[ OK ] Started Getty on tty1. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts. 2021/07/15 22:32:19 fuzzer started 2021/07/15 22:32:19 connecting to host at 10.128.0.169:46031 2021/07/15 22:32:19 checking machine... 2021/07/15 22:32:19 checking revisions... 2021/07/15 22:32:19 testing simple program... syzkaller login: [ 75.959696][ T8451] chnl_net:caif_netlink_parms(): no params data found [ 76.032765][ T8451] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.041280][ T8451] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.049890][ T8451] device bridge_slave_0 entered promiscuous mode [ 76.060052][ T8451] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.067272][ T8451] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.075956][ T8451] device bridge_slave_1 entered promiscuous mode [ 76.097955][ T8451] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.109425][ T8451] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.132305][ T8451] team0: Port device team_slave_0 added [ 76.139949][ T8451] team0: Port device team_slave_1 added [ 76.157922][ T8451] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.165447][ T8451] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.191796][ T8451] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.205328][ T8451] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.212671][ T8451] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.239470][ T8451] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.267261][ T8451] device hsr_slave_0 entered promiscuous mode [ 76.274019][ T8451] device hsr_slave_1 entered promiscuous mode [ 76.386423][ T8451] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.403613][ T8451] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.413096][ T8451] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.423435][ T8451] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.453165][ T8451] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.460697][ T8451] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.469400][ T8451] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.476773][ T8451] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.523972][ T8451] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.539100][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.551879][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.561650][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.572739][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 76.587640][ T8451] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.599112][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.609236][ T4885] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.616718][ T4885] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.634738][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.643265][ T4885] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.650627][ T4885] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.667380][ T8671] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.676103][ T8671] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.690728][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.703171][ T8671] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.717962][ T8451] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 76.729977][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.740349][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.764885][ T8451] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.772213][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.781798][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.802566][ T8671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.824960][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.833358][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.842470][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.854887][ T8451] device veth0_vlan entered promiscuous mode [ 76.871626][ T8451] device veth1_vlan entered promiscuous mode [ 76.900153][ T8671] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 76.910596][ T8671] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 76.920156][ T8671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.935071][ T8451] device veth0_macvtap entered promiscuous mode [ 76.946589][ T8451] device veth1_macvtap entered promiscuous mode [ 76.957069][ T8671] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.975579][ T8451] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.983923][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.994673][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 77.008474][ T8451] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.023649][ T2957] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.034289][ T2957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.046781][ T8451] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.056282][ T8451] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.069481][ T8451] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.080848][ T8451] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.175913][ T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.185817][ T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program [ 77.219432][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.237613][ T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.248426][ T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.259908][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2021/07/15 22:32:22 building call list... [ 78.098943][ T77] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.565247][ T8445] [ 79.567734][ T8445] ====================================================== [ 79.574908][ T8445] WARNING: possible circular locking dependency detected [ 79.582489][ T8445] 5.13.0-syzkaller #0 Not tainted [ 79.587838][ T8445] ------------------------------------------------------ [ 79.595004][ T8445] syz-fuzzer/8445 is trying to acquire lock: [ 79.601186][ T8445] ffffffff8ba9c180 (fs_reclaim){+.+.}-{0:0}, at: fs_reclaim_acquire+0xf7/0x160 [ 79.610855][ T8445] [ 79.610855][ T8445] but task is already holding lock: [ 79.618461][ T8445] ffff8880b9c4d620 (lock#2){-.-.}-{2:2}, at: __alloc_pages_bulk+0x4ad/0x1870 [ 79.627517][ T8445] [ 79.627517][ T8445] which lock already depends on the new lock. [ 79.627517][ T8445] [ 79.638010][ T8445] [ 79.638010][ T8445] the existing dependency chain (in reverse order) is: [ 79.647781][ T8445] [ 79.647781][ T8445] -> #2 (lock#2){-.-.}-{2:2}: [ 79.654619][ T8445] get_page_from_freelist+0x4aa/0x2f80 [ 79.661042][ T8445] __alloc_pages+0x1b2/0x500 [ 79.666422][ T8445] alloc_pages+0x18c/0x2a0 [ 79.671397][ T8445] stack_depot_save+0x39d/0x4e0 [ 79.677183][ T8445] kasan_save_stack+0x32/0x40 [ 79.682570][ T8445] kasan_record_aux_stack+0xe5/0x110 [ 79.688799][ T8445] insert_work+0x48/0x370 [ 79.693982][ T8445] __queue_work+0x5c1/0xed0 [ 79.699267][ T8445] queue_work_on+0xee/0x110 [ 79.704375][ T8445] rcu_core+0x7ab/0x1380 [ 79.709184][ T8445] __do_softirq+0x29b/0x9bd [ 79.714293][ T8445] __irq_exit_rcu+0x16e/0x1c0 [ 79.719493][ T8445] irq_exit_rcu+0x5/0x20 [ 79.724258][ T8445] sysvec_apic_timer_interrupt+0x93/0xc0 [ 79.730396][ T8445] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 79.736997][ T8445] stack_depot_save+0xe8/0x4e0 [ 79.742532][ T8445] kasan_save_stack+0x32/0x40 [ 79.747799][ T8445] kasan_set_track+0x1c/0x30 [ 79.754367][ T8445] kasan_set_free_info+0x20/0x30 [ 79.760192][ T8445] __kasan_slab_free+0xfb/0x130 [ 79.765843][ T8445] slab_free_freelist_hook+0xdf/0x240 [ 79.771739][ T8445] kmem_cache_free+0x8e/0x5a0 [ 79.776935][ T8445] add_system_zone+0x48e/0x690 [ 79.785644][ T8445] ext4_setup_system_zone+0x230/0xab0 [ 79.791537][ T8445] ext4_fill_super+0x7ccc/0xe440 [ 79.796987][ T8445] mount_bdev+0x34d/0x410 [ 79.801919][ T8445] legacy_get_tree+0x105/0x220 [ 79.807779][ T8445] vfs_get_tree+0x89/0x2f0 [ 79.813265][ T8445] path_mount+0x132a/0x1fa0 [ 79.818332][ T8445] init_mount+0xaa/0xf4 [ 79.823139][ T8445] do_mount_root+0x9c/0x25b [ 79.828162][ T8445] mount_block_root+0x32e/0x4dd [ 79.833536][ T8445] mount_root+0x1af/0x1f5 [ 79.838451][ T8445] prepare_namespace+0x1ff/0x234 [ 79.843929][ T8445] kernel_init_freeable+0x729/0x741 [ 79.850006][ T8445] kernel_init+0x1a/0x1d0 [ 79.854853][ T8445] ret_from_fork+0x1f/0x30 [ 79.859829][ T8445] [ 79.859829][ T8445] -> #1 (&pool->lock){-.-.}-{2:2}: [ 79.867102][ T8445] _raw_spin_lock+0x2a/0x40 [ 79.872296][ T8445] __queue_work+0x366/0xed0 [ 79.877358][ T8445] queue_work_on+0xee/0x110 [ 79.882729][ T8445] vfree_atomic+0xac/0xe0 [ 79.887582][ T8445] put_task_stack+0x2e0/0x4e0 [ 79.892829][ T8445] finish_task_switch.isra.0+0x77f/0xa50 [ 79.899152][ T8445] __schedule+0x93c/0x2710 [ 79.904298][ T8445] preempt_schedule_irq+0x4e/0x90 [ 79.909830][ T8445] irqentry_exit+0x31/0x80 [ 79.914752][ T8445] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 79.921330][ T8445] lock_acquire+0x1ef/0x510 [ 79.926411][ T8445] fs_reclaim_acquire+0x117/0x160 [ 79.931953][ T8445] kmem_cache_alloc+0x3e/0x4a0 [ 79.937307][ T8445] prepare_creds+0x3f/0x7b0 [ 79.942453][ T8445] copy_creds+0x9f/0xb20 [ 79.947371][ T8445] copy_process+0x1413/0x74c0 [ 79.952802][ T8445] kernel_clone+0xe7/0xab0 [ 79.957736][ T8445] kernel_thread+0xb5/0xf0 [ 79.962661][ T8445] call_usermodehelper_exec_work+0xcc/0x180 [ 79.969156][ T8445] process_one_work+0x98d/0x1630 [ 79.974604][ T8445] worker_thread+0x658/0x11f0 [ 79.979900][ T8445] kthread+0x3e5/0x4d0 [ 79.984473][ T8445] ret_from_fork+0x1f/0x30 [ 79.989392][ T8445] [ 79.989392][ T8445] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 79.996687][ T8445] __lock_acquire+0x2a07/0x54a0 [ 80.002437][ T8445] lock_acquire+0x1ab/0x510 [ 80.007829][ T8445] fs_reclaim_acquire+0x117/0x160 [ 80.013374][ T8445] prepare_alloc_pages+0x15c/0x580 [ 80.019004][ T8445] __alloc_pages+0x12f/0x500 [ 80.024124][ T8445] alloc_pages+0x18c/0x2a0 [ 80.029272][ T8445] stack_depot_save+0x39d/0x4e0 [ 80.034674][ T8445] save_stack+0x15e/0x1e0 [ 80.039536][ T8445] __set_page_owner+0x50/0x290 [ 80.045013][ T8445] __alloc_pages_bulk+0x8b9/0x1870 [ 80.050745][ T8445] __vmalloc_node_range+0x39d/0x960 [ 80.056459][ T8445] __vmalloc+0x69/0x80 [ 80.061140][ T8445] snd_dma_alloc_pages+0x433/0x590 [ 80.066903][ T8445] do_alloc_pages+0x9b/0x160 [ 80.072036][ T8445] snd_pcm_lib_malloc_pages+0x3f6/0x880 [ 80.078492][ T8445] snd_pcm_hw_params+0x1408/0x1990 [ 80.084224][ T8445] snd_pcm_kernel_ioctl+0xd1/0x240 [ 80.089849][ T8445] snd_pcm_oss_change_params_locked+0x1958/0x3990 [ 80.097820][ T8445] snd_pcm_oss_make_ready+0xe7/0x1b0 [ 80.103640][ T8445] snd_pcm_oss_sync+0x1de/0x800 [ 80.109206][ T8445] snd_pcm_oss_release+0x276/0x300 [ 80.115306][ T8445] __fput+0x288/0x920 [ 80.120017][ T8445] task_work_run+0xdd/0x1a0 [ 80.125212][ T8445] exit_to_user_mode_prepare+0x27e/0x290 [ 80.131539][ T8445] syscall_exit_to_user_mode+0x19/0x60 [ 80.138135][ T8445] do_syscall_64+0x42/0xb0 [ 80.143068][ T8445] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 80.149571][ T8445] [ 80.149571][ T8445] other info that might help us debug this: [ 80.149571][ T8445] [ 80.159863][ T8445] Chain exists of: [ 80.159863][ T8445] fs_reclaim --> &pool->lock --> lock#2 [ 80.159863][ T8445] [ 80.171396][ T8445] Possible unsafe locking scenario: [ 80.171396][ T8445] [ 80.179083][ T8445] CPU0 CPU1 [ 80.184514][ T8445] ---- ---- [ 80.190030][ T8445] lock(lock#2); [ 80.193752][ T8445] lock(&pool->lock); [ 80.200417][ T8445] lock(lock#2); [ 80.206572][ T8445] lock(fs_reclaim); [ 80.210616][ T8445] [ 80.210616][ T8445] *** DEADLOCK *** [ 80.210616][ T8445] [ 80.219092][ T8445] 2 locks held by syz-fuzzer/8445: [ 80.224362][ T8445] #0: ffff88802e47e440 (&runtime->oss.params_lock){+.+.}-{3:3}, at: snd_pcm_oss_make_ready+0xc7/0x1b0 [ 80.235833][ T8445] #1: ffff8880b9c4d620 (lock#2){-.-.}-{2:2}, at: __alloc_pages_bulk+0x4ad/0x1870 [ 80.245373][ T8445] [ 80.245373][ T8445] stack backtrace: [ 80.251861][ T8445] CPU: 0 PID: 8445 Comm: syz-fuzzer Not tainted 5.13.0-syzkaller #0 executing program [ 80.260180][ T8445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.270217][ T8445] Call Trace: [ 80.273502][ T8445] dump_stack_lvl+0xcd/0x134 [ 80.278267][ T8445] check_noncircular+0x25f/0x2e0 [ 80.283196][ T8445] ? print_circular_bug+0x1e0/0x1e0 [ 80.288460][ T8445] ? __kernel_text_address+0x9/0x30 [ 80.293668][ T8445] ? unwind_get_return_address+0x51/0x90 [ 80.299304][ T8445] ? lockdep_lock+0xc6/0x200 [ 80.304079][ T8445] ? call_rcu_zapped+0xb0/0xb0 [ 80.308842][ T8445] __lock_acquire+0x2a07/0x54a0 [ 80.313796][ T8445] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 80.320286][ T8445] ? register_early_stack+0xb0/0xb0 [ 80.326170][ T8445] lock_acquire+0x1ab/0x510 [ 80.330790][ T8445] ? fs_reclaim_acquire+0xf7/0x160 [ 80.335986][ T8445] ? lock_release+0x720/0x720 [ 80.341104][ T8445] ? lock_chain_count+0x20/0x20 [ 80.346134][ T8445] ? mark_lock+0xef/0x17b0 [ 80.350531][ T8445] ? deref_stack_reg+0xee/0x150 [ 80.355390][ T8445] fs_reclaim_acquire+0x117/0x160 [ 80.360400][ T8445] ? fs_reclaim_acquire+0xf7/0x160 [ 80.365495][ T8445] prepare_alloc_pages+0x15c/0x580 [ 80.370591][ T8445] ? exit_to_user_mode_prepare+0x27e/0x290 [ 80.376638][ T8445] __alloc_pages+0x12f/0x500 [ 80.381430][ T8445] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 80.388359][ T8445] ? __unwind_start+0x51b/0x800 [ 80.393637][ T8445] ? __kernel_text_address+0x9/0x30 [ 80.398997][ T8445] alloc_pages+0x18c/0x2a0 [ 80.403662][ T8445] stack_depot_save+0x39d/0x4e0 [ 80.408756][ T8445] save_stack+0x15e/0x1e0 [ 80.413346][ T8445] ? register_early_stack+0xb0/0xb0 [ 80.418733][ T8445] ? __alloc_pages_bulk+0x8b9/0x1870 [ 80.424199][ T8445] ? __vmalloc_node_range+0x39d/0x960 [ 80.429577][ T8445] ? __vmalloc+0x69/0x80 [ 80.433815][ T8445] ? snd_dma_alloc_pages+0x433/0x590 [ 80.439195][ T8445] ? do_alloc_pages+0x9b/0x160 [ 80.443958][ T8445] ? snd_pcm_lib_malloc_pages+0x3f6/0x880 [ 80.449785][ T8445] ? snd_pcm_hw_params+0x1408/0x1990 [ 80.455074][ T8445] ? snd_pcm_kernel_ioctl+0xd1/0x240 [ 80.460353][ T8445] ? snd_pcm_oss_change_params_locked+0x1958/0x3990 [ 80.467027][ T8445] ? snd_pcm_oss_make_ready+0xe7/0x1b0 [ 80.472722][ T8445] ? snd_pcm_oss_sync+0x1de/0x800 [ 80.477752][ T8445] ? snd_pcm_oss_release+0x276/0x300 [ 80.483075][ T8445] ? __fput+0x288/0x920 [ 80.487320][ T8445] ? task_work_run+0xdd/0x1a0 [ 80.492108][ T8445] ? exit_to_user_mode_prepare+0x27e/0x290 [ 80.498069][ T8445] ? syscall_exit_to_user_mode+0x19/0x60 [ 80.503850][ T8445] ? preempt_count_add+0x74/0x140 [ 80.508876][ T8445] __set_page_owner+0x50/0x290 [ 80.513825][ T8445] ? post_alloc_hook+0x145/0x1e0 [ 80.518851][ T8445] __alloc_pages_bulk+0x8b9/0x1870 [ 80.523961][ T8445] ? __alloc_pages+0x500/0x500 [ 80.528899][ T8445] ? rcu_read_lock_sched_held+0x3a/0x70 [ 80.534788][ T8445] ? trace_kmalloc_node+0xbe/0xf0 [ 80.539820][ T8445] __vmalloc_node_range+0x39d/0x960 [ 80.545100][ T8445] ? vfree_atomic+0xe0/0xe0 [ 80.549880][ T8445] ? snd_dma_alloc_pages+0x433/0x590 [ 80.555329][ T8445] __vmalloc+0x69/0x80 [ 80.559493][ T8445] ? snd_dma_alloc_pages+0x433/0x590 [ 80.564920][ T8445] snd_dma_alloc_pages+0x433/0x590 [ 80.570149][ T8445] do_alloc_pages+0x9b/0x160 [ 80.574753][ T8445] snd_pcm_lib_malloc_pages+0x3f6/0x880 [ 80.580495][ T8445] ? snd_pcm_hw_params+0x828/0x1990 [ 80.585897][ T8445] snd_pcm_hw_params+0x1408/0x1990 [ 80.591098][ T8445] ? snd_pcm_playback_open+0x130/0x130 [ 80.596738][ T8445] ? snd_pcm_hw_param_near.constprop.0+0x6ca/0x8f0 [ 80.603729][ T8445] ? snd_pcm_oss_disconnect_minor+0x370/0x370 [ 80.609867][ T8445] snd_pcm_kernel_ioctl+0xd1/0x240 [ 80.615144][ T8445] snd_pcm_oss_change_params_locked+0x1958/0x3990 [ 80.621817][ T8445] ? snd_pcm_plugin_append+0x190/0x190 [ 80.627279][ T8445] ? snd_pcm_oss_make_ready+0xc7/0x1b0 [ 80.633108][ T8445] ? locks_remove_posix+0x33b/0x5e0 [ 80.638817][ T8445] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 80.644877][ T8445] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 80.651422][ T8445] ? __fsnotify_parent+0x488/0x9d0 [ 80.656709][ T8445] snd_pcm_oss_make_ready+0xe7/0x1b0 [ 80.662055][ T8445] snd_pcm_oss_sync+0x1de/0x800 [ 80.667084][ T8445] snd_pcm_oss_release+0x276/0x300 [ 80.672365][ T8445] __fput+0x288/0x920 [ 80.676361][ T8445] ? snd_pcm_oss_sync+0x800/0x800 [ 80.681386][ T8445] task_work_run+0xdd/0x1a0 [ 80.685968][ T8445] exit_to_user_mode_prepare+0x27e/0x290 [ 80.691587][ T8445] syscall_exit_to_user_mode+0x19/0x60 [ 80.697032][ T8445] do_syscall_64+0x42/0xb0 [ 80.701435][ T8445] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 80.707351][ T8445] RIP: 0033:0x4af19b [ 80.711416][ T8445] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 80.731008][ T8445] RSP: 002b:000000c00037d430 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 80.739510][ T8445] RAX: 0000000000000000 RBX: 000000c00001c000 RCX: 00000000004af19b [ 80.747826][ T8445] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 80.755979][ T8445] RBP: 000000c00037d470 R08: 0000000000000001 R09: 0000000000000000 [ 80.763952][ T8445] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000013f [ 80.771907][ T8445] R13: 000000000000013e R14: 0000000000000200 R15: 000000c000293400 [ 80.779889][ T8445] BUG: sleeping function called from invalid context at mm/page_alloc.c:5179 [ 80.789335][ T8445] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 8445, name: syz-fuzzer [ 80.798400][ T8445] INFO: lockdep is turned off. [ 80.803149][ T8445] irq event stamp: 114834 [ 80.807669][ T8445] hardirqs last enabled at (114833): [] _raw_spin_unlock_irqrestore+0x50/0x70 [ 80.818940][ T8445] hardirqs last disabled at (114834): [] __alloc_pages_bulk+0x1017/0x1870 [ 80.829466][ T8445] softirqs last enabled at (114470): [] __irq_exit_rcu+0x16e/0x1c0 [ 80.839675][ T8445] softirqs last disabled at (114449): [] __irq_exit_rcu+0x16e/0x1c0 [ 80.849221][ T8445] CPU: 0 PID: 8445 Comm: syz-fuzzer Not tainted 5.13.0-syzkaller #0 [ 80.857288][ T8445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.867673][ T8445] Call Trace: [ 80.871060][ T8445] dump_stack_lvl+0xcd/0x134 [ 80.876171][ T8445] ___might_sleep.cold+0x1f1/0x237 [ 80.883152][ T8445] prepare_alloc_pages+0x3da/0x580 [ 80.888381][ T8445] ? exit_to_user_mode_prepare+0x27e/0x290 [ 80.894184][ T8445] __alloc_pages+0x12f/0x500 [ 80.898778][ T8445] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 80.905705][ T8445] ? __unwind_start+0x51b/0x800 [ 80.910542][ T8445] ? __kernel_text_address+0x9/0x30 [ 80.915724][ T8445] alloc_pages+0x18c/0x2a0 [ 80.920664][ T8445] stack_depot_save+0x39d/0x4e0 [ 80.925517][ T8445] save_stack+0x15e/0x1e0 [ 80.929946][ T8445] ? register_early_stack+0xb0/0xb0 [ 80.935134][ T8445] ? __alloc_pages_bulk+0x8b9/0x1870 [ 80.940416][ T8445] ? __vmalloc_node_range+0x39d/0x960 [ 80.945864][ T8445] ? __vmalloc+0x69/0x80 [ 80.950098][ T8445] ? snd_dma_alloc_pages+0x433/0x590 [ 80.955367][ T8445] ? do_alloc_pages+0x9b/0x160 [ 80.960318][ T8445] ? snd_pcm_lib_malloc_pages+0x3f6/0x880 [ 80.966048][ T8445] ? snd_pcm_hw_params+0x1408/0x1990 [ 80.971775][ T8445] ? snd_pcm_kernel_ioctl+0xd1/0x240 [ 80.977184][ T8445] ? snd_pcm_oss_change_params_locked+0x1958/0x3990 [ 80.983791][ T8445] ? snd_pcm_oss_make_ready+0xe7/0x1b0 [ 80.989248][ T8445] ? snd_pcm_oss_sync+0x1de/0x800 [ 80.994302][ T8445] ? snd_pcm_oss_release+0x276/0x300 [ 80.999573][ T8445] ? __fput+0x288/0x920 [ 81.003726][ T8445] ? task_work_run+0xdd/0x1a0 [ 81.008758][ T8445] ? exit_to_user_mode_prepare+0x27e/0x290 [ 81.014545][ T8445] ? syscall_exit_to_user_mode+0x19/0x60 [ 81.020167][ T8445] ? preempt_count_add+0x74/0x140 [ 81.025653][ T8445] __set_page_owner+0x50/0x290 [ 81.030499][ T8445] ? post_alloc_hook+0x145/0x1e0 [ 81.035429][ T8445] __alloc_pages_bulk+0x8b9/0x1870 [ 81.040540][ T8445] ? __alloc_pages+0x500/0x500 [ 81.045728][ T8445] ? rcu_read_lock_sched_held+0x3a/0x70 [ 81.051354][ T8445] ? trace_kmalloc_node+0xbe/0xf0 [ 81.056459][ T8445] __vmalloc_node_range+0x39d/0x960 [ 81.061730][ T8445] ? vfree_atomic+0xe0/0xe0 [ 81.066302][ T8445] ? snd_dma_alloc_pages+0x433/0x590 [ 81.071565][ T8445] __vmalloc+0x69/0x80 [ 81.075613][ T8445] ? snd_dma_alloc_pages+0x433/0x590 [ 81.080876][ T8445] snd_dma_alloc_pages+0x433/0x590 [ 81.086116][ T8445] do_alloc_pages+0x9b/0x160 [ 81.090695][ T8445] snd_pcm_lib_malloc_pages+0x3f6/0x880 [ 81.096246][ T8445] ? snd_pcm_hw_params+0x828/0x1990 [ 81.101871][ T8445] snd_pcm_hw_params+0x1408/0x1990 [ 81.106988][ T8445] ? snd_pcm_playback_open+0x130/0x130 [ 81.112864][ T8445] ? snd_pcm_hw_param_near.constprop.0+0x6ca/0x8f0 [ 81.119362][ T8445] ? snd_pcm_oss_disconnect_minor+0x370/0x370 [ 81.125708][ T8445] snd_pcm_kernel_ioctl+0xd1/0x240 [ 81.130912][ T8445] snd_pcm_oss_change_params_locked+0x1958/0x3990 [ 81.137597][ T8445] ? snd_pcm_plugin_append+0x190/0x190 [ 81.143217][ T8445] ? snd_pcm_oss_make_ready+0xc7/0x1b0 [ 81.148763][ T8445] ? locks_remove_posix+0x33b/0x5e0 [ 81.155083][ T8445] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 81.161137][ T8445] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 81.167358][ T8445] ? __fsnotify_parent+0x488/0x9d0 [ 81.172624][ T8445] snd_pcm_oss_make_ready+0xe7/0x1b0 [ 81.178113][ T8445] snd_pcm_oss_sync+0x1de/0x800 [ 81.183254][ T8445] snd_pcm_oss_release+0x276/0x300 [ 81.188414][ T8445] __fput+0x288/0x920 [ 81.192477][ T8445] ? snd_pcm_oss_sync+0x800/0x800 [ 81.197666][ T8445] task_work_run+0xdd/0x1a0 [ 81.202553][ T8445] exit_to_user_mode_prepare+0x27e/0x290 [ 81.208284][ T8445] syscall_exit_to_user_mode+0x19/0x60 [ 81.213870][ T8445] do_syscall_64+0x42/0xb0 [ 81.218546][ T8445] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 81.224793][ T8445] RIP: 0033:0x4af19b [ 81.228954][ T8445] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 81.249712][ T8445] RSP: 002b:000000c00037d430 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 81.258495][ T8445] RAX: 0000000000000000 RBX: 000000c00001c000 RCX: 00000000004af19b [ 81.266469][ T8445] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 81.274867][ T8445] RBP: 000000c00037d470 R08: 0000000000000001 R09: 0000000000000000 [ 81.283321][ T8445] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000013f [ 81.291500][ T8445] R13: 000000000000013e R14: 0000000000000200 R15: 000000c000293400 [ 81.442673][ T8445] can: request_module (can-proto-0) failed. [ 81.454365][ T8445] can: request_module (can-proto-0) failed. [ 81.465521][ T8445] can: request_module (can-proto-0) failed. [ 81.669884][ T8445] base_sock_release(ffff88803967c540) sk=ffff888020e7c000 [ 81.684190][ T77] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.726446][ T8451] syz-executor.0 (8451) used greatest stack depth: 22360 bytes left