./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1673033035 <...> Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. execve("./syz-executor1673033035", ["./syz-executor1673033035"], 0x7ffcf3cf6c20 /* 10 vars */) = 0 brk(NULL) = 0x555557353000 brk(0x555557353c40) = 0x555557353c40 arch_prctl(ARCH_SET_FS, 0x555557353300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555573535d0) = 4996 set_robust_list(0x5555573535e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f679bc5c300, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f679bc5c9d0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f679bc5c3a0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f679bc5c9d0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1673033035", 4096) = 28 brk(0x555557374c40) = 0x555557374c40 brk(0x555557375000) = 0x555557375000 mprotect(0x7f679bd1c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573535d0) = 4997 ./strace-static-x86_64: Process 4997 attached [pid 4997] set_robust_list(0x5555573535e0, 24) = 0 [pid 4997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4997] setpgid(0, 0) = 0 [pid 4997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4997] write(3, "1000", 4) = 4 [pid 4997] close(3) = 0 [pid 4997] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bc2c000 [pid 4997] mprotect(0x7f679bc2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4997] clone(child_stack=0x7f679bc4c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4998 attached , parent_tid=[4998], tls=0x7f679bc4c700, child_tidptr=0x7f679bc4c9d0) = 4998 [pid 4998] set_robust_list(0x7f679bc4c9e0, 24) = 0 [pid 4997] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR [pid 4997] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] <... openat resumed>) = 3 [pid 4998] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4998] futex(0x7f679bd224c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4997] <... futex resumed>) = 0 [pid 4997] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... futex resumed>) = 0 [pid 4997] <... futex resumed>) = 1 [pid 4998] ioctl(3, TIOCSETD, [21] [pid 4997] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] <... ioctl resumed>) = 0 [pid 4998] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4998] futex(0x7f679bd224c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4997] <... futex resumed>) = 0 [pid 4997] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... futex resumed>) = 0 [pid 4997] <... futex resumed>) = 1 [pid 4998] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 4997] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] futex(0x7f679bd224c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4997] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... futex resumed>) = 0 [pid 4997] <... futex resumed>) = 1 [pid 4998] ioctl(4, GSMIOC_SETCONF [pid 4997] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4997] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bc0b000 [pid 4997] mprotect(0x7f679bc0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4997] clone(child_stack=0x7f679bc2b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5004], tls=0x7f679bc2b700, child_tidptr=0x7f679bc2b9d0) = 5004 [pid 4997] futex(0x7f679bd224d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4997] futex(0x7f679bd224dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5004 attached [pid 5004] set_robust_list(0x7f679bc2b9e0, 24) = 0 [pid 5004] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 5 [pid 5004] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] <... futex resumed>) = 0 [pid 5004] <... futex resumed>) = 1 [pid 5004] ioctl(5, GSMIOC_SETCONF [pid 4997] futex(0x7f679bd224d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 syzkaller login: [ 70.772960][ T5004] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 70.808569][ T5004] CPU: 0 PID: 5004 Comm: syz-executor167 Not tainted 6.3.0-syzkaller-13164-g78b421b6a7c6 #0 [ 70.818712][ T5004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 70.828816][ T5004] Call Trace: [ 70.832144][ T5004] [ 70.835125][ T5004] dump_stack_lvl+0x1e7/0x2d0 [ 70.839888][ T5004] ? nf_tcp_handle_invalid+0x650/0x650 [ 70.845421][ T5004] ? panic+0x770/0x770 [ 70.849558][ T5004] sysfs_create_dir_ns+0x2ca/0x390 [ 70.854733][ T5004] ? sysfs_warn_dup+0xa0/0xa0 [ 70.859472][ T5004] kobject_add_internal+0x6df/0xd20 [ 70.864774][ T5004] kobject_add+0x152/0x210 [ 70.869248][ T5004] ? kobject_put+0x431/0x470 [ 70.873875][ T5004] ? kobject_init+0x1f0/0x1f0 [ 70.878592][ T5004] ? get_device_parent+0x25d/0x410 [ 70.883738][ T5004] ? device_add+0x32e/0xf60 [ 70.888284][ T5004] device_add+0x492/0xf60 [ 70.892663][ T5004] tty_register_device_attr+0x437/0x960 [ 70.898245][ T5004] ? tty_register_device+0x30/0x30 [ 70.903404][ T5004] ? gsm_dlci_alloc+0x354/0x6e0 [ 70.908322][ T5004] gsm_activate_mux+0xe9/0x290 [ 70.913125][ T5004] gsmld_ioctl+0x1746/0x2460 [ 70.917775][ T5004] ? gsmld_write+0x120/0x120 [ 70.922431][ T5004] ? __vt_event_wait+0x240/0x240 [ 70.927423][ T5004] ? tty_ldisc_ref_wait+0x25/0x70 [ 70.932492][ T5004] ? ldsem_down_read+0xb4/0xe0 [ 70.937288][ T5004] ? gsmld_write+0x120/0x120 [ 70.941945][ T5004] tty_ioctl+0x989/0xda0 [ 70.946232][ T5004] ? security_file_ioctl+0x81/0xa0 [ 70.951377][ T5004] ? tty_get_icount+0xb0/0xb0 [ 70.956081][ T5004] __se_sys_ioctl+0xf1/0x160 [ 70.960709][ T5004] do_syscall_64+0x41/0xc0 [ 70.965164][ T5004] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.971094][ T5004] RIP: 0033:0x7f679bc9ac79 [ 70.975539][ T5004] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 70.995205][ T5004] RSP: 002b:00007f679bc2b318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 71.003647][ T5004] RAX: ffffffffffffffda RBX: 00007f679bd224d8 RCX: 00007f679bc9ac79 [ 71.011647][ T5004] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [pid 4997] futex(0x7f679bd224dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4997] futex(0x7f679bd224ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bbea000 [pid 4997] mprotect(0x7f679bbeb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4997] clone(child_stack=0x7f679bc0a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5005], tls=0x7f679bc0a700, child_tidptr=0x7f679bc0a9d0) = 5005 [pid 4997] futex(0x7f679bd224e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4997] futex(0x7f679bd224ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] <... ioctl resumed>, 0x20000040) = 0 [pid 4998] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] futex(0x7f679bd224c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5005 attached [pid 5005] set_robust_list(0x7f679bc0a9e0, 24) = 0 [pid 5005] ioctl(5, GSMIOC_SETCONF, 0x20000040) = 0 [pid 5005] futex(0x7f679bd224ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] <... futex resumed>) = 0 [pid 5005] <... futex resumed>) = 1 [ 71.019645][ T5004] RBP: 00007f679bd224d0 R08: 0000000000000000 R09: 0000000000000000 [ 71.027640][ T5004] R10: 000000000000000e R11: 0000000000000246 R12: 00007f679bcf007c [ 71.035633][ T5004] R13: 00007ffc92a21c7f R14: 00007f679bc2b400 R15: 0000000000022000 [ 71.043658][ T5004] [pid 5005] futex(0x7f679bd224e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5004] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5004] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] exit_group(0 [pid 5005] <... futex resumed>) = ? [pid 4998] <... futex resumed>) = ? [pid 4997] <... exit_group resumed>) = ? [pid 5005] +++ exited with 0 +++ [pid 5004] <... futex resumed>) = ? [pid 4998] +++ exited with 0 +++ [ 71.189794][ T5004] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5004] +++ exited with 0 +++ [pid 4997] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4997, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573535d0) = 5008 ./strace-static-x86_64: Process 5008 attached [pid 5008] set_robust_list(0x5555573535e0, 24) = 0 [pid 5008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5008] setpgid(0, 0) = 0 [pid 5008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5008] write(3, "1000", 4) = 4 [pid 5008] close(3) = 0 [pid 5008] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bc2c000 [pid 5008] mprotect(0x7f679bc2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5008] clone(child_stack=0x7f679bc4c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5009], tls=0x7f679bc4c700, child_tidptr=0x7f679bc4c9d0) = 5009 [pid 5008] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5009 attached [pid 5009] set_robust_list(0x7f679bc4c9e0, 24) = 0 [pid 5009] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5009] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... futex resumed>) = 1 [pid 5009] ioctl(3, TIOCSETD, [21]) = 0 [pid 5009] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... futex resumed>) = 1 [pid 5009] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5009] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... futex resumed>) = 1 [pid 5009] ioctl(4, GSMIOC_SETCONF [pid 5008] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5008] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bc0b000 [pid 5008] mprotect(0x7f679bc0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5008] clone(child_stack=0x7f679bc2b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5010], tls=0x7f679bc2b700, child_tidptr=0x7f679bc2b9d0) = 5010 [pid 5008] futex(0x7f679bd224d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f679bd224dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5010 attached [pid 5010] set_robust_list(0x7f679bc2b9e0, 24) = 0 [pid 5010] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 5 [pid 5010] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7f679bd224d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f679bd224dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] <... futex resumed>) = 1 [ 71.459849][ T5010] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 71.474481][ T5010] CPU: 1 PID: 5010 Comm: syz-executor167 Not tainted 6.3.0-syzkaller-13164-g78b421b6a7c6 #0 [ 71.484615][ T5010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 71.494712][ T5010] Call Trace: [ 71.498031][ T5010] [ 71.501005][ T5010] dump_stack_lvl+0x1e7/0x2d0 [ 71.505747][ T5010] ? nf_tcp_handle_invalid+0x650/0x650 [ 71.511268][ T5010] ? panic+0x770/0x770 [ 71.515409][ T5010] sysfs_create_dir_ns+0x2ca/0x390 [ 71.520586][ T5010] ? sysfs_warn_dup+0xa0/0xa0 [ 71.525325][ T5010] kobject_add_internal+0x6df/0xd20 [ 71.530598][ T5010] kobject_add+0x152/0x210 [ 71.535073][ T5010] ? kobject_put+0x431/0x470 [ 71.539719][ T5010] ? kobject_init+0x1f0/0x1f0 [ 71.544465][ T5010] ? get_device_parent+0x25d/0x410 [ 71.549637][ T5010] ? device_add+0x32e/0xf60 [ 71.554205][ T5010] device_add+0x492/0xf60 [ 71.558606][ T5010] tty_register_device_attr+0x437/0x960 [ 71.564226][ T5010] ? tty_register_device+0x30/0x30 [ 71.569405][ T5010] ? gsm_dlci_alloc+0x354/0x6e0 [ 71.574324][ T5010] gsm_activate_mux+0xe9/0x290 [ 71.579150][ T5010] gsmld_ioctl+0x1746/0x2460 [ 71.583827][ T5010] ? gsmld_write+0x120/0x120 [ 71.588478][ T5010] ? __vt_event_wait+0x240/0x240 [ 71.593499][ T5010] ? tty_ldisc_ref_wait+0x25/0x70 [ 71.598571][ T5010] ? ldsem_down_read+0xb4/0xe0 [ 71.603353][ T5010] ? gsmld_write+0x120/0x120 [pid 5010] ioctl(5, GSMIOC_SETCONF [pid 5009] <... ioctl resumed>, 0x20000040) = 0 [pid 5009] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.607976][ T5010] tty_ioctl+0x989/0xda0 [ 71.612269][ T5010] ? security_file_ioctl+0x81/0xa0 [ 71.617522][ T5010] ? tty_get_icount+0xb0/0xb0 [ 71.622254][ T5010] __se_sys_ioctl+0xf1/0x160 [ 71.626917][ T5010] do_syscall_64+0x41/0xc0 [ 71.631398][ T5010] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 71.637356][ T5010] RIP: 0033:0x7f679bc9ac79 [ 71.641829][ T5010] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 71.661499][ T5010] RSP: 002b:00007f679bc2b318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 71.669976][ T5010] RAX: ffffffffffffffda RBX: 00007f679bd224d8 RCX: 00007f679bc9ac79 [ 71.678001][ T5010] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 71.686016][ T5010] RBP: 00007f679bd224d0 R08: 0000000000000000 R09: 0000000000000000 [ 71.694038][ T5010] R10: 000000000000000e R11: 0000000000000246 R12: 00007f679bcf007c [ 71.702052][ T5010] R13: 00007ffc92a21c7f R14: 00007f679bc2b400 R15: 0000000000022000 [pid 5009] futex(0x7f679bd224c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5008] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... futex resumed>) = 0 [pid 5008] <... futex resumed>) = 1 [pid 5009] ioctl(5, GSMIOC_SETCONF, 0x20000040) = 0 [pid 5009] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... futex resumed>) = 0 [pid 5009] futex(0x7f679bd224c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5010] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5010] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] exit_group(0 [pid 5010] futex(0x7f679bd224d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5009] <... futex resumed>) = ? [pid 5008] <... exit_group resumed>) = ? [pid 5009] +++ exited with 0 +++ [pid 5010] <... futex resumed>) = ? [ 71.710086][ T5010] [ 71.720219][ T5010] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5010] +++ exited with 0 +++ [pid 5008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5008, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573535d0) = 5011 ./strace-static-x86_64: Process 5011 attached [pid 5011] set_robust_list(0x5555573535e0, 24) = 0 [pid 5011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5011] setpgid(0, 0) = 0 [pid 5011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5011] write(3, "1000", 4) = 4 [pid 5011] close(3) = 0 [pid 5011] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bc2c000 [pid 5011] mprotect(0x7f679bc2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5011] clone(child_stack=0x7f679bc4c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5012], tls=0x7f679bc4c700, child_tidptr=0x7f679bc4c9d0) = 5012 [pid 5011] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5012 attached [pid 5012] set_robust_list(0x7f679bc4c9e0, 24) = 0 [pid 5012] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5012] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... futex resumed>) = 0 [pid 5011] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] <... futex resumed>) = 1 [pid 5012] ioctl(3, TIOCSETD, [21]) = 0 [pid 5012] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... futex resumed>) = 0 [pid 5011] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] <... futex resumed>) = 1 [pid 5012] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5012] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... futex resumed>) = 0 [pid 5011] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] <... futex resumed>) = 1 [pid 5012] ioctl(4, GSMIOC_SETCONF [pid 5011] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5011] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5011] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bc0b000 [pid 5011] mprotect(0x7f679bc0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5011] clone(child_stack=0x7f679bc2b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5013], tls=0x7f679bc2b700, child_tidptr=0x7f679bc2b9d0) = 5013 [pid 5011] futex(0x7f679bd224d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f679bd224dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5013 attached [pid 5013] set_robust_list(0x7f679bc2b9e0, 24) = 0 [pid 5013] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 5 [pid 5013] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... futex resumed>) = 0 [pid 5013] <... futex resumed>) = 1 [pid 5011] futex(0x7f679bd224d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f679bd224dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 71.989871][ T5013] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 72.013858][ T5013] CPU: 1 PID: 5013 Comm: syz-executor167 Not tainted 6.3.0-syzkaller-13164-g78b421b6a7c6 #0 [ 72.023992][ T5013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 72.034183][ T5013] Call Trace: [ 72.037501][ T5013] [ 72.040457][ T5013] dump_stack_lvl+0x1e7/0x2d0 [ 72.045182][ T5013] ? nf_tcp_handle_invalid+0x650/0x650 [ 72.050679][ T5013] ? panic+0x770/0x770 [ 72.054794][ T5013] sysfs_create_dir_ns+0x2ca/0x390 [ 72.059939][ T5013] ? sysfs_warn_dup+0xa0/0xa0 [ 72.064671][ T5013] kobject_add_internal+0x6df/0xd20 [ 72.069920][ T5013] kobject_add+0x152/0x210 [ 72.074374][ T5013] ? kobject_put+0x431/0x470 [ 72.078995][ T5013] ? kobject_init+0x1f0/0x1f0 [ 72.083709][ T5013] ? get_device_parent+0x25d/0x410 [ 72.088875][ T5013] ? device_add+0x32e/0xf60 [ 72.093427][ T5013] device_add+0x492/0xf60 [ 72.097820][ T5013] tty_register_device_attr+0x437/0x960 [ 72.103402][ T5013] ? tty_register_device+0x30/0x30 [ 72.108735][ T5013] ? gsm_dlci_alloc+0x354/0x6e0 [ 72.113625][ T5013] gsm_activate_mux+0xe9/0x290 [ 72.118440][ T5013] gsmld_ioctl+0x1746/0x2460 [ 72.123087][ T5013] ? gsmld_write+0x120/0x120 [ 72.127715][ T5013] ? __vt_event_wait+0x240/0x240 [ 72.132710][ T5013] ? tty_ldisc_ref_wait+0x25/0x70 [ 72.137775][ T5013] ? ldsem_down_read+0xb4/0xe0 [ 72.142571][ T5013] ? gsmld_write+0x120/0x120 [ 72.147233][ T5013] tty_ioctl+0x989/0xda0 [ 72.151509][ T5013] ? security_file_ioctl+0x81/0xa0 [ 72.156655][ T5013] ? tty_get_icount+0xb0/0xb0 [ 72.161479][ T5013] __se_sys_ioctl+0xf1/0x160 [ 72.166110][ T5013] do_syscall_64+0x41/0xc0 [ 72.170570][ T5013] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 72.176500][ T5013] RIP: 0033:0x7f679bc9ac79 [ 72.180942][ T5013] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 72.200663][ T5013] RSP: 002b:00007f679bc2b318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 72.209129][ T5013] RAX: ffffffffffffffda RBX: 00007f679bd224d8 RCX: 00007f679bc9ac79 [ 72.217125][ T5013] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 72.225148][ T5013] RBP: 00007f679bd224d0 R08: 0000000000000000 R09: 0000000000000000 [ 72.233151][ T5013] R10: 000000000000000e R11: 0000000000000246 R12: 00007f679bcf007c [pid 5013] ioctl(5, GSMIOC_SETCONF [pid 5011] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5011] futex(0x7f679bd224ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bbea000 [pid 5011] mprotect(0x7f679bbeb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5011] clone(child_stack=0x7f679bc0a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5014], tls=0x7f679bc0a700, child_tidptr=0x7f679bc0a9d0) = 5014 [pid 5011] futex(0x7f679bd224e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f679bd224ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5014 attached [pid 5014] set_robust_list(0x7f679bc0a9e0, 24 [pid 5012] <... ioctl resumed>, 0x20000040) = 0 [pid 5014] <... set_robust_list resumed>) = 0 [pid 5012] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] ioctl(5, GSMIOC_SETCONF [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7f679bd224c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5014] <... ioctl resumed>, 0x20000040) = 0 [pid 5014] futex(0x7f679bd224ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... futex resumed>) = 0 [ 72.241148][ T5013] R13: 00007ffc92a21c7f R14: 00007f679bc2b400 R15: 0000000000022000 [ 72.249161][ T5013] [pid 5014] <... futex resumed>) = 1 [pid 5014] futex(0x7f679bd224e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5013] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5013] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] exit_group(0) = ? [pid 5012] <... futex resumed>) = ? [pid 5014] <... futex resumed>) = ? [pid 5014] +++ exited with 0 +++ [pid 5012] +++ exited with 0 +++ [pid 5013] <... futex resumed>) = ? [ 72.299097][ T5013] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5013] +++ exited with 0 +++ [pid 5011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5011, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5015 attached [pid 5015] set_robust_list(0x5555573535e0, 24) = 0 [pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5015] setpgid(0, 0) = 0 [pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5015] write(3, "1000", 4) = 4 [pid 5015] close(3) = 0 [pid 5015] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bc2c000 [pid 5015] mprotect(0x7f679bc2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5015] clone(child_stack=0x7f679bc4c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5016], tls=0x7f679bc4c700, child_tidptr=0x7f679bc4c9d0) = 5016 [pid 5015] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4996] <... clone resumed>, child_tidptr=0x5555573535d0) = 5015 ./strace-static-x86_64: Process 5016 attached [pid 5016] set_robust_list(0x7f679bc4c9e0, 24) = 0 [pid 5016] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5016] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] ioctl(3, TIOCSETD, [21]) = 0 [pid 5016] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 5016] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] ioctl(4, GSMIOC_SETCONF [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5015] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bc0b000 [pid 5015] mprotect(0x7f679bc0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5015] clone(child_stack=0x7f679bc2b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5017], tls=0x7f679bc2b700, child_tidptr=0x7f679bc2b9d0) = 5017 [pid 5015] futex(0x7f679bd224d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7f679bd224dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5017 attached [pid 5017] set_robust_list(0x7f679bc2b9e0, 24) = 0 [pid 5017] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 5 [pid 5017] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7f679bd224d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] ioctl(5, GSMIOC_SETCONF [ 72.621668][ T5017] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 72.639450][ T5017] CPU: 1 PID: 5017 Comm: syz-executor167 Not tainted 6.3.0-syzkaller-13164-g78b421b6a7c6 #0 [ 72.649588][ T5017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 72.659687][ T5017] Call Trace: [ 72.663011][ T5017] [ 72.665991][ T5017] dump_stack_lvl+0x1e7/0x2d0 [ 72.670730][ T5017] ? nf_tcp_handle_invalid+0x650/0x650 [ 72.676242][ T5017] ? panic+0x770/0x770 [ 72.680353][ T5017] sysfs_create_dir_ns+0x2ca/0x390 [ 72.685490][ T5017] ? sysfs_warn_dup+0xa0/0xa0 [ 72.690207][ T5017] kobject_add_internal+0x6df/0xd20 [ 72.695448][ T5017] kobject_add+0x152/0x210 [ 72.699901][ T5017] ? kobject_put+0x431/0x470 [ 72.704551][ T5017] ? kobject_init+0x1f0/0x1f0 [ 72.709267][ T5017] ? get_device_parent+0x25d/0x410 [ 72.714411][ T5017] ? device_add+0x32e/0xf60 [ 72.718957][ T5017] device_add+0x492/0xf60 [ 72.723338][ T5017] tty_register_device_attr+0x437/0x960 [ 72.728922][ T5017] ? tty_register_device+0x30/0x30 [ 72.734079][ T5017] ? gsm_dlci_alloc+0x354/0x6e0 [ 72.738969][ T5017] gsm_activate_mux+0xe9/0x290 [ 72.743770][ T5017] gsmld_ioctl+0x1746/0x2460 [ 72.748412][ T5017] ? gsmld_write+0x120/0x120 [ 72.753038][ T5017] ? __vt_event_wait+0x240/0x240 [ 72.758018][ T5017] ? tty_ldisc_ref_wait+0x25/0x70 [ 72.763078][ T5017] ? ldsem_down_read+0xb4/0xe0 [ 72.767870][ T5017] ? gsmld_write+0x120/0x120 [ 72.772490][ T5017] tty_ioctl+0x989/0xda0 [ 72.776780][ T5017] ? security_file_ioctl+0x81/0xa0 [ 72.781923][ T5017] ? tty_get_icount+0xb0/0xb0 [ 72.786633][ T5017] __se_sys_ioctl+0xf1/0x160 [ 72.791268][ T5017] do_syscall_64+0x41/0xc0 [ 72.795720][ T5017] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 72.801645][ T5017] RIP: 0033:0x7f679bc9ac79 [ 72.806085][ T5017] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 72.825716][ T5017] RSP: 002b:00007f679bc2b318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 72.834173][ T5017] RAX: ffffffffffffffda RBX: 00007f679bd224d8 RCX: 00007f679bc9ac79 [ 72.842171][ T5017] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 72.850170][ T5017] RBP: 00007f679bd224d0 R08: 0000000000000000 R09: 0000000000000000 [ 72.858169][ T5017] R10: 000000000000000e R11: 0000000000000246 R12: 00007f679bcf007c [pid 5015] futex(0x7f679bd224dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] <... ioctl resumed>, 0x20000040) = 0 [pid 5015] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5016] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] <... futex resumed>) = 0 [pid 5015] <... futex resumed>) = 0 [pid 5016] ioctl(5, GSMIOC_SETCONF [pid 5015] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] <... ioctl resumed>, 0x20000040) = 0 [pid 5016] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5015] <... futex resumed>) = 0 [ 72.866170][ T5017] R13: 00007ffc92a21c7f R14: 00007f679bc2b400 R15: 0000000000022000 [ 72.874183][ T5017] [pid 5016] futex(0x7f679bd224c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5017] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5017] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] futex(0x7f679bd224d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5015] exit_group(0 [pid 5016] <... futex resumed>) = ? [pid 5015] <... exit_group resumed>) = ? [pid 5017] <... futex resumed>) = ? [pid 5016] +++ exited with 0 +++ [ 72.966730][ T5017] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5017] +++ exited with 0 +++ [pid 5015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5015, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573535d0) = 5018 ./strace-static-x86_64: Process 5018 attached [pid 5018] set_robust_list(0x5555573535e0, 24) = 0 [pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5018] setpgid(0, 0) = 0 [pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5018] write(3, "1000", 4) = 4 [pid 5018] close(3) = 0 [pid 5018] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bc2c000 [pid 5018] mprotect(0x7f679bc2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5018] clone(child_stack=0x7f679bc4c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5019], tls=0x7f679bc4c700, child_tidptr=0x7f679bc4c9d0) = 5019 [pid 5018] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5019 attached [pid 5019] set_robust_list(0x7f679bc4c9e0, 24) = 0 [pid 5019] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5019] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5019] ioctl(3, TIOCSETD, [21]) = 0 [pid 5019] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... futex resumed>) = 0 [pid 5019] <... futex resumed>) = 1 [pid 5018] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5019] <... openat resumed>) = 4 [pid 5019] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] ioctl(4, GSMIOC_SETCONF [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5018] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bc0b000 [pid 5018] mprotect(0x7f679bc0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5018] clone(child_stack=0x7f679bc2b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5020], tls=0x7f679bc2b700, child_tidptr=0x7f679bc2b9d0) = 5020 [pid 5018] futex(0x7f679bd224d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7f679bd224dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5020 attached [pid 5020] set_robust_list(0x7f679bc2b9e0, 24) = 0 [pid 5020] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 5 [pid 5020] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7f679bd224d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7f679bd224dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... futex resumed>) = 1 [ 73.261965][ T5020] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 73.272434][ T5020] CPU: 1 PID: 5020 Comm: syz-executor167 Not tainted 6.3.0-syzkaller-13164-g78b421b6a7c6 #0 [ 73.282598][ T5020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 73.292693][ T5020] Call Trace: [ 73.296013][ T5020] [ 73.298991][ T5020] dump_stack_lvl+0x1e7/0x2d0 [ 73.303736][ T5020] ? nf_tcp_handle_invalid+0x650/0x650 [ 73.309282][ T5020] ? panic+0x770/0x770 [ 73.313436][ T5020] sysfs_create_dir_ns+0x2ca/0x390 [ 73.318690][ T5020] ? sysfs_warn_dup+0xa0/0xa0 [ 73.323442][ T5020] kobject_add_internal+0x6df/0xd20 [ 73.328705][ T5020] kobject_add+0x152/0x210 [ 73.333182][ T5020] ? kobject_put+0x431/0x470 [ 73.337829][ T5020] ? kobject_init+0x1f0/0x1f0 [ 73.342575][ T5020] ? get_device_parent+0x25d/0x410 [ 73.347750][ T5020] ? device_add+0x32e/0xf60 [ 73.352316][ T5020] device_add+0x492/0xf60 [ 73.356726][ T5020] tty_register_device_attr+0x437/0x960 [ 73.362338][ T5020] ? tty_register_device+0x30/0x30 [ 73.367520][ T5020] ? gsm_dlci_alloc+0x354/0x6e0 [ 73.372440][ T5020] gsm_activate_mux+0xe9/0x290 [ 73.377308][ T5020] gsmld_ioctl+0x1746/0x2460 [ 73.381983][ T5020] ? gsmld_write+0x120/0x120 [ 73.386634][ T5020] ? __vt_event_wait+0x240/0x240 [ 73.391643][ T5020] ? tty_ldisc_ref_wait+0x25/0x70 [ 73.396726][ T5020] ? ldsem_down_read+0xb4/0xe0 [ 73.401542][ T5020] ? gsmld_write+0x120/0x120 [ 73.406541][ T5020] tty_ioctl+0x989/0xda0 [pid 5020] ioctl(5, GSMIOC_SETCONF [pid 5019] <... ioctl resumed>, 0x20000040) = 0 [pid 5019] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 73.410841][ T5020] ? security_file_ioctl+0x81/0xa0 [ 73.416012][ T5020] ? tty_get_icount+0xb0/0xb0 [ 73.420738][ T5020] __se_sys_ioctl+0xf1/0x160 [ 73.425392][ T5020] do_syscall_64+0x41/0xc0 [ 73.429883][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.435830][ T5020] RIP: 0033:0x7f679bc9ac79 [ 73.440304][ T5020] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 73.459959][ T5020] RSP: 002b:00007f679bc2b318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 73.468424][ T5020] RAX: ffffffffffffffda RBX: 00007f679bd224d8 RCX: 00007f679bc9ac79 [ 73.476452][ T5020] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 73.484477][ T5020] RBP: 00007f679bd224d0 R08: 0000000000000000 R09: 0000000000000000 [ 73.492497][ T5020] R10: 000000000000000e R11: 0000000000000246 R12: 00007f679bcf007c [ 73.500505][ T5020] R13: 00007ffc92a21c7f R14: 00007f679bc2b400 R15: 0000000000022000 [ 73.508517][ T5020] [pid 5019] futex(0x7f679bd224c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5020] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 5018] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5020] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5018] <... futex resumed>) = 1 [pid 5019] ioctl(5, GSMIOC_SETCONF, 0x20000040) = 0 [pid 5018] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5019] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5019] <... futex resumed>) = 0 [pid 5019] futex(0x7f679bd224c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] exit_group(0 [pid 5019] <... futex resumed>) = ? [pid 5018] <... exit_group resumed>) = ? [pid 5019] +++ exited with 0 +++ [pid 5020] <... futex resumed>) = ? [ 73.512294][ T5020] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5020] +++ exited with 0 +++ [pid 5018] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5018, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5021 attached , child_tidptr=0x5555573535d0) = 5021 [pid 5021] set_robust_list(0x5555573535e0, 24) = 0 [pid 5021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5021] setpgid(0, 0) = 0 [pid 5021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5021] write(3, "1000", 4) = 4 [pid 5021] close(3) = 0 [pid 5021] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bc2c000 [pid 5021] mprotect(0x7f679bc2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5021] clone(child_stack=0x7f679bc4c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5022 attached , parent_tid=[5022], tls=0x7f679bc4c700, child_tidptr=0x7f679bc4c9d0) = 5022 [pid 5022] set_robust_list(0x7f679bc4c9e0, 24) = 0 [pid 5021] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR [pid 5021] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] <... openat resumed>) = 3 [pid 5022] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5022] futex(0x7f679bd224c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5021] <... futex resumed>) = 0 [pid 5021] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5022] <... futex resumed>) = 0 [pid 5022] ioctl(3, TIOCSETD, [21] [pid 5021] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] <... ioctl resumed>) = 0 [pid 5022] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7f679bd224c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5021] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5021] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5022] <... futex resumed>) = 0 [pid 5022] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR [pid 5021] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] <... openat resumed>) = 4 [pid 5022] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5021] <... futex resumed>) = 0 [pid 5021] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] ioctl(4, GSMIOC_SETCONF [pid 5021] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5021] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5021] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5021] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bc0b000 [pid 5021] mprotect(0x7f679bc0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5021] clone(child_stack=0x7f679bc2b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5023], tls=0x7f679bc2b700, child_tidptr=0x7f679bc2b9d0) = 5023 [pid 5021] futex(0x7f679bd224d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7f679bd224dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5023 attached [pid 5023] set_robust_list(0x7f679bc2b9e0, 24) = 0 [pid 5023] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 5 [pid 5023] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5021] <... futex resumed>) = 0 [pid 5021] futex(0x7f679bd224d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7f679bd224dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 73.804550][ T5023] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 73.817676][ T5023] CPU: 1 PID: 5023 Comm: syz-executor167 Not tainted 6.3.0-syzkaller-13164-g78b421b6a7c6 #0 [ 73.827806][ T5023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 73.837914][ T5023] Call Trace: [ 73.841235][ T5023] [ 73.844206][ T5023] dump_stack_lvl+0x1e7/0x2d0 [ 73.848952][ T5023] ? nf_tcp_handle_invalid+0x650/0x650 [ 73.854481][ T5023] ? panic+0x770/0x770 [ 73.858626][ T5023] sysfs_create_dir_ns+0x2ca/0x390 [ 73.863796][ T5023] ? sysfs_warn_dup+0xa0/0xa0 [ 73.868532][ T5023] kobject_add_internal+0x6df/0xd20 [ 73.873805][ T5023] kobject_add+0x152/0x210 [ 73.878288][ T5023] ? kobject_put+0x431/0x470 [ 73.882942][ T5023] ? kobject_init+0x1f0/0x1f0 [ 73.887689][ T5023] ? get_device_parent+0x25d/0x410 [ 73.892858][ T5023] ? device_add+0x32e/0xf60 [ 73.897430][ T5023] device_add+0x492/0xf60 [ 73.901832][ T5023] tty_register_device_attr+0x437/0x960 [ 73.907455][ T5023] ? tty_register_device+0x30/0x30 [ 73.912631][ T5023] ? gsm_dlci_alloc+0x354/0x6e0 [ 73.917543][ T5023] gsm_activate_mux+0xe9/0x290 [ 73.922364][ T5023] gsmld_ioctl+0x1746/0x2460 [ 73.927047][ T5023] ? gsmld_write+0x120/0x120 [ 73.931701][ T5023] ? __vt_event_wait+0x240/0x240 [ 73.936712][ T5023] ? tty_ldisc_ref_wait+0x25/0x70 [ 73.941802][ T5023] ? ldsem_down_read+0xb4/0xe0 [ 73.946624][ T5023] ? gsmld_write+0x120/0x120 [ 73.951268][ T5023] tty_ioctl+0x989/0xda0 [ 73.955563][ T5023] ? security_file_ioctl+0x81/0xa0 [ 73.960736][ T5023] ? tty_get_icount+0xb0/0xb0 [ 73.965467][ T5023] __se_sys_ioctl+0xf1/0x160 [ 73.970124][ T5023] do_syscall_64+0x41/0xc0 [ 73.974612][ T5023] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.980605][ T5023] RIP: 0033:0x7f679bc9ac79 [ 73.985076][ T5023] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 74.004731][ T5023] RSP: 002b:00007f679bc2b318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 74.013202][ T5023] RAX: ffffffffffffffda RBX: 00007f679bd224d8 RCX: 00007f679bc9ac79 [ 74.021223][ T5023] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 74.029243][ T5023] RBP: 00007f679bd224d0 R08: 0000000000000000 R09: 0000000000000000 [ 74.037266][ T5023] R10: 000000000000000e R11: 0000000000000246 R12: 00007f679bcf007c [ 74.045284][ T5023] R13: 00007ffc92a21c7f R14: 00007f679bc2b400 R15: 0000000000022000 [pid 5023] ioctl(5, GSMIOC_SETCONF [pid 5022] <... ioctl resumed>, 0x20000040) = 0 [pid 5021] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5021] futex(0x7f679bd224ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bbea000 [pid 5021] mprotect(0x7f679bbeb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5021] clone(child_stack=0x7f679bc0a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5024], tls=0x7f679bc0a700, child_tidptr=0x7f679bc0a9d0) = 5024 [pid 5021] futex(0x7f679bd224e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7f679bd224ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5024 attached [pid 5024] set_robust_list(0x7f679bc0a9e0, 24) = 0 [pid 5024] ioctl(5, GSMIOC_SETCONF, 0x20000040) = 0 [pid 5024] futex(0x7f679bd224ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] <... futex resumed>) = 0 [pid 5024] <... futex resumed>) = 1 [pid 5024] futex(0x7f679bd224e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5021] exit_group(0 [pid 5024] <... futex resumed>) = ? [pid 5021] <... exit_group resumed>) = ? [pid 5024] +++ exited with 0 +++ [pid 5022] +++ exited with 0 +++ [pid 5023] <... ioctl resumed> ) = ? [ 74.053322][ T5023] [ 74.065902][ T5023] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 5023] +++ exited with 0 +++ [pid 5021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5021, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573535d0) = 5025 ./strace-static-x86_64: Process 5025 attached [pid 5025] set_robust_list(0x5555573535e0, 24) = 0 [pid 5025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5025] setpgid(0, 0) = 0 [pid 5025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5025] write(3, "1000", 4) = 4 [pid 5025] close(3) = 0 [pid 5025] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bc2c000 [pid 5025] mprotect(0x7f679bc2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5025] clone(child_stack=0x7f679bc4c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5026 attached , parent_tid=[5026], tls=0x7f679bc4c700, child_tidptr=0x7f679bc4c9d0) = 5026 [pid 5026] set_robust_list(0x7f679bc4c9e0, 24 [pid 5025] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... set_robust_list resumed>) = 0 [pid 5025] <... futex resumed>) = 0 [pid 5025] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 5026] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... futex resumed>) = 0 [pid 5025] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] <... futex resumed>) = 1 [pid 5025] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] ioctl(3, TIOCSETD, [21]) = 0 [pid 5026] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... futex resumed>) = 0 [pid 5026] <... futex resumed>) = 1 [pid 5025] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR [pid 5025] <... futex resumed>) = 0 [pid 5025] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] <... openat resumed>) = 4 [pid 5026] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] <... futex resumed>) = 0 [pid 5025] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] ioctl(4, GSMIOC_SETCONF [pid 5025] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5025] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f679bc0b000 [pid 5025] mprotect(0x7f679bc0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5025] clone(child_stack=0x7f679bc2b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5027], tls=0x7f679bc2b700, child_tidptr=0x7f679bc2b9d0) = 5027 [pid 5025] futex(0x7f679bd224d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f679bd224dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5027 attached [pid 5026] <... ioctl resumed>, 0x20000040) = 0 [pid 5027] set_robust_list(0x7f679bc2b9e0, 24 [pid 5026] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... set_robust_list resumed>) = 0 [pid 5026] <... futex resumed>) = 0 [pid 5027] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR [pid 5026] futex(0x7f679bd224c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5027] <... openat resumed>) = 5 [pid 5027] futex(0x7f679bd224dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... futex resumed>) = 0 [pid 5027] <... futex resumed>) = 1 [pid 5025] futex(0x7f679bd224c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] futex(0x7f679bd224d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5025] <... futex resumed>) = 1 [pid 5026] <... futex resumed>) = 0 [pid 5025] futex(0x7f679bd224cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] ioctl(5, GSMIOC_SETCONF [pid 5025] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5025] futex(0x7f679bd224d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5027] ioctl(5, GSMIOC_SETCONF [pid 5025] futex(0x7f679bd224dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 74.587767][ T5027] ================================================================== [ 74.595986][ T5027] BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x855/0x940 [ 74.603752][ T5027] Read of size 4 at addr ffff88814132700c by task syz-executor167/5027 [ 74.612031][ T5027] [ 74.614388][ T5027] CPU: 1 PID: 5027 Comm: syz-executor167 Not tainted 6.3.0-syzkaller-13164-g78b421b6a7c6 #0 [ 74.624491][ T5027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 74.634583][ T5027] Call Trace: [ 74.637893][ T5027] [ 74.640860][ T5027] dump_stack_lvl+0x1e7/0x2d0 [ 74.645603][ T5027] ? irq_work_queue+0xca/0x150 [ 74.650421][ T5027] ? nf_tcp_handle_invalid+0x650/0x650 [ 74.655936][ T5027] ? panic+0x770/0x770 [ 74.659151][ T4449] ODEBUG: Out of memory. ODEBUG disabled [ 74.660037][ T5027] ? _printk+0xd5/0x120 [ 74.669888][ T5027] print_report+0x163/0x540 [ 74.674438][ T5027] ? __virt_addr_valid+0x22f/0x2e0 [ 74.679608][ T5027] ? __phys_addr+0xba/0x170 [ 74.684172][ T5027] ? gsm_cleanup_mux+0x855/0x940 [ 74.689243][ T5027] kasan_report+0x176/0x1b0 [ 74.693795][ T5027] ? gsm_cleanup_mux+0x855/0x940 [ 74.698787][ T5027] gsm_cleanup_mux+0x855/0x940 [ 74.703606][ T5027] ? gsm_control_negotiation+0xf00/0xf00 [ 74.709302][ T5027] ? __x64_compat_sys_ioctl+0x90/0x90 [ 74.714726][ T5027] ? __might_fault+0xba/0x120 [ 74.719427][ T5027] gsmld_ioctl+0x1305/0x2460 [ 74.724051][ T5027] ? gsmld_write+0x120/0x120 [ 74.728675][ T5027] ? __vt_event_wait+0x240/0x240 [ 74.733676][ T5027] ? tty_ldisc_ref_wait+0x25/0x70 [ 74.738758][ T5027] ? ldsem_down_read+0xb4/0xe0 [ 74.743594][ T5027] ? gsmld_write+0x120/0x120 [ 74.748232][ T5027] tty_ioctl+0x989/0xda0 [ 74.752517][ T5027] ? security_file_ioctl+0x81/0xa0 [ 74.757678][ T5027] ? tty_get_icount+0xb0/0xb0 [ 74.762403][ T5027] __se_sys_ioctl+0xf1/0x160 [ 74.767057][ T5027] do_syscall_64+0x41/0xc0 [ 74.771529][ T5027] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 74.777474][ T5027] RIP: 0033:0x7f679bc9ac79 [ 74.781924][ T5027] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 74.801564][ T5027] RSP: 002b:00007f679bc2b318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 74.810019][ T5027] RAX: ffffffffffffffda RBX: 00007f679bd224d8 RCX: 00007f679bc9ac79 [ 74.818026][ T5027] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 74.826031][ T5027] RBP: 00007f679bd224d0 R08: 0000000000000000 R09: 0000000000000000 [ 74.834045][ T5027] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f679bcf007c [ 74.842059][ T5027] R13: 00007ffc92a21c7f R14: 00007f679bc2b400 R15: 0000000000022000 [ 74.850086][ T5027] [ 74.853136][ T5027] [ 74.855487][ T5027] Allocated by task 5026: [ 74.859841][ T5027] kasan_set_track+0x4f/0x70 [ 74.864471][ T5027] __kasan_kmalloc+0x98/0xb0 [ 74.869108][ T5027] gsm_dlci_alloc+0x56/0x6e0 [ 74.873741][ T5027] gsm_activate_mux+0x1c/0x290 [ 74.878543][ T5027] gsmld_ioctl+0x1746/0x2460 [ 74.883170][ T5027] tty_ioctl+0x989/0xda0 [ 74.887449][ T5027] __se_sys_ioctl+0xf1/0x160 [ 74.892085][ T5027] do_syscall_64+0x41/0xc0 [ 74.896544][ T5027] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 74.902477][ T5027] [ 74.904833][ T5027] Freed by task 5026: [ 74.908839][ T5027] kasan_set_track+0x4f/0x70 [ 74.913467][ T5027] kasan_save_free_info+0x2b/0x40 [ 74.918540][ T5027] ____kasan_slab_free+0xd6/0x120 [ 74.923607][ T5027] __kmem_cache_free+0x264/0x3c0 [ 74.928584][ T5027] gsm_cleanup_mux+0x5af/0x940 [ 74.933387][ T5027] gsmld_ioctl+0x1305/0x2460 [ 74.938017][ T5027] tty_ioctl+0x989/0xda0 [ 74.942303][ T5027] __se_sys_ioctl+0xf1/0x160 [ 74.946937][ T5027] do_syscall_64+0x41/0xc0 [ 74.951402][ T5027] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 74.957336][ T5027] [ 74.959691][ T5027] The buggy address belongs to the object at ffff888141327000 [ 74.959691][ T5027] which belongs to the cache kmalloc-2k of size 2048 [ 74.973782][ T5027] The buggy address is located 12 bytes inside of [ 74.973782][ T5027] freed 2048-byte region [ffff888141327000, ffff888141327800) [ 74.987623][ T5027] [ 74.989985][ T5027] The buggy address belongs to the physical page: [ 74.996431][ T5027] page:ffffea000504c800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x141320 [ 75.006709][ T5027] head:ffffea000504c800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 75.015705][ T5027] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff) [ 75.023812][ T5027] page_type: 0xffffffff() [ 75.028191][ T5027] raw: 057ff00000010200 ffff888012442000 ffffea0005002800 dead000000000002 [pid 5026] <... ioctl resumed>, 0x20000040) = 0 [pid 5026] futex(0x7f679bd224cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 75.036821][ T5027] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 75.045432][ T5027] page dumped because: kasan: bad access detected [ 75.051873][ T5027] page_owner tracks the page as allocated [ 75.057624][ T5027] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 8581455090, free_ts 0 [ 75.077279][ T5027] post_alloc_hook+0x1e6/0x210 [ 75.082071][ T5027] get_page_from_freelist+0x321c/0x33a0 [ 75.087690][ T5027] __alloc_pages+0x255/0x670 [ 75.092305][ T5027] alloc_page_interleave+0x22/0x1d0 [ 75.097604][ T5027] alloc_slab_page+0x6a/0x160 [ 75.102295][ T5027] new_slab+0x84/0x2f0 [ 75.106377][ T5027] ___slab_alloc+0xa85/0x10a0 [ 75.111064][ T5027] __kmem_cache_alloc_node+0x1b8/0x290 [ 75.116536][ T5027] kmalloc_node_trace+0x27/0xe0 [ 75.121408][ T5027] __alloc_disk_node+0x60/0x590 [ 75.126283][ T5027] __blk_mq_alloc_disk+0xf5/0x190 [ 75.131322][ T5027] nbd_dev_add+0x37e/0xaa0 [ 75.135753][ T5027] nbd_init+0x21d/0x2d0 [ 75.139933][ T5027] do_one_initcall+0x23d/0x7d0 [ 75.144735][ T5027] do_initcall_level+0x157/0x210 [ 75.149783][ T5027] do_initcalls+0x3f/0x80 [ 75.154157][ T5027] page_owner free stack trace missing [ 75.159533][ T5027] [ 75.161857][ T5027] Memory state around the buggy address: [ 75.167492][ T5027] ffff888141326f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.175580][ T5027] ffff888141326f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [pid 5026] futex(0x7f679bd224c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5025] exit_group(0 [pid 5026] <... futex resumed>) = ? [pid 5025] <... exit_group resumed>) = ? [pid 5026] +++ exited with 0 +++ [ 75.183669][ T5027] >ffff888141327000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.191746][ T5027] ^ [ 75.196080][ T5027] ffff888141327080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.204170][ T5027] ffff888141327100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.212236][ T5027] ================================================================== [ 75.221283][ T5027] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 75.228523][ T5027] CPU: 1 PID: 5027 Comm: syz-executor167 Not tainted 6.3.0-syzkaller-13164-g78b421b6a7c6 #0 [ 75.238703][ T5027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 75.248770][ T5027] Call Trace: [ 75.252060][ T5027] [ 75.255009][ T5027] dump_stack_lvl+0x1e7/0x2d0 [ 75.259717][ T5027] ? nf_tcp_handle_invalid+0x650/0x650 [ 75.265239][ T5027] ? panic+0x770/0x770 [ 75.269326][ T5027] ? preempt_schedule_common+0x83/0xc0 [ 75.274837][ T5027] ? vscnprintf+0x5d/0x80 [ 75.279192][ T5027] panic+0x30f/0x770 [ 75.283118][ T5027] ? check_panic_on_warn+0x21/0xa0 [ 75.288272][ T5027] ? __memcpy_flushcache+0x2b0/0x2b0 [ 75.293596][ T5027] ? _raw_spin_unlock_irqrestore+0x12c/0x140 [ 75.299592][ T5027] ? _raw_spin_unlock+0x40/0x40 [ 75.304465][ T5027] ? print_report+0x4fb/0x540 [ 75.309183][ T5027] check_panic_on_warn+0x82/0xa0 [ 75.314229][ T5027] ? gsm_cleanup_mux+0x855/0x940 [ 75.319198][ T5027] end_report+0x63/0x110 [ 75.323490][ T5027] kasan_report+0x183/0x1b0 [ 75.328030][ T5027] ? gsm_cleanup_mux+0x855/0x940 [ 75.332989][ T5027] gsm_cleanup_mux+0x855/0x940 [ 75.337785][ T5027] ? gsm_control_negotiation+0xf00/0xf00 [ 75.343456][ T5027] ? __x64_compat_sys_ioctl+0x90/0x90 [ 75.348854][ T5027] ? __might_fault+0xba/0x120 [ 75.353582][ T5027] gsmld_ioctl+0x1305/0x2460 [ 75.358223][ T5027] ? gsmld_write+0x120/0x120 [ 75.362854][ T5027] ? __vt_event_wait+0x240/0x240 [ 75.367860][ T5027] ? tty_ldisc_ref_wait+0x25/0x70 [ 75.372906][ T5027] ? ldsem_down_read+0xb4/0xe0 [ 75.377687][ T5027] ? gsmld_write+0x120/0x120 [ 75.382295][ T5027] tty_ioctl+0x989/0xda0 [ 75.386558][ T5027] ? security_file_ioctl+0x81/0xa0 [ 75.391689][ T5027] ? tty_get_icount+0xb0/0xb0 [ 75.396388][ T5027] __se_sys_ioctl+0xf1/0x160 [ 75.401030][ T5027] do_syscall_64+0x41/0xc0 [ 75.405474][ T5027] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.411401][ T5027] RIP: 0033:0x7f679bc9ac79 [ 75.415858][ T5027] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 75.435496][ T5027] RSP: 002b:00007f679bc2b318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.443922][ T5027] RAX: ffffffffffffffda RBX: 00007f679bd224d8 RCX: 00007f679bc9ac79 [ 75.451926][ T5027] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 75.459959][ T5027] RBP: 00007f679bd224d0 R08: 0000000000000000 R09: 0000000000000000 [ 75.467954][ T5027] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f679bcf007c [ 75.475952][ T5027] R13: 00007ffc92a21c7f R14: 00007f679bc2b400 R15: 0000000000022000 [ 75.483943][ T5027] [ 75.487309][ T5027] Kernel Offset: disabled [ 75.491684][ T5027] Rebooting in 86400 seconds..