[....] Starting enhanced syslogd: rsyslogd[ 9.707411] audit: type=1400 audit(1513859998.905:5): avc: denied { syslog } for pid=2988 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 14.804864] audit: type=1400 audit(1513860004.002:6): avc: denied { map } for pid=3125 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-5,10.128.0.56' (ECDSA) to the list of known hosts. executing program [ 42.801565] audit: type=1400 audit(1513860031.999:7): avc: denied { map } for pid=3143 comm="syzkaller394608" path="/root/syzkaller394608023" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 42.833281] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 42.844858] ================================================================== [ 42.852964] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 42.859164] Read of size 8 at addr ffff8801c8568058 by task syzkaller394608/3143 [ 42.866660] [ 42.868255] CPU: 0 PID: 3143 Comm: syzkaller394608 Not tainted 4.15.0-rc4-mm1+ #47 [ 42.875925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.885240] Call Trace: [ 42.887806] dump_stack+0x194/0x257 [ 42.891398] ? arch_local_irq_restore+0x53/0x53 [ 42.896033] ? show_regs_print_info+0x18/0x18 [ 42.900496] ? __schedule+0xda3/0x2060 [ 42.904349] print_address_description+0x73/0x250 [ 42.909156] ? __schedule+0xda3/0x2060 [ 42.913006] kasan_report+0x23b/0x360 [ 42.916779] __asan_report_load8_noabort+0x14/0x20 [ 42.921679] __schedule+0xda3/0x2060 [ 42.925361] ? __sched_text_start+0x8/0x8 [ 42.929480] ? trace_hardirqs_on+0xd/0x10 [ 42.933615] ? __call_srcu+0x7ee/0x1020 [ 42.937555] ? do_raw_spin_trylock+0x190/0x190 [ 42.942098] ? do_raw_spin_trylock+0x190/0x190 [ 42.946650] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 42.952500] ? __debug_object_init+0x235/0x1040 [ 42.957143] preempt_schedule_common+0x22/0x60 [ 42.961690] _cond_resched+0x1d/0x30 [ 42.965369] wait_for_completion+0xa5/0x770 [ 42.969654] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 42.974635] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 42.980399] ? __lockdep_init_map+0xe4/0x650 [ 42.984773] ? __init_waitqueue_head+0x97/0x140 [ 42.989406] ? init_wait_entry+0x1b0/0x1b0 [ 42.993609] __synchronize_srcu+0x1ad/0x260 [ 42.997897] ? call_srcu+0x10/0x10 [ 43.001402] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 43.006904] ? irq_matrix_allocated+0x80/0x80 [ 43.011362] ? synchronize_srcu+0x3c5/0x570 [ 43.015650] synchronize_srcu+0x1a3/0x570 [ 43.019765] ? synchronize_srcu+0x1a3/0x570 [ 43.024048] ? lock_downgrade+0x980/0x980 [ 43.028157] ? synchronize_srcu_expedited+0x20/0x20 [ 43.033135] ? lock_release+0xa40/0xa40 [ 43.037073] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 43.041878] ? do_raw_spin_trylock+0x190/0x190 [ 43.046433] kvm_page_track_unregister_notifier+0x186/0x270 [ 43.052110] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 43.057523] ? kvfree+0x36/0x60 [ 43.060765] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.065749] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.069772] kvm_arch_destroy_vm+0x73b/0x980 [ 43.074145] ? kvm_arch_sync_events+0x30/0x30 [ 43.078605] ? mmdrop+0x18/0x30 [ 43.081850] ? mmu_notifier_unregister+0x43c/0x5c0 [ 43.086746] ? kvm_put_kvm+0x47a/0xde0 [ 43.090600] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 43.096536] ? __free_pages+0x107/0x150 [ 43.100475] ? free_unref_page+0x9e0/0x9e0 [ 43.104673] ? quarantine_put+0xeb/0x190 [ 43.108698] ? kfree+0xf0/0x260 [ 43.111939] ? kvm_put_kvm+0x614/0xde0 [ 43.115790] ? free_pages+0x51/0x90 [ 43.119381] kvm_put_kvm+0x695/0xde0 [ 43.123060] ? kvm_clear_guest+0xb0/0xb0 [ 43.127089] ? kvm_irqfd_release+0xd1/0x120 [ 43.131375] ? lock_downgrade+0x980/0x980 [ 43.135491] ? _raw_spin_unlock_irq+0x27/0x70 [ 43.139953] ? kvm_irqfd_release+0xdd/0x120 [ 43.144239] ? kvm_irqfd_release+0xdd/0x120 [ 43.148526] ? kvm_put_kvm+0xde0/0xde0 [ 43.152377] kvm_vm_release+0x42/0x50 [ 43.156143] __fput+0x327/0x7e0 [ 43.159388] ? fput+0x140/0x140 [ 43.162636] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 43.168486] ? _raw_spin_unlock_irq+0x27/0x70 [ 43.172949] ____fput+0x15/0x20 [ 43.176193] task_work_run+0x199/0x270 [ 43.180044] ? task_work_cancel+0x210/0x210 [ 43.184328] ? _raw_spin_unlock+0x22/0x30 [ 43.188439] ? switch_task_namespaces+0x87/0xc0 [ 43.193079] do_exit+0x9bb/0x1ad0 [ 43.196498] ? kvm_vcpu_fault+0x520/0x520 [ 43.200612] ? mm_update_next_owner+0x930/0x930 [ 43.205243] ? find_held_lock+0x35/0x1d0 [ 43.209272] ? handle_mm_fault+0x2a0/0x930 [ 43.213470] ? find_held_lock+0x35/0x1d0 [ 43.217503] ? __do_page_fault+0x5f7/0xc90 [ 43.221704] ? lock_downgrade+0x980/0x980 [ 43.225818] ? down_read_trylock+0xdb/0x170 [ 43.230103] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 43.234647] ? vmacache_find+0x5f/0x280 [ 43.238583] ? vmacache_update+0xfe/0x130 [ 43.242696] ? up_read+0x1a/0x40 [ 43.246024] ? __do_page_fault+0x3d6/0xc90 [ 43.250224] ? kvm_vcpu_fault+0x520/0x520 [ 43.254335] ? do_vfs_ioctl+0x486/0x1520 [ 43.258361] ? _cond_resched+0x14/0x30 [ 43.262216] ? ioctl_preallocate+0x2b0/0x2b0 [ 43.266593] ? selinux_capable+0x40/0x40 [ 43.270624] ? SyS_setsockopt+0x1fb/0x360 [ 43.274737] do_group_exit+0x149/0x400 [ 43.278591] ? SyS_exit+0x30/0x30 [ 43.282007] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 43.286989] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 43.291714] SyS_exit_group+0x1d/0x20 [ 43.295483] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 43.300203] RIP: 0033:0x43ee18 [ 43.303357] RSP: 002b:00007ffff4526c88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 43.311026] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ee18 [ 43.318258] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 43.325492] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 43.332723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b40 [ 43.339957] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000 [ 43.347199] [ 43.348791] Allocated by task 3143: [ 43.352383] save_stack+0x43/0xd0 [ 43.355799] kasan_kmalloc+0xad/0xe0 [ 43.359477] kasan_slab_alloc+0x12/0x20 [ 43.363414] kmem_cache_alloc+0x12e/0x760 [ 43.367529] vmx_create_vcpu+0xc4/0x2f20 [ 43.371554] kvm_arch_vcpu_create+0x12c/0x1a0 [ 43.376010] kvm_vm_ioctl+0x48b/0x1c60 [ 43.379857] do_vfs_ioctl+0x1b1/0x1520 [ 43.383705] SyS_ioctl+0x8f/0xc0 [ 43.387032] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 43.391747] [ 43.393336] Freed by task 3143: [ 43.396580] save_stack+0x43/0xd0 [ 43.399996] kasan_slab_free+0x71/0xc0 [ 43.403849] kmem_cache_free+0x83/0x2a0 [ 43.407784] vmx_free_vcpu+0x1ee/0x260 [ 43.411641] kvm_arch_destroy_vm+0x4a2/0x980 [ 43.416011] kvm_put_kvm+0x695/0xde0 [ 43.419684] kvm_vm_release+0x42/0x50 [ 43.423445] __fput+0x327/0x7e0 [ 43.426685] ____fput+0x15/0x20 [ 43.429926] task_work_run+0x199/0x270 [ 43.433774] do_exit+0x9bb/0x1ad0 [ 43.437187] do_group_exit+0x149/0x400 [ 43.441038] SyS_exit_group+0x1d/0x20 [ 43.444799] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 43.449516] [ 43.451106] The buggy address belongs to the object at ffff8801c8568040 [ 43.451106] which belongs to the cache kvm_vcpu of size 23872 [ 43.463648] The buggy address is located 24 bytes inside of [ 43.463648] 23872-byte region [ffff8801c8568040, ffff8801c856dd80) [ 43.475568] The buggy address belongs to the page: [ 43.480463] page:ffffea0007215a00 count:1 mapcount:0 mapping:ffff8801c8568040 index:0x0 compound_mapcount: 0 [ 43.490390] flags: 0x2fffc0000008100(slab|head) [ 43.495022] raw: 02fffc0000008100 ffff8801c8568040 0000000000000000 0000000100000001 [ 43.502866] raw: ffff8801d6440248 ffff8801d6440248 ffff8801d643f3c0 0000000000000000 [ 43.510705] page dumped because: kasan: bad access detected [ 43.516372] [ 43.517962] Memory state around the buggy address: [ 43.522851] ffff8801c8567f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.530173] ffff8801c8567f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.537491] >ffff8801c8568000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 43.544810] ^ [ 43.551000] ffff8801c8568080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.558321] ffff8801c8568100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.565645] ================================================================== [ 43.572967] Kernel panic - not syncing: panic_on_warn set ... [ 43.572967] [ 43.580289] CPU: 0 PID: 3143 Comm: syzkaller394608 Tainted: G B 4.15.0-rc4-mm1+ #47 [ 43.589260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.598576] Call Trace: [ 43.601135] dump_stack+0x194/0x257 [ 43.604724] ? arch_local_irq_restore+0x53/0x53 [ 43.609355] ? kasan_end_report+0x32/0x50 [ 43.613469] ? lock_downgrade+0x980/0x980 [ 43.617580] ? vsnprintf+0x1ed/0x1900 [ 43.621345] ? __schedule+0xcf0/0x2060 [ 43.625199] panic+0x1e4/0x41c [ 43.628356] ? refcount_error_report+0x214/0x214 [ 43.633077] ? print_shadow_for_address+0xdc/0x1a0 [ 43.637970] ? add_taint+0x1c/0x50 [ 43.641474] ? __schedule+0xda3/0x2060 [ 43.645325] kasan_end_report+0x50/0x50 [ 43.649265] kasan_report+0x148/0x360 [ 43.653033] __asan_report_load8_noabort+0x14/0x20 [ 43.657923] __schedule+0xda3/0x2060 [ 43.661603] ? __sched_text_start+0x8/0x8 [ 43.665722] ? trace_hardirqs_on+0xd/0x10 [ 43.669837] ? __call_srcu+0x7ee/0x1020 [ 43.673776] ? do_raw_spin_trylock+0x190/0x190 [ 43.678321] ? do_raw_spin_trylock+0x190/0x190 [ 43.683039] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 43.688891] ? __debug_object_init+0x235/0x1040 [ 43.693529] preempt_schedule_common+0x22/0x60 [ 43.698076] _cond_resched+0x1d/0x30 [ 43.701755] wait_for_completion+0xa5/0x770 [ 43.706039] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 43.711023] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 43.716785] ? __lockdep_init_map+0xe4/0x650 [ 43.721159] ? __init_waitqueue_head+0x97/0x140 [ 43.725790] ? init_wait_entry+0x1b0/0x1b0 [ 43.729993] __synchronize_srcu+0x1ad/0x260 [ 43.734276] ? call_srcu+0x10/0x10 [ 43.737778] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 43.743281] ? irq_matrix_allocated+0x80/0x80 [ 43.747738] ? synchronize_srcu+0x3c5/0x570 [ 43.752027] synchronize_srcu+0x1a3/0x570 [ 43.756138] ? synchronize_srcu+0x1a3/0x570 [ 43.760421] ? lock_downgrade+0x980/0x980 [ 43.764530] ? synchronize_srcu_expedited+0x20/0x20 [ 43.769511] ? lock_release+0xa40/0xa40 [ 43.773450] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 43.778258] ? do_raw_spin_trylock+0x190/0x190 [ 43.782808] kvm_page_track_unregister_notifier+0x186/0x270 [ 43.788481] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 43.793898] ? kvfree+0x36/0x60 [ 43.797140] ? rcu_read_lock_sched_held+0x108/0x120 [ 43.802122] kvm_mmu_uninit_vm+0x1c/0x20 [ 43.806148] kvm_arch_destroy_vm+0x73b/0x980 [ 43.810522] ? kvm_arch_sync_events+0x30/0x30 [ 43.814979] ? mmdrop+0x18/0x30 [ 43.818221] ? mmu_notifier_unregister+0x43c/0x5c0 [ 43.823113] ? kvm_put_kvm+0x47a/0xde0 [ 43.826965] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 43.832900] ? __free_pages+0x107/0x150 [ 43.836836] ? free_unref_page+0x9e0/0x9e0 [ 43.841035] ? quarantine_put+0xeb/0x190 [ 43.845060] ? kfree+0xf0/0x260 [ 43.848301] ? kvm_put_kvm+0x614/0xde0 [ 43.852152] ? free_pages+0x51/0x90 [ 43.855743] kvm_put_kvm+0x695/0xde0 [ 43.859425] ? kvm_clear_guest+0xb0/0xb0 [ 43.863452] ? kvm_irqfd_release+0xd1/0x120 [ 43.867738] ? lock_downgrade+0x980/0x980 [ 43.871854] ? _raw_spin_unlock_irq+0x27/0x70 [ 43.876314] ? kvm_irqfd_release+0xdd/0x120 [ 43.880599] ? kvm_irqfd_release+0xdd/0x120 [ 43.884882] ? kvm_put_kvm+0xde0/0xde0 [ 43.888730] kvm_vm_release+0x42/0x50 [ 43.892496] __fput+0x327/0x7e0 [ 43.895743] ? fput+0x140/0x140 [ 43.898992] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 43.904837] ? _raw_spin_unlock_irq+0x27/0x70 [ 43.909303] ____fput+0x15/0x20 [ 43.912545] task_work_run+0x199/0x270 [ 43.916398] ? task_work_cancel+0x210/0x210 [ 43.920681] ? _raw_spin_unlock+0x22/0x30 [ 43.924789] ? switch_task_namespaces+0x87/0xc0 [ 43.929429] do_exit+0x9bb/0x1ad0 [ 43.932845] ? kvm_vcpu_fault+0x520/0x520 [ 43.936956] ? mm_update_next_owner+0x930/0x930 [ 43.941591] ? find_held_lock+0x35/0x1d0 [ 43.945629] ? handle_mm_fault+0x2a0/0x930 [ 43.949826] ? find_held_lock+0x35/0x1d0 [ 43.953853] ? __do_page_fault+0x5f7/0xc90 [ 43.958052] ? lock_downgrade+0x980/0x980 [ 43.962165] ? down_read_trylock+0xdb/0x170 [ 43.966449] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 43.970992] ? vmacache_find+0x5f/0x280 [ 43.974927] ? vmacache_update+0xfe/0x130 [ 43.979040] ? up_read+0x1a/0x40 [ 43.982376] ? __do_page_fault+0x3d6/0xc90 [ 43.986576] ? kvm_vcpu_fault+0x520/0x520 [ 43.990690] ? do_vfs_ioctl+0x486/0x1520 [ 43.994712] ? _cond_resched+0x14/0x30 [ 43.998562] ? ioctl_preallocate+0x2b0/0x2b0 [ 44.002936] ? selinux_capable+0x40/0x40 [ 44.006962] ? SyS_setsockopt+0x1fb/0x360 [ 44.011073] do_group_exit+0x149/0x400 [ 44.014926] ? SyS_exit+0x30/0x30 [ 44.018342] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 44.023335] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 44.028058] SyS_exit_group+0x1d/0x20 [ 44.031823] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 44.036542] RIP: 0033:0x43ee18 [ 44.039696] RSP: 002b:00007ffff4526c88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 44.047367] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ee18 [ 44.054601] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 44.061835] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 44.069070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b40 [ 44.076304] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000 [ 44.083546] [ 44.083547] ====================================================== [ 44.083549] WARNING: possible circular locking dependency detected [ 44.083550] 4.15.0-rc4-mm1+ #47 Not tainted [ 44.083552] ------------------------------------------------------ [ 44.083553] syzkaller394608/3143 is trying to acquire lock: [ 44.083554] ((console_sem).lock){..-.}, at: [<000000009ec67c9f>] down_trylock+0x13/0x70 [ 44.083558] [ 44.083559] but task is already holding lock: [ 44.083560] (report_lock){....}, at: [<00000000aca202a7>] kasan_report+0x6b/0x360 [ 44.083564] [ 44.083565] which lock already depends on the new lock. [ 44.083566] [ 44.083566] [ 44.083568] the existing dependency chain (in reverse order) is: [ 44.083569] [ 44.083569] -> #3 (report_lock){....}: [ 44.083573] _raw_spin_lock_irqsave+0x96/0xc0 [ 44.083574] kasan_report+0x6b/0x360 [ 44.083576] __asan_report_load8_noabort+0x14/0x20 [ 44.083577] __schedule+0xda3/0x2060 [ 44.083578] preempt_schedule_common+0x22/0x60 [ 44.083579] _cond_resched+0x1d/0x30 [ 44.083581] wait_for_completion+0xa5/0x770 [ 44.083582] __synchronize_srcu+0x1ad/0x260 [ 44.083583] synchronize_srcu+0x1a3/0x570 [ 44.083585] kvm_page_track_unregister_notifier+0x186/0x270 [ 44.083586] kvm_mmu_uninit_vm+0x1c/0x20 [ 44.083587] kvm_arch_destroy_vm+0x73b/0x980 [ 44.083588] kvm_put_kvm+0x695/0xde0 [ 44.083589] kvm_vm_release+0x42/0x50 [ 44.083590] __fput+0x327/0x7e0 [ 44.083591] ____fput+0x15/0x20 [ 44.083593] task_work_run+0x199/0x270 [ 44.083594] do_exit+0x9bb/0x1ad0 [ 44.083595] do_group_exit+0x149/0x400 [ 44.083596] SyS_exit_group+0x1d/0x20 [ 44.083597] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 44.083598] [ 44.083599] -> #2 (&rq->lock){-.-.}: [ 44.083602] _raw_spin_lock+0x2a/0x40 [ 44.083603] task_fork_fair+0x7a/0x690 [ 44.083605] sched_fork+0x435/0xc00 [ 44.083606] copy_process.part.37+0x1758/0x4b60 [ 44.083607] _do_fork+0x1f7/0xf70 [ 44.083608] kernel_thread+0x34/0x40 [ 44.083609] rest_init+0x22/0xf0 [ 44.083610] start_kernel+0x7f1/0x819 [ 44.083612] x86_64_start_reservations+0x2a/0x2c [ 44.083613] x86_64_start_kernel+0x77/0x7a [ 44.083614] secondary_startup_64+0xa5/0xb0 [ 44.083615] [ 44.083615] -> #1 (&p->pi_lock){-.-.}: [ 44.083619] _raw_spin_lock_irqsave+0x96/0xc0 [ 44.083620] try_to_wake_up+0xbc/0x1600 [ 44.083622] wake_up_process+0x10/0x20 [ 44.083623] __up.isra.0+0x1cc/0x2c0 [ 44.083624] up+0x13b/0x1d0 [ 44.083625] __up_console_sem+0xb2/0x1a0 [ 44.083626] console_unlock+0x538/0xd70 [ 44.083627] do_con_write+0x106e/0x1f70 [ 44.083628] con_write+0x25/0xb0 [ 44.083630] n_tty_write+0x5ef/0xec0 [ 44.083631] tty_write+0x3fa/0x840 [ 44.083632] __vfs_write+0xef/0x970 [ 44.083633] vfs_write+0x189/0x510 [ 44.083634] SyS_write+0xef/0x220 [ 44.083635] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 44.083636] [ 44.083636] -> #0 ((console_sem).lock){..-.}: [ 44.083640] lock_acquire+0x1d5/0x580 [ 44.083642] _raw_spin_lock_irqsave+0x96/0xc0 [ 44.083643] down_trylock+0x13/0x70 [ 44.083644] __down_trylock_console_sem+0xa2/0x1e0 [ 44.083645] console_trylock+0x15/0x100 [ 44.083646] vprintk_emit+0x49b/0x590 [ 44.083648] vprintk_default+0x28/0x30 [ 44.083649] vprintk_func+0x57/0xc0 [ 44.083650] printk+0xaa/0xca [ 44.083651] kasan_report+0x7b/0x360 [ 44.083652] __asan_report_load8_noabort+0x14/0x20 [ 44.083653] __schedule+0xda3/0x2060 [ 44.083655] preempt_schedule_common+0x22/0x60 [ 44.083656] _cond_resched+0x1d/0x30 [ 44.083657] wait_for_completion+0xa5/0x770 [ 44.083658] __synchronize_srcu+0x1ad/0x260 [ 44.083659] synchronize_srcu+0x1a3/0x570 [ 44.083661] kvm_page_track_unregister_notifier+0x186/0x270 [ 44.083662] kvm_mmu_uninit_vm+0x1c/0x20 [ 44.083663] kvm_arch_destroy_vm+0x73b/0x980 [ 44.083664] kvm_put_kvm+0x695/0xde0 [ 44.083666] kvm_vm_release+0x42/0x50 [ 44.083667] __fput+0x327/0x7e0 [ 44.083668] ____fput+0x15/0x20 [ 44.083669] task_work_run+0x199/0x270 [ 44.083670] do_exit+0x9bb/0x1ad0 [ 44.083671] do_group_exit+0x149/0x400 [ 44.083672] SyS_exit_group+0x1d/0x20 [ 44.083673] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 44.083674] [ 44.083675] other info that might help us debug this: [ 44.083676] [ 44.083677] Chain exists of: [ 44.083677] (console_sem).lock --> &rq->lock --> report_lock [ 44.083682] [ 44.083684] Possible unsafe locking scenario: [ 44.083684] [ 44.083685] CPU0 CPU1 [ 44.083687] ---- ---- [ 44.083687] lock(report_lock); [ 44.083690] lock(&rq->lock); [ 44.083693] lock(report_lock); [ 44.083695] lock((console_sem).lock); [ 44.083697] [ 44.083698] *** DEADLOCK *** [ 44.083699] [ 44.083700] 2 locks held by syzkaller394608/3143: [ 44.083701] #0: (&rq->lock){-.-.}, at: [<00000000cb5e51da>] __schedule+0x24e/0x2060 [ 44.083705] #1: (report_lock){....}, at: [<00000000aca202a7>] kasan_report+0x6b/0x360 [ 44.083709] [ 44.083710] stack backtrace: [ 44.083712] CPU: 0 PID: 3143 Comm: syzkaller394608 Not tainted 4.15.0-rc4-mm1+ #47 [ 44.083714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.083715] Call Trace: [ 44.083716] dump_stack+0x194/0x257 [ 44.083717] ? arch_local_irq_restore+0x53/0x53 [ 44.083718] print_circular_bug.isra.37+0x2cd/0x2dc [ 44.083720] ? save_trace+0xe0/0x2b0 [ 44.083721] __lock_acquire+0x30a8/0x3e00 [ 44.083722] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 44.083723] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 44.083725] ? print_lockdep_cache.isra.31+0x109/0x109 [ 44.083726] ? save_stack_trace+0x1a/0x20 [ 44.083727] ? save_trace+0xe0/0x2b0 [ 44.083728] ? __lock_acquire+0x36c0/0x3e00 [ 44.083730] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 44.083731] ? __lock_is_held+0xb6/0x140 [ 44.083732] ? __lock_is_held+0xb6/0x140 [ 44.083733] lock_acquire+0x1d5/0x580 [ 44.083734] ? lock_acquire+0x1d5/0x580 [ 44.083735] ? down_trylock+0x13/0x70 [ 44.083736] ? find_held_lock+0x35/0x1d0 [ 44.083738] ? lock_release+0xa40/0xa40 [ 44.083739] ? vprintk_emit+0x379/0x590 [ 44.083740] ? lock_downgrade+0x980/0x980 [ 44.083741] ? kvm_sched_clock_read+0x25/0x40 [ 44.083742] ? sched_clock+0x31/0x40 [ 44.083743] ? sched_clock_cpu+0x1b/0x170 [ 44.083744] ? vprintk_emit+0x49b/0x590 [ 44.083746] _raw_spin_lock_irqsave+0x96/0xc0 [ 44.083747] ? down_trylock+0x13/0x70 [ 44.083748] down_trylock+0x13/0x70 [ 44.083749] ? vprintk_emit+0x49b/0x590 [ 44.083750] __down_trylock_console_sem+0xa2/0x1e0 [ 44.083751] console_trylock+0x15/0x100 [ 44.083752] vprintk_emit+0x49b/0x590 [ 44.083753] vprintk_default+0x28/0x30 [ 44.083754] vprintk_func+0x57/0xc0 [ 44.083755] printk+0xaa/0xca [ 44.083757] ? show_regs_print_info+0x18/0x18 [ 44.083758] ? __schedule+0xda3/0x2060 [ 44.083759] kasan_report+0x7b/0x360 [ 44.083760] __asan_report_load8_noabort+0x14/0x20 [ 44.083761] __schedule+0xda3/0x2060 [ 44.083762] ? __sched_text_start+0x8/0x8 [ 44.083763] ? trace_hardirqs_on+0xd/0x10 [ 44.083764] ? __call_srcu+0x7ee/0x1020 [ 44.083766] ? do_raw_spin_trylock+0x190/0x190 [ 44.083767] ? do_raw_spin_trylock+0x190/0x190 [ 44.083768] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 44.083770] ? __debug_object_init+0x235/0x1040 [ 44.083771] preempt_schedule_common+0x22/0x60 [ 44.083772] _cond_resched+0x1d/0x30 [ 44.083773] wait_for_completion+0xa5/0x770 [ 44.083774] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 44.083776] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 44.083777] ? __lockdep_init_map+0xe4/0x650 [ 44.083778] ? __init_waitqueue_head+0x97/0x140 [ 44.083780] ? init_wait_entry+0x1b0/0x1b0 [ 44.083781] __synchronize_srcu+0x1ad/0x260 [ 44.083782] ? call_srcu+0x10/0x10 [ 44.083783] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 44.083785] ? irq_matrix_allocated+0x80/0x80 [ 44.083786] ? synchronize_srcu+0x3c5/0x570 [ 44.083787] synchronize_srcu+0x1a3/0x570 [ 44.083788] ? synchronize_srcu+0x1a3/0x570 [ 44.083789] ? lock_downgrade+0x980/0x980 [ 44.083791] ? synchronize_srcu_expedited+0x20/0x20 [ 44.083792] ? lock_release+0xa40/0xa40 [ 44.083793] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 44.083794] ? do_raw_spin_trylock+0x190/0x190 [ 44.083796] kvm_page_track_unregister_notifier+0x186/0x270 [ 44.083797] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 44.083798] ? kvfree+0x36/0x60 [ 44.083799] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.083801] kvm_mmu_uninit_vm+0x1c/0x20 [ 44.083802] kvm_arch_destroy_vm+0x73b/0x980 [ 44.083803] ? kvm_arch_sync_events+0x30/0x30 [ 44.083804] ? mmdrop+0x18/0x30 [ 44.083805] ? mmu_notifier_unregister+0x43c/0x5c0 [ 44.083807] ? kvm_put_kvm+0x47a/0xde0 [ 44.083808] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 44.083809] ? __free_pages+0x107/0x150 [ 44.083810] ? free_unref_page+0x9e0/0x9e0 [ 44.083811] ? quarantine_put+0xeb/0x190 [ 44.083812] ? kfree+0xf0/0x260 [ 44.083814] ? kvm_put_kvm+0x614/0xde0 [ 44.083815] ? free_pages+0x51/0x90 [ 44.083816] kvm_put_kvm+0x695/0xde0 [ 44.083817] ? kvm_clear_guest+0xb0/0xb0 [ 44.083818] ? kvm_irqfd_release+0xd1/0x120 [ 44.083819] ? lock_downgrade+0x980/0x980 [ 44.083820] ? _raw_spin_unlock_irq+0x27/0x70 [ 44.083822] ? kvm_irqfd_release+0xdd/0x120 [ 44.083823] ? kvm_irqfd_release+0xdd/0x120 [ 44.083824] ? kvm_put_kvm+0xde0/0xde0 [ 44.083825] kvm_vm_release+0x42/0x50 [ 44.083826] __fput+0x327/0x7e0 [ 44.083827] ? fput+0x140/0x140 [ 44.083828] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 44.083830] ? _raw_spin_unlock_irq+0x27/0x70 [ 44.083831] ____fput+0x15/0x20 [ 44.083832] task_work_run+0x199/0x270 [ 44.083833] ? task_work_cancel+0x210/0x210 [ 44.083834] ? _raw_spin_unlock+0x22/0x30 [ 44.083835] ? switch_task_namespaces+0x87/0xc0 [ 44.083836] do_exit+0x9bb/0x1ad0 [ 44.083838] ? kvm_vcpu_fault+0x520/0x520 [ 44.083839] ? mm_update_next_owner+0x930/0x930 [ 44.083840] ? find_held_lock+0x35/0x1d0 [ 44.083841] ? handle_mm_fault+0x2a0/0x930 [ 44.083842] ? find_held_lock+0x35/0x1d0 [ 44.083843] ? __do_page_fault+0x5f7/0xc90 [ 44.083845] ? lock_downgrade+0x980/0x980 [ 44.083846] ? down_read_trylock+0xdb/0x170 [ 44.083847] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 44.083848] ? vmacache_find+0x5f/0x280 [ 44.083849] ? vmacache_update+0xfe/0x130 [ 44.083850] ? up_read+0x1a/0x40 [ 44.083851] ? __do_page_fault+0x3d6/0xc90 [ 44.083853] ? kvm_vcpu_fault+0x520/0x520 [ 44.083854] ? do_vfs_ioctl+0x486/0x1520 [ 44.083855] ? _cond_resched+0x14/0x30 [ 44.083856] ? ioctl_preallocate+0x2b0/0x2b0 [ 44.083857] ? selinux_capable+0x40/0x40 [ 44.083858] ? SyS_setsocko [ 44.083860] Lost 14 message(s)! [ 45.162213] Shutting down cpus with NMI [ 46.218238] Dumping ftrace buffer: [ 46.221748] (ftrace buffer empty) [ 46.225421] Kernel Offset: disabled [ 46.229015] Rebooting in 86400 seconds..