[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 11.984775] mcstransd (3058) used greatest stack depth: 14944 bytes left Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.693683] audit: type=1400 audit(1513883252.206:6): avc: denied { map } for pid=3146 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-1,10.128.15.203' (ECDSA) to the list of known hosts. executing program [ 22.910044] audit: type=1400 audit(1513883258.422:7): avc: denied { map } for pid=3160 comm="syzkaller468202" path="/root/syzkaller468202088" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 22.942965] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 22.954908] ================================================================== [ 22.963412] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 22.969608] Read of size 8 at addr ffff8801c8100058 by task syzkaller468202/3160 [ 22.977105] [ 22.978703] CPU: 0 PID: 3160 Comm: syzkaller468202 Not tainted 4.15.0-rc4-mm1+ #47 [ 22.986373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.995693] Call Trace: [ 22.998246] dump_stack+0x194/0x257 [ 23.001842] ? arch_local_irq_restore+0x53/0x53 [ 23.006477] ? show_regs_print_info+0x18/0x18 [ 23.010952] ? __schedule+0xda3/0x2060 [ 23.014810] print_address_description+0x73/0x250 [ 23.019619] ? __schedule+0xda3/0x2060 [ 23.023475] kasan_report+0x23b/0x360 [ 23.027246] __asan_report_load8_noabort+0x14/0x20 [ 23.032143] __schedule+0xda3/0x2060 [ 23.035829] ? __sched_text_start+0x8/0x8 [ 23.039948] ? trace_hardirqs_on+0xd/0x10 [ 23.044064] ? __call_srcu+0x7ee/0x1020 [ 23.048004] ? do_raw_spin_trylock+0x190/0x190 [ 23.052554] ? do_raw_spin_trylock+0x190/0x190 [ 23.057114] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.062965] ? __debug_object_init+0x235/0x1040 [ 23.067607] preempt_schedule_common+0x22/0x60 [ 23.072158] _cond_resched+0x1d/0x30 [ 23.075838] wait_for_completion+0xa5/0x770 [ 23.080131] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.085114] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 23.090887] ? __lockdep_init_map+0xe4/0x650 [ 23.095266] ? __init_waitqueue_head+0x97/0x140 [ 23.099903] ? init_wait_entry+0x1b0/0x1b0 [ 23.104114] __synchronize_srcu+0x1ad/0x260 [ 23.108401] ? call_srcu+0x10/0x10 [ 23.111907] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 23.117418] ? irq_matrix_allocated+0x80/0x80 [ 23.121878] ? synchronize_srcu+0x3c5/0x570 [ 23.126169] synchronize_srcu+0x1a3/0x570 [ 23.130289] ? synchronize_srcu+0x1a3/0x570 [ 23.134579] ? lock_downgrade+0x980/0x980 [ 23.138702] ? synchronize_srcu_expedited+0x20/0x20 [ 23.143689] ? lock_release+0xa40/0xa40 [ 23.147632] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 23.152443] ? do_raw_spin_trylock+0x190/0x190 [ 23.157010] kvm_page_track_unregister_notifier+0x186/0x270 [ 23.162689] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 23.168111] ? kvfree+0x36/0x60 [ 23.171357] ? rcu_read_lock_sched_held+0x108/0x120 [ 23.176344] kvm_mmu_uninit_vm+0x1c/0x20 [ 23.180373] kvm_arch_destroy_vm+0x73b/0x980 [ 23.184754] ? kvm_arch_sync_events+0x30/0x30 [ 23.189216] ? mmdrop+0x18/0x30 [ 23.192465] ? mmu_notifier_unregister+0x43c/0x5c0 [ 23.197363] ? kvm_put_kvm+0x47a/0xde0 [ 23.201225] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 23.207167] ? __free_pages+0x107/0x150 [ 23.211107] ? free_unref_page+0x9e0/0x9e0 [ 23.215313] ? quarantine_put+0xeb/0x190 [ 23.219341] ? kfree+0xf0/0x260 [ 23.222600] ? kvm_put_kvm+0x614/0xde0 [ 23.226461] ? free_pages+0x51/0x90 [ 23.230057] kvm_put_kvm+0x695/0xde0 [ 23.233744] ? kvm_clear_guest+0xb0/0xb0 [ 23.237777] ? kvm_irqfd_release+0xd1/0x120 [ 23.242067] ? lock_downgrade+0x980/0x980 [ 23.246194] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.250666] ? kvm_irqfd_release+0xdd/0x120 [ 23.254955] ? kvm_irqfd_release+0xdd/0x120 [ 23.259246] ? kvm_put_kvm+0xde0/0xde0 [ 23.263104] kvm_vm_release+0x42/0x50 [ 23.266874] __fput+0x327/0x7e0 [ 23.270136] ? fput+0x140/0x140 [ 23.273385] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.279236] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.283703] ____fput+0x15/0x20 [ 23.286953] task_work_run+0x199/0x270 [ 23.290810] ? task_work_cancel+0x210/0x210 [ 23.295102] ? _raw_spin_unlock+0x22/0x30 [ 23.299217] ? switch_task_namespaces+0x87/0xc0 [ 23.303859] do_exit+0x9bb/0x1ad0 [ 23.307281] ? kvm_vcpu_fault+0x520/0x520 [ 23.311402] ? mm_update_next_owner+0x930/0x930 [ 23.316038] ? find_held_lock+0x35/0x1d0 [ 23.320075] ? handle_mm_fault+0x2a0/0x930 [ 23.324282] ? find_held_lock+0x35/0x1d0 [ 23.328320] ? __do_page_fault+0x5f7/0xc90 [ 23.332524] ? lock_downgrade+0x980/0x980 [ 23.336647] ? down_read_trylock+0xdb/0x170 [ 23.340938] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 23.345486] ? vmacache_find+0x5f/0x280 [ 23.349433] ? up_read+0x1a/0x40 [ 23.352770] ? __do_page_fault+0x3d6/0xc90 [ 23.356976] ? kvm_vcpu_fault+0x520/0x520 [ 23.361093] ? do_vfs_ioctl+0x486/0x1520 [ 23.365122] ? _cond_resched+0x14/0x30 [ 23.368982] ? ioctl_preallocate+0x2b0/0x2b0 [ 23.373360] ? selinux_capable+0x40/0x40 [ 23.377391] ? putname+0xf3/0x130 [ 23.380815] do_group_exit+0x149/0x400 [ 23.384672] ? SyS_exit+0x30/0x30 [ 23.388096] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.393080] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 23.397807] SyS_exit_group+0x1d/0x20 [ 23.401574] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.406298] RIP: 0033:0x43ed88 [ 23.409454] RSP: 002b:00007fff23181a48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 23.417215] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ed88 [ 23.424452] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 23.431691] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 23.438934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 23.446171] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 23.453422] [ 23.455021] Allocated by task 3160: [ 23.458617] save_stack+0x43/0xd0 [ 23.462037] kasan_kmalloc+0xad/0xe0 [ 23.465717] kasan_slab_alloc+0x12/0x20 [ 23.469658] kmem_cache_alloc+0x12e/0x760 [ 23.473775] vmx_create_vcpu+0xc4/0x2f20 [ 23.477801] kvm_arch_vcpu_create+0x12c/0x1a0 [ 23.482262] kvm_vm_ioctl+0x48b/0x1c60 [ 23.486116] do_vfs_ioctl+0x1b1/0x1520 [ 23.489969] SyS_ioctl+0x8f/0xc0 [ 23.493302] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.498022] [ 23.499617] Freed by task 3160: [ 23.502862] save_stack+0x43/0xd0 [ 23.506282] kasan_slab_free+0x71/0xc0 [ 23.510133] kmem_cache_free+0x83/0x2a0 [ 23.514073] vmx_free_vcpu+0x1ee/0x260 [ 23.517928] kvm_arch_destroy_vm+0x4a2/0x980 [ 23.522303] kvm_put_kvm+0x695/0xde0 [ 23.525980] kvm_vm_release+0x42/0x50 [ 23.529745] __fput+0x327/0x7e0 [ 23.532991] ____fput+0x15/0x20 [ 23.536240] task_work_run+0x199/0x270 [ 23.540095] do_exit+0x9bb/0x1ad0 [ 23.543515] do_group_exit+0x149/0x400 [ 23.547366] SyS_exit_group+0x1d/0x20 [ 23.551136] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.555853] [ 23.557449] The buggy address belongs to the object at ffff8801c8100040 [ 23.557449] which belongs to the cache kvm_vcpu of size 23872 [ 23.569983] The buggy address is located 24 bytes inside of [ 23.569983] 23872-byte region [ffff8801c8100040, ffff8801c8105d80) [ 23.581909] The buggy address belongs to the page: [ 23.586804] page:ffffea0007204000 count:1 mapcount:0 mapping:ffff8801c8100040 index:0x0 compound_mapcount: 0 [ 23.596738] flags: 0x2fffc0000008100(slab|head) [ 23.601379] raw: 02fffc0000008100 ffff8801c8100040 0000000000000000 0000000100000001 [ 23.609228] raw: ffff8801d6431e48 ffff8801d6431e48 ffff8801d64270c0 0000000000000000 [ 23.617073] page dumped because: kasan: bad access detected [ 23.622747] [ 23.624343] Memory state around the buggy address: [ 23.629238] ffff8801c80fff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.636564] ffff8801c80fff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.643891] >ffff8801c8100000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 23.651225] ^ [ 23.657420] ffff8801c8100080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.664745] ffff8801c8100100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.672069] ================================================================== [ 23.679393] Kernel panic - not syncing: panic_on_warn set ... [ 23.679393] [ 23.686809] CPU: 0 PID: 3160 Comm: syzkaller468202 Tainted: G B 4.15.0-rc4-mm1+ #47 [ 23.695784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.705105] Call Trace: [ 23.707665] dump_stack+0x194/0x257 [ 23.711263] ? arch_local_irq_restore+0x53/0x53 [ 23.715902] ? kasan_end_report+0x32/0x50 [ 23.720022] ? lock_downgrade+0x980/0x980 [ 23.724138] ? vsnprintf+0x1ed/0x1900 [ 23.727909] ? __schedule+0xcf0/0x2060 [ 23.731766] panic+0x1e4/0x41c [ 23.734925] ? refcount_error_report+0x214/0x214 [ 23.739652] ? print_shadow_for_address+0xdc/0x1a0 [ 23.744547] ? add_taint+0x1c/0x50 [ 23.748057] ? __schedule+0xda3/0x2060 [ 23.751912] kasan_end_report+0x50/0x50 [ 23.755854] kasan_report+0x148/0x360 [ 23.759624] __asan_report_load8_noabort+0x14/0x20 [ 23.764520] __schedule+0xda3/0x2060 [ 23.768209] ? __sched_text_start+0x8/0x8 [ 23.772325] ? trace_hardirqs_on+0xd/0x10 [ 23.776443] ? __call_srcu+0x7ee/0x1020 [ 23.780384] ? do_raw_spin_trylock+0x190/0x190 [ 23.784934] ? do_raw_spin_trylock+0x190/0x190 [ 23.789491] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.795344] ? __debug_object_init+0x235/0x1040 [ 23.799986] preempt_schedule_common+0x22/0x60 [ 23.804535] _cond_resched+0x1d/0x30 [ 23.808219] wait_for_completion+0xa5/0x770 [ 23.812506] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.817491] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 23.823256] ? __lockdep_init_map+0xe4/0x650 [ 23.827635] ? __init_waitqueue_head+0x97/0x140 [ 23.832271] ? init_wait_entry+0x1b0/0x1b0 [ 23.836482] __synchronize_srcu+0x1ad/0x260 [ 23.840772] ? call_srcu+0x10/0x10 [ 23.844280] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 23.849787] ? irq_matrix_allocated+0x80/0x80 [ 23.854251] ? synchronize_srcu+0x3c5/0x570 [ 23.858541] synchronize_srcu+0x1a3/0x570 [ 23.862662] ? synchronize_srcu+0x1a3/0x570 [ 23.866949] ? lock_downgrade+0x980/0x980 [ 23.871064] ? synchronize_srcu_expedited+0x20/0x20 [ 23.876047] ? lock_release+0xa40/0xa40 [ 23.879991] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 23.884803] ? do_raw_spin_trylock+0x190/0x190 [ 23.889362] kvm_page_track_unregister_notifier+0x186/0x270 [ 23.895042] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 23.900461] ? kvfree+0x36/0x60 [ 23.903707] ? rcu_read_lock_sched_held+0x108/0x120 [ 23.908697] kvm_mmu_uninit_vm+0x1c/0x20 [ 23.912723] kvm_arch_destroy_vm+0x73b/0x980 [ 23.917107] ? kvm_arch_sync_events+0x30/0x30 [ 23.921572] ? mmdrop+0x18/0x30 [ 23.924821] ? mmu_notifier_unregister+0x43c/0x5c0 [ 23.929718] ? kvm_put_kvm+0x47a/0xde0 [ 23.933577] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 23.939515] ? __free_pages+0x107/0x150 [ 23.943454] ? free_unref_page+0x9e0/0x9e0 [ 23.947659] ? quarantine_put+0xeb/0x190 [ 23.951688] ? kfree+0xf0/0x260 [ 23.954935] ? kvm_put_kvm+0x614/0xde0 [ 23.958793] ? free_pages+0x51/0x90 [ 23.962391] kvm_put_kvm+0x695/0xde0 [ 23.966078] ? kvm_clear_guest+0xb0/0xb0 [ 23.970112] ? kvm_irqfd_release+0xd1/0x120 [ 23.974400] ? lock_downgrade+0x980/0x980 [ 23.978526] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.982994] ? kvm_irqfd_release+0xdd/0x120 [ 23.987280] ? kvm_irqfd_release+0xdd/0x120 [ 23.991571] ? kvm_put_kvm+0xde0/0xde0 [ 23.995425] kvm_vm_release+0x42/0x50 [ 23.999196] __fput+0x327/0x7e0 [ 24.002448] ? fput+0x140/0x140 [ 24.005694] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.011545] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.016012] ____fput+0x15/0x20 [ 24.019270] task_work_run+0x199/0x270 [ 24.023130] ? task_work_cancel+0x210/0x210 [ 24.027417] ? _raw_spin_unlock+0x22/0x30 [ 24.031535] ? switch_task_namespaces+0x87/0xc0 [ 24.036175] do_exit+0x9bb/0x1ad0 [ 24.039598] ? kvm_vcpu_fault+0x520/0x520 [ 24.043716] ? mm_update_next_owner+0x930/0x930 [ 24.048353] ? find_held_lock+0x35/0x1d0 [ 24.052389] ? handle_mm_fault+0x2a0/0x930 [ 24.056594] ? find_held_lock+0x35/0x1d0 [ 24.060628] ? __do_page_fault+0x5f7/0xc90 [ 24.064831] ? lock_downgrade+0x980/0x980 [ 24.068950] ? down_read_trylock+0xdb/0x170 [ 24.073247] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 24.077796] ? vmacache_find+0x5f/0x280 [ 24.081742] ? up_read+0x1a/0x40 [ 24.085078] ? __do_page_fault+0x3d6/0xc90 [ 24.089289] ? kvm_vcpu_fault+0x520/0x520 [ 24.093402] ? do_vfs_ioctl+0x486/0x1520 [ 24.097429] ? _cond_resched+0x14/0x30 [ 24.101285] ? ioctl_preallocate+0x2b0/0x2b0 [ 24.105664] ? selinux_capable+0x40/0x40 [ 24.109695] ? putname+0xf3/0x130 [ 24.113121] do_group_exit+0x149/0x400 [ 24.116980] ? SyS_exit+0x30/0x30 [ 24.120406] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.125392] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.130116] SyS_exit_group+0x1d/0x20 [ 24.133892] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.138614] RIP: 0033:0x43ed88 [ 24.141769] RSP: 002b:00007fff23181a48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 24.149442] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ed88 [ 24.156680] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 24.163916] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 24.171151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 24.178388] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 24.185639] [ 24.185642] ====================================================== [ 24.185644] WARNING: possible circular locking dependency detected [ 24.185645] 4.15.0-rc4-mm1+ #47 Not tainted [ 24.185648] ------------------------------------------------------ [ 24.185650] syzkaller468202/3160 is trying to acquire lock: [ 24.185651] ((console_sem).lock){..-.}, at: [<000000009486dd92>] down_trylock+0x13/0x70 [ 24.185656] [ 24.185658] but task is already holding lock: [ 24.185660] (report_lock){....}, at: [<000000009a47fee1>] kasan_report+0x6b/0x360 [ 24.185665] [ 24.185667] which lock already depends on the new lock. [ 24.185668] [ 24.185669] [ 24.185671] the existing dependency chain (in reverse order) is: [ 24.185672] [ 24.185673] -> #3 (report_lock){....}: [ 24.185679] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.185680] kasan_report+0x6b/0x360 [ 24.185682] __asan_report_load8_noabort+0x14/0x20 [ 24.185684] __schedule+0xda3/0x2060 [ 24.185686] preempt_schedule_common+0x22/0x60 [ 24.185687] _cond_resched+0x1d/0x30 [ 24.185689] wait_for_completion+0xa5/0x770 [ 24.185691] __synchronize_srcu+0x1ad/0x260 [ 24.185693] synchronize_srcu+0x1a3/0x570 [ 24.185695] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.185696] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.185698] kvm_arch_destroy_vm+0x73b/0x980 [ 24.185700] kvm_put_kvm+0x695/0xde0 [ 24.185701] kvm_vm_release+0x42/0x50 [ 24.185703] __fput+0x327/0x7e0 [ 24.185704] ____fput+0x15/0x20 [ 24.185707] task_work_run+0x199/0x270 [ 24.185708] do_exit+0x9bb/0x1ad0 [ 24.185710] do_group_exit+0x149/0x400 [ 24.185712] SyS_exit_group+0x1d/0x20 [ 24.185714] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.185714] [ 24.185715] -> #2 (&rq->lock){-.-.}: [ 24.185721] _raw_spin_lock+0x2a/0x40 [ 24.185722] task_fork_fair+0x7a/0x690 [ 24.185724] sched_fork+0x435/0xc00 [ 24.185726] copy_process.part.37+0x1758/0x4b60 [ 24.185727] _do_fork+0x1f7/0xf70 [ 24.185729] kernel_thread+0x34/0x40 [ 24.185730] rest_init+0x22/0xf0 [ 24.185732] start_kernel+0x7f1/0x819 [ 24.185734] x86_64_start_reservations+0x2a/0x2c [ 24.185735] x86_64_start_kernel+0x77/0x7a [ 24.185737] secondary_startup_64+0xa5/0xb0 [ 24.185738] [ 24.185739] -> #1 (&p->pi_lock){-.-.}: [ 24.185744] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.185746] try_to_wake_up+0xbc/0x1600 [ 24.185748] wake_up_process+0x10/0x20 [ 24.185749] __up.isra.0+0x1cc/0x2c0 [ 24.185751] up+0x13b/0x1d0 [ 24.185752] __up_console_sem+0xb2/0x1a0 [ 24.185754] console_unlock+0x538/0xd70 [ 24.185756] do_con_write+0x106e/0x1f70 [ 24.185757] con_write+0x25/0xb0 [ 24.185759] n_tty_write+0x5ef/0xec0 [ 24.185760] tty_write+0x3fa/0x840 [ 24.185762] __vfs_write+0xef/0x970 [ 24.185763] vfs_write+0x189/0x510 [ 24.185765] SyS_write+0xef/0x220 [ 24.185767] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.185768] [ 24.185769] -> #0 ((console_sem).lock){..-.}: [ 24.185774] lock_acquire+0x1d5/0x580 [ 24.185776] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.185777] down_trylock+0x13/0x70 [ 24.185779] __down_trylock_console_sem+0xa2/0x1e0 [ 24.185781] console_trylock+0x15/0x100 [ 24.185783] vprintk_emit+0x49b/0x590 [ 24.185784] vprintk_default+0x28/0x30 [ 24.185786] vprintk_func+0x57/0xc0 [ 24.185787] printk+0xaa/0xca [ 24.185789] kasan_report+0x7b/0x360 [ 24.185791] __asan_report_load8_noabort+0x14/0x20 [ 24.185792] __schedule+0xda3/0x2060 [ 24.185794] preempt_schedule_common+0x22/0x60 [ 24.185796] _cond_resched+0x1d/0x30 [ 24.185798] wait_for_completion+0xa5/0x770 [ 24.185799] __synchronize_srcu+0x1ad/0x260 [ 24.185801] synchronize_srcu+0x1a3/0x570 [ 24.185803] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.185805] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.185807] kvm_arch_destroy_vm+0x73b/0x980 [ 24.185808] kvm_put_kvm+0x695/0xde0 [ 24.185810] kvm_vm_release+0x42/0x50 [ 24.185811] __fput+0x327/0x7e0 [ 24.185813] ____fput+0x15/0x20 [ 24.185814] task_work_run+0x199/0x270 [ 24.185816] do_exit+0x9bb/0x1ad0 [ 24.185818] do_group_exit+0x149/0x400 [ 24.185819] SyS_exit_group+0x1d/0x20 [ 24.185821] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.185822] [ 24.185824] other info that might help us debug this: [ 24.185825] [ 24.185826] Chain exists of: [ 24.185827] (console_sem).lock --> &rq->lock --> report_lock [ 24.185833] [ 24.185835] Possible unsafe locking scenario: [ 24.185836] [ 24.185838] CPU0 CPU1 [ 24.185839] ---- ---- [ 24.185840] lock(report_lock); [ 24.185844] lock(&rq->lock); [ 24.185848] lock(report_lock); [ 24.185850] lock((console_sem).lock); [ 24.185854] [ 24.185855] *** DEADLOCK *** [ 24.185856] [ 24.185857] 2 locks held by syzkaller468202/3160: [ 24.185858] #0: (&rq->lock){-.-.}, at: [<00000000ffbfa536>] __schedule+0x24e/0x2060 [ 24.185864] #1: (report_lock){....}, at: [<000000009a47fee1>] kasan_report+0x6b/0x360 [ 24.185870] [ 24.185871] stack backtrace: [ 24.185874] CPU: 0 PID: 3160 Comm: syzkaller468202 Not tainted 4.15.0-rc4-mm1+ #47 [ 24.185877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.185879] Call Trace: [ 24.185881] dump_stack+0x194/0x257 [ 24.185882] ? arch_local_irq_restore+0x53/0x53 [ 24.185884] print_circular_bug.isra.37+0x2cd/0x2dc [ 24.185886] ? save_trace+0xe0/0x2b0 [ 24.185887] __lock_acquire+0x30a8/0x3e00 [ 24.185889] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.185892] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.185894] ? print_lockdep_cache.isra.31+0x109/0x109 [ 24.185896] ? save_stack_trace+0x1a/0x20 [ 24.185897] ? save_trace+0xe0/0x2b0 [ 24.185899] ? __lock_acquire+0x36c0/0x3e00 [ 24.185901] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.185903] ? __lock_is_held+0xb6/0x140 [ 24.185904] ? __lock_is_held+0xb6/0x140 [ 24.185906] lock_acquire+0x1d5/0x580 [ 24.185907] ? lock_acquire+0x1d5/0x580 [ 24.185909] ? down_trylock+0x13/0x70 [ 24.185911] ? find_held_lock+0x35/0x1d0 [ 24.185912] ? lock_release+0xa40/0xa40 [ 24.185914] ? vprintk_emit+0x379/0x590 [ 24.185915] ? lock_downgrade+0x980/0x980 [ 24.185917] ? kvm_sched_clock_read+0x25/0x40 [ 24.185919] ? sched_clock+0x31/0x40 [ 24.185920] ? sched_clock_cpu+0x1b/0x170 [ 24.185922] ? vprintk_emit+0x49b/0x590 [ 24.185924] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.185925] ? down_trylock+0x13/0x70 [ 24.185927] down_trylock+0x13/0x70 [ 24.185928] ? vprintk_emit+0x49b/0x590 [ 24.185930] __down_trylock_console_sem+0xa2/0x1e0 [ 24.185932] console_trylock+0x15/0x100 [ 24.185933] vprintk_emit+0x49b/0x590 [ 24.185935] vprintk_default+0x28/0x30 [ 24.185936] vprintk_func+0x57/0xc0 [ 24.185938] printk+0xaa/0xca [ 24.185939] ? show_regs_print_info+0x18/0x18 [ 24.185941] ? __schedule+0xda3/0x2060 [ 24.185942] kasan_report+0x7b/0x360 [ 24.185944] __asan_report_load8_noabort+0x14/0x20 [ 24.185946] __schedule+0xda3/0x2060 [ 24.185947] ? __sched_text_start+0x8/0x8 [ 24.185949] ? trace_hardirqs_on+0xd/0x10 [ 24.185951] ? __call_srcu+0x7ee/0x1020 [ 24.185952] ? do_raw_spin_trylock+0x190/0x190 [ 24.185954] ? do_raw_spin_trylock+0x190/0x190 [ 24.185956] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.185958] ? __debug_object_init+0x235/0x1040 [ 24.185960] preempt_schedule_common+0x22/0x60 [ 24.185961] _cond_resched+0x1d/0x30 [ 24.185963] wait_for_completion+0xa5/0x770 [ 24.185965] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.185967] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 24.185969] ? __lockdep_init_map+0xe4/0x650 [ 24.185970] ? __init_waitqueue_head+0x97/0x140 [ 24.185972] ? init_wait_entry+0x1b0/0x1b0 [ 24.185974] __synchronize_srcu+0x1ad/0x260 [ 24.185975] ? call_srcu+0x10/0x10 [ 24.185977] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 24.185979] ? irq_matrix_allocated+0x80/0x80 [ 24.185981] ? synchronize_srcu+0x3c5/0x570 [ 24.185982] synchronize_srcu+0x1a3/0x570 [ 24.185984] ? synchronize_srcu+0x1a3/0x570 [ 24.185986] ? lock_downgrade+0x980/0x980 [ 24.185987] ? synchronize_srcu_expedited+0x20/0x20 [ 24.185989] ? lock_release+0xa40/0xa40 [ 24.185991] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 24.185993] ? do_raw_spin_trylock+0x190/0x190 [ 24.185995] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.185997] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 24.185998] ? kvfree+0x36/0x60 [ 24.186000] ? rcu_read_lock_sched_held+0x108/0x120 [ 24.186002] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.186003] kvm_arch_destroy_vm+0x73b/0x980 [ 24.186005] ? kvm_arch_sync_events+0x30/0x30 [ 24.186007] ? mmdrop+0x18/0x30 [ 24.186008] ? mmu_notifier_unregister+0x43c/0x5c0 [ 24.186010] ? kvm_put_kvm+0x47a/0xde0 [ 24.186012] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 24.186014] ? __free_pages+0x107/0x150 [ 24.186015] ? free_unref_page+0x9e0/0x9e0 [ 24.186017] ? quarantine_put+0xeb/0x190 [ 24.186018] ? kfree+0xf0/0x260 [ 24.186020] ? kvm_put_kvm+0x614/0xde0 [ 24.186022] ? free_pages+0x51/0x90 [ 24.186023] kvm_put_kvm+0x695/0xde0 [ 24.186025] ? kvm_clear_guest+0xb0/0xb0 [ 24.186026] ? kvm_irqfd_release+0xd1/0x120 [ 24.186028] ? lock_downgrade+0x980/0x980 [ 24.186030] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.186032] ? kvm_irqfd_release+0xdd/0x120 [ 24.186033] ? kvm_irqfd_release+0xdd/0x120 [ 24.186035] ? kvm_put_kvm+0xde0/0xde0 [ 24.186036] kvm_vm_release+0x42/0x50 [ 24.186038] __fput+0x327/0x7e0 [ 24.186039] ? fput+0x140/0x140 [ 24.186041] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.186043] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.186045] ____fput+0x15/0x20 [ 24.186046] task_work_run+0x199/0x270 [ 24.186048] ? task_work_cancel+0x210/0x210 [ 24.186050] ? _raw_spin_unlock+0x22/0x30 [ 24.186051] ? switch_task_namespaces+0x87/0xc0 [ 24.186053] do_exit+0x9bb/0x1ad0 [ 24.186054] ? kvm_vcpu_fault+0x520/0x520 [ 24.186056] ? mm_update_next_owner+0x930/0x930 [ 24.186058] ? find_held_lock+0x35/0x1d0 [ 24.186060] ? handle_mm_fault+0x2a0/0x930 [ 24.186061] ? find_held_lock+0x35/0x1d0 [ 24.186063] ? __do_page_fault+0x5f7/0xc90 [ 24.186064] ? lock_downgrade+0x980/0x980 [ 24.186066] ? down_read_trylock+0xdb/0x170 [ 24.186068] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 24.186069] ? vmacache_find+0x5f/0x280 [ 24.186071] ? up_read+0x1a/0x40 [ 24.186073] ? __do_page_fault+0x3d6/0xc90 [ 24.186074] ? kvm_vcpu_fault+0x520/0x520 [ 24.186076] ? do_vfs_ioctl+0x486/0x1520 [ 24.186081] ? _cond_resched+0x14/0x30 [ 24.186083] ? ioctl_preallocate+0x2b0/0x2b0 [ 24.186084] ? selinux_capable+0x40/0x40 [ 24.186086] ? putname+0xf3/0x130 [ 24.186087] do_group_exit+0x149/0x [ 24.186091] Lost 13 message(s)! [ 25.258481] Shutting down cpus with NMI [ 26.313655] Dumping ftrace buffer: [ 26.317169] (ftrace buffer empty) [ 26.320844] Kernel Offset: disabled [ 26.324435] Rebooting in 86400 seconds..