[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.19' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 70.414580][ T27] audit: type=1400 audit(1597542819.286:8): avc: denied { execmem } for pid=6845 comm="syz-executor337" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 70.470229][ T6845] [ 70.472682][ T6845] ============================================ [ 70.478808][ T6845] WARNING: possible recursive locking detected [ 70.485047][ T6845] 5.8.0-syzkaller #0 Not tainted [ 70.489962][ T6845] -------------------------------------------- [ 70.496099][ T6845] syz-executor337/6845 is trying to acquire lock: [ 70.502487][ T6845] ffff8880a1ff8530 (&tty->write_wait){-.-.}-{2:2}, at: io_poll_double_wake+0x12a/0x3f0 [ 70.512214][ T6845] [ 70.512214][ T6845] but task is already holding lock: [ 70.519569][ T6845] ffff8880a1ff8530 (&tty->write_wait){-.-.}-{2:2}, at: __wake_up_common_lock+0xb4/0x130 [ 70.529286][ T6845] [ 70.529286][ T6845] other info that might help us debug this: [ 70.537323][ T6845] Possible unsafe locking scenario: [ 70.537323][ T6845] [ 70.544773][ T6845] CPU0 [ 70.548040][ T6845] ---- [ 70.551291][ T6845] lock(&tty->write_wait); [ 70.555774][ T6845] lock(&tty->write_wait); [ 70.560244][ T6845] [ 70.560244][ T6845] *** DEADLOCK *** [ 70.560244][ T6845] [ 70.568391][ T6845] May be due to missing lock nesting notation [ 70.568391][ T6845] [ 70.576690][ T6845] 4 locks held by syz-executor337/6845: [ 70.582204][ T6845] #0: ffff8880a1ff8098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 70.591918][ T6845] #1: ffff8880a1ff82e8 (&tty->termios_rwsem){++++}-{3:3}, at: tty_set_termios+0xec/0x840 [ 70.601807][ T6845] #2: ffff8880a1ff8098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1d/0x80 [ 70.611074][ T6845] #3: ffff8880a1ff8530 (&tty->write_wait){-.-.}-{2:2}, at: __wake_up_common_lock+0xb4/0x130 [ 70.621209][ T6845] [ 70.621209][ T6845] stack backtrace: [ 70.627089][ T6845] CPU: 1 PID: 6845 Comm: syz-executor337 Not tainted 5.8.0-syzkaller #0 [ 70.635407][ T6845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.645455][ T6845] Call Trace: [ 70.648737][ T6845] dump_stack+0x18f/0x20d [ 70.653065][ T6845] __lock_acquire.cold+0x115/0x396 [ 70.658152][ T6845] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 70.664109][ T6845] lock_acquire+0x1f1/0xad0 [ 70.668589][ T6845] ? io_poll_double_wake+0x12a/0x3f0 [ 70.673849][ T6845] ? lock_release+0x8e0/0x8e0 [ 70.678499][ T6845] ? lock_acquire+0x1f1/0xad0 [ 70.683155][ T6845] ? __wake_up_common_lock+0xb4/0x130 [ 70.688506][ T6845] _raw_spin_lock+0x2a/0x40 [ 70.692986][ T6845] ? io_poll_double_wake+0x12a/0x3f0 [ 70.698249][ T6845] io_poll_double_wake+0x12a/0x3f0 [ 70.703337][ T6845] ? lock_is_held_type+0xbb/0xf0 [ 70.708248][ T6845] ? rwlock_bug.part.0+0x90/0x90 [ 70.713174][ T6845] __wake_up_common+0x147/0x650 [ 70.718005][ T6845] __wake_up_common_lock+0xd0/0x130 [ 70.723179][ T6845] ? __wake_up_common+0x650/0x650 [ 70.728189][ T6845] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 70.733993][ T6845] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 70.739959][ T6845] ? trace_hardirqs_on+0x5f/0x220 [ 70.744964][ T6845] n_tty_set_termios+0x73d/0x1010 [ 70.749978][ T6845] ? n_tty_receive_buf+0x40/0x40 [ 70.754903][ T6845] tty_set_termios+0x5eb/0x840 [ 70.759646][ T6845] ? tty_wait_until_sent+0x530/0x530 [ 70.764909][ T6845] ? lock_downgrade+0x830/0x830 [ 70.769737][ T6845] ? up_write+0x191/0x560 [ 70.774046][ T6845] ? zero_buffer.isra.0+0x60/0x60 [ 70.779052][ T6845] set_termios.part.0+0x2be/0x4d0 [ 70.784053][ T6845] ? set_termiox+0x2f0/0x2f0 [ 70.788621][ T6845] ? trace_hardirqs_on+0x5f/0x220 [ 70.793636][ T6845] ? __tty_check_change.part.0+0x2c9/0x3f0 [ 70.799419][ T6845] tty_mode_ioctl+0x899/0xb60 [ 70.804080][ T6845] ? get_termio+0x2d0/0x2d0 [ 70.808560][ T6845] ? __ldsem_down_read_nested+0xd2/0x880 [ 70.814179][ T6845] ? __ldsem_down_read_nested+0xe3/0x880 [ 70.819788][ T6845] ? trace_hardirqs_on+0x5f/0x220 [ 70.824802][ T6845] ? lockdep_hardirqs_on+0x76/0xf0 [ 70.829889][ T6845] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 70.835238][ T6845] ? tomoyo_path_number_perm+0x244/0x4d0 [ 70.840850][ T6845] n_tty_ioctl_helper+0x55/0x3a0 [ 70.845766][ T6845] n_tty_ioctl+0x56/0x370 [ 70.850416][ T6845] tty_ioctl+0x10c5/0x15f0 [ 70.854819][ T6845] ? commit_echoes+0x210/0x210 [ 70.859590][ T6845] ? tty_fasync+0x390/0x390 [ 70.864080][ T6845] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 70.870040][ T6845] ? do_vfs_ioctl+0x27d/0x1090 [ 70.874785][ T6845] ? generic_block_fiemap+0x60/0x60 [ 70.879963][ T6845] ? selinux_inode_getsecctx+0x90/0x90 [ 70.885415][ T6845] ? io_submit_sqes+0x2380/0x2380 [ 70.890421][ T6845] ? fput_many+0x2f/0x1a0 [ 70.895610][ T6845] ? bpf_lsm_file_ioctl+0x5/0x10 [ 70.900527][ T6845] ? tty_fasync+0x390/0x390 [ 70.905009][ T6845] __x64_sys_ioctl+0x193/0x200 [ 70.909771][ T6845] do_syscall_64+0x2d/0x70 [ 70.914167][ T6845] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 70.920035][ T6845] RIP: 0033:0x4405b9 [ 70.923918][ T6845] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 70.943501][ T6845] RSP: 002b:00007ffddb7dcb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.951892][ T6845] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004405b9 [ 70.959845][ T6845] RDX: 0000000020000000 RSI: 0000000000005404 RDI: 0000000000000003 [ 70.967796][ T6845] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 70.975757][ T6845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401e20 [ 70.983719][ T6845] R13: 0000000000401eb0 R14: 0000000000000000 R15: 0000000000000000