[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.0' (ECDSA) to the list of known hosts. syzkaller login: [ 75.050427][ T8497] IPVS: ftp: loaded support on port[0] = 21 [ 75.154305][ T8497] chnl_net:caif_netlink_parms(): no params data found [ 75.211684][ T8497] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.219584][ T8497] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.229308][ T8497] device bridge_slave_0 entered promiscuous mode [ 75.239153][ T8497] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.246640][ T8497] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.254525][ T8497] device bridge_slave_1 entered promiscuous mode [ 75.276338][ T8497] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.287357][ T8497] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.311291][ T8497] team0: Port device team_slave_0 added [ 75.319337][ T8497] team0: Port device team_slave_1 added [ 75.338977][ T8497] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.346021][ T8497] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.373759][ T8497] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.386879][ T8497] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.394936][ T8497] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.421568][ T8497] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.451241][ T8497] device hsr_slave_0 entered promiscuous mode [ 75.458225][ T8497] device hsr_slave_1 entered promiscuous mode [ 75.573937][ T8497] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.585412][ T8497] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.598727][ T8497] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.610633][ T8497] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.640353][ T8497] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.650224][ T8497] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.659305][ T8497] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.667425][ T8497] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.720359][ T8497] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.737416][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 75.748504][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.758408][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.766974][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 75.782087][ T8497] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.803929][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.813611][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.820702][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.828763][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.839277][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.846449][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.873153][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.882707][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.891973][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 75.900183][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.910571][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.921615][ T8497] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.937717][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 75.947929][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 75.962051][ T8497] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.984202][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.005075][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.014374][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.023195][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.035264][ T8497] device veth0_vlan entered promiscuous mode [ 76.050417][ T8497] device veth1_vlan entered promiscuous mode [ 76.074299][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 76.083075][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 76.091184][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.105692][ T8497] device veth0_macvtap entered promiscuous mode [ 76.116226][ T8497] device veth1_macvtap entered promiscuous mode [ 76.134345][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.146185][ T8497] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.154755][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.165327][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.178164][ T8497] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.186259][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.195527][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.209125][ T8497] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.226091][ T8497] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 76.236123][ T8497] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.247480][ T8497] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.297953][ T8497] [ 76.300314][ T8497] ======================================================== [ 76.308001][ T8497] WARNING: possible irq lock inversion dependency detected [ 76.315427][ T8497] 5.10.0-syzkaller #0 Not tainted [ 76.320452][ T8497] -------------------------------------------------------- [ 76.327637][ T8497] syz-executor056/8497 just changed the state of lock: [ 76.334893][ T8497] ffff8880155b50c0 (&new->fa_lock){.+..}-{2:2}, at: kill_fasync+0x1a1/0x4c0 [ 76.344119][ T8497] but this lock was taken by another, HARDIRQ-safe lock in the past: [ 76.353449][ T8497] (&dev->event_lock){-.-.}-{2:2} [ 76.353472][ T8497] [ 76.353472][ T8497] [ 76.353472][ T8497] and interrupts could create inverse lock ordering between them. [ 76.353472][ T8497] [ 76.374234][ T8497] [ 76.374234][ T8497] other info that might help us debug this: [ 76.382687][ T8497] Chain exists of: [ 76.382687][ T8497] &dev->event_lock --> &client->buffer_lock --> &new->fa_lock [ 76.382687][ T8497] [ 76.397466][ T8497] Possible interrupt unsafe locking scenario: [ 76.397466][ T8497] [ 76.407526][ T8497] CPU0 CPU1 [ 76.414288][ T8497] ---- ---- [ 76.419672][ T8497] lock(&new->fa_lock); [ 76.424173][ T8497] local_irq_disable(); [ 76.430930][ T8497] lock(&dev->event_lock); [ 76.437958][ T8497] lock(&client->buffer_lock); [ 76.445687][ T8497] [ 76.449763][ T8497] lock(&dev->event_lock); [ 76.454449][ T8497] [ 76.454449][ T8497] *** DEADLOCK *** [ 76.454449][ T8497] [ 76.462956][ T8497] 3 locks held by syz-executor056/8497: [ 76.468496][ T8497] #0: ffffffff8b793de0 (rcu_read_lock){....}-{1:2}, at: sock_def_error_report+0x0/0x580 [ 76.478782][ T8497] #1: ffffffff8b793de0 (rcu_read_lock){....}-{1:2}, at: sock_def_error_report+0x225/0x580 [ 76.488880][ T8497] #2: ffffffff8b793de0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x3d/0x4c0 [ 76.498429][ T8497] [ 76.498429][ T8497] the shortest dependencies between 2nd lock and 1st lock: [ 76.508499][ T8497] -> (&dev->event_lock){-.-.}-{2:2} { [ 76.514835][ T8497] IN-HARDIRQ-W at: [ 76.519550][ T8497] lock_acquire+0x29d/0x750 [ 76.526063][ T8497] _raw_spin_lock_irqsave+0x39/0x50 [ 76.533271][ T8497] input_event+0x7b/0xb0 [ 76.539766][ T8497] psmouse_report_standard_buttons+0x2c/0x80 [ 76.548052][ T8497] psmouse_process_byte+0x1df/0x8a0 [ 76.555946][ T8497] psmouse_handle_byte+0x41/0x1b0 [ 76.563512][ T8497] psmouse_interrupt+0x301/0xf40 [ 76.572100][ T8497] serio_interrupt+0x88/0x150 [ 76.579889][ T8497] i8042_interrupt+0x3ba/0x710 [ 76.586861][ T8497] __handle_irq_event_percpu+0x303/0x950 [ 76.595111][ T8497] handle_irq_event_percpu+0x76/0x170 [ 76.603399][ T8497] handle_irq_event+0xa1/0x130 [ 76.610254][ T8497] handle_edge_irq+0x25f/0xd00 [ 76.618558][ T8497] common_interrupt+0xa5/0x220 [ 76.625433][ T8497] asm_common_interrupt+0x1e/0x40 [ 76.632735][ T8497] _raw_spin_unlock_irqrestore+0x25/0x50 [ 76.641113][ T8497] debug_check_no_obj_freed+0x20c/0x430 [ 76.648766][ T8497] slab_free_freelist_hook+0x107/0x150 [ 76.656948][ T8497] kmem_cache_free+0x82/0x360 [ 76.664570][ T8497] __put_task_struct+0x267/0x3f0 [ 76.671820][ T8497] delayed_put_task_struct+0x1f6/0x350 [ 76.681238][ T8497] rcu_core+0x75d/0xf80 [ 76.687798][ T8497] __do_softirq+0x2bc/0xa77 [ 76.694410][ T8497] asm_call_irq_on_stack+0xf/0x20 [ 76.702863][ T8497] do_softirq_own_stack+0xaa/0xd0 [ 76.710964][ T8497] __irq_exit_rcu+0x17f/0x200 [ 76.717642][ T8497] irq_exit_rcu+0x5/0x20 [ 76.724015][ T8497] sysvec_apic_timer_interrupt+0x4d/0x100 [ 76.732342][ T8497] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 76.740791][ T8497] console_unlock+0x807/0xc00 [ 76.747666][ T8497] vprintk_emit+0x198/0x400 [ 76.754394][ T8497] vprintk_func+0x8d/0x1e0 [ 76.761289][ T8497] printk+0xba/0xed [ 76.767292][ T8497] usb_register_driver.cold+0x5a/0x69 [ 76.774661][ T8497] do_one_initcall+0x103/0x690 [ 76.781428][ T8497] kernel_init_freeable+0x600/0x684 [ 76.788993][ T8497] kernel_init+0xe/0x1e0 [ 76.795326][ T8497] ret_from_fork+0x1f/0x30 [ 76.801759][ T8497] IN-SOFTIRQ-W at: [ 76.805927][ T8497] lock_acquire+0x29d/0x750 [ 76.812423][ T8497] _raw_spin_lock_irqsave+0x39/0x50 [ 76.819724][ T8497] input_event+0x7b/0xb0 [ 76.825961][ T8497] psmouse_report_standard_buttons+0x2c/0x80 [ 76.833935][ T8497] psmouse_process_byte+0x1df/0x8a0 [ 76.841137][ T8497] psmouse_handle_byte+0x41/0x1b0 [ 76.848175][ T8497] psmouse_interrupt+0x301/0xf40 [ 76.855135][ T8497] serio_interrupt+0x88/0x150 [ 76.862019][ T8497] i8042_interrupt+0x3ba/0x710 [ 76.868886][ T8497] __handle_irq_event_percpu+0x303/0x950 [ 76.876520][ T8497] handle_irq_event_percpu+0x76/0x170 [ 76.884141][ T8497] handle_irq_event+0xa1/0x130 [ 76.891105][ T8497] handle_edge_irq+0x25f/0xd00 [ 76.897885][ T8497] common_interrupt+0xa5/0x220 [ 76.904647][ T8497] asm_common_interrupt+0x1e/0x40 [ 76.911666][ T8497] _raw_spin_unlock_irqrestore+0x25/0x50 [ 76.919312][ T8497] debug_check_no_obj_freed+0x20c/0x430 [ 76.927167][ T8497] slab_free_freelist_hook+0x107/0x150 [ 76.934750][ T8497] kmem_cache_free+0x82/0x360 [ 76.941422][ T8497] __put_task_struct+0x267/0x3f0 [ 76.948391][ T8497] delayed_put_task_struct+0x1f6/0x350 [ 76.955856][ T8497] rcu_core+0x75d/0xf80 [ 76.962054][ T8497] __do_softirq+0x2bc/0xa77 [ 76.968560][ T8497] asm_call_irq_on_stack+0xf/0x20 [ 76.975613][ T8497] do_softirq_own_stack+0xaa/0xd0 [ 76.982736][ T8497] __irq_exit_rcu+0x17f/0x200 [ 76.990465][ T8497] irq_exit_rcu+0x5/0x20 [ 76.996888][ T8497] sysvec_apic_timer_interrupt+0x4d/0x100 [ 77.004787][ T8497] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 77.012824][ T8497] console_unlock+0x807/0xc00 [ 77.019548][ T8497] vprintk_emit+0x198/0x400 [ 77.026073][ T8497] vprintk_func+0x8d/0x1e0 [ 77.032901][ T8497] printk+0xba/0xed [ 77.039386][ T8497] usb_register_driver.cold+0x5a/0x69 [ 77.047015][ T8497] do_one_initcall+0x103/0x690 [ 77.053876][ T8497] kernel_init_freeable+0x600/0x684 [ 77.061250][ T8497] kernel_init+0xe/0x1e0 [ 77.068862][ T8497] ret_from_fork+0x1f/0x30 [ 77.075733][ T8497] INITIAL USE at: [ 77.080156][ T8497] lock_acquire+0x29d/0x750 [ 77.086581][ T8497] _raw_spin_lock_irqsave+0x39/0x50 [ 77.093700][ T8497] input_inject_event+0xa6/0x390 [ 77.100566][ T8497] led_set_brightness_nosleep+0xe6/0x1a0 [ 77.108559][ T8497] led_set_brightness+0x134/0x170 [ 77.115866][ T8497] led_trigger_event+0x70/0xd0 [ 77.122556][ T8497] kbd_led_trigger_activate+0xfa/0x130 [ 77.130020][ T8497] led_trigger_set+0x61e/0xbd0 [ 77.137796][ T8497] led_trigger_set_default+0x1a6/0x230 [ 77.145174][ T8497] led_classdev_register_ext+0x5d6/0x7f0 [ 77.152722][ T8497] input_leds_connect+0x3fb/0x740 [ 77.160171][ T8497] input_attach_handler+0x180/0x1f0 [ 77.167276][ T8497] input_register_device.cold+0x10a/0x35f [ 77.174925][ T8497] atkbd_connect+0x83b/0xb50 [ 77.181435][ T8497] serio_driver_probe+0x72/0xa0 [ 77.188689][ T8497] really_probe+0x2b1/0xe40 [ 77.195126][ T8497] driver_probe_device+0x285/0x3f0 [ 77.202186][ T8497] device_driver_attach+0x27d/0x2f0 [ 77.209817][ T8497] __driver_attach+0x15b/0x2f0 [ 77.216520][ T8497] bus_for_each_dev+0x147/0x1d0 [ 77.223400][ T8497] serio_handle_event+0x5f6/0xa30 [ 77.230379][ T8497] process_one_work+0x98d/0x1630 [ 77.237220][ T8497] worker_thread+0x64c/0x1120 [ 77.243914][ T8497] kthread+0x3b1/0x4a0 [ 77.249887][ T8497] ret_from_fork+0x1f/0x30 [ 77.256213][ T8497] } [ 77.258960][ T8497] ... key at: [] __key.8+0x0/0x40 [ 77.266260][ T8497] ... acquired at: [ 77.270254][ T8497] _raw_spin_lock+0x2a/0x40 [ 77.274937][ T8497] evdev_pass_values.part.0+0xf6/0x970 [ 77.280690][ T8497] evdev_events+0x328/0x490 [ 77.285369][ T8497] input_to_handler+0x2a0/0x4c0 [ 77.290426][ T8497] input_pass_values.part.0+0x2e4/0x760 [ 77.296152][ T8497] input_handle_event+0x39b/0x1470 [ 77.301443][ T8497] input_inject_event+0x36a/0x390 [ 77.306852][ T8497] evdev_write+0x463/0x780 [ 77.311445][ T8497] vfs_write+0x28e/0xa80 [ 77.315914][ T8497] ksys_write+0x1ee/0x250 [ 77.320418][ T8497] do_syscall_64+0x2d/0x70 [ 77.325107][ T8497] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.331619][ T8497] [ 77.333931][ T8497] -> (&client->buffer_lock){....}-{2:2} { [ 77.339740][ T8497] INITIAL USE at: [ 77.343806][ T8497] lock_acquire+0x29d/0x750 [ 77.350053][ T8497] _raw_spin_lock+0x2a/0x40 [ 77.356310][ T8497] evdev_pass_values.part.0+0xf6/0x970 [ 77.363592][ T8497] evdev_events+0x328/0x490 [ 77.369848][ T8497] input_to_handler+0x2a0/0x4c0 [ 77.376492][ T8497] input_pass_values.part.0+0x2e4/0x760 [ 77.383793][ T8497] input_handle_event+0x39b/0x1470 [ 77.390647][ T8497] input_inject_event+0x36a/0x390 [ 77.397403][ T8497] evdev_write+0x463/0x780 [ 77.403566][ T8497] vfs_write+0x28e/0xa80 [ 77.409652][ T8497] ksys_write+0x1ee/0x250 [ 77.415752][ T8497] do_syscall_64+0x2d/0x70 [ 77.421939][ T8497] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.431809][ T8497] } [ 77.434575][ T8497] ... key at: [] __key.4+0x0/0x40 [ 77.442456][ T8497] ... acquired at: [ 77.446388][ T8497] _raw_read_lock+0x5b/0x70 [ 77.451280][ T8497] kill_fasync+0x1a1/0x4c0 [ 77.455905][ T8497] evdev_pass_values.part.0+0x64e/0x970 [ 77.461687][ T8497] evdev_events+0x328/0x490 [ 77.466387][ T8497] input_to_handler+0x2a0/0x4c0 [ 77.472325][ T8497] input_pass_values.part.0+0x2e4/0x760 [ 77.478173][ T8497] input_handle_event+0x39b/0x1470 [ 77.483475][ T8497] input_inject_event+0x36a/0x390 [ 77.488694][ T8497] evdev_write+0x463/0x780 [ 77.493344][ T8497] vfs_write+0x28e/0xa80 [ 77.497805][ T8497] ksys_write+0x1ee/0x250 [ 77.502623][ T8497] do_syscall_64+0x2d/0x70 [ 77.507298][ T8497] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.513462][ T8497] [ 77.515783][ T8497] -> (&new->fa_lock){.+..}-{2:2} { [ 77.520965][ T8497] HARDIRQ-ON-R at: [ 77.525037][ T8497] lock_acquire+0x29d/0x750 [ 77.531410][ T8497] _raw_read_lock+0x5b/0x70 [ 77.537684][ T8497] kill_fasync+0x1a1/0x4c0 [ 77.543788][ T8497] sock_wake_async+0xd2/0x160 [ 77.550221][ T8497] sock_def_error_report+0x361/0x580 [ 77.557265][ T8497] sock_queue_err_skb+0x37b/0x750 [ 77.563958][ T8497] __skb_complete_tx_timestamp+0x308/0x420 [ 77.571588][ T8497] __skb_tstamp_tx+0x402/0x770 [ 77.578259][ T8497] __dev_queue_xmit+0x1eb2/0x2ec0 [ 77.584956][ T8497] packet_sendmsg+0x241f/0x5310 [ 77.591471][ T8497] sock_sendmsg+0xcf/0x120 [ 77.597630][ T8497] ____sys_sendmsg+0x331/0x810 [ 77.604036][ T8497] ___sys_sendmsg+0xf3/0x170 [ 77.610440][ T8497] __sys_sendmmsg+0x195/0x470 [ 77.617030][ T8497] __x64_sys_sendmmsg+0x99/0x100 [ 77.623619][ T8497] do_syscall_64+0x2d/0x70 [ 77.629805][ T8497] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.637856][ T8497] INITIAL READ USE at: [ 77.642264][ T8497] lock_acquire+0x29d/0x750 [ 77.648780][ T8497] _raw_read_lock+0x5b/0x70 [ 77.655296][ T8497] kill_fasync+0x1a1/0x4c0 [ 77.661739][ T8497] evdev_pass_values.part.0+0x64e/0x970 [ 77.669318][ T8497] evdev_events+0x328/0x490 [ 77.675842][ T8497] input_to_handler+0x2a0/0x4c0 [ 77.682781][ T8497] input_pass_values.part.0+0x2e4/0x760 [ 77.690355][ T8497] input_handle_event+0x39b/0x1470 [ 77.697469][ T8497] input_inject_event+0x36a/0x390 [ 77.704682][ T8497] evdev_write+0x463/0x780 [ 77.711120][ T8497] vfs_write+0x28e/0xa80 [ 77.717524][ T8497] ksys_write+0x1ee/0x250 [ 77.724207][ T8497] do_syscall_64+0x2d/0x70 [ 77.730638][ T8497] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.738527][ T8497] } [ 77.741017][ T8497] ... key at: [] __key.0+0x0/0x40 [ 77.748141][ T8497] ... acquired at: [ 77.751947][ T8497] __lock_acquire+0x1219/0x54b0 [ 77.756982][ T8497] lock_acquire+0x29d/0x750 [ 77.761718][ T8497] _raw_read_lock+0x5b/0x70 [ 77.771863][ T8497] kill_fasync+0x1a1/0x4c0 [ 77.776468][ T8497] sock_wake_async+0xd2/0x160 [ 77.781328][ T8497] sock_def_error_report+0x361/0x580 [ 77.786826][ T8497] sock_queue_err_skb+0x37b/0x750 [ 77.792021][ T8497] __skb_complete_tx_timestamp+0x308/0x420 [ 77.798024][ T8497] __skb_tstamp_tx+0x402/0x770 [ 77.802976][ T8497] __dev_queue_xmit+0x1eb2/0x2ec0 [ 77.808160][ T8497] packet_sendmsg+0x241f/0x5310 [ 77.813276][ T8497] sock_sendmsg+0xcf/0x120 [ 77.817858][ T8497] ____sys_sendmsg+0x331/0x810 [ 77.822803][ T8497] ___sys_sendmsg+0xf3/0x170 [ 77.827643][ T8497] __sys_sendmmsg+0x195/0x470 [ 77.832493][ T8497] __x64_sys_sendmmsg+0x99/0x100 [ 77.837603][ T8497] do_syscall_64+0x2d/0x70 [ 77.842233][ T8497] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.848329][ T8497] [ 77.850650][ T8497] [ 77.850650][ T8497] stack backtrace: [ 77.856546][ T8497] CPU: 0 PID: 8497 Comm: syz-executor056 Not tainted 5.10.0-syzkaller #0 [ 77.865119][ T8497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.875173][ T8497] Call Trace: [ 77.878442][ T8497] dump_stack+0x107/0x163 [ 77.882759][ T8497] mark_lock.cold+0x1a/0x73 [ 77.887252][ T8497] ? lock_chain_count+0x20/0x20 [ 77.892128][ T8497] ? lock_chain_count+0x20/0x20 [ 77.897057][ T8497] ? lockdep_unlock+0x11c/0x290 [ 77.902202][ T8497] ? register_lock_class+0x55c/0x1090 [ 77.907586][ T8497] __lock_acquire+0x1219/0x54b0 [ 77.912450][ T8497] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 77.918436][ T8497] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 77.924417][ T8497] lock_acquire+0x29d/0x750 [ 77.928924][ T8497] ? kill_fasync+0x1a1/0x4c0 [ 77.933760][ T8497] ? lock_release+0x710/0x710 [ 77.938445][ T8497] ? lock_release+0x710/0x710 [ 77.943129][ T8497] _raw_read_lock+0x5b/0x70 [ 77.947844][ T8497] ? kill_fasync+0x1a1/0x4c0 [ 77.952439][ T8497] kill_fasync+0x1a1/0x4c0 [ 77.956955][ T8497] sock_wake_async+0xd2/0x160 [ 77.961650][ T8497] sock_def_error_report+0x361/0x580 [ 77.966937][ T8497] sock_queue_err_skb+0x37b/0x750 [ 77.974763][ T8497] __skb_complete_tx_timestamp+0x308/0x420 [ 77.980598][ T8497] __skb_tstamp_tx+0x402/0x770 [ 77.985380][ T8497] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 77.991844][ T8497] __dev_queue_xmit+0x1eb2/0x2ec0 [ 77.996875][ T8497] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 78.002162][ T8497] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 78.008414][ T8497] ? packet_parse_headers+0x343/0x490 [ 78.013787][ T8497] ? packet_parse_headers+0x11d/0x490 [ 78.019187][ T8497] ? prb_fill_curr_block+0x5d0/0x5d0 [ 78.024553][ T8497] packet_sendmsg+0x241f/0x5310 [ 78.029463][ T8497] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 78.035794][ T8497] ? aa_sk_perm+0x385/0xb70 [ 78.040388][ T8497] ? packet_cached_dev_get+0x2a0/0x2a0 [ 78.047395][ T8497] ? aa_af_perm+0x230/0x230 [ 78.051932][ T8497] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 78.058491][ T8497] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 78.064779][ T8497] ? packet_cached_dev_get+0x2a0/0x2a0 [ 78.070253][ T8497] sock_sendmsg+0xcf/0x120 [ 78.074724][ T8497] ____sys_sendmsg+0x331/0x810 [ 78.080117][ T8497] ? kernel_sendmsg+0x50/0x50 [ 78.084793][ T8497] ? do_recvmmsg+0x6c0/0x6c0 [ 78.089396][ T8497] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 78.095548][ T8497] ___sys_sendmsg+0xf3/0x170 [ 78.100151][ T8497] ? sendmsg_copy_msghdr+0x160/0x160 [ 78.105446][ T8497] ? find_held_lock+0x2d/0x110 [ 78.110226][ T8497] ? sock_setsockopt+0x20e/0x2870 [ 78.115280][ T8497] ? lock_downgrade+0x6d0/0x6d0 [ 78.120214][ T8497] ? rwlock_bug.part.0+0x90/0x90 [ 78.125227][ T8497] ? __local_bh_enable_ip+0x9c/0x110 [ 78.130502][ T8497] ? lockdep_hardirqs_on+0x79/0x100 [ 78.135697][ T8497] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 78.141944][ T8497] ? __fget_light+0x215/0x280 [ 78.146897][ T8497] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 78.153134][ T8497] __sys_sendmmsg+0x195/0x470 [ 78.157836][ T8497] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 78.162899][ T8497] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 78.169182][ T8497] ? __sys_setsockopt+0x31c/0x610 [ 78.174235][ T8497] ? __ia32_sys_recv+0x100/0x100 [ 78.179189][ T8497] __x64_sys_sendmmsg+0x99/0x100 [ 78.184143][ T8497] ? syscall_enter_from_user_mode+0x1d/0x50 [ 78.190044][ T8497] do_syscall_64+0x2d/0x70 [ 78.194465][ T8497] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 78.200438][ T8497] RIP: 0033:0x4473f9 [ 78.204328][ T8497] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b d2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 78.224320][ T8497] RSP: 002b:00007ffe5d61bd48 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 78.232911][ T8497] RAX: ffffffffffffffda RBX: 00000000004aae61 RCX: 00000000004473f9 [ 78.241064][ T8497] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000005 [ 78.249048][ T8497] RBP: 00007ffe5d61bd50 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 78.257023][ T8497] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe5d61bd60 [ 78.265160][ T8497] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000