[ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.91' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.083518] BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2228 [ 29.092099] in_atomic(): 1, irqs_disabled(): 1, pid: 7974, name: syz-executor853 [ 29.099631] 3 locks held by syz-executor853/7974: [ 29.104467] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 29.113379] #1: (&(&tty->flow_lock)->rlock){....}, at: [] n_tty_ioctl_helper+0xa0/0x350 [ 29.123256] #2: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref+0x1b/0x80 [ 29.131772] irq event stamp: 6850 [ 29.135214] hardirqs last enabled at (6849): [] _raw_spin_unlock_irqrestore+0x79/0xe0 [ 29.144823] hardirqs last disabled at (6850): [] _raw_spin_lock_irq+0x35/0x80 [ 29.153754] softirqs last enabled at (6594): [] peernet2id+0x60/0x70 [ 29.161881] softirqs last disabled at (6592): [] peernet2id+0x20/0x70 [ 29.170225] Preemption disabled at: [ 29.170230] [< (null)>] (null) [ 29.178783] CPU: 1 PID: 7974 Comm: syz-executor853 Not tainted 4.14.241-syzkaller #0 [ 29.186654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.195985] Call Trace: [ 29.198559] dump_stack+0x1b2/0x281 [ 29.202177] ___might_sleep.cold+0x235/0x250 [ 29.206565] do_con_write+0xd0/0x19b0 [ 29.210357] ? resched_curr+0xc7/0x360 [ 29.214221] ? n_hdlc_buf_get+0x194/0x220 [ 29.218374] ? lock_acquire+0x170/0x3f0 [ 29.222459] ? lock_downgrade+0x740/0x740 [ 29.226605] ? do_con_trol+0x51e0/0x51e0 [ 29.230650] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 29.235745] con_write+0x21/0xa0 [ 29.239132] ? con_put_char+0xa0/0xa0 [ 29.242952] n_hdlc_send_frames+0x241/0x410 [ 29.247405] n_hdlc_tty_wakeup+0x95/0xb0 [ 29.251452] ? n_hdlc_tty_open+0x4d0/0x4d0 [ 29.255777] tty_wakeup+0xc3/0xf0 [ 29.259215] ? insert_char+0x280/0x280 [ 29.263100] __start_tty+0x10b/0x140 [ 29.266891] n_tty_ioctl_helper+0x2f8/0x350 [ 29.271190] n_hdlc_tty_ioctl+0xd4/0x300 [ 29.275245] tty_ioctl+0x5af/0x13c0 [ 29.278893] ? n_hdlc_tty_wakeup+0xb0/0xb0 [ 29.283238] ? tty_fasync+0x2c0/0x2c0 [ 29.287041] ? tty_write+0x4a3/0x740 [ 29.290731] ? n_hdlc_tty_poll+0x300/0x300 [ 29.294977] ? fsnotify+0x974/0x11b0 [ 29.298662] ? tty_compat_ioctl+0x240/0x240 [ 29.303141] ? __handle_mm_fault+0x80f/0x4620 [ 29.307625] ? tty_fasync+0x2c0/0x2c0 [ 29.311402] do_vfs_ioctl+0x75a/0xff0 [ 29.315187] ? ioctl_preallocate+0x1a0/0x1a0 [ 29.319582] ? rw_verify_area+0xe1/0x2a0 [ 29.323622] ? vfs_write+0x319/0x4d0 [ 29.327326] ? SyS_write+0x14d/0x210 [ 29.331026] ? security_file_ioctl+0x83/0xb0 [ 29.335409] SyS_ioctl+0x7f/0xb0 [ 29.338752] ? do_vfs_ioctl+0xff0/0xff0 [ 29.342712] do_syscall_64+0x1d5/0x640 [ 29.346589] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.351758] RIP: 0033:0x43f159 [ 29.354932] RSP: 002b:00007fff429c9d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 29.362626] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f159 [ 29.369984] RDX: 0000000000000001 RSI: 000000000000540a RDI: 0000000000000003 [ 29.377292] RBP: 0000000000402fe0 R08: 0000000000400488 R09: 0000000000400488 [