Warning: Permanently added '10.128.0.142' (ECDSA) to the list of known hosts. 2021/07/15 22:22:12 fuzzer started 2021/07/15 22:22:12 connecting to host at 10.128.0.169:38521 2021/07/15 22:22:12 checking machine... 2021/07/15 22:22:12 checking revisions... 2021/07/15 22:22:12 testing simple program... syzkaller login: [ 78.500335][ T8478] chnl_net:caif_netlink_parms(): no params data found [ 78.555470][ T8478] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.563440][ T8478] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.571280][ T8478] device bridge_slave_0 entered promiscuous mode [ 78.581619][ T8478] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.589358][ T8478] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.598361][ T8478] device bridge_slave_1 entered promiscuous mode [ 78.619979][ T8478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.630971][ T8478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.653871][ T8478] team0: Port device team_slave_0 added [ 78.662324][ T8478] team0: Port device team_slave_1 added [ 78.681575][ T8478] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.688795][ T8478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.715736][ T8478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.729480][ T8478] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.737932][ T8478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.765029][ T8478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.792641][ T8478] device hsr_slave_0 entered promiscuous mode [ 78.800771][ T8478] device hsr_slave_1 entered promiscuous mode [ 78.911322][ T8478] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.927902][ T8478] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.937780][ T8478] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.951734][ T8478] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.978842][ T8478] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.986251][ T8478] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.994429][ T8478] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.001530][ T8478] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.049120][ T8478] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.066032][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.077806][ T2958] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.087598][ T2958] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.097300][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 79.111669][ T8478] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.124990][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.134001][ T4885] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.141374][ T4885] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.164912][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.174435][ T2958] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.182337][ T2958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.208433][ T8697] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 79.218550][ T8697] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 79.228739][ T8697] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.237936][ T8697] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.247831][ T8697] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 79.259449][ T8478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 79.281209][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 79.290171][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 79.302386][ T8478] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.322314][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.343830][ T8697] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.355093][ T8697] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.364604][ T8697] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.374925][ T8478] device veth0_vlan entered promiscuous mode [ 79.386994][ T8478] device veth1_vlan entered promiscuous mode [ 79.396272][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 79.419133][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 79.428582][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 79.440257][ T8478] device veth0_macvtap entered promiscuous mode [ 79.454323][ T8478] device veth1_macvtap entered promiscuous mode [ 79.472578][ T8478] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.481538][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 79.492483][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 79.504631][ T8478] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.513464][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 79.522146][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 79.537527][ T8478] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.546831][ T8478] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.557122][ T8478] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.567540][ T8478] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 79.668753][ T4496] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.692716][ T4496] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.715053][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.715918][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.726572][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.742938][ T8697] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2021/07/15 22:22:15 building call list... [ 80.600811][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.231360][ T8471] [ 82.233914][ T8471] ====================================================== [ 82.241222][ T8471] WARNING: possible circular locking dependency detected [ 82.248437][ T8471] 5.14.0-rc1-syzkaller #0 Not tainted [ 82.253817][ T8471] ------------------------------------------------------ [ 82.260923][ T8471] syz-fuzzer/8471 is trying to acquire lock: [ 82.267436][ T8471] ffffffff8ba9c3a0 (fs_reclaim){+.+.}-{0:0}, at: fs_reclaim_acquire+0xf7/0x160 [ 82.276708][ T8471] [ 82.276708][ T8471] but task is already holding lock: [ 82.284570][ T8471] ffff8880b9c4d660 (lock#2){-.-.}-{2:2}, at: __alloc_pages_bulk+0x4ad/0x1870 [ 82.293609][ T8471] [ 82.293609][ T8471] which lock already depends on the new lock. [ 82.293609][ T8471] [ 82.305586][ T8471] [ 82.305586][ T8471] the existing dependency chain (in reverse order) is: [ 82.315157][ T8471] [ 82.315157][ T8471] -> #3 (lock#2){-.-.}-{2:2}: [ 82.322540][ T8471] get_page_from_freelist+0x4aa/0x2f80 [ 82.329136][ T8471] __alloc_pages+0x1b2/0x500 [ 82.334333][ T8471] alloc_pages+0x18c/0x2a0 [ 82.339437][ T8471] allocate_slab+0x32b/0x4c0 [ 82.344721][ T8471] ___slab_alloc+0x4ba/0x820 [ 82.350880][ T8471] __slab_alloc.constprop.0+0xa7/0xf0 [ 82.357050][ T8471] kmem_cache_alloc+0x372/0x3a0 [ 82.362421][ T8471] anon_vma_clone+0xe0/0x5f0 [ 82.367726][ T8471] anon_vma_fork+0x82/0x630 [ 82.372758][ T8471] dup_mm+0x9a0/0x1380 [ 82.378781][ T8471] copy_process+0x71ec/0x74d0 [ 82.384093][ T8471] kernel_clone+0xe7/0xac0 [ 82.389073][ T8471] __do_sys_clone+0xc8/0x110 [ 82.396142][ T8471] do_syscall_64+0x35/0xb0 [ 82.401793][ T8471] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 82.409457][ T8471] [ 82.409457][ T8471] -> #2 (&anon_vma->rwsem){++++}-{3:3}: [ 82.417276][ T8471] down_write+0x92/0x150 [ 82.422353][ T8471] __vma_adjust+0x30e/0x2680 [ 82.428092][ T8471] __split_vma+0x2b3/0x550 [ 82.433895][ T8471] split_vma+0x95/0xd0 [ 82.438510][ T8471] mprotect_fixup+0x71c/0x940 [ 82.443903][ T8471] do_mprotect_pkey+0x558/0x9a0 [ 82.449374][ T8471] __x64_sys_mprotect+0x74/0xb0 [ 82.454847][ T8471] do_syscall_64+0x35/0xb0 [ 82.459775][ T8471] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 82.466404][ T8471] [ 82.466404][ T8471] -> #1 (&mapping->i_mmap_rwsem){++++}-{3:3}: [ 82.475014][ T8471] down_write+0x92/0x150 [ 82.480058][ T8471] dma_resv_lockdep+0x341/0x536 [ 82.485718][ T8471] do_one_initcall+0x103/0x650 [ 82.491113][ T8471] kernel_init_freeable+0x6b8/0x741 [ 82.497036][ T8471] kernel_init+0x1a/0x1d0 [ 82.502001][ T8471] ret_from_fork+0x1f/0x30 [ 82.506948][ T8471] [ 82.506948][ T8471] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 82.514392][ T8471] __lock_acquire+0x2a07/0x54a0 [ 82.519869][ T8471] lock_acquire+0x1ab/0x510 [ 82.525116][ T8471] fs_reclaim_acquire+0x117/0x160 [ 82.530749][ T8471] prepare_alloc_pages+0x15c/0x580 [ 82.536463][ T8471] __alloc_pages+0x12f/0x500 [ 82.541839][ T8471] alloc_pages+0x18c/0x2a0 [ 82.546778][ T8471] stack_depot_save+0x39d/0x4e0 [ 82.552178][ T8471] save_stack+0x15e/0x1e0 [ 82.557259][ T8471] __set_page_owner+0x50/0x290 [ 82.562564][ T8471] __alloc_pages_bulk+0x8b9/0x1870 [ 82.568540][ T8471] __vmalloc_node_range+0x39d/0x960 [ 82.574448][ T8471] vzalloc+0x67/0x80 [ 82.578969][ T8471] n_tty_open+0x16/0x170 [ 82.583719][ T8471] tty_ldisc_open+0x9b/0x110 [ 82.589014][ T8471] tty_ldisc_setup+0x43/0x100 [ 82.594371][ T8471] tty_init_dev.part.0+0x1f4/0x610 [ 82.599991][ T8471] tty_init_dev+0x5b/0x80 [ 82.604840][ T8471] ptmx_open+0x112/0x360 [ 82.609622][ T8471] chrdev_open+0x266/0x770 [ 82.614647][ T8471] do_dentry_open+0x4c8/0x11d0 [ 82.620107][ T8471] path_openat+0x1c23/0x27f0 [ 82.625218][ T8471] do_filp_open+0x1aa/0x400 [ 82.630257][ T8471] do_sys_openat2+0x16d/0x420 [ 82.635600][ T8471] __x64_sys_openat+0x13f/0x1f0 [ 82.641862][ T8471] do_syscall_64+0x35/0xb0 [ 82.647299][ T8471] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 82.653734][ T8471] [ 82.653734][ T8471] other info that might help us debug this: [ 82.653734][ T8471] [ 82.664063][ T8471] Chain exists of: [ 82.664063][ T8471] fs_reclaim --> &anon_vma->rwsem --> lock#2 [ 82.664063][ T8471] [ 82.676363][ T8471] Possible unsafe locking scenario: executing program [ 82.676363][ T8471] [ 82.683801][ T8471] CPU0 CPU1 [ 82.689282][ T8471] ---- ---- [ 82.694631][ T8471] lock(lock#2); [ 82.698484][ T8471] lock(&anon_vma->rwsem); [ 82.705846][ T8471] lock(lock#2); [ 82.712372][ T8471] lock(fs_reclaim); [ 82.716551][ T8471] [ 82.716551][ T8471] *** DEADLOCK *** [ 82.716551][ T8471] [ 82.724878][ T8471] 4 locks held by syz-fuzzer/8471: [ 82.730291][ T8471] #0: ffffffff8c378148 (tty_mutex){+.+.}-{3:3}, at: ptmx_open+0x103/0x360 [ 82.739119][ T8471] #1: ffff88802ef5b1c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_lock+0xbd/0x120 [ 82.748627][ T8471] #2: ffff88802ef5b098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock+0x61/0xb0 [ 82.758309][ T8471] #3: ffff8880b9c4d660 (lock#2){-.-.}-{2:2}, at: __alloc_pages_bulk+0x4ad/0x1870 [ 82.767849][ T8471] [ 82.767849][ T8471] stack backtrace: [ 82.773729][ T8471] CPU: 0 PID: 8471 Comm: syz-fuzzer Not tainted 5.14.0-rc1-syzkaller #0 [ 82.782051][ T8471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.792245][ T8471] Call Trace: [ 82.795607][ T8471] dump_stack_lvl+0xcd/0x134 [ 82.800367][ T8471] check_noncircular+0x25f/0x2e0 [ 82.805491][ T8471] ? print_circular_bug+0x1e0/0x1e0 [ 82.810693][ T8471] ? mark_lock+0xef/0x17b0 [ 82.815130][ T8471] ? arch_stack_walk+0x93/0xe0 [ 82.820153][ T8471] ? lockdep_lock+0xc6/0x200 [ 82.825185][ T8471] ? call_rcu_zapped+0xb0/0xb0 [ 82.829946][ T8471] __lock_acquire+0x2a07/0x54a0 [ 82.834824][ T8471] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 82.840888][ T8471] lock_acquire+0x1ab/0x510 [ 82.845505][ T8471] ? fs_reclaim_acquire+0xf7/0x160 [ 82.850977][ T8471] ? lock_release+0x720/0x720 [ 82.855809][ T8471] ? lock_chain_count+0x20/0x20 [ 82.861443][ T8471] ? mark_lock+0xef/0x17b0 [ 82.865855][ T8471] ? deref_stack_reg+0xee/0x150 [ 82.870881][ T8471] fs_reclaim_acquire+0x117/0x160 [ 82.876142][ T8471] ? fs_reclaim_acquire+0xf7/0x160 [ 82.881528][ T8471] prepare_alloc_pages+0x15c/0x580 [ 82.886678][ T8471] ? __x64_sys_openat+0x13f/0x1f0 [ 82.891698][ T8471] __alloc_pages+0x12f/0x500 [ 82.896578][ T8471] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 82.904133][ T8471] ? __unwind_start+0x51b/0x800 [ 82.909102][ T8471] ? __kernel_text_address+0x9/0x30 [ 82.914665][ T8471] alloc_pages+0x18c/0x2a0 [ 82.919135][ T8471] stack_depot_save+0x39d/0x4e0 [ 82.923996][ T8471] save_stack+0x15e/0x1e0 [ 82.928959][ T8471] ? register_early_stack+0xb0/0xb0 [ 82.934255][ T8471] ? __alloc_pages_bulk+0x8b9/0x1870 [ 82.940166][ T8471] ? __vmalloc_node_range+0x39d/0x960 [ 82.945531][ T8471] ? vzalloc+0x67/0x80 [ 82.949673][ T8471] ? n_tty_open+0x16/0x170 [ 82.954165][ T8471] ? tty_ldisc_open+0x9b/0x110 [ 82.959197][ T8471] ? tty_ldisc_setup+0x43/0x100 [ 82.964036][ T8471] ? tty_init_dev.part.0+0x1f4/0x610 [ 82.969580][ T8471] ? tty_init_dev+0x5b/0x80 [ 82.974275][ T8471] ? ptmx_open+0x112/0x360 [ 82.978890][ T8471] ? chrdev_open+0x266/0x770 [ 82.983741][ T8471] ? do_dentry_open+0x4c8/0x11d0 [ 82.988756][ T8471] ? path_openat+0x1c23/0x27f0 [ 82.993606][ T8471] ? do_filp_open+0x1aa/0x400 [ 82.998270][ T8471] ? do_sys_openat2+0x16d/0x420 [ 83.003279][ T8471] ? __x64_sys_openat+0x13f/0x1f0 [ 83.008576][ T8471] ? do_syscall_64+0x35/0xb0 [ 83.013266][ T8471] ? preempt_count_add+0x74/0x140 [ 83.018693][ T8471] __set_page_owner+0x50/0x290 [ 83.023569][ T8471] ? post_alloc_hook+0x145/0x1e0 [ 83.028503][ T8471] __alloc_pages_bulk+0x8b9/0x1870 [ 83.033819][ T8471] ? __alloc_pages+0x500/0x500 [ 83.038922][ T8471] ? rcu_read_lock_sched_held+0x3a/0x70 [ 83.044668][ T8471] ? trace_kmalloc_node+0x32/0x100 [ 83.050563][ T8471] __vmalloc_node_range+0x39d/0x960 [ 83.056471][ T8471] ? vfree_atomic+0xe0/0xe0 [ 83.061161][ T8471] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 83.068706][ T8471] ? __ldsem_down_read_nested+0x850/0x850 [ 83.074667][ T8471] ? __wake_up_common+0x650/0x650 [ 83.079803][ T8471] ? n_tty_open+0x16/0x170 [ 83.084442][ T8471] vzalloc+0x67/0x80 [ 83.089306][ T8471] ? n_tty_open+0x16/0x170 [ 83.094403][ T8471] n_tty_open+0x16/0x170 [ 83.098923][ T8471] ? n_tty_set_termios+0x1010/0x1010 [ 83.104902][ T8471] tty_ldisc_open+0x9b/0x110 [ 83.109597][ T8471] tty_ldisc_setup+0x43/0x100 [ 83.114389][ T8471] tty_init_dev.part.0+0x1f4/0x610 [ 83.119645][ T8471] ? pty_unix98_compat_ioctl+0x50/0x50 [ 83.125808][ T8471] tty_init_dev+0x5b/0x80 [ 83.130251][ T8471] ptmx_open+0x112/0x360 [ 83.134508][ T8471] ? pty_unix98_compat_ioctl+0x50/0x50 [ 83.140961][ T8471] chrdev_open+0x266/0x770 [ 83.145525][ T8471] ? cdev_device_add+0x210/0x210 [ 83.150565][ T8471] ? security_file_open+0x205/0x4f0 [ 83.156289][ T8471] do_dentry_open+0x4c8/0x11d0 [ 83.161217][ T8471] ? cdev_device_add+0x210/0x210 [ 83.166566][ T8471] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 83.172986][ T8471] ? may_open+0x1f6/0x420 [ 83.177502][ T8471] path_openat+0x1c23/0x27f0 [ 83.182958][ T8471] ? path_lookupat+0x860/0x860 [ 83.187790][ T8471] ? mark_lock+0xef/0x17b0 [ 83.192404][ T8471] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 83.198412][ T8471] do_filp_open+0x1aa/0x400 [ 83.203028][ T8471] ? may_open_dev+0xf0/0xf0 [ 83.209295][ T8471] ? rwlock_bug.part.0+0x90/0x90 [ 83.214353][ T8471] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 83.220847][ T8471] ? _find_next_bit+0x1e3/0x260 [ 83.225924][ T8471] ? _raw_spin_unlock+0x24/0x40 [ 83.231319][ T8471] ? alloc_fd+0x2f0/0x670 [ 83.236037][ T8471] do_sys_openat2+0x16d/0x420 [ 83.240863][ T8471] ? build_open_flags+0x6f0/0x6f0 [ 83.245987][ T8471] ? __context_tracking_exit+0xb8/0xe0 [ 83.251538][ T8471] ? lock_downgrade+0x6e0/0x6e0 [ 83.256590][ T8471] __x64_sys_openat+0x13f/0x1f0 [ 83.261485][ T8471] ? __ia32_sys_open+0x1c0/0x1c0 [ 83.266422][ T8471] ? syscall_enter_from_user_mode+0x21/0x70 [ 83.272341][ T8471] do_syscall_64+0x35/0xb0 [ 83.277016][ T8471] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 83.283001][ T8471] RIP: 0033:0x4af20a [ 83.287054][ T8471] Code: e8 3b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 83.307509][ T8471] RSP: 002b:000000c00030b3f8 EFLAGS: 00000216 ORIG_RAX: 0000000000000101 [ 83.316058][ T8471] RAX: ffffffffffffffda RBX: 000000c00001c000 RCX: 00000000004af20a [ 83.324215][ T8471] RDX: 0000000000000000 RSI: 000000c0001778c0 RDI: ffffffffffffff9c [ 83.332672][ T8471] RBP: 000000c00030b470 R08: 0000000000000000 R09: 0000000000000000 [ 83.340840][ T8471] R10: 0000000000000000 R11: 0000000000000216 R12: 000000000000018d [ 83.349256][ T8471] R13: 000000000000018c R14: 0000000000000200 R15: 000000c0004ad0e0 [ 83.357574][ T8471] BUG: sleeping function called from invalid context at mm/page_alloc.c:5167 [ 83.366541][ T8471] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 8471, name: syz-fuzzer [ 83.375751][ T8471] INFO: lockdep is turned off. [ 83.380514][ T8471] irq event stamp: 147860 [ 83.385049][ T8471] hardirqs last enabled at (147859): [] _raw_spin_unlock_irqrestore+0x50/0x70 [ 83.395944][ T8471] hardirqs last disabled at (147860): [] __alloc_pages_bulk+0x1017/0x1870 [ 83.406441][ T8471] softirqs last enabled at (140836): [] __irq_exit_rcu+0x16e/0x1c0 [ 83.415988][ T8471] softirqs last disabled at (140781): [] __irq_exit_rcu+0x16e/0x1c0 [ 83.425638][ T8471] CPU: 0 PID: 8471 Comm: syz-fuzzer Not tainted 5.14.0-rc1-syzkaller #0 [ 83.434135][ T8471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.444306][ T8471] Call Trace: [ 83.447578][ T8471] dump_stack_lvl+0xcd/0x134 [ 83.452490][ T8471] ___might_sleep.cold+0x1f1/0x237 [ 83.457706][ T8471] prepare_alloc_pages+0x3da/0x580 [ 83.463101][ T8471] ? __x64_sys_openat+0x13f/0x1f0 [ 83.468138][ T8471] __alloc_pages+0x12f/0x500 [ 83.472732][ T8471] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 83.479774][ T8471] ? __unwind_start+0x51b/0x800 [ 83.484624][ T8471] ? __kernel_text_address+0x9/0x30 [ 83.489816][ T8471] alloc_pages+0x18c/0x2a0 [ 83.494310][ T8471] stack_depot_save+0x39d/0x4e0 [ 83.499175][ T8471] save_stack+0x15e/0x1e0 [ 83.503675][ T8471] ? register_early_stack+0xb0/0xb0 [ 83.508865][ T8471] ? __alloc_pages_bulk+0x8b9/0x1870 [ 83.514406][ T8471] ? __vmalloc_node_range+0x39d/0x960 [ 83.519828][ T8471] ? vzalloc+0x67/0x80 [ 83.523909][ T8471] ? n_tty_open+0x16/0x170 [ 83.528581][ T8471] ? tty_ldisc_open+0x9b/0x110 [ 83.533538][ T8471] ? tty_ldisc_setup+0x43/0x100 [ 83.538525][ T8471] ? tty_init_dev.part.0+0x1f4/0x610 [ 83.543922][ T8471] ? tty_init_dev+0x5b/0x80 [ 83.548465][ T8471] ? ptmx_open+0x112/0x360 [ 83.552982][ T8471] ? chrdev_open+0x266/0x770 [ 83.557591][ T8471] ? do_dentry_open+0x4c8/0x11d0 [ 83.562517][ T8471] ? path_openat+0x1c23/0x27f0 [ 83.567303][ T8471] ? do_filp_open+0x1aa/0x400 [ 83.572057][ T8471] ? do_sys_openat2+0x16d/0x420 [ 83.576896][ T8471] ? __x64_sys_openat+0x13f/0x1f0 [ 83.581919][ T8471] ? do_syscall_64+0x35/0xb0 [ 83.587282][ T8471] ? preempt_count_add+0x74/0x140 [ 83.592429][ T8471] __set_page_owner+0x50/0x290 [ 83.597541][ T8471] ? post_alloc_hook+0x145/0x1e0 [ 83.602908][ T8471] __alloc_pages_bulk+0x8b9/0x1870 [ 83.608356][ T8471] ? __alloc_pages+0x500/0x500 [ 83.614164][ T8471] ? rcu_read_lock_sched_held+0x3a/0x70 [ 83.619902][ T8471] ? trace_kmalloc_node+0x32/0x100 [ 83.625570][ T8471] __vmalloc_node_range+0x39d/0x960 [ 83.631188][ T8471] ? vfree_atomic+0xe0/0xe0 [ 83.635706][ T8471] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 83.641611][ T8471] ? __ldsem_down_read_nested+0x850/0x850 [ 83.647412][ T8471] ? __wake_up_common+0x650/0x650 [ 83.652944][ T8471] ? n_tty_open+0x16/0x170 [ 83.657467][ T8471] vzalloc+0x67/0x80 [ 83.661746][ T8471] ? n_tty_open+0x16/0x170 [ 83.666182][ T8471] n_tty_open+0x16/0x170 [ 83.670429][ T8471] ? n_tty_set_termios+0x1010/0x1010 [ 83.675736][ T8471] tty_ldisc_open+0x9b/0x110 [ 83.680511][ T8471] tty_ldisc_setup+0x43/0x100 [ 83.685189][ T8471] tty_init_dev.part.0+0x1f4/0x610 [ 83.690414][ T8471] ? pty_unix98_compat_ioctl+0x50/0x50 [ 83.695986][ T8471] tty_init_dev+0x5b/0x80 [ 83.703314][ T8471] ptmx_open+0x112/0x360 [ 83.707575][ T8471] ? pty_unix98_compat_ioctl+0x50/0x50 [ 83.713146][ T8471] chrdev_open+0x266/0x770 [ 83.717837][ T8471] ? cdev_device_add+0x210/0x210 [ 83.722851][ T8471] ? security_file_open+0x205/0x4f0 [ 83.728144][ T8471] do_dentry_open+0x4c8/0x11d0 [ 83.733254][ T8471] ? cdev_device_add+0x210/0x210 [ 83.738402][ T8471] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 83.744906][ T8471] ? may_open+0x1f6/0x420 [ 83.749334][ T8471] path_openat+0x1c23/0x27f0 [ 83.754111][ T8471] ? path_lookupat+0x860/0x860 [ 83.759112][ T8471] ? mark_lock+0xef/0x17b0 [ 83.763553][ T8471] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 83.769551][ T8471] do_filp_open+0x1aa/0x400 [ 83.774065][ T8471] ? may_open_dev+0xf0/0xf0 [ 83.778848][ T8471] ? rwlock_bug.part.0+0x90/0x90 [ 83.783803][ T8471] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 83.790070][ T8471] ? _find_next_bit+0x1e3/0x260 [ 83.795098][ T8471] ? _raw_spin_unlock+0x24/0x40 [ 83.800128][ T8471] ? alloc_fd+0x2f0/0x670 [ 83.804461][ T8471] do_sys_openat2+0x16d/0x420 [ 83.809572][ T8471] ? build_open_flags+0x6f0/0x6f0 [ 83.814585][ T8471] ? __context_tracking_exit+0xb8/0xe0 [ 83.820282][ T8471] ? lock_downgrade+0x6e0/0x6e0 [ 83.825223][ T8471] __x64_sys_openat+0x13f/0x1f0 [ 83.830742][ T8471] ? __ia32_sys_open+0x1c0/0x1c0 [ 83.836073][ T8471] ? syscall_enter_from_user_mode+0x21/0x70 [ 83.842417][ T8471] do_syscall_64+0x35/0xb0 [ 83.846936][ T8471] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 83.853177][ T8471] RIP: 0033:0x4af20a [ 83.857424][ T8471] Code: e8 3b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 83.878162][ T8471] RSP: 002b:000000c00030b3f8 EFLAGS: 00000216 ORIG_RAX: 0000000000000101 [ 83.886942][ T8471] RAX: ffffffffffffffda RBX: 000000c00001c000 RCX: 00000000004af20a [ 83.895492][ T8471] RDX: 0000000000000000 RSI: 000000c0001778c0 RDI: ffffffffffffff9c [ 83.904430][ T8471] RBP: 000000c00030b470 R08: 0000000000000000 R09: 0000000000000000 [ 83.912512][ T8471] R10: 0000000000000000 R11: 0000000000000216 R12: 000000000000018d [ 83.921508][ T8471] R13: 000000000000018c R14: 0000000000000200 R15: 000000c0004ad0e0 [ 83.982367][ T8471] can: request_module (can-proto-0) failed. [ 83.996963][ T8471] can: request_module (can-proto-0) failed. [ 84.011071][ T8471] can: request_module (can-proto-0) failed. [ 84.201477][ T8471] base_sock_release(ffff888039290fc0) sk=ffff888037ef0000