[....] Starting enhanced syslogd: rsyslogd[ 10.255943] audit: type=1400 audit(1513780425.993:5): avc: denied { syslog } for pid=2992 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.070701] audit: type=1400 audit(1513780431.808:6): avc: denied { map } for pid=3131 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-next-kasan-gce-3,10.128.0.60' (ECDSA) to the list of known hosts. executing program [ 32.660073] audit: type=1400 audit(1513780448.397:7): avc: denied { map } for pid=3148 comm="syzkaller399961" path="/root/syzkaller399961001" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 32.691686] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 32.703906] ================================================================== [ 32.712057] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 32.718268] Read of size 8 at addr ffff8801c92b0058 by task syzkaller399961/3148 [ 32.725766] [ 32.727365] CPU: 0 PID: 3148 Comm: syzkaller399961 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 32.735905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.745228] Call Trace: [ 32.747788] dump_stack+0x194/0x257 [ 32.751384] ? arch_local_irq_restore+0x53/0x53 [ 32.756018] ? show_regs_print_info+0x18/0x18 [ 32.760483] ? __schedule+0xda3/0x2060 [ 32.764336] print_address_description+0x73/0x250 [ 32.769143] ? __schedule+0xda3/0x2060 [ 32.772996] kasan_report+0x25b/0x340 [ 32.776765] __asan_report_load8_noabort+0x14/0x20 [ 32.781659] __schedule+0xda3/0x2060 [ 32.785341] ? __sched_text_start+0x8/0x8 [ 32.789455] ? trace_hardirqs_on+0xd/0x10 [ 32.793570] ? __call_srcu+0x7ee/0x1020 [ 32.797510] ? do_raw_spin_trylock+0x190/0x190 [ 32.802056] ? do_raw_spin_trylock+0x190/0x190 [ 32.806610] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 32.812460] ? __debug_object_init+0x235/0x1040 [ 32.817100] preempt_schedule_common+0x22/0x60 [ 32.821645] _cond_resched+0x1d/0x30 [ 32.825323] wait_for_completion+0xa5/0x770 [ 32.829613] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 32.834596] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 32.840361] ? __lockdep_init_map+0xe4/0x650 [ 32.844738] ? __init_waitqueue_head+0x97/0x140 [ 32.849371] ? init_wait_entry+0x1b0/0x1b0 [ 32.853575] __synchronize_srcu+0x1ad/0x260 [ 32.857858] ? call_srcu+0x10/0x10 [ 32.861363] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 32.866867] ? irq_matrix_allocated+0x80/0x80 [ 32.871326] ? synchronize_srcu+0x3c5/0x570 [ 32.875615] synchronize_srcu+0x1a3/0x570 [ 32.879729] ? synchronize_srcu+0x1a3/0x570 [ 32.884015] ? lock_downgrade+0x980/0x980 [ 32.888127] ? synchronize_srcu_expedited+0x20/0x20 [ 32.893117] ? lock_release+0xa40/0xa40 [ 32.897057] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 32.901864] ? do_raw_spin_trylock+0x190/0x190 [ 32.906421] kvm_page_track_unregister_notifier+0x186/0x270 [ 32.912099] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 32.917517] ? kvfree+0x36/0x60 [ 32.920763] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.925748] kvm_mmu_uninit_vm+0x1c/0x20 [ 32.929773] kvm_arch_destroy_vm+0x73b/0x980 [ 32.934150] ? kvm_arch_sync_events+0x30/0x30 [ 32.938612] ? mmdrop+0x18/0x30 [ 32.941861] ? mmu_notifier_unregister+0x437/0x5c0 [ 32.946755] ? kvm_put_kvm+0x47a/0xde0 [ 32.950611] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 32.956461] ? __free_pages+0x107/0x150 [ 32.960401] ? free_unref_page+0x9e0/0x9e0 [ 32.964602] ? quarantine_put+0xeb/0x190 [ 32.968626] ? kfree+0xf0/0x260 [ 32.971876] ? kvm_put_kvm+0x614/0xde0 [ 32.975736] ? free_pages+0x51/0x90 [ 32.979329] kvm_put_kvm+0x695/0xde0 [ 32.983014] ? kvm_clear_guest+0xb0/0xb0 [ 32.987043] ? kvm_irqfd_release+0xd1/0x120 [ 32.991339] ? lock_downgrade+0x980/0x980 [ 32.995460] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.999924] ? kvm_irqfd_release+0xdd/0x120 [ 33.004209] ? kvm_irqfd_release+0xdd/0x120 [ 33.008494] ? kvm_put_kvm+0xde0/0xde0 [ 33.012346] kvm_vm_release+0x42/0x50 [ 33.016112] __fput+0x327/0x7e0 [ 33.019360] ? fput+0x140/0x140 [ 33.022605] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 33.028452] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.032918] ____fput+0x15/0x20 [ 33.036163] task_work_run+0x199/0x270 [ 33.040017] ? task_work_cancel+0x210/0x210 [ 33.044302] ? _raw_spin_unlock+0x22/0x30 [ 33.048416] ? switch_task_namespaces+0x87/0xc0 [ 33.053055] do_exit+0x9bb/0x1ad0 [ 33.056472] ? kvm_vcpu_fault+0x520/0x520 [ 33.060600] ? mm_update_next_owner+0x930/0x930 [ 33.065234] ? find_held_lock+0x35/0x1d0 [ 33.069267] ? handle_mm_fault+0x2a0/0x930 [ 33.073467] ? find_held_lock+0x35/0x1d0 [ 33.077499] ? __do_page_fault+0x5f7/0xc90 [ 33.081696] ? lock_downgrade+0x980/0x980 [ 33.085823] ? down_read_trylock+0xdb/0x170 [ 33.090109] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 33.094655] ? vmacache_find+0x5f/0x280 [ 33.098596] ? up_read+0x1a/0x40 [ 33.101925] ? __do_page_fault+0x3d6/0xc90 [ 33.106128] ? kvm_vcpu_fault+0x520/0x520 [ 33.110241] ? do_vfs_ioctl+0x486/0x1520 [ 33.114269] ? _cond_resched+0x14/0x30 [ 33.118123] ? ioctl_preallocate+0x2b0/0x2b0 [ 33.122501] ? selinux_capable+0x40/0x40 [ 33.126527] ? putname+0xf3/0x130 [ 33.129948] do_group_exit+0x149/0x400 [ 33.133801] ? SyS_exit+0x30/0x30 [ 33.137220] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 33.142203] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 33.146924] SyS_exit_group+0x1d/0x20 [ 33.150700] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 33.155421] RIP: 0033:0x43ed88 [ 33.158579] RSP: 002b:00007fffa80e68a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.166251] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ed88 [ 33.173485] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.180721] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.187962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 33.195197] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 33.202439] [ 33.204034] Allocated by task 3148: [ 33.207630] save_stack+0x43/0xd0 [ 33.211047] kasan_kmalloc+0xad/0xe0 [ 33.214725] kasan_slab_alloc+0x12/0x20 [ 33.218662] kmem_cache_alloc+0x12e/0x760 [ 33.222773] vmx_create_vcpu+0xc4/0x2f20 [ 33.226798] kvm_arch_vcpu_create+0x12c/0x1a0 [ 33.231257] kvm_vm_ioctl+0x48b/0x1c60 [ 33.235107] do_vfs_ioctl+0x1b1/0x1520 [ 33.238957] SyS_ioctl+0x8f/0xc0 [ 33.242286] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 33.247004] [ 33.248609] Freed by task 3148: [ 33.251855] save_stack+0x43/0xd0 [ 33.255272] kasan_slab_free+0x71/0xc0 [ 33.259121] kmem_cache_free+0x83/0x2a0 [ 33.263074] vmx_free_vcpu+0x1ee/0x260 [ 33.266925] kvm_arch_destroy_vm+0x4a2/0x980 [ 33.271296] kvm_put_kvm+0x695/0xde0 [ 33.274971] kvm_vm_release+0x42/0x50 [ 33.278739] __fput+0x327/0x7e0 [ 33.281984] ____fput+0x15/0x20 [ 33.285227] task_work_run+0x199/0x270 [ 33.289078] do_exit+0x9bb/0x1ad0 [ 33.292502] do_group_exit+0x149/0x400 [ 33.296353] SyS_exit_group+0x1d/0x20 [ 33.300134] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 33.304850] [ 33.306444] The buggy address belongs to the object at ffff8801c92b0040 [ 33.306444] which belongs to the cache kvm_vcpu of size 23872 [ 33.318978] The buggy address is located 24 bytes inside of [ 33.318978] 23872-byte region [ffff8801c92b0040, ffff8801c92b5d80) [ 33.330901] The buggy address belongs to the page: [ 33.335795] page:00000000053ca0f6 count:1 mapcount:0 mapping:000000007f8b91fb index:0x0 compound_mapcount: 0 [ 33.345730] flags: 0x2fffc0000008100(slab|head) [ 33.350365] raw: 02fffc0000008100 ffff8801c92b0040 0000000000000000 0000000100000001 [ 33.358210] raw: ffff8801d6447448 ffff8801d6447448 ffff8801d64443c0 0000000000000000 [ 33.366052] page dumped because: kasan: bad access detected [ 33.371724] [ 33.373314] Memory state around the buggy address: [ 33.378207] ffff8801c92aff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.385530] ffff8801c92aff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.392853] >ffff8801c92b0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 33.400614] ^ [ 33.406813] ffff8801c92b0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.414135] ffff8801c92b0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.421455] ================================================================== [ 33.428778] Kernel panic - not syncing: panic_on_warn set ... [ 33.428778] [ 33.436107] CPU: 0 PID: 3148 Comm: syzkaller399961 Tainted: G B 4.15.0-rc4-next-20171220+ #77 [ 33.445946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.455263] Call Trace: [ 33.457822] dump_stack+0x194/0x257 [ 33.461417] ? arch_local_irq_restore+0x53/0x53 [ 33.466054] ? kasan_end_report+0x32/0x50 [ 33.470169] ? lock_downgrade+0x980/0x980 [ 33.474283] ? vsnprintf+0x1ed/0x1900 [ 33.478051] ? __schedule+0xcf0/0x2060 [ 33.481904] panic+0x1e4/0x41c [ 33.485060] ? refcount_error_report+0x214/0x214 [ 33.489782] ? print_shadow_for_address+0xdc/0x1a0 [ 33.494676] ? add_taint+0x1c/0x50 [ 33.498182] ? __schedule+0xda3/0x2060 [ 33.502033] kasan_end_report+0x50/0x50 [ 33.505972] kasan_report+0x144/0x340 [ 33.509739] __asan_report_load8_noabort+0x14/0x20 [ 33.514632] __schedule+0xda3/0x2060 [ 33.518315] ? __sched_text_start+0x8/0x8 [ 33.522430] ? trace_hardirqs_on+0xd/0x10 [ 33.526545] ? __call_srcu+0x7ee/0x1020 [ 33.530489] ? do_raw_spin_trylock+0x190/0x190 [ 33.535044] ? do_raw_spin_trylock+0x190/0x190 [ 33.539597] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 33.545463] ? __debug_object_init+0x235/0x1040 [ 33.550103] preempt_schedule_common+0x22/0x60 [ 33.554651] _cond_resched+0x1d/0x30 [ 33.558330] wait_for_completion+0xa5/0x770 [ 33.562617] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 33.567598] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 33.573363] ? __lockdep_init_map+0xe4/0x650 [ 33.577742] ? __init_waitqueue_head+0x97/0x140 [ 33.582377] ? init_wait_entry+0x1b0/0x1b0 [ 33.586584] __synchronize_srcu+0x1ad/0x260 [ 33.590870] ? call_srcu+0x10/0x10 [ 33.594377] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 33.599881] ? irq_matrix_allocated+0x80/0x80 [ 33.604340] ? synchronize_srcu+0x3c5/0x570 [ 33.608630] synchronize_srcu+0x1a3/0x570 [ 33.612741] ? synchronize_srcu+0x1a3/0x570 [ 33.617040] ? lock_downgrade+0x980/0x980 [ 33.621157] ? synchronize_srcu_expedited+0x20/0x20 [ 33.626139] ? lock_release+0xa40/0xa40 [ 33.630080] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 33.634890] ? do_raw_spin_trylock+0x190/0x190 [ 33.639455] kvm_page_track_unregister_notifier+0x186/0x270 [ 33.645133] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 33.650553] ? kvfree+0x36/0x60 [ 33.653795] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.658779] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.662807] kvm_arch_destroy_vm+0x73b/0x980 [ 33.667182] ? kvm_arch_sync_events+0x30/0x30 [ 33.671642] ? mmdrop+0x18/0x30 [ 33.674887] ? mmu_notifier_unregister+0x437/0x5c0 [ 33.679780] ? kvm_put_kvm+0x47a/0xde0 [ 33.683633] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 33.689497] ? __free_pages+0x107/0x150 [ 33.693436] ? free_unref_page+0x9e0/0x9e0 [ 33.697637] ? quarantine_put+0xeb/0x190 [ 33.701659] ? kfree+0xf0/0x260 [ 33.704902] ? kvm_put_kvm+0x614/0xde0 [ 33.708757] ? free_pages+0x51/0x90 [ 33.712349] kvm_put_kvm+0x695/0xde0 [ 33.716033] ? kvm_clear_guest+0xb0/0xb0 [ 33.720060] ? kvm_irqfd_release+0xd1/0x120 [ 33.724347] ? lock_downgrade+0x980/0x980 [ 33.728465] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.732929] ? kvm_irqfd_release+0xdd/0x120 [ 33.737215] ? kvm_irqfd_release+0xdd/0x120 [ 33.741502] ? kvm_put_kvm+0xde0/0xde0 [ 33.745356] kvm_vm_release+0x42/0x50 [ 33.749127] __fput+0x327/0x7e0 [ 33.752376] ? fput+0x140/0x140 [ 33.755624] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 33.761472] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.765935] ____fput+0x15/0x20 [ 33.769179] task_work_run+0x199/0x270 [ 33.773032] ? task_work_cancel+0x210/0x210 [ 33.777320] ? _raw_spin_unlock+0x22/0x30 [ 33.781432] ? switch_task_namespaces+0x87/0xc0 [ 33.786069] do_exit+0x9bb/0x1ad0 [ 33.789486] ? kvm_vcpu_fault+0x520/0x520 [ 33.793599] ? mm_update_next_owner+0x930/0x930 [ 33.798233] ? find_held_lock+0x35/0x1d0 [ 33.802267] ? handle_mm_fault+0x2a0/0x930 [ 33.806468] ? find_held_lock+0x35/0x1d0 [ 33.810501] ? __do_page_fault+0x5f7/0xc90 [ 33.814700] ? lock_downgrade+0x980/0x980 [ 33.818818] ? down_read_trylock+0xdb/0x170 [ 33.823121] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 33.827676] ? vmacache_find+0x5f/0x280 [ 33.831619] ? up_read+0x1a/0x40 [ 33.834960] ? __do_page_fault+0x3d6/0xc90 [ 33.839163] ? kvm_vcpu_fault+0x520/0x520 [ 33.843274] ? do_vfs_ioctl+0x486/0x1520 [ 33.847300] ? _cond_resched+0x14/0x30 [ 33.851154] ? ioctl_preallocate+0x2b0/0x2b0 [ 33.855534] ? selinux_capable+0x40/0x40 [ 33.859560] ? putname+0xf3/0x130 [ 33.862983] do_group_exit+0x149/0x400 [ 33.866838] ? SyS_exit+0x30/0x30 [ 33.870258] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 33.875241] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 33.879964] SyS_exit_group+0x1d/0x20 [ 33.883729] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 33.888451] RIP: 0033:0x43ed88 [ 33.891604] RSP: 002b:00007fffa80e68a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.899278] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ed88 [ 33.906514] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 33.913753] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 33.920988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 33.928223] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 33.935467] [ 33.935469] ====================================================== [ 33.935470] WARNING: possible circular locking dependency detected [ 33.935472] 4.15.0-rc4-next-20171220+ #77 Not tainted [ 33.935474] ------------------------------------------------------ [ 33.935475] syzkaller399961/3148 is trying to acquire lock: [ 33.935476] ((console_sem).lock){..-.}, at: [<00000000089fe141>] down_trylock+0x13/0x70 [ 33.935480] [ 33.935481] but task is already holding lock: [ 33.935481] (report_lock){....}, at: [<00000000d20fb626>] kasan_report+0x6b/0x340 [ 33.935485] [ 33.935486] which lock already depends on the new lock. [ 33.935487] [ 33.935488] [ 33.935489] the existing dependency chain (in reverse order) is: [ 33.935490] [ 33.935490] -> #3 (report_lock){....}: [ 33.935495] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.935496] kasan_report+0x6b/0x340 [ 33.935497] __asan_report_load8_noabort+0x14/0x20 [ 33.935498] __schedule+0xda3/0x2060 [ 33.935499] preempt_schedule_common+0x22/0x60 [ 33.935501] _cond_resched+0x1d/0x30 [ 33.935502] wait_for_completion+0xa5/0x770 [ 33.935503] __synchronize_srcu+0x1ad/0x260 [ 33.935504] synchronize_srcu+0x1a3/0x570 [ 33.935506] kvm_page_track_unregister_notifier+0x186/0x270 [ 33.935507] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.935508] kvm_arch_destroy_vm+0x73b/0x980 [ 33.935509] kvm_put_kvm+0x695/0xde0 [ 33.935510] kvm_vm_release+0x42/0x50 [ 33.935511] __fput+0x327/0x7e0 [ 33.935512] ____fput+0x15/0x20 [ 33.935516] task_work_run+0x199/0x270 [ 33.935517] do_exit+0x9bb/0x1ad0 [ 33.935518] do_group_exit+0x149/0x400 [ 33.935519] SyS_exit_group+0x1d/0x20 [ 33.935521] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 33.935521] [ 33.935522] -> #2 (&rq->lock){-.-.}: [ 33.935526] _raw_spin_lock+0x2a/0x40 [ 33.935527] task_fork_fair+0x7a/0x690 [ 33.935528] sched_fork+0x435/0xc00 [ 33.935529] copy_process.part.37+0x1758/0x4b60 [ 33.935530] _do_fork+0x1f7/0xf70 [ 33.935532] kernel_thread+0x34/0x40 [ 33.935533] rest_init+0x22/0xf0 [ 33.935534] start_kernel+0x7f1/0x819 [ 33.935535] x86_64_start_reservations+0x2a/0x2c [ 33.935536] x86_64_start_kernel+0x77/0x7a [ 33.935537] secondary_startup_64+0xa5/0xb0 [ 33.935538] [ 33.935539] -> #1 (&p->pi_lock){-.-.}: [ 33.935543] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.935544] try_to_wake_up+0xbc/0x1600 [ 33.935545] wake_up_process+0x10/0x20 [ 33.935546] __up.isra.0+0x1cc/0x2c0 [ 33.935547] up+0x13b/0x1d0 [ 33.935548] __up_console_sem+0xb2/0x1a0 [ 33.935549] console_unlock+0x538/0xd70 [ 33.935550] do_con_write+0x106e/0x1f70 [ 33.935551] con_write+0x25/0xb0 [ 33.935552] n_tty_write+0x5ef/0xec0 [ 33.935554] tty_write+0x3fa/0x840 [ 33.935555] __vfs_write+0xef/0x970 [ 33.935556] vfs_write+0x189/0x510 [ 33.935557] SyS_write+0xef/0x220 [ 33.935558] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 33.935559] [ 33.935559] -> #0 ((console_sem).lock){..-.}: [ 33.935563] lock_acquire+0x1d5/0x580 [ 33.935565] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.935566] down_trylock+0x13/0x70 [ 33.935567] __down_trylock_console_sem+0xa2/0x1e0 [ 33.935568] console_trylock+0x15/0x100 [ 33.935569] vprintk_emit+0x49b/0x590 [ 33.935571] vprintk_default+0x28/0x30 [ 33.935572] vprintk_func+0x57/0xc0 [ 33.935573] printk+0xaa/0xca [ 33.935574] kasan_report+0x7b/0x340 [ 33.935575] __asan_report_load8_noabort+0x14/0x20 [ 33.935576] __schedule+0xda3/0x2060 [ 33.935577] preempt_schedule_common+0x22/0x60 [ 33.935579] _cond_resched+0x1d/0x30 [ 33.935580] wait_for_completion+0xa5/0x770 [ 33.935581] __synchronize_srcu+0x1ad/0x260 [ 33.935582] synchronize_srcu+0x1a3/0x570 [ 33.935584] kvm_page_track_unregister_notifier+0x186/0x270 [ 33.935585] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.935586] kvm_arch_destroy_vm+0x73b/0x980 [ 33.935587] kvm_put_kvm+0x695/0xde0 [ 33.935588] kvm_vm_release+0x42/0x50 [ 33.935589] __fput+0x327/0x7e0 [ 33.935590] ____fput+0x15/0x20 [ 33.935591] task_work_run+0x199/0x270 [ 33.935592] do_exit+0x9bb/0x1ad0 [ 33.935594] do_group_exit+0x149/0x400 [ 33.935595] SyS_exit_group+0x1d/0x20 [ 33.935596] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 33.935597] [ 33.935598] other info that might help us debug this: [ 33.935599] [ 33.935599] Chain exists of: [ 33.935600] (console_sem).lock --> &rq->lock --> report_lock [ 33.935605] [ 33.935606] Possible unsafe locking scenario: [ 33.935607] [ 33.935608] CPU0 CPU1 [ 33.935609] ---- ---- [ 33.935610] lock(report_lock); [ 33.935612] lock(&rq->lock); [ 33.935615] lock(report_lock); [ 33.935617] lock((console_sem).lock); [ 33.935619] [ 33.935620] *** DEADLOCK *** [ 33.935621] [ 33.935622] 2 locks held by syzkaller399961/3148: [ 33.935623] #0: (&rq->lock){-.-.}, at: [<00000000c36483f8>] __schedule+0x24e/0x2060 [ 33.935627] #1: (report_lock){....}, at: [<00000000d20fb626>] kasan_report+0x6b/0x340 [ 33.935631] [ 33.935632] stack backtrace: [ 33.935634] CPU: 0 PID: 3148 Comm: syzkaller399961 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 33.935636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.935637] Call Trace: [ 33.935638] dump_stack+0x194/0x257 [ 33.935639] ? arch_local_irq_restore+0x53/0x53 [ 33.935641] print_circular_bug.isra.37+0x2cd/0x2dc [ 33.935642] ? save_trace+0xe0/0x2b0 [ 33.935643] __lock_acquire+0x30a8/0x3e00 [ 33.935644] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 33.935645] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 33.935647] ? print_lockdep_cache.isra.31+0x109/0x109 [ 33.935648] ? save_stack_trace+0x1a/0x20 [ 33.935649] ? save_trace+0xe0/0x2b0 [ 33.935650] ? __lock_acquire+0x36c0/0x3e00 [ 33.935652] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 33.935653] ? __lock_is_held+0xb6/0x140 [ 33.935654] ? __lock_is_held+0xb6/0x140 [ 33.935655] lock_acquire+0x1d5/0x580 [ 33.935656] ? lock_acquire+0x1d5/0x580 [ 33.935657] ? down_trylock+0x13/0x70 [ 33.935658] ? find_held_lock+0x35/0x1d0 [ 33.935659] ? lock_release+0xa40/0xa40 [ 33.935660] ? vprintk_emit+0x379/0x590 [ 33.935661] ? lock_downgrade+0x980/0x980 [ 33.935663] ? kvm_sched_clock_read+0x25/0x40 [ 33.935664] ? sched_clock+0x31/0x40 [ 33.935665] ? sched_clock_cpu+0x1b/0x170 [ 33.935666] ? vprintk_emit+0x49b/0x590 [ 33.935667] _raw_spin_lock_irqsave+0x96/0xc0 [ 33.935668] ? down_trylock+0x13/0x70 [ 33.935669] down_trylock+0x13/0x70 [ 33.935670] ? vprintk_emit+0x49b/0x590 [ 33.935672] __down_trylock_console_sem+0xa2/0x1e0 [ 33.935673] console_trylock+0x15/0x100 [ 33.935674] vprintk_emit+0x49b/0x590 [ 33.935675] vprintk_default+0x28/0x30 [ 33.935676] vprintk_func+0x57/0xc0 [ 33.935677] printk+0xaa/0xca [ 33.935678] ? show_regs_print_info+0x18/0x18 [ 33.935679] ? __schedule+0xda3/0x2060 [ 33.935680] kasan_report+0x7b/0x340 [ 33.935681] __asan_report_load8_noabort+0x14/0x20 [ 33.935683] __schedule+0xda3/0x2060 [ 33.935684] ? __sched_text_start+0x8/0x8 [ 33.935685] ? trace_hardirqs_on+0xd/0x10 [ 33.935686] ? __call_srcu+0x7ee/0x1020 [ 33.935687] ? do_raw_spin_trylock+0x190/0x190 [ 33.935688] ? do_raw_spin_trylock+0x190/0x190 [ 33.935690] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 33.935691] ? __debug_object_init+0x235/0x1040 [ 33.935692] preempt_schedule_common+0x22/0x60 [ 33.935693] _cond_resched+0x1d/0x30 [ 33.935694] wait_for_completion+0xa5/0x770 [ 33.935696] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 33.935697] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 33.935698] ? __lockdep_init_map+0xe4/0x650 [ 33.935700] ? __init_waitqueue_head+0x97/0x140 [ 33.935701] ? init_wait_entry+0x1b0/0x1b0 [ 33.935702] __synchronize_srcu+0x1ad/0x260 [ 33.935703] ? call_srcu+0x10/0x10 [ 33.935704] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 33.935705] ? irq_matrix_allocated+0x80/0x80 [ 33.935707] ? synchronize_srcu+0x3c5/0x570 [ 33.935708] synchronize_srcu+0x1a3/0x570 [ 33.935709] ? synchronize_srcu+0x1a3/0x570 [ 33.935710] ? lock_downgrade+0x980/0x980 [ 33.935711] ? synchronize_srcu_expedited+0x20/0x20 [ 33.935712] ? lock_release+0xa40/0xa40 [ 33.935714] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 33.935715] ? do_raw_spin_trylock+0x190/0x190 [ 33.935716] kvm_page_track_unregister_notifier+0x186/0x270 [ 33.935718] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 33.935719] ? kvfree+0x36/0x60 [ 33.935720] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.935721] kvm_mmu_uninit_vm+0x1c/0x20 [ 33.935722] kvm_arch_destroy_vm+0x73b/0x980 [ 33.935723] ? kvm_arch_sync_events+0x30/0x30 [ 33.935725] ? mmdrop+0x18/0x30 [ 33.935726] ? mmu_notifier_unregister+0x437/0x5c0 [ 33.935727] ? kvm_put_kvm+0x47a/0xde0 [ 33.935728] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 33.935729] ? __free_pages+0x107/0x150 [ 33.935731] ? free_unref_page+0x9e0/0x9e0 [ 33.935732] ? quarantine_put+0xeb/0x190 [ 33.935733] ? kfree+0xf0/0x260 [ 33.935734] ? kvm_put_kvm+0x614/0xde0 [ 33.935735] ? free_pages+0x51/0x90 [ 33.935736] kvm_put_kvm+0x695/0xde0 [ 33.935737] ? kvm_clear_guest+0xb0/0xb0 [ 33.935738] ? kvm_irqfd_release+0xd1/0x120 [ 33.935739] ? lock_downgrade+0x980/0x980 [ 33.935741] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.935742] ? kvm_irqfd_release+0xdd/0x120 [ 33.935743] ? kvm_irqfd_release+0xdd/0x120 [ 33.935744] ? kvm_put_kvm+0xde0/0xde0 [ 33.935745] kvm_vm_release+0x42/0x50 [ 33.935746] __fput+0x327/0x7e0 [ 33.935747] ? fput+0x140/0x140 [ 33.935748] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 33.935750] ? _raw_spin_unlock_irq+0x27/0x70 [ 33.935751] ____fput+0x15/0x20 [ 33.935752] task_work_run+0x199/0x270 [ 33.935753] ? task_work_cancel+0x210/0x210 [ 33.935754] ? _raw_spin_unlock+0x22/0x30 [ 33.935755] ? switch_task_namespaces+0x87/0xc0 [ 33.935756] do_exit+0x9bb/0x1ad0 [ 33.935758] ? kvm_vcpu_fault+0x520/0x520 [ 33.935759] ? mm_update_next_owner+0x930/0x930 [ 33.935760] ? find_held_lock+0x35/0x1d0 [ 33.935761] ? handle_mm_fault+0x2a0/0x930 [ 33.935762] ? find_held_lock+0x35/0x1d0 [ 33.935763] ? __do_page_fault+0x5f7/0xc90 [ 33.935764] ? lock_downgrade+0x980/0x980 [ 33.935766] ? down_read_trylock+0xdb/0x170 [ 33.935767] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 33.935768] ? vmacache_find+0x5f/0x280 [ 33.935769] ? up_read+0x1a/0x40 [ 33.935770] ? __do_page_fault+0x3d6/0xc90 [ 33.935771] ? kvm_vcpu_fault+0x520/0x520 [ 33.935772] ? do_vfs_ioctl+0x486/0x1520 [ 33.935773] ? _cond_resched+0x14/0x30 [ 33.935775] ? ioctl_preallocate+0x2b0/0x2b0 [ 33.935776] ? selinux_capable+0x40/0x40 [ 33.935777] ? putname+0xf3/0x130 [ 33.935777] do_ [ 33.935780] Lost 13 message(s)! [ 35.009794] Shutting down cpus with NMI [ 36.064600] Dumping ftrace buffer: [ 36.068108] (ftrace buffer empty) [ 36.071785] Kernel Offset: disabled [ 36.075378] Rebooting in 86400 seconds..