[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 11.833921] audit: type=1400 audit(1513789934.988:6): avc: denied { map } for pid=3140 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-next-kasan-gce-1,10.128.15.211' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.883310] audit: type=1400 audit(1513789953.038:7): avc: denied { map } for pid=3157 comm="syzkaller221164" path="/root/syzkaller221164409" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 29.915568] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 29.926293] ================================================================== [ 29.934380] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 29.940574] Read of size 8 at addr ffff8801c8aa0058 by task syzkaller221164/3157 [ 29.948066] [ 29.949663] CPU: 0 PID: 3157 Comm: syzkaller221164 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 29.958201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.967518] Call Trace: [ 29.970069] dump_stack+0x194/0x257 [ 29.973664] ? arch_local_irq_restore+0x53/0x53 [ 29.978299] ? show_regs_print_info+0x18/0x18 [ 29.982764] ? __schedule+0xda3/0x2060 [ 29.986617] print_address_description+0x73/0x250 [ 29.991423] ? __schedule+0xda3/0x2060 [ 29.995276] kasan_report+0x25b/0x340 [ 29.999044] __asan_report_load8_noabort+0x14/0x20 [ 30.003949] __schedule+0xda3/0x2060 [ 30.007631] ? __sched_text_start+0x8/0x8 [ 30.011746] ? trace_hardirqs_on+0xd/0x10 [ 30.015870] ? __call_srcu+0x7ee/0x1020 [ 30.019809] ? do_raw_spin_trylock+0x190/0x190 [ 30.024352] ? do_raw_spin_trylock+0x190/0x190 [ 30.028904] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 30.034751] ? __debug_object_init+0x235/0x1040 [ 30.039387] preempt_schedule_common+0x22/0x60 [ 30.043937] _cond_resched+0x1d/0x30 [ 30.047614] wait_for_completion+0xa5/0x770 [ 30.051901] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.056889] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 30.062825] ? __lockdep_init_map+0xe4/0x650 [ 30.067205] ? __init_waitqueue_head+0x97/0x140 [ 30.071837] ? init_wait_entry+0x1b0/0x1b0 [ 30.076040] __synchronize_srcu+0x1ad/0x260 [ 30.080325] ? call_srcu+0x10/0x10 [ 30.083828] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 30.089331] ? irq_matrix_allocated+0x80/0x80 [ 30.093801] ? synchronize_srcu+0x3c5/0x570 [ 30.098091] synchronize_srcu+0x1a3/0x570 [ 30.102202] ? synchronize_srcu+0x1a3/0x570 [ 30.106486] ? lock_downgrade+0x980/0x980 [ 30.110597] ? synchronize_srcu_expedited+0x20/0x20 [ 30.115578] ? lock_release+0xa40/0xa40 [ 30.119515] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 30.124323] ? do_raw_spin_trylock+0x190/0x190 [ 30.128882] kvm_page_track_unregister_notifier+0x186/0x270 [ 30.134609] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 30.140023] ? kvfree+0x36/0x60 [ 30.143271] ? rcu_read_lock_sched_held+0x108/0x120 [ 30.148252] kvm_mmu_uninit_vm+0x1c/0x20 [ 30.152280] kvm_arch_destroy_vm+0x73b/0x980 [ 30.156652] ? kvm_arch_sync_events+0x30/0x30 [ 30.161112] ? mmdrop+0x18/0x30 [ 30.164356] ? mmu_notifier_unregister+0x437/0x5c0 [ 30.169247] ? kvm_put_kvm+0x47a/0xde0 [ 30.173099] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 30.178947] ? __free_pages+0x107/0x150 [ 30.182885] ? free_unref_page+0x9e0/0x9e0 [ 30.187084] ? quarantine_put+0xeb/0x190 [ 30.191107] ? kfree+0xf0/0x260 [ 30.194349] ? kvm_put_kvm+0x614/0xde0 [ 30.198198] ? free_pages+0x51/0x90 [ 30.201790] kvm_put_kvm+0x695/0xde0 [ 30.205557] ? kvm_clear_guest+0xb0/0xb0 [ 30.209584] ? kvm_irqfd_release+0xd1/0x120 [ 30.213868] ? lock_downgrade+0x980/0x980 [ 30.217985] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.222447] ? kvm_irqfd_release+0xdd/0x120 [ 30.226735] ? kvm_irqfd_release+0xdd/0x120 [ 30.231020] ? kvm_put_kvm+0xde0/0xde0 [ 30.234869] kvm_vm_release+0x42/0x50 [ 30.238639] __fput+0x327/0x7e0 [ 30.241893] ? fput+0x140/0x140 [ 30.245136] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 30.250985] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.255445] ____fput+0x15/0x20 [ 30.258687] task_work_run+0x199/0x270 [ 30.262539] ? task_work_cancel+0x210/0x210 [ 30.266825] ? _raw_spin_unlock+0x22/0x30 [ 30.270938] ? switch_task_namespaces+0x87/0xc0 [ 30.275575] do_exit+0x9bb/0x1ad0 [ 30.278991] ? kvm_vcpu_fault+0x520/0x520 [ 30.283103] ? mm_update_next_owner+0x930/0x930 [ 30.287735] ? find_held_lock+0x35/0x1d0 [ 30.291764] ? handle_mm_fault+0x2a0/0x930 [ 30.295963] ? find_held_lock+0x35/0x1d0 [ 30.299991] ? __do_page_fault+0x5f7/0xc90 [ 30.304189] ? lock_downgrade+0x980/0x980 [ 30.308303] ? down_read_trylock+0xdb/0x170 [ 30.312589] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 30.317132] ? vmacache_find+0x5f/0x280 [ 30.321071] ? up_read+0x1a/0x40 [ 30.324410] ? __do_page_fault+0x3d6/0xc90 [ 30.328620] ? kvm_vcpu_fault+0x520/0x520 [ 30.332731] ? do_vfs_ioctl+0x486/0x1520 [ 30.336754] ? _cond_resched+0x14/0x30 [ 30.340605] ? ioctl_preallocate+0x2b0/0x2b0 [ 30.344979] ? selinux_capable+0x40/0x40 [ 30.349015] ? putname+0xf3/0x130 [ 30.352435] do_group_exit+0x149/0x400 [ 30.356286] ? SyS_exit+0x30/0x30 [ 30.359702] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.364685] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 30.369403] SyS_exit_group+0x1d/0x20 [ 30.373171] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 30.377889] RIP: 0033:0x43ed88 [ 30.381040] RSP: 002b:00007fff072041e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 30.388709] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ed88 [ 30.395940] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 30.403172] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 30.410407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 30.417639] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 30.424877] [ 30.426471] Allocated by task 3157: [ 30.430061] save_stack+0x43/0xd0 [ 30.433476] kasan_kmalloc+0xad/0xe0 [ 30.437151] kasan_slab_alloc+0x12/0x20 [ 30.441087] kmem_cache_alloc+0x12e/0x760 [ 30.445198] vmx_create_vcpu+0xc4/0x2f20 [ 30.449226] kvm_arch_vcpu_create+0x12c/0x1a0 [ 30.453687] kvm_vm_ioctl+0x48b/0x1c60 [ 30.457538] do_vfs_ioctl+0x1b1/0x1520 [ 30.461386] SyS_ioctl+0x8f/0xc0 [ 30.464716] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 30.469431] [ 30.471021] Freed by task 3157: [ 30.474348] save_stack+0x43/0xd0 [ 30.477764] kasan_slab_free+0x71/0xc0 [ 30.481612] kmem_cache_free+0x83/0x2a0 [ 30.485551] vmx_free_vcpu+0x1ee/0x260 [ 30.490094] kvm_arch_destroy_vm+0x4a2/0x980 [ 30.496573] kvm_put_kvm+0x695/0xde0 [ 30.500525] kvm_vm_release+0x42/0x50 [ 30.504291] __fput+0x327/0x7e0 [ 30.507531] ____fput+0x15/0x20 [ 30.510775] task_work_run+0x199/0x270 [ 30.514623] do_exit+0x9bb/0x1ad0 [ 30.518040] do_group_exit+0x149/0x400 [ 30.521888] SyS_exit_group+0x1d/0x20 [ 30.525651] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 30.531670] [ 30.533783] The buggy address belongs to the object at ffff8801c8aa0040 [ 30.533783] which belongs to the cache kvm_vcpu of size 23872 [ 30.546747] The buggy address is located 24 bytes inside of [ 30.546747] 23872-byte region [ffff8801c8aa0040, ffff8801c8aa5d80) [ 30.558669] The buggy address belongs to the page: [ 30.563561] page:00000000d37c1789 count:1 mapcount:0 mapping:00000000fcb51ad9 index:0x0 compound_mapcount: 0 [ 30.573491] flags: 0x2fffc0000008100(slab|head) [ 30.578123] raw: 02fffc0000008100 ffff8801c8aa0040 0000000000000000 0000000100000001 [ 30.585967] raw: ffff8801d7b3d748 ffff8801d7b3d748 ffff8801d7b3c6c0 0000000000000000 [ 30.593807] page dumped because: kasan: bad access detected [ 30.599477] [ 30.601075] Memory state around the buggy address: [ 30.605967] ffff8801c8a9ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.613287] ffff8801c8a9ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.620609] >ffff8801c8aa0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 30.627930] ^ [ 30.634126] ffff8801c8aa0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.641449] ffff8801c8aa0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.648769] ================================================================== [ 30.656097] Kernel panic - not syncing: panic_on_warn set ... [ 30.656097] [ 30.663428] CPU: 0 PID: 3157 Comm: syzkaller221164 Tainted: G B 4.15.0-rc4-next-20171220+ #77 [ 30.673264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.682581] Call Trace: [ 30.685136] dump_stack+0x194/0x257 [ 30.688727] ? arch_local_irq_restore+0x53/0x53 [ 30.693364] ? kasan_end_report+0x32/0x50 [ 30.697477] ? lock_downgrade+0x980/0x980 [ 30.701589] ? vsnprintf+0x1ed/0x1900 [ 30.705354] ? __schedule+0xcf0/0x2060 [ 30.709208] panic+0x1e4/0x41c [ 30.712368] ? refcount_error_report+0x214/0x214 [ 30.717090] ? print_shadow_for_address+0xdc/0x1a0 [ 30.721983] ? add_taint+0x1c/0x50 [ 30.725485] ? __schedule+0xda3/0x2060 [ 30.729336] kasan_end_report+0x50/0x50 [ 30.733277] kasan_report+0x144/0x340 [ 30.737042] __asan_report_load8_noabort+0x14/0x20 [ 30.741933] __schedule+0xda3/0x2060 [ 30.745613] ? __sched_text_start+0x8/0x8 [ 30.749724] ? trace_hardirqs_on+0xd/0x10 [ 30.753836] ? __call_srcu+0x7ee/0x1020 [ 30.757774] ? do_raw_spin_trylock+0x190/0x190 [ 30.762318] ? do_raw_spin_trylock+0x190/0x190 [ 30.766869] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 30.772719] ? __debug_object_init+0x235/0x1040 [ 30.777373] preempt_schedule_common+0x22/0x60 [ 30.781918] _cond_resched+0x1d/0x30 [ 30.785595] wait_for_completion+0xa5/0x770 [ 30.789881] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.794862] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 30.800622] ? __lockdep_init_map+0xe4/0x650 [ 30.804997] ? __init_waitqueue_head+0x97/0x140 [ 30.809630] ? init_wait_entry+0x1b0/0x1b0 [ 30.813834] __synchronize_srcu+0x1ad/0x260 [ 30.818119] ? call_srcu+0x10/0x10 [ 30.821622] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 30.827125] ? irq_matrix_allocated+0x80/0x80 [ 30.831583] ? synchronize_srcu+0x3c5/0x570 [ 30.835868] synchronize_srcu+0x1a3/0x570 [ 30.839979] ? synchronize_srcu+0x1a3/0x570 [ 30.844262] ? lock_downgrade+0x980/0x980 [ 30.848372] ? synchronize_srcu_expedited+0x20/0x20 [ 30.853612] ? lock_release+0xa40/0xa40 [ 30.857552] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 30.862366] ? do_raw_spin_trylock+0x190/0x190 [ 30.866918] kvm_page_track_unregister_notifier+0x186/0x270 [ 30.872593] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 30.878007] ? kvfree+0x36/0x60 [ 30.881248] ? rcu_read_lock_sched_held+0x108/0x120 [ 30.886230] kvm_mmu_uninit_vm+0x1c/0x20 [ 30.890256] kvm_arch_destroy_vm+0x73b/0x980 [ 30.894629] ? kvm_arch_sync_events+0x30/0x30 [ 30.899089] ? mmdrop+0x18/0x30 [ 30.902336] ? mmu_notifier_unregister+0x437/0x5c0 [ 30.907236] ? kvm_put_kvm+0x47a/0xde0 [ 30.911095] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 30.917116] ? __free_pages+0x107/0x150 [ 30.922617] ? free_unref_page+0x9e0/0x9e0 [ 30.926817] ? quarantine_put+0xeb/0x190 [ 30.930929] ? kfree+0xf0/0x260 [ 30.934170] ? kvm_put_kvm+0x614/0xde0 [ 30.938020] ? free_pages+0x51/0x90 [ 30.941610] kvm_put_kvm+0x695/0xde0 [ 30.945291] ? kvm_clear_guest+0xb0/0xb0 [ 30.949316] ? kvm_irqfd_release+0xd1/0x120 [ 30.953608] ? lock_downgrade+0x980/0x980 [ 30.958419] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.962880] ? kvm_irqfd_release+0xdd/0x120 [ 30.967163] ? kvm_irqfd_release+0xdd/0x120 [ 30.971447] ? kvm_put_kvm+0xde0/0xde0 [ 30.975301] kvm_vm_release+0x42/0x50 [ 30.979064] __fput+0x327/0x7e0 [ 30.982308] ? fput+0x140/0x140 [ 30.985552] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 30.991395] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.995856] ____fput+0x15/0x20 [ 30.999100] task_work_run+0x199/0x270 [ 31.002952] ? task_work_cancel+0x210/0x210 [ 31.008104] ? _raw_spin_unlock+0x22/0x30 [ 31.012220] ? switch_task_namespaces+0x87/0xc0 [ 31.016859] do_exit+0x9bb/0x1ad0 [ 31.020274] ? kvm_vcpu_fault+0x520/0x520 [ 31.024385] ? mm_update_next_owner+0x930/0x930 [ 31.029017] ? find_held_lock+0x35/0x1d0 [ 31.033045] ? handle_mm_fault+0x2a0/0x930 [ 31.037243] ? find_held_lock+0x35/0x1d0 [ 31.041271] ? __do_page_fault+0x5f7/0xc90 [ 31.045468] ? lock_downgrade+0x980/0x980 [ 31.049581] ? down_read_trylock+0xdb/0x170 [ 31.054827] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 31.060412] ? vmacache_find+0x5f/0x280 [ 31.064353] ? up_read+0x1a/0x40 [ 31.067681] ? __do_page_fault+0x3d6/0xc90 [ 31.071883] ? kvm_vcpu_fault+0x520/0x520 [ 31.075995] ? do_vfs_ioctl+0x486/0x1520 [ 31.080019] ? _cond_resched+0x14/0x30 [ 31.084394] ? ioctl_preallocate+0x2b0/0x2b0 [ 31.088770] ? selinux_capable+0x40/0x40 [ 31.092795] ? putname+0xf3/0x130 [ 31.096214] do_group_exit+0x149/0x400 [ 31.100066] ? SyS_exit+0x30/0x30 [ 31.103482] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.108463] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.113188] SyS_exit_group+0x1d/0x20 [ 31.116952] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 31.121670] RIP: 0033:0x43ed88 [ 31.124822] RSP: 002b:00007fff072041e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 31.133104] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ed88 [ 31.140339] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 31.147573] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 31.154806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 31.162038] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 31.169974] [ 31.169976] ====================================================== [ 31.169977] WARNING: possible circular locking dependency detected [ 31.169979] 4.15.0-rc4-next-20171220+ #77 Not tainted [ 31.169980] ------------------------------------------------------ [ 31.169982] syzkaller221164/3157 is trying to acquire lock: [ 31.169982] ((console_sem).lock){..-.}, at: [<000000004f6e7350>] down_trylock+0x13/0x70 [ 31.169986] [ 31.169988] but task is already holding lock: [ 31.169988] (report_lock){....}, at: [<00000000b5401cde>] kasan_report+0x6b/0x340 [ 31.169992] [ 31.169993] which lock already depends on the new lock. [ 31.169994] [ 31.169995] [ 31.169996] the existing dependency chain (in reverse order) is: [ 31.169997] [ 31.169997] -> #3 (report_lock){....}: [ 31.170001] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.170002] kasan_report+0x6b/0x340 [ 31.170004] __asan_report_load8_noabort+0x14/0x20 [ 31.170005] __schedule+0xda3/0x2060 [ 31.170006] preempt_schedule_common+0x22/0x60 [ 31.170007] _cond_resched+0x1d/0x30 [ 31.170009] wait_for_completion+0xa5/0x770 [ 31.170010] __synchronize_srcu+0x1ad/0x260 [ 31.170011] synchronize_srcu+0x1a3/0x570 [ 31.170012] kvm_page_track_unregister_notifier+0x186/0x270 [ 31.170014] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.170015] kvm_arch_destroy_vm+0x73b/0x980 [ 31.170016] kvm_put_kvm+0x695/0xde0 [ 31.170017] kvm_vm_release+0x42/0x50 [ 31.170018] __fput+0x327/0x7e0 [ 31.170019] ____fput+0x15/0x20 [ 31.170020] task_work_run+0x199/0x270 [ 31.170021] do_exit+0x9bb/0x1ad0 [ 31.170022] do_group_exit+0x149/0x400 [ 31.170024] SyS_exit_group+0x1d/0x20 [ 31.170025] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 31.170026] [ 31.170026] -> #2 (&rq->lock){-.-.}: [ 31.170030] _raw_spin_lock+0x2a/0x40 [ 31.170031] task_fork_fair+0x7a/0x690 [ 31.170032] sched_fork+0x435/0xc00 [ 31.170034] copy_process.part.37+0x1758/0x4b60 [ 31.170035] _do_fork+0x1f7/0xf70 [ 31.170036] kernel_thread+0x34/0x40 [ 31.170037] rest_init+0x22/0xf0 [ 31.170038] start_kernel+0x7f1/0x819 [ 31.170039] x86_64_start_reservations+0x2a/0x2c [ 31.170040] x86_64_start_kernel+0x77/0x7a [ 31.170042] secondary_startup_64+0xa5/0xb0 [ 31.170042] [ 31.170043] -> #1 (&p->pi_lock){-.-.}: [ 31.170047] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.170048] try_to_wake_up+0xbc/0x1600 [ 31.170049] wake_up_process+0x10/0x20 [ 31.170050] __up.isra.0+0x1cc/0x2c0 [ 31.170051] up+0x13b/0x1d0 [ 31.170052] __up_console_sem+0xb2/0x1a0 [ 31.170054] console_unlock+0x538/0xd70 [ 31.170055] do_con_write+0x106e/0x1f70 [ 31.170056] con_write+0x25/0xb0 [ 31.170057] n_tty_write+0x5ef/0xec0 [ 31.170058] tty_write+0x3fa/0x840 [ 31.170059] __vfs_write+0xef/0x970 [ 31.170060] vfs_write+0x189/0x510 [ 31.170061] SyS_write+0xef/0x220 [ 31.170062] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 31.170063] [ 31.170064] -> #0 ((console_sem).lock){..-.}: [ 31.170068] lock_acquire+0x1d5/0x580 [ 31.170069] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.170070] down_trylock+0x13/0x70 [ 31.170071] __down_trylock_console_sem+0xa2/0x1e0 [ 31.170073] console_trylock+0x15/0x100 [ 31.170074] vprintk_emit+0x49b/0x590 [ 31.170075] vprintk_default+0x28/0x30 [ 31.170076] vprintk_func+0x57/0xc0 [ 31.170077] printk+0xaa/0xca [ 31.170078] kasan_report+0x7b/0x340 [ 31.170079] __asan_report_load8_noabort+0x14/0x20 [ 31.170080] __schedule+0xda3/0x2060 [ 31.170082] preempt_schedule_common+0x22/0x60 [ 31.170083] _cond_resched+0x1d/0x30 [ 31.170084] wait_for_completion+0xa5/0x770 [ 31.170085] __synchronize_srcu+0x1ad/0x260 [ 31.170086] synchronize_srcu+0x1a3/0x570 [ 31.170088] kvm_page_track_unregister_notifier+0x186/0x270 [ 31.170089] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.170090] kvm_arch_destroy_vm+0x73b/0x980 [ 31.170091] kvm_put_kvm+0x695/0xde0 [ 31.170092] kvm_vm_release+0x42/0x50 [ 31.170093] __fput+0x327/0x7e0 [ 31.170094] ____fput+0x15/0x20 [ 31.170096] task_work_run+0x199/0x270 [ 31.170097] do_exit+0x9bb/0x1ad0 [ 31.170098] do_group_exit+0x149/0x400 [ 31.170099] SyS_exit_group+0x1d/0x20 [ 31.170100] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 31.170101] [ 31.170102] other info that might help us debug this: [ 31.170103] [ 31.170104] Chain exists of: [ 31.170104] (console_sem).lock --> &rq->lock --> report_lock [ 31.170109] [ 31.170110] Possible unsafe locking scenario: [ 31.170111] [ 31.170112] CPU0 CPU1 [ 31.170113] ---- ---- [ 31.170114] lock(report_lock); [ 31.170117] lock(&rq->lock); [ 31.170119] lock(report_lock); [ 31.170121] lock((console_sem).lock); [ 31.170124] [ 31.170125] *** DEADLOCK *** [ 31.170125] [ 31.170126] 2 locks held by syzkaller221164/3157: [ 31.170127] #0: (&rq->lock){-.-.}, at: [<00000000c0f0bc2f>] __schedule+0x24e/0x2060 [ 31.170131] #1: (report_lock){....}, at: [<00000000b5401cde>] kasan_report+0x6b/0x340 [ 31.170135] [ 31.170136] stack backtrace: [ 31.170138] CPU: 0 PID: 3157 Comm: syzkaller221164 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 31.170141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.170142] Call Trace: [ 31.170143] dump_stack+0x194/0x257 [ 31.170144] ? arch_local_irq_restore+0x53/0x53 [ 31.170145] print_circular_bug.isra.37+0x2cd/0x2dc [ 31.170146] ? save_trace+0xe0/0x2b0 [ 31.170147] __lock_acquire+0x30a8/0x3e00 [ 31.170149] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 31.170150] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 31.170151] ? print_lockdep_cache.isra.31+0x109/0x109 [ 31.170152] ? save_stack_trace+0x1a/0x20 [ 31.170154] ? save_trace+0xe0/0x2b0 [ 31.170155] ? __lock_acquire+0x36c0/0x3e00 [ 31.170156] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 31.170157] ? __lock_is_held+0xb6/0x140 [ 31.170158] ? __lock_is_held+0xb6/0x140 [ 31.170159] lock_acquire+0x1d5/0x580 [ 31.170160] ? lock_acquire+0x1d5/0x580 [ 31.170161] ? down_trylock+0x13/0x70 [ 31.170163] ? find_held_lock+0x35/0x1d0 [ 31.170164] ? lock_release+0xa40/0xa40 [ 31.170165] ? vprintk_emit+0x379/0x590 [ 31.170166] ? lock_downgrade+0x980/0x980 [ 31.170167] ? kvm_sched_clock_read+0x25/0x40 [ 31.170168] ? sched_clock+0x31/0x40 [ 31.170169] ? sched_clock_cpu+0x1b/0x170 [ 31.170170] ? vprintk_emit+0x49b/0x590 [ 31.170172] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.170173] ? down_trylock+0x13/0x70 [ 31.170174] down_trylock+0x13/0x70 [ 31.170175] ? vprintk_emit+0x49b/0x590 [ 31.170176] __down_trylock_console_sem+0xa2/0x1e0 [ 31.170177] console_trylock+0x15/0x100 [ 31.170178] vprintk_emit+0x49b/0x590 [ 31.170179] vprintk_default+0x28/0x30 [ 31.170180] vprintk_func+0x57/0xc0 [ 31.170181] printk+0xaa/0xca [ 31.170183] ? show_regs_print_info+0x18/0x18 [ 31.170184] ? __schedule+0xda3/0x2060 [ 31.170185] kasan_report+0x7b/0x340 [ 31.170186] __asan_report_load8_noabort+0x14/0x20 [ 31.170187] __schedule+0xda3/0x2060 [ 31.170188] ? __sched_text_start+0x8/0x8 [ 31.170189] ? trace_hardirqs_on+0xd/0x10 [ 31.170190] ? __call_srcu+0x7ee/0x1020 [ 31.170192] ? do_raw_spin_trylock+0x190/0x190 [ 31.170193] ? do_raw_spin_trylock+0x190/0x190 [ 31.170194] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 31.170196] ? __debug_object_init+0x235/0x1040 [ 31.170197] preempt_schedule_common+0x22/0x60 [ 31.170198] _cond_resched+0x1d/0x30 [ 31.170199] wait_for_completion+0xa5/0x770 [ 31.170200] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.170202] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 31.170203] ? __lockdep_init_map+0xe4/0x650 [ 31.170204] ? __init_waitqueue_head+0x97/0x140 [ 31.170205] ? init_wait_entry+0x1b0/0x1b0 [ 31.170207] __synchronize_srcu+0x1ad/0x260 [ 31.170208] ? call_srcu+0x10/0x10 [ 31.170209] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 31.170210] ? irq_matrix_allocated+0x80/0x80 [ 31.170211] ? synchronize_srcu+0x3c5/0x570 [ 31.170212] synchronize_srcu+0x1a3/0x570 [ 31.170214] ? synchronize_srcu+0x1a3/0x570 [ 31.170215] ? lock_downgrade+0x980/0x980 [ 31.170216] ? synchronize_srcu_expedited+0x20/0x20 [ 31.170217] ? lock_release+0xa40/0xa40 [ 31.170219] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 31.170220] ? do_raw_spin_trylock+0x190/0x190 [ 31.170221] kvm_page_track_unregister_notifier+0x186/0x270 [ 31.170223] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 31.170224] ? kvfree+0x36/0x60 [ 31.170225] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.170226] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.170227] kvm_arch_destroy_vm+0x73b/0x980 [ 31.170228] ? kvm_arch_sync_events+0x30/0x30 [ 31.170229] ? mmdrop+0x18/0x30 [ 31.170231] ? mmu_notifier_unregister+0x437/0x5c0 [ 31.170232] ? kvm_put_kvm+0x47a/0xde0 [ 31.170233] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 31.170234] ? __free_pages+0x107/0x150 [ 31.170235] ? free_unref_page+0x9e0/0x9e0 [ 31.170237] ? quarantine_put+0xeb/0x190 [ 31.170238] ? kfree+0xf0/0x260 [ 31.170239] ? kvm_put_kvm+0x614/0xde0 [ 31.170240] ? free_pages+0x51/0x90 [ 31.170241] kvm_put_kvm+0x695/0xde0 [ 31.170242] ? kvm_clear_guest+0xb0/0xb0 [ 31.170243] ? kvm_irqfd_release+0xd1/0x120 [ 31.170244] ? lock_downgrade+0x980/0x980 [ 31.170245] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.170246] ? kvm_irqfd_release+0xdd/0x120 [ 31.170248] ? kvm_irqfd_release+0xdd/0x120 [ 31.170249] ? kvm_put_kvm+0xde0/0xde0 [ 31.170250] kvm_vm_release+0x42/0x50 [ 31.170251] __fput+0x327/0x7e0 [ 31.170252] ? fput+0x140/0x140 [ 31.170253] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 31.170254] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.170255] ____fput+0x15/0x20 [ 31.170257] task_work_run+0x199/0x270 [ 31.170258] ? task_work_cancel+0x210/0x210 [ 31.170259] ? _raw_spin_unlock+0x22/0x30 [ 31.170260] ? switch_task_namespaces+0x87/0xc0 [ 31.170261] do_exit+0x9bb/0x1ad0 [ 31.170262] ? kvm_vcpu_fault+0x520/0x520 [ 31.170263] ? mm_update_next_owner+0x930/0x930 [ 31.170265] ? find_held_lock+0x35/0x1d0 [ 31.170266] ? handle_mm_fault+0x2a0/0x930 [ 31.170267] ? find_held_lock+0x35/0x1d0 [ 31.170268] ? __do_page_fault+0x5f7/0xc90 [ 31.170269] ? lock_downgrade+0x980/0x980 [ 31.170270] ? down_read_trylock+0xdb/0x170 [ 31.170271] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 31.170273] ? vmacache_find+0x5f/0x280 [ 31.170274] ? up_read+0x1a/0x40 [ 31.170275] ? __do_page_fault+0x3d6/0xc90 [ 31.170276] ? kvm_vcpu_fault+0x520/0x520 [ 31.170277] ? do_vfs_ioctl+0x486/0x1520 [ 31.170278] ? _cond_resched+0x14/0x30 [ 31.170279] ? ioctl_preallocate+0x2b0/0x2b0 [ 31.170280] ? selinux_capable+0x40/0x40 [ 31.170281] ? putname+0xf3/0x130 [ 31.170282] do_ [ 31.170284] Lost 13 message(s)! [ 32.242785] Shutting down cpus with NMI [ 33.316821] Dumping ftrace buffer: [ 33.320332] (ftrace buffer empty) [ 33.324006] Kernel Offset: disabled [ 33.327598] Rebooting in 86400 seconds..