[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.11' (ECDSA) to the list of known hosts. syzkaller login: [ 163.569501] audit: type=1400 audit(1599438077.700:8): avc: denied { execmem } for pid=6360 comm="syz-executor959" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 219.127293] [ 219.127295] ===================================== [ 219.127297] WARNING: bad unlock balance detected! [ 219.127298] 4.14.196-syzkaller #0 Not tainted [ 219.127300] ------------------------------------- [ 219.127301] wpw/1904 is trying to release lock (console_lock) at: [ 219.127305] [] do_con_write+0xb2f/0x19b0 [ 219.127306] but there are no more locks to release! [ 219.127307] [ 219.127308] other info that might help us debug this: [ 219.127309] 5 locks held by wpw/1904: [ 219.127310] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 219.127315] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 219.127319] #2: ((null)){....}, at: [<0077770000000000>] 0x77770000000000 [ 219.127323] #3: ((null)){....}, at: [<0077000000000000>] 0x77000000000000 [ 219.127327] #4: (css_set_lock){..-.}, at: [<0770777000770077>] 0x770777000770077 [ 219.127332] [ 219.127333] stack backtrace: [ 219.127335] CPU: 0 PID: 1904 Comm: wpw Not tainted 4.14.196-syzkaller #0 [ 219.127337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.127338] Call Trace: [ 219.127339] dump_stack+0x1b2/0x283 [ 219.127340] ? do_con_write+0xb2f/0x19b0 [ 219.127341] lock_release.cold+0x70/0xbf [ 219.127343] ? lock_acquire+0x170/0x3f0 [ 219.127344] ? lock_downgrade+0x740/0x740 [ 219.127345] ? do_con_write+0xb2f/0x19b0 [ 219.127346] __up_console_sem+0x1e/0x1b0 [ 219.127347] console_unlock+0x531/0xf20 [ 219.127349] ? lock_downgrade+0x740/0x740 [ 219.127350] ? fb_flashcursor+0x400/0x400 [ 219.127351] do_con_write+0xb2f/0x19b0 [ 219.127352] ? do_con_trol+0x51e0/0x51e0 [ 219.127354] ? __mutex_unlock_slowpath+0x75/0x770 [ 219.127355] ? wait_for_completion_io+0x10/0x10 [ 219.127356] ? con_write+0x90/0xa0 [ 219.127357] con_write+0x21/0xa0 [ 219.127358] n_tty_write+0x352/0xda0 [ 219.127360] ? lock_acquire+0x170/0x3f0 [ 219.127361] ? n_tty_open+0x160/0x160 [ 219.127362] ? do_wait_intr_irq+0x270/0x270 [ 219.127363] ? __might_fault+0xf/0x1b0 [ 219.127364] tty_write+0x410/0x740 [ 219.127365] ? n_tty_open+0x160/0x160 [ 219.127367] __vfs_write+0xe4/0x630 [ 219.127368] ? tty_compat_ioctl+0x240/0x240 [ 219.127369] ? iov_iter_advance+0x6f1/0xbe0 [ 219.127370] ? kernel_read+0x110/0x110 [ 219.127372] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 219.127373] ? default_file_splice_read+0x5ba/0x910 [ 219.127374] ? alloc_pipe_info+0x140/0x3c0 [ 219.127375] __kernel_write+0xf5/0x330 [ 219.127377] write_pipe_buf+0x143/0x1c0 [ 219.127378] ? default_file_splice_read+0x910/0x910 [ 219.127379] __splice_from_pipe+0x326/0x7a0 [ 219.127381] ? default_file_splice_read+0x910/0x910 [ 219.127382] default_file_splice_write+0xc5/0x150 [ 219.127384] ? generic_splice_sendpage+0x110/0x110 [ 219.127385] ? rw_verify_area+0xe1/0x2a0 [ 219.127386] ? generic_splice_sendpage+0x110/0x110 [ 219.127387] direct_splice_actor+0x115/0x160 [ 219.127389] splice_direct_to_actor+0x27c/0x730 [ 219.127390] ? generic_pipe_buf_nosteal+0x10/0x10 [ 219.127391] ? do_splice_to+0x140/0x140 [ 219.127393] ? rw_verify_area+0xe1/0x2a0 [ 219.127394] do_splice_direct+0x164/0x210 [ 219.127395] ? splice_direct_to_actor+0x730/0x730 [ 219.127396] ? rw_verify_area+0xe1/0x2a0 [ 219.127398] do_sendfile+0x47f/0xb30 [ 219.127399] ? do_compat_writev+0x180/0x180 [ 219.127400] ? SyS_futex+0x1da/0x290 [ 219.127401] SyS_sendfile64+0xff/0x110 [ 219.127402] ? SyS_sendfile+0x130/0x130 [ 219.127404] ? do_syscall_64+0x4c/0x640 [ 219.127405] ? SyS_sendfile+0x130/0x130 [ 219.127406] do_syscall_64+0x1d5/0x640 [ 219.127407] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 219.127408] RIP: 0033:0x446ac9 [ 219.127410] RSP: 002b:00007fb296788d18 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 219.127413] RAX: ffffffffffffffda RBX: 00000000006dbc58 RCX: 0000000000446ac9 [ 219.127415] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 219.127417] RBP: 00000000006dbc50 R08: 65732f636f72702f R09: 65732f636f72702f [ 219.127419] R10: 0800000080004103 R11: 0000000000000246 R12: 00000000006dbc5c [ 219.127421] R13: 00007fb296788d20 R14: 00007fb296788d20 R15: 20c49ba5e353f7cf [ 219.519504] kasan: CONFIG_KASAN_INLINE enabled [ 219.524073] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 219.531438] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 219.537658] Modules linked in: [ 219.540843] CPU: 0 PID: 1904 Comm: wpw Not tainted 4.14.196-syzkaller #0 [ 219.547661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.556994] task: ffff8880001283c0 task.stack: ffff888000130000 [ 219.563117] RIP: 0010:update_curr+0x26/0x670 [ 219.567496] RSP: 0018:ffff8880aea07ce0 EFLAGS: 00010082 [ 219.572830] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffffffff0d5428f [ 219.580092] RDX: 0000000000000ee7 RSI: ffff888000128440 RDI: 0000000000007738 [ 219.587334] RBP: 0000000000007700 R08: ffff88821fff7018 R09: ffff88821fff700f [ 219.594579] R10: ffff88821fff7017 R11: 0000003471fce0a4 R12: 0000000000007700 [ 219.601823] R13: ffff888000128590 R14: ffffffff879d2d60 R15: ffff888000128440 [ 219.609068] FS: 00007fb296789700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 [ 219.617266] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 219.623120] CR2: 00000000004c1c33 CR3: 000000000003f000 CR4: 00000000001406f0 [ 219.630364] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 219.637627] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 219.644889] Call Trace: [ 219.647459] [ 219.649588] task_tick_fair+0x5f5/0x1130 [ 219.653628] scheduler_tick+0xf6/0x2d0 [ 219.657579] ? wake_up_klogd_work_func+0xa2/0xc0 [ 219.662309] update_process_times+0x40/0xa0 [ 219.666606] tick_sched_handle+0x7d/0x150 [ 219.670730] tick_sched_timer+0x92/0x200 [ 219.674767] __hrtimer_run_queues+0x30b/0xc80 [ 219.679499] ? tick_do_update_jiffies64.part.0+0x270/0x270 [ 219.685098] ? retrigger_next_event+0x310/0x310 [ 219.689757] ? ktime_get_update_offsets_now+0x272/0x3f0 [ 219.695096] hrtimer_interrupt+0x1e6/0x5e0 [ 219.699311] smp_apic_timer_interrupt+0x117/0x5e0 [ 219.704131] apic_timer_interrupt+0x93/0xa0 [ 219.708426] [ 219.710640] RIP: 0010:console_unlock+0xb73/0xf20 [ 219.715371] RSP: 0018:ffff888000137490 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff10 [ 219.723223] RAX: ffff8880001283c0 RBX: 00000000000005ab RCX: 1ffffffff1027c6c [ 219.730491] RDX: 0000000007700077 RSI: 0000000000000002 RDI: 0000000000000202 [ 219.737944] RBP: 00000000000005ab R08: 0000000000000001 R09: 0000000000000000 [ 219.745212] R10: 0000000000000000 R11: ffff8880001283c0 R12: ffff8880aa4c0980 [ 219.752494] R13: 0000000000000066 R14: dffffc0000000000 R15: 00000000000005ab [ 219.759788] ? lock_downgrade+0x740/0x740 [ 219.763913] ? fb_flashcursor+0x400/0x400 [ 219.768038] do_con_write+0xb2f/0x19b0 [ 219.771902] ? do_con_trol+0x51e0/0x51e0 [ 219.775937] ? __mutex_unlock_slowpath+0x75/0x770 [ 219.780754] ? wait_for_completion_io+0x10/0x10 [ 219.785415] ? con_write+0x90/0xa0 [ 219.788931] con_write+0x21/0xa0 [ 219.792272] n_tty_write+0x352/0xda0 [ 219.795984] ? lock_acquire+0x170/0x3f0 [ 219.799934] ? n_tty_open+0x160/0x160 [ 219.803710] ? do_wait_intr_irq+0x270/0x270 [ 219.808029] ? __might_fault+0xf/0x1b0 [ 219.811913] tty_write+0x410/0x740 [ 219.815430] ? n_tty_open+0x160/0x160 [ 219.819729] __vfs_write+0xe4/0x630 [ 219.823418] ? tty_compat_ioctl+0x240/0x240 [ 219.827718] ? iov_iter_advance+0x6f1/0xbe0 [ 219.832014] ? kernel_read+0x110/0x110 [ 219.835879] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 219.840875] ? default_file_splice_read+0x5ba/0x910 [ 219.845872] ? alloc_pipe_info+0x140/0x3c0 [ 219.850087] __kernel_write+0xf5/0x330 [ 219.853952] write_pipe_buf+0x143/0x1c0 [ 219.857908] ? default_file_splice_read+0x910/0x910 [ 219.862901] __splice_from_pipe+0x326/0x7a0 [ 219.867201] ? default_file_splice_read+0x910/0x910 [ 219.872219] default_file_splice_write+0xc5/0x150 [ 219.877047] ? generic_splice_sendpage+0x110/0x110 [ 219.881959] ? rw_verify_area+0xe1/0x2a0 [ 219.886009] ? generic_splice_sendpage+0x110/0x110 [ 219.890936] direct_splice_actor+0x115/0x160 [ 219.895331] splice_direct_to_actor+0x27c/0x730 [ 219.899977] ? generic_pipe_buf_nosteal+0x10/0x10 [ 219.904800] ? do_splice_to+0x140/0x140 [ 219.908753] ? rw_verify_area+0xe1/0x2a0 [ 219.912806] do_splice_direct+0x164/0x210 [ 219.916929] ? splice_direct_to_actor+0x730/0x730 [ 219.921745] ? rw_verify_area+0xe1/0x2a0 [ 219.925782] do_sendfile+0x47f/0xb30 [ 219.929471] ? do_compat_writev+0x180/0x180 [ 219.933769] ? SyS_futex+0x1da/0x290 [ 219.937458] SyS_sendfile64+0xff/0x110 [ 219.941340] ? SyS_sendfile+0x130/0x130 [ 219.945310] ? do_syscall_64+0x4c/0x640 [ 219.949259] ? SyS_sendfile+0x130/0x130 [ 219.953210] do_syscall_64+0x1d5/0x640 [ 219.957078] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 219.962246] RIP: 0033:0x446ac9 [ 219.965410] RSP: 002b:00007fb296788d18 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 219.973110] RAX: ffffffffffffffda RBX: 00000000006dbc58 RCX: 0000000000446ac9 [ 219.980358] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 219.987604] RBP: 00000000006dbc50 R08: 65732f636f72702f R09: 65732f636f72702f [ 219.994869] R10: 0800000080004103 R11: 0000000000000246 R12: 00000000006dbc5c [ 220.002114] R13: 00007fb296788d20 R14: 00007fb296788d20 R15: 20c49ba5e353f7cf [ 220.009361] Code: 00 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 41 57 41 56 41 55 41 54 55 48 89 fd 48 83 c7 38 48 89 fa 53 48 c1 ea 03 48 83 ec 10 <80> 3c 02 00 0f 85 50 05 00 00 48 8d bd c8 00 00 00 48 8b 5d 38 [ 220.028432] RIP: update_curr+0x26/0x670 RSP: ffff8880aea07ce0 [ 220.034323] ---[ end trace 01d0e9215eeed6c1 ]--- [ 220.039052] Kernel panic - not syncing: Fatal exception in interrupt [ 220.047143] Kernel Offset: disabled [ 220.050756] Rebooting in 86400 seconds..