[....] Starting enhanced syslogd: rsyslogd[ 10.700040] audit: type=1400 audit(1513798999.233:5): avc: denied { syslog } for pid=2988 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.476673] audit: type=1400 audit(1513799005.010:6): avc: denied { map } for pid=3129 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-next-kasan-gce-7,10.128.15.239' (ECDSA) to the list of known hosts. executing program [ 22.690229] audit: type=1400 audit(1513799011.224:7): avc: denied { map } for pid=3143 comm="syzkaller603267" path="/root/syzkaller603267594" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 22.723776] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 22.735601] ================================================================== [ 22.744090] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 22.750290] Read of size 8 at addr ffff8801c9060058 by task syzkaller603267/3143 [ 22.757787] [ 22.759388] CPU: 0 PID: 3143 Comm: syzkaller603267 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 22.767929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.777248] Call Trace: [ 22.779805] dump_stack+0x194/0x257 [ 22.783401] ? arch_local_irq_restore+0x53/0x53 [ 22.788038] ? show_regs_print_info+0x18/0x18 [ 22.792505] ? __schedule+0xda3/0x2060 [ 22.796363] print_address_description+0x73/0x250 [ 22.801174] ? __schedule+0xda3/0x2060 [ 22.805031] kasan_report+0x25b/0x340 [ 22.808802] __asan_report_load8_noabort+0x14/0x20 [ 22.813708] __schedule+0xda3/0x2060 [ 22.817398] ? __sched_text_start+0x8/0x8 [ 22.821516] ? trace_hardirqs_on+0xd/0x10 [ 22.825633] ? __call_srcu+0x7ee/0x1020 [ 22.829574] ? do_raw_spin_trylock+0x190/0x190 [ 22.834122] ? do_raw_spin_trylock+0x190/0x190 [ 22.838693] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 22.844545] ? __debug_object_init+0x235/0x1040 [ 22.849189] preempt_schedule_common+0x22/0x60 [ 22.853742] _cond_resched+0x1d/0x30 [ 22.857422] wait_for_completion+0xa5/0x770 [ 22.861712] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 22.866701] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 22.872467] ? __lockdep_init_map+0xe4/0x650 [ 22.876849] ? __init_waitqueue_head+0x97/0x140 [ 22.881486] ? init_wait_entry+0x1b0/0x1b0 [ 22.885697] __synchronize_srcu+0x1ad/0x260 [ 22.889985] ? call_srcu+0x10/0x10 [ 22.893494] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 22.899002] ? irq_matrix_allocated+0x80/0x80 [ 22.903463] ? synchronize_srcu+0x3c5/0x570 [ 22.907757] synchronize_srcu+0x1a3/0x570 [ 22.911871] ? synchronize_srcu+0x1a3/0x570 [ 22.916162] ? lock_downgrade+0x980/0x980 [ 22.920278] ? synchronize_srcu_expedited+0x20/0x20 [ 22.925261] ? lock_release+0xa40/0xa40 [ 22.929206] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 22.934022] ? do_raw_spin_trylock+0x190/0x190 [ 22.938584] kvm_page_track_unregister_notifier+0x186/0x270 [ 22.944263] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 22.949685] ? kvfree+0x36/0x60 [ 22.952930] ? rcu_read_lock_sched_held+0x108/0x120 [ 22.957917] kvm_mmu_uninit_vm+0x1c/0x20 [ 22.961947] kvm_arch_destroy_vm+0x73b/0x980 [ 22.966326] ? kvm_arch_sync_events+0x30/0x30 [ 22.970791] ? mmdrop+0x18/0x30 [ 22.974040] ? mmu_notifier_unregister+0x437/0x5c0 [ 22.978936] ? kvm_put_kvm+0x47a/0xde0 [ 22.982796] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 22.988648] ? __free_pages+0x107/0x150 [ 22.992593] ? free_unref_page+0x9e0/0x9e0 [ 22.996797] ? quarantine_put+0xeb/0x190 [ 23.000825] ? kfree+0xf0/0x260 [ 23.004071] ? kvm_put_kvm+0x614/0xde0 [ 23.007929] ? free_pages+0x51/0x90 [ 23.011526] kvm_put_kvm+0x695/0xde0 [ 23.015229] ? kvm_clear_guest+0xb0/0xb0 [ 23.019266] ? kvm_irqfd_release+0xd1/0x120 [ 23.023557] ? lock_downgrade+0x980/0x980 [ 23.027685] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.032155] ? kvm_irqfd_release+0xdd/0x120 [ 23.036443] ? kvm_irqfd_release+0xdd/0x120 [ 23.040732] ? kvm_put_kvm+0xde0/0xde0 [ 23.044589] kvm_vm_release+0x42/0x50 [ 23.048358] __fput+0x327/0x7e0 [ 23.051612] ? fput+0x140/0x140 [ 23.054863] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.060715] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.065182] ____fput+0x15/0x20 [ 23.068433] task_work_run+0x199/0x270 [ 23.072291] ? task_work_cancel+0x210/0x210 [ 23.076592] ? _raw_spin_unlock+0x22/0x30 [ 23.080710] ? switch_task_namespaces+0x87/0xc0 [ 23.085351] do_exit+0x9bb/0x1ad0 [ 23.088772] ? kvm_vcpu_fault+0x520/0x520 [ 23.092889] ? mm_update_next_owner+0x930/0x930 [ 23.097524] ? find_held_lock+0x35/0x1d0 [ 23.101567] ? handle_mm_fault+0x2a0/0x930 [ 23.105770] ? find_held_lock+0x35/0x1d0 [ 23.109808] ? __do_page_fault+0x5f7/0xc90 [ 23.114019] ? lock_downgrade+0x980/0x980 [ 23.118148] ? down_read_trylock+0xdb/0x170 [ 23.122441] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 23.126990] ? vmacache_find+0x5f/0x280 [ 23.130938] ? up_read+0x1a/0x40 [ 23.134277] ? __do_page_fault+0x3d6/0xc90 [ 23.138484] ? kvm_vcpu_fault+0x520/0x520 [ 23.142601] ? do_vfs_ioctl+0x486/0x1520 [ 23.146634] ? _cond_resched+0x14/0x30 [ 23.150494] ? ioctl_preallocate+0x2b0/0x2b0 [ 23.154877] ? selinux_capable+0x40/0x40 [ 23.158908] ? putname+0xf3/0x130 [ 23.162337] do_group_exit+0x149/0x400 [ 23.166196] ? SyS_exit+0x30/0x30 [ 23.169622] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.174609] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 23.179344] SyS_exit_group+0x1d/0x20 [ 23.183113] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.187837] RIP: 0033:0x43ed88 [ 23.190996] RSP: 002b:00007ffdc0ead2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 23.198669] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ed88 [ 23.205907] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 23.213147] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 23.220394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 23.227635] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 23.234883] [ 23.236477] Allocated by task 3143: [ 23.240075] save_stack+0x43/0xd0 [ 23.243496] kasan_kmalloc+0xad/0xe0 [ 23.247179] kasan_slab_alloc+0x12/0x20 [ 23.251122] kmem_cache_alloc+0x12e/0x760 [ 23.255239] vmx_create_vcpu+0xc4/0x2f20 [ 23.259267] kvm_arch_vcpu_create+0x12c/0x1a0 [ 23.263730] kvm_vm_ioctl+0x48b/0x1c60 [ 23.267583] do_vfs_ioctl+0x1b1/0x1520 [ 23.271437] SyS_ioctl+0x8f/0xc0 [ 23.274772] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.279490] [ 23.281085] Freed by task 3143: [ 23.284331] save_stack+0x43/0xd0 [ 23.287751] kasan_slab_free+0x71/0xc0 [ 23.291603] kmem_cache_free+0x83/0x2a0 [ 23.295541] vmx_free_vcpu+0x1ee/0x260 [ 23.299396] kvm_arch_destroy_vm+0x4a2/0x980 [ 23.303772] kvm_put_kvm+0x695/0xde0 [ 23.307451] kvm_vm_release+0x42/0x50 [ 23.311219] __fput+0x327/0x7e0 [ 23.314466] ____fput+0x15/0x20 [ 23.317714] task_work_run+0x199/0x270 [ 23.321569] do_exit+0x9bb/0x1ad0 [ 23.324988] do_group_exit+0x149/0x400 [ 23.328843] SyS_exit_group+0x1d/0x20 [ 23.332611] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.337332] [ 23.338928] The buggy address belongs to the object at ffff8801c9060040 [ 23.338928] which belongs to the cache kvm_vcpu of size 23872 [ 23.351464] The buggy address is located 24 bytes inside of [ 23.351464] 23872-byte region [ffff8801c9060040, ffff8801c9065d80) [ 23.363389] The buggy address belongs to the page: [ 23.368285] page:00000000b10eb191 count:1 mapcount:0 mapping:00000000041e5796 index:0x0 compound_mapcount: 0 [ 23.378218] flags: 0x2fffc0000008100(slab|head) [ 23.382857] raw: 02fffc0000008100 ffff8801c9060040 0000000000000000 0000000100000001 [ 23.390707] raw: ffff8801d643eb48 ffff8801d643eb48 ffff8801d643fb40 0000000000000000 [ 23.398552] page dumped because: kasan: bad access detected [ 23.404227] [ 23.405821] Memory state around the buggy address: [ 23.410718] ffff8801c905ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.418043] ffff8801c905ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.425370] >ffff8801c9060000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 23.432696] ^ [ 23.438893] ffff8801c9060080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.446220] ffff8801c9060100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.453543] ================================================================== [ 23.460869] Kernel panic - not syncing: panic_on_warn set ... [ 23.460869] [ 23.468200] CPU: 0 PID: 3143 Comm: syzkaller603267 Tainted: G B 4.15.0-rc4-next-20171220+ #77 [ 23.478042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.487360] Call Trace: [ 23.489914] dump_stack+0x194/0x257 [ 23.493511] ? arch_local_irq_restore+0x53/0x53 [ 23.498148] ? kasan_end_report+0x32/0x50 [ 23.502264] ? lock_downgrade+0x980/0x980 [ 23.506379] ? vsnprintf+0x1ed/0x1900 [ 23.510149] ? __schedule+0xcf0/0x2060 [ 23.514004] panic+0x1e4/0x41c [ 23.517166] ? refcount_error_report+0x214/0x214 [ 23.521897] ? print_shadow_for_address+0xdc/0x1a0 [ 23.526792] ? add_taint+0x1c/0x50 [ 23.530305] ? __schedule+0xda3/0x2060 [ 23.534163] kasan_end_report+0x50/0x50 [ 23.538108] kasan_report+0x144/0x340 [ 23.541878] __asan_report_load8_noabort+0x14/0x20 [ 23.546773] __schedule+0xda3/0x2060 [ 23.550459] ? __sched_text_start+0x8/0x8 [ 23.554574] ? trace_hardirqs_on+0xd/0x10 [ 23.558691] ? __call_srcu+0x7ee/0x1020 [ 23.562636] ? do_raw_spin_trylock+0x190/0x190 [ 23.567196] ? do_raw_spin_trylock+0x190/0x190 [ 23.571755] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.577611] ? __debug_object_init+0x235/0x1040 [ 23.582254] preempt_schedule_common+0x22/0x60 [ 23.586813] _cond_resched+0x1d/0x30 [ 23.590494] wait_for_completion+0xa5/0x770 [ 23.594782] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.599769] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 23.605536] ? __lockdep_init_map+0xe4/0x650 [ 23.609918] ? __init_waitqueue_head+0x97/0x140 [ 23.614564] ? init_wait_entry+0x1b0/0x1b0 [ 23.618774] __synchronize_srcu+0x1ad/0x260 [ 23.623063] ? call_srcu+0x10/0x10 [ 23.626572] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 23.632083] ? irq_matrix_allocated+0x80/0x80 [ 23.636545] ? synchronize_srcu+0x3c5/0x570 [ 23.640837] synchronize_srcu+0x1a3/0x570 [ 23.644952] ? synchronize_srcu+0x1a3/0x570 [ 23.649240] ? lock_downgrade+0x980/0x980 [ 23.653358] ? synchronize_srcu_expedited+0x20/0x20 [ 23.658342] ? lock_release+0xa40/0xa40 [ 23.662284] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 23.667098] ? do_raw_spin_trylock+0x190/0x190 [ 23.671662] kvm_page_track_unregister_notifier+0x186/0x270 [ 23.677343] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 23.682764] ? kvfree+0x36/0x60 [ 23.686009] ? rcu_read_lock_sched_held+0x108/0x120 [ 23.690999] kvm_mmu_uninit_vm+0x1c/0x20 [ 23.695027] kvm_arch_destroy_vm+0x73b/0x980 [ 23.699405] ? kvm_arch_sync_events+0x30/0x30 [ 23.703871] ? mmdrop+0x18/0x30 [ 23.707121] ? mmu_notifier_unregister+0x437/0x5c0 [ 23.712018] ? kvm_put_kvm+0x47a/0xde0 [ 23.715876] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 23.721729] ? __free_pages+0x107/0x150 [ 23.725672] ? free_unref_page+0x9e0/0x9e0 [ 23.729874] ? quarantine_put+0xeb/0x190 [ 23.733899] ? kfree+0xf0/0x260 [ 23.737148] ? kvm_put_kvm+0x614/0xde0 [ 23.741010] ? free_pages+0x51/0x90 [ 23.744609] kvm_put_kvm+0x695/0xde0 [ 23.748298] ? kvm_clear_guest+0xb0/0xb0 [ 23.752331] ? kvm_irqfd_release+0xd1/0x120 [ 23.756621] ? lock_downgrade+0x980/0x980 [ 23.760746] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.765217] ? kvm_irqfd_release+0xdd/0x120 [ 23.769506] ? kvm_irqfd_release+0xdd/0x120 [ 23.773796] ? kvm_put_kvm+0xde0/0xde0 [ 23.777651] kvm_vm_release+0x42/0x50 [ 23.781419] __fput+0x327/0x7e0 [ 23.784669] ? fput+0x140/0x140 [ 23.787921] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.793772] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.798239] ____fput+0x15/0x20 [ 23.801487] task_work_run+0x199/0x270 [ 23.805344] ? task_work_cancel+0x210/0x210 [ 23.809632] ? _raw_spin_unlock+0x22/0x30 [ 23.813747] ? switch_task_namespaces+0x87/0xc0 [ 23.818387] do_exit+0x9bb/0x1ad0 [ 23.821806] ? kvm_vcpu_fault+0x520/0x520 [ 23.825927] ? mm_update_next_owner+0x930/0x930 [ 23.830565] ? find_held_lock+0x35/0x1d0 [ 23.834608] ? handle_mm_fault+0x2a0/0x930 [ 23.838815] ? find_held_lock+0x35/0x1d0 [ 23.842852] ? __do_page_fault+0x5f7/0xc90 [ 23.847057] ? lock_downgrade+0x980/0x980 [ 23.851192] ? down_read_trylock+0xdb/0x170 [ 23.855482] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 23.860032] ? vmacache_find+0x5f/0x280 [ 23.863977] ? up_read+0x1a/0x40 [ 23.867309] ? __do_page_fault+0x3d6/0xc90 [ 23.871518] ? kvm_vcpu_fault+0x520/0x520 [ 23.875633] ? do_vfs_ioctl+0x486/0x1520 [ 23.879662] ? _cond_resched+0x14/0x30 [ 23.883518] ? ioctl_preallocate+0x2b0/0x2b0 [ 23.887896] ? selinux_capable+0x40/0x40 [ 23.891924] ? putname+0xf3/0x130 [ 23.895352] do_group_exit+0x149/0x400 [ 23.899208] ? SyS_exit+0x30/0x30 [ 23.902629] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.907614] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 23.912343] SyS_exit_group+0x1d/0x20 [ 23.916113] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.920834] RIP: 0033:0x43ed88 [ 23.923994] RSP: 002b:00007ffdc0ead2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 23.931668] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ed88 [ 23.938909] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 23.946159] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 23.953398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 23.960639] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 23.967892] [ 23.967894] ====================================================== [ 23.967897] WARNING: possible circular locking dependency detected [ 23.967899] 4.15.0-rc4-next-20171220+ #77 Not tainted [ 23.967901] ------------------------------------------------------ [ 23.967903] syzkaller603267/3143 is trying to acquire lock: [ 23.967904] ((console_sem).lock){..-.}, at: [<000000007789aaaa>] down_trylock+0x13/0x70 [ 23.967910] [ 23.967912] but task is already holding lock: [ 23.967913] (report_lock){....}, at: [<00000000361c1215>] kasan_report+0x6b/0x340 [ 23.967918] [ 23.967920] which lock already depends on the new lock. [ 23.967921] [ 23.967922] [ 23.967924] the existing dependency chain (in reverse order) is: [ 23.967925] [ 23.967926] -> #3 (report_lock){....}: [ 23.967931] _raw_spin_lock_irqsave+0x96/0xc0 [ 23.967933] kasan_report+0x6b/0x340 [ 23.967935] __asan_report_load8_noabort+0x14/0x20 [ 23.967936] __schedule+0xda3/0x2060 [ 23.967938] preempt_schedule_common+0x22/0x60 [ 23.967940] _cond_resched+0x1d/0x30 [ 23.967942] wait_for_completion+0xa5/0x770 [ 23.967943] __synchronize_srcu+0x1ad/0x260 [ 23.967945] synchronize_srcu+0x1a3/0x570 [ 23.967947] kvm_page_track_unregister_notifier+0x186/0x270 [ 23.967949] kvm_mmu_uninit_vm+0x1c/0x20 [ 23.967951] kvm_arch_destroy_vm+0x73b/0x980 [ 23.967952] kvm_put_kvm+0x695/0xde0 [ 23.967954] kvm_vm_release+0x42/0x50 [ 23.967956] __fput+0x327/0x7e0 [ 23.967957] ____fput+0x15/0x20 [ 23.967959] task_work_run+0x199/0x270 [ 23.967961] do_exit+0x9bb/0x1ad0 [ 23.967962] do_group_exit+0x149/0x400 [ 23.967964] SyS_exit_group+0x1d/0x20 [ 23.967966] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.967967] [ 23.967968] -> #2 (&rq->lock){-.-.}: [ 23.967973] _raw_spin_lock+0x2a/0x40 [ 23.967975] task_fork_fair+0x7a/0x690 [ 23.967976] sched_fork+0x435/0xc00 [ 23.967978] copy_process.part.37+0x1758/0x4b60 [ 23.967980] _do_fork+0x1f7/0xf70 [ 23.967981] kernel_thread+0x34/0x40 [ 23.967983] rest_init+0x22/0xf0 [ 23.967984] start_kernel+0x7f1/0x819 [ 23.967986] x86_64_start_reservations+0x2a/0x2c [ 23.967988] x86_64_start_kernel+0x77/0x7a [ 23.967990] secondary_startup_64+0xa5/0xb0 [ 23.967991] [ 23.967992] -> #1 (&p->pi_lock){-.-.}: [ 23.967997] _raw_spin_lock_irqsave+0x96/0xc0 [ 23.967999] try_to_wake_up+0xbc/0x1600 [ 23.968001] wake_up_process+0x10/0x20 [ 23.968002] __up.isra.0+0x1cc/0x2c0 [ 23.968004] up+0x13b/0x1d0 [ 23.968005] __up_console_sem+0xb2/0x1a0 [ 23.968007] console_unlock+0x538/0xd70 [ 23.968009] vprintk_emit+0x4ad/0x590 [ 23.968010] vprintk_default+0x28/0x30 [ 23.968012] vprintk_func+0x57/0xc0 [ 23.968013] printk+0xaa/0xca [ 23.968015] regdb_fw_cb+0x1d7/0x220 [ 23.968017] request_firmware_work_func+0x151/0x2c0 [ 23.968018] process_one_work+0xbbf/0x1af0 [ 23.968020] worker_thread+0x223/0x1990 [ 23.968022] kthread+0x33c/0x400 [ 23.968023] ret_from_fork+0x24/0x30 [ 23.968024] [ 23.968025] -> #0 ((console_sem).lock){..-.}: [ 23.968031] lock_acquire+0x1d5/0x580 [ 23.968032] _raw_spin_lock_irqsave+0x96/0xc0 [ 23.968034] down_trylock+0x13/0x70 [ 23.968036] __down_trylock_console_sem+0xa2/0x1e0 [ 23.968038] console_trylock+0x15/0x100 [ 23.968039] vprintk_emit+0x49b/0x590 [ 23.968041] vprintk_default+0x28/0x30 [ 23.968042] vprintk_func+0x57/0xc0 [ 23.968044] printk+0xaa/0xca [ 23.968045] kasan_report+0x7b/0x340 [ 23.968047] __asan_report_load8_noabort+0x14/0x20 [ 23.968049] __schedule+0xda3/0x2060 [ 23.968051] preempt_schedule_common+0x22/0x60 [ 23.968052] _cond_resched+0x1d/0x30 [ 23.968054] wait_for_completion+0xa5/0x770 [ 23.968056] __synchronize_srcu+0x1ad/0x260 [ 23.968058] synchronize_srcu+0x1a3/0x570 [ 23.968060] kvm_page_track_unregister_notifier+0x186/0x270 [ 23.968062] kvm_mmu_uninit_vm+0x1c/0x20 [ 23.968063] kvm_arch_destroy_vm+0x73b/0x980 [ 23.968065] kvm_put_kvm+0x695/0xde0 [ 23.968067] kvm_vm_release+0x42/0x50 [ 23.968068] __fput+0x327/0x7e0 [ 23.968069] ____fput+0x15/0x20 [ 23.968071] task_work_run+0x199/0x270 [ 23.968073] do_exit+0x9bb/0x1ad0 [ 23.968074] do_group_exit+0x149/0x400 [ 23.968076] SyS_exit_group+0x1d/0x20 [ 23.968078] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.968079] [ 23.968081] other info that might help us debug this: [ 23.968081] [ 23.968083] Chain exists of: [ 23.968083] (console_sem).lock --> &rq->lock --> report_lock [ 23.968090] [ 23.968092] Possible unsafe locking scenario: [ 23.968093] [ 23.968094] CPU0 CPU1 [ 23.968096] ---- ---- [ 23.968097] lock(report_lock); [ 23.968101] lock(&rq->lock); [ 23.968104] lock(report_lock); [ 23.968107] lock((console_sem).lock); [ 23.968111] [ 23.968112] *** DEADLOCK *** [ 23.968113] [ 23.968115] 2 locks held by syzkaller603267/3143: [ 23.968116] #0: (&rq->lock){-.-.}, at: [<00000000e0ca94d6>] __schedule+0x24e/0x2060 [ 23.968121] #1: (report_lock){....}, at: [<00000000361c1215>] kasan_report+0x6b/0x340 [ 23.968127] [ 23.968128] stack backtrace: [ 23.968131] CPU: 0 PID: 3143 Comm: syzkaller603267 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 23.968137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.968138] Call Trace: [ 23.968140] dump_stack+0x194/0x257 [ 23.968142] ? arch_local_irq_restore+0x53/0x53 [ 23.968144] print_circular_bug.isra.37+0x2cd/0x2dc [ 23.968145] ? save_trace+0xe0/0x2b0 [ 23.968147] __lock_acquire+0x30a8/0x3e00 [ 23.968149] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 23.968151] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 23.968153] ? print_lockdep_cache.isra.31+0x109/0x109 [ 23.968154] ? save_stack_trace+0x1a/0x20 [ 23.968156] ? save_trace+0xe0/0x2b0 [ 23.968157] ? __lock_acquire+0x36c0/0x3e00 [ 23.968159] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 23.968161] ? __lock_is_held+0xb6/0x140 [ 23.968163] ? __lock_is_held+0xb6/0x140 [ 23.968164] lock_acquire+0x1d5/0x580 [ 23.968166] ? lock_acquire+0x1d5/0x580 [ 23.968167] ? down_trylock+0x13/0x70 [ 23.968169] ? find_held_lock+0x35/0x1d0 [ 23.968170] ? lock_release+0xa40/0xa40 [ 23.968172] ? vprintk_emit+0x379/0x590 [ 23.968174] ? lock_downgrade+0x980/0x980 [ 23.968175] ? kvm_sched_clock_read+0x25/0x40 [ 23.968177] ? sched_clock+0x31/0x40 [ 23.968179] ? sched_clock_cpu+0x1b/0x170 [ 23.968180] ? vprintk_emit+0x49b/0x590 [ 23.968182] _raw_spin_lock_irqsave+0x96/0xc0 [ 23.968183] ? down_trylock+0x13/0x70 [ 23.968185] down_trylock+0x13/0x70 [ 23.968186] ? vprintk_emit+0x49b/0x590 [ 23.968188] __down_trylock_console_sem+0xa2/0x1e0 [ 23.968190] console_trylock+0x15/0x100 [ 23.968191] vprintk_emit+0x49b/0x590 [ 23.968193] vprintk_default+0x28/0x30 [ 23.968194] vprintk_func+0x57/0xc0 [ 23.968196] printk+0xaa/0xca [ 23.968197] ? show_regs_print_info+0x18/0x18 [ 23.968199] ? __schedule+0xda3/0x2060 [ 23.968201] kasan_report+0x7b/0x340 [ 23.968202] __asan_report_load8_noabort+0x14/0x20 [ 23.968204] __schedule+0xda3/0x2060 [ 23.968206] ? __sched_text_start+0x8/0x8 [ 23.968207] ? trace_hardirqs_on+0xd/0x10 [ 23.968209] ? __call_srcu+0x7ee/0x1020 [ 23.968210] ? do_raw_spin_trylock+0x190/0x190 [ 23.968212] ? do_raw_spin_trylock+0x190/0x190 [ 23.968214] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.968216] ? __debug_object_init+0x235/0x1040 [ 23.968218] preempt_schedule_common+0x22/0x60 [ 23.968219] _cond_resched+0x1d/0x30 [ 23.968221] wait_for_completion+0xa5/0x770 [ 23.968223] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.968225] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 23.968227] ? __lockdep_init_map+0xe4/0x650 [ 23.968229] ? __init_waitqueue_head+0x97/0x140 [ 23.968230] ? init_wait_entry+0x1b0/0x1b0 [ 23.968232] __synchronize_srcu+0x1ad/0x260 [ 23.968233] ? call_srcu+0x10/0x10 [ 23.968235] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 23.968237] ? irq_matrix_allocated+0x80/0x80 [ 23.968239] ? synchronize_srcu+0x3c5/0x570 [ 23.968240] synchronize_srcu+0x1a3/0x570 [ 23.968242] ? synchronize_srcu+0x1a3/0x570 [ 23.968244] ? lock_downgrade+0x980/0x980 [ 23.968246] ? synchronize_srcu_expedited+0x20/0x20 [ 23.968247] ? lock_release+0xa40/0xa40 [ 23.968249] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 23.968251] ? do_raw_spin_trylock+0x190/0x190 [ 23.968253] kvm_page_track_unregister_notifier+0x186/0x270 [ 23.968255] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 23.968256] ? kvfree+0x36/0x60 [ 23.968258] ? rcu_read_lock_sched_held+0x108/0x120 [ 23.968260] kvm_mmu_uninit_vm+0x1c/0x20 [ 23.968262] kvm_arch_destroy_vm+0x73b/0x980 [ 23.968264] ? kvm_arch_sync_events+0x30/0x30 [ 23.968265] ? mmdrop+0x18/0x30 [ 23.968267] ? mmu_notifier_unregister+0x437/0x5c0 [ 23.968268] ? kvm_put_kvm+0x47a/0xde0 [ 23.968271] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 23.968272] ? __free_pages+0x107/0x150 [ 23.968274] ? free_unref_page+0x9e0/0x9e0 [ 23.968276] ? quarantine_put+0xeb/0x190 [ 23.968277] ? kfree+0xf0/0x260 [ 23.968279] ? kvm_put_kvm+0x614/0xde0 [ 23.968280] ? free_pages+0x51/0x90 [ 23.968282] kvm_put_kvm+0x695/0xde0 [ 23.968284] ? kvm_clear_guest+0xb0/0xb0 [ 23.968286] ? kvm_irqfd_release+0xd1/0x120 [ 23.968287] ? lock_downgrade+0x980/0x980 [ 23.968289] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.968291] ? kvm_irqfd_release+0xdd/0x120 [ 23.968292] ? kvm_irqfd_release+0xdd/0x120 [ 23.968294] ? kvm_put_kvm+0xde0/0xde0 [ 23.968295] kvm_vm_release+0x42/0x50 [ 23.968297] __fput+0x327/0x7e0 [ 23.968298] ? fput+0x140/0x140 [ 23.968300] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.968302] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.968303] ____fput+0x15/0x20 [ 23.968305] task_work_run+0x199/0x270 [ 23.968307] ? task_work_cancel+0x210/0x210 [ 23.968308] ? _raw_spin_unlock+0x22/0x30 [ 23.968310] ? switch_task_namespaces+0x87/0xc0 [ 23.968311] do_exit+0x9bb/0x1ad0 [ 23.968313] ? kvm_vcpu_fault+0x520/0x520 [ 23.968315] ? mm_update_next_owner+0x930/0x930 [ 23.968316] ? find_held_lock+0x35/0x1d0 [ 23.968318] ? handle_mm_fault+0x2a0/0x930 [ 23.968320] ? find_held_lock+0x35/0x1d0 [ 23.968321] ? __do_page_fault+0x5f7/0xc90 [ 23.968323] ? lock_downgrade+0x980/0x980 [ 23.968325] ? down_read_trylock+0xdb/0x170 [ 23.968326] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 23.968328] ? vmacache_find+0x5f/0x280 [ 23.968329] ? up_read+0x1a/0x40 [ 23.968331] ? __do_page_fault+0x3d6/0xc90 [ 23.968333] ? kvm_vcpu_fault+0x520/0x520 [ 23.968334] ? do_vfs_ioctl+0x486/0x1520 [ 23.968336] ? _cond_resched+0x14/0x30 [ 23.968337] ? ioctl_preallocate [ 23.968340] Lost 16 message(s)! [ 25.038914] Shutting down cpus with NMI [ 26.093037] Dumping ftrace buffer: [ 26.096550] (ftrace buffer empty) [ 26.100227] Kernel Offset: disabled [ 26.103820] Rebooting in 86400 seconds..