[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 49.432597][ T26] audit: type=1800 audit(1582724158.777:25): pid=8568 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 49.456863][ T26] audit: type=1800 audit(1582724158.777:26): pid=8568 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 49.515958][ T26] audit: type=1800 audit(1582724158.787:27): pid=8568 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.223' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 61.163973][ T8720] [ 61.166297][ T8720] ====================================================== [ 61.173299][ T8720] WARNING: possible circular locking dependency detected [ 61.180348][ T8720] 5.6.0-rc3-syzkaller #0 Not tainted [ 61.185884][ T8720] ------------------------------------------------------ [ 61.193216][ T8720] syz-executor531/8720 is trying to acquire lock: [ 61.199730][ T8720] ffff8880a41182a0 (&tty->termios_rwsem){++++}, at: n_tty_receive_buf_common+0x8b/0x30b0 [ 61.209522][ T8720] [ 61.209522][ T8720] but task is already holding lock: [ 61.216874][ T8720] ffffffff89462e70 (sel_lock){+.+.}, at: paste_selection+0x118/0x470 [ 61.224972][ T8720] [ 61.224972][ T8720] which lock already depends on the new lock. [ 61.224972][ T8720] [ 61.235385][ T8720] [ 61.235385][ T8720] the existing dependency chain (in reverse order) is: [ 61.244527][ T8720] [ 61.244527][ T8720] -> #2 (sel_lock){+.+.}: [ 61.251137][ T8720] lock_acquire+0x154/0x250 [ 61.256155][ T8720] __mutex_lock_common+0x16e/0x2f30 [ 61.261856][ T8720] mutex_lock_nested+0x1b/0x30 [ 61.267271][ T8720] set_selection_kernel+0x3b8/0x18a0 [ 61.273317][ T8720] set_selection_user+0x63/0x80 [ 61.278685][ T8720] tioclinux+0x103/0x530 [ 61.283437][ T8720] vt_ioctl+0x3f1/0x3a30 [ 61.288680][ T8720] tty_ioctl+0xee6/0x15c0 [ 61.293520][ T8720] __se_sys_ioctl+0x113/0x190 [ 61.298938][ T8720] __x64_sys_ioctl+0x7b/0x90 [ 61.304053][ T8720] do_syscall_64+0xf7/0x1c0 [ 61.309151][ T8720] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.315648][ T8720] [ 61.315648][ T8720] -> #1 (console_lock){+.+.}: [ 61.322497][ T8720] lock_acquire+0x154/0x250 [ 61.327550][ T8720] console_lock+0x46/0x70 [ 61.332395][ T8720] con_flush_chars+0x50/0x650 [ 61.337699][ T8720] n_tty_write+0xeae/0x1200 [ 61.342766][ T8720] tty_write+0x5a1/0x950 [ 61.348655][ T8720] __vfs_write+0xb8/0x740 [ 61.353495][ T8720] vfs_write+0x270/0x580 [ 61.358249][ T8720] ksys_write+0x117/0x220 [ 61.363083][ T8720] __x64_sys_write+0x7b/0x90 [ 61.368177][ T8720] do_syscall_64+0xf7/0x1c0 [ 61.373377][ T8720] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.379889][ T8720] [ 61.379889][ T8720] -> #0 (&tty->termios_rwsem){++++}: [ 61.387339][ T8720] validate_chain+0x1507/0x7be0 [ 61.392780][ T8720] __lock_acquire+0xc5a/0x1bc0 [ 61.398248][ T8720] lock_acquire+0x154/0x250 [ 61.403253][ T8720] down_read+0x39/0x50 [ 61.407821][ T8720] n_tty_receive_buf_common+0x8b/0x30b0 [ 61.413879][ T8720] n_tty_receive_buf2+0x33/0x40 [ 61.419247][ T8720] tty_ldisc_receive_buf+0x9f/0x170 [ 61.425102][ T8720] paste_selection+0x346/0x470 [ 61.430373][ T8720] tioclinux+0x121/0x530 [ 61.435204][ T8720] vt_ioctl+0x3f1/0x3a30 [ 61.439954][ T8720] tty_ioctl+0xee6/0x15c0 [ 61.445275][ T8720] __se_sys_ioctl+0x113/0x190 [ 61.450457][ T8720] __x64_sys_ioctl+0x7b/0x90 [ 61.455559][ T8720] do_syscall_64+0xf7/0x1c0 [ 61.460568][ T8720] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.467054][ T8720] [ 61.467054][ T8720] other info that might help us debug this: [ 61.467054][ T8720] [ 61.477263][ T8720] Chain exists of: [ 61.477263][ T8720] &tty->termios_rwsem --> console_lock --> sel_lock [ 61.477263][ T8720] [ 61.489919][ T8720] Possible unsafe locking scenario: [ 61.489919][ T8720] [ 61.497401][ T8720] CPU0 CPU1 [ 61.502755][ T8720] ---- ---- [ 61.508368][ T8720] lock(sel_lock); [ 61.512255][ T8720] lock(console_lock); [ 61.519030][ T8720] lock(sel_lock); [ 61.525338][ T8720] lock(&tty->termios_rwsem); [ 61.530076][ T8720] [ 61.530076][ T8720] *** DEADLOCK *** [ 61.530076][ T8720] [ 61.538211][ T8720] 3 locks held by syz-executor531/8720: [ 61.544081][ T8720] #0: ffff8880a4118090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 [ 61.553497][ T8720] #1: ffff8880aa5be0a8 (&buf->lock){+.+.}, at: tty_buffer_lock_exclusive+0x33/0x40 [ 61.562958][ T8720] #2: ffffffff89462e70 (sel_lock){+.+.}, at: paste_selection+0x118/0x470 [ 61.571457][ T8720] [ 61.571457][ T8720] stack backtrace: [ 61.577336][ T8720] CPU: 0 PID: 8720 Comm: syz-executor531 Not tainted 5.6.0-rc3-syzkaller #0 [ 61.585986][ T8720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.596028][ T8720] Call Trace: [ 61.599329][ T8720] dump_stack+0x1fb/0x318 [ 61.603734][ T8720] print_circular_bug+0xc3f/0xe70 [ 61.608743][ T8720] ? stack_trace_save+0xb1/0x150 [ 61.613882][ T8720] ? save_trace+0x4b/0x9f0 [ 61.618279][ T8720] check_noncircular+0x206/0x3a0 [ 61.623216][ T8720] validate_chain+0x1507/0x7be0 [ 61.628680][ T8720] ? __kasan_check_read+0x11/0x20 [ 61.633678][ T8720] ? mark_lock+0x107/0x1650 [ 61.638172][ T8720] __lock_acquire+0xc5a/0x1bc0 [ 61.642933][ T8720] ? mark_lock+0x67a/0x1650 [ 61.647531][ T8720] ? trace_lock_acquire+0x15b/0x1d0 [ 61.652806][ T8720] lock_acquire+0x154/0x250 [ 61.657344][ T8720] ? n_tty_receive_buf_common+0x8b/0x30b0 [ 61.663051][ T8720] down_read+0x39/0x50 [ 61.667212][ T8720] ? n_tty_receive_buf_common+0x8b/0x30b0 [ 61.673272][ T8720] n_tty_receive_buf_common+0x8b/0x30b0 [ 61.678811][ T8720] ? trace_lock_acquire+0x15b/0x1d0 [ 61.684119][ T8720] ? lock_acquire+0x154/0x250 [ 61.688792][ T8720] ? paste_selection+0x118/0x470 [ 61.693735][ T8720] ? __mutex_lock_common+0x53d/0x2f30 [ 61.699248][ T8720] ? paste_selection+0x118/0x470 [ 61.704219][ T8720] ? lockdep_hardirqs_on+0x4a5/0x7a0 [ 61.709541][ T8720] ? _raw_spin_unlock_irqrestore+0x72/0xe0 [ 61.715501][ T8720] n_tty_receive_buf2+0x33/0x40 [ 61.720340][ T8720] ? n_tty_write_wakeup+0x50/0x50 [ 61.725491][ T8720] tty_ldisc_receive_buf+0x9f/0x170 [ 61.730705][ T8720] paste_selection+0x346/0x470 [ 61.735462][ T8720] ? do_task_dead+0xc0/0xc0 [ 61.740031][ T8720] tioclinux+0x121/0x530 [ 61.744265][ T8720] vt_ioctl+0x3f1/0x3a30 [ 61.748504][ T8720] ? rcu_lock_release+0x9/0x30 [ 61.753255][ T8720] ? tomoyo_path_number_perm+0x58f/0x690 [ 61.758869][ T8720] ? tty_jobctrl_ioctl+0x1ea/0xc00 [ 61.764085][ T8720] tty_ioctl+0xee6/0x15c0 [ 61.768506][ T8720] ? assoc_array_gc+0x1371/0x1420 [ 61.773518][ T8720] ? tomoyo_file_ioctl+0x23/0x30 [ 61.778447][ T8720] ? tty_do_resize+0x180/0x180 [ 61.783203][ T8720] __se_sys_ioctl+0x113/0x190 [ 61.787864][ T8720] __x64_sys_ioctl+0x7b/0x90 [ 61.792628][ T8720] do_syscall_64+0xf7/0x1c0 [ 61.797120][ T8720] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.803197][ T8720] RIP: 0033:0x440239 [ 61.807075][ T8720] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.826794][ T8720] RSP: 002b:00007ffc8bc07258 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 61.835417][ T8720] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440239 [ 61.843465][ T8720] RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000004 [ 61.851423][ T8720] RBP: 00000000006ca018 R08: 000000000000000d R09: 00000000004002c8 [ 61.859552][ T8720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401