[ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.146' (ECDSA) to the list of known hosts. 2021/07/05 17:34:35 fuzzer started 2021/07/05 17:34:35 connecting to host at 10.128.0.169:34043 2021/07/05 17:34:35 checking machine... 2021/07/05 17:34:35 checking revisions... 2021/07/05 17:34:35 testing simple program... syzkaller login: [ 78.152511][ T8462] chnl_net:caif_netlink_parms(): no params data found [ 78.209504][ T8462] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.218063][ T8462] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.226684][ T8462] device bridge_slave_0 entered promiscuous mode [ 78.236720][ T8462] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.244438][ T8462] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.254038][ T8462] device bridge_slave_1 entered promiscuous mode [ 78.275419][ T8462] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.286490][ T8462] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.310772][ T8462] team0: Port device team_slave_0 added [ 78.319266][ T8462] team0: Port device team_slave_1 added [ 78.338680][ T8462] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.346039][ T8462] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.374477][ T8462] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.387441][ T8462] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.395770][ T8462] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.423453][ T8462] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.454413][ T8462] device hsr_slave_0 entered promiscuous mode [ 78.461824][ T8462] device hsr_slave_1 entered promiscuous mode [ 78.572617][ T8462] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.589182][ T8462] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.598841][ T8462] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.610238][ T8462] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.635791][ T8462] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.643311][ T8462] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.651539][ T8462] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.658791][ T8462] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.708036][ T8462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.724804][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.736807][ T2956] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.747053][ T2956] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.756154][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 78.771800][ T8462] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.784741][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.793497][ T8683] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.801248][ T8683] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.824134][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.833772][ T8683] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.841646][ T8683] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.850756][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.862549][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.875434][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.889128][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.904829][ T8462] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.917453][ T8462] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.926024][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.944749][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.953485][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.967059][ T8462] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.994258][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.012481][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.024344][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.033233][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.041804][ T8462] device veth0_vlan entered promiscuous mode [ 79.055314][ T8462] device veth1_vlan entered promiscuous mode [ 79.078519][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 79.088099][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 79.098097][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 79.113542][ T8462] device veth0_macvtap entered promiscuous mode [ 79.124403][ T8462] device veth1_macvtap entered promiscuous mode [ 79.136377][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 79.154380][ T8462] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.163723][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 79.174676][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 79.187003][ T8462] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.197634][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 79.206971][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 79.219565][ T8462] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.229032][ T8462] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.244668][ T8462] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.257153][ T8462] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 79.354359][ T31] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.373403][ T31] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.405085][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.420294][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.434764][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.445304][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2021/07/05 17:34:38 building call list... [ 80.325398][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.945343][ T8452] [ 81.947843][ T8452] ====================================================== [ 81.954859][ T8452] WARNING: possible circular locking dependency detected [ 81.962659][ T8452] 5.13.0-syzkaller #0 Not tainted [ 81.967834][ T8452] ------------------------------------------------------ [ 81.975059][ T8452] syz-fuzzer/8452 is trying to acquire lock: [ 81.981118][ T8452] ffffffff8c29c220 (fs_reclaim){+.+.}-{0:0}, at: fs_reclaim_acquire+0xf7/0x160 [ 81.990434][ T8452] [ 81.990434][ T8452] but task is already holding lock: [ 81.998070][ T8452] ffff8880b9c31620 (lock#2){-.-.}-{2:2}, at: __alloc_pages_bulk+0x4ad/0x1870 [ 82.007000][ T8452] [ 82.007000][ T8452] which lock already depends on the new lock. [ 82.007000][ T8452] [ 82.017486][ T8452] [ 82.017486][ T8452] the existing dependency chain (in reverse order) is: [ 82.026480][ T8452] [ 82.026480][ T8452] -> #1 (lock#2){-.-.}-{2:2}: [ 82.033333][ T8452] free_unref_page+0x1bf/0x690 [ 82.038605][ T8452] __mmdrop+0xcb/0x3f0 [ 82.043264][ T8452] finish_task_switch.isra.0+0x6da/0xa50 [ 82.049496][ T8452] __schedule+0x93c/0x2710 [ 82.054506][ T8452] preempt_schedule_irq+0x4e/0x90 [ 82.060134][ T8452] irqentry_exit+0x31/0x80 [ 82.065228][ T8452] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 82.071714][ T8452] lock_release+0xa9/0x720 [ 82.076813][ T8452] __kmalloc_node_track_caller+0x65/0x360 [ 82.083147][ T8452] __alloc_skb+0xde/0x340 [ 82.087981][ T8452] netlink_sendmsg+0x954/0xda0 [ 82.093578][ T8452] sock_sendmsg+0xcf/0x120 [ 82.098602][ T8452] ____sys_sendmsg+0x6e8/0x810 [ 82.103986][ T8452] ___sys_sendmsg+0xf3/0x170 [ 82.109351][ T8452] __sys_sendmsg+0xe5/0x1b0 [ 82.114371][ T8452] do_syscall_64+0x35/0xb0 [ 82.119455][ T8452] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 82.126196][ T8452] [ 82.126196][ T8452] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 82.133501][ T8452] __lock_acquire+0x2a07/0x54a0 [ 82.138888][ T8452] lock_acquire+0x1ab/0x510 [ 82.144051][ T8452] fs_reclaim_acquire+0x117/0x160 [ 82.149828][ T8452] prepare_alloc_pages+0x15c/0x580 [ 82.155558][ T8452] __alloc_pages+0x12f/0x500 [ 82.160800][ T8452] alloc_pages+0x18c/0x2a0 [ 82.165765][ T8452] stack_depot_save+0x39d/0x4e0 [ 82.171141][ T8452] save_stack+0x15e/0x1e0 [ 82.176476][ T8452] __set_page_owner+0x50/0x290 [ 82.182028][ T8452] __alloc_pages_bulk+0x8b9/0x1870 [ 82.187656][ T8452] __vmalloc_node_range+0x39d/0x960 [ 82.193461][ T8452] vzalloc+0x67/0x80 [ 82.198225][ T8452] n_tty_open+0x16/0x170 [ 82.203134][ T8452] tty_ldisc_open+0x9b/0x110 [ 82.208518][ T8452] tty_ldisc_setup+0x43/0x100 [ 82.213721][ T8452] tty_init_dev.part.0+0x1f4/0x610 [ 82.219573][ T8452] tty_init_dev+0x5b/0x80 [ 82.224513][ T8452] ptmx_open+0x112/0x360 [ 82.229511][ T8452] chrdev_open+0x266/0x770 [ 82.234531][ T8452] do_dentry_open+0x4c8/0x11c0 [ 82.240022][ T8452] path_openat+0x1c0e/0x27e0 [ 82.245137][ T8452] do_filp_open+0x190/0x3d0 [ 82.251033][ T8452] do_sys_openat2+0x16d/0x420 [ 82.256406][ T8452] __x64_sys_openat+0x13f/0x1f0 [ 82.261802][ T8452] do_syscall_64+0x35/0xb0 [ 82.267055][ T8452] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 82.273513][ T8452] [ 82.273513][ T8452] other info that might help us debug this: [ 82.273513][ T8452] [ 82.284656][ T8452] Possible unsafe locking scenario: [ 82.284656][ T8452] [ 82.292816][ T8452] CPU0 CPU1 [ 82.298277][ T8452] ---- ---- [ 82.303798][ T8452] lock(lock#2); [ 82.307514][ T8452] lock(fs_reclaim); [ 82.314166][ T8452] lock(lock#2); [ 82.320394][ T8452] lock(fs_reclaim); [ 82.324542][ T8452] [ 82.324542][ T8452] *** DEADLOCK *** [ 82.324542][ T8452] [ 82.332981][ T8452] 4 locks held by syz-fuzzer/8452: executing program [ 82.338773][ T8452] #0: ffffffff8cb6fce8 (tty_mutex){+.+.}-{3:3}, at: ptmx_open+0x103/0x360 [ 82.347650][ T8452] #1: ffff8880354d01c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_lock+0xbd/0x120 [ 82.356972][ T8452] #2: ffff8880354d0098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock+0x61/0xb0 [ 82.366447][ T8452] #3: ffff8880b9c31620 (lock#2){-.-.}-{2:2}, at: __alloc_pages_bulk+0x4ad/0x1870 [ 82.376266][ T8452] [ 82.376266][ T8452] stack backtrace: [ 82.382402][ T8452] CPU: 0 PID: 8452 Comm: syz-fuzzer Not tainted 5.13.0-syzkaller #0 [ 82.390463][ T8452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.400734][ T8452] Call Trace: [ 82.404111][ T8452] dump_stack_lvl+0xcd/0x134 [ 82.409247][ T8452] check_noncircular+0x25f/0x2e0 [ 82.414275][ T8452] ? print_circular_bug+0x1e0/0x1e0 [ 82.419565][ T8452] ? mark_lock+0xef/0x17b0 [ 82.424312][ T8452] ? arch_stack_walk+0x93/0xe0 [ 82.429160][ T8452] ? lockdep_lock+0xc6/0x200 [ 82.433831][ T8452] ? call_rcu_zapped+0xb0/0xb0 [ 82.438609][ T8452] __lock_acquire+0x2a07/0x54a0 [ 82.444027][ T8452] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 82.450703][ T8452] lock_acquire+0x1ab/0x510 [ 82.455481][ T8452] ? fs_reclaim_acquire+0xf7/0x160 [ 82.460592][ T8452] ? lock_release+0x720/0x720 [ 82.465381][ T8452] ? lock_chain_count+0x20/0x20 [ 82.470228][ T8452] ? mark_lock+0xef/0x17b0 [ 82.474750][ T8452] ? deref_stack_reg+0xee/0x150 [ 82.479846][ T8452] fs_reclaim_acquire+0x117/0x160 [ 82.485277][ T8452] ? fs_reclaim_acquire+0xf7/0x160 [ 82.490498][ T8452] prepare_alloc_pages+0x15c/0x580 [ 82.495696][ T8452] ? __x64_sys_openat+0x13f/0x1f0 [ 82.500800][ T8452] __alloc_pages+0x12f/0x500 [ 82.505479][ T8452] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 82.512514][ T8452] ? __unwind_start+0x51b/0x800 [ 82.517819][ T8452] ? __kernel_text_address+0x9/0x30 [ 82.523012][ T8452] alloc_pages+0x18c/0x2a0 [ 82.527447][ T8452] stack_depot_save+0x39d/0x4e0 [ 82.532359][ T8452] save_stack+0x15e/0x1e0 [ 82.537142][ T8452] ? register_early_stack+0xb0/0xb0 [ 82.542436][ T8452] ? __alloc_pages_bulk+0x8b9/0x1870 [ 82.547857][ T8452] ? __vmalloc_node_range+0x39d/0x960 [ 82.553438][ T8452] ? vzalloc+0x67/0x80 [ 82.557937][ T8452] ? n_tty_open+0x16/0x170 [ 82.562528][ T8452] ? tty_ldisc_open+0x9b/0x110 [ 82.567403][ T8452] ? tty_ldisc_setup+0x43/0x100 [ 82.572235][ T8452] ? tty_init_dev.part.0+0x1f4/0x610 [ 82.577512][ T8452] ? tty_init_dev+0x5b/0x80 [ 82.582070][ T8452] ? ptmx_open+0x112/0x360 [ 82.586677][ T8452] ? chrdev_open+0x266/0x770 [ 82.591262][ T8452] ? do_dentry_open+0x4c8/0x11c0 [ 82.596279][ T8452] ? path_openat+0x1c0e/0x27e0 [ 82.601300][ T8452] ? do_filp_open+0x190/0x3d0 [ 82.606241][ T8452] ? do_sys_openat2+0x16d/0x420 [ 82.611148][ T8452] ? __x64_sys_openat+0x13f/0x1f0 [ 82.616384][ T8452] ? do_syscall_64+0x35/0xb0 [ 82.621160][ T8452] ? preempt_count_add+0x74/0x140 [ 82.626285][ T8452] __set_page_owner+0x50/0x290 [ 82.631042][ T8452] ? post_alloc_hook+0x145/0x1e0 [ 82.636168][ T8452] __alloc_pages_bulk+0x8b9/0x1870 [ 82.641409][ T8452] ? __alloc_pages+0x500/0x500 [ 82.646184][ T8452] ? rcu_read_lock_sched_held+0x3a/0x70 [ 82.651752][ T8452] ? trace_kmalloc_node+0xbe/0xf0 [ 82.657130][ T8452] __vmalloc_node_range+0x39d/0x960 [ 82.662509][ T8452] ? vfree_atomic+0xe0/0xe0 [ 82.667277][ T8452] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 82.673320][ T8452] ? __ldsem_down_read_nested+0x850/0x850 [ 82.679629][ T8452] ? __wake_up_common+0x650/0x650 [ 82.687196][ T8452] ? n_tty_open+0x16/0x170 [ 82.691641][ T8452] vzalloc+0x67/0x80 [ 82.695624][ T8452] ? n_tty_open+0x16/0x170 [ 82.700038][ T8452] n_tty_open+0x16/0x170 [ 82.704466][ T8452] ? n_tty_set_termios+0x1010/0x1010 [ 82.709867][ T8452] tty_ldisc_open+0x9b/0x110 [ 82.714734][ T8452] tty_ldisc_setup+0x43/0x100 [ 82.719500][ T8452] tty_init_dev.part.0+0x1f4/0x610 [ 82.724854][ T8452] ? pty_unix98_compat_ioctl+0x50/0x50 [ 82.731060][ T8452] tty_init_dev+0x5b/0x80 [ 82.735390][ T8452] ptmx_open+0x112/0x360 [ 82.739933][ T8452] ? pty_unix98_compat_ioctl+0x50/0x50 [ 82.745375][ T8452] chrdev_open+0x266/0x770 [ 82.750123][ T8452] ? cdev_device_add+0x210/0x210 [ 82.755159][ T8452] ? security_file_open+0x205/0x4f0 [ 82.760527][ T8452] do_dentry_open+0x4c8/0x11c0 [ 82.765314][ T8452] ? cdev_device_add+0x210/0x210 [ 82.770237][ T8452] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 82.776547][ T8452] ? may_open+0x1f6/0x420 [ 82.780968][ T8452] path_openat+0x1c0e/0x27e0 [ 82.785648][ T8452] ? path_lookupat+0x850/0x850 [ 82.790651][ T8452] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 82.796745][ T8452] do_filp_open+0x190/0x3d0 [ 82.801268][ T8452] ? may_open_dev+0xf0/0xf0 [ 82.805853][ T8452] ? do_raw_spin_lock+0x120/0x2b0 [ 82.811042][ T8452] ? rwlock_bug.part.0+0x90/0x90 [ 82.816076][ T8452] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 82.822410][ T8452] ? _find_next_bit+0x1e3/0x260 [ 82.827272][ T8452] ? _raw_spin_unlock+0x24/0x40 [ 82.832389][ T8452] ? alloc_fd+0x2e6/0x660 [ 82.836725][ T8452] do_sys_openat2+0x16d/0x420 [ 82.841658][ T8452] ? build_open_flags+0x6f0/0x6f0 [ 82.846678][ T8452] ? __context_tracking_exit+0xb8/0xe0 [ 82.852120][ T8452] ? lock_downgrade+0x6e0/0x6e0 [ 82.856958][ T8452] __x64_sys_openat+0x13f/0x1f0 [ 82.862686][ T8452] ? __ia32_sys_open+0x1c0/0x1c0 [ 82.867642][ T8452] ? syscall_enter_from_user_mode+0x21/0x70 [ 82.873704][ T8452] do_syscall_64+0x35/0xb0 [ 82.878361][ T8452] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 82.884264][ T8452] RIP: 0033:0x4af20a [ 82.888165][ T8452] Code: e8 3b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 82.908772][ T8452] RSP: 002b:000000c0003793f8 EFLAGS: 00000216 ORIG_RAX: 0000000000000101 [ 82.917524][ T8452] RAX: ffffffffffffffda RBX: 000000c00001e800 RCX: 00000000004af20a [ 82.925906][ T8452] RDX: 0000000000000000 RSI: 000000c0001e58b0 RDI: ffffffffffffff9c [ 82.934089][ T8452] RBP: 000000c000379470 R08: 0000000000000000 R09: 0000000000000000 [ 82.942696][ T8452] R10: 0000000000000000 R11: 0000000000000216 R12: 000000000000018c [ 82.951279][ T8452] R13: 000000000000018b R14: 0000000000000200 R15: 000000c0004b4000 [ 82.959334][ T8452] BUG: sleeping function called from invalid context at mm/page_alloc.c:5179 [ 82.968427][ T8452] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 8452, name: syz-fuzzer [ 82.977615][ T8452] INFO: lockdep is turned off. [ 82.982368][ T8452] irq event stamp: 149170 [ 82.986682][ T8452] hardirqs last enabled at (149169): [] _raw_spin_unlock_irqrestore+0x50/0x70 [ 82.997389][ T8452] hardirqs last disabled at (149170): [] __alloc_pages_bulk+0x1017/0x1870 [ 83.007813][ T8452] softirqs last enabled at (146440): [] __irq_exit_rcu+0x16e/0x1c0 [ 83.017342][ T8452] softirqs last disabled at (146431): [] __irq_exit_rcu+0x16e/0x1c0 [ 83.027919][ T8452] CPU: 0 PID: 8452 Comm: syz-fuzzer Not tainted 5.13.0-syzkaller #0 [ 83.036241][ T8452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.046549][ T8452] Call Trace: [ 83.049997][ T8452] dump_stack_lvl+0xcd/0x134 [ 83.054595][ T8452] ___might_sleep.cold+0x1f1/0x237 [ 83.060134][ T8452] prepare_alloc_pages+0x3da/0x580 [ 83.065661][ T8452] ? __x64_sys_openat+0x13f/0x1f0 [ 83.070735][ T8452] __alloc_pages+0x12f/0x500 [ 83.075952][ T8452] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 83.082821][ T8452] ? __unwind_start+0x51b/0x800 [ 83.087855][ T8452] ? __kernel_text_address+0x9/0x30 [ 83.093159][ T8452] alloc_pages+0x18c/0x2a0 [ 83.097578][ T8452] stack_depot_save+0x39d/0x4e0 [ 83.102421][ T8452] save_stack+0x15e/0x1e0 [ 83.106890][ T8452] ? register_early_stack+0xb0/0xb0 [ 83.112195][ T8452] ? __alloc_pages_bulk+0x8b9/0x1870 [ 83.117483][ T8452] ? __vmalloc_node_range+0x39d/0x960 [ 83.122908][ T8452] ? vzalloc+0x67/0x80 [ 83.127057][ T8452] ? n_tty_open+0x16/0x170 [ 83.131815][ T8452] ? tty_ldisc_open+0x9b/0x110 [ 83.137203][ T8452] ? tty_ldisc_setup+0x43/0x100 [ 83.142262][ T8452] ? tty_init_dev.part.0+0x1f4/0x610 [ 83.147547][ T8452] ? tty_init_dev+0x5b/0x80 [ 83.152518][ T8452] ? ptmx_open+0x112/0x360 [ 83.157049][ T8452] ? chrdev_open+0x266/0x770 [ 83.161653][ T8452] ? do_dentry_open+0x4c8/0x11c0 [ 83.166787][ T8452] ? path_openat+0x1c0e/0x27e0 [ 83.171709][ T8452] ? do_filp_open+0x190/0x3d0 [ 83.176467][ T8452] ? do_sys_openat2+0x16d/0x420 [ 83.181300][ T8452] ? __x64_sys_openat+0x13f/0x1f0 [ 83.186495][ T8452] ? do_syscall_64+0x35/0xb0 [ 83.191250][ T8452] ? preempt_count_add+0x74/0x140 [ 83.196301][ T8452] __set_page_owner+0x50/0x290 [ 83.201530][ T8452] ? post_alloc_hook+0x145/0x1e0 [ 83.206649][ T8452] __alloc_pages_bulk+0x8b9/0x1870 [ 83.211823][ T8452] ? __alloc_pages+0x500/0x500 [ 83.216590][ T8452] ? rcu_read_lock_sched_held+0x3a/0x70 [ 83.222137][ T8452] ? trace_kmalloc_node+0xbe/0xf0 [ 83.227174][ T8452] __vmalloc_node_range+0x39d/0x960 [ 83.232475][ T8452] ? vfree_atomic+0xe0/0xe0 [ 83.237174][ T8452] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 83.243076][ T8452] ? __ldsem_down_read_nested+0x850/0x850 [ 83.249314][ T8452] ? __wake_up_common+0x650/0x650 [ 83.254586][ T8452] ? n_tty_open+0x16/0x170 [ 83.259487][ T8452] vzalloc+0x67/0x80 [ 83.263848][ T8452] ? n_tty_open+0x16/0x170 [ 83.268311][ T8452] n_tty_open+0x16/0x170 [ 83.272635][ T8452] ? n_tty_set_termios+0x1010/0x1010 [ 83.277934][ T8452] tty_ldisc_open+0x9b/0x110 [ 83.282607][ T8452] tty_ldisc_setup+0x43/0x100 [ 83.287442][ T8452] tty_init_dev.part.0+0x1f4/0x610 [ 83.292556][ T8452] ? pty_unix98_compat_ioctl+0x50/0x50 [ 83.298259][ T8452] tty_init_dev+0x5b/0x80 [ 83.302574][ T8452] ptmx_open+0x112/0x360 [ 83.306916][ T8452] ? pty_unix98_compat_ioctl+0x50/0x50 [ 83.312498][ T8452] chrdev_open+0x266/0x770 [ 83.317009][ T8452] ? cdev_device_add+0x210/0x210 [ 83.321945][ T8452] ? security_file_open+0x205/0x4f0 [ 83.327426][ T8452] do_dentry_open+0x4c8/0x11c0 [ 83.332347][ T8452] ? cdev_device_add+0x210/0x210 [ 83.337369][ T8452] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 83.343685][ T8452] ? may_open+0x1f6/0x420 [ 83.348008][ T8452] path_openat+0x1c0e/0x27e0 [ 83.352593][ T8452] ? path_lookupat+0x850/0x850 [ 83.357776][ T8452] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 83.364260][ T8452] do_filp_open+0x190/0x3d0 [ 83.368932][ T8452] ? may_open_dev+0xf0/0xf0 [ 83.373523][ T8452] ? do_raw_spin_lock+0x120/0x2b0 [ 83.378842][ T8452] ? rwlock_bug.part.0+0x90/0x90 [ 83.383842][ T8452] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 83.391286][ T8452] ? _find_next_bit+0x1e3/0x260 [ 83.396150][ T8452] ? _raw_spin_unlock+0x24/0x40 [ 83.400999][ T8452] ? alloc_fd+0x2e6/0x660 [ 83.405641][ T8452] do_sys_openat2+0x16d/0x420 [ 83.410395][ T8452] ? build_open_flags+0x6f0/0x6f0 [ 83.415420][ T8452] ? __context_tracking_exit+0xb8/0xe0 [ 83.421326][ T8452] ? lock_downgrade+0x6e0/0x6e0 [ 83.426774][ T8452] __x64_sys_openat+0x13f/0x1f0 [ 83.431728][ T8452] ? __ia32_sys_open+0x1c0/0x1c0 [ 83.436754][ T8452] ? syscall_enter_from_user_mode+0x21/0x70 [ 83.442746][ T8452] do_syscall_64+0x35/0xb0 [ 83.447168][ T8452] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 83.454370][ T8452] RIP: 0033:0x4af20a [ 83.458819][ T8452] Code: e8 3b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 83.478940][ T8452] RSP: 002b:000000c0003793f8 EFLAGS: 00000216 ORIG_RAX: 0000000000000101 [ 83.488738][ T8452] RAX: ffffffffffffffda RBX: 000000c00001e800 RCX: 00000000004af20a [ 83.496785][ T8452] RDX: 0000000000000000 RSI: 000000c0001e58b0 RDI: ffffffffffffff9c [ 83.504824][ T8452] RBP: 000000c000379470 R08: 0000000000000000 R09: 0000000000000000 [ 83.512787][ T8452] R10: 0000000000000000 R11: 0000000000000216 R12: 000000000000018c [ 83.520762][ T8452] R13: 000000000000018b R14: 0000000000000200 R15: 000000c0004b4000 [ 83.625048][ T8452] can: request_module (can-proto-0) failed. [ 83.635753][ T8452] can: request_module (can-proto-0) failed. [ 83.646845][ T8452] can: request_module (can-proto-0) failed. [ 83.820171][ T8452] base_sock_release(ffff88803ae38fc0) sk=ffff8880392ab000 [ 83.865614][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0