[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty1. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.126' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 65.542087][ T8477] ------------[ cut here ]------------ [ 65.548652][ T8477] WARNING: CPU: 0 PID: 8477 at fs/io_uring.c:1535 io_poll_double_wake+0x4fb/0x760 [ 65.557832][ T8477] Modules linked in: [ 65.561704][ T8477] CPU: 0 PID: 8477 Comm: syz-executor232 Not tainted 5.13.0-syzkaller #0 [ 65.570093][ T8477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.580127][ T8477] RIP: 0010:io_poll_double_wake+0x4fb/0x760 [ 65.586007][ T8477] Code: cb db ff f0 41 ff 4c 24 5c 0f 94 c3 31 ff 89 de e8 2a b5 95 ff 84 db b8 01 00 00 00 0f 84 6f fc ff ff 89 04 24 e8 d5 ae 95 ff <0f> 0b 8b 04 24 e9 5d fc ff ff e8 c6 ae 95 ff 4c 89 e5 e9 a1 fb ff [ 65.605602][ T8477] RSP: 0018:ffffc900016cfc20 EFLAGS: 00010093 [ 65.611733][ T8477] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 65.619682][ T8477] RDX: ffff888024021c40 RSI: ffffffff81dfd9db RDI: 0000000000000003 [ 65.627652][ T8477] RBP: ffff88801771d91c R08: 0000000000000001 R09: 0000000000000001 [ 65.635969][ T8477] R10: ffffffff81dfd9c6 R11: 0000000000000000 R12: ffff88801771d8c0 [ 65.643933][ T8477] R13: 0000000000000000 R14: ffff88801771d8f0 R15: ffff888014bfe4a0 [ 65.651889][ T8477] FS: 0000000002131300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 65.660816][ T8477] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 65.667379][ T8477] CR2: 00007ffe08fb1080 CR3: 0000000013bc6000 CR4: 00000000001506f0 [ 65.675329][ T8477] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 65.683278][ T8477] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 65.691230][ T8477] Call Trace: [ 65.694491][ T8477] __wake_up_common+0x147/0x650 [ 65.699328][ T8477] __wake_up_common_lock+0xd0/0x130 [ 65.704506][ T8477] ? __wake_up_common+0x650/0x650 [ 65.709509][ T8477] ? rwlock_bug.part.0+0x90/0x90 [ 65.714423][ T8477] ? _raw_spin_unlock_irq+0x1f/0x40 [ 65.719601][ T8477] pty_close+0x224/0x4f0 [ 65.723828][ T8477] ? ptmx_open+0x360/0x360 [ 65.728237][ T8477] tty_release+0x45e/0x1200 [ 65.732771][ T8477] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 65.739162][ T8477] __fput+0x288/0x920 [ 65.743152][ T8477] ? tty_release_struct+0xe0/0xe0 [ 65.748218][ T8477] task_work_run+0xdd/0x1a0 [ 65.752726][ T8477] exit_to_user_mode_prepare+0x27e/0x290 [ 65.758372][ T8477] syscall_exit_to_user_mode+0x19/0x60 [ 65.763848][ T8477] do_syscall_64+0x42/0xb0 [ 65.768277][ T8477] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 65.774178][ T8477] RIP: 0033:0x4075fb [ 65.778079][ T8477] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 03 fd ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 41 fd ff ff 8b 44 [ 65.797881][ T8477] RSP: 002b:00007ffe08f83710 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 65.806290][ T8477] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004075fb [ 65.814326][ T8477] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000004 [ 65.822275][ T8477] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000064 [ 65.830339][ T8477] R10: 00007ffe08f83770 R11: 0000000000000293 R12: 000000000000ffe7 [ 65.838408][ T8477] R13: 00000000004d12ac R14: 00007ffe08f83770 R15: 00000000004d12a0 [ 65.846362][ T8477] Kernel panic - not syncing: panic_on_warn set ... [ 65.852937][ T8477] CPU: 0 PID: 8477 Comm: syz-executor232 Not tainted 5.13.0-syzkaller #0 [ 65.861340][ T8477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.871373][ T8477] Call Trace: [ 65.874632][ T8477] dump_stack_lvl+0xcd/0x134 [ 65.879209][ T8477] panic+0x306/0x73d [ 65.883083][ T8477] ? __warn_printk+0xf3/0xf3 [ 65.888001][ T8477] ? __warn.cold+0x1a/0x44 [ 65.892398][ T8477] ? io_poll_double_wake+0x4fb/0x760 [ 65.897664][ T8477] __warn.cold+0x35/0x44 [ 65.901884][ T8477] ? io_poll_double_wake+0x4fb/0x760 [ 65.907156][ T8477] report_bug+0x1bd/0x210 [ 65.911491][ T8477] handle_bug+0x3c/0x60 [ 65.915639][ T8477] exc_invalid_op+0x14/0x40 [ 65.920141][ T8477] asm_exc_invalid_op+0x12/0x20 [ 65.924997][ T8477] RIP: 0010:io_poll_double_wake+0x4fb/0x760 [ 65.930887][ T8477] Code: cb db ff f0 41 ff 4c 24 5c 0f 94 c3 31 ff 89 de e8 2a b5 95 ff 84 db b8 01 00 00 00 0f 84 6f fc ff ff 89 04 24 e8 d5 ae 95 ff <0f> 0b 8b 04 24 e9 5d fc ff ff e8 c6 ae 95 ff 4c 89 e5 e9 a1 fb ff [ 65.950474][ T8477] RSP: 0018:ffffc900016cfc20 EFLAGS: 00010093 [ 65.956694][ T8477] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 65.964640][ T8477] RDX: ffff888024021c40 RSI: ffffffff81dfd9db RDI: 0000000000000003 [ 65.972599][ T8477] RBP: ffff88801771d91c R08: 0000000000000001 R09: 0000000000000001 [ 65.980560][ T8477] R10: ffffffff81dfd9c6 R11: 0000000000000000 R12: ffff88801771d8c0 [ 65.988663][ T8477] R13: 0000000000000000 R14: ffff88801771d8f0 R15: ffff888014bfe4a0 [ 65.996620][ T8477] ? io_poll_double_wake+0x4e6/0x760 [ 66.001896][ T8477] ? io_poll_double_wake+0x4fb/0x760 [ 66.007169][ T8477] __wake_up_common+0x147/0x650 [ 66.012004][ T8477] __wake_up_common_lock+0xd0/0x130 [ 66.017185][ T8477] ? __wake_up_common+0x650/0x650 [ 66.022201][ T8477] ? rwlock_bug.part.0+0x90/0x90 [ 66.027128][ T8477] ? _raw_spin_unlock_irq+0x1f/0x40 [ 66.032307][ T8477] pty_close+0x224/0x4f0 [ 66.036529][ T8477] ? ptmx_open+0x360/0x360 [ 66.040920][ T8477] tty_release+0x45e/0x1200 [ 66.045404][ T8477] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 66.051640][ T8477] __fput+0x288/0x920 [ 66.055605][ T8477] ? tty_release_struct+0xe0/0xe0 [ 66.060606][ T8477] task_work_run+0xdd/0x1a0 [ 66.065099][ T8477] exit_to_user_mode_prepare+0x27e/0x290 [ 66.070727][ T8477] syscall_exit_to_user_mode+0x19/0x60 [ 66.076168][ T8477] do_syscall_64+0x42/0xb0 [ 66.080586][ T8477] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 66.086460][ T8477] RIP: 0033:0x4075fb [ 66.090332][ T8477] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 03 fd ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 41 fd ff ff 8b 44 [ 66.109917][ T8477] RSP: 002b:00007ffe08f83710 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 66.118308][ T8477] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004075fb [ 66.126256][ T8477] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000004 [ 66.134201][ T8477] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000064 [ 66.142149][ T8477] R10: 00007ffe08f83770 R11: 0000000000000293 R12: 000000000000ffe7 [ 66.150096][ T8477] R13: 00000000004d12ac R14: 00007ffe08f83770 R15: 00000000004d12a0 [ 66.158065][ T8477] [ 66.158070][ T8477] ====================================================== [ 66.158075][ T8477] WARNING: possible circular locking dependency detected [ 66.158080][ T8477] 5.13.0-syzkaller #0 Not tainted [ 66.158084][ T8477] ------------------------------------------------------ [ 66.158089][ T8477] syz-executor232/8477 is trying to acquire lock: [ 66.158093][ T8477] ffffffff8b88a620 (console_owner){....}-{0:0}, at: console_unlock+0x2e6/0xc40 [ 66.158109][ T8477] [ 66.158112][ T8477] but task is already holding lock: [ 66.158116][ T8477] ffff8881443e5528 (&tty->write_wait){-.-.}-{2:2}, at: __wake_up_common_lock+0xb4/0x130 [ 66.158131][ T8477] [ 66.158134][ T8477] which lock already depends on the new lock. [ 66.158138][ T8477] [ 66.158140][ T8477] [ 66.158143][ T8477] the existing dependency chain (in reverse order) is: [ 66.158146][ T8477] [ 66.158148][ T8477] -> #2 (&tty->write_wait){-.-.}-{2:2}: [ 66.158162][ T8477] _raw_spin_lock_irqsave+0x39/0x50 [ 66.158166][ T8477] __wake_up_common_lock+0xb4/0x130 [ 66.158170][ T8477] tty_port_default_wakeup+0x26/0x40 [ 66.158174][ T8477] serial8250_tx_chars+0x4f3/0xad0 [ 66.158178][ T8477] serial8250_handle_irq.part.0+0x305/0x3a0 [ 66.158182][ T8477] serial8250_default_handle_irq+0xb2/0x220 [ 66.158186][ T8477] serial8250_interrupt+0xfd/0x200 [ 66.158190][ T8477] __handle_irq_event_percpu+0x303/0x8f0 [ 66.158194][ T8477] handle_irq_event+0x102/0x280 [ 66.158198][ T8477] handle_edge_irq+0x25f/0xd00 [ 66.158202][ T8477] __common_interrupt+0x9d/0x210 [ 66.158205][ T8477] common_interrupt+0x9f/0xd0 [ 66.158209][ T8477] asm_common_interrupt+0x1e/0x40 [ 66.158213][ T8477] _raw_spin_unlock_irqrestore+0x38/0x70 [ 66.158217][ T8477] uart_write+0x30d/0x570 [ 66.158220][ T8477] do_output_char+0x5de/0x850 [ 66.158224][ T8477] n_tty_write+0x4c3/0xfd0 [ 66.158228][ T8477] file_tty_write.constprop.0+0x526/0x910 [ 66.158232][ T8477] redirected_tty_write+0xa1/0xc0 [ 66.158236][ T8477] do_iter_readv_writev+0x46f/0x740 [ 66.158239][ T8477] do_iter_write+0x188/0x670 [ 66.158243][ T8477] vfs_writev+0x1aa/0x630 [ 66.158246][ T8477] do_writev+0x139/0x300 [ 66.158250][ T8477] do_syscall_64+0x35/0xb0 [ 66.158254][ T8477] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 66.158257][ T8477] [ 66.158259][ T8477] -> #1 (&port_lock_key){-.-.}-{2:2}: [ 66.158272][ T8477] _raw_spin_lock_irqsave+0x39/0x50 [ 66.158276][ T8477] serial8250_console_write+0x91a/0xb70 [ 66.158280][ T8477] console_unlock+0x859/0xc40 [ 66.158284][ T8477] vprintk_emit+0x1ca/0x560 [ 66.158287][ T8477] vprintk+0x8d/0x260 [ 66.158291][ T8477] printk+0xba/0xed [ 66.158294][ T8477] register_console+0x55f/0x780 [ 66.158298][ T8477] univ8250_console_init+0x3a/0x46 [ 66.158302][ T8477] console_init+0x3c1/0x58d [ 66.158306][ T8477] start_kernel+0x30b/0x49b [ 66.158309][ T8477] secondary_startup_64_no_verify+0xb0/0xbb [ 66.158313][ T8477] [ 66.158315][ T8477] -> #0 (console_owner){....}-{0:0}: [ 66.158328][ T8477] __lock_acquire+0x2a07/0x54a0 [ 66.158332][ T8477] lock_acquire+0x1ab/0x510 [ 66.158336][ T8477] console_unlock+0x359/0xc40 [ 66.158339][ T8477] vprintk_emit+0x1ca/0x560 [ 66.158343][ T8477] vprintk+0x8d/0x260 [ 66.158346][ T8477] printk+0xba/0xed [ 66.158349][ T8477] report_bug.cold+0x72/0xab [ 66.158353][ T8477] handle_bug+0x3c/0x60 [ 66.158356][ T8477] exc_invalid_op+0x14/0x40 [ 66.158360][ T8477] asm_exc_invalid_op+0x12/0x20 [ 66.158363][ T8477] io_poll_double_wake+0x4fb/0x760 [ 66.158367][ T8477] __wake_up_common+0x147/0x650 [ 66.158371][ T8477] __wake_up_common_lock+0xd0/0x130 [ 66.158375][ T8477] pty_close+0x224/0x4f0 [ 66.158378][ T8477] tty_release+0x45e/0x1200 [ 66.158382][ T8477] __fput+0x288/0x920 [ 66.158385][ T8477] task_work_run+0xdd/0x1a0 [ 66.158389][ T8477] exit_to_user_mode_prepare+0x27e/0x290 [ 66.158393][ T8477] syscall_exit_to_user_mode+0x19/0x60 [ 66.158397][ T8477] do_syscall_64+0x42/0xb0 [ 66.158400][ T8477] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 66.158404][ T8477] [ 66.158406][ T8477] other info that might help us debug this: [ 66.158410][ T8477] [ 66.158412][ T8477] Chain exists of: [ 66.158414][ T8477] console_owner --> &port_lock_key --> &tty->write_wait [ 66.158433][ T8477] [ 66.158435][ T8477] Possible unsafe locking scenario: [ 66.158438][ T8477] [ 66.158441][ T8477] CPU0 CPU1 [ 66.158444][ T8477] ---- ---- [ 66.158448][ T8477] lock(&tty->write_wait); [ 66.158456][ T8477] lock(&port_lock_key); [ 66.158465][ T8477] lock(&tty->write_wait); [ 66.158474][ T8477] lock(console_owner); [ 66.158482][ T8477] [ 66.158484][ T8477] *** DEADLOCK *** [ 66.158486][ T8477] [ 66.158489][ T8477] 3 locks held by syz-executor232/8477: [ 66.158492][ T8477] #0: ffff8881443e71c0 (&tty->legacy_mutex/1){+.+.}-{3:3}, at: tty_lock+0xbd/0x120 [ 66.158512][ T8477] #1: ffff8881443e5528 (&tty->write_wait){-.-.}-{2:2}, at: __wake_up_common_lock+0xb4/0x130 [ 66.158530][ T8477] #2: ffffffff8b96aa00 (console_lock){+.+.}-{0:0}, at: vprintk+0x8d/0x260 [ 66.158547][ T8477] [ 66.158549][ T8477] stack backtrace: [ 66.158553][ T8477] CPU: 0 PID: 8477 Comm: syz-executor232 Not tainted 5.13.0-syzkaller #0 [ 66.158559][ T8477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.158564][ T8477] Call Trace: [ 66.158567][ T8477] dump_stack_lvl+0xcd/0x134 [ 66.158571][ T8477] check_noncircular+0x25f/0x2e0 [ 66.158574][ T8477] ? stack_trace_consume_entry+0x160/0x160 [ 66.158578][ T8477] ? print_circular_bug+0x1e0/0x1e0 [ 66.158581][ T8477] ? memcpy+0x39/0x60 [ 66.158584][ T8477] ? lockdep_lock+0xc6/0x200 [ 66.158588][ T8477] ? call_rcu_zapped+0xb0/0xb0 [ 66.158591][ T8477] __lock_acquire+0x2a07/0x54a0 [ 66.158595][ T8477] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 66.158599][ T8477] lock_acquire+0x1ab/0x510 [ 66.158602][ T8477] ? console_unlock+0x2e6/0xc40 [ 66.158605][ T8477] ? lock_release+0x720/0x720 [ 66.158609][ T8477] ? lock_downgrade+0x6e0/0x6e0 [ 66.158612][ T8477] ? do_raw_spin_lock+0x120/0x2b0 [ 66.158615][ T8477] ? rwlock_bug.part.0+0x90/0x90 [ 66.158619][ T8477] console_unlock+0x359/0xc40 [ 66.158622][ T8477] ? console_unlock+0x2e6/0xc40 [ 66.158626][ T8477] ? devkmsg_read+0x7d0/0x7d0 [ 66.158629][ T8477] ? lock_release+0x720/0x720 [ 66.158632][ T8477] ? vprintk+0x8d/0x260 [ 66.158635][ T8477] vprintk_emit+0x1ca/0x560 [ 66.158638][ T8477] vprintk+0x8d/0x260 [ 66.158641][ T8477] printk+0xba/0xed [ 66.158644][ T8477] ? record_print_text.cold+0x16/0x16 [ 66.158648][ T8477] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 66.158652][ T8477] ? __lock_acquire+0x162f/0x54a0 [ 66.158656][ T8477] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 66.158659][ T8477] ? report_bug.cold+0x66/0xab [ 66.158663][ T8477] ? io_poll_double_wake+0x4fb/0x760 [ 66.158666][ T8477] report_bug.cold+0x72/0xab [ 66.158669][ T8477] handle_bug+0x3c/0x60 [ 66.158672][ T8477] exc_invalid_op+0x14/0x40 [ 66.158676][ T8477] asm_exc_invalid_op+0x12/0x20 [ 66.158679][ T8477] RIP: 0010:io_poll_double_wake+0x4fb/0x760 [ 66.158687][ T8477] Code: cb db ff f0 41 ff 4c 24 5c 0f 94 c3 31 ff 89 de e8 2a b5 95 ff 84 db b8 01 00 00 00 0f 84 6f fc ff ff 89 04 24 e8 d5 ae 95 ff <0f> 0b 8b 04 24 e9 5d fc ff ff e8 c6 ae 95 ff 4c 89 e5 e9 a1 fb ff [ 66.158696][ T8477] RSP: 0018:ffffc900016cfc20 EFLAGS: 00010093 [ 66.158703][ T8477] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 66.158708][ T8477] RDX: ffff888024021c40 RSI: ffffffff81dfd9db RDI: 0000000000000003 [ 66.158714][ T8477] RBP: ffff88801771d91c R08: 0000000000000001 R09: 0000000000000001 [ 66.158719][ T8477] R10: ffffffff81dfd9c6 R11: 0000000000000000 R12: ffff88801771d8c0 [ 66.158724][ T8477] R13: 0000000000000000 R14: ffff88801771d8f0 R15: ffff888014bfe4a0 [ 66.158729][ T8477] ? io_poll_double_wake+0x4e6/0x760 [ 66.158733][ T8477] ? io_poll_double_wake+0x4fb/0x760 [ 66.158736][ T8477] __wake_up_common+0x147/0x650 [ 66.158740][ T8477] __wake_up_common_lock+0xd0/0x130 [ 66.158743][ T8477] ? __wake_up_common+0x650/0x650 [ 66.158747][ T8477] ? rwlock_bug.part.0+0x90/0x90 [ 66.158751][ T8477] ? _raw_spin_unlock_irq+0x1f/0x40 [ 66.158754][ T8477] pty_close+0x224/0x4f0 [ 66.158757][ T8477] ? ptmx_open+0x360/0x360 [ 66.158760][ T8477] tty_release+0x45e/0x1200 [ 66.158764][ T8477] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 66.158768][ T8477] __fput+0x288/0x920 [ 66.158771][ T8477] ? tty_release_struct+0xe0/0xe0 [ 66.158774][ T8477] task_work_run+0xdd/0x1a0 [ 66.158778][ T8477] exit_to_user_mode_prepare+0x27e/0x290 [ 66.158781][ T8477] syscall_exit_to_user_mode+0x19/0x60 [ 66.158785][ T8477] do_syscall_64+0x42/0xb0 [ 66.158797][ T8477] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 66.158800][ T8477] RIP: 0033:0x4075fb [ 66.158807][ T8477] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 03 fd ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 41 fd ff ff 8b 44 [ 66.158816][ T8477] RSP: 002b:00007ffe08f83710 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 66.158825][ T8477] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004075fb [ 66.158830][ T8477] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000004 [ 66.158835][ T8477] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000064 [ 66.158840][ T8477] R10: 00007ffe08f83770 R11: 0000000000000293 R12: 000000000000ffe7 [ 66.158846][ T8477] R13: 00000000004d12ac R14: 00007ffe08f83770 R15: 00000000004d12a0 [ 66.160267][ T8477] Kernel Offset: disabled [ 67.101324][ T8477] Rebooting in 86400 seconds..