====================================================== WARNING: possible circular locking dependency detected 4.15.0-rc3-next-20171214+ #67 Not tainted ------------------------------------------------------ syz-executor3/13869 is trying to acquire lock: (&sig->cred_guard_mutex){+.+.}, at: [<0000000090c07d6d>] lock_trace+0x25/0x70 fs/proc/base.c:407 but task is already holding lock: (&p->lock){+.+.}, at: [<00000000785bc0bf>] seq_read+0x41/0x520 fs/seq_file.c:165 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&p->lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x6b/0xa00 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 seq_read+0x41/0x520 fs/seq_file.c:165 proc_reg_read+0x72/0xd0 fs/proc/inode.c:217 do_loop_readv_writev fs/read_write.c:673 [inline] do_iter_read+0x1c3/0x210 fs/read_write.c:897 vfs_readv+0x87/0xc0 fs/read_write.c:959 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x205/0x360 fs/splice.c:416 do_splice_to+0x95/0xc0 fs/splice.c:880 do_splice fs/splice.c:1173 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x762/0x7b0 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #1 (&pipe->mutex/1){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x6b/0xa00 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 __pipe_lock fs/pipe.c:88 [inline] fifo_open+0x7d/0x3e0 fs/pipe.c:916 do_dentry_open+0x282/0x410 fs/open.c:752 vfs_open+0x5d/0xb0 fs/open.c:866 do_last fs/namei.c:3397 [inline] path_openat+0x24c/0x1050 fs/namei.c:3537 do_filp_open+0xaa/0x120 fs/namei.c:3572 do_open_execat+0x94/0x1e0 fs/exec.c:849 do_execveat_common.isra.30+0x311/0xb90 fs/exec.c:1741 do_execve fs/exec.c:1848 [inline] SYSC_execve fs/exec.c:1929 [inline] SyS_execve+0x39/0x50 fs/exec.c:1924 do_syscall_64+0x7f/0x270 arch/x86/entry/common.c:285 return_from_SYSCALL_64+0x0/0x75 -> #0 (&sig->cred_guard_mutex){+.+.}: lock_acquire+0xbf/0x220 kernel/locking/lockdep.c:3914 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x6b/0xa00 kernel/locking/mutex.c:893 mutex_lock_killable_nested+0x16/0x20 kernel/locking/mutex.c:923 lock_trace+0x25/0x70 fs/proc/base.c:407 proc_pid_personality+0x1c/0x60 fs/proc/base.c:2899 proc_single_show+0x55/0x90 fs/proc/base.c:746 seq_read+0xf1/0x520 fs/seq_file.c:234 __vfs_read+0x43/0x1d0 fs/read_write.c:411 vfs_read+0xce/0x1c0 fs/read_write.c:447 SYSC_read fs/read_write.c:573 [inline] SyS_read+0x57/0xd0 fs/read_write.c:566 entry_SYSCALL_64_fastpath+0x1f/0x96 other info that might help us debug this: Chain exists of: &sig->cred_guard_mutex --> &pipe->mutex/1 --> &p->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&p->lock); lock(&pipe->mutex/1); lock(&p->lock); lock(&sig->cred_guard_mutex); *** DEADLOCK *** 2 locks held by syz-executor3/13869: #0: (&f->f_pos_lock){+.+.}, at: [<00000000dba82239>] __fdget_pos+0x5b/0x70 fs/file.c:765 #1: (&p->lock){+.+.}, at: [<00000000785bc0bf>] seq_read+0x41/0x520 fs/seq_file.c:165 stack backtrace: CPU: 0 PID: 13869 Comm: syz-executor3 Not tainted 4.15.0-rc3-next-20171214+ #67 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xe9/0x14b lib/dump_stack.c:53 print_circular_bug.isra.38+0x1f3/0x201 kernel/locking/lockdep.c:1218 check_prev_add kernel/locking/lockdep.c:1858 [inline] check_prevs_add kernel/locking/lockdep.c:1971 [inline] validate_chain kernel/locking/lockdep.c:2412 [inline] __lock_acquire+0x1395/0x1430 kernel/locking/lockdep.c:3426 lock_acquire+0xbf/0x220 kernel/locking/lockdep.c:3914 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x6b/0xa00 kernel/locking/mutex.c:893 mutex_lock_killable_nested+0x16/0x20 kernel/locking/mutex.c:923 lock_trace+0x25/0x70 fs/proc/base.c:407 proc_pid_personality+0x1c/0x60 fs/proc/base.c:2899 proc_single_show+0x55/0x90 fs/proc/base.c:746 seq_read+0xf1/0x520 fs/seq_file.c:234 __vfs_read+0x43/0x1d0 fs/read_write.c:411 vfs_read+0xce/0x1c0 fs/read_write.c:447 SYSC_read fs/read_write.c:573 [inline] SyS_read+0x57/0xd0 fs/read_write.c:566 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a09 RSP: 002b:00007f34a3e3dc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000452a09 RDX: 0000000000000008 RSI: 0000000020cb0ff8 RDI: 0000000000000013 RBP: 00000000000005bf R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f5a88 R13: 00000000ffffffff R14: 00007f34a3e3e6d4 R15: 0000000000000004 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl device gre0 entered promiscuous mode netlink: 'syz-executor3': attribute type 6 has an invalid length. netlink: 'syz-executor3': attribute type 6 has an invalid length. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=14145 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=14145 comm=syz-executor2 sock: sock_set_timeout: `syz-executor7' (pid 14192) tries to set negative timeout irq bypass consumer (token 00000000877f7964) registration fails: -16 netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=14337 comm=syz-executor6 device gre0 entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode Started in network mode Own node address <160.911.2947>, network identity 4711 sctp: [Deprecated]: syz-executor3 (pid 14711) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor3 (pid 14716) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead TCP: request_sock_TCP: Possible SYN flooding on port 20022. Sending cookies. Check SNMP counters. device syz2 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode RDS: rds_bind could not find a transport for 172.20.6.187, load rds_tcp or rds_rdma? RDS: rds_bind could not find a transport for 0.0.0.7, load rds_tcp or rds_rdma? RDS: rds_bind could not find a transport for 172.20.6.187, load rds_tcp or rds_rdma? RDS: rds_bind could not find a transport for 0.0.0.7, load rds_tcp or rds_rdma? SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=15142 comm=syz-executor0 QAT: Invalid ioctl QAT: Invalid ioctl Disabled LAPIC found during irq injection Disabled LAPIC found during irq injection device eql entered promiscuous mode kauditd_printk_skb: 70 callbacks suppressed audit: type=1326 audit(1513667184.584:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15436 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513667184.596:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15436 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=41 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513667184.596:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15436 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513667184.596:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15436 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513667184.603:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15436 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=42 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513667184.603:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15436 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513667184.603:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15436 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513667184.604:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15436 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513667184.604:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15436 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513667184.604:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=15436 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 device gre0 entered promiscuous mode dccp_invalid_packet: invalid packet type dccp_invalid_packet: invalid packet type irq bypass consumer (token 000000009f00deb6) registration fails: -16 irq bypass consumer (token 000000009f00deb6) registration fails: -16 QAT: failed to copy from user. netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. irq bypass consumer (token 0000000000bce465) registration fails: -16 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=24 sclass=netlink_audit_socket pig=15931 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=24 sclass=netlink_audit_socket pig=15931 comm=syz-executor4 binder: 15989:15991 unknown command 0 binder: 15989:15991 ioctl c0306201 2000a000 returned -22 binder: 15989:15991 got transaction with invalid offset (48, min 24 max 24) or object. binder: 15989:15991 transaction failed 29201/-22, size 24-16 line 3010 binder_alloc: binder_alloc_mmap_handler: 15989 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 15989:16011 ioctl 40046207 0 returned -16 binder: 15989:15991 unknown command 0 binder: 15989:15991 ioctl c0306201 2000a000 returned -22 binder: undelivered TRANSACTION_ERROR: 29201 netlink: 'syz-executor0': attribute type 4 has an invalid length. netlink: 'syz-executor0': attribute type 4 has an invalid length. tmpfs: No value for mount option 'Ì' tmpfs: No value for mount option 'Ì' 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 binder: 16333 RLIMIT_NICE not set binder: 16333 RLIMIT_NICE not set binder: release 16315:16333 transaction 55 in, still active binder: send failed reply for transaction 55 to 16315:16317 binder: BINDER_SET_CONTEXT_MGR already set binder: 16315:16333 ioctl 40046207 0 returned -16 binder_alloc: 16315: binder_alloc_buf, no vma binder: 16315:16317 transaction failed 29189/-3, size 0-0 line 2947 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 QAT: Invalid ioctl QAT: Invalid ioctl nla_parse: 2 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2852 sclass=netlink_route_socket pig=16514 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2852 sclass=netlink_route_socket pig=16522 comm=syz-executor0 netlink: 'syz-executor2': attribute type 4 has an invalid length. could not allocate digest TFM handle ÿè{3J4-avxs¸Ø could not allocate digest TFM handle ÿè{3J4-avxs¸Ø binder: 16661:16663 ERROR: BC_REGISTER_LOOPER called without request binder: 16663 RLIMIT_NICE not set binder: 16663 RLIMIT_NICE not set binder: 16663 RLIMIT_NICE not set binder: BINDER_SET_CONTEXT_MGR already set binder: 16661:16685 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 59, process died. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=45289 sclass=netlink_route_socket pig=16755 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=45289 sclass=netlink_route_socket pig=16755 comm=syz-executor7 QAT: Invalid ioctl QAT: Invalid ioctl device gre0 entered promiscuous mode device gre0 entered promiscuous mode QAT: Invalid ioctl netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. QAT: Invalid ioctl SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=17018 comm=syz-executor5 QAT: Invalid ioctl QAT: Invalid ioctl SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=17042 comm=syz-executor5 binder: 17077:17079 got transaction with invalid offset (0, min 0 max 0) or object. binder: 17077:17079 transaction failed 29201/-22, size 0-8 line 3010 binder: BINDER_SET_CONTEXT_MGR already set sg_write: data in/out 327644/208 bytes for SCSI command 0xc2-- guessing data in; program syz-executor4 not setting count and/or reply_len properly sg_write: data in/out 327644/208 bytes for SCSI command 0xc2-- guessing data in; program syz-executor4 not setting count and/or reply_len properly encrypted_key: insufficient parameters specified binder: 17077:17106 ioctl 40046207 0 returned -16 encrypted_key: insufficient parameters specified netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. binder: 17245:17248 ioctl c0306201 20004000 returned -11 binder: BINDER_SET_CONTEXT_MGR already set binder: 17245:17248 ioctl 40046207 0 returned -16 binder: 17456:17458 ioctl 404c534a 2000b000 returned -22 netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'. binder: 17458 RLIMIT_NICE not set binder: 17458 RLIMIT_NICE not set binder: 17456:17491 got new transaction with bad transaction stack, transaction 64 has target 17456:17458 binder: 17456:17491 transaction failed 29201/-71, size 0-0 line 2859 binder: release 17456:17458 transaction 64 in, still active binder: send failed reply for transaction 64 to 17456:17491 binder: BINDER_SET_CONTEXT_MGR already set binder: 17456:17491 ioctl 40046207 0 returned -16 binder: 17456:17458 ioctl 404c534a 2000b000 returned -22 binder: 17491 RLIMIT_NICE not set binder_alloc: 17456: binder_alloc_buf, no vma binder: 17456:17491 transaction failed 29189/-3, size 0-0 line 2947 binder_alloc: 17456: binder_alloc_buf, no vma binder: 17456:17496 transaction failed 29189/-3, size 0-0 line 2947 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=17519 comm=syz-executor4 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 sctp: [Deprecated]: syz-executor2 (pid 17542) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor2 (pid 17542) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=17564 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=17586 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=17591 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=17564 comm=syz-executor4 binder: 17726:17728 got reply transaction with no transaction stack binder: 17726:17728 transaction failed 29201/-71, size 0-0 line 2747 netlink: 39 bytes leftover after parsing attributes in process `syz-executor2'. binder: 17726:17728 got reply transaction with no transaction stack binder: 17726:17728 transaction failed 29201/-71, size 0-0 line 2747 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29201 netlink: 39 bytes leftover after parsing attributes in process `syz-executor2'. device gre0 entered promiscuous mode netlink: 21 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 21 bytes leftover after parsing attributes in process `syz-executor0'. irq bypass consumer (token 000000008dcb88a6) registration fails: -16 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47683 sclass=netlink_route_socket pig=17952 comm=syz-executor0 : renamed from syz3 device syz6 entered promiscuous mode QAT: Invalid ioctl binder: 18033:18038 ERROR: BC_REGISTER_LOOPER called without request binder: 18038 RLIMIT_NICE not set QAT: Invalid ioctl binder: 18038 RLIMIT_NICE not set binder: 18033:18047 got reply transaction with bad transaction stack, transaction 71 has target 18033:0 binder: 18033:18047 transaction failed 29201/-71, size 24-8 line 2762 binder: release 18033:18038 transaction 71 in, still active binder: send failed reply for transaction 71 to 18033:18047 binder: undelivered TRANSACTION_ERROR: 29189 binder: 18033:18038 ERROR: BC_REGISTER_LOOPER called without request binder: 18075:18078 ERROR: BC_REGISTER_LOOPER called without request binder: 18078 RLIMIT_NICE not set binder: 18038 RLIMIT_NICE not set binder_alloc: 18033: binder_alloc_buf, no vma binder: 18033:18047 transaction failed 29189/-3, size 0-0 line 2947 binder: 18075:18079 got reply transaction with no transaction stack binder: undelivered TRANSACTION_ERROR: 29189 binder: 18075:18085 BC_FREE_BUFFER uffffffffffffffff no match binder: 18075:18085 IncRefs 0 refcount change on invalid ref 4 ret -22 binder: 18075:18079 transaction failed 29201/-71, size 32-32 line 2747 binder: BINDER_SET_CONTEXT_MGR already set binder: 18075:18087 ERROR: BC_REGISTER_LOOPER called without request binder: 18087 RLIMIT_NICE not set binder: 18075:18079 got reply transaction with no transaction stack binder: 18075:18079 transaction failed 29201/-71, size 32-32 line 2747 binder: 18075:18087 BC_FREE_BUFFER uffffffffffffffff no match binder: 18075:18087 IncRefs 0 refcount change on invalid ref 4 ret -22 binder: 18087 RLIMIT_NICE not set binder: 18075:18085 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29201 general protection fault: 0000 [#1] SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 18161 Comm: syz-executor2 Not tainted 4.15.0-rc3-next-20171214+ #67 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:native_write_cr4+0x4/0x10 arch/x86/include/asm/special_insns.h:76 RSP: 0018:ffffc90000f7bb10 EFLAGS: 00010093 RAX: ffff8801fb7c83c0 RBX: 00000000001606e0 RCX: ffffffff8108d968 RDX: 0000000000000000 RSI: ffff88021fd11130 RDI: 00000000001606e0 RBP: ffffc90000f7bb10 R08: 0000000000000000 R09: ffffffff81029dd4 R10: ffffc90000f7bb30 R11: 0000000000000000 R12: 0000000000000093 R13: 0000000000000000 R14: ffff88020f9300d0 R15: ffff88020f930098 FS: 00007f81188e7700(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f335f0ee000 CR3: 000000000301e001 CR4: 00000000001626e0 Call Trace: __write_cr4 arch/x86/include/asm/paravirt.h:76 [inline] __cr4_set arch/x86/include/asm/tlbflush.h:252 [inline] cr4_clear_bits arch/x86/include/asm/tlbflush.h:275 [inline] kvm_cpu_vmxoff arch/x86/kvm/vmx.c:3582 [inline] hardware_disable+0x1a0/0x210 arch/x86/kvm/vmx.c:3588 kvm_arch_hardware_disable+0x14/0x50 arch/x86/kvm/x86.c:7983 hardware_disable_nolock+0x30/0x40 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3291 on_each_cpu+0x86/0x110 kernel/smp.c:604 hardware_disable_all_nolock+0x3e/0x50 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3309 hardware_disable_all arch/x86/kvm/../../../virt/kvm/kvm_main.c:3315 [inline] kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:742 [inline] kvm_put_kvm+0x349/0x4a0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:755 kvm_vm_release+0x24/0x30 arch/x86/kvm/../../../virt/kvm/kvm_main.c:766 __fput+0x120/0x270 fs/file_table.c:209 ____fput+0x15/0x20 fs/file_table.c:243 task_work_run+0xa3/0xe0 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x3e6/0x1050 kernel/exit.c:869 do_group_exit+0x60/0x100 kernel/exit.c:972 get_signal+0x36c/0xad0 kernel/signal.c:2337 do_signal+0x23/0x670 arch/x86/kernel/signal.c:809 exit_to_usermode_loop+0x13c/0x160 arch/x86/entry/common.c:161 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x1b4/0x1e0 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x94/0x96 RIP: 0033:0x452a09 RSP: 002b:00007f81188e6ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000071c318 RCX: 0000000000452a09 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000071c318 RBP: 000000000071c318 R08: 00000000000005cd R09: 000000000071c2f0 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000a2f7ff R14: 00007f81188e79c0 R15: 0000000000000014 Code: 0f 1f 80 00 00 00 00 55 48 89 e5 0f 20 d8 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 0f 22 df 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 <0f> 22 e7 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 44 0f 20 c0 5d RIP: native_write_cr4+0x4/0x10 arch/x86/include/asm/special_insns.h:76 RSP: ffffc90000f7bb10 ---[ end trace 431bda7fdc2fb4ad ]---