.413226] _cond_resched+0x1d/0x30 [ 23.413228] wait_for_completion+0xa5/0x770 [ 23.413230] __synchronize_srcu+0x1ad/0x260 [ 23.413232] synchronize_srcu+0x1a3/0x570 [ 23.413234] kvm_page_track_unregister_notifier+0x186/0x270 [ 23.413235] kvm_mmu_uninit_vm+0x1c/0x20 [ 23.413237] kvm_arch_destroy_vm+0x73b/0x980 [ 23.413239] kvm_put_kvm+0x695/0xde0 [ 23.413240] kvm_vm_release+0x42/0x50 [ 23.413242] __fput+0x327/0x7e0 [ 23.413243] ____fput+0x15/0x20 [ 23.413245] task_work_run+0x199/0x270 [ 23.413246] do_exit+0x9bb/0x1ad0 [ 23.413248] do_group_exit+0x149/0x400 [ 23.413250] SyS_exit_group+0x1d/0x20 [ 23.413252] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.413252] [ 23.413254] other info that might help us debug this: [ 23.413255] [ 23.413256] Chain exists of: [ 23.413257] &port_lock_key --> &rq->lock --> report_lock [ 23.413264] [ 23.413265] Possible unsafe locking scenario: [ 23.413266] [ 23.413268] CPU0 CPU1 [ 23.413270] ---- ---- [ 23.413271] lock(report_lock); [ 23.413274] lock(&rq->lock); [ 23.413278] lock(report_lock); [ 23.413281] lock(&port_lock_key); [ 23.413284] [ 23.413285] *** DEADLOCK *** [ 23.413286] [ 23.413288] 3 locks held by syzkaller863713/3142: [ 23.413288] #0: (&rq->lock){-.-.}, at: [<000000007b59060f>] __schedule+0x24e/0x2060 [ 23.413294] #1: (report_lock){....}, at: [<0000000046fc9cf0>] kasan_report+0x6b/0x340 [ 23.413300] #2: (console_lock){+.+.}, at: [<00000000437fb28b>] vprintk_emit+0x49b/0x590 [ 23.413306] [ 23.413307] stack backtrace: [ 23.413310] CPU: 1 PID: 3142 Comm: syzkaller863713 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 23.413313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.413314] Call Trace: [ 23.413316] dump_stack+0x194/0x257 [ 23.413318] ? arch_local_irq_restore+0x53/0x53 [ 23.413319] print_circular_bug.isra.37+0x2cd/0x2dc [ 23.413321] ? save_trace+0xe0/0x2b0 [ 23.413323] __lock_acquire+0x30a8/0x3e00 [ 23.413324] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 23.413326] ? __kernel_text_address+0xd/0x40 [ 23.413328] ? unwind_get_return_address+0x61/0xa0 [ 23.413330] ? __save_stack_trace+0x7e/0xd0 [ 23.413331] ? __lock_acquire+0x2d15/0x3e00 [ 23.413333] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 23.413335] ? __lock_acquire+0x664/0x3e00 [ 23.413337] ? put_dec_trunc8+0x13f/0x2d0 [ 23.413338] ? put_dec+0x2e/0xd0 [ 23.413340] lock_acquire+0x1d5/0x580 [ 23.413341] ? lock_acquire+0x1d5/0x580 [ 23.413343] ? serial8250_console_write+0x7b1/0xa40 [ 23.413345] ? lock_release+0xa40/0xa40 [ 23.413346] ? vsnprintf+0x1ed/0x1900 [ 23.413348] ? pointer+0x9e0/0x9e0 [ 23.413349] ? univ8250_console_setup+0x160/0x160 [ 23.413351] _raw_spin_lock_irqsave+0x96/0xc0 [ 23.413353] ? serial8250_console_write+0x7b1/0xa40 [ 23.413355] serial8250_console_write+0x7b1/0xa40 [ 23.413357] ? console_unlock+0x385/0xd70 [ 23.413358] ? serial8250_start_tx+0x910/0x910 [ 23.413360] ? do_raw_spin_trylock+0x190/0x190 [ 23.413361] ? memcpy+0x45/0x50 [ 23.413363] ? univ8250_console_setup+0x160/0x160 [ 23.413365] univ8250_console_write+0x5f/0x70 [ 23.413367] console_unlock+0x788/0xd70 [ 23.413368] ? trace_hardirqs_off_caller+0x230/0x2c0 [ 23.413370] ? wake_up_klogd+0x100/0x100 [ 23.413372] ? vprintk_emit+0x49b/0x590 [ 23.413374] ? __down_trylock_console_sem+0x10d/0x1e0 [ 23.413375] vprintk_emit+0x4ad/0x590 [ 23.413377] vprintk_default+0x28/0x30 [ 23.413378] vprintk_func+0x57/0xc0 [ 23.413379] printk+0xaa/0xca [ 23.413381] ? show_regs_print_info+0x18/0x18 [ 23.413383] ? __schedule+0xda3/0x2060 [ 23.413384] kasan_report+0x7b/0x340 [ 23.413386] __asan_report_load8_noabort+0x14/0x20 [ 23.413388] __schedule+0xda3/0x2060 [ 23.413389] ? __sched_text_start+0x8/0x8 [ 23.413391] ? trace_hardirqs_on+0xd/0x10 [ 23.413393] ? __call_srcu+0x7ee/0x1020 [ 23.413394] ? do_raw_spin_trylock+0x190/0x190 [ 23.413396] ? do_raw_spin_trylock+0x190/0x190 [ 23.413398] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.413400] ? __debug_object_init+0x235/0x1040 [ 23.413402] preempt_schedule_common+0x22/0x60 [ 23.413403] _cond_resched+0x1d/0x30 [ 23.413405] wait_for_completion+0xa5/0x770 [ 23.413407] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.413409] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 23.413411] ? __lockdep_init_map+0xe4/0x650 [ 23.413412] ? __init_waitqueue_head+0x97/0x140 [ 23.413414] ? init_wait_entry+0x1b0/0x1b0 [ 23.413416] __synchronize_srcu+0x1ad/0x260 [ 23.413417] ? call_srcu+0x10/0x10 [ 23.413419] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 23.413420]  [ 23.413423] Lost 77 message(s)! [ 24.484378] Shutting down cpus with NMI [ 25.536090] Dumping ftrace buffer: [ 25.539601] (ftrace buffer empty) [ 25.543278] Kernel Offset: disabled [ 25.546872] Rebooting in 86400 seconds..