[....] Starting enhanced syslogd: rsyslogd[ 11.418479] audit: type=1400 audit(1513872266.393:5): avc: denied { syslog } for pid=2992 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.220076] audit: type=1400 audit(1513872273.195:6): avc: denied { map } for pid=3132 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-0,10.128.15.237' (ECDSA) to the list of known hosts. executing program [ 24.387618] audit: type=1400 audit(1513872279.363:7): avc: denied { map } for pid=3146 comm="syzkaller840944" path="/root/syzkaller840944278" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 24.421382] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 24.433693] ================================================================== [ 24.442240] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 24.448437] Read of size 8 at addr ffff8801bcaa0058 by task syzkaller840944/3146 [ 24.455932] [ 24.457528] CPU: 1 PID: 3146 Comm: syzkaller840944 Not tainted 4.15.0-rc4-mm1+ #47 [ 24.465199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.474521] Call Trace: [ 24.477073] dump_stack+0x194/0x257 [ 24.480667] ? arch_local_irq_restore+0x53/0x53 [ 24.485303] ? show_regs_print_info+0x18/0x18 [ 24.489767] ? __schedule+0xda3/0x2060 [ 24.493624] print_address_description+0x73/0x250 [ 24.498433] ? __schedule+0xda3/0x2060 [ 24.502286] kasan_report+0x23b/0x360 [ 24.506057] __asan_report_load8_noabort+0x14/0x20 [ 24.510954] __schedule+0xda3/0x2060 [ 24.514642] ? __sched_text_start+0x8/0x8 [ 24.518769] ? trace_hardirqs_on+0xd/0x10 [ 24.522885] ? __call_srcu+0x7ee/0x1020 [ 24.526827] ? do_raw_spin_trylock+0x190/0x190 [ 24.531375] ? do_raw_spin_trylock+0x190/0x190 [ 24.535932] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.541799] ? __debug_object_init+0x235/0x1040 [ 24.546444] preempt_schedule_common+0x22/0x60 [ 24.550992] _cond_resched+0x1d/0x30 [ 24.554675] wait_for_completion+0xa5/0x770 [ 24.558962] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.563945] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 24.569711] ? __lockdep_init_map+0xe4/0x650 [ 24.574089] ? __init_waitqueue_head+0x97/0x140 [ 24.578725] ? init_wait_entry+0x1b0/0x1b0 [ 24.582936] __synchronize_srcu+0x1ad/0x260 [ 24.587223] ? call_srcu+0x10/0x10 [ 24.590729] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 24.596237] ? irq_matrix_allocated+0x80/0x80 [ 24.600700] ? synchronize_srcu+0x3c5/0x570 [ 24.604990] synchronize_srcu+0x1a3/0x570 [ 24.609103] ? synchronize_srcu+0x1a3/0x570 [ 24.613392] ? lock_downgrade+0x980/0x980 [ 24.617508] ? synchronize_srcu_expedited+0x20/0x20 [ 24.622492] ? lock_release+0xa40/0xa40 [ 24.626433] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 24.631245] ? do_raw_spin_trylock+0x190/0x190 [ 24.635809] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.641489] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 24.646910] ? kvfree+0x36/0x60 [ 24.650156] ? rcu_read_lock_sched_held+0x108/0x120 [ 24.655142] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.659171] kvm_arch_destroy_vm+0x73b/0x980 [ 24.663552] ? kvm_arch_sync_events+0x30/0x30 [ 24.668014] ? mmdrop+0x18/0x30 [ 24.671264] ? mmu_notifier_unregister+0x43c/0x5c0 [ 24.676161] ? kvm_put_kvm+0x47a/0xde0 [ 24.680030] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 24.685968] ? __free_pages+0x107/0x150 [ 24.689908] ? free_unref_page+0x9e0/0x9e0 [ 24.694110] ? quarantine_put+0xeb/0x190 [ 24.698139] ? kfree+0xf0/0x260 [ 24.701383] ? kvm_put_kvm+0x614/0xde0 [ 24.705239] ? free_pages+0x51/0x90 [ 24.708832] kvm_put_kvm+0x695/0xde0 [ 24.712520] ? kvm_clear_guest+0xb0/0xb0 [ 24.716550] ? kvm_irqfd_release+0xd1/0x120 [ 24.720846] ? lock_downgrade+0x980/0x980 [ 24.724974] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.729442] ? kvm_irqfd_release+0xdd/0x120 [ 24.733731] ? kvm_irqfd_release+0xdd/0x120 [ 24.738019] ? kvm_put_kvm+0xde0/0xde0 [ 24.741875] kvm_vm_release+0x42/0x50 [ 24.745645] __fput+0x327/0x7e0 [ 24.748896] ? fput+0x140/0x140 [ 24.752144] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.757993] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.762459] ____fput+0x15/0x20 [ 24.765708] task_work_run+0x199/0x270 [ 24.769565] ? task_work_cancel+0x210/0x210 [ 24.773855] ? _raw_spin_unlock+0x22/0x30 [ 24.777968] ? switch_task_namespaces+0x87/0xc0 [ 24.782606] do_exit+0x9bb/0x1ad0 [ 24.786027] ? kvm_vcpu_fault+0x520/0x520 [ 24.790144] ? mm_update_next_owner+0x930/0x930 [ 24.794780] ? find_held_lock+0x35/0x1d0 [ 24.798812] ? handle_mm_fault+0x2a0/0x930 [ 24.803016] ? find_held_lock+0x35/0x1d0 [ 24.807050] ? __do_page_fault+0x5f7/0xc90 [ 24.811251] ? lock_downgrade+0x980/0x980 [ 24.815374] ? down_read_trylock+0xdb/0x170 [ 24.819672] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 24.824218] ? vmacache_find+0x5f/0x280 [ 24.828164] ? up_read+0x1a/0x40 [ 24.831505] ? __do_page_fault+0x3d6/0xc90 [ 24.835714] ? kvm_vcpu_fault+0x520/0x520 [ 24.839829] ? do_vfs_ioctl+0x486/0x1520 [ 24.843865] ? _cond_resched+0x14/0x30 [ 24.847725] ? ioctl_preallocate+0x2b0/0x2b0 [ 24.852102] ? selinux_capable+0x40/0x40 [ 24.856130] ? putname+0xf3/0x130 [ 24.859557] do_group_exit+0x149/0x400 [ 24.863413] ? SyS_exit+0x30/0x30 [ 24.866836] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.871819] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.876544] SyS_exit_group+0x1d/0x20 [ 24.880315] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.885035] RIP: 0033:0x43ed88 [ 24.888197] RSP: 002b:00007fff0eeb1fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 24.895871] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ed88 [ 24.903106] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 24.910342] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 24.917579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 24.924815] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 24.932063] [ 24.933658] Allocated by task 3146: [ 24.937254] save_stack+0x43/0xd0 [ 24.940675] kasan_kmalloc+0xad/0xe0 [ 24.944355] kasan_slab_alloc+0x12/0x20 [ 24.948295] kmem_cache_alloc+0x12e/0x760 [ 24.952408] vmx_create_vcpu+0xc4/0x2f20 [ 24.956436] kvm_arch_vcpu_create+0x12c/0x1a0 [ 24.960899] kvm_vm_ioctl+0x48b/0x1c60 [ 24.964754] do_vfs_ioctl+0x1b1/0x1520 [ 24.968604] SyS_ioctl+0x8f/0xc0 [ 24.971936] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.976653] [ 24.978246] Freed by task 3146: [ 24.981492] save_stack+0x43/0xd0 [ 24.984911] kasan_slab_free+0x71/0xc0 [ 24.988764] kmem_cache_free+0x83/0x2a0 [ 24.992704] vmx_free_vcpu+0x1ee/0x260 [ 24.996555] kvm_arch_destroy_vm+0x4a2/0x980 [ 25.000927] kvm_put_kvm+0x695/0xde0 [ 25.004605] kvm_vm_release+0x42/0x50 [ 25.008372] __fput+0x327/0x7e0 [ 25.011618] ____fput+0x15/0x20 [ 25.014861] task_work_run+0x199/0x270 [ 25.018716] do_exit+0x9bb/0x1ad0 [ 25.022142] do_group_exit+0x149/0x400 [ 25.025995] SyS_exit_group+0x1d/0x20 [ 25.029759] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 25.034478] [ 25.036073] The buggy address belongs to the object at ffff8801bcaa0040 [ 25.036073] which belongs to the cache kvm_vcpu of size 23872 [ 25.048615] The buggy address is located 24 bytes inside of [ 25.048615] 23872-byte region [ffff8801bcaa0040, ffff8801bcaa5d80) [ 25.060540] The buggy address belongs to the page: [ 25.065435] page:ffffea0006f2a800 count:1 mapcount:0 mapping:ffff8801bcaa0040 index:0x0 compound_mapcount: 0 [ 25.075367] flags: 0x2fffc0000008100(slab|head) [ 25.080007] raw: 02fffc0000008100 ffff8801bcaa0040 0000000000000000 0000000100000001 [ 25.087855] raw: ffff8801d6440548 ffff8801d6440548 ffff8801d643f540 0000000000000000 [ 25.095699] page dumped because: kasan: bad access detected [ 25.101369] [ 25.102961] Memory state around the buggy address: [ 25.107857] ffff8801bca9ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.115181] ffff8801bca9ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.122504] >ffff8801bcaa0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 25.129847] ^ [ 25.136044] ffff8801bcaa0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.143369] ffff8801bcaa0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.150690] ================================================================== [ 25.158012] Kernel panic - not syncing: panic_on_warn set ... [ 25.158012] [ 25.165340] CPU: 1 PID: 3146 Comm: syzkaller840944 Tainted: G B 4.15.0-rc4-mm1+ #47 [ 25.174314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.183632] Call Trace: [ 25.186188] dump_stack+0x194/0x257 [ 25.189785] ? arch_local_irq_restore+0x53/0x53 [ 25.194419] ? kasan_end_report+0x32/0x50 [ 25.198535] ? lock_downgrade+0x980/0x980 [ 25.202652] ? vsnprintf+0x1ed/0x1900 [ 25.206419] ? __schedule+0xcf0/0x2060 [ 25.210272] panic+0x1e4/0x41c [ 25.213433] ? refcount_error_report+0x214/0x214 [ 25.218163] ? print_shadow_for_address+0xdc/0x1a0 [ 25.223059] ? add_taint+0x1c/0x50 [ 25.226569] ? __schedule+0xda3/0x2060 [ 25.230424] kasan_end_report+0x50/0x50 [ 25.234365] kasan_report+0x148/0x360 [ 25.238137] __asan_report_load8_noabort+0x14/0x20 [ 25.243036] __schedule+0xda3/0x2060 [ 25.246725] ? __sched_text_start+0x8/0x8 [ 25.250839] ? trace_hardirqs_on+0xd/0x10 [ 25.254954] ? __call_srcu+0x7ee/0x1020 [ 25.258895] ? do_raw_spin_trylock+0x190/0x190 [ 25.263441] ? do_raw_spin_trylock+0x190/0x190 [ 25.267998] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 25.273852] ? __debug_object_init+0x235/0x1040 [ 25.278497] preempt_schedule_common+0x22/0x60 [ 25.283045] _cond_resched+0x1d/0x30 [ 25.286728] wait_for_completion+0xa5/0x770 [ 25.291017] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.296000] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 25.301766] ? __lockdep_init_map+0xe4/0x650 [ 25.306150] ? __init_waitqueue_head+0x97/0x140 [ 25.310784] ? init_wait_entry+0x1b0/0x1b0 [ 25.314992] __synchronize_srcu+0x1ad/0x260 [ 25.319281] ? call_srcu+0x10/0x10 [ 25.322787] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 25.328303] ? irq_matrix_allocated+0x80/0x80 [ 25.332766] ? synchronize_srcu+0x3c5/0x570 [ 25.337056] synchronize_srcu+0x1a3/0x570 [ 25.341168] ? synchronize_srcu+0x1a3/0x570 [ 25.345460] ? lock_downgrade+0x980/0x980 [ 25.349576] ? synchronize_srcu_expedited+0x20/0x20 [ 25.354561] ? lock_release+0xa40/0xa40 [ 25.358504] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 25.363314] ? do_raw_spin_trylock+0x190/0x190 [ 25.367876] kvm_page_track_unregister_notifier+0x186/0x270 [ 25.373556] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 25.378977] ? kvfree+0x36/0x60 [ 25.382223] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.387209] kvm_mmu_uninit_vm+0x1c/0x20 [ 25.391238] kvm_arch_destroy_vm+0x73b/0x980 [ 25.395618] ? kvm_arch_sync_events+0x30/0x30 [ 25.400082] ? mmdrop+0x18/0x30 [ 25.403328] ? mmu_notifier_unregister+0x43c/0x5c0 [ 25.408222] ? kvm_put_kvm+0x47a/0xde0 [ 25.412079] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 25.418017] ? __free_pages+0x107/0x150 [ 25.421957] ? free_unref_page+0x9e0/0x9e0 [ 25.426158] ? quarantine_put+0xeb/0x190 [ 25.430184] ? kfree+0xf0/0x260 [ 25.433431] ? kvm_put_kvm+0x614/0xde0 [ 25.437286] ? free_pages+0x51/0x90 [ 25.440883] kvm_put_kvm+0x695/0xde0 [ 25.444571] ? kvm_clear_guest+0xb0/0xb0 [ 25.448606] ? kvm_irqfd_release+0xd1/0x120 [ 25.452894] ? lock_downgrade+0x980/0x980 [ 25.457019] ? _raw_spin_unlock_irq+0x27/0x70 [ 25.461486] ? kvm_irqfd_release+0xdd/0x120 [ 25.465772] ? kvm_irqfd_release+0xdd/0x120 [ 25.470059] ? kvm_put_kvm+0xde0/0xde0 [ 25.473913] kvm_vm_release+0x42/0x50 [ 25.477680] __fput+0x327/0x7e0 [ 25.480931] ? fput+0x140/0x140 [ 25.484179] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 25.490028] ? _raw_spin_unlock_irq+0x27/0x70 [ 25.494493] ____fput+0x15/0x20 [ 25.497739] task_work_run+0x199/0x270 [ 25.501598] ? task_work_cancel+0x210/0x210 [ 25.505885] ? _raw_spin_unlock+0x22/0x30 [ 25.509998] ? switch_task_namespaces+0x87/0xc0 [ 25.514639] do_exit+0x9bb/0x1ad0 [ 25.518058] ? kvm_vcpu_fault+0x520/0x520 [ 25.522175] ? mm_update_next_owner+0x930/0x930 [ 25.526809] ? find_held_lock+0x35/0x1d0 [ 25.530840] ? handle_mm_fault+0x2a0/0x930 [ 25.535045] ? find_held_lock+0x35/0x1d0 [ 25.539086] ? __do_page_fault+0x5f7/0xc90 [ 25.543289] ? lock_downgrade+0x980/0x980 [ 25.547411] ? down_read_trylock+0xdb/0x170 [ 25.551701] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 25.556249] ? vmacache_find+0x5f/0x280 [ 25.560194] ? up_read+0x1a/0x40 [ 25.563526] ? __do_page_fault+0x3d6/0xc90 [ 25.567733] ? kvm_vcpu_fault+0x520/0x520 [ 25.571848] ? do_vfs_ioctl+0x486/0x1520 [ 25.575874] ? _cond_resched+0x14/0x30 [ 25.579733] ? ioctl_preallocate+0x2b0/0x2b0 [ 25.584109] ? selinux_capable+0x40/0x40 [ 25.588141] ? putname+0xf3/0x130 [ 25.591565] do_group_exit+0x149/0x400 [ 25.595425] ? SyS_exit+0x30/0x30 [ 25.598846] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.603828] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.608551] SyS_exit_group+0x1d/0x20 [ 25.612319] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 25.617042] RIP: 0033:0x43ed88 [ 25.620199] RSP: 002b:00007fff0eeb1fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 25.627880] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ed88 [ 25.635120] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 25.642357] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 25.649592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0 [ 25.656827] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000 [ 25.664076] [ 25.664078] ====================================================== [ 25.664080] WARNING: possible circular locking dependency detected [ 25.664082] 4.15.0-rc4-mm1+ #47 Not tainted [ 25.664084] ------------------------------------------------------ [ 25.664086] syzkaller840944/3146 is trying to acquire lock: [ 25.664087] ((console_sem).lock){..-.}, at: [<0000000054e10189>] down_trylock+0x13/0x70 [ 25.664093] [ 25.664094] but task is already holding lock: [ 25.664095] (report_lock){....}, at: [<00000000a775d052>] kasan_report+0x6b/0x360 [ 25.664100] [ 25.664102] which lock already depends on the new lock. [ 25.664103] [ 25.664104] [ 25.664109] the existing dependency chain (in reverse order) is: [ 25.664110] [ 25.664110] -> #3 (report_lock){....}: [ 25.664116] _raw_spin_lock_irqsave+0x96/0xc0 [ 25.664118] kasan_report+0x6b/0x360 [ 25.664120] __asan_report_load8_noabort+0x14/0x20 [ 25.664121] __schedule+0xda3/0x2060 [ 25.664123] preempt_schedule_common+0x22/0x60 [ 25.664125] _cond_resched+0x1d/0x30 [ 25.664126] wait_for_completion+0xa5/0x770 [ 25.664128] __synchronize_srcu+0x1ad/0x260 [ 25.664130] synchronize_srcu+0x1a3/0x570 [ 25.664132] kvm_page_track_unregister_notifier+0x186/0x270 [ 25.664134] kvm_mmu_uninit_vm+0x1c/0x20 [ 25.664135] kvm_arch_destroy_vm+0x73b/0x980 [ 25.664137] kvm_put_kvm+0x695/0xde0 [ 25.664139] kvm_vm_release+0x42/0x50 [ 25.664140] __fput+0x327/0x7e0 [ 25.664142] ____fput+0x15/0x20 [ 25.664143] task_work_run+0x199/0x270 [ 25.664145] do_exit+0x9bb/0x1ad0 [ 25.664146] do_group_exit+0x149/0x400 [ 25.664148] SyS_exit_group+0x1d/0x20 [ 25.664150] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 25.664151] [ 25.664152] -> #2 (&rq->lock){-.-.}: [ 25.664157] _raw_spin_lock+0x2a/0x40 [ 25.664159] task_fork_fair+0x7a/0x690 [ 25.664160] sched_fork+0x435/0xc00 [ 25.664162] copy_process.part.37+0x1758/0x4b60 [ 25.664163] _do_fork+0x1f7/0xf70 [ 25.664165] kernel_thread+0x34/0x40 [ 25.664167] rest_init+0x22/0xf0 [ 25.664168] start_kernel+0x7f1/0x819 [ 25.664170] x86_64_start_reservations+0x2a/0x2c [ 25.664172] x86_64_start_kernel+0x77/0x7a [ 25.664174] secondary_startup_64+0xa5/0xb0 [ 25.664174] [ 25.664175] -> #1 (&p->pi_lock){-.-.}: [ 25.664181] _raw_spin_lock_irqsave+0x96/0xc0 [ 25.664182] try_to_wake_up+0xbc/0x1600 [ 25.664184] wake_up_process+0x10/0x20 [ 25.664186] __up.isra.0+0x1cc/0x2c0 [ 25.664187] up+0x13b/0x1d0 [ 25.664189] __up_console_sem+0xb2/0x1a0 [ 25.664190] console_unlock+0x538/0xd70 [ 25.664192] con_flush_chars+0x6e/0x80 [ 25.664194] n_tty_write+0x71b/0xec0 [ 25.664195] tty_write+0x3fa/0x840 [ 25.664197] __vfs_write+0xef/0x970 [ 25.664198] vfs_write+0x189/0x510 [ 25.664200] SyS_write+0xef/0x220 [ 25.664202] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 25.664202] [ 25.664204] -> #0 ((console_sem).lock){..-.}: [ 25.664209] lock_acquire+0x1d5/0x580 [ 25.664211] _raw_spin_lock_irqsave+0x96/0xc0 [ 25.664212] down_trylock+0x13/0x70 [ 25.664214] __down_trylock_console_sem+0xa2/0x1e0 [ 25.664216] console_trylock+0x15/0x100 [ 25.664218] vprintk_emit+0x49b/0x590 [ 25.664219] vprintk_default+0x28/0x30 [ 25.664221] vprintk_func+0x57/0xc0 [ 25.664222] printk+0xaa/0xca [ 25.664224] kasan_report+0x7b/0x360 [ 25.664226] __asan_report_load8_noabort+0x14/0x20 [ 25.664227] __schedule+0xda3/0x2060 [ 25.664229] preempt_schedule_common+0x22/0x60 [ 25.664231] _cond_resched+0x1d/0x30 [ 25.664233] wait_for_completion+0xa5/0x770 [ 25.664234] __synchronize_srcu+0x1ad/0x260 [ 25.664236] synchronize_srcu+0x1a3/0x570 [ 25.664238] kvm_page_track_unregister_notifier+0x186/0x270 [ 25.664240] kvm_mmu_uninit_vm+0x1c/0x20 [ 25.664242] kvm_arch_destroy_vm+0x73b/0x980 [ 25.664243] kvm_put_kvm+0x695/0xde0 [ 25.664245] kvm_vm_release+0x42/0x50 [ 25.664246] __fput+0x327/0x7e0 [ 25.664248] ____fput+0x15/0x20 [ 25.664249] task_work_run+0x199/0x270 [ 25.664251] do_exit+0x9bb/0x1ad0 [ 25.664252] do_group_exit+0x149/0x400 [ 25.664254] SyS_exit_group+0x1d/0x20 [ 25.664256] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 25.664257] [ 25.664259] other info that might help us debug this: [ 25.664260] [ 25.664261] Chain exists of: [ 25.664262] (console_sem).lock --> &rq->lock --> report_lock [ 25.664268] [ 25.664270] Possible unsafe locking scenario: [ 25.664271] [ 25.664272] CPU0 CPU1 [ 25.664274] ---- ---- [ 25.664275] lock(report_lock); [ 25.664279] lock(&rq->lock); [ 25.664282] lock(report_lock); [ 25.664285] lock((console_sem).lock); [ 25.664288] [ 25.664290] *** DEADLOCK *** [ 25.664290] [ 25.664292] 2 locks held by syzkaller840944/3146: [ 25.664293] #0: (&rq->lock){-.-.}, at: [<00000000a981d9a7>] __schedule+0x24e/0x2060 [ 25.664299] #1: (report_lock){....}, at: [<00000000a775d052>] kasan_report+0x6b/0x360 [ 25.664305] [ 25.664306] stack backtrace: [ 25.664308] CPU: 1 PID: 3146 Comm: syzkaller840944 Not tainted 4.15.0-rc4-mm1+ #47 [ 25.664312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.664313] Call Trace: [ 25.664314] dump_stack+0x194/0x257 [ 25.664316] ? arch_local_irq_restore+0x53/0x53 [ 25.664318] print_circular_bug.isra.37+0x2cd/0x2dc [ 25.664320] ? save_trace+0xe0/0x2b0 [ 25.664321] __lock_acquire+0x30a8/0x3e00 [ 25.664323] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.664325] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.664327] ? print_lockdep_cache.isra.31+0x109/0x109 [ 25.664329] ? save_stack_trace+0x1a/0x20 [ 25.664330] ? save_trace+0xe0/0x2b0 [ 25.664332] ? __lock_acquire+0x36c0/0x3e00 [ 25.664334] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.664335] ? __lock_is_held+0xb6/0x140 [ 25.664337] ? __lock_is_held+0xb6/0x140 [ 25.664339] lock_acquire+0x1d5/0x580 [ 25.664340] ? lock_acquire+0x1d5/0x580 [ 25.664342] ? down_trylock+0x13/0x70 [ 25.664343] ? find_held_lock+0x35/0x1d0 [ 25.664345] ? lock_release+0xa40/0xa40 [ 25.664347] ? vprintk_emit+0x379/0x590 [ 25.664348] ? lock_downgrade+0x980/0x980 [ 25.664350] ? kvm_sched_clock_read+0x25/0x40 [ 25.664351] ? sched_clock+0x31/0x40 [ 25.664353] ? sched_clock_cpu+0x1b/0x170 [ 25.664355] ? vprintk_emit+0x49b/0x590 [ 25.664356] _raw_spin_lock_irqsave+0x96/0xc0 [ 25.664358] ? down_trylock+0x13/0x70 [ 25.664359] down_trylock+0x13/0x70 [ 25.664361] ? vprintk_emit+0x49b/0x590 [ 25.664363] __down_trylock_console_sem+0xa2/0x1e0 [ 25.664364] console_trylock+0x15/0x100 [ 25.664366] vprintk_emit+0x49b/0x590 [ 25.664368] vprintk_default+0x28/0x30 [ 25.664369] vprintk_func+0x57/0xc0 [ 25.664370] printk+0xaa/0xca [ 25.664372] ? show_regs_print_info+0x18/0x18 [ 25.664374] ? __schedule+0xda3/0x2060 [ 25.664375] kasan_report+0x7b/0x360 [ 25.664377] __asan_report_load8_noabort+0x14/0x20 [ 25.664378] __schedule+0xda3/0x2060 [ 25.664380] ? __sched_text_start+0x8/0x8 [ 25.664382] ? trace_hardirqs_on+0xd/0x10 [ 25.664383] ? __call_srcu+0x7ee/0x1020 [ 25.664385] ? do_raw_spin_trylock+0x190/0x190 [ 25.664387] ? do_raw_spin_trylock+0x190/0x190 [ 25.664389] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 25.664391] ? __debug_object_init+0x235/0x1040 [ 25.664393] preempt_schedule_common+0x22/0x60 [ 25.664394] _cond_resched+0x1d/0x30 [ 25.664396] wait_for_completion+0xa5/0x770 [ 25.664398] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.664400] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 25.664401] ? __lockdep_init_map+0xe4/0x650 [ 25.664403] ? __init_waitqueue_head+0x97/0x140 [ 25.664405] ? init_wait_entry+0x1b0/0x1b0 [ 25.664407] __synchronize_srcu+0x1ad/0x260 [ 25.664408] ? call_srcu+0x10/0x10 [ 25.664410] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 25.664412] ? irq_matrix_allocated+0x80/0x80 [ 25.664413] ? synchronize_srcu+0x3c5/0x570 [ 25.664415] synchronize_srcu+0x1a3/0x570 [ 25.664417] ? synchronize_srcu+0x1a3/0x570 [ 25.664418] ? lock_downgrade+0x980/0x980 [ 25.664420] ? synchronize_srcu_expedited+0x20/0x20 [ 25.664422] ? lock_release+0xa40/0xa40 [ 25.664424] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 25.664425] ? do_raw_spin_trylock+0x190/0x190 [ 25.664428] kvm_page_track_unregister_notifier+0x186/0x270 [ 25.664430] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 25.664431] ? kvfree+0x36/0x60 [ 25.664433] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.664434] kvm_mmu_uninit_vm+0x1c/0x20 [ 25.664436] kvm_arch_destroy_vm+0x73b/0x980 [ 25.664438] ? kvm_arch_sync_events+0x30/0x30 [ 25.664439] ? mmdrop+0x18/0x30 [ 25.664441] ? mmu_notifier_unregister+0x43c/0x5c0 [ 25.664443] ? kvm_put_kvm+0x47a/0xde0 [ 25.664445] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 25.664447] ? __free_pages+0x107/0x150 [ 25.664448] ? free_unref_page+0x9e0/0x9e0 [ 25.664450] ? quarantine_put+0xeb/0x190 [ 25.664451] ? kfree+0xf0/0x260 [ 25.664453] ? kvm_put_kvm+0x614/0xde0 [ 25.664454] ? free_pages+0x51/0x90 [ 25.664456] kvm_put_kvm+0x695/0xde0 [ 25.664457] ? kvm_clear_guest+0xb0/0xb0 [ 25.664459] ? kvm_irqfd_release+0xd1/0x120 [ 25.664461] ? lock_downgrade+0x980/0x980 [ 25.664462] ? _raw_spin_unlock_irq+0x27/0x70 [ 25.664464] ? kvm_irqfd_release+0xdd/0x120 [ 25.664466] ? kvm_irqfd_release+0xdd/0x120 [ 25.664467] ? kvm_put_kvm+0xde0/0xde0 [ 25.664469] kvm_vm_release+0x42/0x50 [ 25.664470] __fput+0x327/0x7e0 [ 25.664472] ? fput+0x140/0x140 [ 25.664474] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 25.664476] ? _raw_spin_unlock_irq+0x27/0x70 [ 25.664477] ____fput+0x15/0x20 [ 25.664478] task_work_run+0x199/0x270 [ 25.664480] ? task_work_cancel+0x210/0x210 [ 25.664482] ? _raw_spin_unlock+0x22/0x30 [ 25.664484] ? switch_task_namespaces+0x87/0xc0 [ 25.664485] do_exit+0x9bb/0x1ad0 [ 25.664487] ? kvm_vcpu_fault+0x520/0x520 [ 25.664488] ? mm_update_next_owner+0x930/0x930 [ 25.664490] ? find_held_lock+0x35/0x1d0 [ 25.664492] ? handle_mm_fault+0x2a0/0x930 [ 25.664493] ? find_held_lock+0x35/0x1d0 [ 25.664495] ? __do_page_fault+0x5f7/0xc90 [ 25.664497] ? lock_downgrade+0x980/0x980 [ 25.664498] ? down_read_trylock+0xdb/0x170 [ 25.664500] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 25.664502] ? vmacache_find+0x5f/0x280 [ 25.664503] ? up_read+0x1a/0x40 [ 25.664505] ? __do_page_fault+0x3d6/0xc90 [ 25.664506] ? kvm_vcpu_fault+0x520/0x520 [ 25.664508] ? do_vfs_ioctl+0x486/0x1520 [ 25.664510] ? _cond_resched+0x14/0x30 [ 25.664511] ? ioctl_preallocate+0x2b0/0x2b0 [ 25.664513] ? selinux_capable+0x40/0x40 [ 25.664514] ? putname+0xf3/0x130 [ 25.664516] do_group_exit+0x149/0x400 [ 25.664517] ? SyS_exit+0x30/0x30 [ 25.664519] Lost 12 message(s)! [ 26.735945] Shutting down cpus with NMI [ 27.790640] Dumping ftrace buffer: [ 27.794156] (ftrace buffer empty) [ 27.797829] Kernel Offset: disabled [ 27.801422] Rebooting in 86400 seconds..