Warning: Permanently added '[localhost]:25910' (ECDSA) to the list of known hosts. syzkaller login: [ 96.277972][ T48] audit: type=1400 audit(1612690852.231:8): avc: denied { execmem } for pid=8664 comm="syz-executor810" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 96.305835][ T8665] IPVS: ftp: loaded support on port[0] = 21 executing program [ 96.380380][ T8665] ttyprintk ttyprintk: tty_port_close_start: tty->count = 1 port count = 2 [ 96.396502][ C0] [ 96.396513][ C0] ====================================================== [ 96.396522][ C0] WARNING: possible circular locking dependency detected [ 96.396531][ C0] 5.11.0-rc6-syzkaller #0 Not tainted [ 96.396538][ C0] ------------------------------------------------------ [ 96.396546][ C0] syz-executor810/8665 is trying to acquire lock: [ 96.396566][ C0] ffffffff8bc82ce0 (console_owner){....}-{0:0}, at: console_unlock+0x2fb/0xbb0 [ 96.396598][ C0] [ 96.396603][ C0] but task is already holding lock: [ 96.396610][ C0] ffffffff906b3358 (&port->lock){-.-.}-{2:2}, at: tty_port_close_start.part.0+0x28/0x550 [ 96.396641][ C0] [ 96.396647][ C0] which lock already depends on the new lock. [ 96.396654][ C0] [ 96.396658][ C0] [ 96.396664][ C0] the existing dependency chain (in reverse order) is: [ 96.396671][ C0] [ 96.396675][ C0] -> #2 (&port->lock){-.-.}-{2:2}: [ 96.396701][ C0] _raw_spin_lock_irqsave+0x39/0x50 [ 96.396708][ C0] tty_port_tty_get+0x1f/0x100 [ 96.396715][ C0] tty_port_default_wakeup+0x11/0x40 [ 96.396722][ C0] serial8250_tx_chars+0x487/0xa80 [ 96.396728][ C0] serial8250_handle_irq.part.0+0x328/0x3d0 [ 96.396735][ C0] serial8250_default_handle_irq+0xb2/0x220 [ 96.396741][ C0] serial8250_interrupt+0xfd/0x200 [ 96.396748][ C0] __handle_irq_event_percpu+0x303/0x8f0 [ 96.396755][ C0] handle_irq_event+0x102/0x290 [ 96.396761][ C0] handle_edge_irq+0x25f/0xd00 [ 96.396768][ C0] asm_call_irq_on_stack+0xf/0x20 [ 96.396775][ C0] common_interrupt+0x120/0x200 [ 96.396782][ C0] asm_common_interrupt+0x1e/0x40 [ 96.396788][ C0] default_idle+0xe/0x10 [ 96.396794][ C0] default_idle_call+0x87/0xd0 [ 96.396801][ C0] do_idle+0x3fa/0x590 [ 96.396807][ C0] cpu_startup_entry+0x14/0x20 [ 96.396813][ C0] start_secondary+0x274/0x350 [ 96.396821][ C0] secondary_startup_64_no_verify+0xb0/0xbb [ 96.396828][ C0] [ 96.396831][ C0] -> #1 (&port_lock_key){-.-.}-{2:2}: [ 96.396857][ C0] _raw_spin_lock_irqsave+0x39/0x50 [ 96.396865][ C0] serial8250_console_write+0x880/0xa90 [ 96.396872][ C0] console_unlock+0x841/0xbb0 [ 96.396879][ C0] vprintk_emit+0x189/0x490 [ 96.396885][ C0] vprintk_func+0x8d/0x1e0 [ 96.396892][ C0] printk+0xba/0xed [ 96.396898][ C0] register_console+0x5d1/0x800 [ 96.396905][ C0] univ8250_console_init+0x3a/0x46 [ 96.396912][ C0] console_init+0x3c7/0x596 [ 96.396919][ C0] start_kernel+0x2fc/0x48c [ 96.396926][ C0] secondary_startup_64_no_verify+0xb0/0xbb [ 96.396933][ C0] [ 96.396937][ C0] -> #0 (console_owner){....}-{0:0}: [ 96.396962][ C0] __lock_acquire+0x2b26/0x54f0 [ 96.396969][ C0] lock_acquire+0x1a8/0x720 [ 96.396976][ C0] console_unlock+0x37a/0xbb0 [ 96.396982][ C0] vprintk_emit+0x189/0x490 [ 96.396988][ C0] vprintk_func+0x8d/0x1e0 [ 96.396994][ C0] printk+0xba/0xed [ 96.397000][ C0] tty_port_close_start.part.0+0x503/0x550 [ 96.397008][ C0] tty_port_close+0x46/0x170 [ 96.397014][ C0] tty_release+0x45e/0x1210 [ 96.397020][ C0] __fput+0x283/0x920 [ 96.397027][ C0] task_work_run+0xdd/0x190 [ 96.397033][ C0] exit_to_user_mode_prepare+0x249/0x250 [ 96.397041][ C0] syscall_exit_to_user_mode+0x19/0x50 [ 96.397049][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 96.397055][ C0] [ 96.397060][ C0] other info that might help us debug this: [ 96.397067][ C0] [ 96.397071][ C0] Chain exists of: [ 96.397076][ C0] console_owner --> &port_lock_key --> &port->lock [ 96.397110][ C0] [ 96.397115][ C0] Possible unsafe locking scenario: [ 96.397121][ C0] [ 96.397126][ C0] CPU0 CPU1 [ 96.397133][ C0] ---- ---- [ 96.397139][ C0] lock(&port->lock); [ 96.397154][ C0] lock(&port_lock_key); [ 96.397171][ C0] lock(&port->lock); [ 96.397188][ C0] lock(console_owner); [ 96.397202][ C0] [ 96.397207][ C0] *** DEADLOCK *** [ 96.397211][ C0] [ 96.397216][ C0] 3 locks held by syz-executor810/8665: [ 96.397223][ C0] #0: ffff888019b801c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_lock+0xbd/0x120 [ 96.397256][ C0] #1: ffffffff906b3358 (&port->lock){-.-.}-{2:2}, at: tty_port_close_start.part.0+0x28/0x550 [ 96.397299][ C0] #2: ffffffff8bd63060 (console_lock){+.+.}-{0:0}, at: vprintk_func+0x8d/0x1e0 [ 96.397330][ C0] [ 96.397335][ C0] stack backtrace: [ 96.397342][ C0] CPU: 0 PID: 8665 Comm: syz-executor810 Not tainted 5.11.0-rc6-syzkaller #0 [ 96.397352][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 [ 96.397361][ C0] Call Trace: [ 96.397366][ C0] dump_stack+0x107/0x163 [ 96.397372][ C0] check_noncircular+0x25f/0x2e0 [ 96.397379][ C0] ? stack_trace_consume_entry+0x160/0x160 [ 96.397386][ C0] ? print_circular_bug+0x480/0x480 [ 96.397392][ C0] ? memcpy+0x39/0x60 [ 96.397398][ C0] ? lockdep_lock+0xc6/0x200 [ 96.397404][ C0] ? call_rcu_zapped+0xb0/0xb0 [ 96.397410][ C0] __lock_acquire+0x2b26/0x54f0 [ 96.397417][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 96.397424][ C0] lock_acquire+0x1a8/0x720 [ 96.397430][ C0] ? console_unlock+0x2fb/0xbb0 [ 96.397437][ C0] ? lock_release+0x710/0x710 [ 96.397443][ C0] ? lock_downgrade+0x6d0/0x6d0 [ 96.397450][ C0] ? do_raw_spin_lock+0x120/0x2b0 [ 96.397456][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 96.397462][ C0] console_unlock+0x37a/0xbb0 [ 96.397468][ C0] ? console_unlock+0x2fb/0xbb0 [ 96.397474][ C0] ? devkmsg_read+0x740/0x740 [ 96.397481][ C0] ? lock_release+0x710/0x710 [ 96.397487][ C0] ? do_raw_spin_unlock+0x171/0x230 [ 96.397493][ C0] ? vprintk_func+0x8d/0x1e0 [ 96.397500][ C0] vprintk_emit+0x189/0x490 [ 96.397506][ C0] vprintk_func+0x8d/0x1e0 [ 96.397511][ C0] printk+0xba/0xed [ 96.397517][ C0] ? record_print_text.cold+0x16/0x16 [ 96.397524][ C0] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 96.397532][ C0] tty_port_close_start.part.0+0x503/0x550 [ 96.397539][ C0] tty_port_close+0x46/0x170 [ 96.397545][ C0] ? tpk_open+0x60/0x60 [ 96.397551][ C0] tty_release+0x45e/0x1210 [ 96.397557][ C0] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 96.397564][ C0] __fput+0x283/0x920 [ 96.397570][ C0] ? tty_release_struct+0xe0/0xe0 [ 96.397576][ C0] task_work_run+0xdd/0x190 [ 96.397583][ C0] exit_to_user_mode_prepare+0x249/0x250 [ 96.397590][ C0] syscall_exit_to_user_mode+0x19/0x50 [ 96.397597][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 96.397604][ C0] RIP: 0033:0x40667b [ 96.397615][ C0] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 03 fd ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 41 fd ff ff 8b 44 [ 96.397632][ C0] RSP: 002b:00007fffc1ef8ee0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 96.397648][ C0] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 000000000040667b [ 96.397658][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 96.397667][ C0] RBP: 00000000004ca41c R08: 0000000000000000 R09: 0000000100000000 [ 96.397676][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 96.397685][ C0] R13: 00007fffc1ef8f30 R14: 00007fffc1ef8f80 R15: 0000000000000002 VM DIAGNOSIS: 09:40:52 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff8418b75c RDI=ffffffff9069a5c0 RBP=ffffffff9069a580 RSP=ffffc90000007c38 R8 =000000000000003b R9 =0000000000000000 R10=ffffffff8418b74d R11=000000000000001f R12=0000000000000000 R13=fffffbfff20d3503 R14=fffffbfff20d34ba R15=dffffc0000000000 RIP=ffffffff8418b782 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000001589300 ffffffff 00c00000 GS =0000 ffff88802ca00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000485b80 CR3=0000000020c67000 CR4=00150ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000004c99e000000000004c99e0 XMM02=ffffffffffff00000000000000000000 XMM03=000000000000000000000000000000ff XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000034323031203030352036 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000001ac16 RBX=ffff8880116c2400 RCX=ffffffff88fb88d0 RDX=0000000000000000 RSI=0000000000000001 RDI=ffffffff88fde11f RBP=ffffed10022d8480 RSP=ffffc9000043fdf8 R8 =0000000000000000 R9 =ffff88802cb35c6b R10=ffffed1005966b8d R11=0000000000000000 R12=0000000000000001 R13=0000000000000001 R14=ffffffff8da3b9c8 R15=0000000000000000 RIP=ffffffff88fddd5e RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cb00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000003c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000200008cc CR3=0000000020c67000 CR4=00150ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000004c99e000000000004c99e0 XMM02=ffffffffffff00000000000000000000 XMM03=000000000000000000000000000000ff XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000034323031203030352036 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 2 RAX=0000000000000000 RBX=00000000c769401c RCX=0000000000000000 RDX=ffff8880115d4040 RSI=ffffffff8390def0 RDI=0000000000000003 RBP=000000005364b2ac RSP=ffffc9000034f9a8 R8 =000000005364b2ac R9 =0000000000000000 R10=ffffffff8390dfdc R11=0000000000000000 R12=0000000000000000 R13=ffff88801552a7c0 R14=ffff888015294928 R15=ffff8880152948a0 RIP=ffffffff8172d3c7 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fb9ad75e500 ffffffff 00c00000 GS =0000 ffff88802cc00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000077000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055b6451f6498 CR3=0000000013009000 CR4=00150ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00009fc0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=7379732f646d65747379732f62696c2f XMM01=65642e39647974742d7665642f6d6574 XMM02=00642e6563697665642e39647974742d XMM03=7665642f6d65747379732f646d657473 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=000055b64519c340000055b64517dd70 XMM09=ffffffffffffff00000000000000ffff XMM10=20202020202020000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=000000000001ca26 RBX=ffff8880116c8040 RCX=ffffffff88fb88d0 RDX=0000000000000000 RSI=0000000000000001 RDI=ffffffff88fde11f RBP=ffffed10022d9008 RSP=ffffc9000045fdf8 R8 =0000000000000000 R9 =ffff88802cd35c6b R10=ffffed10059a6b8d R11=0000000000000000 R12=0000000000000003 R13=0000000000000003 R14=ffffffff8da3b9c8 R15=0000000000000000 RIP=ffffffff88fddd5e RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cd00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000b2000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055b6451f5378 CR3=0000000013009000 CR4=00150ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00009fc0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=0000000000ff000000000000ff000000 XMM02=00000000000000210000000065636976 XMM03=00000000000000000000000000000000 XMM04=000000000000000000ff000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=000055b64519c340000055b64517dd70 XMM09=ffffffffffffff00000000000000ffff XMM10=20202020202020000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000