[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.16' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 57.374317][ T6881] general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] PREEMPT SMP KASAN [ 57.386065][ T6881] KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f] [ 57.394471][ T6881] CPU: 0 PID: 6881 Comm: syz-executor047 Not tainted 5.9.0-rc1-next-20200818-syzkaller #0 [ 57.404341][ T6881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.414416][ T6881] RIP: 0010:io_poll_double_wake+0x51/0x510 [ 57.420215][ T6881] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 9e 03 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 48 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 06 0f 8e 63 03 00 00 0f b6 6b 48 bf 06 00 00 [ 57.440345][ T6881] RSP: 0018:ffffc900056c7820 EFLAGS: 00010006 [ 57.446397][ T6881] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 57.454354][ T6881] RDX: 0000000000000009 RSI: ffffffff81d7793d RDI: 0000000000000048 [ 57.462463][ T6881] RBP: dffffc0000000000 R08: ffff88809bf5ff18 R09: ffff8880a27a7d1f [ 57.470425][ T6881] R10: 0000000000000001 R11: 0000000000006660 R12: 0000000000000000 [ 57.478385][ T6881] R13: ffff88809bf5ff18 R14: ffff88809bf5ff20 R15: 0000000000000000 [ 57.486339][ T6881] FS: 00007fcb73980700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 57.495257][ T6881] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.501823][ T6881] CR2: 00007fcb7395ee78 CR3: 00000000a6b66000 CR4: 00000000001506f0 [ 57.509795][ T6881] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.517762][ T6881] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.525718][ T6881] Call Trace: [ 57.528997][ T6881] ? lock_is_held_type+0xbb/0xf0 [ 57.533921][ T6881] ? rwlock_bug.part.0+0x90/0x90 [ 57.538845][ T6881] __wake_up_common+0x147/0x650 [ 57.543696][ T6881] __wake_up_common_lock+0xd0/0x130 [ 57.548878][ T6881] ? __wake_up_common+0x650/0x650 [ 57.553883][ T6881] ? lock_is_held_type+0xbb/0xf0 [ 57.558835][ T6881] ? ldsem_down_read_trylock+0x11b/0x180 [ 57.564458][ T6881] ? ldsem_down_read_trylock+0x121/0x180 [ 57.570088][ T6881] ? __init_ldsem+0x170/0x170 [ 57.574764][ T6881] n_tty_set_termios+0x73d/0x1010 [ 57.579776][ T6881] ? n_tty_receive_buf+0x40/0x40 [ 57.584699][ T6881] tty_set_termios+0x5eb/0x840 [ 57.589450][ T6881] ? tty_wait_until_sent+0x530/0x530 [ 57.594748][ T6881] ? lock_downgrade+0x830/0x830 [ 57.599707][ T6881] ? up_write+0x191/0x560 [ 57.604038][ T6881] ? zero_buffer.isra.0+0x60/0x60 [ 57.609079][ T6881] set_termios.part.0+0x2be/0x4d0 [ 57.614098][ T6881] ? set_termiox+0x2f0/0x2f0 [ 57.618673][ T6881] ? trace_hardirqs_on+0x5f/0x220 [ 57.623684][ T6881] ? __tty_check_change.part.0+0x2c9/0x3f0 [ 57.629494][ T6881] tty_mode_ioctl+0x899/0xb60 [ 57.634153][ T6881] ? get_termio+0x2d0/0x2d0 [ 57.638638][ T6881] ? __ldsem_down_read_nested+0xd2/0x880 [ 57.644252][ T6881] ? __ldsem_down_read_nested+0xe3/0x880 [ 57.649869][ T6881] ? trace_hardirqs_on+0x5f/0x220 [ 57.654898][ T6881] ? lockdep_hardirqs_on+0x76/0xf0 [ 57.659995][ T6881] ? __ldsem_wake_readers+0x3c0/0x3c0 [ 57.665347][ T6881] ? tomoyo_path_number_perm+0x244/0x4d0 [ 57.670962][ T6881] n_tty_ioctl_helper+0x55/0x3a0 [ 57.675881][ T6881] n_tty_ioctl+0x56/0x370 [ 57.680193][ T6881] tty_ioctl+0x10c5/0x15f0 [ 57.684595][ T6881] ? commit_echoes+0x210/0x210 [ 57.689337][ T6881] ? tty_fasync+0x390/0x390 [ 57.693821][ T6881] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 57.699694][ T6881] ? do_vfs_ioctl+0x27d/0x1090 [ 57.704453][ T6881] ? generic_block_fiemap+0x60/0x60 [ 57.709634][ T6881] ? build_open_flags+0x650/0x650 [ 57.714643][ T6881] ? __fget_files+0x294/0x400 [ 57.719305][ T6881] ? bpf_lsm_file_ioctl+0x5/0x10 [ 57.724222][ T6881] ? tty_fasync+0x390/0x390 [ 57.728715][ T6881] __x64_sys_ioctl+0x193/0x200 [ 57.733464][ T6881] do_syscall_64+0x2d/0x70 [ 57.737864][ T6881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.743735][ T6881] RIP: 0033:0x445c89 [ 57.747612][ T6881] Code: e8 fc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.767217][ T6881] RSP: 002b:00007fcb7397fda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.775614][ T6881] RAX: ffffffffffffffda RBX: 00000000006dac58 RCX: 0000000000445c89 [ 57.783569][ T6881] RDX: 0000000020000080 RSI: 0000000000005404 RDI: 0000000000000005 [ 57.791544][ T6881] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000 [ 57.799503][ T6881] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c [ 57.807462][ T6881] R13: 00007fffedb1707f R14: 00007fcb739809c0 R15: 20c49ba5e353f7cf [ 57.815436][ T6881] Modules linked in: [ 57.819329][ T6881] ---[ end trace ff58babb5f9c371f ]--- [ 57.824775][ T6881] RIP: 0010:io_poll_double_wake+0x51/0x510 [ 57.830568][ T6881] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 9e 03 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 48 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 06 0f 8e 63 03 00 00 0f b6 6b 48 bf 06 00 00 [ 57.850162][ T6881] RSP: 0018:ffffc900056c7820 EFLAGS: 00010006 [ 57.856248][ T6881] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 57.864206][ T6881] RDX: 0000000000000009 RSI: ffffffff81d7793d RDI: 0000000000000048 [ 57.872163][ T6881] RBP: dffffc0000000000 R08: ffff88809bf5ff18 R09: ffff8880a27a7d1f [ 57.880118][ T6881] R10: 0000000000000001 R11: 0000000000006660 R12: 0000000000000000 [ 57.888074][ T6881] R13: ffff88809bf5ff18 R14: ffff88809bf5ff20 R15: 0000000000000000 [ 57.896030][ T6881] FS: 00007fcb73980700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 57.904940][ T6881] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.911507][ T6881] CR2: 00007fcb7395ee78 CR3: 00000000a6b66000 CR4: 00000000001506f0 [ 57.919469][ T6881] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.927428][ T6881] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.935386][ T6881] Kernel panic - not syncing: Fatal exception [ 57.942674][ T6881] Kernel Offset: disabled [ 57.946999][ T6881] Rebooting in 86400 seconds..