�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 11.833921] audit: type=1400 audit(1513789934.988:6): avc: denied { map } for pid=3140 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added 'ci-upstream-next-kasan-gce-1,10.128.15.211' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 29.883310] audit: type=1400 audit(1513789953.038:7): avc: denied { map } for pid=3157 comm="syzkaller221164" path="/root/syzkaller221164409" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 29.915568] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu
[ 29.926293] ==================================================================
[ 29.934380] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060
[ 29.940574] Read of size 8 at addr ffff8801c8aa0058 by task syzkaller221164/3157
[ 29.948066]
[ 29.949663] CPU: 0 PID: 3157 Comm: syzkaller221164 Not tainted 4.15.0-rc4-next-20171220+ #77
[ 29.958201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.967518] Call Trace:
[ 29.970069] dump_stack+0x194/0x257
[ 29.973664] ? arch_local_irq_restore+0x53/0x53
[ 29.978299] ? show_regs_print_info+0x18/0x18
[ 29.982764] ? __schedule+0xda3/0x2060
[ 29.986617] print_address_description+0x73/0x250
[ 29.991423] ? __schedule+0xda3/0x2060
[ 29.995276] kasan_report+0x25b/0x340
[ 29.999044] __asan_report_load8_noabort+0x14/0x20
[ 30.003949] __schedule+0xda3/0x2060
[ 30.007631] ? __sched_text_start+0x8/0x8
[ 30.011746] ? trace_hardirqs_on+0xd/0x10
[ 30.015870] ? __call_srcu+0x7ee/0x1020
[ 30.019809] ? do_raw_spin_trylock+0x190/0x190
[ 30.024352] ? do_raw_spin_trylock+0x190/0x190
[ 30.028904] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 30.034751] ? __debug_object_init+0x235/0x1040
[ 30.039387] preempt_schedule_common+0x22/0x60
[ 30.043937] _cond_resched+0x1d/0x30
[ 30.047614] wait_for_completion+0xa5/0x770
[ 30.051901] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 30.056889] ? wait_for_completion_interruptible+0x7e0/0x7e0
[ 30.062825] ? __lockdep_init_map+0xe4/0x650
[ 30.067205] ? __init_waitqueue_head+0x97/0x140
[ 30.071837] ? init_wait_entry+0x1b0/0x1b0
[ 30.076040] __synchronize_srcu+0x1ad/0x260
[ 30.080325] ? call_srcu+0x10/0x10
[ 30.083828] ? trace_raw_output_rcu_utilization+0xb0/0xb0
[ 30.089331] ? irq_matrix_allocated+0x80/0x80
[ 30.093801] ? synchronize_srcu+0x3c5/0x570
[ 30.098091] synchronize_srcu+0x1a3/0x570
[ 30.102202] ? synchronize_srcu+0x1a3/0x570
[ 30.106486] ? lock_downgrade+0x980/0x980
[ 30.110597] ? synchronize_srcu_expedited+0x20/0x20
[ 30.115578] ? lock_release+0xa40/0xa40
[ 30.119515] ? __mutex_unlock_slowpath+0xe9/0xac0
[ 30.124323] ? do_raw_spin_trylock+0x190/0x190
[ 30.128882] kvm_page_track_unregister_notifier+0x186/0x270
[ 30.134609] ? kvm_slot_page_track_remove_page+0x60/0x60
[ 30.140023] ? kvfree+0x36/0x60
[ 30.143271] ? rcu_read_lock_sched_held+0x108/0x120
[ 30.148252] kvm_mmu_uninit_vm+0x1c/0x20
[ 30.152280] kvm_arch_destroy_vm+0x73b/0x980
[ 30.156652] ? kvm_arch_sync_events+0x30/0x30
[ 30.161112] ? mmdrop+0x18/0x30
[ 30.164356] ? mmu_notifier_unregister+0x437/0x5c0
[ 30.169247] ? kvm_put_kvm+0x47a/0xde0
[ 30.173099] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0
[ 30.178947] ? __free_pages+0x107/0x150
[ 30.182885] ? free_unref_page+0x9e0/0x9e0
[ 30.187084] ? quarantine_put+0xeb/0x190
[ 30.191107] ? kfree+0xf0/0x260
[ 30.194349] ? kvm_put_kvm+0x614/0xde0
[ 30.198198] ? free_pages+0x51/0x90
[ 30.201790] kvm_put_kvm+0x695/0xde0
[ 30.205557] ? kvm_clear_guest+0xb0/0xb0
[ 30.209584] ? kvm_irqfd_release+0xd1/0x120
[ 30.213868] ? lock_downgrade+0x980/0x980
[ 30.217985] ? _raw_spin_unlock_irq+0x27/0x70
[ 30.222447] ? kvm_irqfd_release+0xdd/0x120
[ 30.226735] ? kvm_irqfd_release+0xdd/0x120
[ 30.231020] ? kvm_put_kvm+0xde0/0xde0
[ 30.234869] kvm_vm_release+0x42/0x50
[ 30.238639] __fput+0x327/0x7e0
[ 30.241893] ? fput+0x140/0x140
[ 30.245136] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 30.250985] ? _raw_spin_unlock_irq+0x27/0x70
[ 30.255445] ____fput+0x15/0x20
[ 30.258687] task_work_run+0x199/0x270
[ 30.262539] ? task_work_cancel+0x210/0x210
[ 30.266825] ? _raw_spin_unlock+0x22/0x30
[ 30.270938] ? switch_task_namespaces+0x87/0xc0
[ 30.275575] do_exit+0x9bb/0x1ad0
[ 30.278991] ? kvm_vcpu_fault+0x520/0x520
[ 30.283103] ? mm_update_next_owner+0x930/0x930
[ 30.287735] ? find_held_lock+0x35/0x1d0
[ 30.291764] ? handle_mm_fault+0x2a0/0x930
[ 30.295963] ? find_held_lock+0x35/0x1d0
[ 30.299991] ? __do_page_fault+0x5f7/0xc90
[ 30.304189] ? lock_downgrade+0x980/0x980
[ 30.308303] ? down_read_trylock+0xdb/0x170
[ 30.312589] ? __handle_mm_fault+0x3ce0/0x3ce0
[ 30.317132] ? vmacache_find+0x5f/0x280
[ 30.321071] ? up_read+0x1a/0x40
[ 30.324410] ? __do_page_fault+0x3d6/0xc90
[ 30.328620] ? kvm_vcpu_fault+0x520/0x520
[ 30.332731] ? do_vfs_ioctl+0x486/0x1520
[ 30.336754] ? _cond_resched+0x14/0x30
[ 30.340605] ? ioctl_preallocate+0x2b0/0x2b0
[ 30.344979] ? selinux_capable+0x40/0x40
[ 30.349015] ? putname+0xf3/0x130
[ 30.352435] do_group_exit+0x149/0x400
[ 30.356286] ? SyS_exit+0x30/0x30
[ 30.359702] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 30.364685] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 30.369403] SyS_exit_group+0x1d/0x20
[ 30.373171] entry_SYSCALL_64_fastpath+0x1f/0x96
[ 30.377889] RIP: 0033:0x43ed88
[ 30.381040] RSP: 002b:00007fff072041e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 30.388709] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ed88
[ 30.395940] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 30.403172] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 30.410407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0
[ 30.417639] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000
[ 30.424877]
[ 30.426471] Allocated by task 3157:
[ 30.430061] save_stack+0x43/0xd0
[ 30.433476] kasan_kmalloc+0xad/0xe0
[ 30.437151] kasan_slab_alloc+0x12/0x20
[ 30.441087] kmem_cache_alloc+0x12e/0x760
[ 30.445198] vmx_create_vcpu+0xc4/0x2f20
[ 30.449226] kvm_arch_vcpu_create+0x12c/0x1a0
[ 30.453687] kvm_vm_ioctl+0x48b/0x1c60
[ 30.457538] do_vfs_ioctl+0x1b1/0x1520
[ 30.461386] SyS_ioctl+0x8f/0xc0
[ 30.464716] entry_SYSCALL_64_fastpath+0x1f/0x96
[ 30.469431]
[ 30.471021] Freed by task 3157:
[ 30.474348] save_stack+0x43/0xd0
[ 30.477764] kasan_slab_free+0x71/0xc0
[ 30.481612] kmem_cache_free+0x83/0x2a0
[ 30.485551] vmx_free_vcpu+0x1ee/0x260
[ 30.490094] kvm_arch_destroy_vm+0x4a2/0x980
[ 30.496573] kvm_put_kvm+0x695/0xde0
[ 30.500525] kvm_vm_release+0x42/0x50
[ 30.504291] __fput+0x327/0x7e0
[ 30.507531] ____fput+0x15/0x20
[ 30.510775] task_work_run+0x199/0x270
[ 30.514623] do_exit+0x9bb/0x1ad0
[ 30.518040] do_group_exit+0x149/0x400
[ 30.521888] SyS_exit_group+0x1d/0x20
[ 30.525651] entry_SYSCALL_64_fastpath+0x1f/0x96
[ 30.531670]
[ 30.533783] The buggy address belongs to the object at ffff8801c8aa0040
[ 30.533783] which belongs to the cache kvm_vcpu of size 23872
[ 30.546747] The buggy address is located 24 bytes inside of
[ 30.546747] 23872-byte region [ffff8801c8aa0040, ffff8801c8aa5d80)
[ 30.558669] The buggy address belongs to the page:
[ 30.563561] page:00000000d37c1789 count:1 mapcount:0 mapping:00000000fcb51ad9 index:0x0 compound_mapcount: 0
[ 30.573491] flags: 0x2fffc0000008100(slab|head)
[ 30.578123] raw: 02fffc0000008100 ffff8801c8aa0040 0000000000000000 0000000100000001
[ 30.585967] raw: ffff8801d7b3d748 ffff8801d7b3d748 ffff8801d7b3c6c0 0000000000000000
[ 30.593807] page dumped because: kasan: bad access detected
[ 30.599477]
[ 30.601075] Memory state around the buggy address:
[ 30.605967] ffff8801c8a9ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 30.613287] ffff8801c8a9ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 30.620609] >ffff8801c8aa0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 30.627930] ^
[ 30.634126] ffff8801c8aa0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 30.641449] ffff8801c8aa0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 30.648769] ==================================================================
[ 30.656097] Kernel panic - not syncing: panic_on_warn set ...
[ 30.656097]
[ 30.663428] CPU: 0 PID: 3157 Comm: syzkaller221164 Tainted: G B 4.15.0-rc4-next-20171220+ #77
[ 30.673264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 30.682581] Call Trace:
[ 30.685136] dump_stack+0x194/0x257
[ 30.688727] ? arch_local_irq_restore+0x53/0x53
[ 30.693364] ? kasan_end_report+0x32/0x50
[ 30.697477] ? lock_downgrade+0x980/0x980
[ 30.701589] ? vsnprintf+0x1ed/0x1900
[ 30.705354] ? __schedule+0xcf0/0x2060
[ 30.709208] panic+0x1e4/0x41c
[ 30.712368] ? refcount_error_report+0x214/0x214
[ 30.717090] ? print_shadow_for_address+0xdc/0x1a0
[ 30.721983] ? add_taint+0x1c/0x50
[ 30.725485] ? __schedule+0xda3/0x2060
[ 30.729336] kasan_end_report+0x50/0x50
[ 30.733277] kasan_report+0x144/0x340
[ 30.737042] __asan_report_load8_noabort+0x14/0x20
[ 30.741933] __schedule+0xda3/0x2060
[ 30.745613] ? __sched_text_start+0x8/0x8
[ 30.749724] ? trace_hardirqs_on+0xd/0x10
[ 30.753836] ? __call_srcu+0x7ee/0x1020
[ 30.757774] ? do_raw_spin_trylock+0x190/0x190
[ 30.762318] ? do_raw_spin_trylock+0x190/0x190
[ 30.766869] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 30.772719] ? __debug_object_init+0x235/0x1040
[ 30.777373] preempt_schedule_common+0x22/0x60
[ 30.781918] _cond_resched+0x1d/0x30
[ 30.785595] wait_for_completion+0xa5/0x770
[ 30.789881] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 30.794862] ? wait_for_completion_interruptible+0x7e0/0x7e0
[ 30.800622] ? __lockdep_init_map+0xe4/0x650
[ 30.804997] ? __init_waitqueue_head+0x97/0x140
[ 30.809630] ? init_wait_entry+0x1b0/0x1b0
[ 30.813834] __synchronize_srcu+0x1ad/0x260
[ 30.818119] ? call_srcu+0x10/0x10
[ 30.821622] ? trace_raw_output_rcu_utilization+0xb0/0xb0
[ 30.827125] ? irq_matrix_allocated+0x80/0x80
[ 30.831583] ? synchronize_srcu+0x3c5/0x570
[ 30.835868] synchronize_srcu+0x1a3/0x570
[ 30.839979] ? synchronize_srcu+0x1a3/0x570
[ 30.844262] ? lock_downgrade+0x980/0x980
[ 30.848372] ? synchronize_srcu_expedited+0x20/0x20
[ 30.853612] ? lock_release+0xa40/0xa40
[ 30.857552] ? __mutex_unlock_slowpath+0xe9/0xac0
[ 30.862366] ? do_raw_spin_trylock+0x190/0x190
[ 30.866918] kvm_page_track_unregister_notifier+0x186/0x270
[ 30.872593] ? kvm_slot_page_track_remove_page+0x60/0x60
[ 30.878007] ? kvfree+0x36/0x60
[ 30.881248] ? rcu_read_lock_sched_held+0x108/0x120
[ 30.886230] kvm_mmu_uninit_vm+0x1c/0x20
[ 30.890256] kvm_arch_destroy_vm+0x73b/0x980
[ 30.894629] ? kvm_arch_sync_events+0x30/0x30
[ 30.899089] ? mmdrop+0x18/0x30
[ 30.902336] ? mmu_notifier_unregister+0x437/0x5c0
[ 30.907236] ? kvm_put_kvm+0x47a/0xde0
[ 30.911095] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0
[ 30.917116] ? __free_pages+0x107/0x150
[ 30.922617] ? free_unref_page+0x9e0/0x9e0
[ 30.926817] ? quarantine_put+0xeb/0x190
[ 30.930929] ? kfree+0xf0/0x260
[ 30.934170] ? kvm_put_kvm+0x614/0xde0
[ 30.938020] ? free_pages+0x51/0x90
[ 30.941610] kvm_put_kvm+0x695/0xde0
[ 30.945291] ? kvm_clear_guest+0xb0/0xb0
[ 30.949316] ? kvm_irqfd_release+0xd1/0x120
[ 30.953608] ? lock_downgrade+0x980/0x980
[ 30.958419] ? _raw_spin_unlock_irq+0x27/0x70
[ 30.962880] ? kvm_irqfd_release+0xdd/0x120
[ 30.967163] ? kvm_irqfd_release+0xdd/0x120
[ 30.971447] ? kvm_put_kvm+0xde0/0xde0
[ 30.975301] kvm_vm_release+0x42/0x50
[ 30.979064] __fput+0x327/0x7e0
[ 30.982308] ? fput+0x140/0x140
[ 30.985552] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 30.991395] ? _raw_spin_unlock_irq+0x27/0x70
[ 30.995856] ____fput+0x15/0x20
[ 30.999100] task_work_run+0x199/0x270
[ 31.002952] ? task_work_cancel+0x210/0x210
[ 31.008104] ? _raw_spin_unlock+0x22/0x30
[ 31.012220] ? switch_task_namespaces+0x87/0xc0
[ 31.016859] do_exit+0x9bb/0x1ad0
[ 31.020274] ? kvm_vcpu_fault+0x520/0x520
[ 31.024385] ? mm_update_next_owner+0x930/0x930
[ 31.029017] ? find_held_lock+0x35/0x1d0
[ 31.033045] ? handle_mm_fault+0x2a0/0x930
[ 31.037243] ? find_held_lock+0x35/0x1d0
[ 31.041271] ? __do_page_fault+0x5f7/0xc90
[ 31.045468] ? lock_downgrade+0x980/0x980
[ 31.049581] ? down_read_trylock+0xdb/0x170
[ 31.054827] ? __handle_mm_fault+0x3ce0/0x3ce0
[ 31.060412] ? vmacache_find+0x5f/0x280
[ 31.064353] ? up_read+0x1a/0x40
[ 31.067681] ? __do_page_fault+0x3d6/0xc90
[ 31.071883] ? kvm_vcpu_fault+0x520/0x520
[ 31.075995] ? do_vfs_ioctl+0x486/0x1520
[ 31.080019] ? _cond_resched+0x14/0x30
[ 31.084394] ? ioctl_preallocate+0x2b0/0x2b0
[ 31.088770] ? selinux_capable+0x40/0x40
[ 31.092795] ? putname+0xf3/0x130
[ 31.096214] do_group_exit+0x149/0x400
[ 31.100066] ? SyS_exit+0x30/0x30
[ 31.103482] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 31.108463] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 31.113188] SyS_exit_group+0x1d/0x20
[ 31.116952] entry_SYSCALL_64_fastpath+0x1f/0x96
[ 31.121670] RIP: 0033:0x43ed88
[ 31.124822] RSP: 002b:00007fff072041e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 31.133104] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ed88
[ 31.140339] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 31.147573] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 31.154806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ab0
[ 31.162038] R13: 0000000000401b40 R14: 0000000000000000 R15: 0000000000000000
[ 31.169974]
[ 31.169976] ======================================================
[ 31.169977] WARNING: possible circular locking dependency detected
[ 31.169979] 4.15.0-rc4-next-20171220+ #77 Not tainted
[ 31.169980] ------------------------------------------------------
[ 31.169982] syzkaller221164/3157 is trying to acquire lock:
[ 31.169982] ((console_sem).lock){..-.}, at: [<000000004f6e7350>] down_trylock+0x13/0x70
[ 31.169986]
[ 31.169988] but task is already holding lock:
[ 31.169988] (report_lock){....}, at: [<00000000b5401cde>] kasan_report+0x6b/0x340
[ 31.169992]
[ 31.169993] which lock already depends on the new lock.
[ 31.169994]
[ 31.169995]
[ 31.169996] the existing dependency chain (in reverse order) is:
[ 31.169997]
[ 31.169997] -> #3 (report_lock){....}:
[ 31.170001] _raw_spin_lock_irqsave+0x96/0xc0
[ 31.170002] kasan_report+0x6b/0x340
[ 31.170004] __asan_report_load8_noabort+0x14/0x20
[ 31.170005] __schedule+0xda3/0x2060
[ 31.170006] preempt_schedule_common+0x22/0x60
[ 31.170007] _cond_resched+0x1d/0x30
[ 31.170009] wait_for_completion+0xa5/0x770
[ 31.170010] __synchronize_srcu+0x1ad/0x260
[ 31.170011] synchronize_srcu+0x1a3/0x570
[ 31.170012] kvm_page_track_unregister_notifier+0x186/0x270
[ 31.170014] kvm_mmu_uninit_vm+0x1c/0x20
[ 31.170015] kvm_arch_destroy_vm+0x73b/0x980
[ 31.170016] kvm_put_kvm+0x695/0xde0
[ 31.170017] kvm_vm_release+0x42/0x50
[ 31.170018] __fput+0x327/0x7e0
[ 31.170019] ____fput+0x15/0x20
[ 31.170020] task_work_run+0x199/0x270
[ 31.170021] do_exit+0x9bb/0x1ad0
[ 31.170022] do_group_exit+0x149/0x400
[ 31.170024] SyS_exit_group+0x1d/0x20
[ 31.170025] entry_SYSCALL_64_fastpath+0x1f/0x96
[ 31.170026]
[ 31.170026] -> #2 (&rq->lock){-.-.}:
[ 31.170030] _raw_spin_lock+0x2a/0x40
[ 31.170031] task_fork_fair+0x7a/0x690
[ 31.170032] sched_fork+0x435/0xc00
[ 31.170034] copy_process.part.37+0x1758/0x4b60
[ 31.170035] _do_fork+0x1f7/0xf70
[ 31.170036] kernel_thread+0x34/0x40
[ 31.170037] rest_init+0x22/0xf0
[ 31.170038] start_kernel+0x7f1/0x819
[ 31.170039] x86_64_start_reservations+0x2a/0x2c
[ 31.170040] x86_64_start_kernel+0x77/0x7a
[ 31.170042] secondary_startup_64+0xa5/0xb0
[ 31.170042]
[ 31.170043] -> #1 (&p->pi_lock){-.-.}:
[ 31.170047] _raw_spin_lock_irqsave+0x96/0xc0
[ 31.170048] try_to_wake_up+0xbc/0x1600
[ 31.170049] wake_up_process+0x10/0x20
[ 31.170050] __up.isra.0+0x1cc/0x2c0
[ 31.170051] up+0x13b/0x1d0
[ 31.170052] __up_console_sem+0xb2/0x1a0
[ 31.170054] console_unlock+0x538/0xd70
[ 31.170055] do_con_write+0x106e/0x1f70
[ 31.170056] con_write+0x25/0xb0
[ 31.170057] n_tty_write+0x5ef/0xec0
[ 31.170058] tty_write+0x3fa/0x840
[ 31.170059] __vfs_write+0xef/0x970
[ 31.170060] vfs_write+0x189/0x510
[ 31.170061] SyS_write+0xef/0x220
[ 31.170062] entry_SYSCALL_64_fastpath+0x1f/0x96
[ 31.170063]
[ 31.170064] -> #0 ((console_sem).lock){..-.}:
[ 31.170068] lock_acquire+0x1d5/0x580
[ 31.170069] _raw_spin_lock_irqsave+0x96/0xc0
[ 31.170070] down_trylock+0x13/0x70
[ 31.170071] __down_trylock_console_sem+0xa2/0x1e0
[ 31.170073] console_trylock+0x15/0x100
[ 31.170074] vprintk_emit+0x49b/0x590
[ 31.170075] vprintk_default+0x28/0x30
[ 31.170076] vprintk_func+0x57/0xc0
[ 31.170077] printk+0xaa/0xca
[ 31.170078] kasan_report+0x7b/0x340
[ 31.170079] __asan_report_load8_noabort+0x14/0x20
[ 31.170080] __schedule+0xda3/0x2060
[ 31.170082] preempt_schedule_common+0x22/0x60
[ 31.170083] _cond_resched+0x1d/0x30
[ 31.170084] wait_for_completion+0xa5/0x770
[ 31.170085] __synchronize_srcu+0x1ad/0x260
[ 31.170086] synchronize_srcu+0x1a3/0x570
[ 31.170088] kvm_page_track_unregister_notifier+0x186/0x270
[ 31.170089] kvm_mmu_uninit_vm+0x1c/0x20
[ 31.170090] kvm_arch_destroy_vm+0x73b/0x980
[ 31.170091] kvm_put_kvm+0x695/0xde0
[ 31.170092] kvm_vm_release+0x42/0x50
[ 31.170093] __fput+0x327/0x7e0
[ 31.170094] ____fput+0x15/0x20
[ 31.170096] task_work_run+0x199/0x270
[ 31.170097] do_exit+0x9bb/0x1ad0
[ 31.170098] do_group_exit+0x149/0x400
[ 31.170099] SyS_exit_group+0x1d/0x20
[ 31.170100] entry_SYSCALL_64_fastpath+0x1f/0x96
[ 31.170101]
[ 31.170102] other info that might help us debug this:
[ 31.170103]
[ 31.170104] Chain exists of:
[ 31.170104] (console_sem).lock --> &rq->lock --> report_lock
[ 31.170109]
[ 31.170110] Possible unsafe locking scenario:
[ 31.170111]
[ 31.170112] CPU0 CPU1
[ 31.170113] ---- ----
[ 31.170114] lock(report_lock);
[ 31.170117] lock(&rq->lock);
[ 31.170119] lock(report_lock);
[ 31.170121] lock((console_sem).lock);
[ 31.170124]
[ 31.170125] *** DEADLOCK ***
[ 31.170125]
[ 31.170126] 2 locks held by syzkaller221164/3157:
[ 31.170127] #0: (&rq->lock){-.-.}, at: [<00000000c0f0bc2f>] __schedule+0x24e/0x2060
[ 31.170131] #1: (report_lock){....}, at: [<00000000b5401cde>] kasan_report+0x6b/0x340
[ 31.170135]
[ 31.170136] stack backtrace:
[ 31.170138] CPU: 0 PID: 3157 Comm: syzkaller221164 Not tainted 4.15.0-rc4-next-20171220+ #77
[ 31.170141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 31.170142] Call Trace:
[ 31.170143] dump_stack+0x194/0x257
[ 31.170144] ? arch_local_irq_restore+0x53/0x53
[ 31.170145] print_circular_bug.isra.37+0x2cd/0x2dc
[ 31.170146] ? save_trace+0xe0/0x2b0
[ 31.170147] __lock_acquire+0x30a8/0x3e00
[ 31.170149] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 31.170150] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 31.170151] ? print_lockdep_cache.isra.31+0x109/0x109
[ 31.170152] ? save_stack_trace+0x1a/0x20
[ 31.170154] ? save_trace+0xe0/0x2b0
[ 31.170155] ? __lock_acquire+0x36c0/0x3e00
[ 31.170156] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 31.170157] ? __lock_is_held+0xb6/0x140
[ 31.170158] ? __lock_is_held+0xb6/0x140
[ 31.170159] lock_acquire+0x1d5/0x580
[ 31.170160] ? lock_acquire+0x1d5/0x580
[ 31.170161] ? down_trylock+0x13/0x70
[ 31.170163] ? find_held_lock+0x35/0x1d0
[ 31.170164] ? lock_release+0xa40/0xa40
[ 31.170165] ? vprintk_emit+0x379/0x590
[ 31.170166] ? lock_downgrade+0x980/0x980
[ 31.170167] ? kvm_sched_clock_read+0x25/0x40
[ 31.170168] ? sched_clock+0x31/0x40
[ 31.170169] ? sched_clock_cpu+0x1b/0x170
[ 31.170170] ? vprintk_emit+0x49b/0x590
[ 31.170172] _raw_spin_lock_irqsave+0x96/0xc0
[ 31.170173] ? down_trylock+0x13/0x70
[ 31.170174] down_trylock+0x13/0x70
[ 31.170175] ? vprintk_emit+0x49b/0x590
[ 31.170176] __down_trylock_console_sem+0xa2/0x1e0
[ 31.170177] console_trylock+0x15/0x100
[ 31.170178] vprintk_emit+0x49b/0x590
[ 31.170179] vprintk_default+0x28/0x30
[ 31.170180] vprintk_func+0x57/0xc0
[ 31.170181] printk+0xaa/0xca
[ 31.170183] ? show_regs_print_info+0x18/0x18
[ 31.170184] ? __schedule+0xda3/0x2060
[ 31.170185] kasan_report+0x7b/0x340
[ 31.170186] __asan_report_load8_noabort+0x14/0x20
[ 31.170187] __schedule+0xda3/0x2060
[ 31.170188] ? __sched_text_start+0x8/0x8
[ 31.170189] ? trace_hardirqs_on+0xd/0x10
[ 31.170190] ? __call_srcu+0x7ee/0x1020
[ 31.170192] ? do_raw_spin_trylock+0x190/0x190
[ 31.170193] ? do_raw_spin_trylock+0x190/0x190
[ 31.170194] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 31.170196] ? __debug_object_init+0x235/0x1040
[ 31.170197] preempt_schedule_common+0x22/0x60
[ 31.170198] _cond_resched+0x1d/0x30
[ 31.170199] wait_for_completion+0xa5/0x770
[ 31.170200] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 31.170202] ? wait_for_completion_interruptible+0x7e0/0x7e0
[ 31.170203] ? __lockdep_init_map+0xe4/0x650
[ 31.170204] ? __init_waitqueue_head+0x97/0x140
[ 31.170205] ? init_wait_entry+0x1b0/0x1b0
[ 31.170207] __synchronize_srcu+0x1ad/0x260
[ 31.170208] ? call_srcu+0x10/0x10
[ 31.170209] ? trace_raw_output_rcu_utilization+0xb0/0xb0
[ 31.170210] ? irq_matrix_allocated+0x80/0x80
[ 31.170211] ? synchronize_srcu+0x3c5/0x570
[ 31.170212] synchronize_srcu+0x1a3/0x570
[ 31.170214] ? synchronize_srcu+0x1a3/0x570
[ 31.170215] ? lock_downgrade+0x980/0x980
[ 31.170216] ? synchronize_srcu_expedited+0x20/0x20
[ 31.170217] ? lock_release+0xa40/0xa40
[ 31.170219] ? __mutex_unlock_slowpath+0xe9/0xac0
[ 31.170220] ? do_raw_spin_trylock+0x190/0x190
[ 31.170221] kvm_page_track_unregister_notifier+0x186/0x270
[ 31.170223] ? kvm_slot_page_track_remove_page+0x60/0x60
[ 31.170224] ? kvfree+0x36/0x60
[ 31.170225] ? rcu_read_lock_sched_held+0x108/0x120
[ 31.170226] kvm_mmu_uninit_vm+0x1c/0x20
[ 31.170227] kvm_arch_destroy_vm+0x73b/0x980
[ 31.170228] ? kvm_arch_sync_events+0x30/0x30
[ 31.170229] ? mmdrop+0x18/0x30
[ 31.170231] ? mmu_notifier_unregister+0x437/0x5c0
[ 31.170232] ? kvm_put_kvm+0x47a/0xde0
[ 31.170233] ? mmu_notifier_unregister_no_release+0x3e0/0x3e0
[ 31.170234] ? __free_pages+0x107/0x150
[ 31.170235] ? free_unref_page+0x9e0/0x9e0
[ 31.170237] ? quarantine_put+0xeb/0x190
[ 31.170238] ? kfree+0xf0/0x260
[ 31.170239] ? kvm_put_kvm+0x614/0xde0
[ 31.170240] ? free_pages+0x51/0x90
[ 31.170241] kvm_put_kvm+0x695/0xde0
[ 31.170242] ? kvm_clear_guest+0xb0/0xb0
[ 31.170243] ? kvm_irqfd_release+0xd1/0x120
[ 31.170244] ? lock_downgrade+0x980/0x980
[ 31.170245] ? _raw_spin_unlock_irq+0x27/0x70
[ 31.170246] ? kvm_irqfd_release+0xdd/0x120
[ 31.170248] ? kvm_irqfd_release+0xdd/0x120
[ 31.170249] ? kvm_put_kvm+0xde0/0xde0
[ 31.170250] kvm_vm_release+0x42/0x50
[ 31.170251] __fput+0x327/0x7e0
[ 31.170252] ? fput+0x140/0x140
[ 31.170253] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 31.170254] ? _raw_spin_unlock_irq+0x27/0x70
[ 31.170255] ____fput+0x15/0x20
[ 31.170257] task_work_run+0x199/0x270
[ 31.170258] ? task_work_cancel+0x210/0x210
[ 31.170259] ? _raw_spin_unlock+0x22/0x30
[ 31.170260] ? switch_task_namespaces+0x87/0xc0
[ 31.170261] do_exit+0x9bb/0x1ad0
[ 31.170262] ? kvm_vcpu_fault+0x520/0x520
[ 31.170263] ? mm_update_next_owner+0x930/0x930
[ 31.170265] ? find_held_lock+0x35/0x1d0
[ 31.170266] ? handle_mm_fault+0x2a0/0x930
[ 31.170267] ? find_held_lock+0x35/0x1d0
[ 31.170268] ? __do_page_fault+0x5f7/0xc90
[ 31.170269] ? lock_downgrade+0x980/0x980
[ 31.170270] ? down_read_trylock+0xdb/0x170
[ 31.170271] ? __handle_mm_fault+0x3ce0/0x3ce0
[ 31.170273] ? vmacache_find+0x5f/0x280
[ 31.170274] ? up_read+0x1a/0x40
[ 31.170275] ? __do_page_fault+0x3d6/0xc90
[ 31.170276] ? kvm_vcpu_fault+0x520/0x520
[ 31.170277] ? do_vfs_ioctl+0x486/0x1520
[ 31.170278] ? _cond_resched+0x14/0x30
[ 31.170279] ? ioctl_preallocate+0x2b0/0x2b0
[ 31.170280] ? selinux_capable+0x40/0x40
[ 31.170281] ? putname+0xf3/0x130
[ 31.170282] do_
[ 31.170284] Lost 13 message(s)!
[ 32.242785] Shutting down cpus with NMI
[ 33.316821] Dumping ftrace buffer:
[ 33.320332] (ftrace buffer empty)
[ 33.324006] Kernel Offset: disabled
[ 33.327598] Rebooting in 86400 seconds..