[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.21' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 60.116996][ T6841] general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] PREEMPT SMP KASAN [ 60.128750][ T6841] KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f] [ 60.137140][ T6841] CPU: 0 PID: 6841 Comm: syz-executor870 Not tainted 5.8.0-syzkaller #0 [ 60.145444][ T6841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.155493][ T6841] RIP: 0010:io_poll_double_wake+0x51/0x510 [ 60.161283][ T6841] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 9e 03 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 48 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 06 0f 8e 63 03 00 00 0f b6 6b 48 bf 06 00 00 [ 60.180865][ T6841] RSP: 0018:ffffc9000533f820 EFLAGS: 00010006 [ 60.186967][ T6841] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 60.195007][ T6841] RDX: 0000000000000009 RSI: ffffffff81d6fe2d RDI: 0000000000000048 [ 60.203534][ T6841] RBP: dffffc0000000000 R08: ffff8880950ce318 R09: ffff888092cd1c1f [ 60.212526][ T6841] R10: 0000000000000001 R11: 00000000000066d0 R12: 0000000000000000 [ 60.220474][ T6841] R13: ffff8880950ce318 R14: ffff8880950ce320 R15: 0000000000000000 [ 60.228428][ T6841] FS: 00007fdc4c9cd700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 60.237333][ T6841] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.243894][ T6841] CR2: 00007fd76f5e3710 CR3: 00000000a162a000 CR4: 00000000001506f0 [ 60.252191][ T6841] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.260160][ T6841] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.268124][ T6841] Call Trace: [ 60.271429][ T6841] ? lock_is_held_type+0xbb/0xf0 [ 60.276352][ T6841] ? rwlock_bug.part.0+0x90/0x90 [ 60.281277][ T6841] __wake_up_common+0x147/0x650 [ 60.286108][ T6841] __wake_up_common_lock+0xd0/0x130 [ 60.291281][ T6841] ? __wake_up_common+0x650/0x650 [ 60.296278][ T6841] ? lock_is_held_type+0xbb/0xf0 [ 60.301208][ T6841] ? ldsem_down_read_trylock+0x11b/0x180 [ 60.306822][ T6841] ? ldsem_down_read_trylock+0x121/0x180 [ 60.312434][ T6841] ? __init_ldsem+0x170/0x170 [ 60.317106][ T6841] n_tty_set_termios+0x73d/0x1010 [ 60.322138][ T6841] ? n_tty_receive_buf+0x40/0x40 [ 60.327173][ T6841] tty_set_termios+0x5eb/0x840 [ 60.331931][ T6841] ? tty_wait_until_sent+0x530/0x530 [ 60.337223][ T6841] ? lock_downgrade+0x830/0x830 [ 60.342074][ T6841] ? up_write+0x191/0x560 [ 60.346412][ T6841] ? zero_buffer.isra.0+0x60/0x60 [ 60.351452][ T6841] set_termios.part.0+0x2be/0x4d0 [ 60.356475][ T6841] ? set_termiox+0x2f0/0x2f0 [ 60.361060][ T6841] ? trace_hardirqs_on+0x5f/0x220 [ 60.366084][ T6841] ? __tty_check_change.part.0+0x2c9/0x3f0 [ 60.371892][ T6841] tty_mode_ioctl+0x899/0xb60 [ 60.376572][ T6841] ? get_termio+0x2d0/0x2d0 [ 60.381073][ T6841] ? __ldsem_down_read_nested+0xd2/0x880 [ 60.386701][ T6841] ? __ldsem_down_read_nested+0xe3/0x880 [ 60.392333][ T6841] ? trace_hardirqs_on+0x5f/0x220 [ 60.397358][ T6841] ? lockdep_hardirqs_on+0x76/0xf0 [ 60.402449][ T6841] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 60.407802][ T6841] ? tomoyo_path_number_perm+0x244/0x4d0 [ 60.413444][ T6841] n_tty_ioctl_helper+0x55/0x3a0 [ 60.418354][ T6841] n_tty_ioctl+0x56/0x370 [ 60.422663][ T6841] tty_ioctl+0x10c5/0x15f0 [ 60.427055][ T6841] ? commit_echoes+0x210/0x210 [ 60.431805][ T6841] ? tty_fasync+0x390/0x390 [ 60.436323][ T6841] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 60.442218][ T6841] ? do_vfs_ioctl+0x27d/0x1090 [ 60.446957][ T6841] ? generic_block_fiemap+0x60/0x60 [ 60.452130][ T6841] ? build_open_flags+0x650/0x650 [ 60.457193][ T6841] ? __fget_files+0x294/0x400 [ 60.461851][ T6841] ? bpf_lsm_file_ioctl+0x5/0x10 [ 60.466762][ T6841] ? tty_fasync+0x390/0x390 [ 60.471238][ T6841] __x64_sys_ioctl+0x193/0x200 [ 60.475975][ T6841] do_syscall_64+0x2d/0x70 [ 60.480382][ T6841] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.486370][ T6841] RIP: 0033:0x445c89 [ 60.490241][ T6841] Code: e8 fc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.509819][ T6841] RSP: 002b:00007fdc4c9ccda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 60.518204][ T6841] RAX: ffffffffffffffda RBX: 00000000006dac58 RCX: 0000000000445c89 [ 60.526151][ T6841] RDX: 0000000020000080 RSI: 0000000000005404 RDI: 0000000000000005 [ 60.534095][ T6841] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000 [ 60.542046][ T6841] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c [ 60.550016][ T6841] R13: 00007fffde43a00f R14: 00007fdc4c9cd9c0 R15: 20c49ba5e353f7cf [ 60.557964][ T6841] Modules linked in: [ 60.561846][ T6841] ---[ end trace fcb3eade8056d482 ]--- [ 60.567289][ T6841] RIP: 0010:io_poll_double_wake+0x51/0x510 [ 60.573070][ T6841] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 9e 03 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 48 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 06 0f 8e 63 03 00 00 0f b6 6b 48 bf 06 00 00 [ 60.592649][ T6841] RSP: 0018:ffffc9000533f820 EFLAGS: 00010006 [ 60.598687][ T6841] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 60.606633][ T6841] RDX: 0000000000000009 RSI: ffffffff81d6fe2d RDI: 0000000000000048 [ 60.614579][ T6841] RBP: dffffc0000000000 R08: ffff8880950ce318 R09: ffff888092cd1c1f [ 60.622527][ T6841] R10: 0000000000000001 R11: 00000000000066d0 R12: 0000000000000000 [ 60.630482][ T6841] R13: ffff8880950ce318 R14: ffff8880950ce320 R15: 0000000000000000 [ 60.638433][ T6841] FS: 00007fdc4c9cd700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 60.647336][ T6841] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.653897][ T6841] CR2: 00007fd76f5e3710 CR3: 00000000a162a000 CR4: 00000000001506f0 [ 60.661846][ T6841] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.669795][ T6841] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.677741][ T6841] Kernel panic - not syncing: Fatal exception [ 60.685070][ T6841] Kernel Offset: disabled [ 60.689387][ T6841] Rebooting in 86400 seconds..