[....] Starting enhanced syslogd: rsyslogd[ 11.477962] audit: type=1400 audit(1513860788.725:5): avc: denied { syslog } for pid=2998 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.357486] audit: type=1400 audit(1513860794.605:6): avc: denied { map } for pid=3137 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-4,10.128.15.208' (ECDSA) to the list of known hosts. executing program [ 23.557711] audit: type=1400 audit(1513860800.805:7): avc: denied { map } for pid=3151 comm="syzkaller938036" path="/root/syzkaller938036349" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 23.590590] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 23.602409] ================================================================== [ 23.611018] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 23.617221] Read of size 8 at addr ffff8801c9260058 by task syzkaller938036/3151 [ 23.624720] [ 23.626319] CPU: 1 PID: 3151 Comm: syzkaller938036 Not tainted 4.15.0-rc4-mm1+ #47 [ 23.633991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.643314] Call Trace: [ 23.645871] dump_stack+0x194/0x257 [ 23.649467] ? arch_local_irq_restore+0x53/0x53 [ 23.654106] ? show_regs_print_info+0x18/0x18 [ 23.658571] ? __schedule+0xda3/0x2060 [ 23.662450] print_address_description+0x73/0x250 [ 23.667256] ? __schedule+0xda3/0x2060 [ 23.671113] kasan_report+0x23b/0x360 [ 23.674879] __asan_report_load8_noabort+0x14/0x20 [ 23.679772] __schedule+0xda3/0x2060 [ 23.683454] ? __sched_text_start+0x8/0x8 [ 23.687565] ? trace_hardirqs_on+0xd/0x10 [ 23.691679] ? __call_srcu+0x7ee/0x1020 [ 23.695619] ? do_raw_spin_trylock+0x190/0x190 [ 23.700166] ? do_raw_spin_trylock+0x190/0x190 [ 23.704718] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.710570] ? __debug_object_init+0x235/0x1040 [ 23.715218] preempt_schedule_common+0x22/0x60 [ 23.719781] _cond_resched+0x1d/0x30 [ 23.723459] wait_for_completion+0xa5/0x770 [ 23.727743] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.732725] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 23.738486] ? __lockdep_init_map+0xe4/0x650 [ 23.743731] ? __init_waitqueue_head+0x97/0x140 [ 23.748374] ? init_wait_entry+0x1b0/0x1b0 [ 23.752603] __synchronize_srcu+0x1ad/0x260 [ 23.756897] ? call_srcu+0x10/0x10 [ 23.760403] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 23.765909] ? irq_matrix_allocated+0x80/0x80 [ 23.770371] ? synchronize_srcu+0x3c5/0x570 [ 23.774660] synchronize_srcu+0x1a3/0x570 [ 23.778779] ? synchronize_srcu+0x1a3/0x570 [ 23.783072] ? lock_downgrade+0x980/0x980 [ 23.787196] ? synchronize_srcu_expedited+0x20/0x20 [ 23.792177] ? lock_release+0xa40/0xa40 [ 23.796119] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 23.800929] ? do_raw_spin_trylock+0x190/0x190 [ 23.805482] kvm_page_track_unregister_notifier+0x186/0x270 [ 23.811158] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 23.816588] ? kvfree+0x36/0x60 [ 23.819834] ? rcu_read_lock_sched_held+0x108/0x120 [ 23.824819] kvm_mmu_uninit_vm+0x1c/0x20 [ 23.828846] kvm_arch_destroy_vm+0x73b/0x980 [ 23.833224] ? kvm_arch_sync_events+0x30/0x30 [ 23.837683] ? mmdrop+0x18/0x30 [ 23.840931] ? mmu_notifier_unregister+0x43c/0x5c0 [ 23.845824] ? kvm_put_kvm+0x47a/0xde0 [ 23.849679] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 23.855617] ? __free_pages+0x107/0x150 [ 23.859556] ? free_unref_page+0x9e0/0x9e0 [ 23.863756] ? quarantine_put+0xeb/0x190 [ 23.867781] ? kfree+0xf0/0x260 [ 23.871026] ? kvm_put_kvm+0x614/0xde0 [ 23.874886] ? free_pages+0x51/0x90 [ 23.878480] kvm_put_kvm+0x695/0xde0 [ 23.882162] ? kvm_clear_guest+0xb0/0xb0 [ 23.886192] ? kvm_irqfd_release+0xd1/0x120 [ 23.890481] ? lock_downgrade+0x980/0x980 [ 23.894601] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.899066] ? kvm_irqfd_release+0xdd/0x120 [ 23.903351] ? kvm_irqfd_release+0xdd/0x120 [ 23.907637] ? kvm_put_kvm+0xde0/0xde0 [ 23.911487] kvm_vm_release+0x42/0x50 [ 23.915257] __fput+0x327/0x7e0 [ 23.918505] ? fput+0x140/0x140 [ 23.921751] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.927606] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.932079] ____fput+0x15/0x20 [ 23.935326] task_work_run+0x199/0x270 [ 23.939183] ? task_work_cancel+0x210/0x210 [ 23.943470] ? _raw_spin_unlock+0x22/0x30 [ 23.947583] ? switch_task_namespaces+0x87/0xc0 [ 23.952218] do_exit+0x9bb/0x1ad0 [ 23.955633] ? kvm_vcpu_fault+0x520/0x520 [ 23.959749] ? mm_update_next_owner+0x930/0x930 [ 23.964379] ? find_held_lock+0x35/0x1d0 [ 23.968409] ? handle_mm_fault+0x2a0/0x930 [ 23.972615] ? find_held_lock+0x35/0x1d0 [ 23.976649] ? __do_page_fault+0x5f7/0xc90 [ 23.980850] ? lock_downgrade+0x980/0x980 [ 23.984969] ? down_read_trylock+0xdb/0x170 [ 23.989257] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 23.993801] ? vmacache_find+0x5f/0x280 [ 23.997741] ? vmacache_update+0xfe/0x130 [ 24.001858] ? up_read+0x1a/0x40 [ 24.005192] ? __do_page_fault+0x3d6/0xc90 [ 24.009394] ? kvm_vcpu_fault+0x520/0x520 [ 24.013514] ? do_vfs_ioctl+0x486/0x1520 [ 24.017628] ? _cond_resched+0x14/0x30 [ 24.021483] ? ioctl_preallocate+0x2b0/0x2b0 [ 24.025857] ? selinux_capable+0x40/0x40 [ 24.029889] ? putname+0xf3/0x130 [ 24.033321] do_group_exit+0x149/0x400 [ 24.037176] ? SyS_exit+0x30/0x30 [ 24.040597] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.045580] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.050303] SyS_exit_group+0x1d/0x20 [ 24.054077] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.058795] RIP: 0033:0x43ed88 [ 24.061954] RSP: 002b:00007ffc16078908 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 24.069649] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ed88 [ 24.076895] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 24.084131] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 24.091365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 24.098602] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 24.105848] [ 24.107442] Allocated by task 3151: [ 24.111038] save_stack+0x43/0xd0 [ 24.114471] kasan_kmalloc+0xad/0xe0 [ 24.118147] kasan_slab_alloc+0x12/0x20 [ 24.122094] kmem_cache_alloc+0x12e/0x760 [ 24.126206] vmx_create_vcpu+0xc4/0x2f20 [ 24.130232] kvm_arch_vcpu_create+0x12c/0x1a0 [ 24.134693] kvm_vm_ioctl+0x48b/0x1c60 [ 24.138546] do_vfs_ioctl+0x1b1/0x1520 [ 24.142398] SyS_ioctl+0x8f/0xc0 [ 24.145732] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.150449] [ 24.152040] Freed by task 3151: [ 24.155283] save_stack+0x43/0xd0 [ 24.158699] kasan_slab_free+0x71/0xc0 [ 24.162553] kmem_cache_free+0x83/0x2a0 [ 24.166492] vmx_free_vcpu+0x1ee/0x260 [ 24.170343] kvm_arch_destroy_vm+0x4a2/0x980 [ 24.174725] kvm_put_kvm+0x695/0xde0 [ 24.178403] kvm_vm_release+0x42/0x50 [ 24.182168] __fput+0x327/0x7e0 [ 24.185410] ____fput+0x15/0x20 [ 24.188655] task_work_run+0x199/0x270 [ 24.192506] do_exit+0x9bb/0x1ad0 [ 24.195922] do_group_exit+0x149/0x400 [ 24.199774] SyS_exit_group+0x1d/0x20 [ 24.203548] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.208265] [ 24.209859] The buggy address belongs to the object at ffff8801c9260040 [ 24.209859] which belongs to the cache kvm_vcpu of size 23872 [ 24.222401] The buggy address is located 24 bytes inside of [ 24.222401] 23872-byte region [ffff8801c9260040, ffff8801c9265d80) [ 24.234326] The buggy address belongs to the page: [ 24.239225] page:ffffea0007249800 count:1 mapcount:0 mapping:ffff8801c9260040 index:0x0 compound_mapcount: 0 [ 24.249156] flags: 0x2fffc0000008100(slab|head) [ 24.253793] raw: 02fffc0000008100 ffff8801c9260040 0000000000000000 0000000100000001 [ 24.261640] raw: ffff8801d6d4c648 ffff8801d6d4c648 ffff8801d9844380 0000000000000000 [ 24.269998] page dumped because: kasan: bad access detected [ 24.275671] [ 24.277263] Memory state around the buggy address: [ 24.282158] ffff8801c925ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.289482] ffff8801c925ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.296806] >ffff8801c9260000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 24.304129] ^ [ 24.310324] ffff8801c9260080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.317646] ffff8801c9260100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.324977] ================================================================== [ 24.332302] Kernel panic - not syncing: panic_on_warn set ... [ 24.332302] [ 24.339639] CPU: 1 PID: 3151 Comm: syzkaller938036 Tainted: G B 4.15.0-rc4-mm1+ #47 [ 24.348611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.357941] Call Trace: [ 24.360499] dump_stack+0x194/0x257 [ 24.364104] ? arch_local_irq_restore+0x53/0x53 [ 24.368745] ? kasan_end_report+0x32/0x50 [ 24.372869] ? lock_downgrade+0x980/0x980 [ 24.376999] ? vsnprintf+0x1ed/0x1900 [ 24.380767] ? __schedule+0xcf0/0x2060 [ 24.384623] panic+0x1e4/0x41c [ 24.387783] ? refcount_error_report+0x214/0x214 [ 24.392507] ? print_shadow_for_address+0xdc/0x1a0 [ 24.397400] ? add_taint+0x1c/0x50 [ 24.400907] ? __schedule+0xda3/0x2060 [ 24.404758] kasan_end_report+0x50/0x50 [ 24.408696] kasan_report+0x148/0x360 [ 24.412465] __asan_report_load8_noabort+0x14/0x20 [ 24.417357] __schedule+0xda3/0x2060 [ 24.421041] ? __sched_text_start+0x8/0x8 [ 24.425154] ? trace_hardirqs_on+0xd/0x10 [ 24.429270] ? __call_srcu+0x7ee/0x1020 [ 24.433211] ? do_raw_spin_trylock+0x190/0x190 [ 24.437758] ? do_raw_spin_trylock+0x190/0x190 [ 24.442310] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.448162] ? __debug_object_init+0x235/0x1040 [ 24.452802] preempt_schedule_common+0x22/0x60 [ 24.457349] _cond_resched+0x1d/0x30 [ 24.461041] wait_for_completion+0xa5/0x770 [ 24.465330] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.470324] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 24.476092] ? __lockdep_init_map+0xe4/0x650 [ 24.480471] ? __init_waitqueue_head+0x97/0x140 [ 24.485105] ? init_wait_entry+0x1b0/0x1b0 [ 24.489313] __synchronize_srcu+0x1ad/0x260 [ 24.493602] ? call_srcu+0x10/0x10 [ 24.497111] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 24.502627] ? irq_matrix_allocated+0x80/0x80 [ 24.507086] ? synchronize_srcu+0x3c5/0x570 [ 24.511374] synchronize_srcu+0x1a3/0x570 [ 24.515487] ? synchronize_srcu+0x1a3/0x570 [ 24.519774] ? lock_downgrade+0x980/0x980 [ 24.523888] ? synchronize_srcu_expedited+0x20/0x20 [ 24.528869] ? lock_release+0xa40/0xa40 [ 24.532811] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 24.537631] ? do_raw_spin_trylock+0x190/0x190 [ 24.542191] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.547873] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 24.553300] ? kvfree+0x36/0x60 [ 24.556546] ? rcu_read_lock_sched_held+0x108/0x120 [ 24.561530] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.565557] kvm_arch_destroy_vm+0x73b/0x980 [ 24.569932] ? kvm_arch_sync_events+0x30/0x30 [ 24.574391] ? mmdrop+0x18/0x30 [ 24.577637] ? mmu_notifier_unregister+0x43c/0x5c0 [ 24.582531] ? kvm_put_kvm+0x47a/0xde0 [ 24.586395] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 24.592332] ? __free_pages+0x107/0x150 [ 24.596271] ? free_unref_page+0x9e0/0x9e0 [ 24.600471] ? quarantine_put+0xeb/0x190 [ 24.604495] ? kfree+0xf0/0x260 [ 24.607751] ? kvm_put_kvm+0x614/0xde0 [ 24.611627] ? free_pages+0x51/0x90 [ 24.615240] kvm_put_kvm+0x695/0xde0 [ 24.618946] ? kvm_clear_guest+0xb0/0xb0 [ 24.622994] ? kvm_irqfd_release+0xd1/0x120 [ 24.627296] ? lock_downgrade+0x980/0x980 [ 24.631428] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.635912] ? kvm_irqfd_release+0xdd/0x120 [ 24.640221] ? kvm_irqfd_release+0xdd/0x120 [ 24.644516] ? kvm_put_kvm+0xde0/0xde0 [ 24.648376] kvm_vm_release+0x42/0x50 [ 24.652144] __fput+0x327/0x7e0 [ 24.655396] ? fput+0x140/0x140 [ 24.658643] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.664490] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.668954] ____fput+0x15/0x20 [ 24.672204] task_work_run+0x199/0x270 [ 24.676057] ? task_work_cancel+0x210/0x210 [ 24.680341] ? _raw_spin_unlock+0x22/0x30 [ 24.684454] ? switch_task_namespaces+0x87/0xc0 [ 24.689093] do_exit+0x9bb/0x1ad0 [ 24.692522] ? kvm_vcpu_fault+0x520/0x520 [ 24.696639] ? mm_update_next_owner+0x930/0x930 [ 24.701274] ? find_held_lock+0x35/0x1d0 [ 24.705306] ? handle_mm_fault+0x2a0/0x930 [ 24.709505] ? find_held_lock+0x35/0x1d0 [ 24.713534] ? __do_page_fault+0x5f7/0xc90 [ 24.717735] ? lock_downgrade+0x980/0x980 [ 24.721854] ? down_read_trylock+0xdb/0x170 [ 24.726142] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 24.730689] ? vmacache_find+0x5f/0x280 [ 24.734631] ? vmacache_update+0xfe/0x130 [ 24.738748] ? up_read+0x1a/0x40 [ 24.742096] ? __do_page_fault+0x3d6/0xc90 [ 24.746303] ? kvm_vcpu_fault+0x520/0x520 [ 24.750420] ? do_vfs_ioctl+0x486/0x1520 [ 24.754459] ? _cond_resched+0x14/0x30 [ 24.758314] ? ioctl_preallocate+0x2b0/0x2b0 [ 24.762695] ? selinux_capable+0x40/0x40 [ 24.766724] ? putname+0xf3/0x130 [ 24.770149] do_group_exit+0x149/0x400 [ 24.774014] ? SyS_exit+0x30/0x30 [ 24.777433] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.782415] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.787136] SyS_exit_group+0x1d/0x20 [ 24.790901] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.795620] RIP: 0033:0x43ed88 [ 24.798773] RSP: 002b:00007ffc16078908 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 24.806444] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ed88 [ 24.813680] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 24.820917] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 24.828149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 24.835383] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 24.842631] [ 24.842632] ====================================================== [ 24.842634] WARNING: possible circular locking dependency detected [ 24.842635] 4.15.0-rc4-mm1+ #47 Not tainted [ 24.842637] ------------------------------------------------------ [ 24.842638] syzkaller938036/3151 is trying to acquire lock: [ 24.842639] ((console_sem).lock){..-.}, at: [<00000000ebb90969>] down_trylock+0x13/0x70 [ 24.842643] [ 24.842644] but task is already holding lock: [ 24.842645] (report_lock){....}, at: [<00000000501f882b>] kasan_report+0x6b/0x360 [ 24.842648] [ 24.842650] which lock already depends on the new lock. [ 24.842651] [ 24.842651] [ 24.842653] the existing dependency chain (in reverse order) is: [ 24.842653] [ 24.842654] -> #3 (report_lock){....}: [ 24.842658] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.842659] kasan_report+0x6b/0x360 [ 24.842661] __asan_report_load8_noabort+0x14/0x20 [ 24.842662] __schedule+0xda3/0x2060 [ 24.842663] preempt_schedule_common+0x22/0x60 [ 24.842664] _cond_resched+0x1d/0x30 [ 24.842666] wait_for_completion+0xa5/0x770 [ 24.842667] __synchronize_srcu+0x1ad/0x260 [ 24.842668] synchronize_srcu+0x1a3/0x570 [ 24.842670] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.842671] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.842672] kvm_arch_destroy_vm+0x73b/0x980 [ 24.842673] kvm_put_kvm+0x695/0xde0 [ 24.842674] kvm_vm_release+0x42/0x50 [ 24.842675] __fput+0x327/0x7e0 [ 24.842676] ____fput+0x15/0x20 [ 24.842678] task_work_run+0x199/0x270 [ 24.842679] do_exit+0x9bb/0x1ad0 [ 24.842680] do_group_exit+0x149/0x400 [ 24.842681] SyS_exit_group+0x1d/0x20 [ 24.842682] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.842683] [ 24.842683] -> #2 (&rq->lock){-.-.}: [ 24.842687] _raw_spin_lock+0x2a/0x40 [ 24.842688] task_fork_fair+0x7a/0x690 [ 24.842690] sched_fork+0x435/0xc00 [ 24.842691] copy_process.part.37+0x1758/0x4b60 [ 24.842692] _do_fork+0x1f7/0xf70 [ 24.842693] kernel_thread+0x34/0x40 [ 24.842694] rest_init+0x22/0xf0 [ 24.842695] start_kernel+0x7f1/0x819 [ 24.842697] x86_64_start_reservations+0x2a/0x2c [ 24.842698] x86_64_start_kernel+0x77/0x7a [ 24.842699] secondary_startup_64+0xa5/0xb0 [ 24.842700] [ 24.842700] -> #1 (&p->pi_lock){-.-.}: [ 24.842704] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.842705] try_to_wake_up+0xbc/0x1600 [ 24.842707] wake_up_process+0x10/0x20 [ 24.842708] __up.isra.0+0x1cc/0x2c0 [ 24.842709] up+0x13b/0x1d0 [ 24.842710] __up_console_sem+0xb2/0x1a0 [ 24.842711] console_unlock+0x538/0xd70 [ 24.842712] do_con_write+0x106e/0x1f70 [ 24.842713] con_write+0x25/0xb0 [ 24.842714] n_tty_write+0x5ef/0xec0 [ 24.842716] tty_write+0x3fa/0x840 [ 24.842717] __vfs_write+0xef/0x970 [ 24.842718] vfs_write+0x189/0x510 [ 24.842719] SyS_write+0xef/0x220 [ 24.842720] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.842721] [ 24.842721] -> #0 ((console_sem).lock){..-.}: [ 24.842725] lock_acquire+0x1d5/0x580 [ 24.842727] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.842728] down_trylock+0x13/0x70 [ 24.842729] __down_trylock_console_sem+0xa2/0x1e0 [ 24.842730] console_trylock+0x15/0x100 [ 24.842731] vprintk_emit+0x49b/0x590 [ 24.842733] vprintk_default+0x28/0x30 [ 24.842734] vprintk_func+0x57/0xc0 [ 24.842735] printk+0xaa/0xca [ 24.842736] kasan_report+0x7b/0x360 [ 24.842737] __asan_report_load8_noabort+0x14/0x20 [ 24.842738] __schedule+0xda3/0x2060 [ 24.842740] preempt_schedule_common+0x22/0x60 [ 24.842741] _cond_resched+0x1d/0x30 [ 24.842742] wait_for_completion+0xa5/0x770 [ 24.842743] __synchronize_srcu+0x1ad/0x260 [ 24.842744] synchronize_srcu+0x1a3/0x570 [ 24.842746] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.842747] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.842748] kvm_arch_destroy_vm+0x73b/0x980 [ 24.842749] kvm_put_kvm+0x695/0xde0 [ 24.842751] kvm_vm_release+0x42/0x50 [ 24.842752] __fput+0x327/0x7e0 [ 24.842753] ____fput+0x15/0x20 [ 24.842754] task_work_run+0x199/0x270 [ 24.842755] do_exit+0x9bb/0x1ad0 [ 24.842756] do_group_exit+0x149/0x400 [ 24.842757] SyS_exit_group+0x1d/0x20 [ 24.842758] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.842759] [ 24.842760] other info that might help us debug this: [ 24.842761] [ 24.842762] Chain exists of: [ 24.842762] (console_sem).lock --> &rq->lock --> report_lock [ 24.842767] [ 24.842769] Possible unsafe locking scenario: [ 24.842769] [ 24.842770] CPU0 CPU1 [ 24.842772] ---- ---- [ 24.842772] lock(report_lock); [ 24.842775] lock(&rq->lock); [ 24.842778] lock(report_lock); [ 24.842780] lock((console_sem).lock); [ 24.842782] [ 24.842783] *** DEADLOCK *** [ 24.842784] [ 24.842785] 2 locks held by syzkaller938036/3151: [ 24.842785] #0: (&rq->lock){-.-.}, at: [<0000000052a03936>] __schedule+0x24e/0x2060 [ 24.842790] #1: (report_lock){....}, at: [<00000000501f882b>] kasan_report+0x6b/0x360 [ 24.842794] [ 24.842795] stack backtrace: [ 24.842797] CPU: 1 PID: 3151 Comm: syzkaller938036 Not tainted 4.15.0-rc4-mm1+ #47 [ 24.842799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.842800] Call Trace: [ 24.842801] dump_stack+0x194/0x257 [ 24.842802] ? arch_local_irq_restore+0x53/0x53 [ 24.842803] print_circular_bug.isra.37+0x2cd/0x2dc [ 24.842805] ? save_trace+0xe0/0x2b0 [ 24.842806] __lock_acquire+0x30a8/0x3e00 [ 24.842807] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.842808] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.842810] ? print_lockdep_cache.isra.31+0x109/0x109 [ 24.842811] ? save_stack_trace+0x1a/0x20 [ 24.842812] ? save_trace+0xe0/0x2b0 [ 24.842813] ? __lock_acquire+0x36c0/0x3e00 [ 24.842815] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.842816] ? __lock_is_held+0xb6/0x140 [ 24.842817] ? __lock_is_held+0xb6/0x140 [ 24.842818] lock_acquire+0x1d5/0x580 [ 24.842819] ? lock_acquire+0x1d5/0x580 [ 24.842820] ? down_trylock+0x13/0x70 [ 24.842821] ? find_held_lock+0x35/0x1d0 [ 24.842823] ? lock_release+0xa40/0xa40 [ 24.842824] ? vprintk_emit+0x379/0x590 [ 24.842825] ? lock_downgrade+0x980/0x980 [ 24.842826] ? kvm_sched_clock_read+0x25/0x40 [ 24.842827] ? sched_clock+0x31/0x40 [ 24.842828] ? sched_clock_cpu+0x1b/0x170 [ 24.842829] ? vprintk_emit+0x49b/0x590 [ 24.842831] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.842832] ? down_trylock+0x13/0x70 [ 24.842833] down_trylock+0x13/0x70 [ 24.842834] ? vprintk_emit+0x49b/0x590 [ 24.842835] __down_trylock_console_sem+0xa2/0x1e0 [ 24.842836] console_trylock+0x15/0x100 [ 24.842837] vprintk_emit+0x49b/0x590 [ 24.842839] vprintk_default+0x28/0x30 [ 24.842840] vprintk_func+0x57/0xc0 [ 24.842841] printk+0xaa/0xca [ 24.842842] ? show_regs_print_info+0x18/0x18 [ 24.842843] ? __schedule+0xda3/0x2060 [ 24.842844] kasan_report+0x7b/0x360 [ 24.842845] __asan_report_load8_noabort+0x14/0x20 [ 24.842846] __schedule+0xda3/0x2060 [ 24.842848] ? __sched_text_start+0x8/0x8 [ 24.842849] ? trace_hardirqs_on+0xd/0x10 [ 24.842850] ? __call_srcu+0x7ee/0x1020 [ 24.842851] ? do_raw_spin_trylock+0x190/0x190 [ 24.842852] ? do_raw_spin_trylock+0x190/0x190 [ 24.842854] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.842855] ? __debug_object_init+0x235/0x1040 [ 24.842856] preempt_schedule_common+0x22/0x60 [ 24.842857] _cond_resched+0x1d/0x30 [ 24.842859] wait_for_completion+0xa5/0x770 [ 24.842860] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.842862] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 24.842863] ? __lockdep_init_map+0xe4/0x650 [ 24.842864] ? __init_waitqueue_head+0x97/0x140 [ 24.842865] ? init_wait_entry+0x1b0/0x1b0 [ 24.842866] __synchronize_srcu+0x1ad/0x260 [ 24.842867] ? call_srcu+0x10/0x10 [ 24.842869] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 24.842870] ? irq_matrix_allocated+0x80/0x80 [ 24.842871] ? synchronize_srcu+0x3c5/0x570 [ 24.842872] synchronize_srcu+0x1a3/0x570 [ 24.842874] ? synchronize_srcu+0x1a3/0x570 [ 24.842875] ? lock_downgrade+0x980/0x980 [ 24.842876] ? synchronize_srcu_expedited+0x20/0x20 [ 24.842877] ? lock_release+0xa40/0xa40 [ 24.842879] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 24.842880] ? do_raw_spin_trylock+0x190/0x190 [ 24.842881] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.842883] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 24.842884] ? kvfree+0x36/0x60 [ 24.842885] ? rcu_read_lock_sched_held+0x108/0x120 [ 24.842886] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.842887] kvm_arch_destroy_vm+0x73b/0x980 [ 24.842889] ? kvm_arch_sync_events+0x30/0x30 [ 24.842890] ? mmdrop+0x18/0x30 [ 24.842891] ? mmu_notifier_unregister+0x43c/0x5c0 [ 24.842892] ? kvm_put_kvm+0x47a/0xde0 [ 24.842894] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 24.842895] ? __free_pages+0x107/0x150 [ 24.842896] ? free_unref_page+0x9e0/0x9e0 [ 24.842897] ? quarantine_put+0xeb/0x190 [ 24.842898] ? kfree+0xf0/0x260 [ 24.842899] ? kvm_put_kvm+0x614/0xde0 [ 24.842900] ? free_pages+0x51/0x90 [ 24.842901] kvm_put_kvm+0x695/0xde0 [ 24.842903] ? kvm_clear_guest+0xb0/0xb0 [ 24.842904] ? kvm_irqfd_release+0xd1/0x120 [ 24.842905] ? lock_downgrade+0x980/0x980 [ 24.842906] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.842907] ? kvm_irqfd_release+0xdd/0x120 [ 24.842908] ? kvm_irqfd_release+0xdd/0x120 [ 24.842910] ? kvm_put_kvm+0xde0/0xde0 [ 24.842911] kvm_vm_release+0x42/0x50 [ 24.842912] __fput+0x327/0x7e0 [ 24.842913] ? fput+0x140/0x140 [ 24.842914] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.842915] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.842916] ____fput+0x15/0x20 [ 24.842918] task_work_run+0x199/0x270 [ 24.842919] ? task_work_cancel+0x210/0x210 [ 24.842920] ? _raw_spin_unlock+0x22/0x30 [ 24.842921] ? switch_task_namespaces+0x87/0xc0 [ 24.842922] do_exit+0x9bb/0x1ad0 [ 24.842923] ? kvm_vcpu_fault+0x520/0x520 [ 24.842925] ? mm_update_next_owner+0x930/0x930 [ 24.842926] ? find_held_lock+0x35/0x1d0 [ 24.842927] ? handle_mm_fault+0x2a0/0x930 [ 24.842928] ? find_held_lock+0x35/0x1d0 [ 24.842929] ? __do_page_fault+0x5f7/0xc90 [ 24.842930] ? lock_downgrade+0x980/0x980 [ 24.842932] ? down_read_trylock+0xdb/0x170 [ 24.842933] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 24.842934] ? vmacache_find+0x5f/0x280 [ 24.842935] ? vmacache_update+0xfe/0x130 [ 24.842936] ? up_read+0x1a/0x40 [ 24.842937] ? __do_page_fault+0x3d6/0xc90 [ 24.842938] ? kvm_vcpu_fault+0x520/0x520 [ 24.842940] ? do_vfs_ioctl+0x486/0x1520 [ 24.842941] ? _cond_resched+0x14/0x30 [ 24.842942] ? ioctl_preallocate+0x2b0/0x2b0 [ 24.842943] ? selinux_capable+0x40/0x40 [ 24.842944] ? putname+0xf3 [ 24.842946] Lost 14 message(s)! [ 25.919182] Shutting down cpus with NMI [ 26.975543] Dumping ftrace buffer: [ 26.979051] (ftrace buffer empty) [ 26.982726] Kernel Offset: disabled [ 26.986328] Rebooting in 86400 seconds..