[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 12.229035] mcstransd (3046) used greatest stack depth: 15488 bytes left Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 15.905058] audit: type=1400 audit(1513847702.290:6): avc: denied { map } for pid=3134 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-5,10.128.0.51' (ECDSA) to the list of known hosts. executing program [ 22.109087] audit: type=1400 audit(1513847708.494:7): avc: denied { map } for pid=3148 comm="syzkaller014237" path="/root/syzkaller014237149" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 22.141578] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 22.152684] ================================================================== [ 22.161148] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 22.167347] Read of size 8 at addr ffff8801c7ff8058 by task syzkaller014237/3148 [ 22.174844] [ 22.176441] CPU: 0 PID: 3148 Comm: syzkaller014237 Not tainted 4.15.0-rc4-mm1+ #47 [ 22.184114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.193433] Call Trace: [ 22.195987] dump_stack+0x194/0x257 [ 22.199582] ? arch_local_irq_restore+0x53/0x53 [ 22.204219] ? show_regs_print_info+0x18/0x18 [ 22.208687] ? __schedule+0xda3/0x2060 [ 22.212545] print_address_description+0x73/0x250 [ 22.217356] ? __schedule+0xda3/0x2060 [ 22.221213] kasan_report+0x23b/0x360 [ 22.224986] __asan_report_load8_noabort+0x14/0x20 [ 22.229882] __schedule+0xda3/0x2060 [ 22.233570] ? __sched_text_start+0x8/0x8 [ 22.237687] ? trace_hardirqs_on+0xd/0x10 [ 22.241805] ? __call_srcu+0x7ee/0x1020 [ 22.245749] ? do_raw_spin_trylock+0x190/0x190 [ 22.250300] ? do_raw_spin_trylock+0x190/0x190 [ 22.254860] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 22.260712] ? __debug_object_init+0x235/0x1040 [ 22.265358] preempt_schedule_common+0x22/0x60 [ 22.269910] _cond_resched+0x1d/0x30 [ 22.273590] wait_for_completion+0xa5/0x770 [ 22.277882] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 22.282868] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 22.288637] ? __lockdep_init_map+0xe4/0x650 [ 22.293019] ? __init_waitqueue_head+0x97/0x140 [ 22.297658] ? init_wait_entry+0x1b0/0x1b0 [ 22.301868] __synchronize_srcu+0x1ad/0x260 [ 22.306157] ? call_srcu+0x10/0x10 [ 22.309664] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 22.315175] ? irq_matrix_allocated+0x80/0x80 [ 22.319640] ? synchronize_srcu+0x3c5/0x570 [ 22.323933] synchronize_srcu+0x1a3/0x570 [ 22.328048] ? synchronize_srcu+0x1a3/0x570 [ 22.332338] ? lock_downgrade+0x980/0x980 [ 22.336457] ? synchronize_srcu_expedited+0x20/0x20 [ 22.341443] ? lock_release+0xa40/0xa40 [ 22.345388] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 22.350204] ? do_raw_spin_trylock+0x190/0x190 [ 22.354766] kvm_page_track_unregister_notifier+0x186/0x270 [ 22.360447] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 22.365871] ? kvfree+0x36/0x60 [ 22.369117] ? rcu_read_lock_sched_held+0x108/0x120 [ 22.374105] kvm_mmu_uninit_vm+0x1c/0x20 [ 22.378135] kvm_arch_destroy_vm+0x73b/0x980 [ 22.382516] ? kvm_arch_sync_events+0x30/0x30 [ 22.386980] ? mmdrop+0x18/0x30 [ 22.390229] ? mmu_notifier_unregister+0x43c/0x5c0 [ 22.395127] ? kvm_put_kvm+0x47a/0xde0 [ 22.398986] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 22.404929] ? __free_pages+0x107/0x150 [ 22.408874] ? free_unref_page+0x9e0/0x9e0 [ 22.413079] ? quarantine_put+0xeb/0x190 [ 22.417108] ? kfree+0xf0/0x260 [ 22.420356] ? kvm_put_kvm+0x614/0xde0 [ 22.424216] ? free_pages+0x51/0x90 [ 22.427812] kvm_put_kvm+0x695/0xde0 [ 22.431503] ? kvm_clear_guest+0xb0/0xb0 [ 22.435538] ? kvm_irqfd_release+0xd1/0x120 [ 22.439838] ? lock_downgrade+0x980/0x980 [ 22.443964] ? _raw_spin_unlock_irq+0x27/0x70 [ 22.448433] ? kvm_irqfd_release+0xdd/0x120 [ 22.452721] ? kvm_irqfd_release+0xdd/0x120 [ 22.457011] ? kvm_put_kvm+0xde0/0xde0 [ 22.460865] kvm_vm_release+0x42/0x50 [ 22.464639] __fput+0x327/0x7e0 [ 22.467901] ? fput+0x140/0x140 [ 22.471151] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 22.477002] ? _raw_spin_unlock_irq+0x27/0x70 [ 22.481469] ____fput+0x15/0x20 [ 22.484719] task_work_run+0x199/0x270 [ 22.488580] ? task_work_cancel+0x210/0x210 [ 22.492871] ? _raw_spin_unlock+0x22/0x30 [ 22.496987] ? switch_task_namespaces+0x87/0xc0 [ 22.501629] do_exit+0x9bb/0x1ad0 [ 22.505049] ? kvm_vcpu_fault+0x520/0x520 [ 22.509171] ? mm_update_next_owner+0x930/0x930 [ 22.513808] ? avc_has_extended_perms+0x7fa/0x12c0 [ 22.518706] ? unwind_get_return_address+0x61/0xa0 [ 22.523611] ? avc_ss_reset+0x110/0x110 [ 22.527555] ? putname+0xee/0x130 [ 22.530978] ? save_stack+0xa3/0xd0 [ 22.534576] ? save_stack+0x43/0xd0 [ 22.538169] ? kasan_slab_free+0x71/0xc0 [ 22.542200] ? putname+0xee/0x130 [ 22.545621] ? do_sys_open+0x31b/0x6d0 [ 22.549476] ? SyS_openat+0x30/0x40 [ 22.553077] ? debug_check_no_obj_freed+0x3da/0xf1f [ 22.558061] ? __lock_is_held+0xb6/0x140 [ 22.562104] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 22.567956] ? get_unused_fd_flags+0x190/0x190 [ 22.572516] ? kvm_vcpu_fault+0x520/0x520 [ 22.576631] ? do_vfs_ioctl+0x486/0x1520 [ 22.580660] ? _cond_resched+0x14/0x30 [ 22.584521] ? ioctl_preallocate+0x2b0/0x2b0 [ 22.588901] ? selinux_capable+0x40/0x40 [ 22.592944] ? putname+0xf3/0x130 [ 22.596374] do_group_exit+0x149/0x400 [ 22.600233] ? SyS_exit+0x30/0x30 [ 22.603656] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 22.608643] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 22.613371] SyS_exit_group+0x1d/0x20 [ 22.617142] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 22.621865] RIP: 0033:0x43ed98 [ 22.625023] RSP: 002b:00007ffe75420498 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 22.632700] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ed98 [ 22.639939] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 22.647179] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 22.654418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ac0 [ 22.661656] R13: 0000000000401b50 R14: 0000000000000000 R15: 0000000000000000 [ 22.668906] [ 22.670502] Allocated by task 3148: [ 22.674099] save_stack+0x43/0xd0 [ 22.677519] kasan_kmalloc+0xad/0xe0 [ 22.681201] kasan_slab_alloc+0x12/0x20 [ 22.685143] kmem_cache_alloc+0x12e/0x760 [ 22.689261] vmx_create_vcpu+0xc4/0x2f20 [ 22.693293] kvm_arch_vcpu_create+0x12c/0x1a0 [ 22.697764] kvm_vm_ioctl+0x48b/0x1c60 [ 22.701620] do_vfs_ioctl+0x1b1/0x1520 [ 22.705471] SyS_ioctl+0x8f/0xc0 [ 22.708808] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 22.713525] [ 22.715120] Freed by task 3148: [ 22.718368] save_stack+0x43/0xd0 [ 22.721789] kasan_slab_free+0x71/0xc0 [ 22.725644] kmem_cache_free+0x83/0x2a0 [ 22.729586] vmx_free_vcpu+0x1ee/0x260 [ 22.733441] kvm_arch_destroy_vm+0x4a2/0x980 [ 22.737816] kvm_put_kvm+0x695/0xde0 [ 22.741498] kvm_vm_release+0x42/0x50 [ 22.745266] __fput+0x327/0x7e0 [ 22.748517] ____fput+0x15/0x20 [ 22.751765] task_work_run+0x199/0x270 [ 22.755620] do_exit+0x9bb/0x1ad0 [ 22.759040] do_group_exit+0x149/0x400 [ 22.762896] SyS_exit_group+0x1d/0x20 [ 22.766666] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 22.771386] [ 22.772982] The buggy address belongs to the object at ffff8801c7ff8040 [ 22.772982] which belongs to the cache kvm_vcpu of size 23872 [ 22.785517] The buggy address is located 24 bytes inside of [ 22.785517] 23872-byte region [ffff8801c7ff8040, ffff8801c7ffdd80) [ 22.797453] The buggy address belongs to the page: [ 22.802351] page:ffffea00071ffe00 count:1 mapcount:0 mapping:ffff8801c7ff8040 index:0x0 compound_mapcount: 0 [ 22.812286] flags: 0x2fffc0000008100(slab|head) [ 22.816927] raw: 02fffc0000008100 ffff8801c7ff8040 0000000000000000 0000000100000001 [ 22.824777] raw: ffff8801d64ccf48 ffff8801d64ccf48 ffff8801d64319c0 0000000000000000 [ 22.832622] page dumped because: kasan: bad access detected [ 22.838295] [ 22.839888] Memory state around the buggy address: [ 22.844785] ffff8801c7ff7f00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc [ 22.852109] ffff8801c7ff7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.859435] >ffff8801c7ff8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 22.866759] ^ [ 22.872958] ffff8801c7ff8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.880285] ffff8801c7ff8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.887608] ================================================================== [ 22.894934] Kernel panic - not syncing: panic_on_warn set ... [ 22.894934] [ 22.902267] CPU: 0 PID: 3148 Comm: syzkaller014237 Tainted: G B 4.15.0-rc4-mm1+ #47 [ 22.911241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.920562] Call Trace: [ 22.923122] dump_stack+0x194/0x257 [ 22.926720] ? arch_local_irq_restore+0x53/0x53 [ 22.931357] ? kasan_end_report+0x32/0x50 [ 22.935476] ? lock_downgrade+0x980/0x980 [ 22.939593] ? vsnprintf+0x1ed/0x1900 [ 22.943364] ? __schedule+0xcf0/0x2060 [ 22.947220] panic+0x1e4/0x41c [ 22.950381] ? refcount_error_report+0x214/0x214 [ 22.955109] ? print_shadow_for_address+0xdc/0x1a0 [ 22.960006] ? add_taint+0x1c/0x50 [ 22.963519] ? __schedule+0xda3/0x2060 [ 22.967376] kasan_end_report+0x50/0x50 [ 22.971320] kasan_report+0x148/0x360 [ 22.975092] __asan_report_load8_noabort+0x14/0x20 [ 22.979999] __schedule+0xda3/0x2060 [ 22.983688] ? __sched_text_start+0x8/0x8 [ 22.987807] ? trace_hardirqs_on+0xd/0x10 [ 22.991926] ? __call_srcu+0x7ee/0x1020 [ 22.995869] ? do_raw_spin_trylock+0x190/0x190 [ 23.000419] ? do_raw_spin_trylock+0x190/0x190 [ 23.004979] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.010832] ? __debug_object_init+0x235/0x1040 [ 23.015478] preempt_schedule_common+0x22/0x60 [ 23.020029] _cond_resched+0x1d/0x30 [ 23.023713] wait_for_completion+0xa5/0x770 [ 23.028005] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.032991] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 23.038758] ? __lockdep_init_map+0xe4/0x650 [ 23.043141] ? __init_waitqueue_head+0x97/0x140 [ 23.047781] ? init_wait_entry+0x1b0/0x1b0 [ 23.051991] __synchronize_srcu+0x1ad/0x260 [ 23.056282] ? call_srcu+0x10/0x10 [ 23.059790] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 23.065301] ? irq_matrix_allocated+0x80/0x80 [ 23.069765] ? synchronize_srcu+0x3c5/0x570 [ 23.074059] synchronize_srcu+0x1a3/0x570 [ 23.078174] ? synchronize_srcu+0x1a3/0x570 [ 23.082464] ? lock_downgrade+0x980/0x980 [ 23.086578] ? synchronize_srcu_expedited+0x20/0x20 [ 23.091563] ? lock_release+0xa40/0xa40 [ 23.095508] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 23.100321] ? do_raw_spin_trylock+0x190/0x190 [ 23.104886] kvm_page_track_unregister_notifier+0x186/0x270 [ 23.110570] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 23.115993] ? kvfree+0x36/0x60 [ 23.119242] ? rcu_read_lock_sched_held+0x108/0x120 [ 23.124233] kvm_mmu_uninit_vm+0x1c/0x20 [ 23.128268] kvm_arch_destroy_vm+0x73b/0x980 [ 23.132650] ? kvm_arch_sync_events+0x30/0x30 [ 23.137113] ? mmdrop+0x18/0x30 [ 23.140364] ? mmu_notifier_unregister+0x43c/0x5c0 [ 23.145264] ? kvm_put_kvm+0x47a/0xde0 [ 23.149125] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 23.155068] ? __free_pages+0x107/0x150 [ 23.159013] ? free_unref_page+0x9e0/0x9e0 [ 23.163215] ? quarantine_put+0xeb/0x190 [ 23.167242] ? kfree+0xf0/0x260 [ 23.170491] ? kvm_put_kvm+0x614/0xde0 [ 23.174350] ? free_pages+0x51/0x90 [ 23.177945] kvm_put_kvm+0x695/0xde0 [ 23.181636] ? kvm_clear_guest+0xb0/0xb0 [ 23.185670] ? kvm_irqfd_release+0xd1/0x120 [ 23.189962] ? lock_downgrade+0x980/0x980 [ 23.194090] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.198558] ? kvm_irqfd_release+0xdd/0x120 [ 23.202848] ? kvm_irqfd_release+0xdd/0x120 [ 23.207139] ? kvm_put_kvm+0xde0/0xde0 [ 23.210995] kvm_vm_release+0x42/0x50 [ 23.214764] __fput+0x327/0x7e0 [ 23.218018] ? fput+0x140/0x140 [ 23.221273] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.227122] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.231590] ____fput+0x15/0x20 [ 23.234838] task_work_run+0x199/0x270 [ 23.238695] ? task_work_cancel+0x210/0x210 [ 23.242986] ? _raw_spin_unlock+0x22/0x30 [ 23.247103] ? switch_task_namespaces+0x87/0xc0 [ 23.251743] do_exit+0x9bb/0x1ad0 [ 23.255165] ? kvm_vcpu_fault+0x520/0x520 [ 23.259286] ? mm_update_next_owner+0x930/0x930 [ 23.263922] ? avc_has_extended_perms+0x7fa/0x12c0 [ 23.268820] ? unwind_get_return_address+0x61/0xa0 [ 23.273724] ? avc_ss_reset+0x110/0x110 [ 23.277669] ? putname+0xee/0x130 [ 23.281089] ? save_stack+0xa3/0xd0 [ 23.284683] ? save_stack+0x43/0xd0 [ 23.288276] ? kasan_slab_free+0x71/0xc0 [ 23.292307] ? putname+0xee/0x130 [ 23.295727] ? do_sys_open+0x31b/0x6d0 [ 23.299579] ? SyS_openat+0x30/0x40 [ 23.303179] ? debug_check_no_obj_freed+0x3da/0xf1f [ 23.308165] ? __lock_is_held+0xb6/0x140 [ 23.312206] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.318058] ? get_unused_fd_flags+0x190/0x190 [ 23.322616] ? kvm_vcpu_fault+0x520/0x520 [ 23.326729] ? do_vfs_ioctl+0x486/0x1520 [ 23.330759] ? _cond_resched+0x14/0x30 [ 23.334617] ? ioctl_preallocate+0x2b0/0x2b0 [ 23.338996] ? selinux_capable+0x40/0x40 [ 23.343027] ? putname+0xf3/0x130 [ 23.346457] do_group_exit+0x149/0x400 [ 23.350314] ? SyS_exit+0x30/0x30 [ 23.353735] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.358720] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 23.363446] SyS_exit_group+0x1d/0x20 [ 23.367217] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.371939] RIP: 0033:0x43ed98 [ 23.375098] RSP: 002b:00007ffe75420498 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 23.382772] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ed98 [ 23.390010] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 23.397250] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 23.404490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ac0 [ 23.411726] R13: 0000000000401b50 R14: 0000000000000000 R15: 0000000000000000 [ 23.418979] [ 23.418981] ====================================================== [ 23.418984] WARNING: possible circular locking dependency detected [ 23.418985] 4.15.0-rc4-mm1+ #47 Not tainted [ 23.418988] ------------------------------------------------------ [ 23.418990] syzkaller014237/3148 is trying to acquire lock: [ 23.418991] ((console_sem).lock){..-.}, at: [<000000006b4b57cc>] down_trylock+0x13/0x70 [ 23.418996] [ 23.418998] but task is already holding lock: [ 23.418999] (report_lock){....}, at: [<00000000682a1a32>] kasan_report+0x6b/0x360 [ 23.419004] [ 23.419006] which lock already depends on the new lock. [ 23.419007] [ 23.419008] [ 23.419010] the existing dependency chain (in reverse order) is: [ 23.419011] [ 23.419012] -> #3 (report_lock){....}: [ 23.419017] _raw_spin_lock_irqsave+0x96/0xc0 [ 23.419019] kasan_report+0x6b/0x360 [ 23.419021] __asan_report_load8_noabort+0x14/0x20 [ 23.419023] __schedule+0xda3/0x2060 [ 23.419024] preempt_schedule_common+0x22/0x60 [ 23.419026] _cond_resched+0x1d/0x30 [ 23.419028] wait_for_completion+0xa5/0x770 [ 23.419029] __synchronize_srcu+0x1ad/0x260 [ 23.419031] synchronize_srcu+0x1a3/0x570 [ 23.419033] kvm_page_track_unregister_notifier+0x186/0x270 [ 23.419035] kvm_mmu_uninit_vm+0x1c/0x20 [ 23.419037] kvm_arch_destroy_vm+0x73b/0x980 [ 23.419038] kvm_put_kvm+0x695/0xde0 [ 23.419040] kvm_vm_release+0x42/0x50 [ 23.419041] __fput+0x327/0x7e0 [ 23.419043] ____fput+0x15/0x20 [ 23.419045] task_work_run+0x199/0x270 [ 23.419046] do_exit+0x9bb/0x1ad0 [ 23.419048] do_group_exit+0x149/0x400 [ 23.419049] SyS_exit_group+0x1d/0x20 [ 23.419051] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.419052] [ 23.419053] -> #2 (&rq->lock){-.-.}: [ 23.419058] _raw_spin_lock+0x2a/0x40 [ 23.419060] task_fork_fair+0x7a/0x690 [ 23.419061] sched_fork+0x435/0xc00 [ 23.419063] copy_process.part.37+0x1758/0x4b60 [ 23.419065] _do_fork+0x1f7/0xf70 [ 23.419066] kernel_thread+0x34/0x40 [ 23.419068] rest_init+0x22/0xf0 [ 23.419070] start_kernel+0x7f1/0x819 [ 23.419071] x86_64_start_reservations+0x2a/0x2c [ 23.419073] x86_64_start_kernel+0x77/0x7a [ 23.419075] secondary_startup_64+0xa5/0xb0 [ 23.419076] [ 23.419077] -> #1 (&p->pi_lock){-.-.}: [ 23.419082] _raw_spin_lock_irqsave+0x96/0xc0 [ 23.419084] try_to_wake_up+0xbc/0x1600 [ 23.419085] wake_up_process+0x10/0x20 [ 23.419087] __up.isra.0+0x1cc/0x2c0 [ 23.419088] up+0x13b/0x1d0 [ 23.419090] __up_console_sem+0xb2/0x1a0 [ 23.419092] console_unlock+0x538/0xd70 [ 23.419093] con_flush_chars+0x6e/0x80 [ 23.419095] n_tty_write+0x71b/0xec0 [ 23.419097] tty_write+0x3fa/0x840 [ 23.419098] __vfs_write+0xef/0x970 [ 23.419100] vfs_write+0x189/0x510 [ 23.419101] SyS_write+0xef/0x220 [ 23.419103] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.419104] [ 23.419105] -> #0 ((console_sem).lock){..-.}: [ 23.419110] lock_acquire+0x1d5/0x580 [ 23.419112] _raw_spin_lock_irqsave+0x96/0xc0 [ 23.419114] down_trylock+0x13/0x70 [ 23.419116] __down_trylock_console_sem+0xa2/0x1e0 [ 23.419117] console_trylock+0x15/0x100 [ 23.419119] vprintk_emit+0x49b/0x590 [ 23.419120] vprintk_default+0x28/0x30 [ 23.419122] vprintk_func+0x57/0xc0 [ 23.419123] printk+0xaa/0xca [ 23.419125] kasan_report+0x7b/0x360 [ 23.419127] __asan_report_load8_noabort+0x14/0x20 [ 23.419128] __schedule+0xda3/0x2060 [ 23.419130] preempt_schedule_common+0x22/0x60 [ 23.419132] _cond_resched+0x1d/0x30 [ 23.419134] wait_for_completion+0xa5/0x770 [ 23.419135] __synchronize_srcu+0x1ad/0x260 [ 23.419137] synchronize_srcu+0x1a3/0x570 [ 23.419139] kvm_page_track_unregister_notifier+0x186/0x270 [ 23.419141] kvm_mmu_uninit_vm+0x1c/0x20 [ 23.419143] kvm_arch_destroy_vm+0x73b/0x980 [ 23.419144] kvm_put_kvm+0x695/0xde0 [ 23.419146] kvm_vm_release+0x42/0x50 [ 23.419147] __fput+0x327/0x7e0 [ 23.419149] ____fput+0x15/0x20 [ 23.419150] task_work_run+0x199/0x270 [ 23.419152] do_exit+0x9bb/0x1ad0 [ 23.419154] do_group_exit+0x149/0x400 [ 23.419155] SyS_exit_group+0x1d/0x20 [ 23.419157] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.419158] [ 23.419160] other info that might help us debug this: [ 23.419161] [ 23.419162] Chain exists of: [ 23.419163] (console_sem).lock --> &rq->lock --> report_lock [ 23.419169] [ 23.419171] Possible unsafe locking scenario: [ 23.419172] [ 23.419174] CPU0 CPU1 [ 23.419175] ---- ---- [ 23.419176] lock(report_lock); [ 23.419180] lock(&rq->lock); [ 23.419183] lock(report_lock); [ 23.419186] lock((console_sem).lock); [ 23.419189] [ 23.419191] *** DEADLOCK *** [ 23.419192] [ 23.419193] 2 locks held by syzkaller014237/3148: [ 23.419194] #0: (&rq->lock){-.-.}, at: [<00000000a993588b>] __schedule+0x24e/0x2060 [ 23.419200] #1: (report_lock){....}, at: [<00000000682a1a32>] kasan_report+0x6b/0x360 [ 23.419206] [ 23.419207] stack backtrace: [ 23.419210] CPU: 0 PID: 3148 Comm: syzkaller014237 Not tainted 4.15.0-rc4-mm1+ #47 [ 23.419213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.419214] Call Trace: [ 23.419216] dump_stack+0x194/0x257 [ 23.419217] ? arch_local_irq_restore+0x53/0x53 [ 23.419219] print_circular_bug.isra.37+0x2cd/0x2dc [ 23.419221] ? save_trace+0xe0/0x2b0 [ 23.419222] __lock_acquire+0x30a8/0x3e00 [ 23.419224] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 23.419226] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 23.419228] ? print_lockdep_cache.isra.31+0x109/0x109 [ 23.419230] ? save_stack_trace+0x1a/0x20 [ 23.419231] ? save_trace+0xe0/0x2b0 [ 23.419233] ? __lock_acquire+0x36c0/0x3e00 [ 23.419235] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 23.419237] ? __lock_is_held+0xb6/0x140 [ 23.419238] ? __lock_is_held+0xb6/0x140 [ 23.419240] lock_acquire+0x1d5/0x580 [ 23.419241] ? lock_acquire+0x1d5/0x580 [ 23.419243] ? down_trylock+0x13/0x70 [ 23.419244] ? find_held_lock+0x35/0x1d0 [ 23.419249] ? lock_release+0xa40/0xa40 [ 23.419250] ? vprintk_emit+0x379/0x590 [ 23.419252] ? lock_downgrade+0x980/0x980 [ 23.419254] ? kvm_sched_clock_read+0x25/0x40 [ 23.419255] ? sched_clock+0x31/0x40 [ 23.419257] ? sched_clock_cpu+0x1b/0x170 [ 23.419259] ? vprintk_emit+0x49b/0x590 [ 23.419260] _raw_spin_lock_irqsave+0x96/0xc0 [ 23.419262] ? down_trylock+0x13/0x70 [ 23.419263] down_trylock+0x13/0x70 [ 23.419265] ? vprintk_emit+0x49b/0x590 [ 23.419267] __down_trylock_console_sem+0xa2/0x1e0 [ 23.419268] console_trylock+0x15/0x100 [ 23.419270] vprintk_emit+0x49b/0x590 [ 23.419271] vprintk_default+0x28/0x30 [ 23.419273] vprintk_func+0x57/0xc0 [ 23.419274] printk+0xaa/0xca [ 23.419276] ? show_regs_print_info+0x18/0x18 [ 23.419278] ? __schedule+0xda3/0x2060 [ 23.419279] kasan_report+0x7b/0x360 [ 23.419281] __asan_report_load8_noabort+0x14/0x20 [ 23.419282] __schedule+0xda3/0x2060 [ 23.419284] ? __sched_text_start+0x8/0x8 [ 23.419286] ? trace_hardirqs_on+0xd/0x10 [ 23.419287] ? __call_srcu+0x7ee/0x1020 [ 23.419289] ? do_raw_spin_trylock+0x190/0x190 [ 23.419291] ? do_raw_spin_trylock+0x190/0x190 [ 23.419293] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.419295] ? __debug_object_init+0x235/0x1040 [ 23.419297] preempt_schedule_common+0x22/0x60 [ 23.419298] _cond_resched+0x1d/0x30 [ 23.419300] wait_for_completion+0xa5/0x770 [ 23.419302] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.419304] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 23.419305] ? __lockdep_init_map+0xe4/0x650 [ 23.419307] ? __init_waitqueue_head+0x97/0x140 [ 23.419309] ? init_wait_entry+0x1b0/0x1b0 [ 23.419311] __synchronize_srcu+0x1ad/0x260 [ 23.419312] ? call_srcu+0x10/0x10 [ 23.419314] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 23.419316] ? irq_matrix_allocated+0x80/0x80 [ 23.419317] ? synchronize_srcu+0x3c5/0x570 [ 23.419319] synchronize_srcu+0x1a3/0x570 [ 23.419321] ? synchronize_srcu+0x1a3/0x570 [ 23.419322] ? lock_downgrade+0x980/0x980 [ 23.419324] ? synchronize_srcu_expedited+0x20/0x20 [ 23.419326] ? lock_release+0xa40/0xa40 [ 23.419328] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 23.419330] ? do_raw_spin_trylock+0x190/0x190 [ 23.419332] kvm_page_track_unregister_notifier+0x186/0x270 [ 23.419334] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 23.419335] ? kvfree+0x36/0x60 [ 23.419337] ? rcu_read_lock_sched_held+0x108/0x120 [ 23.419339] kvm_mmu_uninit_vm+0x1c/0x20 [ 23.419340] kvm_arch_destroy_vm+0x73b/0x980 [ 23.419342] ? kvm_arch_sync_events+0x30/0x30 [ 23.419343] ? mmdrop+0x18/0x30 [ 23.419345] ? mmu_notifier_unregister+0x43c/0x5c0 [ 23.419347] ? kvm_put_kvm+0x47a/0xde0 [ 23.419349] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 23.419350] ? __free_pages+0x107/0x150 [ 23.419352] ? free_unref_page+0x9e0/0x9e0 [ 23.419354] ? quarantine_put+0xeb/0x190 [ 23.419355] ? kfree+0xf0/0x260 [ 23.419357] ? kvm_put_kvm+0x614/0xde0 [ 23.419358] ? free_pages+0x51/0x90 [ 23.419360] kvm_put_kvm+0x695/0xde0 [ 23.419361] ? kvm_clear_guest+0xb0/0xb0 [ 23.419363] ? kvm_irqfd_release+0xd1/0x120 [ 23.419365] ? lock_downgrade+0x980/0x980 [ 23.419366] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.419368] ? kvm_irqfd_release+0xdd/0x120 [ 23.419370] ? kvm_irqfd_release+0xdd/0x120 [ 23.419371] ? kvm_put_kvm+0xde0/0xde0 [ 23.419373] kvm_vm_release+0x42/0x50 [ 23.419374] __fput+0x327/0x7e0 [ 23.419376] ? fput+0x140/0x140 [ 23.419378] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.419379] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.419381] ____fput+0x15/0x20 [ 23.419382] task_work_run+0x199/0x270 [ 23.419384] ? task_work_cancel+0x210/0x210 [ 23.419386] ? _raw_spin_unlock+0x22/0x30 [ 23.419388] ? switch_task_namespaces+0x87/0xc0 [ 23.419389] do_exit+0x9bb/0x1ad0 [ 23.419391] ? kvm_vcpu_fault+0x520/0x520 [ 23.419392] ? mm_update_next_owner+0x930/0x930 [ 23.419394] ? avc_has_extended_perms+0x7fa/0x12c0 [ 23.419396] ? unwind_get_return_address+0x61/0xa0 [ 23.419398] ? avc_ss_reset+0x110/0x110 [ 23.419399] ? putname+0xee/0x130 [ 23.419401] ? save_stack+0xa3/0xd0 [ 23.419402] ? save_stack+0x43/0xd0 [ 23.419404] ? kasan_slab_free+0x71/0xc0 [ 23.419405] ? putname+0xee/0x130 [ 23.419407] ? do_sys_open+0x31b/0x6d0 [ 23.419408] ? SyS_openat+0x30/0x40 [ 23.419410] ? debug_check_no_obj_freed+0x3da/0xf1f [ 23.419412] ? __lock_is_held+0xb6/0x140 [ 23.419414] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.419416] ? get_unused_fd_flags+0x190/0x190 [ 23.419417] ? kvm_vcpu_fault+0x520/0x520 [ 23.419419] ? do_vfs_ioctl+0x486/0x1520 [ 23.419420] ? _cond_resched+0x14/0x30 [ 23.419422] Lost 17 message(s)! [ 24.493533] Shutting down cpus with NMI [ 25.547473] Dumping ftrace buffer: [ 25.550986] (ftrace buffer empty) [ 25.554661] Kernel Offset: disabled [ 25.558256] Rebooting in 86400 seconds..