./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4176748988 <...> Warning: Permanently added '10.128.0.130' (ECDSA) to the list of known hosts. execve("./syz-executor4176748988", ["./syz-executor4176748988"], 0x7ffcdbf8ef50 /* 10 vars */) = 0 brk(NULL) = 0x555556385000 brk(0x555556385c40) = 0x555556385c40 arch_prctl(ARCH_SET_FS, 0x555556385300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555563855d0) = 3635 set_robust_list(0x5555563855e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f3dad98d300, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3dad98d9d0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f3dad98d3a0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dad98d9d0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4176748988", 4096) = 28 brk(0x5555563a6c40) = 0x5555563a6c40 brk(0x5555563a7000) = 0x5555563a7000 mprotect(0x7f3dada4d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3636 attached , child_tidptr=0x5555563855d0) = 3636 [pid 3636] set_robust_list(0x5555563855e0, 24) = 0 [pid 3636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3636] setpgid(0, 0) = 0 [pid 3636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3636] write(3, "1000", 4) = 4 [pid 3636] close(3) = 0 [pid 3636] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad95d000 [pid 3636] mprotect(0x7f3dad95e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3636] clone(child_stack=0x7f3dad97d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3637 attached , parent_tid=[3637], tls=0x7f3dad97d700, child_tidptr=0x7f3dad97d9d0) = 3637 [pid 3637] set_robust_list(0x7f3dad97d9e0, 24) = 0 [pid 3637] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3636] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3636] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3637] <... futex resumed>) = 0 [pid 3637] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 3637] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3636] <... futex resumed>) = 0 [pid 3636] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3637] ioctl(3, TIOCSETD, [21]) = 0 [pid 3637] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3636] <... futex resumed>) = 0 [pid 3636] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3637] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 3637] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3636] <... futex resumed>) = 0 [pid 3636] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3637] ioctl(4, GSMIOC_SETCONF [pid 3636] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3636] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad93c000 [pid 3636] mprotect(0x7f3dad93d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3636] clone(child_stack=0x7f3dad95c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3642], tls=0x7f3dad95c700, child_tidptr=0x7f3dad95c9d0) = 3642 [pid 3636] futex(0x7f3dada534d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3642 attached [pid 3642] set_robust_list(0x7f3dad95c9e0, 24) = 0 [pid 3642] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 5 [pid 3642] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3636] <... futex resumed>) = 0 [pid 3642] futex(0x7f3dada534d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3636] futex(0x7f3dada534d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3636] <... futex resumed>) = 0 [pid 3642] ioctl(5, GSMIOC_SETCONF [pid 3636] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3637] <... ioctl resumed>, 0x20000040) = 0 [pid 3637] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.328497][ T3642] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 57.343036][ T3642] CPU: 1 PID: 3642 Comm: syz-executor417 Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 57.353507][ T3642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 57.363592][ T3642] Call Trace: [ 57.366898][ T3642] [ 57.369856][ T3642] dump_stack_lvl+0xd1/0x138 [ 57.374505][ T3642] sysfs_warn_dup.cold+0x1c/0x29 [ 57.379487][ T3642] sysfs_create_dir_ns+0x237/0x290 [ 57.384638][ T3642] ? sysfs_create_mount_point+0xb0/0xb0 [ 57.390224][ T3642] ? rwlock_bug.part.0+0x90/0x90 [ 57.395194][ T3642] ? class_dir_child_ns_type+0xd/0x60 [ 57.400605][ T3642] kobject_add_internal+0x2c9/0x8f0 [ 57.405841][ T3642] kobject_add+0x154/0x1c0 [ 57.410287][ T3642] ? kset_create_and_add+0x1a0/0x1a0 [ 57.415604][ T3642] ? lockdep_init_map_type+0x21e/0x800 [ 57.421118][ T3642] device_add+0x36c/0x1e90 [ 57.425554][ T3642] ? lockdep_init_map_type+0x21e/0x800 [ 57.431048][ T3642] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 57.437306][ T3642] ? __init_waitqueue_head+0xca/0x150 [ 57.442711][ T3642] tty_register_device_attr+0x392/0x7b0 [ 57.448291][ T3642] ? lockdep_init_map_type+0x21e/0x800 [ 57.453780][ T3642] ? tty_driver_kref_put+0x90/0x90 [ 57.458922][ T3642] ? lockdep_init_map_type+0x21e/0x800 [ 57.464423][ T3642] ? __raw_spin_lock_init+0x3a/0x110 [ 57.469726][ T3642] ? tty_port_init+0x156/0x1b0 [ 57.474514][ T3642] gsmld_ioctl+0x944/0x1060 [ 57.479041][ T3642] ? gsmld_close+0x210/0x210 [ 57.483666][ T3642] tty_ioctl+0x7eb/0x1660 [ 57.488004][ T3642] ? gsmld_close+0x210/0x210 [ 57.492613][ T3642] ? tty_release+0x11b0/0x11b0 [ 57.497394][ T3642] ? find_held_lock+0x2d/0x110 [ 57.502187][ T3642] ? do_one_initcall+0x460/0x780 [ 57.507155][ T3642] ? __fget_files+0x26a/0x440 [ 57.511860][ T3642] ? bpf_lsm_file_ioctl+0x9/0x10 [ 57.516813][ T3642] ? tty_release+0x11b0/0x11b0 [ 57.521593][ T3642] __x64_sys_ioctl+0x197/0x210 [ 57.526396][ T3642] do_syscall_64+0x39/0xb0 [ 57.530853][ T3642] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.536774][ T3642] RIP: 0033:0x7f3dad9cbc79 [ 57.541217][ T3642] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 57.560849][ T3642] RSP: 002b:00007f3dad95c318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.569287][ T3642] RAX: ffffffffffffffda RBX: 00007f3dada534d8 RCX: 00007f3dad9cbc79 [pid 3637] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3636] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3636] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 0 [pid 3636] <... futex resumed>) = 1 [pid 3637] ioctl(5, GSMIOC_SETCONF [pid 3636] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3637] <... ioctl resumed>, 0x20000040) = 0 [pid 3637] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3636] <... futex resumed>) = 0 [pid 3637] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3642] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 3642] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f3dada534d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3636] exit_group(0 [pid 3637] <... futex resumed>) = ? [pid 3636] <... exit_group resumed>) = ? [pid 3637] +++ exited with 0 +++ [pid 3642] <... futex resumed>) = ? [ 57.577273][ T3642] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 57.585253][ T3642] RBP: 00007f3dada534d0 R08: 0000000000000000 R09: 0000000000000000 [ 57.593235][ T3642] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3dada2107c [ 57.601213][ T3642] R13: 00007fff3c20a04f R14: 00007f3dad95c400 R15: 0000000000022000 [ 57.609214][ T3642] [ 57.613751][ T3642] kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 3642] +++ exited with 0 +++ [pid 3636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3636, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563855d0) = 3645 ./strace-static-x86_64: Process 3645 attached [pid 3645] set_robust_list(0x5555563855e0, 24) = 0 [pid 3645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3645] setpgid(0, 0) = 0 [pid 3645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3645] write(3, "1000", 4) = 4 [pid 3645] close(3) = 0 [pid 3645] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad95d000 [pid 3645] mprotect(0x7f3dad95e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3645] clone(child_stack=0x7f3dad97d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3646], tls=0x7f3dad97d700, child_tidptr=0x7f3dad97d9d0) = 3646 ./strace-static-x86_64: Process 3646 attached [pid 3645] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] set_robust_list(0x7f3dad97d9e0, 24) = 0 [pid 3646] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 3646] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] ioctl(3, TIOCSETD, [21]) = 0 [pid 3646] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 3646] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] ioctl(4, GSMIOC_SETCONF [pid 3645] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3645] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3645] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3645] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad93c000 [pid 3645] mprotect(0x7f3dad93d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3645] clone(child_stack=0x7f3dad95c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3647], tls=0x7f3dad95c700, child_tidptr=0x7f3dad95c9d0) = 3647 [pid 3645] futex(0x7f3dada534d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3647 attached [pid 3647] set_robust_list(0x7f3dad95c9e0, 24) = 0 [pid 3647] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 5 [pid 3647] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f3dada534d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3647] <... futex resumed>) = 1 [ 57.937082][ T3647] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 57.946098][ T3647] CPU: 1 PID: 3647 Comm: syz-executor417 Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 57.956553][ T3647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 57.966639][ T3647] Call Trace: [ 57.969940][ T3647] [ 57.972896][ T3647] dump_stack_lvl+0xd1/0x138 [ 57.977528][ T3647] sysfs_warn_dup.cold+0x1c/0x29 [ 57.982501][ T3647] sysfs_create_dir_ns+0x237/0x290 [ 57.987654][ T3647] ? sysfs_create_mount_point+0xb0/0xb0 [ 57.993264][ T3647] ? rwlock_bug.part.0+0x90/0x90 [ 57.998250][ T3647] ? class_dir_child_ns_type+0xd/0x60 [ 58.003674][ T3647] kobject_add_internal+0x2c9/0x8f0 [ 58.008935][ T3647] kobject_add+0x154/0x1c0 [ 58.013400][ T3647] ? kset_create_and_add+0x1a0/0x1a0 [ 58.018736][ T3647] ? lockdep_init_map_type+0x21e/0x800 [ 58.024290][ T3647] device_add+0x36c/0x1e90 [ 58.028743][ T3647] ? lockdep_init_map_type+0x21e/0x800 [ 58.034267][ T3647] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 58.040550][ T3647] ? __init_waitqueue_head+0xca/0x150 [ 58.045980][ T3647] tty_register_device_attr+0x392/0x7b0 [ 58.051583][ T3647] ? lockdep_init_map_type+0x21e/0x800 [ 58.057089][ T3647] ? tty_driver_kref_put+0x90/0x90 [ 58.062232][ T3647] ? lockdep_init_map_type+0x21e/0x800 [ 58.067748][ T3647] ? __raw_spin_lock_init+0x3a/0x110 [ 58.073054][ T3647] ? tty_port_init+0x156/0x1b0 [ 58.077847][ T3647] gsmld_ioctl+0x944/0x1060 [ 58.082376][ T3647] ? gsmld_close+0x210/0x210 [ 58.087000][ T3647] tty_ioctl+0x7eb/0x1660 [ 58.091339][ T3647] ? gsmld_close+0x210/0x210 [ 58.095943][ T3647] ? tty_release+0x11b0/0x11b0 [ 58.100725][ T3647] ? find_held_lock+0x2d/0x110 [ 58.105524][ T3647] ? do_one_initcall+0x460/0x780 [ 58.110490][ T3647] ? __fget_files+0x26a/0x440 [ 58.115209][ T3647] ? bpf_lsm_file_ioctl+0x9/0x10 [ 58.120170][ T3647] ? tty_release+0x11b0/0x11b0 [ 58.124958][ T3647] __x64_sys_ioctl+0x197/0x210 [ 58.129755][ T3647] do_syscall_64+0x39/0xb0 [ 58.134211][ T3647] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.140132][ T3647] RIP: 0033:0x7f3dad9cbc79 [ 58.144562][ T3647] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 58.164184][ T3647] RSP: 002b:00007f3dad95c318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 58.172615][ T3647] RAX: ffffffffffffffda RBX: 00007f3dada534d8 RCX: 00007f3dad9cbc79 [pid 3647] ioctl(5, GSMIOC_SETCONF [pid 3646] <... ioctl resumed>, 0x20000040) = 0 [pid 3646] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3646] <... futex resumed>) = 0 [pid 3645] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] ioctl(5, GSMIOC_SETCONF, 0x20000040) = 0 [pid 3646] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] <... futex resumed>) = 0 [ 58.180600][ T3647] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 58.188582][ T3647] RBP: 00007f3dada534d0 R08: 0000000000000000 R09: 0000000000000000 [ 58.196562][ T3647] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3dada2107c [ 58.204545][ T3647] R13: 00007fff3c20a04f R14: 00007f3dad95c400 R15: 0000000000022000 [ 58.212543][ T3647] [pid 3646] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3647] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 3647] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3647] futex(0x7f3dada534d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3645] exit_group(0) = ? [pid 3647] <... futex resumed>) = ? [pid 3647] +++ exited with 0 +++ [pid 3646] <... futex resumed>) = ? [ 58.235256][ T3647] kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 3646] +++ exited with 0 +++ [pid 3645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3645, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563855d0) = 3648 ./strace-static-x86_64: Process 3648 attached [pid 3648] set_robust_list(0x5555563855e0, 24) = 0 [pid 3648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3648] setpgid(0, 0) = 0 [pid 3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3648] write(3, "1000", 4) = 4 [pid 3648] close(3) = 0 [pid 3648] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad95d000 [pid 3648] mprotect(0x7f3dad95e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3648] clone(child_stack=0x7f3dad97d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3649], tls=0x7f3dad97d700, child_tidptr=0x7f3dad97d9d0) = 3649 [pid 3648] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3649 attached [pid 3649] set_robust_list(0x7f3dad97d9e0, 24) = 0 [pid 3649] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 3649] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... futex resumed>) = 1 [pid 3649] ioctl(3, TIOCSETD, [21]) = 0 [pid 3649] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... futex resumed>) = 1 [pid 3649] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 3649] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... futex resumed>) = 1 [pid 3649] ioctl(4, GSMIOC_SETCONF [pid 3648] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3648] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3648] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad93c000 [pid 3648] mprotect(0x7f3dad93d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3648] clone(child_stack=0x7f3dad95c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3650], tls=0x7f3dad95c700, child_tidptr=0x7f3dad95c9d0) = 3650 [pid 3648] futex(0x7f3dada534d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3650 attached [pid 3650] set_robust_list(0x7f3dad95c9e0, 24) = 0 [pid 3650] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 5 [pid 3650] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7f3dada534d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3650] <... futex resumed>) = 1 [ 58.487278][ T3650] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 58.498029][ T3650] CPU: 1 PID: 3650 Comm: syz-executor417 Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 58.508492][ T3650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 58.518579][ T3650] Call Trace: [ 58.521884][ T3650] [ 58.524837][ T3650] dump_stack_lvl+0xd1/0x138 [ 58.529471][ T3650] sysfs_warn_dup.cold+0x1c/0x29 [ 58.534450][ T3650] sysfs_create_dir_ns+0x237/0x290 [ 58.539600][ T3650] ? sysfs_create_mount_point+0xb0/0xb0 [ 58.545190][ T3650] ? rwlock_bug.part.0+0x90/0x90 [ 58.550173][ T3650] ? class_dir_child_ns_type+0xd/0x60 [ 58.555600][ T3650] kobject_add_internal+0x2c9/0x8f0 [ 58.560863][ T3650] kobject_add+0x154/0x1c0 [ 58.565324][ T3650] ? kset_create_and_add+0x1a0/0x1a0 [ 58.570659][ T3650] ? lockdep_init_map_type+0x21e/0x800 [ 58.576192][ T3650] device_add+0x36c/0x1e90 [ 58.580649][ T3650] ? lockdep_init_map_type+0x21e/0x800 [ 58.586172][ T3650] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 58.592454][ T3650] ? __init_waitqueue_head+0xca/0x150 [ 58.597888][ T3650] tty_register_device_attr+0x392/0x7b0 [ 58.603493][ T3650] ? lockdep_init_map_type+0x21e/0x800 [ 58.609006][ T3650] ? tty_driver_kref_put+0x90/0x90 [ 58.614174][ T3650] ? lockdep_init_map_type+0x21e/0x800 [ 58.619692][ T3650] ? __raw_spin_lock_init+0x3a/0x110 [ 58.625018][ T3650] ? tty_port_init+0x156/0x1b0 [ 58.629823][ T3650] gsmld_ioctl+0x944/0x1060 [pid 3650] ioctl(5, GSMIOC_SETCONF [pid 3649] <... ioctl resumed>, 0x20000040) = 0 [pid 3649] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.634345][ T3650] ? gsmld_close+0x210/0x210 [ 58.638992][ T3650] tty_ioctl+0x7eb/0x1660 [ 58.643351][ T3650] ? gsmld_close+0x210/0x210 [ 58.647979][ T3650] ? tty_release+0x11b0/0x11b0 [ 58.652782][ T3650] ? find_held_lock+0x2d/0x110 [ 58.657596][ T3650] ? do_one_initcall+0x460/0x780 [ 58.662584][ T3650] ? __fget_files+0x26a/0x440 [ 58.667306][ T3650] ? bpf_lsm_file_ioctl+0x9/0x10 [ 58.672277][ T3650] ? tty_release+0x11b0/0x11b0 [ 58.677079][ T3650] __x64_sys_ioctl+0x197/0x210 [ 58.681892][ T3650] do_syscall_64+0x39/0xb0 [ 58.686340][ T3650] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.692232][ T3650] RIP: 0033:0x7f3dad9cbc79 [ 58.696638][ T3650] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 58.716248][ T3650] RSP: 002b:00007f3dad95c318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 58.724653][ T3650] RAX: ffffffffffffffda RBX: 00007f3dada534d8 RCX: 00007f3dad9cbc79 [pid 3649] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3648] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3648] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3650] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 3648] <... futex resumed>) = 1 [pid 3649] <... futex resumed>) = 0 [pid 3648] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] ioctl(5, GSMIOC_SETCONF, 0x20000040) = 0 [pid 3649] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3648] <... futex resumed>) = 0 [pid 3649] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3650] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] exit_group(0) = ? [pid 3649] <... futex resumed>) = ? [pid 3649] +++ exited with 0 +++ [pid 3650] <... futex resumed>) = ? [ 58.732618][ T3650] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 58.740603][ T3650] RBP: 00007f3dada534d0 R08: 0000000000000000 R09: 0000000000000000 [ 58.748565][ T3650] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3dada2107c [ 58.757106][ T3650] R13: 00007fff3c20a04f R14: 00007f3dad95c400 R15: 0000000000022000 [ 58.765090][ T3650] [ 58.768494][ T3650] kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 3650] +++ exited with 0 +++ [pid 3648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3648, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563855d0) = 3651 ./strace-static-x86_64: Process 3651 attached [pid 3651] set_robust_list(0x5555563855e0, 24) = 0 [pid 3651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3651] setpgid(0, 0) = 0 [pid 3651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3651] write(3, "1000", 4) = 4 [pid 3651] close(3) = 0 [pid 3651] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad95d000 [pid 3651] mprotect(0x7f3dad95e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3651] clone(child_stack=0x7f3dad97d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3652], tls=0x7f3dad97d700, child_tidptr=0x7f3dad97d9d0) = 3652 [pid 3651] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3652 attached [pid 3652] set_robust_list(0x7f3dad97d9e0, 24) = 0 [pid 3652] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 3652] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... futex resumed>) = 1 [pid 3652] ioctl(3, TIOCSETD, [21]) = 0 [pid 3652] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... futex resumed>) = 1 [pid 3652] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 3652] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... futex resumed>) = 1 [pid 3652] ioctl(4, GSMIOC_SETCONF [pid 3651] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3651] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad93c000 [pid 3651] mprotect(0x7f3dad93d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3651] clone(child_stack=0x7f3dad95c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3653], tls=0x7f3dad95c700, child_tidptr=0x7f3dad95c9d0) = 3653 [pid 3651] futex(0x7f3dada534d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3653 attached [pid 3653] set_robust_list(0x7f3dad95c9e0, 24) = 0 [pid 3653] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 5 [pid 3653] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f3dada534d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3653] <... futex resumed>) = 1 [ 59.016421][ T3653] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 59.046116][ T3653] CPU: 1 PID: 3653 Comm: syz-executor417 Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 59.056593][ T3653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 59.066683][ T3653] Call Trace: [ 59.069986][ T3653] [ 59.072944][ T3653] dump_stack_lvl+0xd1/0x138 [ 59.077583][ T3653] sysfs_warn_dup.cold+0x1c/0x29 [ 59.082572][ T3653] sysfs_create_dir_ns+0x237/0x290 [ 59.087728][ T3653] ? sysfs_create_mount_point+0xb0/0xb0 [ 59.093317][ T3653] ? rwlock_bug.part.0+0x90/0x90 [ 59.098299][ T3653] ? class_dir_child_ns_type+0xd/0x60 [ 59.103726][ T3653] kobject_add_internal+0x2c9/0x8f0 [ 59.108986][ T3653] kobject_add+0x154/0x1c0 [ 59.113456][ T3653] ? kset_create_and_add+0x1a0/0x1a0 [ 59.118809][ T3653] ? lockdep_init_map_type+0x21e/0x800 [ 59.124344][ T3653] device_add+0x36c/0x1e90 [ 59.128809][ T3653] ? lockdep_init_map_type+0x21e/0x800 [ 59.134322][ T3653] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 59.140608][ T3653] ? __init_waitqueue_head+0xca/0x150 [ 59.146044][ T3653] tty_register_device_attr+0x392/0x7b0 [ 59.151658][ T3653] ? lockdep_init_map_type+0x21e/0x800 [ 59.157176][ T3653] ? tty_driver_kref_put+0x90/0x90 [ 59.162340][ T3653] ? lockdep_init_map_type+0x21e/0x800 [ 59.167850][ T3653] ? __raw_spin_lock_init+0x3a/0x110 [ 59.173183][ T3653] ? tty_port_init+0x156/0x1b0 [ 59.177996][ T3653] gsmld_ioctl+0x944/0x1060 [ 59.182542][ T3653] ? gsmld_close+0x210/0x210 [ 59.187188][ T3653] tty_ioctl+0x7eb/0x1660 [ 59.191550][ T3653] ? gsmld_close+0x210/0x210 [ 59.196177][ T3653] ? tty_release+0x11b0/0x11b0 [ 59.200972][ T3653] ? find_held_lock+0x2d/0x110 [ 59.205758][ T3653] ? do_one_initcall+0x460/0x780 [ 59.210750][ T3653] ? __fget_files+0x26a/0x440 [pid 3653] ioctl(5, GSMIOC_SETCONF [pid 3652] <... ioctl resumed>, 0x20000040) = 0 [pid 3652] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 59.215473][ T3653] ? bpf_lsm_file_ioctl+0x9/0x10 [ 59.220450][ T3653] ? tty_release+0x11b0/0x11b0 [ 59.225246][ T3653] __x64_sys_ioctl+0x197/0x210 [ 59.230058][ T3653] do_syscall_64+0x39/0xb0 [ 59.234517][ T3653] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.240439][ T3653] RIP: 0033:0x7f3dad9cbc79 [ 59.244881][ T3653] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.264494][ T3653] RSP: 002b:00007f3dad95c318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 59.272918][ T3653] RAX: ffffffffffffffda RBX: 00007f3dada534d8 RCX: 00007f3dad9cbc79 [ 59.280896][ T3653] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 59.288870][ T3653] RBP: 00007f3dada534d0 R08: 0000000000000000 R09: 0000000000000000 [ 59.296841][ T3653] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3dada2107c [ 59.304808][ T3653] R13: 00007fff3c20a04f R14: 00007f3dad95c400 R15: 0000000000022000 [ 59.312788][ T3653] [pid 3652] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3651] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3653] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 3651] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3653] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3652] <... futex resumed>) = 0 [pid 3651] <... futex resumed>) = 1 [pid 3652] ioctl(5, GSMIOC_SETCONF [pid 3651] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... ioctl resumed>, 0x20000040) = 0 [pid 3652] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3651] exit_group(0 [pid 3652] <... futex resumed>) = ? [pid 3651] <... exit_group resumed>) = ? [pid 3652] +++ exited with 0 +++ [pid 3653] <... futex resumed>) = ? [ 59.316247][ T3653] kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 3653] +++ exited with 0 +++ [pid 3651] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3651, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563855d0) = 3657 ./strace-static-x86_64: Process 3657 attached [pid 3657] set_robust_list(0x5555563855e0, 24) = 0 [pid 3657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3657] setpgid(0, 0) = 0 [pid 3657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3657] write(3, "1000", 4) = 4 [pid 3657] close(3) = 0 [pid 3657] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad95d000 [pid 3657] mprotect(0x7f3dad95e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3657] clone(child_stack=0x7f3dad97d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3658], tls=0x7f3dad97d700, child_tidptr=0x7f3dad97d9d0) = 3658 [pid 3657] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3658 attached [pid 3658] set_robust_list(0x7f3dad97d9e0, 24) = 0 [pid 3658] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 3658] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... futex resumed>) = 1 [pid 3658] ioctl(3, TIOCSETD, [21]) = 0 [pid 3658] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... futex resumed>) = 1 [pid 3658] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 3658] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... futex resumed>) = 1 [pid 3658] ioctl(4, GSMIOC_SETCONF [pid 3657] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3657] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad93c000 [pid 3657] mprotect(0x7f3dad93d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3657] clone(child_stack=0x7f3dad95c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3659], tls=0x7f3dad95c700, child_tidptr=0x7f3dad95c9d0) = 3659 [pid 3657] futex(0x7f3dada534d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3659 attached [pid 3659] set_robust_list(0x7f3dad95c9e0, 24) = 0 [pid 3659] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 5 [pid 3659] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f3dada534d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3659] <... futex resumed>) = 1 [ 59.559771][ T3659] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 59.579364][ T3659] CPU: 1 PID: 3659 Comm: syz-executor417 Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 59.589921][ T3659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 59.600010][ T3659] Call Trace: [ 59.603313][ T3659] [ 59.606270][ T3659] dump_stack_lvl+0xd1/0x138 [ 59.610904][ T3659] sysfs_warn_dup.cold+0x1c/0x29 [ 59.615881][ T3659] sysfs_create_dir_ns+0x237/0x290 [ 59.621030][ T3659] ? sysfs_create_mount_point+0xb0/0xb0 [ 59.626617][ T3659] ? rwlock_bug.part.0+0x90/0x90 [ 59.631594][ T3659] ? class_dir_child_ns_type+0xd/0x60 [ 59.637026][ T3659] kobject_add_internal+0x2c9/0x8f0 [ 59.642282][ T3659] kobject_add+0x154/0x1c0 [ 59.646753][ T3659] ? kset_create_and_add+0x1a0/0x1a0 [ 59.652091][ T3659] ? lockdep_init_map_type+0x21e/0x800 [ 59.657617][ T3659] device_add+0x36c/0x1e90 [ 59.662071][ T3659] ? lockdep_init_map_type+0x21e/0x800 [ 59.667600][ T3659] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 59.673895][ T3659] ? __init_waitqueue_head+0xca/0x150 [ 59.679329][ T3659] tty_register_device_attr+0x392/0x7b0 [ 59.684931][ T3659] ? lockdep_init_map_type+0x21e/0x800 [ 59.690442][ T3659] ? tty_driver_kref_put+0x90/0x90 [ 59.695608][ T3659] ? lockdep_init_map_type+0x21e/0x800 [ 59.701125][ T3659] ? __raw_spin_lock_init+0x3a/0x110 [pid 3659] ioctl(5, GSMIOC_SETCONF [pid 3658] <... ioctl resumed>, 0x20000040) = 0 [pid 3658] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 59.706449][ T3659] ? tty_port_init+0x156/0x1b0 [ 59.711260][ T3659] gsmld_ioctl+0x944/0x1060 [ 59.715806][ T3659] ? gsmld_close+0x210/0x210 [ 59.720459][ T3659] tty_ioctl+0x7eb/0x1660 [ 59.724818][ T3659] ? gsmld_close+0x210/0x210 [ 59.729444][ T3659] ? tty_release+0x11b0/0x11b0 [ 59.734248][ T3659] ? find_held_lock+0x2d/0x110 [ 59.739066][ T3659] ? do_one_initcall+0x460/0x780 [ 59.744053][ T3659] ? __fget_files+0x26a/0x440 [ 59.748776][ T3659] ? bpf_lsm_file_ioctl+0x9/0x10 [ 59.753748][ T3659] ? tty_release+0x11b0/0x11b0 [ 59.758551][ T3659] __x64_sys_ioctl+0x197/0x210 [ 59.763346][ T3659] do_syscall_64+0x39/0xb0 [ 59.767768][ T3659] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.773661][ T3659] RIP: 0033:0x7f3dad9cbc79 [ 59.778076][ T3659] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.797712][ T3659] RSP: 002b:00007f3dad95c318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [pid 3658] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3657] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] <... futex resumed>) = 0 [pid 3657] <... futex resumed>) = 1 [pid 3658] ioctl(5, GSMIOC_SETCONF [pid 3657] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... ioctl resumed>, 0x20000040) = 0 [pid 3658] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [ 59.806125][ T3659] RAX: ffffffffffffffda RBX: 00007f3dada534d8 RCX: 00007f3dad9cbc79 [ 59.814103][ T3659] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 59.822088][ T3659] RBP: 00007f3dada534d0 R08: 0000000000000000 R09: 0000000000000000 [ 59.830054][ T3659] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3dada2107c [ 59.838031][ T3659] R13: 00007fff3c20a04f R14: 00007f3dad95c400 R15: 0000000000022000 [ 59.846032][ T3659] [pid 3658] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3659] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 3659] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3657] exit_group(0 [pid 3659] <... futex resumed>) = ? [pid 3658] <... futex resumed>) = ? [pid 3657] <... exit_group resumed>) = ? [pid 3659] +++ exited with 0 +++ [pid 3658] +++ exited with 0 +++ [ 59.849639][ T3659] kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 3657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3657, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3661 attached , child_tidptr=0x5555563855d0) = 3661 [pid 3661] set_robust_list(0x5555563855e0, 24) = 0 [pid 3661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3661] setpgid(0, 0) = 0 [pid 3661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3661] write(3, "1000", 4) = 4 [pid 3661] close(3) = 0 [pid 3661] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad95d000 [pid 3661] mprotect(0x7f3dad95e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3661] clone(child_stack=0x7f3dad97d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3662 attached , parent_tid=[3662], tls=0x7f3dad97d700, child_tidptr=0x7f3dad97d9d0) = 3662 [pid 3661] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3661] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3662] set_robust_list(0x7f3dad97d9e0, 24) = 0 [pid 3662] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 3662] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3662] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3661] <... futex resumed>) = 0 [pid 3661] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3662] <... futex resumed>) = 0 [pid 3662] ioctl(3, TIOCSETD, [21] [pid 3661] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3662] <... ioctl resumed>) = 0 [pid 3662] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3662] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3661] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3662] <... futex resumed>) = 0 [pid 3662] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR [pid 3661] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3662] <... openat resumed>) = 4 [pid 3662] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3662] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3661] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3662] <... futex resumed>) = 0 [pid 3662] ioctl(4, GSMIOC_SETCONF [pid 3661] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3661] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad93c000 [pid 3661] mprotect(0x7f3dad93d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3661] clone(child_stack=0x7f3dad95c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3663], tls=0x7f3dad95c700, child_tidptr=0x7f3dad95c9d0) = 3663 [pid 3661] futex(0x7f3dada534d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3661] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3663 attached [pid 3663] set_robust_list(0x7f3dad95c9e0, 24) = 0 [pid 3663] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 5 [pid 3663] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3661] <... futex resumed>) = 0 [pid 3661] futex(0x7f3dada534d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3661] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 60.104957][ T3663] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 60.115640][ T3663] CPU: 0 PID: 3663 Comm: syz-executor417 Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 60.126102][ T3663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 60.136193][ T3663] Call Trace: [ 60.139497][ T3663] [ 60.142455][ T3663] dump_stack_lvl+0xd1/0x138 [ 60.147087][ T3663] sysfs_warn_dup.cold+0x1c/0x29 [ 60.152069][ T3663] sysfs_create_dir_ns+0x237/0x290 [ 60.157221][ T3663] ? sysfs_create_mount_point+0xb0/0xb0 [ 60.162809][ T3663] ? rwlock_bug.part.0+0x90/0x90 [ 60.167787][ T3663] ? class_dir_child_ns_type+0xd/0x60 [ 60.173207][ T3663] kobject_add_internal+0x2c9/0x8f0 [ 60.178445][ T3663] kobject_add+0x154/0x1c0 [ 60.182889][ T3663] ? kset_create_and_add+0x1a0/0x1a0 [ 60.188205][ T3663] ? lockdep_init_map_type+0x21e/0x800 [ 60.193707][ T3663] device_add+0x36c/0x1e90 [ 60.198140][ T3663] ? lockdep_init_map_type+0x21e/0x800 [ 60.203637][ T3663] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 60.209897][ T3663] ? __init_waitqueue_head+0xca/0x150 [ 60.215318][ T3663] tty_register_device_attr+0x392/0x7b0 [ 60.220897][ T3663] ? lockdep_init_map_type+0x21e/0x800 [ 60.226400][ T3663] ? tty_driver_kref_put+0x90/0x90 [ 60.231557][ T3663] ? lockdep_init_map_type+0x21e/0x800 [ 60.237063][ T3663] ? __raw_spin_lock_init+0x3a/0x110 [ 60.242373][ T3663] ? tty_port_init+0x156/0x1b0 [ 60.247166][ T3663] gsmld_ioctl+0x944/0x1060 [ 60.251695][ T3663] ? gsmld_close+0x210/0x210 [ 60.256318][ T3663] tty_ioctl+0x7eb/0x1660 [ 60.260655][ T3663] ? gsmld_close+0x210/0x210 [ 60.265259][ T3663] ? tty_release+0x11b0/0x11b0 [ 60.270040][ T3663] ? find_held_lock+0x2d/0x110 [ 60.274836][ T3663] ? do_one_initcall+0x460/0x780 [ 60.279827][ T3663] ? __fget_files+0x26a/0x440 [ 60.284528][ T3663] ? bpf_lsm_file_ioctl+0x9/0x10 [ 60.289502][ T3663] ? tty_release+0x11b0/0x11b0 [ 60.294293][ T3663] __x64_sys_ioctl+0x197/0x210 [ 60.299106][ T3663] do_syscall_64+0x39/0xb0 [ 60.303552][ T3663] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.309468][ T3663] RIP: 0033:0x7f3dad9cbc79 [ 60.313894][ T3663] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.333513][ T3663] RSP: 002b:00007f3dad95c318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 60.341945][ T3663] RAX: ffffffffffffffda RBX: 00007f3dada534d8 RCX: 00007f3dad9cbc79 [pid 3663] ioctl(5, GSMIOC_SETCONF [pid 3661] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3661] futex(0x7f3dada534ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad91b000 [pid 3661] mprotect(0x7f3dad91c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3661] clone(child_stack=0x7f3dad93b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3664], tls=0x7f3dad93b700, child_tidptr=0x7f3dad93b9d0) = 3664 [pid 3661] futex(0x7f3dada534e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 60.349928][ T3663] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 60.357908][ T3663] RBP: 00007f3dada534d0 R08: 0000000000000000 R09: 0000000000000000 [ 60.365897][ T3663] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3dada2107c [ 60.373879][ T3663] R13: 00007fff3c20a04f R14: 00007f3dad95c400 R15: 0000000000022000 [ 60.381889][ T3663] [pid 3661] futex(0x7f3dada534ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3664 attached [pid 3662] <... ioctl resumed>, 0x20000040) = 0 [pid 3662] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3662] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3664] set_robust_list(0x7f3dad93b9e0, 24 [pid 3663] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 3664] <... set_robust_list resumed>) = 0 [pid 3663] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] ioctl(5, GSMIOC_SETCONF, 0x20000040) = 0 [pid 3663] <... futex resumed>) = 0 [pid 3664] futex(0x7f3dada534ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] futex(0x7f3dada534d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3661] <... futex resumed>) = 0 [pid 3664] futex(0x7f3dada534e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3661] exit_group(0 [pid 3664] <... futex resumed>) = ? [pid 3663] <... futex resumed>) = ? [pid 3661] <... exit_group resumed>) = ? [pid 3664] +++ exited with 0 +++ [pid 3662] <... futex resumed>) = ? [pid 3662] +++ exited with 0 +++ [ 60.413404][ T3663] kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 3663] +++ exited with 0 +++ [pid 3661] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3661, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563855d0) = 3665 ./strace-static-x86_64: Process 3665 attached [pid 3665] set_robust_list(0x5555563855e0, 24) = 0 [pid 3665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3665] setpgid(0, 0) = 0 [pid 3665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3665] write(3, "1000", 4) = 4 [pid 3665] close(3) = 0 [pid 3665] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad95d000 [pid 3665] mprotect(0x7f3dad95e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3665] clone(child_stack=0x7f3dad97d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3666], tls=0x7f3dad97d700, child_tidptr=0x7f3dad97d9d0) = 3666 [pid 3665] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3666 attached [pid 3666] set_robust_list(0x7f3dad97d9e0, 24) = 0 [pid 3666] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 3666] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3665] <... futex resumed>) = 0 [pid 3665] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3666] <... futex resumed>) = 1 [pid 3666] ioctl(3, TIOCSETD, [21]) = 0 [pid 3666] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3665] <... futex resumed>) = 0 [pid 3665] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3666] <... futex resumed>) = 1 [pid 3666] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 3666] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3665] <... futex resumed>) = 0 [pid 3665] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3666] <... futex resumed>) = 1 [pid 3666] ioctl(4, GSMIOC_SETCONF [pid 3665] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3665] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad93c000 [pid 3665] mprotect(0x7f3dad93d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3665] clone(child_stack=0x7f3dad95c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3667], tls=0x7f3dad95c700, child_tidptr=0x7f3dad95c9d0) = 3667 [pid 3665] futex(0x7f3dada534d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3667 attached [pid 3667] set_robust_list(0x7f3dad95c9e0, 24) = 0 [pid 3667] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 5 [pid 3667] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3665] <... futex resumed>) = 0 [pid 3665] futex(0x7f3dada534d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] <... futex resumed>) = 1 [ 60.690560][ T3667] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 60.712828][ T3667] CPU: 0 PID: 3667 Comm: syz-executor417 Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 60.723304][ T3667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 60.733388][ T3667] Call Trace: [ 60.736687][ T3667] [ 60.739641][ T3667] dump_stack_lvl+0xd1/0x138 [ 60.744277][ T3667] sysfs_warn_dup.cold+0x1c/0x29 [ 60.749253][ T3667] sysfs_create_dir_ns+0x237/0x290 [ 60.754405][ T3667] ? sysfs_create_mount_point+0xb0/0xb0 [ 60.759993][ T3667] ? rwlock_bug.part.0+0x90/0x90 [ 60.764975][ T3667] ? class_dir_child_ns_type+0xd/0x60 [ 60.770398][ T3667] kobject_add_internal+0x2c9/0x8f0 [ 60.775648][ T3667] kobject_add+0x154/0x1c0 [ 60.780095][ T3667] ? kset_create_and_add+0x1a0/0x1a0 [ 60.785413][ T3667] ? lockdep_init_map_type+0x21e/0x800 [ 60.790915][ T3667] device_add+0x36c/0x1e90 [ 60.795352][ T3667] ? lockdep_init_map_type+0x21e/0x800 [ 60.800843][ T3667] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 60.807102][ T3667] ? __init_waitqueue_head+0xca/0x150 [ 60.812682][ T3667] tty_register_device_attr+0x392/0x7b0 [ 60.818260][ T3667] ? lockdep_init_map_type+0x21e/0x800 [ 60.823748][ T3667] ? tty_driver_kref_put+0x90/0x90 [ 60.828888][ T3667] ? lockdep_init_map_type+0x21e/0x800 [ 60.834384][ T3667] ? __raw_spin_lock_init+0x3a/0x110 [ 60.839685][ T3667] ? tty_port_init+0x156/0x1b0 [ 60.844474][ T3667] gsmld_ioctl+0x944/0x1060 [ 60.849001][ T3667] ? gsmld_close+0x210/0x210 [ 60.853627][ T3667] tty_ioctl+0x7eb/0x1660 [ 60.857968][ T3667] ? gsmld_close+0x210/0x210 [ 60.862580][ T3667] ? tty_release+0x11b0/0x11b0 [ 60.867378][ T3667] ? find_held_lock+0x2d/0x110 [ 60.872177][ T3667] ? do_one_initcall+0x460/0x780 [ 60.877149][ T3667] ? __fget_files+0x26a/0x440 [ 60.881851][ T3667] ? bpf_lsm_file_ioctl+0x9/0x10 [ 60.886815][ T3667] ? tty_release+0x11b0/0x11b0 [ 60.891590][ T3667] __x64_sys_ioctl+0x197/0x210 [ 60.896374][ T3667] do_syscall_64+0x39/0xb0 [ 60.900812][ T3667] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.906724][ T3667] RIP: 0033:0x7f3dad9cbc79 [ 60.911165][ T3667] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.930783][ T3667] RSP: 002b:00007f3dad95c318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [pid 3667] ioctl(5, GSMIOC_SETCONF [pid 3665] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3665] futex(0x7f3dada534ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad91b000 [pid 3665] mprotect(0x7f3dad91c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3665] clone(child_stack=0x7f3dad93b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3668], tls=0x7f3dad93b700, child_tidptr=0x7f3dad93b9d0) = 3668 [pid 3665] futex(0x7f3dada534e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] futex(0x7f3dada534ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3668 attached [pid 3668] set_robust_list(0x7f3dad93b9e0, 24) = 0 [ 60.939208][ T3667] RAX: ffffffffffffffda RBX: 00007f3dada534d8 RCX: 00007f3dad9cbc79 [ 60.947184][ T3667] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 60.955159][ T3667] RBP: 00007f3dada534d0 R08: 0000000000000000 R09: 0000000000000000 [ 60.963134][ T3667] R10: 000000000000000e R11: 0000000000000246 R12: 00007f3dada2107c [ 60.971110][ T3667] R13: 00007fff3c20a04f R14: 00007f3dad95c400 R15: 0000000000022000 [ 60.979106][ T3667] [pid 3668] ioctl(5, GSMIOC_SETCONF [pid 3666] <... ioctl resumed>, 0x20000040) = 0 [pid 3666] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 60.998699][ T3668] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1' [ 61.013160][ T3668] CPU: 1 PID: 3668 Comm: syz-executor417 Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 61.023622][ T3668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 61.033879][ T3668] Call Trace: [ 61.037175][ T3668] [ 61.040111][ T3668] dump_stack_lvl+0xd1/0x138 [ 61.044721][ T3668] sysfs_warn_dup.cold+0x1c/0x29 [ 61.049862][ T3668] sysfs_create_dir_ns+0x237/0x290 [ 61.054988][ T3668] ? sysfs_create_mount_point+0xb0/0xb0 [ 61.060546][ T3668] ? rwlock_bug.part.0+0x90/0x90 [ 61.065498][ T3668] ? class_dir_child_ns_type+0xd/0x60 [ 61.070898][ T3668] kobject_add_internal+0x2c9/0x8f0 [ 61.076133][ T3668] kobject_add+0x154/0x1c0 [ 61.080574][ T3668] ? kset_create_and_add+0x1a0/0x1a0 [ 61.085883][ T3668] ? lockdep_init_map_type+0x21e/0x800 [ 61.091379][ T3668] device_add+0x36c/0x1e90 [ 61.095812][ T3668] ? lockdep_init_map_type+0x21e/0x800 [ 61.101314][ T3668] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 61.107587][ T3668] ? __init_waitqueue_head+0xca/0x150 [ 61.112991][ T3668] tty_register_device_attr+0x392/0x7b0 [ 61.118568][ T3668] ? lockdep_init_map_type+0x21e/0x800 [ 61.124061][ T3668] ? tty_driver_kref_put+0x90/0x90 [ 61.129225][ T3668] ? lockdep_init_map_type+0x21e/0x800 [ 61.134739][ T3668] ? __raw_spin_lock_init+0x3a/0x110 [ 61.140048][ T3668] ? tty_port_init+0x156/0x1b0 [ 61.144844][ T3668] gsmld_ioctl+0x944/0x1060 [ 61.149379][ T3668] ? gsmld_close+0x210/0x210 [ 61.154006][ T3668] tty_ioctl+0x7eb/0x1660 [ 61.158344][ T3668] ? gsmld_close+0x210/0x210 [ 61.162961][ T3668] ? tty_release+0x11b0/0x11b0 [ 61.167767][ T3668] ? find_held_lock+0x2d/0x110 [ 61.172579][ T3668] ? do_one_initcall+0x460/0x780 [ 61.177555][ T3668] ? __fget_files+0x26a/0x440 [ 61.182271][ T3668] ? bpf_lsm_file_ioctl+0x9/0x10 [ 61.187231][ T3668] ? tty_release+0x11b0/0x11b0 [ 61.192016][ T3668] __x64_sys_ioctl+0x197/0x210 [ 61.196808][ T3668] do_syscall_64+0x39/0xb0 [ 61.201252][ T3668] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.207182][ T3668] RIP: 0033:0x7f3dad9cbc79 [ 61.211615][ T3668] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 61.231236][ T3668] RSP: 002b:00007f3dad93b318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 61.239662][ T3668] RAX: ffffffffffffffda RBX: 00007f3dada534e8 RCX: 00007f3dad9cbc79 [pid 3666] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3665] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 61.247681][ T3668] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 61.255680][ T3668] RBP: 00007f3dada534e0 R08: 00007f3dad93b700 R09: 0000000000000000 [ 61.263689][ T3668] R10: 00007f3dad93b700 R11: 0000000000000246 R12: 00007f3dada2107c [ 61.271680][ T3668] R13: 00007fff3c20a04f R14: 00007f3dad93b400 R15: 0000000000022000 [ 61.279683][ T3668] [pid 3667] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 3667] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7f3dada534d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3668] <... ioctl resumed>, 0x20000040) = -1 EEXIST (File exists) [pid 3668] futex(0x7f3dada534ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3668] futex(0x7f3dada534e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3665] exit_group(0) = ? [pid 3667] <... futex resumed>) = ? [pid 3666] <... futex resumed>) = ? [pid 3667] +++ exited with 0 +++ [pid 3666] +++ exited with 0 +++ [pid 3668] <... futex resumed>) = ? [ 61.319320][ T3667] kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [ 61.321437][ T3668] kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory. [pid 3668] +++ exited with 0 +++ [pid 3665] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3665, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563855d0) = 3671 ./strace-static-x86_64: Process 3671 attached [pid 3671] set_robust_list(0x5555563855e0, 24) = 0 [pid 3671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3671] setpgid(0, 0) = 0 [pid 3671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3671] write(3, "1000", 4) = 4 [pid 3671] close(3) = 0 [pid 3671] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad95d000 [pid 3671] mprotect(0x7f3dad95e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3671] clone(child_stack=0x7f3dad97d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3672], tls=0x7f3dad97d700, child_tidptr=0x7f3dad97d9d0) = 3672 [pid 3671] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3671] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3672 attached [pid 3672] set_robust_list(0x7f3dad97d9e0, 24) = 0 [pid 3672] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3 [pid 3672] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3671] <... futex resumed>) = 0 [pid 3671] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3671] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3672] ioctl(3, TIOCSETD, [21]) = 0 [pid 3672] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3671] <... futex resumed>) = 0 [pid 3671] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3671] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3672] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 4 [pid 3672] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3671] <... futex resumed>) = 0 [pid 3671] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3671] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3672] ioctl(4, GSMIOC_SETCONF [pid 3671] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3671] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dad93c000 [pid 3671] mprotect(0x7f3dad93d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3671] clone(child_stack=0x7f3dad95c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3673], tls=0x7f3dad95c700, child_tidptr=0x7f3dad95c9d0) = 3673 [pid 3671] futex(0x7f3dada534d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3671] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3673 attached [pid 3672] <... ioctl resumed>, 0x20000040) = 0 [pid 3672] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] set_robust_list(0x7f3dad95c9e0, 24 [pid 3672] <... futex resumed>) = 0 [pid 3673] <... set_robust_list resumed>) = 0 [pid 3672] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3673] openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 5 [pid 3673] futex(0x7f3dada534dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3671] <... futex resumed>) = 0 [pid 3671] futex(0x7f3dada534c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3671] futex(0x7f3dada534cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3672] <... futex resumed>) = 0 [pid 3673] futex(0x7f3dada534d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] ioctl(5, GSMIOC_SETCONF [pid 3671] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3671] futex(0x7f3dada534d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3671] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3673] <... futex resumed>) = 0 [pid 3673] ioctl(5, GSMIOC_SETCONF [pid 3671] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3671] futex(0x7f3dada534dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 61.773131][ T3673] ================================================================== [ 61.781239][ T3673] BUG: KASAN: use-after-free in gsm_cleanup_mux+0x785/0x800 [ 61.788560][ T3673] Read of size 4 at addr ffff88802179600c by task syz-executor417/3673 [ 61.796820][ T3673] [ 61.799165][ T3673] CPU: 0 PID: 3673 Comm: syz-executor417 Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 61.809600][ T3673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 61.819684][ T3673] Call Trace: [ 61.822977][ T3673] [ 61.825923][ T3673] dump_stack_lvl+0xd1/0x138 [ 61.830547][ T3673] print_report+0x15e/0x45d [ 61.835080][ T3673] ? __phys_addr+0xc8/0x140 [ 61.839619][ T3673] ? gsm_cleanup_mux+0x785/0x800 [ 61.844585][ T3673] kasan_report+0xbf/0x1f0 [ 61.849043][ T3673] ? gsm_cleanup_mux+0x785/0x800 [ 61.854015][ T3673] gsm_cleanup_mux+0x785/0x800 [ 61.858798][ T3673] ? gsm_dlci_begin_close+0x210/0x210 [ 61.864166][ T3673] gsmld_ioctl+0x533/0x1060 [ 61.868672][ T3673] ? gsmld_close+0x210/0x210 [ 61.873265][ T3673] tty_ioctl+0x7eb/0x1660 [ 61.877579][ T3673] ? gsmld_close+0x210/0x210 [ 61.882165][ T3673] ? tty_release+0x11b0/0x11b0 [ 61.886953][ T3673] ? find_held_lock+0x2d/0x110 [ 61.891757][ T3673] ? do_one_initcall+0x460/0x780 [ 61.896733][ T3673] ? __fget_files+0x26a/0x440 [ 61.901446][ T3673] ? bpf_lsm_file_ioctl+0x9/0x10 [ 61.906420][ T3673] ? tty_release+0x11b0/0x11b0 [ 61.911211][ T3673] __x64_sys_ioctl+0x197/0x210 [ 61.916019][ T3673] do_syscall_64+0x39/0xb0 [ 61.920474][ T3673] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.926418][ T3673] RIP: 0033:0x7f3dad9cbc79 [ 61.930864][ T3673] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 61.950498][ T3673] RSP: 002b:00007f3dad95c318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 61.958972][ T3673] RAX: ffffffffffffffda RBX: 00007f3dada534d8 RCX: 00007f3dad9cbc79 [ 61.966965][ T3673] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 61.974960][ T3673] RBP: 00007f3dada534d0 R08: 0000000000000000 R09: 0000000000000000 [ 61.982953][ T3673] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3dada2107c [ 61.990947][ T3673] R13: 00007fff3c20a04f R14: 00007f3dad95c400 R15: 0000000000022000 [ 61.998948][ T3673] [ 62.001995][ T3673] [ 62.004326][ T3673] Allocated by task 3672: [ 62.008658][ T3673] kasan_save_stack+0x22/0x40 [ 62.013372][ T3673] kasan_set_track+0x25/0x30 [ 62.017992][ T3673] __kasan_kmalloc+0xa5/0xb0 [ 62.022615][ T3673] gsm_dlci_alloc+0x46/0x480 [ 62.027228][ T3673] gsmld_ioctl+0x800/0x1060 [ 62.031754][ T3673] tty_ioctl+0x7eb/0x1660 [ 62.036107][ T3673] __x64_sys_ioctl+0x197/0x210 [ 62.040906][ T3673] do_syscall_64+0x39/0xb0 [ 62.045356][ T3673] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.051276][ T3673] [ 62.053605][ T3673] Freed by task 3672: [ 62.057590][ T3673] kasan_save_stack+0x22/0x40 [ 62.062299][ T3673] kasan_set_track+0x25/0x30 [ 62.066919][ T3673] kasan_save_free_info+0x2e/0x40 [ 62.071976][ T3673] ____kasan_slab_free+0x160/0x1c0 [ 62.077116][ T3673] slab_free_freelist_hook+0x8b/0x1c0 [ 62.082518][ T3673] __kmem_cache_free+0xaf/0x3b0 [ 62.087399][ T3673] tty_port_put+0x15c/0x1c0 [ 62.091931][ T3673] gsm_cleanup_mux+0x2f6/0x800 [ 62.096720][ T3673] gsmld_ioctl+0x533/0x1060 [ 62.101250][ T3673] tty_ioctl+0x7eb/0x1660 [ 62.105599][ T3673] __x64_sys_ioctl+0x197/0x210 [ 62.110389][ T3673] do_syscall_64+0x39/0xb0 [ 62.114841][ T3673] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.120767][ T3673] [pid 3672] <... ioctl resumed>, 0x20000040) = 0 [pid 3672] futex(0x7f3dada534cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.123187][ T3673] Last potentially related work creation: [ 62.128903][ T3673] kasan_save_stack+0x22/0x40 [ 62.133615][ T3673] __kasan_record_aux_stack+0xbc/0xd0 [ 62.139026][ T3673] call_rcu+0x9d/0x820 [ 62.143138][ T3673] netlink_release+0xf0f/0x1dd0 [ 62.147996][ T3673] __sock_release+0xcd/0x280 [ 62.152589][ T3673] sock_close+0x1c/0x20 [ 62.156740][ T3673] __fput+0x27c/0xa90 [ 62.160716][ T3673] task_work_run+0x16f/0x270 [ 62.165307][ T3673] exit_to_user_mode_prepare+0x23c/0x250 [ 62.170934][ T3673] syscall_exit_to_user_mode+0x1d/0x50 [ 62.176390][ T3673] do_syscall_64+0x46/0xb0 [ 62.180796][ T3673] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.186680][ T3673] [ 62.188994][ T3673] Second to last potentially related work creation: [ 62.195556][ T3673] kasan_save_stack+0x22/0x40 [ 62.200231][ T3673] __kasan_record_aux_stack+0xbc/0xd0 [ 62.205593][ T3673] call_rcu+0x9d/0x820 [ 62.209660][ T3673] netlink_release+0xf0f/0x1dd0 [ 62.214535][ T3673] __sock_release+0xcd/0x280 [ 62.219114][ T3673] sock_close+0x1c/0x20 [ 62.223256][ T3673] __fput+0x27c/0xa90 [ 62.227229][ T3673] task_work_run+0x16f/0x270 [ 62.231805][ T3673] exit_to_user_mode_prepare+0x23c/0x250 [ 62.237438][ T3673] syscall_exit_to_user_mode+0x1d/0x50 [ 62.242881][ T3673] do_syscall_64+0x46/0xb0 [ 62.247284][ T3673] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.253176][ T3673] [ 62.255488][ T3673] The buggy address belongs to the object at ffff888021796000 [ 62.255488][ T3673] which belongs to the cache kmalloc-2k of size 2048 [ 62.269608][ T3673] The buggy address is located 12 bytes inside of [ 62.269608][ T3673] 2048-byte region [ffff888021796000, ffff888021796800) [ 62.283049][ T3673] [ 62.285363][ T3673] The buggy address belongs to the physical page: [ 62.291753][ T3673] page:ffffea000085e400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21790 [ 62.301883][ T3673] head:ffffea000085e400 order:3 compound_mapcount:0 compound_pincount:0 [ 62.310202][ T3673] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 62.318185][ T3673] raw: 00fff00000010200 ffffea000060b200 dead000000000002 ffff888012042000 [ 62.326755][ T3673] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 62.335328][ T3673] page dumped because: kasan: bad access detected [ 62.341740][ T3673] page_owner tracks the page as allocated [ 62.347453][ T3673] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9, tgid 9 (kworker/u4:0), ts 8642632567, free_ts 0 [ 62.367348][ T3673] get_page_from_freelist+0x10b5/0x2d50 [ 62.372893][ T3673] __alloc_pages+0x1cb/0x5b0 [ 62.377471][ T3673] alloc_pages+0x1aa/0x270 [ 62.381883][ T3673] allocate_slab+0x213/0x300 [ 62.386505][ T3673] ___slab_alloc+0xa91/0x1400 [ 62.391171][ T3673] __slab_alloc.constprop.0+0x56/0xa0 [ 62.396531][ T3673] __kmem_cache_alloc_node+0x199/0x3e0 [ 62.401974][ T3673] __kmalloc+0x4a/0xd0 [ 62.406026][ T3673] scsi_alloc_target+0x132/0xc60 [ 62.410951][ T3673] __scsi_scan_target+0x13a/0xdb0 [ 62.415978][ T3673] scsi_scan_channel+0x148/0x1e0 [ 62.420916][ T3673] scsi_scan_host_selected+0x2e3/0x3b0 [ 62.426620][ T3673] do_scsi_scan_host+0x1e8/0x260 [ 62.431542][ T3673] do_scan_async+0x42/0x500 [ 62.436036][ T3673] async_run_entry_fn+0x9c/0x530 [ 62.440966][ T3673] process_one_work+0x9bf/0x1710 [ 62.445894][ T3673] page_owner free stack trace missing [ 62.451238][ T3673] [ 62.453543][ T3673] Memory state around the buggy address: [ 62.459347][ T3673] ffff888021795f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.467412][ T3673] ffff888021795f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.475469][ T3673] >ffff888021796000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.483513][ T3673] ^ [ 62.487828][ T3673] ffff888021796080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.495883][ T3673] ffff888021796100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.504028][ T3673] ================================================================== [ 62.512824][ T3673] Kernel panic - not syncing: panic_on_warn set ... [ 62.519431][ T3673] CPU: 0 PID: 3673 Comm: syz-executor417 Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 62.529891][ T3673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 62.539946][ T3673] Call Trace: [ 62.543225][ T3673] [ 62.546144][ T3673] dump_stack_lvl+0xd1/0x138 [ 62.550729][ T3673] panic+0x2cc/0x626 [ 62.554627][ T3673] ? panic_print_sys_info.part.0+0x110/0x110 [ 62.560606][ T3673] ? preempt_schedule_common+0x59/0xc0 [ 62.566062][ T3673] ? preempt_schedule_thunk+0x1a/0x1c [ 62.571435][ T3673] end_report.part.0+0x3f/0x7c [pid 3672] futex(0x7f3dada534c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3671] exit_group(0 [pid 3672] <... futex resumed>) = ? [pid 3671] <... exit_group resumed>) = ? [pid 3672] +++ exited with 0 +++ [ 62.576191][ T3673] ? gsm_cleanup_mux+0x785/0x800 [ 62.581118][ T3673] kasan_report.cold+0xa/0xf [ 62.585709][ T3673] ? gsm_cleanup_mux+0x785/0x800 [ 62.590668][ T3673] gsm_cleanup_mux+0x785/0x800 [ 62.595424][ T3673] ? gsm_dlci_begin_close+0x210/0x210 [ 62.600800][ T3673] gsmld_ioctl+0x533/0x1060 [ 62.605296][ T3673] ? gsmld_close+0x210/0x210 [ 62.609897][ T3673] tty_ioctl+0x7eb/0x1660 [ 62.614223][ T3673] ? gsmld_close+0x210/0x210 [ 62.618801][ T3673] ? tty_release+0x11b0/0x11b0 [ 62.623566][ T3673] ? find_held_lock+0x2d/0x110 [ 62.628352][ T3673] ? do_one_initcall+0x460/0x780 [ 62.633292][ T3673] ? __fget_files+0x26a/0x440 [ 62.637991][ T3673] ? bpf_lsm_file_ioctl+0x9/0x10 [ 62.642927][ T3673] ? tty_release+0x11b0/0x11b0 [ 62.647701][ T3673] __x64_sys_ioctl+0x197/0x210 [ 62.652473][ T3673] do_syscall_64+0x39/0xb0 [ 62.656938][ T3673] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.662850][ T3673] RIP: 0033:0x7f3dad9cbc79 [ 62.667255][ T3673] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 62.686868][ T3673] RSP: 002b:00007f3dad95c318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.695273][ T3673] RAX: ffffffffffffffda RBX: 00007f3dada534d8 RCX: 00007f3dad9cbc79 [ 62.703232][ T3673] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 62.711189][ T3673] RBP: 00007f3dada534d0 R08: 0000000000000000 R09: 0000000000000000 [ 62.719148][ T3673] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3dada2107c [ 62.727124][ T3673] R13: 00007fff3c20a04f R14: 00007f3dad95c400 R15: 0000000000022000 [ 62.735105][ T3673] [ 62.738264][ T3673] Kernel Offset: disabled [ 62.742581][ T3673] Rebooting in 86400 seconds..