[....] Starting enhanced syslogd: rsyslogd[ 11.036308] audit: type=1400 audit(1513850441.531:5): avc: denied { syslog } for pid=2987 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 15.303089] audit: type=1400 audit(1513850445.797:6): avc: denied { map } for pid=3128 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-5,10.128.0.59' (ECDSA) to the list of known hosts. executing program [ 28.971192] audit: type=1400 audit(1513850459.465:7): avc: denied { map } for pid=3144 comm="syzkaller820772" path="/root/syzkaller820772441" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 29.003212] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 29.012848] ================================================================== [ 29.020937] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 29.027143] Read of size 8 at addr ffff8801d2100058 by task syzkaller820772/3144 [ 29.034639] [ 29.036237] CPU: 1 PID: 3144 Comm: syzkaller820772 Not tainted 4.15.0-rc4-mm1+ #47 [ 29.043911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.053236] Call Trace: [ 29.055792] dump_stack+0x194/0x257 [ 29.059386] ? arch_local_irq_restore+0x53/0x53 [ 29.064029] ? show_regs_print_info+0x18/0x18 [ 29.068500] ? __schedule+0xda3/0x2060 [ 29.072368] print_address_description+0x73/0x250 [ 29.077182] ? __schedule+0xda3/0x2060 [ 29.081035] kasan_report+0x23b/0x360 [ 29.084803] __asan_report_load8_noabort+0x14/0x20 [ 29.089697] __schedule+0xda3/0x2060 [ 29.093380] ? __sched_text_start+0x8/0x8 [ 29.097493] ? trace_hardirqs_on+0xd/0x10 [ 29.101621] ? __call_srcu+0x7ee/0x1020 [ 29.105578] ? do_raw_spin_trylock+0x190/0x190 [ 29.110138] ? do_raw_spin_trylock+0x190/0x190 [ 29.114699] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 29.120557] ? __debug_object_init+0x235/0x1040 [ 29.125206] preempt_schedule_common+0x22/0x60 [ 29.129754] _cond_resched+0x1d/0x30 [ 29.133432] wait_for_completion+0xa5/0x770 [ 29.137738] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.142721] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 29.148486] ? __lockdep_init_map+0xe4/0x650 [ 29.152864] ? __init_waitqueue_head+0x97/0x140 [ 29.157501] ? init_wait_entry+0x1b0/0x1b0 [ 29.161716] __synchronize_srcu+0x1ad/0x260 [ 29.166004] ? call_srcu+0x10/0x10 [ 29.169510] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 29.175013] ? irq_matrix_allocated+0x80/0x80 [ 29.179473] ? synchronize_srcu+0x3c5/0x570 [ 29.183762] synchronize_srcu+0x1a3/0x570 [ 29.187877] ? synchronize_srcu+0x1a3/0x570 [ 29.192165] ? lock_downgrade+0x980/0x980 [ 29.196285] ? synchronize_srcu_expedited+0x20/0x20 [ 29.201267] ? lock_release+0xa40/0xa40 [ 29.205209] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 29.210021] ? do_raw_spin_trylock+0x190/0x190 [ 29.214579] kvm_page_track_unregister_notifier+0x186/0x270 [ 29.220256] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 29.225675] ? kvfree+0x36/0x60 [ 29.228921] ? rcu_read_lock_sched_held+0x108/0x120 [ 29.233904] kvm_mmu_uninit_vm+0x1c/0x20 [ 29.237930] kvm_arch_destroy_vm+0x73b/0x980 [ 29.242305] ? kvm_arch_sync_events+0x30/0x30 [ 29.246775] ? mmdrop+0x18/0x30 [ 29.250022] ? mmu_notifier_unregister+0x43c/0x5c0 [ 29.254916] ? kvm_put_kvm+0x47a/0xde0 [ 29.258772] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 29.264709] ? __free_pages+0x107/0x150 [ 29.268647] ? free_unref_page+0x9e0/0x9e0 [ 29.272850] ? quarantine_put+0xeb/0x190 [ 29.276876] ? kfree+0xf0/0x260 [ 29.280120] ? kvm_put_kvm+0x614/0xde0 [ 29.283975] ? free_pages+0x51/0x90 [ 29.287569] kvm_put_kvm+0x695/0xde0 [ 29.291253] ? kvm_clear_guest+0xb0/0xb0 [ 29.295282] ? kvm_irqfd_release+0xd1/0x120 [ 29.299569] ? lock_downgrade+0x980/0x980 [ 29.303691] ? _raw_spin_unlock_irq+0x27/0x70 [ 29.308157] ? kvm_irqfd_release+0xdd/0x120 [ 29.312442] ? kvm_irqfd_release+0xdd/0x120 [ 29.316727] ? kvm_put_kvm+0xde0/0xde0 [ 29.320580] kvm_vm_release+0x42/0x50 [ 29.324351] __fput+0x327/0x7e0 [ 29.327599] ? fput+0x140/0x140 [ 29.330850] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 29.336709] ? _raw_spin_unlock_irq+0x27/0x70 [ 29.341182] ____fput+0x15/0x20 [ 29.344436] task_work_run+0x199/0x270 [ 29.348291] ? task_work_cancel+0x210/0x210 [ 29.352580] ? _raw_spin_unlock+0x22/0x30 [ 29.356695] ? switch_task_namespaces+0x87/0xc0 [ 29.361331] do_exit+0x9bb/0x1ad0 [ 29.364759] ? kvm_vcpu_fault+0x520/0x520 [ 29.368877] ? mm_update_next_owner+0x930/0x930 [ 29.373509] ? find_held_lock+0x35/0x1d0 [ 29.377541] ? handle_mm_fault+0x2a0/0x930 [ 29.381743] ? find_held_lock+0x35/0x1d0 [ 29.385778] ? __do_page_fault+0x5f7/0xc90 [ 29.389983] ? lock_downgrade+0x980/0x980 [ 29.394101] ? down_read_trylock+0xdb/0x170 [ 29.398399] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 29.402978] ? vmacache_find+0x5f/0x280 [ 29.406944] ? up_read+0x1a/0x40 [ 29.410285] ? __do_page_fault+0x3d6/0xc90 [ 29.414505] ? kvm_vcpu_fault+0x520/0x520 [ 29.418631] ? do_vfs_ioctl+0x486/0x1520 [ 29.422668] ? _cond_resched+0x14/0x30 [ 29.426530] ? ioctl_preallocate+0x2b0/0x2b0 [ 29.430907] ? selinux_capable+0x40/0x40 [ 29.434933] ? putname+0xf3/0x130 [ 29.438356] do_group_exit+0x149/0x400 [ 29.442210] ? SyS_exit+0x30/0x30 [ 29.445634] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.450617] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.455337] SyS_exit_group+0x1d/0x20 [ 29.459104] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 29.463824] RIP: 0033:0x43ed98 [ 29.466980] RSP: 002b:00007ffc86be5558 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 29.474652] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ed98 [ 29.481885] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 29.489127] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 29.496373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ac0 [ 29.503613] R13: 0000000000401b50 R14: 0000000000000000 R15: 0000000000000000 [ 29.510864] [ 29.512464] Allocated by task 3144: [ 29.516069] save_stack+0x43/0xd0 [ 29.519497] kasan_kmalloc+0xad/0xe0 [ 29.523185] kasan_slab_alloc+0x12/0x20 [ 29.527127] kmem_cache_alloc+0x12e/0x760 [ 29.531245] vmx_create_vcpu+0xc4/0x2f20 [ 29.535276] kvm_arch_vcpu_create+0x12c/0x1a0 [ 29.539738] kvm_vm_ioctl+0x48b/0x1c60 [ 29.543591] do_vfs_ioctl+0x1b1/0x1520 [ 29.547452] SyS_ioctl+0x8f/0xc0 [ 29.550795] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 29.555513] [ 29.557104] Freed by task 3144: [ 29.560349] save_stack+0x43/0xd0 [ 29.563767] kasan_slab_free+0x71/0xc0 [ 29.567617] kmem_cache_free+0x83/0x2a0 [ 29.571557] vmx_free_vcpu+0x1ee/0x260 [ 29.575409] kvm_arch_destroy_vm+0x4a2/0x980 [ 29.579788] kvm_put_kvm+0x695/0xde0 [ 29.583466] kvm_vm_release+0x42/0x50 [ 29.587231] __fput+0x327/0x7e0 [ 29.590474] ____fput+0x15/0x20 [ 29.593721] task_work_run+0x199/0x270 [ 29.597576] do_exit+0x9bb/0x1ad0 [ 29.600993] do_group_exit+0x149/0x400 [ 29.604849] SyS_exit_group+0x1d/0x20 [ 29.608614] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 29.613331] [ 29.614924] The buggy address belongs to the object at ffff8801d2100040 [ 29.614924] which belongs to the cache kvm_vcpu of size 23872 [ 29.627464] The buggy address is located 24 bytes inside of [ 29.627464] 23872-byte region [ffff8801d2100040, ffff8801d2105d80) [ 29.639392] The buggy address belongs to the page: [ 29.644299] page:ffffea0007484000 count:1 mapcount:0 mapping:ffff8801d2100040 index:0x0 compound_mapcount: 0 [ 29.654230] flags: 0x2fffc0000008100(slab|head) [ 29.658865] raw: 02fffc0000008100 ffff8801d2100040 0000000000000000 0000000100000001 [ 29.666712] raw: ffff8801d6cc2748 ffff8801d6cc2748 ffff8801d6cc8b40 0000000000000000 [ 29.674555] page dumped because: kasan: bad access detected [ 29.680224] [ 29.681816] Memory state around the buggy address: [ 29.686708] ffff8801d20fff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.694485] ffff8801d20fff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.701809] >ffff8801d2100000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 29.709136] ^ [ 29.715336] ffff8801d2100080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.722660] ffff8801d2100100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.730330] ================================================================== [ 29.737654] Kernel panic - not syncing: panic_on_warn set ... [ 29.737654] [ 29.744993] CPU: 1 PID: 3144 Comm: syzkaller820772 Tainted: G B 4.15.0-rc4-mm1+ #47 [ 29.753968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.763292] Call Trace: [ 29.765854] dump_stack+0x194/0x257 [ 29.769461] ? arch_local_irq_restore+0x53/0x53 [ 29.774103] ? kasan_end_report+0x32/0x50 [ 29.778219] ? lock_downgrade+0x980/0x980 [ 29.782340] ? vsnprintf+0x1ed/0x1900 [ 29.786117] ? __schedule+0xcf0/0x2060 [ 29.789973] panic+0x1e4/0x41c [ 29.793134] ? refcount_error_report+0x214/0x214 [ 29.797859] ? print_shadow_for_address+0xdc/0x1a0 [ 29.802754] ? add_taint+0x1c/0x50 [ 29.806261] ? __schedule+0xda3/0x2060 [ 29.810116] kasan_end_report+0x50/0x50 [ 29.814054] kasan_report+0x148/0x360 [ 29.817822] __asan_report_load8_noabort+0x14/0x20 [ 29.822719] __schedule+0xda3/0x2060 [ 29.826402] ? __sched_text_start+0x8/0x8 [ 29.830523] ? trace_hardirqs_on+0xd/0x10 [ 29.834639] ? __call_srcu+0x7ee/0x1020 [ 29.838579] ? do_raw_spin_trylock+0x190/0x190 [ 29.843124] ? do_raw_spin_trylock+0x190/0x190 [ 29.847678] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 29.853530] ? __debug_object_init+0x235/0x1040 [ 29.858169] preempt_schedule_common+0x22/0x60 [ 29.862715] _cond_resched+0x1d/0x30 [ 29.866395] wait_for_completion+0xa5/0x770 [ 29.870683] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.875664] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 29.881428] ? __lockdep_init_map+0xe4/0x650 [ 29.885805] ? __init_waitqueue_head+0x97/0x140 [ 29.890443] ? init_wait_entry+0x1b0/0x1b0 [ 29.894647] __synchronize_srcu+0x1ad/0x260 [ 29.898934] ? call_srcu+0x10/0x10 [ 29.902439] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 29.907947] ? irq_matrix_allocated+0x80/0x80 [ 29.912408] ? synchronize_srcu+0x3c5/0x570 [ 29.916695] synchronize_srcu+0x1a3/0x570 [ 29.920809] ? synchronize_srcu+0x1a3/0x570 [ 29.925098] ? lock_downgrade+0x980/0x980 [ 29.929212] ? synchronize_srcu_expedited+0x20/0x20 [ 29.934197] ? lock_release+0xa40/0xa40 [ 29.938137] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 29.942953] ? do_raw_spin_trylock+0x190/0x190 [ 29.947509] kvm_page_track_unregister_notifier+0x186/0x270 [ 29.953195] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 29.958611] ? kvfree+0x36/0x60 [ 29.961853] ? rcu_read_lock_sched_held+0x108/0x120 [ 29.966838] kvm_mmu_uninit_vm+0x1c/0x20 [ 29.970873] kvm_arch_destroy_vm+0x73b/0x980 [ 29.975251] ? kvm_arch_sync_events+0x30/0x30 [ 29.979720] ? mmdrop+0x18/0x30 [ 29.982992] ? mmu_notifier_unregister+0x43c/0x5c0 [ 29.987891] ? kvm_put_kvm+0x47a/0xde0 [ 29.991749] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 29.997692] ? __free_pages+0x107/0x150 [ 30.001634] ? free_unref_page+0x9e0/0x9e0 [ 30.005834] ? quarantine_put+0xeb/0x190 [ 30.009861] ? kfree+0xf0/0x260 [ 30.013110] ? kvm_put_kvm+0x614/0xde0 [ 30.016968] ? free_pages+0x51/0x90 [ 30.020564] kvm_put_kvm+0x695/0xde0 [ 30.024248] ? kvm_clear_guest+0xb0/0xb0 [ 30.028282] ? kvm_irqfd_release+0xd1/0x120 [ 30.032575] ? lock_downgrade+0x980/0x980 [ 30.036698] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.041162] ? kvm_irqfd_release+0xdd/0x120 [ 30.045449] ? kvm_irqfd_release+0xdd/0x120 [ 30.049751] ? kvm_put_kvm+0xde0/0xde0 [ 30.053606] kvm_vm_release+0x42/0x50 [ 30.057374] __fput+0x327/0x7e0 [ 30.060621] ? fput+0x140/0x140 [ 30.063866] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 30.069725] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.074187] ____fput+0x15/0x20 [ 30.077433] task_work_run+0x199/0x270 [ 30.081294] ? task_work_cancel+0x210/0x210 [ 30.085590] ? _raw_spin_unlock+0x22/0x30 [ 30.089704] ? switch_task_namespaces+0x87/0xc0 [ 30.094340] do_exit+0x9bb/0x1ad0 [ 30.097756] ? kvm_vcpu_fault+0x520/0x520 [ 30.101873] ? mm_update_next_owner+0x930/0x930 [ 30.106508] ? find_held_lock+0x35/0x1d0 [ 30.110549] ? handle_mm_fault+0x2a0/0x930 [ 30.114751] ? find_held_lock+0x35/0x1d0 [ 30.118783] ? __do_page_fault+0x5f7/0xc90 [ 30.122990] ? lock_downgrade+0x980/0x980 [ 30.127108] ? down_read_trylock+0xdb/0x170 [ 30.131395] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 30.135941] ? vmacache_find+0x5f/0x280 [ 30.139882] ? up_read+0x1a/0x40 [ 30.143216] ? __do_page_fault+0x3d6/0xc90 [ 30.147420] ? kvm_vcpu_fault+0x520/0x520 [ 30.151534] ? do_vfs_ioctl+0x486/0x1520 [ 30.155561] ? _cond_resched+0x14/0x30 [ 30.159417] ? ioctl_preallocate+0x2b0/0x2b0 [ 30.163792] ? selinux_capable+0x40/0x40 [ 30.167823] ? putname+0xf3/0x130 [ 30.171251] do_group_exit+0x149/0x400 [ 30.175107] ? SyS_exit+0x30/0x30 [ 30.178528] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.183513] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 30.188235] SyS_exit_group+0x1d/0x20 [ 30.192002] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 30.196723] RIP: 0033:0x43ed98 [ 30.199879] RSP: 002b:00007ffc86be5558 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 30.207558] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ed98 [ 30.214797] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 30.222033] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 30.229267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ac0 [ 30.236522] R13: 0000000000401b50 R14: 0000000000000000 R15: 0000000000000000 [ 30.243780] [ 30.243782] ====================================================== [ 30.243784] WARNING: possible circular locking dependency detected [ 30.243785] 4.15.0-rc4-mm1+ #47 Not tainted [ 30.243787] ------------------------------------------------------ [ 30.243788] syzkaller820772/3144 is trying to acquire lock: [ 30.243794] ((console_sem).lock){-...}, at: [<00000000d251c325>] down_trylock+0x13/0x70 [ 30.243798] [ 30.243800] but task is already holding lock: [ 30.243800] (report_lock){....}, at: [<00000000675b06ca>] kasan_report+0x6b/0x360 [ 30.243804] [ 30.243806] which lock already depends on the new lock. [ 30.243806] [ 30.243807] [ 30.243809] the existing dependency chain (in reverse order) is: [ 30.243809] [ 30.243810] -> #3 (report_lock){....}: [ 30.243814] _raw_spin_lock_irqsave+0x96/0xc0 [ 30.243815] kasan_report+0x6b/0x360 [ 30.243817] __asan_report_load8_noabort+0x14/0x20 [ 30.243818] __schedule+0xda3/0x2060 [ 30.243819] preempt_schedule_common+0x22/0x60 [ 30.243820] _cond_resched+0x1d/0x30 [ 30.243821] wait_for_completion+0xa5/0x770 [ 30.243823] __synchronize_srcu+0x1ad/0x260 [ 30.243824] synchronize_srcu+0x1a3/0x570 [ 30.243825] kvm_page_track_unregister_notifier+0x186/0x270 [ 30.243827] kvm_mmu_uninit_vm+0x1c/0x20 [ 30.243828] kvm_arch_destroy_vm+0x73b/0x980 [ 30.243829] kvm_put_kvm+0x695/0xde0 [ 30.243830] kvm_vm_release+0x42/0x50 [ 30.243831] __fput+0x327/0x7e0 [ 30.243832] ____fput+0x15/0x20 [ 30.243833] task_work_run+0x199/0x270 [ 30.243835] do_exit+0x9bb/0x1ad0 [ 30.243836] do_group_exit+0x149/0x400 [ 30.243837] SyS_exit_group+0x1d/0x20 [ 30.243838] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 30.243839] [ 30.243840] -> #2 (&rq->lock){-.-.}: [ 30.243844] _raw_spin_lock+0x2a/0x40 [ 30.243845] task_fork_fair+0x7a/0x690 [ 30.243846] sched_fork+0x435/0xc00 [ 30.243847] copy_process.part.37+0x1758/0x4b60 [ 30.243848] _do_fork+0x1f7/0xf70 [ 30.243849] kernel_thread+0x34/0x40 [ 30.243850] rest_init+0x22/0xf0 [ 30.243852] start_kernel+0x7f1/0x819 [ 30.243853] x86_64_start_reservations+0x2a/0x2c [ 30.243854] x86_64_start_kernel+0x77/0x7a [ 30.243855] secondary_startup_64+0xa5/0xb0 [ 30.243856] [ 30.243857] -> #1 (&p->pi_lock){-.-.}: [ 30.243861] _raw_spin_lock_irqsave+0x96/0xc0 [ 30.243862] try_to_wake_up+0xbc/0x1600 [ 30.243863] wake_up_process+0x10/0x20 [ 30.243864] __up.isra.0+0x1cc/0x2c0 [ 30.243865] up+0x13b/0x1d0 [ 30.243866] __up_console_sem+0xb2/0x1a0 [ 30.243867] console_unlock+0x538/0xd70 [ 30.243868] vprintk_emit+0x4ad/0x590 [ 30.243870] dev_vprintk_emit+0x183/0x510 [ 30.243871] dev_printk_emit+0xc0/0xf0 [ 30.243872] __dev_printk+0xa7/0x120 [ 30.243873] dev_warn+0x10b/0x170 [ 30.243874] _request_firmware+0x1021/0x1960 [ 30.243876] request_firmware_work_func+0xe3/0x2c0 [ 30.243877] process_one_work+0xbbf/0x1af0 [ 30.243878] worker_thread+0x223/0x1990 [ 30.243879] kthread+0x33c/0x400 [ 30.243881] ret_from_fork+0x24/0x30 [ 30.243881] [ 30.243882] -> #0 ((console_sem).lock){-...}: [ 30.243886] lock_acquire+0x1d5/0x580 [ 30.243887] _raw_spin_lock_irqsave+0x96/0xc0 [ 30.243888] down_trylock+0x13/0x70 [ 30.243890] __down_trylock_console_sem+0xa2/0x1e0 [ 30.243891] console_trylock+0x15/0x100 [ 30.243892] vprintk_emit+0x49b/0x590 [ 30.243893] vprintk_default+0x28/0x30 [ 30.243894] vprintk_func+0x57/0xc0 [ 30.243895] printk+0xaa/0xca [ 30.243896] kasan_report+0x7b/0x360 [ 30.243898] __asan_report_load8_noabort+0x14/0x20 [ 30.243899] __schedule+0xda3/0x2060 [ 30.243900] preempt_schedule_common+0x22/0x60 [ 30.243902] _cond_resched+0x1d/0x30 [ 30.243903] wait_for_completion+0xa5/0x770 [ 30.243904] __synchronize_srcu+0x1ad/0x260 [ 30.243905] synchronize_srcu+0x1a3/0x570 [ 30.243907] kvm_page_track_unregister_notifier+0x186/0x270 [ 30.243908] kvm_mmu_uninit_vm+0x1c/0x20 [ 30.243909] kvm_arch_destroy_vm+0x73b/0x980 [ 30.243910] kvm_put_kvm+0x695/0xde0 [ 30.243912] kvm_vm_release+0x42/0x50 [ 30.243913] __fput+0x327/0x7e0 [ 30.243914] ____fput+0x15/0x20 [ 30.243915] task_work_run+0x199/0x270 [ 30.243916] do_exit+0x9bb/0x1ad0 [ 30.243917] do_group_exit+0x149/0x400 [ 30.243918] SyS_exit_group+0x1d/0x20 [ 30.243920] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 30.243920] [ 30.243922] other info that might help us debug this: [ 30.243922] [ 30.243923] Chain exists of: [ 30.243924] (console_sem).lock --> &rq->lock --> report_lock [ 30.243929] [ 30.243930] Possible unsafe locking scenario: [ 30.243931] [ 30.243932] CPU0 CPU1 [ 30.243933] ---- ---- [ 30.243934] lock(report_lock); [ 30.243936] lock(&rq->lock); [ 30.243939] lock(report_lock); [ 30.243941] lock((console_sem).lock); [ 30.243943] [ 30.243944] *** DEADLOCK *** [ 30.243945] [ 30.243946] 2 locks held by syzkaller820772/3144: [ 30.243947] #0: (&rq->lock){-.-.}, at: [<000000009207ab94>] __schedule+0x24e/0x2060 [ 30.243951] #1: (report_lock){....}, at: [<00000000675b06ca>] kasan_report+0x6b/0x360 [ 30.243955] [ 30.243956] stack backtrace: [ 30.243958] CPU: 1 PID: 3144 Comm: syzkaller820772 Not tainted 4.15.0-rc4-mm1+ #47 [ 30.243960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.243961] Call Trace: [ 30.243962] dump_stack+0x194/0x257 [ 30.243964] ? arch_local_irq_restore+0x53/0x53 [ 30.243965] print_circular_bug.isra.37+0x2cd/0x2dc [ 30.243966] ? save_trace+0xe0/0x2b0 [ 30.243967] __lock_acquire+0x30a8/0x3e00 [ 30.243969] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 30.243970] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 30.243971] ? print_lockdep_cache.isra.31+0x109/0x109 [ 30.243972] ? save_stack_trace+0x1a/0x20 [ 30.243973] ? save_trace+0xe0/0x2b0 [ 30.243975] ? __lock_acquire+0x36c0/0x3e00 [ 30.243976] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 30.243977] ? __lock_is_held+0xb6/0x140 [ 30.243978] ? __lock_is_held+0xb6/0x140 [ 30.243979] lock_acquire+0x1d5/0x580 [ 30.243981] ? lock_acquire+0x1d5/0x580 [ 30.243982] ? down_trylock+0x13/0x70 [ 30.243983] ? find_held_lock+0x35/0x1d0 [ 30.243984] ? lock_release+0xa40/0xa40 [ 30.243985] ? vprintk_emit+0x379/0x590 [ 30.243986] ? lock_downgrade+0x980/0x980 [ 30.243987] ? kvm_sched_clock_read+0x25/0x40 [ 30.243989] ? sched_clock+0x31/0x40 [ 30.243990] ? sched_clock_cpu+0x1b/0x170 [ 30.243991] ? vprintk_emit+0x49b/0x590 [ 30.243992] _raw_spin_lock_irqsave+0x96/0xc0 [ 30.243993] ? down_trylock+0x13/0x70 [ 30.243994] down_trylock+0x13/0x70 [ 30.243995] ? vprintk_emit+0x49b/0x590 [ 30.243997] __down_trylock_console_sem+0xa2/0x1e0 [ 30.243998] console_trylock+0x15/0x100 [ 30.243999] vprintk_emit+0x49b/0x590 [ 30.244000] vprintk_default+0x28/0x30 [ 30.244001] vprintk_func+0x57/0xc0 [ 30.244002] printk+0xaa/0xca [ 30.244003] ? show_regs_print_info+0x18/0x18 [ 30.244004] ? __schedule+0xda3/0x2060 [ 30.244005] kasan_report+0x7b/0x360 [ 30.244007] __asan_report_load8_noabort+0x14/0x20 [ 30.244008] __schedule+0xda3/0x2060 [ 30.244009] ? __sched_text_start+0x8/0x8 [ 30.244010] ? trace_hardirqs_on+0xd/0x10 [ 30.244011] ? __call_srcu+0x7ee/0x1020 [ 30.244012] ? do_raw_spin_trylock+0x190/0x190 [ 30.244014] ? do_raw_spin_trylock+0x190/0x190 [ 30.244015] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 30.244016] ? __debug_object_init+0x235/0x1040 [ 30.244018] preempt_schedule_common+0x22/0x60 [ 30.244019] _cond_resched+0x1d/0x30 [ 30.244020] wait_for_completion+0xa5/0x770 [ 30.244021] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.244023] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 30.244024] ? __lockdep_init_map+0xe4/0x650 [ 30.244025] ? __init_waitqueue_head+0x97/0x140 [ 30.244026] ? init_wait_entry+0x1b0/0x1b0 [ 30.244028] __synchronize_srcu+0x1ad/0x260 [ 30.244029] ? call_srcu+0x10/0x10 [ 30.244030] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 30.244031] ? irq_matrix_allocated+0x80/0x80 [ 30.244033] ? synchronize_srcu+0x3c5/0x570 [ 30.244034] synchronize_srcu+0x1a3/0x570 [ 30.244035] ? synchronize_srcu+0x1a3/0x570 [ 30.244036] ? lock_downgrade+0x980/0x980 [ 30.244037] ? synchronize_srcu_expedited+0x20/0x20 [ 30.244039] ? lock_release+0xa40/0xa40 [ 30.244040] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 30.244041] ? do_raw_spin_trylock+0x190/0x190 [ 30.244043] kvm_page_track_unregister_notifier+0x186/0x270 [ 30.244044] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 30.244045] ? kvfree+0x36/0x60 [ 30.244046] ? rcu_read_lock_sched_held+0x108/0x120 [ 30.244048] kvm_mmu_uninit_vm+0x1c/0x20 [ 30.244049] kvm_arch_destroy_vm+0x73b/0x980 [ 30.244050] ? kvm_arch_sync_events+0x30/0x30 [ 30.244052] ? mmdrop+0x18/0x30 [ 30.244053] ? mmu_notifier_unregister+0x43c/0x5c0 [ 30.244054] ? kvm_put_kvm+0x47a/0xde0 [ 30.244056] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 30.244057] ? __free_pages+0x107/0x150 [ 30.244058] ? free_unref_page+0x9e0/0x9e0 [ 30.244059] ? quarantine_put+0xeb/0x190 [ 30.244060] ? kfree+0xf0/0x260 [ 30.244061] ? kvm_put_kvm+0x614/0xde0 [ 30.244063] ? free_pages+0x51/0x90 [ 30.244064] kvm_put_kvm+0x695/0xde0 [ 30.244065] ? kvm_clear_guest+0xb0/0xb0 [ 30.244066] ? kvm_irqfd_release+0xd1/0x120 [ 30.244067] ? lock_downgrade+0x980/0x980 [ 30.244068] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.244070] ? kvm_irqfd_release+0xdd/0x120 [ 30.244071] ? kvm_irqfd_release+0xdd/0x120 [ 30.244072] ? kvm_put_kvm+0xde0/0xde0 [ 30.244073] kvm_vm_release+0x42/0x50 [ 30.244074] __fput+0x327/0x7e0 [ 30.244075] ? fput+0x140/0x140 [ 30.244076] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 30.244078] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.244079] ____fput+0x15/0x20 [ 30.244080] task_work_run+0x199/0x270 [ 30.244081] ? task_work_cancel+0x210/0x210 [ 30.244082] ? _raw_spin_unlock+0x22/0x30 [ 30.244083] ? switch_task_namespaces+0x87/0xc0 [ 30.244084] do_exit+0x9bb/0x1ad0 [ 30.244086] ? kvm_vcpu_fault+0x520/0x520 [ 30.244087] ? mm_update_next_owner+0x930/0x930 [ 30.244088] ? find_held_lock+0x35/0x1d0 [ 30.244089] ? handle_mm_fault+0x2a0/0x930 [ 30.244090] ? find_held_lock+0x35/0x1d0 [ 30.244092] ? __do_page_fault+0x5f7/0xc90 [ 30.244093] ? lock_downgrade+0x980/0x980 [ 30.244094] ? down_read_trylock+0xdb/0x170 [ 30.244095] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 30.244096] ? vmacache_find+0x5f/0x280 [ 30.244097] ? up_read+0x1a/0x40 [ 30.244098] ? __do_page_fault+0x3d6/0xc90 [ 30.244100] ? kvm_vcpu_fault+0x520/0x520 [ 30.244101] ? do_vfs_ioctl+0x486/0x1520 [ 30.244102] ? _cond_resched+0x1 [ 30.244104] Lost 17 message(s)! [ 31.320705] Shutting down cpus with NMI [ 32.375828] Dumping ftrace buffer: [ 32.379342] (ftrace buffer empty) [ 32.383018] Kernel Offset: disabled [ 32.386612] Rebooting in 86400 seconds..