[....] Starting enhanced syslogd: rsyslogd[ 11.119142] audit: type=1400 audit(1513785307.076:5): avc: denied { syslog } for pid=3000 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.141045] audit: type=1400 audit(1513785313.098:6): avc: denied { map } for pid=3139 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-next-kasan-gce-4,10.128.15.208' (ECDSA) to the list of known hosts. executing program [ 23.338579] audit: type=1400 audit(1513785319.296:7): avc: denied { map } for pid=3153 comm="syzkaller738410" path="/root/syzkaller738410762" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 23.371102] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 23.382289] ================================================================== [ 23.390372] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 23.396567] Read of size 8 at addr ffff8801c8cb8058 by task syzkaller738410/3153 [ 23.404062] [ 23.405661] CPU: 1 PID: 3153 Comm: syzkaller738410 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 23.414201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.423518] Call Trace: [ 23.426077] dump_stack+0x194/0x257 [ 23.429673] ? arch_local_irq_restore+0x53/0x53 [ 23.434309] ? show_regs_print_info+0x18/0x18 [ 23.438773] ? __schedule+0xda3/0x2060 [ 23.442627] print_address_description+0x73/0x250 [ 23.447433] ? __schedule+0xda3/0x2060 [ 23.451285] kasan_report+0x25b/0x340 [ 23.455052] __asan_report_load8_noabort+0x14/0x20 [ 23.459946] __schedule+0xda3/0x2060 [ 23.463629] ? __sched_text_start+0x8/0x8 [ 23.467753] ? trace_hardirqs_on+0xd/0x10 [ 23.471871] ? __call_srcu+0x7ee/0x1020 [ 23.475810] ? do_raw_spin_trylock+0x190/0x190 [ 23.480355] ? do_raw_spin_trylock+0x190/0x190 [ 23.484905] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.490755] ? __debug_object_init+0x235/0x1040 [ 23.495394] preempt_schedule_common+0x22/0x60 [ 23.499941] _cond_resched+0x1d/0x30 [ 23.503622] wait_for_completion+0xa5/0x770 [ 23.507907] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.512889] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 23.518651] ? __lockdep_init_map+0xe4/0x650 [ 23.523029] ? __init_waitqueue_head+0x97/0x140 [ 23.527661] ? init_wait_entry+0x1b0/0x1b0 [ 23.531866] __synchronize_srcu+0x1ad/0x260 [ 23.536153] ? call_srcu+0x10/0x10 [ 23.539664] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 23.545167] ? irq_matrix_allocated+0x80/0x80 [ 23.549625] ? synchronize_srcu+0x3c5/0x570 [ 23.553911] synchronize_srcu+0x1a3/0x570 [ 23.558022] ? synchronize_srcu+0x1a3/0x570 [ 23.562311] ? lock_downgrade+0x980/0x980 [ 23.566422] ? synchronize_srcu_expedited+0x20/0x20 [ 23.571400] ? lock_release+0xa40/0xa40 [ 23.575336] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 23.580152] ? do_raw_spin_trylock+0x190/0x190 [ 23.584729] kvm_page_track_unregister_notifier+0x186/0x270 [ 23.590410] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 23.595832] ? kvfree+0x36/0x60 [ 23.599088] ? rcu_read_lock_sched_held+0x108/0x120 [ 23.604088] kvm_mmu_uninit_vm+0x1c/0x20 [ 23.608124] kvm_arch_destroy_vm+0x73b/0x980 [ 23.612507] ? kvm_arch_sync_events+0x30/0x30 [ 23.616967] ? mmdrop+0x18/0x30 [ 23.620210] ? mmu_notifier_unregister+0x437/0x5c0 [ 23.625108] ? kvm_put_kvm+0x47a/0xde0 [ 23.628963] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 23.634815] ? __free_pages+0x107/0x150 [ 23.638752] ? free_unref_page+0x9e0/0x9e0 [ 23.642960] ? quarantine_put+0xeb/0x190 [ 23.646987] ? kfree+0xf0/0x260 [ 23.650240] ? kvm_put_kvm+0x614/0xde0 [ 23.654106] ? free_pages+0x51/0x90 [ 23.657718] kvm_put_kvm+0x695/0xde0 [ 23.661408] ? kvm_clear_guest+0xb0/0xb0 [ 23.665436] ? kvm_irqfd_release+0xd1/0x120 [ 23.669722] ? lock_downgrade+0x980/0x980 [ 23.673840] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.678303] ? kvm_irqfd_release+0xdd/0x120 [ 23.682590] ? kvm_irqfd_release+0xdd/0x120 [ 23.686878] ? kvm_put_kvm+0xde0/0xde0 [ 23.690730] kvm_vm_release+0x42/0x50 [ 23.694501] __fput+0x327/0x7e0 [ 23.697750] ? fput+0x140/0x140 [ 23.701001] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 23.706859] ? _raw_spin_unlock_irq+0x27/0x70 [ 23.711323] ____fput+0x15/0x20 [ 23.714569] task_work_run+0x199/0x270 [ 23.718423] ? task_work_cancel+0x210/0x210 [ 23.722707] ? _raw_spin_unlock+0x22/0x30 [ 23.726818] ? switch_task_namespaces+0x87/0xc0 [ 23.731454] do_exit+0x9bb/0x1ad0 [ 23.734870] ? kvm_vcpu_fault+0x520/0x520 [ 23.738986] ? mm_update_next_owner+0x930/0x930 [ 23.743619] ? find_held_lock+0x35/0x1d0 [ 23.747651] ? handle_mm_fault+0x2a0/0x930 [ 23.751853] ? find_held_lock+0x35/0x1d0 [ 23.755883] ? __do_page_fault+0x5f7/0xc90 [ 23.760087] ? lock_downgrade+0x980/0x980 [ 23.764204] ? down_read_trylock+0xdb/0x170 [ 23.768488] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 23.773035] ? vmacache_find+0x5f/0x280 [ 23.776974] ? up_read+0x1a/0x40 [ 23.780306] ? __do_page_fault+0x3d6/0xc90 [ 23.784513] ? kvm_vcpu_fault+0x520/0x520 [ 23.788627] ? do_vfs_ioctl+0x486/0x1520 [ 23.792655] ? _cond_resched+0x14/0x30 [ 23.796507] ? ioctl_preallocate+0x2b0/0x2b0 [ 23.800889] ? selinux_capable+0x40/0x40 [ 23.804929] ? SyS_setsockopt+0x1fb/0x360 [ 23.809041] do_group_exit+0x149/0x400 [ 23.812894] ? SyS_exit+0x30/0x30 [ 23.816315] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.821296] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 23.826021] SyS_exit_group+0x1d/0x20 [ 23.829794] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.834512] RIP: 0033:0x43ee18 [ 23.837667] RSP: 002b:00007ffcbff2d938 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 23.845337] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ee18 [ 23.852580] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 23.859820] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 23.867054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b40 [ 23.874289] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000 [ 23.881530] [ 23.883129] Allocated by task 3153: [ 23.886734] save_stack+0x43/0xd0 [ 23.890154] kasan_kmalloc+0xad/0xe0 [ 23.893838] kasan_slab_alloc+0x12/0x20 [ 23.897789] kmem_cache_alloc+0x12e/0x760 [ 23.901914] vmx_create_vcpu+0xc4/0x2f20 [ 23.905937] kvm_arch_vcpu_create+0x12c/0x1a0 [ 23.910394] kvm_vm_ioctl+0x48b/0x1c60 [ 23.914245] do_vfs_ioctl+0x1b1/0x1520 [ 23.918092] SyS_ioctl+0x8f/0xc0 [ 23.921423] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.926138] [ 23.927728] Freed by task 3153: [ 23.930971] save_stack+0x43/0xd0 [ 23.934386] kasan_slab_free+0x71/0xc0 [ 23.938237] kmem_cache_free+0x83/0x2a0 [ 23.942172] vmx_free_vcpu+0x1ee/0x260 [ 23.946025] kvm_arch_destroy_vm+0x4a2/0x980 [ 23.950395] kvm_put_kvm+0x695/0xde0 [ 23.954073] kvm_vm_release+0x42/0x50 [ 23.957835] __fput+0x327/0x7e0 [ 23.961078] ____fput+0x15/0x20 [ 23.964326] task_work_run+0x199/0x270 [ 23.968176] do_exit+0x9bb/0x1ad0 [ 23.971596] do_group_exit+0x149/0x400 [ 23.975445] SyS_exit_group+0x1d/0x20 [ 23.979209] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.983926] [ 23.985520] The buggy address belongs to the object at ffff8801c8cb8040 [ 23.985520] which belongs to the cache kvm_vcpu of size 23872 [ 23.998049] The buggy address is located 24 bytes inside of [ 23.998049] 23872-byte region [ffff8801c8cb8040, ffff8801c8cbdd80) [ 24.009969] The buggy address belongs to the page: [ 24.014862] page:00000000cd7a3442 count:1 mapcount:0 mapping:00000000f1888586 index:0x0 compound_mapcount: 0 [ 24.024792] flags: 0x2fffc0000008100(slab|head) [ 24.029424] raw: 02fffc0000008100 ffff8801c8cb8040 0000000000000000 0000000100000001 [ 24.037270] raw: ffff8801d6426748 ffff8801d6426748 ffff8801d6430c00 0000000000000000 [ 24.045111] page dumped because: kasan: bad access detected [ 24.050779] [ 24.052369] Memory state around the buggy address: [ 24.057258] ffff8801c8cb7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.064583] ffff8801c8cb7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.071916] >ffff8801c8cb8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 24.079248] ^ [ 24.085441] ffff8801c8cb8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.092767] ffff8801c8cb8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.100094] ================================================================== [ 24.107423] Kernel panic - not syncing: panic_on_warn set ... [ 24.107423] [ 24.114756] CPU: 1 PID: 3153 Comm: syzkaller738410 Tainted: G B 4.15.0-rc4-next-20171220+ #77 [ 24.124609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.133938] Call Trace: [ 24.136495] dump_stack+0x194/0x257 [ 24.140092] ? arch_local_irq_restore+0x53/0x53 [ 24.144723] ? kasan_end_report+0x32/0x50 [ 24.148836] ? lock_downgrade+0x980/0x980 [ 24.152945] ? vsnprintf+0x1ed/0x1900 [ 24.156708] ? __schedule+0xcf0/0x2060 [ 24.160576] panic+0x1e4/0x41c [ 24.163732] ? refcount_error_report+0x214/0x214 [ 24.168456] ? print_shadow_for_address+0xdc/0x1a0 [ 24.173348] ? add_taint+0x1c/0x50 [ 24.176854] ? __schedule+0xda3/0x2060 [ 24.180710] kasan_end_report+0x50/0x50 [ 24.184654] kasan_report+0x144/0x340 [ 24.188420] __asan_report_load8_noabort+0x14/0x20 [ 24.193314] __schedule+0xda3/0x2060 [ 24.196994] ? __sched_text_start+0x8/0x8 [ 24.201108] ? trace_hardirqs_on+0xd/0x10 [ 24.205223] ? __call_srcu+0x7ee/0x1020 [ 24.209159] ? do_raw_spin_trylock+0x190/0x190 [ 24.213999] ? do_raw_spin_trylock+0x190/0x190 [ 24.218552] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.224404] ? __debug_object_init+0x235/0x1040 [ 24.229040] preempt_schedule_common+0x22/0x60 [ 24.233588] _cond_resched+0x1d/0x30 [ 24.237266] wait_for_completion+0xa5/0x770 [ 24.241552] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.246537] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 24.252298] ? __lockdep_init_map+0xe4/0x650 [ 24.256671] ? __init_waitqueue_head+0x97/0x140 [ 24.261302] ? init_wait_entry+0x1b0/0x1b0 [ 24.265505] __synchronize_srcu+0x1ad/0x260 [ 24.269789] ? call_srcu+0x10/0x10 [ 24.273294] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 24.278798] ? irq_matrix_allocated+0x80/0x80 [ 24.283258] ? synchronize_srcu+0x3c5/0x570 [ 24.287545] synchronize_srcu+0x1a3/0x570 [ 24.291658] ? synchronize_srcu+0x1a3/0x570 [ 24.295941] ? lock_downgrade+0x980/0x980 [ 24.300053] ? synchronize_srcu_expedited+0x20/0x20 [ 24.305030] ? lock_release+0xa40/0xa40 [ 24.308969] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 24.313775] ? do_raw_spin_trylock+0x190/0x190 [ 24.318326] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.324001] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 24.329419] ? kvfree+0x36/0x60 [ 24.332662] ? rcu_read_lock_sched_held+0x108/0x120 [ 24.337644] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.341675] kvm_arch_destroy_vm+0x73b/0x980 [ 24.346060] ? kvm_arch_sync_events+0x30/0x30 [ 24.350532] ? mmdrop+0x18/0x30 [ 24.353779] ? mmu_notifier_unregister+0x437/0x5c0 [ 24.358673] ? kvm_put_kvm+0x47a/0xde0 [ 24.362526] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 24.368375] ? __free_pages+0x107/0x150 [ 24.372312] ? free_unref_page+0x9e0/0x9e0 [ 24.376510] ? quarantine_put+0xeb/0x190 [ 24.380538] ? kfree+0xf0/0x260 [ 24.383783] ? kvm_put_kvm+0x614/0xde0 [ 24.387639] ? free_pages+0x51/0x90 [ 24.391233] kvm_put_kvm+0x695/0xde0 [ 24.394916] ? kvm_clear_guest+0xb0/0xb0 [ 24.398944] ? kvm_irqfd_release+0xd1/0x120 [ 24.403229] ? lock_downgrade+0x980/0x980 [ 24.407347] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.411810] ? kvm_irqfd_release+0xdd/0x120 [ 24.416095] ? kvm_irqfd_release+0xdd/0x120 [ 24.420379] ? kvm_put_kvm+0xde0/0xde0 [ 24.424228] kvm_vm_release+0x42/0x50 [ 24.427994] __fput+0x327/0x7e0 [ 24.431239] ? fput+0x140/0x140 [ 24.434483] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.440327] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.444792] ____fput+0x15/0x20 [ 24.448037] task_work_run+0x199/0x270 [ 24.451891] ? task_work_cancel+0x210/0x210 [ 24.456176] ? _raw_spin_unlock+0x22/0x30 [ 24.460287] ? switch_task_namespaces+0x87/0xc0 [ 24.464924] do_exit+0x9bb/0x1ad0 [ 24.468343] ? kvm_vcpu_fault+0x520/0x520 [ 24.472456] ? mm_update_next_owner+0x930/0x930 [ 24.477087] ? find_held_lock+0x35/0x1d0 [ 24.481114] ? handle_mm_fault+0x2a0/0x930 [ 24.485312] ? find_held_lock+0x35/0x1d0 [ 24.489341] ? __do_page_fault+0x5f7/0xc90 [ 24.493542] ? lock_downgrade+0x980/0x980 [ 24.497659] ? down_read_trylock+0xdb/0x170 [ 24.501950] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 24.506491] ? vmacache_find+0x5f/0x280 [ 24.510432] ? up_read+0x1a/0x40 [ 24.513765] ? __do_page_fault+0x3d6/0xc90 [ 24.517969] ? kvm_vcpu_fault+0x520/0x520 [ 24.522083] ? do_vfs_ioctl+0x486/0x1520 [ 24.526106] ? _cond_resched+0x14/0x30 [ 24.529960] ? ioctl_preallocate+0x2b0/0x2b0 [ 24.534335] ? selinux_capable+0x40/0x40 [ 24.538368] ? SyS_setsockopt+0x1fb/0x360 [ 24.542482] do_group_exit+0x149/0x400 [ 24.546336] ? SyS_exit+0x30/0x30 [ 24.549755] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.554739] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.559463] SyS_exit_group+0x1d/0x20 [ 24.563230] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.567947] RIP: 0033:0x43ee18 [ 24.571102] RSP: 002b:00007ffcbff2d938 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 24.578779] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ee18 [ 24.586021] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 24.593256] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 24.600488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b40 [ 24.607723] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000 [ 24.614969] [ 24.614971] ====================================================== [ 24.614972] WARNING: possible circular locking dependency detected [ 24.614974] 4.15.0-rc4-next-20171220+ #77 Not tainted [ 24.614975] ------------------------------------------------------ [ 24.614977] syzkaller738410/3153 is trying to acquire lock: [ 24.614978] ((console_sem).lock){..-.}, at: [<000000002d666f30>] down_trylock+0x13/0x70 [ 24.614982] [ 24.614983] but task is already holding lock: [ 24.614984] (report_lock){....}, at: [<00000000c6ce0840>] kasan_report+0x6b/0x340 [ 24.614987] [ 24.614989] which lock already depends on the new lock. [ 24.614989] [ 24.614990] [ 24.614991] the existing dependency chain (in reverse order) is: [ 24.614992] [ 24.614993] -> #3 (report_lock){....}: [ 24.614997] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.614998] kasan_report+0x6b/0x340 [ 24.614999] __asan_report_load8_noabort+0x14/0x20 [ 24.615000] __schedule+0xda3/0x2060 [ 24.615002] preempt_schedule_common+0x22/0x60 [ 24.615003] _cond_resched+0x1d/0x30 [ 24.615004] wait_for_completion+0xa5/0x770 [ 24.615005] __synchronize_srcu+0x1ad/0x260 [ 24.615006] synchronize_srcu+0x1a3/0x570 [ 24.615008] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.615009] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.615010] kvm_arch_destroy_vm+0x73b/0x980 [ 24.615011] kvm_put_kvm+0x695/0xde0 [ 24.615012] kvm_vm_release+0x42/0x50 [ 24.615013] __fput+0x327/0x7e0 [ 24.615014] ____fput+0x15/0x20 [ 24.615016] task_work_run+0x199/0x270 [ 24.615017] do_exit+0x9bb/0x1ad0 [ 24.615018] do_group_exit+0x149/0x400 [ 24.615019] SyS_exit_group+0x1d/0x20 [ 24.615020] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.615021] [ 24.615021] -> #2 (&rq->lock){-.-.}: [ 24.615025] _raw_spin_lock+0x2a/0x40 [ 24.615026] task_fork_fair+0x7a/0x690 [ 24.615027] sched_fork+0x435/0xc00 [ 24.615029] copy_process.part.37+0x1758/0x4b60 [ 24.615030] _do_fork+0x1f7/0xf70 [ 24.615031] kernel_thread+0x34/0x40 [ 24.615032] rest_init+0x22/0xf0 [ 24.615033] start_kernel+0x7f1/0x819 [ 24.615034] x86_64_start_reservations+0x2a/0x2c [ 24.615035] x86_64_start_kernel+0x77/0x7a [ 24.615037] secondary_startup_64+0xa5/0xb0 [ 24.615037] [ 24.615038] -> #1 (&p->pi_lock){-.-.}: [ 24.615042] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.615043] try_to_wake_up+0xbc/0x1600 [ 24.615044] wake_up_process+0x10/0x20 [ 24.615048] __up.isra.0+0x1cc/0x2c0 [ 24.615049] up+0x13b/0x1d0 [ 24.615050] __up_console_sem+0xb2/0x1a0 [ 24.615051] console_unlock+0x538/0xd70 [ 24.615053] con_flush_chars+0x6e/0x80 [ 24.615054] n_tty_write+0x71b/0xec0 [ 24.615055] tty_write+0x3fa/0x840 [ 24.615056] __vfs_write+0xef/0x970 [ 24.615057] vfs_write+0x189/0x510 [ 24.615058] SyS_write+0xef/0x220 [ 24.615059] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.615060] [ 24.615061] -> #0 ((console_sem).lock){..-.}: [ 24.615064] lock_acquire+0x1d5/0x580 [ 24.615066] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.615067] down_trylock+0x13/0x70 [ 24.615068] __down_trylock_console_sem+0xa2/0x1e0 [ 24.615069] console_trylock+0x15/0x100 [ 24.615070] vprintk_emit+0x49b/0x590 [ 24.615072] vprintk_default+0x28/0x30 [ 24.615073] vprintk_func+0x57/0xc0 [ 24.615074] printk+0xaa/0xca [ 24.615075] kasan_report+0x7b/0x340 [ 24.615076] __asan_report_load8_noabort+0x14/0x20 [ 24.615077] __schedule+0xda3/0x2060 [ 24.615079] preempt_schedule_common+0x22/0x60 [ 24.615080] _cond_resched+0x1d/0x30 [ 24.615081] wait_for_completion+0xa5/0x770 [ 24.615082] __synchronize_srcu+0x1ad/0x260 [ 24.615083] synchronize_srcu+0x1a3/0x570 [ 24.615085] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.615086] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.615087] kvm_arch_destroy_vm+0x73b/0x980 [ 24.615088] kvm_put_kvm+0x695/0xde0 [ 24.615089] kvm_vm_release+0x42/0x50 [ 24.615090] __fput+0x327/0x7e0 [ 24.615091] ____fput+0x15/0x20 [ 24.615092] task_work_run+0x199/0x270 [ 24.615094] do_exit+0x9bb/0x1ad0 [ 24.615095] do_group_exit+0x149/0x400 [ 24.615096] SyS_exit_group+0x1d/0x20 [ 24.615097] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.615098] [ 24.615099] other info that might help us debug this: [ 24.615100] [ 24.615101] Chain exists of: [ 24.615101] (console_sem).lock --> &rq->lock --> report_lock [ 24.615106] [ 24.615107] Possible unsafe locking scenario: [ 24.615108] [ 24.615109] CPU0 CPU1 [ 24.615110] ---- ---- [ 24.615111] lock(report_lock); [ 24.615113] lock(&rq->lock); [ 24.615116] lock(report_lock); [ 24.615118] lock((console_sem).lock); [ 24.615121] [ 24.615122] *** DEADLOCK *** [ 24.615122] [ 24.615123] 2 locks held by syzkaller738410/3153: [ 24.615124] #0: (&rq->lock){-.-.}, at: [<00000000c4d4cdf9>] __schedule+0x24e/0x2060 [ 24.615128] #1: (report_lock){....}, at: [<00000000c6ce0840>] kasan_report+0x6b/0x340 [ 24.615132] [ 24.615133] stack backtrace: [ 24.615135] CPU: 1 PID: 3153 Comm: syzkaller738410 Not tainted 4.15.0-rc4-next-20171220+ #77 [ 24.615137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.615138] Call Trace: [ 24.615139] dump_stack+0x194/0x257 [ 24.615141] ? arch_local_irq_restore+0x53/0x53 [ 24.615142] print_circular_bug.isra.37+0x2cd/0x2dc [ 24.615143] ? save_trace+0xe0/0x2b0 [ 24.615144] __lock_acquire+0x30a8/0x3e00 [ 24.615146] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.615147] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.615148] ? print_lockdep_cache.isra.31+0x109/0x109 [ 24.615149] ? save_stack_trace+0x1a/0x20 [ 24.615150] ? save_trace+0xe0/0x2b0 [ 24.615152] ? __lock_acquire+0x36c0/0x3e00 [ 24.615153] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.615154] ? __lock_is_held+0xb6/0x140 [ 24.615155] ? __lock_is_held+0xb6/0x140 [ 24.615156] lock_acquire+0x1d5/0x580 [ 24.615157] ? lock_acquire+0x1d5/0x580 [ 24.615159] ? down_trylock+0x13/0x70 [ 24.615160] ? find_held_lock+0x35/0x1d0 [ 24.615161] ? lock_release+0xa40/0xa40 [ 24.615162] ? vprintk_emit+0x379/0x590 [ 24.615163] ? lock_downgrade+0x980/0x980 [ 24.615164] ? kvm_sched_clock_read+0x25/0x40 [ 24.615165] ? sched_clock+0x31/0x40 [ 24.615166] ? sched_clock_cpu+0x1b/0x170 [ 24.615168] ? vprintk_emit+0x49b/0x590 [ 24.615169] _raw_spin_lock_irqsave+0x96/0xc0 [ 24.615170] ? down_trylock+0x13/0x70 [ 24.615171] down_trylock+0x13/0x70 [ 24.615172] ? vprintk_emit+0x49b/0x590 [ 24.615173] __down_trylock_console_sem+0xa2/0x1e0 [ 24.615174] console_trylock+0x15/0x100 [ 24.615175] vprintk_emit+0x49b/0x590 [ 24.615176] vprintk_default+0x28/0x30 [ 24.615178] vprintk_func+0x57/0xc0 [ 24.615178] printk+0xaa/0xca [ 24.615180] ? show_regs_print_info+0x18/0x18 [ 24.615181] ? __schedule+0xda3/0x2060 [ 24.615182] kasan_report+0x7b/0x340 [ 24.615183] __asan_report_load8_noabort+0x14/0x20 [ 24.615184] __schedule+0xda3/0x2060 [ 24.615185] ? __sched_text_start+0x8/0x8 [ 24.615186] ? trace_hardirqs_on+0xd/0x10 [ 24.615188] ? __call_srcu+0x7ee/0x1020 [ 24.615189] ? do_raw_spin_trylock+0x190/0x190 [ 24.615190] ? do_raw_spin_trylock+0x190/0x190 [ 24.615191] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.615193] ? __debug_object_init+0x235/0x1040 [ 24.615194] preempt_schedule_common+0x22/0x60 [ 24.615195] _cond_resched+0x1d/0x30 [ 24.615196] wait_for_completion+0xa5/0x770 [ 24.615197] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.615199] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 24.615200] ? __lockdep_init_map+0xe4/0x650 [ 24.615201] ? __init_waitqueue_head+0x97/0x140 [ 24.615202] ? init_wait_entry+0x1b0/0x1b0 [ 24.615204] __synchronize_srcu+0x1ad/0x260 [ 24.615205] ? call_srcu+0x10/0x10 [ 24.615206] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 24.615207] ? irq_matrix_allocated+0x80/0x80 [ 24.615208] ? synchronize_srcu+0x3c5/0x570 [ 24.615209] synchronize_srcu+0x1a3/0x570 [ 24.615211] ? synchronize_srcu+0x1a3/0x570 [ 24.615212] ? lock_downgrade+0x980/0x980 [ 24.615213] ? synchronize_srcu_expedited+0x20/0x20 [ 24.615214] ? lock_release+0xa40/0xa40 [ 24.615215] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 24.615217] ? do_raw_spin_trylock+0x190/0x190 [ 24.615218] kvm_page_track_unregister_notifier+0x186/0x270 [ 24.615219] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 24.615220] ? kvfree+0x36/0x60 [ 24.615222] ? rcu_read_lock_sched_held+0x108/0x120 [ 24.615223] kvm_mmu_uninit_vm+0x1c/0x20 [ 24.615224] kvm_arch_destroy_vm+0x73b/0x980 [ 24.615225] ? kvm_arch_sync_events+0x30/0x30 [ 24.615226] ? mmdrop+0x18/0x30 [ 24.615228] ? mmu_notifier_unregister+0x437/0x5c0 [ 24.615229] ? kvm_put_kvm+0x47a/0xde0 [ 24.615230] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0 [ 24.615231] ? __free_pages+0x107/0x150 [ 24.615233] ? free_unref_page+0x9e0/0x9e0 [ 24.615234] ? quarantine_put+0xeb/0x190 [ 24.615235] ? kfree+0xf0/0x260 [ 24.615236] ? kvm_put_kvm+0x614/0xde0 [ 24.615237] ? free_pages+0x51/0x90 [ 24.615238] kvm_put_kvm+0x695/0xde0 [ 24.615239] ? kvm_clear_guest+0xb0/0xb0 [ 24.615240] ? kvm_irqfd_release+0xd1/0x120 [ 24.615241] ? lock_downgrade+0x980/0x980 [ 24.615243] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.615244] ? kvm_irqfd_release+0xdd/0x120 [ 24.615245] ? kvm_irqfd_release+0xdd/0x120 [ 24.615246] ? kvm_put_kvm+0xde0/0xde0 [ 24.615247] kvm_vm_release+0x42/0x50 [ 24.615248] __fput+0x327/0x7e0 [ 24.615249] ? fput+0x140/0x140 [ 24.615251] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.615252] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.615253] ____fput+0x15/0x20 [ 24.615254] task_work_run+0x199/0x270 [ 24.615255] ? task_work_cancel+0x210/0x210 [ 24.615256] ? _raw_spin_unlock+0x22/0x30 [ 24.615258] ? switch_task_namespaces+0x87/0xc0 [ 24.615259] do_exit+0x9bb/0x1ad0 [ 24.615260] ? kvm_vcpu_fault+0x520/0x520 [ 24.615261] ? mm_update_next_owner+0x930/0x930 [ 24.615262] ? find_held_lock+0x35/0x1d0 [ 24.615263] ? handle_mm_fault+0x2a0/0x930 [ 24.615264] ? find_held_lock+0x35/0x1d0 [ 24.615265] ? __do_page_fault+0x5f7/0xc90 [ 24.615267] ? lock_downgrade+0x980/0x980 [ 24.615268] ? down_read_trylock+0xdb/0x170 [ 24.615269] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 24.615270] ? vmacache_find+0x5f/0x280 [ 24.615271] ? up_read+0x1a/0x40 [ 24.615272] ? __do_page_fault+0x3d6/0xc90 [ 24.615273] ? kvm_vcpu_fault+0x520/0x520 [ 24.615274] ? do_vfs_ioctl+0x486/0x1520 [ 24.615276] ? _cond_resched+0x14/0x30 [ 24.615277] ? ioctl_preallocate+0x2b0/0x2b0 [ 24.615278] ? selinux_capable+0x40/0x40 [ 24.615279] ? SyS_setsockopt+0x1fb/0x360 [ 24.615280] do_group_exit+0x149/0x4 [ 24.615282] Lost 13 message(s)! [ 25.692849] Shutting down cpus with NMI [ 26.746635] Dumping ftrace buffer: [ 26.750146] (ftrace buffer empty) [ 26.753821] Kernel Offset: disabled [ 26.757414] Rebooting in 86400 seconds..